cobaltstrike | eeb2160e4fc02546e1bf060ed5222e953c225c2294b42a5a05ef167813e28e50

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-09-2024 08:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

984416f075c2ef59b8bf479287272c96
SHA1

dd54f16efb2c6965bd8f08fdb5b12d5c5700af3f
SHA256

eeb2160e4fc02546e1bf060ed5222e953c225c2294b42a5a05ef167813e28e50
SHA512

5366987d21e064af4955f2f08072cf4d9fd6fa635b008cf603d4762b2c2b1fe9c04faac58b72295da5086ca70faa4126e2916ed2b7afae04635041f896cf5c5f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUn:T+q56utgpPF8u/7n

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019259-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019268-10.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001926c-16.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019275-34.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019278-37.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019319-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019513-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b0d-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c87-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f6e-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0ab-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a06a-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a074-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f58-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cbe-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8c-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c85-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c6c-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b0f-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019a72-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019642-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964b-111.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197c2-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964a-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953e-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019640-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d7-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-72.dat	cobalt_reflective_dll
behavioral1/files/0x00340000000191f6-61.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001929a-47.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2684-0-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-6.dat	xmrig
behavioral1/files/0x0007000000019259-8.dat	xmrig
behavioral1/files/0x0007000000019268-10.dat	xmrig
behavioral1/files/0x000700000001926c-16.dat	xmrig
behavioral1/memory/2736-28-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0006000000019275-34.dat	xmrig
behavioral1/memory/2920-35-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/files/0x0006000000019278-37.dat	xmrig
behavioral1/memory/2580-41-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2684-74-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019319-55.dat	xmrig
behavioral1/files/0x0005000000019513-88.dat	xmrig
behavioral1/memory/3012-92-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2580-97-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019b0d-127.dat	xmrig
behavioral1/files/0x0005000000019c87-142.dat	xmrig
behavioral1/files/0x0005000000019f6e-158.dat	xmrig
behavioral1/files/0x000500000001a0ab-170.dat	xmrig
behavioral1/memory/2524-365-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2900-787-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2684-786-0x0000000002470000-0x00000000027C4000-memory.dmp	xmrig
behavioral1/memory/3012-654-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2684-653-0x0000000002470000-0x00000000027C4000-memory.dmp	xmrig
behavioral1/memory/2536-461-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2684-300-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2388-219-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a06a-163.dat	xmrig
behavioral1/files/0x000500000001a074-167.dat	xmrig
behavioral1/files/0x0005000000019f58-155.dat	xmrig
behavioral1/files/0x0005000000019cbe-147.dat	xmrig
behavioral1/files/0x0005000000019d8c-150.dat	xmrig
behavioral1/files/0x0005000000019c85-139.dat	xmrig
behavioral1/files/0x0005000000019c6c-134.dat	xmrig
behavioral1/files/0x0005000000019b0f-130.dat	xmrig
behavioral1/files/0x0005000000019a72-122.dat	xmrig
behavioral1/files/0x0005000000019642-113.dat	xmrig
behavioral1/files/0x000500000001964b-111.dat	xmrig
behavioral1/files/0x00050000000197c2-117.dat	xmrig
behavioral1/files/0x000500000001964a-109.dat	xmrig
behavioral1/memory/2900-99-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001953e-95.dat	xmrig
behavioral1/files/0x0005000000019640-103.dat	xmrig
behavioral1/memory/2920-90-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2536-85-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2736-83-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x000500000001950e-82.dat	xmrig
behavioral1/files/0x00050000000194d7-65.dat	xmrig
behavioral1/memory/2524-78-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/272-75-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2388-73-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194df-72.dat	xmrig
behavioral1/memory/2404-64-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/files/0x00340000000191f6-61.dat	xmrig
behavioral1/memory/2788-59-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2684-51-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2652-50-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x000600000001929a-47.dat	xmrig
behavioral1/memory/2684-25-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2584-24-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2780-22-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2788-20-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2780-3410-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2788-3412-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2788	CEQhmVe.exe
2780	bOAWjel.exe
2584	krBnRxs.exe
2736	BkzEAQM.exe
2920	FOvlgBG.exe
2580	OuTelcu.exe
2652	NiuysGZ.exe
2404	HhxjRNC.exe
272	PlOcGsJ.exe
2388	aSXYFrf.exe
2524	jXVDgOY.exe
2536	QgPwETN.exe
3012	lBkBYak.exe
2900	wsJPjvl.exe
1968	OphZVKt.exe
568	XmOcbPs.exe
300	buHPfVs.exe
2092	KXYjFXy.exe
2160	vpTuPfZ.exe
2144	NaxOFKx.exe
588	dGLZcux.exe
592	PkOpyLh.exe
2200	fQpaLpF.exe
1996	fDbFHBc.exe
2164	lnhZwQi.exe
1988	MUvjBIt.exe
2000	AkqONdG.exe
2152	sFxDJed.exe
2256	uaAhjuz.exe
1364	KMCTgGw.exe
960	AWiRgyN.exe
328	XnYmkBC.exe
112	KwXKoyH.exe
2064	rWToNhJ.exe
716	bfcwvmE.exe
1732	bHWdLzl.exe
1664	DzdvxMp.exe
2204	mfXRWSM.exe
2476	RkKbxre.exe
1552	ctnYRZg.exe
1672	fdqigBT.exe
1100	FuBmavW.exe
2148	qdscqhC.exe
2352	mSRzlwn.exe
2056	jGCnOfg.exe
2656	ZQYRjdR.exe
2660	MSqsiHT.exe
2300	RDQxKRr.exe
332	qDsAbom.exe
712	qqUDmXe.exe
2080	moyDSCY.exe
2072	pxOupgt.exe
576	CBQqdUQ.exe
2460	LWpQkOs.exe
1688	qBZpDXs.exe
1040	YUIQtGj.exe
1948	qMHLsqk.exe
1768	IQfFueP.exe
2428	KtnMQFV.exe
2440	GMgebGs.exe
2444	bkwJWgF.exe
1576	hgazXtw.exe
1604	pOXdKNe.exe
2820	GOXPQfR.exe

Loads dropped DLL 64 IoCs

pid	Process
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2684-0-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x0007000000012118-6.dat	upx
behavioral1/files/0x0007000000019259-8.dat	upx
behavioral1/files/0x0007000000019268-10.dat	upx
behavioral1/files/0x000700000001926c-16.dat	upx
behavioral1/memory/2736-28-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x0006000000019275-34.dat	upx
behavioral1/memory/2920-35-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/files/0x0006000000019278-37.dat	upx
behavioral1/memory/2580-41-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x0006000000019319-55.dat	upx
behavioral1/files/0x0005000000019513-88.dat	upx
behavioral1/memory/3012-92-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2580-97-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/files/0x0005000000019b0d-127.dat	upx
behavioral1/files/0x0005000000019c87-142.dat	upx
behavioral1/files/0x0005000000019f6e-158.dat	upx
behavioral1/files/0x000500000001a0ab-170.dat	upx
behavioral1/memory/2524-365-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2900-787-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/3012-654-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2536-461-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2388-219-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x000500000001a06a-163.dat	upx
behavioral1/files/0x000500000001a074-167.dat	upx
behavioral1/files/0x0005000000019f58-155.dat	upx
behavioral1/files/0x0005000000019cbe-147.dat	upx
behavioral1/files/0x0005000000019d8c-150.dat	upx
behavioral1/files/0x0005000000019c85-139.dat	upx
behavioral1/files/0x0005000000019c6c-134.dat	upx
behavioral1/files/0x0005000000019b0f-130.dat	upx
behavioral1/files/0x0005000000019a72-122.dat	upx
behavioral1/files/0x0005000000019642-113.dat	upx
behavioral1/files/0x000500000001964b-111.dat	upx
behavioral1/files/0x00050000000197c2-117.dat	upx
behavioral1/files/0x000500000001964a-109.dat	upx
behavioral1/memory/2900-99-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x000500000001953e-95.dat	upx
behavioral1/files/0x0005000000019640-103.dat	upx
behavioral1/memory/2920-90-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2536-85-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2736-83-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x000500000001950e-82.dat	upx
behavioral1/files/0x00050000000194d7-65.dat	upx
behavioral1/memory/2524-78-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/272-75-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2388-73-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x00050000000194df-72.dat	upx
behavioral1/memory/2404-64-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x00340000000191f6-61.dat	upx
behavioral1/memory/2788-59-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2684-51-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2652-50-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x000600000001929a-47.dat	upx
behavioral1/memory/2584-24-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2780-22-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2788-20-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2780-3410-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2788-3412-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2584-3421-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2736-3418-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2920-3445-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/272-3447-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2404-3446-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xeKvumS.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oljpzwl.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cyKSiXO.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IUIIOxx.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXgzMLS.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZPfZRDY.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xwxiaBi.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RuonJbM.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AsGYEWb.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KMYmrRy.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BthUREN.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HCZbhsE.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjaexOA.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\moeOYHn.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\heUFtXW.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NMXWkzV.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HavcUTp.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bfcwvmE.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKLkqpA.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TKksmOR.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OwwQZwz.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pjrWbfr.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWHQdqO.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMxQIGN.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQUHZDi.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nzNBfIf.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QhwzfMP.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lCYjbsj.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HTArGiR.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkzEAQM.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uECXkqn.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JlnJYOs.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TCMNMuH.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CJtMlPb.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FBCHtEb.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xJnHBkg.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NoWZvRh.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lTMQRLA.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuggjFj.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CjCMipG.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GOXPQfR.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tsZvPQK.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TjxZSTP.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MdnufrT.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SBPuyqC.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kGskrsf.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOYehzY.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\koabMmV.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KGlCedY.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOCKGKv.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fUcojfn.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XtoSInW.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XtsqNNo.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PELqzeq.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SXJzSdK.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KkUnIZS.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AWiRgyN.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCQaCaI.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ujQrpjz.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bzCweKH.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pvHwgFq.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\egCWIWu.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGphzde.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KlzOlSX.exe	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 2788	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2684 wrote to memory of 2788	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2684 wrote to memory of 2788	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2684 wrote to memory of 2780	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2684 wrote to memory of 2780	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2684 wrote to memory of 2780	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2684 wrote to memory of 2584	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2684 wrote to memory of 2584	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2684 wrote to memory of 2584	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2684 wrote to memory of 2736	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2684 wrote to memory of 2736	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2684 wrote to memory of 2736	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2684 wrote to memory of 2920	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2684 wrote to memory of 2920	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2684 wrote to memory of 2920	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2684 wrote to memory of 2580	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2684 wrote to memory of 2580	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2684 wrote to memory of 2580	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2684 wrote to memory of 2652	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2684 wrote to memory of 2652	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2684 wrote to memory of 2652	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2684 wrote to memory of 2404	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2684 wrote to memory of 2404	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2684 wrote to memory of 2404	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2684 wrote to memory of 272	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2684 wrote to memory of 272	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2684 wrote to memory of 272	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2684 wrote to memory of 2524	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2684 wrote to memory of 2524	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2684 wrote to memory of 2524	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2684 wrote to memory of 2388	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2684 wrote to memory of 2388	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2684 wrote to memory of 2388	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2684 wrote to memory of 2536	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2684 wrote to memory of 2536	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2684 wrote to memory of 2536	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2684 wrote to memory of 3012	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2684 wrote to memory of 3012	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2684 wrote to memory of 3012	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2684 wrote to memory of 2900	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2684 wrote to memory of 2900	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2684 wrote to memory of 2900	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2684 wrote to memory of 1968	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2684 wrote to memory of 1968	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2684 wrote to memory of 1968	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2684 wrote to memory of 300	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2684 wrote to memory of 300	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2684 wrote to memory of 300	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2684 wrote to memory of 568	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2684 wrote to memory of 568	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2684 wrote to memory of 568	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2684 wrote to memory of 2160	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2684 wrote to memory of 2160	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2684 wrote to memory of 2160	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2684 wrote to memory of 2092	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2684 wrote to memory of 2092	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2684 wrote to memory of 2092	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2684 wrote to memory of 2144	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2684 wrote to memory of 2144	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2684 wrote to memory of 2144	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2684 wrote to memory of 588	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2684 wrote to memory of 588	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2684 wrote to memory of 588	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2684 wrote to memory of 592	2684	2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-22_984416f075c2ef59b8bf479287272c96_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Windows\System\CEQhmVe.exe
  C:\Windows\System\CEQhmVe.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\bOAWjel.exe
  C:\Windows\System\bOAWjel.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\krBnRxs.exe
  C:\Windows\System\krBnRxs.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\BkzEAQM.exe
  C:\Windows\System\BkzEAQM.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\FOvlgBG.exe
  C:\Windows\System\FOvlgBG.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\OuTelcu.exe
  C:\Windows\System\OuTelcu.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\NiuysGZ.exe
  C:\Windows\System\NiuysGZ.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\HhxjRNC.exe
  C:\Windows\System\HhxjRNC.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\PlOcGsJ.exe
  C:\Windows\System\PlOcGsJ.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\jXVDgOY.exe
  C:\Windows\System\jXVDgOY.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\aSXYFrf.exe
  C:\Windows\System\aSXYFrf.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\QgPwETN.exe
  C:\Windows\System\QgPwETN.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\lBkBYak.exe
  C:\Windows\System\lBkBYak.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\wsJPjvl.exe
  C:\Windows\System\wsJPjvl.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\OphZVKt.exe
  C:\Windows\System\OphZVKt.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\buHPfVs.exe
  C:\Windows\System\buHPfVs.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\XmOcbPs.exe
  C:\Windows\System\XmOcbPs.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\vpTuPfZ.exe
  C:\Windows\System\vpTuPfZ.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\KXYjFXy.exe
  C:\Windows\System\KXYjFXy.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\NaxOFKx.exe
  C:\Windows\System\NaxOFKx.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\dGLZcux.exe
  C:\Windows\System\dGLZcux.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\PkOpyLh.exe
  C:\Windows\System\PkOpyLh.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\fQpaLpF.exe
  C:\Windows\System\fQpaLpF.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\fDbFHBc.exe
  C:\Windows\System\fDbFHBc.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\lnhZwQi.exe
  C:\Windows\System\lnhZwQi.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\MUvjBIt.exe
  C:\Windows\System\MUvjBIt.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\AkqONdG.exe
  C:\Windows\System\AkqONdG.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\sFxDJed.exe
  C:\Windows\System\sFxDJed.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\uaAhjuz.exe
  C:\Windows\System\uaAhjuz.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\KMCTgGw.exe
  C:\Windows\System\KMCTgGw.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\AWiRgyN.exe
  C:\Windows\System\AWiRgyN.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\XnYmkBC.exe
  C:\Windows\System\XnYmkBC.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\KwXKoyH.exe
  C:\Windows\System\KwXKoyH.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\rWToNhJ.exe
  C:\Windows\System\rWToNhJ.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\bfcwvmE.exe
  C:\Windows\System\bfcwvmE.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\bHWdLzl.exe
  C:\Windows\System\bHWdLzl.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\DzdvxMp.exe
  C:\Windows\System\DzdvxMp.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\mfXRWSM.exe
  C:\Windows\System\mfXRWSM.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\RkKbxre.exe
  C:\Windows\System\RkKbxre.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\ctnYRZg.exe
  C:\Windows\System\ctnYRZg.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\fdqigBT.exe
  C:\Windows\System\fdqigBT.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\FuBmavW.exe
  C:\Windows\System\FuBmavW.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\qdscqhC.exe
  C:\Windows\System\qdscqhC.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\mSRzlwn.exe
  C:\Windows\System\mSRzlwn.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\jGCnOfg.exe
  C:\Windows\System\jGCnOfg.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\MSqsiHT.exe
  C:\Windows\System\MSqsiHT.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\ZQYRjdR.exe
  C:\Windows\System\ZQYRjdR.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\qDsAbom.exe
  C:\Windows\System\qDsAbom.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\RDQxKRr.exe
  C:\Windows\System\RDQxKRr.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\qqUDmXe.exe
  C:\Windows\System\qqUDmXe.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\moyDSCY.exe
  C:\Windows\System\moyDSCY.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\LWpQkOs.exe
  C:\Windows\System\LWpQkOs.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\pxOupgt.exe
  C:\Windows\System\pxOupgt.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\qBZpDXs.exe
  C:\Windows\System\qBZpDXs.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\CBQqdUQ.exe
  C:\Windows\System\CBQqdUQ.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\YUIQtGj.exe
  C:\Windows\System\YUIQtGj.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\qMHLsqk.exe
  C:\Windows\System\qMHLsqk.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\IQfFueP.exe
  C:\Windows\System\IQfFueP.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\KtnMQFV.exe
  C:\Windows\System\KtnMQFV.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\GMgebGs.exe
  C:\Windows\System\GMgebGs.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\bkwJWgF.exe
  C:\Windows\System\bkwJWgF.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\hgazXtw.exe
  C:\Windows\System\hgazXtw.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\pOXdKNe.exe
  C:\Windows\System\pOXdKNe.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\GOXPQfR.exe
  C:\Windows\System\GOXPQfR.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\JmBosuh.exe
  C:\Windows\System\JmBosuh.exe
  2⤵
  PID:2956
- C:\Windows\System\KEywCbt.exe
  C:\Windows\System\KEywCbt.exe
  2⤵
  PID:2828
- C:\Windows\System\qVXSouj.exe
  C:\Windows\System\qVXSouj.exe
  2⤵
  PID:2612
- C:\Windows\System\kLlLPEX.exe
  C:\Windows\System\kLlLPEX.exe
  2⤵
  PID:3040
- C:\Windows\System\ApaaIhG.exe
  C:\Windows\System\ApaaIhG.exe
  2⤵
  PID:3056
- C:\Windows\System\oytyzoq.exe
  C:\Windows\System\oytyzoq.exe
  2⤵
  PID:1648
- C:\Windows\System\LjfgdxG.exe
  C:\Windows\System\LjfgdxG.exe
  2⤵
  PID:2872
- C:\Windows\System\rupkDnz.exe
  C:\Windows\System\rupkDnz.exe
  2⤵
  PID:928
- C:\Windows\System\LUOOPBu.exe
  C:\Windows\System\LUOOPBu.exe
  2⤵
  PID:964
- C:\Windows\System\oljpzwl.exe
  C:\Windows\System\oljpzwl.exe
  2⤵
  PID:1464
- C:\Windows\System\JKYtsVk.exe
  C:\Windows\System\JKYtsVk.exe
  2⤵
  PID:628
- C:\Windows\System\QFYihsR.exe
  C:\Windows\System\QFYihsR.exe
  2⤵
  PID:2432
- C:\Windows\System\FhwGOQk.exe
  C:\Windows\System\FhwGOQk.exe
  2⤵
  PID:1640
- C:\Windows\System\XDxISqe.exe
  C:\Windows\System\XDxISqe.exe
  2⤵
  PID:1372
- C:\Windows\System\fUcojfn.exe
  C:\Windows\System\fUcojfn.exe
  2⤵
  PID:1736
- C:\Windows\System\zjrnyMJ.exe
  C:\Windows\System\zjrnyMJ.exe
  2⤵
  PID:1720
- C:\Windows\System\ckSKXvV.exe
  C:\Windows\System\ckSKXvV.exe
  2⤵
  PID:1884
- C:\Windows\System\LijXWYt.exe
  C:\Windows\System\LijXWYt.exe
  2⤵
  PID:548
- C:\Windows\System\bejDzmM.exe
  C:\Windows\System\bejDzmM.exe
  2⤵
  PID:1992
- C:\Windows\System\FyhBayf.exe
  C:\Windows\System\FyhBayf.exe
  2⤵
  PID:1064
- C:\Windows\System\IDHHeNE.exe
  C:\Windows\System\IDHHeNE.exe
  2⤵
  PID:1596
- C:\Windows\System\QejnaOK.exe
  C:\Windows\System\QejnaOK.exe
  2⤵
  PID:1284
- C:\Windows\System\dxCwfUB.exe
  C:\Windows\System\dxCwfUB.exe
  2⤵
  PID:1628
- C:\Windows\System\hPtsyrh.exe
  C:\Windows\System\hPtsyrh.exe
  2⤵
  PID:644
- C:\Windows\System\JGphzde.exe
  C:\Windows\System\JGphzde.exe
  2⤵
  PID:720
- C:\Windows\System\rKfQtno.exe
  C:\Windows\System\rKfQtno.exe
  2⤵
  PID:2172
- C:\Windows\System\aVqikgU.exe
  C:\Windows\System\aVqikgU.exe
  2⤵
  PID:2032
- C:\Windows\System\EuCgEEA.exe
  C:\Windows\System\EuCgEEA.exe
  2⤵
  PID:2712
- C:\Windows\System\vmiwRTQ.exe
  C:\Windows\System\vmiwRTQ.exe
  2⤵
  PID:2672
- C:\Windows\System\cGTvySE.exe
  C:\Windows\System\cGTvySE.exe
  2⤵
  PID:2280
- C:\Windows\System\dpMRcjo.exe
  C:\Windows\System\dpMRcjo.exe
  2⤵
  PID:1392
- C:\Windows\System\siOcfam.exe
  C:\Windows\System\siOcfam.exe
  2⤵
  PID:1960
- C:\Windows\System\xSMorQz.exe
  C:\Windows\System\xSMorQz.exe
  2⤵
  PID:560
- C:\Windows\System\GADVqQj.exe
  C:\Windows\System\GADVqQj.exe
  2⤵
  PID:2252
- C:\Windows\System\SyUOxYC.exe
  C:\Windows\System\SyUOxYC.exe
  2⤵
  PID:1776
- C:\Windows\System\XalSGLx.exe
  C:\Windows\System\XalSGLx.exe
  2⤵
  PID:2140
- C:\Windows\System\IwIJYMx.exe
  C:\Windows\System\IwIJYMx.exe
  2⤵
  PID:2984
- C:\Windows\System\oyRAlLM.exe
  C:\Windows\System\oyRAlLM.exe
  2⤵
  PID:2456
- C:\Windows\System\NDWehcW.exe
  C:\Windows\System\NDWehcW.exe
  2⤵
  PID:2304
- C:\Windows\System\lPhDCRT.exe
  C:\Windows\System\lPhDCRT.exe
  2⤵
  PID:1712
- C:\Windows\System\tVhoPpQ.exe
  C:\Windows\System\tVhoPpQ.exe
  2⤵
  PID:2344
- C:\Windows\System\BXCZItA.exe
  C:\Windows\System\BXCZItA.exe
  2⤵
  PID:856
- C:\Windows\System\MMMWkXU.exe
  C:\Windows\System\MMMWkXU.exe
  2⤵
  PID:2784
- C:\Windows\System\khIuYIf.exe
  C:\Windows\System\khIuYIf.exe
  2⤵
  PID:3084
- C:\Windows\System\fzIThLr.exe
  C:\Windows\System\fzIThLr.exe
  2⤵
  PID:3100
- C:\Windows\System\EXkmghv.exe
  C:\Windows\System\EXkmghv.exe
  2⤵
  PID:3116
- C:\Windows\System\uPslReY.exe
  C:\Windows\System\uPslReY.exe
  2⤵
  PID:3132
- C:\Windows\System\hCUNGjL.exe
  C:\Windows\System\hCUNGjL.exe
  2⤵
  PID:3152
- C:\Windows\System\nYlFaCJ.exe
  C:\Windows\System\nYlFaCJ.exe
  2⤵
  PID:3168
- C:\Windows\System\HLiqjqZ.exe
  C:\Windows\System\HLiqjqZ.exe
  2⤵
  PID:3184
- C:\Windows\System\cxCaZyR.exe
  C:\Windows\System\cxCaZyR.exe
  2⤵
  PID:3200
- C:\Windows\System\EGtJrbQ.exe
  C:\Windows\System\EGtJrbQ.exe
  2⤵
  PID:3216
- C:\Windows\System\vdGyUPQ.exe
  C:\Windows\System\vdGyUPQ.exe
  2⤵
  PID:3232
- C:\Windows\System\fnyKvnP.exe
  C:\Windows\System\fnyKvnP.exe
  2⤵
  PID:3248
- C:\Windows\System\ysEMHij.exe
  C:\Windows\System\ysEMHij.exe
  2⤵
  PID:3264
- C:\Windows\System\KlzOlSX.exe
  C:\Windows\System\KlzOlSX.exe
  2⤵
  PID:3280
- C:\Windows\System\EJKIyOg.exe
  C:\Windows\System\EJKIyOg.exe
  2⤵
  PID:3296
- C:\Windows\System\LRbQGlj.exe
  C:\Windows\System\LRbQGlj.exe
  2⤵
  PID:3312
- C:\Windows\System\vsayIUz.exe
  C:\Windows\System\vsayIUz.exe
  2⤵
  PID:3328
- C:\Windows\System\sPAsZma.exe
  C:\Windows\System\sPAsZma.exe
  2⤵
  PID:3344
- C:\Windows\System\hEYreLo.exe
  C:\Windows\System\hEYreLo.exe
  2⤵
  PID:3360
- C:\Windows\System\RVtAUIr.exe
  C:\Windows\System\RVtAUIr.exe
  2⤵
  PID:3376
- C:\Windows\System\ecGXOuX.exe
  C:\Windows\System\ecGXOuX.exe
  2⤵
  PID:3392
- C:\Windows\System\xYEBbES.exe
  C:\Windows\System\xYEBbES.exe
  2⤵
  PID:3408
- C:\Windows\System\rYjtIUX.exe
  C:\Windows\System\rYjtIUX.exe
  2⤵
  PID:3424
- C:\Windows\System\HrYQZMF.exe
  C:\Windows\System\HrYQZMF.exe
  2⤵
  PID:3440
- C:\Windows\System\CxtYQOc.exe
  C:\Windows\System\CxtYQOc.exe
  2⤵
  PID:3456
- C:\Windows\System\UuQXPkQ.exe
  C:\Windows\System\UuQXPkQ.exe
  2⤵
  PID:3472
- C:\Windows\System\kqRdrxL.exe
  C:\Windows\System\kqRdrxL.exe
  2⤵
  PID:3488
- C:\Windows\System\eIggDZI.exe
  C:\Windows\System\eIggDZI.exe
  2⤵
  PID:3504
- C:\Windows\System\xsuzsZS.exe
  C:\Windows\System\xsuzsZS.exe
  2⤵
  PID:3520
- C:\Windows\System\WZdTGdZ.exe
  C:\Windows\System\WZdTGdZ.exe
  2⤵
  PID:3536
- C:\Windows\System\XqcAZMz.exe
  C:\Windows\System\XqcAZMz.exe
  2⤵
  PID:3552
- C:\Windows\System\oEDFOKQ.exe
  C:\Windows\System\oEDFOKQ.exe
  2⤵
  PID:3568
- C:\Windows\System\brAIfbi.exe
  C:\Windows\System\brAIfbi.exe
  2⤵
  PID:3584
- C:\Windows\System\tpWxLWl.exe
  C:\Windows\System\tpWxLWl.exe
  2⤵
  PID:3600
- C:\Windows\System\vzMmEdJ.exe
  C:\Windows\System\vzMmEdJ.exe
  2⤵
  PID:3616
- C:\Windows\System\xhDmIjK.exe
  C:\Windows\System\xhDmIjK.exe
  2⤵
  PID:3632
- C:\Windows\System\NHkGbWg.exe
  C:\Windows\System\NHkGbWg.exe
  2⤵
  PID:3648
- C:\Windows\System\NVLdmZS.exe
  C:\Windows\System\NVLdmZS.exe
  2⤵
  PID:3664
- C:\Windows\System\WBvkYtB.exe
  C:\Windows\System\WBvkYtB.exe
  2⤵
  PID:3680
- C:\Windows\System\mxbGRNy.exe
  C:\Windows\System\mxbGRNy.exe
  2⤵
  PID:3696
- C:\Windows\System\fnwJcMz.exe
  C:\Windows\System\fnwJcMz.exe
  2⤵
  PID:3712
- C:\Windows\System\ymBdKQA.exe
  C:\Windows\System\ymBdKQA.exe
  2⤵
  PID:3728
- C:\Windows\System\BOffFQJ.exe
  C:\Windows\System\BOffFQJ.exe
  2⤵
  PID:3744
- C:\Windows\System\tsZvPQK.exe
  C:\Windows\System\tsZvPQK.exe
  2⤵
  PID:3760
- C:\Windows\System\PmBmhwg.exe
  C:\Windows\System\PmBmhwg.exe
  2⤵
  PID:3776
- C:\Windows\System\dhCeIsI.exe
  C:\Windows\System\dhCeIsI.exe
  2⤵
  PID:3792
- C:\Windows\System\pEvGdQa.exe
  C:\Windows\System\pEvGdQa.exe
  2⤵
  PID:3808
- C:\Windows\System\dGbIwdU.exe
  C:\Windows\System\dGbIwdU.exe
  2⤵
  PID:3824
- C:\Windows\System\yDYVAnr.exe
  C:\Windows\System\yDYVAnr.exe
  2⤵
  PID:3840
- C:\Windows\System\gKJacnm.exe
  C:\Windows\System\gKJacnm.exe
  2⤵
  PID:3856
- C:\Windows\System\qjgCnwp.exe
  C:\Windows\System\qjgCnwp.exe
  2⤵
  PID:3872
- C:\Windows\System\LgEZWvv.exe
  C:\Windows\System\LgEZWvv.exe
  2⤵
  PID:3892
- C:\Windows\System\JuzOhtP.exe
  C:\Windows\System\JuzOhtP.exe
  2⤵
  PID:3912
- C:\Windows\System\bfyAdLX.exe
  C:\Windows\System\bfyAdLX.exe
  2⤵
  PID:3928
- C:\Windows\System\YoXahHP.exe
  C:\Windows\System\YoXahHP.exe
  2⤵
  PID:3944
- C:\Windows\System\kYexbjv.exe
  C:\Windows\System\kYexbjv.exe
  2⤵
  PID:3960
- C:\Windows\System\mGvriuF.exe
  C:\Windows\System\mGvriuF.exe
  2⤵
  PID:3976
- C:\Windows\System\CsVwkIc.exe
  C:\Windows\System\CsVwkIc.exe
  2⤵
  PID:3992
- C:\Windows\System\gUWVkEz.exe
  C:\Windows\System\gUWVkEz.exe
  2⤵
  PID:4008
- C:\Windows\System\KldsyyA.exe
  C:\Windows\System\KldsyyA.exe
  2⤵
  PID:4024
- C:\Windows\System\FFjRPDC.exe
  C:\Windows\System\FFjRPDC.exe
  2⤵
  PID:4040
- C:\Windows\System\NDKWCFw.exe
  C:\Windows\System\NDKWCFw.exe
  2⤵
  PID:4056
- C:\Windows\System\XahGlCw.exe
  C:\Windows\System\XahGlCw.exe
  2⤵
  PID:4072
- C:\Windows\System\kZGznKk.exe
  C:\Windows\System\kZGznKk.exe
  2⤵
  PID:4088
- C:\Windows\System\RYbWrRC.exe
  C:\Windows\System\RYbWrRC.exe
  2⤵
  PID:1584
- C:\Windows\System\uPhNViq.exe
  C:\Windows\System\uPhNViq.exe
  2⤵
  PID:1044
- C:\Windows\System\aBBKBhL.exe
  C:\Windows\System\aBBKBhL.exe
  2⤵
  PID:2112
- C:\Windows\System\VmoIZdn.exe
  C:\Windows\System\VmoIZdn.exe
  2⤵
  PID:2376
- C:\Windows\System\XqUTCWq.exe
  C:\Windows\System\XqUTCWq.exe
  2⤵
  PID:2644
- C:\Windows\System\PMXdWYG.exe
  C:\Windows\System\PMXdWYG.exe
  2⤵
  PID:2128
- C:\Windows\System\FNmOJgn.exe
  C:\Windows\System\FNmOJgn.exe
  2⤵
  PID:1812
- C:\Windows\System\vPXgshM.exe
  C:\Windows\System\vPXgshM.exe
  2⤵
  PID:2216
- C:\Windows\System\EeBgZme.exe
  C:\Windows\System\EeBgZme.exe
  2⤵
  PID:2480
- C:\Windows\System\wKGbMiT.exe
  C:\Windows\System\wKGbMiT.exe
  2⤵
  PID:468
- C:\Windows\System\ovBXGhR.exe
  C:\Windows\System\ovBXGhR.exe
  2⤵
  PID:3076
- C:\Windows\System\IMZrmZV.exe
  C:\Windows\System\IMZrmZV.exe
  2⤵
  PID:3112
- C:\Windows\System\KqJbtJK.exe
  C:\Windows\System\KqJbtJK.exe
  2⤵
  PID:3096
- C:\Windows\System\HQGvmVY.exe
  C:\Windows\System\HQGvmVY.exe
  2⤵
  PID:3128
- C:\Windows\System\KdmFeIb.exe
  C:\Windows\System\KdmFeIb.exe
  2⤵
  PID:3192
- C:\Windows\System\bYaxBnX.exe
  C:\Windows\System\bYaxBnX.exe
  2⤵
  PID:3244
- C:\Windows\System\ClwaMDj.exe
  C:\Windows\System\ClwaMDj.exe
  2⤵
  PID:3228
- C:\Windows\System\PNtrxYg.exe
  C:\Windows\System\PNtrxYg.exe
  2⤵
  PID:3308
- C:\Windows\System\RijRdyw.exe
  C:\Windows\System\RijRdyw.exe
  2⤵
  PID:3292
- C:\Windows\System\uxFpPgG.exe
  C:\Windows\System\uxFpPgG.exe
  2⤵
  PID:3372
- C:\Windows\System\OGGnltn.exe
  C:\Windows\System\OGGnltn.exe
  2⤵
  PID:3404
- C:\Windows\System\HEcnGUv.exe
  C:\Windows\System\HEcnGUv.exe
  2⤵
  PID:3464
- C:\Windows\System\KWOVasc.exe
  C:\Windows\System\KWOVasc.exe
  2⤵
  PID:3468
- C:\Windows\System\WQxvEVv.exe
  C:\Windows\System\WQxvEVv.exe
  2⤵
  PID:3500
- C:\Windows\System\bmigntx.exe
  C:\Windows\System\bmigntx.exe
  2⤵
  PID:3512
- C:\Windows\System\TAgnpXc.exe
  C:\Windows\System\TAgnpXc.exe
  2⤵
  PID:3564
- C:\Windows\System\XgiSPhR.exe
  C:\Windows\System\XgiSPhR.exe
  2⤵
  PID:3624
- C:\Windows\System\ZvQFxNK.exe
  C:\Windows\System\ZvQFxNK.exe
  2⤵
  PID:3656
- C:\Windows\System\DkpvuvR.exe
  C:\Windows\System\DkpvuvR.exe
  2⤵
  PID:3692
- C:\Windows\System\yRLEYCd.exe
  C:\Windows\System\yRLEYCd.exe
  2⤵
  PID:3752
- C:\Windows\System\vwqiOIb.exe
  C:\Windows\System\vwqiOIb.exe
  2⤵
  PID:3784
- C:\Windows\System\tevcsLw.exe
  C:\Windows\System\tevcsLw.exe
  2⤵
  PID:3848
- C:\Windows\System\WqvqyFB.exe
  C:\Windows\System\WqvqyFB.exe
  2⤵
  PID:3676
- C:\Windows\System\BpdJTuI.exe
  C:\Windows\System\BpdJTuI.exe
  2⤵
  PID:3920
- C:\Windows\System\WKLkqpA.exe
  C:\Windows\System\WKLkqpA.exe
  2⤵
  PID:3768
- C:\Windows\System\IzlVDSV.exe
  C:\Windows\System\IzlVDSV.exe
  2⤵
  PID:3984
- C:\Windows\System\WpFmxif.exe
  C:\Windows\System\WpFmxif.exe
  2⤵
  PID:3988
- C:\Windows\System\Oaerinx.exe
  C:\Windows\System\Oaerinx.exe
  2⤵
  PID:3868
- C:\Windows\System\kNWDoYM.exe
  C:\Windows\System\kNWDoYM.exe
  2⤵
  PID:4020
- C:\Windows\System\ShqPYlM.exe
  C:\Windows\System\ShqPYlM.exe
  2⤵
  PID:3968
- C:\Windows\System\sWJmaNT.exe
  C:\Windows\System\sWJmaNT.exe
  2⤵
  PID:4064
- C:\Windows\System\HBDVIoM.exe
  C:\Windows\System\HBDVIoM.exe
  2⤵
  PID:4032
- C:\Windows\System\YvdyErW.exe
  C:\Windows\System\YvdyErW.exe
  2⤵
  PID:4068
- C:\Windows\System\rFoLLCa.exe
  C:\Windows\System\rFoLLCa.exe
  2⤵
  PID:1708
- C:\Windows\System\xSphdye.exe
  C:\Windows\System\xSphdye.exe
  2⤵
  PID:1260
- C:\Windows\System\bxLibGL.exe
  C:\Windows\System\bxLibGL.exe
  2⤵
  PID:2868
- C:\Windows\System\pGuAslI.exe
  C:\Windows\System\pGuAslI.exe
  2⤵
  PID:1660
- C:\Windows\System\ZIlqIjJ.exe
  C:\Windows\System\ZIlqIjJ.exe
  2⤵
  PID:320
- C:\Windows\System\ImOSIqX.exe
  C:\Windows\System\ImOSIqX.exe
  2⤵
  PID:3176
- C:\Windows\System\lqkdfkE.exe
  C:\Windows\System\lqkdfkE.exe
  2⤵
  PID:1020
- C:\Windows\System\zuwThco.exe
  C:\Windows\System\zuwThco.exe
  2⤵
  PID:3256
- C:\Windows\System\GSXOwSx.exe
  C:\Windows\System\GSXOwSx.exe
  2⤵
  PID:3432
- C:\Windows\System\twPkNAI.exe
  C:\Windows\System\twPkNAI.exe
  2⤵
  PID:3516
- C:\Windows\System\oSGTgoJ.exe
  C:\Windows\System\oSGTgoJ.exe
  2⤵
  PID:3724
- C:\Windows\System\TqLFMva.exe
  C:\Windows\System\TqLFMva.exe
  2⤵
  PID:3224
- C:\Windows\System\oyNXQlD.exe
  C:\Windows\System\oyNXQlD.exe
  2⤵
  PID:3880
- C:\Windows\System\JYZnALV.exe
  C:\Windows\System\JYZnALV.exe
  2⤵
  PID:3836
- C:\Windows\System\OOmrLfO.exe
  C:\Windows\System\OOmrLfO.exe
  2⤵
  PID:3420
- C:\Windows\System\ixDEIbW.exe
  C:\Windows\System\ixDEIbW.exe
  2⤵
  PID:4000
- C:\Windows\System\tDNQNSA.exe
  C:\Windows\System\tDNQNSA.exe
  2⤵
  PID:3484
- C:\Windows\System\hQxxscE.exe
  C:\Windows\System\hQxxscE.exe
  2⤵
  PID:2332
- C:\Windows\System\yYfLjYa.exe
  C:\Windows\System\yYfLjYa.exe
  2⤵
  PID:3196
- C:\Windows\System\xdGllhn.exe
  C:\Windows\System\xdGllhn.exe
  2⤵
  PID:3640
- C:\Windows\System\URJvyPQ.exe
  C:\Windows\System\URJvyPQ.exe
  2⤵
  PID:4104
- C:\Windows\System\cyKSiXO.exe
  C:\Windows\System\cyKSiXO.exe
  2⤵
  PID:4120
- C:\Windows\System\pNblthB.exe
  C:\Windows\System\pNblthB.exe
  2⤵
  PID:4136
- C:\Windows\System\fhljBYs.exe
  C:\Windows\System\fhljBYs.exe
  2⤵
  PID:4152
- C:\Windows\System\eWBPHuu.exe
  C:\Windows\System\eWBPHuu.exe
  2⤵
  PID:4168
- C:\Windows\System\BYeoqrf.exe
  C:\Windows\System\BYeoqrf.exe
  2⤵
  PID:4184
- C:\Windows\System\irWjqqV.exe
  C:\Windows\System\irWjqqV.exe
  2⤵
  PID:4200
- C:\Windows\System\XCKPeMz.exe
  C:\Windows\System\XCKPeMz.exe
  2⤵
  PID:4216
- C:\Windows\System\QEjhpHp.exe
  C:\Windows\System\QEjhpHp.exe
  2⤵
  PID:4232
- C:\Windows\System\WWbAMVQ.exe
  C:\Windows\System\WWbAMVQ.exe
  2⤵
  PID:4248
- C:\Windows\System\VBQufCd.exe
  C:\Windows\System\VBQufCd.exe
  2⤵
  PID:4264
- C:\Windows\System\GOTApAv.exe
  C:\Windows\System\GOTApAv.exe
  2⤵
  PID:4280
- C:\Windows\System\FOUWCYW.exe
  C:\Windows\System\FOUWCYW.exe
  2⤵
  PID:4296
- C:\Windows\System\uUciESL.exe
  C:\Windows\System\uUciESL.exe
  2⤵
  PID:4312
- C:\Windows\System\KMYmrRy.exe
  C:\Windows\System\KMYmrRy.exe
  2⤵
  PID:4328
- C:\Windows\System\xMwTNbl.exe
  C:\Windows\System\xMwTNbl.exe
  2⤵
  PID:4348
- C:\Windows\System\mlMFdZp.exe
  C:\Windows\System\mlMFdZp.exe
  2⤵
  PID:4364
- C:\Windows\System\wHddkxA.exe
  C:\Windows\System\wHddkxA.exe
  2⤵
  PID:4380
- C:\Windows\System\lmjWnHZ.exe
  C:\Windows\System\lmjWnHZ.exe
  2⤵
  PID:4396
- C:\Windows\System\gSVFRsG.exe
  C:\Windows\System\gSVFRsG.exe
  2⤵
  PID:4412
- C:\Windows\System\uECXkqn.exe
  C:\Windows\System\uECXkqn.exe
  2⤵
  PID:4428
- C:\Windows\System\SPPuZSi.exe
  C:\Windows\System\SPPuZSi.exe
  2⤵
  PID:4460
- C:\Windows\System\XBvTlFa.exe
  C:\Windows\System\XBvTlFa.exe
  2⤵
  PID:4476
- C:\Windows\System\tryPSNg.exe
  C:\Windows\System\tryPSNg.exe
  2⤵
  PID:4492
- C:\Windows\System\feVsrpO.exe
  C:\Windows\System\feVsrpO.exe
  2⤵
  PID:4508
- C:\Windows\System\fduLzUA.exe
  C:\Windows\System\fduLzUA.exe
  2⤵
  PID:4524
- C:\Windows\System\bymIavQ.exe
  C:\Windows\System\bymIavQ.exe
  2⤵
  PID:4540
- C:\Windows\System\QIDnHAR.exe
  C:\Windows\System\QIDnHAR.exe
  2⤵
  PID:4556
- C:\Windows\System\ndpQFeO.exe
  C:\Windows\System\ndpQFeO.exe
  2⤵
  PID:4572
- C:\Windows\System\lgCPuCw.exe
  C:\Windows\System\lgCPuCw.exe
  2⤵
  PID:4588
- C:\Windows\System\VjpRXDF.exe
  C:\Windows\System\VjpRXDF.exe
  2⤵
  PID:4604
- C:\Windows\System\fKKZFmm.exe
  C:\Windows\System\fKKZFmm.exe
  2⤵
  PID:4620
- C:\Windows\System\pFdZPgp.exe
  C:\Windows\System\pFdZPgp.exe
  2⤵
  PID:4636
- C:\Windows\System\APVedbt.exe
  C:\Windows\System\APVedbt.exe
  2⤵
  PID:4652
- C:\Windows\System\aRVRCgd.exe
  C:\Windows\System\aRVRCgd.exe
  2⤵
  PID:4668
- C:\Windows\System\YTVxMln.exe
  C:\Windows\System\YTVxMln.exe
  2⤵
  PID:4684
- C:\Windows\System\ysAQhyA.exe
  C:\Windows\System\ysAQhyA.exe
  2⤵
  PID:4700
- C:\Windows\System\fsLKRIC.exe
  C:\Windows\System\fsLKRIC.exe
  2⤵
  PID:4716
- C:\Windows\System\oYrySkx.exe
  C:\Windows\System\oYrySkx.exe
  2⤵
  PID:4732
- C:\Windows\System\CianGFu.exe
  C:\Windows\System\CianGFu.exe
  2⤵
  PID:4748
- C:\Windows\System\BLznXyc.exe
  C:\Windows\System\BLznXyc.exe
  2⤵
  PID:4764
- C:\Windows\System\LyUqIaM.exe
  C:\Windows\System\LyUqIaM.exe
  2⤵
  PID:4780
- C:\Windows\System\sISGYdo.exe
  C:\Windows\System\sISGYdo.exe
  2⤵
  PID:4796
- C:\Windows\System\FdjMnJh.exe
  C:\Windows\System\FdjMnJh.exe
  2⤵
  PID:4812
- C:\Windows\System\UOVvgrs.exe
  C:\Windows\System\UOVvgrs.exe
  2⤵
  PID:4828
- C:\Windows\System\DuaUMuP.exe
  C:\Windows\System\DuaUMuP.exe
  2⤵
  PID:4844
- C:\Windows\System\LaeViCo.exe
  C:\Windows\System\LaeViCo.exe
  2⤵
  PID:4860
- C:\Windows\System\RnaSBvC.exe
  C:\Windows\System\RnaSBvC.exe
  2⤵
  PID:4876
- C:\Windows\System\ffSUodb.exe
  C:\Windows\System\ffSUodb.exe
  2⤵
  PID:4892
- C:\Windows\System\ZgjbYsR.exe
  C:\Windows\System\ZgjbYsR.exe
  2⤵
  PID:4912
- C:\Windows\System\JmBRUiI.exe
  C:\Windows\System\JmBRUiI.exe
  2⤵
  PID:4928
- C:\Windows\System\rKEzDtA.exe
  C:\Windows\System\rKEzDtA.exe
  2⤵
  PID:4944
- C:\Windows\System\cbbRgLS.exe
  C:\Windows\System\cbbRgLS.exe
  2⤵
  PID:4960
- C:\Windows\System\mtYWCRp.exe
  C:\Windows\System\mtYWCRp.exe
  2⤵
  PID:4976
- C:\Windows\System\DGQkQEI.exe
  C:\Windows\System\DGQkQEI.exe
  2⤵
  PID:4992
- C:\Windows\System\CfcdxZE.exe
  C:\Windows\System\CfcdxZE.exe
  2⤵
  PID:5008
- C:\Windows\System\Sxmspjh.exe
  C:\Windows\System\Sxmspjh.exe
  2⤵
  PID:5024
- C:\Windows\System\iYnRCoq.exe
  C:\Windows\System\iYnRCoq.exe
  2⤵
  PID:5040
- C:\Windows\System\yoEaFAv.exe
  C:\Windows\System\yoEaFAv.exe
  2⤵
  PID:5056
- C:\Windows\System\RszOkGW.exe
  C:\Windows\System\RszOkGW.exe
  2⤵
  PID:5072
- C:\Windows\System\TVfJCka.exe
  C:\Windows\System\TVfJCka.exe
  2⤵
  PID:5088
- C:\Windows\System\mFYxziC.exe
  C:\Windows\System\mFYxziC.exe
  2⤵
  PID:5104
- C:\Windows\System\mqeyoPd.exe
  C:\Windows\System\mqeyoPd.exe
  2⤵
  PID:3324
- C:\Windows\System\ohxkLeu.exe
  C:\Windows\System\ohxkLeu.exe
  2⤵
  PID:3820
- C:\Windows\System\TTTSZQa.exe
  C:\Windows\System\TTTSZQa.exe
  2⤵
  PID:3480
- C:\Windows\System\BSvHVIj.exe
  C:\Windows\System\BSvHVIj.exe
  2⤵
  PID:4100
- C:\Windows\System\IWyCCVy.exe
  C:\Windows\System\IWyCCVy.exe
  2⤵
  PID:4160
- C:\Windows\System\erVkdSC.exe
  C:\Windows\System\erVkdSC.exe
  2⤵
  PID:3644
- C:\Windows\System\CRDXYSE.exe
  C:\Windows\System\CRDXYSE.exe
  2⤵
  PID:3772
- C:\Windows\System\yukHTes.exe
  C:\Windows\System\yukHTes.exe
  2⤵
  PID:2320
- C:\Windows\System\UsTgGnt.exe
  C:\Windows\System\UsTgGnt.exe
  2⤵
  PID:4116
- C:\Windows\System\FaSxBqT.exe
  C:\Windows\System\FaSxBqT.exe
  2⤵
  PID:4424
- C:\Windows\System\YfCliBn.exe
  C:\Windows\System\YfCliBn.exe
  2⤵
  PID:4404
- C:\Windows\System\bLkjIcs.exe
  C:\Windows\System\bLkjIcs.exe
  2⤵
  PID:4180
- C:\Windows\System\aIMGUZC.exe
  C:\Windows\System\aIMGUZC.exe
  2⤵
  PID:4304
- C:\Windows\System\WQQHkZq.exe
  C:\Windows\System\WQQHkZq.exe
  2⤵
  PID:4240
- C:\Windows\System\zfVMRFu.exe
  C:\Windows\System\zfVMRFu.exe
  2⤵
  PID:4472
- C:\Windows\System\zKvltdg.exe
  C:\Windows\System\zKvltdg.exe
  2⤵
  PID:4488
- C:\Windows\System\HnNJQbu.exe
  C:\Windows\System\HnNJQbu.exe
  2⤵
  PID:4520
- C:\Windows\System\joWOdsG.exe
  C:\Windows\System\joWOdsG.exe
  2⤵
  PID:4552
- C:\Windows\System\EzpbVXo.exe
  C:\Windows\System\EzpbVXo.exe
  2⤵
  PID:4600
- C:\Windows\System\rXCPILK.exe
  C:\Windows\System\rXCPILK.exe
  2⤵
  PID:4616
- C:\Windows\System\cYeezAx.exe
  C:\Windows\System\cYeezAx.exe
  2⤵
  PID:4660
- C:\Windows\System\EnecOig.exe
  C:\Windows\System\EnecOig.exe
  2⤵
  PID:4696
- C:\Windows\System\bjYmUyg.exe
  C:\Windows\System\bjYmUyg.exe
  2⤵
  PID:4728
- C:\Windows\System\zopnQsN.exe
  C:\Windows\System\zopnQsN.exe
  2⤵
  PID:4772
- C:\Windows\System\dsBaMZh.exe
  C:\Windows\System\dsBaMZh.exe
  2⤵
  PID:4792
- C:\Windows\System\tYghNAE.exe
  C:\Windows\System\tYghNAE.exe
  2⤵
  PID:4824
- C:\Windows\System\iGUtuFX.exe
  C:\Windows\System\iGUtuFX.exe
  2⤵
  PID:4344
- C:\Windows\System\tVlJfPs.exe
  C:\Windows\System\tVlJfPs.exe
  2⤵
  PID:4872
- C:\Windows\System\rkkGIUz.exe
  C:\Windows\System\rkkGIUz.exe
  2⤵
  PID:5096
- C:\Windows\System\LZrxrSp.exe
  C:\Windows\System\LZrxrSp.exe
  2⤵
  PID:3340
- C:\Windows\System\qDjrssO.exe
  C:\Windows\System\qDjrssO.exe
  2⤵
  PID:4196
- C:\Windows\System\nzwAovl.exe
  C:\Windows\System\nzwAovl.exe
  2⤵
  PID:2808
- C:\Windows\System\huqDCgr.exe
  C:\Windows\System\huqDCgr.exe
  2⤵
  PID:4052
- C:\Windows\System\QHXtuNc.exe
  C:\Windows\System\QHXtuNc.exe
  2⤵
  PID:4224
- C:\Windows\System\iBrKucj.exe
  C:\Windows\System\iBrKucj.exe
  2⤵
  PID:1756
- C:\Windows\System\MSyZgca.exe
  C:\Windows\System\MSyZgca.exe
  2⤵
  PID:1544
- C:\Windows\System\mULGuIO.exe
  C:\Windows\System\mULGuIO.exe
  2⤵
  PID:3108
- C:\Windows\System\sdeMqZQ.exe
  C:\Windows\System\sdeMqZQ.exe
  2⤵
  PID:3816
- C:\Windows\System\BthUREN.exe
  C:\Windows\System\BthUREN.exe
  2⤵
  PID:4356
- C:\Windows\System\htqbffI.exe
  C:\Windows\System\htqbffI.exe
  2⤵
  PID:2540
- C:\Windows\System\dPQtXhu.exe
  C:\Windows\System\dPQtXhu.exe
  2⤵
  PID:3940
- C:\Windows\System\EimTKbv.exe
  C:\Windows\System\EimTKbv.exe
  2⤵
  PID:3688
- C:\Windows\System\VDoeydw.exe
  C:\Windows\System\VDoeydw.exe
  2⤵
  PID:4392
- C:\Windows\System\FMXYGHi.exe
  C:\Windows\System\FMXYGHi.exe
  2⤵
  PID:2764
- C:\Windows\System\FzqkqIi.exe
  C:\Windows\System\FzqkqIi.exe
  2⤵
  PID:4144
- C:\Windows\System\VlPxymI.exe
  C:\Windows\System\VlPxymI.exe
  2⤵
  PID:4516
- C:\Windows\System\mzSVsNu.exe
  C:\Windows\System\mzSVsNu.exe
  2⤵
  PID:4612
- C:\Windows\System\dBQUQvD.exe
  C:\Windows\System\dBQUQvD.exe
  2⤵
  PID:4436
- C:\Windows\System\ZpJitHy.exe
  C:\Windows\System\ZpJitHy.exe
  2⤵
  PID:4504
- C:\Windows\System\KFjJlrf.exe
  C:\Windows\System\KFjJlrf.exe
  2⤵
  PID:4852
- C:\Windows\System\DAXgQGj.exe
  C:\Windows\System\DAXgQGj.exe
  2⤵
  PID:4244
- C:\Windows\System\nefVcWL.exe
  C:\Windows\System\nefVcWL.exe
  2⤵
  PID:4920
- C:\Windows\System\qxbFPas.exe
  C:\Windows\System\qxbFPas.exe
  2⤵
  PID:4956
- C:\Windows\System\cEXJFIZ.exe
  C:\Windows\System\cEXJFIZ.exe
  2⤵
  PID:4988
- C:\Windows\System\TgPUDeO.exe
  C:\Windows\System\TgPUDeO.exe
  2⤵
  PID:5052
- C:\Windows\System\idjdGIR.exe
  C:\Windows\System\idjdGIR.exe
  2⤵
  PID:5112
- C:\Windows\System\cYqsPTV.exe
  C:\Windows\System\cYqsPTV.exe
  2⤵
  PID:2288
- C:\Windows\System\hMWJdFY.exe
  C:\Windows\System\hMWJdFY.exe
  2⤵
  PID:4972
- C:\Windows\System\OWHLido.exe
  C:\Windows\System\OWHLido.exe
  2⤵
  PID:5036
- C:\Windows\System\dpTmgRN.exe
  C:\Windows\System\dpTmgRN.exe
  2⤵
  PID:2884
- C:\Windows\System\CCbWRLT.exe
  C:\Windows\System\CCbWRLT.exe
  2⤵
  PID:4584
- C:\Windows\System\YYDKkNv.exe
  C:\Windows\System\YYDKkNv.exe
  2⤵
  PID:3904
- C:\Windows\System\CrBuSfn.exe
  C:\Windows\System\CrBuSfn.exe
  2⤵
  PID:4868
- C:\Windows\System\ejZTMWb.exe
  C:\Windows\System\ejZTMWb.exe
  2⤵
  PID:2668
- C:\Windows\System\LnAYRtR.exe
  C:\Windows\System\LnAYRtR.exe
  2⤵
  PID:4320
- C:\Windows\System\uEgInYv.exe
  C:\Windows\System\uEgInYv.exe
  2⤵
  PID:3628
- C:\Windows\System\bnNAook.exe
  C:\Windows\System\bnNAook.exe
  2⤵
  PID:3452
- C:\Windows\System\cXMYRJN.exe
  C:\Windows\System\cXMYRJN.exe
  2⤵
  PID:2600
- C:\Windows\System\WbOnysy.exe
  C:\Windows\System\WbOnysy.exe
  2⤵
  PID:3956
- C:\Windows\System\TCHWGwu.exe
  C:\Windows\System\TCHWGwu.exe
  2⤵
  PID:2836
- C:\Windows\System\HAaPzuF.exe
  C:\Windows\System\HAaPzuF.exe
  2⤵
  PID:4596
- C:\Windows\System\gMkiaOU.exe
  C:\Windows\System\gMkiaOU.exe
  2⤵
  PID:4272
- C:\Windows\System\EOcEvjL.exe
  C:\Windows\System\EOcEvjL.exe
  2⤵
  PID:5020
- C:\Windows\System\AtjQeFR.exe
  C:\Windows\System\AtjQeFR.exe
  2⤵
  PID:5004
- C:\Windows\System\JfxrnKy.exe
  C:\Windows\System\JfxrnKy.exe
  2⤵
  PID:4536
- C:\Windows\System\lahwEDB.exe
  C:\Windows\System\lahwEDB.exe
  2⤵
  PID:1528
- C:\Windows\System\TmYazMC.exe
  C:\Windows\System\TmYazMC.exe
  2⤵
  PID:5084
- C:\Windows\System\BKgNfnC.exe
  C:\Windows\System\BKgNfnC.exe
  2⤵
  PID:5068
- C:\Windows\System\BjHcKYN.exe
  C:\Windows\System\BjHcKYN.exe
  2⤵
  PID:2624
- C:\Windows\System\LLseUBc.exe
  C:\Windows\System\LLseUBc.exe
  2⤵
  PID:4292
- C:\Windows\System\vyOZZyO.exe
  C:\Windows\System\vyOZZyO.exe
  2⤵
  PID:2832
- C:\Windows\System\CvGdEHv.exe
  C:\Windows\System\CvGdEHv.exe
  2⤵
  PID:4376
- C:\Windows\System\fPZANMI.exe
  C:\Windows\System\fPZANMI.exe
  2⤵
  PID:2168
- C:\Windows\System\BBZLcFd.exe
  C:\Windows\System\BBZLcFd.exe
  2⤵
  PID:5124
- C:\Windows\System\DxDqZzR.exe
  C:\Windows\System\DxDqZzR.exe
  2⤵
  PID:5140
- C:\Windows\System\nludWIs.exe
  C:\Windows\System\nludWIs.exe
  2⤵
  PID:5156
- C:\Windows\System\IOYehzY.exe
  C:\Windows\System\IOYehzY.exe
  2⤵
  PID:5172
- C:\Windows\System\cVEQhDe.exe
  C:\Windows\System\cVEQhDe.exe
  2⤵
  PID:5188
- C:\Windows\System\yFbzsAq.exe
  C:\Windows\System\yFbzsAq.exe
  2⤵
  PID:5204
- C:\Windows\System\gJKvhRG.exe
  C:\Windows\System\gJKvhRG.exe
  2⤵
  PID:5220
- C:\Windows\System\vsavmgA.exe
  C:\Windows\System\vsavmgA.exe
  2⤵
  PID:5236
- C:\Windows\System\NLzlTGB.exe
  C:\Windows\System\NLzlTGB.exe
  2⤵
  PID:5252
- C:\Windows\System\rhwMRPV.exe
  C:\Windows\System\rhwMRPV.exe
  2⤵
  PID:5268
- C:\Windows\System\wYuPzhG.exe
  C:\Windows\System\wYuPzhG.exe
  2⤵
  PID:5284
- C:\Windows\System\souDkYZ.exe
  C:\Windows\System\souDkYZ.exe
  2⤵
  PID:5300
- C:\Windows\System\yDfpbCa.exe
  C:\Windows\System\yDfpbCa.exe
  2⤵
  PID:5316
- C:\Windows\System\QHetxAR.exe
  C:\Windows\System\QHetxAR.exe
  2⤵
  PID:5332
- C:\Windows\System\UIJyFet.exe
  C:\Windows\System\UIJyFet.exe
  2⤵
  PID:5348
- C:\Windows\System\yPQApQW.exe
  C:\Windows\System\yPQApQW.exe
  2⤵
  PID:5364
- C:\Windows\System\qGmrbcp.exe
  C:\Windows\System\qGmrbcp.exe
  2⤵
  PID:5380
- C:\Windows\System\PbKQVZu.exe
  C:\Windows\System\PbKQVZu.exe
  2⤵
  PID:5396
- C:\Windows\System\CJyGAly.exe
  C:\Windows\System\CJyGAly.exe
  2⤵
  PID:5412
- C:\Windows\System\syfofcW.exe
  C:\Windows\System\syfofcW.exe
  2⤵
  PID:5428
- C:\Windows\System\fvrIgdC.exe
  C:\Windows\System\fvrIgdC.exe
  2⤵
  PID:5444
- C:\Windows\System\EIxmbSo.exe
  C:\Windows\System\EIxmbSo.exe
  2⤵
  PID:5460
- C:\Windows\System\vNAQgLz.exe
  C:\Windows\System\vNAQgLz.exe
  2⤵
  PID:5480
- C:\Windows\System\MYwjOYu.exe
  C:\Windows\System\MYwjOYu.exe
  2⤵
  PID:5496
- C:\Windows\System\AYFxILF.exe
  C:\Windows\System\AYFxILF.exe
  2⤵
  PID:5512
- C:\Windows\System\qdnfGNE.exe
  C:\Windows\System\qdnfGNE.exe
  2⤵
  PID:5528
- C:\Windows\System\bnvshbB.exe
  C:\Windows\System\bnvshbB.exe
  2⤵
  PID:5544
- C:\Windows\System\srxmuQH.exe
  C:\Windows\System\srxmuQH.exe
  2⤵
  PID:5560
- C:\Windows\System\okbFmfS.exe
  C:\Windows\System\okbFmfS.exe
  2⤵
  PID:5576
- C:\Windows\System\BKDqYXd.exe
  C:\Windows\System\BKDqYXd.exe
  2⤵
  PID:5592
- C:\Windows\System\aluRCEX.exe
  C:\Windows\System\aluRCEX.exe
  2⤵
  PID:5608
- C:\Windows\System\SjDGEDf.exe
  C:\Windows\System\SjDGEDf.exe
  2⤵
  PID:5624
- C:\Windows\System\kDOvpQH.exe
  C:\Windows\System\kDOvpQH.exe
  2⤵
  PID:5640
- C:\Windows\System\HwOShoX.exe
  C:\Windows\System\HwOShoX.exe
  2⤵
  PID:5656
- C:\Windows\System\Uztiksj.exe
  C:\Windows\System\Uztiksj.exe
  2⤵
  PID:5840
- C:\Windows\System\iUpzXaZ.exe
  C:\Windows\System\iUpzXaZ.exe
  2⤵
  PID:5880
- C:\Windows\System\jujpMVE.exe
  C:\Windows\System\jujpMVE.exe
  2⤵
  PID:5904
- C:\Windows\System\Dbfbyba.exe
  C:\Windows\System\Dbfbyba.exe
  2⤵
  PID:5920
- C:\Windows\System\VoVmmTl.exe
  C:\Windows\System\VoVmmTl.exe
  2⤵
  PID:5936
- C:\Windows\System\JlnJYOs.exe
  C:\Windows\System\JlnJYOs.exe
  2⤵
  PID:5952
- C:\Windows\System\qQDpmlt.exe
  C:\Windows\System\qQDpmlt.exe
  2⤵
  PID:5968
- C:\Windows\System\KPrziPr.exe
  C:\Windows\System\KPrziPr.exe
  2⤵
  PID:5984
- C:\Windows\System\gillMDt.exe
  C:\Windows\System\gillMDt.exe
  2⤵
  PID:6000
- C:\Windows\System\lUxELwI.exe
  C:\Windows\System\lUxELwI.exe
  2⤵
  PID:6016
- C:\Windows\System\zIaUbLn.exe
  C:\Windows\System\zIaUbLn.exe
  2⤵
  PID:5832
- C:\Windows\System\XZadKrj.exe
  C:\Windows\System\XZadKrj.exe
  2⤵
  PID:6036
- C:\Windows\System\ditJxEE.exe
  C:\Windows\System\ditJxEE.exe
  2⤵
  PID:6052
- C:\Windows\System\uctgPkg.exe
  C:\Windows\System\uctgPkg.exe
  2⤵
  PID:6068
- C:\Windows\System\ZWYzEdk.exe
  C:\Windows\System\ZWYzEdk.exe
  2⤵
  PID:6084
- C:\Windows\System\FwXdcAS.exe
  C:\Windows\System\FwXdcAS.exe
  2⤵
  PID:6100
- C:\Windows\System\KvZEGpC.exe
  C:\Windows\System\KvZEGpC.exe
  2⤵
  PID:6116
- C:\Windows\System\MOmIYpJ.exe
  C:\Windows\System\MOmIYpJ.exe
  2⤵
  PID:5392
- C:\Windows\System\ypxZocq.exe
  C:\Windows\System\ypxZocq.exe
  2⤵
  PID:5456
- C:\Windows\System\JeLibgm.exe
  C:\Windows\System\JeLibgm.exe
  2⤵
  PID:5520
- C:\Windows\System\ipSXdyv.exe
  C:\Windows\System\ipSXdyv.exe
  2⤵
  PID:984
- C:\Windows\System\ZxWbtDa.exe
  C:\Windows\System\ZxWbtDa.exe
  2⤵
  PID:5620
- C:\Windows\System\KuwYAhL.exe
  C:\Windows\System\KuwYAhL.exe
  2⤵
  PID:5216
- C:\Windows\System\koabMmV.exe
  C:\Windows\System\koabMmV.exe
  2⤵
  PID:5280
- C:\Windows\System\CLIqaIE.exe
  C:\Windows\System\CLIqaIE.exe
  2⤵
  PID:5536
- C:\Windows\System\qzuYBFj.exe
  C:\Windows\System\qzuYBFj.exe
  2⤵
  PID:5604
- C:\Windows\System\gYCzKHv.exe
  C:\Windows\System\gYCzKHv.exe
  2⤵
  PID:5684
- C:\Windows\System\EwllqAg.exe
  C:\Windows\System\EwllqAg.exe
  2⤵
  PID:5780
- C:\Windows\System\EhTppfa.exe
  C:\Windows\System\EhTppfa.exe
  2⤵
  PID:5948
- C:\Windows\System\IUIIOxx.exe
  C:\Windows\System\IUIIOxx.exe
  2⤵
  PID:6012
- C:\Windows\System\VsYtFfx.exe
  C:\Windows\System\VsYtFfx.exe
  2⤵
  PID:5928
- C:\Windows\System\SawrmvH.exe
  C:\Windows\System\SawrmvH.exe
  2⤵
  PID:6092
- C:\Windows\System\oyipWlo.exe
  C:\Windows\System\oyipWlo.exe
  2⤵
  PID:3028
- C:\Windows\System\VkwOROD.exe
  C:\Windows\System\VkwOROD.exe
  2⤵
  PID:5964
- C:\Windows\System\gBMOwVT.exe
  C:\Windows\System\gBMOwVT.exe
  2⤵
  PID:6044
- C:\Windows\System\YDLnHfM.exe
  C:\Windows\System\YDLnHfM.exe
  2⤵
  PID:6108
- C:\Windows\System\rhWLoTA.exe
  C:\Windows\System\rhWLoTA.exe
  2⤵
  PID:6132
- C:\Windows\System\qwodNfO.exe
  C:\Windows\System\qwodNfO.exe
  2⤵
  PID:3416
- C:\Windows\System\gbYgjIv.exe
  C:\Windows\System\gbYgjIv.exe
  2⤵
  PID:4676
- C:\Windows\System\bSBvQUy.exe
  C:\Windows\System\bSBvQUy.exe
  2⤵
  PID:4952
- C:\Windows\System\DFknnvp.exe
  C:\Windows\System\DFknnvp.exe
  2⤵
  PID:4984
- C:\Windows\System\LZjXfaL.exe
  C:\Windows\System\LZjXfaL.exe
  2⤵
  PID:4808
- C:\Windows\System\YlHweOh.exe
  C:\Windows\System\YlHweOh.exe
  2⤵
  PID:5136
- C:\Windows\System\BWBZsQB.exe
  C:\Windows\System\BWBZsQB.exe
  2⤵
  PID:2980
- C:\Windows\System\hUAvaZh.exe
  C:\Windows\System\hUAvaZh.exe
  2⤵
  PID:4776
- C:\Windows\System\gHUuxoW.exe
  C:\Windows\System\gHUuxoW.exe
  2⤵
  PID:2804
- C:\Windows\System\LcpXPtg.exe
  C:\Windows\System\LcpXPtg.exe
  2⤵
  PID:4208
- C:\Windows\System\YyVqyEd.exe
  C:\Windows\System\YyVqyEd.exe
  2⤵
  PID:1296
- C:\Windows\System\DTtrXIN.exe
  C:\Windows\System\DTtrXIN.exe
  2⤵
  PID:5264
- C:\Windows\System\jeRNjlJ.exe
  C:\Windows\System\jeRNjlJ.exe
  2⤵
  PID:5312
- C:\Windows\System\VUEaKbS.exe
  C:\Windows\System\VUEaKbS.exe
  2⤵
  PID:5404
- C:\Windows\System\pzUunmj.exe
  C:\Windows\System\pzUunmj.exe
  2⤵
  PID:5360
- C:\Windows\System\xkvxwlC.exe
  C:\Windows\System\xkvxwlC.exe
  2⤵
  PID:5492
- C:\Windows\System\xjLTRjc.exe
  C:\Windows\System\xjLTRjc.exe
  2⤵
  PID:5556
- C:\Windows\System\GRysivm.exe
  C:\Windows\System\GRysivm.exe
  2⤵
  PID:5572
- C:\Windows\System\zbhmxDp.exe
  C:\Windows\System\zbhmxDp.exe
  2⤵
  PID:5648
- C:\Windows\System\eSmOYkX.exe
  C:\Windows\System\eSmOYkX.exe
  2⤵
  PID:5744
- C:\Windows\System\xHMRGRO.exe
  C:\Windows\System\xHMRGRO.exe
  2⤵
  PID:5552
- C:\Windows\System\SrUezbp.exe
  C:\Windows\System\SrUezbp.exe
  2⤵
  PID:5772
- C:\Windows\System\cgwRfbN.exe
  C:\Windows\System\cgwRfbN.exe
  2⤵
  PID:5812
- C:\Windows\System\fKtNice.exe
  C:\Windows\System\fKtNice.exe
  2⤵
  PID:5824
- C:\Windows\System\ajZbVYJ.exe
  C:\Windows\System\ajZbVYJ.exe
  2⤵
  PID:5864
- C:\Windows\System\LpcTVBo.exe
  C:\Windows\System\LpcTVBo.exe
  2⤵
  PID:5892
- C:\Windows\System\EWCPYvR.exe
  C:\Windows\System\EWCPYvR.exe
  2⤵
  PID:5792
- C:\Windows\System\OsmRmPX.exe
  C:\Windows\System\OsmRmPX.exe
  2⤵
  PID:5916
- C:\Windows\System\tZYoqDE.exe
  C:\Windows\System\tZYoqDE.exe
  2⤵
  PID:5328
- C:\Windows\System\QSbBwDy.exe
  C:\Windows\System\QSbBwDy.exe
  2⤵
  PID:5440
- C:\Windows\System\hZvYeiZ.exe
  C:\Windows\System\hZvYeiZ.exe
  2⤵
  PID:5748
- C:\Windows\System\AEJQWGE.exe
  C:\Windows\System\AEJQWGE.exe
  2⤵
  PID:2240
- C:\Windows\System\xRWSRbZ.exe
  C:\Windows\System\xRWSRbZ.exe
  2⤵
  PID:5944
- C:\Windows\System\ONObsBp.exe
  C:\Windows\System\ONObsBp.exe
  2⤵
  PID:4820
- C:\Windows\System\vbNEOkB.exe
  C:\Windows\System\vbNEOkB.exe
  2⤵
  PID:5344
- C:\Windows\System\eWTqsBM.exe
  C:\Windows\System\eWTqsBM.exe
  2⤵
  PID:5276
- C:\Windows\System\YlenfHT.exe
  C:\Windows\System\YlenfHT.exe
  2⤵
  PID:6128
- C:\Windows\System\fUdDsur.exe
  C:\Windows\System\fUdDsur.exe
  2⤵
  PID:3148
- C:\Windows\System\ZcfpwFh.exe
  C:\Windows\System\ZcfpwFh.exe
  2⤵
  PID:5200
- C:\Windows\System\YtLHJps.exe
  C:\Windows\System\YtLHJps.exe
  2⤵
  PID:1632
- C:\Windows\System\POdOGAJ.exe
  C:\Windows\System\POdOGAJ.exe
  2⤵
  PID:5828
- C:\Windows\System\MrvBruY.exe
  C:\Windows\System\MrvBruY.exe
  2⤵
  PID:5980
- C:\Windows\System\QNZPopl.exe
  C:\Windows\System\QNZPopl.exe
  2⤵
  PID:5960
- C:\Windows\System\ziSonuY.exe
  C:\Windows\System\ziSonuY.exe
  2⤵
  PID:2264
- C:\Windows\System\NcQVLlI.exe
  C:\Windows\System\NcQVLlI.exe
  2⤵
  PID:4580
- C:\Windows\System\MmPWTro.exe
  C:\Windows\System\MmPWTro.exe
  2⤵
  PID:1984
- C:\Windows\System\RzqjMcx.exe
  C:\Windows\System\RzqjMcx.exe
  2⤵
  PID:4744
- C:\Windows\System\AMhKWgU.exe
  C:\Windows\System\AMhKWgU.exe
  2⤵
  PID:5152
- C:\Windows\System\rNTjaMI.exe
  C:\Windows\System\rNTjaMI.exe
  2⤵
  PID:5248
- C:\Windows\System\pYvXVXu.exe
  C:\Windows\System\pYvXVXu.exe
  2⤵
  PID:5476
- C:\Windows\System\aRgMUtL.exe
  C:\Windows\System\aRgMUtL.exe
  2⤵
  PID:5860
- C:\Windows\System\ZBapeEe.exe
  C:\Windows\System\ZBapeEe.exe
  2⤵
  PID:5468
- C:\Windows\System\MznFCnF.exe
  C:\Windows\System\MznFCnF.exe
  2⤵
  PID:5768
- C:\Windows\System\UFZoKbZ.exe
  C:\Windows\System\UFZoKbZ.exe
  2⤵
  PID:4900
- C:\Windows\System\sLvLPty.exe
  C:\Windows\System\sLvLPty.exe
  2⤵
  PID:5808
- C:\Windows\System\HjlZnlx.exe
  C:\Windows\System\HjlZnlx.exe
  2⤵
  PID:340
- C:\Windows\System\EjCHKBb.exe
  C:\Windows\System\EjCHKBb.exe
  2⤵
  PID:1572
- C:\Windows\System\qJmrhoP.exe
  C:\Windows\System\qJmrhoP.exe
  2⤵
  PID:6064
- C:\Windows\System\VWTpUJU.exe
  C:\Windows\System\VWTpUJU.exe
  2⤵
  PID:6160
- C:\Windows\System\yocwTmi.exe
  C:\Windows\System\yocwTmi.exe
  2⤵
  PID:6176
- C:\Windows\System\uCmmKep.exe
  C:\Windows\System\uCmmKep.exe
  2⤵
  PID:6192
- C:\Windows\System\dIZYdUO.exe
  C:\Windows\System\dIZYdUO.exe
  2⤵
  PID:6208
- C:\Windows\System\pTPmHiv.exe
  C:\Windows\System\pTPmHiv.exe
  2⤵
  PID:6228
- C:\Windows\System\rZbnZjh.exe
  C:\Windows\System\rZbnZjh.exe
  2⤵
  PID:6248
- C:\Windows\System\oxshlai.exe
  C:\Windows\System\oxshlai.exe
  2⤵
  PID:6264
- C:\Windows\System\QxgpDir.exe
  C:\Windows\System\QxgpDir.exe
  2⤵
  PID:6288
- C:\Windows\System\svvqRzu.exe
  C:\Windows\System\svvqRzu.exe
  2⤵
  PID:6304
- C:\Windows\System\MclmHst.exe
  C:\Windows\System\MclmHst.exe
  2⤵
  PID:6324
- C:\Windows\System\eGUEzuc.exe
  C:\Windows\System\eGUEzuc.exe
  2⤵
  PID:6340
- C:\Windows\System\Pwgyqsc.exe
  C:\Windows\System\Pwgyqsc.exe
  2⤵
  PID:6356
- C:\Windows\System\ErHoYnS.exe
  C:\Windows\System\ErHoYnS.exe
  2⤵
  PID:6372
- C:\Windows\System\OsUgylR.exe
  C:\Windows\System\OsUgylR.exe
  2⤵
  PID:6388
- C:\Windows\System\kBPucLY.exe
  C:\Windows\System\kBPucLY.exe
  2⤵
  PID:6404
- C:\Windows\System\BHEaKdh.exe
  C:\Windows\System\BHEaKdh.exe
  2⤵
  PID:6492
- C:\Windows\System\ZAildko.exe
  C:\Windows\System\ZAildko.exe
  2⤵
  PID:6508
- C:\Windows\System\dPUGNDJ.exe
  C:\Windows\System\dPUGNDJ.exe
  2⤵
  PID:6524
- C:\Windows\System\HCZbhsE.exe
  C:\Windows\System\HCZbhsE.exe
  2⤵
  PID:6540
- C:\Windows\System\nAHJzoN.exe
  C:\Windows\System\nAHJzoN.exe
  2⤵
  PID:6556
- C:\Windows\System\AreYYJI.exe
  C:\Windows\System\AreYYJI.exe
  2⤵
  PID:6572
- C:\Windows\System\InHHPwB.exe
  C:\Windows\System\InHHPwB.exe
  2⤵
  PID:6588
- C:\Windows\System\AjaexOA.exe
  C:\Windows\System\AjaexOA.exe
  2⤵
  PID:6628
- C:\Windows\System\moeOYHn.exe
  C:\Windows\System\moeOYHn.exe
  2⤵
  PID:6648
- C:\Windows\System\wkoBlLx.exe
  C:\Windows\System\wkoBlLx.exe
  2⤵
  PID:6664
- C:\Windows\System\oTwCTBO.exe
  C:\Windows\System\oTwCTBO.exe
  2⤵
  PID:6680
- C:\Windows\System\jDRgBIB.exe
  C:\Windows\System\jDRgBIB.exe
  2⤵
  PID:6716
- C:\Windows\System\NhxsWqm.exe
  C:\Windows\System\NhxsWqm.exe
  2⤵
  PID:6732
- C:\Windows\System\EMcKfKb.exe
  C:\Windows\System\EMcKfKb.exe
  2⤵
  PID:6748
- C:\Windows\System\YCquEcQ.exe
  C:\Windows\System\YCquEcQ.exe
  2⤵
  PID:6764
- C:\Windows\System\xJnHBkg.exe
  C:\Windows\System\xJnHBkg.exe
  2⤵
  PID:6780
- C:\Windows\System\wZxReuu.exe
  C:\Windows\System\wZxReuu.exe
  2⤵
  PID:6800
- C:\Windows\System\tsLJiUa.exe
  C:\Windows\System\tsLJiUa.exe
  2⤵
  PID:6860
- C:\Windows\System\GLWjtSv.exe
  C:\Windows\System\GLWjtSv.exe
  2⤵
  PID:6876
- C:\Windows\System\AANFGDV.exe
  C:\Windows\System\AANFGDV.exe
  2⤵
  PID:6896
- C:\Windows\System\JhppXnn.exe
  C:\Windows\System\JhppXnn.exe
  2⤵
  PID:6912
- C:\Windows\System\EveIRMY.exe
  C:\Windows\System\EveIRMY.exe
  2⤵
  PID:6928
- C:\Windows\System\UsXWADe.exe
  C:\Windows\System\UsXWADe.exe
  2⤵
  PID:6944
- C:\Windows\System\kXMRfnr.exe
  C:\Windows\System\kXMRfnr.exe
  2⤵
  PID:6960
- C:\Windows\System\nfIgmZr.exe
  C:\Windows\System\nfIgmZr.exe
  2⤵
  PID:6976
- C:\Windows\System\bwLugXr.exe
  C:\Windows\System\bwLugXr.exe
  2⤵
  PID:6992
- C:\Windows\System\qTYGQmc.exe
  C:\Windows\System\qTYGQmc.exe
  2⤵
  PID:7012
- C:\Windows\System\XtoSInW.exe
  C:\Windows\System\XtoSInW.exe
  2⤵
  PID:7028
- C:\Windows\System\AcFynbt.exe
  C:\Windows\System\AcFynbt.exe
  2⤵
  PID:7068
- C:\Windows\System\thnDJCx.exe
  C:\Windows\System\thnDJCx.exe
  2⤵
  PID:7084
- C:\Windows\System\jvtJoJr.exe
  C:\Windows\System\jvtJoJr.exe
  2⤵
  PID:7100
- C:\Windows\System\KLrwibz.exe
  C:\Windows\System\KLrwibz.exe
  2⤵
  PID:7116
- C:\Windows\System\qhpNvlt.exe
  C:\Windows\System\qhpNvlt.exe
  2⤵
  PID:7132
- C:\Windows\System\TZVfGpu.exe
  C:\Windows\System\TZVfGpu.exe
  2⤵
  PID:7148
- C:\Windows\System\biOuXny.exe
  C:\Windows\System\biOuXny.exe
  2⤵
  PID:7164
- C:\Windows\System\TKKDhvu.exe
  C:\Windows\System\TKKDhvu.exe
  2⤵
  PID:4788
- C:\Windows\System\KCfPNIp.exe
  C:\Windows\System\KCfPNIp.exe
  2⤵
  PID:6124
- C:\Windows\System\TXgzMLS.exe
  C:\Windows\System\TXgzMLS.exe
  2⤵
  PID:4968
- C:\Windows\System\XWOfSlY.exe
  C:\Windows\System\XWOfSlY.exe
  2⤵
  PID:5488
- C:\Windows\System\PuPpoxu.exe
  C:\Windows\System\PuPpoxu.exe
  2⤵
  PID:4456
- C:\Windows\System\WUwNJIu.exe
  C:\Windows\System\WUwNJIu.exe
  2⤵
  PID:5852
- C:\Windows\System\zLAuVqB.exe
  C:\Windows\System\zLAuVqB.exe
  2⤵
  PID:6216
- C:\Windows\System\ZwUeFdu.exe
  C:\Windows\System\ZwUeFdu.exe
  2⤵
  PID:6240
- C:\Windows\System\SqEGNSl.exe
  C:\Windows\System\SqEGNSl.exe
  2⤵
  PID:6280
- C:\Windows\System\JphPHMq.exe
  C:\Windows\System\JphPHMq.exe
  2⤵
  PID:5508
- C:\Windows\System\pvxYxuS.exe
  C:\Windows\System\pvxYxuS.exe
  2⤵
  PID:6152
- C:\Windows\System\GpcbQZb.exe
  C:\Windows\System\GpcbQZb.exe
  2⤵
  PID:6296
- C:\Windows\System\hookGNa.exe
  C:\Windows\System\hookGNa.exe
  2⤵
  PID:6368
- C:\Windows\System\WAePCYR.exe
  C:\Windows\System\WAePCYR.exe
  2⤵
  PID:6504
- C:\Windows\System\IyDHplh.exe
  C:\Windows\System\IyDHplh.exe
  2⤵
  PID:6316
- C:\Windows\System\TXmtsaB.exe
  C:\Windows\System\TXmtsaB.exe
  2⤵
  PID:6384
- C:\Windows\System\kAtzmcK.exe
  C:\Windows\System\kAtzmcK.exe
  2⤵
  PID:6656
- C:\Windows\System\mEUAhEp.exe
  C:\Windows\System\mEUAhEp.exe
  2⤵
  PID:6412
- C:\Windows\System\nhOnGlE.exe
  C:\Windows\System\nhOnGlE.exe
  2⤵
  PID:6420
- C:\Windows\System\yJRDIRE.exe
  C:\Windows\System\yJRDIRE.exe
  2⤵
  PID:6436
- C:\Windows\System\AnUThwv.exe
  C:\Windows\System\AnUThwv.exe
  2⤵
  PID:6692
- C:\Windows\System\ysQtUfX.exe
  C:\Windows\System\ysQtUfX.exe
  2⤵
  PID:6708
- C:\Windows\System\gvSjcfd.exe
  C:\Windows\System\gvSjcfd.exe
  2⤵
  PID:6468
- C:\Windows\System\ocyrQSq.exe
  C:\Windows\System\ocyrQSq.exe
  2⤵
  PID:6772
- C:\Windows\System\BGLNejt.exe
  C:\Windows\System\BGLNejt.exe
  2⤵
  PID:6828
- C:\Windows\System\SenCUHS.exe
  C:\Windows\System\SenCUHS.exe
  2⤵
  PID:6584
- C:\Windows\System\xxldPmc.exe
  C:\Windows\System\xxldPmc.exe
  2⤵
  PID:6672
- C:\Windows\System\nwiLLzb.exe
  C:\Windows\System\nwiLLzb.exe
  2⤵
  PID:6452
- C:\Windows\System\uAJgHui.exe
  C:\Windows\System\uAJgHui.exe
  2⤵
  PID:6476
- C:\Windows\System\isdcCwj.exe
  C:\Windows\System\isdcCwj.exe
  2⤵
  PID:6792
- C:\Windows\System\TKksmOR.exe
  C:\Windows\System\TKksmOR.exe
  2⤵
  PID:6788
- C:\Windows\System\dcZsgNr.exe
  C:\Windows\System\dcZsgNr.exe
  2⤵
  PID:7020
- C:\Windows\System\CpOKZZe.exe
  C:\Windows\System\CpOKZZe.exe
  2⤵
  PID:6920
- C:\Windows\System\JEXMOaw.exe
  C:\Windows\System\JEXMOaw.exe
  2⤵
  PID:7008
- C:\Windows\System\tFolhdN.exe
  C:\Windows\System\tFolhdN.exe
  2⤵
  PID:7024
- C:\Windows\System\iNtKDRz.exe
  C:\Windows\System\iNtKDRz.exe
  2⤵
  PID:5184
- C:\Windows\System\hdjXVoB.exe
  C:\Windows\System\hdjXVoB.exe
  2⤵
  PID:7060
- C:\Windows\System\oYRjXei.exe
  C:\Windows\System\oYRjXei.exe
  2⤵
  PID:7096
- C:\Windows\System\iZRSsck.exe
  C:\Windows\System\iZRSsck.exe
  2⤵
  PID:2104
- C:\Windows\System\oFVpHlW.exe
  C:\Windows\System\oFVpHlW.exe
  2⤵
  PID:7160
- C:\Windows\System\lCnsthI.exe
  C:\Windows\System\lCnsthI.exe
  2⤵
  PID:2732
- C:\Windows\System\wfwPPRf.exe
  C:\Windows\System\wfwPPRf.exe
  2⤵
  PID:5424
- C:\Windows\System\LBPiGZB.exe
  C:\Windows\System\LBPiGZB.exe
  2⤵
  PID:2912
- C:\Windows\System\dlzPgnR.exe
  C:\Windows\System\dlzPgnR.exe
  2⤵
  PID:2096
- C:\Windows\System\JwEVKMD.exe
  C:\Windows\System\JwEVKMD.exe
  2⤵
  PID:6172
- C:\Windows\System\DOlvGOZ.exe
  C:\Windows\System\DOlvGOZ.exe
  2⤵
  PID:7156
- C:\Windows\System\iWFkNWS.exe
  C:\Windows\System\iWFkNWS.exe
  2⤵
  PID:6184
- C:\Windows\System\koBjrIh.exe
  C:\Windows\System\koBjrIh.exe
  2⤵
  PID:6568
- C:\Windows\System\IYKWREa.exe
  C:\Windows\System\IYKWREa.exe
  2⤵
  PID:6600
- C:\Windows\System\mAIXjgQ.exe
  C:\Windows\System\mAIXjgQ.exe
  2⤵
  PID:6260
- C:\Windows\System\qENzRDR.exe
  C:\Windows\System\qENzRDR.exe
  2⤵
  PID:6352
- C:\Windows\System\TrNpwZw.exe
  C:\Windows\System\TrNpwZw.exe
  2⤵
  PID:6612
- C:\Windows\System\EOpXJre.exe
  C:\Windows\System\EOpXJre.exe
  2⤵
  PID:6432
- C:\Windows\System\nPFoZse.exe
  C:\Windows\System\nPFoZse.exe
  2⤵
  PID:6700
- C:\Windows\System\TMTMNws.exe
  C:\Windows\System\TMTMNws.exe
  2⤵
  PID:6444
- C:\Windows\System\heUFtXW.exe
  C:\Windows\System\heUFtXW.exe
  2⤵
  PID:6852
- C:\Windows\System\qJcWgFw.exe
  C:\Windows\System\qJcWgFw.exe
  2⤵
  PID:6848
- C:\Windows\System\xIuyJZv.exe
  C:\Windows\System\xIuyJZv.exe
  2⤵
  PID:7080
- C:\Windows\System\AEBTLjR.exe
  C:\Windows\System\AEBTLjR.exe
  2⤵
  PID:7144
- C:\Windows\System\mkVPwZZ.exe
  C:\Windows\System\mkVPwZZ.exe
  2⤵
  PID:1980
- C:\Windows\System\TkFQdKm.exe
  C:\Windows\System\TkFQdKm.exe
  2⤵
  PID:7112
- C:\Windows\System\ZMuULpX.exe
  C:\Windows\System\ZMuULpX.exe
  2⤵
  PID:6336
- C:\Windows\System\HQlCGhD.exe
  C:\Windows\System\HQlCGhD.exe
  2⤵
  PID:6640
- C:\Windows\System\koloETm.exe
  C:\Windows\System\koloETm.exe
  2⤵
  PID:6220
- C:\Windows\System\EPeSoWA.exe
  C:\Windows\System\EPeSoWA.exe
  2⤵
  PID:6884
- C:\Windows\System\AWPsxjN.exe
  C:\Windows\System\AWPsxjN.exe
  2⤵
  PID:6688
- C:\Windows\System\onNJRWt.exe
  C:\Windows\System\onNJRWt.exe
  2⤵
  PID:6984
- C:\Windows\System\eRMMniI.exe
  C:\Windows\System\eRMMniI.exe
  2⤵
  PID:7128
- C:\Windows\System\pZGxyRy.exe
  C:\Windows\System\pZGxyRy.exe
  2⤵
  PID:6140
- C:\Windows\System\tBhdtpv.exe
  C:\Windows\System\tBhdtpv.exe
  2⤵
  PID:6332
- C:\Windows\System\RLxYxEd.exe
  C:\Windows\System\RLxYxEd.exe
  2⤵
  PID:6564
- C:\Windows\System\pWMrodL.exe
  C:\Windows\System\pWMrodL.exe
  2⤵
  PID:6312
- C:\Windows\System\FhnYjAF.exe
  C:\Windows\System\FhnYjAF.exe
  2⤵
  PID:6488
- C:\Windows\System\WVmBXDm.exe
  C:\Windows\System\WVmBXDm.exe
  2⤵
  PID:6548
- C:\Windows\System\FOqneTj.exe
  C:\Windows\System\FOqneTj.exe
  2⤵
  PID:2392
- C:\Windows\System\BOEYMWD.exe
  C:\Windows\System\BOEYMWD.exe
  2⤵
  PID:6776
- C:\Windows\System\pCBrzpL.exe
  C:\Windows\System\pCBrzpL.exe
  2⤵
  PID:5196
- C:\Windows\System\NoWZvRh.exe
  C:\Windows\System\NoWZvRh.exe
  2⤵
  PID:7048
- C:\Windows\System\PtbyIqF.exe
  C:\Windows\System\PtbyIqF.exe
  2⤵
  PID:6968
- C:\Windows\System\SEXNIax.exe
  C:\Windows\System\SEXNIax.exe
  2⤵
  PID:6168
- C:\Windows\System\JhwZwMG.exe
  C:\Windows\System\JhwZwMG.exe
  2⤵
  PID:6520
- C:\Windows\System\MXDrGeb.exe
  C:\Windows\System\MXDrGeb.exe
  2⤵
  PID:6236
- C:\Windows\System\EMXDyvN.exe
  C:\Windows\System\EMXDyvN.exe
  2⤵
  PID:7180
- C:\Windows\System\OwwQZwz.exe
  C:\Windows\System\OwwQZwz.exe
  2⤵
  PID:7196
- C:\Windows\System\RrrIQSB.exe
  C:\Windows\System\RrrIQSB.exe
  2⤵
  PID:7220
- C:\Windows\System\nUeYMEJ.exe
  C:\Windows\System\nUeYMEJ.exe
  2⤵
  PID:7244
- C:\Windows\System\hCqDBQv.exe
  C:\Windows\System\hCqDBQv.exe
  2⤵
  PID:7264
- C:\Windows\System\ORJvEyM.exe
  C:\Windows\System\ORJvEyM.exe
  2⤵
  PID:7284
- C:\Windows\System\IGPoPZk.exe
  C:\Windows\System\IGPoPZk.exe
  2⤵
  PID:7300
- C:\Windows\System\xQSOBVT.exe
  C:\Windows\System\xQSOBVT.exe
  2⤵
  PID:7320
- C:\Windows\System\ogdhfNo.exe
  C:\Windows\System\ogdhfNo.exe
  2⤵
  PID:7340
- C:\Windows\System\AvwCrbd.exe
  C:\Windows\System\AvwCrbd.exe
  2⤵
  PID:7368
- C:\Windows\System\CMDCnxe.exe
  C:\Windows\System\CMDCnxe.exe
  2⤵
  PID:7408
- C:\Windows\System\QuiUefq.exe
  C:\Windows\System\QuiUefq.exe
  2⤵
  PID:7424
- C:\Windows\System\QvXwKqO.exe
  C:\Windows\System\QvXwKqO.exe
  2⤵
  PID:7444
- C:\Windows\System\oSONTXZ.exe
  C:\Windows\System\oSONTXZ.exe
  2⤵
  PID:7460
- C:\Windows\System\hsMhEjH.exe
  C:\Windows\System\hsMhEjH.exe
  2⤵
  PID:7480
- C:\Windows\System\PIfAvhW.exe
  C:\Windows\System\PIfAvhW.exe
  2⤵
  PID:7496
- C:\Windows\System\UpcUOkc.exe
  C:\Windows\System\UpcUOkc.exe
  2⤵
  PID:7512
- C:\Windows\System\VonlOoT.exe
  C:\Windows\System\VonlOoT.exe
  2⤵
  PID:7532
- C:\Windows\System\EtcXwOf.exe
  C:\Windows\System\EtcXwOf.exe
  2⤵
  PID:7552
- C:\Windows\System\QeUiRte.exe
  C:\Windows\System\QeUiRte.exe
  2⤵
  PID:7568
- C:\Windows\System\XaOaZYK.exe
  C:\Windows\System\XaOaZYK.exe
  2⤵
  PID:7584
- C:\Windows\System\WJBHyBn.exe
  C:\Windows\System\WJBHyBn.exe
  2⤵
  PID:7604
- C:\Windows\System\opaYvfN.exe
  C:\Windows\System\opaYvfN.exe
  2⤵
  PID:7620
- C:\Windows\System\DZQOCvb.exe
  C:\Windows\System\DZQOCvb.exe
  2⤵
  PID:7644
- C:\Windows\System\AgppKIp.exe
  C:\Windows\System\AgppKIp.exe
  2⤵
  PID:7664
- C:\Windows\System\qFmCqPy.exe
  C:\Windows\System\qFmCqPy.exe
  2⤵
  PID:7680
- C:\Windows\System\UyxKGok.exe
  C:\Windows\System\UyxKGok.exe
  2⤵
  PID:7696
- C:\Windows\System\IVtHHLN.exe
  C:\Windows\System\IVtHHLN.exe
  2⤵
  PID:7716
- C:\Windows\System\sgZrjyN.exe
  C:\Windows\System\sgZrjyN.exe
  2⤵
  PID:7748
- C:\Windows\System\YaEPyav.exe
  C:\Windows\System\YaEPyav.exe
  2⤵
  PID:7776
- C:\Windows\System\DjIsuCS.exe
  C:\Windows\System\DjIsuCS.exe
  2⤵
  PID:7828
- C:\Windows\System\TjxZSTP.exe
  C:\Windows\System\TjxZSTP.exe
  2⤵
  PID:7844
- C:\Windows\System\aSmQZZD.exe
  C:\Windows\System\aSmQZZD.exe
  2⤵
  PID:7864
- C:\Windows\System\XSJsWlw.exe
  C:\Windows\System\XSJsWlw.exe
  2⤵
  PID:7880
- C:\Windows\System\HzFzPva.exe
  C:\Windows\System\HzFzPva.exe
  2⤵
  PID:7904
- C:\Windows\System\AsJJnbC.exe
  C:\Windows\System\AsJJnbC.exe
  2⤵
  PID:7920
- C:\Windows\System\kLYvnno.exe
  C:\Windows\System\kLYvnno.exe
  2⤵
  PID:7940
- C:\Windows\System\SGreFkM.exe
  C:\Windows\System\SGreFkM.exe
  2⤵
  PID:7960
- C:\Windows\System\RNYeeUp.exe
  C:\Windows\System\RNYeeUp.exe
  2⤵
  PID:7976
- C:\Windows\System\eoIacBT.exe
  C:\Windows\System\eoIacBT.exe
  2⤵
  PID:7996
- C:\Windows\System\ohoXUAT.exe
  C:\Windows\System\ohoXUAT.exe
  2⤵
  PID:8016
- C:\Windows\System\VlmWbgO.exe
  C:\Windows\System\VlmWbgO.exe
  2⤵
  PID:8032
- C:\Windows\System\DMaCJUa.exe
  C:\Windows\System\DMaCJUa.exe
  2⤵
  PID:8052
- C:\Windows\System\vSSxyUH.exe
  C:\Windows\System\vSSxyUH.exe
  2⤵
  PID:8072
- C:\Windows\System\uLHLUAD.exe
  C:\Windows\System\uLHLUAD.exe
  2⤵
  PID:8088
- C:\Windows\System\AHvjhff.exe
  C:\Windows\System\AHvjhff.exe
  2⤵
  PID:8104
- C:\Windows\System\aESxpbF.exe
  C:\Windows\System\aESxpbF.exe
  2⤵
  PID:8124
- C:\Windows\System\uuQirkJ.exe
  C:\Windows\System\uuQirkJ.exe
  2⤵
  PID:8180
- C:\Windows\System\KGlCedY.exe
  C:\Windows\System\KGlCedY.exe
  2⤵
  PID:6936
- C:\Windows\System\ZmLlLWy.exe
  C:\Windows\System\ZmLlLWy.exe
  2⤵
  PID:2408
- C:\Windows\System\uFIUEoO.exe
  C:\Windows\System\uFIUEoO.exe
  2⤵
  PID:5228
- C:\Windows\System\iwRvmWO.exe
  C:\Windows\System\iwRvmWO.exe
  2⤵
  PID:7192
- C:\Windows\System\GoHsjwN.exe
  C:\Windows\System\GoHsjwN.exe
  2⤵
  PID:6740
- C:\Windows\System\CVIagks.exe
  C:\Windows\System\CVIagks.exe
  2⤵
  PID:6840
- C:\Windows\System\HQmjSyU.exe
  C:\Windows\System\HQmjSyU.exe
  2⤵
  PID:7308
- C:\Windows\System\LYdRRfG.exe
  C:\Windows\System\LYdRRfG.exe
  2⤵
  PID:7356
- C:\Windows\System\vxOREEp.exe
  C:\Windows\System\vxOREEp.exe
  2⤵
  PID:6820
- C:\Windows\System\okNrBBP.exe
  C:\Windows\System\okNrBBP.exe
  2⤵
  PID:2156
- C:\Windows\System\viQlwcI.exe
  C:\Windows\System\viQlwcI.exe
  2⤵
  PID:7524
- C:\Windows\System\ZaZSzsu.exe
  C:\Windows\System\ZaZSzsu.exe
  2⤵
  PID:6256
- C:\Windows\System\PZhaglY.exe
  C:\Windows\System\PZhaglY.exe
  2⤵
  PID:6952
- C:\Windows\System\oDbExKr.exe
  C:\Windows\System\oDbExKr.exe
  2⤵
  PID:7564
- C:\Windows\System\LCVEkqK.exe
  C:\Windows\System\LCVEkqK.exe
  2⤵
  PID:2120
- C:\Windows\System\BBsoCyk.exe
  C:\Windows\System\BBsoCyk.exe
  2⤵
  PID:7640
- C:\Windows\System\ztgeicj.exe
  C:\Windows\System\ztgeicj.exe
  2⤵
  PID:2116
- C:\Windows\System\ircyEtG.exe
  C:\Windows\System\ircyEtG.exe
  2⤵
  PID:5600
- C:\Windows\System\FtdMELz.exe
  C:\Windows\System\FtdMELz.exe
  2⤵
  PID:6428
- C:\Windows\System\uqEBFoP.exe
  C:\Windows\System\uqEBFoP.exe
  2⤵
  PID:7000
- C:\Windows\System\VWoZhQJ.exe
  C:\Windows\System\VWoZhQJ.exe
  2⤵
  PID:5616
- C:\Windows\System\VZgqRDP.exe
  C:\Windows\System\VZgqRDP.exe
  2⤵
  PID:7204
- C:\Windows\System\kmbeeGD.exe
  C:\Windows\System\kmbeeGD.exe
  2⤵
  PID:7252
- C:\Windows\System\MdnufrT.exe
  C:\Windows\System\MdnufrT.exe
  2⤵
  PID:7328
- C:\Windows\System\eWJQfnw.exe
  C:\Windows\System\eWJQfnw.exe
  2⤵
  PID:7712
- C:\Windows\System\BGMpUou.exe
  C:\Windows\System\BGMpUou.exe
  2⤵
  PID:7384
- C:\Windows\System\pjrWbfr.exe
  C:\Windows\System\pjrWbfr.exe
  2⤵
  PID:7432
- C:\Windows\System\BvGXJWq.exe
  C:\Windows\System\BvGXJWq.exe
  2⤵
  PID:7504
- C:\Windows\System\tYMdrbV.exe
  C:\Windows\System\tYMdrbV.exe
  2⤵
  PID:7576
- C:\Windows\System\VqOMaFp.exe
  C:\Windows\System\VqOMaFp.exe
  2⤵
  PID:7660
- C:\Windows\System\lTMQRLA.exe
  C:\Windows\System\lTMQRLA.exe
  2⤵
  PID:7728
- C:\Windows\System\NwdMqWj.exe
  C:\Windows\System\NwdMqWj.exe
  2⤵
  PID:7764
- C:\Windows\System\eCQaCaI.exe
  C:\Windows\System\eCQaCaI.exe
  2⤵
  PID:608
- C:\Windows\System\wtbprIP.exe
  C:\Windows\System\wtbprIP.exe
  2⤵
  PID:7912
- C:\Windows\System\KavlFrG.exe
  C:\Windows\System\KavlFrG.exe
  2⤵
  PID:7956
- C:\Windows\System\Dylcgkn.exe
  C:\Windows\System\Dylcgkn.exe
  2⤵
  PID:8028
- C:\Windows\System\deZckcP.exe
  C:\Windows\System\deZckcP.exe
  2⤵
  PID:8060
- C:\Windows\System\XzlnSgm.exe
  C:\Windows\System\XzlnSgm.exe
  2⤵
  PID:8140
- C:\Windows\System\GXmNEmV.exe
  C:\Windows\System\GXmNEmV.exe
  2⤵
  PID:8168
- C:\Windows\System\Culubiq.exe
  C:\Windows\System\Culubiq.exe
  2⤵
  PID:7788
- C:\Windows\System\bxHWJqR.exe
  C:\Windows\System\bxHWJqR.exe
  2⤵
  PID:7820
- C:\Windows\System\zjCErUV.exe
  C:\Windows\System\zjCErUV.exe
  2⤵
  PID:7860
- C:\Windows\System\BsgqHPX.exe
  C:\Windows\System\BsgqHPX.exe
  2⤵
  PID:7928
- C:\Windows\System\TCMNMuH.exe
  C:\Windows\System\TCMNMuH.exe
  2⤵
  PID:8008
- C:\Windows\System\dFxLrIg.exe
  C:\Windows\System\dFxLrIg.exe
  2⤵
  PID:8048
- C:\Windows\System\CJtMlPb.exe
  C:\Windows\System\CJtMlPb.exe
  2⤵
  PID:8116
- C:\Windows\System\nxATpGd.exe
  C:\Windows\System\nxATpGd.exe
  2⤵
  PID:6724
- C:\Windows\System\JtmvyQK.exe
  C:\Windows\System\JtmvyQK.exe
  2⤵
  PID:3044
- C:\Windows\System\kdbQVuC.exe
  C:\Windows\System\kdbQVuC.exe
  2⤵
  PID:7416
- C:\Windows\System\HxGxrHA.exe
  C:\Windows\System\HxGxrHA.exe
  2⤵
  PID:1716
- C:\Windows\System\QKNHZLo.exe
  C:\Windows\System\QKNHZLo.exe
  2⤵
  PID:2924
- C:\Windows\System\gvUeOhI.exe
  C:\Windows\System\gvUeOhI.exe
  2⤵
  PID:7292
- C:\Windows\System\ZeijTnf.exe
  C:\Windows\System\ZeijTnf.exe
  2⤵
  PID:7628
- C:\Windows\System\wsJayQQ.exe
  C:\Windows\System\wsJayQQ.exe
  2⤵
  PID:7612
- C:\Windows\System\ocZvChN.exe
  C:\Windows\System\ocZvChN.exe
  2⤵
  PID:4444
- C:\Windows\System\PLPPOLT.exe
  C:\Windows\System\PLPPOLT.exe
  2⤵
  PID:7988
- C:\Windows\System\ODtIqgS.exe
  C:\Windows\System\ODtIqgS.exe
  2⤵
  PID:8144
- C:\Windows\System\wapSgoT.exe
  C:\Windows\System\wapSgoT.exe
  2⤵
  PID:7972
- C:\Windows\System\gJCYpmM.exe
  C:\Windows\System\gJCYpmM.exe
  2⤵
  PID:7240
- C:\Windows\System\PtmiueL.exe
  C:\Windows\System\PtmiueL.exe
  2⤵
  PID:6500
- C:\Windows\System\maKQJkf.exe
  C:\Windows\System\maKQJkf.exe
  2⤵
  PID:4336
- C:\Windows\System\mcJCyKd.exe
  C:\Windows\System\mcJCyKd.exe
  2⤵
  PID:7476
- C:\Windows\System\vZYpdFc.exe
  C:\Windows\System\vZYpdFc.exe
  2⤵
  PID:7852
- C:\Windows\System\gpnBrmr.exe
  C:\Windows\System\gpnBrmr.exe
  2⤵
  PID:7348
- C:\Windows\System\rixynPU.exe
  C:\Windows\System\rixynPU.exe
  2⤵
  PID:7468
- C:\Windows\System\gUnXJLf.exe
  C:\Windows\System\gUnXJLf.exe
  2⤵
  PID:7704
- C:\Windows\System\kvxaCzc.exe
  C:\Windows\System\kvxaCzc.exe
  2⤵
  PID:8208
- C:\Windows\System\SQcdDKV.exe
  C:\Windows\System\SQcdDKV.exe
  2⤵
  PID:8224
- C:\Windows\System\MgfoLhc.exe
  C:\Windows\System\MgfoLhc.exe
  2⤵
  PID:8240
- C:\Windows\System\xFfHALf.exe
  C:\Windows\System\xFfHALf.exe
  2⤵
  PID:8268
- C:\Windows\System\JajSoLl.exe
  C:\Windows\System\JajSoLl.exe
  2⤵
  PID:8284
- C:\Windows\System\gbwVWJk.exe
  C:\Windows\System\gbwVWJk.exe
  2⤵
  PID:8300
- C:\Windows\System\DPRFyEJ.exe
  C:\Windows\System\DPRFyEJ.exe
  2⤵
  PID:8320
- C:\Windows\System\nEQyglv.exe
  C:\Windows\System\nEQyglv.exe
  2⤵
  PID:8344
- C:\Windows\System\TkPKpDP.exe
  C:\Windows\System\TkPKpDP.exe
  2⤵
  PID:8368
- C:\Windows\System\vhEGUkM.exe
  C:\Windows\System\vhEGUkM.exe
  2⤵
  PID:8384
- C:\Windows\System\zHpOXaq.exe
  C:\Windows\System\zHpOXaq.exe
  2⤵
  PID:8404
- C:\Windows\System\rwKNSGV.exe
  C:\Windows\System\rwKNSGV.exe
  2⤵
  PID:8420
- C:\Windows\System\wysDilI.exe
  C:\Windows\System\wysDilI.exe
  2⤵
  PID:8436
- C:\Windows\System\GLiYPIc.exe
  C:\Windows\System\GLiYPIc.exe
  2⤵
  PID:8456
- C:\Windows\System\kbEPuWX.exe
  C:\Windows\System\kbEPuWX.exe
  2⤵
  PID:8476
- C:\Windows\System\WJWoqjv.exe
  C:\Windows\System\WJWoqjv.exe
  2⤵
  PID:8492
- C:\Windows\System\fBijcNQ.exe
  C:\Windows\System\fBijcNQ.exe
  2⤵
  PID:8512
- C:\Windows\System\fOhlKRr.exe
  C:\Windows\System\fOhlKRr.exe
  2⤵
  PID:8532
- C:\Windows\System\epaHGdq.exe
  C:\Windows\System\epaHGdq.exe
  2⤵
  PID:8552
- C:\Windows\System\jiurezf.exe
  C:\Windows\System\jiurezf.exe
  2⤵
  PID:8572
- C:\Windows\System\rxtSXAk.exe
  C:\Windows\System\rxtSXAk.exe
  2⤵
  PID:8588
- C:\Windows\System\zylYgEX.exe
  C:\Windows\System\zylYgEX.exe
  2⤵
  PID:8604
- C:\Windows\System\RhEFatC.exe
  C:\Windows\System\RhEFatC.exe
  2⤵
  PID:8620
- C:\Windows\System\mhdGIvZ.exe
  C:\Windows\System\mhdGIvZ.exe
  2⤵
  PID:8640
- C:\Windows\System\dHHUTlt.exe
  C:\Windows\System\dHHUTlt.exe
  2⤵
  PID:8660
- C:\Windows\System\EENNtRj.exe
  C:\Windows\System\EENNtRj.exe
  2⤵
  PID:8684
- C:\Windows\System\zlZaSaY.exe
  C:\Windows\System\zlZaSaY.exe
  2⤵
  PID:8708
- C:\Windows\System\QEMqlGd.exe
  C:\Windows\System\QEMqlGd.exe
  2⤵
  PID:8828
- C:\Windows\System\FCcYjID.exe
  C:\Windows\System\FCcYjID.exe
  2⤵
  PID:8852
- C:\Windows\System\gDlpPhS.exe
  C:\Windows\System\gDlpPhS.exe
  2⤵
  PID:8872
- C:\Windows\System\FZLXAgp.exe
  C:\Windows\System\FZLXAgp.exe
  2⤵
  PID:8888
- C:\Windows\System\zubpeyu.exe
  C:\Windows\System\zubpeyu.exe
  2⤵
  PID:8908
- C:\Windows\System\FBCHtEb.exe
  C:\Windows\System\FBCHtEb.exe
  2⤵
  PID:8928
- C:\Windows\System\bXmZjSN.exe
  C:\Windows\System\bXmZjSN.exe
  2⤵
  PID:8944
- C:\Windows\System\PWpahHz.exe
  C:\Windows\System\PWpahHz.exe
  2⤵
  PID:8964
- C:\Windows\System\RuruCzl.exe
  C:\Windows\System\RuruCzl.exe
  2⤵
  PID:8984
- C:\Windows\System\MlMTTQR.exe
  C:\Windows\System\MlMTTQR.exe
  2⤵
  PID:9000
- C:\Windows\System\RzviqTM.exe
  C:\Windows\System\RzviqTM.exe
  2⤵
  PID:9020
- C:\Windows\System\cDfyFIj.exe
  C:\Windows\System\cDfyFIj.exe
  2⤵
  PID:9040
- C:\Windows\System\lyfolAs.exe
  C:\Windows\System\lyfolAs.exe
  2⤵
  PID:9060
- C:\Windows\System\kBKwUCC.exe
  C:\Windows\System\kBKwUCC.exe
  2⤵
  PID:9076
- C:\Windows\System\tMdCFCV.exe
  C:\Windows\System\tMdCFCV.exe
  2⤵
  PID:9092
- C:\Windows\System\XNrfxrZ.exe
  C:\Windows\System\XNrfxrZ.exe
  2⤵
  PID:9108
- C:\Windows\System\mfGNMxg.exe
  C:\Windows\System\mfGNMxg.exe
  2⤵
  PID:9124
- C:\Windows\System\XIBDzoL.exe
  C:\Windows\System\XIBDzoL.exe
  2⤵
  PID:9148
- C:\Windows\System\ObYzJGP.exe
  C:\Windows\System\ObYzJGP.exe
  2⤵
  PID:9164
- C:\Windows\System\QvGiBPO.exe
  C:\Windows\System\QvGiBPO.exe
  2⤵
  PID:9180
- C:\Windows\System\nrIVBaz.exe
  C:\Windows\System\nrIVBaz.exe
  2⤵
  PID:9196
- C:\Windows\System\DmHsntK.exe
  C:\Windows\System\DmHsntK.exe
  2⤵
  PID:9212
- C:\Windows\System\GAPtZPq.exe
  C:\Windows\System\GAPtZPq.exe
  2⤵
  PID:8220
- C:\Windows\System\adFnOhB.exe
  C:\Windows\System\adFnOhB.exe
  2⤵
  PID:8248
- C:\Windows\System\VwyZngB.exe
  C:\Windows\System\VwyZngB.exe
  2⤵
  PID:8332
- C:\Windows\System\ILsttEs.exe
  C:\Windows\System\ILsttEs.exe
  2⤵
  PID:7948
- C:\Windows\System\IWHQdqO.exe
  C:\Windows\System\IWHQdqO.exe
  2⤵
  PID:8380
- C:\Windows\System\XvRtcQq.exe
  C:\Windows\System\XvRtcQq.exe
  2⤵
  PID:8444
- C:\Windows\System\fOYnvum.exe
  C:\Windows\System\fOYnvum.exe
  2⤵
  PID:6940
- C:\Windows\System\MAyHRYO.exe
  C:\Windows\System\MAyHRYO.exe
  2⤵
  PID:8520
- C:\Windows\System\tZwkidV.exe
  C:\Windows\System\tZwkidV.exe
  2⤵
  PID:8564
- C:\Windows\System\FtGZYWR.exe
  C:\Windows\System\FtGZYWR.exe
  2⤵
  PID:8628
- C:\Windows\System\avVXnFs.exe
  C:\Windows\System\avVXnFs.exe
  2⤵
  PID:8672
- C:\Windows\System\BNPOzyn.exe
  C:\Windows\System\BNPOzyn.exe
  2⤵
  PID:8680
- C:\Windows\System\bcPQypJ.exe
  C:\Windows\System\bcPQypJ.exe
  2⤵
  PID:7176
- C:\Windows\System\BYXQgpB.exe
  C:\Windows\System\BYXQgpB.exe
  2⤵
  PID:7400
- C:\Windows\System\nBUylBY.exe
  C:\Windows\System\nBUylBY.exe
  2⤵
  PID:8768
- C:\Windows\System\lzeLouf.exe
  C:\Windows\System\lzeLouf.exe
  2⤵
  PID:7540
- C:\Windows\System\LeKsAuW.exe
  C:\Windows\System\LeKsAuW.exe
  2⤵
  PID:7276
- C:\Windows\System\WwzsxEa.exe
  C:\Windows\System\WwzsxEa.exe
  2⤵
  PID:8776
- C:\Windows\System\nLZboSg.exe
  C:\Windows\System\nLZboSg.exe
  2⤵
  PID:8352
- C:\Windows\System\sMRmgtv.exe
  C:\Windows\System\sMRmgtv.exe
  2⤵
  PID:8784
- C:\Windows\System\pitGUMO.exe
  C:\Windows\System\pitGUMO.exe
  2⤵
  PID:8464
- C:\Windows\System\VWPFooR.exe
  C:\Windows\System\VWPFooR.exe
  2⤵
  PID:8820
- C:\Windows\System\fwkGWfV.exe
  C:\Windows\System\fwkGWfV.exe
  2⤵
  PID:8112
- C:\Windows\System\ZPxOKqn.exe
  C:\Windows\System\ZPxOKqn.exe
  2⤵
  PID:8824
- C:\Windows\System\UWlNiDH.exe
  C:\Windows\System\UWlNiDH.exe
  2⤵
  PID:8280
- C:\Windows\System\SiRXJYT.exe
  C:\Windows\System\SiRXJYT.exe
  2⤵
  PID:8096
- C:\Windows\System\EqIljZx.exe
  C:\Windows\System\EqIljZx.exe
  2⤵
  PID:8164
- C:\Windows\System\GaXzjVG.exe
  C:\Windows\System\GaXzjVG.exe
  2⤵
  PID:7892
- C:\Windows\System\IxVOLnw.exe
  C:\Windows\System\IxVOLnw.exe
  2⤵
  PID:8044
- C:\Windows\System\nTgXKvY.exe
  C:\Windows\System\nTgXKvY.exe
  2⤵
  PID:792
- C:\Windows\System\ujQrpjz.exe
  C:\Windows\System\ujQrpjz.exe
  2⤵
  PID:7632
- C:\Windows\System\naWUxBl.exe
  C:\Windows\System\naWUxBl.exe
  2⤵
  PID:7872
- C:\Windows\System\eUZjvNQ.exe
  C:\Windows\System\eUZjvNQ.exe
  2⤵
  PID:8204
- C:\Windows\System\TzKVCrt.exe
  C:\Windows\System\TzKVCrt.exe
  2⤵
  PID:8364
- C:\Windows\System\nILXTzl.exe
  C:\Windows\System\nILXTzl.exe
  2⤵
  PID:8504
- C:\Windows\System\TMBmHfF.exe
  C:\Windows\System\TMBmHfF.exe
  2⤵
  PID:8548
- C:\Windows\System\GiQCfSF.exe
  C:\Windows\System\GiQCfSF.exe
  2⤵
  PID:8656
- C:\Windows\System\ntVxGjc.exe
  C:\Windows\System\ntVxGjc.exe
  2⤵
  PID:8696
- C:\Windows\System\ITfGWIU.exe
  C:\Windows\System\ITfGWIU.exe
  2⤵
  PID:8836
- C:\Windows\System\gUyNTCM.exe
  C:\Windows\System\gUyNTCM.exe
  2⤵
  PID:7656
- C:\Windows\System\xgnJqbi.exe
  C:\Windows\System\xgnJqbi.exe
  2⤵
  PID:8848
- C:\Windows\System\BBkkcfG.exe
  C:\Windows\System\BBkkcfG.exe
  2⤵
  PID:9056
- C:\Windows\System\NIeSkXP.exe
  C:\Windows\System\NIeSkXP.exe
  2⤵
  PID:9068
- C:\Windows\System\QAqxkPZ.exe
  C:\Windows\System\QAqxkPZ.exe
  2⤵
  PID:8992
- C:\Windows\System\OqtfDmK.exe
  C:\Windows\System\OqtfDmK.exe
  2⤵
  PID:9132
- C:\Windows\System\rCJHZOf.exe
  C:\Windows\System\rCJHZOf.exe
  2⤵
  PID:9136
- C:\Windows\System\yTZWXRh.exe
  C:\Windows\System\yTZWXRh.exe
  2⤵
  PID:2608
- C:\Windows\System\XtsqNNo.exe
  C:\Windows\System\XtsqNNo.exe
  2⤵
  PID:9144
- C:\Windows\System\aOCwCMw.exe
  C:\Windows\System\aOCwCMw.exe
  2⤵
  PID:9188
- C:\Windows\System\dhuREPj.exe
  C:\Windows\System\dhuREPj.exe
  2⤵
  PID:8296
- C:\Windows\System\SXJzSdK.exe
  C:\Windows\System\SXJzSdK.exe
  2⤵
  PID:8260
- C:\Windows\System\LHCVXzr.exe
  C:\Windows\System\LHCVXzr.exe
  2⤵
  PID:7736
- C:\Windows\System\hLyvbRd.exe
  C:\Windows\System\hLyvbRd.exe
  2⤵
  PID:8376
- C:\Windows\System\zjPZBem.exe
  C:\Windows\System\zjPZBem.exe
  2⤵
  PID:8416
- C:\Windows\System\OEVsKNS.exe
  C:\Windows\System\OEVsKNS.exe
  2⤵
  PID:8528
- C:\Windows\System\pvYdZIa.exe
  C:\Windows\System\pvYdZIa.exe
  2⤵
  PID:7376
- C:\Windows\System\UkiGGVx.exe
  C:\Windows\System\UkiGGVx.exe
  2⤵
  PID:5472
- C:\Windows\System\ZlOUZoy.exe
  C:\Windows\System\ZlOUZoy.exe
  2⤵
  PID:8740
- C:\Windows\System\txiscxq.exe
  C:\Windows\System\txiscxq.exe
  2⤵
  PID:1728
- C:\Windows\System\vqyfSQc.exe
  C:\Windows\System\vqyfSQc.exe
  2⤵
  PID:7708
- C:\Windows\System\klcjGSs.exe
  C:\Windows\System\klcjGSs.exe
  2⤵
  PID:8308
- C:\Windows\System\mydnhQk.exe
  C:\Windows\System\mydnhQk.exe
  2⤵
  PID:8764
- C:\Windows\System\UBTTKPp.exe
  C:\Windows\System\UBTTKPp.exe
  2⤵
  PID:8752
- C:\Windows\System\wcZBVAe.exe
  C:\Windows\System\wcZBVAe.exe
  2⤵
  PID:7692
- C:\Windows\System\SeEXIht.exe
  C:\Windows\System\SeEXIht.exe
  2⤵
  PID:8392
- C:\Windows\System\vENsjsu.exe
  C:\Windows\System\vENsjsu.exe
  2⤵
  PID:7488
- C:\Windows\System\oZzSELL.exe
  C:\Windows\System\oZzSELL.exe
  2⤵
  PID:8500
- C:\Windows\System\cOMEhxf.exe
  C:\Windows\System\cOMEhxf.exe
  2⤵
  PID:2184
- C:\Windows\System\KwBznfY.exe
  C:\Windows\System\KwBznfY.exe
  2⤵
  PID:8612
- C:\Windows\System\CspUaXf.exe
  C:\Windows\System\CspUaXf.exe
  2⤵
  PID:8812
- C:\Windows\System\rKcIIhV.exe
  C:\Windows\System\rKcIIhV.exe
  2⤵
  PID:7952
- C:\Windows\System\uosWJBa.exe
  C:\Windows\System\uosWJBa.exe
  2⤵
  PID:8156
- C:\Windows\System\hsySvaY.exe
  C:\Windows\System\hsySvaY.exe
  2⤵
  PID:7804
- C:\Windows\System\pvHwgFq.exe
  C:\Windows\System\pvHwgFq.exe
  2⤵
  PID:7812
- C:\Windows\System\YfpDcch.exe
  C:\Windows\System\YfpDcch.exe
  2⤵
  PID:4308
- C:\Windows\System\vRrPjsd.exe
  C:\Windows\System\vRrPjsd.exe
  2⤵
  PID:7592
- C:\Windows\System\GrnseXF.exe
  C:\Windows\System\GrnseXF.exe
  2⤵
  PID:7676
- C:\Windows\System\qXlcRTQ.exe
  C:\Windows\System\qXlcRTQ.exe
  2⤵
  PID:7672
- C:\Windows\System\uqaGPWw.exe
  C:\Windows\System\uqaGPWw.exe
  2⤵
  PID:8616
- C:\Windows\System\MARGjJL.exe
  C:\Windows\System\MARGjJL.exe
  2⤵
  PID:8700
- C:\Windows\System\fSgfZKc.exe
  C:\Windows\System\fSgfZKc.exe
  2⤵
  PID:8880
- C:\Windows\System\MvsRJJf.exe
  C:\Windows\System\MvsRJJf.exe
  2⤵
  PID:8920
- C:\Windows\System\yniyAph.exe
  C:\Windows\System\yniyAph.exe
  2⤵
  PID:8976
- C:\Windows\System\OCwPWVz.exe
  C:\Windows\System\OCwPWVz.exe
  2⤵
  PID:9048
- C:\Windows\System\XUibgOK.exe
  C:\Windows\System\XUibgOK.exe
  2⤵
  PID:1888
- C:\Windows\System\pXsyuPm.exe
  C:\Windows\System\pXsyuPm.exe
  2⤵
  PID:9100
- C:\Windows\System\qwYWlvS.exe
  C:\Windows\System\qwYWlvS.exe
  2⤵
  PID:8956
- C:\Windows\System\VMqgvYM.exe
  C:\Windows\System\VMqgvYM.exe
  2⤵
  PID:9208
- C:\Windows\System\WZpqvOr.exe
  C:\Windows\System\WZpqvOr.exe
  2⤵
  PID:8488
- C:\Windows\System\ygKQAQv.exe
  C:\Windows\System\ygKQAQv.exe
  2⤵
  PID:7756
- C:\Windows\System\YRuPxXl.exe
  C:\Windows\System\YRuPxXl.exe
  2⤵
  PID:2936
- C:\Windows\System\MGTzFDf.exe
  C:\Windows\System\MGTzFDf.exe
  2⤵
  PID:8312
- C:\Windows\System\uzxkpLO.exe
  C:\Windows\System\uzxkpLO.exe
  2⤵
  PID:7228
- C:\Windows\System\MZmNHLy.exe
  C:\Windows\System\MZmNHLy.exe
  2⤵
  PID:8024
- C:\Windows\System\vVArvtT.exe
  C:\Windows\System\vVArvtT.exe
  2⤵
  PID:8132
- C:\Windows\System\GhdHpGf.exe
  C:\Windows\System\GhdHpGf.exe
  2⤵
  PID:6472
- C:\Windows\System\zPUNUQK.exe
  C:\Windows\System\zPUNUQK.exe
  2⤵
  PID:7212
- C:\Windows\System\EWrBAvk.exe
  C:\Windows\System\EWrBAvk.exe
  2⤵
  PID:1156
- C:\Windows\System\ZofBEKT.exe
  C:\Windows\System\ZofBEKT.exe
  2⤵
  PID:8360
- C:\Windows\System\GWZLwwh.exe
  C:\Windows\System\GWZLwwh.exe
  2⤵
  PID:2416
- C:\Windows\System\SyDIgFL.exe
  C:\Windows\System\SyDIgFL.exe
  2⤵
  PID:8904
- C:\Windows\System\rneXSkQ.exe
  C:\Windows\System\rneXSkQ.exe
  2⤵
  PID:8188
- C:\Windows\System\VRCEPGX.exe
  C:\Windows\System\VRCEPGX.exe
  2⤵
  PID:8728
- C:\Windows\System\RscBfHA.exe
  C:\Windows\System\RscBfHA.exe
  2⤵
  PID:8216
- C:\Windows\System\sVMAOgZ.exe
  C:\Windows\System\sVMAOgZ.exe
  2⤵
  PID:920
- C:\Windows\System\ftjroRf.exe
  C:\Windows\System\ftjroRf.exe
  2⤵
  PID:9012
- C:\Windows\System\oZwproa.exe
  C:\Windows\System\oZwproa.exe
  2⤵
  PID:9120
- C:\Windows\System\QhwzfMP.exe
  C:\Windows\System\QhwzfMP.exe
  2⤵
  PID:7784
- C:\Windows\System\NcCRYYo.exe
  C:\Windows\System\NcCRYYo.exe
  2⤵
  PID:6824
- C:\Windows\System\PEKdCQa.exe
  C:\Windows\System\PEKdCQa.exe
  2⤵
  PID:7652
- C:\Windows\System\SEQAiKq.exe
  C:\Windows\System\SEQAiKq.exe
  2⤵
  PID:8756
- C:\Windows\System\rIRZtZf.exe
  C:\Windows\System\rIRZtZf.exe
  2⤵
  PID:7992
- C:\Windows\System\OeRelRg.exe
  C:\Windows\System\OeRelRg.exe
  2⤵
  PID:8160
- C:\Windows\System\bVQMlEC.exe
  C:\Windows\System\bVQMlEC.exe
  2⤵
  PID:8652
- C:\Windows\System\sGqwmIM.exe
  C:\Windows\System\sGqwmIM.exe
  2⤵
  PID:8936
- C:\Windows\System\OMeUGjF.exe
  C:\Windows\System\OMeUGjF.exe
  2⤵
  PID:8960
- C:\Windows\System\YvWBjdi.exe
  C:\Windows\System\YvWBjdi.exe
  2⤵
  PID:8136
- C:\Windows\System\YxCGRLK.exe
  C:\Windows\System\YxCGRLK.exe
  2⤵
  PID:9248
- C:\Windows\System\YWBEQjP.exe
  C:\Windows\System\YWBEQjP.exe
  2⤵
  PID:9284
- C:\Windows\System\BClMSOE.exe
  C:\Windows\System\BClMSOE.exe
  2⤵
  PID:9332
- C:\Windows\System\CJCMnji.exe
  C:\Windows\System\CJCMnji.exe
  2⤵
  PID:9384
- C:\Windows\System\WJeycXy.exe
  C:\Windows\System\WJeycXy.exe
  2⤵
  PID:9416
- C:\Windows\System\eytanaF.exe
  C:\Windows\System\eytanaF.exe
  2⤵
  PID:9436
- C:\Windows\System\XnxfnlV.exe
  C:\Windows\System\XnxfnlV.exe
  2⤵
  PID:9460
- C:\Windows\System\RuonJbM.exe
  C:\Windows\System\RuonJbM.exe
  2⤵
  PID:9480
- C:\Windows\System\CiTDuUG.exe
  C:\Windows\System\CiTDuUG.exe
  2⤵
  PID:9504
- C:\Windows\System\QaLYwty.exe
  C:\Windows\System\QaLYwty.exe
  2⤵
  PID:9528
- C:\Windows\System\AsGYEWb.exe
  C:\Windows\System\AsGYEWb.exe
  2⤵
  PID:9548
- C:\Windows\System\gmpEDOu.exe
  C:\Windows\System\gmpEDOu.exe
  2⤵
  PID:9564
- C:\Windows\System\AqqyVtf.exe
  C:\Windows\System\AqqyVtf.exe
  2⤵
  PID:9580
- C:\Windows\System\eYuSNCq.exe
  C:\Windows\System\eYuSNCq.exe
  2⤵
  PID:9600
- C:\Windows\System\rsorknw.exe
  C:\Windows\System\rsorknw.exe
  2⤵
  PID:9616
- C:\Windows\System\LqjObJF.exe
  C:\Windows\System\LqjObJF.exe
  2⤵
  PID:9632
- C:\Windows\System\avviYeG.exe
  C:\Windows\System\avviYeG.exe
  2⤵
  PID:9652
- C:\Windows\System\eOimneK.exe
  C:\Windows\System\eOimneK.exe
  2⤵
  PID:9672
- C:\Windows\System\ZaVHlKL.exe
  C:\Windows\System\ZaVHlKL.exe
  2⤵
  PID:9708
- C:\Windows\System\fQraLAQ.exe
  C:\Windows\System\fQraLAQ.exe
  2⤵
  PID:9728
- C:\Windows\System\pNZTTeX.exe
  C:\Windows\System\pNZTTeX.exe
  2⤵
  PID:9744
- C:\Windows\System\gJDdmSq.exe
  C:\Windows\System\gJDdmSq.exe
  2⤵
  PID:9760
- C:\Windows\System\BQNxRLW.exe
  C:\Windows\System\BQNxRLW.exe
  2⤵
  PID:9776
- C:\Windows\System\QdZdhBJ.exe
  C:\Windows\System\QdZdhBJ.exe
  2⤵
  PID:9792
- C:\Windows\System\VIGUjEo.exe
  C:\Windows\System\VIGUjEo.exe
  2⤵
  PID:9820
- C:\Windows\System\xOSKjPD.exe
  C:\Windows\System\xOSKjPD.exe
  2⤵
  PID:9852
- C:\Windows\System\gvEHlXc.exe
  C:\Windows\System\gvEHlXc.exe
  2⤵
  PID:9872
- C:\Windows\System\UHYAedm.exe
  C:\Windows\System\UHYAedm.exe
  2⤵
  PID:9888
- C:\Windows\System\qinvIUP.exe
  C:\Windows\System\qinvIUP.exe
  2⤵
  PID:9904
- C:\Windows\System\kALsUjL.exe
  C:\Windows\System\kALsUjL.exe
  2⤵
  PID:9920
- C:\Windows\System\BPIwaqa.exe
  C:\Windows\System\BPIwaqa.exe
  2⤵
  PID:9936
- C:\Windows\System\QaFRnxC.exe
  C:\Windows\System\QaFRnxC.exe
  2⤵
  PID:9952
- C:\Windows\System\oNQbcap.exe
  C:\Windows\System\oNQbcap.exe
  2⤵
  PID:9968
- C:\Windows\System\eQGvvYH.exe
  C:\Windows\System\eQGvvYH.exe
  2⤵
  PID:9984
- C:\Windows\System\wKbhQSi.exe
  C:\Windows\System\wKbhQSi.exe
  2⤵
  PID:10008
- C:\Windows\System\jlhyIEw.exe
  C:\Windows\System\jlhyIEw.exe
  2⤵
  PID:10024
- C:\Windows\System\qOhqJxS.exe
  C:\Windows\System\qOhqJxS.exe
  2⤵
  PID:10040
- C:\Windows\System\KzKUqJz.exe
  C:\Windows\System\KzKUqJz.exe
  2⤵
  PID:10056
- C:\Windows\System\GVhQdbX.exe
  C:\Windows\System\GVhQdbX.exe
  2⤵
  PID:10072
- C:\Windows\System\jwyDFSn.exe
  C:\Windows\System\jwyDFSn.exe
  2⤵
  PID:10088
- C:\Windows\System\owMmDbN.exe
  C:\Windows\System\owMmDbN.exe
  2⤵
  PID:10108
- C:\Windows\System\DiVXyYR.exe
  C:\Windows\System\DiVXyYR.exe
  2⤵
  PID:10128
- C:\Windows\System\SBPuyqC.exe
  C:\Windows\System\SBPuyqC.exe
  2⤵
  PID:10144
- C:\Windows\System\OYSwZXZ.exe
  C:\Windows\System\OYSwZXZ.exe
  2⤵
  PID:10160
- C:\Windows\System\qjVcUZu.exe
  C:\Windows\System\qjVcUZu.exe
  2⤵
  PID:10176
- C:\Windows\System\dOWixZr.exe
  C:\Windows\System\dOWixZr.exe
  2⤵
  PID:10192
- C:\Windows\System\akmAsXk.exe
  C:\Windows\System\akmAsXk.exe
  2⤵
  PID:10208
- C:\Windows\System\JulHPzv.exe
  C:\Windows\System\JulHPzv.exe
  2⤵
  PID:8980
- C:\Windows\System\pznIzph.exe
  C:\Windows\System\pznIzph.exe
  2⤵
  PID:9176
- C:\Windows\System\bCmSdxg.exe
  C:\Windows\System\bCmSdxg.exe
  2⤵
  PID:9088
- C:\Windows\System\kERsToZ.exe
  C:\Windows\System\kERsToZ.exe
  2⤵
  PID:9232
- C:\Windows\System\tYRFKCK.exe
  C:\Windows\System\tYRFKCK.exe
  2⤵
  PID:9256
- C:\Windows\System\xNomapP.exe
  C:\Windows\System\xNomapP.exe
  2⤵
  PID:9280
- C:\Windows\System\pIIPjwi.exe
  C:\Windows\System\pIIPjwi.exe
  2⤵
  PID:9296
- C:\Windows\System\xiYFAWo.exe
  C:\Windows\System\xiYFAWo.exe
  2⤵
  PID:9316
- C:\Windows\System\USlIAQd.exe
  C:\Windows\System\USlIAQd.exe
  2⤵
  PID:9340
- C:\Windows\System\kXLNodi.exe
  C:\Windows\System\kXLNodi.exe
  2⤵
  PID:9364
- C:\Windows\System\RYcjrZW.exe
  C:\Windows\System\RYcjrZW.exe
  2⤵
  PID:9396
- C:\Windows\System\pPtqyBf.exe
  C:\Windows\System\pPtqyBf.exe
  2⤵
  PID:9400
- C:\Windows\System\FJPesmy.exe
  C:\Windows\System\FJPesmy.exe
  2⤵
  PID:9444
- C:\Windows\System\pTPMJcX.exe
  C:\Windows\System\pTPMJcX.exe
  2⤵
  PID:9456
- C:\Windows\System\xaKmaOH.exe
  C:\Windows\System\xaKmaOH.exe
  2⤵
  PID:9492
- C:\Windows\System\NdqXAiC.exe
  C:\Windows\System\NdqXAiC.exe
  2⤵
  PID:7900
- C:\Windows\System\QnPXYLB.exe
  C:\Windows\System\QnPXYLB.exe
  2⤵
  PID:9660
- C:\Windows\System\YIgeWkz.exe
  C:\Windows\System\YIgeWkz.exe
  2⤵
  PID:9640
- C:\Windows\System\xDpSpTL.exe
  C:\Windows\System\xDpSpTL.exe
  2⤵
  PID:9608
- C:\Windows\System\CPQajMS.exe
  C:\Windows\System\CPQajMS.exe
  2⤵
  PID:9692
- C:\Windows\System\KVyBRZz.exe
  C:\Windows\System\KVyBRZz.exe
  2⤵
  PID:9752
- C:\Windows\System\cJnQMbV.exe
  C:\Windows\System\cJnQMbV.exe
  2⤵
  PID:9828
- C:\Windows\System\sYfaeKy.exe
  C:\Windows\System\sYfaeKy.exe
  2⤵
  PID:9844
- C:\Windows\System\PchpXzg.exe
  C:\Windows\System\PchpXzg.exe
  2⤵
  PID:9800
- C:\Windows\System\bzCweKH.exe
  C:\Windows\System\bzCweKH.exe
  2⤵
  PID:9880
- C:\Windows\System\tMMVCoK.exe
  C:\Windows\System\tMMVCoK.exe
  2⤵
  PID:9944
- C:\Windows\System\QTQDxRe.exe
  C:\Windows\System\QTQDxRe.exe
  2⤵
  PID:10016
- C:\Windows\System\NNSlGod.exe
  C:\Windows\System\NNSlGod.exe
  2⤵
  PID:10084
- C:\Windows\System\lYVjuTQ.exe
  C:\Windows\System\lYVjuTQ.exe
  2⤵
  PID:10052
- C:\Windows\System\ZHhcOwi.exe
  C:\Windows\System\ZHhcOwi.exe
  2⤵
  PID:10184
- C:\Windows\System\ZxJwWpq.exe
  C:\Windows\System\ZxJwWpq.exe
  2⤵
  PID:10220
- C:\Windows\System\vqiekOh.exe
  C:\Windows\System\vqiekOh.exe
  2⤵
  PID:9204
- C:\Windows\System\JADNOJp.exe
  C:\Windows\System\JADNOJp.exe
  2⤵
  PID:8264
- C:\Windows\System\ZsRyCtB.exe
  C:\Windows\System\ZsRyCtB.exe
  2⤵
  PID:8808
- C:\Windows\System\idNMQYr.exe
  C:\Windows\System\idNMQYr.exe
  2⤵
  PID:8580
- C:\Windows\System\ryKXNOd.exe
  C:\Windows\System\ryKXNOd.exe
  2⤵
  PID:10200
- C:\Windows\System\TJPVcpJ.exe
  C:\Windows\System\TJPVcpJ.exe
  2⤵
  PID:9868
- C:\Windows\System\tWwuglX.exe
  C:\Windows\System\tWwuglX.exe
  2⤵
  PID:9032
- C:\Windows\System\yxpmjcF.exe
  C:\Windows\System\yxpmjcF.exe
  2⤵
  PID:9220
- C:\Windows\System\TTHjBcz.exe
  C:\Windows\System\TTHjBcz.exe
  2⤵
  PID:9276
- C:\Windows\System\PzMONOE.exe
  C:\Windows\System\PzMONOE.exe
  2⤵
  PID:9292
- C:\Windows\System\SmxKgld.exe
  C:\Windows\System\SmxKgld.exe
  2⤵
  PID:9380
- C:\Windows\System\hiyHtzF.exe
  C:\Windows\System\hiyHtzF.exe
  2⤵
  PID:9488
- C:\Windows\System\PMuwwNO.exe
  C:\Windows\System\PMuwwNO.exe
  2⤵
  PID:9544
- C:\Windows\System\kGskrsf.exe
  C:\Windows\System\kGskrsf.exe
  2⤵
  PID:9556
- C:\Windows\System\dJvlksK.exe
  C:\Windows\System\dJvlksK.exe
  2⤵
  PID:9588
- C:\Windows\System\IvaMsYr.exe
  C:\Windows\System\IvaMsYr.exe
  2⤵
  PID:9500
- C:\Windows\System\ALBqAVI.exe
  C:\Windows\System\ALBqAVI.exe
  2⤵
  PID:9684
- C:\Windows\System\CLNQflp.exe
  C:\Windows\System\CLNQflp.exe
  2⤵
  PID:9644
- C:\Windows\System\stoKyYR.exe
  C:\Windows\System\stoKyYR.exe
  2⤵
  PID:9704
- C:\Windows\System\ObxYzPi.exe
  C:\Windows\System\ObxYzPi.exe
  2⤵
  PID:9832
- C:\Windows\System\MqSApbh.exe
  C:\Windows\System\MqSApbh.exe
  2⤵
  PID:9816
- C:\Windows\System\ePEYaqf.exe
  C:\Windows\System\ePEYaqf.exe
  2⤵
  PID:9980
- C:\Windows\System\qzkBZAZ.exe
  C:\Windows\System\qzkBZAZ.exe
  2⤵
  PID:9772
- C:\Windows\System\KOWoQPe.exe
  C:\Windows\System\KOWoQPe.exe
  2⤵
  PID:8040
- C:\Windows\System\IAPiwpq.exe
  C:\Windows\System\IAPiwpq.exe
  2⤵
  PID:9960
- C:\Windows\System\FVpWfOo.exe
  C:\Windows\System\FVpWfOo.exe
  2⤵
  PID:9992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AWiRgyN.exe

Filesize
6.0MB

MD5
fe1ff6ff54c3e2b8fb3696dea814074b

SHA1
3995cd22cb0c02b8ebe02f5115653591525b3266

SHA256
45347dbf7d41672a39b60e7632187459cfd40140e57cbf480c5a9d53de3c3e93

SHA512
c557d47229315cc6677387d66ea4080f628e9b395a5effbff8c4545d022f9823f54e8f77d17734898e658299e021a317a15f01caa84cfb67f9e27fcf2b95bc4d

Download Submit
C:\Windows\system\AkqONdG.exe

Filesize
6.0MB

MD5
e2b015cafa1c8b8368ac26bfbc5f5626

SHA1
040319595abffa2f8f32be3b61be46fe49737577

SHA256
d2a19e9e405eb6c685fc802a4e61af456ae092dd5722a76f95d972e2b8c2675d

SHA512
f50d6fa3c28f26bdff35e090fcd483f8ca4f1a592b5a4be590d75912a60c7437cbc8827e1bc048964f48bfdac6a8606cdc92ecf53b05a1502af0592fdedc2c0d

Download Submit
C:\Windows\system\CEQhmVe.exe

Filesize
6.0MB

MD5
ff65cec82e3400ccd6911d2ca31a7fd6

SHA1
37368a7babdb213b2c8f14f8c92106a202c0d763

SHA256
7c115308ab34b7f027537b905446ae6389ba8cc0ade118dbfd7da55c157cb10a

SHA512
6c2ca4d2c11b3c96db1f4df464d142695b6c8cacc0b843ab2251fb480627ca06ae0ab1287b1bc196d9e2010a7e583da6ed1d6aa8757b2d8bdb3e07ab1fa023d9

Download Submit
C:\Windows\system\FOvlgBG.exe

Filesize
6.0MB

MD5
d0b270c9cdc0e3a7ae88525fcc6909dc

SHA1
7e68216993e496509c604278b3851f007f8ff82a

SHA256
b338a045011f5c5fc9601030fe68bee6d6f45558f1fe39edc1567a80ba3a7cce

SHA512
d42acea6ba3c920bcda1127b03d9a0487ae8f7704a53e7fac514eb6f01eac755f1bec8a7a8bb821caeb55f7521484a6f9851ba73ecd3aea26e5d1f948b12855c

Download Submit
C:\Windows\system\HhxjRNC.exe

Filesize
6.0MB

MD5
bf367b672e4c8c59f23a86b235d956c8

SHA1
639079ca2e99a4bd4d9680dd3dcf5f509301f9c7

SHA256
33495ac097979c5b1352fe75483aa08eccde84365908935bc895684bc1eab938

SHA512
65ae73c9f31ba7de4e90b1e3bc0b18d91a2e134778085f900a8626f04c0792dfd5ff0e9524324f0b4152c6699389e9136488f172817f7c5c3cbdfc9f960f9614

Download Submit
C:\Windows\system\KMCTgGw.exe

Filesize
6.0MB

MD5
aaa4c617e97afc9362c97be20b86ce32

SHA1
e7927d8f94aef6b1325b7864c63d562307ca56e3

SHA256
e88e5a259c5dc2425c6a5e84fe5c4971f3b5a6944ebb00c915bfc6fac9f2c23e

SHA512
d662e44ef7c4d842aa968741ed6a02962b6ae2f80057e1f75e12c54b3271c3e414b5743cc4c12eee1c602dd076065f245edc05e9aeca3b79f8d82ef9edaf7e85

Download Submit
C:\Windows\system\KXYjFXy.exe

Filesize
6.0MB

MD5
232a28af14b6c5cc93e7762c4b8a552e

SHA1
75f59b4456daeb208a2da9b103361c8dece4f6fe

SHA256
7247d043cc613c35ee9cfe28b3de7242cdfe6c396520115bc3df839e4e6f00b6

SHA512
6cf4768fca6ef83389d09547adbc16e4ee16cad70bb00deb2cf1759e024b07284ca84b1d62a0fadc923fd18a81017bc9bb9c5a78867955606269285d701ac4f2

Download Submit
C:\Windows\system\MUvjBIt.exe

Filesize
6.0MB

MD5
62533dd45c64f32991f1365f8893718e

SHA1
f2ccdc08e221c5255c045946743d63345ef937a0

SHA256
fd880b0c86bfa786d44a488b7ef941c52bb51f9872b191127f68bdc193413375

SHA512
b2895a6c22929afa4513b246ed6abbd691a13d9d206ee483846153d7fa97f6f7c8a67178028892204c64e5f4d5dc1055ae22cb5a0fdaa393dfc93114b1c61b65

Download Submit
C:\Windows\system\NaxOFKx.exe

Filesize
6.0MB

MD5
b5b010b0a874de57fe7d0b7c22eca335

SHA1
c30977c124622e2a9099504601dec2b84e9f5581

SHA256
337beeef00d9cc6a01f3c858e5eaa2cc0e4ca818c79215b8105fbd65be6e32a0

SHA512
39827fafcf6fafd40f515d72dd6aa43a74bc5b446e8589d90e2e47d6bbdc74de95c0fc3db6abdc9bd022a8272d9ad54cd238454884527087ab9fdaf702f2e84b

Download Submit
C:\Windows\system\NiuysGZ.exe

Filesize
6.0MB

MD5
920a9712b06e671d3caf1ef9d7f9ee1c

SHA1
63708a6e6ababc68928b4ab6cd996add65af6a4f

SHA256
7319eb4838b9682ba24ab47e7b8693254e69a6f539f12d3895a1dbe1095781fd

SHA512
85b6d1e268d5a89fa891bf4d5c21124f305956aab116eb27681f0135a4753ddf7e3364314b4e25ab792ec9f3b6e17007fe426f2a432ba433d1199c7af0ad8050

Download Submit
C:\Windows\system\OphZVKt.exe

Filesize
6.0MB

MD5
7031aabb56ae36ba5b459c9fa3dabaf2

SHA1
3c5837affd03506d3002d083e30e76f7363fb5a5

SHA256
2d652d5660a576cd816ff30ee66879838335d8eee49d2a475ea2aeecde1f2a5f

SHA512
21ed8d8c86693c8cf696a9cf0e80767f2b36fb6e3688073b3306ff74cbf8eb78411fe721dadcd2f8d8f8161c61ecaced26cceff50a97d0ca33bda9fc35f4c89b

Download Submit
C:\Windows\system\PkOpyLh.exe

Filesize
6.0MB

MD5
d14494afca254a7016c82723de3e22de

SHA1
6da94f4f688e4dcb85924b70568ae87da3357a06

SHA256
9c2a9ae342351956c4d17e9b4ce85493e911bd9866ef37aaad017bc70f2918f8

SHA512
52f915b259a26e56093dce2861d0b2c8c9088d2b0a2977a3595ecc425c9468d01be3a01a87bacde2cee2c62c54f1a84f0cc4bb14620007151f633d178fdb57da

Download Submit
C:\Windows\system\PlOcGsJ.exe

Filesize
6.0MB

MD5
956e0306217d6ca4fde64a7daafd01f2

SHA1
2068a0c31a073c4f288072be05dc04d2dba49ff5

SHA256
5eb47f91588fc112a26d3a331be0d4ae2d731343a7f9a149aa268b4bc0bdb183

SHA512
b087896dfc6196757e04b12f0a4676a292d7740b2b159907c22d0f35ef3dda3e05e542393acc6c4eebbe3f3e3d86211240f7be7991987e6edce9426fc1a589e9

Download Submit
C:\Windows\system\QgPwETN.exe

Filesize
6.0MB

MD5
ec5810d1457e8dc23825a57bdb53852a

SHA1
0c4f3fb895bfe8eae147639c05d1afced3bbf623

SHA256
87faa3d474c8b53e19e2d45d43f3989a64a4e960f896eebf215f27b9cbd2bf54

SHA512
13a92f96012cb8ccda81c978d42cebf5177e5c9de8377a866c0e95ad973de64e1e7a19782a0a3f0d5ad0b56da9397782c53d431560c2a29c7c92857d0740a8f2

Download Submit
C:\Windows\system\XmOcbPs.exe

Filesize
6.0MB

MD5
b792a76e9a9bea873932bf64106ef7fa

SHA1
0cc8a024e5a98fb4868ea8384e3051a9c9a5797e

SHA256
6f65f1b52287cdc507696a121c1891c1f88a794b262ada859949e7893f2ba1a2

SHA512
a4e710c956a550e85a420f1981101dc3373ce25c147eeef662f6ed84c0d61f831a5e235f711db8f1b8f031471fef9359f2d71c7b949f89b09bc14205bf11edef

Download Submit
C:\Windows\system\XnYmkBC.exe

Filesize
6.0MB

MD5
3b29eaff557b004c014de66a101335bd

SHA1
afbb9ce2b3d39fc11c7e6fa87a838d077f6d334d

SHA256
ab2e676c66284760ff80b6ec1bb2264aa0dce6d13f15ed829d4041d4309c3b12

SHA512
82b75ecdcd0bcd5a022ec2bd6d74a61d47704d1921c658b043139dfa56fd31b0a52d7d0449d65c1a95972995d00f42ecf996f944a3e0bf3ae550b29288ee79d9

Download Submit
C:\Windows\system\aSXYFrf.exe

Filesize
6.0MB

MD5
1f1810ee29a977002a36c019c2b5c665

SHA1
296180be3fe0b0664943fd8118d670d8062a1f05

SHA256
a11ef3f89b1e25a68208c39c4d27d316cb528253b78eb014eeb7c633aaa86434

SHA512
eefe367fed51f8b3d7fe7348701d1fe2c833d1b679cfed545a4aa0e1fb3d3f32744d12aa6aab592a362740346604b035ac628f080b9c3b1f5d0249424232dcf9

Download Submit
C:\Windows\system\buHPfVs.exe

Filesize
6.0MB

MD5
6279d13cf0daae0c1e6fa17933be8eb9

SHA1
d976a24055fb8a7abc783bbe24126c017f92f579

SHA256
fb316ac1089e6444730ec14089d82ad7bc9d7f4b0191b1c173fb7400bd768259

SHA512
4ff6a13511d130ea832dfe12dd217130200b1beb70553f8859f1653dd7ee42be06670ad78345b1b486bfe64659250eb50806d980e8ec885edb34574cfc11ead6

Download Submit
C:\Windows\system\dGLZcux.exe

Filesize
6.0MB

MD5
22e6f74ea55eb994520de4882b22911c

SHA1
7a72ec159c3998bee9ea230a1cef2f00528c69bc

SHA256
e522014584a8a30762f65bb2fca96f1287c53d054104325b7850bd7a490fc6f7

SHA512
89b794f44a25a7967efb8b4fe0ed179c9e75190148149fc45dc6664bdca8c55f05b5c86c6c29a076169350788300a0352357b9b8c3780a6911946779da976c25

Download Submit
C:\Windows\system\fDbFHBc.exe

Filesize
6.0MB

MD5
d3692ae53b73570fd8011c50754fd833

SHA1
d5593021e14a49802ba5d530f046c702d9cf2cea

SHA256
b7963b5c47391aeb5771147892742e206ca332bf98e170b74df7255e011a168a

SHA512
e2488affd2f17bb565512036154f6afc0cd273d1c71e3b09e8d04b22bef5ef077348dca8fdb51d34769ae1c25df51f5cdd94d6164be31a61b4fb61f35d644a05

Download Submit
C:\Windows\system\fQpaLpF.exe

Filesize
6.0MB

MD5
07a2ddbb3d03c40b29164a660525dee5

SHA1
303130825a3a051412a99ddd63d688aacfb1e5b3

SHA256
aeb2d68ec63f00badf7e48c91eb62be428ebc858905deb442b8436d46ac4b9c6

SHA512
892df26a0780e49cdef9ed3ed61f52741508d42b554d4805874f94e164e22313d571f73e50757df416ef8c523e461f92d048b25c655d9f2ac97d94d99063d42b

Download Submit
C:\Windows\system\krBnRxs.exe

Filesize
6.0MB

MD5
46dfc2ae6fd6ad6c246e6f5b13bd91e4

SHA1
c8f24a45faf3cf0c99f0696fdf455b1e50f912df

SHA256
ae76d92deeef8ca4895807c4487d76098e4956f25cc868fb1bb0d10857a8d2ef

SHA512
a86fe814240c0d6dc32128c2707f1d195c46be46e2e2a2a850aa91eddf3ea2f35b5b246d172830a3e10ae857cde8834386323e4b3f05626e1017803e04369ce0

Download Submit
C:\Windows\system\lBkBYak.exe

Filesize
6.0MB

MD5
52446bc4f1460be26bfdc9a0ca6e3af6

SHA1
2877e61d8751c66c04e0035c15dda7c77eea1aae

SHA256
e2f8d77259f5d0bec0ebf9f8a6a9ad20d8eff95804923f5f8bf56fe2468f4f9b

SHA512
4a581a17832efa8b7e10edabe336ae92867999919e2caf5423b859b7bd8a9ad4f87ca70e4405aefbe6e3e5502a3d01f7da7dbb7b789d75dfc66704619d53ee54

Download Submit
C:\Windows\system\lnhZwQi.exe

Filesize
6.0MB

MD5
ab47dcffc08a9fd9d5d09a6afbf47e79

SHA1
788e64fa52b931d0d2ccde79ae3141b9a35adb00

SHA256
c5beae1a26e94316cc8548138c3a4d9d5fd99fafa1d7c42b174d9ee50c113bb7

SHA512
5138894d508659d20722e58c5a12818d7412e066eaea4b5e969a08611abf578a68c010f909303065c6713496b5b443d5e4f6a94c4df4238a3e5f42783faa78d9

Download Submit
C:\Windows\system\sFxDJed.exe

Filesize
6.0MB

MD5
c95cced1372ad71a9b362864d1c9af2e

SHA1
b300d6704688c2dc69d0b2fd9d1a76496167f32d

SHA256
3f5d0ae44538bec7b5b5adebf39830e2e589d6b5bd41c2ad96984f0f4672e82a

SHA512
fb3bf36924d47c15ac0e4e3c8aa54e20fecfd7cb5008175680375f22694f7f9a8d5672499723cd29fd8c4b45beb4077c0fcebb09c89cc63b374221b6213b4859

Download Submit
C:\Windows\system\uaAhjuz.exe

Filesize
6.0MB

MD5
4cbe10fd2a68cbbba135859205db80bd

SHA1
cf0ef7f1f39ccb8d4ad45a1c6dda462d116ebae5

SHA256
b97ce547e25850c908de97cf5bd7d238fe3f1ec5b697e72ee8462dda2a63f951

SHA512
f237e5fbae55771c2fcab81f6e67f5b10210a9cdafbe7fb24c83188d4ef29987e4531116f325d7a0b8d8c135cd066048fbda8d21ca4b9faaac5c689af7cfd3b7

Download Submit
C:\Windows\system\wsJPjvl.exe

Filesize
6.0MB

MD5
e732b1a89d4969f0b6f3d52fb2654e4a

SHA1
d09371988b9296394ad85170b33e6ac32fc5fa7d

SHA256
4b02e42538954476aff8bcdd2405265f0bab8116314c03261f8de8d428d0a471

SHA512
2ee1e8a1c6b5135b799c790bbbd8994604ed7088d2dc66b62a4d9a5a19aaced5e88288a0573fc14ff4c468d24544600e6aab975e7480a09d2fdfbb7d108ceb3d

Download Submit
\Windows\system\BkzEAQM.exe

Filesize
6.0MB

MD5
0d37f06691b10fc2a264702e7eac1d5f

SHA1
d5ad3c51e36c00b81a5aba931d2685c6b959821d

SHA256
976b43648cd0e0817d6bb665f35a2fbaf30ba139d331b68a93638019cdde7455

SHA512
cdfefc7e4a246d9e87437d4723ba93f89f8bdb541b65916d5a8fe45781da36dd0dcc94414a13a3365f08f9af21ab602cdb8c92797b5c60528643f1bdbd06d602

Download Submit
\Windows\system\OuTelcu.exe

Filesize
6.0MB

MD5
9b41688fc8671957d63ec5f2d30bb848

SHA1
69910523c7e50d0ce60c23a874f06d1212618ad3

SHA256
fff2e3d9d045025e2d9b2231aa619e6eaaf91d7fd9c4f9d119fbb7ff3968c9d8

SHA512
cff2dac60436ad6cc039fc8a620bdd0745287d78e8e326bf3da06be0ec5aaa1c3108f7a377bff59c7773079c7260a1526bbb32b00e03ad05fab127675a23aad6

Download Submit
\Windows\system\bOAWjel.exe

Filesize
6.0MB

MD5
13952e11d9ceaf99167cea2b5b8fe10f

SHA1
87dd5eb2e4d62781b718c510aa3f37f8eebf5d7e

SHA256
059f3b654844d37a2bf76314bdfb638a778986977cc41e467dafbb2d9aabc0e9

SHA512
f761a11167ab0443165d7fe90adfda2fe90e4e957a9ef1a32092db0b5f4763d1821d9d37086539bab41ea2202ceb52821be0fff9a9b102b20f045251e584fc76

Download Submit
\Windows\system\jXVDgOY.exe

Filesize
6.0MB

MD5
373b6031147e5cc37eefdff656342a20

SHA1
033da69569f4db63e609e66eb6f9569ca2af82c2

SHA256
9957311463309fc459c5b084c888104676f73ffdc31f78f32b5d794c3c9c7adb

SHA512
651ed4c4c8ad6dec45e81781b86d7dbc92703b048ad526a0b46c94755fff6abc5bf65be3ec7ceafa1596f0e73c39393817a1353360ed5bb4b69654a5a0eca4dd

Download Submit
\Windows\system\vpTuPfZ.exe

Filesize
6.0MB

MD5
0212681c779227eb11e315288d8cf2d5

SHA1
a752dc2b21720b137fb5fb6631e3aeeed64cc7c7

SHA256
c06105422f15e84de5b4c29247ce104db0d697ea99493b1efdff5636ca263504

SHA512
d0a7c02ba440e447f5b6fb9ef8c6a02cdb87ce2d310247faf8e349717cf6965868917e70ac522a6e285040e53fab78918fa9ad24e94f9dce9649cc3ea4c5d3ff

Download Submit
memory/272-75-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/272-3447-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-3896-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-219-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2388-73-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-3446-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2404-64-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2524-365-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-4069-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-78-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-85-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2536-4072-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2536-461-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3444-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-41-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-97-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3421-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2584-24-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3450-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2652-50-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2684-33-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-49-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-91-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-84-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2684-300-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-0-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-301-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1017-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2684-76-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2684-74-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-98-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-71-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-26-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2684-216-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2684-60-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2684-457-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2684-51-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-653-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-23-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-38-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-25-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2684-786-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3418-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2736-83-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2736-28-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2780-22-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3410-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2788-59-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2788-20-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3412-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2900-4083-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-787-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-99-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-35-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2920-90-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3445-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/3012-3895-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/3012-92-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/3012-654-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download