cobaltstrike | 96d3e1cbb25a6087bf22a9c491039ba73c52532a77243dc727b9f32bd2a066c9

Analysis

max time kernel
81s
max time network
18s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

9b1c66c840881257895273604f91ff37
SHA1

4bd229c6915310ef8d0d6ea3b73be85e10422ae1
SHA256

96d3e1cbb25a6087bf22a9c491039ba73c52532a77243dc727b9f32bd2a066c9
SHA512

e747d47108c0af1bbe9e363d3e433cbe7401da8cc4d95d047d13a814e678ea767355f36680455c941ca009052c0d7f112a89f06c5ed9f2a00211597ad398f2ec
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUv:T+q56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001202b-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d5f-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d87-15.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d9c-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015df0-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f37-35.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015fa5-40.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cef-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d67-49.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d72-59.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dbd-79.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd8-89.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dec-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df2-104.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df7-109.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707e-119.dat	cobalt_reflective_dll
behavioral1/files/0x002e000000015d14-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871a-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018708-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870a-153.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001756f-145.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f7-141.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017226-132.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000170da-124.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dff-114.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de2-94.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dcf-84.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016da7-74.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d92-69.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d76-64.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6e-54.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e4e-29.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/808-0-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x000a00000001202b-3.dat	xmrig
behavioral1/files/0x0008000000015d5f-11.dat	xmrig
behavioral1/files/0x0008000000015d87-15.dat	xmrig
behavioral1/files/0x0008000000015d9c-20.dat	xmrig
behavioral1/files/0x0007000000015df0-25.dat	xmrig
behavioral1/files/0x0007000000015f37-35.dat	xmrig
behavioral1/files/0x0009000000015fa5-40.dat	xmrig
behavioral1/files/0x0009000000016cef-45.dat	xmrig
behavioral1/files/0x0007000000016d67-49.dat	xmrig
behavioral1/files/0x0006000000016d72-59.dat	xmrig
behavioral1/files/0x0006000000016dbd-79.dat	xmrig
behavioral1/files/0x0006000000016dd8-89.dat	xmrig
behavioral1/files/0x0006000000016dec-99.dat	xmrig
behavioral1/files/0x0006000000016df2-104.dat	xmrig
behavioral1/files/0x0006000000016df7-109.dat	xmrig
behavioral1/files/0x000600000001707e-119.dat	xmrig
behavioral1/files/0x002e000000015d14-136.dat	xmrig
behavioral1/memory/2808-1273-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/1128-1389-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2944-1391-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/812-1394-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2068-1396-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2876-1398-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001871a-160.dat	xmrig
behavioral1/files/0x0005000000018708-159.dat	xmrig
behavioral1/files/0x000500000001870a-153.dat	xmrig
behavioral1/files/0x000600000001756f-145.dat	xmrig
behavioral1/files/0x00060000000174f7-141.dat	xmrig
behavioral1/files/0x0006000000017226-132.dat	xmrig
behavioral1/memory/808-128-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x00060000000170da-124.dat	xmrig
behavioral1/files/0x0006000000016dff-114.dat	xmrig
behavioral1/files/0x0006000000016de2-94.dat	xmrig
behavioral1/files/0x0006000000016dcf-84.dat	xmrig
behavioral1/files/0x0006000000016da7-74.dat	xmrig
behavioral1/files/0x0006000000016d92-69.dat	xmrig
behavioral1/files/0x0006000000016d76-64.dat	xmrig
behavioral1/files/0x0006000000016d6e-54.dat	xmrig
behavioral1/files/0x0007000000015e4e-29.dat	xmrig
behavioral1/memory/2924-1582-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2928-1664-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/808-1671-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2908-1740-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2992-1763-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2748-1841-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/808-1858-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/1316-2062-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2080-2065-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/808-2066-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2148-2072-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/808-2899-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/808-3256-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/808-3258-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/808-3260-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/808-3383-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2808-4070-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2748-4069-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2080-4068-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/1128-4067-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2908-4066-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2992-4065-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2068-4064-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2924-4063-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2148	MkZDDaM.exe
2808	ICeQbpT.exe
1128	cvacnnj.exe
2944	WngWXSg.exe
812	thUWvgg.exe
2068	sWWnTEP.exe
2876	pHUfhah.exe
2924	YSvLFOk.exe
2928	ximvCdl.exe
2908	SShGkWQ.exe
2992	rIMPlle.exe
2748	DNjpFjD.exe
1316	LCKMHbA.exe
2080	hBEFpil.exe
2816	nouZEJn.exe
376	aCTqKDC.exe
2580	AzEmcvh.exe
2364	lynqIhA.exe
976	jgdwKKb.exe
1080	HlNbNbS.exe
1660	BzHBFkq.exe
1904	NuqIZrw.exe
2776	gEcciPO.exe
2964	wORqukW.exe
1496	dUFPGtn.exe
2220	GHyzLAL.exe
2388	OwaSygg.exe
1096	YLArXXA.exe
480	EehxPdh.exe
2192	BEGSSSl.exe
2232	OycMNjI.exe
2248	OlbgdwG.exe
868	eVZGjGQ.exe
1880	iXBOaHZ.exe
2332	fPpfDbd.exe
2512	hyfqPbR.exe
372	QwtpoOU.exe
1692	XFbBXEO.exe
2256	sbzYOTV.exe
1624	fqdXzbI.exe
2320	OuYkdlJ.exe
992	tErzJZY.exe
2008	RjLqRoh.exe
1756	wiVpjfI.exe
2016	WOjeLeL.exe
2568	pkNqZwZ.exe
880	SvmLrgg.exe
2312	XmaiVpb.exe
2540	Riwkcgm.exe
1608	QFZppAV.exe
1876	UaQbHRV.exe
1684	WHBUqfo.exe
1800	bpICWOx.exe
2356	CmMdoZL.exe
1952	lbsefUP.exe
1564	OzOnVPt.exe
1352	DJaXDXR.exe
3004	XSaEvYS.exe
2196	yCXLBiA.exe
2872	CWcObSP.exe
2060	qPFEjOT.exe
2164	VQwbTFT.exe
1656	ZhWKLuD.exe
2772	uAlaAVX.exe

Loads dropped DLL 64 IoCs

pid	Process
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/808-0-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x000a00000001202b-3.dat	upx
behavioral1/files/0x0008000000015d5f-11.dat	upx
behavioral1/files/0x0008000000015d87-15.dat	upx
behavioral1/files/0x0008000000015d9c-20.dat	upx
behavioral1/files/0x0007000000015df0-25.dat	upx
behavioral1/files/0x0007000000015f37-35.dat	upx
behavioral1/files/0x0009000000015fa5-40.dat	upx
behavioral1/files/0x0009000000016cef-45.dat	upx
behavioral1/files/0x0007000000016d67-49.dat	upx
behavioral1/files/0x0006000000016d72-59.dat	upx
behavioral1/files/0x0006000000016dbd-79.dat	upx
behavioral1/files/0x0006000000016dd8-89.dat	upx
behavioral1/files/0x0006000000016dec-99.dat	upx
behavioral1/files/0x0006000000016df2-104.dat	upx
behavioral1/files/0x0006000000016df7-109.dat	upx
behavioral1/files/0x000600000001707e-119.dat	upx
behavioral1/files/0x002e000000015d14-136.dat	upx
behavioral1/memory/2808-1273-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/1128-1389-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2944-1391-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/812-1394-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2068-1396-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2876-1398-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x000500000001871a-160.dat	upx
behavioral1/files/0x0005000000018708-159.dat	upx
behavioral1/files/0x000500000001870a-153.dat	upx
behavioral1/files/0x000600000001756f-145.dat	upx
behavioral1/files/0x00060000000174f7-141.dat	upx
behavioral1/files/0x0006000000017226-132.dat	upx
behavioral1/files/0x00060000000170da-124.dat	upx
behavioral1/files/0x0006000000016dff-114.dat	upx
behavioral1/files/0x0006000000016de2-94.dat	upx
behavioral1/files/0x0006000000016dcf-84.dat	upx
behavioral1/files/0x0006000000016da7-74.dat	upx
behavioral1/files/0x0006000000016d92-69.dat	upx
behavioral1/files/0x0006000000016d76-64.dat	upx
behavioral1/files/0x0006000000016d6e-54.dat	upx
behavioral1/files/0x0007000000015e4e-29.dat	upx
behavioral1/memory/2924-1582-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2928-1664-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2908-1740-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2992-1763-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2748-1841-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/1316-2062-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2080-2065-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2148-2072-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/808-2899-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2808-4070-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2748-4069-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2080-4068-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/1128-4067-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2908-4066-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2992-4065-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2068-4064-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2924-4063-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2928-4062-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2944-4061-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/1316-4060-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ntHhVNe.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\syWrezw.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMamefo.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvmLrgg.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ghmEVjr.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eNouiIF.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFaLfVD.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MvFGDcE.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TgdBDRr.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xcsmJDJ.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oscPsni.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iHGtGIT.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TEAsHDk.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vYNDyZY.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\isvCMPH.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkbacrF.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sjjhvoI.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XtWNGxN.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vsrQNYx.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgEJREP.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYUCSxY.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Bsnzcfl.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XSaEvYS.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nfyjhTX.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TToUmEQ.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\icNDSVO.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OmVHKkg.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oXMaOAB.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UAGpkrO.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\edBdGNN.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rokNAeC.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Vrrdmcu.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCIOUTg.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dWMTBLd.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZOsfMcs.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxBPYHQ.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IAYQeHF.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KtBrtUQ.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QwKSidt.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLKahOh.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jewtzmC.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CxIplcj.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSmhylW.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KedEsOV.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJguxJA.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGdcUrH.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sJKFRqm.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TfhMaGm.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHwOVZN.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VQLqUVd.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HHpVapR.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PesFhkW.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yKBOmPD.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWBtJhF.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WHBUqfo.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cOGGOzq.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmAakxf.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Zbsptph.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zzeyxGI.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UyvkZOE.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFJhFoV.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sbzYOTV.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\khQwptS.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNdptOp.exe	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 808 wrote to memory of 2148	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 808 wrote to memory of 2148	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 808 wrote to memory of 2148	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 808 wrote to memory of 2808	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 808 wrote to memory of 2808	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 808 wrote to memory of 2808	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 808 wrote to memory of 1128	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 808 wrote to memory of 1128	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 808 wrote to memory of 1128	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 808 wrote to memory of 2944	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 808 wrote to memory of 2944	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 808 wrote to memory of 2944	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 808 wrote to memory of 812	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 808 wrote to memory of 812	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 808 wrote to memory of 812	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 808 wrote to memory of 2068	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 808 wrote to memory of 2068	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 808 wrote to memory of 2068	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 808 wrote to memory of 2876	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 808 wrote to memory of 2876	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 808 wrote to memory of 2876	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 808 wrote to memory of 2924	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 808 wrote to memory of 2924	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 808 wrote to memory of 2924	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 808 wrote to memory of 2928	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 808 wrote to memory of 2928	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 808 wrote to memory of 2928	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 808 wrote to memory of 2908	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 808 wrote to memory of 2908	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 808 wrote to memory of 2908	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 808 wrote to memory of 2992	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 808 wrote to memory of 2992	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 808 wrote to memory of 2992	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 808 wrote to memory of 2748	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 808 wrote to memory of 2748	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 808 wrote to memory of 2748	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 808 wrote to memory of 1316	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 808 wrote to memory of 1316	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 808 wrote to memory of 1316	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 808 wrote to memory of 2080	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 808 wrote to memory of 2080	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 808 wrote to memory of 2080	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 808 wrote to memory of 2816	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 808 wrote to memory of 2816	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 808 wrote to memory of 2816	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 808 wrote to memory of 376	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 808 wrote to memory of 376	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 808 wrote to memory of 376	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 808 wrote to memory of 2580	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 808 wrote to memory of 2580	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 808 wrote to memory of 2580	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 808 wrote to memory of 2364	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 808 wrote to memory of 2364	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 808 wrote to memory of 2364	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 808 wrote to memory of 976	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 808 wrote to memory of 976	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 808 wrote to memory of 976	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 808 wrote to memory of 1080	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 808 wrote to memory of 1080	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 808 wrote to memory of 1080	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 808 wrote to memory of 1660	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 808 wrote to memory of 1660	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 808 wrote to memory of 1660	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 808 wrote to memory of 1904	808	2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-23_9b1c66c840881257895273604f91ff37_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:808
- C:\Windows\System\MkZDDaM.exe
  C:\Windows\System\MkZDDaM.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\ICeQbpT.exe
  C:\Windows\System\ICeQbpT.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\cvacnnj.exe
  C:\Windows\System\cvacnnj.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\WngWXSg.exe
  C:\Windows\System\WngWXSg.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\thUWvgg.exe
  C:\Windows\System\thUWvgg.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\sWWnTEP.exe
  C:\Windows\System\sWWnTEP.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\pHUfhah.exe
  C:\Windows\System\pHUfhah.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\YSvLFOk.exe
  C:\Windows\System\YSvLFOk.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\ximvCdl.exe
  C:\Windows\System\ximvCdl.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\SShGkWQ.exe
  C:\Windows\System\SShGkWQ.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\rIMPlle.exe
  C:\Windows\System\rIMPlle.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\DNjpFjD.exe
  C:\Windows\System\DNjpFjD.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\LCKMHbA.exe
  C:\Windows\System\LCKMHbA.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\hBEFpil.exe
  C:\Windows\System\hBEFpil.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\nouZEJn.exe
  C:\Windows\System\nouZEJn.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\aCTqKDC.exe
  C:\Windows\System\aCTqKDC.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\AzEmcvh.exe
  C:\Windows\System\AzEmcvh.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\lynqIhA.exe
  C:\Windows\System\lynqIhA.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\jgdwKKb.exe
  C:\Windows\System\jgdwKKb.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\HlNbNbS.exe
  C:\Windows\System\HlNbNbS.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\BzHBFkq.exe
  C:\Windows\System\BzHBFkq.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\NuqIZrw.exe
  C:\Windows\System\NuqIZrw.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\gEcciPO.exe
  C:\Windows\System\gEcciPO.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\wORqukW.exe
  C:\Windows\System\wORqukW.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\dUFPGtn.exe
  C:\Windows\System\dUFPGtn.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\GHyzLAL.exe
  C:\Windows\System\GHyzLAL.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\OwaSygg.exe
  C:\Windows\System\OwaSygg.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\YLArXXA.exe
  C:\Windows\System\YLArXXA.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\EehxPdh.exe
  C:\Windows\System\EehxPdh.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\OycMNjI.exe
  C:\Windows\System\OycMNjI.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\BEGSSSl.exe
  C:\Windows\System\BEGSSSl.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\OlbgdwG.exe
  C:\Windows\System\OlbgdwG.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\eVZGjGQ.exe
  C:\Windows\System\eVZGjGQ.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\fPpfDbd.exe
  C:\Windows\System\fPpfDbd.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\iXBOaHZ.exe
  C:\Windows\System\iXBOaHZ.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\hyfqPbR.exe
  C:\Windows\System\hyfqPbR.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\QwtpoOU.exe
  C:\Windows\System\QwtpoOU.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\XFbBXEO.exe
  C:\Windows\System\XFbBXEO.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\sbzYOTV.exe
  C:\Windows\System\sbzYOTV.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\fqdXzbI.exe
  C:\Windows\System\fqdXzbI.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\OuYkdlJ.exe
  C:\Windows\System\OuYkdlJ.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\RjLqRoh.exe
  C:\Windows\System\RjLqRoh.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\tErzJZY.exe
  C:\Windows\System\tErzJZY.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\wiVpjfI.exe
  C:\Windows\System\wiVpjfI.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\WOjeLeL.exe
  C:\Windows\System\WOjeLeL.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\SvmLrgg.exe
  C:\Windows\System\SvmLrgg.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\pkNqZwZ.exe
  C:\Windows\System\pkNqZwZ.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\XmaiVpb.exe
  C:\Windows\System\XmaiVpb.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\Riwkcgm.exe
  C:\Windows\System\Riwkcgm.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\QFZppAV.exe
  C:\Windows\System\QFZppAV.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\UaQbHRV.exe
  C:\Windows\System\UaQbHRV.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\WHBUqfo.exe
  C:\Windows\System\WHBUqfo.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\bpICWOx.exe
  C:\Windows\System\bpICWOx.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\CmMdoZL.exe
  C:\Windows\System\CmMdoZL.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\lbsefUP.exe
  C:\Windows\System\lbsefUP.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\OzOnVPt.exe
  C:\Windows\System\OzOnVPt.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\DJaXDXR.exe
  C:\Windows\System\DJaXDXR.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\XSaEvYS.exe
  C:\Windows\System\XSaEvYS.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\yCXLBiA.exe
  C:\Windows\System\yCXLBiA.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\CWcObSP.exe
  C:\Windows\System\CWcObSP.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\qPFEjOT.exe
  C:\Windows\System\qPFEjOT.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\VQwbTFT.exe
  C:\Windows\System\VQwbTFT.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\ZhWKLuD.exe
  C:\Windows\System\ZhWKLuD.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\uAlaAVX.exe
  C:\Windows\System\uAlaAVX.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\LKqkgiJ.exe
  C:\Windows\System\LKqkgiJ.exe
  2⤵
  PID:2836
- C:\Windows\System\nnoMFVN.exe
  C:\Windows\System\nnoMFVN.exe
  2⤵
  PID:1552
- C:\Windows\System\PPwaZPW.exe
  C:\Windows\System\PPwaZPW.exe
  2⤵
  PID:264
- C:\Windows\System\vMPlUkO.exe
  C:\Windows\System\vMPlUkO.exe
  2⤵
  PID:2324
- C:\Windows\System\Lfquyke.exe
  C:\Windows\System\Lfquyke.exe
  2⤵
  PID:2592
- C:\Windows\System\YfOnjVm.exe
  C:\Windows\System\YfOnjVm.exe
  2⤵
  PID:2276
- C:\Windows\System\fVOuiSV.exe
  C:\Windows\System\fVOuiSV.exe
  2⤵
  PID:2784
- C:\Windows\System\TfhMaGm.exe
  C:\Windows\System\TfhMaGm.exe
  2⤵
  PID:2288
- C:\Windows\System\ZuVgpyn.exe
  C:\Windows\System\ZuVgpyn.exe
  2⤵
  PID:1696
- C:\Windows\System\BhTtuHm.exe
  C:\Windows\System\BhTtuHm.exe
  2⤵
  PID:1680
- C:\Windows\System\XntFCVk.exe
  C:\Windows\System\XntFCVk.exe
  2⤵
  PID:2088
- C:\Windows\System\FVLDobl.exe
  C:\Windows\System\FVLDobl.exe
  2⤵
  PID:2216
- C:\Windows\System\RibfMOZ.exe
  C:\Windows\System\RibfMOZ.exe
  2⤵
  PID:600
- C:\Windows\System\yCMczHM.exe
  C:\Windows\System\yCMczHM.exe
  2⤵
  PID:824
- C:\Windows\System\HdjEhda.exe
  C:\Windows\System\HdjEhda.exe
  2⤵
  PID:1712
- C:\Windows\System\drrNgUV.exe
  C:\Windows\System\drrNgUV.exe
  2⤵
  PID:1788
- C:\Windows\System\JCgCKDw.exe
  C:\Windows\System\JCgCKDw.exe
  2⤵
  PID:1492
- C:\Windows\System\KheKmaC.exe
  C:\Windows\System\KheKmaC.exe
  2⤵
  PID:2684
- C:\Windows\System\AqOcimk.exe
  C:\Windows\System\AqOcimk.exe
  2⤵
  PID:1704
- C:\Windows\System\Ihpsdgf.exe
  C:\Windows\System\Ihpsdgf.exe
  2⤵
  PID:1716
- C:\Windows\System\OtaYnpH.exe
  C:\Windows\System\OtaYnpH.exe
  2⤵
  PID:3056
- C:\Windows\System\YsVnOtB.exe
  C:\Windows\System\YsVnOtB.exe
  2⤵
  PID:1816
- C:\Windows\System\lvKExVl.exe
  C:\Windows\System\lvKExVl.exe
  2⤵
  PID:276
- C:\Windows\System\QYXzeuM.exe
  C:\Windows\System\QYXzeuM.exe
  2⤵
  PID:968
- C:\Windows\System\hJkVzsT.exe
  C:\Windows\System\hJkVzsT.exe
  2⤵
  PID:1068
- C:\Windows\System\CkysRvm.exe
  C:\Windows\System\CkysRvm.exe
  2⤵
  PID:864
- C:\Windows\System\cIVxoWA.exe
  C:\Windows\System\cIVxoWA.exe
  2⤵
  PID:1960
- C:\Windows\System\qYIpwhM.exe
  C:\Windows\System\qYIpwhM.exe
  2⤵
  PID:2860
- C:\Windows\System\DSQNsVW.exe
  C:\Windows\System\DSQNsVW.exe
  2⤵
  PID:736
- C:\Windows\System\doZIAeB.exe
  C:\Windows\System\doZIAeB.exe
  2⤵
  PID:2160
- C:\Windows\System\gdLsYiy.exe
  C:\Windows\System\gdLsYiy.exe
  2⤵
  PID:2712
- C:\Windows\System\dOnXlWt.exe
  C:\Windows\System\dOnXlWt.exe
  2⤵
  PID:2988
- C:\Windows\System\cTSVAyr.exe
  C:\Windows\System\cTSVAyr.exe
  2⤵
  PID:2788
- C:\Windows\System\PwrZaLk.exe
  C:\Windows\System\PwrZaLk.exe
  2⤵
  PID:2696
- C:\Windows\System\wWPWRkO.exe
  C:\Windows\System\wWPWRkO.exe
  2⤵
  PID:2124
- C:\Windows\System\aGJXppv.exe
  C:\Windows\System\aGJXppv.exe
  2⤵
  PID:1324
- C:\Windows\System\ckqVayC.exe
  C:\Windows\System\ckqVayC.exe
  2⤵
  PID:2100
- C:\Windows\System\TFnPfiq.exe
  C:\Windows\System\TFnPfiq.exe
  2⤵
  PID:2264
- C:\Windows\System\yOOztUN.exe
  C:\Windows\System\yOOztUN.exe
  2⤵
  PID:884
- C:\Windows\System\OiXXFcA.exe
  C:\Windows\System\OiXXFcA.exe
  2⤵
  PID:1612
- C:\Windows\System\LKxNewS.exe
  C:\Windows\System\LKxNewS.exe
  2⤵
  PID:1388
- C:\Windows\System\RUExyHG.exe
  C:\Windows\System\RUExyHG.exe
  2⤵
  PID:2488
- C:\Windows\System\IEfONsa.exe
  C:\Windows\System\IEfONsa.exe
  2⤵
  PID:2108
- C:\Windows\System\PKSGQqs.exe
  C:\Windows\System\PKSGQqs.exe
  2⤵
  PID:2236
- C:\Windows\System\pmYotuV.exe
  C:\Windows\System\pmYotuV.exe
  2⤵
  PID:852
- C:\Windows\System\HhtCDfh.exe
  C:\Windows\System\HhtCDfh.exe
  2⤵
  PID:540
- C:\Windows\System\hkRiWXt.exe
  C:\Windows\System\hkRiWXt.exe
  2⤵
  PID:1004
- C:\Windows\System\wtABihm.exe
  C:\Windows\System\wtABihm.exe
  2⤵
  PID:1720
- C:\Windows\System\tXQiGYN.exe
  C:\Windows\System\tXQiGYN.exe
  2⤵
  PID:2044
- C:\Windows\System\tHBMbKA.exe
  C:\Windows\System\tHBMbKA.exe
  2⤵
  PID:2984
- C:\Windows\System\usuuUKA.exe
  C:\Windows\System\usuuUKA.exe
  2⤵
  PID:1868
- C:\Windows\System\jdVSusl.exe
  C:\Windows\System\jdVSusl.exe
  2⤵
  PID:2912
- C:\Windows\System\ipVePKi.exe
  C:\Windows\System\ipVePKi.exe
  2⤵
  PID:3048
- C:\Windows\System\EuXCBHs.exe
  C:\Windows\System\EuXCBHs.exe
  2⤵
  PID:544
- C:\Windows\System\nAEiMTx.exe
  C:\Windows\System\nAEiMTx.exe
  2⤵
  PID:624
- C:\Windows\System\mhtOKxh.exe
  C:\Windows\System\mhtOKxh.exe
  2⤵
  PID:2416
- C:\Windows\System\HjyFiEw.exe
  C:\Windows\System\HjyFiEw.exe
  2⤵
  PID:2360
- C:\Windows\System\JdBpFyP.exe
  C:\Windows\System\JdBpFyP.exe
  2⤵
  PID:2552
- C:\Windows\System\qINjuDX.exe
  C:\Windows\System\qINjuDX.exe
  2⤵
  PID:2132
- C:\Windows\System\UoKrqKW.exe
  C:\Windows\System\UoKrqKW.exe
  2⤵
  PID:1732
- C:\Windows\System\xcsmJDJ.exe
  C:\Windows\System\xcsmJDJ.exe
  2⤵
  PID:3080
- C:\Windows\System\SbKqdjD.exe
  C:\Windows\System\SbKqdjD.exe
  2⤵
  PID:3104
- C:\Windows\System\HpZdZSo.exe
  C:\Windows\System\HpZdZSo.exe
  2⤵
  PID:3128
- C:\Windows\System\fbslriE.exe
  C:\Windows\System\fbslriE.exe
  2⤵
  PID:3152
- C:\Windows\System\rKPEBRc.exe
  C:\Windows\System\rKPEBRc.exe
  2⤵
  PID:3172
- C:\Windows\System\ntHhVNe.exe
  C:\Windows\System\ntHhVNe.exe
  2⤵
  PID:3188
- C:\Windows\System\hKmdFJM.exe
  C:\Windows\System\hKmdFJM.exe
  2⤵
  PID:3212
- C:\Windows\System\ibCzxmt.exe
  C:\Windows\System\ibCzxmt.exe
  2⤵
  PID:3232
- C:\Windows\System\UxBPYHQ.exe
  C:\Windows\System\UxBPYHQ.exe
  2⤵
  PID:3252
- C:\Windows\System\fSyZbCS.exe
  C:\Windows\System\fSyZbCS.exe
  2⤵
  PID:3272
- C:\Windows\System\ONftvaH.exe
  C:\Windows\System\ONftvaH.exe
  2⤵
  PID:3288
- C:\Windows\System\qjvqQEr.exe
  C:\Windows\System\qjvqQEr.exe
  2⤵
  PID:3312
- C:\Windows\System\juThQHy.exe
  C:\Windows\System\juThQHy.exe
  2⤵
  PID:3328
- C:\Windows\System\ToahSte.exe
  C:\Windows\System\ToahSte.exe
  2⤵
  PID:3352
- C:\Windows\System\bBkIlqy.exe
  C:\Windows\System\bBkIlqy.exe
  2⤵
  PID:3372
- C:\Windows\System\ReKfLnz.exe
  C:\Windows\System\ReKfLnz.exe
  2⤵
  PID:3388
- C:\Windows\System\wJtAoGo.exe
  C:\Windows\System\wJtAoGo.exe
  2⤵
  PID:3408
- C:\Windows\System\AAwWsQo.exe
  C:\Windows\System\AAwWsQo.exe
  2⤵
  PID:3428
- C:\Windows\System\uAcJKHy.exe
  C:\Windows\System\uAcJKHy.exe
  2⤵
  PID:3448
- C:\Windows\System\EgjVnXk.exe
  C:\Windows\System\EgjVnXk.exe
  2⤵
  PID:3476
- C:\Windows\System\cCIOUTg.exe
  C:\Windows\System\cCIOUTg.exe
  2⤵
  PID:3496
- C:\Windows\System\DoenxUD.exe
  C:\Windows\System\DoenxUD.exe
  2⤵
  PID:3516
- C:\Windows\System\pIINrMs.exe
  C:\Windows\System\pIINrMs.exe
  2⤵
  PID:3536
- C:\Windows\System\AvsMdhB.exe
  C:\Windows\System\AvsMdhB.exe
  2⤵
  PID:3556
- C:\Windows\System\EvdQPMw.exe
  C:\Windows\System\EvdQPMw.exe
  2⤵
  PID:3572
- C:\Windows\System\YzAJHTK.exe
  C:\Windows\System\YzAJHTK.exe
  2⤵
  PID:3588
- C:\Windows\System\MUgHcLN.exe
  C:\Windows\System\MUgHcLN.exe
  2⤵
  PID:3616
- C:\Windows\System\kJjBkxh.exe
  C:\Windows\System\kJjBkxh.exe
  2⤵
  PID:3636
- C:\Windows\System\erxekvw.exe
  C:\Windows\System\erxekvw.exe
  2⤵
  PID:3652
- C:\Windows\System\PgEJREP.exe
  C:\Windows\System\PgEJREP.exe
  2⤵
  PID:3668
- C:\Windows\System\agCiPdK.exe
  C:\Windows\System\agCiPdK.exe
  2⤵
  PID:3696
- C:\Windows\System\hHLqZgR.exe
  C:\Windows\System\hHLqZgR.exe
  2⤵
  PID:3716
- C:\Windows\System\uPjJbHN.exe
  C:\Windows\System\uPjJbHN.exe
  2⤵
  PID:3736
- C:\Windows\System\jQQTwqf.exe
  C:\Windows\System\jQQTwqf.exe
  2⤵
  PID:3756
- C:\Windows\System\dAepqij.exe
  C:\Windows\System\dAepqij.exe
  2⤵
  PID:3772
- C:\Windows\System\wTcirde.exe
  C:\Windows\System\wTcirde.exe
  2⤵
  PID:3796
- C:\Windows\System\kNmaBlS.exe
  C:\Windows\System\kNmaBlS.exe
  2⤵
  PID:3812
- C:\Windows\System\DSzJDwb.exe
  C:\Windows\System\DSzJDwb.exe
  2⤵
  PID:3828
- C:\Windows\System\uhqDHvu.exe
  C:\Windows\System\uhqDHvu.exe
  2⤵
  PID:3844
- C:\Windows\System\osouGyq.exe
  C:\Windows\System\osouGyq.exe
  2⤵
  PID:3860
- C:\Windows\System\UUsbTjX.exe
  C:\Windows\System\UUsbTjX.exe
  2⤵
  PID:3884
- C:\Windows\System\YimubGX.exe
  C:\Windows\System\YimubGX.exe
  2⤵
  PID:3912
- C:\Windows\System\HmJFUOJ.exe
  C:\Windows\System\HmJFUOJ.exe
  2⤵
  PID:3932
- C:\Windows\System\daGDYrT.exe
  C:\Windows\System\daGDYrT.exe
  2⤵
  PID:3952
- C:\Windows\System\GIxZbiX.exe
  C:\Windows\System\GIxZbiX.exe
  2⤵
  PID:3976
- C:\Windows\System\ZFWOpIW.exe
  C:\Windows\System\ZFWOpIW.exe
  2⤵
  PID:3996
- C:\Windows\System\WcYFrTb.exe
  C:\Windows\System\WcYFrTb.exe
  2⤵
  PID:4016
- C:\Windows\System\kdTtRod.exe
  C:\Windows\System\kdTtRod.exe
  2⤵
  PID:4032
- C:\Windows\System\HVzLBbS.exe
  C:\Windows\System\HVzLBbS.exe
  2⤵
  PID:4056
- C:\Windows\System\HAKzOuY.exe
  C:\Windows\System\HAKzOuY.exe
  2⤵
  PID:4076
- C:\Windows\System\KedEsOV.exe
  C:\Windows\System\KedEsOV.exe
  2⤵
  PID:4092
- C:\Windows\System\tkbacrF.exe
  C:\Windows\System\tkbacrF.exe
  2⤵
  PID:1764
- C:\Windows\System\TmvfEIN.exe
  C:\Windows\System\TmvfEIN.exe
  2⤵
  PID:3052
- C:\Windows\System\OaVMoFe.exe
  C:\Windows\System\OaVMoFe.exe
  2⤵
  PID:2996
- C:\Windows\System\zqkVLsl.exe
  C:\Windows\System\zqkVLsl.exe
  2⤵
  PID:2172
- C:\Windows\System\iFnnPEw.exe
  C:\Windows\System\iFnnPEw.exe
  2⤵
  PID:2732
- C:\Windows\System\SJTLCDF.exe
  C:\Windows\System\SJTLCDF.exe
  2⤵
  PID:916
- C:\Windows\System\sctVrFH.exe
  C:\Windows\System\sctVrFH.exe
  2⤵
  PID:3100
- C:\Windows\System\sZugJzT.exe
  C:\Windows\System\sZugJzT.exe
  2⤵
  PID:2352
- C:\Windows\System\OuGPJdc.exe
  C:\Windows\System\OuGPJdc.exe
  2⤵
  PID:760
- C:\Windows\System\WqxRmAg.exe
  C:\Windows\System\WqxRmAg.exe
  2⤵
  PID:3184
- C:\Windows\System\bLJTodc.exe
  C:\Windows\System\bLJTodc.exe
  2⤵
  PID:3120
- C:\Windows\System\etkEAJV.exe
  C:\Windows\System\etkEAJV.exe
  2⤵
  PID:3164
- C:\Windows\System\NfeQWCZ.exe
  C:\Windows\System\NfeQWCZ.exe
  2⤵
  PID:3204
- C:\Windows\System\pgIVpSe.exe
  C:\Windows\System\pgIVpSe.exe
  2⤵
  PID:3308
- C:\Windows\System\tEncKTL.exe
  C:\Windows\System\tEncKTL.exe
  2⤵
  PID:3280
- C:\Windows\System\oncDbiW.exe
  C:\Windows\System\oncDbiW.exe
  2⤵
  PID:3324
- C:\Windows\System\YiblccN.exe
  C:\Windows\System\YiblccN.exe
  2⤵
  PID:3416
- C:\Windows\System\ukvDSwg.exe
  C:\Windows\System\ukvDSwg.exe
  2⤵
  PID:3404
- C:\Windows\System\bSrTYMq.exe
  C:\Windows\System\bSrTYMq.exe
  2⤵
  PID:3396
- C:\Windows\System\QVyMjRq.exe
  C:\Windows\System\QVyMjRq.exe
  2⤵
  PID:3444
- C:\Windows\System\cwTgzLE.exe
  C:\Windows\System\cwTgzLE.exe
  2⤵
  PID:3508
- C:\Windows\System\GSxVvHh.exe
  C:\Windows\System\GSxVvHh.exe
  2⤵
  PID:3528
- C:\Windows\System\bSdGjPw.exe
  C:\Windows\System\bSdGjPw.exe
  2⤵
  PID:3624
- C:\Windows\System\gKoGoRW.exe
  C:\Windows\System\gKoGoRW.exe
  2⤵
  PID:3600
- C:\Windows\System\CbHMdwE.exe
  C:\Windows\System\CbHMdwE.exe
  2⤵
  PID:3644
- C:\Windows\System\DtsMUfS.exe
  C:\Windows\System\DtsMUfS.exe
  2⤵
  PID:3708
- C:\Windows\System\JWzOPNG.exe
  C:\Windows\System\JWzOPNG.exe
  2⤵
  PID:3676
- C:\Windows\System\TGDcbIW.exe
  C:\Windows\System\TGDcbIW.exe
  2⤵
  PID:3688
- C:\Windows\System\DtQCCnb.exe
  C:\Windows\System\DtQCCnb.exe
  2⤵
  PID:3784
- C:\Windows\System\ukhFdUH.exe
  C:\Windows\System\ukhFdUH.exe
  2⤵
  PID:3768
- C:\Windows\System\wYjjixl.exe
  C:\Windows\System\wYjjixl.exe
  2⤵
  PID:3876
- C:\Windows\System\WIbtLiD.exe
  C:\Windows\System\WIbtLiD.exe
  2⤵
  PID:3804
- C:\Windows\System\fBFaFkp.exe
  C:\Windows\System\fBFaFkp.exe
  2⤵
  PID:3944
- C:\Windows\System\OgfIrnB.exe
  C:\Windows\System\OgfIrnB.exe
  2⤵
  PID:3928
- C:\Windows\System\sKjdTEH.exe
  C:\Windows\System\sKjdTEH.exe
  2⤵
  PID:3960
- C:\Windows\System\zuLSfnD.exe
  C:\Windows\System\zuLSfnD.exe
  2⤵
  PID:4004
- C:\Windows\System\HmyLaxM.exe
  C:\Windows\System\HmyLaxM.exe
  2⤵
  PID:4048
- C:\Windows\System\yEWxpoL.exe
  C:\Windows\System\yEWxpoL.exe
  2⤵
  PID:4084
- C:\Windows\System\zjhmMBV.exe
  C:\Windows\System\zjhmMBV.exe
  2⤵
  PID:656
- C:\Windows\System\xzghDEG.exe
  C:\Windows\System\xzghDEG.exe
  2⤵
  PID:2828
- C:\Windows\System\MCYTBup.exe
  C:\Windows\System\MCYTBup.exe
  2⤵
  PID:2660
- C:\Windows\System\CbumapH.exe
  C:\Windows\System\CbumapH.exe
  2⤵
  PID:3144
- C:\Windows\System\LVmSwaf.exe
  C:\Windows\System\LVmSwaf.exe
  2⤵
  PID:3224
- C:\Windows\System\YwQSZSv.exe
  C:\Windows\System\YwQSZSv.exe
  2⤵
  PID:1908
- C:\Windows\System\LkhpbhD.exe
  C:\Windows\System\LkhpbhD.exe
  2⤵
  PID:1616
- C:\Windows\System\CzLuoOc.exe
  C:\Windows\System\CzLuoOc.exe
  2⤵
  PID:3384
- C:\Windows\System\XWvEXEf.exe
  C:\Windows\System\XWvEXEf.exe
  2⤵
  PID:3492
- C:\Windows\System\khQwptS.exe
  C:\Windows\System\khQwptS.exe
  2⤵
  PID:3264
- C:\Windows\System\PouOnam.exe
  C:\Windows\System\PouOnam.exe
  2⤵
  PID:3336
- C:\Windows\System\CxWiPTC.exe
  C:\Windows\System\CxWiPTC.exe
  2⤵
  PID:3340
- C:\Windows\System\sjjhvoI.exe
  C:\Windows\System\sjjhvoI.exe
  2⤵
  PID:3468
- C:\Windows\System\hQSdGfl.exe
  C:\Windows\System\hQSdGfl.exe
  2⤵
  PID:3752
- C:\Windows\System\drxwYfX.exe
  C:\Windows\System\drxwYfX.exe
  2⤵
  PID:3460
- C:\Windows\System\HvaxtqI.exe
  C:\Windows\System\HvaxtqI.exe
  2⤵
  PID:3596
- C:\Windows\System\odpREzN.exe
  C:\Windows\System\odpREzN.exe
  2⤵
  PID:3788
- C:\Windows\System\mgDNvPK.exe
  C:\Windows\System\mgDNvPK.exe
  2⤵
  PID:3712
- C:\Windows\System\cGiPmLq.exe
  C:\Windows\System\cGiPmLq.exe
  2⤵
  PID:3872
- C:\Windows\System\HjTPdIO.exe
  C:\Windows\System\HjTPdIO.exe
  2⤵
  PID:3900
- C:\Windows\System\edtKyvV.exe
  C:\Windows\System\edtKyvV.exe
  2⤵
  PID:3808
- C:\Windows\System\ArSZwhL.exe
  C:\Windows\System\ArSZwhL.exe
  2⤵
  PID:4040
- C:\Windows\System\bUnruOI.exe
  C:\Windows\System\bUnruOI.exe
  2⤵
  PID:4072
- C:\Windows\System\OkXOgSn.exe
  C:\Windows\System\OkXOgSn.exe
  2⤵
  PID:2284
- C:\Windows\System\EVnTGRb.exe
  C:\Windows\System\EVnTGRb.exe
  2⤵
  PID:1912
- C:\Windows\System\SZNxVov.exe
  C:\Windows\System\SZNxVov.exe
  2⤵
  PID:2252
- C:\Windows\System\OubvNye.exe
  C:\Windows\System\OubvNye.exe
  2⤵
  PID:3488
- C:\Windows\System\ELuSPkb.exe
  C:\Windows\System\ELuSPkb.exe
  2⤵
  PID:3400
- C:\Windows\System\HITYLCw.exe
  C:\Windows\System\HITYLCw.exe
  2⤵
  PID:3240
- C:\Windows\System\tMsFoYC.exe
  C:\Windows\System\tMsFoYC.exe
  2⤵
  PID:3728
- C:\Windows\System\nrljrgf.exe
  C:\Windows\System\nrljrgf.exe
  2⤵
  PID:3380
- C:\Windows\System\CsGwfXg.exe
  C:\Windows\System\CsGwfXg.exe
  2⤵
  PID:3112
- C:\Windows\System\WYGzwCq.exe
  C:\Windows\System\WYGzwCq.exe
  2⤵
  PID:3836
- C:\Windows\System\StQNmqD.exe
  C:\Windows\System\StQNmqD.exe
  2⤵
  PID:4044
- C:\Windows\System\SqjDebC.exe
  C:\Windows\System\SqjDebC.exe
  2⤵
  PID:2272
- C:\Windows\System\qvIwlMR.exe
  C:\Windows\System\qvIwlMR.exe
  2⤵
  PID:3988
- C:\Windows\System\mVbNNmk.exe
  C:\Windows\System\mVbNNmk.exe
  2⤵
  PID:1996
- C:\Windows\System\vLVxtVS.exe
  C:\Windows\System\vLVxtVS.exe
  2⤵
  PID:4008
- C:\Windows\System\QRuuxuK.exe
  C:\Windows\System\QRuuxuK.exe
  2⤵
  PID:3868
- C:\Windows\System\oQJBTWu.exe
  C:\Windows\System\oQJBTWu.exe
  2⤵
  PID:3320
- C:\Windows\System\WiERIUB.exe
  C:\Windows\System\WiERIUB.exe
  2⤵
  PID:3088
- C:\Windows\System\WTuEaJp.exe
  C:\Windows\System\WTuEaJp.exe
  2⤵
  PID:3168
- C:\Windows\System\xMLFAUZ.exe
  C:\Windows\System\xMLFAUZ.exe
  2⤵
  PID:3612
- C:\Windows\System\oDigPvF.exe
  C:\Windows\System\oDigPvF.exe
  2⤵
  PID:2880
- C:\Windows\System\grEWcMh.exe
  C:\Windows\System\grEWcMh.exe
  2⤵
  PID:3824
- C:\Windows\System\WHHEgOD.exe
  C:\Windows\System\WHHEgOD.exe
  2⤵
  PID:4100
- C:\Windows\System\QqkXgYZ.exe
  C:\Windows\System\QqkXgYZ.exe
  2⤵
  PID:4116
- C:\Windows\System\oznblkQ.exe
  C:\Windows\System\oznblkQ.exe
  2⤵
  PID:4136
- C:\Windows\System\isvCMPH.exe
  C:\Windows\System\isvCMPH.exe
  2⤵
  PID:4160
- C:\Windows\System\Yhratky.exe
  C:\Windows\System\Yhratky.exe
  2⤵
  PID:4184
- C:\Windows\System\pjYngtg.exe
  C:\Windows\System\pjYngtg.exe
  2⤵
  PID:4204
- C:\Windows\System\lRpKrrf.exe
  C:\Windows\System\lRpKrrf.exe
  2⤵
  PID:4220
- C:\Windows\System\sEEHHLZ.exe
  C:\Windows\System\sEEHHLZ.exe
  2⤵
  PID:4244
- C:\Windows\System\AHEIqJO.exe
  C:\Windows\System\AHEIqJO.exe
  2⤵
  PID:4260
- C:\Windows\System\syWrezw.exe
  C:\Windows\System\syWrezw.exe
  2⤵
  PID:4276
- C:\Windows\System\RHVaRsd.exe
  C:\Windows\System\RHVaRsd.exe
  2⤵
  PID:4296
- C:\Windows\System\PahWjqX.exe
  C:\Windows\System\PahWjqX.exe
  2⤵
  PID:4316
- C:\Windows\System\RqurBwV.exe
  C:\Windows\System\RqurBwV.exe
  2⤵
  PID:4340
- C:\Windows\System\uFXrNmW.exe
  C:\Windows\System\uFXrNmW.exe
  2⤵
  PID:4356
- C:\Windows\System\qHJhxzf.exe
  C:\Windows\System\qHJhxzf.exe
  2⤵
  PID:4372
- C:\Windows\System\VLBIHlW.exe
  C:\Windows\System\VLBIHlW.exe
  2⤵
  PID:4396
- C:\Windows\System\xYblFIa.exe
  C:\Windows\System\xYblFIa.exe
  2⤵
  PID:4420
- C:\Windows\System\PKUozxR.exe
  C:\Windows\System\PKUozxR.exe
  2⤵
  PID:4440
- C:\Windows\System\HVXfJyC.exe
  C:\Windows\System\HVXfJyC.exe
  2⤵
  PID:4464
- C:\Windows\System\oaSBGal.exe
  C:\Windows\System\oaSBGal.exe
  2⤵
  PID:4484
- C:\Windows\System\lbDWqdd.exe
  C:\Windows\System\lbDWqdd.exe
  2⤵
  PID:4500
- C:\Windows\System\lySurBZ.exe
  C:\Windows\System\lySurBZ.exe
  2⤵
  PID:4520
- C:\Windows\System\jxmEDaG.exe
  C:\Windows\System\jxmEDaG.exe
  2⤵
  PID:4536
- C:\Windows\System\cZSpYGL.exe
  C:\Windows\System\cZSpYGL.exe
  2⤵
  PID:4560
- C:\Windows\System\bHTslpM.exe
  C:\Windows\System\bHTslpM.exe
  2⤵
  PID:4584
- C:\Windows\System\bWmHsXe.exe
  C:\Windows\System\bWmHsXe.exe
  2⤵
  PID:4604
- C:\Windows\System\xKpIjba.exe
  C:\Windows\System\xKpIjba.exe
  2⤵
  PID:4620
- C:\Windows\System\NxRIHvT.exe
  C:\Windows\System\NxRIHvT.exe
  2⤵
  PID:4640
- C:\Windows\System\xLiGfMN.exe
  C:\Windows\System\xLiGfMN.exe
  2⤵
  PID:4660
- C:\Windows\System\uMtihdO.exe
  C:\Windows\System\uMtihdO.exe
  2⤵
  PID:4680
- C:\Windows\System\iTZgoag.exe
  C:\Windows\System\iTZgoag.exe
  2⤵
  PID:4700
- C:\Windows\System\EXNtoBR.exe
  C:\Windows\System\EXNtoBR.exe
  2⤵
  PID:4720
- C:\Windows\System\MGMPsJr.exe
  C:\Windows\System\MGMPsJr.exe
  2⤵
  PID:4740
- C:\Windows\System\YZBZtYQ.exe
  C:\Windows\System\YZBZtYQ.exe
  2⤵
  PID:4760
- C:\Windows\System\HaWPWSz.exe
  C:\Windows\System\HaWPWSz.exe
  2⤵
  PID:4780
- C:\Windows\System\RyiOoDF.exe
  C:\Windows\System\RyiOoDF.exe
  2⤵
  PID:4800
- C:\Windows\System\iQQUCUh.exe
  C:\Windows\System\iQQUCUh.exe
  2⤵
  PID:4824
- C:\Windows\System\AJQMKZn.exe
  C:\Windows\System\AJQMKZn.exe
  2⤵
  PID:4840
- C:\Windows\System\iMJQvmm.exe
  C:\Windows\System\iMJQvmm.exe
  2⤵
  PID:4860
- C:\Windows\System\OxNUVfA.exe
  C:\Windows\System\OxNUVfA.exe
  2⤵
  PID:4884
- C:\Windows\System\LmROOwb.exe
  C:\Windows\System\LmROOwb.exe
  2⤵
  PID:4904
- C:\Windows\System\BCmYcPH.exe
  C:\Windows\System\BCmYcPH.exe
  2⤵
  PID:4924
- C:\Windows\System\UabONuC.exe
  C:\Windows\System\UabONuC.exe
  2⤵
  PID:4944
- C:\Windows\System\YMamefo.exe
  C:\Windows\System\YMamefo.exe
  2⤵
  PID:4960
- C:\Windows\System\gxzlfqW.exe
  C:\Windows\System\gxzlfqW.exe
  2⤵
  PID:4984
- C:\Windows\System\PgtQczm.exe
  C:\Windows\System\PgtQczm.exe
  2⤵
  PID:5004
- C:\Windows\System\PNvUxPC.exe
  C:\Windows\System\PNvUxPC.exe
  2⤵
  PID:5024
- C:\Windows\System\dJqBAUs.exe
  C:\Windows\System\dJqBAUs.exe
  2⤵
  PID:5044
- C:\Windows\System\ztAODVO.exe
  C:\Windows\System\ztAODVO.exe
  2⤵
  PID:5064
- C:\Windows\System\eTOlQPk.exe
  C:\Windows\System\eTOlQPk.exe
  2⤵
  PID:5080
- C:\Windows\System\uLqmCbn.exe
  C:\Windows\System\uLqmCbn.exe
  2⤵
  PID:5096
- C:\Windows\System\mpGISjP.exe
  C:\Windows\System\mpGISjP.exe
  2⤵
  PID:2916
- C:\Windows\System\uORpfIY.exe
  C:\Windows\System\uORpfIY.exe
  2⤵
  PID:2240
- C:\Windows\System\XLaJOTD.exe
  C:\Windows\System\XLaJOTD.exe
  2⤵
  PID:3160
- C:\Windows\System\RdOmRfb.exe
  C:\Windows\System\RdOmRfb.exe
  2⤵
  PID:4108
- C:\Windows\System\wXNvptg.exe
  C:\Windows\System\wXNvptg.exe
  2⤵
  PID:3244
- C:\Windows\System\rYiXwmG.exe
  C:\Windows\System\rYiXwmG.exe
  2⤵
  PID:4144
- C:\Windows\System\tUVIEVf.exe
  C:\Windows\System\tUVIEVf.exe
  2⤵
  PID:3820
- C:\Windows\System\EjHhYba.exe
  C:\Windows\System\EjHhYba.exe
  2⤵
  PID:3856
- C:\Windows\System\ZqvsGMk.exe
  C:\Windows\System\ZqvsGMk.exe
  2⤵
  PID:4172
- C:\Windows\System\KoHnNsa.exe
  C:\Windows\System\KoHnNsa.exe
  2⤵
  PID:2184
- C:\Windows\System\eWBtJhF.exe
  C:\Windows\System\eWBtJhF.exe
  2⤵
  PID:4180
- C:\Windows\System\vvdTRVz.exe
  C:\Windows\System\vvdTRVz.exe
  2⤵
  PID:4312
- C:\Windows\System\IPaYfiQ.exe
  C:\Windows\System\IPaYfiQ.exe
  2⤵
  PID:4252
- C:\Windows\System\pCJZuhe.exe
  C:\Windows\System\pCJZuhe.exe
  2⤵
  PID:4388
- C:\Windows\System\qGUpusA.exe
  C:\Windows\System\qGUpusA.exe
  2⤵
  PID:4436
- C:\Windows\System\OQJCEjD.exe
  C:\Windows\System\OQJCEjD.exe
  2⤵
  PID:4368
- C:\Windows\System\ubAEsTr.exe
  C:\Windows\System\ubAEsTr.exe
  2⤵
  PID:4512
- C:\Windows\System\iGyojqH.exe
  C:\Windows\System\iGyojqH.exe
  2⤵
  PID:4416
- C:\Windows\System\sayXsoL.exe
  C:\Windows\System\sayXsoL.exe
  2⤵
  PID:4556
- C:\Windows\System\RbEWPOe.exe
  C:\Windows\System\RbEWPOe.exe
  2⤵
  PID:4596
- C:\Windows\System\eOLZKKj.exe
  C:\Windows\System\eOLZKKj.exe
  2⤵
  PID:4492
- C:\Windows\System\QwSpgmR.exe
  C:\Windows\System\QwSpgmR.exe
  2⤵
  PID:4576
- C:\Windows\System\qcCDNGa.exe
  C:\Windows\System\qcCDNGa.exe
  2⤵
  PID:4668
- C:\Windows\System\IJONvVq.exe
  C:\Windows\System\IJONvVq.exe
  2⤵
  PID:4648
- C:\Windows\System\IhGIxiO.exe
  C:\Windows\System\IhGIxiO.exe
  2⤵
  PID:4692
- C:\Windows\System\yuQIyRl.exe
  C:\Windows\System\yuQIyRl.exe
  2⤵
  PID:4756
- C:\Windows\System\lNfNSqS.exe
  C:\Windows\System\lNfNSqS.exe
  2⤵
  PID:4792
- C:\Windows\System\HtScHmr.exe
  C:\Windows\System\HtScHmr.exe
  2⤵
  PID:4808
- C:\Windows\System\mVJndFY.exe
  C:\Windows\System\mVJndFY.exe
  2⤵
  PID:4876
- C:\Windows\System\LhAHhCr.exe
  C:\Windows\System\LhAHhCr.exe
  2⤵
  PID:4912
- C:\Windows\System\ZhZLDwK.exe
  C:\Windows\System\ZhZLDwK.exe
  2⤵
  PID:4896
- C:\Windows\System\tZOdDKP.exe
  C:\Windows\System\tZOdDKP.exe
  2⤵
  PID:4952
- C:\Windows\System\IZGvTKT.exe
  C:\Windows\System\IZGvTKT.exe
  2⤵
  PID:2856
- C:\Windows\System\utedKRU.exe
  C:\Windows\System\utedKRU.exe
  2⤵
  PID:5076
- C:\Windows\System\NDSanNU.exe
  C:\Windows\System\NDSanNU.exe
  2⤵
  PID:5112
- C:\Windows\System\bsChRgH.exe
  C:\Windows\System\bsChRgH.exe
  2⤵
  PID:4972
- C:\Windows\System\UkrAPge.exe
  C:\Windows\System\UkrAPge.exe
  2⤵
  PID:5016
- C:\Windows\System\BOTuHBw.exe
  C:\Windows\System\BOTuHBw.exe
  2⤵
  PID:4124
- C:\Windows\System\ZOKUVci.exe
  C:\Windows\System\ZOKUVci.exe
  2⤵
  PID:4240
- C:\Windows\System\xKsWlCS.exe
  C:\Windows\System\xKsWlCS.exe
  2⤵
  PID:5092
- C:\Windows\System\CeSqLRM.exe
  C:\Windows\System\CeSqLRM.exe
  2⤵
  PID:4348
- C:\Windows\System\xTerOri.exe
  C:\Windows\System\xTerOri.exe
  2⤵
  PID:4292
- C:\Windows\System\RXBfuZB.exe
  C:\Windows\System\RXBfuZB.exe
  2⤵
  PID:4132
- C:\Windows\System\Vrrdmcu.exe
  C:\Windows\System\Vrrdmcu.exe
  2⤵
  PID:3608
- C:\Windows\System\QsDXYXh.exe
  C:\Windows\System\QsDXYXh.exe
  2⤵
  PID:4028
- C:\Windows\System\iAiyXZw.exe
  C:\Windows\System\iAiyXZw.exe
  2⤵
  PID:4336
- C:\Windows\System\VTAwDsj.exe
  C:\Windows\System\VTAwDsj.exe
  2⤵
  PID:4324
- C:\Windows\System\TsbDFoR.exe
  C:\Windows\System\TsbDFoR.exe
  2⤵
  PID:4616
- C:\Windows\System\pQnRxjx.exe
  C:\Windows\System\pQnRxjx.exe
  2⤵
  PID:4548
- C:\Windows\System\GJxiikl.exe
  C:\Windows\System\GJxiikl.exe
  2⤵
  PID:4656
- C:\Windows\System\jcqSQNn.exe
  C:\Windows\System\jcqSQNn.exe
  2⤵
  PID:4836
- C:\Windows\System\baevkDP.exe
  C:\Windows\System\baevkDP.exe
  2⤵
  PID:4636
- C:\Windows\System\rIiySBh.exe
  C:\Windows\System\rIiySBh.exe
  2⤵
  PID:4672
- C:\Windows\System\FRWHjYl.exe
  C:\Windows\System\FRWHjYl.exe
  2⤵
  PID:4688
- C:\Windows\System\MxQYVco.exe
  C:\Windows\System\MxQYVco.exe
  2⤵
  PID:5000
- C:\Windows\System\HABvjYh.exe
  C:\Windows\System\HABvjYh.exe
  2⤵
  PID:4916
- C:\Windows\System\icNDSVO.exe
  C:\Windows\System\icNDSVO.exe
  2⤵
  PID:3300
- C:\Windows\System\oscPsni.exe
  C:\Windows\System\oscPsni.exe
  2⤵
  PID:2820
- C:\Windows\System\gKraNGe.exe
  C:\Windows\System\gKraNGe.exe
  2⤵
  PID:2864
- C:\Windows\System\wpsRYWG.exe
  C:\Windows\System\wpsRYWG.exe
  2⤵
  PID:4968
- C:\Windows\System\uWuyvQY.exe
  C:\Windows\System\uWuyvQY.exe
  2⤵
  PID:4236
- C:\Windows\System\MGePkBZ.exe
  C:\Windows\System\MGePkBZ.exe
  2⤵
  PID:4428
- C:\Windows\System\ckvmVLa.exe
  C:\Windows\System\ckvmVLa.exe
  2⤵
  PID:3000
- C:\Windows\System\upUksSo.exe
  C:\Windows\System\upUksSo.exe
  2⤵
  PID:4284
- C:\Windows\System\RjxDnUx.exe
  C:\Windows\System\RjxDnUx.exe
  2⤵
  PID:4480
- C:\Windows\System\pVdcRii.exe
  C:\Windows\System\pVdcRii.exe
  2⤵
  PID:4852
- C:\Windows\System\jmObPED.exe
  C:\Windows\System\jmObPED.exe
  2⤵
  PID:4748
- C:\Windows\System\uBaedTy.exe
  C:\Windows\System\uBaedTy.exe
  2⤵
  PID:576
- C:\Windows\System\PkIiPOa.exe
  C:\Windows\System\PkIiPOa.exe
  2⤵
  PID:4996
- C:\Windows\System\wYlFNGx.exe
  C:\Windows\System\wYlFNGx.exe
  2⤵
  PID:4816
- C:\Windows\System\YwyoAUW.exe
  C:\Windows\System\YwyoAUW.exe
  2⤵
  PID:4712
- C:\Windows\System\AquVmvE.exe
  C:\Windows\System\AquVmvE.exe
  2⤵
  PID:5108
- C:\Windows\System\OciOrYI.exe
  C:\Windows\System\OciOrYI.exe
  2⤵
  PID:5052
- C:\Windows\System\xTDBruf.exe
  C:\Windows\System\xTDBruf.exe
  2⤵
  PID:1988
- C:\Windows\System\TsUnoEX.exe
  C:\Windows\System\TsUnoEX.exe
  2⤵
  PID:4216
- C:\Windows\System\cOGGOzq.exe
  C:\Windows\System\cOGGOzq.exe
  2⤵
  PID:2720
- C:\Windows\System\hEdMkxl.exe
  C:\Windows\System\hEdMkxl.exe
  2⤵
  PID:4552
- C:\Windows\System\IHMqjyx.exe
  C:\Windows\System\IHMqjyx.exe
  2⤵
  PID:4408
- C:\Windows\System\aITyoQH.exe
  C:\Windows\System\aITyoQH.exe
  2⤵
  PID:2760
- C:\Windows\System\AoxJOkR.exe
  C:\Windows\System\AoxJOkR.exe
  2⤵
  PID:4532
- C:\Windows\System\lQABxCI.exe
  C:\Windows\System\lQABxCI.exe
  2⤵
  PID:4872
- C:\Windows\System\GsAJkEF.exe
  C:\Windows\System\GsAJkEF.exe
  2⤵
  PID:4308
- C:\Windows\System\sJZXrht.exe
  C:\Windows\System\sJZXrht.exe
  2⤵
  PID:888
- C:\Windows\System\MmrhXJh.exe
  C:\Windows\System\MmrhXJh.exe
  2⤵
  PID:3880
- C:\Windows\System\VPObmrg.exe
  C:\Windows\System\VPObmrg.exe
  2⤵
  PID:3964
- C:\Windows\System\NFVvnWT.exe
  C:\Windows\System\NFVvnWT.exe
  2⤵
  PID:3096
- C:\Windows\System\nUuWhdd.exe
  C:\Windows\System\nUuWhdd.exe
  2⤵
  PID:4156
- C:\Windows\System\irlAjXu.exe
  C:\Windows\System\irlAjXu.exe
  2⤵
  PID:4432
- C:\Windows\System\qjLlLyS.exe
  C:\Windows\System\qjLlLyS.exe
  2⤵
  PID:4796
- C:\Windows\System\ZrFcIXi.exe
  C:\Windows\System\ZrFcIXi.exe
  2⤵
  PID:4776
- C:\Windows\System\IAYQeHF.exe
  C:\Windows\System\IAYQeHF.exe
  2⤵
  PID:4976
- C:\Windows\System\XDCmecj.exe
  C:\Windows\System\XDCmecj.exe
  2⤵
  PID:4228
- C:\Windows\System\gKJHOtR.exe
  C:\Windows\System\gKJHOtR.exe
  2⤵
  PID:2852
- C:\Windows\System\wlrTrOY.exe
  C:\Windows\System\wlrTrOY.exe
  2⤵
  PID:4592
- C:\Windows\System\aUQBwfI.exe
  C:\Windows\System\aUQBwfI.exe
  2⤵
  PID:5124
- C:\Windows\System\DyOjEvk.exe
  C:\Windows\System\DyOjEvk.exe
  2⤵
  PID:5144
- C:\Windows\System\hLVkRrJ.exe
  C:\Windows\System\hLVkRrJ.exe
  2⤵
  PID:5160
- C:\Windows\System\OtfeFRx.exe
  C:\Windows\System\OtfeFRx.exe
  2⤵
  PID:5176
- C:\Windows\System\uGiGGrx.exe
  C:\Windows\System\uGiGGrx.exe
  2⤵
  PID:5192
- C:\Windows\System\NUIFHst.exe
  C:\Windows\System\NUIFHst.exe
  2⤵
  PID:5208
- C:\Windows\System\NbRDknc.exe
  C:\Windows\System\NbRDknc.exe
  2⤵
  PID:5228
- C:\Windows\System\UcEFffq.exe
  C:\Windows\System\UcEFffq.exe
  2⤵
  PID:5244
- C:\Windows\System\xzZrLNQ.exe
  C:\Windows\System\xzZrLNQ.exe
  2⤵
  PID:5260
- C:\Windows\System\JRnlQOm.exe
  C:\Windows\System\JRnlQOm.exe
  2⤵
  PID:5284
- C:\Windows\System\osSnPaj.exe
  C:\Windows\System\osSnPaj.exe
  2⤵
  PID:5300
- C:\Windows\System\LBOWxdg.exe
  C:\Windows\System\LBOWxdg.exe
  2⤵
  PID:5316
- C:\Windows\System\cPGNYDv.exe
  C:\Windows\System\cPGNYDv.exe
  2⤵
  PID:5336
- C:\Windows\System\BQoBzxe.exe
  C:\Windows\System\BQoBzxe.exe
  2⤵
  PID:5352
- C:\Windows\System\FvvtiLk.exe
  C:\Windows\System\FvvtiLk.exe
  2⤵
  PID:5368
- C:\Windows\System\xiuSNXl.exe
  C:\Windows\System\xiuSNXl.exe
  2⤵
  PID:5384
- C:\Windows\System\cUTyFYf.exe
  C:\Windows\System\cUTyFYf.exe
  2⤵
  PID:5404
- C:\Windows\System\rjGmOUL.exe
  C:\Windows\System\rjGmOUL.exe
  2⤵
  PID:5424
- C:\Windows\System\zgPYBSz.exe
  C:\Windows\System\zgPYBSz.exe
  2⤵
  PID:5448
- C:\Windows\System\fRUyxUh.exe
  C:\Windows\System\fRUyxUh.exe
  2⤵
  PID:5464
- C:\Windows\System\DTWpcDz.exe
  C:\Windows\System\DTWpcDz.exe
  2⤵
  PID:5480
- C:\Windows\System\HOCymcV.exe
  C:\Windows\System\HOCymcV.exe
  2⤵
  PID:5496
- C:\Windows\System\kLsFRdS.exe
  C:\Windows\System\kLsFRdS.exe
  2⤵
  PID:5512
- C:\Windows\System\onHZRHj.exe
  C:\Windows\System\onHZRHj.exe
  2⤵
  PID:5528
- C:\Windows\System\OadRPxF.exe
  C:\Windows\System\OadRPxF.exe
  2⤵
  PID:5548
- C:\Windows\System\GChcUrb.exe
  C:\Windows\System\GChcUrb.exe
  2⤵
  PID:5564
- C:\Windows\System\uOvfKHt.exe
  C:\Windows\System\uOvfKHt.exe
  2⤵
  PID:5584
- C:\Windows\System\ysJIeAf.exe
  C:\Windows\System\ysJIeAf.exe
  2⤵
  PID:5600
- C:\Windows\System\FrrRsCJ.exe
  C:\Windows\System\FrrRsCJ.exe
  2⤵
  PID:5616
- C:\Windows\System\HrMcuMD.exe
  C:\Windows\System\HrMcuMD.exe
  2⤵
  PID:5636
- C:\Windows\System\krHclJj.exe
  C:\Windows\System\krHclJj.exe
  2⤵
  PID:5652
- C:\Windows\System\mXZAfJn.exe
  C:\Windows\System\mXZAfJn.exe
  2⤵
  PID:5668
- C:\Windows\System\vuWVWpF.exe
  C:\Windows\System\vuWVWpF.exe
  2⤵
  PID:5684
- C:\Windows\System\KnqHfKw.exe
  C:\Windows\System\KnqHfKw.exe
  2⤵
  PID:5700
- C:\Windows\System\lgYhxUn.exe
  C:\Windows\System\lgYhxUn.exe
  2⤵
  PID:5716
- C:\Windows\System\GqwlKQt.exe
  C:\Windows\System\GqwlKQt.exe
  2⤵
  PID:5732
- C:\Windows\System\EyXFDzy.exe
  C:\Windows\System\EyXFDzy.exe
  2⤵
  PID:5748
- C:\Windows\System\tSyppxH.exe
  C:\Windows\System\tSyppxH.exe
  2⤵
  PID:5824
- C:\Windows\System\WtFiWsP.exe
  C:\Windows\System\WtFiWsP.exe
  2⤵
  PID:6000
- C:\Windows\System\BdZRVSP.exe
  C:\Windows\System\BdZRVSP.exe
  2⤵
  PID:6016
- C:\Windows\System\NKXKDGm.exe
  C:\Windows\System\NKXKDGm.exe
  2⤵
  PID:6036
- C:\Windows\System\sdLnfMu.exe
  C:\Windows\System\sdLnfMu.exe
  2⤵
  PID:6052
- C:\Windows\System\eDjHRXV.exe
  C:\Windows\System\eDjHRXV.exe
  2⤵
  PID:6072
- C:\Windows\System\KjTmWgp.exe
  C:\Windows\System\KjTmWgp.exe
  2⤵
  PID:6100
- C:\Windows\System\tdMJaFA.exe
  C:\Windows\System\tdMJaFA.exe
  2⤵
  PID:6116
- C:\Windows\System\IyDvYUO.exe
  C:\Windows\System\IyDvYUO.exe
  2⤵
  PID:6136
- C:\Windows\System\xzawaiW.exe
  C:\Windows\System\xzawaiW.exe
  2⤵
  PID:1292
- C:\Windows\System\npAAVMT.exe
  C:\Windows\System\npAAVMT.exe
  2⤵
  PID:1664
- C:\Windows\System\wflJaYj.exe
  C:\Windows\System\wflJaYj.exe
  2⤵
  PID:4868
- C:\Windows\System\eoSySja.exe
  C:\Windows\System\eoSySja.exe
  2⤵
  PID:1556
- C:\Windows\System\aPztWRe.exe
  C:\Windows\System\aPztWRe.exe
  2⤵
  PID:2460
- C:\Windows\System\swlBmeZ.exe
  C:\Windows\System\swlBmeZ.exe
  2⤵
  PID:2980
- C:\Windows\System\czxIZvK.exe
  C:\Windows\System\czxIZvK.exe
  2⤵
  PID:5140
- C:\Windows\System\wjgiPXK.exe
  C:\Windows\System\wjgiPXK.exe
  2⤵
  PID:4456
- C:\Windows\System\YcnaMxw.exe
  C:\Windows\System\YcnaMxw.exe
  2⤵
  PID:5184
- C:\Windows\System\SRZFtjQ.exe
  C:\Windows\System\SRZFtjQ.exe
  2⤵
  PID:5224
- C:\Windows\System\piRfQnV.exe
  C:\Windows\System\piRfQnV.exe
  2⤵
  PID:5296
- C:\Windows\System\pNRTBAG.exe
  C:\Windows\System\pNRTBAG.exe
  2⤵
  PID:5360
- C:\Windows\System\rhiUNJY.exe
  C:\Windows\System\rhiUNJY.exe
  2⤵
  PID:5572
- C:\Windows\System\nWVWWYL.exe
  C:\Windows\System\nWVWWYL.exe
  2⤵
  PID:5644
- C:\Windows\System\kbufFuI.exe
  C:\Windows\System\kbufFuI.exe
  2⤵
  PID:5708
- C:\Windows\System\VgtbZvR.exe
  C:\Windows\System\VgtbZvR.exe
  2⤵
  PID:2780
- C:\Windows\System\iibjocB.exe
  C:\Windows\System\iibjocB.exe
  2⤵
  PID:2268
- C:\Windows\System\OSKLLHk.exe
  C:\Windows\System\OSKLLHk.exe
  2⤵
  PID:5724
- C:\Windows\System\AerORKA.exe
  C:\Windows\System\AerORKA.exe
  2⤵
  PID:5236
- C:\Windows\System\iJvLyWs.exe
  C:\Windows\System\iJvLyWs.exe
  2⤵
  PID:5280
- C:\Windows\System\IWzLbXg.exe
  C:\Windows\System\IWzLbXg.exe
  2⤵
  PID:5344
- C:\Windows\System\IuUzlwa.exe
  C:\Windows\System\IuUzlwa.exe
  2⤵
  PID:5412
- C:\Windows\System\mCgfuzm.exe
  C:\Windows\System\mCgfuzm.exe
  2⤵
  PID:5460
- C:\Windows\System\dPJLFdk.exe
  C:\Windows\System\dPJLFdk.exe
  2⤵
  PID:5556
- C:\Windows\System\misDfEh.exe
  C:\Windows\System\misDfEh.exe
  2⤵
  PID:5628
- C:\Windows\System\DSHwCrA.exe
  C:\Windows\System\DSHwCrA.exe
  2⤵
  PID:5760
- C:\Windows\System\bmIhtlq.exe
  C:\Windows\System\bmIhtlq.exe
  2⤵
  PID:5836
- C:\Windows\System\pfsFyQB.exe
  C:\Windows\System\pfsFyQB.exe
  2⤵
  PID:5864
- C:\Windows\System\IIJnDEf.exe
  C:\Windows\System\IIJnDEf.exe
  2⤵
  PID:5880
- C:\Windows\System\yQRMMDH.exe
  C:\Windows\System\yQRMMDH.exe
  2⤵
  PID:5896
- C:\Windows\System\IeUzpGY.exe
  C:\Windows\System\IeUzpGY.exe
  2⤵
  PID:5912
- C:\Windows\System\EvMnZHD.exe
  C:\Windows\System\EvMnZHD.exe
  2⤵
  PID:2308
- C:\Windows\System\VbwjmFu.exe
  C:\Windows\System\VbwjmFu.exe
  2⤵
  PID:5932
- C:\Windows\System\djLqBlo.exe
  C:\Windows\System\djLqBlo.exe
  2⤵
  PID:672
- C:\Windows\System\hlxnbEA.exe
  C:\Windows\System\hlxnbEA.exe
  2⤵
  PID:2372
- C:\Windows\System\kUFXldM.exe
  C:\Windows\System\kUFXldM.exe
  2⤵
  PID:2392
- C:\Windows\System\XtWNGxN.exe
  C:\Windows\System\XtWNGxN.exe
  2⤵
  PID:2384
- C:\Windows\System\KxPJdnr.exe
  C:\Windows\System\KxPJdnr.exe
  2⤵
  PID:2036
- C:\Windows\System\mNXYmNh.exe
  C:\Windows\System\mNXYmNh.exe
  2⤵
  PID:6032
- C:\Windows\System\sYZOAYc.exe
  C:\Windows\System\sYZOAYc.exe
  2⤵
  PID:6008
- C:\Windows\System\BekwDSK.exe
  C:\Windows\System\BekwDSK.exe
  2⤵
  PID:6084
- C:\Windows\System\DFGrOHX.exe
  C:\Windows\System\DFGrOHX.exe
  2⤵
  PID:6128
- C:\Windows\System\tgBGRpc.exe
  C:\Windows\System\tgBGRpc.exe
  2⤵
  PID:1948
- C:\Windows\System\pUhhcpv.exe
  C:\Windows\System\pUhhcpv.exe
  2⤵
  PID:5216
- C:\Windows\System\QRsBOIF.exe
  C:\Windows\System\QRsBOIF.exe
  2⤵
  PID:2932
- C:\Windows\System\eJkMkpO.exe
  C:\Windows\System\eJkMkpO.exe
  2⤵
  PID:5136
- C:\Windows\System\HgzJBoK.exe
  C:\Windows\System\HgzJBoK.exe
  2⤵
  PID:5612
- C:\Windows\System\cCmOZzd.exe
  C:\Windows\System\cCmOZzd.exe
  2⤵
  PID:1172
- C:\Windows\System\NvxTwsJ.exe
  C:\Windows\System\NvxTwsJ.exe
  2⤵
  PID:5504
- C:\Windows\System\BDtzQwN.exe
  C:\Windows\System\BDtzQwN.exe
  2⤵
  PID:5380
- C:\Windows\System\Zvswvoh.exe
  C:\Windows\System\Zvswvoh.exe
  2⤵
  PID:5200
- C:\Windows\System\iVeDpsM.exe
  C:\Windows\System\iVeDpsM.exe
  2⤵
  PID:5492
- C:\Windows\System\TOquLET.exe
  C:\Windows\System\TOquLET.exe
  2⤵
  PID:2920
- C:\Windows\System\wIqIcWp.exe
  C:\Windows\System\wIqIcWp.exe
  2⤵
  PID:6068
- C:\Windows\System\ZRtxhrZ.exe
  C:\Windows\System\ZRtxhrZ.exe
  2⤵
  PID:5544
- C:\Windows\System\KtBrtUQ.exe
  C:\Windows\System\KtBrtUQ.exe
  2⤵
  PID:5680
- C:\Windows\System\dKWnUnk.exe
  C:\Windows\System\dKWnUnk.exe
  2⤵
  PID:1932
- C:\Windows\System\WpOgCxZ.exe
  C:\Windows\System\WpOgCxZ.exe
  2⤵
  PID:5420
- C:\Windows\System\IGzEPRf.exe
  C:\Windows\System\IGzEPRf.exe
  2⤵
  PID:6064
- C:\Windows\System\IDwdVae.exe
  C:\Windows\System\IDwdVae.exe
  2⤵
  PID:2200
- C:\Windows\System\rgAWYmY.exe
  C:\Windows\System\rgAWYmY.exe
  2⤵
  PID:5904
- C:\Windows\System\BNdptOp.exe
  C:\Windows\System\BNdptOp.exe
  2⤵
  PID:5928
- C:\Windows\System\uydnWLd.exe
  C:\Windows\System\uydnWLd.exe
  2⤵
  PID:2884
- C:\Windows\System\ZXmOGhw.exe
  C:\Windows\System\ZXmOGhw.exe
  2⤵
  PID:908
- C:\Windows\System\KTTNnpG.exe
  C:\Windows\System\KTTNnpG.exe
  2⤵
  PID:6080
- C:\Windows\System\OmVHKkg.exe
  C:\Windows\System\OmVHKkg.exe
  2⤵
  PID:5332
- C:\Windows\System\McSTUjt.exe
  C:\Windows\System\McSTUjt.exe
  2⤵
  PID:2144
- C:\Windows\System\MrMKFjD.exe
  C:\Windows\System\MrMKFjD.exe
  2⤵
  PID:5156
- C:\Windows\System\ZjmvHwJ.exe
  C:\Windows\System\ZjmvHwJ.exe
  2⤵
  PID:5432
- C:\Windows\System\kdBrDbt.exe
  C:\Windows\System\kdBrDbt.exe
  2⤵
  PID:5472
- C:\Windows\System\DlDpATu.exe
  C:\Windows\System\DlDpATu.exe
  2⤵
  PID:5272
- C:\Windows\System\nexqTWo.exe
  C:\Windows\System\nexqTWo.exe
  2⤵
  PID:4476
- C:\Windows\System\bBJKxRg.exe
  C:\Windows\System\bBJKxRg.exe
  2⤵
  PID:4932
- C:\Windows\System\fFKslCc.exe
  C:\Windows\System\fFKslCc.exe
  2⤵
  PID:5892
- C:\Windows\System\utWvclv.exe
  C:\Windows\System\utWvclv.exe
  2⤵
  PID:1872
- C:\Windows\System\AKVrJuQ.exe
  C:\Windows\System\AKVrJuQ.exe
  2⤵
  PID:912
- C:\Windows\System\OSReDgr.exe
  C:\Windows\System\OSReDgr.exe
  2⤵
  PID:5596
- C:\Windows\System\GqQToYK.exe
  C:\Windows\System\GqQToYK.exe
  2⤵
  PID:6148
- C:\Windows\System\vGazlDl.exe
  C:\Windows\System\vGazlDl.exe
  2⤵
  PID:6168
- C:\Windows\System\BmAakxf.exe
  C:\Windows\System\BmAakxf.exe
  2⤵
  PID:6184
- C:\Windows\System\bHesQgd.exe
  C:\Windows\System\bHesQgd.exe
  2⤵
  PID:6200
- C:\Windows\System\JSDwCLb.exe
  C:\Windows\System\JSDwCLb.exe
  2⤵
  PID:6220
- C:\Windows\System\hhxaOIB.exe
  C:\Windows\System\hhxaOIB.exe
  2⤵
  PID:6240
- C:\Windows\System\clFfnbP.exe
  C:\Windows\System\clFfnbP.exe
  2⤵
  PID:6264
- C:\Windows\System\KLMpBPt.exe
  C:\Windows\System\KLMpBPt.exe
  2⤵
  PID:6280
- C:\Windows\System\opgVAEJ.exe
  C:\Windows\System\opgVAEJ.exe
  2⤵
  PID:6296
- C:\Windows\System\bFiJFsu.exe
  C:\Windows\System\bFiJFsu.exe
  2⤵
  PID:6312
- C:\Windows\System\rfKoXNs.exe
  C:\Windows\System\rfKoXNs.exe
  2⤵
  PID:6332
- C:\Windows\System\TFAwwCh.exe
  C:\Windows\System\TFAwwCh.exe
  2⤵
  PID:6348
- C:\Windows\System\KoikKgd.exe
  C:\Windows\System\KoikKgd.exe
  2⤵
  PID:6368
- C:\Windows\System\fvCuvBC.exe
  C:\Windows\System\fvCuvBC.exe
  2⤵
  PID:6388
- C:\Windows\System\RJKJxLc.exe
  C:\Windows\System\RJKJxLc.exe
  2⤵
  PID:6404
- C:\Windows\System\zmsKvIw.exe
  C:\Windows\System\zmsKvIw.exe
  2⤵
  PID:6420
- C:\Windows\System\AlbYvEL.exe
  C:\Windows\System\AlbYvEL.exe
  2⤵
  PID:6436
- C:\Windows\System\YFgmELQ.exe
  C:\Windows\System\YFgmELQ.exe
  2⤵
  PID:6452
- C:\Windows\System\ALTMvrl.exe
  C:\Windows\System\ALTMvrl.exe
  2⤵
  PID:6468
- C:\Windows\System\meyyAgY.exe
  C:\Windows\System\meyyAgY.exe
  2⤵
  PID:6484
- C:\Windows\System\UYIHzqf.exe
  C:\Windows\System\UYIHzqf.exe
  2⤵
  PID:6500
- C:\Windows\System\UZNmxPq.exe
  C:\Windows\System\UZNmxPq.exe
  2⤵
  PID:6516
- C:\Windows\System\YqZQScM.exe
  C:\Windows\System\YqZQScM.exe
  2⤵
  PID:6532
- C:\Windows\System\hFYYHHt.exe
  C:\Windows\System\hFYYHHt.exe
  2⤵
  PID:6548
- C:\Windows\System\TzAnZqX.exe
  C:\Windows\System\TzAnZqX.exe
  2⤵
  PID:6564
- C:\Windows\System\CzpQCun.exe
  C:\Windows\System\CzpQCun.exe
  2⤵
  PID:6580
- C:\Windows\System\oXMaOAB.exe
  C:\Windows\System\oXMaOAB.exe
  2⤵
  PID:6608
- C:\Windows\System\mokIyhh.exe
  C:\Windows\System\mokIyhh.exe
  2⤵
  PID:6624
- C:\Windows\System\yTqfJQj.exe
  C:\Windows\System\yTqfJQj.exe
  2⤵
  PID:6644
- C:\Windows\System\zYxNGhA.exe
  C:\Windows\System\zYxNGhA.exe
  2⤵
  PID:6664
- C:\Windows\System\ghmEVjr.exe
  C:\Windows\System\ghmEVjr.exe
  2⤵
  PID:6692
- C:\Windows\System\oawOGdm.exe
  C:\Windows\System\oawOGdm.exe
  2⤵
  PID:6708
- C:\Windows\System\dVHaiJl.exe
  C:\Windows\System\dVHaiJl.exe
  2⤵
  PID:6724
- C:\Windows\System\NFlhown.exe
  C:\Windows\System\NFlhown.exe
  2⤵
  PID:6740
- C:\Windows\System\zDYSsUg.exe
  C:\Windows\System\zDYSsUg.exe
  2⤵
  PID:6756
- C:\Windows\System\DIZSyFi.exe
  C:\Windows\System\DIZSyFi.exe
  2⤵
  PID:6772
- C:\Windows\System\DPGecAZ.exe
  C:\Windows\System\DPGecAZ.exe
  2⤵
  PID:6792
- C:\Windows\System\dlKAIaX.exe
  C:\Windows\System\dlKAIaX.exe
  2⤵
  PID:6808
- C:\Windows\System\riSbkve.exe
  C:\Windows\System\riSbkve.exe
  2⤵
  PID:6824
- C:\Windows\System\YZydFbU.exe
  C:\Windows\System\YZydFbU.exe
  2⤵
  PID:6852
- C:\Windows\System\NzwqOjn.exe
  C:\Windows\System\NzwqOjn.exe
  2⤵
  PID:7028
- C:\Windows\System\uIUgodS.exe
  C:\Windows\System\uIUgodS.exe
  2⤵
  PID:7044
- C:\Windows\System\FGfvtmj.exe
  C:\Windows\System\FGfvtmj.exe
  2⤵
  PID:7080
- C:\Windows\System\wCxoZoU.exe
  C:\Windows\System\wCxoZoU.exe
  2⤵
  PID:7096
- C:\Windows\System\nYYNKlW.exe
  C:\Windows\System\nYYNKlW.exe
  2⤵
  PID:7112
- C:\Windows\System\RczHvmx.exe
  C:\Windows\System\RczHvmx.exe
  2⤵
  PID:7132
- C:\Windows\System\MpjPOLi.exe
  C:\Windows\System\MpjPOLi.exe
  2⤵
  PID:7148
- C:\Windows\System\fnEDyVf.exe
  C:\Windows\System\fnEDyVf.exe
  2⤵
  PID:7164
- C:\Windows\System\VZrfUHK.exe
  C:\Windows\System\VZrfUHK.exe
  2⤵
  PID:6108
- C:\Windows\System\ceHfMfN.exe
  C:\Windows\System\ceHfMfN.exe
  2⤵
  PID:6096
- C:\Windows\System\lDdUMeq.exe
  C:\Windows\System\lDdUMeq.exe
  2⤵
  PID:5376
- C:\Windows\System\DNSHCdU.exe
  C:\Windows\System\DNSHCdU.exe
  2⤵
  PID:2744
- C:\Windows\System\tHwOVZN.exe
  C:\Windows\System\tHwOVZN.exe
  2⤵
  PID:6208
- C:\Windows\System\qOKbSCP.exe
  C:\Windows\System\qOKbSCP.exe
  2⤵
  PID:6252
- C:\Windows\System\PjXAdUu.exe
  C:\Windows\System\PjXAdUu.exe
  2⤵
  PID:6048
- C:\Windows\System\qxvAoTZ.exe
  C:\Windows\System\qxvAoTZ.exe
  2⤵
  PID:5876
- C:\Windows\System\fUAYdsb.exe
  C:\Windows\System\fUAYdsb.exe
  2⤵
  PID:1464
- C:\Windows\System\vnFjJEN.exe
  C:\Windows\System\vnFjJEN.exe
  2⤵
  PID:5696
- C:\Windows\System\wuVdjYP.exe
  C:\Windows\System\wuVdjYP.exe
  2⤵
  PID:5812
- C:\Windows\System\apgibjm.exe
  C:\Windows\System\apgibjm.exe
  2⤵
  PID:2892
- C:\Windows\System\AocPbqY.exe
  C:\Windows\System\AocPbqY.exe
  2⤵
  PID:6164
- C:\Windows\System\VGXpgzJ.exe
  C:\Windows\System\VGXpgzJ.exe
  2⤵
  PID:6232
- C:\Windows\System\Qvfwbuq.exe
  C:\Windows\System\Qvfwbuq.exe
  2⤵
  PID:5940
- C:\Windows\System\oTueeOy.exe
  C:\Windows\System\oTueeOy.exe
  2⤵
  PID:5952
- C:\Windows\System\LICiykC.exe
  C:\Windows\System\LICiykC.exe
  2⤵
  PID:6512
- C:\Windows\System\HsqrPVO.exe
  C:\Windows\System\HsqrPVO.exe
  2⤵
  PID:6572
- C:\Windows\System\ktBgPCL.exe
  C:\Windows\System\ktBgPCL.exe
  2⤵
  PID:6576
- C:\Windows\System\hSmenNs.exe
  C:\Windows\System\hSmenNs.exe
  2⤵
  PID:6528
- C:\Windows\System\rRkBOfB.exe
  C:\Windows\System\rRkBOfB.exe
  2⤵
  PID:6600
- C:\Windows\System\gOWMTab.exe
  C:\Windows\System\gOWMTab.exe
  2⤵
  PID:6676
- C:\Windows\System\TktjKVR.exe
  C:\Windows\System\TktjKVR.exe
  2⤵
  PID:6620
- C:\Windows\System\eRcRzOG.exe
  C:\Windows\System\eRcRzOG.exe
  2⤵
  PID:6704
- C:\Windows\System\CizDwjJ.exe
  C:\Windows\System\CizDwjJ.exe
  2⤵
  PID:6768
- C:\Windows\System\MLqXufh.exe
  C:\Windows\System\MLqXufh.exe
  2⤵
  PID:6636
- C:\Windows\System\oQGzpll.exe
  C:\Windows\System\oQGzpll.exe
  2⤵
  PID:5968
- C:\Windows\System\kTWWjuc.exe
  C:\Windows\System\kTWWjuc.exe
  2⤵
  PID:6752
- C:\Windows\System\dRflRHC.exe
  C:\Windows\System\dRflRHC.exe
  2⤵
  PID:6820
- C:\Windows\System\qNqZhFy.exe
  C:\Windows\System\qNqZhFy.exe
  2⤵
  PID:5980
- C:\Windows\System\pziyPkJ.exe
  C:\Windows\System\pziyPkJ.exe
  2⤵
  PID:6864
- C:\Windows\System\cpFrQpi.exe
  C:\Windows\System\cpFrQpi.exe
  2⤵
  PID:6892
- C:\Windows\System\AcMQiFJ.exe
  C:\Windows\System\AcMQiFJ.exe
  2⤵
  PID:6912
- C:\Windows\System\Dflptar.exe
  C:\Windows\System\Dflptar.exe
  2⤵
  PID:6928
- C:\Windows\System\TxZrtUw.exe
  C:\Windows\System\TxZrtUw.exe
  2⤵
  PID:6944
- C:\Windows\System\rhayEVc.exe
  C:\Windows\System\rhayEVc.exe
  2⤵
  PID:6960
- C:\Windows\System\jRrUbMd.exe
  C:\Windows\System\jRrUbMd.exe
  2⤵
  PID:6988
- C:\Windows\System\eaZjfqp.exe
  C:\Windows\System\eaZjfqp.exe
  2⤵
  PID:7004
- C:\Windows\System\tzvSxQr.exe
  C:\Windows\System\tzvSxQr.exe
  2⤵
  PID:7036
- C:\Windows\System\tFBOMSS.exe
  C:\Windows\System\tFBOMSS.exe
  2⤵
  PID:7120
- C:\Windows\System\bLhbFND.exe
  C:\Windows\System\bLhbFND.exe
  2⤵
  PID:7068
- C:\Windows\System\GMoYJcE.exe
  C:\Windows\System\GMoYJcE.exe
  2⤵
  PID:7156
- C:\Windows\System\OolUpMq.exe
  C:\Windows\System\OolUpMq.exe
  2⤵
  PID:4812
- C:\Windows\System\DOapkWr.exe
  C:\Windows\System\DOapkWr.exe
  2⤵
  PID:6216
- C:\Windows\System\pQmyiHK.exe
  C:\Windows\System\pQmyiHK.exe
  2⤵
  PID:5540
- C:\Windows\System\vuLbckN.exe
  C:\Windows\System\vuLbckN.exe
  2⤵
  PID:5400
- C:\Windows\System\nJpTIMv.exe
  C:\Windows\System\nJpTIMv.exe
  2⤵
  PID:5856
- C:\Windows\System\SdHCylE.exe
  C:\Windows\System\SdHCylE.exe
  2⤵
  PID:6308
- C:\Windows\System\JVpXANm.exe
  C:\Windows\System\JVpXANm.exe
  2⤵
  PID:6356
- C:\Windows\System\qVkByxD.exe
  C:\Windows\System\qVkByxD.exe
  2⤵
  PID:6396
- C:\Windows\System\EJyOLaw.exe
  C:\Windows\System\EJyOLaw.exe
  2⤵
  PID:6432
- C:\Windows\System\tDlGNom.exe
  C:\Windows\System\tDlGNom.exe
  2⤵
  PID:6448
- C:\Windows\System\JCRJONN.exe
  C:\Windows\System\JCRJONN.exe
  2⤵
  PID:6412
- C:\Windows\System\vsrQNYx.exe
  C:\Windows\System\vsrQNYx.exe
  2⤵
  PID:6480
- C:\Windows\System\bngQiMs.exe
  C:\Windows\System\bngQiMs.exe
  2⤵
  PID:6492
- C:\Windows\System\bPKbrav.exe
  C:\Windows\System\bPKbrav.exe
  2⤵
  PID:6588
- C:\Windows\System\wVUbYDB.exe
  C:\Windows\System\wVUbYDB.exe
  2⤵
  PID:6680
- C:\Windows\System\zacxmlP.exe
  C:\Windows\System\zacxmlP.exe
  2⤵
  PID:6900
- C:\Windows\System\uJRVhnK.exe
  C:\Windows\System\uJRVhnK.exe
  2⤵
  PID:6940
- C:\Windows\System\LSZeXfH.exe
  C:\Windows\System\LSZeXfH.exe
  2⤵
  PID:6700
- C:\Windows\System\wjzOfqJ.exe
  C:\Windows\System\wjzOfqJ.exe
  2⤵
  PID:7056
- C:\Windows\System\VzxyXIl.exe
  C:\Windows\System\VzxyXIl.exe
  2⤵
  PID:5536
- C:\Windows\System\YbjKVFF.exe
  C:\Windows\System\YbjKVFF.exe
  2⤵
  PID:5948
- C:\Windows\System\hTTEAbg.exe
  C:\Windows\System\hTTEAbg.exe
  2⤵
  PID:6640
- C:\Windows\System\FGnnXkQ.exe
  C:\Windows\System\FGnnXkQ.exe
  2⤵
  PID:6672
- C:\Windows\System\KeiuAVs.exe
  C:\Windows\System\KeiuAVs.exe
  2⤵
  PID:6840
- C:\Windows\System\XYvdCyK.exe
  C:\Windows\System\XYvdCyK.exe
  2⤵
  PID:6888
- C:\Windows\System\UAGpkrO.exe
  C:\Windows\System\UAGpkrO.exe
  2⤵
  PID:2672
- C:\Windows\System\tfDuXcg.exe
  C:\Windows\System\tfDuXcg.exe
  2⤵
  PID:6228
- C:\Windows\System\rauaEJf.exe
  C:\Windows\System\rauaEJf.exe
  2⤵
  PID:5768
- C:\Windows\System\ZljqLsR.exe
  C:\Windows\System\ZljqLsR.exe
  2⤵
  PID:6276
- C:\Windows\System\SJUXFBv.exe
  C:\Windows\System\SJUXFBv.exe
  2⤵
  PID:7108
- C:\Windows\System\HZjzPJO.exe
  C:\Windows\System\HZjzPJO.exe
  2⤵
  PID:5088
- C:\Windows\System\LQpaFvs.exe
  C:\Windows\System\LQpaFvs.exe
  2⤵
  PID:7144
- C:\Windows\System\OgQyXpz.exe
  C:\Windows\System\OgQyXpz.exe
  2⤵
  PID:6360
- C:\Windows\System\xlcbcWE.exe
  C:\Windows\System\xlcbcWE.exe
  2⤵
  PID:6736
- C:\Windows\System\JbgYHwi.exe
  C:\Windows\System\JbgYHwi.exe
  2⤵
  PID:6180
- C:\Windows\System\GkYTgIp.exe
  C:\Windows\System\GkYTgIp.exe
  2⤵
  PID:6444
- C:\Windows\System\zgedAvq.exe
  C:\Windows\System\zgedAvq.exe
  2⤵
  PID:6816
- C:\Windows\System\zjzZsZf.exe
  C:\Windows\System\zjzZsZf.exe
  2⤵
  PID:7012
- C:\Windows\System\nwAkQwQ.exe
  C:\Windows\System\nwAkQwQ.exe
  2⤵
  PID:6976
- C:\Windows\System\jiQEctV.exe
  C:\Windows\System\jiQEctV.exe
  2⤵
  PID:6556
- C:\Windows\System\ULGcqrs.exe
  C:\Windows\System\ULGcqrs.exe
  2⤵
  PID:6956
- C:\Windows\System\PSXQctR.exe
  C:\Windows\System\PSXQctR.exe
  2⤵
  PID:5992
- C:\Windows\System\ZdjnNey.exe
  C:\Windows\System\ZdjnNey.exe
  2⤵
  PID:6380
- C:\Windows\System\VkvoJXi.exe
  C:\Windows\System\VkvoJXi.exe
  2⤵
  PID:6872
- C:\Windows\System\dXNszgT.exe
  C:\Windows\System\dXNszgT.exe
  2⤵
  PID:6460
- C:\Windows\System\MVwQNRh.exe
  C:\Windows\System\MVwQNRh.exe
  2⤵
  PID:7076
- C:\Windows\System\WkpHgZS.exe
  C:\Windows\System\WkpHgZS.exe
  2⤵
  PID:2180
- C:\Windows\System\NRjmpzI.exe
  C:\Windows\System\NRjmpzI.exe
  2⤵
  PID:5848
- C:\Windows\System\GgsVMcv.exe
  C:\Windows\System\GgsVMcv.exe
  2⤵
  PID:6964
- C:\Windows\System\dQoQUov.exe
  C:\Windows\System\dQoQUov.exe
  2⤵
  PID:6748
- C:\Windows\System\cSlyVzN.exe
  C:\Windows\System\cSlyVzN.exe
  2⤵
  PID:6544
- C:\Windows\System\KxmPXwQ.exe
  C:\Windows\System\KxmPXwQ.exe
  2⤵
  PID:6508
- C:\Windows\System\CoWszfx.exe
  C:\Windows\System\CoWszfx.exe
  2⤵
  PID:6160
- C:\Windows\System\bWmmUNh.exe
  C:\Windows\System\bWmmUNh.exe
  2⤵
  PID:7000
- C:\Windows\System\KoQZlWD.exe
  C:\Windows\System\KoQZlWD.exe
  2⤵
  PID:7180
- C:\Windows\System\zZGmEvK.exe
  C:\Windows\System\zZGmEvK.exe
  2⤵
  PID:7196
- C:\Windows\System\IZvxnQg.exe
  C:\Windows\System\IZvxnQg.exe
  2⤵
  PID:7212
- C:\Windows\System\oXOuekQ.exe
  C:\Windows\System\oXOuekQ.exe
  2⤵
  PID:7228
- C:\Windows\System\zZkuZYu.exe
  C:\Windows\System\zZkuZYu.exe
  2⤵
  PID:7244
- C:\Windows\System\lJsAxkV.exe
  C:\Windows\System\lJsAxkV.exe
  2⤵
  PID:7264
- C:\Windows\System\NPugHuV.exe
  C:\Windows\System\NPugHuV.exe
  2⤵
  PID:7280
- C:\Windows\System\TQJPyDc.exe
  C:\Windows\System\TQJPyDc.exe
  2⤵
  PID:7300
- C:\Windows\System\BdRiJvA.exe
  C:\Windows\System\BdRiJvA.exe
  2⤵
  PID:7324
- C:\Windows\System\OeABFkY.exe
  C:\Windows\System\OeABFkY.exe
  2⤵
  PID:7340
- C:\Windows\System\ynOBPDp.exe
  C:\Windows\System\ynOBPDp.exe
  2⤵
  PID:7356
- C:\Windows\System\kQMKQYI.exe
  C:\Windows\System\kQMKQYI.exe
  2⤵
  PID:7372
- C:\Windows\System\QZsviQU.exe
  C:\Windows\System\QZsviQU.exe
  2⤵
  PID:7388
- C:\Windows\System\dppAnPD.exe
  C:\Windows\System\dppAnPD.exe
  2⤵
  PID:7404
- C:\Windows\System\TmAriex.exe
  C:\Windows\System\TmAriex.exe
  2⤵
  PID:7420
- C:\Windows\System\ipqwrdU.exe
  C:\Windows\System\ipqwrdU.exe
  2⤵
  PID:7436
- C:\Windows\System\QgWCjps.exe
  C:\Windows\System\QgWCjps.exe
  2⤵
  PID:7456
- C:\Windows\System\EBkfxMD.exe
  C:\Windows\System\EBkfxMD.exe
  2⤵
  PID:7472
- C:\Windows\System\MFOPurK.exe
  C:\Windows\System\MFOPurK.exe
  2⤵
  PID:7488
- C:\Windows\System\vqfHzgV.exe
  C:\Windows\System\vqfHzgV.exe
  2⤵
  PID:7504
- C:\Windows\System\IJguxJA.exe
  C:\Windows\System\IJguxJA.exe
  2⤵
  PID:7520
- C:\Windows\System\LyOaKpB.exe
  C:\Windows\System\LyOaKpB.exe
  2⤵
  PID:7536
- C:\Windows\System\IDvNiSp.exe
  C:\Windows\System\IDvNiSp.exe
  2⤵
  PID:7552
- C:\Windows\System\IBNvlFe.exe
  C:\Windows\System\IBNvlFe.exe
  2⤵
  PID:7568
- C:\Windows\System\eoknyQl.exe
  C:\Windows\System\eoknyQl.exe
  2⤵
  PID:7584
- C:\Windows\System\IgSOqOn.exe
  C:\Windows\System\IgSOqOn.exe
  2⤵
  PID:7600
- C:\Windows\System\yZNDaYL.exe
  C:\Windows\System\yZNDaYL.exe
  2⤵
  PID:7616
- C:\Windows\System\vamsTAF.exe
  C:\Windows\System\vamsTAF.exe
  2⤵
  PID:7632
- C:\Windows\System\RGXDDpo.exe
  C:\Windows\System\RGXDDpo.exe
  2⤵
  PID:7648
- C:\Windows\System\SbWTzFR.exe
  C:\Windows\System\SbWTzFR.exe
  2⤵
  PID:7664
- C:\Windows\System\dgUqWcv.exe
  C:\Windows\System\dgUqWcv.exe
  2⤵
  PID:7684
- C:\Windows\System\VVNTftm.exe
  C:\Windows\System\VVNTftm.exe
  2⤵
  PID:7700
- C:\Windows\System\ylHiDMT.exe
  C:\Windows\System\ylHiDMT.exe
  2⤵
  PID:7716
- C:\Windows\System\EemzqkC.exe
  C:\Windows\System\EemzqkC.exe
  2⤵
  PID:7732
- C:\Windows\System\TekVUGP.exe
  C:\Windows\System\TekVUGP.exe
  2⤵
  PID:7748
- C:\Windows\System\hSXPDiP.exe
  C:\Windows\System\hSXPDiP.exe
  2⤵
  PID:7764
- C:\Windows\System\IjUumdb.exe
  C:\Windows\System\IjUumdb.exe
  2⤵
  PID:7780
- C:\Windows\System\tolobnc.exe
  C:\Windows\System\tolobnc.exe
  2⤵
  PID:7796
- C:\Windows\System\YggYkZy.exe
  C:\Windows\System\YggYkZy.exe
  2⤵
  PID:7812
- C:\Windows\System\PiYROOl.exe
  C:\Windows\System\PiYROOl.exe
  2⤵
  PID:7828
- C:\Windows\System\uPsOdNq.exe
  C:\Windows\System\uPsOdNq.exe
  2⤵
  PID:7844
- C:\Windows\System\sdOZKcZ.exe
  C:\Windows\System\sdOZKcZ.exe
  2⤵
  PID:7860
- C:\Windows\System\vrqWMmo.exe
  C:\Windows\System\vrqWMmo.exe
  2⤵
  PID:7876
- C:\Windows\System\NUqNPjo.exe
  C:\Windows\System\NUqNPjo.exe
  2⤵
  PID:7892
- C:\Windows\System\KeIYVcA.exe
  C:\Windows\System\KeIYVcA.exe
  2⤵
  PID:7908
- C:\Windows\System\VQLqUVd.exe
  C:\Windows\System\VQLqUVd.exe
  2⤵
  PID:7924
- C:\Windows\System\LIyLSCS.exe
  C:\Windows\System\LIyLSCS.exe
  2⤵
  PID:7940
- C:\Windows\System\AMvPfmR.exe
  C:\Windows\System\AMvPfmR.exe
  2⤵
  PID:7956
- C:\Windows\System\NxQJrDi.exe
  C:\Windows\System\NxQJrDi.exe
  2⤵
  PID:7972
- C:\Windows\System\bUSuyjY.exe
  C:\Windows\System\bUSuyjY.exe
  2⤵
  PID:7988
- C:\Windows\System\nqGrBgK.exe
  C:\Windows\System\nqGrBgK.exe
  2⤵
  PID:8004
- C:\Windows\System\hdVbPVu.exe
  C:\Windows\System\hdVbPVu.exe
  2⤵
  PID:8020
- C:\Windows\System\IfDBmyS.exe
  C:\Windows\System\IfDBmyS.exe
  2⤵
  PID:8036
- C:\Windows\System\EUqgGoW.exe
  C:\Windows\System\EUqgGoW.exe
  2⤵
  PID:8052
- C:\Windows\System\gdHmOSL.exe
  C:\Windows\System\gdHmOSL.exe
  2⤵
  PID:8068
- C:\Windows\System\fDrSnLx.exe
  C:\Windows\System\fDrSnLx.exe
  2⤵
  PID:8084
- C:\Windows\System\QQqqEPc.exe
  C:\Windows\System\QQqqEPc.exe
  2⤵
  PID:8100
- C:\Windows\System\HHpVapR.exe
  C:\Windows\System\HHpVapR.exe
  2⤵
  PID:8116
- C:\Windows\System\fMuCmPj.exe
  C:\Windows\System\fMuCmPj.exe
  2⤵
  PID:8132
- C:\Windows\System\PCQDcng.exe
  C:\Windows\System\PCQDcng.exe
  2⤵
  PID:8148
- C:\Windows\System\jLzYQRr.exe
  C:\Windows\System\jLzYQRr.exe
  2⤵
  PID:8164
- C:\Windows\System\xaRHhDf.exe
  C:\Windows\System\xaRHhDf.exe
  2⤵
  PID:8180
- C:\Windows\System\GFLWBbp.exe
  C:\Windows\System\GFLWBbp.exe
  2⤵
  PID:6292
- C:\Windows\System\sVqVdFJ.exe
  C:\Windows\System\sVqVdFJ.exe
  2⤵
  PID:5960
- C:\Windows\System\jdgukaz.exe
  C:\Windows\System\jdgukaz.exe
  2⤵
  PID:7192
- C:\Windows\System\TeZexBn.exe
  C:\Windows\System\TeZexBn.exe
  2⤵
  PID:5444
- C:\Windows\System\nWfWBst.exe
  C:\Windows\System\nWfWBst.exe
  2⤵
  PID:6952
- C:\Windows\System\NNsUvwi.exe
  C:\Windows\System\NNsUvwi.exe
  2⤵
  PID:7172
- C:\Windows\System\GxdlJme.exe
  C:\Windows\System\GxdlJme.exe
  2⤵
  PID:7236
- C:\Windows\System\zeCLEeX.exe
  C:\Windows\System\zeCLEeX.exe
  2⤵
  PID:7092
- C:\Windows\System\SnKfKuW.exe
  C:\Windows\System\SnKfKuW.exe
  2⤵
  PID:7272
- C:\Windows\System\EUYSTVv.exe
  C:\Windows\System\EUYSTVv.exe
  2⤵
  PID:7316
- C:\Windows\System\IQMbtZr.exe
  C:\Windows\System\IQMbtZr.exe
  2⤵
  PID:1536
- C:\Windows\System\LyJCUdb.exe
  C:\Windows\System\LyJCUdb.exe
  2⤵
  PID:7464
- C:\Windows\System\MjCwuKE.exe
  C:\Windows\System\MjCwuKE.exe
  2⤵
  PID:7396
- C:\Windows\System\SJYEKnM.exe
  C:\Windows\System\SJYEKnM.exe
  2⤵
  PID:7428
- C:\Windows\System\vhgQDXe.exe
  C:\Windows\System\vhgQDXe.exe
  2⤵
  PID:7560
- C:\Windows\System\pimTdOv.exe
  C:\Windows\System\pimTdOv.exe
  2⤵
  PID:7592
- C:\Windows\System\WGdvtKe.exe
  C:\Windows\System\WGdvtKe.exe
  2⤵
  PID:7692
- C:\Windows\System\VjHJjlI.exe
  C:\Windows\System\VjHJjlI.exe
  2⤵
  PID:7384
- C:\Windows\System\dgOoVUC.exe
  C:\Windows\System\dgOoVUC.exe
  2⤵
  PID:7512
- C:\Windows\System\yclNPQh.exe
  C:\Windows\System\yclNPQh.exe
  2⤵
  PID:7640
- C:\Windows\System\lnRkqHp.exe
  C:\Windows\System\lnRkqHp.exe
  2⤵
  PID:6880
- C:\Windows\System\BpmALBU.exe
  C:\Windows\System\BpmALBU.exe
  2⤵
  PID:2056
- C:\Windows\System\CglvbGW.exe
  C:\Windows\System\CglvbGW.exe
  2⤵
  PID:7772
- C:\Windows\System\FQVyomh.exe
  C:\Windows\System\FQVyomh.exe
  2⤵
  PID:7740
- C:\Windows\System\FgLncWp.exe
  C:\Windows\System\FgLncWp.exe
  2⤵
  PID:7788
- C:\Windows\System\bWzWQny.exe
  C:\Windows\System\bWzWQny.exe
  2⤵
  PID:7824
- C:\Windows\System\hAXRYwt.exe
  C:\Windows\System\hAXRYwt.exe
  2⤵
  PID:7868
- C:\Windows\System\xKcIxFG.exe
  C:\Windows\System\xKcIxFG.exe
  2⤵
  PID:7884
- C:\Windows\System\IuszWNN.exe
  C:\Windows\System\IuszWNN.exe
  2⤵
  PID:7888
- C:\Windows\System\WxQzqSq.exe
  C:\Windows\System\WxQzqSq.exe
  2⤵
  PID:8028
- C:\Windows\System\qkNFxim.exe
  C:\Windows\System\qkNFxim.exe
  2⤵
  PID:8060
- C:\Windows\System\iKjTohf.exe
  C:\Windows\System\iKjTohf.exe
  2⤵
  PID:8128
- C:\Windows\System\BZCHVxY.exe
  C:\Windows\System\BZCHVxY.exe
  2⤵
  PID:8156
- C:\Windows\System\norQhbY.exe
  C:\Windows\System\norQhbY.exe
  2⤵
  PID:7952
- C:\Windows\System\ZlKYOwn.exe
  C:\Windows\System\ZlKYOwn.exe
  2⤵
  PID:8176
- C:\Windows\System\ORoUeVf.exe
  C:\Windows\System\ORoUeVf.exe
  2⤵
  PID:6632
- C:\Windows\System\Fmsruls.exe
  C:\Windows\System\Fmsruls.exe
  2⤵
  PID:8140
- C:\Windows\System\WQFXdXU.exe
  C:\Windows\System\WQFXdXU.exe
  2⤵
  PID:6156
- C:\Windows\System\syufPHo.exe
  C:\Windows\System\syufPHo.exe
  2⤵
  PID:6936
- C:\Windows\System\GLOMJBe.exe
  C:\Windows\System\GLOMJBe.exe
  2⤵
  PID:7260
- C:\Windows\System\LOKwOvr.exe
  C:\Windows\System\LOKwOvr.exe
  2⤵
  PID:5692
- C:\Windows\System\GtfqALN.exe
  C:\Windows\System\GtfqALN.exe
  2⤵
  PID:7124
- C:\Windows\System\LXtCMtX.exe
  C:\Windows\System\LXtCMtX.exe
  2⤵
  PID:7528
- C:\Windows\System\oafpOOe.exe
  C:\Windows\System\oafpOOe.exe
  2⤵
  PID:7400
- C:\Windows\System\bIEhwzO.exe
  C:\Windows\System\bIEhwzO.exe
  2⤵
  PID:7480
- C:\Windows\System\ATYXclw.exe
  C:\Windows\System\ATYXclw.exe
  2⤵
  PID:7580
- C:\Windows\System\QwKSidt.exe
  C:\Windows\System\QwKSidt.exe
  2⤵
  PID:7840
- C:\Windows\System\eCZJtOD.exe
  C:\Windows\System\eCZJtOD.exe
  2⤵
  PID:7576
- C:\Windows\System\qrAmbGh.exe
  C:\Windows\System\qrAmbGh.exe
  2⤵
  PID:7544
- C:\Windows\System\gjCvZMY.exe
  C:\Windows\System\gjCvZMY.exe
  2⤵
  PID:7628
- C:\Windows\System\JEYYVmp.exe
  C:\Windows\System\JEYYVmp.exe
  2⤵
  PID:7416
- C:\Windows\System\zlqoziK.exe
  C:\Windows\System\zlqoziK.exe
  2⤵
  PID:7900
- C:\Windows\System\vWRpQph.exe
  C:\Windows\System\vWRpQph.exe
  2⤵
  PID:7996
- C:\Windows\System\gsBiEAm.exe
  C:\Windows\System\gsBiEAm.exe
  2⤵
  PID:8092
- C:\Windows\System\PesFhkW.exe
  C:\Windows\System\PesFhkW.exe
  2⤵
  PID:7984
- C:\Windows\System\qCZioRr.exe
  C:\Windows\System\qCZioRr.exe
  2⤵
  PID:7160
- C:\Windows\System\zPpRDlP.exe
  C:\Windows\System\zPpRDlP.exe
  2⤵
  PID:8172
- C:\Windows\System\meAfGdS.exe
  C:\Windows\System\meAfGdS.exe
  2⤵
  PID:7208
- C:\Windows\System\oNyrdVM.exe
  C:\Windows\System\oNyrdVM.exe
  2⤵
  PID:7660
- C:\Windows\System\URYNmlm.exe
  C:\Windows\System\URYNmlm.exe
  2⤵
  PID:7696
- C:\Windows\System\hzrJdCf.exe
  C:\Windows\System\hzrJdCf.exe
  2⤵
  PID:8108
- C:\Windows\System\oLYOBkt.exe
  C:\Windows\System\oLYOBkt.exe
  2⤵
  PID:7308
- C:\Windows\System\jLrLhRF.exe
  C:\Windows\System\jLrLhRF.exe
  2⤵
  PID:7728
- C:\Windows\System\OtkKHFk.exe
  C:\Windows\System\OtkKHFk.exe
  2⤵
  PID:8124
- C:\Windows\System\vqalxNc.exe
  C:\Windows\System\vqalxNc.exe
  2⤵
  PID:8048
- C:\Windows\System\zhIeVYv.exe
  C:\Windows\System\zhIeVYv.exe
  2⤵
  PID:7224
- C:\Windows\System\xZmFgKf.exe
  C:\Windows\System\xZmFgKf.exe
  2⤵
  PID:6344
- C:\Windows\System\TfxcMUU.exe
  C:\Windows\System\TfxcMUU.exe
  2⤵
  PID:7852
- C:\Windows\System\sxXegHo.exe
  C:\Windows\System\sxXegHo.exe
  2⤵
  PID:7920
- C:\Windows\System\zTGZdSM.exe
  C:\Windows\System\zTGZdSM.exe
  2⤵
  PID:8044
- C:\Windows\System\mojsUth.exe
  C:\Windows\System\mojsUth.exe
  2⤵
  PID:7760
- C:\Windows\System\vsQYHIB.exe
  C:\Windows\System\vsQYHIB.exe
  2⤵
  PID:7672
- C:\Windows\System\LLDHoMy.exe
  C:\Windows\System\LLDHoMy.exe
  2⤵
  PID:7608
- C:\Windows\System\PmfwYWn.exe
  C:\Windows\System\PmfwYWn.exe
  2⤵
  PID:8196
- C:\Windows\System\yFGPdTu.exe
  C:\Windows\System\yFGPdTu.exe
  2⤵
  PID:8212
- C:\Windows\System\vvEddly.exe
  C:\Windows\System\vvEddly.exe
  2⤵
  PID:8236
- C:\Windows\System\EZsOAZV.exe
  C:\Windows\System\EZsOAZV.exe
  2⤵
  PID:8260
- C:\Windows\System\PqxyKhE.exe
  C:\Windows\System\PqxyKhE.exe
  2⤵
  PID:8280
- C:\Windows\System\rCkGefC.exe
  C:\Windows\System\rCkGefC.exe
  2⤵
  PID:8296
- C:\Windows\System\UJSQzsT.exe
  C:\Windows\System\UJSQzsT.exe
  2⤵
  PID:8316
- C:\Windows\System\qpDkTzL.exe
  C:\Windows\System\qpDkTzL.exe
  2⤵
  PID:8332
- C:\Windows\System\xTENYEO.exe
  C:\Windows\System\xTENYEO.exe
  2⤵
  PID:8464
- C:\Windows\System\kautorK.exe
  C:\Windows\System\kautorK.exe
  2⤵
  PID:8872
- C:\Windows\System\cDMHbCW.exe
  C:\Windows\System\cDMHbCW.exe
  2⤵
  PID:8888
- C:\Windows\System\xmMjpoE.exe
  C:\Windows\System\xmMjpoE.exe
  2⤵
  PID:8904
- C:\Windows\System\wkGeBJV.exe
  C:\Windows\System\wkGeBJV.exe
  2⤵
  PID:8920
- C:\Windows\System\FuasTUe.exe
  C:\Windows\System\FuasTUe.exe
  2⤵
  PID:8936
- C:\Windows\System\yZHCyCr.exe
  C:\Windows\System\yZHCyCr.exe
  2⤵
  PID:8956
- C:\Windows\System\ejheRwY.exe
  C:\Windows\System\ejheRwY.exe
  2⤵
  PID:8972
- C:\Windows\System\QkxUGNk.exe
  C:\Windows\System\QkxUGNk.exe
  2⤵
  PID:8996
- C:\Windows\System\yKBOmPD.exe
  C:\Windows\System\yKBOmPD.exe
  2⤵
  PID:9012
- C:\Windows\System\fTQmVNk.exe
  C:\Windows\System\fTQmVNk.exe
  2⤵
  PID:9028
- C:\Windows\System\banpXmA.exe
  C:\Windows\System\banpXmA.exe
  2⤵
  PID:9044
- C:\Windows\System\WvkTeyK.exe
  C:\Windows\System\WvkTeyK.exe
  2⤵
  PID:9072
- C:\Windows\System\MyXYhhj.exe
  C:\Windows\System\MyXYhhj.exe
  2⤵
  PID:9092
- C:\Windows\System\kivVkey.exe
  C:\Windows\System\kivVkey.exe
  2⤵
  PID:9112
- C:\Windows\System\GNZIGQM.exe
  C:\Windows\System\GNZIGQM.exe
  2⤵
  PID:9128
- C:\Windows\System\fNLdgEs.exe
  C:\Windows\System\fNLdgEs.exe
  2⤵
  PID:9172
- C:\Windows\System\TToUmEQ.exe
  C:\Windows\System\TToUmEQ.exe
  2⤵
  PID:9188
- C:\Windows\System\kECSMvv.exe
  C:\Windows\System\kECSMvv.exe
  2⤵
  PID:9212
- C:\Windows\System\JgXjVtr.exe
  C:\Windows\System\JgXjVtr.exe
  2⤵
  PID:7936
- C:\Windows\System\rpYzkyj.exe
  C:\Windows\System\rpYzkyj.exe
  2⤵
  PID:8208
- C:\Windows\System\QuthTzx.exe
  C:\Windows\System\QuthTzx.exe
  2⤵
  PID:8252
- C:\Windows\System\Bsnzcfl.exe
  C:\Windows\System\Bsnzcfl.exe
  2⤵
  PID:8292
- C:\Windows\System\CEeEXLT.exe
  C:\Windows\System\CEeEXLT.exe
  2⤵
  PID:8340
- C:\Windows\System\kWtFRwW.exe
  C:\Windows\System\kWtFRwW.exe
  2⤵
  PID:8348
- C:\Windows\System\eNouiIF.exe
  C:\Windows\System\eNouiIF.exe
  2⤵
  PID:8372
- C:\Windows\System\sCGeYuG.exe
  C:\Windows\System\sCGeYuG.exe
  2⤵
  PID:8392
- C:\Windows\System\kvwuNfW.exe
  C:\Windows\System\kvwuNfW.exe
  2⤵
  PID:8416
- C:\Windows\System\UWIWDqX.exe
  C:\Windows\System\UWIWDqX.exe
  2⤵
  PID:8436
- C:\Windows\System\RSNgokt.exe
  C:\Windows\System\RSNgokt.exe
  2⤵
  PID:8480
- C:\Windows\System\mSDOlSa.exe
  C:\Windows\System\mSDOlSa.exe
  2⤵
  PID:8492
- C:\Windows\System\iHGtGIT.exe
  C:\Windows\System\iHGtGIT.exe
  2⤵
  PID:8496
- C:\Windows\System\izYCARF.exe
  C:\Windows\System\izYCARF.exe
  2⤵
  PID:8524
- C:\Windows\System\zJnOcVS.exe
  C:\Windows\System\zJnOcVS.exe
  2⤵
  PID:8544
- C:\Windows\System\nGvbqzH.exe
  C:\Windows\System\nGvbqzH.exe
  2⤵
  PID:8560
- C:\Windows\System\SMHBIdO.exe
  C:\Windows\System\SMHBIdO.exe
  2⤵
  PID:8576
- C:\Windows\System\WalmzAR.exe
  C:\Windows\System\WalmzAR.exe
  2⤵
  PID:8588
- C:\Windows\System\JgCcSfw.exe
  C:\Windows\System\JgCcSfw.exe
  2⤵
  PID:8608
- C:\Windows\System\RBKGxaW.exe
  C:\Windows\System\RBKGxaW.exe
  2⤵
  PID:8636
- C:\Windows\System\iIFICZF.exe
  C:\Windows\System\iIFICZF.exe
  2⤵
  PID:8648
- C:\Windows\System\ifViAzI.exe
  C:\Windows\System\ifViAzI.exe
  2⤵
  PID:8668
- C:\Windows\System\PYiLROQ.exe
  C:\Windows\System\PYiLROQ.exe
  2⤵
  PID:8680
- C:\Windows\System\NKEWrWN.exe
  C:\Windows\System\NKEWrWN.exe
  2⤵
  PID:8704
- C:\Windows\System\iTQfcEZ.exe
  C:\Windows\System\iTQfcEZ.exe
  2⤵
  PID:8720
- C:\Windows\System\GnGyZbJ.exe
  C:\Windows\System\GnGyZbJ.exe
  2⤵
  PID:8732
- C:\Windows\System\GPsmIqO.exe
  C:\Windows\System\GPsmIqO.exe
  2⤵
  PID:8764
- C:\Windows\System\BaJMybh.exe
  C:\Windows\System\BaJMybh.exe
  2⤵
  PID:8784
- C:\Windows\System\YuqMgdi.exe
  C:\Windows\System\YuqMgdi.exe
  2⤵
  PID:8808
- C:\Windows\System\wnqdGfJ.exe
  C:\Windows\System\wnqdGfJ.exe
  2⤵
  PID:8824
- C:\Windows\System\uaQqcqp.exe
  C:\Windows\System\uaQqcqp.exe
  2⤵
  PID:8848
- C:\Windows\System\jIHmmdI.exe
  C:\Windows\System\jIHmmdI.exe
  2⤵
  PID:8868
- C:\Windows\System\cOGIyCv.exe
  C:\Windows\System\cOGIyCv.exe
  2⤵
  PID:8916
- C:\Windows\System\MImreqt.exe
  C:\Windows\System\MImreqt.exe
  2⤵
  PID:8948
- C:\Windows\System\WbTwsFs.exe
  C:\Windows\System\WbTwsFs.exe
  2⤵
  PID:8900
- C:\Windows\System\Zbsptph.exe
  C:\Windows\System\Zbsptph.exe
  2⤵
  PID:9036
- C:\Windows\System\wnhfsPK.exe
  C:\Windows\System\wnhfsPK.exe
  2⤵
  PID:8988
- C:\Windows\System\TdkdGTR.exe
  C:\Windows\System\TdkdGTR.exe
  2⤵
  PID:9056
- C:\Windows\System\aLfuSwD.exe
  C:\Windows\System\aLfuSwD.exe
  2⤵
  PID:9088
- C:\Windows\System\EXLMspv.exe
  C:\Windows\System\EXLMspv.exe
  2⤵
  PID:9148
- C:\Windows\System\uFuKXTP.exe
  C:\Windows\System\uFuKXTP.exe
  2⤵
  PID:9152
- C:\Windows\System\ZSzxYwC.exe
  C:\Windows\System\ZSzxYwC.exe
  2⤵
  PID:6596
- C:\Windows\System\CFBEMEt.exe
  C:\Windows\System\CFBEMEt.exe
  2⤵
  PID:8268
- C:\Windows\System\sVdRGSx.exe
  C:\Windows\System\sVdRGSx.exe
  2⤵
  PID:8308
- C:\Windows\System\SkSFrKG.exe
  C:\Windows\System\SkSFrKG.exe
  2⤵
  PID:8368
- C:\Windows\System\wIQThHl.exe
  C:\Windows\System\wIQThHl.exe
  2⤵
  PID:8400
- C:\Windows\System\NtEgydE.exe
  C:\Windows\System\NtEgydE.exe
  2⤵
  PID:8432
- C:\Windows\System\nOnylub.exe
  C:\Windows\System\nOnylub.exe
  2⤵
  PID:8472
- C:\Windows\System\nXVExTJ.exe
  C:\Windows\System\nXVExTJ.exe
  2⤵
  PID:8488
- C:\Windows\System\KmzYxeq.exe
  C:\Windows\System\KmzYxeq.exe
  2⤵
  PID:8532
- C:\Windows\System\YghqlMr.exe
  C:\Windows\System\YghqlMr.exe
  2⤵
  PID:8572
- C:\Windows\System\UTlILnG.exe
  C:\Windows\System\UTlILnG.exe
  2⤵
  PID:8552
- C:\Windows\System\jvHmjEC.exe
  C:\Windows\System\jvHmjEC.exe
  2⤵
  PID:8688
- C:\Windows\System\XEtkRDD.exe
  C:\Windows\System\XEtkRDD.exe
  2⤵
  PID:8740
- C:\Windows\System\SyyxpyW.exe
  C:\Windows\System\SyyxpyW.exe
  2⤵
  PID:8756
- C:\Windows\System\YYFJbTV.exe
  C:\Windows\System\YYFJbTV.exe
  2⤵
  PID:8224
- C:\Windows\System\xDFPESJ.exe
  C:\Windows\System\xDFPESJ.exe
  2⤵
  PID:8836
- C:\Windows\System\dWMTBLd.exe
  C:\Windows\System\dWMTBLd.exe
  2⤵
  PID:8964
- C:\Windows\System\acroXVM.exe
  C:\Windows\System\acroXVM.exe
  2⤵
  PID:9020
- C:\Windows\System\wzCeted.exe
  C:\Windows\System\wzCeted.exe
  2⤵
  PID:9104
- C:\Windows\System\DFxqmws.exe
  C:\Windows\System\DFxqmws.exe
  2⤵
  PID:8628
- C:\Windows\System\VQXXLBJ.exe
  C:\Windows\System\VQXXLBJ.exe
  2⤵
  PID:8860
- C:\Windows\System\izdPlTD.exe
  C:\Windows\System\izdPlTD.exe
  2⤵
  PID:8748
- C:\Windows\System\GTqAVTO.exe
  C:\Windows\System\GTqAVTO.exe
  2⤵
  PID:8980
- C:\Windows\System\oXGTTzA.exe
  C:\Windows\System\oXGTTzA.exe
  2⤵
  PID:9052
- C:\Windows\System\VLETymm.exe
  C:\Windows\System\VLETymm.exe
  2⤵
  PID:9080
- C:\Windows\System\kcNzAUp.exe
  C:\Windows\System\kcNzAUp.exe
  2⤵
  PID:9180
- C:\Windows\System\OCPVzIN.exe
  C:\Windows\System\OCPVzIN.exe
  2⤵
  PID:8364
- C:\Windows\System\NBDoSxO.exe
  C:\Windows\System\NBDoSxO.exe
  2⤵
  PID:8384
- C:\Windows\System\UIqvXRg.exe
  C:\Windows\System\UIqvXRg.exe
  2⤵
  PID:8444
- C:\Windows\System\jIjMAXk.exe
  C:\Windows\System\jIjMAXk.exe
  2⤵
  PID:8448
- C:\Windows\System\pxfDUXl.exe
  C:\Windows\System\pxfDUXl.exe
  2⤵
  PID:8556
- C:\Windows\System\HHMSiDa.exe
  C:\Windows\System\HHMSiDa.exe
  2⤵
  PID:8752
- C:\Windows\System\PgkZUfh.exe
  C:\Windows\System\PgkZUfh.exe
  2⤵
  PID:8700
- C:\Windows\System\HjxylkI.exe
  C:\Windows\System\HjxylkI.exe
  2⤵
  PID:8600
- C:\Windows\System\zuTdeGO.exe
  C:\Windows\System\zuTdeGO.exe
  2⤵
  PID:9136
- C:\Windows\System\WyeVegY.exe
  C:\Windows\System\WyeVegY.exe
  2⤵
  PID:8912
- C:\Windows\System\RSSPfum.exe
  C:\Windows\System\RSSPfum.exe
  2⤵
  PID:8796
- C:\Windows\System\vnlLLbE.exe
  C:\Windows\System\vnlLLbE.exe
  2⤵
  PID:8604
- C:\Windows\System\bLhWrGD.exe
  C:\Windows\System\bLhWrGD.exe
  2⤵
  PID:9200
- C:\Windows\System\fYcQfoX.exe
  C:\Windows\System\fYcQfoX.exe
  2⤵
  PID:8232
- C:\Windows\System\ZEjvIak.exe
  C:\Windows\System\ZEjvIak.exe
  2⤵
  PID:8304
- C:\Windows\System\EimRlIC.exe
  C:\Windows\System\EimRlIC.exe
  2⤵
  PID:8452
- C:\Windows\System\bGHmvSJ.exe
  C:\Windows\System\bGHmvSJ.exe
  2⤵
  PID:8820
- C:\Windows\System\huSrnnn.exe
  C:\Windows\System\huSrnnn.exe
  2⤵
  PID:8520
- C:\Windows\System\IydLrxH.exe
  C:\Windows\System\IydLrxH.exe
  2⤵
  PID:8832
- C:\Windows\System\bldeWTu.exe
  C:\Windows\System\bldeWTu.exe
  2⤵
  PID:8776
- C:\Windows\System\jaqYuFY.exe
  C:\Windows\System\jaqYuFY.exe
  2⤵
  PID:9008
- C:\Windows\System\pxXUHeg.exe
  C:\Windows\System\pxXUHeg.exe
  2⤵
  PID:7708
- C:\Windows\System\kvhemvo.exe
  C:\Windows\System\kvhemvo.exe
  2⤵
  PID:8716
- C:\Windows\System\SWbeFxd.exe
  C:\Windows\System\SWbeFxd.exe
  2⤵
  PID:8356
- C:\Windows\System\qodYslr.exe
  C:\Windows\System\qodYslr.exe
  2⤵
  PID:8460
- C:\Windows\System\syfEMWj.exe
  C:\Windows\System\syfEMWj.exe
  2⤵
  PID:8992
- C:\Windows\System\XLErLKN.exe
  C:\Windows\System\XLErLKN.exe
  2⤵
  PID:9004
- C:\Windows\System\wIlbbJA.exe
  C:\Windows\System\wIlbbJA.exe
  2⤵
  PID:8380
- C:\Windows\System\IBloBcf.exe
  C:\Windows\System\IBloBcf.exe
  2⤵
  PID:8664
- C:\Windows\System\ZQYwlho.exe
  C:\Windows\System\ZQYwlho.exe
  2⤵
  PID:9224
- C:\Windows\System\qhbmULx.exe
  C:\Windows\System\qhbmULx.exe
  2⤵
  PID:9252
- C:\Windows\System\WGvxHQx.exe
  C:\Windows\System\WGvxHQx.exe
  2⤵
  PID:9288
- C:\Windows\System\pdoMIGG.exe
  C:\Windows\System\pdoMIGG.exe
  2⤵
  PID:9312
- C:\Windows\System\dqQYmfI.exe
  C:\Windows\System\dqQYmfI.exe
  2⤵
  PID:9332
- C:\Windows\System\WGdcUrH.exe
  C:\Windows\System\WGdcUrH.exe
  2⤵
  PID:9348
- C:\Windows\System\UzUfSVh.exe
  C:\Windows\System\UzUfSVh.exe
  2⤵
  PID:9368
- C:\Windows\System\MaorhQo.exe
  C:\Windows\System\MaorhQo.exe
  2⤵
  PID:9404
- C:\Windows\System\TajSSJG.exe
  C:\Windows\System\TajSSJG.exe
  2⤵
  PID:9420
- C:\Windows\System\rOHNQwU.exe
  C:\Windows\System\rOHNQwU.exe
  2⤵
  PID:9440
- C:\Windows\System\uxUbIIQ.exe
  C:\Windows\System\uxUbIIQ.exe
  2⤵
  PID:9456
- C:\Windows\System\rzjsMEf.exe
  C:\Windows\System\rzjsMEf.exe
  2⤵
  PID:9476
- C:\Windows\System\enKYpTV.exe
  C:\Windows\System\enKYpTV.exe
  2⤵
  PID:9492
- C:\Windows\System\RvrUCZN.exe
  C:\Windows\System\RvrUCZN.exe
  2⤵
  PID:9508
- C:\Windows\System\YSKOZve.exe
  C:\Windows\System\YSKOZve.exe
  2⤵
  PID:9524
- C:\Windows\System\BsgixHn.exe
  C:\Windows\System\BsgixHn.exe
  2⤵
  PID:9552
- C:\Windows\System\LOixgfX.exe
  C:\Windows\System\LOixgfX.exe
  2⤵
  PID:9572
- C:\Windows\System\ZgxTAUO.exe
  C:\Windows\System\ZgxTAUO.exe
  2⤵
  PID:9588
- C:\Windows\System\zJhNuqG.exe
  C:\Windows\System\zJhNuqG.exe
  2⤵
  PID:9604
- C:\Windows\System\RPJwNSS.exe
  C:\Windows\System\RPJwNSS.exe
  2⤵
  PID:9620
- C:\Windows\System\QSjuzhk.exe
  C:\Windows\System\QSjuzhk.exe
  2⤵
  PID:9640
- C:\Windows\System\FhxjDQH.exe
  C:\Windows\System\FhxjDQH.exe
  2⤵
  PID:9660
- C:\Windows\System\UEOjfJO.exe
  C:\Windows\System\UEOjfJO.exe
  2⤵
  PID:9676
- C:\Windows\System\iVfVgrN.exe
  C:\Windows\System\iVfVgrN.exe
  2⤵
  PID:9692
- C:\Windows\System\BFKzRRO.exe
  C:\Windows\System\BFKzRRO.exe
  2⤵
  PID:9712
- C:\Windows\System\NkCwmyg.exe
  C:\Windows\System\NkCwmyg.exe
  2⤵
  PID:9732
- C:\Windows\System\DpoYjuf.exe
  C:\Windows\System\DpoYjuf.exe
  2⤵
  PID:9748
- C:\Windows\System\WSAydBu.exe
  C:\Windows\System\WSAydBu.exe
  2⤵
  PID:9764
- C:\Windows\System\ExOsHeW.exe
  C:\Windows\System\ExOsHeW.exe
  2⤵
  PID:9788
- C:\Windows\System\KcNZqxw.exe
  C:\Windows\System\KcNZqxw.exe
  2⤵
  PID:9804
- C:\Windows\System\sJKFRqm.exe
  C:\Windows\System\sJKFRqm.exe
  2⤵
  PID:9856
- C:\Windows\System\JRDbjFp.exe
  C:\Windows\System\JRDbjFp.exe
  2⤵
  PID:9880
- C:\Windows\System\wcPYKyh.exe
  C:\Windows\System\wcPYKyh.exe
  2⤵
  PID:9900
- C:\Windows\System\yHyNiEn.exe
  C:\Windows\System\yHyNiEn.exe
  2⤵
  PID:9916
- C:\Windows\System\ILiGogY.exe
  C:\Windows\System\ILiGogY.exe
  2⤵
  PID:9932
- C:\Windows\System\ROCpiUa.exe
  C:\Windows\System\ROCpiUa.exe
  2⤵
  PID:9952
- C:\Windows\System\UGYNrFs.exe
  C:\Windows\System\UGYNrFs.exe
  2⤵
  PID:9972
- C:\Windows\System\ibyIJRD.exe
  C:\Windows\System\ibyIJRD.exe
  2⤵
  PID:9992
- C:\Windows\System\KBxYfCh.exe
  C:\Windows\System\KBxYfCh.exe
  2⤵
  PID:10008
- C:\Windows\System\yxsdCKD.exe
  C:\Windows\System\yxsdCKD.exe
  2⤵
  PID:10028
- C:\Windows\System\JxiNbTQ.exe
  C:\Windows\System\JxiNbTQ.exe
  2⤵
  PID:10044
- C:\Windows\System\HWaZwLn.exe
  C:\Windows\System\HWaZwLn.exe
  2⤵
  PID:10064
- C:\Windows\System\RVeyAyO.exe
  C:\Windows\System\RVeyAyO.exe
  2⤵
  PID:10080
- C:\Windows\System\PNfAqNo.exe
  C:\Windows\System\PNfAqNo.exe
  2⤵
  PID:10100
- C:\Windows\System\qkKJWGZ.exe
  C:\Windows\System\qkKJWGZ.exe
  2⤵
  PID:10120
- C:\Windows\System\XlaEayF.exe
  C:\Windows\System\XlaEayF.exe
  2⤵
  PID:10136
- C:\Windows\System\lTWyZVC.exe
  C:\Windows\System\lTWyZVC.exe
  2⤵
  PID:10156
- C:\Windows\System\ILgKqqK.exe
  C:\Windows\System\ILgKqqK.exe
  2⤵
  PID:10172
- C:\Windows\System\yJECzYG.exe
  C:\Windows\System\yJECzYG.exe
  2⤵
  PID:10192
- C:\Windows\System\veFJfBJ.exe
  C:\Windows\System\veFJfBJ.exe
  2⤵
  PID:10208
- C:\Windows\System\LbKuuCX.exe
  C:\Windows\System\LbKuuCX.exe
  2⤵
  PID:10228
- C:\Windows\System\yJPXhlK.exe
  C:\Windows\System\yJPXhlK.exe
  2⤵
  PID:9260
- C:\Windows\System\wmwkvDY.exe
  C:\Windows\System\wmwkvDY.exe
  2⤵
  PID:9164
- C:\Windows\System\FqQfCWc.exe
  C:\Windows\System\FqQfCWc.exe
  2⤵
  PID:8624
- C:\Windows\System\efyfKcQ.exe
  C:\Windows\System\efyfKcQ.exe
  2⤵
  PID:8804
- C:\Windows\System\tDUdQBi.exe
  C:\Windows\System\tDUdQBi.exe
  2⤵
  PID:9232
- C:\Windows\System\OINvKgg.exe
  C:\Windows\System\OINvKgg.exe
  2⤵
  PID:9300
- C:\Windows\System\SXZAaJq.exe
  C:\Windows\System\SXZAaJq.exe
  2⤵
  PID:9340
- C:\Windows\System\udCOJxA.exe
  C:\Windows\System\udCOJxA.exe
  2⤵
  PID:9376
- C:\Windows\System\REhHbmT.exe
  C:\Windows\System\REhHbmT.exe
  2⤵
  PID:9400
- C:\Windows\System\RGMFbVv.exe
  C:\Windows\System\RGMFbVv.exe
  2⤵
  PID:9488
- C:\Windows\System\RYkUgoO.exe
  C:\Windows\System\RYkUgoO.exe
  2⤵
  PID:9636
- C:\Windows\System\dsYNXss.exe
  C:\Windows\System\dsYNXss.exe
  2⤵
  PID:9708
- C:\Windows\System\INIgfFh.exe
  C:\Windows\System\INIgfFh.exe
  2⤵
  PID:9776
- C:\Windows\System\RMtfsTG.exe
  C:\Windows\System\RMtfsTG.exe
  2⤵
  PID:9820
- C:\Windows\System\fddyhOE.exe
  C:\Windows\System\fddyhOE.exe
  2⤵
  PID:9540
- C:\Windows\System\yENKEwq.exe
  C:\Windows\System\yENKEwq.exe
  2⤵
  PID:9584
- C:\Windows\System\jUylnHf.exe
  C:\Windows\System\jUylnHf.exe
  2⤵
  PID:9840
- C:\Windows\System\CFotOJW.exe
  C:\Windows\System\CFotOJW.exe
  2⤵
  PID:9848
- C:\Windows\System\nYpymfn.exe
  C:\Windows\System\nYpymfn.exe
  2⤵
  PID:9688
- C:\Windows\System\pVznzuU.exe
  C:\Windows\System\pVznzuU.exe
  2⤵
  PID:9464
- C:\Windows\System\FpGjAkj.exe
  C:\Windows\System\FpGjAkj.exe
  2⤵
  PID:9964
- C:\Windows\System\dNEwRWX.exe
  C:\Windows\System\dNEwRWX.exe
  2⤵
  PID:10072
- C:\Windows\System\tWXqznx.exe
  C:\Windows\System\tWXqznx.exe
  2⤵
  PID:10076
- C:\Windows\System\ykYCGZC.exe
  C:\Windows\System\ykYCGZC.exe
  2⤵
  PID:9756
- C:\Windows\System\jmINHxj.exe
  C:\Windows\System\jmINHxj.exe
  2⤵
  PID:10152
- C:\Windows\System\uajOZRb.exe
  C:\Windows\System\uajOZRb.exe
  2⤵
  PID:9864
- C:\Windows\System\cgFTDYi.exe
  C:\Windows\System\cgFTDYi.exe
  2⤵
  PID:9272
- C:\Windows\System\pVyzYJF.exe
  C:\Windows\System\pVyzYJF.exe
  2⤵
  PID:8856
- C:\Windows\System\AOtjPKB.exe
  C:\Windows\System\AOtjPKB.exe
  2⤵
  PID:9244
- C:\Windows\System\JaWkgKa.exe
  C:\Windows\System\JaWkgKa.exe
  2⤵
  PID:10020
- C:\Windows\System\spIHgUd.exe
  C:\Windows\System\spIHgUd.exe
  2⤵
  PID:9416
- C:\Windows\System\evuwAtU.exe
  C:\Windows\System\evuwAtU.exe
  2⤵
  PID:9948
- C:\Windows\System\vwgnLqf.exe
  C:\Windows\System\vwgnLqf.exe
  2⤵
  PID:10016
- C:\Windows\System\VcviynY.exe
  C:\Windows\System\VcviynY.exe
  2⤵
  PID:10088
- C:\Windows\System\wYbwORX.exe
  C:\Windows\System\wYbwORX.exe
  2⤵
  PID:9220
- C:\Windows\System\vHNLqrU.exe
  C:\Windows\System\vHNLqrU.exe
  2⤵
  PID:9284
- C:\Windows\System\oNGZrQR.exe
  C:\Windows\System\oNGZrQR.exe
  2⤵
  PID:9320
- C:\Windows\System\PJKNWhV.exe
  C:\Windows\System\PJKNWhV.exe
  2⤵
  PID:9560
- C:\Windows\System\hdUFpXV.exe
  C:\Windows\System\hdUFpXV.exe
  2⤵
  PID:9396
- C:\Windows\System\RCqsGqt.exe
  C:\Windows\System\RCqsGqt.exe
  2⤵
  PID:9704
- C:\Windows\System\anlECUo.exe
  C:\Windows\System\anlECUo.exe
  2⤵
  PID:9308
- C:\Windows\System\xkxzTKw.exe
  C:\Windows\System\xkxzTKw.exe
  2⤵
  PID:9472
- C:\Windows\System\AOPdtJH.exe
  C:\Windows\System\AOPdtJH.exe
  2⤵
  PID:9892
- C:\Windows\System\wcNhZxz.exe
  C:\Windows\System\wcNhZxz.exe
  2⤵
  PID:9800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AzEmcvh.exe

Filesize
6.0MB

MD5
b8f4fb10f8013cefff2aa7a8a0bfd3d9

SHA1
9ee24f1f7d20c4032a7f76d17d9882ba10c0426f

SHA256
7218bd6f28bdf765dbfdabd11305b43ea6d782ca9ef10e093d6d1d0454be0379

SHA512
cd97352a9029f30eaca00fbdef90e5602ddfbe3e0a2fe8ec496e83b15a9e5eece222aff9106f4544ba5fb925e0361998fb5c40675157b16a7270e9f21ba1865e

Download Submit
C:\Windows\system\BEGSSSl.exe

Filesize
6.0MB

MD5
9b65feef4d56792d524527ca5d9f773c

SHA1
e9b9175d8cda5080aa1591ad15b90565f4a8479d

SHA256
2ed4e410185ebc03538a57b51fdbbd22e695a12b524ed52d4df0ba861a32e4e4

SHA512
026a045f7c6f9fefed244be3054d25a36bef5d3ff5dcb2aaa903d0410cb640a7fdd50c2e58ea61bdabf2392e60e8b04bfdfc0c17672e01398dec7863cbf86831

Download Submit
C:\Windows\system\BzHBFkq.exe

Filesize
6.0MB

MD5
06f8b68105574e84580898fe13fd2680

SHA1
ddbd93a22b02ddea33bc1c741e4bf1c2ed82a8bf

SHA256
e90e03f0a8c8c23ed42571fa379f5c899f13d58b372d7593d19d792e80cd39a0

SHA512
1e90fcc4f53b933f8f8f21f94ed81c848313c16c88a17061ff413d64d048fd61a39c3109f66ce0cffb9544d303fe7f308740664d5a07d95316c5d7f5f82378ca

Download Submit
C:\Windows\system\DNjpFjD.exe

Filesize
6.0MB

MD5
e8835ca946f3bc3387531968f9257b37

SHA1
6750f8d5a47941ac6e9b1fbde33e452316427495

SHA256
c9ebe028e30d61517dff30af2d391cb8075ec180285b08dd7c4dfa983efec69f

SHA512
b2ed8a164d4349308346551dca7ba0844b0704be83f542c96242d59ed5188de98d18f43d0b2273d93db85f321062581d9e0df57f9a2fc7b3cb64c27547dcb727

Download Submit
C:\Windows\system\EehxPdh.exe

Filesize
6.0MB

MD5
74ea14ebc34ff777733f8197bbde446c

SHA1
7a6bf66f78f009bba2c069f424cc430537ee4265

SHA256
b05dbce06c95f7c6dca4313d3385d38a0f4398d4ba9f339de3f7f31fdd2e55e6

SHA512
35400c91ae2b96af1c8a87ba038f5813920a148685fbfbe6982265484d75bbf9e2096852f022a4ed0d7dadfbac47a304550ad8094dd5ac86abab6c7348d127f7

Download Submit
C:\Windows\system\GHyzLAL.exe

Filesize
6.0MB

MD5
1daa250ba7cecf109fca846ea9812b0a

SHA1
8be8b2dd35e4ee359a75aa81427edfb231849855

SHA256
32cdcb032cca80791b745ef2c061136f53356fb64ee07dc330fadd092b10da16

SHA512
85eb129fca72b1dbb37716117c3adbcb48feda03bf3911556ba5369fb4f938b8fe253190ed1814e2fe38a367736055784f7a4468c037eeb7b649d3ae27d02fbc

Download Submit
C:\Windows\system\HlNbNbS.exe

Filesize
6.0MB

MD5
3561c25f29bbed4e271dcf6e641bcead

SHA1
6373da7dcc46ee3093bc43332d8b42b876569ef8

SHA256
e40242f19e0d8333d4de8673844cfc2e2c032d071394128637e86e441475c206

SHA512
efd3e115e78b26ef1f5d17e291a79b3fed0e94eecde568ed1c6c0f145b842f10df80dd474010b544d6a53698adb6dad724c29eb0eb4a19985b3da3b353962db9

Download Submit
C:\Windows\system\ICeQbpT.exe

Filesize
6.0MB

MD5
fc0d7eea2b8b43a159499f2bff4dc9dd

SHA1
41099cc090f6e2fe03172928c7855d6b73a9c602

SHA256
8368c847163c8964eb3bafe3744ac39754179b7ace3e83ec09d95dab41ac920d

SHA512
139b2e9e1b2746b19627f5485a1605ddd9e16d7bd4cd8eed97ac765965a6e96d431d2c9b754a89ddc5195bc6d670933274dfd64f03bb5c73bf92fe6d90156457

Download Submit
C:\Windows\system\LCKMHbA.exe

Filesize
6.0MB

MD5
0ca69fb50ca9135d1c40c64eaed68e63

SHA1
d13f029589765fe0dad9ec7f50481da9486304d9

SHA256
a5049e8ce706416a3c4a88cc047564a31c926383847241879c751ef3b785c1b9

SHA512
917a3953c508483c5cbae582f73d25af9fc84442d9a749e6cc99acb884cd1475f234fe536197f6745abdc1883d7cc27608e22d050968692ca7098030229b76a8

Download Submit
C:\Windows\system\NuqIZrw.exe

Filesize
6.0MB

MD5
a3444b08fa1c7d6b93788441afc213c3

SHA1
8eb92e842f1194e6604d9808b2df3e325f67b550

SHA256
dc2bc7aac8c94d1da5ac397d46bfbf03078e9aa619436e3dccf94f0d8b171ac3

SHA512
4e9181e7fb3584b1b7e216b1724b50ab191ed926fea0bfe0f9263078468990584dac366e0a9b430cabce9db7b0d3fd64f670af4c0458ef21287361e01869f60b

Download Submit
C:\Windows\system\OlbgdwG.exe

Filesize
6.0MB

MD5
0ea7f1c59860b9f85d58f5d62ad5f676

SHA1
ab11f69a7cbd88f2f5f456577e73eacb21e3bd03

SHA256
b825c425b8523f998abe99099484146aa11d7bbe0ccb3d3835840f58b2cd0a35

SHA512
eecabf3a367e07cac49371546c1dcb717998b22a95f6cea01a13a640d2d959af6ce5646cdf9dec8586a5a5a87b8744bd1f2bd8d6fac471c8bdde644aeea8c0c7

Download Submit
C:\Windows\system\OwaSygg.exe

Filesize
6.0MB

MD5
37cd1d0919d31f681437b01474d605f5

SHA1
e2c26befdb06592c197e1db78cd4a893a3f04bd1

SHA256
cf343b8e0eea26287d42bd0e4a8cf0856b3b28fc89acfb35b69de49848e0635a

SHA512
76746fe1cd9bb88b2ecf1d3f870c362945ab790b1c9ebff1d6e52e22620c66cc210812b34a4537a665735bc1b7aa8ef93d97faa894f76230ded6e6a98121337b

Download Submit
C:\Windows\system\OycMNjI.exe

Filesize
6.0MB

MD5
a8d8284ce9a4041aa4ad4d1e7d232836

SHA1
4fa32bda606e276c8d3eaba21628821fa89e4bdc

SHA256
011c6f0db244224602002ca4557e40d11f0fb5dcc709823950659b00b673f701

SHA512
b84143fb74efadbcf38e08b93504a2100958d759fed781cb9f849a716f49821e43d4f7c913185e8e58e3e9b3176787776253ce80a3b4eaa22330c68cb6c92e0a

Download Submit
C:\Windows\system\SShGkWQ.exe

Filesize
6.0MB

MD5
366877c633d2c6c61f36d0098cea5736

SHA1
782e50540d9b8ad02197d5892d78a5b55301fc1e

SHA256
4057f77716ebdb68ac45540522034d11d34542fad62dd0806a59ef41387fb6dc

SHA512
378f0523830a3fcdabfe07ee2b1b46daa0f04b9c5fa3d32b3d97af7fb5efffee6f7948cfdfad774c59323cd3e46cbbd900d93bb8b6e8945994d7a8f5f5e16f11

Download Submit
C:\Windows\system\WngWXSg.exe

Filesize
6.0MB

MD5
1028c5cd78078ed87672381d37c5ee2e

SHA1
d855fc2cdf7ee1b96c7cd9add2689c822655dfd7

SHA256
4591d564863f56fd74bb6a7e333d186342b97e56344e6c763937469f6ee21cb0

SHA512
552961878ebc7c68477e83f7e440297723a8385c8c8ac18fee12d7a42db104ff9f36e8c3b5645c822e28603be804af52b8ef9f3280a36f6184c7b40dd071ffe9

Download Submit
C:\Windows\system\YLArXXA.exe

Filesize
6.0MB

MD5
f5b08ff7ee34ae946fa5c31b7c0d22fa

SHA1
960ddf3e87b4110e3a281f4242dc5c52441df6b7

SHA256
36b2f6f5e5a232e4c516fbf27af1d29e3704123bba1dbbcecde38ad0b1c32926

SHA512
dc7c10cd1e4bd22b1b86ad1b040f35662edb0afe4113b06b8ff43b6dd2f7722d3bbdca195821ea14ba1b897fd277db1330de2e9dfda2204d57f678e99763b9ae

Download Submit
C:\Windows\system\YSvLFOk.exe

Filesize
6.0MB

MD5
90b6c73e0e3b5a365126478486f82fec

SHA1
a5d44a6a779c2df66475f4baa170e44e4c590b97

SHA256
5098e0ee88630d82d059312b5aaf7ca7acef94cc15258e56e7b679f4d9c26c61

SHA512
d4e83e7ee51bd612f4a5dbe0fedb41c133d69877960ce29048507937467438b250af9dc995fd19af65d7fff51284eb1d806659b48e0e15c9cb933038dcd30745

Download Submit
C:\Windows\system\aCTqKDC.exe

Filesize
6.0MB

MD5
ebeac9f76a0d87ad39d55bef4abc2ce3

SHA1
511e0493fb340e41f60e17e2800f9a5b8eff5bc9

SHA256
d0d38fd79e71459044809dfd127839d97a74aadd4c2f557489f0d9fb99956bbb

SHA512
e94ae5f7001e63215326c40faf4291889ca37fe8d7e239288f829b76537cbfb5f1ec2dcf4b8ab68d03185a8fea8ddfd33c7d7488927bb09d6862b8e050bfcc84

Download Submit
C:\Windows\system\cvacnnj.exe

Filesize
6.0MB

MD5
5da0e9e6fdbc78425e6fda1499ed6878

SHA1
2f4d6a7b9a69ed75b5041c504274ad960ed2bd31

SHA256
b4a403e3949d79900b63b1644e7c17324c04dc9e09d7164c5e99259dc5509680

SHA512
cc7a81eaaa0d8dba7c82410fd8e9b6be3a9f14c5f588488d27bafe8b43a7b0fe6edd4a6a37f777fb3dcebd9f15cd14b8fc8bace58986752b82f339cfca526189

Download Submit
C:\Windows\system\dUFPGtn.exe

Filesize
6.0MB

MD5
76164f2662fef1d04a0d3912b3cca1ac

SHA1
faae26c37b69787b881687ed463d85f4c0242cef

SHA256
765071e38d1d18706e420b215c39b9f5068f49a5190c1008e6350936807b6613

SHA512
b69ce6d7f31851f882b29e3a9e027df82797facd04787d2f656d9facef610d5362399dbe5b090390e38e1b32cf478f90c27ede49236f7166678f122015a8e786

Download Submit
C:\Windows\system\gEcciPO.exe

Filesize
6.0MB

MD5
2e1244f49529540bccfaca8762d8babd

SHA1
bf739daa52a022820f2b36832d69cc072e5ce79d

SHA256
be107777c139b81f228eb0eb6da35b374f6f00e35965a244e69e896df1010b37

SHA512
3db65cd12368bd518657919c33ed1430b4078a0f4c63bc47748824844e08d1935ea51ea2a975044340a3797b714649d04ffbc937ef35bcbf26ae234791a51c7d

Download Submit
C:\Windows\system\hBEFpil.exe

Filesize
6.0MB

MD5
9df5583febc5ec07816b435935d7e3a4

SHA1
9876d59c363017514bbbfd8cfecdb792e02a3410

SHA256
b8e76b245e911b4c5f9bfb4d03b4a3ce4e9d2de86f9e2a6d06252c24d13449b1

SHA512
c4a13fd553297f24fbccacda4ad66212e71084fd27307e8bbecbaf74bc4ec63911edf888911c3cb317d6e3f4c2f67ceb36f9ee75581fcd0b9df4be73a9e8d005

Download Submit
C:\Windows\system\jgdwKKb.exe

Filesize
6.0MB

MD5
904eeec81eb52b2acb177012dec703bb

SHA1
5a9f68d7421a7bcfd602de13afbe8c40ffa565f9

SHA256
86462dbfc93169a9303a280ffea019499846d08ac92c6bdc6dc2c3e4e30da983

SHA512
0faee2e2ffc996d538ef5c7458e964f973abeef030a1d5477929cef5c9c2006f00bb1e5daad7634b168c8385a675eb837aa48a91edb02df5d5e34370cfedfcc9

Download Submit
C:\Windows\system\lynqIhA.exe

Filesize
6.0MB

MD5
5a5cd37e3cd5dabb06925c2b3a8fb7b3

SHA1
ab15c2d750d9647036c2282c70da4660565437cd

SHA256
b9ed051feb9c03b79be939c0ccbb33ceae7009bd32d4efdc4787a0c70bcb2240

SHA512
d475aaf0dcdd5a0c9ad891b3b07bf7b477f5e034f3387c4fc324262f7d0ba7529415b87190e9fbf2b9f382190c4b18d1f218740b6682e9d95d20dd152fc71f3b

Download Submit
C:\Windows\system\nouZEJn.exe

Filesize
6.0MB

MD5
126f023f841afa3ca617c8ef2a19fa34

SHA1
d44ea6d9d265aba81c8353ca76e69e72a97e7a13

SHA256
01f3159877a1cf40b7684e4f40493f1b4a5ec428a5ccd52c77c5df976119468a

SHA512
d42fe33bbb603e9324b6f141d9fa63ed2a3fa26dba130381e04f63e2f37d12ff0d3e59f2b4c145037f9de458af4c7ec6a8bcf90e0c2a46b524dc5942072703eb

Download Submit
C:\Windows\system\pHUfhah.exe

Filesize
6.0MB

MD5
e700522c8d005aaf831572a4ca78f320

SHA1
33593208c1ccd380f305ca0d21c9bf840587853f

SHA256
bd4381706e92465cfd603ad641a02e40717b333aa32c91989bae28e6465634b8

SHA512
1a92261c16dad0134317980aa1660b4588becf5d916b9c6ef2262ce0a923146e0592be41e519d01d91dd690345fb2da3300d206d79e8ff288361ca58eb6eb555

Download Submit
C:\Windows\system\rIMPlle.exe

Filesize
6.0MB

MD5
e237b73ed9b1a30f20927abb3f6c963d

SHA1
4aae32d6e10a9a7c7cdfe25d12c3cb77bc1f105d

SHA256
a47aa79916a4741417b246d14026c3a96f60ef6ca43fd353bfcea85fb772e664

SHA512
18827f06c6b77bc0232f945c6e2ef7e1af170d9eabee30f0c1720846edee13534002a3ebcd41dbcbc34e6e226e775f369d357ab300e545a13cf5edd71ad72e67

Download Submit
C:\Windows\system\sWWnTEP.exe

Filesize
6.0MB

MD5
8ab72a1d9a94bf781b7ae567b6fbff7b

SHA1
1f398158c3eb7f5758a3fb7fa26c5d2ec20d4079

SHA256
eb50fc8b4fc8f7250379175a24e807f5c85a9966df491c2d4ebb1682e50a813c

SHA512
d212e4cbfe4bdeef1558adaaae3ea0ac6b9bcaf40a0a456ab6e12b53c9eed312ab16b5d1bc78b828565a09fd6ea99d46930a7f8dcf433b758c222a2153b4b3cb

Download Submit
C:\Windows\system\thUWvgg.exe

Filesize
6.0MB

MD5
c7208a51b0401125402400665b84fd61

SHA1
4200bfcc9c42bee2bae664d78d7fb55ca035bb69

SHA256
35698c464d092bd6b5644878207af02c5e3da09ef3ebbf72776aee4dccaa3697

SHA512
a139c245e3758700b45bf150172a0e0886b714f01623f00a0e759aa8ef1e85af1cc12046309bfacbe24a389cb523357a6cfeaea4ec672bf58c7521d89cd689b4

Download Submit
C:\Windows\system\wORqukW.exe

Filesize
6.0MB

MD5
10389ab0c0012a52d4606bf29cc0c0ca

SHA1
49ab237d0d15926842bc55df90f05808f91dee11

SHA256
0ff08cb69d3a09b16771faf7ba92333e713ebb8e8982a37a2d0e8635edf905a5

SHA512
5ba9e41fe563cf0c6a3c660a4279f0d3fbaa5c0ddaa8af44b20c7324de42113f5585d87d71246a84ed3e8dadf6d8a544430b44f2e19de5eeed5ff4ad23283e85

Download Submit
C:\Windows\system\ximvCdl.exe

Filesize
6.0MB

MD5
cd742fe61210d1bb06aaad4ba3af831e

SHA1
306e31821959c4ab3a799ab8c7bee220d8d6370b

SHA256
4848d6ca00eab59e50bc60acee51da45cd1b7fa0cfdda5599c8214a3ad185ba3

SHA512
cb2de34e8a0167b3b082bbbc8375ebcb4db5789775b6132e71976db4764ffbc2ef3047e520aec90e2ab48ca9702b7d9550053ffaff9134b46fdf9d10d6ccc349

Download Submit
\Windows\system\MkZDDaM.exe

Filesize
6.0MB

MD5
9b4007026d4de282ba5542f6cf51e38f

SHA1
c3bbd0f0e603e305d67110f0f71ecd7e8f04c797

SHA256
8f480df232f88b2fdff846e9bbff2b467538a984a6180970b012b70ad9fb78dd

SHA512
da54cae3c23d5ae53fd8e4fd075f504d6d7fae0fe266c16e4c8ec9d1543d9559f78e1b7c4333e3fad8b10c1634470cd1f5c2afad57b1e55b0109afcd33285c6e

Download Submit
memory/808-1392-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/808-2073-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/808-1399-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/808-1397-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/808-3383-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/808-128-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/808-1395-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/808-3260-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/808-3261-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/808-0-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/808-3259-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-1390-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/808-1359-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/808-3258-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/808-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/808-3257-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/808-1609-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/808-3256-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/808-1671-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/808-1741-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/808-3255-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/808-3254-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/808-1765-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/808-3253-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/808-1858-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/808-3211-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/808-2063-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/808-3243-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/808-2066-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/808-3198-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/808-3193-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/808-2899-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/808-3083-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/812-1394-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1128-1389-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1128-4067-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1316-2062-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/1316-4060-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-1396-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2068-4064-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2065-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-4068-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2148-2072-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2748-4069-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-1841-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1273-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2808-4070-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2876-1398-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-1740-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2908-4066-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2924-1582-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2924-4063-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2928-1664-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-4062-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-1391-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-4061-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2992-4065-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2992-1763-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download