cobaltstrike | 438c8ecd754ca17e2a35cf9dcab00fcb8b90f9e3142fef386afa9e8aa95bf79d

Analysis

max time kernel
92s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
28-01-2025 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

780de7441a4c488352de5c406a12dab8
SHA1

70e0e8c0dd6bfd4423cc1f5646348acc8a381ae4
SHA256

438c8ecd754ca17e2a35cf9dcab00fcb8b90f9e3142fef386afa9e8aa95bf79d
SHA512

fe959c004b814ab6f3767d9add5c6d0c2d2100ea336e8810ac6ed11141355a0706ae1a9c8afb3da793939e749707cf96a3c5a7215d677c1e18d4afb271f89d81
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU9:T+q56utgpPF8u/79

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017530-11.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000175ae-15.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c6-19.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186ca-23.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186cc-26.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186d9-31.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195d6-38.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019604-40.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019606-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-91.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-74.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-67.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-62.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-58.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019608-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-47.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018710-35.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/2216-0-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-3.dat	xmrig
behavioral1/files/0x0009000000017530-11.dat	xmrig
behavioral1/files/0x00080000000175ae-15.dat	xmrig
behavioral1/files/0x00060000000186c6-19.dat	xmrig
behavioral1/files/0x00060000000186ca-23.dat	xmrig
behavioral1/files/0x00060000000186cc-26.dat	xmrig
behavioral1/files/0x00060000000186d9-31.dat	xmrig
behavioral1/files/0x00060000000195d6-38.dat	xmrig
behavioral1/files/0x0005000000019604-40.dat	xmrig
behavioral1/files/0x0005000000019606-50.dat	xmrig
behavioral1/files/0x0005000000019c3c-91.dat	xmrig
behavioral1/files/0x0005000000019c57-98.dat	xmrig
behavioral1/files/0x0005000000019dbf-119.dat	xmrig
behavioral1/files/0x000500000001a07e-160.dat	xmrig
behavioral1/memory/2216-1129-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2140-1128-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/1480-1442-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/3048-1409-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2108-1304-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2648-1263-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2600-1229-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2772-1168-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2912-1094-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2768-1036-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2804-951-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2972-905-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2216-864-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2828-862-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2836-823-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2752-786-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a075-154.dat	xmrig
behavioral1/files/0x0005000000019f94-150.dat	xmrig
behavioral1/files/0x0005000000019f8a-145.dat	xmrig
behavioral1/files/0x0005000000019cca-118.dat	xmrig
behavioral1/files/0x0005000000019d8e-109.dat	xmrig
behavioral1/files/0x0005000000019cba-102.dat	xmrig
behavioral1/files/0x0005000000019c3e-94.dat	xmrig
behavioral1/files/0x0005000000019c34-86.dat	xmrig
behavioral1/files/0x0005000000019926-82.dat	xmrig
behavioral1/files/0x00050000000196a1-78.dat	xmrig
behavioral1/files/0x0005000000019667-74.dat	xmrig
behavioral1/files/0x000500000001961e-70.dat	xmrig
behavioral1/files/0x000500000001961c-67.dat	xmrig
behavioral1/files/0x000500000001960c-62.dat	xmrig
behavioral1/files/0x000500000001960a-58.dat	xmrig
behavioral1/files/0x0005000000019608-55.dat	xmrig
behavioral1/files/0x0005000000019605-47.dat	xmrig
behavioral1/files/0x0008000000018710-35.dat	xmrig
behavioral1/memory/2216-4083-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2108-4087-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2768-4089-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2836-4095-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2140-4094-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2600-4093-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2972-4091-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2772-4097-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2912-4096-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2752-4141-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/3048-4140-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2828-4139-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2648-4104-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2804-4098-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1480	OXrxyAz.exe
2752	uYEuBhy.exe
2836	OZxTtud.exe
2828	FOsEFjS.exe
2972	XXgZIpe.exe
2804	wqdnoUM.exe
2768	OgMJhWK.exe
2912	ZjjArGo.exe
2140	NEGPNds.exe
2772	NqrNhLL.exe
2600	ICouZQz.exe
2648	uEcGLog.exe
2108	TwCvIjS.exe
3048	YkyXVQZ.exe
320	BXXyYCg.exe
2944	IeloWLF.exe
1900	ldjVqYI.exe
892	fqyaWgH.exe
1320	fZLNgjz.exe
2580	DZpItzR.exe
2148	CWCRiKk.exe
536	FfPpCTZ.exe
2940	QWZNesK.exe
2644	prKOZng.exe
2180	rzdkDCb.exe
1100	SDQkhXt.exe
1200	ukGYKYd.exe
1120	FOFCgxF.exe
2272	SfBnLbq.exe
1640	JZKThrO.exe
1804	BlIbMLV.exe
1540	JLTyZPB.exe
1760	JilcOpl.exe
1504	JLIGRGy.exe
824	FMoQXVV.exe
1436	RjCHJkG.exe
2232	EydXafn.exe
2572	PCzoOYD.exe
2360	NJlDTYK.exe
3024	opmmcZY.exe
1424	NSHEuIy.exe
1756	MbTaTIR.exe
2068	lWqYudF.exe
1920	MMUBFXJ.exe
2304	XeefIQJ.exe
1888	haZfrdD.exe
1740	HxrVZzx.exe
2032	IjdXDeN.exe
2544	VRLFnOr.exe
1552	HaGujah.exe
2088	dTdhNKZ.exe
608	hPRNLUD.exe
2532	KUHYFfg.exe
2716	lnbOkka.exe
856	gxUAHhs.exe
2640	URsXRrw.exe
2668	XXQzrAO.exe
2472	ZGdlcXa.exe
1692	IaSmwHQ.exe
2568	YuAPNhA.exe
2732	KQPNrsQ.exe
2656	RXKBkFH.exe
3056	yUIccVu.exe
2584	YDxgWpV.exe

Loads dropped DLL 64 IoCs

pid	Process
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2216-0-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-3.dat	upx
behavioral1/files/0x0009000000017530-11.dat	upx
behavioral1/files/0x00080000000175ae-15.dat	upx
behavioral1/files/0x00060000000186c6-19.dat	upx
behavioral1/files/0x00060000000186ca-23.dat	upx
behavioral1/files/0x00060000000186cc-26.dat	upx
behavioral1/files/0x00060000000186d9-31.dat	upx
behavioral1/files/0x00060000000195d6-38.dat	upx
behavioral1/files/0x0005000000019604-40.dat	upx
behavioral1/files/0x0005000000019606-50.dat	upx
behavioral1/files/0x0005000000019c3c-91.dat	upx
behavioral1/files/0x0005000000019c57-98.dat	upx
behavioral1/files/0x0005000000019dbf-119.dat	upx
behavioral1/files/0x000500000001a07e-160.dat	upx
behavioral1/memory/2140-1128-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/1480-1442-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/3048-1409-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2108-1304-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2648-1263-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2600-1229-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2772-1168-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2912-1094-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2768-1036-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2804-951-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2972-905-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2828-862-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2836-823-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2752-786-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/files/0x000500000001a075-154.dat	upx
behavioral1/files/0x0005000000019f94-150.dat	upx
behavioral1/files/0x0005000000019f8a-145.dat	upx
behavioral1/files/0x0005000000019cca-118.dat	upx
behavioral1/files/0x0005000000019d8e-109.dat	upx
behavioral1/files/0x0005000000019cba-102.dat	upx
behavioral1/files/0x0005000000019c3e-94.dat	upx
behavioral1/files/0x0005000000019c34-86.dat	upx
behavioral1/files/0x0005000000019926-82.dat	upx
behavioral1/files/0x00050000000196a1-78.dat	upx
behavioral1/files/0x0005000000019667-74.dat	upx
behavioral1/files/0x000500000001961e-70.dat	upx
behavioral1/files/0x000500000001961c-67.dat	upx
behavioral1/files/0x000500000001960c-62.dat	upx
behavioral1/files/0x000500000001960a-58.dat	upx
behavioral1/files/0x0005000000019608-55.dat	upx
behavioral1/files/0x0005000000019605-47.dat	upx
behavioral1/files/0x0008000000018710-35.dat	upx
behavioral1/memory/2216-4083-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2108-4087-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2768-4089-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2836-4095-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2140-4094-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2600-4093-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2972-4091-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2772-4097-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2912-4096-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2752-4141-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/3048-4140-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2828-4139-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2648-4104-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2804-4098-0x000000013F440000-0x000000013F794000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\Ycsvubv.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffgAzFW.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvqHVJV.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vmbDAvQ.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MZKgzbF.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nFmGHJA.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eajbSyF.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AQhwLXf.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TEfLLRX.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QzIeXCZ.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfBnLbq.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLlHafG.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFzISxK.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dixkkHE.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vNjwEXd.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lRzWnbB.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aHokNgg.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mNZznNi.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZyXRkeP.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qyQXiuq.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RssuFvt.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\edSWUpC.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RDwsFOJ.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jHEBBce.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UItDQDE.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wXHHmvu.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oVDpKBR.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFzpWYJ.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYyNoFW.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ItRTPje.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jiATZId.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpAbuCE.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PlxqXQV.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BlIbMLV.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SAzieTV.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oLlUYqM.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GoaPaZO.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ToLswws.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMTGLSV.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YqXpnjh.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUMbBtw.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hyhBEXd.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xQNUnxR.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QhafVFT.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNjyfSF.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STAfDdH.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uOfyILQ.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QXgrgUt.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESVMuUE.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLLxMZn.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IKfxmUE.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IfRxEQD.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLweCVG.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRZXPMG.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KUhQQcA.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtocWNk.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\POIeZpo.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DYxlAEd.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EjsxwxV.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iWKRvbo.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dQVsfdf.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RQurgpN.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fzGkWsx.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLTyZPB.exe	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 1480	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2216 wrote to memory of 1480	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2216 wrote to memory of 1480	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2216 wrote to memory of 2752	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2216 wrote to memory of 2752	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2216 wrote to memory of 2752	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2216 wrote to memory of 2836	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2216 wrote to memory of 2836	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2216 wrote to memory of 2836	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2216 wrote to memory of 2828	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2216 wrote to memory of 2828	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2216 wrote to memory of 2828	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2216 wrote to memory of 2972	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2216 wrote to memory of 2972	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2216 wrote to memory of 2972	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2216 wrote to memory of 2804	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2216 wrote to memory of 2804	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2216 wrote to memory of 2804	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2216 wrote to memory of 2768	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2216 wrote to memory of 2768	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2216 wrote to memory of 2768	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2216 wrote to memory of 2912	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2216 wrote to memory of 2912	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2216 wrote to memory of 2912	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2216 wrote to memory of 2140	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2216 wrote to memory of 2140	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2216 wrote to memory of 2140	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2216 wrote to memory of 2772	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2216 wrote to memory of 2772	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2216 wrote to memory of 2772	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2216 wrote to memory of 2600	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2216 wrote to memory of 2600	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2216 wrote to memory of 2600	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2216 wrote to memory of 2648	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2216 wrote to memory of 2648	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2216 wrote to memory of 2648	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2216 wrote to memory of 2108	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2216 wrote to memory of 2108	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2216 wrote to memory of 2108	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2216 wrote to memory of 3048	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2216 wrote to memory of 3048	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2216 wrote to memory of 3048	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2216 wrote to memory of 320	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2216 wrote to memory of 320	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2216 wrote to memory of 320	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2216 wrote to memory of 2944	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2216 wrote to memory of 2944	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2216 wrote to memory of 2944	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2216 wrote to memory of 1900	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2216 wrote to memory of 1900	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2216 wrote to memory of 1900	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2216 wrote to memory of 892	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2216 wrote to memory of 892	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2216 wrote to memory of 892	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2216 wrote to memory of 1320	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2216 wrote to memory of 1320	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2216 wrote to memory of 1320	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2216 wrote to memory of 2580	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2216 wrote to memory of 2580	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2216 wrote to memory of 2580	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2216 wrote to memory of 2148	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2216 wrote to memory of 2148	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2216 wrote to memory of 2148	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2216 wrote to memory of 536	2216	2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-28_780de7441a4c488352de5c406a12dab8_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\System\OXrxyAz.exe
  C:\Windows\System\OXrxyAz.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\uYEuBhy.exe
  C:\Windows\System\uYEuBhy.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\OZxTtud.exe
  C:\Windows\System\OZxTtud.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\FOsEFjS.exe
  C:\Windows\System\FOsEFjS.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\XXgZIpe.exe
  C:\Windows\System\XXgZIpe.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\wqdnoUM.exe
  C:\Windows\System\wqdnoUM.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\OgMJhWK.exe
  C:\Windows\System\OgMJhWK.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\ZjjArGo.exe
  C:\Windows\System\ZjjArGo.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\NEGPNds.exe
  C:\Windows\System\NEGPNds.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\NqrNhLL.exe
  C:\Windows\System\NqrNhLL.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\ICouZQz.exe
  C:\Windows\System\ICouZQz.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\uEcGLog.exe
  C:\Windows\System\uEcGLog.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\TwCvIjS.exe
  C:\Windows\System\TwCvIjS.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\YkyXVQZ.exe
  C:\Windows\System\YkyXVQZ.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\BXXyYCg.exe
  C:\Windows\System\BXXyYCg.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\IeloWLF.exe
  C:\Windows\System\IeloWLF.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\ldjVqYI.exe
  C:\Windows\System\ldjVqYI.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\fqyaWgH.exe
  C:\Windows\System\fqyaWgH.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\fZLNgjz.exe
  C:\Windows\System\fZLNgjz.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\DZpItzR.exe
  C:\Windows\System\DZpItzR.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\CWCRiKk.exe
  C:\Windows\System\CWCRiKk.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\FfPpCTZ.exe
  C:\Windows\System\FfPpCTZ.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\QWZNesK.exe
  C:\Windows\System\QWZNesK.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\prKOZng.exe
  C:\Windows\System\prKOZng.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\rzdkDCb.exe
  C:\Windows\System\rzdkDCb.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\ukGYKYd.exe
  C:\Windows\System\ukGYKYd.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\SDQkhXt.exe
  C:\Windows\System\SDQkhXt.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\FOFCgxF.exe
  C:\Windows\System\FOFCgxF.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\SfBnLbq.exe
  C:\Windows\System\SfBnLbq.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\JZKThrO.exe
  C:\Windows\System\JZKThrO.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\BlIbMLV.exe
  C:\Windows\System\BlIbMLV.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\JLTyZPB.exe
  C:\Windows\System\JLTyZPB.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\JilcOpl.exe
  C:\Windows\System\JilcOpl.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\JLIGRGy.exe
  C:\Windows\System\JLIGRGy.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\FMoQXVV.exe
  C:\Windows\System\FMoQXVV.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\EydXafn.exe
  C:\Windows\System\EydXafn.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\RjCHJkG.exe
  C:\Windows\System\RjCHJkG.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\PCzoOYD.exe
  C:\Windows\System\PCzoOYD.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\NJlDTYK.exe
  C:\Windows\System\NJlDTYK.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\opmmcZY.exe
  C:\Windows\System\opmmcZY.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\NSHEuIy.exe
  C:\Windows\System\NSHEuIy.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\MbTaTIR.exe
  C:\Windows\System\MbTaTIR.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\lWqYudF.exe
  C:\Windows\System\lWqYudF.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\IjdXDeN.exe
  C:\Windows\System\IjdXDeN.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\MMUBFXJ.exe
  C:\Windows\System\MMUBFXJ.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\dTdhNKZ.exe
  C:\Windows\System\dTdhNKZ.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\XeefIQJ.exe
  C:\Windows\System\XeefIQJ.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\hPRNLUD.exe
  C:\Windows\System\hPRNLUD.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\haZfrdD.exe
  C:\Windows\System\haZfrdD.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\KUHYFfg.exe
  C:\Windows\System\KUHYFfg.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\HxrVZzx.exe
  C:\Windows\System\HxrVZzx.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\gxUAHhs.exe
  C:\Windows\System\gxUAHhs.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\VRLFnOr.exe
  C:\Windows\System\VRLFnOr.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\ZGdlcXa.exe
  C:\Windows\System\ZGdlcXa.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\HaGujah.exe
  C:\Windows\System\HaGujah.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\IaSmwHQ.exe
  C:\Windows\System\IaSmwHQ.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\lnbOkka.exe
  C:\Windows\System\lnbOkka.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\KQPNrsQ.exe
  C:\Windows\System\KQPNrsQ.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\URsXRrw.exe
  C:\Windows\System\URsXRrw.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\RXKBkFH.exe
  C:\Windows\System\RXKBkFH.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\XXQzrAO.exe
  C:\Windows\System\XXQzrAO.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\yUIccVu.exe
  C:\Windows\System\yUIccVu.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\YuAPNhA.exe
  C:\Windows\System\YuAPNhA.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\YDxgWpV.exe
  C:\Windows\System\YDxgWpV.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\ELAuUWq.exe
  C:\Windows\System\ELAuUWq.exe
  2⤵
  PID:2156
- C:\Windows\System\WqzwcfU.exe
  C:\Windows\System\WqzwcfU.exe
  2⤵
  PID:2176
- C:\Windows\System\yzKOzGc.exe
  C:\Windows\System\yzKOzGc.exe
  2⤵
  PID:2560
- C:\Windows\System\wFsdZkb.exe
  C:\Windows\System\wFsdZkb.exe
  2⤵
  PID:2444
- C:\Windows\System\vCxFPNV.exe
  C:\Windows\System\vCxFPNV.exe
  2⤵
  PID:2236
- C:\Windows\System\mUGQKxV.exe
  C:\Windows\System\mUGQKxV.exe
  2⤵
  PID:2388
- C:\Windows\System\vzPvekb.exe
  C:\Windows\System\vzPvekb.exe
  2⤵
  PID:2212
- C:\Windows\System\RGhPBUg.exe
  C:\Windows\System\RGhPBUg.exe
  2⤵
  PID:1880
- C:\Windows\System\jwHElKs.exe
  C:\Windows\System\jwHElKs.exe
  2⤵
  PID:2104
- C:\Windows\System\FXCqgdm.exe
  C:\Windows\System\FXCqgdm.exe
  2⤵
  PID:1636
- C:\Windows\System\vqGnkbQ.exe
  C:\Windows\System\vqGnkbQ.exe
  2⤵
  PID:1812
- C:\Windows\System\uAriDPv.exe
  C:\Windows\System\uAriDPv.exe
  2⤵
  PID:564
- C:\Windows\System\CQsEEFa.exe
  C:\Windows\System\CQsEEFa.exe
  2⤵
  PID:2224
- C:\Windows\System\seqzkSK.exe
  C:\Windows\System\seqzkSK.exe
  2⤵
  PID:1700
- C:\Windows\System\DMxxcwz.exe
  C:\Windows\System\DMxxcwz.exe
  2⤵
  PID:980
- C:\Windows\System\tFMQXWN.exe
  C:\Windows\System\tFMQXWN.exe
  2⤵
  PID:972
- C:\Windows\System\EXSCjwG.exe
  C:\Windows\System\EXSCjwG.exe
  2⤵
  PID:3004
- C:\Windows\System\QNsGQPm.exe
  C:\Windows\System\QNsGQPm.exe
  2⤵
  PID:2548
- C:\Windows\System\HLIoyxf.exe
  C:\Windows\System\HLIoyxf.exe
  2⤵
  PID:3036
- C:\Windows\System\ZZDrxFX.exe
  C:\Windows\System\ZZDrxFX.exe
  2⤵
  PID:1580
- C:\Windows\System\bJWyPJF.exe
  C:\Windows\System\bJWyPJF.exe
  2⤵
  PID:2880
- C:\Windows\System\JUPFKym.exe
  C:\Windows\System\JUPFKym.exe
  2⤵
  PID:2632
- C:\Windows\System\spJDaxP.exe
  C:\Windows\System\spJDaxP.exe
  2⤵
  PID:2112
- C:\Windows\System\ARUbtNH.exe
  C:\Windows\System\ARUbtNH.exe
  2⤵
  PID:1240
- C:\Windows\System\DTOJCme.exe
  C:\Windows\System\DTOJCme.exe
  2⤵
  PID:868
- C:\Windows\System\urmvBrF.exe
  C:\Windows\System\urmvBrF.exe
  2⤵
  PID:2288
- C:\Windows\System\EdDoYzf.exe
  C:\Windows\System\EdDoYzf.exe
  2⤵
  PID:2024
- C:\Windows\System\cSbrTXE.exe
  C:\Windows\System\cSbrTXE.exe
  2⤵
  PID:1992
- C:\Windows\System\XpnGJxW.exe
  C:\Windows\System\XpnGJxW.exe
  2⤵
  PID:2616
- C:\Windows\System\AbWPvsU.exe
  C:\Windows\System\AbWPvsU.exe
  2⤵
  PID:3068
- C:\Windows\System\IWpuzTc.exe
  C:\Windows\System\IWpuzTc.exe
  2⤵
  PID:2484
- C:\Windows\System\rzUrclf.exe
  C:\Windows\System\rzUrclf.exe
  2⤵
  PID:2424
- C:\Windows\System\AFaCWsh.exe
  C:\Windows\System\AFaCWsh.exe
  2⤵
  PID:916
- C:\Windows\System\LmEKEDy.exe
  C:\Windows\System\LmEKEDy.exe
  2⤵
  PID:2248
- C:\Windows\System\rbdIEbV.exe
  C:\Windows\System\rbdIEbV.exe
  2⤵
  PID:2192
- C:\Windows\System\VFhqVKR.exe
  C:\Windows\System\VFhqVKR.exe
  2⤵
  PID:1008
- C:\Windows\System\mdGitgN.exe
  C:\Windows\System\mdGitgN.exe
  2⤵
  PID:2936
- C:\Windows\System\SAzieTV.exe
  C:\Windows\System\SAzieTV.exe
  2⤵
  PID:2120
- C:\Windows\System\pyeEcgW.exe
  C:\Windows\System\pyeEcgW.exe
  2⤵
  PID:2536
- C:\Windows\System\SmRjphl.exe
  C:\Windows\System\SmRjphl.exe
  2⤵
  PID:1720
- C:\Windows\System\aNyjmQt.exe
  C:\Windows\System\aNyjmQt.exe
  2⤵
  PID:1220
- C:\Windows\System\lrBbQuo.exe
  C:\Windows\System\lrBbQuo.exe
  2⤵
  PID:2292
- C:\Windows\System\IivNOsB.exe
  C:\Windows\System\IivNOsB.exe
  2⤵
  PID:2964
- C:\Windows\System\PNtKrtC.exe
  C:\Windows\System\PNtKrtC.exe
  2⤵
  PID:1268
- C:\Windows\System\dVLoAfa.exe
  C:\Windows\System\dVLoAfa.exe
  2⤵
  PID:1576
- C:\Windows\System\xXvQNcx.exe
  C:\Windows\System\xXvQNcx.exe
  2⤵
  PID:1972
- C:\Windows\System\zDYDjTm.exe
  C:\Windows\System\zDYDjTm.exe
  2⤵
  PID:2948
- C:\Windows\System\vRKJOLv.exe
  C:\Windows\System\vRKJOLv.exe
  2⤵
  PID:2072
- C:\Windows\System\epEtFyy.exe
  C:\Windows\System\epEtFyy.exe
  2⤵
  PID:3080
- C:\Windows\System\RFmKCjA.exe
  C:\Windows\System\RFmKCjA.exe
  2⤵
  PID:3096
- C:\Windows\System\JTiifHr.exe
  C:\Windows\System\JTiifHr.exe
  2⤵
  PID:3112
- C:\Windows\System\ItRTPje.exe
  C:\Windows\System\ItRTPje.exe
  2⤵
  PID:3128
- C:\Windows\System\jXNRlBI.exe
  C:\Windows\System\jXNRlBI.exe
  2⤵
  PID:3148
- C:\Windows\System\KOUyfXT.exe
  C:\Windows\System\KOUyfXT.exe
  2⤵
  PID:3164
- C:\Windows\System\SanvvpV.exe
  C:\Windows\System\SanvvpV.exe
  2⤵
  PID:3184
- C:\Windows\System\MoURQrh.exe
  C:\Windows\System\MoURQrh.exe
  2⤵
  PID:3200
- C:\Windows\System\NRSSTPU.exe
  C:\Windows\System\NRSSTPU.exe
  2⤵
  PID:3216
- C:\Windows\System\iWKRvbo.exe
  C:\Windows\System\iWKRvbo.exe
  2⤵
  PID:3232
- C:\Windows\System\qvBqVkK.exe
  C:\Windows\System\qvBqVkK.exe
  2⤵
  PID:3260
- C:\Windows\System\rsaEIjN.exe
  C:\Windows\System\rsaEIjN.exe
  2⤵
  PID:3284
- C:\Windows\System\yejjYQv.exe
  C:\Windows\System\yejjYQv.exe
  2⤵
  PID:3304
- C:\Windows\System\BEdXOqD.exe
  C:\Windows\System\BEdXOqD.exe
  2⤵
  PID:3324
- C:\Windows\System\NbAqiyf.exe
  C:\Windows\System\NbAqiyf.exe
  2⤵
  PID:3344
- C:\Windows\System\LalNbHo.exe
  C:\Windows\System\LalNbHo.exe
  2⤵
  PID:3368
- C:\Windows\System\wiRVezr.exe
  C:\Windows\System\wiRVezr.exe
  2⤵
  PID:3388
- C:\Windows\System\lLshhlb.exe
  C:\Windows\System\lLshhlb.exe
  2⤵
  PID:3412
- C:\Windows\System\STUIPau.exe
  C:\Windows\System\STUIPau.exe
  2⤵
  PID:3428
- C:\Windows\System\qEFArwd.exe
  C:\Windows\System\qEFArwd.exe
  2⤵
  PID:3452
- C:\Windows\System\APxQcJz.exe
  C:\Windows\System\APxQcJz.exe
  2⤵
  PID:3480
- C:\Windows\System\LiiqYRs.exe
  C:\Windows\System\LiiqYRs.exe
  2⤵
  PID:3496
- C:\Windows\System\uhmCDku.exe
  C:\Windows\System\uhmCDku.exe
  2⤵
  PID:3512
- C:\Windows\System\uoZKFWT.exe
  C:\Windows\System\uoZKFWT.exe
  2⤵
  PID:3528
- C:\Windows\System\LJkadVd.exe
  C:\Windows\System\LJkadVd.exe
  2⤵
  PID:3556
- C:\Windows\System\vJMWebZ.exe
  C:\Windows\System\vJMWebZ.exe
  2⤵
  PID:3576
- C:\Windows\System\iEebpCN.exe
  C:\Windows\System\iEebpCN.exe
  2⤵
  PID:3596
- C:\Windows\System\dQVsfdf.exe
  C:\Windows\System\dQVsfdf.exe
  2⤵
  PID:3616
- C:\Windows\System\KyIUGbG.exe
  C:\Windows\System\KyIUGbG.exe
  2⤵
  PID:3636
- C:\Windows\System\wTycDDc.exe
  C:\Windows\System\wTycDDc.exe
  2⤵
  PID:3652
- C:\Windows\System\MKKZydQ.exe
  C:\Windows\System\MKKZydQ.exe
  2⤵
  PID:3668
- C:\Windows\System\rDYEXpd.exe
  C:\Windows\System\rDYEXpd.exe
  2⤵
  PID:3688
- C:\Windows\System\KyCQfyq.exe
  C:\Windows\System\KyCQfyq.exe
  2⤵
  PID:3712
- C:\Windows\System\KDkpcRk.exe
  C:\Windows\System\KDkpcRk.exe
  2⤵
  PID:3732
- C:\Windows\System\HmYqLPs.exe
  C:\Windows\System\HmYqLPs.exe
  2⤵
  PID:3764
- C:\Windows\System\qNIXHcm.exe
  C:\Windows\System\qNIXHcm.exe
  2⤵
  PID:3784
- C:\Windows\System\OPwKOgz.exe
  C:\Windows\System\OPwKOgz.exe
  2⤵
  PID:3804
- C:\Windows\System\PhCvzTd.exe
  C:\Windows\System\PhCvzTd.exe
  2⤵
  PID:3824
- C:\Windows\System\OvAufXy.exe
  C:\Windows\System\OvAufXy.exe
  2⤵
  PID:3840
- C:\Windows\System\SYjoMMy.exe
  C:\Windows\System\SYjoMMy.exe
  2⤵
  PID:3860
- C:\Windows\System\CUDkdzE.exe
  C:\Windows\System\CUDkdzE.exe
  2⤵
  PID:3880
- C:\Windows\System\TlsCiqt.exe
  C:\Windows\System\TlsCiqt.exe
  2⤵
  PID:3896
- C:\Windows\System\KSjTxAw.exe
  C:\Windows\System\KSjTxAw.exe
  2⤵
  PID:3924
- C:\Windows\System\ZmJxLAl.exe
  C:\Windows\System\ZmJxLAl.exe
  2⤵
  PID:3940
- C:\Windows\System\EpjEyAa.exe
  C:\Windows\System\EpjEyAa.exe
  2⤵
  PID:3960
- C:\Windows\System\eJOkVDD.exe
  C:\Windows\System\eJOkVDD.exe
  2⤵
  PID:3980
- C:\Windows\System\PSVBiRl.exe
  C:\Windows\System\PSVBiRl.exe
  2⤵
  PID:4000
- C:\Windows\System\SxjDufW.exe
  C:\Windows\System\SxjDufW.exe
  2⤵
  PID:4016
- C:\Windows\System\ytOqTKz.exe
  C:\Windows\System\ytOqTKz.exe
  2⤵
  PID:4032
- C:\Windows\System\NLyRZXa.exe
  C:\Windows\System\NLyRZXa.exe
  2⤵
  PID:4048
- C:\Windows\System\uEwEMRq.exe
  C:\Windows\System\uEwEMRq.exe
  2⤵
  PID:4064
- C:\Windows\System\vBtVdHU.exe
  C:\Windows\System\vBtVdHU.exe
  2⤵
  PID:4080
- C:\Windows\System\btoJoYD.exe
  C:\Windows\System\btoJoYD.exe
  2⤵
  PID:2092
- C:\Windows\System\YqXpnjh.exe
  C:\Windows\System\YqXpnjh.exe
  2⤵
  PID:2012
- C:\Windows\System\QWXtKjb.exe
  C:\Windows\System\QWXtKjb.exe
  2⤵
  PID:2468
- C:\Windows\System\NFuwhpO.exe
  C:\Windows\System\NFuwhpO.exe
  2⤵
  PID:2228
- C:\Windows\System\lftwHrc.exe
  C:\Windows\System\lftwHrc.exe
  2⤵
  PID:3124
- C:\Windows\System\jJxeXQz.exe
  C:\Windows\System\jJxeXQz.exe
  2⤵
  PID:3160
- C:\Windows\System\gniNtfC.exe
  C:\Windows\System\gniNtfC.exe
  2⤵
  PID:3196
- C:\Windows\System\BjtzQNZ.exe
  C:\Windows\System\BjtzQNZ.exe
  2⤵
  PID:3276
- C:\Windows\System\PIwVxrY.exe
  C:\Windows\System\PIwVxrY.exe
  2⤵
  PID:1608
- C:\Windows\System\wrYnkUX.exe
  C:\Windows\System\wrYnkUX.exe
  2⤵
  PID:400
- C:\Windows\System\JZdwflc.exe
  C:\Windows\System\JZdwflc.exe
  2⤵
  PID:1384
- C:\Windows\System\hexUfHG.exe
  C:\Windows\System\hexUfHG.exe
  2⤵
  PID:2724
- C:\Windows\System\NvoHdpb.exe
  C:\Windows\System\NvoHdpb.exe
  2⤵
  PID:2040
- C:\Windows\System\BYHCKcU.exe
  C:\Windows\System\BYHCKcU.exe
  2⤵
  PID:3136
- C:\Windows\System\osahfYl.exe
  C:\Windows\System\osahfYl.exe
  2⤵
  PID:3360
- C:\Windows\System\LhOEGPf.exe
  C:\Windows\System\LhOEGPf.exe
  2⤵
  PID:3404
- C:\Windows\System\Coqgmst.exe
  C:\Windows\System\Coqgmst.exe
  2⤵
  PID:3172
- C:\Windows\System\CLfUOlT.exe
  C:\Windows\System\CLfUOlT.exe
  2⤵
  PID:3212
- C:\Windows\System\XDQFMnz.exe
  C:\Windows\System\XDQFMnz.exe
  2⤵
  PID:3252
- C:\Windows\System\twhQyzi.exe
  C:\Windows\System\twhQyzi.exe
  2⤵
  PID:3384
- C:\Windows\System\XQsDDDB.exe
  C:\Windows\System\XQsDDDB.exe
  2⤵
  PID:3380
- C:\Windows\System\frLrOKE.exe
  C:\Windows\System\frLrOKE.exe
  2⤵
  PID:3488
- C:\Windows\System\xXxxkgn.exe
  C:\Windows\System\xXxxkgn.exe
  2⤵
  PID:3564
- C:\Windows\System\cuaBAOI.exe
  C:\Windows\System\cuaBAOI.exe
  2⤵
  PID:3464
- C:\Windows\System\mGvfIoB.exe
  C:\Windows\System\mGvfIoB.exe
  2⤵
  PID:3540
- C:\Windows\System\eQrChIc.exe
  C:\Windows\System\eQrChIc.exe
  2⤵
  PID:3608
- C:\Windows\System\hYYTERZ.exe
  C:\Windows\System\hYYTERZ.exe
  2⤵
  PID:3504
- C:\Windows\System\GQCMWBu.exe
  C:\Windows\System\GQCMWBu.exe
  2⤵
  PID:3648
- C:\Windows\System\LFxpGBZ.exe
  C:\Windows\System\LFxpGBZ.exe
  2⤵
  PID:3628
- C:\Windows\System\CVWZiEB.exe
  C:\Windows\System\CVWZiEB.exe
  2⤵
  PID:3780
- C:\Windows\System\nardSmM.exe
  C:\Windows\System\nardSmM.exe
  2⤵
  PID:3812
- C:\Windows\System\WzkowWl.exe
  C:\Windows\System\WzkowWl.exe
  2⤵
  PID:3852
- C:\Windows\System\ietWcJJ.exe
  C:\Windows\System\ietWcJJ.exe
  2⤵
  PID:3624
- C:\Windows\System\aLuqcuV.exe
  C:\Windows\System\aLuqcuV.exe
  2⤵
  PID:3660
- C:\Windows\System\wUNqVWG.exe
  C:\Windows\System\wUNqVWG.exe
  2⤵
  PID:3756
- C:\Windows\System\DkHdIUy.exe
  C:\Windows\System\DkHdIUy.exe
  2⤵
  PID:3796
- C:\Windows\System\plsZumk.exe
  C:\Windows\System\plsZumk.exe
  2⤵
  PID:3972
- C:\Windows\System\xeKVChY.exe
  C:\Windows\System\xeKVChY.exe
  2⤵
  PID:4012
- C:\Windows\System\uxULOal.exe
  C:\Windows\System\uxULOal.exe
  2⤵
  PID:3872
- C:\Windows\System\egqTMVJ.exe
  C:\Windows\System\egqTMVJ.exe
  2⤵
  PID:3912
- C:\Windows\System\OCWPHud.exe
  C:\Windows\System\OCWPHud.exe
  2⤵
  PID:3956
- C:\Windows\System\hyhBEXd.exe
  C:\Windows\System\hyhBEXd.exe
  2⤵
  PID:2172
- C:\Windows\System\YUzfkvf.exe
  C:\Windows\System\YUzfkvf.exe
  2⤵
  PID:2208
- C:\Windows\System\FLqqKFM.exe
  C:\Windows\System\FLqqKFM.exe
  2⤵
  PID:3988
- C:\Windows\System\TkFzpXk.exe
  C:\Windows\System\TkFzpXk.exe
  2⤵
  PID:4088
- C:\Windows\System\YzSnTMa.exe
  C:\Windows\System\YzSnTMa.exe
  2⤵
  PID:4024
- C:\Windows\System\oktXClA.exe
  C:\Windows\System\oktXClA.exe
  2⤵
  PID:2436
- C:\Windows\System\CGZppZg.exe
  C:\Windows\System\CGZppZg.exe
  2⤵
  PID:2036
- C:\Windows\System\EjblUDv.exe
  C:\Windows\System\EjblUDv.exe
  2⤵
  PID:2496
- C:\Windows\System\gJhdMyV.exe
  C:\Windows\System\gJhdMyV.exe
  2⤵
  PID:3192
- C:\Windows\System\GGTOMAn.exe
  C:\Windows\System\GGTOMAn.exe
  2⤵
  PID:2520
- C:\Windows\System\ONpASWx.exe
  C:\Windows\System\ONpASWx.exe
  2⤵
  PID:3316
- C:\Windows\System\XVLrWnn.exe
  C:\Windows\System\XVLrWnn.exe
  2⤵
  PID:3396
- C:\Windows\System\oAHgKJN.exe
  C:\Windows\System\oAHgKJN.exe
  2⤵
  PID:3340
- C:\Windows\System\uRxFFgm.exe
  C:\Windows\System\uRxFFgm.exe
  2⤵
  PID:3460
- C:\Windows\System\NiyEbeb.exe
  C:\Windows\System\NiyEbeb.exe
  2⤵
  PID:3592
- C:\Windows\System\TOYJOCt.exe
  C:\Windows\System\TOYJOCt.exe
  2⤵
  PID:3868
- C:\Windows\System\SjpiFFz.exe
  C:\Windows\System\SjpiFFz.exe
  2⤵
  PID:1524
- C:\Windows\System\AbBiSVH.exe
  C:\Windows\System\AbBiSVH.exe
  2⤵
  PID:4028
- C:\Windows\System\eeHKSyE.exe
  C:\Windows\System\eeHKSyE.exe
  2⤵
  PID:2184
- C:\Windows\System\KUqyFSS.exe
  C:\Windows\System\KUqyFSS.exe
  2⤵
  PID:3300
- C:\Windows\System\cDhjQgW.exe
  C:\Windows\System\cDhjQgW.exe
  2⤵
  PID:4108
- C:\Windows\System\NLlHafG.exe
  C:\Windows\System\NLlHafG.exe
  2⤵
  PID:4124
- C:\Windows\System\VwBRxmt.exe
  C:\Windows\System\VwBRxmt.exe
  2⤵
  PID:4140
- C:\Windows\System\Vjwbdxp.exe
  C:\Windows\System\Vjwbdxp.exe
  2⤵
  PID:4156
- C:\Windows\System\czfJNyb.exe
  C:\Windows\System\czfJNyb.exe
  2⤵
  PID:4172
- C:\Windows\System\tDowFdq.exe
  C:\Windows\System\tDowFdq.exe
  2⤵
  PID:4188
- C:\Windows\System\wudYTxr.exe
  C:\Windows\System\wudYTxr.exe
  2⤵
  PID:4204
- C:\Windows\System\PCfFULi.exe
  C:\Windows\System\PCfFULi.exe
  2⤵
  PID:4220
- C:\Windows\System\CJXZQOh.exe
  C:\Windows\System\CJXZQOh.exe
  2⤵
  PID:4236
- C:\Windows\System\YWvwHfW.exe
  C:\Windows\System\YWvwHfW.exe
  2⤵
  PID:4252
- C:\Windows\System\KFoohMa.exe
  C:\Windows\System\KFoohMa.exe
  2⤵
  PID:4268
- C:\Windows\System\WBSCNod.exe
  C:\Windows\System\WBSCNod.exe
  2⤵
  PID:4284
- C:\Windows\System\RLNrBKG.exe
  C:\Windows\System\RLNrBKG.exe
  2⤵
  PID:4300
- C:\Windows\System\OrSanQT.exe
  C:\Windows\System\OrSanQT.exe
  2⤵
  PID:4316
- C:\Windows\System\kxqeHOZ.exe
  C:\Windows\System\kxqeHOZ.exe
  2⤵
  PID:4332
- C:\Windows\System\vpzvQnN.exe
  C:\Windows\System\vpzvQnN.exe
  2⤵
  PID:4348
- C:\Windows\System\iduqkkk.exe
  C:\Windows\System\iduqkkk.exe
  2⤵
  PID:4364
- C:\Windows\System\bPwkGIj.exe
  C:\Windows\System\bPwkGIj.exe
  2⤵
  PID:4380
- C:\Windows\System\sCfKLCV.exe
  C:\Windows\System\sCfKLCV.exe
  2⤵
  PID:4396
- C:\Windows\System\pDQLpDG.exe
  C:\Windows\System\pDQLpDG.exe
  2⤵
  PID:4412
- C:\Windows\System\QMybGRA.exe
  C:\Windows\System\QMybGRA.exe
  2⤵
  PID:4428
- C:\Windows\System\jAcwGmD.exe
  C:\Windows\System\jAcwGmD.exe
  2⤵
  PID:4444
- C:\Windows\System\HvHdYDL.exe
  C:\Windows\System\HvHdYDL.exe
  2⤵
  PID:4460
- C:\Windows\System\zfLNECP.exe
  C:\Windows\System\zfLNECP.exe
  2⤵
  PID:4476
- C:\Windows\System\NFhYzqQ.exe
  C:\Windows\System\NFhYzqQ.exe
  2⤵
  PID:4492
- C:\Windows\System\IwyDBoA.exe
  C:\Windows\System\IwyDBoA.exe
  2⤵
  PID:4508
- C:\Windows\System\nApWsgl.exe
  C:\Windows\System\nApWsgl.exe
  2⤵
  PID:4524
- C:\Windows\System\LlRmLpm.exe
  C:\Windows\System\LlRmLpm.exe
  2⤵
  PID:4540
- C:\Windows\System\iUMbBtw.exe
  C:\Windows\System\iUMbBtw.exe
  2⤵
  PID:4556
- C:\Windows\System\sBUwWuw.exe
  C:\Windows\System\sBUwWuw.exe
  2⤵
  PID:4572
- C:\Windows\System\iDBTLUg.exe
  C:\Windows\System\iDBTLUg.exe
  2⤵
  PID:4588
- C:\Windows\System\ZRNthSF.exe
  C:\Windows\System\ZRNthSF.exe
  2⤵
  PID:4604
- C:\Windows\System\vVqZVji.exe
  C:\Windows\System\vVqZVji.exe
  2⤵
  PID:4620
- C:\Windows\System\syJdLrO.exe
  C:\Windows\System\syJdLrO.exe
  2⤵
  PID:4636
- C:\Windows\System\wDUxzuW.exe
  C:\Windows\System\wDUxzuW.exe
  2⤵
  PID:4652
- C:\Windows\System\Jskrzuz.exe
  C:\Windows\System\Jskrzuz.exe
  2⤵
  PID:4668
- C:\Windows\System\AVKeweY.exe
  C:\Windows\System\AVKeweY.exe
  2⤵
  PID:4688
- C:\Windows\System\pLUDMGc.exe
  C:\Windows\System\pLUDMGc.exe
  2⤵
  PID:4708
- C:\Windows\System\BaaaGfc.exe
  C:\Windows\System\BaaaGfc.exe
  2⤵
  PID:4724
- C:\Windows\System\yWwFoRI.exe
  C:\Windows\System\yWwFoRI.exe
  2⤵
  PID:4740
- C:\Windows\System\MJnzVYe.exe
  C:\Windows\System\MJnzVYe.exe
  2⤵
  PID:4756
- C:\Windows\System\nfzddZN.exe
  C:\Windows\System\nfzddZN.exe
  2⤵
  PID:4772
- C:\Windows\System\GwrXavQ.exe
  C:\Windows\System\GwrXavQ.exe
  2⤵
  PID:4788
- C:\Windows\System\GJdqKwU.exe
  C:\Windows\System\GJdqKwU.exe
  2⤵
  PID:4804
- C:\Windows\System\yUokkkC.exe
  C:\Windows\System\yUokkkC.exe
  2⤵
  PID:4820
- C:\Windows\System\eWoeqcc.exe
  C:\Windows\System\eWoeqcc.exe
  2⤵
  PID:4836
- C:\Windows\System\IRZXPMG.exe
  C:\Windows\System\IRZXPMG.exe
  2⤵
  PID:4852
- C:\Windows\System\aLwTbFz.exe
  C:\Windows\System\aLwTbFz.exe
  2⤵
  PID:4868
- C:\Windows\System\vNWIlej.exe
  C:\Windows\System\vNWIlej.exe
  2⤵
  PID:4884
- C:\Windows\System\pAYjUTf.exe
  C:\Windows\System\pAYjUTf.exe
  2⤵
  PID:4900
- C:\Windows\System\QGBvXtP.exe
  C:\Windows\System\QGBvXtP.exe
  2⤵
  PID:4916
- C:\Windows\System\EpkHwLI.exe
  C:\Windows\System\EpkHwLI.exe
  2⤵
  PID:4932
- C:\Windows\System\vybpDHv.exe
  C:\Windows\System\vybpDHv.exe
  2⤵
  PID:4948
- C:\Windows\System\SppwKmJ.exe
  C:\Windows\System\SppwKmJ.exe
  2⤵
  PID:4964
- C:\Windows\System\iVHnrQL.exe
  C:\Windows\System\iVHnrQL.exe
  2⤵
  PID:4988
- C:\Windows\System\PVPkqJI.exe
  C:\Windows\System\PVPkqJI.exe
  2⤵
  PID:5004
- C:\Windows\System\GOMNdIU.exe
  C:\Windows\System\GOMNdIU.exe
  2⤵
  PID:5020
- C:\Windows\System\duJywJC.exe
  C:\Windows\System\duJywJC.exe
  2⤵
  PID:5036
- C:\Windows\System\XGDgITz.exe
  C:\Windows\System\XGDgITz.exe
  2⤵
  PID:5052
- C:\Windows\System\OijtzBP.exe
  C:\Windows\System\OijtzBP.exe
  2⤵
  PID:5068
- C:\Windows\System\dRDdFNO.exe
  C:\Windows\System\dRDdFNO.exe
  2⤵
  PID:5084
- C:\Windows\System\AQhwLXf.exe
  C:\Windows\System\AQhwLXf.exe
  2⤵
  PID:5100
- C:\Windows\System\eAlkVQh.exe
  C:\Windows\System\eAlkVQh.exe
  2⤵
  PID:5116
- C:\Windows\System\pwGLPAX.exe
  C:\Windows\System\pwGLPAX.exe
  2⤵
  PID:2852
- C:\Windows\System\foCwrwO.exe
  C:\Windows\System\foCwrwO.exe
  2⤵
  PID:2860
- C:\Windows\System\oVDpKBR.exe
  C:\Windows\System\oVDpKBR.exe
  2⤵
  PID:3292
- C:\Windows\System\NjcruTT.exe
  C:\Windows\System\NjcruTT.exe
  2⤵
  PID:3684
- C:\Windows\System\QwhfFli.exe
  C:\Windows\System\QwhfFli.exe
  2⤵
  PID:3724
- C:\Windows\System\IZriHTa.exe
  C:\Windows\System\IZriHTa.exe
  2⤵
  PID:3664
- C:\Windows\System\hjAIIwz.exe
  C:\Windows\System\hjAIIwz.exe
  2⤵
  PID:4008
- C:\Windows\System\dxZTMND.exe
  C:\Windows\System\dxZTMND.exe
  2⤵
  PID:3228
- C:\Windows\System\ohJEidd.exe
  C:\Windows\System\ohJEidd.exe
  2⤵
  PID:4136
- C:\Windows\System\BfmSRRD.exe
  C:\Windows\System\BfmSRRD.exe
  2⤵
  PID:3352
- C:\Windows\System\hgVGTmW.exe
  C:\Windows\System\hgVGTmW.exe
  2⤵
  PID:3108
- C:\Windows\System\xvvSDlU.exe
  C:\Windows\System\xvvSDlU.exe
  2⤵
  PID:3092
- C:\Windows\System\hNTigQh.exe
  C:\Windows\System\hNTigQh.exe
  2⤵
  PID:1676
- C:\Windows\System\ZvyJyPi.exe
  C:\Windows\System\ZvyJyPi.exe
  2⤵
  PID:3920
- C:\Windows\System\VRWNAqI.exe
  C:\Windows\System\VRWNAqI.exe
  2⤵
  PID:3968
- C:\Windows\System\PCgTCCw.exe
  C:\Windows\System\PCgTCCw.exe
  2⤵
  PID:3892
- C:\Windows\System\swVntqe.exe
  C:\Windows\System\swVntqe.exe
  2⤵
  PID:3680
- C:\Windows\System\sgqZVRw.exe
  C:\Windows\System\sgqZVRw.exe
  2⤵
  PID:3472
- C:\Windows\System\XgsyHgl.exe
  C:\Windows\System\XgsyHgl.exe
  2⤵
  PID:3440
- C:\Windows\System\fmrIUSp.exe
  C:\Windows\System\fmrIUSp.exe
  2⤵
  PID:1040
- C:\Windows\System\pgDEKfC.exe
  C:\Windows\System\pgDEKfC.exe
  2⤵
  PID:4196
- C:\Windows\System\VJFDWTi.exe
  C:\Windows\System\VJFDWTi.exe
  2⤵
  PID:4260
- C:\Windows\System\KUhQQcA.exe
  C:\Windows\System\KUhQQcA.exe
  2⤵
  PID:4152
- C:\Windows\System\RfOaHkD.exe
  C:\Windows\System\RfOaHkD.exe
  2⤵
  PID:4184
- C:\Windows\System\CVgolbq.exe
  C:\Windows\System\CVgolbq.exe
  2⤵
  PID:4244
- C:\Windows\System\TSURrBr.exe
  C:\Windows\System\TSURrBr.exe
  2⤵
  PID:4328
- C:\Windows\System\VAkwVpF.exe
  C:\Windows\System\VAkwVpF.exe
  2⤵
  PID:4392
- C:\Windows\System\VfMZynQ.exe
  C:\Windows\System\VfMZynQ.exe
  2⤵
  PID:4308
- C:\Windows\System\MaRrAWa.exe
  C:\Windows\System\MaRrAWa.exe
  2⤵
  PID:4344
- C:\Windows\System\koQRtkN.exe
  C:\Windows\System\koQRtkN.exe
  2⤵
  PID:4408
- C:\Windows\System\lavaxBI.exe
  C:\Windows\System\lavaxBI.exe
  2⤵
  PID:4520
- C:\Windows\System\jhupUjF.exe
  C:\Windows\System\jhupUjF.exe
  2⤵
  PID:4584
- C:\Windows\System\BBdjaRL.exe
  C:\Windows\System\BBdjaRL.exe
  2⤵
  PID:4568
- C:\Windows\System\soQAChs.exe
  C:\Windows\System\soQAChs.exe
  2⤵
  PID:4536
- C:\Windows\System\aMkJPTf.exe
  C:\Windows\System\aMkJPTf.exe
  2⤵
  PID:4600
- C:\Windows\System\quvvOwK.exe
  C:\Windows\System\quvvOwK.exe
  2⤵
  PID:4676
- C:\Windows\System\UzoHEuA.exe
  C:\Windows\System\UzoHEuA.exe
  2⤵
  PID:4748
- C:\Windows\System\kvZYcUU.exe
  C:\Windows\System\kvZYcUU.exe
  2⤵
  PID:4732
- C:\Windows\System\kpCqTVj.exe
  C:\Windows\System\kpCqTVj.exe
  2⤵
  PID:4696
- C:\Windows\System\nWYWilr.exe
  C:\Windows\System\nWYWilr.exe
  2⤵
  PID:4784
- C:\Windows\System\WLgzuXW.exe
  C:\Windows\System\WLgzuXW.exe
  2⤵
  PID:4816
- C:\Windows\System\wGlMDyk.exe
  C:\Windows\System\wGlMDyk.exe
  2⤵
  PID:4876
- C:\Windows\System\UgYjyNQ.exe
  C:\Windows\System\UgYjyNQ.exe
  2⤵
  PID:4860
- C:\Windows\System\gUwglPV.exe
  C:\Windows\System\gUwglPV.exe
  2⤵
  PID:4940
- C:\Windows\System\AZiLwPC.exe
  C:\Windows\System\AZiLwPC.exe
  2⤵
  PID:4944
- C:\Windows\System\tqzESfu.exe
  C:\Windows\System\tqzESfu.exe
  2⤵
  PID:4960
- C:\Windows\System\TIAJuDy.exe
  C:\Windows\System\TIAJuDy.exe
  2⤵
  PID:4996
- C:\Windows\System\kBqAfUt.exe
  C:\Windows\System\kBqAfUt.exe
  2⤵
  PID:5028
- C:\Windows\System\kFGwdig.exe
  C:\Windows\System\kFGwdig.exe
  2⤵
  PID:5080
- C:\Windows\System\PNHdhpN.exe
  C:\Windows\System\PNHdhpN.exe
  2⤵
  PID:3272
- C:\Windows\System\DuUTpur.exe
  C:\Windows\System\DuUTpur.exe
  2⤵
  PID:5096
- C:\Windows\System\NexGXjL.exe
  C:\Windows\System\NexGXjL.exe
  2⤵
  PID:3296
- C:\Windows\System\kpKAHWM.exe
  C:\Windows\System\kpKAHWM.exe
  2⤵
  PID:4076
- C:\Windows\System\JYiexSS.exe
  C:\Windows\System\JYiexSS.exe
  2⤵
  PID:3400
- C:\Windows\System\wzTHtTZ.exe
  C:\Windows\System\wzTHtTZ.exe
  2⤵
  PID:2796
- C:\Windows\System\KvUtaTV.exe
  C:\Windows\System\KvUtaTV.exe
  2⤵
  PID:3744
- C:\Windows\System\uabJgRi.exe
  C:\Windows\System\uabJgRi.exe
  2⤵
  PID:1528
- C:\Windows\System\FpShagL.exe
  C:\Windows\System\FpShagL.exe
  2⤵
  PID:3700
- C:\Windows\System\Gdybxdf.exe
  C:\Windows\System\Gdybxdf.exe
  2⤵
  PID:3492
- C:\Windows\System\IeAhOlE.exe
  C:\Windows\System\IeAhOlE.exe
  2⤵
  PID:4228
- C:\Windows\System\RQvEYQG.exe
  C:\Windows\System\RQvEYQG.exe
  2⤵
  PID:4168
- C:\Windows\System\LseyBLW.exe
  C:\Windows\System\LseyBLW.exe
  2⤵
  PID:4280
- C:\Windows\System\XZErRcc.exe
  C:\Windows\System\XZErRcc.exe
  2⤵
  PID:4424
- C:\Windows\System\PdMpTDT.exe
  C:\Windows\System\PdMpTDT.exe
  2⤵
  PID:4404
- C:\Windows\System\GnVueUZ.exe
  C:\Windows\System\GnVueUZ.exe
  2⤵
  PID:4580
- C:\Windows\System\rkkInZt.exe
  C:\Windows\System\rkkInZt.exe
  2⤵
  PID:4616
- C:\Windows\System\JUbKKsc.exe
  C:\Windows\System\JUbKKsc.exe
  2⤵
  PID:4632
- C:\Windows\System\PDzOrCX.exe
  C:\Windows\System\PDzOrCX.exe
  2⤵
  PID:4844
- C:\Windows\System\jaIzAJL.exe
  C:\Windows\System\jaIzAJL.exe
  2⤵
  PID:4504
- C:\Windows\System\BYKQWtf.exe
  C:\Windows\System\BYKQWtf.exe
  2⤵
  PID:4720
- C:\Windows\System\LkQhrZt.exe
  C:\Windows\System\LkQhrZt.exe
  2⤵
  PID:4972
- C:\Windows\System\ZyXRkeP.exe
  C:\Windows\System\ZyXRkeP.exe
  2⤵
  PID:4800
- C:\Windows\System\zkyUtWK.exe
  C:\Windows\System\zkyUtWK.exe
  2⤵
  PID:1800
- C:\Windows\System\dzHnknJ.exe
  C:\Windows\System\dzHnknJ.exe
  2⤵
  PID:4832
- C:\Windows\System\TflLmOt.exe
  C:\Windows\System\TflLmOt.exe
  2⤵
  PID:4928
- C:\Windows\System\LqWeyBQ.exe
  C:\Windows\System\LqWeyBQ.exe
  2⤵
  PID:5132
- C:\Windows\System\kuMZFpK.exe
  C:\Windows\System\kuMZFpK.exe
  2⤵
  PID:5148
- C:\Windows\System\fUejMBx.exe
  C:\Windows\System\fUejMBx.exe
  2⤵
  PID:5164
- C:\Windows\System\zPGWmGL.exe
  C:\Windows\System\zPGWmGL.exe
  2⤵
  PID:5180
- C:\Windows\System\vikPjGG.exe
  C:\Windows\System\vikPjGG.exe
  2⤵
  PID:5196
- C:\Windows\System\TnXtWMv.exe
  C:\Windows\System\TnXtWMv.exe
  2⤵
  PID:5212
- C:\Windows\System\aZkPRub.exe
  C:\Windows\System\aZkPRub.exe
  2⤵
  PID:5228
- C:\Windows\System\zLpajdW.exe
  C:\Windows\System\zLpajdW.exe
  2⤵
  PID:5244
- C:\Windows\System\SDzgxZu.exe
  C:\Windows\System\SDzgxZu.exe
  2⤵
  PID:5260
- C:\Windows\System\VvRRvmW.exe
  C:\Windows\System\VvRRvmW.exe
  2⤵
  PID:5276
- C:\Windows\System\oyfRfIn.exe
  C:\Windows\System\oyfRfIn.exe
  2⤵
  PID:5292
- C:\Windows\System\TBkhrYu.exe
  C:\Windows\System\TBkhrYu.exe
  2⤵
  PID:5308
- C:\Windows\System\IiwmSAz.exe
  C:\Windows\System\IiwmSAz.exe
  2⤵
  PID:5324
- C:\Windows\System\EMCYvCg.exe
  C:\Windows\System\EMCYvCg.exe
  2⤵
  PID:5340
- C:\Windows\System\ChSkmdN.exe
  C:\Windows\System\ChSkmdN.exe
  2⤵
  PID:5356
- C:\Windows\System\BmMcMWV.exe
  C:\Windows\System\BmMcMWV.exe
  2⤵
  PID:5372
- C:\Windows\System\lxLZcdc.exe
  C:\Windows\System\lxLZcdc.exe
  2⤵
  PID:5388
- C:\Windows\System\CpGogmW.exe
  C:\Windows\System\CpGogmW.exe
  2⤵
  PID:5404
- C:\Windows\System\VdoceNE.exe
  C:\Windows\System\VdoceNE.exe
  2⤵
  PID:5424
- C:\Windows\System\RHemFTK.exe
  C:\Windows\System\RHemFTK.exe
  2⤵
  PID:5444
- C:\Windows\System\cRgqniq.exe
  C:\Windows\System\cRgqniq.exe
  2⤵
  PID:5460
- C:\Windows\System\IoQDzem.exe
  C:\Windows\System\IoQDzem.exe
  2⤵
  PID:5476
- C:\Windows\System\rFzpWYJ.exe
  C:\Windows\System\rFzpWYJ.exe
  2⤵
  PID:5492
- C:\Windows\System\NdAUaQo.exe
  C:\Windows\System\NdAUaQo.exe
  2⤵
  PID:5508
- C:\Windows\System\GemmeES.exe
  C:\Windows\System\GemmeES.exe
  2⤵
  PID:5524
- C:\Windows\System\LxZHIbt.exe
  C:\Windows\System\LxZHIbt.exe
  2⤵
  PID:5540
- C:\Windows\System\jiATZId.exe
  C:\Windows\System\jiATZId.exe
  2⤵
  PID:5556
- C:\Windows\System\OMnZfdU.exe
  C:\Windows\System\OMnZfdU.exe
  2⤵
  PID:5572
- C:\Windows\System\SoiqRwc.exe
  C:\Windows\System\SoiqRwc.exe
  2⤵
  PID:5588
- C:\Windows\System\JYABNTB.exe
  C:\Windows\System\JYABNTB.exe
  2⤵
  PID:5604
- C:\Windows\System\cudQLxW.exe
  C:\Windows\System\cudQLxW.exe
  2⤵
  PID:5620
- C:\Windows\System\qyrDjRg.exe
  C:\Windows\System\qyrDjRg.exe
  2⤵
  PID:5636
- C:\Windows\System\tsZqQSg.exe
  C:\Windows\System\tsZqQSg.exe
  2⤵
  PID:5652
- C:\Windows\System\iQVEsWA.exe
  C:\Windows\System\iQVEsWA.exe
  2⤵
  PID:5668
- C:\Windows\System\HNtZcQf.exe
  C:\Windows\System\HNtZcQf.exe
  2⤵
  PID:5684
- C:\Windows\System\aiAiZgN.exe
  C:\Windows\System\aiAiZgN.exe
  2⤵
  PID:5700
- C:\Windows\System\xwxbCQn.exe
  C:\Windows\System\xwxbCQn.exe
  2⤵
  PID:5716
- C:\Windows\System\ZoUGBkv.exe
  C:\Windows\System\ZoUGBkv.exe
  2⤵
  PID:5732
- C:\Windows\System\cIxQocd.exe
  C:\Windows\System\cIxQocd.exe
  2⤵
  PID:5748
- C:\Windows\System\CKeVsAC.exe
  C:\Windows\System\CKeVsAC.exe
  2⤵
  PID:5764
- C:\Windows\System\FXRTDaF.exe
  C:\Windows\System\FXRTDaF.exe
  2⤵
  PID:5780
- C:\Windows\System\xHOoFOI.exe
  C:\Windows\System\xHOoFOI.exe
  2⤵
  PID:5796
- C:\Windows\System\KZXUBgD.exe
  C:\Windows\System\KZXUBgD.exe
  2⤵
  PID:5812
- C:\Windows\System\AmRSkqv.exe
  C:\Windows\System\AmRSkqv.exe
  2⤵
  PID:5828
- C:\Windows\System\nWOPftv.exe
  C:\Windows\System\nWOPftv.exe
  2⤵
  PID:5844
- C:\Windows\System\HUKgqve.exe
  C:\Windows\System\HUKgqve.exe
  2⤵
  PID:5860
- C:\Windows\System\sLykicm.exe
  C:\Windows\System\sLykicm.exe
  2⤵
  PID:5880
- C:\Windows\System\jqJateH.exe
  C:\Windows\System\jqJateH.exe
  2⤵
  PID:5896
- C:\Windows\System\oLlUYqM.exe
  C:\Windows\System\oLlUYqM.exe
  2⤵
  PID:5916
- C:\Windows\System\pBhPLic.exe
  C:\Windows\System\pBhPLic.exe
  2⤵
  PID:5932
- C:\Windows\System\LWMHevT.exe
  C:\Windows\System\LWMHevT.exe
  2⤵
  PID:5948
- C:\Windows\System\kvLPTGn.exe
  C:\Windows\System\kvLPTGn.exe
  2⤵
  PID:5964
- C:\Windows\System\VMVifuv.exe
  C:\Windows\System\VMVifuv.exe
  2⤵
  PID:5980
- C:\Windows\System\frgSVuN.exe
  C:\Windows\System\frgSVuN.exe
  2⤵
  PID:5996
- C:\Windows\System\POErDyz.exe
  C:\Windows\System\POErDyz.exe
  2⤵
  PID:6012
- C:\Windows\System\yeUegKX.exe
  C:\Windows\System\yeUegKX.exe
  2⤵
  PID:6028
- C:\Windows\System\dmOVJjY.exe
  C:\Windows\System\dmOVJjY.exe
  2⤵
  PID:6044
- C:\Windows\System\LLYWlmY.exe
  C:\Windows\System\LLYWlmY.exe
  2⤵
  PID:6060
- C:\Windows\System\WepDKmW.exe
  C:\Windows\System\WepDKmW.exe
  2⤵
  PID:6076
- C:\Windows\System\glrTEtJ.exe
  C:\Windows\System\glrTEtJ.exe
  2⤵
  PID:6092
- C:\Windows\System\bhqyCnP.exe
  C:\Windows\System\bhqyCnP.exe
  2⤵
  PID:6108
- C:\Windows\System\NPwtENQ.exe
  C:\Windows\System\NPwtENQ.exe
  2⤵
  PID:6124
- C:\Windows\System\FmenZSX.exe
  C:\Windows\System\FmenZSX.exe
  2⤵
  PID:3584
- C:\Windows\System\dFGjUuk.exe
  C:\Windows\System\dFGjUuk.exe
  2⤵
  PID:5060
- C:\Windows\System\nAcnmuJ.exe
  C:\Windows\System\nAcnmuJ.exe
  2⤵
  PID:3508
- C:\Windows\System\ESoDZyp.exe
  C:\Windows\System\ESoDZyp.exe
  2⤵
  PID:3792
- C:\Windows\System\AsSHGCR.exe
  C:\Windows\System\AsSHGCR.exe
  2⤵
  PID:4044
- C:\Windows\System\slmvwgY.exe
  C:\Windows\System\slmvwgY.exe
  2⤵
  PID:4660
- C:\Windows\System\ELZizmo.exe
  C:\Windows\System\ELZizmo.exe
  2⤵
  PID:4148
- C:\Windows\System\FedsDHP.exe
  C:\Windows\System\FedsDHP.exe
  2⤵
  PID:4716
- C:\Windows\System\FATIzzR.exe
  C:\Windows\System\FATIzzR.exe
  2⤵
  PID:4340
- C:\Windows\System\IMEOmFS.exe
  C:\Windows\System\IMEOmFS.exe
  2⤵
  PID:4468
- C:\Windows\System\LbTJbmF.exe
  C:\Windows\System\LbTJbmF.exe
  2⤵
  PID:2416
- C:\Windows\System\zEYhSqa.exe
  C:\Windows\System\zEYhSqa.exe
  2⤵
  PID:5156
- C:\Windows\System\bTwDhCR.exe
  C:\Windows\System\bTwDhCR.exe
  2⤵
  PID:5220
- C:\Windows\System\DuEnfKz.exe
  C:\Windows\System\DuEnfKz.exe
  2⤵
  PID:5112
- C:\Windows\System\kjTYKZC.exe
  C:\Windows\System\kjTYKZC.exe
  2⤵
  PID:5140
- C:\Windows\System\RgPltoe.exe
  C:\Windows\System\RgPltoe.exe
  2⤵
  PID:5204
- C:\Windows\System\uFNXzdk.exe
  C:\Windows\System\uFNXzdk.exe
  2⤵
  PID:5288
- C:\Windows\System\jLCfRLF.exe
  C:\Windows\System\jLCfRLF.exe
  2⤵
  PID:5352
- C:\Windows\System\UzReWhe.exe
  C:\Windows\System\UzReWhe.exe
  2⤵
  PID:1968
- C:\Windows\System\Melkibe.exe
  C:\Windows\System\Melkibe.exe
  2⤵
  PID:5304
- C:\Windows\System\xpQczwI.exe
  C:\Windows\System\xpQczwI.exe
  2⤵
  PID:5364
- C:\Windows\System\LcVTVSW.exe
  C:\Windows\System\LcVTVSW.exe
  2⤵
  PID:5456
- C:\Windows\System\CHMWUZj.exe
  C:\Windows\System\CHMWUZj.exe
  2⤵
  PID:5520
- C:\Windows\System\iYurJCr.exe
  C:\Windows\System\iYurJCr.exe
  2⤵
  PID:5432
- C:\Windows\System\RssuFvt.exe
  C:\Windows\System\RssuFvt.exe
  2⤵
  PID:5564
- C:\Windows\System\gQrxnkx.exe
  C:\Windows\System\gQrxnkx.exe
  2⤵
  PID:5532
- C:\Windows\System\MFUTOrl.exe
  C:\Windows\System\MFUTOrl.exe
  2⤵
  PID:5596
- C:\Windows\System\zRBybvx.exe
  C:\Windows\System\zRBybvx.exe
  2⤵
  PID:5628
- C:\Windows\System\xwbbbiN.exe
  C:\Windows\System\xwbbbiN.exe
  2⤵
  PID:5660
- C:\Windows\System\XbZuIAT.exe
  C:\Windows\System\XbZuIAT.exe
  2⤵
  PID:5712
- C:\Windows\System\GZeUveS.exe
  C:\Windows\System\GZeUveS.exe
  2⤵
  PID:5696
- C:\Windows\System\yxidBAD.exe
  C:\Windows\System\yxidBAD.exe
  2⤵
  PID:5772
- C:\Windows\System\ETiEqsH.exe
  C:\Windows\System\ETiEqsH.exe
  2⤵
  PID:5804
- C:\Windows\System\tzzPhdG.exe
  C:\Windows\System\tzzPhdG.exe
  2⤵
  PID:5820
- C:\Windows\System\NRdNDOE.exe
  C:\Windows\System\NRdNDOE.exe
  2⤵
  PID:5868
- C:\Windows\System\wZRcMhu.exe
  C:\Windows\System\wZRcMhu.exe
  2⤵
  PID:5904
- C:\Windows\System\PnLwacu.exe
  C:\Windows\System\PnLwacu.exe
  2⤵
  PID:5924
- C:\Windows\System\IlwUKny.exe
  C:\Windows\System\IlwUKny.exe
  2⤵
  PID:5956
- C:\Windows\System\SQpuTQA.exe
  C:\Windows\System\SQpuTQA.exe
  2⤵
  PID:5960
- C:\Windows\System\kTGydpb.exe
  C:\Windows\System\kTGydpb.exe
  2⤵
  PID:6020
- C:\Windows\System\xwynlji.exe
  C:\Windows\System\xwynlji.exe
  2⤵
  PID:6052
- C:\Windows\System\ehCOqHE.exe
  C:\Windows\System\ehCOqHE.exe
  2⤵
  PID:6084
- C:\Windows\System\vUggDEJ.exe
  C:\Windows\System\vUggDEJ.exe
  2⤵
  PID:6116
- C:\Windows\System\KrgbxyD.exe
  C:\Windows\System\KrgbxyD.exe
  2⤵
  PID:5064
- C:\Windows\System\SOVzZPC.exe
  C:\Windows\System\SOVzZPC.exe
  2⤵
  PID:3476
- C:\Windows\System\PCmbwTi.exe
  C:\Windows\System\PCmbwTi.exe
  2⤵
  PID:5048
- C:\Windows\System\xUirnIw.exe
  C:\Windows\System\xUirnIw.exe
  2⤵
  PID:4472
- C:\Windows\System\qpRotrw.exe
  C:\Windows\System\qpRotrw.exe
  2⤵
  PID:4564
- C:\Windows\System\oXIKZLc.exe
  C:\Windows\System\oXIKZLc.exe
  2⤵
  PID:4516
- C:\Windows\System\xhWFDDv.exe
  C:\Windows\System\xhWFDDv.exe
  2⤵
  PID:5236
- C:\Windows\System\OHpvrtI.exe
  C:\Windows\System\OHpvrtI.exe
  2⤵
  PID:5332
- C:\Windows\System\izxUZBF.exe
  C:\Windows\System\izxUZBF.exe
  2⤵
  PID:5488
- C:\Windows\System\edSWUpC.exe
  C:\Windows\System\edSWUpC.exe
  2⤵
  PID:5348
- C:\Windows\System\LMlNFDc.exe
  C:\Windows\System\LMlNFDc.exe
  2⤵
  PID:5568
- C:\Windows\System\XlsRCBg.exe
  C:\Windows\System\XlsRCBg.exe
  2⤵
  PID:5648
- C:\Windows\System\JHvWBeX.exe
  C:\Windows\System\JHvWBeX.exe
  2⤵
  PID:5452
- C:\Windows\System\FWuiJba.exe
  C:\Windows\System\FWuiJba.exe
  2⤵
  PID:5580
- C:\Windows\System\jaXlQly.exe
  C:\Windows\System\jaXlQly.exe
  2⤵
  PID:5708
- C:\Windows\System\hKsSszv.exe
  C:\Windows\System\hKsSszv.exe
  2⤵
  PID:5744
- C:\Windows\System\IieJhXs.exe
  C:\Windows\System\IieJhXs.exe
  2⤵
  PID:5840
- C:\Windows\System\pETQyeq.exe
  C:\Windows\System\pETQyeq.exe
  2⤵
  PID:5976
- C:\Windows\System\YmfCtKP.exe
  C:\Windows\System\YmfCtKP.exe
  2⤵
  PID:5852
- C:\Windows\System\hbrqjPG.exe
  C:\Windows\System\hbrqjPG.exe
  2⤵
  PID:6008
- C:\Windows\System\ROAvslQ.exe
  C:\Windows\System\ROAvslQ.exe
  2⤵
  PID:6072
- C:\Windows\System\myuiyJo.exe
  C:\Windows\System\myuiyJo.exe
  2⤵
  PID:6136
- C:\Windows\System\IJBbYuf.exe
  C:\Windows\System\IJBbYuf.exe
  2⤵
  PID:6164
- C:\Windows\System\yCCsiKo.exe
  C:\Windows\System\yCCsiKo.exe
  2⤵
  PID:6180
- C:\Windows\System\RcJRYrl.exe
  C:\Windows\System\RcJRYrl.exe
  2⤵
  PID:6196
- C:\Windows\System\oNycloS.exe
  C:\Windows\System\oNycloS.exe
  2⤵
  PID:6212
- C:\Windows\System\vAFejsu.exe
  C:\Windows\System\vAFejsu.exe
  2⤵
  PID:6228
- C:\Windows\System\RDwsFOJ.exe
  C:\Windows\System\RDwsFOJ.exe
  2⤵
  PID:6244
- C:\Windows\System\NdnUhRE.exe
  C:\Windows\System\NdnUhRE.exe
  2⤵
  PID:6260
- C:\Windows\System\UyYMLAj.exe
  C:\Windows\System\UyYMLAj.exe
  2⤵
  PID:6276
- C:\Windows\System\ijMNPmz.exe
  C:\Windows\System\ijMNPmz.exe
  2⤵
  PID:6292
- C:\Windows\System\qQmICtR.exe
  C:\Windows\System\qQmICtR.exe
  2⤵
  PID:6308
- C:\Windows\System\gHIojxp.exe
  C:\Windows\System\gHIojxp.exe
  2⤵
  PID:6324
- C:\Windows\System\fxdLXHY.exe
  C:\Windows\System\fxdLXHY.exe
  2⤵
  PID:6340
- C:\Windows\System\REfjHiJ.exe
  C:\Windows\System\REfjHiJ.exe
  2⤵
  PID:6356
- C:\Windows\System\kODKyOF.exe
  C:\Windows\System\kODKyOF.exe
  2⤵
  PID:6372
- C:\Windows\System\kTMEYnb.exe
  C:\Windows\System\kTMEYnb.exe
  2⤵
  PID:6388
- C:\Windows\System\ighpToW.exe
  C:\Windows\System\ighpToW.exe
  2⤵
  PID:6404
- C:\Windows\System\VFtlxcw.exe
  C:\Windows\System\VFtlxcw.exe
  2⤵
  PID:6420
- C:\Windows\System\WuXYpbi.exe
  C:\Windows\System\WuXYpbi.exe
  2⤵
  PID:6436
- C:\Windows\System\zmNXcsp.exe
  C:\Windows\System\zmNXcsp.exe
  2⤵
  PID:6452
- C:\Windows\System\zaYlJxW.exe
  C:\Windows\System\zaYlJxW.exe
  2⤵
  PID:6472
- C:\Windows\System\IKfxmUE.exe
  C:\Windows\System\IKfxmUE.exe
  2⤵
  PID:6492
- C:\Windows\System\IfRxEQD.exe
  C:\Windows\System\IfRxEQD.exe
  2⤵
  PID:6508
- C:\Windows\System\uExUXHR.exe
  C:\Windows\System\uExUXHR.exe
  2⤵
  PID:6524
- C:\Windows\System\BNjyfSF.exe
  C:\Windows\System\BNjyfSF.exe
  2⤵
  PID:6540
- C:\Windows\System\IJfKzFR.exe
  C:\Windows\System\IJfKzFR.exe
  2⤵
  PID:6556
- C:\Windows\System\mlGUnLV.exe
  C:\Windows\System\mlGUnLV.exe
  2⤵
  PID:6572
- C:\Windows\System\seijEch.exe
  C:\Windows\System\seijEch.exe
  2⤵
  PID:6588
- C:\Windows\System\xWFYeKK.exe
  C:\Windows\System\xWFYeKK.exe
  2⤵
  PID:6604
- C:\Windows\System\ijyLhZA.exe
  C:\Windows\System\ijyLhZA.exe
  2⤵
  PID:6620
- C:\Windows\System\ujsSjlf.exe
  C:\Windows\System\ujsSjlf.exe
  2⤵
  PID:6636
- C:\Windows\System\WDRJFEG.exe
  C:\Windows\System\WDRJFEG.exe
  2⤵
  PID:6652
- C:\Windows\System\GrhPwug.exe
  C:\Windows\System\GrhPwug.exe
  2⤵
  PID:6668
- C:\Windows\System\MWhGnFN.exe
  C:\Windows\System\MWhGnFN.exe
  2⤵
  PID:6684
- C:\Windows\System\PRglUVC.exe
  C:\Windows\System\PRglUVC.exe
  2⤵
  PID:6700
- C:\Windows\System\MzDjxUD.exe
  C:\Windows\System\MzDjxUD.exe
  2⤵
  PID:6716
- C:\Windows\System\qyQXiuq.exe
  C:\Windows\System\qyQXiuq.exe
  2⤵
  PID:6732
- C:\Windows\System\tHnTXUZ.exe
  C:\Windows\System\tHnTXUZ.exe
  2⤵
  PID:6748
- C:\Windows\System\nrPkWUu.exe
  C:\Windows\System\nrPkWUu.exe
  2⤵
  PID:6764
- C:\Windows\System\qGvXtMN.exe
  C:\Windows\System\qGvXtMN.exe
  2⤵
  PID:6780
- C:\Windows\System\OSPdViO.exe
  C:\Windows\System\OSPdViO.exe
  2⤵
  PID:6796
- C:\Windows\System\SxbTHGC.exe
  C:\Windows\System\SxbTHGC.exe
  2⤵
  PID:6812
- C:\Windows\System\kJjTkkC.exe
  C:\Windows\System\kJjTkkC.exe
  2⤵
  PID:6828
- C:\Windows\System\wBEeUNm.exe
  C:\Windows\System\wBEeUNm.exe
  2⤵
  PID:6844
- C:\Windows\System\UYafFlP.exe
  C:\Windows\System\UYafFlP.exe
  2⤵
  PID:6860
- C:\Windows\System\xpTBkfT.exe
  C:\Windows\System\xpTBkfT.exe
  2⤵
  PID:6876
- C:\Windows\System\wQvHyDR.exe
  C:\Windows\System\wQvHyDR.exe
  2⤵
  PID:6892
- C:\Windows\System\ZWzxcSL.exe
  C:\Windows\System\ZWzxcSL.exe
  2⤵
  PID:6908
- C:\Windows\System\clEsWXR.exe
  C:\Windows\System\clEsWXR.exe
  2⤵
  PID:6924
- C:\Windows\System\vPEjMka.exe
  C:\Windows\System\vPEjMka.exe
  2⤵
  PID:6940
- C:\Windows\System\jEgAeuv.exe
  C:\Windows\System\jEgAeuv.exe
  2⤵
  PID:6956
- C:\Windows\System\vzCxmAi.exe
  C:\Windows\System\vzCxmAi.exe
  2⤵
  PID:6972
- C:\Windows\System\oETlrNT.exe
  C:\Windows\System\oETlrNT.exe
  2⤵
  PID:6988
- C:\Windows\System\iNzbwmK.exe
  C:\Windows\System\iNzbwmK.exe
  2⤵
  PID:7004
- C:\Windows\System\KAAkHco.exe
  C:\Windows\System\KAAkHco.exe
  2⤵
  PID:7020
- C:\Windows\System\jnZcGAe.exe
  C:\Windows\System\jnZcGAe.exe
  2⤵
  PID:7036
- C:\Windows\System\GEFjugA.exe
  C:\Windows\System\GEFjugA.exe
  2⤵
  PID:7052
- C:\Windows\System\dQAYAAg.exe
  C:\Windows\System\dQAYAAg.exe
  2⤵
  PID:7068
- C:\Windows\System\HGeczsg.exe
  C:\Windows\System\HGeczsg.exe
  2⤵
  PID:7084
- C:\Windows\System\pHGyscQ.exe
  C:\Windows\System\pHGyscQ.exe
  2⤵
  PID:7100
- C:\Windows\System\KPllbbw.exe
  C:\Windows\System\KPllbbw.exe
  2⤵
  PID:7116
- C:\Windows\System\XAVOyKu.exe
  C:\Windows\System\XAVOyKu.exe
  2⤵
  PID:7132
- C:\Windows\System\jySRbot.exe
  C:\Windows\System\jySRbot.exe
  2⤵
  PID:7148
- C:\Windows\System\QepvIsW.exe
  C:\Windows\System\QepvIsW.exe
  2⤵
  PID:7164
- C:\Windows\System\gRsJcQs.exe
  C:\Windows\System\gRsJcQs.exe
  2⤵
  PID:4116
- C:\Windows\System\oHuWbeJ.exe
  C:\Windows\System\oHuWbeJ.exe
  2⤵
  PID:5188
- C:\Windows\System\AlonCjx.exe
  C:\Windows\System\AlonCjx.exe
  2⤵
  PID:4924
- C:\Windows\System\jEjpVkA.exe
  C:\Windows\System\jEjpVkA.exe
  2⤵
  PID:5320
- C:\Windows\System\mupmQZW.exe
  C:\Windows\System\mupmQZW.exe
  2⤵
  PID:5612
- C:\Windows\System\JmcdaOx.exe
  C:\Windows\System\JmcdaOx.exe
  2⤵
  PID:5644
- C:\Windows\System\HQFumqq.exe
  C:\Windows\System\HQFumqq.exe
  2⤵
  PID:5760
- C:\Windows\System\UkUhAZm.exe
  C:\Windows\System\UkUhAZm.exe
  2⤵
  PID:5824
- C:\Windows\System\UqbwfZp.exe
  C:\Windows\System\UqbwfZp.exe
  2⤵
  PID:6132
- C:\Windows\System\YRHsDTr.exe
  C:\Windows\System\YRHsDTr.exe
  2⤵
  PID:6176
- C:\Windows\System\EpAbuCE.exe
  C:\Windows\System\EpAbuCE.exe
  2⤵
  PID:6240
- C:\Windows\System\nFmGHJA.exe
  C:\Windows\System\nFmGHJA.exe
  2⤵
  PID:6300
- C:\Windows\System\zSiAKuF.exe
  C:\Windows\System\zSiAKuF.exe
  2⤵
  PID:6364
- C:\Windows\System\eZxrERU.exe
  C:\Windows\System\eZxrERU.exe
  2⤵
  PID:6160
- C:\Windows\System\tXNrMLI.exe
  C:\Windows\System\tXNrMLI.exe
  2⤵
  PID:6428
- C:\Windows\System\CmYvUIN.exe
  C:\Windows\System\CmYvUIN.exe
  2⤵
  PID:6284
- C:\Windows\System\jxzKuIj.exe
  C:\Windows\System\jxzKuIj.exe
  2⤵
  PID:2872
- C:\Windows\System\bWnSflw.exe
  C:\Windows\System\bWnSflw.exe
  2⤵
  PID:6532
- C:\Windows\System\GdwHNbj.exe
  C:\Windows\System\GdwHNbj.exe
  2⤵
  PID:6596
- C:\Windows\System\jLLCfKw.exe
  C:\Windows\System\jLLCfKw.exe
  2⤵
  PID:6348
- C:\Windows\System\MTPLAYq.exe
  C:\Windows\System\MTPLAYq.exe
  2⤵
  PID:6384
- C:\Windows\System\cXtsIUb.exe
  C:\Windows\System\cXtsIUb.exe
  2⤵
  PID:6628
- C:\Windows\System\PlkfjXb.exe
  C:\Windows\System\PlkfjXb.exe
  2⤵
  PID:6664
- C:\Windows\System\VIfPSaJ.exe
  C:\Windows\System\VIfPSaJ.exe
  2⤵
  PID:6724
- C:\Windows\System\pcPZfhF.exe
  C:\Windows\System\pcPZfhF.exe
  2⤵
  PID:6516
- C:\Windows\System\wgkOqiF.exe
  C:\Windows\System\wgkOqiF.exe
  2⤵
  PID:6612
- C:\Windows\System\dFMnJeO.exe
  C:\Windows\System\dFMnJeO.exe
  2⤵
  PID:6548
- C:\Windows\System\mSIsgFF.exe
  C:\Windows\System\mSIsgFF.exe
  2⤵
  PID:6792
- C:\Windows\System\cVDKpgY.exe
  C:\Windows\System\cVDKpgY.exe
  2⤵
  PID:6680
- C:\Windows\System\beOKHPa.exe
  C:\Windows\System\beOKHPa.exe
  2⤵
  PID:6744
- C:\Windows\System\DscPmUj.exe
  C:\Windows\System\DscPmUj.exe
  2⤵
  PID:6856
- C:\Windows\System\woTDWSu.exe
  C:\Windows\System\woTDWSu.exe
  2⤵
  PID:6884
- C:\Windows\System\swNcIxx.exe
  C:\Windows\System\swNcIxx.exe
  2⤵
  PID:6948
- C:\Windows\System\obcUzlz.exe
  C:\Windows\System\obcUzlz.exe
  2⤵
  PID:7012
- C:\Windows\System\suMHppF.exe
  C:\Windows\System\suMHppF.exe
  2⤵
  PID:6936
- C:\Windows\System\PcKhejU.exe
  C:\Windows\System\PcKhejU.exe
  2⤵
  PID:6872
- C:\Windows\System\DdRIliw.exe
  C:\Windows\System\DdRIliw.exe
  2⤵
  PID:6964
- C:\Windows\System\waRoZrC.exe
  C:\Windows\System\waRoZrC.exe
  2⤵
  PID:7076
- C:\Windows\System\ePGZhsK.exe
  C:\Windows\System\ePGZhsK.exe
  2⤵
  PID:7092
- C:\Windows\System\WtocWNk.exe
  C:\Windows\System\WtocWNk.exe
  2⤵
  PID:7140
- C:\Windows\System\dTnxsFW.exe
  C:\Windows\System\dTnxsFW.exe
  2⤵
  PID:7128
- C:\Windows\System\SneLmxY.exe
  C:\Windows\System\SneLmxY.exe
  2⤵
  PID:5384
- C:\Windows\System\gSunaud.exe
  C:\Windows\System\gSunaud.exe
  2⤵
  PID:5176
- C:\Windows\System\XWwsSdN.exe
  C:\Windows\System\XWwsSdN.exe
  2⤵
  PID:5728
- C:\Windows\System\UtLpqRo.exe
  C:\Windows\System\UtLpqRo.exe
  2⤵
  PID:5616
- C:\Windows\System\RQPVpsx.exe
  C:\Windows\System\RQPVpsx.exe
  2⤵
  PID:6172
- C:\Windows\System\TPSlYmO.exe
  C:\Windows\System\TPSlYmO.exe
  2⤵
  PID:6236
- C:\Windows\System\GgpXECo.exe
  C:\Windows\System\GgpXECo.exe
  2⤵
  PID:6272
- C:\Windows\System\ltZsyff.exe
  C:\Windows\System\ltZsyff.exe
  2⤵
  PID:2868
- C:\Windows\System\qqoQYhJ.exe
  C:\Windows\System\qqoQYhJ.exe
  2⤵
  PID:6400
- C:\Windows\System\fJXWeZy.exe
  C:\Windows\System\fJXWeZy.exe
  2⤵
  PID:6500
- C:\Windows\System\ZypJZUT.exe
  C:\Windows\System\ZypJZUT.exe
  2⤵
  PID:6380
- C:\Windows\System\gLgWCjG.exe
  C:\Windows\System\gLgWCjG.exe
  2⤵
  PID:6660
- C:\Windows\System\PPVboWm.exe
  C:\Windows\System\PPVboWm.exe
  2⤵
  PID:6520
- C:\Windows\System\phGaXbQ.exe
  C:\Windows\System\phGaXbQ.exe
  2⤵
  PID:6616
- C:\Windows\System\TEfLLRX.exe
  C:\Windows\System\TEfLLRX.exe
  2⤵
  PID:6788
- C:\Windows\System\JMykRCB.exe
  C:\Windows\System\JMykRCB.exe
  2⤵
  PID:6712
- C:\Windows\System\sIqhJHt.exe
  C:\Windows\System\sIqhJHt.exe
  2⤵
  PID:6836
- C:\Windows\System\gaTwXkz.exe
  C:\Windows\System\gaTwXkz.exe
  2⤵
  PID:7028
- C:\Windows\System\POIeZpo.exe
  C:\Windows\System\POIeZpo.exe
  2⤵
  PID:6900
- C:\Windows\System\rBWYcyP.exe
  C:\Windows\System\rBWYcyP.exe
  2⤵
  PID:7180
- C:\Windows\System\kVIkMgv.exe
  C:\Windows\System\kVIkMgv.exe
  2⤵
  PID:7196
- C:\Windows\System\XMqgdlj.exe
  C:\Windows\System\XMqgdlj.exe
  2⤵
  PID:7212
- C:\Windows\System\elRDJBV.exe
  C:\Windows\System\elRDJBV.exe
  2⤵
  PID:7228
- C:\Windows\System\aNHSSvh.exe
  C:\Windows\System\aNHSSvh.exe
  2⤵
  PID:7244
- C:\Windows\System\kzYjUmz.exe
  C:\Windows\System\kzYjUmz.exe
  2⤵
  PID:7260
- C:\Windows\System\ccNAjnL.exe
  C:\Windows\System\ccNAjnL.exe
  2⤵
  PID:7280
- C:\Windows\System\NuQpwdr.exe
  C:\Windows\System\NuQpwdr.exe
  2⤵
  PID:7452
- C:\Windows\System\jHEBBce.exe
  C:\Windows\System\jHEBBce.exe
  2⤵
  PID:7476
- C:\Windows\System\yFfKSvq.exe
  C:\Windows\System\yFfKSvq.exe
  2⤵
  PID:7496
- C:\Windows\System\aQzqyWX.exe
  C:\Windows\System\aQzqyWX.exe
  2⤵
  PID:7532
- C:\Windows\System\CHNYwTf.exe
  C:\Windows\System\CHNYwTf.exe
  2⤵
  PID:7556
- C:\Windows\System\sLrGBHH.exe
  C:\Windows\System\sLrGBHH.exe
  2⤵
  PID:7572
- C:\Windows\System\PxGhNMu.exe
  C:\Windows\System\PxGhNMu.exe
  2⤵
  PID:7600
- C:\Windows\System\ViDnuBb.exe
  C:\Windows\System\ViDnuBb.exe
  2⤵
  PID:7616
- C:\Windows\System\GoaPaZO.exe
  C:\Windows\System\GoaPaZO.exe
  2⤵
  PID:7632
- C:\Windows\System\YwLOarI.exe
  C:\Windows\System\YwLOarI.exe
  2⤵
  PID:7648
- C:\Windows\System\mOIJhtO.exe
  C:\Windows\System\mOIJhtO.exe
  2⤵
  PID:7664
- C:\Windows\System\eqtUBQS.exe
  C:\Windows\System\eqtUBQS.exe
  2⤵
  PID:2800
- C:\Windows\System\KWgYEoZ.exe
  C:\Windows\System\KWgYEoZ.exe
  2⤵
  PID:6804
- C:\Windows\System\UljizEI.exe
  C:\Windows\System\UljizEI.exe
  2⤵
  PID:7176
- C:\Windows\System\rodvUCa.exe
  C:\Windows\System\rodvUCa.exe
  2⤵
  PID:7240
- C:\Windows\System\VktQWtq.exe
  C:\Windows\System\VktQWtq.exe
  2⤵
  PID:7112
- C:\Windows\System\DfbrKzf.exe
  C:\Windows\System\DfbrKzf.exe
  2⤵
  PID:2740
- C:\Windows\System\wICiTav.exe
  C:\Windows\System\wICiTav.exe
  2⤵
  PID:1856
- C:\Windows\System\qNfUiqj.exe
  C:\Windows\System\qNfUiqj.exe
  2⤵
  PID:6352
- C:\Windows\System\TBdkcuC.exe
  C:\Windows\System\TBdkcuC.exe
  2⤵
  PID:6916
- C:\Windows\System\ClkmCQj.exe
  C:\Windows\System\ClkmCQj.exe
  2⤵
  PID:1764
- C:\Windows\System\WlQESZc.exe
  C:\Windows\System\WlQESZc.exe
  2⤵
  PID:2056
- C:\Windows\System\JxnxrjI.exe
  C:\Windows\System\JxnxrjI.exe
  2⤵
  PID:7292
- C:\Windows\System\MBdnrrx.exe
  C:\Windows\System\MBdnrrx.exe
  2⤵
  PID:7340
- C:\Windows\System\MhgMOeg.exe
  C:\Windows\System\MhgMOeg.exe
  2⤵
  PID:7412
- C:\Windows\System\KQQBMBs.exe
  C:\Windows\System\KQQBMBs.exe
  2⤵
  PID:7428
- C:\Windows\System\MlCaGIN.exe
  C:\Windows\System\MlCaGIN.exe
  2⤵
  PID:7188
- C:\Windows\System\NHBLQHo.exe
  C:\Windows\System\NHBLQHo.exe
  2⤵
  PID:7440
- C:\Windows\System\BSNabag.exe
  C:\Windows\System\BSNabag.exe
  2⤵
  PID:7464
- C:\Windows\System\yUAdPlN.exe
  C:\Windows\System\yUAdPlN.exe
  2⤵
  PID:7656
- C:\Windows\System\kqFiuZN.exe
  C:\Windows\System\kqFiuZN.exe
  2⤵
  PID:7660
- C:\Windows\System\TnXFWYP.exe
  C:\Windows\System\TnXFWYP.exe
  2⤵
  PID:768
- C:\Windows\System\QAkKpbc.exe
  C:\Windows\System\QAkKpbc.exe
  2⤵
  PID:6580
- C:\Windows\System\UElVOkQ.exe
  C:\Windows\System\UElVOkQ.exe
  2⤵
  PID:7712
- C:\Windows\System\OMkJPhc.exe
  C:\Windows\System\OMkJPhc.exe
  2⤵
  PID:7728
- C:\Windows\System\Uurtmcz.exe
  C:\Windows\System\Uurtmcz.exe
  2⤵
  PID:7748
- C:\Windows\System\hdNHkkd.exe
  C:\Windows\System\hdNHkkd.exe
  2⤵
  PID:7800
- C:\Windows\System\MaYmZVd.exe
  C:\Windows\System\MaYmZVd.exe
  2⤵
  PID:7816
- C:\Windows\System\AQjGwEN.exe
  C:\Windows\System\AQjGwEN.exe
  2⤵
  PID:7836
- C:\Windows\System\yTswRjG.exe
  C:\Windows\System\yTswRjG.exe
  2⤵
  PID:7856
- C:\Windows\System\qBzAOZz.exe
  C:\Windows\System\qBzAOZz.exe
  2⤵
  PID:2996
- C:\Windows\System\jvTbMTM.exe
  C:\Windows\System\jvTbMTM.exe
  2⤵
  PID:6468
- C:\Windows\System\YQrpLPJ.exe
  C:\Windows\System\YQrpLPJ.exe
  2⤵
  PID:7408
- C:\Windows\System\DjWLItK.exe
  C:\Windows\System\DjWLItK.exe
  2⤵
  PID:2684
- C:\Windows\System\ttfWBJn.exe
  C:\Windows\System\ttfWBJn.exe
  2⤵
  PID:8212
- C:\Windows\System\ToLswws.exe
  C:\Windows\System\ToLswws.exe
  2⤵
  PID:8244
- C:\Windows\System\SoWYrrw.exe
  C:\Windows\System\SoWYrrw.exe
  2⤵
  PID:8268
- C:\Windows\System\FhmxrbQ.exe
  C:\Windows\System\FhmxrbQ.exe
  2⤵
  PID:8292
- C:\Windows\System\sSSIGfs.exe
  C:\Windows\System\sSSIGfs.exe
  2⤵
  PID:8316
- C:\Windows\System\feEwdUu.exe
  C:\Windows\System\feEwdUu.exe
  2⤵
  PID:8340
- C:\Windows\System\mdKjdZf.exe
  C:\Windows\System\mdKjdZf.exe
  2⤵
  PID:8356
- C:\Windows\System\ZIVXuvX.exe
  C:\Windows\System\ZIVXuvX.exe
  2⤵
  PID:8400
- C:\Windows\System\qsEchwt.exe
  C:\Windows\System\qsEchwt.exe
  2⤵
  PID:8416
- C:\Windows\System\AmhUrHv.exe
  C:\Windows\System\AmhUrHv.exe
  2⤵
  PID:8432
- C:\Windows\System\gyWueyP.exe
  C:\Windows\System\gyWueyP.exe
  2⤵
  PID:8448
- C:\Windows\System\YekgAGf.exe
  C:\Windows\System\YekgAGf.exe
  2⤵
  PID:8464
- C:\Windows\System\lDnSdOn.exe
  C:\Windows\System\lDnSdOn.exe
  2⤵
  PID:8480
- C:\Windows\System\mUsIKcw.exe
  C:\Windows\System\mUsIKcw.exe
  2⤵
  PID:8496
- C:\Windows\System\fzSaHol.exe
  C:\Windows\System\fzSaHol.exe
  2⤵
  PID:8512
- C:\Windows\System\LUkxaSV.exe
  C:\Windows\System\LUkxaSV.exe
  2⤵
  PID:8528
- C:\Windows\System\qhwZjFq.exe
  C:\Windows\System\qhwZjFq.exe
  2⤵
  PID:8680
- C:\Windows\System\VAMiqih.exe
  C:\Windows\System\VAMiqih.exe
  2⤵
  PID:8696
- C:\Windows\System\tpowomQ.exe
  C:\Windows\System\tpowomQ.exe
  2⤵
  PID:8712
- C:\Windows\System\brOdxtv.exe
  C:\Windows\System\brOdxtv.exe
  2⤵
  PID:8728
- C:\Windows\System\MeSjDXR.exe
  C:\Windows\System\MeSjDXR.exe
  2⤵
  PID:8744
- C:\Windows\System\OEmBhxF.exe
  C:\Windows\System\OEmBhxF.exe
  2⤵
  PID:8760
- C:\Windows\System\xQNUnxR.exe
  C:\Windows\System\xQNUnxR.exe
  2⤵
  PID:8776
- C:\Windows\System\hufawDn.exe
  C:\Windows\System\hufawDn.exe
  2⤵
  PID:8796
- C:\Windows\System\jPJTIjA.exe
  C:\Windows\System\jPJTIjA.exe
  2⤵
  PID:8824
- C:\Windows\System\aPhAKco.exe
  C:\Windows\System\aPhAKco.exe
  2⤵
  PID:8840
- C:\Windows\System\bCENmtV.exe
  C:\Windows\System\bCENmtV.exe
  2⤵
  PID:8856
- C:\Windows\System\RrNVuTF.exe
  C:\Windows\System\RrNVuTF.exe
  2⤵
  PID:8872
- C:\Windows\System\duTjoec.exe
  C:\Windows\System\duTjoec.exe
  2⤵
  PID:8900
- C:\Windows\System\lqDJuKE.exe
  C:\Windows\System\lqDJuKE.exe
  2⤵
  PID:8916
- C:\Windows\System\QsdEPUk.exe
  C:\Windows\System\QsdEPUk.exe
  2⤵
  PID:8932
- C:\Windows\System\QMCnsNg.exe
  C:\Windows\System\QMCnsNg.exe
  2⤵
  PID:8948
- C:\Windows\System\pZviZWa.exe
  C:\Windows\System\pZviZWa.exe
  2⤵
  PID:8964
- C:\Windows\System\GGBdiNx.exe
  C:\Windows\System\GGBdiNx.exe
  2⤵
  PID:8980
- C:\Windows\System\fhteMPd.exe
  C:\Windows\System\fhteMPd.exe
  2⤵
  PID:8996
- C:\Windows\System\DuGZzCe.exe
  C:\Windows\System\DuGZzCe.exe
  2⤵
  PID:9012
- C:\Windows\System\IVkjPkd.exe
  C:\Windows\System\IVkjPkd.exe
  2⤵
  PID:9028
- C:\Windows\System\CRwbrFC.exe
  C:\Windows\System\CRwbrFC.exe
  2⤵
  PID:9044
- C:\Windows\System\LnklBCq.exe
  C:\Windows\System\LnklBCq.exe
  2⤵
  PID:9060
- C:\Windows\System\UvfZYSW.exe
  C:\Windows\System\UvfZYSW.exe
  2⤵
  PID:9076
- C:\Windows\System\GpCziIi.exe
  C:\Windows\System\GpCziIi.exe
  2⤵
  PID:9092
- C:\Windows\System\joAFvQT.exe
  C:\Windows\System\joAFvQT.exe
  2⤵
  PID:9108
- C:\Windows\System\zMUzLwM.exe
  C:\Windows\System\zMUzLwM.exe
  2⤵
  PID:9124
- C:\Windows\System\ZBKHKxC.exe
  C:\Windows\System\ZBKHKxC.exe
  2⤵
  PID:9140
- C:\Windows\System\btebQjz.exe
  C:\Windows\System\btebQjz.exe
  2⤵
  PID:9156
- C:\Windows\System\WzBdpbq.exe
  C:\Windows\System\WzBdpbq.exe
  2⤵
  PID:9172
- C:\Windows\System\TxmvJrL.exe
  C:\Windows\System\TxmvJrL.exe
  2⤵
  PID:9188
- C:\Windows\System\PkQWkLH.exe
  C:\Windows\System\PkQWkLH.exe
  2⤵
  PID:9204
- C:\Windows\System\tvHTNtw.exe
  C:\Windows\System\tvHTNtw.exe
  2⤵
  PID:996
- C:\Windows\System\VigVEYg.exe
  C:\Windows\System\VigVEYg.exe
  2⤵
  PID:2712
- C:\Windows\System\lzoirpm.exe
  C:\Windows\System\lzoirpm.exe
  2⤵
  PID:6256
- C:\Windows\System\iwBFZRx.exe
  C:\Windows\System\iwBFZRx.exe
  2⤵
  PID:8224
- C:\Windows\System\hlCKDmJ.exe
  C:\Windows\System\hlCKDmJ.exe
  2⤵
  PID:8240
- C:\Windows\System\qzKMXgl.exe
  C:\Windows\System\qzKMXgl.exe
  2⤵
  PID:8288
- C:\Windows\System\nrKjysv.exe
  C:\Windows\System\nrKjysv.exe
  2⤵
  PID:8336
- C:\Windows\System\UfuwWZr.exe
  C:\Windows\System\UfuwWZr.exe
  2⤵
  PID:7468
- C:\Windows\System\jAFvnxw.exe
  C:\Windows\System\jAFvnxw.exe
  2⤵
  PID:7516
- C:\Windows\System\PXndhoM.exe
  C:\Windows\System\PXndhoM.exe
  2⤵
  PID:7568
- C:\Windows\System\xHRwIPq.exe
  C:\Windows\System\xHRwIPq.exe
  2⤵
  PID:1784
- C:\Windows\System\qgmegVQ.exe
  C:\Windows\System\qgmegVQ.exe
  2⤵
  PID:3008
- C:\Windows\System\GRXIsyp.exe
  C:\Windows\System\GRXIsyp.exe
  2⤵
  PID:6776
- C:\Windows\System\ZRrzHXJ.exe
  C:\Windows\System\ZRrzHXJ.exe
  2⤵
  PID:7288
- C:\Windows\System\OPnilpb.exe
  C:\Windows\System\OPnilpb.exe
  2⤵
  PID:8300
- C:\Windows\System\fVNkDQK.exe
  C:\Windows\System\fVNkDQK.exe
  2⤵
  PID:7160
- C:\Windows\System\UTwvSKr.exe
  C:\Windows\System\UTwvSKr.exe
  2⤵
  PID:2564
- C:\Windows\System\BIDrZcM.exe
  C:\Windows\System\BIDrZcM.exe
  2⤵
  PID:1628
- C:\Windows\System\mARTMsG.exe
  C:\Windows\System\mARTMsG.exe
  2⤵
  PID:1680
- C:\Windows\System\OaJBgeD.exe
  C:\Windows\System\OaJBgeD.exe
  2⤵
  PID:7792
- C:\Windows\System\rpIqHqI.exe
  C:\Windows\System\rpIqHqI.exe
  2⤵
  PID:7832
- C:\Windows\System\oRwTOKz.exe
  C:\Windows\System\oRwTOKz.exe
  2⤵
  PID:7880
- C:\Windows\System\kXnpeHS.exe
  C:\Windows\System\kXnpeHS.exe
  2⤵
  PID:7896
- C:\Windows\System\ayvHvem.exe
  C:\Windows\System\ayvHvem.exe
  2⤵
  PID:7912
- C:\Windows\System\DYxlAEd.exe
  C:\Windows\System\DYxlAEd.exe
  2⤵
  PID:7928
- C:\Windows\System\wvtPcRr.exe
  C:\Windows\System\wvtPcRr.exe
  2⤵
  PID:7944
- C:\Windows\System\wqgaVBz.exe
  C:\Windows\System\wqgaVBz.exe
  2⤵
  PID:7960
- C:\Windows\System\rTlNVKY.exe
  C:\Windows\System\rTlNVKY.exe
  2⤵
  PID:7976
- C:\Windows\System\kqfJHXO.exe
  C:\Windows\System\kqfJHXO.exe
  2⤵
  PID:7992
- C:\Windows\System\XzlltTT.exe
  C:\Windows\System\XzlltTT.exe
  2⤵
  PID:8012
- C:\Windows\System\aMTGLSV.exe
  C:\Windows\System\aMTGLSV.exe
  2⤵
  PID:8028
- C:\Windows\System\jSwONwr.exe
  C:\Windows\System\jSwONwr.exe
  2⤵
  PID:8044
- C:\Windows\System\ZVIMWyB.exe
  C:\Windows\System\ZVIMWyB.exe
  2⤵
  PID:8060
- C:\Windows\System\YVbydZI.exe
  C:\Windows\System\YVbydZI.exe
  2⤵
  PID:8076
- C:\Windows\System\GJtMDzV.exe
  C:\Windows\System\GJtMDzV.exe
  2⤵
  PID:8092
- C:\Windows\System\cyGbUdZ.exe
  C:\Windows\System\cyGbUdZ.exe
  2⤵
  PID:8112
- C:\Windows\System\bYFhQIz.exe
  C:\Windows\System\bYFhQIz.exe
  2⤵
  PID:8128
- C:\Windows\System\QJsyzUl.exe
  C:\Windows\System\QJsyzUl.exe
  2⤵
  PID:8148
- C:\Windows\System\fPDTsKi.exe
  C:\Windows\System\fPDTsKi.exe
  2⤵
  PID:8164
- C:\Windows\System\RuFlhPP.exe
  C:\Windows\System\RuFlhPP.exe
  2⤵
  PID:8180
- C:\Windows\System\COBUhWg.exe
  C:\Windows\System\COBUhWg.exe
  2⤵
  PID:7060
- C:\Windows\System\gRFUBCd.exe
  C:\Windows\System\gRFUBCd.exe
  2⤵
  PID:4648
- C:\Windows\System\rKfxmeM.exe
  C:\Windows\System\rKfxmeM.exe
  2⤵
  PID:5536
- C:\Windows\System\HRSgkqw.exe
  C:\Windows\System\HRSgkqw.exe
  2⤵
  PID:6220
- C:\Windows\System\pGmHQOe.exe
  C:\Windows\System\pGmHQOe.exe
  2⤵
  PID:6416
- C:\Windows\System\MUTRzfi.exe
  C:\Windows\System\MUTRzfi.exe
  2⤵
  PID:7048
- C:\Windows\System\hynoFYt.exe
  C:\Windows\System\hynoFYt.exe
  2⤵
  PID:6148
- C:\Windows\System\DrZiTeC.exe
  C:\Windows\System\DrZiTeC.exe
  2⤵
  PID:1988
- C:\Windows\System\eZedbep.exe
  C:\Windows\System\eZedbep.exe
  2⤵
  PID:7308
- C:\Windows\System\BKwUxhW.exe
  C:\Windows\System\BKwUxhW.exe
  2⤵
  PID:7324
- C:\Windows\System\PMPVStT.exe
  C:\Windows\System\PMPVStT.exe
  2⤵
  PID:3436
- C:\Windows\System\veSMQgw.exe
  C:\Windows\System\veSMQgw.exe
  2⤵
  PID:2660
- C:\Windows\System\hIHbyqn.exe
  C:\Windows\System\hIHbyqn.exe
  2⤵
  PID:7520
- C:\Windows\System\LemRkvy.exe
  C:\Windows\System\LemRkvy.exe
  2⤵
  PID:7540
- C:\Windows\System\nhcnwQa.exe
  C:\Windows\System\nhcnwQa.exe
  2⤵
  PID:7580
- C:\Windows\System\BgrgXZw.exe
  C:\Windows\System\BgrgXZw.exe
  2⤵
  PID:7612
- C:\Windows\System\dOnFPmT.exe
  C:\Windows\System\dOnFPmT.exe
  2⤵
  PID:7644
- C:\Windows\System\taxibEG.exe
  C:\Windows\System\taxibEG.exe
  2⤵
  PID:2664
- C:\Windows\System\NtCNdRC.exe
  C:\Windows\System\NtCNdRC.exe
  2⤵
  PID:3856
- C:\Windows\System\lmCxhWN.exe
  C:\Windows\System\lmCxhWN.exe
  2⤵
  PID:7708
- C:\Windows\System\ivumfNy.exe
  C:\Windows\System\ivumfNy.exe
  2⤵
  PID:7744
- C:\Windows\System\FhiLCQF.exe
  C:\Windows\System\FhiLCQF.exe
  2⤵
  PID:7812
- C:\Windows\System\QRpmRhV.exe
  C:\Windows\System\QRpmRhV.exe
  2⤵
  PID:8196
- C:\Windows\System\eLMgGaX.exe
  C:\Windows\System\eLMgGaX.exe
  2⤵
  PID:8264
- C:\Windows\System\fNMwoFh.exe
  C:\Windows\System\fNMwoFh.exe
  2⤵
  PID:2920
- C:\Windows\System\dixkkHE.exe
  C:\Windows\System\dixkkHE.exe
  2⤵
  PID:8208
- C:\Windows\System\nTouTST.exe
  C:\Windows\System\nTouTST.exe
  2⤵
  PID:8408
- C:\Windows\System\mJjerwu.exe
  C:\Windows\System\mJjerwu.exe
  2⤵
  PID:8440
- C:\Windows\System\LEzVbCs.exe
  C:\Windows\System\LEzVbCs.exe
  2⤵
  PID:8492
- C:\Windows\System\UOuohCU.exe
  C:\Windows\System\UOuohCU.exe
  2⤵
  PID:8504
- C:\Windows\System\eajbSyF.exe
  C:\Windows\System\eajbSyF.exe
  2⤵
  PID:8524
- C:\Windows\System\oOurcCj.exe
  C:\Windows\System\oOurcCj.exe
  2⤵
  PID:8540
- C:\Windows\System\bkJFyVE.exe
  C:\Windows\System\bkJFyVE.exe
  2⤵
  PID:8556
- C:\Windows\System\fSPzIMC.exe
  C:\Windows\System\fSPzIMC.exe
  2⤵
  PID:8568
- C:\Windows\System\gEdtvqX.exe
  C:\Windows\System\gEdtvqX.exe
  2⤵
  PID:2372
- C:\Windows\System\WFnWryY.exe
  C:\Windows\System\WFnWryY.exe
  2⤵
  PID:8600
- C:\Windows\System\TwdjSWi.exe
  C:\Windows\System\TwdjSWi.exe
  2⤵
  PID:2856
- C:\Windows\System\izeEaBI.exe
  C:\Windows\System\izeEaBI.exe
  2⤵
  PID:8620
- C:\Windows\System\eXKhslW.exe
  C:\Windows\System\eXKhslW.exe
  2⤵
  PID:8636
- C:\Windows\System\UWsYcQh.exe
  C:\Windows\System\UWsYcQh.exe
  2⤵
  PID:648
- C:\Windows\System\VJVkMlR.exe
  C:\Windows\System\VJVkMlR.exe
  2⤵
  PID:8664
- C:\Windows\System\QbdRhgt.exe
  C:\Windows\System\QbdRhgt.exe
  2⤵
  PID:3060
- C:\Windows\System\TFVVnWI.exe
  C:\Windows\System\TFVVnWI.exe
  2⤵
  PID:8692
- C:\Windows\System\xsHqKEw.exe
  C:\Windows\System\xsHqKEw.exe
  2⤵
  PID:8720
- C:\Windows\System\reITaSb.exe
  C:\Windows\System\reITaSb.exe
  2⤵
  PID:8736
- C:\Windows\System\Ycsvubv.exe
  C:\Windows\System\Ycsvubv.exe
  2⤵
  PID:8740
- C:\Windows\System\xxsYEyr.exe
  C:\Windows\System\xxsYEyr.exe
  2⤵
  PID:5128
- C:\Windows\System\jNlqTKJ.exe
  C:\Windows\System\jNlqTKJ.exe
  2⤵
  PID:8808
- C:\Windows\System\XNyjTvH.exe
  C:\Windows\System\XNyjTvH.exe
  2⤵
  PID:8804
- C:\Windows\System\cZTlXeA.exe
  C:\Windows\System\cZTlXeA.exe
  2⤵
  PID:5300
- C:\Windows\System\UNntDwE.exe
  C:\Windows\System\UNntDwE.exe
  2⤵
  PID:8864
- C:\Windows\System\svZAvUz.exe
  C:\Windows\System\svZAvUz.exe
  2⤵
  PID:8880
- C:\Windows\System\UUBCcwY.exe
  C:\Windows\System\UUBCcwY.exe
  2⤵
  PID:8852
- C:\Windows\System\nitbsJr.exe
  C:\Windows\System\nitbsJr.exe
  2⤵
  PID:6488
- C:\Windows\System\HGpbfOf.exe
  C:\Windows\System\HGpbfOf.exe
  2⤵
  PID:8988
- C:\Windows\System\oKBeHJc.exe
  C:\Windows\System\oKBeHJc.exe
  2⤵
  PID:9052
- C:\Windows\System\uZDDFZp.exe
  C:\Windows\System\uZDDFZp.exe
  2⤵
  PID:8940
- C:\Windows\System\AsPZutv.exe
  C:\Windows\System\AsPZutv.exe
  2⤵
  PID:9036
- C:\Windows\System\wsJjYfe.exe
  C:\Windows\System\wsJjYfe.exe
  2⤵
  PID:9004
- C:\Windows\System\AxCPjrI.exe
  C:\Windows\System\AxCPjrI.exe
  2⤵
  PID:9104
- C:\Windows\System\ntyuHOl.exe
  C:\Windows\System\ntyuHOl.exe
  2⤵
  PID:9116
- C:\Windows\System\tySFlxL.exe
  C:\Windows\System\tySFlxL.exe
  2⤵
  PID:9180
- C:\Windows\System\IKMbShQ.exe
  C:\Windows\System\IKMbShQ.exe
  2⤵
  PID:9168
- C:\Windows\System\lIUHBwC.exe
  C:\Windows\System\lIUHBwC.exe
  2⤵
  PID:8236
- C:\Windows\System\nSMeSGl.exe
  C:\Windows\System\nSMeSGl.exe
  2⤵
  PID:1912
- C:\Windows\System\uhOMXHN.exe
  C:\Windows\System\uhOMXHN.exe
  2⤵
  PID:8280
- C:\Windows\System\IkjgQbX.exe
  C:\Windows\System\IkjgQbX.exe
  2⤵
  PID:2240
- C:\Windows\System\PeMEuYl.exe
  C:\Windows\System\PeMEuYl.exe
  2⤵
  PID:7864
- C:\Windows\System\mkPCLqv.exe
  C:\Windows\System\mkPCLqv.exe
  2⤵
  PID:6140
- C:\Windows\System\aWiTIeC.exe
  C:\Windows\System\aWiTIeC.exe
  2⤵
  PID:7872
- C:\Windows\System\pvwlVzT.exe
  C:\Windows\System\pvwlVzT.exe
  2⤵
  PID:4984
- C:\Windows\System\aRyjzAz.exe
  C:\Windows\System\aRyjzAz.exe
  2⤵
  PID:7940
- C:\Windows\System\jtFxlwe.exe
  C:\Windows\System\jtFxlwe.exe
  2⤵
  PID:7972
- C:\Windows\System\wfkNiua.exe
  C:\Windows\System\wfkNiua.exe
  2⤵
  PID:2832
- C:\Windows\System\oNTbTGQ.exe
  C:\Windows\System\oNTbTGQ.exe
  2⤵
  PID:8024
- C:\Windows\System\hJSfXxQ.exe
  C:\Windows\System\hJSfXxQ.exe
  2⤵
  PID:1456
- C:\Windows\System\YGQSBHt.exe
  C:\Windows\System\YGQSBHt.exe
  2⤵
  PID:7208
- C:\Windows\System\GzbPZfk.exe
  C:\Windows\System\GzbPZfk.exe
  2⤵
  PID:1084
- C:\Windows\System\ZzpnkEb.exe
  C:\Windows\System\ZzpnkEb.exe
  2⤵
  PID:8548
- C:\Windows\System\CblLARH.exe
  C:\Windows\System\CblLARH.exe
  2⤵
  PID:4488
- C:\Windows\System\GurAASV.exe
  C:\Windows\System\GurAASV.exe
  2⤵
  PID:8660
- C:\Windows\System\QiDBFsk.exe
  C:\Windows\System\QiDBFsk.exe
  2⤵
  PID:8476
- C:\Windows\System\gVixufJ.exe
  C:\Windows\System\gVixufJ.exe
  2⤵
  PID:8752
- C:\Windows\System\HSjZVOh.exe
  C:\Windows\System\HSjZVOh.exe
  2⤵
  PID:8612
- C:\Windows\System\WgjbSiU.exe
  C:\Windows\System\WgjbSiU.exe
  2⤵
  PID:8672
- C:\Windows\System\mxKKjXD.exe
  C:\Windows\System\mxKKjXD.exe
  2⤵
  PID:8836
- C:\Windows\System\BYkJZci.exe
  C:\Windows\System\BYkJZci.exe
  2⤵
  PID:2164
- C:\Windows\System\tsmyINu.exe
  C:\Windows\System\tsmyINu.exe
  2⤵
  PID:8832
- C:\Windows\System\IDQerDI.exe
  C:\Windows\System\IDQerDI.exe
  2⤵
  PID:8912
- C:\Windows\System\CIoPXbT.exe
  C:\Windows\System\CIoPXbT.exe
  2⤵
  PID:8956
- C:\Windows\System\JUOcuXT.exe
  C:\Windows\System\JUOcuXT.exe
  2⤵
  PID:9100
- C:\Windows\System\uChsfJM.exe
  C:\Windows\System\uChsfJM.exe
  2⤵
  PID:9212
- C:\Windows\System\RShEeNk.exe
  C:\Windows\System\RShEeNk.exe
  2⤵
  PID:9024
- C:\Windows\System\sZhpjip.exe
  C:\Windows\System\sZhpjip.exe
  2⤵
  PID:8976
- C:\Windows\System\IJVkKas.exe
  C:\Windows\System\IJVkKas.exe
  2⤵
  PID:9152
- C:\Windows\System\RPgwdCm.exe
  C:\Windows\System\RPgwdCm.exe
  2⤵
  PID:7528
- C:\Windows\System\SIYbBGS.exe
  C:\Windows\System\SIYbBGS.exe
  2⤵
  PID:7876
- C:\Windows\System\ArlYtwF.exe
  C:\Windows\System\ArlYtwF.exe
  2⤵
  PID:7740
- C:\Windows\System\vXulBKj.exe
  C:\Windows\System\vXulBKj.exe
  2⤵
  PID:7504
- C:\Windows\System\YLkWDMi.exe
  C:\Windows\System\YLkWDMi.exe
  2⤵
  PID:6760
- C:\Windows\System\EJICKST.exe
  C:\Windows\System\EJICKST.exe
  2⤵
  PID:7936
- C:\Windows\System\FdCmNiV.exe
  C:\Windows\System\FdCmNiV.exe
  2⤵
  PID:8056
- C:\Windows\System\BvhEwTL.exe
  C:\Windows\System\BvhEwTL.exe
  2⤵
  PID:7888
- C:\Windows\System\iZyXkjw.exe
  C:\Windows\System\iZyXkjw.exe
  2⤵
  PID:8136
- C:\Windows\System\YPCjWKs.exe
  C:\Windows\System\YPCjWKs.exe
  2⤵
  PID:8188
- C:\Windows\System\YLBqLxt.exe
  C:\Windows\System\YLBqLxt.exe
  2⤵
  PID:6320
- C:\Windows\System\ImcuKDN.exe
  C:\Windows\System\ImcuKDN.exe
  2⤵
  PID:7272
- C:\Windows\System\HRFwZXr.exe
  C:\Windows\System\HRFwZXr.exe
  2⤵
  PID:7424
- C:\Windows\System\HtlrXSj.exe
  C:\Windows\System\HtlrXSj.exe
  2⤵
  PID:7552
- C:\Windows\System\vPkZgiw.exe
  C:\Windows\System\vPkZgiw.exe
  2⤵
  PID:1092
- C:\Windows\System\dvMEmPu.exe
  C:\Windows\System\dvMEmPu.exe
  2⤵
  PID:7484
- C:\Windows\System\BPawaKL.exe
  C:\Windows\System\BPawaKL.exe
  2⤵
  PID:7124
- C:\Windows\System\yeebHEC.exe
  C:\Windows\System\yeebHEC.exe
  2⤵
  PID:7276
- C:\Windows\System\JmCydUY.exe
  C:\Windows\System\JmCydUY.exe
  2⤵
  PID:7736
- C:\Windows\System\yNILXIk.exe
  C:\Windows\System\yNILXIk.exe
  2⤵
  PID:7852
- C:\Windows\System\XvhIRgw.exe
  C:\Windows\System\XvhIRgw.exe
  2⤵
  PID:8520
- C:\Windows\System\AnJXoKG.exe
  C:\Windows\System\AnJXoKG.exe
  2⤵
  PID:8788
- C:\Windows\System\Shhqwdt.exe
  C:\Windows\System\Shhqwdt.exe
  2⤵
  PID:7720
- C:\Windows\System\iwpJkBS.exe
  C:\Windows\System\iwpJkBS.exe
  2⤵
  PID:9164
- C:\Windows\System\yksZsTF.exe
  C:\Windows\System\yksZsTF.exe
  2⤵
  PID:8364
- C:\Windows\System\HxxocXH.exe
  C:\Windows\System\HxxocXH.exe
  2⤵
  PID:8004
- C:\Windows\System\dFpjGYm.exe
  C:\Windows\System\dFpjGYm.exe
  2⤵
  PID:7828
- C:\Windows\System\XYVlcwX.exe
  C:\Windows\System\XYVlcwX.exe
  2⤵
  PID:8068
- C:\Windows\System\nsWTXft.exe
  C:\Windows\System\nsWTXft.exe
  2⤵
  PID:7320
- C:\Windows\System\oLtWCgu.exe
  C:\Windows\System\oLtWCgu.exe
  2⤵
  PID:2720
- C:\Windows\System\ccrUIFa.exe
  C:\Windows\System\ccrUIFa.exe
  2⤵
  PID:8784
- C:\Windows\System\ndZtNyA.exe
  C:\Windows\System\ndZtNyA.exe
  2⤵
  PID:8868
- C:\Windows\System\TMlEbVh.exe
  C:\Windows\System\TMlEbVh.exe
  2⤵
  PID:2096
- C:\Windows\System\TBQgsxA.exe
  C:\Windows\System\TBQgsxA.exe
  2⤵
  PID:8252
- C:\Windows\System\JjtrTxt.exe
  C:\Windows\System\JjtrTxt.exe
  2⤵
  PID:8888
- C:\Windows\System\BspmlhV.exe
  C:\Windows\System\BspmlhV.exe
  2⤵
  PID:7676
- C:\Windows\System\XIkJswr.exe
  C:\Windows\System\XIkJswr.exe
  2⤵
  PID:8072
- C:\Windows\System\UItDQDE.exe
  C:\Windows\System\UItDQDE.exe
  2⤵
  PID:8088
- C:\Windows\System\mEhhecr.exe
  C:\Windows\System\mEhhecr.exe
  2⤵
  PID:6568
- C:\Windows\System\LVZnhIL.exe
  C:\Windows\System\LVZnhIL.exe
  2⤵
  PID:7512
- C:\Windows\System\GVEUzlg.exe
  C:\Windows\System\GVEUzlg.exe
  2⤵
  PID:6920
- C:\Windows\System\VJAmwoo.exe
  C:\Windows\System\VJAmwoo.exe
  2⤵
  PID:7700
- C:\Windows\System\kjrmZed.exe
  C:\Windows\System\kjrmZed.exe
  2⤵
  PID:8488
- C:\Windows\System\SUEkvEe.exe
  C:\Windows\System\SUEkvEe.exe
  2⤵
  PID:8352
- C:\Windows\System\nweAyXF.exe
  C:\Windows\System\nweAyXF.exe
  2⤵
  PID:8564
- C:\Windows\System\eiKoWBu.exe
  C:\Windows\System\eiKoWBu.exe
  2⤵
  PID:1896
- C:\Windows\System\MthXTdk.exe
  C:\Windows\System\MthXTdk.exe
  2⤵
  PID:8656
- C:\Windows\System\NNZvtDa.exe
  C:\Windows\System\NNZvtDa.exe
  2⤵
  PID:8704
- C:\Windows\System\EjsxwxV.exe
  C:\Windows\System\EjsxwxV.exe
  2⤵
  PID:7920
- C:\Windows\System\abLgTcS.exe
  C:\Windows\System\abLgTcS.exe
  2⤵
  PID:8924
- C:\Windows\System\PXkoPAK.exe
  C:\Windows\System\PXkoPAK.exe
  2⤵
  PID:7096
- C:\Windows\System\kyglKUL.exe
  C:\Windows\System\kyglKUL.exe
  2⤵
  PID:8020
- C:\Windows\System\wLelana.exe
  C:\Windows\System\wLelana.exe
  2⤵
  PID:8124
- C:\Windows\System\rGloDQq.exe
  C:\Windows\System\rGloDQq.exe
  2⤵
  PID:7304
- C:\Windows\System\LsyRBcp.exe
  C:\Windows\System\LsyRBcp.exe
  2⤵
  PID:5268
- C:\Windows\System\TUXhKZk.exe
  C:\Windows\System\TUXhKZk.exe
  2⤵
  PID:6824
- C:\Windows\System\KzWigNl.exe
  C:\Windows\System\KzWigNl.exe
  2⤵
  PID:5472
- C:\Windows\System\fFVKLAF.exe
  C:\Windows\System\fFVKLAF.exe
  2⤵
  PID:908
- C:\Windows\System\vshUoOB.exe
  C:\Windows\System\vshUoOB.exe
  2⤵
  PID:8580
- C:\Windows\System\oYSmXTU.exe
  C:\Windows\System\oYSmXTU.exe
  2⤵
  PID:7564
- C:\Windows\System\MsbLPYc.exe
  C:\Windows\System\MsbLPYc.exe
  2⤵
  PID:6332
- C:\Windows\System\ctgiPhT.exe
  C:\Windows\System\ctgiPhT.exe
  2⤵
  PID:9228
- C:\Windows\System\CVsLilr.exe
  C:\Windows\System\CVsLilr.exe
  2⤵
  PID:9248
- C:\Windows\System\MImKDsg.exe
  C:\Windows\System\MImKDsg.exe
  2⤵
  PID:9264
- C:\Windows\System\Kagxwvl.exe
  C:\Windows\System\Kagxwvl.exe
  2⤵
  PID:9280
- C:\Windows\System\grfGWaa.exe
  C:\Windows\System\grfGWaa.exe
  2⤵
  PID:9296
- C:\Windows\System\RiFRxYa.exe
  C:\Windows\System\RiFRxYa.exe
  2⤵
  PID:9312
- C:\Windows\System\LAtRZNb.exe
  C:\Windows\System\LAtRZNb.exe
  2⤵
  PID:9388
- C:\Windows\System\ogtsspx.exe
  C:\Windows\System\ogtsspx.exe
  2⤵
  PID:9404
- C:\Windows\System\KQenNLs.exe
  C:\Windows\System\KQenNLs.exe
  2⤵
  PID:9420
- C:\Windows\System\TrARyEX.exe
  C:\Windows\System\TrARyEX.exe
  2⤵
  PID:9436
- C:\Windows\System\PnMVgvC.exe
  C:\Windows\System\PnMVgvC.exe
  2⤵
  PID:9452
- C:\Windows\System\sRlhbTb.exe
  C:\Windows\System\sRlhbTb.exe
  2⤵
  PID:9468
- C:\Windows\System\OZSbBFp.exe
  C:\Windows\System\OZSbBFp.exe
  2⤵
  PID:9484
- C:\Windows\System\MqieYVI.exe
  C:\Windows\System\MqieYVI.exe
  2⤵
  PID:9504
- C:\Windows\System\KoYjyFq.exe
  C:\Windows\System\KoYjyFq.exe
  2⤵
  PID:9520
- C:\Windows\System\QmuMIpD.exe
  C:\Windows\System\QmuMIpD.exe
  2⤵
  PID:9572
- C:\Windows\System\xyEfnqm.exe
  C:\Windows\System\xyEfnqm.exe
  2⤵
  PID:9588
- C:\Windows\System\wXHHmvu.exe
  C:\Windows\System\wXHHmvu.exe
  2⤵
  PID:9604
- C:\Windows\System\zdHhpbu.exe
  C:\Windows\System\zdHhpbu.exe
  2⤵
  PID:9620
- C:\Windows\System\QzIeXCZ.exe
  C:\Windows\System\QzIeXCZ.exe
  2⤵
  PID:9636
- C:\Windows\System\TParrkr.exe
  C:\Windows\System\TParrkr.exe
  2⤵
  PID:9652
- C:\Windows\System\ytHXWSw.exe
  C:\Windows\System\ytHXWSw.exe
  2⤵
  PID:9672
- C:\Windows\System\EsKkavg.exe
  C:\Windows\System\EsKkavg.exe
  2⤵
  PID:9696
- C:\Windows\System\mIRUUuf.exe
  C:\Windows\System\mIRUUuf.exe
  2⤵
  PID:9712
- C:\Windows\System\RZzDujI.exe
  C:\Windows\System\RZzDujI.exe
  2⤵
  PID:9728
- C:\Windows\System\ksBDMHk.exe
  C:\Windows\System\ksBDMHk.exe
  2⤵
  PID:9744
- C:\Windows\System\sCaURdH.exe
  C:\Windows\System\sCaURdH.exe
  2⤵
  PID:9760
- C:\Windows\System\ERMjXEC.exe
  C:\Windows\System\ERMjXEC.exe
  2⤵
  PID:9776
- C:\Windows\System\VFzyhLG.exe
  C:\Windows\System\VFzyhLG.exe
  2⤵
  PID:9796
- C:\Windows\System\HhsjNkI.exe
  C:\Windows\System\HhsjNkI.exe
  2⤵
  PID:9820
- C:\Windows\System\STAfDdH.exe
  C:\Windows\System\STAfDdH.exe
  2⤵
  PID:9840
- C:\Windows\System\YkFlPBn.exe
  C:\Windows\System\YkFlPBn.exe
  2⤵
  PID:9860
- C:\Windows\System\xUymLOL.exe
  C:\Windows\System\xUymLOL.exe
  2⤵
  PID:9880
- C:\Windows\System\OZwJzqD.exe
  C:\Windows\System\OZwJzqD.exe
  2⤵
  PID:9904
- C:\Windows\System\RQurgpN.exe
  C:\Windows\System\RQurgpN.exe
  2⤵
  PID:9924
- C:\Windows\System\kifEQCk.exe
  C:\Windows\System\kifEQCk.exe
  2⤵
  PID:9940
- C:\Windows\System\mdnYehM.exe
  C:\Windows\System\mdnYehM.exe
  2⤵
  PID:9956
- C:\Windows\System\JspBfPl.exe
  C:\Windows\System\JspBfPl.exe
  2⤵
  PID:9972
- C:\Windows\System\MmRyliC.exe
  C:\Windows\System\MmRyliC.exe
  2⤵
  PID:9988
- C:\Windows\System\pRNXQFf.exe
  C:\Windows\System\pRNXQFf.exe
  2⤵
  PID:10008
- C:\Windows\System\WWxQQvU.exe
  C:\Windows\System\WWxQQvU.exe
  2⤵
  PID:10024
- C:\Windows\System\GmclZLC.exe
  C:\Windows\System\GmclZLC.exe
  2⤵
  PID:10040
- C:\Windows\System\kLRGxfs.exe
  C:\Windows\System\kLRGxfs.exe
  2⤵
  PID:10056
- C:\Windows\System\DnMENHp.exe
  C:\Windows\System\DnMENHp.exe
  2⤵
  PID:10072
- C:\Windows\System\zdiNXSs.exe
  C:\Windows\System\zdiNXSs.exe
  2⤵
  PID:10088
- C:\Windows\System\QZOWIXp.exe
  C:\Windows\System\QZOWIXp.exe
  2⤵
  PID:10108
- C:\Windows\System\tFrcluT.exe
  C:\Windows\System\tFrcluT.exe
  2⤵
  PID:10124
- C:\Windows\System\bHVihsc.exe
  C:\Windows\System\bHVihsc.exe
  2⤵
  PID:10208
- C:\Windows\System\CdCJVHy.exe
  C:\Windows\System\CdCJVHy.exe
  2⤵
  PID:10224
- C:\Windows\System\FCxMVdh.exe
  C:\Windows\System\FCxMVdh.exe
  2⤵
  PID:6152
- C:\Windows\System\BzMdmXD.exe
  C:\Windows\System\BzMdmXD.exe
  2⤵
  PID:5928
- C:\Windows\System\buZOTlf.exe
  C:\Windows\System\buZOTlf.exe
  2⤵
  PID:9260
- C:\Windows\System\UYLVRgr.exe
  C:\Windows\System\UYLVRgr.exe
  2⤵
  PID:9320
- C:\Windows\System\zntOGkM.exe
  C:\Windows\System\zntOGkM.exe
  2⤵
  PID:1684
- C:\Windows\System\MCzkgCM.exe
  C:\Windows\System\MCzkgCM.exe
  2⤵
  PID:9020
- C:\Windows\System\MLWqEOC.exe
  C:\Windows\System\MLWqEOC.exe
  2⤵
  PID:8160
- C:\Windows\System\UrqbaVb.exe
  C:\Windows\System\UrqbaVb.exe
  2⤵
  PID:9332
- C:\Windows\System\Vfiygfi.exe
  C:\Windows\System\Vfiygfi.exe
  2⤵
  PID:8632
- C:\Windows\System\BQBHwxA.exe
  C:\Windows\System\BQBHwxA.exe
  2⤵
  PID:9272
- C:\Windows\System\KRruqFD.exe
  C:\Windows\System\KRruqFD.exe
  2⤵
  PID:9340
- C:\Windows\System\ZnJWYvn.exe
  C:\Windows\System\ZnJWYvn.exe
  2⤵
  PID:9352
- C:\Windows\System\wfrpcGj.exe
  C:\Windows\System\wfrpcGj.exe
  2⤵
  PID:9396
- C:\Windows\System\girvzMf.exe
  C:\Windows\System\girvzMf.exe
  2⤵
  PID:9384
- C:\Windows\System\pFQcgGl.exe
  C:\Windows\System\pFQcgGl.exe
  2⤵
  PID:9416
- C:\Windows\System\nfuakle.exe
  C:\Windows\System\nfuakle.exe
  2⤵
  PID:9480
- C:\Windows\System\gILWeZi.exe
  C:\Windows\System\gILWeZi.exe
  2⤵
  PID:9496
- C:\Windows\System\DImZcYv.exe
  C:\Windows\System\DImZcYv.exe
  2⤵
  PID:9464
- C:\Windows\System\wIlpDsX.exe
  C:\Windows\System\wIlpDsX.exe
  2⤵
  PID:9540
- C:\Windows\System\MrmHGAf.exe
  C:\Windows\System\MrmHGAf.exe
  2⤵
  PID:9564
- C:\Windows\System\HEmpowU.exe
  C:\Windows\System\HEmpowU.exe
  2⤵
  PID:9600
- C:\Windows\System\XjeDghD.exe
  C:\Windows\System\XjeDghD.exe
  2⤵
  PID:9616
- C:\Windows\System\sOpKCUR.exe
  C:\Windows\System\sOpKCUR.exe
  2⤵
  PID:9684
- C:\Windows\System\IWUHuIR.exe
  C:\Windows\System\IWUHuIR.exe
  2⤵
  PID:9724
- C:\Windows\System\TxXlThK.exe
  C:\Windows\System\TxXlThK.exe
  2⤵
  PID:9788
- C:\Windows\System\rnynxdC.exe
  C:\Windows\System\rnynxdC.exe
  2⤵
  PID:9836
- C:\Windows\System\rYWzsuV.exe
  C:\Windows\System\rYWzsuV.exe
  2⤵
  PID:9912
- C:\Windows\System\zfGgVGw.exe
  C:\Windows\System\zfGgVGw.exe
  2⤵
  PID:9664
- C:\Windows\System\NPpJUWX.exe
  C:\Windows\System\NPpJUWX.exe
  2⤵
  PID:9804
- C:\Windows\System\NwlrerX.exe
  C:\Windows\System\NwlrerX.exe
  2⤵
  PID:9668
- C:\Windows\System\TgLsMNY.exe
  C:\Windows\System\TgLsMNY.exe
  2⤵
  PID:9740
- C:\Windows\System\WmlZWWQ.exe
  C:\Windows\System\WmlZWWQ.exe
  2⤵
  PID:9816
- C:\Windows\System\QidXFSG.exe
  C:\Windows\System\QidXFSG.exe
  2⤵
  PID:9888
- C:\Windows\System\YDnHhUL.exe
  C:\Windows\System\YDnHhUL.exe
  2⤵
  PID:9932
- C:\Windows\System\zNDubCC.exe
  C:\Windows\System\zNDubCC.exe
  2⤵
  PID:10000
- C:\Windows\System\nYyNoFW.exe
  C:\Windows\System\nYyNoFW.exe
  2⤵
  PID:10020
- C:\Windows\System\xCWutcP.exe
  C:\Windows\System\xCWutcP.exe
  2⤵
  PID:10016
- C:\Windows\System\KpuIQXb.exe
  C:\Windows\System\KpuIQXb.exe
  2⤵
  PID:10104
- C:\Windows\System\KBgmkzT.exe
  C:\Windows\System\KBgmkzT.exe
  2⤵
  PID:10084
- C:\Windows\System\jNiTbdF.exe
  C:\Windows\System\jNiTbdF.exe
  2⤵
  PID:10148
- C:\Windows\System\sIscVHN.exe
  C:\Windows\System\sIscVHN.exe
  2⤵
  PID:10160
- C:\Windows\System\VkqMnkW.exe
  C:\Windows\System\VkqMnkW.exe
  2⤵
  PID:10180
- C:\Windows\System\TbjwVya.exe
  C:\Windows\System\TbjwVya.exe
  2⤵
  PID:10192
- C:\Windows\System\XlxOxVr.exe
  C:\Windows\System\XlxOxVr.exe
  2⤵
  PID:6100
- C:\Windows\System\VSVgWUm.exe
  C:\Windows\System\VSVgWUm.exe
  2⤵
  PID:8848
- C:\Windows\System\aAUbEeO.exe
  C:\Windows\System\aAUbEeO.exe
  2⤵
  PID:8040
- C:\Windows\System\wLEMIuc.exe
  C:\Windows\System\wLEMIuc.exe
  2⤵
  PID:10200
- C:\Windows\System\Dbwwuoj.exe
  C:\Windows\System\Dbwwuoj.exe
  2⤵
  PID:9308
- C:\Windows\System\LjFnLCJ.exe
  C:\Windows\System\LjFnLCJ.exe
  2⤵
  PID:7420
- C:\Windows\System\tnavQOY.exe
  C:\Windows\System\tnavQOY.exe
  2⤵
  PID:9376
- C:\Windows\System\TjvPQXX.exe
  C:\Windows\System\TjvPQXX.exe
  2⤵
  PID:9412
- C:\Windows\System\sRZRacm.exe
  C:\Windows\System\sRZRacm.exe
  2⤵
  PID:9344
- C:\Windows\System\NSnncRQ.exe
  C:\Windows\System\NSnncRQ.exe
  2⤵
  PID:9448
- C:\Windows\System\yPXPTgo.exe
  C:\Windows\System\yPXPTgo.exe
  2⤵
  PID:9528
- C:\Windows\System\JbRWvJs.exe
  C:\Windows\System\JbRWvJs.exe
  2⤵
  PID:9612
- C:\Windows\System\pvXQOgJ.exe
  C:\Windows\System\pvXQOgJ.exe
  2⤵
  PID:9792
- C:\Windows\System\jZmmsRr.exe
  C:\Windows\System\jZmmsRr.exe
  2⤵
  PID:9648
- C:\Windows\System\LhdfqYz.exe
  C:\Windows\System\LhdfqYz.exe
  2⤵
  PID:9952
- C:\Windows\System\AvqHVJV.exe
  C:\Windows\System\AvqHVJV.exe
  2⤵
  PID:9680
- C:\Windows\System\bOTwvqB.exe
  C:\Windows\System\bOTwvqB.exe
  2⤵
  PID:9736
- C:\Windows\System\KxkgtcU.exe
  C:\Windows\System\KxkgtcU.exe
  2⤵
  PID:10100
- C:\Windows\System\AsfnGYT.exe
  C:\Windows\System\AsfnGYT.exe
  2⤵
  PID:10144
- C:\Windows\System\JXwJVnw.exe
  C:\Windows\System\JXwJVnw.exe
  2⤵
  PID:9964
- C:\Windows\System\etoBnRv.exe
  C:\Windows\System\etoBnRv.exe
  2⤵
  PID:10172
- C:\Windows\System\sgqGxXk.exe
  C:\Windows\System\sgqGxXk.exe
  2⤵
  PID:10156
- C:\Windows\System\HWjkUua.exe
  C:\Windows\System\HWjkUua.exe
  2⤵
  PID:10220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BXXyYCg.exe

Filesize
6.0MB

MD5
4e06ebfcf73fa1325199f878299ff427

SHA1
47e4a793cbbefa5e92707f03624187ef2ac25115

SHA256
a665e53bbc23cbdc405fb527852d8629e267aaec6f99dca452791eeabd70e86f

SHA512
927c76de0c7ac609f9539705a2992598ab34b3f30e8c4f3e555d9699daa90c59112e642845b2f73e35d05d65b33181ccda2c651ec2520166d8cc3f77e39e26a5

Download Submit
C:\Windows\system\BlIbMLV.exe

Filesize
6.0MB

MD5
0c47e7953c28bdbd362eff6deeb57161

SHA1
535948001ef68f12eec3f0e994cf0ef8a55ede71

SHA256
15e7d6dfb4c1e719c05e45c8adaa9bb6dbe2eda08b04f155b4351480a521fe0c

SHA512
cca01b609639b4ac0e446226e51475a6486fd3dda05bf2e30047cbd670f35ebd5e541951a08fb6283d678fc1616fc41ecce209b1945c220aff9eefa6f48b0f6d

Download Submit
C:\Windows\system\CWCRiKk.exe

Filesize
6.0MB

MD5
133709ca35c76647085e3deeb73e8b4e

SHA1
efdb4c4aefb47040fd1932e3978acf19ce6aafbe

SHA256
e83b0683d0bfdbcb936d326bd7860baf9e9a3d7aad23bd2b5333f100ee8876bf

SHA512
e61de367a27ec0205d3c04543a968365f7575f9fa05b173f16a55fdb0bf031990af82ad74022e60923c06cc16076a1e69e5ed983b8f06a0a0670f061aeb54141

Download Submit
C:\Windows\system\DZpItzR.exe

Filesize
6.0MB

MD5
2e9eb225c35fadb64bf8c19b4eb4dbd8

SHA1
d5dfa884996b32461b73e4a321e0964b4ae678f8

SHA256
9c2d3b58ebfdb5b9c6c08e6dd198ffcbb8d079dcc05a57c5bf7d7824670a9198

SHA512
bb64bd6f8a19c3f66299afa5a70d26a85269291e131256153ed0ba579aa04597655dd02f0be35c56854a671f176c62b21d41c997651b9e5e2ace675c1c67bb2f

Download Submit
C:\Windows\system\FOFCgxF.exe

Filesize
6.0MB

MD5
0fdf2d8c893e1818b589fbb9fad6610d

SHA1
56a774d6c10d317dc819222d468f40a0f1e971ce

SHA256
06a77c47b7a53f91ed0616f356a3f118a72e58d1f4dfe9949cdb87afec74cad2

SHA512
56f54a3c88414f7da7fad389de2b976991aa030faad1fb3ef5215df9cf444b136c07f7efcb8a41c1938e88899494c7a818e38af7f33dc571b105721083b3785c

Download Submit
C:\Windows\system\FOsEFjS.exe

Filesize
6.0MB

MD5
b793cd7325f7c1272dc87e8f4335ef1e

SHA1
bdff43d59941b5a240b2301ac91d16e5bc4b72dc

SHA256
ad8b1aeaf5d35bd32e3a3ed235b7965d5ea4abb5d1b62a58d7531aa2482037f3

SHA512
734d9eabf48741f791cc55e0a5bd041c966db755216606c07f5861def77e09f1f97f56668a00427b1176a054a9e881549bc96c33f186c644914e82256948147b

Download Submit
C:\Windows\system\FfPpCTZ.exe

Filesize
6.0MB

MD5
981a61a5bd2ee25f82b3d0f6a2fe14c9

SHA1
05a0ccf6a7c57e21a5142c9356134ad1cd981564

SHA256
741fd51b76e19b14d0fac3f43bcf0539d9f86a6110ea433786c6cf7a91e8506c

SHA512
2412ab2cc919b9b65f60f9c9554ba40a22ccd424b2a68f2e4e976b1ae3ec7dd2967b5c013a4d3d43ed1daef6e26f3cf25b835dd3958b3dd89def0aded89d9399

Download Submit
C:\Windows\system\ICouZQz.exe

Filesize
6.0MB

MD5
d367e4721472f4e9779c190eaac35588

SHA1
eef576018a395145559cc8bf0b916a0c7459f688

SHA256
0c1e3776fa54894912f99e85f04ac014e168aa106c52bb316744435df352dd7c

SHA512
ec3e5939c35e719bdc961d8088a4b2dfe5b4e2782f3936b0ca7c899dba1c7b09d40e45aed5e72dfb9f1600f955b6e65f4683ccbf90d79e8209e56b2a70ed8fc0

Download Submit
C:\Windows\system\IeloWLF.exe

Filesize
6.0MB

MD5
5e1f1fcd8d972af046c370d387f6f42b

SHA1
f427cfc14f07b74e6aeceb5b0ce6c100241199a8

SHA256
a4c1f2ae90e7e56e55e6b557cf910359840849196afb9baffe5fd03cf2e6f5d5

SHA512
a8772402da67b1962f649e7b7daefc2e78c58d8b7e63f0d8e107a3e1bb142a1484b75a02fe6109ef651d827080728ca278c6cc9f78e67bf583d0f9820858f977

Download Submit
C:\Windows\system\JLTyZPB.exe

Filesize
6.0MB

MD5
139bbfdfb34b04df57fff58130d769b2

SHA1
a29c2fbb73b8052e878eda5d497e455292db44d5

SHA256
a4e1c4d7ced4769294d6bf4f81494f2914a4effde61485eec10120d265d842c9

SHA512
690ed6336ad1d86ccbcf1b21d92d6a66248d629b9d538038ef633e8e228c78e2cb29d2384f65effffb5b6c1397b97d6bba7c2cba7d3ddf8f8c82dd0f7ab2f64b

Download Submit
C:\Windows\system\JZKThrO.exe

Filesize
6.0MB

MD5
38747fbbadb0f81ab200376e2490b002

SHA1
c1c95ab98fbbf9209ba209bd77943ce11ab16cc4

SHA256
b25c81cfec1bf49972e01f84a7e4b37c33f0fd349839012d7cdf893bc6d8d690

SHA512
564ce166a6d46319c64c815ba863a9e3f45d20292f765c32d7622c63dd8ad428bbf07c769fc6adbf1bf10b7819c54df98d3d4fe66916c8f319dbacfc769aa3df

Download Submit
C:\Windows\system\NEGPNds.exe

Filesize
6.0MB

MD5
65e09e359eabe521e74daf9ed8a89dfc

SHA1
88623ccda4f9f75c159e0c763d6ac85772c89bde

SHA256
5cdcb68f6b6d7b3c50310baa1443ad094101e3bf8768eaed568d43cfbeddf757

SHA512
e7a3d814a61a02677ca0dc194744e902f38e77be0bfb4bd41d84b196b662f3a432b762fb609443de40057bc073701d61472a7b6aabb826ac5e2c75239bb96e6f

Download Submit
C:\Windows\system\OZxTtud.exe

Filesize
6.0MB

MD5
58cd624b587981901a3d2b3aaedb5670

SHA1
ea4cb8d734839a5894ad1d6111b8fff849fd2c22

SHA256
4a4ad96c611b97ad74cc4f2cd5475a44608f5172462f7bf2c73333d3e8b58df2

SHA512
03ec1de39720576abc1ef5280e2aff85812d110bdfd50b243a07cdf9c45ae38bb047a9c0562c90bf31daea7b79b5ba2de4be78d7d17ac8a7c43e29fb543c6c36

Download Submit
C:\Windows\system\OgMJhWK.exe

Filesize
6.0MB

MD5
e695058d26567c83a28f445a290f8005

SHA1
803c3417be47822b8314f76c926ab0bb9ac899fb

SHA256
0cc9b230cfd3081f60a9faf1b4911351998f7f674b401b2498fdbc970647332a

SHA512
edfcdff8bad7347f15b5ce0a0f701ca97c8a1b3467a873ffa17b6de246a7674acb70a336cf190488f23c4d0b9cd6a9a50376df82dfa4709faf30b1c281ab2f33

Download Submit
C:\Windows\system\QWZNesK.exe

Filesize
6.0MB

MD5
28b2d0141d48f279f2a8c0e430fdb390

SHA1
45c2f7ee19ba7710f07e201f0d95ac94777adc5c

SHA256
aa7281e1680ecbf9af495e496acd3cd156cc61bec464a6104a8a2ce4e2f698a1

SHA512
88ad91a3eeb9a8015029043aa12dd98da7cabf5bdb7afe0ad393a9f5a6aa9dec624f166df810423e724b71f772a44541a1c483c2a40a692e5cb5592729955cf6

Download Submit
C:\Windows\system\SDQkhXt.exe

Filesize
6.0MB

MD5
6047c3d091a57a0a3736b5b38c4b255d

SHA1
0e040333c9e441911064d5a6f0169b977d7ffcc6

SHA256
179009bdadc72972e3648f178bfb8338cac6db936a4ddf483b09ed4cc7b50032

SHA512
2dd77012a7ab482a2049f72be6e974007a95c7118ffb86c4e04e192a08359516e99d192aa1577944d526db76a6f10964e31ea6fc6a26ed15e28168aa7d6f00db

Download Submit
C:\Windows\system\SfBnLbq.exe

Filesize
6.0MB

MD5
595448ef7c393b1da7dc17dd37ecb8d8

SHA1
93cbb22db8e270c303777b8aaa5fc32af26e2678

SHA256
8574d1e7f45637174e859b0143e6dff57e65ef39119dd8c4d43c792cf974fea1

SHA512
130837c783457304ef9addc2269005d910115afab6d366b7eac56881e4eb13fa2cee601f270119c4ba34a3101cdfbf72ce7eb67faa097b205d329d09ed946f59

Download Submit
C:\Windows\system\TwCvIjS.exe

Filesize
6.0MB

MD5
121c7735792e3534bc72cc47c1dd3838

SHA1
96a4a9f38f67144df8a5573780452370748971f9

SHA256
3296a584e783ae8c20294f7cdd1dc1b13137f985df42ecf9078680451b3200ef

SHA512
d5f92f6bc5ce793e3b3ca970b172fc06a2e0883931c2f11c88349de475ccbf512bf51a856a595697a54cea48f03fa96d6fce317a78fab839d15a700e057ac0d5

Download Submit
C:\Windows\system\XXgZIpe.exe

Filesize
6.0MB

MD5
cf517872487b87d273b0c998804c5dcb

SHA1
eba5fd54c16e09c551543b192bb412632218279c

SHA256
bc8035bde2afc6a71173d5cedfc1db2b29497abfa669132d81eda0f9c9a51142

SHA512
659e2ac4bd6e6dcb80d16a15f08711004a7c9c57be0cf4c3f2c6ccdae8c118da184eaac5d8bc0cc5a95daeea299c83402ed7b1bd0e3c438328242f915fc8486a

Download Submit
C:\Windows\system\YkyXVQZ.exe

Filesize
6.0MB

MD5
d0dfc9f9a74e669af159d2db5c926ae4

SHA1
d2e4c74ea10e633cabc0329816d4380529cd8920

SHA256
3ec0b1953cf9eda3536cf4eaa1e19b648934f9845e2c79ffa7cb3c620fc34a1f

SHA512
44e9fffd620ec1ac6ac3470c44840503d0585b36b5cde039cf5e0f0848aa19f326855e625376965d5d5eed912529134730729f2fa880d87fb8dc865888aa8d9c

Download Submit
C:\Windows\system\ZjjArGo.exe

Filesize
6.0MB

MD5
026c879357f9e9488a2eba1cbcefd568

SHA1
a57835b2576c7a267c0f896895d2fab397c6fcba

SHA256
c86da6360595505454cdeff2be7a3d3c197c576c1920e3ac74ff4ef89c238c0b

SHA512
3a78b2679373bdca032141d09152bf93b120fc09b5a8a90b93e138c5f9aab0172122040750405dcba173d6de9a6700eda41bcdcb3ca9d3ee966f9d5d05f7d299

Download Submit
C:\Windows\system\fZLNgjz.exe

Filesize
6.0MB

MD5
e66e3bc18f00b7ee98bd439a64c0a88a

SHA1
0bf6b231951fa505c3b84627f647a2f3949d9618

SHA256
185b40dff81c471566950f033135bb8ab194e9f9408f00db860baf2f8591e0f5

SHA512
debca0e9007466f2e62682eccb4edd7308524cc01fd1ae1eff4e7f6794ecab29bbf237a29df073c4be39387a3ac2816d4112d29d995cd900abbd6e5f5a9999c4

Download Submit
C:\Windows\system\fqyaWgH.exe

Filesize
6.0MB

MD5
fce020924f74c9680e7b337b44287d79

SHA1
cdf5498237d795c84a569dc60e44bfa3fbd8fa0e

SHA256
9a24addf3a7589c1fb67a6256ee5ba789fbbe65d6517e699101aa6717ad495b3

SHA512
808e0defa15345a11fa3614106f02ab400a53a0b731df2a4e42a30fdeb975afd61e68dc199a3d3c4f9e9189e5cebdaf6f9d180d2e99eff0104d83f6f1bfb46ba

Download Submit
C:\Windows\system\ldjVqYI.exe

Filesize
6.0MB

MD5
c9df0df5eb31456368ec3cf7fbac5a6e

SHA1
dd16a904db9b34657e5ade2c341d19add4faf545

SHA256
32ed846ed54dae4d0cb2f2e4994723ef55ccd21e88692a0d586998361472939f

SHA512
2a120efd2b1b7be57b4b88312ef13140eff0b71936b29423cf6241894b856f02d261332081bc79ac8df7f4f53c848534293e3e3e895bced69ff6b190ebdbb971

Download Submit
C:\Windows\system\prKOZng.exe

Filesize
6.0MB

MD5
72d8f1274a21b321e4a6fbbd834908eb

SHA1
8332d04c255f0a92febf336ff7b95d8852e2848d

SHA256
4cda13c01d7e2f98c01df3a6cd3c53da9f2976e67b7a33f9d3b99c8b76510d49

SHA512
1e68ae905bc25bc5959ec1528e0e332e29ad0f46f487d8989cc1e154674d39d4b98804d8332011540205dfb52e8cddc892c7eab02c31907ede90f346e5441eeb

Download Submit
C:\Windows\system\rzdkDCb.exe

Filesize
6.0MB

MD5
8784b3e8defefa3204b57b10df3afa4d

SHA1
917f4ec0db4d980817a3508501ef89df255be193

SHA256
d15022dc9394da577ef3a72364f5c7986421af0eb4187819bf1f85c51066405d

SHA512
1fa7a9de4a6a74d1170af1294c273aef2d10fa113ceed321079306ab80cbefadc928168dcbc73d4f69a84e984be22f6d33eaacc18056f60a723410f1723b52f0

Download Submit
C:\Windows\system\uEcGLog.exe

Filesize
6.0MB

MD5
ae08d5ba54430d65f6b074c6702741f0

SHA1
959b4b7008464d3b58c82db620fde02dd36c52b2

SHA256
bb63be6a21915e544dc37cb9e25181fc0f3739775f8ffb4e8f963d9dd09c23bb

SHA512
e416256c694dfc2101435b62cd96f4c0ac2d7e294dc74a59eeb74128767efbd78e04563e26f7689e2a0cdcd51506738ac29007b75e43c0e75162d034d3cb4e6d

Download Submit
C:\Windows\system\uYEuBhy.exe

Filesize
6.0MB

MD5
a1ad67ddf351a18924df3571cbbd468b

SHA1
ae481b50220ddac9991122f0e37a525923a0d77a

SHA256
04b6ca27bf8e17e063c6a1553f347aeb3719cde4244f847cd487c5b343f1a7da

SHA512
1c6dd915b0fa3df4e75a6c9671c450c5c8326735c2f735db0983924988a4711852ac34703392ba4c66d2ed2d11c4357130e9ce88baaa1621590a6c4d7fc62ad1

Download Submit
C:\Windows\system\ukGYKYd.exe

Filesize
6.0MB

MD5
dbf672c6958ca5b36ee3893090dcf1e8

SHA1
e356ff8205f02a5bcee75dd5bfd0dd4c02b29e7a

SHA256
6d9b6cffebbc138091d58a4527b9e48faaa94649c89fdaff17dba11c9c519910

SHA512
65163d035fc5e2b40e015dea158aad7abe097fb36778086d9f524c39a6a8082ac2b7da2fe64580838abf06f65eafa70df21a0489026e7c4591b8b448781e6d50

Download Submit
C:\Windows\system\wqdnoUM.exe

Filesize
6.0MB

MD5
ea0aa6f5d7a19ec8b9e858f3ef7c7b4d

SHA1
e0794c8fa9ea8eb15158b0cea9f44d839d78e6d3

SHA256
1a0de41a578972fe87e3b3b53714b52088f143b99b508ff56a0dcf8f0abeac83

SHA512
7857bce1582d9082d5c5b783256922fd4280d8719233fef4cadf263eef16022db9a8b660e4b54faaca78b1441aa770a873759da58be26c717879bcbf014541b5

Download Submit
\Windows\system\NqrNhLL.exe

Filesize
6.0MB

MD5
bb0d630e3429adcba74c577e8772b904

SHA1
16eba381bb0c093b2fddfac378c23bea02609b3a

SHA256
9f5665d22296b57cc15d491fa3f7fc4efde6c5fb3a86a387efcc7f445dda481b

SHA512
4fe7df2c8a520c016edfd2d1c5e8a1462982409a58461325510eabde398cb2f97ece12175a05b3e0e752606c94b14b518de36f227b21dc024a9e71173078d9ad

Download Submit
\Windows\system\OXrxyAz.exe

Filesize
6.0MB

MD5
24beb526ff95cb8c27b1ce89c0ac2225

SHA1
dfcc7e0aabc79772d8960a0248c39f63073d8006

SHA256
115da280e67c7fc5f8b4d36fccba0e365d00b07822328c4787375ab3c933ef39

SHA512
63ee2002db60ae55dd657c8593ea3feada5c21e24d97ddd4dd45fa3c223477fbcac5e2523e288a84a0a2608d4991546c953997099c71d27a55b4957b65048e4d

Download Submit
memory/1480-1442-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2108-1304-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2108-4087-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2140-1128-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2140-4094-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2216-1307-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-789-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2216-906-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2216-825-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2216-864-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2216-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2216-696-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2216-955-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2216-4083-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-1410-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2216-1039-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2216-1264-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2216-1099-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2216-1129-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2216-1172-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2216-0-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-1230-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2600-1229-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2600-4093-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4104-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2648-1263-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2752-4141-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-786-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-1036-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2768-4089-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2772-4097-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2772-1168-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2804-951-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2804-4098-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2828-4139-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-862-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-4095-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2836-823-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4096-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2912-1094-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2972-4091-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2972-905-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/3048-4140-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-1409-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download