cobaltstrike | 3517145970653bba2dc7f0a20df52adcf0ddc02577565b554825fe26e581e278

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
21/01/2025, 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

00c90883d3314137143051de16811a10
SHA1

4e38b4ce54737f45fb15946c29a9a166c192e6c6
SHA256

3517145970653bba2dc7f0a20df52adcf0ddc02577565b554825fe26e581e278
SHA512

2776a029a9f7d7f22a350d226c92c8bab256b96b10ede558431b2c7521906a3d45a6000426e1e483a5691757d7b4e0a192ab3ac42fdc3723fa5b0f3befc9ae73
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUh:T+q56utgpPF8u/7h

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001226d-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018bf3-11.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019223-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019230-27.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-192.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-77.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194c4-54.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-62.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001926b-37.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001930d-46.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019246-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2264-0-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x000c00000001226d-3.dat	xmrig
behavioral1/files/0x0009000000018bf3-11.dat	xmrig
behavioral1/files/0x0006000000019223-15.dat	xmrig
behavioral1/memory/2532-23-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2736-36-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x0007000000019230-27.dat	xmrig
behavioral1/memory/2264-51-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2204-66-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c3e-69.dat	xmrig
behavioral1/files/0x0005000000019cba-84.dat	xmrig
behavioral1/files/0x000500000001a41d-160.dat	xmrig
behavioral1/files/0x000500000001a49a-192.dat	xmrig
behavioral1/memory/2264-1450-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a48d-181.dat	xmrig
behavioral1/files/0x000500000001a499-186.dat	xmrig
behavioral1/files/0x000500000001a46f-171.dat	xmrig
behavioral1/files/0x000500000001a48b-175.dat	xmrig
behavioral1/files/0x000500000001a42d-166.dat	xmrig
behavioral1/files/0x000500000001a427-162.dat	xmrig
behavioral1/files/0x000500000001a359-158.dat	xmrig
behavioral1/files/0x000500000001a09e-148.dat	xmrig
behavioral1/files/0x000500000001a075-146.dat	xmrig
behavioral1/files/0x0005000000019f8a-136.dat	xmrig
behavioral1/files/0x0005000000019d8e-133.dat	xmrig
behavioral1/files/0x0005000000019dbf-106.dat	xmrig
behavioral1/memory/2060-98-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41e-151.dat	xmrig
behavioral1/files/0x000500000001a41b-139.dat	xmrig
behavioral1/files/0x000500000001a307-129.dat	xmrig
behavioral1/files/0x000500000001a07e-120.dat	xmrig
behavioral1/files/0x0005000000019f94-118.dat	xmrig
behavioral1/memory/2192-110-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/3028-93-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2264-92-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/files/0x0005000000019cca-90.dat	xmrig
behavioral1/memory/2624-81-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c57-77.dat	xmrig
behavioral1/memory/1692-74-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2736-72-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2912-65-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2192-56-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x00070000000194c4-54.dat	xmrig
behavioral1/files/0x0005000000019c3c-62.dat	xmrig
behavioral1/memory/2712-50-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x000600000001926b-37.dat	xmrig
behavioral1/memory/2948-49-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x000600000001930d-46.dat	xmrig
behavioral1/files/0x0006000000019246-33.dat	xmrig
behavioral1/memory/2204-32-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2544-22-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/548-20-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2264-17-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2544-3839-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2948-3976-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2532-3984-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2736-3982-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2912-3981-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2060-3980-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/1692-4020-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2712-4019-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/3028-4018-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/548-4017-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2624-3979-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2532	LmpXEBd.exe
548	CuAOSTX.exe
2544	JRsLSJR.exe
2204	yKrbfEu.exe
2736	LvYwBtV.exe
2948	qBbGgTg.exe
2712	xmcMnnj.exe
2192	aqAINEF.exe
2912	nnEGyQr.exe
1692	zJaVNol.exe
2624	hjhBHGS.exe
3028	SpqzYcD.exe
2060	VhfoadU.exe
1072	XRsBEtE.exe
1344	BMDAnCa.exe
2228	ZiFBMeX.exe
1528	NufndJZ.exe
1892	kSmzfBS.exe
1652	FqHjpRo.exe
1920	TRlOYve.exe
2112	enqFeAr.exe
780	moeIfpn.exe
2708	KblLbkv.exe
1496	ZohaGoj.exe
1676	LZrTHUD.exe
2308	opvIJdJ.exe
2928	GoohjXK.exe
1064	AmDjuNH.exe
1656	wPmnBWC.exe
2428	XSHFDsW.exe
2376	azmjlkN.exe
1748	kRqoZEk.exe
1028	UfLlYPb.exe
576	KrxWuNz.exe
1444	yaEBliI.exe
920	KgPiEEK.exe
2992	BYbXUus.exe
2988	mSPKHAC.exe
3008	teKmWoY.exe
2108	tdaroUi.exe
1996	BRDOqFv.exe
1564	GTXKoIk.exe
2236	ZHDwynu.exe
380	SSbslfE.exe
1388	SrHuBrO.exe
2796	swIgInY.exe
2716	OVgMhrV.exe
2636	YyRHhjH.exe
2608	LxKCnMR.exe
1488	ihjJKGu.exe
1100	PlOfPHl.exe
644	qUsHfZl.exe
1728	PDVQFLI.exe
448	gUfUjew.exe
2968	MDwmknK.exe
3056	fxmgWSD.exe
1912	VXJmMZT.exe
2480	MfrnBJv.exe
2176	PwBNecn.exe
3052	fnggTHQ.exe
3016	vpcoyak.exe
1204	rswlsim.exe
2012	ITNBRju.exe
2248	uymokNS.exe

Loads dropped DLL 64 IoCs

pid	Process
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2264-0-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x000c00000001226d-3.dat	upx
behavioral1/files/0x0009000000018bf3-11.dat	upx
behavioral1/files/0x0006000000019223-15.dat	upx
behavioral1/memory/2532-23-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2736-36-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x0007000000019230-27.dat	upx
behavioral1/memory/2264-51-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2204-66-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x0005000000019c3e-69.dat	upx
behavioral1/files/0x0005000000019cba-84.dat	upx
behavioral1/files/0x000500000001a41d-160.dat	upx
behavioral1/files/0x000500000001a49a-192.dat	upx
behavioral1/files/0x000500000001a48d-181.dat	upx
behavioral1/files/0x000500000001a499-186.dat	upx
behavioral1/files/0x000500000001a46f-171.dat	upx
behavioral1/files/0x000500000001a48b-175.dat	upx
behavioral1/files/0x000500000001a42d-166.dat	upx
behavioral1/files/0x000500000001a427-162.dat	upx
behavioral1/files/0x000500000001a359-158.dat	upx
behavioral1/files/0x000500000001a09e-148.dat	upx
behavioral1/files/0x000500000001a075-146.dat	upx
behavioral1/files/0x0005000000019f8a-136.dat	upx
behavioral1/files/0x0005000000019d8e-133.dat	upx
behavioral1/files/0x0005000000019dbf-106.dat	upx
behavioral1/memory/2060-98-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x000500000001a41e-151.dat	upx
behavioral1/files/0x000500000001a41b-139.dat	upx
behavioral1/files/0x000500000001a307-129.dat	upx
behavioral1/files/0x000500000001a07e-120.dat	upx
behavioral1/files/0x0005000000019f94-118.dat	upx
behavioral1/memory/2192-110-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/3028-93-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x0005000000019cca-90.dat	upx
behavioral1/memory/2624-81-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x0005000000019c57-77.dat	upx
behavioral1/memory/1692-74-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2736-72-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2912-65-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2192-56-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x00070000000194c4-54.dat	upx
behavioral1/files/0x0005000000019c3c-62.dat	upx
behavioral1/memory/2712-50-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x000600000001926b-37.dat	upx
behavioral1/memory/2948-49-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x000600000001930d-46.dat	upx
behavioral1/files/0x0006000000019246-33.dat	upx
behavioral1/memory/2204-32-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2544-22-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/548-20-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2544-3839-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2948-3976-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2532-3984-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2736-3982-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2912-3981-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2060-3980-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/1692-4020-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2712-4019-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/3028-4018-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/548-4017-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2624-3979-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\lJWgKJF.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQGDCae.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owoYmlK.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbzxXaZ.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GoeNxsG.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IMuppww.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YigkeIn.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wUGJold.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOVFLfr.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kRqoZEk.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jDUprbj.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mMJgBPn.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OrbEniB.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KWAIAue.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rTNFBEo.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCumXgU.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LvYwBtV.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LSRzPXW.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VwaQzdH.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OTxJGCE.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HkxBoAM.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sKXqOEG.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dUDAIZh.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHHbiaD.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ifVzZau.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ixSuJyl.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WERvFKd.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdfzJVu.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tWYoXox.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bsAqDzV.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YjzEylz.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SAQpjAc.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\reEJlIm.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rwMBxBM.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yVUyqmu.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Gpzcxic.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZddPaMk.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cnbLLpf.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhzsQXG.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpeVIiW.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nGPwxvo.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWNEaVE.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OAkKGdY.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXcFoeV.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QxPYoZu.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DYMWZHv.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CuadVfQ.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYmYzJm.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wNZXmHR.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UbsoZEd.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwACxCA.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TwzyWux.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mLyGzka.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHNwSYE.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jcatjRJ.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tyGxZnm.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWPdPym.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vAdRtyC.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lTLvesw.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBnPoor.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SiUUzZx.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ylCaKcB.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YZVlEaT.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZqsYxU.exe	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 2532	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2264 wrote to memory of 2532	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2264 wrote to memory of 2532	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2264 wrote to memory of 548	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2264 wrote to memory of 548	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2264 wrote to memory of 548	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2264 wrote to memory of 2544	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2264 wrote to memory of 2544	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2264 wrote to memory of 2544	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2264 wrote to memory of 2204	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2264 wrote to memory of 2204	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2264 wrote to memory of 2204	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2264 wrote to memory of 2736	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2264 wrote to memory of 2736	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2264 wrote to memory of 2736	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2264 wrote to memory of 2712	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2264 wrote to memory of 2712	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2264 wrote to memory of 2712	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2264 wrote to memory of 2948	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2264 wrote to memory of 2948	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2264 wrote to memory of 2948	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2264 wrote to memory of 2192	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2264 wrote to memory of 2192	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2264 wrote to memory of 2192	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2264 wrote to memory of 2912	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2264 wrote to memory of 2912	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2264 wrote to memory of 2912	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2264 wrote to memory of 1692	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2264 wrote to memory of 1692	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2264 wrote to memory of 1692	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2264 wrote to memory of 2624	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2264 wrote to memory of 2624	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2264 wrote to memory of 2624	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2264 wrote to memory of 3028	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2264 wrote to memory of 3028	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2264 wrote to memory of 3028	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2264 wrote to memory of 2060	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2264 wrote to memory of 2060	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2264 wrote to memory of 2060	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2264 wrote to memory of 1892	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2264 wrote to memory of 1892	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2264 wrote to memory of 1892	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2264 wrote to memory of 1072	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2264 wrote to memory of 1072	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2264 wrote to memory of 1072	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2264 wrote to memory of 1652	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2264 wrote to memory of 1652	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2264 wrote to memory of 1652	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2264 wrote to memory of 1344	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2264 wrote to memory of 1344	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2264 wrote to memory of 1344	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2264 wrote to memory of 2112	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2264 wrote to memory of 2112	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2264 wrote to memory of 2112	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2264 wrote to memory of 2228	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2264 wrote to memory of 2228	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2264 wrote to memory of 2228	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2264 wrote to memory of 780	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2264 wrote to memory of 780	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2264 wrote to memory of 780	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2264 wrote to memory of 1528	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2264 wrote to memory of 1528	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2264 wrote to memory of 1528	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2264 wrote to memory of 1496	2264	2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_00c90883d3314137143051de16811a10_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\System\LmpXEBd.exe
  C:\Windows\System\LmpXEBd.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\CuAOSTX.exe
  C:\Windows\System\CuAOSTX.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\JRsLSJR.exe
  C:\Windows\System\JRsLSJR.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\yKrbfEu.exe
  C:\Windows\System\yKrbfEu.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\LvYwBtV.exe
  C:\Windows\System\LvYwBtV.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\xmcMnnj.exe
  C:\Windows\System\xmcMnnj.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\qBbGgTg.exe
  C:\Windows\System\qBbGgTg.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\aqAINEF.exe
  C:\Windows\System\aqAINEF.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\nnEGyQr.exe
  C:\Windows\System\nnEGyQr.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\zJaVNol.exe
  C:\Windows\System\zJaVNol.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\hjhBHGS.exe
  C:\Windows\System\hjhBHGS.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\SpqzYcD.exe
  C:\Windows\System\SpqzYcD.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\VhfoadU.exe
  C:\Windows\System\VhfoadU.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\kSmzfBS.exe
  C:\Windows\System\kSmzfBS.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\XRsBEtE.exe
  C:\Windows\System\XRsBEtE.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\FqHjpRo.exe
  C:\Windows\System\FqHjpRo.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\BMDAnCa.exe
  C:\Windows\System\BMDAnCa.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\enqFeAr.exe
  C:\Windows\System\enqFeAr.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\ZiFBMeX.exe
  C:\Windows\System\ZiFBMeX.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\moeIfpn.exe
  C:\Windows\System\moeIfpn.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\NufndJZ.exe
  C:\Windows\System\NufndJZ.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\ZohaGoj.exe
  C:\Windows\System\ZohaGoj.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\TRlOYve.exe
  C:\Windows\System\TRlOYve.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\LZrTHUD.exe
  C:\Windows\System\LZrTHUD.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\KblLbkv.exe
  C:\Windows\System\KblLbkv.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\opvIJdJ.exe
  C:\Windows\System\opvIJdJ.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\GoohjXK.exe
  C:\Windows\System\GoohjXK.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\AmDjuNH.exe
  C:\Windows\System\AmDjuNH.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\wPmnBWC.exe
  C:\Windows\System\wPmnBWC.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\XSHFDsW.exe
  C:\Windows\System\XSHFDsW.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\azmjlkN.exe
  C:\Windows\System\azmjlkN.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\kRqoZEk.exe
  C:\Windows\System\kRqoZEk.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\UfLlYPb.exe
  C:\Windows\System\UfLlYPb.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\KrxWuNz.exe
  C:\Windows\System\KrxWuNz.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\yaEBliI.exe
  C:\Windows\System\yaEBliI.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\GTXKoIk.exe
  C:\Windows\System\GTXKoIk.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\KgPiEEK.exe
  C:\Windows\System\KgPiEEK.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\MfrnBJv.exe
  C:\Windows\System\MfrnBJv.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\BYbXUus.exe
  C:\Windows\System\BYbXUus.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\fnggTHQ.exe
  C:\Windows\System\fnggTHQ.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\mSPKHAC.exe
  C:\Windows\System\mSPKHAC.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\vpcoyak.exe
  C:\Windows\System\vpcoyak.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\teKmWoY.exe
  C:\Windows\System\teKmWoY.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\rswlsim.exe
  C:\Windows\System\rswlsim.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\tdaroUi.exe
  C:\Windows\System\tdaroUi.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\ITNBRju.exe
  C:\Windows\System\ITNBRju.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\BRDOqFv.exe
  C:\Windows\System\BRDOqFv.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\uymokNS.exe
  C:\Windows\System\uymokNS.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\ZHDwynu.exe
  C:\Windows\System\ZHDwynu.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\ZKcRuQM.exe
  C:\Windows\System\ZKcRuQM.exe
  2⤵
  PID:2424
- C:\Windows\System\SSbslfE.exe
  C:\Windows\System\SSbslfE.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\CYydIMA.exe
  C:\Windows\System\CYydIMA.exe
  2⤵
  PID:1708
- C:\Windows\System\SrHuBrO.exe
  C:\Windows\System\SrHuBrO.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\tTRLHcB.exe
  C:\Windows\System\tTRLHcB.exe
  2⤵
  PID:2200
- C:\Windows\System\swIgInY.exe
  C:\Windows\System\swIgInY.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\noIaupn.exe
  C:\Windows\System\noIaupn.exe
  2⤵
  PID:2812
- C:\Windows\System\OVgMhrV.exe
  C:\Windows\System\OVgMhrV.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\GcNHBOP.exe
  C:\Windows\System\GcNHBOP.exe
  2⤵
  PID:2080
- C:\Windows\System\YyRHhjH.exe
  C:\Windows\System\YyRHhjH.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\GPSLHKn.exe
  C:\Windows\System\GPSLHKn.exe
  2⤵
  PID:2672
- C:\Windows\System\LxKCnMR.exe
  C:\Windows\System\LxKCnMR.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\RvAnJGB.exe
  C:\Windows\System\RvAnJGB.exe
  2⤵
  PID:1372
- C:\Windows\System\ihjJKGu.exe
  C:\Windows\System\ihjJKGu.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\bFRCAMb.exe
  C:\Windows\System\bFRCAMb.exe
  2⤵
  PID:1512
- C:\Windows\System\PlOfPHl.exe
  C:\Windows\System\PlOfPHl.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\RydLEtt.exe
  C:\Windows\System\RydLEtt.exe
  2⤵
  PID:1096
- C:\Windows\System\qUsHfZl.exe
  C:\Windows\System\qUsHfZl.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\YZVlEaT.exe
  C:\Windows\System\YZVlEaT.exe
  2⤵
  PID:1660
- C:\Windows\System\PDVQFLI.exe
  C:\Windows\System\PDVQFLI.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\vVjufsj.exe
  C:\Windows\System\vVjufsj.exe
  2⤵
  PID:2964
- C:\Windows\System\gUfUjew.exe
  C:\Windows\System\gUfUjew.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\BsSiiaO.exe
  C:\Windows\System\BsSiiaO.exe
  2⤵
  PID:1636
- C:\Windows\System\MDwmknK.exe
  C:\Windows\System\MDwmknK.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\EMiEOHO.exe
  C:\Windows\System\EMiEOHO.exe
  2⤵
  PID:1824
- C:\Windows\System\fxmgWSD.exe
  C:\Windows\System\fxmgWSD.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\AHDuvtd.exe
  C:\Windows\System\AHDuvtd.exe
  2⤵
  PID:1508
- C:\Windows\System\VXJmMZT.exe
  C:\Windows\System\VXJmMZT.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\JmGocLz.exe
  C:\Windows\System\JmGocLz.exe
  2⤵
  PID:2952
- C:\Windows\System\PwBNecn.exe
  C:\Windows\System\PwBNecn.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\YJVTDdg.exe
  C:\Windows\System\YJVTDdg.exe
  2⤵
  PID:2652
- C:\Windows\System\vwSufSP.exe
  C:\Windows\System\vwSufSP.exe
  2⤵
  PID:1000
- C:\Windows\System\dWQHTJx.exe
  C:\Windows\System\dWQHTJx.exe
  2⤵
  PID:816
- C:\Windows\System\hOLFKHg.exe
  C:\Windows\System\hOLFKHg.exe
  2⤵
  PID:3080
- C:\Windows\System\wvRRXXr.exe
  C:\Windows\System\wvRRXXr.exe
  2⤵
  PID:3100
- C:\Windows\System\UjczkAG.exe
  C:\Windows\System\UjczkAG.exe
  2⤵
  PID:3116
- C:\Windows\System\RNdOqwg.exe
  C:\Windows\System\RNdOqwg.exe
  2⤵
  PID:3140
- C:\Windows\System\DKBDEJD.exe
  C:\Windows\System\DKBDEJD.exe
  2⤵
  PID:3160
- C:\Windows\System\uJKiMME.exe
  C:\Windows\System\uJKiMME.exe
  2⤵
  PID:3184
- C:\Windows\System\dKDlaXf.exe
  C:\Windows\System\dKDlaXf.exe
  2⤵
  PID:3200
- C:\Windows\System\PLBxmId.exe
  C:\Windows\System\PLBxmId.exe
  2⤵
  PID:3220
- C:\Windows\System\eSXDKzQ.exe
  C:\Windows\System\eSXDKzQ.exe
  2⤵
  PID:3240
- C:\Windows\System\yzrIGyI.exe
  C:\Windows\System\yzrIGyI.exe
  2⤵
  PID:3264
- C:\Windows\System\MjwHmdh.exe
  C:\Windows\System\MjwHmdh.exe
  2⤵
  PID:3280
- C:\Windows\System\TAmwFRm.exe
  C:\Windows\System\TAmwFRm.exe
  2⤵
  PID:3296
- C:\Windows\System\cEKwAVe.exe
  C:\Windows\System\cEKwAVe.exe
  2⤵
  PID:3320
- C:\Windows\System\dlgwVCP.exe
  C:\Windows\System\dlgwVCP.exe
  2⤵
  PID:3340
- C:\Windows\System\SnCyGPH.exe
  C:\Windows\System\SnCyGPH.exe
  2⤵
  PID:3360
- C:\Windows\System\IrGgfeq.exe
  C:\Windows\System\IrGgfeq.exe
  2⤵
  PID:3384
- C:\Windows\System\isfGueB.exe
  C:\Windows\System\isfGueB.exe
  2⤵
  PID:3400
- C:\Windows\System\mckNwZh.exe
  C:\Windows\System\mckNwZh.exe
  2⤵
  PID:3420
- C:\Windows\System\yFaZznn.exe
  C:\Windows\System\yFaZznn.exe
  2⤵
  PID:3440
- C:\Windows\System\YEouYIf.exe
  C:\Windows\System\YEouYIf.exe
  2⤵
  PID:3460
- C:\Windows\System\ybHEseJ.exe
  C:\Windows\System\ybHEseJ.exe
  2⤵
  PID:3484
- C:\Windows\System\wgOrlli.exe
  C:\Windows\System\wgOrlli.exe
  2⤵
  PID:3500
- C:\Windows\System\bCrktca.exe
  C:\Windows\System\bCrktca.exe
  2⤵
  PID:3516
- C:\Windows\System\GtZxZAb.exe
  C:\Windows\System\GtZxZAb.exe
  2⤵
  PID:3540
- C:\Windows\System\MNhRsKQ.exe
  C:\Windows\System\MNhRsKQ.exe
  2⤵
  PID:3560
- C:\Windows\System\mKKLEli.exe
  C:\Windows\System\mKKLEli.exe
  2⤵
  PID:3576
- C:\Windows\System\sKXqOEG.exe
  C:\Windows\System\sKXqOEG.exe
  2⤵
  PID:3592
- C:\Windows\System\JfysPVd.exe
  C:\Windows\System\JfysPVd.exe
  2⤵
  PID:3608
- C:\Windows\System\vpeVIiW.exe
  C:\Windows\System\vpeVIiW.exe
  2⤵
  PID:3624
- C:\Windows\System\dSaLMPx.exe
  C:\Windows\System\dSaLMPx.exe
  2⤵
  PID:3644
- C:\Windows\System\ZVYCJxy.exe
  C:\Windows\System\ZVYCJxy.exe
  2⤵
  PID:3668
- C:\Windows\System\zYmYzJm.exe
  C:\Windows\System\zYmYzJm.exe
  2⤵
  PID:3692
- C:\Windows\System\JpJJDPu.exe
  C:\Windows\System\JpJJDPu.exe
  2⤵
  PID:3712
- C:\Windows\System\iVDzDGP.exe
  C:\Windows\System\iVDzDGP.exe
  2⤵
  PID:3732
- C:\Windows\System\ONlONEy.exe
  C:\Windows\System\ONlONEy.exe
  2⤵
  PID:3760
- C:\Windows\System\LSRzPXW.exe
  C:\Windows\System\LSRzPXW.exe
  2⤵
  PID:3780
- C:\Windows\System\kGcWZmT.exe
  C:\Windows\System\kGcWZmT.exe
  2⤵
  PID:3800
- C:\Windows\System\dzLbPOA.exe
  C:\Windows\System\dzLbPOA.exe
  2⤵
  PID:3820
- C:\Windows\System\NYTJJHH.exe
  C:\Windows\System\NYTJJHH.exe
  2⤵
  PID:3840
- C:\Windows\System\aXgrgAa.exe
  C:\Windows\System\aXgrgAa.exe
  2⤵
  PID:3856
- C:\Windows\System\VwaQzdH.exe
  C:\Windows\System\VwaQzdH.exe
  2⤵
  PID:3872
- C:\Windows\System\wgDnFgl.exe
  C:\Windows\System\wgDnFgl.exe
  2⤵
  PID:3896
- C:\Windows\System\LFwPEXM.exe
  C:\Windows\System\LFwPEXM.exe
  2⤵
  PID:3916
- C:\Windows\System\ueMcMER.exe
  C:\Windows\System\ueMcMER.exe
  2⤵
  PID:3932
- C:\Windows\System\yvZiZWu.exe
  C:\Windows\System\yvZiZWu.exe
  2⤵
  PID:3952
- C:\Windows\System\iWFWmcs.exe
  C:\Windows\System\iWFWmcs.exe
  2⤵
  PID:3968
- C:\Windows\System\bXcFoeV.exe
  C:\Windows\System\bXcFoeV.exe
  2⤵
  PID:3988
- C:\Windows\System\ixSuJyl.exe
  C:\Windows\System\ixSuJyl.exe
  2⤵
  PID:4024
- C:\Windows\System\uBzaopn.exe
  C:\Windows\System\uBzaopn.exe
  2⤵
  PID:4040
- C:\Windows\System\qzhIXOf.exe
  C:\Windows\System\qzhIXOf.exe
  2⤵
  PID:4056
- C:\Windows\System\NUtiNUo.exe
  C:\Windows\System\NUtiNUo.exe
  2⤵
  PID:4072
- C:\Windows\System\KoeNJiL.exe
  C:\Windows\System\KoeNJiL.exe
  2⤵
  PID:4092
- C:\Windows\System\FSsOzyK.exe
  C:\Windows\System\FSsOzyK.exe
  2⤵
  PID:2184
- C:\Windows\System\KPQvzXR.exe
  C:\Windows\System\KPQvzXR.exe
  2⤵
  PID:1252
- C:\Windows\System\xXVHfof.exe
  C:\Windows\System\xXVHfof.exe
  2⤵
  PID:1584
- C:\Windows\System\jglVPfD.exe
  C:\Windows\System\jglVPfD.exe
  2⤵
  PID:2000
- C:\Windows\System\AVSZaii.exe
  C:\Windows\System\AVSZaii.exe
  2⤵
  PID:1720
- C:\Windows\System\DlhqcpD.exe
  C:\Windows\System\DlhqcpD.exe
  2⤵
  PID:1880
- C:\Windows\System\vXFXyOf.exe
  C:\Windows\System\vXFXyOf.exe
  2⤵
  PID:1888
- C:\Windows\System\MNgpPGU.exe
  C:\Windows\System\MNgpPGU.exe
  2⤵
  PID:2016
- C:\Windows\System\bWvdHgC.exe
  C:\Windows\System\bWvdHgC.exe
  2⤵
  PID:2756
- C:\Windows\System\gWnoZkZ.exe
  C:\Windows\System\gWnoZkZ.exe
  2⤵
  PID:2548
- C:\Windows\System\FgSMkMv.exe
  C:\Windows\System\FgSMkMv.exe
  2⤵
  PID:2352
- C:\Windows\System\rWyQrJI.exe
  C:\Windows\System\rWyQrJI.exe
  2⤵
  PID:2020
- C:\Windows\System\nzIzYAL.exe
  C:\Windows\System\nzIzYAL.exe
  2⤵
  PID:572
- C:\Windows\System\idtzxXS.exe
  C:\Windows\System\idtzxXS.exe
  2⤵
  PID:1632
- C:\Windows\System\tGsTCUZ.exe
  C:\Windows\System\tGsTCUZ.exe
  2⤵
  PID:2504
- C:\Windows\System\pyfmBBR.exe
  C:\Windows\System\pyfmBBR.exe
  2⤵
  PID:2300
- C:\Windows\System\TUVXfNs.exe
  C:\Windows\System\TUVXfNs.exe
  2⤵
  PID:1780
- C:\Windows\System\jzoBUxW.exe
  C:\Windows\System\jzoBUxW.exe
  2⤵
  PID:3092
- C:\Windows\System\BxPkHXG.exe
  C:\Windows\System\BxPkHXG.exe
  2⤵
  PID:3128
- C:\Windows\System\DLRlWgf.exe
  C:\Windows\System\DLRlWgf.exe
  2⤵
  PID:3180
- C:\Windows\System\NpBTiOa.exe
  C:\Windows\System\NpBTiOa.exe
  2⤵
  PID:3260
- C:\Windows\System\bLwysxn.exe
  C:\Windows\System\bLwysxn.exe
  2⤵
  PID:3156
- C:\Windows\System\jaKanUA.exe
  C:\Windows\System\jaKanUA.exe
  2⤵
  PID:3236
- C:\Windows\System\lTLvesw.exe
  C:\Windows\System\lTLvesw.exe
  2⤵
  PID:3276
- C:\Windows\System\iUWZxsN.exe
  C:\Windows\System\iUWZxsN.exe
  2⤵
  PID:3368
- C:\Windows\System\BApHdXv.exe
  C:\Windows\System\BApHdXv.exe
  2⤵
  PID:3408
- C:\Windows\System\kfbDuJi.exe
  C:\Windows\System\kfbDuJi.exe
  2⤵
  PID:3456
- C:\Windows\System\kQWdxfv.exe
  C:\Windows\System\kQWdxfv.exe
  2⤵
  PID:3308
- C:\Windows\System\xrWGbin.exe
  C:\Windows\System\xrWGbin.exe
  2⤵
  PID:3356
- C:\Windows\System\zcaUasU.exe
  C:\Windows\System\zcaUasU.exe
  2⤵
  PID:3536
- C:\Windows\System\xMXrlCK.exe
  C:\Windows\System\xMXrlCK.exe
  2⤵
  PID:3436
- C:\Windows\System\gsWNiyO.exe
  C:\Windows\System\gsWNiyO.exe
  2⤵
  PID:3480
- C:\Windows\System\sllpFnK.exe
  C:\Windows\System\sllpFnK.exe
  2⤵
  PID:3604
- C:\Windows\System\IuXRGGx.exe
  C:\Windows\System\IuXRGGx.exe
  2⤵
  PID:3676
- C:\Windows\System\AyoDxyp.exe
  C:\Windows\System\AyoDxyp.exe
  2⤵
  PID:3552
- C:\Windows\System\OiOVLZz.exe
  C:\Windows\System\OiOVLZz.exe
  2⤵
  PID:3704
- C:\Windows\System\yGTiOPd.exe
  C:\Windows\System\yGTiOPd.exe
  2⤵
  PID:3616
- C:\Windows\System\owoYmlK.exe
  C:\Windows\System\owoYmlK.exe
  2⤵
  PID:3744
- C:\Windows\System\htjYIsu.exe
  C:\Windows\System\htjYIsu.exe
  2⤵
  PID:3792
- C:\Windows\System\AaUAwaD.exe
  C:\Windows\System\AaUAwaD.exe
  2⤵
  PID:3812
- C:\Windows\System\BVfmkWs.exe
  C:\Windows\System\BVfmkWs.exe
  2⤵
  PID:3884
- C:\Windows\System\HwpgcQV.exe
  C:\Windows\System\HwpgcQV.exe
  2⤵
  PID:3960
- C:\Windows\System\Fvntphu.exe
  C:\Windows\System\Fvntphu.exe
  2⤵
  PID:3828
- C:\Windows\System\sIHHbYK.exe
  C:\Windows\System\sIHHbYK.exe
  2⤵
  PID:4004
- C:\Windows\System\WYWwVAZ.exe
  C:\Windows\System\WYWwVAZ.exe
  2⤵
  PID:4020
- C:\Windows\System\KlCZIdm.exe
  C:\Windows\System\KlCZIdm.exe
  2⤵
  PID:3944
- C:\Windows\System\MtXFiWH.exe
  C:\Windows\System\MtXFiWH.exe
  2⤵
  PID:3868
- C:\Windows\System\WERvFKd.exe
  C:\Windows\System\WERvFKd.exe
  2⤵
  PID:3908
- C:\Windows\System\wDlFojJ.exe
  C:\Windows\System\wDlFojJ.exe
  2⤵
  PID:4088
- C:\Windows\System\lEtvHeu.exe
  C:\Windows\System\lEtvHeu.exe
  2⤵
  PID:2572
- C:\Windows\System\pXseXMs.exe
  C:\Windows\System\pXseXMs.exe
  2⤵
  PID:1804
- C:\Windows\System\rDaqaRi.exe
  C:\Windows\System\rDaqaRi.exe
  2⤵
  PID:1144
- C:\Windows\System\llejUCs.exe
  C:\Windows\System\llejUCs.exe
  2⤵
  PID:2560
- C:\Windows\System\VpIPcUe.exe
  C:\Windows\System\VpIPcUe.exe
  2⤵
  PID:2356
- C:\Windows\System\xOxvRuE.exe
  C:\Windows\System\xOxvRuE.exe
  2⤵
  PID:2220
- C:\Windows\System\vUBKecN.exe
  C:\Windows\System\vUBKecN.exe
  2⤵
  PID:1560
- C:\Windows\System\rdkHlwd.exe
  C:\Windows\System\rdkHlwd.exe
  2⤵
  PID:3096
- C:\Windows\System\PdbXoHi.exe
  C:\Windows\System\PdbXoHi.exe
  2⤵
  PID:3108
- C:\Windows\System\jRPGvCn.exe
  C:\Windows\System\jRPGvCn.exe
  2⤵
  PID:3304
- C:\Windows\System\ysWszLz.exe
  C:\Windows\System\ysWszLz.exe
  2⤵
  PID:3636
- C:\Windows\System\bvYfpoB.exe
  C:\Windows\System\bvYfpoB.exe
  2⤵
  PID:3728
- C:\Windows\System\sqRcxjW.exe
  C:\Windows\System\sqRcxjW.exe
  2⤵
  PID:3740
- C:\Windows\System\YTMwSdd.exe
  C:\Windows\System\YTMwSdd.exe
  2⤵
  PID:2168
- C:\Windows\System\UCXNFTt.exe
  C:\Windows\System\UCXNFTt.exe
  2⤵
  PID:2408
- C:\Windows\System\TMjqGMw.exe
  C:\Windows\System\TMjqGMw.exe
  2⤵
  PID:568
- C:\Windows\System\kkEexJJ.exe
  C:\Windows\System\kkEexJJ.exe
  2⤵
  PID:3216
- C:\Windows\System\SiWkUzU.exe
  C:\Windows\System\SiWkUzU.exe
  2⤵
  PID:4048
- C:\Windows\System\ZOnYfyq.exe
  C:\Windows\System\ZOnYfyq.exe
  2⤵
  PID:2152
- C:\Windows\System\DfiiSVt.exe
  C:\Windows\System\DfiiSVt.exe
  2⤵
  PID:3432
- C:\Windows\System\yzIuGWf.exe
  C:\Windows\System\yzIuGWf.exe
  2⤵
  PID:3688
- C:\Windows\System\jNdqQRw.exe
  C:\Windows\System\jNdqQRw.exe
  2⤵
  PID:3448
- C:\Windows\System\GQKTFAk.exe
  C:\Windows\System\GQKTFAk.exe
  2⤵
  PID:3228
- C:\Windows\System\zbrdmPQ.exe
  C:\Windows\System\zbrdmPQ.exe
  2⤵
  PID:2984
- C:\Windows\System\eInRrnI.exe
  C:\Windows\System\eInRrnI.exe
  2⤵
  PID:4108
- C:\Windows\System\vwPXsbz.exe
  C:\Windows\System\vwPXsbz.exe
  2⤵
  PID:4128
- C:\Windows\System\etussUN.exe
  C:\Windows\System\etussUN.exe
  2⤵
  PID:4148
- C:\Windows\System\jBRUCAL.exe
  C:\Windows\System\jBRUCAL.exe
  2⤵
  PID:4168
- C:\Windows\System\FMyNQxI.exe
  C:\Windows\System\FMyNQxI.exe
  2⤵
  PID:4188
- C:\Windows\System\MXDdAvA.exe
  C:\Windows\System\MXDdAvA.exe
  2⤵
  PID:4208
- C:\Windows\System\quifWUM.exe
  C:\Windows\System\quifWUM.exe
  2⤵
  PID:4228
- C:\Windows\System\cULFTfP.exe
  C:\Windows\System\cULFTfP.exe
  2⤵
  PID:4248
- C:\Windows\System\jmqecxd.exe
  C:\Windows\System\jmqecxd.exe
  2⤵
  PID:4268
- C:\Windows\System\FINftJx.exe
  C:\Windows\System\FINftJx.exe
  2⤵
  PID:4288
- C:\Windows\System\CIpHbDu.exe
  C:\Windows\System\CIpHbDu.exe
  2⤵
  PID:4308
- C:\Windows\System\tOLKiRy.exe
  C:\Windows\System\tOLKiRy.exe
  2⤵
  PID:4328
- C:\Windows\System\dUDAIZh.exe
  C:\Windows\System\dUDAIZh.exe
  2⤵
  PID:4348
- C:\Windows\System\IqCLULM.exe
  C:\Windows\System\IqCLULM.exe
  2⤵
  PID:4368
- C:\Windows\System\KlpsRdp.exe
  C:\Windows\System\KlpsRdp.exe
  2⤵
  PID:4388
- C:\Windows\System\ALcGwRQ.exe
  C:\Windows\System\ALcGwRQ.exe
  2⤵
  PID:4408
- C:\Windows\System\jLlYdIP.exe
  C:\Windows\System\jLlYdIP.exe
  2⤵
  PID:4428
- C:\Windows\System\zXAlklA.exe
  C:\Windows\System\zXAlklA.exe
  2⤵
  PID:4448
- C:\Windows\System\vvpUXQl.exe
  C:\Windows\System\vvpUXQl.exe
  2⤵
  PID:4468
- C:\Windows\System\xcXFolG.exe
  C:\Windows\System\xcXFolG.exe
  2⤵
  PID:4488
- C:\Windows\System\PEuPXsn.exe
  C:\Windows\System\PEuPXsn.exe
  2⤵
  PID:4508
- C:\Windows\System\CnoIwpW.exe
  C:\Windows\System\CnoIwpW.exe
  2⤵
  PID:4528
- C:\Windows\System\NJVpdVw.exe
  C:\Windows\System\NJVpdVw.exe
  2⤵
  PID:4548
- C:\Windows\System\VzkKZOh.exe
  C:\Windows\System\VzkKZOh.exe
  2⤵
  PID:4568
- C:\Windows\System\WCHeXXZ.exe
  C:\Windows\System\WCHeXXZ.exe
  2⤵
  PID:4588
- C:\Windows\System\ldjejKv.exe
  C:\Windows\System\ldjejKv.exe
  2⤵
  PID:4608
- C:\Windows\System\QcVEqyQ.exe
  C:\Windows\System\QcVEqyQ.exe
  2⤵
  PID:4628
- C:\Windows\System\qQIlPsj.exe
  C:\Windows\System\qQIlPsj.exe
  2⤵
  PID:4648
- C:\Windows\System\HRcfmfM.exe
  C:\Windows\System\HRcfmfM.exe
  2⤵
  PID:4668
- C:\Windows\System\xujlfYM.exe
  C:\Windows\System\xujlfYM.exe
  2⤵
  PID:4692
- C:\Windows\System\WNnoaIV.exe
  C:\Windows\System\WNnoaIV.exe
  2⤵
  PID:4712
- C:\Windows\System\AJlDpfG.exe
  C:\Windows\System\AJlDpfG.exe
  2⤵
  PID:4732
- C:\Windows\System\OHmTZdG.exe
  C:\Windows\System\OHmTZdG.exe
  2⤵
  PID:4756
- C:\Windows\System\lcrYsTp.exe
  C:\Windows\System\lcrYsTp.exe
  2⤵
  PID:4772
- C:\Windows\System\vBnPoor.exe
  C:\Windows\System\vBnPoor.exe
  2⤵
  PID:4796
- C:\Windows\System\xmaWHQh.exe
  C:\Windows\System\xmaWHQh.exe
  2⤵
  PID:4816
- C:\Windows\System\npJcvNv.exe
  C:\Windows\System\npJcvNv.exe
  2⤵
  PID:4836
- C:\Windows\System\FmLSGaF.exe
  C:\Windows\System\FmLSGaF.exe
  2⤵
  PID:4856
- C:\Windows\System\AGewxMY.exe
  C:\Windows\System\AGewxMY.exe
  2⤵
  PID:4876
- C:\Windows\System\hEbButG.exe
  C:\Windows\System\hEbButG.exe
  2⤵
  PID:4896
- C:\Windows\System\kqytsiG.exe
  C:\Windows\System\kqytsiG.exe
  2⤵
  PID:4916
- C:\Windows\System\pNZzTLA.exe
  C:\Windows\System\pNZzTLA.exe
  2⤵
  PID:4936
- C:\Windows\System\rVXnxxj.exe
  C:\Windows\System\rVXnxxj.exe
  2⤵
  PID:4956
- C:\Windows\System\CvQmGzH.exe
  C:\Windows\System\CvQmGzH.exe
  2⤵
  PID:4976
- C:\Windows\System\rdfzJVu.exe
  C:\Windows\System\rdfzJVu.exe
  2⤵
  PID:4996
- C:\Windows\System\dhFJTIZ.exe
  C:\Windows\System\dhFJTIZ.exe
  2⤵
  PID:5016
- C:\Windows\System\kVsECSs.exe
  C:\Windows\System\kVsECSs.exe
  2⤵
  PID:5036
- C:\Windows\System\jDUprbj.exe
  C:\Windows\System\jDUprbj.exe
  2⤵
  PID:5056
- C:\Windows\System\muFwjqu.exe
  C:\Windows\System\muFwjqu.exe
  2⤵
  PID:5076
- C:\Windows\System\fOndJBZ.exe
  C:\Windows\System\fOndJBZ.exe
  2⤵
  PID:5096
- C:\Windows\System\fmpBonl.exe
  C:\Windows\System\fmpBonl.exe
  2⤵
  PID:5116
- C:\Windows\System\LbpfmPp.exe
  C:\Windows\System\LbpfmPp.exe
  2⤵
  PID:1448
- C:\Windows\System\LYrsMSM.exe
  C:\Windows\System\LYrsMSM.exe
  2⤵
  PID:3112
- C:\Windows\System\CYKEKyw.exe
  C:\Windows\System\CYKEKyw.exe
  2⤵
  PID:3852
- C:\Windows\System\HYAJMVf.exe
  C:\Windows\System\HYAJMVf.exe
  2⤵
  PID:3472
- C:\Windows\System\ACWKjEJ.exe
  C:\Windows\System\ACWKjEJ.exe
  2⤵
  PID:2616
- C:\Windows\System\hnIQuKa.exe
  C:\Windows\System\hnIQuKa.exe
  2⤵
  PID:2764
- C:\Windows\System\TaZNbTU.exe
  C:\Windows\System\TaZNbTU.exe
  2⤵
  PID:3372
- C:\Windows\System\QJwSYgN.exe
  C:\Windows\System\QJwSYgN.exe
  2⤵
  PID:3380
- C:\Windows\System\EasgWbB.exe
  C:\Windows\System\EasgWbB.exe
  2⤵
  PID:3980
- C:\Windows\System\MgMPvYH.exe
  C:\Windows\System\MgMPvYH.exe
  2⤵
  PID:3700
- C:\Windows\System\iEAkPFO.exe
  C:\Windows\System\iEAkPFO.exe
  2⤵
  PID:3888
- C:\Windows\System\MzCGIDL.exe
  C:\Windows\System\MzCGIDL.exe
  2⤵
  PID:3816
- C:\Windows\System\MxryXSd.exe
  C:\Windows\System\MxryXSd.exe
  2⤵
  PID:1216
- C:\Windows\System\DAzUtdY.exe
  C:\Windows\System\DAzUtdY.exe
  2⤵
  PID:3836
- C:\Windows\System\uMxnmzl.exe
  C:\Windows\System\uMxnmzl.exe
  2⤵
  PID:3940
- C:\Windows\System\AsiaYUS.exe
  C:\Windows\System\AsiaYUS.exe
  2⤵
  PID:1664
- C:\Windows\System\dihTUEI.exe
  C:\Windows\System\dihTUEI.exe
  2⤵
  PID:3416
- C:\Windows\System\vdEwCRh.exe
  C:\Windows\System\vdEwCRh.exe
  2⤵
  PID:896
- C:\Windows\System\KdINfRh.exe
  C:\Windows\System\KdINfRh.exe
  2⤵
  PID:4116
- C:\Windows\System\SOyAdgu.exe
  C:\Windows\System\SOyAdgu.exe
  2⤵
  PID:4140
- C:\Windows\System\oJCztCi.exe
  C:\Windows\System\oJCztCi.exe
  2⤵
  PID:4160
- C:\Windows\System\UXWBFJF.exe
  C:\Windows\System\UXWBFJF.exe
  2⤵
  PID:4196
- C:\Windows\System\OefTORS.exe
  C:\Windows\System\OefTORS.exe
  2⤵
  PID:4264
- C:\Windows\System\zzcgctK.exe
  C:\Windows\System\zzcgctK.exe
  2⤵
  PID:4284
- C:\Windows\System\UtLjWnD.exe
  C:\Windows\System\UtLjWnD.exe
  2⤵
  PID:4316
- C:\Windows\System\bYCbbHD.exe
  C:\Windows\System\bYCbbHD.exe
  2⤵
  PID:4320
- C:\Windows\System\XbyCJxS.exe
  C:\Windows\System\XbyCJxS.exe
  2⤵
  PID:4384
- C:\Windows\System\rCrcyjG.exe
  C:\Windows\System\rCrcyjG.exe
  2⤵
  PID:4400
- C:\Windows\System\rDCtere.exe
  C:\Windows\System\rDCtere.exe
  2⤵
  PID:4440
- C:\Windows\System\bpETJQt.exe
  C:\Windows\System\bpETJQt.exe
  2⤵
  PID:4500
- C:\Windows\System\BivwdSy.exe
  C:\Windows\System\BivwdSy.exe
  2⤵
  PID:4516
- C:\Windows\System\PzwWoQT.exe
  C:\Windows\System\PzwWoQT.exe
  2⤵
  PID:4576
- C:\Windows\System\QjkeFLW.exe
  C:\Windows\System\QjkeFLW.exe
  2⤵
  PID:4596
- C:\Windows\System\YgyQpCB.exe
  C:\Windows\System\YgyQpCB.exe
  2⤵
  PID:4620
- C:\Windows\System\ZhsHasz.exe
  C:\Windows\System\ZhsHasz.exe
  2⤵
  PID:4664
- C:\Windows\System\dEZeDWd.exe
  C:\Windows\System\dEZeDWd.exe
  2⤵
  PID:4700
- C:\Windows\System\HdAkLjv.exe
  C:\Windows\System\HdAkLjv.exe
  2⤵
  PID:4728
- C:\Windows\System\KPPpFMa.exe
  C:\Windows\System\KPPpFMa.exe
  2⤵
  PID:4784
- C:\Windows\System\eISSAPd.exe
  C:\Windows\System\eISSAPd.exe
  2⤵
  PID:4804
- C:\Windows\System\QtsCZWW.exe
  C:\Windows\System\QtsCZWW.exe
  2⤵
  PID:4828
- C:\Windows\System\kBIDdIa.exe
  C:\Windows\System\kBIDdIa.exe
  2⤵
  PID:4848
- C:\Windows\System\eqtyEql.exe
  C:\Windows\System\eqtyEql.exe
  2⤵
  PID:4904
- C:\Windows\System\mMJgBPn.exe
  C:\Windows\System\mMJgBPn.exe
  2⤵
  PID:4924
- C:\Windows\System\szftngZ.exe
  C:\Windows\System\szftngZ.exe
  2⤵
  PID:4992
- C:\Windows\System\ygkglxO.exe
  C:\Windows\System\ygkglxO.exe
  2⤵
  PID:5004
- C:\Windows\System\kEPeVxE.exe
  C:\Windows\System\kEPeVxE.exe
  2⤵
  PID:5028
- C:\Windows\System\uqYkVnD.exe
  C:\Windows\System\uqYkVnD.exe
  2⤵
  PID:5048
- C:\Windows\System\HgrHdLV.exe
  C:\Windows\System\HgrHdLV.exe
  2⤵
  PID:5088
- C:\Windows\System\uptzhQb.exe
  C:\Windows\System\uptzhQb.exe
  2⤵
  PID:4064
- C:\Windows\System\HxyvsYQ.exe
  C:\Windows\System\HxyvsYQ.exe
  2⤵
  PID:3788
- C:\Windows\System\TVnyzTU.exe
  C:\Windows\System\TVnyzTU.exe
  2⤵
  PID:2120
- C:\Windows\System\nIJmfvW.exe
  C:\Windows\System\nIJmfvW.exe
  2⤵
  PID:2084
- C:\Windows\System\mIbSJaK.exe
  C:\Windows\System\mIbSJaK.exe
  2⤵
  PID:4012
- C:\Windows\System\gOGeAmr.exe
  C:\Windows\System\gOGeAmr.exe
  2⤵
  PID:4080
- C:\Windows\System\OTEdxjD.exe
  C:\Windows\System\OTEdxjD.exe
  2⤵
  PID:940
- C:\Windows\System\xlEwoiW.exe
  C:\Windows\System\xlEwoiW.exe
  2⤵
  PID:3912
- C:\Windows\System\mueWELC.exe
  C:\Windows\System\mueWELC.exe
  2⤵
  PID:2696
- C:\Windows\System\tZbJhrB.exe
  C:\Windows\System\tZbJhrB.exe
  2⤵
  PID:3348
- C:\Windows\System\nZQaACj.exe
  C:\Windows\System\nZQaACj.exe
  2⤵
  PID:4136
- C:\Windows\System\iDPUYBC.exe
  C:\Windows\System\iDPUYBC.exe
  2⤵
  PID:4100
- C:\Windows\System\jUOAIYY.exe
  C:\Windows\System\jUOAIYY.exe
  2⤵
  PID:4164
- C:\Windows\System\zwCzNES.exe
  C:\Windows\System\zwCzNES.exe
  2⤵
  PID:4276
- C:\Windows\System\oPIAwpW.exe
  C:\Windows\System\oPIAwpW.exe
  2⤵
  PID:4324
- C:\Windows\System\ORPgqrk.exe
  C:\Windows\System\ORPgqrk.exe
  2⤵
  PID:4376
- C:\Windows\System\sNxpXWV.exe
  C:\Windows\System\sNxpXWV.exe
  2⤵
  PID:4424
- C:\Windows\System\WhiUWTV.exe
  C:\Windows\System\WhiUWTV.exe
  2⤵
  PID:4504
- C:\Windows\System\CCkaLqr.exe
  C:\Windows\System\CCkaLqr.exe
  2⤵
  PID:4480
- C:\Windows\System\hpLqxww.exe
  C:\Windows\System\hpLqxww.exe
  2⤵
  PID:4580
- C:\Windows\System\KnPOyKZ.exe
  C:\Windows\System\KnPOyKZ.exe
  2⤵
  PID:4676
- C:\Windows\System\UvvdMCL.exe
  C:\Windows\System\UvvdMCL.exe
  2⤵
  PID:4644
- C:\Windows\System\YYRslRf.exe
  C:\Windows\System\YYRslRf.exe
  2⤵
  PID:4720
- C:\Windows\System\hGErNHS.exe
  C:\Windows\System\hGErNHS.exe
  2⤵
  PID:4812
- C:\Windows\System\LTmWiej.exe
  C:\Windows\System\LTmWiej.exe
  2⤵
  PID:4872
- C:\Windows\System\DBSQLAO.exe
  C:\Windows\System\DBSQLAO.exe
  2⤵
  PID:4928
- C:\Windows\System\uZGJRoS.exe
  C:\Windows\System\uZGJRoS.exe
  2⤵
  PID:5032
- C:\Windows\System\qhDRqTk.exe
  C:\Windows\System\qhDRqTk.exe
  2⤵
  PID:4988
- C:\Windows\System\saBwSsN.exe
  C:\Windows\System\saBwSsN.exe
  2⤵
  PID:5064
- C:\Windows\System\lKJOwoJ.exe
  C:\Windows\System\lKJOwoJ.exe
  2⤵
  PID:3756
- C:\Windows\System\QvFzqeX.exe
  C:\Windows\System\QvFzqeX.exe
  2⤵
  PID:3768
- C:\Windows\System\USZjZTt.exe
  C:\Windows\System\USZjZTt.exe
  2⤵
  PID:3532
- C:\Windows\System\toUCWvy.exe
  C:\Windows\System\toUCWvy.exe
  2⤵
  PID:3796
- C:\Windows\System\OrbEniB.exe
  C:\Windows\System\OrbEniB.exe
  2⤵
  PID:3076
- C:\Windows\System\NZWFSLD.exe
  C:\Windows\System\NZWFSLD.exe
  2⤵
  PID:4176
- C:\Windows\System\HxLCumU.exe
  C:\Windows\System\HxLCumU.exe
  2⤵
  PID:1836
- C:\Windows\System\VhOlOnM.exe
  C:\Windows\System\VhOlOnM.exe
  2⤵
  PID:5128
- C:\Windows\System\wGegaIK.exe
  C:\Windows\System\wGegaIK.exe
  2⤵
  PID:5144
- C:\Windows\System\mMuDZOr.exe
  C:\Windows\System\mMuDZOr.exe
  2⤵
  PID:5160
- C:\Windows\System\mvGbZDD.exe
  C:\Windows\System\mvGbZDD.exe
  2⤵
  PID:5176
- C:\Windows\System\IGqzSel.exe
  C:\Windows\System\IGqzSel.exe
  2⤵
  PID:5196
- C:\Windows\System\pzzTkqM.exe
  C:\Windows\System\pzzTkqM.exe
  2⤵
  PID:5216
- C:\Windows\System\gbIJrLN.exe
  C:\Windows\System\gbIJrLN.exe
  2⤵
  PID:5236
- C:\Windows\System\lrDaZDO.exe
  C:\Windows\System\lrDaZDO.exe
  2⤵
  PID:5252
- C:\Windows\System\lmaQtDb.exe
  C:\Windows\System\lmaQtDb.exe
  2⤵
  PID:5276
- C:\Windows\System\tUbemcN.exe
  C:\Windows\System\tUbemcN.exe
  2⤵
  PID:5292
- C:\Windows\System\wRXHvFG.exe
  C:\Windows\System\wRXHvFG.exe
  2⤵
  PID:5312
- C:\Windows\System\llSSGAz.exe
  C:\Windows\System\llSSGAz.exe
  2⤵
  PID:5328
- C:\Windows\System\MPPRXeb.exe
  C:\Windows\System\MPPRXeb.exe
  2⤵
  PID:5348
- C:\Windows\System\hPYtCyi.exe
  C:\Windows\System\hPYtCyi.exe
  2⤵
  PID:5372
- C:\Windows\System\SorBhyh.exe
  C:\Windows\System\SorBhyh.exe
  2⤵
  PID:5388
- C:\Windows\System\eUvLuMq.exe
  C:\Windows\System\eUvLuMq.exe
  2⤵
  PID:5408
- C:\Windows\System\VKuvLZd.exe
  C:\Windows\System\VKuvLZd.exe
  2⤵
  PID:5428
- C:\Windows\System\gKVDXQR.exe
  C:\Windows\System\gKVDXQR.exe
  2⤵
  PID:5444
- C:\Windows\System\kHTvDNl.exe
  C:\Windows\System\kHTvDNl.exe
  2⤵
  PID:5468
- C:\Windows\System\zzCCxWZ.exe
  C:\Windows\System\zzCCxWZ.exe
  2⤵
  PID:5488
- C:\Windows\System\RKnUsAO.exe
  C:\Windows\System\RKnUsAO.exe
  2⤵
  PID:5508
- C:\Windows\System\pPPWULG.exe
  C:\Windows\System\pPPWULG.exe
  2⤵
  PID:5532
- C:\Windows\System\mrimYuD.exe
  C:\Windows\System\mrimYuD.exe
  2⤵
  PID:5548
- C:\Windows\System\vtoelpF.exe
  C:\Windows\System\vtoelpF.exe
  2⤵
  PID:5572
- C:\Windows\System\RXMOnOu.exe
  C:\Windows\System\RXMOnOu.exe
  2⤵
  PID:5588
- C:\Windows\System\DGgDtRk.exe
  C:\Windows\System\DGgDtRk.exe
  2⤵
  PID:5612
- C:\Windows\System\aSOUgwk.exe
  C:\Windows\System\aSOUgwk.exe
  2⤵
  PID:5628
- C:\Windows\System\DUFhaSN.exe
  C:\Windows\System\DUFhaSN.exe
  2⤵
  PID:5660
- C:\Windows\System\SisPEPZ.exe
  C:\Windows\System\SisPEPZ.exe
  2⤵
  PID:5692
- C:\Windows\System\AQkjngD.exe
  C:\Windows\System\AQkjngD.exe
  2⤵
  PID:5708
- C:\Windows\System\QmRdAvZ.exe
  C:\Windows\System\QmRdAvZ.exe
  2⤵
  PID:5736
- C:\Windows\System\ydNojIn.exe
  C:\Windows\System\ydNojIn.exe
  2⤵
  PID:5752
- C:\Windows\System\DAPHPDm.exe
  C:\Windows\System\DAPHPDm.exe
  2⤵
  PID:5776
- C:\Windows\System\zremlJk.exe
  C:\Windows\System\zremlJk.exe
  2⤵
  PID:5792
- C:\Windows\System\ioMgphS.exe
  C:\Windows\System\ioMgphS.exe
  2⤵
  PID:5812
- C:\Windows\System\xizqHqV.exe
  C:\Windows\System\xizqHqV.exe
  2⤵
  PID:5828
- C:\Windows\System\UznOHPS.exe
  C:\Windows\System\UznOHPS.exe
  2⤵
  PID:5852
- C:\Windows\System\vwdnPEn.exe
  C:\Windows\System\vwdnPEn.exe
  2⤵
  PID:5868
- C:\Windows\System\LfOaqwP.exe
  C:\Windows\System\LfOaqwP.exe
  2⤵
  PID:5892
- C:\Windows\System\zEIHZGc.exe
  C:\Windows\System\zEIHZGc.exe
  2⤵
  PID:5912
- C:\Windows\System\EkIniLh.exe
  C:\Windows\System\EkIniLh.exe
  2⤵
  PID:5940
- C:\Windows\System\CUiIoSs.exe
  C:\Windows\System\CUiIoSs.exe
  2⤵
  PID:5956
- C:\Windows\System\kMmfKWG.exe
  C:\Windows\System\kMmfKWG.exe
  2⤵
  PID:5976
- C:\Windows\System\QKAOQHp.exe
  C:\Windows\System\QKAOQHp.exe
  2⤵
  PID:5996
- C:\Windows\System\kMJCwAD.exe
  C:\Windows\System\kMJCwAD.exe
  2⤵
  PID:6016
- C:\Windows\System\EyqFJxK.exe
  C:\Windows\System\EyqFJxK.exe
  2⤵
  PID:6032
- C:\Windows\System\ELUIwaU.exe
  C:\Windows\System\ELUIwaU.exe
  2⤵
  PID:6056
- C:\Windows\System\YzXAjGc.exe
  C:\Windows\System\YzXAjGc.exe
  2⤵
  PID:6072
- C:\Windows\System\QUlrjhk.exe
  C:\Windows\System\QUlrjhk.exe
  2⤵
  PID:6096
- C:\Windows\System\KgRkauf.exe
  C:\Windows\System\KgRkauf.exe
  2⤵
  PID:6112
- C:\Windows\System\NrfLVoV.exe
  C:\Windows\System\NrfLVoV.exe
  2⤵
  PID:6132
- C:\Windows\System\dhIrjVY.exe
  C:\Windows\System\dhIrjVY.exe
  2⤵
  PID:4444
- C:\Windows\System\FCfeGce.exe
  C:\Windows\System\FCfeGce.exe
  2⤵
  PID:4640
- C:\Windows\System\aZwLMiw.exe
  C:\Windows\System\aZwLMiw.exe
  2⤵
  PID:4892
- C:\Windows\System\BHTAQCW.exe
  C:\Windows\System\BHTAQCW.exe
  2⤵
  PID:5072
- C:\Windows\System\BvIhWBd.exe
  C:\Windows\System\BvIhWBd.exe
  2⤵
  PID:596
- C:\Windows\System\ReDzPfA.exe
  C:\Windows\System\ReDzPfA.exe
  2⤵
  PID:3428
- C:\Windows\System\qNfyWyq.exe
  C:\Windows\System\qNfyWyq.exe
  2⤵
  PID:3512
- C:\Windows\System\PVKYgav.exe
  C:\Windows\System\PVKYgav.exe
  2⤵
  PID:5140
- C:\Windows\System\aRbyeBl.exe
  C:\Windows\System\aRbyeBl.exe
  2⤵
  PID:4224
- C:\Windows\System\LnVOxyh.exe
  C:\Windows\System\LnVOxyh.exe
  2⤵
  PID:4256
- C:\Windows\System\NoXplFs.exe
  C:\Windows\System\NoXplFs.exe
  2⤵
  PID:4364
- C:\Windows\System\buaaZNS.exe
  C:\Windows\System\buaaZNS.exe
  2⤵
  PID:5324
- C:\Windows\System\EANlOll.exe
  C:\Windows\System\EANlOll.exe
  2⤵
  PID:5360
- C:\Windows\System\GtztweZ.exe
  C:\Windows\System\GtztweZ.exe
  2⤵
  PID:4600
- C:\Windows\System\iyFhqXh.exe
  C:\Windows\System\iyFhqXh.exe
  2⤵
  PID:4704
- C:\Windows\System\ipjUfpb.exe
  C:\Windows\System\ipjUfpb.exe
  2⤵
  PID:4984
- C:\Windows\System\HOXNjVl.exe
  C:\Windows\System\HOXNjVl.exe
  2⤵
  PID:5400
- C:\Windows\System\vwtOGDM.exe
  C:\Windows\System\vwtOGDM.exe
  2⤵
  PID:5440
- C:\Windows\System\znVTisM.exe
  C:\Windows\System\znVTisM.exe
  2⤵
  PID:3176
- C:\Windows\System\PYqytlh.exe
  C:\Windows\System\PYqytlh.exe
  2⤵
  PID:3548
- C:\Windows\System\mohEfxM.exe
  C:\Windows\System\mohEfxM.exe
  2⤵
  PID:4300
- C:\Windows\System\cMDrTtD.exe
  C:\Windows\System\cMDrTtD.exe
  2⤵
  PID:5524
- C:\Windows\System\dIsfqoR.exe
  C:\Windows\System\dIsfqoR.exe
  2⤵
  PID:5156
- C:\Windows\System\igbPoty.exe
  C:\Windows\System\igbPoty.exe
  2⤵
  PID:5568
- C:\Windows\System\iAiKwzQ.exe
  C:\Windows\System\iAiKwzQ.exe
  2⤵
  PID:5608
- C:\Windows\System\PpuQAMa.exe
  C:\Windows\System\PpuQAMa.exe
  2⤵
  PID:5264
- C:\Windows\System\lauCFLq.exe
  C:\Windows\System\lauCFLq.exe
  2⤵
  PID:5424
- C:\Windows\System\FJFOEgw.exe
  C:\Windows\System\FJFOEgw.exe
  2⤵
  PID:5640
- C:\Windows\System\PzRpUEd.exe
  C:\Windows\System\PzRpUEd.exe
  2⤵
  PID:5300
- C:\Windows\System\fqknppW.exe
  C:\Windows\System\fqknppW.exe
  2⤵
  PID:5500
- C:\Windows\System\lXPbdQl.exe
  C:\Windows\System\lXPbdQl.exe
  2⤵
  PID:5416
- C:\Windows\System\pNFgXSx.exe
  C:\Windows\System\pNFgXSx.exe
  2⤵
  PID:5340
- C:\Windows\System\YuztIym.exe
  C:\Windows\System\YuztIym.exe
  2⤵
  PID:5788
- C:\Windows\System\bulUiUn.exe
  C:\Windows\System\bulUiUn.exe
  2⤵
  PID:5672
- C:\Windows\System\UDuqSmR.exe
  C:\Windows\System\UDuqSmR.exe
  2⤵
  PID:5688
- C:\Windows\System\oZnXmVg.exe
  C:\Windows\System\oZnXmVg.exe
  2⤵
  PID:5732
- C:\Windows\System\VfXBmon.exe
  C:\Windows\System\VfXBmon.exe
  2⤵
  PID:2808
- C:\Windows\System\stthoYp.exe
  C:\Windows\System\stthoYp.exe
  2⤵
  PID:6028
- C:\Windows\System\hyXbOdg.exe
  C:\Windows\System\hyXbOdg.exe
  2⤵
  PID:6108
- C:\Windows\System\HPBBGXx.exe
  C:\Windows\System\HPBBGXx.exe
  2⤵
  PID:5772
- C:\Windows\System\sWfSnIt.exe
  C:\Windows\System\sWfSnIt.exe
  2⤵
  PID:5808
- C:\Windows\System\vwRZeKh.exe
  C:\Windows\System\vwRZeKh.exe
  2⤵
  PID:784
- C:\Windows\System\tzjcktS.exe
  C:\Windows\System\tzjcktS.exe
  2⤵
  PID:3352
- C:\Windows\System\GkbqRve.exe
  C:\Windows\System\GkbqRve.exe
  2⤵
  PID:5884
- C:\Windows\System\JWhgmCs.exe
  C:\Windows\System\JWhgmCs.exe
  2⤵
  PID:5876
- C:\Windows\System\IoRULnA.exe
  C:\Windows\System\IoRULnA.exe
  2⤵
  PID:5928
- C:\Windows\System\YigkeIn.exe
  C:\Windows\System\YigkeIn.exe
  2⤵
  PID:5936
- C:\Windows\System\iVNEXRj.exe
  C:\Windows\System\iVNEXRj.exe
  2⤵
  PID:5396
- C:\Windows\System\vJeUbte.exe
  C:\Windows\System\vJeUbte.exe
  2⤵
  PID:5972
- C:\Windows\System\nGPwxvo.exe
  C:\Windows\System\nGPwxvo.exe
  2⤵
  PID:6044
- C:\Windows\System\RbzxXaZ.exe
  C:\Windows\System\RbzxXaZ.exe
  2⤵
  PID:6088
- C:\Windows\System\xLggHST.exe
  C:\Windows\System\xLggHST.exe
  2⤵
  PID:6124
- C:\Windows\System\tcyMLAI.exe
  C:\Windows\System\tcyMLAI.exe
  2⤵
  PID:5528
- C:\Windows\System\hlUzHjA.exe
  C:\Windows\System\hlUzHjA.exe
  2⤵
  PID:5596
- C:\Windows\System\vttNeDT.exe
  C:\Windows\System\vttNeDT.exe
  2⤵
  PID:2900
- C:\Windows\System\lJWgKJF.exe
  C:\Windows\System\lJWgKJF.exe
  2⤵
  PID:5204
- C:\Windows\System\AoMuyui.exe
  C:\Windows\System\AoMuyui.exe
  2⤵
  PID:5308
- C:\Windows\System\WkbSiqW.exe
  C:\Windows\System\WkbSiqW.exe
  2⤵
  PID:5288
- C:\Windows\System\PfkvzVx.exe
  C:\Windows\System\PfkvzVx.exe
  2⤵
  PID:5104
- C:\Windows\System\xowPlKm.exe
  C:\Windows\System\xowPlKm.exe
  2⤵
  PID:5484
- C:\Windows\System\fnkSgwf.exe
  C:\Windows\System\fnkSgwf.exe
  2⤵
  PID:5260
- C:\Windows\System\qZPlOGi.exe
  C:\Windows\System\qZPlOGi.exe
  2⤵
  PID:5232
- C:\Windows\System\xAiiYSL.exe
  C:\Windows\System\xAiiYSL.exe
  2⤵
  PID:792
- C:\Windows\System\fJVGqdi.exe
  C:\Windows\System\fJVGqdi.exe
  2⤵
  PID:5656
- C:\Windows\System\rRmhsyr.exe
  C:\Windows\System\rRmhsyr.exe
  2⤵
  PID:5452
- C:\Windows\System\oOjZjxK.exe
  C:\Windows\System\oOjZjxK.exe
  2⤵
  PID:5580
- C:\Windows\System\mJQBHGV.exe
  C:\Windows\System\mJQBHGV.exe
  2⤵
  PID:5748
- C:\Windows\System\aTzKTVM.exe
  C:\Windows\System\aTzKTVM.exe
  2⤵
  PID:5744
- C:\Windows\System\ctveTZC.exe
  C:\Windows\System\ctveTZC.exe
  2⤵
  PID:5952
- C:\Windows\System\BXjOqIv.exe
  C:\Windows\System\BXjOqIv.exe
  2⤵
  PID:5724
- C:\Windows\System\BCUllje.exe
  C:\Windows\System\BCUllje.exe
  2⤵
  PID:1928
- C:\Windows\System\yXrhJXf.exe
  C:\Windows\System\yXrhJXf.exe
  2⤵
  PID:2868
- C:\Windows\System\PWgQPjC.exe
  C:\Windows\System\PWgQPjC.exe
  2⤵
  PID:5768
- C:\Windows\System\IojBnxB.exe
  C:\Windows\System\IojBnxB.exe
  2⤵
  PID:2780
- C:\Windows\System\AEtudJC.exe
  C:\Windows\System\AEtudJC.exe
  2⤵
  PID:5968
- C:\Windows\System\bNZvUfC.exe
  C:\Windows\System\bNZvUfC.exe
  2⤵
  PID:4240
- C:\Windows\System\JrdETfI.exe
  C:\Windows\System\JrdETfI.exe
  2⤵
  PID:4220
- C:\Windows\System\HQRtZKB.exe
  C:\Windows\System\HQRtZKB.exe
  2⤵
  PID:5600
- C:\Windows\System\SgnobSw.exe
  C:\Windows\System\SgnobSw.exe
  2⤵
  PID:4260
- C:\Windows\System\HCIamdW.exe
  C:\Windows\System\HCIamdW.exe
  2⤵
  PID:6040
- C:\Windows\System\KdkmsCh.exe
  C:\Windows\System\KdkmsCh.exe
  2⤵
  PID:4944
- C:\Windows\System\EjnbCpQ.exe
  C:\Windows\System\EjnbCpQ.exe
  2⤵
  PID:4968
- C:\Windows\System\RKbsDvH.exe
  C:\Windows\System\RKbsDvH.exe
  2⤵
  PID:4584
- C:\Windows\System\wqzZiOG.exe
  C:\Windows\System\wqzZiOG.exe
  2⤵
  PID:5636
- C:\Windows\System\okPDKkC.exe
  C:\Windows\System\okPDKkC.exe
  2⤵
  PID:5192
- C:\Windows\System\zWZEroG.exe
  C:\Windows\System\zWZEroG.exe
  2⤵
  PID:5644
- C:\Windows\System\QnNuPLW.exe
  C:\Windows\System\QnNuPLW.exe
  2⤵
  PID:4808
- C:\Windows\System\BSVQHPE.exe
  C:\Windows\System\BSVQHPE.exe
  2⤵
  PID:5704
- C:\Windows\System\dKCfGjb.exe
  C:\Windows\System\dKCfGjb.exe
  2⤵
  PID:5988
- C:\Windows\System\AxwVaWZ.exe
  C:\Windows\System\AxwVaWZ.exe
  2⤵
  PID:5504
- C:\Windows\System\OJyFFah.exe
  C:\Windows\System\OJyFFah.exe
  2⤵
  PID:5820
- C:\Windows\System\jcatjRJ.exe
  C:\Windows\System\jcatjRJ.exe
  2⤵
  PID:2768
- C:\Windows\System\gZZfMeE.exe
  C:\Windows\System\gZZfMeE.exe
  2⤵
  PID:4484
- C:\Windows\System\tLfbaHF.exe
  C:\Windows\System\tLfbaHF.exe
  2⤵
  PID:5720
- C:\Windows\System\XBIvbsh.exe
  C:\Windows\System\XBIvbsh.exe
  2⤵
  PID:2044
- C:\Windows\System\zzvqKfo.exe
  C:\Windows\System\zzvqKfo.exe
  2⤵
  PID:5008
- C:\Windows\System\uTXqHVL.exe
  C:\Windows\System\uTXqHVL.exe
  2⤵
  PID:6008
- C:\Windows\System\YXbWsni.exe
  C:\Windows\System\YXbWsni.exe
  2⤵
  PID:5924
- C:\Windows\System\njCnfGc.exe
  C:\Windows\System\njCnfGc.exe
  2⤵
  PID:5284
- C:\Windows\System\LkPiBzC.exe
  C:\Windows\System\LkPiBzC.exe
  2⤵
  PID:5420
- C:\Windows\System\EISYZBB.exe
  C:\Windows\System\EISYZBB.exe
  2⤵
  PID:5304
- C:\Windows\System\GPoMizX.exe
  C:\Windows\System\GPoMizX.exe
  2⤵
  PID:2740
- C:\Windows\System\xoRtrMy.exe
  C:\Windows\System\xoRtrMy.exe
  2⤵
  PID:6156
- C:\Windows\System\UTtTlDQ.exe
  C:\Windows\System\UTtTlDQ.exe
  2⤵
  PID:6180
- C:\Windows\System\XKrFkuK.exe
  C:\Windows\System\XKrFkuK.exe
  2⤵
  PID:6200
- C:\Windows\System\GoeNxsG.exe
  C:\Windows\System\GoeNxsG.exe
  2⤵
  PID:6220
- C:\Windows\System\SlfJIYY.exe
  C:\Windows\System\SlfJIYY.exe
  2⤵
  PID:6236
- C:\Windows\System\LEYOOWl.exe
  C:\Windows\System\LEYOOWl.exe
  2⤵
  PID:6256
- C:\Windows\System\YHHbiaD.exe
  C:\Windows\System\YHHbiaD.exe
  2⤵
  PID:6280
- C:\Windows\System\prsKgEO.exe
  C:\Windows\System\prsKgEO.exe
  2⤵
  PID:6296
- C:\Windows\System\LvahDqD.exe
  C:\Windows\System\LvahDqD.exe
  2⤵
  PID:6320
- C:\Windows\System\vCXATKT.exe
  C:\Windows\System\vCXATKT.exe
  2⤵
  PID:6340
- C:\Windows\System\EqokyxE.exe
  C:\Windows\System\EqokyxE.exe
  2⤵
  PID:6364
- C:\Windows\System\WXTVPGr.exe
  C:\Windows\System\WXTVPGr.exe
  2⤵
  PID:6380
- C:\Windows\System\LGiQZOF.exe
  C:\Windows\System\LGiQZOF.exe
  2⤵
  PID:6404
- C:\Windows\System\BksFdHx.exe
  C:\Windows\System\BksFdHx.exe
  2⤵
  PID:6424
- C:\Windows\System\PEUVUgc.exe
  C:\Windows\System\PEUVUgc.exe
  2⤵
  PID:6444
- C:\Windows\System\SNskKJD.exe
  C:\Windows\System\SNskKJD.exe
  2⤵
  PID:6464
- C:\Windows\System\PtjspcL.exe
  C:\Windows\System\PtjspcL.exe
  2⤵
  PID:6484
- C:\Windows\System\CNOMwCn.exe
  C:\Windows\System\CNOMwCn.exe
  2⤵
  PID:6504
- C:\Windows\System\OosFwhp.exe
  C:\Windows\System\OosFwhp.exe
  2⤵
  PID:6524
- C:\Windows\System\CbkMcbu.exe
  C:\Windows\System\CbkMcbu.exe
  2⤵
  PID:6544
- C:\Windows\System\KvGSLHY.exe
  C:\Windows\System\KvGSLHY.exe
  2⤵
  PID:6564
- C:\Windows\System\bLiSiZZ.exe
  C:\Windows\System\bLiSiZZ.exe
  2⤵
  PID:6584
- C:\Windows\System\CwrVzFV.exe
  C:\Windows\System\CwrVzFV.exe
  2⤵
  PID:6604
- C:\Windows\System\ItQbTUP.exe
  C:\Windows\System\ItQbTUP.exe
  2⤵
  PID:6624
- C:\Windows\System\XVXuaRQ.exe
  C:\Windows\System\XVXuaRQ.exe
  2⤵
  PID:6644
- C:\Windows\System\UTEyGcm.exe
  C:\Windows\System\UTEyGcm.exe
  2⤵
  PID:6664
- C:\Windows\System\PfkBNHL.exe
  C:\Windows\System\PfkBNHL.exe
  2⤵
  PID:6684
- C:\Windows\System\qwCirqD.exe
  C:\Windows\System\qwCirqD.exe
  2⤵
  PID:6704
- C:\Windows\System\hJQhlfK.exe
  C:\Windows\System\hJQhlfK.exe
  2⤵
  PID:6724
- C:\Windows\System\FpGPBWv.exe
  C:\Windows\System\FpGPBWv.exe
  2⤵
  PID:6744
- C:\Windows\System\mOAvzrV.exe
  C:\Windows\System\mOAvzrV.exe
  2⤵
  PID:6764
- C:\Windows\System\mWQljuY.exe
  C:\Windows\System\mWQljuY.exe
  2⤵
  PID:6784
- C:\Windows\System\WIoGwIy.exe
  C:\Windows\System\WIoGwIy.exe
  2⤵
  PID:6804
- C:\Windows\System\NFKfrmi.exe
  C:\Windows\System\NFKfrmi.exe
  2⤵
  PID:6824
- C:\Windows\System\VQAJxBc.exe
  C:\Windows\System\VQAJxBc.exe
  2⤵
  PID:6848
- C:\Windows\System\CLfvmAv.exe
  C:\Windows\System\CLfvmAv.exe
  2⤵
  PID:6868
- C:\Windows\System\PZEbAHk.exe
  C:\Windows\System\PZEbAHk.exe
  2⤵
  PID:6888
- C:\Windows\System\JaEKHkf.exe
  C:\Windows\System\JaEKHkf.exe
  2⤵
  PID:6908
- C:\Windows\System\ORtcbCL.exe
  C:\Windows\System\ORtcbCL.exe
  2⤵
  PID:6928
- C:\Windows\System\gfYxEYw.exe
  C:\Windows\System\gfYxEYw.exe
  2⤵
  PID:6948
- C:\Windows\System\onMOMQd.exe
  C:\Windows\System\onMOMQd.exe
  2⤵
  PID:6968
- C:\Windows\System\HOncbzc.exe
  C:\Windows\System\HOncbzc.exe
  2⤵
  PID:6988
- C:\Windows\System\kjjtFfp.exe
  C:\Windows\System\kjjtFfp.exe
  2⤵
  PID:7008
- C:\Windows\System\rsLYfKt.exe
  C:\Windows\System\rsLYfKt.exe
  2⤵
  PID:7028
- C:\Windows\System\jAPuuDl.exe
  C:\Windows\System\jAPuuDl.exe
  2⤵
  PID:7048
- C:\Windows\System\ICjfYnM.exe
  C:\Windows\System\ICjfYnM.exe
  2⤵
  PID:7068
- C:\Windows\System\aQqSgVH.exe
  C:\Windows\System\aQqSgVH.exe
  2⤵
  PID:7088
- C:\Windows\System\iAcENQk.exe
  C:\Windows\System\iAcENQk.exe
  2⤵
  PID:7108
- C:\Windows\System\wvMJgmh.exe
  C:\Windows\System\wvMJgmh.exe
  2⤵
  PID:7128
- C:\Windows\System\cYdtsKi.exe
  C:\Windows\System\cYdtsKi.exe
  2⤵
  PID:7148
- C:\Windows\System\istIFtq.exe
  C:\Windows\System\istIFtq.exe
  2⤵
  PID:5188
- C:\Windows\System\jyVUgza.exe
  C:\Windows\System\jyVUgza.exe
  2⤵
  PID:5624
- C:\Windows\System\DPDrBKz.exe
  C:\Windows\System\DPDrBKz.exe
  2⤵
  PID:1640
- C:\Windows\System\SQGDCae.exe
  C:\Windows\System\SQGDCae.exe
  2⤵
  PID:2944
- C:\Windows\System\RbyOaZJ.exe
  C:\Windows\System\RbyOaZJ.exe
  2⤵
  PID:856
- C:\Windows\System\LjoPMWE.exe
  C:\Windows\System\LjoPMWE.exe
  2⤵
  PID:2776
- C:\Windows\System\klYEdzn.exe
  C:\Windows\System\klYEdzn.exe
  2⤵
  PID:4404
- C:\Windows\System\cknofDl.exe
  C:\Windows\System\cknofDl.exe
  2⤵
  PID:2372
- C:\Windows\System\veKazQO.exe
  C:\Windows\System\veKazQO.exe
  2⤵
  PID:6152
- C:\Windows\System\mBTefiZ.exe
  C:\Windows\System\mBTefiZ.exe
  2⤵
  PID:5136
- C:\Windows\System\TCjRJEC.exe
  C:\Windows\System\TCjRJEC.exe
  2⤵
  PID:6196
- C:\Windows\System\hQuUAku.exe
  C:\Windows\System\hQuUAku.exe
  2⤵
  PID:6208
- C:\Windows\System\bNfjKPC.exe
  C:\Windows\System\bNfjKPC.exe
  2⤵
  PID:6276
- C:\Windows\System\VpbsSQQ.exe
  C:\Windows\System\VpbsSQQ.exe
  2⤵
  PID:6252
- C:\Windows\System\DrvWYrN.exe
  C:\Windows\System\DrvWYrN.exe
  2⤵
  PID:6308
- C:\Windows\System\ZPGZDNC.exe
  C:\Windows\System\ZPGZDNC.exe
  2⤵
  PID:6332
- C:\Windows\System\cnnYVMV.exe
  C:\Windows\System\cnnYVMV.exe
  2⤵
  PID:6392
- C:\Windows\System\AaWIETg.exe
  C:\Windows\System\AaWIETg.exe
  2⤵
  PID:6420
- C:\Windows\System\bbgLBBF.exe
  C:\Windows\System\bbgLBBF.exe
  2⤵
  PID:6452
- C:\Windows\System\SiUUzZx.exe
  C:\Windows\System\SiUUzZx.exe
  2⤵
  PID:6492
- C:\Windows\System\rXqgxQx.exe
  C:\Windows\System\rXqgxQx.exe
  2⤵
  PID:6496
- C:\Windows\System\yuExIme.exe
  C:\Windows\System\yuExIme.exe
  2⤵
  PID:6560
- C:\Windows\System\wJSkowp.exe
  C:\Windows\System\wJSkowp.exe
  2⤵
  PID:6596
- C:\Windows\System\YjzEylz.exe
  C:\Windows\System\YjzEylz.exe
  2⤵
  PID:6620
- C:\Windows\System\WQJieXX.exe
  C:\Windows\System\WQJieXX.exe
  2⤵
  PID:6680
- C:\Windows\System\ClZUihP.exe
  C:\Windows\System\ClZUihP.exe
  2⤵
  PID:6692
- C:\Windows\System\qEvANDN.exe
  C:\Windows\System\qEvANDN.exe
  2⤵
  PID:6716
- C:\Windows\System\AvQJznD.exe
  C:\Windows\System\AvQJznD.exe
  2⤵
  PID:6760
- C:\Windows\System\JYYaCSy.exe
  C:\Windows\System\JYYaCSy.exe
  2⤵
  PID:6800
- C:\Windows\System\nsaRrRl.exe
  C:\Windows\System\nsaRrRl.exe
  2⤵
  PID:6816
- C:\Windows\System\slsJYdw.exe
  C:\Windows\System\slsJYdw.exe
  2⤵
  PID:6860
- C:\Windows\System\jQoSskA.exe
  C:\Windows\System\jQoSskA.exe
  2⤵
  PID:6896
- C:\Windows\System\RKubbzR.exe
  C:\Windows\System\RKubbzR.exe
  2⤵
  PID:6920
- C:\Windows\System\AfVVSYg.exe
  C:\Windows\System\AfVVSYg.exe
  2⤵
  PID:6960
- C:\Windows\System\uzJdRSq.exe
  C:\Windows\System\uzJdRSq.exe
  2⤵
  PID:6984
- C:\Windows\System\ssEbzsR.exe
  C:\Windows\System\ssEbzsR.exe
  2⤵
  PID:7036
- C:\Windows\System\BoegkPC.exe
  C:\Windows\System\BoegkPC.exe
  2⤵
  PID:7064
- C:\Windows\System\mxNajcU.exe
  C:\Windows\System\mxNajcU.exe
  2⤵
  PID:7096
- C:\Windows\System\ecmxUEL.exe
  C:\Windows\System\ecmxUEL.exe
  2⤵
  PID:7156
- C:\Windows\System\CgxHUQu.exe
  C:\Windows\System\CgxHUQu.exe
  2⤵
  PID:7160
- C:\Windows\System\gfxZrgY.exe
  C:\Windows\System\gfxZrgY.exe
  2⤵
  PID:2820
- C:\Windows\System\tfACULN.exe
  C:\Windows\System\tfACULN.exe
  2⤵
  PID:4304
- C:\Windows\System\wUGJold.exe
  C:\Windows\System\wUGJold.exe
  2⤵
  PID:5248
- C:\Windows\System\qQJmIoj.exe
  C:\Windows\System\qQJmIoj.exe
  2⤵
  PID:6120
- C:\Windows\System\pWlkGab.exe
  C:\Windows\System\pWlkGab.exe
  2⤵
  PID:5092
- C:\Windows\System\DieaLad.exe
  C:\Windows\System\DieaLad.exe
  2⤵
  PID:1940
- C:\Windows\System\FonDDdH.exe
  C:\Windows\System\FonDDdH.exe
  2⤵
  PID:6272
- C:\Windows\System\sPmmYTc.exe
  C:\Windows\System\sPmmYTc.exe
  2⤵
  PID:6304
- C:\Windows\System\dgAByLH.exe
  C:\Windows\System\dgAByLH.exe
  2⤵
  PID:6400
- C:\Windows\System\DvuktSl.exe
  C:\Windows\System\DvuktSl.exe
  2⤵
  PID:6412
- C:\Windows\System\qVfKgHc.exe
  C:\Windows\System\qVfKgHc.exe
  2⤵
  PID:6500
- C:\Windows\System\NkdsyZd.exe
  C:\Windows\System\NkdsyZd.exe
  2⤵
  PID:6592
- C:\Windows\System\PfPJIup.exe
  C:\Windows\System\PfPJIup.exe
  2⤵
  PID:6672
- C:\Windows\System\dSJONXu.exe
  C:\Windows\System\dSJONXu.exe
  2⤵
  PID:6632
- C:\Windows\System\sMAnOGD.exe
  C:\Windows\System\sMAnOGD.exe
  2⤵
  PID:6660
- C:\Windows\System\QLbXHzd.exe
  C:\Windows\System\QLbXHzd.exe
  2⤵
  PID:6736
- C:\Windows\System\jiZnrYX.exe
  C:\Windows\System\jiZnrYX.exe
  2⤵
  PID:6812
- C:\Windows\System\VrPusTL.exe
  C:\Windows\System\VrPusTL.exe
  2⤵
  PID:6924
- C:\Windows\System\WyhUPZm.exe
  C:\Windows\System\WyhUPZm.exe
  2⤵
  PID:6956
- C:\Windows\System\FcbQiDX.exe
  C:\Windows\System\FcbQiDX.exe
  2⤵
  PID:6976
- C:\Windows\System\UQXGLHg.exe
  C:\Windows\System\UQXGLHg.exe
  2⤵
  PID:7020
- C:\Windows\System\dZZCZnR.exe
  C:\Windows\System\dZZCZnR.exe
  2⤵
  PID:7120
- C:\Windows\System\HsHFhBg.exe
  C:\Windows\System\HsHFhBg.exe
  2⤵
  PID:5860
- C:\Windows\System\jVtrvAr.exe
  C:\Windows\System\jVtrvAr.exe
  2⤵
  PID:5764
- C:\Windows\System\RlDLbIO.exe
  C:\Windows\System\RlDLbIO.exe
  2⤵
  PID:5800
- C:\Windows\System\FJNXpIo.exe
  C:\Windows\System\FJNXpIo.exe
  2⤵
  PID:5556
- C:\Windows\System\ZddPaMk.exe
  C:\Windows\System\ZddPaMk.exe
  2⤵
  PID:6188
- C:\Windows\System\wNZXmHR.exe
  C:\Windows\System\wNZXmHR.exe
  2⤵
  PID:6356
- C:\Windows\System\yVUyqmu.exe
  C:\Windows\System\yVUyqmu.exe
  2⤵
  PID:6472
- C:\Windows\System\tyGxZnm.exe
  C:\Windows\System\tyGxZnm.exe
  2⤵
  PID:7184
- C:\Windows\System\GWPdPym.exe
  C:\Windows\System\GWPdPym.exe
  2⤵
  PID:7204
- C:\Windows\System\OZBXScm.exe
  C:\Windows\System\OZBXScm.exe
  2⤵
  PID:7228
- C:\Windows\System\uyENWfO.exe
  C:\Windows\System\uyENWfO.exe
  2⤵
  PID:7248
- C:\Windows\System\XuTORlu.exe
  C:\Windows\System\XuTORlu.exe
  2⤵
  PID:7268
- C:\Windows\System\OhuXmzP.exe
  C:\Windows\System\OhuXmzP.exe
  2⤵
  PID:7292
- C:\Windows\System\GSwADSK.exe
  C:\Windows\System\GSwADSK.exe
  2⤵
  PID:7312
- C:\Windows\System\CGNbKDW.exe
  C:\Windows\System\CGNbKDW.exe
  2⤵
  PID:7332
- C:\Windows\System\oewlNfY.exe
  C:\Windows\System\oewlNfY.exe
  2⤵
  PID:7352
- C:\Windows\System\vMstNmF.exe
  C:\Windows\System\vMstNmF.exe
  2⤵
  PID:7372
- C:\Windows\System\eWNEaVE.exe
  C:\Windows\System\eWNEaVE.exe
  2⤵
  PID:7388
- C:\Windows\System\YqKgvxJ.exe
  C:\Windows\System\YqKgvxJ.exe
  2⤵
  PID:7412
- C:\Windows\System\UpMuiET.exe
  C:\Windows\System\UpMuiET.exe
  2⤵
  PID:7432
- C:\Windows\System\spOGRcF.exe
  C:\Windows\System\spOGRcF.exe
  2⤵
  PID:7452
- C:\Windows\System\XFHJYDx.exe
  C:\Windows\System\XFHJYDx.exe
  2⤵
  PID:7472
- C:\Windows\System\OXfIdvr.exe
  C:\Windows\System\OXfIdvr.exe
  2⤵
  PID:7492
- C:\Windows\System\TABVzyq.exe
  C:\Windows\System\TABVzyq.exe
  2⤵
  PID:7508
- C:\Windows\System\HdyqteT.exe
  C:\Windows\System\HdyqteT.exe
  2⤵
  PID:7532
- C:\Windows\System\xTjKLyi.exe
  C:\Windows\System\xTjKLyi.exe
  2⤵
  PID:7548
- C:\Windows\System\HwRMJCf.exe
  C:\Windows\System\HwRMJCf.exe
  2⤵
  PID:7568
- C:\Windows\System\ggPmMLs.exe
  C:\Windows\System\ggPmMLs.exe
  2⤵
  PID:7592
- C:\Windows\System\kCdBzyc.exe
  C:\Windows\System\kCdBzyc.exe
  2⤵
  PID:7612
- C:\Windows\System\FQLzpHX.exe
  C:\Windows\System\FQLzpHX.exe
  2⤵
  PID:7632
- C:\Windows\System\HIpBTNs.exe
  C:\Windows\System\HIpBTNs.exe
  2⤵
  PID:7652
- C:\Windows\System\YLtnGOm.exe
  C:\Windows\System\YLtnGOm.exe
  2⤵
  PID:7672
- C:\Windows\System\Icxhbaq.exe
  C:\Windows\System\Icxhbaq.exe
  2⤵
  PID:7692
- C:\Windows\System\kXjwyEV.exe
  C:\Windows\System\kXjwyEV.exe
  2⤵
  PID:7712
- C:\Windows\System\oVAXpiy.exe
  C:\Windows\System\oVAXpiy.exe
  2⤵
  PID:7732
- C:\Windows\System\oYMdvRm.exe
  C:\Windows\System\oYMdvRm.exe
  2⤵
  PID:7752
- C:\Windows\System\ZzGdebf.exe
  C:\Windows\System\ZzGdebf.exe
  2⤵
  PID:7772
- C:\Windows\System\ifVzZau.exe
  C:\Windows\System\ifVzZau.exe
  2⤵
  PID:7792
- C:\Windows\System\AgmMoTe.exe
  C:\Windows\System\AgmMoTe.exe
  2⤵
  PID:7812
- C:\Windows\System\RErOxqI.exe
  C:\Windows\System\RErOxqI.exe
  2⤵
  PID:7828
- C:\Windows\System\sUFDuPi.exe
  C:\Windows\System\sUFDuPi.exe
  2⤵
  PID:7848
- C:\Windows\System\AtjxZKY.exe
  C:\Windows\System\AtjxZKY.exe
  2⤵
  PID:7872
- C:\Windows\System\JUUqpUj.exe
  C:\Windows\System\JUUqpUj.exe
  2⤵
  PID:7892
- C:\Windows\System\HkxBoAM.exe
  C:\Windows\System\HkxBoAM.exe
  2⤵
  PID:7912
- C:\Windows\System\UbVpGSU.exe
  C:\Windows\System\UbVpGSU.exe
  2⤵
  PID:7932
- C:\Windows\System\FZqsYxU.exe
  C:\Windows\System\FZqsYxU.exe
  2⤵
  PID:7952
- C:\Windows\System\kHjfqqZ.exe
  C:\Windows\System\kHjfqqZ.exe
  2⤵
  PID:7968
- C:\Windows\System\ctlLpvR.exe
  C:\Windows\System\ctlLpvR.exe
  2⤵
  PID:7988
- C:\Windows\System\GWNByBu.exe
  C:\Windows\System\GWNByBu.exe
  2⤵
  PID:8008
- C:\Windows\System\jsXVyey.exe
  C:\Windows\System\jsXVyey.exe
  2⤵
  PID:8028
- C:\Windows\System\wemPXoH.exe
  C:\Windows\System\wemPXoH.exe
  2⤵
  PID:8052
- C:\Windows\System\SxwbwPB.exe
  C:\Windows\System\SxwbwPB.exe
  2⤵
  PID:8072
- C:\Windows\System\SAQpjAc.exe
  C:\Windows\System\SAQpjAc.exe
  2⤵
  PID:8092
- C:\Windows\System\rUaUhJF.exe
  C:\Windows\System\rUaUhJF.exe
  2⤵
  PID:8112
- C:\Windows\System\kNSCkkP.exe
  C:\Windows\System\kNSCkkP.exe
  2⤵
  PID:8136
- C:\Windows\System\TkCEwAf.exe
  C:\Windows\System\TkCEwAf.exe
  2⤵
  PID:8156
- C:\Windows\System\CLQCvId.exe
  C:\Windows\System\CLQCvId.exe
  2⤵
  PID:8176
- C:\Windows\System\RmEHldK.exe
  C:\Windows\System\RmEHldK.exe
  2⤵
  PID:6436
- C:\Windows\System\dSfsBMB.exe
  C:\Windows\System\dSfsBMB.exe
  2⤵
  PID:6600
- C:\Windows\System\sobDAPL.exe
  C:\Windows\System\sobDAPL.exe
  2⤵
  PID:6656
- C:\Windows\System\FkfCzRq.exe
  C:\Windows\System\FkfCzRq.exe
  2⤵
  PID:6700
- C:\Windows\System\xjRcArz.exe
  C:\Windows\System\xjRcArz.exe
  2⤵
  PID:6780
- C:\Windows\System\CvsWVrb.exe
  C:\Windows\System\CvsWVrb.exe
  2⤵
  PID:6864
- C:\Windows\System\cWyIPXa.exe
  C:\Windows\System\cWyIPXa.exe
  2⤵
  PID:7056
- C:\Windows\System\IPtRSjR.exe
  C:\Windows\System\IPtRSjR.exe
  2⤵
  PID:7084
- C:\Windows\System\GKqZUPn.exe
  C:\Windows\System\GKqZUPn.exe
  2⤵
  PID:7100
- C:\Windows\System\OTxJGCE.exe
  C:\Windows\System\OTxJGCE.exe
  2⤵
  PID:7140
- C:\Windows\System\ApEXzQn.exe
  C:\Windows\System\ApEXzQn.exe
  2⤵
  PID:6212
- C:\Windows\System\yCkvBgh.exe
  C:\Windows\System\yCkvBgh.exe
  2⤵
  PID:6388
- C:\Windows\System\LZUKBbZ.exe
  C:\Windows\System\LZUKBbZ.exe
  2⤵
  PID:6288
- C:\Windows\System\wfrPthi.exe
  C:\Windows\System\wfrPthi.exe
  2⤵
  PID:7180
- C:\Windows\System\QGdLnlP.exe
  C:\Windows\System\QGdLnlP.exe
  2⤵
  PID:7220
- C:\Windows\System\HdxIZEK.exe
  C:\Windows\System\HdxIZEK.exe
  2⤵
  PID:7260
- C:\Windows\System\AqfLnjT.exe
  C:\Windows\System\AqfLnjT.exe
  2⤵
  PID:7360
- C:\Windows\System\DESKCxP.exe
  C:\Windows\System\DESKCxP.exe
  2⤵
  PID:7304
- C:\Windows\System\qcyTAzI.exe
  C:\Windows\System\qcyTAzI.exe
  2⤵
  PID:7348
- C:\Windows\System\qIFyBYH.exe
  C:\Windows\System\qIFyBYH.exe
  2⤵
  PID:7380
- C:\Windows\System\seBXCnE.exe
  C:\Windows\System\seBXCnE.exe
  2⤵
  PID:7428
- C:\Windows\System\tWYoXox.exe
  C:\Windows\System\tWYoXox.exe
  2⤵
  PID:2612
- C:\Windows\System\sXKyCPP.exe
  C:\Windows\System\sXKyCPP.exe
  2⤵
  PID:7564
- C:\Windows\System\WDHPyQC.exe
  C:\Windows\System\WDHPyQC.exe
  2⤵
  PID:7544
- C:\Windows\System\DVpscep.exe
  C:\Windows\System\DVpscep.exe
  2⤵
  PID:7588
- C:\Windows\System\KWAIAue.exe
  C:\Windows\System\KWAIAue.exe
  2⤵
  PID:7624
- C:\Windows\System\CyOjViT.exe
  C:\Windows\System\CyOjViT.exe
  2⤵
  PID:7688
- C:\Windows\System\OOdxzkR.exe
  C:\Windows\System\OOdxzkR.exe
  2⤵
  PID:7720
- C:\Windows\System\XqhBWZc.exe
  C:\Windows\System\XqhBWZc.exe
  2⤵
  PID:7704
- C:\Windows\System\tuYqYwQ.exe
  C:\Windows\System\tuYqYwQ.exe
  2⤵
  PID:7748
- C:\Windows\System\pujFnIx.exe
  C:\Windows\System\pujFnIx.exe
  2⤵
  PID:7788
- C:\Windows\System\kWRnjAq.exe
  C:\Windows\System\kWRnjAq.exe
  2⤵
  PID:7844
- C:\Windows\System\FClnZAg.exe
  C:\Windows\System\FClnZAg.exe
  2⤵
  PID:7888
- C:\Windows\System\pFQkpAA.exe
  C:\Windows\System\pFQkpAA.exe
  2⤵
  PID:7864
- C:\Windows\System\gxvjfNS.exe
  C:\Windows\System\gxvjfNS.exe
  2⤵
  PID:7924
- C:\Windows\System\HAHWTmm.exe
  C:\Windows\System\HAHWTmm.exe
  2⤵
  PID:7964
- C:\Windows\System\bSlLovs.exe
  C:\Windows\System\bSlLovs.exe
  2⤵
  PID:7980
- C:\Windows\System\tPIPKqV.exe
  C:\Windows\System\tPIPKqV.exe
  2⤵
  PID:8044
- C:\Windows\System\xmpFjRy.exe
  C:\Windows\System\xmpFjRy.exe
  2⤵
  PID:8088
- C:\Windows\System\eQVUmux.exe
  C:\Windows\System\eQVUmux.exe
  2⤵
  PID:8120
- C:\Windows\System\pGffeac.exe
  C:\Windows\System\pGffeac.exe
  2⤵
  PID:8124
- C:\Windows\System\kOJCsnY.exe
  C:\Windows\System\kOJCsnY.exe
  2⤵
  PID:8172
- C:\Windows\System\nEjfGxR.exe
  C:\Windows\System\nEjfGxR.exe
  2⤵
  PID:8184
- C:\Windows\System\QeQNoKn.exe
  C:\Windows\System\QeQNoKn.exe
  2⤵
  PID:6676
- C:\Windows\System\HrhVKIk.exe
  C:\Windows\System\HrhVKIk.exe
  2⤵
  PID:6460
- C:\Windows\System\svcVtcu.exe
  C:\Windows\System\svcVtcu.exe
  2⤵
  PID:6884
- C:\Windows\System\LbimoZO.exe
  C:\Windows\System\LbimoZO.exe
  2⤵
  PID:4456
- C:\Windows\System\smybpxz.exe
  C:\Windows\System\smybpxz.exe
  2⤵
  PID:7144
- C:\Windows\System\ixNjPCW.exe
  C:\Windows\System\ixNjPCW.exe
  2⤵
  PID:7172
- C:\Windows\System\rPvbrku.exe
  C:\Windows\System\rPvbrku.exe
  2⤵
  PID:7176
- C:\Windows\System\TbOSNos.exe
  C:\Windows\System\TbOSNos.exe
  2⤵
  PID:7264
- C:\Windows\System\UVJWGsy.exe
  C:\Windows\System\UVJWGsy.exe
  2⤵
  PID:7240
- C:\Windows\System\ykrQHaO.exe
  C:\Windows\System\ykrQHaO.exe
  2⤵
  PID:7300
- C:\Windows\System\cjrakMK.exe
  C:\Windows\System\cjrakMK.exe
  2⤵
  PID:2620
- C:\Windows\System\GQxkYbc.exe
  C:\Windows\System\GQxkYbc.exe
  2⤵
  PID:7600
- C:\Windows\System\OKyrZZR.exe
  C:\Windows\System\OKyrZZR.exe
  2⤵
  PID:7448
- C:\Windows\System\GJRxTGK.exe
  C:\Windows\System\GJRxTGK.exe
  2⤵
  PID:7604
- C:\Windows\System\FRIHhUU.exe
  C:\Windows\System\FRIHhUU.exe
  2⤵
  PID:7700
- C:\Windows\System\rJCtHgB.exe
  C:\Windows\System\rJCtHgB.exe
  2⤵
  PID:7764
- C:\Windows\System\VjmUgrz.exe
  C:\Windows\System\VjmUgrz.exe
  2⤵
  PID:7836
- C:\Windows\System\bWKDFJV.exe
  C:\Windows\System\bWKDFJV.exe
  2⤵
  PID:7820
- C:\Windows\System\KStousb.exe
  C:\Windows\System\KStousb.exe
  2⤵
  PID:7856
- C:\Windows\System\YypDWvc.exe
  C:\Windows\System\YypDWvc.exe
  2⤵
  PID:7960
- C:\Windows\System\qHWcApR.exe
  C:\Windows\System\qHWcApR.exe
  2⤵
  PID:7904
- C:\Windows\System\ySiPNMF.exe
  C:\Windows\System\ySiPNMF.exe
  2⤵
  PID:8004
- C:\Windows\System\sVcnrIt.exe
  C:\Windows\System\sVcnrIt.exe
  2⤵
  PID:8040
- C:\Windows\System\teprhLE.exe
  C:\Windows\System\teprhLE.exe
  2⤵
  PID:8104
- C:\Windows\System\ftimEiW.exe
  C:\Windows\System\ftimEiW.exe
  2⤵
  PID:8188
- C:\Windows\System\rIeWfXB.exe
  C:\Windows\System\rIeWfXB.exe
  2⤵
  PID:2456
- C:\Windows\System\caLARVd.exe
  C:\Windows\System\caLARVd.exe
  2⤵
  PID:2784
- C:\Windows\System\LvBHzYy.exe
  C:\Windows\System\LvBHzYy.exe
  2⤵
  PID:6080
- C:\Windows\System\TMWrHhP.exe
  C:\Windows\System\TMWrHhP.exe
  2⤵
  PID:6264
- C:\Windows\System\tntgQDO.exe
  C:\Windows\System\tntgQDO.exe
  2⤵
  PID:2800
- C:\Windows\System\xbtNgXf.exe
  C:\Windows\System\xbtNgXf.exe
  2⤵
  PID:7396
- C:\Windows\System\hruXGcP.exe
  C:\Windows\System\hruXGcP.exe
  2⤵
  PID:7236
- C:\Windows\System\fnMYWlI.exe
  C:\Windows\System\fnMYWlI.exe
  2⤵
  PID:7608
- C:\Windows\System\taZcZfl.exe
  C:\Windows\System\taZcZfl.exe
  2⤵
  PID:2604
- C:\Windows\System\hMrwthF.exe
  C:\Windows\System\hMrwthF.exe
  2⤵
  PID:7468
- C:\Windows\System\aMhhQFo.exe
  C:\Windows\System\aMhhQFo.exe
  2⤵
  PID:7644
- C:\Windows\System\WaKqoCM.exe
  C:\Windows\System\WaKqoCM.exe
  2⤵
  PID:7824
- C:\Windows\System\qLyXDDS.exe
  C:\Windows\System\qLyXDDS.exe
  2⤵
  PID:4752
- C:\Windows\System\XkmSirp.exe
  C:\Windows\System\XkmSirp.exe
  2⤵
  PID:8036
- C:\Windows\System\jvksrpb.exe
  C:\Windows\System\jvksrpb.exe
  2⤵
  PID:8148
- C:\Windows\System\dqWuJjn.exe
  C:\Windows\System\dqWuJjn.exe
  2⤵
  PID:2360
- C:\Windows\System\EnNlCXz.exe
  C:\Windows\System\EnNlCXz.exe
  2⤵
  PID:6456
- C:\Windows\System\EWEFSfj.exe
  C:\Windows\System\EWEFSfj.exe
  2⤵
  PID:4624
- C:\Windows\System\zIJsJNi.exe
  C:\Windows\System\zIJsJNi.exe
  2⤵
  PID:8204
- C:\Windows\System\izCITdc.exe
  C:\Windows\System\izCITdc.exe
  2⤵
  PID:8224
- C:\Windows\System\oUJEEFp.exe
  C:\Windows\System\oUJEEFp.exe
  2⤵
  PID:8244
- C:\Windows\System\pAFOSbE.exe
  C:\Windows\System\pAFOSbE.exe
  2⤵
  PID:8264
- C:\Windows\System\uEcuZXo.exe
  C:\Windows\System\uEcuZXo.exe
  2⤵
  PID:8284
- C:\Windows\System\nPmFjNH.exe
  C:\Windows\System\nPmFjNH.exe
  2⤵
  PID:8304
- C:\Windows\System\ownjjbL.exe
  C:\Windows\System\ownjjbL.exe
  2⤵
  PID:8320
- C:\Windows\System\pVWkNjA.exe
  C:\Windows\System\pVWkNjA.exe
  2⤵
  PID:8344
- C:\Windows\System\iYiRVUf.exe
  C:\Windows\System\iYiRVUf.exe
  2⤵
  PID:8360
- C:\Windows\System\kivaIIn.exe
  C:\Windows\System\kivaIIn.exe
  2⤵
  PID:8384
- C:\Windows\System\zmnOSkV.exe
  C:\Windows\System\zmnOSkV.exe
  2⤵
  PID:8400
- C:\Windows\System\KwuylqT.exe
  C:\Windows\System\KwuylqT.exe
  2⤵
  PID:8424
- C:\Windows\System\rwDmWDV.exe
  C:\Windows\System\rwDmWDV.exe
  2⤵
  PID:8444
- C:\Windows\System\OpbHKwH.exe
  C:\Windows\System\OpbHKwH.exe
  2⤵
  PID:8468
- C:\Windows\System\MymzqDy.exe
  C:\Windows\System\MymzqDy.exe
  2⤵
  PID:8484
- C:\Windows\System\navjXEh.exe
  C:\Windows\System\navjXEh.exe
  2⤵
  PID:8508
- C:\Windows\System\mZWEiRF.exe
  C:\Windows\System\mZWEiRF.exe
  2⤵
  PID:8524
- C:\Windows\System\KRvNBla.exe
  C:\Windows\System\KRvNBla.exe
  2⤵
  PID:8548
- C:\Windows\System\nZkGUpb.exe
  C:\Windows\System\nZkGUpb.exe
  2⤵
  PID:8568
- C:\Windows\System\OtZgDlA.exe
  C:\Windows\System\OtZgDlA.exe
  2⤵
  PID:8588
- C:\Windows\System\XhNMMtC.exe
  C:\Windows\System\XhNMMtC.exe
  2⤵
  PID:8604
- C:\Windows\System\clSOAuW.exe
  C:\Windows\System\clSOAuW.exe
  2⤵
  PID:8624
- C:\Windows\System\GNsKYaw.exe
  C:\Windows\System\GNsKYaw.exe
  2⤵
  PID:8644
- C:\Windows\System\virKhLp.exe
  C:\Windows\System\virKhLp.exe
  2⤵
  PID:8660
- C:\Windows\System\GSLDuiw.exe
  C:\Windows\System\GSLDuiw.exe
  2⤵
  PID:8680
- C:\Windows\System\CRvKTTh.exe
  C:\Windows\System\CRvKTTh.exe
  2⤵
  PID:8696
- C:\Windows\System\IOVFLfr.exe
  C:\Windows\System\IOVFLfr.exe
  2⤵
  PID:8716
- C:\Windows\System\LwtWpcr.exe
  C:\Windows\System\LwtWpcr.exe
  2⤵
  PID:8732
- C:\Windows\System\RHxyKLC.exe
  C:\Windows\System\RHxyKLC.exe
  2⤵
  PID:8756
- C:\Windows\System\LbiYUHG.exe
  C:\Windows\System\LbiYUHG.exe
  2⤵
  PID:8776
- C:\Windows\System\OMLnemt.exe
  C:\Windows\System\OMLnemt.exe
  2⤵
  PID:8796
- C:\Windows\System\DKTWpwt.exe
  C:\Windows\System\DKTWpwt.exe
  2⤵
  PID:8816
- C:\Windows\System\TOPOmMy.exe
  C:\Windows\System\TOPOmMy.exe
  2⤵
  PID:8832
- C:\Windows\System\XvbXIlO.exe
  C:\Windows\System\XvbXIlO.exe
  2⤵
  PID:8848
- C:\Windows\System\ZlNpyzx.exe
  C:\Windows\System\ZlNpyzx.exe
  2⤵
  PID:8864
- C:\Windows\System\IOJuLZr.exe
  C:\Windows\System\IOJuLZr.exe
  2⤵
  PID:8880
- C:\Windows\System\WSTBeJL.exe
  C:\Windows\System\WSTBeJL.exe
  2⤵
  PID:8896
- C:\Windows\System\RaNsbLp.exe
  C:\Windows\System\RaNsbLp.exe
  2⤵
  PID:8912
- C:\Windows\System\yFBJpob.exe
  C:\Windows\System\yFBJpob.exe
  2⤵
  PID:8936
- C:\Windows\System\rLCeCda.exe
  C:\Windows\System\rLCeCda.exe
  2⤵
  PID:8952
- C:\Windows\System\mQFyFjQ.exe
  C:\Windows\System\mQFyFjQ.exe
  2⤵
  PID:8968
- C:\Windows\System\hNYlCKT.exe
  C:\Windows\System\hNYlCKT.exe
  2⤵
  PID:8984
- C:\Windows\System\Pltomoc.exe
  C:\Windows\System\Pltomoc.exe
  2⤵
  PID:9008
- C:\Windows\System\CgkFtkK.exe
  C:\Windows\System\CgkFtkK.exe
  2⤵
  PID:9088
- C:\Windows\System\ZNOOuiF.exe
  C:\Windows\System\ZNOOuiF.exe
  2⤵
  PID:9108
- C:\Windows\System\aWXekxB.exe
  C:\Windows\System\aWXekxB.exe
  2⤵
  PID:9128
- C:\Windows\System\nHjqBeX.exe
  C:\Windows\System\nHjqBeX.exe
  2⤵
  PID:9148
- C:\Windows\System\OZzlzIn.exe
  C:\Windows\System\OZzlzIn.exe
  2⤵
  PID:9168
- C:\Windows\System\vXNmNog.exe
  C:\Windows\System\vXNmNog.exe
  2⤵
  PID:9188
- C:\Windows\System\IHfIBry.exe
  C:\Windows\System\IHfIBry.exe
  2⤵
  PID:9208
- C:\Windows\System\RjYIltE.exe
  C:\Windows\System\RjYIltE.exe
  2⤵
  PID:7224
- C:\Windows\System\jIFcbEv.exe
  C:\Windows\System\jIFcbEv.exe
  2⤵
  PID:7320
- C:\Windows\System\BLodcUw.exe
  C:\Windows\System\BLodcUw.exe
  2⤵
  PID:7580
- C:\Windows\System\lcWJugz.exe
  C:\Windows\System\lcWJugz.exe
  2⤵
  PID:7424
- C:\Windows\System\lAycgGr.exe
  C:\Windows\System\lAycgGr.exe
  2⤵
  PID:7908
- C:\Windows\System\XRMJYCo.exe
  C:\Windows\System\XRMJYCo.exe
  2⤵
  PID:6440
- C:\Windows\System\lrKsfrX.exe
  C:\Windows\System\lrKsfrX.exe
  2⤵
  PID:7420
- C:\Windows\System\LcCGewG.exe
  C:\Windows\System\LcCGewG.exe
  2⤵
  PID:2832
- C:\Windows\System\EvDAMNg.exe
  C:\Windows\System\EvDAMNg.exe
  2⤵
  PID:6944
- C:\Windows\System\IlGkWwQ.exe
  C:\Windows\System\IlGkWwQ.exe
  2⤵
  PID:6476
- C:\Windows\System\KkhfaKD.exe
  C:\Windows\System\KkhfaKD.exe
  2⤵
  PID:8292
- C:\Windows\System\loAaJkh.exe
  C:\Windows\System\loAaJkh.exe
  2⤵
  PID:8280
- C:\Windows\System\XGxiVvP.exe
  C:\Windows\System\XGxiVvP.exe
  2⤵
  PID:8452
- C:\Windows\System\HJlrMsg.exe
  C:\Windows\System\HJlrMsg.exe
  2⤵
  PID:8504
- C:\Windows\System\WYdTihj.exe
  C:\Windows\System\WYdTihj.exe
  2⤵
  PID:8540
- C:\Windows\System\FtkHEjb.exe
  C:\Windows\System\FtkHEjb.exe
  2⤵
  PID:8436
- C:\Windows\System\aejVWxs.exe
  C:\Windows\System\aejVWxs.exe
  2⤵
  PID:8612
- C:\Windows\System\TYimsDb.exe
  C:\Windows\System\TYimsDb.exe
  2⤵
  PID:8620
- C:\Windows\System\AgcgYoT.exe
  C:\Windows\System\AgcgYoT.exe
  2⤵
  PID:8652
- C:\Windows\System\FMQWBFE.exe
  C:\Windows\System\FMQWBFE.exe
  2⤵
  PID:2400
- C:\Windows\System\EwvYpdn.exe
  C:\Windows\System\EwvYpdn.exe
  2⤵
  PID:8520
- C:\Windows\System\IYyPwPf.exe
  C:\Windows\System\IYyPwPf.exe
  2⤵
  PID:8728
- C:\Windows\System\cquLOBV.exe
  C:\Windows\System\cquLOBV.exe
  2⤵
  PID:8640
- C:\Windows\System\ZKMYSNV.exe
  C:\Windows\System\ZKMYSNV.exe
  2⤵
  PID:8676
- C:\Windows\System\gwTxBtd.exe
  C:\Windows\System\gwTxBtd.exe
  2⤵
  PID:8668
- C:\Windows\System\tVgLtPm.exe
  C:\Windows\System\tVgLtPm.exe
  2⤵
  PID:8804
- C:\Windows\System\oRaIBJJ.exe
  C:\Windows\System\oRaIBJJ.exe
  2⤵
  PID:8748
- C:\Windows\System\RuEmqwD.exe
  C:\Windows\System\RuEmqwD.exe
  2⤵
  PID:8840
- C:\Windows\System\zrOlkyF.exe
  C:\Windows\System\zrOlkyF.exe
  2⤵
  PID:8844
- C:\Windows\System\dgXbuUk.exe
  C:\Windows\System\dgXbuUk.exe
  2⤵
  PID:8860
- C:\Windows\System\grckIPY.exe
  C:\Windows\System\grckIPY.exe
  2⤵
  PID:8908
- C:\Windows\System\cEhSdZT.exe
  C:\Windows\System\cEhSdZT.exe
  2⤵
  PID:8932
- C:\Windows\System\MXWuVux.exe
  C:\Windows\System\MXWuVux.exe
  2⤵
  PID:8976
- C:\Windows\System\ftsAlaM.exe
  C:\Windows\System\ftsAlaM.exe
  2⤵
  PID:8992
- C:\Windows\System\eXuLuxs.exe
  C:\Windows\System\eXuLuxs.exe
  2⤵
  PID:2916
- C:\Windows\System\XkaQPnM.exe
  C:\Windows\System\XkaQPnM.exe
  2⤵
  PID:964
- C:\Windows\System\vsniKzg.exe
  C:\Windows\System\vsniKzg.exe
  2⤵
  PID:4016
- C:\Windows\System\rkfgiXm.exe
  C:\Windows\System\rkfgiXm.exe
  2⤵
  PID:2748
- C:\Windows\System\EgVJagV.exe
  C:\Windows\System\EgVJagV.exe
  2⤵
  PID:9124
- C:\Windows\System\WPDYOZY.exe
  C:\Windows\System\WPDYOZY.exe
  2⤵
  PID:9140
- C:\Windows\System\elqRKSf.exe
  C:\Windows\System\elqRKSf.exe
  2⤵
  PID:9184
- C:\Windows\System\KOvcPbJ.exe
  C:\Windows\System\KOvcPbJ.exe
  2⤵
  PID:2892
- C:\Windows\System\NtAYPrd.exe
  C:\Windows\System\NtAYPrd.exe
  2⤵
  PID:7464
- C:\Windows\System\XJlHQwe.exe
  C:\Windows\System\XJlHQwe.exe
  2⤵
  PID:7780
- C:\Windows\System\HeOhuyG.exe
  C:\Windows\System\HeOhuyG.exe
  2⤵
  PID:7948
- C:\Windows\System\GmJWYuc.exe
  C:\Windows\System\GmJWYuc.exe
  2⤵
  PID:2792
- C:\Windows\System\BklhGyz.exe
  C:\Windows\System\BklhGyz.exe
  2⤵
  PID:908
- C:\Windows\System\ztOOkcU.exe
  C:\Windows\System\ztOOkcU.exe
  2⤵
  PID:8252
- C:\Windows\System\Rxlmffo.exe
  C:\Windows\System\Rxlmffo.exe
  2⤵
  PID:2024
- C:\Windows\System\RNhEBVD.exe
  C:\Windows\System\RNhEBVD.exe
  2⤵
  PID:8084
- C:\Windows\System\jlPsGuO.exe
  C:\Windows\System\jlPsGuO.exe
  2⤵
  PID:8272
- C:\Windows\System\QhNBUty.exe
  C:\Windows\System\QhNBUty.exe
  2⤵
  PID:3068
- C:\Windows\System\eCrdYQS.exe
  C:\Windows\System\eCrdYQS.exe
  2⤵
  PID:2852
- C:\Windows\System\VPhikwl.exe
  C:\Windows\System\VPhikwl.exe
  2⤵
  PID:2280
- C:\Windows\System\kdyhLFq.exe
  C:\Windows\System\kdyhLFq.exe
  2⤵
  PID:8352
- C:\Windows\System\ipdkcqd.exe
  C:\Windows\System\ipdkcqd.exe
  2⤵
  PID:8356
- C:\Windows\System\oEJlfSB.exe
  C:\Windows\System\oEJlfSB.exe
  2⤵
  PID:484
- C:\Windows\System\WajJLXw.exe
  C:\Windows\System\WajJLXw.exe
  2⤵
  PID:8580
- C:\Windows\System\HfbfTeY.exe
  C:\Windows\System\HfbfTeY.exe
  2⤵
  PID:8432
- C:\Windows\System\NPUaxKe.exe
  C:\Windows\System\NPUaxKe.exe
  2⤵
  PID:8516
- C:\Windows\System\VTvyMNP.exe
  C:\Windows\System\VTvyMNP.exe
  2⤵
  PID:8688
- C:\Windows\System\NfoQPBU.exe
  C:\Windows\System\NfoQPBU.exe
  2⤵
  PID:8784
- C:\Windows\System\WzFqCEC.exe
  C:\Windows\System\WzFqCEC.exe
  2⤵
  PID:8704
- C:\Windows\System\PfSDKou.exe
  C:\Windows\System\PfSDKou.exe
  2⤵
  PID:8828
- C:\Windows\System\IHhYJRB.exe
  C:\Windows\System\IHhYJRB.exe
  2⤵
  PID:8876
- C:\Windows\System\SjnpKdI.exe
  C:\Windows\System\SjnpKdI.exe
  2⤵
  PID:8920
- C:\Windows\System\rgQyWAO.exe
  C:\Windows\System\rgQyWAO.exe
  2⤵
  PID:8980
- C:\Windows\System\DYAnoQJ.exe
  C:\Windows\System\DYAnoQJ.exe
  2⤵
  PID:9004
- C:\Windows\System\fYKDIqj.exe
  C:\Windows\System\fYKDIqj.exe
  2⤵
  PID:1360
- C:\Windows\System\UlCfYut.exe
  C:\Windows\System\UlCfYut.exe
  2⤵
  PID:2904
- C:\Windows\System\kNMMQuq.exe
  C:\Windows\System\kNMMQuq.exe
  2⤵
  PID:9040
- C:\Windows\System\eIGxVRO.exe
  C:\Windows\System\eIGxVRO.exe
  2⤵
  PID:9056
- C:\Windows\System\OaYiURG.exe
  C:\Windows\System\OaYiURG.exe
  2⤵
  PID:1964
- C:\Windows\System\AgtNGNN.exe
  C:\Windows\System\AgtNGNN.exe
  2⤵
  PID:5368
- C:\Windows\System\rTNFBEo.exe
  C:\Windows\System\rTNFBEo.exe
  2⤵
  PID:1784
- C:\Windows\System\tSefiWq.exe
  C:\Windows\System\tSefiWq.exe
  2⤵
  PID:7984
- C:\Windows\System\rTzJNvA.exe
  C:\Windows\System\rTzJNvA.exe
  2⤵
  PID:9196
- C:\Windows\System\XoXKUSR.exe
  C:\Windows\System\XoXKUSR.exe
  2⤵
  PID:2664
- C:\Windows\System\qryWtGA.exe
  C:\Windows\System\qryWtGA.exe
  2⤵
  PID:2660
- C:\Windows\System\JIJZWMY.exe
  C:\Windows\System\JIJZWMY.exe
  2⤵
  PID:2588
- C:\Windows\System\DoWCiDm.exe
  C:\Windows\System\DoWCiDm.exe
  2⤵
  PID:8296
- C:\Windows\System\PtZheyr.exe
  C:\Windows\System\PtZheyr.exe
  2⤵
  PID:8196
- C:\Windows\System\MSbEPsC.exe
  C:\Windows\System\MSbEPsC.exe
  2⤵
  PID:2864
- C:\Windows\System\zAaLVKV.exe
  C:\Windows\System\zAaLVKV.exe
  2⤵
  PID:2332
- C:\Windows\System\hmjgXyE.exe
  C:\Windows\System\hmjgXyE.exe
  2⤵
  PID:8372
- C:\Windows\System\EajOmNR.exe
  C:\Windows\System\EajOmNR.exe
  2⤵
  PID:2552
- C:\Windows\System\ajgBAkl.exe
  C:\Windows\System\ajgBAkl.exe
  2⤵
  PID:8476
- C:\Windows\System\RtxNwtD.exe
  C:\Windows\System\RtxNwtD.exe
  2⤵
  PID:8632
- C:\Windows\System\dPMJuIQ.exe
  C:\Windows\System\dPMJuIQ.exe
  2⤵
  PID:8996
- C:\Windows\System\SfsvRwX.exe
  C:\Windows\System\SfsvRwX.exe
  2⤵
  PID:8772
- C:\Windows\System\ivksIWb.exe
  C:\Windows\System\ivksIWb.exe
  2⤵
  PID:8892
- C:\Windows\System\AeTBBai.exe
  C:\Windows\System\AeTBBai.exe
  2⤵
  PID:1768
- C:\Windows\System\kSpFvNZ.exe
  C:\Windows\System\kSpFvNZ.exe
  2⤵
  PID:9048
- C:\Windows\System\AqxcDaC.exe
  C:\Windows\System\AqxcDaC.exe
  2⤵
  PID:9036
- C:\Windows\System\JUwAMDh.exe
  C:\Windows\System\JUwAMDh.exe
  2⤵
  PID:1984
- C:\Windows\System\MRiUEge.exe
  C:\Windows\System\MRiUEge.exe
  2⤵
  PID:9116
- C:\Windows\System\epxHIVW.exe
  C:\Windows\System\epxHIVW.exe
  2⤵
  PID:6904
- C:\Windows\System\VmyLALV.exe
  C:\Windows\System\VmyLALV.exe
  2⤵
  PID:9032
- C:\Windows\System\fvuhIwP.exe
  C:\Windows\System\fvuhIwP.exe
  2⤵
  PID:8596
- C:\Windows\System\XaTCwra.exe
  C:\Windows\System\XaTCwra.exe
  2⤵
  PID:2760
- C:\Windows\System\KNEYjEO.exe
  C:\Windows\System\KNEYjEO.exe
  2⤵
  PID:2848
- C:\Windows\System\fLAPSiT.exe
  C:\Windows\System\fLAPSiT.exe
  2⤵
  PID:2144
- C:\Windows\System\PGnvEkh.exe
  C:\Windows\System\PGnvEkh.exe
  2⤵
  PID:8216
- C:\Windows\System\QNaghSw.exe
  C:\Windows\System\QNaghSw.exe
  2⤵
  PID:8376
- C:\Windows\System\pRBBPGK.exe
  C:\Windows\System\pRBBPGK.exe
  2⤵
  PID:2724
- C:\Windows\System\Gpzcxic.exe
  C:\Windows\System\Gpzcxic.exe
  2⤵
  PID:7244
- C:\Windows\System\AhahIxM.exe
  C:\Windows\System\AhahIxM.exe
  2⤵
  PID:8808
- C:\Windows\System\LCcemvB.exe
  C:\Windows\System\LCcemvB.exe
  2⤵
  PID:8220
- C:\Windows\System\zicZNyL.exe
  C:\Windows\System\zicZNyL.exe
  2⤵
  PID:8928
- C:\Windows\System\GVELIFK.exe
  C:\Windows\System\GVELIFK.exe
  2⤵
  PID:8636
- C:\Windows\System\OCBxkSX.exe
  C:\Windows\System\OCBxkSX.exe
  2⤵
  PID:2284
- C:\Windows\System\hVBbHTz.exe
  C:\Windows\System\hVBbHTz.exe
  2⤵
  PID:8276
- C:\Windows\System\gFnAWza.exe
  C:\Windows\System\gFnAWza.exe
  2⤵
  PID:1328
- C:\Windows\System\QBvBrUw.exe
  C:\Windows\System\QBvBrUw.exe
  2⤵
  PID:9156
- C:\Windows\System\fCFitGm.exe
  C:\Windows\System\fCFitGm.exe
  2⤵
  PID:8724
- C:\Windows\System\cXHKPJq.exe
  C:\Windows\System\cXHKPJq.exe
  2⤵
  PID:9228
- C:\Windows\System\dIcYgSe.exe
  C:\Windows\System\dIcYgSe.exe
  2⤵
  PID:9244
- C:\Windows\System\fDctwRv.exe
  C:\Windows\System\fDctwRv.exe
  2⤵
  PID:9260
- C:\Windows\System\yesduwY.exe
  C:\Windows\System\yesduwY.exe
  2⤵
  PID:9276
- C:\Windows\System\sWQCROY.exe
  C:\Windows\System\sWQCROY.exe
  2⤵
  PID:9292
- C:\Windows\System\amDwxqa.exe
  C:\Windows\System\amDwxqa.exe
  2⤵
  PID:9308
- C:\Windows\System\oFRIxmv.exe
  C:\Windows\System\oFRIxmv.exe
  2⤵
  PID:9324
- C:\Windows\System\eWmvkQE.exe
  C:\Windows\System\eWmvkQE.exe
  2⤵
  PID:9340
- C:\Windows\System\UHzQhgP.exe
  C:\Windows\System\UHzQhgP.exe
  2⤵
  PID:9356
- C:\Windows\System\ZhaISwQ.exe
  C:\Windows\System\ZhaISwQ.exe
  2⤵
  PID:9372
- C:\Windows\System\PFqvuIc.exe
  C:\Windows\System\PFqvuIc.exe
  2⤵
  PID:9388
- C:\Windows\System\ePHjxTv.exe
  C:\Windows\System\ePHjxTv.exe
  2⤵
  PID:9408
- C:\Windows\System\AsBtMhD.exe
  C:\Windows\System\AsBtMhD.exe
  2⤵
  PID:9424
- C:\Windows\System\gLbdOea.exe
  C:\Windows\System\gLbdOea.exe
  2⤵
  PID:9440
- C:\Windows\System\ULdNBOS.exe
  C:\Windows\System\ULdNBOS.exe
  2⤵
  PID:9456
- C:\Windows\System\rrsZpDJ.exe
  C:\Windows\System\rrsZpDJ.exe
  2⤵
  PID:9472
- C:\Windows\System\ZAYBDTG.exe
  C:\Windows\System\ZAYBDTG.exe
  2⤵
  PID:9488
- C:\Windows\System\UaRoYQb.exe
  C:\Windows\System\UaRoYQb.exe
  2⤵
  PID:9504
- C:\Windows\System\OVKKPPd.exe
  C:\Windows\System\OVKKPPd.exe
  2⤵
  PID:9520
- C:\Windows\System\Xrbpzvv.exe
  C:\Windows\System\Xrbpzvv.exe
  2⤵
  PID:9536
- C:\Windows\System\nypiMiK.exe
  C:\Windows\System\nypiMiK.exe
  2⤵
  PID:9552
- C:\Windows\System\FdbkKmO.exe
  C:\Windows\System\FdbkKmO.exe
  2⤵
  PID:9568
- C:\Windows\System\dRCVTCu.exe
  C:\Windows\System\dRCVTCu.exe
  2⤵
  PID:9584
- C:\Windows\System\bXVpsQS.exe
  C:\Windows\System\bXVpsQS.exe
  2⤵
  PID:9600
- C:\Windows\System\dXKUFJb.exe
  C:\Windows\System\dXKUFJb.exe
  2⤵
  PID:9616
- C:\Windows\System\uhVWgDC.exe
  C:\Windows\System\uhVWgDC.exe
  2⤵
  PID:9632
- C:\Windows\System\DPLhByV.exe
  C:\Windows\System\DPLhByV.exe
  2⤵
  PID:9648
- C:\Windows\System\qnIeedU.exe
  C:\Windows\System\qnIeedU.exe
  2⤵
  PID:9664
- C:\Windows\System\chCqrRx.exe
  C:\Windows\System\chCqrRx.exe
  2⤵
  PID:9680
- C:\Windows\System\NNiEQvn.exe
  C:\Windows\System\NNiEQvn.exe
  2⤵
  PID:9696
- C:\Windows\System\mskfUSg.exe
  C:\Windows\System\mskfUSg.exe
  2⤵
  PID:9712
- C:\Windows\System\fNinbkb.exe
  C:\Windows\System\fNinbkb.exe
  2⤵
  PID:9728
- C:\Windows\System\BEWoXQJ.exe
  C:\Windows\System\BEWoXQJ.exe
  2⤵
  PID:9744
- C:\Windows\System\xdiClej.exe
  C:\Windows\System\xdiClej.exe
  2⤵
  PID:9760
- C:\Windows\System\AswGNEa.exe
  C:\Windows\System\AswGNEa.exe
  2⤵
  PID:9776
- C:\Windows\System\AzijdQE.exe
  C:\Windows\System\AzijdQE.exe
  2⤵
  PID:9792
- C:\Windows\System\PNEsdpP.exe
  C:\Windows\System\PNEsdpP.exe
  2⤵
  PID:9808
- C:\Windows\System\WFehmJn.exe
  C:\Windows\System\WFehmJn.exe
  2⤵
  PID:9824
- C:\Windows\System\pDUtiwZ.exe
  C:\Windows\System\pDUtiwZ.exe
  2⤵
  PID:9840
- C:\Windows\System\jHJLgCB.exe
  C:\Windows\System\jHJLgCB.exe
  2⤵
  PID:9856
- C:\Windows\System\TeWACRp.exe
  C:\Windows\System\TeWACRp.exe
  2⤵
  PID:9872
- C:\Windows\System\szIVuLf.exe
  C:\Windows\System\szIVuLf.exe
  2⤵
  PID:9888
- C:\Windows\System\ewkxLdw.exe
  C:\Windows\System\ewkxLdw.exe
  2⤵
  PID:9904
- C:\Windows\System\reEJlIm.exe
  C:\Windows\System\reEJlIm.exe
  2⤵
  PID:9920
- C:\Windows\System\ToGFgaW.exe
  C:\Windows\System\ToGFgaW.exe
  2⤵
  PID:9936
- C:\Windows\System\HayQQBW.exe
  C:\Windows\System\HayQQBW.exe
  2⤵
  PID:9952
- C:\Windows\System\OScEjrk.exe
  C:\Windows\System\OScEjrk.exe
  2⤵
  PID:9968
- C:\Windows\System\yByefbz.exe
  C:\Windows\System\yByefbz.exe
  2⤵
  PID:9984
- C:\Windows\System\rEWhvYS.exe
  C:\Windows\System\rEWhvYS.exe
  2⤵
  PID:10000
- C:\Windows\System\kwVBVtZ.exe
  C:\Windows\System\kwVBVtZ.exe
  2⤵
  PID:10016
- C:\Windows\System\vkGugdn.exe
  C:\Windows\System\vkGugdn.exe
  2⤵
  PID:10032
- C:\Windows\System\mnHBhSk.exe
  C:\Windows\System\mnHBhSk.exe
  2⤵
  PID:10048
- C:\Windows\System\cWVjnbd.exe
  C:\Windows\System\cWVjnbd.exe
  2⤵
  PID:10064
- C:\Windows\System\rwMBxBM.exe
  C:\Windows\System\rwMBxBM.exe
  2⤵
  PID:10080
- C:\Windows\System\ZDrAzcE.exe
  C:\Windows\System\ZDrAzcE.exe
  2⤵
  PID:10096
- C:\Windows\System\cOvxyoR.exe
  C:\Windows\System\cOvxyoR.exe
  2⤵
  PID:10112
- C:\Windows\System\PnNNuAs.exe
  C:\Windows\System\PnNNuAs.exe
  2⤵
  PID:10128
- C:\Windows\System\hbRUZFy.exe
  C:\Windows\System\hbRUZFy.exe
  2⤵
  PID:10144
- C:\Windows\System\pDsMDWf.exe
  C:\Windows\System\pDsMDWf.exe
  2⤵
  PID:10160
- C:\Windows\System\gXyVxQS.exe
  C:\Windows\System\gXyVxQS.exe
  2⤵
  PID:10176
- C:\Windows\System\cnbLLpf.exe
  C:\Windows\System\cnbLLpf.exe
  2⤵
  PID:10192
- C:\Windows\System\gEVHsCS.exe
  C:\Windows\System\gEVHsCS.exe
  2⤵
  PID:10208
- C:\Windows\System\NfqMNbh.exe
  C:\Windows\System\NfqMNbh.exe
  2⤵
  PID:10224
- C:\Windows\System\QUQqZSo.exe
  C:\Windows\System\QUQqZSo.exe
  2⤵
  PID:9100
- C:\Windows\System\wIpJpvi.exe
  C:\Windows\System\wIpJpvi.exe
  2⤵
  PID:9236
- C:\Windows\System\KIARMBz.exe
  C:\Windows\System\KIARMBz.exe
  2⤵
  PID:9256
- C:\Windows\System\gjQODbX.exe
  C:\Windows\System\gjQODbX.exe
  2⤵
  PID:9284
- C:\Windows\System\kKjGION.exe
  C:\Windows\System\kKjGION.exe
  2⤵
  PID:9348
- C:\Windows\System\VJnLHiB.exe
  C:\Windows\System\VJnLHiB.exe
  2⤵
  PID:9384
- C:\Windows\System\fAxGlwK.exe
  C:\Windows\System\fAxGlwK.exe
  2⤵
  PID:9452
- C:\Windows\System\humCDQA.exe
  C:\Windows\System\humCDQA.exe
  2⤵
  PID:9300
- C:\Windows\System\ECxFybt.exe
  C:\Windows\System\ECxFybt.exe
  2⤵
  PID:9368
- C:\Windows\System\DLLifsP.exe
  C:\Windows\System\DLLifsP.exe
  2⤵
  PID:9396
- C:\Windows\System\kRYUJSC.exe
  C:\Windows\System\kRYUJSC.exe
  2⤵
  PID:9496
- C:\Windows\System\aeiLmAz.exe
  C:\Windows\System\aeiLmAz.exe
  2⤵
  PID:9560
- C:\Windows\System\qWeAhLk.exe
  C:\Windows\System\qWeAhLk.exe
  2⤵
  PID:9512
- C:\Windows\System\EYOGRdu.exe
  C:\Windows\System\EYOGRdu.exe
  2⤵
  PID:9576
- C:\Windows\System\MiGXeJu.exe
  C:\Windows\System\MiGXeJu.exe
  2⤵
  PID:9640
- C:\Windows\System\XmuMsaV.exe
  C:\Windows\System\XmuMsaV.exe
  2⤵
  PID:9672
- C:\Windows\System\hUfzTVS.exe
  C:\Windows\System\hUfzTVS.exe
  2⤵
  PID:9736
- C:\Windows\System\vAdRtyC.exe
  C:\Windows\System\vAdRtyC.exe
  2⤵
  PID:9772
- C:\Windows\System\mCPhozo.exe
  C:\Windows\System\mCPhozo.exe
  2⤵
  PID:9660
- C:\Windows\System\MxXKcFB.exe
  C:\Windows\System\MxXKcFB.exe
  2⤵
  PID:9724
- C:\Windows\System\SwACxCA.exe
  C:\Windows\System\SwACxCA.exe
  2⤵
  PID:9788
- C:\Windows\System\bJqvTvI.exe
  C:\Windows\System\bJqvTvI.exe
  2⤵
  PID:9852
- C:\Windows\System\TYTTmZm.exe
  C:\Windows\System\TYTTmZm.exe
  2⤵
  PID:9944
- C:\Windows\System\dzbkjWF.exe
  C:\Windows\System\dzbkjWF.exe
  2⤵
  PID:9948
- C:\Windows\System\QxPYoZu.exe
  C:\Windows\System\QxPYoZu.exe
  2⤵
  PID:10012
- C:\Windows\System\OjIOSKf.exe
  C:\Windows\System\OjIOSKf.exe
  2⤵
  PID:10044
- C:\Windows\System\DNhOQCV.exe
  C:\Windows\System\DNhOQCV.exe
  2⤵
  PID:10168
- C:\Windows\System\WJrFpcX.exe
  C:\Windows\System\WJrFpcX.exe
  2⤵
  PID:9900
- C:\Windows\System\paDeFKD.exe
  C:\Windows\System\paDeFKD.exe
  2⤵
  PID:9964
- C:\Windows\System\RUBxRJA.exe
  C:\Windows\System\RUBxRJA.exe
  2⤵
  PID:10028
- C:\Windows\System\HWwbJYc.exe
  C:\Windows\System\HWwbJYc.exe
  2⤵
  PID:10092
- C:\Windows\System\aRdkyRD.exe
  C:\Windows\System\aRdkyRD.exe
  2⤵
  PID:10156
- C:\Windows\System\TynlaDB.exe
  C:\Windows\System\TynlaDB.exe
  2⤵
  PID:8316
- C:\Windows\System\nsPLEgg.exe
  C:\Windows\System\nsPLEgg.exe
  2⤵
  PID:9224
- C:\Windows\System\rqoLzDf.exe
  C:\Windows\System\rqoLzDf.exe
  2⤵
  PID:9336
- C:\Windows\System\EZHvixe.exe
  C:\Windows\System\EZHvixe.exe
  2⤵
  PID:9564
- C:\Windows\System\ebCvciT.exe
  C:\Windows\System\ebCvciT.exe
  2⤵
  PID:9804
- C:\Windows\System\HmHGHNw.exe
  C:\Windows\System\HmHGHNw.exe
  2⤵
  PID:10200
- C:\Windows\System\oDpqnPo.exe
  C:\Windows\System\oDpqnPo.exe
  2⤵
  PID:9268
- C:\Windows\System\jlveqhE.exe
  C:\Windows\System\jlveqhE.exe
  2⤵
  PID:9252
- C:\Windows\System\yottDvJ.exe
  C:\Windows\System\yottDvJ.exe
  2⤵
  PID:9464
- C:\Windows\System\qiigBpm.exe
  C:\Windows\System\qiigBpm.exe
  2⤵
  PID:9612
- C:\Windows\System\BtpDMxR.exe
  C:\Windows\System\BtpDMxR.exe
  2⤵
  PID:9656
- C:\Windows\System\FpYXMuM.exe
  C:\Windows\System\FpYXMuM.exe
  2⤵
  PID:9784
- C:\Windows\System\xjerJXx.exe
  C:\Windows\System\xjerJXx.exe
  2⤵
  PID:9912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AmDjuNH.exe

Filesize
6.0MB

MD5
67c205c3f6b772bc0470d93821ba9aa7

SHA1
8580995c66b53ea3aaec9fc7317ae77e3fb03b46

SHA256
ab4d40320b269681a08489b3262a5db97adc5177ffedcc43296d5ed9d5914acb

SHA512
9080e5e9a96299fc1e830c63f47e50760a752d9b8fa74821c7b0352302b60460e1cb16ac62c01c5a6b0ddc127089e549930b85753c4b95ce87c5ecdc51aaf919

Download Submit
C:\Windows\system\BMDAnCa.exe

Filesize
6.0MB

MD5
ef73a763a1d19e13d9038ad50f2bb5cb

SHA1
88ba30914e8efc782a1704f208cc32c133c4cba1

SHA256
060526d604f6e40058d4e52e992c852056c5da4c6454458501376fc7b74a2b66

SHA512
3816ac3fa65d9bc3168a9c47904f403be431d7c5e2e7102d412eedf2aa48bfc87988d6cb86006e1b79b1684ecb8a405d2734047343559f659fbfdc958fecee1f

Download Submit
C:\Windows\system\CuAOSTX.exe

Filesize
6.0MB

MD5
483dd1762b48b82563d3868fe378bc4e

SHA1
468f968c953cd54f8cdca0b6b6d8d25ea3f71d6c

SHA256
2eda01130e8442ba244370ce2706eed0974b0723c214ddea01dd74480d24f20a

SHA512
c52c80d425cb5155e462a17de1267deec04f9ea42fb822e04e25042e5be5b1806b65edf7436b3c94fd33f46c45fdd8c47102a469ac0d5a198955c1df2e4182df

Download Submit
C:\Windows\system\FqHjpRo.exe

Filesize
6.0MB

MD5
1fad7d9806162284dd63afdf6323d609

SHA1
af16b8655a7f0121920ffe897309a18f2f82a6b4

SHA256
f432b46eb9dfcef04269ce3ef855aa716a56fc5632395e20497e6792c2b7b6d9

SHA512
05cbfcce574b2ed56f798d3d33ffad2c7c722e4ee2bb6d6b39342af7bfad6f06e8e6232ef876d040e283d586f7ca39fded37ce0fabbbf3483068081a69670d42

Download Submit
C:\Windows\system\GoohjXK.exe

Filesize
6.0MB

MD5
8907de337b1254ebbd7c258895a256b2

SHA1
3e09dd6aa52362dd1ccabe7ede2d71bb91124626

SHA256
de3eb43a726da880247207407110b547f7364f94def91f760c0c3065d3a8054d

SHA512
767b855830abd5f9167b45cd55c1aee85bb87fc9c574086148fe41bbc8a572c328b7e889cb00acae469f3a18465577b0e32203da60d73294f1691d37d01fca22

Download Submit
C:\Windows\system\JRsLSJR.exe

Filesize
6.0MB

MD5
18701ff44289b1d591e3d23a5bd8ea8b

SHA1
1ade5e4165802b1ca273603096a8695ff7073e36

SHA256
ad717a7135c2c18fd084eada33dbff658a4996f531c52fc9ee42616431c9ab6b

SHA512
25571588489330d9a88d09ce14e56eb5d94c76d7a46a830732207ab7c76878c11a21632e486653fd95e7c0329a8b6aabe7cb1c9c818fb5b18959f4eac86aa0b4

Download Submit
C:\Windows\system\KblLbkv.exe

Filesize
6.0MB

MD5
8c2651b8d9bebed1c3d7df0c716aaf9e

SHA1
67d7c53695016882d9ec694c0dfce9c1ed3c9277

SHA256
86813110328ff1c5e0a705221a7b1ac23fd9b094721202f614c1709348495e50

SHA512
bfc79f3916b8f6056a78a82f601ca78dcde94d082794b6f28b8f9b80c220fda6dd6dc51f00a26ac04818414d35830446c43b04a444ea2885475f40dd55cd3b75

Download Submit
C:\Windows\system\LZrTHUD.exe

Filesize
6.0MB

MD5
2146b0c8936d8d5ebe2cebbc372c7646

SHA1
9e6d312f642fe8ebf66b9da6cd204abda0a1a940

SHA256
fd2b6447246a519ca925ecb1ada64aaeb9ae5cab98aeeadce09ff3f1c9c5c664

SHA512
b0be5655318d02db1c79be1bef57eb1927d676666dc1ab13f134945347046d02a376b18dea735d665014dd575bd85a5591044fe3baace2a43229a083ef90e387

Download Submit
C:\Windows\system\LvYwBtV.exe

Filesize
6.0MB

MD5
57c078fc7d1b7ca8d422f0b60eba5ba4

SHA1
a5bc07d7ab3a52bcd0c9540c00fe31f5b2f00c46

SHA256
c5465f96d7f7e56c9eb64cb078012d2375df8f2c02a37bf07af3b41f04e4d61b

SHA512
39510e7c33963acef4d0066c209767d08fbdba7f576cb7e8cae128f8a30b8fdb05105625b8126bdbe9b7ba1bf0b68efd0e85b290384abb4c6fa4617706d7065c

Download Submit
C:\Windows\system\NufndJZ.exe

Filesize
6.0MB

MD5
2f34715f444484c1c66d5552c46cfc08

SHA1
e6d7d573ae5c5a115c1b177a04436f9d5744dc89

SHA256
622ccb7a868c44a6e8d7d698be49a5c9886749880b5ccbea330a5b61cd1f6cee

SHA512
54c0c31d827bcbe561d91768eaa46734b282195a61eb4637f78a9b411befe9d0436d642b4effa1ed93eaa15e61eef652eb736c59ae7643d2313bf08fa2ad05d7

Download Submit
C:\Windows\system\SpqzYcD.exe

Filesize
6.0MB

MD5
bcec850de9b6bf0469e93fc8f9a7877f

SHA1
51087f59b5b058d24f80087cf6cb2766b5d9cc7d

SHA256
0236552c7c9f759d16382c20eab025a6c6866d6bb395e5e1f59b16c9b7506bb0

SHA512
99aa49f1082da6e4eaab5839453533730878b5bb3b3dbf4cb305df4d2e0a12b33e88acfa90d5750fa574b48c8aa959c6f342694c3e773146c2a404c31abc2089

Download Submit
C:\Windows\system\TRlOYve.exe

Filesize
6.0MB

MD5
2a27dc30499ff7cdee97c31f2a86f8d9

SHA1
f370741d542c8d06238f63004aacb3c16597413d

SHA256
83d765ddd2709e3b8524a3ed63248e4c4b3308fbc3a93b3ca86175321223d0f2

SHA512
271662a7e2af316a59dd69b4b66aadf33d9191ea4a88df7a5d3ef1593633bfbb6132a67b2bb434457057ae2af3848863f03dcefe8733fb91e6357e40d57108e8

Download Submit
C:\Windows\system\VhfoadU.exe

Filesize
6.0MB

MD5
66756b64c594d909fa9d294d02c46548

SHA1
ae99cc1b09da697e09918d401835e538f570422a

SHA256
c17fbb2c3ca312d881574b1123ed50e1abe113965f074edef03e681f1bdb7df5

SHA512
d4f7e350dfab0013298012e035a0cc9f56787bdcfe8224abbcb83cea1cd16e5a06794912944081c92a83de5c64592ad98bc0545fa11d0767bfb8758e9ec7abb1

Download Submit
C:\Windows\system\XRsBEtE.exe

Filesize
6.0MB

MD5
87a27db3c8cc82184e0c4e39c143bc19

SHA1
fe50ef1557be6865ba493474ebb2f7e7bff88b42

SHA256
d1aad3c1f1d28d20a953b891a05ec3e1419d65f94d99194df8a17ab4aab0aaaa

SHA512
daaed91814163131ecbebcbd1668d58b25e8eb48d94e2f5e2268fd3e072430c607e247cfa3f401cbe15de8ae9f216dbf7956c4636da99da5efe99fd37c1983fa

Download Submit
C:\Windows\system\XSHFDsW.exe

Filesize
6.0MB

MD5
d56ec454e5194186fc2cd19d06acb3a5

SHA1
3ef5e5c18746a714cf78d0bb1b47b25e963fa8f1

SHA256
51dd481060128b9faf21e973c80a14da4065fd7309ae062dcbd0666d4402db39

SHA512
0f9fabcae6177027d51b51eb255cea4b40046d9eab7d7035a9b4f559eca465172933b3dff22e2a27466935a54fa5799f77939f7761f4fc8b1992a474f1a90b10

Download Submit
C:\Windows\system\ZiFBMeX.exe

Filesize
6.0MB

MD5
78e03d32d9b9e9786aff5bdc47a2eb5c

SHA1
fc613bd67f8eb697430000f31485d2026d6efa3f

SHA256
a6a0f8c124d4d94ac3cc156da682af33930faac318c8dfa7b379692f5a16df5e

SHA512
bd07c41715f112856ef9a11bf822ba789869800beb86514f4087465a79686cca6a37b3d4546f5da231e023d0df3d2e8271a435ee5033dd7f9e564567550ec028

Download Submit
C:\Windows\system\ZohaGoj.exe

Filesize
6.0MB

MD5
03fc1af3dd4d5130dde3daa12216d01e

SHA1
e9a2a7a2a9c2f6ee89e0b01f74235bd109bc8b1a

SHA256
8e9e53cb1bc4719fa8c862523d8df511e7f98d15d18c6e76baba3bf35060357a

SHA512
cd277f3718896e34755e3b5b73a73da0a20ba2fd75f7fbc4845dc9b4f90a0ff83b63bbecdbf61761c085ebd6956f23df9ce7ca6275c7930c6c059f474dbbab33

Download Submit
C:\Windows\system\aqAINEF.exe

Filesize
6.0MB

MD5
029cd50723fc4e4fcc7c669570eecf51

SHA1
560cd7be71d75a007ce9d795a54d9d2fde91d50d

SHA256
21e0e85533bc074f7c6e47400f4fcd4136f9ac6cf5e71e9583c9a2947cde3454

SHA512
4d951505dea223b2de36faa41383859e91f8f3be64a583e0cd10a02edea9f24b7a1c17207eefba2c1f5a1893ba54876ebfdda954c126167a0da74b3959d48a9a

Download Submit
C:\Windows\system\azmjlkN.exe

Filesize
6.0MB

MD5
2bb9610e7f1415021cd874c686061a93

SHA1
96c10ec2ac76e7176b789e1447e36010e2268c3f

SHA256
b37e13b6246b2b546095545afd8c7fa30acb3c9211831fd31f17121cea416428

SHA512
7211e056ca458fa5e9a24944332f8913ac37570524ecb0abd77d73ee12d47257263b864ad9abe8505c79920dceaf7fd5fb471cd9c62d103bde3df8f9b04920b6

Download Submit
C:\Windows\system\enqFeAr.exe

Filesize
6.0MB

MD5
6865e5dcecb830207f765122eeb6e745

SHA1
5a17f769124e0105a065ade5047f3a51f9e5329c

SHA256
e0cc0866272f56fd6d09363659d2b1ff79f7e8adb4a9753fe6ee64004cb1fb10

SHA512
25a0c09892f5f1b5a65890d1148348a48ad2de06c803e5cc614136fa98867b5bf6896817b4f5b021bd80341778ae1187ec3956621025b5f5be6f5fcf82cae4d9

Download Submit
C:\Windows\system\hjhBHGS.exe

Filesize
6.0MB

MD5
df7aaf91605c4e6b6dd58a4a430d5885

SHA1
c2e8c4a9d1757896fe91cb0beff85af1f121a190

SHA256
81eda51bebe7e77bfab904c06a4d52a86b28c0973b4a54c0e128cdd206bcb7a3

SHA512
fc72a2967ab77bd1fd5d2cfc86da4305ffcac0b7dcce2552a34bb05bc97c4de42d0248056ceafd2d2502baa345a7739b8647fb21802b9ef328a24ee05dca6057

Download Submit
C:\Windows\system\kRqoZEk.exe

Filesize
6.0MB

MD5
7df93895ce7d060a097ae5c545d58ac2

SHA1
c91e9a6ba1dead4919cf86ca5bfca073bcabde96

SHA256
917d8a36e0c3a110d8b2d782b189b61bb85d7e83acb0b42afefb612542774f05

SHA512
af9bc531980784aa9106706cb0f66e6d51b8fd20a3ef4f64e1415f46d27fb1fc7be0f7b03a912e15de3bb4c7e86d721d45bc422882fcdaf484cfaf803a6e44de

Download Submit
C:\Windows\system\kSmzfBS.exe

Filesize
6.0MB

MD5
1fba09354a5ecbb3575650af329f69ff

SHA1
9ceb0733e834f5b3504c0c70ca1ba84e1f3c84ec

SHA256
a044e9c16cfdbb3096c4dc9a865e7b04f6d6606d8b6a1b85cfe10c618acfc999

SHA512
cfb1515dbd45f008f42e57b3f1005cbc768d83c6344aa9ec61dd111cf228e0fa5c761ec7da778f122309637d74fc5d8e932a7f9d774254553f62ac9671c0d9bb

Download Submit
C:\Windows\system\moeIfpn.exe

Filesize
6.0MB

MD5
4c1a2d757a05de00b7693419855bb50d

SHA1
9da01967cf47cae3fb0ba7c65378c9751bb9170d

SHA256
2ec751949580a1d008d0bbc5e836e32639ab339332bd8a4dee5ce503f2fed8c3

SHA512
5ff0d8e76a0c9686b2471d298831605eebc47fbf4d958d1a8c69d945b9e6dfc9342f009903a1ccbee27e95a93fc3912a0dffcd9bf9fb373ebacd08e0a0d92867

Download Submit
C:\Windows\system\nnEGyQr.exe

Filesize
6.0MB

MD5
f8919d66b8f29a154c569c7ffcc4d021

SHA1
d1eb294784ad5965b29803d0e6b1b60b1db9d917

SHA256
eaa01788c2d17ba8022dc6a445f273bb53a29ca45783da35c4736a5d5632908b

SHA512
1ba821cd22f24b927e08e9a4bd0047c0e53e8b7f626752c167b438bbf0011ca9c094088d2df3d8acee35d94518f3656ca3abb98a9a56338a410632326afb76b0

Download Submit
C:\Windows\system\opvIJdJ.exe

Filesize
6.0MB

MD5
6b6378ec4ee101732edd6514e982b6a9

SHA1
a8db674ff5c213513f16d5b0a40007a0b5d14e83

SHA256
f560015984f9c2466e9258284f6b11669eee13b99f6e410539a97ec7e2fb75e6

SHA512
8f5bddc0f889259a22d942eb533443c897e678c273e53d7addd72fddd929b91a9291476b69a23a329ae0b77eb0655be4d28f16716fc5f521f33a5c267d58927c

Download Submit
C:\Windows\system\qBbGgTg.exe

Filesize
6.0MB

MD5
fd44f40c7e0e8d4bab9cb982b8700efa

SHA1
27866c00f1ca5b485960d8b979cbdca081be1768

SHA256
7e93d8f630dd0742229a8b49125c2a85ddce54f6feeca0cc524540547a9267f6

SHA512
b8d40c8d34f4a9f6a0994a9bb9647063f138f3066dd44bfc7857349b6809aaa524ae5420f51639ff600496bed5b2ed511ba7b34305b00215b86ae3ecb2f503f8

Download Submit
C:\Windows\system\wPmnBWC.exe

Filesize
6.0MB

MD5
8bcdb297e136ce2239dcd7b5fc451cab

SHA1
bf636d22781c26692e741bec6a9b7df7ca0b9534

SHA256
146995a88358f907f05fb79928a55031d5f329957484484c5e8fa843c0397d9c

SHA512
738650b96c8e9b8babd5b7f51600a3f800ed6f59562370246de07270b22b0cee6a5f65f7e0fc429fae131e3121a4bec5b1ffee2c8d61dc1e3e7619c65eee3517

Download Submit
C:\Windows\system\yKrbfEu.exe

Filesize
6.0MB

MD5
c32ed49441dee4ee6209f5c32ba2b5ad

SHA1
aa3f9b08af98b83e0a7d4dd4e88324af6fd50083

SHA256
751c36ab51948be86a579ca343cb1830f58248fe0859e0098c51b3257c3ee1fd

SHA512
20fdc6081be612df48cdbfaf754edc65fc22eaf7580e4d642f675094ab324b4b578ab3f854cd58c80dd8adda7f1a68d966186281ac63f1ac376df8b84fd2f932

Download Submit
C:\Windows\system\zJaVNol.exe

Filesize
6.0MB

MD5
8f35491129b1e5833f3379bc5b3ae409

SHA1
c829eb97c3170ae0f3ae30c7555973647df066ff

SHA256
ffd55b54bb52d07776b090720ae862b9e1ca10aab902ab00c9fb8444b696cbe9

SHA512
5df3febef9224c3cffe475208196550a28acb974c0b3ba000984e453ccae7df6c2d6d7526b74b1bd35bb9fac70a96d39f2c8e101fdd1679cee97b9abf294500b

Download Submit
\Windows\system\LmpXEBd.exe

Filesize
6.0MB

MD5
7b6dca3881c4b162b56df2375db48eb1

SHA1
eb85242d00c1903807cf812a474438b697c06c24

SHA256
d802cb2342c540349c8fa803344b82db3292cf6a6cf7e13fc0b2446f5e132113

SHA512
5d5a33c7ad3a7019b32516bc88f1cde00da8486e313d6029d8f246c360f5487ae113d22d0b0ff1b92aa26bd6d320ad6e98913b3bc506eec8cad9b1f94153011f

Download Submit
\Windows\system\xmcMnnj.exe

Filesize
6.0MB

MD5
e236311c5be8931782784cb5b5c7bb7e

SHA1
b7c0d03e6b3ee9fd23c8acf7b1ceea5c645b737e

SHA256
3ddd02d0fae9c2b3196db736433f42b151ca233c7937f08467cbcca8613f6d84

SHA512
fcdc40da203f6ed1bb60f6fe44f3720e2c7eef7670f1420937a24304a6c0210b774354cd856422ff9261f36e3a2fc80110a6aafee9cba15f35ed86df6a411968

Download Submit
memory/548-20-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/548-4017-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1692-4020-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1692-74-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2060-98-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2060-3980-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2192-56-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2192-110-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2204-32-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2204-66-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2264-102-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2264-41-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2264-17-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-80-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2264-94-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2264-0-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2264-73-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2264-19-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2264-51-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2264-64-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2264-125-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2264-541-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2264-816-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2264-21-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2264-965-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2264-29-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2264-1450-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-45-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-92-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2264-34-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2264-1617-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2264-55-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2532-23-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-3984-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-3839-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2544-22-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3979-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-81-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-4019-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-50-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-72-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3982-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2736-36-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2912-65-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-3981-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-3976-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-49-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-4018-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/3028-93-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download