cobaltstrike | 3f8a5f7148c50a22029a05a72fe4166a837dff4a056a890a6a22be39def17262

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22/09/2024, 22:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b268a8adfe9827e5d62b8216ff1fc815
SHA1

1a60666f2e27606533b7b03d0705c94de6533900
SHA256

3f8a5f7148c50a22029a05a72fe4166a837dff4a056a890a6a22be39def17262
SHA512

dabee74aa1a849cc03265780329233bc2d6b02968dc731967ae2364a8ade6a7d79a5848e91509f301dee8696b1ac52cddf7027cc4c6320846295a14e7ce19231
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU4:T+q56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012119-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d41-15.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d59-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d81-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ec9-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ff5-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f71-44.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016241-45.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d3f-57.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d0e-64.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d47-71.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d63-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd9-97.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de0-101.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017491-123.dat	cobalt_reflective_dll
behavioral1/files/0x0011000000018682-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018731-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f8-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f2-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001868b-145.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018669-134.dat	cobalt_reflective_dll
behavioral1/files/0x001400000001866f-137.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001743a-118.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175e7-129.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001747d-121.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017047-113.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eb4-109.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d72-93.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d69-86.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6d-89.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4f-75.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 62 IoCs

miner

resource	yara_rule
behavioral1/memory/3000-0-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012119-3.dat	xmrig
behavioral1/memory/2248-17-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d41-15.dat	xmrig
behavioral1/files/0x0008000000015d59-11.dat	xmrig
behavioral1/files/0x0008000000015d81-23.dat	xmrig
behavioral1/files/0x0007000000015ec9-24.dat	xmrig
behavioral1/files/0x0007000000015ff5-32.dat	xmrig
behavioral1/files/0x0007000000015f71-44.dat	xmrig
behavioral1/files/0x0009000000016241-45.dat	xmrig
behavioral1/memory/3000-58-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2688-56-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2720-53-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2864-52-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2876-51-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2068-46-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d3f-57.dat	xmrig
behavioral1/memory/2408-39-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2508-35-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/1228-63-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d0e-64.dat	xmrig
behavioral1/files/0x0006000000016d47-71.dat	xmrig
behavioral1/files/0x0006000000016d63-80.dat	xmrig
behavioral1/files/0x0006000000016dd9-97.dat	xmrig
behavioral1/files/0x0006000000016de0-101.dat	xmrig
behavioral1/files/0x0006000000017491-123.dat	xmrig
behavioral1/files/0x0011000000018682-139.dat	xmrig
behavioral1/files/0x0005000000018731-157.dat	xmrig
behavioral1/memory/2652-1308-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f8-154.dat	xmrig
behavioral1/files/0x00050000000186f2-149.dat	xmrig
behavioral1/files/0x000500000001868b-145.dat	xmrig
behavioral1/files/0x0006000000018669-134.dat	xmrig
behavioral1/files/0x001400000001866f-137.dat	xmrig
behavioral1/files/0x000600000001743a-118.dat	xmrig
behavioral1/files/0x00060000000175e7-129.dat	xmrig
behavioral1/files/0x000600000001747d-121.dat	xmrig
behavioral1/files/0x0006000000017047-113.dat	xmrig
behavioral1/files/0x0006000000016eb4-109.dat	xmrig
behavioral1/files/0x0006000000016dea-105.dat	xmrig
behavioral1/files/0x0006000000016d72-93.dat	xmrig
behavioral1/files/0x0006000000016d69-86.dat	xmrig
behavioral1/files/0x0006000000016d6d-89.dat	xmrig
behavioral1/files/0x0006000000016d4f-75.dat	xmrig
behavioral1/memory/2616-2747-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/1256-3248-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2668-4139-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/3044-4141-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2248-4142-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2508-4143-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2408-4144-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2068-4145-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2688-4146-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2876-4147-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2864-4148-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2720-4149-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/1228-4150-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2668-4151-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/3044-4152-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2652-4153-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2616-4154-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2652-4155-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2248	ttwZdJw.exe
2508	EnvmjcK.exe
2408	HHHdlJL.exe
2068	UStNlKa.exe
2688	PPkjHHl.exe
2876	PAWuynR.exe
2864	vlEhoaC.exe
2720	tYRZUFt.exe
1228	IIxjLTV.exe
2652	rUVGKDg.exe
2616	yYHFWhI.exe
2668	kcgtEIN.exe
3044	NQGKyqd.exe
1256	fuDBCEz.exe
656	IHJyvWG.exe
536	QWXHkQp.exe
292	tcbYDNW.exe
2684	XLBppSb.exe
1296	nAibPnB.exe
908	GyKBhOE.exe
2776	bBUQfRV.exe
544	DtjlwWZ.exe
784	sNrHrfx.exe
596	JhEZIZE.exe
2780	ktTFQeQ.exe
1592	NyvBILo.exe
1444	ADuvYTC.exe
2228	AibxoWB.exe
2280	QEqnKyE.exe
2268	WIouvJW.exe
1284	vXIhJtl.exe
1676	tZUksSp.exe
2116	iVlQZUo.exe
2120	qqPAuSC.exe
1848	WDyrdSb.exe
2356	EwZKVtk.exe
840	UgyojTG.exe
1056	DCzNjjy.exe
2208	hgUYsbe.exe
2968	FZVYDtW.exe
1544	NOhYlPX.exe
1816	qQKPbob.exe
1620	ULLghKG.exe
612	SByfDWB.exe
1388	sQIhIFp.exe
1144	svBUADJ.exe
2580	VzMwWNP.exe
1872	oPhfspx.exe
1336	UiwvwAh.exe
1728	oGAtfhp.exe
2976	ZGDddnY.exe
916	GEIAkku.exe
2164	kYBEXVV.exe
2420	WtLhYwL.exe
1404	QmuBvXe.exe
2372	BmVVzRp.exe
864	LeTfSif.exe
2412	wuGLPXJ.exe
2128	ZnWgJPS.exe
1304	jtTjSRo.exe
1652	LKnWZgt.exe
884	huXUWrC.exe
1940	hCAxlBN.exe
1944	KXwUiTz.exe

Loads dropped DLL 64 IoCs

pid	Process
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3000-0-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0007000000012119-3.dat	upx
behavioral1/memory/2248-17-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x0008000000015d41-15.dat	upx
behavioral1/files/0x0008000000015d59-11.dat	upx
behavioral1/files/0x0008000000015d81-23.dat	upx
behavioral1/files/0x0007000000015ec9-24.dat	upx
behavioral1/files/0x0007000000015ff5-32.dat	upx
behavioral1/files/0x0007000000015f71-44.dat	upx
behavioral1/files/0x0009000000016241-45.dat	upx
behavioral1/memory/2688-56-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2720-53-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2864-52-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2876-51-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2068-46-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0008000000016d3f-57.dat	upx
behavioral1/memory/2408-39-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2508-35-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/1228-63-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x0008000000015d0e-64.dat	upx
behavioral1/files/0x0006000000016d47-71.dat	upx
behavioral1/files/0x0006000000016d63-80.dat	upx
behavioral1/files/0x0006000000016dd9-97.dat	upx
behavioral1/files/0x0006000000016de0-101.dat	upx
behavioral1/files/0x0006000000017491-123.dat	upx
behavioral1/files/0x0011000000018682-139.dat	upx
behavioral1/files/0x0005000000018731-157.dat	upx
behavioral1/memory/2652-1308-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x00050000000186f8-154.dat	upx
behavioral1/files/0x00050000000186f2-149.dat	upx
behavioral1/files/0x000500000001868b-145.dat	upx
behavioral1/files/0x0006000000018669-134.dat	upx
behavioral1/files/0x001400000001866f-137.dat	upx
behavioral1/files/0x000600000001743a-118.dat	upx
behavioral1/files/0x00060000000175e7-129.dat	upx
behavioral1/files/0x000600000001747d-121.dat	upx
behavioral1/files/0x0006000000017047-113.dat	upx
behavioral1/files/0x0006000000016eb4-109.dat	upx
behavioral1/files/0x0006000000016dea-105.dat	upx
behavioral1/files/0x0006000000016d72-93.dat	upx
behavioral1/files/0x0006000000016d69-86.dat	upx
behavioral1/files/0x0006000000016d6d-89.dat	upx
behavioral1/files/0x0006000000016d4f-75.dat	upx
behavioral1/memory/2616-2747-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/1256-3248-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2668-4139-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/3044-4141-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2248-4142-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2508-4143-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2408-4144-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2068-4145-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2688-4146-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2876-4147-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2864-4148-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2720-4149-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/1228-4150-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2668-4151-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/3044-4152-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2652-4153-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2616-4154-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2652-4155-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\WsTYpOZ.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VPkWodb.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pZWzkfx.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DYnBhBe.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Bhukwzv.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VrMrQGt.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rEBrVeY.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QmuBvXe.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfeMPrq.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SoQaRfj.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MoquNtP.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXYBmmJ.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oAVCNox.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uOFNYFb.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LaSxFWM.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfXIeec.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZtMCicP.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JjEqwmC.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNunkHQ.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RaKtmXd.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iraaoMr.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztyDCZz.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rztaenK.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfqxBEX.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tSnekUe.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pEgCaAI.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EzKEiKY.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXIhJtl.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eQyNFAV.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OsEwepq.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Dnkqalg.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vkZprLW.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZaHIctf.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PUlmfPt.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OgYpxqE.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zaOEefv.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UStNlKa.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yYHFWhI.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kcgtEIN.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtLhYwL.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XsvgoiA.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wuSYqNM.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BhhsuXa.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RctZlmB.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tYDuDyY.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKiLpUg.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SAkHKPX.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMdbrjE.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VEyKZJH.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMVXRhN.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GBODeJH.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VYVZVTp.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\asvhVle.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ANlMOwA.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgHstBM.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WIouvJW.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGDddnY.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MaGnMDg.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLifmzk.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zfGlUmW.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wMsHfZi.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BSPBAwI.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJfBWtz.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yGRtZdm.exe	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2248	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3000 wrote to memory of 2248	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3000 wrote to memory of 2248	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3000 wrote to memory of 2508	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3000 wrote to memory of 2508	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3000 wrote to memory of 2508	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3000 wrote to memory of 2408	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3000 wrote to memory of 2408	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3000 wrote to memory of 2408	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3000 wrote to memory of 2068	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3000 wrote to memory of 2068	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3000 wrote to memory of 2068	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3000 wrote to memory of 2688	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3000 wrote to memory of 2688	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3000 wrote to memory of 2688	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3000 wrote to memory of 2864	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3000 wrote to memory of 2864	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3000 wrote to memory of 2864	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3000 wrote to memory of 2876	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3000 wrote to memory of 2876	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3000 wrote to memory of 2876	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3000 wrote to memory of 2720	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3000 wrote to memory of 2720	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3000 wrote to memory of 2720	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3000 wrote to memory of 1228	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3000 wrote to memory of 1228	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3000 wrote to memory of 1228	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3000 wrote to memory of 2652	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3000 wrote to memory of 2652	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3000 wrote to memory of 2652	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3000 wrote to memory of 2616	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3000 wrote to memory of 2616	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3000 wrote to memory of 2616	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3000 wrote to memory of 2668	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3000 wrote to memory of 2668	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3000 wrote to memory of 2668	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3000 wrote to memory of 3044	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3000 wrote to memory of 3044	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3000 wrote to memory of 3044	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3000 wrote to memory of 1256	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3000 wrote to memory of 1256	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3000 wrote to memory of 1256	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3000 wrote to memory of 656	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3000 wrote to memory of 656	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3000 wrote to memory of 656	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3000 wrote to memory of 536	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3000 wrote to memory of 536	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3000 wrote to memory of 536	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3000 wrote to memory of 292	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3000 wrote to memory of 292	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3000 wrote to memory of 292	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3000 wrote to memory of 2684	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3000 wrote to memory of 2684	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3000 wrote to memory of 2684	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3000 wrote to memory of 1296	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3000 wrote to memory of 1296	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3000 wrote to memory of 1296	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3000 wrote to memory of 908	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3000 wrote to memory of 908	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3000 wrote to memory of 908	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3000 wrote to memory of 2776	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3000 wrote to memory of 2776	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3000 wrote to memory of 2776	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3000 wrote to memory of 544	3000	2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-22_b268a8adfe9827e5d62b8216ff1fc815_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\System\ttwZdJw.exe
  C:\Windows\System\ttwZdJw.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\EnvmjcK.exe
  C:\Windows\System\EnvmjcK.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\HHHdlJL.exe
  C:\Windows\System\HHHdlJL.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\UStNlKa.exe
  C:\Windows\System\UStNlKa.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\PPkjHHl.exe
  C:\Windows\System\PPkjHHl.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\vlEhoaC.exe
  C:\Windows\System\vlEhoaC.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\PAWuynR.exe
  C:\Windows\System\PAWuynR.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\tYRZUFt.exe
  C:\Windows\System\tYRZUFt.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\IIxjLTV.exe
  C:\Windows\System\IIxjLTV.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\rUVGKDg.exe
  C:\Windows\System\rUVGKDg.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\yYHFWhI.exe
  C:\Windows\System\yYHFWhI.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\kcgtEIN.exe
  C:\Windows\System\kcgtEIN.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\NQGKyqd.exe
  C:\Windows\System\NQGKyqd.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\fuDBCEz.exe
  C:\Windows\System\fuDBCEz.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\IHJyvWG.exe
  C:\Windows\System\IHJyvWG.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\QWXHkQp.exe
  C:\Windows\System\QWXHkQp.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\tcbYDNW.exe
  C:\Windows\System\tcbYDNW.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\XLBppSb.exe
  C:\Windows\System\XLBppSb.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\nAibPnB.exe
  C:\Windows\System\nAibPnB.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\GyKBhOE.exe
  C:\Windows\System\GyKBhOE.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\bBUQfRV.exe
  C:\Windows\System\bBUQfRV.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\DtjlwWZ.exe
  C:\Windows\System\DtjlwWZ.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\sNrHrfx.exe
  C:\Windows\System\sNrHrfx.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\ktTFQeQ.exe
  C:\Windows\System\ktTFQeQ.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\JhEZIZE.exe
  C:\Windows\System\JhEZIZE.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\NyvBILo.exe
  C:\Windows\System\NyvBILo.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\ADuvYTC.exe
  C:\Windows\System\ADuvYTC.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\QEqnKyE.exe
  C:\Windows\System\QEqnKyE.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\AibxoWB.exe
  C:\Windows\System\AibxoWB.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\WIouvJW.exe
  C:\Windows\System\WIouvJW.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\vXIhJtl.exe
  C:\Windows\System\vXIhJtl.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\tZUksSp.exe
  C:\Windows\System\tZUksSp.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\iVlQZUo.exe
  C:\Windows\System\iVlQZUo.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\qqPAuSC.exe
  C:\Windows\System\qqPAuSC.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\WDyrdSb.exe
  C:\Windows\System\WDyrdSb.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\EwZKVtk.exe
  C:\Windows\System\EwZKVtk.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\UgyojTG.exe
  C:\Windows\System\UgyojTG.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\DCzNjjy.exe
  C:\Windows\System\DCzNjjy.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\hgUYsbe.exe
  C:\Windows\System\hgUYsbe.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\FZVYDtW.exe
  C:\Windows\System\FZVYDtW.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\NOhYlPX.exe
  C:\Windows\System\NOhYlPX.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\qQKPbob.exe
  C:\Windows\System\qQKPbob.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\ULLghKG.exe
  C:\Windows\System\ULLghKG.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\SByfDWB.exe
  C:\Windows\System\SByfDWB.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\sQIhIFp.exe
  C:\Windows\System\sQIhIFp.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\svBUADJ.exe
  C:\Windows\System\svBUADJ.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\VzMwWNP.exe
  C:\Windows\System\VzMwWNP.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\oGAtfhp.exe
  C:\Windows\System\oGAtfhp.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\oPhfspx.exe
  C:\Windows\System\oPhfspx.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\ZGDddnY.exe
  C:\Windows\System\ZGDddnY.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\UiwvwAh.exe
  C:\Windows\System\UiwvwAh.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\GEIAkku.exe
  C:\Windows\System\GEIAkku.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\kYBEXVV.exe
  C:\Windows\System\kYBEXVV.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\WtLhYwL.exe
  C:\Windows\System\WtLhYwL.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\QmuBvXe.exe
  C:\Windows\System\QmuBvXe.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\BmVVzRp.exe
  C:\Windows\System\BmVVzRp.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\LeTfSif.exe
  C:\Windows\System\LeTfSif.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\wuGLPXJ.exe
  C:\Windows\System\wuGLPXJ.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\ZnWgJPS.exe
  C:\Windows\System\ZnWgJPS.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\jtTjSRo.exe
  C:\Windows\System\jtTjSRo.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\LKnWZgt.exe
  C:\Windows\System\LKnWZgt.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\huXUWrC.exe
  C:\Windows\System\huXUWrC.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\hCAxlBN.exe
  C:\Windows\System\hCAxlBN.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\KXwUiTz.exe
  C:\Windows\System\KXwUiTz.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\sPBtgGB.exe
  C:\Windows\System\sPBtgGB.exe
  2⤵
  PID:764
- C:\Windows\System\ePgiyrz.exe
  C:\Windows\System\ePgiyrz.exe
  2⤵
  PID:2368
- C:\Windows\System\YOXsXaD.exe
  C:\Windows\System\YOXsXaD.exe
  2⤵
  PID:3004
- C:\Windows\System\SADiJzc.exe
  C:\Windows\System\SADiJzc.exe
  2⤵
  PID:1612
- C:\Windows\System\XbBgkYF.exe
  C:\Windows\System\XbBgkYF.exe
  2⤵
  PID:2856
- C:\Windows\System\JpxveTD.exe
  C:\Windows\System\JpxveTD.exe
  2⤵
  PID:2316
- C:\Windows\System\iOrkmhI.exe
  C:\Windows\System\iOrkmhI.exe
  2⤵
  PID:1864
- C:\Windows\System\eGdIKat.exe
  C:\Windows\System\eGdIKat.exe
  2⤵
  PID:2296
- C:\Windows\System\tvmwAjs.exe
  C:\Windows\System\tvmwAjs.exe
  2⤵
  PID:2948
- C:\Windows\System\SCibGzj.exe
  C:\Windows\System\SCibGzj.exe
  2⤵
  PID:2800
- C:\Windows\System\APPzNMS.exe
  C:\Windows\System\APPzNMS.exe
  2⤵
  PID:2796
- C:\Windows\System\EQVkJFZ.exe
  C:\Windows\System\EQVkJFZ.exe
  2⤵
  PID:2824
- C:\Windows\System\tSzEPPx.exe
  C:\Windows\System\tSzEPPx.exe
  2⤵
  PID:2400
- C:\Windows\System\WemLlOB.exe
  C:\Windows\System\WemLlOB.exe
  2⤵
  PID:1908
- C:\Windows\System\MbEbvtJ.exe
  C:\Windows\System\MbEbvtJ.exe
  2⤵
  PID:2932
- C:\Windows\System\JmUzgRe.exe
  C:\Windows\System\JmUzgRe.exe
  2⤵
  PID:2760
- C:\Windows\System\ClAwuRO.exe
  C:\Windows\System\ClAwuRO.exe
  2⤵
  PID:2900
- C:\Windows\System\xyktkNC.exe
  C:\Windows\System\xyktkNC.exe
  2⤵
  PID:2620
- C:\Windows\System\KISNdOM.exe
  C:\Windows\System\KISNdOM.exe
  2⤵
  PID:2768
- C:\Windows\System\MViMANP.exe
  C:\Windows\System\MViMANP.exe
  2⤵
  PID:2672
- C:\Windows\System\mDbEukZ.exe
  C:\Windows\System\mDbEukZ.exe
  2⤵
  PID:2332
- C:\Windows\System\TQwmqeJ.exe
  C:\Windows\System\TQwmqeJ.exe
  2⤵
  PID:560
- C:\Windows\System\VbBvQqh.exe
  C:\Windows\System\VbBvQqh.exe
  2⤵
  PID:3060
- C:\Windows\System\laxNsvy.exe
  C:\Windows\System\laxNsvy.exe
  2⤵
  PID:1368
- C:\Windows\System\BnRHjUe.exe
  C:\Windows\System\BnRHjUe.exe
  2⤵
  PID:2940
- C:\Windows\System\CYMfUUq.exe
  C:\Windows\System\CYMfUUq.exe
  2⤵
  PID:2496
- C:\Windows\System\jGmmCDn.exe
  C:\Windows\System\jGmmCDn.exe
  2⤵
  PID:3012
- C:\Windows\System\bcEzNbr.exe
  C:\Windows\System\bcEzNbr.exe
  2⤵
  PID:1684
- C:\Windows\System\wLPgDvb.exe
  C:\Windows\System\wLPgDvb.exe
  2⤵
  PID:852
- C:\Windows\System\QctUHTb.exe
  C:\Windows\System\QctUHTb.exe
  2⤵
  PID:2344
- C:\Windows\System\wLrzFTz.exe
  C:\Windows\System\wLrzFTz.exe
  2⤵
  PID:2140
- C:\Windows\System\FWsDeBJ.exe
  C:\Windows\System\FWsDeBJ.exe
  2⤵
  PID:1280
- C:\Windows\System\SboaXGY.exe
  C:\Windows\System\SboaXGY.exe
  2⤵
  PID:2476
- C:\Windows\System\SiqrBTI.exe
  C:\Windows\System\SiqrBTI.exe
  2⤵
  PID:2260
- C:\Windows\System\iTFdDhc.exe
  C:\Windows\System\iTFdDhc.exe
  2⤵
  PID:2028
- C:\Windows\System\NlMVUzO.exe
  C:\Windows\System\NlMVUzO.exe
  2⤵
  PID:1000
- C:\Windows\System\wyVmJek.exe
  C:\Windows\System\wyVmJek.exe
  2⤵
  PID:1100
- C:\Windows\System\PSOkbIb.exe
  C:\Windows\System\PSOkbIb.exe
  2⤵
  PID:1540
- C:\Windows\System\HQdXRtr.exe
  C:\Windows\System\HQdXRtr.exe
  2⤵
  PID:2240
- C:\Windows\System\Bmsqkkb.exe
  C:\Windows\System\Bmsqkkb.exe
  2⤵
  PID:892
- C:\Windows\System\WOetPJr.exe
  C:\Windows\System\WOetPJr.exe
  2⤵
  PID:1840
- C:\Windows\System\boFpFPp.exe
  C:\Windows\System\boFpFPp.exe
  2⤵
  PID:2572
- C:\Windows\System\vssHlsm.exe
  C:\Windows\System\vssHlsm.exe
  2⤵
  PID:2160
- C:\Windows\System\yuTfpdl.exe
  C:\Windows\System\yuTfpdl.exe
  2⤵
  PID:572
- C:\Windows\System\ifQPsbu.exe
  C:\Windows\System\ifQPsbu.exe
  2⤵
  PID:2320
- C:\Windows\System\ncRZHHL.exe
  C:\Windows\System\ncRZHHL.exe
  2⤵
  PID:336
- C:\Windows\System\CXxLRhu.exe
  C:\Windows\System\CXxLRhu.exe
  2⤵
  PID:1656
- C:\Windows\System\hUPSAtz.exe
  C:\Windows\System\hUPSAtz.exe
  2⤵
  PID:1784
- C:\Windows\System\urIWSSb.exe
  C:\Windows\System\urIWSSb.exe
  2⤵
  PID:1932
- C:\Windows\System\GNZMmDu.exe
  C:\Windows\System\GNZMmDu.exe
  2⤵
  PID:3020
- C:\Windows\System\yDbEOgt.exe
  C:\Windows\System\yDbEOgt.exe
  2⤵
  PID:1724
- C:\Windows\System\yGxpJjs.exe
  C:\Windows\System\yGxpJjs.exe
  2⤵
  PID:2820
- C:\Windows\System\XpVFDXL.exe
  C:\Windows\System\XpVFDXL.exe
  2⤵
  PID:2872
- C:\Windows\System\zQSRZIi.exe
  C:\Windows\System\zQSRZIi.exe
  2⤵
  PID:2836
- C:\Windows\System\pWgEBMe.exe
  C:\Windows\System\pWgEBMe.exe
  2⤵
  PID:2632
- C:\Windows\System\hfeMPrq.exe
  C:\Windows\System\hfeMPrq.exe
  2⤵
  PID:1488
- C:\Windows\System\WalcBAO.exe
  C:\Windows\System\WalcBAO.exe
  2⤵
  PID:1832
- C:\Windows\System\KeYOBPp.exe
  C:\Windows\System\KeYOBPp.exe
  2⤵
  PID:1704
- C:\Windows\System\WsTYpOZ.exe
  C:\Windows\System\WsTYpOZ.exe
  2⤵
  PID:3056
- C:\Windows\System\OJNzFpE.exe
  C:\Windows\System\OJNzFpE.exe
  2⤵
  PID:1792
- C:\Windows\System\GcOggiz.exe
  C:\Windows\System\GcOggiz.exe
  2⤵
  PID:1648
- C:\Windows\System\GHgWKEs.exe
  C:\Windows\System\GHgWKEs.exe
  2⤵
  PID:2056
- C:\Windows\System\nVpcssq.exe
  C:\Windows\System\nVpcssq.exe
  2⤵
  PID:2396
- C:\Windows\System\DqcUaiy.exe
  C:\Windows\System\DqcUaiy.exe
  2⤵
  PID:2112
- C:\Windows\System\eQyNFAV.exe
  C:\Windows\System\eQyNFAV.exe
  2⤵
  PID:2604
- C:\Windows\System\lbGHJlt.exe
  C:\Windows\System\lbGHJlt.exe
  2⤵
  PID:760
- C:\Windows\System\SuxSkmM.exe
  C:\Windows\System\SuxSkmM.exe
  2⤵
  PID:296
- C:\Windows\System\AooXOdZ.exe
  C:\Windows\System\AooXOdZ.exe
  2⤵
  PID:2488
- C:\Windows\System\jLlHLqZ.exe
  C:\Windows\System\jLlHLqZ.exe
  2⤵
  PID:2388
- C:\Windows\System\pRDNYIX.exe
  C:\Windows\System\pRDNYIX.exe
  2⤵
  PID:568
- C:\Windows\System\UDtTDRj.exe
  C:\Windows\System\UDtTDRj.exe
  2⤵
  PID:2500
- C:\Windows\System\ccCVGSa.exe
  C:\Windows\System\ccCVGSa.exe
  2⤵
  PID:2308
- C:\Windows\System\lcuFKTM.exe
  C:\Windows\System\lcuFKTM.exe
  2⤵
  PID:2300
- C:\Windows\System\LleSuuj.exe
  C:\Windows\System\LleSuuj.exe
  2⤵
  PID:2384
- C:\Windows\System\wPGaqOJ.exe
  C:\Windows\System\wPGaqOJ.exe
  2⤵
  PID:2436
- C:\Windows\System\MGKTbLy.exe
  C:\Windows\System\MGKTbLy.exe
  2⤵
  PID:2708
- C:\Windows\System\uNXRqjW.exe
  C:\Windows\System\uNXRqjW.exe
  2⤵
  PID:2284
- C:\Windows\System\tYnkhcV.exe
  C:\Windows\System\tYnkhcV.exe
  2⤵
  PID:2088
- C:\Windows\System\ibncIhC.exe
  C:\Windows\System\ibncIhC.exe
  2⤵
  PID:2936
- C:\Windows\System\ThUVPJW.exe
  C:\Windows\System\ThUVPJW.exe
  2⤵
  PID:1768
- C:\Windows\System\tJpUrag.exe
  C:\Windows\System\tJpUrag.exe
  2⤵
  PID:2964
- C:\Windows\System\sBZYhHI.exe
  C:\Windows\System\sBZYhHI.exe
  2⤵
  PID:2904
- C:\Windows\System\DdQMzjU.exe
  C:\Windows\System\DdQMzjU.exe
  2⤵
  PID:2256
- C:\Windows\System\yatzXBl.exe
  C:\Windows\System\yatzXBl.exe
  2⤵
  PID:3084
- C:\Windows\System\GRpDAlZ.exe
  C:\Windows\System\GRpDAlZ.exe
  2⤵
  PID:3100
- C:\Windows\System\xyacFGD.exe
  C:\Windows\System\xyacFGD.exe
  2⤵
  PID:3116
- C:\Windows\System\CUwuvSG.exe
  C:\Windows\System\CUwuvSG.exe
  2⤵
  PID:3132
- C:\Windows\System\gzBezyz.exe
  C:\Windows\System\gzBezyz.exe
  2⤵
  PID:3148
- C:\Windows\System\ocjgqEy.exe
  C:\Windows\System\ocjgqEy.exe
  2⤵
  PID:3164
- C:\Windows\System\AqkzHbE.exe
  C:\Windows\System\AqkzHbE.exe
  2⤵
  PID:3180
- C:\Windows\System\MxrrPpH.exe
  C:\Windows\System\MxrrPpH.exe
  2⤵
  PID:3196
- C:\Windows\System\KOyzZZg.exe
  C:\Windows\System\KOyzZZg.exe
  2⤵
  PID:3212
- C:\Windows\System\axVRRiJ.exe
  C:\Windows\System\axVRRiJ.exe
  2⤵
  PID:3228
- C:\Windows\System\pKKykyG.exe
  C:\Windows\System\pKKykyG.exe
  2⤵
  PID:3244
- C:\Windows\System\MkuImKT.exe
  C:\Windows\System\MkuImKT.exe
  2⤵
  PID:3260
- C:\Windows\System\eAVofgd.exe
  C:\Windows\System\eAVofgd.exe
  2⤵
  PID:3276
- C:\Windows\System\GInsiQD.exe
  C:\Windows\System\GInsiQD.exe
  2⤵
  PID:3292
- C:\Windows\System\YmIHLex.exe
  C:\Windows\System\YmIHLex.exe
  2⤵
  PID:3308
- C:\Windows\System\CTyFHKt.exe
  C:\Windows\System\CTyFHKt.exe
  2⤵
  PID:3328
- C:\Windows\System\QtYcDmq.exe
  C:\Windows\System\QtYcDmq.exe
  2⤵
  PID:3344
- C:\Windows\System\xlSaToq.exe
  C:\Windows\System\xlSaToq.exe
  2⤵
  PID:3360
- C:\Windows\System\hBWQtSB.exe
  C:\Windows\System\hBWQtSB.exe
  2⤵
  PID:3376
- C:\Windows\System\dXaZfGG.exe
  C:\Windows\System\dXaZfGG.exe
  2⤵
  PID:3392
- C:\Windows\System\ytcektT.exe
  C:\Windows\System\ytcektT.exe
  2⤵
  PID:3408
- C:\Windows\System\itTJKTU.exe
  C:\Windows\System\itTJKTU.exe
  2⤵
  PID:3424
- C:\Windows\System\ElaAihb.exe
  C:\Windows\System\ElaAihb.exe
  2⤵
  PID:3440
- C:\Windows\System\zCEoAxP.exe
  C:\Windows\System\zCEoAxP.exe
  2⤵
  PID:3456
- C:\Windows\System\qiXpUGg.exe
  C:\Windows\System\qiXpUGg.exe
  2⤵
  PID:3472
- C:\Windows\System\CiriPBj.exe
  C:\Windows\System\CiriPBj.exe
  2⤵
  PID:3488
- C:\Windows\System\FohSDgA.exe
  C:\Windows\System\FohSDgA.exe
  2⤵
  PID:3504
- C:\Windows\System\qGaysNO.exe
  C:\Windows\System\qGaysNO.exe
  2⤵
  PID:3520
- C:\Windows\System\EqgsNBu.exe
  C:\Windows\System\EqgsNBu.exe
  2⤵
  PID:3536
- C:\Windows\System\HCbPJrQ.exe
  C:\Windows\System\HCbPJrQ.exe
  2⤵
  PID:3552
- C:\Windows\System\wxxRDWR.exe
  C:\Windows\System\wxxRDWR.exe
  2⤵
  PID:3568
- C:\Windows\System\lwJGkXF.exe
  C:\Windows\System\lwJGkXF.exe
  2⤵
  PID:3584
- C:\Windows\System\pKnqPGd.exe
  C:\Windows\System\pKnqPGd.exe
  2⤵
  PID:3600
- C:\Windows\System\ItrMbgB.exe
  C:\Windows\System\ItrMbgB.exe
  2⤵
  PID:3616
- C:\Windows\System\bhqkKMI.exe
  C:\Windows\System\bhqkKMI.exe
  2⤵
  PID:3632
- C:\Windows\System\BAjgQKF.exe
  C:\Windows\System\BAjgQKF.exe
  2⤵
  PID:3648
- C:\Windows\System\SVhoyQk.exe
  C:\Windows\System\SVhoyQk.exe
  2⤵
  PID:3664
- C:\Windows\System\twiydiD.exe
  C:\Windows\System\twiydiD.exe
  2⤵
  PID:3680
- C:\Windows\System\xoQHCVl.exe
  C:\Windows\System\xoQHCVl.exe
  2⤵
  PID:3696
- C:\Windows\System\TGaekMf.exe
  C:\Windows\System\TGaekMf.exe
  2⤵
  PID:3712
- C:\Windows\System\IojTptS.exe
  C:\Windows\System\IojTptS.exe
  2⤵
  PID:3728
- C:\Windows\System\GHHoSHt.exe
  C:\Windows\System\GHHoSHt.exe
  2⤵
  PID:3744
- C:\Windows\System\jyJsAJJ.exe
  C:\Windows\System\jyJsAJJ.exe
  2⤵
  PID:3760
- C:\Windows\System\tKOrsfl.exe
  C:\Windows\System\tKOrsfl.exe
  2⤵
  PID:3776
- C:\Windows\System\MrTSgbE.exe
  C:\Windows\System\MrTSgbE.exe
  2⤵
  PID:3792
- C:\Windows\System\rEnhiCq.exe
  C:\Windows\System\rEnhiCq.exe
  2⤵
  PID:3808
- C:\Windows\System\lkvvKGC.exe
  C:\Windows\System\lkvvKGC.exe
  2⤵
  PID:3824
- C:\Windows\System\OedocQN.exe
  C:\Windows\System\OedocQN.exe
  2⤵
  PID:3840
- C:\Windows\System\UnSnQwJ.exe
  C:\Windows\System\UnSnQwJ.exe
  2⤵
  PID:3856
- C:\Windows\System\lcjnWYF.exe
  C:\Windows\System\lcjnWYF.exe
  2⤵
  PID:3872
- C:\Windows\System\hPsyUOJ.exe
  C:\Windows\System\hPsyUOJ.exe
  2⤵
  PID:3888
- C:\Windows\System\NLOlZJn.exe
  C:\Windows\System\NLOlZJn.exe
  2⤵
  PID:3904
- C:\Windows\System\kiCgCEz.exe
  C:\Windows\System\kiCgCEz.exe
  2⤵
  PID:3920
- C:\Windows\System\tgvpZXX.exe
  C:\Windows\System\tgvpZXX.exe
  2⤵
  PID:3936
- C:\Windows\System\SoQaRfj.exe
  C:\Windows\System\SoQaRfj.exe
  2⤵
  PID:3952
- C:\Windows\System\JnGMTHQ.exe
  C:\Windows\System\JnGMTHQ.exe
  2⤵
  PID:3968
- C:\Windows\System\zfXabeu.exe
  C:\Windows\System\zfXabeu.exe
  2⤵
  PID:3984
- C:\Windows\System\VVYHxZv.exe
  C:\Windows\System\VVYHxZv.exe
  2⤵
  PID:4000
- C:\Windows\System\qyzthrH.exe
  C:\Windows\System\qyzthrH.exe
  2⤵
  PID:4016
- C:\Windows\System\kAqpqRl.exe
  C:\Windows\System\kAqpqRl.exe
  2⤵
  PID:4032
- C:\Windows\System\aqXgucO.exe
  C:\Windows\System\aqXgucO.exe
  2⤵
  PID:4048
- C:\Windows\System\sMmYFMY.exe
  C:\Windows\System\sMmYFMY.exe
  2⤵
  PID:4064
- C:\Windows\System\lxtrpfP.exe
  C:\Windows\System\lxtrpfP.exe
  2⤵
  PID:4080
- C:\Windows\System\smBhMbw.exe
  C:\Windows\System\smBhMbw.exe
  2⤵
  PID:2852
- C:\Windows\System\OmVOIQZ.exe
  C:\Windows\System\OmVOIQZ.exe
  2⤵
  PID:2772
- C:\Windows\System\rAsLwOy.exe
  C:\Windows\System\rAsLwOy.exe
  2⤵
  PID:2724
- C:\Windows\System\vXzBRnk.exe
  C:\Windows\System\vXzBRnk.exe
  2⤵
  PID:2348
- C:\Windows\System\KvWRiuK.exe
  C:\Windows\System\KvWRiuK.exe
  2⤵
  PID:1764
- C:\Windows\System\YhjhWYB.exe
  C:\Windows\System\YhjhWYB.exe
  2⤵
  PID:1664
- C:\Windows\System\WgomTpk.exe
  C:\Windows\System\WgomTpk.exe
  2⤵
  PID:3140
- C:\Windows\System\bKtdOhx.exe
  C:\Windows\System\bKtdOhx.exe
  2⤵
  PID:3092
- C:\Windows\System\PyjasyI.exe
  C:\Windows\System\PyjasyI.exe
  2⤵
  PID:3204
- C:\Windows\System\rWsHisb.exe
  C:\Windows\System\rWsHisb.exe
  2⤵
  PID:3156
- C:\Windows\System\YYVITQH.exe
  C:\Windows\System\YYVITQH.exe
  2⤵
  PID:3188
- C:\Windows\System\pXzwSpc.exe
  C:\Windows\System\pXzwSpc.exe
  2⤵
  PID:3268
- C:\Windows\System\rRZVUGc.exe
  C:\Windows\System\rRZVUGc.exe
  2⤵
  PID:3300
- C:\Windows\System\lTlybJm.exe
  C:\Windows\System\lTlybJm.exe
  2⤵
  PID:3256
- C:\Windows\System\YLqNiKb.exe
  C:\Windows\System\YLqNiKb.exe
  2⤵
  PID:3372
- C:\Windows\System\egwJEsD.exe
  C:\Windows\System\egwJEsD.exe
  2⤵
  PID:3436
- C:\Windows\System\sbZnfuW.exe
  C:\Windows\System\sbZnfuW.exe
  2⤵
  PID:3500
- C:\Windows\System\WscKgdk.exe
  C:\Windows\System\WscKgdk.exe
  2⤵
  PID:3564
- C:\Windows\System\owNfHNg.exe
  C:\Windows\System\owNfHNg.exe
  2⤵
  PID:3316
- C:\Windows\System\CKhTvAS.exe
  C:\Windows\System\CKhTvAS.exe
  2⤵
  PID:3324
- C:\Windows\System\ZMMbFds.exe
  C:\Windows\System\ZMMbFds.exe
  2⤵
  PID:3660
- C:\Windows\System\MYDbTgw.exe
  C:\Windows\System\MYDbTgw.exe
  2⤵
  PID:3356
- C:\Windows\System\VWrlheg.exe
  C:\Windows\System\VWrlheg.exe
  2⤵
  PID:3384
- C:\Windows\System\zfQJypp.exe
  C:\Windows\System\zfQJypp.exe
  2⤵
  PID:3720
- C:\Windows\System\EAZKCBw.exe
  C:\Windows\System\EAZKCBw.exe
  2⤵
  PID:3784
- C:\Windows\System\sgUkATo.exe
  C:\Windows\System\sgUkATo.exe
  2⤵
  PID:3704
- C:\Windows\System\HWPnRkw.exe
  C:\Windows\System\HWPnRkw.exe
  2⤵
  PID:3516
- C:\Windows\System\OKNPkKP.exe
  C:\Windows\System\OKNPkKP.exe
  2⤵
  PID:3644
- C:\Windows\System\BTIZRNY.exe
  C:\Windows\System\BTIZRNY.exe
  2⤵
  PID:3848
- C:\Windows\System\zxPwBmg.exe
  C:\Windows\System\zxPwBmg.exe
  2⤵
  PID:3740
- C:\Windows\System\LIeFVJb.exe
  C:\Windows\System\LIeFVJb.exe
  2⤵
  PID:3800
- C:\Windows\System\vuEvjcL.exe
  C:\Windows\System\vuEvjcL.exe
  2⤵
  PID:3864
- C:\Windows\System\hFYCMcJ.exe
  C:\Windows\System\hFYCMcJ.exe
  2⤵
  PID:3916
- C:\Windows\System\TuNqiHk.exe
  C:\Windows\System\TuNqiHk.exe
  2⤵
  PID:3980
- C:\Windows\System\KScpJnH.exe
  C:\Windows\System\KScpJnH.exe
  2⤵
  PID:4044
- C:\Windows\System\apxjJOn.exe
  C:\Windows\System\apxjJOn.exe
  2⤵
  PID:2612
- C:\Windows\System\ggZuoZa.exe
  C:\Windows\System\ggZuoZa.exe
  2⤵
  PID:1984
- C:\Windows\System\hfXiIXu.exe
  C:\Windows\System\hfXiIXu.exe
  2⤵
  PID:3932
- C:\Windows\System\bxQHihC.exe
  C:\Windows\System\bxQHihC.exe
  2⤵
  PID:3964
- C:\Windows\System\FRyhyWZ.exe
  C:\Windows\System\FRyhyWZ.exe
  2⤵
  PID:4028
- C:\Windows\System\WkjCOdq.exe
  C:\Windows\System\WkjCOdq.exe
  2⤵
  PID:3240
- C:\Windows\System\dydmjGO.exe
  C:\Windows\System\dydmjGO.exe
  2⤵
  PID:2748
- C:\Windows\System\zGytbOr.exe
  C:\Windows\System\zGytbOr.exe
  2⤵
  PID:3176
- C:\Windows\System\DELKaGf.exe
  C:\Windows\System\DELKaGf.exe
  2⤵
  PID:3076
- C:\Windows\System\aybeAXq.exe
  C:\Windows\System\aybeAXq.exe
  2⤵
  PID:3404
- C:\Windows\System\XMkFugb.exe
  C:\Windows\System\XMkFugb.exe
  2⤵
  PID:3432
- C:\Windows\System\TnIcsZy.exe
  C:\Windows\System\TnIcsZy.exe
  2⤵
  PID:3560
- C:\Windows\System\zKGTjhE.exe
  C:\Windows\System\zKGTjhE.exe
  2⤵
  PID:3596
- C:\Windows\System\SbrJPKW.exe
  C:\Windows\System\SbrJPKW.exe
  2⤵
  PID:3628
- C:\Windows\System\QZYrIci.exe
  C:\Windows\System\QZYrIci.exe
  2⤵
  PID:3420
- C:\Windows\System\gZjJFcS.exe
  C:\Windows\System\gZjJFcS.exe
  2⤵
  PID:3576
- C:\Windows\System\QPKLdkF.exe
  C:\Windows\System\QPKLdkF.exe
  2⤵
  PID:3388
- C:\Windows\System\RBMvImd.exe
  C:\Windows\System\RBMvImd.exe
  2⤵
  PID:3880
- C:\Windows\System\JFAodFD.exe
  C:\Windows\System\JFAodFD.exe
  2⤵
  PID:3768
- C:\Windows\System\YTQJuNT.exe
  C:\Windows\System\YTQJuNT.exe
  2⤵
  PID:3948
- C:\Windows\System\BgsUqjf.exe
  C:\Windows\System\BgsUqjf.exe
  2⤵
  PID:4076
- C:\Windows\System\njBDCuL.exe
  C:\Windows\System\njBDCuL.exe
  2⤵
  PID:3900
- C:\Windows\System\RSUUslf.exe
  C:\Windows\System\RSUUslf.exe
  2⤵
  PID:1800
- C:\Windows\System\odQOrqY.exe
  C:\Windows\System\odQOrqY.exe
  2⤵
  PID:2992
- C:\Windows\System\rlnxXfn.exe
  C:\Windows\System\rlnxXfn.exe
  2⤵
  PID:4092
- C:\Windows\System\dNymtSK.exe
  C:\Windows\System\dNymtSK.exe
  2⤵
  PID:3336
- C:\Windows\System\yLrYHIL.exe
  C:\Windows\System\yLrYHIL.exe
  2⤵
  PID:3532
- C:\Windows\System\WBXnfCO.exe
  C:\Windows\System\WBXnfCO.exe
  2⤵
  PID:3496
- C:\Windows\System\OeSZBeG.exe
  C:\Windows\System\OeSZBeG.exe
  2⤵
  PID:4104
- C:\Windows\System\bcbkEaN.exe
  C:\Windows\System\bcbkEaN.exe
  2⤵
  PID:4120
- C:\Windows\System\CdNHlFa.exe
  C:\Windows\System\CdNHlFa.exe
  2⤵
  PID:4136
- C:\Windows\System\loqAQIy.exe
  C:\Windows\System\loqAQIy.exe
  2⤵
  PID:4152
- C:\Windows\System\oOFqSpi.exe
  C:\Windows\System\oOFqSpi.exe
  2⤵
  PID:4168
- C:\Windows\System\hxBASTs.exe
  C:\Windows\System\hxBASTs.exe
  2⤵
  PID:4184
- C:\Windows\System\VPkWodb.exe
  C:\Windows\System\VPkWodb.exe
  2⤵
  PID:4200
- C:\Windows\System\MaGnMDg.exe
  C:\Windows\System\MaGnMDg.exe
  2⤵
  PID:4216
- C:\Windows\System\wKIgPBr.exe
  C:\Windows\System\wKIgPBr.exe
  2⤵
  PID:4232
- C:\Windows\System\WuZOzeV.exe
  C:\Windows\System\WuZOzeV.exe
  2⤵
  PID:4248
- C:\Windows\System\chSuwks.exe
  C:\Windows\System\chSuwks.exe
  2⤵
  PID:4264
- C:\Windows\System\IMzQXlB.exe
  C:\Windows\System\IMzQXlB.exe
  2⤵
  PID:4280
- C:\Windows\System\ESsmJhr.exe
  C:\Windows\System\ESsmJhr.exe
  2⤵
  PID:4296
- C:\Windows\System\aMJpsqg.exe
  C:\Windows\System\aMJpsqg.exe
  2⤵
  PID:4312
- C:\Windows\System\YSTqeAD.exe
  C:\Windows\System\YSTqeAD.exe
  2⤵
  PID:4328
- C:\Windows\System\qdRKHay.exe
  C:\Windows\System\qdRKHay.exe
  2⤵
  PID:4344
- C:\Windows\System\GKlhoBV.exe
  C:\Windows\System\GKlhoBV.exe
  2⤵
  PID:4360
- C:\Windows\System\kAamVMf.exe
  C:\Windows\System\kAamVMf.exe
  2⤵
  PID:4376
- C:\Windows\System\HFPMupN.exe
  C:\Windows\System\HFPMupN.exe
  2⤵
  PID:4392
- C:\Windows\System\PwCCjAW.exe
  C:\Windows\System\PwCCjAW.exe
  2⤵
  PID:4408
- C:\Windows\System\bGVJDjd.exe
  C:\Windows\System\bGVJDjd.exe
  2⤵
  PID:4424
- C:\Windows\System\RzmZNon.exe
  C:\Windows\System\RzmZNon.exe
  2⤵
  PID:4440
- C:\Windows\System\TrMeyGF.exe
  C:\Windows\System\TrMeyGF.exe
  2⤵
  PID:4456
- C:\Windows\System\kioBOCt.exe
  C:\Windows\System\kioBOCt.exe
  2⤵
  PID:4472
- C:\Windows\System\TVxIKIj.exe
  C:\Windows\System\TVxIKIj.exe
  2⤵
  PID:4488
- C:\Windows\System\njJqDIF.exe
  C:\Windows\System\njJqDIF.exe
  2⤵
  PID:4504
- C:\Windows\System\aRiOWMf.exe
  C:\Windows\System\aRiOWMf.exe
  2⤵
  PID:4520
- C:\Windows\System\RaKtmXd.exe
  C:\Windows\System\RaKtmXd.exe
  2⤵
  PID:4536
- C:\Windows\System\ivJoHYM.exe
  C:\Windows\System\ivJoHYM.exe
  2⤵
  PID:4552
- C:\Windows\System\fuRjuPI.exe
  C:\Windows\System\fuRjuPI.exe
  2⤵
  PID:4568
- C:\Windows\System\MMBdgiT.exe
  C:\Windows\System\MMBdgiT.exe
  2⤵
  PID:4584
- C:\Windows\System\LlNerPR.exe
  C:\Windows\System\LlNerPR.exe
  2⤵
  PID:4600
- C:\Windows\System\XnMPGMq.exe
  C:\Windows\System\XnMPGMq.exe
  2⤵
  PID:4616
- C:\Windows\System\HQqsbFW.exe
  C:\Windows\System\HQqsbFW.exe
  2⤵
  PID:4632
- C:\Windows\System\YrLaOot.exe
  C:\Windows\System\YrLaOot.exe
  2⤵
  PID:4648
- C:\Windows\System\FkfLbNm.exe
  C:\Windows\System\FkfLbNm.exe
  2⤵
  PID:4664
- C:\Windows\System\UwxmdwF.exe
  C:\Windows\System\UwxmdwF.exe
  2⤵
  PID:4680
- C:\Windows\System\TAUZtIV.exe
  C:\Windows\System\TAUZtIV.exe
  2⤵
  PID:4696
- C:\Windows\System\QOaxppU.exe
  C:\Windows\System\QOaxppU.exe
  2⤵
  PID:4712
- C:\Windows\System\wgaURlD.exe
  C:\Windows\System\wgaURlD.exe
  2⤵
  PID:4728
- C:\Windows\System\isfdpCx.exe
  C:\Windows\System\isfdpCx.exe
  2⤵
  PID:4744
- C:\Windows\System\WgCLfwt.exe
  C:\Windows\System\WgCLfwt.exe
  2⤵
  PID:4760
- C:\Windows\System\djnFNMQ.exe
  C:\Windows\System\djnFNMQ.exe
  2⤵
  PID:4776
- C:\Windows\System\yaTMfcR.exe
  C:\Windows\System\yaTMfcR.exe
  2⤵
  PID:4792
- C:\Windows\System\SFkjKhY.exe
  C:\Windows\System\SFkjKhY.exe
  2⤵
  PID:4808
- C:\Windows\System\SYlImXU.exe
  C:\Windows\System\SYlImXU.exe
  2⤵
  PID:4824
- C:\Windows\System\PxGOnvx.exe
  C:\Windows\System\PxGOnvx.exe
  2⤵
  PID:4840
- C:\Windows\System\SMBvwRz.exe
  C:\Windows\System\SMBvwRz.exe
  2⤵
  PID:4860
- C:\Windows\System\RwjyHvO.exe
  C:\Windows\System\RwjyHvO.exe
  2⤵
  PID:4876
- C:\Windows\System\csPzxhM.exe
  C:\Windows\System\csPzxhM.exe
  2⤵
  PID:4892
- C:\Windows\System\bqmfQAZ.exe
  C:\Windows\System\bqmfQAZ.exe
  2⤵
  PID:4908
- C:\Windows\System\grKdefW.exe
  C:\Windows\System\grKdefW.exe
  2⤵
  PID:4924
- C:\Windows\System\mvfXjjj.exe
  C:\Windows\System\mvfXjjj.exe
  2⤵
  PID:4940
- C:\Windows\System\ISiocLa.exe
  C:\Windows\System\ISiocLa.exe
  2⤵
  PID:4956
- C:\Windows\System\fdcubok.exe
  C:\Windows\System\fdcubok.exe
  2⤵
  PID:4972
- C:\Windows\System\ZoFhLbe.exe
  C:\Windows\System\ZoFhLbe.exe
  2⤵
  PID:4988
- C:\Windows\System\hJqYPpH.exe
  C:\Windows\System\hJqYPpH.exe
  2⤵
  PID:5004
- C:\Windows\System\uFFDdwa.exe
  C:\Windows\System\uFFDdwa.exe
  2⤵
  PID:5020
- C:\Windows\System\awJempf.exe
  C:\Windows\System\awJempf.exe
  2⤵
  PID:5036
- C:\Windows\System\xCansyl.exe
  C:\Windows\System\xCansyl.exe
  2⤵
  PID:5052
- C:\Windows\System\WkYSagR.exe
  C:\Windows\System\WkYSagR.exe
  2⤵
  PID:5068
- C:\Windows\System\cUVqFIO.exe
  C:\Windows\System\cUVqFIO.exe
  2⤵
  PID:5084
- C:\Windows\System\nNVjMcQ.exe
  C:\Windows\System\nNVjMcQ.exe
  2⤵
  PID:5100
- C:\Windows\System\LYAyXBD.exe
  C:\Windows\System\LYAyXBD.exe
  2⤵
  PID:5116
- C:\Windows\System\tPCDbbx.exe
  C:\Windows\System\tPCDbbx.exe
  2⤵
  PID:3820
- C:\Windows\System\vjMFbIB.exe
  C:\Windows\System\vjMFbIB.exe
  2⤵
  PID:3832
- C:\Windows\System\xupNQeq.exe
  C:\Windows\System\xupNQeq.exe
  2⤵
  PID:3976
- C:\Windows\System\pUmDzCu.exe
  C:\Windows\System\pUmDzCu.exe
  2⤵
  PID:3896
- C:\Windows\System\TYmSRXX.exe
  C:\Windows\System\TYmSRXX.exe
  2⤵
  PID:4056
- C:\Windows\System\PNLqkIQ.exe
  C:\Windows\System\PNLqkIQ.exe
  2⤵
  PID:3108
- C:\Windows\System\TCiwMMZ.exe
  C:\Windows\System\TCiwMMZ.exe
  2⤵
  PID:3368
- C:\Windows\System\APEjTdn.exe
  C:\Windows\System\APEjTdn.exe
  2⤵
  PID:4116
- C:\Windows\System\ajOxclK.exe
  C:\Windows\System\ajOxclK.exe
  2⤵
  PID:4160
- C:\Windows\System\KsKAOBW.exe
  C:\Windows\System\KsKAOBW.exe
  2⤵
  PID:4180
- C:\Windows\System\UrsFvgD.exe
  C:\Windows\System\UrsFvgD.exe
  2⤵
  PID:4224
- C:\Windows\System\JYbZTEz.exe
  C:\Windows\System\JYbZTEz.exe
  2⤵
  PID:4256
- C:\Windows\System\DwibdZF.exe
  C:\Windows\System\DwibdZF.exe
  2⤵
  PID:4288
- C:\Windows\System\PSANQvC.exe
  C:\Windows\System\PSANQvC.exe
  2⤵
  PID:4320
- C:\Windows\System\pSrohzz.exe
  C:\Windows\System\pSrohzz.exe
  2⤵
  PID:4340
- C:\Windows\System\qtQnBSL.exe
  C:\Windows\System\qtQnBSL.exe
  2⤵
  PID:4384
- C:\Windows\System\HcRmkYL.exe
  C:\Windows\System\HcRmkYL.exe
  2⤵
  PID:4404
- C:\Windows\System\UqlLPhE.exe
  C:\Windows\System\UqlLPhE.exe
  2⤵
  PID:4448
- C:\Windows\System\IlbRNhj.exe
  C:\Windows\System\IlbRNhj.exe
  2⤵
  PID:4468
- C:\Windows\System\skKOuOV.exe
  C:\Windows\System\skKOuOV.exe
  2⤵
  PID:4500
- C:\Windows\System\mplwzyX.exe
  C:\Windows\System\mplwzyX.exe
  2⤵
  PID:4532
- C:\Windows\System\nRnOezJ.exe
  C:\Windows\System\nRnOezJ.exe
  2⤵
  PID:4564
- C:\Windows\System\MTnzfLa.exe
  C:\Windows\System\MTnzfLa.exe
  2⤵
  PID:4608
- C:\Windows\System\RctZlmB.exe
  C:\Windows\System\RctZlmB.exe
  2⤵
  PID:4628
- C:\Windows\System\QQEksGt.exe
  C:\Windows\System\QQEksGt.exe
  2⤵
  PID:4672
- C:\Windows\System\DzaPEVe.exe
  C:\Windows\System\DzaPEVe.exe
  2⤵
  PID:4692
- C:\Windows\System\XsvgoiA.exe
  C:\Windows\System\XsvgoiA.exe
  2⤵
  PID:4736
- C:\Windows\System\YgzxLQa.exe
  C:\Windows\System\YgzxLQa.exe
  2⤵
  PID:4768
- C:\Windows\System\NLifmzk.exe
  C:\Windows\System\NLifmzk.exe
  2⤵
  PID:4800
- C:\Windows\System\QRvlhJj.exe
  C:\Windows\System\QRvlhJj.exe
  2⤵
  PID:4820
- C:\Windows\System\OsEwepq.exe
  C:\Windows\System\OsEwepq.exe
  2⤵
  PID:4856
- C:\Windows\System\pkkSRKw.exe
  C:\Windows\System\pkkSRKw.exe
  2⤵
  PID:4888
- C:\Windows\System\YoHdAvR.exe
  C:\Windows\System\YoHdAvR.exe
  2⤵
  PID:4932
- C:\Windows\System\FmeTOjC.exe
  C:\Windows\System\FmeTOjC.exe
  2⤵
  PID:4964
- C:\Windows\System\sMBNXVP.exe
  C:\Windows\System\sMBNXVP.exe
  2⤵
  PID:4996
- C:\Windows\System\FfMfXew.exe
  C:\Windows\System\FfMfXew.exe
  2⤵
  PID:5028
- C:\Windows\System\eZxQiqB.exe
  C:\Windows\System\eZxQiqB.exe
  2⤵
  PID:5048
- C:\Windows\System\YyfTDMy.exe
  C:\Windows\System\YyfTDMy.exe
  2⤵
  PID:5080
- C:\Windows\System\VRcKVhi.exe
  C:\Windows\System\VRcKVhi.exe
  2⤵
  PID:5112
- C:\Windows\System\IyIwEFD.exe
  C:\Windows\System\IyIwEFD.exe
  2⤵
  PID:3612
- C:\Windows\System\gDNPwNd.exe
  C:\Windows\System\gDNPwNd.exe
  2⤵
  PID:3320
- C:\Windows\System\fjvCjCY.exe
  C:\Windows\System\fjvCjCY.exe
  2⤵
  PID:3252
- C:\Windows\System\FqRIpid.exe
  C:\Windows\System\FqRIpid.exe
  2⤵
  PID:4128
- C:\Windows\System\RijEixk.exe
  C:\Windows\System\RijEixk.exe
  2⤵
  PID:4192
- C:\Windows\System\MMScbjr.exe
  C:\Windows\System\MMScbjr.exe
  2⤵
  PID:4244
- C:\Windows\System\dxaBGhq.exe
  C:\Windows\System\dxaBGhq.exe
  2⤵
  PID:4336
- C:\Windows\System\kbzgDwU.exe
  C:\Windows\System\kbzgDwU.exe
  2⤵
  PID:4388
- C:\Windows\System\MoquNtP.exe
  C:\Windows\System\MoquNtP.exe
  2⤵
  PID:4452
- C:\Windows\System\xqGGyjw.exe
  C:\Windows\System\xqGGyjw.exe
  2⤵
  PID:4496
- C:\Windows\System\vONLfAl.exe
  C:\Windows\System\vONLfAl.exe
  2⤵
  PID:4560
- C:\Windows\System\ZtMCicP.exe
  C:\Windows\System\ZtMCicP.exe
  2⤵
  PID:4624
- C:\Windows\System\iaiaCcX.exe
  C:\Windows\System\iaiaCcX.exe
  2⤵
  PID:4720
- C:\Windows\System\rddTnvc.exe
  C:\Windows\System\rddTnvc.exe
  2⤵
  PID:4756
- C:\Windows\System\fintGBY.exe
  C:\Windows\System\fintGBY.exe
  2⤵
  PID:4848
- C:\Windows\System\aGWOUXR.exe
  C:\Windows\System\aGWOUXR.exe
  2⤵
  PID:4900
- C:\Windows\System\qQSwuhb.exe
  C:\Windows\System\qQSwuhb.exe
  2⤵
  PID:4980
- C:\Windows\System\PqyxELz.exe
  C:\Windows\System\PqyxELz.exe
  2⤵
  PID:5032
- C:\Windows\System\iistrAV.exe
  C:\Windows\System\iistrAV.exe
  2⤵
  PID:5076
- C:\Windows\System\DtvzVpZ.exe
  C:\Windows\System\DtvzVpZ.exe
  2⤵
  PID:3672
- C:\Windows\System\OUeWIwf.exe
  C:\Windows\System\OUeWIwf.exe
  2⤵
  PID:3112
- C:\Windows\System\hdIFWtB.exe
  C:\Windows\System\hdIFWtB.exe
  2⤵
  PID:4176
- C:\Windows\System\rhhhPik.exe
  C:\Windows\System\rhhhPik.exe
  2⤵
  PID:3548
- C:\Windows\System\NbCzoSJ.exe
  C:\Windows\System\NbCzoSJ.exe
  2⤵
  PID:4420
- C:\Windows\System\DzCAEAN.exe
  C:\Windows\System\DzCAEAN.exe
  2⤵
  PID:4612
- C:\Windows\System\lZvMhDM.exe
  C:\Windows\System\lZvMhDM.exe
  2⤵
  PID:5132
- C:\Windows\System\kKjvNcN.exe
  C:\Windows\System\kKjvNcN.exe
  2⤵
  PID:5148
- C:\Windows\System\bOBewgI.exe
  C:\Windows\System\bOBewgI.exe
  2⤵
  PID:5164
- C:\Windows\System\dZUoeaj.exe
  C:\Windows\System\dZUoeaj.exe
  2⤵
  PID:5180
- C:\Windows\System\CVsWAum.exe
  C:\Windows\System\CVsWAum.exe
  2⤵
  PID:5204
- C:\Windows\System\kVWcTfa.exe
  C:\Windows\System\kVWcTfa.exe
  2⤵
  PID:5220
- C:\Windows\System\SSvwICT.exe
  C:\Windows\System\SSvwICT.exe
  2⤵
  PID:5236
- C:\Windows\System\AOGfvnf.exe
  C:\Windows\System\AOGfvnf.exe
  2⤵
  PID:5252
- C:\Windows\System\QgKsYKQ.exe
  C:\Windows\System\QgKsYKQ.exe
  2⤵
  PID:5268
- C:\Windows\System\segwQiv.exe
  C:\Windows\System\segwQiv.exe
  2⤵
  PID:5284
- C:\Windows\System\HDazfQR.exe
  C:\Windows\System\HDazfQR.exe
  2⤵
  PID:5300
- C:\Windows\System\TFOsGCK.exe
  C:\Windows\System\TFOsGCK.exe
  2⤵
  PID:5316
- C:\Windows\System\UFoPTjR.exe
  C:\Windows\System\UFoPTjR.exe
  2⤵
  PID:5332
- C:\Windows\System\YaQlKga.exe
  C:\Windows\System\YaQlKga.exe
  2⤵
  PID:5348
- C:\Windows\System\SidDurg.exe
  C:\Windows\System\SidDurg.exe
  2⤵
  PID:5364
- C:\Windows\System\OgzQsuC.exe
  C:\Windows\System\OgzQsuC.exe
  2⤵
  PID:5380
- C:\Windows\System\FXYBmmJ.exe
  C:\Windows\System\FXYBmmJ.exe
  2⤵
  PID:5400
- C:\Windows\System\ZgmWIRC.exe
  C:\Windows\System\ZgmWIRC.exe
  2⤵
  PID:5416
- C:\Windows\System\ITEOVCA.exe
  C:\Windows\System\ITEOVCA.exe
  2⤵
  PID:5436
- C:\Windows\System\KRzFQrU.exe
  C:\Windows\System\KRzFQrU.exe
  2⤵
  PID:5456
- C:\Windows\System\RyFNBGy.exe
  C:\Windows\System\RyFNBGy.exe
  2⤵
  PID:5472
- C:\Windows\System\xWFbEUg.exe
  C:\Windows\System\xWFbEUg.exe
  2⤵
  PID:5488
- C:\Windows\System\BskdMHn.exe
  C:\Windows\System\BskdMHn.exe
  2⤵
  PID:5504
- C:\Windows\System\JCeUkHz.exe
  C:\Windows\System\JCeUkHz.exe
  2⤵
  PID:5520
- C:\Windows\System\WXuiuvj.exe
  C:\Windows\System\WXuiuvj.exe
  2⤵
  PID:5544
- C:\Windows\System\PjCWolv.exe
  C:\Windows\System\PjCWolv.exe
  2⤵
  PID:5560
- C:\Windows\System\uaoZURT.exe
  C:\Windows\System\uaoZURT.exe
  2⤵
  PID:5576
- C:\Windows\System\oGqvCoL.exe
  C:\Windows\System\oGqvCoL.exe
  2⤵
  PID:5592
- C:\Windows\System\LZWHjCV.exe
  C:\Windows\System\LZWHjCV.exe
  2⤵
  PID:5608
- C:\Windows\System\tKEvRbg.exe
  C:\Windows\System\tKEvRbg.exe
  2⤵
  PID:5624
- C:\Windows\System\xBChwbh.exe
  C:\Windows\System\xBChwbh.exe
  2⤵
  PID:5640
- C:\Windows\System\DuUHduJ.exe
  C:\Windows\System\DuUHduJ.exe
  2⤵
  PID:5656
- C:\Windows\System\PincixY.exe
  C:\Windows\System\PincixY.exe
  2⤵
  PID:5672
- C:\Windows\System\lGfgsZr.exe
  C:\Windows\System\lGfgsZr.exe
  2⤵
  PID:5688
- C:\Windows\System\sjXsSLJ.exe
  C:\Windows\System\sjXsSLJ.exe
  2⤵
  PID:5704
- C:\Windows\System\WyDJHlf.exe
  C:\Windows\System\WyDJHlf.exe
  2⤵
  PID:5720
- C:\Windows\System\OBlCUpv.exe
  C:\Windows\System\OBlCUpv.exe
  2⤵
  PID:5740
- C:\Windows\System\pmCNfod.exe
  C:\Windows\System\pmCNfod.exe
  2⤵
  PID:5756
- C:\Windows\System\XFvxFBk.exe
  C:\Windows\System\XFvxFBk.exe
  2⤵
  PID:5772
- C:\Windows\System\nryAYCc.exe
  C:\Windows\System\nryAYCc.exe
  2⤵
  PID:5788
- C:\Windows\System\nKKOxui.exe
  C:\Windows\System\nKKOxui.exe
  2⤵
  PID:5804
- C:\Windows\System\tYDuDyY.exe
  C:\Windows\System\tYDuDyY.exe
  2⤵
  PID:5820
- C:\Windows\System\Dnkqalg.exe
  C:\Windows\System\Dnkqalg.exe
  2⤵
  PID:5836
- C:\Windows\System\JnAaRkm.exe
  C:\Windows\System\JnAaRkm.exe
  2⤵
  PID:5852
- C:\Windows\System\NGLdVLw.exe
  C:\Windows\System\NGLdVLw.exe
  2⤵
  PID:5868
- C:\Windows\System\wkIPymV.exe
  C:\Windows\System\wkIPymV.exe
  2⤵
  PID:5884
- C:\Windows\System\XSnUyIb.exe
  C:\Windows\System\XSnUyIb.exe
  2⤵
  PID:5900
- C:\Windows\System\BmwIDeJ.exe
  C:\Windows\System\BmwIDeJ.exe
  2⤵
  PID:5916
- C:\Windows\System\dijoYzG.exe
  C:\Windows\System\dijoYzG.exe
  2⤵
  PID:5932
- C:\Windows\System\PpBAzlz.exe
  C:\Windows\System\PpBAzlz.exe
  2⤵
  PID:5948
- C:\Windows\System\zfGlUmW.exe
  C:\Windows\System\zfGlUmW.exe
  2⤵
  PID:5968
- C:\Windows\System\oJdFCsX.exe
  C:\Windows\System\oJdFCsX.exe
  2⤵
  PID:5984
- C:\Windows\System\IhDrLIK.exe
  C:\Windows\System\IhDrLIK.exe
  2⤵
  PID:6000
- C:\Windows\System\oAVCNox.exe
  C:\Windows\System\oAVCNox.exe
  2⤵
  PID:6016
- C:\Windows\System\aTqzcvf.exe
  C:\Windows\System\aTqzcvf.exe
  2⤵
  PID:6032
- C:\Windows\System\WWDLesu.exe
  C:\Windows\System\WWDLesu.exe
  2⤵
  PID:6048
- C:\Windows\System\NIcsbGY.exe
  C:\Windows\System\NIcsbGY.exe
  2⤵
  PID:6064
- C:\Windows\System\nNJdIvQ.exe
  C:\Windows\System\nNJdIvQ.exe
  2⤵
  PID:6080
- C:\Windows\System\aIMExie.exe
  C:\Windows\System\aIMExie.exe
  2⤵
  PID:6096
- C:\Windows\System\xagXThc.exe
  C:\Windows\System\xagXThc.exe
  2⤵
  PID:6112
- C:\Windows\System\LoJJYOk.exe
  C:\Windows\System\LoJJYOk.exe
  2⤵
  PID:6128
- C:\Windows\System\tKhNhBH.exe
  C:\Windows\System\tKhNhBH.exe
  2⤵
  PID:4676
- C:\Windows\System\RKUAXre.exe
  C:\Windows\System\RKUAXre.exe
  2⤵
  PID:4816
- C:\Windows\System\eEnaOYF.exe
  C:\Windows\System\eEnaOYF.exe
  2⤵
  PID:4920
- C:\Windows\System\ucHKSaD.exe
  C:\Windows\System\ucHKSaD.exe
  2⤵
  PID:5044
- C:\Windows\System\rqQjKCW.exe
  C:\Windows\System\rqQjKCW.exe
  2⤵
  PID:1660
- C:\Windows\System\QElbdTE.exe
  C:\Windows\System\QElbdTE.exe
  2⤵
  PID:4240
- C:\Windows\System\vesaPME.exe
  C:\Windows\System\vesaPME.exe
  2⤵
  PID:4484
- C:\Windows\System\VEyKZJH.exe
  C:\Windows\System\VEyKZJH.exe
  2⤵
  PID:5140
- C:\Windows\System\kyphrJe.exe
  C:\Windows\System\kyphrJe.exe
  2⤵
  PID:5172
- C:\Windows\System\rKtSfOt.exe
  C:\Windows\System\rKtSfOt.exe
  2⤵
  PID:5200
- C:\Windows\System\PZJzgHK.exe
  C:\Windows\System\PZJzgHK.exe
  2⤵
  PID:5232
- C:\Windows\System\AKDEHbG.exe
  C:\Windows\System\AKDEHbG.exe
  2⤵
  PID:5264
- C:\Windows\System\algBVCl.exe
  C:\Windows\System\algBVCl.exe
  2⤵
  PID:5296
- C:\Windows\System\lCdJJSF.exe
  C:\Windows\System\lCdJJSF.exe
  2⤵
  PID:5328
- C:\Windows\System\KeetIfw.exe
  C:\Windows\System\KeetIfw.exe
  2⤵
  PID:5360
- C:\Windows\System\FchEdtD.exe
  C:\Windows\System\FchEdtD.exe
  2⤵
  PID:5392
- C:\Windows\System\sZDohOV.exe
  C:\Windows\System\sZDohOV.exe
  2⤵
  PID:5428
- C:\Windows\System\FPdwvTV.exe
  C:\Windows\System\FPdwvTV.exe
  2⤵
  PID:5480
- C:\Windows\System\dWLAVLz.exe
  C:\Windows\System\dWLAVLz.exe
  2⤵
  PID:5500
- C:\Windows\System\ljwyECX.exe
  C:\Windows\System\ljwyECX.exe
  2⤵
  PID:5532
- C:\Windows\System\ofuuQjv.exe
  C:\Windows\System\ofuuQjv.exe
  2⤵
  PID:5588
- C:\Windows\System\TYULvHy.exe
  C:\Windows\System\TYULvHy.exe
  2⤵
  PID:5620
- C:\Windows\System\RfnUBai.exe
  C:\Windows\System\RfnUBai.exe
  2⤵
  PID:5652
- C:\Windows\System\niBDwXM.exe
  C:\Windows\System\niBDwXM.exe
  2⤵
  PID:5684
- C:\Windows\System\KuPjvtK.exe
  C:\Windows\System\KuPjvtK.exe
  2⤵
  PID:5716
- C:\Windows\System\genBkJY.exe
  C:\Windows\System\genBkJY.exe
  2⤵
  PID:5752
- C:\Windows\System\FdImcBv.exe
  C:\Windows\System\FdImcBv.exe
  2⤵
  PID:5784
- C:\Windows\System\BbhhXCW.exe
  C:\Windows\System\BbhhXCW.exe
  2⤵
  PID:2956
- C:\Windows\System\ZUMvarh.exe
  C:\Windows\System\ZUMvarh.exe
  2⤵
  PID:5832
- C:\Windows\System\FzSmwxA.exe
  C:\Windows\System\FzSmwxA.exe
  2⤵
  PID:5864
- C:\Windows\System\hYzexiR.exe
  C:\Windows\System\hYzexiR.exe
  2⤵
  PID:5908
- C:\Windows\System\RWbKpmB.exe
  C:\Windows\System\RWbKpmB.exe
  2⤵
  PID:5940
- C:\Windows\System\FNacivK.exe
  C:\Windows\System\FNacivK.exe
  2⤵
  PID:5976
- C:\Windows\System\ViefkfU.exe
  C:\Windows\System\ViefkfU.exe
  2⤵
  PID:5996
- C:\Windows\System\wmHHxat.exe
  C:\Windows\System\wmHHxat.exe
  2⤵
  PID:6028
- C:\Windows\System\ORWJetT.exe
  C:\Windows\System\ORWJetT.exe
  2⤵
  PID:6072
- C:\Windows\System\iSbjBhf.exe
  C:\Windows\System\iSbjBhf.exe
  2⤵
  PID:6092
- C:\Windows\System\mpdHZKk.exe
  C:\Windows\System\mpdHZKk.exe
  2⤵
  PID:6124
- C:\Windows\System\kOAgSTu.exe
  C:\Windows\System\kOAgSTu.exe
  2⤵
  PID:4884
- C:\Windows\System\SPRDzBT.exe
  C:\Windows\System\SPRDzBT.exe
  2⤵
  PID:2868
- C:\Windows\System\RRlarJG.exe
  C:\Windows\System\RRlarJG.exe
  2⤵
  PID:4112
- C:\Windows\System\eFlRDWa.exe
  C:\Windows\System\eFlRDWa.exe
  2⤵
  PID:4548
- C:\Windows\System\yrlYuUI.exe
  C:\Windows\System\yrlYuUI.exe
  2⤵
  PID:5188
- C:\Windows\System\cmhvKZe.exe
  C:\Windows\System\cmhvKZe.exe
  2⤵
  PID:5260
- C:\Windows\System\MpsEhNz.exe
  C:\Windows\System\MpsEhNz.exe
  2⤵
  PID:5324
- C:\Windows\System\NUeUIhM.exe
  C:\Windows\System\NUeUIhM.exe
  2⤵
  PID:5388
- C:\Windows\System\bFkCSeh.exe
  C:\Windows\System\bFkCSeh.exe
  2⤵
  PID:5464
- C:\Windows\System\BjZpUbv.exe
  C:\Windows\System\BjZpUbv.exe
  2⤵
  PID:5528
- C:\Windows\System\JzGUPhG.exe
  C:\Windows\System\JzGUPhG.exe
  2⤵
  PID:5616
- C:\Windows\System\OCMGkDm.exe
  C:\Windows\System\OCMGkDm.exe
  2⤵
  PID:5680
- C:\Windows\System\mzxqybl.exe
  C:\Windows\System\mzxqybl.exe
  2⤵
  PID:5748
- C:\Windows\System\jKiLpUg.exe
  C:\Windows\System\jKiLpUg.exe
  2⤵
  PID:5800
- C:\Windows\System\MMknzgs.exe
  C:\Windows\System\MMknzgs.exe
  2⤵
  PID:5860
- C:\Windows\System\zfgUMUU.exe
  C:\Windows\System\zfgUMUU.exe
  2⤵
  PID:5924
- C:\Windows\System\PxJOUKE.exe
  C:\Windows\System\PxJOUKE.exe
  2⤵
  PID:5980
- C:\Windows\System\zQpiBVf.exe
  C:\Windows\System\zQpiBVf.exe
  2⤵
  PID:6056
- C:\Windows\System\ZlHiYHY.exe
  C:\Windows\System\ZlHiYHY.exe
  2⤵
  PID:6120
- C:\Windows\System\rRANHPw.exe
  C:\Windows\System\rRANHPw.exe
  2⤵
  PID:4916
- C:\Windows\System\tTAKTIr.exe
  C:\Windows\System\tTAKTIr.exe
  2⤵
  PID:2660
- C:\Windows\System\dycMtpQ.exe
  C:\Windows\System\dycMtpQ.exe
  2⤵
  PID:5160
- C:\Windows\System\CUQOVdE.exe
  C:\Windows\System\CUQOVdE.exe
  2⤵
  PID:5308
- C:\Windows\System\oWONWYY.exe
  C:\Windows\System\oWONWYY.exe
  2⤵
  PID:2176
- C:\Windows\System\hcklhlC.exe
  C:\Windows\System\hcklhlC.exe
  2⤵
  PID:2480
- C:\Windows\System\wuSYqNM.exe
  C:\Windows\System\wuSYqNM.exe
  2⤵
  PID:5636
- C:\Windows\System\DpogBIt.exe
  C:\Windows\System\DpogBIt.exe
  2⤵
  PID:5768
- C:\Windows\System\mhRzlXr.exe
  C:\Windows\System\mhRzlXr.exe
  2⤵
  PID:5944
- C:\Windows\System\QotQSlw.exe
  C:\Windows\System\QotQSlw.exe
  2⤵
  PID:6088
- C:\Windows\System\sTROCsi.exe
  C:\Windows\System\sTROCsi.exe
  2⤵
  PID:4984
- C:\Windows\System\ePPsjgG.exe
  C:\Windows\System\ePPsjgG.exe
  2⤵
  PID:6156
- C:\Windows\System\UhesLOb.exe
  C:\Windows\System\UhesLOb.exe
  2⤵
  PID:6172
- C:\Windows\System\upmGfBJ.exe
  C:\Windows\System\upmGfBJ.exe
  2⤵
  PID:6188
- C:\Windows\System\aWYprBW.exe
  C:\Windows\System\aWYprBW.exe
  2⤵
  PID:6204
- C:\Windows\System\XbQnUxp.exe
  C:\Windows\System\XbQnUxp.exe
  2⤵
  PID:6220
- C:\Windows\System\gjmNdNz.exe
  C:\Windows\System\gjmNdNz.exe
  2⤵
  PID:6236
- C:\Windows\System\Nhbjqne.exe
  C:\Windows\System\Nhbjqne.exe
  2⤵
  PID:6252
- C:\Windows\System\BozRZCl.exe
  C:\Windows\System\BozRZCl.exe
  2⤵
  PID:6268
- C:\Windows\System\SszwNMW.exe
  C:\Windows\System\SszwNMW.exe
  2⤵
  PID:6284
- C:\Windows\System\norzXHu.exe
  C:\Windows\System\norzXHu.exe
  2⤵
  PID:6300
- C:\Windows\System\KYVQBGn.exe
  C:\Windows\System\KYVQBGn.exe
  2⤵
  PID:6316
- C:\Windows\System\hKnkpbL.exe
  C:\Windows\System\hKnkpbL.exe
  2⤵
  PID:6332
- C:\Windows\System\fyTvpFB.exe
  C:\Windows\System\fyTvpFB.exe
  2⤵
  PID:6348
- C:\Windows\System\VpzTnNi.exe
  C:\Windows\System\VpzTnNi.exe
  2⤵
  PID:6364
- C:\Windows\System\faeTuVi.exe
  C:\Windows\System\faeTuVi.exe
  2⤵
  PID:6380
- C:\Windows\System\JreMVpJ.exe
  C:\Windows\System\JreMVpJ.exe
  2⤵
  PID:6396
- C:\Windows\System\LzbjHgh.exe
  C:\Windows\System\LzbjHgh.exe
  2⤵
  PID:6412
- C:\Windows\System\AYIjFiP.exe
  C:\Windows\System\AYIjFiP.exe
  2⤵
  PID:6428
- C:\Windows\System\tBouFsh.exe
  C:\Windows\System\tBouFsh.exe
  2⤵
  PID:6444
- C:\Windows\System\cQpIYsz.exe
  C:\Windows\System\cQpIYsz.exe
  2⤵
  PID:6460
- C:\Windows\System\WMdTIOK.exe
  C:\Windows\System\WMdTIOK.exe
  2⤵
  PID:6476
- C:\Windows\System\wMsHfZi.exe
  C:\Windows\System\wMsHfZi.exe
  2⤵
  PID:6492
- C:\Windows\System\gcBhmPW.exe
  C:\Windows\System\gcBhmPW.exe
  2⤵
  PID:6508
- C:\Windows\System\ZEWvLHk.exe
  C:\Windows\System\ZEWvLHk.exe
  2⤵
  PID:6524
- C:\Windows\System\kVMRYUm.exe
  C:\Windows\System\kVMRYUm.exe
  2⤵
  PID:6540
- C:\Windows\System\XSnmmxQ.exe
  C:\Windows\System\XSnmmxQ.exe
  2⤵
  PID:6556
- C:\Windows\System\IrabDLz.exe
  C:\Windows\System\IrabDLz.exe
  2⤵
  PID:6572
- C:\Windows\System\iyIhILC.exe
  C:\Windows\System\iyIhILC.exe
  2⤵
  PID:6588
- C:\Windows\System\HfIhZeT.exe
  C:\Windows\System\HfIhZeT.exe
  2⤵
  PID:6604
- C:\Windows\System\uwTLwSf.exe
  C:\Windows\System\uwTLwSf.exe
  2⤵
  PID:6620
- C:\Windows\System\XZXiHrz.exe
  C:\Windows\System\XZXiHrz.exe
  2⤵
  PID:6636
- C:\Windows\System\jtDImnj.exe
  C:\Windows\System\jtDImnj.exe
  2⤵
  PID:6652
- C:\Windows\System\srijYHM.exe
  C:\Windows\System\srijYHM.exe
  2⤵
  PID:6672
- C:\Windows\System\AFjZCVt.exe
  C:\Windows\System\AFjZCVt.exe
  2⤵
  PID:6688
- C:\Windows\System\fSrNorR.exe
  C:\Windows\System\fSrNorR.exe
  2⤵
  PID:6704
- C:\Windows\System\FURcACV.exe
  C:\Windows\System\FURcACV.exe
  2⤵
  PID:6720
- C:\Windows\System\UbIjZLi.exe
  C:\Windows\System\UbIjZLi.exe
  2⤵
  PID:6736
- C:\Windows\System\mPRHpjp.exe
  C:\Windows\System\mPRHpjp.exe
  2⤵
  PID:6752
- C:\Windows\System\jlXrdOV.exe
  C:\Windows\System\jlXrdOV.exe
  2⤵
  PID:6768
- C:\Windows\System\pfuKCgf.exe
  C:\Windows\System\pfuKCgf.exe
  2⤵
  PID:6784
- C:\Windows\System\UuAsfrr.exe
  C:\Windows\System\UuAsfrr.exe
  2⤵
  PID:6800
- C:\Windows\System\GzNlrhf.exe
  C:\Windows\System\GzNlrhf.exe
  2⤵
  PID:6816
- C:\Windows\System\WvejvfD.exe
  C:\Windows\System\WvejvfD.exe
  2⤵
  PID:6832
- C:\Windows\System\BSPBAwI.exe
  C:\Windows\System\BSPBAwI.exe
  2⤵
  PID:6848
- C:\Windows\System\mwwxegW.exe
  C:\Windows\System\mwwxegW.exe
  2⤵
  PID:6864
- C:\Windows\System\SenpmBd.exe
  C:\Windows\System\SenpmBd.exe
  2⤵
  PID:6880
- C:\Windows\System\ZrzHSFg.exe
  C:\Windows\System\ZrzHSFg.exe
  2⤵
  PID:6896
- C:\Windows\System\GvEECxW.exe
  C:\Windows\System\GvEECxW.exe
  2⤵
  PID:6912
- C:\Windows\System\SsRnqCS.exe
  C:\Windows\System\SsRnqCS.exe
  2⤵
  PID:6928
- C:\Windows\System\rWXiFqE.exe
  C:\Windows\System\rWXiFqE.exe
  2⤵
  PID:6944
- C:\Windows\System\QmUIKcF.exe
  C:\Windows\System\QmUIKcF.exe
  2⤵
  PID:6960
- C:\Windows\System\KaTdvqJ.exe
  C:\Windows\System\KaTdvqJ.exe
  2⤵
  PID:6980
- C:\Windows\System\gkuOZPF.exe
  C:\Windows\System\gkuOZPF.exe
  2⤵
  PID:6996
- C:\Windows\System\pDAieRZ.exe
  C:\Windows\System\pDAieRZ.exe
  2⤵
  PID:7012
- C:\Windows\System\cbuYxAW.exe
  C:\Windows\System\cbuYxAW.exe
  2⤵
  PID:7028
- C:\Windows\System\yJjGHGR.exe
  C:\Windows\System\yJjGHGR.exe
  2⤵
  PID:7044
- C:\Windows\System\FQFxodr.exe
  C:\Windows\System\FQFxodr.exe
  2⤵
  PID:7060
- C:\Windows\System\GPTmgWs.exe
  C:\Windows\System\GPTmgWs.exe
  2⤵
  PID:7076
- C:\Windows\System\CMuYXzT.exe
  C:\Windows\System\CMuYXzT.exe
  2⤵
  PID:7092
- C:\Windows\System\BDfeiUH.exe
  C:\Windows\System\BDfeiUH.exe
  2⤵
  PID:7108
- C:\Windows\System\XOcCeFR.exe
  C:\Windows\System\XOcCeFR.exe
  2⤵
  PID:7124
- C:\Windows\System\PqEYqBc.exe
  C:\Windows\System\PqEYqBc.exe
  2⤵
  PID:7140
- C:\Windows\System\eSmZmqx.exe
  C:\Windows\System\eSmZmqx.exe
  2⤵
  PID:7156
- C:\Windows\System\zLVcBcd.exe
  C:\Windows\System\zLVcBcd.exe
  2⤵
  PID:4400
- C:\Windows\System\SAkHKPX.exe
  C:\Windows\System\SAkHKPX.exe
  2⤵
  PID:5408
- C:\Windows\System\zVaUOFT.exe
  C:\Windows\System\zVaUOFT.exe
  2⤵
  PID:5584
- C:\Windows\System\Rriwfhe.exe
  C:\Windows\System\Rriwfhe.exe
  2⤵
  PID:5844
- C:\Windows\System\uGGUCSz.exe
  C:\Windows\System\uGGUCSz.exe
  2⤵
  PID:6108
- C:\Windows\System\eCUzOxR.exe
  C:\Windows\System\eCUzOxR.exe
  2⤵
  PID:6164
- C:\Windows\System\vkZprLW.exe
  C:\Windows\System\vkZprLW.exe
  2⤵
  PID:6184
- C:\Windows\System\qtpuizZ.exe
  C:\Windows\System\qtpuizZ.exe
  2⤵
  PID:6216
- C:\Windows\System\fLlNrXn.exe
  C:\Windows\System\fLlNrXn.exe
  2⤵
  PID:6248
- C:\Windows\System\PIAYoRs.exe
  C:\Windows\System\PIAYoRs.exe
  2⤵
  PID:6280
- C:\Windows\System\rcOYXCK.exe
  C:\Windows\System\rcOYXCK.exe
  2⤵
  PID:6312
- C:\Windows\System\jiiMRMa.exe
  C:\Windows\System\jiiMRMa.exe
  2⤵
  PID:6344
- C:\Windows\System\EOJrGeF.exe
  C:\Windows\System\EOJrGeF.exe
  2⤵
  PID:552
- C:\Windows\System\JObdOEU.exe
  C:\Windows\System\JObdOEU.exe
  2⤵
  PID:6392
- C:\Windows\System\mXsLxmH.exe
  C:\Windows\System\mXsLxmH.exe
  2⤵
  PID:6456
- C:\Windows\System\QFqrxrP.exe
  C:\Windows\System\QFqrxrP.exe
  2⤵
  PID:6516
- C:\Windows\System\rUTAhvQ.exe
  C:\Windows\System\rUTAhvQ.exe
  2⤵
  PID:1484
- C:\Windows\System\UfDbuwP.exe
  C:\Windows\System\UfDbuwP.exe
  2⤵
  PID:6552
- C:\Windows\System\RydfpRu.exe
  C:\Windows\System\RydfpRu.exe
  2⤵
  PID:6584
- C:\Windows\System\KQENQpA.exe
  C:\Windows\System\KQENQpA.exe
  2⤵
  PID:6616
- C:\Windows\System\oZxxBad.exe
  C:\Windows\System\oZxxBad.exe
  2⤵
  PID:6648
- C:\Windows\System\eNcnVcQ.exe
  C:\Windows\System\eNcnVcQ.exe
  2⤵
  PID:6684
- C:\Windows\System\heMahBv.exe
  C:\Windows\System\heMahBv.exe
  2⤵
  PID:6728
- C:\Windows\System\FZWrERu.exe
  C:\Windows\System\FZWrERu.exe
  2⤵
  PID:6744
- C:\Windows\System\WFStOfD.exe
  C:\Windows\System\WFStOfD.exe
  2⤵
  PID:6764
- C:\Windows\System\ccHxZAk.exe
  C:\Windows\System\ccHxZAk.exe
  2⤵
  PID:6796
- C:\Windows\System\tMVXRhN.exe
  C:\Windows\System\tMVXRhN.exe
  2⤵
  PID:6824
- C:\Windows\System\bfTZQvg.exe
  C:\Windows\System\bfTZQvg.exe
  2⤵
  PID:6856
- C:\Windows\System\dwVAcce.exe
  C:\Windows\System\dwVAcce.exe
  2⤵
  PID:6872
- C:\Windows\System\hcWBwzW.exe
  C:\Windows\System\hcWBwzW.exe
  2⤵
  PID:1448
- C:\Windows\System\tSjJaPa.exe
  C:\Windows\System\tSjJaPa.exe
  2⤵
  PID:6920
- C:\Windows\System\WqTBGNj.exe
  C:\Windows\System\WqTBGNj.exe
  2⤵
  PID:6952
- C:\Windows\System\hZmwdVG.exe
  C:\Windows\System\hZmwdVG.exe
  2⤵
  PID:2288
- C:\Windows\System\XQSdgAB.exe
  C:\Windows\System\XQSdgAB.exe
  2⤵
  PID:2352
- C:\Windows\System\hIuzUhZ.exe
  C:\Windows\System\hIuzUhZ.exe
  2⤵
  PID:7020
- C:\Windows\System\AXkLJfY.exe
  C:\Windows\System\AXkLJfY.exe
  2⤵
  PID:7040
- C:\Windows\System\GgNZNrd.exe
  C:\Windows\System\GgNZNrd.exe
  2⤵
  PID:7072
- C:\Windows\System\esXAkVz.exe
  C:\Windows\System\esXAkVz.exe
  2⤵
  PID:7104
- C:\Windows\System\nojHqWL.exe
  C:\Windows\System\nojHqWL.exe
  2⤵
  PID:7132
- C:\Windows\System\stySlZh.exe
  C:\Windows\System\stySlZh.exe
  2⤵
  PID:7164
- C:\Windows\System\YNxSUpb.exe
  C:\Windows\System\YNxSUpb.exe
  2⤵
  PID:3752
- C:\Windows\System\ORKZvnu.exe
  C:\Windows\System\ORKZvnu.exe
  2⤵
  PID:1108
- C:\Windows\System\GAIvPWY.exe
  C:\Windows\System\GAIvPWY.exe
  2⤵
  PID:5712
- C:\Windows\System\WyhCvGC.exe
  C:\Windows\System\WyhCvGC.exe
  2⤵
  PID:5992
- C:\Windows\System\HoVkedn.exe
  C:\Windows\System\HoVkedn.exe
  2⤵
  PID:5572
- C:\Windows\System\NPGNtbb.exe
  C:\Windows\System\NPGNtbb.exe
  2⤵
  PID:6276
- C:\Windows\System\gKJmqxV.exe
  C:\Windows\System\gKJmqxV.exe
  2⤵
  PID:6264
- C:\Windows\System\ABBtbso.exe
  C:\Windows\System\ABBtbso.exe
  2⤵
  PID:696
- C:\Windows\System\OEALFgV.exe
  C:\Windows\System\OEALFgV.exe
  2⤵
  PID:1548
- C:\Windows\System\FZvGTbw.exe
  C:\Windows\System\FZvGTbw.exe
  2⤵
  PID:2100
- C:\Windows\System\hwZoThy.exe
  C:\Windows\System\hwZoThy.exe
  2⤵
  PID:2692
- C:\Windows\System\qbZYPfy.exe
  C:\Windows\System\qbZYPfy.exe
  2⤵
  PID:2912
- C:\Windows\System\jSyonEi.exe
  C:\Windows\System\jSyonEi.exe
  2⤵
  PID:6668
- C:\Windows\System\fywpnPI.exe
  C:\Windows\System\fywpnPI.exe
  2⤵
  PID:6488
- C:\Windows\System\ZaHIctf.exe
  C:\Windows\System\ZaHIctf.exe
  2⤵
  PID:6596
- C:\Windows\System\xlPiEts.exe
  C:\Windows\System\xlPiEts.exe
  2⤵
  PID:6612
- C:\Windows\System\MxjOPtK.exe
  C:\Windows\System\MxjOPtK.exe
  2⤵
  PID:6700
- C:\Windows\System\OkkOfET.exe
  C:\Windows\System\OkkOfET.exe
  2⤵
  PID:6628
- C:\Windows\System\XqRqQdb.exe
  C:\Windows\System\XqRqQdb.exe
  2⤵
  PID:6860
- C:\Windows\System\MoyyXsl.exe
  C:\Windows\System\MoyyXsl.exe
  2⤵
  PID:6696
- C:\Windows\System\AjcJqDU.exe
  C:\Windows\System\AjcJqDU.exe
  2⤵
  PID:6732
- C:\Windows\System\uOFNYFb.exe
  C:\Windows\System\uOFNYFb.exe
  2⤵
  PID:6840
- C:\Windows\System\aqJOSpt.exe
  C:\Windows\System\aqJOSpt.exe
  2⤵
  PID:996
- C:\Windows\System\ufoqgII.exe
  C:\Windows\System\ufoqgII.exe
  2⤵
  PID:3036
- C:\Windows\System\UrnzgWx.exe
  C:\Windows\System\UrnzgWx.exe
  2⤵
  PID:3040
- C:\Windows\System\clfkBCE.exe
  C:\Windows\System\clfkBCE.exe
  2⤵
  PID:7052
- C:\Windows\System\SznrfOW.exe
  C:\Windows\System\SznrfOW.exe
  2⤵
  PID:5244
- C:\Windows\System\DHFjWgf.exe
  C:\Windows\System\DHFjWgf.exe
  2⤵
  PID:1976
- C:\Windows\System\GxpyGkC.exe
  C:\Windows\System\GxpyGkC.exe
  2⤵
  PID:2656
- C:\Windows\System\HgHstBM.exe
  C:\Windows\System\HgHstBM.exe
  2⤵
  PID:2636
- C:\Windows\System\LHWkLLA.exe
  C:\Windows\System\LHWkLLA.exe
  2⤵
  PID:6424
- C:\Windows\System\mbAcGcy.exe
  C:\Windows\System\mbAcGcy.exe
  2⤵
  PID:6644
- C:\Windows\System\bDFSbAO.exe
  C:\Windows\System\bDFSbAO.exe
  2⤵
  PID:6888
- C:\Windows\System\NMKGOFC.exe
  C:\Windows\System\NMKGOFC.exe
  2⤵
  PID:6372
- C:\Windows\System\PPlVsxM.exe
  C:\Windows\System\PPlVsxM.exe
  2⤵
  PID:6244
- C:\Windows\System\liFSINB.exe
  C:\Windows\System\liFSINB.exe
  2⤵
  PID:1532
- C:\Windows\System\KOrCoaW.exe
  C:\Windows\System\KOrCoaW.exe
  2⤵
  PID:2136
- C:\Windows\System\SxbTQAk.exe
  C:\Windows\System\SxbTQAk.exe
  2⤵
  PID:6484
- C:\Windows\System\YeqFjVl.exe
  C:\Windows\System\YeqFjVl.exe
  2⤵
  PID:1584
- C:\Windows\System\JKaRRiL.exe
  C:\Windows\System\JKaRRiL.exe
  2⤵
  PID:2404
- C:\Windows\System\piCZEXm.exe
  C:\Windows\System\piCZEXm.exe
  2⤵
  PID:7084
- C:\Windows\System\KkJkzqd.exe
  C:\Windows\System\KkJkzqd.exe
  2⤵
  PID:6828
- C:\Windows\System\WfpPZoz.exe
  C:\Windows\System\WfpPZoz.exe
  2⤵
  PID:6580
- C:\Windows\System\wDiqnQX.exe
  C:\Windows\System\wDiqnQX.exe
  2⤵
  PID:6940
- C:\Windows\System\fZFpQJB.exe
  C:\Windows\System\fZFpQJB.exe
  2⤵
  PID:6680
- C:\Windows\System\YsKGcLg.exe
  C:\Windows\System\YsKGcLg.exe
  2⤵
  PID:6420
- C:\Windows\System\DOpbOjN.exe
  C:\Windows\System\DOpbOjN.exe
  2⤵
  PID:7008
- C:\Windows\System\ycEIwRE.exe
  C:\Windows\System\ycEIwRE.exe
  2⤵
  PID:2596
- C:\Windows\System\JjEqwmC.exe
  C:\Windows\System\JjEqwmC.exe
  2⤵
  PID:6748
- C:\Windows\System\mezCxyF.exe
  C:\Windows\System\mezCxyF.exe
  2⤵
  PID:7180
- C:\Windows\System\xJHidXx.exe
  C:\Windows\System\xJHidXx.exe
  2⤵
  PID:7196
- C:\Windows\System\MLHiAtW.exe
  C:\Windows\System\MLHiAtW.exe
  2⤵
  PID:7212
- C:\Windows\System\ooGqZeU.exe
  C:\Windows\System\ooGqZeU.exe
  2⤵
  PID:7228
- C:\Windows\System\aQwdoEw.exe
  C:\Windows\System\aQwdoEw.exe
  2⤵
  PID:7244
- C:\Windows\System\EmBgsTZ.exe
  C:\Windows\System\EmBgsTZ.exe
  2⤵
  PID:7260
- C:\Windows\System\hfbISHp.exe
  C:\Windows\System\hfbISHp.exe
  2⤵
  PID:7276
- C:\Windows\System\AizCeJq.exe
  C:\Windows\System\AizCeJq.exe
  2⤵
  PID:7292
- C:\Windows\System\Xmksawm.exe
  C:\Windows\System\Xmksawm.exe
  2⤵
  PID:7308
- C:\Windows\System\hyBZTOS.exe
  C:\Windows\System\hyBZTOS.exe
  2⤵
  PID:7324
- C:\Windows\System\VtUgxAr.exe
  C:\Windows\System\VtUgxAr.exe
  2⤵
  PID:7340
- C:\Windows\System\UCetEgf.exe
  C:\Windows\System\UCetEgf.exe
  2⤵
  PID:7356
- C:\Windows\System\PDncLwn.exe
  C:\Windows\System\PDncLwn.exe
  2⤵
  PID:7372
- C:\Windows\System\efrUyjS.exe
  C:\Windows\System\efrUyjS.exe
  2⤵
  PID:7388
- C:\Windows\System\UdQQWhv.exe
  C:\Windows\System\UdQQWhv.exe
  2⤵
  PID:7404
- C:\Windows\System\YHmMWMc.exe
  C:\Windows\System\YHmMWMc.exe
  2⤵
  PID:7420
- C:\Windows\System\sPuoTyW.exe
  C:\Windows\System\sPuoTyW.exe
  2⤵
  PID:7436
- C:\Windows\System\tVbLIHb.exe
  C:\Windows\System\tVbLIHb.exe
  2⤵
  PID:7452
- C:\Windows\System\PNXmtEp.exe
  C:\Windows\System\PNXmtEp.exe
  2⤵
  PID:7468
- C:\Windows\System\xwXXMfJ.exe
  C:\Windows\System\xwXXMfJ.exe
  2⤵
  PID:7484
- C:\Windows\System\oFIhGUb.exe
  C:\Windows\System\oFIhGUb.exe
  2⤵
  PID:7500
- C:\Windows\System\nsIdyHI.exe
  C:\Windows\System\nsIdyHI.exe
  2⤵
  PID:7516
- C:\Windows\System\qSyJWDv.exe
  C:\Windows\System\qSyJWDv.exe
  2⤵
  PID:7532
- C:\Windows\System\XSZTkVk.exe
  C:\Windows\System\XSZTkVk.exe
  2⤵
  PID:7548
- C:\Windows\System\mKAicvK.exe
  C:\Windows\System\mKAicvK.exe
  2⤵
  PID:7564
- C:\Windows\System\XwQprpi.exe
  C:\Windows\System\XwQprpi.exe
  2⤵
  PID:7580
- C:\Windows\System\tVAiPGY.exe
  C:\Windows\System\tVAiPGY.exe
  2⤵
  PID:7596
- C:\Windows\System\khEyMTN.exe
  C:\Windows\System\khEyMTN.exe
  2⤵
  PID:7612
- C:\Windows\System\FXqhmYZ.exe
  C:\Windows\System\FXqhmYZ.exe
  2⤵
  PID:7628
- C:\Windows\System\uaELMRN.exe
  C:\Windows\System\uaELMRN.exe
  2⤵
  PID:7644
- C:\Windows\System\SGhHsjr.exe
  C:\Windows\System\SGhHsjr.exe
  2⤵
  PID:7660
- C:\Windows\System\DBuLPzP.exe
  C:\Windows\System\DBuLPzP.exe
  2⤵
  PID:7676
- C:\Windows\System\ERGIAmX.exe
  C:\Windows\System\ERGIAmX.exe
  2⤵
  PID:7692
- C:\Windows\System\bsTRFBb.exe
  C:\Windows\System\bsTRFBb.exe
  2⤵
  PID:7708
- C:\Windows\System\LZdBPwD.exe
  C:\Windows\System\LZdBPwD.exe
  2⤵
  PID:7724
- C:\Windows\System\udtrEfv.exe
  C:\Windows\System\udtrEfv.exe
  2⤵
  PID:7740
- C:\Windows\System\lRxmnLz.exe
  C:\Windows\System\lRxmnLz.exe
  2⤵
  PID:7756
- C:\Windows\System\CMknFdz.exe
  C:\Windows\System\CMknFdz.exe
  2⤵
  PID:7772
- C:\Windows\System\qeuPOOZ.exe
  C:\Windows\System\qeuPOOZ.exe
  2⤵
  PID:7788
- C:\Windows\System\hADbJUM.exe
  C:\Windows\System\hADbJUM.exe
  2⤵
  PID:7804
- C:\Windows\System\PUlmfPt.exe
  C:\Windows\System\PUlmfPt.exe
  2⤵
  PID:7820
- C:\Windows\System\LwnzcPW.exe
  C:\Windows\System\LwnzcPW.exe
  2⤵
  PID:7836
- C:\Windows\System\VTJIzZA.exe
  C:\Windows\System\VTJIzZA.exe
  2⤵
  PID:7852
- C:\Windows\System\YXrMjiM.exe
  C:\Windows\System\YXrMjiM.exe
  2⤵
  PID:7868
- C:\Windows\System\McDImPQ.exe
  C:\Windows\System\McDImPQ.exe
  2⤵
  PID:7884
- C:\Windows\System\cJFkLyz.exe
  C:\Windows\System\cJFkLyz.exe
  2⤵
  PID:7900
- C:\Windows\System\pPnTUeV.exe
  C:\Windows\System\pPnTUeV.exe
  2⤵
  PID:7916
- C:\Windows\System\DUsxbml.exe
  C:\Windows\System\DUsxbml.exe
  2⤵
  PID:7932
- C:\Windows\System\oGrOffj.exe
  C:\Windows\System\oGrOffj.exe
  2⤵
  PID:7948
- C:\Windows\System\dxoGBNJ.exe
  C:\Windows\System\dxoGBNJ.exe
  2⤵
  PID:7964
- C:\Windows\System\ZNahjcs.exe
  C:\Windows\System\ZNahjcs.exe
  2⤵
  PID:7980
- C:\Windows\System\zbBlPCw.exe
  C:\Windows\System\zbBlPCw.exe
  2⤵
  PID:7996
- C:\Windows\System\bPoJztn.exe
  C:\Windows\System\bPoJztn.exe
  2⤵
  PID:8012
- C:\Windows\System\oevwhHi.exe
  C:\Windows\System\oevwhHi.exe
  2⤵
  PID:8028
- C:\Windows\System\EzKEiKY.exe
  C:\Windows\System\EzKEiKY.exe
  2⤵
  PID:8044
- C:\Windows\System\BEqteCR.exe
  C:\Windows\System\BEqteCR.exe
  2⤵
  PID:8060
- C:\Windows\System\paJfIXX.exe
  C:\Windows\System\paJfIXX.exe
  2⤵
  PID:8076
- C:\Windows\System\JvKerUC.exe
  C:\Windows\System\JvKerUC.exe
  2⤵
  PID:8092
- C:\Windows\System\YHCQcyL.exe
  C:\Windows\System\YHCQcyL.exe
  2⤵
  PID:8108
- C:\Windows\System\KjmNXcf.exe
  C:\Windows\System\KjmNXcf.exe
  2⤵
  PID:8124
- C:\Windows\System\qapZDne.exe
  C:\Windows\System\qapZDne.exe
  2⤵
  PID:8140
- C:\Windows\System\uqJdePT.exe
  C:\Windows\System\uqJdePT.exe
  2⤵
  PID:8156
- C:\Windows\System\OCuCFVN.exe
  C:\Windows\System\OCuCFVN.exe
  2⤵
  PID:8172
- C:\Windows\System\NafkBoQ.exe
  C:\Windows\System\NafkBoQ.exe
  2⤵
  PID:8188
- C:\Windows\System\gChtQnT.exe
  C:\Windows\System\gChtQnT.exe
  2⤵
  PID:7252
- C:\Windows\System\ostGidK.exe
  C:\Windows\System\ostGidK.exe
  2⤵
  PID:7284
- C:\Windows\System\qIYbvKE.exe
  C:\Windows\System\qIYbvKE.exe
  2⤵
  PID:992
- C:\Windows\System\mEzfjoI.exe
  C:\Windows\System\mEzfjoI.exe
  2⤵
  PID:1088
- C:\Windows\System\GWyxGqD.exe
  C:\Windows\System\GWyxGqD.exe
  2⤵
  PID:7176
- C:\Windows\System\dRSBluR.exe
  C:\Windows\System\dRSBluR.exe
  2⤵
  PID:7332
- C:\Windows\System\axrrcSZ.exe
  C:\Windows\System\axrrcSZ.exe
  2⤵
  PID:7272
- C:\Windows\System\kHjivbl.exe
  C:\Windows\System\kHjivbl.exe
  2⤵
  PID:7352
- C:\Windows\System\otlRrfP.exe
  C:\Windows\System\otlRrfP.exe
  2⤵
  PID:7336
- C:\Windows\System\syzavPq.exe
  C:\Windows\System\syzavPq.exe
  2⤵
  PID:7476
- C:\Windows\System\kftZUBy.exe
  C:\Windows\System\kftZUBy.exe
  2⤵
  PID:7364
- C:\Windows\System\MrmNLPk.exe
  C:\Windows\System\MrmNLPk.exe
  2⤵
  PID:7428
- C:\Windows\System\DkeMkQV.exe
  C:\Windows\System\DkeMkQV.exe
  2⤵
  PID:7492
- C:\Windows\System\laNvZwt.exe
  C:\Windows\System\laNvZwt.exe
  2⤵
  PID:7544
- C:\Windows\System\uKbHYNT.exe
  C:\Windows\System\uKbHYNT.exe
  2⤵
  PID:7636
- C:\Windows\System\QmSfsuF.exe
  C:\Windows\System\QmSfsuF.exe
  2⤵
  PID:7672
- C:\Windows\System\snsceLW.exe
  C:\Windows\System\snsceLW.exe
  2⤵
  PID:7764
- C:\Windows\System\TbKcvGU.exe
  C:\Windows\System\TbKcvGU.exe
  2⤵
  PID:7828
- C:\Windows\System\dRstfhA.exe
  C:\Windows\System\dRstfhA.exe
  2⤵
  PID:7864
- C:\Windows\System\OfOmMmw.exe
  C:\Windows\System\OfOmMmw.exe
  2⤵
  PID:7752
- C:\Windows\System\mqCMAdB.exe
  C:\Windows\System\mqCMAdB.exe
  2⤵
  PID:7556
- C:\Windows\System\LhOZwJE.exe
  C:\Windows\System\LhOZwJE.exe
  2⤵
  PID:7620
- C:\Windows\System\fZtWZDf.exe
  C:\Windows\System\fZtWZDf.exe
  2⤵
  PID:7684
- C:\Windows\System\qcxFauK.exe
  C:\Windows\System\qcxFauK.exe
  2⤵
  PID:7780
- C:\Windows\System\XMLXBtU.exe
  C:\Windows\System\XMLXBtU.exe
  2⤵
  PID:7844
- C:\Windows\System\wDjKbpI.exe
  C:\Windows\System\wDjKbpI.exe
  2⤵
  PID:7908
- C:\Windows\System\BXxpuXd.exe
  C:\Windows\System\BXxpuXd.exe
  2⤵
  PID:7960
- C:\Windows\System\QDrMqvW.exe
  C:\Windows\System\QDrMqvW.exe
  2⤵
  PID:8024
- C:\Windows\System\GahjjeQ.exe
  C:\Windows\System\GahjjeQ.exe
  2⤵
  PID:8004
- C:\Windows\System\neaYMPP.exe
  C:\Windows\System\neaYMPP.exe
  2⤵
  PID:8088
- C:\Windows\System\pKTQCFV.exe
  C:\Windows\System\pKTQCFV.exe
  2⤵
  PID:8072
- C:\Windows\System\rWrWeED.exe
  C:\Windows\System\rWrWeED.exe
  2⤵
  PID:8168
- C:\Windows\System\nfdIFqX.exe
  C:\Windows\System\nfdIFqX.exe
  2⤵
  PID:8164
- C:\Windows\System\ywhcOVS.exe
  C:\Windows\System\ywhcOVS.exe
  2⤵
  PID:6296
- C:\Windows\System\YSWxCCV.exe
  C:\Windows\System\YSWxCCV.exe
  2⤵
  PID:7268
- C:\Windows\System\AqqsTMQ.exe
  C:\Windows\System\AqqsTMQ.exe
  2⤵
  PID:8180
- C:\Windows\System\TmlcbVK.exe
  C:\Windows\System\TmlcbVK.exe
  2⤵
  PID:6780
- C:\Windows\System\vOuYMzs.exe
  C:\Windows\System\vOuYMzs.exe
  2⤵
  PID:7348
- C:\Windows\System\BsgzWRg.exe
  C:\Windows\System\BsgzWRg.exe
  2⤵
  PID:7512
- C:\Windows\System\QSauKEM.exe
  C:\Windows\System\QSauKEM.exe
  2⤵
  PID:7608
- C:\Windows\System\fXAOXzy.exe
  C:\Windows\System\fXAOXzy.exe
  2⤵
  PID:7208
- C:\Windows\System\cYoGbId.exe
  C:\Windows\System\cYoGbId.exe
  2⤵
  PID:7540
- C:\Windows\System\ArMDAUp.exe
  C:\Windows\System\ArMDAUp.exe
  2⤵
  PID:7796
- C:\Windows\System\WvCCZYU.exe
  C:\Windows\System\WvCCZYU.exe
  2⤵
  PID:7748
- C:\Windows\System\kfCvHwT.exe
  C:\Windows\System\kfCvHwT.exe
  2⤵
  PID:7876
- C:\Windows\System\OxSVZYu.exe
  C:\Windows\System\OxSVZYu.exe
  2⤵
  PID:7940
- C:\Windows\System\fSetGdO.exe
  C:\Windows\System\fSetGdO.exe
  2⤵
  PID:7592
- C:\Windows\System\otUNNEc.exe
  C:\Windows\System\otUNNEc.exe
  2⤵
  PID:8132
- C:\Windows\System\UnCLkYh.exe
  C:\Windows\System\UnCLkYh.exe
  2⤵
  PID:7816
- C:\Windows\System\bJjGcZD.exe
  C:\Windows\System\bJjGcZD.exe
  2⤵
  PID:8040
- C:\Windows\System\CmZOMuD.exe
  C:\Windows\System\CmZOMuD.exe
  2⤵
  PID:7240
- C:\Windows\System\AEIMjDV.exe
  C:\Windows\System\AEIMjDV.exe
  2⤵
  PID:8152
- C:\Windows\System\SDsOQGk.exe
  C:\Windows\System\SDsOQGk.exe
  2⤵
  PID:8104
- C:\Windows\System\kKSxpYA.exe
  C:\Windows\System\kKSxpYA.exe
  2⤵
  PID:7188
- C:\Windows\System\TBmGMuM.exe
  C:\Windows\System\TBmGMuM.exe
  2⤵
  PID:7736
- C:\Windows\System\WTdJDgw.exe
  C:\Windows\System\WTdJDgw.exe
  2⤵
  PID:7396
- C:\Windows\System\tUjrXmN.exe
  C:\Windows\System\tUjrXmN.exe
  2⤵
  PID:7588
- C:\Windows\System\LVbVmdQ.exe
  C:\Windows\System\LVbVmdQ.exe
  2⤵
  PID:8052
- C:\Windows\System\oMEcpai.exe
  C:\Windows\System\oMEcpai.exe
  2⤵
  PID:7304
- C:\Windows\System\HESNwUH.exe
  C:\Windows\System\HESNwUH.exe
  2⤵
  PID:7956
- C:\Windows\System\CXDkYjD.exe
  C:\Windows\System\CXDkYjD.exe
  2⤵
  PID:8084
- C:\Windows\System\OOPhKOc.exe
  C:\Windows\System\OOPhKOc.exe
  2⤵
  PID:7604
- C:\Windows\System\WnsKXtc.exe
  C:\Windows\System\WnsKXtc.exe
  2⤵
  PID:7924
- C:\Windows\System\VZFYqkM.exe
  C:\Windows\System\VZFYqkM.exe
  2⤵
  PID:7508
- C:\Windows\System\IeyOXKt.exe
  C:\Windows\System\IeyOXKt.exe
  2⤵
  PID:7716
- C:\Windows\System\zOzdZbq.exe
  C:\Windows\System\zOzdZbq.exe
  2⤵
  PID:7992
- C:\Windows\System\NqEDmpu.exe
  C:\Windows\System\NqEDmpu.exe
  2⤵
  PID:8200
- C:\Windows\System\fOxhHzG.exe
  C:\Windows\System\fOxhHzG.exe
  2⤵
  PID:8216
- C:\Windows\System\KHpcBII.exe
  C:\Windows\System\KHpcBII.exe
  2⤵
  PID:8232
- C:\Windows\System\CusQhbV.exe
  C:\Windows\System\CusQhbV.exe
  2⤵
  PID:8248
- C:\Windows\System\ijHBqJz.exe
  C:\Windows\System\ijHBqJz.exe
  2⤵
  PID:8264
- C:\Windows\System\ZlEHzNV.exe
  C:\Windows\System\ZlEHzNV.exe
  2⤵
  PID:8280
- C:\Windows\System\uQbcYcU.exe
  C:\Windows\System\uQbcYcU.exe
  2⤵
  PID:8296
- C:\Windows\System\yxaOklk.exe
  C:\Windows\System\yxaOklk.exe
  2⤵
  PID:8312
- C:\Windows\System\ouRdDwq.exe
  C:\Windows\System\ouRdDwq.exe
  2⤵
  PID:8328
- C:\Windows\System\TfzgoeL.exe
  C:\Windows\System\TfzgoeL.exe
  2⤵
  PID:8344
- C:\Windows\System\WoSPqUh.exe
  C:\Windows\System\WoSPqUh.exe
  2⤵
  PID:8360
- C:\Windows\System\iOtTTWj.exe
  C:\Windows\System\iOtTTWj.exe
  2⤵
  PID:8376
- C:\Windows\System\AjqIfCy.exe
  C:\Windows\System\AjqIfCy.exe
  2⤵
  PID:8392
- C:\Windows\System\XBHJcHO.exe
  C:\Windows\System\XBHJcHO.exe
  2⤵
  PID:8408
- C:\Windows\System\ZvAmEAm.exe
  C:\Windows\System\ZvAmEAm.exe
  2⤵
  PID:8424
- C:\Windows\System\pFVEqUY.exe
  C:\Windows\System\pFVEqUY.exe
  2⤵
  PID:8440
- C:\Windows\System\cqKEhQv.exe
  C:\Windows\System\cqKEhQv.exe
  2⤵
  PID:8456
- C:\Windows\System\GJMchNG.exe
  C:\Windows\System\GJMchNG.exe
  2⤵
  PID:8472
- C:\Windows\System\vFBEbCV.exe
  C:\Windows\System\vFBEbCV.exe
  2⤵
  PID:8488
- C:\Windows\System\ssKnWNv.exe
  C:\Windows\System\ssKnWNv.exe
  2⤵
  PID:8504
- C:\Windows\System\fzPeCwO.exe
  C:\Windows\System\fzPeCwO.exe
  2⤵
  PID:8520
- C:\Windows\System\VsLlPsB.exe
  C:\Windows\System\VsLlPsB.exe
  2⤵
  PID:8536
- C:\Windows\System\WiYCcqK.exe
  C:\Windows\System\WiYCcqK.exe
  2⤵
  PID:8552
- C:\Windows\System\wNqrESF.exe
  C:\Windows\System\wNqrESF.exe
  2⤵
  PID:8568
- C:\Windows\System\Cispdvm.exe
  C:\Windows\System\Cispdvm.exe
  2⤵
  PID:8584
- C:\Windows\System\bDRhFjB.exe
  C:\Windows\System\bDRhFjB.exe
  2⤵
  PID:8600
- C:\Windows\System\WocuwYy.exe
  C:\Windows\System\WocuwYy.exe
  2⤵
  PID:8616
- C:\Windows\System\GTHHPvc.exe
  C:\Windows\System\GTHHPvc.exe
  2⤵
  PID:8632
- C:\Windows\System\cAVRcsB.exe
  C:\Windows\System\cAVRcsB.exe
  2⤵
  PID:8648
- C:\Windows\System\AXCeAYt.exe
  C:\Windows\System\AXCeAYt.exe
  2⤵
  PID:8664
- C:\Windows\System\PVHeZJD.exe
  C:\Windows\System\PVHeZJD.exe
  2⤵
  PID:8680
- C:\Windows\System\ccjvZaL.exe
  C:\Windows\System\ccjvZaL.exe
  2⤵
  PID:8696
- C:\Windows\System\xIAUsvg.exe
  C:\Windows\System\xIAUsvg.exe
  2⤵
  PID:8712
- C:\Windows\System\NFAVvqn.exe
  C:\Windows\System\NFAVvqn.exe
  2⤵
  PID:8728
- C:\Windows\System\ouelQMO.exe
  C:\Windows\System\ouelQMO.exe
  2⤵
  PID:8744
- C:\Windows\System\ixhjZnS.exe
  C:\Windows\System\ixhjZnS.exe
  2⤵
  PID:8764
- C:\Windows\System\mNOrDxJ.exe
  C:\Windows\System\mNOrDxJ.exe
  2⤵
  PID:8780
- C:\Windows\System\nYSixKI.exe
  C:\Windows\System\nYSixKI.exe
  2⤵
  PID:8796
- C:\Windows\System\TiiTIFI.exe
  C:\Windows\System\TiiTIFI.exe
  2⤵
  PID:8812
- C:\Windows\System\omFgfCu.exe
  C:\Windows\System\omFgfCu.exe
  2⤵
  PID:8828
- C:\Windows\System\MdVvUjP.exe
  C:\Windows\System\MdVvUjP.exe
  2⤵
  PID:8844
- C:\Windows\System\velwpXV.exe
  C:\Windows\System\velwpXV.exe
  2⤵
  PID:8860
- C:\Windows\System\bZKzWvs.exe
  C:\Windows\System\bZKzWvs.exe
  2⤵
  PID:8876
- C:\Windows\System\FNmFTYx.exe
  C:\Windows\System\FNmFTYx.exe
  2⤵
  PID:8892
- C:\Windows\System\hQpqCMO.exe
  C:\Windows\System\hQpqCMO.exe
  2⤵
  PID:8908
- C:\Windows\System\fODXPgz.exe
  C:\Windows\System\fODXPgz.exe
  2⤵
  PID:8924
- C:\Windows\System\lKsKQHT.exe
  C:\Windows\System\lKsKQHT.exe
  2⤵
  PID:8940
- C:\Windows\System\grKJpqn.exe
  C:\Windows\System\grKJpqn.exe
  2⤵
  PID:8956
- C:\Windows\System\wLSIVmK.exe
  C:\Windows\System\wLSIVmK.exe
  2⤵
  PID:8972
- C:\Windows\System\zzOqkRT.exe
  C:\Windows\System\zzOqkRT.exe
  2⤵
  PID:8988
- C:\Windows\System\dlhbVYn.exe
  C:\Windows\System\dlhbVYn.exe
  2⤵
  PID:9004
- C:\Windows\System\OfrkUze.exe
  C:\Windows\System\OfrkUze.exe
  2⤵
  PID:9020
- C:\Windows\System\QPiEbrG.exe
  C:\Windows\System\QPiEbrG.exe
  2⤵
  PID:9044
- C:\Windows\System\syGIQgb.exe
  C:\Windows\System\syGIQgb.exe
  2⤵
  PID:9060
- C:\Windows\System\azfRaAo.exe
  C:\Windows\System\azfRaAo.exe
  2⤵
  PID:9076
- C:\Windows\System\JOoUqOD.exe
  C:\Windows\System\JOoUqOD.exe
  2⤵
  PID:9112
- C:\Windows\System\yGRtZdm.exe
  C:\Windows\System\yGRtZdm.exe
  2⤵
  PID:9128
- C:\Windows\System\UovAZER.exe
  C:\Windows\System\UovAZER.exe
  2⤵
  PID:9144
- C:\Windows\System\qSCmCzN.exe
  C:\Windows\System\qSCmCzN.exe
  2⤵
  PID:9160
- C:\Windows\System\QPfDscC.exe
  C:\Windows\System\QPfDscC.exe
  2⤵
  PID:9176
- C:\Windows\System\InWjayI.exe
  C:\Windows\System\InWjayI.exe
  2⤵
  PID:9192
- C:\Windows\System\PtZxdXr.exe
  C:\Windows\System\PtZxdXr.exe
  2⤵
  PID:9208
- C:\Windows\System\ASNQshf.exe
  C:\Windows\System\ASNQshf.exe
  2⤵
  PID:8240
- C:\Windows\System\tCWIwqQ.exe
  C:\Windows\System\tCWIwqQ.exe
  2⤵
  PID:8304
- C:\Windows\System\ZwSULjN.exe
  C:\Windows\System\ZwSULjN.exe
  2⤵
  PID:8368
- C:\Windows\System\gfOyXTu.exe
  C:\Windows\System\gfOyXTu.exe
  2⤵
  PID:8400
- C:\Windows\System\AGXDZnw.exe
  C:\Windows\System\AGXDZnw.exe
  2⤵
  PID:8436
- C:\Windows\System\NXZcgLI.exe
  C:\Windows\System\NXZcgLI.exe
  2⤵
  PID:8500
- C:\Windows\System\OzjGCNX.exe
  C:\Windows\System\OzjGCNX.exe
  2⤵
  PID:8288
- C:\Windows\System\vssajoh.exe
  C:\Windows\System\vssajoh.exe
  2⤵
  PID:8592
- C:\Windows\System\icgozrd.exe
  C:\Windows\System\icgozrd.exe
  2⤵
  PID:8628
- C:\Windows\System\sqJjiQI.exe
  C:\Windows\System\sqJjiQI.exe
  2⤵
  PID:8120
- C:\Windows\System\ZivipFl.exe
  C:\Windows\System\ZivipFl.exe
  2⤵
  PID:8324
- C:\Windows\System\pJDMyRT.exe
  C:\Windows\System\pJDMyRT.exe
  2⤵
  PID:8356
- C:\Windows\System\JrCKqNb.exe
  C:\Windows\System\JrCKqNb.exe
  2⤵
  PID:8608
- C:\Windows\System\vWIdNET.exe
  C:\Windows\System\vWIdNET.exe
  2⤵
  PID:8420
- C:\Windows\System\BClmXza.exe
  C:\Windows\System\BClmXza.exe
  2⤵
  PID:8692
- C:\Windows\System\WBrTznH.exe
  C:\Windows\System\WBrTznH.exe
  2⤵
  PID:8548
- C:\Windows\System\vMCuOuG.exe
  C:\Windows\System\vMCuOuG.exe
  2⤵
  PID:8752
- C:\Windows\System\FFcXTMJ.exe
  C:\Windows\System\FFcXTMJ.exe
  2⤵
  PID:8788
- C:\Windows\System\YICyFtv.exe
  C:\Windows\System\YICyFtv.exe
  2⤵
  PID:8704
- C:\Windows\System\xFrSGFa.exe
  C:\Windows\System\xFrSGFa.exe
  2⤵
  PID:8772
- C:\Windows\System\jXryHwD.exe
  C:\Windows\System\jXryHwD.exe
  2⤵
  PID:8836
- C:\Windows\System\ibQTvbn.exe
  C:\Windows\System\ibQTvbn.exe
  2⤵
  PID:8856
- C:\Windows\System\SAxBTlL.exe
  C:\Windows\System\SAxBTlL.exe
  2⤵
  PID:8920
- C:\Windows\System\KLXWDmU.exe
  C:\Windows\System\KLXWDmU.exe
  2⤵
  PID:8952
- C:\Windows\System\SdcDWFR.exe
  C:\Windows\System\SdcDWFR.exe
  2⤵
  PID:9012
- C:\Windows\System\zlBfHoH.exe
  C:\Windows\System\zlBfHoH.exe
  2⤵
  PID:9000
- C:\Windows\System\QWGMihA.exe
  C:\Windows\System\QWGMihA.exe
  2⤵
  PID:9028
- C:\Windows\System\ZKQGBYX.exe
  C:\Windows\System\ZKQGBYX.exe
  2⤵
  PID:9036
- C:\Windows\System\iobsCvl.exe
  C:\Windows\System\iobsCvl.exe
  2⤵
  PID:9120
- C:\Windows\System\OQagxWn.exe
  C:\Windows\System\OQagxWn.exe
  2⤵
  PID:9168
- C:\Windows\System\KpDBAwL.exe
  C:\Windows\System\KpDBAwL.exe
  2⤵
  PID:9200
- C:\Windows\System\nNLcxme.exe
  C:\Windows\System\nNLcxme.exe
  2⤵
  PID:8256
- C:\Windows\System\cULpIqf.exe
  C:\Windows\System\cULpIqf.exe
  2⤵
  PID:8532
- C:\Windows\System\dVKetsO.exe
  C:\Windows\System\dVKetsO.exe
  2⤵
  PID:9188
- C:\Windows\System\sqZTFyS.exe
  C:\Windows\System\sqZTFyS.exe
  2⤵
  PID:8340
- C:\Windows\System\dDdacMQ.exe
  C:\Windows\System\dDdacMQ.exe
  2⤵
  PID:7384
- C:\Windows\System\HxSyGzh.exe
  C:\Windows\System\HxSyGzh.exe
  2⤵
  PID:8352
- C:\Windows\System\NEvouTQ.exe
  C:\Windows\System\NEvouTQ.exe
  2⤵
  PID:8724
- C:\Windows\System\cwNrtdt.exe
  C:\Windows\System\cwNrtdt.exe
  2⤵
  PID:8792
- C:\Windows\System\QjdTAHc.exe
  C:\Windows\System\QjdTAHc.exe
  2⤵
  PID:8384
- C:\Windows\System\OTemzWJ.exe
  C:\Windows\System\OTemzWJ.exe
  2⤵
  PID:8580
- C:\Windows\System\qCamHBF.exe
  C:\Windows\System\qCamHBF.exe
  2⤵
  PID:8852
- C:\Windows\System\OukBccg.exe
  C:\Windows\System\OukBccg.exe
  2⤵
  PID:8948
- C:\Windows\System\PwDVNrN.exe
  C:\Windows\System\PwDVNrN.exe
  2⤵
  PID:9088
- C:\Windows\System\RpSKaWX.exe
  C:\Windows\System\RpSKaWX.exe
  2⤵
  PID:8888
- C:\Windows\System\FpnVwHM.exe
  C:\Windows\System\FpnVwHM.exe
  2⤵
  PID:8984
- C:\Windows\System\aFoLrHT.exe
  C:\Windows\System\aFoLrHT.exe
  2⤵
  PID:9072
- C:\Windows\System\HlDWkff.exe
  C:\Windows\System\HlDWkff.exe
  2⤵
  PID:8660
- C:\Windows\System\wFHLyFS.exe
  C:\Windows\System\wFHLyFS.exe
  2⤵
  PID:9156
- C:\Windows\System\UxGhqkC.exe
  C:\Windows\System\UxGhqkC.exe
  2⤵
  PID:8320
- C:\Windows\System\KBeFNZZ.exe
  C:\Windows\System\KBeFNZZ.exe
  2⤵
  PID:8468
- C:\Windows\System\OMdbrjE.exe
  C:\Windows\System\OMdbrjE.exe
  2⤵
  PID:8936
- C:\Windows\System\unhooDs.exe
  C:\Windows\System\unhooDs.exe
  2⤵
  PID:8820
- C:\Windows\System\EReYXtw.exe
  C:\Windows\System\EReYXtw.exe
  2⤵
  PID:8868
- C:\Windows\System\Nzrpbly.exe
  C:\Windows\System\Nzrpbly.exe
  2⤵
  PID:9172
- C:\Windows\System\jOGcrbC.exe
  C:\Windows\System\jOGcrbC.exe
  2⤵
  PID:8996
- C:\Windows\System\taCEIVu.exe
  C:\Windows\System\taCEIVu.exe
  2⤵
  PID:8676
- C:\Windows\System\qpdCjAN.exe
  C:\Windows\System\qpdCjAN.exe
  2⤵
  PID:8432
- C:\Windows\System\BwHJMjh.exe
  C:\Windows\System\BwHJMjh.exe
  2⤵
  PID:9140
- C:\Windows\System\YmkXUpN.exe
  C:\Windows\System\YmkXUpN.exe
  2⤵
  PID:8480
- C:\Windows\System\BQFABNq.exe
  C:\Windows\System\BQFABNq.exe
  2⤵
  PID:9232
- C:\Windows\System\OldWmxt.exe
  C:\Windows\System\OldWmxt.exe
  2⤵
  PID:9248
- C:\Windows\System\OdIHGwz.exe
  C:\Windows\System\OdIHGwz.exe
  2⤵
  PID:9264
- C:\Windows\System\WdswQAu.exe
  C:\Windows\System\WdswQAu.exe
  2⤵
  PID:9280
- C:\Windows\System\mDVkBtl.exe
  C:\Windows\System\mDVkBtl.exe
  2⤵
  PID:9296
- C:\Windows\System\txcmVmI.exe
  C:\Windows\System\txcmVmI.exe
  2⤵
  PID:9312
- C:\Windows\System\iraaoMr.exe
  C:\Windows\System\iraaoMr.exe
  2⤵
  PID:9328
- C:\Windows\System\rCcilfh.exe
  C:\Windows\System\rCcilfh.exe
  2⤵
  PID:9348
- C:\Windows\System\mkGdZXV.exe
  C:\Windows\System\mkGdZXV.exe
  2⤵
  PID:9364
- C:\Windows\System\hQrVLec.exe
  C:\Windows\System\hQrVLec.exe
  2⤵
  PID:9380
- C:\Windows\System\YyzEmii.exe
  C:\Windows\System\YyzEmii.exe
  2⤵
  PID:9396
- C:\Windows\System\TbCaBnt.exe
  C:\Windows\System\TbCaBnt.exe
  2⤵
  PID:9412
- C:\Windows\System\XtvGuKP.exe
  C:\Windows\System\XtvGuKP.exe
  2⤵
  PID:9428
- C:\Windows\System\sWNjCjW.exe
  C:\Windows\System\sWNjCjW.exe
  2⤵
  PID:9444
- C:\Windows\System\PmPEhqZ.exe
  C:\Windows\System\PmPEhqZ.exe
  2⤵
  PID:9460
- C:\Windows\System\HKQWxCK.exe
  C:\Windows\System\HKQWxCK.exe
  2⤵
  PID:9476
- C:\Windows\System\fdqtGmb.exe
  C:\Windows\System\fdqtGmb.exe
  2⤵
  PID:9492
- C:\Windows\System\iTcxxYq.exe
  C:\Windows\System\iTcxxYq.exe
  2⤵
  PID:9508
- C:\Windows\System\OMArpdg.exe
  C:\Windows\System\OMArpdg.exe
  2⤵
  PID:9524
- C:\Windows\System\OtkwmRd.exe
  C:\Windows\System\OtkwmRd.exe
  2⤵
  PID:9540
- C:\Windows\System\GpaPeUK.exe
  C:\Windows\System\GpaPeUK.exe
  2⤵
  PID:9556
- C:\Windows\System\JAkaVAh.exe
  C:\Windows\System\JAkaVAh.exe
  2⤵
  PID:9572
- C:\Windows\System\iuRFMqu.exe
  C:\Windows\System\iuRFMqu.exe
  2⤵
  PID:9588
- C:\Windows\System\rEBrVeY.exe
  C:\Windows\System\rEBrVeY.exe
  2⤵
  PID:9604
- C:\Windows\System\WEapQvP.exe
  C:\Windows\System\WEapQvP.exe
  2⤵
  PID:9620
- C:\Windows\System\RzsYnsD.exe
  C:\Windows\System\RzsYnsD.exe
  2⤵
  PID:9636
- C:\Windows\System\pzHEaHa.exe
  C:\Windows\System\pzHEaHa.exe
  2⤵
  PID:9652
- C:\Windows\System\HUddSuX.exe
  C:\Windows\System\HUddSuX.exe
  2⤵
  PID:9668
- C:\Windows\System\PlNBEzT.exe
  C:\Windows\System\PlNBEzT.exe
  2⤵
  PID:9684
- C:\Windows\System\ZrcPHKg.exe
  C:\Windows\System\ZrcPHKg.exe
  2⤵
  PID:9700
- C:\Windows\System\IqFMLuC.exe
  C:\Windows\System\IqFMLuC.exe
  2⤵
  PID:9716
- C:\Windows\System\rojnHNG.exe
  C:\Windows\System\rojnHNG.exe
  2⤵
  PID:9732
- C:\Windows\System\AshJSXT.exe
  C:\Windows\System\AshJSXT.exe
  2⤵
  PID:9748
- C:\Windows\System\viruTwN.exe
  C:\Windows\System\viruTwN.exe
  2⤵
  PID:9764
- C:\Windows\System\jUNhlwf.exe
  C:\Windows\System\jUNhlwf.exe
  2⤵
  PID:9780
- C:\Windows\System\OUikmCX.exe
  C:\Windows\System\OUikmCX.exe
  2⤵
  PID:9796
- C:\Windows\System\mQxGimL.exe
  C:\Windows\System\mQxGimL.exe
  2⤵
  PID:9812
- C:\Windows\System\aSMYWqH.exe
  C:\Windows\System\aSMYWqH.exe
  2⤵
  PID:9828
- C:\Windows\System\kBIBZcA.exe
  C:\Windows\System\kBIBZcA.exe
  2⤵
  PID:9844
- C:\Windows\System\XcfPOSg.exe
  C:\Windows\System\XcfPOSg.exe
  2⤵
  PID:9860
- C:\Windows\System\LqjKOXS.exe
  C:\Windows\System\LqjKOXS.exe
  2⤵
  PID:9876
- C:\Windows\System\iwWPuEW.exe
  C:\Windows\System\iwWPuEW.exe
  2⤵
  PID:9892
- C:\Windows\System\Iajacmy.exe
  C:\Windows\System\Iajacmy.exe
  2⤵
  PID:9908
- C:\Windows\System\GXKaOPM.exe
  C:\Windows\System\GXKaOPM.exe
  2⤵
  PID:9924
- C:\Windows\System\FjsHxqn.exe
  C:\Windows\System\FjsHxqn.exe
  2⤵
  PID:9940
- C:\Windows\System\kKIghBq.exe
  C:\Windows\System\kKIghBq.exe
  2⤵
  PID:9956
- C:\Windows\System\BhhsuXa.exe
  C:\Windows\System\BhhsuXa.exe
  2⤵
  PID:9972
- C:\Windows\System\ykSdvgv.exe
  C:\Windows\System\ykSdvgv.exe
  2⤵
  PID:9988
- C:\Windows\System\uECEnid.exe
  C:\Windows\System\uECEnid.exe
  2⤵
  PID:10004
- C:\Windows\System\jbjUYIr.exe
  C:\Windows\System\jbjUYIr.exe
  2⤵
  PID:10020
- C:\Windows\System\Cojotsi.exe
  C:\Windows\System\Cojotsi.exe
  2⤵
  PID:10036
- C:\Windows\System\gDqDwYC.exe
  C:\Windows\System\gDqDwYC.exe
  2⤵
  PID:10056
- C:\Windows\System\cJsREqo.exe
  C:\Windows\System\cJsREqo.exe
  2⤵
  PID:10072
- C:\Windows\System\rdBIsmf.exe
  C:\Windows\System\rdBIsmf.exe
  2⤵
  PID:10088
- C:\Windows\System\HLHnITl.exe
  C:\Windows\System\HLHnITl.exe
  2⤵
  PID:10104
- C:\Windows\System\MZsJOOH.exe
  C:\Windows\System\MZsJOOH.exe
  2⤵
  PID:10120
- C:\Windows\System\rHikYWH.exe
  C:\Windows\System\rHikYWH.exe
  2⤵
  PID:10144
- C:\Windows\System\IXrOdRC.exe
  C:\Windows\System\IXrOdRC.exe
  2⤵
  PID:10160
- C:\Windows\System\JyHidvU.exe
  C:\Windows\System\JyHidvU.exe
  2⤵
  PID:10176
- C:\Windows\System\jXPtugN.exe
  C:\Windows\System\jXPtugN.exe
  2⤵
  PID:10192
- C:\Windows\System\geGBhUZ.exe
  C:\Windows\System\geGBhUZ.exe
  2⤵
  PID:10208
- C:\Windows\System\VvefqTk.exe
  C:\Windows\System\VvefqTk.exe
  2⤵
  PID:10224
- C:\Windows\System\tSwdmnR.exe
  C:\Windows\System\tSwdmnR.exe
  2⤵
  PID:8484
- C:\Windows\System\DflKQDM.exe
  C:\Windows\System\DflKQDM.exe
  2⤵
  PID:9240
- C:\Windows\System\TAIRZyl.exe
  C:\Windows\System\TAIRZyl.exe
  2⤵
  PID:9276
- C:\Windows\System\ygZrXQL.exe
  C:\Windows\System\ygZrXQL.exe
  2⤵
  PID:8904
- C:\Windows\System\iCaLTfw.exe
  C:\Windows\System\iCaLTfw.exe
  2⤵
  PID:8624
- C:\Windows\System\mScEWsp.exe
  C:\Windows\System\mScEWsp.exe
  2⤵
  PID:9288
- C:\Windows\System\FFUuEhs.exe
  C:\Windows\System\FFUuEhs.exe
  2⤵
  PID:9344
- C:\Windows\System\ZDiEqLv.exe
  C:\Windows\System\ZDiEqLv.exe
  2⤵
  PID:9376
- C:\Windows\System\VCgvzbS.exe
  C:\Windows\System\VCgvzbS.exe
  2⤵
  PID:9356
- C:\Windows\System\GsqjskV.exe
  C:\Windows\System\GsqjskV.exe
  2⤵
  PID:9424
- C:\Windows\System\OcZHkbV.exe
  C:\Windows\System\OcZHkbV.exe
  2⤵
  PID:9532
- C:\Windows\System\mTsxMPA.exe
  C:\Windows\System\mTsxMPA.exe
  2⤵
  PID:9596
- C:\Windows\System\WncBYne.exe
  C:\Windows\System\WncBYne.exe
  2⤵
  PID:9660
- C:\Windows\System\XTBQqQR.exe
  C:\Windows\System\XTBQqQR.exe
  2⤵
  PID:9692
- C:\Windows\System\cmoCcjt.exe
  C:\Windows\System\cmoCcjt.exe
  2⤵
  PID:9452
- C:\Windows\System\MZIKWTi.exe
  C:\Windows\System\MZIKWTi.exe
  2⤵
  PID:9760
- C:\Windows\System\uTZoZRJ.exe
  C:\Windows\System\uTZoZRJ.exe
  2⤵
  PID:9820
- C:\Windows\System\ACNpeKb.exe
  C:\Windows\System\ACNpeKb.exe
  2⤵
  PID:9580
- C:\Windows\System\fRefoYZ.exe
  C:\Windows\System\fRefoYZ.exe
  2⤵
  PID:9824
- C:\Windows\System\GdLmpLx.exe
  C:\Windows\System\GdLmpLx.exe
  2⤵
  PID:9644
- C:\Windows\System\BocTgUB.exe
  C:\Windows\System\BocTgUB.exe
  2⤵
  PID:9708
- C:\Windows\System\jHUiHpa.exe
  C:\Windows\System\jHUiHpa.exe
  2⤵
  PID:9772
- C:\Windows\System\uDBiugb.exe
  C:\Windows\System\uDBiugb.exe
  2⤵
  PID:9836
- C:\Windows\System\jdLpMkz.exe
  C:\Windows\System\jdLpMkz.exe
  2⤵
  PID:9888
- C:\Windows\System\twdyTpy.exe
  C:\Windows\System\twdyTpy.exe
  2⤵
  PID:9948
- C:\Windows\System\sqUIOXk.exe
  C:\Windows\System\sqUIOXk.exe
  2⤵
  PID:10012
- C:\Windows\System\JHdvXuF.exe
  C:\Windows\System\JHdvXuF.exe
  2⤵
  PID:10052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ADuvYTC.exe

Filesize
6.0MB

MD5
980661c426baf3052060af6fa15f177b

SHA1
11e387ec020e70d06b9c5eddd197b36eedf6ab4b

SHA256
32685fc129e651a18f804d91206e1c208bf99e0f3a099349967767489885b8f6

SHA512
2bf4aef714348a31392283fc458bb33fbd01381ea7a937b9923340d320c51cbb3b17775d77bb49c808bd671a23d28c5500e7007e62899c8632497465ca6e9f11

Download Submit
C:\Windows\system\AibxoWB.exe

Filesize
6.0MB

MD5
cb009dc13cb0218c982de87db66d7d07

SHA1
cf87bcec4299250d0cf0c05638e98903915adff8

SHA256
b4b2ed32ecd8aaf96ad41ac863555f1d49b9badd3794522655bf64bc20c90d9e

SHA512
7a9db2dffe5a1e826b62d41052633179d3f2695bbdb0a8a71acd7fa0e2d459328516f71bbda94d0d905fe53ca540c9f2f697f9751bd8b059b4445dc025b639f4

Download Submit
C:\Windows\system\DtjlwWZ.exe

Filesize
6.0MB

MD5
67b6f2cf3c2cb9d05b2749ab1079304b

SHA1
63eb3f87634756a43320d2c393a2f7be2615ddc0

SHA256
f83595bd4da58682580e9baa9606efd75352cdeb56675f5c1a6a7ae3a6dade7e

SHA512
d32b2c5b8a23c69137d7fab224ee35a61e7b6544955776185aebfb7974d8fb348b70fd76d5cb558cf382bd9eb11650b63122a5f57c908ed731675b702083df51

Download Submit
C:\Windows\system\EnvmjcK.exe

Filesize
6.0MB

MD5
9f88e468e2392bf0d54da50d58bb71bc

SHA1
ea902d58af1b1e5bc2fc42baec7ae62186b0f8e2

SHA256
665644806f4a6b172422bbfad1c758da7d50efce10aeee5cca000ac827c3872a

SHA512
c950fd58a0ce80f765d80b038ba08fd63cbd0cd6799e366bbc8b523cbbec19e2c6cdcedd58387c108d845371142f38652fc7e79a72198cfd32fa07299c736f38

Download Submit
C:\Windows\system\GyKBhOE.exe

Filesize
6.0MB

MD5
c8eefa0a4ed83acdd9a8fd0da9ef5a62

SHA1
2d8f75f6183bb8b6250bd9b0e8053c8e31553f50

SHA256
522cae3e1f4c284069e590368c01a5ae9da7b5efaee24c728dc0737e47575a96

SHA512
7d74b3e8c05c6d9a43d4053ce15780b0c777e0ff64c34c552b37b6759124bba5d8e31b4bb32e41f377b3ff9d21f8597311e5fa65ebe3da1c1a0ec1033d5b208b

Download Submit
C:\Windows\system\IHJyvWG.exe

Filesize
6.0MB

MD5
479e5f895ba51616684cd65a6930169f

SHA1
6deb36dae7b86d356fb3646a51d1eaec8c78a7da

SHA256
c944138e696f11ffa0df8d03982165bc4e0624625718a41fca13603d2233b00b

SHA512
654e970c063e7943a0a1ad78a714ce70b5b8d2a36b735206c0c5aedeab94ddaabc5866eda26d143aba1afa1ccc9d1fa789d8ee139be855a07995deb2e18d11d0

Download Submit
C:\Windows\system\JhEZIZE.exe

Filesize
6.0MB

MD5
9cfb2a5b5dc247c8b8e9e3e0bf965117

SHA1
d745012ad5053f010753fc577792fdf3e2621731

SHA256
b079bf7efb874af0dbda5f04fbf3169c51f7d80725341f0f7c5192efb2182165

SHA512
85129fe773ec9ee058f8d262f22f32661ae12c124d9497cb822e58d9d2eb1c6185d767c1fc63cf1113523acd048b597cc37ea442e7e3ddb0b6aff4b5985e8fbd

Download Submit
C:\Windows\system\NQGKyqd.exe

Filesize
6.0MB

MD5
c93cc85b7bf204c0e7386bb4e052dc92

SHA1
67031e8e2faabfb8a4e66112a5dc0c4c8cde3189

SHA256
051655987d9bed9d15d794ce7bdd6f43689034ba91924c9216b15a53457b89ac

SHA512
c89d92c31f839fad7c115bfd831e18fa80fb842ebbf46b3c091d77962af50993acb50622fb890e4fe3c36d8d3eed49ad7f4154d7a7bc2888574e8be95c074527

Download Submit
C:\Windows\system\NyvBILo.exe

Filesize
6.0MB

MD5
c43e7cdc370e5e0ad595b00cab1d9d4f

SHA1
cebb3c4e248058ac12f9e7042f61d18bd85239b7

SHA256
dc304243820552703448f701fd391bb550b2883485ae2735c57302f9a09a0131

SHA512
0f1b600f6068440f01872fe13e9fb6520dc43a622b6a72241546c6588fea32b187110e97b9f3d2cc5fb5e5f194aa2b5969b4c33c85c699f0d181e920ec63e00b

Download Submit
C:\Windows\system\QWXHkQp.exe

Filesize
6.0MB

MD5
fc3d1e819ea9b86391c98296479e2a61

SHA1
be4180e327708f6ad126e7d2c0feac4480960e60

SHA256
6514d0cdbabe8dcb0c9522a6ef3711ff0b14ef3025829e384e27796099415cff

SHA512
86ffe24207feb288f18e7193942c4aec1e588ea5b5c7a9b8bfa98c990de9f38281e8ae6e27d137bbd02205d80dee94d21e7567f4a353261b5772c5c929a4fcbd

Download Submit
C:\Windows\system\UStNlKa.exe

Filesize
6.0MB

MD5
353a80b7748f5e62949d687a2780ac75

SHA1
b96c3e0166b696eab091b5f289621549b341ec7d

SHA256
58c16129b6925b2b5066213ff33778beae56d7f91ad347ea65de515a2ee61efe

SHA512
6c448c294a9c110523e134901e1f8e0a641c6b9c27e481cef756bbc016733457b6fa00b50c7dd9783dc305bb56b836cd9efb552b6c138a2f04257c62c83ffef4

Download Submit
C:\Windows\system\WIouvJW.exe

Filesize
6.0MB

MD5
0ea81524f5d73c5433966fde911ac380

SHA1
b7129a54df239e1fd526931aa07822859ab51079

SHA256
f58e71528ee57796c44e14141b76c64130e05a58a7e308067c20c479259671d0

SHA512
237b6874aa2293ff0bd977a23ae65d22855d220596bcffba52b16cd771405e2046ad7f17fb9b6d5c3098898e44269045490f23835de8d21f246306e4708f1a50

Download Submit
C:\Windows\system\XLBppSb.exe

Filesize
6.0MB

MD5
e9c85477273040acf54e3ca501d8cacb

SHA1
7a7dc667b5d36473c0b326671addd89eca0cf7c9

SHA256
2d52363ba90b1707cf39bac1fa5b6ffb8d5d05638547692ec393685271cd8ed2

SHA512
b46f90de69afa1e81433155c2ab6104d9d7c3372427a8f8ac031131829c1399b5e7006bafb715ca8e8c4315bf81a736c8e7cdf26de5d2fb86ebbd6810a53e74f

Download Submit
C:\Windows\system\bBUQfRV.exe

Filesize
6.0MB

MD5
c3200b403c658ab0016f561036ad72ff

SHA1
ba7d4ceb8a62ae5e7eb1dffac50a2ccfbc3d2826

SHA256
65908dfe6afdbe8bb41655d6eff0f37b27d7a1cde5194038f6345c069522fb7c

SHA512
df3edf1d45703ca19569a312d0dfa25e62af32612d02f69de684cb540a236121ef252afdc84f414cb5890709e6c4edfca5cbb8baeefa39a74b23d4b5824e39f7

Download Submit
C:\Windows\system\fuDBCEz.exe

Filesize
6.0MB

MD5
34386ac0fbec7e7bf660406c7453b865

SHA1
4ffd51113e07fa9c724f33c0f6494ed7a9cf2570

SHA256
d9588270b2e307d5917fc22624dd9f6b6731f2c31e466a315cf4a61f0eba337f

SHA512
94bd0f35eb9be62cabe74214c803fa738c69572016a121532c7eb336a1dcd8d1ffc804c3cadc3cf2f90caac8a3a93cbb623190c16b725fceb648e397b90b6bf2

Download Submit
C:\Windows\system\kcgtEIN.exe

Filesize
6.0MB

MD5
a1f1c4e8de8c51eb6d010528c57e7888

SHA1
3da7200c431752dfa6908e8c37548b981268932f

SHA256
2fec6c6358783b04db7dd36bd8354a35b4c1a5287717adbdbaef790b68dbb9c1

SHA512
ee3882d35ee370c0dd80a471031bd31f210878fb19977153c1c322b5b0055012be6b4902f8a221c0870ab3a75a81ab289e6d6c808dec33a238bddf9a6fb28e47

Download Submit
C:\Windows\system\nAibPnB.exe

Filesize
6.0MB

MD5
2bdcf0a98459225b0560156d1881cbd6

SHA1
59127f59d7208d8c7455ebe486e53593d64b29ab

SHA256
32832025fcb8d038958484ee6e08082419bcc52fc002f8c0bece2920daee7f29

SHA512
a9ced22fa4db457b2766cbdc46f70422bcf839965dd5dfe17e8eca0a6523b460d8727cf0d1f04aeac0e2d56446087bb4f7928d9e0ec291e472fff2993a827edb

Download Submit
C:\Windows\system\sNrHrfx.exe

Filesize
6.0MB

MD5
89add8ea68c5226d2827254125bc6760

SHA1
37682e12c0d6f45e35fd4bc879717621a3a273a3

SHA256
a9569f2adab917e0ba1abb4e72412f6e1969b6c06f6e0f1d1518788475a13197

SHA512
6e9c3f542f08d45090398d84f2d860fb6e090c00270b7b0d6b450fa96e0a7fe2bcf642e234742fe26039e41a2a41391419a1bdf587312bd6cb80ded6722f1c63

Download Submit
C:\Windows\system\tYRZUFt.exe

Filesize
6.0MB

MD5
e11c3fe30df77366cb866b8e26c7dac7

SHA1
906896df6677feb54c6ec93f4456a3067ac9846c

SHA256
05d413b42fc5b5368cb3222e4d72a383cc508528dc01a5d668e131e039e1f522

SHA512
c00753bf3f636f4984e3453f61f0401c3cc8cd7e481a4eaa47b94ba5305c1005f36a531913946409d931c2980d5a0e6dddfacb4699a72aa92f07fb1a1506a72f

Download Submit
C:\Windows\system\tZUksSp.exe

Filesize
6.0MB

MD5
2dca954c0fba22c56bfb9df1280634e2

SHA1
be1262747cfac85104a0ec07fa1dc7bba618e80f

SHA256
88cfbc0f1c208b131b5dbf6cda45b39df84a1aa894db106960dcfa274a40ef6c

SHA512
ef0e9d4cc80872510f6b105ac75eb039520768d01380da71e3acaf3a77a1731cefa1fb4493b6f3938800152a2d621df2146ced01189063856351d5f148f8fe3e

Download Submit
C:\Windows\system\tcbYDNW.exe

Filesize
6.0MB

MD5
091911f2530d052688dcf249f59fb9bc

SHA1
075293bbe8940ecf8793bab9bf605fabd19d6c3d

SHA256
601909c797e53b15a3acbba82f7b56f066d59f68fe5f5a6dd16346c647967213

SHA512
d492d4bcae0725e711eacf026f0e4d2a79aad2a7c1141244b2dc9f84ad43829f28f3c1bba7311050e54b61cc269a221c4ebe0533bcacbe944540d89b64d30c61

Download Submit
C:\Windows\system\vXIhJtl.exe

Filesize
6.0MB

MD5
7d7d3a876cb836e4cdeca4f1e9cbfa22

SHA1
20dfa762254c4be8d4bb053bda9c2d55784bd9ef

SHA256
f7f62e8d0f1b22c6e2fdc4a132f91b2c9d0703eb99171047e3bcd10ec7875acd

SHA512
ac964b19e36ef2eeaeb4d1ca197e2b6c04131720fe56654cc7cde0041509b1efe2203aefb1e1544ccaa4b088a96f07f566e127201684b951879e8cdbec1668c9

Download Submit
C:\Windows\system\vlEhoaC.exe

Filesize
6.0MB

MD5
3977d4e06b299ffd69cf08ad097fa77c

SHA1
4d0ee48463ea1add0f4b741c2773097a513c987c

SHA256
7eedc92cdb91a6021adb007ce02cfb929c8241875abeee939b51c8df3e1d0c82

SHA512
336979dc88d1e242c4d55becba59912bc79806c6e7c61c1712d8a5bcec7e752d7f8f4c773e84121d162798dcbfb9b984a3691148fcd51e40578cdcecb3aff3b1

Download Submit
C:\Windows\system\yYHFWhI.exe

Filesize
6.0MB

MD5
608e51069a3892180648a5b50c5e3717

SHA1
dbd4b3408ec4db0c05fcf28472c582e4d1a2afab

SHA256
d0cffc0ffe07cb9ba03a1058c3164d12d77bb6e1094ede3e4848ffef35279127

SHA512
1856f20de1e5cf47a3050677326ae01f91f1429e0fc900c73f51632836e3bc396daab2bfb21a0071bdc7e8454c55fed28f5d7a19a29512d2293bcef297dd4320

Download Submit
\Windows\system\HHHdlJL.exe

Filesize
6.0MB

MD5
ea646fb494b5360a7667144a673a1136

SHA1
59cb437498f347c59e7b0cb3a5f48a517f214253

SHA256
170e7f45173290258b48c48a93e9efc281e904706cd493f5cbfe1c8694eb245a

SHA512
e746805fa8a0057bd06a3504427112211cdee081142daedf96ae83d2e0ef5813a9c3a764bafcc38a6f7705827dbf27d8fae4d5122ed1160dede3d8d3b523435c

Download Submit
\Windows\system\IIxjLTV.exe

Filesize
6.0MB

MD5
77c2404bbb9070a7d1f54d4920ecc1d2

SHA1
0ee6972ff385c4f872ef6606ef0024a7a104f199

SHA256
70e3160ed19816292dc133e4ee1cecb2d689f3ec96fa91d0005a80cdb6398169

SHA512
335c487a836ab04797cd0ce0eedc448e70c904e6271f0bcea9f5aa8d8a5843af60cb25792d5d070e95066ce063ed36525509e389661ef80641a03c85ff94434b

Download Submit
\Windows\system\PAWuynR.exe

Filesize
6.0MB

MD5
041c1198b0b710a99c87307855f024c1

SHA1
4f139d9606e1fcaf54b38cf0a0ff2c7cdb50b119

SHA256
bbd0c52b72e4c68db4a9af944d1adbbf9f7529a9c956f8bf7050df62bf083003

SHA512
f40034334fe6fab372254cce43df9dedcd189fe69a3db233737089164ed0cf1cbec6ff1c9e1a05666cccbcf4894a3a7c1ce27c6dbf09b4883b81b56cbbc2e378

Download Submit
\Windows\system\PPkjHHl.exe

Filesize
6.0MB

MD5
572595ed51b0cca50931061448846536

SHA1
64d428e92f06adde833e91487f7482df4f1d3be2

SHA256
90436a9b60738077bd73195ca9d1b224da80e1cd6632821a7902c21340074544

SHA512
1c3e0b6441a56c72decb44e5215c92fdc19d077fd30b6e82c7689b33ec009a2c05dcd6df0d8939d3a03f5f807bae1ac65c6a3576c7d53eba530dd6acaaed0bc2

Download Submit
\Windows\system\QEqnKyE.exe

Filesize
6.0MB

MD5
9c19f3bf390a06ff9a696d6089927f47

SHA1
5a10fd3faa566b2e85e3a811fd7751e282703171

SHA256
e8b9582ac6ffc9ad26fbd108bee52b55e26857432f9df56a0f365a7a43dabfcb

SHA512
940ecf6f4931f6e5825d1bec55c80fcb0970c58152ea0594712b89f2edc78f7f58e3bf520e9a829aca478c0059cba8f34305254cd7e9af2c74bdde8e1e03fc5f

Download Submit
\Windows\system\ktTFQeQ.exe

Filesize
6.0MB

MD5
e1b2a9b7e77d2776cb5857086fe9d569

SHA1
b65a4fcc01a2706a1aeb823f6bc8bb678d0edb5c

SHA256
a67360b66ee294287a84bdaa2f44121a013ebd5960367f26a5a70311031985be

SHA512
8f16653d716a6a6765a77db5fb84c7375344c38acbe35b7b30369833d114feffe6acaae1804df145ecb5d31837311ca29867a25192eb44439325cabda91bce63

Download Submit
\Windows\system\rUVGKDg.exe

Filesize
6.0MB

MD5
faf33ff485961a68aa63a704d76e41ab

SHA1
c9a15358a8969ea354fd034420aa7b53075b29d7

SHA256
ee61331c9fbf5736968468274c62b06930ddcaa6d96d5202cd53eaa08ac3e765

SHA512
8fc8aed8e644efa89a38b946d564e1299625db345ab90b2c8bfe4952f0b93e62493a248880dc521a26838d476c77706e665ad9e2cda0a4e6ae421e819d5a6b13

Download Submit
\Windows\system\ttwZdJw.exe

Filesize
6.0MB

MD5
c5349bb10a973c1cb776603c978da73a

SHA1
07f97773b314a0160d9e3c3e4bc6822d88f113d2

SHA256
ba60baf63ad0c26d22b49858171582407950174b32e5676f2cd4c7d8e2be24d9

SHA512
6d4830081c3276fb67dc17819a7b2977c85e8600f67df3d93058d7cabff607773c597288e3a418c12be40c6121c3bb89f1ed73eedb337e96b1483c16ed7b9371

Download Submit
memory/1228-63-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1228-4150-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1256-3248-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-46-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-4145-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-4142-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-17-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-39-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-4144-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2508-4143-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2508-35-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2616-2747-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-4154-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-4153-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2652-1308-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2652-4155-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2668-4139-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2668-4151-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2688-56-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2688-4146-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2720-53-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2720-4149-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2864-4148-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-52-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-4147-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-51-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-4138-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/3000-10-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-54-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-55-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-0-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-4140-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/3000-66-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/3000-49-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-47-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/3000-28-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/3000-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/3000-58-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-4141-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/3044-4152-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download