cobaltstrike | 86ade7a53bd4447d151792c844bd0cecaac7f9f8d3e30978bb7dd0ca4a34e120

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

704fe901daa56784c44ca726d0022e9d
SHA1

01ea6bb1e484fc7283cbadefcad6add6ea55682f
SHA256

86ade7a53bd4447d151792c844bd0cecaac7f9f8d3e30978bb7dd0ca4a34e120
SHA512

eeeeabb3628d81bd83a2c3bf6ba788b597bbd87d560c4bff0d369a0986f73b15b88f00d0d5c4067f46ba5be8f81921c471db434b996a2ebb82d227af24eda778
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUq:T+q56utgpPF8u/7q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ea-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186ee-15.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186fd-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018728-25.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018784-29.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878f-35.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000187a5-37.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001925e-44.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-49.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-59.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-89.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196af-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019838-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197f8-163.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000198f0-161.dat	cobalt_reflective_dll
behavioral1/files/0x000f000000018676-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196b1-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001977d-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-69.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-55.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2436-0-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x00070000000186ea-11.dat	xmrig
behavioral1/files/0x00070000000186ee-15.dat	xmrig
behavioral1/files/0x00060000000186fd-20.dat	xmrig
behavioral1/files/0x0007000000018728-25.dat	xmrig
behavioral1/files/0x0006000000018784-29.dat	xmrig
behavioral1/files/0x000600000001878f-35.dat	xmrig
behavioral1/files/0x00060000000187a5-37.dat	xmrig
behavioral1/files/0x000700000001925e-44.dat	xmrig
behavioral1/files/0x00050000000195c5-49.dat	xmrig
behavioral1/files/0x000500000001960b-59.dat	xmrig
behavioral1/files/0x0005000000019617-89.dat	xmrig
behavioral1/files/0x000500000001961d-105.dat	xmrig
behavioral1/files/0x0005000000019623-124.dat	xmrig
behavioral1/files/0x00050000000196af-136.dat	xmrig
behavioral1/memory/2944-207-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2436-1288-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2832-201-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2852-182-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/1692-167-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2436-165-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019838-164.dat	xmrig
behavioral1/files/0x00050000000197f8-163.dat	xmrig
behavioral1/files/0x00050000000198f0-161.dat	xmrig
behavioral1/files/0x000f000000018676-153.dat	xmrig
behavioral1/files/0x0005000000019625-148.dat	xmrig
behavioral1/files/0x00050000000196b1-147.dat	xmrig
behavioral1/files/0x000500000001977d-143.dat	xmrig
behavioral1/files/0x0005000000019667-139.dat	xmrig
behavioral1/memory/1696-217-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2724-215-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2728-194-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2980-189-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2848-187-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2436-180-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/memory/2720-179-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2704-173-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2104-171-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2412-160-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2452-152-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x0005000000019622-120.dat	xmrig
behavioral1/files/0x0005000000019621-115.dat	xmrig
behavioral1/files/0x000500000001961f-109.dat	xmrig
behavioral1/files/0x000500000001961b-99.dat	xmrig
behavioral1/files/0x0005000000019619-95.dat	xmrig
behavioral1/files/0x0005000000019615-85.dat	xmrig
behavioral1/files/0x0005000000019613-79.dat	xmrig
behavioral1/files/0x0005000000019611-75.dat	xmrig
behavioral1/files/0x000500000001960f-69.dat	xmrig
behavioral1/files/0x000500000001960d-65.dat	xmrig
behavioral1/files/0x0005000000019609-55.dat	xmrig
behavioral1/memory/1696-3916-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2944-3917-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2720-3936-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2704-3976-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2412-3975-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2728-3974-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2848-3973-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2104-3972-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2832-3979-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/1692-3977-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2852-3981-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2452-3980-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1696	SYMbnnn.exe
2452	TWWajqQ.exe
2412	MEQHjNC.exe
1692	aXPFRCP.exe
2104	mlCZISQ.exe
2704	ZAvvcBH.exe
2720	gkOPLUB.exe
2852	wPJnjAy.exe
2848	oZAeqbE.exe
2980	LNrUrxc.exe
2728	MtHfVuE.exe
2832	BERgGeO.exe
2944	yIrUFyt.exe
2724	TzIGZuf.exe
2604	IvrhKVC.exe
2684	TZcfiGV.exe
1812	QiloNbO.exe
2080	OiikrPh.exe
1660	OQzVhKD.exe
1472	JmYRQYb.exe
2908	avPKnUX.exe
2924	sAmlksw.exe
976	YsRVvYz.exe
1636	mfubkMR.exe
1912	PmWblpM.exe
2956	FDambVi.exe
2056	FXNoWTm.exe
2232	eXFZrNx.exe
2496	nXpGQxf.exe
1076	gpeFRIK.exe
2332	BsNnJDm.exe
604	JIbrfgg.exe
1524	QRngJSv.exe
376	BmkglPu.exe
684	StrCwqL.exe
2120	ogxSoiD.exe
3020	oRHonrR.exe
1788	reAUMdX.exe
2576	jsIPffD.exe
300	xGrevXU.exe
1040	wdrfRYb.exe
1284	RTaIwXi.exe
1036	nePbDIB.exe
2544	CQheWSC.exe
864	bKItfaX.exe
2364	gOxLHqz.exe
2548	LkbrOfG.exe
2532	lbWbxmr.exe
2388	eEiySgN.exe
2992	ngASfDG.exe
2816	cmcKaLd.exe
1072	usVfQPX.exe
1280	JjFqRDV.exe
2988	MQkUtbe.exe
1764	jrJcDrK.exe
544	pzTepZB.exe
2220	dAnyqMk.exe
1520	qDfgKkd.exe
2492	beKBPIm.exe
1956	gnwBEMX.exe
1048	WaBVamx.exe
2292	nRjhOic.exe
1568	WizvXCp.exe
1404	XSxCLbn.exe

Loads dropped DLL 64 IoCs

pid	Process
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2436-0-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x00070000000186ea-11.dat	upx
behavioral1/files/0x00070000000186ee-15.dat	upx
behavioral1/files/0x00060000000186fd-20.dat	upx
behavioral1/files/0x0007000000018728-25.dat	upx
behavioral1/files/0x0006000000018784-29.dat	upx
behavioral1/files/0x000600000001878f-35.dat	upx
behavioral1/files/0x00060000000187a5-37.dat	upx
behavioral1/files/0x000700000001925e-44.dat	upx
behavioral1/files/0x00050000000195c5-49.dat	upx
behavioral1/files/0x000500000001960b-59.dat	upx
behavioral1/files/0x0005000000019617-89.dat	upx
behavioral1/files/0x000500000001961d-105.dat	upx
behavioral1/files/0x0005000000019623-124.dat	upx
behavioral1/files/0x00050000000196af-136.dat	upx
behavioral1/memory/2944-207-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2436-1288-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2832-201-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2852-182-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/1692-167-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x0005000000019838-164.dat	upx
behavioral1/files/0x00050000000197f8-163.dat	upx
behavioral1/files/0x00050000000198f0-161.dat	upx
behavioral1/files/0x000f000000018676-153.dat	upx
behavioral1/files/0x0005000000019625-148.dat	upx
behavioral1/files/0x00050000000196b1-147.dat	upx
behavioral1/files/0x000500000001977d-143.dat	upx
behavioral1/files/0x0005000000019667-139.dat	upx
behavioral1/memory/1696-217-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2724-215-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2728-194-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2980-189-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2848-187-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2720-179-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2704-173-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2104-171-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2412-160-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2452-152-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x0005000000019622-120.dat	upx
behavioral1/files/0x0005000000019621-115.dat	upx
behavioral1/files/0x000500000001961f-109.dat	upx
behavioral1/files/0x000500000001961b-99.dat	upx
behavioral1/files/0x0005000000019619-95.dat	upx
behavioral1/files/0x0005000000019615-85.dat	upx
behavioral1/files/0x0005000000019613-79.dat	upx
behavioral1/files/0x0005000000019611-75.dat	upx
behavioral1/files/0x000500000001960f-69.dat	upx
behavioral1/files/0x000500000001960d-65.dat	upx
behavioral1/files/0x0005000000019609-55.dat	upx
behavioral1/memory/1696-3916-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2944-3917-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2720-3936-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2704-3976-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2412-3975-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2728-3974-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2848-3973-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2104-3972-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2832-3979-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/1692-3977-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2852-3981-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2452-3980-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2980-3978-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2724-4053-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\sdwQERF.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Thfmwpf.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JovGyiY.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\klQKzuc.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tvbcKSp.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZOsUll.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QRngJSv.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxvegRO.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLKljkT.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYUpxum.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtHfVuE.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lVlYCHZ.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KjEgPXO.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EJNtnSC.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmOwfIg.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GMtygPk.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UDlEzrz.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTaKgxT.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dkETsKh.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YStJmfW.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXFZrNx.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYxRhsU.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxAPVgv.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MkmAxMe.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdvuaPA.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CQheWSC.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ynKCsTi.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gkqoCtq.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaeQVmi.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zVPHMqD.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UpqbhDG.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\htlaSGc.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\reWUZzq.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YREuqvu.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HezDgnf.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZHrqyE.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BzmYfbS.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bGcLdbD.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\klmQdny.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StteZxI.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IvrhKVC.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVpsDvd.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YjShiqM.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OvEcVWw.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJyhXvt.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VSKKMHK.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yvgdFVe.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SkDOIrl.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wGBGSnZ.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDvMKNk.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WsXysrl.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDEjGVB.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hySdrgl.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\icFNCyK.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\duPDFYN.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LOnbYPs.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OThBpdJ.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nORcIAi.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QUPktpv.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VQitnvu.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KJRgPiU.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zOtjinu.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLVIfVa.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gBvSOXw.exe	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 1696	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2436 wrote to memory of 1696	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2436 wrote to memory of 1696	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2436 wrote to memory of 2452	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2436 wrote to memory of 2452	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2436 wrote to memory of 2452	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2436 wrote to memory of 2412	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2436 wrote to memory of 2412	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2436 wrote to memory of 2412	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2436 wrote to memory of 1692	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2436 wrote to memory of 1692	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2436 wrote to memory of 1692	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2436 wrote to memory of 2104	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2436 wrote to memory of 2104	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2436 wrote to memory of 2104	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2436 wrote to memory of 2704	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2436 wrote to memory of 2704	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2436 wrote to memory of 2704	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2436 wrote to memory of 2720	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2436 wrote to memory of 2720	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2436 wrote to memory of 2720	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2436 wrote to memory of 2852	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2436 wrote to memory of 2852	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2436 wrote to memory of 2852	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2436 wrote to memory of 2848	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2436 wrote to memory of 2848	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2436 wrote to memory of 2848	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2436 wrote to memory of 2980	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2436 wrote to memory of 2980	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2436 wrote to memory of 2980	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2436 wrote to memory of 2728	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2436 wrote to memory of 2728	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2436 wrote to memory of 2728	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2436 wrote to memory of 2832	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2436 wrote to memory of 2832	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2436 wrote to memory of 2832	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2436 wrote to memory of 2944	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2436 wrote to memory of 2944	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2436 wrote to memory of 2944	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2436 wrote to memory of 2724	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2436 wrote to memory of 2724	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2436 wrote to memory of 2724	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2436 wrote to memory of 2604	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2436 wrote to memory of 2604	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2436 wrote to memory of 2604	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2436 wrote to memory of 2684	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2436 wrote to memory of 2684	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2436 wrote to memory of 2684	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2436 wrote to memory of 1812	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2436 wrote to memory of 1812	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2436 wrote to memory of 1812	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2436 wrote to memory of 2080	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2436 wrote to memory of 2080	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2436 wrote to memory of 2080	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2436 wrote to memory of 1660	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2436 wrote to memory of 1660	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2436 wrote to memory of 1660	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2436 wrote to memory of 1472	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2436 wrote to memory of 1472	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2436 wrote to memory of 1472	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2436 wrote to memory of 2908	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2436 wrote to memory of 2908	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2436 wrote to memory of 2908	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2436 wrote to memory of 2924	2436	2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-23_704fe901daa56784c44ca726d0022e9d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Windows\System\SYMbnnn.exe
  C:\Windows\System\SYMbnnn.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\TWWajqQ.exe
  C:\Windows\System\TWWajqQ.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\MEQHjNC.exe
  C:\Windows\System\MEQHjNC.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\aXPFRCP.exe
  C:\Windows\System\aXPFRCP.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\mlCZISQ.exe
  C:\Windows\System\mlCZISQ.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\ZAvvcBH.exe
  C:\Windows\System\ZAvvcBH.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\gkOPLUB.exe
  C:\Windows\System\gkOPLUB.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\wPJnjAy.exe
  C:\Windows\System\wPJnjAy.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\oZAeqbE.exe
  C:\Windows\System\oZAeqbE.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\LNrUrxc.exe
  C:\Windows\System\LNrUrxc.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\MtHfVuE.exe
  C:\Windows\System\MtHfVuE.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\BERgGeO.exe
  C:\Windows\System\BERgGeO.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\yIrUFyt.exe
  C:\Windows\System\yIrUFyt.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\TzIGZuf.exe
  C:\Windows\System\TzIGZuf.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\IvrhKVC.exe
  C:\Windows\System\IvrhKVC.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\TZcfiGV.exe
  C:\Windows\System\TZcfiGV.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\QiloNbO.exe
  C:\Windows\System\QiloNbO.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\OiikrPh.exe
  C:\Windows\System\OiikrPh.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\OQzVhKD.exe
  C:\Windows\System\OQzVhKD.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\JmYRQYb.exe
  C:\Windows\System\JmYRQYb.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\avPKnUX.exe
  C:\Windows\System\avPKnUX.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\sAmlksw.exe
  C:\Windows\System\sAmlksw.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\YsRVvYz.exe
  C:\Windows\System\YsRVvYz.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\mfubkMR.exe
  C:\Windows\System\mfubkMR.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\PmWblpM.exe
  C:\Windows\System\PmWblpM.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\eXFZrNx.exe
  C:\Windows\System\eXFZrNx.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\FDambVi.exe
  C:\Windows\System\FDambVi.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\jsIPffD.exe
  C:\Windows\System\jsIPffD.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\FXNoWTm.exe
  C:\Windows\System\FXNoWTm.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\xGrevXU.exe
  C:\Windows\System\xGrevXU.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\nXpGQxf.exe
  C:\Windows\System\nXpGQxf.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\RTaIwXi.exe
  C:\Windows\System\RTaIwXi.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\gpeFRIK.exe
  C:\Windows\System\gpeFRIK.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\nePbDIB.exe
  C:\Windows\System\nePbDIB.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\BsNnJDm.exe
  C:\Windows\System\BsNnJDm.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\usVfQPX.exe
  C:\Windows\System\usVfQPX.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\JIbrfgg.exe
  C:\Windows\System\JIbrfgg.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\JjFqRDV.exe
  C:\Windows\System\JjFqRDV.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\QRngJSv.exe
  C:\Windows\System\QRngJSv.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\MQkUtbe.exe
  C:\Windows\System\MQkUtbe.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\BmkglPu.exe
  C:\Windows\System\BmkglPu.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\jrJcDrK.exe
  C:\Windows\System\jrJcDrK.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\StrCwqL.exe
  C:\Windows\System\StrCwqL.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\pzTepZB.exe
  C:\Windows\System\pzTepZB.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\ogxSoiD.exe
  C:\Windows\System\ogxSoiD.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\dAnyqMk.exe
  C:\Windows\System\dAnyqMk.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\oRHonrR.exe
  C:\Windows\System\oRHonrR.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\qDfgKkd.exe
  C:\Windows\System\qDfgKkd.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\reAUMdX.exe
  C:\Windows\System\reAUMdX.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\beKBPIm.exe
  C:\Windows\System\beKBPIm.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\wdrfRYb.exe
  C:\Windows\System\wdrfRYb.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\gnwBEMX.exe
  C:\Windows\System\gnwBEMX.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\CQheWSC.exe
  C:\Windows\System\CQheWSC.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\WaBVamx.exe
  C:\Windows\System\WaBVamx.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\bKItfaX.exe
  C:\Windows\System\bKItfaX.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\nRjhOic.exe
  C:\Windows\System\nRjhOic.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\gOxLHqz.exe
  C:\Windows\System\gOxLHqz.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\WizvXCp.exe
  C:\Windows\System\WizvXCp.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\LkbrOfG.exe
  C:\Windows\System\LkbrOfG.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\XSxCLbn.exe
  C:\Windows\System\XSxCLbn.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\lbWbxmr.exe
  C:\Windows\System\lbWbxmr.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\KffuiIZ.exe
  C:\Windows\System\KffuiIZ.exe
  2⤵
  PID:1976
- C:\Windows\System\eEiySgN.exe
  C:\Windows\System\eEiySgN.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\gjLgfxp.exe
  C:\Windows\System\gjLgfxp.exe
  2⤵
  PID:2872
- C:\Windows\System\ngASfDG.exe
  C:\Windows\System\ngASfDG.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\uYeSpRb.exe
  C:\Windows\System\uYeSpRb.exe
  2⤵
  PID:2716
- C:\Windows\System\cmcKaLd.exe
  C:\Windows\System\cmcKaLd.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\XfNIpjV.exe
  C:\Windows\System\XfNIpjV.exe
  2⤵
  PID:2632
- C:\Windows\System\GoFXfHb.exe
  C:\Windows\System\GoFXfHb.exe
  2⤵
  PID:2776
- C:\Windows\System\dcuzynt.exe
  C:\Windows\System\dcuzynt.exe
  2⤵
  PID:2240
- C:\Windows\System\wbZLyeJ.exe
  C:\Windows\System\wbZLyeJ.exe
  2⤵
  PID:1740
- C:\Windows\System\hpjOTHL.exe
  C:\Windows\System\hpjOTHL.exe
  2⤵
  PID:1008
- C:\Windows\System\HlgaXiX.exe
  C:\Windows\System\HlgaXiX.exe
  2⤵
  PID:728
- C:\Windows\System\TldNuQS.exe
  C:\Windows\System\TldNuQS.exe
  2⤵
  PID:892
- C:\Windows\System\iCfhgyU.exe
  C:\Windows\System\iCfhgyU.exe
  2⤵
  PID:2888
- C:\Windows\System\ouCRncB.exe
  C:\Windows\System\ouCRncB.exe
  2⤵
  PID:796
- C:\Windows\System\WuprgZl.exe
  C:\Windows\System\WuprgZl.exe
  2⤵
  PID:2244
- C:\Windows\System\VLaqoxc.exe
  C:\Windows\System\VLaqoxc.exe
  2⤵
  PID:1148
- C:\Windows\System\EwosdSx.exe
  C:\Windows\System\EwosdSx.exe
  2⤵
  PID:1388
- C:\Windows\System\AAxiEKG.exe
  C:\Windows\System\AAxiEKG.exe
  2⤵
  PID:1340
- C:\Windows\System\mhJHtnP.exe
  C:\Windows\System\mhJHtnP.exe
  2⤵
  PID:936
- C:\Windows\System\heNcESR.exe
  C:\Windows\System\heNcESR.exe
  2⤵
  PID:3012
- C:\Windows\System\cTXfsOl.exe
  C:\Windows\System\cTXfsOl.exe
  2⤵
  PID:2972
- C:\Windows\System\NntxKsB.exe
  C:\Windows\System\NntxKsB.exe
  2⤵
  PID:1612
- C:\Windows\System\FBrPAIm.exe
  C:\Windows\System\FBrPAIm.exe
  2⤵
  PID:2100
- C:\Windows\System\qvpBjlZ.exe
  C:\Windows\System\qvpBjlZ.exe
  2⤵
  PID:2320
- C:\Windows\System\jjWebuC.exe
  C:\Windows\System\jjWebuC.exe
  2⤵
  PID:2272
- C:\Windows\System\HgmyyHo.exe
  C:\Windows\System\HgmyyHo.exe
  2⤵
  PID:752
- C:\Windows\System\VeiMXEr.exe
  C:\Windows\System\VeiMXEr.exe
  2⤵
  PID:740
- C:\Windows\System\kCqMHRg.exe
  C:\Windows\System\kCqMHRg.exe
  2⤵
  PID:576
- C:\Windows\System\IRGJrhs.exe
  C:\Windows\System\IRGJrhs.exe
  2⤵
  PID:1600
- C:\Windows\System\EuyhWVJ.exe
  C:\Windows\System\EuyhWVJ.exe
  2⤵
  PID:2504
- C:\Windows\System\OMKnrav.exe
  C:\Windows\System\OMKnrav.exe
  2⤵
  PID:2976
- C:\Windows\System\mBFLrCB.exe
  C:\Windows\System\mBFLrCB.exe
  2⤵
  PID:680
- C:\Windows\System\pPSdnSZ.exe
  C:\Windows\System\pPSdnSZ.exe
  2⤵
  PID:1252
- C:\Windows\System\xlwKPZP.exe
  C:\Windows\System\xlwKPZP.exe
  2⤵
  PID:1856
- C:\Windows\System\qxoOvhv.exe
  C:\Windows\System\qxoOvhv.exe
  2⤵
  PID:2420
- C:\Windows\System\hvbiFMg.exe
  C:\Windows\System\hvbiFMg.exe
  2⤵
  PID:1776
- C:\Windows\System\zWEhAeB.exe
  C:\Windows\System\zWEhAeB.exe
  2⤵
  PID:1804
- C:\Windows\System\MMZHeeE.exe
  C:\Windows\System\MMZHeeE.exe
  2⤵
  PID:1828
- C:\Windows\System\CSDSXxl.exe
  C:\Windows\System\CSDSXxl.exe
  2⤵
  PID:1924
- C:\Windows\System\fnisOxy.exe
  C:\Windows\System\fnisOxy.exe
  2⤵
  PID:2700
- C:\Windows\System\LGCthac.exe
  C:\Windows\System\LGCthac.exe
  2⤵
  PID:2964
- C:\Windows\System\kCKJQon.exe
  C:\Windows\System\kCKJQon.exe
  2⤵
  PID:1892
- C:\Windows\System\IbEEmgb.exe
  C:\Windows\System\IbEEmgb.exe
  2⤵
  PID:2348
- C:\Windows\System\cxvegRO.exe
  C:\Windows\System\cxvegRO.exe
  2⤵
  PID:2280
- C:\Windows\System\MZIFhBp.exe
  C:\Windows\System\MZIFhBp.exe
  2⤵
  PID:1932
- C:\Windows\System\XmwuHJU.exe
  C:\Windows\System\XmwuHJU.exe
  2⤵
  PID:3076
- C:\Windows\System\nubYWOv.exe
  C:\Windows\System\nubYWOv.exe
  2⤵
  PID:3092
- C:\Windows\System\DcNCOtD.exe
  C:\Windows\System\DcNCOtD.exe
  2⤵
  PID:3108
- C:\Windows\System\aaGxFOv.exe
  C:\Windows\System\aaGxFOv.exe
  2⤵
  PID:3124
- C:\Windows\System\LZhQmHc.exe
  C:\Windows\System\LZhQmHc.exe
  2⤵
  PID:3140
- C:\Windows\System\cwCkHdr.exe
  C:\Windows\System\cwCkHdr.exe
  2⤵
  PID:3156
- C:\Windows\System\FaoJQIa.exe
  C:\Windows\System\FaoJQIa.exe
  2⤵
  PID:3172
- C:\Windows\System\upuUkZx.exe
  C:\Windows\System\upuUkZx.exe
  2⤵
  PID:3188
- C:\Windows\System\ajaflLg.exe
  C:\Windows\System\ajaflLg.exe
  2⤵
  PID:3204
- C:\Windows\System\RIPYIiP.exe
  C:\Windows\System\RIPYIiP.exe
  2⤵
  PID:3220
- C:\Windows\System\VAmHUfM.exe
  C:\Windows\System\VAmHUfM.exe
  2⤵
  PID:3236
- C:\Windows\System\ZGoHApk.exe
  C:\Windows\System\ZGoHApk.exe
  2⤵
  PID:3252
- C:\Windows\System\bavHsiH.exe
  C:\Windows\System\bavHsiH.exe
  2⤵
  PID:3268
- C:\Windows\System\aPSTion.exe
  C:\Windows\System\aPSTion.exe
  2⤵
  PID:3284
- C:\Windows\System\cgRfzFP.exe
  C:\Windows\System\cgRfzFP.exe
  2⤵
  PID:3300
- C:\Windows\System\SIwjmzH.exe
  C:\Windows\System\SIwjmzH.exe
  2⤵
  PID:3316
- C:\Windows\System\ItYXyfK.exe
  C:\Windows\System\ItYXyfK.exe
  2⤵
  PID:3332
- C:\Windows\System\oNOZiis.exe
  C:\Windows\System\oNOZiis.exe
  2⤵
  PID:3348
- C:\Windows\System\mgiujeP.exe
  C:\Windows\System\mgiujeP.exe
  2⤵
  PID:3364
- C:\Windows\System\tgpDohS.exe
  C:\Windows\System\tgpDohS.exe
  2⤵
  PID:3380
- C:\Windows\System\UniXsjI.exe
  C:\Windows\System\UniXsjI.exe
  2⤵
  PID:3396
- C:\Windows\System\vHPpTdK.exe
  C:\Windows\System\vHPpTdK.exe
  2⤵
  PID:3412
- C:\Windows\System\aZxoqeK.exe
  C:\Windows\System\aZxoqeK.exe
  2⤵
  PID:3428
- C:\Windows\System\qMWbgAk.exe
  C:\Windows\System\qMWbgAk.exe
  2⤵
  PID:3444
- C:\Windows\System\qeMWqWp.exe
  C:\Windows\System\qeMWqWp.exe
  2⤵
  PID:3460
- C:\Windows\System\zIGHtwO.exe
  C:\Windows\System\zIGHtwO.exe
  2⤵
  PID:3476
- C:\Windows\System\RzdfqRB.exe
  C:\Windows\System\RzdfqRB.exe
  2⤵
  PID:3492
- C:\Windows\System\CBdgacf.exe
  C:\Windows\System\CBdgacf.exe
  2⤵
  PID:3508
- C:\Windows\System\LbguBJV.exe
  C:\Windows\System\LbguBJV.exe
  2⤵
  PID:3524
- C:\Windows\System\CkcVqFN.exe
  C:\Windows\System\CkcVqFN.exe
  2⤵
  PID:3540
- C:\Windows\System\BVkIFyv.exe
  C:\Windows\System\BVkIFyv.exe
  2⤵
  PID:3556
- C:\Windows\System\JMaYXVB.exe
  C:\Windows\System\JMaYXVB.exe
  2⤵
  PID:3572
- C:\Windows\System\mDkhtaR.exe
  C:\Windows\System\mDkhtaR.exe
  2⤵
  PID:3588
- C:\Windows\System\LsCASGJ.exe
  C:\Windows\System\LsCASGJ.exe
  2⤵
  PID:3604
- C:\Windows\System\yAYWBdk.exe
  C:\Windows\System\yAYWBdk.exe
  2⤵
  PID:3620
- C:\Windows\System\YIpLNlG.exe
  C:\Windows\System\YIpLNlG.exe
  2⤵
  PID:3636
- C:\Windows\System\GIUjWAI.exe
  C:\Windows\System\GIUjWAI.exe
  2⤵
  PID:3652
- C:\Windows\System\QDhWKjq.exe
  C:\Windows\System\QDhWKjq.exe
  2⤵
  PID:3668
- C:\Windows\System\FbKjInt.exe
  C:\Windows\System\FbKjInt.exe
  2⤵
  PID:3684
- C:\Windows\System\QKhqjwf.exe
  C:\Windows\System\QKhqjwf.exe
  2⤵
  PID:3700
- C:\Windows\System\xvpZtnG.exe
  C:\Windows\System\xvpZtnG.exe
  2⤵
  PID:3716
- C:\Windows\System\dziWDHt.exe
  C:\Windows\System\dziWDHt.exe
  2⤵
  PID:3732
- C:\Windows\System\kNIVqqj.exe
  C:\Windows\System\kNIVqqj.exe
  2⤵
  PID:3748
- C:\Windows\System\JkqzVYU.exe
  C:\Windows\System\JkqzVYU.exe
  2⤵
  PID:3764
- C:\Windows\System\aWNTPce.exe
  C:\Windows\System\aWNTPce.exe
  2⤵
  PID:3780
- C:\Windows\System\zFjMrss.exe
  C:\Windows\System\zFjMrss.exe
  2⤵
  PID:3796
- C:\Windows\System\HulQdrA.exe
  C:\Windows\System\HulQdrA.exe
  2⤵
  PID:3812
- C:\Windows\System\QnkZhwj.exe
  C:\Windows\System\QnkZhwj.exe
  2⤵
  PID:3828
- C:\Windows\System\tKdWyAB.exe
  C:\Windows\System\tKdWyAB.exe
  2⤵
  PID:3844
- C:\Windows\System\LWJNgXM.exe
  C:\Windows\System\LWJNgXM.exe
  2⤵
  PID:3860
- C:\Windows\System\mPUgZTh.exe
  C:\Windows\System\mPUgZTh.exe
  2⤵
  PID:3876
- C:\Windows\System\uuEkTbB.exe
  C:\Windows\System\uuEkTbB.exe
  2⤵
  PID:3892
- C:\Windows\System\iXVzGeo.exe
  C:\Windows\System\iXVzGeo.exe
  2⤵
  PID:3908
- C:\Windows\System\ozWPGfb.exe
  C:\Windows\System\ozWPGfb.exe
  2⤵
  PID:3924
- C:\Windows\System\bdoDufQ.exe
  C:\Windows\System\bdoDufQ.exe
  2⤵
  PID:3940
- C:\Windows\System\rYxRhsU.exe
  C:\Windows\System\rYxRhsU.exe
  2⤵
  PID:3956
- C:\Windows\System\lCObiAb.exe
  C:\Windows\System\lCObiAb.exe
  2⤵
  PID:3972
- C:\Windows\System\bYJiHli.exe
  C:\Windows\System\bYJiHli.exe
  2⤵
  PID:3988
- C:\Windows\System\URHZoQR.exe
  C:\Windows\System\URHZoQR.exe
  2⤵
  PID:4004
- C:\Windows\System\mpOMJWD.exe
  C:\Windows\System\mpOMJWD.exe
  2⤵
  PID:4020
- C:\Windows\System\BVRMSHM.exe
  C:\Windows\System\BVRMSHM.exe
  2⤵
  PID:4036
- C:\Windows\System\WLwPVWp.exe
  C:\Windows\System\WLwPVWp.exe
  2⤵
  PID:4052
- C:\Windows\System\XbQmQfK.exe
  C:\Windows\System\XbQmQfK.exe
  2⤵
  PID:4068
- C:\Windows\System\UlsRlrQ.exe
  C:\Windows\System\UlsRlrQ.exe
  2⤵
  PID:4084
- C:\Windows\System\MommmRu.exe
  C:\Windows\System\MommmRu.exe
  2⤵
  PID:2904
- C:\Windows\System\jBfEnBf.exe
  C:\Windows\System\jBfEnBf.exe
  2⤵
  PID:2664
- C:\Windows\System\cXjJzTf.exe
  C:\Windows\System\cXjJzTf.exe
  2⤵
  PID:2180
- C:\Windows\System\kxiejQY.exe
  C:\Windows\System\kxiejQY.exe
  2⤵
  PID:2840
- C:\Windows\System\dTFmwAs.exe
  C:\Windows\System\dTFmwAs.exe
  2⤵
  PID:1428
- C:\Windows\System\rdINSmN.exe
  C:\Windows\System\rdINSmN.exe
  2⤵
  PID:1276
- C:\Windows\System\nPQiESS.exe
  C:\Windows\System\nPQiESS.exe
  2⤵
  PID:2208
- C:\Windows\System\wkouWEz.exe
  C:\Windows\System\wkouWEz.exe
  2⤵
  PID:2812
- C:\Windows\System\TaBJHrb.exe
  C:\Windows\System\TaBJHrb.exe
  2⤵
  PID:920
- C:\Windows\System\KwvApYU.exe
  C:\Windows\System\KwvApYU.exe
  2⤵
  PID:1256
- C:\Windows\System\ohbkSuh.exe
  C:\Windows\System\ohbkSuh.exe
  2⤵
  PID:3104
- C:\Windows\System\iddHyWH.exe
  C:\Windows\System\iddHyWH.exe
  2⤵
  PID:3168
- C:\Windows\System\ckNGQVh.exe
  C:\Windows\System\ckNGQVh.exe
  2⤵
  PID:3116
- C:\Windows\System\rneDmKd.exe
  C:\Windows\System\rneDmKd.exe
  2⤵
  PID:3200
- C:\Windows\System\IKNsHHU.exe
  C:\Windows\System\IKNsHHU.exe
  2⤵
  PID:3212
- C:\Windows\System\jljwydU.exe
  C:\Windows\System\jljwydU.exe
  2⤵
  PID:3260
- C:\Windows\System\EurkSEf.exe
  C:\Windows\System\EurkSEf.exe
  2⤵
  PID:3324
- C:\Windows\System\APEFOMd.exe
  C:\Windows\System\APEFOMd.exe
  2⤵
  PID:3248
- C:\Windows\System\WzhreAj.exe
  C:\Windows\System\WzhreAj.exe
  2⤵
  PID:3388
- C:\Windows\System\IVpsDvd.exe
  C:\Windows\System\IVpsDvd.exe
  2⤵
  PID:3340
- C:\Windows\System\WkIghHv.exe
  C:\Windows\System\WkIghHv.exe
  2⤵
  PID:3404
- C:\Windows\System\yckjZrB.exe
  C:\Windows\System\yckjZrB.exe
  2⤵
  PID:3436
- C:\Windows\System\PPJADuG.exe
  C:\Windows\System\PPJADuG.exe
  2⤵
  PID:3488
- C:\Windows\System\UbCSdHn.exe
  C:\Windows\System\UbCSdHn.exe
  2⤵
  PID:3468
- C:\Windows\System\BEWcklv.exe
  C:\Windows\System\BEWcklv.exe
  2⤵
  PID:3552
- C:\Windows\System\lVlYCHZ.exe
  C:\Windows\System\lVlYCHZ.exe
  2⤵
  PID:3536
- C:\Windows\System\QAwnSkG.exe
  C:\Windows\System\QAwnSkG.exe
  2⤵
  PID:3612
- C:\Windows\System\dhUDPqs.exe
  C:\Windows\System\dhUDPqs.exe
  2⤵
  PID:3648
- C:\Windows\System\DKaQrCK.exe
  C:\Windows\System\DKaQrCK.exe
  2⤵
  PID:3712
- C:\Windows\System\HKwgFeA.exe
  C:\Windows\System\HKwgFeA.exe
  2⤵
  PID:3628
- C:\Windows\System\oFaNOzV.exe
  C:\Windows\System\oFaNOzV.exe
  2⤵
  PID:3772
- C:\Windows\System\tLiFcuO.exe
  C:\Windows\System\tLiFcuO.exe
  2⤵
  PID:3728
- C:\Windows\System\aaSphtf.exe
  C:\Windows\System\aaSphtf.exe
  2⤵
  PID:3760
- C:\Windows\System\pIpTSOB.exe
  C:\Windows\System\pIpTSOB.exe
  2⤵
  PID:3836
- C:\Windows\System\bBiteRm.exe
  C:\Windows\System\bBiteRm.exe
  2⤵
  PID:3900
- C:\Windows\System\yyrxvkR.exe
  C:\Windows\System\yyrxvkR.exe
  2⤵
  PID:3820
- C:\Windows\System\hBpJeUJ.exe
  C:\Windows\System\hBpJeUJ.exe
  2⤵
  PID:3856
- C:\Windows\System\JXRMrYb.exe
  C:\Windows\System\JXRMrYb.exe
  2⤵
  PID:3936
- C:\Windows\System\PUhPvyK.exe
  C:\Windows\System\PUhPvyK.exe
  2⤵
  PID:3968
- C:\Windows\System\FWijhRF.exe
  C:\Windows\System\FWijhRF.exe
  2⤵
  PID:3984
- C:\Windows\System\jxWdGgc.exe
  C:\Windows\System\jxWdGgc.exe
  2⤵
  PID:4064
- C:\Windows\System\nhqOatE.exe
  C:\Windows\System\nhqOatE.exe
  2⤵
  PID:4048
- C:\Windows\System\UZkRLNP.exe
  C:\Windows\System\UZkRLNP.exe
  2⤵
  PID:1964
- C:\Windows\System\CIDInbw.exe
  C:\Windows\System\CIDInbw.exe
  2⤵
  PID:2540
- C:\Windows\System\SYiVrZt.exe
  C:\Windows\System\SYiVrZt.exe
  2⤵
  PID:876
- C:\Windows\System\DesAPdz.exe
  C:\Windows\System\DesAPdz.exe
  2⤵
  PID:296
- C:\Windows\System\jzWGKRs.exe
  C:\Windows\System\jzWGKRs.exe
  2⤵
  PID:3100
- C:\Windows\System\GCQoLmS.exe
  C:\Windows\System\GCQoLmS.exe
  2⤵
  PID:664
- C:\Windows\System\cVwLWzP.exe
  C:\Windows\System\cVwLWzP.exe
  2⤵
  PID:3088
- C:\Windows\System\WYeMTvV.exe
  C:\Windows\System\WYeMTvV.exe
  2⤵
  PID:3228
- C:\Windows\System\xnQYsDm.exe
  C:\Windows\System\xnQYsDm.exe
  2⤵
  PID:3356
- C:\Windows\System\jnVKNWC.exe
  C:\Windows\System\jnVKNWC.exe
  2⤵
  PID:3312
- C:\Windows\System\sizEIFi.exe
  C:\Windows\System\sizEIFi.exe
  2⤵
  PID:3484
- C:\Windows\System\EcwXuhk.exe
  C:\Windows\System\EcwXuhk.exe
  2⤵
  PID:3280
- C:\Windows\System\HQwZWQv.exe
  C:\Windows\System\HQwZWQv.exe
  2⤵
  PID:3584
- C:\Windows\System\dYsCKID.exe
  C:\Windows\System\dYsCKID.exe
  2⤵
  PID:3680
- C:\Windows\System\ZDOzqcQ.exe
  C:\Windows\System\ZDOzqcQ.exe
  2⤵
  PID:3664
- C:\Windows\System\KzJcenQ.exe
  C:\Windows\System\KzJcenQ.exe
  2⤵
  PID:3644
- C:\Windows\System\AWYXgPm.exe
  C:\Windows\System\AWYXgPm.exe
  2⤵
  PID:3660
- C:\Windows\System\LSJQTPR.exe
  C:\Windows\System\LSJQTPR.exe
  2⤵
  PID:3792
- C:\Windows\System\roPZfRW.exe
  C:\Windows\System\roPZfRW.exe
  2⤵
  PID:3884
- C:\Windows\System\zufOtZW.exe
  C:\Windows\System\zufOtZW.exe
  2⤵
  PID:4104
- C:\Windows\System\KWGQnzV.exe
  C:\Windows\System\KWGQnzV.exe
  2⤵
  PID:4120
- C:\Windows\System\kGNTJDL.exe
  C:\Windows\System\kGNTJDL.exe
  2⤵
  PID:4136
- C:\Windows\System\YREuqvu.exe
  C:\Windows\System\YREuqvu.exe
  2⤵
  PID:4152
- C:\Windows\System\khQBHuv.exe
  C:\Windows\System\khQBHuv.exe
  2⤵
  PID:4168
- C:\Windows\System\EBJcWqG.exe
  C:\Windows\System\EBJcWqG.exe
  2⤵
  PID:4184
- C:\Windows\System\MTxWjYW.exe
  C:\Windows\System\MTxWjYW.exe
  2⤵
  PID:4200
- C:\Windows\System\FWnlisD.exe
  C:\Windows\System\FWnlisD.exe
  2⤵
  PID:4216
- C:\Windows\System\ZdmFqbh.exe
  C:\Windows\System\ZdmFqbh.exe
  2⤵
  PID:4232
- C:\Windows\System\TRydOPP.exe
  C:\Windows\System\TRydOPP.exe
  2⤵
  PID:4248
- C:\Windows\System\jhcdMKF.exe
  C:\Windows\System\jhcdMKF.exe
  2⤵
  PID:4264
- C:\Windows\System\ewDiOYJ.exe
  C:\Windows\System\ewDiOYJ.exe
  2⤵
  PID:4280
- C:\Windows\System\MNwRyJC.exe
  C:\Windows\System\MNwRyJC.exe
  2⤵
  PID:4296
- C:\Windows\System\qsBOiIF.exe
  C:\Windows\System\qsBOiIF.exe
  2⤵
  PID:4312
- C:\Windows\System\zelcpHQ.exe
  C:\Windows\System\zelcpHQ.exe
  2⤵
  PID:4328
- C:\Windows\System\LaljYTI.exe
  C:\Windows\System\LaljYTI.exe
  2⤵
  PID:4344
- C:\Windows\System\jxffDoK.exe
  C:\Windows\System\jxffDoK.exe
  2⤵
  PID:4360
- C:\Windows\System\VBnnuUC.exe
  C:\Windows\System\VBnnuUC.exe
  2⤵
  PID:4376
- C:\Windows\System\FaErarF.exe
  C:\Windows\System\FaErarF.exe
  2⤵
  PID:4392
- C:\Windows\System\DSlJThO.exe
  C:\Windows\System\DSlJThO.exe
  2⤵
  PID:4408
- C:\Windows\System\NSIDJxb.exe
  C:\Windows\System\NSIDJxb.exe
  2⤵
  PID:4424
- C:\Windows\System\UwsXlPF.exe
  C:\Windows\System\UwsXlPF.exe
  2⤵
  PID:4440
- C:\Windows\System\OiskyKm.exe
  C:\Windows\System\OiskyKm.exe
  2⤵
  PID:4456
- C:\Windows\System\sBvvNdb.exe
  C:\Windows\System\sBvvNdb.exe
  2⤵
  PID:4472
- C:\Windows\System\osgpjpy.exe
  C:\Windows\System\osgpjpy.exe
  2⤵
  PID:4488
- C:\Windows\System\laYJidR.exe
  C:\Windows\System\laYJidR.exe
  2⤵
  PID:4504
- C:\Windows\System\gSkydcT.exe
  C:\Windows\System\gSkydcT.exe
  2⤵
  PID:4520
- C:\Windows\System\mEtJvRr.exe
  C:\Windows\System\mEtJvRr.exe
  2⤵
  PID:4536
- C:\Windows\System\YumiOhN.exe
  C:\Windows\System\YumiOhN.exe
  2⤵
  PID:4552
- C:\Windows\System\pYUGkUO.exe
  C:\Windows\System\pYUGkUO.exe
  2⤵
  PID:4568
- C:\Windows\System\qYoTamS.exe
  C:\Windows\System\qYoTamS.exe
  2⤵
  PID:4584
- C:\Windows\System\gmnAQBs.exe
  C:\Windows\System\gmnAQBs.exe
  2⤵
  PID:4600
- C:\Windows\System\IGTrlDu.exe
  C:\Windows\System\IGTrlDu.exe
  2⤵
  PID:4616
- C:\Windows\System\IfafDef.exe
  C:\Windows\System\IfafDef.exe
  2⤵
  PID:4632
- C:\Windows\System\SWVnVGD.exe
  C:\Windows\System\SWVnVGD.exe
  2⤵
  PID:4648
- C:\Windows\System\OwsltxM.exe
  C:\Windows\System\OwsltxM.exe
  2⤵
  PID:4664
- C:\Windows\System\FwxbaVd.exe
  C:\Windows\System\FwxbaVd.exe
  2⤵
  PID:4680
- C:\Windows\System\yYgMlPm.exe
  C:\Windows\System\yYgMlPm.exe
  2⤵
  PID:4696
- C:\Windows\System\gDAzpID.exe
  C:\Windows\System\gDAzpID.exe
  2⤵
  PID:4712
- C:\Windows\System\dvoRxMe.exe
  C:\Windows\System\dvoRxMe.exe
  2⤵
  PID:4728
- C:\Windows\System\QyNOOmf.exe
  C:\Windows\System\QyNOOmf.exe
  2⤵
  PID:4744
- C:\Windows\System\peCdWJi.exe
  C:\Windows\System\peCdWJi.exe
  2⤵
  PID:4760
- C:\Windows\System\PLtdGov.exe
  C:\Windows\System\PLtdGov.exe
  2⤵
  PID:4776
- C:\Windows\System\hySdrgl.exe
  C:\Windows\System\hySdrgl.exe
  2⤵
  PID:4792
- C:\Windows\System\lxpkoVA.exe
  C:\Windows\System\lxpkoVA.exe
  2⤵
  PID:4808
- C:\Windows\System\sLnEyAG.exe
  C:\Windows\System\sLnEyAG.exe
  2⤵
  PID:4824
- C:\Windows\System\KjEgPXO.exe
  C:\Windows\System\KjEgPXO.exe
  2⤵
  PID:4840
- C:\Windows\System\fLKljkT.exe
  C:\Windows\System\fLKljkT.exe
  2⤵
  PID:4856
- C:\Windows\System\nqtcRWo.exe
  C:\Windows\System\nqtcRWo.exe
  2⤵
  PID:4872
- C:\Windows\System\RJlCHYU.exe
  C:\Windows\System\RJlCHYU.exe
  2⤵
  PID:4888
- C:\Windows\System\YticPLV.exe
  C:\Windows\System\YticPLV.exe
  2⤵
  PID:4904
- C:\Windows\System\HezDgnf.exe
  C:\Windows\System\HezDgnf.exe
  2⤵
  PID:4920
- C:\Windows\System\Wnioide.exe
  C:\Windows\System\Wnioide.exe
  2⤵
  PID:4936
- C:\Windows\System\juHocZV.exe
  C:\Windows\System\juHocZV.exe
  2⤵
  PID:4952
- C:\Windows\System\LaigXQX.exe
  C:\Windows\System\LaigXQX.exe
  2⤵
  PID:4968
- C:\Windows\System\XaoAOrX.exe
  C:\Windows\System\XaoAOrX.exe
  2⤵
  PID:4984
- C:\Windows\System\IjaWYIw.exe
  C:\Windows\System\IjaWYIw.exe
  2⤵
  PID:5000
- C:\Windows\System\bvyJdov.exe
  C:\Windows\System\bvyJdov.exe
  2⤵
  PID:5016
- C:\Windows\System\vPZRWju.exe
  C:\Windows\System\vPZRWju.exe
  2⤵
  PID:5032
- C:\Windows\System\BTryUwT.exe
  C:\Windows\System\BTryUwT.exe
  2⤵
  PID:5048
- C:\Windows\System\FCbrPYZ.exe
  C:\Windows\System\FCbrPYZ.exe
  2⤵
  PID:5064
- C:\Windows\System\sRiUUHF.exe
  C:\Windows\System\sRiUUHF.exe
  2⤵
  PID:5080
- C:\Windows\System\cGFXmts.exe
  C:\Windows\System\cGFXmts.exe
  2⤵
  PID:5096
- C:\Windows\System\yoLXwOk.exe
  C:\Windows\System\yoLXwOk.exe
  2⤵
  PID:5112
- C:\Windows\System\DoXMmkJ.exe
  C:\Windows\System\DoXMmkJ.exe
  2⤵
  PID:4032
- C:\Windows\System\LKrzaNd.exe
  C:\Windows\System\LKrzaNd.exe
  2⤵
  PID:2880
- C:\Windows\System\KUpuTWu.exe
  C:\Windows\System\KUpuTWu.exe
  2⤵
  PID:3084
- C:\Windows\System\AECiHxj.exe
  C:\Windows\System\AECiHxj.exe
  2⤵
  PID:4000
- C:\Windows\System\OlAAvyA.exe
  C:\Windows\System\OlAAvyA.exe
  2⤵
  PID:888
- C:\Windows\System\fuHrJaz.exe
  C:\Windows\System\fuHrJaz.exe
  2⤵
  PID:3148
- C:\Windows\System\TnEmAEb.exe
  C:\Windows\System\TnEmAEb.exe
  2⤵
  PID:3456
- C:\Windows\System\NuMezvr.exe
  C:\Windows\System\NuMezvr.exe
  2⤵
  PID:3548
- C:\Windows\System\nrdcklb.exe
  C:\Windows\System\nrdcklb.exe
  2⤵
  PID:3532
- C:\Windows\System\sbiWkDo.exe
  C:\Windows\System\sbiWkDo.exe
  2⤵
  PID:3852
- C:\Windows\System\sVtLADU.exe
  C:\Windows\System\sVtLADU.exe
  2⤵
  PID:4176
- C:\Windows\System\eMekepR.exe
  C:\Windows\System\eMekepR.exe
  2⤵
  PID:3788
- C:\Windows\System\rrIIiVD.exe
  C:\Windows\System\rrIIiVD.exe
  2⤵
  PID:3952
- C:\Windows\System\UuuPjsO.exe
  C:\Windows\System\UuuPjsO.exe
  2⤵
  PID:4160
- C:\Windows\System\GemodRf.exe
  C:\Windows\System\GemodRf.exe
  2⤵
  PID:4228
- C:\Windows\System\axnajTH.exe
  C:\Windows\System\axnajTH.exe
  2⤵
  PID:4304
- C:\Windows\System\OjobdsI.exe
  C:\Windows\System\OjobdsI.exe
  2⤵
  PID:4368
- C:\Windows\System\PBUfwjg.exe
  C:\Windows\System\PBUfwjg.exe
  2⤵
  PID:4260
- C:\Windows\System\LXXkkuy.exe
  C:\Windows\System\LXXkkuy.exe
  2⤵
  PID:4320
- C:\Windows\System\RRQSuDr.exe
  C:\Windows\System\RRQSuDr.exe
  2⤵
  PID:4464
- C:\Windows\System\nxbTLxA.exe
  C:\Windows\System\nxbTLxA.exe
  2⤵
  PID:4356
- C:\Windows\System\WYPiqLq.exe
  C:\Windows\System\WYPiqLq.exe
  2⤵
  PID:4500
- C:\Windows\System\sdwQERF.exe
  C:\Windows\System\sdwQERF.exe
  2⤵
  PID:4564
- C:\Windows\System\gjtLvfe.exe
  C:\Windows\System\gjtLvfe.exe
  2⤵
  PID:4628
- C:\Windows\System\ZDAnvtd.exe
  C:\Windows\System\ZDAnvtd.exe
  2⤵
  PID:4692
- C:\Windows\System\hmxolud.exe
  C:\Windows\System\hmxolud.exe
  2⤵
  PID:4756
- C:\Windows\System\RDUowRW.exe
  C:\Windows\System\RDUowRW.exe
  2⤵
  PID:4820
- C:\Windows\System\nvomgZJ.exe
  C:\Windows\System\nvomgZJ.exe
  2⤵
  PID:4884
- C:\Windows\System\ZUZXhRA.exe
  C:\Windows\System\ZUZXhRA.exe
  2⤵
  PID:4948
- C:\Windows\System\ifrVnBw.exe
  C:\Windows\System\ifrVnBw.exe
  2⤵
  PID:5012
- C:\Windows\System\qZUaRiH.exe
  C:\Windows\System\qZUaRiH.exe
  2⤵
  PID:5076
- C:\Windows\System\xOWdQbu.exe
  C:\Windows\System\xOWdQbu.exe
  2⤵
  PID:4080
- C:\Windows\System\gBgpDkG.exe
  C:\Windows\System\gBgpDkG.exe
  2⤵
  PID:2248
- C:\Windows\System\VozvDkV.exe
  C:\Windows\System\VozvDkV.exe
  2⤵
  PID:3776
- C:\Windows\System\gSaPRgY.exe
  C:\Windows\System\gSaPRgY.exe
  2⤵
  PID:4576
- C:\Windows\System\JkiMnJH.exe
  C:\Windows\System\JkiMnJH.exe
  2⤵
  PID:4480
- C:\Windows\System\esglNSG.exe
  C:\Windows\System\esglNSG.exe
  2⤵
  PID:4608
- C:\Windows\System\VqeyVkI.exe
  C:\Windows\System\VqeyVkI.exe
  2⤵
  PID:4672
- C:\Windows\System\tTCdQsi.exe
  C:\Windows\System\tTCdQsi.exe
  2⤵
  PID:4208
- C:\Windows\System\SxhvsGE.exe
  C:\Windows\System\SxhvsGE.exe
  2⤵
  PID:4772
- C:\Windows\System\fnZwyUM.exe
  C:\Windows\System\fnZwyUM.exe
  2⤵
  PID:4836
- C:\Windows\System\BtakXZr.exe
  C:\Windows\System\BtakXZr.exe
  2⤵
  PID:4132
- C:\Windows\System\icFNCyK.exe
  C:\Windows\System\icFNCyK.exe
  2⤵
  PID:4928
- C:\Windows\System\FZHrqyE.exe
  C:\Windows\System\FZHrqyE.exe
  2⤵
  PID:3920
- C:\Windows\System\RQKsqML.exe
  C:\Windows\System\RQKsqML.exe
  2⤵
  PID:5060
- C:\Windows\System\eZriBka.exe
  C:\Windows\System\eZriBka.exe
  2⤵
  PID:4996
- C:\Windows\System\RQtosvW.exe
  C:\Windows\System\RQtosvW.exe
  2⤵
  PID:4044
- C:\Windows\System\RSvnixu.exe
  C:\Windows\System\RSvnixu.exe
  2⤵
  PID:3616
- C:\Windows\System\FkyvEbg.exe
  C:\Windows\System\FkyvEbg.exe
  2⤵
  PID:4116
- C:\Windows\System\nrbrizI.exe
  C:\Windows\System\nrbrizI.exe
  2⤵
  PID:4276
- C:\Windows\System\jhHtnSU.exe
  C:\Windows\System\jhHtnSU.exe
  2⤵
  PID:4432
- C:\Windows\System\BzmYfbS.exe
  C:\Windows\System\BzmYfbS.exe
  2⤵
  PID:4880
- C:\Windows\System\bbzGoCQ.exe
  C:\Windows\System\bbzGoCQ.exe
  2⤵
  PID:4624
- C:\Windows\System\BTOLRjj.exe
  C:\Windows\System\BTOLRjj.exe
  2⤵
  PID:4292
- C:\Windows\System\BtMajQx.exe
  C:\Windows\System\BtMajQx.exe
  2⤵
  PID:4660
- C:\Windows\System\kqrFKMV.exe
  C:\Windows\System\kqrFKMV.exe
  2⤵
  PID:4868
- C:\Windows\System\fxlSWbe.exe
  C:\Windows\System\fxlSWbe.exe
  2⤵
  PID:4944
- C:\Windows\System\RbifDDD.exe
  C:\Windows\System\RbifDDD.exe
  2⤵
  PID:1968
- C:\Windows\System\qQhpZFa.exe
  C:\Windows\System\qQhpZFa.exe
  2⤵
  PID:5028
- C:\Windows\System\PhYZblU.exe
  C:\Windows\System\PhYZblU.exe
  2⤵
  PID:4100
- C:\Windows\System\amEFYwv.exe
  C:\Windows\System\amEFYwv.exe
  2⤵
  PID:4980
- C:\Windows\System\WnDsqkO.exe
  C:\Windows\System\WnDsqkO.exe
  2⤵
  PID:4224
- C:\Windows\System\kxVuezG.exe
  C:\Windows\System\kxVuezG.exe
  2⤵
  PID:5088
- C:\Windows\System\SFcznxO.exe
  C:\Windows\System\SFcznxO.exe
  2⤵
  PID:4580
- C:\Windows\System\TMcaAge.exe
  C:\Windows\System\TMcaAge.exe
  2⤵
  PID:4640
- C:\Windows\System\dayvXiB.exe
  C:\Windows\System\dayvXiB.exe
  2⤵
  PID:5044
- C:\Windows\System\duPDFYN.exe
  C:\Windows\System\duPDFYN.exe
  2⤵
  PID:5124
- C:\Windows\System\OuoBiHL.exe
  C:\Windows\System\OuoBiHL.exe
  2⤵
  PID:5140
- C:\Windows\System\xiSZxBI.exe
  C:\Windows\System\xiSZxBI.exe
  2⤵
  PID:5160
- C:\Windows\System\RlRdJKe.exe
  C:\Windows\System\RlRdJKe.exe
  2⤵
  PID:5176
- C:\Windows\System\qacVKYN.exe
  C:\Windows\System\qacVKYN.exe
  2⤵
  PID:5196
- C:\Windows\System\zTyEfwW.exe
  C:\Windows\System\zTyEfwW.exe
  2⤵
  PID:5216
- C:\Windows\System\TLjoOUc.exe
  C:\Windows\System\TLjoOUc.exe
  2⤵
  PID:5236
- C:\Windows\System\bzZkilt.exe
  C:\Windows\System\bzZkilt.exe
  2⤵
  PID:5252
- C:\Windows\System\xTxpEWC.exe
  C:\Windows\System\xTxpEWC.exe
  2⤵
  PID:5268
- C:\Windows\System\UDlEzrz.exe
  C:\Windows\System\UDlEzrz.exe
  2⤵
  PID:5284
- C:\Windows\System\PtCNYfJ.exe
  C:\Windows\System\PtCNYfJ.exe
  2⤵
  PID:5300
- C:\Windows\System\MDsfcou.exe
  C:\Windows\System\MDsfcou.exe
  2⤵
  PID:5316
- C:\Windows\System\ZhfsTnY.exe
  C:\Windows\System\ZhfsTnY.exe
  2⤵
  PID:5332
- C:\Windows\System\LNMXWSa.exe
  C:\Windows\System\LNMXWSa.exe
  2⤵
  PID:5352
- C:\Windows\System\UOdmpkY.exe
  C:\Windows\System\UOdmpkY.exe
  2⤵
  PID:5368
- C:\Windows\System\eheStNy.exe
  C:\Windows\System\eheStNy.exe
  2⤵
  PID:5384
- C:\Windows\System\wetXRZr.exe
  C:\Windows\System\wetXRZr.exe
  2⤵
  PID:5400
- C:\Windows\System\mbAZdiX.exe
  C:\Windows\System\mbAZdiX.exe
  2⤵
  PID:5416
- C:\Windows\System\LtrQJYV.exe
  C:\Windows\System\LtrQJYV.exe
  2⤵
  PID:5432
- C:\Windows\System\XbDyzft.exe
  C:\Windows\System\XbDyzft.exe
  2⤵
  PID:5448
- C:\Windows\System\QGHvSRW.exe
  C:\Windows\System\QGHvSRW.exe
  2⤵
  PID:5468
- C:\Windows\System\lGxpZvO.exe
  C:\Windows\System\lGxpZvO.exe
  2⤵
  PID:5488
- C:\Windows\System\hFIEwsu.exe
  C:\Windows\System\hFIEwsu.exe
  2⤵
  PID:5512
- C:\Windows\System\FOUxHep.exe
  C:\Windows\System\FOUxHep.exe
  2⤵
  PID:5528
- C:\Windows\System\XTvnLMi.exe
  C:\Windows\System\XTvnLMi.exe
  2⤵
  PID:5548
- C:\Windows\System\fQbzFCl.exe
  C:\Windows\System\fQbzFCl.exe
  2⤵
  PID:5564
- C:\Windows\System\mmrxskc.exe
  C:\Windows\System\mmrxskc.exe
  2⤵
  PID:5584
- C:\Windows\System\yMXrLyp.exe
  C:\Windows\System\yMXrLyp.exe
  2⤵
  PID:5604
- C:\Windows\System\tqYouml.exe
  C:\Windows\System\tqYouml.exe
  2⤵
  PID:5620
- C:\Windows\System\UjXwDnM.exe
  C:\Windows\System\UjXwDnM.exe
  2⤵
  PID:5644
- C:\Windows\System\vWUrCOs.exe
  C:\Windows\System\vWUrCOs.exe
  2⤵
  PID:5660
- C:\Windows\System\ArPEyML.exe
  C:\Windows\System\ArPEyML.exe
  2⤵
  PID:5680
- C:\Windows\System\XPkptGK.exe
  C:\Windows\System\XPkptGK.exe
  2⤵
  PID:5696
- C:\Windows\System\vPQvqKk.exe
  C:\Windows\System\vPQvqKk.exe
  2⤵
  PID:5712
- C:\Windows\System\zJlQXaq.exe
  C:\Windows\System\zJlQXaq.exe
  2⤵
  PID:5728
- C:\Windows\System\iGtsyzk.exe
  C:\Windows\System\iGtsyzk.exe
  2⤵
  PID:5752
- C:\Windows\System\ZVAOlRM.exe
  C:\Windows\System\ZVAOlRM.exe
  2⤵
  PID:5836
- C:\Windows\System\sEtaZSe.exe
  C:\Windows\System\sEtaZSe.exe
  2⤵
  PID:6060
- C:\Windows\System\mnehvjX.exe
  C:\Windows\System\mnehvjX.exe
  2⤵
  PID:6140
- C:\Windows\System\SQTlIxk.exe
  C:\Windows\System\SQTlIxk.exe
  2⤵
  PID:1632
- C:\Windows\System\CGsjFvc.exe
  C:\Windows\System\CGsjFvc.exe
  2⤵
  PID:4788
- C:\Windows\System\FMcmhgB.exe
  C:\Windows\System\FMcmhgB.exe
  2⤵
  PID:4964
- C:\Windows\System\RpZimKb.exe
  C:\Windows\System\RpZimKb.exe
  2⤵
  PID:4832
- C:\Windows\System\IlCxVAl.exe
  C:\Windows\System\IlCxVAl.exe
  2⤵
  PID:4596
- C:\Windows\System\PUOjuPY.exe
  C:\Windows\System\PUOjuPY.exe
  2⤵
  PID:4144
- C:\Windows\System\AqmubhB.exe
  C:\Windows\System\AqmubhB.exe
  2⤵
  PID:628
- C:\Windows\System\Dprmcud.exe
  C:\Windows\System\Dprmcud.exe
  2⤵
  PID:4740
- C:\Windows\System\fhamtwQ.exe
  C:\Windows\System\fhamtwQ.exe
  2⤵
  PID:4724
- C:\Windows\System\AWJsqQg.exe
  C:\Windows\System\AWJsqQg.exe
  2⤵
  PID:5152
- C:\Windows\System\edpDkYi.exe
  C:\Windows\System\edpDkYi.exe
  2⤵
  PID:4352
- C:\Windows\System\FLbiNSV.exe
  C:\Windows\System\FLbiNSV.exe
  2⤵
  PID:5184
- C:\Windows\System\tTaKgxT.exe
  C:\Windows\System\tTaKgxT.exe
  2⤵
  PID:5224
- C:\Windows\System\HxKvEMl.exe
  C:\Windows\System\HxKvEMl.exe
  2⤵
  PID:5276
- C:\Windows\System\BjEoBbC.exe
  C:\Windows\System\BjEoBbC.exe
  2⤵
  PID:5312
- C:\Windows\System\RKrpVoi.exe
  C:\Windows\System\RKrpVoi.exe
  2⤵
  PID:5328
- C:\Windows\System\UvwyUEf.exe
  C:\Windows\System\UvwyUEf.exe
  2⤵
  PID:5396
- C:\Windows\System\rFuQfVB.exe
  C:\Windows\System\rFuQfVB.exe
  2⤵
  PID:5428
- C:\Windows\System\ZmRvTmk.exe
  C:\Windows\System\ZmRvTmk.exe
  2⤵
  PID:5456
- C:\Windows\System\srifgyp.exe
  C:\Windows\System\srifgyp.exe
  2⤵
  PID:5500
- C:\Windows\System\YIpVcup.exe
  C:\Windows\System\YIpVcup.exe
  2⤵
  PID:5556
- C:\Windows\System\PrJAEGW.exe
  C:\Windows\System\PrJAEGW.exe
  2⤵
  PID:5592
- C:\Windows\System\MWkNiLU.exe
  C:\Windows\System\MWkNiLU.exe
  2⤵
  PID:5628
- C:\Windows\System\FfAUkMV.exe
  C:\Windows\System\FfAUkMV.exe
  2⤵
  PID:5640
- C:\Windows\System\DnvaEyS.exe
  C:\Windows\System\DnvaEyS.exe
  2⤵
  PID:5612
- C:\Windows\System\dlvWpVZ.exe
  C:\Windows\System\dlvWpVZ.exe
  2⤵
  PID:6128
- C:\Windows\System\sCKvxap.exe
  C:\Windows\System\sCKvxap.exe
  2⤵
  PID:5708
- C:\Windows\System\RLCvfel.exe
  C:\Windows\System\RLCvfel.exe
  2⤵
  PID:5740
- C:\Windows\System\OWEXrvU.exe
  C:\Windows\System\OWEXrvU.exe
  2⤵
  PID:5692
- C:\Windows\System\LnsMhdy.exe
  C:\Windows\System\LnsMhdy.exe
  2⤵
  PID:5764
- C:\Windows\System\ekGZOgC.exe
  C:\Windows\System\ekGZOgC.exe
  2⤵
  PID:3004
- C:\Windows\System\zPlrmDT.exe
  C:\Windows\System\zPlrmDT.exe
  2⤵
  PID:5108
- C:\Windows\System\CWFvyCa.exe
  C:\Windows\System\CWFvyCa.exe
  2⤵
  PID:4512
- C:\Windows\System\oBLGXEx.exe
  C:\Windows\System\oBLGXEx.exe
  2⤵
  PID:5136
- C:\Windows\System\pYUpxum.exe
  C:\Windows\System\pYUpxum.exe
  2⤵
  PID:5788
- C:\Windows\System\ssKLisf.exe
  C:\Windows\System\ssKLisf.exe
  2⤵
  PID:5804
- C:\Windows\System\PeaLXQb.exe
  C:\Windows\System\PeaLXQb.exe
  2⤵
  PID:5828
- C:\Windows\System\bGcLdbD.exe
  C:\Windows\System\bGcLdbD.exe
  2⤵
  PID:5988
- C:\Windows\System\IJyhXvt.exe
  C:\Windows\System\IJyhXvt.exe
  2⤵
  PID:1320
- C:\Windows\System\yRvcZlj.exe
  C:\Windows\System\yRvcZlj.exe
  2⤵
  PID:5944
- C:\Windows\System\KKzxChM.exe
  C:\Windows\System\KKzxChM.exe
  2⤵
  PID:5960
- C:\Windows\System\VJkLWuR.exe
  C:\Windows\System\VJkLWuR.exe
  2⤵
  PID:5972
- C:\Windows\System\bnDBGic.exe
  C:\Windows\System\bnDBGic.exe
  2⤵
  PID:5984
- C:\Windows\System\EyGitdX.exe
  C:\Windows\System\EyGitdX.exe
  2⤵
  PID:820
- C:\Windows\System\zEWxmol.exe
  C:\Windows\System\zEWxmol.exe
  2⤵
  PID:6020
- C:\Windows\System\nyDuptd.exe
  C:\Windows\System\nyDuptd.exe
  2⤵
  PID:6040
- C:\Windows\System\nJDJCtu.exe
  C:\Windows\System\nJDJCtu.exe
  2⤵
  PID:6052
- C:\Windows\System\FlBJahZ.exe
  C:\Windows\System\FlBJahZ.exe
  2⤵
  PID:1752
- C:\Windows\System\nftPgpJ.exe
  C:\Windows\System\nftPgpJ.exe
  2⤵
  PID:6100
- C:\Windows\System\uRHshBl.exe
  C:\Windows\System\uRHshBl.exe
  2⤵
  PID:6116
- C:\Windows\System\udufEAY.exe
  C:\Windows\System\udufEAY.exe
  2⤵
  PID:4688
- C:\Windows\System\sZvgqdA.exe
  C:\Windows\System\sZvgqdA.exe
  2⤵
  PID:6124
- C:\Windows\System\aQfFpcD.exe
  C:\Windows\System\aQfFpcD.exe
  2⤵
  PID:3472
- C:\Windows\System\EwoasMu.exe
  C:\Windows\System\EwoasMu.exe
  2⤵
  PID:4256
- C:\Windows\System\klmQdny.exe
  C:\Windows\System\klmQdny.exe
  2⤵
  PID:5148
- C:\Windows\System\Fywhmdk.exe
  C:\Windows\System\Fywhmdk.exe
  2⤵
  PID:4560
- C:\Windows\System\naKrkHt.exe
  C:\Windows\System\naKrkHt.exe
  2⤵
  PID:5228
- C:\Windows\System\wclhfhL.exe
  C:\Windows\System\wclhfhL.exe
  2⤵
  PID:5380
- C:\Windows\System\ZBPSmMb.exe
  C:\Windows\System\ZBPSmMb.exe
  2⤵
  PID:2528
- C:\Windows\System\KLsJVRj.exe
  C:\Windows\System\KLsJVRj.exe
  2⤵
  PID:5508
- C:\Windows\System\flXScWm.exe
  C:\Windows\System\flXScWm.exe
  2⤵
  PID:5688
- C:\Windows\System\kqRDqSE.exe
  C:\Windows\System\kqRDqSE.exe
  2⤵
  PID:4548
- C:\Windows\System\cvmjSiX.exe
  C:\Windows\System\cvmjSiX.exe
  2⤵
  PID:5820
- C:\Windows\System\buWeOXB.exe
  C:\Windows\System\buWeOXB.exe
  2⤵
  PID:5444
- C:\Windows\System\nkTbfLt.exe
  C:\Windows\System\nkTbfLt.exe
  2⤵
  PID:5496
- C:\Windows\System\zEVWAOn.exe
  C:\Windows\System\zEVWAOn.exe
  2⤵
  PID:5952
- C:\Windows\System\gYpEaLc.exe
  C:\Windows\System\gYpEaLc.exe
  2⤵
  PID:5852
- C:\Windows\System\HWythaL.exe
  C:\Windows\System\HWythaL.exe
  2⤵
  PID:2756
- C:\Windows\System\lXivnVK.exe
  C:\Windows\System\lXivnVK.exe
  2⤵
  PID:5920
- C:\Windows\System\kiDfJtB.exe
  C:\Windows\System\kiDfJtB.exe
  2⤵
  PID:2740
- C:\Windows\System\ADgLkQU.exe
  C:\Windows\System\ADgLkQU.exe
  2⤵
  PID:5208
- C:\Windows\System\MhEQtRJ.exe
  C:\Windows\System\MhEQtRJ.exe
  2⤵
  PID:5296
- C:\Windows\System\AtcbHcA.exe
  C:\Windows\System\AtcbHcA.exe
  2⤵
  PID:5412
- C:\Windows\System\inGNcoj.exe
  C:\Windows\System\inGNcoj.exe
  2⤵
  PID:5616
- C:\Windows\System\CTtzpup.exe
  C:\Windows\System\CTtzpup.exe
  2⤵
  PID:4900
- C:\Windows\System\sUAcFAX.exe
  C:\Windows\System\sUAcFAX.exe
  2⤵
  PID:5784
- C:\Windows\System\xWpVLEd.exe
  C:\Windows\System\xWpVLEd.exe
  2⤵
  PID:5896
- C:\Windows\System\cJkUyln.exe
  C:\Windows\System\cJkUyln.exe
  2⤵
  PID:2564
- C:\Windows\System\cUrsUxQ.exe
  C:\Windows\System\cUrsUxQ.exe
  2⤵
  PID:5324
- C:\Windows\System\iVWQSIl.exe
  C:\Windows\System\iVWQSIl.exe
  2⤵
  PID:5996
- C:\Windows\System\wxAPVgv.exe
  C:\Windows\System\wxAPVgv.exe
  2⤵
  PID:3888
- C:\Windows\System\IiizcIl.exe
  C:\Windows\System\IiizcIl.exe
  2⤵
  PID:5280
- C:\Windows\System\VFiuwQp.exe
  C:\Windows\System\VFiuwQp.exe
  2⤵
  PID:5480
- C:\Windows\System\jYHIwPq.exe
  C:\Windows\System\jYHIwPq.exe
  2⤵
  PID:6120
- C:\Windows\System\MfzNYUe.exe
  C:\Windows\System\MfzNYUe.exe
  2⤵
  PID:1516
- C:\Windows\System\NPlmOGI.exe
  C:\Windows\System\NPlmOGI.exe
  2⤵
  PID:2136
- C:\Windows\System\SMykvHq.exe
  C:\Windows\System\SMykvHq.exe
  2⤵
  PID:2668
- C:\Windows\System\bAgNode.exe
  C:\Windows\System\bAgNode.exe
  2⤵
  PID:5652
- C:\Windows\System\fYimLga.exe
  C:\Windows\System\fYimLga.exe
  2⤵
  PID:5864
- C:\Windows\System\awdqloc.exe
  C:\Windows\System\awdqloc.exe
  2⤵
  PID:2352
- C:\Windows\System\dZRyiaB.exe
  C:\Windows\System\dZRyiaB.exe
  2⤵
  PID:5872
- C:\Windows\System\bVwTYaR.exe
  C:\Windows\System\bVwTYaR.exe
  2⤵
  PID:5832
- C:\Windows\System\WPntGMD.exe
  C:\Windows\System\WPntGMD.exe
  2⤵
  PID:5936
- C:\Windows\System\MYUrRbx.exe
  C:\Windows\System\MYUrRbx.exe
  2⤵
  PID:2376
- C:\Windows\System\qxtydbq.exe
  C:\Windows\System\qxtydbq.exe
  2⤵
  PID:6012
- C:\Windows\System\ChYZLfz.exe
  C:\Windows\System\ChYZLfz.exe
  2⤵
  PID:6132
- C:\Windows\System\iaEVlFj.exe
  C:\Windows\System\iaEVlFj.exe
  2⤵
  PID:4960
- C:\Windows\System\QUPktpv.exe
  C:\Windows\System\QUPktpv.exe
  2⤵
  PID:6096
- C:\Windows\System\CsXVxBZ.exe
  C:\Windows\System\CsXVxBZ.exe
  2⤵
  PID:408
- C:\Windows\System\bfYPrct.exe
  C:\Windows\System\bfYPrct.exe
  2⤵
  PID:5884
- C:\Windows\System\yIkjIRb.exe
  C:\Windows\System\yIkjIRb.exe
  2⤵
  PID:5520
- C:\Windows\System\kiBmRCZ.exe
  C:\Windows\System\kiBmRCZ.exe
  2⤵
  PID:5348
- C:\Windows\System\rmzsLvc.exe
  C:\Windows\System\rmzsLvc.exe
  2⤵
  PID:5704
- C:\Windows\System\eqMqfig.exe
  C:\Windows\System\eqMqfig.exe
  2⤵
  PID:2300
- C:\Windows\System\rIqTNgv.exe
  C:\Windows\System\rIqTNgv.exe
  2⤵
  PID:2960
- C:\Windows\System\XUqoZiu.exe
  C:\Windows\System\XUqoZiu.exe
  2⤵
  PID:2580
- C:\Windows\System\mRWswlA.exe
  C:\Windows\System\mRWswlA.exe
  2⤵
  PID:6016
- C:\Windows\System\tnnrxUZ.exe
  C:\Windows\System\tnnrxUZ.exe
  2⤵
  PID:5308
- C:\Windows\System\WwWvqOw.exe
  C:\Windows\System\WwWvqOw.exe
  2⤵
  PID:5904
- C:\Windows\System\mpnRCGv.exe
  C:\Windows\System\mpnRCGv.exe
  2⤵
  PID:5848
- C:\Windows\System\fpbqOGO.exe
  C:\Windows\System\fpbqOGO.exe
  2⤵
  PID:5540
- C:\Windows\System\TfOJxyG.exe
  C:\Windows\System\TfOJxyG.exe
  2⤵
  PID:5800
- C:\Windows\System\dkETsKh.exe
  C:\Windows\System\dkETsKh.exe
  2⤵
  PID:708
- C:\Windows\System\SSaCZSh.exe
  C:\Windows\System\SSaCZSh.exe
  2⤵
  PID:5932
- C:\Windows\System\drlHkiJ.exe
  C:\Windows\System\drlHkiJ.exe
  2⤵
  PID:5892
- C:\Windows\System\AMEyuSA.exe
  C:\Windows\System\AMEyuSA.exe
  2⤵
  PID:2016
- C:\Windows\System\wTKHDyD.exe
  C:\Windows\System\wTKHDyD.exe
  2⤵
  PID:2996
- C:\Windows\System\CqIkKxh.exe
  C:\Windows\System\CqIkKxh.exe
  2⤵
  PID:6156
- C:\Windows\System\tHDmOQA.exe
  C:\Windows\System\tHDmOQA.exe
  2⤵
  PID:6172
- C:\Windows\System\nplOvNj.exe
  C:\Windows\System\nplOvNj.exe
  2⤵
  PID:6192
- C:\Windows\System\wqmYllM.exe
  C:\Windows\System\wqmYllM.exe
  2⤵
  PID:6240
- C:\Windows\System\lyVeIol.exe
  C:\Windows\System\lyVeIol.exe
  2⤵
  PID:6264
- C:\Windows\System\dxxAvGs.exe
  C:\Windows\System\dxxAvGs.exe
  2⤵
  PID:6280
- C:\Windows\System\GhiYhys.exe
  C:\Windows\System\GhiYhys.exe
  2⤵
  PID:6296
- C:\Windows\System\bLeobOn.exe
  C:\Windows\System\bLeobOn.exe
  2⤵
  PID:6312
- C:\Windows\System\vxvUFRu.exe
  C:\Windows\System\vxvUFRu.exe
  2⤵
  PID:6328
- C:\Windows\System\YfOqCvh.exe
  C:\Windows\System\YfOqCvh.exe
  2⤵
  PID:6344
- C:\Windows\System\brXqBbx.exe
  C:\Windows\System\brXqBbx.exe
  2⤵
  PID:6360
- C:\Windows\System\WZRsmQG.exe
  C:\Windows\System\WZRsmQG.exe
  2⤵
  PID:6376
- C:\Windows\System\OABPZgC.exe
  C:\Windows\System\OABPZgC.exe
  2⤵
  PID:6392
- C:\Windows\System\SkDOIrl.exe
  C:\Windows\System\SkDOIrl.exe
  2⤵
  PID:6408
- C:\Windows\System\asxBMhf.exe
  C:\Windows\System\asxBMhf.exe
  2⤵
  PID:6424
- C:\Windows\System\BQeEyWp.exe
  C:\Windows\System\BQeEyWp.exe
  2⤵
  PID:6440
- C:\Windows\System\BPkVhrL.exe
  C:\Windows\System\BPkVhrL.exe
  2⤵
  PID:6456
- C:\Windows\System\KgPtwFQ.exe
  C:\Windows\System\KgPtwFQ.exe
  2⤵
  PID:6472
- C:\Windows\System\MbOmogv.exe
  C:\Windows\System\MbOmogv.exe
  2⤵
  PID:6488
- C:\Windows\System\pswFgCJ.exe
  C:\Windows\System\pswFgCJ.exe
  2⤵
  PID:6504
- C:\Windows\System\pNsQhXT.exe
  C:\Windows\System\pNsQhXT.exe
  2⤵
  PID:6520
- C:\Windows\System\hjUqDMt.exe
  C:\Windows\System\hjUqDMt.exe
  2⤵
  PID:6536
- C:\Windows\System\IOwvUxo.exe
  C:\Windows\System\IOwvUxo.exe
  2⤵
  PID:6552
- C:\Windows\System\UbBDsMV.exe
  C:\Windows\System\UbBDsMV.exe
  2⤵
  PID:6568
- C:\Windows\System\IjWsNes.exe
  C:\Windows\System\IjWsNes.exe
  2⤵
  PID:6584
- C:\Windows\System\UiAqRpO.exe
  C:\Windows\System\UiAqRpO.exe
  2⤵
  PID:6600
- C:\Windows\System\STpGMSV.exe
  C:\Windows\System\STpGMSV.exe
  2⤵
  PID:6616
- C:\Windows\System\euWitez.exe
  C:\Windows\System\euWitez.exe
  2⤵
  PID:6632
- C:\Windows\System\nZXFgCp.exe
  C:\Windows\System\nZXFgCp.exe
  2⤵
  PID:6648
- C:\Windows\System\pLHbmvt.exe
  C:\Windows\System\pLHbmvt.exe
  2⤵
  PID:6664
- C:\Windows\System\zCSiGqE.exe
  C:\Windows\System\zCSiGqE.exe
  2⤵
  PID:6680
- C:\Windows\System\UVBgJqi.exe
  C:\Windows\System\UVBgJqi.exe
  2⤵
  PID:6696
- C:\Windows\System\yKlsNGM.exe
  C:\Windows\System\yKlsNGM.exe
  2⤵
  PID:6712
- C:\Windows\System\iqnNouY.exe
  C:\Windows\System\iqnNouY.exe
  2⤵
  PID:6728
- C:\Windows\System\kMFeGLl.exe
  C:\Windows\System\kMFeGLl.exe
  2⤵
  PID:6744
- C:\Windows\System\xmkbydi.exe
  C:\Windows\System\xmkbydi.exe
  2⤵
  PID:6760
- C:\Windows\System\MwtQwZw.exe
  C:\Windows\System\MwtQwZw.exe
  2⤵
  PID:6776
- C:\Windows\System\Fznkvvn.exe
  C:\Windows\System\Fznkvvn.exe
  2⤵
  PID:6792
- C:\Windows\System\hodUcFK.exe
  C:\Windows\System\hodUcFK.exe
  2⤵
  PID:6808
- C:\Windows\System\edFCumB.exe
  C:\Windows\System\edFCumB.exe
  2⤵
  PID:6824
- C:\Windows\System\YOYqmOe.exe
  C:\Windows\System\YOYqmOe.exe
  2⤵
  PID:6840
- C:\Windows\System\TDSmmEW.exe
  C:\Windows\System\TDSmmEW.exe
  2⤵
  PID:6856
- C:\Windows\System\QlDvdQy.exe
  C:\Windows\System\QlDvdQy.exe
  2⤵
  PID:6872
- C:\Windows\System\szBUELE.exe
  C:\Windows\System\szBUELE.exe
  2⤵
  PID:6888
- C:\Windows\System\FrVAGsm.exe
  C:\Windows\System\FrVAGsm.exe
  2⤵
  PID:6904
- C:\Windows\System\dDbwxQZ.exe
  C:\Windows\System\dDbwxQZ.exe
  2⤵
  PID:6920
- C:\Windows\System\CbZADaD.exe
  C:\Windows\System\CbZADaD.exe
  2⤵
  PID:6936
- C:\Windows\System\osGrlfV.exe
  C:\Windows\System\osGrlfV.exe
  2⤵
  PID:6952
- C:\Windows\System\gYTNpPY.exe
  C:\Windows\System\gYTNpPY.exe
  2⤵
  PID:6968
- C:\Windows\System\DYiKbez.exe
  C:\Windows\System\DYiKbez.exe
  2⤵
  PID:6984
- C:\Windows\System\uBKYukL.exe
  C:\Windows\System\uBKYukL.exe
  2⤵
  PID:7000
- C:\Windows\System\miWyIWt.exe
  C:\Windows\System\miWyIWt.exe
  2⤵
  PID:7016
- C:\Windows\System\CNurAQw.exe
  C:\Windows\System\CNurAQw.exe
  2⤵
  PID:7032
- C:\Windows\System\pDOzjWF.exe
  C:\Windows\System\pDOzjWF.exe
  2⤵
  PID:7048
- C:\Windows\System\EJNtnSC.exe
  C:\Windows\System\EJNtnSC.exe
  2⤵
  PID:7064
- C:\Windows\System\VPOJfUl.exe
  C:\Windows\System\VPOJfUl.exe
  2⤵
  PID:7080
- C:\Windows\System\wTTPPIK.exe
  C:\Windows\System\wTTPPIK.exe
  2⤵
  PID:7096
- C:\Windows\System\TVNtpie.exe
  C:\Windows\System\TVNtpie.exe
  2⤵
  PID:7112
- C:\Windows\System\lIqNlgt.exe
  C:\Windows\System\lIqNlgt.exe
  2⤵
  PID:7128
- C:\Windows\System\pmmQXZF.exe
  C:\Windows\System\pmmQXZF.exe
  2⤵
  PID:7144
- C:\Windows\System\DZqHppJ.exe
  C:\Windows\System\DZqHppJ.exe
  2⤵
  PID:7160
- C:\Windows\System\SRATYhj.exe
  C:\Windows\System\SRATYhj.exe
  2⤵
  PID:2712
- C:\Windows\System\hJMheYk.exe
  C:\Windows\System\hJMheYk.exe
  2⤵
  PID:5676
- C:\Windows\System\pInQLFy.exe
  C:\Windows\System\pInQLFy.exe
  2⤵
  PID:6032
- C:\Windows\System\nqJCWsi.exe
  C:\Windows\System\nqJCWsi.exe
  2⤵
  PID:4896
- C:\Windows\System\kauKudO.exe
  C:\Windows\System\kauKudO.exe
  2⤵
  PID:340
- C:\Windows\System\XGpDZBT.exe
  C:\Windows\System\XGpDZBT.exe
  2⤵
  PID:6184
- C:\Windows\System\GCgjCdC.exe
  C:\Windows\System\GCgjCdC.exe
  2⤵
  PID:6260
- C:\Windows\System\MkmAxMe.exe
  C:\Windows\System\MkmAxMe.exe
  2⤵
  PID:1548
- C:\Windows\System\lYQOlUr.exe
  C:\Windows\System\lYQOlUr.exe
  2⤵
  PID:6204
- C:\Windows\System\HtdwBqA.exe
  C:\Windows\System\HtdwBqA.exe
  2⤵
  PID:6220
- C:\Windows\System\KflNAad.exe
  C:\Windows\System\KflNAad.exe
  2⤵
  PID:6236
- C:\Windows\System\Ezhslbe.exe
  C:\Windows\System\Ezhslbe.exe
  2⤵
  PID:6304
- C:\Windows\System\GTYSdgE.exe
  C:\Windows\System\GTYSdgE.exe
  2⤵
  PID:6336
- C:\Windows\System\rHEOKkb.exe
  C:\Windows\System\rHEOKkb.exe
  2⤵
  PID:6368
- C:\Windows\System\POBNkXj.exe
  C:\Windows\System\POBNkXj.exe
  2⤵
  PID:6400
- C:\Windows\System\tLuOeRF.exe
  C:\Windows\System\tLuOeRF.exe
  2⤵
  PID:6432
- C:\Windows\System\zGkggzk.exe
  C:\Windows\System\zGkggzk.exe
  2⤵
  PID:6464
- C:\Windows\System\aKfkGer.exe
  C:\Windows\System\aKfkGer.exe
  2⤵
  PID:6496
- C:\Windows\System\tcySxMu.exe
  C:\Windows\System\tcySxMu.exe
  2⤵
  PID:6528
- C:\Windows\System\QDtwyNQ.exe
  C:\Windows\System\QDtwyNQ.exe
  2⤵
  PID:6548
- C:\Windows\System\guNtXSv.exe
  C:\Windows\System\guNtXSv.exe
  2⤵
  PID:6592
- C:\Windows\System\jErwvcH.exe
  C:\Windows\System\jErwvcH.exe
  2⤵
  PID:6624
- C:\Windows\System\wlGhALl.exe
  C:\Windows\System\wlGhALl.exe
  2⤵
  PID:6656
- C:\Windows\System\NAxAykK.exe
  C:\Windows\System\NAxAykK.exe
  2⤵
  PID:6688
- C:\Windows\System\XloUHfc.exe
  C:\Windows\System\XloUHfc.exe
  2⤵
  PID:6720
- C:\Windows\System\WYucGYi.exe
  C:\Windows\System\WYucGYi.exe
  2⤵
  PID:2400
- C:\Windows\System\KnxNNBD.exe
  C:\Windows\System\KnxNNBD.exe
  2⤵
  PID:6768
- C:\Windows\System\oMQNBYe.exe
  C:\Windows\System\oMQNBYe.exe
  2⤵
  PID:6900
- C:\Windows\System\RBDxKoc.exe
  C:\Windows\System\RBDxKoc.exe
  2⤵
  PID:7028
- C:\Windows\System\dHHAiUj.exe
  C:\Windows\System\dHHAiUj.exe
  2⤵
  PID:7072
- C:\Windows\System\QpbuUPH.exe
  C:\Windows\System\QpbuUPH.exe
  2⤵
  PID:2132
- C:\Windows\System\PMzwMOF.exe
  C:\Windows\System\PMzwMOF.exe
  2⤵
  PID:6820
- C:\Windows\System\QItNiWP.exe
  C:\Windows\System\QItNiWP.exe
  2⤵
  PID:6880
- C:\Windows\System\tYbSTsr.exe
  C:\Windows\System\tYbSTsr.exe
  2⤵
  PID:7060
- C:\Windows\System\rRHXfer.exe
  C:\Windows\System\rRHXfer.exe
  2⤵
  PID:6644
- C:\Windows\System\HfGdeTi.exe
  C:\Windows\System\HfGdeTi.exe
  2⤵
  PID:6756
- C:\Windows\System\fdlYMYH.exe
  C:\Windows\System\fdlYMYH.exe
  2⤵
  PID:6944
- C:\Windows\System\kjBbUNn.exe
  C:\Windows\System\kjBbUNn.exe
  2⤵
  PID:6640
- C:\Windows\System\Thfmwpf.exe
  C:\Windows\System\Thfmwpf.exe
  2⤵
  PID:6980
- C:\Windows\System\jJbDmpk.exe
  C:\Windows\System\jJbDmpk.exe
  2⤵
  PID:7076
- C:\Windows\System\ATCpSgY.exe
  C:\Windows\System\ATCpSgY.exe
  2⤵
  PID:2920
- C:\Windows\System\xLHrXar.exe
  C:\Windows\System\xLHrXar.exe
  2⤵
  PID:7108
- C:\Windows\System\ZroLnBs.exe
  C:\Windows\System\ZroLnBs.exe
  2⤵
  PID:2764
- C:\Windows\System\zIwghZZ.exe
  C:\Windows\System\zIwghZZ.exe
  2⤵
  PID:972
- C:\Windows\System\BuVnbYC.exe
  C:\Windows\System\BuVnbYC.exe
  2⤵
  PID:2172
- C:\Windows\System\poOJgpz.exe
  C:\Windows\System\poOJgpz.exe
  2⤵
  PID:6028
- C:\Windows\System\OBclJIJ.exe
  C:\Windows\System\OBclJIJ.exe
  2⤵
  PID:6168
- C:\Windows\System\nDGduut.exe
  C:\Windows\System\nDGduut.exe
  2⤵
  PID:6232
- C:\Windows\System\IEWYXRH.exe
  C:\Windows\System\IEWYXRH.exe
  2⤵
  PID:6372
- C:\Windows\System\PMnjjXd.exe
  C:\Windows\System\PMnjjXd.exe
  2⤵
  PID:6388
- C:\Windows\System\ILUKbqy.exe
  C:\Windows\System\ILUKbqy.exe
  2⤵
  PID:6484
- C:\Windows\System\zdwnfTK.exe
  C:\Windows\System\zdwnfTK.exe
  2⤵
  PID:1332
- C:\Windows\System\AGqBCUL.exe
  C:\Windows\System\AGqBCUL.exe
  2⤵
  PID:1992
- C:\Windows\System\JovGyiY.exe
  C:\Windows\System\JovGyiY.exe
  2⤵
  PID:6816
- C:\Windows\System\htlaSGc.exe
  C:\Windows\System\htlaSGc.exe
  2⤵
  PID:2656
- C:\Windows\System\PerQWVi.exe
  C:\Windows\System\PerQWVi.exe
  2⤵
  PID:7092
- C:\Windows\System\XrCGPLF.exe
  C:\Windows\System\XrCGPLF.exe
  2⤵
  PID:6992
- C:\Windows\System\ETKEpbM.exe
  C:\Windows\System\ETKEpbM.exe
  2⤵
  PID:2884
- C:\Windows\System\KwenaTc.exe
  C:\Windows\System\KwenaTc.exe
  2⤵
  PID:7140
- C:\Windows\System\YnvdiqY.exe
  C:\Windows\System\YnvdiqY.exe
  2⤵
  PID:2460
- C:\Windows\System\oKONQBa.exe
  C:\Windows\System\oKONQBa.exe
  2⤵
  PID:6212
- C:\Windows\System\asDZzqT.exe
  C:\Windows\System\asDZzqT.exe
  2⤵
  PID:324
- C:\Windows\System\KdFjmEN.exe
  C:\Windows\System\KdFjmEN.exe
  2⤵
  PID:6544
- C:\Windows\System\GkFQgax.exe
  C:\Windows\System\GkFQgax.exe
  2⤵
  PID:2616
- C:\Windows\System\vBQWORg.exe
  C:\Windows\System\vBQWORg.exe
  2⤵
  PID:1684
- C:\Windows\System\zhmlNyE.exe
  C:\Windows\System\zhmlNyE.exe
  2⤵
  PID:2648
- C:\Windows\System\eEvVntr.exe
  C:\Windows\System\eEvVntr.exe
  2⤵
  PID:2784
- C:\Windows\System\eVVTQPm.exe
  C:\Windows\System\eVVTQPm.exe
  2⤵
  PID:6560
- C:\Windows\System\rBzPKoN.exe
  C:\Windows\System\rBzPKoN.exe
  2⤵
  PID:6676
- C:\Windows\System\WCSzEBZ.exe
  C:\Windows\System\WCSzEBZ.exe
  2⤵
  PID:2508
- C:\Windows\System\YLlPlIN.exe
  C:\Windows\System\YLlPlIN.exe
  2⤵
  PID:7044
- C:\Windows\System\UXRVAQo.exe
  C:\Windows\System\UXRVAQo.exe
  2⤵
  PID:488
- C:\Windows\System\PyWvVkd.exe
  C:\Windows\System\PyWvVkd.exe
  2⤵
  PID:7120
- C:\Windows\System\uQvSnhl.exe
  C:\Windows\System\uQvSnhl.exe
  2⤵
  PID:304
- C:\Windows\System\taAxpvm.exe
  C:\Windows\System\taAxpvm.exe
  2⤵
  PID:6976
- C:\Windows\System\dQYomDw.exe
  C:\Windows\System\dQYomDw.exe
  2⤵
  PID:6216
- C:\Windows\System\cBIQjPa.exe
  C:\Windows\System\cBIQjPa.exe
  2⤵
  PID:6248
- C:\Windows\System\qVlFPef.exe
  C:\Windows\System\qVlFPef.exe
  2⤵
  PID:1564
- C:\Windows\System\ocLJCZx.exe
  C:\Windows\System\ocLJCZx.exe
  2⤵
  PID:3032
- C:\Windows\System\aYlGGww.exe
  C:\Windows\System\aYlGGww.exe
  2⤵
  PID:6724
- C:\Windows\System\LjdVsDy.exe
  C:\Windows\System\LjdVsDy.exe
  2⤵
  PID:6288
- C:\Windows\System\XlePqmD.exe
  C:\Windows\System\XlePqmD.exe
  2⤵
  PID:2200
- C:\Windows\System\XGCvmnp.exe
  C:\Windows\System\XGCvmnp.exe
  2⤵
  PID:2732
- C:\Windows\System\HRjutpC.exe
  C:\Windows\System\HRjutpC.exe
  2⤵
  PID:1952
- C:\Windows\System\IRFzWEa.exe
  C:\Windows\System\IRFzWEa.exe
  2⤵
  PID:7184
- C:\Windows\System\mEJBAZJ.exe
  C:\Windows\System\mEJBAZJ.exe
  2⤵
  PID:7200
- C:\Windows\System\VSKKMHK.exe
  C:\Windows\System\VSKKMHK.exe
  2⤵
  PID:7228
- C:\Windows\System\yvgdFVe.exe
  C:\Windows\System\yvgdFVe.exe
  2⤵
  PID:7256
- C:\Windows\System\cfQHzbp.exe
  C:\Windows\System\cfQHzbp.exe
  2⤵
  PID:7276
- C:\Windows\System\kruaEzI.exe
  C:\Windows\System\kruaEzI.exe
  2⤵
  PID:7292
- C:\Windows\System\PxtLEyP.exe
  C:\Windows\System\PxtLEyP.exe
  2⤵
  PID:7312
- C:\Windows\System\urqQiWj.exe
  C:\Windows\System\urqQiWj.exe
  2⤵
  PID:7332
- C:\Windows\System\ThBjmyL.exe
  C:\Windows\System\ThBjmyL.exe
  2⤵
  PID:7352
- C:\Windows\System\YjShiqM.exe
  C:\Windows\System\YjShiqM.exe
  2⤵
  PID:7372
- C:\Windows\System\kQdoxLs.exe
  C:\Windows\System\kQdoxLs.exe
  2⤵
  PID:7436
- C:\Windows\System\QDtcOVp.exe
  C:\Windows\System\QDtcOVp.exe
  2⤵
  PID:7452
- C:\Windows\System\iXaiSWn.exe
  C:\Windows\System\iXaiSWn.exe
  2⤵
  PID:7468
- C:\Windows\System\PoSLYxx.exe
  C:\Windows\System\PoSLYxx.exe
  2⤵
  PID:7484
- C:\Windows\System\FUpqiOn.exe
  C:\Windows\System\FUpqiOn.exe
  2⤵
  PID:7500
- C:\Windows\System\mbaKUIO.exe
  C:\Windows\System\mbaKUIO.exe
  2⤵
  PID:7520
- C:\Windows\System\FNNkToV.exe
  C:\Windows\System\FNNkToV.exe
  2⤵
  PID:7536
- C:\Windows\System\HUGnIwa.exe
  C:\Windows\System\HUGnIwa.exe
  2⤵
  PID:7552
- C:\Windows\System\eMZzpvU.exe
  C:\Windows\System\eMZzpvU.exe
  2⤵
  PID:7572
- C:\Windows\System\HeEczYD.exe
  C:\Windows\System\HeEczYD.exe
  2⤵
  PID:7592
- C:\Windows\System\aSpeqRq.exe
  C:\Windows\System\aSpeqRq.exe
  2⤵
  PID:7616
- C:\Windows\System\OvEcVWw.exe
  C:\Windows\System\OvEcVWw.exe
  2⤵
  PID:7632
- C:\Windows\System\SDHQhQe.exe
  C:\Windows\System\SDHQhQe.exe
  2⤵
  PID:7656
- C:\Windows\System\RYIVFhr.exe
  C:\Windows\System\RYIVFhr.exe
  2⤵
  PID:7672
- C:\Windows\System\QyBhmCK.exe
  C:\Windows\System\QyBhmCK.exe
  2⤵
  PID:7688
- C:\Windows\System\pCFTwHW.exe
  C:\Windows\System\pCFTwHW.exe
  2⤵
  PID:7708
- C:\Windows\System\SLVfGTn.exe
  C:\Windows\System\SLVfGTn.exe
  2⤵
  PID:7728
- C:\Windows\System\mQMcduk.exe
  C:\Windows\System\mQMcduk.exe
  2⤵
  PID:7748
- C:\Windows\System\GcSuOuo.exe
  C:\Windows\System\GcSuOuo.exe
  2⤵
  PID:7772
- C:\Windows\System\AtgIdeH.exe
  C:\Windows\System\AtgIdeH.exe
  2⤵
  PID:7788
- C:\Windows\System\QJyAXdg.exe
  C:\Windows\System\QJyAXdg.exe
  2⤵
  PID:7816
- C:\Windows\System\BRShyFu.exe
  C:\Windows\System\BRShyFu.exe
  2⤵
  PID:7836
- C:\Windows\System\vBdtcQa.exe
  C:\Windows\System\vBdtcQa.exe
  2⤵
  PID:7856
- C:\Windows\System\uFBPfBr.exe
  C:\Windows\System\uFBPfBr.exe
  2⤵
  PID:7880
- C:\Windows\System\eYrMbJf.exe
  C:\Windows\System\eYrMbJf.exe
  2⤵
  PID:7900
- C:\Windows\System\VvPPHYM.exe
  C:\Windows\System\VvPPHYM.exe
  2⤵
  PID:7924
- C:\Windows\System\oRlIIVX.exe
  C:\Windows\System\oRlIIVX.exe
  2⤵
  PID:7940
- C:\Windows\System\luqZGDG.exe
  C:\Windows\System\luqZGDG.exe
  2⤵
  PID:7964
- C:\Windows\System\fMawhKG.exe
  C:\Windows\System\fMawhKG.exe
  2⤵
  PID:7988
- C:\Windows\System\IeIvyBU.exe
  C:\Windows\System\IeIvyBU.exe
  2⤵
  PID:8008
- C:\Windows\System\rEILFqe.exe
  C:\Windows\System\rEILFqe.exe
  2⤵
  PID:8032
- C:\Windows\System\GHggJxa.exe
  C:\Windows\System\GHggJxa.exe
  2⤵
  PID:8052
- C:\Windows\System\wIjgLRi.exe
  C:\Windows\System\wIjgLRi.exe
  2⤵
  PID:8076
- C:\Windows\System\JkyUmqh.exe
  C:\Windows\System\JkyUmqh.exe
  2⤵
  PID:8096
- C:\Windows\System\abflSNL.exe
  C:\Windows\System\abflSNL.exe
  2⤵
  PID:8116
- C:\Windows\System\qvyTMKB.exe
  C:\Windows\System\qvyTMKB.exe
  2⤵
  PID:8140
- C:\Windows\System\eWfSpNN.exe
  C:\Windows\System\eWfSpNN.exe
  2⤵
  PID:8156
- C:\Windows\System\KyCMuLP.exe
  C:\Windows\System\KyCMuLP.exe
  2⤵
  PID:8176
- C:\Windows\System\XRbiUxb.exe
  C:\Windows\System\XRbiUxb.exe
  2⤵
  PID:7156
- C:\Windows\System\RUPzBfC.exe
  C:\Windows\System\RUPzBfC.exe
  2⤵
  PID:6752
- C:\Windows\System\EJHsUiv.exe
  C:\Windows\System\EJHsUiv.exe
  2⤵
  PID:5576
- C:\Windows\System\BvHireq.exe
  C:\Windows\System\BvHireq.exe
  2⤵
  PID:7180
- C:\Windows\System\teJcJYA.exe
  C:\Windows\System\teJcJYA.exe
  2⤵
  PID:7220
- C:\Windows\System\dsyOBeq.exe
  C:\Windows\System\dsyOBeq.exe
  2⤵
  PID:7300
- C:\Windows\System\uPbCwIl.exe
  C:\Windows\System\uPbCwIl.exe
  2⤵
  PID:7348
- C:\Windows\System\wgCPkDZ.exe
  C:\Windows\System\wgCPkDZ.exe
  2⤵
  PID:7392
- C:\Windows\System\gSKnwJc.exe
  C:\Windows\System\gSKnwJc.exe
  2⤵
  PID:7408
- C:\Windows\System\jzSVCcZ.exe
  C:\Windows\System\jzSVCcZ.exe
  2⤵
  PID:7136
- C:\Windows\System\KWzKaim.exe
  C:\Windows\System\KWzKaim.exe
  2⤵
  PID:6800
- C:\Windows\System\wxjktSz.exe
  C:\Windows\System\wxjktSz.exe
  2⤵
  PID:7192
- C:\Windows\System\XaflBNJ.exe
  C:\Windows\System\XaflBNJ.exe
  2⤵
  PID:7244
- C:\Windows\System\WBoRylA.exe
  C:\Windows\System\WBoRylA.exe
  2⤵
  PID:7324
- C:\Windows\System\gQLHAWq.exe
  C:\Windows\System\gQLHAWq.exe
  2⤵
  PID:7368
- C:\Windows\System\Rmcvgpn.exe
  C:\Windows\System\Rmcvgpn.exe
  2⤵
  PID:7464
- C:\Windows\System\VozHDxG.exe
  C:\Windows\System\VozHDxG.exe
  2⤵
  PID:7532
- C:\Windows\System\rmHeVjN.exe
  C:\Windows\System\rmHeVjN.exe
  2⤵
  PID:7604
- C:\Windows\System\SkchmNW.exe
  C:\Windows\System\SkchmNW.exe
  2⤵
  PID:7644
- C:\Windows\System\cXJtUYy.exe
  C:\Windows\System\cXJtUYy.exe
  2⤵
  PID:7716
- C:\Windows\System\VqvZpjE.exe
  C:\Windows\System\VqvZpjE.exe
  2⤵
  PID:7764
- C:\Windows\System\UmUKojS.exe
  C:\Windows\System\UmUKojS.exe
  2⤵
  PID:7804
- C:\Windows\System\fuhkcjt.exe
  C:\Windows\System\fuhkcjt.exe
  2⤵
  PID:7848
- C:\Windows\System\DVhsRGK.exe
  C:\Windows\System\DVhsRGK.exe
  2⤵
  PID:7696
- C:\Windows\System\GpYCpjd.exe
  C:\Windows\System\GpYCpjd.exe
  2⤵
  PID:7476
- C:\Windows\System\ZwSWbKr.exe
  C:\Windows\System\ZwSWbKr.exe
  2⤵
  PID:7740
- C:\Windows\System\QPSjjxQ.exe
  C:\Windows\System\QPSjjxQ.exe
  2⤵
  PID:7932
- C:\Windows\System\eblrwSB.exe
  C:\Windows\System\eblrwSB.exe
  2⤵
  PID:7584
- C:\Windows\System\DxcKwWR.exe
  C:\Windows\System\DxcKwWR.exe
  2⤵
  PID:7984
- C:\Windows\System\DfDGwIb.exe
  C:\Windows\System\DfDGwIb.exe
  2⤵
  PID:7868
- C:\Windows\System\vaUYTqB.exe
  C:\Windows\System\vaUYTqB.exe
  2⤵
  PID:8064
- C:\Windows\System\FWfTqOA.exe
  C:\Windows\System\FWfTqOA.exe
  2⤵
  PID:7876
- C:\Windows\System\ARgOtXg.exe
  C:\Windows\System\ARgOtXg.exe
  2⤵
  PID:7952
- C:\Windows\System\pkjDhEE.exe
  C:\Windows\System\pkjDhEE.exe
  2⤵
  PID:8104
- C:\Windows\System\bIAyxEc.exe
  C:\Windows\System\bIAyxEc.exe
  2⤵
  PID:8112
- C:\Windows\System\ZoqfgOf.exe
  C:\Windows\System\ZoqfgOf.exe
  2⤵
  PID:8092
- C:\Windows\System\zvEDfoH.exe
  C:\Windows\System\zvEDfoH.exe
  2⤵
  PID:8136
- C:\Windows\System\MUWPLYB.exe
  C:\Windows\System\MUWPLYB.exe
  2⤵
  PID:8168
- C:\Windows\System\DCOUooe.exe
  C:\Windows\System\DCOUooe.exe
  2⤵
  PID:6896
- C:\Windows\System\KrhThdG.exe
  C:\Windows\System\KrhThdG.exe
  2⤵
  PID:7216
- C:\Windows\System\luhZhnf.exe
  C:\Windows\System\luhZhnf.exe
  2⤵
  PID:6180
- C:\Windows\System\YTsYKlr.exe
  C:\Windows\System\YTsYKlr.exe
  2⤵
  PID:7176
- C:\Windows\System\bmQnSBs.exe
  C:\Windows\System\bmQnSBs.exe
  2⤵
  PID:7380
- C:\Windows\System\fxVBgRo.exe
  C:\Windows\System\fxVBgRo.exe
  2⤵
  PID:284
- C:\Windows\System\DThFWQO.exe
  C:\Windows\System\DThFWQO.exe
  2⤵
  PID:7056
- C:\Windows\System\fjXaeEd.exe
  C:\Windows\System\fjXaeEd.exe
  2⤵
  PID:6276
- C:\Windows\System\HqMjXUE.exe
  C:\Windows\System\HqMjXUE.exe
  2⤵
  PID:7240
- C:\Windows\System\LfveGzY.exe
  C:\Windows\System\LfveGzY.exe
  2⤵
  PID:7384
- C:\Windows\System\CdXLdue.exe
  C:\Windows\System\CdXLdue.exe
  2⤵
  PID:7756
- C:\Windows\System\LUDUxdI.exe
  C:\Windows\System\LUDUxdI.exe
  2⤵
  PID:7704
- C:\Windows\System\whKomTt.exe
  C:\Windows\System\whKomTt.exe
  2⤵
  PID:7972
- C:\Windows\System\DxSTDmi.exe
  C:\Windows\System\DxSTDmi.exe
  2⤵
  PID:1732
- C:\Windows\System\EGpdKMD.exe
  C:\Windows\System\EGpdKMD.exe
  2⤵
  PID:7320
- C:\Windows\System\UqzkChp.exe
  C:\Windows\System\UqzkChp.exe
  2⤵
  PID:7652
- C:\Windows\System\yKGNaqp.exe
  C:\Windows\System\yKGNaqp.exe
  2⤵
  PID:7912
- C:\Windows\System\nvkwLYe.exe
  C:\Windows\System\nvkwLYe.exe
  2⤵
  PID:7736
- C:\Windows\System\vqxHWRj.exe
  C:\Windows\System\vqxHWRj.exe
  2⤵
  PID:7744
- C:\Windows\System\JgmjtQg.exe
  C:\Windows\System\JgmjtQg.exe
  2⤵
  PID:7948
- C:\Windows\System\Lwiukhn.exe
  C:\Windows\System\Lwiukhn.exe
  2⤵
  PID:7908
- C:\Windows\System\qZKlsth.exe
  C:\Windows\System\qZKlsth.exe
  2⤵
  PID:7832
- C:\Windows\System\pFHHKGw.exe
  C:\Windows\System\pFHHKGw.exe
  2⤵
  PID:8148
- C:\Windows\System\KxJvdpZ.exe
  C:\Windows\System\KxJvdpZ.exe
  2⤵
  PID:7340
- C:\Windows\System\tPHCQuW.exe
  C:\Windows\System\tPHCQuW.exe
  2⤵
  PID:7864
- C:\Windows\System\samIdzC.exe
  C:\Windows\System\samIdzC.exe
  2⤵
  PID:6848
- C:\Windows\System\NNxjiSe.exe
  C:\Windows\System\NNxjiSe.exe
  2⤵
  PID:7640
- C:\Windows\System\nKYrmwl.exe
  C:\Windows\System\nKYrmwl.exe
  2⤵
  PID:7680
- C:\Windows\System\tfsLCKm.exe
  C:\Windows\System\tfsLCKm.exe
  2⤵
  PID:7844
- C:\Windows\System\jnaOFzc.exe
  C:\Windows\System\jnaOFzc.exe
  2⤵
  PID:6420
- C:\Windows\System\ShYdrEq.exe
  C:\Windows\System\ShYdrEq.exe
  2⤵
  PID:7480
- C:\Windows\System\iBoTOCc.exe
  C:\Windows\System\iBoTOCc.exe
  2⤵
  PID:8016
- C:\Windows\System\ynKCsTi.exe
  C:\Windows\System\ynKCsTi.exe
  2⤵
  PID:8020
- C:\Windows\System\PGhfAXX.exe
  C:\Windows\System\PGhfAXX.exe
  2⤵
  PID:7920
- C:\Windows\System\NNygFtr.exe
  C:\Windows\System\NNygFtr.exe
  2⤵
  PID:8000
- C:\Windows\System\UuLUqyV.exe
  C:\Windows\System\UuLUqyV.exe
  2⤵
  PID:7800
- C:\Windows\System\aNJNNJk.exe
  C:\Windows\System\aNJNNJk.exe
  2⤵
  PID:7024
- C:\Windows\System\feLYHqu.exe
  C:\Windows\System\feLYHqu.exe
  2⤵
  PID:8088
- C:\Windows\System\tQZSsPH.exe
  C:\Windows\System\tQZSsPH.exe
  2⤵
  PID:7516
- C:\Windows\System\dNAUpbY.exe
  C:\Windows\System\dNAUpbY.exe
  2⤵
  PID:7496
- C:\Windows\System\NvHPTmC.exe
  C:\Windows\System\NvHPTmC.exe
  2⤵
  PID:7996
- C:\Windows\System\KiSZBNi.exe
  C:\Windows\System\KiSZBNi.exe
  2⤵
  PID:7600
- C:\Windows\System\DXTcUFW.exe
  C:\Windows\System\DXTcUFW.exe
  2⤵
  PID:8068
- C:\Windows\System\AnFLUdD.exe
  C:\Windows\System\AnFLUdD.exe
  2⤵
  PID:7404
- C:\Windows\System\caAmcan.exe
  C:\Windows\System\caAmcan.exe
  2⤵
  PID:8084
- C:\Windows\System\jLEqRNS.exe
  C:\Windows\System\jLEqRNS.exe
  2⤵
  PID:7284
- C:\Windows\System\pdvWcMN.exe
  C:\Windows\System\pdvWcMN.exe
  2⤵
  PID:7664
- C:\Windows\System\FaNXsnR.exe
  C:\Windows\System\FaNXsnR.exe
  2⤵
  PID:3000
- C:\Windows\System\iOJhBWa.exe
  C:\Windows\System\iOJhBWa.exe
  2⤵
  PID:7424
- C:\Windows\System\oSHPINv.exe
  C:\Windows\System\oSHPINv.exe
  2⤵
  PID:7824
- C:\Windows\System\GdOuHCU.exe
  C:\Windows\System\GdOuHCU.exe
  2⤵
  PID:8196
- C:\Windows\System\SxpHyqz.exe
  C:\Windows\System\SxpHyqz.exe
  2⤵
  PID:8212
- C:\Windows\System\KXFNHSp.exe
  C:\Windows\System\KXFNHSp.exe
  2⤵
  PID:8232
- C:\Windows\System\FYfTJKC.exe
  C:\Windows\System\FYfTJKC.exe
  2⤵
  PID:8252
- C:\Windows\System\nahXDXl.exe
  C:\Windows\System\nahXDXl.exe
  2⤵
  PID:8268
- C:\Windows\System\rwmiTyK.exe
  C:\Windows\System\rwmiTyK.exe
  2⤵
  PID:8284
- C:\Windows\System\TCOCUbJ.exe
  C:\Windows\System\TCOCUbJ.exe
  2⤵
  PID:8300
- C:\Windows\System\HHgjitB.exe
  C:\Windows\System\HHgjitB.exe
  2⤵
  PID:8316
- C:\Windows\System\UKJZbRK.exe
  C:\Windows\System\UKJZbRK.exe
  2⤵
  PID:8332
- C:\Windows\System\OWwfTkI.exe
  C:\Windows\System\OWwfTkI.exe
  2⤵
  PID:8348
- C:\Windows\System\wZuGJQp.exe
  C:\Windows\System\wZuGJQp.exe
  2⤵
  PID:8380
- C:\Windows\System\DTvjDGQ.exe
  C:\Windows\System\DTvjDGQ.exe
  2⤵
  PID:8396
- C:\Windows\System\cATodSp.exe
  C:\Windows\System\cATodSp.exe
  2⤵
  PID:8412
- C:\Windows\System\rtXznxS.exe
  C:\Windows\System\rtXznxS.exe
  2⤵
  PID:8428
- C:\Windows\System\fviDsYg.exe
  C:\Windows\System\fviDsYg.exe
  2⤵
  PID:8444
- C:\Windows\System\DgZfzOQ.exe
  C:\Windows\System\DgZfzOQ.exe
  2⤵
  PID:8460
- C:\Windows\System\OzujDfX.exe
  C:\Windows\System\OzujDfX.exe
  2⤵
  PID:8476
- C:\Windows\System\jCDIgMz.exe
  C:\Windows\System\jCDIgMz.exe
  2⤵
  PID:8492
- C:\Windows\System\pVqoBWC.exe
  C:\Windows\System\pVqoBWC.exe
  2⤵
  PID:8516
- C:\Windows\System\MvoHJvD.exe
  C:\Windows\System\MvoHJvD.exe
  2⤵
  PID:8532
- C:\Windows\System\HgZXnKj.exe
  C:\Windows\System\HgZXnKj.exe
  2⤵
  PID:8548
- C:\Windows\System\beLabxw.exe
  C:\Windows\System\beLabxw.exe
  2⤵
  PID:8564
- C:\Windows\System\tlPVZZH.exe
  C:\Windows\System\tlPVZZH.exe
  2⤵
  PID:8580
- C:\Windows\System\TIJzDyM.exe
  C:\Windows\System\TIJzDyM.exe
  2⤵
  PID:8596
- C:\Windows\System\apaTdnO.exe
  C:\Windows\System\apaTdnO.exe
  2⤵
  PID:8612
- C:\Windows\System\AahARZf.exe
  C:\Windows\System\AahARZf.exe
  2⤵
  PID:8628
- C:\Windows\System\PdvuaPA.exe
  C:\Windows\System\PdvuaPA.exe
  2⤵
  PID:8644
- C:\Windows\System\HUqhaHc.exe
  C:\Windows\System\HUqhaHc.exe
  2⤵
  PID:8660
- C:\Windows\System\XaZvKvq.exe
  C:\Windows\System\XaZvKvq.exe
  2⤵
  PID:8720
- C:\Windows\System\fWyoaar.exe
  C:\Windows\System\fWyoaar.exe
  2⤵
  PID:8768
- C:\Windows\System\tvSmbDL.exe
  C:\Windows\System\tvSmbDL.exe
  2⤵
  PID:8784
- C:\Windows\System\pnVUBpa.exe
  C:\Windows\System\pnVUBpa.exe
  2⤵
  PID:8800
- C:\Windows\System\kdXQWAz.exe
  C:\Windows\System\kdXQWAz.exe
  2⤵
  PID:8824
- C:\Windows\System\vAjuSNY.exe
  C:\Windows\System\vAjuSNY.exe
  2⤵
  PID:8844
- C:\Windows\System\AVQqXDr.exe
  C:\Windows\System\AVQqXDr.exe
  2⤵
  PID:8860
- C:\Windows\System\oOPQYiG.exe
  C:\Windows\System\oOPQYiG.exe
  2⤵
  PID:8876
- C:\Windows\System\fpnBDLA.exe
  C:\Windows\System\fpnBDLA.exe
  2⤵
  PID:8892
- C:\Windows\System\PQVEFCK.exe
  C:\Windows\System\PQVEFCK.exe
  2⤵
  PID:8912
- C:\Windows\System\qrcyIHl.exe
  C:\Windows\System\qrcyIHl.exe
  2⤵
  PID:8928
- C:\Windows\System\pEzcaoo.exe
  C:\Windows\System\pEzcaoo.exe
  2⤵
  PID:8944
- C:\Windows\System\MDMBTVd.exe
  C:\Windows\System\MDMBTVd.exe
  2⤵
  PID:8960
- C:\Windows\System\QBZKdPa.exe
  C:\Windows\System\QBZKdPa.exe
  2⤵
  PID:8976
- C:\Windows\System\AafQDpl.exe
  C:\Windows\System\AafQDpl.exe
  2⤵
  PID:8992
- C:\Windows\System\WMAruyG.exe
  C:\Windows\System\WMAruyG.exe
  2⤵
  PID:9008
- C:\Windows\System\GLrROip.exe
  C:\Windows\System\GLrROip.exe
  2⤵
  PID:9024
- C:\Windows\System\DHQqaEN.exe
  C:\Windows\System\DHQqaEN.exe
  2⤵
  PID:9040
- C:\Windows\System\eytxRdx.exe
  C:\Windows\System\eytxRdx.exe
  2⤵
  PID:9056
- C:\Windows\System\tSHhwFg.exe
  C:\Windows\System\tSHhwFg.exe
  2⤵
  PID:9072
- C:\Windows\System\IIQfMMZ.exe
  C:\Windows\System\IIQfMMZ.exe
  2⤵
  PID:9088
- C:\Windows\System\klQKzuc.exe
  C:\Windows\System\klQKzuc.exe
  2⤵
  PID:9104
- C:\Windows\System\WlRpQHO.exe
  C:\Windows\System\WlRpQHO.exe
  2⤵
  PID:9120
- C:\Windows\System\DpMpgVu.exe
  C:\Windows\System\DpMpgVu.exe
  2⤵
  PID:9136
- C:\Windows\System\nkyWHpL.exe
  C:\Windows\System\nkyWHpL.exe
  2⤵
  PID:9152
- C:\Windows\System\SGqJYiR.exe
  C:\Windows\System\SGqJYiR.exe
  2⤵
  PID:9168
- C:\Windows\System\hmAXYbT.exe
  C:\Windows\System\hmAXYbT.exe
  2⤵
  PID:9184
- C:\Windows\System\ucQurOr.exe
  C:\Windows\System\ucQurOr.exe
  2⤵
  PID:9200
- C:\Windows\System\WAGuHwO.exe
  C:\Windows\System\WAGuHwO.exe
  2⤵
  PID:7768
- C:\Windows\System\LOnbYPs.exe
  C:\Windows\System\LOnbYPs.exe
  2⤵
  PID:8224
- C:\Windows\System\YVfscBg.exe
  C:\Windows\System\YVfscBg.exe
  2⤵
  PID:7268
- C:\Windows\System\gkqoCtq.exe
  C:\Windows\System\gkqoCtq.exe
  2⤵
  PID:7724
- C:\Windows\System\PyvjwpQ.exe
  C:\Windows\System\PyvjwpQ.exe
  2⤵
  PID:8328
- C:\Windows\System\vXfXrJj.exe
  C:\Windows\System\vXfXrJj.exe
  2⤵
  PID:8152
- C:\Windows\System\QlppjZk.exe
  C:\Windows\System\QlppjZk.exe
  2⤵
  PID:8692
- C:\Windows\System\IFiVpSi.exe
  C:\Windows\System\IFiVpSi.exe
  2⤵
  PID:8732
- C:\Windows\System\reWUZzq.exe
  C:\Windows\System\reWUZzq.exe
  2⤵
  PID:8748
- C:\Windows\System\uIgnxOm.exe
  C:\Windows\System\uIgnxOm.exe
  2⤵
  PID:8764
- C:\Windows\System\JISjamG.exe
  C:\Windows\System\JISjamG.exe
  2⤵
  PID:8780
- C:\Windows\System\ONwIpBm.exe
  C:\Windows\System\ONwIpBm.exe
  2⤵
  PID:8808
- C:\Windows\System\HBHGjFj.exe
  C:\Windows\System\HBHGjFj.exe
  2⤵
  PID:8852
- C:\Windows\System\NBgpBDc.exe
  C:\Windows\System\NBgpBDc.exe
  2⤵
  PID:8884
- C:\Windows\System\rhpILJX.exe
  C:\Windows\System\rhpILJX.exe
  2⤵
  PID:8924
- C:\Windows\System\vzJPzUQ.exe
  C:\Windows\System\vzJPzUQ.exe
  2⤵
  PID:8984
- C:\Windows\System\hwzGzpZ.exe
  C:\Windows\System\hwzGzpZ.exe
  2⤵
  PID:9048
- C:\Windows\System\LbtCXVK.exe
  C:\Windows\System\LbtCXVK.exe
  2⤵
  PID:9112
- C:\Windows\System\TaOrPWW.exe
  C:\Windows\System\TaOrPWW.exe
  2⤵
  PID:9176
- C:\Windows\System\LaeBKJo.exe
  C:\Windows\System\LaeBKJo.exe
  2⤵
  PID:8508
- C:\Windows\System\UaeQVmi.exe
  C:\Windows\System\UaeQVmi.exe
  2⤵
  PID:8972
- C:\Windows\System\TjmsbVY.exe
  C:\Windows\System\TjmsbVY.exe
  2⤵
  PID:9096
- C:\Windows\System\OPFHudk.exe
  C:\Windows\System\OPFHudk.exe
  2⤵
  PID:9068
- C:\Windows\System\KsqImIj.exe
  C:\Windows\System\KsqImIj.exe
  2⤵
  PID:9128
- C:\Windows\System\ZoJnoNQ.exe
  C:\Windows\System\ZoJnoNQ.exe
  2⤵
  PID:8184
- C:\Windows\System\MbLFgsc.exe
  C:\Windows\System\MbLFgsc.exe
  2⤵
  PID:8208
- C:\Windows\System\kdJTLdI.exe
  C:\Windows\System\kdJTLdI.exe
  2⤵
  PID:8388
- C:\Windows\System\zOtjinu.exe
  C:\Windows\System\zOtjinu.exe
  2⤵
  PID:8392
- C:\Windows\System\SINthxC.exe
  C:\Windows\System\SINthxC.exe
  2⤵
  PID:8372
- C:\Windows\System\AlKAvwT.exe
  C:\Windows\System\AlKAvwT.exe
  2⤵
  PID:8452
- C:\Windows\System\DyOGICb.exe
  C:\Windows\System\DyOGICb.exe
  2⤵
  PID:8500
- C:\Windows\System\njnEqVe.exe
  C:\Windows\System\njnEqVe.exe
  2⤵
  PID:8540
- C:\Windows\System\strVoDW.exe
  C:\Windows\System\strVoDW.exe
  2⤵
  PID:8576
- C:\Windows\System\TnrItSt.exe
  C:\Windows\System\TnrItSt.exe
  2⤵
  PID:8528
- C:\Windows\System\HPTtoOf.exe
  C:\Windows\System\HPTtoOf.exe
  2⤵
  PID:8624
- C:\Windows\System\UHcURnG.exe
  C:\Windows\System\UHcURnG.exe
  2⤵
  PID:8276
- C:\Windows\System\CFWUDOu.exe
  C:\Windows\System\CFWUDOu.exe
  2⤵
  PID:8656
- C:\Windows\System\PPUGQxR.exe
  C:\Windows\System\PPUGQxR.exe
  2⤵
  PID:8676
- C:\Windows\System\fTLuycK.exe
  C:\Windows\System\fTLuycK.exe
  2⤵
  PID:8712
- C:\Windows\System\jJSRAZk.exe
  C:\Windows\System\jJSRAZk.exe
  2⤵
  PID:8404
- C:\Windows\System\WVsfQlw.exe
  C:\Windows\System\WVsfQlw.exe
  2⤵
  PID:8620
- C:\Windows\System\xaUAASu.exe
  C:\Windows\System\xaUAASu.exe
  2⤵
  PID:8408
- C:\Windows\System\VOYkKkI.exe
  C:\Windows\System\VOYkKkI.exe
  2⤵
  PID:8856
- C:\Windows\System\LfacUCS.exe
  C:\Windows\System\LfacUCS.exe
  2⤵
  PID:8820
- C:\Windows\System\UXLvCRN.exe
  C:\Windows\System\UXLvCRN.exe
  2⤵
  PID:9084
- C:\Windows\System\CLnjxKi.exe
  C:\Windows\System\CLnjxKi.exe
  2⤵
  PID:8296
- C:\Windows\System\sFBdNZm.exe
  C:\Windows\System\sFBdNZm.exe
  2⤵
  PID:7624
- C:\Windows\System\Fmcorqw.exe
  C:\Windows\System\Fmcorqw.exe
  2⤵
  PID:8484
- C:\Windows\System\gZWdTGo.exe
  C:\Windows\System\gZWdTGo.exe
  2⤵
  PID:8668
- C:\Windows\System\QUChZKZ.exe
  C:\Windows\System\QUChZKZ.exe
  2⤵
  PID:8324
- C:\Windows\System\rxEjvPI.exe
  C:\Windows\System\rxEjvPI.exe
  2⤵
  PID:8700
- C:\Windows\System\HtoSqBQ.exe
  C:\Windows\System\HtoSqBQ.exe
  2⤵
  PID:8760
- C:\Windows\System\pDmtOIf.exe
  C:\Windows\System\pDmtOIf.exe
  2⤵
  PID:8888
- C:\Windows\System\qhWmJBK.exe
  C:\Windows\System\qhWmJBK.exe
  2⤵
  PID:9148
- C:\Windows\System\RLVIfVa.exe
  C:\Windows\System\RLVIfVa.exe
  2⤵
  PID:8488
- C:\Windows\System\iNWIpfy.exe
  C:\Windows\System\iNWIpfy.exe
  2⤵
  PID:9208
- C:\Windows\System\DcRjrSI.exe
  C:\Windows\System\DcRjrSI.exe
  2⤵
  PID:8696
- C:\Windows\System\jqOMpew.exe
  C:\Windows\System\jqOMpew.exe
  2⤵
  PID:7568
- C:\Windows\System\IFMnNgk.exe
  C:\Windows\System\IFMnNgk.exe
  2⤵
  PID:8816
- C:\Windows\System\MPsHMnZ.exe
  C:\Windows\System\MPsHMnZ.exe
  2⤵
  PID:9144
- C:\Windows\System\IfYZYIc.exe
  C:\Windows\System\IfYZYIc.exe
  2⤵
  PID:9164
- C:\Windows\System\vLmvBxy.exe
  C:\Windows\System\vLmvBxy.exe
  2⤵
  PID:9196
- C:\Windows\System\sOViRcz.exe
  C:\Windows\System\sOViRcz.exe
  2⤵
  PID:8560
- C:\Windows\System\xJKOVsX.exe
  C:\Windows\System\xJKOVsX.exe
  2⤵
  PID:8468
- C:\Windows\System\uVSaKRS.exe
  C:\Windows\System\uVSaKRS.exe
  2⤵
  PID:8512
- C:\Windows\System\SgBvNbG.exe
  C:\Windows\System\SgBvNbG.exe
  2⤵
  PID:8704
- C:\Windows\System\EBvgcPy.exe
  C:\Windows\System\EBvgcPy.exe
  2⤵
  PID:8968
- C:\Windows\System\xClkqEf.exe
  C:\Windows\System\xClkqEf.exe
  2⤵
  PID:5776
- C:\Windows\System\VGgkhHq.exe
  C:\Windows\System\VGgkhHq.exe
  2⤵
  PID:8244
- C:\Windows\System\GwIwtuK.exe
  C:\Windows\System\GwIwtuK.exe
  2⤵
  PID:9100
- C:\Windows\System\mOihjEF.exe
  C:\Windows\System\mOihjEF.exe
  2⤵
  PID:8936
- C:\Windows\System\PLADPzk.exe
  C:\Windows\System\PLADPzk.exe
  2⤵
  PID:2644
- C:\Windows\System\iIgIFPJ.exe
  C:\Windows\System\iIgIFPJ.exe
  2⤵
  PID:8312
- C:\Windows\System\pSMjJbf.exe
  C:\Windows\System\pSMjJbf.exe
  2⤵
  PID:9228
- C:\Windows\System\tqFYswX.exe
  C:\Windows\System\tqFYswX.exe
  2⤵
  PID:9248
- C:\Windows\System\PPaTMez.exe
  C:\Windows\System\PPaTMez.exe
  2⤵
  PID:9264
- C:\Windows\System\xPNuAHY.exe
  C:\Windows\System\xPNuAHY.exe
  2⤵
  PID:9284
- C:\Windows\System\cePcSqD.exe
  C:\Windows\System\cePcSqD.exe
  2⤵
  PID:9300
- C:\Windows\System\RjoFPoH.exe
  C:\Windows\System\RjoFPoH.exe
  2⤵
  PID:9316
- C:\Windows\System\HRGaKso.exe
  C:\Windows\System\HRGaKso.exe
  2⤵
  PID:9332
- C:\Windows\System\UqkVfIQ.exe
  C:\Windows\System\UqkVfIQ.exe
  2⤵
  PID:9348
- C:\Windows\System\enmQDqm.exe
  C:\Windows\System\enmQDqm.exe
  2⤵
  PID:9364
- C:\Windows\System\DkwHlXn.exe
  C:\Windows\System\DkwHlXn.exe
  2⤵
  PID:9380
- C:\Windows\System\oavFDKg.exe
  C:\Windows\System\oavFDKg.exe
  2⤵
  PID:9396
- C:\Windows\System\yctjxip.exe
  C:\Windows\System\yctjxip.exe
  2⤵
  PID:9416
- C:\Windows\System\MRTfOnN.exe
  C:\Windows\System\MRTfOnN.exe
  2⤵
  PID:9432
- C:\Windows\System\tmdKIja.exe
  C:\Windows\System\tmdKIja.exe
  2⤵
  PID:9456
- C:\Windows\System\tvbcKSp.exe
  C:\Windows\System\tvbcKSp.exe
  2⤵
  PID:9476
- C:\Windows\System\FuvAgiV.exe
  C:\Windows\System\FuvAgiV.exe
  2⤵
  PID:9492
- C:\Windows\System\tgatUIs.exe
  C:\Windows\System\tgatUIs.exe
  2⤵
  PID:9512
- C:\Windows\System\lmvssPS.exe
  C:\Windows\System\lmvssPS.exe
  2⤵
  PID:9528
- C:\Windows\System\bxoRaeC.exe
  C:\Windows\System\bxoRaeC.exe
  2⤵
  PID:9548
- C:\Windows\System\szZaogv.exe
  C:\Windows\System\szZaogv.exe
  2⤵
  PID:9564
- C:\Windows\System\ThDbaqp.exe
  C:\Windows\System\ThDbaqp.exe
  2⤵
  PID:9596
- C:\Windows\System\juAfALq.exe
  C:\Windows\System\juAfALq.exe
  2⤵
  PID:9612
- C:\Windows\System\VpVEFae.exe
  C:\Windows\System\VpVEFae.exe
  2⤵
  PID:9628
- C:\Windows\System\PrLUaKe.exe
  C:\Windows\System\PrLUaKe.exe
  2⤵
  PID:9648
- C:\Windows\System\BmOwfIg.exe
  C:\Windows\System\BmOwfIg.exe
  2⤵
  PID:9664
- C:\Windows\System\kBwhhfD.exe
  C:\Windows\System\kBwhhfD.exe
  2⤵
  PID:9680
- C:\Windows\System\zvtdOhg.exe
  C:\Windows\System\zvtdOhg.exe
  2⤵
  PID:9700
- C:\Windows\System\XqaQULk.exe
  C:\Windows\System\XqaQULk.exe
  2⤵
  PID:9720
- C:\Windows\System\JpHWGjg.exe
  C:\Windows\System\JpHWGjg.exe
  2⤵
  PID:9740
- C:\Windows\System\IZTOSyI.exe
  C:\Windows\System\IZTOSyI.exe
  2⤵
  PID:9840
- C:\Windows\System\bvOJlnw.exe
  C:\Windows\System\bvOJlnw.exe
  2⤵
  PID:9860
- C:\Windows\System\hNrDqoV.exe
  C:\Windows\System\hNrDqoV.exe
  2⤵
  PID:9880
- C:\Windows\System\BXCKrja.exe
  C:\Windows\System\BXCKrja.exe
  2⤵
  PID:9904
- C:\Windows\System\IoyjAHx.exe
  C:\Windows\System\IoyjAHx.exe
  2⤵
  PID:9920
- C:\Windows\System\zCIyelP.exe
  C:\Windows\System\zCIyelP.exe
  2⤵
  PID:9936
- C:\Windows\System\sMDABUw.exe
  C:\Windows\System\sMDABUw.exe
  2⤵
  PID:9952
- C:\Windows\System\NzsUXIP.exe
  C:\Windows\System\NzsUXIP.exe
  2⤵
  PID:9968
- C:\Windows\System\UquQLQq.exe
  C:\Windows\System\UquQLQq.exe
  2⤵
  PID:9992
- C:\Windows\System\xJhfKUa.exe
  C:\Windows\System\xJhfKUa.exe
  2⤵
  PID:10008
- C:\Windows\System\VbSmeeD.exe
  C:\Windows\System\VbSmeeD.exe
  2⤵
  PID:10024
- C:\Windows\System\DhXgaia.exe
  C:\Windows\System\DhXgaia.exe
  2⤵
  PID:10040
- C:\Windows\System\PqrTubA.exe
  C:\Windows\System\PqrTubA.exe
  2⤵
  PID:10060
- C:\Windows\System\ooOeldv.exe
  C:\Windows\System\ooOeldv.exe
  2⤵
  PID:10076
- C:\Windows\System\PBmQPmX.exe
  C:\Windows\System\PBmQPmX.exe
  2⤵
  PID:10092
- C:\Windows\System\qgyUsNQ.exe
  C:\Windows\System\qgyUsNQ.exe
  2⤵
  PID:10108
- C:\Windows\System\HPULSFR.exe
  C:\Windows\System\HPULSFR.exe
  2⤵
  PID:10124
- C:\Windows\System\rDtGUZX.exe
  C:\Windows\System\rDtGUZX.exe
  2⤵
  PID:10140
- C:\Windows\System\LwLBpqj.exe
  C:\Windows\System\LwLBpqj.exe
  2⤵
  PID:10156
- C:\Windows\System\iZnmZqP.exe
  C:\Windows\System\iZnmZqP.exe
  2⤵
  PID:10172
- C:\Windows\System\vqJrmTK.exe
  C:\Windows\System\vqJrmTK.exe
  2⤵
  PID:10192
- C:\Windows\System\nDmYofV.exe
  C:\Windows\System\nDmYofV.exe
  2⤵
  PID:10208
- C:\Windows\System\AFfQCwM.exe
  C:\Windows\System\AFfQCwM.exe
  2⤵
  PID:10224
- C:\Windows\System\WlsvZiu.exe
  C:\Windows\System\WlsvZiu.exe
  2⤵
  PID:8940
- C:\Windows\System\qSxdkSF.exe
  C:\Windows\System\qSxdkSF.exe
  2⤵
  PID:8792
- C:\Windows\System\ItkqpeI.exe
  C:\Windows\System\ItkqpeI.exe
  2⤵
  PID:9272
- C:\Windows\System\fLxkAJC.exe
  C:\Windows\System\fLxkAJC.exe
  2⤵
  PID:9312
- C:\Windows\System\MlYeHfj.exe
  C:\Windows\System\MlYeHfj.exe
  2⤵
  PID:9376
- C:\Windows\System\iZmVLYX.exe
  C:\Windows\System\iZmVLYX.exe
  2⤵
  PID:9440
- C:\Windows\System\ccTqRpv.exe
  C:\Windows\System\ccTqRpv.exe
  2⤵
  PID:9488
- C:\Windows\System\OwwoUit.exe
  C:\Windows\System\OwwoUit.exe
  2⤵
  PID:9580
- C:\Windows\System\yeeaKRI.exe
  C:\Windows\System\yeeaKRI.exe
  2⤵
  PID:9556
- C:\Windows\System\adjhfxc.exe
  C:\Windows\System\adjhfxc.exe
  2⤵
  PID:9708
- C:\Windows\System\NsftKBn.exe
  C:\Windows\System\NsftKBn.exe
  2⤵
  PID:9388
- C:\Windows\System\ebsxVqg.exe
  C:\Windows\System\ebsxVqg.exe
  2⤵
  PID:9464
- C:\Windows\System\vmvrDhn.exe
  C:\Windows\System\vmvrDhn.exe
  2⤵
  PID:9592
- C:\Windows\System\eYaSyxM.exe
  C:\Windows\System\eYaSyxM.exe
  2⤵
  PID:9292
- C:\Windows\System\KybkKaf.exe
  C:\Windows\System\KybkKaf.exe
  2⤵
  PID:9360
- C:\Windows\System\Pbzxqqi.exe
  C:\Windows\System\Pbzxqqi.exe
  2⤵
  PID:9540
- C:\Windows\System\IltqecS.exe
  C:\Windows\System\IltqecS.exe
  2⤵
  PID:9816
- C:\Windows\System\HPmSHDG.exe
  C:\Windows\System\HPmSHDG.exe
  2⤵
  PID:9856
- C:\Windows\System\jSzJNVv.exe
  C:\Windows\System\jSzJNVv.exe
  2⤵
  PID:9876
- C:\Windows\System\HlbBdtr.exe
  C:\Windows\System\HlbBdtr.exe
  2⤵
  PID:9928
- C:\Windows\System\BpMnsJM.exe
  C:\Windows\System\BpMnsJM.exe
  2⤵
  PID:10000
- C:\Windows\System\YagESCB.exe
  C:\Windows\System\YagESCB.exe
  2⤵
  PID:10036
- C:\Windows\System\OieyYKx.exe
  C:\Windows\System\OieyYKx.exe
  2⤵
  PID:9916
- C:\Windows\System\UEsnfrC.exe
  C:\Windows\System\UEsnfrC.exe
  2⤵
  PID:9984
- C:\Windows\System\vMqMzYj.exe
  C:\Windows\System\vMqMzYj.exe
  2⤵
  PID:10052
- C:\Windows\System\mrocYij.exe
  C:\Windows\System\mrocYij.exe
  2⤵
  PID:9244
- C:\Windows\System\PQogXpt.exe
  C:\Windows\System\PQogXpt.exe
  2⤵
  PID:9344
- C:\Windows\System\GxOvEFi.exe
  C:\Windows\System\GxOvEFi.exe
  2⤵
  PID:9484
- C:\Windows\System\FrGsuxW.exe
  C:\Windows\System\FrGsuxW.exe
  2⤵
  PID:9620
- C:\Windows\System\GnmWoQU.exe
  C:\Windows\System\GnmWoQU.exe
  2⤵
  PID:9408
- C:\Windows\System\wdZsJwO.exe
  C:\Windows\System\wdZsJwO.exe
  2⤵
  PID:9220
- C:\Windows\System\SMNnlEu.exe
  C:\Windows\System\SMNnlEu.exe
  2⤵
  PID:9544
- C:\Windows\System\SFnUUWU.exe
  C:\Windows\System\SFnUUWU.exe
  2⤵
  PID:9260
- C:\Windows\System\LFfwdpL.exe
  C:\Windows\System\LFfwdpL.exe
  2⤵
  PID:9640
- C:\Windows\System\fuTwemd.exe
  C:\Windows\System\fuTwemd.exe
  2⤵
  PID:9788
- C:\Windows\System\DVcIkDy.exe
  C:\Windows\System\DVcIkDy.exe
  2⤵
  PID:9692
- C:\Windows\System\jMkLaCW.exe
  C:\Windows\System\jMkLaCW.exe
  2⤵
  PID:9756
- C:\Windows\System\CzEwufe.exe
  C:\Windows\System\CzEwufe.exe
  2⤵
  PID:9784
- C:\Windows\System\eQbszNf.exe
  C:\Windows\System\eQbszNf.exe
  2⤵
  PID:9832
- C:\Windows\System\ktCdjYt.exe
  C:\Windows\System\ktCdjYt.exe
  2⤵
  PID:9796
- C:\Windows\System\cDtzmMP.exe
  C:\Windows\System\cDtzmMP.exe
  2⤵
  PID:9872
- C:\Windows\System\gygObYk.exe
  C:\Windows\System\gygObYk.exe
  2⤵
  PID:9932
- C:\Windows\System\zbDFSxz.exe
  C:\Windows\System\zbDFSxz.exe
  2⤵
  PID:10068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BERgGeO.exe

Filesize
6.0MB

MD5
79b519b0eb69b33f9733eb6de6fc1259

SHA1
a5c5ae957861f8a87af9d44d2bca421bd8fb70c0

SHA256
c2576a252ece8c30f1768d3e8feee9ba3e3cf419d3689033d9ee71b78c1d22d0

SHA512
22e03e894f4e71f09970393e29ac8e6774f97c55b5562dd5903a14b70c39da3f663b9eccb3321db71c34c9d006beb69d6c4802f8ae5f6700ff38291aff092478

Download Submit
C:\Windows\system\FDambVi.exe

Filesize
6.0MB

MD5
54aaa4af597829d443ab35814b68bafe

SHA1
299b73752e788ffba3f0d4fcf9f189fefd2f3829

SHA256
c01be575b50e39cbe916c72d1cffdb178551b06c66ff6ec944f5f1c1398b99ea

SHA512
ea4e025683b5797a8e0f9a7dda50cfb5f045eebc27e88af94500aa1800afcf551f0d4458187167cf1b380114fbcfa4c47f62df42f5525cf80d0f0b2fa03df901

Download Submit
C:\Windows\system\FXNoWTm.exe

Filesize
6.0MB

MD5
5cdd9f859d93795554d7d05d723c4477

SHA1
d4087b947e71394c4d053090e5920ed74452c22a

SHA256
556c26a8ede89843d95af0b18cba8d31548589f78612479b1486cdf389bd0e50

SHA512
1fd2b6f7c11051feb9ab828a404772f18a9ca3f64ae8da67f823d7407a9b25d04496017a052b685b20e39a024f80661aac5cbf52e845ff7e3490f5c7037b2d38

Download Submit
C:\Windows\system\IvrhKVC.exe

Filesize
6.0MB

MD5
3b7a29aa825f3c85721c2034742ecf45

SHA1
e2d7341da4fc91d2ea3f614830e3b5fdbc41fbbd

SHA256
0bd782cd499d8b10bec27f8567110d5e4c26a24a5fa6afc9c46c3df33ef7ad79

SHA512
368bf7905377c4afe969022ea87ae5364997aa1ef3f8979a8c2394bdc827b0f857448ff3cc596ee0a0b46d0db59bc99b3815107c32761b51b07f4d0f3891bbaf

Download Submit
C:\Windows\system\JmYRQYb.exe

Filesize
6.0MB

MD5
747be4dcdcd551b6295fdc3b8b002515

SHA1
4f17bf6ef1d27c6171ca652e3b0ade0a6f34729a

SHA256
195132df5557c74679f2af5b61fab80bbfbc427a2f790b4bc322f5372d747620

SHA512
65d9072cb028951df1a4d07b5e21bed3a7a92434c72efc2ac68ceb2106415106555b57bf8f2ed03fe26f94a39bfbbe3ac02d1cc97b4dc17711d0d6c366cdaffb

Download Submit
C:\Windows\system\LNrUrxc.exe

Filesize
6.0MB

MD5
80cafef1b22219ed869de5ae15dd1549

SHA1
aa837279b43eeb94c0536f1ae30c55bfc6b427ec

SHA256
b7c451f086a1743887cfa0daa3d134abccaddd230ec98a2c4ed9e2d5b636e4dc

SHA512
b7f5f2a2768a5bb5f702f1ef6a7e8bb4e3326fc2023fa73e85c01c1376aac2218574a23cc6d7b552cccebcf2591cbd2547f7b34df9da57c5bfb791bb767cafc9

Download Submit
C:\Windows\system\MEQHjNC.exe

Filesize
6.0MB

MD5
1340d5ecf827196433fee1b3760e91e9

SHA1
d28d09a9bc8140e4c633e95f536fac60c186404b

SHA256
7efa96af32e6b87f0da9e4ed822571dd28c073132b11d040bb6508c916958bab

SHA512
442cfe5f1cacac9e633d268f80e179bb102c0bcf3a46cf334db37a5c2840cb91dfc49cbeac3391323e4c4ca0f0989a69a634b11766e1dc21cd0cc1eca66717c6

Download Submit
C:\Windows\system\MtHfVuE.exe

Filesize
6.0MB

MD5
1877f3fe4cd3a0114cac8679a5f3aff2

SHA1
d0a1d3edea65b2d64a256b10e0b24b1a35229c0c

SHA256
7329c7fb3ee42e9ad103723be6a7338e58ee02e9d30314be05551451784bb0fd

SHA512
43f085c9b1cda4f02ead7ae152812d77d143cc0b5b4fb2b28ec813e041a2d6ed4cc92ef2a2327445f949ae2b912b449d996435d4eb49acf16e2b921d4e56f1af

Download Submit
C:\Windows\system\OQzVhKD.exe

Filesize
6.0MB

MD5
8b3e52dc58d187203b1bbd120f88ff54

SHA1
35355d2a0507eff2b5d170f8c6a8d8a9b125763f

SHA256
12a44379497b5bb75af6a25085e888cd04d0cda75acba6f697bc95abd00f17de

SHA512
c3209b151cfa8d18e7559ced281519bf8f13bf0cbaa74f1e9c5bbe23481ec7685994607dab67353b6dac40eb79d3e7dc8fa2dd5d51e0ebb9acedca09eba2dd47

Download Submit
C:\Windows\system\OiikrPh.exe

Filesize
6.0MB

MD5
7ac43b05bb29e6fe8f5c1e4ea79e33a4

SHA1
4660ebd6acd241648c17e77857dbea8dcd584de1

SHA256
0d443d0f4edf9bf684e53842c090f6b4f54886cf2749fce0493126d45274b565

SHA512
4015bd09bfc82a81430317ce5eaf4beaa23c4ca24266559f21c6fac8d5cc2cceee810f6a0ff94c80a6f41beb857cf3af20828630a134186f43415f884f861a21

Download Submit
C:\Windows\system\PmWblpM.exe

Filesize
6.0MB

MD5
b9574f7041c764ff5b6086df00dfa5d2

SHA1
e7d159747a638369475f199548a3e9ef58198813

SHA256
5304fb5696c9af81f2ee0547c91882aacc640e70a63e215da83fa755e40b624b

SHA512
e2f728e49e8af6eb107c6e0f4f7bd6ecbbdd0bb90d6242bce2b982e304fb7906537bb2de3627c59f6a46168d1d2ff7a6f599cca6914acffdabb9f4c4c91cfb0f

Download Submit
C:\Windows\system\QiloNbO.exe

Filesize
6.0MB

MD5
476cade91af5465c45577d36d2da9669

SHA1
6f694a3508ab18e874c0543921d6c7a7a177c528

SHA256
9fa8edf63b43237844868fcf73ac19b74c82fc7431a5a28bec2e839a3a774f7f

SHA512
ceaf26b00c4e6a1a492486ffe45b7712ed72fdc673c73852e2710868adf48551510baca6d0524c7941f8d0524ce976bf6eb83e3877ac843c80469a1bad6a779b

Download Submit
C:\Windows\system\SYMbnnn.exe

Filesize
6.0MB

MD5
e44de580b893784af353bd1931f8c72a

SHA1
bd5effc2f0132bed8038a633bdaf0ff009f10585

SHA256
f7d04d5bf0171145cf541040a1983b5fd08efc735b0454a80382127af86195c2

SHA512
26e74b7843d31aaa39dbb3a4c3f8ff67291b5c603b4ef28db30c73d94cebcae3d395124611a168b62547e5926c1392e5619fb9fd11f9c586768723b67dd30389

Download Submit
C:\Windows\system\TWWajqQ.exe

Filesize
6.0MB

MD5
261969525da264e084bda11e4fed2489

SHA1
d58e363974004af518a5c05c5523d6998539456b

SHA256
d4c2a3d84c7f77eb249b633d4814942ac148ec7b074321b0de20cba0340c2f94

SHA512
dc573e0acc4a5a1a3f7109ef01314ebf8c6e577fdd8e3d141b29009949532ae97e7a6f59f7cbdeeb62d10758e899b1abf29d078a96491b3f6956474ecb19397b

Download Submit
C:\Windows\system\TZcfiGV.exe

Filesize
6.0MB

MD5
497d231d874bbd2b5c964228375c590c

SHA1
51b4a3d6e9b91f5e66e8eabd915fc998e845e2a4

SHA256
96745b19ecd581307871b6784af27488e11276ca32aac12183c767b6caf7e669

SHA512
c77ea578bdf29f371c4bd8670e64dc2dd5a48501bfccf41a788af5bd0ea7168e5d66be3874ebae8ce266d79f9fd190c4ac0dd9122b9277b8ca3e3cdc2e715844

Download Submit
C:\Windows\system\TzIGZuf.exe

Filesize
6.0MB

MD5
4bfe121ce3124241b65fce37e5626886

SHA1
e9ac4b200e4288cb3049ff26c3839adbf88dadd3

SHA256
37224117614f6f06640c6b3f5887c01d558746274fb31d87c95908792115d178

SHA512
fbbabc499e58b1d0c86f2170e845bca9b8353f5297531afc8e91f5ac36f5f63497d7c702d367c9fe7e273c7bc0ed8323fa13c2a95f5b162825ab709617f3bee9

Download Submit
C:\Windows\system\YsRVvYz.exe

Filesize
6.0MB

MD5
2b0df713a05fd0e3c9157ca6247c1658

SHA1
11199dd38ac04c816f13848ef0308e19e31ad290

SHA256
dd32a5e08f8e49232d32ace7e03781ce21fdfc1bd241ed43a8ea0a4c90cb6e98

SHA512
5de6a793af0ee408685d13cd28b02fb7a30eae8e6e779ec060fb8def4a90f215265c93eebaafb75836ec3fc6658558178e69df808b333fe6c067e2563c475e16

Download Submit
C:\Windows\system\ZAvvcBH.exe

Filesize
6.0MB

MD5
3b265af6003e2a63532e0d2d9a257504

SHA1
d9ec11bce44208f7328c9ef1de2a60f6af3eebae

SHA256
4364dbbdc00f3f0639bfe04fce94b5be3ba79747e7ccff397d79dd918a8cac11

SHA512
c4c698708766cf100227424e26af9b6a0ccd0b3f57143da4287b9f112a741244b9c4a1806066ea5932c9e4d52aedd170a419671924fcb64607783c287f623ea2

Download Submit
C:\Windows\system\aXPFRCP.exe

Filesize
6.0MB

MD5
d0ff840b6419a1d33aebf8314b4e8ce5

SHA1
51f8bc88b4984e190ca52eef7f31e95c221abeac

SHA256
d4fd7294b98c7215ce4e554b32c9b26286448ba3353efc71df38038ed61834e6

SHA512
8ce893a38db9f3a5105984cb74a4f522bc34b20ad0da265d100310eb8fe9ad2d97a8e89c7fc7e930f03bb6a75456f7586a9aad0c082d9952637a9d6de6df7b62

Download Submit
C:\Windows\system\avPKnUX.exe

Filesize
6.0MB

MD5
2e7e958d1abe7132a2b332ec546be34c

SHA1
280bdaa9d3128f6e10094b678af0e9b91a890300

SHA256
af1ae427560fc76e5c28e2b8f90c37931ab790387f69eb693dea449b89f84732

SHA512
4531e5c9eeeae293f8b0033f095818a98cdae7b23a0669314ab93488fd44a1f2bb3d21ac936938ba037de007444a479279b959384c3179995c891fbcafcdf954

Download Submit
C:\Windows\system\eXFZrNx.exe

Filesize
6.0MB

MD5
297a26cfe91c9fba5fbd93c5f10fc57f

SHA1
a8a22e9caf3a2b7e09556b31a2845957f73ac00a

SHA256
c59740ee5dcc1297a5b2fbe670c8836c22b31682a7adc1cc472a72df2c24924f

SHA512
d65b7992d9c53591060e73aedf9ac5f2f1f9f222987089171a8d6d7c8512666b382af53e43d160b2b87e8709a9c4c36830a4d423d13d39c1c76f925c2d4253db

Download Submit
C:\Windows\system\gkOPLUB.exe

Filesize
6.0MB

MD5
62507f87f966e202cfa2598eed819227

SHA1
4ce896c3b04759ae27fefbacad54e441944f7220

SHA256
52c7e23a0462a3b6d4c660c0e13a2192d4ab3b716bae1d4044dde5c8f1ecaff4

SHA512
cfb158fbbaef245ae9551187475607af58be2e7af28d10f7d74b9a9a4c27843cc0b9d134dd296cd7fe54902df5d78dece220665d8039195e9450f41a25246aa5

Download Submit
C:\Windows\system\gpeFRIK.exe

Filesize
6.0MB

MD5
70e5b56fde507ec96d6473e84c85697f

SHA1
0c7a326059f03b5c096800f7aa9fb1704b97acc7

SHA256
ac9d1a0485df181270ca0b50531de43e3d5cb789e9ff7ee383cc6050bf53d510

SHA512
e4b086bdd6a2a0074c2ea48f4e1befdd8b8b73533a53672f34cf8df4bc8a6b2e4a4153e1150b6e8ddd408516d148c3f369b285481974d3890eac2e502001c08b

Download Submit
C:\Windows\system\mfubkMR.exe

Filesize
6.0MB

MD5
4b37d3bab08caad6142a12be23534543

SHA1
0ab093c74f1d75350a6f829dc901405cf30c7195

SHA256
a8923cd443fa64acad32385dc13b257029178d2a541922fc8dd9106cf768feb6

SHA512
83c5e586fb2748fd2507190aa097a2c54a9e59f23bf8e71f06ceb05c0a7b4ff810cbed3f6b1fade40a3445ad4ec0be27c64c8c20a24e99af2ce7dd726a9c9ba2

Download Submit
C:\Windows\system\mlCZISQ.exe

Filesize
6.0MB

MD5
a60fb23725c591cbe83d15952d6f88f2

SHA1
87cb6f1d27da2dc85436d895951748ef960ee946

SHA256
273b3644a057f9cb3e1c904d9025c96eca1fd7acca305b59b1e3454a64f14bc8

SHA512
231cf695167fe060919ca38a88250893fbbdaee5bcd86b1f526b47ebe6e5e02cef5fc4f4243a1502c08ee390d90ea1859737b9c05bced51a47eecc729d20f9d6

Download Submit
C:\Windows\system\nXpGQxf.exe

Filesize
6.0MB

MD5
b3d81b7147c7e7779b3430fcf46e7726

SHA1
280f5c1326946f81560560cd8664a0d6ab88a29b

SHA256
8cc9919116170231bc4630117425d4062103cf2657253ffbc3dac0ae60da1203

SHA512
00e195bd0e6698fbc4e4abf2d5a0139a36a775624151d5f1c96c7beadbca063316554ab29a150719ee9df87066fe2bf5d2a36af0e6aa280de715be08f5c85ae2

Download Submit
C:\Windows\system\oZAeqbE.exe

Filesize
6.0MB

MD5
b027a04f1cd4999917522fe67d544ee7

SHA1
532aa4b856871e75c1b7ec3a911a54d361bd0571

SHA256
3bea35c38bf6b984c9f7e31486ef460b3d2b44eaeaea854ae5637564ff214a2d

SHA512
116269e8feba64efaaab8c851ebc74e93130d355d9f92738306087ce0325f89787b272e0c138dc52af39aca52ad9f265593204e411b11dcf089e78f1dcd03d1b

Download Submit
C:\Windows\system\sAmlksw.exe

Filesize
6.0MB

MD5
f82cc739b0cd19ce0eed774c11bc6129

SHA1
7341bd0194ba82d2ac7adf8589b9263321dd5c8b

SHA256
14a58c004042fdc9135b94b241e89ebffa52defcd4c86e26fc88256f2e3bcbd7

SHA512
0a3b5567688611b2e400190cb19141fac090f7651013f0dcb7e36a5b46bf8b643bd015a15aeaee0c78b2849a067bc4406190f0108128d834cf9a996336ee4cc4

Download Submit
C:\Windows\system\yIrUFyt.exe

Filesize
6.0MB

MD5
4889ebbc848ebe6810e86d27e0719a96

SHA1
af8ad74ac6b948a260f5fb262c41377200073264

SHA256
bf07d52bd4e3e215f7a88ae2e1d5b76b935ffad39fd96be101625ce4358ee8e2

SHA512
ba8076c933575d43a71156dc816c61910643763a3525ffa1d2bd0e2b4185c475f9078ccf7f14eac4c061a3740c8042e6a277aef6126c5260c18b7d296d5f4d5c

Download Submit
\Windows\system\RTaIwXi.exe

Filesize
6.0MB

MD5
e13b1520a5caba3b82f4b190ee3dd651

SHA1
d458d70661a7e1c63d81dc86b97b7c6bfd147d33

SHA256
a795b387f0aa452ca573fce4e3397f2c52bd4e8d5b43c95b1437043e3242f99b

SHA512
be4deb68c71e70725b7dfa0648aaebb763cec9ee9410227ff0466d5268b46ae30cd903eaf23ccc68a0c77db4f95f9ec25ebf2c27ad4000b4b22aee044c8ebba4

Download Submit
\Windows\system\jsIPffD.exe

Filesize
6.0MB

MD5
441dbde8940577e396287e674c937dbc

SHA1
e6185a2ddf9c353f3e5f6e91d96669d5a23ad565

SHA256
396a9072f801f5bd87d7f74e800e46e2b8c0f0d00da8fde20967a7aa60aa2ec1

SHA512
6f4a6ec7ce1b7881797158ad6dc23d3052a4b5ef7b87b0042797c231cc7b049348116765ecbffb2361ee3f0b05dc799a70fb552e88c62f9284295036dc146293

Download Submit
\Windows\system\nePbDIB.exe

Filesize
6.0MB

MD5
1129b6b6f68361bd93d955770e6f2e2a

SHA1
a1ff57c1bbb9a67411eebfe7c061cab1a8ad48fe

SHA256
1c806c6b06b6b33aa07dc140a0e8306eb5091208add5a3cc8f149a2b3e269f07

SHA512
ce97823d58787a5e1a2122dce8341288eade97b733d379bbed9abd34420043e111e4f940a077bc8d294f8fa483fc38d5b95adc6c6b078e63e7d3d8b71e3986f0

Download Submit
\Windows\system\wPJnjAy.exe

Filesize
6.0MB

MD5
b2d1934054ba9c9e86c29930f06cfdfb

SHA1
8a35af018336409612bd69b800e27e3caf40f83b

SHA256
2040a25fc274b93a571d72faf6c58f7198ab7d58b3e68a0adbea85106db73e51

SHA512
7fb4e4e2f1242ab232d013761689834b072daf177b21da157ffe4281d95111ca628ea943ec10a9435ceb483df33841057ea78ba747924866518493e03d1ee12a

Download Submit
\Windows\system\xGrevXU.exe

Filesize
6.0MB

MD5
0d05dd7f8c9b35c7062aa922f4958659

SHA1
5c1a80ec41c8d6b94b89a455ad1259e493017d0b

SHA256
d795503b6548b98a6103619c492f1d38dcf806f6782d038a9e9d7b84766da76e

SHA512
5e64d592f2738deb255c977eed69cb07214ddc8c1248835fcbece88e8eaacbd200c9fa385f018ea6b28c4d5c8169c3a4796e0600b2a7fab6425474e94ea49bcf

Download Submit
memory/1692-167-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1692-3977-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1696-217-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1696-3916-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2104-171-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2104-3972-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2412-3975-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2412-160-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2436-184-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-1407-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2436-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2436-165-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-188-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2436-176-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-180-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2436-0-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2436-210-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-172-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2436-1483-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2436-170-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2436-216-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2436-1482-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-135-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2436-128-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2436-1481-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2436-156-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2436-204-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2436-1288-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2436-1289-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2452-152-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2452-3980-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2704-173-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3976-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3936-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-179-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-4053-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-215-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-194-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3974-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3979-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-201-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-187-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3973-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3981-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2852-182-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3917-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2944-207-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2980-189-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2980-3978-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download