cobaltstrike | a84fd10c4b7f70a634104af76fba5c32f63bf287865791ebb9c3a902bacb7982

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
27-12-2024 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c240cb70fc57435c205cb407f1cf4802
SHA1

c65e257c53a32675e5c8384e02d3cdd7ba52ab95
SHA256

a84fd10c4b7f70a634104af76fba5c32f63bf287865791ebb9c3a902bacb7982
SHA512

7cab818590057f03bd8fb6be977e434ff5584005b65adbd276ecfddd9bb13abdca5364c48220a3bfeeb09216536c41faed6e633903b3574247c0508531c3ec87
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU+:T+q56utgpPF8u/7+

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001202c-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c53-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ca5-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cfd-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d17-28.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d1f-33.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d27-37.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019481-44.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e6-72.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fd-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fe-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195fb-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f9-97.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f7-92.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c0-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019603-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ff-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019659-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019601-153.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016846-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019581-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001955c-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019551-76.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e4-69.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-64.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-60.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c6-56.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001949d-52.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-48.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001946b-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0e-25.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2676-0-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/files/0x000a00000001202c-3.dat	xmrig
behavioral1/files/0x0008000000016c53-11.dat	xmrig
behavioral1/files/0x0008000000016ca5-10.dat	xmrig
behavioral1/files/0x0007000000016cfd-21.dat	xmrig
behavioral1/files/0x0007000000016d17-28.dat	xmrig
behavioral1/files/0x0009000000016d1f-33.dat	xmrig
behavioral1/files/0x0009000000016d27-37.dat	xmrig
behavioral1/files/0x0005000000019481-44.dat	xmrig
behavioral1/files/0x00050000000194e6-72.dat	xmrig
behavioral1/files/0x00050000000195fd-105.dat	xmrig
behavioral1/memory/1812-134-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x00050000000195fe-135.dat	xmrig
behavioral1/memory/2676-133-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2508-132-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2184-130-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2372-122-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/files/0x00050000000195fb-100.dat	xmrig
behavioral1/files/0x00050000000195f9-97.dat	xmrig
behavioral1/files/0x00050000000195f7-92.dat	xmrig
behavioral1/files/0x00050000000195c0-88.dat	xmrig
behavioral1/files/0x0005000000019603-155.dat	xmrig
behavioral1/files/0x00050000000195ff-147.dat	xmrig
behavioral1/memory/2792-264-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2808-257-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2676-1281-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2736-238-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2392-194-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2484-468-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2628-466-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2764-464-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2724-283-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2912-270-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2444-222-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019615-163.dat	xmrig
behavioral1/files/0x0005000000019659-167.dat	xmrig
behavioral1/files/0x0005000000019605-161.dat	xmrig
behavioral1/files/0x0005000000019601-153.dat	xmrig
behavioral1/files/0x0009000000016846-143.dat	xmrig
behavioral1/files/0x0005000000019581-84.dat	xmrig
behavioral1/files/0x000500000001955c-80.dat	xmrig
behavioral1/files/0x0005000000019551-76.dat	xmrig
behavioral1/files/0x00050000000194e4-69.dat	xmrig
behavioral1/files/0x00050000000194da-64.dat	xmrig
behavioral1/files/0x00050000000194d0-60.dat	xmrig
behavioral1/files/0x00050000000194c6-56.dat	xmrig
behavioral1/files/0x000500000001949d-52.dat	xmrig
behavioral1/files/0x0005000000019490-48.dat	xmrig
behavioral1/files/0x000600000001946b-40.dat	xmrig
behavioral1/files/0x0007000000016d0e-25.dat	xmrig
behavioral1/memory/2808-3920-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2444-3927-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2392-3934-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2736-3935-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2372-3933-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2508-3932-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2792-3931-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2628-3930-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2724-3936-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/1812-3925-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2184-3923-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2764-3922-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2912-3926-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2484-3924-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2484	DQTMmxl.exe
2372	DgAJhPh.exe
2184	xiInYVb.exe
2508	PChDKTt.exe
1812	vNwiUkd.exe
2392	fNwdDFM.exe
2444	dOjSiHH.exe
2736	mjMDMqD.exe
2808	AMmiwrB.exe
2792	jwLWSWK.exe
2912	RsoExlB.exe
2724	QUJexxN.exe
2764	BubgwQj.exe
2628	BADDuUM.exe
2932	XXEjUQh.exe
2640	QGBWVJy.exe
2596	FBSieSt.exe
2656	oXzrCVq.exe
3056	nCnpBvE.exe
2360	fRaylXm.exe
1172	GxfiIdR.exe
984	zaBMGkh.exe
1648	wwLTbSR.exe
1116	fXthkkV.exe
1268	XLorjeH.exe
2196	DLmsFez.exe
2132	usVgJCF.exe
1832	rHYvLuo.exe
1476	RfCfRcl.exe
1708	GWqXfzN.exe
1808	YySIWCI.exe
820	rnePgNW.exe
1680	KQATpjY.exe
1296	vAFYWgZ.exe
3016	gMboKSx.exe
356	xcnjJPk.exe
1676	rIXmrqi.exe
888	WhOzkNo.exe
2268	AYsBusL.exe
1028	ZQXgxXQ.exe
2140	WhaNOoM.exe
1932	MAfKPfF.exe
1824	fHsZsxP.exe
1660	MzHdTCL.exe
1608	gpPiWdo.exe
3044	NDKfDvM.exe
1536	nvTMpEU.exe
2512	QSgBovT.exe
2796	XKxmdTP.exe
2976	OJWyxGt.exe
1756	ZYdPPYe.exe
1776	ZqOVtDS.exe
1552	pVxtelh.exe
1940	yqFOxnn.exe
2936	GbiQQHq.exe
2956	qXWwsdo.exe
3092	BtJFSNV.exe
3124	KuoCoIi.exe
3156	nPwSWrn.exe
3192	ZSIAjOa.exe
3224	xDlYyFZ.exe
3260	YGFzmHy.exe
3296	WLfOaWS.exe
3336	LXSPiPM.exe

Loads dropped DLL 64 IoCs

pid	Process
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2676-0-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/files/0x000a00000001202c-3.dat	upx
behavioral1/files/0x0008000000016c53-11.dat	upx
behavioral1/files/0x0008000000016ca5-10.dat	upx
behavioral1/files/0x0007000000016cfd-21.dat	upx
behavioral1/files/0x0007000000016d17-28.dat	upx
behavioral1/files/0x0009000000016d1f-33.dat	upx
behavioral1/files/0x0009000000016d27-37.dat	upx
behavioral1/files/0x0005000000019481-44.dat	upx
behavioral1/files/0x00050000000194e6-72.dat	upx
behavioral1/files/0x00050000000195fd-105.dat	upx
behavioral1/memory/1812-134-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x00050000000195fe-135.dat	upx
behavioral1/memory/2508-132-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2184-130-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2372-122-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/files/0x00050000000195fb-100.dat	upx
behavioral1/files/0x00050000000195f9-97.dat	upx
behavioral1/files/0x00050000000195f7-92.dat	upx
behavioral1/files/0x00050000000195c0-88.dat	upx
behavioral1/files/0x0005000000019603-155.dat	upx
behavioral1/files/0x00050000000195ff-147.dat	upx
behavioral1/memory/2792-264-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2808-257-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2676-1281-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2736-238-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2392-194-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2484-468-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2628-466-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2764-464-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2724-283-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2912-270-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2444-222-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x0005000000019615-163.dat	upx
behavioral1/files/0x0005000000019659-167.dat	upx
behavioral1/files/0x0005000000019605-161.dat	upx
behavioral1/files/0x0005000000019601-153.dat	upx
behavioral1/files/0x0009000000016846-143.dat	upx
behavioral1/files/0x0005000000019581-84.dat	upx
behavioral1/files/0x000500000001955c-80.dat	upx
behavioral1/files/0x0005000000019551-76.dat	upx
behavioral1/files/0x00050000000194e4-69.dat	upx
behavioral1/files/0x00050000000194da-64.dat	upx
behavioral1/files/0x00050000000194d0-60.dat	upx
behavioral1/files/0x00050000000194c6-56.dat	upx
behavioral1/files/0x000500000001949d-52.dat	upx
behavioral1/files/0x0005000000019490-48.dat	upx
behavioral1/files/0x000600000001946b-40.dat	upx
behavioral1/files/0x0007000000016d0e-25.dat	upx
behavioral1/memory/2808-3920-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2444-3927-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2392-3934-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2736-3935-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2372-3933-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2508-3932-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2792-3931-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2628-3930-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2724-3936-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/1812-3925-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2184-3923-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2764-3922-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2912-3926-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2484-3924-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\RTxhWEu.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hSeYmBz.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tzzyJgz.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zaBMGkh.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\luvDfJb.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LxMaozG.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kmeykzr.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yyoZrCu.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QfzXWeK.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvlfBuj.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WWYKPiK.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SxvsaMl.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aOvQmtZ.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IuplDTu.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LMSjDsR.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ERFngIi.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EvorThF.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qbraYoQ.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qCeHCqh.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LjCOuTc.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\osIckcc.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vVQYKfx.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHPEvjV.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DjbMxOj.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQHxGYl.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PoWuPtn.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRbxTny.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\djAjphE.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RaGQMsT.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kMQPVSk.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YGBLmvN.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hpwYceW.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LyjbEDT.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aLUGhHd.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wwLTbSR.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jlzaPEj.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bKTuDLx.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TpvRwYF.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cTRGjSf.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pIhfVSV.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oUKjbnD.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ebztWWF.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fGenxQa.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nscckck.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFMcbTn.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\scLOiFX.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DqMeFCZ.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDgmaEm.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkIbjYz.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yHUVQsL.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfsxHGr.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zNFNLyB.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KEfpcCQ.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdPUrxJ.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wThAycb.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZQXgxXQ.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqtRYYc.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ihghcom.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JRoaMCj.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SnHKkoL.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JeCqbmT.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHjhxwo.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbGYuWu.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JWCblfq.exe	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2484	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2676 wrote to memory of 2484	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2676 wrote to memory of 2484	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2676 wrote to memory of 2372	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2676 wrote to memory of 2372	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2676 wrote to memory of 2372	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2676 wrote to memory of 2184	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2676 wrote to memory of 2184	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2676 wrote to memory of 2184	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2676 wrote to memory of 2508	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2676 wrote to memory of 2508	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2676 wrote to memory of 2508	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2676 wrote to memory of 1812	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2676 wrote to memory of 1812	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2676 wrote to memory of 1812	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2676 wrote to memory of 2392	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2676 wrote to memory of 2392	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2676 wrote to memory of 2392	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2676 wrote to memory of 2444	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2676 wrote to memory of 2444	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2676 wrote to memory of 2444	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2676 wrote to memory of 2736	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2676 wrote to memory of 2736	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2676 wrote to memory of 2736	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2676 wrote to memory of 2808	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2676 wrote to memory of 2808	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2676 wrote to memory of 2808	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2676 wrote to memory of 2792	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2676 wrote to memory of 2792	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2676 wrote to memory of 2792	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2676 wrote to memory of 2912	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2676 wrote to memory of 2912	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2676 wrote to memory of 2912	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2676 wrote to memory of 2724	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2676 wrote to memory of 2724	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2676 wrote to memory of 2724	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2676 wrote to memory of 2764	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2676 wrote to memory of 2764	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2676 wrote to memory of 2764	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2676 wrote to memory of 2628	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2676 wrote to memory of 2628	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2676 wrote to memory of 2628	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2676 wrote to memory of 2932	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2676 wrote to memory of 2932	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2676 wrote to memory of 2932	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2676 wrote to memory of 2640	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2676 wrote to memory of 2640	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2676 wrote to memory of 2640	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2676 wrote to memory of 2596	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2676 wrote to memory of 2596	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2676 wrote to memory of 2596	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2676 wrote to memory of 2656	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2676 wrote to memory of 2656	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2676 wrote to memory of 2656	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2676 wrote to memory of 3056	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2676 wrote to memory of 3056	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2676 wrote to memory of 3056	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2676 wrote to memory of 2360	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2676 wrote to memory of 2360	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2676 wrote to memory of 2360	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2676 wrote to memory of 1172	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2676 wrote to memory of 1172	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2676 wrote to memory of 1172	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2676 wrote to memory of 984	2676	2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-27_c240cb70fc57435c205cb407f1cf4802_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Windows\System\DQTMmxl.exe
  C:\Windows\System\DQTMmxl.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\DgAJhPh.exe
  C:\Windows\System\DgAJhPh.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\xiInYVb.exe
  C:\Windows\System\xiInYVb.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\PChDKTt.exe
  C:\Windows\System\PChDKTt.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\vNwiUkd.exe
  C:\Windows\System\vNwiUkd.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\fNwdDFM.exe
  C:\Windows\System\fNwdDFM.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\dOjSiHH.exe
  C:\Windows\System\dOjSiHH.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\mjMDMqD.exe
  C:\Windows\System\mjMDMqD.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\AMmiwrB.exe
  C:\Windows\System\AMmiwrB.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\jwLWSWK.exe
  C:\Windows\System\jwLWSWK.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\RsoExlB.exe
  C:\Windows\System\RsoExlB.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\QUJexxN.exe
  C:\Windows\System\QUJexxN.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\BubgwQj.exe
  C:\Windows\System\BubgwQj.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\BADDuUM.exe
  C:\Windows\System\BADDuUM.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\XXEjUQh.exe
  C:\Windows\System\XXEjUQh.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\QGBWVJy.exe
  C:\Windows\System\QGBWVJy.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\FBSieSt.exe
  C:\Windows\System\FBSieSt.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\oXzrCVq.exe
  C:\Windows\System\oXzrCVq.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\nCnpBvE.exe
  C:\Windows\System\nCnpBvE.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\fRaylXm.exe
  C:\Windows\System\fRaylXm.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\GxfiIdR.exe
  C:\Windows\System\GxfiIdR.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\zaBMGkh.exe
  C:\Windows\System\zaBMGkh.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\wwLTbSR.exe
  C:\Windows\System\wwLTbSR.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\fXthkkV.exe
  C:\Windows\System\fXthkkV.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\XLorjeH.exe
  C:\Windows\System\XLorjeH.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\DLmsFez.exe
  C:\Windows\System\DLmsFez.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\usVgJCF.exe
  C:\Windows\System\usVgJCF.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\rHYvLuo.exe
  C:\Windows\System\rHYvLuo.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\RfCfRcl.exe
  C:\Windows\System\RfCfRcl.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\GWqXfzN.exe
  C:\Windows\System\GWqXfzN.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\YySIWCI.exe
  C:\Windows\System\YySIWCI.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\fHsZsxP.exe
  C:\Windows\System\fHsZsxP.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\rnePgNW.exe
  C:\Windows\System\rnePgNW.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\fuJVVbu.exe
  C:\Windows\System\fuJVVbu.exe
  2⤵
  PID:1168
- C:\Windows\System\KQATpjY.exe
  C:\Windows\System\KQATpjY.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\qznZUGa.exe
  C:\Windows\System\qznZUGa.exe
  2⤵
  PID:1764
- C:\Windows\System\vAFYWgZ.exe
  C:\Windows\System\vAFYWgZ.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\WubxMeS.exe
  C:\Windows\System\WubxMeS.exe
  2⤵
  PID:672
- C:\Windows\System\gMboKSx.exe
  C:\Windows\System\gMboKSx.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\ohNVRmu.exe
  C:\Windows\System\ohNVRmu.exe
  2⤵
  PID:316
- C:\Windows\System\xcnjJPk.exe
  C:\Windows\System\xcnjJPk.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\GMyyOew.exe
  C:\Windows\System\GMyyOew.exe
  2⤵
  PID:1280
- C:\Windows\System\rIXmrqi.exe
  C:\Windows\System\rIXmrqi.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\cJleMKU.exe
  C:\Windows\System\cJleMKU.exe
  2⤵
  PID:1688
- C:\Windows\System\WhOzkNo.exe
  C:\Windows\System\WhOzkNo.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\lpCZYTN.exe
  C:\Windows\System\lpCZYTN.exe
  2⤵
  PID:856
- C:\Windows\System\AYsBusL.exe
  C:\Windows\System\AYsBusL.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\fXVGQgy.exe
  C:\Windows\System\fXVGQgy.exe
  2⤵
  PID:1724
- C:\Windows\System\ZQXgxXQ.exe
  C:\Windows\System\ZQXgxXQ.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\RRlVqrt.exe
  C:\Windows\System\RRlVqrt.exe
  2⤵
  PID:296
- C:\Windows\System\WhaNOoM.exe
  C:\Windows\System\WhaNOoM.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\RfiBlsZ.exe
  C:\Windows\System\RfiBlsZ.exe
  2⤵
  PID:1752
- C:\Windows\System\MAfKPfF.exe
  C:\Windows\System\MAfKPfF.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\kyWsYSV.exe
  C:\Windows\System\kyWsYSV.exe
  2⤵
  PID:2560
- C:\Windows\System\MzHdTCL.exe
  C:\Windows\System\MzHdTCL.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\FqEhYNz.exe
  C:\Windows\System\FqEhYNz.exe
  2⤵
  PID:2304
- C:\Windows\System\gpPiWdo.exe
  C:\Windows\System\gpPiWdo.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\vjLmwmX.exe
  C:\Windows\System\vjLmwmX.exe
  2⤵
  PID:2220
- C:\Windows\System\NDKfDvM.exe
  C:\Windows\System\NDKfDvM.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\yGKaTeh.exe
  C:\Windows\System\yGKaTeh.exe
  2⤵
  PID:1532
- C:\Windows\System\nvTMpEU.exe
  C:\Windows\System\nvTMpEU.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\TTQRoAP.exe
  C:\Windows\System\TTQRoAP.exe
  2⤵
  PID:2368
- C:\Windows\System\QSgBovT.exe
  C:\Windows\System\QSgBovT.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\VtrwQiz.exe
  C:\Windows\System\VtrwQiz.exe
  2⤵
  PID:2060
- C:\Windows\System\XKxmdTP.exe
  C:\Windows\System\XKxmdTP.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\FayDckE.exe
  C:\Windows\System\FayDckE.exe
  2⤵
  PID:2872
- C:\Windows\System\OJWyxGt.exe
  C:\Windows\System\OJWyxGt.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\LttjygO.exe
  C:\Windows\System\LttjygO.exe
  2⤵
  PID:2680
- C:\Windows\System\ZYdPPYe.exe
  C:\Windows\System\ZYdPPYe.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\fuuGQtk.exe
  C:\Windows\System\fuuGQtk.exe
  2⤵
  PID:3052
- C:\Windows\System\ZqOVtDS.exe
  C:\Windows\System\ZqOVtDS.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\yDcHXYF.exe
  C:\Windows\System\yDcHXYF.exe
  2⤵
  PID:3068
- C:\Windows\System\pVxtelh.exe
  C:\Windows\System\pVxtelh.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\MUGLqYD.exe
  C:\Windows\System\MUGLqYD.exe
  2⤵
  PID:1376
- C:\Windows\System\yqFOxnn.exe
  C:\Windows\System\yqFOxnn.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\ytIOBlB.exe
  C:\Windows\System\ytIOBlB.exe
  2⤵
  PID:2944
- C:\Windows\System\GbiQQHq.exe
  C:\Windows\System\GbiQQHq.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\QfhAtbd.exe
  C:\Windows\System\QfhAtbd.exe
  2⤵
  PID:2224
- C:\Windows\System\qXWwsdo.exe
  C:\Windows\System\qXWwsdo.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\usubghV.exe
  C:\Windows\System\usubghV.exe
  2⤵
  PID:3076
- C:\Windows\System\BtJFSNV.exe
  C:\Windows\System\BtJFSNV.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\OwakbAH.exe
  C:\Windows\System\OwakbAH.exe
  2⤵
  PID:3108
- C:\Windows\System\KuoCoIi.exe
  C:\Windows\System\KuoCoIi.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\VXcGHSf.exe
  C:\Windows\System\VXcGHSf.exe
  2⤵
  PID:3140
- C:\Windows\System\nPwSWrn.exe
  C:\Windows\System\nPwSWrn.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\GkIbjYz.exe
  C:\Windows\System\GkIbjYz.exe
  2⤵
  PID:3172
- C:\Windows\System\ZSIAjOa.exe
  C:\Windows\System\ZSIAjOa.exe
  2⤵
  - Executes dropped EXE
  PID:3192
- C:\Windows\System\WbjQYYt.exe
  C:\Windows\System\WbjQYYt.exe
  2⤵
  PID:3208
- C:\Windows\System\xDlYyFZ.exe
  C:\Windows\System\xDlYyFZ.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\tZgajfq.exe
  C:\Windows\System\tZgajfq.exe
  2⤵
  PID:3244
- C:\Windows\System\YGFzmHy.exe
  C:\Windows\System\YGFzmHy.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\legeoHf.exe
  C:\Windows\System\legeoHf.exe
  2⤵
  PID:3280
- C:\Windows\System\WLfOaWS.exe
  C:\Windows\System\WLfOaWS.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\BDKuTmE.exe
  C:\Windows\System\BDKuTmE.exe
  2⤵
  PID:3312
- C:\Windows\System\LXSPiPM.exe
  C:\Windows\System\LXSPiPM.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\MrhYjLU.exe
  C:\Windows\System\MrhYjLU.exe
  2⤵
  PID:3352
- C:\Windows\System\lyIuRMp.exe
  C:\Windows\System\lyIuRMp.exe
  2⤵
  PID:3368
- C:\Windows\System\XcMNrFb.exe
  C:\Windows\System\XcMNrFb.exe
  2⤵
  PID:3388
- C:\Windows\System\tkLoJag.exe
  C:\Windows\System\tkLoJag.exe
  2⤵
  PID:3404
- C:\Windows\System\DXWKeVk.exe
  C:\Windows\System\DXWKeVk.exe
  2⤵
  PID:3424
- C:\Windows\System\xKJhOle.exe
  C:\Windows\System\xKJhOle.exe
  2⤵
  PID:3440
- C:\Windows\System\WzJPgrz.exe
  C:\Windows\System\WzJPgrz.exe
  2⤵
  PID:3456
- C:\Windows\System\XSUdClf.exe
  C:\Windows\System\XSUdClf.exe
  2⤵
  PID:3472
- C:\Windows\System\amiOPev.exe
  C:\Windows\System\amiOPev.exe
  2⤵
  PID:3492
- C:\Windows\System\yHUVQsL.exe
  C:\Windows\System\yHUVQsL.exe
  2⤵
  PID:3508
- C:\Windows\System\nscckck.exe
  C:\Windows\System\nscckck.exe
  2⤵
  PID:3524
- C:\Windows\System\UFicsLT.exe
  C:\Windows\System\UFicsLT.exe
  2⤵
  PID:3540
- C:\Windows\System\iUxhsmL.exe
  C:\Windows\System\iUxhsmL.exe
  2⤵
  PID:3556
- C:\Windows\System\qDSQwHc.exe
  C:\Windows\System\qDSQwHc.exe
  2⤵
  PID:3572
- C:\Windows\System\zaaEHhp.exe
  C:\Windows\System\zaaEHhp.exe
  2⤵
  PID:3588
- C:\Windows\System\kEuqgCf.exe
  C:\Windows\System\kEuqgCf.exe
  2⤵
  PID:3604
- C:\Windows\System\uodrNti.exe
  C:\Windows\System\uodrNti.exe
  2⤵
  PID:3620
- C:\Windows\System\eMlpTHd.exe
  C:\Windows\System\eMlpTHd.exe
  2⤵
  PID:3636
- C:\Windows\System\ZnhkJsQ.exe
  C:\Windows\System\ZnhkJsQ.exe
  2⤵
  PID:3652
- C:\Windows\System\vPYIxgY.exe
  C:\Windows\System\vPYIxgY.exe
  2⤵
  PID:3668
- C:\Windows\System\BKQedUa.exe
  C:\Windows\System\BKQedUa.exe
  2⤵
  PID:3684
- C:\Windows\System\JxraWhX.exe
  C:\Windows\System\JxraWhX.exe
  2⤵
  PID:3704
- C:\Windows\System\cRAvrzf.exe
  C:\Windows\System\cRAvrzf.exe
  2⤵
  PID:3720
- C:\Windows\System\RTCVLVX.exe
  C:\Windows\System\RTCVLVX.exe
  2⤵
  PID:3736
- C:\Windows\System\HnGmogB.exe
  C:\Windows\System\HnGmogB.exe
  2⤵
  PID:3752
- C:\Windows\System\hPeSxuJ.exe
  C:\Windows\System\hPeSxuJ.exe
  2⤵
  PID:3768
- C:\Windows\System\ZsUIUnW.exe
  C:\Windows\System\ZsUIUnW.exe
  2⤵
  PID:3784
- C:\Windows\System\DRkONgp.exe
  C:\Windows\System\DRkONgp.exe
  2⤵
  PID:3908
- C:\Windows\System\cDAroim.exe
  C:\Windows\System\cDAroim.exe
  2⤵
  PID:3932
- C:\Windows\System\axUVpwG.exe
  C:\Windows\System\axUVpwG.exe
  2⤵
  PID:3948
- C:\Windows\System\qmmCdmF.exe
  C:\Windows\System\qmmCdmF.exe
  2⤵
  PID:3964
- C:\Windows\System\wPfsShY.exe
  C:\Windows\System\wPfsShY.exe
  2⤵
  PID:3980
- C:\Windows\System\GEnTJsI.exe
  C:\Windows\System\GEnTJsI.exe
  2⤵
  PID:4000
- C:\Windows\System\CRjqVYv.exe
  C:\Windows\System\CRjqVYv.exe
  2⤵
  PID:4016
- C:\Windows\System\ENeAmsb.exe
  C:\Windows\System\ENeAmsb.exe
  2⤵
  PID:4032
- C:\Windows\System\LqJoZQU.exe
  C:\Windows\System\LqJoZQU.exe
  2⤵
  PID:4048
- C:\Windows\System\aYQZKIt.exe
  C:\Windows\System\aYQZKIt.exe
  2⤵
  PID:4072
- C:\Windows\System\jaEwctW.exe
  C:\Windows\System\jaEwctW.exe
  2⤵
  PID:4088
- C:\Windows\System\pEExWAu.exe
  C:\Windows\System\pEExWAu.exe
  2⤵
  PID:2576
- C:\Windows\System\ItFIchv.exe
  C:\Windows\System\ItFIchv.exe
  2⤵
  PID:1432
- C:\Windows\System\ySehNDb.exe
  C:\Windows\System\ySehNDb.exe
  2⤵
  PID:2400
- C:\Windows\System\hmoJZKT.exe
  C:\Windows\System\hmoJZKT.exe
  2⤵
  PID:752
- C:\Windows\System\CfbASVn.exe
  C:\Windows\System\CfbASVn.exe
  2⤵
  PID:1968
- C:\Windows\System\MajkrQw.exe
  C:\Windows\System\MajkrQw.exe
  2⤵
  PID:3024
- C:\Windows\System\POmUBwP.exe
  C:\Windows\System\POmUBwP.exe
  2⤵
  PID:1996
- C:\Windows\System\gmmGvXI.exe
  C:\Windows\System\gmmGvXI.exe
  2⤵
  PID:2168
- C:\Windows\System\WtvKJIv.exe
  C:\Windows\System\WtvKJIv.exe
  2⤵
  PID:2468
- C:\Windows\System\DPguBEw.exe
  C:\Windows\System\DPguBEw.exe
  2⤵
  PID:2992
- C:\Windows\System\hMBCPGN.exe
  C:\Windows\System\hMBCPGN.exe
  2⤵
  PID:3048
- C:\Windows\System\cdUGyFT.exe
  C:\Windows\System\cdUGyFT.exe
  2⤵
  PID:1208
- C:\Windows\System\xXfZxzv.exe
  C:\Windows\System\xXfZxzv.exe
  2⤵
  PID:2940
- C:\Windows\System\thHivON.exe
  C:\Windows\System\thHivON.exe
  2⤵
  PID:3100
- C:\Windows\System\xSeLJjN.exe
  C:\Windows\System\xSeLJjN.exe
  2⤵
  PID:3164
- C:\Windows\System\QnDRjcc.exe
  C:\Windows\System\QnDRjcc.exe
  2⤵
  PID:3204
- C:\Windows\System\AHnupeK.exe
  C:\Windows\System\AHnupeK.exe
  2⤵
  PID:3188
- C:\Windows\System\cYlyYsq.exe
  C:\Windows\System\cYlyYsq.exe
  2⤵
  PID:3288
- C:\Windows\System\HtqmjNG.exe
  C:\Windows\System\HtqmjNG.exe
  2⤵
  PID:3328
- C:\Windows\System\CGNDqWR.exe
  C:\Windows\System\CGNDqWR.exe
  2⤵
  PID:3396
- C:\Windows\System\scfsELq.exe
  C:\Windows\System\scfsELq.exe
  2⤵
  PID:3464
- C:\Windows\System\DLpReIm.exe
  C:\Windows\System\DLpReIm.exe
  2⤵
  PID:3564
- C:\Windows\System\HVwiNiL.exe
  C:\Windows\System\HVwiNiL.exe
  2⤵
  PID:3600
- C:\Windows\System\oWBkmwy.exe
  C:\Windows\System\oWBkmwy.exe
  2⤵
  PID:3696
- C:\Windows\System\kQCGcQB.exe
  C:\Windows\System\kQCGcQB.exe
  2⤵
  PID:3792
- C:\Windows\System\gQtGmqZ.exe
  C:\Windows\System\gQtGmqZ.exe
  2⤵
  PID:3820
- C:\Windows\System\emcjFJI.exe
  C:\Windows\System\emcjFJI.exe
  2⤵
  PID:3840
- C:\Windows\System\OViysym.exe
  C:\Windows\System\OViysym.exe
  2⤵
  PID:3860
- C:\Windows\System\wpYbdhM.exe
  C:\Windows\System\wpYbdhM.exe
  2⤵
  PID:3884
- C:\Windows\System\IyrckiQ.exe
  C:\Windows\System\IyrckiQ.exe
  2⤵
  PID:3904
- C:\Windows\System\PeZIMar.exe
  C:\Windows\System\PeZIMar.exe
  2⤵
  PID:4008
- C:\Windows\System\IWqBVdG.exe
  C:\Windows\System\IWqBVdG.exe
  2⤵
  PID:4084
- C:\Windows\System\OcqLAvp.exe
  C:\Windows\System\OcqLAvp.exe
  2⤵
  PID:1684
- C:\Windows\System\qQlzZKP.exe
  C:\Windows\System\qQlzZKP.exe
  2⤵
  PID:2900
- C:\Windows\System\EKpyEvj.exe
  C:\Windows\System\EKpyEvj.exe
  2⤵
  PID:3200
- C:\Windows\System\FShHrvP.exe
  C:\Windows\System\FShHrvP.exe
  2⤵
  PID:2952
- C:\Windows\System\BWPgYtI.exe
  C:\Windows\System\BWPgYtI.exe
  2⤵
  PID:1592
- C:\Windows\System\yoUNERh.exe
  C:\Windows\System\yoUNERh.exe
  2⤵
  PID:2696
- C:\Windows\System\SrpiZkz.exe
  C:\Windows\System\SrpiZkz.exe
  2⤵
  PID:1972
- C:\Windows\System\OLDwyRh.exe
  C:\Windows\System\OLDwyRh.exe
  2⤵
  PID:1448
- C:\Windows\System\EemNDRO.exe
  C:\Windows\System\EemNDRO.exe
  2⤵
  PID:1580
- C:\Windows\System\TocFufU.exe
  C:\Windows\System\TocFufU.exe
  2⤵
  PID:1664
- C:\Windows\System\VPOitBZ.exe
  C:\Windows\System\VPOitBZ.exe
  2⤵
  PID:1784
- C:\Windows\System\mAQCxYn.exe
  C:\Windows\System\mAQCxYn.exe
  2⤵
  PID:1220
- C:\Windows\System\vLLDjVy.exe
  C:\Windows\System\vLLDjVy.exe
  2⤵
  PID:3648
- C:\Windows\System\RjMNSvU.exe
  C:\Windows\System\RjMNSvU.exe
  2⤵
  PID:3744
- C:\Windows\System\WsiXOvp.exe
  C:\Windows\System\WsiXOvp.exe
  2⤵
  PID:3916
- C:\Windows\System\DEFRtSk.exe
  C:\Windows\System\DEFRtSk.exe
  2⤵
  PID:3988
- C:\Windows\System\LfLkPuI.exe
  C:\Windows\System\LfLkPuI.exe
  2⤵
  PID:4056
- C:\Windows\System\PLItMnq.exe
  C:\Windows\System\PLItMnq.exe
  2⤵
  PID:2068
- C:\Windows\System\iKemxuH.exe
  C:\Windows\System\iKemxuH.exe
  2⤵
  PID:1792
- C:\Windows\System\kMQPVSk.exe
  C:\Windows\System\kMQPVSk.exe
  2⤵
  PID:2492
- C:\Windows\System\AeehGEt.exe
  C:\Windows\System\AeehGEt.exe
  2⤵
  PID:1616
- C:\Windows\System\KNkQvhZ.exe
  C:\Windows\System\KNkQvhZ.exe
  2⤵
  PID:1076
- C:\Windows\System\VQximtF.exe
  C:\Windows\System\VQximtF.exe
  2⤵
  PID:2824
- C:\Windows\System\mwDUkwB.exe
  C:\Windows\System\mwDUkwB.exe
  2⤵
  PID:2608
- C:\Windows\System\XUwNCDo.exe
  C:\Windows\System\XUwNCDo.exe
  2⤵
  PID:3148
- C:\Windows\System\DEyothX.exe
  C:\Windows\System\DEyothX.exe
  2⤵
  PID:3220
- C:\Windows\System\oJZBsVs.exe
  C:\Windows\System\oJZBsVs.exe
  2⤵
  PID:3252
- C:\Windows\System\AoMDlXZ.exe
  C:\Windows\System\AoMDlXZ.exe
  2⤵
  PID:3732
- C:\Windows\System\fbrpHCx.exe
  C:\Windows\System\fbrpHCx.exe
  2⤵
  PID:3500
- C:\Windows\System\tJuObxq.exe
  C:\Windows\System\tJuObxq.exe
  2⤵
  PID:3660
- C:\Windows\System\DwPcqiB.exe
  C:\Windows\System\DwPcqiB.exe
  2⤵
  PID:3872
- C:\Windows\System\WZQrwWu.exe
  C:\Windows\System\WZQrwWu.exe
  2⤵
  PID:3808
- C:\Windows\System\FpVlYFt.exe
  C:\Windows\System\FpVlYFt.exe
  2⤵
  PID:3892
- C:\Windows\System\tNTxRBa.exe
  C:\Windows\System\tNTxRBa.exe
  2⤵
  PID:3972
- C:\Windows\System\XnpbRJF.exe
  C:\Windows\System\XnpbRJF.exe
  2⤵
  PID:1548
- C:\Windows\System\YfuCVMS.exe
  C:\Windows\System\YfuCVMS.exe
  2⤵
  PID:2076
- C:\Windows\System\EcJIQPL.exe
  C:\Windows\System\EcJIQPL.exe
  2⤵
  PID:1012
- C:\Windows\System\CMXEUeV.exe
  C:\Windows\System\CMXEUeV.exe
  2⤵
  PID:2892
- C:\Windows\System\GDbLaxO.exe
  C:\Windows\System\GDbLaxO.exe
  2⤵
  PID:2756
- C:\Windows\System\ijtoErO.exe
  C:\Windows\System\ijtoErO.exe
  2⤵
  PID:956
- C:\Windows\System\CcVpdPn.exe
  C:\Windows\System\CcVpdPn.exe
  2⤵
  PID:3008
- C:\Windows\System\jrKdeGm.exe
  C:\Windows\System\jrKdeGm.exe
  2⤵
  PID:948
- C:\Windows\System\AFNZrvo.exe
  C:\Windows\System\AFNZrvo.exe
  2⤵
  PID:3676
- C:\Windows\System\JNSoSzW.exe
  C:\Windows\System\JNSoSzW.exe
  2⤵
  PID:3924
- C:\Windows\System\hIxVLCn.exe
  C:\Windows\System\hIxVLCn.exe
  2⤵
  PID:1412
- C:\Windows\System\JhfFsjm.exe
  C:\Windows\System\JhfFsjm.exe
  2⤵
  PID:3960
- C:\Windows\System\QpcmYDM.exe
  C:\Windows\System\QpcmYDM.exe
  2⤵
  PID:408
- C:\Windows\System\qksQzSd.exe
  C:\Windows\System\qksQzSd.exe
  2⤵
  PID:3420
- C:\Windows\System\ENxnLaP.exe
  C:\Windows\System\ENxnLaP.exe
  2⤵
  PID:3136
- C:\Windows\System\muplJBX.exe
  C:\Windows\System\muplJBX.exe
  2⤵
  PID:3116
- C:\Windows\System\chyYzFp.exe
  C:\Windows\System\chyYzFp.exe
  2⤵
  PID:3436
- C:\Windows\System\xNSCjNL.exe
  C:\Windows\System\xNSCjNL.exe
  2⤵
  PID:3728
- C:\Windows\System\zOIsvsN.exe
  C:\Windows\System\zOIsvsN.exe
  2⤵
  PID:3868
- C:\Windows\System\yCsuUgi.exe
  C:\Windows\System\yCsuUgi.exe
  2⤵
  PID:3880
- C:\Windows\System\rMMfbzp.exe
  C:\Windows\System\rMMfbzp.exe
  2⤵
  PID:3900
- C:\Windows\System\afYSwyu.exe
  C:\Windows\System\afYSwyu.exe
  2⤵
  PID:3956
- C:\Windows\System\pMlQdQf.exe
  C:\Windows\System\pMlQdQf.exe
  2⤵
  PID:2004
- C:\Windows\System\IZTafPZ.exe
  C:\Windows\System\IZTafPZ.exe
  2⤵
  PID:4112
- C:\Windows\System\IKNpSek.exe
  C:\Windows\System\IKNpSek.exe
  2⤵
  PID:4132
- C:\Windows\System\dwbrOSd.exe
  C:\Windows\System\dwbrOSd.exe
  2⤵
  PID:4152
- C:\Windows\System\ibuBtMs.exe
  C:\Windows\System\ibuBtMs.exe
  2⤵
  PID:4172
- C:\Windows\System\ICdPmZw.exe
  C:\Windows\System\ICdPmZw.exe
  2⤵
  PID:4192
- C:\Windows\System\aGkQPIA.exe
  C:\Windows\System\aGkQPIA.exe
  2⤵
  PID:4212
- C:\Windows\System\zVZYOaO.exe
  C:\Windows\System\zVZYOaO.exe
  2⤵
  PID:4232
- C:\Windows\System\guTjAhS.exe
  C:\Windows\System\guTjAhS.exe
  2⤵
  PID:4252
- C:\Windows\System\iCpfids.exe
  C:\Windows\System\iCpfids.exe
  2⤵
  PID:4272
- C:\Windows\System\YQJdQjP.exe
  C:\Windows\System\YQJdQjP.exe
  2⤵
  PID:4292
- C:\Windows\System\GitXmpC.exe
  C:\Windows\System\GitXmpC.exe
  2⤵
  PID:4312
- C:\Windows\System\ruZTkPw.exe
  C:\Windows\System\ruZTkPw.exe
  2⤵
  PID:4332
- C:\Windows\System\glaxWHq.exe
  C:\Windows\System\glaxWHq.exe
  2⤵
  PID:4352
- C:\Windows\System\YiMbeDl.exe
  C:\Windows\System\YiMbeDl.exe
  2⤵
  PID:4372
- C:\Windows\System\SiWzbPB.exe
  C:\Windows\System\SiWzbPB.exe
  2⤵
  PID:4392
- C:\Windows\System\orBvHEt.exe
  C:\Windows\System\orBvHEt.exe
  2⤵
  PID:4412
- C:\Windows\System\wQCYyNP.exe
  C:\Windows\System\wQCYyNP.exe
  2⤵
  PID:4432
- C:\Windows\System\cslgnCA.exe
  C:\Windows\System\cslgnCA.exe
  2⤵
  PID:4452
- C:\Windows\System\VFqZELX.exe
  C:\Windows\System\VFqZELX.exe
  2⤵
  PID:4472
- C:\Windows\System\MBSUUWg.exe
  C:\Windows\System\MBSUUWg.exe
  2⤵
  PID:4492
- C:\Windows\System\LApmLvU.exe
  C:\Windows\System\LApmLvU.exe
  2⤵
  PID:4512
- C:\Windows\System\KrcyXTm.exe
  C:\Windows\System\KrcyXTm.exe
  2⤵
  PID:4532
- C:\Windows\System\apMChQV.exe
  C:\Windows\System\apMChQV.exe
  2⤵
  PID:4552
- C:\Windows\System\hlRtkLh.exe
  C:\Windows\System\hlRtkLh.exe
  2⤵
  PID:4572
- C:\Windows\System\JrrzSeh.exe
  C:\Windows\System\JrrzSeh.exe
  2⤵
  PID:4592
- C:\Windows\System\RbTZpBJ.exe
  C:\Windows\System\RbTZpBJ.exe
  2⤵
  PID:4612
- C:\Windows\System\jVeJqwR.exe
  C:\Windows\System\jVeJqwR.exe
  2⤵
  PID:4632
- C:\Windows\System\cbCFfFQ.exe
  C:\Windows\System\cbCFfFQ.exe
  2⤵
  PID:4652
- C:\Windows\System\KSplPap.exe
  C:\Windows\System\KSplPap.exe
  2⤵
  PID:4672
- C:\Windows\System\ItnuAdh.exe
  C:\Windows\System\ItnuAdh.exe
  2⤵
  PID:4692
- C:\Windows\System\PKYHBIb.exe
  C:\Windows\System\PKYHBIb.exe
  2⤵
  PID:4712
- C:\Windows\System\UrZJrKJ.exe
  C:\Windows\System\UrZJrKJ.exe
  2⤵
  PID:4732
- C:\Windows\System\AGJphzX.exe
  C:\Windows\System\AGJphzX.exe
  2⤵
  PID:4752
- C:\Windows\System\LkkqyDc.exe
  C:\Windows\System\LkkqyDc.exe
  2⤵
  PID:4772
- C:\Windows\System\pABEzIt.exe
  C:\Windows\System\pABEzIt.exe
  2⤵
  PID:4792
- C:\Windows\System\zKFkbzr.exe
  C:\Windows\System\zKFkbzr.exe
  2⤵
  PID:4812
- C:\Windows\System\HShKcHH.exe
  C:\Windows\System\HShKcHH.exe
  2⤵
  PID:4832
- C:\Windows\System\zUZovWj.exe
  C:\Windows\System\zUZovWj.exe
  2⤵
  PID:4852
- C:\Windows\System\qOeOeja.exe
  C:\Windows\System\qOeOeja.exe
  2⤵
  PID:4872
- C:\Windows\System\FzKdnjW.exe
  C:\Windows\System\FzKdnjW.exe
  2⤵
  PID:4892
- C:\Windows\System\JWCblfq.exe
  C:\Windows\System\JWCblfq.exe
  2⤵
  PID:4912
- C:\Windows\System\RaGQMsT.exe
  C:\Windows\System\RaGQMsT.exe
  2⤵
  PID:4936
- C:\Windows\System\RJtodZX.exe
  C:\Windows\System\RJtodZX.exe
  2⤵
  PID:4952
- C:\Windows\System\jDqXEpr.exe
  C:\Windows\System\jDqXEpr.exe
  2⤵
  PID:4972
- C:\Windows\System\VERILsy.exe
  C:\Windows\System\VERILsy.exe
  2⤵
  PID:4992
- C:\Windows\System\YpcfQMD.exe
  C:\Windows\System\YpcfQMD.exe
  2⤵
  PID:5012
- C:\Windows\System\RjptBwQ.exe
  C:\Windows\System\RjptBwQ.exe
  2⤵
  PID:5028
- C:\Windows\System\JTSieIM.exe
  C:\Windows\System\JTSieIM.exe
  2⤵
  PID:5044
- C:\Windows\System\CvDWrxS.exe
  C:\Windows\System\CvDWrxS.exe
  2⤵
  PID:5076
- C:\Windows\System\IZnLXcO.exe
  C:\Windows\System\IZnLXcO.exe
  2⤵
  PID:5092
- C:\Windows\System\amYrgMH.exe
  C:\Windows\System\amYrgMH.exe
  2⤵
  PID:5108
- C:\Windows\System\RbCMHhD.exe
  C:\Windows\System\RbCMHhD.exe
  2⤵
  PID:2044
- C:\Windows\System\qYVLDJU.exe
  C:\Windows\System\qYVLDJU.exe
  2⤵
  PID:3812
- C:\Windows\System\ufCFfIy.exe
  C:\Windows\System\ufCFfIy.exe
  2⤵
  PID:548
- C:\Windows\System\xdidhse.exe
  C:\Windows\System\xdidhse.exe
  2⤵
  PID:3612
- C:\Windows\System\XwDqCUO.exe
  C:\Windows\System\XwDqCUO.exe
  2⤵
  PID:3716
- C:\Windows\System\PAhZTEZ.exe
  C:\Windows\System\PAhZTEZ.exe
  2⤵
  PID:3020
- C:\Windows\System\SsJobSp.exe
  C:\Windows\System\SsJobSp.exe
  2⤵
  PID:1540
- C:\Windows\System\ipmmECm.exe
  C:\Windows\System\ipmmECm.exe
  2⤵
  PID:1736
- C:\Windows\System\PhjkFBL.exe
  C:\Windows\System\PhjkFBL.exe
  2⤵
  PID:3832
- C:\Windows\System\iKYHatW.exe
  C:\Windows\System\iKYHatW.exe
  2⤵
  PID:3532
- C:\Windows\System\OgvGWyQ.exe
  C:\Windows\System\OgvGWyQ.exe
  2⤵
  PID:3852
- C:\Windows\System\ZqyOdxC.exe
  C:\Windows\System\ZqyOdxC.exe
  2⤵
  PID:880
- C:\Windows\System\wtYerJr.exe
  C:\Windows\System\wtYerJr.exe
  2⤵
  PID:4120
- C:\Windows\System\ueqQpaW.exe
  C:\Windows\System\ueqQpaW.exe
  2⤵
  PID:4148
- C:\Windows\System\noHFlMk.exe
  C:\Windows\System\noHFlMk.exe
  2⤵
  PID:4200
- C:\Windows\System\XzfOuYF.exe
  C:\Windows\System\XzfOuYF.exe
  2⤵
  PID:4204
- C:\Windows\System\wkxmYLX.exe
  C:\Windows\System\wkxmYLX.exe
  2⤵
  PID:4240
- C:\Windows\System\ptBZatX.exe
  C:\Windows\System\ptBZatX.exe
  2⤵
  PID:4284
- C:\Windows\System\PhidPdr.exe
  C:\Windows\System\PhidPdr.exe
  2⤵
  PID:4320
- C:\Windows\System\bGSuuHh.exe
  C:\Windows\System\bGSuuHh.exe
  2⤵
  PID:4368
- C:\Windows\System\IrYkZdw.exe
  C:\Windows\System\IrYkZdw.exe
  2⤵
  PID:4400
- C:\Windows\System\aUZTjyr.exe
  C:\Windows\System\aUZTjyr.exe
  2⤵
  PID:4384
- C:\Windows\System\boqTqEW.exe
  C:\Windows\System\boqTqEW.exe
  2⤵
  PID:4424
- C:\Windows\System\fJJTLkl.exe
  C:\Windows\System\fJJTLkl.exe
  2⤵
  PID:4488
- C:\Windows\System\GQMStVD.exe
  C:\Windows\System\GQMStVD.exe
  2⤵
  PID:4504
- C:\Windows\System\DxDUDVC.exe
  C:\Windows\System\DxDUDVC.exe
  2⤵
  PID:4564
- C:\Windows\System\iaPKMpN.exe
  C:\Windows\System\iaPKMpN.exe
  2⤵
  PID:4580
- C:\Windows\System\AfneipI.exe
  C:\Windows\System\AfneipI.exe
  2⤵
  PID:4584
- C:\Windows\System\CAkWUcl.exe
  C:\Windows\System\CAkWUcl.exe
  2⤵
  PID:4628
- C:\Windows\System\cRXViab.exe
  C:\Windows\System\cRXViab.exe
  2⤵
  PID:4660
- C:\Windows\System\oXKiQbf.exe
  C:\Windows\System\oXKiQbf.exe
  2⤵
  PID:4720
- C:\Windows\System\btvssFd.exe
  C:\Windows\System\btvssFd.exe
  2⤵
  PID:4708
- C:\Windows\System\TpvRwYF.exe
  C:\Windows\System\TpvRwYF.exe
  2⤵
  PID:4800
- C:\Windows\System\yIMGeuP.exe
  C:\Windows\System\yIMGeuP.exe
  2⤵
  PID:4748
- C:\Windows\System\pWReItE.exe
  C:\Windows\System\pWReItE.exe
  2⤵
  PID:4840
- C:\Windows\System\xoNbxmN.exe
  C:\Windows\System\xoNbxmN.exe
  2⤵
  PID:4888
- C:\Windows\System\ZgKspqJ.exe
  C:\Windows\System\ZgKspqJ.exe
  2⤵
  PID:4828
- C:\Windows\System\lHltMsv.exe
  C:\Windows\System\lHltMsv.exe
  2⤵
  PID:4924
- C:\Windows\System\FTOnAYG.exe
  C:\Windows\System\FTOnAYG.exe
  2⤵
  PID:4968
- C:\Windows\System\UzkwocX.exe
  C:\Windows\System\UzkwocX.exe
  2⤵
  PID:4900
- C:\Windows\System\sZXBmqS.exe
  C:\Windows\System\sZXBmqS.exe
  2⤵
  PID:5040
- C:\Windows\System\WqslFrM.exe
  C:\Windows\System\WqslFrM.exe
  2⤵
  PID:4988
- C:\Windows\System\CzQXrTs.exe
  C:\Windows\System\CzQXrTs.exe
  2⤵
  PID:5088
- C:\Windows\System\dDGKBsc.exe
  C:\Windows\System\dDGKBsc.exe
  2⤵
  PID:3712
- C:\Windows\System\mCWCpLs.exe
  C:\Windows\System\mCWCpLs.exe
  2⤵
  PID:3616
- C:\Windows\System\nvHnlPF.exe
  C:\Windows\System\nvHnlPF.exe
  2⤵
  PID:2380
- C:\Windows\System\OmOujpj.exe
  C:\Windows\System\OmOujpj.exe
  2⤵
  PID:3152
- C:\Windows\System\gLaDUbW.exe
  C:\Windows\System\gLaDUbW.exe
  2⤵
  PID:4068
- C:\Windows\System\UUenxMc.exe
  C:\Windows\System\UUenxMc.exe
  2⤵
  PID:3088
- C:\Windows\System\GeVOspA.exe
  C:\Windows\System\GeVOspA.exe
  2⤵
  PID:3836
- C:\Windows\System\GnHxJkr.exe
  C:\Windows\System\GnHxJkr.exe
  2⤵
  PID:3976
- C:\Windows\System\aeZkDIN.exe
  C:\Windows\System\aeZkDIN.exe
  2⤵
  PID:4164
- C:\Windows\System\LMSjDsR.exe
  C:\Windows\System\LMSjDsR.exe
  2⤵
  PID:4140
- C:\Windows\System\oCAODXE.exe
  C:\Windows\System\oCAODXE.exe
  2⤵
  PID:4244
- C:\Windows\System\DbZQebA.exe
  C:\Windows\System\DbZQebA.exe
  2⤵
  PID:4280
- C:\Windows\System\EqqcJfB.exe
  C:\Windows\System\EqqcJfB.exe
  2⤵
  PID:4328
- C:\Windows\System\SprZnji.exe
  C:\Windows\System\SprZnji.exe
  2⤵
  PID:4420
- C:\Windows\System\oPwHZuW.exe
  C:\Windows\System\oPwHZuW.exe
  2⤵
  PID:4500
- C:\Windows\System\NWJceBy.exe
  C:\Windows\System\NWJceBy.exe
  2⤵
  PID:4600
- C:\Windows\System\FtSZjIu.exe
  C:\Windows\System\FtSZjIu.exe
  2⤵
  PID:4684
- C:\Windows\System\SizbjUk.exe
  C:\Windows\System\SizbjUk.exe
  2⤵
  PID:4248
- C:\Windows\System\nQgTZfL.exe
  C:\Windows\System\nQgTZfL.exe
  2⤵
  PID:4784
- C:\Windows\System\ZTGMhlt.exe
  C:\Windows\System\ZTGMhlt.exe
  2⤵
  PID:4960
- C:\Windows\System\YGBLmvN.exe
  C:\Windows\System\YGBLmvN.exe
  2⤵
  PID:4388
- C:\Windows\System\eYDzmNr.exe
  C:\Windows\System\eYDzmNr.exe
  2⤵
  PID:5036
- C:\Windows\System\zFtVlzx.exe
  C:\Windows\System\zFtVlzx.exe
  2⤵
  PID:5052
- C:\Windows\System\aeDirPt.exe
  C:\Windows\System\aeDirPt.exe
  2⤵
  PID:4740
- C:\Windows\System\hbyiiSa.exe
  C:\Windows\System\hbyiiSa.exe
  2⤵
  PID:4868
- C:\Windows\System\ciwdepq.exe
  C:\Windows\System\ciwdepq.exe
  2⤵
  PID:5008
- C:\Windows\System\jCtTmkm.exe
  C:\Windows\System\jCtTmkm.exe
  2⤵
  PID:1420
- C:\Windows\System\sQdolnc.exe
  C:\Windows\System\sQdolnc.exe
  2⤵
  PID:4804
- C:\Windows\System\TMFAWJv.exe
  C:\Windows\System\TMFAWJv.exe
  2⤵
  PID:4608
- C:\Windows\System\XfXHGuV.exe
  C:\Windows\System\XfXHGuV.exe
  2⤵
  PID:5064
- C:\Windows\System\ONRSdCN.exe
  C:\Windows\System\ONRSdCN.exe
  2⤵
  PID:2288
- C:\Windows\System\zzdRVkd.exe
  C:\Windows\System\zzdRVkd.exe
  2⤵
  PID:4024
- C:\Windows\System\RXUiAnJ.exe
  C:\Windows\System\RXUiAnJ.exe
  2⤵
  PID:1484
- C:\Windows\System\SCTWaBF.exe
  C:\Windows\System\SCTWaBF.exe
  2⤵
  PID:1212
- C:\Windows\System\rQgHvXt.exe
  C:\Windows\System\rQgHvXt.exe
  2⤵
  PID:4124
- C:\Windows\System\jdrRnCH.exe
  C:\Windows\System\jdrRnCH.exe
  2⤵
  PID:4344
- C:\Windows\System\LXAFmoH.exe
  C:\Windows\System\LXAFmoH.exe
  2⤵
  PID:3292
- C:\Windows\System\vqKCJKD.exe
  C:\Windows\System\vqKCJKD.exe
  2⤵
  PID:3628
- C:\Windows\System\yFeidVO.exe
  C:\Windows\System\yFeidVO.exe
  2⤵
  PID:4100
- C:\Windows\System\fNwinAH.exe
  C:\Windows\System\fNwinAH.exe
  2⤵
  PID:4308
- C:\Windows\System\kUIjIoY.exe
  C:\Windows\System\kUIjIoY.exe
  2⤵
  PID:4664
- C:\Windows\System\shcnXPn.exe
  C:\Windows\System\shcnXPn.exe
  2⤵
  PID:4824
- C:\Windows\System\AephJxY.exe
  C:\Windows\System\AephJxY.exe
  2⤵
  PID:4444
- C:\Windows\System\YeCtzVp.exe
  C:\Windows\System\YeCtzVp.exe
  2⤵
  PID:4568
- C:\Windows\System\KNkRsab.exe
  C:\Windows\System\KNkRsab.exe
  2⤵
  PID:5004
- C:\Windows\System\qdoYGbm.exe
  C:\Windows\System\qdoYGbm.exe
  2⤵
  PID:4744
- C:\Windows\System\LKhHWve.exe
  C:\Windows\System\LKhHWve.exe
  2⤵
  PID:5128
- C:\Windows\System\aCudGda.exe
  C:\Windows\System\aCudGda.exe
  2⤵
  PID:5144
- C:\Windows\System\SxpLsIc.exe
  C:\Windows\System\SxpLsIc.exe
  2⤵
  PID:5160
- C:\Windows\System\TFmauPz.exe
  C:\Windows\System\TFmauPz.exe
  2⤵
  PID:5176
- C:\Windows\System\rJszulR.exe
  C:\Windows\System\rJszulR.exe
  2⤵
  PID:5192
- C:\Windows\System\VoYPvEd.exe
  C:\Windows\System\VoYPvEd.exe
  2⤵
  PID:5208
- C:\Windows\System\XhdhUVs.exe
  C:\Windows\System\XhdhUVs.exe
  2⤵
  PID:5224
- C:\Windows\System\ywqdKJD.exe
  C:\Windows\System\ywqdKJD.exe
  2⤵
  PID:5240
- C:\Windows\System\yyoZrCu.exe
  C:\Windows\System\yyoZrCu.exe
  2⤵
  PID:5256
- C:\Windows\System\HtiXbWQ.exe
  C:\Windows\System\HtiXbWQ.exe
  2⤵
  PID:5272
- C:\Windows\System\gxQcPBN.exe
  C:\Windows\System\gxQcPBN.exe
  2⤵
  PID:5288
- C:\Windows\System\UHswHoK.exe
  C:\Windows\System\UHswHoK.exe
  2⤵
  PID:5304
- C:\Windows\System\ELqtLIK.exe
  C:\Windows\System\ELqtLIK.exe
  2⤵
  PID:5320
- C:\Windows\System\OgzMijf.exe
  C:\Windows\System\OgzMijf.exe
  2⤵
  PID:5336
- C:\Windows\System\XdKgmvr.exe
  C:\Windows\System\XdKgmvr.exe
  2⤵
  PID:5352
- C:\Windows\System\lumTJTU.exe
  C:\Windows\System\lumTJTU.exe
  2⤵
  PID:5368
- C:\Windows\System\jEIEaoI.exe
  C:\Windows\System\jEIEaoI.exe
  2⤵
  PID:5384
- C:\Windows\System\HRwVncj.exe
  C:\Windows\System\HRwVncj.exe
  2⤵
  PID:5400
- C:\Windows\System\zZmzkpZ.exe
  C:\Windows\System\zZmzkpZ.exe
  2⤵
  PID:5416
- C:\Windows\System\QNutkyZ.exe
  C:\Windows\System\QNutkyZ.exe
  2⤵
  PID:5432
- C:\Windows\System\ahIuFWV.exe
  C:\Windows\System\ahIuFWV.exe
  2⤵
  PID:5448
- C:\Windows\System\mhouSsi.exe
  C:\Windows\System\mhouSsi.exe
  2⤵
  PID:5464
- C:\Windows\System\dOaHTUE.exe
  C:\Windows\System\dOaHTUE.exe
  2⤵
  PID:5480
- C:\Windows\System\xEIkByW.exe
  C:\Windows\System\xEIkByW.exe
  2⤵
  PID:5496
- C:\Windows\System\ebztWWF.exe
  C:\Windows\System\ebztWWF.exe
  2⤵
  PID:5512
- C:\Windows\System\fLlkggY.exe
  C:\Windows\System\fLlkggY.exe
  2⤵
  PID:5528
- C:\Windows\System\TMzlPpQ.exe
  C:\Windows\System\TMzlPpQ.exe
  2⤵
  PID:5544
- C:\Windows\System\rWCrTDS.exe
  C:\Windows\System\rWCrTDS.exe
  2⤵
  PID:5560
- C:\Windows\System\tCRetdj.exe
  C:\Windows\System\tCRetdj.exe
  2⤵
  PID:5576
- C:\Windows\System\CWlLKmB.exe
  C:\Windows\System\CWlLKmB.exe
  2⤵
  PID:5592
- C:\Windows\System\fUEYOEd.exe
  C:\Windows\System\fUEYOEd.exe
  2⤵
  PID:5608
- C:\Windows\System\qQrqVeN.exe
  C:\Windows\System\qQrqVeN.exe
  2⤵
  PID:5624
- C:\Windows\System\QTJRqEO.exe
  C:\Windows\System\QTJRqEO.exe
  2⤵
  PID:5640
- C:\Windows\System\EMCuFYS.exe
  C:\Windows\System\EMCuFYS.exe
  2⤵
  PID:5656
- C:\Windows\System\NUVMRBv.exe
  C:\Windows\System\NUVMRBv.exe
  2⤵
  PID:5672
- C:\Windows\System\XFDBNFx.exe
  C:\Windows\System\XFDBNFx.exe
  2⤵
  PID:5688
- C:\Windows\System\ngRiUXa.exe
  C:\Windows\System\ngRiUXa.exe
  2⤵
  PID:5704
- C:\Windows\System\ePPhCGf.exe
  C:\Windows\System\ePPhCGf.exe
  2⤵
  PID:5720
- C:\Windows\System\mCmdUzq.exe
  C:\Windows\System\mCmdUzq.exe
  2⤵
  PID:5736
- C:\Windows\System\DLTAjoy.exe
  C:\Windows\System\DLTAjoy.exe
  2⤵
  PID:5752
- C:\Windows\System\xcCFGhS.exe
  C:\Windows\System\xcCFGhS.exe
  2⤵
  PID:5768
- C:\Windows\System\JNjbkJF.exe
  C:\Windows\System\JNjbkJF.exe
  2⤵
  PID:5784
- C:\Windows\System\JrUdNBe.exe
  C:\Windows\System\JrUdNBe.exe
  2⤵
  PID:5800
- C:\Windows\System\ZFdpuPQ.exe
  C:\Windows\System\ZFdpuPQ.exe
  2⤵
  PID:5816
- C:\Windows\System\FZcthrL.exe
  C:\Windows\System\FZcthrL.exe
  2⤵
  PID:5832
- C:\Windows\System\TvmXeoi.exe
  C:\Windows\System\TvmXeoi.exe
  2⤵
  PID:5848
- C:\Windows\System\igJPkiG.exe
  C:\Windows\System\igJPkiG.exe
  2⤵
  PID:5864
- C:\Windows\System\Rvlpmwv.exe
  C:\Windows\System\Rvlpmwv.exe
  2⤵
  PID:5880
- C:\Windows\System\AvdpYws.exe
  C:\Windows\System\AvdpYws.exe
  2⤵
  PID:5896
- C:\Windows\System\LnUpxsP.exe
  C:\Windows\System\LnUpxsP.exe
  2⤵
  PID:5912
- C:\Windows\System\iXddiKA.exe
  C:\Windows\System\iXddiKA.exe
  2⤵
  PID:5928
- C:\Windows\System\jrZvhnE.exe
  C:\Windows\System\jrZvhnE.exe
  2⤵
  PID:5944
- C:\Windows\System\LuFmiHt.exe
  C:\Windows\System\LuFmiHt.exe
  2⤵
  PID:5960
- C:\Windows\System\XfhYzJS.exe
  C:\Windows\System\XfhYzJS.exe
  2⤵
  PID:5976
- C:\Windows\System\CegqbTe.exe
  C:\Windows\System\CegqbTe.exe
  2⤵
  PID:5992
- C:\Windows\System\WnNldON.exe
  C:\Windows\System\WnNldON.exe
  2⤵
  PID:6008
- C:\Windows\System\YgkeiVN.exe
  C:\Windows\System\YgkeiVN.exe
  2⤵
  PID:6024
- C:\Windows\System\almFsSR.exe
  C:\Windows\System\almFsSR.exe
  2⤵
  PID:6040
- C:\Windows\System\hhQQBeH.exe
  C:\Windows\System\hhQQBeH.exe
  2⤵
  PID:6056
- C:\Windows\System\pnoveHk.exe
  C:\Windows\System\pnoveHk.exe
  2⤵
  PID:6072
- C:\Windows\System\ZlUPrXO.exe
  C:\Windows\System\ZlUPrXO.exe
  2⤵
  PID:6088
- C:\Windows\System\RWnKeSj.exe
  C:\Windows\System\RWnKeSj.exe
  2⤵
  PID:6104
- C:\Windows\System\TVQwlGa.exe
  C:\Windows\System\TVQwlGa.exe
  2⤵
  PID:6120
- C:\Windows\System\bnjQJmt.exe
  C:\Windows\System\bnjQJmt.exe
  2⤵
  PID:6136
- C:\Windows\System\PqpklJO.exe
  C:\Windows\System\PqpklJO.exe
  2⤵
  PID:4984
- C:\Windows\System\ElQepkh.exe
  C:\Windows\System\ElQepkh.exe
  2⤵
  PID:5072
- C:\Windows\System\MihANqb.exe
  C:\Windows\System\MihANqb.exe
  2⤵
  PID:2412
- C:\Windows\System\WaAPQvb.exe
  C:\Windows\System\WaAPQvb.exe
  2⤵
  PID:4264
- C:\Windows\System\YGAeLyx.exe
  C:\Windows\System\YGAeLyx.exe
  2⤵
  PID:4544
- C:\Windows\System\qToqtaT.exe
  C:\Windows\System\qToqtaT.exe
  2⤵
  PID:4768
- C:\Windows\System\VqRvlrt.exe
  C:\Windows\System\VqRvlrt.exe
  2⤵
  PID:4360
- C:\Windows\System\WgWAqns.exe
  C:\Windows\System\WgWAqns.exe
  2⤵
  PID:4928
- C:\Windows\System\WCTrDOA.exe
  C:\Windows\System\WCTrDOA.exe
  2⤵
  PID:4480
- C:\Windows\System\fIKdihx.exe
  C:\Windows\System\fIKdihx.exe
  2⤵
  PID:4704
- C:\Windows\System\xUZfgTA.exe
  C:\Windows\System\xUZfgTA.exe
  2⤵
  PID:5152
- C:\Windows\System\CqEdakQ.exe
  C:\Windows\System\CqEdakQ.exe
  2⤵
  PID:5200
- C:\Windows\System\VwruzKe.exe
  C:\Windows\System\VwruzKe.exe
  2⤵
  PID:5232
- C:\Windows\System\jMSNKOL.exe
  C:\Windows\System\jMSNKOL.exe
  2⤵
  PID:5264
- C:\Windows\System\aqzZFnQ.exe
  C:\Windows\System\aqzZFnQ.exe
  2⤵
  PID:5296
- C:\Windows\System\eBPNRMO.exe
  C:\Windows\System\eBPNRMO.exe
  2⤵
  PID:5328
- C:\Windows\System\YMyGCdm.exe
  C:\Windows\System\YMyGCdm.exe
  2⤵
  PID:5344
- C:\Windows\System\OqYMfjx.exe
  C:\Windows\System\OqYMfjx.exe
  2⤵
  PID:5376
- C:\Windows\System\tRXDBlC.exe
  C:\Windows\System\tRXDBlC.exe
  2⤵
  PID:5408
- C:\Windows\System\oEeggHP.exe
  C:\Windows\System\oEeggHP.exe
  2⤵
  PID:5440
- C:\Windows\System\vWWjvea.exe
  C:\Windows\System\vWWjvea.exe
  2⤵
  PID:5472
- C:\Windows\System\vjtpvCB.exe
  C:\Windows\System\vjtpvCB.exe
  2⤵
  PID:5504
- C:\Windows\System\aGWgeEt.exe
  C:\Windows\System\aGWgeEt.exe
  2⤵
  PID:5536
- C:\Windows\System\rObRVHi.exe
  C:\Windows\System\rObRVHi.exe
  2⤵
  PID:5568
- C:\Windows\System\yLaffwd.exe
  C:\Windows\System\yLaffwd.exe
  2⤵
  PID:5600
- C:\Windows\System\fDmnTGD.exe
  C:\Windows\System\fDmnTGD.exe
  2⤵
  PID:5632
- C:\Windows\System\toVhWyG.exe
  C:\Windows\System\toVhWyG.exe
  2⤵
  PID:5664
- C:\Windows\System\OgmDYIE.exe
  C:\Windows\System\OgmDYIE.exe
  2⤵
  PID:5696
- C:\Windows\System\SDSgAiA.exe
  C:\Windows\System\SDSgAiA.exe
  2⤵
  PID:5728
- C:\Windows\System\pzbtZZl.exe
  C:\Windows\System\pzbtZZl.exe
  2⤵
  PID:5760
- C:\Windows\System\HqtWIHv.exe
  C:\Windows\System\HqtWIHv.exe
  2⤵
  PID:5792
- C:\Windows\System\vSMLxkn.exe
  C:\Windows\System\vSMLxkn.exe
  2⤵
  PID:5824
- C:\Windows\System\tSLCCju.exe
  C:\Windows\System\tSLCCju.exe
  2⤵
  PID:5856
- C:\Windows\System\iCORoZY.exe
  C:\Windows\System\iCORoZY.exe
  2⤵
  PID:5876
- C:\Windows\System\uyOKNhX.exe
  C:\Windows\System\uyOKNhX.exe
  2⤵
  PID:5908
- C:\Windows\System\horlYVz.exe
  C:\Windows\System\horlYVz.exe
  2⤵
  PID:5940
- C:\Windows\System\SdNxwxS.exe
  C:\Windows\System\SdNxwxS.exe
  2⤵
  PID:5972
- C:\Windows\System\fiqcpPI.exe
  C:\Windows\System\fiqcpPI.exe
  2⤵
  PID:6004
- C:\Windows\System\uLjXDWP.exe
  C:\Windows\System\uLjXDWP.exe
  2⤵
  PID:6036
- C:\Windows\System\JZsVTog.exe
  C:\Windows\System\JZsVTog.exe
  2⤵
  PID:6096
- C:\Windows\System\nlFRGzu.exe
  C:\Windows\System\nlFRGzu.exe
  2⤵
  PID:6052
- C:\Windows\System\SErmJho.exe
  C:\Windows\System\SErmJho.exe
  2⤵
  PID:6116
- C:\Windows\System\FVrsLHZ.exe
  C:\Windows\System\FVrsLHZ.exe
  2⤵
  PID:3780
- C:\Windows\System\MUqrrMX.exe
  C:\Windows\System\MUqrrMX.exe
  2⤵
  PID:4224
- C:\Windows\System\ljHZhEX.exe
  C:\Windows\System\ljHZhEX.exe
  2⤵
  PID:4380
- C:\Windows\System\PQxBSlF.exe
  C:\Windows\System\PQxBSlF.exe
  2⤵
  PID:4780
- C:\Windows\System\XIMHDmG.exe
  C:\Windows\System\XIMHDmG.exe
  2⤵
  PID:4864
- C:\Windows\System\OpgaMlw.exe
  C:\Windows\System\OpgaMlw.exe
  2⤵
  PID:5184
- C:\Windows\System\hOpTldq.exe
  C:\Windows\System\hOpTldq.exe
  2⤵
  PID:5248
- C:\Windows\System\FDmTWJL.exe
  C:\Windows\System\FDmTWJL.exe
  2⤵
  PID:5312
- C:\Windows\System\HcrjrAT.exe
  C:\Windows\System\HcrjrAT.exe
  2⤵
  PID:5364
- C:\Windows\System\zMfVxkB.exe
  C:\Windows\System\zMfVxkB.exe
  2⤵
  PID:5428
- C:\Windows\System\VvebKQT.exe
  C:\Windows\System\VvebKQT.exe
  2⤵
  PID:5492
- C:\Windows\System\QQgumTE.exe
  C:\Windows\System\QQgumTE.exe
  2⤵
  PID:5556
- C:\Windows\System\IqPDEbs.exe
  C:\Windows\System\IqPDEbs.exe
  2⤵
  PID:5620
- C:\Windows\System\jqKDQyo.exe
  C:\Windows\System\jqKDQyo.exe
  2⤵
  PID:5684
- C:\Windows\System\ndZuCNX.exe
  C:\Windows\System\ndZuCNX.exe
  2⤵
  PID:5748
- C:\Windows\System\jpbZJtB.exe
  C:\Windows\System\jpbZJtB.exe
  2⤵
  PID:5780
- C:\Windows\System\fcSPRjJ.exe
  C:\Windows\System\fcSPRjJ.exe
  2⤵
  PID:5860
- C:\Windows\System\SBoTlZP.exe
  C:\Windows\System\SBoTlZP.exe
  2⤵
  PID:5924
- C:\Windows\System\QfzXWeK.exe
  C:\Windows\System\QfzXWeK.exe
  2⤵
  PID:5988
- C:\Windows\System\DIBphnl.exe
  C:\Windows\System\DIBphnl.exe
  2⤵
  PID:6068
- C:\Windows\System\XomUTcW.exe
  C:\Windows\System\XomUTcW.exe
  2⤵
  PID:6112
- C:\Windows\System\bEyQHUX.exe
  C:\Windows\System\bEyQHUX.exe
  2⤵
  PID:3928
- C:\Windows\System\EXGlBwJ.exe
  C:\Windows\System\EXGlBwJ.exe
  2⤵
  PID:2344
- C:\Windows\System\GFWcdka.exe
  C:\Windows\System\GFWcdka.exe
  2⤵
  PID:5140
- C:\Windows\System\fpjPopR.exe
  C:\Windows\System\fpjPopR.exe
  2⤵
  PID:5300
- C:\Windows\System\cjixPeI.exe
  C:\Windows\System\cjixPeI.exe
  2⤵
  PID:5396
- C:\Windows\System\wfcTNVW.exe
  C:\Windows\System\wfcTNVW.exe
  2⤵
  PID:5524
- C:\Windows\System\pohxKvg.exe
  C:\Windows\System\pohxKvg.exe
  2⤵
  PID:5680
- C:\Windows\System\nKyqPTs.exe
  C:\Windows\System\nKyqPTs.exe
  2⤵
  PID:6156
- C:\Windows\System\OnUWFoo.exe
  C:\Windows\System\OnUWFoo.exe
  2⤵
  PID:6172
- C:\Windows\System\OJKIKqG.exe
  C:\Windows\System\OJKIKqG.exe
  2⤵
  PID:6188
- C:\Windows\System\mLaxNSE.exe
  C:\Windows\System\mLaxNSE.exe
  2⤵
  PID:6236
- C:\Windows\System\CKjhLtQ.exe
  C:\Windows\System\CKjhLtQ.exe
  2⤵
  PID:6260
- C:\Windows\System\mNpbFNI.exe
  C:\Windows\System\mNpbFNI.exe
  2⤵
  PID:6280
- C:\Windows\System\dwQIjud.exe
  C:\Windows\System\dwQIjud.exe
  2⤵
  PID:6296
- C:\Windows\System\VaRQpVb.exe
  C:\Windows\System\VaRQpVb.exe
  2⤵
  PID:6312
- C:\Windows\System\mUjzESf.exe
  C:\Windows\System\mUjzESf.exe
  2⤵
  PID:6328
- C:\Windows\System\NStydaT.exe
  C:\Windows\System\NStydaT.exe
  2⤵
  PID:6348
- C:\Windows\System\ObeDMPB.exe
  C:\Windows\System\ObeDMPB.exe
  2⤵
  PID:6364
- C:\Windows\System\osIckcc.exe
  C:\Windows\System\osIckcc.exe
  2⤵
  PID:6380
- C:\Windows\System\RgCnFOD.exe
  C:\Windows\System\RgCnFOD.exe
  2⤵
  PID:6396
- C:\Windows\System\DriwQai.exe
  C:\Windows\System\DriwQai.exe
  2⤵
  PID:6412
- C:\Windows\System\GcTwhdU.exe
  C:\Windows\System\GcTwhdU.exe
  2⤵
  PID:6432
- C:\Windows\System\YXmCUYn.exe
  C:\Windows\System\YXmCUYn.exe
  2⤵
  PID:6448
- C:\Windows\System\VetDSVP.exe
  C:\Windows\System\VetDSVP.exe
  2⤵
  PID:6464
- C:\Windows\System\dOoRbdP.exe
  C:\Windows\System\dOoRbdP.exe
  2⤵
  PID:6480
- C:\Windows\System\vVQYKfx.exe
  C:\Windows\System\vVQYKfx.exe
  2⤵
  PID:6500
- C:\Windows\System\BHXYSST.exe
  C:\Windows\System\BHXYSST.exe
  2⤵
  PID:6532
- C:\Windows\System\XeawPoo.exe
  C:\Windows\System\XeawPoo.exe
  2⤵
  PID:6568
- C:\Windows\System\gedolMb.exe
  C:\Windows\System\gedolMb.exe
  2⤵
  PID:6592
- C:\Windows\System\ofzabhH.exe
  C:\Windows\System\ofzabhH.exe
  2⤵
  PID:6620
- C:\Windows\System\ZqKbSgJ.exe
  C:\Windows\System\ZqKbSgJ.exe
  2⤵
  PID:6652
- C:\Windows\System\jwxMPMf.exe
  C:\Windows\System\jwxMPMf.exe
  2⤵
  PID:6692
- C:\Windows\System\AxzOIed.exe
  C:\Windows\System\AxzOIed.exe
  2⤵
  PID:6756
- C:\Windows\System\ObsaIpd.exe
  C:\Windows\System\ObsaIpd.exe
  2⤵
  PID:6832
- C:\Windows\System\boVOAwX.exe
  C:\Windows\System\boVOAwX.exe
  2⤵
  PID:6896
- C:\Windows\System\weULnKM.exe
  C:\Windows\System\weULnKM.exe
  2⤵
  PID:6936
- C:\Windows\System\rzCyTLb.exe
  C:\Windows\System\rzCyTLb.exe
  2⤵
  PID:6968
- C:\Windows\System\XCBOEFp.exe
  C:\Windows\System\XCBOEFp.exe
  2⤵
  PID:7036
- C:\Windows\System\WGSfnRl.exe
  C:\Windows\System\WGSfnRl.exe
  2⤵
  PID:7056
- C:\Windows\System\IwfLjnj.exe
  C:\Windows\System\IwfLjnj.exe
  2⤵
  PID:7076
- C:\Windows\System\IVSAKwX.exe
  C:\Windows\System\IVSAKwX.exe
  2⤵
  PID:7092
- C:\Windows\System\adigkhq.exe
  C:\Windows\System\adigkhq.exe
  2⤵
  PID:6472
- C:\Windows\System\OXLGXvX.exe
  C:\Windows\System\OXLGXvX.exe
  2⤵
  PID:6576
- C:\Windows\System\bScKMWM.exe
  C:\Windows\System\bScKMWM.exe
  2⤵
  PID:6628
- C:\Windows\System\dnCtRzg.exe
  C:\Windows\System\dnCtRzg.exe
  2⤵
  PID:6712
- C:\Windows\System\JSGJZPs.exe
  C:\Windows\System\JSGJZPs.exe
  2⤵
  PID:6252
- C:\Windows\System\TDWuQmS.exe
  C:\Windows\System\TDWuQmS.exe
  2⤵
  PID:6744
- C:\Windows\System\HseUXTM.exe
  C:\Windows\System\HseUXTM.exe
  2⤵
  PID:6860
- C:\Windows\System\BxpjwjN.exe
  C:\Windows\System\BxpjwjN.exe
  2⤵
  PID:6880
- C:\Windows\System\EjkEsad.exe
  C:\Windows\System\EjkEsad.exe
  2⤵
  PID:6952
- C:\Windows\System\zrjODdl.exe
  C:\Windows\System\zrjODdl.exe
  2⤵
  PID:6960
- C:\Windows\System\kcLwKrV.exe
  C:\Windows\System\kcLwKrV.exe
  2⤵
  PID:6552
- C:\Windows\System\VOgYZaz.exe
  C:\Windows\System\VOgYZaz.exe
  2⤵
  PID:6608
- C:\Windows\System\aVLteYW.exe
  C:\Windows\System\aVLteYW.exe
  2⤵
  PID:6664
- C:\Windows\System\OPBgsie.exe
  C:\Windows\System\OPBgsie.exe
  2⤵
  PID:6684
- C:\Windows\System\oWXCmuW.exe
  C:\Windows\System\oWXCmuW.exe
  2⤵
  PID:6784
- C:\Windows\System\HgIRZFC.exe
  C:\Windows\System\HgIRZFC.exe
  2⤵
  PID:6808
- C:\Windows\System\OjDwhBV.exe
  C:\Windows\System\OjDwhBV.exe
  2⤵
  PID:6828
- C:\Windows\System\GiIPjyC.exe
  C:\Windows\System\GiIPjyC.exe
  2⤵
  PID:6916
- C:\Windows\System\pRxiPFv.exe
  C:\Windows\System\pRxiPFv.exe
  2⤵
  PID:6980
- C:\Windows\System\RzLtwVo.exe
  C:\Windows\System\RzLtwVo.exe
  2⤵
  PID:7000
- C:\Windows\System\ayxgKMP.exe
  C:\Windows\System\ayxgKMP.exe
  2⤵
  PID:7024
- C:\Windows\System\xBNMhQH.exe
  C:\Windows\System\xBNMhQH.exe
  2⤵
  PID:7104
- C:\Windows\System\appKSMI.exe
  C:\Windows\System\appKSMI.exe
  2⤵
  PID:7128
- C:\Windows\System\ZWMjnTx.exe
  C:\Windows\System\ZWMjnTx.exe
  2⤵
  PID:7156
- C:\Windows\System\aLtBVGt.exe
  C:\Windows\System\aLtBVGt.exe
  2⤵
  PID:7164
- C:\Windows\System\dRfDCCI.exe
  C:\Windows\System\dRfDCCI.exe
  2⤵
  PID:5828
- C:\Windows\System\vyCeSMr.exe
  C:\Windows\System\vyCeSMr.exe
  2⤵
  PID:5060
- C:\Windows\System\FFMcbTn.exe
  C:\Windows\System\FFMcbTn.exe
  2⤵
  PID:5412
- C:\Windows\System\mHUIUCV.exe
  C:\Windows\System\mHUIUCV.exe
  2⤵
  PID:6164
- C:\Windows\System\nMxjFgd.exe
  C:\Windows\System\nMxjFgd.exe
  2⤵
  PID:6000
- C:\Windows\System\mvqiRNc.exe
  C:\Windows\System\mvqiRNc.exe
  2⤵
  PID:2332
- C:\Windows\System\ffDbjKM.exe
  C:\Windows\System\ffDbjKM.exe
  2⤵
  PID:6148
- C:\Windows\System\YtoMzvo.exe
  C:\Windows\System\YtoMzvo.exe
  2⤵
  PID:6152
- C:\Windows\System\reSdFAt.exe
  C:\Windows\System\reSdFAt.exe
  2⤵
  PID:6268
- C:\Windows\System\fGenxQa.exe
  C:\Windows\System\fGenxQa.exe
  2⤵
  PID:6524
- C:\Windows\System\tgZKFlm.exe
  C:\Windows\System\tgZKFlm.exe
  2⤵
  PID:6636
- C:\Windows\System\ktpUcAd.exe
  C:\Windows\System\ktpUcAd.exe
  2⤵
  PID:6708
- C:\Windows\System\EKnfiED.exe
  C:\Windows\System\EKnfiED.exe
  2⤵
  PID:6336
- C:\Windows\System\eiALsOg.exe
  C:\Windows\System\eiALsOg.exe
  2⤵
  PID:1716
- C:\Windows\System\zhdpzbc.exe
  C:\Windows\System\zhdpzbc.exe
  2⤵
  PID:6292
- C:\Windows\System\JfvsZoC.exe
  C:\Windows\System\JfvsZoC.exe
  2⤵
  PID:6408
- C:\Windows\System\pCXpiXQ.exe
  C:\Windows\System\pCXpiXQ.exe
  2⤵
  PID:6584
- C:\Windows\System\VsXFUDz.exe
  C:\Windows\System\VsXFUDz.exe
  2⤵
  PID:6948
- C:\Windows\System\cnhmsbs.exe
  C:\Windows\System\cnhmsbs.exe
  2⤵
  PID:6728
- C:\Windows\System\EWrTDRF.exe
  C:\Windows\System\EWrTDRF.exe
  2⤵
  PID:6840
- C:\Windows\System\iBqDnbB.exe
  C:\Windows\System\iBqDnbB.exe
  2⤵
  PID:6672
- C:\Windows\System\eNIeydO.exe
  C:\Windows\System\eNIeydO.exe
  2⤵
  PID:2108
- C:\Windows\System\IsHEbPT.exe
  C:\Windows\System\IsHEbPT.exe
  2⤵
  PID:6904
- C:\Windows\System\tdKAEtV.exe
  C:\Windows\System\tdKAEtV.exe
  2⤵
  PID:2904
- C:\Windows\System\Owgybpx.exe
  C:\Windows\System\Owgybpx.exe
  2⤵
  PID:6992
- C:\Windows\System\aucWyxa.exe
  C:\Windows\System\aucWyxa.exe
  2⤵
  PID:7088
- C:\Windows\System\BQkHnJR.exe
  C:\Windows\System\BQkHnJR.exe
  2⤵
  PID:6324
- C:\Windows\System\tMTCXpr.exe
  C:\Windows\System\tMTCXpr.exe
  2⤵
  PID:6360
- C:\Windows\System\GMjzqjg.exe
  C:\Windows\System\GMjzqjg.exe
  2⤵
  PID:6424
- C:\Windows\System\NKZYePM.exe
  C:\Windows\System\NKZYePM.exe
  2⤵
  PID:6496
- C:\Windows\System\KXTtyVz.exe
  C:\Windows\System\KXTtyVz.exe
  2⤵
  PID:6612
- C:\Windows\System\cqtRYYc.exe
  C:\Windows\System\cqtRYYc.exe
  2⤵
  PID:6772
- C:\Windows\System\iGNEheY.exe
  C:\Windows\System\iGNEheY.exe
  2⤵
  PID:7100
- C:\Windows\System\ShAMErM.exe
  C:\Windows\System\ShAMErM.exe
  2⤵
  PID:6816
- C:\Windows\System\ffKEziN.exe
  C:\Windows\System\ffKEziN.exe
  2⤵
  PID:5872
- C:\Windows\System\nrNwhXY.exe
  C:\Windows\System\nrNwhXY.exe
  2⤵
  PID:2728
- C:\Windows\System\hpwYceW.exe
  C:\Windows\System\hpwYceW.exe
  2⤵
  PID:6168
- C:\Windows\System\FlLHQfM.exe
  C:\Windows\System\FlLHQfM.exe
  2⤵
  PID:7020
- C:\Windows\System\bGzjjUM.exe
  C:\Windows\System\bGzjjUM.exe
  2⤵
  PID:7160
- C:\Windows\System\GWkedvh.exe
  C:\Windows\System\GWkedvh.exe
  2⤵
  PID:5216
- C:\Windows\System\tbjTNzh.exe
  C:\Windows\System\tbjTNzh.exe
  2⤵
  PID:1528
- C:\Windows\System\tFKTzAP.exe
  C:\Windows\System\tFKTzAP.exe
  2⤵
  PID:5332
- C:\Windows\System\JOGZvgD.exe
  C:\Windows\System\JOGZvgD.exe
  2⤵
  PID:2160
- C:\Windows\System\ehEDCVL.exe
  C:\Windows\System\ehEDCVL.exe
  2⤵
  PID:6272
- C:\Windows\System\oUtyorQ.exe
  C:\Windows\System\oUtyorQ.exe
  2⤵
  PID:6276
- C:\Windows\System\eYounLr.exe
  C:\Windows\System\eYounLr.exe
  2⤵
  PID:6648
- C:\Windows\System\YbMmAAO.exe
  C:\Windows\System\YbMmAAO.exe
  2⤵
  PID:6588
- C:\Windows\System\HugoPoa.exe
  C:\Windows\System\HugoPoa.exe
  2⤵
  PID:6724
- C:\Windows\System\OLEKBzN.exe
  C:\Windows\System\OLEKBzN.exe
  2⤵
  PID:6404
- C:\Windows\System\qJckAyn.exe
  C:\Windows\System\qJckAyn.exe
  2⤵
  PID:6872
- C:\Windows\System\lHJcqyT.exe
  C:\Windows\System\lHJcqyT.exe
  2⤵
  PID:6796
- C:\Windows\System\lfsxHGr.exe
  C:\Windows\System\lfsxHGr.exe
  2⤵
  PID:2752
- C:\Windows\System\QQbUkYE.exe
  C:\Windows\System\QQbUkYE.exe
  2⤵
  PID:6888
- C:\Windows\System\PRpWVOr.exe
  C:\Windows\System\PRpWVOr.exe
  2⤵
  PID:2296
- C:\Windows\System\tDLlhBY.exe
  C:\Windows\System\tDLlhBY.exe
  2⤵
  PID:6420
- C:\Windows\System\SwSGvmm.exe
  C:\Windows\System\SwSGvmm.exe
  2⤵
  PID:1772
- C:\Windows\System\BSAZeyF.exe
  C:\Windows\System\BSAZeyF.exe
  2⤵
  PID:3308
- C:\Windows\System\MMmgsap.exe
  C:\Windows\System\MMmgsap.exe
  2⤵
  PID:6428
- C:\Windows\System\DFeMNwK.exe
  C:\Windows\System\DFeMNwK.exe
  2⤵
  PID:5168
- C:\Windows\System\PlcieQa.exe
  C:\Windows\System\PlcieQa.exe
  2⤵
  PID:6764
- C:\Windows\System\cbXyNVJ.exe
  C:\Windows\System\cbXyNVJ.exe
  2⤵
  PID:1252
- C:\Windows\System\gVzEyuU.exe
  C:\Windows\System\gVzEyuU.exe
  2⤵
  PID:7140
- C:\Windows\System\jvnuapL.exe
  C:\Windows\System\jvnuapL.exe
  2⤵
  PID:7124
- C:\Windows\System\QVJzjNv.exe
  C:\Windows\System\QVJzjNv.exe
  2⤵
  PID:2964
- C:\Windows\System\YhBXHjw.exe
  C:\Windows\System\YhBXHjw.exe
  2⤵
  PID:2980
- C:\Windows\System\IpfEqHR.exe
  C:\Windows\System\IpfEqHR.exe
  2⤵
  PID:2888
- C:\Windows\System\MyVRHak.exe
  C:\Windows\System\MyVRHak.exe
  2⤵
  PID:6308
- C:\Windows\System\EJreDhq.exe
  C:\Windows\System\EJreDhq.exe
  2⤵
  PID:6444
- C:\Windows\System\zNFNLyB.exe
  C:\Windows\System\zNFNLyB.exe
  2⤵
  PID:6376
- C:\Windows\System\tgSvEhi.exe
  C:\Windows\System\tgSvEhi.exe
  2⤵
  PID:2844
- C:\Windows\System\oigkcUE.exe
  C:\Windows\System\oigkcUE.exe
  2⤵
  PID:6876
- C:\Windows\System\uTHsDbV.exe
  C:\Windows\System\uTHsDbV.exe
  2⤵
  PID:2272
- C:\Windows\System\LJdryKP.exe
  C:\Windows\System\LJdryKP.exe
  2⤵
  PID:7052
- C:\Windows\System\unwTmfB.exe
  C:\Windows\System\unwTmfB.exe
  2⤵
  PID:7048
- C:\Windows\System\WXVOmra.exe
  C:\Windows\System\WXVOmra.exe
  2⤵
  PID:7072
- C:\Windows\System\RKZUdNu.exe
  C:\Windows\System\RKZUdNu.exe
  2⤵
  PID:7084
- C:\Windows\System\bYiJOXq.exe
  C:\Windows\System\bYiJOXq.exe
  2⤵
  PID:2064
- C:\Windows\System\IpsYUha.exe
  C:\Windows\System\IpsYUha.exe
  2⤵
  PID:2328
- C:\Windows\System\zXisnJk.exe
  C:\Windows\System\zXisnJk.exe
  2⤵
  PID:7148
- C:\Windows\System\gSqgJCk.exe
  C:\Windows\System\gSqgJCk.exe
  2⤵
  PID:2772
- C:\Windows\System\cxKQkIa.exe
  C:\Windows\System\cxKQkIa.exe
  2⤵
  PID:7116
- C:\Windows\System\xflPlcm.exe
  C:\Windows\System\xflPlcm.exe
  2⤵
  PID:6732
- C:\Windows\System\cmENWnv.exe
  C:\Windows\System\cmENWnv.exe
  2⤵
  PID:6804
- C:\Windows\System\xUAzvYH.exe
  C:\Windows\System\xUAzvYH.exe
  2⤵
  PID:6748
- C:\Windows\System\gBDPgNX.exe
  C:\Windows\System\gBDPgNX.exe
  2⤵
  PID:6912
- C:\Windows\System\OdTvjvP.exe
  C:\Windows\System\OdTvjvP.exe
  2⤵
  PID:2612
- C:\Windows\System\IMMumde.exe
  C:\Windows\System\IMMumde.exe
  2⤵
  PID:3376
- C:\Windows\System\zvLrprs.exe
  C:\Windows\System\zvLrprs.exe
  2⤵
  PID:7016
- C:\Windows\System\egEkMFB.exe
  C:\Windows\System\egEkMFB.exe
  2⤵
  PID:1192
- C:\Windows\System\FwsghPz.exe
  C:\Windows\System\FwsghPz.exe
  2⤵
  PID:6780
- C:\Windows\System\MKryydf.exe
  C:\Windows\System\MKryydf.exe
  2⤵
  PID:2192
- C:\Windows\System\xNzWLAB.exe
  C:\Windows\System\xNzWLAB.exe
  2⤵
  PID:2632
- C:\Windows\System\vrmTVDg.exe
  C:\Windows\System\vrmTVDg.exe
  2⤵
  PID:6716
- C:\Windows\System\WIBpWQq.exe
  C:\Windows\System\WIBpWQq.exe
  2⤵
  PID:2960
- C:\Windows\System\BHRuiQw.exe
  C:\Windows\System\BHRuiQw.exe
  2⤵
  PID:3344
- C:\Windows\System\KHxcTey.exe
  C:\Windows\System\KHxcTey.exe
  2⤵
  PID:7184
- C:\Windows\System\scLOiFX.exe
  C:\Windows\System\scLOiFX.exe
  2⤵
  PID:7200
- C:\Windows\System\kxaDAMv.exe
  C:\Windows\System\kxaDAMv.exe
  2⤵
  PID:7216
- C:\Windows\System\hisDLRc.exe
  C:\Windows\System\hisDLRc.exe
  2⤵
  PID:7232
- C:\Windows\System\BYMrWoG.exe
  C:\Windows\System\BYMrWoG.exe
  2⤵
  PID:7248
- C:\Windows\System\UBAxfIL.exe
  C:\Windows\System\UBAxfIL.exe
  2⤵
  PID:7268
- C:\Windows\System\lmvVRYa.exe
  C:\Windows\System\lmvVRYa.exe
  2⤵
  PID:7288
- C:\Windows\System\vWERnYK.exe
  C:\Windows\System\vWERnYK.exe
  2⤵
  PID:7304
- C:\Windows\System\KSkTUKY.exe
  C:\Windows\System\KSkTUKY.exe
  2⤵
  PID:7324
- C:\Windows\System\yKaZkxU.exe
  C:\Windows\System\yKaZkxU.exe
  2⤵
  PID:7340
- C:\Windows\System\rdGbNXd.exe
  C:\Windows\System\rdGbNXd.exe
  2⤵
  PID:7356
- C:\Windows\System\kyNKSXr.exe
  C:\Windows\System\kyNKSXr.exe
  2⤵
  PID:7372
- C:\Windows\System\fcKCYQj.exe
  C:\Windows\System\fcKCYQj.exe
  2⤵
  PID:7388
- C:\Windows\System\RrdyAJF.exe
  C:\Windows\System\RrdyAJF.exe
  2⤵
  PID:7404
- C:\Windows\System\gsWtcxA.exe
  C:\Windows\System\gsWtcxA.exe
  2⤵
  PID:7420
- C:\Windows\System\IAkkOCG.exe
  C:\Windows\System\IAkkOCG.exe
  2⤵
  PID:7436
- C:\Windows\System\aYCDMSE.exe
  C:\Windows\System\aYCDMSE.exe
  2⤵
  PID:7452
- C:\Windows\System\VrpLHHy.exe
  C:\Windows\System\VrpLHHy.exe
  2⤵
  PID:7468
- C:\Windows\System\ZpYnsBY.exe
  C:\Windows\System\ZpYnsBY.exe
  2⤵
  PID:7492
- C:\Windows\System\xBmpcdx.exe
  C:\Windows\System\xBmpcdx.exe
  2⤵
  PID:7508
- C:\Windows\System\jNgBpaK.exe
  C:\Windows\System\jNgBpaK.exe
  2⤵
  PID:7524
- C:\Windows\System\bHPEvjV.exe
  C:\Windows\System\bHPEvjV.exe
  2⤵
  PID:7540
- C:\Windows\System\AdcfIhB.exe
  C:\Windows\System\AdcfIhB.exe
  2⤵
  PID:7556
- C:\Windows\System\LkVNrBR.exe
  C:\Windows\System\LkVNrBR.exe
  2⤵
  PID:7572
- C:\Windows\System\PjUvfaH.exe
  C:\Windows\System\PjUvfaH.exe
  2⤵
  PID:7592
- C:\Windows\System\WekUdfx.exe
  C:\Windows\System\WekUdfx.exe
  2⤵
  PID:7612
- C:\Windows\System\oSBBAgm.exe
  C:\Windows\System\oSBBAgm.exe
  2⤵
  PID:7632
- C:\Windows\System\vcMwesq.exe
  C:\Windows\System\vcMwesq.exe
  2⤵
  PID:7648
- C:\Windows\System\asVtjGn.exe
  C:\Windows\System\asVtjGn.exe
  2⤵
  PID:7664
- C:\Windows\System\YofEnfi.exe
  C:\Windows\System\YofEnfi.exe
  2⤵
  PID:7680
- C:\Windows\System\oddbqqe.exe
  C:\Windows\System\oddbqqe.exe
  2⤵
  PID:7696
- C:\Windows\System\GKMfHAc.exe
  C:\Windows\System\GKMfHAc.exe
  2⤵
  PID:7720
- C:\Windows\System\rJIdbUt.exe
  C:\Windows\System\rJIdbUt.exe
  2⤵
  PID:7736
- C:\Windows\System\lCxtwtp.exe
  C:\Windows\System\lCxtwtp.exe
  2⤵
  PID:7756
- C:\Windows\System\NnGNmKO.exe
  C:\Windows\System\NnGNmKO.exe
  2⤵
  PID:7776
- C:\Windows\System\CEVicza.exe
  C:\Windows\System\CEVicza.exe
  2⤵
  PID:7792
- C:\Windows\System\HGKmKrU.exe
  C:\Windows\System\HGKmKrU.exe
  2⤵
  PID:7808
- C:\Windows\System\ihghcom.exe
  C:\Windows\System\ihghcom.exe
  2⤵
  PID:7824
- C:\Windows\System\iFdWLPV.exe
  C:\Windows\System\iFdWLPV.exe
  2⤵
  PID:7840
- C:\Windows\System\fzPbruT.exe
  C:\Windows\System\fzPbruT.exe
  2⤵
  PID:7856
- C:\Windows\System\IkXTSAG.exe
  C:\Windows\System\IkXTSAG.exe
  2⤵
  PID:7872
- C:\Windows\System\iNAlEtP.exe
  C:\Windows\System\iNAlEtP.exe
  2⤵
  PID:7892
- C:\Windows\System\JnHnBRH.exe
  C:\Windows\System\JnHnBRH.exe
  2⤵
  PID:7908
- C:\Windows\System\irMgHXP.exe
  C:\Windows\System\irMgHXP.exe
  2⤵
  PID:7924
- C:\Windows\System\RPoijrB.exe
  C:\Windows\System\RPoijrB.exe
  2⤵
  PID:7948
- C:\Windows\System\ygHKxLx.exe
  C:\Windows\System\ygHKxLx.exe
  2⤵
  PID:7964
- C:\Windows\System\hHHRSuq.exe
  C:\Windows\System\hHHRSuq.exe
  2⤵
  PID:7980
- C:\Windows\System\TGWmuPM.exe
  C:\Windows\System\TGWmuPM.exe
  2⤵
  PID:7996
- C:\Windows\System\MKLKbUV.exe
  C:\Windows\System\MKLKbUV.exe
  2⤵
  PID:8020
- C:\Windows\System\FbpTDbm.exe
  C:\Windows\System\FbpTDbm.exe
  2⤵
  PID:8040
- C:\Windows\System\rUlMRlW.exe
  C:\Windows\System\rUlMRlW.exe
  2⤵
  PID:8056
- C:\Windows\System\XybRwVf.exe
  C:\Windows\System\XybRwVf.exe
  2⤵
  PID:8072
- C:\Windows\System\hbUUGlK.exe
  C:\Windows\System\hbUUGlK.exe
  2⤵
  PID:8092
- C:\Windows\System\TDqyZoE.exe
  C:\Windows\System\TDqyZoE.exe
  2⤵
  PID:8108
- C:\Windows\System\NFdUcWm.exe
  C:\Windows\System\NFdUcWm.exe
  2⤵
  PID:8124
- C:\Windows\System\xHWvQTd.exe
  C:\Windows\System\xHWvQTd.exe
  2⤵
  PID:8144
- C:\Windows\System\WPBFsmX.exe
  C:\Windows\System\WPBFsmX.exe
  2⤵
  PID:8160
- C:\Windows\System\wdMchwm.exe
  C:\Windows\System\wdMchwm.exe
  2⤵
  PID:8180
- C:\Windows\System\VhRkVVc.exe
  C:\Windows\System\VhRkVVc.exe
  2⤵
  PID:1800
- C:\Windows\System\xlxDRuE.exe
  C:\Windows\System\xlxDRuE.exe
  2⤵
  PID:1504
- C:\Windows\System\kirwsRZ.exe
  C:\Windows\System\kirwsRZ.exe
  2⤵
  PID:6616
- C:\Windows\System\ZZCJCGz.exe
  C:\Windows\System\ZZCJCGz.exe
  2⤵
  PID:7180
- C:\Windows\System\tPJnaMv.exe
  C:\Windows\System\tPJnaMv.exe
  2⤵
  PID:2552
- C:\Windows\System\UhkztvV.exe
  C:\Windows\System\UhkztvV.exe
  2⤵
  PID:7212
- C:\Windows\System\hKmplFY.exe
  C:\Windows\System\hKmplFY.exe
  2⤵
  PID:7224
- C:\Windows\System\kmeykzr.exe
  C:\Windows\System\kmeykzr.exe
  2⤵
  PID:7300
- C:\Windows\System\wnlaTFC.exe
  C:\Windows\System\wnlaTFC.exe
  2⤵
  PID:7364
- C:\Windows\System\XqbzYpx.exe
  C:\Windows\System\XqbzYpx.exe
  2⤵
  PID:7320
- C:\Windows\System\yZPnwCV.exe
  C:\Windows\System\yZPnwCV.exe
  2⤵
  PID:7244
- C:\Windows\System\loZNhyH.exe
  C:\Windows\System\loZNhyH.exe
  2⤵
  PID:2316
- C:\Windows\System\ILOAmbW.exe
  C:\Windows\System\ILOAmbW.exe
  2⤵
  PID:2812
- C:\Windows\System\jkgGhEH.exe
  C:\Windows\System\jkgGhEH.exe
  2⤵
  PID:2440
- C:\Windows\System\THRTmsr.exe
  C:\Windows\System\THRTmsr.exe
  2⤵
  PID:7416
- C:\Windows\System\WiRkIBh.exe
  C:\Windows\System\WiRkIBh.exe
  2⤵
  PID:2348
- C:\Windows\System\iMYzuWH.exe
  C:\Windows\System\iMYzuWH.exe
  2⤵
  PID:2464
- C:\Windows\System\hhlYBAt.exe
  C:\Windows\System\hhlYBAt.exe
  2⤵
  PID:7504
- C:\Windows\System\mPgyWeN.exe
  C:\Windows\System\mPgyWeN.exe
  2⤵
  PID:7536
- C:\Windows\System\jYyseOS.exe
  C:\Windows\System\jYyseOS.exe
  2⤵
  PID:7568
- C:\Windows\System\sZrtRRD.exe
  C:\Windows\System\sZrtRRD.exe
  2⤵
  PID:7600
- C:\Windows\System\AOWyugC.exe
  C:\Windows\System\AOWyugC.exe
  2⤵
  PID:7640
- C:\Windows\System\PoJNvAN.exe
  C:\Windows\System\PoJNvAN.exe
  2⤵
  PID:7688
- C:\Windows\System\eUedSKw.exe
  C:\Windows\System\eUedSKw.exe
  2⤵
  PID:7692
- C:\Windows\System\xrsKnsi.exe
  C:\Windows\System\xrsKnsi.exe
  2⤵
  PID:7708
- C:\Windows\System\qCeHCqh.exe
  C:\Windows\System\qCeHCqh.exe
  2⤵
  PID:7772
- C:\Windows\System\gUvmTMH.exe
  C:\Windows\System\gUvmTMH.exe
  2⤵
  PID:7804
- C:\Windows\System\SNpWZOC.exe
  C:\Windows\System\SNpWZOC.exe
  2⤵
  PID:1920
- C:\Windows\System\EuCeUSM.exe
  C:\Windows\System\EuCeUSM.exe
  2⤵
  PID:7832
- C:\Windows\System\dEYwBJm.exe
  C:\Windows\System\dEYwBJm.exe
  2⤵
  PID:2592
- C:\Windows\System\EherJrw.exe
  C:\Windows\System\EherJrw.exe
  2⤵
  PID:2884
- C:\Windows\System\NrEBZLY.exe
  C:\Windows\System\NrEBZLY.exe
  2⤵
  PID:7900
- C:\Windows\System\IlJpGGH.exe
  C:\Windows\System\IlJpGGH.exe
  2⤵
  PID:7936
- C:\Windows\System\CiSuPHj.exe
  C:\Windows\System\CiSuPHj.exe
  2⤵
  PID:7916
- C:\Windows\System\wDLugiS.exe
  C:\Windows\System\wDLugiS.exe
  2⤵
  PID:8028
- C:\Windows\System\QHgsrFm.exe
  C:\Windows\System\QHgsrFm.exe
  2⤵
  PID:8064
- C:\Windows\System\yFGsaVt.exe
  C:\Windows\System\yFGsaVt.exe
  2⤵
  PID:8104
- C:\Windows\System\yzqTkDY.exe
  C:\Windows\System\yzqTkDY.exe
  2⤵
  PID:8140
- C:\Windows\System\iIvvaPL.exe
  C:\Windows\System\iIvvaPL.exe
  2⤵
  PID:8012
- C:\Windows\System\FWafeWA.exe
  C:\Windows\System\FWafeWA.exe
  2⤵
  PID:8080
- C:\Windows\System\qyiujFX.exe
  C:\Windows\System\qyiujFX.exe
  2⤵
  PID:8120
- C:\Windows\System\btxllae.exe
  C:\Windows\System\btxllae.exe
  2⤵
  PID:8168
- C:\Windows\System\qzhrHWY.exe
  C:\Windows\System\qzhrHWY.exe
  2⤵
  PID:8188
- C:\Windows\System\HfkoPuy.exe
  C:\Windows\System\HfkoPuy.exe
  2⤵
  PID:2396
- C:\Windows\System\SmsZfEu.exe
  C:\Windows\System\SmsZfEu.exe
  2⤵
  PID:7176
- C:\Windows\System\FqDulsG.exe
  C:\Windows\System\FqDulsG.exe
  2⤵
  PID:6228
- C:\Windows\System\gXiQzED.exe
  C:\Windows\System\gXiQzED.exe
  2⤵
  PID:6244
- C:\Windows\System\bVPRyWh.exe
  C:\Windows\System\bVPRyWh.exe
  2⤵
  PID:3000
- C:\Windows\System\YlrujIt.exe
  C:\Windows\System\YlrujIt.exe
  2⤵
  PID:6212
- C:\Windows\System\NevbxyG.exe
  C:\Windows\System\NevbxyG.exe
  2⤵
  PID:7256
- C:\Windows\System\vMgwecy.exe
  C:\Windows\System\vMgwecy.exe
  2⤵
  PID:6224
- C:\Windows\System\LjCOuTc.exe
  C:\Windows\System\LjCOuTc.exe
  2⤵
  PID:7476
- C:\Windows\System\gdPIvhf.exe
  C:\Windows\System\gdPIvhf.exe
  2⤵
  PID:8088
- C:\Windows\System\zsioMZM.exe
  C:\Windows\System\zsioMZM.exe
  2⤵
  PID:8036
- C:\Windows\System\ZFpUYtC.exe
  C:\Windows\System\ZFpUYtC.exe
  2⤵
  PID:8156
- C:\Windows\System\CtjsWQI.exe
  C:\Windows\System\CtjsWQI.exe
  2⤵
  PID:6508
- C:\Windows\System\gXegrKc.exe
  C:\Windows\System\gXegrKc.exe
  2⤵
  PID:6232
- C:\Windows\System\UyJiKYl.exe
  C:\Windows\System\UyJiKYl.exe
  2⤵
  PID:8172
- C:\Windows\System\jlzaPEj.exe
  C:\Windows\System\jlzaPEj.exe
  2⤵
  PID:976
- C:\Windows\System\zYaEAjY.exe
  C:\Windows\System\zYaEAjY.exe
  2⤵
  PID:6932
- C:\Windows\System\TGvfWEr.exe
  C:\Windows\System\TGvfWEr.exe
  2⤵
  PID:7444
- C:\Windows\System\tLubNdA.exe
  C:\Windows\System\tLubNdA.exe
  2⤵
  PID:6216
- C:\Windows\System\JNgTqVy.exe
  C:\Windows\System\JNgTqVy.exe
  2⤵
  PID:7820
- C:\Windows\System\pxbhghV.exe
  C:\Windows\System\pxbhghV.exe
  2⤵
  PID:7732
- C:\Windows\System\WLMQFnR.exe
  C:\Windows\System\WLMQFnR.exe
  2⤵
  PID:2668
- C:\Windows\System\yPfZNyC.exe
  C:\Windows\System\yPfZNyC.exe
  2⤵
  PID:7940
- C:\Windows\System\xrKbiMq.exe
  C:\Windows\System\xrKbiMq.exe
  2⤵
  PID:7972
- C:\Windows\System\kZQvCGB.exe
  C:\Windows\System\kZQvCGB.exe
  2⤵
  PID:7956
- C:\Windows\System\vhMWzlM.exe
  C:\Windows\System\vhMWzlM.exe
  2⤵
  PID:6680
- C:\Windows\System\UJxHnOC.exe
  C:\Windows\System\UJxHnOC.exe
  2⤵
  PID:668
- C:\Windows\System\NjUmCMC.exe
  C:\Windows\System\NjUmCMC.exe
  2⤵
  PID:7192
- C:\Windows\System\XBkDbXh.exe
  C:\Windows\System\XBkDbXh.exe
  2⤵
  PID:1868
- C:\Windows\System\IQaokOd.exe
  C:\Windows\System\IQaokOd.exe
  2⤵
  PID:6208
- C:\Windows\System\TuZwqjc.exe
  C:\Windows\System\TuZwqjc.exe
  2⤵
  PID:7316
- C:\Windows\System\CTdcjzl.exe
  C:\Windows\System\CTdcjzl.exe
  2⤵
  PID:7260
- C:\Windows\System\apgsmom.exe
  C:\Windows\System\apgsmom.exe
  2⤵
  PID:7172
- C:\Windows\System\JsRwlRY.exe
  C:\Windows\System\JsRwlRY.exe
  2⤵
  PID:2636
- C:\Windows\System\QQhmGgE.exe
  C:\Windows\System\QQhmGgE.exe
  2⤵
  PID:7460
- C:\Windows\System\NnoiznK.exe
  C:\Windows\System\NnoiznK.exe
  2⤵
  PID:7768
- C:\Windows\System\tZTVQQb.exe
  C:\Windows\System\tZTVQQb.exe
  2⤵
  PID:7932
- C:\Windows\System\yNYNdRk.exe
  C:\Windows\System\yNYNdRk.exe
  2⤵
  PID:2284
- C:\Windows\System\ZxjfFTF.exe
  C:\Windows\System\ZxjfFTF.exe
  2⤵
  PID:2092
- C:\Windows\System\YiZjxtN.exe
  C:\Windows\System\YiZjxtN.exe
  2⤵
  PID:7656
- C:\Windows\System\OMBSqAq.exe
  C:\Windows\System\OMBSqAq.exe
  2⤵
  PID:7208
- C:\Windows\System\KlcPonT.exe
  C:\Windows\System\KlcPonT.exe
  2⤵
  PID:8196
- C:\Windows\System\xPCPdqt.exe
  C:\Windows\System\xPCPdqt.exe
  2⤵
  PID:8212
- C:\Windows\System\PiKLNpN.exe
  C:\Windows\System\PiKLNpN.exe
  2⤵
  PID:8228
- C:\Windows\System\hYuAWCN.exe
  C:\Windows\System\hYuAWCN.exe
  2⤵
  PID:8244
- C:\Windows\System\ZXyXpvO.exe
  C:\Windows\System\ZXyXpvO.exe
  2⤵
  PID:8260
- C:\Windows\System\nYCzhFK.exe
  C:\Windows\System\nYCzhFK.exe
  2⤵
  PID:8276
- C:\Windows\System\savRaAx.exe
  C:\Windows\System\savRaAx.exe
  2⤵
  PID:8292
- C:\Windows\System\iwosxFX.exe
  C:\Windows\System\iwosxFX.exe
  2⤵
  PID:8312
- C:\Windows\System\XOUNEtW.exe
  C:\Windows\System\XOUNEtW.exe
  2⤵
  PID:8328
- C:\Windows\System\JRoaMCj.exe
  C:\Windows\System\JRoaMCj.exe
  2⤵
  PID:8344
- C:\Windows\System\lMrWHnI.exe
  C:\Windows\System\lMrWHnI.exe
  2⤵
  PID:8360
- C:\Windows\System\EwjCxNf.exe
  C:\Windows\System\EwjCxNf.exe
  2⤵
  PID:8376
- C:\Windows\System\BPeoPUb.exe
  C:\Windows\System\BPeoPUb.exe
  2⤵
  PID:8396
- C:\Windows\System\cFQICEO.exe
  C:\Windows\System\cFQICEO.exe
  2⤵
  PID:8412
- C:\Windows\System\MeQnaAK.exe
  C:\Windows\System\MeQnaAK.exe
  2⤵
  PID:8428
- C:\Windows\System\hcOLXGv.exe
  C:\Windows\System\hcOLXGv.exe
  2⤵
  PID:8444
- C:\Windows\System\cqbSghx.exe
  C:\Windows\System\cqbSghx.exe
  2⤵
  PID:8460
- C:\Windows\System\CmWTeCJ.exe
  C:\Windows\System\CmWTeCJ.exe
  2⤵
  PID:8476
- C:\Windows\System\OcFLIxB.exe
  C:\Windows\System\OcFLIxB.exe
  2⤵
  PID:8492
- C:\Windows\System\PbWjpRt.exe
  C:\Windows\System\PbWjpRt.exe
  2⤵
  PID:8508
- C:\Windows\System\twXFAcc.exe
  C:\Windows\System\twXFAcc.exe
  2⤵
  PID:8524
- C:\Windows\System\OvFhDjr.exe
  C:\Windows\System\OvFhDjr.exe
  2⤵
  PID:8540
- C:\Windows\System\HAXdocZ.exe
  C:\Windows\System\HAXdocZ.exe
  2⤵
  PID:8556
- C:\Windows\System\wvdLVQZ.exe
  C:\Windows\System\wvdLVQZ.exe
  2⤵
  PID:8572
- C:\Windows\System\oAraIWp.exe
  C:\Windows\System\oAraIWp.exe
  2⤵
  PID:8588
- C:\Windows\System\xrtXtnp.exe
  C:\Windows\System\xrtXtnp.exe
  2⤵
  PID:8608
- C:\Windows\System\AMVJPVz.exe
  C:\Windows\System\AMVJPVz.exe
  2⤵
  PID:8624
- C:\Windows\System\TsdSous.exe
  C:\Windows\System\TsdSous.exe
  2⤵
  PID:8644
- C:\Windows\System\ApxsvLO.exe
  C:\Windows\System\ApxsvLO.exe
  2⤵
  PID:8668
- C:\Windows\System\GmiCzGi.exe
  C:\Windows\System\GmiCzGi.exe
  2⤵
  PID:8684
- C:\Windows\System\oRDQJKk.exe
  C:\Windows\System\oRDQJKk.exe
  2⤵
  PID:8716
- C:\Windows\System\wfSVCWa.exe
  C:\Windows\System\wfSVCWa.exe
  2⤵
  PID:8732
- C:\Windows\System\KIxEauK.exe
  C:\Windows\System\KIxEauK.exe
  2⤵
  PID:8748
- C:\Windows\System\BnRIZbn.exe
  C:\Windows\System\BnRIZbn.exe
  2⤵
  PID:8764
- C:\Windows\System\iyJhMYC.exe
  C:\Windows\System\iyJhMYC.exe
  2⤵
  PID:8780
- C:\Windows\System\hQBCOgz.exe
  C:\Windows\System\hQBCOgz.exe
  2⤵
  PID:8796
- C:\Windows\System\jIhDUbz.exe
  C:\Windows\System\jIhDUbz.exe
  2⤵
  PID:8812
- C:\Windows\System\QiPAJGB.exe
  C:\Windows\System\QiPAJGB.exe
  2⤵
  PID:8828
- C:\Windows\System\zPKdcOG.exe
  C:\Windows\System\zPKdcOG.exe
  2⤵
  PID:8844
- C:\Windows\System\DqMeFCZ.exe
  C:\Windows\System\DqMeFCZ.exe
  2⤵
  PID:8860
- C:\Windows\System\fewvJtt.exe
  C:\Windows\System\fewvJtt.exe
  2⤵
  PID:8876
- C:\Windows\System\LyjbEDT.exe
  C:\Windows\System\LyjbEDT.exe
  2⤵
  PID:8892
- C:\Windows\System\VeycDzw.exe
  C:\Windows\System\VeycDzw.exe
  2⤵
  PID:8908
- C:\Windows\System\hiPcuUq.exe
  C:\Windows\System\hiPcuUq.exe
  2⤵
  PID:8924
- C:\Windows\System\nIMTXxV.exe
  C:\Windows\System\nIMTXxV.exe
  2⤵
  PID:8940
- C:\Windows\System\pKZQdoC.exe
  C:\Windows\System\pKZQdoC.exe
  2⤵
  PID:8956
- C:\Windows\System\FUxLJVR.exe
  C:\Windows\System\FUxLJVR.exe
  2⤵
  PID:8972
- C:\Windows\System\DjbMxOj.exe
  C:\Windows\System\DjbMxOj.exe
  2⤵
  PID:8988
- C:\Windows\System\QkDDRNA.exe
  C:\Windows\System\QkDDRNA.exe
  2⤵
  PID:9012
- C:\Windows\System\oHwWfFi.exe
  C:\Windows\System\oHwWfFi.exe
  2⤵
  PID:9028
- C:\Windows\System\VCJadzP.exe
  C:\Windows\System\VCJadzP.exe
  2⤵
  PID:7620
- C:\Windows\System\hXmhaxw.exe
  C:\Windows\System\hXmhaxw.exe
  2⤵
  PID:8352
- C:\Windows\System\EypRDzQ.exe
  C:\Windows\System\EypRDzQ.exe
  2⤵
  PID:8436
- C:\Windows\System\lGnWQLk.exe
  C:\Windows\System\lGnWQLk.exe
  2⤵
  PID:8500
- C:\Windows\System\YwDvGKQ.exe
  C:\Windows\System\YwDvGKQ.exe
  2⤵
  PID:8392
- C:\Windows\System\DQEqJSm.exe
  C:\Windows\System\DQEqJSm.exe
  2⤵
  PID:8424
- C:\Windows\System\stfBAkY.exe
  C:\Windows\System\stfBAkY.exe
  2⤵
  PID:8604
- C:\Windows\System\uHoVygM.exe
  C:\Windows\System\uHoVygM.exe
  2⤵
  PID:8676
- C:\Windows\System\zpNNSuM.exe
  C:\Windows\System\zpNNSuM.exe
  2⤵
  PID:8692
- C:\Windows\System\uddyZAn.exe
  C:\Windows\System\uddyZAn.exe
  2⤵
  PID:8724
- C:\Windows\System\XFtrCcq.exe
  C:\Windows\System\XFtrCcq.exe
  2⤵
  PID:8756
- C:\Windows\System\IZGkGBO.exe
  C:\Windows\System\IZGkGBO.exe
  2⤵
  PID:8820
- C:\Windows\System\ApZSFja.exe
  C:\Windows\System\ApZSFja.exe
  2⤵
  PID:8884
- C:\Windows\System\xBGXGuu.exe
  C:\Windows\System\xBGXGuu.exe
  2⤵
  PID:8952
- C:\Windows\System\gKZBybR.exe
  C:\Windows\System\gKZBybR.exe
  2⤵
  PID:8776
- C:\Windows\System\nmvjzUs.exe
  C:\Windows\System\nmvjzUs.exe
  2⤵
  PID:8872
- C:\Windows\System\RmtrKAq.exe
  C:\Windows\System\RmtrKAq.exe
  2⤵
  PID:8840
- C:\Windows\System\wZOpmtv.exe
  C:\Windows\System\wZOpmtv.exe
  2⤵
  PID:8932
- C:\Windows\System\OxaYlvb.exe
  C:\Windows\System\OxaYlvb.exe
  2⤵
  PID:8996
- C:\Windows\System\SmOscdE.exe
  C:\Windows\System\SmOscdE.exe
  2⤵
  PID:9020
- C:\Windows\System\OdiJtKw.exe
  C:\Windows\System\OdiJtKw.exe
  2⤵
  PID:9044
- C:\Windows\System\riZpwsb.exe
  C:\Windows\System\riZpwsb.exe
  2⤵
  PID:9064
- C:\Windows\System\JCdBNWc.exe
  C:\Windows\System\JCdBNWc.exe
  2⤵
  PID:9088
- C:\Windows\System\VxOXzyv.exe
  C:\Windows\System\VxOXzyv.exe
  2⤵
  PID:9100
- C:\Windows\System\widIeMQ.exe
  C:\Windows\System\widIeMQ.exe
  2⤵
  PID:9116
- C:\Windows\System\dJGZXlt.exe
  C:\Windows\System\dJGZXlt.exe
  2⤵
  PID:9132
- C:\Windows\System\vaqPiin.exe
  C:\Windows\System\vaqPiin.exe
  2⤵
  PID:9148
- C:\Windows\System\MXhQQji.exe
  C:\Windows\System\MXhQQji.exe
  2⤵
  PID:9168
- C:\Windows\System\vdQutoP.exe
  C:\Windows\System\vdQutoP.exe
  2⤵
  PID:9184
- C:\Windows\System\SnHKkoL.exe
  C:\Windows\System\SnHKkoL.exe
  2⤵
  PID:9200
- C:\Windows\System\MDHJqgo.exe
  C:\Windows\System\MDHJqgo.exe
  2⤵
  PID:8204
- C:\Windows\System\LDcuIpl.exe
  C:\Windows\System\LDcuIpl.exe
  2⤵
  PID:7584
- C:\Windows\System\beUmtFW.exe
  C:\Windows\System\beUmtFW.exe
  2⤵
  PID:7884
- C:\Windows\System\AvlfBuj.exe
  C:\Windows\System\AvlfBuj.exe
  2⤵
  PID:2452
- C:\Windows\System\fgLjDwE.exe
  C:\Windows\System\fgLjDwE.exe
  2⤵
  PID:8300
- C:\Windows\System\AxxKGHi.exe
  C:\Windows\System\AxxKGHi.exe
  2⤵
  PID:7064
- C:\Windows\System\yyhwhwo.exe
  C:\Windows\System\yyhwhwo.exe
  2⤵
  PID:8320
- C:\Windows\System\ORNtBeU.exe
  C:\Windows\System\ORNtBeU.exe
  2⤵
  PID:8224
- C:\Windows\System\FVpfRLh.exe
  C:\Windows\System\FVpfRLh.exe
  2⤵
  PID:7284
- C:\Windows\System\tLNkAJL.exe
  C:\Windows\System\tLNkAJL.exe
  2⤵
  PID:8256
- C:\Windows\System\gHbpmqD.exe
  C:\Windows\System\gHbpmqD.exe
  2⤵
  PID:8536
- C:\Windows\System\CgbksPZ.exe
  C:\Windows\System\CgbksPZ.exe
  2⤵
  PID:8388
- C:\Windows\System\NQtJKGH.exe
  C:\Windows\System\NQtJKGH.exe
  2⤵
  PID:8520
- C:\Windows\System\yJMzCwo.exe
  C:\Windows\System\yJMzCwo.exe
  2⤵
  PID:8568
- C:\Windows\System\sWtJlTM.exe
  C:\Windows\System\sWtJlTM.exe
  2⤵
  PID:8636
- C:\Windows\System\qOjvVqU.exe
  C:\Windows\System\qOjvVqU.exe
  2⤵
  PID:8664
- C:\Windows\System\nfgNZdP.exe
  C:\Windows\System\nfgNZdP.exe
  2⤵
  PID:8792
- C:\Windows\System\HxFrIhG.exe
  C:\Windows\System\HxFrIhG.exe
  2⤵
  PID:8772
- C:\Windows\System\oheZOqa.exe
  C:\Windows\System\oheZOqa.exe
  2⤵
  PID:9024
- C:\Windows\System\uWLRnRQ.exe
  C:\Windows\System\uWLRnRQ.exe
  2⤵
  PID:9060
- C:\Windows\System\qPqWEtB.exe
  C:\Windows\System\qPqWEtB.exe
  2⤵
  PID:9128
- C:\Windows\System\KSoHNOz.exe
  C:\Windows\System\KSoHNOz.exe
  2⤵
  PID:9156
- C:\Windows\System\radVyJf.exe
  C:\Windows\System\radVyJf.exe
  2⤵
  PID:8804
- C:\Windows\System\gHcWlJx.exe
  C:\Windows\System\gHcWlJx.exe
  2⤵
  PID:8304
- C:\Windows\System\xmWUNbc.exe
  C:\Windows\System\xmWUNbc.exe
  2⤵
  PID:8308
- C:\Windows\System\JHqmpSt.exe
  C:\Windows\System\JHqmpSt.exe
  2⤵
  PID:7396
- C:\Windows\System\akBvaqy.exe
  C:\Windows\System\akBvaqy.exe
  2⤵
  PID:8052
- C:\Windows\System\jXlDOVs.exe
  C:\Windows\System\jXlDOVs.exe
  2⤵
  PID:7704
- C:\Windows\System\RLLBQHB.exe
  C:\Windows\System\RLLBQHB.exe
  2⤵
  PID:8472
- C:\Windows\System\eRqULcn.exe
  C:\Windows\System\eRqULcn.exe
  2⤵
  PID:8340
- C:\Windows\System\zRnoUNZ.exe
  C:\Windows\System\zRnoUNZ.exe
  2⤵
  PID:8596
- C:\Windows\System\LvgQqKB.exe
  C:\Windows\System\LvgQqKB.exe
  2⤵
  PID:8564
- C:\Windows\System\zCVkXbB.exe
  C:\Windows\System\zCVkXbB.exe
  2⤵
  PID:8372
- C:\Windows\System\RTxhWEu.exe
  C:\Windows\System\RTxhWEu.exe
  2⤵
  PID:8728
- C:\Windows\System\KgSwrSw.exe
  C:\Windows\System\KgSwrSw.exe
  2⤵
  PID:8904
- C:\Windows\System\VCTQCVh.exe
  C:\Windows\System\VCTQCVh.exe
  2⤵
  PID:9008
- C:\Windows\System\abRdSxq.exe
  C:\Windows\System\abRdSxq.exe
  2⤵
  PID:8964
- C:\Windows\System\WWYKPiK.exe
  C:\Windows\System\WWYKPiK.exe
  2⤵
  PID:9076
- C:\Windows\System\VuxOaPb.exe
  C:\Windows\System\VuxOaPb.exe
  2⤵
  PID:9140
- C:\Windows\System\FZePzQl.exe
  C:\Windows\System\FZePzQl.exe
  2⤵
  PID:9180
- C:\Windows\System\XztsjeR.exe
  C:\Windows\System\XztsjeR.exe
  2⤵
  PID:7448
- C:\Windows\System\dfwgEFg.exe
  C:\Windows\System\dfwgEFg.exe
  2⤵
  PID:9048
- C:\Windows\System\ChLyEBp.exe
  C:\Windows\System\ChLyEBp.exe
  2⤵
  PID:8488
- C:\Windows\System\eZThPfF.exe
  C:\Windows\System\eZThPfF.exe
  2⤵
  PID:992
- C:\Windows\System\gubvrXK.exe
  C:\Windows\System\gubvrXK.exe
  2⤵
  PID:8632
- C:\Windows\System\xgwFngB.exe
  C:\Windows\System\xgwFngB.exe
  2⤵
  PID:8700
- C:\Windows\System\joadtHt.exe
  C:\Windows\System\joadtHt.exe
  2⤵
  PID:2748
- C:\Windows\System\ZphDTYO.exe
  C:\Windows\System\ZphDTYO.exe
  2⤵
  PID:9232
- C:\Windows\System\vyFRKlN.exe
  C:\Windows\System\vyFRKlN.exe
  2⤵
  PID:9248
- C:\Windows\System\JeCqbmT.exe
  C:\Windows\System\JeCqbmT.exe
  2⤵
  PID:9268
- C:\Windows\System\ngRfSOh.exe
  C:\Windows\System\ngRfSOh.exe
  2⤵
  PID:9308
- C:\Windows\System\ttFazVO.exe
  C:\Windows\System\ttFazVO.exe
  2⤵
  PID:9332
- C:\Windows\System\jKQMkqb.exe
  C:\Windows\System\jKQMkqb.exe
  2⤵
  PID:9356
- C:\Windows\System\AANlgVx.exe
  C:\Windows\System\AANlgVx.exe
  2⤵
  PID:9484
- C:\Windows\System\ubcFxGW.exe
  C:\Windows\System\ubcFxGW.exe
  2⤵
  PID:9504
- C:\Windows\System\QNPZdvr.exe
  C:\Windows\System\QNPZdvr.exe
  2⤵
  PID:9632
- C:\Windows\System\pnOHjKB.exe
  C:\Windows\System\pnOHjKB.exe
  2⤵
  PID:9652
- C:\Windows\System\JzCfIPP.exe
  C:\Windows\System\JzCfIPP.exe
  2⤵
  PID:9680
- C:\Windows\System\jpBtdVA.exe
  C:\Windows\System\jpBtdVA.exe
  2⤵
  PID:9712
- C:\Windows\System\IqklYDk.exe
  C:\Windows\System\IqklYDk.exe
  2⤵
  PID:9732
- C:\Windows\System\JQPAgYf.exe
  C:\Windows\System\JQPAgYf.exe
  2⤵
  PID:9756
- C:\Windows\System\LqmIYsR.exe
  C:\Windows\System\LqmIYsR.exe
  2⤵
  PID:9772
- C:\Windows\System\ZlByYjO.exe
  C:\Windows\System\ZlByYjO.exe
  2⤵
  PID:9788
- C:\Windows\System\EctcRie.exe
  C:\Windows\System\EctcRie.exe
  2⤵
  PID:9804
- C:\Windows\System\WXYJoRQ.exe
  C:\Windows\System\WXYJoRQ.exe
  2⤵
  PID:9820
- C:\Windows\System\ADfHwJF.exe
  C:\Windows\System\ADfHwJF.exe
  2⤵
  PID:9836
- C:\Windows\System\kPcZkIb.exe
  C:\Windows\System\kPcZkIb.exe
  2⤵
  PID:9852
- C:\Windows\System\LYwVJFb.exe
  C:\Windows\System\LYwVJFb.exe
  2⤵
  PID:9872
- C:\Windows\System\jBERwPw.exe
  C:\Windows\System\jBERwPw.exe
  2⤵
  PID:9892
- C:\Windows\System\YXUgpdr.exe
  C:\Windows\System\YXUgpdr.exe
  2⤵
  PID:9916
- C:\Windows\System\pkmUjOZ.exe
  C:\Windows\System\pkmUjOZ.exe
  2⤵
  PID:9932
- C:\Windows\System\gRmFUEL.exe
  C:\Windows\System\gRmFUEL.exe
  2⤵
  PID:9952
- C:\Windows\System\NzzKTeT.exe
  C:\Windows\System\NzzKTeT.exe
  2⤵
  PID:9968
- C:\Windows\System\ScyoqUd.exe
  C:\Windows\System\ScyoqUd.exe
  2⤵
  PID:9984
- C:\Windows\System\RcicHjv.exe
  C:\Windows\System\RcicHjv.exe
  2⤵
  PID:10000
- C:\Windows\System\zoMXoDz.exe
  C:\Windows\System\zoMXoDz.exe
  2⤵
  PID:10016
- C:\Windows\System\KEfpcCQ.exe
  C:\Windows\System\KEfpcCQ.exe
  2⤵
  PID:10032
- C:\Windows\System\NVmtRFA.exe
  C:\Windows\System\NVmtRFA.exe
  2⤵
  PID:10048
- C:\Windows\System\iYjbpqy.exe
  C:\Windows\System\iYjbpqy.exe
  2⤵
  PID:10068
- C:\Windows\System\garZiuB.exe
  C:\Windows\System\garZiuB.exe
  2⤵
  PID:10100
- C:\Windows\System\GZOcRLF.exe
  C:\Windows\System\GZOcRLF.exe
  2⤵
  PID:10116
- C:\Windows\System\tReqibs.exe
  C:\Windows\System\tReqibs.exe
  2⤵
  PID:10132
- C:\Windows\System\yiaRSwu.exe
  C:\Windows\System\yiaRSwu.exe
  2⤵
  PID:10148
- C:\Windows\System\vFslEVO.exe
  C:\Windows\System\vFslEVO.exe
  2⤵
  PID:10164
- C:\Windows\System\qpIjqCf.exe
  C:\Windows\System\qpIjqCf.exe
  2⤵
  PID:10180
- C:\Windows\System\rmtzCkC.exe
  C:\Windows\System\rmtzCkC.exe
  2⤵
  PID:10196
- C:\Windows\System\gVPmMGJ.exe
  C:\Windows\System\gVPmMGJ.exe
  2⤵
  PID:10212
- C:\Windows\System\mVxWMth.exe
  C:\Windows\System\mVxWMth.exe
  2⤵
  PID:10228
- C:\Windows\System\TPyGdfO.exe
  C:\Windows\System\TPyGdfO.exe
  2⤵
  PID:9196
- C:\Windows\System\kaCrqwj.exe
  C:\Windows\System\kaCrqwj.exe
  2⤵
  PID:9192
- C:\Windows\System\PddKMpf.exe
  C:\Windows\System\PddKMpf.exe
  2⤵
  PID:8516
- C:\Windows\System\QQwfWcM.exe
  C:\Windows\System\QQwfWcM.exe
  2⤵
  PID:8420
- C:\Windows\System\czeCvSV.exe
  C:\Windows\System\czeCvSV.exe
  2⤵
  PID:8788
- C:\Windows\System\mAHtkae.exe
  C:\Windows\System\mAHtkae.exe
  2⤵
  PID:9228
- C:\Windows\System\cTRGjSf.exe
  C:\Windows\System\cTRGjSf.exe
  2⤵
  PID:8852
- C:\Windows\System\PlLcyGO.exe
  C:\Windows\System\PlLcyGO.exe
  2⤵
  PID:9292
- C:\Windows\System\RBfOWjw.exe
  C:\Windows\System\RBfOWjw.exe
  2⤵
  PID:9316
- C:\Windows\System\bKTuDLx.exe
  C:\Windows\System\bKTuDLx.exe
  2⤵
  PID:9340
- C:\Windows\System\cgCqvGF.exe
  C:\Windows\System\cgCqvGF.exe
  2⤵
  PID:9364
- C:\Windows\System\EBstWzg.exe
  C:\Windows\System\EBstWzg.exe
  2⤵
  PID:9384
- C:\Windows\System\IubYTCb.exe
  C:\Windows\System\IubYTCb.exe
  2⤵
  PID:9428
- C:\Windows\System\iahjPXx.exe
  C:\Windows\System\iahjPXx.exe
  2⤵
  PID:9448
- C:\Windows\System\NkmzyiJ.exe
  C:\Windows\System\NkmzyiJ.exe
  2⤵
  PID:9416
- C:\Windows\System\AUmDDyz.exe
  C:\Windows\System\AUmDDyz.exe
  2⤵
  PID:9496
- C:\Windows\System\wYzvrqk.exe
  C:\Windows\System\wYzvrqk.exe
  2⤵
  PID:9528
- C:\Windows\System\EBOtpRI.exe
  C:\Windows\System\EBOtpRI.exe
  2⤵
  PID:9600
- C:\Windows\System\VrPfEwX.exe
  C:\Windows\System\VrPfEwX.exe
  2⤵
  PID:9536
- C:\Windows\System\ghQRZHA.exe
  C:\Windows\System\ghQRZHA.exe
  2⤵
  PID:9568
- C:\Windows\System\xhXjWyT.exe
  C:\Windows\System\xhXjWyT.exe
  2⤵
  PID:9592
- C:\Windows\System\poCTFep.exe
  C:\Windows\System\poCTFep.exe
  2⤵
  PID:9612
- C:\Windows\System\VkKmSpt.exe
  C:\Windows\System\VkKmSpt.exe
  2⤵
  PID:9660
- C:\Windows\System\aztagqx.exe
  C:\Windows\System\aztagqx.exe
  2⤵
  PID:7752
- C:\Windows\System\yLxyaaq.exe
  C:\Windows\System\yLxyaaq.exe
  2⤵
  PID:9704
- C:\Windows\System\sBiQmtR.exe
  C:\Windows\System\sBiQmtR.exe
  2⤵
  PID:10012
- C:\Windows\System\aMLSYoZ.exe
  C:\Windows\System\aMLSYoZ.exe
  2⤵
  PID:10080
- C:\Windows\System\UmcpZUH.exe
  C:\Windows\System\UmcpZUH.exe
  2⤵
  PID:10096
- C:\Windows\System\JIrjySS.exe
  C:\Windows\System\JIrjySS.exe
  2⤵
  PID:10160
- C:\Windows\System\kjsoFaC.exe
  C:\Windows\System\kjsoFaC.exe
  2⤵
  PID:10224
- C:\Windows\System\ZGOXyFN.exe
  C:\Windows\System\ZGOXyFN.exe
  2⤵
  PID:8968
- C:\Windows\System\GDbMdqC.exe
  C:\Windows\System\GDbMdqC.exe
  2⤵
  PID:8656
- C:\Windows\System\zbfaVTn.exe
  C:\Windows\System\zbfaVTn.exe
  2⤵
  PID:9388
- C:\Windows\System\OTbKLPf.exe
  C:\Windows\System\OTbKLPf.exe
  2⤵
  PID:9480
- C:\Windows\System\KDSGKyT.exe
  C:\Windows\System\KDSGKyT.exe
  2⤵
  PID:9532
- C:\Windows\System\aHjWPko.exe
  C:\Windows\System\aHjWPko.exe
  2⤵
  PID:9392
- C:\Windows\System\IAaFVXa.exe
  C:\Windows\System\IAaFVXa.exe
  2⤵
  PID:9560
- C:\Windows\System\tNrCULk.exe
  C:\Windows\System\tNrCULk.exe
  2⤵
  PID:9816
- C:\Windows\System\FUJGIDH.exe
  C:\Windows\System\FUJGIDH.exe
  2⤵
  PID:9884
- C:\Windows\System\jbYokAB.exe
  C:\Windows\System\jbYokAB.exe
  2⤵
  PID:9960
- C:\Windows\System\bMnSPcV.exe
  C:\Windows\System\bMnSPcV.exe
  2⤵
  PID:9996
- C:\Windows\System\GEgoLgM.exe
  C:\Windows\System\GEgoLgM.exe
  2⤵
  PID:10060
- C:\Windows\System\qirOtvz.exe
  C:\Windows\System\qirOtvz.exe
  2⤵
  PID:10144
- C:\Windows\System\eJjgaHR.exe
  C:\Windows\System\eJjgaHR.exe
  2⤵
  PID:10208
- C:\Windows\System\TtaahLs.exe
  C:\Windows\System\TtaahLs.exe
  2⤵
  PID:9244
- C:\Windows\System\vOTHhkF.exe
  C:\Windows\System\vOTHhkF.exe
  2⤵
  PID:8916
- C:\Windows\System\GtotWGX.exe
  C:\Windows\System\GtotWGX.exe
  2⤵
  PID:9400
- C:\Windows\System\sjYNeSh.exe
  C:\Windows\System\sjYNeSh.exe
  2⤵
  PID:9468
- C:\Windows\System\zgYyxnH.exe
  C:\Windows\System\zgYyxnH.exe
  2⤵
  PID:9700
- C:\Windows\System\jQdTqCa.exe
  C:\Windows\System\jQdTqCa.exe
  2⤵
  PID:9748
- C:\Windows\System\XfHCjQC.exe
  C:\Windows\System\XfHCjQC.exe
  2⤵
  PID:9768
- C:\Windows\System\rItsoNb.exe
  C:\Windows\System\rItsoNb.exe
  2⤵
  PID:9832
- C:\Windows\System\MWyFIpQ.exe
  C:\Windows\System\MWyFIpQ.exe
  2⤵
  PID:9868
- C:\Windows\System\SxvsaMl.exe
  C:\Windows\System\SxvsaMl.exe
  2⤵
  PID:9948
- C:\Windows\System\jtVSjbt.exe
  C:\Windows\System\jtVSjbt.exe
  2⤵
  PID:9328
- C:\Windows\System\LlsVmKm.exe
  C:\Windows\System\LlsVmKm.exe
  2⤵
  PID:9460
- C:\Windows\System\QcYvRGx.exe
  C:\Windows\System\QcYvRGx.exe
  2⤵
  PID:9556
- C:\Windows\System\oXSoiKj.exe
  C:\Windows\System\oXSoiKj.exe
  2⤵
  PID:9880
- C:\Windows\System\GZyXOyF.exe
  C:\Windows\System\GZyXOyF.exe
  2⤵
  PID:10092
- C:\Windows\System\eoVmaHO.exe
  C:\Windows\System\eoVmaHO.exe
  2⤵
  PID:9572
- C:\Windows\System\OkUbngQ.exe
  C:\Windows\System\OkUbngQ.exe
  2⤵
  PID:9928
- C:\Windows\System\nuSVvxS.exe
  C:\Windows\System\nuSVvxS.exe
  2⤵
  PID:9304
- C:\Windows\System\hHpRPqx.exe
  C:\Windows\System\hHpRPqx.exe
  2⤵
  PID:10204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AMmiwrB.exe

Filesize
6.0MB

MD5
d30eb08c4e607b1e6f0d3956d91362c2

SHA1
318c5239a8db1d7a8bb55a3d52785f7b4a80c947

SHA256
6dcb904d8fb965230d2e6b38a2b47c9b90bb241d77690fe63aa836939fe876a8

SHA512
46cd58465c5a212275fa3226c819a91f97c31de4054fcbb9ee0eab3b3702f69cee821b65e777e4fc525f68d82d1109943282fe61fc6e80fb2c3cf8a4fbf5a041

Download Submit
C:\Windows\system\BADDuUM.exe

Filesize
6.0MB

MD5
511d82962b8e27c9394a7a0502a952a2

SHA1
30c8a1b29d057be2c3038ba710ba030361816c99

SHA256
e2256afd430bbc70fdbe5fac9c13dc95f2102e88646a2c925d87d6b6a2a3d6fe

SHA512
138a69f231b2029b3a5c5d21f79a672506773c529c51f587685c9250f9f043827039aab208f345f38ba566bd315aa2910f7de046cf7c0a6f7896a5165a5c14f7

Download Submit
C:\Windows\system\BubgwQj.exe

Filesize
6.0MB

MD5
c51276acd1a506a8d919048cd0a53394

SHA1
6c0e5cf53a0284217ed379c6b7bbc8169d6fd9a0

SHA256
4ccdfe2e29bf7b98b4b0059da0df961907e38232b4d989dc7e2979a836d764bf

SHA512
4dea17e8925042307b0b585ea483e5cf697d1f945a9ad61c214cfa90b84e683dd6b58b7ea19f453c974266283c3543443ddf4f597e27b462252725ebb6e4d872

Download Submit
C:\Windows\system\DgAJhPh.exe

Filesize
6.0MB

MD5
ea17f27a13842742ed78493f6c354dcf

SHA1
4186cf410f63a4631ef02a1790c29c7425f0a2d8

SHA256
e1ce00d6de554caa0f19dce1191692a30ff6f64ae704cb7fce6184a109786f38

SHA512
3f07fcaf6035bb5b723d9562ba6016545d07740520619e7c883154cd3998a55e20b9e773f011f860e260bd878dc79cdbe39d21f5ed72e2924465bdcb30b55deb

Download Submit
C:\Windows\system\FBSieSt.exe

Filesize
6.0MB

MD5
a2e3468f5cce9ee6bf3ce0cac7295ced

SHA1
4063ef5360871b803b2875bffcbc8f8635711bc4

SHA256
e76c9ff17d79ad4365c2db3c7b9cef997deb742ea7a321df10942790876df9da

SHA512
0fa0d84c8ec4aae24e0c1850d16d75ffb9e851ac5c797a86af29552d7a44373631b7afa492942a5ce95cc74d646fa8c909205174a2d61cfbc8ea6806deadd069

Download Submit
C:\Windows\system\GxfiIdR.exe

Filesize
6.0MB

MD5
48ccb692c721e3fdef5635777282034a

SHA1
312e0cad8167cc6395f46fbe52568af7ec77454e

SHA256
835c65e75540d93f824f6bcc7d45f1a9da3ffe26ba280b8fec479ebd3ca31840

SHA512
5c4e4841ea35d485a349ee946822bed74c01f46e34e1385b71bce33c264b286cebd96432072a774e3117ed103b5f4e6a6b74ff85eb2606d469392156f41f3baa

Download Submit
C:\Windows\system\PChDKTt.exe

Filesize
6.0MB

MD5
f94ba6285ef8eb671cfbe3075fe24d5a

SHA1
683f01ea07fb917dab6e9b2f8b715048adaf6e0f

SHA256
457ff6975c709e86dccd0aedf3ab853429b4225f83a60ce3730f9ffc656010cd

SHA512
3d8e02fd715c25075811c57f294b43df42d885282966bc1901266b01bb58e3bfe4c9527c725e0f8b9bcb5fa069b48a16d8fb4f054eb8cd7d76155fa707288cc6

Download Submit
C:\Windows\system\QGBWVJy.exe

Filesize
6.0MB

MD5
8ff9a3827cf127e988b863665c901fa5

SHA1
fa9bc976ef7a25c3e0da74e294278bd5df8ef274

SHA256
2b2a711ccf8c294f99119e3efe9653a4a8fc737d46fb794647abcd5835cfd418

SHA512
be4b608b0159884ca3f92252a788785cdc409fb64766ad3ed86cd97fd32890d3379d78322e371f4b53e755ee67c2ee06b10db4a567971f6d32049cb7e1e50dba

Download Submit
C:\Windows\system\QUJexxN.exe

Filesize
6.0MB

MD5
0e7642bf609f335e04ae670d7c067485

SHA1
1325787a609034859ff493bab59cfb3d410167fd

SHA256
42f0275ec4f16e852ff7806c364d9b452e16e3306487ba8f967129b0587ed940

SHA512
a668dce75c4c09ae2edd9ce7ae81de559fa4d5e582c482f3fdf61991c4dcf20a0902d5f29bc4688466f3ce1b73f3db7a81191f988da75fbbc1eb318eaf4120b9

Download Submit
C:\Windows\system\RfCfRcl.exe

Filesize
6.0MB

MD5
7bee26d8e50849775029bc992ac2cccb

SHA1
05d2866d6d22a4ba4ee15f63a85d96fd3bddcbab

SHA256
2f6f9a69aac500642594f9a1571442a2629dcd1ff8d4a36157a2db6d494cd015

SHA512
0c018e2c111150b740a0bc3439654803e0274d180dd8093b11d63fcc2c0627118e82d8156e758b3e9913b54944607119e6ea121214993b72bb9c2c0718a47835

Download Submit
C:\Windows\system\RsoExlB.exe

Filesize
6.0MB

MD5
061fc3ed2556ea269b2e85f62892717b

SHA1
f220b17d5639947c746daa5513397c04dbdc99e6

SHA256
12586cd79c6b67a813bd19657dead7a7428c4f04bf60d972aa549ed2507457e3

SHA512
17db1069f7d33a7c6a8f7b7b98042398c505932495e88fad09df8cab21702540e9d009b6376dfbba2b03cb3208772a3ee451134b1661c84581aa855d1e1227ff

Download Submit
C:\Windows\system\XLorjeH.exe

Filesize
6.0MB

MD5
d12b56ad55ebdc409460524c7a4b9ffc

SHA1
805b164f7feb61a6ff7f236c4bba9d35417a8302

SHA256
eac7d8b3e50d7a5a4b5519b38088c8ac80f9bdc7f2e73c15be24e1263ab572ed

SHA512
83eeee40a036d1cba88cacc5993144242d35f9c955e85730a4093e1b376f9b2b2bab4525f329eb6eb2c3c00d2080cd0a8f7a2c47807385bb855ee107f6c00b87

Download Submit
C:\Windows\system\XXEjUQh.exe

Filesize
6.0MB

MD5
42449705a8c6202501935d2576cce088

SHA1
a10f62887d1de3946f44a4f8b2bc3154dc0077bb

SHA256
45d53ddf0ad1b5bae228d218d617080197789802be81e5634eb75ef2f6995e06

SHA512
5ebbfd41a9403abc9c658945aecee1494ba032cddb9658862026d7e3af37934a35666686b625c6e12a116263624f302ca7cc6c71c6f839dbbe09df6915686e69

Download Submit
C:\Windows\system\YySIWCI.exe

Filesize
6.0MB

MD5
fd041b629d9a33ac956eec59e72ffaf7

SHA1
6e51054963dfa22ce7498ac4f98cc2754a091410

SHA256
a93fa5d39c33722db032d4927ca2f7861e4af62b2b0b11a82dfddd46fb3fb726

SHA512
f80a5097e20951f793a20c88b9c3ad805204e48df416df4e536d47989398a1f87424335c4413e6deaa876801a4abc8e9cace01af1a35a6a3b3e79e8bcfc850ae

Download Submit
C:\Windows\system\dOjSiHH.exe

Filesize
6.0MB

MD5
fc9e1be653a12d3de085f5d5f1e4bf02

SHA1
edd7feaf083bf2254ee45dcb30d923b517612f06

SHA256
7fe32f4d8df3fd9c4081abe8f4319bb6080bb2f08d4ee59a67acb3881dddd584

SHA512
f61e58460e8634f624a7c7cbe4f88f4f7355560cdfa325738c5013314592655def526e0a4c5b0dd9cc651f85c7d4fbde35f1bb78e0bbcc1d96748bb15dd813d0

Download Submit
C:\Windows\system\fNwdDFM.exe

Filesize
6.0MB

MD5
7f94f6b47934eab429b0879f268efa11

SHA1
22054abfc489606a6d045d3c04c0f77646f9a27a

SHA256
c157d4c059d0ad8da44c3d813d63dcfe35a8b8b4825b29af33f59c95a8aaac35

SHA512
77b7bbedd14ab8d4cd44dac5c3902e260b5ecd87f37f2fe2c548a62eb2ea2b0adfdb7f2d2687fd97505c47d0dc9be74e2f6e48e85c1f526084a0ee589f9759ad

Download Submit
C:\Windows\system\fRaylXm.exe

Filesize
6.0MB

MD5
0b6611d516bf6638df5f5609a3e9b0db

SHA1
986d2fea40f18dce40a69c053ab6abcb9415e113

SHA256
f32544177a2822a1ff5d6febe333ed8a0b9246d7249c1279c00449bd12df146a

SHA512
fb7cff42796165afc3163c9301bfb9a51b4b3394ff688c2143c7416257c7277add130d56648fb049ee6b5fd995f07268dedcd35889a2a44a1b7ef1375823b488

Download Submit
C:\Windows\system\fXthkkV.exe

Filesize
6.0MB

MD5
a96e7d1d8f1307778214858f88bc8c06

SHA1
f622c2024a9ef4679cdce119c691c96f5ea3ab28

SHA256
00ce0e182ae8e5c25e4ad06bd2c17d2217091b3b3017ea19655ce0150626c72a

SHA512
71d305a50ecc601e7fb42e3221bf1bf343579d02d1609d2448906fea34eac62f7acf65c918cebd730f0e032b7d488fc2ab993d7246a8a80df18d6e983f6098b2

Download Submit
C:\Windows\system\jwLWSWK.exe

Filesize
6.0MB

MD5
1fa5b81e25efae6d00b4aebd42334780

SHA1
ff47408fe9915672cba18b8c33fdac0e3f3bdcb2

SHA256
4eff84c61809993ccf558e7c1239a5a24ac1ae1e421746914654ba3b79ed858e

SHA512
3faedcd022632adb33da544fa6298df488bb31461ea0465c70ca347575699e6bcc2600c9244ae3821a5fbaaa3845beda69d5e9cedfc1334d8897e5a542cae47f

Download Submit
C:\Windows\system\mjMDMqD.exe

Filesize
6.0MB

MD5
e02a730ac14c88d52794d53a8c48f075

SHA1
68aee849b98eb4cebdd428d20ba9dad0f3d582de

SHA256
e0448c9666e68e1b69998632c68bf0f6516b130d9cdba0504a2d84681de4d53c

SHA512
c3b7a84fc2efaed738522fe65d68e8f23e7f454c332c36913300193083fd65ff126182024a3e6aad4f75dfda1a152eb4fb6d92b2f9985ddc2e2db614b9e61445

Download Submit
C:\Windows\system\nCnpBvE.exe

Filesize
6.0MB

MD5
034245aacfc80367df9eb462d6397d28

SHA1
ebde18a790780d68901a24ac05ff70c0656e6fd8

SHA256
84fe08d7c26b5f4fd0e4b325409df93c5cc0986417b170534e81ac98d4250f0a

SHA512
09c361e95786808fe561757af86bdae974671e84e03edd456c68e26a837da2f031eae3d45a0b8d61598c0883658d13a4e0ce67ea18cf8fd739cf7894f95c37e2

Download Submit
C:\Windows\system\oXzrCVq.exe

Filesize
6.0MB

MD5
33881d3ea94d4b08474e43806f3fb148

SHA1
1522b43601de3b52ee68fcbc2fdf8b43e00be8d1

SHA256
e5615fbcb2d3ab504ac63138110030047ea3d8d80608f3a4ce13a8a9a5d2952e

SHA512
b4250ef28decfba3903e8b66a14e4f2658f6c175b8ddbfcd39764a0b779579ebb5351e44444743fb763bb60b141f25c14b6f210900c12bcbe72cb2909534896e

Download Submit
C:\Windows\system\rHYvLuo.exe

Filesize
6.0MB

MD5
d009cfeca6539ec55256653d0a1c0039

SHA1
d63f292f008fe8e760a4c7067ac124e39ba49579

SHA256
25150e61df50fd07c456f4f25669d0148487423950103eaee3e8f4e1080510de

SHA512
23cfa53cf62dc053b277071a24b5e7ce95b5d9a97c5edb4f25a460e319a875e70d5d3b5a71a22ce21545470790cac8094569bf6267a6909e47e74dea1177c1bf

Download Submit
C:\Windows\system\usVgJCF.exe

Filesize
6.0MB

MD5
5b1e40bad6249ba4ed8071ffc61c7b31

SHA1
3bb14dc10ba95404476cd30fa1a7c7afebc7eb87

SHA256
8fd846876fbefaef04c7a32be282e4630633deb47479c6c594520bccef1a8367

SHA512
c40058f12a41aae309f2703401e934bb418f7180b7aa36a8e48affc82b4dc3eff3eb7a0cfc9aae71c31a32c6e09d7d825543b9733e783427dfd4f5a8204786ce

Download Submit
C:\Windows\system\vNwiUkd.exe

Filesize
6.0MB

MD5
9739e50ce2a8d8700cb2ccf015108e7f

SHA1
42fb659a71943975d241f884b249a40fd10c3a76

SHA256
7de52e5e9f6ddf1a3687cfbe1166dab96184b799c71ced174c073a229c7031ad

SHA512
210e6b028de489f8ab93a7900ab507ebdeae234f8e8fe2d5c0d7f8ec535570110abd5e34e82085f31c271a07c5036777d80acd5ae586fe7fc0f119babd0f7d79

Download Submit
C:\Windows\system\wwLTbSR.exe

Filesize
6.0MB

MD5
f6977bdca356d3d051d58411d02676b4

SHA1
9935ce9fede7f5c91819749a532959b7da4285b9

SHA256
300b2a66498f283abcfaaef544c1b54f47a4b2f5f1ff67b06840364bb1ee1435

SHA512
817a2badea561308a75719ab939f506e3750fbdd48885e86ecfad9042d8a2ed5796a0eb4a51a860750d2424228c43da53825c8f98e6aba4e117bedc4e369cf3e

Download Submit
C:\Windows\system\xiInYVb.exe

Filesize
6.0MB

MD5
14b8028a84b5a77a115bdc507e0d73d3

SHA1
c2af478cfab8dc3c9e6fdd8dfec5606220441b46

SHA256
8c669ecc3020b1c1eb0907deb0a675cec20a7e7363c5d967a096a4c80536dc94

SHA512
0507f8e07f097409df558ecd3a792c5fd99c8db656a4334c7b7b0415cc2a194c8f492b55fde69867b97948053d7d9d191910b29574aa812616d41bf6268d0e9c

Download Submit
C:\Windows\system\zaBMGkh.exe

Filesize
6.0MB

MD5
1cacef3aa0617ca759d1138669a5c406

SHA1
657393fbb9a9a435996986a0486be19959f730a7

SHA256
7c94670920e743bf45e5d15a6e2c7d54d74dfbddbbc335ce4f4d7e4282c60ed6

SHA512
6e33090c00d729e046e227b0f2c7747267598b5cee27f0d6f6f64f72e20b7b97140ebb79c67ad68b2c0db2f2da69bf95e2dc5020987015ee8a12f78d1186196f

Download Submit
\Windows\system\DLmsFez.exe

Filesize
6.0MB

MD5
d21cc4241cb0f5746255749c236b84b0

SHA1
d9ce96de61e341d2f1784273111022c49a5ad658

SHA256
bd7d622d09883da56c6f93ea3f3f7baf2f0531c712b5b4ebb0580a830a98c563

SHA512
5d0fb867bd5061a9316c41ea2987c698255a5be684df38adc9e31d2586d18c7f83d762feba763dbbba68f8b825fba8ab2b6b618f2e11e3ba2321e9079dc907a0

Download Submit
\Windows\system\DQTMmxl.exe

Filesize
6.0MB

MD5
0b0f505d1a9a3c965334473603945f11

SHA1
b0d726f90ac6672c7943e929e9032808d8f22292

SHA256
8325cb6b7ff11c7ab45c69886169025aa957b7222919379712720ed1d40036f8

SHA512
06dd7077eb2b71c8c7e93eb1c347c384193d9242c4b4fd138529a3de8436246e81ba2a5ebcbf2d06df916a856528f8eb57573d7df4f33a017f021d9c4994571d

Download Submit
\Windows\system\GWqXfzN.exe

Filesize
6.0MB

MD5
87670af107a0c8af9fd2fa42b85822e0

SHA1
6a3f0b9005c0fa8190c421798bf823b74d007dff

SHA256
9fe2725b96422d6e76ed4355adc4ef306788a4e7ad24947daf82abf92a4d0aec

SHA512
8687e8921e81fb87e905e6731666cd9a7bbafab63d72a4a1b19d199482fd0410c0d82b24717f94b0fc08b346e78437f89e7ef8c16b1c12db0cef25f580860a11

Download Submit
\Windows\system\fHsZsxP.exe

Filesize
6.0MB

MD5
e9219d92e1878dd4c43faae8dd808f9c

SHA1
6552d5cecd954dd98fdcc9a41ed168f96bbe63bd

SHA256
974d82c4e13e7a037c507b8a77e588f87d47988955af591cbbe509eefd635a97

SHA512
e6d00cc21ef4cf7b3f626ada0977fc6a99c549579e90a26d717dbdb04e06ea148b4dff00f1416a41f38e4eb2704f32fbe8ce61f4b4e157038e90971195838204

Download Submit
\Windows\system\rnePgNW.exe

Filesize
6.0MB

MD5
c636eb3b7116d4fe18287dce23f3f74f

SHA1
1060e2d269d59249004780cc7f7197a46cbe2ce2

SHA256
8c8a64abe70158fc43a6e9e6f2fa5498f7dce50cad6f084cc1d4fc65bb0521e7

SHA512
1a087122bc2a2c0f6df381638585037d24b4019400e8228ef08d93f456fcea14751e05b5ef55b25b422015451a1641e87318a10996a5aa1af0e049da49359e9c

Download Submit
memory/1812-134-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1812-3925-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2184-130-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2184-3923-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2372-122-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2372-3933-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2392-3934-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2392-194-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2444-222-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3927-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2484-468-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2484-3924-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2508-3932-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2508-132-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2628-466-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-3930-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-467-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1414-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2676-267-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-246-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2676-229-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2676-277-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2676-465-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-185-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2676-469-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2676-262-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1281-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-0-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1410-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1411-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2676-131-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2676-463-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2676-133-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1412-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1413-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1566-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2676-12-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1415-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2676-1417-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1416-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-283-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3936-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3935-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2736-238-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2764-464-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3922-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3931-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2792-264-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3920-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2808-257-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2912-270-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-3926-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download