cobaltstrike | e07cd8cc3986cab1d680a570404036ea7cdbbff9ddb2716fa568e2da038b7685

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-01-2025 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

4e1956015af3e1005947d66eaf849397
SHA1

7659a4e90dbc1605e251bdc4526bef04a5ad0fa8
SHA256

e07cd8cc3986cab1d680a570404036ea7cdbbff9ddb2716fa568e2da038b7685
SHA512

9171ffe6ccba8241fc28c46bec3f1f7191e0ab10085e1bbcd1fa94418fa9ce35805426a4d1b12b2f7fc54ea84c43f4300684de27462d02d7ffd07d7b07d7f842
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUg:T+q56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017403-13.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019640-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019479-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019513-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-166.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019485-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953e-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-69.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-68.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018696-53.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d7-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947d-145.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001757f-42.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174c3-35.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-103.dat	cobalt_reflective_dll
behavioral1/files/0x0018000000018676-48.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174a6-24.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001746a-20.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1924-0-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/496-9-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-6.dat	xmrig
behavioral1/memory/2420-18-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x0008000000017403-13.dat	xmrig
behavioral1/memory/1164-23-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x00050000000193b3-169.dat	xmrig
behavioral1/files/0x0005000000019640-191.dat	xmrig
behavioral1/memory/2468-428-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/1924-1159-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2232-1013-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2752-649-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2916-319-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/1164-318-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x0005000000019479-185.dat	xmrig
behavioral1/files/0x0005000000019465-183.dat	xmrig
behavioral1/files/0x0005000000019450-180.dat	xmrig
behavioral1/files/0x0005000000019513-178.dat	xmrig
behavioral1/files/0x0005000000019387-166.dat	xmrig
behavioral1/files/0x00050000000194df-162.dat	xmrig
behavioral1/files/0x000500000001929a-155.dat	xmrig
behavioral1/files/0x0005000000019275-152.dat	xmrig
behavioral1/files/0x0005000000019485-149.dat	xmrig
behavioral1/files/0x000500000001946a-140.dat	xmrig
behavioral1/files/0x000500000001945b-131.dat	xmrig
behavioral1/memory/2312-129-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019446-121.dat	xmrig
behavioral1/memory/1924-120-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c1-111.dat	xmrig
behavioral1/files/0x0005000000019433-106.dat	xmrig
behavioral1/files/0x0005000000019377-90.dat	xmrig
behavioral1/memory/1924-88-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/files/0x0005000000019319-80.dat	xmrig
behavioral1/memory/2232-78-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x0005000000019365-76.dat	xmrig
behavioral1/files/0x000500000001953e-188.dat	xmrig
behavioral1/files/0x0005000000019278-69.dat	xmrig
behavioral1/files/0x000500000001926c-68.dat	xmrig
behavioral1/files/0x0007000000018696-53.dat	xmrig
behavioral1/files/0x000500000001950e-172.dat	xmrig
behavioral1/files/0x00050000000194d7-158.dat	xmrig
behavioral1/files/0x000500000001947d-145.dat	xmrig
behavioral1/memory/2752-43-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x000700000001757f-42.dat	xmrig
behavioral1/memory/1924-40-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2468-37-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2916-36-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x00070000000174c3-35.dat	xmrig
behavioral1/memory/2616-116-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a4-103.dat	xmrig
behavioral1/memory/2420-96-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2804-85-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/1924-58-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/1924-52-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2832-51-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/files/0x0018000000018676-48.dat	xmrig
behavioral1/files/0x00070000000174a6-24.dat	xmrig
behavioral1/files/0x000800000001746a-20.dat	xmrig
behavioral1/memory/2420-3806-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2616-3870-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2916-3938-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2752-3982-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2312-3868-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2804-3867-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
496	swwTAtP.exe
2420	fjImWLH.exe
1164	ThhFhtM.exe
2916	MQwMyOD.exe
2468	esGbDpU.exe
2752	ISOWjBv.exe
2832	PAcIgxq.exe
2232	zUFJmZd.exe
2804	wyUgBCC.exe
2616	OyBZXxJ.exe
2312	mELUBBh.exe
2600	baMMyTF.exe
2956	VbomFHI.exe
1512	PQGxqPf.exe
2944	DWpAywH.exe
1668	ELZpSQn.exe
2016	qbgrUua.exe
2760	pBDwVLo.exe
2912	ECmvCuE.exe
2748	efmxKCN.exe
2084	nkUNKzU.exe
2656	mhnUYAi.exe
2500	dpNVzua.exe
1492	cfqpqhK.exe
1692	nrhBcLT.exe
2020	JdWGTqK.exe
2884	GgoxYYl.exe
1064	EFoJeXT.exe
1196	wacleIW.exe
1056	EvLllCc.exe
1636	ZyBYIZp.exe
1812	JzLiidJ.exe
1644	vFtYBPA.exe
348	ozUBggV.exe
1344	vHgjIJW.exe
1792	zFsYNjQ.exe
1688	MtHolVG.exe
964	FVRzIOJ.exe
2528	frFhrZY.exe
1628	FWzMlbQ.exe
2512	VLVnnBR.exe
2508	ZeFIFhI.exe
772	GfjoQcC.exe
2712	TjxTVBQ.exe
2504	jOWTiaq.exe
1760	QpmDjjW.exe
2432	iHjjbQn.exe
2244	zUKzeWi.exe
1712	xUrPWHC.exe
2116	dnMgSOc.exe
1820	XyeskOP.exe
2716	RSTKERK.exe
2388	JxqrqhB.exe
2780	AmjakkC.exe
2664	BvzvslZ.exe
1332	LAeBoFT.exe
2852	hbTSzEx.exe
2136	qBGHowY.exe
2724	ERNUhFg.exe
2160	SVDqCOg.exe
640	eDEozcS.exe
536	FfEGMOS.exe
1564	TkbCvvZ.exe
1544	NDwGJNT.exe

Loads dropped DLL 64 IoCs

pid	Process
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1924-0-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/496-9-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x0007000000012118-6.dat	upx
behavioral1/memory/2420-18-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x0008000000017403-13.dat	upx
behavioral1/memory/1164-23-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x00050000000193b3-169.dat	upx
behavioral1/files/0x0005000000019640-191.dat	upx
behavioral1/memory/2468-428-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2232-1013-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2752-649-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2916-319-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/1164-318-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x0005000000019479-185.dat	upx
behavioral1/files/0x0005000000019465-183.dat	upx
behavioral1/files/0x0005000000019450-180.dat	upx
behavioral1/files/0x0005000000019513-178.dat	upx
behavioral1/files/0x0005000000019387-166.dat	upx
behavioral1/files/0x00050000000194df-162.dat	upx
behavioral1/files/0x000500000001929a-155.dat	upx
behavioral1/files/0x0005000000019275-152.dat	upx
behavioral1/files/0x0005000000019485-149.dat	upx
behavioral1/files/0x000500000001946a-140.dat	upx
behavioral1/files/0x000500000001945b-131.dat	upx
behavioral1/memory/2312-129-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x0005000000019446-121.dat	upx
behavioral1/files/0x00050000000193c1-111.dat	upx
behavioral1/files/0x0005000000019433-106.dat	upx
behavioral1/files/0x0005000000019377-90.dat	upx
behavioral1/files/0x0005000000019319-80.dat	upx
behavioral1/memory/2232-78-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x0005000000019365-76.dat	upx
behavioral1/files/0x000500000001953e-188.dat	upx
behavioral1/files/0x0005000000019278-69.dat	upx
behavioral1/files/0x000500000001926c-68.dat	upx
behavioral1/files/0x0007000000018696-53.dat	upx
behavioral1/files/0x000500000001950e-172.dat	upx
behavioral1/files/0x00050000000194d7-158.dat	upx
behavioral1/files/0x000500000001947d-145.dat	upx
behavioral1/memory/2752-43-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x000700000001757f-42.dat	upx
behavioral1/memory/2468-37-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2916-36-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x00070000000174c3-35.dat	upx
behavioral1/memory/2616-116-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x00050000000193a4-103.dat	upx
behavioral1/memory/2420-96-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2804-85-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/1924-52-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2832-51-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x0018000000018676-48.dat	upx
behavioral1/files/0x00070000000174a6-24.dat	upx
behavioral1/files/0x000800000001746a-20.dat	upx
behavioral1/memory/2420-3806-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2616-3870-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2916-3938-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2752-3982-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2312-3868-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2804-3867-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2832-3866-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/496-3865-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2468-3864-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/1164-3863-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2232-3862-0x000000013F140000-0x000000013F494000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\iUnEIhB.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfyyrAX.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ytzdcvK.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bOZzMpd.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ukQzfhV.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PAcIgxq.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMfzcpE.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MecVcMb.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VEoojvt.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VMwWbfN.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hLKgcqO.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYZtCWr.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wfFIXwA.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xMWhnnd.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gNRIzLI.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jlXgjwK.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIzXJFT.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dDRBsKe.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EaYDuNw.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MQwMyOD.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGDCwST.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eYqitgG.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FzmPSdO.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bMMzNxz.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wKJdHfH.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwEZyqL.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YwgrUoa.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SPzrwYG.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XAUIEIj.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzLiidJ.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xFzUAyX.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PUOIwnC.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLSwPJy.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DITGicX.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wteaFua.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nDrjUfq.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jafEZew.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkGidiv.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\azstLBV.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vxKCprq.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKMPWDB.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jZmbibn.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FRisVxp.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uteyYKZ.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ECmvCuE.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\baMMyTF.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VbomFHI.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ErELeTF.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KgsruyF.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DddBdMl.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PvWSNtI.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lLSSdhi.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EFoJeXT.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YdNiSJZ.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKbCEvw.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vZEOPty.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpPByFL.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zDsXrBF.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WQkADRl.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btKkZSM.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNyWgJH.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rHPusiH.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aHcjOAa.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DAovzLo.exe	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 496	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1924 wrote to memory of 496	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1924 wrote to memory of 496	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1924 wrote to memory of 2420	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1924 wrote to memory of 2420	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1924 wrote to memory of 2420	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1924 wrote to memory of 1164	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1924 wrote to memory of 1164	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1924 wrote to memory of 1164	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1924 wrote to memory of 2916	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1924 wrote to memory of 2916	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1924 wrote to memory of 2916	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1924 wrote to memory of 2468	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1924 wrote to memory of 2468	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1924 wrote to memory of 2468	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1924 wrote to memory of 2752	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1924 wrote to memory of 2752	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1924 wrote to memory of 2752	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1924 wrote to memory of 2832	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1924 wrote to memory of 2832	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1924 wrote to memory of 2832	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1924 wrote to memory of 2760	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1924 wrote to memory of 2760	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1924 wrote to memory of 2760	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1924 wrote to memory of 2232	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1924 wrote to memory of 2232	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1924 wrote to memory of 2232	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1924 wrote to memory of 2912	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1924 wrote to memory of 2912	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1924 wrote to memory of 2912	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1924 wrote to memory of 2804	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1924 wrote to memory of 2804	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1924 wrote to memory of 2804	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1924 wrote to memory of 2748	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1924 wrote to memory of 2748	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1924 wrote to memory of 2748	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1924 wrote to memory of 2616	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1924 wrote to memory of 2616	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1924 wrote to memory of 2616	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1924 wrote to memory of 2656	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1924 wrote to memory of 2656	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1924 wrote to memory of 2656	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1924 wrote to memory of 2312	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1924 wrote to memory of 2312	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1924 wrote to memory of 2312	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1924 wrote to memory of 2500	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1924 wrote to memory of 2500	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1924 wrote to memory of 2500	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1924 wrote to memory of 2600	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1924 wrote to memory of 2600	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1924 wrote to memory of 2600	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1924 wrote to memory of 1492	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1924 wrote to memory of 1492	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1924 wrote to memory of 1492	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1924 wrote to memory of 2956	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1924 wrote to memory of 2956	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1924 wrote to memory of 2956	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1924 wrote to memory of 2020	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1924 wrote to memory of 2020	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1924 wrote to memory of 2020	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1924 wrote to memory of 1512	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1924 wrote to memory of 1512	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1924 wrote to memory of 1512	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1924 wrote to memory of 2884	1924	2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-02_4e1956015af3e1005947d66eaf849397_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Windows\System\swwTAtP.exe
  C:\Windows\System\swwTAtP.exe
  2⤵
  - Executes dropped EXE
  PID:496
- C:\Windows\System\fjImWLH.exe
  C:\Windows\System\fjImWLH.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\ThhFhtM.exe
  C:\Windows\System\ThhFhtM.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\MQwMyOD.exe
  C:\Windows\System\MQwMyOD.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\esGbDpU.exe
  C:\Windows\System\esGbDpU.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\ISOWjBv.exe
  C:\Windows\System\ISOWjBv.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\PAcIgxq.exe
  C:\Windows\System\PAcIgxq.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\pBDwVLo.exe
  C:\Windows\System\pBDwVLo.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\zUFJmZd.exe
  C:\Windows\System\zUFJmZd.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\ECmvCuE.exe
  C:\Windows\System\ECmvCuE.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\wyUgBCC.exe
  C:\Windows\System\wyUgBCC.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\efmxKCN.exe
  C:\Windows\System\efmxKCN.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\OyBZXxJ.exe
  C:\Windows\System\OyBZXxJ.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\mhnUYAi.exe
  C:\Windows\System\mhnUYAi.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\mELUBBh.exe
  C:\Windows\System\mELUBBh.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\dpNVzua.exe
  C:\Windows\System\dpNVzua.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\baMMyTF.exe
  C:\Windows\System\baMMyTF.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\cfqpqhK.exe
  C:\Windows\System\cfqpqhK.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\VbomFHI.exe
  C:\Windows\System\VbomFHI.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\JdWGTqK.exe
  C:\Windows\System\JdWGTqK.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\PQGxqPf.exe
  C:\Windows\System\PQGxqPf.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\GgoxYYl.exe
  C:\Windows\System\GgoxYYl.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\DWpAywH.exe
  C:\Windows\System\DWpAywH.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\EFoJeXT.exe
  C:\Windows\System\EFoJeXT.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\ELZpSQn.exe
  C:\Windows\System\ELZpSQn.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\wacleIW.exe
  C:\Windows\System\wacleIW.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\qbgrUua.exe
  C:\Windows\System\qbgrUua.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\ZyBYIZp.exe
  C:\Windows\System\ZyBYIZp.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\nkUNKzU.exe
  C:\Windows\System\nkUNKzU.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\JzLiidJ.exe
  C:\Windows\System\JzLiidJ.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\nrhBcLT.exe
  C:\Windows\System\nrhBcLT.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\ozUBggV.exe
  C:\Windows\System\ozUBggV.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\EvLllCc.exe
  C:\Windows\System\EvLllCc.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\vHgjIJW.exe
  C:\Windows\System\vHgjIJW.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\vFtYBPA.exe
  C:\Windows\System\vFtYBPA.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\MtHolVG.exe
  C:\Windows\System\MtHolVG.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\zFsYNjQ.exe
  C:\Windows\System\zFsYNjQ.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\FVRzIOJ.exe
  C:\Windows\System\FVRzIOJ.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\frFhrZY.exe
  C:\Windows\System\frFhrZY.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\VLVnnBR.exe
  C:\Windows\System\VLVnnBR.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\FWzMlbQ.exe
  C:\Windows\System\FWzMlbQ.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\TjxTVBQ.exe
  C:\Windows\System\TjxTVBQ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\ZeFIFhI.exe
  C:\Windows\System\ZeFIFhI.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\jOWTiaq.exe
  C:\Windows\System\jOWTiaq.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\GfjoQcC.exe
  C:\Windows\System\GfjoQcC.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\QpmDjjW.exe
  C:\Windows\System\QpmDjjW.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\iHjjbQn.exe
  C:\Windows\System\iHjjbQn.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\zUKzeWi.exe
  C:\Windows\System\zUKzeWi.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\xUrPWHC.exe
  C:\Windows\System\xUrPWHC.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\XyeskOP.exe
  C:\Windows\System\XyeskOP.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\dnMgSOc.exe
  C:\Windows\System\dnMgSOc.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\JxqrqhB.exe
  C:\Windows\System\JxqrqhB.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\RSTKERK.exe
  C:\Windows\System\RSTKERK.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\AmjakkC.exe
  C:\Windows\System\AmjakkC.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\BvzvslZ.exe
  C:\Windows\System\BvzvslZ.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\PFgTpRr.exe
  C:\Windows\System\PFgTpRr.exe
  2⤵
  PID:2996
- C:\Windows\System\LAeBoFT.exe
  C:\Windows\System\LAeBoFT.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\EXcgvne.exe
  C:\Windows\System\EXcgvne.exe
  2⤵
  PID:1664
- C:\Windows\System\hbTSzEx.exe
  C:\Windows\System\hbTSzEx.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\XMDjZco.exe
  C:\Windows\System\XMDjZco.exe
  2⤵
  PID:1200
- C:\Windows\System\qBGHowY.exe
  C:\Windows\System\qBGHowY.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\hUuokmM.exe
  C:\Windows\System\hUuokmM.exe
  2⤵
  PID:2620
- C:\Windows\System\ERNUhFg.exe
  C:\Windows\System\ERNUhFg.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\JPnLfUm.exe
  C:\Windows\System\JPnLfUm.exe
  2⤵
  PID:768
- C:\Windows\System\SVDqCOg.exe
  C:\Windows\System\SVDqCOg.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\efcxcHa.exe
  C:\Windows\System\efcxcHa.exe
  2⤵
  PID:2352
- C:\Windows\System\eDEozcS.exe
  C:\Windows\System\eDEozcS.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\uTjCiLV.exe
  C:\Windows\System\uTjCiLV.exe
  2⤵
  PID:1652
- C:\Windows\System\FfEGMOS.exe
  C:\Windows\System\FfEGMOS.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\CPdBNCn.exe
  C:\Windows\System\CPdBNCn.exe
  2⤵
  PID:2384
- C:\Windows\System\TkbCvvZ.exe
  C:\Windows\System\TkbCvvZ.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\aeEbWNC.exe
  C:\Windows\System\aeEbWNC.exe
  2⤵
  PID:1312
- C:\Windows\System\NDwGJNT.exe
  C:\Windows\System\NDwGJNT.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\dgTOeBG.exe
  C:\Windows\System\dgTOeBG.exe
  2⤵
  PID:316
- C:\Windows\System\AYZtCWr.exe
  C:\Windows\System\AYZtCWr.exe
  2⤵
  PID:1084
- C:\Windows\System\sqRCcHm.exe
  C:\Windows\System\sqRCcHm.exe
  2⤵
  PID:1104
- C:\Windows\System\dMBBLiB.exe
  C:\Windows\System\dMBBLiB.exe
  2⤵
  PID:2584
- C:\Windows\System\LkOliKG.exe
  C:\Windows\System\LkOliKG.exe
  2⤵
  PID:2764
- C:\Windows\System\ozRurzK.exe
  C:\Windows\System\ozRurzK.exe
  2⤵
  PID:1172
- C:\Windows\System\NUHFZaA.exe
  C:\Windows\System\NUHFZaA.exe
  2⤵
  PID:2320
- C:\Windows\System\GKkycoo.exe
  C:\Windows\System\GKkycoo.exe
  2⤵
  PID:2044
- C:\Windows\System\MHHwets.exe
  C:\Windows\System\MHHwets.exe
  2⤵
  PID:1836
- C:\Windows\System\KfVWQNP.exe
  C:\Windows\System\KfVWQNP.exe
  2⤵
  PID:1600
- C:\Windows\System\XtlIywd.exe
  C:\Windows\System\XtlIywd.exe
  2⤵
  PID:2004
- C:\Windows\System\MTkzxbP.exe
  C:\Windows\System\MTkzxbP.exe
  2⤵
  PID:2532
- C:\Windows\System\VpJDFdZ.exe
  C:\Windows\System\VpJDFdZ.exe
  2⤵
  PID:1724
- C:\Windows\System\dSDtSzw.exe
  C:\Windows\System\dSDtSzw.exe
  2⤵
  PID:2344
- C:\Windows\System\hFlXmJk.exe
  C:\Windows\System\hFlXmJk.exe
  2⤵
  PID:3080
- C:\Windows\System\dyuSHRC.exe
  C:\Windows\System\dyuSHRC.exe
  2⤵
  PID:3100
- C:\Windows\System\GJyUeYM.exe
  C:\Windows\System\GJyUeYM.exe
  2⤵
  PID:3120
- C:\Windows\System\XmDhYPO.exe
  C:\Windows\System\XmDhYPO.exe
  2⤵
  PID:3136
- C:\Windows\System\CWbxeTD.exe
  C:\Windows\System\CWbxeTD.exe
  2⤵
  PID:3160
- C:\Windows\System\yeZNkfT.exe
  C:\Windows\System\yeZNkfT.exe
  2⤵
  PID:3180
- C:\Windows\System\YKFilxZ.exe
  C:\Windows\System\YKFilxZ.exe
  2⤵
  PID:3204
- C:\Windows\System\qCFxiKg.exe
  C:\Windows\System\qCFxiKg.exe
  2⤵
  PID:3220
- C:\Windows\System\zFhDPnR.exe
  C:\Windows\System\zFhDPnR.exe
  2⤵
  PID:3236
- C:\Windows\System\DFvMhVI.exe
  C:\Windows\System\DFvMhVI.exe
  2⤵
  PID:3252
- C:\Windows\System\QtwapsA.exe
  C:\Windows\System\QtwapsA.exe
  2⤵
  PID:3268
- C:\Windows\System\spSXbdS.exe
  C:\Windows\System\spSXbdS.exe
  2⤵
  PID:3284
- C:\Windows\System\osrtHzS.exe
  C:\Windows\System\osrtHzS.exe
  2⤵
  PID:3308
- C:\Windows\System\hUqaocI.exe
  C:\Windows\System\hUqaocI.exe
  2⤵
  PID:3328
- C:\Windows\System\PbqusBw.exe
  C:\Windows\System\PbqusBw.exe
  2⤵
  PID:3348
- C:\Windows\System\qtcwZbU.exe
  C:\Windows\System\qtcwZbU.exe
  2⤵
  PID:3384
- C:\Windows\System\RKgfQuC.exe
  C:\Windows\System\RKgfQuC.exe
  2⤵
  PID:3404
- C:\Windows\System\bgKbdLe.exe
  C:\Windows\System\bgKbdLe.exe
  2⤵
  PID:3420
- C:\Windows\System\QNGtndk.exe
  C:\Windows\System\QNGtndk.exe
  2⤵
  PID:3440
- C:\Windows\System\NAcHPBG.exe
  C:\Windows\System\NAcHPBG.exe
  2⤵
  PID:3460
- C:\Windows\System\ZgMtsCQ.exe
  C:\Windows\System\ZgMtsCQ.exe
  2⤵
  PID:3480
- C:\Windows\System\DgTFrje.exe
  C:\Windows\System\DgTFrje.exe
  2⤵
  PID:3500
- C:\Windows\System\IasBJCy.exe
  C:\Windows\System\IasBJCy.exe
  2⤵
  PID:3524
- C:\Windows\System\tsqRUwv.exe
  C:\Windows\System\tsqRUwv.exe
  2⤵
  PID:3544
- C:\Windows\System\kLNNtPy.exe
  C:\Windows\System\kLNNtPy.exe
  2⤵
  PID:3560
- C:\Windows\System\WdooCiL.exe
  C:\Windows\System\WdooCiL.exe
  2⤵
  PID:3584
- C:\Windows\System\VwqPguU.exe
  C:\Windows\System\VwqPguU.exe
  2⤵
  PID:3600
- C:\Windows\System\wRLZYOa.exe
  C:\Windows\System\wRLZYOa.exe
  2⤵
  PID:3620
- C:\Windows\System\AuWsSFr.exe
  C:\Windows\System\AuWsSFr.exe
  2⤵
  PID:3648
- C:\Windows\System\jIZSVis.exe
  C:\Windows\System\jIZSVis.exe
  2⤵
  PID:3668
- C:\Windows\System\wQGDgfq.exe
  C:\Windows\System\wQGDgfq.exe
  2⤵
  PID:3684
- C:\Windows\System\mdcaQEu.exe
  C:\Windows\System\mdcaQEu.exe
  2⤵
  PID:3700
- C:\Windows\System\mIQCsCT.exe
  C:\Windows\System\mIQCsCT.exe
  2⤵
  PID:3720
- C:\Windows\System\TWfIMCX.exe
  C:\Windows\System\TWfIMCX.exe
  2⤵
  PID:3736
- C:\Windows\System\bmbmlEC.exe
  C:\Windows\System\bmbmlEC.exe
  2⤵
  PID:3752
- C:\Windows\System\iGDCwST.exe
  C:\Windows\System\iGDCwST.exe
  2⤵
  PID:3768
- C:\Windows\System\TKwpcGa.exe
  C:\Windows\System\TKwpcGa.exe
  2⤵
  PID:3788
- C:\Windows\System\zNZvRYC.exe
  C:\Windows\System\zNZvRYC.exe
  2⤵
  PID:3816
- C:\Windows\System\vWrtgxx.exe
  C:\Windows\System\vWrtgxx.exe
  2⤵
  PID:3836
- C:\Windows\System\NtloGhY.exe
  C:\Windows\System\NtloGhY.exe
  2⤵
  PID:3856
- C:\Windows\System\gVNncJM.exe
  C:\Windows\System\gVNncJM.exe
  2⤵
  PID:3888
- C:\Windows\System\OnoUEyT.exe
  C:\Windows\System\OnoUEyT.exe
  2⤵
  PID:3908
- C:\Windows\System\Cuihkpc.exe
  C:\Windows\System\Cuihkpc.exe
  2⤵
  PID:3928
- C:\Windows\System\xFzUAyX.exe
  C:\Windows\System\xFzUAyX.exe
  2⤵
  PID:3944
- C:\Windows\System\CMRBXTD.exe
  C:\Windows\System\CMRBXTD.exe
  2⤵
  PID:3960
- C:\Windows\System\LWvKFoQ.exe
  C:\Windows\System\LWvKFoQ.exe
  2⤵
  PID:3976
- C:\Windows\System\hKMPWDB.exe
  C:\Windows\System\hKMPWDB.exe
  2⤵
  PID:3992
- C:\Windows\System\YdNiSJZ.exe
  C:\Windows\System\YdNiSJZ.exe
  2⤵
  PID:4016
- C:\Windows\System\IzObpgb.exe
  C:\Windows\System\IzObpgb.exe
  2⤵
  PID:4044
- C:\Windows\System\eYqitgG.exe
  C:\Windows\System\eYqitgG.exe
  2⤵
  PID:4064
- C:\Windows\System\HWxmdNY.exe
  C:\Windows\System\HWxmdNY.exe
  2⤵
  PID:4080
- C:\Windows\System\tuUfBvT.exe
  C:\Windows\System\tuUfBvT.exe
  2⤵
  PID:896
- C:\Windows\System\MjzJKgQ.exe
  C:\Windows\System\MjzJKgQ.exe
  2⤵
  PID:2200
- C:\Windows\System\MKbCEvw.exe
  C:\Windows\System\MKbCEvw.exe
  2⤵
  PID:1804
- C:\Windows\System\ucgQIZy.exe
  C:\Windows\System\ucgQIZy.exe
  2⤵
  PID:1520
- C:\Windows\System\kIFHyht.exe
  C:\Windows\System\kIFHyht.exe
  2⤵
  PID:2480
- C:\Windows\System\SvvZsQa.exe
  C:\Windows\System\SvvZsQa.exe
  2⤵
  PID:3000
- C:\Windows\System\kUHvyQT.exe
  C:\Windows\System\kUHvyQT.exe
  2⤵
  PID:2640
- C:\Windows\System\fmWXlHF.exe
  C:\Windows\System\fmWXlHF.exe
  2⤵
  PID:2936
- C:\Windows\System\rfezlBB.exe
  C:\Windows\System\rfezlBB.exe
  2⤵
  PID:780
- C:\Windows\System\vfOgkja.exe
  C:\Windows\System\vfOgkja.exe
  2⤵
  PID:400
- C:\Windows\System\BBLNHVn.exe
  C:\Windows\System\BBLNHVn.exe
  2⤵
  PID:2564
- C:\Windows\System\ibuXDin.exe
  C:\Windows\System\ibuXDin.exe
  2⤵
  PID:1380
- C:\Windows\System\pjPFuFJ.exe
  C:\Windows\System\pjPFuFJ.exe
  2⤵
  PID:1944
- C:\Windows\System\rubCMFY.exe
  C:\Windows\System\rubCMFY.exe
  2⤵
  PID:1576
- C:\Windows\System\QjrekRy.exe
  C:\Windows\System\QjrekRy.exe
  2⤵
  PID:2632
- C:\Windows\System\tkhpoid.exe
  C:\Windows\System\tkhpoid.exe
  2⤵
  PID:1108
- C:\Windows\System\VNrfLmK.exe
  C:\Windows\System\VNrfLmK.exe
  2⤵
  PID:1160
- C:\Windows\System\ZacAFNK.exe
  C:\Windows\System\ZacAFNK.exe
  2⤵
  PID:3144
- C:\Windows\System\lhnRsGB.exe
  C:\Windows\System\lhnRsGB.exe
  2⤵
  PID:3088
- C:\Windows\System\KDlJFMj.exe
  C:\Windows\System\KDlJFMj.exe
  2⤵
  PID:3132
- C:\Windows\System\gmzxpoD.exe
  C:\Windows\System\gmzxpoD.exe
  2⤵
  PID:3324
- C:\Windows\System\rLbZhVA.exe
  C:\Windows\System\rLbZhVA.exe
  2⤵
  PID:3280
- C:\Windows\System\JIGqBfa.exe
  C:\Windows\System\JIGqBfa.exe
  2⤵
  PID:3364
- C:\Windows\System\eWwisVu.exe
  C:\Windows\System\eWwisVu.exe
  2⤵
  PID:3400
- C:\Windows\System\FoQYSFq.exe
  C:\Windows\System\FoQYSFq.exe
  2⤵
  PID:3412
- C:\Windows\System\lyLMSGT.exe
  C:\Windows\System\lyLMSGT.exe
  2⤵
  PID:3456
- C:\Windows\System\wDOsxDQ.exe
  C:\Windows\System\wDOsxDQ.exe
  2⤵
  PID:3512
- C:\Windows\System\knSrocU.exe
  C:\Windows\System\knSrocU.exe
  2⤵
  PID:3556
- C:\Windows\System\fNxKFYl.exe
  C:\Windows\System\fNxKFYl.exe
  2⤵
  PID:3488
- C:\Windows\System\YdhbqID.exe
  C:\Windows\System\YdhbqID.exe
  2⤵
  PID:3632
- C:\Windows\System\mPTIlqt.exe
  C:\Windows\System\mPTIlqt.exe
  2⤵
  PID:3676
- C:\Windows\System\dPQjraT.exe
  C:\Windows\System\dPQjraT.exe
  2⤵
  PID:3716
- C:\Windows\System\qVnvncQ.exe
  C:\Windows\System\qVnvncQ.exe
  2⤵
  PID:3780
- C:\Windows\System\YzKClTq.exe
  C:\Windows\System\YzKClTq.exe
  2⤵
  PID:3868
- C:\Windows\System\EgbKHvQ.exe
  C:\Windows\System\EgbKHvQ.exe
  2⤵
  PID:3876
- C:\Windows\System\qmGJnsP.exe
  C:\Windows\System\qmGJnsP.exe
  2⤵
  PID:3952
- C:\Windows\System\GmQtRUH.exe
  C:\Windows\System\GmQtRUH.exe
  2⤵
  PID:4040
- C:\Windows\System\ZOBHSON.exe
  C:\Windows\System\ZOBHSON.exe
  2⤵
  PID:1100
- C:\Windows\System\wfFIXwA.exe
  C:\Windows\System\wfFIXwA.exe
  2⤵
  PID:3572
- C:\Windows\System\iRviJLx.exe
  C:\Windows\System\iRviJLx.exe
  2⤵
  PID:3612
- C:\Windows\System\HuvOApT.exe
  C:\Windows\System\HuvOApT.exe
  2⤵
  PID:3692
- C:\Windows\System\RJpUfZe.exe
  C:\Windows\System\RJpUfZe.exe
  2⤵
  PID:3800
- C:\Windows\System\QttvjUR.exe
  C:\Windows\System\QttvjUR.exe
  2⤵
  PID:3732
- C:\Windows\System\yDgDzFW.exe
  C:\Windows\System\yDgDzFW.exe
  2⤵
  PID:1828
- C:\Windows\System\idgLQOs.exe
  C:\Windows\System\idgLQOs.exe
  2⤵
  PID:3848
- C:\Windows\System\KSxlNcq.exe
  C:\Windows\System\KSxlNcq.exe
  2⤵
  PID:2628
- C:\Windows\System\BaHtZmE.exe
  C:\Windows\System\BaHtZmE.exe
  2⤵
  PID:3936
- C:\Windows\System\tIeNIPZ.exe
  C:\Windows\System\tIeNIPZ.exe
  2⤵
  PID:2220
- C:\Windows\System\HIACAqA.exe
  C:\Windows\System\HIACAqA.exe
  2⤵
  PID:4056
- C:\Windows\System\tOZNyjC.exe
  C:\Windows\System\tOZNyjC.exe
  2⤵
  PID:1772
- C:\Windows\System\IxaTwFE.exe
  C:\Windows\System\IxaTwFE.exe
  2⤵
  PID:3148
- C:\Windows\System\ABAhDAL.exe
  C:\Windows\System\ABAhDAL.exe
  2⤵
  PID:2148
- C:\Windows\System\sCVzDxd.exe
  C:\Windows\System\sCVzDxd.exe
  2⤵
  PID:1608
- C:\Windows\System\ErELeTF.exe
  C:\Windows\System\ErELeTF.exe
  2⤵
  PID:4060
- C:\Windows\System\YjNdiOP.exe
  C:\Windows\System\YjNdiOP.exe
  2⤵
  PID:2492
- C:\Windows\System\ZplSyAe.exe
  C:\Windows\System\ZplSyAe.exe
  2⤵
  PID:624
- C:\Windows\System\sOgxSkD.exe
  C:\Windows\System\sOgxSkD.exe
  2⤵
  PID:3292
- C:\Windows\System\tKmIrnr.exe
  C:\Windows\System\tKmIrnr.exe
  2⤵
  PID:3336
- C:\Windows\System\qRwfjww.exe
  C:\Windows\System\qRwfjww.exe
  2⤵
  PID:3344
- C:\Windows\System\vTVYknX.exe
  C:\Windows\System\vTVYknX.exe
  2⤵
  PID:3392
- C:\Windows\System\MXCaVaS.exe
  C:\Windows\System\MXCaVaS.exe
  2⤵
  PID:3376
- C:\Windows\System\SPFozSv.exe
  C:\Windows\System\SPFozSv.exe
  2⤵
  PID:3552
- C:\Windows\System\YiXhRjK.exe
  C:\Windows\System\YiXhRjK.exe
  2⤵
  PID:3828
- C:\Windows\System\QjgbucI.exe
  C:\Windows\System\QjgbucI.exe
  2⤵
  PID:3608
- C:\Windows\System\RnIpyvJ.exe
  C:\Windows\System\RnIpyvJ.exe
  2⤵
  PID:2680
- C:\Windows\System\PNQzjEG.exe
  C:\Windows\System\PNQzjEG.exe
  2⤵
  PID:2672
- C:\Windows\System\PUOIwnC.exe
  C:\Windows\System\PUOIwnC.exe
  2⤵
  PID:3760
- C:\Windows\System\zaJhLnE.exe
  C:\Windows\System\zaJhLnE.exe
  2⤵
  PID:4012
- C:\Windows\System\XHZaNLA.exe
  C:\Windows\System\XHZaNLA.exe
  2⤵
  PID:4092
- C:\Windows\System\bNbhWQr.exe
  C:\Windows\System\bNbhWQr.exe
  2⤵
  PID:3320
- C:\Windows\System\TPmqYVT.exe
  C:\Windows\System\TPmqYVT.exe
  2⤵
  PID:3920
- C:\Windows\System\XEFSJHh.exe
  C:\Windows\System\XEFSJHh.exe
  2⤵
  PID:2284
- C:\Windows\System\IuhpAeq.exe
  C:\Windows\System\IuhpAeq.exe
  2⤵
  PID:4108
- C:\Windows\System\VDfTnNU.exe
  C:\Windows\System\VDfTnNU.exe
  2⤵
  PID:4128
- C:\Windows\System\faXQugF.exe
  C:\Windows\System\faXQugF.exe
  2⤵
  PID:4144
- C:\Windows\System\pPNyxuS.exe
  C:\Windows\System\pPNyxuS.exe
  2⤵
  PID:4160
- C:\Windows\System\QaTkKHc.exe
  C:\Windows\System\QaTkKHc.exe
  2⤵
  PID:4184
- C:\Windows\System\JGWCkTm.exe
  C:\Windows\System\JGWCkTm.exe
  2⤵
  PID:4204
- C:\Windows\System\tCvMhck.exe
  C:\Windows\System\tCvMhck.exe
  2⤵
  PID:4224
- C:\Windows\System\DSBaZOh.exe
  C:\Windows\System\DSBaZOh.exe
  2⤵
  PID:4244
- C:\Windows\System\SPgZrTw.exe
  C:\Windows\System\SPgZrTw.exe
  2⤵
  PID:4264
- C:\Windows\System\CVMRICW.exe
  C:\Windows\System\CVMRICW.exe
  2⤵
  PID:4284
- C:\Windows\System\fOGKjhW.exe
  C:\Windows\System\fOGKjhW.exe
  2⤵
  PID:4304
- C:\Windows\System\axmuIzq.exe
  C:\Windows\System\axmuIzq.exe
  2⤵
  PID:4332
- C:\Windows\System\UdZiwFa.exe
  C:\Windows\System\UdZiwFa.exe
  2⤵
  PID:4348
- C:\Windows\System\nYzrEgP.exe
  C:\Windows\System\nYzrEgP.exe
  2⤵
  PID:4368
- C:\Windows\System\YhYymlg.exe
  C:\Windows\System\YhYymlg.exe
  2⤵
  PID:4392
- C:\Windows\System\XKKTJnL.exe
  C:\Windows\System\XKKTJnL.exe
  2⤵
  PID:4408
- C:\Windows\System\evfQcnG.exe
  C:\Windows\System\evfQcnG.exe
  2⤵
  PID:4432
- C:\Windows\System\pBtJILp.exe
  C:\Windows\System\pBtJILp.exe
  2⤵
  PID:4448
- C:\Windows\System\KJsrtQW.exe
  C:\Windows\System\KJsrtQW.exe
  2⤵
  PID:4464
- C:\Windows\System\vdZTXaG.exe
  C:\Windows\System\vdZTXaG.exe
  2⤵
  PID:4484
- C:\Windows\System\aSqeoRC.exe
  C:\Windows\System\aSqeoRC.exe
  2⤵
  PID:4500
- C:\Windows\System\obOojMi.exe
  C:\Windows\System\obOojMi.exe
  2⤵
  PID:4520
- C:\Windows\System\oJEtFgC.exe
  C:\Windows\System\oJEtFgC.exe
  2⤵
  PID:4544
- C:\Windows\System\rskmhNR.exe
  C:\Windows\System\rskmhNR.exe
  2⤵
  PID:4564
- C:\Windows\System\OnIMlIY.exe
  C:\Windows\System\OnIMlIY.exe
  2⤵
  PID:4580
- C:\Windows\System\xMWhnnd.exe
  C:\Windows\System\xMWhnnd.exe
  2⤵
  PID:4608
- C:\Windows\System\BQhcKhG.exe
  C:\Windows\System\BQhcKhG.exe
  2⤵
  PID:4624
- C:\Windows\System\qnfUKZp.exe
  C:\Windows\System\qnfUKZp.exe
  2⤵
  PID:4640
- C:\Windows\System\mdJjOLR.exe
  C:\Windows\System\mdJjOLR.exe
  2⤵
  PID:4656
- C:\Windows\System\qkGidiv.exe
  C:\Windows\System\qkGidiv.exe
  2⤵
  PID:4672
- C:\Windows\System\RPlzzqv.exe
  C:\Windows\System\RPlzzqv.exe
  2⤵
  PID:4700
- C:\Windows\System\EBMythR.exe
  C:\Windows\System\EBMythR.exe
  2⤵
  PID:4724
- C:\Windows\System\OHxkjtI.exe
  C:\Windows\System\OHxkjtI.exe
  2⤵
  PID:4752
- C:\Windows\System\EhgiHND.exe
  C:\Windows\System\EhgiHND.exe
  2⤵
  PID:4768
- C:\Windows\System\yjlsQER.exe
  C:\Windows\System\yjlsQER.exe
  2⤵
  PID:4792
- C:\Windows\System\mcpFDLo.exe
  C:\Windows\System\mcpFDLo.exe
  2⤵
  PID:4808
- C:\Windows\System\LHMHIEE.exe
  C:\Windows\System\LHMHIEE.exe
  2⤵
  PID:4824
- C:\Windows\System\uUOtsVs.exe
  C:\Windows\System\uUOtsVs.exe
  2⤵
  PID:4848
- C:\Windows\System\tczFyxK.exe
  C:\Windows\System\tczFyxK.exe
  2⤵
  PID:4864
- C:\Windows\System\bmvcacX.exe
  C:\Windows\System\bmvcacX.exe
  2⤵
  PID:4888
- C:\Windows\System\NHeLaoI.exe
  C:\Windows\System\NHeLaoI.exe
  2⤵
  PID:4904
- C:\Windows\System\hvcMhAb.exe
  C:\Windows\System\hvcMhAb.exe
  2⤵
  PID:4920
- C:\Windows\System\oVEERTt.exe
  C:\Windows\System\oVEERTt.exe
  2⤵
  PID:4944
- C:\Windows\System\jXHkPjL.exe
  C:\Windows\System\jXHkPjL.exe
  2⤵
  PID:4964
- C:\Windows\System\ZNdYwBD.exe
  C:\Windows\System\ZNdYwBD.exe
  2⤵
  PID:4984
- C:\Windows\System\VEoojvt.exe
  C:\Windows\System\VEoojvt.exe
  2⤵
  PID:5000
- C:\Windows\System\slAoYuR.exe
  C:\Windows\System\slAoYuR.exe
  2⤵
  PID:5016
- C:\Windows\System\FzmPSdO.exe
  C:\Windows\System\FzmPSdO.exe
  2⤵
  PID:5032
- C:\Windows\System\ADmWTRX.exe
  C:\Windows\System\ADmWTRX.exe
  2⤵
  PID:5048
- C:\Windows\System\RqehsPH.exe
  C:\Windows\System\RqehsPH.exe
  2⤵
  PID:5068
- C:\Windows\System\BnuMnqQ.exe
  C:\Windows\System\BnuMnqQ.exe
  2⤵
  PID:5092
- C:\Windows\System\jZmbibn.exe
  C:\Windows\System\jZmbibn.exe
  2⤵
  PID:5116
- C:\Windows\System\jDynoyx.exe
  C:\Windows\System\jDynoyx.exe
  2⤵
  PID:2908
- C:\Windows\System\IDdZeAi.exe
  C:\Windows\System\IDdZeAi.exe
  2⤵
  PID:3660
- C:\Windows\System\daDXReT.exe
  C:\Windows\System\daDXReT.exe
  2⤵
  PID:1632
- C:\Windows\System\xsEZGUQ.exe
  C:\Windows\System\xsEZGUQ.exe
  2⤵
  PID:3940
- C:\Windows\System\JclQhbb.exe
  C:\Windows\System\JclQhbb.exe
  2⤵
  PID:1396
- C:\Windows\System\gJxodcr.exe
  C:\Windows\System\gJxodcr.exe
  2⤵
  PID:2176
- C:\Windows\System\mqWSegk.exe
  C:\Windows\System\mqWSegk.exe
  2⤵
  PID:3304
- C:\Windows\System\GmSyFgW.exe
  C:\Windows\System\GmSyFgW.exe
  2⤵
  PID:3712
- C:\Windows\System\IosscNg.exe
  C:\Windows\System\IosscNg.exe
  2⤵
  PID:3128
- C:\Windows\System\RPUimxm.exe
  C:\Windows\System\RPUimxm.exe
  2⤵
  PID:3576
- C:\Windows\System\NkHIWYp.exe
  C:\Windows\System\NkHIWYp.exe
  2⤵
  PID:3356
- C:\Windows\System\qrJrQNU.exe
  C:\Windows\System\qrJrQNU.exe
  2⤵
  PID:2324
- C:\Windows\System\BpxcllK.exe
  C:\Windows\System\BpxcllK.exe
  2⤵
  PID:2140
- C:\Windows\System\tMXlJmH.exe
  C:\Windows\System\tMXlJmH.exe
  2⤵
  PID:4116
- C:\Windows\System\BLMwwlP.exe
  C:\Windows\System\BLMwwlP.exe
  2⤵
  PID:3432
- C:\Windows\System\WRrUnOW.exe
  C:\Windows\System\WRrUnOW.exe
  2⤵
  PID:4072
- C:\Windows\System\BvCNWxo.exe
  C:\Windows\System\BvCNWxo.exe
  2⤵
  PID:4196
- C:\Windows\System\nqGvueA.exe
  C:\Windows\System\nqGvueA.exe
  2⤵
  PID:4272
- C:\Windows\System\lrauygS.exe
  C:\Windows\System\lrauygS.exe
  2⤵
  PID:4324
- C:\Windows\System\OcrzInp.exe
  C:\Windows\System\OcrzInp.exe
  2⤵
  PID:4180
- C:\Windows\System\POTFKVG.exe
  C:\Windows\System\POTFKVG.exe
  2⤵
  PID:4216
- C:\Windows\System\RJXNzCA.exe
  C:\Windows\System\RJXNzCA.exe
  2⤵
  PID:4296
- C:\Windows\System\PAvjzrL.exe
  C:\Windows\System\PAvjzrL.exe
  2⤵
  PID:4340
- C:\Windows\System\vlZysBG.exe
  C:\Windows\System\vlZysBG.exe
  2⤵
  PID:4440
- C:\Windows\System\XxtTPnv.exe
  C:\Windows\System\XxtTPnv.exe
  2⤵
  PID:4508
- C:\Windows\System\UpAXyAU.exe
  C:\Windows\System\UpAXyAU.exe
  2⤵
  PID:4380
- C:\Windows\System\dvuVKCA.exe
  C:\Windows\System\dvuVKCA.exe
  2⤵
  PID:4428
- C:\Windows\System\RrgIYaL.exe
  C:\Windows\System\RrgIYaL.exe
  2⤵
  PID:4592
- C:\Windows\System\MOnCcmJ.exe
  C:\Windows\System\MOnCcmJ.exe
  2⤵
  PID:4636
- C:\Windows\System\KxXtDBE.exe
  C:\Windows\System\KxXtDBE.exe
  2⤵
  PID:4712
- C:\Windows\System\xPmzOaj.exe
  C:\Windows\System\xPmzOaj.exe
  2⤵
  PID:4760
- C:\Windows\System\XAEFjHY.exe
  C:\Windows\System\XAEFjHY.exe
  2⤵
  PID:4532
- C:\Windows\System\HBKlniB.exe
  C:\Windows\System\HBKlniB.exe
  2⤵
  PID:4652
- C:\Windows\System\AopONyh.exe
  C:\Windows\System\AopONyh.exe
  2⤵
  PID:4696
- C:\Windows\System\crMntjU.exe
  C:\Windows\System\crMntjU.exe
  2⤵
  PID:4836
- C:\Windows\System\EJICxqq.exe
  C:\Windows\System\EJICxqq.exe
  2⤵
  PID:4880
- C:\Windows\System\XklCthA.exe
  C:\Windows\System\XklCthA.exe
  2⤵
  PID:4648
- C:\Windows\System\leePhui.exe
  C:\Windows\System\leePhui.exe
  2⤵
  PID:4744
- C:\Windows\System\mzLrfdL.exe
  C:\Windows\System\mzLrfdL.exe
  2⤵
  PID:4784
- C:\Windows\System\sdPyZrc.exe
  C:\Windows\System\sdPyZrc.exe
  2⤵
  PID:4992
- C:\Windows\System\crKkTbg.exe
  C:\Windows\System\crKkTbg.exe
  2⤵
  PID:5028
- C:\Windows\System\HeURiwE.exe
  C:\Windows\System\HeURiwE.exe
  2⤵
  PID:4928
- C:\Windows\System\ENEFzTv.exe
  C:\Windows\System\ENEFzTv.exe
  2⤵
  PID:5076
- C:\Windows\System\yVnDzhI.exe
  C:\Windows\System\yVnDzhI.exe
  2⤵
  PID:3596
- C:\Windows\System\OAfHPGE.exe
  C:\Windows\System\OAfHPGE.exe
  2⤵
  PID:5012
- C:\Windows\System\tzNDUwY.exe
  C:\Windows\System\tzNDUwY.exe
  2⤵
  PID:3880
- C:\Windows\System\YQTujeY.exe
  C:\Windows\System\YQTujeY.exe
  2⤵
  PID:3812
- C:\Windows\System\VmlznxO.exe
  C:\Windows\System\VmlznxO.exe
  2⤵
  PID:3844
- C:\Windows\System\zaGOsFc.exe
  C:\Windows\System\zaGOsFc.exe
  2⤵
  PID:3968
- C:\Windows\System\CeNGlPO.exe
  C:\Windows\System\CeNGlPO.exe
  2⤵
  PID:3508
- C:\Windows\System\ADCjfIA.exe
  C:\Windows\System\ADCjfIA.exe
  2⤵
  PID:4052
- C:\Windows\System\KEBIWmY.exe
  C:\Windows\System\KEBIWmY.exe
  2⤵
  PID:3368
- C:\Windows\System\GwcNZDL.exe
  C:\Windows\System\GwcNZDL.exe
  2⤵
  PID:3260
- C:\Windows\System\PWzBIxN.exe
  C:\Windows\System\PWzBIxN.exe
  2⤵
  PID:4036
- C:\Windows\System\SUnGJsk.exe
  C:\Windows\System\SUnGJsk.exe
  2⤵
  PID:3452
- C:\Windows\System\MaiBnVb.exe
  C:\Windows\System\MaiBnVb.exe
  2⤵
  PID:4136
- C:\Windows\System\gKbYtMm.exe
  C:\Windows\System\gKbYtMm.exe
  2⤵
  PID:4172
- C:\Windows\System\hAqShAA.exe
  C:\Windows\System\hAqShAA.exe
  2⤵
  PID:4292
- C:\Windows\System\PoDOfKD.exe
  C:\Windows\System\PoDOfKD.exe
  2⤵
  PID:4300
- C:\Windows\System\BVLAsIe.exe
  C:\Windows\System\BVLAsIe.exe
  2⤵
  PID:4384
- C:\Windows\System\jkZcKPR.exe
  C:\Windows\System\jkZcKPR.exe
  2⤵
  PID:4416
- C:\Windows\System\YbNAtWh.exe
  C:\Windows\System\YbNAtWh.exe
  2⤵
  PID:4560
- C:\Windows\System\URwWWxz.exe
  C:\Windows\System\URwWWxz.exe
  2⤵
  PID:4632
- C:\Windows\System\ZFOFcvw.exe
  C:\Windows\System\ZFOFcvw.exe
  2⤵
  PID:4572
- C:\Windows\System\XpFwcvM.exe
  C:\Windows\System\XpFwcvM.exe
  2⤵
  PID:4576
- C:\Windows\System\KGyHodI.exe
  C:\Windows\System\KGyHodI.exe
  2⤵
  PID:4688
- C:\Windows\System\UAvbNAB.exe
  C:\Windows\System\UAvbNAB.exe
  2⤵
  PID:4884
- C:\Windows\System\TtFjDdn.exe
  C:\Windows\System\TtFjDdn.exe
  2⤵
  PID:4732
- C:\Windows\System\KZMsqSk.exe
  C:\Windows\System\KZMsqSk.exe
  2⤵
  PID:4780
- C:\Windows\System\WWAnDTE.exe
  C:\Windows\System\WWAnDTE.exe
  2⤵
  PID:5024
- C:\Windows\System\dDvJmOV.exe
  C:\Windows\System\dDvJmOV.exe
  2⤵
  PID:5084
- C:\Windows\System\YTVFsVq.exe
  C:\Windows\System\YTVFsVq.exe
  2⤵
  PID:5088
- C:\Windows\System\KGucfqC.exe
  C:\Windows\System\KGucfqC.exe
  2⤵
  PID:5044
- C:\Windows\System\GBTUpAp.exe
  C:\Windows\System\GBTUpAp.exe
  2⤵
  PID:5132
- C:\Windows\System\ZnwRpkD.exe
  C:\Windows\System\ZnwRpkD.exe
  2⤵
  PID:5156
- C:\Windows\System\OZLLtIj.exe
  C:\Windows\System\OZLLtIj.exe
  2⤵
  PID:5176
- C:\Windows\System\nDfHAxx.exe
  C:\Windows\System\nDfHAxx.exe
  2⤵
  PID:5196
- C:\Windows\System\rLGVAXj.exe
  C:\Windows\System\rLGVAXj.exe
  2⤵
  PID:5216
- C:\Windows\System\nkCUYcQ.exe
  C:\Windows\System\nkCUYcQ.exe
  2⤵
  PID:5236
- C:\Windows\System\OoxxBZQ.exe
  C:\Windows\System\OoxxBZQ.exe
  2⤵
  PID:5256
- C:\Windows\System\TNoJzCM.exe
  C:\Windows\System\TNoJzCM.exe
  2⤵
  PID:5276
- C:\Windows\System\xVUgqbJ.exe
  C:\Windows\System\xVUgqbJ.exe
  2⤵
  PID:5296
- C:\Windows\System\mpxBHbh.exe
  C:\Windows\System\mpxBHbh.exe
  2⤵
  PID:5316
- C:\Windows\System\Yudldaz.exe
  C:\Windows\System\Yudldaz.exe
  2⤵
  PID:5336
- C:\Windows\System\BfqIPdv.exe
  C:\Windows\System\BfqIPdv.exe
  2⤵
  PID:5356
- C:\Windows\System\yvtUWzy.exe
  C:\Windows\System\yvtUWzy.exe
  2⤵
  PID:5376
- C:\Windows\System\ulQNaWW.exe
  C:\Windows\System\ulQNaWW.exe
  2⤵
  PID:5396
- C:\Windows\System\LfbxQXH.exe
  C:\Windows\System\LfbxQXH.exe
  2⤵
  PID:5416
- C:\Windows\System\fapeqkA.exe
  C:\Windows\System\fapeqkA.exe
  2⤵
  PID:5436
- C:\Windows\System\sWuXWPB.exe
  C:\Windows\System\sWuXWPB.exe
  2⤵
  PID:5460
- C:\Windows\System\dHyOqYN.exe
  C:\Windows\System\dHyOqYN.exe
  2⤵
  PID:5480
- C:\Windows\System\vTMPJor.exe
  C:\Windows\System\vTMPJor.exe
  2⤵
  PID:5500
- C:\Windows\System\VcdQqvH.exe
  C:\Windows\System\VcdQqvH.exe
  2⤵
  PID:5520
- C:\Windows\System\iTMEuul.exe
  C:\Windows\System\iTMEuul.exe
  2⤵
  PID:5540
- C:\Windows\System\wVNbGKI.exe
  C:\Windows\System\wVNbGKI.exe
  2⤵
  PID:5560
- C:\Windows\System\WUVOnJf.exe
  C:\Windows\System\WUVOnJf.exe
  2⤵
  PID:5580
- C:\Windows\System\qihXHGa.exe
  C:\Windows\System\qihXHGa.exe
  2⤵
  PID:5596
- C:\Windows\System\oZAQyRz.exe
  C:\Windows\System\oZAQyRz.exe
  2⤵
  PID:5620
- C:\Windows\System\KwTBpZe.exe
  C:\Windows\System\KwTBpZe.exe
  2⤵
  PID:5640
- C:\Windows\System\GCSTjMm.exe
  C:\Windows\System\GCSTjMm.exe
  2⤵
  PID:5660
- C:\Windows\System\TAgocdy.exe
  C:\Windows\System\TAgocdy.exe
  2⤵
  PID:5680
- C:\Windows\System\XbpLbmQ.exe
  C:\Windows\System\XbpLbmQ.exe
  2⤵
  PID:5700
- C:\Windows\System\TGfGGbP.exe
  C:\Windows\System\TGfGGbP.exe
  2⤵
  PID:5720
- C:\Windows\System\VJaeHEU.exe
  C:\Windows\System\VJaeHEU.exe
  2⤵
  PID:5740
- C:\Windows\System\nGxIIhg.exe
  C:\Windows\System\nGxIIhg.exe
  2⤵
  PID:5760
- C:\Windows\System\pzzqKIB.exe
  C:\Windows\System\pzzqKIB.exe
  2⤵
  PID:5780
- C:\Windows\System\dByhcdB.exe
  C:\Windows\System\dByhcdB.exe
  2⤵
  PID:5796
- C:\Windows\System\ERQgXXe.exe
  C:\Windows\System\ERQgXXe.exe
  2⤵
  PID:5816
- C:\Windows\System\hcXaJSe.exe
  C:\Windows\System\hcXaJSe.exe
  2⤵
  PID:5840
- C:\Windows\System\QzOfhfn.exe
  C:\Windows\System\QzOfhfn.exe
  2⤵
  PID:5860
- C:\Windows\System\akdxQKy.exe
  C:\Windows\System\akdxQKy.exe
  2⤵
  PID:5880
- C:\Windows\System\RCgiDym.exe
  C:\Windows\System\RCgiDym.exe
  2⤵
  PID:5900
- C:\Windows\System\BnUjRqd.exe
  C:\Windows\System\BnUjRqd.exe
  2⤵
  PID:5920
- C:\Windows\System\mbRsdaf.exe
  C:\Windows\System\mbRsdaf.exe
  2⤵
  PID:5940
- C:\Windows\System\oYvYcvJ.exe
  C:\Windows\System\oYvYcvJ.exe
  2⤵
  PID:5960
- C:\Windows\System\sKsYwmA.exe
  C:\Windows\System\sKsYwmA.exe
  2⤵
  PID:5980
- C:\Windows\System\ceFjDjG.exe
  C:\Windows\System\ceFjDjG.exe
  2⤵
  PID:6000
- C:\Windows\System\TvheLtE.exe
  C:\Windows\System\TvheLtE.exe
  2⤵
  PID:6020
- C:\Windows\System\rzHwKqX.exe
  C:\Windows\System\rzHwKqX.exe
  2⤵
  PID:6040
- C:\Windows\System\DeUNOjp.exe
  C:\Windows\System\DeUNOjp.exe
  2⤵
  PID:6060
- C:\Windows\System\iNQOXWi.exe
  C:\Windows\System\iNQOXWi.exe
  2⤵
  PID:6080
- C:\Windows\System\JFwcyDf.exe
  C:\Windows\System\JFwcyDf.exe
  2⤵
  PID:6100
- C:\Windows\System\DtZHBRy.exe
  C:\Windows\System\DtZHBRy.exe
  2⤵
  PID:6124
- C:\Windows\System\RnFfEEF.exe
  C:\Windows\System\RnFfEEF.exe
  2⤵
  PID:3804
- C:\Windows\System\aYFHDGn.exe
  C:\Windows\System\aYFHDGn.exe
  2⤵
  PID:3156
- C:\Windows\System\hyAOuRo.exe
  C:\Windows\System\hyAOuRo.exe
  2⤵
  PID:3300
- C:\Windows\System\fPkJOCd.exe
  C:\Windows\System\fPkJOCd.exe
  2⤵
  PID:3628
- C:\Windows\System\FeltWyG.exe
  C:\Windows\System\FeltWyG.exe
  2⤵
  PID:3264
- C:\Windows\System\JYILHDl.exe
  C:\Windows\System\JYILHDl.exe
  2⤵
  PID:4156
- C:\Windows\System\MhcmIDm.exe
  C:\Windows\System\MhcmIDm.exe
  2⤵
  PID:4176
- C:\Windows\System\FnRadBg.exe
  C:\Windows\System\FnRadBg.exe
  2⤵
  PID:4168
- C:\Windows\System\RejpegB.exe
  C:\Windows\System\RejpegB.exe
  2⤵
  PID:4388
- C:\Windows\System\ntvouKd.exe
  C:\Windows\System\ntvouKd.exe
  2⤵
  PID:4480
- C:\Windows\System\DxjRtuC.exe
  C:\Windows\System\DxjRtuC.exe
  2⤵
  PID:4668
- C:\Windows\System\YgONEzY.exe
  C:\Windows\System\YgONEzY.exe
  2⤵
  PID:4496
- C:\Windows\System\DGcGjmz.exe
  C:\Windows\System\DGcGjmz.exe
  2⤵
  PID:4916
- C:\Windows\System\buXHmOs.exe
  C:\Windows\System\buXHmOs.exe
  2⤵
  PID:4860
- C:\Windows\System\reLSxcf.exe
  C:\Windows\System\reLSxcf.exe
  2⤵
  PID:4816
- C:\Windows\System\brnULGv.exe
  C:\Windows\System\brnULGv.exe
  2⤵
  PID:5108
- C:\Windows\System\aiqVwgQ.exe
  C:\Windows\System\aiqVwgQ.exe
  2⤵
  PID:3884
- C:\Windows\System\EllyaDb.exe
  C:\Windows\System\EllyaDb.exe
  2⤵
  PID:5164
- C:\Windows\System\gfwcrUE.exe
  C:\Windows\System\gfwcrUE.exe
  2⤵
  PID:5204
- C:\Windows\System\ldVNecD.exe
  C:\Windows\System\ldVNecD.exe
  2⤵
  PID:5192
- C:\Windows\System\TVKUbUK.exe
  C:\Windows\System\TVKUbUK.exe
  2⤵
  PID:5248
- C:\Windows\System\wRGonza.exe
  C:\Windows\System\wRGonza.exe
  2⤵
  PID:5264
- C:\Windows\System\jkeOplW.exe
  C:\Windows\System\jkeOplW.exe
  2⤵
  PID:5324
- C:\Windows\System\GgyIApm.exe
  C:\Windows\System\GgyIApm.exe
  2⤵
  PID:5364
- C:\Windows\System\zHlAEjZ.exe
  C:\Windows\System\zHlAEjZ.exe
  2⤵
  PID:2336
- C:\Windows\System\HsbJWmP.exe
  C:\Windows\System\HsbJWmP.exe
  2⤵
  PID:5412
- C:\Windows\System\OOSqtfW.exe
  C:\Windows\System\OOSqtfW.exe
  2⤵
  PID:5428
- C:\Windows\System\txLMeHx.exe
  C:\Windows\System\txLMeHx.exe
  2⤵
  PID:5472
- C:\Windows\System\dPsqDpJ.exe
  C:\Windows\System\dPsqDpJ.exe
  2⤵
  PID:5528
- C:\Windows\System\NVYwqYD.exe
  C:\Windows\System\NVYwqYD.exe
  2⤵
  PID:5548
- C:\Windows\System\QWZvfHx.exe
  C:\Windows\System\QWZvfHx.exe
  2⤵
  PID:5572
- C:\Windows\System\WJBavQz.exe
  C:\Windows\System\WJBavQz.exe
  2⤵
  PID:5592
- C:\Windows\System\tytpxLB.exe
  C:\Windows\System\tytpxLB.exe
  2⤵
  PID:5632
- C:\Windows\System\zSzrmBk.exe
  C:\Windows\System\zSzrmBk.exe
  2⤵
  PID:5676
- C:\Windows\System\wPcSNHq.exe
  C:\Windows\System\wPcSNHq.exe
  2⤵
  PID:5732
- C:\Windows\System\viqozUz.exe
  C:\Windows\System\viqozUz.exe
  2⤵
  PID:5768
- C:\Windows\System\fLymMSI.exe
  C:\Windows\System\fLymMSI.exe
  2⤵
  PID:5812
- C:\Windows\System\wozbuFj.exe
  C:\Windows\System\wozbuFj.exe
  2⤵
  PID:5828
- C:\Windows\System\kqtfBiI.exe
  C:\Windows\System\kqtfBiI.exe
  2⤵
  PID:5856
- C:\Windows\System\KqdVliq.exe
  C:\Windows\System\KqdVliq.exe
  2⤵
  PID:5868
- C:\Windows\System\kiNkMkO.exe
  C:\Windows\System\kiNkMkO.exe
  2⤵
  PID:5968
- C:\Windows\System\gUoCISA.exe
  C:\Windows\System\gUoCISA.exe
  2⤵
  PID:6012
- C:\Windows\System\DITGicX.exe
  C:\Windows\System\DITGicX.exe
  2⤵
  PID:6056
- C:\Windows\System\IosuTGP.exe
  C:\Windows\System\IosuTGP.exe
  2⤵
  PID:5952
- C:\Windows\System\fPclOZa.exe
  C:\Windows\System\fPclOZa.exe
  2⤵
  PID:6036
- C:\Windows\System\JWkauUx.exe
  C:\Windows\System\JWkauUx.exe
  2⤵
  PID:6092
- C:\Windows\System\mQPKjlN.exe
  C:\Windows\System\mQPKjlN.exe
  2⤵
  PID:6120
- C:\Windows\System\wGkjYRL.exe
  C:\Windows\System\wGkjYRL.exe
  2⤵
  PID:3428
- C:\Windows\System\alVChLz.exe
  C:\Windows\System\alVChLz.exe
  2⤵
  PID:3172
- C:\Windows\System\NUcKyqA.exe
  C:\Windows\System\NUcKyqA.exe
  2⤵
  PID:4240
- C:\Windows\System\dEmdyea.exe
  C:\Windows\System\dEmdyea.exe
  2⤵
  PID:3764
- C:\Windows\System\gNRIzLI.exe
  C:\Windows\System\gNRIzLI.exe
  2⤵
  PID:4460
- C:\Windows\System\gsKNTzv.exe
  C:\Windows\System\gsKNTzv.exe
  2⤵
  PID:4316
- C:\Windows\System\haVLKrE.exe
  C:\Windows\System\haVLKrE.exe
  2⤵
  PID:4840
- C:\Windows\System\CIPqGUG.exe
  C:\Windows\System\CIPqGUG.exe
  2⤵
  PID:4832
- C:\Windows\System\rKEoCeu.exe
  C:\Windows\System\rKEoCeu.exe
  2⤵
  PID:4776
- C:\Windows\System\zTUVgPD.exe
  C:\Windows\System\zTUVgPD.exe
  2⤵
  PID:5060
- C:\Windows\System\ereCfCP.exe
  C:\Windows\System\ereCfCP.exe
  2⤵
  PID:5144
- C:\Windows\System\KVCEHNA.exe
  C:\Windows\System\KVCEHNA.exe
  2⤵
  PID:5232
- C:\Windows\System\stYbClV.exe
  C:\Windows\System\stYbClV.exe
  2⤵
  PID:5292
- C:\Windows\System\EohMOhU.exe
  C:\Windows\System\EohMOhU.exe
  2⤵
  PID:5304
- C:\Windows\System\ZRVzMRU.exe
  C:\Windows\System\ZRVzMRU.exe
  2⤵
  PID:5368
- C:\Windows\System\yxPjRUw.exe
  C:\Windows\System\yxPjRUw.exe
  2⤵
  PID:5392
- C:\Windows\System\CjGaMfT.exe
  C:\Windows\System\CjGaMfT.exe
  2⤵
  PID:5476
- C:\Windows\System\pgByrCb.exe
  C:\Windows\System\pgByrCb.exe
  2⤵
  PID:5552
- C:\Windows\System\eYaeCsn.exe
  C:\Windows\System\eYaeCsn.exe
  2⤵
  PID:5588
- C:\Windows\System\AbJvzvc.exe
  C:\Windows\System\AbJvzvc.exe
  2⤵
  PID:5652
- C:\Windows\System\CslUFMe.exe
  C:\Windows\System\CslUFMe.exe
  2⤵
  PID:5692
- C:\Windows\System\zhXZYpx.exe
  C:\Windows\System\zhXZYpx.exe
  2⤵
  PID:5772
- C:\Windows\System\KBygfeX.exe
  C:\Windows\System\KBygfeX.exe
  2⤵
  PID:5756
- C:\Windows\System\WMohWKW.exe
  C:\Windows\System\WMohWKW.exe
  2⤵
  PID:5896
- C:\Windows\System\MMPzKHV.exe
  C:\Windows\System\MMPzKHV.exe
  2⤵
  PID:5872
- C:\Windows\System\vurhgBu.exe
  C:\Windows\System\vurhgBu.exe
  2⤵
  PID:5912
- C:\Windows\System\bhshTIA.exe
  C:\Windows\System\bhshTIA.exe
  2⤵
  PID:5992
- C:\Windows\System\mpMRodm.exe
  C:\Windows\System\mpMRodm.exe
  2⤵
  PID:6088
- C:\Windows\System\zsNBscH.exe
  C:\Windows\System\zsNBscH.exe
  2⤵
  PID:6136
- C:\Windows\System\tramuXZ.exe
  C:\Windows\System\tramuXZ.exe
  2⤵
  PID:2984
- C:\Windows\System\eHzliWQ.exe
  C:\Windows\System\eHzliWQ.exe
  2⤵
  PID:4140
- C:\Windows\System\tDgRvHV.exe
  C:\Windows\System\tDgRvHV.exe
  2⤵
  PID:6164
- C:\Windows\System\cJmiulI.exe
  C:\Windows\System\cJmiulI.exe
  2⤵
  PID:6184
- C:\Windows\System\yQVvlSV.exe
  C:\Windows\System\yQVvlSV.exe
  2⤵
  PID:6204
- C:\Windows\System\yjAzpXh.exe
  C:\Windows\System\yjAzpXh.exe
  2⤵
  PID:6224
- C:\Windows\System\mVCiKQi.exe
  C:\Windows\System\mVCiKQi.exe
  2⤵
  PID:6244
- C:\Windows\System\DxheTiO.exe
  C:\Windows\System\DxheTiO.exe
  2⤵
  PID:6264
- C:\Windows\System\bbaiNbt.exe
  C:\Windows\System\bbaiNbt.exe
  2⤵
  PID:6284
- C:\Windows\System\nuWdwrW.exe
  C:\Windows\System\nuWdwrW.exe
  2⤵
  PID:6304
- C:\Windows\System\BvagxtZ.exe
  C:\Windows\System\BvagxtZ.exe
  2⤵
  PID:6324
- C:\Windows\System\nOCllEQ.exe
  C:\Windows\System\nOCllEQ.exe
  2⤵
  PID:6348
- C:\Windows\System\WYxkNZK.exe
  C:\Windows\System\WYxkNZK.exe
  2⤵
  PID:6368
- C:\Windows\System\BRtWThu.exe
  C:\Windows\System\BRtWThu.exe
  2⤵
  PID:6388
- C:\Windows\System\rHPusiH.exe
  C:\Windows\System\rHPusiH.exe
  2⤵
  PID:6408
- C:\Windows\System\wOSzpRy.exe
  C:\Windows\System\wOSzpRy.exe
  2⤵
  PID:6428
- C:\Windows\System\hjpiDHd.exe
  C:\Windows\System\hjpiDHd.exe
  2⤵
  PID:6448
- C:\Windows\System\CqOERQf.exe
  C:\Windows\System\CqOERQf.exe
  2⤵
  PID:6468
- C:\Windows\System\FGNgbck.exe
  C:\Windows\System\FGNgbck.exe
  2⤵
  PID:6488
- C:\Windows\System\OcklcxS.exe
  C:\Windows\System\OcklcxS.exe
  2⤵
  PID:6508
- C:\Windows\System\jlXgjwK.exe
  C:\Windows\System\jlXgjwK.exe
  2⤵
  PID:6528
- C:\Windows\System\EMfzcpE.exe
  C:\Windows\System\EMfzcpE.exe
  2⤵
  PID:6548
- C:\Windows\System\UFjmEDB.exe
  C:\Windows\System\UFjmEDB.exe
  2⤵
  PID:6568
- C:\Windows\System\KrLmbbG.exe
  C:\Windows\System\KrLmbbG.exe
  2⤵
  PID:6588
- C:\Windows\System\jDplAuu.exe
  C:\Windows\System\jDplAuu.exe
  2⤵
  PID:6608
- C:\Windows\System\bgMKeBt.exe
  C:\Windows\System\bgMKeBt.exe
  2⤵
  PID:6628
- C:\Windows\System\NjvvSsI.exe
  C:\Windows\System\NjvvSsI.exe
  2⤵
  PID:6648
- C:\Windows\System\UefQOLP.exe
  C:\Windows\System\UefQOLP.exe
  2⤵
  PID:6668
- C:\Windows\System\tKFJGyo.exe
  C:\Windows\System\tKFJGyo.exe
  2⤵
  PID:6688
- C:\Windows\System\BQpKbcp.exe
  C:\Windows\System\BQpKbcp.exe
  2⤵
  PID:6708
- C:\Windows\System\FoBAIDr.exe
  C:\Windows\System\FoBAIDr.exe
  2⤵
  PID:6728
- C:\Windows\System\yCGybHt.exe
  C:\Windows\System\yCGybHt.exe
  2⤵
  PID:6748
- C:\Windows\System\seRWCVZ.exe
  C:\Windows\System\seRWCVZ.exe
  2⤵
  PID:6768
- C:\Windows\System\axyrjqI.exe
  C:\Windows\System\axyrjqI.exe
  2⤵
  PID:6788
- C:\Windows\System\QtQEiIz.exe
  C:\Windows\System\QtQEiIz.exe
  2⤵
  PID:6808
- C:\Windows\System\dscttGS.exe
  C:\Windows\System\dscttGS.exe
  2⤵
  PID:6828
- C:\Windows\System\YEzIxIP.exe
  C:\Windows\System\YEzIxIP.exe
  2⤵
  PID:6848
- C:\Windows\System\cXKPlRN.exe
  C:\Windows\System\cXKPlRN.exe
  2⤵
  PID:6868
- C:\Windows\System\VblWrsb.exe
  C:\Windows\System\VblWrsb.exe
  2⤵
  PID:6888
- C:\Windows\System\KgeMwtE.exe
  C:\Windows\System\KgeMwtE.exe
  2⤵
  PID:6908
- C:\Windows\System\MbgOgUR.exe
  C:\Windows\System\MbgOgUR.exe
  2⤵
  PID:6928
- C:\Windows\System\bqlaOHP.exe
  C:\Windows\System\bqlaOHP.exe
  2⤵
  PID:6948
- C:\Windows\System\vAxoizV.exe
  C:\Windows\System\vAxoizV.exe
  2⤵
  PID:6968
- C:\Windows\System\TzASfQQ.exe
  C:\Windows\System\TzASfQQ.exe
  2⤵
  PID:6988
- C:\Windows\System\iQhLGiC.exe
  C:\Windows\System\iQhLGiC.exe
  2⤵
  PID:7008
- C:\Windows\System\YcElWOI.exe
  C:\Windows\System\YcElWOI.exe
  2⤵
  PID:7028
- C:\Windows\System\OFeyOcl.exe
  C:\Windows\System\OFeyOcl.exe
  2⤵
  PID:7048
- C:\Windows\System\yvCzsaH.exe
  C:\Windows\System\yvCzsaH.exe
  2⤵
  PID:7068
- C:\Windows\System\nYlFLWs.exe
  C:\Windows\System\nYlFLWs.exe
  2⤵
  PID:7088
- C:\Windows\System\XqUPdzm.exe
  C:\Windows\System\XqUPdzm.exe
  2⤵
  PID:7108
- C:\Windows\System\KgsruyF.exe
  C:\Windows\System\KgsruyF.exe
  2⤵
  PID:7128
- C:\Windows\System\TADECqd.exe
  C:\Windows\System\TADECqd.exe
  2⤵
  PID:7148
- C:\Windows\System\NVJJQJw.exe
  C:\Windows\System\NVJJQJw.exe
  2⤵
  PID:4312
- C:\Windows\System\yTkmrjH.exe
  C:\Windows\System\yTkmrjH.exe
  2⤵
  PID:2848
- C:\Windows\System\ZNubcxF.exe
  C:\Windows\System\ZNubcxF.exe
  2⤵
  PID:2696
- C:\Windows\System\VBgcKIb.exe
  C:\Windows\System\VBgcKIb.exe
  2⤵
  PID:2056
- C:\Windows\System\TaEebXa.exe
  C:\Windows\System\TaEebXa.exe
  2⤵
  PID:5224
- C:\Windows\System\IIGxHpi.exe
  C:\Windows\System\IIGxHpi.exe
  2⤵
  PID:5284
- C:\Windows\System\VycJuAO.exe
  C:\Windows\System\VycJuAO.exe
  2⤵
  PID:5344
- C:\Windows\System\aHcjOAa.exe
  C:\Windows\System\aHcjOAa.exe
  2⤵
  PID:5352
- C:\Windows\System\gRPVori.exe
  C:\Windows\System\gRPVori.exe
  2⤵
  PID:5448
- C:\Windows\System\MxJrfvi.exe
  C:\Windows\System\MxJrfvi.exe
  2⤵
  PID:5516
- C:\Windows\System\PkVoyfi.exe
  C:\Windows\System\PkVoyfi.exe
  2⤵
  PID:5712
- C:\Windows\System\jAOlmcN.exe
  C:\Windows\System\jAOlmcN.exe
  2⤵
  PID:5832
- C:\Windows\System\BBTlpzs.exe
  C:\Windows\System\BBTlpzs.exe
  2⤵
  PID:5932
- C:\Windows\System\nqXhdKp.exe
  C:\Windows\System\nqXhdKp.exe
  2⤵
  PID:6008
- C:\Windows\System\ybRhomh.exe
  C:\Windows\System\ybRhomh.exe
  2⤵
  PID:6096
- C:\Windows\System\igUzJfi.exe
  C:\Windows\System\igUzJfi.exe
  2⤵
  PID:4032
- C:\Windows\System\OsOyUqd.exe
  C:\Windows\System\OsOyUqd.exe
  2⤵
  PID:6152
- C:\Windows\System\wYdMHMJ.exe
  C:\Windows\System\wYdMHMJ.exe
  2⤵
  PID:6192
- C:\Windows\System\TleWtsa.exe
  C:\Windows\System\TleWtsa.exe
  2⤵
  PID:6196
- C:\Windows\System\VEzctpN.exe
  C:\Windows\System\VEzctpN.exe
  2⤵
  PID:6216
- C:\Windows\System\VQxKnVS.exe
  C:\Windows\System\VQxKnVS.exe
  2⤵
  PID:6256
- C:\Windows\System\QdmVJze.exe
  C:\Windows\System\QdmVJze.exe
  2⤵
  PID:6320
- C:\Windows\System\odLbQHD.exe
  C:\Windows\System\odLbQHD.exe
  2⤵
  PID:6340
- C:\Windows\System\jhiYjan.exe
  C:\Windows\System\jhiYjan.exe
  2⤵
  PID:6376
- C:\Windows\System\thzEMxy.exe
  C:\Windows\System\thzEMxy.exe
  2⤵
  PID:6404
- C:\Windows\System\TGQcSmI.exe
  C:\Windows\System\TGQcSmI.exe
  2⤵
  PID:6420
- C:\Windows\System\bOKQYmc.exe
  C:\Windows\System\bOKQYmc.exe
  2⤵
  PID:6484
- C:\Windows\System\UpfXaBL.exe
  C:\Windows\System\UpfXaBL.exe
  2⤵
  PID:6524
- C:\Windows\System\UKxIokt.exe
  C:\Windows\System\UKxIokt.exe
  2⤵
  PID:6536
- C:\Windows\System\xtTDpow.exe
  C:\Windows\System\xtTDpow.exe
  2⤵
  PID:6560
- C:\Windows\System\mROeCPm.exe
  C:\Windows\System\mROeCPm.exe
  2⤵
  PID:6604
- C:\Windows\System\gdyOkRi.exe
  C:\Windows\System\gdyOkRi.exe
  2⤵
  PID:6620
- C:\Windows\System\xQXkCWH.exe
  C:\Windows\System\xQXkCWH.exe
  2⤵
  PID:6684
- C:\Windows\System\KRQXErY.exe
  C:\Windows\System\KRQXErY.exe
  2⤵
  PID:6716
- C:\Windows\System\iERdzft.exe
  C:\Windows\System\iERdzft.exe
  2⤵
  PID:6720
- C:\Windows\System\GseYBMM.exe
  C:\Windows\System\GseYBMM.exe
  2⤵
  PID:6760
- C:\Windows\System\AwYCknt.exe
  C:\Windows\System\AwYCknt.exe
  2⤵
  PID:6800
- C:\Windows\System\xNAwOwl.exe
  C:\Windows\System\xNAwOwl.exe
  2⤵
  PID:6844
- C:\Windows\System\dHmjJAz.exe
  C:\Windows\System\dHmjJAz.exe
  2⤵
  PID:6856
- C:\Windows\System\VjbpyAu.exe
  C:\Windows\System\VjbpyAu.exe
  2⤵
  PID:6860
- C:\Windows\System\btijjlS.exe
  C:\Windows\System\btijjlS.exe
  2⤵
  PID:6900
- C:\Windows\System\mQjZAQd.exe
  C:\Windows\System\mQjZAQd.exe
  2⤵
  PID:6944
- C:\Windows\System\lFBAyZw.exe
  C:\Windows\System\lFBAyZw.exe
  2⤵
  PID:6984
- C:\Windows\System\HwRnAhT.exe
  C:\Windows\System\HwRnAhT.exe
  2⤵
  PID:7044
- C:\Windows\System\DnWmFpE.exe
  C:\Windows\System\DnWmFpE.exe
  2⤵
  PID:7076
- C:\Windows\System\EovPNsf.exe
  C:\Windows\System\EovPNsf.exe
  2⤵
  PID:7116
- C:\Windows\System\BpPaMpp.exe
  C:\Windows\System\BpPaMpp.exe
  2⤵
  PID:7120
- C:\Windows\System\ZNrsWaz.exe
  C:\Windows\System\ZNrsWaz.exe
  2⤵
  PID:7164
- C:\Windows\System\yKLvjGb.exe
  C:\Windows\System\yKLvjGb.exe
  2⤵
  PID:2784
- C:\Windows\System\AKxMxdV.exe
  C:\Windows\System\AKxMxdV.exe
  2⤵
  PID:5040
- C:\Windows\System\TjXVsSN.exe
  C:\Windows\System\TjXVsSN.exe
  2⤵
  PID:5100
- C:\Windows\System\YAkUEOo.exe
  C:\Windows\System\YAkUEOo.exe
  2⤵
  PID:1120
- C:\Windows\System\DIRSwkA.exe
  C:\Windows\System\DIRSwkA.exe
  2⤵
  PID:5388
- C:\Windows\System\DAovzLo.exe
  C:\Windows\System\DAovzLo.exe
  2⤵
  PID:5776
- C:\Windows\System\voUADjP.exe
  C:\Windows\System\voUADjP.exe
  2⤵
  PID:5752
- C:\Windows\System\uIzXJFT.exe
  C:\Windows\System\uIzXJFT.exe
  2⤵
  PID:5848
- C:\Windows\System\xITqqXj.exe
  C:\Windows\System\xITqqXj.exe
  2⤵
  PID:2768
- C:\Windows\System\KIgpiPE.exe
  C:\Windows\System\KIgpiPE.exe
  2⤵
  PID:6140
- C:\Windows\System\ZapKqzw.exe
  C:\Windows\System\ZapKqzw.exe
  2⤵
  PID:4236
- C:\Windows\System\XVOvvNf.exe
  C:\Windows\System\XVOvvNf.exe
  2⤵
  PID:6220
- C:\Windows\System\YmcUDLJ.exe
  C:\Windows\System\YmcUDLJ.exe
  2⤵
  PID:6276
- C:\Windows\System\LhTNHgu.exe
  C:\Windows\System\LhTNHgu.exe
  2⤵
  PID:2644
- C:\Windows\System\jUOnReo.exe
  C:\Windows\System\jUOnReo.exe
  2⤵
  PID:6384
- C:\Windows\System\OxSphzb.exe
  C:\Windows\System\OxSphzb.exe
  2⤵
  PID:6504
- C:\Windows\System\dWzCKew.exe
  C:\Windows\System\dWzCKew.exe
  2⤵
  PID:6460
- C:\Windows\System\pObaeXC.exe
  C:\Windows\System\pObaeXC.exe
  2⤵
  PID:6580
- C:\Windows\System\EZuRhff.exe
  C:\Windows\System\EZuRhff.exe
  2⤵
  PID:6556
- C:\Windows\System\oxnpBeO.exe
  C:\Windows\System\oxnpBeO.exe
  2⤵
  PID:6636
- C:\Windows\System\ZMpDZtP.exe
  C:\Windows\System\ZMpDZtP.exe
  2⤵
  PID:6700
- C:\Windows\System\BYGzTku.exe
  C:\Windows\System\BYGzTku.exe
  2⤵
  PID:6764
- C:\Windows\System\PwupUnR.exe
  C:\Windows\System\PwupUnR.exe
  2⤵
  PID:6840
- C:\Windows\System\Nbsynsl.exe
  C:\Windows\System\Nbsynsl.exe
  2⤵
  PID:6924
- C:\Windows\System\DddBdMl.exe
  C:\Windows\System\DddBdMl.exe
  2⤵
  PID:6960
- C:\Windows\System\iMgdtMU.exe
  C:\Windows\System\iMgdtMU.exe
  2⤵
  PID:7000
- C:\Windows\System\iAJWFpU.exe
  C:\Windows\System\iAJWFpU.exe
  2⤵
  PID:7040
- C:\Windows\System\vLgXjlK.exe
  C:\Windows\System\vLgXjlK.exe
  2⤵
  PID:4552
- C:\Windows\System\vNjfgDN.exe
  C:\Windows\System\vNjfgDN.exe
  2⤵
  PID:7060
- C:\Windows\System\PzlkhKz.exe
  C:\Windows\System\PzlkhKz.exe
  2⤵
  PID:5244
- C:\Windows\System\ELpxDkM.exe
  C:\Windows\System\ELpxDkM.exe
  2⤵
  PID:3748
- C:\Windows\System\eBhOMtF.exe
  C:\Windows\System\eBhOMtF.exe
  2⤵
  PID:5208
- C:\Windows\System\LFYxFMg.exe
  C:\Windows\System\LFYxFMg.exe
  2⤵
  PID:5696
- C:\Windows\System\xdiZTrh.exe
  C:\Windows\System\xdiZTrh.exe
  2⤵
  PID:4256
- C:\Windows\System\leeAwke.exe
  C:\Windows\System\leeAwke.exe
  2⤵
  PID:3244
- C:\Windows\System\oMVzBqi.exe
  C:\Windows\System\oMVzBqi.exe
  2⤵
  PID:6260
- C:\Windows\System\ctLxyPY.exe
  C:\Windows\System\ctLxyPY.exe
  2⤵
  PID:6156
- C:\Windows\System\gGQcOjX.exe
  C:\Windows\System\gGQcOjX.exe
  2⤵
  PID:6380
- C:\Windows\System\ajtikqx.exe
  C:\Windows\System\ajtikqx.exe
  2⤵
  PID:6316
- C:\Windows\System\RVxrBff.exe
  C:\Windows\System\RVxrBff.exe
  2⤵
  PID:6424
- C:\Windows\System\chWtJjR.exe
  C:\Windows\System\chWtJjR.exe
  2⤵
  PID:7176
- C:\Windows\System\tKkKocq.exe
  C:\Windows\System\tKkKocq.exe
  2⤵
  PID:7196
- C:\Windows\System\xqROvsf.exe
  C:\Windows\System\xqROvsf.exe
  2⤵
  PID:7220
- C:\Windows\System\EJNDpyH.exe
  C:\Windows\System\EJNDpyH.exe
  2⤵
  PID:7240
- C:\Windows\System\MecVcMb.exe
  C:\Windows\System\MecVcMb.exe
  2⤵
  PID:7260
- C:\Windows\System\BVndAET.exe
  C:\Windows\System\BVndAET.exe
  2⤵
  PID:7280
- C:\Windows\System\SsARisf.exe
  C:\Windows\System\SsARisf.exe
  2⤵
  PID:7300
- C:\Windows\System\UMzuZtw.exe
  C:\Windows\System\UMzuZtw.exe
  2⤵
  PID:7320
- C:\Windows\System\wibpgaX.exe
  C:\Windows\System\wibpgaX.exe
  2⤵
  PID:7340
- C:\Windows\System\MKOHibi.exe
  C:\Windows\System\MKOHibi.exe
  2⤵
  PID:7360
- C:\Windows\System\Gdjyuii.exe
  C:\Windows\System\Gdjyuii.exe
  2⤵
  PID:7380
- C:\Windows\System\xEmfxnx.exe
  C:\Windows\System\xEmfxnx.exe
  2⤵
  PID:7400
- C:\Windows\System\LrSZtix.exe
  C:\Windows\System\LrSZtix.exe
  2⤵
  PID:7420
- C:\Windows\System\doUoOmh.exe
  C:\Windows\System\doUoOmh.exe
  2⤵
  PID:7440
- C:\Windows\System\ivffyqS.exe
  C:\Windows\System\ivffyqS.exe
  2⤵
  PID:7460
- C:\Windows\System\fqrJHYF.exe
  C:\Windows\System\fqrJHYF.exe
  2⤵
  PID:7480
- C:\Windows\System\ikoSKWH.exe
  C:\Windows\System\ikoSKWH.exe
  2⤵
  PID:7500
- C:\Windows\System\LLbGHuw.exe
  C:\Windows\System\LLbGHuw.exe
  2⤵
  PID:7520
- C:\Windows\System\fApDFPa.exe
  C:\Windows\System\fApDFPa.exe
  2⤵
  PID:7540
- C:\Windows\System\FOJtzRP.exe
  C:\Windows\System\FOJtzRP.exe
  2⤵
  PID:7560
- C:\Windows\System\MSJBcUl.exe
  C:\Windows\System\MSJBcUl.exe
  2⤵
  PID:7580
- C:\Windows\System\kirxypY.exe
  C:\Windows\System\kirxypY.exe
  2⤵
  PID:7600
- C:\Windows\System\vlDYoDG.exe
  C:\Windows\System\vlDYoDG.exe
  2⤵
  PID:7620
- C:\Windows\System\WbeTfpg.exe
  C:\Windows\System\WbeTfpg.exe
  2⤵
  PID:7640
- C:\Windows\System\JZfjHDR.exe
  C:\Windows\System\JZfjHDR.exe
  2⤵
  PID:7660
- C:\Windows\System\kVBGUHZ.exe
  C:\Windows\System\kVBGUHZ.exe
  2⤵
  PID:7680
- C:\Windows\System\LukfurR.exe
  C:\Windows\System\LukfurR.exe
  2⤵
  PID:7700
- C:\Windows\System\rrXpBTH.exe
  C:\Windows\System\rrXpBTH.exe
  2⤵
  PID:7720
- C:\Windows\System\szEstHx.exe
  C:\Windows\System\szEstHx.exe
  2⤵
  PID:7740
- C:\Windows\System\WjuTwvS.exe
  C:\Windows\System\WjuTwvS.exe
  2⤵
  PID:7760
- C:\Windows\System\sYBszlJ.exe
  C:\Windows\System\sYBszlJ.exe
  2⤵
  PID:7780
- C:\Windows\System\PMSHPDM.exe
  C:\Windows\System\PMSHPDM.exe
  2⤵
  PID:7800
- C:\Windows\System\UILFFBI.exe
  C:\Windows\System\UILFFBI.exe
  2⤵
  PID:7820
- C:\Windows\System\EEIiEGD.exe
  C:\Windows\System\EEIiEGD.exe
  2⤵
  PID:7836
- C:\Windows\System\CVvEpSH.exe
  C:\Windows\System\CVvEpSH.exe
  2⤵
  PID:7860
- C:\Windows\System\tyqQWpK.exe
  C:\Windows\System\tyqQWpK.exe
  2⤵
  PID:7880
- C:\Windows\System\YJTHTjr.exe
  C:\Windows\System\YJTHTjr.exe
  2⤵
  PID:7904
- C:\Windows\System\lelOtqX.exe
  C:\Windows\System\lelOtqX.exe
  2⤵
  PID:7924
- C:\Windows\System\ALRnTYv.exe
  C:\Windows\System\ALRnTYv.exe
  2⤵
  PID:7944
- C:\Windows\System\DdMMclf.exe
  C:\Windows\System\DdMMclf.exe
  2⤵
  PID:7964
- C:\Windows\System\muuGTdb.exe
  C:\Windows\System\muuGTdb.exe
  2⤵
  PID:7984
- C:\Windows\System\ptoPQNA.exe
  C:\Windows\System\ptoPQNA.exe
  2⤵
  PID:8004
- C:\Windows\System\dvFliwv.exe
  C:\Windows\System\dvFliwv.exe
  2⤵
  PID:8024
- C:\Windows\System\MFPCmJB.exe
  C:\Windows\System\MFPCmJB.exe
  2⤵
  PID:8044
- C:\Windows\System\aooesru.exe
  C:\Windows\System\aooesru.exe
  2⤵
  PID:8064
- C:\Windows\System\wKJdHfH.exe
  C:\Windows\System\wKJdHfH.exe
  2⤵
  PID:8088
- C:\Windows\System\GyteYTH.exe
  C:\Windows\System\GyteYTH.exe
  2⤵
  PID:8108
- C:\Windows\System\LtzzgQJ.exe
  C:\Windows\System\LtzzgQJ.exe
  2⤵
  PID:8128
- C:\Windows\System\hwPGVVQ.exe
  C:\Windows\System\hwPGVVQ.exe
  2⤵
  PID:8148
- C:\Windows\System\TTEgFrd.exe
  C:\Windows\System\TTEgFrd.exe
  2⤵
  PID:8168
- C:\Windows\System\kpEuTXf.exe
  C:\Windows\System\kpEuTXf.exe
  2⤵
  PID:8184
- C:\Windows\System\CbqZuca.exe
  C:\Windows\System\CbqZuca.exe
  2⤵
  PID:6740
- C:\Windows\System\fCOrAiG.exe
  C:\Windows\System\fCOrAiG.exe
  2⤵
  PID:6816
- C:\Windows\System\QVjGlJK.exe
  C:\Windows\System\QVjGlJK.exe
  2⤵
  PID:6784
- C:\Windows\System\yXNusfT.exe
  C:\Windows\System\yXNusfT.exe
  2⤵
  PID:6876
- C:\Windows\System\hQeQHul.exe
  C:\Windows\System\hQeQHul.exe
  2⤵
  PID:6980
- C:\Windows\System\XJHxJDi.exe
  C:\Windows\System\XJHxJDi.exe
  2⤵
  PID:592
- C:\Windows\System\vaJTREA.exe
  C:\Windows\System\vaJTREA.exe
  2⤵
  PID:4716
- C:\Windows\System\alcKATk.exe
  C:\Windows\System\alcKATk.exe
  2⤵
  PID:5728
- C:\Windows\System\WmBGQNi.exe
  C:\Windows\System\WmBGQNi.exe
  2⤵
  PID:5628
- C:\Windows\System\PVgvBVj.exe
  C:\Windows\System\PVgvBVj.exe
  2⤵
  PID:5556
- C:\Windows\System\VsyhraW.exe
  C:\Windows\System\VsyhraW.exe
  2⤵
  PID:5928
- C:\Windows\System\BUsbjja.exe
  C:\Windows\System\BUsbjja.exe
  2⤵
  PID:6360
- C:\Windows\System\VADQqQU.exe
  C:\Windows\System\VADQqQU.exe
  2⤵
  PID:7172
- C:\Windows\System\XxOuJqD.exe
  C:\Windows\System\XxOuJqD.exe
  2⤵
  PID:6416
- C:\Windows\System\HSdtnNC.exe
  C:\Windows\System\HSdtnNC.exe
  2⤵
  PID:7212
- C:\Windows\System\YYnKHrX.exe
  C:\Windows\System\YYnKHrX.exe
  2⤵
  PID:7232
- C:\Windows\System\TAIMmpe.exe
  C:\Windows\System\TAIMmpe.exe
  2⤵
  PID:7268
- C:\Windows\System\ngpxosB.exe
  C:\Windows\System\ngpxosB.exe
  2⤵
  PID:7316
- C:\Windows\System\UOLNsza.exe
  C:\Windows\System\UOLNsza.exe
  2⤵
  PID:7368
- C:\Windows\System\TnUgEuQ.exe
  C:\Windows\System\TnUgEuQ.exe
  2⤵
  PID:7372
- C:\Windows\System\GEnsWIy.exe
  C:\Windows\System\GEnsWIy.exe
  2⤵
  PID:7412
- C:\Windows\System\yYoSsjS.exe
  C:\Windows\System\yYoSsjS.exe
  2⤵
  PID:7452
- C:\Windows\System\eqBZfzo.exe
  C:\Windows\System\eqBZfzo.exe
  2⤵
  PID:7492
- C:\Windows\System\pvTeqNE.exe
  C:\Windows\System\pvTeqNE.exe
  2⤵
  PID:7516
- C:\Windows\System\lMPyPXx.exe
  C:\Windows\System\lMPyPXx.exe
  2⤵
  PID:7548
- C:\Windows\System\RwDgeOy.exe
  C:\Windows\System\RwDgeOy.exe
  2⤵
  PID:7572
- C:\Windows\System\fFWLGlL.exe
  C:\Windows\System\fFWLGlL.exe
  2⤵
  PID:7592
- C:\Windows\System\ziMpiND.exe
  C:\Windows\System\ziMpiND.exe
  2⤵
  PID:7632
- C:\Windows\System\IDNPAEt.exe
  C:\Windows\System\IDNPAEt.exe
  2⤵
  PID:7696
- C:\Windows\System\cfzWnhr.exe
  C:\Windows\System\cfzWnhr.exe
  2⤵
  PID:7728
- C:\Windows\System\kVLvoOm.exe
  C:\Windows\System\kVLvoOm.exe
  2⤵
  PID:7748
- C:\Windows\System\gQzFsQt.exe
  C:\Windows\System\gQzFsQt.exe
  2⤵
  PID:7788
- C:\Windows\System\vbPzZur.exe
  C:\Windows\System\vbPzZur.exe
  2⤵
  PID:7812
- C:\Windows\System\DWwrjHn.exe
  C:\Windows\System\DWwrjHn.exe
  2⤵
  PID:7832
- C:\Windows\System\TdSaAeB.exe
  C:\Windows\System\TdSaAeB.exe
  2⤵
  PID:7896
- C:\Windows\System\ZtTzCfa.exe
  C:\Windows\System\ZtTzCfa.exe
  2⤵
  PID:7916
- C:\Windows\System\GeocEcr.exe
  C:\Windows\System\GeocEcr.exe
  2⤵
  PID:7952
- C:\Windows\System\TKVTyRj.exe
  C:\Windows\System\TKVTyRj.exe
  2⤵
  PID:7956
- C:\Windows\System\soCVJmz.exe
  C:\Windows\System\soCVJmz.exe
  2⤵
  PID:8016
- C:\Windows\System\IhMIrAl.exe
  C:\Windows\System\IhMIrAl.exe
  2⤵
  PID:8056
- C:\Windows\System\BCLOVDt.exe
  C:\Windows\System\BCLOVDt.exe
  2⤵
  PID:8076
- C:\Windows\System\DnHVRzm.exe
  C:\Windows\System\DnHVRzm.exe
  2⤵
  PID:8120
- C:\Windows\System\mQIqFCJ.exe
  C:\Windows\System\mQIqFCJ.exe
  2⤵
  PID:8176
- C:\Windows\System\JjWgRdl.exe
  C:\Windows\System\JjWgRdl.exe
  2⤵
  PID:6916
- C:\Windows\System\vJvlUoK.exe
  C:\Windows\System\vJvlUoK.exe
  2⤵
  PID:2700
- C:\Windows\System\AYkcxVA.exe
  C:\Windows\System\AYkcxVA.exe
  2⤵
  PID:6880
- C:\Windows\System\OoSvpTN.exe
  C:\Windows\System\OoSvpTN.exe
  2⤵
  PID:6976
- C:\Windows\System\pOtWFwg.exe
  C:\Windows\System\pOtWFwg.exe
  2⤵
  PID:7084
- C:\Windows\System\vjgVSzp.exe
  C:\Windows\System\vjgVSzp.exe
  2⤵
  PID:840
- C:\Windows\System\BtskojW.exe
  C:\Windows\System\BtskojW.exe
  2⤵
  PID:6292
- C:\Windows\System\dVGNDGZ.exe
  C:\Windows\System\dVGNDGZ.exe
  2⤵
  PID:5908
- C:\Windows\System\xNNNSrJ.exe
  C:\Windows\System\xNNNSrJ.exe
  2⤵
  PID:6476
- C:\Windows\System\aWiyDqY.exe
  C:\Windows\System\aWiyDqY.exe
  2⤵
  PID:7216
- C:\Windows\System\qqeEWdq.exe
  C:\Windows\System\qqeEWdq.exe
  2⤵
  PID:7292
- C:\Windows\System\lflJEZp.exe
  C:\Windows\System\lflJEZp.exe
  2⤵
  PID:7352
- C:\Windows\System\ZeXdwtb.exe
  C:\Windows\System\ZeXdwtb.exe
  2⤵
  PID:7448
- C:\Windows\System\zlRMZKz.exe
  C:\Windows\System\zlRMZKz.exe
  2⤵
  PID:7416
- C:\Windows\System\MCPrPod.exe
  C:\Windows\System\MCPrPod.exe
  2⤵
  PID:7528
- C:\Windows\System\tFrJHBB.exe
  C:\Windows\System\tFrJHBB.exe
  2⤵
  PID:7488
- C:\Windows\System\ALBgzpY.exe
  C:\Windows\System\ALBgzpY.exe
  2⤵
  PID:2836
- C:\Windows\System\yAdTYMS.exe
  C:\Windows\System\yAdTYMS.exe
  2⤵
  PID:7596
- C:\Windows\System\rufgfFl.exe
  C:\Windows\System\rufgfFl.exe
  2⤵
  PID:7656
- C:\Windows\System\gylTLzh.exe
  C:\Windows\System\gylTLzh.exe
  2⤵
  PID:7676
- C:\Windows\System\rwydywb.exe
  C:\Windows\System\rwydywb.exe
  2⤵
  PID:7732
- C:\Windows\System\uiebOMq.exe
  C:\Windows\System\uiebOMq.exe
  2⤵
  PID:7796
- C:\Windows\System\FaQhDhN.exe
  C:\Windows\System\FaQhDhN.exe
  2⤵
  PID:7892
- C:\Windows\System\stsKBYC.exe
  C:\Windows\System\stsKBYC.exe
  2⤵
  PID:7976
- C:\Windows\System\wDGMvbx.exe
  C:\Windows\System\wDGMvbx.exe
  2⤵
  PID:7936
- C:\Windows\System\CpFYuTD.exe
  C:\Windows\System\CpFYuTD.exe
  2⤵
  PID:976
- C:\Windows\System\UlICqUf.exe
  C:\Windows\System\UlICqUf.exe
  2⤵
  PID:2928
- C:\Windows\System\eWJaJKK.exe
  C:\Windows\System\eWJaJKK.exe
  2⤵
  PID:8100
- C:\Windows\System\xiSurKj.exe
  C:\Windows\System\xiSurKj.exe
  2⤵
  PID:8164
- C:\Windows\System\VFiGRda.exe
  C:\Windows\System\VFiGRda.exe
  2⤵
  PID:6904
- C:\Windows\System\DWJjnqf.exe
  C:\Windows\System\DWJjnqf.exe
  2⤵
  PID:6824
- C:\Windows\System\pEnhUdl.exe
  C:\Windows\System\pEnhUdl.exe
  2⤵
  PID:7124
- C:\Windows\System\YhsUEGC.exe
  C:\Windows\System\YhsUEGC.exe
  2⤵
  PID:7156
- C:\Windows\System\LzADoxu.exe
  C:\Windows\System\LzADoxu.exe
  2⤵
  PID:4960
- C:\Windows\System\mMvkyaR.exe
  C:\Windows\System\mMvkyaR.exe
  2⤵
  PID:5936
- C:\Windows\System\xdbNRCS.exe
  C:\Windows\System\xdbNRCS.exe
  2⤵
  PID:7236
- C:\Windows\System\WQkADRl.exe
  C:\Windows\System\WQkADRl.exe
  2⤵
  PID:7328
- C:\Windows\System\PjRKVms.exe
  C:\Windows\System\PjRKVms.exe
  2⤵
  PID:7408
- C:\Windows\System\zMnDhsN.exe
  C:\Windows\System\zMnDhsN.exe
  2⤵
  PID:7496
- C:\Windows\System\BCZcUln.exe
  C:\Windows\System\BCZcUln.exe
  2⤵
  PID:7636
- C:\Windows\System\gNUnlyD.exe
  C:\Windows\System\gNUnlyD.exe
  2⤵
  PID:7692
- C:\Windows\System\yeyRPLq.exe
  C:\Windows\System\yeyRPLq.exe
  2⤵
  PID:7716
- C:\Windows\System\xCrACzw.exe
  C:\Windows\System\xCrACzw.exe
  2⤵
  PID:7848
- C:\Windows\System\wOpbGad.exe
  C:\Windows\System\wOpbGad.exe
  2⤵
  PID:7940
- C:\Windows\System\tvzhZwr.exe
  C:\Windows\System\tvzhZwr.exe
  2⤵
  PID:8000
- C:\Windows\System\UnpGLIV.exe
  C:\Windows\System\UnpGLIV.exe
  2⤵
  PID:8124
- C:\Windows\System\dDfAWRM.exe
  C:\Windows\System\dDfAWRM.exe
  2⤵
  PID:8052
- C:\Windows\System\TzssCXi.exe
  C:\Windows\System\TzssCXi.exe
  2⤵
  PID:6776
- C:\Windows\System\DlPrjSc.exe
  C:\Windows\System\DlPrjSc.exe
  2⤵
  PID:1452
- C:\Windows\System\OBHFtUf.exe
  C:\Windows\System\OBHFtUf.exe
  2⤵
  PID:5956
- C:\Windows\System\GxMCOha.exe
  C:\Windows\System\GxMCOha.exe
  2⤵
  PID:7256
- C:\Windows\System\OwptbTU.exe
  C:\Windows\System\OwptbTU.exe
  2⤵
  PID:8208
- C:\Windows\System\yaRhKpS.exe
  C:\Windows\System\yaRhKpS.exe
  2⤵
  PID:8232
- C:\Windows\System\ZfRyRqK.exe
  C:\Windows\System\ZfRyRqK.exe
  2⤵
  PID:8252
- C:\Windows\System\YMqvLqa.exe
  C:\Windows\System\YMqvLqa.exe
  2⤵
  PID:8272
- C:\Windows\System\nCkeaSw.exe
  C:\Windows\System\nCkeaSw.exe
  2⤵
  PID:8292
- C:\Windows\System\PYxjOwO.exe
  C:\Windows\System\PYxjOwO.exe
  2⤵
  PID:8312
- C:\Windows\System\YPFABjr.exe
  C:\Windows\System\YPFABjr.exe
  2⤵
  PID:8332
- C:\Windows\System\qggMasz.exe
  C:\Windows\System\qggMasz.exe
  2⤵
  PID:8352
- C:\Windows\System\YSdkobt.exe
  C:\Windows\System\YSdkobt.exe
  2⤵
  PID:8372
- C:\Windows\System\cTbvFFe.exe
  C:\Windows\System\cTbvFFe.exe
  2⤵
  PID:8392
- C:\Windows\System\QsJNzwe.exe
  C:\Windows\System\QsJNzwe.exe
  2⤵
  PID:8412
- C:\Windows\System\NVJEqyY.exe
  C:\Windows\System\NVJEqyY.exe
  2⤵
  PID:8432
- C:\Windows\System\NvYbDZJ.exe
  C:\Windows\System\NvYbDZJ.exe
  2⤵
  PID:8452
- C:\Windows\System\KSBJVSs.exe
  C:\Windows\System\KSBJVSs.exe
  2⤵
  PID:8472
- C:\Windows\System\QTsCuMd.exe
  C:\Windows\System\QTsCuMd.exe
  2⤵
  PID:8492
- C:\Windows\System\LrBpsir.exe
  C:\Windows\System\LrBpsir.exe
  2⤵
  PID:8508
- C:\Windows\System\BXphIem.exe
  C:\Windows\System\BXphIem.exe
  2⤵
  PID:8532
- C:\Windows\System\aolNhWm.exe
  C:\Windows\System\aolNhWm.exe
  2⤵
  PID:8552
- C:\Windows\System\FEjrcPP.exe
  C:\Windows\System\FEjrcPP.exe
  2⤵
  PID:8572
- C:\Windows\System\tQBncnD.exe
  C:\Windows\System\tQBncnD.exe
  2⤵
  PID:8592
- C:\Windows\System\ftCYNjE.exe
  C:\Windows\System\ftCYNjE.exe
  2⤵
  PID:8612
- C:\Windows\System\yrizscK.exe
  C:\Windows\System\yrizscK.exe
  2⤵
  PID:8632
- C:\Windows\System\XQDKHfz.exe
  C:\Windows\System\XQDKHfz.exe
  2⤵
  PID:8652
- C:\Windows\System\XFHKsnb.exe
  C:\Windows\System\XFHKsnb.exe
  2⤵
  PID:8672
- C:\Windows\System\KtEDxCm.exe
  C:\Windows\System\KtEDxCm.exe
  2⤵
  PID:8688
- C:\Windows\System\WyMPqeZ.exe
  C:\Windows\System\WyMPqeZ.exe
  2⤵
  PID:8704
- C:\Windows\System\jsICOxj.exe
  C:\Windows\System\jsICOxj.exe
  2⤵
  PID:8720
- C:\Windows\System\hxBvJJq.exe
  C:\Windows\System\hxBvJJq.exe
  2⤵
  PID:8736
- C:\Windows\System\oqpIryB.exe
  C:\Windows\System\oqpIryB.exe
  2⤵
  PID:8752
- C:\Windows\System\jIyuXds.exe
  C:\Windows\System\jIyuXds.exe
  2⤵
  PID:8768
- C:\Windows\System\MJndlsU.exe
  C:\Windows\System\MJndlsU.exe
  2⤵
  PID:8792
- C:\Windows\System\dUwrQBa.exe
  C:\Windows\System\dUwrQBa.exe
  2⤵
  PID:8808
- C:\Windows\System\qUjQvFo.exe
  C:\Windows\System\qUjQvFo.exe
  2⤵
  PID:8824
- C:\Windows\System\hxwOxRU.exe
  C:\Windows\System\hxwOxRU.exe
  2⤵
  PID:8840
- C:\Windows\System\qkPjpKw.exe
  C:\Windows\System\qkPjpKw.exe
  2⤵
  PID:8860
- C:\Windows\System\FqdLLTs.exe
  C:\Windows\System\FqdLLTs.exe
  2⤵
  PID:8876
- C:\Windows\System\xrsJJiP.exe
  C:\Windows\System\xrsJJiP.exe
  2⤵
  PID:8900
- C:\Windows\System\myNKItZ.exe
  C:\Windows\System\myNKItZ.exe
  2⤵
  PID:8924
- C:\Windows\System\oPzfNQJ.exe
  C:\Windows\System\oPzfNQJ.exe
  2⤵
  PID:8940
- C:\Windows\System\RUdHWCQ.exe
  C:\Windows\System\RUdHWCQ.exe
  2⤵
  PID:8968
- C:\Windows\System\seOKzur.exe
  C:\Windows\System\seOKzur.exe
  2⤵
  PID:8992
- C:\Windows\System\WQbInJr.exe
  C:\Windows\System\WQbInJr.exe
  2⤵
  PID:9012
- C:\Windows\System\UfEHjTQ.exe
  C:\Windows\System\UfEHjTQ.exe
  2⤵
  PID:9044
- C:\Windows\System\xwwyGXY.exe
  C:\Windows\System\xwwyGXY.exe
  2⤵
  PID:9064
- C:\Windows\System\OFDDBga.exe
  C:\Windows\System\OFDDBga.exe
  2⤵
  PID:9084
- C:\Windows\System\OKqpPqp.exe
  C:\Windows\System\OKqpPqp.exe
  2⤵
  PID:9100
- C:\Windows\System\Qdgdyth.exe
  C:\Windows\System\Qdgdyth.exe
  2⤵
  PID:9124
- C:\Windows\System\ujWrOhh.exe
  C:\Windows\System\ujWrOhh.exe
  2⤵
  PID:9140
- C:\Windows\System\MYnJNFV.exe
  C:\Windows\System\MYnJNFV.exe
  2⤵
  PID:9156
- C:\Windows\System\DRwxPfL.exe
  C:\Windows\System\DRwxPfL.exe
  2⤵
  PID:9180
- C:\Windows\System\DlyEWRB.exe
  C:\Windows\System\DlyEWRB.exe
  2⤵
  PID:7288
- C:\Windows\System\eBbYGIa.exe
  C:\Windows\System\eBbYGIa.exe
  2⤵
  PID:3032
- C:\Windows\System\RTPxwwg.exe
  C:\Windows\System\RTPxwwg.exe
  2⤵
  PID:2824
- C:\Windows\System\KDiADom.exe
  C:\Windows\System\KDiADom.exe
  2⤵
  PID:7776
- C:\Windows\System\hBgNhez.exe
  C:\Windows\System\hBgNhez.exe
  2⤵
  PID:2880
- C:\Windows\System\AnbCHvh.exe
  C:\Windows\System\AnbCHvh.exe
  2⤵
  PID:8060
- C:\Windows\System\OOmtWCd.exe
  C:\Windows\System\OOmtWCd.exe
  2⤵
  PID:1188
- C:\Windows\System\McSSxPP.exe
  C:\Windows\System\McSSxPP.exe
  2⤵
  PID:7428
- C:\Windows\System\kqcbeMr.exe
  C:\Windows\System\kqcbeMr.exe
  2⤵
  PID:5444
- C:\Windows\System\qnLwPIT.exe
  C:\Windows\System\qnLwPIT.exe
  2⤵
  PID:8228
- C:\Windows\System\tDpkScO.exe
  C:\Windows\System\tDpkScO.exe
  2⤵
  PID:8240
- C:\Windows\System\wsKVbBg.exe
  C:\Windows\System\wsKVbBg.exe
  2⤵
  PID:8244
- C:\Windows\System\HdEYiPZ.exe
  C:\Windows\System\HdEYiPZ.exe
  2⤵
  PID:8280
- C:\Windows\System\JrZHnrZ.exe
  C:\Windows\System\JrZHnrZ.exe
  2⤵
  PID:8348
- C:\Windows\System\vaXjAtg.exe
  C:\Windows\System\vaXjAtg.exe
  2⤵
  PID:8360
- C:\Windows\System\btKkZSM.exe
  C:\Windows\System\btKkZSM.exe
  2⤵
  PID:8400
- C:\Windows\System\DgpFTiU.exe
  C:\Windows\System\DgpFTiU.exe
  2⤵
  PID:8408
- C:\Windows\System\fAnFblH.exe
  C:\Windows\System\fAnFblH.exe
  2⤵
  PID:8448
- C:\Windows\System\SYGIcfk.exe
  C:\Windows\System\SYGIcfk.exe
  2⤵
  PID:8464
- C:\Windows\System\tbMIMfY.exe
  C:\Windows\System\tbMIMfY.exe
  2⤵
  PID:8504
- C:\Windows\System\kKVaySk.exe
  C:\Windows\System\kKVaySk.exe
  2⤵
  PID:8524
- C:\Windows\System\ktMCJlj.exe
  C:\Windows\System\ktMCJlj.exe
  2⤵
  PID:8584
- C:\Windows\System\cbpHOuF.exe
  C:\Windows\System\cbpHOuF.exe
  2⤵
  PID:8564
- C:\Windows\System\XSKhGJF.exe
  C:\Windows\System\XSKhGJF.exe
  2⤵
  PID:8664
- C:\Windows\System\Pqbsvfy.exe
  C:\Windows\System\Pqbsvfy.exe
  2⤵
  PID:8644
- C:\Windows\System\wcKDrQE.exe
  C:\Windows\System\wcKDrQE.exe
  2⤵
  PID:8712
- C:\Windows\System\WvseUvX.exe
  C:\Windows\System\WvseUvX.exe
  2⤵
  PID:8744
- C:\Windows\System\KdxnjBH.exe
  C:\Windows\System\KdxnjBH.exe
  2⤵
  PID:3200
- C:\Windows\System\TorBFsI.exe
  C:\Windows\System\TorBFsI.exe
  2⤵
  PID:8816
- C:\Windows\System\jWsWVpF.exe
  C:\Windows\System\jWsWVpF.exe
  2⤵
  PID:8872
- C:\Windows\System\byRYISy.exe
  C:\Windows\System\byRYISy.exe
  2⤵
  PID:8916
- C:\Windows\System\tkNAFfd.exe
  C:\Windows\System\tkNAFfd.exe
  2⤵
  PID:8912
- C:\Windows\System\zcPCsYM.exe
  C:\Windows\System\zcPCsYM.exe
  2⤵
  PID:8888
- C:\Windows\System\TDQOpWU.exe
  C:\Windows\System\TDQOpWU.exe
  2⤵
  PID:8960
- C:\Windows\System\nHxIjDM.exe
  C:\Windows\System\nHxIjDM.exe
  2⤵
  PID:8932
- C:\Windows\System\TJgNvCK.exe
  C:\Windows\System\TJgNvCK.exe
  2⤵
  PID:9060
- C:\Windows\System\ywaVeba.exe
  C:\Windows\System\ywaVeba.exe
  2⤵
  PID:9036
- C:\Windows\System\QgRxrfk.exe
  C:\Windows\System\QgRxrfk.exe
  2⤵
  PID:9092
- C:\Windows\System\eGwuRJJ.exe
  C:\Windows\System\eGwuRJJ.exe
  2⤵
  PID:9112
- C:\Windows\System\iFELfWs.exe
  C:\Windows\System\iFELfWs.exe
  2⤵
  PID:9136
- C:\Windows\System\TbMJytD.exe
  C:\Windows\System\TbMJytD.exe
  2⤵
  PID:9168
- C:\Windows\System\IGyiAhc.exe
  C:\Windows\System\IGyiAhc.exe
  2⤵
  PID:4328
- C:\Windows\System\NNZtcsZ.exe
  C:\Windows\System\NNZtcsZ.exe
  2⤵
  PID:2624
- C:\Windows\System\qcMxGif.exe
  C:\Windows\System\qcMxGif.exe
  2⤵
  PID:572
- C:\Windows\System\YkzyHvz.exe
  C:\Windows\System\YkzyHvz.exe
  2⤵
  PID:2012
- C:\Windows\System\MWPKewm.exe
  C:\Windows\System\MWPKewm.exe
  2⤵
  PID:1880
- C:\Windows\System\vqeIJYS.exe
  C:\Windows\System\vqeIJYS.exe
  2⤵
  PID:2304
- C:\Windows\System\UvYuApO.exe
  C:\Windows\System\UvYuApO.exe
  2⤵
  PID:1816
- C:\Windows\System\euaKCOK.exe
  C:\Windows\System\euaKCOK.exe
  2⤵
  PID:2896
- C:\Windows\System\rxqmbWZ.exe
  C:\Windows\System\rxqmbWZ.exe
  2⤵
  PID:1372
- C:\Windows\System\FuHuBoa.exe
  C:\Windows\System\FuHuBoa.exe
  2⤵
  PID:9208
- C:\Windows\System\dEsRbZp.exe
  C:\Windows\System\dEsRbZp.exe
  2⤵
  PID:2816
- C:\Windows\System\xCtlwYR.exe
  C:\Windows\System\xCtlwYR.exe
  2⤵
  PID:7828
- C:\Windows\System\ljctUGH.exe
  C:\Windows\System\ljctUGH.exe
  2⤵
  PID:7332
- C:\Windows\System\GFQukfD.exe
  C:\Windows\System\GFQukfD.exe
  2⤵
  PID:2732
- C:\Windows\System\msfKbrA.exe
  C:\Windows\System\msfKbrA.exe
  2⤵
  PID:8216
- C:\Windows\System\KtjMcfu.exe
  C:\Windows\System\KtjMcfu.exe
  2⤵
  PID:8264
- C:\Windows\System\BZrTVLi.exe
  C:\Windows\System\BZrTVLi.exe
  2⤵
  PID:8364
- C:\Windows\System\OomcTGo.exe
  C:\Windows\System\OomcTGo.exe
  2⤵
  PID:8440
- C:\Windows\System\qeUTdYD.exe
  C:\Windows\System\qeUTdYD.exe
  2⤵
  PID:8580
- C:\Windows\System\qwfWFZO.exe
  C:\Windows\System\qwfWFZO.exe
  2⤵
  PID:8660
- C:\Windows\System\hapiwJx.exe
  C:\Windows\System\hapiwJx.exe
  2⤵
  PID:8748
- C:\Windows\System\jPXSfKW.exe
  C:\Windows\System\jPXSfKW.exe
  2⤵
  PID:8868
- C:\Windows\System\ZjTlncO.exe
  C:\Windows\System\ZjTlncO.exe
  2⤵
  PID:8948
- C:\Windows\System\wHVvedm.exe
  C:\Windows\System\wHVvedm.exe
  2⤵
  PID:8428
- C:\Windows\System\TPmQWvc.exe
  C:\Windows\System\TPmQWvc.exe
  2⤵
  PID:9008
- C:\Windows\System\SZQVIZr.exe
  C:\Windows\System\SZQVIZr.exe
  2⤵
  PID:9120
- C:\Windows\System\fRJcEDT.exe
  C:\Windows\System\fRJcEDT.exe
  2⤵
  PID:8424
- C:\Windows\System\xiNruIJ.exe
  C:\Windows\System\xiNruIJ.exe
  2⤵
  PID:8468
- C:\Windows\System\nwDhhSB.exe
  C:\Windows\System\nwDhhSB.exe
  2⤵
  PID:8624
- C:\Windows\System\xutYNkQ.exe
  C:\Windows\System\xutYNkQ.exe
  2⤵
  PID:8936
- C:\Windows\System\hcbeZhI.exe
  C:\Windows\System\hcbeZhI.exe
  2⤵
  PID:9096
- C:\Windows\System\YhNIKNM.exe
  C:\Windows\System\YhNIKNM.exe
  2⤵
  PID:8324
- C:\Windows\System\WcxqMuo.exe
  C:\Windows\System\WcxqMuo.exe
  2⤵
  PID:9188
- C:\Windows\System\BwdbDpL.exe
  C:\Windows\System\BwdbDpL.exe
  2⤵
  PID:8300
- C:\Windows\System\FynxZJL.exe
  C:\Windows\System\FynxZJL.exe
  2⤵
  PID:5576
- C:\Windows\System\SCwjDGJ.exe
  C:\Windows\System\SCwjDGJ.exe
  2⤵
  PID:2932
- C:\Windows\System\bRYcnuW.exe
  C:\Windows\System\bRYcnuW.exe
  2⤵
  PID:1988
- C:\Windows\System\RrHCPdY.exe
  C:\Windows\System\RrHCPdY.exe
  2⤵
  PID:1324
- C:\Windows\System\KGiOxyK.exe
  C:\Windows\System\KGiOxyK.exe
  2⤵
  PID:2872
- C:\Windows\System\NMmmHVJ.exe
  C:\Windows\System\NMmmHVJ.exe
  2⤵
  PID:2688
- C:\Windows\System\ZZzeDXc.exe
  C:\Windows\System\ZZzeDXc.exe
  2⤵
  PID:1764
- C:\Windows\System\nUmNnOV.exe
  C:\Windows\System\nUmNnOV.exe
  2⤵
  PID:1152
- C:\Windows\System\IRgNUQW.exe
  C:\Windows\System\IRgNUQW.exe
  2⤵
  PID:2576
- C:\Windows\System\WDMfoUa.exe
  C:\Windows\System\WDMfoUa.exe
  2⤵
  PID:7912
- C:\Windows\System\fCRMqcy.exe
  C:\Windows\System\fCRMqcy.exe
  2⤵
  PID:8340
- C:\Windows\System\dohMlql.exe
  C:\Windows\System\dohMlql.exe
  2⤵
  PID:8984
- C:\Windows\System\HecyIpM.exe
  C:\Windows\System\HecyIpM.exe
  2⤵
  PID:8856
- C:\Windows\System\eEXTZfB.exe
  C:\Windows\System\eEXTZfB.exe
  2⤵
  PID:9004
- C:\Windows\System\FhSDgbl.exe
  C:\Windows\System\FhSDgbl.exe
  2⤵
  PID:8220
- C:\Windows\System\UBOtVlJ.exe
  C:\Windows\System\UBOtVlJ.exe
  2⤵
  PID:8520
- C:\Windows\System\UzepYaQ.exe
  C:\Windows\System\UzepYaQ.exe
  2⤵
  PID:8628
- C:\Windows\System\lKePnEu.exe
  C:\Windows\System\lKePnEu.exe
  2⤵
  PID:9028
- C:\Windows\System\ecAXceS.exe
  C:\Windows\System\ecAXceS.exe
  2⤵
  PID:8604
- C:\Windows\System\acmzrvy.exe
  C:\Windows\System\acmzrvy.exe
  2⤵
  PID:9164
- C:\Windows\System\SqUZppJ.exe
  C:\Windows\System\SqUZppJ.exe
  2⤵
  PID:4008
- C:\Windows\System\hkQFrfT.exe
  C:\Windows\System\hkQFrfT.exe
  2⤵
  PID:2968
- C:\Windows\System\zhTvuNz.exe
  C:\Windows\System\zhTvuNz.exe
  2⤵
  PID:2256
- C:\Windows\System\pqfYpDx.exe
  C:\Windows\System\pqfYpDx.exe
  2⤵
  PID:448
- C:\Windows\System\RSYxxbZ.exe
  C:\Windows\System\RSYxxbZ.exe
  2⤵
  PID:888
- C:\Windows\System\QKRfZzu.exe
  C:\Windows\System\QKRfZzu.exe
  2⤵
  PID:1976
- C:\Windows\System\FHJQwos.exe
  C:\Windows\System\FHJQwos.exe
  2⤵
  PID:8268
- C:\Windows\System\WglNTSM.exe
  C:\Windows\System\WglNTSM.exe
  2⤵
  PID:7688
- C:\Windows\System\gBPWFaI.exe
  C:\Windows\System\gBPWFaI.exe
  2⤵
  PID:8096
- C:\Windows\System\TVcNLfa.exe
  C:\Windows\System\TVcNLfa.exe
  2⤵
  PID:2228
- C:\Windows\System\htmkfJH.exe
  C:\Windows\System\htmkfJH.exe
  2⤵
  PID:6584
- C:\Windows\System\BVcZgRr.exe
  C:\Windows\System\BVcZgRr.exe
  2⤵
  PID:8308
- C:\Windows\System\GgHlLFy.exe
  C:\Windows\System\GgHlLFy.exe
  2⤵
  PID:9072
- C:\Windows\System\CsPOgWH.exe
  C:\Windows\System\CsPOgWH.exe
  2⤵
  PID:8760
- C:\Windows\System\TLutSUB.exe
  C:\Windows\System\TLutSUB.exe
  2⤵
  PID:1572
- C:\Windows\System\NfTeKBz.exe
  C:\Windows\System\NfTeKBz.exe
  2⤵
  PID:8884
- C:\Windows\System\azstLBV.exe
  C:\Windows\System\azstLBV.exe
  2⤵
  PID:2636
- C:\Windows\System\rExzhvr.exe
  C:\Windows\System\rExzhvr.exe
  2⤵
  PID:308
- C:\Windows\System\QoexzAH.exe
  C:\Windows\System\QoexzAH.exe
  2⤵
  PID:2524
- C:\Windows\System\HLpepqJ.exe
  C:\Windows\System\HLpepqJ.exe
  2⤵
  PID:8684
- C:\Windows\System\bqZwYTM.exe
  C:\Windows\System\bqZwYTM.exe
  2⤵
  PID:8640
- C:\Windows\System\NTKVUIV.exe
  C:\Windows\System\NTKVUIV.exe
  2⤵
  PID:2416
- C:\Windows\System\aGvAIQu.exe
  C:\Windows\System\aGvAIQu.exe
  2⤵
  PID:8776
- C:\Windows\System\xoceqSr.exe
  C:\Windows\System\xoceqSr.exe
  2⤵
  PID:6624
- C:\Windows\System\LpjarhK.exe
  C:\Windows\System\LpjarhK.exe
  2⤵
  PID:8832
- C:\Windows\System\WODKEoL.exe
  C:\Windows\System\WODKEoL.exe
  2⤵
  PID:2828
- C:\Windows\System\QflPYvR.exe
  C:\Windows\System\QflPYvR.exe
  2⤵
  PID:9220
- C:\Windows\System\kFwQMcH.exe
  C:\Windows\System\kFwQMcH.exe
  2⤵
  PID:9236
- C:\Windows\System\tiEmMbg.exe
  C:\Windows\System\tiEmMbg.exe
  2⤵
  PID:9252
- C:\Windows\System\jBhtPpr.exe
  C:\Windows\System\jBhtPpr.exe
  2⤵
  PID:9268
- C:\Windows\System\dImWMqc.exe
  C:\Windows\System\dImWMqc.exe
  2⤵
  PID:9288
- C:\Windows\System\xplHfJL.exe
  C:\Windows\System\xplHfJL.exe
  2⤵
  PID:9304
- C:\Windows\System\hQaIXtv.exe
  C:\Windows\System\hQaIXtv.exe
  2⤵
  PID:9324
- C:\Windows\System\UNUnQmd.exe
  C:\Windows\System\UNUnQmd.exe
  2⤵
  PID:9340
- C:\Windows\System\WUIqvmI.exe
  C:\Windows\System\WUIqvmI.exe
  2⤵
  PID:9432
- C:\Windows\System\FpUYRvr.exe
  C:\Windows\System\FpUYRvr.exe
  2⤵
  PID:9468
- C:\Windows\System\EiVezYU.exe
  C:\Windows\System\EiVezYU.exe
  2⤵
  PID:9500
- C:\Windows\System\QdGoIyo.exe
  C:\Windows\System\QdGoIyo.exe
  2⤵
  PID:9532
- C:\Windows\System\OpFFFaQ.exe
  C:\Windows\System\OpFFFaQ.exe
  2⤵
  PID:9556
- C:\Windows\System\jRwweAe.exe
  C:\Windows\System\jRwweAe.exe
  2⤵
  PID:9584
- C:\Windows\System\EoEZhij.exe
  C:\Windows\System\EoEZhij.exe
  2⤵
  PID:9612
- C:\Windows\System\MHmmhPl.exe
  C:\Windows\System\MHmmhPl.exe
  2⤵
  PID:9632
- C:\Windows\System\YITnCAi.exe
  C:\Windows\System\YITnCAi.exe
  2⤵
  PID:9652
- C:\Windows\System\YwMADiN.exe
  C:\Windows\System\YwMADiN.exe
  2⤵
  PID:9672
- C:\Windows\System\Pghttbt.exe
  C:\Windows\System\Pghttbt.exe
  2⤵
  PID:9692
- C:\Windows\System\DxzkAte.exe
  C:\Windows\System\DxzkAte.exe
  2⤵
  PID:9712
- C:\Windows\System\uCwCsDe.exe
  C:\Windows\System\uCwCsDe.exe
  2⤵
  PID:9728
- C:\Windows\System\XkASxjP.exe
  C:\Windows\System\XkASxjP.exe
  2⤵
  PID:9752
- C:\Windows\System\bJpGAue.exe
  C:\Windows\System\bJpGAue.exe
  2⤵
  PID:9772
- C:\Windows\System\zPYSRde.exe
  C:\Windows\System\zPYSRde.exe
  2⤵
  PID:9792
- C:\Windows\System\sgCCjIr.exe
  C:\Windows\System\sgCCjIr.exe
  2⤵
  PID:9808
- C:\Windows\System\KueUFeL.exe
  C:\Windows\System\KueUFeL.exe
  2⤵
  PID:9828
- C:\Windows\System\iLeubqu.exe
  C:\Windows\System\iLeubqu.exe
  2⤵
  PID:9844
- C:\Windows\System\uBqjZeS.exe
  C:\Windows\System\uBqjZeS.exe
  2⤵
  PID:9860
- C:\Windows\System\qiLftVZ.exe
  C:\Windows\System\qiLftVZ.exe
  2⤵
  PID:9876
- C:\Windows\System\dZjxHcQ.exe
  C:\Windows\System\dZjxHcQ.exe
  2⤵
  PID:9892
- C:\Windows\System\VIAVihd.exe
  C:\Windows\System\VIAVihd.exe
  2⤵
  PID:9908
- C:\Windows\System\ppcntJY.exe
  C:\Windows\System\ppcntJY.exe
  2⤵
  PID:9924
- C:\Windows\System\xQWHaYD.exe
  C:\Windows\System\xQWHaYD.exe
  2⤵
  PID:9940
- C:\Windows\System\VMwWbfN.exe
  C:\Windows\System\VMwWbfN.exe
  2⤵
  PID:9956
- C:\Windows\System\dZgYCgh.exe
  C:\Windows\System\dZgYCgh.exe
  2⤵
  PID:9972
- C:\Windows\System\kJYcJUk.exe
  C:\Windows\System\kJYcJUk.exe
  2⤵
  PID:9992
- C:\Windows\System\KDlRxla.exe
  C:\Windows\System\KDlRxla.exe
  2⤵
  PID:10012
- C:\Windows\System\FCwjEnw.exe
  C:\Windows\System\FCwjEnw.exe
  2⤵
  PID:10036
- C:\Windows\System\SpVtVpS.exe
  C:\Windows\System\SpVtVpS.exe
  2⤵
  PID:10056
- C:\Windows\System\PrCFsLP.exe
  C:\Windows\System\PrCFsLP.exe
  2⤵
  PID:10076
- C:\Windows\System\VQVOjQP.exe
  C:\Windows\System\VQVOjQP.exe
  2⤵
  PID:10096
- C:\Windows\System\WvdiXGc.exe
  C:\Windows\System\WvdiXGc.exe
  2⤵
  PID:10116
- C:\Windows\System\GDEgtQI.exe
  C:\Windows\System\GDEgtQI.exe
  2⤵
  PID:10136
- C:\Windows\System\EuzrVnU.exe
  C:\Windows\System\EuzrVnU.exe
  2⤵
  PID:10156
- C:\Windows\System\qBlYsXn.exe
  C:\Windows\System\qBlYsXn.exe
  2⤵
  PID:10176
- C:\Windows\System\nAHhDoJ.exe
  C:\Windows\System\nAHhDoJ.exe
  2⤵
  PID:10192
- C:\Windows\System\MTCYXqp.exe
  C:\Windows\System\MTCYXqp.exe
  2⤵
  PID:10212
- C:\Windows\System\XPnNfSp.exe
  C:\Windows\System\XPnNfSp.exe
  2⤵
  PID:2812
- C:\Windows\System\YxpkLxH.exe
  C:\Windows\System\YxpkLxH.exe
  2⤵
  PID:8344
- C:\Windows\System\WvnEBhC.exe
  C:\Windows\System\WvnEBhC.exe
  2⤵
  PID:9276
- C:\Windows\System\FwEZyqL.exe
  C:\Windows\System\FwEZyqL.exe
  2⤵
  PID:9264
- C:\Windows\System\GupIpol.exe
  C:\Windows\System\GupIpol.exe
  2⤵
  PID:9316
- C:\Windows\System\OYKSJiD.exe
  C:\Windows\System\OYKSJiD.exe
  2⤵
  PID:8976
- C:\Windows\System\XgcAsoz.exe
  C:\Windows\System\XgcAsoz.exe
  2⤵
  PID:9372
- C:\Windows\System\GtyzyNO.exe
  C:\Windows\System\GtyzyNO.exe
  2⤵
  PID:9380
- C:\Windows\System\HVZMCOO.exe
  C:\Windows\System\HVZMCOO.exe
  2⤵
  PID:9388
- C:\Windows\System\bGcmPhG.exe
  C:\Windows\System\bGcmPhG.exe
  2⤵
  PID:9428
- C:\Windows\System\XFKhODS.exe
  C:\Windows\System\XFKhODS.exe
  2⤵
  PID:9440
- C:\Windows\System\ysLkgOP.exe
  C:\Windows\System\ysLkgOP.exe
  2⤵
  PID:9456
- C:\Windows\System\eGOQIML.exe
  C:\Windows\System\eGOQIML.exe
  2⤵
  PID:9548
- C:\Windows\System\nAwzuDb.exe
  C:\Windows\System\nAwzuDb.exe
  2⤵
  PID:9564
- C:\Windows\System\XXkYLHJ.exe
  C:\Windows\System\XXkYLHJ.exe
  2⤵
  PID:9592
- C:\Windows\System\SMFAPux.exe
  C:\Windows\System\SMFAPux.exe
  2⤵
  PID:9620
- C:\Windows\System\dLhkdnn.exe
  C:\Windows\System\dLhkdnn.exe
  2⤵
  PID:9644
- C:\Windows\System\RiGCczS.exe
  C:\Windows\System\RiGCczS.exe
  2⤵
  PID:9664
- C:\Windows\System\UvWqeJj.exe
  C:\Windows\System\UvWqeJj.exe
  2⤵
  PID:9704
- C:\Windows\System\YmcNNgY.exe
  C:\Windows\System\YmcNNgY.exe
  2⤵
  PID:9736
- C:\Windows\System\uzHPVwy.exe
  C:\Windows\System\uzHPVwy.exe
  2⤵
  PID:9784
- C:\Windows\System\RWHKqNN.exe
  C:\Windows\System\RWHKqNN.exe
  2⤵
  PID:9836
- C:\Windows\System\cDcGNhn.exe
  C:\Windows\System\cDcGNhn.exe
  2⤵
  PID:9900
- C:\Windows\System\MiDlPGp.exe
  C:\Windows\System\MiDlPGp.exe
  2⤵
  PID:9852
- C:\Windows\System\UypDLak.exe
  C:\Windows\System\UypDLak.exe
  2⤵
  PID:9920
- C:\Windows\System\bmarkgA.exe
  C:\Windows\System\bmarkgA.exe
  2⤵
  PID:9952
- C:\Windows\System\PjPlBYM.exe
  C:\Windows\System\PjPlBYM.exe
  2⤵
  PID:9988
- C:\Windows\System\WjeosDk.exe
  C:\Windows\System\WjeosDk.exe
  2⤵
  PID:10032
- C:\Windows\System\MtuodbI.exe
  C:\Windows\System\MtuodbI.exe
  2⤵
  PID:10084
- C:\Windows\System\hJgFUvz.exe
  C:\Windows\System\hJgFUvz.exe
  2⤵
  PID:10072
- C:\Windows\System\uTtlBlD.exe
  C:\Windows\System\uTtlBlD.exe
  2⤵
  PID:10104
- C:\Windows\System\lXoiBAu.exe
  C:\Windows\System\lXoiBAu.exe
  2⤵
  PID:10152
- C:\Windows\System\URFBlYF.exe
  C:\Windows\System\URFBlYF.exe
  2⤵
  PID:10208
- C:\Windows\System\RonmbRA.exe
  C:\Windows\System\RonmbRA.exe
  2⤵
  PID:10188
- C:\Windows\System\AQeQIGZ.exe
  C:\Windows\System\AQeQIGZ.exe
  2⤵
  PID:10236
- C:\Windows\System\cZoJbXK.exe
  C:\Windows\System\cZoJbXK.exe
  2⤵
  PID:3540
- C:\Windows\System\fWFUKXY.exe
  C:\Windows\System\fWFUKXY.exe
  2⤵
  PID:9244
- C:\Windows\System\dDRBsKe.exe
  C:\Windows\System\dDRBsKe.exe
  2⤵
  PID:9312
- C:\Windows\System\lZeGxrB.exe
  C:\Windows\System\lZeGxrB.exe
  2⤵
  PID:9400
- C:\Windows\System\GSzAXBv.exe
  C:\Windows\System\GSzAXBv.exe
  2⤵
  PID:9356
- C:\Windows\System\WGDgRrB.exe
  C:\Windows\System\WGDgRrB.exe
  2⤵
  PID:9360
- C:\Windows\System\SAhZfKa.exe
  C:\Windows\System\SAhZfKa.exe
  2⤵
  PID:9396
- C:\Windows\System\nRNuzZG.exe
  C:\Windows\System\nRNuzZG.exe
  2⤵
  PID:9516
- C:\Windows\System\JNItvem.exe
  C:\Windows\System\JNItvem.exe
  2⤵
  PID:9540
- C:\Windows\System\EosBzbi.exe
  C:\Windows\System\EosBzbi.exe
  2⤵
  PID:9552
- C:\Windows\System\aimXqPm.exe
  C:\Windows\System\aimXqPm.exe
  2⤵
  PID:9320
- C:\Windows\System\iyeOKfa.exe
  C:\Windows\System\iyeOKfa.exe
  2⤵
  PID:9724
- C:\Windows\System\GAYTUYv.exe
  C:\Windows\System\GAYTUYv.exe
  2⤵
  PID:9700
- C:\Windows\System\UuqwLhx.exe
  C:\Windows\System\UuqwLhx.exe
  2⤵
  PID:9764
- C:\Windows\System\jkgJXam.exe
  C:\Windows\System\jkgJXam.exe
  2⤵
  PID:9936
- C:\Windows\System\MOlppYp.exe
  C:\Windows\System\MOlppYp.exe
  2⤵
  PID:9948
- C:\Windows\System\uqQsGwV.exe
  C:\Windows\System\uqQsGwV.exe
  2⤵
  PID:9968
- C:\Windows\System\yqJHIrz.exe
  C:\Windows\System\yqJHIrz.exe
  2⤵
  PID:10000
- C:\Windows\System\iUnEIhB.exe
  C:\Windows\System\iUnEIhB.exe
  2⤵
  PID:10044
- C:\Windows\System\YwgrUoa.exe
  C:\Windows\System\YwgrUoa.exe
  2⤵
  PID:9080
- C:\Windows\System\HmPfNmA.exe
  C:\Windows\System\HmPfNmA.exe
  2⤵
  PID:2380
- C:\Windows\System\CudCWJF.exe
  C:\Windows\System\CudCWJF.exe
  2⤵
  PID:10168
- C:\Windows\System\JFywAiw.exe
  C:\Windows\System\JFywAiw.exe
  2⤵
  PID:8320
- C:\Windows\System\ImabmlD.exe
  C:\Windows\System\ImabmlD.exe
  2⤵
  PID:9284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DWpAywH.exe

Filesize
6.0MB

MD5
53cabe094a37eff0ed5995e97d120e34

SHA1
65007773eadfd8f7e7f40b5e3da836c8a7a6bd00

SHA256
df9056af030d0230d2eabc2599f4e829588d5a0d2181f42a3503d11c24896ad7

SHA512
842fe425f559bbf6c49b124b49d5b371598a1a61b8252993220a043eb273effe8a4cfe0f58a61d1dd4a2253ed777866ed3a79c531d32f5df6ab11c61b5e30d29

Download Submit
C:\Windows\system\ECmvCuE.exe

Filesize
6.0MB

MD5
8c7c45abf5c8ab2a91c4b07e49c9c9e6

SHA1
c888ac941a4e2620c5ac18f8153bbe4e24245386

SHA256
a0d7ce695edd93c9ab5fe4f70097e6baa572e585fe0fb23c264ce46002f3d644

SHA512
ec29879feaf9e900e28a2bc51aa8cc61129f6e135df4add6a8ba99090105da37689b14e2a3682d13fec3283709bdfa5c9ef25c607223e32d8546a2f9a3709690

Download Submit
C:\Windows\system\EFoJeXT.exe

Filesize
6.0MB

MD5
afcefb43a967bbc8f5c7672d16b8b35f

SHA1
1f594454ad16c1e37487ca764c4a057eae8df9aa

SHA256
bd4af3830999a0bd64a5ffa146b6fad32fe452e3ceac3e7141bd056d0071a8f3

SHA512
6d42a311dbee22769d3b2292659d5bc50ab0ee49e00e41d5e141c5958f0fe98d8388abf710a952c20455c1419e1d4a867ab3ad50b41a6b9bbc2f764dc8a98f97

Download Submit
C:\Windows\system\ELZpSQn.exe

Filesize
6.0MB

MD5
4d5eb5111eba5d701c284f5ed59fe365

SHA1
8cf9c70ad3533f97617eebf584b2e75b61651204

SHA256
6c11b3b74850be09be9d4732d6c17918d9950448b4b9314e5eadb2e143024709

SHA512
c16d986be46c2e5ac5ad9aa39a153ab07bb30da13ff99c27bdbe31f0a3cbf489bab5e4a0832effce3b978ce7a83f3d09100e2d8c46f976300c31dba484e7db9b

Download Submit
C:\Windows\system\EvLllCc.exe

Filesize
6.0MB

MD5
77228c94aff96263fee45edbe97471b8

SHA1
986330c7696326bae981d0ec5ee95a02d686acf5

SHA256
9ca1182817190d967e3b9965b3c0bb2462b94cdba217b0b857b9856c47890196

SHA512
d68ee685bf584bb9ad02ffc243a29aa4ab7c923baf186c1c1f4da2c65c4db6e7fdb7dad6e12c5a4f623eac251a333ac5d4841e24989c6f88cfbf07aed4749446

Download Submit
C:\Windows\system\GgoxYYl.exe

Filesize
6.0MB

MD5
32e19688dc11c2f3df6bd3171ba67a7b

SHA1
11a5284f8c7f5d6aca3fe9b0e39b01ec795aa0f6

SHA256
1f4b3a338aeb867acf32b39488ae4170e1ccf57061753f3f07410d611ecdcc33

SHA512
ddd083cf51f269c4fe01cb8fab9c76f95a1de52af1a8b79d9bd34a9b415a5504ed43c9a182069e4641f10d1f2b19c98cff7f6f90842d4d04d432b22a5bde7940

Download Submit
C:\Windows\system\ISOWjBv.exe

Filesize
6.0MB

MD5
b056d9316984890e8c217f691f0a5bc7

SHA1
109e1ec61d09c9dedffac9cf1656504eedbaa64d

SHA256
959e54c4c3c9851db06241a9f04e0f31fd4d74647eac2fba1447fd253774ce93

SHA512
c905beb1b9500b97a6df0ba0982ea4d4fd81685c339883dbcb640a5256f26501269f57507ce75bbf72cd353eaf4ede23a2967024b53c297b81a9fe58d4a50138

Download Submit
C:\Windows\system\OyBZXxJ.exe

Filesize
6.0MB

MD5
d29ba8e145ff5e50fe971c7f109016ad

SHA1
957d938d79a9b10c6abcd6dc45a78663bfa25624

SHA256
59f54527935180cd996b769013950fe55a77dc038e497dd87b2ab8cb2e08d856

SHA512
7610a5a39e3ad51721de0cfd8e499e630528bca5b76aa76aef6465ad35b762cc5430c3749ad3383871615f5dd49c76844309e317f6f5aa99f2e17c6019d2cbff

Download Submit
C:\Windows\system\PAcIgxq.exe

Filesize
6.0MB

MD5
6de2e3342994175dcc9cedf393142732

SHA1
a3a3e5f5c3a708c0d0800e53546d20aa7ef8e63a

SHA256
2523fe82b5f2569aa96acdd9632b894518f5a2645fcbb3eddae28affae2e2f92

SHA512
851cb5e0d6978eb4bdcb1f35c6c0f75727282f95fb3eb81cf413472a132076d4044c1976648e7343a2296dde21abb25cf463eea9b990ce8078d3d95fa8ffbea1

Download Submit
C:\Windows\system\PQGxqPf.exe

Filesize
6.0MB

MD5
5763c29890fb1e27b1df39229ace044e

SHA1
38e240f89d9b296bd9b3bf2379cfa1d132576ac9

SHA256
aa839efbc5188f5a7b49e728a16801feabd6a04ca47d8f6bd7af120bb7b9aeda

SHA512
fcc7e301bb05ac2ff7320fbcfe52e96713a7d7fe4ae34f8523a0f6b4bcb9e9b33118044f73d92239daa51f745d33f22884175ab8ddf04d2f7d107f65da698e10

Download Submit
C:\Windows\system\ThhFhtM.exe

Filesize
6.0MB

MD5
db0b51b3aea7275bcc28a3ff9ca2b7d2

SHA1
438978bbed1aab3d233e42aa5287054797ddaac9

SHA256
29ff3dc4b8aa435736043b314b4dbba06d9f399f5dac81c9663d0da258902ad8

SHA512
7fe4cfab09911bed55e6bb94a81b3bf8d87b4b2f2217c78d2250186a750c402a2afea175f669823192f7cf91a7ab77e4c1e479485af8b53e5d24b5c7eb951481

Download Submit
C:\Windows\system\VbomFHI.exe

Filesize
6.0MB

MD5
9047d2caa703bd72cab37bd094dc672e

SHA1
49fa9e420a0ed782f27cff4bc6038e2a41e8e9bf

SHA256
8fade877432df1c5d76bde5e39f6cffbc4dbe29d41ef6d1db581ea6e12e7a040

SHA512
96256b0d98bd32e47f5c392472db9acf4e2ffbb62154138e3cbf7db86435b037541486f8083a537676a85c55e5a7cc725e7235b3a025f6dae34d4d8dac67e644

Download Submit
C:\Windows\system\baMMyTF.exe

Filesize
6.0MB

MD5
c32d07a034adb3aa564bc2df4c98edb5

SHA1
f3c93f132048b7927f7c72e227c309fa32c74951

SHA256
47a6ff695374a75e46c2131005a28ac2aa728fde10827277a892b44bfbd95f59

SHA512
68435bec0bff344653fb84d5af48f077de0809875e29ebdfb5ead753cbd27fad88d1745faa9ceb5581db495887fe42e9ebf9e549fd28696a16e49f277f57be4f

Download Submit
C:\Windows\system\cfqpqhK.exe

Filesize
6.0MB

MD5
ae12c81816378effd7e0853e2f184d07

SHA1
3790cb35117a8696a34ace2035f698f83a5a6a14

SHA256
c1b5139bcb5ddd6068e79c97ee6f9d8f6f6625f4a7e29f65adffc4d15ee9933d

SHA512
37da9b2468ec52977ff41746b85e6f1f3837dfe394479cac45d253ec28425cf45f0a61c95503fd5cfcc5d00a74e7855da958bec0cef07249192430013349fab7

Download Submit
C:\Windows\system\dpNVzua.exe

Filesize
6.0MB

MD5
426bc2ec6f4fbfce89c2661a7aad8f92

SHA1
ac2e5c61c5106e549f0f1ef17e7a6df046cf71e7

SHA256
58d5ed0b0324f5b688b82ca407ae9848e1422cd6ebd426b6d96a40dc01c37f66

SHA512
a3ff2249b38323abc8d2a736f9f2a7bf451dd069fb94d63225b3d6c0b12a7502e536b81ed9f78c3f010e2102510ce352f8006163b5bc09e26bd2c3a9f894caed

Download Submit
C:\Windows\system\efmxKCN.exe

Filesize
6.0MB

MD5
28067fee6ab90cf1495e43dcb02202ab

SHA1
292dd9d83a92fcb9673045db97df9495122fbd48

SHA256
2dd114272b45e067ccbc05df68a955a1d01093419aff2afaca9f536031402689

SHA512
107ff62d08a3411cae446cd641ef5b22f0481f66638df813fbca59e99f1402ef51b6bc86e1da3144559c538d444642d0ce57c5698b8ed1bdd25a86a60e490f86

Download Submit
C:\Windows\system\esGbDpU.exe

Filesize
6.0MB

MD5
47b1c24df2814a6d593cad216bbe5861

SHA1
dc08ed944217fe049a34e990e9b7694a0cb9b61f

SHA256
1bc77e6ba45541c82cd39ec828540559374d972292bcc6c80fa82a388656c275

SHA512
c42df3a87a90b173a65527eb16799cf9c0a78c98e345613135dae42af2794eeda21e5a6b6aeb07a2aa2a14446ab58bb7b45ce50523bf6e4c0c2e65e60a701326

Download Submit
C:\Windows\system\fjImWLH.exe

Filesize
6.0MB

MD5
901d32c0a5d77e214fa09c6ce373b403

SHA1
ef87cb2ec90b75618db31170fd44b9d71ee6d6b2

SHA256
202d6ddef42151ecb560cbeebac31b4c150feb300b135652473cfda4d6b350be

SHA512
4357b7d8f6f2e00ca3c78a55cd245a6f4ec98abc1b04e83df8d40459f0f9f07b3a2bdf29a6464c70ccc2b215608bbc32c1b1d63e4dbedb35fda4d31691a55e8d

Download Submit
C:\Windows\system\mELUBBh.exe

Filesize
6.0MB

MD5
3b693bcf06b8ecf063dfd5323c4633b9

SHA1
d3b2632afc61b97581d9b9c61aafb408ed76b6dc

SHA256
7d7ab82a07a680bd84984cadb316509e97d11180fa040c1d59810ea559e07a09

SHA512
f340719b61e8d92dd6aeb3c97b6950a90d73108356035a4f78d59a9748138f12fa6fc70efb06d41c7297c60ab041297515a74fadcbd998d64f44cad3e98fd4a2

Download Submit
C:\Windows\system\nkUNKzU.exe

Filesize
6.0MB

MD5
d5b4c94d2a9696b9e68b61186f47a926

SHA1
f3dda85a390813ffd135109ca8e8d5982a6a1aa8

SHA256
7ea7b4484a50be272617dd82e70833fe68e55890db2f26c4770bd0b0e8d0a0e5

SHA512
7dd1347e842347dc39f4ae10948c8c0c94f94c786ad7e7b60574e73bc3a8dc467d70b0efa054c4a65997cff712363a42b6a5b824a9a7fb18976b6e57cc848422

Download Submit
C:\Windows\system\nrhBcLT.exe

Filesize
6.0MB

MD5
84e66a44ece3a160b9e4b980828df456

SHA1
b1086ea2d0fa74cb866477a60092354aed60f18b

SHA256
d0667d3f104bba2fc64b096d0d719fc8c1b71d4b5b148ad0609c58aa5a5d461b

SHA512
e955474781aea40410b75665cf687e77bdb403d8960d81329125d99ebd9f4abb7a928c764a9b063dd206865d272715eed4da3561f70447ad4b2a5acd29df6f8f

Download Submit
C:\Windows\system\qbgrUua.exe

Filesize
6.0MB

MD5
f063dd98311a4827c14a07561cfddd0c

SHA1
d6e17131e8deabcab0764977010be824fce6bd0d

SHA256
c3b4a6f0aadc8ab9bb44d091cf1bc500b11d1d3d2cbff11de9f6cac777425365

SHA512
a87adac0b7cb1b131ef8de98a1324cfcb0d584831a190b52aefd873ec20d06b0106b981773026ab65a92bcfadd5b4d666a6c993bd3361b494f39795ac716d6b2

Download Submit
C:\Windows\system\swwTAtP.exe

Filesize
6.0MB

MD5
6067c77cb91a0296a3dbb923528688b3

SHA1
ea6fd5514f9a66774a785c740a590fcb9676ff64

SHA256
3575bceddd1c1680bd281fbb72dd05b98af514dfff5aee88f90821dfd2252a0b

SHA512
cb4b555709c5690cdb89022aee02bd6993fec5a026a7addac2e39876d06bcde59ddde3eebe742c19a10824003a0c014b523c1f6f22c1ffc9739cca890f083251

Download Submit
C:\Windows\system\wacleIW.exe

Filesize
6.0MB

MD5
cb69dddb6e8a104c11b58f5488e29450

SHA1
3567184f65098dd195ca8363e6d4167840c0fc69

SHA256
d1ad38364e35aa0d0bf2c869ce3263b5aaec9ad017c9a0ed2970a8337c53e6a1

SHA512
739c791d2a43ba1ed6146b9d5d44a1e90489118185a144cbf2da787ac1e44d84ba55227d35bb575dcffadfdbde81a630767581d4634df6b409a360c5d41ffbe5

Download Submit
C:\Windows\system\wyUgBCC.exe

Filesize
6.0MB

MD5
bc546363f5acf3f07b1821b6df97a4e0

SHA1
578860a8f7a6f7e25d5661126a072fcdd21bcd4a

SHA256
319d30f8b02930677b1fa72b22fab025ad638fb6eb19a4969c7c4749647b1697

SHA512
2358eddf348f5a446d3a7c15ce3c6b8a9e7be5c8d602dcac3f0d0be291b413385bccfee8d5f6be57e7301b1b21bd281205dba6fa9a7d758b658fc55cac126a33

Download Submit
C:\Windows\system\zUFJmZd.exe

Filesize
6.0MB

MD5
d77725d317bcb30f4bd61cf8e32bc3a0

SHA1
e9a31584315af9b4ee167b06019c2a8999896495

SHA256
e2ace3f7dc277abefb1674a534c5907a9f351b6d9d4ae6b457b82c0401e401df

SHA512
a30cc6ff0bc8d22e9910b8adc91bf5bb5f7cfdfe8de464cdc03a1e28e55a0563e2eee831b970ecb3562732a04d3c462883bb3922ad81e160df9db8b2ef0fcb0b

Download Submit
\Windows\system\JdWGTqK.exe

Filesize
6.0MB

MD5
e40b015492324e4748a8d44578856615

SHA1
7d49e0fba54018e686a2fb4e399e8ba73cb13b22

SHA256
25341a2fccdab4c3733cfd0d9ab92920f464cb7bcacc6882e98dc5a42fb72286

SHA512
1a701427ab63f7093b85bf678607c17be19f2be1bf61dc7272093995725fd3e6324f424a38d94fca518b231a6920eb44f62ab31a04b87f6d9cb76b230f2e0d1e

Download Submit
\Windows\system\JzLiidJ.exe

Filesize
6.0MB

MD5
a42b79099f923e3b711cdfc9ea05b07d

SHA1
849f4934eb3de3f9e53474f0a746d772d92be48f

SHA256
3b4c183be39d00600af79f80ac209e204f80a8cf55b5e8b501cc8eb4a56b2c19

SHA512
ed302f7cdf0d49fc6462ca2e0def750cf714a934f6af96423f511d1f2f3431d96db8bcb965e1ff3b832e901af60d64bbe5378ef0ffba68aa89358130842af7c2

Download Submit
\Windows\system\MQwMyOD.exe

Filesize
6.0MB

MD5
341ffd669d8a47572ddd656e722eb22d

SHA1
8b476bb42038b252d92f6d1d0e397d66cf6ed848

SHA256
359b82e78efcea4e6c8b536503676d1c9f34abd3b6329b0f26ad689b4068b9df

SHA512
df414647b21868008ffcdb36cc64861f1b74727a573d17c2c3fe640c0a1f61c4d13500eb7e573f1fa4932fe5f51037c4dbb59a572796f7b33b83894eee60fd1e

Download Submit
\Windows\system\ZyBYIZp.exe

Filesize
6.0MB

MD5
26b06f3e9b7745bc2705698cf689f3fc

SHA1
9c4b7325d2904252f11779c6083a9aadb5bdb63e

SHA256
8d11c0f5497dc4bc8f9a6a918121c8c0ab6473ef4bcb24214bc3c74febc6046c

SHA512
5cbbfe83e7f61fe8dc42b43fa61985417eff1b1ef2a1554471d02b62025e2a0f90b92ff68362de721e5418267cd1679909c6aa48bbc39678ab1cbef54f81d021

Download Submit
\Windows\system\mhnUYAi.exe

Filesize
6.0MB

MD5
f2d395a2933f5eca5fe4632fbebfb8ec

SHA1
4081e747428d6881f49f72a9a051b2c322dc41ea

SHA256
79d428b620d550d4edfc079fa210c6a2e27f73656689bcf21d462f068b5f34d2

SHA512
c6b456b2945c1d0fad9865e17a51373542b22ba380407b64552ad4cf0de7f3592e8b3df926cd46348e3872aff1f72efc4ba0f823cda5d220769afd03ecfc239e

Download Submit
\Windows\system\ozUBggV.exe

Filesize
6.0MB

MD5
0cb865fb33fd92d658d629f464ba707f

SHA1
86544a7bcdbb7dfac7518d2e6c7fa0d8351aa23d

SHA256
1c1fcae9a59747bc64a51ee5c84e01617991d4acc3a3e3d1f87f95bb3bbd8bc4

SHA512
d89aa9790a79e92274fe45d3958e3a0eec07616ef3646081aae33a0a184e7c3a2393bc8e957760de1efd0694a70e3ee68cc5bb50851e37546f72f9d09071cd7a

Download Submit
\Windows\system\pBDwVLo.exe

Filesize
6.0MB

MD5
010d79dc3c1dda150db46ad0ad2158f5

SHA1
c7be25a2bd30defffe151d369385f58b469122bb

SHA256
97e001d2f637819c67394e9137db2f63cdf1f9b41427d2ffd755f8212c21a518

SHA512
2fe06f6a4f2c6e3cbd2f65fa5718a2d33f5a4ef34d5c5bc7c33219047d23fa0cbda919cc5d3f702b292e15ddea7ecad59e52046061e6bde6ff306ec605a1984b

Download Submit
\Windows\system\vHgjIJW.exe

Filesize
6.0MB

MD5
e9c57aa67e51d10c4e100c40788bd39f

SHA1
3cdba652bec93afc389cf77efd6f67a7eb86ccd2

SHA256
1c41f55a4d47493a62a54fea2cd1cb085b6f2eb9b07b04c432dfd09f58b45ab7

SHA512
813de827de768ae2beff7339db1724a818f6d54a97f1d44025f11fad23dd9f2934c93971588aaddcf9dcafde61d72e28176c0bb510089cc487db49b50d0a9352

Download Submit
memory/496-9-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/496-3865-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1164-23-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1164-318-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1164-3863-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1924-88-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1924-109-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1924-100-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1924-110-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/1924-0-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1924-120-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1924-8-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1924-17-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1924-558-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1924-21-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1924-765-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1012-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1924-94-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1159-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1924-136-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1924-31-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1310-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1924-41-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1924-40-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1924-50-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1924-52-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1455-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1924-125-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1924-58-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1924-1014-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/1924-75-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2232-1013-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2232-3862-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2232-78-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2312-129-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2312-3868-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2420-18-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2420-96-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2420-3806-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2468-37-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-3864-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-428-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3870-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-116-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3982-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-649-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-43-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-85-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3867-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3866-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2832-51-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2916-3938-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2916-319-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2916-36-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download