cobaltstrike | a8787643351ed557607d4b3a9d8a8acb5422b38077f50498479cf91942251ce4

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/01/2025, 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

03119f921b5483909b7eac068f36edca
SHA1

9193a66eae5ddd523338932155bb35228aa1ed8e
SHA256

a8787643351ed557607d4b3a9d8a8acb5422b38077f50498479cf91942251ce4
SHA512

3b3fa816f7c37f300a2520c4d8b4f4c2ee3b54a59d6898869122eff59482ac5b3ae9e794a24827851282f148249e103fb38beb98431939e8614bac593adc7aa0
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUb:T+q56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0005000000010300-3.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000018617-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018636-14.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001907c-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019080-22.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001919c-25.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000191ad-30.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000193a8-31.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d69-49.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000017447-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2fc-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a445-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a454-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a452-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a447-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a423-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ed-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ea-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a05a-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e6-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e8-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e4-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2b9-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a033-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a020-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f71-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f57-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5c-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-41.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019c0b-37.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1868-0-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x0005000000010300-3.dat	xmrig
behavioral1/files/0x000b000000018617-7.dat	xmrig
behavioral1/files/0x0007000000018636-14.dat	xmrig
behavioral1/files/0x000700000001907c-15.dat	xmrig
behavioral1/files/0x0007000000019080-22.dat	xmrig
behavioral1/files/0x000600000001919c-25.dat	xmrig
behavioral1/files/0x00090000000191ad-30.dat	xmrig
behavioral1/files/0x00080000000193a8-31.dat	xmrig
behavioral1/files/0x0005000000019d69-49.dat	xmrig
behavioral1/memory/2756-78-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/files/0x000a000000017447-109.dat	xmrig
behavioral1/files/0x000500000001a2fc-124.dat	xmrig
behavioral1/files/0x000500000001a445-164.dat	xmrig
behavioral1/files/0x000500000001a46d-189.dat	xmrig
behavioral1/memory/1868-892-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2068-976-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/1868-771-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/1868-655-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x000500000001a463-184.dat	xmrig
behavioral1/files/0x000500000001a454-180.dat	xmrig
behavioral1/files/0x000500000001a452-174.dat	xmrig
behavioral1/files/0x000500000001a447-169.dat	xmrig
behavioral1/files/0x000500000001a423-159.dat	xmrig
behavioral1/files/0x000500000001a3ed-153.dat	xmrig
behavioral1/files/0x000500000001a3ea-148.dat	xmrig
behavioral1/files/0x000500000001a05a-136.dat	xmrig
behavioral1/files/0x000500000001a3e6-131.dat	xmrig
behavioral1/files/0x000500000001a3e8-141.dat	xmrig
behavioral1/files/0x000500000001a3e4-130.dat	xmrig
behavioral1/files/0x000500000001a2b9-121.dat	xmrig
behavioral1/files/0x000500000001a033-114.dat	xmrig
behavioral1/memory/2068-99-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2652-97-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2600-96-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a020-104.dat	xmrig
behavioral1/memory/2560-94-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/1868-93-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2612-92-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/1868-91-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/2596-90-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2964-88-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/1868-87-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/2720-86-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2836-84-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/1868-83-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2844-82-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2752-80-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/1868-79-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2708-76-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/1868-75-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/1032-74-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f71-73.dat	xmrig
behavioral1/files/0x0005000000019f57-53.dat	xmrig
behavioral1/files/0x0005000000019d5c-45.dat	xmrig
behavioral1/files/0x0005000000019cfc-41.dat	xmrig
behavioral1/files/0x0006000000019c0b-37.dat	xmrig
behavioral1/memory/2652-3563-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2612-3570-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2964-3568-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2752-3567-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2068-3572-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2756-3573-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2596-3574-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2652	AirXVOd.exe
1032	LDhMbtY.exe
2708	mWPCRMu.exe
2756	ArwUzgf.exe
2752	eiAIzIC.exe
2844	LVDZMKK.exe
2836	OcvAmyJ.exe
2720	TIqXUya.exe
2964	VimKToJ.exe
2596	lYSjGLc.exe
2612	UxBtAqV.exe
2560	GodqSrS.exe
2600	PquICTE.exe
2068	YZlexnt.exe
1660	rfUXudG.exe
2936	BjBUdCW.exe
1608	KSltgJg.exe
296	XnzpCZj.exe
2160	zXSIadW.exe
764	bSaooWS.exe
2432	DidCNRj.exe
2400	RxwUWwl.exe
1092	uNoGBUE.exe
2256	PeaypsI.exe
2420	qJjlMWw.exe
2916	veSVANn.exe
2032	MLIGjlI.exe
948	iVcZYVa.exe
1592	sgKBOlq.exe
1304	eRBgfKL.exe
1284	WvwnJYc.exe
492	MfbNant.exe
1540	JsTDTqg.exe
1652	LHyqYqu.exe
1300	OXSQnEA.exe
2904	WAvLjcJ.exe
3028	OOQrYyk.exe
1336	RaDCNmg.exe
1104	ngiNNZV.exe
1952	bJrCHOE.exe
2104	idKGhWa.exe
2388	qmRAHTq.exe
2476	YPkENUq.exe
2512	HxxDZla.exe
2516	lYDEzMG.exe
3048	eDUdBWV.exe
3040	qlxVPRB.exe
880	JTJLTBS.exe
2292	FGxwqrb.exe
1764	DUjDFdD.exe
2076	IWIRqrt.exe
1332	KNdraDv.exe
1580	qCJOXyX.exe
2144	LfXaJtu.exe
2372	rFUkANT.exe
2700	tkeRVmA.exe
2740	IVREICL.exe
2556	mkEPGVG.exe
2784	qOUkXvP.exe
2796	CIfisLj.exe
1468	LovFpJk.exe
1572	XKSwSJD.exe
1476	SjNQvVr.exe
2208	PbYaRqr.exe

Loads dropped DLL 64 IoCs

pid	Process
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1868-0-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x0005000000010300-3.dat	upx
behavioral1/files/0x000b000000018617-7.dat	upx
behavioral1/files/0x0007000000018636-14.dat	upx
behavioral1/files/0x000700000001907c-15.dat	upx
behavioral1/files/0x0007000000019080-22.dat	upx
behavioral1/files/0x000600000001919c-25.dat	upx
behavioral1/files/0x00090000000191ad-30.dat	upx
behavioral1/files/0x00080000000193a8-31.dat	upx
behavioral1/files/0x0005000000019d69-49.dat	upx
behavioral1/memory/2756-78-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/files/0x000a000000017447-109.dat	upx
behavioral1/files/0x000500000001a2fc-124.dat	upx
behavioral1/files/0x000500000001a445-164.dat	upx
behavioral1/files/0x000500000001a46d-189.dat	upx
behavioral1/memory/2068-976-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/1868-655-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x000500000001a463-184.dat	upx
behavioral1/files/0x000500000001a454-180.dat	upx
behavioral1/files/0x000500000001a452-174.dat	upx
behavioral1/files/0x000500000001a447-169.dat	upx
behavioral1/files/0x000500000001a423-159.dat	upx
behavioral1/files/0x000500000001a3ed-153.dat	upx
behavioral1/files/0x000500000001a3ea-148.dat	upx
behavioral1/files/0x000500000001a05a-136.dat	upx
behavioral1/files/0x000500000001a3e6-131.dat	upx
behavioral1/files/0x000500000001a3e8-141.dat	upx
behavioral1/files/0x000500000001a3e4-130.dat	upx
behavioral1/files/0x000500000001a2b9-121.dat	upx
behavioral1/files/0x000500000001a033-114.dat	upx
behavioral1/memory/2068-99-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2652-97-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2600-96-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x000500000001a020-104.dat	upx
behavioral1/memory/2560-94-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2612-92-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2596-90-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2964-88-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2720-86-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2836-84-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2844-82-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2752-80-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2708-76-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/1032-74-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x0005000000019f71-73.dat	upx
behavioral1/files/0x0005000000019f57-53.dat	upx
behavioral1/files/0x0005000000019d5c-45.dat	upx
behavioral1/files/0x0005000000019cfc-41.dat	upx
behavioral1/files/0x0006000000019c0b-37.dat	upx
behavioral1/memory/2652-3563-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2612-3570-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2964-3568-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2752-3567-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2068-3572-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2756-3573-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2596-3574-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/1032-3575-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2560-3578-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2720-3577-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2844-3576-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2708-3566-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2600-3565-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2836-3564-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hEcWsMt.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFAEeHv.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sGhqWUa.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CgToNtI.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mINKZNL.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oGszvYf.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXuhIdt.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IcVHjkm.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CcDEHPR.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dEXtIdE.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ECeJWtQ.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WvwnJYc.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mdVbvcg.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uFtsoiF.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yqHIOXT.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDAHlLF.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ExHVGGq.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lSzoJPi.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZFFRWSD.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cKsQHAM.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTLXjZc.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WkUbzdY.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ifNDRDg.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hOtGaoZ.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZbifZN.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IPbEKeR.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eVYoPlx.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgCzLoG.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQzpWGb.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DlfIGHZ.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpPaLnL.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tVtxjSX.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lRvcqyw.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Edsucey.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RaDCNmg.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BgfSMCu.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jedpdlQ.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LaNIMyT.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iaklEuX.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ryXNPTI.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xHSKyOA.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FSgCGns.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zamzASd.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aQCOByF.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHyqYqu.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btpzwoJ.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DiYZRNo.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NehFCcg.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YgsenER.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqBCJLC.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EGHwNfG.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NIvoMwj.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iVcZYVa.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MpPbVVo.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ivxoOPh.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvMpMIZ.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gDFUwUr.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KkJVxYN.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bYrVKKM.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YbFopAS.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LZgKeZb.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sPMTJwu.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftzhihl.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\txNxLnR.exe	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 2652	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1868 wrote to memory of 2652	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1868 wrote to memory of 2652	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1868 wrote to memory of 1032	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1868 wrote to memory of 1032	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1868 wrote to memory of 1032	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1868 wrote to memory of 2708	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1868 wrote to memory of 2708	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1868 wrote to memory of 2708	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1868 wrote to memory of 2756	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1868 wrote to memory of 2756	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1868 wrote to memory of 2756	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1868 wrote to memory of 2752	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1868 wrote to memory of 2752	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1868 wrote to memory of 2752	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1868 wrote to memory of 2844	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1868 wrote to memory of 2844	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1868 wrote to memory of 2844	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1868 wrote to memory of 2836	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1868 wrote to memory of 2836	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1868 wrote to memory of 2836	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1868 wrote to memory of 2720	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1868 wrote to memory of 2720	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1868 wrote to memory of 2720	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1868 wrote to memory of 2964	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1868 wrote to memory of 2964	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1868 wrote to memory of 2964	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1868 wrote to memory of 2596	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1868 wrote to memory of 2596	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1868 wrote to memory of 2596	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1868 wrote to memory of 2612	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1868 wrote to memory of 2612	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1868 wrote to memory of 2612	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1868 wrote to memory of 2560	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1868 wrote to memory of 2560	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1868 wrote to memory of 2560	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1868 wrote to memory of 2600	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1868 wrote to memory of 2600	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1868 wrote to memory of 2600	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1868 wrote to memory of 2068	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1868 wrote to memory of 2068	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1868 wrote to memory of 2068	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1868 wrote to memory of 1660	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1868 wrote to memory of 1660	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1868 wrote to memory of 1660	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1868 wrote to memory of 2936	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1868 wrote to memory of 2936	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1868 wrote to memory of 2936	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1868 wrote to memory of 1608	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1868 wrote to memory of 1608	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1868 wrote to memory of 1608	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1868 wrote to memory of 764	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1868 wrote to memory of 764	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1868 wrote to memory of 764	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1868 wrote to memory of 296	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1868 wrote to memory of 296	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1868 wrote to memory of 296	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1868 wrote to memory of 2400	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1868 wrote to memory of 2400	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1868 wrote to memory of 2400	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1868 wrote to memory of 2160	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1868 wrote to memory of 2160	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1868 wrote to memory of 2160	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1868 wrote to memory of 1092	1868	2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_03119f921b5483909b7eac068f36edca_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\System\AirXVOd.exe
  C:\Windows\System\AirXVOd.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\LDhMbtY.exe
  C:\Windows\System\LDhMbtY.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\mWPCRMu.exe
  C:\Windows\System\mWPCRMu.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\ArwUzgf.exe
  C:\Windows\System\ArwUzgf.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\eiAIzIC.exe
  C:\Windows\System\eiAIzIC.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\LVDZMKK.exe
  C:\Windows\System\LVDZMKK.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\OcvAmyJ.exe
  C:\Windows\System\OcvAmyJ.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\TIqXUya.exe
  C:\Windows\System\TIqXUya.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\VimKToJ.exe
  C:\Windows\System\VimKToJ.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\lYSjGLc.exe
  C:\Windows\System\lYSjGLc.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\UxBtAqV.exe
  C:\Windows\System\UxBtAqV.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\GodqSrS.exe
  C:\Windows\System\GodqSrS.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\PquICTE.exe
  C:\Windows\System\PquICTE.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\YZlexnt.exe
  C:\Windows\System\YZlexnt.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\rfUXudG.exe
  C:\Windows\System\rfUXudG.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\BjBUdCW.exe
  C:\Windows\System\BjBUdCW.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\KSltgJg.exe
  C:\Windows\System\KSltgJg.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\bSaooWS.exe
  C:\Windows\System\bSaooWS.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\XnzpCZj.exe
  C:\Windows\System\XnzpCZj.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\RxwUWwl.exe
  C:\Windows\System\RxwUWwl.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\zXSIadW.exe
  C:\Windows\System\zXSIadW.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\uNoGBUE.exe
  C:\Windows\System\uNoGBUE.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\DidCNRj.exe
  C:\Windows\System\DidCNRj.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\PeaypsI.exe
  C:\Windows\System\PeaypsI.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\qJjlMWw.exe
  C:\Windows\System\qJjlMWw.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\veSVANn.exe
  C:\Windows\System\veSVANn.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\MLIGjlI.exe
  C:\Windows\System\MLIGjlI.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\iVcZYVa.exe
  C:\Windows\System\iVcZYVa.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\sgKBOlq.exe
  C:\Windows\System\sgKBOlq.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\eRBgfKL.exe
  C:\Windows\System\eRBgfKL.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\WvwnJYc.exe
  C:\Windows\System\WvwnJYc.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\MfbNant.exe
  C:\Windows\System\MfbNant.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\JsTDTqg.exe
  C:\Windows\System\JsTDTqg.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\LHyqYqu.exe
  C:\Windows\System\LHyqYqu.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\OXSQnEA.exe
  C:\Windows\System\OXSQnEA.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\WAvLjcJ.exe
  C:\Windows\System\WAvLjcJ.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\OOQrYyk.exe
  C:\Windows\System\OOQrYyk.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\RaDCNmg.exe
  C:\Windows\System\RaDCNmg.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\ngiNNZV.exe
  C:\Windows\System\ngiNNZV.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\bJrCHOE.exe
  C:\Windows\System\bJrCHOE.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\idKGhWa.exe
  C:\Windows\System\idKGhWa.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\qmRAHTq.exe
  C:\Windows\System\qmRAHTq.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\YPkENUq.exe
  C:\Windows\System\YPkENUq.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\HxxDZla.exe
  C:\Windows\System\HxxDZla.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\lYDEzMG.exe
  C:\Windows\System\lYDEzMG.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\eDUdBWV.exe
  C:\Windows\System\eDUdBWV.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\qlxVPRB.exe
  C:\Windows\System\qlxVPRB.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\JTJLTBS.exe
  C:\Windows\System\JTJLTBS.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\FGxwqrb.exe
  C:\Windows\System\FGxwqrb.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\DUjDFdD.exe
  C:\Windows\System\DUjDFdD.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\IWIRqrt.exe
  C:\Windows\System\IWIRqrt.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\KNdraDv.exe
  C:\Windows\System\KNdraDv.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\qCJOXyX.exe
  C:\Windows\System\qCJOXyX.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\LfXaJtu.exe
  C:\Windows\System\LfXaJtu.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\rFUkANT.exe
  C:\Windows\System\rFUkANT.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\tkeRVmA.exe
  C:\Windows\System\tkeRVmA.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\IVREICL.exe
  C:\Windows\System\IVREICL.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\qOUkXvP.exe
  C:\Windows\System\qOUkXvP.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\mkEPGVG.exe
  C:\Windows\System\mkEPGVG.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\LovFpJk.exe
  C:\Windows\System\LovFpJk.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\CIfisLj.exe
  C:\Windows\System\CIfisLj.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\SjNQvVr.exe
  C:\Windows\System\SjNQvVr.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\XKSwSJD.exe
  C:\Windows\System\XKSwSJD.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\GWmDFkM.exe
  C:\Windows\System\GWmDFkM.exe
  2⤵
  PID:1664
- C:\Windows\System\PbYaRqr.exe
  C:\Windows\System\PbYaRqr.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\XnIjgUe.exe
  C:\Windows\System\XnIjgUe.exe
  2⤵
  PID:1672
- C:\Windows\System\DQXtsMd.exe
  C:\Windows\System\DQXtsMd.exe
  2⤵
  PID:660
- C:\Windows\System\ttclmFn.exe
  C:\Windows\System\ttclmFn.exe
  2⤵
  PID:2164
- C:\Windows\System\ShnguDE.exe
  C:\Windows\System\ShnguDE.exe
  2⤵
  PID:1088
- C:\Windows\System\eKIuJGn.exe
  C:\Windows\System\eKIuJGn.exe
  2⤵
  PID:2884
- C:\Windows\System\xOhDGgI.exe
  C:\Windows\System\xOhDGgI.exe
  2⤵
  PID:2736
- C:\Windows\System\gcWtgkB.exe
  C:\Windows\System\gcWtgkB.exe
  2⤵
  PID:1980
- C:\Windows\System\dkhNZFY.exe
  C:\Windows\System\dkhNZFY.exe
  2⤵
  PID:2216
- C:\Windows\System\sFOtWYB.exe
  C:\Windows\System\sFOtWYB.exe
  2⤵
  PID:1836
- C:\Windows\System\PtBFrWw.exe
  C:\Windows\System\PtBFrWw.exe
  2⤵
  PID:236
- C:\Windows\System\YpGiDmm.exe
  C:\Windows\System\YpGiDmm.exe
  2⤵
  PID:1720
- C:\Windows\System\cKsQHAM.exe
  C:\Windows\System\cKsQHAM.exe
  2⤵
  PID:1624
- C:\Windows\System\SGGDnCV.exe
  C:\Windows\System\SGGDnCV.exe
  2⤵
  PID:2440
- C:\Windows\System\YgtoOOP.exe
  C:\Windows\System\YgtoOOP.exe
  2⤵
  PID:2240
- C:\Windows\System\pUbXmJi.exe
  C:\Windows\System\pUbXmJi.exe
  2⤵
  PID:1632
- C:\Windows\System\ckpcxvp.exe
  C:\Windows\System\ckpcxvp.exe
  2⤵
  PID:1828
- C:\Windows\System\tXWsACM.exe
  C:\Windows\System\tXWsACM.exe
  2⤵
  PID:996
- C:\Windows\System\XDuKzAo.exe
  C:\Windows\System\XDuKzAo.exe
  2⤵
  PID:788
- C:\Windows\System\yKtrYUw.exe
  C:\Windows\System\yKtrYUw.exe
  2⤵
  PID:864
- C:\Windows\System\XOOMElD.exe
  C:\Windows\System\XOOMElD.exe
  2⤵
  PID:2524
- C:\Windows\System\njyWjwq.exe
  C:\Windows\System\njyWjwq.exe
  2⤵
  PID:2980
- C:\Windows\System\xZfSTRN.exe
  C:\Windows\System\xZfSTRN.exe
  2⤵
  PID:2776
- C:\Windows\System\ImvPYvW.exe
  C:\Windows\System\ImvPYvW.exe
  2⤵
  PID:2680
- C:\Windows\System\aMpNsiy.exe
  C:\Windows\System\aMpNsiy.exe
  2⤵
  PID:2924
- C:\Windows\System\UtElQMN.exe
  C:\Windows\System\UtElQMN.exe
  2⤵
  PID:1976
- C:\Windows\System\WlyraPo.exe
  C:\Windows\System\WlyraPo.exe
  2⤵
  PID:2628
- C:\Windows\System\nYVBCKg.exe
  C:\Windows\System\nYVBCKg.exe
  2⤵
  PID:2928
- C:\Windows\System\aJKlHAO.exe
  C:\Windows\System\aJKlHAO.exe
  2⤵
  PID:1948
- C:\Windows\System\owZlmbm.exe
  C:\Windows\System\owZlmbm.exe
  2⤵
  PID:2100
- C:\Windows\System\iMtsfKf.exe
  C:\Windows\System\iMtsfKf.exe
  2⤵
  PID:792
- C:\Windows\System\IUxbuGE.exe
  C:\Windows\System\IUxbuGE.exe
  2⤵
  PID:2412
- C:\Windows\System\XwjcOmj.exe
  C:\Windows\System\XwjcOmj.exe
  2⤵
  PID:2312
- C:\Windows\System\zHysCCR.exe
  C:\Windows\System\zHysCCR.exe
  2⤵
  PID:1784
- C:\Windows\System\sxPpTRx.exe
  C:\Windows\System\sxPpTRx.exe
  2⤵
  PID:1864
- C:\Windows\System\mVfKGVi.exe
  C:\Windows\System\mVfKGVi.exe
  2⤵
  PID:1944
- C:\Windows\System\EzWcuIW.exe
  C:\Windows\System\EzWcuIW.exe
  2⤵
  PID:900
- C:\Windows\System\zaWkxJW.exe
  C:\Windows\System\zaWkxJW.exe
  2⤵
  PID:756
- C:\Windows\System\vfujjNz.exe
  C:\Windows\System\vfujjNz.exe
  2⤵
  PID:2012
- C:\Windows\System\PMDFMME.exe
  C:\Windows\System\PMDFMME.exe
  2⤵
  PID:2988
- C:\Windows\System\rwqRJiU.exe
  C:\Windows\System\rwqRJiU.exe
  2⤵
  PID:828
- C:\Windows\System\ThDCuzr.exe
  C:\Windows\System\ThDCuzr.exe
  2⤵
  PID:2332
- C:\Windows\System\VdGnuSU.exe
  C:\Windows\System\VdGnuSU.exe
  2⤵
  PID:1700
- C:\Windows\System\hDbufzJ.exe
  C:\Windows\System\hDbufzJ.exe
  2⤵
  PID:1584
- C:\Windows\System\SBmqyGs.exe
  C:\Windows\System\SBmqyGs.exe
  2⤵
  PID:2824
- C:\Windows\System\ilepxEz.exe
  C:\Windows\System\ilepxEz.exe
  2⤵
  PID:2572
- C:\Windows\System\vBGAwOb.exe
  C:\Windows\System\vBGAwOb.exe
  2⤵
  PID:1340
- C:\Windows\System\bZKfQGi.exe
  C:\Windows\System\bZKfQGi.exe
  2⤵
  PID:1588
- C:\Windows\System\KXsYOIw.exe
  C:\Windows\System\KXsYOIw.exe
  2⤵
  PID:2592
- C:\Windows\System\UZsRjOV.exe
  C:\Windows\System\UZsRjOV.exe
  2⤵
  PID:3080
- C:\Windows\System\xmzIEss.exe
  C:\Windows\System\xmzIEss.exe
  2⤵
  PID:3100
- C:\Windows\System\yhdkMHD.exe
  C:\Windows\System\yhdkMHD.exe
  2⤵
  PID:3116
- C:\Windows\System\gbLVglP.exe
  C:\Windows\System\gbLVglP.exe
  2⤵
  PID:3140
- C:\Windows\System\ToGgnlZ.exe
  C:\Windows\System\ToGgnlZ.exe
  2⤵
  PID:3156
- C:\Windows\System\eecHEaL.exe
  C:\Windows\System\eecHEaL.exe
  2⤵
  PID:3172
- C:\Windows\System\bRUJKZg.exe
  C:\Windows\System\bRUJKZg.exe
  2⤵
  PID:3188
- C:\Windows\System\JSdcWUD.exe
  C:\Windows\System\JSdcWUD.exe
  2⤵
  PID:3204
- C:\Windows\System\xvkIjRA.exe
  C:\Windows\System\xvkIjRA.exe
  2⤵
  PID:3224
- C:\Windows\System\GYljMSh.exe
  C:\Windows\System\GYljMSh.exe
  2⤵
  PID:3240
- C:\Windows\System\ZAlxlxl.exe
  C:\Windows\System\ZAlxlxl.exe
  2⤵
  PID:3372
- C:\Windows\System\DlfIGHZ.exe
  C:\Windows\System\DlfIGHZ.exe
  2⤵
  PID:3396
- C:\Windows\System\ivXNVwg.exe
  C:\Windows\System\ivXNVwg.exe
  2⤵
  PID:3416
- C:\Windows\System\zGmXTmO.exe
  C:\Windows\System\zGmXTmO.exe
  2⤵
  PID:3436
- C:\Windows\System\BgfSMCu.exe
  C:\Windows\System\BgfSMCu.exe
  2⤵
  PID:3456
- C:\Windows\System\xxAsEqn.exe
  C:\Windows\System\xxAsEqn.exe
  2⤵
  PID:3476
- C:\Windows\System\krszjZC.exe
  C:\Windows\System\krszjZC.exe
  2⤵
  PID:3496
- C:\Windows\System\dhDUVqI.exe
  C:\Windows\System\dhDUVqI.exe
  2⤵
  PID:3512
- C:\Windows\System\gtDalFB.exe
  C:\Windows\System\gtDalFB.exe
  2⤵
  PID:3532
- C:\Windows\System\WjMxwMp.exe
  C:\Windows\System\WjMxwMp.exe
  2⤵
  PID:3552
- C:\Windows\System\ftzhihl.exe
  C:\Windows\System\ftzhihl.exe
  2⤵
  PID:3568
- C:\Windows\System\eKrVnFA.exe
  C:\Windows\System\eKrVnFA.exe
  2⤵
  PID:3588
- C:\Windows\System\lzbaSvA.exe
  C:\Windows\System\lzbaSvA.exe
  2⤵
  PID:3608
- C:\Windows\System\vQCQGLl.exe
  C:\Windows\System\vQCQGLl.exe
  2⤵
  PID:3628
- C:\Windows\System\fOTMRyl.exe
  C:\Windows\System\fOTMRyl.exe
  2⤵
  PID:3648
- C:\Windows\System\zJGRTza.exe
  C:\Windows\System\zJGRTza.exe
  2⤵
  PID:3664
- C:\Windows\System\Lvxkjmj.exe
  C:\Windows\System\Lvxkjmj.exe
  2⤵
  PID:3680
- C:\Windows\System\gLYAjwD.exe
  C:\Windows\System\gLYAjwD.exe
  2⤵
  PID:3704
- C:\Windows\System\HFBOhKL.exe
  C:\Windows\System\HFBOhKL.exe
  2⤵
  PID:3728
- C:\Windows\System\QDWgTra.exe
  C:\Windows\System\QDWgTra.exe
  2⤵
  PID:3744
- C:\Windows\System\SMOTBVK.exe
  C:\Windows\System\SMOTBVK.exe
  2⤵
  PID:3772
- C:\Windows\System\UbQlxsG.exe
  C:\Windows\System\UbQlxsG.exe
  2⤵
  PID:3788
- C:\Windows\System\yIMceJs.exe
  C:\Windows\System\yIMceJs.exe
  2⤵
  PID:3804
- C:\Windows\System\IPbEKeR.exe
  C:\Windows\System\IPbEKeR.exe
  2⤵
  PID:3828
- C:\Windows\System\ehZlKfZ.exe
  C:\Windows\System\ehZlKfZ.exe
  2⤵
  PID:3848
- C:\Windows\System\jtOAYnv.exe
  C:\Windows\System\jtOAYnv.exe
  2⤵
  PID:3868
- C:\Windows\System\jCFKZsS.exe
  C:\Windows\System\jCFKZsS.exe
  2⤵
  PID:3888
- C:\Windows\System\SSIIiAv.exe
  C:\Windows\System\SSIIiAv.exe
  2⤵
  PID:3912
- C:\Windows\System\Szxlako.exe
  C:\Windows\System\Szxlako.exe
  2⤵
  PID:3932
- C:\Windows\System\QRucvtI.exe
  C:\Windows\System\QRucvtI.exe
  2⤵
  PID:3952
- C:\Windows\System\ZoPRjZm.exe
  C:\Windows\System\ZoPRjZm.exe
  2⤵
  PID:3972
- C:\Windows\System\nDxMDmL.exe
  C:\Windows\System\nDxMDmL.exe
  2⤵
  PID:3988
- C:\Windows\System\uoUERED.exe
  C:\Windows\System\uoUERED.exe
  2⤵
  PID:4012
- C:\Windows\System\TXvRyAd.exe
  C:\Windows\System\TXvRyAd.exe
  2⤵
  PID:4028
- C:\Windows\System\wQhtXse.exe
  C:\Windows\System\wQhtXse.exe
  2⤵
  PID:4044
- C:\Windows\System\trwssfW.exe
  C:\Windows\System\trwssfW.exe
  2⤵
  PID:4064
- C:\Windows\System\wworcCy.exe
  C:\Windows\System\wworcCy.exe
  2⤵
  PID:4080
- C:\Windows\System\saTbqyU.exe
  C:\Windows\System\saTbqyU.exe
  2⤵
  PID:2200
- C:\Windows\System\AuXaKon.exe
  C:\Windows\System\AuXaKon.exe
  2⤵
  PID:744
- C:\Windows\System\WWIvuQa.exe
  C:\Windows\System\WWIvuQa.exe
  2⤵
  PID:3148
- C:\Windows\System\sEtQhuU.exe
  C:\Windows\System\sEtQhuU.exe
  2⤵
  PID:1972
- C:\Windows\System\yjBBPkq.exe
  C:\Windows\System\yjBBPkq.exe
  2⤵
  PID:2848
- C:\Windows\System\zfxdeMl.exe
  C:\Windows\System\zfxdeMl.exe
  2⤵
  PID:3216
- C:\Windows\System\tjNECQV.exe
  C:\Windows\System\tjNECQV.exe
  2⤵
  PID:1696
- C:\Windows\System\kslNEYA.exe
  C:\Windows\System\kslNEYA.exe
  2⤵
  PID:3304
- C:\Windows\System\mINKZNL.exe
  C:\Windows\System\mINKZNL.exe
  2⤵
  PID:3320
- C:\Windows\System\EUHWLgb.exe
  C:\Windows\System\EUHWLgb.exe
  2⤵
  PID:3340
- C:\Windows\System\XbRgSWi.exe
  C:\Windows\System\XbRgSWi.exe
  2⤵
  PID:3352
- C:\Windows\System\KOFnuMt.exe
  C:\Windows\System\KOFnuMt.exe
  2⤵
  PID:2588
- C:\Windows\System\bBKdfCY.exe
  C:\Windows\System\bBKdfCY.exe
  2⤵
  PID:2136
- C:\Windows\System\MpPbVVo.exe
  C:\Windows\System\MpPbVVo.exe
  2⤵
  PID:888
- C:\Windows\System\OmWVkmK.exe
  C:\Windows\System\OmWVkmK.exe
  2⤵
  PID:3096
- C:\Windows\System\CvwAytZ.exe
  C:\Windows\System\CvwAytZ.exe
  2⤵
  PID:3136
- C:\Windows\System\hZjnjtG.exe
  C:\Windows\System\hZjnjtG.exe
  2⤵
  PID:3200
- C:\Windows\System\CByMiRn.exe
  C:\Windows\System\CByMiRn.exe
  2⤵
  PID:1752
- C:\Windows\System\CWcUdeC.exe
  C:\Windows\System\CWcUdeC.exe
  2⤵
  PID:2316
- C:\Windows\System\FioLuuB.exe
  C:\Windows\System\FioLuuB.exe
  2⤵
  PID:1532
- C:\Windows\System\avLCoiy.exe
  C:\Windows\System\avLCoiy.exe
  2⤵
  PID:3412
- C:\Windows\System\imbIFBN.exe
  C:\Windows\System\imbIFBN.exe
  2⤵
  PID:3448
- C:\Windows\System\QvfcAzc.exe
  C:\Windows\System\QvfcAzc.exe
  2⤵
  PID:3520
- C:\Windows\System\NBvhgzb.exe
  C:\Windows\System\NBvhgzb.exe
  2⤵
  PID:3564
- C:\Windows\System\rEkWkxZ.exe
  C:\Windows\System\rEkWkxZ.exe
  2⤵
  PID:3604
- C:\Windows\System\MwyoRZR.exe
  C:\Windows\System\MwyoRZR.exe
  2⤵
  PID:3644
- C:\Windows\System\aHKRdsg.exe
  C:\Windows\System\aHKRdsg.exe
  2⤵
  PID:3640
- C:\Windows\System\WEyHKsv.exe
  C:\Windows\System\WEyHKsv.exe
  2⤵
  PID:3468
- C:\Windows\System\ZeYfrYp.exe
  C:\Windows\System\ZeYfrYp.exe
  2⤵
  PID:3540
- C:\Windows\System\HgPoLrD.exe
  C:\Windows\System\HgPoLrD.exe
  2⤵
  PID:3576
- C:\Windows\System\wopQZwX.exe
  C:\Windows\System\wopQZwX.exe
  2⤵
  PID:3716
- C:\Windows\System\jedpdlQ.exe
  C:\Windows\System\jedpdlQ.exe
  2⤵
  PID:3696
- C:\Windows\System\AWMooGx.exe
  C:\Windows\System\AWMooGx.exe
  2⤵
  PID:3692
- C:\Windows\System\pWawAgq.exe
  C:\Windows\System\pWawAgq.exe
  2⤵
  PID:3740
- C:\Windows\System\nemdpeC.exe
  C:\Windows\System\nemdpeC.exe
  2⤵
  PID:3764
- C:\Windows\System\hbVgIyf.exe
  C:\Windows\System\hbVgIyf.exe
  2⤵
  PID:3836
- C:\Windows\System\ayOLErR.exe
  C:\Windows\System\ayOLErR.exe
  2⤵
  PID:3780
- C:\Windows\System\mdVbvcg.exe
  C:\Windows\System\mdVbvcg.exe
  2⤵
  PID:3820
- C:\Windows\System\RbwJbaC.exe
  C:\Windows\System\RbwJbaC.exe
  2⤵
  PID:3920
- C:\Windows\System\WylNqvJ.exe
  C:\Windows\System\WylNqvJ.exe
  2⤵
  PID:3964
- C:\Windows\System\oNrNcoS.exe
  C:\Windows\System\oNrNcoS.exe
  2⤵
  PID:4004
- C:\Windows\System\CPIoZrt.exe
  C:\Windows\System\CPIoZrt.exe
  2⤵
  PID:4076
- C:\Windows\System\yUUJWxX.exe
  C:\Windows\System\yUUJWxX.exe
  2⤵
  PID:2728
- C:\Windows\System\xAIZcdi.exe
  C:\Windows\System\xAIZcdi.exe
  2⤵
  PID:3300
- C:\Windows\System\FLAFpsF.exe
  C:\Windows\System\FLAFpsF.exe
  2⤵
  PID:3364
- C:\Windows\System\eVYoPlx.exe
  C:\Windows\System\eVYoPlx.exe
  2⤵
  PID:3812
- C:\Windows\System\LLifQPB.exe
  C:\Windows\System\LLifQPB.exe
  2⤵
  PID:3900
- C:\Windows\System\HMGgmnw.exe
  C:\Windows\System\HMGgmnw.exe
  2⤵
  PID:3132
- C:\Windows\System\KIqRGcc.exe
  C:\Windows\System\KIqRGcc.exe
  2⤵
  PID:3940
- C:\Windows\System\sgPtrJX.exe
  C:\Windows\System\sgPtrJX.exe
  2⤵
  PID:4056
- C:\Windows\System\BTMWLxR.exe
  C:\Windows\System\BTMWLxR.exe
  2⤵
  PID:3348
- C:\Windows\System\sRsGcjH.exe
  C:\Windows\System\sRsGcjH.exe
  2⤵
  PID:3196
- C:\Windows\System\bDYYCKq.exe
  C:\Windows\System\bDYYCKq.exe
  2⤵
  PID:2148
- C:\Windows\System\hTObDQm.exe
  C:\Windows\System\hTObDQm.exe
  2⤵
  PID:3112
- C:\Windows\System\MpZwUPH.exe
  C:\Windows\System\MpZwUPH.exe
  2⤵
  PID:4060
- C:\Windows\System\UXpwmmt.exe
  C:\Windows\System\UXpwmmt.exe
  2⤵
  PID:1708
- C:\Windows\System\YEqNbQA.exe
  C:\Windows\System\YEqNbQA.exe
  2⤵
  PID:1756
- C:\Windows\System\CnvWowq.exe
  C:\Windows\System\CnvWowq.exe
  2⤵
  PID:3392
- C:\Windows\System\NMNiqjA.exe
  C:\Windows\System\NMNiqjA.exe
  2⤵
  PID:3380
- C:\Windows\System\sBLGwJA.exe
  C:\Windows\System\sBLGwJA.exe
  2⤵
  PID:3548
- C:\Windows\System\tPUuQfi.exe
  C:\Windows\System\tPUuQfi.exe
  2⤵
  PID:3796
- C:\Windows\System\jiboXlP.exe
  C:\Windows\System\jiboXlP.exe
  2⤵
  PID:4164
- C:\Windows\System\VAnKKgn.exe
  C:\Windows\System\VAnKKgn.exe
  2⤵
  PID:4180
- C:\Windows\System\RrVbzET.exe
  C:\Windows\System\RrVbzET.exe
  2⤵
  PID:4204
- C:\Windows\System\ydOkyqu.exe
  C:\Windows\System\ydOkyqu.exe
  2⤵
  PID:4224
- C:\Windows\System\JaRVkrg.exe
  C:\Windows\System\JaRVkrg.exe
  2⤵
  PID:4244
- C:\Windows\System\oafmDUd.exe
  C:\Windows\System\oafmDUd.exe
  2⤵
  PID:4264
- C:\Windows\System\cdvcMuP.exe
  C:\Windows\System\cdvcMuP.exe
  2⤵
  PID:4288
- C:\Windows\System\cXNHqWK.exe
  C:\Windows\System\cXNHqWK.exe
  2⤵
  PID:4308
- C:\Windows\System\xDTsfTY.exe
  C:\Windows\System\xDTsfTY.exe
  2⤵
  PID:4328
- C:\Windows\System\dFcPgjF.exe
  C:\Windows\System\dFcPgjF.exe
  2⤵
  PID:4344
- C:\Windows\System\ZuMuxpf.exe
  C:\Windows\System\ZuMuxpf.exe
  2⤵
  PID:4368
- C:\Windows\System\QjbHRMT.exe
  C:\Windows\System\QjbHRMT.exe
  2⤵
  PID:4384
- C:\Windows\System\RanKDjC.exe
  C:\Windows\System\RanKDjC.exe
  2⤵
  PID:4400
- C:\Windows\System\xcGtQTa.exe
  C:\Windows\System\xcGtQTa.exe
  2⤵
  PID:4416
- C:\Windows\System\NrlURxi.exe
  C:\Windows\System\NrlURxi.exe
  2⤵
  PID:4440
- C:\Windows\System\wtPAejk.exe
  C:\Windows\System\wtPAejk.exe
  2⤵
  PID:4460
- C:\Windows\System\sGrAZup.exe
  C:\Windows\System\sGrAZup.exe
  2⤵
  PID:4484
- C:\Windows\System\PVWVdyT.exe
  C:\Windows\System\PVWVdyT.exe
  2⤵
  PID:4512
- C:\Windows\System\UtShSOj.exe
  C:\Windows\System\UtShSOj.exe
  2⤵
  PID:4528
- C:\Windows\System\WktEXOl.exe
  C:\Windows\System\WktEXOl.exe
  2⤵
  PID:4544
- C:\Windows\System\UpCfUiI.exe
  C:\Windows\System\UpCfUiI.exe
  2⤵
  PID:4560
- C:\Windows\System\PeqtPmQ.exe
  C:\Windows\System\PeqtPmQ.exe
  2⤵
  PID:4576
- C:\Windows\System\qFndIJL.exe
  C:\Windows\System\qFndIJL.exe
  2⤵
  PID:4592
- C:\Windows\System\NXHDNQV.exe
  C:\Windows\System\NXHDNQV.exe
  2⤵
  PID:4608
- C:\Windows\System\nVoDfpu.exe
  C:\Windows\System\nVoDfpu.exe
  2⤵
  PID:4624
- C:\Windows\System\YbFopAS.exe
  C:\Windows\System\YbFopAS.exe
  2⤵
  PID:4640
- C:\Windows\System\DxrGZqe.exe
  C:\Windows\System\DxrGZqe.exe
  2⤵
  PID:4676
- C:\Windows\System\sbmfKiz.exe
  C:\Windows\System\sbmfKiz.exe
  2⤵
  PID:4692
- C:\Windows\System\jQhihOR.exe
  C:\Windows\System\jQhihOR.exe
  2⤵
  PID:4712
- C:\Windows\System\RGtXncJ.exe
  C:\Windows\System\RGtXncJ.exe
  2⤵
  PID:4732
- C:\Windows\System\UriATfK.exe
  C:\Windows\System\UriATfK.exe
  2⤵
  PID:4760
- C:\Windows\System\LPzyNHt.exe
  C:\Windows\System\LPzyNHt.exe
  2⤵
  PID:4792
- C:\Windows\System\nGfFZea.exe
  C:\Windows\System\nGfFZea.exe
  2⤵
  PID:4808
- C:\Windows\System\wTLXjZc.exe
  C:\Windows\System\wTLXjZc.exe
  2⤵
  PID:4828
- C:\Windows\System\ycYWQWU.exe
  C:\Windows\System\ycYWQWU.exe
  2⤵
  PID:4852
- C:\Windows\System\igOnjqr.exe
  C:\Windows\System\igOnjqr.exe
  2⤵
  PID:4868
- C:\Windows\System\BNpibAB.exe
  C:\Windows\System\BNpibAB.exe
  2⤵
  PID:4888
- C:\Windows\System\JKZevfb.exe
  C:\Windows\System\JKZevfb.exe
  2⤵
  PID:4904
- C:\Windows\System\NejSDiP.exe
  C:\Windows\System\NejSDiP.exe
  2⤵
  PID:4928
- C:\Windows\System\WEAJKkM.exe
  C:\Windows\System\WEAJKkM.exe
  2⤵
  PID:4952
- C:\Windows\System\zPnUQWZ.exe
  C:\Windows\System\zPnUQWZ.exe
  2⤵
  PID:4972
- C:\Windows\System\uCsfovQ.exe
  C:\Windows\System\uCsfovQ.exe
  2⤵
  PID:4992
- C:\Windows\System\uFtsoiF.exe
  C:\Windows\System\uFtsoiF.exe
  2⤵
  PID:5008
- C:\Windows\System\ikiICAV.exe
  C:\Windows\System\ikiICAV.exe
  2⤵
  PID:5024
- C:\Windows\System\tDAQEcT.exe
  C:\Windows\System\tDAQEcT.exe
  2⤵
  PID:5044
- C:\Windows\System\qHXGflf.exe
  C:\Windows\System\qHXGflf.exe
  2⤵
  PID:5080
- C:\Windows\System\ttOQtMZ.exe
  C:\Windows\System\ttOQtMZ.exe
  2⤵
  PID:5096
- C:\Windows\System\aCOqxDi.exe
  C:\Windows\System\aCOqxDi.exe
  2⤵
  PID:5112
- C:\Windows\System\sntkRbx.exe
  C:\Windows\System\sntkRbx.exe
  2⤵
  PID:3816
- C:\Windows\System\TlJwxLK.exe
  C:\Windows\System\TlJwxLK.exe
  2⤵
  PID:3672
- C:\Windows\System\nzkZeSx.exe
  C:\Windows\System\nzkZeSx.exe
  2⤵
  PID:3688
- C:\Windows\System\KKjcLNs.exe
  C:\Windows\System\KKjcLNs.exe
  2⤵
  PID:3312
- C:\Windows\System\iobjJaq.exe
  C:\Windows\System\iobjJaq.exe
  2⤵
  PID:3948
- C:\Windows\System\ayqZXZD.exe
  C:\Windows\System\ayqZXZD.exe
  2⤵
  PID:3332
- C:\Windows\System\EPmVaBJ.exe
  C:\Windows\System\EPmVaBJ.exe
  2⤵
  PID:2436
- C:\Windows\System\HpPaLnL.exe
  C:\Windows\System\HpPaLnL.exe
  2⤵
  PID:3128
- C:\Windows\System\kpiANPk.exe
  C:\Windows\System\kpiANPk.exe
  2⤵
  PID:3088
- C:\Windows\System\JJpEPOH.exe
  C:\Windows\System\JJpEPOH.exe
  2⤵
  PID:3180
- C:\Windows\System\eOKPYut.exe
  C:\Windows\System\eOKPYut.exe
  2⤵
  PID:3504
- C:\Windows\System\yYuGfWh.exe
  C:\Windows\System\yYuGfWh.exe
  2⤵
  PID:3600
- C:\Windows\System\btpzwoJ.exe
  C:\Windows\System\btpzwoJ.exe
  2⤵
  PID:3756
- C:\Windows\System\LlKkruh.exe
  C:\Windows\System\LlKkruh.exe
  2⤵
  PID:3560
- C:\Windows\System\rxtuTlO.exe
  C:\Windows\System\rxtuTlO.exe
  2⤵
  PID:3884
- C:\Windows\System\XszELCI.exe
  C:\Windows\System\XszELCI.exe
  2⤵
  PID:1636
- C:\Windows\System\kdwJLCR.exe
  C:\Windows\System\kdwJLCR.exe
  2⤵
  PID:1064
- C:\Windows\System\gKFjold.exe
  C:\Windows\System\gKFjold.exe
  2⤵
  PID:4188
- C:\Windows\System\aHXbhEn.exe
  C:\Windows\System\aHXbhEn.exe
  2⤵
  PID:4232
- C:\Windows\System\DiYZRNo.exe
  C:\Windows\System\DiYZRNo.exe
  2⤵
  PID:4220
- C:\Windows\System\uoctgsE.exe
  C:\Windows\System\uoctgsE.exe
  2⤵
  PID:4176
- C:\Windows\System\aWzRyaQ.exe
  C:\Windows\System\aWzRyaQ.exe
  2⤵
  PID:4280
- C:\Windows\System\jPUbLCH.exe
  C:\Windows\System\jPUbLCH.exe
  2⤵
  PID:4352
- C:\Windows\System\nPnNHxt.exe
  C:\Windows\System\nPnNHxt.exe
  2⤵
  PID:4364
- C:\Windows\System\GnwfsRl.exe
  C:\Windows\System\GnwfsRl.exe
  2⤵
  PID:4304
- C:\Windows\System\XppxnJS.exe
  C:\Windows\System\XppxnJS.exe
  2⤵
  PID:4424
- C:\Windows\System\iJUnkFI.exe
  C:\Windows\System\iJUnkFI.exe
  2⤵
  PID:4468
- C:\Windows\System\LKARdKw.exe
  C:\Windows\System\LKARdKw.exe
  2⤵
  PID:4520
- C:\Windows\System\GgNOhXw.exe
  C:\Windows\System\GgNOhXw.exe
  2⤵
  PID:4584
- C:\Windows\System\DJfCvKe.exe
  C:\Windows\System\DJfCvKe.exe
  2⤵
  PID:4652
- C:\Windows\System\CChSchg.exe
  C:\Windows\System\CChSchg.exe
  2⤵
  PID:4536
- C:\Windows\System\xUBwjbv.exe
  C:\Windows\System\xUBwjbv.exe
  2⤵
  PID:4848
- C:\Windows\System\OMroyqX.exe
  C:\Windows\System\OMroyqX.exe
  2⤵
  PID:4568
- C:\Windows\System\uGwAqCg.exe
  C:\Windows\System\uGwAqCg.exe
  2⤵
  PID:4604
- C:\Windows\System\HKmORYk.exe
  C:\Windows\System\HKmORYk.exe
  2⤵
  PID:4880
- C:\Windows\System\ByCkIup.exe
  C:\Windows\System\ByCkIup.exe
  2⤵
  PID:4920
- C:\Windows\System\iRWXnFp.exe
  C:\Windows\System\iRWXnFp.exe
  2⤵
  PID:5000
- C:\Windows\System\kZZaHLY.exe
  C:\Windows\System\kZZaHLY.exe
  2⤵
  PID:5036
- C:\Windows\System\xyhZCEq.exe
  C:\Windows\System\xyhZCEq.exe
  2⤵
  PID:4776
- C:\Windows\System\nPRohbu.exe
  C:\Windows\System\nPRohbu.exe
  2⤵
  PID:4820
- C:\Windows\System\dmEJtQw.exe
  C:\Windows\System\dmEJtQw.exe
  2⤵
  PID:5052
- C:\Windows\System\hwffqda.exe
  C:\Windows\System\hwffqda.exe
  2⤵
  PID:4784
- C:\Windows\System\hkZrAKc.exe
  C:\Windows\System\hkZrAKc.exe
  2⤵
  PID:4944
- C:\Windows\System\TozCoij.exe
  C:\Windows\System\TozCoij.exe
  2⤵
  PID:4980
- C:\Windows\System\WkUbzdY.exe
  C:\Windows\System\WkUbzdY.exe
  2⤵
  PID:3356
- C:\Windows\System\xVFezxV.exe
  C:\Windows\System\xVFezxV.exe
  2⤵
  PID:3108
- C:\Windows\System\wLSvYNr.exe
  C:\Windows\System\wLSvYNr.exe
  2⤵
  PID:4020
- C:\Windows\System\RDaaesv.exe
  C:\Windows\System\RDaaesv.exe
  2⤵
  PID:3488
- C:\Windows\System\VemGMIL.exe
  C:\Windows\System\VemGMIL.exe
  2⤵
  PID:3452
- C:\Windows\System\OYBNtBv.exe
  C:\Windows\System\OYBNtBv.exe
  2⤵
  PID:4116
- C:\Windows\System\NRMntBY.exe
  C:\Windows\System\NRMntBY.exe
  2⤵
  PID:4128
- C:\Windows\System\hDolDZe.exe
  C:\Windows\System\hDolDZe.exe
  2⤵
  PID:4148
- C:\Windows\System\uQEYwqj.exe
  C:\Windows\System\uQEYwqj.exe
  2⤵
  PID:2184
- C:\Windows\System\rShLrmn.exe
  C:\Windows\System\rShLrmn.exe
  2⤵
  PID:4336
- C:\Windows\System\irfajpz.exe
  C:\Windows\System\irfajpz.exe
  2⤵
  PID:4452
- C:\Windows\System\KpAAymT.exe
  C:\Windows\System\KpAAymT.exe
  2⤵
  PID:3996
- C:\Windows\System\mnQcRoe.exe
  C:\Windows\System\mnQcRoe.exe
  2⤵
  PID:4160
- C:\Windows\System\RyzBRTo.exe
  C:\Windows\System\RyzBRTo.exe
  2⤵
  PID:4476
- C:\Windows\System\gXVoZSV.exe
  C:\Windows\System\gXVoZSV.exe
  2⤵
  PID:4340
- C:\Windows\System\fJpmsdZ.exe
  C:\Windows\System\fJpmsdZ.exe
  2⤵
  PID:3980
- C:\Windows\System\EfItVnd.exe
  C:\Windows\System\EfItVnd.exe
  2⤵
  PID:1380
- C:\Windows\System\yqHIOXT.exe
  C:\Windows\System\yqHIOXT.exe
  2⤵
  PID:924
- C:\Windows\System\TRLqGyC.exe
  C:\Windows\System\TRLqGyC.exe
  2⤵
  PID:2820
- C:\Windows\System\LeNoHDf.exe
  C:\Windows\System\LeNoHDf.exe
  2⤵
  PID:1996
- C:\Windows\System\HySfEJa.exe
  C:\Windows\System\HySfEJa.exe
  2⤵
  PID:1824
- C:\Windows\System\NkLEuTw.exe
  C:\Windows\System\NkLEuTw.exe
  2⤵
  PID:2676
- C:\Windows\System\cGiLbrW.exe
  C:\Windows\System\cGiLbrW.exe
  2⤵
  PID:2176
- C:\Windows\System\kuQBDxF.exe
  C:\Windows\System\kuQBDxF.exe
  2⤵
  PID:4708
- C:\Windows\System\IvohWeE.exe
  C:\Windows\System\IvohWeE.exe
  2⤵
  PID:2996
- C:\Windows\System\zleZsLh.exe
  C:\Windows\System\zleZsLh.exe
  2⤵
  PID:2376
- C:\Windows\System\GiDOckh.exe
  C:\Windows\System\GiDOckh.exe
  2⤵
  PID:4740
- C:\Windows\System\wyckKld.exe
  C:\Windows\System\wyckKld.exe
  2⤵
  PID:4508
- C:\Windows\System\yBuvfGD.exe
  C:\Windows\System\yBuvfGD.exe
  2⤵
  PID:2356
- C:\Windows\System\EDMuVAt.exe
  C:\Windows\System\EDMuVAt.exe
  2⤵
  PID:2772
- C:\Windows\System\QOAXMft.exe
  C:\Windows\System\QOAXMft.exe
  2⤵
  PID:4728
- C:\Windows\System\umwUDUT.exe
  C:\Windows\System\umwUDUT.exe
  2⤵
  PID:4800
- C:\Windows\System\NmXddRo.exe
  C:\Windows\System\NmXddRo.exe
  2⤵
  PID:4964
- C:\Windows\System\dSlTLSV.exe
  C:\Windows\System\dSlTLSV.exe
  2⤵
  PID:4860
- C:\Windows\System\hOlpGRB.exe
  C:\Windows\System\hOlpGRB.exe
  2⤵
  PID:5088
- C:\Windows\System\RwXqpAs.exe
  C:\Windows\System\RwXqpAs.exe
  2⤵
  PID:4684
- C:\Windows\System\budQISQ.exe
  C:\Windows\System\budQISQ.exe
  2⤵
  PID:1008
- C:\Windows\System\hmKmeaR.exe
  C:\Windows\System\hmKmeaR.exe
  2⤵
  PID:4556
- C:\Windows\System\LKFIlJb.exe
  C:\Windows\System\LKFIlJb.exe
  2⤵
  PID:3908
- C:\Windows\System\lkhIZcM.exe
  C:\Windows\System\lkhIZcM.exe
  2⤵
  PID:3616
- C:\Windows\System\rTxuSTU.exe
  C:\Windows\System\rTxuSTU.exe
  2⤵
  PID:4616
- C:\Windows\System\AikRPuN.exe
  C:\Windows\System\AikRPuN.exe
  2⤵
  PID:1644
- C:\Windows\System\jfAAGtA.exe
  C:\Windows\System\jfAAGtA.exe
  2⤵
  PID:4632
- C:\Windows\System\BKZQOui.exe
  C:\Windows\System\BKZQOui.exe
  2⤵
  PID:4948
- C:\Windows\System\AKZjWXL.exe
  C:\Windows\System\AKZjWXL.exe
  2⤵
  PID:4752
- C:\Windows\System\MiWeqAQ.exe
  C:\Windows\System\MiWeqAQ.exe
  2⤵
  PID:1560
- C:\Windows\System\bDRtKpZ.exe
  C:\Windows\System\bDRtKpZ.exe
  2⤵
  PID:4648
- C:\Windows\System\Fwxjpgz.exe
  C:\Windows\System\Fwxjpgz.exe
  2⤵
  PID:1616
- C:\Windows\System\QGQYglF.exe
  C:\Windows\System\QGQYglF.exe
  2⤵
  PID:4072
- C:\Windows\System\NaaURbt.exe
  C:\Windows\System\NaaURbt.exe
  2⤵
  PID:1508
- C:\Windows\System\lODYTVj.exe
  C:\Windows\System\lODYTVj.exe
  2⤵
  PID:5032
- C:\Windows\System\ivxoOPh.exe
  C:\Windows\System\ivxoOPh.exe
  2⤵
  PID:4140
- C:\Windows\System\aBReSKO.exe
  C:\Windows\System\aBReSKO.exe
  2⤵
  PID:4276
- C:\Windows\System\UEmxzlC.exe
  C:\Windows\System\UEmxzlC.exe
  2⤵
  PID:3432
- C:\Windows\System\SvDxtkc.exe
  C:\Windows\System\SvDxtkc.exe
  2⤵
  PID:4480
- C:\Windows\System\OgSbxxy.exe
  C:\Windows\System\OgSbxxy.exe
  2⤵
  PID:4324
- C:\Windows\System\swMIldg.exe
  C:\Windows\System\swMIldg.exe
  2⤵
  PID:2668
- C:\Windows\System\NLZAOuP.exe
  C:\Windows\System\NLZAOuP.exe
  2⤵
  PID:2948
- C:\Windows\System\eopgwKH.exe
  C:\Windows\System\eopgwKH.exe
  2⤵
  PID:1028
- C:\Windows\System\ROQnqFv.exe
  C:\Windows\System\ROQnqFv.exe
  2⤵
  PID:4940
- C:\Windows\System\eRXpneT.exe
  C:\Windows\System\eRXpneT.exe
  2⤵
  PID:4448
- C:\Windows\System\xTTAiRe.exe
  C:\Windows\System\xTTAiRe.exe
  2⤵
  PID:4156
- C:\Windows\System\rDvyFUw.exe
  C:\Windows\System\rDvyFUw.exe
  2⤵
  PID:4756
- C:\Windows\System\FbHEKif.exe
  C:\Windows\System\FbHEKif.exe
  2⤵
  PID:1160
- C:\Windows\System\moRSEFW.exe
  C:\Windows\System\moRSEFW.exe
  2⤵
  PID:4272
- C:\Windows\System\dEqhukF.exe
  C:\Windows\System\dEqhukF.exe
  2⤵
  PID:4172
- C:\Windows\System\PFkyBHM.exe
  C:\Windows\System\PFkyBHM.exe
  2⤵
  PID:2672
- C:\Windows\System\PvjzxGt.exe
  C:\Windows\System\PvjzxGt.exe
  2⤵
  PID:4504
- C:\Windows\System\xIclqus.exe
  C:\Windows\System\xIclqus.exe
  2⤵
  PID:5128
- C:\Windows\System\iHxaruH.exe
  C:\Windows\System\iHxaruH.exe
  2⤵
  PID:5144
- C:\Windows\System\gFWsYpP.exe
  C:\Windows\System\gFWsYpP.exe
  2⤵
  PID:5160
- C:\Windows\System\zFBBvHb.exe
  C:\Windows\System\zFBBvHb.exe
  2⤵
  PID:5176
- C:\Windows\System\XyBjXps.exe
  C:\Windows\System\XyBjXps.exe
  2⤵
  PID:5192
- C:\Windows\System\JiCNdKj.exe
  C:\Windows\System\JiCNdKj.exe
  2⤵
  PID:5208
- C:\Windows\System\CqjFiJR.exe
  C:\Windows\System\CqjFiJR.exe
  2⤵
  PID:5224
- C:\Windows\System\DiNDUmE.exe
  C:\Windows\System\DiNDUmE.exe
  2⤵
  PID:5240
- C:\Windows\System\vgzSqKt.exe
  C:\Windows\System\vgzSqKt.exe
  2⤵
  PID:5256
- C:\Windows\System\zotQNjM.exe
  C:\Windows\System\zotQNjM.exe
  2⤵
  PID:5272
- C:\Windows\System\dtnkbbz.exe
  C:\Windows\System\dtnkbbz.exe
  2⤵
  PID:5288
- C:\Windows\System\iXfHzUO.exe
  C:\Windows\System\iXfHzUO.exe
  2⤵
  PID:5304
- C:\Windows\System\IqJyUsF.exe
  C:\Windows\System\IqJyUsF.exe
  2⤵
  PID:5320
- C:\Windows\System\CdknHSB.exe
  C:\Windows\System\CdknHSB.exe
  2⤵
  PID:5336
- C:\Windows\System\LqEDLcP.exe
  C:\Windows\System\LqEDLcP.exe
  2⤵
  PID:5352
- C:\Windows\System\IcVHjkm.exe
  C:\Windows\System\IcVHjkm.exe
  2⤵
  PID:5368
- C:\Windows\System\cYOZSfc.exe
  C:\Windows\System\cYOZSfc.exe
  2⤵
  PID:5384
- C:\Windows\System\CRZWvif.exe
  C:\Windows\System\CRZWvif.exe
  2⤵
  PID:5400
- C:\Windows\System\pBSeHOW.exe
  C:\Windows\System\pBSeHOW.exe
  2⤵
  PID:5416
- C:\Windows\System\YYvNooe.exe
  C:\Windows\System\YYvNooe.exe
  2⤵
  PID:5432
- C:\Windows\System\WbeIFaZ.exe
  C:\Windows\System\WbeIFaZ.exe
  2⤵
  PID:5448
- C:\Windows\System\tADxgbi.exe
  C:\Windows\System\tADxgbi.exe
  2⤵
  PID:5464
- C:\Windows\System\yTQvTCH.exe
  C:\Windows\System\yTQvTCH.exe
  2⤵
  PID:5480
- C:\Windows\System\UrJSLlx.exe
  C:\Windows\System\UrJSLlx.exe
  2⤵
  PID:5496
- C:\Windows\System\WfkJlZG.exe
  C:\Windows\System\WfkJlZG.exe
  2⤵
  PID:5512
- C:\Windows\System\FjGewyI.exe
  C:\Windows\System\FjGewyI.exe
  2⤵
  PID:5528
- C:\Windows\System\egjjKKH.exe
  C:\Windows\System\egjjKKH.exe
  2⤵
  PID:5544
- C:\Windows\System\gqqmcWC.exe
  C:\Windows\System\gqqmcWC.exe
  2⤵
  PID:5560
- C:\Windows\System\WAbIoBJ.exe
  C:\Windows\System\WAbIoBJ.exe
  2⤵
  PID:5576
- C:\Windows\System\TOdzwPd.exe
  C:\Windows\System\TOdzwPd.exe
  2⤵
  PID:5592
- C:\Windows\System\IAaKdJp.exe
  C:\Windows\System\IAaKdJp.exe
  2⤵
  PID:5628
- C:\Windows\System\zkpdFbr.exe
  C:\Windows\System\zkpdFbr.exe
  2⤵
  PID:5644
- C:\Windows\System\owNjYOI.exe
  C:\Windows\System\owNjYOI.exe
  2⤵
  PID:5660
- C:\Windows\System\sXCJsOx.exe
  C:\Windows\System\sXCJsOx.exe
  2⤵
  PID:5680
- C:\Windows\System\YwVGYsp.exe
  C:\Windows\System\YwVGYsp.exe
  2⤵
  PID:5696
- C:\Windows\System\KseRBHW.exe
  C:\Windows\System\KseRBHW.exe
  2⤵
  PID:5712
- C:\Windows\System\YpmnDjf.exe
  C:\Windows\System\YpmnDjf.exe
  2⤵
  PID:5728
- C:\Windows\System\jOupeza.exe
  C:\Windows\System\jOupeza.exe
  2⤵
  PID:5744
- C:\Windows\System\OkXUGYL.exe
  C:\Windows\System\OkXUGYL.exe
  2⤵
  PID:5760
- C:\Windows\System\AZxQggv.exe
  C:\Windows\System\AZxQggv.exe
  2⤵
  PID:5776
- C:\Windows\System\oGszvYf.exe
  C:\Windows\System\oGszvYf.exe
  2⤵
  PID:5800
- C:\Windows\System\qRWhMhv.exe
  C:\Windows\System\qRWhMhv.exe
  2⤵
  PID:5816
- C:\Windows\System\MFrgGcW.exe
  C:\Windows\System\MFrgGcW.exe
  2⤵
  PID:5832
- C:\Windows\System\hbsPNCm.exe
  C:\Windows\System\hbsPNCm.exe
  2⤵
  PID:5848
- C:\Windows\System\hXARKZB.exe
  C:\Windows\System\hXARKZB.exe
  2⤵
  PID:5864
- C:\Windows\System\zKuritP.exe
  C:\Windows\System\zKuritP.exe
  2⤵
  PID:5888
- C:\Windows\System\SgxoGlP.exe
  C:\Windows\System\SgxoGlP.exe
  2⤵
  PID:5904
- C:\Windows\System\PCBxXGq.exe
  C:\Windows\System\PCBxXGq.exe
  2⤵
  PID:5920
- C:\Windows\System\FrCrbCf.exe
  C:\Windows\System\FrCrbCf.exe
  2⤵
  PID:5956
- C:\Windows\System\XcPpQEC.exe
  C:\Windows\System\XcPpQEC.exe
  2⤵
  PID:5992
- C:\Windows\System\VHGIMlj.exe
  C:\Windows\System\VHGIMlj.exe
  2⤵
  PID:6008
- C:\Windows\System\aRpMuFt.exe
  C:\Windows\System\aRpMuFt.exe
  2⤵
  PID:6024
- C:\Windows\System\OrPNhee.exe
  C:\Windows\System\OrPNhee.exe
  2⤵
  PID:6040
- C:\Windows\System\CazXGDO.exe
  C:\Windows\System\CazXGDO.exe
  2⤵
  PID:6056
- C:\Windows\System\FQxibcR.exe
  C:\Windows\System\FQxibcR.exe
  2⤵
  PID:6072
- C:\Windows\System\oJbCCfH.exe
  C:\Windows\System\oJbCCfH.exe
  2⤵
  PID:6088
- C:\Windows\System\ZGBxqJA.exe
  C:\Windows\System\ZGBxqJA.exe
  2⤵
  PID:6104
- C:\Windows\System\nDfQjAU.exe
  C:\Windows\System\nDfQjAU.exe
  2⤵
  PID:6120
- C:\Windows\System\BWHYFcU.exe
  C:\Windows\System\BWHYFcU.exe
  2⤵
  PID:6136
- C:\Windows\System\AXuhIdt.exe
  C:\Windows\System\AXuhIdt.exe
  2⤵
  PID:4636
- C:\Windows\System\RHoVuYf.exe
  C:\Windows\System\RHoVuYf.exe
  2⤵
  PID:5572
- C:\Windows\System\VGYtKsc.exe
  C:\Windows\System\VGYtKsc.exe
  2⤵
  PID:4984
- C:\Windows\System\AEqyyFT.exe
  C:\Windows\System\AEqyyFT.exe
  2⤵
  PID:1988
- C:\Windows\System\urlEJWq.exe
  C:\Windows\System\urlEJWq.exe
  2⤵
  PID:5040
- C:\Windows\System\fjCuBov.exe
  C:\Windows\System\fjCuBov.exe
  2⤵
  PID:2812
- C:\Windows\System\sPZWVaQ.exe
  C:\Windows\System\sPZWVaQ.exe
  2⤵
  PID:2468
- C:\Windows\System\XKouRrV.exe
  C:\Windows\System\XKouRrV.exe
  2⤵
  PID:3656
- C:\Windows\System\PklcHCg.exe
  C:\Windows\System\PklcHCg.exe
  2⤵
  PID:4572
- C:\Windows\System\xEfqVys.exe
  C:\Windows\System\xEfqVys.exe
  2⤵
  PID:2864
- C:\Windows\System\AxpQxcJ.exe
  C:\Windows\System\AxpQxcJ.exe
  2⤵
  PID:4864
- C:\Windows\System\IeaWqXo.exe
  C:\Windows\System\IeaWqXo.exe
  2⤵
  PID:3524
- C:\Windows\System\bDAHlLF.exe
  C:\Windows\System\bDAHlLF.exe
  2⤵
  PID:5168
- C:\Windows\System\bfKGAzF.exe
  C:\Windows\System\bfKGAzF.exe
  2⤵
  PID:5232
- C:\Windows\System\aMrLmPW.exe
  C:\Windows\System\aMrLmPW.exe
  2⤵
  PID:5296
- C:\Windows\System\uCKlkvZ.exe
  C:\Windows\System\uCKlkvZ.exe
  2⤵
  PID:5360
- C:\Windows\System\rrYaJww.exe
  C:\Windows\System\rrYaJww.exe
  2⤵
  PID:5424
- C:\Windows\System\jdbZUPx.exe
  C:\Windows\System\jdbZUPx.exe
  2⤵
  PID:5488
- C:\Windows\System\qXDeufn.exe
  C:\Windows\System\qXDeufn.exe
  2⤵
  PID:5552
- C:\Windows\System\hBnHRNq.exe
  C:\Windows\System\hBnHRNq.exe
  2⤵
  PID:2828
- C:\Windows\System\WXWyOQR.exe
  C:\Windows\System\WXWyOQR.exe
  2⤵
  PID:2956
- C:\Windows\System\wmBNNlP.exe
  C:\Windows\System\wmBNNlP.exe
  2⤵
  PID:5636
- C:\Windows\System\wgxrUBf.exe
  C:\Windows\System\wgxrUBf.exe
  2⤵
  PID:5676
- C:\Windows\System\iLzlEmF.exe
  C:\Windows\System\iLzlEmF.exe
  2⤵
  PID:5624
- C:\Windows\System\ivePerN.exe
  C:\Windows\System\ivePerN.exe
  2⤵
  PID:264
- C:\Windows\System\kdBveVx.exe
  C:\Windows\System\kdBveVx.exe
  2⤵
  PID:5752
- C:\Windows\System\yOJqZNH.exe
  C:\Windows\System\yOJqZNH.exe
  2⤵
  PID:5772
- C:\Windows\System\kCDuNcR.exe
  C:\Windows\System\kCDuNcR.exe
  2⤵
  PID:5740
- C:\Windows\System\FMHRJjg.exe
  C:\Windows\System\FMHRJjg.exe
  2⤵
  PID:5796
- C:\Windows\System\YSixgDj.exe
  C:\Windows\System\YSixgDj.exe
  2⤵
  PID:5808
- C:\Windows\System\wEvRrEA.exe
  C:\Windows\System\wEvRrEA.exe
  2⤵
  PID:5840
- C:\Windows\System\YnDUuDR.exe
  C:\Windows\System\YnDUuDR.exe
  2⤵
  PID:5884
- C:\Windows\System\FbLuwIj.exe
  C:\Windows\System\FbLuwIj.exe
  2⤵
  PID:5916
- C:\Windows\System\IxIPqaW.exe
  C:\Windows\System\IxIPqaW.exe
  2⤵
  PID:5932
- C:\Windows\System\RKtLAzr.exe
  C:\Windows\System\RKtLAzr.exe
  2⤵
  PID:5948
- C:\Windows\System\msNGlhO.exe
  C:\Windows\System\msNGlhO.exe
  2⤵
  PID:5972
- C:\Windows\System\uPnsDAG.exe
  C:\Windows\System\uPnsDAG.exe
  2⤵
  PID:5988
- C:\Windows\System\XVQYRBG.exe
  C:\Windows\System\XVQYRBG.exe
  2⤵
  PID:6048
- C:\Windows\System\diZpKRi.exe
  C:\Windows\System\diZpKRi.exe
  2⤵
  PID:6032
- C:\Windows\System\VSWAoBH.exe
  C:\Windows\System\VSWAoBH.exe
  2⤵
  PID:6084
- C:\Windows\System\RGZpJRQ.exe
  C:\Windows\System\RGZpJRQ.exe
  2⤵
  PID:6096
- C:\Windows\System\xSdIdJl.exe
  C:\Windows\System\xSdIdJl.exe
  2⤵
  PID:3024
- C:\Windows\System\hddCXCa.exe
  C:\Windows\System\hddCXCa.exe
  2⤵
  PID:5252
- C:\Windows\System\njGLVXS.exe
  C:\Windows\System\njGLVXS.exe
  2⤵
  PID:5124
- C:\Windows\System\GEiobdA.exe
  C:\Windows\System\GEiobdA.exe
  2⤵
  PID:5188
- C:\Windows\System\PQqNINT.exe
  C:\Windows\System\PQqNINT.exe
  2⤵
  PID:5220
- C:\Windows\System\zWETbjM.exe
  C:\Windows\System\zWETbjM.exe
  2⤵
  PID:5312
- C:\Windows\System\yennPcV.exe
  C:\Windows\System\yennPcV.exe
  2⤵
  PID:5376
- C:\Windows\System\rDjqWbz.exe
  C:\Windows\System\rDjqWbz.exe
  2⤵
  PID:5440
- C:\Windows\System\DUxciaV.exe
  C:\Windows\System\DUxciaV.exe
  2⤵
  PID:3212
- C:\Windows\System\pmvPwlw.exe
  C:\Windows\System\pmvPwlw.exe
  2⤵
  PID:1932
- C:\Windows\System\ZcurKMN.exe
  C:\Windows\System\ZcurKMN.exe
  2⤵
  PID:2016
- C:\Windows\System\wsTrjai.exe
  C:\Windows\System\wsTrjai.exe
  2⤵
  PID:5536
- C:\Windows\System\xKrPoRl.exe
  C:\Windows\System\xKrPoRl.exe
  2⤵
  PID:4200
- C:\Windows\System\tWzPGvX.exe
  C:\Windows\System\tWzPGvX.exe
  2⤵
  PID:5568
- C:\Windows\System\UrdrNUK.exe
  C:\Windows\System\UrdrNUK.exe
  2⤵
  PID:2788
- C:\Windows\System\DvbsPsw.exe
  C:\Windows\System\DvbsPsw.exe
  2⤵
  PID:1432
- C:\Windows\System\URHPbiY.exe
  C:\Windows\System\URHPbiY.exe
  2⤵
  PID:4748
- C:\Windows\System\AMhuZVo.exe
  C:\Windows\System\AMhuZVo.exe
  2⤵
  PID:4772
- C:\Windows\System\XlgyCSL.exe
  C:\Windows\System\XlgyCSL.exe
  2⤵
  PID:3624
- C:\Windows\System\SvMpMIZ.exe
  C:\Windows\System\SvMpMIZ.exe
  2⤵
  PID:5264
- C:\Windows\System\iUGmgDd.exe
  C:\Windows\System\iUGmgDd.exe
  2⤵
  PID:5268
- C:\Windows\System\MFRSEQO.exe
  C:\Windows\System\MFRSEQO.exe
  2⤵
  PID:5332
- C:\Windows\System\wgTQuiH.exe
  C:\Windows\System\wgTQuiH.exe
  2⤵
  PID:5460
- C:\Windows\System\KRwgPBE.exe
  C:\Windows\System\KRwgPBE.exe
  2⤵
  PID:5668
- C:\Windows\System\xBjYLDX.exe
  C:\Windows\System\xBjYLDX.exe
  2⤵
  PID:5656
- C:\Windows\System\KIoCRnG.exe
  C:\Windows\System\KIoCRnG.exe
  2⤵
  PID:5768
- C:\Windows\System\bRSGAKq.exe
  C:\Windows\System\bRSGAKq.exe
  2⤵
  PID:5856
- C:\Windows\System\UeoaIMK.exe
  C:\Windows\System\UeoaIMK.exe
  2⤵
  PID:5940
- C:\Windows\System\PQazsRj.exe
  C:\Windows\System\PQazsRj.exe
  2⤵
  PID:5980
- C:\Windows\System\YBIIkBi.exe
  C:\Windows\System\YBIIkBi.exe
  2⤵
  PID:5720
- C:\Windows\System\iaklEuX.exe
  C:\Windows\System\iaklEuX.exe
  2⤵
  PID:5736
- C:\Windows\System\xUIFfwv.exe
  C:\Windows\System\xUIFfwv.exe
  2⤵
  PID:5964
- C:\Windows\System\CVDKEFk.exe
  C:\Windows\System\CVDKEFk.exe
  2⤵
  PID:6052
- C:\Windows\System\akRAfcG.exe
  C:\Windows\System\akRAfcG.exe
  2⤵
  PID:5880
- C:\Windows\System\zwbOhuw.exe
  C:\Windows\System\zwbOhuw.exe
  2⤵
  PID:3368
- C:\Windows\System\AzDcfuI.exe
  C:\Windows\System\AzDcfuI.exe
  2⤵
  PID:2568
- C:\Windows\System\FLQyZIx.exe
  C:\Windows\System\FLQyZIx.exe
  2⤵
  PID:5412
- C:\Windows\System\Qxzgoyx.exe
  C:\Windows\System\Qxzgoyx.exe
  2⤵
  PID:4408
- C:\Windows\System\XIyOXEq.exe
  C:\Windows\System\XIyOXEq.exe
  2⤵
  PID:5344
- C:\Windows\System\mIQgPnz.exe
  C:\Windows\System\mIQgPnz.exe
  2⤵
  PID:1600
- C:\Windows\System\DIbnszk.exe
  C:\Windows\System\DIbnszk.exe
  2⤵
  PID:2368
- C:\Windows\System\jgDiPqv.exe
  C:\Windows\System\jgDiPqv.exe
  2⤵
  PID:1668
- C:\Windows\System\GtCBuSy.exe
  C:\Windows\System\GtCBuSy.exe
  2⤵
  PID:4036
- C:\Windows\System\LZgKeZb.exe
  C:\Windows\System\LZgKeZb.exe
  2⤵
  PID:768
- C:\Windows\System\GLwooGg.exe
  C:\Windows\System\GLwooGg.exe
  2⤵
  PID:5520
- C:\Windows\System\dUxTlDM.exe
  C:\Windows\System\dUxTlDM.exe
  2⤵
  PID:5200
- C:\Windows\System\HdkJgMv.exe
  C:\Windows\System\HdkJgMv.exe
  2⤵
  PID:5708
- C:\Windows\System\vMMxDeF.exe
  C:\Windows\System\vMMxDeF.exe
  2⤵
  PID:5608
- C:\Windows\System\HcyQBFo.exe
  C:\Windows\System\HcyQBFo.exe
  2⤵
  PID:6128
- C:\Windows\System\ggUIVQO.exe
  C:\Windows\System\ggUIVQO.exe
  2⤵
  PID:5204
- C:\Windows\System\hSizwRM.exe
  C:\Windows\System\hSizwRM.exe
  2⤵
  PID:2152
- C:\Windows\System\NQrdCqf.exe
  C:\Windows\System\NQrdCqf.exe
  2⤵
  PID:5184
- C:\Windows\System\ATXsqlq.exe
  C:\Windows\System\ATXsqlq.exe
  2⤵
  PID:2584
- C:\Windows\System\ZLjvSpB.exe
  C:\Windows\System\ZLjvSpB.exe
  2⤵
  PID:5508
- C:\Windows\System\jhQKkVd.exe
  C:\Windows\System\jhQKkVd.exe
  2⤵
  PID:6132
- C:\Windows\System\rebcMtw.exe
  C:\Windows\System\rebcMtw.exe
  2⤵
  PID:3168
- C:\Windows\System\VJtLRse.exe
  C:\Windows\System\VJtLRse.exe
  2⤵
  PID:4492
- C:\Windows\System\PynMuYc.exe
  C:\Windows\System\PynMuYc.exe
  2⤵
  PID:1808
- C:\Windows\System\emTtogA.exe
  C:\Windows\System\emTtogA.exe
  2⤵
  PID:6068
- C:\Windows\System\YiCpPyP.exe
  C:\Windows\System\YiCpPyP.exe
  2⤵
  PID:6000
- C:\Windows\System\wHSjeEI.exe
  C:\Windows\System\wHSjeEI.exe
  2⤵
  PID:2408
- C:\Windows\System\FvIVRBJ.exe
  C:\Windows\System\FvIVRBJ.exe
  2⤵
  PID:5828
- C:\Windows\System\uIBfeLE.exe
  C:\Windows\System\uIBfeLE.exe
  2⤵
  PID:6064
- C:\Windows\System\aFIwGKn.exe
  C:\Windows\System\aFIwGKn.exe
  2⤵
  PID:5064
- C:\Windows\System\bolHqBN.exe
  C:\Windows\System\bolHqBN.exe
  2⤵
  PID:2732
- C:\Windows\System\MQpcSCh.exe
  C:\Windows\System\MQpcSCh.exe
  2⤵
  PID:5672
- C:\Windows\System\akTQJhn.exe
  C:\Windows\System\akTQJhn.exe
  2⤵
  PID:2976
- C:\Windows\System\dSvhliL.exe
  C:\Windows\System\dSvhliL.exe
  2⤵
  PID:5600
- C:\Windows\System\wvsBeGE.exe
  C:\Windows\System\wvsBeGE.exe
  2⤵
  PID:6152
- C:\Windows\System\WcuDvop.exe
  C:\Windows\System\WcuDvop.exe
  2⤵
  PID:6168
- C:\Windows\System\LrjXHKH.exe
  C:\Windows\System\LrjXHKH.exe
  2⤵
  PID:6184
- C:\Windows\System\DeYHScQ.exe
  C:\Windows\System\DeYHScQ.exe
  2⤵
  PID:6200
- C:\Windows\System\wUrToRH.exe
  C:\Windows\System\wUrToRH.exe
  2⤵
  PID:6216
- C:\Windows\System\DRVjkeY.exe
  C:\Windows\System\DRVjkeY.exe
  2⤵
  PID:6236
- C:\Windows\System\LtqgJTz.exe
  C:\Windows\System\LtqgJTz.exe
  2⤵
  PID:6256
- C:\Windows\System\KeZlsAG.exe
  C:\Windows\System\KeZlsAG.exe
  2⤵
  PID:6272
- C:\Windows\System\UMjBdYU.exe
  C:\Windows\System\UMjBdYU.exe
  2⤵
  PID:6288
- C:\Windows\System\VRKcLZd.exe
  C:\Windows\System\VRKcLZd.exe
  2⤵
  PID:6304
- C:\Windows\System\DLJHAdb.exe
  C:\Windows\System\DLJHAdb.exe
  2⤵
  PID:6324
- C:\Windows\System\HnUqEmh.exe
  C:\Windows\System\HnUqEmh.exe
  2⤵
  PID:6340
- C:\Windows\System\PUsRTzp.exe
  C:\Windows\System\PUsRTzp.exe
  2⤵
  PID:6356
- C:\Windows\System\RGdGexJ.exe
  C:\Windows\System\RGdGexJ.exe
  2⤵
  PID:6372
- C:\Windows\System\qcvtsjr.exe
  C:\Windows\System\qcvtsjr.exe
  2⤵
  PID:6388
- C:\Windows\System\NmPlIOD.exe
  C:\Windows\System\NmPlIOD.exe
  2⤵
  PID:6404
- C:\Windows\System\WYrejoQ.exe
  C:\Windows\System\WYrejoQ.exe
  2⤵
  PID:6420
- C:\Windows\System\uNrXyni.exe
  C:\Windows\System\uNrXyni.exe
  2⤵
  PID:6436
- C:\Windows\System\eaRwxRa.exe
  C:\Windows\System\eaRwxRa.exe
  2⤵
  PID:6452
- C:\Windows\System\hBqmhbI.exe
  C:\Windows\System\hBqmhbI.exe
  2⤵
  PID:6468
- C:\Windows\System\VoPtpZq.exe
  C:\Windows\System\VoPtpZq.exe
  2⤵
  PID:6484
- C:\Windows\System\KtovqOX.exe
  C:\Windows\System\KtovqOX.exe
  2⤵
  PID:6500
- C:\Windows\System\cbOsVvv.exe
  C:\Windows\System\cbOsVvv.exe
  2⤵
  PID:6516
- C:\Windows\System\XFEsmXN.exe
  C:\Windows\System\XFEsmXN.exe
  2⤵
  PID:6532
- C:\Windows\System\tXCpjWE.exe
  C:\Windows\System\tXCpjWE.exe
  2⤵
  PID:6548
- C:\Windows\System\CFawWQR.exe
  C:\Windows\System\CFawWQR.exe
  2⤵
  PID:6564
- C:\Windows\System\RNZMyrv.exe
  C:\Windows\System\RNZMyrv.exe
  2⤵
  PID:6580
- C:\Windows\System\lqKJgpT.exe
  C:\Windows\System\lqKJgpT.exe
  2⤵
  PID:6596
- C:\Windows\System\wqXKWdW.exe
  C:\Windows\System\wqXKWdW.exe
  2⤵
  PID:6612
- C:\Windows\System\NHigIlD.exe
  C:\Windows\System\NHigIlD.exe
  2⤵
  PID:6628
- C:\Windows\System\JkEBhEy.exe
  C:\Windows\System\JkEBhEy.exe
  2⤵
  PID:6648
- C:\Windows\System\lDThImz.exe
  C:\Windows\System\lDThImz.exe
  2⤵
  PID:6664
- C:\Windows\System\ceSsPsP.exe
  C:\Windows\System\ceSsPsP.exe
  2⤵
  PID:6680
- C:\Windows\System\sEXEdJV.exe
  C:\Windows\System\sEXEdJV.exe
  2⤵
  PID:6696
- C:\Windows\System\FELNUiq.exe
  C:\Windows\System\FELNUiq.exe
  2⤵
  PID:6712
- C:\Windows\System\DDLlyKX.exe
  C:\Windows\System\DDLlyKX.exe
  2⤵
  PID:6728
- C:\Windows\System\bWsvlVu.exe
  C:\Windows\System\bWsvlVu.exe
  2⤵
  PID:6744
- C:\Windows\System\XmLiryz.exe
  C:\Windows\System\XmLiryz.exe
  2⤵
  PID:6760
- C:\Windows\System\kzbdEnf.exe
  C:\Windows\System\kzbdEnf.exe
  2⤵
  PID:6776
- C:\Windows\System\JbTrhXE.exe
  C:\Windows\System\JbTrhXE.exe
  2⤵
  PID:6792
- C:\Windows\System\txNxLnR.exe
  C:\Windows\System\txNxLnR.exe
  2⤵
  PID:6808
- C:\Windows\System\EaEtDNj.exe
  C:\Windows\System\EaEtDNj.exe
  2⤵
  PID:6824
- C:\Windows\System\FSgCGns.exe
  C:\Windows\System\FSgCGns.exe
  2⤵
  PID:6840
- C:\Windows\System\uLZAgtn.exe
  C:\Windows\System\uLZAgtn.exe
  2⤵
  PID:6856
- C:\Windows\System\lqLMubS.exe
  C:\Windows\System\lqLMubS.exe
  2⤵
  PID:6876
- C:\Windows\System\dRUuvdI.exe
  C:\Windows\System\dRUuvdI.exe
  2⤵
  PID:6892
- C:\Windows\System\bkLYDid.exe
  C:\Windows\System\bkLYDid.exe
  2⤵
  PID:6908
- C:\Windows\System\GcsaeHg.exe
  C:\Windows\System\GcsaeHg.exe
  2⤵
  PID:6924
- C:\Windows\System\TRDuNyl.exe
  C:\Windows\System\TRDuNyl.exe
  2⤵
  PID:6940
- C:\Windows\System\VziYqVs.exe
  C:\Windows\System\VziYqVs.exe
  2⤵
  PID:6956
- C:\Windows\System\VXrdRxJ.exe
  C:\Windows\System\VXrdRxJ.exe
  2⤵
  PID:6976
- C:\Windows\System\snWyNpj.exe
  C:\Windows\System\snWyNpj.exe
  2⤵
  PID:6996
- C:\Windows\System\DVoQbwN.exe
  C:\Windows\System\DVoQbwN.exe
  2⤵
  PID:7012
- C:\Windows\System\mxGWSqF.exe
  C:\Windows\System\mxGWSqF.exe
  2⤵
  PID:7028
- C:\Windows\System\MxECgXU.exe
  C:\Windows\System\MxECgXU.exe
  2⤵
  PID:7048
- C:\Windows\System\vtzxluw.exe
  C:\Windows\System\vtzxluw.exe
  2⤵
  PID:7064
- C:\Windows\System\ryXNPTI.exe
  C:\Windows\System\ryXNPTI.exe
  2⤵
  PID:7084
- C:\Windows\System\yJhLvAJ.exe
  C:\Windows\System\yJhLvAJ.exe
  2⤵
  PID:7100
- C:\Windows\System\DFwXrHA.exe
  C:\Windows\System\DFwXrHA.exe
  2⤵
  PID:7116
- C:\Windows\System\NehFCcg.exe
  C:\Windows\System\NehFCcg.exe
  2⤵
  PID:7132
- C:\Windows\System\ElWBlGJ.exe
  C:\Windows\System\ElWBlGJ.exe
  2⤵
  PID:7148
- C:\Windows\System\KKCeUEQ.exe
  C:\Windows\System\KKCeUEQ.exe
  2⤵
  PID:7164
- C:\Windows\System\TOYQJXl.exe
  C:\Windows\System\TOYQJXl.exe
  2⤵
  PID:6160
- C:\Windows\System\gkODMOh.exe
  C:\Windows\System\gkODMOh.exe
  2⤵
  PID:6228
- C:\Windows\System\zEZhgun.exe
  C:\Windows\System\zEZhgun.exe
  2⤵
  PID:6296
- C:\Windows\System\LsoaWQY.exe
  C:\Windows\System\LsoaWQY.exe
  2⤵
  PID:5620
- C:\Windows\System\twJTJZx.exe
  C:\Windows\System\twJTJZx.exe
  2⤵
  PID:6208
- C:\Windows\System\ZtRbTwb.exe
  C:\Windows\System\ZtRbTwb.exe
  2⤵
  PID:6284
- C:\Windows\System\qNCHpml.exe
  C:\Windows\System\qNCHpml.exe
  2⤵
  PID:6320
- C:\Windows\System\ihhfzRQ.exe
  C:\Windows\System\ihhfzRQ.exe
  2⤵
  PID:6368
- C:\Windows\System\CcJYtWr.exe
  C:\Windows\System\CcJYtWr.exe
  2⤵
  PID:6348
- C:\Windows\System\IwZQgLE.exe
  C:\Windows\System\IwZQgLE.exe
  2⤵
  PID:6444
- C:\Windows\System\xHSKyOA.exe
  C:\Windows\System\xHSKyOA.exe
  2⤵
  PID:6480
- C:\Windows\System\fJxIlfs.exe
  C:\Windows\System\fJxIlfs.exe
  2⤵
  PID:6572
- C:\Windows\System\baLotLw.exe
  C:\Windows\System\baLotLw.exe
  2⤵
  PID:6608
- C:\Windows\System\woFnqFz.exe
  C:\Windows\System\woFnqFz.exe
  2⤵
  PID:6620
- C:\Windows\System\RpmoGJE.exe
  C:\Windows\System\RpmoGJE.exe
  2⤵
  PID:6556
- C:\Windows\System\LXBDNKh.exe
  C:\Windows\System\LXBDNKh.exe
  2⤵
  PID:6428
- C:\Windows\System\stIjDMk.exe
  C:\Windows\System\stIjDMk.exe
  2⤵
  PID:6640
- C:\Windows\System\gPuKnqJ.exe
  C:\Windows\System\gPuKnqJ.exe
  2⤵
  PID:6688
- C:\Windows\System\vhKZKeo.exe
  C:\Windows\System\vhKZKeo.exe
  2⤵
  PID:6756
- C:\Windows\System\yeQjPVr.exe
  C:\Windows\System\yeQjPVr.exe
  2⤵
  PID:6820
- C:\Windows\System\NbgYfaj.exe
  C:\Windows\System\NbgYfaj.exe
  2⤵
  PID:7156
- C:\Windows\System\zamzASd.exe
  C:\Windows\System\zamzASd.exe
  2⤵
  PID:6224
- C:\Windows\System\IeFmukx.exe
  C:\Windows\System\IeFmukx.exe
  2⤵
  PID:7076
- C:\Windows\System\mmyNpYH.exe
  C:\Windows\System\mmyNpYH.exe
  2⤵
  PID:7036
- C:\Windows\System\TohEfLF.exe
  C:\Windows\System\TohEfLF.exe
  2⤵
  PID:6336
- C:\Windows\System\tnZXFPr.exe
  C:\Windows\System\tnZXFPr.exe
  2⤵
  PID:5504
- C:\Windows\System\CvkbOWj.exe
  C:\Windows\System\CvkbOWj.exe
  2⤵
  PID:6176
- C:\Windows\System\zGjwhjB.exe
  C:\Windows\System\zGjwhjB.exe
  2⤵
  PID:6416
- C:\Windows\System\FJKwNSO.exe
  C:\Windows\System\FJKwNSO.exe
  2⤵
  PID:6560
- C:\Windows\System\byTsICU.exe
  C:\Windows\System\byTsICU.exe
  2⤵
  PID:6656
- C:\Windows\System\BDYsSzs.exe
  C:\Windows\System\BDYsSzs.exe
  2⤵
  PID:6692
- C:\Windows\System\wdsYGUf.exe
  C:\Windows\System\wdsYGUf.exe
  2⤵
  PID:6576
- C:\Windows\System\ONICRmI.exe
  C:\Windows\System\ONICRmI.exe
  2⤵
  PID:6380
- C:\Windows\System\mvRjXdJ.exe
  C:\Windows\System\mvRjXdJ.exe
  2⤵
  PID:6720
- C:\Windows\System\CBushwH.exe
  C:\Windows\System\CBushwH.exe
  2⤵
  PID:6676
- C:\Windows\System\yNxCeDm.exe
  C:\Windows\System\yNxCeDm.exe
  2⤵
  PID:6740
- C:\Windows\System\Tpdzred.exe
  C:\Windows\System\Tpdzred.exe
  2⤵
  PID:6804
- C:\Windows\System\WQyIlgl.exe
  C:\Windows\System\WQyIlgl.exe
  2⤵
  PID:6864
- C:\Windows\System\KcWXYIo.exe
  C:\Windows\System\KcWXYIo.exe
  2⤵
  PID:6916
- C:\Windows\System\ImJPccG.exe
  C:\Windows\System\ImJPccG.exe
  2⤵
  PID:6992
- C:\Windows\System\dLccJwi.exe
  C:\Windows\System\dLccJwi.exe
  2⤵
  PID:6252
- C:\Windows\System\vMkUaPs.exe
  C:\Windows\System\vMkUaPs.exe
  2⤵
  PID:6932
- C:\Windows\System\bBpKSvn.exe
  C:\Windows\System\bBpKSvn.exe
  2⤵
  PID:7008
- C:\Windows\System\talykLq.exe
  C:\Windows\System\talykLq.exe
  2⤵
  PID:7096
- C:\Windows\System\abkPqoU.exe
  C:\Windows\System\abkPqoU.exe
  2⤵
  PID:6196
- C:\Windows\System\CXVLWDR.exe
  C:\Windows\System\CXVLWDR.exe
  2⤵
  PID:6244
- C:\Windows\System\wzmyqSg.exe
  C:\Windows\System\wzmyqSg.exe
  2⤵
  PID:7044
- C:\Windows\System\fKFZjfi.exe
  C:\Windows\System\fKFZjfi.exe
  2⤵
  PID:6496
- C:\Windows\System\EjEGKfG.exe
  C:\Windows\System\EjEGKfG.exe
  2⤵
  PID:6528
- C:\Windows\System\fkdrTad.exe
  C:\Windows\System\fkdrTad.exe
  2⤵
  PID:6540
- C:\Windows\System\DCGSoDV.exe
  C:\Windows\System\DCGSoDV.exe
  2⤵
  PID:6352
- C:\Windows\System\CJBPROb.exe
  C:\Windows\System\CJBPROb.exe
  2⤵
  PID:6836
- C:\Windows\System\goerkzA.exe
  C:\Windows\System\goerkzA.exe
  2⤵
  PID:6904
- C:\Windows\System\rRAmquG.exe
  C:\Windows\System\rRAmquG.exe
  2⤵
  PID:7112
- C:\Windows\System\tVtxjSX.exe
  C:\Windows\System\tVtxjSX.exe
  2⤵
  PID:6888
- C:\Windows\System\EAGogjV.exe
  C:\Windows\System\EAGogjV.exe
  2⤵
  PID:2260
- C:\Windows\System\gCJuzRg.exe
  C:\Windows\System\gCJuzRg.exe
  2⤵
  PID:6192
- C:\Windows\System\ifNDRDg.exe
  C:\Windows\System\ifNDRDg.exe
  2⤵
  PID:6432
- C:\Windows\System\hHjKEBt.exe
  C:\Windows\System\hHjKEBt.exe
  2⤵
  PID:6736
- C:\Windows\System\htKzWOF.exe
  C:\Windows\System\htKzWOF.exe
  2⤵
  PID:6460
- C:\Windows\System\ZjsnphP.exe
  C:\Windows\System\ZjsnphP.exe
  2⤵
  PID:2648
- C:\Windows\System\bFOZyhd.exe
  C:\Windows\System\bFOZyhd.exe
  2⤵
  PID:6900
- C:\Windows\System\ilgliZp.exe
  C:\Windows\System\ilgliZp.exe
  2⤵
  PID:7004
- C:\Windows\System\hQZZnAh.exe
  C:\Windows\System\hQZZnAh.exe
  2⤵
  PID:6624
- C:\Windows\System\eaXiNIL.exe
  C:\Windows\System\eaXiNIL.exe
  2⤵
  PID:6476
- C:\Windows\System\zFWtCHH.exe
  C:\Windows\System\zFWtCHH.exe
  2⤵
  PID:6512
- C:\Windows\System\gOxXmer.exe
  C:\Windows\System\gOxXmer.exe
  2⤵
  PID:6920
- C:\Windows\System\OZMANVk.exe
  C:\Windows\System\OZMANVk.exe
  2⤵
  PID:7180
- C:\Windows\System\XoUISmK.exe
  C:\Windows\System\XoUISmK.exe
  2⤵
  PID:7196
- C:\Windows\System\tDtpMpv.exe
  C:\Windows\System\tDtpMpv.exe
  2⤵
  PID:7212
- C:\Windows\System\sgCzLoG.exe
  C:\Windows\System\sgCzLoG.exe
  2⤵
  PID:7228
- C:\Windows\System\sjllDaS.exe
  C:\Windows\System\sjllDaS.exe
  2⤵
  PID:7244
- C:\Windows\System\QQXzdcE.exe
  C:\Windows\System\QQXzdcE.exe
  2⤵
  PID:7260
- C:\Windows\System\FRuAWgC.exe
  C:\Windows\System\FRuAWgC.exe
  2⤵
  PID:7276
- C:\Windows\System\czoBDQx.exe
  C:\Windows\System\czoBDQx.exe
  2⤵
  PID:7292
- C:\Windows\System\jYSCScM.exe
  C:\Windows\System\jYSCScM.exe
  2⤵
  PID:7308
- C:\Windows\System\StORwXM.exe
  C:\Windows\System\StORwXM.exe
  2⤵
  PID:7324
- C:\Windows\System\IzYnTDN.exe
  C:\Windows\System\IzYnTDN.exe
  2⤵
  PID:7340
- C:\Windows\System\MbRUSBr.exe
  C:\Windows\System\MbRUSBr.exe
  2⤵
  PID:7356
- C:\Windows\System\hEvQCCQ.exe
  C:\Windows\System\hEvQCCQ.exe
  2⤵
  PID:7372
- C:\Windows\System\frIXmkb.exe
  C:\Windows\System\frIXmkb.exe
  2⤵
  PID:7388
- C:\Windows\System\PhmbPLR.exe
  C:\Windows\System\PhmbPLR.exe
  2⤵
  PID:7404
- C:\Windows\System\LwNrEyx.exe
  C:\Windows\System\LwNrEyx.exe
  2⤵
  PID:7420
- C:\Windows\System\xlESwjp.exe
  C:\Windows\System\xlESwjp.exe
  2⤵
  PID:7440
- C:\Windows\System\IgwCzkT.exe
  C:\Windows\System\IgwCzkT.exe
  2⤵
  PID:7456
- C:\Windows\System\LNGaHwn.exe
  C:\Windows\System\LNGaHwn.exe
  2⤵
  PID:7472
- C:\Windows\System\sPMTJwu.exe
  C:\Windows\System\sPMTJwu.exe
  2⤵
  PID:7488
- C:\Windows\System\vOAbeDe.exe
  C:\Windows\System\vOAbeDe.exe
  2⤵
  PID:7504
- C:\Windows\System\ERTDtTc.exe
  C:\Windows\System\ERTDtTc.exe
  2⤵
  PID:7520
- C:\Windows\System\ANnjyiB.exe
  C:\Windows\System\ANnjyiB.exe
  2⤵
  PID:7536
- C:\Windows\System\cFCbpKq.exe
  C:\Windows\System\cFCbpKq.exe
  2⤵
  PID:7552
- C:\Windows\System\Wkrejpi.exe
  C:\Windows\System\Wkrejpi.exe
  2⤵
  PID:7568
- C:\Windows\System\kDBhvmh.exe
  C:\Windows\System\kDBhvmh.exe
  2⤵
  PID:7584
- C:\Windows\System\sTbBNfi.exe
  C:\Windows\System\sTbBNfi.exe
  2⤵
  PID:7600
- C:\Windows\System\HTzKsno.exe
  C:\Windows\System\HTzKsno.exe
  2⤵
  PID:7616
- C:\Windows\System\HLbtnpK.exe
  C:\Windows\System\HLbtnpK.exe
  2⤵
  PID:7632
- C:\Windows\System\swESlTT.exe
  C:\Windows\System\swESlTT.exe
  2⤵
  PID:7648
- C:\Windows\System\rmrirwy.exe
  C:\Windows\System\rmrirwy.exe
  2⤵
  PID:7664
- C:\Windows\System\WjdbPUL.exe
  C:\Windows\System\WjdbPUL.exe
  2⤵
  PID:7680
- C:\Windows\System\CPbnspY.exe
  C:\Windows\System\CPbnspY.exe
  2⤵
  PID:7696
- C:\Windows\System\xZJroMf.exe
  C:\Windows\System\xZJroMf.exe
  2⤵
  PID:7712
- C:\Windows\System\LWHysqP.exe
  C:\Windows\System\LWHysqP.exe
  2⤵
  PID:7728
- C:\Windows\System\GdMYmVo.exe
  C:\Windows\System\GdMYmVo.exe
  2⤵
  PID:7744
- C:\Windows\System\MHENQLs.exe
  C:\Windows\System\MHENQLs.exe
  2⤵
  PID:7760
- C:\Windows\System\YgsenER.exe
  C:\Windows\System\YgsenER.exe
  2⤵
  PID:7776
- C:\Windows\System\AFpyBJX.exe
  C:\Windows\System\AFpyBJX.exe
  2⤵
  PID:7792
- C:\Windows\System\vapMpLz.exe
  C:\Windows\System\vapMpLz.exe
  2⤵
  PID:7808
- C:\Windows\System\svySWwf.exe
  C:\Windows\System\svySWwf.exe
  2⤵
  PID:7824
- C:\Windows\System\osdgpDv.exe
  C:\Windows\System\osdgpDv.exe
  2⤵
  PID:7840
- C:\Windows\System\xgIIrok.exe
  C:\Windows\System\xgIIrok.exe
  2⤵
  PID:7856
- C:\Windows\System\jAyczDI.exe
  C:\Windows\System\jAyczDI.exe
  2⤵
  PID:7872
- C:\Windows\System\VDHsBjO.exe
  C:\Windows\System\VDHsBjO.exe
  2⤵
  PID:7888
- C:\Windows\System\LZwsBzR.exe
  C:\Windows\System\LZwsBzR.exe
  2⤵
  PID:7904
- C:\Windows\System\ozYouSB.exe
  C:\Windows\System\ozYouSB.exe
  2⤵
  PID:7920
- C:\Windows\System\CrMxTUD.exe
  C:\Windows\System\CrMxTUD.exe
  2⤵
  PID:7936
- C:\Windows\System\yVeMBao.exe
  C:\Windows\System\yVeMBao.exe
  2⤵
  PID:7952
- C:\Windows\System\bdrHIqK.exe
  C:\Windows\System\bdrHIqK.exe
  2⤵
  PID:7968
- C:\Windows\System\gshsbNz.exe
  C:\Windows\System\gshsbNz.exe
  2⤵
  PID:7984
- C:\Windows\System\Pdyvlqc.exe
  C:\Windows\System\Pdyvlqc.exe
  2⤵
  PID:8000
- C:\Windows\System\XmQTUNv.exe
  C:\Windows\System\XmQTUNv.exe
  2⤵
  PID:8016
- C:\Windows\System\WNdpnjq.exe
  C:\Windows\System\WNdpnjq.exe
  2⤵
  PID:8032
- C:\Windows\System\dlzRwPf.exe
  C:\Windows\System\dlzRwPf.exe
  2⤵
  PID:8048
- C:\Windows\System\cSSGpjm.exe
  C:\Windows\System\cSSGpjm.exe
  2⤵
  PID:8064
- C:\Windows\System\fbSrBsn.exe
  C:\Windows\System\fbSrBsn.exe
  2⤵
  PID:8080
- C:\Windows\System\qTGAOIt.exe
  C:\Windows\System\qTGAOIt.exe
  2⤵
  PID:8096
- C:\Windows\System\ytqkTts.exe
  C:\Windows\System\ytqkTts.exe
  2⤵
  PID:8112
- C:\Windows\System\wRXVJtn.exe
  C:\Windows\System\wRXVJtn.exe
  2⤵
  PID:8128
- C:\Windows\System\EmRVRWp.exe
  C:\Windows\System\EmRVRWp.exe
  2⤵
  PID:8144
- C:\Windows\System\rcOfBGf.exe
  C:\Windows\System\rcOfBGf.exe
  2⤵
  PID:8160
- C:\Windows\System\quosSBf.exe
  C:\Windows\System\quosSBf.exe
  2⤵
  PID:8176
- C:\Windows\System\LSMvsuD.exe
  C:\Windows\System\LSMvsuD.exe
  2⤵
  PID:6800
- C:\Windows\System\PozAxNo.exe
  C:\Windows\System\PozAxNo.exe
  2⤵
  PID:2520
- C:\Windows\System\hEcWsMt.exe
  C:\Windows\System\hEcWsMt.exe
  2⤵
  PID:7192
- C:\Windows\System\UekzgkE.exe
  C:\Windows\System\UekzgkE.exe
  2⤵
  PID:7236
- C:\Windows\System\aQAwwwe.exe
  C:\Windows\System\aQAwwwe.exe
  2⤵
  PID:7300
- C:\Windows\System\PaqPWgg.exe
  C:\Windows\System\PaqPWgg.exe
  2⤵
  PID:7332
- C:\Windows\System\kuxEtym.exe
  C:\Windows\System\kuxEtym.exe
  2⤵
  PID:7256
- C:\Windows\System\rFAEeHv.exe
  C:\Windows\System\rFAEeHv.exe
  2⤵
  PID:7320
- C:\Windows\System\hVRLIiL.exe
  C:\Windows\System\hVRLIiL.exe
  2⤵
  PID:7396
- C:\Windows\System\xoLLsax.exe
  C:\Windows\System\xoLLsax.exe
  2⤵
  PID:7432
- C:\Windows\System\KYNYFIL.exe
  C:\Windows\System\KYNYFIL.exe
  2⤵
  PID:7464
- C:\Windows\System\uvnJJsZ.exe
  C:\Windows\System\uvnJJsZ.exe
  2⤵
  PID:7416
- C:\Windows\System\zMlEhjJ.exe
  C:\Windows\System\zMlEhjJ.exe
  2⤵
  PID:7484
- C:\Windows\System\TsWZlSy.exe
  C:\Windows\System\TsWZlSy.exe
  2⤵
  PID:7516
- C:\Windows\System\FPQGZsq.exe
  C:\Windows\System\FPQGZsq.exe
  2⤵
  PID:7596
- C:\Windows\System\OKodNyM.exe
  C:\Windows\System\OKodNyM.exe
  2⤵
  PID:7544
- C:\Windows\System\MYjHjLX.exe
  C:\Windows\System\MYjHjLX.exe
  2⤵
  PID:7548
- C:\Windows\System\axXTapg.exe
  C:\Windows\System\axXTapg.exe
  2⤵
  PID:7720
- C:\Windows\System\DtlUFYj.exe
  C:\Windows\System\DtlUFYj.exe
  2⤵
  PID:7756
- C:\Windows\System\hCtwSOL.exe
  C:\Windows\System\hCtwSOL.exe
  2⤵
  PID:7740
- C:\Windows\System\MBnhaLL.exe
  C:\Windows\System\MBnhaLL.exe
  2⤵
  PID:7736
- C:\Windows\System\ojIKFos.exe
  C:\Windows\System\ojIKFos.exe
  2⤵
  PID:7816
- C:\Windows\System\rFNRXzE.exe
  C:\Windows\System\rFNRXzE.exe
  2⤵
  PID:7880
- C:\Windows\System\rfuXmah.exe
  C:\Windows\System\rfuXmah.exe
  2⤵
  PID:7804
- C:\Windows\System\dNDyEii.exe
  C:\Windows\System\dNDyEii.exe
  2⤵
  PID:7960
- C:\Windows\System\SJuuaLB.exe
  C:\Windows\System\SJuuaLB.exe
  2⤵
  PID:7896
- C:\Windows\System\oWteDgz.exe
  C:\Windows\System\oWteDgz.exe
  2⤵
  PID:7980
- C:\Windows\System\eqvVVXe.exe
  C:\Windows\System\eqvVVXe.exe
  2⤵
  PID:8040
- C:\Windows\System\hTvoYsg.exe
  C:\Windows\System\hTvoYsg.exe
  2⤵
  PID:7992
- C:\Windows\System\SwrbKTE.exe
  C:\Windows\System\SwrbKTE.exe
  2⤵
  PID:8056
- C:\Windows\System\AASMJow.exe
  C:\Windows\System\AASMJow.exe
  2⤵
  PID:8108
- C:\Windows\System\ExHVGGq.exe
  C:\Windows\System\ExHVGGq.exe
  2⤵
  PID:8088
- C:\Windows\System\ZWgZVng.exe
  C:\Windows\System\ZWgZVng.exe
  2⤵
  PID:8188
- C:\Windows\System\kbkjdjg.exe
  C:\Windows\System\kbkjdjg.exe
  2⤵
  PID:8156
- C:\Windows\System\LJZDcnU.exe
  C:\Windows\System\LJZDcnU.exe
  2⤵
  PID:7208
- C:\Windows\System\nicPeEP.exe
  C:\Windows\System\nicPeEP.exe
  2⤵
  PID:7316
- C:\Windows\System\vzRllYw.exe
  C:\Windows\System\vzRllYw.exe
  2⤵
  PID:7268
- C:\Windows\System\hPoXiRx.exe
  C:\Windows\System\hPoXiRx.exe
  2⤵
  PID:7252
- C:\Windows\System\VzXvFXm.exe
  C:\Windows\System\VzXvFXm.exe
  2⤵
  PID:2168
- C:\Windows\System\GmkVGwN.exe
  C:\Windows\System\GmkVGwN.exe
  2⤵
  PID:7496
- C:\Windows\System\yBgKcqo.exe
  C:\Windows\System\yBgKcqo.exe
  2⤵
  PID:7532
- C:\Windows\System\ROyYIld.exe
  C:\Windows\System\ROyYIld.exe
  2⤵
  PID:1360
- C:\Windows\System\VBDPpHm.exe
  C:\Windows\System\VBDPpHm.exe
  2⤵
  PID:7676
- C:\Windows\System\mIaHdCt.exe
  C:\Windows\System\mIaHdCt.exe
  2⤵
  PID:7916
- C:\Windows\System\ZJXWzKU.exe
  C:\Windows\System\ZJXWzKU.exe
  2⤵
  PID:8008
- C:\Windows\System\TrTQWUy.exe
  C:\Windows\System\TrTQWUy.exe
  2⤵
  PID:7944
- C:\Windows\System\QHDEQjd.exe
  C:\Windows\System\QHDEQjd.exe
  2⤵
  PID:7640
- C:\Windows\System\VOgzoYU.exe
  C:\Windows\System\VOgzoYU.exe
  2⤵
  PID:7592
- C:\Windows\System\mTpyiAN.exe
  C:\Windows\System\mTpyiAN.exe
  2⤵
  PID:8168
- C:\Windows\System\QOzZYNd.exe
  C:\Windows\System\QOzZYNd.exe
  2⤵
  PID:7752
- C:\Windows\System\uRNfriP.exe
  C:\Windows\System\uRNfriP.exe
  2⤵
  PID:7176
- C:\Windows\System\XOGdgZR.exe
  C:\Windows\System\XOGdgZR.exe
  2⤵
  PID:7772
- C:\Windows\System\tAAGlXY.exe
  C:\Windows\System\tAAGlXY.exe
  2⤵
  PID:7172
- C:\Windows\System\SIWmakR.exe
  C:\Windows\System\SIWmakR.exe
  2⤵
  PID:7368
- C:\Windows\System\HtzWTYA.exe
  C:\Windows\System\HtzWTYA.exe
  2⤵
  PID:7784
- C:\Windows\System\YTHTgDJ.exe
  C:\Windows\System\YTHTgDJ.exe
  2⤵
  PID:8140
- C:\Windows\System\qiBcaga.exe
  C:\Windows\System\qiBcaga.exe
  2⤵
  PID:2876
- C:\Windows\System\LaNIMyT.exe
  C:\Windows\System\LaNIMyT.exe
  2⤵
  PID:8012
- C:\Windows\System\YPMCdoO.exe
  C:\Windows\System\YPMCdoO.exe
  2⤵
  PID:7932
- C:\Windows\System\oTlBUJA.exe
  C:\Windows\System\oTlBUJA.exe
  2⤵
  PID:8152
- C:\Windows\System\ahXSmrA.exe
  C:\Windows\System\ahXSmrA.exe
  2⤵
  PID:7288
- C:\Windows\System\LLJBVAt.exe
  C:\Windows\System\LLJBVAt.exe
  2⤵
  PID:7412
- C:\Windows\System\LTkjJiV.exe
  C:\Windows\System\LTkjJiV.exe
  2⤵
  PID:7656
- C:\Windows\System\prqYwin.exe
  C:\Windows\System\prqYwin.exe
  2⤵
  PID:7608
- C:\Windows\System\MQyiKZd.exe
  C:\Windows\System\MQyiKZd.exe
  2⤵
  PID:7848
- C:\Windows\System\idCLloG.exe
  C:\Windows\System\idCLloG.exe
  2⤵
  PID:7480
- C:\Windows\System\bzFlwVM.exe
  C:\Windows\System\bzFlwVM.exe
  2⤵
  PID:7128
- C:\Windows\System\YXXSaUD.exe
  C:\Windows\System\YXXSaUD.exe
  2⤵
  PID:7364
- C:\Windows\System\crPyKNd.exe
  C:\Windows\System\crPyKNd.exe
  2⤵
  PID:7564
- C:\Windows\System\CAtpXgo.exe
  C:\Windows\System\CAtpXgo.exe
  2⤵
  PID:8200
- C:\Windows\System\KixQpIx.exe
  C:\Windows\System\KixQpIx.exe
  2⤵
  PID:8216
- C:\Windows\System\ZCUkUHb.exe
  C:\Windows\System\ZCUkUHb.exe
  2⤵
  PID:8232
- C:\Windows\System\wZtkhsO.exe
  C:\Windows\System\wZtkhsO.exe
  2⤵
  PID:8248
- C:\Windows\System\dFemeez.exe
  C:\Windows\System\dFemeez.exe
  2⤵
  PID:8264
- C:\Windows\System\SmayRft.exe
  C:\Windows\System\SmayRft.exe
  2⤵
  PID:8280
- C:\Windows\System\qSZKrNT.exe
  C:\Windows\System\qSZKrNT.exe
  2⤵
  PID:8300
- C:\Windows\System\SNLpZDT.exe
  C:\Windows\System\SNLpZDT.exe
  2⤵
  PID:8316
- C:\Windows\System\BIuEnBT.exe
  C:\Windows\System\BIuEnBT.exe
  2⤵
  PID:8332
- C:\Windows\System\dJDTlsi.exe
  C:\Windows\System\dJDTlsi.exe
  2⤵
  PID:8348
- C:\Windows\System\WuKkOPz.exe
  C:\Windows\System\WuKkOPz.exe
  2⤵
  PID:8364
- C:\Windows\System\sHESbTm.exe
  C:\Windows\System\sHESbTm.exe
  2⤵
  PID:8380
- C:\Windows\System\ADueoSM.exe
  C:\Windows\System\ADueoSM.exe
  2⤵
  PID:8396
- C:\Windows\System\myMKNpW.exe
  C:\Windows\System\myMKNpW.exe
  2⤵
  PID:8412
- C:\Windows\System\xELQVXD.exe
  C:\Windows\System\xELQVXD.exe
  2⤵
  PID:8428
- C:\Windows\System\BWgcSWn.exe
  C:\Windows\System\BWgcSWn.exe
  2⤵
  PID:8444
- C:\Windows\System\tzBWPKO.exe
  C:\Windows\System\tzBWPKO.exe
  2⤵
  PID:8460
- C:\Windows\System\lqBCJLC.exe
  C:\Windows\System\lqBCJLC.exe
  2⤵
  PID:8476
- C:\Windows\System\CcDEHPR.exe
  C:\Windows\System\CcDEHPR.exe
  2⤵
  PID:8492
- C:\Windows\System\omDnoJk.exe
  C:\Windows\System\omDnoJk.exe
  2⤵
  PID:8512
- C:\Windows\System\BrxhxpQ.exe
  C:\Windows\System\BrxhxpQ.exe
  2⤵
  PID:8528
- C:\Windows\System\gsfMRwb.exe
  C:\Windows\System\gsfMRwb.exe
  2⤵
  PID:8544
- C:\Windows\System\nfCsiXi.exe
  C:\Windows\System\nfCsiXi.exe
  2⤵
  PID:8560
- C:\Windows\System\nHLrajH.exe
  C:\Windows\System\nHLrajH.exe
  2⤵
  PID:8576
- C:\Windows\System\ppAWfvJ.exe
  C:\Windows\System\ppAWfvJ.exe
  2⤵
  PID:8592
- C:\Windows\System\DusROpK.exe
  C:\Windows\System\DusROpK.exe
  2⤵
  PID:8608
- C:\Windows\System\FccBwpp.exe
  C:\Windows\System\FccBwpp.exe
  2⤵
  PID:8624
- C:\Windows\System\pKOWbeX.exe
  C:\Windows\System\pKOWbeX.exe
  2⤵
  PID:8640
- C:\Windows\System\oZElbUI.exe
  C:\Windows\System\oZElbUI.exe
  2⤵
  PID:8656
- C:\Windows\System\NADvpAp.exe
  C:\Windows\System\NADvpAp.exe
  2⤵
  PID:8672
- C:\Windows\System\EYYuOxE.exe
  C:\Windows\System\EYYuOxE.exe
  2⤵
  PID:8688
- C:\Windows\System\nbmHrQW.exe
  C:\Windows\System\nbmHrQW.exe
  2⤵
  PID:8704
- C:\Windows\System\OrteuDV.exe
  C:\Windows\System\OrteuDV.exe
  2⤵
  PID:8720
- C:\Windows\System\AzhKfTn.exe
  C:\Windows\System\AzhKfTn.exe
  2⤵
  PID:8736
- C:\Windows\System\MKskJKv.exe
  C:\Windows\System\MKskJKv.exe
  2⤵
  PID:8752
- C:\Windows\System\GRVSkCq.exe
  C:\Windows\System\GRVSkCq.exe
  2⤵
  PID:8768
- C:\Windows\System\kiululk.exe
  C:\Windows\System\kiululk.exe
  2⤵
  PID:8784
- C:\Windows\System\zdbWoNE.exe
  C:\Windows\System\zdbWoNE.exe
  2⤵
  PID:8800
- C:\Windows\System\iZgVjTb.exe
  C:\Windows\System\iZgVjTb.exe
  2⤵
  PID:8816
- C:\Windows\System\oONmhuS.exe
  C:\Windows\System\oONmhuS.exe
  2⤵
  PID:8832
- C:\Windows\System\xvrJgIt.exe
  C:\Windows\System\xvrJgIt.exe
  2⤵
  PID:8848
- C:\Windows\System\rgufvWK.exe
  C:\Windows\System\rgufvWK.exe
  2⤵
  PID:8864
- C:\Windows\System\zUuOIUG.exe
  C:\Windows\System\zUuOIUG.exe
  2⤵
  PID:8880
- C:\Windows\System\lkaiFAp.exe
  C:\Windows\System\lkaiFAp.exe
  2⤵
  PID:8896
- C:\Windows\System\ExzjANE.exe
  C:\Windows\System\ExzjANE.exe
  2⤵
  PID:8912
- C:\Windows\System\ZqfEghP.exe
  C:\Windows\System\ZqfEghP.exe
  2⤵
  PID:8928
- C:\Windows\System\AJhplgU.exe
  C:\Windows\System\AJhplgU.exe
  2⤵
  PID:8944
- C:\Windows\System\HGQhbqv.exe
  C:\Windows\System\HGQhbqv.exe
  2⤵
  PID:8960
- C:\Windows\System\hupGPpW.exe
  C:\Windows\System\hupGPpW.exe
  2⤵
  PID:8976
- C:\Windows\System\NnxyLeQ.exe
  C:\Windows\System\NnxyLeQ.exe
  2⤵
  PID:8992
- C:\Windows\System\LYBLfqW.exe
  C:\Windows\System\LYBLfqW.exe
  2⤵
  PID:9008
- C:\Windows\System\WQmwItS.exe
  C:\Windows\System\WQmwItS.exe
  2⤵
  PID:9024
- C:\Windows\System\VLDpjYH.exe
  C:\Windows\System\VLDpjYH.exe
  2⤵
  PID:9040
- C:\Windows\System\qncEGfj.exe
  C:\Windows\System\qncEGfj.exe
  2⤵
  PID:9056
- C:\Windows\System\fmABRlV.exe
  C:\Windows\System\fmABRlV.exe
  2⤵
  PID:9072
- C:\Windows\System\IIkvZHB.exe
  C:\Windows\System\IIkvZHB.exe
  2⤵
  PID:9088
- C:\Windows\System\SADaPNY.exe
  C:\Windows\System\SADaPNY.exe
  2⤵
  PID:9104
- C:\Windows\System\EohmCPX.exe
  C:\Windows\System\EohmCPX.exe
  2⤵
  PID:9120
- C:\Windows\System\hzhUcsK.exe
  C:\Windows\System\hzhUcsK.exe
  2⤵
  PID:9136
- C:\Windows\System\zkXAggs.exe
  C:\Windows\System\zkXAggs.exe
  2⤵
  PID:9152
- C:\Windows\System\PbzNkvp.exe
  C:\Windows\System\PbzNkvp.exe
  2⤵
  PID:9168
- C:\Windows\System\RajDLOq.exe
  C:\Windows\System\RajDLOq.exe
  2⤵
  PID:9184
- C:\Windows\System\rdUBTby.exe
  C:\Windows\System\rdUBTby.exe
  2⤵
  PID:9200
- C:\Windows\System\TZaorpv.exe
  C:\Windows\System\TZaorpv.exe
  2⤵
  PID:7576
- C:\Windows\System\ZBpUSaY.exe
  C:\Windows\System\ZBpUSaY.exe
  2⤵
  PID:8076
- C:\Windows\System\uDZSxVV.exe
  C:\Windows\System\uDZSxVV.exe
  2⤵
  PID:8260
- C:\Windows\System\ciIykRG.exe
  C:\Windows\System\ciIykRG.exe
  2⤵
  PID:8328
- C:\Windows\System\iiNHfhf.exe
  C:\Windows\System\iiNHfhf.exe
  2⤵
  PID:8388
- C:\Windows\System\nFtYIjD.exe
  C:\Windows\System\nFtYIjD.exe
  2⤵
  PID:8276
- C:\Windows\System\OEoiSgq.exe
  C:\Windows\System\OEoiSgq.exe
  2⤵
  PID:8344
- C:\Windows\System\UemxdOd.exe
  C:\Windows\System\UemxdOd.exe
  2⤵
  PID:8420
- C:\Windows\System\FNqHMkH.exe
  C:\Windows\System\FNqHMkH.exe
  2⤵
  PID:8452
- C:\Windows\System\PsPLSxc.exe
  C:\Windows\System\PsPLSxc.exe
  2⤵
  PID:8408
- C:\Windows\System\jwBDMbY.exe
  C:\Windows\System\jwBDMbY.exe
  2⤵
  PID:8524
- C:\Windows\System\FjqLJNU.exe
  C:\Windows\System\FjqLJNU.exe
  2⤵
  PID:8556
- C:\Windows\System\WeMHqLK.exe
  C:\Windows\System\WeMHqLK.exe
  2⤵
  PID:8616
- C:\Windows\System\pDfwFYB.exe
  C:\Windows\System\pDfwFYB.exe
  2⤵
  PID:8572
- C:\Windows\System\FefRzZw.exe
  C:\Windows\System\FefRzZw.exe
  2⤵
  PID:8632
- C:\Windows\System\PooEIMR.exe
  C:\Windows\System\PooEIMR.exe
  2⤵
  PID:8684
- C:\Windows\System\tyqffIy.exe
  C:\Windows\System\tyqffIy.exe
  2⤵
  PID:8744
- C:\Windows\System\aafaimT.exe
  C:\Windows\System\aafaimT.exe
  2⤵
  PID:8668
- C:\Windows\System\UNQhzOw.exe
  C:\Windows\System\UNQhzOw.exe
  2⤵
  PID:8808
- C:\Windows\System\ZlwGnrY.exe
  C:\Windows\System\ZlwGnrY.exe
  2⤵
  PID:8872
- C:\Windows\System\xhiDXsj.exe
  C:\Windows\System\xhiDXsj.exe
  2⤵
  PID:8764
- C:\Windows\System\KrSDsmN.exe
  C:\Windows\System\KrSDsmN.exe
  2⤵
  PID:8972
- C:\Windows\System\kexelJz.exe
  C:\Windows\System\kexelJz.exe
  2⤵
  PID:8792
- C:\Windows\System\FVzxvTs.exe
  C:\Windows\System\FVzxvTs.exe
  2⤵
  PID:8856
- C:\Windows\System\pqhXuvZ.exe
  C:\Windows\System\pqhXuvZ.exe
  2⤵
  PID:8920
- C:\Windows\System\cSrVuUp.exe
  C:\Windows\System\cSrVuUp.exe
  2⤵
  PID:9000
- C:\Windows\System\LSUdSxI.exe
  C:\Windows\System\LSUdSxI.exe
  2⤵
  PID:9068
- C:\Windows\System\TqOxHGo.exe
  C:\Windows\System\TqOxHGo.exe
  2⤵
  PID:9036
- C:\Windows\System\DYaZdVa.exe
  C:\Windows\System\DYaZdVa.exe
  2⤵
  PID:9164
- C:\Windows\System\zQHutpm.exe
  C:\Windows\System\zQHutpm.exe
  2⤵
  PID:8296
- C:\Windows\System\fPSBdfg.exe
  C:\Windows\System\fPSBdfg.exe
  2⤵
  PID:8028
- C:\Windows\System\UjLchad.exe
  C:\Windows\System\UjLchad.exe
  2⤵
  PID:9016
- C:\Windows\System\vEgZnGw.exe
  C:\Windows\System\vEgZnGw.exe
  2⤵
  PID:8440
- C:\Windows\System\HqsdggN.exe
  C:\Windows\System\HqsdggN.exe
  2⤵
  PID:8228
- C:\Windows\System\pRGQFaS.exe
  C:\Windows\System\pRGQFaS.exe
  2⤵
  PID:9212
- C:\Windows\System\rCNXOAX.exe
  C:\Windows\System\rCNXOAX.exe
  2⤵
  PID:9148
- C:\Windows\System\EESwHcF.exe
  C:\Windows\System\EESwHcF.exe
  2⤵
  PID:9080
- C:\Windows\System\CIIFsqI.exe
  C:\Windows\System\CIIFsqI.exe
  2⤵
  PID:8552
- C:\Windows\System\dEXtIdE.exe
  C:\Windows\System\dEXtIdE.exe
  2⤵
  PID:8588
- C:\Windows\System\bQoSlTZ.exe
  C:\Windows\System\bQoSlTZ.exe
  2⤵
  PID:8680
- C:\Windows\System\sOAtMcs.exe
  C:\Windows\System\sOAtMcs.exe
  2⤵
  PID:8604
- C:\Windows\System\YvRuJor.exe
  C:\Windows\System\YvRuJor.exe
  2⤵
  PID:8700
- C:\Windows\System\suDYXWQ.exe
  C:\Windows\System\suDYXWQ.exe
  2⤵
  PID:8844
- C:\Windows\System\UiQtBRf.exe
  C:\Windows\System\UiQtBRf.exe
  2⤵
  PID:8760
- C:\Windows\System\SWBBcPK.exe
  C:\Windows\System\SWBBcPK.exe
  2⤵
  PID:9064
- C:\Windows\System\ilGtkXE.exe
  C:\Windows\System\ilGtkXE.exe
  2⤵
  PID:8968
- C:\Windows\System\wFnizNX.exe
  C:\Windows\System\wFnizNX.exe
  2⤵
  PID:9100
- C:\Windows\System\DxsMuzF.exe
  C:\Windows\System\DxsMuzF.exe
  2⤵
  PID:8436
- C:\Windows\System\yxsEkmm.exe
  C:\Windows\System\yxsEkmm.exe
  2⤵
  PID:8484
- C:\Windows\System\QzyfhUj.exe
  C:\Windows\System\QzyfhUj.exe
  2⤵
  PID:8652
- C:\Windows\System\qGKIfCJ.exe
  C:\Windows\System\qGKIfCJ.exe
  2⤵
  PID:8272
- C:\Windows\System\apTDkiS.exe
  C:\Windows\System\apTDkiS.exe
  2⤵
  PID:8940
- C:\Windows\System\MUzsVWX.exe
  C:\Windows\System\MUzsVWX.exe
  2⤵
  PID:8392
- C:\Windows\System\ZVUkqVw.exe
  C:\Windows\System\ZVUkqVw.exe
  2⤵
  PID:8888
- C:\Windows\System\MvxnhHe.exe
  C:\Windows\System\MvxnhHe.exe
  2⤵
  PID:8664
- C:\Windows\System\hvFEuRz.exe
  C:\Windows\System\hvFEuRz.exe
  2⤵
  PID:8500
- C:\Windows\System\ybTJSsh.exe
  C:\Windows\System\ybTJSsh.exe
  2⤵
  PID:8240
- C:\Windows\System\GMaLnTV.exe
  C:\Windows\System\GMaLnTV.exe
  2⤵
  PID:8728
- C:\Windows\System\EaVDqPO.exe
  C:\Windows\System\EaVDqPO.exe
  2⤵
  PID:9208
- C:\Windows\System\knisjXY.exe
  C:\Windows\System\knisjXY.exe
  2⤵
  PID:9160
- C:\Windows\System\lRvcqyw.exe
  C:\Windows\System\lRvcqyw.exe
  2⤵
  PID:8404
- C:\Windows\System\DjghwWi.exe
  C:\Windows\System\DjghwWi.exe
  2⤵
  PID:8620
- C:\Windows\System\XdOjgej.exe
  C:\Windows\System\XdOjgej.exe
  2⤵
  PID:8340
- C:\Windows\System\Edsucey.exe
  C:\Windows\System\Edsucey.exe
  2⤵
  PID:9228
- C:\Windows\System\JrrDeVQ.exe
  C:\Windows\System\JrrDeVQ.exe
  2⤵
  PID:9244
- C:\Windows\System\YKWMzVP.exe
  C:\Windows\System\YKWMzVP.exe
  2⤵
  PID:9260
- C:\Windows\System\EWUbtFq.exe
  C:\Windows\System\EWUbtFq.exe
  2⤵
  PID:9276
- C:\Windows\System\qSdorsw.exe
  C:\Windows\System\qSdorsw.exe
  2⤵
  PID:9292
- C:\Windows\System\FVLJQNU.exe
  C:\Windows\System\FVLJQNU.exe
  2⤵
  PID:9308
- C:\Windows\System\AVnlmvv.exe
  C:\Windows\System\AVnlmvv.exe
  2⤵
  PID:9324
- C:\Windows\System\GdMFqjO.exe
  C:\Windows\System\GdMFqjO.exe
  2⤵
  PID:9340
- C:\Windows\System\JPuwTew.exe
  C:\Windows\System\JPuwTew.exe
  2⤵
  PID:9356
- C:\Windows\System\QNdVJaq.exe
  C:\Windows\System\QNdVJaq.exe
  2⤵
  PID:9372
- C:\Windows\System\eIBKwSj.exe
  C:\Windows\System\eIBKwSj.exe
  2⤵
  PID:9388
- C:\Windows\System\MdFqIiP.exe
  C:\Windows\System\MdFqIiP.exe
  2⤵
  PID:9404
- C:\Windows\System\tSrPOtx.exe
  C:\Windows\System\tSrPOtx.exe
  2⤵
  PID:9420
- C:\Windows\System\ucDzlqE.exe
  C:\Windows\System\ucDzlqE.exe
  2⤵
  PID:9436
- C:\Windows\System\sUIxnsI.exe
  C:\Windows\System\sUIxnsI.exe
  2⤵
  PID:9452
- C:\Windows\System\YJMNHGk.exe
  C:\Windows\System\YJMNHGk.exe
  2⤵
  PID:9468
- C:\Windows\System\nVYBDpA.exe
  C:\Windows\System\nVYBDpA.exe
  2⤵
  PID:9484
- C:\Windows\System\FaljKzQ.exe
  C:\Windows\System\FaljKzQ.exe
  2⤵
  PID:9500
- C:\Windows\System\jlGPUci.exe
  C:\Windows\System\jlGPUci.exe
  2⤵
  PID:9516
- C:\Windows\System\aNHfdwg.exe
  C:\Windows\System\aNHfdwg.exe
  2⤵
  PID:9532
- C:\Windows\System\lSzoJPi.exe
  C:\Windows\System\lSzoJPi.exe
  2⤵
  PID:9548
- C:\Windows\System\ktFKbfj.exe
  C:\Windows\System\ktFKbfj.exe
  2⤵
  PID:9564
- C:\Windows\System\dQHYrXr.exe
  C:\Windows\System\dQHYrXr.exe
  2⤵
  PID:9580
- C:\Windows\System\AzQlTMG.exe
  C:\Windows\System\AzQlTMG.exe
  2⤵
  PID:9600
- C:\Windows\System\KBsBQaK.exe
  C:\Windows\System\KBsBQaK.exe
  2⤵
  PID:9616
- C:\Windows\System\vZMbdhv.exe
  C:\Windows\System\vZMbdhv.exe
  2⤵
  PID:9632
- C:\Windows\System\nSWJrXp.exe
  C:\Windows\System\nSWJrXp.exe
  2⤵
  PID:9648
- C:\Windows\System\KbcfjBM.exe
  C:\Windows\System\KbcfjBM.exe
  2⤵
  PID:9664
- C:\Windows\System\QUZuMEx.exe
  C:\Windows\System\QUZuMEx.exe
  2⤵
  PID:9680
- C:\Windows\System\UIqLcPz.exe
  C:\Windows\System\UIqLcPz.exe
  2⤵
  PID:9696
- C:\Windows\System\DUyNrmN.exe
  C:\Windows\System\DUyNrmN.exe
  2⤵
  PID:9712
- C:\Windows\System\tFlbbff.exe
  C:\Windows\System\tFlbbff.exe
  2⤵
  PID:9728
- C:\Windows\System\esNokKl.exe
  C:\Windows\System\esNokKl.exe
  2⤵
  PID:9744
- C:\Windows\System\MUsMFGV.exe
  C:\Windows\System\MUsMFGV.exe
  2⤵
  PID:9760
- C:\Windows\System\wNLRwKD.exe
  C:\Windows\System\wNLRwKD.exe
  2⤵
  PID:9776
- C:\Windows\System\MRLskEy.exe
  C:\Windows\System\MRLskEy.exe
  2⤵
  PID:9792
- C:\Windows\System\lpLYCgD.exe
  C:\Windows\System\lpLYCgD.exe
  2⤵
  PID:9808
- C:\Windows\System\VjKynjh.exe
  C:\Windows\System\VjKynjh.exe
  2⤵
  PID:9828
- C:\Windows\System\aAtrihl.exe
  C:\Windows\System\aAtrihl.exe
  2⤵
  PID:9844
- C:\Windows\System\bnJCvac.exe
  C:\Windows\System\bnJCvac.exe
  2⤵
  PID:9860
- C:\Windows\System\WQAqXLJ.exe
  C:\Windows\System\WQAqXLJ.exe
  2⤵
  PID:9876
- C:\Windows\System\zydKWHN.exe
  C:\Windows\System\zydKWHN.exe
  2⤵
  PID:9892
- C:\Windows\System\qCkQfTg.exe
  C:\Windows\System\qCkQfTg.exe
  2⤵
  PID:9908
- C:\Windows\System\rpQUGYr.exe
  C:\Windows\System\rpQUGYr.exe
  2⤵
  PID:9924
- C:\Windows\System\isnVVXj.exe
  C:\Windows\System\isnVVXj.exe
  2⤵
  PID:9940
- C:\Windows\System\FLAGobs.exe
  C:\Windows\System\FLAGobs.exe
  2⤵
  PID:9956
- C:\Windows\System\anoFgOZ.exe
  C:\Windows\System\anoFgOZ.exe
  2⤵
  PID:9972
- C:\Windows\System\kdBgBrV.exe
  C:\Windows\System\kdBgBrV.exe
  2⤵
  PID:9988
- C:\Windows\System\QAaBXFa.exe
  C:\Windows\System\QAaBXFa.exe
  2⤵
  PID:10004
- C:\Windows\System\oTexqok.exe
  C:\Windows\System\oTexqok.exe
  2⤵
  PID:10024
- C:\Windows\System\zMIMacC.exe
  C:\Windows\System\zMIMacC.exe
  2⤵
  PID:10040
- C:\Windows\System\RQmxoLM.exe
  C:\Windows\System\RQmxoLM.exe
  2⤵
  PID:10060
- C:\Windows\System\llCrvEu.exe
  C:\Windows\System\llCrvEu.exe
  2⤵
  PID:10076
- C:\Windows\System\ApHOrOF.exe
  C:\Windows\System\ApHOrOF.exe
  2⤵
  PID:10092
- C:\Windows\System\PSYqBRK.exe
  C:\Windows\System\PSYqBRK.exe
  2⤵
  PID:10108
- C:\Windows\System\iSfCfMB.exe
  C:\Windows\System\iSfCfMB.exe
  2⤵
  PID:10124
- C:\Windows\System\xittDoq.exe
  C:\Windows\System\xittDoq.exe
  2⤵
  PID:10140
- C:\Windows\System\YOOoufv.exe
  C:\Windows\System\YOOoufv.exe
  2⤵
  PID:10156
- C:\Windows\System\VAWCZjO.exe
  C:\Windows\System\VAWCZjO.exe
  2⤵
  PID:10172
- C:\Windows\System\ePoGjKf.exe
  C:\Windows\System\ePoGjKf.exe
  2⤵
  PID:10188
- C:\Windows\System\cHYaDUl.exe
  C:\Windows\System\cHYaDUl.exe
  2⤵
  PID:10204
- C:\Windows\System\YnnHlgG.exe
  C:\Windows\System\YnnHlgG.exe
  2⤵
  PID:10220
- C:\Windows\System\ZcQcIoz.exe
  C:\Windows\System\ZcQcIoz.exe
  2⤵
  PID:10236
- C:\Windows\System\ZLjjmnM.exe
  C:\Windows\System\ZLjjmnM.exe
  2⤵
  PID:9224
- C:\Windows\System\PXAiVUw.exe
  C:\Windows\System\PXAiVUw.exe
  2⤵
  PID:9288
- C:\Windows\System\HthKHsF.exe
  C:\Windows\System\HthKHsF.exe
  2⤵
  PID:9268
- C:\Windows\System\zDIAiCZ.exe
  C:\Windows\System\zDIAiCZ.exe
  2⤵
  PID:9316
- C:\Windows\System\UyiHtCB.exe
  C:\Windows\System\UyiHtCB.exe
  2⤵
  PID:9304
- C:\Windows\System\gFQzPBt.exe
  C:\Windows\System\gFQzPBt.exe
  2⤵
  PID:9332
- C:\Windows\System\XKVCahL.exe
  C:\Windows\System\XKVCahL.exe
  2⤵
  PID:9400
- C:\Windows\System\XEUJtiB.exe
  C:\Windows\System\XEUJtiB.exe
  2⤵
  PID:9416
- C:\Windows\System\CCQCIvC.exe
  C:\Windows\System\CCQCIvC.exe
  2⤵
  PID:9480
- C:\Windows\System\PWtAhql.exe
  C:\Windows\System\PWtAhql.exe
  2⤵
  PID:9544
- C:\Windows\System\kgyEEnh.exe
  C:\Windows\System\kgyEEnh.exe
  2⤵
  PID:9524
- C:\Windows\System\IXlDXuW.exe
  C:\Windows\System\IXlDXuW.exe
  2⤵
  PID:9528
- C:\Windows\System\mzaDXdK.exe
  C:\Windows\System\mzaDXdK.exe
  2⤵
  PID:9596
- C:\Windows\System\EiVIVPh.exe
  C:\Windows\System\EiVIVPh.exe
  2⤵
  PID:9640
- C:\Windows\System\UTVWNhT.exe
  C:\Windows\System\UTVWNhT.exe
  2⤵
  PID:9752
- C:\Windows\System\mvLFJsg.exe
  C:\Windows\System\mvLFJsg.exe
  2⤵
  PID:9672
- C:\Windows\System\XdqFNoV.exe
  C:\Windows\System\XdqFNoV.exe
  2⤵
  PID:9824
- C:\Windows\System\ikwKzJv.exe
  C:\Windows\System\ikwKzJv.exe
  2⤵
  PID:10132
- C:\Windows\System\CKOIsgJ.exe
  C:\Windows\System\CKOIsgJ.exe
  2⤵
  PID:9256
- C:\Windows\System\YoLxYzJ.exe
  C:\Windows\System\YoLxYzJ.exe
  2⤵
  PID:9352
- C:\Windows\System\uDNHcah.exe
  C:\Windows\System\uDNHcah.exe
  2⤵
  PID:9540
- C:\Windows\System\MyHLRWH.exe
  C:\Windows\System\MyHLRWH.exe
  2⤵
  PID:9368
- C:\Windows\System\dTuPKJU.exe
  C:\Windows\System\dTuPKJU.exe
  2⤵
  PID:9476
- C:\Windows\System\iHXTLHa.exe
  C:\Windows\System\iHXTLHa.exe
  2⤵
  PID:9588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BjBUdCW.exe

Filesize
6.0MB

MD5
4644d8c331d4474aa73b946aa8d63d43

SHA1
8b439e52f65dc787120e5e20ace74343c3c0f23e

SHA256
dc094fdfdc6c1b16fe22da2e29ed663dc843c9ee48d84cc0a3a4213f761f9606

SHA512
e5894899e766e060f4d2419492dddac08f3de6611b854d6a460f42528bec85d45baa9f9d418926e5c3a6bcec07c5d62df1cdeb5d77217bd3e8ed00e8099b178a

Download Submit
C:\Windows\system\DidCNRj.exe

Filesize
6.0MB

MD5
6735da24466d44816d2eedbc30a793bb

SHA1
a7ae7903d20b2c3423b9e3dcf5e55d20fb9daf71

SHA256
db53f8fe91cd18b947fdb3e8af3dcd7580849164d4697fff36f22551121cb45f

SHA512
4f63d04f8275c2c73a7990a7dbcf8fd0845cfa095c29f53dd2ae7c160c34c5c8589981a8c8058e5d441fd4a70a7bfe166db281879646c7114111e36b226988d3

Download Submit
C:\Windows\system\GodqSrS.exe

Filesize
6.0MB

MD5
a27bcb3b624adfdfd849dc16f46c057c

SHA1
c116c2b299f1b940bcc77114f5bd559d461ab482

SHA256
c06e0cf25777a437350389c5eb804bb144815e585c127c4219a30af5f1312578

SHA512
805eeff20ca4222e30b2265a41950cb729005e3f83ce3f1be50f72c2137be393c4a801ef84d5341de2e95e221f13b29c01658b80e4b5df68950640de7953b5e6

Download Submit
C:\Windows\system\KSltgJg.exe

Filesize
6.0MB

MD5
f66fbe6a1df3cac0309285d67b129403

SHA1
5e8a83de3f1459a53b2317739f7fc7877f110c9b

SHA256
323ce623cdd24f686eecec0199bba5eda4afb911adbb53f4050d1bf7881448f1

SHA512
be62fa6f5a11c0d684170335d1d7f568a7aaa502d58656f6ec3bc96d2ea4bdaad6d0596846603f4fe155c9c3c98ecdfdb30ac4fd31073be4d8a30ab61521e641

Download Submit
C:\Windows\system\LVDZMKK.exe

Filesize
6.0MB

MD5
6b0f050bec9b755e24952b40194b9891

SHA1
9f77a216f25c99116de524b1654255398a27ae2c

SHA256
89e031fe664e51ec50db718029d625c3bf680af70af946c30c66e96de360304d

SHA512
32689212031f9369ff0872cc6f73e60625bfa72fec80ad426087cd7fc7cf7adabad7b028a9be0f155399117e91e82b31e822b1ceb883e093d6d7082f04d571d0

Download Submit
C:\Windows\system\MLIGjlI.exe

Filesize
6.0MB

MD5
8d65374d725cafcb19094ef974e319f7

SHA1
fcbe887152f4da37b50595d634b5d8ede299fc37

SHA256
e565cfe3a8d3feafd36cad1a3245876715ebcb896d65237a2ef640e625b834e5

SHA512
367ef46364c977da3fc3ad81fdac58e9348c3b8a94a0346f10310321c0d526993e668ff7ad1e3d50ef2120d45da3681c7325438df43851509dc48817791bf94a

Download Submit
C:\Windows\system\MfbNant.exe

Filesize
6.0MB

MD5
8e87018fae552e5ee86c5c6add0a0db2

SHA1
3f9627901a59b408c0ea79646aecd588178fdeb2

SHA256
50a87b11c68ce9478301bc5c20175ef3cc885bfb94aca6472b7cdbb2b23a8c7e

SHA512
f1ecd0cd70792ff350021826f281c6f45e32e479128a58378c3c0be3b794acabfc6408d3695d5f6557bfe8e1f94629cecd5739dcbcb946791f4425d23c07848d

Download Submit
C:\Windows\system\OcvAmyJ.exe

Filesize
6.0MB

MD5
278e8d420754f95225a483c497a5227d

SHA1
ec8cd08d825162a507a9bb00326882cc8029503c

SHA256
22e213b970efe88968a3c6decdb388477d1ea8900071c7de1d45d5bb8164890a

SHA512
7be5d82856a7081bf49cdfb31ee86f2fe9aa31736966e59eda853672b9976387deb014d5411d9df53690dd9c608c896ec72162f544a72f58d8211e5f0fbb0ff5

Download Submit
C:\Windows\system\PeaypsI.exe

Filesize
6.0MB

MD5
bab0a580cfad28ee0a487b9975ddf8fe

SHA1
2d90f82d370ace9a559c27caac091d94d2d8fd6a

SHA256
cf24abca32583c4f0d37e5b176f7a4b436908b48b944a62151ae37ea0a1f199a

SHA512
fea75eaa04a05fb8c3bf69a2f6d1e5dd5206693711efcb650cd912fb706a0d50f07c7f90d1bd8ccd5eea0a60fb3e609beb57bf30720c3fb5e65e245573540f97

Download Submit
C:\Windows\system\PquICTE.exe

Filesize
6.0MB

MD5
ad119cd3396a23a1243360988c45e1d7

SHA1
251a263157f4d2fa2d5e4a40fdd681e853d888d1

SHA256
d909f7b6d3bffb0d62e4be3fb1c931227e9a8eaeb9d86952aa23296963ccfec2

SHA512
a16bc3838d39f261ac124830aca04d87858d4471c75e31d5de64e8e72ce43360b6ee98f19a4ba9459a460c3326fa446db4c57baa722cc8b3876ebcb4a0abb51d

Download Submit
C:\Windows\system\UxBtAqV.exe

Filesize
6.0MB

MD5
2ba3a4bbb0c8f33d977f639569141ceb

SHA1
5054beced5a9d3838f8da2a8c6e159674a2e3b8a

SHA256
7fb6dd31464a77a144dc004f84a2bdd6e3b50f8ccef5f04ef5233acc71ac6468

SHA512
a549459ee214b1438aff6c9583749cd3c975bf9cf24a698057e5e130fc4e1b75ccd1d87ac23a5194fb82e8633795a837ba6f16f799030ebdfd9bf837dfd4949d

Download Submit
C:\Windows\system\VimKToJ.exe

Filesize
6.0MB

MD5
9e54de4887a10e3a3cef0b950e0fb600

SHA1
5ec17567e959a029e1e96f63fcdaa0a76a199096

SHA256
1c63f19f2d70542d409abc070a5e1b9e49f2f27287058bad40162542b331ad83

SHA512
6e1765de3ad6d58ac4a71a7e27b013314f702fe9f73c59cc04f2101f1144012b240286b0d74c246f181937ee9d6f517f21fe577d2b349b837e4476b12c502efb

Download Submit
C:\Windows\system\WvwnJYc.exe

Filesize
6.0MB

MD5
0dbe2be73936be58d25eeb4d1e768c51

SHA1
448bd670bc236f2eea2fbe20a54e16a67e36302c

SHA256
09be5445e1531a83b1a782649c0493f6101a9a1d50ced73d36798f958f482362

SHA512
c365d46ac055afe239a7471f84c30783d168386fd4947a3d8f188d8aeea6cd1ca2933bd344680ed92a1245f76236fec1c455bc596be8ca4ff032c4b07869faae

Download Submit
C:\Windows\system\XnzpCZj.exe

Filesize
6.0MB

MD5
8177b1870c7f02ebad9d1fffcf937b03

SHA1
4f74cb0426d44d42be3bc9f82e94813c33544e5e

SHA256
25ef3d765bee2c3df954dffdf3905fceca3a16b7e42cfac73717243d7021f261

SHA512
f8628c7c71bb40c5d35fffa5c2020144693d9860d437f1d524109b181dbdf500f4ac1fc6d6c48017f8f8e8f6f818bd6aea70294edd90cdd4af96207e52927deb

Download Submit
C:\Windows\system\YZlexnt.exe

Filesize
6.0MB

MD5
0100291ee00912f4bf4e886d6942c924

SHA1
a19c97ce3c57d5b22965eb04db58c8736054f91f

SHA256
89fba6b85bb25dc5f08d5d51ce9263a7663f6638f6cae272a348b49661b792d0

SHA512
800f964d64724540bf0276557421bf0df99daa011aa5fdaa031666a778123a33fe1bdcc84b017145cf9b11c2409ed2cd5cc71af1f2174b4598f856adfbc724f8

Download Submit
C:\Windows\system\bSaooWS.exe

Filesize
6.0MB

MD5
c4293f217a7442d8e114ffbe39987703

SHA1
bf8bf04ac6d76ea981c5596658728dab9e1c778e

SHA256
463481d95556679d1c3bd9dd8dd469884a48f54e7a7f1b38517cd7f0f46d636e

SHA512
60589965417ee9284b10e0fd1ec29c0d8ad909f502e640c721033366b2d9d8469a6b12a7d104712d2c3bb8faebbfa0e9ee997b5ca5f6aeb062ac3e0a072aa906

Download Submit
C:\Windows\system\eRBgfKL.exe

Filesize
6.0MB

MD5
c7c2905158e722c929c6dc985426bf0b

SHA1
a7cefb3923f07dc9cc5877f383cc5651e6ea9c19

SHA256
5d6a12b5c3e8a79b4aeb74aeeee359c3008f251add1c8e2fde1650e6f3eb14b3

SHA512
44e55029de6b2d63c0d8913a5cb5e288274b6625e6cc7fba7a49260784355d49e2e730dc165831c6c11808896add857987310e5dca727ee9307f3e5646940015

Download Submit
C:\Windows\system\eiAIzIC.exe

Filesize
6.0MB

MD5
fa6cd6523efe1f9e618af67cd617afdd

SHA1
c241229bb69923fb3a27b0ba8785f2fb465afe3c

SHA256
a67fdce37d109f614103bc4bdf8bb32e53fbbbf0292465aef2b4bba70c51b68e

SHA512
ba0750c4c752df8e7c74639b80fbc2e640f1d9df834ff26c61ad4b94f901ab9e79c425e5096426ad62133456950be9998ec5ea3ad2c73ebf2c56dec6675ab5c9

Download Submit
C:\Windows\system\iVcZYVa.exe

Filesize
6.0MB

MD5
bb36b78e3710646e49cf386006093acf

SHA1
2f70687b62415bc5cafffcb657fd310631ed763c

SHA256
c345728afa80c8d5b1606783659cd08c2b299c317fef4677538c617fa7e315dc

SHA512
e19f990a68a08cb5e938c0eeccc017eb86baf970ca820252dd59854e6913a435f6552a57cbc35492ff81162eb31b4f472475db2ab21bc00b8ab7f8f45009df3c

Download Submit
C:\Windows\system\lYSjGLc.exe

Filesize
6.0MB

MD5
85df62e98cdd2fd1939ae87b063b9420

SHA1
1220b7b6eb67c11e8e15abf37c7b961c5766bfad

SHA256
e8ae0f93448342cf5f69108e7aca84cc39d178fc5e31b02cfcf2e479413cfbb0

SHA512
a9c0c17c75d00fbdf2fd8a31153cf1010c54205f944cbbe815e7b5f87c9fd3ef97e8d0cb3f74dc6765cf8dea9d16cd6b43c2a49d407d4acb7a65531e69384241

Download Submit
C:\Windows\system\mWPCRMu.exe

Filesize
6.0MB

MD5
76ec3d5587c6c1b125dd01f82109825a

SHA1
efc3f90a1fc9e63face7608feb236ebd0c573c00

SHA256
3d1a742b8f506fe095c6011b80f5725d917a5da4b65c596d6a8e9b0da3107dea

SHA512
e12059d6a347a8f65d48b76e88da564471c91b46b3450feaa7c5bc9c0a7828a0b593ea1909121dd704f916d142cf2655326c9d6b7b5502e07cb93c431e8ad3a4

Download Submit
C:\Windows\system\qJjlMWw.exe

Filesize
6.0MB

MD5
a60c73bdff7655db3eb699e0d76b2527

SHA1
37e40615028844ecfe2d6808ed6d1b945e499bb2

SHA256
ac9bcc69cd3f275745526131b307f5dc9721ee9d4d3fde95b3e00977ac5e0d20

SHA512
30ae1172ff1e23b6257de7b8ca880748f9862bea447877aa783970ef1ca54b3750064a6e6b5879d32de52a8ab10c2609f004702abceeeb3242ad988614a6de25

Download Submit
C:\Windows\system\rfUXudG.exe

Filesize
6.0MB

MD5
2ecd1aef5fabeb0b22d970cf66b98ff3

SHA1
e4ebddc1110a207efadbe27a65b763b8020cfc1e

SHA256
16cfac5f29c3e10fc35ca10b4d8d6244874f100ec148b472895bc03db6c369a0

SHA512
42824baa5459bf1ef63298f0a709430ee5f0eccb1638c325d36876fdbfc4cd27f2b4f7a1fd974a268c45bb8a2cadc686a9c5adea61e7319c110970bcc437a6a0

Download Submit
C:\Windows\system\sgKBOlq.exe

Filesize
6.0MB

MD5
25fd3fc7721c48b730a39bc915068e3e

SHA1
f2e79d9ee306231a2dd9cf7a0792cc4398717d14

SHA256
4076f43caa6ed751928ecaabe55b3abea184b896199fe69a553bc58e6ebf1312

SHA512
db9cc61c455a12c228994e0bee5cbd1e7819f5637cd0071dd668ba5a024b828ffd3df7c4b701913d49e912f7ce94bc7947f60ccc156eb46bbf3c21c3074dd730

Download Submit
C:\Windows\system\veSVANn.exe

Filesize
6.0MB

MD5
becbe8813605d4712eea05cb85553dc2

SHA1
193eef4893c2c44c2874da967c870801524398af

SHA256
ded661b3ea247baf5123792e0157c25c3bc19f5a873b9826332a35c07cf00680

SHA512
08d740a198562b9c9f774afd68b0597463079354fe3a25170c9d3955803b8f7aeca1227127b031b92979af37c2e87efc1c7efaeef85cc516a849737a3574a5a5

Download Submit
C:\Windows\system\zXSIadW.exe

Filesize
6.0MB

MD5
7085e3621c8098dc613cdda265d23e92

SHA1
a3a3d1e3b7ec74f8fec1cd9876da64e1f26d6f93

SHA256
b30af088ec3ed2049e6113d5b08c1577174fc6d081b6eb91c856a37b2bb63176

SHA512
62918384c1d10a19f76c06140397f269322e3902f11448e80eb5a218de5d26efa6636856bb5743c748eb4f5797762694b566b863f101bed6e92b9953ab5598e1

Download Submit
\Windows\system\AirXVOd.exe

Filesize
6.0MB

MD5
63526bd63e9e60700cd3cafbc74a3ca0

SHA1
77270e623da20a9e29fe961d74b24cef6e4a1e21

SHA256
78b6793934b7e1875a41d3fe6f7068166460a8b9515a1b296cb074728652cd3c

SHA512
0b5ea921b079a77a7959a91c9c3fc08dfc437e4f0466a14127179737c94eb5a3285ac203016f54306debd3fb0387b2b7e5803d7883a326ccf3eca299663edcc4

Download Submit
\Windows\system\ArwUzgf.exe

Filesize
6.0MB

MD5
81ef44c6d7d3d644f76df9c9065c9f41

SHA1
61db1c77157ba073546193ad3272430961c62bc5

SHA256
bf2b1169ba00056de1664487905ae2a3dbcff0763780304111323ae40a1b5217

SHA512
1d20a674b694b542944a040ade6651ccb717c41c2320a2d81b87828f5017d01d89bc93c2dd907c9c4c16792cc9afa23d47c3c74fb5ddadfba403e73b23581e3b

Download Submit
\Windows\system\LDhMbtY.exe

Filesize
6.0MB

MD5
a0f70a735d7ada4c373f209f42be6b09

SHA1
d194b019e68f597d92f0cc050e51a679817bc8ca

SHA256
add7fe0aca9a5c59e8ccf031e87fdb5c123590776c999b9fa5dc61a1062d9cb2

SHA512
0952d0f580d5b9b709ef3bd4bf6560ec9d1ec9e8a3434c9525f70cd872f925f847fa507243e8f9de6c192c1229f26d7038ec8abc6d438f00e9c04a2fa1b5806f

Download Submit
\Windows\system\RxwUWwl.exe

Filesize
6.0MB

MD5
87dbf5742fbcfdb6cb920f6e8f694e2e

SHA1
e14c75ebdb12ac67c55dce8934f5c887d2214813

SHA256
e3fe2de4d93ff4577bd10133fc835036b824f0d71bb6393dda772552ecd292cd

SHA512
4e68fd0dc657e8f2df57d1b0e27133f4aff1405b672ffc5c288398af8cb3fc256b487581a1801d3e69558a4888cbaef888316997ba2b4ad937ff893f186cb135

Download Submit
\Windows\system\TIqXUya.exe

Filesize
6.0MB

MD5
5254905a5bd4bd42214830745d855a6d

SHA1
bca4a7b106edb5ac7ff402d8f0aa9e5dc3dbff90

SHA256
f210b02f1dfe9f001130527c1bdbb49c7cf4c27905d60509a7551680497e8c04

SHA512
6b6d17508630ed0c8d16915346368cfe1b0b06e94243b4e518f60d2b0f88068fedf7c7e9fbd349cc1aadf7e593819884ed4c1f20e2997542157969bffb560e8c

Download Submit
\Windows\system\uNoGBUE.exe

Filesize
6.0MB

MD5
551ce6581b05b83aa7baaa799a90b40f

SHA1
b44280965837c80791ae9626a8a96ee7281ce5de

SHA256
13e3e5dc2dacee2f485ea3cbc656077b05f2ac364b4bcdb8ea994afb4e7c65f9

SHA512
410b5545778e09ddaadcc8f6f479e6403d52aa7edd625778fcc73e045b074bae843a4da0f7d287bbe2e6dcad9b72a50d43a5ea963115a43cc11fb55fbf6c1ba8

Download Submit
memory/1032-74-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/1032-3575-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-75-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1868-655-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1868-771-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-77-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1868-98-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/1868-79-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1868-95-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1868-977-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/1868-891-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1868-93-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-81-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1868-91-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1868-0-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1868-89-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1868-68-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1868-87-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1868-106-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/1868-85-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1868-892-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1868-83-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-72-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-3572-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2068-99-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2068-976-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2560-94-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3578-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-90-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3574-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3565-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-96-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-92-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3570-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-97-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3563-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3566-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2708-76-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3577-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-86-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3567-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-80-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3573-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-78-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-84-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3564-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3576-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-82-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-3568-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2964-88-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download