cobaltstrike | 9cd14e04ee0a06efcc4de2c00ea5a18e2bf886cf1fd497962075e82bd2eb6471

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22/09/2024, 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

5cad9e1a135f01313b58820073922b73
SHA1

2d9270d85a775e439badf06875174337180dfe50
SHA256

9cd14e04ee0a06efcc4de2c00ea5a18e2bf886cf1fd497962075e82bd2eb6471
SHA512

487cd4f83c05863512952c3a47bac84c8480f1b3745dcf662983f1a774ab8e673dc5b8839d5d22c34e9799844960f919c1101ac01fe8bd37dbbb3d3d0cb7facb
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUE:T+q56utgpPF8u/7E

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ac1-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c95-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0d-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d36-30.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-48.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-66.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-110.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-100.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-95.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-70.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-60.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-55.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174a6-45.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017488-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d47-36.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c73-9.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2384-0-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000016ac1-7.dat	xmrig
behavioral1/files/0x0008000000016c95-21.dat	xmrig
behavioral1/files/0x0007000000016d0d-26.dat	xmrig
behavioral1/files/0x0007000000016d36-30.dat	xmrig
behavioral1/files/0x00060000000174c3-48.dat	xmrig
behavioral1/files/0x0005000000018696-66.dat	xmrig
behavioral1/files/0x00050000000187a2-75.dat	xmrig
behavioral1/files/0x0006000000018c44-85.dat	xmrig
behavioral1/files/0x00050000000191d2-105.dat	xmrig
behavioral1/files/0x0005000000019387-162.dat	xmrig
behavioral1/memory/2708-202-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2384-1105-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2908-200-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/1688-198-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/1484-196-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2156-194-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/3020-192-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2592-190-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2384-189-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/memory/2548-188-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2384-187-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2716-186-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2652-184-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2712-182-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2556-180-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x0005000000019365-153.dat	xmrig
behavioral1/files/0x0005000000019278-145.dat	xmrig
behavioral1/files/0x000500000001929a-143.dat	xmrig
behavioral1/files/0x000500000001926c-139.dat	xmrig
behavioral1/files/0x0005000000019275-136.dat	xmrig
behavioral1/files/0x0005000000019268-129.dat	xmrig
behavioral1/memory/2944-178-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2812-176-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019377-159.dat	xmrig
behavioral1/files/0x0005000000019319-150.dat	xmrig
behavioral1/files/0x0005000000019240-120.dat	xmrig
behavioral1/files/0x0005000000019259-125.dat	xmrig
behavioral1/files/0x0005000000019217-115.dat	xmrig
behavioral1/files/0x00050000000191f6-110.dat	xmrig
behavioral1/files/0x00060000000190e1-100.dat	xmrig
behavioral1/files/0x000600000001904c-95.dat	xmrig
behavioral1/files/0x0006000000018f65-90.dat	xmrig
behavioral1/files/0x0006000000018c34-80.dat	xmrig
behavioral1/files/0x0005000000018697-70.dat	xmrig
behavioral1/files/0x0015000000018676-60.dat	xmrig
behavioral1/files/0x000600000001757f-55.dat	xmrig
behavioral1/files/0x00070000000174a6-45.dat	xmrig
behavioral1/files/0x0008000000017488-41.dat	xmrig
behavioral1/files/0x0007000000016d47-36.dat	xmrig
behavioral1/files/0x0008000000016c73-9.dat	xmrig
behavioral1/memory/1484-3967-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/3020-3969-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2908-3968-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2944-3983-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2708-3982-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2712-3981-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2556-3980-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2592-3979-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2652-3978-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2716-3977-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/1688-3976-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2548-3975-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2708	aaUfpbE.exe
2812	WAHdrET.exe
2944	sJniGCE.exe
2556	aIFGpWp.exe
2712	EThWPVg.exe
2652	wyRopVk.exe
2716	dOiIkUE.exe
2548	PNPUKNB.exe
2592	dFbbXaL.exe
3020	hBSkJIi.exe
2156	hMLsmdY.exe
1484	hwxrVPu.exe
1688	ykvMVsb.exe
2908	nenknCh.exe
1956	aGpjwiG.exe
2020	VEpkUFD.exe
1596	wREktSq.exe
1368	FXeZbDT.exe
1324	gLRxdnx.exe
2000	Gjsvcpw.exe
2356	ikKhbzO.exe
2276	uAjvBVO.exe
2868	pPCCPGd.exe
2728	kIODyKd.exe
944	MRajOee.exe
2288	ILEEEBk.exe
2168	BOMxadv.exe
2144	NovZvzg.exe
2524	mbaEudE.exe
2496	ruuWqRH.exe
884	MlzETJt.exe
1600	EiamSXj.exe
1272	bsVKdTc.exe
2996	WNKHimu.exe
2008	McKIUBP.exe
2516	GvIPPKg.exe
680	vOaXkBd.exe
828	SUkOwIJ.exe
1748	vBxLiwL.exe
2984	CCkJIfS.exe
2284	FtoMvbh.exe
2304	IYRcues.exe
1012	Guxncow.exe
548	ShaQdyT.exe
1812	qlBWYIf.exe
992	aflmQTt.exe
1640	DduZlov.exe
2148	zJYYQQF.exe
2076	pLFqEjw.exe
2660	nEhSzwT.exe
1532	uBcyVNY.exe
2816	ItZXFrO.exe
2576	CnZJDrX.exe
2804	NYpwBVX.exe
2668	AvgxwNr.exe
2604	StlhzWI.exe
2564	ENFjQyT.exe
1160	YNXLXEP.exe
584	uwQZNkX.exe
2244	UwEPTPY.exe
2844	OwoAeuJ.exe
1712	scBMQeU.exe
2884	YOcckSb.exe
836	WAhtNJg.exe

Loads dropped DLL 64 IoCs

pid	Process
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2384-0-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000016ac1-7.dat	upx
behavioral1/files/0x0008000000016c95-21.dat	upx
behavioral1/files/0x0007000000016d0d-26.dat	upx
behavioral1/files/0x0007000000016d36-30.dat	upx
behavioral1/files/0x00060000000174c3-48.dat	upx
behavioral1/files/0x0005000000018696-66.dat	upx
behavioral1/files/0x00050000000187a2-75.dat	upx
behavioral1/files/0x0006000000018c44-85.dat	upx
behavioral1/files/0x00050000000191d2-105.dat	upx
behavioral1/files/0x0005000000019387-162.dat	upx
behavioral1/memory/2708-202-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2384-1105-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2908-200-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/1688-198-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/1484-196-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2156-194-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/3020-192-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2592-190-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2548-188-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2716-186-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2652-184-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2712-182-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2556-180-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x0005000000019365-153.dat	upx
behavioral1/files/0x0005000000019278-145.dat	upx
behavioral1/files/0x000500000001929a-143.dat	upx
behavioral1/files/0x000500000001926c-139.dat	upx
behavioral1/files/0x0005000000019275-136.dat	upx
behavioral1/files/0x0005000000019268-129.dat	upx
behavioral1/memory/2944-178-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2812-176-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/files/0x0005000000019377-159.dat	upx
behavioral1/files/0x0005000000019319-150.dat	upx
behavioral1/files/0x0005000000019240-120.dat	upx
behavioral1/files/0x0005000000019259-125.dat	upx
behavioral1/files/0x0005000000019217-115.dat	upx
behavioral1/files/0x00050000000191f6-110.dat	upx
behavioral1/files/0x00060000000190e1-100.dat	upx
behavioral1/files/0x000600000001904c-95.dat	upx
behavioral1/files/0x0006000000018f65-90.dat	upx
behavioral1/files/0x0006000000018c34-80.dat	upx
behavioral1/files/0x0005000000018697-70.dat	upx
behavioral1/files/0x0015000000018676-60.dat	upx
behavioral1/files/0x000600000001757f-55.dat	upx
behavioral1/files/0x00070000000174a6-45.dat	upx
behavioral1/files/0x0008000000017488-41.dat	upx
behavioral1/files/0x0007000000016d47-36.dat	upx
behavioral1/files/0x0008000000016c73-9.dat	upx
behavioral1/memory/1484-3967-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/3020-3969-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2908-3968-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2944-3983-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2708-3982-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2712-3981-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2556-3980-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2592-3979-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2652-3978-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2716-3977-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/1688-3976-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2548-3975-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2156-3974-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2812-3966-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZnynCIW.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YFEUwQl.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXTbYfC.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPHhdaF.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RtIaRxo.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eOxqrwX.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bKgLvIF.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gamJYzN.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WrNzMEB.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MgwQbQI.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VTFsYFe.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oRQHldf.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yzNTJrf.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kqvsHnT.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SRXsxOM.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWNDjlg.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\joyQVOs.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jXTmWDj.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rzHVgFf.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGkyfUk.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KqGbHFa.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nrTcHle.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iYeIYKr.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mhoobug.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJHYHit.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bRKfpSA.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HdjykqC.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vhXRMYX.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VBPETyb.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pAKibld.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gTBidtg.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kffUDgU.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LbgcYyM.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PqucIEf.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GvIPPKg.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNsCoDr.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDxZGfq.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BpPzIUh.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CebBrQk.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYnHcfG.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlzETJt.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xGANfQR.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lyfKrqG.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uNyrIMV.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MoADvUw.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eAdRnfM.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Hkwxjxw.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HtzUyoC.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBxLiwL.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PmVbCxN.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DWjumXj.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KgFPYYV.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpYQBjT.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmmAiqC.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLRxdnx.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOMxadv.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctyEotL.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LTCOkAx.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stzixXO.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pLFqEjw.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\quookUl.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RdaJBAd.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WpmEGbU.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YsrSxno.exe	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2708	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2384 wrote to memory of 2708	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2384 wrote to memory of 2708	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2384 wrote to memory of 2812	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2384 wrote to memory of 2812	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2384 wrote to memory of 2812	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2384 wrote to memory of 2944	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2384 wrote to memory of 2944	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2384 wrote to memory of 2944	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2384 wrote to memory of 2556	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2384 wrote to memory of 2556	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2384 wrote to memory of 2556	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2384 wrote to memory of 2712	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2384 wrote to memory of 2712	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2384 wrote to memory of 2712	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2384 wrote to memory of 2652	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2384 wrote to memory of 2652	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2384 wrote to memory of 2652	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2384 wrote to memory of 2716	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2384 wrote to memory of 2716	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2384 wrote to memory of 2716	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2384 wrote to memory of 2548	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2384 wrote to memory of 2548	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2384 wrote to memory of 2548	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2384 wrote to memory of 2592	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2384 wrote to memory of 2592	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2384 wrote to memory of 2592	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2384 wrote to memory of 3020	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2384 wrote to memory of 3020	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2384 wrote to memory of 3020	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2384 wrote to memory of 2156	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2384 wrote to memory of 2156	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2384 wrote to memory of 2156	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2384 wrote to memory of 1484	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2384 wrote to memory of 1484	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2384 wrote to memory of 1484	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2384 wrote to memory of 1688	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2384 wrote to memory of 1688	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2384 wrote to memory of 1688	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2384 wrote to memory of 2908	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2384 wrote to memory of 2908	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2384 wrote to memory of 2908	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2384 wrote to memory of 1956	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2384 wrote to memory of 1956	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2384 wrote to memory of 1956	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2384 wrote to memory of 2020	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2384 wrote to memory of 2020	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2384 wrote to memory of 2020	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2384 wrote to memory of 1596	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2384 wrote to memory of 1596	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2384 wrote to memory of 1596	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2384 wrote to memory of 1368	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2384 wrote to memory of 1368	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2384 wrote to memory of 1368	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2384 wrote to memory of 1324	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2384 wrote to memory of 1324	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2384 wrote to memory of 1324	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2384 wrote to memory of 2000	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2384 wrote to memory of 2000	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2384 wrote to memory of 2000	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2384 wrote to memory of 2356	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2384 wrote to memory of 2356	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2384 wrote to memory of 2356	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2384 wrote to memory of 2276	2384	2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-22_5cad9e1a135f01313b58820073922b73_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\System\aaUfpbE.exe
  C:\Windows\System\aaUfpbE.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\WAHdrET.exe
  C:\Windows\System\WAHdrET.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\sJniGCE.exe
  C:\Windows\System\sJniGCE.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\aIFGpWp.exe
  C:\Windows\System\aIFGpWp.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\EThWPVg.exe
  C:\Windows\System\EThWPVg.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\wyRopVk.exe
  C:\Windows\System\wyRopVk.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\dOiIkUE.exe
  C:\Windows\System\dOiIkUE.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\PNPUKNB.exe
  C:\Windows\System\PNPUKNB.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\dFbbXaL.exe
  C:\Windows\System\dFbbXaL.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\hBSkJIi.exe
  C:\Windows\System\hBSkJIi.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\hMLsmdY.exe
  C:\Windows\System\hMLsmdY.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\hwxrVPu.exe
  C:\Windows\System\hwxrVPu.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\ykvMVsb.exe
  C:\Windows\System\ykvMVsb.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\nenknCh.exe
  C:\Windows\System\nenknCh.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\aGpjwiG.exe
  C:\Windows\System\aGpjwiG.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\VEpkUFD.exe
  C:\Windows\System\VEpkUFD.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\wREktSq.exe
  C:\Windows\System\wREktSq.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\FXeZbDT.exe
  C:\Windows\System\FXeZbDT.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\gLRxdnx.exe
  C:\Windows\System\gLRxdnx.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\Gjsvcpw.exe
  C:\Windows\System\Gjsvcpw.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\ikKhbzO.exe
  C:\Windows\System\ikKhbzO.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\uAjvBVO.exe
  C:\Windows\System\uAjvBVO.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\pPCCPGd.exe
  C:\Windows\System\pPCCPGd.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\kIODyKd.exe
  C:\Windows\System\kIODyKd.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\MRajOee.exe
  C:\Windows\System\MRajOee.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\ruuWqRH.exe
  C:\Windows\System\ruuWqRH.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\ILEEEBk.exe
  C:\Windows\System\ILEEEBk.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\EiamSXj.exe
  C:\Windows\System\EiamSXj.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\BOMxadv.exe
  C:\Windows\System\BOMxadv.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\WNKHimu.exe
  C:\Windows\System\WNKHimu.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\NovZvzg.exe
  C:\Windows\System\NovZvzg.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\McKIUBP.exe
  C:\Windows\System\McKIUBP.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\mbaEudE.exe
  C:\Windows\System\mbaEudE.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\GvIPPKg.exe
  C:\Windows\System\GvIPPKg.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\MlzETJt.exe
  C:\Windows\System\MlzETJt.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\SUkOwIJ.exe
  C:\Windows\System\SUkOwIJ.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\bsVKdTc.exe
  C:\Windows\System\bsVKdTc.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\vBxLiwL.exe
  C:\Windows\System\vBxLiwL.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\vOaXkBd.exe
  C:\Windows\System\vOaXkBd.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\FtoMvbh.exe
  C:\Windows\System\FtoMvbh.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\CCkJIfS.exe
  C:\Windows\System\CCkJIfS.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\IYRcues.exe
  C:\Windows\System\IYRcues.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\Guxncow.exe
  C:\Windows\System\Guxncow.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\aflmQTt.exe
  C:\Windows\System\aflmQTt.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\ShaQdyT.exe
  C:\Windows\System\ShaQdyT.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\DduZlov.exe
  C:\Windows\System\DduZlov.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\qlBWYIf.exe
  C:\Windows\System\qlBWYIf.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\pLFqEjw.exe
  C:\Windows\System\pLFqEjw.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\zJYYQQF.exe
  C:\Windows\System\zJYYQQF.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\nEhSzwT.exe
  C:\Windows\System\nEhSzwT.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\uBcyVNY.exe
  C:\Windows\System\uBcyVNY.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\NYpwBVX.exe
  C:\Windows\System\NYpwBVX.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\ItZXFrO.exe
  C:\Windows\System\ItZXFrO.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\AvgxwNr.exe
  C:\Windows\System\AvgxwNr.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\CnZJDrX.exe
  C:\Windows\System\CnZJDrX.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\StlhzWI.exe
  C:\Windows\System\StlhzWI.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\ENFjQyT.exe
  C:\Windows\System\ENFjQyT.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\YNXLXEP.exe
  C:\Windows\System\YNXLXEP.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\uwQZNkX.exe
  C:\Windows\System\uwQZNkX.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\UwEPTPY.exe
  C:\Windows\System\UwEPTPY.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\OwoAeuJ.exe
  C:\Windows\System\OwoAeuJ.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\scBMQeU.exe
  C:\Windows\System\scBMQeU.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\YOcckSb.exe
  C:\Windows\System\YOcckSb.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\WAhtNJg.exe
  C:\Windows\System\WAhtNJg.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\dMxAvVV.exe
  C:\Windows\System\dMxAvVV.exe
  2⤵
  PID:1824
- C:\Windows\System\pKigYtn.exe
  C:\Windows\System\pKigYtn.exe
  2⤵
  PID:2108
- C:\Windows\System\MbzciiG.exe
  C:\Windows\System\MbzciiG.exe
  2⤵
  PID:2988
- C:\Windows\System\vQaLacj.exe
  C:\Windows\System\vQaLacj.exe
  2⤵
  PID:748
- C:\Windows\System\BqljVNg.exe
  C:\Windows\System\BqljVNg.exe
  2⤵
  PID:236
- C:\Windows\System\RgMPvmW.exe
  C:\Windows\System\RgMPvmW.exe
  2⤵
  PID:1260
- C:\Windows\System\wdkOCHG.exe
  C:\Windows\System\wdkOCHG.exe
  2⤵
  PID:984
- C:\Windows\System\QGgYKtp.exe
  C:\Windows\System\QGgYKtp.exe
  2⤵
  PID:1796
- C:\Windows\System\xdlRgsW.exe
  C:\Windows\System\xdlRgsW.exe
  2⤵
  PID:1120
- C:\Windows\System\rvOzHqD.exe
  C:\Windows\System\rvOzHqD.exe
  2⤵
  PID:1716
- C:\Windows\System\ptrJFWN.exe
  C:\Windows\System\ptrJFWN.exe
  2⤵
  PID:1728
- C:\Windows\System\UuIpFlj.exe
  C:\Windows\System\UuIpFlj.exe
  2⤵
  PID:2932
- C:\Windows\System\eUNmcaR.exe
  C:\Windows\System\eUNmcaR.exe
  2⤵
  PID:2500
- C:\Windows\System\vpeCDmD.exe
  C:\Windows\System\vpeCDmD.exe
  2⤵
  PID:1432
- C:\Windows\System\HRaTiuT.exe
  C:\Windows\System\HRaTiuT.exe
  2⤵
  PID:1808
- C:\Windows\System\QyvNhPM.exe
  C:\Windows\System\QyvNhPM.exe
  2⤵
  PID:1612
- C:\Windows\System\HcGKDTZ.exe
  C:\Windows\System\HcGKDTZ.exe
  2⤵
  PID:1540
- C:\Windows\System\xpmIArh.exe
  C:\Windows\System\xpmIArh.exe
  2⤵
  PID:2380
- C:\Windows\System\CPCJXTr.exe
  C:\Windows\System\CPCJXTr.exe
  2⤵
  PID:2724
- C:\Windows\System\xSUMjxN.exe
  C:\Windows\System\xSUMjxN.exe
  2⤵
  PID:2684
- C:\Windows\System\mRCkUQb.exe
  C:\Windows\System\mRCkUQb.exe
  2⤵
  PID:1608
- C:\Windows\System\OADKTaB.exe
  C:\Windows\System\OADKTaB.exe
  2⤵
  PID:3040
- C:\Windows\System\FEWeWpO.exe
  C:\Windows\System\FEWeWpO.exe
  2⤵
  PID:1664
- C:\Windows\System\kxcvbMz.exe
  C:\Windows\System\kxcvbMz.exe
  2⤵
  PID:832
- C:\Windows\System\xLfDwQE.exe
  C:\Windows\System\xLfDwQE.exe
  2⤵
  PID:1496
- C:\Windows\System\yRgJCqz.exe
  C:\Windows\System\yRgJCqz.exe
  2⤵
  PID:2852
- C:\Windows\System\lVaqgNk.exe
  C:\Windows\System\lVaqgNk.exe
  2⤵
  PID:2612
- C:\Windows\System\AybOsdq.exe
  C:\Windows\System\AybOsdq.exe
  2⤵
  PID:1156
- C:\Windows\System\dWHHyyO.exe
  C:\Windows\System\dWHHyyO.exe
  2⤵
  PID:2432
- C:\Windows\System\LrbjHbS.exe
  C:\Windows\System\LrbjHbS.exe
  2⤵
  PID:1724
- C:\Windows\System\eUKPGHX.exe
  C:\Windows\System\eUKPGHX.exe
  2⤵
  PID:2480
- C:\Windows\System\eFoAwgU.exe
  C:\Windows\System\eFoAwgU.exe
  2⤵
  PID:2436
- C:\Windows\System\HlzqTYz.exe
  C:\Windows\System\HlzqTYz.exe
  2⤵
  PID:1852
- C:\Windows\System\fTMfTqa.exe
  C:\Windows\System\fTMfTqa.exe
  2⤵
  PID:2316
- C:\Windows\System\KYkcqgw.exe
  C:\Windows\System\KYkcqgw.exe
  2⤵
  PID:1736
- C:\Windows\System\AVkhfjU.exe
  C:\Windows\System\AVkhfjU.exe
  2⤵
  PID:2700
- C:\Windows\System\IdIpQrc.exe
  C:\Windows\System\IdIpQrc.exe
  2⤵
  PID:2628
- C:\Windows\System\xbUqPXh.exe
  C:\Windows\System\xbUqPXh.exe
  2⤵
  PID:2828
- C:\Windows\System\mDWHyfK.exe
  C:\Windows\System\mDWHyfK.exe
  2⤵
  PID:2848
- C:\Windows\System\YgKyWhD.exe
  C:\Windows\System\YgKyWhD.exe
  2⤵
  PID:3076
- C:\Windows\System\tcgthUI.exe
  C:\Windows\System\tcgthUI.exe
  2⤵
  PID:3100
- C:\Windows\System\HNoKNFd.exe
  C:\Windows\System\HNoKNFd.exe
  2⤵
  PID:3120
- C:\Windows\System\quookUl.exe
  C:\Windows\System\quookUl.exe
  2⤵
  PID:3140
- C:\Windows\System\MUyCtoA.exe
  C:\Windows\System\MUyCtoA.exe
  2⤵
  PID:3160
- C:\Windows\System\paZkALv.exe
  C:\Windows\System\paZkALv.exe
  2⤵
  PID:3176
- C:\Windows\System\XjDBlbc.exe
  C:\Windows\System\XjDBlbc.exe
  2⤵
  PID:3192
- C:\Windows\System\BEuHZBG.exe
  C:\Windows\System\BEuHZBG.exe
  2⤵
  PID:3208
- C:\Windows\System\wZSYSdt.exe
  C:\Windows\System\wZSYSdt.exe
  2⤵
  PID:3228
- C:\Windows\System\sMSTEDc.exe
  C:\Windows\System\sMSTEDc.exe
  2⤵
  PID:3244
- C:\Windows\System\YXOCDKb.exe
  C:\Windows\System\YXOCDKb.exe
  2⤵
  PID:3264
- C:\Windows\System\GxNonko.exe
  C:\Windows\System\GxNonko.exe
  2⤵
  PID:3284
- C:\Windows\System\NTISiGB.exe
  C:\Windows\System\NTISiGB.exe
  2⤵
  PID:3300
- C:\Windows\System\McEdszq.exe
  C:\Windows\System\McEdszq.exe
  2⤵
  PID:3316
- C:\Windows\System\ZuwiMLe.exe
  C:\Windows\System\ZuwiMLe.exe
  2⤵
  PID:3332
- C:\Windows\System\FGzQmeC.exe
  C:\Windows\System\FGzQmeC.exe
  2⤵
  PID:3348
- C:\Windows\System\GDwPLeb.exe
  C:\Windows\System\GDwPLeb.exe
  2⤵
  PID:3364
- C:\Windows\System\sBzySvU.exe
  C:\Windows\System\sBzySvU.exe
  2⤵
  PID:3392
- C:\Windows\System\jyhqXpP.exe
  C:\Windows\System\jyhqXpP.exe
  2⤵
  PID:3408
- C:\Windows\System\TBFHfQa.exe
  C:\Windows\System\TBFHfQa.exe
  2⤵
  PID:3436
- C:\Windows\System\DKvuVAm.exe
  C:\Windows\System\DKvuVAm.exe
  2⤵
  PID:3456
- C:\Windows\System\hYRTZNL.exe
  C:\Windows\System\hYRTZNL.exe
  2⤵
  PID:3476
- C:\Windows\System\kwAuFdr.exe
  C:\Windows\System\kwAuFdr.exe
  2⤵
  PID:3500
- C:\Windows\System\fmrSqbD.exe
  C:\Windows\System\fmrSqbD.exe
  2⤵
  PID:3520
- C:\Windows\System\FMfJqzt.exe
  C:\Windows\System\FMfJqzt.exe
  2⤵
  PID:3544
- C:\Windows\System\PmVbCxN.exe
  C:\Windows\System\PmVbCxN.exe
  2⤵
  PID:3564
- C:\Windows\System\FOqGXvi.exe
  C:\Windows\System\FOqGXvi.exe
  2⤵
  PID:3584
- C:\Windows\System\EzmeRub.exe
  C:\Windows\System\EzmeRub.exe
  2⤵
  PID:3604
- C:\Windows\System\XpCujxu.exe
  C:\Windows\System\XpCujxu.exe
  2⤵
  PID:3628
- C:\Windows\System\yWLqZVL.exe
  C:\Windows\System\yWLqZVL.exe
  2⤵
  PID:3644
- C:\Windows\System\cqHWtmB.exe
  C:\Windows\System\cqHWtmB.exe
  2⤵
  PID:3668
- C:\Windows\System\KYWkdEC.exe
  C:\Windows\System\KYWkdEC.exe
  2⤵
  PID:3684
- C:\Windows\System\BGuwEoE.exe
  C:\Windows\System\BGuwEoE.exe
  2⤵
  PID:3708
- C:\Windows\System\oRDMiLD.exe
  C:\Windows\System\oRDMiLD.exe
  2⤵
  PID:3728
- C:\Windows\System\eHYNzJJ.exe
  C:\Windows\System\eHYNzJJ.exe
  2⤵
  PID:3752
- C:\Windows\System\WocFGbN.exe
  C:\Windows\System\WocFGbN.exe
  2⤵
  PID:3768
- C:\Windows\System\GAXvPEZ.exe
  C:\Windows\System\GAXvPEZ.exe
  2⤵
  PID:3792
- C:\Windows\System\fTtEWpm.exe
  C:\Windows\System\fTtEWpm.exe
  2⤵
  PID:3812
- C:\Windows\System\GBphXkO.exe
  C:\Windows\System\GBphXkO.exe
  2⤵
  PID:3828
- C:\Windows\System\UkvoKJn.exe
  C:\Windows\System\UkvoKJn.exe
  2⤵
  PID:3856
- C:\Windows\System\kzuOAVo.exe
  C:\Windows\System\kzuOAVo.exe
  2⤵
  PID:3880
- C:\Windows\System\pDUeCza.exe
  C:\Windows\System\pDUeCza.exe
  2⤵
  PID:3904
- C:\Windows\System\BNsCoDr.exe
  C:\Windows\System\BNsCoDr.exe
  2⤵
  PID:3920
- C:\Windows\System\YIXMBDI.exe
  C:\Windows\System\YIXMBDI.exe
  2⤵
  PID:3936
- C:\Windows\System\SWXqiXQ.exe
  C:\Windows\System\SWXqiXQ.exe
  2⤵
  PID:3952
- C:\Windows\System\CUQKolz.exe
  C:\Windows\System\CUQKolz.exe
  2⤵
  PID:3968
- C:\Windows\System\Fjmvall.exe
  C:\Windows\System\Fjmvall.exe
  2⤵
  PID:3988
- C:\Windows\System\QtqPqWk.exe
  C:\Windows\System\QtqPqWk.exe
  2⤵
  PID:4028
- C:\Windows\System\mAgKmdk.exe
  C:\Windows\System\mAgKmdk.exe
  2⤵
  PID:4044
- C:\Windows\System\MdWQbUv.exe
  C:\Windows\System\MdWQbUv.exe
  2⤵
  PID:4064
- C:\Windows\System\qFBkjYD.exe
  C:\Windows\System\qFBkjYD.exe
  2⤵
  PID:4084
- C:\Windows\System\mAejzBX.exe
  C:\Windows\System\mAejzBX.exe
  2⤵
  PID:2788
- C:\Windows\System\iiwDuWL.exe
  C:\Windows\System\iiwDuWL.exe
  2⤵
  PID:3044
- C:\Windows\System\eEQcpvy.exe
  C:\Windows\System\eEQcpvy.exe
  2⤵
  PID:1948
- C:\Windows\System\uEfxlZQ.exe
  C:\Windows\System\uEfxlZQ.exe
  2⤵
  PID:1820
- C:\Windows\System\TEgJJlg.exe
  C:\Windows\System\TEgJJlg.exe
  2⤵
  PID:1836
- C:\Windows\System\BEIQHfG.exe
  C:\Windows\System\BEIQHfG.exe
  2⤵
  PID:1996
- C:\Windows\System\rzHVgFf.exe
  C:\Windows\System\rzHVgFf.exe
  2⤵
  PID:3116
- C:\Windows\System\CUhvOar.exe
  C:\Windows\System\CUhvOar.exe
  2⤵
  PID:3152
- C:\Windows\System\FFAugan.exe
  C:\Windows\System\FFAugan.exe
  2⤵
  PID:3220
- C:\Windows\System\VpkgmBl.exe
  C:\Windows\System\VpkgmBl.exe
  2⤵
  PID:3292
- C:\Windows\System\icRsNnn.exe
  C:\Windows\System\icRsNnn.exe
  2⤵
  PID:3324
- C:\Windows\System\BSuLDfV.exe
  C:\Windows\System\BSuLDfV.exe
  2⤵
  PID:1312
- C:\Windows\System\TEONdjl.exe
  C:\Windows\System\TEONdjl.exe
  2⤵
  PID:3400
- C:\Windows\System\ngdPwOU.exe
  C:\Windows\System\ngdPwOU.exe
  2⤵
  PID:3496
- C:\Windows\System\DrTfHOH.exe
  C:\Windows\System\DrTfHOH.exe
  2⤵
  PID:2468
- C:\Windows\System\JYBLiXG.exe
  C:\Windows\System\JYBLiXG.exe
  2⤵
  PID:3576
- C:\Windows\System\nsoozNp.exe
  C:\Windows\System\nsoozNp.exe
  2⤵
  PID:2064
- C:\Windows\System\uoHwqHi.exe
  C:\Windows\System\uoHwqHi.exe
  2⤵
  PID:3084
- C:\Windows\System\QGNLJwO.exe
  C:\Windows\System\QGNLJwO.exe
  2⤵
  PID:3660
- C:\Windows\System\lAMzOIe.exe
  C:\Windows\System\lAMzOIe.exe
  2⤵
  PID:3136
- C:\Windows\System\DXLoHRO.exe
  C:\Windows\System\DXLoHRO.exe
  2⤵
  PID:3236
- C:\Windows\System\wVoUHzp.exe
  C:\Windows\System\wVoUHzp.exe
  2⤵
  PID:3280
- C:\Windows\System\XnjjOTu.exe
  C:\Windows\System\XnjjOTu.exe
  2⤵
  PID:3700
- C:\Windows\System\KopWWMK.exe
  C:\Windows\System\KopWWMK.exe
  2⤵
  PID:3740
- C:\Windows\System\bcINQiL.exe
  C:\Windows\System\bcINQiL.exe
  2⤵
  PID:3384
- C:\Windows\System\AzLULlx.exe
  C:\Windows\System\AzLULlx.exe
  2⤵
  PID:3428
- C:\Windows\System\lCRTtQO.exe
  C:\Windows\System\lCRTtQO.exe
  2⤵
  PID:3508
- C:\Windows\System\ZWrbdTf.exe
  C:\Windows\System\ZWrbdTf.exe
  2⤵
  PID:3560
- C:\Windows\System\PNNLCmc.exe
  C:\Windows\System\PNNLCmc.exe
  2⤵
  PID:3780
- C:\Windows\System\ZotMmxS.exe
  C:\Windows\System\ZotMmxS.exe
  2⤵
  PID:3820
- C:\Windows\System\zJpVuSC.exe
  C:\Windows\System\zJpVuSC.exe
  2⤵
  PID:3680
- C:\Windows\System\TRkcKjj.exe
  C:\Windows\System\TRkcKjj.exe
  2⤵
  PID:3764
- C:\Windows\System\pDIITze.exe
  C:\Windows\System\pDIITze.exe
  2⤵
  PID:3876
- C:\Windows\System\NoOpgHm.exe
  C:\Windows\System\NoOpgHm.exe
  2⤵
  PID:3912
- C:\Windows\System\cvnSfAA.exe
  C:\Windows\System\cvnSfAA.exe
  2⤵
  PID:3976
- C:\Windows\System\ukSyHbA.exe
  C:\Windows\System\ukSyHbA.exe
  2⤵
  PID:3980
- C:\Windows\System\teFYsyZ.exe
  C:\Windows\System\teFYsyZ.exe
  2⤵
  PID:3960
- C:\Windows\System\EmBorue.exe
  C:\Windows\System\EmBorue.exe
  2⤵
  PID:4000
- C:\Windows\System\QUqfhDt.exe
  C:\Windows\System\QUqfhDt.exe
  2⤵
  PID:4024
- C:\Windows\System\xlxHtpx.exe
  C:\Windows\System\xlxHtpx.exe
  2⤵
  PID:4060
- C:\Windows\System\pReyuDU.exe
  C:\Windows\System\pReyuDU.exe
  2⤵
  PID:2240
- C:\Windows\System\BpCKMIs.exe
  C:\Windows\System\BpCKMIs.exe
  2⤵
  PID:2344
- C:\Windows\System\IcORYUa.exe
  C:\Windows\System\IcORYUa.exe
  2⤵
  PID:1708
- C:\Windows\System\pFFDpTV.exe
  C:\Windows\System\pFFDpTV.exe
  2⤵
  PID:3108
- C:\Windows\System\yDwwkLk.exe
  C:\Windows\System\yDwwkLk.exe
  2⤵
  PID:572
- C:\Windows\System\HIPDmYH.exe
  C:\Windows\System\HIPDmYH.exe
  2⤵
  PID:3256
- C:\Windows\System\ixFUQol.exe
  C:\Windows\System\ixFUQol.exe
  2⤵
  PID:3188
- C:\Windows\System\ZNTCyEu.exe
  C:\Windows\System\ZNTCyEu.exe
  2⤵
  PID:3360
- C:\Windows\System\rFrpezZ.exe
  C:\Windows\System\rFrpezZ.exe
  2⤵
  PID:3484
- C:\Windows\System\bmWjYiu.exe
  C:\Windows\System\bmWjYiu.exe
  2⤵
  PID:3572
- C:\Windows\System\IDaprQX.exe
  C:\Windows\System\IDaprQX.exe
  2⤵
  PID:1972
- C:\Windows\System\vhXRMYX.exe
  C:\Windows\System\vhXRMYX.exe
  2⤵
  PID:3624
- C:\Windows\System\jrkTCts.exe
  C:\Windows\System\jrkTCts.exe
  2⤵
  PID:3128
- C:\Windows\System\QyfSGPk.exe
  C:\Windows\System\QyfSGPk.exe
  2⤵
  PID:3692
- C:\Windows\System\NSdvuss.exe
  C:\Windows\System\NSdvuss.exe
  2⤵
  PID:3704
- C:\Windows\System\RjIrbnc.exe
  C:\Windows\System\RjIrbnc.exe
  2⤵
  PID:3312
- C:\Windows\System\nUvudQk.exe
  C:\Windows\System\nUvudQk.exe
  2⤵
  PID:3516
- C:\Windows\System\OpeFqwF.exe
  C:\Windows\System\OpeFqwF.exe
  2⤵
  PID:3376
- C:\Windows\System\EUkcvGj.exe
  C:\Windows\System\EUkcvGj.exe
  2⤵
  PID:3552
- C:\Windows\System\qyCVuyj.exe
  C:\Windows\System\qyCVuyj.exe
  2⤵
  PID:3720
- C:\Windows\System\lyFpmOM.exe
  C:\Windows\System\lyFpmOM.exe
  2⤵
  PID:3600
- C:\Windows\System\gamJYzN.exe
  C:\Windows\System\gamJYzN.exe
  2⤵
  PID:3836
- C:\Windows\System\rEOmqSQ.exe
  C:\Windows\System\rEOmqSQ.exe
  2⤵
  PID:3800
- C:\Windows\System\SniFkyT.exe
  C:\Windows\System\SniFkyT.exe
  2⤵
  PID:4040
- C:\Windows\System\laXoQIK.exe
  C:\Windows\System\laXoQIK.exe
  2⤵
  PID:4080
- C:\Windows\System\rjsVCca.exe
  C:\Windows\System\rjsVCca.exe
  2⤵
  PID:1516
- C:\Windows\System\voXhuwV.exe
  C:\Windows\System\voXhuwV.exe
  2⤵
  PID:3356
- C:\Windows\System\QOsvbWf.exe
  C:\Windows\System\QOsvbWf.exe
  2⤵
  PID:4108
- C:\Windows\System\toNstxa.exe
  C:\Windows\System\toNstxa.exe
  2⤵
  PID:4124
- C:\Windows\System\MKmOhej.exe
  C:\Windows\System\MKmOhej.exe
  2⤵
  PID:4140
- C:\Windows\System\BtgRyDE.exe
  C:\Windows\System\BtgRyDE.exe
  2⤵
  PID:4156
- C:\Windows\System\koUyreY.exe
  C:\Windows\System\koUyreY.exe
  2⤵
  PID:4172
- C:\Windows\System\ccVoJVu.exe
  C:\Windows\System\ccVoJVu.exe
  2⤵
  PID:4188
- C:\Windows\System\dWwAOxL.exe
  C:\Windows\System\dWwAOxL.exe
  2⤵
  PID:4204
- C:\Windows\System\AyvDeWi.exe
  C:\Windows\System\AyvDeWi.exe
  2⤵
  PID:4268
- C:\Windows\System\wgEcZWC.exe
  C:\Windows\System\wgEcZWC.exe
  2⤵
  PID:4284
- C:\Windows\System\jxRPVBh.exe
  C:\Windows\System\jxRPVBh.exe
  2⤵
  PID:4304
- C:\Windows\System\wLOHBgI.exe
  C:\Windows\System\wLOHBgI.exe
  2⤵
  PID:4320
- C:\Windows\System\UhjeSOM.exe
  C:\Windows\System\UhjeSOM.exe
  2⤵
  PID:4340
- C:\Windows\System\VBPETyb.exe
  C:\Windows\System\VBPETyb.exe
  2⤵
  PID:4464
- C:\Windows\System\YguzAid.exe
  C:\Windows\System\YguzAid.exe
  2⤵
  PID:4480
- C:\Windows\System\NYbexPF.exe
  C:\Windows\System\NYbexPF.exe
  2⤵
  PID:4496
- C:\Windows\System\PrjdMmZ.exe
  C:\Windows\System\PrjdMmZ.exe
  2⤵
  PID:4516
- C:\Windows\System\xGANfQR.exe
  C:\Windows\System\xGANfQR.exe
  2⤵
  PID:4532
- C:\Windows\System\zWLbZqg.exe
  C:\Windows\System\zWLbZqg.exe
  2⤵
  PID:4556
- C:\Windows\System\ArcfutN.exe
  C:\Windows\System\ArcfutN.exe
  2⤵
  PID:4572
- C:\Windows\System\VSgZoCx.exe
  C:\Windows\System\VSgZoCx.exe
  2⤵
  PID:4588
- C:\Windows\System\xTxUQqZ.exe
  C:\Windows\System\xTxUQqZ.exe
  2⤵
  PID:4612
- C:\Windows\System\QBwcXdt.exe
  C:\Windows\System\QBwcXdt.exe
  2⤵
  PID:4628
- C:\Windows\System\pqicRLf.exe
  C:\Windows\System\pqicRLf.exe
  2⤵
  PID:4648
- C:\Windows\System\SmEMxZC.exe
  C:\Windows\System\SmEMxZC.exe
  2⤵
  PID:4680
- C:\Windows\System\wdKyvty.exe
  C:\Windows\System\wdKyvty.exe
  2⤵
  PID:4704
- C:\Windows\System\fAGQDtG.exe
  C:\Windows\System\fAGQDtG.exe
  2⤵
  PID:4720
- C:\Windows\System\CCzozRR.exe
  C:\Windows\System\CCzozRR.exe
  2⤵
  PID:4736
- C:\Windows\System\IymWBPZ.exe
  C:\Windows\System\IymWBPZ.exe
  2⤵
  PID:4752
- C:\Windows\System\YndRoxz.exe
  C:\Windows\System\YndRoxz.exe
  2⤵
  PID:4776
- C:\Windows\System\coMbWXM.exe
  C:\Windows\System\coMbWXM.exe
  2⤵
  PID:4796
- C:\Windows\System\lGkyfUk.exe
  C:\Windows\System\lGkyfUk.exe
  2⤵
  PID:4816
- C:\Windows\System\kkyUXTl.exe
  C:\Windows\System\kkyUXTl.exe
  2⤵
  PID:4836
- C:\Windows\System\rXMbtrO.exe
  C:\Windows\System\rXMbtrO.exe
  2⤵
  PID:4856
- C:\Windows\System\tjWoyfE.exe
  C:\Windows\System\tjWoyfE.exe
  2⤵
  PID:4872
- C:\Windows\System\buamKlv.exe
  C:\Windows\System\buamKlv.exe
  2⤵
  PID:4900
- C:\Windows\System\EaBjSDY.exe
  C:\Windows\System\EaBjSDY.exe
  2⤵
  PID:4920
- C:\Windows\System\iVMzpwE.exe
  C:\Windows\System\iVMzpwE.exe
  2⤵
  PID:4944
- C:\Windows\System\GJgSiwc.exe
  C:\Windows\System\GJgSiwc.exe
  2⤵
  PID:4960
- C:\Windows\System\miSnWZX.exe
  C:\Windows\System\miSnWZX.exe
  2⤵
  PID:4976
- C:\Windows\System\Ttveaot.exe
  C:\Windows\System\Ttveaot.exe
  2⤵
  PID:4996
- C:\Windows\System\SbXtxbj.exe
  C:\Windows\System\SbXtxbj.exe
  2⤵
  PID:5020
- C:\Windows\System\RaFBAMf.exe
  C:\Windows\System\RaFBAMf.exe
  2⤵
  PID:5040
- C:\Windows\System\mPBlKvJ.exe
  C:\Windows\System\mPBlKvJ.exe
  2⤵
  PID:5060
- C:\Windows\System\yeCNbsN.exe
  C:\Windows\System\yeCNbsN.exe
  2⤵
  PID:5076
- C:\Windows\System\FlBGYTm.exe
  C:\Windows\System\FlBGYTm.exe
  2⤵
  PID:5092
- C:\Windows\System\YFEUwQl.exe
  C:\Windows\System\YFEUwQl.exe
  2⤵
  PID:5116
- C:\Windows\System\mhoobug.exe
  C:\Windows\System\mhoobug.exe
  2⤵
  PID:3540
- C:\Windows\System\KyNYasY.exe
  C:\Windows\System\KyNYasY.exe
  2⤵
  PID:2584
- C:\Windows\System\nsxHOWJ.exe
  C:\Windows\System\nsxHOWJ.exe
  2⤵
  PID:3928
- C:\Windows\System\lzhWqYy.exe
  C:\Windows\System\lzhWqYy.exe
  2⤵
  PID:3944
- C:\Windows\System\BDKlzho.exe
  C:\Windows\System\BDKlzho.exe
  2⤵
  PID:3216
- C:\Windows\System\MReFqAE.exe
  C:\Windows\System\MReFqAE.exe
  2⤵
  PID:3580
- C:\Windows\System\WrNzMEB.exe
  C:\Windows\System\WrNzMEB.exe
  2⤵
  PID:3380
- C:\Windows\System\HSwrjtB.exe
  C:\Windows\System\HSwrjtB.exe
  2⤵
  PID:3868
- C:\Windows\System\NRElmCj.exe
  C:\Windows\System\NRElmCj.exe
  2⤵
  PID:2900
- C:\Windows\System\JoBYMrL.exe
  C:\Windows\System\JoBYMrL.exe
  2⤵
  PID:4168
- C:\Windows\System\iewUmFP.exe
  C:\Windows\System\iewUmFP.exe
  2⤵
  PID:4280
- C:\Windows\System\BDcAPPi.exe
  C:\Windows\System\BDcAPPi.exe
  2⤵
  PID:2800
- C:\Windows\System\fNBWhMh.exe
  C:\Windows\System\fNBWhMh.exe
  2⤵
  PID:2248
- C:\Windows\System\TKtaDqu.exe
  C:\Windows\System\TKtaDqu.exe
  2⤵
  PID:3092
- C:\Windows\System\XwGGjkH.exe
  C:\Windows\System\XwGGjkH.exe
  2⤵
  PID:3260
- C:\Windows\System\nGijZkp.exe
  C:\Windows\System\nGijZkp.exe
  2⤵
  PID:4152
- C:\Windows\System\HTUQVoC.exe
  C:\Windows\System\HTUQVoC.exe
  2⤵
  PID:4216
- C:\Windows\System\WWroexU.exe
  C:\Windows\System\WWroexU.exe
  2⤵
  PID:4252
- C:\Windows\System\xcgfGhM.exe
  C:\Windows\System\xcgfGhM.exe
  2⤵
  PID:4416
- C:\Windows\System\bFfRKvi.exe
  C:\Windows\System\bFfRKvi.exe
  2⤵
  PID:4432
- C:\Windows\System\IpZsBpX.exe
  C:\Windows\System\IpZsBpX.exe
  2⤵
  PID:3252
- C:\Windows\System\lHLuYxY.exe
  C:\Windows\System\lHLuYxY.exe
  2⤵
  PID:3852
- C:\Windows\System\ndxovKZ.exe
  C:\Windows\System\ndxovKZ.exe
  2⤵
  PID:3472
- C:\Windows\System\odjhAzY.exe
  C:\Windows\System\odjhAzY.exe
  2⤵
  PID:3272
- C:\Windows\System\DWjumXj.exe
  C:\Windows\System\DWjumXj.exe
  2⤵
  PID:4448
- C:\Windows\System\nZbIVik.exe
  C:\Windows\System\nZbIVik.exe
  2⤵
  PID:4524
- C:\Windows\System\yLeqLXl.exe
  C:\Windows\System\yLeqLXl.exe
  2⤵
  PID:4596
- C:\Windows\System\ViYOZxb.exe
  C:\Windows\System\ViYOZxb.exe
  2⤵
  PID:4472
- C:\Windows\System\lERbsyh.exe
  C:\Windows\System\lERbsyh.exe
  2⤵
  PID:4696
- C:\Windows\System\TcOJlpL.exe
  C:\Windows\System\TcOJlpL.exe
  2⤵
  PID:4548
- C:\Windows\System\dADPlZP.exe
  C:\Windows\System\dADPlZP.exe
  2⤵
  PID:4540
- C:\Windows\System\TTFuELZ.exe
  C:\Windows\System\TTFuELZ.exe
  2⤵
  PID:4804
- C:\Windows\System\sdjyISu.exe
  C:\Windows\System\sdjyISu.exe
  2⤵
  PID:4676
- C:\Windows\System\AvTHHLk.exe
  C:\Windows\System\AvTHHLk.exe
  2⤵
  PID:4848
- C:\Windows\System\sIMFlhH.exe
  C:\Windows\System\sIMFlhH.exe
  2⤵
  PID:4744
- C:\Windows\System\SSIXkiT.exe
  C:\Windows\System\SSIXkiT.exe
  2⤵
  PID:4928
- C:\Windows\System\inyuIHp.exe
  C:\Windows\System\inyuIHp.exe
  2⤵
  PID:4972
- C:\Windows\System\hWBTGei.exe
  C:\Windows\System\hWBTGei.exe
  2⤵
  PID:5056
- C:\Windows\System\cAfWRgo.exe
  C:\Windows\System\cAfWRgo.exe
  2⤵
  PID:3452
- C:\Windows\System\CLabVkv.exe
  C:\Windows\System\CLabVkv.exe
  2⤵
  PID:4828
- C:\Windows\System\xCsxwqu.exe
  C:\Windows\System\xCsxwqu.exe
  2⤵
  PID:4952
- C:\Windows\System\ZAQsUCx.exe
  C:\Windows\System\ZAQsUCx.exe
  2⤵
  PID:5068
- C:\Windows\System\hNZZCmO.exe
  C:\Windows\System\hNZZCmO.exe
  2⤵
  PID:3372
- C:\Windows\System\yDvCICf.exe
  C:\Windows\System\yDvCICf.exe
  2⤵
  PID:4908
- C:\Windows\System\bGkLrRn.exe
  C:\Windows\System\bGkLrRn.exe
  2⤵
  PID:4316
- C:\Windows\System\UKjUGqy.exe
  C:\Windows\System\UKjUGqy.exe
  2⤵
  PID:4992
- C:\Windows\System\tXDhhXq.exe
  C:\Windows\System\tXDhhXq.exe
  2⤵
  PID:5036
- C:\Windows\System\zPeqwjv.exe
  C:\Windows\System\zPeqwjv.exe
  2⤵
  PID:4132
- C:\Windows\System\UJOQnED.exe
  C:\Windows\System\UJOQnED.exe
  2⤵
  PID:2656
- C:\Windows\System\grbRGHN.exe
  C:\Windows\System\grbRGHN.exe
  2⤵
  PID:4224
- C:\Windows\System\TLqxZVi.exe
  C:\Windows\System\TLqxZVi.exe
  2⤵
  PID:4240
- C:\Windows\System\PvHmdKR.exe
  C:\Windows\System\PvHmdKR.exe
  2⤵
  PID:4300
- C:\Windows\System\AVIwvAv.exe
  C:\Windows\System\AVIwvAv.exe
  2⤵
  PID:3444
- C:\Windows\System\SIBFKlc.exe
  C:\Windows\System\SIBFKlc.exe
  2⤵
  PID:1512
- C:\Windows\System\UwmTsaP.exe
  C:\Windows\System\UwmTsaP.exe
  2⤵
  PID:4248
- C:\Windows\System\IEjcpUh.exe
  C:\Windows\System\IEjcpUh.exe
  2⤵
  PID:3468
- C:\Windows\System\WHlppYj.exe
  C:\Windows\System\WHlppYj.exe
  2⤵
  PID:4568
- C:\Windows\System\mTmnGxH.exe
  C:\Windows\System\mTmnGxH.exe
  2⤵
  PID:4488
- C:\Windows\System\puxQFNX.exe
  C:\Windows\System\puxQFNX.exe
  2⤵
  PID:4644
- C:\Windows\System\XhKvonH.exe
  C:\Windows\System\XhKvonH.exe
  2⤵
  PID:3844
- C:\Windows\System\FpASUXv.exe
  C:\Windows\System\FpASUXv.exe
  2⤵
  PID:4732
- C:\Windows\System\UWqzrWu.exe
  C:\Windows\System\UWqzrWu.exe
  2⤵
  PID:4624
- C:\Windows\System\Vbjxkii.exe
  C:\Windows\System\Vbjxkii.exe
  2⤵
  PID:4512
- C:\Windows\System\jqepiFo.exe
  C:\Windows\System\jqepiFo.exe
  2⤵
  PID:4712
- C:\Windows\System\bjSSeIz.exe
  C:\Windows\System\bjSSeIz.exe
  2⤵
  PID:4968
- C:\Windows\System\gupTAjV.exe
  C:\Windows\System\gupTAjV.exe
  2⤵
  PID:4864
- C:\Windows\System\ucTpATS.exe
  C:\Windows\System\ucTpATS.exe
  2⤵
  PID:4916
- C:\Windows\System\pSxuopX.exe
  C:\Windows\System\pSxuopX.exe
  2⤵
  PID:4164
- C:\Windows\System\ayXbOXf.exe
  C:\Windows\System\ayXbOXf.exe
  2⤵
  PID:4844
- C:\Windows\System\esmoLZh.exe
  C:\Windows\System\esmoLZh.exe
  2⤵
  PID:4896
- C:\Windows\System\IhjivgN.exe
  C:\Windows\System\IhjivgN.exe
  2⤵
  PID:5016
- C:\Windows\System\PCjIdpN.exe
  C:\Windows\System\PCjIdpN.exe
  2⤵
  PID:3132
- C:\Windows\System\yhyrzHj.exe
  C:\Windows\System\yhyrzHj.exe
  2⤵
  PID:4460
- C:\Windows\System\QtYMoIa.exe
  C:\Windows\System\QtYMoIa.exe
  2⤵
  PID:4956
- C:\Windows\System\FufdKjk.exe
  C:\Windows\System\FufdKjk.exe
  2⤵
  PID:4984
- C:\Windows\System\LUnIxTJ.exe
  C:\Windows\System\LUnIxTJ.exe
  2⤵
  PID:4784
- C:\Windows\System\ePivkqB.exe
  C:\Windows\System\ePivkqB.exe
  2⤵
  PID:3636
- C:\Windows\System\KZvuvAq.exe
  C:\Windows\System\KZvuvAq.exe
  2⤵
  PID:4600
- C:\Windows\System\FnTGdyC.exe
  C:\Windows\System\FnTGdyC.exe
  2⤵
  PID:4440
- C:\Windows\System\TwneXoP.exe
  C:\Windows\System\TwneXoP.exe
  2⤵
  PID:4428
- C:\Windows\System\pUYhSDM.exe
  C:\Windows\System\pUYhSDM.exe
  2⤵
  PID:4660
- C:\Windows\System\IWNzUDq.exe
  C:\Windows\System\IWNzUDq.exe
  2⤵
  PID:4236
- C:\Windows\System\IOznZKf.exe
  C:\Windows\System\IOznZKf.exe
  2⤵
  PID:4504
- C:\Windows\System\HlMLPnQ.exe
  C:\Windows\System\HlMLPnQ.exe
  2⤵
  PID:3308
- C:\Windows\System\pHWFAcX.exe
  C:\Windows\System\pHWFAcX.exe
  2⤵
  PID:5032
- C:\Windows\System\paLNMAh.exe
  C:\Windows\System\paLNMAh.exe
  2⤵
  PID:4764
- C:\Windows\System\bJztRHt.exe
  C:\Windows\System\bJztRHt.exe
  2⤵
  PID:4668
- C:\Windows\System\cBLKCue.exe
  C:\Windows\System\cBLKCue.exe
  2⤵
  PID:5112
- C:\Windows\System\kjitjzg.exe
  C:\Windows\System\kjitjzg.exe
  2⤵
  PID:2056
- C:\Windows\System\jrokqXy.exe
  C:\Windows\System\jrokqXy.exe
  2⤵
  PID:3200
- C:\Windows\System\CRzSmOG.exe
  C:\Windows\System\CRzSmOG.exe
  2⤵
  PID:4728
- C:\Windows\System\yfTrezv.exe
  C:\Windows\System\yfTrezv.exe
  2⤵
  PID:3536
- C:\Windows\System\OTRZiPx.exe
  C:\Windows\System\OTRZiPx.exe
  2⤵
  PID:4868
- C:\Windows\System\tWoSlin.exe
  C:\Windows\System\tWoSlin.exe
  2⤵
  PID:4404
- C:\Windows\System\eOxqrwX.exe
  C:\Windows\System\eOxqrwX.exe
  2⤵
  PID:4184
- C:\Windows\System\ZLuPqsY.exe
  C:\Windows\System\ZLuPqsY.exe
  2⤵
  PID:5088
- C:\Windows\System\Vdryzjw.exe
  C:\Windows\System\Vdryzjw.exe
  2⤵
  PID:3424
- C:\Windows\System\VcoPYsq.exe
  C:\Windows\System\VcoPYsq.exe
  2⤵
  PID:5124
- C:\Windows\System\SWbScky.exe
  C:\Windows\System\SWbScky.exe
  2⤵
  PID:5140
- C:\Windows\System\UBoIMcw.exe
  C:\Windows\System\UBoIMcw.exe
  2⤵
  PID:5156
- C:\Windows\System\PlxoIFU.exe
  C:\Windows\System\PlxoIFU.exe
  2⤵
  PID:5172
- C:\Windows\System\MNxPCpg.exe
  C:\Windows\System\MNxPCpg.exe
  2⤵
  PID:5188
- C:\Windows\System\lnqTUTy.exe
  C:\Windows\System\lnqTUTy.exe
  2⤵
  PID:5204
- C:\Windows\System\xAepWKF.exe
  C:\Windows\System\xAepWKF.exe
  2⤵
  PID:5220
- C:\Windows\System\smWvLMP.exe
  C:\Windows\System\smWvLMP.exe
  2⤵
  PID:5236
- C:\Windows\System\XxSzdDk.exe
  C:\Windows\System\XxSzdDk.exe
  2⤵
  PID:5252
- C:\Windows\System\FITeZsQ.exe
  C:\Windows\System\FITeZsQ.exe
  2⤵
  PID:5268
- C:\Windows\System\MvIsGct.exe
  C:\Windows\System\MvIsGct.exe
  2⤵
  PID:5376
- C:\Windows\System\cZJeZNF.exe
  C:\Windows\System\cZJeZNF.exe
  2⤵
  PID:5392
- C:\Windows\System\PjPDnXV.exe
  C:\Windows\System\PjPDnXV.exe
  2⤵
  PID:5408
- C:\Windows\System\TFHZkZN.exe
  C:\Windows\System\TFHZkZN.exe
  2⤵
  PID:5424
- C:\Windows\System\DExZkgt.exe
  C:\Windows\System\DExZkgt.exe
  2⤵
  PID:5440
- C:\Windows\System\qofnQtT.exe
  C:\Windows\System\qofnQtT.exe
  2⤵
  PID:5456
- C:\Windows\System\phOiwSK.exe
  C:\Windows\System\phOiwSK.exe
  2⤵
  PID:5472
- C:\Windows\System\WLUEMFj.exe
  C:\Windows\System\WLUEMFj.exe
  2⤵
  PID:5488
- C:\Windows\System\hwswhXb.exe
  C:\Windows\System\hwswhXb.exe
  2⤵
  PID:5504
- C:\Windows\System\VCPMLfb.exe
  C:\Windows\System\VCPMLfb.exe
  2⤵
  PID:5524
- C:\Windows\System\iTQsYlm.exe
  C:\Windows\System\iTQsYlm.exe
  2⤵
  PID:5540
- C:\Windows\System\WhZZqcJ.exe
  C:\Windows\System\WhZZqcJ.exe
  2⤵
  PID:5556
- C:\Windows\System\bkAiuBI.exe
  C:\Windows\System\bkAiuBI.exe
  2⤵
  PID:5572
- C:\Windows\System\EMvpJxV.exe
  C:\Windows\System\EMvpJxV.exe
  2⤵
  PID:5592
- C:\Windows\System\SYynNNh.exe
  C:\Windows\System\SYynNNh.exe
  2⤵
  PID:5612
- C:\Windows\System\ilCIOtY.exe
  C:\Windows\System\ilCIOtY.exe
  2⤵
  PID:5628
- C:\Windows\System\LMqWNFu.exe
  C:\Windows\System\LMqWNFu.exe
  2⤵
  PID:5656
- C:\Windows\System\xGpSJnZ.exe
  C:\Windows\System\xGpSJnZ.exe
  2⤵
  PID:5672
- C:\Windows\System\yTzmLhx.exe
  C:\Windows\System\yTzmLhx.exe
  2⤵
  PID:5688
- C:\Windows\System\GwwDmlC.exe
  C:\Windows\System\GwwDmlC.exe
  2⤵
  PID:5704
- C:\Windows\System\WqWqBfz.exe
  C:\Windows\System\WqWqBfz.exe
  2⤵
  PID:5728
- C:\Windows\System\ryXGOYc.exe
  C:\Windows\System\ryXGOYc.exe
  2⤵
  PID:5744
- C:\Windows\System\QBrxsPB.exe
  C:\Windows\System\QBrxsPB.exe
  2⤵
  PID:5760
- C:\Windows\System\Hkwxjxw.exe
  C:\Windows\System\Hkwxjxw.exe
  2⤵
  PID:5780
- C:\Windows\System\sOcIJEd.exe
  C:\Windows\System\sOcIJEd.exe
  2⤵
  PID:5800
- C:\Windows\System\VTFsYFe.exe
  C:\Windows\System\VTFsYFe.exe
  2⤵
  PID:5820
- C:\Windows\System\DcKtdZB.exe
  C:\Windows\System\DcKtdZB.exe
  2⤵
  PID:5836
- C:\Windows\System\CCINOQZ.exe
  C:\Windows\System\CCINOQZ.exe
  2⤵
  PID:5856
- C:\Windows\System\IYTnYqF.exe
  C:\Windows\System\IYTnYqF.exe
  2⤵
  PID:5872
- C:\Windows\System\WVYVhtx.exe
  C:\Windows\System\WVYVhtx.exe
  2⤵
  PID:5892
- C:\Windows\System\ngZymdx.exe
  C:\Windows\System\ngZymdx.exe
  2⤵
  PID:5912
- C:\Windows\System\uZBScOX.exe
  C:\Windows\System\uZBScOX.exe
  2⤵
  PID:5944
- C:\Windows\System\sGpyPVO.exe
  C:\Windows\System\sGpyPVO.exe
  2⤵
  PID:6020
- C:\Windows\System\WWNniAB.exe
  C:\Windows\System\WWNniAB.exe
  2⤵
  PID:6036
- C:\Windows\System\wwqwFEP.exe
  C:\Windows\System\wwqwFEP.exe
  2⤵
  PID:6056
- C:\Windows\System\rYiNZot.exe
  C:\Windows\System\rYiNZot.exe
  2⤵
  PID:6072
- C:\Windows\System\bwprFRV.exe
  C:\Windows\System\bwprFRV.exe
  2⤵
  PID:6088
- C:\Windows\System\SoDCXbU.exe
  C:\Windows\System\SoDCXbU.exe
  2⤵
  PID:6104
- C:\Windows\System\IchJlAU.exe
  C:\Windows\System\IchJlAU.exe
  2⤵
  PID:6120
- C:\Windows\System\esvZuRD.exe
  C:\Windows\System\esvZuRD.exe
  2⤵
  PID:6136
- C:\Windows\System\pCQFBCj.exe
  C:\Windows\System\pCQFBCj.exe
  2⤵
  PID:4888
- C:\Windows\System\qOIhpXP.exe
  C:\Windows\System\qOIhpXP.exe
  2⤵
  PID:5048
- C:\Windows\System\zMCsnRD.exe
  C:\Windows\System\zMCsnRD.exe
  2⤵
  PID:5132
- C:\Windows\System\AnrtqPV.exe
  C:\Windows\System\AnrtqPV.exe
  2⤵
  PID:5196
- C:\Windows\System\ZeZBidU.exe
  C:\Windows\System\ZeZBidU.exe
  2⤵
  PID:5232
- C:\Windows\System\rAFlVVf.exe
  C:\Windows\System\rAFlVVf.exe
  2⤵
  PID:4292
- C:\Windows\System\frnQWLA.exe
  C:\Windows\System\frnQWLA.exe
  2⤵
  PID:4212
- C:\Windows\System\tYgTGDg.exe
  C:\Windows\System\tYgTGDg.exe
  2⤵
  PID:5104
- C:\Windows\System\idJVTnA.exe
  C:\Windows\System\idJVTnA.exe
  2⤵
  PID:5148
- C:\Windows\System\AgnfCZE.exe
  C:\Windows\System\AgnfCZE.exe
  2⤵
  PID:5212
- C:\Windows\System\KVWQexN.exe
  C:\Windows\System\KVWQexN.exe
  2⤵
  PID:2808
- C:\Windows\System\LpwEfMD.exe
  C:\Windows\System\LpwEfMD.exe
  2⤵
  PID:5328
- C:\Windows\System\FOxfDpj.exe
  C:\Windows\System\FOxfDpj.exe
  2⤵
  PID:5344
- C:\Windows\System\IyOEHvc.exe
  C:\Windows\System\IyOEHvc.exe
  2⤵
  PID:5360
- C:\Windows\System\KUPHEqg.exe
  C:\Windows\System\KUPHEqg.exe
  2⤵
  PID:5436
- C:\Windows\System\jAXInGj.exe
  C:\Windows\System\jAXInGj.exe
  2⤵
  PID:5500
- C:\Windows\System\YVPawMT.exe
  C:\Windows\System\YVPawMT.exe
  2⤵
  PID:5452
- C:\Windows\System\KdWsTbq.exe
  C:\Windows\System\KdWsTbq.exe
  2⤵
  PID:5536
- C:\Windows\System\mxtsxuU.exe
  C:\Windows\System\mxtsxuU.exe
  2⤵
  PID:5608
- C:\Windows\System\hJsHxRY.exe
  C:\Windows\System\hJsHxRY.exe
  2⤵
  PID:5652
- C:\Windows\System\MIfylBP.exe
  C:\Windows\System\MIfylBP.exe
  2⤵
  PID:5552
- C:\Windows\System\duLeLbB.exe
  C:\Windows\System\duLeLbB.exe
  2⤵
  PID:5756
- C:\Windows\System\bfxZcxL.exe
  C:\Windows\System\bfxZcxL.exe
  2⤵
  PID:5828
- C:\Windows\System\Istcstk.exe
  C:\Windows\System\Istcstk.exe
  2⤵
  PID:5868
- C:\Windows\System\sisUQFk.exe
  C:\Windows\System\sisUQFk.exe
  2⤵
  PID:5664
- C:\Windows\System\zCRzOty.exe
  C:\Windows\System\zCRzOty.exe
  2⤵
  PID:5808
- C:\Windows\System\QErkJzh.exe
  C:\Windows\System\QErkJzh.exe
  2⤵
  PID:5848
- C:\Windows\System\VsJnGso.exe
  C:\Windows\System\VsJnGso.exe
  2⤵
  PID:5888
- C:\Windows\System\zLWqOsT.exe
  C:\Windows\System\zLWqOsT.exe
  2⤵
  PID:5936
- C:\Windows\System\SaEvdpK.exe
  C:\Windows\System\SaEvdpK.exe
  2⤵
  PID:5952
- C:\Windows\System\LoStcqB.exe
  C:\Windows\System\LoStcqB.exe
  2⤵
  PID:5968
- C:\Windows\System\jDpxtnW.exe
  C:\Windows\System\jDpxtnW.exe
  2⤵
  PID:5984
- C:\Windows\System\NkkPpvj.exe
  C:\Windows\System\NkkPpvj.exe
  2⤵
  PID:6000
- C:\Windows\System\CQlUSuX.exe
  C:\Windows\System\CQlUSuX.exe
  2⤵
  PID:1704
- C:\Windows\System\mJfUGcJ.exe
  C:\Windows\System\mJfUGcJ.exe
  2⤵
  PID:1684
- C:\Windows\System\ZkRjObr.exe
  C:\Windows\System\ZkRjObr.exe
  2⤵
  PID:2188
- C:\Windows\System\yDGfaig.exe
  C:\Windows\System\yDGfaig.exe
  2⤵
  PID:2032
- C:\Windows\System\RdaJBAd.exe
  C:\Windows\System\RdaJBAd.exe
  2⤵
  PID:1488
- C:\Windows\System\WzkWChq.exe
  C:\Windows\System\WzkWChq.exe
  2⤵
  PID:380
- C:\Windows\System\yUDRMbE.exe
  C:\Windows\System\yUDRMbE.exe
  2⤵
  PID:1660
- C:\Windows\System\aEmOvom.exe
  C:\Windows\System\aEmOvom.exe
  2⤵
  PID:792
- C:\Windows\System\ZAcdxzK.exe
  C:\Windows\System\ZAcdxzK.exe
  2⤵
  PID:3004
- C:\Windows\System\pQLLkDe.exe
  C:\Windows\System\pQLLkDe.exe
  2⤵
  PID:2196
- C:\Windows\System\oGKUUga.exe
  C:\Windows\System\oGKUUga.exe
  2⤵
  PID:1864
- C:\Windows\System\lLfGEQC.exe
  C:\Windows\System\lLfGEQC.exe
  2⤵
  PID:1236
- C:\Windows\System\CZMequb.exe
  C:\Windows\System\CZMequb.exe
  2⤵
  PID:6032
- C:\Windows\System\YKjPLyk.exe
  C:\Windows\System\YKjPLyk.exe
  2⤵
  PID:6100
- C:\Windows\System\mNVFXuv.exe
  C:\Windows\System\mNVFXuv.exe
  2⤵
  PID:2412
- C:\Windows\System\RWMnIFQ.exe
  C:\Windows\System\RWMnIFQ.exe
  2⤵
  PID:5264
- C:\Windows\System\jilksHN.exe
  C:\Windows\System\jilksHN.exe
  2⤵
  PID:4936
- C:\Windows\System\FDmirXV.exe
  C:\Windows\System\FDmirXV.exe
  2⤵
  PID:4636
- C:\Windows\System\pAKibld.exe
  C:\Windows\System\pAKibld.exe
  2⤵
  PID:5364
- C:\Windows\System\xkBaHwU.exe
  C:\Windows\System\xkBaHwU.exe
  2⤵
  PID:4148
- C:\Windows\System\VxJpHOs.exe
  C:\Windows\System\VxJpHOs.exe
  2⤵
  PID:5184
- C:\Windows\System\DFHEfuv.exe
  C:\Windows\System\DFHEfuv.exe
  2⤵
  PID:5356
- C:\Windows\System\SlmVeMn.exe
  C:\Windows\System\SlmVeMn.exe
  2⤵
  PID:5532
- C:\Windows\System\ovHUaBs.exe
  C:\Windows\System\ovHUaBs.exe
  2⤵
  PID:5584
- C:\Windows\System\jUtumWA.exe
  C:\Windows\System\jUtumWA.exe
  2⤵
  PID:5568
- C:\Windows\System\ZnQfvHX.exe
  C:\Windows\System\ZnQfvHX.exe
  2⤵
  PID:5520
- C:\Windows\System\SPHjMTX.exe
  C:\Windows\System\SPHjMTX.exe
  2⤵
  PID:5796
- C:\Windows\System\MqZMpVm.exe
  C:\Windows\System\MqZMpVm.exe
  2⤵
  PID:5752
- C:\Windows\System\yBeVwaZ.exe
  C:\Windows\System\yBeVwaZ.exe
  2⤵
  PID:5624
- C:\Windows\System\MBKKlWq.exe
  C:\Windows\System\MBKKlWq.exe
  2⤵
  PID:5700
- C:\Windows\System\OWWAyCR.exe
  C:\Windows\System\OWWAyCR.exe
  2⤵
  PID:5964
- C:\Windows\System\LTQdcys.exe
  C:\Windows\System\LTQdcys.exe
  2⤵
  PID:5696
- C:\Windows\System\QQpUtGX.exe
  C:\Windows\System\QQpUtGX.exe
  2⤵
  PID:2664
- C:\Windows\System\DnAVMxn.exe
  C:\Windows\System\DnAVMxn.exe
  2⤵
  PID:1616
- C:\Windows\System\BXcwmMZ.exe
  C:\Windows\System\BXcwmMZ.exe
  2⤵
  PID:4396
- C:\Windows\System\TecnpEh.exe
  C:\Windows\System\TecnpEh.exe
  2⤵
  PID:2260
- C:\Windows\System\txXmUtE.exe
  C:\Windows\System\txXmUtE.exe
  2⤵
  PID:6068
- C:\Windows\System\UtQSNzR.exe
  C:\Windows\System\UtQSNzR.exe
  2⤵
  PID:6080
- C:\Windows\System\SfhEiSo.exe
  C:\Windows\System\SfhEiSo.exe
  2⤵
  PID:4412
- C:\Windows\System\AaHUZun.exe
  C:\Windows\System\AaHUZun.exe
  2⤵
  PID:5980
- C:\Windows\System\bkzgKMr.exe
  C:\Windows\System\bkzgKMr.exe
  2⤵
  PID:1676
- C:\Windows\System\hEgjjJJ.exe
  C:\Windows\System\hEgjjJJ.exe
  2⤵
  PID:1620
- C:\Windows\System\hDxZGfq.exe
  C:\Windows\System\hDxZGfq.exe
  2⤵
  PID:6052
- C:\Windows\System\wWlPPDl.exe
  C:\Windows\System\wWlPPDl.exe
  2⤵
  PID:4264
- C:\Windows\System\aPlLEcd.exe
  C:\Windows\System\aPlLEcd.exe
  2⤵
  PID:5216
- C:\Windows\System\oiIJKTi.exe
  C:\Windows\System\oiIJKTi.exe
  2⤵
  PID:5484
- C:\Windows\System\OqxjHuN.exe
  C:\Windows\System\OqxjHuN.exe
  2⤵
  PID:5400
- C:\Windows\System\LpCBVSn.exe
  C:\Windows\System\LpCBVSn.exe
  2⤵
  PID:1636
- C:\Windows\System\NjMUhld.exe
  C:\Windows\System\NjMUhld.exe
  2⤵
  PID:1680
- C:\Windows\System\WohSCJZ.exe
  C:\Windows\System\WohSCJZ.exe
  2⤵
  PID:5996
- C:\Windows\System\vwWaasV.exe
  C:\Windows\System\vwWaasV.exe
  2⤵
  PID:6012
- C:\Windows\System\INFXLNo.exe
  C:\Windows\System\INFXLNo.exe
  2⤵
  PID:4452
- C:\Windows\System\pWoroFZ.exe
  C:\Windows\System\pWoroFZ.exe
  2⤵
  PID:4016
- C:\Windows\System\rvKrjWN.exe
  C:\Windows\System\rvKrjWN.exe
  2⤵
  PID:5516
- C:\Windows\System\xEaHcYl.exe
  C:\Windows\System\xEaHcYl.exe
  2⤵
  PID:5712
- C:\Windows\System\bmMCvwu.exe
  C:\Windows\System\bmMCvwu.exe
  2⤵
  PID:5668
- C:\Windows\System\eNeAaBv.exe
  C:\Windows\System\eNeAaBv.exe
  2⤵
  PID:5248
- C:\Windows\System\ABftvoT.exe
  C:\Windows\System\ABftvoT.exe
  2⤵
  PID:5292
- C:\Windows\System\oTgNSGG.exe
  C:\Windows\System\oTgNSGG.exe
  2⤵
  PID:6048
- C:\Windows\System\lwJCMok.exe
  C:\Windows\System\lwJCMok.exe
  2⤵
  PID:1720
- C:\Windows\System\ZFFcTDi.exe
  C:\Windows\System\ZFFcTDi.exe
  2⤵
  PID:5496
- C:\Windows\System\WOMIDNp.exe
  C:\Windows\System\WOMIDNp.exe
  2⤵
  PID:5960
- C:\Windows\System\vElGiHX.exe
  C:\Windows\System\vElGiHX.exe
  2⤵
  PID:5648
- C:\Windows\System\XZIUKAp.exe
  C:\Windows\System\XZIUKAp.exe
  2⤵
  PID:5724
- C:\Windows\System\plgGHGS.exe
  C:\Windows\System\plgGHGS.exe
  2⤵
  PID:1628
- C:\Windows\System\cQJOJse.exe
  C:\Windows\System\cQJOJse.exe
  2⤵
  PID:2428
- C:\Windows\System\klDwluU.exe
  C:\Windows\System\klDwluU.exe
  2⤵
  PID:2096
- C:\Windows\System\GoqLwoL.exe
  C:\Windows\System\GoqLwoL.exe
  2⤵
  PID:2764
- C:\Windows\System\gqkfxhO.exe
  C:\Windows\System\gqkfxhO.exe
  2⤵
  PID:1920
- C:\Windows\System\AAnsaSf.exe
  C:\Windows\System\AAnsaSf.exe
  2⤵
  PID:5448
- C:\Windows\System\FbzcaHs.exe
  C:\Windows\System\FbzcaHs.exe
  2⤵
  PID:5720
- C:\Windows\System\MrewRuE.exe
  C:\Windows\System\MrewRuE.exe
  2⤵
  PID:756
- C:\Windows\System\uEMbgbz.exe
  C:\Windows\System\uEMbgbz.exe
  2⤵
  PID:6148
- C:\Windows\System\sFGdurJ.exe
  C:\Windows\System\sFGdurJ.exe
  2⤵
  PID:6168
- C:\Windows\System\CTedkMF.exe
  C:\Windows\System\CTedkMF.exe
  2⤵
  PID:6188
- C:\Windows\System\eTCVFFw.exe
  C:\Windows\System\eTCVFFw.exe
  2⤵
  PID:6204
- C:\Windows\System\kIVgPHD.exe
  C:\Windows\System\kIVgPHD.exe
  2⤵
  PID:6220
- C:\Windows\System\AVNLcmA.exe
  C:\Windows\System\AVNLcmA.exe
  2⤵
  PID:6248
- C:\Windows\System\lhmjThI.exe
  C:\Windows\System\lhmjThI.exe
  2⤵
  PID:6268
- C:\Windows\System\uCeajsl.exe
  C:\Windows\System\uCeajsl.exe
  2⤵
  PID:6284
- C:\Windows\System\LcysHqn.exe
  C:\Windows\System\LcysHqn.exe
  2⤵
  PID:6304
- C:\Windows\System\HDFpybw.exe
  C:\Windows\System\HDFpybw.exe
  2⤵
  PID:6368
- C:\Windows\System\RVZDKSE.exe
  C:\Windows\System\RVZDKSE.exe
  2⤵
  PID:6384
- C:\Windows\System\nSUokNL.exe
  C:\Windows\System\nSUokNL.exe
  2⤵
  PID:6400
- C:\Windows\System\ipOiSVB.exe
  C:\Windows\System\ipOiSVB.exe
  2⤵
  PID:6416
- C:\Windows\System\fVrNbIt.exe
  C:\Windows\System\fVrNbIt.exe
  2⤵
  PID:6432
- C:\Windows\System\MpYoEER.exe
  C:\Windows\System\MpYoEER.exe
  2⤵
  PID:6452
- C:\Windows\System\CRVwJDU.exe
  C:\Windows\System\CRVwJDU.exe
  2⤵
  PID:6472
- C:\Windows\System\McvIWMD.exe
  C:\Windows\System\McvIWMD.exe
  2⤵
  PID:6492
- C:\Windows\System\MqdXNHL.exe
  C:\Windows\System\MqdXNHL.exe
  2⤵
  PID:6508
- C:\Windows\System\twlRqhF.exe
  C:\Windows\System\twlRqhF.exe
  2⤵
  PID:6524
- C:\Windows\System\RSXwLVr.exe
  C:\Windows\System\RSXwLVr.exe
  2⤵
  PID:6540
- C:\Windows\System\gCxFKro.exe
  C:\Windows\System\gCxFKro.exe
  2⤵
  PID:6556
- C:\Windows\System\YHxyLEL.exe
  C:\Windows\System\YHxyLEL.exe
  2⤵
  PID:6576
- C:\Windows\System\NkAAsuR.exe
  C:\Windows\System\NkAAsuR.exe
  2⤵
  PID:6592
- C:\Windows\System\GsMyLdn.exe
  C:\Windows\System\GsMyLdn.exe
  2⤵
  PID:6612
- C:\Windows\System\fISaMmO.exe
  C:\Windows\System\fISaMmO.exe
  2⤵
  PID:6632
- C:\Windows\System\XSKvxuh.exe
  C:\Windows\System\XSKvxuh.exe
  2⤵
  PID:6652
- C:\Windows\System\fdnnYxk.exe
  C:\Windows\System\fdnnYxk.exe
  2⤵
  PID:6668
- C:\Windows\System\ZoVxLAK.exe
  C:\Windows\System\ZoVxLAK.exe
  2⤵
  PID:6688
- C:\Windows\System\GTdUTES.exe
  C:\Windows\System\GTdUTES.exe
  2⤵
  PID:6708
- C:\Windows\System\pJOkigO.exe
  C:\Windows\System\pJOkigO.exe
  2⤵
  PID:6728
- C:\Windows\System\vyRvWDx.exe
  C:\Windows\System\vyRvWDx.exe
  2⤵
  PID:6788
- C:\Windows\System\JIwIYnc.exe
  C:\Windows\System\JIwIYnc.exe
  2⤵
  PID:6804
- C:\Windows\System\OpMEXSO.exe
  C:\Windows\System\OpMEXSO.exe
  2⤵
  PID:6824
- C:\Windows\System\PTaTdZq.exe
  C:\Windows\System\PTaTdZq.exe
  2⤵
  PID:6840
- C:\Windows\System\gqcVzDZ.exe
  C:\Windows\System\gqcVzDZ.exe
  2⤵
  PID:6856
- C:\Windows\System\xVfSJQf.exe
  C:\Windows\System\xVfSJQf.exe
  2⤵
  PID:6872
- C:\Windows\System\PcbjFvF.exe
  C:\Windows\System\PcbjFvF.exe
  2⤵
  PID:6896
- C:\Windows\System\HyKffdv.exe
  C:\Windows\System\HyKffdv.exe
  2⤵
  PID:6912
- C:\Windows\System\ktoAEUN.exe
  C:\Windows\System\ktoAEUN.exe
  2⤵
  PID:6928
- C:\Windows\System\BRxCCOt.exe
  C:\Windows\System\BRxCCOt.exe
  2⤵
  PID:6944
- C:\Windows\System\hQFjSAz.exe
  C:\Windows\System\hQFjSAz.exe
  2⤵
  PID:6988
- C:\Windows\System\ZUQNjmE.exe
  C:\Windows\System\ZUQNjmE.exe
  2⤵
  PID:7004
- C:\Windows\System\sKrIZzS.exe
  C:\Windows\System\sKrIZzS.exe
  2⤵
  PID:7024
- C:\Windows\System\QkeWbMN.exe
  C:\Windows\System\QkeWbMN.exe
  2⤵
  PID:7044
- C:\Windows\System\bKdYhdr.exe
  C:\Windows\System\bKdYhdr.exe
  2⤵
  PID:7060
- C:\Windows\System\DyxTYov.exe
  C:\Windows\System\DyxTYov.exe
  2⤵
  PID:7080
- C:\Windows\System\tAzvdBs.exe
  C:\Windows\System\tAzvdBs.exe
  2⤵
  PID:7100
- C:\Windows\System\dJHYHit.exe
  C:\Windows\System\dJHYHit.exe
  2⤵
  PID:7120
- C:\Windows\System\NuMnFBY.exe
  C:\Windows\System\NuMnFBY.exe
  2⤵
  PID:7136
- C:\Windows\System\WmOcqYT.exe
  C:\Windows\System\WmOcqYT.exe
  2⤵
  PID:7156
- C:\Windows\System\gTBidtg.exe
  C:\Windows\System\gTBidtg.exe
  2⤵
  PID:2568
- C:\Windows\System\qoVWMNZ.exe
  C:\Windows\System\qoVWMNZ.exe
  2⤵
  PID:5772
- C:\Windows\System\jIGrqjD.exe
  C:\Windows\System\jIGrqjD.exe
  2⤵
  PID:6196
- C:\Windows\System\IhItFBw.exe
  C:\Windows\System\IhItFBw.exe
  2⤵
  PID:6320
- C:\Windows\System\hQulsex.exe
  C:\Windows\System\hQulsex.exe
  2⤵
  PID:2160
- C:\Windows\System\QuEtIwl.exe
  C:\Windows\System\QuEtIwl.exe
  2⤵
  PID:6344
- C:\Windows\System\TYMcXpt.exe
  C:\Windows\System\TYMcXpt.exe
  2⤵
  PID:3448
- C:\Windows\System\cLTYUHc.exe
  C:\Windows\System\cLTYUHc.exe
  2⤵
  PID:6360
- C:\Windows\System\oQDQfdZ.exe
  C:\Windows\System\oQDQfdZ.exe
  2⤵
  PID:5228
- C:\Windows\System\HXgCthV.exe
  C:\Windows\System\HXgCthV.exe
  2⤵
  PID:4700
- C:\Windows\System\SXNSLZe.exe
  C:\Windows\System\SXNSLZe.exe
  2⤵
  PID:2956
- C:\Windows\System\dLQVNOU.exe
  C:\Windows\System\dLQVNOU.exe
  2⤵
  PID:5684
- C:\Windows\System\DyHXVKy.exe
  C:\Windows\System\DyHXVKy.exe
  2⤵
  PID:6180
- C:\Windows\System\onZycdj.exe
  C:\Windows\System\onZycdj.exe
  2⤵
  PID:6260
- C:\Windows\System\YzqxBTM.exe
  C:\Windows\System\YzqxBTM.exe
  2⤵
  PID:2376
- C:\Windows\System\JSuzsBR.exe
  C:\Windows\System\JSuzsBR.exe
  2⤵
  PID:5300
- C:\Windows\System\ByLNzMz.exe
  C:\Windows\System\ByLNzMz.exe
  2⤵
  PID:2648
- C:\Windows\System\iBfAoXC.exe
  C:\Windows\System\iBfAoXC.exe
  2⤵
  PID:6424
- C:\Windows\System\MjtWlFJ.exe
  C:\Windows\System\MjtWlFJ.exe
  2⤵
  PID:3000
- C:\Windows\System\FKQqpmv.exe
  C:\Windows\System\FKQqpmv.exe
  2⤵
  PID:6536
- C:\Windows\System\SdSqgaL.exe
  C:\Windows\System\SdSqgaL.exe
  2⤵
  PID:6604
- C:\Windows\System\hWNDjlg.exe
  C:\Windows\System\hWNDjlg.exe
  2⤵
  PID:6648
- C:\Windows\System\fDtrFYN.exe
  C:\Windows\System\fDtrFYN.exe
  2⤵
  PID:6716
- C:\Windows\System\jnIUBBc.exe
  C:\Windows\System\jnIUBBc.exe
  2⤵
  PID:6412
- C:\Windows\System\Jkrysbv.exe
  C:\Windows\System\Jkrysbv.exe
  2⤵
  PID:2856
- C:\Windows\System\SPSRsmd.exe
  C:\Windows\System\SPSRsmd.exe
  2⤵
  PID:6772
- C:\Windows\System\VxGsJOf.exe
  C:\Windows\System\VxGsJOf.exe
  2⤵
  PID:6548
- C:\Windows\System\UzMllSz.exe
  C:\Windows\System\UzMllSz.exe
  2⤵
  PID:6624
- C:\Windows\System\FittnmN.exe
  C:\Windows\System\FittnmN.exe
  2⤵
  PID:6700
- C:\Windows\System\TbuZlfa.exe
  C:\Windows\System\TbuZlfa.exe
  2⤵
  PID:6740
- C:\Windows\System\GOKJrPJ.exe
  C:\Windows\System\GOKJrPJ.exe
  2⤵
  PID:6760
- C:\Windows\System\mBqIxuS.exe
  C:\Windows\System\mBqIxuS.exe
  2⤵
  PID:6796
- C:\Windows\System\pTMFaIK.exe
  C:\Windows\System\pTMFaIK.exe
  2⤵
  PID:6836
- C:\Windows\System\bRKfpSA.exe
  C:\Windows\System\bRKfpSA.exe
  2⤵
  PID:6936
- C:\Windows\System\FjPSFqk.exe
  C:\Windows\System\FjPSFqk.exe
  2⤵
  PID:6848
- C:\Windows\System\SsttYOc.exe
  C:\Windows\System\SsttYOc.exe
  2⤵
  PID:6980
- C:\Windows\System\fDehCDG.exe
  C:\Windows\System\fDehCDG.exe
  2⤵
  PID:7072
- C:\Windows\System\FtURnyz.exe
  C:\Windows\System\FtURnyz.exe
  2⤵
  PID:7144
- C:\Windows\System\SeuoFVt.exe
  C:\Windows\System\SeuoFVt.exe
  2⤵
  PID:5168
- C:\Windows\System\YwcCaug.exe
  C:\Windows\System\YwcCaug.exe
  2⤵
  PID:6240
- C:\Windows\System\FZEEdWf.exe
  C:\Windows\System\FZEEdWf.exe
  2⤵
  PID:7016
- C:\Windows\System\IEYijza.exe
  C:\Windows\System\IEYijza.exe
  2⤵
  PID:6276
- C:\Windows\System\dQirusa.exe
  C:\Windows\System\dQirusa.exe
  2⤵
  PID:6312
- C:\Windows\System\HHqtOwG.exe
  C:\Windows\System\HHqtOwG.exe
  2⤵
  PID:6328
- C:\Windows\System\xSdHIbU.exe
  C:\Windows\System\xSdHIbU.exe
  2⤵
  PID:5180
- C:\Windows\System\FGxlXdy.exe
  C:\Windows\System\FGxlXdy.exe
  2⤵
  PID:6376
- C:\Windows\System\ahbPoUo.exe
  C:\Windows\System\ahbPoUo.exe
  2⤵
  PID:6028
- C:\Windows\System\beDBjCN.exe
  C:\Windows\System\beDBjCN.exe
  2⤵
  PID:2772
- C:\Windows\System\PIIQrWo.exe
  C:\Windows\System\PIIQrWo.exe
  2⤵
  PID:6640
- C:\Windows\System\mKnYmSp.exe
  C:\Windows\System\mKnYmSp.exe
  2⤵
  PID:6584
- C:\Windows\System\HFKwHFN.exe
  C:\Windows\System\HFKwHFN.exe
  2⤵
  PID:6736
- C:\Windows\System\WpmEGbU.exe
  C:\Windows\System\WpmEGbU.exe
  2⤵
  PID:7000
- C:\Windows\System\wbeRBkK.exe
  C:\Windows\System\wbeRBkK.exe
  2⤵
  PID:6952
- C:\Windows\System\BpPzIUh.exe
  C:\Windows\System\BpPzIUh.exe
  2⤵
  PID:7032
- C:\Windows\System\tqWywao.exe
  C:\Windows\System\tqWywao.exe
  2⤵
  PID:6488
- C:\Windows\System\awitxlZ.exe
  C:\Windows\System\awitxlZ.exe
  2⤵
  PID:6968
- C:\Windows\System\fuRRKyz.exe
  C:\Windows\System\fuRRKyz.exe
  2⤵
  PID:4244
- C:\Windows\System\hKwMmzt.exe
  C:\Windows\System\hKwMmzt.exe
  2⤵
  PID:6176
- C:\Windows\System\crlTXXm.exe
  C:\Windows\System\crlTXXm.exe
  2⤵
  PID:6464
- C:\Windows\System\hLlfHds.exe
  C:\Windows\System\hLlfHds.exe
  2⤵
  PID:6684
- C:\Windows\System\LJsFPAE.exe
  C:\Windows\System\LJsFPAE.exe
  2⤵
  PID:1440
- C:\Windows\System\JBibIpp.exe
  C:\Windows\System\JBibIpp.exe
  2⤵
  PID:6756
- C:\Windows\System\dxUaqtY.exe
  C:\Windows\System\dxUaqtY.exe
  2⤵
  PID:6816
- C:\Windows\System\vjFHKyw.exe
  C:\Windows\System\vjFHKyw.exe
  2⤵
  PID:6880
- C:\Windows\System\VFTaCvt.exe
  C:\Windows\System\VFTaCvt.exe
  2⤵
  PID:7132
- C:\Windows\System\FtzoKFl.exe
  C:\Windows\System\FtzoKFl.exe
  2⤵
  PID:6340
- C:\Windows\System\bwyKZlT.exe
  C:\Windows\System\bwyKZlT.exe
  2⤵
  PID:7152
- C:\Windows\System\YfBuZdL.exe
  C:\Windows\System\YfBuZdL.exe
  2⤵
  PID:2768
- C:\Windows\System\KtGxWmt.exe
  C:\Windows\System\KtGxWmt.exe
  2⤵
  PID:6724
- C:\Windows\System\knXEaCG.exe
  C:\Windows\System\knXEaCG.exe
  2⤵
  PID:6532
- C:\Windows\System\XBmNKlY.exe
  C:\Windows\System\XBmNKlY.exe
  2⤵
  PID:532
- C:\Windows\System\bmlscPl.exe
  C:\Windows\System\bmlscPl.exe
  2⤵
  PID:6908
- C:\Windows\System\FdxXnMO.exe
  C:\Windows\System\FdxXnMO.exe
  2⤵
  PID:1604
- C:\Windows\System\QQsktSA.exe
  C:\Windows\System\QQsktSA.exe
  2⤵
  PID:2752
- C:\Windows\System\DtCdJKS.exe
  C:\Windows\System\DtCdJKS.exe
  2⤵
  PID:6784
- C:\Windows\System\EcrmCvB.exe
  C:\Windows\System\EcrmCvB.exe
  2⤵
  PID:7040
- C:\Windows\System\XNDUZym.exe
  C:\Windows\System\XNDUZym.exe
  2⤵
  PID:6256
- C:\Windows\System\nPEqYrY.exe
  C:\Windows\System\nPEqYrY.exe
  2⤵
  PID:6296
- C:\Windows\System\yjKdsgI.exe
  C:\Windows\System\yjKdsgI.exe
  2⤵
  PID:6520
- C:\Windows\System\RXsbzqK.exe
  C:\Windows\System\RXsbzqK.exe
  2⤵
  PID:6236
- C:\Windows\System\xKCTIDe.exe
  C:\Windows\System\xKCTIDe.exe
  2⤵
  PID:7056
- C:\Windows\System\cNuRrhU.exe
  C:\Windows\System\cNuRrhU.exe
  2⤵
  PID:2640
- C:\Windows\System\jiZODSp.exe
  C:\Windows\System\jiZODSp.exe
  2⤵
  PID:1076
- C:\Windows\System\HxMpsit.exe
  C:\Windows\System\HxMpsit.exe
  2⤵
  PID:3068
- C:\Windows\System\iGCqytX.exe
  C:\Windows\System\iGCqytX.exe
  2⤵
  PID:6924
- C:\Windows\System\CebBrQk.exe
  C:\Windows\System\CebBrQk.exe
  2⤵
  PID:6356
- C:\Windows\System\PhtcBDq.exe
  C:\Windows\System\PhtcBDq.exe
  2⤵
  PID:5680
- C:\Windows\System\WPHhdaF.exe
  C:\Windows\System\WPHhdaF.exe
  2⤵
  PID:6620
- C:\Windows\System\OhCRNca.exe
  C:\Windows\System\OhCRNca.exe
  2⤵
  PID:6480
- C:\Windows\System\RtQROPM.exe
  C:\Windows\System\RtQROPM.exe
  2⤵
  PID:2740
- C:\Windows\System\UaSDexH.exe
  C:\Windows\System\UaSDexH.exe
  2⤵
  PID:7128
- C:\Windows\System\VmLsOPA.exe
  C:\Windows\System\VmLsOPA.exe
  2⤵
  PID:6920
- C:\Windows\System\lWJjTSm.exe
  C:\Windows\System\lWJjTSm.exe
  2⤵
  PID:6660
- C:\Windows\System\bhvzCGJ.exe
  C:\Windows\System\bhvzCGJ.exe
  2⤵
  PID:5924
- C:\Windows\System\AynSMlc.exe
  C:\Windows\System\AynSMlc.exe
  2⤵
  PID:5308
- C:\Windows\System\OMzWhLW.exe
  C:\Windows\System\OMzWhLW.exe
  2⤵
  PID:7012
- C:\Windows\System\aFKBRnM.exe
  C:\Windows\System\aFKBRnM.exe
  2⤵
  PID:7036
- C:\Windows\System\SxCtdbh.exe
  C:\Windows\System\SxCtdbh.exe
  2⤵
  PID:6460
- C:\Windows\System\YlRkxzW.exe
  C:\Windows\System\YlRkxzW.exe
  2⤵
  PID:6380
- C:\Windows\System\kffUDgU.exe
  C:\Windows\System\kffUDgU.exe
  2⤵
  PID:7172
- C:\Windows\System\zhYbIfw.exe
  C:\Windows\System\zhYbIfw.exe
  2⤵
  PID:7192
- C:\Windows\System\euPEcxR.exe
  C:\Windows\System\euPEcxR.exe
  2⤵
  PID:7224
- C:\Windows\System\yKLAxJb.exe
  C:\Windows\System\yKLAxJb.exe
  2⤵
  PID:7240
- C:\Windows\System\ZbCiIkd.exe
  C:\Windows\System\ZbCiIkd.exe
  2⤵
  PID:7256
- C:\Windows\System\UYaVoXJ.exe
  C:\Windows\System\UYaVoXJ.exe
  2⤵
  PID:7272
- C:\Windows\System\jmEiqCG.exe
  C:\Windows\System\jmEiqCG.exe
  2⤵
  PID:7292
- C:\Windows\System\HSbUTXf.exe
  C:\Windows\System\HSbUTXf.exe
  2⤵
  PID:7312
- C:\Windows\System\qrrdNpH.exe
  C:\Windows\System\qrrdNpH.exe
  2⤵
  PID:7328
- C:\Windows\System\vdIEuMB.exe
  C:\Windows\System\vdIEuMB.exe
  2⤵
  PID:7344
- C:\Windows\System\fzWLrqx.exe
  C:\Windows\System\fzWLrqx.exe
  2⤵
  PID:7368
- C:\Windows\System\PGHhPfC.exe
  C:\Windows\System\PGHhPfC.exe
  2⤵
  PID:7388
- C:\Windows\System\mZbvaJV.exe
  C:\Windows\System\mZbvaJV.exe
  2⤵
  PID:7404
- C:\Windows\System\jgJuFaG.exe
  C:\Windows\System\jgJuFaG.exe
  2⤵
  PID:7420
- C:\Windows\System\wxMxivi.exe
  C:\Windows\System\wxMxivi.exe
  2⤵
  PID:7440
- C:\Windows\System\RyjHeNM.exe
  C:\Windows\System\RyjHeNM.exe
  2⤵
  PID:7460
- C:\Windows\System\fdbYYps.exe
  C:\Windows\System\fdbYYps.exe
  2⤵
  PID:7484
- C:\Windows\System\DuvELiq.exe
  C:\Windows\System\DuvELiq.exe
  2⤵
  PID:7504
- C:\Windows\System\gFVyrBa.exe
  C:\Windows\System\gFVyrBa.exe
  2⤵
  PID:7528
- C:\Windows\System\KPuDWNi.exe
  C:\Windows\System\KPuDWNi.exe
  2⤵
  PID:7556
- C:\Windows\System\vklDjuo.exe
  C:\Windows\System\vklDjuo.exe
  2⤵
  PID:7572
- C:\Windows\System\CgBiaZj.exe
  C:\Windows\System\CgBiaZj.exe
  2⤵
  PID:7588
- C:\Windows\System\vVQuAzJ.exe
  C:\Windows\System\vVQuAzJ.exe
  2⤵
  PID:7612
- C:\Windows\System\QjxCVvf.exe
  C:\Windows\System\QjxCVvf.exe
  2⤵
  PID:7644
- C:\Windows\System\iOzmKfF.exe
  C:\Windows\System\iOzmKfF.exe
  2⤵
  PID:7660
- C:\Windows\System\oRQHldf.exe
  C:\Windows\System\oRQHldf.exe
  2⤵
  PID:7680
- C:\Windows\System\cxBkduz.exe
  C:\Windows\System\cxBkduz.exe
  2⤵
  PID:7696
- C:\Windows\System\CuWMhWc.exe
  C:\Windows\System\CuWMhWc.exe
  2⤵
  PID:7712
- C:\Windows\System\XwcIalX.exe
  C:\Windows\System\XwcIalX.exe
  2⤵
  PID:7736
- C:\Windows\System\yODVbGe.exe
  C:\Windows\System\yODVbGe.exe
  2⤵
  PID:7752
- C:\Windows\System\HdjykqC.exe
  C:\Windows\System\HdjykqC.exe
  2⤵
  PID:7772
- C:\Windows\System\dbBzNlX.exe
  C:\Windows\System\dbBzNlX.exe
  2⤵
  PID:7788
- C:\Windows\System\AbsGYJt.exe
  C:\Windows\System\AbsGYJt.exe
  2⤵
  PID:7828
- C:\Windows\System\ytZRZdz.exe
  C:\Windows\System\ytZRZdz.exe
  2⤵
  PID:7844
- C:\Windows\System\joyQVOs.exe
  C:\Windows\System\joyQVOs.exe
  2⤵
  PID:7860
- C:\Windows\System\jAOhbNS.exe
  C:\Windows\System\jAOhbNS.exe
  2⤵
  PID:7880
- C:\Windows\System\lBigsqW.exe
  C:\Windows\System\lBigsqW.exe
  2⤵
  PID:7900
- C:\Windows\System\TJEZiXK.exe
  C:\Windows\System\TJEZiXK.exe
  2⤵
  PID:7920
- C:\Windows\System\yDtafQG.exe
  C:\Windows\System\yDtafQG.exe
  2⤵
  PID:7936
- C:\Windows\System\eCHGbWF.exe
  C:\Windows\System\eCHGbWF.exe
  2⤵
  PID:7952
- C:\Windows\System\zELJWAZ.exe
  C:\Windows\System\zELJWAZ.exe
  2⤵
  PID:7972
- C:\Windows\System\FJCqBlA.exe
  C:\Windows\System\FJCqBlA.exe
  2⤵
  PID:7996
- C:\Windows\System\VXTbYfC.exe
  C:\Windows\System\VXTbYfC.exe
  2⤵
  PID:8012
- C:\Windows\System\ZivVDwE.exe
  C:\Windows\System\ZivVDwE.exe
  2⤵
  PID:8028
- C:\Windows\System\HtzUyoC.exe
  C:\Windows\System\HtzUyoC.exe
  2⤵
  PID:8044
- C:\Windows\System\JlmtcTU.exe
  C:\Windows\System\JlmtcTU.exe
  2⤵
  PID:8060
- C:\Windows\System\ufOaMCt.exe
  C:\Windows\System\ufOaMCt.exe
  2⤵
  PID:8100
- C:\Windows\System\MSNbyRi.exe
  C:\Windows\System\MSNbyRi.exe
  2⤵
  PID:8120
- C:\Windows\System\tLDnlSb.exe
  C:\Windows\System\tLDnlSb.exe
  2⤵
  PID:8144
- C:\Windows\System\wvyXwiV.exe
  C:\Windows\System\wvyXwiV.exe
  2⤵
  PID:8164
- C:\Windows\System\yetgwyS.exe
  C:\Windows\System\yetgwyS.exe
  2⤵
  PID:8184
- C:\Windows\System\BJEFgiT.exe
  C:\Windows\System\BJEFgiT.exe
  2⤵
  PID:7200
- C:\Windows\System\sDhjeEc.exe
  C:\Windows\System\sDhjeEc.exe
  2⤵
  PID:7212
- C:\Windows\System\cQWfpZU.exe
  C:\Windows\System\cQWfpZU.exe
  2⤵
  PID:6600
- C:\Windows\System\heJITRl.exe
  C:\Windows\System\heJITRl.exe
  2⤵
  PID:7216
- C:\Windows\System\lWOjuqF.exe
  C:\Windows\System\lWOjuqF.exe
  2⤵
  PID:7252
- C:\Windows\System\oAcXuNR.exe
  C:\Windows\System\oAcXuNR.exe
  2⤵
  PID:7320
- C:\Windows\System\YqpCAod.exe
  C:\Windows\System\YqpCAod.exe
  2⤵
  PID:7360
- C:\Windows\System\JvoODmm.exe
  C:\Windows\System\JvoODmm.exe
  2⤵
  PID:7400
- C:\Windows\System\zsSVTEl.exe
  C:\Windows\System\zsSVTEl.exe
  2⤵
  PID:7472
- C:\Windows\System\RvLZJWw.exe
  C:\Windows\System\RvLZJWw.exe
  2⤵
  PID:7452
- C:\Windows\System\nANHHCF.exe
  C:\Windows\System\nANHHCF.exe
  2⤵
  PID:7456
- C:\Windows\System\RgNTnUt.exe
  C:\Windows\System\RgNTnUt.exe
  2⤵
  PID:7384
- C:\Windows\System\OGqDJTK.exe
  C:\Windows\System\OGqDJTK.exe
  2⤵
  PID:7500
- C:\Windows\System\ukvBlyQ.exe
  C:\Windows\System\ukvBlyQ.exe
  2⤵
  PID:1508
- C:\Windows\System\KgFPYYV.exe
  C:\Windows\System\KgFPYYV.exe
  2⤵
  PID:7584
- C:\Windows\System\qLpsNyM.exe
  C:\Windows\System\qLpsNyM.exe
  2⤵
  PID:7604
- C:\Windows\System\eYpAEJF.exe
  C:\Windows\System\eYpAEJF.exe
  2⤵
  PID:7620
- C:\Windows\System\gDTzXkk.exe
  C:\Windows\System\gDTzXkk.exe
  2⤵
  PID:7724
- C:\Windows\System\kAyFSoj.exe
  C:\Windows\System\kAyFSoj.exe
  2⤵
  PID:7640
- C:\Windows\System\DmKRMGa.exe
  C:\Windows\System\DmKRMGa.exe
  2⤵
  PID:7704
- C:\Windows\System\ETABDkq.exe
  C:\Windows\System\ETABDkq.exe
  2⤵
  PID:7796
- C:\Windows\System\CKHcGmS.exe
  C:\Windows\System\CKHcGmS.exe
  2⤵
  PID:7816
- C:\Windows\System\vIzbIID.exe
  C:\Windows\System\vIzbIID.exe
  2⤵
  PID:7784
- C:\Windows\System\oCPOfBH.exe
  C:\Windows\System\oCPOfBH.exe
  2⤵
  PID:7888
- C:\Windows\System\EieOcRU.exe
  C:\Windows\System\EieOcRU.exe
  2⤵
  PID:7932
- C:\Windows\System\UFMjqff.exe
  C:\Windows\System\UFMjqff.exe
  2⤵
  PID:8008
- C:\Windows\System\DKFMPCv.exe
  C:\Windows\System\DKFMPCv.exe
  2⤵
  PID:7984
- C:\Windows\System\yXDNYFr.exe
  C:\Windows\System\yXDNYFr.exe
  2⤵
  PID:7992
- C:\Windows\System\NEFONOE.exe
  C:\Windows\System\NEFONOE.exe
  2⤵
  PID:7944
- C:\Windows\System\TnKIFDw.exe
  C:\Windows\System\TnKIFDw.exe
  2⤵
  PID:8056
- C:\Windows\System\EwtLxGG.exe
  C:\Windows\System\EwtLxGG.exe
  2⤵
  PID:8080
- C:\Windows\System\hxfRKrN.exe
  C:\Windows\System\hxfRKrN.exe
  2⤵
  PID:8128
- C:\Windows\System\fqTvKEC.exe
  C:\Windows\System\fqTvKEC.exe
  2⤵
  PID:8176
- C:\Windows\System\tcbFmOc.exe
  C:\Windows\System\tcbFmOc.exe
  2⤵
  PID:8152
- C:\Windows\System\GwCWlkz.exe
  C:\Windows\System\GwCWlkz.exe
  2⤵
  PID:8116
- C:\Windows\System\VzpXESt.exe
  C:\Windows\System\VzpXESt.exe
  2⤵
  PID:7264
- C:\Windows\System\SMtvUKm.exe
  C:\Windows\System\SMtvUKm.exe
  2⤵
  PID:5324
- C:\Windows\System\RfTXPRG.exe
  C:\Windows\System\RfTXPRG.exe
  2⤵
  PID:7352
- C:\Windows\System\cqgDgwS.exe
  C:\Windows\System\cqgDgwS.exe
  2⤵
  PID:7340
- C:\Windows\System\ltXlaen.exe
  C:\Windows\System\ltXlaen.exe
  2⤵
  PID:1360
- C:\Windows\System\HludQbQ.exe
  C:\Windows\System\HludQbQ.exe
  2⤵
  PID:7248
- C:\Windows\System\paWurbI.exe
  C:\Windows\System\paWurbI.exe
  2⤵
  PID:7432
- C:\Windows\System\XsxLyFb.exe
  C:\Windows\System\XsxLyFb.exe
  2⤵
  PID:7568
- C:\Windows\System\PnIvoPF.exe
  C:\Windows\System\PnIvoPF.exe
  2⤵
  PID:7496
- C:\Windows\System\TSpAZgS.exe
  C:\Windows\System\TSpAZgS.exe
  2⤵
  PID:7672
- C:\Windows\System\dhhdZJP.exe
  C:\Windows\System\dhhdZJP.exe
  2⤵
  PID:7580
- C:\Windows\System\wukDBZS.exe
  C:\Windows\System\wukDBZS.exe
  2⤵
  PID:7852
- C:\Windows\System\wehZMgA.exe
  C:\Windows\System\wehZMgA.exe
  2⤵
  PID:7632
- C:\Windows\System\YCYVXtg.exe
  C:\Windows\System\YCYVXtg.exe
  2⤵
  PID:7636
- C:\Windows\System\qYjiJXy.exe
  C:\Windows\System\qYjiJXy.exe
  2⤵
  PID:7872
- C:\Windows\System\oGYbraG.exe
  C:\Windows\System\oGYbraG.exe
  2⤵
  PID:7840
- C:\Windows\System\wcrqYRb.exe
  C:\Windows\System\wcrqYRb.exe
  2⤵
  PID:7908
- C:\Windows\System\UUgQfUg.exe
  C:\Windows\System\UUgQfUg.exe
  2⤵
  PID:6832
- C:\Windows\System\yldMgRE.exe
  C:\Windows\System\yldMgRE.exe
  2⤵
  PID:8160
- C:\Windows\System\rcRoquf.exe
  C:\Windows\System\rcRoquf.exe
  2⤵
  PID:7184
- C:\Windows\System\BfZFRRL.exe
  C:\Windows\System\BfZFRRL.exe
  2⤵
  PID:5280
- C:\Windows\System\cniooNH.exe
  C:\Windows\System\cniooNH.exe
  2⤵
  PID:7512
- C:\Windows\System\oyVrihv.exe
  C:\Windows\System\oyVrihv.exe
  2⤵
  PID:8136
- C:\Windows\System\SeMOOLR.exe
  C:\Windows\System\SeMOOLR.exe
  2⤵
  PID:8108
- C:\Windows\System\xnTdLoJ.exe
  C:\Windows\System\xnTdLoJ.exe
  2⤵
  PID:2880
- C:\Windows\System\sRwxKeZ.exe
  C:\Windows\System\sRwxKeZ.exe
  2⤵
  PID:7808
- C:\Windows\System\oKuTxaN.exe
  C:\Windows\System\oKuTxaN.exe
  2⤵
  PID:7768
- C:\Windows\System\lvdxOJJ.exe
  C:\Windows\System\lvdxOJJ.exe
  2⤵
  PID:7656
- C:\Windows\System\dKONKJO.exe
  C:\Windows\System\dKONKJO.exe
  2⤵
  PID:8024
- C:\Windows\System\aWbxFtY.exe
  C:\Windows\System\aWbxFtY.exe
  2⤵
  PID:8052
- C:\Windows\System\kvrKLQJ.exe
  C:\Windows\System\kvrKLQJ.exe
  2⤵
  PID:7300
- C:\Windows\System\mNsQLWd.exe
  C:\Windows\System\mNsQLWd.exe
  2⤵
  PID:7728
- C:\Windows\System\Wtvejrr.exe
  C:\Windows\System\Wtvejrr.exe
  2⤵
  PID:7448
- C:\Windows\System\cjWNIiE.exe
  C:\Windows\System\cjWNIiE.exe
  2⤵
  PID:7236
- C:\Windows\System\CMzAUDZ.exe
  C:\Windows\System\CMzAUDZ.exe
  2⤵
  PID:7968
- C:\Windows\System\pfpuVEq.exe
  C:\Windows\System\pfpuVEq.exe
  2⤵
  PID:2896
- C:\Windows\System\axQuNdR.exe
  C:\Windows\System\axQuNdR.exe
  2⤵
  PID:6160
- C:\Windows\System\DteYMSj.exe
  C:\Windows\System\DteYMSj.exe
  2⤵
  PID:7916
- C:\Windows\System\jXTmWDj.exe
  C:\Windows\System\jXTmWDj.exe
  2⤵
  PID:1284
- C:\Windows\System\pKtVvRx.exe
  C:\Windows\System\pKtVvRx.exe
  2⤵
  PID:7856
- C:\Windows\System\thpfQBg.exe
  C:\Windows\System\thpfQBg.exe
  2⤵
  PID:7688
- C:\Windows\System\TDEjlIn.exe
  C:\Windows\System\TDEjlIn.exe
  2⤵
  PID:8172
- C:\Windows\System\NXAGygA.exe
  C:\Windows\System\NXAGygA.exe
  2⤵
  PID:7376
- C:\Windows\System\vDiPcgX.exe
  C:\Windows\System\vDiPcgX.exe
  2⤵
  PID:8200
- C:\Windows\System\wMgmbJR.exe
  C:\Windows\System\wMgmbJR.exe
  2⤵
  PID:8216
- C:\Windows\System\LBeHlxS.exe
  C:\Windows\System\LBeHlxS.exe
  2⤵
  PID:8232
- C:\Windows\System\qKQdDao.exe
  C:\Windows\System\qKQdDao.exe
  2⤵
  PID:8248
- C:\Windows\System\UfHbDpF.exe
  C:\Windows\System\UfHbDpF.exe
  2⤵
  PID:8264
- C:\Windows\System\YFZTEiB.exe
  C:\Windows\System\YFZTEiB.exe
  2⤵
  PID:8280
- C:\Windows\System\fpYQBjT.exe
  C:\Windows\System\fpYQBjT.exe
  2⤵
  PID:8296
- C:\Windows\System\OGLqiHS.exe
  C:\Windows\System\OGLqiHS.exe
  2⤵
  PID:8312
- C:\Windows\System\BEWiYuH.exe
  C:\Windows\System\BEWiYuH.exe
  2⤵
  PID:8328
- C:\Windows\System\zYnHcfG.exe
  C:\Windows\System\zYnHcfG.exe
  2⤵
  PID:8344
- C:\Windows\System\GItzRsF.exe
  C:\Windows\System\GItzRsF.exe
  2⤵
  PID:8368
- C:\Windows\System\gsIYqGv.exe
  C:\Windows\System\gsIYqGv.exe
  2⤵
  PID:8384
- C:\Windows\System\ICqMaWR.exe
  C:\Windows\System\ICqMaWR.exe
  2⤵
  PID:8400
- C:\Windows\System\BmrotfU.exe
  C:\Windows\System\BmrotfU.exe
  2⤵
  PID:8420
- C:\Windows\System\BxSbBuW.exe
  C:\Windows\System\BxSbBuW.exe
  2⤵
  PID:8448
- C:\Windows\System\ZkXqJKQ.exe
  C:\Windows\System\ZkXqJKQ.exe
  2⤵
  PID:8468
- C:\Windows\System\pTyMIsd.exe
  C:\Windows\System\pTyMIsd.exe
  2⤵
  PID:8488
- C:\Windows\System\BeAaSUt.exe
  C:\Windows\System\BeAaSUt.exe
  2⤵
  PID:8508
- C:\Windows\System\yzNTJrf.exe
  C:\Windows\System\yzNTJrf.exe
  2⤵
  PID:8524
- C:\Windows\System\foIdmIN.exe
  C:\Windows\System\foIdmIN.exe
  2⤵
  PID:8580
- C:\Windows\System\eSBkSDj.exe
  C:\Windows\System\eSBkSDj.exe
  2⤵
  PID:8704
- C:\Windows\System\wTwTHiQ.exe
  C:\Windows\System\wTwTHiQ.exe
  2⤵
  PID:8720
- C:\Windows\System\vloJMOG.exe
  C:\Windows\System\vloJMOG.exe
  2⤵
  PID:8740
- C:\Windows\System\cioIiLa.exe
  C:\Windows\System\cioIiLa.exe
  2⤵
  PID:8756
- C:\Windows\System\WOkortw.exe
  C:\Windows\System\WOkortw.exe
  2⤵
  PID:8772
- C:\Windows\System\eNlcZkw.exe
  C:\Windows\System\eNlcZkw.exe
  2⤵
  PID:8788
- C:\Windows\System\BXDZMbr.exe
  C:\Windows\System\BXDZMbr.exe
  2⤵
  PID:8804
- C:\Windows\System\CXIZcUS.exe
  C:\Windows\System\CXIZcUS.exe
  2⤵
  PID:8820
- C:\Windows\System\mRphvon.exe
  C:\Windows\System\mRphvon.exe
  2⤵
  PID:8868
- C:\Windows\System\jSvvCoV.exe
  C:\Windows\System\jSvvCoV.exe
  2⤵
  PID:8884
- C:\Windows\System\vOTXigW.exe
  C:\Windows\System\vOTXigW.exe
  2⤵
  PID:8908
- C:\Windows\System\XJrjtOY.exe
  C:\Windows\System\XJrjtOY.exe
  2⤵
  PID:8928
- C:\Windows\System\JjjXhMX.exe
  C:\Windows\System\JjjXhMX.exe
  2⤵
  PID:8944
- C:\Windows\System\DPrHIoO.exe
  C:\Windows\System\DPrHIoO.exe
  2⤵
  PID:8960
- C:\Windows\System\FNTnlZV.exe
  C:\Windows\System\FNTnlZV.exe
  2⤵
  PID:8976
- C:\Windows\System\hEQtTDf.exe
  C:\Windows\System\hEQtTDf.exe
  2⤵
  PID:8992
- C:\Windows\System\fmbXflB.exe
  C:\Windows\System\fmbXflB.exe
  2⤵
  PID:9008
- C:\Windows\System\LEsmkPo.exe
  C:\Windows\System\LEsmkPo.exe
  2⤵
  PID:9040
- C:\Windows\System\xmIcGUS.exe
  C:\Windows\System\xmIcGUS.exe
  2⤵
  PID:9056
- C:\Windows\System\zNliOun.exe
  C:\Windows\System\zNliOun.exe
  2⤵
  PID:9080
- C:\Windows\System\HEncIpc.exe
  C:\Windows\System\HEncIpc.exe
  2⤵
  PID:9100
- C:\Windows\System\kLPkGCM.exe
  C:\Windows\System\kLPkGCM.exe
  2⤵
  PID:9116
- C:\Windows\System\lyfKrqG.exe
  C:\Windows\System\lyfKrqG.exe
  2⤵
  PID:9136
- C:\Windows\System\IgzCqPp.exe
  C:\Windows\System\IgzCqPp.exe
  2⤵
  PID:9152
- C:\Windows\System\bawyrHO.exe
  C:\Windows\System\bawyrHO.exe
  2⤵
  PID:9172
- C:\Windows\System\wKOcRqG.exe
  C:\Windows\System\wKOcRqG.exe
  2⤵
  PID:9188
- C:\Windows\System\TlygyFa.exe
  C:\Windows\System\TlygyFa.exe
  2⤵
  PID:9204
- C:\Windows\System\MAEjIaP.exe
  C:\Windows\System\MAEjIaP.exe
  2⤵
  PID:8304
- C:\Windows\System\AUztWzG.exe
  C:\Windows\System\AUztWzG.exe
  2⤵
  PID:8376
- C:\Windows\System\aXvuMnj.exe
  C:\Windows\System\aXvuMnj.exe
  2⤵
  PID:8456
- C:\Windows\System\VapQpoE.exe
  C:\Windows\System\VapQpoE.exe
  2⤵
  PID:8500
- C:\Windows\System\ugEKFDs.exe
  C:\Windows\System\ugEKFDs.exe
  2⤵
  PID:7804
- C:\Windows\System\wYIdYvX.exe
  C:\Windows\System\wYIdYvX.exe
  2⤵
  PID:7628
- C:\Windows\System\PivMVpo.exe
  C:\Windows\System\PivMVpo.exe
  2⤵
  PID:8476
- C:\Windows\System\qolzSzR.exe
  C:\Windows\System\qolzSzR.exe
  2⤵
  PID:8256
- C:\Windows\System\GnftdpJ.exe
  C:\Windows\System\GnftdpJ.exe
  2⤵
  PID:8324
- C:\Windows\System\wMFzSXE.exe
  C:\Windows\System\wMFzSXE.exe
  2⤵
  PID:8392
- C:\Windows\System\BnTXkap.exe
  C:\Windows\System\BnTXkap.exe
  2⤵
  PID:8480
- C:\Windows\System\LvAicxY.exe
  C:\Windows\System\LvAicxY.exe
  2⤵
  PID:8520
- C:\Windows\System\TODLQWY.exe
  C:\Windows\System\TODLQWY.exe
  2⤵
  PID:7876
- C:\Windows\System\EJHyCkl.exe
  C:\Windows\System\EJHyCkl.exe
  2⤵
  PID:8568
- C:\Windows\System\CAvbQqv.exe
  C:\Windows\System\CAvbQqv.exe
  2⤵
  PID:8588
- C:\Windows\System\mVEIPUO.exe
  C:\Windows\System\mVEIPUO.exe
  2⤵
  PID:936
- C:\Windows\System\psfVWeX.exe
  C:\Windows\System\psfVWeX.exe
  2⤵
  PID:8620
- C:\Windows\System\geXFQia.exe
  C:\Windows\System\geXFQia.exe
  2⤵
  PID:8636
- C:\Windows\System\BmONBio.exe
  C:\Windows\System\BmONBio.exe
  2⤵
  PID:8652
- C:\Windows\System\FrnthRM.exe
  C:\Windows\System\FrnthRM.exe
  2⤵
  PID:8684
- C:\Windows\System\GVAZPSG.exe
  C:\Windows\System\GVAZPSG.exe
  2⤵
  PID:8688
- C:\Windows\System\dcTuqKS.exe
  C:\Windows\System\dcTuqKS.exe
  2⤵
  PID:8712
- C:\Windows\System\VNOwjSc.exe
  C:\Windows\System\VNOwjSc.exe
  2⤵
  PID:8848
- C:\Windows\System\lDsMPoZ.exe
  C:\Windows\System\lDsMPoZ.exe
  2⤵
  PID:8852
- C:\Windows\System\uNyrIMV.exe
  C:\Windows\System\uNyrIMV.exe
  2⤵
  PID:8876
- C:\Windows\System\PQQvPGB.exe
  C:\Windows\System\PQQvPGB.exe
  2⤵
  PID:8900
- C:\Windows\System\tmmAiqC.exe
  C:\Windows\System\tmmAiqC.exe
  2⤵
  PID:8860
- C:\Windows\System\wUXuUDO.exe
  C:\Windows\System\wUXuUDO.exe
  2⤵
  PID:8972
- C:\Windows\System\TgjFbsc.exe
  C:\Windows\System\TgjFbsc.exe
  2⤵
  PID:8984
- C:\Windows\System\qFQoFCe.exe
  C:\Windows\System\qFQoFCe.exe
  2⤵
  PID:9032
- C:\Windows\System\dLdeodY.exe
  C:\Windows\System\dLdeodY.exe
  2⤵
  PID:9068
- C:\Windows\System\XbOcZsN.exe
  C:\Windows\System\XbOcZsN.exe
  2⤵
  PID:9048
- C:\Windows\System\WLpbbMT.exe
  C:\Windows\System\WLpbbMT.exe
  2⤵
  PID:9148
- C:\Windows\System\rOyecRB.exe
  C:\Windows\System\rOyecRB.exe
  2⤵
  PID:9180
- C:\Windows\System\guhorrz.exe
  C:\Windows\System\guhorrz.exe
  2⤵
  PID:9128
- C:\Windows\System\YumuLCT.exe
  C:\Windows\System\YumuLCT.exe
  2⤵
  PID:9200
- C:\Windows\System\vhSOeLt.exe
  C:\Windows\System\vhSOeLt.exe
  2⤵
  PID:7544
- C:\Windows\System\ECpOWLW.exe
  C:\Windows\System\ECpOWLW.exe
  2⤵
  PID:8240
- C:\Windows\System\XxgiZqD.exe
  C:\Windows\System\XxgiZqD.exe
  2⤵
  PID:8364
- C:\Windows\System\PNLUMFr.exe
  C:\Windows\System\PNLUMFr.exe
  2⤵
  PID:8416
- C:\Windows\System\EXnVwVa.exe
  C:\Windows\System\EXnVwVa.exe
  2⤵
  PID:7468
- C:\Windows\System\zjnJzVP.exe
  C:\Windows\System\zjnJzVP.exe
  2⤵
  PID:8432
- C:\Windows\System\kqvsHnT.exe
  C:\Windows\System\kqvsHnT.exe
  2⤵
  PID:7552
- C:\Windows\System\wmOhoQi.exe
  C:\Windows\System\wmOhoQi.exe
  2⤵
  PID:8224
- C:\Windows\System\eRJNSul.exe
  C:\Windows\System\eRJNSul.exe
  2⤵
  PID:8616
- C:\Windows\System\gQWVLLD.exe
  C:\Windows\System\gQWVLLD.exe
  2⤵
  PID:8696
- C:\Windows\System\owfifZI.exe
  C:\Windows\System\owfifZI.exe
  2⤵
  PID:8748
- C:\Windows\System\hJKzETg.exe
  C:\Windows\System\hJKzETg.exe
  2⤵
  PID:8736
- C:\Windows\System\RLKAkml.exe
  C:\Windows\System\RLKAkml.exe
  2⤵
  PID:8784
- C:\Windows\System\ksZbuJt.exe
  C:\Windows\System\ksZbuJt.exe
  2⤵
  PID:8844
- C:\Windows\System\aZEiFbm.exe
  C:\Windows\System\aZEiFbm.exe
  2⤵
  PID:8952
- C:\Windows\System\nrTcHle.exe
  C:\Windows\System\nrTcHle.exe
  2⤵
  PID:9112
- C:\Windows\System\aDQhCUC.exe
  C:\Windows\System\aDQhCUC.exe
  2⤵
  PID:9092
- C:\Windows\System\CYDXSJg.exe
  C:\Windows\System\CYDXSJg.exe
  2⤵
  PID:8272
- C:\Windows\System\bVeVahZ.exe
  C:\Windows\System\bVeVahZ.exe
  2⤵
  PID:7220
- C:\Windows\System\YAYwnad.exe
  C:\Windows\System\YAYwnad.exe
  2⤵
  PID:8276
- C:\Windows\System\YXSnJHu.exe
  C:\Windows\System\YXSnJHu.exe
  2⤵
  PID:8892
- C:\Windows\System\JcdxqqK.exe
  C:\Windows\System\JcdxqqK.exe
  2⤵
  PID:9028
- C:\Windows\System\dggwYgY.exe
  C:\Windows\System\dggwYgY.exe
  2⤵
  PID:9164
- C:\Windows\System\lHZztjF.exe
  C:\Windows\System\lHZztjF.exe
  2⤵
  PID:8340
- C:\Windows\System\uBQGEsd.exe
  C:\Windows\System\uBQGEsd.exe
  2⤵
  PID:8292
- C:\Windows\System\RzOlDrT.exe
  C:\Windows\System\RzOlDrT.exe
  2⤵
  PID:9160
- C:\Windows\System\EaHOqQS.exe
  C:\Windows\System\EaHOqQS.exe
  2⤵
  PID:8228
- C:\Windows\System\ogxQzGg.exe
  C:\Windows\System\ogxQzGg.exe
  2⤵
  PID:8656
- C:\Windows\System\YsrSxno.exe
  C:\Windows\System\YsrSxno.exe
  2⤵
  PID:8600
- C:\Windows\System\CpOtqGB.exe
  C:\Windows\System\CpOtqGB.exe
  2⤵
  PID:8664
- C:\Windows\System\ibglHHq.exe
  C:\Windows\System\ibglHHq.exe
  2⤵
  PID:8728
- C:\Windows\System\MBALUbM.exe
  C:\Windows\System\MBALUbM.exe
  2⤵
  PID:8812
- C:\Windows\System\sABUYUg.exe
  C:\Windows\System\sABUYUg.exe
  2⤵
  PID:8536
- C:\Windows\System\QFtozFs.exe
  C:\Windows\System\QFtozFs.exe
  2⤵
  PID:8920
- C:\Windows\System\NBYQiyk.exe
  C:\Windows\System\NBYQiyk.exe
  2⤵
  PID:8496
- C:\Windows\System\XRXHMHE.exe
  C:\Windows\System\XRXHMHE.exe
  2⤵
  PID:8968
- C:\Windows\System\SjEUkrt.exe
  C:\Windows\System\SjEUkrt.exe
  2⤵
  PID:9184
- C:\Windows\System\mUweJrA.exe
  C:\Windows\System\mUweJrA.exe
  2⤵
  PID:2600
- C:\Windows\System\DtzeLdz.exe
  C:\Windows\System\DtzeLdz.exe
  2⤵
  PID:8940
- C:\Windows\System\MoADvUw.exe
  C:\Windows\System\MoADvUw.exe
  2⤵
  PID:8360
- C:\Windows\System\OqmuWvu.exe
  C:\Windows\System\OqmuWvu.exe
  2⤵
  PID:8764
- C:\Windows\System\bHbCDrx.exe
  C:\Windows\System\bHbCDrx.exe
  2⤵
  PID:9224
- C:\Windows\System\LhWlTXa.exe
  C:\Windows\System\LhWlTXa.exe
  2⤵
  PID:9240
- C:\Windows\System\IHhXNhP.exe
  C:\Windows\System\IHhXNhP.exe
  2⤵
  PID:9260
- C:\Windows\System\tDsMEdW.exe
  C:\Windows\System\tDsMEdW.exe
  2⤵
  PID:9276
- C:\Windows\System\SRXsxOM.exe
  C:\Windows\System\SRXsxOM.exe
  2⤵
  PID:9296
- C:\Windows\System\NAHFEKs.exe
  C:\Windows\System\NAHFEKs.exe
  2⤵
  PID:9316
- C:\Windows\System\zEneHtM.exe
  C:\Windows\System\zEneHtM.exe
  2⤵
  PID:9332
- C:\Windows\System\FVIGocq.exe
  C:\Windows\System\FVIGocq.exe
  2⤵
  PID:9348
- C:\Windows\System\PfzzMQz.exe
  C:\Windows\System\PfzzMQz.exe
  2⤵
  PID:9452
- C:\Windows\System\nQxIReH.exe
  C:\Windows\System\nQxIReH.exe
  2⤵
  PID:9528
- C:\Windows\System\eVHZynR.exe
  C:\Windows\System\eVHZynR.exe
  2⤵
  PID:9548
- C:\Windows\System\XSaIJWk.exe
  C:\Windows\System\XSaIJWk.exe
  2⤵
  PID:9564
- C:\Windows\System\PUmMswI.exe
  C:\Windows\System\PUmMswI.exe
  2⤵
  PID:9580
- C:\Windows\System\yUmfcrV.exe
  C:\Windows\System\yUmfcrV.exe
  2⤵
  PID:9596
- C:\Windows\System\bGFpxuH.exe
  C:\Windows\System\bGFpxuH.exe
  2⤵
  PID:9612
- C:\Windows\System\lcOEhor.exe
  C:\Windows\System\lcOEhor.exe
  2⤵
  PID:9628
- C:\Windows\System\kFlvuDS.exe
  C:\Windows\System\kFlvuDS.exe
  2⤵
  PID:9648
- C:\Windows\System\VnlcuAz.exe
  C:\Windows\System\VnlcuAz.exe
  2⤵
  PID:9664
- C:\Windows\System\rJeTOtq.exe
  C:\Windows\System\rJeTOtq.exe
  2⤵
  PID:9680
- C:\Windows\System\lQNsnnO.exe
  C:\Windows\System\lQNsnnO.exe
  2⤵
  PID:9708
- C:\Windows\System\lhGhIvW.exe
  C:\Windows\System\lhGhIvW.exe
  2⤵
  PID:9724
- C:\Windows\System\BnJXUYf.exe
  C:\Windows\System\BnJXUYf.exe
  2⤵
  PID:9772
- C:\Windows\System\YrYHzNv.exe
  C:\Windows\System\YrYHzNv.exe
  2⤵
  PID:9796
- C:\Windows\System\lVvwTxe.exe
  C:\Windows\System\lVvwTxe.exe
  2⤵
  PID:9812
- C:\Windows\System\JhIPRSd.exe
  C:\Windows\System\JhIPRSd.exe
  2⤵
  PID:9836
- C:\Windows\System\PFWkFyB.exe
  C:\Windows\System\PFWkFyB.exe
  2⤵
  PID:9860
- C:\Windows\System\hzFQRZj.exe
  C:\Windows\System\hzFQRZj.exe
  2⤵
  PID:9876
- C:\Windows\System\oGzwxUS.exe
  C:\Windows\System\oGzwxUS.exe
  2⤵
  PID:9892
- C:\Windows\System\iYeIYKr.exe
  C:\Windows\System\iYeIYKr.exe
  2⤵
  PID:9908
- C:\Windows\System\qWYRjVw.exe
  C:\Windows\System\qWYRjVw.exe
  2⤵
  PID:9932
- C:\Windows\System\fgWLWxo.exe
  C:\Windows\System\fgWLWxo.exe
  2⤵
  PID:9952
- C:\Windows\System\EDiCduT.exe
  C:\Windows\System\EDiCduT.exe
  2⤵
  PID:9968
- C:\Windows\System\cBYdOzL.exe
  C:\Windows\System\cBYdOzL.exe
  2⤵
  PID:9988
- C:\Windows\System\OhOUvmb.exe
  C:\Windows\System\OhOUvmb.exe
  2⤵
  PID:10004
- C:\Windows\System\LpAYqvv.exe
  C:\Windows\System\LpAYqvv.exe
  2⤵
  PID:10044
- C:\Windows\System\HsAJtzi.exe
  C:\Windows\System\HsAJtzi.exe
  2⤵
  PID:10060
- C:\Windows\System\GpMETgx.exe
  C:\Windows\System\GpMETgx.exe
  2⤵
  PID:10076
- C:\Windows\System\ruaLCPX.exe
  C:\Windows\System\ruaLCPX.exe
  2⤵
  PID:10092
- C:\Windows\System\aDKVSJv.exe
  C:\Windows\System\aDKVSJv.exe
  2⤵
  PID:10108
- C:\Windows\System\TPICpPa.exe
  C:\Windows\System\TPICpPa.exe
  2⤵
  PID:10132
- C:\Windows\System\KcslfEv.exe
  C:\Windows\System\KcslfEv.exe
  2⤵
  PID:10156
- C:\Windows\System\bhxSzfJ.exe
  C:\Windows\System\bhxSzfJ.exe
  2⤵
  PID:10176
- C:\Windows\System\KmPdAue.exe
  C:\Windows\System\KmPdAue.exe
  2⤵
  PID:10192
- C:\Windows\System\NnNXoMt.exe
  C:\Windows\System\NnNXoMt.exe
  2⤵
  PID:10208
- C:\Windows\System\aMPIRlW.exe
  C:\Windows\System\aMPIRlW.exe
  2⤵
  PID:10228
- C:\Windows\System\FIJtPAR.exe
  C:\Windows\System\FIJtPAR.exe
  2⤵
  PID:8632
- C:\Windows\System\nyFTiYX.exe
  C:\Windows\System\nyFTiYX.exe
  2⤵
  PID:9232
- C:\Windows\System\bDJAqDr.exe
  C:\Windows\System\bDJAqDr.exe
  2⤵
  PID:9236
- C:\Windows\System\UjpUFYY.exe
  C:\Windows\System\UjpUFYY.exe
  2⤵
  PID:8828
- C:\Windows\System\RZKTtfB.exe
  C:\Windows\System\RZKTtfB.exe
  2⤵
  PID:9124
- C:\Windows\System\EALpEhc.exe
  C:\Windows\System\EALpEhc.exe
  2⤵
  PID:9220
- C:\Windows\System\piEVdfk.exe
  C:\Windows\System\piEVdfk.exe
  2⤵
  PID:9292
- C:\Windows\System\rXMXSwx.exe
  C:\Windows\System\rXMXSwx.exe
  2⤵
  PID:9272
- C:\Windows\System\VMMQClf.exe
  C:\Windows\System\VMMQClf.exe
  2⤵
  PID:9360
- C:\Windows\System\cNRkOms.exe
  C:\Windows\System\cNRkOms.exe
  2⤵
  PID:9368
- C:\Windows\System\UlGGTHy.exe
  C:\Windows\System\UlGGTHy.exe
  2⤵
  PID:8196
- C:\Windows\System\YxArVXs.exe
  C:\Windows\System\YxArVXs.exe
  2⤵
  PID:9132
- C:\Windows\System\fyTEZRJ.exe
  C:\Windows\System\fyTEZRJ.exe
  2⤵
  PID:9404
- C:\Windows\System\PuBgXRQ.exe
  C:\Windows\System\PuBgXRQ.exe
  2⤵
  PID:9424
- C:\Windows\System\TtXfSOR.exe
  C:\Windows\System\TtXfSOR.exe
  2⤵
  PID:9444
- C:\Windows\System\XJeZoaJ.exe
  C:\Windows\System\XJeZoaJ.exe
  2⤵
  PID:9472
- C:\Windows\System\UwaRvGf.exe
  C:\Windows\System\UwaRvGf.exe
  2⤵
  PID:9480
- C:\Windows\System\uLtjpvN.exe
  C:\Windows\System\uLtjpvN.exe
  2⤵
  PID:9496
- C:\Windows\System\MuFqRLj.exe
  C:\Windows\System\MuFqRLj.exe
  2⤵
  PID:9512
- C:\Windows\System\nLptjGc.exe
  C:\Windows\System\nLptjGc.exe
  2⤵
  PID:9520
- C:\Windows\System\BgrvEwx.exe
  C:\Windows\System\BgrvEwx.exe
  2⤵
  PID:9556
- C:\Windows\System\VZZHnpd.exe
  C:\Windows\System\VZZHnpd.exe
  2⤵
  PID:9620
- C:\Windows\System\OxmKYUV.exe
  C:\Windows\System\OxmKYUV.exe
  2⤵
  PID:9644
- C:\Windows\System\gkTcTsf.exe
  C:\Windows\System\gkTcTsf.exe
  2⤵
  PID:9692
- C:\Windows\System\DdQlUXO.exe
  C:\Windows\System\DdQlUXO.exe
  2⤵
  PID:9716
- C:\Windows\System\mvkOYxx.exe
  C:\Windows\System\mvkOYxx.exe
  2⤵
  PID:9736
- C:\Windows\System\fIrTVtD.exe
  C:\Windows\System\fIrTVtD.exe
  2⤵
  PID:9744
- C:\Windows\System\ZIavhOw.exe
  C:\Windows\System\ZIavhOw.exe
  2⤵
  PID:9768
- C:\Windows\System\CQpYlip.exe
  C:\Windows\System\CQpYlip.exe
  2⤵
  PID:9820
- C:\Windows\System\xHuXVAX.exe
  C:\Windows\System\xHuXVAX.exe
  2⤵
  PID:9832
- C:\Windows\System\NtXvhny.exe
  C:\Windows\System\NtXvhny.exe
  2⤵
  PID:9916
- C:\Windows\System\tMMzRoR.exe
  C:\Windows\System\tMMzRoR.exe
  2⤵
  PID:9944
- C:\Windows\System\NjYLvnR.exe
  C:\Windows\System\NjYLvnR.exe
  2⤵
  PID:9984
- C:\Windows\System\vPmDVNL.exe
  C:\Windows\System\vPmDVNL.exe
  2⤵
  PID:9996
- C:\Windows\System\ZANxfaI.exe
  C:\Windows\System\ZANxfaI.exe
  2⤵
  PID:10236
- C:\Windows\System\Lgalmnv.exe
  C:\Windows\System\Lgalmnv.exe
  2⤵
  PID:10172
- C:\Windows\System\eZigziz.exe
  C:\Windows\System\eZigziz.exe
  2⤵
  PID:9248
- C:\Windows\System\iamToDl.exe
  C:\Windows\System\iamToDl.exe
  2⤵
  PID:9380
- C:\Windows\System\gyfcLpg.exe
  C:\Windows\System\gyfcLpg.exe
  2⤵
  PID:10188
- C:\Windows\System\pZKhdAm.exe
  C:\Windows\System\pZKhdAm.exe
  2⤵
  PID:9440
- C:\Windows\System\pcZYmbk.exe
  C:\Windows\System\pcZYmbk.exe
  2⤵
  PID:7232
- C:\Windows\System\oWTYNtC.exe
  C:\Windows\System\oWTYNtC.exe
  2⤵
  PID:9328
- C:\Windows\System\rKXngdU.exe
  C:\Windows\System\rKXngdU.exe
  2⤵
  PID:9476
- C:\Windows\System\MlXXeCf.exe
  C:\Windows\System\MlXXeCf.exe
  2⤵
  PID:9504
- C:\Windows\System\YbiFHyf.exe
  C:\Windows\System\YbiFHyf.exe
  2⤵
  PID:8648
- C:\Windows\System\ekDKXMg.exe
  C:\Windows\System\ekDKXMg.exe
  2⤵
  PID:9388
- C:\Windows\System\JchOMqR.exe
  C:\Windows\System\JchOMqR.exe
  2⤵
  PID:9536
- C:\Windows\System\JZoUtCy.exe
  C:\Windows\System\JZoUtCy.exe
  2⤵
  PID:9604
- C:\Windows\System\inJPfpG.exe
  C:\Windows\System\inJPfpG.exe
  2⤵
  PID:9672
- C:\Windows\System\LYglHqK.exe
  C:\Windows\System\LYglHqK.exe
  2⤵
  PID:9848
- C:\Windows\System\lArdQtm.exe
  C:\Windows\System\lArdQtm.exe
  2⤵
  PID:9788
- C:\Windows\System\IsQvXKi.exe
  C:\Windows\System\IsQvXKi.exe
  2⤵
  PID:9856
- C:\Windows\System\YXFWtcl.exe
  C:\Windows\System\YXFWtcl.exe
  2⤵
  PID:9940
- C:\Windows\System\jdqOFes.exe
  C:\Windows\System\jdqOFes.exe
  2⤵
  PID:9872
- C:\Windows\System\TafMNzT.exe
  C:\Windows\System\TafMNzT.exe
  2⤵
  PID:9948
- C:\Windows\System\HmhzReH.exe
  C:\Windows\System\HmhzReH.exe
  2⤵
  PID:10024
- C:\Windows\System\yAfMoia.exe
  C:\Windows\System\yAfMoia.exe
  2⤵
  PID:9760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BOMxadv.exe

Filesize
6.0MB

MD5
1780842100534778560fa640b5da4b2d

SHA1
eb07a8d3e048c70829ce130e1896a7364df79f1f

SHA256
2a280761744510c4e8a28a0fc5e186738e2157848d226c1b62377349c8dadd06

SHA512
7459e90b98e26ac98de332a7429c329cac3b013ec5d24b1a2a13812a5aecf03a0ee20e8ce9418f9e405d006af1ef63db7d47bd92c3048774415d2f038c031af1

Download Submit
C:\Windows\system\EThWPVg.exe

Filesize
6.0MB

MD5
b9454e4450a4af8bbbb9ed04f9354f5b

SHA1
80c79e7d6d457d59a8c9c2d3221eba348807e6b4

SHA256
3225fc516affe74ef779f2fa1af049a4f9400493eea953e4efdce4adcad549e2

SHA512
65a87404d376f2f8b2b3916396352e538883ad568c279e5b660610de6bdd8d27add628f663a6c8da9ff9432bb364c3e90b01d1afacf3139bf6acf6825dc1ef84

Download Submit
C:\Windows\system\FXeZbDT.exe

Filesize
6.0MB

MD5
d01f94b7154acbbc860cc6b5e1f337e5

SHA1
fbd7fd7a1443faa80f53f5cfbf8969220d5b4d1e

SHA256
1a09c28631d458c320e6cd7d1f95a4d00320ee8539e256fdc1fbd65e339dca81

SHA512
aa99f4abc8d17f90769d58ffc3c7faae6abccaca2201f6b79a8ecf7bf6135c3386f5d8120f3cbcbbd7c270e65c69cdb7edc062fff692d095609f9032105a25ab

Download Submit
C:\Windows\system\Gjsvcpw.exe

Filesize
6.0MB

MD5
d1e23452a1980b1ba55e0a4f7ee9a7fd

SHA1
0277b636521ce2d991ae7fd1163c8d21a13a66e9

SHA256
cf61bd55f75fd53781ed76106d473d205470d7ceb342751677df931923547e40

SHA512
85a374e14b919d22226f073586246bce35510ca464f060abd7559b783bfc6c1ca58181a283e9595cecdeb6876b64e3dc9bfd5aff605055296ddb4127dac79cfe

Download Submit
C:\Windows\system\ILEEEBk.exe

Filesize
6.0MB

MD5
765fb838f14bc111c486e902f60ef43d

SHA1
9e9216d87e07d2011f63494f761c2980cdd9564a

SHA256
a5d80c24c2699688b32958c69d76d6930372f498c5eeb714cef566d7eaa039cc

SHA512
d9d57e630884da8d7776b922b625f285b7576b1558cdf384bf1fd7c06a9a41f6ed97bb9accddc13e89b2d5a67481b7da66da3a496d7dfd31825f1a5073163624

Download Submit
C:\Windows\system\MRajOee.exe

Filesize
6.0MB

MD5
3470e138df6ab9ed488ae8ad97321af4

SHA1
ce39257cb7d2d7fd530390214a25a4d5cc0f64ba

SHA256
9d6735a276f8c7ebed1847bf0c43e0975b6bc8a577d545ca381dacdaf13fb06d

SHA512
ac0ec657a52dec00695212b6b6f08e4e9bcc60f624ea380ebc61f79dab0460dd2578c3a81001038b7fea0bd5786392e784bbc7dfd6d3b47a7a14fa3988615cc6

Download Submit
C:\Windows\system\NovZvzg.exe

Filesize
6.0MB

MD5
958cf10b05298288a46e76ba707ec93f

SHA1
563fb4639ea89c523e3c97bbbee823b2d60ba2a5

SHA256
3d6c2db573478635289cffa7f3e24ebd2ba8446f4172bdeff27ab171a82c0b88

SHA512
550d32612bfd4ec7fecf102ef076d2c3305b1be53f828001536271c26a898e6ec9dae8bbb9aac66184767ceabfa6fed1e405cb0c54474a6e59940f78aa417f60

Download Submit
C:\Windows\system\PNPUKNB.exe

Filesize
6.0MB

MD5
6d149d2cca4fa76d5fce08e7244bb553

SHA1
f068b3a0e6a5064226d770ced545e5113fb8f9c7

SHA256
50a6559f307aaf992a115e84df0633bf20b702f889121aa82ff8924998c5c8c0

SHA512
b6e97adafb09e95a140cdb7aa73eaafc0a792ddbb8b58bb9bf6fee81dcb99560981a6a187d2f723db9057d55aa9c1743e4505abff6751659e3bdf0ab71278755

Download Submit
C:\Windows\system\VEpkUFD.exe

Filesize
6.0MB

MD5
9e07bdff00d028a021143effa78504c7

SHA1
546a0a494151f1767e5c1744f65b8c78157d5d42

SHA256
698a5e4cbf9f5c61180ae1fda8594cc64ba5eb04da8372546cbcf80100e53166

SHA512
89977c5fba89fcbdbd8ce4acb58ecec5ad5f2ebaf25f2e992ec360e98e4d64cd55ec63efcf688ef0d300871bfaf3cbe010ba0859a5b16417ab0db4151f034388

Download Submit
C:\Windows\system\aGpjwiG.exe

Filesize
6.0MB

MD5
773a71a5fbb0d936f84a4985af758ce6

SHA1
2d53a61598c5e23868c00827e504ae4b1042b777

SHA256
a9e64566189b314b70606638ead42a3b638bbcb441d04c1b14be914f57a6f680

SHA512
db463c3df3335e072a8b9ecbbc13fcadc82f657cb6a3f395ad4ba0c6b7da8be8931e2d8ba94a953bf526f3f0b6e062113085302a9d5d21c2a29ba09c8fb239cc

Download Submit
C:\Windows\system\aIFGpWp.exe

Filesize
6.0MB

MD5
3abc98ca75c6ce4ec9091f1a19e7b684

SHA1
a57e9be0f76b153c018ded5a481d77a599561008

SHA256
eff533d53afc2a89bb5cb3623ff5cbfa26eadf9a7f4c4dd46e1c1632120507ef

SHA512
be7a8f4d3cda726729d453290f2d558e7174c08e51d03ad165b30e7227f58d56f166bf5c979ccc6a506128491d7a59226f96d48f17bf15731db23b3b68209007

Download Submit
C:\Windows\system\aaUfpbE.exe

Filesize
6.0MB

MD5
939d316a20b14bbbd97ff4b6ee032c51

SHA1
d7d51c6d971373386766130b40897518ffa1b43a

SHA256
e476e5fe3d734d89d790419c27f44a4d751ffb44926b4ed110b14d504142a2b7

SHA512
35664dd37466d290cc07bb6e828f124c01b7d2362da24e390ac3ef0e83a35bf27a3d0f0bb73268a8067393d975848afcb2fb8369e91a1e3df582ffbd2c0e62ca

Download Submit
C:\Windows\system\dFbbXaL.exe

Filesize
6.0MB

MD5
6d08880ae090acf6397ad66f70dd0f72

SHA1
f749d38fa14a1c870afc00c1b85676e9ef0a8c4c

SHA256
eff7e20e09d5091e09e8483d7d2a71c34152f6e2fe0676db4274a935c7c0a2c8

SHA512
4881c4407ff4e5998e6db6fe55c692e18198193a618f00d099b605fb9b6247eaa4f616e7d10594c373e5cf05745fa88cd818db4f2a02b9558f17d78941d4ed71

Download Submit
C:\Windows\system\dOiIkUE.exe

Filesize
6.0MB

MD5
787ff529bc09515286fa21e5064db37b

SHA1
baac477029d89e8e2e7694a7fe13d88e5c840a0a

SHA256
54d45e96e46a224f46dbe51a6ff393f3e6ab23d00fd92d448c589a44bd8df10b

SHA512
64187a4d2375a9ee1a6b26db1ce91b80d9dabc0b9c4d47d1952542751e3b24f27c7a214558ce653530aa4ca549878b6d74484fc9441547765fa74c007d876c40

Download Submit
C:\Windows\system\gLRxdnx.exe

Filesize
6.0MB

MD5
e6994d31e192e0f6d5297db5cf7ec87b

SHA1
ed3ef98f1c7444f6066034aa69e200ef0afe69c7

SHA256
2a9282b892119c7e9511b003f966d6a1fe487888b197410645c0dd9e0af699d3

SHA512
46365b38abc7b307892dde961f80fb8c0b4be5acd3b255303bfd8ce5c00715b4bed6e4d3d3806cf95405ec091c12797779d619d81e5788668457ce4a34663e72

Download Submit
C:\Windows\system\hMLsmdY.exe

Filesize
6.0MB

MD5
bb4aafee1dd5257ce2b8168cebd120b3

SHA1
f7205b572c840309cc39146448a2c017fbbb0f85

SHA256
d2085edb7f2062f3b184abc5465e3e842d59ed1d7192e276aa0151e73e16e8db

SHA512
6d934b3461e660069012d6d4853449cbf5708772cdc1acffa1112eec98da67f0f6871c694dfc35c02d9f949a4fbb27b86e86c4be8e7344e74ff88b4621765431

Download Submit
C:\Windows\system\hwxrVPu.exe

Filesize
6.0MB

MD5
5d2c89bccb0111d99fb03883a0921970

SHA1
e28b17371c1afff572fe2c5b767449c174e214c0

SHA256
e5f6b018d394fafbc2bb86133f7667dfa2668f813bbb29788eac59a60ebe2b57

SHA512
47f41d298aabf5d5e5e6f389f5359f06647ac1f1fd640c27964953f07716ad2d71498fb1c6c8f4ac35f69fa2ffdf1e880514b9d95cf7e97835c2713e4452a460

Download Submit
C:\Windows\system\ikKhbzO.exe

Filesize
6.0MB

MD5
412d15dd6501b64b075f91a23f9be30f

SHA1
c18f101f11e9643ebfad68a996dbcf943d0c5019

SHA256
9e8678d8878c014d4432cbe7062640c7ddad460d3e89297554061d6e1015432c

SHA512
e20145acdd15d2c8689e0fb3417cdf99f3943cc418a4ad14824b2f729904b05fdae1712f8697a477f1a99e22c1d4157f2832899807e5b1300b536065a4b2901f

Download Submit
C:\Windows\system\kIODyKd.exe

Filesize
6.0MB

MD5
ac166296be9fe24589a4bedbe6569f7a

SHA1
4c79f5809637787dfcd19759dd5ec20d6a824961

SHA256
9a7843b98e77477b8cd6ea1e3d7d014a12b63d063c02bd464da3120cbae09912

SHA512
1337765d728d21d946b4c48cf72df91acabc1fb541af03a150b7709e9f3b6d5e1f1777e0edfffc9d01b00ae59cfb451acfb0a345524294b5052430d9ce88a5d8

Download Submit
C:\Windows\system\mbaEudE.exe

Filesize
6.0MB

MD5
4b5b98e85d6de7259c184347eab569ad

SHA1
284d204afa5e26f52f33ea6e4477bc08b8622636

SHA256
ce70a18bc17e6f9551d47e16b7a428b8d978720b147250535110ded47e21ac87

SHA512
f64d88c75f6a459ef8ee990a5fff251980b1aacc53b0729554d35a0a80a4fe0d79bc116d87c2eae8194f590af3ab826a1a645194e57401495bc9e95f0d7a7282

Download Submit
C:\Windows\system\nenknCh.exe

Filesize
6.0MB

MD5
103c2e87e55dbf0c64c57c7d690b3acd

SHA1
89d93b626c4d908bbc53af2dc471261c8e5b9978

SHA256
76b738b12add0a130ea62d824781abfe5ecd6d3b795dc41e8c8a3abfa23934c5

SHA512
9fad5e643bd39acf3028fba68aba92548a4033df798ddf8513617f285541075dbab66192f2b9b3eaab140f72a15c7fa089b023d25316717c24389d955e93ec74

Download Submit
C:\Windows\system\pPCCPGd.exe

Filesize
6.0MB

MD5
9b25d1b0db781ef2bd653082cf8eca3f

SHA1
ffd24df5eb30d0ef3fc2f17bde012099485d7985

SHA256
31c0692a57ea8e02d7d55737c6c6a55939047c7ef43d0f53298d3814da17c8ef

SHA512
3bfeca6d326432c08df54c6e58737f5ad379489001e0c6f8028a8e3feb36750c33377646e7da5dc7e6679a0c5b22635d7f5101e75215c87f16999888af046c37

Download Submit
C:\Windows\system\sJniGCE.exe

Filesize
6.0MB

MD5
4452115fac84cef0a876721bd4fe8ecc

SHA1
57b2a3a9e1f36805f1e2a848cee02f372b8ea19c

SHA256
dfb581e3984dc63c0a9d73a8e2546b8993a728dc203f284c5c2b6d85e9dd9b93

SHA512
eae2035446dc2dfc8f08c974a1bc5be3fa52232cdc7af5c7030184677e95dd96d53c714221fcdd8d4ec544746f3867eb159862ee3f192afc55508573ddd6ca2a

Download Submit
C:\Windows\system\uAjvBVO.exe

Filesize
6.0MB

MD5
68ee20ea13f3189fbc95ec2142a3c99d

SHA1
493bd6cfad8a2564481f45db619e0669de6c9e7d

SHA256
2aef431df96a0402f29737f79b9e2b6316237d6facab563499bb234df127886e

SHA512
9ddb08adb94921f5f65a6d707b7c5b4ed7e76e0669987f5bde46ffcc42c34f7d7337bbe753806dcff33e99f7344d328fce6605e42978be40c6e2458aab275b77

Download Submit
C:\Windows\system\wREktSq.exe

Filesize
6.0MB

MD5
12cc53a72db625220d610883c5664771

SHA1
63942fbd7c02f74074f0eb8477d474b1c95d6d42

SHA256
685da1e5d4f3b3b7ac3d0b93eed19d94c5c28d9dbc00487f7499d1f485b159a5

SHA512
6bbdf2fa66c2d8bf28ae4a3305799adcebd6ce5adb956e6672e578bcc84335eb16408629ee5fd822451884c6673f48ff3104fc9b60715de8e4c3f694b3ef577d

Download Submit
C:\Windows\system\wyRopVk.exe

Filesize
6.0MB

MD5
3818dfbfe94f4bf322b796e60090e35e

SHA1
ff83b0e1d78c7c85511a897a79aa6eed9379afeb

SHA256
996f0da6eb7c40943899a0295edf0a5f5dfa95aefd0aed9fb278d0abbb60b201

SHA512
cedd3e3f65a62dca56cba6bc7efbcb3ee57dbe590b37ce273e73093a05ccf19ff8959e0510830904010edace414590304eb22a00800dd3e4aba86b8dee4c31be

Download Submit
C:\Windows\system\ykvMVsb.exe

Filesize
6.0MB

MD5
5bf766bd36dde614dbd9a7b9f9b67614

SHA1
da971d6b1e5c58ca9f54726c720a025a41bc4b0b

SHA256
91ac890dca6ac4623d5cf163540613d7c976e090d5ebc813f9622929a0c51137

SHA512
fe7324cb8b80739fbd825825ff53b0897d0d0c5d3d161cbb3d0a271b263d48884a66741ace2a39493633e4de3fa6045588e8de48e415bb41c4297fe32f720243

Download Submit
\Windows\system\EiamSXj.exe

Filesize
6.0MB

MD5
869f36a8abd3821159810d9c67ca82dc

SHA1
7945524bfbae3f4e3f00f901f94404b92ca01b57

SHA256
cceab4fc8a2931b2cc1ed8d3e190a2bf86286d3c510378bb614f03fd3fe76619

SHA512
ca02a8a92d371bbe173e67ba51f146455a1e1deb061900e530d6e1ef46af5f0b64de8ef6ba4f9571a64947b36178b7aee9ac8ff0e3eb90d1d2fdf4269d635842

Download Submit
\Windows\system\GvIPPKg.exe

Filesize
6.0MB

MD5
852ea85c0b4e3d7a48cdb7ecdd3039a0

SHA1
de2582dea2130812e1709a6b592934a017b91a6f

SHA256
452a9d080d19fcda4f79f2f1f1d2d018a35642bcb370b63077ca060e299cdc95

SHA512
29953756959b008df2c251f98a625b0e84d571a4bd7d59c6bfbfb61c0e9b82d77781dd481761a4a6927cde4d1f690546e5675a8379ccb86a3a43527cafea3a30

Download Submit
\Windows\system\McKIUBP.exe

Filesize
6.0MB

MD5
56f8ec21c88f613b5cd47f97073f76dd

SHA1
34f2789c7a36f1183b3877204788b5217d85a9da

SHA256
c7b6154e27ffb45c9f31b62d0ce864d76d15d553c935fd8a90ca2bf92d6d292d

SHA512
452c45b884633c5cbc83ecfa51445960b713fdf52c5e183e3fa726b2752daa427726246b410c69ad6e957f48c1d2e186f1823bbfe7dd02ecc532318d1b35efe5

Download Submit
\Windows\system\WAHdrET.exe

Filesize
6.0MB

MD5
50bc74975997152705a2228d4609f435

SHA1
2c08dc52ba6db67ab2b5a723cc262a206712decf

SHA256
b6f9d9871071d65aec3d6b1a168aab8255971b56a29de8019ce203c6aef86bf7

SHA512
97dadea032b2bb88493df2dc6238feb816e2ff9578931197c6285d7403e1e76ee7ba2acb52a5cc582e591ffa37a484ffe9ab9a140018abe53e74a0ed96d174af

Download Submit
\Windows\system\WNKHimu.exe

Filesize
6.0MB

MD5
58dcede0a62fb3e06afc946f1548e8a3

SHA1
2710c8c94783fbb085eb218d82c2d63aff83c594

SHA256
dcefb1ac4cec0dc6bfb829843fe09d7991676b1e74baa4e605b548963a9ed22f

SHA512
5d6a4a3b29b734552cbb915a2b286dae47f3788f4a2738fcde7378c7fe72ff5e445fc6ca6e935dacebff3b1753428892436ee850ebda5a0c71d1383fefada354

Download Submit
\Windows\system\hBSkJIi.exe

Filesize
6.0MB

MD5
d4319ac114ef32e85eabb2c3647babc8

SHA1
ae3688e1b8452e716705f618e86aa3974d0660da

SHA256
6b760aeafa39c429476071c39fa530857e51787d9bba93e1a66dca0838b7c274

SHA512
9a2b31b54650748e0575a02c72d63f9b366f06557cfd794b291bd7a9eb38023dd33ac05de627ad9401364c29a48fdd64ed70b29167001326b7020c585c8bca48

Download Submit
\Windows\system\ruuWqRH.exe

Filesize
6.0MB

MD5
27ff0a76be329203e393d745d4f8835e

SHA1
75795f39851bb3ef39c4958f2403057321eca479

SHA256
a86488288081109f5793d135d876b859d7c8bee4feb98034a6c7747a817b5fd8

SHA512
86a36f0f5380eacfc35285f593cceaa06b808ea6042f3c5534da4b3007b8015549e10b2c66481419a235d7e55bbb9de1dda7534de2f77f33e865d1d733706ef4

Download Submit
memory/1484-3967-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1484-196-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1688-3976-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1688-198-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2156-3974-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2156-194-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2384-0-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1209-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2384-191-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-189-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-181-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2384-193-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2384-183-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-179-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-187-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-177-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1106-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-195-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1105-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2384-197-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-134-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-128-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-185-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-199-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1207-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-201-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1208-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1210-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2548-3975-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-188-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-180-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2556-3980-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2592-190-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2592-3979-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2652-184-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3978-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3982-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-202-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-182-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3981-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2716-186-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3977-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2812-176-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3966-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2908-3968-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2908-200-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3983-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2944-178-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/3020-3969-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-192-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download