cobaltstrike | 2b0f811ede632442586661c8b12aaf81bc2a83705dd23a4c18df90c2c05fd631

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-12-2024 07:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

42b07f20ff51d964e449c40c75e6e2a6
SHA1

a9e6cb7900f34727df99148f2ab4d05a830824ec
SHA256

2b0f811ede632442586661c8b12aaf81bc2a83705dd23a4c18df90c2c05fd631
SHA512

8f0c52cfba9597d5741d51807221c95a684680919832822169495c8360e35bea0f0b31e82854a3366cf96350c32d996c5674db9e65e28a847785757d4dbd818a
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUe:eOl56utgpPF8u/7e

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012119-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015685-8.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000156a6-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cbd-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ceb-33.dat	cobalt_reflective_dll
behavioral1/files/0x003200000001566d-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d03-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cf8-47.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001612f-64.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016307-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d96-180.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eca-185.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd7-184.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dbe-183.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d25-171.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cd1-169.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016aa9-157.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001662e-154.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9a-151.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3e-134.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000164c8-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ea4-174.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c84-116.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c62-109.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c7b-106.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001658c-87.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd1-160.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d46-141.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d36-131.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cfc-123.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016855-92.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d36-61.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2708-0-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/files/0x0007000000012119-6.dat	xmrig
behavioral1/files/0x0008000000015685-8.dat	xmrig
behavioral1/files/0x00080000000156a6-12.dat	xmrig
behavioral1/memory/2932-19-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2944-22-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015cbd-23.dat	xmrig
behavioral1/memory/2764-21-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0007000000015ceb-33.dat	xmrig
behavioral1/memory/2568-36-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x003200000001566d-39.dat	xmrig
behavioral1/memory/2244-50-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d03-52.dat	xmrig
behavioral1/memory/2708-49-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cf8-47.dat	xmrig
behavioral1/memory/1724-41-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2912-29-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x000700000001612f-64.dat	xmrig
behavioral1/files/0x0006000000016307-75.dat	xmrig
behavioral1/files/0x0006000000016d96-180.dat	xmrig
behavioral1/memory/1852-1120-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2272-916-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2708-915-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x0006000000016eca-185.dat	xmrig
behavioral1/files/0x0006000000016dd7-184.dat	xmrig
behavioral1/files/0x0006000000016dbe-183.dat	xmrig
behavioral1/files/0x0006000000016d25-171.dat	xmrig
behavioral1/files/0x0006000000016cd1-169.dat	xmrig
behavioral1/files/0x0006000000016aa9-157.dat	xmrig
behavioral1/files/0x000600000001662e-154.dat	xmrig
behavioral1/files/0x0006000000016d9a-151.dat	xmrig
behavioral1/files/0x0006000000016d3e-134.dat	xmrig
behavioral1/files/0x00060000000164c8-126.dat	xmrig
behavioral1/files/0x0006000000016ea4-174.dat	xmrig
behavioral1/files/0x0006000000016c84-116.dat	xmrig
behavioral1/memory/1292-110-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c62-109.dat	xmrig
behavioral1/files/0x0006000000016c7b-106.dat	xmrig
behavioral1/memory/1852-98-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x000600000001658c-87.dat	xmrig
behavioral1/files/0x0006000000016dd1-160.dat	xmrig
behavioral1/memory/2708-79-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2272-74-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2708-66-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d46-141.dat	xmrig
behavioral1/files/0x0006000000016d36-131.dat	xmrig
behavioral1/memory/1492-65-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016cfc-123.dat	xmrig
behavioral1/files/0x0006000000016855-92.dat	xmrig
behavioral1/memory/1724-91-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2452-90-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/588-57-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d36-61.dat	xmrig
behavioral1/memory/2932-3903-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2568-3904-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2912-3912-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/1292-3914-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/588-3915-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/1492-3918-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/1852-3917-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2452-3916-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2272-3959-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/1724-3911-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2764-3907-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2944	fhwxpri.exe
2932	VtmpFyv.exe
2764	JGIkFZq.exe
2912	hTsoHJa.exe
2568	aArtMde.exe
1724	NtBsjrG.exe
2244	TRHLmob.exe
588	mPzGCVk.exe
1492	YTZKRYs.exe
2272	DhYqjxO.exe
2452	narFQLl.exe
1852	BRKteuu.exe
1292	YZJjWid.exe
1792	nCLQIFN.exe
2616	TQkimfK.exe
2988	rckcavd.exe
2460	pccnfxJ.exe
2332	QvODbyY.exe
2960	dGvjefC.exe
1004	jXncCOo.exe
1944	sQXYENf.exe
1660	EjzkZjy.exe
2108	ISMTXcH.exe
2852	XeFczvm.exe
2644	NLqUICO.exe
1132	acbKXSV.exe
1772	gEMoEdu.exe
1800	BtxbAjt.exe
3060	vrjAqhF.exe
888	HNQpCFA.exe
2412	ASBspUT.exe
840	oDNqlPK.exe
2192	VtrblbS.exe
1288	PrybzBG.exe
1820	HOoHXwS.exe
1600	qprLjPS.exe
236	BQEVEMG.exe
1356	DYYTIRN.exe
492	IjwJIUt.exe
1728	vrDQsxV.exe
1068	dDmCrIe.exe
1328	ZiqRWAN.exe
652	riGgfWE.exe
2376	zMgnCXf.exe
2140	rVRnzvP.exe
584	hcqiojz.exe
3032	sYWbawM.exe
2304	qLOsOZt.exe
1084	dSHxtdd.exe
2368	mYtcAfE.exe
1736	jOdJjXu.exe
2980	GWmArFj.exe
2472	nlwcdsb.exe
2776	bfdNtdI.exe
1692	lDkXDxe.exe
2312	MevTQoy.exe
2804	HZooJvR.exe
2628	RQYHZUV.exe
2848	HpFbRdM.exe
2724	ntzsvbg.exe
1656	oOIpaMN.exe
576	dNJmMVI.exe
2208	ZbFNHXa.exe
2468	IXzJdty.exe

Loads dropped DLL 64 IoCs

pid	Process
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2708-0-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x0007000000012119-6.dat	upx
behavioral1/files/0x0008000000015685-8.dat	upx
behavioral1/files/0x00080000000156a6-12.dat	upx
behavioral1/memory/2932-19-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2944-22-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x0008000000015cbd-23.dat	upx
behavioral1/memory/2764-21-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x0007000000015ceb-33.dat	upx
behavioral1/memory/2568-36-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x003200000001566d-39.dat	upx
behavioral1/memory/2244-50-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x0007000000015d03-52.dat	upx
behavioral1/memory/2708-49-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x0007000000015cf8-47.dat	upx
behavioral1/memory/1724-41-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2912-29-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x000700000001612f-64.dat	upx
behavioral1/files/0x0006000000016307-75.dat	upx
behavioral1/files/0x0006000000016d96-180.dat	upx
behavioral1/memory/1852-1120-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2272-916-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/files/0x0006000000016eca-185.dat	upx
behavioral1/files/0x0006000000016dd7-184.dat	upx
behavioral1/files/0x0006000000016dbe-183.dat	upx
behavioral1/files/0x0006000000016d25-171.dat	upx
behavioral1/files/0x0006000000016cd1-169.dat	upx
behavioral1/files/0x0006000000016aa9-157.dat	upx
behavioral1/files/0x000600000001662e-154.dat	upx
behavioral1/files/0x0006000000016d9a-151.dat	upx
behavioral1/files/0x0006000000016d3e-134.dat	upx
behavioral1/files/0x00060000000164c8-126.dat	upx
behavioral1/files/0x0006000000016ea4-174.dat	upx
behavioral1/files/0x0006000000016c84-116.dat	upx
behavioral1/memory/1292-110-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x0006000000016c62-109.dat	upx
behavioral1/files/0x0006000000016c7b-106.dat	upx
behavioral1/memory/1852-98-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x000600000001658c-87.dat	upx
behavioral1/files/0x0006000000016dd1-160.dat	upx
behavioral1/memory/2272-74-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/files/0x0006000000016d46-141.dat	upx
behavioral1/files/0x0006000000016d36-131.dat	upx
behavioral1/memory/1492-65-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x0006000000016cfc-123.dat	upx
behavioral1/files/0x0006000000016855-92.dat	upx
behavioral1/memory/1724-91-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2452-90-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/588-57-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x0008000000015d36-61.dat	upx
behavioral1/memory/2932-3903-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2568-3904-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2912-3912-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/1292-3914-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/588-3915-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/1492-3918-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/1852-3917-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2452-3916-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2272-3959-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/1724-3911-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2764-3907-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2944-3906-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2244-3905-0x000000013F640000-0x000000013F994000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VlSPcUs.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\neusrJL.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\meDdZOX.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VmPiWKz.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lIruJPf.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PesqRKO.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XfIXwEL.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dvGcchv.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpMmZFj.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fUdrNYC.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GEmLJIh.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pMNNqHR.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvjJWGr.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SWWDudP.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMcaGzD.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMcBcVj.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ToJBWzk.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GiwiRFf.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yoBtQfS.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fcTbKqG.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjYeKVv.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rxlfKFI.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNUWual.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZenQVw.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BQASaXw.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfQpglf.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Idccyod.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gEMoEdu.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RXVfPrV.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lKDGsbI.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDenWUg.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxUWqkh.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pagDHKP.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WpHeUiM.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQtqomN.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nfMBbYj.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FRhCEUO.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDwBcxX.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRcYJGM.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CxfYAiM.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ktMhUPO.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vgXWRBn.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HbqBGsi.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wPdEhBA.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oBsuYsI.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QasgnZa.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QDJiHku.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uStQugw.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Lraegsx.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\faYoCqK.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zmYpksx.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OAjZSPj.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dDmCrIe.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CtfbQfp.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jipIJyC.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hAPeyGa.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yjLNnYv.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ossGwrK.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dTvEnyC.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LdXVauf.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HHrImNc.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbEvCPd.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYtnLAG.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DoJaHOs.exe	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 2944	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2708 wrote to memory of 2944	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2708 wrote to memory of 2944	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2708 wrote to memory of 2932	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2708 wrote to memory of 2932	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2708 wrote to memory of 2932	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2708 wrote to memory of 2764	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2708 wrote to memory of 2764	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2708 wrote to memory of 2764	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2708 wrote to memory of 2912	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2708 wrote to memory of 2912	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2708 wrote to memory of 2912	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2708 wrote to memory of 2568	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2708 wrote to memory of 2568	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2708 wrote to memory of 2568	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2708 wrote to memory of 1724	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2708 wrote to memory of 1724	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2708 wrote to memory of 1724	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2708 wrote to memory of 2244	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2708 wrote to memory of 2244	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2708 wrote to memory of 2244	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2708 wrote to memory of 588	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2708 wrote to memory of 588	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2708 wrote to memory of 588	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2708 wrote to memory of 1492	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2708 wrote to memory of 1492	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2708 wrote to memory of 1492	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2708 wrote to memory of 2272	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2708 wrote to memory of 2272	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2708 wrote to memory of 2272	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2708 wrote to memory of 2452	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2708 wrote to memory of 2452	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2708 wrote to memory of 2452	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2708 wrote to memory of 2460	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2708 wrote to memory of 2460	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2708 wrote to memory of 2460	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2708 wrote to memory of 1852	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2708 wrote to memory of 1852	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2708 wrote to memory of 1852	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2708 wrote to memory of 1944	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2708 wrote to memory of 1944	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2708 wrote to memory of 1944	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2708 wrote to memory of 1292	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2708 wrote to memory of 1292	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2708 wrote to memory of 1292	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2708 wrote to memory of 1660	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2708 wrote to memory of 1660	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2708 wrote to memory of 1660	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2708 wrote to memory of 1792	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2708 wrote to memory of 1792	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2708 wrote to memory of 1792	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2708 wrote to memory of 2852	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2708 wrote to memory of 2852	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2708 wrote to memory of 2852	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2708 wrote to memory of 2616	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2708 wrote to memory of 2616	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2708 wrote to memory of 2616	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2708 wrote to memory of 2644	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2708 wrote to memory of 2644	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2708 wrote to memory of 2644	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2708 wrote to memory of 2988	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2708 wrote to memory of 2988	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2708 wrote to memory of 2988	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2708 wrote to memory of 1132	2708	2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-30_42b07f20ff51d964e449c40c75e6e2a6_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Windows\System\fhwxpri.exe
  C:\Windows\System\fhwxpri.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\VtmpFyv.exe
  C:\Windows\System\VtmpFyv.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\JGIkFZq.exe
  C:\Windows\System\JGIkFZq.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\hTsoHJa.exe
  C:\Windows\System\hTsoHJa.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\aArtMde.exe
  C:\Windows\System\aArtMde.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\NtBsjrG.exe
  C:\Windows\System\NtBsjrG.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\TRHLmob.exe
  C:\Windows\System\TRHLmob.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\mPzGCVk.exe
  C:\Windows\System\mPzGCVk.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\YTZKRYs.exe
  C:\Windows\System\YTZKRYs.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\DhYqjxO.exe
  C:\Windows\System\DhYqjxO.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\narFQLl.exe
  C:\Windows\System\narFQLl.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\pccnfxJ.exe
  C:\Windows\System\pccnfxJ.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\BRKteuu.exe
  C:\Windows\System\BRKteuu.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\sQXYENf.exe
  C:\Windows\System\sQXYENf.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\YZJjWid.exe
  C:\Windows\System\YZJjWid.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\EjzkZjy.exe
  C:\Windows\System\EjzkZjy.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\nCLQIFN.exe
  C:\Windows\System\nCLQIFN.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\XeFczvm.exe
  C:\Windows\System\XeFczvm.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\TQkimfK.exe
  C:\Windows\System\TQkimfK.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\NLqUICO.exe
  C:\Windows\System\NLqUICO.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\rckcavd.exe
  C:\Windows\System\rckcavd.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\acbKXSV.exe
  C:\Windows\System\acbKXSV.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\QvODbyY.exe
  C:\Windows\System\QvODbyY.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\BtxbAjt.exe
  C:\Windows\System\BtxbAjt.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\dGvjefC.exe
  C:\Windows\System\dGvjefC.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\vrjAqhF.exe
  C:\Windows\System\vrjAqhF.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\jXncCOo.exe
  C:\Windows\System\jXncCOo.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\HNQpCFA.exe
  C:\Windows\System\HNQpCFA.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\ISMTXcH.exe
  C:\Windows\System\ISMTXcH.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\ASBspUT.exe
  C:\Windows\System\ASBspUT.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\gEMoEdu.exe
  C:\Windows\System\gEMoEdu.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\oDNqlPK.exe
  C:\Windows\System\oDNqlPK.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\VtrblbS.exe
  C:\Windows\System\VtrblbS.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\PrybzBG.exe
  C:\Windows\System\PrybzBG.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\HOoHXwS.exe
  C:\Windows\System\HOoHXwS.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\qprLjPS.exe
  C:\Windows\System\qprLjPS.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\BQEVEMG.exe
  C:\Windows\System\BQEVEMG.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\DYYTIRN.exe
  C:\Windows\System\DYYTIRN.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\IjwJIUt.exe
  C:\Windows\System\IjwJIUt.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\vrDQsxV.exe
  C:\Windows\System\vrDQsxV.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\dDmCrIe.exe
  C:\Windows\System\dDmCrIe.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\riGgfWE.exe
  C:\Windows\System\riGgfWE.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\ZiqRWAN.exe
  C:\Windows\System\ZiqRWAN.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\rVRnzvP.exe
  C:\Windows\System\rVRnzvP.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\zMgnCXf.exe
  C:\Windows\System\zMgnCXf.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\sYWbawM.exe
  C:\Windows\System\sYWbawM.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\hcqiojz.exe
  C:\Windows\System\hcqiojz.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\qLOsOZt.exe
  C:\Windows\System\qLOsOZt.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\dSHxtdd.exe
  C:\Windows\System\dSHxtdd.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\mYtcAfE.exe
  C:\Windows\System\mYtcAfE.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\jOdJjXu.exe
  C:\Windows\System\jOdJjXu.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\GWmArFj.exe
  C:\Windows\System\GWmArFj.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\nlwcdsb.exe
  C:\Windows\System\nlwcdsb.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\bfdNtdI.exe
  C:\Windows\System\bfdNtdI.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\lDkXDxe.exe
  C:\Windows\System\lDkXDxe.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\HZooJvR.exe
  C:\Windows\System\HZooJvR.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\MevTQoy.exe
  C:\Windows\System\MevTQoy.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\ntzsvbg.exe
  C:\Windows\System\ntzsvbg.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\RQYHZUV.exe
  C:\Windows\System\RQYHZUV.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\oOIpaMN.exe
  C:\Windows\System\oOIpaMN.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\HpFbRdM.exe
  C:\Windows\System\HpFbRdM.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\dNJmMVI.exe
  C:\Windows\System\dNJmMVI.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\ZbFNHXa.exe
  C:\Windows\System\ZbFNHXa.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\HtLWUfT.exe
  C:\Windows\System\HtLWUfT.exe
  2⤵
  PID:1904
- C:\Windows\System\IXzJdty.exe
  C:\Windows\System\IXzJdty.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\tquGKfL.exe
  C:\Windows\System\tquGKfL.exe
  2⤵
  PID:1028
- C:\Windows\System\IMlkiRl.exe
  C:\Windows\System\IMlkiRl.exe
  2⤵
  PID:1912
- C:\Windows\System\nDEPHPb.exe
  C:\Windows\System\nDEPHPb.exe
  2⤵
  PID:480
- C:\Windows\System\TUgSiIK.exe
  C:\Windows\System\TUgSiIK.exe
  2⤵
  PID:2340
- C:\Windows\System\OxnHVBU.exe
  C:\Windows\System\OxnHVBU.exe
  2⤵
  PID:672
- C:\Windows\System\QQeKdNK.exe
  C:\Windows\System\QQeKdNK.exe
  2⤵
  PID:1808
- C:\Windows\System\ZvgJHEO.exe
  C:\Windows\System\ZvgJHEO.exe
  2⤵
  PID:1016
- C:\Windows\System\bFVkpac.exe
  C:\Windows\System\bFVkpac.exe
  2⤵
  PID:868
- C:\Windows\System\DuZyyKS.exe
  C:\Windows\System\DuZyyKS.exe
  2⤵
  PID:1032
- C:\Windows\System\GiwiRFf.exe
  C:\Windows\System\GiwiRFf.exe
  2⤵
  PID:2296
- C:\Windows\System\xZstShp.exe
  C:\Windows\System\xZstShp.exe
  2⤵
  PID:1136
- C:\Windows\System\sxNpYSD.exe
  C:\Windows\System\sxNpYSD.exe
  2⤵
  PID:1860
- C:\Windows\System\ObQckZl.exe
  C:\Windows\System\ObQckZl.exe
  2⤵
  PID:676
- C:\Windows\System\Jurevsi.exe
  C:\Windows\System\Jurevsi.exe
  2⤵
  PID:1928
- C:\Windows\System\BaOfNaW.exe
  C:\Windows\System\BaOfNaW.exe
  2⤵
  PID:1580
- C:\Windows\System\ClBpRJK.exe
  C:\Windows\System\ClBpRJK.exe
  2⤵
  PID:2484
- C:\Windows\System\zBnLwHS.exe
  C:\Windows\System\zBnLwHS.exe
  2⤵
  PID:2976
- C:\Windows\System\JLoqwkK.exe
  C:\Windows\System\JLoqwkK.exe
  2⤵
  PID:2996
- C:\Windows\System\bDeuvMV.exe
  C:\Windows\System\bDeuvMV.exe
  2⤵
  PID:956
- C:\Windows\System\HddqDzn.exe
  C:\Windows\System\HddqDzn.exe
  2⤵
  PID:2512
- C:\Windows\System\wifuxeB.exe
  C:\Windows\System\wifuxeB.exe
  2⤵
  PID:704
- C:\Windows\System\URUMcGs.exe
  C:\Windows\System\URUMcGs.exe
  2⤵
  PID:1560
- C:\Windows\System\EXnUYAf.exe
  C:\Windows\System\EXnUYAf.exe
  2⤵
  PID:1936
- C:\Windows\System\LuHSUIN.exe
  C:\Windows\System\LuHSUIN.exe
  2⤵
  PID:2788
- C:\Windows\System\pzBvtiN.exe
  C:\Windows\System\pzBvtiN.exe
  2⤵
  PID:2428
- C:\Windows\System\APZgola.exe
  C:\Windows\System\APZgola.exe
  2⤵
  PID:2464
- C:\Windows\System\zZHFmIv.exe
  C:\Windows\System\zZHFmIv.exe
  2⤵
  PID:2780
- C:\Windows\System\swQGIio.exe
  C:\Windows\System\swQGIio.exe
  2⤵
  PID:1900
- C:\Windows\System\mwOyLPH.exe
  C:\Windows\System\mwOyLPH.exe
  2⤵
  PID:2664
- C:\Windows\System\oXIvKWj.exe
  C:\Windows\System\oXIvKWj.exe
  2⤵
  PID:2600
- C:\Windows\System\RQfKHfE.exe
  C:\Windows\System\RQfKHfE.exe
  2⤵
  PID:1752
- C:\Windows\System\nplTdjO.exe
  C:\Windows\System\nplTdjO.exe
  2⤵
  PID:2948
- C:\Windows\System\WDGpUGr.exe
  C:\Windows\System\WDGpUGr.exe
  2⤵
  PID:2112
- C:\Windows\System\KUZlHFR.exe
  C:\Windows\System\KUZlHFR.exe
  2⤵
  PID:1408
- C:\Windows\System\BbpuycL.exe
  C:\Windows\System\BbpuycL.exe
  2⤵
  PID:1612
- C:\Windows\System\vBudRtI.exe
  C:\Windows\System\vBudRtI.exe
  2⤵
  PID:276
- C:\Windows\System\lfkfxeM.exe
  C:\Windows\System\lfkfxeM.exe
  2⤵
  PID:2040
- C:\Windows\System\xeniwqy.exe
  C:\Windows\System\xeniwqy.exe
  2⤵
  PID:2420
- C:\Windows\System\pCXZhbA.exe
  C:\Windows\System\pCXZhbA.exe
  2⤵
  PID:3056
- C:\Windows\System\cYWecWo.exe
  C:\Windows\System\cYWecWo.exe
  2⤵
  PID:1864
- C:\Windows\System\YUgfIJj.exe
  C:\Windows\System\YUgfIJj.exe
  2⤵
  PID:2380
- C:\Windows\System\iDMyNUZ.exe
  C:\Windows\System\iDMyNUZ.exe
  2⤵
  PID:2416
- C:\Windows\System\nGeKLXy.exe
  C:\Windows\System\nGeKLXy.exe
  2⤵
  PID:2544
- C:\Windows\System\ZAiBozW.exe
  C:\Windows\System\ZAiBozW.exe
  2⤵
  PID:2648
- C:\Windows\System\qDNRnVz.exe
  C:\Windows\System\qDNRnVz.exe
  2⤵
  PID:2524
- C:\Windows\System\dvGcchv.exe
  C:\Windows\System\dvGcchv.exe
  2⤵
  PID:880
- C:\Windows\System\QLWSXKz.exe
  C:\Windows\System\QLWSXKz.exe
  2⤵
  PID:2572
- C:\Windows\System\lTnntAF.exe
  C:\Windows\System\lTnntAF.exe
  2⤵
  PID:2820
- C:\Windows\System\SGewgDw.exe
  C:\Windows\System\SGewgDw.exe
  2⤵
  PID:2712
- C:\Windows\System\FwEiBxe.exe
  C:\Windows\System\FwEiBxe.exe
  2⤵
  PID:2200
- C:\Windows\System\qsxGYHm.exe
  C:\Windows\System\qsxGYHm.exe
  2⤵
  PID:3084
- C:\Windows\System\oPaVDCL.exe
  C:\Windows\System\oPaVDCL.exe
  2⤵
  PID:3100
- C:\Windows\System\YMcaGzD.exe
  C:\Windows\System\YMcaGzD.exe
  2⤵
  PID:3120
- C:\Windows\System\NlqftmQ.exe
  C:\Windows\System\NlqftmQ.exe
  2⤵
  PID:3136
- C:\Windows\System\KWtmJUn.exe
  C:\Windows\System\KWtmJUn.exe
  2⤵
  PID:3156
- C:\Windows\System\qSTpHtW.exe
  C:\Windows\System\qSTpHtW.exe
  2⤵
  PID:3172
- C:\Windows\System\RuSuYiH.exe
  C:\Windows\System\RuSuYiH.exe
  2⤵
  PID:3192
- C:\Windows\System\DYfOtkZ.exe
  C:\Windows\System\DYfOtkZ.exe
  2⤵
  PID:3208
- C:\Windows\System\zuUeUfl.exe
  C:\Windows\System\zuUeUfl.exe
  2⤵
  PID:3228
- C:\Windows\System\SrAPfzl.exe
  C:\Windows\System\SrAPfzl.exe
  2⤵
  PID:3244
- C:\Windows\System\OrneDKB.exe
  C:\Windows\System\OrneDKB.exe
  2⤵
  PID:3260
- C:\Windows\System\nkUZsvY.exe
  C:\Windows\System\nkUZsvY.exe
  2⤵
  PID:3284
- C:\Windows\System\lffZvRT.exe
  C:\Windows\System\lffZvRT.exe
  2⤵
  PID:3304
- C:\Windows\System\MoQOgkF.exe
  C:\Windows\System\MoQOgkF.exe
  2⤵
  PID:3348
- C:\Windows\System\zVKNIAB.exe
  C:\Windows\System\zVKNIAB.exe
  2⤵
  PID:3364
- C:\Windows\System\jJZSDqE.exe
  C:\Windows\System\jJZSDqE.exe
  2⤵
  PID:3380
- C:\Windows\System\tjkKhDv.exe
  C:\Windows\System\tjkKhDv.exe
  2⤵
  PID:3404
- C:\Windows\System\SCXVlTH.exe
  C:\Windows\System\SCXVlTH.exe
  2⤵
  PID:3424
- C:\Windows\System\qxaDIMP.exe
  C:\Windows\System\qxaDIMP.exe
  2⤵
  PID:3448
- C:\Windows\System\qzdCCzM.exe
  C:\Windows\System\qzdCCzM.exe
  2⤵
  PID:3464
- C:\Windows\System\XkXPALK.exe
  C:\Windows\System\XkXPALK.exe
  2⤵
  PID:3484
- C:\Windows\System\ziuGohg.exe
  C:\Windows\System\ziuGohg.exe
  2⤵
  PID:3504
- C:\Windows\System\pwgRlnf.exe
  C:\Windows\System\pwgRlnf.exe
  2⤵
  PID:3524
- C:\Windows\System\IMvparx.exe
  C:\Windows\System\IMvparx.exe
  2⤵
  PID:3544
- C:\Windows\System\VypffmB.exe
  C:\Windows\System\VypffmB.exe
  2⤵
  PID:3560
- C:\Windows\System\ObIpOZW.exe
  C:\Windows\System\ObIpOZW.exe
  2⤵
  PID:3576
- C:\Windows\System\EOwwOvW.exe
  C:\Windows\System\EOwwOvW.exe
  2⤵
  PID:3604
- C:\Windows\System\DjdRuUa.exe
  C:\Windows\System\DjdRuUa.exe
  2⤵
  PID:3620
- C:\Windows\System\kqHcJof.exe
  C:\Windows\System\kqHcJof.exe
  2⤵
  PID:3636
- C:\Windows\System\whwXMqi.exe
  C:\Windows\System\whwXMqi.exe
  2⤵
  PID:3652
- C:\Windows\System\Wyjkpzv.exe
  C:\Windows\System\Wyjkpzv.exe
  2⤵
  PID:3672
- C:\Windows\System\GQGYBBf.exe
  C:\Windows\System\GQGYBBf.exe
  2⤵
  PID:3692
- C:\Windows\System\tPjEzFI.exe
  C:\Windows\System\tPjEzFI.exe
  2⤵
  PID:3712
- C:\Windows\System\CoAKrgn.exe
  C:\Windows\System\CoAKrgn.exe
  2⤵
  PID:3732
- C:\Windows\System\bkdvtYg.exe
  C:\Windows\System\bkdvtYg.exe
  2⤵
  PID:3756
- C:\Windows\System\cvvCbkE.exe
  C:\Windows\System\cvvCbkE.exe
  2⤵
  PID:3776
- C:\Windows\System\GTfUcSO.exe
  C:\Windows\System\GTfUcSO.exe
  2⤵
  PID:3792
- C:\Windows\System\tSYDAXa.exe
  C:\Windows\System\tSYDAXa.exe
  2⤵
  PID:3808
- C:\Windows\System\BFuwQnG.exe
  C:\Windows\System\BFuwQnG.exe
  2⤵
  PID:3824
- C:\Windows\System\DYHeJrg.exe
  C:\Windows\System\DYHeJrg.exe
  2⤵
  PID:3840
- C:\Windows\System\WBXhVtw.exe
  C:\Windows\System\WBXhVtw.exe
  2⤵
  PID:3856
- C:\Windows\System\WtjDuUr.exe
  C:\Windows\System\WtjDuUr.exe
  2⤵
  PID:3872
- C:\Windows\System\TOEVzRa.exe
  C:\Windows\System\TOEVzRa.exe
  2⤵
  PID:3888
- C:\Windows\System\MatXqJk.exe
  C:\Windows\System\MatXqJk.exe
  2⤵
  PID:3912
- C:\Windows\System\buhLtbT.exe
  C:\Windows\System\buhLtbT.exe
  2⤵
  PID:3936
- C:\Windows\System\OAQcKld.exe
  C:\Windows\System\OAQcKld.exe
  2⤵
  PID:3952
- C:\Windows\System\QchiOnR.exe
  C:\Windows\System\QchiOnR.exe
  2⤵
  PID:3972
- C:\Windows\System\TTMZsBO.exe
  C:\Windows\System\TTMZsBO.exe
  2⤵
  PID:3996
- C:\Windows\System\awxmLfT.exe
  C:\Windows\System\awxmLfT.exe
  2⤵
  PID:4012
- C:\Windows\System\HHrImNc.exe
  C:\Windows\System\HHrImNc.exe
  2⤵
  PID:4072
- C:\Windows\System\YhuPToN.exe
  C:\Windows\System\YhuPToN.exe
  2⤵
  PID:4088
- C:\Windows\System\SNzwLpR.exe
  C:\Windows\System\SNzwLpR.exe
  2⤵
  PID:2760
- C:\Windows\System\qGaIqOE.exe
  C:\Windows\System\qGaIqOE.exe
  2⤵
  PID:2448
- C:\Windows\System\bZtyUuI.exe
  C:\Windows\System\bZtyUuI.exe
  2⤵
  PID:920
- C:\Windows\System\vTdFlUK.exe
  C:\Windows\System\vTdFlUK.exe
  2⤵
  PID:1672
- C:\Windows\System\xxFFRQD.exe
  C:\Windows\System\xxFFRQD.exe
  2⤵
  PID:1344
- C:\Windows\System\YuMnmJX.exe
  C:\Windows\System\YuMnmJX.exe
  2⤵
  PID:3024
- C:\Windows\System\mIMJjCV.exe
  C:\Windows\System\mIMJjCV.exe
  2⤵
  PID:2928
- C:\Windows\System\MKYgisa.exe
  C:\Windows\System\MKYgisa.exe
  2⤵
  PID:1696
- C:\Windows\System\dZPwSQL.exe
  C:\Windows\System\dZPwSQL.exe
  2⤵
  PID:2528
- C:\Windows\System\cYZjhua.exe
  C:\Windows\System\cYZjhua.exe
  2⤵
  PID:1780
- C:\Windows\System\ikgdroh.exe
  C:\Windows\System\ikgdroh.exe
  2⤵
  PID:2592
- C:\Windows\System\YSVWRyC.exe
  C:\Windows\System\YSVWRyC.exe
  2⤵
  PID:2796
- C:\Windows\System\lvKBeqo.exe
  C:\Windows\System\lvKBeqo.exe
  2⤵
  PID:3152
- C:\Windows\System\uphgQCZ.exe
  C:\Windows\System\uphgQCZ.exe
  2⤵
  PID:3216
- C:\Windows\System\IjHYykJ.exe
  C:\Windows\System\IjHYykJ.exe
  2⤵
  PID:3256
- C:\Windows\System\UbQHBcy.exe
  C:\Windows\System\UbQHBcy.exe
  2⤵
  PID:3356
- C:\Windows\System\hTFLdgd.exe
  C:\Windows\System\hTFLdgd.exe
  2⤵
  PID:3400
- C:\Windows\System\nthvZmT.exe
  C:\Windows\System\nthvZmT.exe
  2⤵
  PID:3444
- C:\Windows\System\IetDQIg.exe
  C:\Windows\System\IetDQIg.exe
  2⤵
  PID:3476
- C:\Windows\System\OFxDtdb.exe
  C:\Windows\System\OFxDtdb.exe
  2⤵
  PID:3552
- C:\Windows\System\MyewxoL.exe
  C:\Windows\System\MyewxoL.exe
  2⤵
  PID:3596
- C:\Windows\System\mtpRohE.exe
  C:\Windows\System\mtpRohE.exe
  2⤵
  PID:3632
- C:\Windows\System\DGLJABs.exe
  C:\Windows\System\DGLJABs.exe
  2⤵
  PID:3700
- C:\Windows\System\cxajoAW.exe
  C:\Windows\System\cxajoAW.exe
  2⤵
  PID:3752
- C:\Windows\System\VQvKPso.exe
  C:\Windows\System\VQvKPso.exe
  2⤵
  PID:3268
- C:\Windows\System\wJxSnro.exe
  C:\Windows\System\wJxSnro.exe
  2⤵
  PID:3092
- C:\Windows\System\VlSPcUs.exe
  C:\Windows\System\VlSPcUs.exe
  2⤵
  PID:3168
- C:\Windows\System\gdIHmEM.exe
  C:\Windows\System\gdIHmEM.exe
  2⤵
  PID:3324
- C:\Windows\System\TmwYIWh.exe
  C:\Windows\System\TmwYIWh.exe
  2⤵
  PID:3340
- C:\Windows\System\nqOSNsu.exe
  C:\Windows\System\nqOSNsu.exe
  2⤵
  PID:3416
- C:\Windows\System\jJOXoVN.exe
  C:\Windows\System\jJOXoVN.exe
  2⤵
  PID:3532
- C:\Windows\System\LtXQytE.exe
  C:\Windows\System\LtXQytE.exe
  2⤵
  PID:3968
- C:\Windows\System\TCSGmDd.exe
  C:\Windows\System\TCSGmDd.exe
  2⤵
  PID:3612
- C:\Windows\System\GHScpNb.exe
  C:\Windows\System\GHScpNb.exe
  2⤵
  PID:3688
- C:\Windows\System\uahktRy.exe
  C:\Windows\System\uahktRy.exe
  2⤵
  PID:404
- C:\Windows\System\CtfbQfp.exe
  C:\Windows\System\CtfbQfp.exe
  2⤵
  PID:2680
- C:\Windows\System\gnSAEVh.exe
  C:\Windows\System\gnSAEVh.exe
  2⤵
  PID:1920
- C:\Windows\System\CnDhLBA.exe
  C:\Windows\System\CnDhLBA.exe
  2⤵
  PID:2280
- C:\Windows\System\BndvZAS.exe
  C:\Windows\System\BndvZAS.exe
  2⤵
  PID:2808
- C:\Windows\System\XcENDLn.exe
  C:\Windows\System\XcENDLn.exe
  2⤵
  PID:3988
- C:\Windows\System\NnJpAah.exe
  C:\Windows\System\NnJpAah.exe
  2⤵
  PID:3908
- C:\Windows\System\NRcYJGM.exe
  C:\Windows\System\NRcYJGM.exe
  2⤵
  PID:3832
- C:\Windows\System\zLYBVFR.exe
  C:\Windows\System\zLYBVFR.exe
  2⤵
  PID:3724
- C:\Windows\System\LJGDpmF.exe
  C:\Windows\System\LJGDpmF.exe
  2⤵
  PID:4028
- C:\Windows\System\FicJfmp.exe
  C:\Windows\System\FicJfmp.exe
  2⤵
  PID:4048
- C:\Windows\System\HapPmuO.exe
  C:\Windows\System\HapPmuO.exe
  2⤵
  PID:4064
- C:\Windows\System\ulrgkAb.exe
  C:\Windows\System\ulrgkAb.exe
  2⤵
  PID:3432
- C:\Windows\System\VyzlDTG.exe
  C:\Windows\System\VyzlDTG.exe
  2⤵
  PID:3516
- C:\Windows\System\QxPZcDb.exe
  C:\Windows\System\QxPZcDb.exe
  2⤵
  PID:3748
- C:\Windows\System\acLDgTC.exe
  C:\Windows\System\acLDgTC.exe
  2⤵
  PID:1320
- C:\Windows\System\klSvqnK.exe
  C:\Windows\System\klSvqnK.exe
  2⤵
  PID:2888
- C:\Windows\System\GdzQzvl.exe
  C:\Windows\System\GdzQzvl.exe
  2⤵
  PID:3280
- C:\Windows\System\tGLLHgU.exe
  C:\Windows\System\tGLLHgU.exe
  2⤵
  PID:3148
- C:\Windows\System\twJSrjd.exe
  C:\Windows\System\twJSrjd.exe
  2⤵
  PID:3316
- C:\Windows\System\aTdKHiK.exe
  C:\Windows\System\aTdKHiK.exe
  2⤵
  PID:3788
- C:\Windows\System\EYckJMM.exe
  C:\Windows\System\EYckJMM.exe
  2⤵
  PID:3332
- C:\Windows\System\kofcQlw.exe
  C:\Windows\System\kofcQlw.exe
  2⤵
  PID:3480
- C:\Windows\System\AplMjzb.exe
  C:\Windows\System\AplMjzb.exe
  2⤵
  PID:3224
- C:\Windows\System\wjYeKVv.exe
  C:\Windows\System\wjYeKVv.exe
  2⤵
  PID:3920
- C:\Windows\System\fXvFgXt.exe
  C:\Windows\System\fXvFgXt.exe
  2⤵
  PID:3932
- C:\Windows\System\ifLHpkf.exe
  C:\Windows\System\ifLHpkf.exe
  2⤵
  PID:3964
- C:\Windows\System\eNZuGTZ.exe
  C:\Windows\System\eNZuGTZ.exe
  2⤵
  PID:4008
- C:\Windows\System\ZvMNfBk.exe
  C:\Windows\System\ZvMNfBk.exe
  2⤵
  PID:3572
- C:\Windows\System\aeRIQTu.exe
  C:\Windows\System\aeRIQTu.exe
  2⤵
  PID:2772
- C:\Windows\System\wPNzzFE.exe
  C:\Windows\System\wPNzzFE.exe
  2⤵
  PID:1044
- C:\Windows\System\snNfTYO.exe
  C:\Windows\System\snNfTYO.exe
  2⤵
  PID:2860
- C:\Windows\System\HeQbOfl.exe
  C:\Windows\System\HeQbOfl.exe
  2⤵
  PID:3836
- C:\Windows\System\tkFCyGH.exe
  C:\Windows\System\tkFCyGH.exe
  2⤵
  PID:3684
- C:\Windows\System\aZVeIzx.exe
  C:\Windows\System\aZVeIzx.exe
  2⤵
  PID:4036
- C:\Windows\System\InDoqZn.exe
  C:\Windows\System\InDoqZn.exe
  2⤵
  PID:532
- C:\Windows\System\lbRNtIS.exe
  C:\Windows\System\lbRNtIS.exe
  2⤵
  PID:3296
- C:\Windows\System\zgtnccY.exe
  C:\Windows\System\zgtnccY.exe
  2⤵
  PID:2432
- C:\Windows\System\ljWAnAi.exe
  C:\Windows\System\ljWAnAi.exe
  2⤵
  PID:2060
- C:\Windows\System\irLmbeG.exe
  C:\Windows\System\irLmbeG.exe
  2⤵
  PID:884
- C:\Windows\System\CxfYAiM.exe
  C:\Windows\System\CxfYAiM.exe
  2⤵
  PID:3820
- C:\Windows\System\sXsDetM.exe
  C:\Windows\System\sXsDetM.exe
  2⤵
  PID:3236
- C:\Windows\System\PkcLIaW.exe
  C:\Windows\System\PkcLIaW.exe
  2⤵
  PID:3588
- C:\Windows\System\jipIJyC.exe
  C:\Windows\System\jipIJyC.exe
  2⤵
  PID:3420
- C:\Windows\System\FBXClOc.exe
  C:\Windows\System\FBXClOc.exe
  2⤵
  PID:3924
- C:\Windows\System\dbhlaSr.exe
  C:\Windows\System\dbhlaSr.exe
  2⤵
  PID:2632
- C:\Windows\System\WceEHBB.exe
  C:\Windows\System\WceEHBB.exe
  2⤵
  PID:2908
- C:\Windows\System\WhMfZmI.exe
  C:\Windows\System\WhMfZmI.exe
  2⤵
  PID:3980
- C:\Windows\System\ztDfTlq.exe
  C:\Windows\System\ztDfTlq.exe
  2⤵
  PID:3944
- C:\Windows\System\RKDeOXI.exe
  C:\Windows\System\RKDeOXI.exe
  2⤵
  PID:4056
- C:\Windows\System\CVUkkXh.exe
  C:\Windows\System\CVUkkXh.exe
  2⤵
  PID:4040
- C:\Windows\System\aATQCUz.exe
  C:\Windows\System\aATQCUz.exe
  2⤵
  PID:4120
- C:\Windows\System\HHdyOfo.exe
  C:\Windows\System\HHdyOfo.exe
  2⤵
  PID:4136
- C:\Windows\System\RmWQwIp.exe
  C:\Windows\System\RmWQwIp.exe
  2⤵
  PID:4160
- C:\Windows\System\bwTLsnk.exe
  C:\Windows\System\bwTLsnk.exe
  2⤵
  PID:4176
- C:\Windows\System\yyvKDNz.exe
  C:\Windows\System\yyvKDNz.exe
  2⤵
  PID:4196
- C:\Windows\System\NBwpHXh.exe
  C:\Windows\System\NBwpHXh.exe
  2⤵
  PID:4216
- C:\Windows\System\uzekYsc.exe
  C:\Windows\System\uzekYsc.exe
  2⤵
  PID:4240
- C:\Windows\System\pCCPlhr.exe
  C:\Windows\System\pCCPlhr.exe
  2⤵
  PID:4260
- C:\Windows\System\NxBuDrE.exe
  C:\Windows\System\NxBuDrE.exe
  2⤵
  PID:4280
- C:\Windows\System\yKoTSrx.exe
  C:\Windows\System\yKoTSrx.exe
  2⤵
  PID:4300
- C:\Windows\System\vcsxhrk.exe
  C:\Windows\System\vcsxhrk.exe
  2⤵
  PID:4316
- C:\Windows\System\osEnsUV.exe
  C:\Windows\System\osEnsUV.exe
  2⤵
  PID:4332
- C:\Windows\System\UfwgCrF.exe
  C:\Windows\System\UfwgCrF.exe
  2⤵
  PID:4352
- C:\Windows\System\NHtAXQE.exe
  C:\Windows\System\NHtAXQE.exe
  2⤵
  PID:4368
- C:\Windows\System\UDZfXMg.exe
  C:\Windows\System\UDZfXMg.exe
  2⤵
  PID:4384
- C:\Windows\System\ekkFueK.exe
  C:\Windows\System\ekkFueK.exe
  2⤵
  PID:4408
- C:\Windows\System\Obqpwiu.exe
  C:\Windows\System\Obqpwiu.exe
  2⤵
  PID:4424
- C:\Windows\System\DQqDoef.exe
  C:\Windows\System\DQqDoef.exe
  2⤵
  PID:4448
- C:\Windows\System\Vipbisq.exe
  C:\Windows\System\Vipbisq.exe
  2⤵
  PID:4468
- C:\Windows\System\gbmtYmc.exe
  C:\Windows\System\gbmtYmc.exe
  2⤵
  PID:4500
- C:\Windows\System\ctHaREj.exe
  C:\Windows\System\ctHaREj.exe
  2⤵
  PID:4516
- C:\Windows\System\JeZoIGw.exe
  C:\Windows\System\JeZoIGw.exe
  2⤵
  PID:4536
- C:\Windows\System\GpUFScc.exe
  C:\Windows\System\GpUFScc.exe
  2⤵
  PID:4556
- C:\Windows\System\iGBZBCU.exe
  C:\Windows\System\iGBZBCU.exe
  2⤵
  PID:4584
- C:\Windows\System\pthfqak.exe
  C:\Windows\System\pthfqak.exe
  2⤵
  PID:4604
- C:\Windows\System\xbBNtHc.exe
  C:\Windows\System\xbBNtHc.exe
  2⤵
  PID:4636
- C:\Windows\System\gnHMPUz.exe
  C:\Windows\System\gnHMPUz.exe
  2⤵
  PID:4656
- C:\Windows\System\FugozgR.exe
  C:\Windows\System\FugozgR.exe
  2⤵
  PID:4672
- C:\Windows\System\NvmQEUX.exe
  C:\Windows\System\NvmQEUX.exe
  2⤵
  PID:4696
- C:\Windows\System\mRNtrgV.exe
  C:\Windows\System\mRNtrgV.exe
  2⤵
  PID:4716
- C:\Windows\System\HqKPSDp.exe
  C:\Windows\System\HqKPSDp.exe
  2⤵
  PID:4732
- C:\Windows\System\kbvOFZm.exe
  C:\Windows\System\kbvOFZm.exe
  2⤵
  PID:4752
- C:\Windows\System\tbEvCPd.exe
  C:\Windows\System\tbEvCPd.exe
  2⤵
  PID:4768
- C:\Windows\System\BXONhAe.exe
  C:\Windows\System\BXONhAe.exe
  2⤵
  PID:4784
- C:\Windows\System\eVVIVJp.exe
  C:\Windows\System\eVVIVJp.exe
  2⤵
  PID:4804
- C:\Windows\System\IqCNgfj.exe
  C:\Windows\System\IqCNgfj.exe
  2⤵
  PID:4820
- C:\Windows\System\KrkDhTk.exe
  C:\Windows\System\KrkDhTk.exe
  2⤵
  PID:4836
- C:\Windows\System\rBSAPCA.exe
  C:\Windows\System\rBSAPCA.exe
  2⤵
  PID:4864
- C:\Windows\System\hAcrKqJ.exe
  C:\Windows\System\hAcrKqJ.exe
  2⤵
  PID:4888
- C:\Windows\System\gWxMywl.exe
  C:\Windows\System\gWxMywl.exe
  2⤵
  PID:4904
- C:\Windows\System\eerrftX.exe
  C:\Windows\System\eerrftX.exe
  2⤵
  PID:4936
- C:\Windows\System\lBHZbxC.exe
  C:\Windows\System\lBHZbxC.exe
  2⤵
  PID:4952
- C:\Windows\System\pHhSPwy.exe
  C:\Windows\System\pHhSPwy.exe
  2⤵
  PID:4976
- C:\Windows\System\xBfeGcm.exe
  C:\Windows\System\xBfeGcm.exe
  2⤵
  PID:4996
- C:\Windows\System\VPublRw.exe
  C:\Windows\System\VPublRw.exe
  2⤵
  PID:5012
- C:\Windows\System\mmUlJus.exe
  C:\Windows\System\mmUlJus.exe
  2⤵
  PID:5032
- C:\Windows\System\AbFCvst.exe
  C:\Windows\System\AbFCvst.exe
  2⤵
  PID:5048
- C:\Windows\System\gfdnYmE.exe
  C:\Windows\System\gfdnYmE.exe
  2⤵
  PID:5084
- C:\Windows\System\JjrxlqD.exe
  C:\Windows\System\JjrxlqD.exe
  2⤵
  PID:5104
- C:\Windows\System\pHunMTb.exe
  C:\Windows\System\pHunMTb.exe
  2⤵
  PID:908
- C:\Windows\System\pWrDgLR.exe
  C:\Windows\System\pWrDgLR.exe
  2⤵
  PID:2260
- C:\Windows\System\JNdMOKo.exe
  C:\Windows\System\JNdMOKo.exe
  2⤵
  PID:2124
- C:\Windows\System\aYscFtQ.exe
  C:\Windows\System\aYscFtQ.exe
  2⤵
  PID:3116
- C:\Windows\System\jdLrCVC.exe
  C:\Windows\System\jdLrCVC.exe
  2⤵
  PID:3960
- C:\Windows\System\OrCbzwM.exe
  C:\Windows\System\OrCbzwM.exe
  2⤵
  PID:3500
- C:\Windows\System\qrwMKfq.exe
  C:\Windows\System\qrwMKfq.exe
  2⤵
  PID:4084
- C:\Windows\System\vKzoJZj.exe
  C:\Windows\System\vKzoJZj.exe
  2⤵
  PID:4112
- C:\Windows\System\tIjPock.exe
  C:\Windows\System\tIjPock.exe
  2⤵
  PID:3644
- C:\Windows\System\WyYUaVU.exe
  C:\Windows\System\WyYUaVU.exe
  2⤵
  PID:4020
- C:\Windows\System\iZUdXWt.exe
  C:\Windows\System\iZUdXWt.exe
  2⤵
  PID:4132
- C:\Windows\System\rSPJNDd.exe
  C:\Windows\System\rSPJNDd.exe
  2⤵
  PID:4184
- C:\Windows\System\lcDSFcD.exe
  C:\Windows\System\lcDSFcD.exe
  2⤵
  PID:4228
- C:\Windows\System\eEMsHEq.exe
  C:\Windows\System\eEMsHEq.exe
  2⤵
  PID:4172
- C:\Windows\System\vbGvgKF.exe
  C:\Windows\System\vbGvgKF.exe
  2⤵
  PID:4256
- C:\Windows\System\SPjQeRA.exe
  C:\Windows\System\SPjQeRA.exe
  2⤵
  PID:4292
- C:\Windows\System\wGiiwcl.exe
  C:\Windows\System\wGiiwcl.exe
  2⤵
  PID:4348
- C:\Windows\System\DvrWBOE.exe
  C:\Windows\System\DvrWBOE.exe
  2⤵
  PID:4456
- C:\Windows\System\Oohszge.exe
  C:\Windows\System\Oohszge.exe
  2⤵
  PID:4400
- C:\Windows\System\esAcTSP.exe
  C:\Windows\System\esAcTSP.exe
  2⤵
  PID:4440
- C:\Windows\System\umUDsjG.exe
  C:\Windows\System\umUDsjG.exe
  2⤵
  PID:4392
- C:\Windows\System\HrLjmTh.exe
  C:\Windows\System\HrLjmTh.exe
  2⤵
  PID:4496
- C:\Windows\System\GXvaikW.exe
  C:\Windows\System\GXvaikW.exe
  2⤵
  PID:4592
- C:\Windows\System\YYtnLAG.exe
  C:\Windows\System\YYtnLAG.exe
  2⤵
  PID:4532
- C:\Windows\System\HwdamoB.exe
  C:\Windows\System\HwdamoB.exe
  2⤵
  PID:4624
- C:\Windows\System\IjbjPTE.exe
  C:\Windows\System\IjbjPTE.exe
  2⤵
  PID:4652
- C:\Windows\System\KivAbnZ.exe
  C:\Windows\System\KivAbnZ.exe
  2⤵
  PID:4688
- C:\Windows\System\ghuKnAI.exe
  C:\Windows\System\ghuKnAI.exe
  2⤵
  PID:4760
- C:\Windows\System\tuGrkol.exe
  C:\Windows\System\tuGrkol.exe
  2⤵
  PID:4740
- C:\Windows\System\xyeuWPJ.exe
  C:\Windows\System\xyeuWPJ.exe
  2⤵
  PID:4828
- C:\Windows\System\mfFUoDU.exe
  C:\Windows\System\mfFUoDU.exe
  2⤵
  PID:4884
- C:\Windows\System\rGXhIcr.exe
  C:\Windows\System\rGXhIcr.exe
  2⤵
  PID:4860
- C:\Windows\System\zbVPWVe.exe
  C:\Windows\System\zbVPWVe.exe
  2⤵
  PID:4896
- C:\Windows\System\wIbJLLF.exe
  C:\Windows\System\wIbJLLF.exe
  2⤵
  PID:4844
- C:\Windows\System\uWgOSHh.exe
  C:\Windows\System\uWgOSHh.exe
  2⤵
  PID:4924
- C:\Windows\System\lCCbFJj.exe
  C:\Windows\System\lCCbFJj.exe
  2⤵
  PID:4964
- C:\Windows\System\owTMtkp.exe
  C:\Windows\System\owTMtkp.exe
  2⤵
  PID:4992
- C:\Windows\System\DPKWznk.exe
  C:\Windows\System\DPKWznk.exe
  2⤵
  PID:2552
- C:\Windows\System\RXVfPrV.exe
  C:\Windows\System\RXVfPrV.exe
  2⤵
  PID:5020
- C:\Windows\System\UvtDVHs.exe
  C:\Windows\System\UvtDVHs.exe
  2⤵
  PID:5100
- C:\Windows\System\ebZhevr.exe
  C:\Windows\System\ebZhevr.exe
  2⤵
  PID:3520
- C:\Windows\System\TUwPKOn.exe
  C:\Windows\System\TUwPKOn.exe
  2⤵
  PID:5116
- C:\Windows\System\ZnGokna.exe
  C:\Windows\System\ZnGokna.exe
  2⤵
  PID:3344
- C:\Windows\System\lPcYtAa.exe
  C:\Windows\System\lPcYtAa.exe
  2⤵
  PID:3800
- C:\Windows\System\RHZjxIM.exe
  C:\Windows\System\RHZjxIM.exe
  2⤵
  PID:2956
- C:\Windows\System\JFtpJLN.exe
  C:\Windows\System\JFtpJLN.exe
  2⤵
  PID:4276
- C:\Windows\System\KhBFbGg.exe
  C:\Windows\System\KhBFbGg.exe
  2⤵
  PID:4224
- C:\Windows\System\QhERbxU.exe
  C:\Windows\System\QhERbxU.exe
  2⤵
  PID:4288
- C:\Windows\System\Ncnyfxw.exe
  C:\Windows\System\Ncnyfxw.exe
  2⤵
  PID:4248
- C:\Windows\System\DBSQjfW.exe
  C:\Windows\System\DBSQjfW.exe
  2⤵
  PID:4340
- C:\Windows\System\MjKgSmV.exe
  C:\Windows\System\MjKgSmV.exe
  2⤵
  PID:4528
- C:\Windows\System\PCjhLaL.exe
  C:\Windows\System\PCjhLaL.exe
  2⤵
  PID:4728
- C:\Windows\System\ijEPvtM.exe
  C:\Windows\System\ijEPvtM.exe
  2⤵
  PID:1756
- C:\Windows\System\IDlbgGX.exe
  C:\Windows\System\IDlbgGX.exe
  2⤵
  PID:4776
- C:\Windows\System\rlasTbl.exe
  C:\Windows\System\rlasTbl.exe
  2⤵
  PID:2816
- C:\Windows\System\uStQugw.exe
  C:\Windows\System\uStQugw.exe
  2⤵
  PID:4972
- C:\Windows\System\oImkdMJ.exe
  C:\Windows\System\oImkdMJ.exe
  2⤵
  PID:4396
- C:\Windows\System\QAmonnx.exe
  C:\Windows\System\QAmonnx.exe
  2⤵
  PID:4360
- C:\Windows\System\XXnWjrG.exe
  C:\Windows\System\XXnWjrG.exe
  2⤵
  PID:5044
- C:\Windows\System\wYXHirc.exe
  C:\Windows\System\wYXHirc.exe
  2⤵
  PID:4580
- C:\Windows\System\aBVvvvS.exe
  C:\Windows\System\aBVvvvS.exe
  2⤵
  PID:4612
- C:\Windows\System\GonkcRI.exe
  C:\Windows\System\GonkcRI.exe
  2⤵
  PID:4680
- C:\Windows\System\xyPNspF.exe
  C:\Windows\System\xyPNspF.exe
  2⤵
  PID:4916
- C:\Windows\System\FmQHGRS.exe
  C:\Windows\System\FmQHGRS.exe
  2⤵
  PID:4988
- C:\Windows\System\cVlHfEe.exe
  C:\Windows\System\cVlHfEe.exe
  2⤵
  PID:3928
- C:\Windows\System\ITmQqat.exe
  C:\Windows\System\ITmQqat.exe
  2⤵
  PID:4928
- C:\Windows\System\qGVdbmV.exe
  C:\Windows\System\qGVdbmV.exe
  2⤵
  PID:4932
- C:\Windows\System\FHlYDcW.exe
  C:\Windows\System\FHlYDcW.exe
  2⤵
  PID:4152
- C:\Windows\System\oprLena.exe
  C:\Windows\System\oprLena.exe
  2⤵
  PID:4272
- C:\Windows\System\GfbRYuF.exe
  C:\Windows\System\GfbRYuF.exe
  2⤵
  PID:4436
- C:\Windows\System\tHocNaj.exe
  C:\Windows\System\tHocNaj.exe
  2⤵
  PID:2036
- C:\Windows\System\neusrJL.exe
  C:\Windows\System\neusrJL.exe
  2⤵
  PID:4748
- C:\Windows\System\rAFGPJZ.exe
  C:\Windows\System\rAFGPJZ.exe
  2⤵
  PID:4488
- C:\Windows\System\HdfjrnM.exe
  C:\Windows\System\HdfjrnM.exe
  2⤵
  PID:4968
- C:\Windows\System\bOzrOpU.exe
  C:\Windows\System\bOzrOpU.exe
  2⤵
  PID:4480
- C:\Windows\System\OigCCfQ.exe
  C:\Windows\System\OigCCfQ.exe
  2⤵
  PID:3044
- C:\Windows\System\wHUTAYX.exe
  C:\Windows\System\wHUTAYX.exe
  2⤵
  PID:3868
- C:\Windows\System\WXdhcWi.exe
  C:\Windows\System\WXdhcWi.exe
  2⤵
  PID:4312
- C:\Windows\System\ZlSAgVe.exe
  C:\Windows\System\ZlSAgVe.exe
  2⤵
  PID:5136
- C:\Windows\System\dObMZXY.exe
  C:\Windows\System\dObMZXY.exe
  2⤵
  PID:5160
- C:\Windows\System\zmuEStr.exe
  C:\Windows\System\zmuEStr.exe
  2⤵
  PID:5188
- C:\Windows\System\gXhdURi.exe
  C:\Windows\System\gXhdURi.exe
  2⤵
  PID:5204
- C:\Windows\System\ITkjlWQ.exe
  C:\Windows\System\ITkjlWQ.exe
  2⤵
  PID:5220
- C:\Windows\System\fwktjno.exe
  C:\Windows\System\fwktjno.exe
  2⤵
  PID:5236
- C:\Windows\System\nJVHPQW.exe
  C:\Windows\System\nJVHPQW.exe
  2⤵
  PID:5252
- C:\Windows\System\VwnlAKH.exe
  C:\Windows\System\VwnlAKH.exe
  2⤵
  PID:5268
- C:\Windows\System\wNQLTfa.exe
  C:\Windows\System\wNQLTfa.exe
  2⤵
  PID:5284
- C:\Windows\System\meDdZOX.exe
  C:\Windows\System\meDdZOX.exe
  2⤵
  PID:5304
- C:\Windows\System\rcBUVdG.exe
  C:\Windows\System\rcBUVdG.exe
  2⤵
  PID:5340
- C:\Windows\System\dyihDFu.exe
  C:\Windows\System\dyihDFu.exe
  2⤵
  PID:5356
- C:\Windows\System\YbXDpwv.exe
  C:\Windows\System\YbXDpwv.exe
  2⤵
  PID:5376
- C:\Windows\System\KxSCJBU.exe
  C:\Windows\System\KxSCJBU.exe
  2⤵
  PID:5396
- C:\Windows\System\UmgczRQ.exe
  C:\Windows\System\UmgczRQ.exe
  2⤵
  PID:5416
- C:\Windows\System\UHCHWWD.exe
  C:\Windows\System\UHCHWWD.exe
  2⤵
  PID:5432
- C:\Windows\System\wXpWafT.exe
  C:\Windows\System\wXpWafT.exe
  2⤵
  PID:5448
- C:\Windows\System\sCxdSfj.exe
  C:\Windows\System\sCxdSfj.exe
  2⤵
  PID:5464
- C:\Windows\System\xAUhtud.exe
  C:\Windows\System\xAUhtud.exe
  2⤵
  PID:5480
- C:\Windows\System\qBDwGIb.exe
  C:\Windows\System\qBDwGIb.exe
  2⤵
  PID:5500
- C:\Windows\System\sVjPGZC.exe
  C:\Windows\System\sVjPGZC.exe
  2⤵
  PID:5516
- C:\Windows\System\RZgnVeE.exe
  C:\Windows\System\RZgnVeE.exe
  2⤵
  PID:5532
- C:\Windows\System\XGTcdsS.exe
  C:\Windows\System\XGTcdsS.exe
  2⤵
  PID:5548
- C:\Windows\System\nbnyIty.exe
  C:\Windows\System\nbnyIty.exe
  2⤵
  PID:5564
- C:\Windows\System\GaRvCqi.exe
  C:\Windows\System\GaRvCqi.exe
  2⤵
  PID:5580
- C:\Windows\System\SVvUeGT.exe
  C:\Windows\System\SVvUeGT.exe
  2⤵
  PID:5596
- C:\Windows\System\tYycDur.exe
  C:\Windows\System\tYycDur.exe
  2⤵
  PID:5616
- C:\Windows\System\WsaiOyi.exe
  C:\Windows\System\WsaiOyi.exe
  2⤵
  PID:5632
- C:\Windows\System\arpEcbq.exe
  C:\Windows\System\arpEcbq.exe
  2⤵
  PID:5648
- C:\Windows\System\HdhKJIN.exe
  C:\Windows\System\HdhKJIN.exe
  2⤵
  PID:5664
- C:\Windows\System\DWSmKZe.exe
  C:\Windows\System\DWSmKZe.exe
  2⤵
  PID:5680
- C:\Windows\System\BWjtdij.exe
  C:\Windows\System\BWjtdij.exe
  2⤵
  PID:5708
- C:\Windows\System\VcHxhen.exe
  C:\Windows\System\VcHxhen.exe
  2⤵
  PID:5728
- C:\Windows\System\wcYgTES.exe
  C:\Windows\System\wcYgTES.exe
  2⤵
  PID:5748
- C:\Windows\System\rHzhNpX.exe
  C:\Windows\System\rHzhNpX.exe
  2⤵
  PID:5764
- C:\Windows\System\tFVZEbZ.exe
  C:\Windows\System\tFVZEbZ.exe
  2⤵
  PID:5784
- C:\Windows\System\VwbCvLb.exe
  C:\Windows\System\VwbCvLb.exe
  2⤵
  PID:5804
- C:\Windows\System\mqhlRcu.exe
  C:\Windows\System\mqhlRcu.exe
  2⤵
  PID:5828
- C:\Windows\System\BpMmZFj.exe
  C:\Windows\System\BpMmZFj.exe
  2⤵
  PID:5852
- C:\Windows\System\ObEnWRu.exe
  C:\Windows\System\ObEnWRu.exe
  2⤵
  PID:5868
- C:\Windows\System\pTuSRpe.exe
  C:\Windows\System\pTuSRpe.exe
  2⤵
  PID:5884
- C:\Windows\System\bGVmYVJ.exe
  C:\Windows\System\bGVmYVJ.exe
  2⤵
  PID:5904
- C:\Windows\System\wFwNGPJ.exe
  C:\Windows\System\wFwNGPJ.exe
  2⤵
  PID:5920
- C:\Windows\System\fkAfCUP.exe
  C:\Windows\System\fkAfCUP.exe
  2⤵
  PID:5936
- C:\Windows\System\wkLqOZO.exe
  C:\Windows\System\wkLqOZO.exe
  2⤵
  PID:5952
- C:\Windows\System\lKbxggR.exe
  C:\Windows\System\lKbxggR.exe
  2⤵
  PID:5968
- C:\Windows\System\hFUardb.exe
  C:\Windows\System\hFUardb.exe
  2⤵
  PID:5984
- C:\Windows\System\iOVQyfQ.exe
  C:\Windows\System\iOVQyfQ.exe
  2⤵
  PID:6000
- C:\Windows\System\tLRzoPq.exe
  C:\Windows\System\tLRzoPq.exe
  2⤵
  PID:6016
- C:\Windows\System\yVqqNOQ.exe
  C:\Windows\System\yVqqNOQ.exe
  2⤵
  PID:6044
- C:\Windows\System\hAPeyGa.exe
  C:\Windows\System\hAPeyGa.exe
  2⤵
  PID:6060
- C:\Windows\System\vNupyIJ.exe
  C:\Windows\System\vNupyIJ.exe
  2⤵
  PID:6076
- C:\Windows\System\ifrHSgl.exe
  C:\Windows\System\ifrHSgl.exe
  2⤵
  PID:6092
- C:\Windows\System\pfcPGya.exe
  C:\Windows\System\pfcPGya.exe
  2⤵
  PID:6108
- C:\Windows\System\xltEZBz.exe
  C:\Windows\System\xltEZBz.exe
  2⤵
  PID:6124
- C:\Windows\System\pCwRNwr.exe
  C:\Windows\System\pCwRNwr.exe
  2⤵
  PID:4544
- C:\Windows\System\BJTObaZ.exe
  C:\Windows\System\BJTObaZ.exe
  2⤵
  PID:4552
- C:\Windows\System\AamFvKC.exe
  C:\Windows\System\AamFvKC.exe
  2⤵
  PID:4872
- C:\Windows\System\vLrXXVI.exe
  C:\Windows\System\vLrXXVI.exe
  2⤵
  PID:4108
- C:\Windows\System\ofwnDlP.exe
  C:\Windows\System\ofwnDlP.exe
  2⤵
  PID:5112
- C:\Windows\System\kyPWCSZ.exe
  C:\Windows\System\kyPWCSZ.exe
  2⤵
  PID:5060
- C:\Windows\System\EvlKmHk.exe
  C:\Windows\System\EvlKmHk.exe
  2⤵
  PID:4344
- C:\Windows\System\DdFMGen.exe
  C:\Windows\System\DdFMGen.exe
  2⤵
  PID:5152
- C:\Windows\System\jpQAenS.exe
  C:\Windows\System\jpQAenS.exe
  2⤵
  PID:3068
- C:\Windows\System\OWFQoLQ.exe
  C:\Windows\System\OWFQoLQ.exe
  2⤵
  PID:5232
- C:\Windows\System\NsQpFzs.exe
  C:\Windows\System\NsQpFzs.exe
  2⤵
  PID:5300
- C:\Windows\System\lclJYlC.exe
  C:\Windows\System\lclJYlC.exe
  2⤵
  PID:5384
- C:\Windows\System\unpgCaL.exe
  C:\Windows\System\unpgCaL.exe
  2⤵
  PID:5428
- C:\Windows\System\GiQacSJ.exe
  C:\Windows\System\GiQacSJ.exe
  2⤵
  PID:5488
- C:\Windows\System\ktMhUPO.exe
  C:\Windows\System\ktMhUPO.exe
  2⤵
  PID:5524
- C:\Windows\System\oBsuYsI.exe
  C:\Windows\System\oBsuYsI.exe
  2⤵
  PID:5588
- C:\Windows\System\yXGVWxC.exe
  C:\Windows\System\yXGVWxC.exe
  2⤵
  PID:5656
- C:\Windows\System\JCvXMWY.exe
  C:\Windows\System\JCvXMWY.exe
  2⤵
  PID:5696
- C:\Windows\System\lXJzuWi.exe
  C:\Windows\System\lXJzuWi.exe
  2⤵
  PID:5740
- C:\Windows\System\YiZFAqN.exe
  C:\Windows\System\YiZFAqN.exe
  2⤵
  PID:5776
- C:\Windows\System\eorkpws.exe
  C:\Windows\System\eorkpws.exe
  2⤵
  PID:5824
- C:\Windows\System\ZdgxlKB.exe
  C:\Windows\System\ZdgxlKB.exe
  2⤵
  PID:5896
- C:\Windows\System\SqtSjme.exe
  C:\Windows\System\SqtSjme.exe
  2⤵
  PID:3016
- C:\Windows\System\QpXlAkL.exe
  C:\Windows\System\QpXlAkL.exe
  2⤵
  PID:5992
- C:\Windows\System\dupjhtN.exe
  C:\Windows\System\dupjhtN.exe
  2⤵
  PID:6036
- C:\Windows\System\YQcLkYr.exe
  C:\Windows\System\YQcLkYr.exe
  2⤵
  PID:6072
- C:\Windows\System\tcbyuBz.exe
  C:\Windows\System\tcbyuBz.exe
  2⤵
  PID:6136
- C:\Windows\System\diqREQi.exe
  C:\Windows\System\diqREQi.exe
  2⤵
  PID:3628
- C:\Windows\System\pagDHKP.exe
  C:\Windows\System\pagDHKP.exe
  2⤵
  PID:4204
- C:\Windows\System\DwDpQux.exe
  C:\Windows\System\DwDpQux.exe
  2⤵
  PID:5388
- C:\Windows\System\ueZhlej.exe
  C:\Windows\System\ueZhlej.exe
  2⤵
  PID:2104
- C:\Windows\System\GzrtWKh.exe
  C:\Windows\System\GzrtWKh.exe
  2⤵
  PID:6028
- C:\Windows\System\sobAaLU.exe
  C:\Windows\System\sobAaLU.exe
  2⤵
  PID:5008
- C:\Windows\System\pnTLsuZ.exe
  C:\Windows\System\pnTLsuZ.exe
  2⤵
  PID:5704
- C:\Windows\System\FjFdZee.exe
  C:\Windows\System\FjFdZee.exe
  2⤵
  PID:5460
- C:\Windows\System\eftddso.exe
  C:\Windows\System\eftddso.exe
  2⤵
  PID:5228
- C:\Windows\System\pItvhEB.exe
  C:\Windows\System\pItvhEB.exe
  2⤵
  PID:4948
- C:\Windows\System\THadNkJ.exe
  C:\Windows\System\THadNkJ.exe
  2⤵
  PID:4548
- C:\Windows\System\oJNXiUe.exe
  C:\Windows\System\oJNXiUe.exe
  2⤵
  PID:6056
- C:\Windows\System\yoBtQfS.exe
  C:\Windows\System\yoBtQfS.exe
  2⤵
  PID:5980
- C:\Windows\System\XkcXAVe.exe
  C:\Windows\System\XkcXAVe.exe
  2⤵
  PID:5880
- C:\Windows\System\fpcBjWo.exe
  C:\Windows\System\fpcBjWo.exe
  2⤵
  PID:5800
- C:\Windows\System\AZnjcln.exe
  C:\Windows\System\AZnjcln.exe
  2⤵
  PID:5720
- C:\Windows\System\wftrzBe.exe
  C:\Windows\System\wftrzBe.exe
  2⤵
  PID:5640
- C:\Windows\System\rxlfKFI.exe
  C:\Windows\System\rxlfKFI.exe
  2⤵
  PID:5572
- C:\Windows\System\BRpVRqL.exe
  C:\Windows\System\BRpVRqL.exe
  2⤵
  PID:5508
- C:\Windows\System\blKkIzn.exe
  C:\Windows\System\blKkIzn.exe
  2⤵
  PID:5440
- C:\Windows\System\YeZWOnm.exe
  C:\Windows\System\YeZWOnm.exe
  2⤵
  PID:5364
- C:\Windows\System\SwHIAre.exe
  C:\Windows\System\SwHIAre.exe
  2⤵
  PID:5276
- C:\Windows\System\lGpcuQQ.exe
  C:\Windows\System\lGpcuQQ.exe
  2⤵
  PID:4156
- C:\Windows\System\cyiRkkk.exe
  C:\Windows\System\cyiRkkk.exe
  2⤵
  PID:4432
- C:\Windows\System\rPVoDVK.exe
  C:\Windows\System\rPVoDVK.exe
  2⤵
  PID:5132
- C:\Windows\System\WpHeUiM.exe
  C:\Windows\System\WpHeUiM.exe
  2⤵
  PID:4796
- C:\Windows\System\upRQXMG.exe
  C:\Windows\System\upRQXMG.exe
  2⤵
  PID:4328
- C:\Windows\System\wCytxkX.exe
  C:\Windows\System\wCytxkX.exe
  2⤵
  PID:5184
- C:\Windows\System\BEgJmhc.exe
  C:\Windows\System\BEgJmhc.exe
  2⤵
  PID:2624
- C:\Windows\System\shCUvTC.exe
  C:\Windows\System\shCUvTC.exe
  2⤵
  PID:5336
- C:\Windows\System\eCanQBR.exe
  C:\Windows\System\eCanQBR.exe
  2⤵
  PID:5796
- C:\Windows\System\TcFmikp.exe
  C:\Windows\System\TcFmikp.exe
  2⤵
  PID:5560
- C:\Windows\System\INRglbf.exe
  C:\Windows\System\INRglbf.exe
  2⤵
  PID:800
- C:\Windows\System\GJfPorn.exe
  C:\Windows\System\GJfPorn.exe
  2⤵
  PID:3584
- C:\Windows\System\TgeeXbA.exe
  C:\Windows\System\TgeeXbA.exe
  2⤵
  PID:5932
- C:\Windows\System\QUbRYlv.exe
  C:\Windows\System\QUbRYlv.exe
  2⤵
  PID:5148
- C:\Windows\System\OYMlume.exe
  C:\Windows\System\OYMlume.exe
  2⤵
  PID:6116
- C:\Windows\System\dyjhSpG.exe
  C:\Windows\System\dyjhSpG.exe
  2⤵
  PID:5976
- C:\Windows\System\notORdY.exe
  C:\Windows\System\notORdY.exe
  2⤵
  PID:5912
- C:\Windows\System\RmnzpVc.exe
  C:\Windows\System\RmnzpVc.exe
  2⤵
  PID:5576
- C:\Windows\System\lPzQCmT.exe
  C:\Windows\System\lPzQCmT.exe
  2⤵
  PID:5312
- C:\Windows\System\VplkwSR.exe
  C:\Windows\System\VplkwSR.exe
  2⤵
  PID:5280
- C:\Windows\System\NSsRRtO.exe
  C:\Windows\System\NSsRRtO.exe
  2⤵
  PID:3052
- C:\Windows\System\bRxYHiW.exe
  C:\Windows\System\bRxYHiW.exe
  2⤵
  PID:3012
- C:\Windows\System\CHItpJt.exe
  C:\Windows\System\CHItpJt.exe
  2⤵
  PID:5168
- C:\Windows\System\aYLevHs.exe
  C:\Windows\System\aYLevHs.exe
  2⤵
  PID:5180
- C:\Windows\System\doYzwtf.exe
  C:\Windows\System\doYzwtf.exe
  2⤵
  PID:5332
- C:\Windows\System\VBfrwVH.exe
  C:\Windows\System\VBfrwVH.exe
  2⤵
  PID:5556
- C:\Windows\System\ZzLwqBL.exe
  C:\Windows\System\ZzLwqBL.exe
  2⤵
  PID:6024
- C:\Windows\System\cbpAion.exe
  C:\Windows\System\cbpAion.exe
  2⤵
  PID:2608
- C:\Windows\System\ZlVlyDx.exe
  C:\Windows\System\ZlVlyDx.exe
  2⤵
  PID:5676
- C:\Windows\System\ScuDsTl.exe
  C:\Windows\System\ScuDsTl.exe
  2⤵
  PID:5512
- C:\Windows\System\xULfzMC.exe
  C:\Windows\System\xULfzMC.exe
  2⤵
  PID:4684
- C:\Windows\System\RPMEFHD.exe
  C:\Windows\System\RPMEFHD.exe
  2⤵
  PID:1244
- C:\Windows\System\EEOJWAe.exe
  C:\Windows\System\EEOJWAe.exe
  2⤵
  PID:5756
- C:\Windows\System\vFJmJPx.exe
  C:\Windows\System\vFJmJPx.exe
  2⤵
  PID:6012
- C:\Windows\System\UBPovCt.exe
  C:\Windows\System\UBPovCt.exe
  2⤵
  PID:444
- C:\Windows\System\falslJV.exe
  C:\Windows\System\falslJV.exe
  2⤵
  PID:2172
- C:\Windows\System\fZHVwKd.exe
  C:\Windows\System\fZHVwKd.exe
  2⤵
  PID:6088
- C:\Windows\System\YtQgoWw.exe
  C:\Windows\System\YtQgoWw.exe
  2⤵
  PID:5724
- C:\Windows\System\IEbPIFm.exe
  C:\Windows\System\IEbPIFm.exe
  2⤵
  PID:5944
- C:\Windows\System\oPXiBot.exe
  C:\Windows\System\oPXiBot.exe
  2⤵
  PID:4188
- C:\Windows\System\GMazeLU.exe
  C:\Windows\System\GMazeLU.exe
  2⤵
  PID:2836
- C:\Windows\System\CTnswIl.exe
  C:\Windows\System\CTnswIl.exe
  2⤵
  PID:3000
- C:\Windows\System\zujEgtz.exe
  C:\Windows\System\zujEgtz.exe
  2⤵
  PID:6164
- C:\Windows\System\gXtrmuP.exe
  C:\Windows\System\gXtrmuP.exe
  2⤵
  PID:6180
- C:\Windows\System\mnUgILM.exe
  C:\Windows\System\mnUgILM.exe
  2⤵
  PID:6196
- C:\Windows\System\GlBuKOi.exe
  C:\Windows\System\GlBuKOi.exe
  2⤵
  PID:6212
- C:\Windows\System\RYtrKBo.exe
  C:\Windows\System\RYtrKBo.exe
  2⤵
  PID:6228
- C:\Windows\System\knRkfIQ.exe
  C:\Windows\System\knRkfIQ.exe
  2⤵
  PID:6244
- C:\Windows\System\HdElzoY.exe
  C:\Windows\System\HdElzoY.exe
  2⤵
  PID:6264
- C:\Windows\System\YMdvCYo.exe
  C:\Windows\System\YMdvCYo.exe
  2⤵
  PID:6280
- C:\Windows\System\hYfEiKG.exe
  C:\Windows\System\hYfEiKG.exe
  2⤵
  PID:6296
- C:\Windows\System\sAZftLz.exe
  C:\Windows\System\sAZftLz.exe
  2⤵
  PID:6312
- C:\Windows\System\sLsqZUA.exe
  C:\Windows\System\sLsqZUA.exe
  2⤵
  PID:6328
- C:\Windows\System\jnwiKTU.exe
  C:\Windows\System\jnwiKTU.exe
  2⤵
  PID:6348
- C:\Windows\System\ZRIFtfC.exe
  C:\Windows\System\ZRIFtfC.exe
  2⤵
  PID:6364
- C:\Windows\System\AEEJEfe.exe
  C:\Windows\System\AEEJEfe.exe
  2⤵
  PID:6380
- C:\Windows\System\fQMXhGF.exe
  C:\Windows\System\fQMXhGF.exe
  2⤵
  PID:6396
- C:\Windows\System\EbSXILn.exe
  C:\Windows\System\EbSXILn.exe
  2⤵
  PID:6412
- C:\Windows\System\rCrYllf.exe
  C:\Windows\System\rCrYllf.exe
  2⤵
  PID:6428
- C:\Windows\System\JBCpTQe.exe
  C:\Windows\System\JBCpTQe.exe
  2⤵
  PID:6444
- C:\Windows\System\SxNJGOT.exe
  C:\Windows\System\SxNJGOT.exe
  2⤵
  PID:6460
- C:\Windows\System\bBtOWtI.exe
  C:\Windows\System\bBtOWtI.exe
  2⤵
  PID:6476
- C:\Windows\System\PHbXEjP.exe
  C:\Windows\System\PHbXEjP.exe
  2⤵
  PID:6492
- C:\Windows\System\MDRtjRT.exe
  C:\Windows\System\MDRtjRT.exe
  2⤵
  PID:6508
- C:\Windows\System\HrXfIZz.exe
  C:\Windows\System\HrXfIZz.exe
  2⤵
  PID:6524
- C:\Windows\System\oRwUVkW.exe
  C:\Windows\System\oRwUVkW.exe
  2⤵
  PID:6540
- C:\Windows\System\YApPNnR.exe
  C:\Windows\System\YApPNnR.exe
  2⤵
  PID:6556
- C:\Windows\System\GQQWrxJ.exe
  C:\Windows\System\GQQWrxJ.exe
  2⤵
  PID:6572
- C:\Windows\System\QVkJmNc.exe
  C:\Windows\System\QVkJmNc.exe
  2⤵
  PID:6588
- C:\Windows\System\lscEvMi.exe
  C:\Windows\System\lscEvMi.exe
  2⤵
  PID:6604
- C:\Windows\System\lKpVizc.exe
  C:\Windows\System\lKpVizc.exe
  2⤵
  PID:6620
- C:\Windows\System\wmBBFcM.exe
  C:\Windows\System\wmBBFcM.exe
  2⤵
  PID:6636
- C:\Windows\System\FeeytzV.exe
  C:\Windows\System\FeeytzV.exe
  2⤵
  PID:6652
- C:\Windows\System\ISKypYR.exe
  C:\Windows\System\ISKypYR.exe
  2⤵
  PID:6668
- C:\Windows\System\SgGtckd.exe
  C:\Windows\System\SgGtckd.exe
  2⤵
  PID:6684
- C:\Windows\System\VyaRIfZ.exe
  C:\Windows\System\VyaRIfZ.exe
  2⤵
  PID:6700
- C:\Windows\System\YYxtOYa.exe
  C:\Windows\System\YYxtOYa.exe
  2⤵
  PID:6716
- C:\Windows\System\JDUFbvZ.exe
  C:\Windows\System\JDUFbvZ.exe
  2⤵
  PID:6732
- C:\Windows\System\vvRLQsQ.exe
  C:\Windows\System\vvRLQsQ.exe
  2⤵
  PID:6748
- C:\Windows\System\gHKnoCS.exe
  C:\Windows\System\gHKnoCS.exe
  2⤵
  PID:6764
- C:\Windows\System\IuqesEd.exe
  C:\Windows\System\IuqesEd.exe
  2⤵
  PID:6780
- C:\Windows\System\RdSqpWh.exe
  C:\Windows\System\RdSqpWh.exe
  2⤵
  PID:6796
- C:\Windows\System\aELnNOw.exe
  C:\Windows\System\aELnNOw.exe
  2⤵
  PID:6812
- C:\Windows\System\mGgRosC.exe
  C:\Windows\System\mGgRosC.exe
  2⤵
  PID:6828
- C:\Windows\System\aZCRKFW.exe
  C:\Windows\System\aZCRKFW.exe
  2⤵
  PID:6844
- C:\Windows\System\hxgxslQ.exe
  C:\Windows\System\hxgxslQ.exe
  2⤵
  PID:6860
- C:\Windows\System\RkgbDOG.exe
  C:\Windows\System\RkgbDOG.exe
  2⤵
  PID:6876
- C:\Windows\System\coYPlQW.exe
  C:\Windows\System\coYPlQW.exe
  2⤵
  PID:6892
- C:\Windows\System\ezKsFSf.exe
  C:\Windows\System\ezKsFSf.exe
  2⤵
  PID:6908
- C:\Windows\System\haXZYsZ.exe
  C:\Windows\System\haXZYsZ.exe
  2⤵
  PID:6924
- C:\Windows\System\TkdSAlE.exe
  C:\Windows\System\TkdSAlE.exe
  2⤵
  PID:6940
- C:\Windows\System\SybRTAn.exe
  C:\Windows\System\SybRTAn.exe
  2⤵
  PID:6956
- C:\Windows\System\EPTSWPU.exe
  C:\Windows\System\EPTSWPU.exe
  2⤵
  PID:6972
- C:\Windows\System\uVYUZHh.exe
  C:\Windows\System\uVYUZHh.exe
  2⤵
  PID:6988
- C:\Windows\System\CyEQMDM.exe
  C:\Windows\System\CyEQMDM.exe
  2⤵
  PID:7004
- C:\Windows\System\TphuvVE.exe
  C:\Windows\System\TphuvVE.exe
  2⤵
  PID:7020
- C:\Windows\System\BPAWbFW.exe
  C:\Windows\System\BPAWbFW.exe
  2⤵
  PID:7036
- C:\Windows\System\aWhydHX.exe
  C:\Windows\System\aWhydHX.exe
  2⤵
  PID:7052
- C:\Windows\System\mKZNfaK.exe
  C:\Windows\System\mKZNfaK.exe
  2⤵
  PID:7068
- C:\Windows\System\dboRQXt.exe
  C:\Windows\System\dboRQXt.exe
  2⤵
  PID:7084
- C:\Windows\System\hyaJEEp.exe
  C:\Windows\System\hyaJEEp.exe
  2⤵
  PID:7100
- C:\Windows\System\IKtweWM.exe
  C:\Windows\System\IKtweWM.exe
  2⤵
  PID:7116
- C:\Windows\System\UawxpPj.exe
  C:\Windows\System\UawxpPj.exe
  2⤵
  PID:7132
- C:\Windows\System\hRJLcaq.exe
  C:\Windows\System\hRJLcaq.exe
  2⤵
  PID:7148
- C:\Windows\System\rFMdtHj.exe
  C:\Windows\System\rFMdtHj.exe
  2⤵
  PID:7164
- C:\Windows\System\HFcbdoH.exe
  C:\Windows\System\HFcbdoH.exe
  2⤵
  PID:5212
- C:\Windows\System\UTwmrFa.exe
  C:\Windows\System\UTwmrFa.exe
  2⤵
  PID:1092
- C:\Windows\System\fvccHXT.exe
  C:\Windows\System\fvccHXT.exe
  2⤵
  PID:5772
- C:\Windows\System\ZtWQqru.exe
  C:\Windows\System\ZtWQqru.exe
  2⤵
  PID:2840
- C:\Windows\System\EtUuWmj.exe
  C:\Windows\System\EtUuWmj.exe
  2⤵
  PID:3388
- C:\Windows\System\BsMhgKq.exe
  C:\Windows\System\BsMhgKq.exe
  2⤵
  PID:6236
- C:\Windows\System\dPYkBlV.exe
  C:\Windows\System\dPYkBlV.exe
  2⤵
  PID:5328
- C:\Windows\System\KVdJhfJ.exe
  C:\Windows\System\KVdJhfJ.exe
  2⤵
  PID:2536
- C:\Windows\System\itiKGcw.exe
  C:\Windows\System\itiKGcw.exe
  2⤵
  PID:6160
- C:\Windows\System\rngbYYx.exe
  C:\Windows\System\rngbYYx.exe
  2⤵
  PID:6224
- C:\Windows\System\LUOJkkX.exe
  C:\Windows\System\LUOJkkX.exe
  2⤵
  PID:4572
- C:\Windows\System\FKmFvRN.exe
  C:\Windows\System\FKmFvRN.exe
  2⤵
  PID:2264
- C:\Windows\System\DSntXGD.exe
  C:\Windows\System\DSntXGD.exe
  2⤵
  PID:2176
- C:\Windows\System\YThBYhV.exe
  C:\Windows\System\YThBYhV.exe
  2⤵
  PID:2052
- C:\Windows\System\TBrZUpc.exe
  C:\Windows\System\TBrZUpc.exe
  2⤵
  PID:2096
- C:\Windows\System\lhoEkRY.exe
  C:\Windows\System\lhoEkRY.exe
  2⤵
  PID:2220
- C:\Windows\System\IAWQmLL.exe
  C:\Windows\System\IAWQmLL.exe
  2⤵
  PID:6008
- C:\Windows\System\cegzTFp.exe
  C:\Windows\System\cegzTFp.exe
  2⤵
  PID:2832
- C:\Windows\System\TwYkqtL.exe
  C:\Windows\System\TwYkqtL.exe
  2⤵
  PID:2136
- C:\Windows\System\jdWuFMO.exe
  C:\Windows\System\jdWuFMO.exe
  2⤵
  PID:2196
- C:\Windows\System\cSJeBWX.exe
  C:\Windows\System\cSJeBWX.exe
  2⤵
  PID:1056
- C:\Windows\System\vfupQgY.exe
  C:\Windows\System\vfupQgY.exe
  2⤵
  PID:2404
- C:\Windows\System\wYJMdfN.exe
  C:\Windows\System\wYJMdfN.exe
  2⤵
  PID:6260
- C:\Windows\System\fpJJxPn.exe
  C:\Windows\System\fpJJxPn.exe
  2⤵
  PID:6276
- C:\Windows\System\tDrEBio.exe
  C:\Windows\System\tDrEBio.exe
  2⤵
  PID:6324
- C:\Windows\System\PlgIaxU.exe
  C:\Windows\System\PlgIaxU.exe
  2⤵
  PID:6388
- C:\Windows\System\RspnMbo.exe
  C:\Windows\System\RspnMbo.exe
  2⤵
  PID:6452
- C:\Windows\System\uWUUYjp.exe
  C:\Windows\System\uWUUYjp.exe
  2⤵
  PID:6516
- C:\Windows\System\xfROdIy.exe
  C:\Windows\System\xfROdIy.exe
  2⤵
  PID:6580
- C:\Windows\System\VEmiwqj.exe
  C:\Windows\System\VEmiwqj.exe
  2⤵
  PID:6340
- C:\Windows\System\ClAWDcL.exe
  C:\Windows\System\ClAWDcL.exe
  2⤵
  PID:6648
- C:\Windows\System\fUdrNYC.exe
  C:\Windows\System\fUdrNYC.exe
  2⤵
  PID:6712
- C:\Windows\System\ZYTubNI.exe
  C:\Windows\System\ZYTubNI.exe
  2⤵
  PID:6404
- C:\Windows\System\FACokol.exe
  C:\Windows\System\FACokol.exe
  2⤵
  PID:6468
- C:\Windows\System\YuxcHCR.exe
  C:\Windows\System\YuxcHCR.exe
  2⤵
  PID:6564
- C:\Windows\System\YQSgIiI.exe
  C:\Windows\System\YQSgIiI.exe
  2⤵
  PID:6692
- C:\Windows\System\gwtUhkI.exe
  C:\Windows\System\gwtUhkI.exe
  2⤵
  PID:6776
- C:\Windows\System\xxeZFEC.exe
  C:\Windows\System\xxeZFEC.exe
  2⤵
  PID:6840
- C:\Windows\System\AHTnyPc.exe
  C:\Windows\System\AHTnyPc.exe
  2⤵
  PID:6904
- C:\Windows\System\eAiAjmK.exe
  C:\Windows\System\eAiAjmK.exe
  2⤵
  PID:6968
- C:\Windows\System\WbNZHsd.exe
  C:\Windows\System\WbNZHsd.exe
  2⤵
  PID:6632
- C:\Windows\System\UPasZxR.exe
  C:\Windows\System\UPasZxR.exe
  2⤵
  PID:6996
- C:\Windows\System\YAkfqge.exe
  C:\Windows\System\YAkfqge.exe
  2⤵
  PID:7064
- C:\Windows\System\PkJdNzx.exe
  C:\Windows\System\PkJdNzx.exe
  2⤵
  PID:6792
- C:\Windows\System\FDyFZwg.exe
  C:\Windows\System\FDyFZwg.exe
  2⤵
  PID:6916
- C:\Windows\System\kJGCzpP.exe
  C:\Windows\System\kJGCzpP.exe
  2⤵
  PID:7012
- C:\Windows\System\kzVWPIy.exe
  C:\Windows\System\kzVWPIy.exe
  2⤵
  PID:7128
- C:\Windows\System\lEPEVfk.exe
  C:\Windows\System\lEPEVfk.exe
  2⤵
  PID:5264
- C:\Windows\System\pLEMfdm.exe
  C:\Windows\System\pLEMfdm.exe
  2⤵
  PID:6756
- C:\Windows\System\PnqLzQD.exe
  C:\Windows\System\PnqLzQD.exe
  2⤵
  PID:6980
- C:\Windows\System\gZOqrCF.exe
  C:\Windows\System\gZOqrCF.exe
  2⤵
  PID:7048
- C:\Windows\System\rZmyATD.exe
  C:\Windows\System\rZmyATD.exe
  2⤵
  PID:1732
- C:\Windows\System\kDEgaKi.exe
  C:\Windows\System\kDEgaKi.exe
  2⤵
  PID:5628
- C:\Windows\System\EVxSAnk.exe
  C:\Windows\System\EVxSAnk.exe
  2⤵
  PID:5156
- C:\Windows\System\ittOmbH.exe
  C:\Windows\System\ittOmbH.exe
  2⤵
  PID:3204
- C:\Windows\System\QkNuBWS.exe
  C:\Windows\System\QkNuBWS.exe
  2⤵
  PID:7144
- C:\Windows\System\lKDGsbI.exe
  C:\Windows\System\lKDGsbI.exe
  2⤵
  PID:3252
- C:\Windows\System\ilyazBs.exe
  C:\Windows\System\ilyazBs.exe
  2⤵
  PID:6156
- C:\Windows\System\upgGcEg.exe
  C:\Windows\System\upgGcEg.exe
  2⤵
  PID:1712
- C:\Windows\System\buvqmzM.exe
  C:\Windows\System\buvqmzM.exe
  2⤵
  PID:2556
- C:\Windows\System\bAOXAql.exe
  C:\Windows\System\bAOXAql.exe
  2⤵
  PID:1108
- C:\Windows\System\wMHMkPD.exe
  C:\Windows\System\wMHMkPD.exe
  2⤵
  PID:6360
- C:\Windows\System\MoBTwoE.exe
  C:\Windows\System\MoBTwoE.exe
  2⤵
  PID:6532
- C:\Windows\System\GfhBbKC.exe
  C:\Windows\System\GfhBbKC.exe
  2⤵
  PID:6440
- C:\Windows\System\QTPenLg.exe
  C:\Windows\System\QTPenLg.exe
  2⤵
  PID:2924
- C:\Windows\System\eOLCyRu.exe
  C:\Windows\System\eOLCyRu.exe
  2⤵
  PID:1992
- C:\Windows\System\HPMFXGF.exe
  C:\Windows\System\HPMFXGF.exe
  2⤵
  PID:6336
- C:\Windows\System\PmmkXQT.exe
  C:\Windows\System\PmmkXQT.exe
  2⤵
  PID:6616
- C:\Windows\System\QSrMPZE.exe
  C:\Windows\System\QSrMPZE.exe
  2⤵
  PID:6536
- C:\Windows\System\EtAschT.exe
  C:\Windows\System\EtAschT.exe
  2⤵
  PID:6836
- C:\Windows\System\lphyWpv.exe
  C:\Windows\System\lphyWpv.exe
  2⤵
  PID:7000
- C:\Windows\System\sbFNIxT.exe
  C:\Windows\System\sbFNIxT.exe
  2⤵
  PID:6952
- C:\Windows\System\dRAZHpE.exe
  C:\Windows\System\dRAZHpE.exe
  2⤵
  PID:6820
- C:\Windows\System\euBIVaN.exe
  C:\Windows\System\euBIVaN.exe
  2⤵
  PID:6872
- C:\Windows\System\DjZvZzL.exe
  C:\Windows\System\DjZvZzL.exe
  2⤵
  PID:7032
- C:\Windows\System\aROjnHq.exe
  C:\Windows\System\aROjnHq.exe
  2⤵
  PID:7096
- C:\Windows\System\WawpsEL.exe
  C:\Windows\System\WawpsEL.exe
  2⤵
  PID:7016
- C:\Windows\System\vgXWRBn.exe
  C:\Windows\System\vgXWRBn.exe
  2⤵
  PID:7080
- C:\Windows\System\sMSHMzy.exe
  C:\Windows\System\sMSHMzy.exe
  2⤵
  PID:7112
- C:\Windows\System\NDenWUg.exe
  C:\Windows\System\NDenWUg.exe
  2⤵
  PID:4576
- C:\Windows\System\gVIxKdx.exe
  C:\Windows\System\gVIxKdx.exe
  2⤵
  PID:5848
- C:\Windows\System\DDhNmkx.exe
  C:\Windows\System\DDhNmkx.exe
  2⤵
  PID:6356
- C:\Windows\System\VaUXPXP.exe
  C:\Windows\System\VaUXPXP.exe
  2⤵
  PID:6372
- C:\Windows\System\sxzjSIT.exe
  C:\Windows\System\sxzjSIT.exe
  2⤵
  PID:1664
- C:\Windows\System\XRfxLTb.exe
  C:\Windows\System\XRfxLTb.exe
  2⤵
  PID:2288
- C:\Windows\System\ebiPjTk.exe
  C:\Windows\System\ebiPjTk.exe
  2⤵
  PID:6888
- C:\Windows\System\LPpJYYs.exe
  C:\Windows\System\LPpJYYs.exe
  2⤵
  PID:2188
- C:\Windows\System\ddhCrAg.exe
  C:\Windows\System\ddhCrAg.exe
  2⤵
  PID:7184
- C:\Windows\System\aWAIDmh.exe
  C:\Windows\System\aWAIDmh.exe
  2⤵
  PID:7200
- C:\Windows\System\QJaPUSB.exe
  C:\Windows\System\QJaPUSB.exe
  2⤵
  PID:7216
- C:\Windows\System\sycEgub.exe
  C:\Windows\System\sycEgub.exe
  2⤵
  PID:7232
- C:\Windows\System\NJZLvrm.exe
  C:\Windows\System\NJZLvrm.exe
  2⤵
  PID:7248
- C:\Windows\System\WFpTrbP.exe
  C:\Windows\System\WFpTrbP.exe
  2⤵
  PID:7264
- C:\Windows\System\dCKrhDp.exe
  C:\Windows\System\dCKrhDp.exe
  2⤵
  PID:7280
- C:\Windows\System\LyrNNfk.exe
  C:\Windows\System\LyrNNfk.exe
  2⤵
  PID:7296
- C:\Windows\System\rPHDaYQ.exe
  C:\Windows\System\rPHDaYQ.exe
  2⤵
  PID:7312
- C:\Windows\System\vuikGsq.exe
  C:\Windows\System\vuikGsq.exe
  2⤵
  PID:7328
- C:\Windows\System\bqwtTwN.exe
  C:\Windows\System\bqwtTwN.exe
  2⤵
  PID:7344
- C:\Windows\System\zpSYbCN.exe
  C:\Windows\System\zpSYbCN.exe
  2⤵
  PID:7360
- C:\Windows\System\BYIFfqw.exe
  C:\Windows\System\BYIFfqw.exe
  2⤵
  PID:7376
- C:\Windows\System\lXVaoBY.exe
  C:\Windows\System\lXVaoBY.exe
  2⤵
  PID:7392
- C:\Windows\System\KvMcAlW.exe
  C:\Windows\System\KvMcAlW.exe
  2⤵
  PID:7408
- C:\Windows\System\bskvjvi.exe
  C:\Windows\System\bskvjvi.exe
  2⤵
  PID:7424
- C:\Windows\System\vFlEuQw.exe
  C:\Windows\System\vFlEuQw.exe
  2⤵
  PID:7440
- C:\Windows\System\vCeUIEN.exe
  C:\Windows\System\vCeUIEN.exe
  2⤵
  PID:7456
- C:\Windows\System\RkQhVtE.exe
  C:\Windows\System\RkQhVtE.exe
  2⤵
  PID:7472
- C:\Windows\System\JMhKOBq.exe
  C:\Windows\System\JMhKOBq.exe
  2⤵
  PID:7488
- C:\Windows\System\knWjCyA.exe
  C:\Windows\System\knWjCyA.exe
  2⤵
  PID:7504
- C:\Windows\System\vXzvauQ.exe
  C:\Windows\System\vXzvauQ.exe
  2⤵
  PID:7520
- C:\Windows\System\zCMWNRj.exe
  C:\Windows\System\zCMWNRj.exe
  2⤵
  PID:7536
- C:\Windows\System\KKJYdTL.exe
  C:\Windows\System\KKJYdTL.exe
  2⤵
  PID:7552
- C:\Windows\System\SrPDqYT.exe
  C:\Windows\System\SrPDqYT.exe
  2⤵
  PID:7568
- C:\Windows\System\SgWHsPe.exe
  C:\Windows\System\SgWHsPe.exe
  2⤵
  PID:7584
- C:\Windows\System\BTpGZjn.exe
  C:\Windows\System\BTpGZjn.exe
  2⤵
  PID:7600
- C:\Windows\System\DAaYNND.exe
  C:\Windows\System\DAaYNND.exe
  2⤵
  PID:7616
- C:\Windows\System\SeqQwug.exe
  C:\Windows\System\SeqQwug.exe
  2⤵
  PID:7632
- C:\Windows\System\pfUeiJR.exe
  C:\Windows\System\pfUeiJR.exe
  2⤵
  PID:7648
- C:\Windows\System\JHokRhr.exe
  C:\Windows\System\JHokRhr.exe
  2⤵
  PID:7664
- C:\Windows\System\rCdxUED.exe
  C:\Windows\System\rCdxUED.exe
  2⤵
  PID:7680
- C:\Windows\System\NDVEPXk.exe
  C:\Windows\System\NDVEPXk.exe
  2⤵
  PID:7696
- C:\Windows\System\kymzNix.exe
  C:\Windows\System\kymzNix.exe
  2⤵
  PID:7712
- C:\Windows\System\QVmMiEn.exe
  C:\Windows\System\QVmMiEn.exe
  2⤵
  PID:7728
- C:\Windows\System\AZRPTRm.exe
  C:\Windows\System\AZRPTRm.exe
  2⤵
  PID:7744
- C:\Windows\System\KdofTwu.exe
  C:\Windows\System\KdofTwu.exe
  2⤵
  PID:7760
- C:\Windows\System\PAWtGhT.exe
  C:\Windows\System\PAWtGhT.exe
  2⤵
  PID:7776
- C:\Windows\System\FWCYeZD.exe
  C:\Windows\System\FWCYeZD.exe
  2⤵
  PID:7792
- C:\Windows\System\yhxFohD.exe
  C:\Windows\System\yhxFohD.exe
  2⤵
  PID:7808
- C:\Windows\System\qEApmQn.exe
  C:\Windows\System\qEApmQn.exe
  2⤵
  PID:7824
- C:\Windows\System\RcuVIqc.exe
  C:\Windows\System\RcuVIqc.exe
  2⤵
  PID:7840
- C:\Windows\System\XvuROlv.exe
  C:\Windows\System\XvuROlv.exe
  2⤵
  PID:7856
- C:\Windows\System\OiWTwzG.exe
  C:\Windows\System\OiWTwzG.exe
  2⤵
  PID:7872
- C:\Windows\System\PUykNHf.exe
  C:\Windows\System\PUykNHf.exe
  2⤵
  PID:7888
- C:\Windows\System\miQFEcn.exe
  C:\Windows\System\miQFEcn.exe
  2⤵
  PID:7904
- C:\Windows\System\QcpzOxL.exe
  C:\Windows\System\QcpzOxL.exe
  2⤵
  PID:7920
- C:\Windows\System\bFtKkNG.exe
  C:\Windows\System\bFtKkNG.exe
  2⤵
  PID:7936
- C:\Windows\System\nmkaTDa.exe
  C:\Windows\System\nmkaTDa.exe
  2⤵
  PID:7952
- C:\Windows\System\pBjJzgL.exe
  C:\Windows\System\pBjJzgL.exe
  2⤵
  PID:7968
- C:\Windows\System\UcpjHDH.exe
  C:\Windows\System\UcpjHDH.exe
  2⤵
  PID:7984
- C:\Windows\System\DNgusDy.exe
  C:\Windows\System\DNgusDy.exe
  2⤵
  PID:8000
- C:\Windows\System\AHPrJIW.exe
  C:\Windows\System\AHPrJIW.exe
  2⤵
  PID:8016
- C:\Windows\System\jxNVtSU.exe
  C:\Windows\System\jxNVtSU.exe
  2⤵
  PID:8032
- C:\Windows\System\bUycwaV.exe
  C:\Windows\System\bUycwaV.exe
  2⤵
  PID:8048
- C:\Windows\System\mRvYsUi.exe
  C:\Windows\System\mRvYsUi.exe
  2⤵
  PID:8064
- C:\Windows\System\PqIRZTJ.exe
  C:\Windows\System\PqIRZTJ.exe
  2⤵
  PID:8080
- C:\Windows\System\ZtKrowj.exe
  C:\Windows\System\ZtKrowj.exe
  2⤵
  PID:8096
- C:\Windows\System\MWACUjJ.exe
  C:\Windows\System\MWACUjJ.exe
  2⤵
  PID:8116
- C:\Windows\System\cFgLyYK.exe
  C:\Windows\System\cFgLyYK.exe
  2⤵
  PID:8132
- C:\Windows\System\pkWhhRg.exe
  C:\Windows\System\pkWhhRg.exe
  2⤵
  PID:8148
- C:\Windows\System\paAXCkE.exe
  C:\Windows\System\paAXCkE.exe
  2⤵
  PID:8164
- C:\Windows\System\yjLNnYv.exe
  C:\Windows\System\yjLNnYv.exe
  2⤵
  PID:8180
- C:\Windows\System\rnQpndg.exe
  C:\Windows\System\rnQpndg.exe
  2⤵
  PID:6304
- C:\Windows\System\ZXxidVi.exe
  C:\Windows\System\ZXxidVi.exe
  2⤵
  PID:6884
- C:\Windows\System\Hkdlfvo.exe
  C:\Windows\System\Hkdlfvo.exe
  2⤵
  PID:7208
- C:\Windows\System\LqUtWDC.exe
  C:\Windows\System\LqUtWDC.exe
  2⤵
  PID:6504
- C:\Windows\System\IxomdOl.exe
  C:\Windows\System\IxomdOl.exe
  2⤵
  PID:6664
- C:\Windows\System\jFsOJVR.exe
  C:\Windows\System\jFsOJVR.exe
  2⤵
  PID:6724
- C:\Windows\System\uDRqZeu.exe
  C:\Windows\System\uDRqZeu.exe
  2⤵
  PID:2348
- C:\Windows\System\CYqRwee.exe
  C:\Windows\System\CYqRwee.exe
  2⤵
  PID:6500
- C:\Windows\System\JoATHSC.exe
  C:\Windows\System\JoATHSC.exe
  2⤵
  PID:7272
- C:\Windows\System\kcMWLBP.exe
  C:\Windows\System\kcMWLBP.exe
  2⤵
  PID:7336
- C:\Windows\System\czuacdc.exe
  C:\Windows\System\czuacdc.exe
  2⤵
  PID:7400
- C:\Windows\System\KVDGzgT.exe
  C:\Windows\System\KVDGzgT.exe
  2⤵
  PID:7464
- C:\Windows\System\PBUcOjI.exe
  C:\Windows\System\PBUcOjI.exe
  2⤵
  PID:7528
- C:\Windows\System\rvUCVHk.exe
  C:\Windows\System\rvUCVHk.exe
  2⤵
  PID:7592
- C:\Windows\System\cLkWrGJ.exe
  C:\Windows\System\cLkWrGJ.exe
  2⤵
  PID:7256
- C:\Windows\System\QpoMKMS.exe
  C:\Windows\System\QpoMKMS.exe
  2⤵
  PID:5320
- C:\Windows\System\ASspZLq.exe
  C:\Windows\System\ASspZLq.exe
  2⤵
  PID:7260
- C:\Windows\System\OTUbAik.exe
  C:\Windows\System\OTUbAik.exe
  2⤵
  PID:7288
- C:\Windows\System\JEENXaX.exe
  C:\Windows\System\JEENXaX.exe
  2⤵
  PID:7324
- C:\Windows\System\XDJgljc.exe
  C:\Windows\System\XDJgljc.exe
  2⤵
  PID:7416
- C:\Windows\System\TxrlQIg.exe
  C:\Windows\System\TxrlQIg.exe
  2⤵
  PID:7608
- C:\Windows\System\ZxjQxbZ.exe
  C:\Windows\System\ZxjQxbZ.exe
  2⤵
  PID:7452
- C:\Windows\System\fsnYLcK.exe
  C:\Windows\System\fsnYLcK.exe
  2⤵
  PID:7516
- C:\Windows\System\GGnGhvW.exe
  C:\Windows\System\GGnGhvW.exe
  2⤵
  PID:7612
- C:\Windows\System\uEskXOF.exe
  C:\Windows\System\uEskXOF.exe
  2⤵
  PID:7672
- C:\Windows\System\pEqgTUu.exe
  C:\Windows\System\pEqgTUu.exe
  2⤵
  PID:7752
- C:\Windows\System\iMVnnLB.exe
  C:\Windows\System\iMVnnLB.exe
  2⤵
  PID:7816
- C:\Windows\System\hVIwIGT.exe
  C:\Windows\System\hVIwIGT.exe
  2⤵
  PID:7852
- C:\Windows\System\VmPiWKz.exe
  C:\Windows\System\VmPiWKz.exe
  2⤵
  PID:7884
- C:\Windows\System\RLEOKKM.exe
  C:\Windows\System\RLEOKKM.exe
  2⤵
  PID:7864
- C:\Windows\System\cVLLLYp.exe
  C:\Windows\System\cVLLLYp.exe
  2⤵
  PID:7836
- C:\Windows\System\LcEzVEa.exe
  C:\Windows\System\LcEzVEa.exe
  2⤵
  PID:7928
- C:\Windows\System\HFkuTlo.exe
  C:\Windows\System\HFkuTlo.exe
  2⤵
  PID:6208
- C:\Windows\System\hUUdtcX.exe
  C:\Windows\System\hUUdtcX.exe
  2⤵
  PID:7980
- C:\Windows\System\EGyMwmo.exe
  C:\Windows\System\EGyMwmo.exe
  2⤵
  PID:7996
- C:\Windows\System\ULNKqPD.exe
  C:\Windows\System\ULNKqPD.exe
  2⤵
  PID:8060
- C:\Windows\System\OOQesFv.exe
  C:\Windows\System\OOQesFv.exe
  2⤵
  PID:8104
- C:\Windows\System\AYLFGmD.exe
  C:\Windows\System\AYLFGmD.exe
  2⤵
  PID:8108
- C:\Windows\System\GaBdcoW.exe
  C:\Windows\System\GaBdcoW.exe
  2⤵
  PID:8176
- C:\Windows\System\hHzweYB.exe
  C:\Windows\System\hHzweYB.exe
  2⤵
  PID:2320
- C:\Windows\System\hUoylic.exe
  C:\Windows\System\hUoylic.exe
  2⤵
  PID:8160
- C:\Windows\System\xSnuUaN.exe
  C:\Windows\System\xSnuUaN.exe
  2⤵
  PID:6376
- C:\Windows\System\ftGxesz.exe
  C:\Windows\System\ftGxesz.exe
  2⤵
  PID:5404
- C:\Windows\System\qRnPyRx.exe
  C:\Windows\System\qRnPyRx.exe
  2⤵
  PID:7308
- C:\Windows\System\ZxYGQxr.exe
  C:\Windows\System\ZxYGQxr.exe
  2⤵
  PID:7564
- C:\Windows\System\KxARefr.exe
  C:\Windows\System\KxARefr.exe
  2⤵
  PID:7244
- C:\Windows\System\WzhdZDD.exe
  C:\Windows\System\WzhdZDD.exe
  2⤵
  PID:7368
- C:\Windows\System\fcTbKqG.exe
  C:\Windows\System\fcTbKqG.exe
  2⤵
  PID:7628
- C:\Windows\System\TPMmelC.exe
  C:\Windows\System\TPMmelC.exe
  2⤵
  PID:7660
- C:\Windows\System\VzWXKwO.exe
  C:\Windows\System\VzWXKwO.exe
  2⤵
  PID:7708
- C:\Windows\System\IJPWgoB.exe
  C:\Windows\System\IJPWgoB.exe
  2⤵
  PID:7448
- C:\Windows\System\kfHZxXF.exe
  C:\Windows\System\kfHZxXF.exe
  2⤵
  PID:7512
- C:\Windows\System\yktxqFU.exe
  C:\Windows\System\yktxqFU.exe
  2⤵
  PID:7640
- C:\Windows\System\lBZjZpt.exe
  C:\Windows\System\lBZjZpt.exe
  2⤵
  PID:7788
- C:\Windows\System\XwxTbIm.exe
  C:\Windows\System\XwxTbIm.exe
  2⤵
  PID:7740
- C:\Windows\System\GEmLJIh.exe
  C:\Windows\System\GEmLJIh.exe
  2⤵
  PID:7964
- C:\Windows\System\ATcYQte.exe
  C:\Windows\System\ATcYQte.exe
  2⤵
  PID:7896
- C:\Windows\System\EMcBcVj.exe
  C:\Windows\System\EMcBcVj.exe
  2⤵
  PID:8012
- C:\Windows\System\RhmNEFM.exe
  C:\Windows\System\RhmNEFM.exe
  2⤵
  PID:8028
- C:\Windows\System\fXGNrZG.exe
  C:\Windows\System\fXGNrZG.exe
  2⤵
  PID:8188
- C:\Windows\System\abKsUVY.exe
  C:\Windows\System\abKsUVY.exe
  2⤵
  PID:8156
- C:\Windows\System\OHaDiEU.exe
  C:\Windows\System\OHaDiEU.exe
  2⤵
  PID:7304
- C:\Windows\System\xMwzJlC.exe
  C:\Windows\System\xMwzJlC.exe
  2⤵
  PID:6900
- C:\Windows\System\JaioWGd.exe
  C:\Windows\System\JaioWGd.exe
  2⤵
  PID:7388
- C:\Windows\System\KBfsqGG.exe
  C:\Windows\System\KBfsqGG.exe
  2⤵
  PID:7736
- C:\Windows\System\QasgnZa.exe
  C:\Windows\System\QasgnZa.exe
  2⤵
  PID:7704
- C:\Windows\System\BJkHBGr.exe
  C:\Windows\System\BJkHBGr.exe
  2⤵
  PID:7644
- C:\Windows\System\IwkOIEp.exe
  C:\Windows\System\IwkOIEp.exe
  2⤵
  PID:7832
- C:\Windows\System\EbJxdRW.exe
  C:\Windows\System\EbJxdRW.exe
  2⤵
  PID:7948
- C:\Windows\System\lkXXBUU.exe
  C:\Windows\System\lkXXBUU.exe
  2⤵
  PID:8144
- C:\Windows\System\rEvYYZZ.exe
  C:\Windows\System\rEvYYZZ.exe
  2⤵
  PID:6256
- C:\Windows\System\yNrsUCu.exe
  C:\Windows\System\yNrsUCu.exe
  2⤵
  PID:7192
- C:\Windows\System\uDQfhlV.exe
  C:\Windows\System\uDQfhlV.exe
  2⤵
  PID:7580
- C:\Windows\System\gzJHHps.exe
  C:\Windows\System\gzJHHps.exe
  2⤵
  PID:7240
- C:\Windows\System\aUDoLDU.exe
  C:\Windows\System\aUDoLDU.exe
  2⤵
  PID:7228
- C:\Windows\System\oGUhHDy.exe
  C:\Windows\System\oGUhHDy.exe
  2⤵
  PID:6772
- C:\Windows\System\aTjlruG.exe
  C:\Windows\System\aTjlruG.exe
  2⤵
  PID:7784
- C:\Windows\System\cZQTAvv.exe
  C:\Windows\System\cZQTAvv.exe
  2⤵
  PID:7932
- C:\Windows\System\BhnxeKk.exe
  C:\Windows\System\BhnxeKk.exe
  2⤵
  PID:6628
- C:\Windows\System\GahBVAB.exe
  C:\Windows\System\GahBVAB.exe
  2⤵
  PID:8204
- C:\Windows\System\PGnRfHf.exe
  C:\Windows\System\PGnRfHf.exe
  2⤵
  PID:8220
- C:\Windows\System\PWdVwDx.exe
  C:\Windows\System\PWdVwDx.exe
  2⤵
  PID:8236
- C:\Windows\System\ChLKHNx.exe
  C:\Windows\System\ChLKHNx.exe
  2⤵
  PID:8252
- C:\Windows\System\EfWlhOt.exe
  C:\Windows\System\EfWlhOt.exe
  2⤵
  PID:8268
- C:\Windows\System\VhmUZxG.exe
  C:\Windows\System\VhmUZxG.exe
  2⤵
  PID:8284
- C:\Windows\System\LfKjeqS.exe
  C:\Windows\System\LfKjeqS.exe
  2⤵
  PID:8300
- C:\Windows\System\mqqToWx.exe
  C:\Windows\System\mqqToWx.exe
  2⤵
  PID:8316
- C:\Windows\System\Sqsvcmk.exe
  C:\Windows\System\Sqsvcmk.exe
  2⤵
  PID:8332
- C:\Windows\System\ofuHpVA.exe
  C:\Windows\System\ofuHpVA.exe
  2⤵
  PID:8348
- C:\Windows\System\TOIQfwb.exe
  C:\Windows\System\TOIQfwb.exe
  2⤵
  PID:8368
- C:\Windows\System\TIxYVlP.exe
  C:\Windows\System\TIxYVlP.exe
  2⤵
  PID:8384
- C:\Windows\System\XsmlOEF.exe
  C:\Windows\System\XsmlOEF.exe
  2⤵
  PID:8400
- C:\Windows\System\QgBFgND.exe
  C:\Windows\System\QgBFgND.exe
  2⤵
  PID:8420
- C:\Windows\System\AkOFaLM.exe
  C:\Windows\System\AkOFaLM.exe
  2⤵
  PID:8436
- C:\Windows\System\IQtqomN.exe
  C:\Windows\System\IQtqomN.exe
  2⤵
  PID:8452
- C:\Windows\System\JtZGXtD.exe
  C:\Windows\System\JtZGXtD.exe
  2⤵
  PID:8468
- C:\Windows\System\oeprGdm.exe
  C:\Windows\System\oeprGdm.exe
  2⤵
  PID:8484
- C:\Windows\System\aybcfsj.exe
  C:\Windows\System\aybcfsj.exe
  2⤵
  PID:8500
- C:\Windows\System\rOnGysC.exe
  C:\Windows\System\rOnGysC.exe
  2⤵
  PID:8516
- C:\Windows\System\fWLeCes.exe
  C:\Windows\System\fWLeCes.exe
  2⤵
  PID:8532
- C:\Windows\System\ruLciag.exe
  C:\Windows\System\ruLciag.exe
  2⤵
  PID:8548
- C:\Windows\System\jnXXSWL.exe
  C:\Windows\System\jnXXSWL.exe
  2⤵
  PID:8564
- C:\Windows\System\XxblvCm.exe
  C:\Windows\System\XxblvCm.exe
  2⤵
  PID:8580
- C:\Windows\System\WsNtMlb.exe
  C:\Windows\System\WsNtMlb.exe
  2⤵
  PID:8596
- C:\Windows\System\XdSipfh.exe
  C:\Windows\System\XdSipfh.exe
  2⤵
  PID:8612
- C:\Windows\System\OVFHXUE.exe
  C:\Windows\System\OVFHXUE.exe
  2⤵
  PID:8628
- C:\Windows\System\sqoaTXB.exe
  C:\Windows\System\sqoaTXB.exe
  2⤵
  PID:8648
- C:\Windows\System\KpsrhEg.exe
  C:\Windows\System\KpsrhEg.exe
  2⤵
  PID:8664
- C:\Windows\System\REXBipe.exe
  C:\Windows\System\REXBipe.exe
  2⤵
  PID:8680
- C:\Windows\System\BxXDVld.exe
  C:\Windows\System\BxXDVld.exe
  2⤵
  PID:8696
- C:\Windows\System\QlhTKxk.exe
  C:\Windows\System\QlhTKxk.exe
  2⤵
  PID:8712
- C:\Windows\System\HbCwxSN.exe
  C:\Windows\System\HbCwxSN.exe
  2⤵
  PID:8728
- C:\Windows\System\duzvcAw.exe
  C:\Windows\System\duzvcAw.exe
  2⤵
  PID:8744
- C:\Windows\System\lVvadaw.exe
  C:\Windows\System\lVvadaw.exe
  2⤵
  PID:8760
- C:\Windows\System\zMZLoWD.exe
  C:\Windows\System\zMZLoWD.exe
  2⤵
  PID:8776
- C:\Windows\System\ZgZCPwx.exe
  C:\Windows\System\ZgZCPwx.exe
  2⤵
  PID:8792
- C:\Windows\System\GBTJVEy.exe
  C:\Windows\System\GBTJVEy.exe
  2⤵
  PID:8808
- C:\Windows\System\LLRsfdT.exe
  C:\Windows\System\LLRsfdT.exe
  2⤵
  PID:8824
- C:\Windows\System\IGQEMtS.exe
  C:\Windows\System\IGQEMtS.exe
  2⤵
  PID:8844
- C:\Windows\System\GYzGNlR.exe
  C:\Windows\System\GYzGNlR.exe
  2⤵
  PID:8860
- C:\Windows\System\rrXOgSg.exe
  C:\Windows\System\rrXOgSg.exe
  2⤵
  PID:8876
- C:\Windows\System\GSAlGXa.exe
  C:\Windows\System\GSAlGXa.exe
  2⤵
  PID:8892
- C:\Windows\System\KgHASDs.exe
  C:\Windows\System\KgHASDs.exe
  2⤵
  PID:8908
- C:\Windows\System\lRsXanR.exe
  C:\Windows\System\lRsXanR.exe
  2⤵
  PID:8924
- C:\Windows\System\RgkZfld.exe
  C:\Windows\System\RgkZfld.exe
  2⤵
  PID:8940
- C:\Windows\System\IdzeqcU.exe
  C:\Windows\System\IdzeqcU.exe
  2⤵
  PID:8956
- C:\Windows\System\OkEehRy.exe
  C:\Windows\System\OkEehRy.exe
  2⤵
  PID:8972
- C:\Windows\System\JdlozyG.exe
  C:\Windows\System\JdlozyG.exe
  2⤵
  PID:8988
- C:\Windows\System\yAkyRed.exe
  C:\Windows\System\yAkyRed.exe
  2⤵
  PID:9004
- C:\Windows\System\MnJxRlG.exe
  C:\Windows\System\MnJxRlG.exe
  2⤵
  PID:9020
- C:\Windows\System\ercOyid.exe
  C:\Windows\System\ercOyid.exe
  2⤵
  PID:9036
- C:\Windows\System\bxUWqkh.exe
  C:\Windows\System\bxUWqkh.exe
  2⤵
  PID:9052
- C:\Windows\System\cJXsPMu.exe
  C:\Windows\System\cJXsPMu.exe
  2⤵
  PID:9068
- C:\Windows\System\ICoXfZS.exe
  C:\Windows\System\ICoXfZS.exe
  2⤵
  PID:9084
- C:\Windows\System\rZRMSLa.exe
  C:\Windows\System\rZRMSLa.exe
  2⤵
  PID:9100
- C:\Windows\System\fdhjvDx.exe
  C:\Windows\System\fdhjvDx.exe
  2⤵
  PID:9116
- C:\Windows\System\kBwaIkx.exe
  C:\Windows\System\kBwaIkx.exe
  2⤵
  PID:9132
- C:\Windows\System\OTozshZ.exe
  C:\Windows\System\OTozshZ.exe
  2⤵
  PID:9148
- C:\Windows\System\fUdgxXA.exe
  C:\Windows\System\fUdgxXA.exe
  2⤵
  PID:9164
- C:\Windows\System\sNUWual.exe
  C:\Windows\System\sNUWual.exe
  2⤵
  PID:9180
- C:\Windows\System\ueiPmPP.exe
  C:\Windows\System\ueiPmPP.exe
  2⤵
  PID:9196
- C:\Windows\System\pMNNqHR.exe
  C:\Windows\System\pMNNqHR.exe
  2⤵
  PID:9212
- C:\Windows\System\EUEaFWQ.exe
  C:\Windows\System\EUEaFWQ.exe
  2⤵
  PID:8216
- C:\Windows\System\nrPaSrz.exe
  C:\Windows\System\nrPaSrz.exe
  2⤵
  PID:8200
- C:\Windows\System\VUtQRGt.exe
  C:\Windows\System\VUtQRGt.exe
  2⤵
  PID:8264
- C:\Windows\System\ucWOnEj.exe
  C:\Windows\System\ucWOnEj.exe
  2⤵
  PID:8312
- C:\Windows\System\XqnTCSK.exe
  C:\Windows\System\XqnTCSK.exe
  2⤵
  PID:8296
- C:\Windows\System\bsVFNwQ.exe
  C:\Windows\System\bsVFNwQ.exe
  2⤵
  PID:8396
- C:\Windows\System\LNztHPb.exe
  C:\Windows\System\LNztHPb.exe
  2⤵
  PID:8376
- C:\Windows\System\dtSWhyF.exe
  C:\Windows\System\dtSWhyF.exe
  2⤵
  PID:8460
- C:\Windows\System\qLxhSTJ.exe
  C:\Windows\System\qLxhSTJ.exe
  2⤵
  PID:8524
- C:\Windows\System\eWyAkYh.exe
  C:\Windows\System\eWyAkYh.exe
  2⤵
  PID:8588
- C:\Windows\System\QcfFQvR.exe
  C:\Windows\System\QcfFQvR.exe
  2⤵
  PID:8656
- C:\Windows\System\GytTMkI.exe
  C:\Windows\System\GytTMkI.exe
  2⤵
  PID:8544
- C:\Windows\System\Lraegsx.exe
  C:\Windows\System\Lraegsx.exe
  2⤵
  PID:8416
- C:\Windows\System\EZjEZiI.exe
  C:\Windows\System\EZjEZiI.exe
  2⤵
  PID:8476
- C:\Windows\System\OFUdUpW.exe
  C:\Windows\System\OFUdUpW.exe
  2⤵
  PID:8576
- C:\Windows\System\AYiEpLr.exe
  C:\Windows\System\AYiEpLr.exe
  2⤵
  PID:8704
- C:\Windows\System\LhCVGsD.exe
  C:\Windows\System\LhCVGsD.exe
  2⤵
  PID:8688
- C:\Windows\System\fWDiHPw.exe
  C:\Windows\System\fWDiHPw.exe
  2⤵
  PID:8752
- C:\Windows\System\wwSdBNh.exe
  C:\Windows\System\wwSdBNh.exe
  2⤵
  PID:7900
- C:\Windows\System\WZAWpgI.exe
  C:\Windows\System\WZAWpgI.exe
  2⤵
  PID:8800
- C:\Windows\System\mdVpRrY.exe
  C:\Windows\System\mdVpRrY.exe
  2⤵
  PID:8832
- C:\Windows\System\nfMBbYj.exe
  C:\Windows\System\nfMBbYj.exe
  2⤵
  PID:8916
- C:\Windows\System\dFUoLUz.exe
  C:\Windows\System\dFUoLUz.exe
  2⤵
  PID:8884
- C:\Windows\System\ZeAftcf.exe
  C:\Windows\System\ZeAftcf.exe
  2⤵
  PID:9012
- C:\Windows\System\eOJGxED.exe
  C:\Windows\System\eOJGxED.exe
  2⤵
  PID:9076
- C:\Windows\System\KUIKcYU.exe
  C:\Windows\System\KUIKcYU.exe
  2⤵
  PID:8868
- C:\Windows\System\qfHslrE.exe
  C:\Windows\System\qfHslrE.exe
  2⤵
  PID:9176
- C:\Windows\System\diSmWig.exe
  C:\Windows\System\diSmWig.exe
  2⤵
  PID:8196
- C:\Windows\System\auWwSQW.exe
  C:\Windows\System\auWwSQW.exe
  2⤵
  PID:8392
- C:\Windows\System\BicOVqJ.exe
  C:\Windows\System\BicOVqJ.exe
  2⤵
  PID:8872
- C:\Windows\System\tiUlOPN.exe
  C:\Windows\System\tiUlOPN.exe
  2⤵
  PID:8412
- C:\Windows\System\RVDmOZr.exe
  C:\Windows\System\RVDmOZr.exe
  2⤵
  PID:8444
- C:\Windows\System\tlwsLOW.exe
  C:\Windows\System\tlwsLOW.exe
  2⤵
  PID:8968
- C:\Windows\System\jmGFNPC.exe
  C:\Windows\System\jmGFNPC.exe
  2⤵
  PID:9000
- C:\Windows\System\mapYqXK.exe
  C:\Windows\System\mapYqXK.exe
  2⤵
  PID:9064
- C:\Windows\System\gRzkkee.exe
  C:\Windows\System\gRzkkee.exe
  2⤵
  PID:9124
- C:\Windows\System\rvjJWGr.exe
  C:\Windows\System\rvjJWGr.exe
  2⤵
  PID:9188
- C:\Windows\System\FPuSZHK.exe
  C:\Windows\System\FPuSZHK.exe
  2⤵
  PID:8232
- C:\Windows\System\KTCOmly.exe
  C:\Windows\System\KTCOmly.exe
  2⤵
  PID:8496
- C:\Windows\System\kgdZIGY.exe
  C:\Windows\System\kgdZIGY.exe
  2⤵
  PID:8448
- C:\Windows\System\HdWHuiK.exe
  C:\Windows\System\HdWHuiK.exe
  2⤵
  PID:8720
- C:\Windows\System\BAFtubX.exe
  C:\Windows\System\BAFtubX.exe
  2⤵
  PID:8856
- C:\Windows\System\EhOvgaT.exe
  C:\Windows\System\EhOvgaT.exe
  2⤵
  PID:8984
- C:\Windows\System\fDTPNQy.exe
  C:\Windows\System\fDTPNQy.exe
  2⤵
  PID:9112
- C:\Windows\System\TsFoncD.exe
  C:\Windows\System\TsFoncD.exe
  2⤵
  PID:8248
- C:\Windows\System\MFMItlU.exe
  C:\Windows\System\MFMItlU.exe
  2⤵
  PID:8328
- C:\Windows\System\cGEbgOi.exe
  C:\Windows\System\cGEbgOi.exe
  2⤵
  PID:9156
- C:\Windows\System\hXWCjee.exe
  C:\Windows\System\hXWCjee.exe
  2⤵
  PID:8636
- C:\Windows\System\uKTfooO.exe
  C:\Windows\System\uKTfooO.exe
  2⤵
  PID:8344
- C:\Windows\System\JESxqju.exe
  C:\Windows\System\JESxqju.exe
  2⤵
  PID:8492
- C:\Windows\System\RlMmwCU.exe
  C:\Windows\System\RlMmwCU.exe
  2⤵
  PID:8852
- C:\Windows\System\PNDwApo.exe
  C:\Windows\System\PNDwApo.exe
  2⤵
  PID:8952
- C:\Windows\System\okEVglP.exe
  C:\Windows\System\okEVglP.exe
  2⤵
  PID:9144
- C:\Windows\System\tvPoQcC.exe
  C:\Windows\System\tvPoQcC.exe
  2⤵
  PID:8996
- C:\Windows\System\AqKUrip.exe
  C:\Windows\System\AqKUrip.exe
  2⤵
  PID:8840
- C:\Windows\System\fFldPMn.exe
  C:\Windows\System\fFldPMn.exe
  2⤵
  PID:9208
- C:\Windows\System\FZenQVw.exe
  C:\Windows\System\FZenQVw.exe
  2⤵
  PID:8964
- C:\Windows\System\EGZzEzY.exe
  C:\Windows\System\EGZzEzY.exe
  2⤵
  PID:9096
- C:\Windows\System\JMKYKam.exe
  C:\Windows\System\JMKYKam.exe
  2⤵
  PID:9220
- C:\Windows\System\jVzBtoQ.exe
  C:\Windows\System\jVzBtoQ.exe
  2⤵
  PID:9236
- C:\Windows\System\xUMbttf.exe
  C:\Windows\System\xUMbttf.exe
  2⤵
  PID:9252
- C:\Windows\System\CdvWCpm.exe
  C:\Windows\System\CdvWCpm.exe
  2⤵
  PID:9268
- C:\Windows\System\aYYJTpT.exe
  C:\Windows\System\aYYJTpT.exe
  2⤵
  PID:9284
- C:\Windows\System\faYoCqK.exe
  C:\Windows\System\faYoCqK.exe
  2⤵
  PID:9300
- C:\Windows\System\KZUydqU.exe
  C:\Windows\System\KZUydqU.exe
  2⤵
  PID:9316
- C:\Windows\System\xXCvqyY.exe
  C:\Windows\System\xXCvqyY.exe
  2⤵
  PID:9336
- C:\Windows\System\MQKCzhs.exe
  C:\Windows\System\MQKCzhs.exe
  2⤵
  PID:9352
- C:\Windows\System\HbqBGsi.exe
  C:\Windows\System\HbqBGsi.exe
  2⤵
  PID:9368
- C:\Windows\System\VLAlTti.exe
  C:\Windows\System\VLAlTti.exe
  2⤵
  PID:9388
- C:\Windows\System\YkQQxWj.exe
  C:\Windows\System\YkQQxWj.exe
  2⤵
  PID:9412
- C:\Windows\System\VsQCYzj.exe
  C:\Windows\System\VsQCYzj.exe
  2⤵
  PID:9428
- C:\Windows\System\ymPmjQg.exe
  C:\Windows\System\ymPmjQg.exe
  2⤵
  PID:9444
- C:\Windows\System\wBqqfUO.exe
  C:\Windows\System\wBqqfUO.exe
  2⤵
  PID:9464
- C:\Windows\System\lFxqLKp.exe
  C:\Windows\System\lFxqLKp.exe
  2⤵
  PID:9488
- C:\Windows\System\OGENOBq.exe
  C:\Windows\System\OGENOBq.exe
  2⤵
  PID:9508
- C:\Windows\System\IfuAmnH.exe
  C:\Windows\System\IfuAmnH.exe
  2⤵
  PID:9528
- C:\Windows\System\cOdUehJ.exe
  C:\Windows\System\cOdUehJ.exe
  2⤵
  PID:9544
- C:\Windows\System\ywbmgLd.exe
  C:\Windows\System\ywbmgLd.exe
  2⤵
  PID:9560
- C:\Windows\System\dGdtrfs.exe
  C:\Windows\System\dGdtrfs.exe
  2⤵
  PID:9576
- C:\Windows\System\PcvYZDx.exe
  C:\Windows\System\PcvYZDx.exe
  2⤵
  PID:9592
- C:\Windows\System\greBjOq.exe
  C:\Windows\System\greBjOq.exe
  2⤵
  PID:9608
- C:\Windows\System\RveHdwI.exe
  C:\Windows\System\RveHdwI.exe
  2⤵
  PID:9624
- C:\Windows\System\mMqTRRe.exe
  C:\Windows\System\mMqTRRe.exe
  2⤵
  PID:9640
- C:\Windows\System\LHNXEru.exe
  C:\Windows\System\LHNXEru.exe
  2⤵
  PID:9656
- C:\Windows\System\CLZkrUV.exe
  C:\Windows\System\CLZkrUV.exe
  2⤵
  PID:9676
- C:\Windows\System\GycSLZf.exe
  C:\Windows\System\GycSLZf.exe
  2⤵
  PID:9692
- C:\Windows\System\bUOkeRO.exe
  C:\Windows\System\bUOkeRO.exe
  2⤵
  PID:9708
- C:\Windows\System\YEDiqfd.exe
  C:\Windows\System\YEDiqfd.exe
  2⤵
  PID:9724
- C:\Windows\System\zUVDsaF.exe
  C:\Windows\System\zUVDsaF.exe
  2⤵
  PID:9740
- C:\Windows\System\bRsxmgc.exe
  C:\Windows\System\bRsxmgc.exe
  2⤵
  PID:9756
- C:\Windows\System\knXhSjg.exe
  C:\Windows\System\knXhSjg.exe
  2⤵
  PID:9772
- C:\Windows\System\DNSAJvR.exe
  C:\Windows\System\DNSAJvR.exe
  2⤵
  PID:9788
- C:\Windows\System\kieybaG.exe
  C:\Windows\System\kieybaG.exe
  2⤵
  PID:9804
- C:\Windows\System\jyrftVm.exe
  C:\Windows\System\jyrftVm.exe
  2⤵
  PID:9820
- C:\Windows\System\lQeWACP.exe
  C:\Windows\System\lQeWACP.exe
  2⤵
  PID:9836
- C:\Windows\System\slEZhun.exe
  C:\Windows\System\slEZhun.exe
  2⤵
  PID:9852
- C:\Windows\System\zHuThQy.exe
  C:\Windows\System\zHuThQy.exe
  2⤵
  PID:9868
- C:\Windows\System\LowXQZr.exe
  C:\Windows\System\LowXQZr.exe
  2⤵
  PID:9884
- C:\Windows\System\QsavFWC.exe
  C:\Windows\System\QsavFWC.exe
  2⤵
  PID:9900
- C:\Windows\System\YfCIgHW.exe
  C:\Windows\System\YfCIgHW.exe
  2⤵
  PID:9916
- C:\Windows\System\qmLcaXn.exe
  C:\Windows\System\qmLcaXn.exe
  2⤵
  PID:9932
- C:\Windows\System\MnmoMrI.exe
  C:\Windows\System\MnmoMrI.exe
  2⤵
  PID:9948
- C:\Windows\System\yoGrikZ.exe
  C:\Windows\System\yoGrikZ.exe
  2⤵
  PID:9964
- C:\Windows\System\KZWvWxZ.exe
  C:\Windows\System\KZWvWxZ.exe
  2⤵
  PID:9984
- C:\Windows\System\dSPdPzU.exe
  C:\Windows\System\dSPdPzU.exe
  2⤵
  PID:10000
- C:\Windows\System\pLAGySt.exe
  C:\Windows\System\pLAGySt.exe
  2⤵
  PID:10016
- C:\Windows\System\XEQTxqH.exe
  C:\Windows\System\XEQTxqH.exe
  2⤵
  PID:10032
- C:\Windows\System\qFhHVpw.exe
  C:\Windows\System\qFhHVpw.exe
  2⤵
  PID:10048
- C:\Windows\System\kyIoJNx.exe
  C:\Windows\System\kyIoJNx.exe
  2⤵
  PID:10064
- C:\Windows\System\OXsjwut.exe
  C:\Windows\System\OXsjwut.exe
  2⤵
  PID:10080
- C:\Windows\System\vatGQYy.exe
  C:\Windows\System\vatGQYy.exe
  2⤵
  PID:10096
- C:\Windows\System\LZZKPKP.exe
  C:\Windows\System\LZZKPKP.exe
  2⤵
  PID:10112
- C:\Windows\System\JhZzHYk.exe
  C:\Windows\System\JhZzHYk.exe
  2⤵
  PID:10128
- C:\Windows\System\FaIGTit.exe
  C:\Windows\System\FaIGTit.exe
  2⤵
  PID:10144
- C:\Windows\System\WgopDiR.exe
  C:\Windows\System\WgopDiR.exe
  2⤵
  PID:10160
- C:\Windows\System\QdTmeAD.exe
  C:\Windows\System\QdTmeAD.exe
  2⤵
  PID:10176
- C:\Windows\System\lgushQX.exe
  C:\Windows\System\lgushQX.exe
  2⤵
  PID:10192
- C:\Windows\System\laRtvLw.exe
  C:\Windows\System\laRtvLw.exe
  2⤵
  PID:10208
- C:\Windows\System\gfDUhRP.exe
  C:\Windows\System\gfDUhRP.exe
  2⤵
  PID:10224
- C:\Windows\System\WDcTBAz.exe
  C:\Windows\System\WDcTBAz.exe
  2⤵
  PID:8624
- C:\Windows\System\liWBzzz.exe
  C:\Windows\System\liWBzzz.exe
  2⤵
  PID:9228
- C:\Windows\System\hqWjQQZ.exe
  C:\Windows\System\hqWjQQZ.exe
  2⤵
  PID:9292
- C:\Windows\System\YcMkFkU.exe
  C:\Windows\System\YcMkFkU.exe
  2⤵
  PID:9048
- C:\Windows\System\dVNeDDH.exe
  C:\Windows\System\dVNeDDH.exe
  2⤵
  PID:9244
- C:\Windows\System\DIJMXQp.exe
  C:\Windows\System\DIJMXQp.exe
  2⤵
  PID:8936
- C:\Windows\System\KPWFCDU.exe
  C:\Windows\System\KPWFCDU.exe
  2⤵
  PID:9312
- C:\Windows\System\SWWDudP.exe
  C:\Windows\System\SWWDudP.exe
  2⤵
  PID:9360
- C:\Windows\System\gHQoBiu.exe
  C:\Windows\System\gHQoBiu.exe
  2⤵
  PID:9380
- C:\Windows\System\FwwdkNy.exe
  C:\Windows\System\FwwdkNy.exe
  2⤵
  PID:9404
- C:\Windows\System\kgKqAIc.exe
  C:\Windows\System\kgKqAIc.exe
  2⤵
  PID:9420
- C:\Windows\System\lZjOKrY.exe
  C:\Windows\System\lZjOKrY.exe
  2⤵
  PID:9460
- C:\Windows\System\unZuyhi.exe
  C:\Windows\System\unZuyhi.exe
  2⤵
  PID:9456
- C:\Windows\System\bkGQCVh.exe
  C:\Windows\System\bkGQCVh.exe
  2⤵
  PID:9504
- C:\Windows\System\DdudZbv.exe
  C:\Windows\System\DdudZbv.exe
  2⤵
  PID:9540
- C:\Windows\System\TTzDOYm.exe
  C:\Windows\System\TTzDOYm.exe
  2⤵
  PID:9568
- C:\Windows\System\QDJiHku.exe
  C:\Windows\System\QDJiHku.exe
  2⤵
  PID:9620
- C:\Windows\System\ZAfJlMk.exe
  C:\Windows\System\ZAfJlMk.exe
  2⤵
  PID:9604
- C:\Windows\System\NwFYLbA.exe
  C:\Windows\System\NwFYLbA.exe
  2⤵
  PID:9688
- C:\Windows\System\vGLYRnJ.exe
  C:\Windows\System\vGLYRnJ.exe
  2⤵
  PID:9700
- C:\Windows\System\AORgbOz.exe
  C:\Windows\System\AORgbOz.exe
  2⤵
  PID:9748
- C:\Windows\System\FdlyFoN.exe
  C:\Windows\System\FdlyFoN.exe
  2⤵
  PID:9812
- C:\Windows\System\PcfSIYm.exe
  C:\Windows\System\PcfSIYm.exe
  2⤵
  PID:9876
- C:\Windows\System\oHqaMuV.exe
  C:\Windows\System\oHqaMuV.exe
  2⤵
  PID:9940
- C:\Windows\System\HvlVQeW.exe
  C:\Windows\System\HvlVQeW.exe
  2⤵
  PID:10008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ASBspUT.exe

Filesize
6.0MB

MD5
77a52f0122ff91579edb25b3513c9988

SHA1
7fe619199f15f4cc3c8df753160f641114eef9d6

SHA256
b8701bab323878a4f9b6d60c0046a986d4ffaafa8828eb166fa34bd4b9614573

SHA512
4f6f3ecc6183d2a495d073de58de8a9a8e5a3a6dc5cf2f7bf3a968e61d681184a0d8be35a2900957ca825b58801e5574177060ed8db47dcc55b8917f778c875c

Download Submit
C:\Windows\system\BRKteuu.exe

Filesize
6.0MB

MD5
6a19024ae945881cf7f75e44b0833637

SHA1
db0b2202a2df3032747a3324ad52d62867c5cfba

SHA256
ba97f388715d332e115390b3463acd17eff788c4946c1b63e13d454e6b7bd7c1

SHA512
773a65f3354fd24235d1f318bb99a941dfc6ab3616134c7c67c70737c53aa97e16d10b2151d4a2e20237bbbf3d5fe5cd15b67fe3625eb4c991b681521effd94e

Download Submit
C:\Windows\system\EjzkZjy.exe

Filesize
6.0MB

MD5
a093d243bc7978f3d3152776c690e26a

SHA1
7a5091ca58cef10b73740a0d77564ac171989227

SHA256
2d23d7867cfa2b32caf29baa22220b20194df4d5ac4962403aeb1724b416142c

SHA512
9dc7d45666c198bf6a9152f9f8bc8d95f276eadfe1d9e7f1384dfd91a7b6712e197eadeaf9b1ca69b0ef811910c8eb4d989a19a0007c18cc358e62161d32e24b

Download Submit
C:\Windows\system\HNQpCFA.exe

Filesize
6.0MB

MD5
8bdb5746cb47f02ecc6eff5ba2409c1e

SHA1
80123b3db2d61c9f94e2fdbd1c3b89dee55a3603

SHA256
4bc1e88419d01b9039b3247768d91210876984756ac79296cb8da7e830c2d86a

SHA512
efe3930d1d78c685cf1ec86aeb4429bc55ea42f3bf33608d5d24837bc4a76627db5c89615e3d9b2c55bb0629174506f110eb62efb2282068c5aa6ab3a450bc8c

Download Submit
C:\Windows\system\ISMTXcH.exe

Filesize
6.0MB

MD5
fd721f6557bc193fc4641ea1db077516

SHA1
5d0e4c72e8c12e0ccc9bb76f49904acc9d48049f

SHA256
f0b3279f2b2a9d859ac0be3d26ec880b393556b6ac77f1f52ba8a0f1ffd1ea71

SHA512
72f3f1117593e91edd8a6edf3129d910d46fa15ec4c07cee0a23cf7513b83c12fb77858edc02656d043377f3ce98aaab919be6e7bfddf2f14d4d04d280e8578e

Download Submit
C:\Windows\system\NLqUICO.exe

Filesize
6.0MB

MD5
af2007b3d56a9171e88188e6964946a5

SHA1
46a1d744d1042560712a1d4f3a125bc9e7bc8fea

SHA256
557a091e0d9d1e7a72eb56bbe0fa92fce79bc1e9a1920e5e0d2f76364aab0254

SHA512
044c85ea6311d2f77855201aa6906fc8bb3039b78e3c963736d2b2b7cc4b563de043bd86c34a0b3284f99792acf30033b07c6519207e17279354f4dc5a6bc595

Download Submit
C:\Windows\system\NtBsjrG.exe

Filesize
6.0MB

MD5
365326f654e9bda297bf0f02e5d5f35f

SHA1
6526d3d44141ba88cd832cea448de2be319a3c26

SHA256
d4f61a5bd208acd3a6ccccd5a4e46d832ce3444e682e999d0fc4d9029dff7e34

SHA512
bb4973982b4c7c150e3943ac5c70abd1cd82c8feed6869f2f2587d8e6bc51d0a2de02ce5c3c16bcb2708a90f5970ce46cb23b002200e5c70ab6fba1e025387f8

Download Submit
C:\Windows\system\QvODbyY.exe

Filesize
6.0MB

MD5
16e2d5e6713896995bfc19421ed11cf1

SHA1
476fbac6b0a8361086c388c06ba2144858940214

SHA256
9efc92c1fba667cc12661effa69590f3f473973b06b78fa428035ce9672d8fa6

SHA512
0c519fc0c5ef4ce96dc8b814d5b0e2b0fa7fba730e6f0988c72146f5c817c6bc5ce41a3144109261c76cdf06debe51a54faa9b19d22ddff1e94677e597de28e1

Download Submit
C:\Windows\system\TQkimfK.exe

Filesize
6.0MB

MD5
940c0c30f908388586614f08ed5c6e29

SHA1
d09501fd98e2e211ecc725b94de3fbe8fda93928

SHA256
42af48890487ee005489a562ca6e1d24ffcc4af05ad0af37a113d586c78310df

SHA512
1734b7746c072c817ce320b8b3c5d7c206438126d2bb873c1aa514366b72f565780b3782216d5dad28f811a02d1b0ed4523c6c2a646bcdf4d65177270bd15f24

Download Submit
C:\Windows\system\TRHLmob.exe

Filesize
6.0MB

MD5
2d87cb55be2aae3d7864f20b464ec2d2

SHA1
48dfc41f5a6513b41298fa02f4991a565e4b9649

SHA256
7fd4c2ea3aab1dc34f864450f1df173a6d776d841a048b1afcb624f25af02c7f

SHA512
6c1da94bb150b52df659c079caaf7ad63df29c9b828f168e1c9c7312df5eb9228b7f72ca98deb1938976833283bd74728dfbdf68ae64082f5b4dd9c7888fe154

Download Submit
C:\Windows\system\YTZKRYs.exe

Filesize
6.0MB

MD5
ce47ad67e6cafc4bc2e81de9460ffe7a

SHA1
4b82c69e7b822bc793e5a29ad0161b8f3301deb0

SHA256
9db6b9d112d666b34bcedf44a279bae6beffd20fb3183c169ee5d743698f7a20

SHA512
b833dde8aabbf02e1b91c0b594a8591b85d85b1ddf27621d28ebe40c4c3802e231c85825e8d0e9e4e90355d0d28146402ffab49e39d1e85a32ad4e7e85a9d920

Download Submit
C:\Windows\system\YZJjWid.exe

Filesize
6.0MB

MD5
42b403c217f045d2c36bd75a2da9ab99

SHA1
772a8ff75dd1d4e818cf641efdde757bc21f87fc

SHA256
1d1fe112824dbe1080b2cffca8cb4bf7dfedb092626e94e5c3214b30ca522af6

SHA512
566088b667cfadc72dfc8e50165f5b77a89ac88c2619c613ae1b732b9e4bca7b752516b7e75a411b10d256e928b7c08aec5d7f3f23e702acd49c388ba7debc64

Download Submit
C:\Windows\system\aArtMde.exe

Filesize
6.0MB

MD5
635460eabdac87c38df7c8632303e506

SHA1
2385e5efd2e1be226f440d4b4757d256017fdcb7

SHA256
911013d045a27414fdd6732f0feedc2faf258084285db3f3713b8bfcb51e8a17

SHA512
3919d0335a3fccf0501f8870f4aa5fd258d8337cd4f6eb3674dd6a2e69b689d535891b5f6f23d9a18357685d10e4eddc6f3807c2c7bfad72478b7bc52bc2b9df

Download Submit
C:\Windows\system\acbKXSV.exe

Filesize
6.0MB

MD5
3b90ba628c8fbd4c5458e963e54c3a55

SHA1
e89999dbf5ce52f532aa5dd292800660b93b87ba

SHA256
e7040b4f023a533c1e88e86f7eb4abc3ab6e09317307a28aea66b658127355a6

SHA512
c29c4d60f4a25b19df62d3b22effd690f2bea176982fbcada08de1e5ceb73e53a447b909e371176e1c0877e9256b2b626ab43421156508c8c262ca8416f1bdb7

Download Submit
C:\Windows\system\dGvjefC.exe

Filesize
6.0MB

MD5
e76dbc51ac2956040e82d9293935f251

SHA1
fd839e276272710e7d9eb322eaf6f3f516d2f5b4

SHA256
4f686cb890970ad722efc45fa00b3f1bf8882c39438db9e12648758bfd05419d

SHA512
b48cb3ec18e7a90f8908e705595617c0014dbd3ef89366c1f64c854e2de331b58fffbec656db22c0c6c65312eb74feb9f399dec535251e19507873629806596e

Download Submit
C:\Windows\system\fhwxpri.exe

Filesize
6.0MB

MD5
b91cd2aed1901e79b79c901f43710160

SHA1
b3803603831406e36b80b10a8961b996dfceee58

SHA256
e5cda564b7f843a3b61b855cd510cdc1c0767dda35068f1cc118b7e1283ea5e2

SHA512
1286838c1cc716617d3d415125640e5c896c19f125b1a59d43ac2b9d282b268c81f298b7424111208061502c4ac7ede785dd89ac5a4c89a451febe0ea272d049

Download Submit
C:\Windows\system\gEMoEdu.exe

Filesize
6.0MB

MD5
cf598ea15cc09884331b02be870ab249

SHA1
1002aeb6a64e4065ea0af54d0b07295050319d35

SHA256
b523880b46c32bd41508ba48c05f92064dbaad2e32e95ba0ca07e2911bcea582

SHA512
1857af493653aba9837c71b6042822fd4092ab54dc631dd3077f4f5a72655677fa32f1549c2239eb13e3e1273a4284f28084cf71ca413a99d9bfd75feacd6fe3

Download Submit
C:\Windows\system\jXncCOo.exe

Filesize
6.0MB

MD5
7ebc5181e76899c424b3d1e897564e64

SHA1
62e9b30c91074e1ddfd1e0b2177ff469ecb411ca

SHA256
9a4fd10a8b413b4d1eb045a46f883288f023d10cede9ac4127bb9471078a14f8

SHA512
5a813a61ad37849731591508ef53f09a6dd59ed160bd001050d984a3cab4a1ba25146273d35d1d589189bf9986ed078c3e023c51a899bb777d981f02404a79ea

Download Submit
C:\Windows\system\nCLQIFN.exe

Filesize
6.0MB

MD5
fccb085ddaac25788474b33bb296336e

SHA1
be31f388915970b5f176337cf57bcf0104463b00

SHA256
32c7124be2f78478cd03ff5cbffd7423ad77f3d0715063cba5c26195c676f9ef

SHA512
f00f21904e7a0320bfee1eb2aeba9961bb780e2f20dd12037af86bc50a3b457b265f32b416778e91dd6b5af20b8c0551bf7c2255fa27756f8c22276b821d866c

Download Submit
C:\Windows\system\narFQLl.exe

Filesize
6.0MB

MD5
c279dfc9fc9455d666dbd873fc222144

SHA1
b09227bc738a8b8f86877295543cc103af922bd4

SHA256
10755888a763809e8d67f4f0c996a334400fd117fbd22c7092caf6d5e2384c91

SHA512
2aead6fd916bf34fcad2d62e47c4560b0cf1db61c8765042694cef1e9d951566f8025cba576a453739ad187d235aecec3bd635ff8c68c9dc10fd1d692a481717

Download Submit
C:\Windows\system\oDNqlPK.exe

Filesize
6.0MB

MD5
f3bb292a6795eeff46e13de019901de6

SHA1
40381f3430744665a9bf01238a015d24ba717d79

SHA256
6aa104603d6fd6c198e152cb6683fd3abbe2ac02fdb4afd0c4d8947823064112

SHA512
23f0b97a5bdcd1156e51e7b4296f79311c90f072a5b948f06d55383768dc065a993c2840246654c59b39d97724c9bc48a2a925fad4c7180b0275e6e24432a829

Download Submit
C:\Windows\system\pccnfxJ.exe

Filesize
6.0MB

MD5
7bc11c1598b23e1636a448e2773a879f

SHA1
7a24703bcacebe150603be7a8c98c129b65c33ee

SHA256
95114fa4d350cf7e59106eedb73b27af29457ad159ee39d13a499a27f447bafa

SHA512
fbfc028ccf3f08fb32ddb567b805ae543b7c928236760775575de2c8dff5e0b9f878a78db03937110c7ea032ab7c601d082a36320ba30823c11d962b7e25039a

Download Submit
C:\Windows\system\rckcavd.exe

Filesize
6.0MB

MD5
efb94543a1096bad6a775e15059460a8

SHA1
3d0dfdaff1e18fd74d960f586c05d442ac83d662

SHA256
bcb043aafc88c65b1f275eb79fde41d27e22e83dfd325b27e5236d697374d6e0

SHA512
c2dcd98b61cd586444a2818382dda68b30cf071f6530a61b29d40c1adebacd0ae1307b554f5a6392da8705b30331b13352c42b0b1299469a5e7b24c1c7543a54

Download Submit
C:\Windows\system\sQXYENf.exe

Filesize
6.0MB

MD5
f7167115547a9042b3560b00e016dee1

SHA1
c46c1a33f6a8beeef5a5a63e76488bebb3b251e8

SHA256
a7325e4f6f63b69bf3d76bb0ff7040c0b5901735c716996007c244e53e06ea64

SHA512
5e270217784cc075d801404bd41720e62e8b0bd83b2bf673d2dc88b9f1a495413927bea90cbaebdaaa5896593cf2264b63a0c0960c1b4696771ff108b8a05739

Download Submit
C:\Windows\system\vrjAqhF.exe

Filesize
6.0MB

MD5
ddcf46b9da1ba52227f1cf83809dcb9c

SHA1
6732569366b5326820b5b7389efe7b160b376fa4

SHA256
35e3fa11b15470f9f7e0c7a6a2204cdc1d74e8864e4ef4f7704df79d4d44c8da

SHA512
8bc5b53e01ad880038683b02d2b8e1443a5ffee04f82aef99854f2fac912c406ab5aff0d3935868e02ab61113015c79472a6ee92130c5e1efd09e9b3a612cbc7

Download Submit
\Windows\system\BtxbAjt.exe

Filesize
6.0MB

MD5
19ccd8fc1ef4178050973d32848f345e

SHA1
37d541fba796be17ae1f2cc5115bc40b696fd941

SHA256
7a99f8de37ac98f6717f0729ddec39a33fe752291b6ac633c6982234eda28353

SHA512
9f41ce6e01d22d1f230cd361616e5c3fc0ee7862d2b5c8488170438e004273065b6c4757978b0681200186d08faa589e90ce51f2a87a5e269d1534237b77ec6a

Download Submit
\Windows\system\DhYqjxO.exe

Filesize
6.0MB

MD5
f68526aa29d1713d0341c990ff4d999f

SHA1
e3f4ca8f4b48b4107ebcf846226e9d1cffd5f99a

SHA256
caababb44d244171f597f7cdde21ea5f937ecc60eba92479de62b6900181449d

SHA512
010fe2e6221e9a970bbcdd0dc01800d3920cbcdc116d86304ddf81156d11598c904cfda123c6ba1ae48156d4e500c4d87162e901afb95b05aa19b1cea9706420

Download Submit
\Windows\system\JGIkFZq.exe

Filesize
6.0MB

MD5
7fc3359d5f2445fe11eb94bb9a5b2ac7

SHA1
9fdd2bb8df6d5368dc8ca2d5914748f953978ac5

SHA256
384a3cd671df905f6ba06625e625820a1a94e977f20d3793fea3d1d23f0abff6

SHA512
42153de39968566d1107a3007bf99753af4e553bbbaf3b2f914df9193e75de19923b76079ec34cb8b5799646a3332ca0636acb2e6b5432e6881552e60f341feb

Download Submit
\Windows\system\VtmpFyv.exe

Filesize
6.0MB

MD5
997a582d02ddfe92f5c4de06c93e9d35

SHA1
939f053fae33bf29d7fac91b26dfc85e5447ec89

SHA256
147dbfbf45ad91c1b5adc3a102df184ff2490eb94cf90f48f31857a33a12fa85

SHA512
a5abfbe24afd47198f1c3f1d57a0f3515c8c7f2ec4a0c0eb14947c53e55a470c9337f8a59beddc9ffaa492dbeb104a157115f713d98a9fefc4867aecc9f6f2e9

Download Submit
\Windows\system\XeFczvm.exe

Filesize
6.0MB

MD5
ae47c997ae8be1ae6d93bb6d629e4416

SHA1
0bd086f374026895eaaeba959e4e9ff1eacba1f0

SHA256
9c52c2d00c62bbb4c6eeeb0481adb4a6e1c9afc49ea550698ca12daae208c2ae

SHA512
c83602e0b2848e8496b7a725bc767ff838eac7a0172939235a09ec19a8fdc1b1577041ed6ad011ee90a070d739b2758f9ed0565dbdf575fe3fc22528a5a7aa40

Download Submit
\Windows\system\hTsoHJa.exe

Filesize
6.0MB

MD5
70919bac560ec056e3f62ca207b1134c

SHA1
3885bb7d962f0c83110ca9b772e7a256ad888621

SHA256
3dbc7bce715068254b6cc457ee276abdcd000f43812ffcfd24a8eadc59b5feac

SHA512
297728923832a1d38b67c02d3015c0289eb8c71bf1ee82e0b8441305e058ed7429d5f76296372d117f5a5280ef7f645b647b70de4acc77c944a0ee52b9dc644b

Download Submit
\Windows\system\mPzGCVk.exe

Filesize
6.0MB

MD5
f2dc4d79faa35e3fe24fcd78036a5d8b

SHA1
8ed084e64edb8d41df2ab92b6da39fb08fec56ed

SHA256
f5caff1ce0c1a7d39b864545d6319e4cbe500161c9b6cff1a16f85627074e188

SHA512
21b79df2ff03a50253d7923ad2da4e41b03061362db1696b33bc31a39047213db2d998ada6a5597b2c171d78f144527f839f17252101ba78e83edc3b288c7954

Download Submit
memory/588-3915-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/588-57-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/1292-110-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1292-3914-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1492-65-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1492-3918-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-41-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-3911-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1724-91-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-3917-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-1120-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-98-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-3905-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2244-50-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2272-916-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2272-3959-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2272-74-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2452-3916-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-90-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-3904-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-36-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-105-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2708-63-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-66-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2708-51-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-49-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2708-0-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2708-18-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-122-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2708-529-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2708-95-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-915-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2708-40-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2708-35-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-83-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2708-24-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-79-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2708-991-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1119-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1117-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1441-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2708-20-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2764-3907-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2764-21-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2912-3912-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-29-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-19-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3903-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-22-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3906-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download