cobaltstrike | f19a781085029a2e0a424af37c8c34e52b7c72071a68ccf26be80a85335ec294

Analysis

max time kernel
89s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
27-12-2024 02:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b64e424cf8691ca65cd70efba4e420a6
SHA1

fd05cf9299809e2e79ef32ad4891be8f789c6289
SHA256

f19a781085029a2e0a424af37c8c34e52b7c72071a68ccf26be80a85335ec294
SHA512

f709b218ff53e7f6241d81fc21b260e42fc61038375293b4517fb35e26a5d31ad6cf93592f456ce78ea5bcabefb2f88d80e71c2765b6f5f313d59641b5b9d417
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU+:T+q56utgpPF8u/7+

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-6.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ca-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186d9-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018710-22.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018766-32.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018780-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b62-51.dat	cobalt_reflective_dll
behavioral1/files/0x0035000000017530-46.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-111.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-90.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001933b-69.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018bf3-62.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/1744-0-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-6.dat	xmrig
behavioral1/files/0x00070000000186ca-11.dat	xmrig
behavioral1/files/0x00070000000186d9-12.dat	xmrig
behavioral1/memory/672-20-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/3004-21-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2332-19-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018710-22.dat	xmrig
behavioral1/files/0x0006000000018766-32.dat	xmrig
behavioral1/memory/2840-35-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x0006000000018780-36.dat	xmrig
behavioral1/memory/2844-28-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2772-40-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/1744-50-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b62-51.dat	xmrig
behavioral1/memory/2664-49-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x0035000000017530-46.dat	xmrig
behavioral1/files/0x000500000001960c-75.dat	xmrig
behavioral1/memory/2288-70-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001961c-85.dat	xmrig
behavioral1/files/0x0005000000019667-97.dat	xmrig
behavioral1/files/0x0005000000019cba-135.dat	xmrig
behavioral1/files/0x000500000001a41b-188.dat	xmrig
behavioral1/memory/2288-371-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/1744-282-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a307-178.dat	xmrig
behavioral1/files/0x000500000001a359-183.dat	xmrig
behavioral1/files/0x000500000001a07e-171.dat	xmrig
behavioral1/files/0x000500000001a09e-175.dat	xmrig
behavioral1/files/0x0005000000019f94-162.dat	xmrig
behavioral1/files/0x000500000001a075-165.dat	xmrig
behavioral1/files/0x0005000000019f8a-156.dat	xmrig
behavioral1/files/0x0005000000019dbf-151.dat	xmrig
behavioral1/files/0x0005000000019cca-141.dat	xmrig
behavioral1/files/0x0005000000019d8e-147.dat	xmrig
behavioral1/files/0x0005000000019c57-131.dat	xmrig
behavioral1/files/0x0005000000019c3e-126.dat	xmrig
behavioral1/files/0x0005000000019c3c-122.dat	xmrig
behavioral1/files/0x0005000000019c34-116.dat	xmrig
behavioral1/files/0x0005000000019926-111.dat	xmrig
behavioral1/files/0x00050000000196a1-105.dat	xmrig
behavioral1/memory/956-101-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/1320-94-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/files/0x000500000001961e-90.dat	xmrig
behavioral1/memory/924-87-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2772-84-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/996-82-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/files/0x000700000001933b-69.dat	xmrig
behavioral1/memory/1744-67-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2660-65-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2412-58-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/files/0x0009000000018bf3-62.dat	xmrig
behavioral1/memory/2844-3949-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2332-4009-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/924-4014-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2288-4013-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2412-4015-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/956-4012-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/672-4011-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/996-4010-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2772-4017-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2664-4008-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2660-4007-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
672	ooNeZlU.exe
3004	dSiOXjV.exe
2332	oQTbJSd.exe
2844	VwuLoAu.exe
2840	nDeCPfe.exe
2772	JKkbgVB.exe
2664	RtPSzIz.exe
2412	kmBgIxp.exe
2660	RerMRwH.exe
2288	DFzLTAP.exe
996	spqfmQM.exe
924	vwlQitV.exe
1320	SxZlMfJ.exe
956	vrUZruc.exe
2968	KxZYGeL.exe
1112	VOdYJqA.exe
448	OTOWvON.exe
908	AbsWNEg.exe
2936	DjkTshT.exe
2980	nsOcWHB.exe
2204	wRGBcXT.exe
2524	htpxAer.exe
2008	sVEBefS.exe
2016	maObjHM.exe
1784	XXPexWx.exe
2092	rjqjTwX.exe
1984	tappDDj.exe
2228	lkAXPap.exe
2124	PWFOsga.exe
904	pfTZinv.exe
2404	ChExTMi.exe
1648	OPltmtx.exe
2508	kWqhxsJ.exe
352	iNpDDzj.exe
696	srfAXPE.exe
2464	xuwTcAt.exe
2300	Xjpgzut.exe
2588	tYItPDp.exe
544	LNkxvbT.exe
1896	cJFRyJF.exe
1708	qPNhzCK.exe
1760	KHBiqMF.exe
2456	iXRBMmh.exe
1840	QSwepwo.exe
1600	IquoWRj.exe
1924	txBcwzT.exe
1768	yWkfhyF.exe
948	iTSxiwn.exe
1952	NkQwJqw.exe
2720	gYvDJTU.exe
620	SfHCWsH.exe
884	vVJaHZY.exe
1704	dgtPtAr.exe
1592	iykEuLL.exe
2304	ujaElvT.exe
2896	EHINCny.exe
2888	aMODSdm.exe
3060	iIqxwrR.exe
600	EdUfvGi.exe
2268	CUhNNaF.exe
1716	MdJrjbh.exe
1796	XcOcMik.exe
2836	PoFUUJd.exe
2444	MtagrTD.exe

Loads dropped DLL 64 IoCs

pid	Process
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1744-0-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-6.dat	upx
behavioral1/files/0x00070000000186ca-11.dat	upx
behavioral1/files/0x00070000000186d9-12.dat	upx
behavioral1/memory/672-20-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/3004-21-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2332-19-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/files/0x0007000000018710-22.dat	upx
behavioral1/files/0x0006000000018766-32.dat	upx
behavioral1/memory/2840-35-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x0006000000018780-36.dat	upx
behavioral1/memory/2844-28-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2772-40-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/1744-50-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/files/0x0007000000018b62-51.dat	upx
behavioral1/memory/2664-49-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x0035000000017530-46.dat	upx
behavioral1/files/0x000500000001960c-75.dat	upx
behavioral1/memory/2288-70-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x000500000001961c-85.dat	upx
behavioral1/files/0x0005000000019667-97.dat	upx
behavioral1/files/0x0005000000019cba-135.dat	upx
behavioral1/files/0x000500000001a41b-188.dat	upx
behavioral1/memory/2288-371-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x000500000001a307-178.dat	upx
behavioral1/files/0x000500000001a359-183.dat	upx
behavioral1/files/0x000500000001a07e-171.dat	upx
behavioral1/files/0x000500000001a09e-175.dat	upx
behavioral1/files/0x0005000000019f94-162.dat	upx
behavioral1/files/0x000500000001a075-165.dat	upx
behavioral1/files/0x0005000000019f8a-156.dat	upx
behavioral1/files/0x0005000000019dbf-151.dat	upx
behavioral1/files/0x0005000000019cca-141.dat	upx
behavioral1/files/0x0005000000019d8e-147.dat	upx
behavioral1/files/0x0005000000019c57-131.dat	upx
behavioral1/files/0x0005000000019c3e-126.dat	upx
behavioral1/files/0x0005000000019c3c-122.dat	upx
behavioral1/files/0x0005000000019c34-116.dat	upx
behavioral1/files/0x0005000000019926-111.dat	upx
behavioral1/files/0x00050000000196a1-105.dat	upx
behavioral1/memory/956-101-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/1320-94-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/files/0x000500000001961e-90.dat	upx
behavioral1/memory/924-87-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2772-84-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/996-82-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/files/0x000700000001933b-69.dat	upx
behavioral1/memory/2660-65-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2412-58-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/files/0x0009000000018bf3-62.dat	upx
behavioral1/memory/2844-3949-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2332-4009-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/924-4014-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2288-4013-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2412-4015-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/956-4012-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/672-4011-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/996-4010-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2772-4017-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2664-4008-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2660-4007-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\iTSxiwn.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NkQwJqw.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bunbikG.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecbvUib.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CdSxzve.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jPYcZOZ.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yIthEJh.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JNoeSZm.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RkcDGcz.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qekkNgY.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLIHUqi.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CdRAUjS.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OwGEaif.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rUrBqLE.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lviHBjj.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tfUYyQP.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pkVNoxy.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vSYjqqs.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QhZbkzX.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lesdGWy.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpvMWSO.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TGvNpTB.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\juJJDrZ.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVkQfmO.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CsoDaOx.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDPicdn.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tiSTzOI.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dGSdfkQ.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iXRBMmh.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nKmnIoi.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzLqIjz.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mtYECah.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QzLCcar.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nxUaybX.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WChJAVE.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GyuOsKA.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwRNynJ.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvIgUUI.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iicCDUI.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KzRJEfs.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aNuJeUW.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJiYXbN.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igieARC.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\APEcWAj.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nlQcwZq.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\crzadCF.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NJZCRpM.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FRIXnjW.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLLgadJ.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sxgLnRk.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDqUmPJ.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ivGSXVs.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fvbulLh.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qjKZnzz.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TVnusHG.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LCEleiz.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rlLJblw.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pkpaXHB.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mtgqJSH.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHMePFd.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RgEumuY.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tlzrayV.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mzzubqs.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mpZwqIR.exe	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 672	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1744 wrote to memory of 672	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1744 wrote to memory of 672	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1744 wrote to memory of 3004	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1744 wrote to memory of 3004	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1744 wrote to memory of 3004	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1744 wrote to memory of 2332	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1744 wrote to memory of 2332	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1744 wrote to memory of 2332	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1744 wrote to memory of 2844	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1744 wrote to memory of 2844	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1744 wrote to memory of 2844	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1744 wrote to memory of 2840	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1744 wrote to memory of 2840	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1744 wrote to memory of 2840	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1744 wrote to memory of 2772	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1744 wrote to memory of 2772	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1744 wrote to memory of 2772	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1744 wrote to memory of 2664	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1744 wrote to memory of 2664	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1744 wrote to memory of 2664	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1744 wrote to memory of 2412	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1744 wrote to memory of 2412	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1744 wrote to memory of 2412	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1744 wrote to memory of 2660	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1744 wrote to memory of 2660	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1744 wrote to memory of 2660	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1744 wrote to memory of 2288	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1744 wrote to memory of 2288	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1744 wrote to memory of 2288	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1744 wrote to memory of 996	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1744 wrote to memory of 996	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1744 wrote to memory of 996	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1744 wrote to memory of 924	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1744 wrote to memory of 924	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1744 wrote to memory of 924	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1744 wrote to memory of 1320	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1744 wrote to memory of 1320	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1744 wrote to memory of 1320	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1744 wrote to memory of 956	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1744 wrote to memory of 956	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1744 wrote to memory of 956	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1744 wrote to memory of 2968	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1744 wrote to memory of 2968	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1744 wrote to memory of 2968	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1744 wrote to memory of 1112	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1744 wrote to memory of 1112	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1744 wrote to memory of 1112	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1744 wrote to memory of 448	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1744 wrote to memory of 448	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1744 wrote to memory of 448	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1744 wrote to memory of 908	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1744 wrote to memory of 908	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1744 wrote to memory of 908	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1744 wrote to memory of 2936	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1744 wrote to memory of 2936	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1744 wrote to memory of 2936	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1744 wrote to memory of 2980	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1744 wrote to memory of 2980	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1744 wrote to memory of 2980	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1744 wrote to memory of 2204	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1744 wrote to memory of 2204	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1744 wrote to memory of 2204	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1744 wrote to memory of 2524	1744	2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-27_b64e424cf8691ca65cd70efba4e420a6_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Windows\System\ooNeZlU.exe
  C:\Windows\System\ooNeZlU.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\dSiOXjV.exe
  C:\Windows\System\dSiOXjV.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\oQTbJSd.exe
  C:\Windows\System\oQTbJSd.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\VwuLoAu.exe
  C:\Windows\System\VwuLoAu.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\nDeCPfe.exe
  C:\Windows\System\nDeCPfe.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\JKkbgVB.exe
  C:\Windows\System\JKkbgVB.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\RtPSzIz.exe
  C:\Windows\System\RtPSzIz.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\kmBgIxp.exe
  C:\Windows\System\kmBgIxp.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\RerMRwH.exe
  C:\Windows\System\RerMRwH.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\DFzLTAP.exe
  C:\Windows\System\DFzLTAP.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\spqfmQM.exe
  C:\Windows\System\spqfmQM.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\vwlQitV.exe
  C:\Windows\System\vwlQitV.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\SxZlMfJ.exe
  C:\Windows\System\SxZlMfJ.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\vrUZruc.exe
  C:\Windows\System\vrUZruc.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\KxZYGeL.exe
  C:\Windows\System\KxZYGeL.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\VOdYJqA.exe
  C:\Windows\System\VOdYJqA.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\OTOWvON.exe
  C:\Windows\System\OTOWvON.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\AbsWNEg.exe
  C:\Windows\System\AbsWNEg.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\DjkTshT.exe
  C:\Windows\System\DjkTshT.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\nsOcWHB.exe
  C:\Windows\System\nsOcWHB.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\wRGBcXT.exe
  C:\Windows\System\wRGBcXT.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\htpxAer.exe
  C:\Windows\System\htpxAer.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\sVEBefS.exe
  C:\Windows\System\sVEBefS.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\maObjHM.exe
  C:\Windows\System\maObjHM.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\XXPexWx.exe
  C:\Windows\System\XXPexWx.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\rjqjTwX.exe
  C:\Windows\System\rjqjTwX.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\tappDDj.exe
  C:\Windows\System\tappDDj.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\lkAXPap.exe
  C:\Windows\System\lkAXPap.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\PWFOsga.exe
  C:\Windows\System\PWFOsga.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\ChExTMi.exe
  C:\Windows\System\ChExTMi.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\pfTZinv.exe
  C:\Windows\System\pfTZinv.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\OPltmtx.exe
  C:\Windows\System\OPltmtx.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\kWqhxsJ.exe
  C:\Windows\System\kWqhxsJ.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\iNpDDzj.exe
  C:\Windows\System\iNpDDzj.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\srfAXPE.exe
  C:\Windows\System\srfAXPE.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\xuwTcAt.exe
  C:\Windows\System\xuwTcAt.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\Xjpgzut.exe
  C:\Windows\System\Xjpgzut.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\tYItPDp.exe
  C:\Windows\System\tYItPDp.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\LNkxvbT.exe
  C:\Windows\System\LNkxvbT.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\cJFRyJF.exe
  C:\Windows\System\cJFRyJF.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\qPNhzCK.exe
  C:\Windows\System\qPNhzCK.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\KHBiqMF.exe
  C:\Windows\System\KHBiqMF.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\iXRBMmh.exe
  C:\Windows\System\iXRBMmh.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\txBcwzT.exe
  C:\Windows\System\txBcwzT.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\QSwepwo.exe
  C:\Windows\System\QSwepwo.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\iTSxiwn.exe
  C:\Windows\System\iTSxiwn.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\IquoWRj.exe
  C:\Windows\System\IquoWRj.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\gYvDJTU.exe
  C:\Windows\System\gYvDJTU.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\yWkfhyF.exe
  C:\Windows\System\yWkfhyF.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\SfHCWsH.exe
  C:\Windows\System\SfHCWsH.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\NkQwJqw.exe
  C:\Windows\System\NkQwJqw.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\dgtPtAr.exe
  C:\Windows\System\dgtPtAr.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\vVJaHZY.exe
  C:\Windows\System\vVJaHZY.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\iIqxwrR.exe
  C:\Windows\System\iIqxwrR.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\iykEuLL.exe
  C:\Windows\System\iykEuLL.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\MdJrjbh.exe
  C:\Windows\System\MdJrjbh.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\ujaElvT.exe
  C:\Windows\System\ujaElvT.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\XcOcMik.exe
  C:\Windows\System\XcOcMik.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\EHINCny.exe
  C:\Windows\System\EHINCny.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\MtagrTD.exe
  C:\Windows\System\MtagrTD.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\aMODSdm.exe
  C:\Windows\System\aMODSdm.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\Yrebhgq.exe
  C:\Windows\System\Yrebhgq.exe
  2⤵
  PID:2704
- C:\Windows\System\EdUfvGi.exe
  C:\Windows\System\EdUfvGi.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\DqSWVur.exe
  C:\Windows\System\DqSWVur.exe
  2⤵
  PID:2052
- C:\Windows\System\CUhNNaF.exe
  C:\Windows\System\CUhNNaF.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\KPsPOjM.exe
  C:\Windows\System\KPsPOjM.exe
  2⤵
  PID:2340
- C:\Windows\System\PoFUUJd.exe
  C:\Windows\System\PoFUUJd.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\MYcgHhi.exe
  C:\Windows\System\MYcgHhi.exe
  2⤵
  PID:2816
- C:\Windows\System\KMaZXIm.exe
  C:\Windows\System\KMaZXIm.exe
  2⤵
  PID:2568
- C:\Windows\System\olfEBZj.exe
  C:\Windows\System\olfEBZj.exe
  2⤵
  PID:2004
- C:\Windows\System\fvbulLh.exe
  C:\Windows\System\fvbulLh.exe
  2⤵
  PID:3044
- C:\Windows\System\SfqrnvO.exe
  C:\Windows\System\SfqrnvO.exe
  2⤵
  PID:2264
- C:\Windows\System\komwKqF.exe
  C:\Windows\System\komwKqF.exe
  2⤵
  PID:2056
- C:\Windows\System\ZXKeWGI.exe
  C:\Windows\System\ZXKeWGI.exe
  2⤵
  PID:2284
- C:\Windows\System\GyuOsKA.exe
  C:\Windows\System\GyuOsKA.exe
  2⤵
  PID:400
- C:\Windows\System\dZLBkGv.exe
  C:\Windows\System\dZLBkGv.exe
  2⤵
  PID:1636
- C:\Windows\System\iZdUFGx.exe
  C:\Windows\System\iZdUFGx.exe
  2⤵
  PID:2172
- C:\Windows\System\tLIHUqi.exe
  C:\Windows\System\tLIHUqi.exe
  2⤵
  PID:1684
- C:\Windows\System\WnuLLYg.exe
  C:\Windows\System\WnuLLYg.exe
  2⤵
  PID:1052
- C:\Windows\System\fxnWdWM.exe
  C:\Windows\System\fxnWdWM.exe
  2⤵
  PID:936
- C:\Windows\System\vnxoDFS.exe
  C:\Windows\System\vnxoDFS.exe
  2⤵
  PID:796
- C:\Windows\System\pqegkeP.exe
  C:\Windows\System\pqegkeP.exe
  2⤵
  PID:576
- C:\Windows\System\gggPvyp.exe
  C:\Windows\System\gggPvyp.exe
  2⤵
  PID:2308
- C:\Windows\System\UyFtIxy.exe
  C:\Windows\System\UyFtIxy.exe
  2⤵
  PID:1672
- C:\Windows\System\OMQPLsi.exe
  C:\Windows\System\OMQPLsi.exe
  2⤵
  PID:2112
- C:\Windows\System\sdstOcA.exe
  C:\Windows\System\sdstOcA.exe
  2⤵
  PID:1832
- C:\Windows\System\fAsRhmU.exe
  C:\Windows\System\fAsRhmU.exe
  2⤵
  PID:2668
- C:\Windows\System\FaniTXZ.exe
  C:\Windows\System\FaniTXZ.exe
  2⤵
  PID:1932
- C:\Windows\System\KJuWzcX.exe
  C:\Windows\System\KJuWzcX.exe
  2⤵
  PID:1780
- C:\Windows\System\CdRAUjS.exe
  C:\Windows\System\CdRAUjS.exe
  2⤵
  PID:888
- C:\Windows\System\kPyKHgl.exe
  C:\Windows\System\kPyKHgl.exe
  2⤵
  PID:2784
- C:\Windows\System\YSWHrjk.exe
  C:\Windows\System\YSWHrjk.exe
  2⤵
  PID:2972
- C:\Windows\System\LRperZa.exe
  C:\Windows\System\LRperZa.exe
  2⤵
  PID:1100
- C:\Windows\System\hfpydoM.exe
  C:\Windows\System\hfpydoM.exe
  2⤵
  PID:2644
- C:\Windows\System\ySDibXD.exe
  C:\Windows\System\ySDibXD.exe
  2⤵
  PID:2384
- C:\Windows\System\UdlXquf.exe
  C:\Windows\System\UdlXquf.exe
  2⤵
  PID:2868
- C:\Windows\System\rUPHMNv.exe
  C:\Windows\System\rUPHMNv.exe
  2⤵
  PID:3024
- C:\Windows\System\CaZwhAA.exe
  C:\Windows\System\CaZwhAA.exe
  2⤵
  PID:964
- C:\Windows\System\aHmZiOC.exe
  C:\Windows\System\aHmZiOC.exe
  2⤵
  PID:560
- C:\Windows\System\jJuHuge.exe
  C:\Windows\System\jJuHuge.exe
  2⤵
  PID:640
- C:\Windows\System\PpkoBNZ.exe
  C:\Windows\System\PpkoBNZ.exe
  2⤵
  PID:2116
- C:\Windows\System\utINTOB.exe
  C:\Windows\System\utINTOB.exe
  2⤵
  PID:592
- C:\Windows\System\BknbWok.exe
  C:\Windows\System\BknbWok.exe
  2⤵
  PID:1940
- C:\Windows\System\RaobFAp.exe
  C:\Windows\System\RaobFAp.exe
  2⤵
  PID:1836
- C:\Windows\System\JRuahRf.exe
  C:\Windows\System\JRuahRf.exe
  2⤵
  PID:1104
- C:\Windows\System\BLfLDQX.exe
  C:\Windows\System\BLfLDQX.exe
  2⤵
  PID:2276
- C:\Windows\System\YBRqcyB.exe
  C:\Windows\System\YBRqcyB.exe
  2⤵
  PID:1624
- C:\Windows\System\jHOyTag.exe
  C:\Windows\System\jHOyTag.exe
  2⤵
  PID:2776
- C:\Windows\System\HWiZqAB.exe
  C:\Windows\System\HWiZqAB.exe
  2⤵
  PID:3080
- C:\Windows\System\EgBzoGA.exe
  C:\Windows\System\EgBzoGA.exe
  2⤵
  PID:3104
- C:\Windows\System\OeaaGDp.exe
  C:\Windows\System\OeaaGDp.exe
  2⤵
  PID:3120
- C:\Windows\System\fmozqnQ.exe
  C:\Windows\System\fmozqnQ.exe
  2⤵
  PID:3144
- C:\Windows\System\ZRjgoEP.exe
  C:\Windows\System\ZRjgoEP.exe
  2⤵
  PID:3164
- C:\Windows\System\KOWkVnY.exe
  C:\Windows\System\KOWkVnY.exe
  2⤵
  PID:3184
- C:\Windows\System\ZANQXoo.exe
  C:\Windows\System\ZANQXoo.exe
  2⤵
  PID:3204
- C:\Windows\System\FJZDWJG.exe
  C:\Windows\System\FJZDWJG.exe
  2⤵
  PID:3220
- C:\Windows\System\lieOxdk.exe
  C:\Windows\System\lieOxdk.exe
  2⤵
  PID:3244
- C:\Windows\System\mORIlBM.exe
  C:\Windows\System\mORIlBM.exe
  2⤵
  PID:3264
- C:\Windows\System\JSXBaXZ.exe
  C:\Windows\System\JSXBaXZ.exe
  2⤵
  PID:3280
- C:\Windows\System\xdgqDoB.exe
  C:\Windows\System\xdgqDoB.exe
  2⤵
  PID:3304
- C:\Windows\System\tiPVkqI.exe
  C:\Windows\System\tiPVkqI.exe
  2⤵
  PID:3320
- C:\Windows\System\jsdMDcL.exe
  C:\Windows\System\jsdMDcL.exe
  2⤵
  PID:3344
- C:\Windows\System\IxQAsqr.exe
  C:\Windows\System\IxQAsqr.exe
  2⤵
  PID:3360
- C:\Windows\System\jcCJTWN.exe
  C:\Windows\System\jcCJTWN.exe
  2⤵
  PID:3380
- C:\Windows\System\hTwbpzs.exe
  C:\Windows\System\hTwbpzs.exe
  2⤵
  PID:3404
- C:\Windows\System\vFZxwtI.exe
  C:\Windows\System\vFZxwtI.exe
  2⤵
  PID:3420
- C:\Windows\System\HOwQLbn.exe
  C:\Windows\System\HOwQLbn.exe
  2⤵
  PID:3436
- C:\Windows\System\OFyveRG.exe
  C:\Windows\System\OFyveRG.exe
  2⤵
  PID:3452
- C:\Windows\System\TIaLyZg.exe
  C:\Windows\System\TIaLyZg.exe
  2⤵
  PID:3476
- C:\Windows\System\AfwRfWv.exe
  C:\Windows\System\AfwRfWv.exe
  2⤵
  PID:3492
- C:\Windows\System\YLCZXou.exe
  C:\Windows\System\YLCZXou.exe
  2⤵
  PID:3512
- C:\Windows\System\cdTngVQ.exe
  C:\Windows\System\cdTngVQ.exe
  2⤵
  PID:3540
- C:\Windows\System\qcAXimr.exe
  C:\Windows\System\qcAXimr.exe
  2⤵
  PID:3556
- C:\Windows\System\mpTUwoo.exe
  C:\Windows\System\mpTUwoo.exe
  2⤵
  PID:3584
- C:\Windows\System\hqQUdhR.exe
  C:\Windows\System\hqQUdhR.exe
  2⤵
  PID:3608
- C:\Windows\System\qwPlhbs.exe
  C:\Windows\System\qwPlhbs.exe
  2⤵
  PID:3628
- C:\Windows\System\yaFvlPB.exe
  C:\Windows\System\yaFvlPB.exe
  2⤵
  PID:3648
- C:\Windows\System\kZjWtUS.exe
  C:\Windows\System\kZjWtUS.exe
  2⤵
  PID:3668
- C:\Windows\System\hShNKRB.exe
  C:\Windows\System\hShNKRB.exe
  2⤵
  PID:3684
- C:\Windows\System\OfaYYPL.exe
  C:\Windows\System\OfaYYPL.exe
  2⤵
  PID:3708
- C:\Windows\System\bJZjvXh.exe
  C:\Windows\System\bJZjvXh.exe
  2⤵
  PID:3724
- C:\Windows\System\vNCSzRy.exe
  C:\Windows\System\vNCSzRy.exe
  2⤵
  PID:3748
- C:\Windows\System\narEaZi.exe
  C:\Windows\System\narEaZi.exe
  2⤵
  PID:3764
- C:\Windows\System\QwQEUco.exe
  C:\Windows\System\QwQEUco.exe
  2⤵
  PID:3788
- C:\Windows\System\MImIpMl.exe
  C:\Windows\System\MImIpMl.exe
  2⤵
  PID:3804
- C:\Windows\System\YSLSDBj.exe
  C:\Windows\System\YSLSDBj.exe
  2⤵
  PID:3828
- C:\Windows\System\PorDxpc.exe
  C:\Windows\System\PorDxpc.exe
  2⤵
  PID:3848
- C:\Windows\System\mFZNMxC.exe
  C:\Windows\System\mFZNMxC.exe
  2⤵
  PID:3868
- C:\Windows\System\xCFqHjO.exe
  C:\Windows\System\xCFqHjO.exe
  2⤵
  PID:3888
- C:\Windows\System\OtvzlCF.exe
  C:\Windows\System\OtvzlCF.exe
  2⤵
  PID:3904
- C:\Windows\System\GdtPyUx.exe
  C:\Windows\System\GdtPyUx.exe
  2⤵
  PID:3920
- C:\Windows\System\JpbSrYD.exe
  C:\Windows\System\JpbSrYD.exe
  2⤵
  PID:3940
- C:\Windows\System\FVWQTss.exe
  C:\Windows\System\FVWQTss.exe
  2⤵
  PID:3956
- C:\Windows\System\Dbnqxkl.exe
  C:\Windows\System\Dbnqxkl.exe
  2⤵
  PID:3976
- C:\Windows\System\YCaXyBL.exe
  C:\Windows\System\YCaXyBL.exe
  2⤵
  PID:3992
- C:\Windows\System\WxpqQQt.exe
  C:\Windows\System\WxpqQQt.exe
  2⤵
  PID:4012
- C:\Windows\System\FEUCJHm.exe
  C:\Windows\System\FEUCJHm.exe
  2⤵
  PID:4028
- C:\Windows\System\wCnZhPF.exe
  C:\Windows\System\wCnZhPF.exe
  2⤵
  PID:4052
- C:\Windows\System\CdPqqTu.exe
  C:\Windows\System\CdPqqTu.exe
  2⤵
  PID:4072
- C:\Windows\System\DCgBZUv.exe
  C:\Windows\System\DCgBZUv.exe
  2⤵
  PID:4088
- C:\Windows\System\uvIgUUI.exe
  C:\Windows\System\uvIgUUI.exe
  2⤵
  PID:2408
- C:\Windows\System\viLxmzG.exe
  C:\Windows\System\viLxmzG.exe
  2⤵
  PID:2472
- C:\Windows\System\txxipeN.exe
  C:\Windows\System\txxipeN.exe
  2⤵
  PID:2312
- C:\Windows\System\kkaIarm.exe
  C:\Windows\System\kkaIarm.exe
  2⤵
  PID:2780
- C:\Windows\System\EzRVHmK.exe
  C:\Windows\System\EzRVHmK.exe
  2⤵
  PID:3008
- C:\Windows\System\CpQUdEX.exe
  C:\Windows\System\CpQUdEX.exe
  2⤵
  PID:2260
- C:\Windows\System\XjSuCoc.exe
  C:\Windows\System\XjSuCoc.exe
  2⤵
  PID:588
- C:\Windows\System\cqalDFZ.exe
  C:\Windows\System\cqalDFZ.exe
  2⤵
  PID:2596
- C:\Windows\System\icgOdXH.exe
  C:\Windows\System\icgOdXH.exe
  2⤵
  PID:1804
- C:\Windows\System\ZarBQFW.exe
  C:\Windows\System\ZarBQFW.exe
  2⤵
  PID:836
- C:\Windows\System\IXwjTEK.exe
  C:\Windows\System\IXwjTEK.exe
  2⤵
  PID:1688
- C:\Windows\System\cGHarcc.exe
  C:\Windows\System\cGHarcc.exe
  2⤵
  PID:3128
- C:\Windows\System\HeesLaM.exe
  C:\Windows\System\HeesLaM.exe
  2⤵
  PID:3076
- C:\Windows\System\mWFUDKg.exe
  C:\Windows\System\mWFUDKg.exe
  2⤵
  PID:3172
- C:\Windows\System\FYMOvjh.exe
  C:\Windows\System\FYMOvjh.exe
  2⤵
  PID:3216
- C:\Windows\System\IqrHrfZ.exe
  C:\Windows\System\IqrHrfZ.exe
  2⤵
  PID:3296
- C:\Windows\System\QcAnJKQ.exe
  C:\Windows\System\QcAnJKQ.exe
  2⤵
  PID:3160
- C:\Windows\System\vFEiXDi.exe
  C:\Windows\System\vFEiXDi.exe
  2⤵
  PID:3196
- C:\Windows\System\DflElrV.exe
  C:\Windows\System\DflElrV.exe
  2⤵
  PID:3240
- C:\Windows\System\oKqKYVP.exe
  C:\Windows\System\oKqKYVP.exe
  2⤵
  PID:3316
- C:\Windows\System\aRnCKSc.exe
  C:\Windows\System\aRnCKSc.exe
  2⤵
  PID:3376
- C:\Windows\System\aetFneW.exe
  C:\Windows\System\aetFneW.exe
  2⤵
  PID:3448
- C:\Windows\System\PLegzXR.exe
  C:\Windows\System\PLegzXR.exe
  2⤵
  PID:3532
- C:\Windows\System\UvlFqZt.exe
  C:\Windows\System\UvlFqZt.exe
  2⤵
  PID:3428
- C:\Windows\System\IupMoUA.exe
  C:\Windows\System\IupMoUA.exe
  2⤵
  PID:3504
- C:\Windows\System\VimraLa.exe
  C:\Windows\System\VimraLa.exe
  2⤵
  PID:3616
- C:\Windows\System\pyLLKKW.exe
  C:\Windows\System\pyLLKKW.exe
  2⤵
  PID:3660
- C:\Windows\System\yMTxZQF.exe
  C:\Windows\System\yMTxZQF.exe
  2⤵
  PID:3696
- C:\Windows\System\mpIfXiW.exe
  C:\Windows\System\mpIfXiW.exe
  2⤵
  PID:3772
- C:\Windows\System\KwZFBGU.exe
  C:\Windows\System\KwZFBGU.exe
  2⤵
  PID:3548
- C:\Windows\System\FMMzIKv.exe
  C:\Windows\System\FMMzIKv.exe
  2⤵
  PID:3552
- C:\Windows\System\znYPrqy.exe
  C:\Windows\System\znYPrqy.exe
  2⤵
  PID:3636
- C:\Windows\System\sCszdgu.exe
  C:\Windows\System\sCszdgu.exe
  2⤵
  PID:3820
- C:\Windows\System\RWwiVpT.exe
  C:\Windows\System\RWwiVpT.exe
  2⤵
  PID:3860
- C:\Windows\System\GpmfuMP.exe
  C:\Windows\System\GpmfuMP.exe
  2⤵
  PID:3936
- C:\Windows\System\bXPcXfh.exe
  C:\Windows\System\bXPcXfh.exe
  2⤵
  PID:4000
- C:\Windows\System\EvNNWZU.exe
  C:\Windows\System\EvNNWZU.exe
  2⤵
  PID:3760
- C:\Windows\System\oPIZxeU.exe
  C:\Windows\System\oPIZxeU.exe
  2⤵
  PID:3844
- C:\Windows\System\ibZBOfw.exe
  C:\Windows\System\ibZBOfw.exe
  2⤵
  PID:4048
- C:\Windows\System\jfazzgD.exe
  C:\Windows\System\jfazzgD.exe
  2⤵
  PID:1608
- C:\Windows\System\rlJnFDQ.exe
  C:\Windows\System\rlJnFDQ.exe
  2⤵
  PID:4068
- C:\Windows\System\dxDVosR.exe
  C:\Windows\System\dxDVosR.exe
  2⤵
  PID:4060
- C:\Windows\System\BorIriG.exe
  C:\Windows\System\BorIriG.exe
  2⤵
  PID:3952
- C:\Windows\System\gDVtxmm.exe
  C:\Windows\System\gDVtxmm.exe
  2⤵
  PID:2272
- C:\Windows\System\igieARC.exe
  C:\Windows\System\igieARC.exe
  2⤵
  PID:2240
- C:\Windows\System\hbYMwDZ.exe
  C:\Windows\System\hbYMwDZ.exe
  2⤵
  PID:2992
- C:\Windows\System\zPlgGpk.exe
  C:\Windows\System\zPlgGpk.exe
  2⤵
  PID:2344
- C:\Windows\System\hzruLTh.exe
  C:\Windows\System\hzruLTh.exe
  2⤵
  PID:912
- C:\Windows\System\NWWaZZv.exe
  C:\Windows\System\NWWaZZv.exe
  2⤵
  PID:1764
- C:\Windows\System\EYepxOD.exe
  C:\Windows\System\EYepxOD.exe
  2⤵
  PID:112
- C:\Windows\System\APEcWAj.exe
  C:\Windows\System\APEcWAj.exe
  2⤵
  PID:2604
- C:\Windows\System\rpyKFhd.exe
  C:\Windows\System\rpyKFhd.exe
  2⤵
  PID:2212
- C:\Windows\System\SbkImmz.exe
  C:\Windows\System\SbkImmz.exe
  2⤵
  PID:4044
- C:\Windows\System\YHfnybA.exe
  C:\Windows\System\YHfnybA.exe
  2⤵
  PID:3292
- C:\Windows\System\MmmXpJR.exe
  C:\Windows\System\MmmXpJR.exe
  2⤵
  PID:3412
- C:\Windows\System\fzuxeXK.exe
  C:\Windows\System\fzuxeXK.exe
  2⤵
  PID:3352
- C:\Windows\System\QOuYAAP.exe
  C:\Windows\System\QOuYAAP.exe
  2⤵
  PID:3396
- C:\Windows\System\RnQMGCZ.exe
  C:\Windows\System\RnQMGCZ.exe
  2⤵
  PID:3372
- C:\Windows\System\mpZwqIR.exe
  C:\Windows\System\mpZwqIR.exe
  2⤵
  PID:3468
- C:\Windows\System\xKZPOvR.exe
  C:\Windows\System\xKZPOvR.exe
  2⤵
  PID:3596
- C:\Windows\System\hSdSyeb.exe
  C:\Windows\System\hSdSyeb.exe
  2⤵
  PID:3740
- C:\Windows\System\OhBmjBU.exe
  C:\Windows\System\OhBmjBU.exe
  2⤵
  PID:3500
- C:\Windows\System\SqMkajv.exe
  C:\Windows\System\SqMkajv.exe
  2⤵
  PID:3680
- C:\Windows\System\EyWfYPD.exe
  C:\Windows\System\EyWfYPD.exe
  2⤵
  PID:3812
- C:\Windows\System\domfCWw.exe
  C:\Windows\System\domfCWw.exe
  2⤵
  PID:3900
- C:\Windows\System\WlwzXfE.exe
  C:\Windows\System\WlwzXfE.exe
  2⤵
  PID:3880
- C:\Windows\System\KPOrrnQ.exe
  C:\Windows\System\KPOrrnQ.exe
  2⤵
  PID:4040
- C:\Windows\System\lVywYBI.exe
  C:\Windows\System\lVywYBI.exe
  2⤵
  PID:2612
- C:\Windows\System\OcFtIvQ.exe
  C:\Windows\System\OcFtIvQ.exe
  2⤵
  PID:3916
- C:\Windows\System\BJZRMuD.exe
  C:\Windows\System\BJZRMuD.exe
  2⤵
  PID:2924
- C:\Windows\System\YEdkMyO.exe
  C:\Windows\System\YEdkMyO.exe
  2⤵
  PID:2944
- C:\Windows\System\cpGwtyy.exe
  C:\Windows\System\cpGwtyy.exe
  2⤵
  PID:2192
- C:\Windows\System\kECgWtR.exe
  C:\Windows\System\kECgWtR.exe
  2⤵
  PID:1752
- C:\Windows\System\eITLtzl.exe
  C:\Windows\System\eITLtzl.exe
  2⤵
  PID:2788
- C:\Windows\System\xPVkSLU.exe
  C:\Windows\System\xPVkSLU.exe
  2⤵
  PID:3336
- C:\Windows\System\dOcBqJS.exe
  C:\Windows\System\dOcBqJS.exe
  2⤵
  PID:3192
- C:\Windows\System\NINAQUT.exe
  C:\Windows\System\NINAQUT.exe
  2⤵
  PID:3392
- C:\Windows\System\sZtzAGy.exe
  C:\Windows\System\sZtzAGy.exe
  2⤵
  PID:3400
- C:\Windows\System\GLqteXk.exe
  C:\Windows\System\GLqteXk.exe
  2⤵
  PID:3036
- C:\Windows\System\nKmnIoi.exe
  C:\Windows\System\nKmnIoi.exe
  2⤵
  PID:3784
- C:\Windows\System\TFphDUL.exe
  C:\Windows\System\TFphDUL.exe
  2⤵
  PID:4112
- C:\Windows\System\zyQZpwB.exe
  C:\Windows\System\zyQZpwB.exe
  2⤵
  PID:4128
- C:\Windows\System\OqMpusL.exe
  C:\Windows\System\OqMpusL.exe
  2⤵
  PID:4148
- C:\Windows\System\HpjeQUL.exe
  C:\Windows\System\HpjeQUL.exe
  2⤵
  PID:4172
- C:\Windows\System\YolnLHN.exe
  C:\Windows\System\YolnLHN.exe
  2⤵
  PID:4192
- C:\Windows\System\aqVgXTG.exe
  C:\Windows\System\aqVgXTG.exe
  2⤵
  PID:4208
- C:\Windows\System\piKZfxg.exe
  C:\Windows\System\piKZfxg.exe
  2⤵
  PID:4228
- C:\Windows\System\NtVNhoW.exe
  C:\Windows\System\NtVNhoW.exe
  2⤵
  PID:4252
- C:\Windows\System\WYMlzxv.exe
  C:\Windows\System\WYMlzxv.exe
  2⤵
  PID:4276
- C:\Windows\System\UcCrIgz.exe
  C:\Windows\System\UcCrIgz.exe
  2⤵
  PID:4296
- C:\Windows\System\Aqxurfp.exe
  C:\Windows\System\Aqxurfp.exe
  2⤵
  PID:4316
- C:\Windows\System\MVFjQNw.exe
  C:\Windows\System\MVFjQNw.exe
  2⤵
  PID:4336
- C:\Windows\System\AiHcIxp.exe
  C:\Windows\System\AiHcIxp.exe
  2⤵
  PID:4356
- C:\Windows\System\RxOIsJL.exe
  C:\Windows\System\RxOIsJL.exe
  2⤵
  PID:4380
- C:\Windows\System\PrewslF.exe
  C:\Windows\System\PrewslF.exe
  2⤵
  PID:4400
- C:\Windows\System\FlebLcC.exe
  C:\Windows\System\FlebLcC.exe
  2⤵
  PID:4420
- C:\Windows\System\xJyIKqz.exe
  C:\Windows\System\xJyIKqz.exe
  2⤵
  PID:4440
- C:\Windows\System\yJKDSVk.exe
  C:\Windows\System\yJKDSVk.exe
  2⤵
  PID:4460
- C:\Windows\System\CvswASV.exe
  C:\Windows\System\CvswASV.exe
  2⤵
  PID:4480
- C:\Windows\System\KurrMtV.exe
  C:\Windows\System\KurrMtV.exe
  2⤵
  PID:4500
- C:\Windows\System\nlQcwZq.exe
  C:\Windows\System\nlQcwZq.exe
  2⤵
  PID:4520
- C:\Windows\System\GaRBTjp.exe
  C:\Windows\System\GaRBTjp.exe
  2⤵
  PID:4540
- C:\Windows\System\fwzrQbK.exe
  C:\Windows\System\fwzrQbK.exe
  2⤵
  PID:4560
- C:\Windows\System\eKLqhmC.exe
  C:\Windows\System\eKLqhmC.exe
  2⤵
  PID:4576
- C:\Windows\System\FKKiHeh.exe
  C:\Windows\System\FKKiHeh.exe
  2⤵
  PID:4596
- C:\Windows\System\chOBSMd.exe
  C:\Windows\System\chOBSMd.exe
  2⤵
  PID:4620
- C:\Windows\System\zaYbwzI.exe
  C:\Windows\System\zaYbwzI.exe
  2⤵
  PID:4636
- C:\Windows\System\FHldEpI.exe
  C:\Windows\System\FHldEpI.exe
  2⤵
  PID:4652
- C:\Windows\System\TuHxsAb.exe
  C:\Windows\System\TuHxsAb.exe
  2⤵
  PID:4680
- C:\Windows\System\KraEiwH.exe
  C:\Windows\System\KraEiwH.exe
  2⤵
  PID:4700
- C:\Windows\System\rIHOvlY.exe
  C:\Windows\System\rIHOvlY.exe
  2⤵
  PID:4716
- C:\Windows\System\NchduLT.exe
  C:\Windows\System\NchduLT.exe
  2⤵
  PID:4740
- C:\Windows\System\ClMjuuT.exe
  C:\Windows\System\ClMjuuT.exe
  2⤵
  PID:4756
- C:\Windows\System\KxTjvkw.exe
  C:\Windows\System\KxTjvkw.exe
  2⤵
  PID:4780
- C:\Windows\System\CJAIYpX.exe
  C:\Windows\System\CJAIYpX.exe
  2⤵
  PID:4796
- C:\Windows\System\AWbWoYe.exe
  C:\Windows\System\AWbWoYe.exe
  2⤵
  PID:4812
- C:\Windows\System\lTmbNig.exe
  C:\Windows\System\lTmbNig.exe
  2⤵
  PID:4832
- C:\Windows\System\VWXRRfd.exe
  C:\Windows\System\VWXRRfd.exe
  2⤵
  PID:4848
- C:\Windows\System\GtIBBtP.exe
  C:\Windows\System\GtIBBtP.exe
  2⤵
  PID:4868
- C:\Windows\System\GZTBZyx.exe
  C:\Windows\System\GZTBZyx.exe
  2⤵
  PID:4892
- C:\Windows\System\SQujcXx.exe
  C:\Windows\System\SQujcXx.exe
  2⤵
  PID:4912
- C:\Windows\System\FOvtuRq.exe
  C:\Windows\System\FOvtuRq.exe
  2⤵
  PID:4936
- C:\Windows\System\qXSppTw.exe
  C:\Windows\System\qXSppTw.exe
  2⤵
  PID:4956
- C:\Windows\System\TQJiblL.exe
  C:\Windows\System\TQJiblL.exe
  2⤵
  PID:4984
- C:\Windows\System\OaxnUHJ.exe
  C:\Windows\System\OaxnUHJ.exe
  2⤵
  PID:5004
- C:\Windows\System\FOQtXqL.exe
  C:\Windows\System\FOQtXqL.exe
  2⤵
  PID:5024
- C:\Windows\System\mnJQYZL.exe
  C:\Windows\System\mnJQYZL.exe
  2⤵
  PID:5040
- C:\Windows\System\zhTSeoL.exe
  C:\Windows\System\zhTSeoL.exe
  2⤵
  PID:5064
- C:\Windows\System\ENYoSMS.exe
  C:\Windows\System\ENYoSMS.exe
  2⤵
  PID:5084
- C:\Windows\System\iXLkMMj.exe
  C:\Windows\System\iXLkMMj.exe
  2⤵
  PID:5100
- C:\Windows\System\xEuBlRk.exe
  C:\Windows\System\xEuBlRk.exe
  2⤵
  PID:3664
- C:\Windows\System\yCiivXl.exe
  C:\Windows\System\yCiivXl.exe
  2⤵
  PID:4084
- C:\Windows\System\ycMeMCr.exe
  C:\Windows\System\ycMeMCr.exe
  2⤵
  PID:1512
- C:\Windows\System\hSrDpbS.exe
  C:\Windows\System\hSrDpbS.exe
  2⤵
  PID:1668
- C:\Windows\System\NCSnPAD.exe
  C:\Windows\System\NCSnPAD.exe
  2⤵
  PID:3840
- C:\Windows\System\RfJqzVL.exe
  C:\Windows\System\RfJqzVL.exe
  2⤵
  PID:4064
- C:\Windows\System\BZZUoNB.exe
  C:\Windows\System\BZZUoNB.exe
  2⤵
  PID:1016
- C:\Windows\System\WxwwZvl.exe
  C:\Windows\System\WxwwZvl.exe
  2⤵
  PID:3288
- C:\Windows\System\AnwddTD.exe
  C:\Windows\System\AnwddTD.exe
  2⤵
  PID:3236
- C:\Windows\System\GHjextL.exe
  C:\Windows\System\GHjextL.exe
  2⤵
  PID:3140
- C:\Windows\System\tWPXUYr.exe
  C:\Windows\System\tWPXUYr.exe
  2⤵
  PID:3276
- C:\Windows\System\pNKznpb.exe
  C:\Windows\System\pNKznpb.exe
  2⤵
  PID:3520
- C:\Windows\System\wLECKCZ.exe
  C:\Windows\System\wLECKCZ.exe
  2⤵
  PID:4160
- C:\Windows\System\HdrfknA.exe
  C:\Windows\System\HdrfknA.exe
  2⤵
  PID:4108
- C:\Windows\System\ZGLAnMF.exe
  C:\Windows\System\ZGLAnMF.exe
  2⤵
  PID:4236
- C:\Windows\System\gTfHXaA.exe
  C:\Windows\System\gTfHXaA.exe
  2⤵
  PID:4184
- C:\Windows\System\HARRblp.exe
  C:\Windows\System\HARRblp.exe
  2⤵
  PID:4224
- C:\Windows\System\FZMRiTu.exe
  C:\Windows\System\FZMRiTu.exe
  2⤵
  PID:4292
- C:\Windows\System\PJaEzCf.exe
  C:\Windows\System\PJaEzCf.exe
  2⤵
  PID:4272
- C:\Windows\System\VEleQux.exe
  C:\Windows\System\VEleQux.exe
  2⤵
  PID:4304
- C:\Windows\System\nlmAwDh.exe
  C:\Windows\System\nlmAwDh.exe
  2⤵
  PID:4344
- C:\Windows\System\TOAQsII.exe
  C:\Windows\System\TOAQsII.exe
  2⤵
  PID:4388
- C:\Windows\System\EyPpDNR.exe
  C:\Windows\System\EyPpDNR.exe
  2⤵
  PID:4396
- C:\Windows\System\RdVPOtz.exe
  C:\Windows\System\RdVPOtz.exe
  2⤵
  PID:4452
- C:\Windows\System\cKylQFc.exe
  C:\Windows\System\cKylQFc.exe
  2⤵
  PID:4528
- C:\Windows\System\VjIfeRC.exe
  C:\Windows\System\VjIfeRC.exe
  2⤵
  PID:4548
- C:\Windows\System\AiMsxux.exe
  C:\Windows\System\AiMsxux.exe
  2⤵
  PID:4604
- C:\Windows\System\vijsIYM.exe
  C:\Windows\System\vijsIYM.exe
  2⤵
  PID:4612
- C:\Windows\System\kLvrtXW.exe
  C:\Windows\System\kLvrtXW.exe
  2⤵
  PID:4644
- C:\Windows\System\QhZbkzX.exe
  C:\Windows\System\QhZbkzX.exe
  2⤵
  PID:4672
- C:\Windows\System\RRxQlzH.exe
  C:\Windows\System\RRxQlzH.exe
  2⤵
  PID:4696
- C:\Windows\System\NXnZbqZ.exe
  C:\Windows\System\NXnZbqZ.exe
  2⤵
  PID:4724
- C:\Windows\System\DXxBapT.exe
  C:\Windows\System\DXxBapT.exe
  2⤵
  PID:4752
- C:\Windows\System\cijUqKj.exe
  C:\Windows\System\cijUqKj.exe
  2⤵
  PID:2352
- C:\Windows\System\EfqHXeV.exe
  C:\Windows\System\EfqHXeV.exe
  2⤵
  PID:4876
- C:\Windows\System\bunbikG.exe
  C:\Windows\System\bunbikG.exe
  2⤵
  PID:4924
- C:\Windows\System\MXyIBKi.exe
  C:\Windows\System\MXyIBKi.exe
  2⤵
  PID:4820
- C:\Windows\System\eggljmq.exe
  C:\Windows\System\eggljmq.exe
  2⤵
  PID:4904
- C:\Windows\System\RkzDikJ.exe
  C:\Windows\System\RkzDikJ.exe
  2⤵
  PID:4964
- C:\Windows\System\AMXVUaR.exe
  C:\Windows\System\AMXVUaR.exe
  2⤵
  PID:4972
- C:\Windows\System\zIbuVuz.exe
  C:\Windows\System\zIbuVuz.exe
  2⤵
  PID:5052
- C:\Windows\System\tRSvRbg.exe
  C:\Windows\System\tRSvRbg.exe
  2⤵
  PID:5032
- C:\Windows\System\GPWpwER.exe
  C:\Windows\System\GPWpwER.exe
  2⤵
  PID:5096
- C:\Windows\System\DkBKJhf.exe
  C:\Windows\System\DkBKJhf.exe
  2⤵
  PID:1660
- C:\Windows\System\qjKZnzz.exe
  C:\Windows\System\qjKZnzz.exe
  2⤵
  PID:2716
- C:\Windows\System\SEpTsAt.exe
  C:\Windows\System\SEpTsAt.exe
  2⤵
  PID:5116
- C:\Windows\System\ilONBOe.exe
  C:\Windows\System\ilONBOe.exe
  2⤵
  PID:3800
- C:\Windows\System\exYWdeV.exe
  C:\Windows\System\exYWdeV.exe
  2⤵
  PID:3256
- C:\Windows\System\SaDdIzY.exe
  C:\Windows\System\SaDdIzY.exe
  2⤵
  PID:3780
- C:\Windows\System\gNhHJeS.exe
  C:\Windows\System\gNhHJeS.exe
  2⤵
  PID:4100
- C:\Windows\System\maDKTIm.exe
  C:\Windows\System\maDKTIm.exe
  2⤵
  PID:3580
- C:\Windows\System\SqYiFaW.exe
  C:\Windows\System\SqYiFaW.exe
  2⤵
  PID:4156
- C:\Windows\System\gNfJfIs.exe
  C:\Windows\System\gNfJfIs.exe
  2⤵
  PID:4284
- C:\Windows\System\rdngjPZ.exe
  C:\Windows\System\rdngjPZ.exe
  2⤵
  PID:4328
- C:\Windows\System\sbUHppm.exe
  C:\Windows\System\sbUHppm.exe
  2⤵
  PID:4456
- C:\Windows\System\bFhHmVH.exe
  C:\Windows\System\bFhHmVH.exe
  2⤵
  PID:4416
- C:\Windows\System\vYtLHYc.exe
  C:\Windows\System\vYtLHYc.exe
  2⤵
  PID:4468
- C:\Windows\System\orCvhjY.exe
  C:\Windows\System\orCvhjY.exe
  2⤵
  PID:4496
- C:\Windows\System\pOsXNYL.exe
  C:\Windows\System\pOsXNYL.exe
  2⤵
  PID:4588
- C:\Windows\System\ecbvUib.exe
  C:\Windows\System\ecbvUib.exe
  2⤵
  PID:4628
- C:\Windows\System\RWzLcuB.exe
  C:\Windows\System\RWzLcuB.exe
  2⤵
  PID:4708
- C:\Windows\System\IHSEgNN.exe
  C:\Windows\System\IHSEgNN.exe
  2⤵
  PID:4616
- C:\Windows\System\KjgDjgK.exe
  C:\Windows\System\KjgDjgK.exe
  2⤵
  PID:4676
- C:\Windows\System\IgdeJCa.exe
  C:\Windows\System\IgdeJCa.exe
  2⤵
  PID:4888
- C:\Windows\System\JEcyXgl.exe
  C:\Windows\System\JEcyXgl.exe
  2⤵
  PID:4900
- C:\Windows\System\eVvjMYk.exe
  C:\Windows\System\eVvjMYk.exe
  2⤵
  PID:4844
- C:\Windows\System\cjtfAOy.exe
  C:\Windows\System\cjtfAOy.exe
  2⤵
  PID:4952
- C:\Windows\System\EdRIfPk.exe
  C:\Windows\System\EdRIfPk.exe
  2⤵
  PID:4980
- C:\Windows\System\RKHJtpG.exe
  C:\Windows\System\RKHJtpG.exe
  2⤵
  PID:5076
- C:\Windows\System\NIXVQxx.exe
  C:\Windows\System\NIXVQxx.exe
  2⤵
  PID:5016
- C:\Windows\System\yfAyNhl.exe
  C:\Windows\System\yfAyNhl.exe
  2⤵
  PID:3100
- C:\Windows\System\rplGRHh.exe
  C:\Windows\System\rplGRHh.exe
  2⤵
  PID:3756
- C:\Windows\System\wtTygYO.exe
  C:\Windows\System\wtTygYO.exe
  2⤵
  PID:3528
- C:\Windows\System\DxSUbNP.exe
  C:\Windows\System\DxSUbNP.exe
  2⤵
  PID:4240
- C:\Windows\System\yWjKEVb.exe
  C:\Windows\System\yWjKEVb.exe
  2⤵
  PID:4140
- C:\Windows\System\hvcCYDS.exe
  C:\Windows\System\hvcCYDS.exe
  2⤵
  PID:3228
- C:\Windows\System\tYsIMAJ.exe
  C:\Windows\System\tYsIMAJ.exe
  2⤵
  PID:4372
- C:\Windows\System\dDbYALC.exe
  C:\Windows\System\dDbYALC.exe
  2⤵
  PID:4288
- C:\Windows\System\LRBSxrx.exe
  C:\Windows\System\LRBSxrx.exe
  2⤵
  PID:4632
- C:\Windows\System\qHVyJJn.exe
  C:\Windows\System\qHVyJJn.exe
  2⤵
  PID:4552
- C:\Windows\System\aFduUwE.exe
  C:\Windows\System\aFduUwE.exe
  2⤵
  PID:4728
- C:\Windows\System\sSGBNUf.exe
  C:\Windows\System\sSGBNUf.exe
  2⤵
  PID:5124
- C:\Windows\System\seGoXvV.exe
  C:\Windows\System\seGoXvV.exe
  2⤵
  PID:5144
- C:\Windows\System\gublXhj.exe
  C:\Windows\System\gublXhj.exe
  2⤵
  PID:5164
- C:\Windows\System\wWrVCgZ.exe
  C:\Windows\System\wWrVCgZ.exe
  2⤵
  PID:5184
- C:\Windows\System\TuBcmdC.exe
  C:\Windows\System\TuBcmdC.exe
  2⤵
  PID:5204
- C:\Windows\System\OCyHxRR.exe
  C:\Windows\System\OCyHxRR.exe
  2⤵
  PID:5224
- C:\Windows\System\jtuXAkx.exe
  C:\Windows\System\jtuXAkx.exe
  2⤵
  PID:5244
- C:\Windows\System\yIthEJh.exe
  C:\Windows\System\yIthEJh.exe
  2⤵
  PID:5264
- C:\Windows\System\PDXJIgS.exe
  C:\Windows\System\PDXJIgS.exe
  2⤵
  PID:5284
- C:\Windows\System\eOkpqUi.exe
  C:\Windows\System\eOkpqUi.exe
  2⤵
  PID:5304
- C:\Windows\System\oRUiees.exe
  C:\Windows\System\oRUiees.exe
  2⤵
  PID:5324
- C:\Windows\System\JlSwzcK.exe
  C:\Windows\System\JlSwzcK.exe
  2⤵
  PID:5344
- C:\Windows\System\JBUEvLh.exe
  C:\Windows\System\JBUEvLh.exe
  2⤵
  PID:5364
- C:\Windows\System\dasfJvZ.exe
  C:\Windows\System\dasfJvZ.exe
  2⤵
  PID:5384
- C:\Windows\System\ejyXPNL.exe
  C:\Windows\System\ejyXPNL.exe
  2⤵
  PID:5404
- C:\Windows\System\qfNfUhi.exe
  C:\Windows\System\qfNfUhi.exe
  2⤵
  PID:5424
- C:\Windows\System\qTBnevs.exe
  C:\Windows\System\qTBnevs.exe
  2⤵
  PID:5444
- C:\Windows\System\fomaxNY.exe
  C:\Windows\System\fomaxNY.exe
  2⤵
  PID:5468
- C:\Windows\System\UjZjAPt.exe
  C:\Windows\System\UjZjAPt.exe
  2⤵
  PID:5488
- C:\Windows\System\YnlHjlo.exe
  C:\Windows\System\YnlHjlo.exe
  2⤵
  PID:5508
- C:\Windows\System\VFvbsae.exe
  C:\Windows\System\VFvbsae.exe
  2⤵
  PID:5528
- C:\Windows\System\WztbTFU.exe
  C:\Windows\System\WztbTFU.exe
  2⤵
  PID:5548
- C:\Windows\System\GqLhyRx.exe
  C:\Windows\System\GqLhyRx.exe
  2⤵
  PID:5568
- C:\Windows\System\MkJehyO.exe
  C:\Windows\System\MkJehyO.exe
  2⤵
  PID:5588
- C:\Windows\System\GobmbDf.exe
  C:\Windows\System\GobmbDf.exe
  2⤵
  PID:5608
- C:\Windows\System\GvHgIZE.exe
  C:\Windows\System\GvHgIZE.exe
  2⤵
  PID:5628
- C:\Windows\System\EqFijka.exe
  C:\Windows\System\EqFijka.exe
  2⤵
  PID:5648
- C:\Windows\System\BqRTAls.exe
  C:\Windows\System\BqRTAls.exe
  2⤵
  PID:5668
- C:\Windows\System\RgEumuY.exe
  C:\Windows\System\RgEumuY.exe
  2⤵
  PID:5688
- C:\Windows\System\qOgqOQQ.exe
  C:\Windows\System\qOgqOQQ.exe
  2⤵
  PID:5708
- C:\Windows\System\oBuUGOb.exe
  C:\Windows\System\oBuUGOb.exe
  2⤵
  PID:5728
- C:\Windows\System\fDchhqZ.exe
  C:\Windows\System\fDchhqZ.exe
  2⤵
  PID:5748
- C:\Windows\System\gJovLHN.exe
  C:\Windows\System\gJovLHN.exe
  2⤵
  PID:5772
- C:\Windows\System\cRKAhbw.exe
  C:\Windows\System\cRKAhbw.exe
  2⤵
  PID:5792
- C:\Windows\System\HAuQfYU.exe
  C:\Windows\System\HAuQfYU.exe
  2⤵
  PID:5812
- C:\Windows\System\VqfgGeX.exe
  C:\Windows\System\VqfgGeX.exe
  2⤵
  PID:5832
- C:\Windows\System\epSIFcS.exe
  C:\Windows\System\epSIFcS.exe
  2⤵
  PID:5852
- C:\Windows\System\xXOKzKd.exe
  C:\Windows\System\xXOKzKd.exe
  2⤵
  PID:5872
- C:\Windows\System\arNNJSp.exe
  C:\Windows\System\arNNJSp.exe
  2⤵
  PID:5892
- C:\Windows\System\usUwdet.exe
  C:\Windows\System\usUwdet.exe
  2⤵
  PID:5912
- C:\Windows\System\JzLqIjz.exe
  C:\Windows\System\JzLqIjz.exe
  2⤵
  PID:5932
- C:\Windows\System\FlxsKvO.exe
  C:\Windows\System\FlxsKvO.exe
  2⤵
  PID:5952
- C:\Windows\System\sETvGmH.exe
  C:\Windows\System\sETvGmH.exe
  2⤵
  PID:5972
- C:\Windows\System\keirNry.exe
  C:\Windows\System\keirNry.exe
  2⤵
  PID:5996
- C:\Windows\System\mYTbuXL.exe
  C:\Windows\System\mYTbuXL.exe
  2⤵
  PID:6016
- C:\Windows\System\XTbQqYW.exe
  C:\Windows\System\XTbQqYW.exe
  2⤵
  PID:6036
- C:\Windows\System\swlwdtD.exe
  C:\Windows\System\swlwdtD.exe
  2⤵
  PID:6056
- C:\Windows\System\CzNEYha.exe
  C:\Windows\System\CzNEYha.exe
  2⤵
  PID:6076
- C:\Windows\System\exllbHC.exe
  C:\Windows\System\exllbHC.exe
  2⤵
  PID:6096
- C:\Windows\System\kBdsUzR.exe
  C:\Windows\System\kBdsUzR.exe
  2⤵
  PID:6116
- C:\Windows\System\PcAkgaV.exe
  C:\Windows\System\PcAkgaV.exe
  2⤵
  PID:6136
- C:\Windows\System\dWIlDlI.exe
  C:\Windows\System\dWIlDlI.exe
  2⤵
  PID:4688
- C:\Windows\System\uZDMxmE.exe
  C:\Windows\System\uZDMxmE.exe
  2⤵
  PID:4840
- C:\Windows\System\mrAKysr.exe
  C:\Windows\System\mrAKysr.exe
  2⤵
  PID:5056
- C:\Windows\System\ONIcIMm.exe
  C:\Windows\System\ONIcIMm.exe
  2⤵
  PID:4860
- C:\Windows\System\nfAMmqJ.exe
  C:\Windows\System\nfAMmqJ.exe
  2⤵
  PID:2824
- C:\Windows\System\DwRNynJ.exe
  C:\Windows\System\DwRNynJ.exe
  2⤵
  PID:5092
- C:\Windows\System\VWyqYyY.exe
  C:\Windows\System\VWyqYyY.exe
  2⤵
  PID:4008
- C:\Windows\System\ihGQyoZ.exe
  C:\Windows\System\ihGQyoZ.exe
  2⤵
  PID:3112
- C:\Windows\System\aqvpQys.exe
  C:\Windows\System\aqvpQys.exe
  2⤵
  PID:4368
- C:\Windows\System\kwxFwHt.exe
  C:\Windows\System\kwxFwHt.exe
  2⤵
  PID:1748
- C:\Windows\System\JVAVkao.exe
  C:\Windows\System\JVAVkao.exe
  2⤵
  PID:4572
- C:\Windows\System\iaRtqNA.exe
  C:\Windows\System\iaRtqNA.exe
  2⤵
  PID:4476
- C:\Windows\System\CFIfcHr.exe
  C:\Windows\System\CFIfcHr.exe
  2⤵
  PID:5152
- C:\Windows\System\JYFoWdf.exe
  C:\Windows\System\JYFoWdf.exe
  2⤵
  PID:5172
- C:\Windows\System\XKJxbgU.exe
  C:\Windows\System\XKJxbgU.exe
  2⤵
  PID:5196
- C:\Windows\System\rqVTwLf.exe
  C:\Windows\System\rqVTwLf.exe
  2⤵
  PID:5240
- C:\Windows\System\xXhBWQY.exe
  C:\Windows\System\xXhBWQY.exe
  2⤵
  PID:5260
- C:\Windows\System\AVdIEkJ.exe
  C:\Windows\System\AVdIEkJ.exe
  2⤵
  PID:5300
- C:\Windows\System\rGuaQoH.exe
  C:\Windows\System\rGuaQoH.exe
  2⤵
  PID:2796
- C:\Windows\System\zhOrNsv.exe
  C:\Windows\System\zhOrNsv.exe
  2⤵
  PID:5360
- C:\Windows\System\maqMsZZ.exe
  C:\Windows\System\maqMsZZ.exe
  2⤵
  PID:5372
- C:\Windows\System\crzadCF.exe
  C:\Windows\System\crzadCF.exe
  2⤵
  PID:5432
- C:\Windows\System\tdbFrXr.exe
  C:\Windows\System\tdbFrXr.exe
  2⤵
  PID:5452
- C:\Windows\System\ONHfdjD.exe
  C:\Windows\System\ONHfdjD.exe
  2⤵
  PID:5456
- C:\Windows\System\ODdcrIs.exe
  C:\Windows\System\ODdcrIs.exe
  2⤵
  PID:5500
- C:\Windows\System\IMExvUX.exe
  C:\Windows\System\IMExvUX.exe
  2⤵
  PID:5540
- C:\Windows\System\EsUDLCJ.exe
  C:\Windows\System\EsUDLCJ.exe
  2⤵
  PID:5576
- C:\Windows\System\xHMxHBh.exe
  C:\Windows\System\xHMxHBh.exe
  2⤵
  PID:5620
- C:\Windows\System\iuPFtpW.exe
  C:\Windows\System\iuPFtpW.exe
  2⤵
  PID:5676
- C:\Windows\System\QaPUzGL.exe
  C:\Windows\System\QaPUzGL.exe
  2⤵
  PID:5696
- C:\Windows\System\HTSQOIw.exe
  C:\Windows\System\HTSQOIw.exe
  2⤵
  PID:5720
- C:\Windows\System\YNExTKH.exe
  C:\Windows\System\YNExTKH.exe
  2⤵
  PID:5768
- C:\Windows\System\wzFAefG.exe
  C:\Windows\System\wzFAefG.exe
  2⤵
  PID:5784
- C:\Windows\System\cNQqcEr.exe
  C:\Windows\System\cNQqcEr.exe
  2⤵
  PID:5848
- C:\Windows\System\WTHYehB.exe
  C:\Windows\System\WTHYehB.exe
  2⤵
  PID:5880
- C:\Windows\System\OPlxjFf.exe
  C:\Windows\System\OPlxjFf.exe
  2⤵
  PID:5900
- C:\Windows\System\DjNtdaW.exe
  C:\Windows\System\DjNtdaW.exe
  2⤵
  PID:5924
- C:\Windows\System\CfFIDvA.exe
  C:\Windows\System\CfFIDvA.exe
  2⤵
  PID:5944
- C:\Windows\System\ffgIDUf.exe
  C:\Windows\System\ffgIDUf.exe
  2⤵
  PID:5992
- C:\Windows\System\UBWMGfT.exe
  C:\Windows\System\UBWMGfT.exe
  2⤵
  PID:6044
- C:\Windows\System\snarSOg.exe
  C:\Windows\System\snarSOg.exe
  2⤵
  PID:6064
- C:\Windows\System\teqgfKj.exe
  C:\Windows\System\teqgfKj.exe
  2⤵
  PID:6104
- C:\Windows\System\RxUhUfF.exe
  C:\Windows\System\RxUhUfF.exe
  2⤵
  PID:6128
- C:\Windows\System\uwcfvrO.exe
  C:\Windows\System\uwcfvrO.exe
  2⤵
  PID:4804
- C:\Windows\System\eagqdXP.exe
  C:\Windows\System\eagqdXP.exe
  2⤵
  PID:2580
- C:\Windows\System\oNPZvze.exe
  C:\Windows\System\oNPZvze.exe
  2⤵
  PID:4992
- C:\Windows\System\vWgzaqj.exe
  C:\Windows\System\vWgzaqj.exe
  2⤵
  PID:5072
- C:\Windows\System\rysZihq.exe
  C:\Windows\System\rysZihq.exe
  2⤵
  PID:4332
- C:\Windows\System\CoXkTYp.exe
  C:\Windows\System\CoXkTYp.exe
  2⤵
  PID:3984
- C:\Windows\System\CIzUajX.exe
  C:\Windows\System\CIzUajX.exe
  2⤵
  PID:2808
- C:\Windows\System\KQcDfqz.exe
  C:\Windows\System\KQcDfqz.exe
  2⤵
  PID:5132
- C:\Windows\System\vLcLAFX.exe
  C:\Windows\System\vLcLAFX.exe
  2⤵
  PID:5180
- C:\Windows\System\yrJCPNW.exe
  C:\Windows\System\yrJCPNW.exe
  2⤵
  PID:5232
- C:\Windows\System\echwCrK.exe
  C:\Windows\System\echwCrK.exe
  2⤵
  PID:5292
- C:\Windows\System\nMJlOih.exe
  C:\Windows\System\nMJlOih.exe
  2⤵
  PID:5316
- C:\Windows\System\hEzQHEl.exe
  C:\Windows\System\hEzQHEl.exe
  2⤵
  PID:5400
- C:\Windows\System\zHtiAOO.exe
  C:\Windows\System\zHtiAOO.exe
  2⤵
  PID:5436
- C:\Windows\System\BVrKDzl.exe
  C:\Windows\System\BVrKDzl.exe
  2⤵
  PID:5524
- C:\Windows\System\VQEznzM.exe
  C:\Windows\System\VQEznzM.exe
  2⤵
  PID:5544
- C:\Windows\System\NolGJxv.exe
  C:\Windows\System\NolGJxv.exe
  2⤵
  PID:5604
- C:\Windows\System\KKYehmM.exe
  C:\Windows\System\KKYehmM.exe
  2⤵
  PID:5656
- C:\Windows\System\JyrxLej.exe
  C:\Windows\System\JyrxLej.exe
  2⤵
  PID:5700
- C:\Windows\System\lGcVoBx.exe
  C:\Windows\System\lGcVoBx.exe
  2⤵
  PID:5756
- C:\Windows\System\BRDpJMs.exe
  C:\Windows\System\BRDpJMs.exe
  2⤵
  PID:5840
- C:\Windows\System\hHGTwZx.exe
  C:\Windows\System\hHGTwZx.exe
  2⤵
  PID:5868
- C:\Windows\System\YYWbWQw.exe
  C:\Windows\System\YYWbWQw.exe
  2⤵
  PID:5960
- C:\Windows\System\WrBAKWf.exe
  C:\Windows\System\WrBAKWf.exe
  2⤵
  PID:5464
- C:\Windows\System\erWnbHw.exe
  C:\Windows\System\erWnbHw.exe
  2⤵
  PID:6032
- C:\Windows\System\DoLxfme.exe
  C:\Windows\System\DoLxfme.exe
  2⤵
  PID:6084
- C:\Windows\System\SBNUOtG.exe
  C:\Windows\System\SBNUOtG.exe
  2⤵
  PID:4748
- C:\Windows\System\FBEiTdR.exe
  C:\Windows\System\FBEiTdR.exe
  2⤵
  PID:4920
- C:\Windows\System\eVNzWdx.exe
  C:\Windows\System\eVNzWdx.exe
  2⤵
  PID:3864
- C:\Windows\System\mtYECah.exe
  C:\Windows\System\mtYECah.exe
  2⤵
  PID:2324
- C:\Windows\System\WQyNvFh.exe
  C:\Windows\System\WQyNvFh.exe
  2⤵
  PID:4432
- C:\Windows\System\imrLhzC.exe
  C:\Windows\System\imrLhzC.exe
  2⤵
  PID:5140
- C:\Windows\System\kxcoGLB.exe
  C:\Windows\System\kxcoGLB.exe
  2⤵
  PID:5216
- C:\Windows\System\gAJEgYc.exe
  C:\Windows\System\gAJEgYc.exe
  2⤵
  PID:5320
- C:\Windows\System\DgllBwp.exe
  C:\Windows\System\DgllBwp.exe
  2⤵
  PID:5392
- C:\Windows\System\slOafCX.exe
  C:\Windows\System\slOafCX.exe
  2⤵
  PID:5484
- C:\Windows\System\FHnLqki.exe
  C:\Windows\System\FHnLqki.exe
  2⤵
  PID:5580
- C:\Windows\System\OWfqsnh.exe
  C:\Windows\System\OWfqsnh.exe
  2⤵
  PID:5644
- C:\Windows\System\LYowFjY.exe
  C:\Windows\System\LYowFjY.exe
  2⤵
  PID:5740
- C:\Windows\System\IsjYdVY.exe
  C:\Windows\System\IsjYdVY.exe
  2⤵
  PID:5828
- C:\Windows\System\VXAfCpq.exe
  C:\Windows\System\VXAfCpq.exe
  2⤵
  PID:2736
- C:\Windows\System\LvPwfXX.exe
  C:\Windows\System\LvPwfXX.exe
  2⤵
  PID:6008
- C:\Windows\System\stXkXTG.exe
  C:\Windows\System\stXkXTG.exe
  2⤵
  PID:6156
- C:\Windows\System\iicCDUI.exe
  C:\Windows\System\iicCDUI.exe
  2⤵
  PID:6176
- C:\Windows\System\CdpmXHU.exe
  C:\Windows\System\CdpmXHU.exe
  2⤵
  PID:6196
- C:\Windows\System\yLQhlTd.exe
  C:\Windows\System\yLQhlTd.exe
  2⤵
  PID:6220
- C:\Windows\System\lesdGWy.exe
  C:\Windows\System\lesdGWy.exe
  2⤵
  PID:6240
- C:\Windows\System\EbdBaBd.exe
  C:\Windows\System\EbdBaBd.exe
  2⤵
  PID:6260
- C:\Windows\System\NCoreNo.exe
  C:\Windows\System\NCoreNo.exe
  2⤵
  PID:6280
- C:\Windows\System\xUsPyIa.exe
  C:\Windows\System\xUsPyIa.exe
  2⤵
  PID:6300
- C:\Windows\System\taWcCdp.exe
  C:\Windows\System\taWcCdp.exe
  2⤵
  PID:6320
- C:\Windows\System\JqbYUht.exe
  C:\Windows\System\JqbYUht.exe
  2⤵
  PID:6340
- C:\Windows\System\UQYSvbX.exe
  C:\Windows\System\UQYSvbX.exe
  2⤵
  PID:6360
- C:\Windows\System\EqVTgzi.exe
  C:\Windows\System\EqVTgzi.exe
  2⤵
  PID:6380
- C:\Windows\System\aIkphul.exe
  C:\Windows\System\aIkphul.exe
  2⤵
  PID:6400
- C:\Windows\System\yQmHuth.exe
  C:\Windows\System\yQmHuth.exe
  2⤵
  PID:6420
- C:\Windows\System\HTytQex.exe
  C:\Windows\System\HTytQex.exe
  2⤵
  PID:6440
- C:\Windows\System\UmYllEr.exe
  C:\Windows\System\UmYllEr.exe
  2⤵
  PID:6460
- C:\Windows\System\NsvsMbx.exe
  C:\Windows\System\NsvsMbx.exe
  2⤵
  PID:6480
- C:\Windows\System\PVKgCbz.exe
  C:\Windows\System\PVKgCbz.exe
  2⤵
  PID:6500
- C:\Windows\System\sxnwSZb.exe
  C:\Windows\System\sxnwSZb.exe
  2⤵
  PID:6520
- C:\Windows\System\aViJKiv.exe
  C:\Windows\System\aViJKiv.exe
  2⤵
  PID:6540
- C:\Windows\System\HcKPACn.exe
  C:\Windows\System\HcKPACn.exe
  2⤵
  PID:6560
- C:\Windows\System\sELFsgY.exe
  C:\Windows\System\sELFsgY.exe
  2⤵
  PID:6580
- C:\Windows\System\LxISsBZ.exe
  C:\Windows\System\LxISsBZ.exe
  2⤵
  PID:6600
- C:\Windows\System\rNfvlsJ.exe
  C:\Windows\System\rNfvlsJ.exe
  2⤵
  PID:6620
- C:\Windows\System\PXfVYOp.exe
  C:\Windows\System\PXfVYOp.exe
  2⤵
  PID:6640
- C:\Windows\System\YvgyYbT.exe
  C:\Windows\System\YvgyYbT.exe
  2⤵
  PID:6660
- C:\Windows\System\jKzcXCC.exe
  C:\Windows\System\jKzcXCC.exe
  2⤵
  PID:6680
- C:\Windows\System\usLniMa.exe
  C:\Windows\System\usLniMa.exe
  2⤵
  PID:6700
- C:\Windows\System\kWfMIjx.exe
  C:\Windows\System\kWfMIjx.exe
  2⤵
  PID:6720
- C:\Windows\System\Tjvmppr.exe
  C:\Windows\System\Tjvmppr.exe
  2⤵
  PID:6740
- C:\Windows\System\aHOKPYW.exe
  C:\Windows\System\aHOKPYW.exe
  2⤵
  PID:6760
- C:\Windows\System\ktcvlWg.exe
  C:\Windows\System\ktcvlWg.exe
  2⤵
  PID:6780
- C:\Windows\System\emUrsuC.exe
  C:\Windows\System\emUrsuC.exe
  2⤵
  PID:6800
- C:\Windows\System\fVAOeDB.exe
  C:\Windows\System\fVAOeDB.exe
  2⤵
  PID:6820
- C:\Windows\System\CNFIlau.exe
  C:\Windows\System\CNFIlau.exe
  2⤵
  PID:6840
- C:\Windows\System\NJZCRpM.exe
  C:\Windows\System\NJZCRpM.exe
  2⤵
  PID:6860
- C:\Windows\System\rgioMMg.exe
  C:\Windows\System\rgioMMg.exe
  2⤵
  PID:6880
- C:\Windows\System\pSNhRlg.exe
  C:\Windows\System\pSNhRlg.exe
  2⤵
  PID:6900
- C:\Windows\System\AWqUsuV.exe
  C:\Windows\System\AWqUsuV.exe
  2⤵
  PID:6920
- C:\Windows\System\nXCQGdv.exe
  C:\Windows\System\nXCQGdv.exe
  2⤵
  PID:6940
- C:\Windows\System\sEasBMG.exe
  C:\Windows\System\sEasBMG.exe
  2⤵
  PID:6960
- C:\Windows\System\nXNujIK.exe
  C:\Windows\System\nXNujIK.exe
  2⤵
  PID:6980
- C:\Windows\System\vXrYxtu.exe
  C:\Windows\System\vXrYxtu.exe
  2⤵
  PID:7000
- C:\Windows\System\gKNLODQ.exe
  C:\Windows\System\gKNLODQ.exe
  2⤵
  PID:7020
- C:\Windows\System\NjXqCbA.exe
  C:\Windows\System\NjXqCbA.exe
  2⤵
  PID:7040
- C:\Windows\System\CdSxzve.exe
  C:\Windows\System\CdSxzve.exe
  2⤵
  PID:7060
- C:\Windows\System\MBilJXO.exe
  C:\Windows\System\MBilJXO.exe
  2⤵
  PID:7080
- C:\Windows\System\MwuThyn.exe
  C:\Windows\System\MwuThyn.exe
  2⤵
  PID:7100
- C:\Windows\System\yGaFddJ.exe
  C:\Windows\System\yGaFddJ.exe
  2⤵
  PID:7120
- C:\Windows\System\bHIOSaM.exe
  C:\Windows\System\bHIOSaM.exe
  2⤵
  PID:7140
- C:\Windows\System\JBsAbsZ.exe
  C:\Windows\System\JBsAbsZ.exe
  2⤵
  PID:7160
- C:\Windows\System\ieBCdWR.exe
  C:\Windows\System\ieBCdWR.exe
  2⤵
  PID:6124
- C:\Windows\System\IzpGWER.exe
  C:\Windows\System\IzpGWER.exe
  2⤵
  PID:2480
- C:\Windows\System\DAwLYgi.exe
  C:\Windows\System\DAwLYgi.exe
  2⤵
  PID:1084
- C:\Windows\System\rOJLjGK.exe
  C:\Windows\System\rOJLjGK.exe
  2⤵
  PID:5200
- C:\Windows\System\PelFbaY.exe
  C:\Windows\System\PelFbaY.exe
  2⤵
  PID:5280
- C:\Windows\System\wcRwxPm.exe
  C:\Windows\System\wcRwxPm.exe
  2⤵
  PID:2976
- C:\Windows\System\OwGEaif.exe
  C:\Windows\System\OwGEaif.exe
  2⤵
  PID:5496
- C:\Windows\System\jZCJCYb.exe
  C:\Windows\System\jZCJCYb.exe
  2⤵
  PID:5744
- C:\Windows\System\SOWugVl.exe
  C:\Windows\System\SOWugVl.exe
  2⤵
  PID:5860
- C:\Windows\System\sNZoKvg.exe
  C:\Windows\System\sNZoKvg.exe
  2⤵
  PID:5980
- C:\Windows\System\kTdgPWI.exe
  C:\Windows\System\kTdgPWI.exe
  2⤵
  PID:6148
- C:\Windows\System\QMlLGLd.exe
  C:\Windows\System\QMlLGLd.exe
  2⤵
  PID:6192
- C:\Windows\System\euOEXah.exe
  C:\Windows\System\euOEXah.exe
  2⤵
  PID:6228
- C:\Windows\System\kIItnMG.exe
  C:\Windows\System\kIItnMG.exe
  2⤵
  PID:6248
- C:\Windows\System\lbkbmJD.exe
  C:\Windows\System\lbkbmJD.exe
  2⤵
  PID:6296
- C:\Windows\System\rLVrZuk.exe
  C:\Windows\System\rLVrZuk.exe
  2⤵
  PID:6328
- C:\Windows\System\irRZwFh.exe
  C:\Windows\System\irRZwFh.exe
  2⤵
  PID:6352
- C:\Windows\System\vHGeJBh.exe
  C:\Windows\System\vHGeJBh.exe
  2⤵
  PID:6372
- C:\Windows\System\eLiWHGj.exe
  C:\Windows\System\eLiWHGj.exe
  2⤵
  PID:6428
- C:\Windows\System\rUrBqLE.exe
  C:\Windows\System\rUrBqLE.exe
  2⤵
  PID:6468
- C:\Windows\System\AVIxWLv.exe
  C:\Windows\System\AVIxWLv.exe
  2⤵
  PID:6496
- C:\Windows\System\uahRXuS.exe
  C:\Windows\System\uahRXuS.exe
  2⤵
  PID:6528
- C:\Windows\System\QgIflLy.exe
  C:\Windows\System\QgIflLy.exe
  2⤵
  PID:6552
- C:\Windows\System\oAJESgH.exe
  C:\Windows\System\oAJESgH.exe
  2⤵
  PID:6596
- C:\Windows\System\LFCMevg.exe
  C:\Windows\System\LFCMevg.exe
  2⤵
  PID:6636
- C:\Windows\System\lGfBVaX.exe
  C:\Windows\System\lGfBVaX.exe
  2⤵
  PID:6656
- C:\Windows\System\tGKtcQf.exe
  C:\Windows\System\tGKtcQf.exe
  2⤵
  PID:6688
- C:\Windows\System\xWOespH.exe
  C:\Windows\System\xWOespH.exe
  2⤵
  PID:6716
- C:\Windows\System\KzRJEfs.exe
  C:\Windows\System\KzRJEfs.exe
  2⤵
  PID:6736
- C:\Windows\System\ETeeDlD.exe
  C:\Windows\System\ETeeDlD.exe
  2⤵
  PID:6776
- C:\Windows\System\QvsUVwz.exe
  C:\Windows\System\QvsUVwz.exe
  2⤵
  PID:6792
- C:\Windows\System\zaYPweS.exe
  C:\Windows\System\zaYPweS.exe
  2⤵
  PID:6832
- C:\Windows\System\osYygto.exe
  C:\Windows\System\osYygto.exe
  2⤵
  PID:6876
- C:\Windows\System\uFZOpgA.exe
  C:\Windows\System\uFZOpgA.exe
  2⤵
  PID:6896
- C:\Windows\System\iNANtgV.exe
  C:\Windows\System\iNANtgV.exe
  2⤵
  PID:6956
- C:\Windows\System\JyHNMAt.exe
  C:\Windows\System\JyHNMAt.exe
  2⤵
  PID:6976
- C:\Windows\System\hDIEgWg.exe
  C:\Windows\System\hDIEgWg.exe
  2⤵
  PID:7008
- C:\Windows\System\eKbzjcU.exe
  C:\Windows\System\eKbzjcU.exe
  2⤵
  PID:7032
- C:\Windows\System\fDPicdn.exe
  C:\Windows\System\fDPicdn.exe
  2⤵
  PID:7072
- C:\Windows\System\nGOxiVV.exe
  C:\Windows\System\nGOxiVV.exe
  2⤵
  PID:7088
- C:\Windows\System\asEfesZ.exe
  C:\Windows\System\asEfesZ.exe
  2⤵
  PID:7148
- C:\Windows\System\PfZZIIr.exe
  C:\Windows\System\PfZZIIr.exe
  2⤵
  PID:6108
- C:\Windows\System\vmzrwAP.exe
  C:\Windows\System\vmzrwAP.exe
  2⤵
  PID:4216
- C:\Windows\System\qaewRBW.exe
  C:\Windows\System\qaewRBW.exe
  2⤵
  PID:4532
- C:\Windows\System\szTNWDS.exe
  C:\Windows\System\szTNWDS.exe
  2⤵
  PID:5156
- C:\Windows\System\ySHxRIm.exe
  C:\Windows\System\ySHxRIm.exe
  2⤵
  PID:5556
- C:\Windows\System\ohxzxBK.exe
  C:\Windows\System\ohxzxBK.exe
  2⤵
  PID:5660
- C:\Windows\System\aQjiArJ.exe
  C:\Windows\System\aQjiArJ.exe
  2⤵
  PID:6152
- C:\Windows\System\KVmFPrh.exe
  C:\Windows\System\KVmFPrh.exe
  2⤵
  PID:6204
- C:\Windows\System\KvITcSA.exe
  C:\Windows\System\KvITcSA.exe
  2⤵
  PID:1356
- C:\Windows\System\iZikJuo.exe
  C:\Windows\System\iZikJuo.exe
  2⤵
  PID:6312
- C:\Windows\System\JELWLlT.exe
  C:\Windows\System\JELWLlT.exe
  2⤵
  PID:6388
- C:\Windows\System\KYzeWFS.exe
  C:\Windows\System\KYzeWFS.exe
  2⤵
  PID:6448
- C:\Windows\System\fQGNAKM.exe
  C:\Windows\System\fQGNAKM.exe
  2⤵
  PID:6452
- C:\Windows\System\waEvdUs.exe
  C:\Windows\System\waEvdUs.exe
  2⤵
  PID:6536
- C:\Windows\System\kiMaixe.exe
  C:\Windows\System\kiMaixe.exe
  2⤵
  PID:6588
- C:\Windows\System\DONKONe.exe
  C:\Windows\System\DONKONe.exe
  2⤵
  PID:6608
- C:\Windows\System\DtXRpXU.exe
  C:\Windows\System\DtXRpXU.exe
  2⤵
  PID:6652
- C:\Windows\System\NcQnarQ.exe
  C:\Windows\System\NcQnarQ.exe
  2⤵
  PID:6768
- C:\Windows\System\PydXUcd.exe
  C:\Windows\System\PydXUcd.exe
  2⤵
  PID:6728
- C:\Windows\System\nzblKYc.exe
  C:\Windows\System\nzblKYc.exe
  2⤵
  PID:6772
- C:\Windows\System\tJgQdJb.exe
  C:\Windows\System\tJgQdJb.exe
  2⤵
  PID:6868
- C:\Windows\System\TVnusHG.exe
  C:\Windows\System\TVnusHG.exe
  2⤵
  PID:6948
- C:\Windows\System\FTwMqmj.exe
  C:\Windows\System\FTwMqmj.exe
  2⤵
  PID:7016
- C:\Windows\System\KHnBJUv.exe
  C:\Windows\System\KHnBJUv.exe
  2⤵
  PID:6996
- C:\Windows\System\lqDHcBm.exe
  C:\Windows\System\lqDHcBm.exe
  2⤵
  PID:7068
- C:\Windows\System\PHkFkct.exe
  C:\Windows\System\PHkFkct.exe
  2⤵
  PID:4996
- C:\Windows\System\YKVKftU.exe
  C:\Windows\System\YKVKftU.exe
  2⤵
  PID:5564
- C:\Windows\System\EPbCXNG.exe
  C:\Windows\System\EPbCXNG.exe
  2⤵
  PID:6068
- C:\Windows\System\YKONrNW.exe
  C:\Windows\System\YKONrNW.exe
  2⤵
  PID:5600
- C:\Windows\System\xhoVUqk.exe
  C:\Windows\System\xhoVUqk.exe
  2⤵
  PID:5864
- C:\Windows\System\YpKtTLj.exe
  C:\Windows\System\YpKtTLj.exe
  2⤵
  PID:6168
- C:\Windows\System\anmstag.exe
  C:\Windows\System\anmstag.exe
  2⤵
  PID:6272
- C:\Windows\System\WWpZjtR.exe
  C:\Windows\System\WWpZjtR.exe
  2⤵
  PID:6412
- C:\Windows\System\QzLCcar.exe
  C:\Windows\System\QzLCcar.exe
  2⤵
  PID:6516
- C:\Windows\System\VdBQCSp.exe
  C:\Windows\System\VdBQCSp.exe
  2⤵
  PID:6616
- C:\Windows\System\KpnAiic.exe
  C:\Windows\System\KpnAiic.exe
  2⤵
  PID:6676
- C:\Windows\System\MUBkUTl.exe
  C:\Windows\System\MUBkUTl.exe
  2⤵
  PID:2804
- C:\Windows\System\lHeACAy.exe
  C:\Windows\System\lHeACAy.exe
  2⤵
  PID:6812
- C:\Windows\System\XGlmmwn.exe
  C:\Windows\System\XGlmmwn.exe
  2⤵
  PID:6968
- C:\Windows\System\ehubpvn.exe
  C:\Windows\System\ehubpvn.exe
  2⤵
  PID:7112
- C:\Windows\System\rDnzHGh.exe
  C:\Windows\System\rDnzHGh.exe
  2⤵
  PID:7092
- C:\Windows\System\lpYoCbD.exe
  C:\Windows\System\lpYoCbD.exe
  2⤵
  PID:5048
- C:\Windows\System\yCRXASk.exe
  C:\Windows\System\yCRXASk.exe
  2⤵
  PID:7180
- C:\Windows\System\uZynOXZ.exe
  C:\Windows\System\uZynOXZ.exe
  2⤵
  PID:7200
- C:\Windows\System\rcpJpHp.exe
  C:\Windows\System\rcpJpHp.exe
  2⤵
  PID:7220
- C:\Windows\System\ZBDWpuw.exe
  C:\Windows\System\ZBDWpuw.exe
  2⤵
  PID:7244
- C:\Windows\System\LySNSUs.exe
  C:\Windows\System\LySNSUs.exe
  2⤵
  PID:7264
- C:\Windows\System\aFAzbOC.exe
  C:\Windows\System\aFAzbOC.exe
  2⤵
  PID:7284
- C:\Windows\System\WDMUIby.exe
  C:\Windows\System\WDMUIby.exe
  2⤵
  PID:7304
- C:\Windows\System\UqmcYRx.exe
  C:\Windows\System\UqmcYRx.exe
  2⤵
  PID:7324
- C:\Windows\System\GMISUwm.exe
  C:\Windows\System\GMISUwm.exe
  2⤵
  PID:7344
- C:\Windows\System\eAWELUW.exe
  C:\Windows\System\eAWELUW.exe
  2⤵
  PID:7360
- C:\Windows\System\fyCnwqV.exe
  C:\Windows\System\fyCnwqV.exe
  2⤵
  PID:7384
- C:\Windows\System\GkssXCY.exe
  C:\Windows\System\GkssXCY.exe
  2⤵
  PID:7408
- C:\Windows\System\ioDDUGj.exe
  C:\Windows\System\ioDDUGj.exe
  2⤵
  PID:7428
- C:\Windows\System\dImEIjs.exe
  C:\Windows\System\dImEIjs.exe
  2⤵
  PID:7448
- C:\Windows\System\nJapxfF.exe
  C:\Windows\System\nJapxfF.exe
  2⤵
  PID:7468
- C:\Windows\System\RjJOcrV.exe
  C:\Windows\System\RjJOcrV.exe
  2⤵
  PID:7488
- C:\Windows\System\deUVbRx.exe
  C:\Windows\System\deUVbRx.exe
  2⤵
  PID:7508
- C:\Windows\System\loIhvao.exe
  C:\Windows\System\loIhvao.exe
  2⤵
  PID:7528
- C:\Windows\System\wWMnkid.exe
  C:\Windows\System\wWMnkid.exe
  2⤵
  PID:7548
- C:\Windows\System\AytdJpQ.exe
  C:\Windows\System\AytdJpQ.exe
  2⤵
  PID:7568
- C:\Windows\System\OQKAqUq.exe
  C:\Windows\System\OQKAqUq.exe
  2⤵
  PID:7588
- C:\Windows\System\yGqqIbL.exe
  C:\Windows\System\yGqqIbL.exe
  2⤵
  PID:7608
- C:\Windows\System\xfilNyK.exe
  C:\Windows\System\xfilNyK.exe
  2⤵
  PID:7628
- C:\Windows\System\TXUSZNE.exe
  C:\Windows\System\TXUSZNE.exe
  2⤵
  PID:7644
- C:\Windows\System\XwxDDSy.exe
  C:\Windows\System\XwxDDSy.exe
  2⤵
  PID:7668
- C:\Windows\System\FjnbyKJ.exe
  C:\Windows\System\FjnbyKJ.exe
  2⤵
  PID:7684
- C:\Windows\System\OyfVjVk.exe
  C:\Windows\System\OyfVjVk.exe
  2⤵
  PID:7708
- C:\Windows\System\nVVgUUf.exe
  C:\Windows\System\nVVgUUf.exe
  2⤵
  PID:7728
- C:\Windows\System\qjFeumv.exe
  C:\Windows\System\qjFeumv.exe
  2⤵
  PID:7748
- C:\Windows\System\MxPGHAg.exe
  C:\Windows\System\MxPGHAg.exe
  2⤵
  PID:7768
- C:\Windows\System\qZkbRVg.exe
  C:\Windows\System\qZkbRVg.exe
  2⤵
  PID:7788
- C:\Windows\System\KFVWmmy.exe
  C:\Windows\System\KFVWmmy.exe
  2⤵
  PID:7808
- C:\Windows\System\LFucqYN.exe
  C:\Windows\System\LFucqYN.exe
  2⤵
  PID:7828
- C:\Windows\System\unzAemG.exe
  C:\Windows\System\unzAemG.exe
  2⤵
  PID:7844
- C:\Windows\System\hgafZmR.exe
  C:\Windows\System\hgafZmR.exe
  2⤵
  PID:7864
- C:\Windows\System\OZnEgCC.exe
  C:\Windows\System\OZnEgCC.exe
  2⤵
  PID:7884
- C:\Windows\System\dWxZNhh.exe
  C:\Windows\System\dWxZNhh.exe
  2⤵
  PID:7904
- C:\Windows\System\KGdOPpX.exe
  C:\Windows\System\KGdOPpX.exe
  2⤵
  PID:7928
- C:\Windows\System\KWyJZFd.exe
  C:\Windows\System\KWyJZFd.exe
  2⤵
  PID:7952
- C:\Windows\System\AkzAOON.exe
  C:\Windows\System\AkzAOON.exe
  2⤵
  PID:7972
- C:\Windows\System\NuPeVqM.exe
  C:\Windows\System\NuPeVqM.exe
  2⤵
  PID:7988
- C:\Windows\System\AyajCDW.exe
  C:\Windows\System\AyajCDW.exe
  2⤵
  PID:8008
- C:\Windows\System\zpeSOUI.exe
  C:\Windows\System\zpeSOUI.exe
  2⤵
  PID:8032
- C:\Windows\System\JNoeSZm.exe
  C:\Windows\System\JNoeSZm.exe
  2⤵
  PID:8052
- C:\Windows\System\DCdJjwL.exe
  C:\Windows\System\DCdJjwL.exe
  2⤵
  PID:8072
- C:\Windows\System\FGBivGs.exe
  C:\Windows\System\FGBivGs.exe
  2⤵
  PID:8088
- C:\Windows\System\zTggiuY.exe
  C:\Windows\System\zTggiuY.exe
  2⤵
  PID:8112
- C:\Windows\System\rbiSqvC.exe
  C:\Windows\System\rbiSqvC.exe
  2⤵
  PID:8132
- C:\Windows\System\LCEleiz.exe
  C:\Windows\System\LCEleiz.exe
  2⤵
  PID:8152
- C:\Windows\System\fsVnNxg.exe
  C:\Windows\System\fsVnNxg.exe
  2⤵
  PID:8172
- C:\Windows\System\xkrJKWQ.exe
  C:\Windows\System\xkrJKWQ.exe
  2⤵
  PID:8188
- C:\Windows\System\nCtquAZ.exe
  C:\Windows\System\nCtquAZ.exe
  2⤵
  PID:5476
- C:\Windows\System\VNbzONG.exe
  C:\Windows\System\VNbzONG.exe
  2⤵
  PID:5800
- C:\Windows\System\ttecDXt.exe
  C:\Windows\System\ttecDXt.exe
  2⤵
  PID:6396
- C:\Windows\System\elPRTQD.exe
  C:\Windows\System\elPRTQD.exe
  2⤵
  PID:6512
- C:\Windows\System\cVSCphE.exe
  C:\Windows\System\cVSCphE.exe
  2⤵
  PID:6756
- C:\Windows\System\EpvMWSO.exe
  C:\Windows\System\EpvMWSO.exe
  2⤵
  PID:6916
- C:\Windows\System\oEnsAHH.exe
  C:\Windows\System\oEnsAHH.exe
  2⤵
  PID:7056
- C:\Windows\System\sNIxnya.exe
  C:\Windows\System\sNIxnya.exe
  2⤵
  PID:7128
- C:\Windows\System\TGvNpTB.exe
  C:\Windows\System\TGvNpTB.exe
  2⤵
  PID:7208
- C:\Windows\System\PryrIFc.exe
  C:\Windows\System\PryrIFc.exe
  2⤵
  PID:7192
- C:\Windows\System\NoTDAfE.exe
  C:\Windows\System\NoTDAfE.exe
  2⤵
  PID:7240
- C:\Windows\System\IPHNlvK.exe
  C:\Windows\System\IPHNlvK.exe
  2⤵
  PID:7276
- C:\Windows\System\PwDBuTG.exe
  C:\Windows\System\PwDBuTG.exe
  2⤵
  PID:7320
- C:\Windows\System\juJJDrZ.exe
  C:\Windows\System\juJJDrZ.exe
  2⤵
  PID:7368
- C:\Windows\System\ZAuVyJn.exe
  C:\Windows\System\ZAuVyJn.exe
  2⤵
  PID:7352
- C:\Windows\System\rvdfNbr.exe
  C:\Windows\System\rvdfNbr.exe
  2⤵
  PID:7404
- C:\Windows\System\UelSJma.exe
  C:\Windows\System\UelSJma.exe
  2⤵
  PID:7456
- C:\Windows\System\CFbrfTp.exe
  C:\Windows\System\CFbrfTp.exe
  2⤵
  PID:7504
- C:\Windows\System\MKilxti.exe
  C:\Windows\System\MKilxti.exe
  2⤵
  PID:7156
- C:\Windows\System\sAoHrBG.exe
  C:\Windows\System\sAoHrBG.exe
  2⤵
  PID:7576
- C:\Windows\System\PSrCxuE.exe
  C:\Windows\System\PSrCxuE.exe
  2⤵
  PID:7560
- C:\Windows\System\kqhrgFW.exe
  C:\Windows\System\kqhrgFW.exe
  2⤵
  PID:7620
- C:\Windows\System\wkwJFxh.exe
  C:\Windows\System\wkwJFxh.exe
  2⤵
  PID:7656
- C:\Windows\System\luCxfTF.exe
  C:\Windows\System\luCxfTF.exe
  2⤵
  PID:7700
- C:\Windows\System\aInoxdy.exe
  C:\Windows\System\aInoxdy.exe
  2⤵
  PID:7716
- C:\Windows\System\NQmWWhn.exe
  C:\Windows\System\NQmWWhn.exe
  2⤵
  PID:7776
- C:\Windows\System\iZFAVJu.exe
  C:\Windows\System\iZFAVJu.exe
  2⤵
  PID:7764
- C:\Windows\System\GEGxFGP.exe
  C:\Windows\System\GEGxFGP.exe
  2⤵
  PID:7820
- C:\Windows\System\nGTBJKM.exe
  C:\Windows\System\nGTBJKM.exe
  2⤵
  PID:7860
- C:\Windows\System\KVkQfmO.exe
  C:\Windows\System\KVkQfmO.exe
  2⤵
  PID:7900
- C:\Windows\System\uEWbqDo.exe
  C:\Windows\System\uEWbqDo.exe
  2⤵
  PID:7944
- C:\Windows\System\SQamCrA.exe
  C:\Windows\System\SQamCrA.exe
  2⤵
  PID:7980
- C:\Windows\System\igJxJFm.exe
  C:\Windows\System\igJxJFm.exe
  2⤵
  PID:7968
- C:\Windows\System\lrPNoqO.exe
  C:\Windows\System\lrPNoqO.exe
  2⤵
  PID:8028
- C:\Windows\System\RcNjrxn.exe
  C:\Windows\System\RcNjrxn.exe
  2⤵
  PID:8060
- C:\Windows\System\ziCdJVK.exe
  C:\Windows\System\ziCdJVK.exe
  2⤵
  PID:8096
- C:\Windows\System\rtRvwOB.exe
  C:\Windows\System\rtRvwOB.exe
  2⤵
  PID:8084
- C:\Windows\System\bWjNgpn.exe
  C:\Windows\System\bWjNgpn.exe
  2⤵
  PID:8148
- C:\Windows\System\gXftjdl.exe
  C:\Windows\System\gXftjdl.exe
  2⤵
  PID:8180
- C:\Windows\System\lMUfTqt.exe
  C:\Windows\System\lMUfTqt.exe
  2⤵
  PID:5616
- C:\Windows\System\oojpDwx.exe
  C:\Windows\System\oojpDwx.exe
  2⤵
  PID:6416
- C:\Windows\System\OAEoglH.exe
  C:\Windows\System\OAEoglH.exe
  2⤵
  PID:6252
- C:\Windows\System\VPFhgcy.exe
  C:\Windows\System\VPFhgcy.exe
  2⤵
  PID:6888
- C:\Windows\System\UxLyIdR.exe
  C:\Windows\System\UxLyIdR.exe
  2⤵
  PID:7036
- C:\Windows\System\aKcqdRO.exe
  C:\Windows\System\aKcqdRO.exe
  2⤵
  PID:7232
- C:\Windows\System\vNUKMFp.exe
  C:\Windows\System\vNUKMFp.exe
  2⤵
  PID:7136
- C:\Windows\System\gOtiqcv.exe
  C:\Windows\System\gOtiqcv.exe
  2⤵
  PID:7252
- C:\Windows\System\nCjIYZs.exe
  C:\Windows\System\nCjIYZs.exe
  2⤵
  PID:7416
- C:\Windows\System\hXUuewQ.exe
  C:\Windows\System\hXUuewQ.exe
  2⤵
  PID:7424
- C:\Windows\System\GrvPtLr.exe
  C:\Windows\System\GrvPtLr.exe
  2⤵
  PID:7440
- C:\Windows\System\wclIKpC.exe
  C:\Windows\System\wclIKpC.exe
  2⤵
  PID:7540
- C:\Windows\System\HiLMQvL.exe
  C:\Windows\System\HiLMQvL.exe
  2⤵
  PID:7556
- C:\Windows\System\uxOrEhk.exe
  C:\Windows\System\uxOrEhk.exe
  2⤵
  PID:7624
- C:\Windows\System\rlLJblw.exe
  C:\Windows\System\rlLJblw.exe
  2⤵
  PID:7652
- C:\Windows\System\qbMlDHF.exe
  C:\Windows\System\qbMlDHF.exe
  2⤵
  PID:7744
- C:\Windows\System\xWAxNKb.exe
  C:\Windows\System\xWAxNKb.exe
  2⤵
  PID:7796
- C:\Windows\System\oIkOwhW.exe
  C:\Windows\System\oIkOwhW.exe
  2⤵
  PID:2696
- C:\Windows\System\OqGxpNW.exe
  C:\Windows\System\OqGxpNW.exe
  2⤵
  PID:7804
- C:\Windows\System\Iicyfnk.exe
  C:\Windows\System\Iicyfnk.exe
  2⤵
  PID:7856
- C:\Windows\System\icsWYIa.exe
  C:\Windows\System\icsWYIa.exe
  2⤵
  PID:8020
- C:\Windows\System\DNUQhtb.exe
  C:\Windows\System\DNUQhtb.exe
  2⤵
  PID:8044
- C:\Windows\System\PFBdRAj.exe
  C:\Windows\System\PFBdRAj.exe
  2⤵
  PID:7996
- C:\Windows\System\TPMEcDy.exe
  C:\Windows\System\TPMEcDy.exe
  2⤵
  PID:6184
- C:\Windows\System\pkpaXHB.exe
  C:\Windows\System\pkpaXHB.exe
  2⤵
  PID:8100
- C:\Windows\System\yhFwwXP.exe
  C:\Windows\System\yhFwwXP.exe
  2⤵
  PID:2832
- C:\Windows\System\OeonLDr.exe
  C:\Windows\System\OeonLDr.exe
  2⤵
  PID:5412
- C:\Windows\System\QQXSMux.exe
  C:\Windows\System\QQXSMux.exe
  2⤵
  PID:7336
- C:\Windows\System\ogkyTTF.exe
  C:\Windows\System\ogkyTTF.exe
  2⤵
  PID:7280
- C:\Windows\System\AndttMQ.exe
  C:\Windows\System\AndttMQ.exe
  2⤵
  PID:2984
- C:\Windows\System\kkcViMf.exe
  C:\Windows\System\kkcViMf.exe
  2⤵
  PID:2108
- C:\Windows\System\UpyUClH.exe
  C:\Windows\System\UpyUClH.exe
  2⤵
  PID:7260
- C:\Windows\System\XPnPTYe.exe
  C:\Windows\System\XPnPTYe.exe
  2⤵
  PID:7604
- C:\Windows\System\iJvnDQi.exe
  C:\Windows\System\iJvnDQi.exe
  2⤵
  PID:7824
- C:\Windows\System\mQnmnCc.exe
  C:\Windows\System\mQnmnCc.exe
  2⤵
  PID:7936
- C:\Windows\System\gAFBsbH.exe
  C:\Windows\System\gAFBsbH.exe
  2⤵
  PID:3048
- C:\Windows\System\TZtKXKv.exe
  C:\Windows\System\TZtKXKv.exe
  2⤵
  PID:2120
- C:\Windows\System\AzycMiI.exe
  C:\Windows\System\AzycMiI.exe
  2⤵
  PID:1156
- C:\Windows\System\WVIMtsX.exe
  C:\Windows\System\WVIMtsX.exe
  2⤵
  PID:1588
- C:\Windows\System\iOmwtnF.exe
  C:\Windows\System\iOmwtnF.exe
  2⤵
  PID:8080
- C:\Windows\System\PPnjSeI.exe
  C:\Windows\System\PPnjSeI.exe
  2⤵
  PID:7616
- C:\Windows\System\ctdlBvt.exe
  C:\Windows\System\ctdlBvt.exe
  2⤵
  PID:7840
- C:\Windows\System\VYtUipA.exe
  C:\Windows\System\VYtUipA.exe
  2⤵
  PID:8064
- C:\Windows\System\WttFVSI.exe
  C:\Windows\System\WttFVSI.exe
  2⤵
  PID:6456
- C:\Windows\System\sbDDqYW.exe
  C:\Windows\System\sbDDqYW.exe
  2⤵
  PID:6752
- C:\Windows\System\lgYGkSr.exe
  C:\Windows\System\lgYGkSr.exe
  2⤵
  PID:2684
- C:\Windows\System\vjNTzWf.exe
  C:\Windows\System\vjNTzWf.exe
  2⤵
  PID:1328
- C:\Windows\System\rLGtrTc.exe
  C:\Windows\System\rLGtrTc.exe
  2⤵
  PID:1444
- C:\Windows\System\nAfeKaD.exe
  C:\Windows\System\nAfeKaD.exe
  2⤵
  PID:2180
- C:\Windows\System\kfoMOxx.exe
  C:\Windows\System\kfoMOxx.exe
  2⤵
  PID:1152
- C:\Windows\System\zFhvFXV.exe
  C:\Windows\System\zFhvFXV.exe
  2⤵
  PID:7212
- C:\Windows\System\bAoHPVv.exe
  C:\Windows\System\bAoHPVv.exe
  2⤵
  PID:7484
- C:\Windows\System\jmNoQPB.exe
  C:\Windows\System\jmNoQPB.exe
  2⤵
  PID:2188
- C:\Windows\System\UyZGXwG.exe
  C:\Windows\System\UyZGXwG.exe
  2⤵
  PID:8000
- C:\Windows\System\uIzkKVM.exe
  C:\Windows\System\uIzkKVM.exe
  2⤵
  PID:7960
- C:\Windows\System\NnbMgZp.exe
  C:\Windows\System\NnbMgZp.exe
  2⤵
  PID:7680
- C:\Windows\System\wOMqiWX.exe
  C:\Windows\System\wOMqiWX.exe
  2⤵
  PID:8160
- C:\Windows\System\uhEQVuo.exe
  C:\Windows\System\uhEQVuo.exe
  2⤵
  PID:7228
- C:\Windows\System\ArBZnvt.exe
  C:\Windows\System\ArBZnvt.exe
  2⤵
  PID:7740
- C:\Windows\System\kMISIyH.exe
  C:\Windows\System\kMISIyH.exe
  2⤵
  PID:1308
- C:\Windows\System\IcUSlCq.exe
  C:\Windows\System\IcUSlCq.exe
  2⤵
  PID:2144
- C:\Windows\System\eoCDYeY.exe
  C:\Windows\System\eoCDYeY.exe
  2⤵
  PID:6856
- C:\Windows\System\gKfEilR.exe
  C:\Windows\System\gKfEilR.exe
  2⤵
  PID:7256
- C:\Windows\System\xeNjnit.exe
  C:\Windows\System\xeNjnit.exe
  2⤵
  PID:7176
- C:\Windows\System\ofpTMhg.exe
  C:\Windows\System\ofpTMhg.exe
  2⤵
  PID:2080
- C:\Windows\System\mtgqJSH.exe
  C:\Windows\System\mtgqJSH.exe
  2⤵
  PID:3040
- C:\Windows\System\JSkphLD.exe
  C:\Windows\System\JSkphLD.exe
  2⤵
  PID:7912
- C:\Windows\System\xBjmsjT.exe
  C:\Windows\System\xBjmsjT.exe
  2⤵
  PID:6692
- C:\Windows\System\UWQFIer.exe
  C:\Windows\System\UWQFIer.exe
  2⤵
  PID:7272
- C:\Windows\System\lsvwmgp.exe
  C:\Windows\System\lsvwmgp.exe
  2⤵
  PID:2256
- C:\Windows\System\cUkRmfh.exe
  C:\Windows\System\cUkRmfh.exe
  2⤵
  PID:1644
- C:\Windows\System\PABhxbM.exe
  C:\Windows\System\PABhxbM.exe
  2⤵
  PID:2476
- C:\Windows\System\xccbIwC.exe
  C:\Windows\System\xccbIwC.exe
  2⤵
  PID:2876
- C:\Windows\System\CkzPzEY.exe
  C:\Windows\System\CkzPzEY.exe
  2⤵
  PID:8196
- C:\Windows\System\LdazHpj.exe
  C:\Windows\System\LdazHpj.exe
  2⤵
  PID:8216
- C:\Windows\System\KfSZSEg.exe
  C:\Windows\System\KfSZSEg.exe
  2⤵
  PID:8232
- C:\Windows\System\qhTYinm.exe
  C:\Windows\System\qhTYinm.exe
  2⤵
  PID:8248
- C:\Windows\System\QvuYcjl.exe
  C:\Windows\System\QvuYcjl.exe
  2⤵
  PID:8268
- C:\Windows\System\UfCPsxF.exe
  C:\Windows\System\UfCPsxF.exe
  2⤵
  PID:8328
- C:\Windows\System\eohzKYU.exe
  C:\Windows\System\eohzKYU.exe
  2⤵
  PID:8344
- C:\Windows\System\fcUryHd.exe
  C:\Windows\System\fcUryHd.exe
  2⤵
  PID:8360
- C:\Windows\System\oXDDFNL.exe
  C:\Windows\System\oXDDFNL.exe
  2⤵
  PID:8380
- C:\Windows\System\IXUjNls.exe
  C:\Windows\System\IXUjNls.exe
  2⤵
  PID:8404
- C:\Windows\System\zDMINnv.exe
  C:\Windows\System\zDMINnv.exe
  2⤵
  PID:8420
- C:\Windows\System\XYSrFcp.exe
  C:\Windows\System\XYSrFcp.exe
  2⤵
  PID:8436
- C:\Windows\System\KEfImOd.exe
  C:\Windows\System\KEfImOd.exe
  2⤵
  PID:8468
- C:\Windows\System\texoMjT.exe
  C:\Windows\System\texoMjT.exe
  2⤵
  PID:8484
- C:\Windows\System\JOLiStK.exe
  C:\Windows\System\JOLiStK.exe
  2⤵
  PID:8500
- C:\Windows\System\AZUmKqh.exe
  C:\Windows\System\AZUmKqh.exe
  2⤵
  PID:8516
- C:\Windows\System\KozluHF.exe
  C:\Windows\System\KozluHF.exe
  2⤵
  PID:8532
- C:\Windows\System\qFxhpTT.exe
  C:\Windows\System\qFxhpTT.exe
  2⤵
  PID:8548
- C:\Windows\System\zMUuKRU.exe
  C:\Windows\System\zMUuKRU.exe
  2⤵
  PID:8564
- C:\Windows\System\vmLaeAz.exe
  C:\Windows\System\vmLaeAz.exe
  2⤵
  PID:8584
- C:\Windows\System\jfRBupm.exe
  C:\Windows\System\jfRBupm.exe
  2⤵
  PID:8600
- C:\Windows\System\CyMitKp.exe
  C:\Windows\System\CyMitKp.exe
  2⤵
  PID:8616
- C:\Windows\System\dtvssUT.exe
  C:\Windows\System\dtvssUT.exe
  2⤵
  PID:8632
- C:\Windows\System\KvyFuth.exe
  C:\Windows\System\KvyFuth.exe
  2⤵
  PID:8648
- C:\Windows\System\DeCgSCW.exe
  C:\Windows\System\DeCgSCW.exe
  2⤵
  PID:8664
- C:\Windows\System\tfRgFiX.exe
  C:\Windows\System\tfRgFiX.exe
  2⤵
  PID:8680
- C:\Windows\System\eOIZuOp.exe
  C:\Windows\System\eOIZuOp.exe
  2⤵
  PID:8696
- C:\Windows\System\YPxrgKp.exe
  C:\Windows\System\YPxrgKp.exe
  2⤵
  PID:8712
- C:\Windows\System\pUCxbMZ.exe
  C:\Windows\System\pUCxbMZ.exe
  2⤵
  PID:8728
- C:\Windows\System\WQCWPSF.exe
  C:\Windows\System\WQCWPSF.exe
  2⤵
  PID:8744
- C:\Windows\System\QIwCgHN.exe
  C:\Windows\System\QIwCgHN.exe
  2⤵
  PID:8760
- C:\Windows\System\yUoFBcn.exe
  C:\Windows\System\yUoFBcn.exe
  2⤵
  PID:8776
- C:\Windows\System\OYAhZtl.exe
  C:\Windows\System\OYAhZtl.exe
  2⤵
  PID:8792
- C:\Windows\System\fFIjfrZ.exe
  C:\Windows\System\fFIjfrZ.exe
  2⤵
  PID:8808
- C:\Windows\System\wEVyOeR.exe
  C:\Windows\System\wEVyOeR.exe
  2⤵
  PID:8824
- C:\Windows\System\Oasvogr.exe
  C:\Windows\System\Oasvogr.exe
  2⤵
  PID:8840
- C:\Windows\System\vXnoYaM.exe
  C:\Windows\System\vXnoYaM.exe
  2⤵
  PID:8856
- C:\Windows\System\FebUCRg.exe
  C:\Windows\System\FebUCRg.exe
  2⤵
  PID:8872
- C:\Windows\System\ANSpNPf.exe
  C:\Windows\System\ANSpNPf.exe
  2⤵
  PID:8888
- C:\Windows\System\FaVgsZN.exe
  C:\Windows\System\FaVgsZN.exe
  2⤵
  PID:8904
- C:\Windows\System\UVEJsWs.exe
  C:\Windows\System\UVEJsWs.exe
  2⤵
  PID:8920
- C:\Windows\System\NWtWplH.exe
  C:\Windows\System\NWtWplH.exe
  2⤵
  PID:8936
- C:\Windows\System\vHMAwNr.exe
  C:\Windows\System\vHMAwNr.exe
  2⤵
  PID:8952
- C:\Windows\System\dISLrOQ.exe
  C:\Windows\System\dISLrOQ.exe
  2⤵
  PID:8968
- C:\Windows\System\xrMOXge.exe
  C:\Windows\System\xrMOXge.exe
  2⤵
  PID:8984
- C:\Windows\System\OBkjcIn.exe
  C:\Windows\System\OBkjcIn.exe
  2⤵
  PID:9000
- C:\Windows\System\yhrKWkT.exe
  C:\Windows\System\yhrKWkT.exe
  2⤵
  PID:9016
- C:\Windows\System\VarJktP.exe
  C:\Windows\System\VarJktP.exe
  2⤵
  PID:9032
- C:\Windows\System\ftSoYFL.exe
  C:\Windows\System\ftSoYFL.exe
  2⤵
  PID:9048
- C:\Windows\System\eYXqIHG.exe
  C:\Windows\System\eYXqIHG.exe
  2⤵
  PID:9068
- C:\Windows\System\qlwEPKw.exe
  C:\Windows\System\qlwEPKw.exe
  2⤵
  PID:9088
- C:\Windows\System\CidLEHP.exe
  C:\Windows\System\CidLEHP.exe
  2⤵
  PID:9108
- C:\Windows\System\RwtwCdO.exe
  C:\Windows\System\RwtwCdO.exe
  2⤵
  PID:9124
- C:\Windows\System\jKCjyCn.exe
  C:\Windows\System\jKCjyCn.exe
  2⤵
  PID:9140
- C:\Windows\System\DXmuKIW.exe
  C:\Windows\System\DXmuKIW.exe
  2⤵
  PID:9156
- C:\Windows\System\XTuhrvi.exe
  C:\Windows\System\XTuhrvi.exe
  2⤵
  PID:9172
- C:\Windows\System\iSgAcEz.exe
  C:\Windows\System\iSgAcEz.exe
  2⤵
  PID:9188
- C:\Windows\System\sxgLnRk.exe
  C:\Windows\System\sxgLnRk.exe
  2⤵
  PID:9204
- C:\Windows\System\aVrtcWW.exe
  C:\Windows\System\aVrtcWW.exe
  2⤵
  PID:2132
- C:\Windows\System\OtcdjJV.exe
  C:\Windows\System\OtcdjJV.exe
  2⤵
  PID:1288
- C:\Windows\System\MgTgcJT.exe
  C:\Windows\System\MgTgcJT.exe
  2⤵
  PID:8204
- C:\Windows\System\wSTIXSp.exe
  C:\Windows\System\wSTIXSp.exe
  2⤵
  PID:1336
- C:\Windows\System\UhJvvLJ.exe
  C:\Windows\System\UhJvvLJ.exe
  2⤵
  PID:8244
- C:\Windows\System\mUmZKCH.exe
  C:\Windows\System\mUmZKCH.exe
  2⤵
  PID:8288
- C:\Windows\System\hsyhNBw.exe
  C:\Windows\System\hsyhNBw.exe
  2⤵
  PID:8312
- C:\Windows\System\HJRJSOq.exe
  C:\Windows\System\HJRJSOq.exe
  2⤵
  PID:8292
- C:\Windows\System\vIUUASA.exe
  C:\Windows\System\vIUUASA.exe
  2⤵
  PID:7696
- C:\Windows\System\XjOYNwV.exe
  C:\Windows\System\XjOYNwV.exe
  2⤵
  PID:8260
- C:\Windows\System\iiqLRXe.exe
  C:\Windows\System\iiqLRXe.exe
  2⤵
  PID:2424
- C:\Windows\System\awIqBuC.exe
  C:\Windows\System\awIqBuC.exe
  2⤵
  PID:8388
- C:\Windows\System\AjwmKCJ.exe
  C:\Windows\System\AjwmKCJ.exe
  2⤵
  PID:8428
- C:\Windows\System\JXEWkwi.exe
  C:\Windows\System\JXEWkwi.exe
  2⤵
  PID:8452
- C:\Windows\System\zxETWPM.exe
  C:\Windows\System\zxETWPM.exe
  2⤵
  PID:8416
- C:\Windows\System\uymDGMR.exe
  C:\Windows\System\uymDGMR.exe
  2⤵
  PID:2628
- C:\Windows\System\lxwPcKk.exe
  C:\Windows\System\lxwPcKk.exe
  2⤵
  PID:8492
- C:\Windows\System\ijGNKhE.exe
  C:\Windows\System\ijGNKhE.exe
  2⤵
  PID:8544
- C:\Windows\System\lviHBjj.exe
  C:\Windows\System\lviHBjj.exe
  2⤵
  PID:8560
- C:\Windows\System\tfUYyQP.exe
  C:\Windows\System\tfUYyQP.exe
  2⤵
  PID:8624
- C:\Windows\System\NYwLvhx.exe
  C:\Windows\System\NYwLvhx.exe
  2⤵
  PID:8628
- C:\Windows\System\rDHMHgb.exe
  C:\Windows\System\rDHMHgb.exe
  2⤵
  PID:8708
- C:\Windows\System\NaALHIs.exe
  C:\Windows\System\NaALHIs.exe
  2⤵
  PID:8640
- C:\Windows\System\SpciBnl.exe
  C:\Windows\System\SpciBnl.exe
  2⤵
  PID:8752
- C:\Windows\System\emWQpTJ.exe
  C:\Windows\System\emWQpTJ.exe
  2⤵
  PID:8816
- C:\Windows\System\kvaXOeb.exe
  C:\Windows\System\kvaXOeb.exe
  2⤵
  PID:8916
- C:\Windows\System\FvmoUtb.exe
  C:\Windows\System\FvmoUtb.exe
  2⤵
  PID:8768
- C:\Windows\System\pHiXHmY.exe
  C:\Windows\System\pHiXHmY.exe
  2⤵
  PID:8804
- C:\Windows\System\EZQgZtl.exe
  C:\Windows\System\EZQgZtl.exe
  2⤵
  PID:8868
- C:\Windows\System\oHqcxZS.exe
  C:\Windows\System\oHqcxZS.exe
  2⤵
  PID:8960
- C:\Windows\System\ivGSXVs.exe
  C:\Windows\System\ivGSXVs.exe
  2⤵
  PID:9012
- C:\Windows\System\MWszksU.exe
  C:\Windows\System\MWszksU.exe
  2⤵
  PID:9028
- C:\Windows\System\MwTfyoG.exe
  C:\Windows\System\MwTfyoG.exe
  2⤵
  PID:9080
- C:\Windows\System\aTptBDc.exe
  C:\Windows\System\aTptBDc.exe
  2⤵
  PID:9120
- C:\Windows\System\iaXYMpA.exe
  C:\Windows\System\iaXYMpA.exe
  2⤵
  PID:8240
- C:\Windows\System\IyyVoSI.exe
  C:\Windows\System\IyyVoSI.exe
  2⤵
  PID:8128
- C:\Windows\System\sswlPgN.exe
  C:\Windows\System\sswlPgN.exe
  2⤵
  PID:9168
- C:\Windows\System\tvvZehV.exe
  C:\Windows\System\tvvZehV.exe
  2⤵
  PID:8400
- C:\Windows\System\KZNJgYp.exe
  C:\Windows\System\KZNJgYp.exe
  2⤵
  PID:9200
- C:\Windows\System\ZjcAhvJ.exe
  C:\Windows\System\ZjcAhvJ.exe
  2⤵
  PID:8284
- C:\Windows\System\NxxOpWd.exe
  C:\Windows\System\NxxOpWd.exe
  2⤵
  PID:8256
- C:\Windows\System\tMwXfZg.exe
  C:\Windows\System\tMwXfZg.exe
  2⤵
  PID:8464
- C:\Windows\System\pTlICMr.exe
  C:\Windows\System\pTlICMr.exe
  2⤵
  PID:8496
- C:\Windows\System\otklEll.exe
  C:\Windows\System\otklEll.exe
  2⤵
  PID:8688
- C:\Windows\System\euNJyMg.exe
  C:\Windows\System\euNJyMg.exe
  2⤵
  PID:8608
- C:\Windows\System\qivJnHR.exe
  C:\Windows\System\qivJnHR.exe
  2⤵
  PID:8724
- C:\Windows\System\dWjBoAD.exe
  C:\Windows\System\dWjBoAD.exe
  2⤵
  PID:8676
- C:\Windows\System\GFOXYRu.exe
  C:\Windows\System\GFOXYRu.exe
  2⤵
  PID:8912
- C:\Windows\System\rAcfdjR.exe
  C:\Windows\System\rAcfdjR.exe
  2⤵
  PID:8772
- C:\Windows\System\EwGDaxU.exe
  C:\Windows\System\EwGDaxU.exe
  2⤵
  PID:8836
- C:\Windows\System\aZQEYwY.exe
  C:\Windows\System\aZQEYwY.exe
  2⤵
  PID:8928
- C:\Windows\System\taQvGhK.exe
  C:\Windows\System\taQvGhK.exe
  2⤵
  PID:9116
- C:\Windows\System\gmlTDUZ.exe
  C:\Windows\System\gmlTDUZ.exe
  2⤵
  PID:8996
- C:\Windows\System\aOzerLD.exe
  C:\Windows\System\aOzerLD.exe
  2⤵
  PID:8884
- C:\Windows\System\mpOUPhe.exe
  C:\Windows\System\mpOUPhe.exe
  2⤵
  PID:8212
- C:\Windows\System\vTtyDii.exe
  C:\Windows\System\vTtyDii.exe
  2⤵
  PID:568
- C:\Windows\System\ZbAnEOB.exe
  C:\Windows\System\ZbAnEOB.exe
  2⤵
  PID:8356
- C:\Windows\System\xzpQziN.exe
  C:\Windows\System\xzpQziN.exe
  2⤵
  PID:8460
- C:\Windows\System\PpgExfO.exe
  C:\Windows\System\PpgExfO.exe
  2⤵
  PID:8508
- C:\Windows\System\bEkaLFO.exe
  C:\Windows\System\bEkaLFO.exe
  2⤵
  PID:8280
- C:\Windows\System\DtFYFPz.exe
  C:\Windows\System\DtFYFPz.exe
  2⤵
  PID:1632
- C:\Windows\System\pkVNoxy.exe
  C:\Windows\System\pkVNoxy.exe
  2⤵
  PID:8580
- C:\Windows\System\TSGZpcG.exe
  C:\Windows\System\TSGZpcG.exe
  2⤵
  PID:8740
- C:\Windows\System\OxRUjNp.exe
  C:\Windows\System\OxRUjNp.exe
  2⤵
  PID:9044
- C:\Windows\System\NqenDvU.exe
  C:\Windows\System\NqenDvU.exe
  2⤵
  PID:9024
- C:\Windows\System\xTzwWMc.exe
  C:\Windows\System\xTzwWMc.exe
  2⤵
  PID:8124
- C:\Windows\System\HcciAqr.exe
  C:\Windows\System\HcciAqr.exe
  2⤵
  PID:1172
- C:\Windows\System\kfgKYOa.exe
  C:\Windows\System\kfgKYOa.exe
  2⤵
  PID:5760
- C:\Windows\System\jpLSGcQ.exe
  C:\Windows\System\jpLSGcQ.exe
  2⤵
  PID:8980
- C:\Windows\System\vdxIWyq.exe
  C:\Windows\System\vdxIWyq.exe
  2⤵
  PID:8228
- C:\Windows\System\KvvDJvE.exe
  C:\Windows\System\KvvDJvE.exe
  2⤵
  PID:9008
- C:\Windows\System\mFptTSP.exe
  C:\Windows\System\mFptTSP.exe
  2⤵
  PID:8720
- C:\Windows\System\ktPlULP.exe
  C:\Windows\System\ktPlULP.exe
  2⤵
  PID:9228
- C:\Windows\System\tlzrayV.exe
  C:\Windows\System\tlzrayV.exe
  2⤵
  PID:9244
- C:\Windows\System\TTTsMfF.exe
  C:\Windows\System\TTTsMfF.exe
  2⤵
  PID:9260
- C:\Windows\System\upwlJJo.exe
  C:\Windows\System\upwlJJo.exe
  2⤵
  PID:9276
- C:\Windows\System\rOuAtVp.exe
  C:\Windows\System\rOuAtVp.exe
  2⤵
  PID:9292
- C:\Windows\System\OPQgADR.exe
  C:\Windows\System\OPQgADR.exe
  2⤵
  PID:9308
- C:\Windows\System\WGMIKGe.exe
  C:\Windows\System\WGMIKGe.exe
  2⤵
  PID:9324
- C:\Windows\System\XththWE.exe
  C:\Windows\System\XththWE.exe
  2⤵
  PID:9340
- C:\Windows\System\qcNNBQT.exe
  C:\Windows\System\qcNNBQT.exe
  2⤵
  PID:9356
- C:\Windows\System\vJuqbaM.exe
  C:\Windows\System\vJuqbaM.exe
  2⤵
  PID:9372
- C:\Windows\System\IUewJuL.exe
  C:\Windows\System\IUewJuL.exe
  2⤵
  PID:9388
- C:\Windows\System\eIdgQNd.exe
  C:\Windows\System\eIdgQNd.exe
  2⤵
  PID:9408
- C:\Windows\System\mVjtlFy.exe
  C:\Windows\System\mVjtlFy.exe
  2⤵
  PID:9424
- C:\Windows\System\CeDHxek.exe
  C:\Windows\System\CeDHxek.exe
  2⤵
  PID:9440
- C:\Windows\System\grIlASA.exe
  C:\Windows\System\grIlASA.exe
  2⤵
  PID:9456
- C:\Windows\System\auTBLdz.exe
  C:\Windows\System\auTBLdz.exe
  2⤵
  PID:9472
- C:\Windows\System\fcJBmgs.exe
  C:\Windows\System\fcJBmgs.exe
  2⤵
  PID:9488
- C:\Windows\System\qEbgcuy.exe
  C:\Windows\System\qEbgcuy.exe
  2⤵
  PID:9504
- C:\Windows\System\DxPZRVq.exe
  C:\Windows\System\DxPZRVq.exe
  2⤵
  PID:9520
- C:\Windows\System\XzjUpzf.exe
  C:\Windows\System\XzjUpzf.exe
  2⤵
  PID:9536
- C:\Windows\System\RHSlmea.exe
  C:\Windows\System\RHSlmea.exe
  2⤵
  PID:9552
- C:\Windows\System\yVvNPAK.exe
  C:\Windows\System\yVvNPAK.exe
  2⤵
  PID:9568
- C:\Windows\System\iWmvpRG.exe
  C:\Windows\System\iWmvpRG.exe
  2⤵
  PID:9592
- C:\Windows\System\WnbhMSv.exe
  C:\Windows\System\WnbhMSv.exe
  2⤵
  PID:9608
- C:\Windows\System\SbjYXVF.exe
  C:\Windows\System\SbjYXVF.exe
  2⤵
  PID:9624
- C:\Windows\System\eDHPdtf.exe
  C:\Windows\System\eDHPdtf.exe
  2⤵
  PID:9640
- C:\Windows\System\PNoFXBp.exe
  C:\Windows\System\PNoFXBp.exe
  2⤵
  PID:9656
- C:\Windows\System\srlwBTI.exe
  C:\Windows\System\srlwBTI.exe
  2⤵
  PID:9672
- C:\Windows\System\mAoAJmS.exe
  C:\Windows\System\mAoAJmS.exe
  2⤵
  PID:9688
- C:\Windows\System\cKiElht.exe
  C:\Windows\System\cKiElht.exe
  2⤵
  PID:9704
- C:\Windows\System\DSidSZW.exe
  C:\Windows\System\DSidSZW.exe
  2⤵
  PID:9720
- C:\Windows\System\uqoLJjo.exe
  C:\Windows\System\uqoLJjo.exe
  2⤵
  PID:9736
- C:\Windows\System\OTGIKhH.exe
  C:\Windows\System\OTGIKhH.exe
  2⤵
  PID:9756
- C:\Windows\System\WFrGcsK.exe
  C:\Windows\System\WFrGcsK.exe
  2⤵
  PID:9772
- C:\Windows\System\SoxqqJa.exe
  C:\Windows\System\SoxqqJa.exe
  2⤵
  PID:9900
- C:\Windows\System\wDzibCs.exe
  C:\Windows\System\wDzibCs.exe
  2⤵
  PID:9916
- C:\Windows\System\qXmejWB.exe
  C:\Windows\System\qXmejWB.exe
  2⤵
  PID:9932
- C:\Windows\System\DbmEwkz.exe
  C:\Windows\System\DbmEwkz.exe
  2⤵
  PID:9976
- C:\Windows\System\bvYWFwT.exe
  C:\Windows\System\bvYWFwT.exe
  2⤵
  PID:10000
- C:\Windows\System\cJgaIVB.exe
  C:\Windows\System\cJgaIVB.exe
  2⤵
  PID:10020
- C:\Windows\System\nitEtZC.exe
  C:\Windows\System\nitEtZC.exe
  2⤵
  PID:10044
- C:\Windows\System\CghvIJs.exe
  C:\Windows\System\CghvIJs.exe
  2⤵
  PID:10064
- C:\Windows\System\SkAvcfO.exe
  C:\Windows\System\SkAvcfO.exe
  2⤵
  PID:10092
- C:\Windows\System\BVPPAXJ.exe
  C:\Windows\System\BVPPAXJ.exe
  2⤵
  PID:10116
- C:\Windows\System\ErWNgVc.exe
  C:\Windows\System\ErWNgVc.exe
  2⤵
  PID:10132
- C:\Windows\System\vQrdAUp.exe
  C:\Windows\System\vQrdAUp.exe
  2⤵
  PID:10148
- C:\Windows\System\zvlwFNO.exe
  C:\Windows\System\zvlwFNO.exe
  2⤵
  PID:10164
- C:\Windows\System\heUrcds.exe
  C:\Windows\System\heUrcds.exe
  2⤵
  PID:10180
- C:\Windows\System\GOhduUs.exe
  C:\Windows\System\GOhduUs.exe
  2⤵
  PID:10196
- C:\Windows\System\qujoOuT.exe
  C:\Windows\System\qujoOuT.exe
  2⤵
  PID:10216
- C:\Windows\System\FzDSmoN.exe
  C:\Windows\System\FzDSmoN.exe
  2⤵
  PID:10236
- C:\Windows\System\NWMZncF.exe
  C:\Windows\System\NWMZncF.exe
  2⤵
  PID:9268
- C:\Windows\System\wNnPIbC.exe
  C:\Windows\System\wNnPIbC.exe
  2⤵
  PID:9240
- C:\Windows\System\fuksuGB.exe
  C:\Windows\System\fuksuGB.exe
  2⤵
  PID:8324
- C:\Windows\System\jKPPyAj.exe
  C:\Windows\System\jKPPyAj.exe
  2⤵
  PID:9320
- C:\Windows\System\QLbrYBw.exe
  C:\Windows\System\QLbrYBw.exe
  2⤵
  PID:9304
- C:\Windows\System\lcXmzgl.exe
  C:\Windows\System\lcXmzgl.exe
  2⤵
  PID:9336
- C:\Windows\System\FoMIkBg.exe
  C:\Windows\System\FoMIkBg.exe
  2⤵
  PID:9420
- C:\Windows\System\duBeKGi.exe
  C:\Windows\System\duBeKGi.exe
  2⤵
  PID:9580
- C:\Windows\System\TgBphTQ.exe
  C:\Windows\System\TgBphTQ.exe
  2⤵
  PID:9652
- C:\Windows\System\QFblYrT.exe
  C:\Windows\System\QFblYrT.exe
  2⤵
  PID:9744
- C:\Windows\System\gPdZTmM.exe
  C:\Windows\System\gPdZTmM.exe
  2⤵
  PID:9796
- C:\Windows\System\wSiNOaC.exe
  C:\Windows\System\wSiNOaC.exe
  2⤵
  PID:9812
- C:\Windows\System\lrtXitX.exe
  C:\Windows\System\lrtXitX.exe
  2⤵
  PID:9828
- C:\Windows\System\JDqUmPJ.exe
  C:\Windows\System\JDqUmPJ.exe
  2⤵
  PID:9844
- C:\Windows\System\EVPLwBp.exe
  C:\Windows\System\EVPLwBp.exe
  2⤵
  PID:9896
- C:\Windows\System\ApZTAmG.exe
  C:\Windows\System\ApZTAmG.exe
  2⤵
  PID:9880
- C:\Windows\System\PIfZhpX.exe
  C:\Windows\System\PIfZhpX.exe
  2⤵
  PID:9864
- C:\Windows\System\gYXbYRq.exe
  C:\Windows\System\gYXbYRq.exe
  2⤵
  PID:9832
- C:\Windows\System\uFFUiin.exe
  C:\Windows\System\uFFUiin.exe
  2⤵
  PID:9928
- C:\Windows\System\kSLlnSk.exe
  C:\Windows\System\kSLlnSk.exe
  2⤵
  PID:9956
- C:\Windows\System\kiJdWzF.exe
  C:\Windows\System\kiJdWzF.exe
  2⤵
  PID:9952
- C:\Windows\System\QcelDim.exe
  C:\Windows\System\QcelDim.exe
  2⤵
  PID:9996
- C:\Windows\System\FKEoXhp.exe
  C:\Windows\System\FKEoXhp.exe
  2⤵
  PID:10016
- C:\Windows\System\uyqfDZd.exe
  C:\Windows\System\uyqfDZd.exe
  2⤵
  PID:10032
- C:\Windows\System\ZvBUGgv.exe
  C:\Windows\System\ZvBUGgv.exe
  2⤵
  PID:10060
- C:\Windows\System\AVRXyXn.exe
  C:\Windows\System\AVRXyXn.exe
  2⤵
  PID:10056
- C:\Windows\System\YvPdwbH.exe
  C:\Windows\System\YvPdwbH.exe
  2⤵
  PID:10160
- C:\Windows\System\CbqvwSV.exe
  C:\Windows\System\CbqvwSV.exe
  2⤵
  PID:9076
- C:\Windows\System\VQmRCzG.exe
  C:\Windows\System\VQmRCzG.exe
  2⤵
  PID:8556
- C:\Windows\System\pEgvVgH.exe
  C:\Windows\System\pEgvVgH.exe
  2⤵
  PID:8932
- C:\Windows\System\OXiBPOv.exe
  C:\Windows\System\OXiBPOv.exe
  2⤵
  PID:9300
- C:\Windows\System\tMtwzoN.exe
  C:\Windows\System\tMtwzoN.exe
  2⤵
  PID:9480
- C:\Windows\System\BaqVfJC.exe
  C:\Windows\System\BaqVfJC.exe
  2⤵
  PID:9544
- C:\Windows\System\npPGjBJ.exe
  C:\Windows\System\npPGjBJ.exe
  2⤵
  PID:9560
- C:\Windows\System\DfYtaOh.exe
  C:\Windows\System\DfYtaOh.exe
  2⤵
  PID:9516
- C:\Windows\System\YxYJaaR.exe
  C:\Windows\System\YxYJaaR.exe
  2⤵
  PID:9752
- C:\Windows\System\kxDtyHK.exe
  C:\Windows\System\kxDtyHK.exe
  2⤵
  PID:9620
- C:\Windows\System\bUgWmJT.exe
  C:\Windows\System\bUgWmJT.exe
  2⤵
  PID:9668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AbsWNEg.exe

Filesize
6.0MB

MD5
abc862196ab7ca80d02956d9b01563ab

SHA1
74caa62a0d55304a44e88cd848975027791302f4

SHA256
82e0a607e9ba180fb64634d3ea585888f0b8fe1f2826011f29345cdecd54fb86

SHA512
787e5563b5c07f5c0c1a11152c524226740061664435f2ecf88747ee9782770c49509c0c2f697ad06f053bce39e1d73c9778a94c354dcfbc707b239c361e214b

Download Submit
C:\Windows\system\DFzLTAP.exe

Filesize
6.0MB

MD5
608c6d973bf0c6095630694719587aa3

SHA1
bff576606c3a40ab5d244a06f8eaf73c42f1aa1d

SHA256
1c5f24a2828f6eb4ebf770268d48b2a41307d06b3ffb66859042199df9af86b6

SHA512
5bda37aa30e9ebf8bacfd020f92c3a1036f1e3eb77bdb9403e92db8617685a85c81bd513901fc8ece5520e60184586601586a268cf26d3c6b31a6688fdbe4f6e

Download Submit
C:\Windows\system\DjkTshT.exe

Filesize
6.0MB

MD5
af4e430776eb84acfb70f39ce715e842

SHA1
5a56c221257835ef68278daab25113e92ae699b3

SHA256
468c326ab5898386faf25fcbc641de777eafe1281c2aee737f14e0ddbe1a5871

SHA512
685d53c82c2dc32459cef4eeaeea72f2a16b603b28e3d99d2083061ee45020a80120a00348529117677c79f303f67d7d059a30dc28b9e7eb6454b83bddd15fcc

Download Submit
C:\Windows\system\KxZYGeL.exe

Filesize
6.0MB

MD5
29af58261a761cc86a65b75225d72f32

SHA1
e457a9b0fd60ea6af7fcded85ef3fe969bee4be0

SHA256
c53770296a19f4e1ae8dfa809abde221d209ffb033c2dd7018de8b8c4ebdf20a

SHA512
e2ac1ca8d938708d2d4163eed7806e0027ea5f54fa2ea8fd4f18392ce4aead69603ca7100a54ef941ce1db987e492bb53230f9be24fb42699a620d4209c51a3e

Download Submit
C:\Windows\system\OTOWvON.exe

Filesize
6.0MB

MD5
972e0088925cafa1c993acaa25e37b99

SHA1
f66e58f5c469597313afc6cfea981785f153e44f

SHA256
febaa12760e9c90613d9c8ec80091a4ffe460821eb31b323cd121c92d9f4bb59

SHA512
d1fadb77a275a7291e5a5891feea2321223e3d3958099625530eb9d17e7cf5cff8830770d1ecfc1e4433742185e9cb9a6ccf6320a4785538149626faa4b75d50

Download Submit
C:\Windows\system\PWFOsga.exe

Filesize
6.0MB

MD5
474b3c2005982a1a8f85f775baadfc58

SHA1
958dd0567359fdf4e8c3b55b0614b8efc76c858a

SHA256
11b8ceaaaf5f091ce689378a6a50d2d8f7705bb14185790b411b2fbad7b68502

SHA512
1413a294004546dc0d69b9d13a68e3c33106dea57c7e05313c1757bba285fab8592fd065bc0699a53c88faa6ab12cb302308d757a211218799d34fdc0c361d30

Download Submit
C:\Windows\system\RerMRwH.exe

Filesize
6.0MB

MD5
0c85b9d2eca8d1e798df31124c9893ed

SHA1
c7cb415012cf8dd505154f30c5391c5f1076307d

SHA256
37d1d008d1acf3850955f4261e36ce2aca17baf9bad4b612d79016a4ec93c0bf

SHA512
9f5f1056720c31c808bbea43f32f2b1ec9e3740834ce73e3abadf22e42fa39a7bf729bfd5c8f94337dbd3a67660a23e7454f39ab529272d85e370ff862033952

Download Submit
C:\Windows\system\RtPSzIz.exe

Filesize
6.0MB

MD5
ddeb6d9a68810590fbf2c3e83d99a97f

SHA1
be6721590025634ad22fe3d08cff0384c6f17445

SHA256
b4fdac107b3847fd7cd1ed8442cee2dfab8b731b341bbab01737ed25da78a631

SHA512
57d462bc72feec87ebe78ce2a45816068df439d8ed32887f31944d68006346d022e99f5c3ba727f41386e605f82b26ed155f033d01e64a8db139f7715ceb77b6

Download Submit
C:\Windows\system\SxZlMfJ.exe

Filesize
6.0MB

MD5
7c41bb6898a50b9d226441e90c274bf0

SHA1
3367b29f7deed03b63f8aae03ea71586e7bbc880

SHA256
dc5188a021a5c4bdb5733c2f4f9ab1b6f0a4b95c2cb9d0402006c0d4deb4a5f0

SHA512
03e885e775e6ff42c41a83d31f6f6d247e2ac807b08b749e632c88f12e201520691f176e820bfe8e5d5834e5c1403162e264f3016bc4058c560ece61cd802f27

Download Submit
C:\Windows\system\VOdYJqA.exe

Filesize
6.0MB

MD5
07cd49ceb15b08e716424cc8ab43a835

SHA1
1b5ab0bf5fa71511bb78f346e9421bde8bf2cca4

SHA256
937f919b4762dbbcfb693906847ff53c0aeef2938cb9fe6a81cda51182c5fdf3

SHA512
1c5bcc2dd320096fd293d00efbfb7dcb4d8863bb444c7f59fc5e1396a0f377b57628700de7023012135b540b53339ec803559a885984dd88965a6a593603ce7a

Download Submit
C:\Windows\system\XXPexWx.exe

Filesize
6.0MB

MD5
a7b8fbf9ed8f62dc3b4b336ce8b86243

SHA1
b8366e7fc194ae8b21831db22e6a5c22beeecc7d

SHA256
b781c819c78b119cb09274253dba6094ec5ad3b55b89748623cc559c2cc2ccc7

SHA512
b962b945f69ba9f906f1acc07ba736a7b21caeeb5aaed4c48a2d8ce21f1df49e95712b61339923590d45b109568003ecc4a67337e286fdab26ac8bfaf7ce8041

Download Submit
C:\Windows\system\dSiOXjV.exe

Filesize
6.0MB

MD5
81e91f59675a9c2ca6f796bb880d3abe

SHA1
e7d88c4355420c4faede1731777c5f3bf90c6c06

SHA256
095a531d4fb7b049c5116a50851a4236e23dd62b353d75d15d8ff3057f23bf83

SHA512
9dc450f67f4be4000b9a9a78b55e21e661265ab531698501f0a8a7a8f0a08fe15b322ef4632db1ef90b8c0132a48779e006cbcd979c777d828203d1dc04d5e23

Download Submit
C:\Windows\system\htpxAer.exe

Filesize
6.0MB

MD5
77ee1238f99b65335577bf857d81afb8

SHA1
a9ee94126fe8918b257cb8b217b93e5bc0bbf0ae

SHA256
5c0f482e9c37ac843f6e6e2b0294e1d36713e0da148c6597b1ce143f4fc532b8

SHA512
da920bba09f9371e0b601f4b593d6fe731ebc3d6540337d9499d58b5b8a31f40ace5c4f8228f24391a43d14ae99231603947443844dd049a0c8d39de5f937c49

Download Submit
C:\Windows\system\lkAXPap.exe

Filesize
6.0MB

MD5
7c665ce33e18c755bf689e169d3c5e4a

SHA1
77e59923b52af4b6005fb83ee581501cf8d7d64b

SHA256
71797edb533f11bb45cc4725e31c11d67cf9c70ac4e36d071f4676396bbece04

SHA512
a9dc270c1c30af8b3fda667178088dcc1053b2edd565c1bbffe7b17ddc25b76ccaa0cb60984b5b3b8a3238fd38a24d9c17a6a26548bddb89576fb395d97970c1

Download Submit
C:\Windows\system\maObjHM.exe

Filesize
6.0MB

MD5
dddecfd70d8b23b4e6b5dacfdd49791b

SHA1
b86e5d21c67e76f5846214437590ebeda330e08c

SHA256
d4c1ad038ed6e83e0c2b507216f4aa9bd661dd7cc0779344c6eccd7308278b01

SHA512
5f8146faa9f91da4018a1f43dd59acae499c30ec13eea63fd3768a6e2b7591deaebec16c4d0196eb93c836d187f7a81d6933d6955a06dede8f94109109c79a7f

Download Submit
C:\Windows\system\nDeCPfe.exe

Filesize
6.0MB

MD5
1968fbfd6ae57e4299efc248bc1fe2cd

SHA1
b0b0c954f21259f776fb137e0534b958c5f62c4e

SHA256
46575891ce9271b1568bfd2baa62cfb0d8a5a46983dbb990d8a3a64d86d59c21

SHA512
3060de99582f3d65225190ebd0af565278800f1803b8dfcf900b9f5c62686d0f34fffbc679a336e654410ff99e29d170ef13f8fd157aa3a56a3acd7116ec7529

Download Submit
C:\Windows\system\nsOcWHB.exe

Filesize
6.0MB

MD5
0ab800ce903754e27a26bfff3f5f29dc

SHA1
0b1420784b34094f9d3df95aedbb9aa2865c2cce

SHA256
e73c436550d869f840acc5457ec6e73eea2e1b300e6bf9564e86b29e555c4a46

SHA512
fa19ecb7734bdabb6c946286aa3e902eed623ff410fe4ea220f7a7bec6b848d0faf55d885284a3336fc0c07c39d3cbf2bf264af99247d8e86bfab64ace1894a9

Download Submit
C:\Windows\system\ooNeZlU.exe

Filesize
6.0MB

MD5
e1eb06549966cd734410d1c1b6bfe898

SHA1
e527336d4a2865ff2a3b77c23f345d731448c3c0

SHA256
6cd5909b036e7623841d689daa8be9544f3c02077efbe4bbc62b014d889208cd

SHA512
c317ea21505c30bc0bc6eaacbd5b3631644f969df02f5c11f3f6f0675eb2e8e6a586d7e9b1ca4812a1414c32d3c2171b1797637409d072b3c7ee4161283beafb

Download Submit
C:\Windows\system\pfTZinv.exe

Filesize
6.0MB

MD5
19bfadb6f77f6ee7c45f8123dfa937d1

SHA1
4eed641c804d9ddfd382287a449187dc40834d08

SHA256
eced28b57b1a472118858a9cf2874182c50208f310634e05cf5178270d5b0d3a

SHA512
cf2f013e9e20acdaa12c064c85e461327a2155b67a97f6a66fe400e0662b9e30875506e2996beacfc42b5046a7e687bbcfbdb489e8d93a0eb05c90f39914c9cf

Download Submit
C:\Windows\system\rjqjTwX.exe

Filesize
6.0MB

MD5
c8983c6ebf37eb63f90ce984cc040272

SHA1
9ede955af75912bba3c90247cb5209c0b1100d08

SHA256
a57bbe413e4ac1d56a764c47a396c34d0a4702d75ed377b37a035a5df54e5ffa

SHA512
b6576f9949c30e0373aa43060909711d24cdc08377c91ec3d7be3e38825d7b2674221c41a62b3dcf62f94fb37da64f7f0963933711e605a960f88951ea82afe6

Download Submit
C:\Windows\system\sVEBefS.exe

Filesize
6.0MB

MD5
3e06af9422f4af21c2d5f8826c60d3a6

SHA1
d0e0275f0a7d87c35f52be204673f98012fbc5d5

SHA256
03fbb8cbe50163982d4d7ebaa769c0b30eb1db664b46eabdeae25822d290732c

SHA512
63b0b4aed71ced3a005071c32b2f33956e618940b7c938ea3208c2731e627cc698f59bae803465b4bcecd062624926abafc8ff0aa9f3f53cfb4658d99be21719

Download Submit
C:\Windows\system\spqfmQM.exe

Filesize
6.0MB

MD5
8b9de5482749512b3b9b7578850f8a76

SHA1
6fa9fba6fb61a3c22c7cf991a01806337d1bda9b

SHA256
0979822ddc577a23962fc5e9434da49a099178a68b3eab0c9f7982d6583ca62e

SHA512
158f69edb90a28ecac40f2b5243825dc8ce5496885364d4d65cd210c00688c3a3c50da956e9dd95f729b4700694b2e720c0b3feb74e078f961688a544117463f

Download Submit
C:\Windows\system\tappDDj.exe

Filesize
6.0MB

MD5
7644b894401c72e6ccda6c5ced51b108

SHA1
c049c51e31dac03c76c4f2a7680365cfb4d72980

SHA256
d3dfa6ae277b2364d99b830dfae862c903c80fa7bdf388b2f5502ffd2ff8d85b

SHA512
231c7a1705794af3f2d3c5f11bf563f5550be0b15b212a32299a6c774ffc297828c22044dc1f6dd518fba20ece62a03e385d43802cbdff23ac015865eececd98

Download Submit
C:\Windows\system\vrUZruc.exe

Filesize
6.0MB

MD5
3779d46ae347dd0572449a15a2bdecf2

SHA1
b41f82c9d1c5a2b68da9850252640813239d3b65

SHA256
1decbdfebda617712d6b3b41f401e6974b19f9360fffde80493154634106e3fa

SHA512
053c2853d1dfd7a0e2636934967095d371b736b0a36eaf2737384522f78f3a225f6dd16500df9620013ac361a484adc6cd51fb0ef63ff66501e699ffca6c8a20

Download Submit
C:\Windows\system\vwlQitV.exe

Filesize
6.0MB

MD5
7f370ad82acb4883de2044835cc4d14a

SHA1
b901e5d0d7993f0ed819e8f02b339b0e05861a63

SHA256
2950dac4f001e9930d531043ddd757427b9be125238779ca3ec03ce807496048

SHA512
b4c54ad5f66892615c132880fb51a7ca2c8ffac94689f19b7ddc36f8dfb5424e724b824cb749762e96c26e5fb423f62222f1a25f707d43ae04d5180ad2d0cea1

Download Submit
C:\Windows\system\wRGBcXT.exe

Filesize
6.0MB

MD5
5c8e83ada45c438d71399b6c9ba8a63e

SHA1
18ea6e29b6733ed4872cdbfa38843ef006b72ab2

SHA256
f77b43ac1c6cf10b61b57632dc14e5b174868c2d4fce936b751e36857873fd1d

SHA512
4aeca9cfb6c44d6cd062d9b3103b8b4bbcdf37de6d5c231e3dac0e306b58f2066c963f99d496d578051e5f83b68c7990ed2b5ee4a644b0c84498625afebb873e

Download Submit
\Windows\system\ChExTMi.exe

Filesize
6.0MB

MD5
6f18acc97646d119c2d6220c44db7167

SHA1
9ff1606ad5a6aae2ebd786600c01301dd48f8f01

SHA256
c3b1f6f60515daba12ec0707a9b75465a2353c94687b466423b159474b89d6a8

SHA512
dd9b67e74a124a4c1149afda24275ceb80dc5fab9d39a4a0cc70217e125e743d4f19dbc6741a15ba0b9a940057d0f0304b37d69bb6616343a393f1c4a0f5bba1

Download Submit
\Windows\system\JKkbgVB.exe

Filesize
6.0MB

MD5
d4ad2024f15307b7278af93d7e4ff2be

SHA1
f42e1e47f168c78fa75043bac522be73a48b160d

SHA256
30e8242d25c2bacdca624a2c816c4acb4948dddfdaf6641ba9cf40669a60c800

SHA512
7898e95c50cfc0a564ab6b35016b2f71ad6ea6a1d3d03d34fe8bb04fe5f70a75738e5e21b8c4b2f4a7e9b347dbe027d7a8e150a5a96a3dd6e50b2bcc878ffcbb

Download Submit
\Windows\system\OPltmtx.exe

Filesize
6.0MB

MD5
f32babd1b55cdf1144956ffb393d4585

SHA1
fcf01ec1df89311ed2ef2e968c70febe57107fac

SHA256
12fd96e4a5634b08ff3fbb6d9bc7702e1635ec8a4922a1519852a693b74f09c7

SHA512
1073c45b0caca2ca213aea8cf4ce0429e2b0ca97bceb13dd722826072f65dff8107105a7e8367eb8f243dfaef59aa004c8c539993d6f2152153bf20d3d69426e

Download Submit
\Windows\system\VwuLoAu.exe

Filesize
6.0MB

MD5
70ae8eb39b8c7fe2d1d8dd7c428d7453

SHA1
ceefaf6b45937313ae14c6a335faaa3ab999626d

SHA256
f60f673291f6e9801271021e1877175df776d6a27eb8abd36b3d45b17fd058f3

SHA512
3c3d4cde49cf7e550e78e5771ec8a4887f5868556a04ddbc368fc049feb15d034f6396107a60092564ca85b31ea1e2361641d2f67dc9e12b3238129a58dfce07

Download Submit
\Windows\system\kmBgIxp.exe

Filesize
6.0MB

MD5
6612619cfb773c87e5288649c6d9b526

SHA1
50463f2b733a766da5bc317ab233a52202beae25

SHA256
95ca712df69ca258b4a493adb97617a2a119f5e82a6c58d7170a1cce1c3716ba

SHA512
5ccec941c9d960cb4c79a3d8cc0798cffadd6caf187b38ce981ec910a421cde86050b63317b3c87bcd3d143c26f9ecda43318d69954280fe5149fb0646aac1e3

Download Submit
\Windows\system\oQTbJSd.exe

Filesize
6.0MB

MD5
447a5d21d3b3354249153e21eb60c352

SHA1
fc3a8571a124df32ce9197eefb86be325a1528c7

SHA256
072fdb8d168b24462b80a67bf69837d08563361217d4d5cd6df589a0efc9dac8

SHA512
09d3b6d61614620188f675d4142f63c99bc540b2dbb8381163aee2c9f134dbdf628e5735626e43df2f784945a06485e1df1bd50a6272841550986fb515a2f1ee

Download Submit
memory/672-4011-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/672-20-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/924-87-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/924-4014-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/956-101-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/956-4012-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/996-4010-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/996-82-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1320-94-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1744-52-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-0-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/1744-48-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/1744-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/1744-53-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1744-491-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1744-50-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/1744-282-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-1038-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/1744-34-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/1744-37-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/1744-17-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-23-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-102-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/1744-67-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-100-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/1744-107-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-93-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1744-81-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1744-64-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/1744-1309-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-83-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2288-371-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-70-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2288-4013-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-4009-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-19-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-4015-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2412-58-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2660-65-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2660-4007-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2664-49-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2664-4008-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2772-84-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2772-40-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2772-4017-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2840-35-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3949-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-28-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-21-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download