cobaltstrike | c065fc32adb6b3c1b10d2294b5bad1706a2afdd36b87bc0fcc3e5de614e3540e

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20-09-2024 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

28e6dd4b8e1c3f96579e2dddfdee9416
SHA1

123b5653300e6cf96e51382c8edc0d0f4da233dd
SHA256

c065fc32adb6b3c1b10d2294b5bad1706a2afdd36b87bc0fcc3e5de614e3540e
SHA512

6ab5034469ae9bac3b23c0de161ec220843f23a6e018cbd28de1bf5c607142ea6f4c67845bd15aa7c0ce5d4c33c8d6bd4567121e7d9a6c75d868377ee790e91c
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUB:T+q56utgpPF8u/7B

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000f000000012782-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cc4-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ce0-23.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ca5-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ce8-33.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cf0-46.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a8-50.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d1-55.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e6-66.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-74.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948d-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-104.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f0-83.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-163.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-147.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2412-0-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x000f000000012782-3.dat	xmrig
behavioral1/files/0x0009000000016cc4-8.dat	xmrig
behavioral1/memory/532-11-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2276-13-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cd7-10.dat	xmrig
behavioral1/memory/2140-22-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x0007000000016ce0-23.dat	xmrig
behavioral1/files/0x0009000000016ca5-27.dat	xmrig
behavioral1/files/0x0007000000016ce8-33.dat	xmrig
behavioral1/memory/2640-39-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2480-42-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2804-41-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/files/0x0009000000016cf0-46.dat	xmrig
behavioral1/memory/2696-49-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a8-50.dat	xmrig
behavioral1/memory/2412-53-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x00050000000193d1-55.dat	xmrig
behavioral1/memory/532-62-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2552-63-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193e6-66.dat	xmrig
behavioral1/memory/2276-65-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x000500000001945c-74.dat	xmrig
behavioral1/memory/2232-88-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c2-101.dat	xmrig
behavioral1/files/0x00050000000195c8-120.dat	xmrig
behavioral1/memory/2412-115-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ca-138.dat	xmrig
behavioral1/files/0x00050000000195c7-136.dat	xmrig
behavioral1/files/0x00050000000195c4-134.dat	xmrig
behavioral1/files/0x000500000001958b-132.dat	xmrig
behavioral1/files/0x00050000000195c6-126.dat	xmrig
behavioral1/files/0x000500000001948d-119.dat	xmrig
behavioral1/memory/2772-109-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2596-91-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194e2-104.dat	xmrig
behavioral1/memory/2140-86-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2640-85-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193f0-83.dat	xmrig
behavioral1/memory/2544-77-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195cc-140.dat	xmrig
behavioral1/files/0x00050000000195d0-151.dat	xmrig
behavioral1/files/0x0005000000019624-159.dat	xmrig
behavioral1/files/0x0005000000019bf0-180.dat	xmrig
behavioral1/memory/2544-560-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2412-535-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2772-1088-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf2-183.dat	xmrig
behavioral1/files/0x0005000000019bec-175.dat	xmrig
behavioral1/files/0x0005000000019931-171.dat	xmrig
behavioral1/files/0x00050000000196a0-167.dat	xmrig
behavioral1/files/0x0005000000019665-163.dat	xmrig
behavioral1/files/0x00050000000195e0-155.dat	xmrig
behavioral1/files/0x00050000000195ce-147.dat	xmrig
behavioral1/memory/2412-73-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2412-69-0x0000000002250000-0x00000000025A4000-memory.dmp	xmrig
behavioral1/memory/2700-64-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/532-4011-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2276-4012-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2140-4013-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2640-4014-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2804-4015-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2480-4016-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2696-4017-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
532	BVmRZot.exe
2276	qJBPtGc.exe
2140	pgCTuEw.exe
2480	sbDpscB.exe
2640	OucDPLp.exe
2804	NAcxblQ.exe
2696	ISruFGb.exe
2552	Lpwufqs.exe
2700	unMvROV.exe
2544	qiJGMMw.exe
2232	erHekgq.exe
2596	iTzdhHi.exe
2772	ulbMskV.exe
1640	EBbQgdZ.exe
2748	Hhhnbvp.exe
376	XzKtflY.exe
1176	CHSGqRK.exe
1916	JvbTdSj.exe
2836	CbxETGA.exe
1956	BVxJdNY.exe
2872	mulEKam.exe
2712	WyKjeVQ.exe
2896	rsRnlwW.exe
1948	qMzkkBE.exe
2124	ZwnIEzL.exe
1744	gsRvYse.exe
2980	kZHuYIk.exe
1096	sPHpRyM.exe
944	hxHObEg.exe
1072	ChcSKXE.exe
2508	XtVSTEH.exe
2016	VJzKWhq.exe
1324	jwGuTdG.exe
1632	HmQpWGT.exe
1076	qdxMISy.exe
1960	klMvWZo.exe
1732	ZRrDzrI.exe
2024	ScauGZB.exe
748	zttNzfJ.exe
2144	NnFdMin.exe
624	gdmoVHs.exe
2248	NosTJgh.exe
1540	iNohMKs.exe
1856	NuZEebv.exe
3024	veciyIL.exe
2992	aFumSJe.exe
2308	tbaQsFt.exe
1140	fdXTvrZ.exe
2452	CskDfXN.exe
1984	xMKRwLp.exe
1252	riqmVWt.exe
292	BgfjjTS.exe
3060	aCIkGRW.exe
2100	tvWSbEa.exe
984	dYsGVrd.exe
880	mVUaCPQ.exe
1668	LNHgFsp.exe
2468	XGnvYaY.exe
972	UDbMrif.exe
1584	ArSyjhf.exe
824	nunXPsQ.exe
1972	gyflGKF.exe
2288	NTcpwzv.exe
1516	tXzUOan.exe

Loads dropped DLL 64 IoCs

pid	Process
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2412-0-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x000f000000012782-3.dat	upx
behavioral1/files/0x0009000000016cc4-8.dat	upx
behavioral1/memory/532-11-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2276-13-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x0007000000016cd7-10.dat	upx
behavioral1/memory/2140-22-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x0007000000016ce0-23.dat	upx
behavioral1/files/0x0009000000016ca5-27.dat	upx
behavioral1/files/0x0007000000016ce8-33.dat	upx
behavioral1/memory/2640-39-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2480-42-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2804-41-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/files/0x0009000000016cf0-46.dat	upx
behavioral1/memory/2696-49-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x00050000000193a8-50.dat	upx
behavioral1/memory/2412-53-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x00050000000193d1-55.dat	upx
behavioral1/memory/532-62-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2552-63-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x00050000000193e6-66.dat	upx
behavioral1/memory/2276-65-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x000500000001945c-74.dat	upx
behavioral1/memory/2232-88-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x00050000000195c2-101.dat	upx
behavioral1/files/0x00050000000195c8-120.dat	upx
behavioral1/files/0x00050000000195ca-138.dat	upx
behavioral1/files/0x00050000000195c7-136.dat	upx
behavioral1/files/0x00050000000195c4-134.dat	upx
behavioral1/files/0x000500000001958b-132.dat	upx
behavioral1/files/0x00050000000195c6-126.dat	upx
behavioral1/files/0x000500000001948d-119.dat	upx
behavioral1/memory/2772-109-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2596-91-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x00050000000194e2-104.dat	upx
behavioral1/memory/2412-95-0x0000000002250000-0x00000000025A4000-memory.dmp	upx
behavioral1/memory/2140-86-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2640-85-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x00050000000193f0-83.dat	upx
behavioral1/memory/2544-77-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/files/0x00050000000195cc-140.dat	upx
behavioral1/files/0x00050000000195d0-151.dat	upx
behavioral1/files/0x0005000000019624-159.dat	upx
behavioral1/files/0x0005000000019bf0-180.dat	upx
behavioral1/memory/2544-560-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2772-1088-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x0005000000019bf2-183.dat	upx
behavioral1/files/0x0005000000019bec-175.dat	upx
behavioral1/files/0x0005000000019931-171.dat	upx
behavioral1/files/0x00050000000196a0-167.dat	upx
behavioral1/files/0x0005000000019665-163.dat	upx
behavioral1/files/0x00050000000195e0-155.dat	upx
behavioral1/files/0x00050000000195ce-147.dat	upx
behavioral1/memory/2412-69-0x0000000002250000-0x00000000025A4000-memory.dmp	upx
behavioral1/memory/2700-64-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/532-4011-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2276-4012-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2140-4013-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2640-4014-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2804-4015-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2480-4016-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2696-4017-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2552-4018-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2700-4019-0x000000013F330000-0x000000013F684000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tdeVISS.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lPZsVwQ.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bWBXJAB.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vNAACkb.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VJgBqHO.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DgaMKFA.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ceArnAF.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IuepwJn.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCqnXQl.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUxtocL.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\izjVAWs.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRmwZVq.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVEwQLA.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rGsDaPg.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JecgrqQ.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDgiJjQ.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbaWlmz.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGqsbYQ.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JyWQnpU.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wbyYYGw.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bRzzDNT.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JEMjAHW.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDcrtUl.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbNKAOP.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZQavOi.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FyJKgno.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBImvzD.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVLrNNS.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZmWrpyl.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvtHkag.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GwQAgwT.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OwmpFtu.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zFaAmyD.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfmiLif.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NSpXWjE.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ebKZmza.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZIMwjnT.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ibwmqoV.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChcSKXE.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NosTJgh.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xMKRwLp.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VAwFLeR.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aAgzuat.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CHSGqRK.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oiksonP.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stnFxDQ.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLQKWKv.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hhQgakV.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\duYsPHg.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFumSJe.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lyjbVtY.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yylRlAB.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GTYtMKn.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZzTVBEv.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HozjgBT.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vHsmCZl.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LgYimag.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xHncJvP.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZBTaomJ.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YQMnRer.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTfAQWR.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GXwGjye.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jvWBUhF.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rqRYitb.exe	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 532	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2412 wrote to memory of 532	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2412 wrote to memory of 532	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2412 wrote to memory of 2276	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2412 wrote to memory of 2276	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2412 wrote to memory of 2276	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2412 wrote to memory of 2140	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2412 wrote to memory of 2140	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2412 wrote to memory of 2140	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2412 wrote to memory of 2480	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2412 wrote to memory of 2480	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2412 wrote to memory of 2480	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2412 wrote to memory of 2640	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2412 wrote to memory of 2640	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2412 wrote to memory of 2640	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2412 wrote to memory of 2804	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2412 wrote to memory of 2804	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2412 wrote to memory of 2804	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2412 wrote to memory of 2696	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2412 wrote to memory of 2696	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2412 wrote to memory of 2696	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2412 wrote to memory of 2552	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2412 wrote to memory of 2552	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2412 wrote to memory of 2552	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2412 wrote to memory of 2700	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2412 wrote to memory of 2700	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2412 wrote to memory of 2700	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2412 wrote to memory of 2544	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2412 wrote to memory of 2544	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2412 wrote to memory of 2544	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2412 wrote to memory of 2596	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2412 wrote to memory of 2596	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2412 wrote to memory of 2596	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2412 wrote to memory of 2232	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2412 wrote to memory of 2232	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2412 wrote to memory of 2232	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2412 wrote to memory of 2748	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2412 wrote to memory of 2748	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2412 wrote to memory of 2748	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2412 wrote to memory of 2772	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2412 wrote to memory of 2772	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2412 wrote to memory of 2772	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2412 wrote to memory of 1916	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2412 wrote to memory of 1916	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2412 wrote to memory of 1916	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2412 wrote to memory of 1640	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2412 wrote to memory of 1640	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2412 wrote to memory of 1640	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2412 wrote to memory of 2836	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2412 wrote to memory of 2836	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2412 wrote to memory of 2836	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2412 wrote to memory of 376	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2412 wrote to memory of 376	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2412 wrote to memory of 376	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2412 wrote to memory of 1956	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2412 wrote to memory of 1956	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2412 wrote to memory of 1956	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2412 wrote to memory of 1176	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2412 wrote to memory of 1176	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2412 wrote to memory of 1176	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2412 wrote to memory of 2872	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2412 wrote to memory of 2872	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2412 wrote to memory of 2872	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2412 wrote to memory of 2712	2412	2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-20_28e6dd4b8e1c3f96579e2dddfdee9416_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Windows\System\BVmRZot.exe
  C:\Windows\System\BVmRZot.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\qJBPtGc.exe
  C:\Windows\System\qJBPtGc.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\pgCTuEw.exe
  C:\Windows\System\pgCTuEw.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\sbDpscB.exe
  C:\Windows\System\sbDpscB.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\OucDPLp.exe
  C:\Windows\System\OucDPLp.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\NAcxblQ.exe
  C:\Windows\System\NAcxblQ.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\ISruFGb.exe
  C:\Windows\System\ISruFGb.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\Lpwufqs.exe
  C:\Windows\System\Lpwufqs.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\unMvROV.exe
  C:\Windows\System\unMvROV.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\qiJGMMw.exe
  C:\Windows\System\qiJGMMw.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\iTzdhHi.exe
  C:\Windows\System\iTzdhHi.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\erHekgq.exe
  C:\Windows\System\erHekgq.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\Hhhnbvp.exe
  C:\Windows\System\Hhhnbvp.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\ulbMskV.exe
  C:\Windows\System\ulbMskV.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\JvbTdSj.exe
  C:\Windows\System\JvbTdSj.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\EBbQgdZ.exe
  C:\Windows\System\EBbQgdZ.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\CbxETGA.exe
  C:\Windows\System\CbxETGA.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\XzKtflY.exe
  C:\Windows\System\XzKtflY.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\BVxJdNY.exe
  C:\Windows\System\BVxJdNY.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\CHSGqRK.exe
  C:\Windows\System\CHSGqRK.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\mulEKam.exe
  C:\Windows\System\mulEKam.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\WyKjeVQ.exe
  C:\Windows\System\WyKjeVQ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\rsRnlwW.exe
  C:\Windows\System\rsRnlwW.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\qMzkkBE.exe
  C:\Windows\System\qMzkkBE.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\ZwnIEzL.exe
  C:\Windows\System\ZwnIEzL.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\gsRvYse.exe
  C:\Windows\System\gsRvYse.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\kZHuYIk.exe
  C:\Windows\System\kZHuYIk.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\sPHpRyM.exe
  C:\Windows\System\sPHpRyM.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\hxHObEg.exe
  C:\Windows\System\hxHObEg.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\ChcSKXE.exe
  C:\Windows\System\ChcSKXE.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\XtVSTEH.exe
  C:\Windows\System\XtVSTEH.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\VJzKWhq.exe
  C:\Windows\System\VJzKWhq.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\jwGuTdG.exe
  C:\Windows\System\jwGuTdG.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\HmQpWGT.exe
  C:\Windows\System\HmQpWGT.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\qdxMISy.exe
  C:\Windows\System\qdxMISy.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\klMvWZo.exe
  C:\Windows\System\klMvWZo.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\ZRrDzrI.exe
  C:\Windows\System\ZRrDzrI.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\ScauGZB.exe
  C:\Windows\System\ScauGZB.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\zttNzfJ.exe
  C:\Windows\System\zttNzfJ.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\NnFdMin.exe
  C:\Windows\System\NnFdMin.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\gdmoVHs.exe
  C:\Windows\System\gdmoVHs.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\NosTJgh.exe
  C:\Windows\System\NosTJgh.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\iNohMKs.exe
  C:\Windows\System\iNohMKs.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\NuZEebv.exe
  C:\Windows\System\NuZEebv.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\veciyIL.exe
  C:\Windows\System\veciyIL.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\aFumSJe.exe
  C:\Windows\System\aFumSJe.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\tbaQsFt.exe
  C:\Windows\System\tbaQsFt.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\fdXTvrZ.exe
  C:\Windows\System\fdXTvrZ.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\CskDfXN.exe
  C:\Windows\System\CskDfXN.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\xMKRwLp.exe
  C:\Windows\System\xMKRwLp.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\riqmVWt.exe
  C:\Windows\System\riqmVWt.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\BgfjjTS.exe
  C:\Windows\System\BgfjjTS.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\aCIkGRW.exe
  C:\Windows\System\aCIkGRW.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\tvWSbEa.exe
  C:\Windows\System\tvWSbEa.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\dYsGVrd.exe
  C:\Windows\System\dYsGVrd.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\mVUaCPQ.exe
  C:\Windows\System\mVUaCPQ.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\LNHgFsp.exe
  C:\Windows\System\LNHgFsp.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\XGnvYaY.exe
  C:\Windows\System\XGnvYaY.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\UDbMrif.exe
  C:\Windows\System\UDbMrif.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\ArSyjhf.exe
  C:\Windows\System\ArSyjhf.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\nunXPsQ.exe
  C:\Windows\System\nunXPsQ.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\gyflGKF.exe
  C:\Windows\System\gyflGKF.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\NTcpwzv.exe
  C:\Windows\System\NTcpwzv.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\tXzUOan.exe
  C:\Windows\System\tXzUOan.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\vTOAxiw.exe
  C:\Windows\System\vTOAxiw.exe
  2⤵
  PID:2316
- C:\Windows\System\rMKchrz.exe
  C:\Windows\System\rMKchrz.exe
  2⤵
  PID:2180
- C:\Windows\System\eeLERWJ.exe
  C:\Windows\System\eeLERWJ.exe
  2⤵
  PID:2864
- C:\Windows\System\oDgiJjQ.exe
  C:\Windows\System\oDgiJjQ.exe
  2⤵
  PID:2636
- C:\Windows\System\rfDwgHK.exe
  C:\Windows\System\rfDwgHK.exe
  2⤵
  PID:2664
- C:\Windows\System\RTCoidd.exe
  C:\Windows\System\RTCoidd.exe
  2⤵
  PID:2840
- C:\Windows\System\bLjjlDT.exe
  C:\Windows\System\bLjjlDT.exe
  2⤵
  PID:2556
- C:\Windows\System\lzyYadw.exe
  C:\Windows\System\lzyYadw.exe
  2⤵
  PID:2856
- C:\Windows\System\QJSArmL.exe
  C:\Windows\System\QJSArmL.exe
  2⤵
  PID:2560
- C:\Windows\System\tbaWlmz.exe
  C:\Windows\System\tbaWlmz.exe
  2⤵
  PID:2096
- C:\Windows\System\QrCxxyv.exe
  C:\Windows\System\QrCxxyv.exe
  2⤵
  PID:2780
- C:\Windows\System\poxmzmJ.exe
  C:\Windows\System\poxmzmJ.exe
  2⤵
  PID:1392
- C:\Windows\System\IMOHMbi.exe
  C:\Windows\System\IMOHMbi.exe
  2⤵
  PID:1336
- C:\Windows\System\MbeTBsd.exe
  C:\Windows\System\MbeTBsd.exe
  2⤵
  PID:1940
- C:\Windows\System\kZnQtjY.exe
  C:\Windows\System\kZnQtjY.exe
  2⤵
  PID:2768
- C:\Windows\System\ygWNqne.exe
  C:\Windows\System\ygWNqne.exe
  2⤵
  PID:2028
- C:\Windows\System\yrtywqi.exe
  C:\Windows\System\yrtywqi.exe
  2⤵
  PID:2940
- C:\Windows\System\JEuBixd.exe
  C:\Windows\System\JEuBixd.exe
  2⤵
  PID:2204
- C:\Windows\System\YajnBaF.exe
  C:\Windows\System\YajnBaF.exe
  2⤵
  PID:2736
- C:\Windows\System\bCNruHS.exe
  C:\Windows\System\bCNruHS.exe
  2⤵
  PID:2620
- C:\Windows\System\CPyzxmf.exe
  C:\Windows\System\CPyzxmf.exe
  2⤵
  PID:2076
- C:\Windows\System\UywkiCd.exe
  C:\Windows\System\UywkiCd.exe
  2⤵
  PID:2948
- C:\Windows\System\BIfILEm.exe
  C:\Windows\System\BIfILEm.exe
  2⤵
  PID:1428
- C:\Windows\System\dzIiuCY.exe
  C:\Windows\System\dzIiuCY.exe
  2⤵
  PID:2960
- C:\Windows\System\qVmIsFd.exe
  C:\Windows\System\qVmIsFd.exe
  2⤵
  PID:688
- C:\Windows\System\xbKjedI.exe
  C:\Windows\System\xbKjedI.exe
  2⤵
  PID:2164
- C:\Windows\System\EwWulqT.exe
  C:\Windows\System\EwWulqT.exe
  2⤵
  PID:1720
- C:\Windows\System\CRexlmm.exe
  C:\Windows\System\CRexlmm.exe
  2⤵
  PID:684
- C:\Windows\System\jtfITiW.exe
  C:\Windows\System\jtfITiW.exe
  2⤵
  PID:1672
- C:\Windows\System\DdhBptM.exe
  C:\Windows\System\DdhBptM.exe
  2⤵
  PID:1780
- C:\Windows\System\tVqJpTA.exe
  C:\Windows\System\tVqJpTA.exe
  2⤵
  PID:1564
- C:\Windows\System\HAUMjUc.exe
  C:\Windows\System\HAUMjUc.exe
  2⤵
  PID:316
- C:\Windows\System\gHBnfQs.exe
  C:\Windows\System\gHBnfQs.exe
  2⤵
  PID:2432
- C:\Windows\System\fvuCDiv.exe
  C:\Windows\System\fvuCDiv.exe
  2⤵
  PID:3036
- C:\Windows\System\ZfKtcuI.exe
  C:\Windows\System\ZfKtcuI.exe
  2⤵
  PID:1740
- C:\Windows\System\bRzzDNT.exe
  C:\Windows\System\bRzzDNT.exe
  2⤵
  PID:2240
- C:\Windows\System\PUoCXbE.exe
  C:\Windows\System\PUoCXbE.exe
  2⤵
  PID:1040
- C:\Windows\System\QLHbhxj.exe
  C:\Windows\System\QLHbhxj.exe
  2⤵
  PID:1700
- C:\Windows\System\zpXHlgn.exe
  C:\Windows\System\zpXHlgn.exe
  2⤵
  PID:1724
- C:\Windows\System\jeDTwvv.exe
  C:\Windows\System\jeDTwvv.exe
  2⤵
  PID:1920
- C:\Windows\System\yGlZZmU.exe
  C:\Windows\System\yGlZZmU.exe
  2⤵
  PID:1736
- C:\Windows\System\ZEPIdOr.exe
  C:\Windows\System\ZEPIdOr.exe
  2⤵
  PID:836
- C:\Windows\System\WtWXDFk.exe
  C:\Windows\System\WtWXDFk.exe
  2⤵
  PID:1304
- C:\Windows\System\ZpsNWsP.exe
  C:\Windows\System\ZpsNWsP.exe
  2⤵
  PID:2824
- C:\Windows\System\QeleonN.exe
  C:\Windows\System\QeleonN.exe
  2⤵
  PID:2704
- C:\Windows\System\YxmvwEE.exe
  C:\Windows\System\YxmvwEE.exe
  2⤵
  PID:2196
- C:\Windows\System\PGmwofL.exe
  C:\Windows\System\PGmwofL.exe
  2⤵
  PID:1528
- C:\Windows\System\OgQlcNB.exe
  C:\Windows\System\OgQlcNB.exe
  2⤵
  PID:2592
- C:\Windows\System\OtAvHnD.exe
  C:\Windows\System\OtAvHnD.exe
  2⤵
  PID:2272
- C:\Windows\System\ebmJghX.exe
  C:\Windows\System\ebmJghX.exe
  2⤵
  PID:2032
- C:\Windows\System\eoQrGmT.exe
  C:\Windows\System\eoQrGmT.exe
  2⤵
  PID:2740
- C:\Windows\System\svFLbyL.exe
  C:\Windows\System\svFLbyL.exe
  2⤵
  PID:660
- C:\Windows\System\cmTpUaj.exe
  C:\Windows\System\cmTpUaj.exe
  2⤵
  PID:1300
- C:\Windows\System\tXcKfvT.exe
  C:\Windows\System\tXcKfvT.exe
  2⤵
  PID:380
- C:\Windows\System\cZHUNOP.exe
  C:\Windows\System\cZHUNOP.exe
  2⤵
  PID:1008
- C:\Windows\System\dqCMhSZ.exe
  C:\Windows\System\dqCMhSZ.exe
  2⤵
  PID:1728
- C:\Windows\System\VAwFLeR.exe
  C:\Windows\System\VAwFLeR.exe
  2⤵
  PID:1752
- C:\Windows\System\WRmgEXJ.exe
  C:\Windows\System\WRmgEXJ.exe
  2⤵
  PID:2220
- C:\Windows\System\JegSOAZ.exe
  C:\Windows\System\JegSOAZ.exe
  2⤵
  PID:1964
- C:\Windows\System\vcuuBVk.exe
  C:\Windows\System\vcuuBVk.exe
  2⤵
  PID:2420
- C:\Windows\System\dDXiUwv.exe
  C:\Windows\System\dDXiUwv.exe
  2⤵
  PID:1028
- C:\Windows\System\xzZxeIX.exe
  C:\Windows\System\xzZxeIX.exe
  2⤵
  PID:1704
- C:\Windows\System\ijszNzf.exe
  C:\Windows\System\ijszNzf.exe
  2⤵
  PID:2624
- C:\Windows\System\NpSUNuA.exe
  C:\Windows\System\NpSUNuA.exe
  2⤵
  PID:2324
- C:\Windows\System\zTsMdjz.exe
  C:\Windows\System\zTsMdjz.exe
  2⤵
  PID:2188
- C:\Windows\System\fWwZvtc.exe
  C:\Windows\System\fWwZvtc.exe
  2⤵
  PID:3012
- C:\Windows\System\FGkwtHE.exe
  C:\Windows\System\FGkwtHE.exe
  2⤵
  PID:2524
- C:\Windows\System\afCtxIY.exe
  C:\Windows\System\afCtxIY.exe
  2⤵
  PID:1684
- C:\Windows\System\iGeNCPa.exe
  C:\Windows\System\iGeNCPa.exe
  2⤵
  PID:1768
- C:\Windows\System\xHncJvP.exe
  C:\Windows\System\xHncJvP.exe
  2⤵
  PID:2820
- C:\Windows\System\jlhmoDc.exe
  C:\Windows\System\jlhmoDc.exe
  2⤵
  PID:2080
- C:\Windows\System\brJWjox.exe
  C:\Windows\System\brJWjox.exe
  2⤵
  PID:1596
- C:\Windows\System\uQKWMUd.exe
  C:\Windows\System\uQKWMUd.exe
  2⤵
  PID:1864
- C:\Windows\System\jbDNwIV.exe
  C:\Windows\System\jbDNwIV.exe
  2⤵
  PID:1680
- C:\Windows\System\WGyBaVu.exe
  C:\Windows\System\WGyBaVu.exe
  2⤵
  PID:1508
- C:\Windows\System\FthcJGr.exe
  C:\Windows\System\FthcJGr.exe
  2⤵
  PID:2320
- C:\Windows\System\EdvvOno.exe
  C:\Windows\System\EdvvOno.exe
  2⤵
  PID:2304
- C:\Windows\System\yhfRVuR.exe
  C:\Windows\System\yhfRVuR.exe
  2⤵
  PID:2104
- C:\Windows\System\GBizlCW.exe
  C:\Windows\System\GBizlCW.exe
  2⤵
  PID:2716
- C:\Windows\System\vJBFiuG.exe
  C:\Windows\System\vJBFiuG.exe
  2⤵
  PID:1432
- C:\Windows\System\UwQIsQI.exe
  C:\Windows\System\UwQIsQI.exe
  2⤵
  PID:1892
- C:\Windows\System\aAXhHlU.exe
  C:\Windows\System\aAXhHlU.exe
  2⤵
  PID:3004
- C:\Windows\System\GNFoyQL.exe
  C:\Windows\System\GNFoyQL.exe
  2⤵
  PID:2216
- C:\Windows\System\ReaaJEz.exe
  C:\Windows\System\ReaaJEz.exe
  2⤵
  PID:1084
- C:\Windows\System\SPsKpcI.exe
  C:\Windows\System\SPsKpcI.exe
  2⤵
  PID:2148
- C:\Windows\System\mvNDtGW.exe
  C:\Windows\System\mvNDtGW.exe
  2⤵
  PID:1644
- C:\Windows\System\JwfaIaP.exe
  C:\Windows\System\JwfaIaP.exe
  2⤵
  PID:2264
- C:\Windows\System\gNOnSIP.exe
  C:\Windows\System\gNOnSIP.exe
  2⤵
  PID:1848
- C:\Windows\System\siIiQqT.exe
  C:\Windows\System\siIiQqT.exe
  2⤵
  PID:1636
- C:\Windows\System\ZBTaomJ.exe
  C:\Windows\System\ZBTaomJ.exe
  2⤵
  PID:888
- C:\Windows\System\rNiqWoh.exe
  C:\Windows\System\rNiqWoh.exe
  2⤵
  PID:3084
- C:\Windows\System\CJHqZdF.exe
  C:\Windows\System\CJHqZdF.exe
  2⤵
  PID:3100
- C:\Windows\System\poTbcNL.exe
  C:\Windows\System\poTbcNL.exe
  2⤵
  PID:3116
- C:\Windows\System\ABQCaXU.exe
  C:\Windows\System\ABQCaXU.exe
  2⤵
  PID:3132
- C:\Windows\System\kCBLNst.exe
  C:\Windows\System\kCBLNst.exe
  2⤵
  PID:3148
- C:\Windows\System\BSpeIAU.exe
  C:\Windows\System\BSpeIAU.exe
  2⤵
  PID:3164
- C:\Windows\System\nzHiaaH.exe
  C:\Windows\System\nzHiaaH.exe
  2⤵
  PID:3188
- C:\Windows\System\DOsOZme.exe
  C:\Windows\System\DOsOZme.exe
  2⤵
  PID:3292
- C:\Windows\System\pZzNZmQ.exe
  C:\Windows\System\pZzNZmQ.exe
  2⤵
  PID:3312
- C:\Windows\System\vNAACkb.exe
  C:\Windows\System\vNAACkb.exe
  2⤵
  PID:3328
- C:\Windows\System\BrusTUD.exe
  C:\Windows\System\BrusTUD.exe
  2⤵
  PID:3364
- C:\Windows\System\zXmyThp.exe
  C:\Windows\System\zXmyThp.exe
  2⤵
  PID:3392
- C:\Windows\System\XhGXiDO.exe
  C:\Windows\System\XhGXiDO.exe
  2⤵
  PID:3564
- C:\Windows\System\NXOFWtZ.exe
  C:\Windows\System\NXOFWtZ.exe
  2⤵
  PID:3608
- C:\Windows\System\lTvFUHk.exe
  C:\Windows\System\lTvFUHk.exe
  2⤵
  PID:3628
- C:\Windows\System\lLSxSkY.exe
  C:\Windows\System\lLSxSkY.exe
  2⤵
  PID:3644
- C:\Windows\System\MjHRSJL.exe
  C:\Windows\System\MjHRSJL.exe
  2⤵
  PID:3660
- C:\Windows\System\ZUJLKoY.exe
  C:\Windows\System\ZUJLKoY.exe
  2⤵
  PID:3676
- C:\Windows\System\gUSOSFY.exe
  C:\Windows\System\gUSOSFY.exe
  2⤵
  PID:3692
- C:\Windows\System\rZppCCC.exe
  C:\Windows\System\rZppCCC.exe
  2⤵
  PID:3708
- C:\Windows\System\rOTmnUF.exe
  C:\Windows\System\rOTmnUF.exe
  2⤵
  PID:3724
- C:\Windows\System\VsyfesM.exe
  C:\Windows\System\VsyfesM.exe
  2⤵
  PID:3740
- C:\Windows\System\OqxVjfJ.exe
  C:\Windows\System\OqxVjfJ.exe
  2⤵
  PID:3756
- C:\Windows\System\KUTJlcT.exe
  C:\Windows\System\KUTJlcT.exe
  2⤵
  PID:3772
- C:\Windows\System\IhmAcGa.exe
  C:\Windows\System\IhmAcGa.exe
  2⤵
  PID:3788
- C:\Windows\System\RvJdhpT.exe
  C:\Windows\System\RvJdhpT.exe
  2⤵
  PID:3804
- C:\Windows\System\VyrJHEW.exe
  C:\Windows\System\VyrJHEW.exe
  2⤵
  PID:3824
- C:\Windows\System\PcIfKbk.exe
  C:\Windows\System\PcIfKbk.exe
  2⤵
  PID:3840
- C:\Windows\System\EwAPooW.exe
  C:\Windows\System\EwAPooW.exe
  2⤵
  PID:3856
- C:\Windows\System\rtvxWiB.exe
  C:\Windows\System\rtvxWiB.exe
  2⤵
  PID:3872
- C:\Windows\System\HnisfOF.exe
  C:\Windows\System\HnisfOF.exe
  2⤵
  PID:3888
- C:\Windows\System\LCRMeYI.exe
  C:\Windows\System\LCRMeYI.exe
  2⤵
  PID:3904
- C:\Windows\System\SDiISTi.exe
  C:\Windows\System\SDiISTi.exe
  2⤵
  PID:3920
- C:\Windows\System\bSNVmXw.exe
  C:\Windows\System\bSNVmXw.exe
  2⤵
  PID:3936
- C:\Windows\System\mvHIRZk.exe
  C:\Windows\System\mvHIRZk.exe
  2⤵
  PID:3952
- C:\Windows\System\IWlPxNC.exe
  C:\Windows\System\IWlPxNC.exe
  2⤵
  PID:3968
- C:\Windows\System\cQuMVyk.exe
  C:\Windows\System\cQuMVyk.exe
  2⤵
  PID:3984
- C:\Windows\System\bzdwdWz.exe
  C:\Windows\System\bzdwdWz.exe
  2⤵
  PID:4000
- C:\Windows\System\UDouvOR.exe
  C:\Windows\System\UDouvOR.exe
  2⤵
  PID:4016
- C:\Windows\System\qfNqVQg.exe
  C:\Windows\System\qfNqVQg.exe
  2⤵
  PID:4032
- C:\Windows\System\AEhbLuJ.exe
  C:\Windows\System\AEhbLuJ.exe
  2⤵
  PID:4048
- C:\Windows\System\tMydUYE.exe
  C:\Windows\System\tMydUYE.exe
  2⤵
  PID:4064
- C:\Windows\System\hcmFaEz.exe
  C:\Windows\System\hcmFaEz.exe
  2⤵
  PID:4080
- C:\Windows\System\nPNKOTZ.exe
  C:\Windows\System\nPNKOTZ.exe
  2⤵
  PID:396
- C:\Windows\System\UcSPnSk.exe
  C:\Windows\System\UcSPnSk.exe
  2⤵
  PID:2680
- C:\Windows\System\UWDEdEo.exe
  C:\Windows\System\UWDEdEo.exe
  2⤵
  PID:3280
- C:\Windows\System\SrMGZVj.exe
  C:\Windows\System\SrMGZVj.exe
  2⤵
  PID:3668
- C:\Windows\System\wtgDICl.exe
  C:\Windows\System\wtgDICl.exe
  2⤵
  PID:3736
- C:\Windows\System\KoGBolL.exe
  C:\Windows\System\KoGBolL.exe
  2⤵
  PID:3640
- C:\Windows\System\SjLbdNO.exe
  C:\Windows\System\SjLbdNO.exe
  2⤵
  PID:3652
- C:\Windows\System\MBoOxdd.exe
  C:\Windows\System\MBoOxdd.exe
  2⤵
  PID:3716
- C:\Windows\System\ezfwfHZ.exe
  C:\Windows\System\ezfwfHZ.exe
  2⤵
  PID:3812
- C:\Windows\System\MZeoYVU.exe
  C:\Windows\System\MZeoYVU.exe
  2⤵
  PID:3884
- C:\Windows\System\MFZwudn.exe
  C:\Windows\System\MFZwudn.exe
  2⤵
  PID:3976
- C:\Windows\System\bhIBjRe.exe
  C:\Windows\System\bhIBjRe.exe
  2⤵
  PID:4044
- C:\Windows\System\ZWvMcKl.exe
  C:\Windows\System\ZWvMcKl.exe
  2⤵
  PID:3864
- C:\Windows\System\wXfoxvI.exe
  C:\Windows\System\wXfoxvI.exe
  2⤵
  PID:3928
- C:\Windows\System\YWJjXYE.exe
  C:\Windows\System\YWJjXYE.exe
  2⤵
  PID:1760
- C:\Windows\System\ZipELua.exe
  C:\Windows\System\ZipELua.exe
  2⤵
  PID:3996
- C:\Windows\System\uoArYEy.exe
  C:\Windows\System\uoArYEy.exe
  2⤵
  PID:3108
- C:\Windows\System\NhVSRoj.exe
  C:\Windows\System\NhVSRoj.exe
  2⤵
  PID:3144
- C:\Windows\System\lKnAgGY.exe
  C:\Windows\System\lKnAgGY.exe
  2⤵
  PID:3300
- C:\Windows\System\DfMmaCJ.exe
  C:\Windows\System\DfMmaCJ.exe
  2⤵
  PID:3308
- C:\Windows\System\oiksonP.exe
  C:\Windows\System\oiksonP.exe
  2⤵
  PID:3352
- C:\Windows\System\hZxJJrV.exe
  C:\Windows\System\hZxJJrV.exe
  2⤵
  PID:3204
- C:\Windows\System\KFXNkrL.exe
  C:\Windows\System\KFXNkrL.exe
  2⤵
  PID:3216
- C:\Windows\System\xhnNnod.exe
  C:\Windows\System\xhnNnod.exe
  2⤵
  PID:3228
- C:\Windows\System\POVAHmk.exe
  C:\Windows\System\POVAHmk.exe
  2⤵
  PID:3248
- C:\Windows\System\FviiBIZ.exe
  C:\Windows\System\FviiBIZ.exe
  2⤵
  PID:3264
- C:\Windows\System\ZjSHLAe.exe
  C:\Windows\System\ZjSHLAe.exe
  2⤵
  PID:3372
- C:\Windows\System\KvGPgym.exe
  C:\Windows\System\KvGPgym.exe
  2⤵
  PID:3376
- C:\Windows\System\lgBjfzK.exe
  C:\Windows\System\lgBjfzK.exe
  2⤵
  PID:3404
- C:\Windows\System\zoIwnLO.exe
  C:\Windows\System\zoIwnLO.exe
  2⤵
  PID:3416
- C:\Windows\System\kDYzNxz.exe
  C:\Windows\System\kDYzNxz.exe
  2⤵
  PID:3440
- C:\Windows\System\dcTbJNc.exe
  C:\Windows\System\dcTbJNc.exe
  2⤵
  PID:3456
- C:\Windows\System\YQMnRer.exe
  C:\Windows\System\YQMnRer.exe
  2⤵
  PID:3472
- C:\Windows\System\FWoUylU.exe
  C:\Windows\System\FWoUylU.exe
  2⤵
  PID:3492
- C:\Windows\System\JEMjAHW.exe
  C:\Windows\System\JEMjAHW.exe
  2⤵
  PID:3512
- C:\Windows\System\tVSxmjU.exe
  C:\Windows\System\tVSxmjU.exe
  2⤵
  PID:3576
- C:\Windows\System\ndNdcjH.exe
  C:\Windows\System\ndNdcjH.exe
  2⤵
  PID:3604
- C:\Windows\System\OohCPNL.exe
  C:\Windows\System\OohCPNL.exe
  2⤵
  PID:3732
- C:\Windows\System\TJoYomc.exe
  C:\Windows\System\TJoYomc.exe
  2⤵
  PID:3620
- C:\Windows\System\nujUOdi.exe
  C:\Windows\System\nujUOdi.exe
  2⤵
  PID:3784
- C:\Windows\System\HqyVOuE.exe
  C:\Windows\System\HqyVOuE.exe
  2⤵
  PID:3880
- C:\Windows\System\oajRqkz.exe
  C:\Windows\System\oajRqkz.exe
  2⤵
  PID:3916
- C:\Windows\System\bUvZyAw.exe
  C:\Windows\System\bUvZyAw.exe
  2⤵
  PID:4040
- C:\Windows\System\YrJMRlz.exe
  C:\Windows\System\YrJMRlz.exe
  2⤵
  PID:3964
- C:\Windows\System\ePEYLLZ.exe
  C:\Windows\System\ePEYLLZ.exe
  2⤵
  PID:4088
- C:\Windows\System\BEAMrjg.exe
  C:\Windows\System\BEAMrjg.exe
  2⤵
  PID:3992
- C:\Windows\System\mnzEKZY.exe
  C:\Windows\System\mnzEKZY.exe
  2⤵
  PID:4024
- C:\Windows\System\ZHeCniD.exe
  C:\Windows\System\ZHeCniD.exe
  2⤵
  PID:3160
- C:\Windows\System\xWWngfR.exe
  C:\Windows\System\xWWngfR.exe
  2⤵
  PID:3224
- C:\Windows\System\drzkulE.exe
  C:\Windows\System\drzkulE.exe
  2⤵
  PID:2604
- C:\Windows\System\wbhNgrP.exe
  C:\Windows\System\wbhNgrP.exe
  2⤵
  PID:3272
- C:\Windows\System\zjncLBC.exe
  C:\Windows\System\zjncLBC.exe
  2⤵
  PID:3420
- C:\Windows\System\rOcFQeu.exe
  C:\Windows\System\rOcFQeu.exe
  2⤵
  PID:3236
- C:\Windows\System\BSElfmF.exe
  C:\Windows\System\BSElfmF.exe
  2⤵
  PID:3336
- C:\Windows\System\IEhomIJ.exe
  C:\Windows\System\IEhomIJ.exe
  2⤵
  PID:3452
- C:\Windows\System\mSzCEXE.exe
  C:\Windows\System\mSzCEXE.exe
  2⤵
  PID:3496
- C:\Windows\System\rNvCfQs.exe
  C:\Windows\System\rNvCfQs.exe
  2⤵
  PID:3532
- C:\Windows\System\bFyFsjN.exe
  C:\Windows\System\bFyFsjN.exe
  2⤵
  PID:3548
- C:\Windows\System\tHsXrzo.exe
  C:\Windows\System\tHsXrzo.exe
  2⤵
  PID:3560
- C:\Windows\System\GEjSRUM.exe
  C:\Windows\System\GEjSRUM.exe
  2⤵
  PID:3588
- C:\Windows\System\wGHOknt.exe
  C:\Windows\System\wGHOknt.exe
  2⤵
  PID:2580
- C:\Windows\System\ORGndNo.exe
  C:\Windows\System\ORGndNo.exe
  2⤵
  PID:2540
- C:\Windows\System\NSpXWjE.exe
  C:\Windows\System\NSpXWjE.exe
  2⤵
  PID:3180
- C:\Windows\System\DYZtyqH.exe
  C:\Windows\System\DYZtyqH.exe
  2⤵
  PID:3200
- C:\Windows\System\yISaLir.exe
  C:\Windows\System\yISaLir.exe
  2⤵
  PID:3484
- C:\Windows\System\vXVdFjZ.exe
  C:\Windows\System\vXVdFjZ.exe
  2⤵
  PID:1708
- C:\Windows\System\IEWSMZq.exe
  C:\Windows\System\IEWSMZq.exe
  2⤵
  PID:1820
- C:\Windows\System\fDcrtUl.exe
  C:\Windows\System\fDcrtUl.exe
  2⤵
  PID:3468
- C:\Windows\System\EWteopn.exe
  C:\Windows\System\EWteopn.exe
  2⤵
  PID:3556
- C:\Windows\System\tIhUXpi.exe
  C:\Windows\System\tIhUXpi.exe
  2⤵
  PID:3400
- C:\Windows\System\stnFxDQ.exe
  C:\Windows\System\stnFxDQ.exe
  2⤵
  PID:3268
- C:\Windows\System\rvRphvA.exe
  C:\Windows\System\rvRphvA.exe
  2⤵
  PID:3140
- C:\Windows\System\rHFAdjK.exe
  C:\Windows\System\rHFAdjK.exe
  2⤵
  PID:3124
- C:\Windows\System\TFRaZFu.exe
  C:\Windows\System\TFRaZFu.exe
  2⤵
  PID:3832
- C:\Windows\System\IAwQYND.exe
  C:\Windows\System\IAwQYND.exe
  2⤵
  PID:3412
- C:\Windows\System\ErvDiAY.exe
  C:\Windows\System\ErvDiAY.exe
  2⤵
  PID:3616
- C:\Windows\System\ALMfLbM.exe
  C:\Windows\System\ALMfLbM.exe
  2⤵
  PID:3480
- C:\Windows\System\QsJEJKb.exe
  C:\Windows\System\QsJEJKb.exe
  2⤵
  PID:4092
- C:\Windows\System\oniNwil.exe
  C:\Windows\System\oniNwil.exe
  2⤵
  PID:3600
- C:\Windows\System\uDyulBS.exe
  C:\Windows\System\uDyulBS.exe
  2⤵
  PID:2760
- C:\Windows\System\kCSxFZU.exe
  C:\Windows\System\kCSxFZU.exe
  2⤵
  PID:3752
- C:\Windows\System\faCUggc.exe
  C:\Windows\System\faCUggc.exe
  2⤵
  PID:3524
- C:\Windows\System\elVAGdf.exe
  C:\Windows\System\elVAGdf.exe
  2⤵
  PID:3488
- C:\Windows\System\XppjbsH.exe
  C:\Windows\System\XppjbsH.exe
  2⤵
  PID:3584
- C:\Windows\System\OOJeJuk.exe
  C:\Windows\System\OOJeJuk.exe
  2⤵
  PID:3128
- C:\Windows\System\qYpIsLm.exe
  C:\Windows\System\qYpIsLm.exe
  2⤵
  PID:4056
- C:\Windows\System\YJAKxvq.exe
  C:\Windows\System\YJAKxvq.exe
  2⤵
  PID:2132
- C:\Windows\System\EtDWOBF.exe
  C:\Windows\System\EtDWOBF.exe
  2⤵
  PID:3196
- C:\Windows\System\vfQoSBs.exe
  C:\Windows\System\vfQoSBs.exe
  2⤵
  PID:3356
- C:\Windows\System\OcuSfbC.exe
  C:\Windows\System\OcuSfbC.exe
  2⤵
  PID:3820
- C:\Windows\System\wyMwoaC.exe
  C:\Windows\System\wyMwoaC.exe
  2⤵
  PID:4104
- C:\Windows\System\iUHWJmJ.exe
  C:\Windows\System\iUHWJmJ.exe
  2⤵
  PID:4132
- C:\Windows\System\LdneDBh.exe
  C:\Windows\System\LdneDBh.exe
  2⤵
  PID:4156
- C:\Windows\System\EfdfCUT.exe
  C:\Windows\System\EfdfCUT.exe
  2⤵
  PID:4172
- C:\Windows\System\XNGQzlX.exe
  C:\Windows\System\XNGQzlX.exe
  2⤵
  PID:4192
- C:\Windows\System\pAQhIba.exe
  C:\Windows\System\pAQhIba.exe
  2⤵
  PID:4232
- C:\Windows\System\xhgCdrF.exe
  C:\Windows\System\xhgCdrF.exe
  2⤵
  PID:4248
- C:\Windows\System\UMIvmdX.exe
  C:\Windows\System\UMIvmdX.exe
  2⤵
  PID:4264
- C:\Windows\System\wTfAQWR.exe
  C:\Windows\System\wTfAQWR.exe
  2⤵
  PID:4280
- C:\Windows\System\nnPgAGJ.exe
  C:\Windows\System\nnPgAGJ.exe
  2⤵
  PID:4300
- C:\Windows\System\ZpkFMKF.exe
  C:\Windows\System\ZpkFMKF.exe
  2⤵
  PID:4316
- C:\Windows\System\vsDrFRt.exe
  C:\Windows\System\vsDrFRt.exe
  2⤵
  PID:4332
- C:\Windows\System\SBtqBrJ.exe
  C:\Windows\System\SBtqBrJ.exe
  2⤵
  PID:4348
- C:\Windows\System\GpJbOFW.exe
  C:\Windows\System\GpJbOFW.exe
  2⤵
  PID:4364
- C:\Windows\System\MwEGtVK.exe
  C:\Windows\System\MwEGtVK.exe
  2⤵
  PID:4384
- C:\Windows\System\efxKril.exe
  C:\Windows\System\efxKril.exe
  2⤵
  PID:4412
- C:\Windows\System\NSMGKgb.exe
  C:\Windows\System\NSMGKgb.exe
  2⤵
  PID:4432
- C:\Windows\System\DxTpfSh.exe
  C:\Windows\System\DxTpfSh.exe
  2⤵
  PID:4452
- C:\Windows\System\ctJqTHZ.exe
  C:\Windows\System\ctJqTHZ.exe
  2⤵
  PID:4472
- C:\Windows\System\prKIjpo.exe
  C:\Windows\System\prKIjpo.exe
  2⤵
  PID:4488
- C:\Windows\System\xonNDNt.exe
  C:\Windows\System\xonNDNt.exe
  2⤵
  PID:4504
- C:\Windows\System\xcuFEVn.exe
  C:\Windows\System\xcuFEVn.exe
  2⤵
  PID:4520
- C:\Windows\System\dVnHhxu.exe
  C:\Windows\System\dVnHhxu.exe
  2⤵
  PID:4536
- C:\Windows\System\vDtyHEf.exe
  C:\Windows\System\vDtyHEf.exe
  2⤵
  PID:4552
- C:\Windows\System\sYbamAI.exe
  C:\Windows\System\sYbamAI.exe
  2⤵
  PID:4592
- C:\Windows\System\rTiWyKG.exe
  C:\Windows\System\rTiWyKG.exe
  2⤵
  PID:4616
- C:\Windows\System\bBrNoNt.exe
  C:\Windows\System\bBrNoNt.exe
  2⤵
  PID:4632
- C:\Windows\System\gISuhyy.exe
  C:\Windows\System\gISuhyy.exe
  2⤵
  PID:4648
- C:\Windows\System\afwepoy.exe
  C:\Windows\System\afwepoy.exe
  2⤵
  PID:4664
- C:\Windows\System\FDYjgFl.exe
  C:\Windows\System\FDYjgFl.exe
  2⤵
  PID:4680
- C:\Windows\System\EFwLFNy.exe
  C:\Windows\System\EFwLFNy.exe
  2⤵
  PID:4708
- C:\Windows\System\zswFSzS.exe
  C:\Windows\System\zswFSzS.exe
  2⤵
  PID:4736
- C:\Windows\System\uFImOkP.exe
  C:\Windows\System\uFImOkP.exe
  2⤵
  PID:4756
- C:\Windows\System\lBbDxMk.exe
  C:\Windows\System\lBbDxMk.exe
  2⤵
  PID:4772
- C:\Windows\System\Nkxltrp.exe
  C:\Windows\System\Nkxltrp.exe
  2⤵
  PID:4800
- C:\Windows\System\eVLCNtK.exe
  C:\Windows\System\eVLCNtK.exe
  2⤵
  PID:4816
- C:\Windows\System\CwyWsAo.exe
  C:\Windows\System\CwyWsAo.exe
  2⤵
  PID:4832
- C:\Windows\System\JvBVDYx.exe
  C:\Windows\System\JvBVDYx.exe
  2⤵
  PID:4848
- C:\Windows\System\yGdLHwp.exe
  C:\Windows\System\yGdLHwp.exe
  2⤵
  PID:4864
- C:\Windows\System\ebKZmza.exe
  C:\Windows\System\ebKZmza.exe
  2⤵
  PID:4880
- C:\Windows\System\vQRnIau.exe
  C:\Windows\System\vQRnIau.exe
  2⤵
  PID:4896
- C:\Windows\System\BgHPkOf.exe
  C:\Windows\System\BgHPkOf.exe
  2⤵
  PID:4968
- C:\Windows\System\nVqwuRH.exe
  C:\Windows\System\nVqwuRH.exe
  2⤵
  PID:4988
- C:\Windows\System\YTtmYWw.exe
  C:\Windows\System\YTtmYWw.exe
  2⤵
  PID:5012
- C:\Windows\System\gZFrInr.exe
  C:\Windows\System\gZFrInr.exe
  2⤵
  PID:5028
- C:\Windows\System\AwiXSRh.exe
  C:\Windows\System\AwiXSRh.exe
  2⤵
  PID:5044
- C:\Windows\System\oLsGShO.exe
  C:\Windows\System\oLsGShO.exe
  2⤵
  PID:5060
- C:\Windows\System\PeSOahE.exe
  C:\Windows\System\PeSOahE.exe
  2⤵
  PID:5080
- C:\Windows\System\StcSrKd.exe
  C:\Windows\System\StcSrKd.exe
  2⤵
  PID:5096
- C:\Windows\System\FqQDzqu.exe
  C:\Windows\System\FqQDzqu.exe
  2⤵
  PID:3544
- C:\Windows\System\mexiPBZ.exe
  C:\Windows\System\mexiPBZ.exe
  2⤵
  PID:4124
- C:\Windows\System\QEzwiOU.exe
  C:\Windows\System\QEzwiOU.exe
  2⤵
  PID:3596
- C:\Windows\System\VstsUve.exe
  C:\Windows\System\VstsUve.exe
  2⤵
  PID:2708
- C:\Windows\System\PKMghsV.exe
  C:\Windows\System\PKMghsV.exe
  2⤵
  PID:4152
- C:\Windows\System\GlJtiAh.exe
  C:\Windows\System\GlJtiAh.exe
  2⤵
  PID:4164
- C:\Windows\System\akAHvWN.exe
  C:\Windows\System\akAHvWN.exe
  2⤵
  PID:4208
- C:\Windows\System\afbcdYR.exe
  C:\Windows\System\afbcdYR.exe
  2⤵
  PID:4228
- C:\Windows\System\QwZRAwa.exe
  C:\Windows\System\QwZRAwa.exe
  2⤵
  PID:3624
- C:\Windows\System\zkWYYZr.exe
  C:\Windows\System\zkWYYZr.exe
  2⤵
  PID:1440
- C:\Windows\System\ruNGxbC.exe
  C:\Windows\System\ruNGxbC.exe
  2⤵
  PID:4396
- C:\Windows\System\nbgEKaZ.exe
  C:\Windows\System\nbgEKaZ.exe
  2⤵
  PID:4400
- C:\Windows\System\voYgrhY.exe
  C:\Windows\System\voYgrhY.exe
  2⤵
  PID:4244
- C:\Windows\System\JFhiJux.exe
  C:\Windows\System\JFhiJux.exe
  2⤵
  PID:4544
- C:\Windows\System\ZzTVBEv.exe
  C:\Windows\System\ZzTVBEv.exe
  2⤵
  PID:4564
- C:\Windows\System\jYVpZvk.exe
  C:\Windows\System\jYVpZvk.exe
  2⤵
  PID:4468
- C:\Windows\System\AKfaNbw.exe
  C:\Windows\System\AKfaNbw.exe
  2⤵
  PID:4568
- C:\Windows\System\DUZucXK.exe
  C:\Windows\System\DUZucXK.exe
  2⤵
  PID:4372
- C:\Windows\System\BEaSWOB.exe
  C:\Windows\System\BEaSWOB.exe
  2⤵
  PID:4580
- C:\Windows\System\DHhWonT.exe
  C:\Windows\System\DHhWonT.exe
  2⤵
  PID:4600
- C:\Windows\System\neqOUpX.exe
  C:\Windows\System\neqOUpX.exe
  2⤵
  PID:4644
- C:\Windows\System\IbNKAOP.exe
  C:\Windows\System\IbNKAOP.exe
  2⤵
  PID:4672
- C:\Windows\System\MCuMsFe.exe
  C:\Windows\System\MCuMsFe.exe
  2⤵
  PID:4728
- C:\Windows\System\ngOZsph.exe
  C:\Windows\System\ngOZsph.exe
  2⤵
  PID:2184
- C:\Windows\System\ZGbcIkZ.exe
  C:\Windows\System\ZGbcIkZ.exe
  2⤵
  PID:4872
- C:\Windows\System\izjVAWs.exe
  C:\Windows\System\izjVAWs.exe
  2⤵
  PID:4876
- C:\Windows\System\LqtXkHq.exe
  C:\Windows\System\LqtXkHq.exe
  2⤵
  PID:4928
- C:\Windows\System\KLEhWmS.exe
  C:\Windows\System\KLEhWmS.exe
  2⤵
  PID:4688
- C:\Windows\System\XwWxMiU.exe
  C:\Windows\System\XwWxMiU.exe
  2⤵
  PID:4960
- C:\Windows\System\neJhEzh.exe
  C:\Windows\System\neJhEzh.exe
  2⤵
  PID:4796
- C:\Windows\System\JoJhovr.exe
  C:\Windows\System\JoJhovr.exe
  2⤵
  PID:4860
- C:\Windows\System\FeemwtU.exe
  C:\Windows\System\FeemwtU.exe
  2⤵
  PID:4984
- C:\Windows\System\HozjgBT.exe
  C:\Windows\System\HozjgBT.exe
  2⤵
  PID:5020
- C:\Windows\System\CmWxvrL.exe
  C:\Windows\System\CmWxvrL.exe
  2⤵
  PID:5040
- C:\Windows\System\cTcgBDC.exe
  C:\Windows\System\cTcgBDC.exe
  2⤵
  PID:5104
- C:\Windows\System\ZWZLDrm.exe
  C:\Windows\System\ZWZLDrm.exe
  2⤵
  PID:2892
- C:\Windows\System\baZRulk.exe
  C:\Windows\System\baZRulk.exe
  2⤵
  PID:5092
- C:\Windows\System\ecBaZmH.exe
  C:\Windows\System\ecBaZmH.exe
  2⤵
  PID:3288
- C:\Windows\System\PvwqDiK.exe
  C:\Windows\System\PvwqDiK.exe
  2⤵
  PID:2908
- C:\Windows\System\UvBtCey.exe
  C:\Windows\System\UvBtCey.exe
  2⤵
  PID:1052
- C:\Windows\System\pgPhgai.exe
  C:\Windows\System\pgPhgai.exe
  2⤵
  PID:3536
- C:\Windows\System\Cyakxgb.exe
  C:\Windows\System\Cyakxgb.exe
  2⤵
  PID:4256
- C:\Windows\System\uRAyguB.exe
  C:\Windows\System\uRAyguB.exe
  2⤵
  PID:4328
- C:\Windows\System\tLRRkmH.exe
  C:\Windows\System\tLRRkmH.exe
  2⤵
  PID:4380
- C:\Windows\System\zXcotkJ.exe
  C:\Windows\System\zXcotkJ.exe
  2⤵
  PID:4464
- C:\Windows\System\mZOptyR.exe
  C:\Windows\System\mZOptyR.exe
  2⤵
  PID:4560
- C:\Windows\System\ACJSAZz.exe
  C:\Windows\System\ACJSAZz.exe
  2⤵
  PID:4604
- C:\Windows\System\OrcJRSZ.exe
  C:\Windows\System\OrcJRSZ.exe
  2⤵
  PID:2160
- C:\Windows\System\trqCFjf.exe
  C:\Windows\System\trqCFjf.exe
  2⤵
  PID:4912
- C:\Windows\System\akjZaAj.exe
  C:\Windows\System\akjZaAj.exe
  2⤵
  PID:4376
- C:\Windows\System\nrYgVBJ.exe
  C:\Windows\System\nrYgVBJ.exe
  2⤵
  PID:4748
- C:\Windows\System\gXdHkIE.exe
  C:\Windows\System\gXdHkIE.exe
  2⤵
  PID:4588
- C:\Windows\System\VMZsKXd.exe
  C:\Windows\System\VMZsKXd.exe
  2⤵
  PID:4948
- C:\Windows\System\nYGGKcz.exe
  C:\Windows\System\nYGGKcz.exe
  2⤵
  PID:4840
- C:\Windows\System\XUpHuWP.exe
  C:\Windows\System\XUpHuWP.exe
  2⤵
  PID:4844
- C:\Windows\System\JTUkNMM.exe
  C:\Windows\System\JTUkNMM.exe
  2⤵
  PID:5076
- C:\Windows\System\UlvsNfK.exe
  C:\Windows\System\UlvsNfK.exe
  2⤵
  PID:5088
- C:\Windows\System\KvYZhJa.exe
  C:\Windows\System\KvYZhJa.exe
  2⤵
  PID:4288
- C:\Windows\System\qZWFOkb.exe
  C:\Windows\System\qZWFOkb.exe
  2⤵
  PID:4324
- C:\Windows\System\Ywmgbua.exe
  C:\Windows\System\Ywmgbua.exe
  2⤵
  PID:4184
- C:\Windows\System\VQwVRwc.exe
  C:\Windows\System\VQwVRwc.exe
  2⤵
  PID:4548
- C:\Windows\System\HfuaqOj.exe
  C:\Windows\System\HfuaqOj.exe
  2⤵
  PID:4444
- C:\Windows\System\xItfrTW.exe
  C:\Windows\System\xItfrTW.exe
  2⤵
  PID:4496
- C:\Windows\System\ExrFnPR.exe
  C:\Windows\System\ExrFnPR.exe
  2⤵
  PID:4908
- C:\Windows\System\rJbYoTU.exe
  C:\Windows\System\rJbYoTU.exe
  2⤵
  PID:4916
- C:\Windows\System\XFKsAUo.exe
  C:\Windows\System\XFKsAUo.exe
  2⤵
  PID:1788
- C:\Windows\System\rWhYUKP.exe
  C:\Windows\System\rWhYUKP.exe
  2⤵
  PID:5036
- C:\Windows\System\oivugCf.exe
  C:\Windows\System\oivugCf.exe
  2⤵
  PID:1484
- C:\Windows\System\zUmdakB.exe
  C:\Windows\System\zUmdakB.exe
  2⤵
  PID:4340
- C:\Windows\System\pwyKeua.exe
  C:\Windows\System\pwyKeua.exe
  2⤵
  PID:4292
- C:\Windows\System\CPNstTC.exe
  C:\Windows\System\CPNstTC.exe
  2⤵
  PID:4724
- C:\Windows\System\tcFAqoo.exe
  C:\Windows\System\tcFAqoo.exe
  2⤵
  PID:5072
- C:\Windows\System\SAzZkQU.exe
  C:\Windows\System\SAzZkQU.exe
  2⤵
  PID:4752
- C:\Windows\System\fpLdHQX.exe
  C:\Windows\System\fpLdHQX.exe
  2⤵
  PID:4120
- C:\Windows\System\uOdNPkR.exe
  C:\Windows\System\uOdNPkR.exe
  2⤵
  PID:4480
- C:\Windows\System\HYaoCDg.exe
  C:\Windows\System\HYaoCDg.exe
  2⤵
  PID:5056
- C:\Windows\System\RZwxUuw.exe
  C:\Windows\System\RZwxUuw.exe
  2⤵
  PID:4576
- C:\Windows\System\jodRfVN.exe
  C:\Windows\System\jodRfVN.exe
  2⤵
  PID:1532
- C:\Windows\System\NWnAWEt.exe
  C:\Windows\System\NWnAWEt.exe
  2⤵
  PID:4768
- C:\Windows\System\gNvSPqR.exe
  C:\Windows\System\gNvSPqR.exe
  2⤵
  PID:3464
- C:\Windows\System\fsgwxAb.exe
  C:\Windows\System\fsgwxAb.exe
  2⤵
  PID:2752
- C:\Windows\System\rePhHmo.exe
  C:\Windows\System\rePhHmo.exe
  2⤵
  PID:4260
- C:\Windows\System\csoIjZa.exe
  C:\Windows\System\csoIjZa.exe
  2⤵
  PID:4272
- C:\Windows\System\vuzqYkP.exe
  C:\Windows\System\vuzqYkP.exe
  2⤵
  PID:3768
- C:\Windows\System\lbgrtxC.exe
  C:\Windows\System\lbgrtxC.exe
  2⤵
  PID:2564
- C:\Windows\System\LhFvDQK.exe
  C:\Windows\System\LhFvDQK.exe
  2⤵
  PID:4484
- C:\Windows\System\WZSymzB.exe
  C:\Windows\System\WZSymzB.exe
  2⤵
  PID:5132
- C:\Windows\System\hsJyGCk.exe
  C:\Windows\System\hsJyGCk.exe
  2⤵
  PID:5148
- C:\Windows\System\FqEmkwW.exe
  C:\Windows\System\FqEmkwW.exe
  2⤵
  PID:5168
- C:\Windows\System\eVrECjV.exe
  C:\Windows\System\eVrECjV.exe
  2⤵
  PID:5196
- C:\Windows\System\bnHzwhw.exe
  C:\Windows\System\bnHzwhw.exe
  2⤵
  PID:5216
- C:\Windows\System\jNSXGtj.exe
  C:\Windows\System\jNSXGtj.exe
  2⤵
  PID:5244
- C:\Windows\System\spMHXsc.exe
  C:\Windows\System\spMHXsc.exe
  2⤵
  PID:5260
- C:\Windows\System\OZcJCLP.exe
  C:\Windows\System\OZcJCLP.exe
  2⤵
  PID:5300
- C:\Windows\System\hKfpzWp.exe
  C:\Windows\System\hKfpzWp.exe
  2⤵
  PID:5316
- C:\Windows\System\UCInqXn.exe
  C:\Windows\System\UCInqXn.exe
  2⤵
  PID:5332
- C:\Windows\System\owNwNDR.exe
  C:\Windows\System\owNwNDR.exe
  2⤵
  PID:5348
- C:\Windows\System\quvnkgQ.exe
  C:\Windows\System\quvnkgQ.exe
  2⤵
  PID:5368
- C:\Windows\System\LzDDXNG.exe
  C:\Windows\System\LzDDXNG.exe
  2⤵
  PID:5388
- C:\Windows\System\KFqUusQ.exe
  C:\Windows\System\KFqUusQ.exe
  2⤵
  PID:5408
- C:\Windows\System\dUhMBZY.exe
  C:\Windows\System\dUhMBZY.exe
  2⤵
  PID:5424
- C:\Windows\System\ojFSsph.exe
  C:\Windows\System\ojFSsph.exe
  2⤵
  PID:5440
- C:\Windows\System\rEeIrHZ.exe
  C:\Windows\System\rEeIrHZ.exe
  2⤵
  PID:5464
- C:\Windows\System\aRPxvYG.exe
  C:\Windows\System\aRPxvYG.exe
  2⤵
  PID:5484
- C:\Windows\System\oyySqNb.exe
  C:\Windows\System\oyySqNb.exe
  2⤵
  PID:5504
- C:\Windows\System\jqycLcH.exe
  C:\Windows\System\jqycLcH.exe
  2⤵
  PID:5520
- C:\Windows\System\HFGqpMC.exe
  C:\Windows\System\HFGqpMC.exe
  2⤵
  PID:5536
- C:\Windows\System\ijcBtDY.exe
  C:\Windows\System\ijcBtDY.exe
  2⤵
  PID:5556
- C:\Windows\System\QGNZcYa.exe
  C:\Windows\System\QGNZcYa.exe
  2⤵
  PID:5584
- C:\Windows\System\IuepwJn.exe
  C:\Windows\System\IuepwJn.exe
  2⤵
  PID:5604
- C:\Windows\System\nRQAQec.exe
  C:\Windows\System\nRQAQec.exe
  2⤵
  PID:5640
- C:\Windows\System\ZnfHGdE.exe
  C:\Windows\System\ZnfHGdE.exe
  2⤵
  PID:5656
- C:\Windows\System\GSSbYta.exe
  C:\Windows\System\GSSbYta.exe
  2⤵
  PID:5672
- C:\Windows\System\NTRvhlX.exe
  C:\Windows\System\NTRvhlX.exe
  2⤵
  PID:5688
- C:\Windows\System\ustqzCH.exe
  C:\Windows\System\ustqzCH.exe
  2⤵
  PID:5704
- C:\Windows\System\wKeGQGs.exe
  C:\Windows\System\wKeGQGs.exe
  2⤵
  PID:5724
- C:\Windows\System\kFUjyar.exe
  C:\Windows\System\kFUjyar.exe
  2⤵
  PID:5744
- C:\Windows\System\ZfhKscy.exe
  C:\Windows\System\ZfhKscy.exe
  2⤵
  PID:5764
- C:\Windows\System\hFiGNDE.exe
  C:\Windows\System\hFiGNDE.exe
  2⤵
  PID:5788
- C:\Windows\System\OkTITaM.exe
  C:\Windows\System\OkTITaM.exe
  2⤵
  PID:5808
- C:\Windows\System\gXmGXCV.exe
  C:\Windows\System\gXmGXCV.exe
  2⤵
  PID:5824
- C:\Windows\System\fQVWCyC.exe
  C:\Windows\System\fQVWCyC.exe
  2⤵
  PID:5852
- C:\Windows\System\qlaLcuh.exe
  C:\Windows\System\qlaLcuh.exe
  2⤵
  PID:5868
- C:\Windows\System\GBIqIXJ.exe
  C:\Windows\System\GBIqIXJ.exe
  2⤵
  PID:5884
- C:\Windows\System\RSunMkV.exe
  C:\Windows\System\RSunMkV.exe
  2⤵
  PID:5900
- C:\Windows\System\wYCryGj.exe
  C:\Windows\System\wYCryGj.exe
  2⤵
  PID:5916
- C:\Windows\System\sDGWKgs.exe
  C:\Windows\System\sDGWKgs.exe
  2⤵
  PID:5932
- C:\Windows\System\tAzXNBv.exe
  C:\Windows\System\tAzXNBv.exe
  2⤵
  PID:5956
- C:\Windows\System\vJIzvDP.exe
  C:\Windows\System\vJIzvDP.exe
  2⤵
  PID:5972
- C:\Windows\System\XpIWGfe.exe
  C:\Windows\System\XpIWGfe.exe
  2⤵
  PID:6024
- C:\Windows\System\haUfPQo.exe
  C:\Windows\System\haUfPQo.exe
  2⤵
  PID:6040
- C:\Windows\System\bdSlSMA.exe
  C:\Windows\System\bdSlSMA.exe
  2⤵
  PID:6056
- C:\Windows\System\bxQKQpg.exe
  C:\Windows\System\bxQKQpg.exe
  2⤵
  PID:6072
- C:\Windows\System\SUmdZrf.exe
  C:\Windows\System\SUmdZrf.exe
  2⤵
  PID:6088
- C:\Windows\System\nOvDhzL.exe
  C:\Windows\System\nOvDhzL.exe
  2⤵
  PID:6104
- C:\Windows\System\znfvTNd.exe
  C:\Windows\System\znfvTNd.exe
  2⤵
  PID:6120
- C:\Windows\System\mowDLOv.exe
  C:\Windows\System\mowDLOv.exe
  2⤵
  PID:6136
- C:\Windows\System\vEpaPYq.exe
  C:\Windows\System\vEpaPYq.exe
  2⤵
  PID:5124
- C:\Windows\System\xJOGqRV.exe
  C:\Windows\System\xJOGqRV.exe
  2⤵
  PID:5164
- C:\Windows\System\EvqZxoT.exe
  C:\Windows\System\EvqZxoT.exe
  2⤵
  PID:5252
- C:\Windows\System\eVZNTMr.exe
  C:\Windows\System\eVZNTMr.exe
  2⤵
  PID:2336
- C:\Windows\System\aTGiUoi.exe
  C:\Windows\System\aTGiUoi.exe
  2⤵
  PID:2384
- C:\Windows\System\mVoemKK.exe
  C:\Windows\System\mVoemKK.exe
  2⤵
  PID:5276
- C:\Windows\System\pANKvVb.exe
  C:\Windows\System\pANKvVb.exe
  2⤵
  PID:5344
- C:\Windows\System\HvADHbz.exe
  C:\Windows\System\HvADHbz.exe
  2⤵
  PID:5420
- C:\Windows\System\yOmceJZ.exe
  C:\Windows\System\yOmceJZ.exe
  2⤵
  PID:5324
- C:\Windows\System\TKVaiIB.exe
  C:\Windows\System\TKVaiIB.exe
  2⤵
  PID:5364
- C:\Windows\System\FeTjXET.exe
  C:\Windows\System\FeTjXET.exe
  2⤵
  PID:5232
- C:\Windows\System\eGqsbYQ.exe
  C:\Windows\System\eGqsbYQ.exe
  2⤵
  PID:5404
- C:\Windows\System\oYHWVsE.exe
  C:\Windows\System\oYHWVsE.exe
  2⤵
  PID:5480
- C:\Windows\System\YMwCSbk.exe
  C:\Windows\System\YMwCSbk.exe
  2⤵
  PID:5492
- C:\Windows\System\izguZip.exe
  C:\Windows\System\izguZip.exe
  2⤵
  PID:5532
- C:\Windows\System\GWYNeiW.exe
  C:\Windows\System\GWYNeiW.exe
  2⤵
  PID:5572
- C:\Windows\System\pNujdYp.exe
  C:\Windows\System\pNujdYp.exe
  2⤵
  PID:5612
- C:\Windows\System\ZWFnSDZ.exe
  C:\Windows\System\ZWFnSDZ.exe
  2⤵
  PID:5624
- C:\Windows\System\VPhZphc.exe
  C:\Windows\System\VPhZphc.exe
  2⤵
  PID:5700
- C:\Windows\System\vwltPqS.exe
  C:\Windows\System\vwltPqS.exe
  2⤵
  PID:2004
- C:\Windows\System\DVxAnSC.exe
  C:\Windows\System\DVxAnSC.exe
  2⤵
  PID:5780
- C:\Windows\System\qFrrSsn.exe
  C:\Windows\System\qFrrSsn.exe
  2⤵
  PID:5592
- C:\Windows\System\LzWyCxs.exe
  C:\Windows\System\LzWyCxs.exe
  2⤵
  PID:5680
- C:\Windows\System\uwRlQYY.exe
  C:\Windows\System\uwRlQYY.exe
  2⤵
  PID:5756
- C:\Windows\System\moIgPCS.exe
  C:\Windows\System\moIgPCS.exe
  2⤵
  PID:5860
- C:\Windows\System\MBBCjRs.exe
  C:\Windows\System\MBBCjRs.exe
  2⤵
  PID:5924
- C:\Windows\System\gskpMzd.exe
  C:\Windows\System\gskpMzd.exe
  2⤵
  PID:5952
- C:\Windows\System\Rkhiyud.exe
  C:\Windows\System\Rkhiyud.exe
  2⤵
  PID:5800
- C:\Windows\System\DgsnPHW.exe
  C:\Windows\System\DgsnPHW.exe
  2⤵
  PID:6008
- C:\Windows\System\tmtTlWg.exe
  C:\Windows\System\tmtTlWg.exe
  2⤵
  PID:5944
- C:\Windows\System\kBRUNHl.exe
  C:\Windows\System\kBRUNHl.exe
  2⤵
  PID:6020
- C:\Windows\System\cxgRGuA.exe
  C:\Windows\System\cxgRGuA.exe
  2⤵
  PID:6052
- C:\Windows\System\kFNGKBt.exe
  C:\Windows\System\kFNGKBt.exe
  2⤵
  PID:6128
- C:\Windows\System\vHsmCZl.exe
  C:\Windows\System\vHsmCZl.exe
  2⤵
  PID:2972
- C:\Windows\System\jEJAiqp.exe
  C:\Windows\System\jEJAiqp.exe
  2⤵
  PID:5292
- C:\Windows\System\VLVFDMG.exe
  C:\Windows\System\VLVFDMG.exe
  2⤵
  PID:5296
- C:\Windows\System\AcBfbGy.exe
  C:\Windows\System\AcBfbGy.exe
  2⤵
  PID:5340
- C:\Windows\System\SpIVImO.exe
  C:\Windows\System\SpIVImO.exe
  2⤵
  PID:5208
- C:\Windows\System\EdPposW.exe
  C:\Windows\System\EdPposW.exe
  2⤵
  PID:5380
- C:\Windows\System\tFRVCxa.exe
  C:\Windows\System\tFRVCxa.exe
  2⤵
  PID:4980
- C:\Windows\System\ApkSJHZ.exe
  C:\Windows\System\ApkSJHZ.exe
  2⤵
  PID:5548
- C:\Windows\System\ckXsmDf.exe
  C:\Windows\System\ckXsmDf.exe
  2⤵
  PID:5436
- C:\Windows\System\AOFmXTl.exe
  C:\Windows\System\AOFmXTl.exe
  2⤵
  PID:5528
- C:\Windows\System\LgYimag.exe
  C:\Windows\System\LgYimag.exe
  2⤵
  PID:5620
- C:\Windows\System\ESiMRFY.exe
  C:\Windows\System\ESiMRFY.exe
  2⤵
  PID:5736
- C:\Windows\System\njhDzfB.exe
  C:\Windows\System\njhDzfB.exe
  2⤵
  PID:5716
- C:\Windows\System\nBmoPSO.exe
  C:\Windows\System\nBmoPSO.exe
  2⤵
  PID:5752
- C:\Windows\System\hqLGbgn.exe
  C:\Windows\System\hqLGbgn.exe
  2⤵
  PID:5796
- C:\Windows\System\IbDbjgt.exe
  C:\Windows\System\IbDbjgt.exe
  2⤵
  PID:5892
- C:\Windows\System\ibSgkpt.exe
  C:\Windows\System\ibSgkpt.exe
  2⤵
  PID:5992
- C:\Windows\System\FyJKgno.exe
  C:\Windows\System\FyJKgno.exe
  2⤵
  PID:6016
- C:\Windows\System\FLjEJIA.exe
  C:\Windows\System\FLjEJIA.exe
  2⤵
  PID:5776
- C:\Windows\System\VuNuEMQ.exe
  C:\Windows\System\VuNuEMQ.exe
  2⤵
  PID:6096
- C:\Windows\System\zCNzMPW.exe
  C:\Windows\System\zCNzMPW.exe
  2⤵
  PID:5156
- C:\Windows\System\ZRTZLvv.exe
  C:\Windows\System\ZRTZLvv.exe
  2⤵
  PID:5288
- C:\Windows\System\cRwjKFF.exe
  C:\Windows\System\cRwjKFF.exe
  2⤵
  PID:5000
- C:\Windows\System\XxVvpTh.exe
  C:\Windows\System\XxVvpTh.exe
  2⤵
  PID:4532
- C:\Windows\System\eKOCrhP.exe
  C:\Windows\System\eKOCrhP.exe
  2⤵
  PID:5308
- C:\Windows\System\MwApope.exe
  C:\Windows\System\MwApope.exe
  2⤵
  PID:5400
- C:\Windows\System\tNSeHKd.exe
  C:\Windows\System\tNSeHKd.exe
  2⤵
  PID:1196
- C:\Windows\System\XNcxXeh.exe
  C:\Windows\System\XNcxXeh.exe
  2⤵
  PID:5452
- C:\Windows\System\RWkbJyg.exe
  C:\Windows\System\RWkbJyg.exe
  2⤵
  PID:5476
- C:\Windows\System\EIBOyed.exe
  C:\Windows\System\EIBOyed.exe
  2⤵
  PID:5844
- C:\Windows\System\qlafBeu.exe
  C:\Windows\System\qlafBeu.exe
  2⤵
  PID:5988
- C:\Windows\System\lyjbVtY.exe
  C:\Windows\System\lyjbVtY.exe
  2⤵
  PID:5928
- C:\Windows\System\GiiEOfL.exe
  C:\Windows\System\GiiEOfL.exe
  2⤵
  PID:5832
- C:\Windows\System\SWEcEqG.exe
  C:\Windows\System\SWEcEqG.exe
  2⤵
  PID:5396
- C:\Windows\System\OIyhfrI.exe
  C:\Windows\System\OIyhfrI.exe
  2⤵
  PID:5144
- C:\Windows\System\DnWQhtD.exe
  C:\Windows\System\DnWQhtD.exe
  2⤵
  PID:4764
- C:\Windows\System\MKktBbX.exe
  C:\Windows\System\MKktBbX.exe
  2⤵
  PID:1660
- C:\Windows\System\FWzVfIw.exe
  C:\Windows\System\FWzVfIw.exe
  2⤵
  PID:5648
- C:\Windows\System\kTmwpoa.exe
  C:\Windows\System\kTmwpoa.exe
  2⤵
  PID:6048
- C:\Windows\System\ZZYamxd.exe
  C:\Windows\System\ZZYamxd.exe
  2⤵
  PID:5552
- C:\Windows\System\tPzwdQV.exe
  C:\Windows\System\tPzwdQV.exe
  2⤵
  PID:6004
- C:\Windows\System\kXOqeOs.exe
  C:\Windows\System\kXOqeOs.exe
  2⤵
  PID:5160
- C:\Windows\System\eMkYDJn.exe
  C:\Windows\System\eMkYDJn.exe
  2⤵
  PID:4924
- C:\Windows\System\WcUPaHj.exe
  C:\Windows\System\WcUPaHj.exe
  2⤵
  PID:5908
- C:\Windows\System\LowoCGf.exe
  C:\Windows\System\LowoCGf.exe
  2⤵
  PID:5580
- C:\Windows\System\aZTeVUF.exe
  C:\Windows\System\aZTeVUF.exe
  2⤵
  PID:5664
- C:\Windows\System\UvmKUTX.exe
  C:\Windows\System\UvmKUTX.exe
  2⤵
  PID:6036
- C:\Windows\System\UPyaQqu.exe
  C:\Windows\System\UPyaQqu.exe
  2⤵
  PID:4892
- C:\Windows\System\CwQqAyI.exe
  C:\Windows\System\CwQqAyI.exe
  2⤵
  PID:5240
- C:\Windows\System\JrnuXdd.exe
  C:\Windows\System\JrnuXdd.exe
  2⤵
  PID:5212
- C:\Windows\System\eiLaxYr.exe
  C:\Windows\System\eiLaxYr.exe
  2⤵
  PID:6152
- C:\Windows\System\ZdgQzUd.exe
  C:\Windows\System\ZdgQzUd.exe
  2⤵
  PID:6180
- C:\Windows\System\cQBeslO.exe
  C:\Windows\System\cQBeslO.exe
  2⤵
  PID:6200
- C:\Windows\System\cgAmjIf.exe
  C:\Windows\System\cgAmjIf.exe
  2⤵
  PID:6216
- C:\Windows\System\VJgBqHO.exe
  C:\Windows\System\VJgBqHO.exe
  2⤵
  PID:6236
- C:\Windows\System\RECufoP.exe
  C:\Windows\System\RECufoP.exe
  2⤵
  PID:6260
- C:\Windows\System\Jlgdolt.exe
  C:\Windows\System\Jlgdolt.exe
  2⤵
  PID:6276
- C:\Windows\System\HjZRRhW.exe
  C:\Windows\System\HjZRRhW.exe
  2⤵
  PID:6292
- C:\Windows\System\lrNhUgx.exe
  C:\Windows\System\lrNhUgx.exe
  2⤵
  PID:6320
- C:\Windows\System\rQJXUAQ.exe
  C:\Windows\System\rQJXUAQ.exe
  2⤵
  PID:6336
- C:\Windows\System\gUHkrnP.exe
  C:\Windows\System\gUHkrnP.exe
  2⤵
  PID:6352
- C:\Windows\System\pwHbJyy.exe
  C:\Windows\System\pwHbJyy.exe
  2⤵
  PID:6368
- C:\Windows\System\lkDZeSJ.exe
  C:\Windows\System\lkDZeSJ.exe
  2⤵
  PID:6384
- C:\Windows\System\JKddCeh.exe
  C:\Windows\System\JKddCeh.exe
  2⤵
  PID:6400
- C:\Windows\System\qTTxlwn.exe
  C:\Windows\System\qTTxlwn.exe
  2⤵
  PID:6416
- C:\Windows\System\SxEIaom.exe
  C:\Windows\System\SxEIaom.exe
  2⤵
  PID:6432
- C:\Windows\System\sHmdABw.exe
  C:\Windows\System\sHmdABw.exe
  2⤵
  PID:6448
- C:\Windows\System\deyKdXd.exe
  C:\Windows\System\deyKdXd.exe
  2⤵
  PID:6464
- C:\Windows\System\PmPDqIH.exe
  C:\Windows\System\PmPDqIH.exe
  2⤵
  PID:6480
- C:\Windows\System\RavWMoF.exe
  C:\Windows\System\RavWMoF.exe
  2⤵
  PID:6500
- C:\Windows\System\QdOkbAh.exe
  C:\Windows\System\QdOkbAh.exe
  2⤵
  PID:6524
- C:\Windows\System\NKasCVZ.exe
  C:\Windows\System\NKasCVZ.exe
  2⤵
  PID:6544
- C:\Windows\System\hmNmqGN.exe
  C:\Windows\System\hmNmqGN.exe
  2⤵
  PID:6564
- C:\Windows\System\qLyYVrZ.exe
  C:\Windows\System\qLyYVrZ.exe
  2⤵
  PID:6584
- C:\Windows\System\VRcQcHe.exe
  C:\Windows\System\VRcQcHe.exe
  2⤵
  PID:6608
- C:\Windows\System\RilMuxH.exe
  C:\Windows\System\RilMuxH.exe
  2⤵
  PID:6644
- C:\Windows\System\EJydcxG.exe
  C:\Windows\System\EJydcxG.exe
  2⤵
  PID:6660
- C:\Windows\System\vbxIzRG.exe
  C:\Windows\System\vbxIzRG.exe
  2⤵
  PID:6692
- C:\Windows\System\oFCMCwm.exe
  C:\Windows\System\oFCMCwm.exe
  2⤵
  PID:6708
- C:\Windows\System\kRQnRmN.exe
  C:\Windows\System\kRQnRmN.exe
  2⤵
  PID:6724
- C:\Windows\System\ZBypBUr.exe
  C:\Windows\System\ZBypBUr.exe
  2⤵
  PID:6748
- C:\Windows\System\xPrfEeH.exe
  C:\Windows\System\xPrfEeH.exe
  2⤵
  PID:6764
- C:\Windows\System\THhFjde.exe
  C:\Windows\System\THhFjde.exe
  2⤵
  PID:6780
- C:\Windows\System\DkZvOth.exe
  C:\Windows\System\DkZvOth.exe
  2⤵
  PID:6796
- C:\Windows\System\MhHtidJ.exe
  C:\Windows\System\MhHtidJ.exe
  2⤵
  PID:6824
- C:\Windows\System\QRbeCCl.exe
  C:\Windows\System\QRbeCCl.exe
  2⤵
  PID:6848
- C:\Windows\System\RKVCcpA.exe
  C:\Windows\System\RKVCcpA.exe
  2⤵
  PID:6864
- C:\Windows\System\RXKcVMb.exe
  C:\Windows\System\RXKcVMb.exe
  2⤵
  PID:6888
- C:\Windows\System\ugJktUB.exe
  C:\Windows\System\ugJktUB.exe
  2⤵
  PID:6916
- C:\Windows\System\GwQAgwT.exe
  C:\Windows\System\GwQAgwT.exe
  2⤵
  PID:6936
- C:\Windows\System\GDcGrEw.exe
  C:\Windows\System\GDcGrEw.exe
  2⤵
  PID:6956
- C:\Windows\System\SWzjAsz.exe
  C:\Windows\System\SWzjAsz.exe
  2⤵
  PID:6972
- C:\Windows\System\gPbRVbR.exe
  C:\Windows\System\gPbRVbR.exe
  2⤵
  PID:6996
- C:\Windows\System\BpvViYD.exe
  C:\Windows\System\BpvViYD.exe
  2⤵
  PID:7012
- C:\Windows\System\YaCYGRx.exe
  C:\Windows\System\YaCYGRx.exe
  2⤵
  PID:7028
- C:\Windows\System\DqAXIzL.exe
  C:\Windows\System\DqAXIzL.exe
  2⤵
  PID:7056
- C:\Windows\System\PGKVTOk.exe
  C:\Windows\System\PGKVTOk.exe
  2⤵
  PID:7080
- C:\Windows\System\FaAFtgt.exe
  C:\Windows\System\FaAFtgt.exe
  2⤵
  PID:7096
- C:\Windows\System\pBntAmv.exe
  C:\Windows\System\pBntAmv.exe
  2⤵
  PID:7116
- C:\Windows\System\IkYskUE.exe
  C:\Windows\System\IkYskUE.exe
  2⤵
  PID:7136
- C:\Windows\System\jymibXd.exe
  C:\Windows\System\jymibXd.exe
  2⤵
  PID:7152
- C:\Windows\System\MOxsxxr.exe
  C:\Windows\System\MOxsxxr.exe
  2⤵
  PID:864
- C:\Windows\System\ajeiRhq.exe
  C:\Windows\System\ajeiRhq.exe
  2⤵
  PID:6160
- C:\Windows\System\mTjoAuO.exe
  C:\Windows\System\mTjoAuO.exe
  2⤵
  PID:6188
- C:\Windows\System\iGRBKws.exe
  C:\Windows\System\iGRBKws.exe
  2⤵
  PID:6228
- C:\Windows\System\IkujnXk.exe
  C:\Windows\System\IkujnXk.exe
  2⤵
  PID:6248
- C:\Windows\System\uxuQLKN.exe
  C:\Windows\System\uxuQLKN.exe
  2⤵
  PID:6284
- C:\Windows\System\VROOqZB.exe
  C:\Windows\System\VROOqZB.exe
  2⤵
  PID:6304
- C:\Windows\System\AZLvNwW.exe
  C:\Windows\System\AZLvNwW.exe
  2⤵
  PID:6328
- C:\Windows\System\xZXNiie.exe
  C:\Windows\System\xZXNiie.exe
  2⤵
  PID:6444
- C:\Windows\System\XgmUVrY.exe
  C:\Windows\System\XgmUVrY.exe
  2⤵
  PID:6412
- C:\Windows\System\pRmwZVq.exe
  C:\Windows\System\pRmwZVq.exe
  2⤵
  PID:6552
- C:\Windows\System\zlmtomF.exe
  C:\Windows\System\zlmtomF.exe
  2⤵
  PID:6520
- C:\Windows\System\NPjcoTr.exe
  C:\Windows\System\NPjcoTr.exe
  2⤵
  PID:6536
- C:\Windows\System\szlmfwx.exe
  C:\Windows\System\szlmfwx.exe
  2⤵
  PID:6580
- C:\Windows\System\kViJacg.exe
  C:\Windows\System\kViJacg.exe
  2⤵
  PID:6392
- C:\Windows\System\QxeENIo.exe
  C:\Windows\System\QxeENIo.exe
  2⤵
  PID:6604
- C:\Windows\System\hzapJfg.exe
  C:\Windows\System\hzapJfg.exe
  2⤵
  PID:6700
- C:\Windows\System\pyoyQBt.exe
  C:\Windows\System\pyoyQBt.exe
  2⤵
  PID:6624
- C:\Windows\System\vIrDYTi.exe
  C:\Windows\System\vIrDYTi.exe
  2⤵
  PID:6744
- C:\Windows\System\ptLzSmf.exe
  C:\Windows\System\ptLzSmf.exe
  2⤵
  PID:6640
- C:\Windows\System\InAqdGY.exe
  C:\Windows\System\InAqdGY.exe
  2⤵
  PID:6756
- C:\Windows\System\IEFvOer.exe
  C:\Windows\System\IEFvOer.exe
  2⤵
  PID:6812
- C:\Windows\System\EyEIhbx.exe
  C:\Windows\System\EyEIhbx.exe
  2⤵
  PID:6836
- C:\Windows\System\IvDnLgy.exe
  C:\Windows\System\IvDnLgy.exe
  2⤵
  PID:6896
- C:\Windows\System\xGVhNLo.exe
  C:\Windows\System\xGVhNLo.exe
  2⤵
  PID:6880
- C:\Windows\System\vboTosi.exe
  C:\Windows\System\vboTosi.exe
  2⤵
  PID:6980
- C:\Windows\System\MSlDHLU.exe
  C:\Windows\System\MSlDHLU.exe
  2⤵
  PID:6932
- C:\Windows\System\ZDFgRvG.exe
  C:\Windows\System\ZDFgRvG.exe
  2⤵
  PID:7008
- C:\Windows\System\KHdNdpj.exe
  C:\Windows\System\KHdNdpj.exe
  2⤵
  PID:7040
- C:\Windows\System\janNZms.exe
  C:\Windows\System\janNZms.exe
  2⤵
  PID:7064
- C:\Windows\System\ENJrmRk.exe
  C:\Windows\System\ENJrmRk.exe
  2⤵
  PID:7104
- C:\Windows\System\gLQyoBt.exe
  C:\Windows\System\gLQyoBt.exe
  2⤵
  PID:7088
- C:\Windows\System\SCDrIhf.exe
  C:\Windows\System\SCDrIhf.exe
  2⤵
  PID:7160
- C:\Windows\System\dJJqXOl.exe
  C:\Windows\System\dJJqXOl.exe
  2⤵
  PID:5840
- C:\Windows\System\OIRWEcf.exe
  C:\Windows\System\OIRWEcf.exe
  2⤵
  PID:5268
- C:\Windows\System\qfvLQAl.exe
  C:\Windows\System\qfvLQAl.exe
  2⤵
  PID:6208
- C:\Windows\System\ElpHiVa.exe
  C:\Windows\System\ElpHiVa.exe
  2⤵
  PID:6316
- C:\Windows\System\VBtKXAP.exe
  C:\Windows\System\VBtKXAP.exe
  2⤵
  PID:6512
- C:\Windows\System\nLWRRsa.exe
  C:\Windows\System\nLWRRsa.exe
  2⤵
  PID:6476
- C:\Windows\System\hYyxViX.exe
  C:\Windows\System\hYyxViX.exe
  2⤵
  PID:6600
- C:\Windows\System\xtQbhGs.exe
  C:\Windows\System\xtQbhGs.exe
  2⤵
  PID:6628
- C:\Windows\System\nZLDsol.exe
  C:\Windows\System\nZLDsol.exe
  2⤵
  PID:6672
- C:\Windows\System\PaKndNE.exe
  C:\Windows\System\PaKndNE.exe
  2⤵
  PID:6684
- C:\Windows\System\MhjOjQD.exe
  C:\Windows\System\MhjOjQD.exe
  2⤵
  PID:6560
- C:\Windows\System\CBImvzD.exe
  C:\Windows\System\CBImvzD.exe
  2⤵
  PID:6876
- C:\Windows\System\gdfiSLB.exe
  C:\Windows\System\gdfiSLB.exe
  2⤵
  PID:6532
- C:\Windows\System\XjnxWpG.exe
  C:\Windows\System\XjnxWpG.exe
  2⤵
  PID:6924
- C:\Windows\System\SCiByCY.exe
  C:\Windows\System\SCiByCY.exe
  2⤵
  PID:6988
- C:\Windows\System\jnzXbmh.exe
  C:\Windows\System\jnzXbmh.exe
  2⤵
  PID:7048
- C:\Windows\System\oEldNIK.exe
  C:\Windows\System\oEldNIK.exe
  2⤵
  PID:7128
- C:\Windows\System\fLotmdf.exe
  C:\Windows\System\fLotmdf.exe
  2⤵
  PID:6376
- C:\Windows\System\RwUGfzQ.exe
  C:\Windows\System\RwUGfzQ.exe
  2⤵
  PID:6716
- C:\Windows\System\dtmkwel.exe
  C:\Windows\System\dtmkwel.exe
  2⤵
  PID:6408
- C:\Windows\System\XcOaJOp.exe
  C:\Windows\System\XcOaJOp.exe
  2⤵
  PID:7124
- C:\Windows\System\KMFnsFE.exe
  C:\Windows\System\KMFnsFE.exe
  2⤵
  PID:6252
- C:\Windows\System\dYAcbSr.exe
  C:\Windows\System\dYAcbSr.exe
  2⤵
  PID:6856
- C:\Windows\System\csWDHTn.exe
  C:\Windows\System\csWDHTn.exe
  2⤵
  PID:6472
- C:\Windows\System\DUhHGvg.exe
  C:\Windows\System\DUhHGvg.exe
  2⤵
  PID:6652
- C:\Windows\System\buyTgdc.exe
  C:\Windows\System\buyTgdc.exe
  2⤵
  PID:6872
- C:\Windows\System\LhTqSRC.exe
  C:\Windows\System\LhTqSRC.exe
  2⤵
  PID:7036
- C:\Windows\System\xCjTRcV.exe
  C:\Windows\System\xCjTRcV.exe
  2⤵
  PID:6912
- C:\Windows\System\HVkZPCE.exe
  C:\Windows\System\HVkZPCE.exe
  2⤵
  PID:6968
- C:\Windows\System\HNoiOOd.exe
  C:\Windows\System\HNoiOOd.exe
  2⤵
  PID:6396
- C:\Windows\System\HcasFdy.exe
  C:\Windows\System\HcasFdy.exe
  2⤵
  PID:6596
- C:\Windows\System\qmDLExb.exe
  C:\Windows\System\qmDLExb.exe
  2⤵
  PID:6804
- C:\Windows\System\pgELVky.exe
  C:\Windows\System\pgELVky.exe
  2⤵
  PID:6592
- C:\Windows\System\SXpGHQZ.exe
  C:\Windows\System\SXpGHQZ.exe
  2⤵
  PID:7148
- C:\Windows\System\mdeCUui.exe
  C:\Windows\System\mdeCUui.exe
  2⤵
  PID:6992
- C:\Windows\System\Whcpcnt.exe
  C:\Windows\System\Whcpcnt.exe
  2⤵
  PID:6832
- C:\Windows\System\stsANnI.exe
  C:\Windows\System\stsANnI.exe
  2⤵
  PID:5968
- C:\Windows\System\VmemFFY.exe
  C:\Windows\System\VmemFFY.exe
  2⤵
  PID:6632
- C:\Windows\System\OiHgDsq.exe
  C:\Windows\System\OiHgDsq.exe
  2⤵
  PID:6952
- C:\Windows\System\jvWBUhF.exe
  C:\Windows\System\jvWBUhF.exe
  2⤵
  PID:6808
- C:\Windows\System\jPUUlqN.exe
  C:\Windows\System\jPUUlqN.exe
  2⤵
  PID:6308
- C:\Windows\System\mECOYgo.exe
  C:\Windows\System\mECOYgo.exe
  2⤵
  PID:6904
- C:\Windows\System\rUBsgfg.exe
  C:\Windows\System\rUBsgfg.exe
  2⤵
  PID:7196
- C:\Windows\System\zDkgQYg.exe
  C:\Windows\System\zDkgQYg.exe
  2⤵
  PID:7212
- C:\Windows\System\pXTXPsm.exe
  C:\Windows\System\pXTXPsm.exe
  2⤵
  PID:7232
- C:\Windows\System\kDZUArL.exe
  C:\Windows\System\kDZUArL.exe
  2⤵
  PID:7248
- C:\Windows\System\khMqRun.exe
  C:\Windows\System\khMqRun.exe
  2⤵
  PID:7268
- C:\Windows\System\BVEwQLA.exe
  C:\Windows\System\BVEwQLA.exe
  2⤵
  PID:7292
- C:\Windows\System\jYnwIqY.exe
  C:\Windows\System\jYnwIqY.exe
  2⤵
  PID:7308
- C:\Windows\System\waBzmCP.exe
  C:\Windows\System\waBzmCP.exe
  2⤵
  PID:7328
- C:\Windows\System\ratRNjI.exe
  C:\Windows\System\ratRNjI.exe
  2⤵
  PID:7348
- C:\Windows\System\VcVBJle.exe
  C:\Windows\System\VcVBJle.exe
  2⤵
  PID:7372
- C:\Windows\System\DgaMKFA.exe
  C:\Windows\System\DgaMKFA.exe
  2⤵
  PID:7388
- C:\Windows\System\rMdyFZn.exe
  C:\Windows\System\rMdyFZn.exe
  2⤵
  PID:7408
- C:\Windows\System\JSdXXLG.exe
  C:\Windows\System\JSdXXLG.exe
  2⤵
  PID:7432
- C:\Windows\System\ceArnAF.exe
  C:\Windows\System\ceArnAF.exe
  2⤵
  PID:7452
- C:\Windows\System\XUgjeGD.exe
  C:\Windows\System\XUgjeGD.exe
  2⤵
  PID:7468
- C:\Windows\System\WpZFVCg.exe
  C:\Windows\System\WpZFVCg.exe
  2⤵
  PID:7492
- C:\Windows\System\WNYiqig.exe
  C:\Windows\System\WNYiqig.exe
  2⤵
  PID:7512
- C:\Windows\System\PqBIrcF.exe
  C:\Windows\System\PqBIrcF.exe
  2⤵
  PID:7536
- C:\Windows\System\BnAcEly.exe
  C:\Windows\System\BnAcEly.exe
  2⤵
  PID:7556
- C:\Windows\System\nUGtCrD.exe
  C:\Windows\System\nUGtCrD.exe
  2⤵
  PID:7580
- C:\Windows\System\nVLrNNS.exe
  C:\Windows\System\nVLrNNS.exe
  2⤵
  PID:7596
- C:\Windows\System\FBwwZOn.exe
  C:\Windows\System\FBwwZOn.exe
  2⤵
  PID:7616
- C:\Windows\System\jCOhbyp.exe
  C:\Windows\System\jCOhbyp.exe
  2⤵
  PID:7636
- C:\Windows\System\SisrsMA.exe
  C:\Windows\System\SisrsMA.exe
  2⤵
  PID:7656
- C:\Windows\System\WTEAGoX.exe
  C:\Windows\System\WTEAGoX.exe
  2⤵
  PID:7676
- C:\Windows\System\IDHICqG.exe
  C:\Windows\System\IDHICqG.exe
  2⤵
  PID:7692
- C:\Windows\System\dApHYWF.exe
  C:\Windows\System\dApHYWF.exe
  2⤵
  PID:7716
- C:\Windows\System\Jwqckap.exe
  C:\Windows\System\Jwqckap.exe
  2⤵
  PID:7736
- C:\Windows\System\fIfjEKp.exe
  C:\Windows\System\fIfjEKp.exe
  2⤵
  PID:7752
- C:\Windows\System\fBAWwLN.exe
  C:\Windows\System\fBAWwLN.exe
  2⤵
  PID:7776
- C:\Windows\System\oBWEiZA.exe
  C:\Windows\System\oBWEiZA.exe
  2⤵
  PID:7796
- C:\Windows\System\NpsTlRN.exe
  C:\Windows\System\NpsTlRN.exe
  2⤵
  PID:7820
- C:\Windows\System\RjwDndx.exe
  C:\Windows\System\RjwDndx.exe
  2⤵
  PID:7836
- C:\Windows\System\YYbSpbK.exe
  C:\Windows\System\YYbSpbK.exe
  2⤵
  PID:7852
- C:\Windows\System\VqluWpz.exe
  C:\Windows\System\VqluWpz.exe
  2⤵
  PID:7872
- C:\Windows\System\fTApOTf.exe
  C:\Windows\System\fTApOTf.exe
  2⤵
  PID:7892
- C:\Windows\System\OPYvSdK.exe
  C:\Windows\System\OPYvSdK.exe
  2⤵
  PID:7912
- C:\Windows\System\wwscBqo.exe
  C:\Windows\System\wwscBqo.exe
  2⤵
  PID:7928
- C:\Windows\System\ZmWrpyl.exe
  C:\Windows\System\ZmWrpyl.exe
  2⤵
  PID:7956
- C:\Windows\System\ovGZNvJ.exe
  C:\Windows\System\ovGZNvJ.exe
  2⤵
  PID:7976
- C:\Windows\System\wrTojeG.exe
  C:\Windows\System\wrTojeG.exe
  2⤵
  PID:8000
- C:\Windows\System\RaWRjfj.exe
  C:\Windows\System\RaWRjfj.exe
  2⤵
  PID:8016
- C:\Windows\System\PTxtztw.exe
  C:\Windows\System\PTxtztw.exe
  2⤵
  PID:8032
- C:\Windows\System\PXVRYcy.exe
  C:\Windows\System\PXVRYcy.exe
  2⤵
  PID:8048
- C:\Windows\System\eSbpcFM.exe
  C:\Windows\System\eSbpcFM.exe
  2⤵
  PID:8072
- C:\Windows\System\bOoZJOZ.exe
  C:\Windows\System\bOoZJOZ.exe
  2⤵
  PID:8088
- C:\Windows\System\riWnlIb.exe
  C:\Windows\System\riWnlIb.exe
  2⤵
  PID:8112
- C:\Windows\System\XTYzUvE.exe
  C:\Windows\System\XTYzUvE.exe
  2⤵
  PID:8132
- C:\Windows\System\KGkmxpz.exe
  C:\Windows\System\KGkmxpz.exe
  2⤵
  PID:8156
- C:\Windows\System\vffHZus.exe
  C:\Windows\System\vffHZus.exe
  2⤵
  PID:8180
- C:\Windows\System\ULtQKWT.exe
  C:\Windows\System\ULtQKWT.exe
  2⤵
  PID:7184
- C:\Windows\System\HLWxcDm.exe
  C:\Windows\System\HLWxcDm.exe
  2⤵
  PID:6884
- C:\Windows\System\BGUwBeM.exe
  C:\Windows\System\BGUwBeM.exe
  2⤵
  PID:7220
- C:\Windows\System\LXtqEzL.exe
  C:\Windows\System\LXtqEzL.exe
  2⤵
  PID:7264
- C:\Windows\System\RVsIQdi.exe
  C:\Windows\System\RVsIQdi.exe
  2⤵
  PID:6496
- C:\Windows\System\amofzez.exe
  C:\Windows\System\amofzez.exe
  2⤵
  PID:7204
- C:\Windows\System\hecHyrB.exe
  C:\Windows\System\hecHyrB.exe
  2⤵
  PID:7428
- C:\Windows\System\wgJFsxS.exe
  C:\Windows\System\wgJFsxS.exe
  2⤵
  PID:7244
- C:\Windows\System\RzvngGu.exe
  C:\Windows\System\RzvngGu.exe
  2⤵
  PID:7284
- C:\Windows\System\PLdQvIr.exe
  C:\Windows\System\PLdQvIr.exe
  2⤵
  PID:7324
- C:\Windows\System\FcCCkvJ.exe
  C:\Windows\System\FcCCkvJ.exe
  2⤵
  PID:7364
- C:\Windows\System\BlCjUcT.exe
  C:\Windows\System\BlCjUcT.exe
  2⤵
  PID:7440
- C:\Windows\System\QtcqQri.exe
  C:\Windows\System\QtcqQri.exe
  2⤵
  PID:7480
- C:\Windows\System\VLSXHAY.exe
  C:\Windows\System\VLSXHAY.exe
  2⤵
  PID:7524
- C:\Windows\System\yWgeSYh.exe
  C:\Windows\System\yWgeSYh.exe
  2⤵
  PID:7568
- C:\Windows\System\ScdZYbu.exe
  C:\Windows\System\ScdZYbu.exe
  2⤵
  PID:7632
- C:\Windows\System\xZBvnwd.exe
  C:\Windows\System\xZBvnwd.exe
  2⤵
  PID:7604
- C:\Windows\System\NpzltsK.exe
  C:\Windows\System\NpzltsK.exe
  2⤵
  PID:7672
- C:\Windows\System\GutTRfm.exe
  C:\Windows\System\GutTRfm.exe
  2⤵
  PID:7684
- C:\Windows\System\YBuqwoJ.exe
  C:\Windows\System\YBuqwoJ.exe
  2⤵
  PID:7728
- C:\Windows\System\ZeMloJj.exe
  C:\Windows\System\ZeMloJj.exe
  2⤵
  PID:7760
- C:\Windows\System\ZyjvJTa.exe
  C:\Windows\System\ZyjvJTa.exe
  2⤵
  PID:7808
- C:\Windows\System\lXYSltT.exe
  C:\Windows\System\lXYSltT.exe
  2⤵
  PID:7860
- C:\Windows\System\QyoNDTI.exe
  C:\Windows\System\QyoNDTI.exe
  2⤵
  PID:7904
- C:\Windows\System\kTWBHsa.exe
  C:\Windows\System\kTWBHsa.exe
  2⤵
  PID:7920
- C:\Windows\System\qXcqImR.exe
  C:\Windows\System\qXcqImR.exe
  2⤵
  PID:7880
- C:\Windows\System\rWOdasV.exe
  C:\Windows\System\rWOdasV.exe
  2⤵
  PID:1580
- C:\Windows\System\ulWZZJc.exe
  C:\Windows\System\ulWZZJc.exe
  2⤵
  PID:8068
- C:\Windows\System\fQukPFc.exe
  C:\Windows\System\fQukPFc.exe
  2⤵
  PID:8096
- C:\Windows\System\rehuBlb.exe
  C:\Windows\System\rehuBlb.exe
  2⤵
  PID:8144
- C:\Windows\System\ntTEQGA.exe
  C:\Windows\System\ntTEQGA.exe
  2⤵
  PID:8008
- C:\Windows\System\tdeVISS.exe
  C:\Windows\System\tdeVISS.exe
  2⤵
  PID:7176
- C:\Windows\System\uXtfYne.exe
  C:\Windows\System\uXtfYne.exe
  2⤵
  PID:8128
- C:\Windows\System\PhJdhHW.exe
  C:\Windows\System\PhJdhHW.exe
  2⤵
  PID:6492
- C:\Windows\System\TvlChjM.exe
  C:\Windows\System\TvlChjM.exe
  2⤵
  PID:7180
- C:\Windows\System\cyoUgUB.exe
  C:\Windows\System\cyoUgUB.exe
  2⤵
  PID:6948
- C:\Windows\System\dcNapdt.exe
  C:\Windows\System\dcNapdt.exe
  2⤵
  PID:7344
- C:\Windows\System\JOCEwQe.exe
  C:\Windows\System\JOCEwQe.exe
  2⤵
  PID:7280
- C:\Windows\System\spjsNgr.exe
  C:\Windows\System\spjsNgr.exe
  2⤵
  PID:7504
- C:\Windows\System\xVezlBj.exe
  C:\Windows\System\xVezlBj.exe
  2⤵
  PID:7484
- C:\Windows\System\UheoRxO.exe
  C:\Windows\System\UheoRxO.exe
  2⤵
  PID:7400
- C:\Windows\System\ZCMdeSQ.exe
  C:\Windows\System\ZCMdeSQ.exe
  2⤵
  PID:7488
- C:\Windows\System\qwHmHoq.exe
  C:\Windows\System\qwHmHoq.exe
  2⤵
  PID:7588
- C:\Windows\System\ELAcAsL.exe
  C:\Windows\System\ELAcAsL.exe
  2⤵
  PID:7652
- C:\Windows\System\OGrbjik.exe
  C:\Windows\System\OGrbjik.exe
  2⤵
  PID:7768
- C:\Windows\System\WbmmPVc.exe
  C:\Windows\System\WbmmPVc.exe
  2⤵
  PID:7832
- C:\Windows\System\pphTrHZ.exe
  C:\Windows\System\pphTrHZ.exe
  2⤵
  PID:7732
- C:\Windows\System\gMogquu.exe
  C:\Windows\System\gMogquu.exe
  2⤵
  PID:7992
- C:\Windows\System\dFkNTUT.exe
  C:\Windows\System\dFkNTUT.exe
  2⤵
  PID:7940
- C:\Windows\System\VbaDhfg.exe
  C:\Windows\System\VbaDhfg.exe
  2⤵
  PID:7952
- C:\Windows\System\KkUONnl.exe
  C:\Windows\System\KkUONnl.exe
  2⤵
  PID:8152
- C:\Windows\System\NcYQkbU.exe
  C:\Windows\System\NcYQkbU.exe
  2⤵
  PID:8124
- C:\Windows\System\mpiGhXQ.exe
  C:\Windows\System\mpiGhXQ.exe
  2⤵
  PID:8140
- C:\Windows\System\MFMxZJV.exe
  C:\Windows\System\MFMxZJV.exe
  2⤵
  PID:4420
- C:\Windows\System\JJmBDaG.exe
  C:\Windows\System\JJmBDaG.exe
  2⤵
  PID:7424
- C:\Windows\System\qwAwJyN.exe
  C:\Windows\System\qwAwJyN.exe
  2⤵
  PID:7360
- C:\Windows\System\iZfkXBF.exe
  C:\Windows\System\iZfkXBF.exe
  2⤵
  PID:7316
- C:\Windows\System\VmUwOas.exe
  C:\Windows\System\VmUwOas.exe
  2⤵
  PID:7608
- C:\Windows\System\FMZkZeq.exe
  C:\Windows\System\FMZkZeq.exe
  2⤵
  PID:7476
- C:\Windows\System\dKruItx.exe
  C:\Windows\System\dKruItx.exe
  2⤵
  PID:7788
- C:\Windows\System\IiRdwLu.exe
  C:\Windows\System\IiRdwLu.exe
  2⤵
  PID:7552
- C:\Windows\System\qwWKbTB.exe
  C:\Windows\System\qwWKbTB.exe
  2⤵
  PID:7192
- C:\Windows\System\EKdeKqq.exe
  C:\Windows\System\EKdeKqq.exe
  2⤵
  PID:7828
- C:\Windows\System\FBmNQAc.exe
  C:\Windows\System\FBmNQAc.exe
  2⤵
  PID:7968
- C:\Windows\System\VgqSOnQ.exe
  C:\Windows\System\VgqSOnQ.exe
  2⤵
  PID:8120
- C:\Windows\System\chWGxCL.exe
  C:\Windows\System\chWGxCL.exe
  2⤵
  PID:7416
- C:\Windows\System\fJwapZW.exe
  C:\Windows\System\fJwapZW.exe
  2⤵
  PID:6176
- C:\Windows\System\wMYUFBs.exe
  C:\Windows\System\wMYUFBs.exe
  2⤵
  PID:7708
- C:\Windows\System\vfGUaZS.exe
  C:\Windows\System\vfGUaZS.exe
  2⤵
  PID:8028
- C:\Windows\System\kfzcEkq.exe
  C:\Windows\System\kfzcEkq.exe
  2⤵
  PID:7612
- C:\Windows\System\rlzbXau.exe
  C:\Windows\System\rlzbXau.exe
  2⤵
  PID:7748
- C:\Windows\System\HDXunWX.exe
  C:\Windows\System\HDXunWX.exe
  2⤵
  PID:6740
- C:\Windows\System\OTBGjUi.exe
  C:\Windows\System\OTBGjUi.exe
  2⤵
  PID:8108
- C:\Windows\System\hdmvodS.exe
  C:\Windows\System\hdmvodS.exe
  2⤵
  PID:7532
- C:\Windows\System\dzLSJBF.exe
  C:\Windows\System\dzLSJBF.exe
  2⤵
  PID:7816
- C:\Windows\System\JteOgQC.exe
  C:\Windows\System\JteOgQC.exe
  2⤵
  PID:7792
- C:\Windows\System\mBbOWvA.exe
  C:\Windows\System\mBbOWvA.exe
  2⤵
  PID:7900
- C:\Windows\System\QAOQrgS.exe
  C:\Windows\System\QAOQrgS.exe
  2⤵
  PID:6344
- C:\Windows\System\srDUNWN.exe
  C:\Windows\System\srDUNWN.exe
  2⤵
  PID:7668
- C:\Windows\System\iebMedf.exe
  C:\Windows\System\iebMedf.exe
  2⤵
  PID:8196
- C:\Windows\System\MOUKlxO.exe
  C:\Windows\System\MOUKlxO.exe
  2⤵
  PID:8212
- C:\Windows\System\PbDnWYa.exe
  C:\Windows\System\PbDnWYa.exe
  2⤵
  PID:8228
- C:\Windows\System\pUQVDiZ.exe
  C:\Windows\System\pUQVDiZ.exe
  2⤵
  PID:8244
- C:\Windows\System\aMNsixp.exe
  C:\Windows\System\aMNsixp.exe
  2⤵
  PID:8260
- C:\Windows\System\dWqubfm.exe
  C:\Windows\System\dWqubfm.exe
  2⤵
  PID:8280
- C:\Windows\System\gxJjxLf.exe
  C:\Windows\System\gxJjxLf.exe
  2⤵
  PID:8308
- C:\Windows\System\rGsDaPg.exe
  C:\Windows\System\rGsDaPg.exe
  2⤵
  PID:8324
- C:\Windows\System\oUdLRPi.exe
  C:\Windows\System\oUdLRPi.exe
  2⤵
  PID:8344
- C:\Windows\System\AETqtEy.exe
  C:\Windows\System\AETqtEy.exe
  2⤵
  PID:8368
- C:\Windows\System\rqRYitb.exe
  C:\Windows\System\rqRYitb.exe
  2⤵
  PID:8388
- C:\Windows\System\WLsdkZZ.exe
  C:\Windows\System\WLsdkZZ.exe
  2⤵
  PID:8404
- C:\Windows\System\nfFGdzm.exe
  C:\Windows\System\nfFGdzm.exe
  2⤵
  PID:8428
- C:\Windows\System\dCqnXQl.exe
  C:\Windows\System\dCqnXQl.exe
  2⤵
  PID:8476
- C:\Windows\System\widnhQD.exe
  C:\Windows\System\widnhQD.exe
  2⤵
  PID:8508
- C:\Windows\System\vcqirTa.exe
  C:\Windows\System\vcqirTa.exe
  2⤵
  PID:8524
- C:\Windows\System\ARafUrQ.exe
  C:\Windows\System\ARafUrQ.exe
  2⤵
  PID:8544
- C:\Windows\System\GJXetHh.exe
  C:\Windows\System\GJXetHh.exe
  2⤵
  PID:8564
- C:\Windows\System\txWzPGW.exe
  C:\Windows\System\txWzPGW.exe
  2⤵
  PID:8580
- C:\Windows\System\ZWkPZMK.exe
  C:\Windows\System\ZWkPZMK.exe
  2⤵
  PID:8596
- C:\Windows\System\aJZEAOO.exe
  C:\Windows\System\aJZEAOO.exe
  2⤵
  PID:8612
- C:\Windows\System\BLDojuR.exe
  C:\Windows\System\BLDojuR.exe
  2⤵
  PID:8628
- C:\Windows\System\HZNpZZf.exe
  C:\Windows\System\HZNpZZf.exe
  2⤵
  PID:8644
- C:\Windows\System\WShQOdy.exe
  C:\Windows\System\WShQOdy.exe
  2⤵
  PID:8660
- C:\Windows\System\XAUvkMM.exe
  C:\Windows\System\XAUvkMM.exe
  2⤵
  PID:8676
- C:\Windows\System\LROtvYB.exe
  C:\Windows\System\LROtvYB.exe
  2⤵
  PID:8692
- C:\Windows\System\eRXLnxL.exe
  C:\Windows\System\eRXLnxL.exe
  2⤵
  PID:8708
- C:\Windows\System\vFRHFtE.exe
  C:\Windows\System\vFRHFtE.exe
  2⤵
  PID:8724
- C:\Windows\System\wEPbFbw.exe
  C:\Windows\System\wEPbFbw.exe
  2⤵
  PID:8740
- C:\Windows\System\NQLXPVv.exe
  C:\Windows\System\NQLXPVv.exe
  2⤵
  PID:8760
- C:\Windows\System\LPgdOqS.exe
  C:\Windows\System\LPgdOqS.exe
  2⤵
  PID:8776
- C:\Windows\System\twJSMtQ.exe
  C:\Windows\System\twJSMtQ.exe
  2⤵
  PID:8792
- C:\Windows\System\MUkMaTa.exe
  C:\Windows\System\MUkMaTa.exe
  2⤵
  PID:8812
- C:\Windows\System\PDClVYZ.exe
  C:\Windows\System\PDClVYZ.exe
  2⤵
  PID:8892
- C:\Windows\System\QUXSrvi.exe
  C:\Windows\System\QUXSrvi.exe
  2⤵
  PID:8908
- C:\Windows\System\rCaXXrc.exe
  C:\Windows\System\rCaXXrc.exe
  2⤵
  PID:8932
- C:\Windows\System\dipcoJH.exe
  C:\Windows\System\dipcoJH.exe
  2⤵
  PID:8948
- C:\Windows\System\swMevij.exe
  C:\Windows\System\swMevij.exe
  2⤵
  PID:8968
- C:\Windows\System\XVudKgD.exe
  C:\Windows\System\XVudKgD.exe
  2⤵
  PID:8984
- C:\Windows\System\uSBCBng.exe
  C:\Windows\System\uSBCBng.exe
  2⤵
  PID:9000
- C:\Windows\System\ZistGID.exe
  C:\Windows\System\ZistGID.exe
  2⤵
  PID:9020
- C:\Windows\System\sKanTlF.exe
  C:\Windows\System\sKanTlF.exe
  2⤵
  PID:9036
- C:\Windows\System\olQUMCi.exe
  C:\Windows\System\olQUMCi.exe
  2⤵
  PID:9052
- C:\Windows\System\pTQcwxA.exe
  C:\Windows\System\pTQcwxA.exe
  2⤵
  PID:9068
- C:\Windows\System\KJqXdqr.exe
  C:\Windows\System\KJqXdqr.exe
  2⤵
  PID:9084
- C:\Windows\System\yylRlAB.exe
  C:\Windows\System\yylRlAB.exe
  2⤵
  PID:9112
- C:\Windows\System\NfVdCKh.exe
  C:\Windows\System\NfVdCKh.exe
  2⤵
  PID:9128
- C:\Windows\System\GoqZYDj.exe
  C:\Windows\System\GoqZYDj.exe
  2⤵
  PID:9148
- C:\Windows\System\dPfMKoQ.exe
  C:\Windows\System\dPfMKoQ.exe
  2⤵
  PID:9196
- C:\Windows\System\EIfNsZg.exe
  C:\Windows\System\EIfNsZg.exe
  2⤵
  PID:8204
- C:\Windows\System\OkgwUoJ.exe
  C:\Windows\System\OkgwUoJ.exe
  2⤵
  PID:7772
- C:\Windows\System\noXtYjI.exe
  C:\Windows\System\noXtYjI.exe
  2⤵
  PID:7628
- C:\Windows\System\HjmuDIP.exe
  C:\Windows\System\HjmuDIP.exe
  2⤵
  PID:8320
- C:\Windows\System\VCLFIsm.exe
  C:\Windows\System\VCLFIsm.exe
  2⤵
  PID:8316
- C:\Windows\System\egysKDM.exe
  C:\Windows\System\egysKDM.exe
  2⤵
  PID:8364
- C:\Windows\System\pjNvEFG.exe
  C:\Windows\System\pjNvEFG.exe
  2⤵
  PID:8440
- C:\Windows\System\USQCBWA.exe
  C:\Windows\System\USQCBWA.exe
  2⤵
  PID:8256
- C:\Windows\System\izMNYAU.exe
  C:\Windows\System\izMNYAU.exe
  2⤵
  PID:8332
- C:\Windows\System\ogNItBZ.exe
  C:\Windows\System\ogNItBZ.exe
  2⤵
  PID:8380
- C:\Windows\System\iumkQdh.exe
  C:\Windows\System\iumkQdh.exe
  2⤵
  PID:8420
- C:\Windows\System\hXlUWEs.exe
  C:\Windows\System\hXlUWEs.exe
  2⤵
  PID:8484
- C:\Windows\System\uZzzIBx.exe
  C:\Windows\System\uZzzIBx.exe
  2⤵
  PID:8496
- C:\Windows\System\OwmpFtu.exe
  C:\Windows\System\OwmpFtu.exe
  2⤵
  PID:8540
- C:\Windows\System\ZCepREy.exe
  C:\Windows\System\ZCepREy.exe
  2⤵
  PID:8572
- C:\Windows\System\fZzJwtV.exe
  C:\Windows\System\fZzJwtV.exe
  2⤵
  PID:8620
- C:\Windows\System\vRGFwvF.exe
  C:\Windows\System\vRGFwvF.exe
  2⤵
  PID:8672
- C:\Windows\System\LqQzFHV.exe
  C:\Windows\System\LqQzFHV.exe
  2⤵
  PID:8736
- C:\Windows\System\lPZsVwQ.exe
  C:\Windows\System\lPZsVwQ.exe
  2⤵
  PID:8784
- C:\Windows\System\oaraQrz.exe
  C:\Windows\System\oaraQrz.exe
  2⤵
  PID:8804
- C:\Windows\System\uRvmZTp.exe
  C:\Windows\System\uRvmZTp.exe
  2⤵
  PID:8824
- C:\Windows\System\brLCCly.exe
  C:\Windows\System\brLCCly.exe
  2⤵
  PID:8848
- C:\Windows\System\PQnwhqb.exe
  C:\Windows\System\PQnwhqb.exe
  2⤵
  PID:8864
- C:\Windows\System\NbUGmDI.exe
  C:\Windows\System\NbUGmDI.exe
  2⤵
  PID:8904
- C:\Windows\System\QwAmdNt.exe
  C:\Windows\System\QwAmdNt.exe
  2⤵
  PID:8944
- C:\Windows\System\FKwUneC.exe
  C:\Windows\System\FKwUneC.exe
  2⤵
  PID:8976
- C:\Windows\System\uwcuhoF.exe
  C:\Windows\System\uwcuhoF.exe
  2⤵
  PID:9028
- C:\Windows\System\QLUviuF.exe
  C:\Windows\System\QLUviuF.exe
  2⤵
  PID:9100
- C:\Windows\System\IcsDuZX.exe
  C:\Windows\System\IcsDuZX.exe
  2⤵
  PID:9140
- C:\Windows\System\MYpXDFu.exe
  C:\Windows\System\MYpXDFu.exe
  2⤵
  PID:9016
- C:\Windows\System\duxEIBq.exe
  C:\Windows\System\duxEIBq.exe
  2⤵
  PID:9120
- C:\Windows\System\YiYnMCC.exe
  C:\Windows\System\YiYnMCC.exe
  2⤵
  PID:9044
- C:\Windows\System\VewMzHN.exe
  C:\Windows\System\VewMzHN.exe
  2⤵
  PID:8844
- C:\Windows\System\EjJKNTV.exe
  C:\Windows\System\EjJKNTV.exe
  2⤵
  PID:9208
- C:\Windows\System\jmJZvPQ.exe
  C:\Windows\System\jmJZvPQ.exe
  2⤵
  PID:8272
- C:\Windows\System\fAJIANI.exe
  C:\Windows\System\fAJIANI.exe
  2⤵
  PID:8220
- C:\Windows\System\bRacMut.exe
  C:\Windows\System\bRacMut.exe
  2⤵
  PID:8456
- C:\Windows\System\dnkJEHm.exe
  C:\Windows\System\dnkJEHm.exe
  2⤵
  PID:8252
- C:\Windows\System\rhXjMay.exe
  C:\Windows\System\rhXjMay.exe
  2⤵
  PID:8412
- C:\Windows\System\OwcJZIi.exe
  C:\Windows\System\OwcJZIi.exe
  2⤵
  PID:8468
- C:\Windows\System\UwrZbYW.exe
  C:\Windows\System\UwrZbYW.exe
  2⤵
  PID:8504
- C:\Windows\System\EkZDfOW.exe
  C:\Windows\System\EkZDfOW.exe
  2⤵
  PID:8624
- C:\Windows\System\huJtmVK.exe
  C:\Windows\System\huJtmVK.exe
  2⤵
  PID:8640
- C:\Windows\System\vwXgLCH.exe
  C:\Windows\System\vwXgLCH.exe
  2⤵
  PID:8756
- C:\Windows\System\dectmvW.exe
  C:\Windows\System\dectmvW.exe
  2⤵
  PID:8832
- C:\Windows\System\CGvruTZ.exe
  C:\Windows\System\CGvruTZ.exe
  2⤵
  PID:8856
- C:\Windows\System\zXXaLXs.exe
  C:\Windows\System\zXXaLXs.exe
  2⤵
  PID:8940
- C:\Windows\System\OYxyxfK.exe
  C:\Windows\System\OYxyxfK.exe
  2⤵
  PID:9076
- C:\Windows\System\hIooVAp.exe
  C:\Windows\System\hIooVAp.exe
  2⤵
  PID:9176
- C:\Windows\System\gOmzYxj.exe
  C:\Windows\System\gOmzYxj.exe
  2⤵
  PID:7848
- C:\Windows\System\aJOdQXn.exe
  C:\Windows\System\aJOdQXn.exe
  2⤵
  PID:8964
- C:\Windows\System\jPdvNnI.exe
  C:\Windows\System\jPdvNnI.exe
  2⤵
  PID:9160
- C:\Windows\System\sdMRhgX.exe
  C:\Windows\System\sdMRhgX.exe
  2⤵
  PID:8980
- C:\Windows\System\NIkUzIU.exe
  C:\Windows\System\NIkUzIU.exe
  2⤵
  PID:8296
- C:\Windows\System\KtxCQto.exe
  C:\Windows\System\KtxCQto.exe
  2⤵
  PID:8300
- C:\Windows\System\MVevToF.exe
  C:\Windows\System\MVevToF.exe
  2⤵
  PID:8556
- C:\Windows\System\VJMdhCS.exe
  C:\Windows\System\VJMdhCS.exe
  2⤵
  PID:8720
- C:\Windows\System\pyWGtBF.exe
  C:\Windows\System\pyWGtBF.exe
  2⤵
  PID:8704
- C:\Windows\System\intGjox.exe
  C:\Windows\System\intGjox.exe
  2⤵
  PID:8768
- C:\Windows\System\lGxQeLL.exe
  C:\Windows\System\lGxQeLL.exe
  2⤵
  PID:8888
- C:\Windows\System\KilKaJJ.exe
  C:\Windows\System\KilKaJJ.exe
  2⤵
  PID:9124
- C:\Windows\System\aJLbmXn.exe
  C:\Windows\System\aJLbmXn.exe
  2⤵
  PID:8960
- C:\Windows\System\WaDlTdi.exe
  C:\Windows\System\WaDlTdi.exe
  2⤵
  PID:9212
- C:\Windows\System\yKSBzWY.exe
  C:\Windows\System\yKSBzWY.exe
  2⤵
  PID:9204
- C:\Windows\System\HDJvzDZ.exe
  C:\Windows\System\HDJvzDZ.exe
  2⤵
  PID:8656
- C:\Windows\System\KQFZPVq.exe
  C:\Windows\System\KQFZPVq.exe
  2⤵
  PID:8560
- C:\Windows\System\UwDKOIy.exe
  C:\Windows\System\UwDKOIy.exe
  2⤵
  PID:8880
- C:\Windows\System\mQZrbXM.exe
  C:\Windows\System\mQZrbXM.exe
  2⤵
  PID:9104
- C:\Windows\System\RJJMMhq.exe
  C:\Windows\System\RJJMMhq.exe
  2⤵
  PID:9012
- C:\Windows\System\nylkpDE.exe
  C:\Windows\System\nylkpDE.exe
  2⤵
  PID:8400
- C:\Windows\System\tkLKWIj.exe
  C:\Windows\System\tkLKWIj.exe
  2⤵
  PID:8340
- C:\Windows\System\qnXWOoR.exe
  C:\Windows\System\qnXWOoR.exe
  2⤵
  PID:8808
- C:\Windows\System\pYbXDQY.exe
  C:\Windows\System\pYbXDQY.exe
  2⤵
  PID:8828
- C:\Windows\System\NIGjgQV.exe
  C:\Windows\System\NIGjgQV.exe
  2⤵
  PID:8240
- C:\Windows\System\UGTffQx.exe
  C:\Windows\System\UGTffQx.exe
  2⤵
  PID:8588
- C:\Windows\System\QcJhROs.exe
  C:\Windows\System\QcJhROs.exe
  2⤵
  PID:8176
- C:\Windows\System\iZOtsqj.exe
  C:\Windows\System\iZOtsqj.exe
  2⤵
  PID:9248
- C:\Windows\System\jyWVzjt.exe
  C:\Windows\System\jyWVzjt.exe
  2⤵
  PID:9264
- C:\Windows\System\FEBHSTy.exe
  C:\Windows\System\FEBHSTy.exe
  2⤵
  PID:9280
- C:\Windows\System\BApjdUH.exe
  C:\Windows\System\BApjdUH.exe
  2⤵
  PID:9296
- C:\Windows\System\UfpYgim.exe
  C:\Windows\System\UfpYgim.exe
  2⤵
  PID:9312
- C:\Windows\System\rmYBkMp.exe
  C:\Windows\System\rmYBkMp.exe
  2⤵
  PID:9336
- C:\Windows\System\KGUWpAD.exe
  C:\Windows\System\KGUWpAD.exe
  2⤵
  PID:9356
- C:\Windows\System\QqiDMJD.exe
  C:\Windows\System\QqiDMJD.exe
  2⤵
  PID:9376
- C:\Windows\System\oazPmmE.exe
  C:\Windows\System\oazPmmE.exe
  2⤵
  PID:9408
- C:\Windows\System\kIFlNnc.exe
  C:\Windows\System\kIFlNnc.exe
  2⤵
  PID:9428
- C:\Windows\System\WQqgQOc.exe
  C:\Windows\System\WQqgQOc.exe
  2⤵
  PID:9444
- C:\Windows\System\jSWQmYy.exe
  C:\Windows\System\jSWQmYy.exe
  2⤵
  PID:9464
- C:\Windows\System\CHYXpKh.exe
  C:\Windows\System\CHYXpKh.exe
  2⤵
  PID:9484
- C:\Windows\System\YjOJwDQ.exe
  C:\Windows\System\YjOJwDQ.exe
  2⤵
  PID:9504
- C:\Windows\System\YSzsmph.exe
  C:\Windows\System\YSzsmph.exe
  2⤵
  PID:9520
- C:\Windows\System\PObPslG.exe
  C:\Windows\System\PObPslG.exe
  2⤵
  PID:9540
- C:\Windows\System\crodRsA.exe
  C:\Windows\System\crodRsA.exe
  2⤵
  PID:9556
- C:\Windows\System\zFaAmyD.exe
  C:\Windows\System\zFaAmyD.exe
  2⤵
  PID:9572
- C:\Windows\System\sbEhBrw.exe
  C:\Windows\System\sbEhBrw.exe
  2⤵
  PID:9600
- C:\Windows\System\CvclKEc.exe
  C:\Windows\System\CvclKEc.exe
  2⤵
  PID:9616
- C:\Windows\System\fSGxnvo.exe
  C:\Windows\System\fSGxnvo.exe
  2⤵
  PID:9632
- C:\Windows\System\cRzzlnh.exe
  C:\Windows\System\cRzzlnh.exe
  2⤵
  PID:9656
- C:\Windows\System\mKtAcaL.exe
  C:\Windows\System\mKtAcaL.exe
  2⤵
  PID:9672
- C:\Windows\System\TgeDqdc.exe
  C:\Windows\System\TgeDqdc.exe
  2⤵
  PID:9688
- C:\Windows\System\hNwFcpN.exe
  C:\Windows\System\hNwFcpN.exe
  2⤵
  PID:9704
- C:\Windows\System\VLIlghb.exe
  C:\Windows\System\VLIlghb.exe
  2⤵
  PID:9720
- C:\Windows\System\fzRLzAt.exe
  C:\Windows\System\fzRLzAt.exe
  2⤵
  PID:9740
- C:\Windows\System\PBWdGwr.exe
  C:\Windows\System\PBWdGwr.exe
  2⤵
  PID:9760
- C:\Windows\System\wdABkQV.exe
  C:\Windows\System\wdABkQV.exe
  2⤵
  PID:9804
- C:\Windows\System\TYBYiml.exe
  C:\Windows\System\TYBYiml.exe
  2⤵
  PID:9820
- C:\Windows\System\boDhSTA.exe
  C:\Windows\System\boDhSTA.exe
  2⤵
  PID:9848
- C:\Windows\System\eHPGOhA.exe
  C:\Windows\System\eHPGOhA.exe
  2⤵
  PID:9872
- C:\Windows\System\KVooMvy.exe
  C:\Windows\System\KVooMvy.exe
  2⤵
  PID:9888
- C:\Windows\System\pINqnVq.exe
  C:\Windows\System\pINqnVq.exe
  2⤵
  PID:9908
- C:\Windows\System\ZIMwjnT.exe
  C:\Windows\System\ZIMwjnT.exe
  2⤵
  PID:9924
- C:\Windows\System\QKANLaK.exe
  C:\Windows\System\QKANLaK.exe
  2⤵
  PID:9940
- C:\Windows\System\SnryNNf.exe
  C:\Windows\System\SnryNNf.exe
  2⤵
  PID:9964
- C:\Windows\System\NMzVhxF.exe
  C:\Windows\System\NMzVhxF.exe
  2⤵
  PID:9984
- C:\Windows\System\KtApMob.exe
  C:\Windows\System\KtApMob.exe
  2⤵
  PID:10004
- C:\Windows\System\dfmiLif.exe
  C:\Windows\System\dfmiLif.exe
  2⤵
  PID:10020
- C:\Windows\System\cxSNpQO.exe
  C:\Windows\System\cxSNpQO.exe
  2⤵
  PID:10052
- C:\Windows\System\maKnWcC.exe
  C:\Windows\System\maKnWcC.exe
  2⤵
  PID:10068
- C:\Windows\System\ZyImwra.exe
  C:\Windows\System\ZyImwra.exe
  2⤵
  PID:10092
- C:\Windows\System\lhPTOvj.exe
  C:\Windows\System\lhPTOvj.exe
  2⤵
  PID:10108
- C:\Windows\System\hbnToYK.exe
  C:\Windows\System\hbnToYK.exe
  2⤵
  PID:10136
- C:\Windows\System\ODzqdjz.exe
  C:\Windows\System\ODzqdjz.exe
  2⤵
  PID:10152
- C:\Windows\System\sPNNxAE.exe
  C:\Windows\System\sPNNxAE.exe
  2⤵
  PID:10168
- C:\Windows\System\NKQENxi.exe
  C:\Windows\System\NKQENxi.exe
  2⤵
  PID:10184
- C:\Windows\System\ufalGEB.exe
  C:\Windows\System\ufalGEB.exe
  2⤵
  PID:10204
- C:\Windows\System\GNBJXwj.exe
  C:\Windows\System\GNBJXwj.exe
  2⤵
  PID:10220
- C:\Windows\System\KZgvLbr.exe
  C:\Windows\System\KZgvLbr.exe
  2⤵
  PID:8472
- C:\Windows\System\IRTYLTM.exe
  C:\Windows\System\IRTYLTM.exe
  2⤵
  PID:8304
- C:\Windows\System\BffcHuJ.exe
  C:\Windows\System\BffcHuJ.exe
  2⤵
  PID:9244
- C:\Windows\System\OQzSBsw.exe
  C:\Windows\System\OQzSBsw.exe
  2⤵
  PID:9348
- C:\Windows\System\OduYnkd.exe
  C:\Windows\System\OduYnkd.exe
  2⤵
  PID:9292
- C:\Windows\System\wUgwLnk.exe
  C:\Windows\System\wUgwLnk.exe
  2⤵
  PID:9324
- C:\Windows\System\GZCYgBH.exe
  C:\Windows\System\GZCYgBH.exe
  2⤵
  PID:9368
- C:\Windows\System\XwkkFES.exe
  C:\Windows\System\XwkkFES.exe
  2⤵
  PID:9416
- C:\Windows\System\JHuFVhn.exe
  C:\Windows\System\JHuFVhn.exe
  2⤵
  PID:9452
- C:\Windows\System\dDQdGoi.exe
  C:\Windows\System\dDQdGoi.exe
  2⤵
  PID:9512
- C:\Windows\System\bdeQOZS.exe
  C:\Windows\System\bdeQOZS.exe
  2⤵
  PID:9584
- C:\Windows\System\HkNfjxA.exe
  C:\Windows\System\HkNfjxA.exe
  2⤵
  PID:9624
- C:\Windows\System\DGWwEZB.exe
  C:\Windows\System\DGWwEZB.exe
  2⤵
  PID:9536
- C:\Windows\System\KIhWoEW.exe
  C:\Windows\System\KIhWoEW.exe
  2⤵
  PID:9732
- C:\Windows\System\AfWegJU.exe
  C:\Windows\System\AfWegJU.exe
  2⤵
  PID:9700
- C:\Windows\System\HXDxrxZ.exe
  C:\Windows\System\HXDxrxZ.exe
  2⤵
  PID:9776
- C:\Windows\System\YgAXxmM.exe
  C:\Windows\System\YgAXxmM.exe
  2⤵
  PID:9684
- C:\Windows\System\onKrMSF.exe
  C:\Windows\System\onKrMSF.exe
  2⤵
  PID:9680
- C:\Windows\System\xwfrVpF.exe
  C:\Windows\System\xwfrVpF.exe
  2⤵
  PID:9748
- C:\Windows\System\RjCseEU.exe
  C:\Windows\System\RjCseEU.exe
  2⤵
  PID:9648
- C:\Windows\System\smtlJfi.exe
  C:\Windows\System\smtlJfi.exe
  2⤵
  PID:9816
- C:\Windows\System\gBdgpAJ.exe
  C:\Windows\System\gBdgpAJ.exe
  2⤵
  PID:9856
- C:\Windows\System\nvEKDwI.exe
  C:\Windows\System\nvEKDwI.exe
  2⤵
  PID:9916
- C:\Windows\System\FrzIsFH.exe
  C:\Windows\System\FrzIsFH.exe
  2⤵
  PID:9904
- C:\Windows\System\JPGYZTf.exe
  C:\Windows\System\JPGYZTf.exe
  2⤵
  PID:10000
- C:\Windows\System\aSFWNJA.exe
  C:\Windows\System\aSFWNJA.exe
  2⤵
  PID:10012
- C:\Windows\System\UQJSzAw.exe
  C:\Windows\System\UQJSzAw.exe
  2⤵
  PID:9980
- C:\Windows\System\EMFHDqi.exe
  C:\Windows\System\EMFHDqi.exe
  2⤵
  PID:10044
- C:\Windows\System\SlAhBxR.exe
  C:\Windows\System\SlAhBxR.exe
  2⤵
  PID:10120
- C:\Windows\System\WjOvLly.exe
  C:\Windows\System\WjOvLly.exe
  2⤵
  PID:10192
- C:\Windows\System\VqmVGjG.exe
  C:\Windows\System\VqmVGjG.exe
  2⤵
  PID:10200
- C:\Windows\System\htyIKrG.exe
  C:\Windows\System\htyIKrG.exe
  2⤵
  PID:10180
- C:\Windows\System\ZuHtAGQ.exe
  C:\Windows\System\ZuHtAGQ.exe
  2⤵
  PID:10144
- C:\Windows\System\YdWwkEe.exe
  C:\Windows\System\YdWwkEe.exe
  2⤵
  PID:9168
- C:\Windows\System\oMErTdh.exe
  C:\Windows\System\oMErTdh.exe
  2⤵
  PID:9308
- C:\Windows\System\hLLGddU.exe
  C:\Windows\System\hLLGddU.exe
  2⤵
  PID:9320
- C:\Windows\System\nHjyRKd.exe
  C:\Windows\System\nHjyRKd.exe
  2⤵
  PID:9400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BVxJdNY.exe

Filesize
6.0MB

MD5
be60d02e3c3b84a5d3314f4aa072709e

SHA1
b0c0fa84d708278164202254b3881badec70bdb1

SHA256
888e1b7d1b8d5a7d3723867b1a987db655b2a5e6a1d53abf5b4943dae68f4562

SHA512
de00743c4e2d1db10efb0e97694d32547d6a5814972d0d652142982abbf8b897fcfae6d4e37b47937428cce40e227b096fb4539221ec0580c970d3bf90403e2c

Download Submit
C:\Windows\system\CbxETGA.exe

Filesize
6.0MB

MD5
c23d054c2bf855a3c4a5aea05bca8f9b

SHA1
54999bbee86a56d52824858fa4829671625040da

SHA256
29334786f497caffb52e779ed770c3576fab48a9ad5df65d302dab072c94a2c9

SHA512
b73ea29abdec7fd45d2a9c1f54b118394590033e93511f9cff72d8eae1060b5eb951dde16c34ebf71cbbfbbe73b1cdeb524a40fa9b20c4ea984b225fcf9138d5

Download Submit
C:\Windows\system\ChcSKXE.exe

Filesize
6.0MB

MD5
445c6e4cd78a21b474f592bbfe603cd5

SHA1
1669004395fea2176e6d1c2a4b62d4e7eb2527ed

SHA256
228d9443dbd0ddb79c4c88033e98abf582b58c3d2145982cfabe55319fc4472f

SHA512
9f7cf2aae3a8f57493d0d5762c91e3c3f187df4565fbb31c351240eb4366784ae8c495dcb250accab7f329204d5963a74e841859c8bc71eb3fbed4bccc03ad43

Download Submit
C:\Windows\system\Hhhnbvp.exe

Filesize
6.0MB

MD5
2225cafcd8201e68ecaaabebc0e7f399

SHA1
3225de7f54bb0fc5cec4c90a70185894c24bf4ee

SHA256
f508939dfbe01de987b42321c4997a71f81341aee94473466f7609d489ee95d1

SHA512
f6b126c7c9afb2f46162c6ef65dfbc08bde90647eec9640e1e144a6288fa4c1b87e6f7a84874905e11467d2395e3060708fbcdf725a0ccff6f45d2f2268d34c9

Download Submit
C:\Windows\system\ISruFGb.exe

Filesize
6.0MB

MD5
f48fb5e8af90b308498f8c8c76268a59

SHA1
b5fa8b842fc6578eba041e608c0cd0510fcf60be

SHA256
3a0c412d9c1cd6f7bcc300310b13f95bcad98ebe58bd6b61cdf10d7830498cac

SHA512
3d50f9a664175dcda78ae5ab04c58c4ec8c462cb3cd9db38405f516984c086e2344a16ce7f5c906bf386ba4290de3e47370e677a2685f45c37c20be540d886a0

Download Submit
C:\Windows\system\JvbTdSj.exe

Filesize
6.0MB

MD5
7931eb6ae772102b1668a24a94b4bdb2

SHA1
ef63206b952381ed6856f47fe9cdc9472930127b

SHA256
2675d79d1c66604821ec7fc0450a9e6cbe05beb1fda8bf091dd1559d2caf0b27

SHA512
010286678bc713c915dd92c74b8b2c6b3de92c186fe5bfc7e0e298dfaf3b5edcd96e79a7460ef28d045fd1b6ef55c2723dd5c96af8c8da3c62ad53ab1b7fcd3e

Download Submit
C:\Windows\system\NAcxblQ.exe

Filesize
6.0MB

MD5
a39a0abca4a8df819a866304d2611ec0

SHA1
57c073faa3fb7613b7a9e1019a992e39fcdff4a4

SHA256
d2291f29c543b9535c9cec24f4ec518d8e428f78378b1162d16b5d4b52dca666

SHA512
50657960c917247012c647464e98190bde8181a97896bc69c3dad01ca618951df1589f7e632cd49850694b1029156ac41a9e62134b960a6ab66ab4f106e5727a

Download Submit
C:\Windows\system\VJzKWhq.exe

Filesize
6.0MB

MD5
3c1f67a54b0593d5104e5f88d4cf1efa

SHA1
2b84169431c6ccfd34521c41a5770a653ede8a00

SHA256
cf4ca779942bac1837b4d73a05c6a394801f3ce761cdaf63fd59ab9e78eaa5c9

SHA512
8a6301ae03dab98aa16c7644432924e9e72e9c56a223d4f71a80c322356348bced756defb6342e6f4b903923142e809d38bd0a2338c5016f0081a84c3b3b1f3d

Download Submit
C:\Windows\system\XtVSTEH.exe

Filesize
6.0MB

MD5
e0fdb864d9634215ef7d93c338e84957

SHA1
be97b77f24de26e1b826b2a14e65e684dc52eb29

SHA256
48af8851b1e8f49a7fac3e2dca2df70a7aae9f8d13b88d4b2dcffcbe2edff161

SHA512
ac719eefb9fa4a35aa7fa032ab7ad6725d640c3d904dd271f4483c5ce3a4eb88a144e797797b253c59135ab56959cc4ac2bd1f705c2a439eb2ff00311b761024

Download Submit
C:\Windows\system\XzKtflY.exe

Filesize
6.0MB

MD5
3dea9b1a65cc5d4de5223c0e15e540ef

SHA1
51d0907f4b8f4109f5e43b49a2306ca68946a51a

SHA256
ac7d5424f7f3510c43f95bcf3661d816f387300f1e67fd6f42d7459470169748

SHA512
15fc4b865962b988ac0cf180f8780294256c2f95f452eec00717f400d435fabaaea689ebf244f56ac7cf8c818183f043cb3ba747720b2811ef56239dc2d7815b

Download Submit
C:\Windows\system\ZwnIEzL.exe

Filesize
6.0MB

MD5
0621355a2cbaf82d75d22b371871a18a

SHA1
a5bf5850bec468aad8728f7d02a9fd357e8a0f65

SHA256
ef01a2683bd2ce7fce3782e70ff1f998a4c94e82f55482113b79edb1e30f41eb

SHA512
eddca33f2685774b2e3561ce6dc03bdc8115964d244a3c7272c53b98e8bbc776b9a16f67cd467124809721ca98ffbd2928753ac173116ccd4cc2ca50b2371a7b

Download Submit
C:\Windows\system\gsRvYse.exe

Filesize
6.0MB

MD5
e026c4c1b431450d73066e31b4b3d546

SHA1
4cda0daf1b169fd1bd8f9c25effe9150f30ecdf8

SHA256
59b09b09b5ee9d60b557f53568c66c9dbef9689c375959eb2397fc0ffa6bc4c8

SHA512
78e97df4c006709c26eb17e19f663ebb52a50124183d5b10bfa97aced7c2db781de6e7c857b39260ef04cdb4c2c055306f5a1672d2d8be6e3cdd4458fac1d6c4

Download Submit
C:\Windows\system\hxHObEg.exe

Filesize
6.0MB

MD5
2a086f1fa091f9d8fad2a4b5b8997560

SHA1
36425ba3051224546fac4256bdfd97051c177e69

SHA256
775bbb03281a7c5281cc85e782a7663a3fc34df0041c323a089b043196354642

SHA512
6c1807a1b2e07928b8eca5e2cf0d36dc1b9f979c1a716138f1225f9d6e5a430c2b7d9104a01482857268a76337cccf50c748255e1be03433403b85bbbb9d77ae

Download Submit
C:\Windows\system\iTzdhHi.exe

Filesize
6.0MB

MD5
249db8a71798943d9d7e42f77c92ccef

SHA1
7966d033c8cffacafec4698dffc00aeb26ce0dbd

SHA256
3b7f1c1b9bbfa68918627327cce442627be193d66982e222a3eac7c793b5d26d

SHA512
9d39eedca11cde0322a39e653d1f31f7d85a2cb7724bc0c84fdcbc1bed9769e6a0b6d05c636d66f377cf8eda85ef77c4842797af8dd902c8a9b2e2fead21da94

Download Submit
C:\Windows\system\kZHuYIk.exe

Filesize
6.0MB

MD5
df48a7e6896a96e8bf6c9b3eade6c5c3

SHA1
49805c3911328d0cc919fa7158ab7e302a3f3298

SHA256
ebeb42ffcf35795b490522c4f65b368783a976bb09e7820ade0af9505e1ca0bb

SHA512
75afecb773873a5e8af5a767c18eb4b8c905a1ce5f11aac915531bafbf0423aff961812f08d5b8e3f00f2e071b6d574e1c92cf7a2f5e68d7abde93af545bed59

Download Submit
C:\Windows\system\mulEKam.exe

Filesize
6.0MB

MD5
c63f7ac159b172905c8e7413e364492f

SHA1
7fed496a06903648b42cff85ebc247349a8cef6e

SHA256
af7630bc071dc62a420c8ffad55cdf35540cc52f1377ae98281e48a940387652

SHA512
100e28025fc41263375a4d560324f6faf55d882b6a581be4f3d004db51075ce25592f749b19f30e46076fe42408e8857d98ed73778d6f696fbb3cfb63930c575

Download Submit
C:\Windows\system\pgCTuEw.exe

Filesize
6.0MB

MD5
001ea260dce1929a7adaa0dcfc7219ff

SHA1
59460871d970662d70839fcbade97d4dbe41b088

SHA256
f049b91931e1a2ebd86ac2bded65d6df14e50c768d4e09a4482cfb8f2ef8a0ce

SHA512
d7cd39a4946b778da771674d349d88c5548b00d8225ba6b648cc44d9cffdf8fce6fb522c600784b131ada2e81ffa87bc8b17da7134ee98cf32d84573703ce330

Download Submit
C:\Windows\system\qMzkkBE.exe

Filesize
6.0MB

MD5
a7130872039cd18237cae7da4577e6cd

SHA1
b368084797651925b81958ac4b6258946788b974

SHA256
348d8064eb46354affcf6ec2ba673f1e9a49a64453239e5e09770196dddcf520

SHA512
2d905b64959ff1d7876712cf5ee6235159f0eb72eafdf35de1affa9a58e266f06c6e83507c7e7c4fa74154a37ce05bdc6ada0ce08d2ba9cf9938e8588322e278

Download Submit
C:\Windows\system\rsRnlwW.exe

Filesize
6.0MB

MD5
baddf2e8ffc4052ce61858c13233a754

SHA1
c84a1bfeb75b0f80e512baa6207ae618cdc180d7

SHA256
672b824ca8ce32955137a937579d9d0b460ca802fe7a3c33090ffad214f9804f

SHA512
4fecc93463f62a59a67fa3f9e05938183849eeb5403755de2b3525b6d5a935da8b5d1cee3d8108b4d2981e13475003e548e9cb6d9f6004ebab4c4e8a224fd50a

Download Submit
C:\Windows\system\sPHpRyM.exe

Filesize
6.0MB

MD5
7e773263b7cd9e4b86a44415196e476e

SHA1
7220c9942edc4420f75913a268f295272149da16

SHA256
8e0733399b846c0a36d905821780739ab35910c1ada71ef6d22d3559bcffbbb7

SHA512
57559c576383482c353dfbc5bb36fffba65845451f0376ccb59124b94b4d9511338a805d3f4d5086932930f0b38b6ddfb04bf766d94f0a624c513cb0bcab2936

Download Submit
C:\Windows\system\ulbMskV.exe

Filesize
6.0MB

MD5
0fc54c6740ce90e3900f70b63a831cc6

SHA1
5aa504fccaf0b10a643b9967aa9b1b6d5dc651e7

SHA256
e228b924f0881325e144811d5ce63be41513c563d924f9eb24da2fbf1363e8d9

SHA512
bf35b42da271bc22b5089d96d8e6297769dc4ae09348c18b12a479c82ba200739c135275065108ea5315e2655544f87d00c92f011e11d44680acbd5170a57e8d

Download Submit
\Windows\system\BVmRZot.exe

Filesize
6.0MB

MD5
12b1236d21a08588eaab429065c88f55

SHA1
accb20e1b73e57ef3a400e396cc2d39e5e3415f9

SHA256
459aab60e37b55467d94fda767730dad45ef717673db7e8a245d4afe9d99c191

SHA512
39c2fdb33da97aa357b11c5ffaff933461a6cda7359ecae178a5f9f7ec980dba0328ec28fccd32b5fd347abdacc052cb43f726293898a400459e8077db9de513

Download Submit
\Windows\system\CHSGqRK.exe

Filesize
6.0MB

MD5
9a8f7f97ca911d11ec4737991c6d58e8

SHA1
43e5c743e8ff4dbdab2c52f90d06ea9e8c206344

SHA256
a667f2a286f4e6dda0db33ca2d9253f75d438d5c5f269a7e428ef720f9bdf427

SHA512
1d8ab7f6941c45733bfc4bfd5ee56299f928ff089aeabd9268639826a4110b8372ff12b42b13fcaec2b550d3cdd0324257ffc19c90389bcb0455ad81d827538b

Download Submit
\Windows\system\EBbQgdZ.exe

Filesize
6.0MB

MD5
96eeffb5b70cdebd1fde49c2e097f089

SHA1
0831a7d64ea4ebf2069fecc0b69b381c01e53d87

SHA256
8c820029388b6e39bcb58e0dfb12862dcd54465d58f94a4379508e3508ab9fcc

SHA512
e24ad98b16d487c5db9289f307b2e56294bdcde7769d8a02063459f383f897b4cb85c17b830d9f6cbb678eec67d9005994ced1d715955d2fe05d4468a242dc41

Download Submit
\Windows\system\Lpwufqs.exe

Filesize
6.0MB

MD5
394cde3931e96251dc472efb154d0b97

SHA1
9da137ff51847e2b249c45f268372bad7b555e07

SHA256
fc2149bea7b409fa9c3d5a824081ab0110fdc7a66205ae6db01b49d06573bcd2

SHA512
416e5ad6b009b7815c7d81e3e35c840cab03df236f188edf1f035601f1a6f9307c30f267d70928bd4f2ea8c2d98738423c76678449d52ec2a370902e3cf3db3d

Download Submit
\Windows\system\OucDPLp.exe

Filesize
6.0MB

MD5
e73d8c5a5e238e95a23710f92096d1ab

SHA1
59071fd9a24802e2c1886314cd369abb8a854b9d

SHA256
2a8e1cb9a1d66c3476c9198847480ed422a6d0a5f2c80681ea7d4f92d6b481ab

SHA512
ad67c4f7ed2436b36692a7e4e7ae8851966cbb4315178afd13af8f81c3c5e36bbcd53f97e8decc789528016dbd033bf95f07159f485165794ba93c53c497fce1

Download Submit
\Windows\system\WyKjeVQ.exe

Filesize
6.0MB

MD5
41a78e3e1f2138fec3c7f4b7a12ce9ef

SHA1
94313ce4c1c22ec84feefab8a64e033111cbd6d9

SHA256
6e42b25d164d6645725b9410014b5b58d5b7b11776d4c44c44a7d36b6c0072f0

SHA512
0db741e58d2c549597d52e40870cc86b1c69ef1e374c2296f59d475fbe61151bf41b1a055e0657f26e10957243e8989a77b7448338f46f487b4f0b2500d04a1d

Download Submit
\Windows\system\erHekgq.exe

Filesize
6.0MB

MD5
5e8b23d4d86ba51f3fe5ab0660c1f848

SHA1
3ddb5f9b7e5574c398fd5aeca915338ace5727cd

SHA256
5dd2529af50bbba7b5664dc3abb0b71f19fb77451c4a68c0c1b9bb19ee00c9df

SHA512
ca3ecd085a9838f3733881aeade2fa35ff08b5d9031524d7bf738bec7220e938886395f3737de1e4a9b22dfc6fc77216d81b76e1905aa26c587f3d17f9cf4fa8

Download Submit
\Windows\system\qJBPtGc.exe

Filesize
6.0MB

MD5
8038511d202d2564cc62670279c67810

SHA1
8c5253f4460b096e1209109f99c593500e77f624

SHA256
aa9328f4f03e81c6ba56e4321ae7d2a18264eb632124b86777465323de849227

SHA512
89cd580931d0e6fce73b9db92344961a0358b4d61f304bc45eb5f3953783cb26b22fd6ccc0d933fc9ea73befda50b3681ffbfbd7afe6814dc37fce3c8ff3b031

Download Submit
\Windows\system\qiJGMMw.exe

Filesize
6.0MB

MD5
eb8b2a805b950f5d17a167519b9d0d56

SHA1
e95ad11a10a0e39ed368362bf5e3bbe122d51c28

SHA256
1e8799215ac24ffde429eb44530e97f510b1268ee616097ec23f454b928fc362

SHA512
58896bcdf3ce588a393873c436e1db0b216a08235e8a422d9943d92e3700ef93a7570753f0e63d96cf55a0e04b4a22aa64b6b4617effd8718372133d13124128

Download Submit
\Windows\system\sbDpscB.exe

Filesize
6.0MB

MD5
893e04eba22c248c649e8cb9e65c5a89

SHA1
b8f5d4397c10e3a9fd73dfa16f0882476e513617

SHA256
96f9bca645a43ad391ec192462cf296a4073cd14ef2fc187d2aef4f2aa329d29

SHA512
b7ad2cc3cf076e665ecd305fc08bcd162917eccada618ca37e57f6b8f617c274f2aebfe53a1a9cd7a58f7e186705086cb4fcd0fb3fbd71a11709f31fb1240dea

Download Submit
\Windows\system\unMvROV.exe

Filesize
6.0MB

MD5
461e2df7b111d6fb8895fd587a78995c

SHA1
e26812a787f3c703a4397cd7fd00f8968b9e6048

SHA256
d46efeab6d286070eb1ab6ab143f138b1ac7e34ebd5bf45da88f20068447a4b4

SHA512
d37c027783bf08606f5407782e05c3d036c69ec63ebcac708b2127b8b55ad050d5aed4bf12fbef037623d2b7511919f909460a8346674abd6554b7249b39bba4

Download Submit
memory/532-62-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/532-4011-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/532-11-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2140-22-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2140-4013-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2140-86-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2232-88-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-4021-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-65-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2276-4012-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2276-13-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2412-53-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2412-20-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-100-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2412-95-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-87-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1-0x0000000000300000-0x0000000000310000-memory.dmp

Filesize
64KB

Download
memory/2412-15-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-127-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2412-80-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-35-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-128-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-115-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-69-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-61-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2412-73-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-535-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-704-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1330-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-40-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2412-868-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2412-0-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2412-48-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2480-4016-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2480-42-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2544-560-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-4020-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-77-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-4018-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-63-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-4022-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-91-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-39-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-85-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-4014-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-49-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2696-4017-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2700-4019-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2700-64-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2772-1088-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-109-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-4023-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-41-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2804-4015-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download