cobaltstrike | b50bbc66d3a01ec2df4f39ee17c4d7624b2a6d0ede8c020156ea3d613586d338

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e3652501244f9ed1d576cf0a2d1adb8e
SHA1

21638ed12d3cd0089e87d5552a98cd6f51777cf2
SHA256

b50bbc66d3a01ec2df4f39ee17c4d7624b2a6d0ede8c020156ea3d613586d338
SHA512

62423df4388ef55eb6bca9d886eba7ca6ff88de6e89329f447d6d2e4a502d729b47cbbbf3f36656af107266e2f1cb83584cbc0afc2705621d4af7d9809dec3fb
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUn:T+q56utgpPF8u/7n

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012281-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016de8-11.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016dea-12.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b6-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-185.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ee-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-149.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019250-141.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017497-139.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016df3-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c9-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a9-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b9-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019451-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-93.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-60.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195f0-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958e-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019512-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-47.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019509-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f1-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-46.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001749c-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017049-35.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 58 IoCs

miner

resource	yara_rule
behavioral1/memory/1676-0-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x000c000000012281-6.dat	xmrig
behavioral1/files/0x0008000000016de8-11.dat	xmrig
behavioral1/files/0x0009000000016dea-12.dat	xmrig
behavioral1/memory/1752-111-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193b6-157.dat	xmrig
behavioral1/files/0x000500000001957e-185.dat	xmrig
behavioral1/memory/2936-762-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/1676-760-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ab-183.dat	xmrig
behavioral1/files/0x0005000000019502-172.dat	xmrig
behavioral1/files/0x00050000000194ee-171.dat	xmrig
behavioral1/files/0x0005000000019360-155.dat	xmrig
behavioral1/files/0x0005000000019297-152.dat	xmrig
behavioral1/files/0x000500000001950e-149.dat	xmrig
behavioral1/files/0x0006000000019250-141.dat	xmrig
behavioral1/files/0x0007000000017497-139.dat	xmrig
behavioral1/files/0x0008000000016df3-136.dat	xmrig
behavioral1/files/0x00050000000194c9-126.dat	xmrig
behavioral1/memory/1676-117-0x0000000002320000-0x0000000002674000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a9-115.dat	xmrig
behavioral1/files/0x00050000000194b9-112.dat	xmrig
behavioral1/files/0x0005000000019451-104.dat	xmrig
behavioral1/files/0x0005000000019458-102.dat	xmrig
behavioral1/files/0x00050000000193c4-93.dat	xmrig
behavioral1/files/0x00050000000193df-91.dat	xmrig
behavioral1/memory/2816-85-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x000500000001933f-71.dat	xmrig
behavioral1/files/0x0005000000019284-60.dat	xmrig
behavioral1/files/0x00050000000195f0-189.dat	xmrig
behavioral1/files/0x000500000001958e-176.dat	xmrig
behavioral1/files/0x0005000000019512-161.dat	xmrig
behavioral1/files/0x0005000000019278-47.dat	xmrig
behavioral1/memory/2936-39-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2880-31-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2416-23-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x0005000000019509-144.dat	xmrig
behavioral1/files/0x00050000000194f1-132.dat	xmrig
behavioral1/memory/2752-109-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2720-100-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/1680-90-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/1676-88-0x0000000002320000-0x0000000002674000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a6-78.dat	xmrig
behavioral1/memory/2808-75-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019269-46.dat	xmrig
behavioral1/files/0x000700000001749c-45.dat	xmrig
behavioral1/memory/2396-44-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x0007000000017049-35.dat	xmrig
behavioral1/memory/2880-3814-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2936-3816-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2396-3815-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2808-3847-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/1752-3856-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2752-3855-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2816-3859-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/1680-3865-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2416-3886-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2720-4555-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2396	eyRtpBa.exe
2416	ryQdnLL.exe
2880	PiqqwQX.exe
2936	SfWZRnG.exe
2816	hIRUfAP.exe
2808	KEYtBSj.exe
1680	crmteXF.exe
2720	jqvNPUl.exe
2752	JipPVkO.exe
1752	DYxARUu.exe
2676	LvVbHtY.exe
1700	czQSKvd.exe
1740	wRAcFkY.exe
2900	OtLeeov.exe
2820	cWFtvwt.exe
2952	CONUgXS.exe
2960	FCXBemP.exe
2608	IRlTeTh.exe
2888	MmwUAUg.exe
2804	QGfqbFD.exe
2768	sQQSQjr.exe
680	MIyWLCS.exe
448	itlMpZP.exe
2028	vStbHDR.exe
2596	Lbcjfvt.exe
2748	QOHgVJm.exe
272	OeZbztt.exe
2004	ltYhbIW.exe
1560	ROZqSeD.exe
1116	kdQIAIf.exe
1896	QWEnKmM.exe
1220	OIMHQWQ.exe
1876	FPVKvlW.exe
708	gDtPUCx.exe
1268	gBQwdwz.exe
2468	aOXgQZu.exe
2352	FYdAGZg.exe
308	aiodDQo.exe
1764	jiYwhaZ.exe
1004	QAamuUW.exe
2648	LDJGhBz.exe
2332	eCXuwnC.exe
1536	GfeGFEO.exe
2256	iOkZEyi.exe
1592	sIbfyfM.exe
1600	jkGCXsO.exe
2108	vkoSSlt.exe
1552	aPaEwTv.exe
1512	grJnOxh.exe
3052	SfJpgUP.exe
2784	cymbHdg.exe
3012	BLvpWIH.exe
2864	YLPFhsT.exe
2452	hEIzJUs.exe
1636	yijPxlA.exe
1440	RykuTsG.exe
1816	dDBXdLw.exe
340	nJCylCm.exe
2280	EcZpqGj.exe
1736	mSIoaXx.exe
1932	FRaiwqd.exe
2944	AxfbPrT.exe
912	IUIdhtq.exe
1532	EGgGRYP.exe

Loads dropped DLL 64 IoCs

pid	Process
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 56 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1676-0-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x000c000000012281-6.dat	upx
behavioral1/files/0x0008000000016de8-11.dat	upx
behavioral1/files/0x0009000000016dea-12.dat	upx
behavioral1/memory/1752-111-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x00050000000193b6-157.dat	upx
behavioral1/files/0x000500000001957e-185.dat	upx
behavioral1/memory/2936-762-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/1676-760-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x00050000000195ab-183.dat	upx
behavioral1/files/0x0005000000019502-172.dat	upx
behavioral1/files/0x00050000000194ee-171.dat	upx
behavioral1/files/0x0005000000019360-155.dat	upx
behavioral1/files/0x0005000000019297-152.dat	upx
behavioral1/files/0x000500000001950e-149.dat	upx
behavioral1/files/0x0006000000019250-141.dat	upx
behavioral1/files/0x0007000000017497-139.dat	upx
behavioral1/files/0x0008000000016df3-136.dat	upx
behavioral1/files/0x00050000000194c9-126.dat	upx
behavioral1/files/0x00050000000194a9-115.dat	upx
behavioral1/files/0x00050000000194b9-112.dat	upx
behavioral1/files/0x0005000000019451-104.dat	upx
behavioral1/files/0x0005000000019458-102.dat	upx
behavioral1/files/0x00050000000193c4-93.dat	upx
behavioral1/files/0x00050000000193df-91.dat	upx
behavioral1/memory/2816-85-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x000500000001933f-71.dat	upx
behavioral1/files/0x0005000000019284-60.dat	upx
behavioral1/files/0x00050000000195f0-189.dat	upx
behavioral1/files/0x000500000001958e-176.dat	upx
behavioral1/files/0x0005000000019512-161.dat	upx
behavioral1/files/0x0005000000019278-47.dat	upx
behavioral1/memory/2936-39-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2880-31-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2416-23-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x0005000000019509-144.dat	upx
behavioral1/files/0x00050000000194f1-132.dat	upx
behavioral1/memory/2752-109-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2720-100-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/1680-90-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x00050000000193a6-78.dat	upx
behavioral1/memory/2808-75-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x0005000000019269-46.dat	upx
behavioral1/files/0x000700000001749c-45.dat	upx
behavioral1/memory/2396-44-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x0007000000017049-35.dat	upx
behavioral1/memory/2880-3814-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2936-3816-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2396-3815-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2808-3847-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/1752-3856-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2752-3855-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2816-3859-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/1680-3865-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2416-3886-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2720-4555-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PlTiiRo.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aodTVzZ.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFuGtJh.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGfUQBi.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RDDIqOi.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OWHFJXr.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qnMCZtG.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WOAwaPn.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PfqRFDI.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xxdiFkM.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yAAxRwq.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYKkhyi.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpdwDTt.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QGLuxcJ.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LWsRXKP.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wapCOtw.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yGlhXKw.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZdsZnff.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHTbBmW.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MoyhvKo.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EnFqzhQ.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WzrKHQH.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aiodDQo.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rqGSohT.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IvivauT.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cWFtvwt.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EfysIvk.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kLsgrcx.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\okhGXWM.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PJuehRm.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yruzdOo.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eywbOyW.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CsDPiBW.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KEYtBSj.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lmjLIeu.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mUyoQKX.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gCdeMDu.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ovgSiSi.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uzaQXpN.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OfoyIqR.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwHjsYn.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LDOMzon.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DDQsESn.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UkggLhc.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mpOeGxa.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\osEuFvu.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KkOwMMg.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jqvNPUl.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PSUwFAK.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FiBtnjV.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PzceNDw.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fzKJcuw.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cthRpBS.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hmyfaUd.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\chWlKZq.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGJDxXn.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GZagnzw.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DdmrSUg.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMvdbNY.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZwyCOUR.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mCEJsrZ.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cTdFEDg.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dBnhhnH.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChLZeyF.exe	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 2396	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1676 wrote to memory of 2396	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1676 wrote to memory of 2396	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1676 wrote to memory of 2416	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1676 wrote to memory of 2416	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1676 wrote to memory of 2416	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1676 wrote to memory of 2880	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1676 wrote to memory of 2880	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1676 wrote to memory of 2880	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1676 wrote to memory of 2820	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1676 wrote to memory of 2820	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1676 wrote to memory of 2820	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1676 wrote to memory of 2936	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1676 wrote to memory of 2936	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1676 wrote to memory of 2936	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1676 wrote to memory of 2952	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1676 wrote to memory of 2952	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1676 wrote to memory of 2952	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1676 wrote to memory of 2816	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1676 wrote to memory of 2816	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1676 wrote to memory of 2816	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1676 wrote to memory of 2960	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1676 wrote to memory of 2960	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1676 wrote to memory of 2960	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1676 wrote to memory of 2808	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1676 wrote to memory of 2808	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1676 wrote to memory of 2808	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1676 wrote to memory of 2888	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1676 wrote to memory of 2888	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1676 wrote to memory of 2888	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1676 wrote to memory of 1680	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1676 wrote to memory of 1680	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1676 wrote to memory of 1680	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1676 wrote to memory of 2804	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1676 wrote to memory of 2804	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1676 wrote to memory of 2804	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1676 wrote to memory of 2720	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1676 wrote to memory of 2720	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1676 wrote to memory of 2720	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1676 wrote to memory of 2768	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1676 wrote to memory of 2768	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1676 wrote to memory of 2768	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1676 wrote to memory of 2752	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1676 wrote to memory of 2752	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1676 wrote to memory of 2752	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1676 wrote to memory of 680	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1676 wrote to memory of 680	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1676 wrote to memory of 680	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1676 wrote to memory of 1752	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1676 wrote to memory of 1752	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1676 wrote to memory of 1752	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1676 wrote to memory of 2028	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1676 wrote to memory of 2028	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1676 wrote to memory of 2028	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1676 wrote to memory of 2676	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1676 wrote to memory of 2676	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1676 wrote to memory of 2676	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1676 wrote to memory of 2596	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1676 wrote to memory of 2596	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1676 wrote to memory of 2596	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1676 wrote to memory of 1700	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1676 wrote to memory of 1700	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1676 wrote to memory of 1700	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1676 wrote to memory of 2748	1676	2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_e3652501244f9ed1d576cf0a2d1adb8e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\System\eyRtpBa.exe
  C:\Windows\System\eyRtpBa.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\ryQdnLL.exe
  C:\Windows\System\ryQdnLL.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\PiqqwQX.exe
  C:\Windows\System\PiqqwQX.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\cWFtvwt.exe
  C:\Windows\System\cWFtvwt.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\SfWZRnG.exe
  C:\Windows\System\SfWZRnG.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\CONUgXS.exe
  C:\Windows\System\CONUgXS.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\hIRUfAP.exe
  C:\Windows\System\hIRUfAP.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\FCXBemP.exe
  C:\Windows\System\FCXBemP.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\KEYtBSj.exe
  C:\Windows\System\KEYtBSj.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\MmwUAUg.exe
  C:\Windows\System\MmwUAUg.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\crmteXF.exe
  C:\Windows\System\crmteXF.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\QGfqbFD.exe
  C:\Windows\System\QGfqbFD.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\jqvNPUl.exe
  C:\Windows\System\jqvNPUl.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\sQQSQjr.exe
  C:\Windows\System\sQQSQjr.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\JipPVkO.exe
  C:\Windows\System\JipPVkO.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\MIyWLCS.exe
  C:\Windows\System\MIyWLCS.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\DYxARUu.exe
  C:\Windows\System\DYxARUu.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\vStbHDR.exe
  C:\Windows\System\vStbHDR.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\LvVbHtY.exe
  C:\Windows\System\LvVbHtY.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\Lbcjfvt.exe
  C:\Windows\System\Lbcjfvt.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\czQSKvd.exe
  C:\Windows\System\czQSKvd.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\QOHgVJm.exe
  C:\Windows\System\QOHgVJm.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\wRAcFkY.exe
  C:\Windows\System\wRAcFkY.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\OeZbztt.exe
  C:\Windows\System\OeZbztt.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\OtLeeov.exe
  C:\Windows\System\OtLeeov.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\ltYhbIW.exe
  C:\Windows\System\ltYhbIW.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\IRlTeTh.exe
  C:\Windows\System\IRlTeTh.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\kdQIAIf.exe
  C:\Windows\System\kdQIAIf.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\itlMpZP.exe
  C:\Windows\System\itlMpZP.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\QWEnKmM.exe
  C:\Windows\System\QWEnKmM.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\ROZqSeD.exe
  C:\Windows\System\ROZqSeD.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\gBQwdwz.exe
  C:\Windows\System\gBQwdwz.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\OIMHQWQ.exe
  C:\Windows\System\OIMHQWQ.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\jiYwhaZ.exe
  C:\Windows\System\jiYwhaZ.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\FPVKvlW.exe
  C:\Windows\System\FPVKvlW.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\QAamuUW.exe
  C:\Windows\System\QAamuUW.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\gDtPUCx.exe
  C:\Windows\System\gDtPUCx.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\LDJGhBz.exe
  C:\Windows\System\LDJGhBz.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\aOXgQZu.exe
  C:\Windows\System\aOXgQZu.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\eCXuwnC.exe
  C:\Windows\System\eCXuwnC.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\FYdAGZg.exe
  C:\Windows\System\FYdAGZg.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\GfeGFEO.exe
  C:\Windows\System\GfeGFEO.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\aiodDQo.exe
  C:\Windows\System\aiodDQo.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\iOkZEyi.exe
  C:\Windows\System\iOkZEyi.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\sIbfyfM.exe
  C:\Windows\System\sIbfyfM.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\jkGCXsO.exe
  C:\Windows\System\jkGCXsO.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\vkoSSlt.exe
  C:\Windows\System\vkoSSlt.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\aPaEwTv.exe
  C:\Windows\System\aPaEwTv.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\grJnOxh.exe
  C:\Windows\System\grJnOxh.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\SfJpgUP.exe
  C:\Windows\System\SfJpgUP.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\cymbHdg.exe
  C:\Windows\System\cymbHdg.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\BLvpWIH.exe
  C:\Windows\System\BLvpWIH.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\YLPFhsT.exe
  C:\Windows\System\YLPFhsT.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\hEIzJUs.exe
  C:\Windows\System\hEIzJUs.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\yijPxlA.exe
  C:\Windows\System\yijPxlA.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\dDBXdLw.exe
  C:\Windows\System\dDBXdLw.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\RykuTsG.exe
  C:\Windows\System\RykuTsG.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\EcZpqGj.exe
  C:\Windows\System\EcZpqGj.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\nJCylCm.exe
  C:\Windows\System\nJCylCm.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\mSIoaXx.exe
  C:\Windows\System\mSIoaXx.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\FRaiwqd.exe
  C:\Windows\System\FRaiwqd.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\AxfbPrT.exe
  C:\Windows\System\AxfbPrT.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\IUIdhtq.exe
  C:\Windows\System\IUIdhtq.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\EGgGRYP.exe
  C:\Windows\System\EGgGRYP.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\hFisQaA.exe
  C:\Windows\System\hFisQaA.exe
  2⤵
  PID:2760
- C:\Windows\System\dJxeveQ.exe
  C:\Windows\System\dJxeveQ.exe
  2⤵
  PID:2156
- C:\Windows\System\hHiJPmJ.exe
  C:\Windows\System\hHiJPmJ.exe
  2⤵
  PID:1976
- C:\Windows\System\LFHxfHA.exe
  C:\Windows\System\LFHxfHA.exe
  2⤵
  PID:1760
- C:\Windows\System\maNTDnM.exe
  C:\Windows\System\maNTDnM.exe
  2⤵
  PID:2500
- C:\Windows\System\aaQTryy.exe
  C:\Windows\System\aaQTryy.exe
  2⤵
  PID:2080
- C:\Windows\System\cprBVJy.exe
  C:\Windows\System\cprBVJy.exe
  2⤵
  PID:2568
- C:\Windows\System\rrisotk.exe
  C:\Windows\System\rrisotk.exe
  2⤵
  PID:1728
- C:\Windows\System\tfLuFAv.exe
  C:\Windows\System\tfLuFAv.exe
  2⤵
  PID:2272
- C:\Windows\System\DNySCEl.exe
  C:\Windows\System\DNySCEl.exe
  2⤵
  PID:2536
- C:\Windows\System\WjSjjfq.exe
  C:\Windows\System\WjSjjfq.exe
  2⤵
  PID:852
- C:\Windows\System\rcKVNqC.exe
  C:\Windows\System\rcKVNqC.exe
  2⤵
  PID:2656
- C:\Windows\System\HCZUFiO.exe
  C:\Windows\System\HCZUFiO.exe
  2⤵
  PID:2172
- C:\Windows\System\moRyoiz.exe
  C:\Windows\System\moRyoiz.exe
  2⤵
  PID:2412
- C:\Windows\System\uqXcawA.exe
  C:\Windows\System\uqXcawA.exe
  2⤵
  PID:2400
- C:\Windows\System\EesmFJt.exe
  C:\Windows\System\EesmFJt.exe
  2⤵
  PID:2948
- C:\Windows\System\CreLvNv.exe
  C:\Windows\System\CreLvNv.exe
  2⤵
  PID:2512
- C:\Windows\System\FRxEcLU.exe
  C:\Windows\System\FRxEcLU.exe
  2⤵
  PID:696
- C:\Windows\System\pzucxOZ.exe
  C:\Windows\System\pzucxOZ.exe
  2⤵
  PID:2456
- C:\Windows\System\xccbZkt.exe
  C:\Windows\System\xccbZkt.exe
  2⤵
  PID:1340
- C:\Windows\System\qShDwLD.exe
  C:\Windows\System\qShDwLD.exe
  2⤵
  PID:3040
- C:\Windows\System\berygAp.exe
  C:\Windows\System\berygAp.exe
  2⤵
  PID:2072
- C:\Windows\System\IHDxTiu.exe
  C:\Windows\System\IHDxTiu.exe
  2⤵
  PID:2848
- C:\Windows\System\dkLpXET.exe
  C:\Windows\System\dkLpXET.exe
  2⤵
  PID:2360
- C:\Windows\System\yJbbhLu.exe
  C:\Windows\System\yJbbhLu.exe
  2⤵
  PID:2788
- C:\Windows\System\UdjzbKq.exe
  C:\Windows\System\UdjzbKq.exe
  2⤵
  PID:1580
- C:\Windows\System\VCBZgOd.exe
  C:\Windows\System\VCBZgOd.exe
  2⤵
  PID:3076
- C:\Windows\System\QjhoxCy.exe
  C:\Windows\System\QjhoxCy.exe
  2⤵
  PID:3096
- C:\Windows\System\YqyPVQK.exe
  C:\Windows\System\YqyPVQK.exe
  2⤵
  PID:3116
- C:\Windows\System\LaloNGQ.exe
  C:\Windows\System\LaloNGQ.exe
  2⤵
  PID:3136
- C:\Windows\System\GVrWuag.exe
  C:\Windows\System\GVrWuag.exe
  2⤵
  PID:3152
- C:\Windows\System\FSUOXyW.exe
  C:\Windows\System\FSUOXyW.exe
  2⤵
  PID:3172
- C:\Windows\System\jsQqiRm.exe
  C:\Windows\System\jsQqiRm.exe
  2⤵
  PID:3196
- C:\Windows\System\hnxrYqr.exe
  C:\Windows\System\hnxrYqr.exe
  2⤵
  PID:3216
- C:\Windows\System\iTtjyXE.exe
  C:\Windows\System\iTtjyXE.exe
  2⤵
  PID:3232
- C:\Windows\System\hVfCaFU.exe
  C:\Windows\System\hVfCaFU.exe
  2⤵
  PID:3252
- C:\Windows\System\BbaFUIj.exe
  C:\Windows\System\BbaFUIj.exe
  2⤵
  PID:3272
- C:\Windows\System\IMzZgGr.exe
  C:\Windows\System\IMzZgGr.exe
  2⤵
  PID:3292
- C:\Windows\System\pLBPXrf.exe
  C:\Windows\System\pLBPXrf.exe
  2⤵
  PID:3312
- C:\Windows\System\zmWKqBY.exe
  C:\Windows\System\zmWKqBY.exe
  2⤵
  PID:3336
- C:\Windows\System\gTFrHTZ.exe
  C:\Windows\System\gTFrHTZ.exe
  2⤵
  PID:3352
- C:\Windows\System\XjePgKa.exe
  C:\Windows\System\XjePgKa.exe
  2⤵
  PID:3376
- C:\Windows\System\qjKyhiY.exe
  C:\Windows\System\qjKyhiY.exe
  2⤵
  PID:3392
- C:\Windows\System\VHHeKtX.exe
  C:\Windows\System\VHHeKtX.exe
  2⤵
  PID:3416
- C:\Windows\System\zQRsJNS.exe
  C:\Windows\System\zQRsJNS.exe
  2⤵
  PID:3436
- C:\Windows\System\tYEpgcD.exe
  C:\Windows\System\tYEpgcD.exe
  2⤵
  PID:3456
- C:\Windows\System\eVwbGgT.exe
  C:\Windows\System\eVwbGgT.exe
  2⤵
  PID:3472
- C:\Windows\System\ThRvMIY.exe
  C:\Windows\System\ThRvMIY.exe
  2⤵
  PID:3496
- C:\Windows\System\pLVeDhe.exe
  C:\Windows\System\pLVeDhe.exe
  2⤵
  PID:3512
- C:\Windows\System\mUZkVkP.exe
  C:\Windows\System\mUZkVkP.exe
  2⤵
  PID:3536
- C:\Windows\System\SdKedul.exe
  C:\Windows\System\SdKedul.exe
  2⤵
  PID:3556
- C:\Windows\System\NiqiTdK.exe
  C:\Windows\System\NiqiTdK.exe
  2⤵
  PID:3576
- C:\Windows\System\qONFNPp.exe
  C:\Windows\System\qONFNPp.exe
  2⤵
  PID:3592
- C:\Windows\System\mlnVWlG.exe
  C:\Windows\System\mlnVWlG.exe
  2⤵
  PID:3616
- C:\Windows\System\OAbrTXs.exe
  C:\Windows\System\OAbrTXs.exe
  2⤵
  PID:3636
- C:\Windows\System\AsbTEdH.exe
  C:\Windows\System\AsbTEdH.exe
  2⤵
  PID:3656
- C:\Windows\System\suNuUEb.exe
  C:\Windows\System\suNuUEb.exe
  2⤵
  PID:3676
- C:\Windows\System\UNdTXmV.exe
  C:\Windows\System\UNdTXmV.exe
  2⤵
  PID:3696
- C:\Windows\System\qUrHZrN.exe
  C:\Windows\System\qUrHZrN.exe
  2⤵
  PID:3712
- C:\Windows\System\iEairWa.exe
  C:\Windows\System\iEairWa.exe
  2⤵
  PID:3736
- C:\Windows\System\qBTSYZM.exe
  C:\Windows\System\qBTSYZM.exe
  2⤵
  PID:3752
- C:\Windows\System\XtCBzYN.exe
  C:\Windows\System\XtCBzYN.exe
  2⤵
  PID:3776
- C:\Windows\System\HlNWkLL.exe
  C:\Windows\System\HlNWkLL.exe
  2⤵
  PID:3796
- C:\Windows\System\jgRntgt.exe
  C:\Windows\System\jgRntgt.exe
  2⤵
  PID:3816
- C:\Windows\System\sfxfmQy.exe
  C:\Windows\System\sfxfmQy.exe
  2⤵
  PID:3832
- C:\Windows\System\CESaCBC.exe
  C:\Windows\System\CESaCBC.exe
  2⤵
  PID:3856
- C:\Windows\System\orlfCkw.exe
  C:\Windows\System\orlfCkw.exe
  2⤵
  PID:3872
- C:\Windows\System\fkKhyPi.exe
  C:\Windows\System\fkKhyPi.exe
  2⤵
  PID:3896
- C:\Windows\System\IDPAxYI.exe
  C:\Windows\System\IDPAxYI.exe
  2⤵
  PID:3916
- C:\Windows\System\RatGByh.exe
  C:\Windows\System\RatGByh.exe
  2⤵
  PID:3936
- C:\Windows\System\QeSbdvo.exe
  C:\Windows\System\QeSbdvo.exe
  2⤵
  PID:3956
- C:\Windows\System\eaBNzCy.exe
  C:\Windows\System\eaBNzCy.exe
  2⤵
  PID:3976
- C:\Windows\System\HabwAHZ.exe
  C:\Windows\System\HabwAHZ.exe
  2⤵
  PID:3992
- C:\Windows\System\NVYbYBo.exe
  C:\Windows\System\NVYbYBo.exe
  2⤵
  PID:4016
- C:\Windows\System\iFyPTYd.exe
  C:\Windows\System\iFyPTYd.exe
  2⤵
  PID:4036
- C:\Windows\System\dNTpwtt.exe
  C:\Windows\System\dNTpwtt.exe
  2⤵
  PID:4056
- C:\Windows\System\oxzmEol.exe
  C:\Windows\System\oxzmEol.exe
  2⤵
  PID:4072
- C:\Windows\System\AHTOyGW.exe
  C:\Windows\System\AHTOyGW.exe
  2⤵
  PID:4092
- C:\Windows\System\jFuGtJh.exe
  C:\Windows\System\jFuGtJh.exe
  2⤵
  PID:2516
- C:\Windows\System\aZVvEvN.exe
  C:\Windows\System\aZVvEvN.exe
  2⤵
  PID:2296
- C:\Windows\System\ZdsZnff.exe
  C:\Windows\System\ZdsZnff.exe
  2⤵
  PID:112
- C:\Windows\System\INooYDn.exe
  C:\Windows\System\INooYDn.exe
  2⤵
  PID:3060
- C:\Windows\System\GZagnzw.exe
  C:\Windows\System\GZagnzw.exe
  2⤵
  PID:1284
- C:\Windows\System\epCJQHH.exe
  C:\Windows\System\epCJQHH.exe
  2⤵
  PID:2316
- C:\Windows\System\BqdimLr.exe
  C:\Windows\System\BqdimLr.exe
  2⤵
  PID:2616
- C:\Windows\System\KCYkoQf.exe
  C:\Windows\System\KCYkoQf.exe
  2⤵
  PID:332
- C:\Windows\System\QgrfOBM.exe
  C:\Windows\System\QgrfOBM.exe
  2⤵
  PID:1420
- C:\Windows\System\PHdXSjf.exe
  C:\Windows\System\PHdXSjf.exe
  2⤵
  PID:2684
- C:\Windows\System\xpgJznY.exe
  C:\Windows\System\xpgJznY.exe
  2⤵
  PID:2920
- C:\Windows\System\dHQdvtT.exe
  C:\Windows\System\dHQdvtT.exe
  2⤵
  PID:2460
- C:\Windows\System\ZFElrsS.exe
  C:\Windows\System\ZFElrsS.exe
  2⤵
  PID:3036
- C:\Windows\System\gRfcgzM.exe
  C:\Windows\System\gRfcgzM.exe
  2⤵
  PID:3104
- C:\Windows\System\EpvxFnu.exe
  C:\Windows\System\EpvxFnu.exe
  2⤵
  PID:3164
- C:\Windows\System\WOAwaPn.exe
  C:\Windows\System\WOAwaPn.exe
  2⤵
  PID:3212
- C:\Windows\System\XwGDQcf.exe
  C:\Windows\System\XwGDQcf.exe
  2⤵
  PID:3240
- C:\Windows\System\NFrmKZS.exe
  C:\Windows\System\NFrmKZS.exe
  2⤵
  PID:3224
- C:\Windows\System\sMtqiOv.exe
  C:\Windows\System\sMtqiOv.exe
  2⤵
  PID:3260
- C:\Windows\System\QZRMMZy.exe
  C:\Windows\System\QZRMMZy.exe
  2⤵
  PID:3360
- C:\Windows\System\VFvmVRk.exe
  C:\Windows\System\VFvmVRk.exe
  2⤵
  PID:3368
- C:\Windows\System\nGFikJm.exe
  C:\Windows\System\nGFikJm.exe
  2⤵
  PID:3404
- C:\Windows\System\YtVpEWl.exe
  C:\Windows\System\YtVpEWl.exe
  2⤵
  PID:3384
- C:\Windows\System\FGqVQpm.exe
  C:\Windows\System\FGqVQpm.exe
  2⤵
  PID:3428
- C:\Windows\System\xjdbQGa.exe
  C:\Windows\System\xjdbQGa.exe
  2⤵
  PID:3492
- C:\Windows\System\FroRlWC.exe
  C:\Windows\System\FroRlWC.exe
  2⤵
  PID:3532
- C:\Windows\System\DpdwDTt.exe
  C:\Windows\System\DpdwDTt.exe
  2⤵
  PID:3572
- C:\Windows\System\xkRroYr.exe
  C:\Windows\System\xkRroYr.exe
  2⤵
  PID:3604
- C:\Windows\System\LevRIVu.exe
  C:\Windows\System\LevRIVu.exe
  2⤵
  PID:3584
- C:\Windows\System\EkhBDoL.exe
  C:\Windows\System\EkhBDoL.exe
  2⤵
  PID:3632
- C:\Windows\System\DRmXAHx.exe
  C:\Windows\System\DRmXAHx.exe
  2⤵
  PID:3664
- C:\Windows\System\zPGjLhE.exe
  C:\Windows\System\zPGjLhE.exe
  2⤵
  PID:3728
- C:\Windows\System\NyVpQsv.exe
  C:\Windows\System\NyVpQsv.exe
  2⤵
  PID:3764
- C:\Windows\System\GOwIdsP.exe
  C:\Windows\System\GOwIdsP.exe
  2⤵
  PID:3804
- C:\Windows\System\iTSBizh.exe
  C:\Windows\System\iTSBizh.exe
  2⤵
  PID:3808
- C:\Windows\System\hXoFNgT.exe
  C:\Windows\System\hXoFNgT.exe
  2⤵
  PID:3828
- C:\Windows\System\pSlOvKc.exe
  C:\Windows\System\pSlOvKc.exe
  2⤵
  PID:3884
- C:\Windows\System\ZBmkpOw.exe
  C:\Windows\System\ZBmkpOw.exe
  2⤵
  PID:3932
- C:\Windows\System\ubzgtlT.exe
  C:\Windows\System\ubzgtlT.exe
  2⤵
  PID:3964
- C:\Windows\System\QfXcZFY.exe
  C:\Windows\System\QfXcZFY.exe
  2⤵
  PID:4008
- C:\Windows\System\GVAPAoT.exe
  C:\Windows\System\GVAPAoT.exe
  2⤵
  PID:4048
- C:\Windows\System\xaUVcQT.exe
  C:\Windows\System\xaUVcQT.exe
  2⤵
  PID:4080
- C:\Windows\System\EeHiDpP.exe
  C:\Windows\System\EeHiDpP.exe
  2⤵
  PID:4068
- C:\Windows\System\Cssgdih.exe
  C:\Windows\System\Cssgdih.exe
  2⤵
  PID:1228
- C:\Windows\System\vDALeno.exe
  C:\Windows\System\vDALeno.exe
  2⤵
  PID:2964
- C:\Windows\System\CKwFsou.exe
  C:\Windows\System\CKwFsou.exe
  2⤵
  PID:1628
- C:\Windows\System\hSzxAcp.exe
  C:\Windows\System\hSzxAcp.exe
  2⤵
  PID:2736
- C:\Windows\System\appAmWx.exe
  C:\Windows\System\appAmWx.exe
  2⤵
  PID:2096
- C:\Windows\System\GyeDBQy.exe
  C:\Windows\System\GyeDBQy.exe
  2⤵
  PID:2712
- C:\Windows\System\rAOLmcA.exe
  C:\Windows\System\rAOLmcA.exe
  2⤵
  PID:2000
- C:\Windows\System\DokMxYS.exe
  C:\Windows\System\DokMxYS.exe
  2⤵
  PID:3128
- C:\Windows\System\NFmFmUu.exe
  C:\Windows\System\NFmFmUu.exe
  2⤵
  PID:3168
- C:\Windows\System\qfTztZs.exe
  C:\Windows\System\qfTztZs.exe
  2⤵
  PID:3188
- C:\Windows\System\yTmqsND.exe
  C:\Windows\System\yTmqsND.exe
  2⤵
  PID:3192
- C:\Windows\System\UporLMp.exe
  C:\Windows\System\UporLMp.exe
  2⤵
  PID:3320
- C:\Windows\System\ANzmRIg.exe
  C:\Windows\System\ANzmRIg.exe
  2⤵
  PID:3300
- C:\Windows\System\biWhAvp.exe
  C:\Windows\System\biWhAvp.exe
  2⤵
  PID:3388
- C:\Windows\System\QGLuxcJ.exe
  C:\Windows\System\QGLuxcJ.exe
  2⤵
  PID:3504
- C:\Windows\System\accHMob.exe
  C:\Windows\System\accHMob.exe
  2⤵
  PID:3484
- C:\Windows\System\xkluutk.exe
  C:\Windows\System\xkluutk.exe
  2⤵
  PID:3600
- C:\Windows\System\poQFcQl.exe
  C:\Windows\System\poQFcQl.exe
  2⤵
  PID:3668
- C:\Windows\System\sJgSeub.exe
  C:\Windows\System\sJgSeub.exe
  2⤵
  PID:3548
- C:\Windows\System\gFDqPaF.exe
  C:\Windows\System\gFDqPaF.exe
  2⤵
  PID:3772
- C:\Windows\System\uaZcSoR.exe
  C:\Windows\System\uaZcSoR.exe
  2⤵
  PID:3848
- C:\Windows\System\sAGQrcx.exe
  C:\Windows\System\sAGQrcx.exe
  2⤵
  PID:3812
- C:\Windows\System\iOisati.exe
  C:\Windows\System\iOisati.exe
  2⤵
  PID:4000
- C:\Windows\System\EmAJdoL.exe
  C:\Windows\System\EmAJdoL.exe
  2⤵
  PID:3944
- C:\Windows\System\djzShPM.exe
  C:\Windows\System\djzShPM.exe
  2⤵
  PID:4028
- C:\Windows\System\EcoWBbX.exe
  C:\Windows\System\EcoWBbX.exe
  2⤵
  PID:4044
- C:\Windows\System\kxQvynN.exe
  C:\Windows\System\kxQvynN.exe
  2⤵
  PID:4116
- C:\Windows\System\fkLJAvo.exe
  C:\Windows\System\fkLJAvo.exe
  2⤵
  PID:4136
- C:\Windows\System\qlOLOaU.exe
  C:\Windows\System\qlOLOaU.exe
  2⤵
  PID:4156
- C:\Windows\System\JJxBQHJ.exe
  C:\Windows\System\JJxBQHJ.exe
  2⤵
  PID:4180
- C:\Windows\System\MQBiiFH.exe
  C:\Windows\System\MQBiiFH.exe
  2⤵
  PID:4200
- C:\Windows\System\xgnYbmu.exe
  C:\Windows\System\xgnYbmu.exe
  2⤵
  PID:4216
- C:\Windows\System\QzNZvOV.exe
  C:\Windows\System\QzNZvOV.exe
  2⤵
  PID:4236
- C:\Windows\System\HqbxiuM.exe
  C:\Windows\System\HqbxiuM.exe
  2⤵
  PID:4256
- C:\Windows\System\IfiZFdu.exe
  C:\Windows\System\IfiZFdu.exe
  2⤵
  PID:4276
- C:\Windows\System\StmhRGy.exe
  C:\Windows\System\StmhRGy.exe
  2⤵
  PID:4292
- C:\Windows\System\JCsGGPl.exe
  C:\Windows\System\JCsGGPl.exe
  2⤵
  PID:4312
- C:\Windows\System\YvypHfO.exe
  C:\Windows\System\YvypHfO.exe
  2⤵
  PID:4328
- C:\Windows\System\rVxdQTw.exe
  C:\Windows\System\rVxdQTw.exe
  2⤵
  PID:4368
- C:\Windows\System\VUvLJxv.exe
  C:\Windows\System\VUvLJxv.exe
  2⤵
  PID:4388
- C:\Windows\System\uxUsTHa.exe
  C:\Windows\System\uxUsTHa.exe
  2⤵
  PID:4412
- C:\Windows\System\dxBDQOB.exe
  C:\Windows\System\dxBDQOB.exe
  2⤵
  PID:4428
- C:\Windows\System\lmjLIeu.exe
  C:\Windows\System\lmjLIeu.exe
  2⤵
  PID:4448
- C:\Windows\System\dgsQgYQ.exe
  C:\Windows\System\dgsQgYQ.exe
  2⤵
  PID:4464
- C:\Windows\System\PHfhXaz.exe
  C:\Windows\System\PHfhXaz.exe
  2⤵
  PID:4480
- C:\Windows\System\EfysIvk.exe
  C:\Windows\System\EfysIvk.exe
  2⤵
  PID:4508
- C:\Windows\System\qPhDUvW.exe
  C:\Windows\System\qPhDUvW.exe
  2⤵
  PID:4532
- C:\Windows\System\VnnhItk.exe
  C:\Windows\System\VnnhItk.exe
  2⤵
  PID:4548
- C:\Windows\System\WfvNgOe.exe
  C:\Windows\System\WfvNgOe.exe
  2⤵
  PID:4568
- C:\Windows\System\biHvvLU.exe
  C:\Windows\System\biHvvLU.exe
  2⤵
  PID:4584
- C:\Windows\System\bkvouGb.exe
  C:\Windows\System\bkvouGb.exe
  2⤵
  PID:4612
- C:\Windows\System\eweljIN.exe
  C:\Windows\System\eweljIN.exe
  2⤵
  PID:4632
- C:\Windows\System\hyJfATQ.exe
  C:\Windows\System\hyJfATQ.exe
  2⤵
  PID:4652
- C:\Windows\System\AHEANVr.exe
  C:\Windows\System\AHEANVr.exe
  2⤵
  PID:4668
- C:\Windows\System\gbqLtgP.exe
  C:\Windows\System\gbqLtgP.exe
  2⤵
  PID:4688
- C:\Windows\System\brwBPys.exe
  C:\Windows\System\brwBPys.exe
  2⤵
  PID:4712
- C:\Windows\System\FQSUqHM.exe
  C:\Windows\System\FQSUqHM.exe
  2⤵
  PID:4732
- C:\Windows\System\ikLWRKc.exe
  C:\Windows\System\ikLWRKc.exe
  2⤵
  PID:4752
- C:\Windows\System\kfHGOmy.exe
  C:\Windows\System\kfHGOmy.exe
  2⤵
  PID:4772
- C:\Windows\System\xOzRxuL.exe
  C:\Windows\System\xOzRxuL.exe
  2⤵
  PID:4788
- C:\Windows\System\lgnHPyY.exe
  C:\Windows\System\lgnHPyY.exe
  2⤵
  PID:4812
- C:\Windows\System\zuGjLqV.exe
  C:\Windows\System\zuGjLqV.exe
  2⤵
  PID:4828
- C:\Windows\System\UiYWUag.exe
  C:\Windows\System\UiYWUag.exe
  2⤵
  PID:4848
- C:\Windows\System\Epujgxi.exe
  C:\Windows\System\Epujgxi.exe
  2⤵
  PID:4864
- C:\Windows\System\DAyzjOB.exe
  C:\Windows\System\DAyzjOB.exe
  2⤵
  PID:4892
- C:\Windows\System\etwKfjN.exe
  C:\Windows\System\etwKfjN.exe
  2⤵
  PID:4908
- C:\Windows\System\yvHQKSN.exe
  C:\Windows\System\yvHQKSN.exe
  2⤵
  PID:4932
- C:\Windows\System\CpmKsOK.exe
  C:\Windows\System\CpmKsOK.exe
  2⤵
  PID:4948
- C:\Windows\System\GFmoOmx.exe
  C:\Windows\System\GFmoOmx.exe
  2⤵
  PID:4968
- C:\Windows\System\mTpRsGE.exe
  C:\Windows\System\mTpRsGE.exe
  2⤵
  PID:4988
- C:\Windows\System\SVGFuoz.exe
  C:\Windows\System\SVGFuoz.exe
  2⤵
  PID:5004
- C:\Windows\System\CKZFTaS.exe
  C:\Windows\System\CKZFTaS.exe
  2⤵
  PID:5020
- C:\Windows\System\hIMGZmu.exe
  C:\Windows\System\hIMGZmu.exe
  2⤵
  PID:5044
- C:\Windows\System\yKwiwiR.exe
  C:\Windows\System\yKwiwiR.exe
  2⤵
  PID:5072
- C:\Windows\System\KRIvzdn.exe
  C:\Windows\System\KRIvzdn.exe
  2⤵
  PID:5092
- C:\Windows\System\SVYaNLP.exe
  C:\Windows\System\SVYaNLP.exe
  2⤵
  PID:5108
- C:\Windows\System\UMeiPnd.exe
  C:\Windows\System\UMeiPnd.exe
  2⤵
  PID:2756
- C:\Windows\System\TCDbscV.exe
  C:\Windows\System\TCDbscV.exe
  2⤵
  PID:2124
- C:\Windows\System\odzNwNp.exe
  C:\Windows\System\odzNwNp.exe
  2⤵
  PID:1452
- C:\Windows\System\RuzyvnM.exe
  C:\Windows\System\RuzyvnM.exe
  2⤵
  PID:2904
- C:\Windows\System\yvxAcUZ.exe
  C:\Windows\System\yvxAcUZ.exe
  2⤵
  PID:2844
- C:\Windows\System\ZZeCpwj.exe
  C:\Windows\System\ZZeCpwj.exe
  2⤵
  PID:3400
- C:\Windows\System\DRbfCAs.exe
  C:\Windows\System\DRbfCAs.exe
  2⤵
  PID:3160
- C:\Windows\System\tCnmivJ.exe
  C:\Windows\System\tCnmivJ.exe
  2⤵
  PID:3564
- C:\Windows\System\NdBBQrS.exe
  C:\Windows\System\NdBBQrS.exe
  2⤵
  PID:3284
- C:\Windows\System\OGHbCwg.exe
  C:\Windows\System\OGHbCwg.exe
  2⤵
  PID:3448
- C:\Windows\System\khhPBHQ.exe
  C:\Windows\System\khhPBHQ.exe
  2⤵
  PID:3748
- C:\Windows\System\fchZVOZ.exe
  C:\Windows\System\fchZVOZ.exe
  2⤵
  PID:3624
- C:\Windows\System\UawneaO.exe
  C:\Windows\System\UawneaO.exe
  2⤵
  PID:3888
- C:\Windows\System\YFajXDg.exe
  C:\Windows\System\YFajXDg.exe
  2⤵
  PID:4112
- C:\Windows\System\WVkpiRe.exe
  C:\Windows\System\WVkpiRe.exe
  2⤵
  PID:3784
- C:\Windows\System\eINFHPP.exe
  C:\Windows\System\eINFHPP.exe
  2⤵
  PID:3864
- C:\Windows\System\JLWrvOA.exe
  C:\Windows\System\JLWrvOA.exe
  2⤵
  PID:4128
- C:\Windows\System\RWXIYid.exe
  C:\Windows\System\RWXIYid.exe
  2⤵
  PID:4188
- C:\Windows\System\OLVpSXN.exe
  C:\Windows\System\OLVpSXN.exe
  2⤵
  PID:4176
- C:\Windows\System\NzbEqSy.exe
  C:\Windows\System\NzbEqSy.exe
  2⤵
  PID:4228
- C:\Windows\System\uEknTwR.exe
  C:\Windows\System\uEknTwR.exe
  2⤵
  PID:4308
- C:\Windows\System\PUQiBQU.exe
  C:\Windows\System\PUQiBQU.exe
  2⤵
  PID:4320
- C:\Windows\System\UweiVgL.exe
  C:\Windows\System\UweiVgL.exe
  2⤵
  PID:4396
- C:\Windows\System\yXRcdQR.exe
  C:\Windows\System\yXRcdQR.exe
  2⤵
  PID:4288
- C:\Windows\System\MGSMXvq.exe
  C:\Windows\System\MGSMXvq.exe
  2⤵
  PID:4436
- C:\Windows\System\mlAzZYA.exe
  C:\Windows\System\mlAzZYA.exe
  2⤵
  PID:4460
- C:\Windows\System\WPzvPUu.exe
  C:\Windows\System\WPzvPUu.exe
  2⤵
  PID:4556
- C:\Windows\System\ePasOGS.exe
  C:\Windows\System\ePasOGS.exe
  2⤵
  PID:4420
- C:\Windows\System\yzGjztX.exe
  C:\Windows\System\yzGjztX.exe
  2⤵
  PID:4592
- C:\Windows\System\tOhcEHL.exe
  C:\Windows\System\tOhcEHL.exe
  2⤵
  PID:4604
- C:\Windows\System\bWTtncK.exe
  C:\Windows\System\bWTtncK.exe
  2⤵
  PID:4640
- C:\Windows\System\EpFRJhx.exe
  C:\Windows\System\EpFRJhx.exe
  2⤵
  PID:4628
- C:\Windows\System\IPsmFkU.exe
  C:\Windows\System\IPsmFkU.exe
  2⤵
  PID:4728
- C:\Windows\System\ECHltdC.exe
  C:\Windows\System\ECHltdC.exe
  2⤵
  PID:4760
- C:\Windows\System\xkWzvIP.exe
  C:\Windows\System\xkWzvIP.exe
  2⤵
  PID:4808
- C:\Windows\System\YVmSAtK.exe
  C:\Windows\System\YVmSAtK.exe
  2⤵
  PID:4748
- C:\Windows\System\VMJGEfd.exe
  C:\Windows\System\VMJGEfd.exe
  2⤵
  PID:4784
- C:\Windows\System\ojOnSUw.exe
  C:\Windows\System\ojOnSUw.exe
  2⤵
  PID:4872
- C:\Windows\System\ikGDChJ.exe
  C:\Windows\System\ikGDChJ.exe
  2⤵
  PID:4888
- C:\Windows\System\OkqJqti.exe
  C:\Windows\System\OkqJqti.exe
  2⤵
  PID:4860
- C:\Windows\System\sYazHHv.exe
  C:\Windows\System\sYazHHv.exe
  2⤵
  PID:4964
- C:\Windows\System\gLULzBW.exe
  C:\Windows\System\gLULzBW.exe
  2⤵
  PID:5032
- C:\Windows\System\zHfeSPr.exe
  C:\Windows\System\zHfeSPr.exe
  2⤵
  PID:4980
- C:\Windows\System\QiLpOHu.exe
  C:\Windows\System\QiLpOHu.exe
  2⤵
  PID:5052
- C:\Windows\System\DqXfHKi.exe
  C:\Windows\System\DqXfHKi.exe
  2⤵
  PID:5080
- C:\Windows\System\KDZQQil.exe
  C:\Windows\System\KDZQQil.exe
  2⤵
  PID:5104
- C:\Windows\System\cdSlVLW.exe
  C:\Windows\System\cdSlVLW.exe
  2⤵
  PID:324
- C:\Windows\System\KqXZqMQ.exe
  C:\Windows\System\KqXZqMQ.exe
  2⤵
  PID:3228
- C:\Windows\System\PEtTegw.exe
  C:\Windows\System\PEtTegw.exe
  2⤵
  PID:1612
- C:\Windows\System\sWRcgOH.exe
  C:\Windows\System\sWRcgOH.exe
  2⤵
  PID:3608
- C:\Windows\System\lDzqowy.exe
  C:\Windows\System\lDzqowy.exe
  2⤵
  PID:3432
- C:\Windows\System\kbidvhY.exe
  C:\Windows\System\kbidvhY.exe
  2⤵
  PID:3768
- C:\Windows\System\livJptz.exe
  C:\Windows\System\livJptz.exe
  2⤵
  PID:3688
- C:\Windows\System\HgLXwSb.exe
  C:\Windows\System\HgLXwSb.exe
  2⤵
  PID:3648
- C:\Windows\System\eEcPKHn.exe
  C:\Windows\System\eEcPKHn.exe
  2⤵
  PID:2288
- C:\Windows\System\piMCYol.exe
  C:\Windows\System\piMCYol.exe
  2⤵
  PID:2532
- C:\Windows\System\VIIkpnI.exe
  C:\Windows\System\VIIkpnI.exe
  2⤵
  PID:4132
- C:\Windows\System\lzpnFZa.exe
  C:\Windows\System\lzpnFZa.exe
  2⤵
  PID:4268
- C:\Windows\System\bIgeToF.exe
  C:\Windows\System\bIgeToF.exe
  2⤵
  PID:4356
- C:\Windows\System\hXaKWtZ.exe
  C:\Windows\System\hXaKWtZ.exe
  2⤵
  PID:4380
- C:\Windows\System\AJmSZos.exe
  C:\Windows\System\AJmSZos.exe
  2⤵
  PID:4284
- C:\Windows\System\waMMrrQ.exe
  C:\Windows\System\waMMrrQ.exe
  2⤵
  PID:4524
- C:\Windows\System\eSelMXH.exe
  C:\Windows\System\eSelMXH.exe
  2⤵
  PID:4496
- C:\Windows\System\SvDaQmG.exe
  C:\Windows\System\SvDaQmG.exe
  2⤵
  PID:4544
- C:\Windows\System\AeijrQa.exe
  C:\Windows\System\AeijrQa.exe
  2⤵
  PID:4648
- C:\Windows\System\DdmrSUg.exe
  C:\Windows\System\DdmrSUg.exe
  2⤵
  PID:4764
- C:\Windows\System\dEDOTJn.exe
  C:\Windows\System\dEDOTJn.exe
  2⤵
  PID:4880
- C:\Windows\System\goiuczU.exe
  C:\Windows\System\goiuczU.exe
  2⤵
  PID:4840
- C:\Windows\System\yFwNqrj.exe
  C:\Windows\System\yFwNqrj.exe
  2⤵
  PID:4956
- C:\Windows\System\ogfSePd.exe
  C:\Windows\System\ogfSePd.exe
  2⤵
  PID:4976
- C:\Windows\System\LNXNAgE.exe
  C:\Windows\System\LNXNAgE.exe
  2⤵
  PID:5064
- C:\Windows\System\VBevFsL.exe
  C:\Windows\System\VBevFsL.exe
  2⤵
  PID:2668
- C:\Windows\System\nTOcoUz.exe
  C:\Windows\System\nTOcoUz.exe
  2⤵
  PID:5068
- C:\Windows\System\HwlTnyL.exe
  C:\Windows\System\HwlTnyL.exe
  2⤵
  PID:4084
- C:\Windows\System\odUsspM.exe
  C:\Windows\System\odUsspM.exe
  2⤵
  PID:3328
- C:\Windows\System\OgzqbSb.exe
  C:\Windows\System\OgzqbSb.exe
  2⤵
  PID:2212
- C:\Windows\System\SPJXuNN.exe
  C:\Windows\System\SPJXuNN.exe
  2⤵
  PID:3904
- C:\Windows\System\jHzeObJ.exe
  C:\Windows\System\jHzeObJ.exe
  2⤵
  PID:3852
- C:\Windows\System\shZUMBK.exe
  C:\Windows\System\shZUMBK.exe
  2⤵
  PID:4172
- C:\Windows\System\MxadRqy.exe
  C:\Windows\System\MxadRqy.exe
  2⤵
  PID:4304
- C:\Windows\System\dKuvysQ.exe
  C:\Windows\System\dKuvysQ.exe
  2⤵
  PID:4528
- C:\Windows\System\KWvUWmA.exe
  C:\Windows\System\KWvUWmA.exe
  2⤵
  PID:4564
- C:\Windows\System\mroquhU.exe
  C:\Windows\System\mroquhU.exe
  2⤵
  PID:4504
- C:\Windows\System\NessGjy.exe
  C:\Windows\System\NessGjy.exe
  2⤵
  PID:4580
- C:\Windows\System\prfkPpB.exe
  C:\Windows\System\prfkPpB.exe
  2⤵
  PID:4696
- C:\Windows\System\BQBfQNo.exe
  C:\Windows\System\BQBfQNo.exe
  2⤵
  PID:5132
- C:\Windows\System\sJTsemK.exe
  C:\Windows\System\sJTsemK.exe
  2⤵
  PID:5152
- C:\Windows\System\ADndFWM.exe
  C:\Windows\System\ADndFWM.exe
  2⤵
  PID:5172
- C:\Windows\System\YhkqPmH.exe
  C:\Windows\System\YhkqPmH.exe
  2⤵
  PID:5192
- C:\Windows\System\PHWGxuZ.exe
  C:\Windows\System\PHWGxuZ.exe
  2⤵
  PID:5212
- C:\Windows\System\cTDfSGy.exe
  C:\Windows\System\cTDfSGy.exe
  2⤵
  PID:5232
- C:\Windows\System\biKexUZ.exe
  C:\Windows\System\biKexUZ.exe
  2⤵
  PID:5252
- C:\Windows\System\oawMPzR.exe
  C:\Windows\System\oawMPzR.exe
  2⤵
  PID:5272
- C:\Windows\System\yFJLLzq.exe
  C:\Windows\System\yFJLLzq.exe
  2⤵
  PID:5292
- C:\Windows\System\xmcsrcx.exe
  C:\Windows\System\xmcsrcx.exe
  2⤵
  PID:5312
- C:\Windows\System\hkiFJaq.exe
  C:\Windows\System\hkiFJaq.exe
  2⤵
  PID:5332
- C:\Windows\System\uwXzIbJ.exe
  C:\Windows\System\uwXzIbJ.exe
  2⤵
  PID:5352
- C:\Windows\System\rqGSohT.exe
  C:\Windows\System\rqGSohT.exe
  2⤵
  PID:5372
- C:\Windows\System\mXNimtx.exe
  C:\Windows\System\mXNimtx.exe
  2⤵
  PID:5392
- C:\Windows\System\fbyNOKA.exe
  C:\Windows\System\fbyNOKA.exe
  2⤵
  PID:5412
- C:\Windows\System\eixqQMK.exe
  C:\Windows\System\eixqQMK.exe
  2⤵
  PID:5432
- C:\Windows\System\MjJHVRZ.exe
  C:\Windows\System\MjJHVRZ.exe
  2⤵
  PID:5452
- C:\Windows\System\tEmbRZv.exe
  C:\Windows\System\tEmbRZv.exe
  2⤵
  PID:5472
- C:\Windows\System\hOwERiV.exe
  C:\Windows\System\hOwERiV.exe
  2⤵
  PID:5488
- C:\Windows\System\qGfUQBi.exe
  C:\Windows\System\qGfUQBi.exe
  2⤵
  PID:5512
- C:\Windows\System\nrFzXZo.exe
  C:\Windows\System\nrFzXZo.exe
  2⤵
  PID:5532
- C:\Windows\System\Mkbaajd.exe
  C:\Windows\System\Mkbaajd.exe
  2⤵
  PID:5552
- C:\Windows\System\lIAubFf.exe
  C:\Windows\System\lIAubFf.exe
  2⤵
  PID:5572
- C:\Windows\System\cSzDgpq.exe
  C:\Windows\System\cSzDgpq.exe
  2⤵
  PID:5592
- C:\Windows\System\oJBdWyo.exe
  C:\Windows\System\oJBdWyo.exe
  2⤵
  PID:5612
- C:\Windows\System\UOhQWtq.exe
  C:\Windows\System\UOhQWtq.exe
  2⤵
  PID:5636
- C:\Windows\System\VUVAOVl.exe
  C:\Windows\System\VUVAOVl.exe
  2⤵
  PID:5652
- C:\Windows\System\loMcEUL.exe
  C:\Windows\System\loMcEUL.exe
  2⤵
  PID:5672
- C:\Windows\System\UmxWLHH.exe
  C:\Windows\System\UmxWLHH.exe
  2⤵
  PID:5692
- C:\Windows\System\hWaJINp.exe
  C:\Windows\System\hWaJINp.exe
  2⤵
  PID:5712
- C:\Windows\System\IKzblQx.exe
  C:\Windows\System\IKzblQx.exe
  2⤵
  PID:5732
- C:\Windows\System\GKERvcq.exe
  C:\Windows\System\GKERvcq.exe
  2⤵
  PID:5756
- C:\Windows\System\uxSbpBH.exe
  C:\Windows\System\uxSbpBH.exe
  2⤵
  PID:5772
- C:\Windows\System\adKMFxU.exe
  C:\Windows\System\adKMFxU.exe
  2⤵
  PID:5796
- C:\Windows\System\vklJsdJ.exe
  C:\Windows\System\vklJsdJ.exe
  2⤵
  PID:5812
- C:\Windows\System\xDiFiSi.exe
  C:\Windows\System\xDiFiSi.exe
  2⤵
  PID:5836
- C:\Windows\System\RfqDozz.exe
  C:\Windows\System\RfqDozz.exe
  2⤵
  PID:5852
- C:\Windows\System\qISCszf.exe
  C:\Windows\System\qISCszf.exe
  2⤵
  PID:5872
- C:\Windows\System\QrRkUmv.exe
  C:\Windows\System\QrRkUmv.exe
  2⤵
  PID:5892
- C:\Windows\System\tnXEJGD.exe
  C:\Windows\System\tnXEJGD.exe
  2⤵
  PID:5908
- C:\Windows\System\JwcIbDD.exe
  C:\Windows\System\JwcIbDD.exe
  2⤵
  PID:5932
- C:\Windows\System\SoWQEmF.exe
  C:\Windows\System\SoWQEmF.exe
  2⤵
  PID:5956
- C:\Windows\System\RLehWdO.exe
  C:\Windows\System\RLehWdO.exe
  2⤵
  PID:5972
- C:\Windows\System\PIDxGvl.exe
  C:\Windows\System\PIDxGvl.exe
  2⤵
  PID:5996
- C:\Windows\System\SwBbngO.exe
  C:\Windows\System\SwBbngO.exe
  2⤵
  PID:6012
- C:\Windows\System\JCvmCKu.exe
  C:\Windows\System\JCvmCKu.exe
  2⤵
  PID:6036
- C:\Windows\System\fxPWnxD.exe
  C:\Windows\System\fxPWnxD.exe
  2⤵
  PID:6056
- C:\Windows\System\BoGIcya.exe
  C:\Windows\System\BoGIcya.exe
  2⤵
  PID:6076
- C:\Windows\System\cYPFzKM.exe
  C:\Windows\System\cYPFzKM.exe
  2⤵
  PID:6096
- C:\Windows\System\SBYvshL.exe
  C:\Windows\System\SBYvshL.exe
  2⤵
  PID:6116
- C:\Windows\System\PSUwFAK.exe
  C:\Windows\System\PSUwFAK.exe
  2⤵
  PID:6132
- C:\Windows\System\aBsDCiH.exe
  C:\Windows\System\aBsDCiH.exe
  2⤵
  PID:1656
- C:\Windows\System\xChfXWs.exe
  C:\Windows\System\xChfXWs.exe
  2⤵
  PID:4856
- C:\Windows\System\XTSMeiQ.exe
  C:\Windows\System\XTSMeiQ.exe
  2⤵
  PID:5012
- C:\Windows\System\dNizjXf.exe
  C:\Windows\System\dNizjXf.exe
  2⤵
  PID:5000
- C:\Windows\System\FiBtnjV.exe
  C:\Windows\System\FiBtnjV.exe
  2⤵
  PID:5100
- C:\Windows\System\UXXsoCA.exe
  C:\Windows\System\UXXsoCA.exe
  2⤵
  PID:3524
- C:\Windows\System\GYqMgja.exe
  C:\Windows\System\GYqMgja.exe
  2⤵
  PID:3452
- C:\Windows\System\YQXrUMS.exe
  C:\Windows\System\YQXrUMS.exe
  2⤵
  PID:3692
- C:\Windows\System\NEfYyPC.exe
  C:\Windows\System\NEfYyPC.exe
  2⤵
  PID:4232
- C:\Windows\System\HqQAaEG.exe
  C:\Windows\System\HqQAaEG.exe
  2⤵
  PID:4476
- C:\Windows\System\FFVGOiX.exe
  C:\Windows\System\FFVGOiX.exe
  2⤵
  PID:5148
- C:\Windows\System\doJwkvV.exe
  C:\Windows\System\doJwkvV.exe
  2⤵
  PID:4252
- C:\Windows\System\LDxkzaq.exe
  C:\Windows\System\LDxkzaq.exe
  2⤵
  PID:5128
- C:\Windows\System\CSdGDaa.exe
  C:\Windows\System\CSdGDaa.exe
  2⤵
  PID:5224
- C:\Windows\System\ctRXSYl.exe
  C:\Windows\System\ctRXSYl.exe
  2⤵
  PID:5164
- C:\Windows\System\BsrZFzM.exe
  C:\Windows\System\BsrZFzM.exe
  2⤵
  PID:5248
- C:\Windows\System\wnnppOC.exe
  C:\Windows\System\wnnppOC.exe
  2⤵
  PID:5304
- C:\Windows\System\hxqtDaC.exe
  C:\Windows\System\hxqtDaC.exe
  2⤵
  PID:5380
- C:\Windows\System\YsPeFTv.exe
  C:\Windows\System\YsPeFTv.exe
  2⤵
  PID:5388
- C:\Windows\System\JMvJife.exe
  C:\Windows\System\JMvJife.exe
  2⤵
  PID:5460
- C:\Windows\System\kLsgrcx.exe
  C:\Windows\System\kLsgrcx.exe
  2⤵
  PID:5364
- C:\Windows\System\ZichCTm.exe
  C:\Windows\System\ZichCTm.exe
  2⤵
  PID:5496
- C:\Windows\System\rVKTeWH.exe
  C:\Windows\System\rVKTeWH.exe
  2⤵
  PID:5548
- C:\Windows\System\dMiUaDx.exe
  C:\Windows\System\dMiUaDx.exe
  2⤵
  PID:5520
- C:\Windows\System\kkbFRZA.exe
  C:\Windows\System\kkbFRZA.exe
  2⤵
  PID:5584
- C:\Windows\System\zgeoWKr.exe
  C:\Windows\System\zgeoWKr.exe
  2⤵
  PID:5560
- C:\Windows\System\BToXhZE.exe
  C:\Windows\System\BToXhZE.exe
  2⤵
  PID:5604
- C:\Windows\System\ecwfSwI.exe
  C:\Windows\System\ecwfSwI.exe
  2⤵
  PID:5700
- C:\Windows\System\xWltBJw.exe
  C:\Windows\System\xWltBJw.exe
  2⤵
  PID:5684
- C:\Windows\System\mUyoQKX.exe
  C:\Windows\System\mUyoQKX.exe
  2⤵
  PID:5688
- C:\Windows\System\pfwIWEv.exe
  C:\Windows\System\pfwIWEv.exe
  2⤵
  PID:5824
- C:\Windows\System\iCemtyk.exe
  C:\Windows\System\iCemtyk.exe
  2⤵
  PID:5728
- C:\Windows\System\JnCFXEP.exe
  C:\Windows\System\JnCFXEP.exe
  2⤵
  PID:5860
- C:\Windows\System\bGOEqMx.exe
  C:\Windows\System\bGOEqMx.exe
  2⤵
  PID:5844
- C:\Windows\System\EbnWLRs.exe
  C:\Windows\System\EbnWLRs.exe
  2⤵
  PID:5952
- C:\Windows\System\rLBgLub.exe
  C:\Windows\System\rLBgLub.exe
  2⤵
  PID:5928
- C:\Windows\System\TfOTpra.exe
  C:\Windows\System\TfOTpra.exe
  2⤵
  PID:6020
- C:\Windows\System\UAVQElH.exe
  C:\Windows\System\UAVQElH.exe
  2⤵
  PID:6008
- C:\Windows\System\ADlohxx.exe
  C:\Windows\System\ADlohxx.exe
  2⤵
  PID:6068
- C:\Windows\System\aMvdbNY.exe
  C:\Windows\System\aMvdbNY.exe
  2⤵
  PID:6084
- C:\Windows\System\SIghAWt.exe
  C:\Windows\System\SIghAWt.exe
  2⤵
  PID:4708
- C:\Windows\System\FaLdkGT.exe
  C:\Windows\System\FaLdkGT.exe
  2⤵
  PID:5036
- C:\Windows\System\aXnSUCC.exe
  C:\Windows\System\aXnSUCC.exe
  2⤵
  PID:4924
- C:\Windows\System\ssOisAS.exe
  C:\Windows\System\ssOisAS.exe
  2⤵
  PID:3520
- C:\Windows\System\RDDIqOi.exe
  C:\Windows\System\RDDIqOi.exe
  2⤵
  PID:3084
- C:\Windows\System\gTjxKQr.exe
  C:\Windows\System\gTjxKQr.exe
  2⤵
  PID:4560
- C:\Windows\System\fNRlZQJ.exe
  C:\Windows\System\fNRlZQJ.exe
  2⤵
  PID:4500
- C:\Windows\System\qYhGJLa.exe
  C:\Windows\System\qYhGJLa.exe
  2⤵
  PID:4576
- C:\Windows\System\wmKvxDH.exe
  C:\Windows\System\wmKvxDH.exe
  2⤵
  PID:5268
- C:\Windows\System\wylyVGC.exe
  C:\Windows\System\wylyVGC.exe
  2⤵
  PID:5228
- C:\Windows\System\bigwIZe.exe
  C:\Windows\System\bigwIZe.exe
  2⤵
  PID:5284
- C:\Windows\System\gDlLkgk.exe
  C:\Windows\System\gDlLkgk.exe
  2⤵
  PID:5348
- C:\Windows\System\hzrxRHv.exe
  C:\Windows\System\hzrxRHv.exe
  2⤵
  PID:5360
- C:\Windows\System\rDOfKTI.exe
  C:\Windows\System\rDOfKTI.exe
  2⤵
  PID:5408
- C:\Windows\System\qxKTtWv.exe
  C:\Windows\System\qxKTtWv.exe
  2⤵
  PID:5444
- C:\Windows\System\FwTTdvD.exe
  C:\Windows\System\FwTTdvD.exe
  2⤵
  PID:5588
- C:\Windows\System\fqOEqnI.exe
  C:\Windows\System\fqOEqnI.exe
  2⤵
  PID:5564
- C:\Windows\System\WzSvKbI.exe
  C:\Windows\System\WzSvKbI.exe
  2⤵
  PID:5680
- C:\Windows\System\EJBRdeN.exe
  C:\Windows\System\EJBRdeN.exe
  2⤵
  PID:5792
- C:\Windows\System\GmFAoQl.exe
  C:\Windows\System\GmFAoQl.exe
  2⤵
  PID:5848
- C:\Windows\System\RFDpKcy.exe
  C:\Windows\System\RFDpKcy.exe
  2⤵
  PID:5924
- C:\Windows\System\fOGKdBF.exe
  C:\Windows\System\fOGKdBF.exe
  2⤵
  PID:6032
- C:\Windows\System\ZwyCOUR.exe
  C:\Windows\System\ZwyCOUR.exe
  2⤵
  PID:6104
- C:\Windows\System\nJNHUsL.exe
  C:\Windows\System\nJNHUsL.exe
  2⤵
  PID:5992
- C:\Windows\System\gekTzXu.exe
  C:\Windows\System\gekTzXu.exe
  2⤵
  PID:4700
- C:\Windows\System\qXFkhnt.exe
  C:\Windows\System\qXFkhnt.exe
  2⤵
  PID:6092
- C:\Windows\System\cHTbBmW.exe
  C:\Windows\System\cHTbBmW.exe
  2⤵
  PID:4740
- C:\Windows\System\dtOROOj.exe
  C:\Windows\System\dtOROOj.exe
  2⤵
  PID:4836
- C:\Windows\System\ryQSFRu.exe
  C:\Windows\System\ryQSFRu.exe
  2⤵
  PID:5328
- C:\Windows\System\ntzVPdo.exe
  C:\Windows\System\ntzVPdo.exe
  2⤵
  PID:6152
- C:\Windows\System\IfdhKKM.exe
  C:\Windows\System\IfdhKKM.exe
  2⤵
  PID:6172
- C:\Windows\System\CoeXbHo.exe
  C:\Windows\System\CoeXbHo.exe
  2⤵
  PID:6196
- C:\Windows\System\NJKmtjA.exe
  C:\Windows\System\NJKmtjA.exe
  2⤵
  PID:6216
- C:\Windows\System\gKqcIMH.exe
  C:\Windows\System\gKqcIMH.exe
  2⤵
  PID:6236
- C:\Windows\System\ygXQaLg.exe
  C:\Windows\System\ygXQaLg.exe
  2⤵
  PID:6256
- C:\Windows\System\FCBGlTT.exe
  C:\Windows\System\FCBGlTT.exe
  2⤵
  PID:6276
- C:\Windows\System\PdyujON.exe
  C:\Windows\System\PdyujON.exe
  2⤵
  PID:6296
- C:\Windows\System\gREYWTJ.exe
  C:\Windows\System\gREYWTJ.exe
  2⤵
  PID:6316
- C:\Windows\System\lRgOHlv.exe
  C:\Windows\System\lRgOHlv.exe
  2⤵
  PID:6336
- C:\Windows\System\LPLQmAa.exe
  C:\Windows\System\LPLQmAa.exe
  2⤵
  PID:6352
- C:\Windows\System\jSsdRvN.exe
  C:\Windows\System\jSsdRvN.exe
  2⤵
  PID:6376
- C:\Windows\System\XuzVEwN.exe
  C:\Windows\System\XuzVEwN.exe
  2⤵
  PID:6396
- C:\Windows\System\TrJXPPN.exe
  C:\Windows\System\TrJXPPN.exe
  2⤵
  PID:6416
- C:\Windows\System\SiCEVlX.exe
  C:\Windows\System\SiCEVlX.exe
  2⤵
  PID:6436
- C:\Windows\System\fmEinVV.exe
  C:\Windows\System\fmEinVV.exe
  2⤵
  PID:6456
- C:\Windows\System\DgutunX.exe
  C:\Windows\System\DgutunX.exe
  2⤵
  PID:6476
- C:\Windows\System\pXOGWuw.exe
  C:\Windows\System\pXOGWuw.exe
  2⤵
  PID:6496
- C:\Windows\System\OSlJzXd.exe
  C:\Windows\System\OSlJzXd.exe
  2⤵
  PID:6516
- C:\Windows\System\SfkwBMe.exe
  C:\Windows\System\SfkwBMe.exe
  2⤵
  PID:6532
- C:\Windows\System\LzsLmRa.exe
  C:\Windows\System\LzsLmRa.exe
  2⤵
  PID:6548
- C:\Windows\System\mZGjEJl.exe
  C:\Windows\System\mZGjEJl.exe
  2⤵
  PID:6572
- C:\Windows\System\qhSDoUQ.exe
  C:\Windows\System\qhSDoUQ.exe
  2⤵
  PID:6588
- C:\Windows\System\HIESxtm.exe
  C:\Windows\System\HIESxtm.exe
  2⤵
  PID:6612
- C:\Windows\System\OaXZwDm.exe
  C:\Windows\System\OaXZwDm.exe
  2⤵
  PID:6632
- C:\Windows\System\YybaSYf.exe
  C:\Windows\System\YybaSYf.exe
  2⤵
  PID:6656
- C:\Windows\System\hLqOkOR.exe
  C:\Windows\System\hLqOkOR.exe
  2⤵
  PID:6676
- C:\Windows\System\wleLBFM.exe
  C:\Windows\System\wleLBFM.exe
  2⤵
  PID:6696
- C:\Windows\System\rNaBfwp.exe
  C:\Windows\System\rNaBfwp.exe
  2⤵
  PID:6716
- C:\Windows\System\KjZwIkl.exe
  C:\Windows\System\KjZwIkl.exe
  2⤵
  PID:6736
- C:\Windows\System\AAYGFHb.exe
  C:\Windows\System\AAYGFHb.exe
  2⤵
  PID:6756
- C:\Windows\System\zaldyls.exe
  C:\Windows\System\zaldyls.exe
  2⤵
  PID:6776
- C:\Windows\System\aoEmzHI.exe
  C:\Windows\System\aoEmzHI.exe
  2⤵
  PID:6796
- C:\Windows\System\ZMvVGLr.exe
  C:\Windows\System\ZMvVGLr.exe
  2⤵
  PID:6816
- C:\Windows\System\VBstUdt.exe
  C:\Windows\System\VBstUdt.exe
  2⤵
  PID:6836
- C:\Windows\System\kMNjWmC.exe
  C:\Windows\System\kMNjWmC.exe
  2⤵
  PID:6856
- C:\Windows\System\ONhYjeK.exe
  C:\Windows\System\ONhYjeK.exe
  2⤵
  PID:6876
- C:\Windows\System\eFYmYnn.exe
  C:\Windows\System\eFYmYnn.exe
  2⤵
  PID:6892
- C:\Windows\System\URBOiCl.exe
  C:\Windows\System\URBOiCl.exe
  2⤵
  PID:6916
- C:\Windows\System\taCKksn.exe
  C:\Windows\System\taCKksn.exe
  2⤵
  PID:6932
- C:\Windows\System\bLzqQWw.exe
  C:\Windows\System\bLzqQWw.exe
  2⤵
  PID:6956
- C:\Windows\System\PRtqAeo.exe
  C:\Windows\System\PRtqAeo.exe
  2⤵
  PID:6976
- C:\Windows\System\kaxSdrU.exe
  C:\Windows\System\kaxSdrU.exe
  2⤵
  PID:6996
- C:\Windows\System\cEIxayY.exe
  C:\Windows\System\cEIxayY.exe
  2⤵
  PID:7016
- C:\Windows\System\AtYboWV.exe
  C:\Windows\System\AtYboWV.exe
  2⤵
  PID:7036
- C:\Windows\System\yCotukv.exe
  C:\Windows\System\yCotukv.exe
  2⤵
  PID:7056
- C:\Windows\System\rLCjGQs.exe
  C:\Windows\System\rLCjGQs.exe
  2⤵
  PID:7076
- C:\Windows\System\OAvFSQQ.exe
  C:\Windows\System\OAvFSQQ.exe
  2⤵
  PID:7096
- C:\Windows\System\IQgdmzi.exe
  C:\Windows\System\IQgdmzi.exe
  2⤵
  PID:7116
- C:\Windows\System\vhYnFYI.exe
  C:\Windows\System\vhYnFYI.exe
  2⤵
  PID:7136
- C:\Windows\System\QWgUgRK.exe
  C:\Windows\System\QWgUgRK.exe
  2⤵
  PID:7156
- C:\Windows\System\zbBntpm.exe
  C:\Windows\System\zbBntpm.exe
  2⤵
  PID:4376
- C:\Windows\System\qxMdLzI.exe
  C:\Windows\System\qxMdLzI.exe
  2⤵
  PID:5300
- C:\Windows\System\UueyNNG.exe
  C:\Windows\System\UueyNNG.exe
  2⤵
  PID:5580
- C:\Windows\System\FboVDJG.exe
  C:\Windows\System\FboVDJG.exe
  2⤵
  PID:5744
- C:\Windows\System\PzceNDw.exe
  C:\Windows\System\PzceNDw.exe
  2⤵
  PID:5464
- C:\Windows\System\IBhxObP.exe
  C:\Windows\System\IBhxObP.exe
  2⤵
  PID:5628
- C:\Windows\System\NTluSNq.exe
  C:\Windows\System\NTluSNq.exe
  2⤵
  PID:5788
- C:\Windows\System\BFBsYAU.exe
  C:\Windows\System\BFBsYAU.exe
  2⤵
  PID:6112
- C:\Windows\System\HrYHZgo.exe
  C:\Windows\System\HrYHZgo.exe
  2⤵
  PID:3092
- C:\Windows\System\kQHOtWQ.exe
  C:\Windows\System\kQHOtWQ.exe
  2⤵
  PID:5948
- C:\Windows\System\uovJgaJ.exe
  C:\Windows\System\uovJgaJ.exe
  2⤵
  PID:6052
- C:\Windows\System\MJHYfCC.exe
  C:\Windows\System\MJHYfCC.exe
  2⤵
  PID:4472
- C:\Windows\System\PMWReDV.exe
  C:\Windows\System\PMWReDV.exe
  2⤵
  PID:5184
- C:\Windows\System\UsBQdgN.exe
  C:\Windows\System\UsBQdgN.exe
  2⤵
  PID:6192
- C:\Windows\System\aRmumCS.exe
  C:\Windows\System\aRmumCS.exe
  2⤵
  PID:6164
- C:\Windows\System\mKMiRtG.exe
  C:\Windows\System\mKMiRtG.exe
  2⤵
  PID:6208
- C:\Windows\System\pjSMOxM.exe
  C:\Windows\System\pjSMOxM.exe
  2⤵
  PID:6252
- C:\Windows\System\RttKplX.exe
  C:\Windows\System\RttKplX.exe
  2⤵
  PID:6292
- C:\Windows\System\QyzVenr.exe
  C:\Windows\System\QyzVenr.exe
  2⤵
  PID:6348
- C:\Windows\System\BDpQDao.exe
  C:\Windows\System\BDpQDao.exe
  2⤵
  PID:6328
- C:\Windows\System\xJebQeV.exe
  C:\Windows\System\xJebQeV.exe
  2⤵
  PID:6424
- C:\Windows\System\paGAmzR.exe
  C:\Windows\System\paGAmzR.exe
  2⤵
  PID:6412
- C:\Windows\System\ZtFarzQ.exe
  C:\Windows\System\ZtFarzQ.exe
  2⤵
  PID:6452
- C:\Windows\System\cHONbhM.exe
  C:\Windows\System\cHONbhM.exe
  2⤵
  PID:6492
- C:\Windows\System\XUOWHKD.exe
  C:\Windows\System\XUOWHKD.exe
  2⤵
  PID:6524
- C:\Windows\System\pXMqeIE.exe
  C:\Windows\System\pXMqeIE.exe
  2⤵
  PID:6620
- C:\Windows\System\TYrwHTI.exe
  C:\Windows\System\TYrwHTI.exe
  2⤵
  PID:6628
- C:\Windows\System\IQZkSPT.exe
  C:\Windows\System\IQZkSPT.exe
  2⤵
  PID:6596
- C:\Windows\System\XWzHUaX.exe
  C:\Windows\System\XWzHUaX.exe
  2⤵
  PID:6668
- C:\Windows\System\enLsirh.exe
  C:\Windows\System\enLsirh.exe
  2⤵
  PID:6704
- C:\Windows\System\LmWOdTt.exe
  C:\Windows\System\LmWOdTt.exe
  2⤵
  PID:6724
- C:\Windows\System\idDBYXS.exe
  C:\Windows\System\idDBYXS.exe
  2⤵
  PID:6792
- C:\Windows\System\sKCrypM.exe
  C:\Windows\System\sKCrypM.exe
  2⤵
  PID:6788
- C:\Windows\System\oJqTIyY.exe
  C:\Windows\System\oJqTIyY.exe
  2⤵
  PID:6828
- C:\Windows\System\VEvSTQu.exe
  C:\Windows\System\VEvSTQu.exe
  2⤵
  PID:6852
- C:\Windows\System\NlNrYen.exe
  C:\Windows\System\NlNrYen.exe
  2⤵
  PID:6900
- C:\Windows\System\CTmJmBK.exe
  C:\Windows\System\CTmJmBK.exe
  2⤵
  PID:6940
- C:\Windows\System\gaLAvvj.exe
  C:\Windows\System\gaLAvvj.exe
  2⤵
  PID:6924
- C:\Windows\System\clrsfpS.exe
  C:\Windows\System\clrsfpS.exe
  2⤵
  PID:6964
- C:\Windows\System\eGOhgST.exe
  C:\Windows\System\eGOhgST.exe
  2⤵
  PID:7004
- C:\Windows\System\XSTCkAP.exe
  C:\Windows\System\XSTCkAP.exe
  2⤵
  PID:7044
- C:\Windows\System\bcezeqQ.exe
  C:\Windows\System\bcezeqQ.exe
  2⤵
  PID:7068
- C:\Windows\System\OVXZeWS.exe
  C:\Windows\System\OVXZeWS.exe
  2⤵
  PID:7088
- C:\Windows\System\mCEJsrZ.exe
  C:\Windows\System\mCEJsrZ.exe
  2⤵
  PID:7148
- C:\Windows\System\KvSCoLH.exe
  C:\Windows\System\KvSCoLH.exe
  2⤵
  PID:2556
- C:\Windows\System\WaKjiOR.exe
  C:\Windows\System\WaKjiOR.exe
  2⤵
  PID:5320
- C:\Windows\System\FAerujI.exe
  C:\Windows\System\FAerujI.exe
  2⤵
  PID:5424
- C:\Windows\System\mwEUcxu.exe
  C:\Windows\System\mwEUcxu.exe
  2⤵
  PID:5784
- C:\Windows\System\vXcRCHC.exe
  C:\Windows\System\vXcRCHC.exe
  2⤵
  PID:5916
- C:\Windows\System\gUxfRFQ.exe
  C:\Windows\System\gUxfRFQ.exe
  2⤵
  PID:1604
- C:\Windows\System\EJnMNje.exe
  C:\Windows\System\EJnMNje.exe
  2⤵
  PID:5984
- C:\Windows\System\ZbaCqxI.exe
  C:\Windows\System\ZbaCqxI.exe
  2⤵
  PID:4680
- C:\Windows\System\gjjGrWt.exe
  C:\Windows\System\gjjGrWt.exe
  2⤵
  PID:6212
- C:\Windows\System\ZdnatUr.exe
  C:\Windows\System\ZdnatUr.exe
  2⤵
  PID:6308
- C:\Windows\System\ApuhxRD.exe
  C:\Windows\System\ApuhxRD.exe
  2⤵
  PID:6168
- C:\Windows\System\bpoJmwP.exe
  C:\Windows\System\bpoJmwP.exe
  2⤵
  PID:6404
- C:\Windows\System\gtKAJWD.exe
  C:\Windows\System\gtKAJWD.exe
  2⤵
  PID:6484
- C:\Windows\System\MgkAKID.exe
  C:\Windows\System\MgkAKID.exe
  2⤵
  PID:1936
- C:\Windows\System\sYzETGY.exe
  C:\Windows\System\sYzETGY.exe
  2⤵
  PID:6648
- C:\Windows\System\LXwXjGP.exe
  C:\Windows\System\LXwXjGP.exe
  2⤵
  PID:6684
- C:\Windows\System\OXtceAW.exe
  C:\Windows\System\OXtceAW.exe
  2⤵
  PID:6444
- C:\Windows\System\CqhJqmt.exe
  C:\Windows\System\CqhJqmt.exe
  2⤵
  PID:6728
- C:\Windows\System\XRHgzQv.exe
  C:\Windows\System\XRHgzQv.exe
  2⤵
  PID:6808
- C:\Windows\System\xeEvLjh.exe
  C:\Windows\System\xeEvLjh.exe
  2⤵
  PID:6952
- C:\Windows\System\Uceetgz.exe
  C:\Windows\System\Uceetgz.exe
  2⤵
  PID:6568
- C:\Windows\System\PTLmCoc.exe
  C:\Windows\System\PTLmCoc.exe
  2⤵
  PID:6972
- C:\Windows\System\OsjmUQU.exe
  C:\Windows\System\OsjmUQU.exe
  2⤵
  PID:6708
- C:\Windows\System\NTUIkIf.exe
  C:\Windows\System\NTUIkIf.exe
  2⤵
  PID:2860
- C:\Windows\System\UPHFoMO.exe
  C:\Windows\System\UPHFoMO.exe
  2⤵
  PID:6912
- C:\Windows\System\wqKYHxy.exe
  C:\Windows\System\wqKYHxy.exe
  2⤵
  PID:7008
- C:\Windows\System\ZlaqYPf.exe
  C:\Windows\System\ZlaqYPf.exe
  2⤵
  PID:6984
- C:\Windows\System\BaJNQbS.exe
  C:\Windows\System\BaJNQbS.exe
  2⤵
  PID:7012
- C:\Windows\System\qcCACAp.exe
  C:\Windows\System\qcCACAp.exe
  2⤵
  PID:5804
- C:\Windows\System\iZeIXXP.exe
  C:\Windows\System\iZeIXXP.exe
  2⤵
  PID:920
- C:\Windows\System\fzKJcuw.exe
  C:\Windows\System\fzKJcuw.exe
  2⤵
  PID:2016
- C:\Windows\System\kkmHlMs.exe
  C:\Windows\System\kkmHlMs.exe
  2⤵
  PID:5864
- C:\Windows\System\FrrrXoI.exe
  C:\Windows\System\FrrrXoI.exe
  2⤵
  PID:5748
- C:\Windows\System\vpHikqg.exe
  C:\Windows\System\vpHikqg.exe
  2⤵
  PID:6304
- C:\Windows\System\xHjvhpe.exe
  C:\Windows\System\xHjvhpe.exe
  2⤵
  PID:6204
- C:\Windows\System\IuSoYWe.exe
  C:\Windows\System\IuSoYWe.exe
  2⤵
  PID:6268
- C:\Windows\System\ZjnDmBY.exe
  C:\Windows\System\ZjnDmBY.exe
  2⤵
  PID:6468
- C:\Windows\System\aYdkHwD.exe
  C:\Windows\System\aYdkHwD.exe
  2⤵
  PID:6608
- C:\Windows\System\RgipLLu.exe
  C:\Windows\System\RgipLLu.exe
  2⤵
  PID:6872
- C:\Windows\System\GMamoOk.exe
  C:\Windows\System\GMamoOk.exe
  2⤵
  PID:6868
- C:\Windows\System\NbxPlhu.exe
  C:\Windows\System\NbxPlhu.exe
  2⤵
  PID:6664
- C:\Windows\System\fEvbBTa.exe
  C:\Windows\System\fEvbBTa.exe
  2⤵
  PID:6772
- C:\Windows\System\acfmdLh.exe
  C:\Windows\System\acfmdLh.exe
  2⤵
  PID:6744
- C:\Windows\System\DZhNfhY.exe
  C:\Windows\System\DZhNfhY.exe
  2⤵
  PID:7128
- C:\Windows\System\vVMfLvo.exe
  C:\Windows\System\vVMfLvo.exe
  2⤵
  PID:7164
- C:\Windows\System\XLUDXod.exe
  C:\Windows\System\XLUDXod.exe
  2⤵
  PID:2692
- C:\Windows\System\RegSKbA.exe
  C:\Windows\System\RegSKbA.exe
  2⤵
  PID:5200
- C:\Windows\System\pVmUtUZ.exe
  C:\Windows\System\pVmUtUZ.exe
  2⤵
  PID:4272
- C:\Windows\System\CwpXYay.exe
  C:\Windows\System\CwpXYay.exe
  2⤵
  PID:6284
- C:\Windows\System\gxIpdeF.exe
  C:\Windows\System\gxIpdeF.exe
  2⤵
  PID:5160
- C:\Windows\System\WAoPWBo.exe
  C:\Windows\System\WAoPWBo.exe
  2⤵
  PID:6344
- C:\Windows\System\ImRbhOM.exe
  C:\Windows\System\ImRbhOM.exe
  2⤵
  PID:7192
- C:\Windows\System\uBpjKzs.exe
  C:\Windows\System\uBpjKzs.exe
  2⤵
  PID:7212
- C:\Windows\System\ErVHMBx.exe
  C:\Windows\System\ErVHMBx.exe
  2⤵
  PID:7232
- C:\Windows\System\rFjrjzp.exe
  C:\Windows\System\rFjrjzp.exe
  2⤵
  PID:7252
- C:\Windows\System\QlyQreF.exe
  C:\Windows\System\QlyQreF.exe
  2⤵
  PID:7272
- C:\Windows\System\gMPYeEw.exe
  C:\Windows\System\gMPYeEw.exe
  2⤵
  PID:7292
- C:\Windows\System\MoyhvKo.exe
  C:\Windows\System\MoyhvKo.exe
  2⤵
  PID:7312
- C:\Windows\System\oXLyKow.exe
  C:\Windows\System\oXLyKow.exe
  2⤵
  PID:7332
- C:\Windows\System\amBXYVW.exe
  C:\Windows\System\amBXYVW.exe
  2⤵
  PID:7352
- C:\Windows\System\iapRmEi.exe
  C:\Windows\System\iapRmEi.exe
  2⤵
  PID:7372
- C:\Windows\System\rbrRDxy.exe
  C:\Windows\System\rbrRDxy.exe
  2⤵
  PID:7388
- C:\Windows\System\blbQzco.exe
  C:\Windows\System\blbQzco.exe
  2⤵
  PID:7412
- C:\Windows\System\bHBtywH.exe
  C:\Windows\System\bHBtywH.exe
  2⤵
  PID:7432
- C:\Windows\System\vxTlhkL.exe
  C:\Windows\System\vxTlhkL.exe
  2⤵
  PID:7452
- C:\Windows\System\cGrWtIg.exe
  C:\Windows\System\cGrWtIg.exe
  2⤵
  PID:7472
- C:\Windows\System\yQdFjso.exe
  C:\Windows\System\yQdFjso.exe
  2⤵
  PID:7492
- C:\Windows\System\xMDVegs.exe
  C:\Windows\System\xMDVegs.exe
  2⤵
  PID:7512
- C:\Windows\System\BZfYNJq.exe
  C:\Windows\System\BZfYNJq.exe
  2⤵
  PID:7532
- C:\Windows\System\lHNkQAt.exe
  C:\Windows\System\lHNkQAt.exe
  2⤵
  PID:7552
- C:\Windows\System\wXCdNve.exe
  C:\Windows\System\wXCdNve.exe
  2⤵
  PID:7576
- C:\Windows\System\NIovXyV.exe
  C:\Windows\System\NIovXyV.exe
  2⤵
  PID:7592
- C:\Windows\System\JpgRBIJ.exe
  C:\Windows\System\JpgRBIJ.exe
  2⤵
  PID:7616
- C:\Windows\System\JsigrWf.exe
  C:\Windows\System\JsigrWf.exe
  2⤵
  PID:7636
- C:\Windows\System\BUIHEhV.exe
  C:\Windows\System\BUIHEhV.exe
  2⤵
  PID:7656
- C:\Windows\System\BiliTUn.exe
  C:\Windows\System\BiliTUn.exe
  2⤵
  PID:7676
- C:\Windows\System\UnZDubW.exe
  C:\Windows\System\UnZDubW.exe
  2⤵
  PID:7696
- C:\Windows\System\sqKFJUp.exe
  C:\Windows\System\sqKFJUp.exe
  2⤵
  PID:7716
- C:\Windows\System\HLKasDz.exe
  C:\Windows\System\HLKasDz.exe
  2⤵
  PID:7736
- C:\Windows\System\nmHUFdd.exe
  C:\Windows\System\nmHUFdd.exe
  2⤵
  PID:7756
- C:\Windows\System\LQSdCEx.exe
  C:\Windows\System\LQSdCEx.exe
  2⤵
  PID:7772
- C:\Windows\System\TbVQJNZ.exe
  C:\Windows\System\TbVQJNZ.exe
  2⤵
  PID:7796
- C:\Windows\System\UdfdTaq.exe
  C:\Windows\System\UdfdTaq.exe
  2⤵
  PID:7816
- C:\Windows\System\rMnNyEy.exe
  C:\Windows\System\rMnNyEy.exe
  2⤵
  PID:7836
- C:\Windows\System\wlQqUJv.exe
  C:\Windows\System\wlQqUJv.exe
  2⤵
  PID:7856
- C:\Windows\System\PQvlHzz.exe
  C:\Windows\System\PQvlHzz.exe
  2⤵
  PID:7876
- C:\Windows\System\nwWJIPX.exe
  C:\Windows\System\nwWJIPX.exe
  2⤵
  PID:7896
- C:\Windows\System\AfBbsEW.exe
  C:\Windows\System\AfBbsEW.exe
  2⤵
  PID:7916
- C:\Windows\System\mpOeGxa.exe
  C:\Windows\System\mpOeGxa.exe
  2⤵
  PID:7936
- C:\Windows\System\BZOtpfa.exe
  C:\Windows\System\BZOtpfa.exe
  2⤵
  PID:7956
- C:\Windows\System\ZPTbdjC.exe
  C:\Windows\System\ZPTbdjC.exe
  2⤵
  PID:7976
- C:\Windows\System\cqbUbqq.exe
  C:\Windows\System\cqbUbqq.exe
  2⤵
  PID:7996
- C:\Windows\System\NQUBRtN.exe
  C:\Windows\System\NQUBRtN.exe
  2⤵
  PID:8016
- C:\Windows\System\cFCPbNR.exe
  C:\Windows\System\cFCPbNR.exe
  2⤵
  PID:8036
- C:\Windows\System\SXkgTyZ.exe
  C:\Windows\System\SXkgTyZ.exe
  2⤵
  PID:8052
- C:\Windows\System\gfRfisd.exe
  C:\Windows\System\gfRfisd.exe
  2⤵
  PID:8076
- C:\Windows\System\FgjsBhZ.exe
  C:\Windows\System\FgjsBhZ.exe
  2⤵
  PID:8096
- C:\Windows\System\cATSLjb.exe
  C:\Windows\System\cATSLjb.exe
  2⤵
  PID:8116
- C:\Windows\System\rNVyJhm.exe
  C:\Windows\System\rNVyJhm.exe
  2⤵
  PID:8136
- C:\Windows\System\hPThkHD.exe
  C:\Windows\System\hPThkHD.exe
  2⤵
  PID:8156
- C:\Windows\System\aEVmXbj.exe
  C:\Windows\System\aEVmXbj.exe
  2⤵
  PID:8176
- C:\Windows\System\oyWKkxN.exe
  C:\Windows\System\oyWKkxN.exe
  2⤵
  PID:6600
- C:\Windows\System\IxYTwTG.exe
  C:\Windows\System\IxYTwTG.exe
  2⤵
  PID:6540
- C:\Windows\System\KJYVXkw.exe
  C:\Windows\System\KJYVXkw.exe
  2⤵
  PID:6832
- C:\Windows\System\vGoddRD.exe
  C:\Windows\System\vGoddRD.exe
  2⤵
  PID:7064
- C:\Windows\System\AsXNNiQ.exe
  C:\Windows\System\AsXNNiQ.exe
  2⤵
  PID:5508
- C:\Windows\System\fXpolME.exe
  C:\Windows\System\fXpolME.exe
  2⤵
  PID:7092
- C:\Windows\System\UJaQcxx.exe
  C:\Windows\System\UJaQcxx.exe
  2⤵
  PID:4920
- C:\Windows\System\rGkNNWY.exe
  C:\Windows\System\rGkNNWY.exe
  2⤵
  PID:6232
- C:\Windows\System\xcQNBrm.exe
  C:\Windows\System\xcQNBrm.exe
  2⤵
  PID:7180
- C:\Windows\System\OiAMhHp.exe
  C:\Windows\System\OiAMhHp.exe
  2⤵
  PID:7208
- C:\Windows\System\LWsRXKP.exe
  C:\Windows\System\LWsRXKP.exe
  2⤵
  PID:7260
- C:\Windows\System\yzqJNuF.exe
  C:\Windows\System\yzqJNuF.exe
  2⤵
  PID:7264
- C:\Windows\System\sgXKRUV.exe
  C:\Windows\System\sgXKRUV.exe
  2⤵
  PID:2928
- C:\Windows\System\pdSxdWT.exe
  C:\Windows\System\pdSxdWT.exe
  2⤵
  PID:7340
- C:\Windows\System\QJtAuRn.exe
  C:\Windows\System\QJtAuRn.exe
  2⤵
  PID:7368
- C:\Windows\System\NXpUMTU.exe
  C:\Windows\System\NXpUMTU.exe
  2⤵
  PID:7400
- C:\Windows\System\IoCESNG.exe
  C:\Windows\System\IoCESNG.exe
  2⤵
  PID:7468
- C:\Windows\System\CgmXOBI.exe
  C:\Windows\System\CgmXOBI.exe
  2⤵
  PID:7444
- C:\Windows\System\AQYRfza.exe
  C:\Windows\System\AQYRfza.exe
  2⤵
  PID:7484
- C:\Windows\System\jGbFDHu.exe
  C:\Windows\System\jGbFDHu.exe
  2⤵
  PID:7528
- C:\Windows\System\igwKiGy.exe
  C:\Windows\System\igwKiGy.exe
  2⤵
  PID:7548
- C:\Windows\System\IZmqEZd.exe
  C:\Windows\System\IZmqEZd.exe
  2⤵
  PID:2708
- C:\Windows\System\DkvjbQG.exe
  C:\Windows\System\DkvjbQG.exe
  2⤵
  PID:7624
- C:\Windows\System\leEFeOg.exe
  C:\Windows\System\leEFeOg.exe
  2⤵
  PID:7612
- C:\Windows\System\rRmNueU.exe
  C:\Windows\System\rRmNueU.exe
  2⤵
  PID:1724
- C:\Windows\System\MWXigJo.exe
  C:\Windows\System\MWXigJo.exe
  2⤵
  PID:7672
- C:\Windows\System\VsXBGOM.exe
  C:\Windows\System\VsXBGOM.exe
  2⤵
  PID:7688
- C:\Windows\System\zZfjHJI.exe
  C:\Windows\System\zZfjHJI.exe
  2⤵
  PID:7732
- C:\Windows\System\EIvUwpI.exe
  C:\Windows\System\EIvUwpI.exe
  2⤵
  PID:7788
- C:\Windows\System\uPWfTTE.exe
  C:\Windows\System\uPWfTTE.exe
  2⤵
  PID:7804
- C:\Windows\System\buZQHzA.exe
  C:\Windows\System\buZQHzA.exe
  2⤵
  PID:7828
- C:\Windows\System\rcoYFuM.exe
  C:\Windows\System\rcoYFuM.exe
  2⤵
  PID:7848
- C:\Windows\System\ulLJeWJ.exe
  C:\Windows\System\ulLJeWJ.exe
  2⤵
  PID:7888
- C:\Windows\System\KGglSjv.exe
  C:\Windows\System\KGglSjv.exe
  2⤵
  PID:7952
- C:\Windows\System\GkvhzMW.exe
  C:\Windows\System\GkvhzMW.exe
  2⤵
  PID:7968
- C:\Windows\System\tdIDYst.exe
  C:\Windows\System\tdIDYst.exe
  2⤵
  PID:8012
- C:\Windows\System\CtoVVLj.exe
  C:\Windows\System\CtoVVLj.exe
  2⤵
  PID:8044
- C:\Windows\System\emHTFnS.exe
  C:\Windows\System\emHTFnS.exe
  2⤵
  PID:8064
- C:\Windows\System\JtquAQE.exe
  C:\Windows\System\JtquAQE.exe
  2⤵
  PID:8112
- C:\Windows\System\IQaXxTv.exe
  C:\Windows\System\IQaXxTv.exe
  2⤵
  PID:8152
- C:\Windows\System\YYJArRJ.exe
  C:\Windows\System\YYJArRJ.exe
  2⤵
  PID:304
- C:\Windows\System\tnTfVBn.exe
  C:\Windows\System\tnTfVBn.exe
  2⤵
  PID:6544
- C:\Windows\System\bBYZOeX.exe
  C:\Windows\System\bBYZOeX.exe
  2⤵
  PID:6508
- C:\Windows\System\bCTkLoy.exe
  C:\Windows\System\bCTkLoy.exe
  2⤵
  PID:6992
- C:\Windows\System\GkoiZLu.exe
  C:\Windows\System\GkoiZLu.exe
  2⤵
  PID:7144
- C:\Windows\System\UNhrZdI.exe
  C:\Windows\System\UNhrZdI.exe
  2⤵
  PID:6528
- C:\Windows\System\AsVNRZA.exe
  C:\Windows\System\AsVNRZA.exe
  2⤵
  PID:6244
- C:\Windows\System\QNDDpEj.exe
  C:\Windows\System\QNDDpEj.exe
  2⤵
  PID:7280
- C:\Windows\System\LBoYCEZ.exe
  C:\Windows\System\LBoYCEZ.exe
  2⤵
  PID:7304
- C:\Windows\System\hehijKY.exe
  C:\Windows\System\hehijKY.exe
  2⤵
  PID:7360
- C:\Windows\System\wmfvNKF.exe
  C:\Windows\System\wmfvNKF.exe
  2⤵
  PID:7364
- C:\Windows\System\HIPaBGX.exe
  C:\Windows\System\HIPaBGX.exe
  2⤵
  PID:7500
- C:\Windows\System\wZegHcT.exe
  C:\Windows\System\wZegHcT.exe
  2⤵
  PID:7524
- C:\Windows\System\ppaZkNp.exe
  C:\Windows\System\ppaZkNp.exe
  2⤵
  PID:7588
- C:\Windows\System\IjdtrtK.exe
  C:\Windows\System\IjdtrtK.exe
  2⤵
  PID:7560
- C:\Windows\System\QgIsmAh.exe
  C:\Windows\System\QgIsmAh.exe
  2⤵
  PID:7628
- C:\Windows\System\fdHuRlm.exe
  C:\Windows\System\fdHuRlm.exe
  2⤵
  PID:7668
- C:\Windows\System\TpZFGVo.exe
  C:\Windows\System\TpZFGVo.exe
  2⤵
  PID:7728
- C:\Windows\System\gKqrRWK.exe
  C:\Windows\System\gKqrRWK.exe
  2⤵
  PID:7744
- C:\Windows\System\cjLDeya.exe
  C:\Windows\System\cjLDeya.exe
  2⤵
  PID:7768
- C:\Windows\System\IsLtGdn.exe
  C:\Windows\System\IsLtGdn.exe
  2⤵
  PID:7852
- C:\Windows\System\qeBdYCx.exe
  C:\Windows\System\qeBdYCx.exe
  2⤵
  PID:8068
- C:\Windows\System\XqugHwN.exe
  C:\Windows\System\XqugHwN.exe
  2⤵
  PID:8124
- C:\Windows\System\CsommuB.exe
  C:\Windows\System\CsommuB.exe
  2⤵
  PID:8164
- C:\Windows\System\NcBazHj.exe
  C:\Windows\System\NcBazHj.exe
  2⤵
  PID:6784
- C:\Windows\System\SLmQMuU.exe
  C:\Windows\System\SLmQMuU.exe
  2⤵
  PID:6988
- C:\Windows\System\vBURwjC.exe
  C:\Windows\System\vBURwjC.exe
  2⤵
  PID:5724
- C:\Windows\System\XGpOSrT.exe
  C:\Windows\System\XGpOSrT.exe
  2⤵
  PID:6312
- C:\Windows\System\jKnxFVg.exe
  C:\Windows\System\jKnxFVg.exe
  2⤵
  PID:7240
- C:\Windows\System\UeVxXDT.exe
  C:\Windows\System\UeVxXDT.exe
  2⤵
  PID:7284
- C:\Windows\System\PCCxlMj.exe
  C:\Windows\System\PCCxlMj.exe
  2⤵
  PID:7384
- C:\Windows\System\LnhXaaL.exe
  C:\Windows\System\LnhXaaL.exe
  2⤵
  PID:7480
- C:\Windows\System\zbVwGze.exe
  C:\Windows\System\zbVwGze.exe
  2⤵
  PID:3008
- C:\Windows\System\tnTcZmo.exe
  C:\Windows\System\tnTcZmo.exe
  2⤵
  PID:4348
- C:\Windows\System\ZuPbyKY.exe
  C:\Windows\System\ZuPbyKY.exe
  2⤵
  PID:7644
- C:\Windows\System\xFmeFCm.exe
  C:\Windows\System\xFmeFCm.exe
  2⤵
  PID:7724
- C:\Windows\System\mJawpWf.exe
  C:\Windows\System\mJawpWf.exe
  2⤵
  PID:7632
- C:\Windows\System\XHyPOYA.exe
  C:\Windows\System\XHyPOYA.exe
  2⤵
  PID:8184
- C:\Windows\System\GZlsfYL.exe
  C:\Windows\System\GZlsfYL.exe
  2⤵
  PID:7072
- C:\Windows\System\DBvhkYT.exe
  C:\Windows\System\DBvhkYT.exe
  2⤵
  PID:7864
- C:\Windows\System\VRkpiGx.exe
  C:\Windows\System\VRkpiGx.exe
  2⤵
  PID:8204
- C:\Windows\System\ARoSuYt.exe
  C:\Windows\System\ARoSuYt.exe
  2⤵
  PID:8220
- C:\Windows\System\wEnDuqG.exe
  C:\Windows\System\wEnDuqG.exe
  2⤵
  PID:8244
- C:\Windows\System\FuHUIap.exe
  C:\Windows\System\FuHUIap.exe
  2⤵
  PID:8260
- C:\Windows\System\XFlhWpm.exe
  C:\Windows\System\XFlhWpm.exe
  2⤵
  PID:8276
- C:\Windows\System\gCdeMDu.exe
  C:\Windows\System\gCdeMDu.exe
  2⤵
  PID:8292
- C:\Windows\System\zUtmrmv.exe
  C:\Windows\System\zUtmrmv.exe
  2⤵
  PID:8308
- C:\Windows\System\sOwpweF.exe
  C:\Windows\System\sOwpweF.exe
  2⤵
  PID:8324
- C:\Windows\System\LSZgjZp.exe
  C:\Windows\System\LSZgjZp.exe
  2⤵
  PID:8340
- C:\Windows\System\uJqjOWJ.exe
  C:\Windows\System\uJqjOWJ.exe
  2⤵
  PID:8356
- C:\Windows\System\nYaKYiA.exe
  C:\Windows\System\nYaKYiA.exe
  2⤵
  PID:8372
- C:\Windows\System\MaGcwBf.exe
  C:\Windows\System\MaGcwBf.exe
  2⤵
  PID:8396
- C:\Windows\System\vbfMLyh.exe
  C:\Windows\System\vbfMLyh.exe
  2⤵
  PID:8416
- C:\Windows\System\rScKcbm.exe
  C:\Windows\System\rScKcbm.exe
  2⤵
  PID:8472
- C:\Windows\System\eOSDYKo.exe
  C:\Windows\System\eOSDYKo.exe
  2⤵
  PID:8488
- C:\Windows\System\aOaAfYC.exe
  C:\Windows\System\aOaAfYC.exe
  2⤵
  PID:8504
- C:\Windows\System\ILmyOVA.exe
  C:\Windows\System\ILmyOVA.exe
  2⤵
  PID:8524
- C:\Windows\System\avVznqR.exe
  C:\Windows\System\avVznqR.exe
  2⤵
  PID:8544
- C:\Windows\System\DsrfOoi.exe
  C:\Windows\System\DsrfOoi.exe
  2⤵
  PID:8560
- C:\Windows\System\CuzTntD.exe
  C:\Windows\System\CuzTntD.exe
  2⤵
  PID:8576
- C:\Windows\System\mXNRekZ.exe
  C:\Windows\System\mXNRekZ.exe
  2⤵
  PID:8592
- C:\Windows\System\jlQfYjy.exe
  C:\Windows\System\jlQfYjy.exe
  2⤵
  PID:8624
- C:\Windows\System\ThSsRbb.exe
  C:\Windows\System\ThSsRbb.exe
  2⤵
  PID:8672
- C:\Windows\System\xkHcDjo.exe
  C:\Windows\System\xkHcDjo.exe
  2⤵
  PID:8704
- C:\Windows\System\FtJvXog.exe
  C:\Windows\System\FtJvXog.exe
  2⤵
  PID:8720
- C:\Windows\System\VaImXlg.exe
  C:\Windows\System\VaImXlg.exe
  2⤵
  PID:8744
- C:\Windows\System\LvRLgZQ.exe
  C:\Windows\System\LvRLgZQ.exe
  2⤵
  PID:8768
- C:\Windows\System\NSfGcnv.exe
  C:\Windows\System\NSfGcnv.exe
  2⤵
  PID:8788
- C:\Windows\System\fAOmyFN.exe
  C:\Windows\System\fAOmyFN.exe
  2⤵
  PID:8812
- C:\Windows\System\xsPhBie.exe
  C:\Windows\System\xsPhBie.exe
  2⤵
  PID:8828
- C:\Windows\System\IRWQYii.exe
  C:\Windows\System\IRWQYii.exe
  2⤵
  PID:8844
- C:\Windows\System\RNXNMgB.exe
  C:\Windows\System\RNXNMgB.exe
  2⤵
  PID:8864
- C:\Windows\System\IeuEzji.exe
  C:\Windows\System\IeuEzji.exe
  2⤵
  PID:8880
- C:\Windows\System\ydHGjIh.exe
  C:\Windows\System\ydHGjIh.exe
  2⤵
  PID:8912
- C:\Windows\System\QtKbhOX.exe
  C:\Windows\System\QtKbhOX.exe
  2⤵
  PID:8928
- C:\Windows\System\ytcpgPR.exe
  C:\Windows\System\ytcpgPR.exe
  2⤵
  PID:8944
- C:\Windows\System\OjZulhl.exe
  C:\Windows\System\OjZulhl.exe
  2⤵
  PID:8960
- C:\Windows\System\leqzQMf.exe
  C:\Windows\System\leqzQMf.exe
  2⤵
  PID:8976
- C:\Windows\System\rdStTrE.exe
  C:\Windows\System\rdStTrE.exe
  2⤵
  PID:9008
- C:\Windows\System\MgVSlUH.exe
  C:\Windows\System\MgVSlUH.exe
  2⤵
  PID:9028
- C:\Windows\System\BkFmhiT.exe
  C:\Windows\System\BkFmhiT.exe
  2⤵
  PID:9044
- C:\Windows\System\fZepqwD.exe
  C:\Windows\System\fZepqwD.exe
  2⤵
  PID:9060
- C:\Windows\System\UkYsXNd.exe
  C:\Windows\System\UkYsXNd.exe
  2⤵
  PID:9080
- C:\Windows\System\kTRZEeJ.exe
  C:\Windows\System\kTRZEeJ.exe
  2⤵
  PID:9120
- C:\Windows\System\VKSrVqx.exe
  C:\Windows\System\VKSrVqx.exe
  2⤵
  PID:9136
- C:\Windows\System\xXBshBz.exe
  C:\Windows\System\xXBshBz.exe
  2⤵
  PID:9152
- C:\Windows\System\wapCOtw.exe
  C:\Windows\System\wapCOtw.exe
  2⤵
  PID:9168
- C:\Windows\System\vkwXYfW.exe
  C:\Windows\System\vkwXYfW.exe
  2⤵
  PID:9184
- C:\Windows\System\DKQGwXE.exe
  C:\Windows\System\DKQGwXE.exe
  2⤵
  PID:9200
- C:\Windows\System\lSPAlhy.exe
  C:\Windows\System\lSPAlhy.exe
  2⤵
  PID:8148
- C:\Windows\System\wBNybkk.exe
  C:\Windows\System\wBNybkk.exe
  2⤵
  PID:7112
- C:\Windows\System\SxSqzuL.exe
  C:\Windows\System\SxSqzuL.exe
  2⤵
  PID:2428
- C:\Windows\System\YdtMNoE.exe
  C:\Windows\System\YdtMNoE.exe
  2⤵
  PID:888
- C:\Windows\System\VQiAkIc.exe
  C:\Windows\System\VQiAkIc.exe
  2⤵
  PID:8088
- C:\Windows\System\cVSxiwG.exe
  C:\Windows\System\cVSxiwG.exe
  2⤵
  PID:2488
- C:\Windows\System\osEuFvu.exe
  C:\Windows\System\osEuFvu.exe
  2⤵
  PID:7396
- C:\Windows\System\lLjrddN.exe
  C:\Windows\System\lLjrddN.exe
  2⤵
  PID:8268
- C:\Windows\System\ZGtaAYn.exe
  C:\Windows\System\ZGtaAYn.exe
  2⤵
  PID:3988
- C:\Windows\System\DSTlgjJ.exe
  C:\Windows\System\DSTlgjJ.exe
  2⤵
  PID:7220
- C:\Windows\System\SHZGCVx.exe
  C:\Windows\System\SHZGCVx.exe
  2⤵
  PID:8388
- C:\Windows\System\mvraOYW.exe
  C:\Windows\System\mvraOYW.exe
  2⤵
  PID:8428
- C:\Windows\System\CvjKyzx.exe
  C:\Windows\System\CvjKyzx.exe
  2⤵
  PID:4660
- C:\Windows\System\OfoyIqR.exe
  C:\Windows\System\OfoyIqR.exe
  2⤵
  PID:8452
- C:\Windows\System\CjtvCkR.exe
  C:\Windows\System\CjtvCkR.exe
  2⤵
  PID:8500
- C:\Windows\System\VRTbJOE.exe
  C:\Windows\System\VRTbJOE.exe
  2⤵
  PID:8640
- C:\Windows\System\IvivauT.exe
  C:\Windows\System\IvivauT.exe
  2⤵
  PID:8656
- C:\Windows\System\MejGyOy.exe
  C:\Windows\System\MejGyOy.exe
  2⤵
  PID:8568
- C:\Windows\System\JoJOBMW.exe
  C:\Windows\System\JoJOBMW.exe
  2⤵
  PID:8664
- C:\Windows\System\VUJGWnn.exe
  C:\Windows\System\VUJGWnn.exe
  2⤵
  PID:8608
- C:\Windows\System\sLVOWbh.exe
  C:\Windows\System\sLVOWbh.exe
  2⤵
  PID:8680
- C:\Windows\System\hutTMYO.exe
  C:\Windows\System\hutTMYO.exe
  2⤵
  PID:8688
- C:\Windows\System\PhiPQXR.exe
  C:\Windows\System\PhiPQXR.exe
  2⤵
  PID:8696
- C:\Windows\System\kHSRLlk.exe
  C:\Windows\System\kHSRLlk.exe
  2⤵
  PID:8764
- C:\Windows\System\OlAKHKW.exe
  C:\Windows\System\OlAKHKW.exe
  2⤵
  PID:8736
- C:\Windows\System\WIvrUkL.exe
  C:\Windows\System\WIvrUkL.exe
  2⤵
  PID:8808
- C:\Windows\System\jVMDmVa.exe
  C:\Windows\System\jVMDmVa.exe
  2⤵
  PID:8836
- C:\Windows\System\zXVjGTz.exe
  C:\Windows\System\zXVjGTz.exe
  2⤵
  PID:8780
- C:\Windows\System\YdICgts.exe
  C:\Windows\System\YdICgts.exe
  2⤵
  PID:8856
- C:\Windows\System\QfTwpcG.exe
  C:\Windows\System\QfTwpcG.exe
  2⤵
  PID:5632
- C:\Windows\System\UTAJQHD.exe
  C:\Windows\System\UTAJQHD.exe
  2⤵
  PID:8892
- C:\Windows\System\GNuMMun.exe
  C:\Windows\System\GNuMMun.exe
  2⤵
  PID:8924
- C:\Windows\System\hxVAkIA.exe
  C:\Windows\System\hxVAkIA.exe
  2⤵
  PID:8940
- C:\Windows\System\zcYSSid.exe
  C:\Windows\System\zcYSSid.exe
  2⤵
  PID:9000
- C:\Windows\System\GZCaaVu.exe
  C:\Windows\System\GZCaaVu.exe
  2⤵
  PID:8992
- C:\Windows\System\ZUNPUUU.exe
  C:\Windows\System\ZUNPUUU.exe
  2⤵
  PID:9040
- C:\Windows\System\UTNwuxh.exe
  C:\Windows\System\UTNwuxh.exe
  2⤵
  PID:9076
- C:\Windows\System\QTBOemD.exe
  C:\Windows\System\QTBOemD.exe
  2⤵
  PID:9056
- C:\Windows\System\pVapPGs.exe
  C:\Windows\System\pVapPGs.exe
  2⤵
  PID:9160
- C:\Windows\System\xDSGlZj.exe
  C:\Windows\System\xDSGlZj.exe
  2⤵
  PID:9112
- C:\Windows\System\PhcAdOe.exe
  C:\Windows\System\PhcAdOe.exe
  2⤵
  PID:1424
- C:\Windows\System\fNEZVFf.exe
  C:\Windows\System\fNEZVFf.exe
  2⤵
  PID:9180
- C:\Windows\System\dkaLVyK.exe
  C:\Windows\System\dkaLVyK.exe
  2⤵
  PID:7764
- C:\Windows\System\eNjFGXc.exe
  C:\Windows\System\eNjFGXc.exe
  2⤵
  PID:6392
- C:\Windows\System\eCTsgwK.exe
  C:\Windows\System\eCTsgwK.exe
  2⤵
  PID:536
- C:\Windows\System\xoWCsyq.exe
  C:\Windows\System\xoWCsyq.exe
  2⤵
  PID:2548
- C:\Windows\System\OEwTBGf.exe
  C:\Windows\System\OEwTBGf.exe
  2⤵
  PID:7248
- C:\Windows\System\dnhMfDy.exe
  C:\Windows\System\dnhMfDy.exe
  2⤵
  PID:7608
- C:\Windows\System\xqcVHpz.exe
  C:\Windows\System\xqcVHpz.exe
  2⤵
  PID:1000
- C:\Windows\System\MgXMCHY.exe
  C:\Windows\System\MgXMCHY.exe
  2⤵
  PID:1824
- C:\Windows\System\XXknTvY.exe
  C:\Windows\System\XXknTvY.exe
  2⤵
  PID:2188
- C:\Windows\System\VTnzDxo.exe
  C:\Windows\System\VTnzDxo.exe
  2⤵
  PID:8252
- C:\Windows\System\JzPGbpM.exe
  C:\Windows\System\JzPGbpM.exe
  2⤵
  PID:8288
- C:\Windows\System\kpKosBn.exe
  C:\Windows\System\kpKosBn.exe
  2⤵
  PID:8364
- C:\Windows\System\fvTeOaR.exe
  C:\Windows\System\fvTeOaR.exe
  2⤵
  PID:8368
- C:\Windows\System\jDYvgxO.exe
  C:\Windows\System\jDYvgxO.exe
  2⤵
  PID:8480
- C:\Windows\System\EWlvWGX.exe
  C:\Windows\System\EWlvWGX.exe
  2⤵
  PID:8348
- C:\Windows\System\Umzymhc.exe
  C:\Windows\System\Umzymhc.exe
  2⤵
  PID:8516
- C:\Windows\System\ChLZeyF.exe
  C:\Windows\System\ChLZeyF.exe
  2⤵
  PID:1336
- C:\Windows\System\xGIstOg.exe
  C:\Windows\System\xGIstOg.exe
  2⤵
  PID:1308
- C:\Windows\System\UUjJXqk.exe
  C:\Windows\System\UUjJXqk.exe
  2⤵
  PID:2204
- C:\Windows\System\LVzCOZh.exe
  C:\Windows\System\LVzCOZh.exe
  2⤵
  PID:1712
- C:\Windows\System\LHyIIFz.exe
  C:\Windows\System\LHyIIFz.exe
  2⤵
  PID:2008
- C:\Windows\System\EnFqzhQ.exe
  C:\Windows\System\EnFqzhQ.exe
  2⤵
  PID:1956
- C:\Windows\System\yXGaWwy.exe
  C:\Windows\System\yXGaWwy.exe
  2⤵
  PID:2528
- C:\Windows\System\dxmDpvQ.exe
  C:\Windows\System\dxmDpvQ.exe
  2⤵
  PID:2700
- C:\Windows\System\KkOwMMg.exe
  C:\Windows\System\KkOwMMg.exe
  2⤵
  PID:8436
- C:\Windows\System\jmHlZqK.exe
  C:\Windows\System\jmHlZqK.exe
  2⤵
  PID:2924
- C:\Windows\System\ytEnWGl.exe
  C:\Windows\System\ytEnWGl.exe
  2⤵
  PID:8632
- C:\Windows\System\HmNnoWi.exe
  C:\Windows\System\HmNnoWi.exe
  2⤵
  PID:8468
- C:\Windows\System\cYHRBPP.exe
  C:\Windows\System\cYHRBPP.exe
  2⤵
  PID:2868
- C:\Windows\System\gezjmxz.exe
  C:\Windows\System\gezjmxz.exe
  2⤵
  PID:8952
- C:\Windows\System\sPnEoqU.exe
  C:\Windows\System\sPnEoqU.exe
  2⤵
  PID:8728
- C:\Windows\System\CGkIIDM.exe
  C:\Windows\System\CGkIIDM.exe
  2⤵
  PID:9068
- C:\Windows\System\RssUTDA.exe
  C:\Windows\System\RssUTDA.exe
  2⤵
  PID:8804
- C:\Windows\System\ovgSiSi.exe
  C:\Windows\System\ovgSiSi.exe
  2⤵
  PID:9164
- C:\Windows\System\tExZfAd.exe
  C:\Windows\System\tExZfAd.exe
  2⤵
  PID:8988
- C:\Windows\System\QDJraAD.exe
  C:\Windows\System\QDJraAD.exe
  2⤵
  PID:9128
- C:\Windows\System\MgRtiUm.exe
  C:\Windows\System\MgRtiUm.exe
  2⤵
  PID:8712
- C:\Windows\System\SaqeFrm.exe
  C:\Windows\System\SaqeFrm.exe
  2⤵
  PID:9144
- C:\Windows\System\GymDyvC.exe
  C:\Windows\System\GymDyvC.exe
  2⤵
  PID:8104
- C:\Windows\System\MBglFIs.exe
  C:\Windows\System\MBglFIs.exe
  2⤵
  PID:8300
- C:\Windows\System\rPPDmKD.exe
  C:\Windows\System\rPPDmKD.exe
  2⤵
  PID:7504
- C:\Windows\System\KEtqqZF.exe
  C:\Windows\System\KEtqqZF.exe
  2⤵
  PID:596
- C:\Windows\System\YISvJxg.exe
  C:\Windows\System\YISvJxg.exe
  2⤵
  PID:2908
- C:\Windows\System\cBMXcqJ.exe
  C:\Windows\System\cBMXcqJ.exe
  2⤵
  PID:2672
- C:\Windows\System\LwcsLBs.exe
  C:\Windows\System\LwcsLBs.exe
  2⤵
  PID:8512
- C:\Windows\System\IUIOInH.exe
  C:\Windows\System\IUIOInH.exe
  2⤵
  PID:2824
- C:\Windows\System\RPRABLF.exe
  C:\Windows\System\RPRABLF.exe
  2⤵
  PID:8284
- C:\Windows\System\QQgVnEh.exe
  C:\Windows\System\QQgVnEh.exe
  2⤵
  PID:5208
- C:\Windows\System\VKplAxz.exe
  C:\Windows\System\VKplAxz.exe
  2⤵
  PID:644
- C:\Windows\System\OWHFJXr.exe
  C:\Windows\System\OWHFJXr.exe
  2⤵
  PID:3032
- C:\Windows\System\NEQfuRg.exe
  C:\Windows\System\NEQfuRg.exe
  2⤵
  PID:2744
- C:\Windows\System\kKTYLaB.exe
  C:\Windows\System\kKTYLaB.exe
  2⤵
  PID:1820
- C:\Windows\System\PMsbPgf.exe
  C:\Windows\System\PMsbPgf.exe
  2⤵
  PID:2852
- C:\Windows\System\TukLcgw.exe
  C:\Windows\System\TukLcgw.exe
  2⤵
  PID:8620
- C:\Windows\System\BVVPlLU.exe
  C:\Windows\System\BVVPlLU.exe
  2⤵
  PID:8796
- C:\Windows\System\pbHBEag.exe
  C:\Windows\System\pbHBEag.exe
  2⤵
  PID:8648
- C:\Windows\System\nqfLWhu.exe
  C:\Windows\System\nqfLWhu.exe
  2⤵
  PID:8776
- C:\Windows\System\ZJcfPxd.exe
  C:\Windows\System\ZJcfPxd.exe
  2⤵
  PID:8852
- C:\Windows\System\VYAdZoY.exe
  C:\Windows\System\VYAdZoY.exe
  2⤵
  PID:9116
- C:\Windows\System\KCQBrVf.exe
  C:\Windows\System\KCQBrVf.exe
  2⤵
  PID:9192
- C:\Windows\System\iVOHMWP.exe
  C:\Windows\System\iVOHMWP.exe
  2⤵
  PID:8332
- C:\Windows\System\qrkOtLZ.exe
  C:\Windows\System\qrkOtLZ.exe
  2⤵
  PID:2828
- C:\Windows\System\DDjBiit.exe
  C:\Windows\System\DDjBiit.exe
  2⤵
  PID:1472
- C:\Windows\System\TOAdMbW.exe
  C:\Windows\System\TOAdMbW.exe
  2⤵
  PID:8408
- C:\Windows\System\fHcTJxS.exe
  C:\Windows\System\fHcTJxS.exe
  2⤵
  PID:8132
- C:\Windows\System\HwPGiUB.exe
  C:\Windows\System\HwPGiUB.exe
  2⤵
  PID:8168
- C:\Windows\System\PFPYwgS.exe
  C:\Windows\System\PFPYwgS.exe
  2⤵
  PID:1828
- C:\Windows\System\okhGXWM.exe
  C:\Windows\System\okhGXWM.exe
  2⤵
  PID:8448
- C:\Windows\System\yjWaFCL.exe
  C:\Windows\System\yjWaFCL.exe
  2⤵
  PID:8616
- C:\Windows\System\GPulsdy.exe
  C:\Windows\System\GPulsdy.exe
  2⤵
  PID:8860
- C:\Windows\System\WAUCfTX.exe
  C:\Windows\System\WAUCfTX.exe
  2⤵
  PID:1028
- C:\Windows\System\saxBeSI.exe
  C:\Windows\System\saxBeSI.exe
  2⤵
  PID:9104
- C:\Windows\System\mDQjTLI.exe
  C:\Windows\System\mDQjTLI.exe
  2⤵
  PID:8936
- C:\Windows\System\nwMfRBh.exe
  C:\Windows\System\nwMfRBh.exe
  2⤵
  PID:9232
- C:\Windows\System\ZHNGgvI.exe
  C:\Windows\System\ZHNGgvI.exe
  2⤵
  PID:9252
- C:\Windows\System\TnRRwjP.exe
  C:\Windows\System\TnRRwjP.exe
  2⤵
  PID:9268
- C:\Windows\System\PJuehRm.exe
  C:\Windows\System\PJuehRm.exe
  2⤵
  PID:9284
- C:\Windows\System\OmVcYGc.exe
  C:\Windows\System\OmVcYGc.exe
  2⤵
  PID:9300
- C:\Windows\System\gRoVigp.exe
  C:\Windows\System\gRoVigp.exe
  2⤵
  PID:9316
- C:\Windows\System\sfDFnzp.exe
  C:\Windows\System\sfDFnzp.exe
  2⤵
  PID:9332
- C:\Windows\System\TBLhoaW.exe
  C:\Windows\System\TBLhoaW.exe
  2⤵
  PID:9348
- C:\Windows\System\TXFDcus.exe
  C:\Windows\System\TXFDcus.exe
  2⤵
  PID:9364
- C:\Windows\System\LQCNosc.exe
  C:\Windows\System\LQCNosc.exe
  2⤵
  PID:9380
- C:\Windows\System\IYttNQi.exe
  C:\Windows\System\IYttNQi.exe
  2⤵
  PID:9396
- C:\Windows\System\kmcyGVC.exe
  C:\Windows\System\kmcyGVC.exe
  2⤵
  PID:9412
- C:\Windows\System\SwHjsYn.exe
  C:\Windows\System\SwHjsYn.exe
  2⤵
  PID:9428
- C:\Windows\System\SSpzfSr.exe
  C:\Windows\System\SSpzfSr.exe
  2⤵
  PID:9444
- C:\Windows\System\CwdIsLE.exe
  C:\Windows\System\CwdIsLE.exe
  2⤵
  PID:9460
- C:\Windows\System\xKRcqWj.exe
  C:\Windows\System\xKRcqWj.exe
  2⤵
  PID:9476
- C:\Windows\System\pJclxUF.exe
  C:\Windows\System\pJclxUF.exe
  2⤵
  PID:9492
- C:\Windows\System\QHgiXix.exe
  C:\Windows\System\QHgiXix.exe
  2⤵
  PID:9508
- C:\Windows\System\sUioxND.exe
  C:\Windows\System\sUioxND.exe
  2⤵
  PID:9524
- C:\Windows\System\djvaMMo.exe
  C:\Windows\System\djvaMMo.exe
  2⤵
  PID:9540
- C:\Windows\System\nYwflqk.exe
  C:\Windows\System\nYwflqk.exe
  2⤵
  PID:9556
- C:\Windows\System\BVzLgUK.exe
  C:\Windows\System\BVzLgUK.exe
  2⤵
  PID:9572
- C:\Windows\System\USGDOvC.exe
  C:\Windows\System\USGDOvC.exe
  2⤵
  PID:9588
- C:\Windows\System\SyZlkKw.exe
  C:\Windows\System\SyZlkKw.exe
  2⤵
  PID:9604
- C:\Windows\System\MQIhurP.exe
  C:\Windows\System\MQIhurP.exe
  2⤵
  PID:9620
- C:\Windows\System\MoUZPPw.exe
  C:\Windows\System\MoUZPPw.exe
  2⤵
  PID:9636
- C:\Windows\System\ZMersyj.exe
  C:\Windows\System\ZMersyj.exe
  2⤵
  PID:9652
- C:\Windows\System\rhasgrC.exe
  C:\Windows\System\rhasgrC.exe
  2⤵
  PID:9668
- C:\Windows\System\fhABEFG.exe
  C:\Windows\System\fhABEFG.exe
  2⤵
  PID:9684
- C:\Windows\System\aHmqawa.exe
  C:\Windows\System\aHmqawa.exe
  2⤵
  PID:9712
- C:\Windows\System\YvepGgq.exe
  C:\Windows\System\YvepGgq.exe
  2⤵
  PID:9728
- C:\Windows\System\HUPCEQO.exe
  C:\Windows\System\HUPCEQO.exe
  2⤵
  PID:9744
- C:\Windows\System\VKLdvvM.exe
  C:\Windows\System\VKLdvvM.exe
  2⤵
  PID:9760
- C:\Windows\System\AcpFAop.exe
  C:\Windows\System\AcpFAop.exe
  2⤵
  PID:9776
- C:\Windows\System\GFjiIPG.exe
  C:\Windows\System\GFjiIPG.exe
  2⤵
  PID:9792
- C:\Windows\System\PLkDXSr.exe
  C:\Windows\System\PLkDXSr.exe
  2⤵
  PID:9812
- C:\Windows\System\pJvrYKN.exe
  C:\Windows\System\pJvrYKN.exe
  2⤵
  PID:9828
- C:\Windows\System\pfCljGZ.exe
  C:\Windows\System\pfCljGZ.exe
  2⤵
  PID:9848
- C:\Windows\System\GrLIntu.exe
  C:\Windows\System\GrLIntu.exe
  2⤵
  PID:9864
- C:\Windows\System\BxCxigo.exe
  C:\Windows\System\BxCxigo.exe
  2⤵
  PID:9884
- C:\Windows\System\LpvdBfr.exe
  C:\Windows\System\LpvdBfr.exe
  2⤵
  PID:9900
- C:\Windows\System\umNEmSI.exe
  C:\Windows\System\umNEmSI.exe
  2⤵
  PID:9916
- C:\Windows\System\mLVupQN.exe
  C:\Windows\System\mLVupQN.exe
  2⤵
  PID:9932
- C:\Windows\System\iVdZcbW.exe
  C:\Windows\System\iVdZcbW.exe
  2⤵
  PID:9948
- C:\Windows\System\hmyfaUd.exe
  C:\Windows\System\hmyfaUd.exe
  2⤵
  PID:9964
- C:\Windows\System\ILvpetC.exe
  C:\Windows\System\ILvpetC.exe
  2⤵
  PID:9980
- C:\Windows\System\SKeNFHF.exe
  C:\Windows\System\SKeNFHF.exe
  2⤵
  PID:9996
- C:\Windows\System\PUbPthz.exe
  C:\Windows\System\PUbPthz.exe
  2⤵
  PID:10012
- C:\Windows\System\nZCfBcy.exe
  C:\Windows\System\nZCfBcy.exe
  2⤵
  PID:10028
- C:\Windows\System\TtAvbQB.exe
  C:\Windows\System\TtAvbQB.exe
  2⤵
  PID:10044
- C:\Windows\System\WrFQZPR.exe
  C:\Windows\System\WrFQZPR.exe
  2⤵
  PID:10060
- C:\Windows\System\KsfCgwt.exe
  C:\Windows\System\KsfCgwt.exe
  2⤵
  PID:10076
- C:\Windows\System\iEPbTXR.exe
  C:\Windows\System\iEPbTXR.exe
  2⤵
  PID:10092
- C:\Windows\System\xCNYcep.exe
  C:\Windows\System\xCNYcep.exe
  2⤵
  PID:10108
- C:\Windows\System\sgMEJLE.exe
  C:\Windows\System\sgMEJLE.exe
  2⤵
  PID:10124
- C:\Windows\System\HIxVXHj.exe
  C:\Windows\System\HIxVXHj.exe
  2⤵
  PID:10140
- C:\Windows\System\zcbCLtO.exe
  C:\Windows\System\zcbCLtO.exe
  2⤵
  PID:10208
- C:\Windows\System\gOdMPSs.exe
  C:\Windows\System\gOdMPSs.exe
  2⤵
  PID:10224
- C:\Windows\System\CGUNHBW.exe
  C:\Windows\System\CGUNHBW.exe
  2⤵
  PID:8440
- C:\Windows\System\LqZJKLP.exe
  C:\Windows\System\LqZJKLP.exe
  2⤵
  PID:8756
- C:\Windows\System\vqgDsQs.exe
  C:\Windows\System\vqgDsQs.exe
  2⤵
  PID:8196
- C:\Windows\System\ZAzyfwA.exe
  C:\Windows\System\ZAzyfwA.exe
  2⤵
  PID:1748
- C:\Windows\System\MoPjsiD.exe
  C:\Windows\System\MoPjsiD.exe
  2⤵
  PID:9100
- C:\Windows\System\HpqCiiZ.exe
  C:\Windows\System\HpqCiiZ.exe
  2⤵
  PID:8732
- C:\Windows\System\XjQlzhO.exe
  C:\Windows\System\XjQlzhO.exe
  2⤵
  PID:2740
- C:\Windows\System\WHAqLkj.exe
  C:\Windows\System\WHAqLkj.exe
  2⤵
  PID:9260
- C:\Windows\System\sTfdRAk.exe
  C:\Windows\System\sTfdRAk.exe
  2⤵
  PID:9308
- C:\Windows\System\ioqDfna.exe
  C:\Windows\System\ioqDfna.exe
  2⤵
  PID:9340
- C:\Windows\System\dFuuHse.exe
  C:\Windows\System\dFuuHse.exe
  2⤵
  PID:9404
- C:\Windows\System\FuSECSj.exe
  C:\Windows\System\FuSECSj.exe
  2⤵
  PID:9440
- C:\Windows\System\xcMXrvC.exe
  C:\Windows\System\xcMXrvC.exe
  2⤵
  PID:9504
- C:\Windows\System\uiHOSJc.exe
  C:\Windows\System\uiHOSJc.exe
  2⤵
  PID:9388
- C:\Windows\System\fiCwsqF.exe
  C:\Windows\System\fiCwsqF.exe
  2⤵
  PID:9456
- C:\Windows\System\OcCDUQU.exe
  C:\Windows\System\OcCDUQU.exe
  2⤵
  PID:9516
- C:\Windows\System\XStGxAV.exe
  C:\Windows\System\XStGxAV.exe
  2⤵
  PID:2176
- C:\Windows\System\xdssSbZ.exe
  C:\Windows\System\xdssSbZ.exe
  2⤵
  PID:9644
- C:\Windows\System\MNiRfdl.exe
  C:\Windows\System\MNiRfdl.exe
  2⤵
  PID:9580
- C:\Windows\System\bnPOIsR.exe
  C:\Windows\System\bnPOIsR.exe
  2⤵
  PID:9600
- C:\Windows\System\jjxryNP.exe
  C:\Windows\System\jjxryNP.exe
  2⤵
  PID:9664
- C:\Windows\System\FVHYbvG.exe
  C:\Windows\System\FVHYbvG.exe
  2⤵
  PID:9720
- C:\Windows\System\IZIcKWY.exe
  C:\Windows\System\IZIcKWY.exe
  2⤵
  PID:9724
- C:\Windows\System\dEgjNbA.exe
  C:\Windows\System\dEgjNbA.exe
  2⤵
  PID:9820
- C:\Windows\System\coPEOPO.exe
  C:\Windows\System\coPEOPO.exe
  2⤵
  PID:9860
- C:\Windows\System\qXZzRKT.exe
  C:\Windows\System\qXZzRKT.exe
  2⤵
  PID:9928
- C:\Windows\System\BeeBakF.exe
  C:\Windows\System\BeeBakF.exe
  2⤵
  PID:10020
- C:\Windows\System\VpLSMWw.exe
  C:\Windows\System\VpLSMWw.exe
  2⤵
  PID:10084
- C:\Windows\System\CFqQmWY.exe
  C:\Windows\System\CFqQmWY.exe
  2⤵
  PID:9992
- C:\Windows\System\KBikxcq.exe
  C:\Windows\System\KBikxcq.exe
  2⤵
  PID:9872
- C:\Windows\System\jDTijQe.exe
  C:\Windows\System\jDTijQe.exe
  2⤵
  PID:9912
- C:\Windows\System\IwZpAQq.exe
  C:\Windows\System\IwZpAQq.exe
  2⤵
  PID:10120
- C:\Windows\System\PfqRFDI.exe
  C:\Windows\System\PfqRFDI.exe
  2⤵
  PID:10040
- C:\Windows\System\iqEwFfK.exe
  C:\Windows\System\iqEwFfK.exe
  2⤵
  PID:10132
- C:\Windows\System\wROJFFy.exe
  C:\Windows\System\wROJFFy.exe
  2⤵
  PID:9804
- C:\Windows\System\YKlbyZA.exe
  C:\Windows\System\YKlbyZA.exe
  2⤵
  PID:9976
- C:\Windows\System\cthRpBS.exe
  C:\Windows\System\cthRpBS.exe
  2⤵
  PID:10164
- C:\Windows\System\afPUVxG.exe
  C:\Windows\System\afPUVxG.exe
  2⤵
  PID:10192
- C:\Windows\System\OadKHRA.exe
  C:\Windows\System\OadKHRA.exe
  2⤵
  PID:10204
- C:\Windows\System\hIZYMBy.exe
  C:\Windows\System\hIZYMBy.exe
  2⤵
  PID:10232
- C:\Windows\System\OYhnpIf.exe
  C:\Windows\System\OYhnpIf.exe
  2⤵
  PID:7288
- C:\Windows\System\eNRmlEc.exe
  C:\Windows\System\eNRmlEc.exe
  2⤵
  PID:9280
- C:\Windows\System\OlLhujr.exe
  C:\Windows\System\OlLhujr.exe
  2⤵
  PID:9372
- C:\Windows\System\ggFIdWr.exe
  C:\Windows\System\ggFIdWr.exe
  2⤵
  PID:9424
- C:\Windows\System\ZuKPGbe.exe
  C:\Windows\System\ZuKPGbe.exe
  2⤵
  PID:9564
- C:\Windows\System\DBdEgvv.exe
  C:\Windows\System\DBdEgvv.exe
  2⤵
  PID:8760
- C:\Windows\System\afXYwHN.exe
  C:\Windows\System\afXYwHN.exe
  2⤵
  PID:9568
- C:\Windows\System\UPoWJRT.exe
  C:\Windows\System\UPoWJRT.exe
  2⤵
  PID:9704
- C:\Windows\System\GNTTOJi.exe
  C:\Windows\System\GNTTOJi.exe
  2⤵
  PID:9408
- C:\Windows\System\lFYovMQ.exe
  C:\Windows\System\lFYovMQ.exe
  2⤵
  PID:9700
- C:\Windows\System\PHRzGip.exe
  C:\Windows\System\PHRzGip.exe
  2⤵
  PID:9616
- C:\Windows\System\JelqLLl.exe
  C:\Windows\System\JelqLLl.exe
  2⤵
  PID:9924
- C:\Windows\System\DNHavxu.exe
  C:\Windows\System\DNHavxu.exe
  2⤵
  PID:10104
- C:\Windows\System\JMDaAMZ.exe
  C:\Windows\System\JMDaAMZ.exe
  2⤵
  PID:9972
- C:\Windows\System\giYlHkk.exe
  C:\Windows\System\giYlHkk.exe
  2⤵
  PID:1008
- C:\Windows\System\wqxGGXW.exe
  C:\Windows\System\wqxGGXW.exe
  2⤵
  PID:10168
- C:\Windows\System\xSlxGRU.exe
  C:\Windows\System\xSlxGRU.exe
  2⤵
  PID:10220
- C:\Windows\System\zXhFqDa.exe
  C:\Windows\System\zXhFqDa.exe
  2⤵
  PID:8464
- C:\Windows\System\LIDQDhB.exe
  C:\Windows\System\LIDQDhB.exe
  2⤵
  PID:9628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CONUgXS.exe

Filesize
6.0MB

MD5
6a23989fe9445fde400935387f7ad3fe

SHA1
fa3e9dc9aa738b47658f0817c8a2ceb2ed5902f2

SHA256
0e820fc82a01839d70155065dd91596a8faa641b0a342354faa7cbb4a90e93e3

SHA512
2fd534243e3a8e2d62687f01c6c43c2b0dca5e7b0aee1a77a98bb62e0d9e95c3facc324c75ba9b154ed7e21fc89183c95da4e7102a46b99aba411aa39ac6702b

Download Submit
C:\Windows\system\DYxARUu.exe

Filesize
6.0MB

MD5
f861ef4d128db5b27d198ae977447042

SHA1
cfb63b5ab9df8aefd0a7201f7f1c9052ae7673d8

SHA256
65d4159ce091083830948f3f67f13f106713a4a5ab33e2c1b23fdea1499ccb47

SHA512
25d22239ffd879b9433a04153c04474bf548c51488ad84a977623e8b9c7b682b2a703a68807d995c61cf893fe4e401df4d102089f30b1a10cf7ee3de04265bab

Download Submit
C:\Windows\system\FCXBemP.exe

Filesize
6.0MB

MD5
524b12edd8d46b2d533f8ac438fd04ae

SHA1
4fd60305a282d2463c4c930c0acf92fd85fdb712

SHA256
f9626c078abc400780f791935e266029491bc791b56ed2fcb49e195842a3bb03

SHA512
6c2c3c0f66fa2672997dea255ef76aceb52703acfeedd8efca4cf6b7514e73b2c8248ec3a2f872ae5386b9dfb7a134bc3a77765a45350a49ffa88ce97bdef05c

Download Submit
C:\Windows\system\IRlTeTh.exe

Filesize
6.0MB

MD5
fce77dcb581afac9b37372c654c95c6d

SHA1
5117de4f227640e8c4242b218d21f532529ffd89

SHA256
38091ab0944cb470ad9c1c90dc47ed0aebfe9707d08744743b40a6d9eda2248f

SHA512
3c583f33a5e14bf61468e646e45f1be23a88c2dccdc5999aabd958536cd28d922fec7cbc26f9535c3189cce21a7e53e9913b20248affc3a43f46c202c34ee0e1

Download Submit
C:\Windows\system\JipPVkO.exe

Filesize
6.0MB

MD5
69fd8eb80c25f269f53fd172a9898079

SHA1
9b7d279a3e362f1833cb6224c741229af30e7669

SHA256
6e64fe9d8fc3fd4e242391cd2b5d74767574c3971b2acdefb0158a62bdd34e58

SHA512
991f591fdbd6506ab3718b7637b5c277945394db322b90f0a1af006c38d00e244acce5d0139f922c5aae4951352f61cb7f26f992d7c9282de14edca1c3f0d3fe

Download Submit
C:\Windows\system\KEYtBSj.exe

Filesize
6.0MB

MD5
74e56d1ad5e1ac36b4a1c6f17700675b

SHA1
67f38618382c6ff7c4b18b6a94200c1dbc9b6089

SHA256
1ad59624a237d9c4c374b513c239fa1140f9ed2da991e985428b656c6327a9a3

SHA512
92239ae524d862634658524d5ba40e107b45f017ff58f2ed35454de55fa5004373a7b40248735b549427d0ce799b6ba1e8d44cd2a5c2b9f0b37b12e6dd1db0f6

Download Submit
C:\Windows\system\LvVbHtY.exe

Filesize
6.0MB

MD5
d903f38493f55f380576c5f4cb00dea2

SHA1
19cdd203113c1eedacefbebaf19adbe562c87d05

SHA256
0451694fe2aca36a4631010141deffebe21610fa3184b8ecb240528537e74a37

SHA512
78c6ddd7d306677cabab064525d1c05927ea81b3bf04113c5530ad7feb5de3a9a9497c29afb1e68f59688e3c0b606494012da99cadc8e9cd5e47f8ade973f536

Download Submit
C:\Windows\system\MIyWLCS.exe

Filesize
6.0MB

MD5
9735c91603323cadacf4e9d1ece5e19c

SHA1
b5fdca6a461c32915adbbbe4ae9876ea7baee19a

SHA256
89bc51faa580f5dab29c346003dace05f70c6ab9265a98c855ad8b177c37b934

SHA512
e64a67e8635b1e92078d24d7b6c6d250250232850619fee13e32cd9b02251e5dc86c35ab3858ad28bbe86b7c251a16385e772ffc5d03a8b5315cf561733d5a60

Download Submit
C:\Windows\system\OeZbztt.exe

Filesize
6.0MB

MD5
3f4959eea68de6c92adf58ea9ee08cad

SHA1
9dfd0da966d70acb246f6062cee2d3404f39e558

SHA256
5a35d43c14b2e8c259c8301b0b7a9505c6386b9fbc4fd415c64013eef944a596

SHA512
9e670a131afc218d1c77d02f7d57a4b075090ce2ae7af0d194067af150e64027e1c2df043cb297547839966dcf53940b83721da2c9b254b8050bf4ff18e7a1d1

Download Submit
C:\Windows\system\OtLeeov.exe

Filesize
6.0MB

MD5
c75ff44008a65cec7d072c056c50c7be

SHA1
d710d534d17f0197403c90bf61aa82641d3ef723

SHA256
a83bdd8c8548056588cc1c1c0219b53a344b6e301dea153fb4ca17e5afe875a3

SHA512
ab3fcde3090b567f4efa08b00649af6b4dcc012d6a6ab275a909da1ff83358554e8a1be6419b4acde64427d011c58e25951bc8a012cc7f901fdbc40a4351097d

Download Submit
C:\Windows\system\QGfqbFD.exe

Filesize
6.0MB

MD5
9844b642518f53891ce8e8e74e398420

SHA1
5bdc3bb6921f0ff8530926a40192e8e1c9f83ef2

SHA256
566cff120456c1124f6e33c50360f0f892f6107c242ab0951f9fd449951dd1f8

SHA512
aed113d1cf5126c37a9936328de5b12722b80c9a2b3e88c762b362566d80c70e2146b441f9c4dabbf30a1255f7378c59998bb624c1cb0348c31ce984e38bbcfe

Download Submit
C:\Windows\system\QWEnKmM.exe

Filesize
6.0MB

MD5
66b6170176e116d9d02b6b5d69b8a2bf

SHA1
635b732ed368234ee3d87b63df14c47e0af420fe

SHA256
916dc8fe06d4147b4fd61e8008a7825d8b6f67ea5fdef773c241fa47a36704dd

SHA512
a5f61cec43369258a11533ce2931619450efb63e0b056cf55b0d0725ede87f534ebcee64cf639f713d52fc0a8cb46c64328261c23912e6835b3fe156b586a354

Download Submit
C:\Windows\system\ROZqSeD.exe

Filesize
6.0MB

MD5
c3dda1c428b1d4b59ea8477a97520f3d

SHA1
15c6d9c36d2ab93a4f01ddc81d84510d1884be6b

SHA256
5f082b158122e9622f3e5d7fedbc14c227bc17ba98bd14feeeafb6f84aa9bd69

SHA512
f8dbe16118e9f0722ff982a9753273904cdefd0843afb78a729f2ed9560827376f6217a59554b75b55c3933dde9e7b616e1bfbeb333871c782094e7866b1d55e

Download Submit
C:\Windows\system\SfWZRnG.exe

Filesize
6.0MB

MD5
b7a47b9a58f6da67d40fa99b1747bfb7

SHA1
38a003b2bb5745f7116a45b8ab45c463ddb57561

SHA256
2fb4abba02b52ead81d3167e11a8afa609dc8e1d950b01d2d16f995589f4aafe

SHA512
73c62911f913df5528ec945e50100401afbde68b6f4b3419260cdd7fc4ae3fa5cd8d44e031e1a1e6d433734caf417b8aa503b9c089b4d35b53aa9e518ac7c36d

Download Submit
C:\Windows\system\cWFtvwt.exe

Filesize
6.0MB

MD5
e7f0f7144b11d842b2223248224716dd

SHA1
dba400653ba2389a616791b9bfbb7a9ca9d7a5c7

SHA256
da8492ebd5d47be26b44ef45e09acec078beac6dba1af1392a6c717cd1c5e8e5

SHA512
10268084db15671981ae2501d47df89d41fd4cc77c992c7d926a2343ff9dc5e7b62b6cf10dff04736aacbbdc6413a3f66bcb3d1c34f23ccf7e2222e556ff37aa

Download Submit
C:\Windows\system\crmteXF.exe

Filesize
6.0MB

MD5
383f4eb043dc9b3c9bc587813f2627b4

SHA1
a5c9d7b571082acdbbf07515240e8960c78d637a

SHA256
cf4b570ee654fc9c64b3e7df1ea44db11ce19757921ac0d8af87c15118e3d248

SHA512
3e5b6033b3bdeb43ab14b325ad7087635cb303ed1a8d416973c64e99e012d048f71e9800ed216f8295d781944641267704baf646d4f297d00ef54585436efadb

Download Submit
C:\Windows\system\czQSKvd.exe

Filesize
6.0MB

MD5
0f10db69c73f1db84960745e8c376abc

SHA1
f0d366b2dbf721c06952bb47a6c4e9508bedd4bf

SHA256
f29382c50b561dc9805090949c7e82c0781e2c39dba0107c75e0d64b0c91eddb

SHA512
52125acff8514f3ea241b6db9e7cf9e093b32791882738d250300f704440c555a574977118e671d65053810cd30a49865651f765991a4d8e40ff7b0a3f65f0b0

Download Submit
C:\Windows\system\eyRtpBa.exe

Filesize
6.0MB

MD5
a89657d4681a74d3e2806897a350f137

SHA1
d293b5059708f421fa8fc1b373c5e427dd595bf9

SHA256
33541ad8a594fcfeadffa5751804e0da64ec8bb1062a3addcab0e6af407f8eed

SHA512
d9d497fbd46ba80b015e407190fef217ffebc76b6cfbfa4fe3ba252dfd4227c4a335cd93506150cb0ece31333471d478012a09da093a34c1c849beab1f72328e

Download Submit
C:\Windows\system\hIRUfAP.exe

Filesize
6.0MB

MD5
6f8a850177d03827b9f9208357e58614

SHA1
115a19fbff81753b284d39934dae353b714a9cf5

SHA256
45480c85a35891b882339d346f03bb16b2cd1b6d5b2b27966d28d2ab51a7ca18

SHA512
edba9e5ffce346eb103341412c6b7ffc5a5ea95cfea4a4985974e8ca42f5ac0a75803054f9847d2a1a597aa8a56aa08ab4c95933338bf6fc6f191af5ac583c22

Download Submit
C:\Windows\system\itlMpZP.exe

Filesize
6.0MB

MD5
e43343c0b51fe493a39db485cf83d5d5

SHA1
37c50e55711d616688f4d586ec5697dcf1ca2ed2

SHA256
f48c88dd0bb0e58cfaa651da70a34cd485cca61dc460cf0d8f58f78e55c34e3d

SHA512
1be5c52151e5a7677772f0bd81cd0ac96ec0a7c8178af86e7f0c0a8bd4c3202214f7f24795da62ff4e5f7a944a2382cdd49dbbb09cb8611116bca3d1a9c39af4

Download Submit
C:\Windows\system\jqvNPUl.exe

Filesize
6.0MB

MD5
cc22dec35775f957b1b592e3a0311d0c

SHA1
460d05699f18bb8ab9cd64e9b3778919c0e5ec23

SHA256
3402819f2836b2bce7fb37f0fb112cc2d8cc75477dac807a49fbed468b1ae695

SHA512
dd2808c62154be4d878cd29afbd1174441062561850778379dd65421671aa04941abf17edea7e999090ebb61407dfbe62eb7a8bf81787dcbbc06c40401f38e73

Download Submit
C:\Windows\system\ltYhbIW.exe

Filesize
6.0MB

MD5
248b6a3b7406da014557ce1556a4c9c5

SHA1
dbe93cfc5de5e8e68de4827480b2a2cb5c245d27

SHA256
5ea68ff1a2c6c746fd996cef0d68b9ab498b186064c5e0f79fa3a47e682c639d

SHA512
69d508a1eb3d191a705912e58df86be04efe9e807dc94f0825353afc17e63ffda52c941115d8abb64802f6a06ecd491e0462f0e59bef84d2b6399df120b35f73

Download Submit
C:\Windows\system\ryQdnLL.exe

Filesize
6.0MB

MD5
9a980cf3e16c02b3670e8fe48306f543

SHA1
b5802c0ab01b487f13d17030905420d84190e77e

SHA256
fb73181e12d6eec0d263feb739728523adf29041f615af9c72f313b860fd3f3e

SHA512
7f9d78e56a5f9c7e59b7374327223a9e4e9fed2e5b3e433942280a8bc4fc366e9876cb48bc36a18087cbfcbca66624d9d59feb3c8e32e76d6c860ace9016885c

Download Submit
C:\Windows\system\sQQSQjr.exe

Filesize
6.0MB

MD5
ecf9e597a4bcc7f89c3e193fd54d755c

SHA1
4339c44d29fb6131c3275a4a687e4413c3c8466b

SHA256
d479590a84b0a73aaf1049d888fcaf5508746026ac373fb6aec8fc3e81b12527

SHA512
18c2cfd8cfcf4b2265a66724d332545c3a862552c0935fc39748bd4161c2e368d064d2f96e4b4870bb7b9bbaccd1855c5e0a0ffd51bbb2940f9ebeb10ba01eec

Download Submit
C:\Windows\system\wRAcFkY.exe

Filesize
6.0MB

MD5
777db4494f02b1ca3c61531c42c3ffd6

SHA1
731cf02fa2b570e73de8e5d842bd5a2755a51476

SHA256
d4963cb087b2d0d19e132c5a6013c4d2d63f3cf4ade416cdd6a7311f8740e467

SHA512
cbbddb639ce22e00ad2f5c7a7dbbce30cc7cafd2fb5bf49762ec0d46e18261e8c2aac3f6ec98a7d08b9ab07883e47c8c21c621806c3b13bb165b5ae5fff25545

Download Submit
\Windows\system\Lbcjfvt.exe

Filesize
6.0MB

MD5
0f4d522f96487c5d8b453d0fd9072b96

SHA1
66e9e6d66a2e3e13b56496640f06c08caa065575

SHA256
b232ffa21fb790111307d2b8478adb1ab7cb7603535d7f69591048e497fc5d5e

SHA512
3d42ec84617993646271f6f4411facacf29cd1fb820232017fe95645c9dcdf805a6fe774b5620a32c6c7603f28073d3db40aff9bef37b10794cfbf28f7de451e

Download Submit
\Windows\system\MmwUAUg.exe

Filesize
6.0MB

MD5
5fcabd793f33daa18bf8b0fdac2fb92f

SHA1
95ac9680f07ac4017dad1335c77f368fbbf5928c

SHA256
4b8ac29cbb4d3faaa62fb39af768de13c3d89a6801eaea580bcc8cbd4092a8e5

SHA512
48b340d4b2e740e0d0b60c29d62a323d8ddb6a7339d02cca383b4174a9feb2825a716942f829e66db1cc8c741e79e4c5ba80ef53372bc3385e3e24ca12b48d44

Download Submit
\Windows\system\OIMHQWQ.exe

Filesize
6.0MB

MD5
7580c491570ca789ed0e5d89860dfd27

SHA1
0e21bb23817f01fcf9cb280152e5c1300da65f11

SHA256
f8d8e57af4b56df9e701d748abb29cf287a31defa2e9661217a522fbb992bbca

SHA512
99416495fd5ff98b345dc7fd478ac501fec1c05b863006ca60d24a7fda1cb24e05bb162de179d1d9c487692d25f846d0f1277cafde2cb0f018eabb29c8880d1f

Download Submit
\Windows\system\PiqqwQX.exe

Filesize
6.0MB

MD5
7870166e72a4c8f24dbea94257a49503

SHA1
87be45d307ec768d2b1e2fb353f1efef32160b70

SHA256
aaa66174dbc7425fa290194fc3fcc8f7a747b5934fd6cb7bd11ccb87c455cdff

SHA512
5f353bab637700b4f67d070fe5fb890fec120cb0ce71b37d08ba74a25b7cd783804d02c05249bb4ac932b4306214766e76a16fa5c3c792882d632d0be2f40d3d

Download Submit
\Windows\system\QOHgVJm.exe

Filesize
6.0MB

MD5
eb212405c7ff0f3809ecd3c863abc1dc

SHA1
8f293c420d58d7233ecb3cb84c94f774305acb5e

SHA256
b8449ff9e534f35754a01d0e083ce2d5b667b226a0f883808d0277d47d7df94e

SHA512
648b4dce8651e26d52dd2f84c8929de9d265625a0ca06b24806650caf9e7364148dfe4d28e655b614eb7b9ef7d018cf6448844b5b50010758d3a9bf88ce8b27d

Download Submit
\Windows\system\gBQwdwz.exe

Filesize
6.0MB

MD5
8573ec52fea5ca839432fe31dbdb3160

SHA1
db01be6f1a3564018a0d401b5d4d21aee9f5a42d

SHA256
7d68cb1cee10b37029420479dedae83df6898b1145721021fd45d0663aef9df1

SHA512
c20b79c2ae0aeff4e3ff6a17dca2aa14f401b764a29e11acf7f9c50ffad41620d0270eb8b83bcf3a9e22dcc78ebf4ca9f5dba40b6acb9651eb8f011b966bd770

Download Submit
\Windows\system\kdQIAIf.exe

Filesize
6.0MB

MD5
16affd5af6fc34cea12d5c114fc8cf82

SHA1
b8c8683425b547a7c05d6fb6bcf484c6b1303d3c

SHA256
c800e4e63a13135f5923566b68a6d0f174c7cc57754323dda2c0df6b970e6c43

SHA512
6f5bc85a3b1ef38412a288cb628e8b89bbc099ea439b2a87475de2cbb6b83804f21b93537f6fea791663d4c8b06174e7ff180e2be3f942849ccf5418b8ef15df

Download Submit
\Windows\system\vStbHDR.exe

Filesize
6.0MB

MD5
c047f9e1bd1e231ccf0a7b5856710d82

SHA1
717b4a139076a2c3006ad8b42cdb52534184b40c

SHA256
fcde41dc41496ce4088a47b37a97c239428188424831abadb15a2e1b3972c6cd

SHA512
eee66281e7d2163c3fe0f324f501283078628b802f9708b629de62becd199cd05eb1b85e9fe3018204732fb4a317b9c4c983c4b8bd38c974ff02d273cc02f19f

Download Submit
memory/1676-27-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1676-1213-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1676-96-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1676-68-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1676-62-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1676-61-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1676-638-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1676-0-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1676-57-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/1676-760-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1676-76-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1676-973-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1676-88-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1676-17-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1676-77-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1676-53-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1676-1076-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1676-131-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/1676-121-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1676-19-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1676-101-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/1676-117-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1676-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/1676-81-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1676-124-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1676-80-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1676-761-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/1680-90-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-3865-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1752-3856-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1752-111-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-44-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3815-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-3886-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2416-23-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2720-100-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2720-4555-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2752-109-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3855-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-75-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3847-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-85-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3859-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2880-3814-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2880-31-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2936-39-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-762-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3816-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download