cobaltstrike | 582f2eb62b35d3d090c9648168f5b1a473d7c9bbc91a1f2d3f2e0548633380c3

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/12/2024, 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b83583a1c425f5a865a55e924696e60c
SHA1

2db9372b469fa68effcfe0f480131521d1b0ead8
SHA256

582f2eb62b35d3d090c9648168f5b1a473d7c9bbc91a1f2d3f2e0548633380c3
SHA512

570f8f8ade3f0d11458d065f3c9422d9da1577a484629a0b4238728a45e84b2fab758446ba998b48208d33bd2bdd839ee382d8fe5b3fd50859b2972744885b3b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUg:T+q56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a0000000120d6-3.dat	cobalt_reflective_dll
behavioral1/files/0x000f000000018683-10.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018697-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018706-21.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001871c-28.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017570-38.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f9-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019518-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019647-199.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019645-195.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a8-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019543-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019535-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952e-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952b-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019520-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019510-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019508-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e1-139.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d5-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c3-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019428-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193dc-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d0-87.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-79.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-72.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018d83-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018745-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018be7-57.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2236-0-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x000a0000000120d6-3.dat	xmrig
behavioral1/memory/2460-9-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x000f000000018683-10.dat	xmrig
behavioral1/memory/2540-14-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018697-12.dat	xmrig
behavioral1/files/0x0007000000018706-21.dat	xmrig
behavioral1/memory/2084-27-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2120-20-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x000600000001871c-28.dat	xmrig
behavioral1/memory/2236-18-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
behavioral1/memory/2236-25-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2236-36-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2524-37-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0009000000017570-38.dat	xmrig
behavioral1/memory/1512-43-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2120-58-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2784-51-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x00050000000193f9-101.dat	xmrig
behavioral1/memory/1048-107-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019426-114.dat	xmrig
behavioral1/files/0x0005000000019518-159.dat	xmrig
behavioral1/memory/1048-1441-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2652-1163-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2632-846-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2360-552-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2848-288-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x0005000000019647-199.dat	xmrig
behavioral1/files/0x0005000000019645-195.dat	xmrig
behavioral1/files/0x00050000000195a8-189.dat	xmrig
behavioral1/files/0x0005000000019543-184.dat	xmrig
behavioral1/files/0x0005000000019535-179.dat	xmrig
behavioral1/files/0x000500000001952e-174.dat	xmrig
behavioral1/files/0x000500000001952b-169.dat	xmrig
behavioral1/files/0x0005000000019520-164.dat	xmrig
behavioral1/files/0x0005000000019510-154.dat	xmrig
behavioral1/files/0x0005000000019508-149.dat	xmrig
behavioral1/files/0x0005000000019502-144.dat	xmrig
behavioral1/files/0x00050000000194e1-139.dat	xmrig
behavioral1/files/0x00050000000194d5-134.dat	xmrig
behavioral1/files/0x00050000000194c3-129.dat	xmrig
behavioral1/files/0x00050000000194ad-124.dat	xmrig
behavioral1/files/0x0005000000019428-119.dat	xmrig
behavioral1/memory/2296-106-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2652-98-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2780-97-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x00050000000193dc-96.dat	xmrig
behavioral1/memory/2632-89-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2784-88-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x00050000000193d0-87.dat	xmrig
behavioral1/memory/2360-81-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/1512-80-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/files/0x00050000000193cc-79.dat	xmrig
behavioral1/memory/2848-73-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x000500000001939f-72.dat	xmrig
behavioral1/memory/2296-67-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2084-66-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x0008000000018d83-65.dat	xmrig
behavioral1/memory/2540-50-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018745-49.dat	xmrig
behavioral1/memory/2780-59-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x0007000000018be7-57.dat	xmrig
behavioral1/memory/2540-3567-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2460-3566-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2460	PiMuIEl.exe
2540	IyYDhZh.exe
2120	dNCTAWw.exe
2084	eHLzGAp.exe
2524	KRbVxUn.exe
1512	VDLlTeW.exe
2784	hLrdzYp.exe
2780	SHRxCNI.exe
2296	jpqPeAu.exe
2848	VbHQVmv.exe
2360	NZSuFBX.exe
2632	XhyrWxI.exe
2652	cdADEkG.exe
1048	BJgMzFy.exe
1608	DfYNMrT.exe
1896	mIysiqw.exe
1936	gmBMLGK.exe
1504	fmhHEEA.exe
1728	hbATNJe.exe
1700	uGlCTBr.exe
1636	Dwmrpiw.exe
1440	cWbtont.exe
1432	TZXKLcU.exe
2888	QTDLwwF.exe
2772	eFQkuRo.exe
2916	Fzwjtvu.exe
2412	toUrDAj.exe
2884	NHqdfHm.exe
2148	aaRKMnD.exe
404	UjgVJyg.exe
2140	dbqbvZK.exe
2472	jhTTJNc.exe
956	DACEDfH.exe
1808	LVqZGNZ.exe
2124	LUiEEPi.exe
1672	LMXJIQd.exe
1660	vaWTiXg.exe
848	lebilws.exe
1520	DarZJWz.exe
1764	yvJssxF.exe
976	yczLZre.exe
1756	pkzyuCJ.exe
292	VfbfPwi.exe
1240	haUkjgl.exe
2444	XYQYToZ.exe
796	DwRkLsH.exe
1040	PLOxlzI.exe
1264	NhzUbUw.exe
3004	jzyCfEA.exe
2468	fFTBpSY.exe
2260	KjAsuzp.exe
1184	WPlGbVM.exe
1680	WFelvqP.exe
2076	YIPwHui.exe
2500	iymjpHR.exe
2060	cSytaBr.exe
2344	uFKLTPc.exe
2720	vOxHPGt.exe
2700	bFtTlXH.exe
2692	zxFOFhj.exe
2748	zahPDAu.exe
2640	XBbWJir.exe
1328	ACAfiiU.exe
2324	FpOenoZ.exe

Loads dropped DLL 64 IoCs

pid	Process
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2236-0-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x000a0000000120d6-3.dat	upx
behavioral1/memory/2460-9-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x000f000000018683-10.dat	upx
behavioral1/memory/2540-14-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x0006000000018697-12.dat	upx
behavioral1/files/0x0007000000018706-21.dat	upx
behavioral1/memory/2084-27-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2120-20-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x000600000001871c-28.dat	upx
behavioral1/memory/2236-36-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2524-37-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0009000000017570-38.dat	upx
behavioral1/memory/1512-43-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2120-58-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2784-51-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x00050000000193f9-101.dat	upx
behavioral1/memory/1048-107-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x0005000000019426-114.dat	upx
behavioral1/files/0x0005000000019518-159.dat	upx
behavioral1/memory/1048-1441-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2652-1163-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2632-846-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2360-552-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2848-288-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x0005000000019647-199.dat	upx
behavioral1/files/0x0005000000019645-195.dat	upx
behavioral1/files/0x00050000000195a8-189.dat	upx
behavioral1/files/0x0005000000019543-184.dat	upx
behavioral1/files/0x0005000000019535-179.dat	upx
behavioral1/files/0x000500000001952e-174.dat	upx
behavioral1/files/0x000500000001952b-169.dat	upx
behavioral1/files/0x0005000000019520-164.dat	upx
behavioral1/files/0x0005000000019510-154.dat	upx
behavioral1/files/0x0005000000019508-149.dat	upx
behavioral1/files/0x0005000000019502-144.dat	upx
behavioral1/files/0x00050000000194e1-139.dat	upx
behavioral1/files/0x00050000000194d5-134.dat	upx
behavioral1/files/0x00050000000194c3-129.dat	upx
behavioral1/files/0x00050000000194ad-124.dat	upx
behavioral1/files/0x0005000000019428-119.dat	upx
behavioral1/memory/2296-106-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2652-98-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2780-97-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x00050000000193dc-96.dat	upx
behavioral1/memory/2632-89-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2784-88-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x00050000000193d0-87.dat	upx
behavioral1/memory/2360-81-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/1512-80-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x00050000000193cc-79.dat	upx
behavioral1/memory/2848-73-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x000500000001939f-72.dat	upx
behavioral1/memory/2296-67-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2084-66-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x0008000000018d83-65.dat	upx
behavioral1/memory/2540-50-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x0006000000018745-49.dat	upx
behavioral1/memory/2780-59-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x0007000000018be7-57.dat	upx
behavioral1/memory/2540-3567-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2460-3566-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2084-3565-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/1512-3595-0x000000013F800000-0x000000013FB54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\puhbLoe.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPGoxcT.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sIPGMfE.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\myojESB.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TVArevR.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tJrHIdi.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sFjKhJp.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OetxZzK.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\puwqmNO.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SurYLNh.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GbXdleX.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhgnNvr.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DurILXT.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GtiUkUB.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BEXJRlp.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cuDFKqE.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zOiRZgb.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nisXEtn.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OGLdNzX.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fPFIsOZ.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oQfGjUH.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffBSALh.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jtAkjZB.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cpuJDKr.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YmhIryH.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AhiTyYW.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ySVOteb.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pLzRbRi.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qlNplMH.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gEeErGZ.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFVrNNl.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RoVZoCS.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwqJJBT.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lkmwmsl.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\obBmFqB.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sonMzLs.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iuMYRKj.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IgzQFPT.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SDDPrGy.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\etwnCGm.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\veSxjUB.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HNfIIBe.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFhhIRR.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oVDVPKG.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZcPmsrX.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GlHrjka.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHpVFGK.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDzKMIU.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWqAylo.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BIFiANs.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AdXzXrC.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DzLSqIy.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MQlpSQu.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rXweUvT.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQuhAag.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iXIuBDn.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrSsSga.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kTakDZv.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zXFrhYh.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDiDDnb.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JiTCkZt.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qKFtoGq.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtaRZIO.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VKwzieb.exe	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2460	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2236 wrote to memory of 2460	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2236 wrote to memory of 2460	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2236 wrote to memory of 2540	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2236 wrote to memory of 2540	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2236 wrote to memory of 2540	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2236 wrote to memory of 2120	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2236 wrote to memory of 2120	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2236 wrote to memory of 2120	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2236 wrote to memory of 2084	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2236 wrote to memory of 2084	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2236 wrote to memory of 2084	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2236 wrote to memory of 2524	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2236 wrote to memory of 2524	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2236 wrote to memory of 2524	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2236 wrote to memory of 1512	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2236 wrote to memory of 1512	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2236 wrote to memory of 1512	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2236 wrote to memory of 2784	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2236 wrote to memory of 2784	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2236 wrote to memory of 2784	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2236 wrote to memory of 2780	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2236 wrote to memory of 2780	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2236 wrote to memory of 2780	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2236 wrote to memory of 2296	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2236 wrote to memory of 2296	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2236 wrote to memory of 2296	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2236 wrote to memory of 2848	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2236 wrote to memory of 2848	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2236 wrote to memory of 2848	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2236 wrote to memory of 2360	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2236 wrote to memory of 2360	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2236 wrote to memory of 2360	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2236 wrote to memory of 2632	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2236 wrote to memory of 2632	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2236 wrote to memory of 2632	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2236 wrote to memory of 2652	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2236 wrote to memory of 2652	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2236 wrote to memory of 2652	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2236 wrote to memory of 1048	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2236 wrote to memory of 1048	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2236 wrote to memory of 1048	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2236 wrote to memory of 1608	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2236 wrote to memory of 1608	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2236 wrote to memory of 1608	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2236 wrote to memory of 1896	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2236 wrote to memory of 1896	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2236 wrote to memory of 1896	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2236 wrote to memory of 1936	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2236 wrote to memory of 1936	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2236 wrote to memory of 1936	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2236 wrote to memory of 1504	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2236 wrote to memory of 1504	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2236 wrote to memory of 1504	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2236 wrote to memory of 1728	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2236 wrote to memory of 1728	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2236 wrote to memory of 1728	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2236 wrote to memory of 1700	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2236 wrote to memory of 1700	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2236 wrote to memory of 1700	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2236 wrote to memory of 1636	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2236 wrote to memory of 1636	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2236 wrote to memory of 1636	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2236 wrote to memory of 1440	2236	2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-27_b83583a1c425f5a865a55e924696e60c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\System\PiMuIEl.exe
  C:\Windows\System\PiMuIEl.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\IyYDhZh.exe
  C:\Windows\System\IyYDhZh.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\dNCTAWw.exe
  C:\Windows\System\dNCTAWw.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\eHLzGAp.exe
  C:\Windows\System\eHLzGAp.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\KRbVxUn.exe
  C:\Windows\System\KRbVxUn.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\VDLlTeW.exe
  C:\Windows\System\VDLlTeW.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\hLrdzYp.exe
  C:\Windows\System\hLrdzYp.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\SHRxCNI.exe
  C:\Windows\System\SHRxCNI.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\jpqPeAu.exe
  C:\Windows\System\jpqPeAu.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\VbHQVmv.exe
  C:\Windows\System\VbHQVmv.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\NZSuFBX.exe
  C:\Windows\System\NZSuFBX.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\XhyrWxI.exe
  C:\Windows\System\XhyrWxI.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\cdADEkG.exe
  C:\Windows\System\cdADEkG.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\BJgMzFy.exe
  C:\Windows\System\BJgMzFy.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\DfYNMrT.exe
  C:\Windows\System\DfYNMrT.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\mIysiqw.exe
  C:\Windows\System\mIysiqw.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\gmBMLGK.exe
  C:\Windows\System\gmBMLGK.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\fmhHEEA.exe
  C:\Windows\System\fmhHEEA.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\hbATNJe.exe
  C:\Windows\System\hbATNJe.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\uGlCTBr.exe
  C:\Windows\System\uGlCTBr.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\Dwmrpiw.exe
  C:\Windows\System\Dwmrpiw.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\cWbtont.exe
  C:\Windows\System\cWbtont.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\TZXKLcU.exe
  C:\Windows\System\TZXKLcU.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\QTDLwwF.exe
  C:\Windows\System\QTDLwwF.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\eFQkuRo.exe
  C:\Windows\System\eFQkuRo.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\Fzwjtvu.exe
  C:\Windows\System\Fzwjtvu.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\toUrDAj.exe
  C:\Windows\System\toUrDAj.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\NHqdfHm.exe
  C:\Windows\System\NHqdfHm.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\aaRKMnD.exe
  C:\Windows\System\aaRKMnD.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\UjgVJyg.exe
  C:\Windows\System\UjgVJyg.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\dbqbvZK.exe
  C:\Windows\System\dbqbvZK.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\jhTTJNc.exe
  C:\Windows\System\jhTTJNc.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\DACEDfH.exe
  C:\Windows\System\DACEDfH.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\LVqZGNZ.exe
  C:\Windows\System\LVqZGNZ.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\LUiEEPi.exe
  C:\Windows\System\LUiEEPi.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\LMXJIQd.exe
  C:\Windows\System\LMXJIQd.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\vaWTiXg.exe
  C:\Windows\System\vaWTiXg.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\lebilws.exe
  C:\Windows\System\lebilws.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\DarZJWz.exe
  C:\Windows\System\DarZJWz.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\yvJssxF.exe
  C:\Windows\System\yvJssxF.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\yczLZre.exe
  C:\Windows\System\yczLZre.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\pkzyuCJ.exe
  C:\Windows\System\pkzyuCJ.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\VfbfPwi.exe
  C:\Windows\System\VfbfPwi.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\haUkjgl.exe
  C:\Windows\System\haUkjgl.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\XYQYToZ.exe
  C:\Windows\System\XYQYToZ.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\DwRkLsH.exe
  C:\Windows\System\DwRkLsH.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\PLOxlzI.exe
  C:\Windows\System\PLOxlzI.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\NhzUbUw.exe
  C:\Windows\System\NhzUbUw.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\jzyCfEA.exe
  C:\Windows\System\jzyCfEA.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\fFTBpSY.exe
  C:\Windows\System\fFTBpSY.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\KjAsuzp.exe
  C:\Windows\System\KjAsuzp.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\WPlGbVM.exe
  C:\Windows\System\WPlGbVM.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\WFelvqP.exe
  C:\Windows\System\WFelvqP.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\YIPwHui.exe
  C:\Windows\System\YIPwHui.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\iymjpHR.exe
  C:\Windows\System\iymjpHR.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\cSytaBr.exe
  C:\Windows\System\cSytaBr.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\uFKLTPc.exe
  C:\Windows\System\uFKLTPc.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\vOxHPGt.exe
  C:\Windows\System\vOxHPGt.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\bFtTlXH.exe
  C:\Windows\System\bFtTlXH.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\zxFOFhj.exe
  C:\Windows\System\zxFOFhj.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\zahPDAu.exe
  C:\Windows\System\zahPDAu.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\XBbWJir.exe
  C:\Windows\System\XBbWJir.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\ACAfiiU.exe
  C:\Windows\System\ACAfiiU.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\FpOenoZ.exe
  C:\Windows\System\FpOenoZ.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\KdNENym.exe
  C:\Windows\System\KdNENym.exe
  2⤵
  PID:316
- C:\Windows\System\aSWIjEL.exe
  C:\Windows\System\aSWIjEL.exe
  2⤵
  PID:1116
- C:\Windows\System\EAaFEzt.exe
  C:\Windows\System\EAaFEzt.exe
  2⤵
  PID:1152
- C:\Windows\System\mIOOSVB.exe
  C:\Windows\System\mIOOSVB.exe
  2⤵
  PID:1744
- C:\Windows\System\KjUaOZp.exe
  C:\Windows\System\KjUaOZp.exe
  2⤵
  PID:1688
- C:\Windows\System\JrzPeIu.exe
  C:\Windows\System\JrzPeIu.exe
  2⤵
  PID:1904
- C:\Windows\System\YBQKOkV.exe
  C:\Windows\System\YBQKOkV.exe
  2⤵
  PID:2400
- C:\Windows\System\PunFRJu.exe
  C:\Windows\System\PunFRJu.exe
  2⤵
  PID:2464
- C:\Windows\System\neaaSFs.exe
  C:\Windows\System\neaaSFs.exe
  2⤵
  PID:1976
- C:\Windows\System\lWFKRKx.exe
  C:\Windows\System\lWFKRKx.exe
  2⤵
  PID:1384
- C:\Windows\System\ItfdgdG.exe
  C:\Windows\System\ItfdgdG.exe
  2⤵
  PID:2768
- C:\Windows\System\NfCHnva.exe
  C:\Windows\System\NfCHnva.exe
  2⤵
  PID:1640
- C:\Windows\System\rlNXXLc.exe
  C:\Windows\System\rlNXXLc.exe
  2⤵
  PID:2000
- C:\Windows\System\xqrHsZp.exe
  C:\Windows\System\xqrHsZp.exe
  2⤵
  PID:800
- C:\Windows\System\IgOCEDF.exe
  C:\Windows\System\IgOCEDF.exe
  2⤵
  PID:2544
- C:\Windows\System\dPyKhTe.exe
  C:\Windows\System\dPyKhTe.exe
  2⤵
  PID:1028
- C:\Windows\System\zNreJNF.exe
  C:\Windows\System\zNreJNF.exe
  2⤵
  PID:1752
- C:\Windows\System\ZUdOIhI.exe
  C:\Windows\System\ZUdOIhI.exe
  2⤵
  PID:2532
- C:\Windows\System\rFPpFkf.exe
  C:\Windows\System\rFPpFkf.exe
  2⤵
  PID:2476
- C:\Windows\System\EknDVZH.exe
  C:\Windows\System\EknDVZH.exe
  2⤵
  PID:2272
- C:\Windows\System\eDXZzCI.exe
  C:\Windows\System\eDXZzCI.exe
  2⤵
  PID:1684
- C:\Windows\System\cCxvQXT.exe
  C:\Windows\System\cCxvQXT.exe
  2⤵
  PID:1556
- C:\Windows\System\OXnMQPo.exe
  C:\Windows\System\OXnMQPo.exe
  2⤵
  PID:2072
- C:\Windows\System\RjaxgVV.exe
  C:\Windows\System\RjaxgVV.exe
  2⤵
  PID:1792
- C:\Windows\System\LynofhA.exe
  C:\Windows\System\LynofhA.exe
  2⤵
  PID:1036
- C:\Windows\System\DZdYncM.exe
  C:\Windows\System\DZdYncM.exe
  2⤵
  PID:2896
- C:\Windows\System\GQktAuJ.exe
  C:\Windows\System\GQktAuJ.exe
  2⤵
  PID:2816
- C:\Windows\System\wucnNEO.exe
  C:\Windows\System\wucnNEO.exe
  2⤵
  PID:344
- C:\Windows\System\SkXwwLA.exe
  C:\Windows\System\SkXwwLA.exe
  2⤵
  PID:1508
- C:\Windows\System\llulodt.exe
  C:\Windows\System\llulodt.exe
  2⤵
  PID:1788
- C:\Windows\System\akqbEUa.exe
  C:\Windows\System\akqbEUa.exe
  2⤵
  PID:1308
- C:\Windows\System\yhEesym.exe
  C:\Windows\System\yhEesym.exe
  2⤵
  PID:2448
- C:\Windows\System\UcALLOC.exe
  C:\Windows\System\UcALLOC.exe
  2⤵
  PID:3080
- C:\Windows\System\UHCAxzK.exe
  C:\Windows\System\UHCAxzK.exe
  2⤵
  PID:3100
- C:\Windows\System\dIrERay.exe
  C:\Windows\System\dIrERay.exe
  2⤵
  PID:3120
- C:\Windows\System\sKCSvqP.exe
  C:\Windows\System\sKCSvqP.exe
  2⤵
  PID:3140
- C:\Windows\System\EABkCsf.exe
  C:\Windows\System\EABkCsf.exe
  2⤵
  PID:3160
- C:\Windows\System\zvMqfwh.exe
  C:\Windows\System\zvMqfwh.exe
  2⤵
  PID:3180
- C:\Windows\System\OijZqdf.exe
  C:\Windows\System\OijZqdf.exe
  2⤵
  PID:3200
- C:\Windows\System\xYcKLEG.exe
  C:\Windows\System\xYcKLEG.exe
  2⤵
  PID:3220
- C:\Windows\System\PbjSPIL.exe
  C:\Windows\System\PbjSPIL.exe
  2⤵
  PID:3240
- C:\Windows\System\myslVuo.exe
  C:\Windows\System\myslVuo.exe
  2⤵
  PID:3260
- C:\Windows\System\uYTWcty.exe
  C:\Windows\System\uYTWcty.exe
  2⤵
  PID:3280
- C:\Windows\System\HnfAxfa.exe
  C:\Windows\System\HnfAxfa.exe
  2⤵
  PID:3300
- C:\Windows\System\aKqGDCu.exe
  C:\Windows\System\aKqGDCu.exe
  2⤵
  PID:3320
- C:\Windows\System\joTSGAV.exe
  C:\Windows\System\joTSGAV.exe
  2⤵
  PID:3340
- C:\Windows\System\KGhERuU.exe
  C:\Windows\System\KGhERuU.exe
  2⤵
  PID:3360
- C:\Windows\System\uknvhDe.exe
  C:\Windows\System\uknvhDe.exe
  2⤵
  PID:3380
- C:\Windows\System\kXmCsul.exe
  C:\Windows\System\kXmCsul.exe
  2⤵
  PID:3400
- C:\Windows\System\cpFrNNA.exe
  C:\Windows\System\cpFrNNA.exe
  2⤵
  PID:3420
- C:\Windows\System\rvlplpV.exe
  C:\Windows\System\rvlplpV.exe
  2⤵
  PID:3444
- C:\Windows\System\GqMkVwG.exe
  C:\Windows\System\GqMkVwG.exe
  2⤵
  PID:3464
- C:\Windows\System\foXTjDT.exe
  C:\Windows\System\foXTjDT.exe
  2⤵
  PID:3488
- C:\Windows\System\iZmfisi.exe
  C:\Windows\System\iZmfisi.exe
  2⤵
  PID:3508
- C:\Windows\System\ectgPxc.exe
  C:\Windows\System\ectgPxc.exe
  2⤵
  PID:3528
- C:\Windows\System\BBveOwm.exe
  C:\Windows\System\BBveOwm.exe
  2⤵
  PID:3548
- C:\Windows\System\LBrjiLo.exe
  C:\Windows\System\LBrjiLo.exe
  2⤵
  PID:3568
- C:\Windows\System\ubNRDlD.exe
  C:\Windows\System\ubNRDlD.exe
  2⤵
  PID:3588
- C:\Windows\System\CBEFsBO.exe
  C:\Windows\System\CBEFsBO.exe
  2⤵
  PID:3608
- C:\Windows\System\SSeThGH.exe
  C:\Windows\System\SSeThGH.exe
  2⤵
  PID:3628
- C:\Windows\System\ytlcDjW.exe
  C:\Windows\System\ytlcDjW.exe
  2⤵
  PID:3648
- C:\Windows\System\clTFpMY.exe
  C:\Windows\System\clTFpMY.exe
  2⤵
  PID:3668
- C:\Windows\System\zAomuGJ.exe
  C:\Windows\System\zAomuGJ.exe
  2⤵
  PID:3688
- C:\Windows\System\pxLiZKI.exe
  C:\Windows\System\pxLiZKI.exe
  2⤵
  PID:3708
- C:\Windows\System\SyPFNIz.exe
  C:\Windows\System\SyPFNIz.exe
  2⤵
  PID:3728
- C:\Windows\System\xeQqPuP.exe
  C:\Windows\System\xeQqPuP.exe
  2⤵
  PID:3748
- C:\Windows\System\GWJsdhM.exe
  C:\Windows\System\GWJsdhM.exe
  2⤵
  PID:3768
- C:\Windows\System\uvblgRx.exe
  C:\Windows\System\uvblgRx.exe
  2⤵
  PID:3788
- C:\Windows\System\wVvPsTx.exe
  C:\Windows\System\wVvPsTx.exe
  2⤵
  PID:3808
- C:\Windows\System\hSKQYCZ.exe
  C:\Windows\System\hSKQYCZ.exe
  2⤵
  PID:3828
- C:\Windows\System\CZSqADB.exe
  C:\Windows\System\CZSqADB.exe
  2⤵
  PID:3848
- C:\Windows\System\CFgiMPR.exe
  C:\Windows\System\CFgiMPR.exe
  2⤵
  PID:3868
- C:\Windows\System\HpcpcBl.exe
  C:\Windows\System\HpcpcBl.exe
  2⤵
  PID:3888
- C:\Windows\System\MRKVVgt.exe
  C:\Windows\System\MRKVVgt.exe
  2⤵
  PID:3908
- C:\Windows\System\buPgPHu.exe
  C:\Windows\System\buPgPHu.exe
  2⤵
  PID:3928
- C:\Windows\System\TDfDWyj.exe
  C:\Windows\System\TDfDWyj.exe
  2⤵
  PID:3948
- C:\Windows\System\IIobDYQ.exe
  C:\Windows\System\IIobDYQ.exe
  2⤵
  PID:3964
- C:\Windows\System\plIJotr.exe
  C:\Windows\System\plIJotr.exe
  2⤵
  PID:3988
- C:\Windows\System\KwTabHq.exe
  C:\Windows\System\KwTabHq.exe
  2⤵
  PID:4008
- C:\Windows\System\zWCmpzw.exe
  C:\Windows\System\zWCmpzw.exe
  2⤵
  PID:4028
- C:\Windows\System\HKrSVRY.exe
  C:\Windows\System\HKrSVRY.exe
  2⤵
  PID:4048
- C:\Windows\System\pCsbcHO.exe
  C:\Windows\System\pCsbcHO.exe
  2⤵
  PID:4068
- C:\Windows\System\QAWdoNT.exe
  C:\Windows\System\QAWdoNT.exe
  2⤵
  PID:4088
- C:\Windows\System\qtXvaKb.exe
  C:\Windows\System\qtXvaKb.exe
  2⤵
  PID:1560
- C:\Windows\System\oLUnlcx.exe
  C:\Windows\System\oLUnlcx.exe
  2⤵
  PID:1236
- C:\Windows\System\lshYqwU.exe
  C:\Windows\System\lshYqwU.exe
  2⤵
  PID:896
- C:\Windows\System\OosVTZi.exe
  C:\Windows\System\OosVTZi.exe
  2⤵
  PID:952
- C:\Windows\System\IMdUMnz.exe
  C:\Windows\System\IMdUMnz.exe
  2⤵
  PID:2168
- C:\Windows\System\VGHEkkA.exe
  C:\Windows\System\VGHEkkA.exe
  2⤵
  PID:980
- C:\Windows\System\sCZKSUX.exe
  C:\Windows\System\sCZKSUX.exe
  2⤵
  PID:300
- C:\Windows\System\fITYqVd.exe
  C:\Windows\System\fITYqVd.exe
  2⤵
  PID:872
- C:\Windows\System\sagLVGO.exe
  C:\Windows\System\sagLVGO.exe
  2⤵
  PID:1568
- C:\Windows\System\EhRzBwG.exe
  C:\Windows\System\EhRzBwG.exe
  2⤵
  PID:2928
- C:\Windows\System\CYlnyES.exe
  C:\Windows\System\CYlnyES.exe
  2⤵
  PID:2212
- C:\Windows\System\obDDTOO.exe
  C:\Windows\System\obDDTOO.exe
  2⤵
  PID:2604
- C:\Windows\System\rNBiFZa.exe
  C:\Windows\System\rNBiFZa.exe
  2⤵
  PID:1988
- C:\Windows\System\unfiKGV.exe
  C:\Windows\System\unfiKGV.exe
  2⤵
  PID:2564
- C:\Windows\System\XhKdEEB.exe
  C:\Windows\System\XhKdEEB.exe
  2⤵
  PID:2912
- C:\Windows\System\DdMaaEg.exe
  C:\Windows\System\DdMaaEg.exe
  2⤵
  PID:3088
- C:\Windows\System\vSbeYtQ.exe
  C:\Windows\System\vSbeYtQ.exe
  2⤵
  PID:3112
- C:\Windows\System\nTBuqID.exe
  C:\Windows\System\nTBuqID.exe
  2⤵
  PID:3156
- C:\Windows\System\OfPpYMq.exe
  C:\Windows\System\OfPpYMq.exe
  2⤵
  PID:3196
- C:\Windows\System\pVFdtFn.exe
  C:\Windows\System\pVFdtFn.exe
  2⤵
  PID:3236
- C:\Windows\System\URCVLJQ.exe
  C:\Windows\System\URCVLJQ.exe
  2⤵
  PID:3256
- C:\Windows\System\YlfkzJs.exe
  C:\Windows\System\YlfkzJs.exe
  2⤵
  PID:3288
- C:\Windows\System\XVKYbtc.exe
  C:\Windows\System\XVKYbtc.exe
  2⤵
  PID:3312
- C:\Windows\System\mwfeWwP.exe
  C:\Windows\System\mwfeWwP.exe
  2⤵
  PID:3332
- C:\Windows\System\SSXblmD.exe
  C:\Windows\System\SSXblmD.exe
  2⤵
  PID:3388
- C:\Windows\System\jXkunaQ.exe
  C:\Windows\System\jXkunaQ.exe
  2⤵
  PID:3428
- C:\Windows\System\LCWbXcG.exe
  C:\Windows\System\LCWbXcG.exe
  2⤵
  PID:3460
- C:\Windows\System\uCmpjUb.exe
  C:\Windows\System\uCmpjUb.exe
  2⤵
  PID:3496
- C:\Windows\System\gvfzznR.exe
  C:\Windows\System\gvfzznR.exe
  2⤵
  PID:3520
- C:\Windows\System\HxWgAAG.exe
  C:\Windows\System\HxWgAAG.exe
  2⤵
  PID:3564
- C:\Windows\System\kdDiuHB.exe
  C:\Windows\System\kdDiuHB.exe
  2⤵
  PID:3596
- C:\Windows\System\rsmESSg.exe
  C:\Windows\System\rsmESSg.exe
  2⤵
  PID:3636
- C:\Windows\System\HkhqZXv.exe
  C:\Windows\System\HkhqZXv.exe
  2⤵
  PID:3664
- C:\Windows\System\uHHmASJ.exe
  C:\Windows\System\uHHmASJ.exe
  2⤵
  PID:3696
- C:\Windows\System\FMaSQCJ.exe
  C:\Windows\System\FMaSQCJ.exe
  2⤵
  PID:3720
- C:\Windows\System\aLFRoIv.exe
  C:\Windows\System\aLFRoIv.exe
  2⤵
  PID:3764
- C:\Windows\System\rYEzDOy.exe
  C:\Windows\System\rYEzDOy.exe
  2⤵
  PID:3784
- C:\Windows\System\RUDqAuz.exe
  C:\Windows\System\RUDqAuz.exe
  2⤵
  PID:3836
- C:\Windows\System\cNRsgdb.exe
  C:\Windows\System\cNRsgdb.exe
  2⤵
  PID:3864
- C:\Windows\System\AoXAUeH.exe
  C:\Windows\System\AoXAUeH.exe
  2⤵
  PID:3896
- C:\Windows\System\KSUTDor.exe
  C:\Windows\System\KSUTDor.exe
  2⤵
  PID:3920
- C:\Windows\System\QxcKhTP.exe
  C:\Windows\System\QxcKhTP.exe
  2⤵
  PID:3940
- C:\Windows\System\mIlPUTI.exe
  C:\Windows\System\mIlPUTI.exe
  2⤵
  PID:4004
- C:\Windows\System\kAnPFbz.exe
  C:\Windows\System\kAnPFbz.exe
  2⤵
  PID:4036
- C:\Windows\System\XxYvLHl.exe
  C:\Windows\System\XxYvLHl.exe
  2⤵
  PID:4064
- C:\Windows\System\qifZXiY.exe
  C:\Windows\System\qifZXiY.exe
  2⤵
  PID:1124
- C:\Windows\System\cGNZOCo.exe
  C:\Windows\System\cGNZOCo.exe
  2⤵
  PID:1596
- C:\Windows\System\bBERqSd.exe
  C:\Windows\System\bBERqSd.exe
  2⤵
  PID:1408
- C:\Windows\System\TwBWNGs.exe
  C:\Windows\System\TwBWNGs.exe
  2⤵
  PID:2904
- C:\Windows\System\lACCvPu.exe
  C:\Windows\System\lACCvPu.exe
  2⤵
  PID:2420
- C:\Windows\System\CadRwYc.exe
  C:\Windows\System\CadRwYc.exe
  2⤵
  PID:2352
- C:\Windows\System\SrzWsbl.exe
  C:\Windows\System\SrzWsbl.exe
  2⤵
  PID:1480
- C:\Windows\System\vIQMssq.exe
  C:\Windows\System\vIQMssq.exe
  2⤵
  PID:2856
- C:\Windows\System\UOAfGCt.exe
  C:\Windows\System\UOAfGCt.exe
  2⤵
  PID:1284
- C:\Windows\System\qXrJnwu.exe
  C:\Windows\System\qXrJnwu.exe
  2⤵
  PID:3036
- C:\Windows\System\ArrVXDB.exe
  C:\Windows\System\ArrVXDB.exe
  2⤵
  PID:3116
- C:\Windows\System\WWeljJT.exe
  C:\Windows\System\WWeljJT.exe
  2⤵
  PID:3168
- C:\Windows\System\QQQBXHW.exe
  C:\Windows\System\QQQBXHW.exe
  2⤵
  PID:3208
- C:\Windows\System\SSCKiBk.exe
  C:\Windows\System\SSCKiBk.exe
  2⤵
  PID:3248
- C:\Windows\System\kpIBEwz.exe
  C:\Windows\System\kpIBEwz.exe
  2⤵
  PID:3292
- C:\Windows\System\DpaSiIp.exe
  C:\Windows\System\DpaSiIp.exe
  2⤵
  PID:3392
- C:\Windows\System\XpoGcRn.exe
  C:\Windows\System\XpoGcRn.exe
  2⤵
  PID:3412
- C:\Windows\System\hUgIlsC.exe
  C:\Windows\System\hUgIlsC.exe
  2⤵
  PID:3480
- C:\Windows\System\nrliVII.exe
  C:\Windows\System\nrliVII.exe
  2⤵
  PID:3500
- C:\Windows\System\pjtKaTO.exe
  C:\Windows\System\pjtKaTO.exe
  2⤵
  PID:3616
- C:\Windows\System\cCUzMAX.exe
  C:\Windows\System\cCUzMAX.exe
  2⤵
  PID:3680
- C:\Windows\System\KwmIrcs.exe
  C:\Windows\System\KwmIrcs.exe
  2⤵
  PID:3724
- C:\Windows\System\HePdBcF.exe
  C:\Windows\System\HePdBcF.exe
  2⤵
  PID:3776
- C:\Windows\System\itLsFEP.exe
  C:\Windows\System\itLsFEP.exe
  2⤵
  PID:3816
- C:\Windows\System\rnRmXQv.exe
  C:\Windows\System\rnRmXQv.exe
  2⤵
  PID:3880
- C:\Windows\System\zghWZVk.exe
  C:\Windows\System\zghWZVk.exe
  2⤵
  PID:3960
- C:\Windows\System\hXlUAzj.exe
  C:\Windows\System\hXlUAzj.exe
  2⤵
  PID:3996
- C:\Windows\System\wdVKAUt.exe
  C:\Windows\System\wdVKAUt.exe
  2⤵
  PID:4108
- C:\Windows\System\JDzwXzO.exe
  C:\Windows\System\JDzwXzO.exe
  2⤵
  PID:4128
- C:\Windows\System\sShxKzX.exe
  C:\Windows\System\sShxKzX.exe
  2⤵
  PID:4148
- C:\Windows\System\egfOxcl.exe
  C:\Windows\System\egfOxcl.exe
  2⤵
  PID:4168
- C:\Windows\System\ipCQxqs.exe
  C:\Windows\System\ipCQxqs.exe
  2⤵
  PID:4188
- C:\Windows\System\pfwPkms.exe
  C:\Windows\System\pfwPkms.exe
  2⤵
  PID:4208
- C:\Windows\System\JfBbdsd.exe
  C:\Windows\System\JfBbdsd.exe
  2⤵
  PID:4228
- C:\Windows\System\WVQBXTT.exe
  C:\Windows\System\WVQBXTT.exe
  2⤵
  PID:4248
- C:\Windows\System\ypKZdcV.exe
  C:\Windows\System\ypKZdcV.exe
  2⤵
  PID:4268
- C:\Windows\System\FFUpftl.exe
  C:\Windows\System\FFUpftl.exe
  2⤵
  PID:4288
- C:\Windows\System\tMkjklr.exe
  C:\Windows\System\tMkjklr.exe
  2⤵
  PID:4308
- C:\Windows\System\lvwkWRm.exe
  C:\Windows\System\lvwkWRm.exe
  2⤵
  PID:4328
- C:\Windows\System\kmFSfkE.exe
  C:\Windows\System\kmFSfkE.exe
  2⤵
  PID:4348
- C:\Windows\System\FNqdRhk.exe
  C:\Windows\System\FNqdRhk.exe
  2⤵
  PID:4368
- C:\Windows\System\tkLBzGT.exe
  C:\Windows\System\tkLBzGT.exe
  2⤵
  PID:4388
- C:\Windows\System\hhjwIxS.exe
  C:\Windows\System\hhjwIxS.exe
  2⤵
  PID:4408
- C:\Windows\System\VnoxEpL.exe
  C:\Windows\System\VnoxEpL.exe
  2⤵
  PID:4428
- C:\Windows\System\appqsgB.exe
  C:\Windows\System\appqsgB.exe
  2⤵
  PID:4448
- C:\Windows\System\ZyTETwk.exe
  C:\Windows\System\ZyTETwk.exe
  2⤵
  PID:4468
- C:\Windows\System\nBNufym.exe
  C:\Windows\System\nBNufym.exe
  2⤵
  PID:4488
- C:\Windows\System\Omvjemf.exe
  C:\Windows\System\Omvjemf.exe
  2⤵
  PID:4508
- C:\Windows\System\hNlVmmP.exe
  C:\Windows\System\hNlVmmP.exe
  2⤵
  PID:4528
- C:\Windows\System\vREuruX.exe
  C:\Windows\System\vREuruX.exe
  2⤵
  PID:4548
- C:\Windows\System\qYbPqMM.exe
  C:\Windows\System\qYbPqMM.exe
  2⤵
  PID:4568
- C:\Windows\System\QLjrcxs.exe
  C:\Windows\System\QLjrcxs.exe
  2⤵
  PID:4588
- C:\Windows\System\vTvPljk.exe
  C:\Windows\System\vTvPljk.exe
  2⤵
  PID:4608
- C:\Windows\System\YRkHERH.exe
  C:\Windows\System\YRkHERH.exe
  2⤵
  PID:4628
- C:\Windows\System\LNyRbTZ.exe
  C:\Windows\System\LNyRbTZ.exe
  2⤵
  PID:4652
- C:\Windows\System\FbIqAto.exe
  C:\Windows\System\FbIqAto.exe
  2⤵
  PID:4672
- C:\Windows\System\sknYkiX.exe
  C:\Windows\System\sknYkiX.exe
  2⤵
  PID:4692
- C:\Windows\System\cjhoCwt.exe
  C:\Windows\System\cjhoCwt.exe
  2⤵
  PID:4712
- C:\Windows\System\gUqNxlB.exe
  C:\Windows\System\gUqNxlB.exe
  2⤵
  PID:4732
- C:\Windows\System\aosSHmm.exe
  C:\Windows\System\aosSHmm.exe
  2⤵
  PID:4752
- C:\Windows\System\UVQJDWd.exe
  C:\Windows\System\UVQJDWd.exe
  2⤵
  PID:4772
- C:\Windows\System\gRFFqyl.exe
  C:\Windows\System\gRFFqyl.exe
  2⤵
  PID:4792
- C:\Windows\System\UibrCHA.exe
  C:\Windows\System\UibrCHA.exe
  2⤵
  PID:4812
- C:\Windows\System\sJoJiNY.exe
  C:\Windows\System\sJoJiNY.exe
  2⤵
  PID:4832
- C:\Windows\System\rXxMwUF.exe
  C:\Windows\System\rXxMwUF.exe
  2⤵
  PID:4852
- C:\Windows\System\pmqSbYH.exe
  C:\Windows\System\pmqSbYH.exe
  2⤵
  PID:4872
- C:\Windows\System\yreOcQz.exe
  C:\Windows\System\yreOcQz.exe
  2⤵
  PID:4892
- C:\Windows\System\QzgzIXf.exe
  C:\Windows\System\QzgzIXf.exe
  2⤵
  PID:4912
- C:\Windows\System\suBZaqY.exe
  C:\Windows\System\suBZaqY.exe
  2⤵
  PID:4932
- C:\Windows\System\wxfgrui.exe
  C:\Windows\System\wxfgrui.exe
  2⤵
  PID:4952
- C:\Windows\System\KrtYXbE.exe
  C:\Windows\System\KrtYXbE.exe
  2⤵
  PID:4972
- C:\Windows\System\HfUvIux.exe
  C:\Windows\System\HfUvIux.exe
  2⤵
  PID:4992
- C:\Windows\System\SRpDGnh.exe
  C:\Windows\System\SRpDGnh.exe
  2⤵
  PID:5012
- C:\Windows\System\myojESB.exe
  C:\Windows\System\myojESB.exe
  2⤵
  PID:5032
- C:\Windows\System\YIDDcxY.exe
  C:\Windows\System\YIDDcxY.exe
  2⤵
  PID:5052
- C:\Windows\System\qWGbfkX.exe
  C:\Windows\System\qWGbfkX.exe
  2⤵
  PID:5072
- C:\Windows\System\fkTFkAR.exe
  C:\Windows\System\fkTFkAR.exe
  2⤵
  PID:5092
- C:\Windows\System\rBSCshJ.exe
  C:\Windows\System\rBSCshJ.exe
  2⤵
  PID:5112
- C:\Windows\System\fxoXwgM.exe
  C:\Windows\System\fxoXwgM.exe
  2⤵
  PID:4040
- C:\Windows\System\FJVXrgH.exe
  C:\Windows\System\FJVXrgH.exe
  2⤵
  PID:1576
- C:\Windows\System\EujlxlF.exe
  C:\Windows\System\EujlxlF.exe
  2⤵
  PID:1532
- C:\Windows\System\OWHTraw.exe
  C:\Windows\System\OWHTraw.exe
  2⤵
  PID:348
- C:\Windows\System\lZfvuZb.exe
  C:\Windows\System\lZfvuZb.exe
  2⤵
  PID:2860
- C:\Windows\System\AAgtEzF.exe
  C:\Windows\System\AAgtEzF.exe
  2⤵
  PID:904
- C:\Windows\System\DaEMPOH.exe
  C:\Windows\System\DaEMPOH.exe
  2⤵
  PID:1768
- C:\Windows\System\waYTHgl.exe
  C:\Windows\System\waYTHgl.exe
  2⤵
  PID:3228
- C:\Windows\System\EXfsWDv.exe
  C:\Windows\System\EXfsWDv.exe
  2⤵
  PID:3276
- C:\Windows\System\LehBnnE.exe
  C:\Windows\System\LehBnnE.exe
  2⤵
  PID:3356
- C:\Windows\System\SDlIgIS.exe
  C:\Windows\System\SDlIgIS.exe
  2⤵
  PID:3376
- C:\Windows\System\ReluBpe.exe
  C:\Windows\System\ReluBpe.exe
  2⤵
  PID:3524
- C:\Windows\System\TbApPPG.exe
  C:\Windows\System\TbApPPG.exe
  2⤵
  PID:3584
- C:\Windows\System\NSQhiPU.exe
  C:\Windows\System\NSQhiPU.exe
  2⤵
  PID:3700
- C:\Windows\System\pxkhJpE.exe
  C:\Windows\System\pxkhJpE.exe
  2⤵
  PID:3856
- C:\Windows\System\LxTqcmj.exe
  C:\Windows\System\LxTqcmj.exe
  2⤵
  PID:3900
- C:\Windows\System\yPwUuPn.exe
  C:\Windows\System\yPwUuPn.exe
  2⤵
  PID:3976
- C:\Windows\System\xGajLGo.exe
  C:\Windows\System\xGajLGo.exe
  2⤵
  PID:4100
- C:\Windows\System\gaWgASK.exe
  C:\Windows\System\gaWgASK.exe
  2⤵
  PID:4164
- C:\Windows\System\BJcqJRb.exe
  C:\Windows\System\BJcqJRb.exe
  2⤵
  PID:4196
- C:\Windows\System\Zmohdpo.exe
  C:\Windows\System\Zmohdpo.exe
  2⤵
  PID:4236
- C:\Windows\System\ahnrQrK.exe
  C:\Windows\System\ahnrQrK.exe
  2⤵
  PID:4256
- C:\Windows\System\qQfSpFc.exe
  C:\Windows\System\qQfSpFc.exe
  2⤵
  PID:4280
- C:\Windows\System\BAqkeVj.exe
  C:\Windows\System\BAqkeVj.exe
  2⤵
  PID:4300
- C:\Windows\System\RSJiilF.exe
  C:\Windows\System\RSJiilF.exe
  2⤵
  PID:4344
- C:\Windows\System\MTTfDZF.exe
  C:\Windows\System\MTTfDZF.exe
  2⤵
  PID:4396
- C:\Windows\System\HvSWCew.exe
  C:\Windows\System\HvSWCew.exe
  2⤵
  PID:4424
- C:\Windows\System\vjnLfyq.exe
  C:\Windows\System\vjnLfyq.exe
  2⤵
  PID:4456
- C:\Windows\System\WKGOXoX.exe
  C:\Windows\System\WKGOXoX.exe
  2⤵
  PID:4480
- C:\Windows\System\ZCEjNQL.exe
  C:\Windows\System\ZCEjNQL.exe
  2⤵
  PID:4520
- C:\Windows\System\MPGoxcT.exe
  C:\Windows\System\MPGoxcT.exe
  2⤵
  PID:4564
- C:\Windows\System\GQKAlUh.exe
  C:\Windows\System\GQKAlUh.exe
  2⤵
  PID:4580
- C:\Windows\System\weJOvZh.exe
  C:\Windows\System\weJOvZh.exe
  2⤵
  PID:4636
- C:\Windows\System\yuqRFbK.exe
  C:\Windows\System\yuqRFbK.exe
  2⤵
  PID:4668
- C:\Windows\System\lfVCiIr.exe
  C:\Windows\System\lfVCiIr.exe
  2⤵
  PID:4700
- C:\Windows\System\kBZzVMA.exe
  C:\Windows\System\kBZzVMA.exe
  2⤵
  PID:4724
- C:\Windows\System\TxHDUUJ.exe
  C:\Windows\System\TxHDUUJ.exe
  2⤵
  PID:4768
- C:\Windows\System\GpLnhox.exe
  C:\Windows\System\GpLnhox.exe
  2⤵
  PID:4808
- C:\Windows\System\cnPsLet.exe
  C:\Windows\System\cnPsLet.exe
  2⤵
  PID:4840
- C:\Windows\System\UcnYLnR.exe
  C:\Windows\System\UcnYLnR.exe
  2⤵
  PID:4880
- C:\Windows\System\lZdEpRD.exe
  C:\Windows\System\lZdEpRD.exe
  2⤵
  PID:2088
- C:\Windows\System\ZLgOavY.exe
  C:\Windows\System\ZLgOavY.exe
  2⤵
  PID:4928
- C:\Windows\System\jfqRrWm.exe
  C:\Windows\System\jfqRrWm.exe
  2⤵
  PID:4944
- C:\Windows\System\IZVdERA.exe
  C:\Windows\System\IZVdERA.exe
  2⤵
  PID:5000
- C:\Windows\System\HYwHqZl.exe
  C:\Windows\System\HYwHqZl.exe
  2⤵
  PID:5028
- C:\Windows\System\gTqMqhl.exe
  C:\Windows\System\gTqMqhl.exe
  2⤵
  PID:5060
- C:\Windows\System\zUfZZqG.exe
  C:\Windows\System\zUfZZqG.exe
  2⤵
  PID:5084
- C:\Windows\System\vwmhiWN.exe
  C:\Windows\System\vwmhiWN.exe
  2⤵
  PID:5104
- C:\Windows\System\qSdjyss.exe
  C:\Windows\System\qSdjyss.exe
  2⤵
  PID:1724
- C:\Windows\System\QWwVStU.exe
  C:\Windows\System\QWwVStU.exe
  2⤵
  PID:2388
- C:\Windows\System\FrYfLKZ.exe
  C:\Windows\System\FrYfLKZ.exe
  2⤵
  PID:1496
- C:\Windows\System\NqzncpI.exe
  C:\Windows\System\NqzncpI.exe
  2⤵
  PID:2308
- C:\Windows\System\AOUtHNX.exe
  C:\Windows\System\AOUtHNX.exe
  2⤵
  PID:3176
- C:\Windows\System\qhtDeYO.exe
  C:\Windows\System\qhtDeYO.exe
  2⤵
  PID:3408
- C:\Windows\System\OxUeqzB.exe
  C:\Windows\System\OxUeqzB.exe
  2⤵
  PID:3432
- C:\Windows\System\CKmTpZl.exe
  C:\Windows\System\CKmTpZl.exe
  2⤵
  PID:3656
- C:\Windows\System\LqsCJnC.exe
  C:\Windows\System\LqsCJnC.exe
  2⤵
  PID:3924
- C:\Windows\System\iqsrBip.exe
  C:\Windows\System\iqsrBip.exe
  2⤵
  PID:4124
- C:\Windows\System\QSgTEUZ.exe
  C:\Windows\System\QSgTEUZ.exe
  2⤵
  PID:4156
- C:\Windows\System\tlUlTmS.exe
  C:\Windows\System\tlUlTmS.exe
  2⤵
  PID:4184
- C:\Windows\System\nFCaBuu.exe
  C:\Windows\System\nFCaBuu.exe
  2⤵
  PID:4240
- C:\Windows\System\mghsCgr.exe
  C:\Windows\System\mghsCgr.exe
  2⤵
  PID:4316
- C:\Windows\System\VUWNyfi.exe
  C:\Windows\System\VUWNyfi.exe
  2⤵
  PID:4364
- C:\Windows\System\djvBLxG.exe
  C:\Windows\System\djvBLxG.exe
  2⤵
  PID:4376
- C:\Windows\System\WnZVHdl.exe
  C:\Windows\System\WnZVHdl.exe
  2⤵
  PID:4464
- C:\Windows\System\rokyhWj.exe
  C:\Windows\System\rokyhWj.exe
  2⤵
  PID:4524
- C:\Windows\System\aVEjlRn.exe
  C:\Windows\System\aVEjlRn.exe
  2⤵
  PID:4600
- C:\Windows\System\jYJCBzr.exe
  C:\Windows\System\jYJCBzr.exe
  2⤵
  PID:4664
- C:\Windows\System\ucpOYIn.exe
  C:\Windows\System\ucpOYIn.exe
  2⤵
  PID:4688
- C:\Windows\System\EfUKtIn.exe
  C:\Windows\System\EfUKtIn.exe
  2⤵
  PID:4760
- C:\Windows\System\txnSvCx.exe
  C:\Windows\System\txnSvCx.exe
  2⤵
  PID:4828
- C:\Windows\System\CXdapll.exe
  C:\Windows\System\CXdapll.exe
  2⤵
  PID:4888
- C:\Windows\System\WOlXtCg.exe
  C:\Windows\System\WOlXtCg.exe
  2⤵
  PID:4940
- C:\Windows\System\eMPMVUW.exe
  C:\Windows\System\eMPMVUW.exe
  2⤵
  PID:4964
- C:\Windows\System\ONCJYkp.exe
  C:\Windows\System\ONCJYkp.exe
  2⤵
  PID:5004
- C:\Windows\System\xwQgyXy.exe
  C:\Windows\System\xwQgyXy.exe
  2⤵
  PID:5064
- C:\Windows\System\HkabeZX.exe
  C:\Windows\System\HkabeZX.exe
  2⤵
  PID:1304
- C:\Windows\System\axRffNn.exe
  C:\Windows\System\axRffNn.exe
  2⤵
  PID:4080
- C:\Windows\System\HHcLMNH.exe
  C:\Windows\System\HHcLMNH.exe
  2⤵
  PID:3232
- C:\Windows\System\ivHKalW.exe
  C:\Windows\System\ivHKalW.exe
  2⤵
  PID:3316
- C:\Windows\System\hoeptyC.exe
  C:\Windows\System\hoeptyC.exe
  2⤵
  PID:3348
- C:\Windows\System\ySCXtDl.exe
  C:\Windows\System\ySCXtDl.exe
  2⤵
  PID:3644
- C:\Windows\System\UfHMXPc.exe
  C:\Windows\System\UfHMXPc.exe
  2⤵
  PID:4104
- C:\Windows\System\ocDWTQS.exe
  C:\Windows\System\ocDWTQS.exe
  2⤵
  PID:4200
- C:\Windows\System\iPwqUBf.exe
  C:\Windows\System\iPwqUBf.exe
  2⤵
  PID:4264
- C:\Windows\System\erdFJKb.exe
  C:\Windows\System\erdFJKb.exe
  2⤵
  PID:4420
- C:\Windows\System\pCVvXTK.exe
  C:\Windows\System\pCVvXTK.exe
  2⤵
  PID:4460
- C:\Windows\System\uWCMLFr.exe
  C:\Windows\System\uWCMLFr.exe
  2⤵
  PID:4504
- C:\Windows\System\mjLbJRc.exe
  C:\Windows\System\mjLbJRc.exe
  2⤵
  PID:5140
- C:\Windows\System\iIImRlk.exe
  C:\Windows\System\iIImRlk.exe
  2⤵
  PID:5160
- C:\Windows\System\GczFinU.exe
  C:\Windows\System\GczFinU.exe
  2⤵
  PID:5180
- C:\Windows\System\rifmMXQ.exe
  C:\Windows\System\rifmMXQ.exe
  2⤵
  PID:5200
- C:\Windows\System\iIVOTex.exe
  C:\Windows\System\iIVOTex.exe
  2⤵
  PID:5220
- C:\Windows\System\aEhLVnj.exe
  C:\Windows\System\aEhLVnj.exe
  2⤵
  PID:5240
- C:\Windows\System\lJPLDGi.exe
  C:\Windows\System\lJPLDGi.exe
  2⤵
  PID:5260
- C:\Windows\System\pwmuiAK.exe
  C:\Windows\System\pwmuiAK.exe
  2⤵
  PID:5280
- C:\Windows\System\SQfYxQb.exe
  C:\Windows\System\SQfYxQb.exe
  2⤵
  PID:5300
- C:\Windows\System\oRZsRay.exe
  C:\Windows\System\oRZsRay.exe
  2⤵
  PID:5320
- C:\Windows\System\pYeqOGC.exe
  C:\Windows\System\pYeqOGC.exe
  2⤵
  PID:5340
- C:\Windows\System\fShxfkd.exe
  C:\Windows\System\fShxfkd.exe
  2⤵
  PID:5360
- C:\Windows\System\HuuxiSQ.exe
  C:\Windows\System\HuuxiSQ.exe
  2⤵
  PID:5380
- C:\Windows\System\sVEyZgt.exe
  C:\Windows\System\sVEyZgt.exe
  2⤵
  PID:5400
- C:\Windows\System\HGyfdvn.exe
  C:\Windows\System\HGyfdvn.exe
  2⤵
  PID:5420
- C:\Windows\System\NeBgViT.exe
  C:\Windows\System\NeBgViT.exe
  2⤵
  PID:5440
- C:\Windows\System\nvGKdoE.exe
  C:\Windows\System\nvGKdoE.exe
  2⤵
  PID:5460
- C:\Windows\System\cKTnsTC.exe
  C:\Windows\System\cKTnsTC.exe
  2⤵
  PID:5480
- C:\Windows\System\jouyoSI.exe
  C:\Windows\System\jouyoSI.exe
  2⤵
  PID:5500
- C:\Windows\System\BbgvTnV.exe
  C:\Windows\System\BbgvTnV.exe
  2⤵
  PID:5520
- C:\Windows\System\gpSeIIb.exe
  C:\Windows\System\gpSeIIb.exe
  2⤵
  PID:5540
- C:\Windows\System\NtJFoHb.exe
  C:\Windows\System\NtJFoHb.exe
  2⤵
  PID:5560
- C:\Windows\System\MQZSBlw.exe
  C:\Windows\System\MQZSBlw.exe
  2⤵
  PID:5580
- C:\Windows\System\nlApZVM.exe
  C:\Windows\System\nlApZVM.exe
  2⤵
  PID:5600
- C:\Windows\System\whYNYlg.exe
  C:\Windows\System\whYNYlg.exe
  2⤵
  PID:5620
- C:\Windows\System\qngNDUW.exe
  C:\Windows\System\qngNDUW.exe
  2⤵
  PID:5640
- C:\Windows\System\LRlECsg.exe
  C:\Windows\System\LRlECsg.exe
  2⤵
  PID:5660
- C:\Windows\System\XDziCjq.exe
  C:\Windows\System\XDziCjq.exe
  2⤵
  PID:5680
- C:\Windows\System\ABVhGIE.exe
  C:\Windows\System\ABVhGIE.exe
  2⤵
  PID:5700
- C:\Windows\System\FIcCLVQ.exe
  C:\Windows\System\FIcCLVQ.exe
  2⤵
  PID:5720
- C:\Windows\System\mYGobCH.exe
  C:\Windows\System\mYGobCH.exe
  2⤵
  PID:5740
- C:\Windows\System\NpmgZHG.exe
  C:\Windows\System\NpmgZHG.exe
  2⤵
  PID:5760
- C:\Windows\System\oyiDJPF.exe
  C:\Windows\System\oyiDJPF.exe
  2⤵
  PID:5780
- C:\Windows\System\vCrEbxf.exe
  C:\Windows\System\vCrEbxf.exe
  2⤵
  PID:5800
- C:\Windows\System\gZsjBNg.exe
  C:\Windows\System\gZsjBNg.exe
  2⤵
  PID:5820
- C:\Windows\System\ChscCwk.exe
  C:\Windows\System\ChscCwk.exe
  2⤵
  PID:5840
- C:\Windows\System\EChavMx.exe
  C:\Windows\System\EChavMx.exe
  2⤵
  PID:5860
- C:\Windows\System\TRAErni.exe
  C:\Windows\System\TRAErni.exe
  2⤵
  PID:5880
- C:\Windows\System\pgwKwcY.exe
  C:\Windows\System\pgwKwcY.exe
  2⤵
  PID:5900
- C:\Windows\System\YaeoaeH.exe
  C:\Windows\System\YaeoaeH.exe
  2⤵
  PID:5924
- C:\Windows\System\rToJsCt.exe
  C:\Windows\System\rToJsCt.exe
  2⤵
  PID:5944
- C:\Windows\System\HUvNnGc.exe
  C:\Windows\System\HUvNnGc.exe
  2⤵
  PID:5964
- C:\Windows\System\RDvNIaZ.exe
  C:\Windows\System\RDvNIaZ.exe
  2⤵
  PID:5984
- C:\Windows\System\GPQPYOE.exe
  C:\Windows\System\GPQPYOE.exe
  2⤵
  PID:6004
- C:\Windows\System\hzDKeKF.exe
  C:\Windows\System\hzDKeKF.exe
  2⤵
  PID:6024
- C:\Windows\System\hAWrYue.exe
  C:\Windows\System\hAWrYue.exe
  2⤵
  PID:6044
- C:\Windows\System\JJqWgBw.exe
  C:\Windows\System\JJqWgBw.exe
  2⤵
  PID:6064
- C:\Windows\System\RVTbWJR.exe
  C:\Windows\System\RVTbWJR.exe
  2⤵
  PID:6084
- C:\Windows\System\lblcvRy.exe
  C:\Windows\System\lblcvRy.exe
  2⤵
  PID:6104
- C:\Windows\System\ohEjELf.exe
  C:\Windows\System\ohEjELf.exe
  2⤵
  PID:6124
- C:\Windows\System\aRhATYD.exe
  C:\Windows\System\aRhATYD.exe
  2⤵
  PID:4660
- C:\Windows\System\UazGjfQ.exe
  C:\Windows\System\UazGjfQ.exe
  2⤵
  PID:4640
- C:\Windows\System\uAILPRF.exe
  C:\Windows\System\uAILPRF.exe
  2⤵
  PID:4788
- C:\Windows\System\liPjiLt.exe
  C:\Windows\System\liPjiLt.exe
  2⤵
  PID:4848
- C:\Windows\System\ItpPTPs.exe
  C:\Windows\System\ItpPTPs.exe
  2⤵
  PID:4980
- C:\Windows\System\WfBVqtq.exe
  C:\Windows\System\WfBVqtq.exe
  2⤵
  PID:4056
- C:\Windows\System\KIyJjNg.exe
  C:\Windows\System\KIyJjNg.exe
  2⤵
  PID:2044
- C:\Windows\System\pDGYPTo.exe
  C:\Windows\System\pDGYPTo.exe
  2⤵
  PID:1592
- C:\Windows\System\VZFPMnS.exe
  C:\Windows\System\VZFPMnS.exe
  2⤵
  PID:3336
- C:\Windows\System\euNDphQ.exe
  C:\Windows\System\euNDphQ.exe
  2⤵
  PID:4000
- C:\Windows\System\GAsBsTD.exe
  C:\Windows\System\GAsBsTD.exe
  2⤵
  PID:4180
- C:\Windows\System\XMEtpRf.exe
  C:\Windows\System\XMEtpRf.exe
  2⤵
  PID:4384
- C:\Windows\System\bVvWePU.exe
  C:\Windows\System\bVvWePU.exe
  2⤵
  PID:5128
- C:\Windows\System\bWvfnqP.exe
  C:\Windows\System\bWvfnqP.exe
  2⤵
  PID:5132
- C:\Windows\System\oDfsrNm.exe
  C:\Windows\System\oDfsrNm.exe
  2⤵
  PID:5168
- C:\Windows\System\nixKzuZ.exe
  C:\Windows\System\nixKzuZ.exe
  2⤵
  PID:5196
- C:\Windows\System\tufgRsz.exe
  C:\Windows\System\tufgRsz.exe
  2⤵
  PID:5248
- C:\Windows\System\ulnKdiH.exe
  C:\Windows\System\ulnKdiH.exe
  2⤵
  PID:5268
- C:\Windows\System\klYTzpl.exe
  C:\Windows\System\klYTzpl.exe
  2⤵
  PID:5292
- C:\Windows\System\TYHjkbe.exe
  C:\Windows\System\TYHjkbe.exe
  2⤵
  PID:5312
- C:\Windows\System\xjvreSn.exe
  C:\Windows\System\xjvreSn.exe
  2⤵
  PID:5356
- C:\Windows\System\AbksepW.exe
  C:\Windows\System\AbksepW.exe
  2⤵
  PID:5408
- C:\Windows\System\IlDSRvd.exe
  C:\Windows\System\IlDSRvd.exe
  2⤵
  PID:5436
- C:\Windows\System\aprNmvc.exe
  C:\Windows\System\aprNmvc.exe
  2⤵
  PID:5468
- C:\Windows\System\qmtIgsC.exe
  C:\Windows\System\qmtIgsC.exe
  2⤵
  PID:5492
- C:\Windows\System\uGtBXWd.exe
  C:\Windows\System\uGtBXWd.exe
  2⤵
  PID:5512
- C:\Windows\System\VTezczF.exe
  C:\Windows\System\VTezczF.exe
  2⤵
  PID:5568
- C:\Windows\System\nYDkoft.exe
  C:\Windows\System\nYDkoft.exe
  2⤵
  PID:5608
- C:\Windows\System\QiVDoDo.exe
  C:\Windows\System\QiVDoDo.exe
  2⤵
  PID:5636
- C:\Windows\System\CZvHVIt.exe
  C:\Windows\System\CZvHVIt.exe
  2⤵
  PID:5668
- C:\Windows\System\CHlnpgR.exe
  C:\Windows\System\CHlnpgR.exe
  2⤵
  PID:5692
- C:\Windows\System\BBSJjpN.exe
  C:\Windows\System\BBSJjpN.exe
  2⤵
  PID:5736
- C:\Windows\System\bbotVSy.exe
  C:\Windows\System\bbotVSy.exe
  2⤵
  PID:5768
- C:\Windows\System\GOLuicH.exe
  C:\Windows\System\GOLuicH.exe
  2⤵
  PID:5792
- C:\Windows\System\AVTKGVK.exe
  C:\Windows\System\AVTKGVK.exe
  2⤵
  PID:5836
- C:\Windows\System\seOVcti.exe
  C:\Windows\System\seOVcti.exe
  2⤵
  PID:5876
- C:\Windows\System\VlbIcyH.exe
  C:\Windows\System\VlbIcyH.exe
  2⤵
  PID:5908
- C:\Windows\System\bIJHCMb.exe
  C:\Windows\System\bIJHCMb.exe
  2⤵
  PID:5912
- C:\Windows\System\HxdjSCo.exe
  C:\Windows\System\HxdjSCo.exe
  2⤵
  PID:5956
- C:\Windows\System\Hfbangi.exe
  C:\Windows\System\Hfbangi.exe
  2⤵
  PID:2304
- C:\Windows\System\SVgFavY.exe
  C:\Windows\System\SVgFavY.exe
  2⤵
  PID:6032
- C:\Windows\System\oXjRUku.exe
  C:\Windows\System\oXjRUku.exe
  2⤵
  PID:6056
- C:\Windows\System\TELSWRk.exe
  C:\Windows\System\TELSWRk.exe
  2⤵
  PID:6100
- C:\Windows\System\cqxQvGm.exe
  C:\Windows\System\cqxQvGm.exe
  2⤵
  PID:6140
- C:\Windows\System\WHkjcCC.exe
  C:\Windows\System\WHkjcCC.exe
  2⤵
  PID:4704
- C:\Windows\System\kCgZMqw.exe
  C:\Windows\System\kCgZMqw.exe
  2⤵
  PID:4864
- C:\Windows\System\SFYLrvz.exe
  C:\Windows\System\SFYLrvz.exe
  2⤵
  PID:4920
- C:\Windows\System\PJWTxZK.exe
  C:\Windows\System\PJWTxZK.exe
  2⤵
  PID:5108
- C:\Windows\System\XzGhVWj.exe
  C:\Windows\System\XzGhVWj.exe
  2⤵
  PID:3092
- C:\Windows\System\qQcZtVI.exe
  C:\Windows\System\qQcZtVI.exe
  2⤵
  PID:3984
- C:\Windows\System\zkPvSBd.exe
  C:\Windows\System\zkPvSBd.exe
  2⤵
  PID:4336
- C:\Windows\System\loeXXDp.exe
  C:\Windows\System\loeXXDp.exe
  2⤵
  PID:4544
- C:\Windows\System\MQGRjoQ.exe
  C:\Windows\System\MQGRjoQ.exe
  2⤵
  PID:5156
- C:\Windows\System\bUvpPaL.exe
  C:\Windows\System\bUvpPaL.exe
  2⤵
  PID:5228
- C:\Windows\System\zFEBAHc.exe
  C:\Windows\System\zFEBAHc.exe
  2⤵
  PID:5276
- C:\Windows\System\hgliygj.exe
  C:\Windows\System\hgliygj.exe
  2⤵
  PID:5376
- C:\Windows\System\gOXhFOW.exe
  C:\Windows\System\gOXhFOW.exe
  2⤵
  PID:5396
- C:\Windows\System\nxdprbm.exe
  C:\Windows\System\nxdprbm.exe
  2⤵
  PID:5472
- C:\Windows\System\DiYUBGd.exe
  C:\Windows\System\DiYUBGd.exe
  2⤵
  PID:5488
- C:\Windows\System\vjKvynb.exe
  C:\Windows\System\vjKvynb.exe
  2⤵
  PID:5528
- C:\Windows\System\INZyRdF.exe
  C:\Windows\System\INZyRdF.exe
  2⤵
  PID:5588
- C:\Windows\System\ZSygyaA.exe
  C:\Windows\System\ZSygyaA.exe
  2⤵
  PID:5688
- C:\Windows\System\wuiFHUW.exe
  C:\Windows\System\wuiFHUW.exe
  2⤵
  PID:5748
- C:\Windows\System\RLNMnkk.exe
  C:\Windows\System\RLNMnkk.exe
  2⤵
  PID:5772
- C:\Windows\System\rnCTRgV.exe
  C:\Windows\System\rnCTRgV.exe
  2⤵
  PID:5812
- C:\Windows\System\mNKClZX.exe
  C:\Windows\System\mNKClZX.exe
  2⤵
  PID:5892
- C:\Windows\System\TApHHPZ.exe
  C:\Windows\System\TApHHPZ.exe
  2⤵
  PID:5960
- C:\Windows\System\HNXjbSf.exe
  C:\Windows\System\HNXjbSf.exe
  2⤵
  PID:5996
- C:\Windows\System\HzowEre.exe
  C:\Windows\System\HzowEre.exe
  2⤵
  PID:6036
- C:\Windows\System\CpMTZgt.exe
  C:\Windows\System\CpMTZgt.exe
  2⤵
  PID:6112
- C:\Windows\System\bdgkIUp.exe
  C:\Windows\System\bdgkIUp.exe
  2⤵
  PID:4596
- C:\Windows\System\cMhyXtA.exe
  C:\Windows\System\cMhyXtA.exe
  2⤵
  PID:4728
- C:\Windows\System\eSoFonn.exe
  C:\Windows\System\eSoFonn.exe
  2⤵
  PID:6160
- C:\Windows\System\uJORjJi.exe
  C:\Windows\System\uJORjJi.exe
  2⤵
  PID:6180
- C:\Windows\System\RxzoYPh.exe
  C:\Windows\System\RxzoYPh.exe
  2⤵
  PID:6200
- C:\Windows\System\FXCJUsu.exe
  C:\Windows\System\FXCJUsu.exe
  2⤵
  PID:6220
- C:\Windows\System\jIpxRFd.exe
  C:\Windows\System\jIpxRFd.exe
  2⤵
  PID:6240
- C:\Windows\System\xQaGxnC.exe
  C:\Windows\System\xQaGxnC.exe
  2⤵
  PID:6260
- C:\Windows\System\aABPDhw.exe
  C:\Windows\System\aABPDhw.exe
  2⤵
  PID:6280
- C:\Windows\System\yniLtCL.exe
  C:\Windows\System\yniLtCL.exe
  2⤵
  PID:6300
- C:\Windows\System\VTsqaRa.exe
  C:\Windows\System\VTsqaRa.exe
  2⤵
  PID:6320
- C:\Windows\System\DhjnjQk.exe
  C:\Windows\System\DhjnjQk.exe
  2⤵
  PID:6340
- C:\Windows\System\NKmVcjy.exe
  C:\Windows\System\NKmVcjy.exe
  2⤵
  PID:6360
- C:\Windows\System\hJUVluR.exe
  C:\Windows\System\hJUVluR.exe
  2⤵
  PID:6380
- C:\Windows\System\jdLExFe.exe
  C:\Windows\System\jdLExFe.exe
  2⤵
  PID:6404
- C:\Windows\System\TkfpYlW.exe
  C:\Windows\System\TkfpYlW.exe
  2⤵
  PID:6424
- C:\Windows\System\AJwMYOn.exe
  C:\Windows\System\AJwMYOn.exe
  2⤵
  PID:6444
- C:\Windows\System\WFpGsak.exe
  C:\Windows\System\WFpGsak.exe
  2⤵
  PID:6464
- C:\Windows\System\HfOOFnt.exe
  C:\Windows\System\HfOOFnt.exe
  2⤵
  PID:6484
- C:\Windows\System\nrNNmCW.exe
  C:\Windows\System\nrNNmCW.exe
  2⤵
  PID:6504
- C:\Windows\System\KpJrcOL.exe
  C:\Windows\System\KpJrcOL.exe
  2⤵
  PID:6524
- C:\Windows\System\DYYSyyN.exe
  C:\Windows\System\DYYSyyN.exe
  2⤵
  PID:6544
- C:\Windows\System\UKDEMcl.exe
  C:\Windows\System\UKDEMcl.exe
  2⤵
  PID:6564
- C:\Windows\System\QLYVoDG.exe
  C:\Windows\System\QLYVoDG.exe
  2⤵
  PID:6584
- C:\Windows\System\BxxzWnG.exe
  C:\Windows\System\BxxzWnG.exe
  2⤵
  PID:6604
- C:\Windows\System\FVFEvKB.exe
  C:\Windows\System\FVFEvKB.exe
  2⤵
  PID:6624
- C:\Windows\System\dEfIbqE.exe
  C:\Windows\System\dEfIbqE.exe
  2⤵
  PID:6644
- C:\Windows\System\hQBHHQw.exe
  C:\Windows\System\hQBHHQw.exe
  2⤵
  PID:6664
- C:\Windows\System\DBcPlVP.exe
  C:\Windows\System\DBcPlVP.exe
  2⤵
  PID:6684
- C:\Windows\System\fIFxfMf.exe
  C:\Windows\System\fIFxfMf.exe
  2⤵
  PID:6704
- C:\Windows\System\jFVrNNl.exe
  C:\Windows\System\jFVrNNl.exe
  2⤵
  PID:6724
- C:\Windows\System\MpyZOwW.exe
  C:\Windows\System\MpyZOwW.exe
  2⤵
  PID:6744
- C:\Windows\System\OIHQBrv.exe
  C:\Windows\System\OIHQBrv.exe
  2⤵
  PID:6764
- C:\Windows\System\vwydBHH.exe
  C:\Windows\System\vwydBHH.exe
  2⤵
  PID:6784
- C:\Windows\System\VPYdGpv.exe
  C:\Windows\System\VPYdGpv.exe
  2⤵
  PID:6804
- C:\Windows\System\QYrCryE.exe
  C:\Windows\System\QYrCryE.exe
  2⤵
  PID:6824
- C:\Windows\System\JDbgOdE.exe
  C:\Windows\System\JDbgOdE.exe
  2⤵
  PID:6844
- C:\Windows\System\ImfxFrf.exe
  C:\Windows\System\ImfxFrf.exe
  2⤵
  PID:6864
- C:\Windows\System\cqdQKiA.exe
  C:\Windows\System\cqdQKiA.exe
  2⤵
  PID:6884
- C:\Windows\System\wFcZWZh.exe
  C:\Windows\System\wFcZWZh.exe
  2⤵
  PID:6904
- C:\Windows\System\RhliBHs.exe
  C:\Windows\System\RhliBHs.exe
  2⤵
  PID:6924
- C:\Windows\System\CZNWIon.exe
  C:\Windows\System\CZNWIon.exe
  2⤵
  PID:6944
- C:\Windows\System\DieObnO.exe
  C:\Windows\System\DieObnO.exe
  2⤵
  PID:6964
- C:\Windows\System\BHPTCwy.exe
  C:\Windows\System\BHPTCwy.exe
  2⤵
  PID:6984
- C:\Windows\System\uJdOJMs.exe
  C:\Windows\System\uJdOJMs.exe
  2⤵
  PID:7004
- C:\Windows\System\TEttiuA.exe
  C:\Windows\System\TEttiuA.exe
  2⤵
  PID:7024
- C:\Windows\System\NUUIjCC.exe
  C:\Windows\System\NUUIjCC.exe
  2⤵
  PID:7044
- C:\Windows\System\jjdKOzK.exe
  C:\Windows\System\jjdKOzK.exe
  2⤵
  PID:7064
- C:\Windows\System\NteHOYw.exe
  C:\Windows\System\NteHOYw.exe
  2⤵
  PID:7084
- C:\Windows\System\DEnUmtz.exe
  C:\Windows\System\DEnUmtz.exe
  2⤵
  PID:7104
- C:\Windows\System\DoMMRPr.exe
  C:\Windows\System\DoMMRPr.exe
  2⤵
  PID:7124
- C:\Windows\System\EALMIaa.exe
  C:\Windows\System\EALMIaa.exe
  2⤵
  PID:7144
- C:\Windows\System\bagCVbK.exe
  C:\Windows\System\bagCVbK.exe
  2⤵
  PID:7164
- C:\Windows\System\dBcefYV.exe
  C:\Windows\System\dBcefYV.exe
  2⤵
  PID:5024
- C:\Windows\System\hpfgLwQ.exe
  C:\Windows\System\hpfgLwQ.exe
  2⤵
  PID:3800
- C:\Windows\System\xdoccbD.exe
  C:\Windows\System\xdoccbD.exe
  2⤵
  PID:4576
- C:\Windows\System\rPJpacP.exe
  C:\Windows\System\rPJpacP.exe
  2⤵
  PID:5188
- C:\Windows\System\IQqGjXo.exe
  C:\Windows\System\IQqGjXo.exe
  2⤵
  PID:5296
- C:\Windows\System\obISZcH.exe
  C:\Windows\System\obISZcH.exe
  2⤵
  PID:5368
- C:\Windows\System\unIrXFU.exe
  C:\Windows\System\unIrXFU.exe
  2⤵
  PID:5456
- C:\Windows\System\bVKRdDf.exe
  C:\Windows\System\bVKRdDf.exe
  2⤵
  PID:5572
- C:\Windows\System\fexKAMR.exe
  C:\Windows\System\fexKAMR.exe
  2⤵
  PID:5652
- C:\Windows\System\ZlkOIZa.exe
  C:\Windows\System\ZlkOIZa.exe
  2⤵
  PID:5728
- C:\Windows\System\rOstOcj.exe
  C:\Windows\System\rOstOcj.exe
  2⤵
  PID:5888
- C:\Windows\System\AdXzXrC.exe
  C:\Windows\System\AdXzXrC.exe
  2⤵
  PID:5940
- C:\Windows\System\AFIpPgO.exe
  C:\Windows\System\AFIpPgO.exe
  2⤵
  PID:5976
- C:\Windows\System\saRrXMz.exe
  C:\Windows\System\saRrXMz.exe
  2⤵
  PID:6092
- C:\Windows\System\lEkdHDb.exe
  C:\Windows\System\lEkdHDb.exe
  2⤵
  PID:5008
- C:\Windows\System\OzFJJuN.exe
  C:\Windows\System\OzFJJuN.exe
  2⤵
  PID:6196
- C:\Windows\System\jIxIhAO.exe
  C:\Windows\System\jIxIhAO.exe
  2⤵
  PID:6208
- C:\Windows\System\SvmORdD.exe
  C:\Windows\System\SvmORdD.exe
  2⤵
  PID:6232
- C:\Windows\System\vYDTakh.exe
  C:\Windows\System\vYDTakh.exe
  2⤵
  PID:6276
- C:\Windows\System\RYUCmth.exe
  C:\Windows\System\RYUCmth.exe
  2⤵
  PID:6292
- C:\Windows\System\ANbxtcP.exe
  C:\Windows\System\ANbxtcP.exe
  2⤵
  PID:6336
- C:\Windows\System\SNKbOXg.exe
  C:\Windows\System\SNKbOXg.exe
  2⤵
  PID:6388
- C:\Windows\System\vMuFOMq.exe
  C:\Windows\System\vMuFOMq.exe
  2⤵
  PID:6412
- C:\Windows\System\FgIzifl.exe
  C:\Windows\System\FgIzifl.exe
  2⤵
  PID:6436
- C:\Windows\System\zlqLNqj.exe
  C:\Windows\System\zlqLNqj.exe
  2⤵
  PID:6456
- C:\Windows\System\bouCpuD.exe
  C:\Windows\System\bouCpuD.exe
  2⤵
  PID:6496
- C:\Windows\System\AnsmVmN.exe
  C:\Windows\System\AnsmVmN.exe
  2⤵
  PID:6540
- C:\Windows\System\jmPcSxE.exe
  C:\Windows\System\jmPcSxE.exe
  2⤵
  PID:6572
- C:\Windows\System\wpnRecp.exe
  C:\Windows\System\wpnRecp.exe
  2⤵
  PID:6612
- C:\Windows\System\ZxBPkdb.exe
  C:\Windows\System\ZxBPkdb.exe
  2⤵
  PID:6636
- C:\Windows\System\WwgTDYd.exe
  C:\Windows\System\WwgTDYd.exe
  2⤵
  PID:6660
- C:\Windows\System\iqPIMrz.exe
  C:\Windows\System\iqPIMrz.exe
  2⤵
  PID:6696
- C:\Windows\System\gSiyalk.exe
  C:\Windows\System\gSiyalk.exe
  2⤵
  PID:6740
- C:\Windows\System\XGtuIYx.exe
  C:\Windows\System\XGtuIYx.exe
  2⤵
  PID:6792
- C:\Windows\System\nXqzFOX.exe
  C:\Windows\System\nXqzFOX.exe
  2⤵
  PID:6812
- C:\Windows\System\Oteuzmm.exe
  C:\Windows\System\Oteuzmm.exe
  2⤵
  PID:6836
- C:\Windows\System\YdXhnoo.exe
  C:\Windows\System\YdXhnoo.exe
  2⤵
  PID:6880
- C:\Windows\System\KXERpjh.exe
  C:\Windows\System\KXERpjh.exe
  2⤵
  PID:6900
- C:\Windows\System\SurYLNh.exe
  C:\Windows\System\SurYLNh.exe
  2⤵
  PID:6940
- C:\Windows\System\cStFhWt.exe
  C:\Windows\System\cStFhWt.exe
  2⤵
  PID:6992
- C:\Windows\System\bolINbZ.exe
  C:\Windows\System\bolINbZ.exe
  2⤵
  PID:7012
- C:\Windows\System\FdOgSGk.exe
  C:\Windows\System\FdOgSGk.exe
  2⤵
  PID:7040
- C:\Windows\System\xciSpIg.exe
  C:\Windows\System\xciSpIg.exe
  2⤵
  PID:7056
- C:\Windows\System\OZLcIQK.exe
  C:\Windows\System\OZLcIQK.exe
  2⤵
  PID:7100
- C:\Windows\System\xBFlnQJ.exe
  C:\Windows\System\xBFlnQJ.exe
  2⤵
  PID:7132
- C:\Windows\System\xzyjgwp.exe
  C:\Windows\System\xzyjgwp.exe
  2⤵
  PID:3132
- C:\Windows\System\OdGAfHr.exe
  C:\Windows\System\OdGAfHr.exe
  2⤵
  PID:3624
- C:\Windows\System\anozfCn.exe
  C:\Windows\System\anozfCn.exe
  2⤵
  PID:2232
- C:\Windows\System\NIfJdNl.exe
  C:\Windows\System\NIfJdNl.exe
  2⤵
  PID:5252
- C:\Windows\System\ABydYny.exe
  C:\Windows\System\ABydYny.exe
  2⤵
  PID:5596
- C:\Windows\System\NCagScN.exe
  C:\Windows\System\NCagScN.exe
  2⤵
  PID:2708
- C:\Windows\System\cIncpUu.exe
  C:\Windows\System\cIncpUu.exe
  2⤵
  PID:2188
- C:\Windows\System\PkHzTVe.exe
  C:\Windows\System\PkHzTVe.exe
  2⤵
  PID:5868
- C:\Windows\System\IgnHoBY.exe
  C:\Windows\System\IgnHoBY.exe
  2⤵
  PID:6016
- C:\Windows\System\uzKezkt.exe
  C:\Windows\System\uzKezkt.exe
  2⤵
  PID:6188
- C:\Windows\System\rHDJVYM.exe
  C:\Windows\System\rHDJVYM.exe
  2⤵
  PID:6216
- C:\Windows\System\eLGfjCC.exe
  C:\Windows\System\eLGfjCC.exe
  2⤵
  PID:6192
- C:\Windows\System\FgNhnxx.exe
  C:\Windows\System\FgNhnxx.exe
  2⤵
  PID:6268
- C:\Windows\System\YhhppnG.exe
  C:\Windows\System\YhhppnG.exe
  2⤵
  PID:6356
- C:\Windows\System\jfFdXJr.exe
  C:\Windows\System\jfFdXJr.exe
  2⤵
  PID:6348
- C:\Windows\System\eMZfuvC.exe
  C:\Windows\System\eMZfuvC.exe
  2⤵
  PID:6396
- C:\Windows\System\bjUroHv.exe
  C:\Windows\System\bjUroHv.exe
  2⤵
  PID:6472
- C:\Windows\System\nPsNoQH.exe
  C:\Windows\System\nPsNoQH.exe
  2⤵
  PID:6552
- C:\Windows\System\qFZhJLl.exe
  C:\Windows\System\qFZhJLl.exe
  2⤵
  PID:6576
- C:\Windows\System\HIHIaay.exe
  C:\Windows\System\HIHIaay.exe
  2⤵
  PID:6676
- C:\Windows\System\tNRmyYs.exe
  C:\Windows\System\tNRmyYs.exe
  2⤵
  PID:6680
- C:\Windows\System\OdbLFgp.exe
  C:\Windows\System\OdbLFgp.exe
  2⤵
  PID:6756
- C:\Windows\System\gLBgYfv.exe
  C:\Windows\System\gLBgYfv.exe
  2⤵
  PID:6800
- C:\Windows\System\WaWBIxd.exe
  C:\Windows\System\WaWBIxd.exe
  2⤵
  PID:6892
- C:\Windows\System\LFHHnFM.exe
  C:\Windows\System\LFHHnFM.exe
  2⤵
  PID:6896
- C:\Windows\System\pWCuOvb.exe
  C:\Windows\System\pWCuOvb.exe
  2⤵
  PID:6960
- C:\Windows\System\qJCkrBa.exe
  C:\Windows\System\qJCkrBa.exe
  2⤵
  PID:7016
- C:\Windows\System\zWEVSvq.exe
  C:\Windows\System\zWEVSvq.exe
  2⤵
  PID:7060
- C:\Windows\System\OIrFmlo.exe
  C:\Windows\System\OIrFmlo.exe
  2⤵
  PID:7092
- C:\Windows\System\hUbdusu.exe
  C:\Windows\System\hUbdusu.exe
  2⤵
  PID:7116
- C:\Windows\System\qTcgNer.exe
  C:\Windows\System\qTcgNer.exe
  2⤵
  PID:3096
- C:\Windows\System\EKKtjCN.exe
  C:\Windows\System\EKKtjCN.exe
  2⤵
  PID:2924
- C:\Windows\System\unIPctc.exe
  C:\Windows\System\unIPctc.exe
  2⤵
  PID:2868
- C:\Windows\System\LeZdjTt.exe
  C:\Windows\System\LeZdjTt.exe
  2⤵
  PID:5592
- C:\Windows\System\xwLamSC.exe
  C:\Windows\System\xwLamSC.exe
  2⤵
  PID:5756
- C:\Windows\System\arVFVvM.exe
  C:\Windows\System\arVFVvM.exe
  2⤵
  PID:6132
- C:\Windows\System\APDISHC.exe
  C:\Windows\System\APDISHC.exe
  2⤵
  PID:6148
- C:\Windows\System\yPRgKpv.exe
  C:\Windows\System\yPRgKpv.exe
  2⤵
  PID:6176
- C:\Windows\System\JexkrCG.exe
  C:\Windows\System\JexkrCG.exe
  2⤵
  PID:1912
- C:\Windows\System\wDDgcoU.exe
  C:\Windows\System\wDDgcoU.exe
  2⤵
  PID:6512
- C:\Windows\System\XGyHcge.exe
  C:\Windows\System\XGyHcge.exe
  2⤵
  PID:6556
- C:\Windows\System\aMcBVCW.exe
  C:\Windows\System\aMcBVCW.exe
  2⤵
  PID:6600
- C:\Windows\System\fuOwEFW.exe
  C:\Windows\System\fuOwEFW.exe
  2⤵
  PID:6692
- C:\Windows\System\fPFIsOZ.exe
  C:\Windows\System\fPFIsOZ.exe
  2⤵
  PID:6796
- C:\Windows\System\DupJKMd.exe
  C:\Windows\System\DupJKMd.exe
  2⤵
  PID:2660
- C:\Windows\System\ALzhFHU.exe
  C:\Windows\System\ALzhFHU.exe
  2⤵
  PID:6956
- C:\Windows\System\ktDLTUM.exe
  C:\Windows\System\ktDLTUM.exe
  2⤵
  PID:7180
- C:\Windows\System\xxkYUXU.exe
  C:\Windows\System\xxkYUXU.exe
  2⤵
  PID:7200
- C:\Windows\System\ralwOse.exe
  C:\Windows\System\ralwOse.exe
  2⤵
  PID:7220
- C:\Windows\System\thvCMxF.exe
  C:\Windows\System\thvCMxF.exe
  2⤵
  PID:7240
- C:\Windows\System\wnhSoeh.exe
  C:\Windows\System\wnhSoeh.exe
  2⤵
  PID:7260
- C:\Windows\System\VzuigFW.exe
  C:\Windows\System\VzuigFW.exe
  2⤵
  PID:7280
- C:\Windows\System\lHbRlCu.exe
  C:\Windows\System\lHbRlCu.exe
  2⤵
  PID:7300
- C:\Windows\System\OtqXaZz.exe
  C:\Windows\System\OtqXaZz.exe
  2⤵
  PID:7320
- C:\Windows\System\uzeROGS.exe
  C:\Windows\System\uzeROGS.exe
  2⤵
  PID:7340
- C:\Windows\System\tktKEFY.exe
  C:\Windows\System\tktKEFY.exe
  2⤵
  PID:7360
- C:\Windows\System\lsOCxPS.exe
  C:\Windows\System\lsOCxPS.exe
  2⤵
  PID:7380
- C:\Windows\System\bNIPNgB.exe
  C:\Windows\System\bNIPNgB.exe
  2⤵
  PID:7400
- C:\Windows\System\EzeNldt.exe
  C:\Windows\System\EzeNldt.exe
  2⤵
  PID:7420
- C:\Windows\System\DjnRdyC.exe
  C:\Windows\System\DjnRdyC.exe
  2⤵
  PID:7440
- C:\Windows\System\ZafFoOg.exe
  C:\Windows\System\ZafFoOg.exe
  2⤵
  PID:7460
- C:\Windows\System\bCzGSUy.exe
  C:\Windows\System\bCzGSUy.exe
  2⤵
  PID:7480
- C:\Windows\System\yspjtpF.exe
  C:\Windows\System\yspjtpF.exe
  2⤵
  PID:7500
- C:\Windows\System\SKHSOTq.exe
  C:\Windows\System\SKHSOTq.exe
  2⤵
  PID:7520
- C:\Windows\System\aduVcXb.exe
  C:\Windows\System\aduVcXb.exe
  2⤵
  PID:7540
- C:\Windows\System\XNRbnqk.exe
  C:\Windows\System\XNRbnqk.exe
  2⤵
  PID:7560
- C:\Windows\System\NaEbRRL.exe
  C:\Windows\System\NaEbRRL.exe
  2⤵
  PID:7580
- C:\Windows\System\mgMwVrB.exe
  C:\Windows\System\mgMwVrB.exe
  2⤵
  PID:7600
- C:\Windows\System\zQPrXqr.exe
  C:\Windows\System\zQPrXqr.exe
  2⤵
  PID:7620
- C:\Windows\System\WyZDpnZ.exe
  C:\Windows\System\WyZDpnZ.exe
  2⤵
  PID:7640
- C:\Windows\System\UdbpkUa.exe
  C:\Windows\System\UdbpkUa.exe
  2⤵
  PID:7660
- C:\Windows\System\DYpZwsm.exe
  C:\Windows\System\DYpZwsm.exe
  2⤵
  PID:7680
- C:\Windows\System\CMOeUCa.exe
  C:\Windows\System\CMOeUCa.exe
  2⤵
  PID:7700
- C:\Windows\System\iqxesHG.exe
  C:\Windows\System\iqxesHG.exe
  2⤵
  PID:7720
- C:\Windows\System\uQAqmbx.exe
  C:\Windows\System\uQAqmbx.exe
  2⤵
  PID:7740
- C:\Windows\System\lQYLvmg.exe
  C:\Windows\System\lQYLvmg.exe
  2⤵
  PID:7760
- C:\Windows\System\EhuPAza.exe
  C:\Windows\System\EhuPAza.exe
  2⤵
  PID:7780
- C:\Windows\System\hNjMJAh.exe
  C:\Windows\System\hNjMJAh.exe
  2⤵
  PID:7800
- C:\Windows\System\OIzWvix.exe
  C:\Windows\System\OIzWvix.exe
  2⤵
  PID:7820
- C:\Windows\System\tcyDLUR.exe
  C:\Windows\System\tcyDLUR.exe
  2⤵
  PID:7840
- C:\Windows\System\INBJxAT.exe
  C:\Windows\System\INBJxAT.exe
  2⤵
  PID:7860
- C:\Windows\System\wGdGeXb.exe
  C:\Windows\System\wGdGeXb.exe
  2⤵
  PID:7880
- C:\Windows\System\AJBKaNl.exe
  C:\Windows\System\AJBKaNl.exe
  2⤵
  PID:7900
- C:\Windows\System\XaYRsLu.exe
  C:\Windows\System\XaYRsLu.exe
  2⤵
  PID:7920
- C:\Windows\System\QWPyRHi.exe
  C:\Windows\System\QWPyRHi.exe
  2⤵
  PID:7940
- C:\Windows\System\ngzJQNT.exe
  C:\Windows\System\ngzJQNT.exe
  2⤵
  PID:7960
- C:\Windows\System\lYsmoLL.exe
  C:\Windows\System\lYsmoLL.exe
  2⤵
  PID:7980
- C:\Windows\System\rkulJgs.exe
  C:\Windows\System\rkulJgs.exe
  2⤵
  PID:8000
- C:\Windows\System\NBlbxJw.exe
  C:\Windows\System\NBlbxJw.exe
  2⤵
  PID:8020
- C:\Windows\System\TonVGMz.exe
  C:\Windows\System\TonVGMz.exe
  2⤵
  PID:8040
- C:\Windows\System\ryrctSL.exe
  C:\Windows\System\ryrctSL.exe
  2⤵
  PID:8060
- C:\Windows\System\zXouIyT.exe
  C:\Windows\System\zXouIyT.exe
  2⤵
  PID:8080
- C:\Windows\System\ZbyNUIH.exe
  C:\Windows\System\ZbyNUIH.exe
  2⤵
  PID:8100
- C:\Windows\System\XVPRgjT.exe
  C:\Windows\System\XVPRgjT.exe
  2⤵
  PID:8116
- C:\Windows\System\RzrBdlI.exe
  C:\Windows\System\RzrBdlI.exe
  2⤵
  PID:8140
- C:\Windows\System\anovUin.exe
  C:\Windows\System\anovUin.exe
  2⤵
  PID:8160
- C:\Windows\System\NWsbUNs.exe
  C:\Windows\System\NWsbUNs.exe
  2⤵
  PID:8180
- C:\Windows\System\DBdHvlY.exe
  C:\Windows\System\DBdHvlY.exe
  2⤵
  PID:2664
- C:\Windows\System\MWxZwdx.exe
  C:\Windows\System\MWxZwdx.exe
  2⤵
  PID:7140
- C:\Windows\System\ZcPmsrX.exe
  C:\Windows\System\ZcPmsrX.exe
  2⤵
  PID:7136
- C:\Windows\System\RmbnDgs.exe
  C:\Windows\System\RmbnDgs.exe
  2⤵
  PID:2840
- C:\Windows\System\mvNMMeV.exe
  C:\Windows\System\mvNMMeV.exe
  2⤵
  PID:5672
- C:\Windows\System\FCwAffH.exe
  C:\Windows\System\FCwAffH.exe
  2⤵
  PID:6156
- C:\Windows\System\EhXEVGc.exe
  C:\Windows\System\EhXEVGc.exe
  2⤵
  PID:6352
- C:\Windows\System\NFkKRqA.exe
  C:\Windows\System\NFkKRqA.exe
  2⤵
  PID:6256
- C:\Windows\System\LnLxRCk.exe
  C:\Windows\System\LnLxRCk.exe
  2⤵
  PID:6392
- C:\Windows\System\cDPlnZw.exe
  C:\Windows\System\cDPlnZw.exe
  2⤵
  PID:2796
- C:\Windows\System\KbSsJCf.exe
  C:\Windows\System\KbSsJCf.exe
  2⤵
  PID:2592
- C:\Windows\System\hdMODlF.exe
  C:\Windows\System\hdMODlF.exe
  2⤵
  PID:6872
- C:\Windows\System\aCwrfwv.exe
  C:\Windows\System\aCwrfwv.exe
  2⤵
  PID:1940
- C:\Windows\System\dzJyKvx.exe
  C:\Windows\System\dzJyKvx.exe
  2⤵
  PID:1800
- C:\Windows\System\hFhhIRR.exe
  C:\Windows\System\hFhhIRR.exe
  2⤵
  PID:7212
- C:\Windows\System\rBbHevw.exe
  C:\Windows\System\rBbHevw.exe
  2⤵
  PID:7232
- C:\Windows\System\xSpCazH.exe
  C:\Windows\System\xSpCazH.exe
  2⤵
  PID:7268
- C:\Windows\System\dxbthnQ.exe
  C:\Windows\System\dxbthnQ.exe
  2⤵
  PID:7272
- C:\Windows\System\uhYBWhF.exe
  C:\Windows\System\uhYBWhF.exe
  2⤵
  PID:7312
- C:\Windows\System\BfVJWSZ.exe
  C:\Windows\System\BfVJWSZ.exe
  2⤵
  PID:7352
- C:\Windows\System\mpXHcMf.exe
  C:\Windows\System\mpXHcMf.exe
  2⤵
  PID:7392
- C:\Windows\System\IwDCXRq.exe
  C:\Windows\System\IwDCXRq.exe
  2⤵
  PID:7456
- C:\Windows\System\hEjFmTx.exe
  C:\Windows\System\hEjFmTx.exe
  2⤵
  PID:7468
- C:\Windows\System\QATaTIz.exe
  C:\Windows\System\QATaTIz.exe
  2⤵
  PID:1676
- C:\Windows\System\WcaLvWa.exe
  C:\Windows\System\WcaLvWa.exe
  2⤵
  PID:7512
- C:\Windows\System\zUiJaDL.exe
  C:\Windows\System\zUiJaDL.exe
  2⤵
  PID:7556
- C:\Windows\System\kkDqodi.exe
  C:\Windows\System\kkDqodi.exe
  2⤵
  PID:7588
- C:\Windows\System\XqYcqva.exe
  C:\Windows\System\XqYcqva.exe
  2⤵
  PID:7616
- C:\Windows\System\exWyynA.exe
  C:\Windows\System\exWyynA.exe
  2⤵
  PID:7628
- C:\Windows\System\zFlJZWn.exe
  C:\Windows\System\zFlJZWn.exe
  2⤵
  PID:7676
- C:\Windows\System\BvZgxUY.exe
  C:\Windows\System\BvZgxUY.exe
  2⤵
  PID:7708
- C:\Windows\System\LuzSXdt.exe
  C:\Windows\System\LuzSXdt.exe
  2⤵
  PID:7732
- C:\Windows\System\mqjHEbq.exe
  C:\Windows\System\mqjHEbq.exe
  2⤵
  PID:7776
- C:\Windows\System\KmsdDHp.exe
  C:\Windows\System\KmsdDHp.exe
  2⤵
  PID:7808
- C:\Windows\System\cCLzzMq.exe
  C:\Windows\System\cCLzzMq.exe
  2⤵
  PID:7856
- C:\Windows\System\tMTvXYZ.exe
  C:\Windows\System\tMTvXYZ.exe
  2⤵
  PID:7876
- C:\Windows\System\obScCWd.exe
  C:\Windows\System\obScCWd.exe
  2⤵
  PID:7908
- C:\Windows\System\UIEaptX.exe
  C:\Windows\System\UIEaptX.exe
  2⤵
  PID:7932
- C:\Windows\System\OUTIwNQ.exe
  C:\Windows\System\OUTIwNQ.exe
  2⤵
  PID:7952
- C:\Windows\System\sWfRSQc.exe
  C:\Windows\System\sWfRSQc.exe
  2⤵
  PID:8008
- C:\Windows\System\tGPbiUA.exe
  C:\Windows\System\tGPbiUA.exe
  2⤵
  PID:8036
- C:\Windows\System\sydcbFI.exe
  C:\Windows\System\sydcbFI.exe
  2⤵
  PID:2064
- C:\Windows\System\KkwTaWi.exe
  C:\Windows\System\KkwTaWi.exe
  2⤵
  PID:8076
- C:\Windows\System\BuCmCXh.exe
  C:\Windows\System\BuCmCXh.exe
  2⤵
  PID:8132
- C:\Windows\System\fDeihFP.exe
  C:\Windows\System\fDeihFP.exe
  2⤵
  PID:8168
- C:\Windows\System\FuuCGkz.exe
  C:\Windows\System\FuuCGkz.exe
  2⤵
  PID:8188
- C:\Windows\System\mAWxRuT.exe
  C:\Windows\System\mAWxRuT.exe
  2⤵
  PID:7020
- C:\Windows\System\mhHSVpT.exe
  C:\Windows\System\mhHSVpT.exe
  2⤵
  PID:4440
- C:\Windows\System\QxhNYpw.exe
  C:\Windows\System\QxhNYpw.exe
  2⤵
  PID:5388
- C:\Windows\System\sEQwjtD.exe
  C:\Windows\System\sEQwjtD.exe
  2⤵
  PID:6308
- C:\Windows\System\ndaxFxW.exe
  C:\Windows\System\ndaxFxW.exe
  2⤵
  PID:6480
- C:\Windows\System\qWULxsp.exe
  C:\Windows\System\qWULxsp.exe
  2⤵
  PID:6616
- C:\Windows\System\hCNGyWZ.exe
  C:\Windows\System\hCNGyWZ.exe
  2⤵
  PID:3032
- C:\Windows\System\zQvDXqG.exe
  C:\Windows\System\zQvDXqG.exe
  2⤵
  PID:7188
- C:\Windows\System\GOheziI.exe
  C:\Windows\System\GOheziI.exe
  2⤵
  PID:7228
- C:\Windows\System\dYEXdat.exe
  C:\Windows\System\dYEXdat.exe
  2⤵
  PID:7296
- C:\Windows\System\LHQVCOd.exe
  C:\Windows\System\LHQVCOd.exe
  2⤵
  PID:7292
- C:\Windows\System\njCtJRZ.exe
  C:\Windows\System\njCtJRZ.exe
  2⤵
  PID:7328
- C:\Windows\System\RHraghT.exe
  C:\Windows\System\RHraghT.exe
  2⤵
  PID:7388
- C:\Windows\System\HlAiyEc.exe
  C:\Windows\System\HlAiyEc.exe
  2⤵
  PID:7496
- C:\Windows\System\anQIKLh.exe
  C:\Windows\System\anQIKLh.exe
  2⤵
  PID:7532
- C:\Windows\System\dVDtgBI.exe
  C:\Windows\System\dVDtgBI.exe
  2⤵
  PID:7568
- C:\Windows\System\XIqReNK.exe
  C:\Windows\System\XIqReNK.exe
  2⤵
  PID:7592
- C:\Windows\System\VoeJuGH.exe
  C:\Windows\System\VoeJuGH.exe
  2⤵
  PID:7668
- C:\Windows\System\GIylohK.exe
  C:\Windows\System\GIylohK.exe
  2⤵
  PID:7712
- C:\Windows\System\pLzRbRi.exe
  C:\Windows\System\pLzRbRi.exe
  2⤵
  PID:7752
- C:\Windows\System\BvPmlnt.exe
  C:\Windows\System\BvPmlnt.exe
  2⤵
  PID:7832
- C:\Windows\System\sdLHdOT.exe
  C:\Windows\System\sdLHdOT.exe
  2⤵
  PID:7872
- C:\Windows\System\eCWLVjj.exe
  C:\Windows\System\eCWLVjj.exe
  2⤵
  PID:7912
- C:\Windows\System\mwEcRvf.exe
  C:\Windows\System\mwEcRvf.exe
  2⤵
  PID:2812
- C:\Windows\System\NvGyqqI.exe
  C:\Windows\System\NvGyqqI.exe
  2⤵
  PID:7992
- C:\Windows\System\HyHEQQt.exe
  C:\Windows\System\HyHEQQt.exe
  2⤵
  PID:8092
- C:\Windows\System\HftXpov.exe
  C:\Windows\System\HftXpov.exe
  2⤵
  PID:8096
- C:\Windows\System\AlXnqLk.exe
  C:\Windows\System\AlXnqLk.exe
  2⤵
  PID:8128
- C:\Windows\System\faBwNyg.exe
  C:\Windows\System\faBwNyg.exe
  2⤵
  PID:4216
- C:\Windows\System\dMyXtUa.exe
  C:\Windows\System\dMyXtUa.exe
  2⤵
  PID:5612
- C:\Windows\System\QkuNItx.exe
  C:\Windows\System\QkuNItx.exe
  2⤵
  PID:6460
- C:\Windows\System\OOVHnvl.exe
  C:\Windows\System\OOVHnvl.exe
  2⤵
  PID:6560
- C:\Windows\System\bJSXwRD.exe
  C:\Windows\System\bJSXwRD.exe
  2⤵
  PID:7236
- C:\Windows\System\CuyhWyl.exe
  C:\Windows\System\CuyhWyl.exe
  2⤵
  PID:3436
- C:\Windows\System\RvvjUob.exe
  C:\Windows\System\RvvjUob.exe
  2⤵
  PID:7248
- C:\Windows\System\VXZdrKx.exe
  C:\Windows\System\VXZdrKx.exe
  2⤵
  PID:7348
- C:\Windows\System\AmDGBFT.exe
  C:\Windows\System\AmDGBFT.exe
  2⤵
  PID:7432
- C:\Windows\System\DviHVAN.exe
  C:\Windows\System\DviHVAN.exe
  2⤵
  PID:7472
- C:\Windows\System\mjOFCHe.exe
  C:\Windows\System\mjOFCHe.exe
  2⤵
  PID:7508
- C:\Windows\System\KbhzDlN.exe
  C:\Windows\System\KbhzDlN.exe
  2⤵
  PID:7648
- C:\Windows\System\PgEFgsB.exe
  C:\Windows\System\PgEFgsB.exe
  2⤵
  PID:4060
- C:\Windows\System\jpQZZJz.exe
  C:\Windows\System\jpQZZJz.exe
  2⤵
  PID:7728
- C:\Windows\System\zvLMZpY.exe
  C:\Windows\System\zvLMZpY.exe
  2⤵
  PID:7796
- C:\Windows\System\cptzkHi.exe
  C:\Windows\System\cptzkHi.exe
  2⤵
  PID:7968
- C:\Windows\System\ZuAelMv.exe
  C:\Windows\System\ZuAelMv.exe
  2⤵
  PID:8056
- C:\Windows\System\pPwEtPS.exe
  C:\Windows\System\pPwEtPS.exe
  2⤵
  PID:6296
- C:\Windows\System\xbeIksN.exe
  C:\Windows\System\xbeIksN.exe
  2⤵
  PID:6672
- C:\Windows\System\toqjjgB.exe
  C:\Windows\System\toqjjgB.exe
  2⤵
  PID:6820
- C:\Windows\System\bBaXuYE.exe
  C:\Windows\System\bBaXuYE.exe
  2⤵
  PID:7252
- C:\Windows\System\NkqPJAz.exe
  C:\Windows\System\NkqPJAz.exe
  2⤵
  PID:7396
- C:\Windows\System\pUZxZiO.exe
  C:\Windows\System\pUZxZiO.exe
  2⤵
  PID:7516
- C:\Windows\System\HeDDOnk.exe
  C:\Windows\System\HeDDOnk.exe
  2⤵
  PID:7436
- C:\Windows\System\CGYNHyy.exe
  C:\Windows\System\CGYNHyy.exe
  2⤵
  PID:2496
- C:\Windows\System\lzbsXrl.exe
  C:\Windows\System\lzbsXrl.exe
  2⤵
  PID:7216
- C:\Windows\System\vPYQexB.exe
  C:\Windows\System\vPYQexB.exe
  2⤵
  PID:7612
- C:\Windows\System\ZpLBRaj.exe
  C:\Windows\System\ZpLBRaj.exe
  2⤵
  PID:2228
- C:\Windows\System\jEgYipA.exe
  C:\Windows\System\jEgYipA.exe
  2⤵
  PID:2824
- C:\Windows\System\jWFXjSN.exe
  C:\Windows\System\jWFXjSN.exe
  2⤵
  PID:644
- C:\Windows\System\GighNYo.exe
  C:\Windows\System\GighNYo.exe
  2⤵
  PID:1916
- C:\Windows\System\hEqPQUh.exe
  C:\Windows\System\hEqPQUh.exe
  2⤵
  PID:1856
- C:\Windows\System\eRVqfCD.exe
  C:\Windows\System\eRVqfCD.exe
  2⤵
  PID:1188
- C:\Windows\System\JiTCkZt.exe
  C:\Windows\System\JiTCkZt.exe
  2⤵
  PID:1552
- C:\Windows\System\pQfXLyh.exe
  C:\Windows\System\pQfXLyh.exe
  2⤵
  PID:6120
- C:\Windows\System\dfSZPdJ.exe
  C:\Windows\System\dfSZPdJ.exe
  2⤵
  PID:2688
- C:\Windows\System\WwnjLvW.exe
  C:\Windows\System\WwnjLvW.exe
  2⤵
  PID:2900
- C:\Windows\System\QnjyQuS.exe
  C:\Windows\System\QnjyQuS.exe
  2⤵
  PID:2428
- C:\Windows\System\fsBcGQm.exe
  C:\Windows\System\fsBcGQm.exe
  2⤵
  PID:280
- C:\Windows\System\zAMOdMn.exe
  C:\Windows\System\zAMOdMn.exe
  2⤵
  PID:1648
- C:\Windows\System\PfitIvC.exe
  C:\Windows\System\PfitIvC.exe
  2⤵
  PID:7412
- C:\Windows\System\eftpJbj.exe
  C:\Windows\System\eftpJbj.exe
  2⤵
  PID:2164
- C:\Windows\System\wZpKfsP.exe
  C:\Windows\System\wZpKfsP.exe
  2⤵
  PID:7956
- C:\Windows\System\lJlbNWd.exe
  C:\Windows\System\lJlbNWd.exe
  2⤵
  PID:2024
- C:\Windows\System\wsEUKCC.exe
  C:\Windows\System\wsEUKCC.exe
  2⤵
  PID:1848
- C:\Windows\System\AocpPzJ.exe
  C:\Windows\System\AocpPzJ.exe
  2⤵
  PID:2624
- C:\Windows\System\qqRvzPU.exe
  C:\Windows\System\qqRvzPU.exe
  2⤵
  PID:1624
- C:\Windows\System\JMuvBtu.exe
  C:\Windows\System\JMuvBtu.exe
  2⤵
  PID:1992
- C:\Windows\System\HdDencn.exe
  C:\Windows\System\HdDencn.exe
  2⤵
  PID:2644
- C:\Windows\System\Icilejj.exe
  C:\Windows\System\Icilejj.exe
  2⤵
  PID:2672
- C:\Windows\System\yQTilUG.exe
  C:\Windows\System\yQTilUG.exe
  2⤵
  PID:7656
- C:\Windows\System\VlBIWYA.exe
  C:\Windows\System\VlBIWYA.exe
  2⤵
  PID:5920
- C:\Windows\System\eRftMtq.exe
  C:\Windows\System\eRftMtq.exe
  2⤵
  PID:2596
- C:\Windows\System\xDerQoL.exe
  C:\Windows\System\xDerQoL.exe
  2⤵
  PID:2004
- C:\Windows\System\LoNJKHZ.exe
  C:\Windows\System\LoNJKHZ.exe
  2⤵
  PID:2820
- C:\Windows\System\YVwayQw.exe
  C:\Windows\System\YVwayQw.exe
  2⤵
  PID:1628
- C:\Windows\System\qcsyFPv.exe
  C:\Windows\System\qcsyFPv.exe
  2⤵
  PID:5852
- C:\Windows\System\tFLBgXT.exe
  C:\Windows\System\tFLBgXT.exe
  2⤵
  PID:8196
- C:\Windows\System\rDilolw.exe
  C:\Windows\System\rDilolw.exe
  2⤵
  PID:8224
- C:\Windows\System\zkCrzEn.exe
  C:\Windows\System\zkCrzEn.exe
  2⤵
  PID:8248
- C:\Windows\System\uttNkxL.exe
  C:\Windows\System\uttNkxL.exe
  2⤵
  PID:8264
- C:\Windows\System\PtouzlW.exe
  C:\Windows\System\PtouzlW.exe
  2⤵
  PID:8288
- C:\Windows\System\SrOmmQw.exe
  C:\Windows\System\SrOmmQw.exe
  2⤵
  PID:8304
- C:\Windows\System\eTUbuDG.exe
  C:\Windows\System\eTUbuDG.exe
  2⤵
  PID:8320
- C:\Windows\System\ICxGjiB.exe
  C:\Windows\System\ICxGjiB.exe
  2⤵
  PID:8340
- C:\Windows\System\BCwSzil.exe
  C:\Windows\System\BCwSzil.exe
  2⤵
  PID:8356
- C:\Windows\System\LTpqTuH.exe
  C:\Windows\System\LTpqTuH.exe
  2⤵
  PID:8376
- C:\Windows\System\VMSwvHE.exe
  C:\Windows\System\VMSwvHE.exe
  2⤵
  PID:8452
- C:\Windows\System\AWeqQKT.exe
  C:\Windows\System\AWeqQKT.exe
  2⤵
  PID:8468
- C:\Windows\System\vVjzPBy.exe
  C:\Windows\System\vVjzPBy.exe
  2⤵
  PID:8492
- C:\Windows\System\fQpZreA.exe
  C:\Windows\System\fQpZreA.exe
  2⤵
  PID:8508
- C:\Windows\System\HQizRnc.exe
  C:\Windows\System\HQizRnc.exe
  2⤵
  PID:8524
- C:\Windows\System\HtwXIIp.exe
  C:\Windows\System\HtwXIIp.exe
  2⤵
  PID:8544
- C:\Windows\System\xICpDMn.exe
  C:\Windows\System\xICpDMn.exe
  2⤵
  PID:8564
- C:\Windows\System\rvinyLS.exe
  C:\Windows\System\rvinyLS.exe
  2⤵
  PID:8588
- C:\Windows\System\ozaDGRM.exe
  C:\Windows\System\ozaDGRM.exe
  2⤵
  PID:8616
- C:\Windows\System\MNRJvfd.exe
  C:\Windows\System\MNRJvfd.exe
  2⤵
  PID:8632
- C:\Windows\System\IxwfMhD.exe
  C:\Windows\System\IxwfMhD.exe
  2⤵
  PID:8652
- C:\Windows\System\TiPelLV.exe
  C:\Windows\System\TiPelLV.exe
  2⤵
  PID:8668
- C:\Windows\System\wWwtKFb.exe
  C:\Windows\System\wWwtKFb.exe
  2⤵
  PID:8684
- C:\Windows\System\AzLhVrK.exe
  C:\Windows\System\AzLhVrK.exe
  2⤵
  PID:8700
- C:\Windows\System\sAshJgv.exe
  C:\Windows\System\sAshJgv.exe
  2⤵
  PID:8732
- C:\Windows\System\xDwZxcG.exe
  C:\Windows\System\xDwZxcG.exe
  2⤵
  PID:8748
- C:\Windows\System\whYTwyv.exe
  C:\Windows\System\whYTwyv.exe
  2⤵
  PID:8764
- C:\Windows\System\UiTjiZR.exe
  C:\Windows\System\UiTjiZR.exe
  2⤵
  PID:8784
- C:\Windows\System\kdmqSkU.exe
  C:\Windows\System\kdmqSkU.exe
  2⤵
  PID:8804
- C:\Windows\System\RxzbfLU.exe
  C:\Windows\System\RxzbfLU.exe
  2⤵
  PID:8828
- C:\Windows\System\ZJiHmFx.exe
  C:\Windows\System\ZJiHmFx.exe
  2⤵
  PID:8852
- C:\Windows\System\FJmBSMZ.exe
  C:\Windows\System\FJmBSMZ.exe
  2⤵
  PID:8868
- C:\Windows\System\sbLysdu.exe
  C:\Windows\System\sbLysdu.exe
  2⤵
  PID:8892
- C:\Windows\System\qRcgVVw.exe
  C:\Windows\System\qRcgVVw.exe
  2⤵
  PID:8908
- C:\Windows\System\TVkMnvv.exe
  C:\Windows\System\TVkMnvv.exe
  2⤵
  PID:8928
- C:\Windows\System\rlRZsep.exe
  C:\Windows\System\rlRZsep.exe
  2⤵
  PID:8948
- C:\Windows\System\ektAHPt.exe
  C:\Windows\System\ektAHPt.exe
  2⤵
  PID:8968
- C:\Windows\System\iiWsZNW.exe
  C:\Windows\System\iiWsZNW.exe
  2⤵
  PID:8988
- C:\Windows\System\BSeLTtT.exe
  C:\Windows\System\BSeLTtT.exe
  2⤵
  PID:9016
- C:\Windows\System\EUlAruc.exe
  C:\Windows\System\EUlAruc.exe
  2⤵
  PID:9036
- C:\Windows\System\IPKjLOn.exe
  C:\Windows\System\IPKjLOn.exe
  2⤵
  PID:9052
- C:\Windows\System\IORkwoD.exe
  C:\Windows\System\IORkwoD.exe
  2⤵
  PID:9080
- C:\Windows\System\deEAmrC.exe
  C:\Windows\System\deEAmrC.exe
  2⤵
  PID:9096
- C:\Windows\System\kBDzquX.exe
  C:\Windows\System\kBDzquX.exe
  2⤵
  PID:9112
- C:\Windows\System\zYVJFDF.exe
  C:\Windows\System\zYVJFDF.exe
  2⤵
  PID:9128
- C:\Windows\System\QLcRZqO.exe
  C:\Windows\System\QLcRZqO.exe
  2⤵
  PID:9144
- C:\Windows\System\tUCeYYY.exe
  C:\Windows\System\tUCeYYY.exe
  2⤵
  PID:9160
- C:\Windows\System\YPAPWxC.exe
  C:\Windows\System\YPAPWxC.exe
  2⤵
  PID:9192
- C:\Windows\System\MvdYWxV.exe
  C:\Windows\System\MvdYWxV.exe
  2⤵
  PID:9212
- C:\Windows\System\kSuBapQ.exe
  C:\Windows\System\kSuBapQ.exe
  2⤵
  PID:8212
- C:\Windows\System\QFUbliQ.exe
  C:\Windows\System\QFUbliQ.exe
  2⤵
  PID:2676
- C:\Windows\System\oavMpwa.exe
  C:\Windows\System\oavMpwa.exe
  2⤵
  PID:8256
- C:\Windows\System\tzrDYAF.exe
  C:\Windows\System\tzrDYAF.exe
  2⤵
  PID:2580
- C:\Windows\System\XVZhdGx.exe
  C:\Windows\System\XVZhdGx.exe
  2⤵
  PID:8236
- C:\Windows\System\zhdGtEH.exe
  C:\Windows\System\zhdGtEH.exe
  2⤵
  PID:8276
- C:\Windows\System\RJsxsnj.exe
  C:\Windows\System\RJsxsnj.exe
  2⤵
  PID:8372
- C:\Windows\System\zngAGoL.exe
  C:\Windows\System\zngAGoL.exe
  2⤵
  PID:8392
- C:\Windows\System\mHovIwz.exe
  C:\Windows\System\mHovIwz.exe
  2⤵
  PID:8408
- C:\Windows\System\uUIKmYL.exe
  C:\Windows\System\uUIKmYL.exe
  2⤵
  PID:8424
- C:\Windows\System\ILsSHPI.exe
  C:\Windows\System\ILsSHPI.exe
  2⤵
  PID:8440
- C:\Windows\System\qVDAHVK.exe
  C:\Windows\System\qVDAHVK.exe
  2⤵
  PID:8464
- C:\Windows\System\fjJeYTl.exe
  C:\Windows\System\fjJeYTl.exe
  2⤵
  PID:8280
- C:\Windows\System\abtteVP.exe
  C:\Windows\System\abtteVP.exe
  2⤵
  PID:8516
- C:\Windows\System\joYobfg.exe
  C:\Windows\System\joYobfg.exe
  2⤵
  PID:8584
- C:\Windows\System\lRaHDOl.exe
  C:\Windows\System\lRaHDOl.exe
  2⤵
  PID:8628
- C:\Windows\System\cOSaauN.exe
  C:\Windows\System\cOSaauN.exe
  2⤵
  PID:8648
- C:\Windows\System\JDluStm.exe
  C:\Windows\System\JDluStm.exe
  2⤵
  PID:8612
- C:\Windows\System\VzoEiVf.exe
  C:\Windows\System\VzoEiVf.exe
  2⤵
  PID:8772
- C:\Windows\System\GfzqEvf.exe
  C:\Windows\System\GfzqEvf.exe
  2⤵
  PID:8820
- C:\Windows\System\njfxoqC.exe
  C:\Windows\System\njfxoqC.exe
  2⤵
  PID:8760
- C:\Windows\System\uaYzzWh.exe
  C:\Windows\System\uaYzzWh.exe
  2⤵
  PID:8800
- C:\Windows\System\eULfEaK.exe
  C:\Windows\System\eULfEaK.exe
  2⤵
  PID:8860
- C:\Windows\System\uRiqaVK.exe
  C:\Windows\System\uRiqaVK.exe
  2⤵
  PID:8888
- C:\Windows\System\ugWRpbp.exe
  C:\Windows\System\ugWRpbp.exe
  2⤵
  PID:8880
- C:\Windows\System\vkZoGKI.exe
  C:\Windows\System\vkZoGKI.exe
  2⤵
  PID:8980
- C:\Windows\System\wmmuJyR.exe
  C:\Windows\System\wmmuJyR.exe
  2⤵
  PID:9000
- C:\Windows\System\oGykgQP.exe
  C:\Windows\System\oGykgQP.exe
  2⤵
  PID:9028
- C:\Windows\System\URfcCLX.exe
  C:\Windows\System\URfcCLX.exe
  2⤵
  PID:9068
- C:\Windows\System\AOytIvk.exe
  C:\Windows\System\AOytIvk.exe
  2⤵
  PID:9104
- C:\Windows\System\jqaYlJq.exe
  C:\Windows\System\jqaYlJq.exe
  2⤵
  PID:9168
- C:\Windows\System\oVDVPKG.exe
  C:\Windows\System\oVDVPKG.exe
  2⤵
  PID:9180
- C:\Windows\System\ROZgUyc.exe
  C:\Windows\System\ROZgUyc.exe
  2⤵
  PID:9200
- C:\Windows\System\fynOsNe.exe
  C:\Windows\System\fynOsNe.exe
  2⤵
  PID:9064
- C:\Windows\System\glGHXMk.exe
  C:\Windows\System\glGHXMk.exe
  2⤵
  PID:8232
- C:\Windows\System\BfxRzaO.exe
  C:\Windows\System\BfxRzaO.exe
  2⤵
  PID:8260
- C:\Windows\System\KJzRMnS.exe
  C:\Windows\System\KJzRMnS.exe
  2⤵
  PID:8328
- C:\Windows\System\WPPBdFu.exe
  C:\Windows\System\WPPBdFu.exe
  2⤵
  PID:8316
- C:\Windows\System\nejsIGe.exe
  C:\Windows\System\nejsIGe.exe
  2⤵
  PID:8428
- C:\Windows\System\DNLDlsG.exe
  C:\Windows\System\DNLDlsG.exe
  2⤵
  PID:8580
- C:\Windows\System\FlgKZAz.exe
  C:\Windows\System\FlgKZAz.exe
  2⤵
  PID:8540
- C:\Windows\System\jkVHfXE.exe
  C:\Windows\System\jkVHfXE.exe
  2⤵
  PID:8692
- C:\Windows\System\TkUNkNY.exe
  C:\Windows\System\TkUNkNY.exe
  2⤵
  PID:8604
- C:\Windows\System\fEwNdXs.exe
  C:\Windows\System\fEwNdXs.exe
  2⤵
  PID:8744
- C:\Windows\System\lOIXCrn.exe
  C:\Windows\System\lOIXCrn.exe
  2⤵
  PID:8696
- C:\Windows\System\vhYMWpf.exe
  C:\Windows\System\vhYMWpf.exe
  2⤵
  PID:8840
- C:\Windows\System\JtmFESw.exe
  C:\Windows\System\JtmFESw.exe
  2⤵
  PID:8976
- C:\Windows\System\qDShyRV.exe
  C:\Windows\System\qDShyRV.exe
  2⤵
  PID:8728
- C:\Windows\System\qhxPywj.exe
  C:\Windows\System\qhxPywj.exe
  2⤵
  PID:8944
- C:\Windows\System\ZeyVQEq.exe
  C:\Windows\System\ZeyVQEq.exe
  2⤵
  PID:8964
- C:\Windows\System\NltDKKA.exe
  C:\Windows\System\NltDKKA.exe
  2⤵
  PID:9048
- C:\Windows\System\GYCMZdW.exe
  C:\Windows\System\GYCMZdW.exe
  2⤵
  PID:9076
- C:\Windows\System\MiLBBkl.exe
  C:\Windows\System\MiLBBkl.exe
  2⤵
  PID:9152
- C:\Windows\System\HNqAulz.exe
  C:\Windows\System\HNqAulz.exe
  2⤵
  PID:8272
- C:\Windows\System\eeRFNeQ.exe
  C:\Windows\System\eeRFNeQ.exe
  2⤵
  PID:8364
- C:\Windows\System\xwGmawe.exe
  C:\Windows\System\xwGmawe.exe
  2⤵
  PID:8536
- C:\Windows\System\AitLTBh.exe
  C:\Windows\System\AitLTBh.exe
  2⤵
  PID:9204
- C:\Windows\System\TLgNMNr.exe
  C:\Windows\System\TLgNMNr.exe
  2⤵
  PID:8296
- C:\Windows\System\lOqPurx.exe
  C:\Windows\System\lOqPurx.exe
  2⤵
  PID:8368
- C:\Windows\System\uasnsdA.exe
  C:\Windows\System\uasnsdA.exe
  2⤵
  PID:8416
- C:\Windows\System\tuIPhSY.exe
  C:\Windows\System\tuIPhSY.exe
  2⤵
  PID:8504
- C:\Windows\System\pIhLnDT.exe
  C:\Windows\System\pIhLnDT.exe
  2⤵
  PID:8904
- C:\Windows\System\GxjFmzZ.exe
  C:\Windows\System\GxjFmzZ.exe
  2⤵
  PID:8708
- C:\Windows\System\pcJMIcK.exe
  C:\Windows\System\pcJMIcK.exe
  2⤵
  PID:9184
- C:\Windows\System\YGJUEvE.exe
  C:\Windows\System\YGJUEvE.exe
  2⤵
  PID:8916
- C:\Windows\System\vXwJYWy.exe
  C:\Windows\System\vXwJYWy.exe
  2⤵
  PID:1960
- C:\Windows\System\nlhcJIP.exe
  C:\Windows\System\nlhcJIP.exe
  2⤵
  PID:8664
- C:\Windows\System\qsGkUBU.exe
  C:\Windows\System\qsGkUBU.exe
  2⤵
  PID:9120
- C:\Windows\System\oQdVbnE.exe
  C:\Windows\System\oQdVbnE.exe
  2⤵
  PID:8336
- C:\Windows\System\OnwTmZj.exe
  C:\Windows\System\OnwTmZj.exe
  2⤵
  PID:8756
- C:\Windows\System\cvIOUfy.exe
  C:\Windows\System\cvIOUfy.exe
  2⤵
  PID:8956
- C:\Windows\System\ZGJheiR.exe
  C:\Windows\System\ZGJheiR.exe
  2⤵
  PID:8900
- C:\Windows\System\bAjHpcj.exe
  C:\Windows\System\bAjHpcj.exe
  2⤵
  PID:8920
- C:\Windows\System\fMpfVga.exe
  C:\Windows\System\fMpfVga.exe
  2⤵
  PID:8244
- C:\Windows\System\RdwYvIw.exe
  C:\Windows\System\RdwYvIw.exe
  2⤵
  PID:8720
- C:\Windows\System\LhuEOKw.exe
  C:\Windows\System\LhuEOKw.exe
  2⤵
  PID:8400
- C:\Windows\System\ieQNTib.exe
  C:\Windows\System\ieQNTib.exe
  2⤵
  PID:8404
- C:\Windows\System\PdVgiUF.exe
  C:\Windows\System\PdVgiUF.exe
  2⤵
  PID:8936
- C:\Windows\System\FJYldrt.exe
  C:\Windows\System\FJYldrt.exe
  2⤵
  PID:8680
- C:\Windows\System\QENvPnx.exe
  C:\Windows\System\QENvPnx.exe
  2⤵
  PID:2752
- C:\Windows\System\ujdSbYl.exe
  C:\Windows\System\ujdSbYl.exe
  2⤵
  PID:8624
- C:\Windows\System\MLeHFqa.exe
  C:\Windows\System\MLeHFqa.exe
  2⤵
  PID:9124
- C:\Windows\System\jWKRNAJ.exe
  C:\Windows\System\jWKRNAJ.exe
  2⤵
  PID:9220
- C:\Windows\System\Xirqjab.exe
  C:\Windows\System\Xirqjab.exe
  2⤵
  PID:9236
- C:\Windows\System\yAYPiPi.exe
  C:\Windows\System\yAYPiPi.exe
  2⤵
  PID:9260
- C:\Windows\System\WczNciC.exe
  C:\Windows\System\WczNciC.exe
  2⤵
  PID:9276
- C:\Windows\System\sFXcArK.exe
  C:\Windows\System\sFXcArK.exe
  2⤵
  PID:9308
- C:\Windows\System\HMzHmWg.exe
  C:\Windows\System\HMzHmWg.exe
  2⤵
  PID:9328
- C:\Windows\System\qodkeZu.exe
  C:\Windows\System\qodkeZu.exe
  2⤵
  PID:9344
- C:\Windows\System\XuVfoSG.exe
  C:\Windows\System\XuVfoSG.exe
  2⤵
  PID:9372
- C:\Windows\System\WfhfnFY.exe
  C:\Windows\System\WfhfnFY.exe
  2⤵
  PID:9388
- C:\Windows\System\qCSrbcP.exe
  C:\Windows\System\qCSrbcP.exe
  2⤵
  PID:9408
- C:\Windows\System\znkBGCY.exe
  C:\Windows\System\znkBGCY.exe
  2⤵
  PID:9428
- C:\Windows\System\bQfFkcG.exe
  C:\Windows\System\bQfFkcG.exe
  2⤵
  PID:9444
- C:\Windows\System\ftiXZZX.exe
  C:\Windows\System\ftiXZZX.exe
  2⤵
  PID:9460
- C:\Windows\System\PeSOHrk.exe
  C:\Windows\System\PeSOHrk.exe
  2⤵
  PID:9476
- C:\Windows\System\XCgAuSv.exe
  C:\Windows\System\XCgAuSv.exe
  2⤵
  PID:9492
- C:\Windows\System\ffPYMZk.exe
  C:\Windows\System\ffPYMZk.exe
  2⤵
  PID:9516
- C:\Windows\System\OhmjPzE.exe
  C:\Windows\System\OhmjPzE.exe
  2⤵
  PID:9536
- C:\Windows\System\SXENggF.exe
  C:\Windows\System\SXENggF.exe
  2⤵
  PID:9552
- C:\Windows\System\gcPRZZS.exe
  C:\Windows\System\gcPRZZS.exe
  2⤵
  PID:9572
- C:\Windows\System\nUaGtvW.exe
  C:\Windows\System\nUaGtvW.exe
  2⤵
  PID:9588
- C:\Windows\System\CLxtBaN.exe
  C:\Windows\System\CLxtBaN.exe
  2⤵
  PID:9612
- C:\Windows\System\sqaOaCb.exe
  C:\Windows\System\sqaOaCb.exe
  2⤵
  PID:9628
- C:\Windows\System\Wdxijwn.exe
  C:\Windows\System\Wdxijwn.exe
  2⤵
  PID:9644
- C:\Windows\System\yqrampV.exe
  C:\Windows\System\yqrampV.exe
  2⤵
  PID:9660
- C:\Windows\System\ZqgbSSw.exe
  C:\Windows\System\ZqgbSSw.exe
  2⤵
  PID:9684
- C:\Windows\System\TZkuCud.exe
  C:\Windows\System\TZkuCud.exe
  2⤵
  PID:9716
- C:\Windows\System\LYFMNoU.exe
  C:\Windows\System\LYFMNoU.exe
  2⤵
  PID:9752
- C:\Windows\System\TePZrTk.exe
  C:\Windows\System\TePZrTk.exe
  2⤵
  PID:9768
- C:\Windows\System\VMrYVEL.exe
  C:\Windows\System\VMrYVEL.exe
  2⤵
  PID:9796
- C:\Windows\System\iSZdEPm.exe
  C:\Windows\System\iSZdEPm.exe
  2⤵
  PID:9812
- C:\Windows\System\WnxZiMB.exe
  C:\Windows\System\WnxZiMB.exe
  2⤵
  PID:9832
- C:\Windows\System\EKaSQtp.exe
  C:\Windows\System\EKaSQtp.exe
  2⤵
  PID:9856
- C:\Windows\System\eyFGefd.exe
  C:\Windows\System\eyFGefd.exe
  2⤵
  PID:9872
- C:\Windows\System\fnavyIK.exe
  C:\Windows\System\fnavyIK.exe
  2⤵
  PID:9892
- C:\Windows\System\ZbrqFSa.exe
  C:\Windows\System\ZbrqFSa.exe
  2⤵
  PID:9916
- C:\Windows\System\obBmFqB.exe
  C:\Windows\System\obBmFqB.exe
  2⤵
  PID:9932
- C:\Windows\System\YuAVGHQ.exe
  C:\Windows\System\YuAVGHQ.exe
  2⤵
  PID:9952
- C:\Windows\System\xmFJeAj.exe
  C:\Windows\System\xmFJeAj.exe
  2⤵
  PID:9972
- C:\Windows\System\MdbJNqe.exe
  C:\Windows\System\MdbJNqe.exe
  2⤵
  PID:9996
- C:\Windows\System\cOJNxHg.exe
  C:\Windows\System\cOJNxHg.exe
  2⤵
  PID:10012
- C:\Windows\System\kSyBWKR.exe
  C:\Windows\System\kSyBWKR.exe
  2⤵
  PID:10032
- C:\Windows\System\uOdkbyO.exe
  C:\Windows\System\uOdkbyO.exe
  2⤵
  PID:10052
- C:\Windows\System\nmaaasf.exe
  C:\Windows\System\nmaaasf.exe
  2⤵
  PID:10072
- C:\Windows\System\UcXpPDU.exe
  C:\Windows\System\UcXpPDU.exe
  2⤵
  PID:10092
- C:\Windows\System\NVwSxlI.exe
  C:\Windows\System\NVwSxlI.exe
  2⤵
  PID:10112
- C:\Windows\System\pJZmCqo.exe
  C:\Windows\System\pJZmCqo.exe
  2⤵
  PID:10132
- C:\Windows\System\IfqiRNA.exe
  C:\Windows\System\IfqiRNA.exe
  2⤵
  PID:10156
- C:\Windows\System\vrLTtOs.exe
  C:\Windows\System\vrLTtOs.exe
  2⤵
  PID:10172
- C:\Windows\System\hDvGNOK.exe
  C:\Windows\System\hDvGNOK.exe
  2⤵
  PID:10192
- C:\Windows\System\sTEIPOT.exe
  C:\Windows\System\sTEIPOT.exe
  2⤵
  PID:10212
- C:\Windows\System\WwZuSyE.exe
  C:\Windows\System\WwZuSyE.exe
  2⤵
  PID:8420
- C:\Windows\System\xsuIooo.exe
  C:\Windows\System\xsuIooo.exe
  2⤵
  PID:9252
- C:\Windows\System\QvoPXyd.exe
  C:\Windows\System\QvoPXyd.exe
  2⤵
  PID:9232
- C:\Windows\System\lpyDLvg.exe
  C:\Windows\System\lpyDLvg.exe
  2⤵
  PID:9300
- C:\Windows\System\EnTCcpD.exe
  C:\Windows\System\EnTCcpD.exe
  2⤵
  PID:9336
- C:\Windows\System\FbcvCUk.exe
  C:\Windows\System\FbcvCUk.exe
  2⤵
  PID:9364
- C:\Windows\System\EykvLTl.exe
  C:\Windows\System\EykvLTl.exe
  2⤵
  PID:9384
- C:\Windows\System\KbuHHMu.exe
  C:\Windows\System\KbuHHMu.exe
  2⤵
  PID:9420
- C:\Windows\System\vinYDCr.exe
  C:\Windows\System\vinYDCr.exe
  2⤵
  PID:9528
- C:\Windows\System\LjZUbNk.exe
  C:\Windows\System\LjZUbNk.exe
  2⤵
  PID:9568
- C:\Windows\System\sZrCgra.exe
  C:\Windows\System\sZrCgra.exe
  2⤵
  PID:9604
- C:\Windows\System\mUwvwCa.exe
  C:\Windows\System\mUwvwCa.exe
  2⤵
  PID:9500
- C:\Windows\System\patqieW.exe
  C:\Windows\System\patqieW.exe
  2⤵
  PID:9668
- C:\Windows\System\ripUuHQ.exe
  C:\Windows\System\ripUuHQ.exe
  2⤵
  PID:9472
- C:\Windows\System\DIQzlQg.exe
  C:\Windows\System\DIQzlQg.exe
  2⤵
  PID:9652
- C:\Windows\System\IrphRsX.exe
  C:\Windows\System\IrphRsX.exe
  2⤵
  PID:9656
- C:\Windows\System\hwVhtZE.exe
  C:\Windows\System\hwVhtZE.exe
  2⤵
  PID:9736
- C:\Windows\System\QmuEOFg.exe
  C:\Windows\System\QmuEOFg.exe
  2⤵
  PID:9728
- C:\Windows\System\XEgUqrS.exe
  C:\Windows\System\XEgUqrS.exe
  2⤵
  PID:9784
- C:\Windows\System\eYMBiiU.exe
  C:\Windows\System\eYMBiiU.exe
  2⤵
  PID:9820
- C:\Windows\System\baiChCf.exe
  C:\Windows\System\baiChCf.exe
  2⤵
  PID:9848
- C:\Windows\System\POHpQiN.exe
  C:\Windows\System\POHpQiN.exe
  2⤵
  PID:9880
- C:\Windows\System\XwIhiNZ.exe
  C:\Windows\System\XwIhiNZ.exe
  2⤵
  PID:9904
- C:\Windows\System\IDgqYXr.exe
  C:\Windows\System\IDgqYXr.exe
  2⤵
  PID:9944
- C:\Windows\System\dwMmjPO.exe
  C:\Windows\System\dwMmjPO.exe
  2⤵
  PID:9988
- C:\Windows\System\hvWJwoV.exe
  C:\Windows\System\hvWJwoV.exe
  2⤵
  PID:10008
- C:\Windows\System\UyotjNT.exe
  C:\Windows\System\UyotjNT.exe
  2⤵
  PID:10048
- C:\Windows\System\cfKYLFa.exe
  C:\Windows\System\cfKYLFa.exe
  2⤵
  PID:10080
- C:\Windows\System\SxaUCSp.exe
  C:\Windows\System\SxaUCSp.exe
  2⤵
  PID:10120
- C:\Windows\System\QyEOvWG.exe
  C:\Windows\System\QyEOvWG.exe
  2⤵
  PID:10148
- C:\Windows\System\PaiDoIm.exe
  C:\Windows\System\PaiDoIm.exe
  2⤵
  PID:10188
- C:\Windows\System\MhcdEtM.exe
  C:\Windows\System\MhcdEtM.exe
  2⤵
  PID:10168
- C:\Windows\System\gfqPGdX.exe
  C:\Windows\System\gfqPGdX.exe
  2⤵
  PID:10228
- C:\Windows\System\vSAEtnw.exe
  C:\Windows\System\vSAEtnw.exe
  2⤵
  PID:9256
- C:\Windows\System\aTpexVA.exe
  C:\Windows\System\aTpexVA.exe
  2⤵
  PID:9320
- C:\Windows\System\wHRqXap.exe
  C:\Windows\System\wHRqXap.exe
  2⤵
  PID:9292
- C:\Windows\System\QTwtANb.exe
  C:\Windows\System\QTwtANb.exe
  2⤵
  PID:9352
- C:\Windows\System\DmyEafF.exe
  C:\Windows\System\DmyEafF.exe
  2⤵
  PID:9600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DfYNMrT.exe

Filesize
6.0MB

MD5
8486181a51c93416f88e75395769de31

SHA1
0c03fe486437e6541f4c3171bff7bfa8e3566902

SHA256
386a81a6aa32dac27a3ec213c417a54b2269ca4be7b0b461a4038d4b12c5cf4f

SHA512
81b90ab71132698e4a42f036a2fb7a3dff1804e0bfaee5873e89b55fd6c8f0a0a986b77746692dbcba81aae3487398c95bf4e7fd872a29900544f87a69eeeda8

Download Submit
C:\Windows\system\Dwmrpiw.exe

Filesize
6.0MB

MD5
14cb9a2168653299d5192058e50c64d4

SHA1
4a712aef935215d7b70346b471f594f31e9a89e7

SHA256
26a09afb9d0bd3a67f339d5abe63009139422c0ac9a958b009cd8d4c9a171fb8

SHA512
a2e0167ae6b40e9747864404e11bbd6ce823bb075a5c5fa5cdd3346fc59ee46f77f62b1805f0590f7de8aaba037d569ea7c94d3e36ba20fbcd942fbcfdae008c

Download Submit
C:\Windows\system\Fzwjtvu.exe

Filesize
6.0MB

MD5
43d706b4e59297277a7b92dbdebff935

SHA1
71248cc585934d93ca8ed23129bb95739974f383

SHA256
4a510cf0cea2bcc3d521d7e0fd0972bdd2ebdebb7c07fd25e5548b9fb5f67908

SHA512
6410abffcd3db40950339407fce04967ca3e67c43108a63d5c6fb558d5c60cf36aa72b7c6b247ebe4e6a63bd5a5836b0d13382d546c7a4dfd50509b3e6fc4f58

Download Submit
C:\Windows\system\NHqdfHm.exe

Filesize
6.0MB

MD5
c7da017a9cc31da20d99a810c0185032

SHA1
906a0efda5af6550601eeb58b88bc19294ba1757

SHA256
d32d8a4625075a818e2cf2b61f39d517665e29f7a4b6aa3e5cc5b84e81a7fa15

SHA512
7106d9f26161aaaa8f313f5050c05305409dad6abe0b857b01b12c1a05dba266ad788969c9f4dcc705baee71fb123a7036cdd413a63b2cf5d419e134b9156a0b

Download Submit
C:\Windows\system\NZSuFBX.exe

Filesize
6.0MB

MD5
8dc4ff91b033b5d5e083b9b94a7825a1

SHA1
03eb5bf73b4bb3e9e80cf12633ae5e4a32f6b03d

SHA256
98c02df357297c9f0d8d2a3c2f56fcbbf687c2e99ffeaccdcc32086167bab921

SHA512
75e4be00b913193e7d0bf6ac2b36895a686e0a3f786975acc295338d5e166cb46308cbf85d7b0b74dc2c1cb726db6d89dcd40e05f8b4fcd6512d46010f424012

Download Submit
C:\Windows\system\QTDLwwF.exe

Filesize
6.0MB

MD5
9a25c3cbc95770fbe1ed8374985022a9

SHA1
8eec113904b002904c2fa6db0aec9b33de8d86ec

SHA256
dbee07143e0b9a4a81e982d1f23fbab66e45b579c39aca5eff66fecd57cb8f2d

SHA512
a27d6c48e3d2917660a8490affd42e87d39e8a25b0182b0b2ec36fae5b15c12876d8720ec4da7953204a090614755bcac63a042c82aaf7cd5e85a38a4f100d61

Download Submit
C:\Windows\system\SHRxCNI.exe

Filesize
6.0MB

MD5
57380fe569fa28fabca7d2a55c9572a2

SHA1
ba97fcc3ac317072440f7145b08b963b7c863432

SHA256
85cb83d73df186eb45dc46c89a3d09674375ad0cb9d2274140995f3fce6acc88

SHA512
27c5182eab26bae0f66797d064a7f286e4cc7f61a7d500d03e17cda4d03c7f8647baea8f80c115c385a9e31f02d0b0a772ae23a386259142aaa54c2d0eb96708

Download Submit
C:\Windows\system\TZXKLcU.exe

Filesize
6.0MB

MD5
9dddc60d527b675f8264f51a1e3b1f16

SHA1
a12667439a8ae2258f49c633fb75cde0ed4d97cd

SHA256
5b4afc8de3580ea0f8a2ffab0051f962c8b9b30c6cd1ee1ef0b5e9a3afbf00a2

SHA512
554e8c983e0a84c03a6517b7deaaa76f8b5aa8fe7369326819a22f41b36ee2627a88094c6f662d5ae5ce922727e0bfdeca91d9f8475869c6754f666152e5b0ef

Download Submit
C:\Windows\system\UjgVJyg.exe

Filesize
6.0MB

MD5
1f863358b471604c7a918d499f2081d7

SHA1
798176017a5d439b5f658c80880abc15fce2a963

SHA256
075b85b73112bdfb3bd27d77395553748390db41d94aa239b5033b5182cce545

SHA512
1fa23fa94052ee332559def9684cf640a084540389351fc3916582d8cdda8d3b9f7bd33b17a652442077a7df6d006a0bfd40e6c4ba1b0899c197ddd14c08c017

Download Submit
C:\Windows\system\VbHQVmv.exe

Filesize
6.0MB

MD5
b688d6ebf0574566324145394442aa22

SHA1
f285f1d613ff942d64676c51720f3f7c80ec06fb

SHA256
7f7927d9e58c8d7000c36a63b5fc6bd568da4675b858dba3cdb45d69011ac0d9

SHA512
0b37157d6c1da988c5e3668bc43f23194ab88b4f63ad3fb5f847c0c7b50da4347dcd6eee1ae9ccc380cff96e53b281af625d09ec0ccd575fdd3ea69a2a1d2a98

Download Submit
C:\Windows\system\XhyrWxI.exe

Filesize
6.0MB

MD5
beab92e508a83fa3bc984445e403e75c

SHA1
6e3166bbec12a977df679954e0f9fb6b94f3135e

SHA256
e8fb457e0f1b875c11455dd5e862f7f0a5e46fd1b3ce1715499535db337f5024

SHA512
dc516e76c72e1c28f44b7888c8beb1e7043b558e44ccd921d8babba11148799e6603bd5fc8ee8f895231f60d7a0e37e120922876de4c48c5d399263b1b53164c

Download Submit
C:\Windows\system\aaRKMnD.exe

Filesize
6.0MB

MD5
7e0a3a1a9b3709f8ab0a5601ba30c354

SHA1
6d2cb2b5924ebd60704c211f77e8e8a67ca4970e

SHA256
1901d086e868955e44ea67cd481e36ca751c792be7fa77f1ff9b272710a3398c

SHA512
d0f328eece3aa115f7825c78cda615731e2a66a1793a3877af17fa638202c1f6a42fdf97b497f7f5000caa87007b4383c2cc54eb1c8ced1672d80512380314a5

Download Submit
C:\Windows\system\cWbtont.exe

Filesize
6.0MB

MD5
00fac93319bdc112a1f654eda1c5bcf8

SHA1
9ba46e1117ef3db09ec2c8e781cc00af9c18808d

SHA256
2d4d8ae45f3bfe963e8b4beb79170229a8b037f6153b92252d3e840fa5a16a45

SHA512
9b9b06537683294af42e337e3442f7c73de185b4ff9347cae4820440c20a0e9df651f50849a2858f84526ce772a3fb72ceec0702a01f16b99876aedfa9ee47e4

Download Submit
C:\Windows\system\cdADEkG.exe

Filesize
6.0MB

MD5
d0169dc1586d1d05ddf7a875efaa8a12

SHA1
7152f45bcb8cf766b90b2574b802283f3030c276

SHA256
74d02c23738c5feb4e592e77ee6c627a8b16a9e53ba690337cca7371c0cf98e7

SHA512
56d415338a3bee38a9b6ea93234bd9d74932f18e9ba13b5ebca7ca9bb89ce498133f4c27ebf73d91df2a7d626fc2cee235d4203bd2c98c51e09cf09901e07148

Download Submit
C:\Windows\system\dNCTAWw.exe

Filesize
6.0MB

MD5
5a49afe1ceb338f2915b935c22e92d87

SHA1
5842c56ecf8e8424964dc014016512225b07f2f2

SHA256
be3a008cc4502c7a694f77147a64034884886afae2d4f0a1446f05899dea97e1

SHA512
9f42ad3dc233e59c074dd698ea0097e7071c9dc41d3669522531c69a92c6750d45fd7a391afa6b346541796495fc69b2ecc9e5746b27682d37582daa995e05cf

Download Submit
C:\Windows\system\dbqbvZK.exe

Filesize
6.0MB

MD5
0b3c4e83f6be6fc800ff856f3035ba37

SHA1
347472f8bdd1fdbbb0043fed2134d3f0a113e739

SHA256
bb731136c1e97490a5eb772ac9a592314d5c7b40ac08bbcf7304b9c76b3b8362

SHA512
ca6f29bcabb3599adcfb3788e2819db3eb69ef33887526b855c7413e79f7a39f74c7d37b1ca7665d7ed8b2783108e0fc13c4113bba5a419070e011ac6bc07852

Download Submit
C:\Windows\system\eFQkuRo.exe

Filesize
6.0MB

MD5
416f549ba829eaac6409d39bfc1cb4a6

SHA1
daa7f4ea24a7aaaefbff82bad2889f23e77ba219

SHA256
5886d205717f930b3cd8f217ef6e4c1d74d2590cadac4cbadd625399806ad2bb

SHA512
c28419de185f18bd5c0391301d7fa944d1d397a183104909bc34cded2b38a66f14116afc97be1d45ebe8989cfc545aa4a08ad309eb7b466df55eba8d1c36028a

Download Submit
C:\Windows\system\fmhHEEA.exe

Filesize
6.0MB

MD5
88d22b5e3e6e053629b1d9cae61fb2f8

SHA1
86783f084b2b07831141f064a47701c35ad5dd2d

SHA256
8ae25b0a1702731800d6fe42ebbfc565a087e8043a9827a3c2ec605aa980802f

SHA512
c36a22dbd3aeb14495726ac404aadd95649f30fc45091d5dbf15b24aa014d1275bcd0cbbd85974b7ff9659f9d9111c209cb2ee74e776139feee53b5d4e827596

Download Submit
C:\Windows\system\gmBMLGK.exe

Filesize
6.0MB

MD5
22697d3bebae50446e06cf1cb7bb5d55

SHA1
c4694d82f0a6a246c0b02b322530dcad18bd121e

SHA256
294349da217bf231997cac59ae007f1ba78d38fc5fdc8a3d81abb5a72bf1335f

SHA512
f207baa0f57a31571a9f9113daebfa0e5b7fe7f0ac7defe31e3cade5189b74249ebd02f3ae09bb7405d44ac48118031a9ae1150cdd3dfbfc3da9063330f171ae

Download Submit
C:\Windows\system\hLrdzYp.exe

Filesize
6.0MB

MD5
07119e20317c33e38e802190fd12a0a6

SHA1
501ad9cbf19c014555d807b162892ff34ed89ee6

SHA256
f0950bdc5084cbe2ca729f1793762f5c36925500d2a59f6d5d6d153da5232873

SHA512
7136d2795da091b4b884904fa0cbbe5b1a85a0ef52668d2fb018a60143f51e6ac6c04aebe8079dd192d2c1a6bcd8729d8572980643dbcbd8dae2a74d8746a1c1

Download Submit
C:\Windows\system\hbATNJe.exe

Filesize
6.0MB

MD5
c44784e9aac8be9535b3e1463b83f45d

SHA1
3c8a51cec7d672f789b1db561e91865bf8e3d6f1

SHA256
f9daadc4105853d196a95d223f15a349cf2bd40f412734f40315d2a7a2e88932

SHA512
7d264c3ca19bc05f51be61632f680ab1a5598ef205b66b40f5b424e1e42948dd3f701a6431b558f2aa21f79d66ef2b10c8ad3c3a9e793452e41eaf4fe19b0b42

Download Submit
C:\Windows\system\jhTTJNc.exe

Filesize
6.0MB

MD5
eaf56f83decdc6905460e1e6bbf56a34

SHA1
db03bd3d82b4517f962620469413201103bf30b4

SHA256
dc8240e833dd855c412e3b9846387c4ceb3dc70e48b713ee22029da80edf42b5

SHA512
e2f5d0422cb73b820195dcf7f35a1478928c7d8c3c903fb2283cf7a30ac9a8963997fef2a2084d9899f9f07af3c9ed4f98c5714651b87fcccd422a6a1f448874

Download Submit
C:\Windows\system\jpqPeAu.exe

Filesize
6.0MB

MD5
13efe3d56923fe9a2d6167238ec9968b

SHA1
92fc455065ff86b4b683a4d3d866146469c797d7

SHA256
84b5de03cc576935aa4b1346593eb32b8dcb65132c694abf96093ecd902d132c

SHA512
79e878aabea53040d472fb61d4fb4d1e3eebe9070c38973204fe233fe8fefbdd317e07c07065531474888bf26dbebe7bbe98c195cb745f9fcbed52b0f42146d3

Download Submit
C:\Windows\system\mIysiqw.exe

Filesize
6.0MB

MD5
cdbbc5cbb5500fd0dc1d7d4b9b668ddf

SHA1
167daf212636e16358ae13cdc63ba8f17ea279d0

SHA256
4fbb1c03644fb9374c0d2b672fa51cb3d7f62f190bd755724c5218b6aed37e8a

SHA512
267852a7001deba6bf3d1ab51cdf59a440f3986e3f913352da6db55f57c1d5b626b53d062192ba2b2567e210c22a3daa889ea2095439646e923fc1da7b39e938

Download Submit
C:\Windows\system\qKEGvBK.exe

Filesize
8B

MD5
7cb7c669d07161b89225d159ae48e2eb

SHA1
74f59f289ca85f8adf98025137eae13372f323e5

SHA256
6a6bf82380acff356ff60103982ffcf0a53ad0c00e7ffde5beb53c6be351b969

SHA512
c2e7391234f4ee1bf4fd29abec5c6b1547d2160032a735e5b2e4a1240c3610dbb5ab59217fc3ee24d584b6c6be4ff92356725c81fd057a01ecbc685730fa580a

Download Submit
C:\Windows\system\toUrDAj.exe

Filesize
6.0MB

MD5
57a2a89d0f2326c9e195af010c78a595

SHA1
de3f60179bf221d4ddd7fad3d5ca8ce07c95790f

SHA256
98838a7c73c27c73f35a2e03a265ba5faa922315b20cad3a013c04e56b6ad2af

SHA512
0e18dc1b8b4afa3c914fed4656d2130c17018da875bbe7d6aeffb64cf5358fc0a7c52a735cd2ba91c28296ff544079fb57934081594dc0a40192cf69e6f29a12

Download Submit
C:\Windows\system\uGlCTBr.exe

Filesize
6.0MB

MD5
82b911358dce55236a2ad0f1530acc7b

SHA1
fd0ee5936995ad491e5d13aaba0bb400e880b3a0

SHA256
d7324ee57f7dad5e0a5f357f065aaf35edccf8e22e9c1d0159ed36450703cba7

SHA512
e1a0e78a000ec6a25a8a56f9f62ce27c0ca2ec0e0a5c65dd7be990d0e147581905de906c221c85ddb047ab76224775aea0afd00c714e4ce3e11e030fb0e511f1

Download Submit
\Windows\system\BJgMzFy.exe

Filesize
6.0MB

MD5
f730b10f519b92fa3de1e9acb99a9f46

SHA1
862737a65e90b7a202d81746613f820272bcb97b

SHA256
463d63168c6d512b92dd6c6b47c8a37d72f9545c98114e43a7e6fec51525e833

SHA512
aaef804011265fe4e4acc758411fa305731d6d03cf42522dc5575a146d2560436ab2712dadef691102cf04127bee194e98ab117e9cdd9d14074d4e4f84375d2c

Download Submit
\Windows\system\IyYDhZh.exe

Filesize
6.0MB

MD5
94e5b3d7f2102d9a8bcbe1515a251417

SHA1
70a7e0d4f54a9831f9173561f0ec1422293ef666

SHA256
0a0a3160fe5a69f510cb38dec7b8287a947ee3b5de8041f3ff7ac825a3c09915

SHA512
01d5b1a10538a052dbdb99f261985bcb12e9717beef224f381521be3d19297ba422033637bb65db69e76d3fc03db8c4e3469542da188d4afc916b518f5e2f5ca

Download Submit
\Windows\system\KRbVxUn.exe

Filesize
6.0MB

MD5
4ed72f61c2bdb5cdd5a603472a69b400

SHA1
df1e7e0ce008aeaccd46d66b8e4c13bf9c945886

SHA256
d2fd62fe0865c5723a14dcd397afdd9b4ccea41099ad0d13111c826a2950cf33

SHA512
8ec1992fc32b57530864b65531cdfaf290c9e2069935f1fbdcc722f6f7ac4cf66bda57916d17c7824e7fc3b6c2c5d0113ba5dc1529b039223393fee2d2a9abf3

Download Submit
\Windows\system\PiMuIEl.exe

Filesize
6.0MB

MD5
35d42f6a101ec0c1fc89ecb8caf2d7f2

SHA1
b4d8e2ccc104694134d302bf34de7efcadf31d55

SHA256
19c4411e2f645ecc87c85b034e2b009a95276bf5d3022d6cd71a964ac2706c0e

SHA512
fad6195381fbb4acb86c035445d347fce9facfa12c6c17426e33161980d9b9010ca2e8bd7459825cdb8fa451af0a70ebbdfa1694f6a57e1f268bda25644d9981

Download Submit
\Windows\system\VDLlTeW.exe

Filesize
6.0MB

MD5
89f164488c35207cffeab1eb2a989fae

SHA1
12d9319bc8d45eaa83536b30b591368f196be127

SHA256
a00065f1a3d223d817dce298b8a8f44536e2bfa87f7978b3df80bd9dc1704dca

SHA512
6a9d680641eb3743945d7c95fa9890a1b965c90b6fec4553d3df4554244c7262c61a8733a77c66759e14c7a2bdeb88ea8c2d2ae2db6e5f23a2d169db63a202b5

Download Submit
\Windows\system\eHLzGAp.exe

Filesize
6.0MB

MD5
6b3211054cfe2965ac7e66e2d646aa2e

SHA1
0bd774ad00ccec5b945a29ecd64afd2b895af7d9

SHA256
860c25ab87ed69ab43a3da6e5c99b26eda1922e5854cc99316beda2f497638b4

SHA512
5945a60b915f2ce8149b8243f3775cf631d9a15554cfa455fd40b13a2765333788df84480eeb4d70313c02fb57827564f5770795b14d574d58f1c1eda9de1c23

Download Submit
memory/1048-3631-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/1048-107-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/1048-1441-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/1512-80-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1512-3595-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1512-43-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2084-66-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2084-3565-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2084-27-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2120-3620-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2120-20-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2120-58-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2236-46-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-94-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-18-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-0-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-25-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2236-36-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-1590-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-112-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-111-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-448-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-103-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2236-102-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-70-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-1303-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2236-683-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-62-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-93-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-1006-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-29-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2236-41-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2236-85-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2236-54-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-8-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-77-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2296-3630-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-67-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-106-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-81-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-3640-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-552-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-3566-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2460-9-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3599-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2524-37-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2540-14-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-50-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-3567-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-89-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3626-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2632-846-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2652-1163-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2652-98-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3641-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2780-59-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3622-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2780-97-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2784-88-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3638-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2784-51-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2848-73-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3624-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2848-288-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download