cobaltstrike | 12313fd5ddb01b7b4c9f514441dbc7e91f9024359ec0d1ec877e0f7914542ac5

Analysis

max time kernel
144s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b5f9d7def5ee9078f717ee69858a60a0
SHA1

24f3082dbbb4197045515b891ca72b972d364691
SHA256

12313fd5ddb01b7b4c9f514441dbc7e91f9024359ec0d1ec877e0f7914542ac5
SHA512

bc88782a8bd25ffa38223b68bd8c26eaac667e5195885b030dbe3741aa667ec74af9c1966513f646cfb7705d69fbca2840c071e1be39a91e785f40026b05e3b3
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUf:T+q56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d0e-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d21-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d29-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d3a-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d31-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d42-42.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016d5e-47.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ea-56.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019582-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-71.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-66.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-61.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186e4-51.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2372-0-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000016d0e-9.dat	xmrig
behavioral1/memory/2680-14-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d21-12.dat	xmrig
behavioral1/memory/1632-19-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2788-21-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2372-22-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d29-23.dat	xmrig
behavioral1/memory/2708-38-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d3a-35.dat	xmrig
behavioral1/files/0x0007000000016d31-26.dat	xmrig
behavioral1/files/0x0007000000016d42-42.dat	xmrig
behavioral1/files/0x000a000000016d5e-47.dat	xmrig
behavioral1/files/0x00050000000186ea-56.dat	xmrig
behavioral1/files/0x000500000001873d-76.dat	xmrig
behavioral1/files/0x0006000000019023-97.dat	xmrig
behavioral1/files/0x0005000000019350-119.dat	xmrig
behavioral1/files/0x0005000000019441-149.dat	xmrig
behavioral1/files/0x0005000000019461-157.dat	xmrig
behavioral1/memory/2608-229-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2708-1390-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2788-1205-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2680-1038-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2372-856-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2824-244-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2500-241-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2632-239-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2600-237-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2764-235-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2936-233-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2760-231-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/3016-227-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2740-226-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019427-141.dat	xmrig
behavioral1/files/0x00050000000193e1-134.dat	xmrig
behavioral1/files/0x0005000000019582-165.dat	xmrig
behavioral1/files/0x00050000000193b4-127.dat	xmrig
behavioral1/files/0x00050000000195c5-168.dat	xmrig
behavioral1/files/0x000500000001950c-164.dat	xmrig
behavioral1/files/0x000500000001944f-154.dat	xmrig
behavioral1/files/0x0005000000019431-147.dat	xmrig
behavioral1/files/0x000500000001941e-140.dat	xmrig
behavioral1/files/0x00050000000193c2-130.dat	xmrig
behavioral1/files/0x0005000000019334-116.dat	xmrig
behavioral1/files/0x0005000000019282-111.dat	xmrig
behavioral1/files/0x0005000000019261-106.dat	xmrig
behavioral1/files/0x000500000001925e-101.dat	xmrig
behavioral1/files/0x00050000000187a5-91.dat	xmrig
behavioral1/files/0x000500000001878f-86.dat	xmrig
behavioral1/files/0x0005000000018784-81.dat	xmrig
behavioral1/files/0x0005000000018728-71.dat	xmrig
behavioral1/files/0x00050000000186fd-66.dat	xmrig
behavioral1/files/0x00050000000186ee-61.dat	xmrig
behavioral1/files/0x00070000000186e4-51.dat	xmrig
behavioral1/memory/2632-3939-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/1632-3946-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2764-3945-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/3016-3950-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2740-3949-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2788-3948-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2760-3947-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2680-3964-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2708-3966-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1632	jlsnHfE.exe
2680	zqzsNIr.exe
2788	cLfFWxL.exe
2708	XnstfSv.exe
2740	dafrpaK.exe
2824	tXqgDgH.exe
3016	PWAaEKz.exe
2608	JmXIQov.exe
2760	INSfJbt.exe
2936	Jhhzptn.exe
2764	LYgxHSl.exe
2600	bNJegpy.exe
2632	HiiSeIE.exe
2500	rkxYJbM.exe
2296	HIlwxqd.exe
1828	VwFHOIC.exe
300	TNnMUyg.exe
1012	xuBjEuD.exe
2064	XsxQzHr.exe
2588	rsdFXsk.exe
2920	MjVslgP.exe
2916	xeMlsan.exe
2988	yxeGovM.exe
2452	GKWgVSk.exe
2096	YPagEyI.exe
1620	baRucBQ.exe
480	uxyyFgU.exe
2020	uOHObfn.exe
2248	yBncoVL.exe
1512	IrBegvH.exe
1284	qsEANkw.exe
564	VUqlvfl.exe
2968	ONxvhVa.exe
1908	xVxrmNE.exe
1008	mvAbejV.exe
2216	PRHyMLH.exe
2448	ohGpKaw.exe
748	OiwLcKU.exe
1136	IBtCdCS.exe
1644	amdPMqN.exe
1708	POvtvMe.exe
2504	GZsEpnL.exe
1792	MTlSuPh.exe
680	aLeHZAC.exe
2144	bkQwykM.exe
1576	SLvsIGa.exe
1688	xHPiajo.exe
1936	gGRjrdM.exe
908	IemDVRP.exe
2264	XOdvnKN.exe
1544	tPMgQVX.exe
1596	BVNsqol.exe
2212	gpeOPWQ.exe
1664	SMrryfb.exe
2860	QdnuJgd.exe
2880	ddZvptM.exe
940	ClDuKRq.exe
1608	PHNGdgb.exe
2800	yluuPvc.exe
2072	pKXbyYR.exe
2796	oQxZbuc.exe
2652	knlGbsr.exe
2972	FXkkquD.exe
2688	WtrYfIz.exe

Loads dropped DLL 64 IoCs

pid	Process
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2372-0-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000016d0e-9.dat	upx
behavioral1/memory/2680-14-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x0008000000016d21-12.dat	upx
behavioral1/memory/1632-19-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2788-21-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0007000000016d29-23.dat	upx
behavioral1/memory/2708-38-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x0007000000016d3a-35.dat	upx
behavioral1/files/0x0007000000016d31-26.dat	upx
behavioral1/files/0x0007000000016d42-42.dat	upx
behavioral1/files/0x000a000000016d5e-47.dat	upx
behavioral1/files/0x00050000000186ea-56.dat	upx
behavioral1/files/0x000500000001873d-76.dat	upx
behavioral1/files/0x0006000000019023-97.dat	upx
behavioral1/files/0x0005000000019350-119.dat	upx
behavioral1/files/0x0005000000019441-149.dat	upx
behavioral1/files/0x0005000000019461-157.dat	upx
behavioral1/memory/2608-229-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2708-1390-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2788-1205-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2680-1038-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2372-856-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2824-244-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2500-241-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2632-239-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2600-237-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2764-235-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2936-233-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2760-231-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/3016-227-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2740-226-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/files/0x0005000000019427-141.dat	upx
behavioral1/files/0x00050000000193e1-134.dat	upx
behavioral1/files/0x0005000000019582-165.dat	upx
behavioral1/files/0x00050000000193b4-127.dat	upx
behavioral1/files/0x00050000000195c5-168.dat	upx
behavioral1/files/0x000500000001950c-164.dat	upx
behavioral1/files/0x000500000001944f-154.dat	upx
behavioral1/files/0x0005000000019431-147.dat	upx
behavioral1/files/0x000500000001941e-140.dat	upx
behavioral1/files/0x00050000000193c2-130.dat	upx
behavioral1/files/0x0005000000019334-116.dat	upx
behavioral1/files/0x0005000000019282-111.dat	upx
behavioral1/files/0x0005000000019261-106.dat	upx
behavioral1/files/0x000500000001925e-101.dat	upx
behavioral1/files/0x00050000000187a5-91.dat	upx
behavioral1/files/0x000500000001878f-86.dat	upx
behavioral1/files/0x0005000000018784-81.dat	upx
behavioral1/files/0x0005000000018728-71.dat	upx
behavioral1/files/0x00050000000186fd-66.dat	upx
behavioral1/files/0x00050000000186ee-61.dat	upx
behavioral1/files/0x00070000000186e4-51.dat	upx
behavioral1/memory/2632-3939-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/1632-3946-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2764-3945-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/3016-3950-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2740-3949-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2788-3948-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2760-3947-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2680-3964-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2708-3966-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2608-3965-0x000000013F610000-0x000000013F964000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XnstfSv.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKmTREA.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMRHEwq.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tWdGwdL.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NwdXDnW.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mWUwgDG.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uFxsCUd.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QTUrQhO.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWJhOUV.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJAlfad.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hubPAhe.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vYLJHba.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CCeMndo.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SOSjDnU.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PrSGiDV.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hUHBGMD.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CYARenJ.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAqmMJL.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KkDBVsV.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TLGIHCj.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjVfjbP.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\puzAnJa.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdkTjbu.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMNDcBQ.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkvAUly.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WuhqYgK.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXgJQPc.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmvHJfj.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RtnEqxZ.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tvUwWSu.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxmFuaa.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbaXZsN.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHNGsfK.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uoDuyDL.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WpePBLD.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OAEwuSI.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jwKHgFp.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LJMEOAX.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AaKucdn.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vZxdOGp.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StIAYJM.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GcnaGLA.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WSUbTcC.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kFgCZkZ.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CYLIXLI.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jiDiNZr.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zswvRYZ.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XsetKfi.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qUiAYdp.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OcCpGIf.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sVxsuGY.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FrovrPs.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpNhDQc.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgpvDqt.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KrLTulc.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MFfeYRS.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HIlwxqd.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sUQRfhc.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSCTLRD.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AwuZPbn.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jygYJgF.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fOfSXrB.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBqPtOo.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nRMnlNW.exe	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 1632	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2372 wrote to memory of 1632	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2372 wrote to memory of 1632	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2372 wrote to memory of 2680	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2372 wrote to memory of 2680	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2372 wrote to memory of 2680	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2372 wrote to memory of 2788	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2372 wrote to memory of 2788	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2372 wrote to memory of 2788	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2372 wrote to memory of 2708	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2372 wrote to memory of 2708	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2372 wrote to memory of 2708	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2372 wrote to memory of 2740	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2372 wrote to memory of 2740	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2372 wrote to memory of 2740	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2372 wrote to memory of 2824	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2372 wrote to memory of 2824	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2372 wrote to memory of 2824	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2372 wrote to memory of 3016	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2372 wrote to memory of 3016	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2372 wrote to memory of 3016	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2372 wrote to memory of 2608	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2372 wrote to memory of 2608	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2372 wrote to memory of 2608	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2372 wrote to memory of 2760	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2372 wrote to memory of 2760	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2372 wrote to memory of 2760	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2372 wrote to memory of 2936	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2372 wrote to memory of 2936	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2372 wrote to memory of 2936	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2372 wrote to memory of 2764	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2372 wrote to memory of 2764	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2372 wrote to memory of 2764	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2372 wrote to memory of 2600	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2372 wrote to memory of 2600	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2372 wrote to memory of 2600	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2372 wrote to memory of 2632	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2372 wrote to memory of 2632	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2372 wrote to memory of 2632	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2372 wrote to memory of 2500	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2372 wrote to memory of 2500	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2372 wrote to memory of 2500	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2372 wrote to memory of 2296	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2372 wrote to memory of 2296	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2372 wrote to memory of 2296	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2372 wrote to memory of 1828	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2372 wrote to memory of 1828	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2372 wrote to memory of 1828	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2372 wrote to memory of 300	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2372 wrote to memory of 300	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2372 wrote to memory of 300	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2372 wrote to memory of 1012	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2372 wrote to memory of 1012	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2372 wrote to memory of 1012	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2372 wrote to memory of 2064	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2372 wrote to memory of 2064	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2372 wrote to memory of 2064	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2372 wrote to memory of 2588	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2372 wrote to memory of 2588	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2372 wrote to memory of 2588	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2372 wrote to memory of 2920	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2372 wrote to memory of 2920	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2372 wrote to memory of 2920	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2372 wrote to memory of 2916	2372	2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-24_b5f9d7def5ee9078f717ee69858a60a0_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\System\jlsnHfE.exe
  C:\Windows\System\jlsnHfE.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\zqzsNIr.exe
  C:\Windows\System\zqzsNIr.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\cLfFWxL.exe
  C:\Windows\System\cLfFWxL.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\XnstfSv.exe
  C:\Windows\System\XnstfSv.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\dafrpaK.exe
  C:\Windows\System\dafrpaK.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\tXqgDgH.exe
  C:\Windows\System\tXqgDgH.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\PWAaEKz.exe
  C:\Windows\System\PWAaEKz.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\JmXIQov.exe
  C:\Windows\System\JmXIQov.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\INSfJbt.exe
  C:\Windows\System\INSfJbt.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\Jhhzptn.exe
  C:\Windows\System\Jhhzptn.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\LYgxHSl.exe
  C:\Windows\System\LYgxHSl.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\bNJegpy.exe
  C:\Windows\System\bNJegpy.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\HiiSeIE.exe
  C:\Windows\System\HiiSeIE.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\rkxYJbM.exe
  C:\Windows\System\rkxYJbM.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\HIlwxqd.exe
  C:\Windows\System\HIlwxqd.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\VwFHOIC.exe
  C:\Windows\System\VwFHOIC.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\TNnMUyg.exe
  C:\Windows\System\TNnMUyg.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\xuBjEuD.exe
  C:\Windows\System\xuBjEuD.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\XsxQzHr.exe
  C:\Windows\System\XsxQzHr.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\rsdFXsk.exe
  C:\Windows\System\rsdFXsk.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\MjVslgP.exe
  C:\Windows\System\MjVslgP.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\xeMlsan.exe
  C:\Windows\System\xeMlsan.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\yxeGovM.exe
  C:\Windows\System\yxeGovM.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\GKWgVSk.exe
  C:\Windows\System\GKWgVSk.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\YPagEyI.exe
  C:\Windows\System\YPagEyI.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\VUqlvfl.exe
  C:\Windows\System\VUqlvfl.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\baRucBQ.exe
  C:\Windows\System\baRucBQ.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\ONxvhVa.exe
  C:\Windows\System\ONxvhVa.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\uxyyFgU.exe
  C:\Windows\System\uxyyFgU.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\xVxrmNE.exe
  C:\Windows\System\xVxrmNE.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\uOHObfn.exe
  C:\Windows\System\uOHObfn.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\PRHyMLH.exe
  C:\Windows\System\PRHyMLH.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\yBncoVL.exe
  C:\Windows\System\yBncoVL.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\POvtvMe.exe
  C:\Windows\System\POvtvMe.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\IrBegvH.exe
  C:\Windows\System\IrBegvH.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\aLeHZAC.exe
  C:\Windows\System\aLeHZAC.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\qsEANkw.exe
  C:\Windows\System\qsEANkw.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\SLvsIGa.exe
  C:\Windows\System\SLvsIGa.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\mvAbejV.exe
  C:\Windows\System\mvAbejV.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\xHPiajo.exe
  C:\Windows\System\xHPiajo.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\ohGpKaw.exe
  C:\Windows\System\ohGpKaw.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\gGRjrdM.exe
  C:\Windows\System\gGRjrdM.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\OiwLcKU.exe
  C:\Windows\System\OiwLcKU.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\IemDVRP.exe
  C:\Windows\System\IemDVRP.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\IBtCdCS.exe
  C:\Windows\System\IBtCdCS.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\XOdvnKN.exe
  C:\Windows\System\XOdvnKN.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\amdPMqN.exe
  C:\Windows\System\amdPMqN.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\tPMgQVX.exe
  C:\Windows\System\tPMgQVX.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\GZsEpnL.exe
  C:\Windows\System\GZsEpnL.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\BVNsqol.exe
  C:\Windows\System\BVNsqol.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\MTlSuPh.exe
  C:\Windows\System\MTlSuPh.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\gpeOPWQ.exe
  C:\Windows\System\gpeOPWQ.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\bkQwykM.exe
  C:\Windows\System\bkQwykM.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\SMrryfb.exe
  C:\Windows\System\SMrryfb.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\QdnuJgd.exe
  C:\Windows\System\QdnuJgd.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\yluuPvc.exe
  C:\Windows\System\yluuPvc.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\ddZvptM.exe
  C:\Windows\System\ddZvptM.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\pKXbyYR.exe
  C:\Windows\System\pKXbyYR.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\ClDuKRq.exe
  C:\Windows\System\ClDuKRq.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\oQxZbuc.exe
  C:\Windows\System\oQxZbuc.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\PHNGdgb.exe
  C:\Windows\System\PHNGdgb.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\knlGbsr.exe
  C:\Windows\System\knlGbsr.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\FXkkquD.exe
  C:\Windows\System\FXkkquD.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\pXMBYeo.exe
  C:\Windows\System\pXMBYeo.exe
  2⤵
  PID:2152
- C:\Windows\System\WtrYfIz.exe
  C:\Windows\System\WtrYfIz.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\AgXDgBH.exe
  C:\Windows\System\AgXDgBH.exe
  2⤵
  PID:2776
- C:\Windows\System\tVRDfuc.exe
  C:\Windows\System\tVRDfuc.exe
  2⤵
  PID:1704
- C:\Windows\System\LYWHBIj.exe
  C:\Windows\System\LYWHBIj.exe
  2⤵
  PID:2580
- C:\Windows\System\PUtwOeG.exe
  C:\Windows\System\PUtwOeG.exe
  2⤵
  PID:832
- C:\Windows\System\MBlOzPu.exe
  C:\Windows\System\MBlOzPu.exe
  2⤵
  PID:2124
- C:\Windows\System\uaHQMmX.exe
  C:\Windows\System\uaHQMmX.exe
  2⤵
  PID:924
- C:\Windows\System\hbauAEw.exe
  C:\Windows\System\hbauAEw.exe
  2⤵
  PID:776
- C:\Windows\System\ehoJFcq.exe
  C:\Windows\System\ehoJFcq.exe
  2⤵
  PID:2052
- C:\Windows\System\iufsgkf.exe
  C:\Windows\System\iufsgkf.exe
  2⤵
  PID:1296
- C:\Windows\System\uwVgSpn.exe
  C:\Windows\System\uwVgSpn.exe
  2⤵
  PID:3048
- C:\Windows\System\uaIUjqd.exe
  C:\Windows\System\uaIUjqd.exe
  2⤵
  PID:1912
- C:\Windows\System\KSiUjYJ.exe
  C:\Windows\System\KSiUjYJ.exe
  2⤵
  PID:340
- C:\Windows\System\VZKyopQ.exe
  C:\Windows\System\VZKyopQ.exe
  2⤵
  PID:1556
- C:\Windows\System\wGeWAbk.exe
  C:\Windows\System\wGeWAbk.exe
  2⤵
  PID:1448
- C:\Windows\System\VNONiIH.exe
  C:\Windows\System\VNONiIH.exe
  2⤵
  PID:596
- C:\Windows\System\canozLB.exe
  C:\Windows\System\canozLB.exe
  2⤵
  PID:956
- C:\Windows\System\JnEXxwy.exe
  C:\Windows\System\JnEXxwy.exe
  2⤵
  PID:2756
- C:\Windows\System\lLwGhzc.exe
  C:\Windows\System\lLwGhzc.exe
  2⤵
  PID:1900
- C:\Windows\System\tsGHmPw.exe
  C:\Windows\System\tsGHmPw.exe
  2⤵
  PID:108
- C:\Windows\System\UrUarxo.exe
  C:\Windows\System\UrUarxo.exe
  2⤵
  PID:3012
- C:\Windows\System\CRBKrJh.exe
  C:\Windows\System\CRBKrJh.exe
  2⤵
  PID:1764
- C:\Windows\System\QeVcYrb.exe
  C:\Windows\System\QeVcYrb.exe
  2⤵
  PID:1812
- C:\Windows\System\UevQogI.exe
  C:\Windows\System\UevQogI.exe
  2⤵
  PID:1760
- C:\Windows\System\exbSgPg.exe
  C:\Windows\System\exbSgPg.exe
  2⤵
  PID:2620
- C:\Windows\System\OSssuZZ.exe
  C:\Windows\System\OSssuZZ.exe
  2⤵
  PID:1196
- C:\Windows\System\VTGcUKG.exe
  C:\Windows\System\VTGcUKG.exe
  2⤵
  PID:2700
- C:\Windows\System\QMTxoqo.exe
  C:\Windows\System\QMTxoqo.exe
  2⤵
  PID:1436
- C:\Windows\System\fYERxyC.exe
  C:\Windows\System\fYERxyC.exe
  2⤵
  PID:1176
- C:\Windows\System\jYlBtMP.exe
  C:\Windows\System\jYlBtMP.exe
  2⤵
  PID:236
- C:\Windows\System\uMiXAHU.exe
  C:\Windows\System\uMiXAHU.exe
  2⤵
  PID:984
- C:\Windows\System\UVtsWAi.exe
  C:\Windows\System\UVtsWAi.exe
  2⤵
  PID:1696
- C:\Windows\System\nxflsbc.exe
  C:\Windows\System\nxflsbc.exe
  2⤵
  PID:2848
- C:\Windows\System\bwhpaWa.exe
  C:\Windows\System\bwhpaWa.exe
  2⤵
  PID:1940
- C:\Windows\System\kxmFuaa.exe
  C:\Windows\System\kxmFuaa.exe
  2⤵
  PID:2752
- C:\Windows\System\aYqUHuQ.exe
  C:\Windows\System\aYqUHuQ.exe
  2⤵
  PID:2712
- C:\Windows\System\GZyIAnh.exe
  C:\Windows\System\GZyIAnh.exe
  2⤵
  PID:2160
- C:\Windows\System\osPOMuk.exe
  C:\Windows\System\osPOMuk.exe
  2⤵
  PID:3088
- C:\Windows\System\yYCnMdJ.exe
  C:\Windows\System\yYCnMdJ.exe
  2⤵
  PID:3140
- C:\Windows\System\sUQRfhc.exe
  C:\Windows\System\sUQRfhc.exe
  2⤵
  PID:3160
- C:\Windows\System\niQxfdN.exe
  C:\Windows\System\niQxfdN.exe
  2⤵
  PID:3180
- C:\Windows\System\nRvjscW.exe
  C:\Windows\System\nRvjscW.exe
  2⤵
  PID:3200
- C:\Windows\System\OcCpGIf.exe
  C:\Windows\System\OcCpGIf.exe
  2⤵
  PID:3216
- C:\Windows\System\fddDmQP.exe
  C:\Windows\System\fddDmQP.exe
  2⤵
  PID:3236
- C:\Windows\System\rpblHcJ.exe
  C:\Windows\System\rpblHcJ.exe
  2⤵
  PID:3252
- C:\Windows\System\SxWzczB.exe
  C:\Windows\System\SxWzczB.exe
  2⤵
  PID:3268
- C:\Windows\System\OIncfUj.exe
  C:\Windows\System\OIncfUj.exe
  2⤵
  PID:3288
- C:\Windows\System\rbxdrZp.exe
  C:\Windows\System\rbxdrZp.exe
  2⤵
  PID:3304
- C:\Windows\System\iltoska.exe
  C:\Windows\System\iltoska.exe
  2⤵
  PID:3328
- C:\Windows\System\FWGdBPj.exe
  C:\Windows\System\FWGdBPj.exe
  2⤵
  PID:3344
- C:\Windows\System\SmhYVSJ.exe
  C:\Windows\System\SmhYVSJ.exe
  2⤵
  PID:3380
- C:\Windows\System\soZFBtH.exe
  C:\Windows\System\soZFBtH.exe
  2⤵
  PID:3400
- C:\Windows\System\ZaGQgMj.exe
  C:\Windows\System\ZaGQgMj.exe
  2⤵
  PID:3416
- C:\Windows\System\aTtspim.exe
  C:\Windows\System\aTtspim.exe
  2⤵
  PID:3432
- C:\Windows\System\DIEWPSw.exe
  C:\Windows\System\DIEWPSw.exe
  2⤵
  PID:3456
- C:\Windows\System\QiiODCb.exe
  C:\Windows\System\QiiODCb.exe
  2⤵
  PID:3480
- C:\Windows\System\ggNXfJw.exe
  C:\Windows\System\ggNXfJw.exe
  2⤵
  PID:3496
- C:\Windows\System\LKRJgZO.exe
  C:\Windows\System\LKRJgZO.exe
  2⤵
  PID:3516
- C:\Windows\System\ToQARWJ.exe
  C:\Windows\System\ToQARWJ.exe
  2⤵
  PID:3536
- C:\Windows\System\qUXZItP.exe
  C:\Windows\System\qUXZItP.exe
  2⤵
  PID:3552
- C:\Windows\System\QGxGmUh.exe
  C:\Windows\System\QGxGmUh.exe
  2⤵
  PID:3568
- C:\Windows\System\OYhKYob.exe
  C:\Windows\System\OYhKYob.exe
  2⤵
  PID:3588
- C:\Windows\System\nZIUQPz.exe
  C:\Windows\System\nZIUQPz.exe
  2⤵
  PID:3612
- C:\Windows\System\cBqPtOo.exe
  C:\Windows\System\cBqPtOo.exe
  2⤵
  PID:3640
- C:\Windows\System\WIgdeXm.exe
  C:\Windows\System\WIgdeXm.exe
  2⤵
  PID:3660
- C:\Windows\System\EyQboQu.exe
  C:\Windows\System\EyQboQu.exe
  2⤵
  PID:3676
- C:\Windows\System\KnsHWeD.exe
  C:\Windows\System\KnsHWeD.exe
  2⤵
  PID:3696
- C:\Windows\System\SoiEvDP.exe
  C:\Windows\System\SoiEvDP.exe
  2⤵
  PID:3720
- C:\Windows\System\xbXXwQE.exe
  C:\Windows\System\xbXXwQE.exe
  2⤵
  PID:3740
- C:\Windows\System\dfLYvkm.exe
  C:\Windows\System\dfLYvkm.exe
  2⤵
  PID:3760
- C:\Windows\System\TVRTsOX.exe
  C:\Windows\System\TVRTsOX.exe
  2⤵
  PID:3776
- C:\Windows\System\gdOaqEE.exe
  C:\Windows\System\gdOaqEE.exe
  2⤵
  PID:3800
- C:\Windows\System\XoNMBOT.exe
  C:\Windows\System\XoNMBOT.exe
  2⤵
  PID:3820
- C:\Windows\System\WgevIyW.exe
  C:\Windows\System\WgevIyW.exe
  2⤵
  PID:3840
- C:\Windows\System\kqEeTDQ.exe
  C:\Windows\System\kqEeTDQ.exe
  2⤵
  PID:3856
- C:\Windows\System\daaSHUV.exe
  C:\Windows\System\daaSHUV.exe
  2⤵
  PID:3880
- C:\Windows\System\RqOXiED.exe
  C:\Windows\System\RqOXiED.exe
  2⤵
  PID:3900
- C:\Windows\System\htrkDEZ.exe
  C:\Windows\System\htrkDEZ.exe
  2⤵
  PID:3920
- C:\Windows\System\fXizKZU.exe
  C:\Windows\System\fXizKZU.exe
  2⤵
  PID:3936
- C:\Windows\System\vYLJHba.exe
  C:\Windows\System\vYLJHba.exe
  2⤵
  PID:3956
- C:\Windows\System\XSagldi.exe
  C:\Windows\System\XSagldi.exe
  2⤵
  PID:3976
- C:\Windows\System\sdXNtFY.exe
  C:\Windows\System\sdXNtFY.exe
  2⤵
  PID:3996
- C:\Windows\System\KXDxWzD.exe
  C:\Windows\System\KXDxWzD.exe
  2⤵
  PID:4016
- C:\Windows\System\cPHSJsE.exe
  C:\Windows\System\cPHSJsE.exe
  2⤵
  PID:4040
- C:\Windows\System\cVnpwQk.exe
  C:\Windows\System\cVnpwQk.exe
  2⤵
  PID:4056
- C:\Windows\System\lHMbmZb.exe
  C:\Windows\System\lHMbmZb.exe
  2⤵
  PID:4072
- C:\Windows\System\YfRXEYT.exe
  C:\Windows\System\YfRXEYT.exe
  2⤵
  PID:2872
- C:\Windows\System\SDlxBdT.exe
  C:\Windows\System\SDlxBdT.exe
  2⤵
  PID:1048
- C:\Windows\System\CCeMndo.exe
  C:\Windows\System\CCeMndo.exe
  2⤵
  PID:1724
- C:\Windows\System\qIaGjWQ.exe
  C:\Windows\System\qIaGjWQ.exe
  2⤵
  PID:2392
- C:\Windows\System\cVfFVjG.exe
  C:\Windows\System\cVfFVjG.exe
  2⤵
  PID:2528
- C:\Windows\System\raoLzIn.exe
  C:\Windows\System\raoLzIn.exe
  2⤵
  PID:1516
- C:\Windows\System\FYSycYU.exe
  C:\Windows\System\FYSycYU.exe
  2⤵
  PID:2068
- C:\Windows\System\anUUQvD.exe
  C:\Windows\System\anUUQvD.exe
  2⤵
  PID:1684
- C:\Windows\System\zinjdxu.exe
  C:\Windows\System\zinjdxu.exe
  2⤵
  PID:684
- C:\Windows\System\JSjFqwD.exe
  C:\Windows\System\JSjFqwD.exe
  2⤵
  PID:2428
- C:\Windows\System\XbiSnpR.exe
  C:\Windows\System\XbiSnpR.exe
  2⤵
  PID:2476
- C:\Windows\System\HPhiTnM.exe
  C:\Windows\System\HPhiTnM.exe
  2⤵
  PID:568
- C:\Windows\System\RkTyxPF.exe
  C:\Windows\System\RkTyxPF.exe
  2⤵
  PID:1988
- C:\Windows\System\voMqkmP.exe
  C:\Windows\System\voMqkmP.exe
  2⤵
  PID:1480
- C:\Windows\System\qWUGpRo.exe
  C:\Windows\System\qWUGpRo.exe
  2⤵
  PID:1932
- C:\Windows\System\TJmADXe.exe
  C:\Windows\System\TJmADXe.exe
  2⤵
  PID:1716
- C:\Windows\System\nUQPRVq.exe
  C:\Windows\System\nUQPRVq.exe
  2⤵
  PID:3128
- C:\Windows\System\jiDiNZr.exe
  C:\Windows\System\jiDiNZr.exe
  2⤵
  PID:3168
- C:\Windows\System\RfANlGr.exe
  C:\Windows\System\RfANlGr.exe
  2⤵
  PID:3172
- C:\Windows\System\dySNTOO.exe
  C:\Windows\System\dySNTOO.exe
  2⤵
  PID:3260
- C:\Windows\System\vcNWVyJ.exe
  C:\Windows\System\vcNWVyJ.exe
  2⤵
  PID:3284
- C:\Windows\System\oSCTLRD.exe
  C:\Windows\System\oSCTLRD.exe
  2⤵
  PID:3212
- C:\Windows\System\dWSSfVv.exe
  C:\Windows\System\dWSSfVv.exe
  2⤵
  PID:3336
- C:\Windows\System\OPhQMAW.exe
  C:\Windows\System\OPhQMAW.exe
  2⤵
  PID:3360
- C:\Windows\System\XQwKFfF.exe
  C:\Windows\System\XQwKFfF.exe
  2⤵
  PID:3388
- C:\Windows\System\jdCozEV.exe
  C:\Windows\System\jdCozEV.exe
  2⤵
  PID:3428
- C:\Windows\System\ohxYmmW.exe
  C:\Windows\System\ohxYmmW.exe
  2⤵
  PID:3440
- C:\Windows\System\rlPEBSU.exe
  C:\Windows\System\rlPEBSU.exe
  2⤵
  PID:3476
- C:\Windows\System\HvTdrzw.exe
  C:\Windows\System\HvTdrzw.exe
  2⤵
  PID:3508
- C:\Windows\System\uHHrISl.exe
  C:\Windows\System\uHHrISl.exe
  2⤵
  PID:3492
- C:\Windows\System\SOSjDnU.exe
  C:\Windows\System\SOSjDnU.exe
  2⤵
  PID:3584
- C:\Windows\System\AwuZPbn.exe
  C:\Windows\System\AwuZPbn.exe
  2⤵
  PID:3596
- C:\Windows\System\AeMuoCg.exe
  C:\Windows\System\AeMuoCg.exe
  2⤵
  PID:3624
- C:\Windows\System\KrKVJxM.exe
  C:\Windows\System\KrKVJxM.exe
  2⤵
  PID:3636
- C:\Windows\System\JHYbMqN.exe
  C:\Windows\System\JHYbMqN.exe
  2⤵
  PID:3708
- C:\Windows\System\NTXyQGS.exe
  C:\Windows\System\NTXyQGS.exe
  2⤵
  PID:3732
- C:\Windows\System\DENDBWq.exe
  C:\Windows\System\DENDBWq.exe
  2⤵
  PID:3788
- C:\Windows\System\GcqNlue.exe
  C:\Windows\System\GcqNlue.exe
  2⤵
  PID:3808
- C:\Windows\System\WLyJZTy.exe
  C:\Windows\System\WLyJZTy.exe
  2⤵
  PID:3896
- C:\Windows\System\mUridGX.exe
  C:\Windows\System\mUridGX.exe
  2⤵
  PID:3988
- C:\Windows\System\XnjYAtT.exe
  C:\Windows\System\XnjYAtT.exe
  2⤵
  PID:3968
- C:\Windows\System\jlIngKW.exe
  C:\Windows\System\jlIngKW.exe
  2⤵
  PID:3964
- C:\Windows\System\dacOtya.exe
  C:\Windows\System\dacOtya.exe
  2⤵
  PID:2316
- C:\Windows\System\oiKWNPX.exe
  C:\Windows\System\oiKWNPX.exe
  2⤵
  PID:1780
- C:\Windows\System\ebvdPhM.exe
  C:\Windows\System\ebvdPhM.exe
  2⤵
  PID:1420
- C:\Windows\System\mIadYjc.exe
  C:\Windows\System\mIadYjc.exe
  2⤵
  PID:3152
- C:\Windows\System\TTRsPGZ.exe
  C:\Windows\System\TTRsPGZ.exe
  2⤵
  PID:1636
- C:\Windows\System\rvHCydr.exe
  C:\Windows\System\rvHCydr.exe
  2⤵
  PID:1204
- C:\Windows\System\RGSRkYo.exe
  C:\Windows\System\RGSRkYo.exe
  2⤵
  PID:3188
- C:\Windows\System\zYuANSa.exe
  C:\Windows\System\zYuANSa.exe
  2⤵
  PID:4080
- C:\Windows\System\ZLwuolV.exe
  C:\Windows\System\ZLwuolV.exe
  2⤵
  PID:3396
- C:\Windows\System\qgpgSvs.exe
  C:\Windows\System\qgpgSvs.exe
  2⤵
  PID:3408
- C:\Windows\System\KgqyZML.exe
  C:\Windows\System\KgqyZML.exe
  2⤵
  PID:3608
- C:\Windows\System\XNyYVzF.exe
  C:\Windows\System\XNyYVzF.exe
  2⤵
  PID:2816
- C:\Windows\System\TwLFvjN.exe
  C:\Windows\System\TwLFvjN.exe
  2⤵
  PID:1248
- C:\Windows\System\GJSWJMK.exe
  C:\Windows\System\GJSWJMK.exe
  2⤵
  PID:3208
- C:\Windows\System\TTwpbgV.exe
  C:\Windows\System\TTwpbgV.exe
  2⤵
  PID:3248
- C:\Windows\System\OAEwuSI.exe
  C:\Windows\System\OAEwuSI.exe
  2⤵
  PID:3504
- C:\Windows\System\wNbgTzZ.exe
  C:\Windows\System\wNbgTzZ.exe
  2⤵
  PID:3580
- C:\Windows\System\LIPpWOk.exe
  C:\Windows\System\LIPpWOk.exe
  2⤵
  PID:3652
- C:\Windows\System\IfWTcpd.exe
  C:\Windows\System\IfWTcpd.exe
  2⤵
  PID:3756
- C:\Windows\System\spawXRK.exe
  C:\Windows\System\spawXRK.exe
  2⤵
  PID:3124
- C:\Windows\System\UrHOCLv.exe
  C:\Windows\System\UrHOCLv.exe
  2⤵
  PID:3768
- C:\Windows\System\yEOYEla.exe
  C:\Windows\System\yEOYEla.exe
  2⤵
  PID:3784
- C:\Windows\System\SCRJvyT.exe
  C:\Windows\System\SCRJvyT.exe
  2⤵
  PID:3836
- C:\Windows\System\ciApvOY.exe
  C:\Windows\System\ciApvOY.exe
  2⤵
  PID:3872
- C:\Windows\System\wmQfuEZ.exe
  C:\Windows\System\wmQfuEZ.exe
  2⤵
  PID:3944
- C:\Windows\System\aQQpueR.exe
  C:\Windows\System\aQQpueR.exe
  2⤵
  PID:3892
- C:\Windows\System\tURLgHV.exe
  C:\Windows\System\tURLgHV.exe
  2⤵
  PID:4012
- C:\Windows\System\sCLlOvf.exe
  C:\Windows\System\sCLlOvf.exe
  2⤵
  PID:900
- C:\Windows\System\uZhKPVs.exe
  C:\Windows\System\uZhKPVs.exe
  2⤵
  PID:3080
- C:\Windows\System\LQaCCXM.exe
  C:\Windows\System\LQaCCXM.exe
  2⤵
  PID:980
- C:\Windows\System\NnXoWXV.exe
  C:\Windows\System\NnXoWXV.exe
  2⤵
  PID:3320
- C:\Windows\System\FgSUbIi.exe
  C:\Windows\System\FgSUbIi.exe
  2⤵
  PID:4052
- C:\Windows\System\ENXkCKE.exe
  C:\Windows\System\ENXkCKE.exe
  2⤵
  PID:3472
- C:\Windows\System\rURiWfF.exe
  C:\Windows\System\rURiWfF.exe
  2⤵
  PID:3356
- C:\Windows\System\NodFfQx.exe
  C:\Windows\System\NodFfQx.exe
  2⤵
  PID:3748
- C:\Windows\System\ubALtzv.exe
  C:\Windows\System\ubALtzv.exe
  2⤵
  PID:3412
- C:\Windows\System\xpPmzLW.exe
  C:\Windows\System\xpPmzLW.exe
  2⤵
  PID:3300
- C:\Windows\System\pJoiyOd.exe
  C:\Windows\System\pJoiyOd.exe
  2⤵
  PID:2852
- C:\Windows\System\mIgUflb.exe
  C:\Windows\System\mIgUflb.exe
  2⤵
  PID:4108
- C:\Windows\System\eGRdNJd.exe
  C:\Windows\System\eGRdNJd.exe
  2⤵
  PID:4128
- C:\Windows\System\PrSGiDV.exe
  C:\Windows\System\PrSGiDV.exe
  2⤵
  PID:4144
- C:\Windows\System\foqxwfd.exe
  C:\Windows\System\foqxwfd.exe
  2⤵
  PID:4168
- C:\Windows\System\CCIJTqp.exe
  C:\Windows\System\CCIJTqp.exe
  2⤵
  PID:4188
- C:\Windows\System\GjyLIuI.exe
  C:\Windows\System\GjyLIuI.exe
  2⤵
  PID:4208
- C:\Windows\System\LZdVUGo.exe
  C:\Windows\System\LZdVUGo.exe
  2⤵
  PID:4224
- C:\Windows\System\swcIxLc.exe
  C:\Windows\System\swcIxLc.exe
  2⤵
  PID:4244
- C:\Windows\System\mkczOjA.exe
  C:\Windows\System\mkczOjA.exe
  2⤵
  PID:4264
- C:\Windows\System\AzhxVyZ.exe
  C:\Windows\System\AzhxVyZ.exe
  2⤵
  PID:4288
- C:\Windows\System\zPsgIVS.exe
  C:\Windows\System\zPsgIVS.exe
  2⤵
  PID:4308
- C:\Windows\System\etydboM.exe
  C:\Windows\System\etydboM.exe
  2⤵
  PID:4328
- C:\Windows\System\oUNzBnG.exe
  C:\Windows\System\oUNzBnG.exe
  2⤵
  PID:4348
- C:\Windows\System\FVTmOkt.exe
  C:\Windows\System\FVTmOkt.exe
  2⤵
  PID:4368
- C:\Windows\System\cnaUsNw.exe
  C:\Windows\System\cnaUsNw.exe
  2⤵
  PID:4388
- C:\Windows\System\gxdyRgA.exe
  C:\Windows\System\gxdyRgA.exe
  2⤵
  PID:4408
- C:\Windows\System\SLTvBSc.exe
  C:\Windows\System\SLTvBSc.exe
  2⤵
  PID:4428
- C:\Windows\System\AajOwzJ.exe
  C:\Windows\System\AajOwzJ.exe
  2⤵
  PID:4448
- C:\Windows\System\Pxlkhre.exe
  C:\Windows\System\Pxlkhre.exe
  2⤵
  PID:4468
- C:\Windows\System\nlyMxqd.exe
  C:\Windows\System\nlyMxqd.exe
  2⤵
  PID:4488
- C:\Windows\System\LOMRnqi.exe
  C:\Windows\System\LOMRnqi.exe
  2⤵
  PID:4508
- C:\Windows\System\YWhZCQy.exe
  C:\Windows\System\YWhZCQy.exe
  2⤵
  PID:4524
- C:\Windows\System\OAryqZu.exe
  C:\Windows\System\OAryqZu.exe
  2⤵
  PID:4548
- C:\Windows\System\QXELlFU.exe
  C:\Windows\System\QXELlFU.exe
  2⤵
  PID:4568
- C:\Windows\System\srMZBEo.exe
  C:\Windows\System\srMZBEo.exe
  2⤵
  PID:4592
- C:\Windows\System\JFAwcZf.exe
  C:\Windows\System\JFAwcZf.exe
  2⤵
  PID:4612
- C:\Windows\System\kIaPErL.exe
  C:\Windows\System\kIaPErL.exe
  2⤵
  PID:4632
- C:\Windows\System\bXcbURo.exe
  C:\Windows\System\bXcbURo.exe
  2⤵
  PID:4652
- C:\Windows\System\usnltnE.exe
  C:\Windows\System\usnltnE.exe
  2⤵
  PID:4672
- C:\Windows\System\vuIvBQa.exe
  C:\Windows\System\vuIvBQa.exe
  2⤵
  PID:4692
- C:\Windows\System\UgwzMPE.exe
  C:\Windows\System\UgwzMPE.exe
  2⤵
  PID:4712
- C:\Windows\System\PSScpIg.exe
  C:\Windows\System\PSScpIg.exe
  2⤵
  PID:4732
- C:\Windows\System\NwdXDnW.exe
  C:\Windows\System\NwdXDnW.exe
  2⤵
  PID:4752
- C:\Windows\System\BYPMZHn.exe
  C:\Windows\System\BYPMZHn.exe
  2⤵
  PID:4772
- C:\Windows\System\Ikyxndv.exe
  C:\Windows\System\Ikyxndv.exe
  2⤵
  PID:4792
- C:\Windows\System\CQJgCkI.exe
  C:\Windows\System\CQJgCkI.exe
  2⤵
  PID:4812
- C:\Windows\System\cICoxYl.exe
  C:\Windows\System\cICoxYl.exe
  2⤵
  PID:4832
- C:\Windows\System\CHhLcvO.exe
  C:\Windows\System\CHhLcvO.exe
  2⤵
  PID:4852
- C:\Windows\System\hnUWVtt.exe
  C:\Windows\System\hnUWVtt.exe
  2⤵
  PID:4868
- C:\Windows\System\ZzQBzlk.exe
  C:\Windows\System\ZzQBzlk.exe
  2⤵
  PID:4888
- C:\Windows\System\AeBCNJu.exe
  C:\Windows\System\AeBCNJu.exe
  2⤵
  PID:4908
- C:\Windows\System\UlPAjDo.exe
  C:\Windows\System\UlPAjDo.exe
  2⤵
  PID:4932
- C:\Windows\System\KTTNUnH.exe
  C:\Windows\System\KTTNUnH.exe
  2⤵
  PID:4948
- C:\Windows\System\VFPTYxb.exe
  C:\Windows\System\VFPTYxb.exe
  2⤵
  PID:4972
- C:\Windows\System\gumKXra.exe
  C:\Windows\System\gumKXra.exe
  2⤵
  PID:4988
- C:\Windows\System\CSfTEfI.exe
  C:\Windows\System\CSfTEfI.exe
  2⤵
  PID:5008
- C:\Windows\System\bKbSVZY.exe
  C:\Windows\System\bKbSVZY.exe
  2⤵
  PID:5032
- C:\Windows\System\QcrtCkd.exe
  C:\Windows\System\QcrtCkd.exe
  2⤵
  PID:5052
- C:\Windows\System\BZLLmWD.exe
  C:\Windows\System\BZLLmWD.exe
  2⤵
  PID:5072
- C:\Windows\System\ppPXrJr.exe
  C:\Windows\System\ppPXrJr.exe
  2⤵
  PID:5092
- C:\Windows\System\LWhSZUD.exe
  C:\Windows\System\LWhSZUD.exe
  2⤵
  PID:5112
- C:\Windows\System\lYTzmJd.exe
  C:\Windows\System\lYTzmJd.exe
  2⤵
  PID:2556
- C:\Windows\System\nnUcEae.exe
  C:\Windows\System\nnUcEae.exe
  2⤵
  PID:676
- C:\Windows\System\mKkUccL.exe
  C:\Windows\System\mKkUccL.exe
  2⤵
  PID:3792
- C:\Windows\System\zkQQRZX.exe
  C:\Windows\System\zkQQRZX.exe
  2⤵
  PID:3984
- C:\Windows\System\BMKUwAt.exe
  C:\Windows\System\BMKUwAt.exe
  2⤵
  PID:2336
- C:\Windows\System\RTuBSvt.exe
  C:\Windows\System\RTuBSvt.exe
  2⤵
  PID:4008
- C:\Windows\System\FYKxeSI.exe
  C:\Windows\System\FYKxeSI.exe
  2⤵
  PID:3136
- C:\Windows\System\WqyJonr.exe
  C:\Windows\System\WqyJonr.exe
  2⤵
  PID:3228
- C:\Windows\System\yFJcKfw.exe
  C:\Windows\System\yFJcKfw.exe
  2⤵
  PID:3448
- C:\Windows\System\xGTKKLp.exe
  C:\Windows\System\xGTKKLp.exe
  2⤵
  PID:3372
- C:\Windows\System\yxgdKhT.exe
  C:\Windows\System\yxgdKhT.exe
  2⤵
  PID:3728
- C:\Windows\System\wkSIvTv.exe
  C:\Windows\System\wkSIvTv.exe
  2⤵
  PID:1092
- C:\Windows\System\XIRMxBw.exe
  C:\Windows\System\XIRMxBw.exe
  2⤵
  PID:4104
- C:\Windows\System\LqKEUbx.exe
  C:\Windows\System\LqKEUbx.exe
  2⤵
  PID:4164
- C:\Windows\System\cjFqOkB.exe
  C:\Windows\System\cjFqOkB.exe
  2⤵
  PID:4176
- C:\Windows\System\QWAHKKk.exe
  C:\Windows\System\QWAHKKk.exe
  2⤵
  PID:4232
- C:\Windows\System\ofPormX.exe
  C:\Windows\System\ofPormX.exe
  2⤵
  PID:4280
- C:\Windows\System\OYgfZqk.exe
  C:\Windows\System\OYgfZqk.exe
  2⤵
  PID:4256
- C:\Windows\System\qvsowFV.exe
  C:\Windows\System\qvsowFV.exe
  2⤵
  PID:4304
- C:\Windows\System\dchSfej.exe
  C:\Windows\System\dchSfej.exe
  2⤵
  PID:4344
- C:\Windows\System\MgZNVOm.exe
  C:\Windows\System\MgZNVOm.exe
  2⤵
  PID:4376
- C:\Windows\System\yLyNjHw.exe
  C:\Windows\System\yLyNjHw.exe
  2⤵
  PID:4440
- C:\Windows\System\wHjMkrn.exe
  C:\Windows\System\wHjMkrn.exe
  2⤵
  PID:4456
- C:\Windows\System\kpZBlWr.exe
  C:\Windows\System\kpZBlWr.exe
  2⤵
  PID:4484
- C:\Windows\System\YBoImZy.exe
  C:\Windows\System\YBoImZy.exe
  2⤵
  PID:4520
- C:\Windows\System\ZzbEmeG.exe
  C:\Windows\System\ZzbEmeG.exe
  2⤵
  PID:4532
- C:\Windows\System\WiqsbfJ.exe
  C:\Windows\System\WiqsbfJ.exe
  2⤵
  PID:4608
- C:\Windows\System\UpaySyK.exe
  C:\Windows\System\UpaySyK.exe
  2⤵
  PID:4648
- C:\Windows\System\pBLEnvt.exe
  C:\Windows\System\pBLEnvt.exe
  2⤵
  PID:4660
- C:\Windows\System\mgsfeQB.exe
  C:\Windows\System\mgsfeQB.exe
  2⤵
  PID:4664
- C:\Windows\System\lyYlZEo.exe
  C:\Windows\System\lyYlZEo.exe
  2⤵
  PID:4700
- C:\Windows\System\vmFUOuQ.exe
  C:\Windows\System\vmFUOuQ.exe
  2⤵
  PID:4764
- C:\Windows\System\hZtJcsm.exe
  C:\Windows\System\hZtJcsm.exe
  2⤵
  PID:4804
- C:\Windows\System\yATICMZ.exe
  C:\Windows\System\yATICMZ.exe
  2⤵
  PID:4820
- C:\Windows\System\rTuSubO.exe
  C:\Windows\System\rTuSubO.exe
  2⤵
  PID:4824
- C:\Windows\System\vLJckfk.exe
  C:\Windows\System\vLJckfk.exe
  2⤵
  PID:4864
- C:\Windows\System\nRMnlNW.exe
  C:\Windows\System\nRMnlNW.exe
  2⤵
  PID:4956
- C:\Windows\System\broKxQy.exe
  C:\Windows\System\broKxQy.exe
  2⤵
  PID:5004
- C:\Windows\System\LDEoGvy.exe
  C:\Windows\System\LDEoGvy.exe
  2⤵
  PID:4980
- C:\Windows\System\CAPVmhw.exe
  C:\Windows\System\CAPVmhw.exe
  2⤵
  PID:5044
- C:\Windows\System\CKjWVWv.exe
  C:\Windows\System\CKjWVWv.exe
  2⤵
  PID:5084
- C:\Windows\System\BeszNQL.exe
  C:\Windows\System\BeszNQL.exe
  2⤵
  PID:5068
- C:\Windows\System\PAAZtzd.exe
  C:\Windows\System\PAAZtzd.exe
  2⤵
  PID:5104
- C:\Windows\System\peksDLC.exe
  C:\Windows\System\peksDLC.exe
  2⤵
  PID:3852
- C:\Windows\System\hZMOTcy.exe
  C:\Windows\System\hZMOTcy.exe
  2⤵
  PID:3120
- C:\Windows\System\GcnaGLA.exe
  C:\Windows\System\GcnaGLA.exe
  2⤵
  PID:2184
- C:\Windows\System\DRlDQEv.exe
  C:\Windows\System\DRlDQEv.exe
  2⤵
  PID:3952
- C:\Windows\System\upHLlqi.exe
  C:\Windows\System\upHLlqi.exe
  2⤵
  PID:3112
- C:\Windows\System\NWyFHfr.exe
  C:\Windows\System\NWyFHfr.exe
  2⤵
  PID:3560
- C:\Windows\System\FtipvIB.exe
  C:\Windows\System\FtipvIB.exe
  2⤵
  PID:3668
- C:\Windows\System\PtvVmgI.exe
  C:\Windows\System\PtvVmgI.exe
  2⤵
  PID:4152
- C:\Windows\System\mPGEsTY.exe
  C:\Windows\System\mPGEsTY.exe
  2⤵
  PID:4316
- C:\Windows\System\tdoHJzz.exe
  C:\Windows\System\tdoHJzz.exe
  2⤵
  PID:4216
- C:\Windows\System\sVxsuGY.exe
  C:\Windows\System\sVxsuGY.exe
  2⤵
  PID:4252
- C:\Windows\System\anOWVYI.exe
  C:\Windows\System\anOWVYI.exe
  2⤵
  PID:4496
- C:\Windows\System\CNSJCUL.exe
  C:\Windows\System\CNSJCUL.exe
  2⤵
  PID:4436
- C:\Windows\System\jygYJgF.exe
  C:\Windows\System\jygYJgF.exe
  2⤵
  PID:4464
- C:\Windows\System\lpDoMku.exe
  C:\Windows\System\lpDoMku.exe
  2⤵
  PID:4600
- C:\Windows\System\ePsOCTu.exe
  C:\Windows\System\ePsOCTu.exe
  2⤵
  PID:4620
- C:\Windows\System\FrocKWk.exe
  C:\Windows\System\FrocKWk.exe
  2⤵
  PID:4688
- C:\Windows\System\JTyWzPZ.exe
  C:\Windows\System\JTyWzPZ.exe
  2⤵
  PID:4808
- C:\Windows\System\GXfWdmN.exe
  C:\Windows\System\GXfWdmN.exe
  2⤵
  PID:4708
- C:\Windows\System\qazrJDN.exe
  C:\Windows\System\qazrJDN.exe
  2⤵
  PID:4840
- C:\Windows\System\XooorhN.exe
  C:\Windows\System\XooorhN.exe
  2⤵
  PID:4896
- C:\Windows\System\xWPfzzc.exe
  C:\Windows\System\xWPfzzc.exe
  2⤵
  PID:4944
- C:\Windows\System\kxzjbUm.exe
  C:\Windows\System\kxzjbUm.exe
  2⤵
  PID:5100
- C:\Windows\System\GhFueRk.exe
  C:\Windows\System\GhFueRk.exe
  2⤵
  PID:4960
- C:\Windows\System\bPtvkcM.exe
  C:\Windows\System\bPtvkcM.exe
  2⤵
  PID:3712
- C:\Windows\System\dMVDybj.exe
  C:\Windows\System\dMVDybj.exe
  2⤵
  PID:3848
- C:\Windows\System\zqnNWcN.exe
  C:\Windows\System\zqnNWcN.exe
  2⤵
  PID:3084
- C:\Windows\System\Vsmknkx.exe
  C:\Windows\System\Vsmknkx.exe
  2⤵
  PID:3688
- C:\Windows\System\aSVCWVq.exe
  C:\Windows\System\aSVCWVq.exe
  2⤵
  PID:4140
- C:\Windows\System\xMacnde.exe
  C:\Windows\System\xMacnde.exe
  2⤵
  PID:4184
- C:\Windows\System\gIOFCyT.exe
  C:\Windows\System\gIOFCyT.exe
  2⤵
  PID:4324
- C:\Windows\System\FGabGHT.exe
  C:\Windows\System\FGabGHT.exe
  2⤵
  PID:4364
- C:\Windows\System\OxOEtXD.exe
  C:\Windows\System\OxOEtXD.exe
  2⤵
  PID:4560
- C:\Windows\System\AKoqXFY.exe
  C:\Windows\System\AKoqXFY.exe
  2⤵
  PID:5140
- C:\Windows\System\RgEdoxH.exe
  C:\Windows\System\RgEdoxH.exe
  2⤵
  PID:5156
- C:\Windows\System\iZpKtbo.exe
  C:\Windows\System\iZpKtbo.exe
  2⤵
  PID:5176
- C:\Windows\System\qQALrNT.exe
  C:\Windows\System\qQALrNT.exe
  2⤵
  PID:5200
- C:\Windows\System\ZroAHSL.exe
  C:\Windows\System\ZroAHSL.exe
  2⤵
  PID:5216
- C:\Windows\System\ZzwKmNG.exe
  C:\Windows\System\ZzwKmNG.exe
  2⤵
  PID:5236
- C:\Windows\System\kdNwohP.exe
  C:\Windows\System\kdNwohP.exe
  2⤵
  PID:5252
- C:\Windows\System\KlVKgox.exe
  C:\Windows\System\KlVKgox.exe
  2⤵
  PID:5276
- C:\Windows\System\tfEhcnZ.exe
  C:\Windows\System\tfEhcnZ.exe
  2⤵
  PID:5296
- C:\Windows\System\VMLTcus.exe
  C:\Windows\System\VMLTcus.exe
  2⤵
  PID:5320
- C:\Windows\System\vnfuxHr.exe
  C:\Windows\System\vnfuxHr.exe
  2⤵
  PID:5340
- C:\Windows\System\uCNhurl.exe
  C:\Windows\System\uCNhurl.exe
  2⤵
  PID:5364
- C:\Windows\System\SYgicyb.exe
  C:\Windows\System\SYgicyb.exe
  2⤵
  PID:5384
- C:\Windows\System\xHXPUpl.exe
  C:\Windows\System\xHXPUpl.exe
  2⤵
  PID:5404
- C:\Windows\System\RyMfQfC.exe
  C:\Windows\System\RyMfQfC.exe
  2⤵
  PID:5420
- C:\Windows\System\ZsTjmvU.exe
  C:\Windows\System\ZsTjmvU.exe
  2⤵
  PID:5440
- C:\Windows\System\sEEFEfk.exe
  C:\Windows\System\sEEFEfk.exe
  2⤵
  PID:5468
- C:\Windows\System\wXkkbTj.exe
  C:\Windows\System\wXkkbTj.exe
  2⤵
  PID:5484
- C:\Windows\System\iPSWEYV.exe
  C:\Windows\System\iPSWEYV.exe
  2⤵
  PID:5508
- C:\Windows\System\IuPJymX.exe
  C:\Windows\System\IuPJymX.exe
  2⤵
  PID:5528
- C:\Windows\System\mVtMASm.exe
  C:\Windows\System\mVtMASm.exe
  2⤵
  PID:5548
- C:\Windows\System\FkqWDqu.exe
  C:\Windows\System\FkqWDqu.exe
  2⤵
  PID:5564
- C:\Windows\System\QMlCWXQ.exe
  C:\Windows\System\QMlCWXQ.exe
  2⤵
  PID:5580
- C:\Windows\System\vXgJQPc.exe
  C:\Windows\System\vXgJQPc.exe
  2⤵
  PID:5608
- C:\Windows\System\ruWoIeA.exe
  C:\Windows\System\ruWoIeA.exe
  2⤵
  PID:5624
- C:\Windows\System\QxPTJxJ.exe
  C:\Windows\System\QxPTJxJ.exe
  2⤵
  PID:5648
- C:\Windows\System\EukSNIZ.exe
  C:\Windows\System\EukSNIZ.exe
  2⤵
  PID:5668
- C:\Windows\System\VAfOwYS.exe
  C:\Windows\System\VAfOwYS.exe
  2⤵
  PID:5688
- C:\Windows\System\JFDbYeY.exe
  C:\Windows\System\JFDbYeY.exe
  2⤵
  PID:5704
- C:\Windows\System\VpysOFQ.exe
  C:\Windows\System\VpysOFQ.exe
  2⤵
  PID:5728
- C:\Windows\System\ggDXFqk.exe
  C:\Windows\System\ggDXFqk.exe
  2⤵
  PID:5748
- C:\Windows\System\RqwPELD.exe
  C:\Windows\System\RqwPELD.exe
  2⤵
  PID:5768
- C:\Windows\System\EPgVtBA.exe
  C:\Windows\System\EPgVtBA.exe
  2⤵
  PID:5788
- C:\Windows\System\NrIJQVb.exe
  C:\Windows\System\NrIJQVb.exe
  2⤵
  PID:5808
- C:\Windows\System\JQrzfMd.exe
  C:\Windows\System\JQrzfMd.exe
  2⤵
  PID:5828
- C:\Windows\System\tFqSjIW.exe
  C:\Windows\System\tFqSjIW.exe
  2⤵
  PID:5848
- C:\Windows\System\UsnYueB.exe
  C:\Windows\System\UsnYueB.exe
  2⤵
  PID:5864
- C:\Windows\System\CHvvWac.exe
  C:\Windows\System\CHvvWac.exe
  2⤵
  PID:5888
- C:\Windows\System\JhfcYPy.exe
  C:\Windows\System\JhfcYPy.exe
  2⤵
  PID:5908
- C:\Windows\System\vRpASPp.exe
  C:\Windows\System\vRpASPp.exe
  2⤵
  PID:5928
- C:\Windows\System\gGXOezG.exe
  C:\Windows\System\gGXOezG.exe
  2⤵
  PID:5944
- C:\Windows\System\hGHSiZr.exe
  C:\Windows\System\hGHSiZr.exe
  2⤵
  PID:5968
- C:\Windows\System\zbaXZsN.exe
  C:\Windows\System\zbaXZsN.exe
  2⤵
  PID:5984
- C:\Windows\System\XJDeSOr.exe
  C:\Windows\System\XJDeSOr.exe
  2⤵
  PID:6008
- C:\Windows\System\BxiqDWF.exe
  C:\Windows\System\BxiqDWF.exe
  2⤵
  PID:6024
- C:\Windows\System\BNhAvVs.exe
  C:\Windows\System\BNhAvVs.exe
  2⤵
  PID:6048
- C:\Windows\System\fWawPAx.exe
  C:\Windows\System\fWawPAx.exe
  2⤵
  PID:6064
- C:\Windows\System\bYhEdeu.exe
  C:\Windows\System\bYhEdeu.exe
  2⤵
  PID:6088
- C:\Windows\System\mWUwgDG.exe
  C:\Windows\System\mWUwgDG.exe
  2⤵
  PID:6108
- C:\Windows\System\EELBkor.exe
  C:\Windows\System\EELBkor.exe
  2⤵
  PID:6124
- C:\Windows\System\bLTdMxC.exe
  C:\Windows\System\bLTdMxC.exe
  2⤵
  PID:4400
- C:\Windows\System\WKmTREA.exe
  C:\Windows\System\WKmTREA.exe
  2⤵
  PID:4628
- C:\Windows\System\UhIZnRx.exe
  C:\Windows\System\UhIZnRx.exe
  2⤵
  PID:4724
- C:\Windows\System\JPvkiiR.exe
  C:\Windows\System\JPvkiiR.exe
  2⤵
  PID:4604
- C:\Windows\System\sksJMIB.exe
  C:\Windows\System\sksJMIB.exe
  2⤵
  PID:4828
- C:\Windows\System\XQOtNyQ.exe
  C:\Windows\System\XQOtNyQ.exe
  2⤵
  PID:4996
- C:\Windows\System\fWXKTvV.exe
  C:\Windows\System\fWXKTvV.exe
  2⤵
  PID:5024
- C:\Windows\System\bcTWVCi.exe
  C:\Windows\System\bcTWVCi.exe
  2⤵
  PID:5028
- C:\Windows\System\kuLlhUR.exe
  C:\Windows\System\kuLlhUR.exe
  2⤵
  PID:3548
- C:\Windows\System\kdKQcou.exe
  C:\Windows\System\kdKQcou.exe
  2⤵
  PID:4272
- C:\Windows\System\roYCLLD.exe
  C:\Windows\System\roYCLLD.exe
  2⤵
  PID:4240
- C:\Windows\System\HwCzcsg.exe
  C:\Windows\System\HwCzcsg.exe
  2⤵
  PID:4296
- C:\Windows\System\syCAaMp.exe
  C:\Windows\System\syCAaMp.exe
  2⤵
  PID:4424
- C:\Windows\System\JTbagGN.exe
  C:\Windows\System\JTbagGN.exe
  2⤵
  PID:5172
- C:\Windows\System\WDdZJbR.exe
  C:\Windows\System\WDdZJbR.exe
  2⤵
  PID:5208
- C:\Windows\System\NdsSBhG.exe
  C:\Windows\System\NdsSBhG.exe
  2⤵
  PID:5248
- C:\Windows\System\ksFfKgJ.exe
  C:\Windows\System\ksFfKgJ.exe
  2⤵
  PID:5284
- C:\Windows\System\aeOcTuX.exe
  C:\Windows\System\aeOcTuX.exe
  2⤵
  PID:5268
- C:\Windows\System\SVpHlMC.exe
  C:\Windows\System\SVpHlMC.exe
  2⤵
  PID:5348
- C:\Windows\System\MsxXQjG.exe
  C:\Windows\System\MsxXQjG.exe
  2⤵
  PID:3316
- C:\Windows\System\TDJtkGW.exe
  C:\Windows\System\TDJtkGW.exe
  2⤵
  PID:5412
- C:\Windows\System\bPWDqai.exe
  C:\Windows\System\bPWDqai.exe
  2⤵
  PID:5452
- C:\Windows\System\wdPqrxZ.exe
  C:\Windows\System\wdPqrxZ.exe
  2⤵
  PID:5500
- C:\Windows\System\sJSVNRB.exe
  C:\Windows\System\sJSVNRB.exe
  2⤵
  PID:5436
- C:\Windows\System\WdPVsPe.exe
  C:\Windows\System\WdPVsPe.exe
  2⤵
  PID:5540
- C:\Windows\System\fiseLCY.exe
  C:\Windows\System\fiseLCY.exe
  2⤵
  PID:5572
- C:\Windows\System\UvIFiti.exe
  C:\Windows\System\UvIFiti.exe
  2⤵
  PID:5660
- C:\Windows\System\FUCUbvG.exe
  C:\Windows\System\FUCUbvG.exe
  2⤵
  PID:5700
- C:\Windows\System\ZNsGlVs.exe
  C:\Windows\System\ZNsGlVs.exe
  2⤵
  PID:5600
- C:\Windows\System\NgxuQiz.exe
  C:\Windows\System\NgxuQiz.exe
  2⤵
  PID:5636
- C:\Windows\System\waPXdMT.exe
  C:\Windows\System\waPXdMT.exe
  2⤵
  PID:5680
- C:\Windows\System\LSHNDzh.exe
  C:\Windows\System\LSHNDzh.exe
  2⤵
  PID:5820
- C:\Windows\System\WaRFYnB.exe
  C:\Windows\System\WaRFYnB.exe
  2⤵
  PID:5724
- C:\Windows\System\fhJSizG.exe
  C:\Windows\System\fhJSizG.exe
  2⤵
  PID:5904
- C:\Windows\System\ijyBDbx.exe
  C:\Windows\System\ijyBDbx.exe
  2⤵
  PID:5800
- C:\Windows\System\QNOmJza.exe
  C:\Windows\System\QNOmJza.exe
  2⤵
  PID:5980
- C:\Windows\System\zswvRYZ.exe
  C:\Windows\System\zswvRYZ.exe
  2⤵
  PID:6016
- C:\Windows\System\DMjEmHr.exe
  C:\Windows\System\DMjEmHr.exe
  2⤵
  PID:6020
- C:\Windows\System\CybNrNC.exe
  C:\Windows\System\CybNrNC.exe
  2⤵
  PID:6100
- C:\Windows\System\WLccsAs.exe
  C:\Windows\System\WLccsAs.exe
  2⤵
  PID:6140
- C:\Windows\System\dWlumAx.exe
  C:\Windows\System\dWlumAx.exe
  2⤵
  PID:5952
- C:\Windows\System\tnFUxwQ.exe
  C:\Windows\System\tnFUxwQ.exe
  2⤵
  PID:4788
- C:\Windows\System\QhTiYlU.exe
  C:\Windows\System\QhTiYlU.exe
  2⤵
  PID:5996
- C:\Windows\System\fFkOdwV.exe
  C:\Windows\System\fFkOdwV.exe
  2⤵
  PID:4968
- C:\Windows\System\ughARrv.exe
  C:\Windows\System\ughARrv.exe
  2⤵
  PID:6044
- C:\Windows\System\dOBtiBv.exe
  C:\Windows\System\dOBtiBv.exe
  2⤵
  PID:6072
- C:\Windows\System\tEXHHXX.exe
  C:\Windows\System\tEXHHXX.exe
  2⤵
  PID:5188
- C:\Windows\System\qZvraHG.exe
  C:\Windows\System\qZvraHG.exe
  2⤵
  PID:6120
- C:\Windows\System\WbaCZfG.exe
  C:\Windows\System\WbaCZfG.exe
  2⤵
  PID:5308
- C:\Windows\System\VjEtRIm.exe
  C:\Windows\System\VjEtRIm.exe
  2⤵
  PID:2864
- C:\Windows\System\PEZWvct.exe
  C:\Windows\System\PEZWvct.exe
  2⤵
  PID:4576
- C:\Windows\System\WSUbTcC.exe
  C:\Windows\System\WSUbTcC.exe
  2⤵
  PID:5596
- C:\Windows\System\NsKjlmt.exe
  C:\Windows\System\NsKjlmt.exe
  2⤵
  PID:5676
- C:\Windows\System\kjYHRDB.exe
  C:\Windows\System\kjYHRDB.exe
  2⤵
  PID:3876
- C:\Windows\System\ciwtfLi.exe
  C:\Windows\System\ciwtfLi.exe
  2⤵
  PID:3948
- C:\Windows\System\kjAMrtW.exe
  C:\Windows\System\kjAMrtW.exe
  2⤵
  PID:5796
- C:\Windows\System\APadXjq.exe
  C:\Windows\System\APadXjq.exe
  2⤵
  PID:4380
- C:\Windows\System\qdPybSX.exe
  C:\Windows\System\qdPybSX.exe
  2⤵
  PID:6096
- C:\Windows\System\CVMzGvL.exe
  C:\Windows\System\CVMzGvL.exe
  2⤵
  PID:4580
- C:\Windows\System\hnLaMIM.exe
  C:\Windows\System\hnLaMIM.exe
  2⤵
  PID:5192
- C:\Windows\System\SpoHbut.exe
  C:\Windows\System\SpoHbut.exe
  2⤵
  PID:5260
- C:\Windows\System\tXPCyFr.exe
  C:\Windows\System\tXPCyFr.exe
  2⤵
  PID:6032
- C:\Windows\System\FHdhRsv.exe
  C:\Windows\System\FHdhRsv.exe
  2⤵
  PID:4504
- C:\Windows\System\kJIoxKV.exe
  C:\Windows\System\kJIoxKV.exe
  2⤵
  PID:5448
- C:\Windows\System\bKIFRlm.exe
  C:\Windows\System\bKIFRlm.exe
  2⤵
  PID:2344
- C:\Windows\System\WCTyfcA.exe
  C:\Windows\System\WCTyfcA.exe
  2⤵
  PID:5716
- C:\Windows\System\CFVRQVZ.exe
  C:\Windows\System\CFVRQVZ.exe
  2⤵
  PID:4416
- C:\Windows\System\NqMzUCy.exe
  C:\Windows\System\NqMzUCy.exe
  2⤵
  PID:5432
- C:\Windows\System\gdlgBQn.exe
  C:\Windows\System\gdlgBQn.exe
  2⤵
  PID:5360
- C:\Windows\System\ThvBjfT.exe
  C:\Windows\System\ThvBjfT.exe
  2⤵
  PID:6156
- C:\Windows\System\WAnZAsg.exe
  C:\Windows\System\WAnZAsg.exe
  2⤵
  PID:6176
- C:\Windows\System\MaqAwdX.exe
  C:\Windows\System\MaqAwdX.exe
  2⤵
  PID:6196
- C:\Windows\System\HcoExYP.exe
  C:\Windows\System\HcoExYP.exe
  2⤵
  PID:6216
- C:\Windows\System\nQlCJpD.exe
  C:\Windows\System\nQlCJpD.exe
  2⤵
  PID:6236
- C:\Windows\System\upDuQPv.exe
  C:\Windows\System\upDuQPv.exe
  2⤵
  PID:6252
- C:\Windows\System\eQyesln.exe
  C:\Windows\System\eQyesln.exe
  2⤵
  PID:6276
- C:\Windows\System\iOZWBtL.exe
  C:\Windows\System\iOZWBtL.exe
  2⤵
  PID:6292
- C:\Windows\System\KeMzVkF.exe
  C:\Windows\System\KeMzVkF.exe
  2⤵
  PID:6312
- C:\Windows\System\KoGoHuG.exe
  C:\Windows\System\KoGoHuG.exe
  2⤵
  PID:6336
- C:\Windows\System\zZKiBiy.exe
  C:\Windows\System\zZKiBiy.exe
  2⤵
  PID:6352
- C:\Windows\System\ZoPLsQe.exe
  C:\Windows\System\ZoPLsQe.exe
  2⤵
  PID:6368
- C:\Windows\System\XyzBukk.exe
  C:\Windows\System\XyzBukk.exe
  2⤵
  PID:6392
- C:\Windows\System\WHUTgxv.exe
  C:\Windows\System\WHUTgxv.exe
  2⤵
  PID:6408
- C:\Windows\System\qhbjcIh.exe
  C:\Windows\System\qhbjcIh.exe
  2⤵
  PID:6432
- C:\Windows\System\IYLKbwt.exe
  C:\Windows\System\IYLKbwt.exe
  2⤵
  PID:6448
- C:\Windows\System\LaIHigJ.exe
  C:\Windows\System\LaIHigJ.exe
  2⤵
  PID:6472
- C:\Windows\System\NTMnmYl.exe
  C:\Windows\System\NTMnmYl.exe
  2⤵
  PID:6488
- C:\Windows\System\OSUjBxG.exe
  C:\Windows\System\OSUjBxG.exe
  2⤵
  PID:6512
- C:\Windows\System\lAvTMdM.exe
  C:\Windows\System\lAvTMdM.exe
  2⤵
  PID:6528
- C:\Windows\System\kVNDXGi.exe
  C:\Windows\System\kVNDXGi.exe
  2⤵
  PID:6548
- C:\Windows\System\FrovrPs.exe
  C:\Windows\System\FrovrPs.exe
  2⤵
  PID:6568
- C:\Windows\System\YqHfQQO.exe
  C:\Windows\System\YqHfQQO.exe
  2⤵
  PID:6588
- C:\Windows\System\zPTFdLu.exe
  C:\Windows\System\zPTFdLu.exe
  2⤵
  PID:6604
- C:\Windows\System\BGAjrxy.exe
  C:\Windows\System\BGAjrxy.exe
  2⤵
  PID:6628
- C:\Windows\System\KjxstqK.exe
  C:\Windows\System\KjxstqK.exe
  2⤵
  PID:6644
- C:\Windows\System\UwAWzcM.exe
  C:\Windows\System\UwAWzcM.exe
  2⤵
  PID:6668
- C:\Windows\System\OJFyhBw.exe
  C:\Windows\System\OJFyhBw.exe
  2⤵
  PID:6684
- C:\Windows\System\IbszxFy.exe
  C:\Windows\System\IbszxFy.exe
  2⤵
  PID:6704
- C:\Windows\System\zhcxGLu.exe
  C:\Windows\System\zhcxGLu.exe
  2⤵
  PID:6720
- C:\Windows\System\abnUNnp.exe
  C:\Windows\System\abnUNnp.exe
  2⤵
  PID:6736
- C:\Windows\System\rvNkkbM.exe
  C:\Windows\System\rvNkkbM.exe
  2⤵
  PID:6756
- C:\Windows\System\enPBJeR.exe
  C:\Windows\System\enPBJeR.exe
  2⤵
  PID:6780
- C:\Windows\System\GZTGCAm.exe
  C:\Windows\System\GZTGCAm.exe
  2⤵
  PID:6796
- C:\Windows\System\OYEpvon.exe
  C:\Windows\System\OYEpvon.exe
  2⤵
  PID:6812
- C:\Windows\System\KkDBVsV.exe
  C:\Windows\System\KkDBVsV.exe
  2⤵
  PID:6828
- C:\Windows\System\DtGOrpH.exe
  C:\Windows\System\DtGOrpH.exe
  2⤵
  PID:6844
- C:\Windows\System\OHwjGXP.exe
  C:\Windows\System\OHwjGXP.exe
  2⤵
  PID:6860
- C:\Windows\System\CCSbiTP.exe
  C:\Windows\System\CCSbiTP.exe
  2⤵
  PID:6876
- C:\Windows\System\SrSLslr.exe
  C:\Windows\System\SrSLslr.exe
  2⤵
  PID:6892
- C:\Windows\System\lMnFtjt.exe
  C:\Windows\System\lMnFtjt.exe
  2⤵
  PID:6912
- C:\Windows\System\ModOBeP.exe
  C:\Windows\System\ModOBeP.exe
  2⤵
  PID:6928
- C:\Windows\System\YHNGsfK.exe
  C:\Windows\System\YHNGsfK.exe
  2⤵
  PID:6948
- C:\Windows\System\jwKHgFp.exe
  C:\Windows\System\jwKHgFp.exe
  2⤵
  PID:6968
- C:\Windows\System\LJMEOAX.exe
  C:\Windows\System\LJMEOAX.exe
  2⤵
  PID:6984
- C:\Windows\System\txYWVQE.exe
  C:\Windows\System\txYWVQE.exe
  2⤵
  PID:7004
- C:\Windows\System\qqCaaNe.exe
  C:\Windows\System\qqCaaNe.exe
  2⤵
  PID:7024
- C:\Windows\System\nfANCHB.exe
  C:\Windows\System\nfANCHB.exe
  2⤵
  PID:7040
- C:\Windows\System\YbYjRpz.exe
  C:\Windows\System\YbYjRpz.exe
  2⤵
  PID:7060
- C:\Windows\System\xJoIodi.exe
  C:\Windows\System\xJoIodi.exe
  2⤵
  PID:7076
- C:\Windows\System\IOzWXCa.exe
  C:\Windows\System\IOzWXCa.exe
  2⤵
  PID:7096
- C:\Windows\System\tlvSepd.exe
  C:\Windows\System\tlvSepd.exe
  2⤵
  PID:7112
- C:\Windows\System\CvWLLqJ.exe
  C:\Windows\System\CvWLLqJ.exe
  2⤵
  PID:5844
- C:\Windows\System\fOfSXrB.exe
  C:\Windows\System\fOfSXrB.exe
  2⤵
  PID:5744
- C:\Windows\System\kpuGCuw.exe
  C:\Windows\System\kpuGCuw.exe
  2⤵
  PID:5780
- C:\Windows\System\nDcXTdF.exe
  C:\Windows\System\nDcXTdF.exe
  2⤵
  PID:5860
- C:\Windows\System\HLeaQDf.exe
  C:\Windows\System\HLeaQDf.exe
  2⤵
  PID:6164
- C:\Windows\System\igArRjF.exe
  C:\Windows\System\igArRjF.exe
  2⤵
  PID:6204
- C:\Windows\System\OQJbbSo.exe
  C:\Windows\System\OQJbbSo.exe
  2⤵
  PID:6288
- C:\Windows\System\LmmDMpc.exe
  C:\Windows\System\LmmDMpc.exe
  2⤵
  PID:6332
- C:\Windows\System\zWGRMMo.exe
  C:\Windows\System\zWGRMMo.exe
  2⤵
  PID:5880
- C:\Windows\System\kfzgmRb.exe
  C:\Windows\System\kfzgmRb.exe
  2⤵
  PID:6132
- C:\Windows\System\xTVczaq.exe
  C:\Windows\System\xTVczaq.exe
  2⤵
  PID:5960
- C:\Windows\System\JNGjWha.exe
  C:\Windows\System\JNGjWha.exe
  2⤵
  PID:6080
- C:\Windows\System\GAVkfUE.exe
  C:\Windows\System\GAVkfUE.exe
  2⤵
  PID:5132
- C:\Windows\System\rtKUFuo.exe
  C:\Windows\System\rtKUFuo.exe
  2⤵
  PID:6384
- C:\Windows\System\eCLxXdV.exe
  C:\Windows\System\eCLxXdV.exe
  2⤵
  PID:5376
- C:\Windows\System\CYOVKrD.exe
  C:\Windows\System\CYOVKrD.exe
  2⤵
  PID:6428
- C:\Windows\System\BpMwOfx.exe
  C:\Windows\System\BpMwOfx.exe
  2⤵
  PID:6456
- C:\Windows\System\jLOcGrh.exe
  C:\Windows\System\jLOcGrh.exe
  2⤵
  PID:5656
- C:\Windows\System\oGbAeZN.exe
  C:\Windows\System\oGbAeZN.exe
  2⤵
  PID:6744
- C:\Windows\System\txzNInN.exe
  C:\Windows\System\txzNInN.exe
  2⤵
  PID:5292
- C:\Windows\System\sqOmvtZ.exe
  C:\Windows\System\sqOmvtZ.exe
  2⤵
  PID:6500
- C:\Windows\System\zzdaIqc.exe
  C:\Windows\System\zzdaIqc.exe
  2⤵
  PID:6504
- C:\Windows\System\SAnrkUS.exe
  C:\Windows\System\SAnrkUS.exe
  2⤵
  PID:6540
- C:\Windows\System\WVxZYAg.exe
  C:\Windows\System\WVxZYAg.exe
  2⤵
  PID:6580
- C:\Windows\System\OyraBrt.exe
  C:\Windows\System\OyraBrt.exe
  2⤵
  PID:6616
- C:\Windows\System\CfuGlyj.exe
  C:\Windows\System\CfuGlyj.exe
  2⤵
  PID:6224
- C:\Windows\System\YsJxhJn.exe
  C:\Windows\System\YsJxhJn.exe
  2⤵
  PID:6260
- C:\Windows\System\eBsWKbB.exe
  C:\Windows\System\eBsWKbB.exe
  2⤵
  PID:6656
- C:\Windows\System\HSmwfUT.exe
  C:\Windows\System\HSmwfUT.exe
  2⤵
  PID:6692
- C:\Windows\System\jYrclNe.exe
  C:\Windows\System\jYrclNe.exe
  2⤵
  PID:4900
- C:\Windows\System\JBxeYHF.exe
  C:\Windows\System\JBxeYHF.exe
  2⤵
  PID:3816
- C:\Windows\System\YwArWvc.exe
  C:\Windows\System\YwArWvc.exe
  2⤵
  PID:2748
- C:\Windows\System\AfNADzW.exe
  C:\Windows\System\AfNADzW.exe
  2⤵
  PID:6344
- C:\Windows\System\ZYtDJtt.exe
  C:\Windows\System\ZYtDJtt.exe
  2⤵
  PID:1560
- C:\Windows\System\jlogHIZ.exe
  C:\Windows\System\jlogHIZ.exe
  2⤵
  PID:6936
- C:\Windows\System\GsYMtHI.exe
  C:\Windows\System\GsYMtHI.exe
  2⤵
  PID:6980
- C:\Windows\System\sszqkTf.exe
  C:\Windows\System\sszqkTf.exe
  2⤵
  PID:6852
- C:\Windows\System\qvCyxpq.exe
  C:\Windows\System\qvCyxpq.exe
  2⤵
  PID:6888
- C:\Windows\System\fNwDKPP.exe
  C:\Windows\System\fNwDKPP.exe
  2⤵
  PID:6992
- C:\Windows\System\eKVlJeq.exe
  C:\Windows\System\eKVlJeq.exe
  2⤵
  PID:7048
- C:\Windows\System\PYPEsVu.exe
  C:\Windows\System\PYPEsVu.exe
  2⤵
  PID:7092
- C:\Windows\System\yNGCwzy.exe
  C:\Windows\System\yNGCwzy.exe
  2⤵
  PID:6184
- C:\Windows\System\wCgZTKK.exe
  C:\Windows\System\wCgZTKK.exe
  2⤵
  PID:6564
- C:\Windows\System\NpMdzKv.exe
  C:\Windows\System\NpMdzKv.exe
  2⤵
  PID:6600
- C:\Windows\System\JSvwCsK.exe
  C:\Windows\System\JSvwCsK.exe
  2⤵
  PID:5356
- C:\Windows\System\EMRHEwq.exe
  C:\Windows\System\EMRHEwq.exe
  2⤵
  PID:2636
- C:\Windows\System\wYKuisU.exe
  C:\Windows\System\wYKuisU.exe
  2⤵
  PID:2628
- C:\Windows\System\SuJZxyX.exe
  C:\Windows\System\SuJZxyX.exe
  2⤵
  PID:1648
- C:\Windows\System\bqOEfDX.exe
  C:\Windows\System\bqOEfDX.exe
  2⤵
  PID:6188
- C:\Windows\System\zidCRYY.exe
  C:\Windows\System\zidCRYY.exe
  2⤵
  PID:6868
- C:\Windows\System\ARFisBs.exe
  C:\Windows\System\ARFisBs.exe
  2⤵
  PID:2656
- C:\Windows\System\EpNhDQc.exe
  C:\Windows\System\EpNhDQc.exe
  2⤵
  PID:6652
- C:\Windows\System\ESNinvh.exe
  C:\Windows\System\ESNinvh.exe
  2⤵
  PID:6732
- C:\Windows\System\oXdxKbn.exe
  C:\Windows\System\oXdxKbn.exe
  2⤵
  PID:6976
- C:\Windows\System\EEJKtTT.exe
  C:\Windows\System\EEJKtTT.exe
  2⤵
  PID:5152
- C:\Windows\System\oaayRmT.exe
  C:\Windows\System\oaayRmT.exe
  2⤵
  PID:2640
- C:\Windows\System\bLQTrON.exe
  C:\Windows\System\bLQTrON.exe
  2⤵
  PID:3000
- C:\Windows\System\bjXEtZZ.exe
  C:\Windows\System\bjXEtZZ.exe
  2⤵
  PID:5352
- C:\Windows\System\GLgjSdx.exe
  C:\Windows\System\GLgjSdx.exe
  2⤵
  PID:6248
- C:\Windows\System\ypEMCJB.exe
  C:\Windows\System\ypEMCJB.exe
  2⤵
  PID:5940
- C:\Windows\System\sjhGEXR.exe
  C:\Windows\System\sjhGEXR.exe
  2⤵
  PID:6480
- C:\Windows\System\MHPLQAc.exe
  C:\Windows\System\MHPLQAc.exe
  2⤵
  PID:6508
- C:\Windows\System\aZRNOMa.exe
  C:\Windows\System\aZRNOMa.exe
  2⤵
  PID:5136
- C:\Windows\System\JDQdSjG.exe
  C:\Windows\System\JDQdSjG.exe
  2⤵
  PID:6268
- C:\Windows\System\ZxHMaYL.exe
  C:\Windows\System\ZxHMaYL.exe
  2⤵
  PID:6308
- C:\Windows\System\PkHDCKt.exe
  C:\Windows\System\PkHDCKt.exe
  2⤵
  PID:6776
- C:\Windows\System\HpVMFgO.exe
  C:\Windows\System\HpVMFgO.exe
  2⤵
  PID:6908
- C:\Windows\System\poDeXpG.exe
  C:\Windows\System\poDeXpG.exe
  2⤵
  PID:6960
- C:\Windows\System\IgeMzgt.exe
  C:\Windows\System\IgeMzgt.exe
  2⤵
  PID:5604
- C:\Windows\System\BoCtdPX.exe
  C:\Windows\System\BoCtdPX.exe
  2⤵
  PID:3040
- C:\Windows\System\xuMywzM.exe
  C:\Windows\System\xuMywzM.exe
  2⤵
  PID:1524
- C:\Windows\System\HDcgAEZ.exe
  C:\Windows\System\HDcgAEZ.exe
  2⤵
  PID:1496
- C:\Windows\System\KdEkZWY.exe
  C:\Windows\System\KdEkZWY.exe
  2⤵
  PID:3056
- C:\Windows\System\aBtEnMR.exe
  C:\Windows\System\aBtEnMR.exe
  2⤵
  PID:1520
- C:\Windows\System\ZQKTjsR.exe
  C:\Windows\System\ZQKTjsR.exe
  2⤵
  PID:2416
- C:\Windows\System\bBUemju.exe
  C:\Windows\System\bBUemju.exe
  2⤵
  PID:2996
- C:\Windows\System\NAoMhzw.exe
  C:\Windows\System\NAoMhzw.exe
  2⤵
  PID:5856
- C:\Windows\System\pNTjBhw.exe
  C:\Windows\System\pNTjBhw.exe
  2⤵
  PID:5884
- C:\Windows\System\fuaSOqE.exe
  C:\Windows\System\fuaSOqE.exe
  2⤵
  PID:5924
- C:\Windows\System\IRhZVJP.exe
  C:\Windows\System\IRhZVJP.exe
  2⤵
  PID:2104
- C:\Windows\System\reMmLyP.exe
  C:\Windows\System\reMmLyP.exe
  2⤵
  PID:2856
- C:\Windows\System\huxRySZ.exe
  C:\Windows\System\huxRySZ.exe
  2⤵
  PID:6420
- C:\Windows\System\aJtQtpm.exe
  C:\Windows\System\aJtQtpm.exe
  2⤵
  PID:6152
- C:\Windows\System\pWbrLWI.exe
  C:\Windows\System\pWbrLWI.exe
  2⤵
  PID:2724
- C:\Windows\System\hsFWrZe.exe
  C:\Windows\System\hsFWrZe.exe
  2⤵
  PID:2388
- C:\Windows\System\qKGRhiL.exe
  C:\Windows\System\qKGRhiL.exe
  2⤵
  PID:6576
- C:\Windows\System\vCvdjjD.exe
  C:\Windows\System\vCvdjjD.exe
  2⤵
  PID:7124
- C:\Windows\System\GPvlezm.exe
  C:\Windows\System\GPvlezm.exe
  2⤵
  PID:6444
- C:\Windows\System\bIWoonT.exe
  C:\Windows\System\bIWoonT.exe
  2⤵
  PID:6264
- C:\Windows\System\GreDYdC.exe
  C:\Windows\System\GreDYdC.exe
  2⤵
  PID:6944
- C:\Windows\System\hcohoMn.exe
  C:\Windows\System\hcohoMn.exe
  2⤵
  PID:5784
- C:\Windows\System\ugXTQAu.exe
  C:\Windows\System\ugXTQAu.exe
  2⤵
  PID:4728
- C:\Windows\System\nXdYOjM.exe
  C:\Windows\System\nXdYOjM.exe
  2⤵
  PID:6612
- C:\Windows\System\LXxhniv.exe
  C:\Windows\System\LXxhniv.exe
  2⤵
  PID:5396
- C:\Windows\System\azkYkFf.exe
  C:\Windows\System\azkYkFf.exe
  2⤵
  PID:7056
- C:\Windows\System\SJqtKgT.exe
  C:\Windows\System\SJqtKgT.exe
  2⤵
  PID:1772
- C:\Windows\System\BsYhuVG.exe
  C:\Windows\System\BsYhuVG.exe
  2⤵
  PID:6772
- C:\Windows\System\inzlcOk.exe
  C:\Windows\System\inzlcOk.exe
  2⤵
  PID:2304
- C:\Windows\System\GxWPsXi.exe
  C:\Windows\System\GxWPsXi.exe
  2⤵
  PID:1640
- C:\Windows\System\nVonVMo.exe
  C:\Windows\System\nVonVMo.exe
  2⤵
  PID:1528
- C:\Windows\System\zkfMGYe.exe
  C:\Windows\System\zkfMGYe.exe
  2⤵
  PID:2424
- C:\Windows\System\fTJIBxL.exe
  C:\Windows\System\fTJIBxL.exe
  2⤵
  PID:6324
- C:\Windows\System\zteMZSz.exe
  C:\Windows\System\zteMZSz.exe
  2⤵
  PID:6524
- C:\Windows\System\tzVXqLm.exe
  C:\Windows\System\tzVXqLm.exe
  2⤵
  PID:6364
- C:\Windows\System\TdUefJX.exe
  C:\Windows\System\TdUefJX.exe
  2⤵
  PID:2164
- C:\Windows\System\uiMhnBU.exe
  C:\Windows\System\uiMhnBU.exe
  2⤵
  PID:5520
- C:\Windows\System\BenjLwe.exe
  C:\Windows\System\BenjLwe.exe
  2⤵
  PID:6596
- C:\Windows\System\QCeytXa.exe
  C:\Windows\System\QCeytXa.exe
  2⤵
  PID:6424
- C:\Windows\System\kuMWQNh.exe
  C:\Windows\System\kuMWQNh.exe
  2⤵
  PID:6836
- C:\Windows\System\LlVAOOy.exe
  C:\Windows\System\LlVAOOy.exe
  2⤵
  PID:7012
- C:\Windows\System\XznUcSR.exe
  C:\Windows\System\XznUcSR.exe
  2⤵
  PID:6440
- C:\Windows\System\CSowjYj.exe
  C:\Windows\System\CSowjYj.exe
  2⤵
  PID:2692
- C:\Windows\System\hCICwaY.exe
  C:\Windows\System\hCICwaY.exe
  2⤵
  PID:5592
- C:\Windows\System\QOrkiBE.exe
  C:\Windows\System\QOrkiBE.exe
  2⤵
  PID:7176
- C:\Windows\System\WMNDcBQ.exe
  C:\Windows\System\WMNDcBQ.exe
  2⤵
  PID:7192
- C:\Windows\System\wDvPdAO.exe
  C:\Windows\System\wDvPdAO.exe
  2⤵
  PID:7208
- C:\Windows\System\zmMaFXQ.exe
  C:\Windows\System\zmMaFXQ.exe
  2⤵
  PID:7232
- C:\Windows\System\mZkkKQk.exe
  C:\Windows\System\mZkkKQk.exe
  2⤵
  PID:7380
- C:\Windows\System\SbRdWVU.exe
  C:\Windows\System\SbRdWVU.exe
  2⤵
  PID:7404
- C:\Windows\System\QBjXvGU.exe
  C:\Windows\System\QBjXvGU.exe
  2⤵
  PID:7424
- C:\Windows\System\pDtfkAv.exe
  C:\Windows\System\pDtfkAv.exe
  2⤵
  PID:7440
- C:\Windows\System\smfICgx.exe
  C:\Windows\System\smfICgx.exe
  2⤵
  PID:7460
- C:\Windows\System\BqQqkwm.exe
  C:\Windows\System\BqQqkwm.exe
  2⤵
  PID:7476
- C:\Windows\System\Pajovcq.exe
  C:\Windows\System\Pajovcq.exe
  2⤵
  PID:7492
- C:\Windows\System\QJKTUsY.exe
  C:\Windows\System\QJKTUsY.exe
  2⤵
  PID:7524
- C:\Windows\System\VplKQAl.exe
  C:\Windows\System\VplKQAl.exe
  2⤵
  PID:7540
- C:\Windows\System\VPubVHb.exe
  C:\Windows\System\VPubVHb.exe
  2⤵
  PID:7556
- C:\Windows\System\BHGedzv.exe
  C:\Windows\System\BHGedzv.exe
  2⤵
  PID:7572
- C:\Windows\System\RmPJmKx.exe
  C:\Windows\System\RmPJmKx.exe
  2⤵
  PID:7588
- C:\Windows\System\kLLWrsH.exe
  C:\Windows\System\kLLWrsH.exe
  2⤵
  PID:7604
- C:\Windows\System\xuFRjsy.exe
  C:\Windows\System\xuFRjsy.exe
  2⤵
  PID:7620
- C:\Windows\System\JYcpGys.exe
  C:\Windows\System\JYcpGys.exe
  2⤵
  PID:7636
- C:\Windows\System\lGWJtdK.exe
  C:\Windows\System\lGWJtdK.exe
  2⤵
  PID:7652
- C:\Windows\System\NfvnVXm.exe
  C:\Windows\System\NfvnVXm.exe
  2⤵
  PID:7668
- C:\Windows\System\mgWltJV.exe
  C:\Windows\System\mgWltJV.exe
  2⤵
  PID:7684
- C:\Windows\System\WJfuKqc.exe
  C:\Windows\System\WJfuKqc.exe
  2⤵
  PID:7700
- C:\Windows\System\LDQkVZC.exe
  C:\Windows\System\LDQkVZC.exe
  2⤵
  PID:7716
- C:\Windows\System\DxkbUiw.exe
  C:\Windows\System\DxkbUiw.exe
  2⤵
  PID:7732
- C:\Windows\System\UrFUySi.exe
  C:\Windows\System\UrFUySi.exe
  2⤵
  PID:7752
- C:\Windows\System\UUepLOG.exe
  C:\Windows\System\UUepLOG.exe
  2⤵
  PID:7768
- C:\Windows\System\DJjaAKa.exe
  C:\Windows\System\DJjaAKa.exe
  2⤵
  PID:7784
- C:\Windows\System\ZUrWlVd.exe
  C:\Windows\System\ZUrWlVd.exe
  2⤵
  PID:7804
- C:\Windows\System\EAVssdX.exe
  C:\Windows\System\EAVssdX.exe
  2⤵
  PID:7824
- C:\Windows\System\ufgeCOF.exe
  C:\Windows\System\ufgeCOF.exe
  2⤵
  PID:7844
- C:\Windows\System\HBMIblS.exe
  C:\Windows\System\HBMIblS.exe
  2⤵
  PID:7860
- C:\Windows\System\ebaPgwB.exe
  C:\Windows\System\ebaPgwB.exe
  2⤵
  PID:7884
- C:\Windows\System\zlHiRXp.exe
  C:\Windows\System\zlHiRXp.exe
  2⤵
  PID:7904
- C:\Windows\System\PLuBlfQ.exe
  C:\Windows\System\PLuBlfQ.exe
  2⤵
  PID:7924
- C:\Windows\System\GmIJZpb.exe
  C:\Windows\System\GmIJZpb.exe
  2⤵
  PID:7948
- C:\Windows\System\jsaUOla.exe
  C:\Windows\System\jsaUOla.exe
  2⤵
  PID:7964
- C:\Windows\System\Zkquucp.exe
  C:\Windows\System\Zkquucp.exe
  2⤵
  PID:7984
- C:\Windows\System\uneDdYS.exe
  C:\Windows\System\uneDdYS.exe
  2⤵
  PID:8004
- C:\Windows\System\VCbJKZl.exe
  C:\Windows\System\VCbJKZl.exe
  2⤵
  PID:8024
- C:\Windows\System\hBySUAr.exe
  C:\Windows\System\hBySUAr.exe
  2⤵
  PID:8048
- C:\Windows\System\HpbPtfe.exe
  C:\Windows\System\HpbPtfe.exe
  2⤵
  PID:8068
- C:\Windows\System\cuVVepX.exe
  C:\Windows\System\cuVVepX.exe
  2⤵
  PID:8088
- C:\Windows\System\rpcODSb.exe
  C:\Windows\System\rpcODSb.exe
  2⤵
  PID:8108
- C:\Windows\System\NeCSQUa.exe
  C:\Windows\System\NeCSQUa.exe
  2⤵
  PID:8124
- C:\Windows\System\QROjPlP.exe
  C:\Windows\System\QROjPlP.exe
  2⤵
  PID:8144
- C:\Windows\System\kYRdPQN.exe
  C:\Windows\System\kYRdPQN.exe
  2⤵
  PID:8160
- C:\Windows\System\QRFOtQn.exe
  C:\Windows\System\QRFOtQn.exe
  2⤵
  PID:8180
- C:\Windows\System\ePCRpCq.exe
  C:\Windows\System\ePCRpCq.exe
  2⤵
  PID:6840
- C:\Windows\System\EekFiFG.exe
  C:\Windows\System\EekFiFG.exe
  2⤵
  PID:4068
- C:\Windows\System\GcnjYlg.exe
  C:\Windows\System\GcnjYlg.exe
  2⤵
  PID:1232
- C:\Windows\System\OsDbHUA.exe
  C:\Windows\System\OsDbHUA.exe
  2⤵
  PID:6116
- C:\Windows\System\GxLSJSt.exe
  C:\Windows\System\GxLSJSt.exe
  2⤵
  PID:6820
- C:\Windows\System\lYfVQns.exe
  C:\Windows\System\lYfVQns.exe
  2⤵
  PID:6872
- C:\Windows\System\gOHCAmA.exe
  C:\Windows\System\gOHCAmA.exe
  2⤵
  PID:6956
- C:\Windows\System\gcUXhXR.exe
  C:\Windows\System\gcUXhXR.exe
  2⤵
  PID:1628
- C:\Windows\System\BMInjSN.exe
  C:\Windows\System\BMInjSN.exe
  2⤵
  PID:1904
- C:\Windows\System\KXRTUyU.exe
  C:\Windows\System\KXRTUyU.exe
  2⤵
  PID:2840
- C:\Windows\System\BCXnPcT.exe
  C:\Windows\System\BCXnPcT.exe
  2⤵
  PID:7224
- C:\Windows\System\egixQln.exe
  C:\Windows\System\egixQln.exe
  2⤵
  PID:2892
- C:\Windows\System\sSVVYBs.exe
  C:\Windows\System\sSVVYBs.exe
  2⤵
  PID:7272
- C:\Windows\System\gFXxehW.exe
  C:\Windows\System\gFXxehW.exe
  2⤵
  PID:7292
- C:\Windows\System\miMoTpj.exe
  C:\Windows\System\miMoTpj.exe
  2⤵
  PID:7312
- C:\Windows\System\AlZIozN.exe
  C:\Windows\System\AlZIozN.exe
  2⤵
  PID:7324
- C:\Windows\System\lrerdsn.exe
  C:\Windows\System\lrerdsn.exe
  2⤵
  PID:7352
- C:\Windows\System\fxqutNL.exe
  C:\Windows\System\fxqutNL.exe
  2⤵
  PID:7368
- C:\Windows\System\lHzqrJk.exe
  C:\Windows\System\lHzqrJk.exe
  2⤵
  PID:7392
- C:\Windows\System\JngIemC.exe
  C:\Windows\System\JngIemC.exe
  2⤵
  PID:7412
- C:\Windows\System\dmlHfrK.exe
  C:\Windows\System\dmlHfrK.exe
  2⤵
  PID:7452
- C:\Windows\System\pCisDEW.exe
  C:\Windows\System\pCisDEW.exe
  2⤵
  PID:7420
- C:\Windows\System\wREqHyT.exe
  C:\Windows\System\wREqHyT.exe
  2⤵
  PID:7500
- C:\Windows\System\sKCGoQK.exe
  C:\Windows\System\sKCGoQK.exe
  2⤵
  PID:7536
- C:\Windows\System\FzDKFuA.exe
  C:\Windows\System\FzDKFuA.exe
  2⤵
  PID:7600
- C:\Windows\System\sBjjnKW.exe
  C:\Windows\System\sBjjnKW.exe
  2⤵
  PID:7696
- C:\Windows\System\FaoXygv.exe
  C:\Windows\System\FaoXygv.exe
  2⤵
  PID:7764
- C:\Windows\System\fMQmtEP.exe
  C:\Windows\System\fMQmtEP.exe
  2⤵
  PID:7868
- C:\Windows\System\zBRxAhg.exe
  C:\Windows\System\zBRxAhg.exe
  2⤵
  PID:7800
- C:\Windows\System\uAtKIfV.exe
  C:\Windows\System\uAtKIfV.exe
  2⤵
  PID:7996
- C:\Windows\System\xQVBVmG.exe
  C:\Windows\System\xQVBVmG.exe
  2⤵
  PID:8040
- C:\Windows\System\iihilik.exe
  C:\Windows\System\iihilik.exe
  2⤵
  PID:8116
- C:\Windows\System\vDgTRex.exe
  C:\Windows\System\vDgTRex.exe
  2⤵
  PID:8188
- C:\Windows\System\gEmrJcd.exe
  C:\Windows\System\gEmrJcd.exe
  2⤵
  PID:6768
- C:\Windows\System\ajAlpla.exe
  C:\Windows\System\ajAlpla.exe
  2⤵
  PID:7516
- C:\Windows\System\VyGnwdJ.exe
  C:\Windows\System\VyGnwdJ.exe
  2⤵
  PID:8172
- C:\Windows\System\rhuJgdO.exe
  C:\Windows\System\rhuJgdO.exe
  2⤵
  PID:6300
- C:\Windows\System\xZmECIG.exe
  C:\Windows\System\xZmECIG.exe
  2⤵
  PID:6560
- C:\Windows\System\EBHvxPq.exe
  C:\Windows\System\EBHvxPq.exe
  2⤵
  PID:7552
- C:\Windows\System\CsTLSKE.exe
  C:\Windows\System\CsTLSKE.exe
  2⤵
  PID:7612
- C:\Windows\System\otgfEjX.exe
  C:\Windows\System\otgfEjX.exe
  2⤵
  PID:7712
- C:\Windows\System\fDUMtfZ.exe
  C:\Windows\System\fDUMtfZ.exe
  2⤵
  PID:7812
- C:\Windows\System\hVGEmyW.exe
  C:\Windows\System\hVGEmyW.exe
  2⤵
  PID:7880
- C:\Windows\System\tzvnFMD.exe
  C:\Windows\System\tzvnFMD.exe
  2⤵
  PID:7920
- C:\Windows\System\LOmJMWW.exe
  C:\Windows\System\LOmJMWW.exe
  2⤵
  PID:7976
- C:\Windows\System\EuiNJYL.exe
  C:\Windows\System\EuiNJYL.exe
  2⤵
  PID:8056
- C:\Windows\System\XqwSBjl.exe
  C:\Windows\System\XqwSBjl.exe
  2⤵
  PID:8104
- C:\Windows\System\NMiSrLp.exe
  C:\Windows\System\NMiSrLp.exe
  2⤵
  PID:1740
- C:\Windows\System\CkvAUly.exe
  C:\Windows\System\CkvAUly.exe
  2⤵
  PID:1972
- C:\Windows\System\AaKucdn.exe
  C:\Windows\System\AaKucdn.exe
  2⤵
  PID:2224
- C:\Windows\System\ffsMPht.exe
  C:\Windows\System\ffsMPht.exe
  2⤵
  PID:6640
- C:\Windows\System\GaAConG.exe
  C:\Windows\System\GaAConG.exe
  2⤵
  PID:6460
- C:\Windows\System\xJhLOwe.exe
  C:\Windows\System\xJhLOwe.exe
  2⤵
  PID:7156
- C:\Windows\System\RgrXYdj.exe
  C:\Windows\System\RgrXYdj.exe
  2⤵
  PID:7360
- C:\Windows\System\qjWbeRY.exe
  C:\Windows\System\qjWbeRY.exe
  2⤵
  PID:7300
- C:\Windows\System\lnSSMrx.exe
  C:\Windows\System\lnSSMrx.exe
  2⤵
  PID:7336
- C:\Windows\System\UcznySP.exe
  C:\Windows\System\UcznySP.exe
  2⤵
  PID:7416
- C:\Windows\System\Dnsvnkj.exe
  C:\Windows\System\Dnsvnkj.exe
  2⤵
  PID:7468
- C:\Windows\System\vomaEUQ.exe
  C:\Windows\System\vomaEUQ.exe
  2⤵
  PID:7760
- C:\Windows\System\eBlmhDt.exe
  C:\Windows\System\eBlmhDt.exe
  2⤵
  PID:8036
- C:\Windows\System\QMxoyYY.exe
  C:\Windows\System\QMxoyYY.exe
  2⤵
  PID:7820
- C:\Windows\System\MtvtBGT.exe
  C:\Windows\System\MtvtBGT.exe
  2⤵
  PID:7972
- C:\Windows\System\NXUzWrh.exe
  C:\Windows\System\NXUzWrh.exe
  2⤵
  PID:1612
- C:\Windows\System\IJtHYQZ.exe
  C:\Windows\System\IJtHYQZ.exe
  2⤵
  PID:6804
- C:\Windows\System\tPxzQhT.exe
  C:\Windows\System\tPxzQhT.exe
  2⤵
  PID:792
- C:\Windows\System\qVvoGuI.exe
  C:\Windows\System\qVvoGuI.exe
  2⤵
  PID:7744
- C:\Windows\System\qPYWnMM.exe
  C:\Windows\System\qPYWnMM.exe
  2⤵
  PID:8012
- C:\Windows\System\cucZAbZ.exe
  C:\Windows\System\cucZAbZ.exe
  2⤵
  PID:7488
- C:\Windows\System\DvXIsVP.exe
  C:\Windows\System\DvXIsVP.exe
  2⤵
  PID:7632
- C:\Windows\System\gSLOOFl.exe
  C:\Windows\System\gSLOOFl.exe
  2⤵
  PID:7836
- C:\Windows\System\XSJotFa.exe
  C:\Windows\System\XSJotFa.exe
  2⤵
  PID:6664
- C:\Windows\System\TLGIHCj.exe
  C:\Windows\System\TLGIHCj.exe
  2⤵
  PID:8016
- C:\Windows\System\QLozCrR.exe
  C:\Windows\System\QLozCrR.exe
  2⤵
  PID:4860
- C:\Windows\System\fKgumiJ.exe
  C:\Windows\System\fKgumiJ.exe
  2⤵
  PID:6520
- C:\Windows\System\ElOMIPw.exe
  C:\Windows\System\ElOMIPw.exe
  2⤵
  PID:5696
- C:\Windows\System\YDQHqFr.exe
  C:\Windows\System\YDQHqFr.exe
  2⤵
  PID:7388
- C:\Windows\System\qWPjpRF.exe
  C:\Windows\System\qWPjpRF.exe
  2⤵
  PID:6404
- C:\Windows\System\ajpvvdY.exe
  C:\Windows\System\ajpvvdY.exe
  2⤵
  PID:2176
- C:\Windows\System\BsALodZ.exe
  C:\Windows\System\BsALodZ.exe
  2⤵
  PID:7308
- C:\Windows\System\YrwKLoy.exe
  C:\Windows\System\YrwKLoy.exe
  2⤵
  PID:7172
- C:\Windows\System\mBBlVrQ.exe
  C:\Windows\System\mBBlVrQ.exe
  2⤵
  PID:7216
- C:\Windows\System\IjfPwJw.exe
  C:\Windows\System\IjfPwJw.exe
  2⤵
  PID:7284
- C:\Windows\System\DPaUNTz.exe
  C:\Windows\System\DPaUNTz.exe
  2⤵
  PID:8096
- C:\Windows\System\nRcMEQz.exe
  C:\Windows\System\nRcMEQz.exe
  2⤵
  PID:7780
- C:\Windows\System\ujluXDg.exe
  C:\Windows\System\ujluXDg.exe
  2⤵
  PID:8080
- C:\Windows\System\iIjTHwU.exe
  C:\Windows\System\iIjTHwU.exe
  2⤵
  PID:6380
- C:\Windows\System\jmnHNcp.exe
  C:\Windows\System\jmnHNcp.exe
  2⤵
  PID:1492
- C:\Windows\System\ExJacFJ.exe
  C:\Windows\System\ExJacFJ.exe
  2⤵
  PID:8032
- C:\Windows\System\ewImqzB.exe
  C:\Windows\System\ewImqzB.exe
  2⤵
  PID:7944
- C:\Windows\System\HuwisXh.exe
  C:\Windows\System\HuwisXh.exe
  2⤵
  PID:7304
- C:\Windows\System\lFMGSFC.exe
  C:\Windows\System\lFMGSFC.exe
  2⤵
  PID:7692
- C:\Windows\System\OAGjITk.exe
  C:\Windows\System\OAGjITk.exe
  2⤵
  PID:2844
- C:\Windows\System\TtnVzzT.exe
  C:\Windows\System\TtnVzzT.exe
  2⤵
  PID:7584
- C:\Windows\System\hUHBGMD.exe
  C:\Windows\System\hUHBGMD.exe
  2⤵
  PID:2696
- C:\Windows\System\gKpzWRD.exe
  C:\Windows\System\gKpzWRD.exe
  2⤵
  PID:7796
- C:\Windows\System\xhiMjXo.exe
  C:\Windows\System\xhiMjXo.exe
  2⤵
  PID:6484
- C:\Windows\System\TcdqAiY.exe
  C:\Windows\System\TcdqAiY.exe
  2⤵
  PID:2992
- C:\Windows\System\xXXkCrz.exe
  C:\Windows\System\xXXkCrz.exe
  2⤵
  PID:7084
- C:\Windows\System\NRnMYwp.exe
  C:\Windows\System\NRnMYwp.exe
  2⤵
  PID:4744
- C:\Windows\System\hmooYTI.exe
  C:\Windows\System\hmooYTI.exe
  2⤵
  PID:7940
- C:\Windows\System\KaobrYy.exe
  C:\Windows\System\KaobrYy.exe
  2⤵
  PID:7580
- C:\Windows\System\NoxQiwr.exe
  C:\Windows\System\NoxQiwr.exe
  2⤵
  PID:7016
- C:\Windows\System\LFDiGgf.exe
  C:\Windows\System\LFDiGgf.exe
  2⤵
  PID:2668
- C:\Windows\System\etNfxXy.exe
  C:\Windows\System\etNfxXy.exe
  2⤵
  PID:6004
- C:\Windows\System\NPgKdfn.exe
  C:\Windows\System\NPgKdfn.exe
  2⤵
  PID:7432
- C:\Windows\System\aMTWXnI.exe
  C:\Windows\System\aMTWXnI.exe
  2⤵
  PID:7680
- C:\Windows\System\ZKRPaAr.exe
  C:\Windows\System\ZKRPaAr.exe
  2⤵
  PID:2036
- C:\Windows\System\niYhwdj.exe
  C:\Windows\System\niYhwdj.exe
  2⤵
  PID:1652
- C:\Windows\System\aUXpbxt.exe
  C:\Windows\System\aUXpbxt.exe
  2⤵
  PID:8140
- C:\Windows\System\NXpzPdD.exe
  C:\Windows\System\NXpzPdD.exe
  2⤵
  PID:7932
- C:\Windows\System\srwwdiF.exe
  C:\Windows\System\srwwdiF.exe
  2⤵
  PID:2684
- C:\Windows\System\lGHAydZ.exe
  C:\Windows\System\lGHAydZ.exe
  2⤵
  PID:8212
- C:\Windows\System\fnEzdWn.exe
  C:\Windows\System\fnEzdWn.exe
  2⤵
  PID:8228
- C:\Windows\System\pltYElv.exe
  C:\Windows\System\pltYElv.exe
  2⤵
  PID:8244
- C:\Windows\System\ZmEGdgq.exe
  C:\Windows\System\ZmEGdgq.exe
  2⤵
  PID:8260
- C:\Windows\System\GKkGZJo.exe
  C:\Windows\System\GKkGZJo.exe
  2⤵
  PID:8280
- C:\Windows\System\JdSnBgr.exe
  C:\Windows\System\JdSnBgr.exe
  2⤵
  PID:8296
- C:\Windows\System\zsyFCcO.exe
  C:\Windows\System\zsyFCcO.exe
  2⤵
  PID:8312
- C:\Windows\System\NNeyxha.exe
  C:\Windows\System\NNeyxha.exe
  2⤵
  PID:8336
- C:\Windows\System\WfRcmzY.exe
  C:\Windows\System\WfRcmzY.exe
  2⤵
  PID:8356
- C:\Windows\System\LgsvVnq.exe
  C:\Windows\System\LgsvVnq.exe
  2⤵
  PID:8376
- C:\Windows\System\wGwFDdT.exe
  C:\Windows\System\wGwFDdT.exe
  2⤵
  PID:8392
- C:\Windows\System\clmDVLX.exe
  C:\Windows\System\clmDVLX.exe
  2⤵
  PID:8412
- C:\Windows\System\MRlElcp.exe
  C:\Windows\System\MRlElcp.exe
  2⤵
  PID:8428
- C:\Windows\System\xWrhzRI.exe
  C:\Windows\System\xWrhzRI.exe
  2⤵
  PID:8444
- C:\Windows\System\CJCQTwP.exe
  C:\Windows\System\CJCQTwP.exe
  2⤵
  PID:8460
- C:\Windows\System\qcDYOhs.exe
  C:\Windows\System\qcDYOhs.exe
  2⤵
  PID:8476
- C:\Windows\System\uTnMien.exe
  C:\Windows\System\uTnMien.exe
  2⤵
  PID:8504
- C:\Windows\System\MJpwxDK.exe
  C:\Windows\System\MJpwxDK.exe
  2⤵
  PID:8520
- C:\Windows\System\AxbOzrO.exe
  C:\Windows\System\AxbOzrO.exe
  2⤵
  PID:8588
- C:\Windows\System\kFgCZkZ.exe
  C:\Windows\System\kFgCZkZ.exe
  2⤵
  PID:8604
- C:\Windows\System\OlRMUed.exe
  C:\Windows\System\OlRMUed.exe
  2⤵
  PID:8620
- C:\Windows\System\xgfOGEx.exe
  C:\Windows\System\xgfOGEx.exe
  2⤵
  PID:8636
- C:\Windows\System\VAlUkfz.exe
  C:\Windows\System\VAlUkfz.exe
  2⤵
  PID:8652
- C:\Windows\System\xHzMDrO.exe
  C:\Windows\System\xHzMDrO.exe
  2⤵
  PID:8668
- C:\Windows\System\gJDGZFq.exe
  C:\Windows\System\gJDGZFq.exe
  2⤵
  PID:8692
- C:\Windows\System\ewQdubr.exe
  C:\Windows\System\ewQdubr.exe
  2⤵
  PID:8708
- C:\Windows\System\zdArXqF.exe
  C:\Windows\System\zdArXqF.exe
  2⤵
  PID:8724
- C:\Windows\System\UIIyKrV.exe
  C:\Windows\System\UIIyKrV.exe
  2⤵
  PID:8740
- C:\Windows\System\WHbPuXO.exe
  C:\Windows\System\WHbPuXO.exe
  2⤵
  PID:8756
- C:\Windows\System\rNcEGiE.exe
  C:\Windows\System\rNcEGiE.exe
  2⤵
  PID:8772
- C:\Windows\System\ejiVcyj.exe
  C:\Windows\System\ejiVcyj.exe
  2⤵
  PID:8788
- C:\Windows\System\ATFcXol.exe
  C:\Windows\System\ATFcXol.exe
  2⤵
  PID:8804
- C:\Windows\System\fdKIDvg.exe
  C:\Windows\System\fdKIDvg.exe
  2⤵
  PID:8820
- C:\Windows\System\qglhTJg.exe
  C:\Windows\System\qglhTJg.exe
  2⤵
  PID:8836
- C:\Windows\System\oJRKVTk.exe
  C:\Windows\System\oJRKVTk.exe
  2⤵
  PID:8852
- C:\Windows\System\YVUbvie.exe
  C:\Windows\System\YVUbvie.exe
  2⤵
  PID:8868
- C:\Windows\System\VdsHkRK.exe
  C:\Windows\System\VdsHkRK.exe
  2⤵
  PID:8884
- C:\Windows\System\JmsJyov.exe
  C:\Windows\System\JmsJyov.exe
  2⤵
  PID:8904
- C:\Windows\System\YSubvNz.exe
  C:\Windows\System\YSubvNz.exe
  2⤵
  PID:8920
- C:\Windows\System\WwZvoOi.exe
  C:\Windows\System\WwZvoOi.exe
  2⤵
  PID:8936
- C:\Windows\System\HGqhbHl.exe
  C:\Windows\System\HGqhbHl.exe
  2⤵
  PID:8952
- C:\Windows\System\SDmFkkV.exe
  C:\Windows\System\SDmFkkV.exe
  2⤵
  PID:8968
- C:\Windows\System\BoRHvXa.exe
  C:\Windows\System\BoRHvXa.exe
  2⤵
  PID:8984
- C:\Windows\System\HLjOBDQ.exe
  C:\Windows\System\HLjOBDQ.exe
  2⤵
  PID:9004
- C:\Windows\System\sNtiZZQ.exe
  C:\Windows\System\sNtiZZQ.exe
  2⤵
  PID:9020
- C:\Windows\System\pHRBRmK.exe
  C:\Windows\System\pHRBRmK.exe
  2⤵
  PID:9036
- C:\Windows\System\ScIjwrS.exe
  C:\Windows\System\ScIjwrS.exe
  2⤵
  PID:9052
- C:\Windows\System\LZpCqnf.exe
  C:\Windows\System\LZpCqnf.exe
  2⤵
  PID:9068
- C:\Windows\System\mnmZFtp.exe
  C:\Windows\System\mnmZFtp.exe
  2⤵
  PID:9088
- C:\Windows\System\CDjYdyT.exe
  C:\Windows\System\CDjYdyT.exe
  2⤵
  PID:9108
- C:\Windows\System\PnlzMVo.exe
  C:\Windows\System\PnlzMVo.exe
  2⤵
  PID:9132
- C:\Windows\System\qzUcGNl.exe
  C:\Windows\System\qzUcGNl.exe
  2⤵
  PID:9148
- C:\Windows\System\xUyTfVY.exe
  C:\Windows\System\xUyTfVY.exe
  2⤵
  PID:9164
- C:\Windows\System\HjUyxtb.exe
  C:\Windows\System\HjUyxtb.exe
  2⤵
  PID:9180
- C:\Windows\System\TPnXFiO.exe
  C:\Windows\System\TPnXFiO.exe
  2⤵
  PID:9196
- C:\Windows\System\tTMzpvu.exe
  C:\Windows\System\tTMzpvu.exe
  2⤵
  PID:8220
- C:\Windows\System\XMVmZJW.exe
  C:\Windows\System\XMVmZJW.exe
  2⤵
  PID:8288
- C:\Windows\System\lSdPMOj.exe
  C:\Windows\System\lSdPMOj.exe
  2⤵
  PID:8372
- C:\Windows\System\kqEZOCB.exe
  C:\Windows\System\kqEZOCB.exe
  2⤵
  PID:8408
- C:\Windows\System\mymjJmZ.exe
  C:\Windows\System\mymjJmZ.exe
  2⤵
  PID:8472
- C:\Windows\System\FTJOoVZ.exe
  C:\Windows\System\FTJOoVZ.exe
  2⤵
  PID:8204
- C:\Windows\System\bArVSYP.exe
  C:\Windows\System\bArVSYP.exe
  2⤵
  PID:8304
- C:\Windows\System\InPxAzM.exe
  C:\Windows\System\InPxAzM.exe
  2⤵
  PID:8308
- C:\Windows\System\dIGYChS.exe
  C:\Windows\System\dIGYChS.exe
  2⤵
  PID:8388
- C:\Windows\System\mvKHRYt.exe
  C:\Windows\System\mvKHRYt.exe
  2⤵
  PID:8492
- C:\Windows\System\PLmcHFy.exe
  C:\Windows\System\PLmcHFy.exe
  2⤵
  PID:8540
- C:\Windows\System\ZctgJxG.exe
  C:\Windows\System\ZctgJxG.exe
  2⤵
  PID:8560
- C:\Windows\System\gEzhmfv.exe
  C:\Windows\System\gEzhmfv.exe
  2⤵
  PID:8576
- C:\Windows\System\dslHQlk.exe
  C:\Windows\System\dslHQlk.exe
  2⤵
  PID:8584
- C:\Windows\System\uszWZeM.exe
  C:\Windows\System\uszWZeM.exe
  2⤵
  PID:8684
- C:\Windows\System\SiJuozl.exe
  C:\Windows\System\SiJuozl.exe
  2⤵
  PID:8664
- C:\Windows\System\oMfCNFC.exe
  C:\Windows\System\oMfCNFC.exe
  2⤵
  PID:8716
- C:\Windows\System\heduLXF.exe
  C:\Windows\System\heduLXF.exe
  2⤵
  PID:8732
- C:\Windows\System\NlSQvfv.exe
  C:\Windows\System\NlSQvfv.exe
  2⤵
  PID:8796
- C:\Windows\System\srmhRVi.exe
  C:\Windows\System\srmhRVi.exe
  2⤵
  PID:8816
- C:\Windows\System\fJIFeYC.exe
  C:\Windows\System\fJIFeYC.exe
  2⤵
  PID:8848
- C:\Windows\System\zLTlvsc.exe
  C:\Windows\System\zLTlvsc.exe
  2⤵
  PID:8860
- C:\Windows\System\TOMzfnL.exe
  C:\Windows\System\TOMzfnL.exe
  2⤵
  PID:8916
- C:\Windows\System\RkonZDR.exe
  C:\Windows\System\RkonZDR.exe
  2⤵
  PID:9044
- C:\Windows\System\CGsuAeN.exe
  C:\Windows\System\CGsuAeN.exe
  2⤵
  PID:9080
- C:\Windows\System\lpEicth.exe
  C:\Windows\System\lpEicth.exe
  2⤵
  PID:8928
- C:\Windows\System\HEJynkQ.exe
  C:\Windows\System\HEJynkQ.exe
  2⤵
  PID:9032
- C:\Windows\System\BljOyyF.exe
  C:\Windows\System\BljOyyF.exe
  2⤵
  PID:8960
- C:\Windows\System\HqviHWb.exe
  C:\Windows\System\HqviHWb.exe
  2⤵
  PID:8996
- C:\Windows\System\TBMWJvf.exe
  C:\Windows\System\TBMWJvf.exe
  2⤵
  PID:9104
- C:\Windows\System\JwgxQlx.exe
  C:\Windows\System\JwgxQlx.exe
  2⤵
  PID:9172
- C:\Windows\System\EYKCdTS.exe
  C:\Windows\System\EYKCdTS.exe
  2⤵
  PID:9156
- C:\Windows\System\jxeSGME.exe
  C:\Windows\System\jxeSGME.exe
  2⤵
  PID:9160
- C:\Windows\System\PCSEOCp.exe
  C:\Windows\System\PCSEOCp.exe
  2⤵
  PID:6496
- C:\Windows\System\gtVlnmM.exe
  C:\Windows\System\gtVlnmM.exe
  2⤵
  PID:8400
- C:\Windows\System\bKNylUj.exe
  C:\Windows\System\bKNylUj.exe
  2⤵
  PID:8320
- C:\Windows\System\eWBveQL.exe
  C:\Windows\System\eWBveQL.exe
  2⤵
  PID:8404
- C:\Windows\System\HUKUuJI.exe
  C:\Windows\System\HUKUuJI.exe
  2⤵
  PID:8468
- C:\Windows\System\snjuywr.exe
  C:\Windows\System\snjuywr.exe
  2⤵
  PID:8384
- C:\Windows\System\fXyzJpr.exe
  C:\Windows\System\fXyzJpr.exe
  2⤵
  PID:8276
- C:\Windows\System\LLnvDKE.exe
  C:\Windows\System\LLnvDKE.exe
  2⤵
  PID:8456
- C:\Windows\System\rlLbdvj.exe
  C:\Windows\System\rlLbdvj.exe
  2⤵
  PID:8556
- C:\Windows\System\JotfSyi.exe
  C:\Windows\System\JotfSyi.exe
  2⤵
  PID:8536
- C:\Windows\System\UprbUMO.exe
  C:\Windows\System\UprbUMO.exe
  2⤵
  PID:8676
- C:\Windows\System\dvMewHO.exe
  C:\Windows\System\dvMewHO.exe
  2⤵
  PID:8828
- C:\Windows\System\zBiPNtA.exe
  C:\Windows\System\zBiPNtA.exe
  2⤵
  PID:9076
- C:\Windows\System\lBKFNWO.exe
  C:\Windows\System\lBKFNWO.exe
  2⤵
  PID:8964
- C:\Windows\System\IufbmTr.exe
  C:\Windows\System\IufbmTr.exe
  2⤵
  PID:8688
- C:\Windows\System\lwdAdOZ.exe
  C:\Windows\System\lwdAdOZ.exe
  2⤵
  PID:8896
- C:\Windows\System\yvWNqLi.exe
  C:\Windows\System\yvWNqLi.exe
  2⤵
  PID:8348
- C:\Windows\System\WbodkQE.exe
  C:\Windows\System\WbodkQE.exe
  2⤵
  PID:8948
- C:\Windows\System\fHfHUDK.exe
  C:\Windows\System\fHfHUDK.exe
  2⤵
  PID:8272
- C:\Windows\System\PtsdkmM.exe
  C:\Windows\System\PtsdkmM.exe
  2⤵
  PID:8488
- C:\Windows\System\bztcTri.exe
  C:\Windows\System\bztcTri.exe
  2⤵
  PID:8368
- C:\Windows\System\gRRYkCr.exe
  C:\Windows\System\gRRYkCr.exe
  2⤵
  PID:8500
- C:\Windows\System\cqnWmHu.exe
  C:\Windows\System\cqnWmHu.exe
  2⤵
  PID:8736
- C:\Windows\System\ZBhkqEy.exe
  C:\Windows\System\ZBhkqEy.exe
  2⤵
  PID:8616
- C:\Windows\System\EhMjrEG.exe
  C:\Windows\System\EhMjrEG.exe
  2⤵
  PID:8252
- C:\Windows\System\AGuPIdk.exe
  C:\Windows\System\AGuPIdk.exe
  2⤵
  PID:9096
- C:\Windows\System\AAcksCb.exe
  C:\Windows\System\AAcksCb.exe
  2⤵
  PID:8700
- C:\Windows\System\cLIcsPt.exe
  C:\Windows\System\cLIcsPt.exe
  2⤵
  PID:8680
- C:\Windows\System\QukzSGE.exe
  C:\Windows\System\QukzSGE.exe
  2⤵
  PID:8912
- C:\Windows\System\qabYPat.exe
  C:\Windows\System\qabYPat.exe
  2⤵
  PID:8424
- C:\Windows\System\HNvzZoc.exe
  C:\Windows\System\HNvzZoc.exe
  2⤵
  PID:8568
- C:\Windows\System\WRKOmOo.exe
  C:\Windows\System\WRKOmOo.exe
  2⤵
  PID:8644
- C:\Windows\System\TmQaEBd.exe
  C:\Windows\System\TmQaEBd.exe
  2⤵
  PID:584
- C:\Windows\System\ZOOiMhp.exe
  C:\Windows\System\ZOOiMhp.exe
  2⤵
  PID:8764
- C:\Windows\System\VxQnbcp.exe
  C:\Windows\System\VxQnbcp.exe
  2⤵
  PID:9144
- C:\Windows\System\ZJWejOI.exe
  C:\Windows\System\ZJWejOI.exe
  2⤵
  PID:8596
- C:\Windows\System\OArlGwS.exe
  C:\Windows\System\OArlGwS.exe
  2⤵
  PID:9220
- C:\Windows\System\iUGEQZf.exe
  C:\Windows\System\iUGEQZf.exe
  2⤵
  PID:9252
- C:\Windows\System\QTUrQhO.exe
  C:\Windows\System\QTUrQhO.exe
  2⤵
  PID:9276
- C:\Windows\System\Bjfyiev.exe
  C:\Windows\System\Bjfyiev.exe
  2⤵
  PID:9304
- C:\Windows\System\hDcpson.exe
  C:\Windows\System\hDcpson.exe
  2⤵
  PID:9324
- C:\Windows\System\aAxzgEc.exe
  C:\Windows\System\aAxzgEc.exe
  2⤵
  PID:9344
- C:\Windows\System\JpuPAYk.exe
  C:\Windows\System\JpuPAYk.exe
  2⤵
  PID:9364
- C:\Windows\System\dCtQLtO.exe
  C:\Windows\System\dCtQLtO.exe
  2⤵
  PID:9388
- C:\Windows\System\tDnuoJn.exe
  C:\Windows\System\tDnuoJn.exe
  2⤵
  PID:9404
- C:\Windows\System\JKBhkke.exe
  C:\Windows\System\JKBhkke.exe
  2⤵
  PID:9420
- C:\Windows\System\rsGopQF.exe
  C:\Windows\System\rsGopQF.exe
  2⤵
  PID:9436
- C:\Windows\System\iYxZuPE.exe
  C:\Windows\System\iYxZuPE.exe
  2⤵
  PID:9452
- C:\Windows\System\GVVYYxC.exe
  C:\Windows\System\GVVYYxC.exe
  2⤵
  PID:9468
- C:\Windows\System\SLVURyT.exe
  C:\Windows\System\SLVURyT.exe
  2⤵
  PID:9484
- C:\Windows\System\zQQgQsz.exe
  C:\Windows\System\zQQgQsz.exe
  2⤵
  PID:9500
- C:\Windows\System\TYobqGF.exe
  C:\Windows\System\TYobqGF.exe
  2⤵
  PID:9516
- C:\Windows\System\wCFjqzm.exe
  C:\Windows\System\wCFjqzm.exe
  2⤵
  PID:9532
- C:\Windows\System\bNHZrGA.exe
  C:\Windows\System\bNHZrGA.exe
  2⤵
  PID:9548
- C:\Windows\System\eCxmjnX.exe
  C:\Windows\System\eCxmjnX.exe
  2⤵
  PID:9564
- C:\Windows\System\TMlfMry.exe
  C:\Windows\System\TMlfMry.exe
  2⤵
  PID:9580
- C:\Windows\System\XGgEmAV.exe
  C:\Windows\System\XGgEmAV.exe
  2⤵
  PID:9596
- C:\Windows\System\GBuPOQM.exe
  C:\Windows\System\GBuPOQM.exe
  2⤵
  PID:9612
- C:\Windows\System\OTUYSFs.exe
  C:\Windows\System\OTUYSFs.exe
  2⤵
  PID:9628
- C:\Windows\System\oWgqdAG.exe
  C:\Windows\System\oWgqdAG.exe
  2⤵
  PID:9644
- C:\Windows\System\wyHKvED.exe
  C:\Windows\System\wyHKvED.exe
  2⤵
  PID:9660
- C:\Windows\System\yPFPCnc.exe
  C:\Windows\System\yPFPCnc.exe
  2⤵
  PID:9684
- C:\Windows\System\sAyTTMl.exe
  C:\Windows\System\sAyTTMl.exe
  2⤵
  PID:9700
- C:\Windows\System\QkueTAh.exe
  C:\Windows\System\QkueTAh.exe
  2⤵
  PID:9724
- C:\Windows\System\zyxGydu.exe
  C:\Windows\System\zyxGydu.exe
  2⤵
  PID:9812
- C:\Windows\System\GYHHWQz.exe
  C:\Windows\System\GYHHWQz.exe
  2⤵
  PID:9832
- C:\Windows\System\rYWjAyY.exe
  C:\Windows\System\rYWjAyY.exe
  2⤵
  PID:9848
- C:\Windows\System\KOkZzvC.exe
  C:\Windows\System\KOkZzvC.exe
  2⤵
  PID:9864
- C:\Windows\System\IGHoduw.exe
  C:\Windows\System\IGHoduw.exe
  2⤵
  PID:9880
- C:\Windows\System\QIJAuTb.exe
  C:\Windows\System\QIJAuTb.exe
  2⤵
  PID:9896
- C:\Windows\System\feMFhoz.exe
  C:\Windows\System\feMFhoz.exe
  2⤵
  PID:9928
- C:\Windows\System\hUdQpTq.exe
  C:\Windows\System\hUdQpTq.exe
  2⤵
  PID:9944
- C:\Windows\System\YteqsgL.exe
  C:\Windows\System\YteqsgL.exe
  2⤵
  PID:9960
- C:\Windows\System\taWbjCH.exe
  C:\Windows\System\taWbjCH.exe
  2⤵
  PID:9976
- C:\Windows\System\UnSrUBv.exe
  C:\Windows\System\UnSrUBv.exe
  2⤵
  PID:9992
- C:\Windows\System\JUfVAcP.exe
  C:\Windows\System\JUfVAcP.exe
  2⤵
  PID:10012
- C:\Windows\System\gjUZgNc.exe
  C:\Windows\System\gjUZgNc.exe
  2⤵
  PID:10032
- C:\Windows\System\rvWMUVK.exe
  C:\Windows\System\rvWMUVK.exe
  2⤵
  PID:10048
- C:\Windows\System\ylDbdCY.exe
  C:\Windows\System\ylDbdCY.exe
  2⤵
  PID:10064
- C:\Windows\System\zENwEqv.exe
  C:\Windows\System\zENwEqv.exe
  2⤵
  PID:10084
- C:\Windows\System\szRpJnI.exe
  C:\Windows\System\szRpJnI.exe
  2⤵
  PID:10100
- C:\Windows\System\mrjEuSV.exe
  C:\Windows\System\mrjEuSV.exe
  2⤵
  PID:10120
- C:\Windows\System\BHtMlZl.exe
  C:\Windows\System\BHtMlZl.exe
  2⤵
  PID:10140
- C:\Windows\System\EhAJWDc.exe
  C:\Windows\System\EhAJWDc.exe
  2⤵
  PID:10160
- C:\Windows\System\cjVfjbP.exe
  C:\Windows\System\cjVfjbP.exe
  2⤵
  PID:10176
- C:\Windows\System\pSfAaEQ.exe
  C:\Windows\System\pSfAaEQ.exe
  2⤵
  PID:10196
- C:\Windows\System\fMNtjzC.exe
  C:\Windows\System\fMNtjzC.exe
  2⤵
  PID:10216
- C:\Windows\System\TTrTFsg.exe
  C:\Windows\System\TTrTFsg.exe
  2⤵
  PID:10236
- C:\Windows\System\YJRENdz.exe
  C:\Windows\System\YJRENdz.exe
  2⤵
  PID:9120
- C:\Windows\System\rvZRBfw.exe
  C:\Windows\System\rvZRBfw.exe
  2⤵
  PID:9060
- C:\Windows\System\NPvjlaY.exe
  C:\Windows\System\NPvjlaY.exe
  2⤵
  PID:9124
- C:\Windows\System\YzGMWSu.exe
  C:\Windows\System\YzGMWSu.exe
  2⤵
  PID:9272
- C:\Windows\System\LSviQnO.exe
  C:\Windows\System\LSviQnO.exe
  2⤵
  PID:9284
- C:\Windows\System\KVtPJIL.exe
  C:\Windows\System\KVtPJIL.exe
  2⤵
  PID:9288
- C:\Windows\System\oDaPkME.exe
  C:\Windows\System\oDaPkME.exe
  2⤵
  PID:9356
- C:\Windows\System\wBkLPLA.exe
  C:\Windows\System\wBkLPLA.exe
  2⤵
  PID:9412
- C:\Windows\System\kcRimWm.exe
  C:\Windows\System\kcRimWm.exe
  2⤵
  PID:9476
- C:\Windows\System\gHgDyWm.exe
  C:\Windows\System\gHgDyWm.exe
  2⤵
  PID:9540
- C:\Windows\System\zBOjRGH.exe
  C:\Windows\System\zBOjRGH.exe
  2⤵
  PID:9604
- C:\Windows\System\twMaRjX.exe
  C:\Windows\System\twMaRjX.exe
  2⤵
  PID:9620
- C:\Windows\System\eXtKJCS.exe
  C:\Windows\System\eXtKJCS.exe
  2⤵
  PID:9460
- C:\Windows\System\mvzACPL.exe
  C:\Windows\System\mvzACPL.exe
  2⤵
  PID:9588
- C:\Windows\System\GFUZgZN.exe
  C:\Windows\System\GFUZgZN.exe
  2⤵
  PID:9668
- C:\Windows\System\ZOiOanq.exe
  C:\Windows\System\ZOiOanq.exe
  2⤵
  PID:9692
- C:\Windows\System\NTtIaCA.exe
  C:\Windows\System\NTtIaCA.exe
  2⤵
  PID:996
- C:\Windows\System\JWZMKSE.exe
  C:\Windows\System\JWZMKSE.exe
  2⤵
  PID:9744
- C:\Windows\System\lvHPxKQ.exe
  C:\Windows\System\lvHPxKQ.exe
  2⤵
  PID:9764
- C:\Windows\System\vuJvHzF.exe
  C:\Windows\System\vuJvHzF.exe
  2⤵
  PID:9892
- C:\Windows\System\TblsSop.exe
  C:\Windows\System\TblsSop.exe
  2⤵
  PID:9968
- C:\Windows\System\WDqheMk.exe
  C:\Windows\System\WDqheMk.exe
  2⤵
  PID:10008
- C:\Windows\System\RZVeGaW.exe
  C:\Windows\System\RZVeGaW.exe
  2⤵
  PID:10076
- C:\Windows\System\MVLpOoJ.exe
  C:\Windows\System\MVLpOoJ.exe
  2⤵
  PID:9916
- C:\Windows\System\ACPWhsr.exe
  C:\Windows\System\ACPWhsr.exe
  2⤵
  PID:10056
- C:\Windows\System\cbYVmQV.exe
  C:\Windows\System\cbYVmQV.exe
  2⤵
  PID:10020
- C:\Windows\System\vzWkxuD.exe
  C:\Windows\System\vzWkxuD.exe
  2⤵
  PID:10128
- C:\Windows\System\puzAnJa.exe
  C:\Windows\System\puzAnJa.exe
  2⤵
  PID:8484
- C:\Windows\System\mqfEbVK.exe
  C:\Windows\System\mqfEbVK.exe
  2⤵
  PID:9268
- C:\Windows\System\hgpvDqt.exe
  C:\Windows\System\hgpvDqt.exe
  2⤵
  PID:9300
- C:\Windows\System\EPoxMAd.exe
  C:\Windows\System\EPoxMAd.exe
  2⤵
  PID:9508
- C:\Windows\System\LYeBlnw.exe
  C:\Windows\System\LYeBlnw.exe
  2⤵
  PID:9524
- C:\Windows\System\JKWFDZt.exe
  C:\Windows\System\JKWFDZt.exe
  2⤵
  PID:9680
- C:\Windows\System\YuTBIMj.exe
  C:\Windows\System\YuTBIMj.exe
  2⤵
  PID:9740
- C:\Windows\System\jmZIdTR.exe
  C:\Windows\System\jmZIdTR.exe
  2⤵
  PID:8812
- C:\Windows\System\nxEqqnJ.exe
  C:\Windows\System\nxEqqnJ.exe
  2⤵
  PID:9204
- C:\Windows\System\hFmcYrH.exe
  C:\Windows\System\hFmcYrH.exe
  2⤵
  PID:9448
- C:\Windows\System\WRbigWl.exe
  C:\Windows\System\WRbigWl.exe
  2⤵
  PID:9572
- C:\Windows\System\WWYhnbp.exe
  C:\Windows\System\WWYhnbp.exe
  2⤵
  PID:9236
- C:\Windows\System\tETUeHR.exe
  C:\Windows\System\tETUeHR.exe
  2⤵
  PID:9428
- C:\Windows\System\lVScrIe.exe
  C:\Windows\System\lVScrIe.exe
  2⤵
  PID:9352
- C:\Windows\System\brqHnRt.exe
  C:\Windows\System\brqHnRt.exe
  2⤵
  PID:9432
- C:\Windows\System\emIiNPA.exe
  C:\Windows\System\emIiNPA.exe
  2⤵
  PID:9708
- C:\Windows\System\PSCjbWK.exe
  C:\Windows\System\PSCjbWK.exe
  2⤵
  PID:9904
- C:\Windows\System\EtXGRFP.exe
  C:\Windows\System\EtXGRFP.exe
  2⤵
  PID:9912
- C:\Windows\System\tAVmerL.exe
  C:\Windows\System\tAVmerL.exe
  2⤵
  PID:9860
- C:\Windows\System\QYMDZJP.exe
  C:\Windows\System\QYMDZJP.exe
  2⤵
  PID:9780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\GKWgVSk.exe

Filesize
6.0MB

MD5
08562d7e6fa2e1141591641cc1aaf441

SHA1
1de290b7518fd3eab38dbbbb53e3e13e95ce1087

SHA256
8c28557286e320a9f50ec14c2ab264675b27e1c64de64a9cad442539508093e0

SHA512
41ba7ad374c3216da4da012903b1944f90c38625a65d371c3d27a341cb24c942145392fafe4596c9e87d591c75f94d4f87881a9e8faaf2dc79ad6e2f556cce30

Download Submit
C:\Windows\system\HIlwxqd.exe

Filesize
6.0MB

MD5
d70739818d0292c36621b75ab4340f62

SHA1
930e0d938f8c8fd8b65ffb09df8f3157c8e3dd63

SHA256
b2a0189dae257720a7a1869d5946fa3bec7cdd2703e7f97215296c99b62ebc38

SHA512
7dbf9dce69a50f050125d41210f109c365006152b9f971a3858a82f065ac4e37864d5c83a42d2a7bef8ccd13bab354def9fb052f9c6d234e171f5edf0447d44f

Download Submit
C:\Windows\system\HiiSeIE.exe

Filesize
6.0MB

MD5
c1f78afcc993086edafeb65e99fd1e82

SHA1
bd32669f4e645b15dccb018a01125618c6038575

SHA256
2a61d3a506f6463afc1d154f83aa5120bf4635c1f4fc7bcbad8f632aee997342

SHA512
db432faa02bc9b25e29059a8f3cf532905783a86251b012bf9a83af424a6b1b1f1b4a4dc2c4e59e6ae6c059ec965bc00982d67f9f44cd6833597df807dd71114

Download Submit
C:\Windows\system\INSfJbt.exe

Filesize
6.0MB

MD5
f909232c1399f6bc0ec8cad14dd67cc4

SHA1
460b172b58ba6a8d64adfd7aa58742c3baeef4e2

SHA256
f86fcaf6437feec5a230cee01ced775e015b262a67ee2a7d8e626dcbca2aafae

SHA512
4424844bee56354a254195458f47a4a1ec75f479a420f7da3750ac00b4ba96d74982ef1b9bdbc546cc6035b84103a38362d1f9f8b13d96ec2431866488f4fce4

Download Submit
C:\Windows\system\Jhhzptn.exe

Filesize
6.0MB

MD5
d3cedd8c0c1560cd4e9eebfcbb238e21

SHA1
de347a57e3d128e59e87ff9e7f1534a083d19cfb

SHA256
d6d1c1800f70730bc291d94160bee4d0ebb8abedfbd9b36a25cbeaf3b87d1c6f

SHA512
8600addfdb6ff2252a2d5960f14e6eeb05d4dca0eaac8f0c8606a6363071e8615ee9c3f77f1ab1509cd24e8b68cabf7611532045d69dc4f056261978b5ebb01a

Download Submit
C:\Windows\system\JmXIQov.exe

Filesize
6.0MB

MD5
bf369e6e7303ba8156c8490b65d2bb97

SHA1
d49f8d879880a8d1156edfdf6fbb2d8e8d2fc049

SHA256
b83d77693af26f8632335ee3a306229012fd2ed1a90a94755df82cb7705aa472

SHA512
3e08bb323fc378a8e54cbd18d6ddf1b6adf7bcf390eff2007fb957574ab8a9f9165514ca5fb8a338b19fda36b74d7ac1a732b5996ff5dd2920fd0658a2ab4abd

Download Submit
C:\Windows\system\LYgxHSl.exe

Filesize
6.0MB

MD5
90263f16644b610f1a6fde5f74bdf8c9

SHA1
8fc77e9fe861fc50ab9c3a939bba60e00dc2f8e6

SHA256
f569ee187b665fd7ee9c3e69240782feacf16409bb6241f2f9e8df0042643037

SHA512
56446d173a354e2426e00b73ebcb31c4334c266f0b0dbcd39f2039134c0bfa6924df20d9b0f31eb6f078c26f0001e2bc08b48c5ccbe901bc7245ce218f44e258

Download Submit
C:\Windows\system\MjVslgP.exe

Filesize
6.0MB

MD5
07cbca2be1bf6031f6e2d020697ca923

SHA1
8969225cd2eb3a9dcc7ab298385045f2723eb0f9

SHA256
522e3a98775a1f47875e393cb823f205a2b81fb476aa7dc067d0392150b44d8a

SHA512
abd6c83f1f4a088c75b00cedcaf0ddd5a49da90daa0d1c7e0ee8cb0e5c761cf8b8a23d2040e030604e68b6469eacce612586f6d6490c254f9e44ab2ccfa0b5da

Download Submit
C:\Windows\system\PWAaEKz.exe

Filesize
6.0MB

MD5
22ef684eb8ccc6a23bbf44948e17b1c5

SHA1
8e2728a1ab8040e5a4862bbdcc57082d5f08bbe2

SHA256
413420abd145219f7c6fa2b8af04b79d452306611580200d456b40f60217d7a5

SHA512
4257dafa9ff60562a45aee6f22877dd44246b43d130a1215ce9040b43dcf6beb146537f2d56c0c4ea631820826a15975bac5145677feb57aadd64e2236a5bd55

Download Submit
C:\Windows\system\TNnMUyg.exe

Filesize
6.0MB

MD5
84fd969e86881b712ebf5760e82b12ee

SHA1
2ed6984fd111ad207aba222eff38cb4e21d3b65c

SHA256
2481da32c3898a1d473c39793f981fe12e1bb700d3c8458f5f53dab22e56be43

SHA512
a6f5af4a6204025d8742877969018486630b41ac7b7a4fdd198908d479994d8a49cfb6a891598b1d594352f7ec97f5c82997fd00b621269ac5c07f07296d14df

Download Submit
C:\Windows\system\VwFHOIC.exe

Filesize
6.0MB

MD5
228d3b7dccfebfad3118572bcd71be1e

SHA1
c43c8c6aa21e259abebd84d74212d06a1e03e46e

SHA256
2adf7269f8157bd9a7c7af50589182f87fb0eb1b8c0dbceac0dc9f8887a35176

SHA512
7b97b395bc38343762511ac9c16e43c3d78d393c3a7b15cc0fb9a3119a4c78ec2df9fcd65fce21033082cb6c9944b43752f12aba5d8fcb2868e8198f5ab6d069

Download Submit
C:\Windows\system\XsxQzHr.exe

Filesize
6.0MB

MD5
d6b7aa0a51b09425175856b876428dcd

SHA1
25b059f0546df8f9e1ea89623402e12924be04f8

SHA256
b1fae3f16a21b992364e78969a8c799251e93f98cf11460361f45225d4663ce4

SHA512
7be91b13d3eef9c6d7d9d05e863bfba3fc25afa2fb6f747dcec74683b9768ab9797dca015d2003d59dfbc552601fda62cc1a793eee045ff37d4ad363be40bbdf

Download Submit
C:\Windows\system\YPagEyI.exe

Filesize
6.0MB

MD5
11e419e982faf603bd8ad8fe8d2d227b

SHA1
e86b3b6f4eec5c3c0431a2715de16da63c520a04

SHA256
1f1dd4490db35316e245620586929ac32bf2e3cec544b781c874c90c90b486ce

SHA512
1ee06b62732aa32309ed84f1b132cb9ef83a62bfefec422b6f66130b1522018817ede57648bde75821d8f6dd5910fc4d3815013934951040586348c37b37a7e0

Download Submit
C:\Windows\system\bNJegpy.exe

Filesize
6.0MB

MD5
f1da9e9d7c63915235e4ffcb35a461c7

SHA1
a57df95b9d114ecefaca2fef45ef11a528142f14

SHA256
20454dd3bd28901062e9524ba42c9f850fd7ebd244be8ea07b66e90e2cfb1a0d

SHA512
59236543bfe8dc098a96a200b92dc2b106d74bac16b66c318bb36b95af21892406acc9e6603d5f99aa18032de874b449572908882cb57843a1513517503f67c1

Download Submit
C:\Windows\system\baRucBQ.exe

Filesize
6.0MB

MD5
87f18607306f3969419c6b8cae14ab14

SHA1
f41b37c5b652972639448a3ef1433ad115444688

SHA256
dc0107bb9df2925d38c2cf6a1adb1f0f99ada7ecb0643d66f8c6c3503e0ed912

SHA512
c52512a694ecf7f7a14696587c46476c5fba00830d58704dc1da8110d935bb799f5aeea8e2a24aa6ac8c129e3bce40db5839ffda63227e3cdce8a92e1fc33b45

Download Submit
C:\Windows\system\cLfFWxL.exe

Filesize
6.0MB

MD5
b0487bcef13490e87ef5cf44263a5ed4

SHA1
a9405ae3efd75627312d76ea79488383adfa781c

SHA256
57211f23eae4639a1eaaa90d82ae93046bac93dbde47228e2c1ce79a6a96b75c

SHA512
a377f830961cecd740faaced95860fd7bccd3b883c3abc6ddc3173e54065046caaa315b663e4326ff43f5402da9e7d6cda9bd280753fd42ace1f402cc292b78a

Download Submit
C:\Windows\system\jlsnHfE.exe

Filesize
6.0MB

MD5
0dbf4738dd863f748c7e29bd184ba82b

SHA1
e1183d893520bf55162d2c36a748a8690981c095

SHA256
406c4ad4e219542a4539cefc6e7204133328bc0731cb4408a6289d1c5d9ec1db

SHA512
cc3c5463787aaaba1dc5d52d7947e9fbb1ff49361e8dc1efb22a82cba0feb7a7b81eb01d764a671a7cb819ea1216dee7ab74dd0595fb12e835b2f27346d70384

Download Submit
C:\Windows\system\rkxYJbM.exe

Filesize
6.0MB

MD5
e256da68a957e1da21833f32ae566ca6

SHA1
0364cbb04e8ce85e4a88e2e947fb1f335c889793

SHA256
24cd3136d39c451dd7c283c66bdac7f61588227664bf4b7562eb3ebf5a2d7850

SHA512
03f5e00694503f08470fbd77ee6b9b7e88b5a8e877d55a3ea94d9233504427276d1bdd2aed0a34f526ed2b7af72be0af25dd83f47433884c25b488a7beb31385

Download Submit
C:\Windows\system\rsdFXsk.exe

Filesize
6.0MB

MD5
446257f781151f59f2eddb4af875efe9

SHA1
65adefd1885e99e597f8fec3b0298b887f351383

SHA256
119ab947f5b337d349c12934d8ac828028a30d8a96cda5a064350d2411103331

SHA512
16aab217a21c12066496dd012e0bd013b6c7114f0a76469740bdefc3bcab4bce5ddae90fc1e66e9eb4f744d139cdf8b1e5fd07aacaf90405689d797e52cd4836

Download Submit
C:\Windows\system\tXqgDgH.exe

Filesize
6.0MB

MD5
0a059e305a2488e3eb33cbb5ee20ced7

SHA1
422059cf1c263473acc395539b3c0a4ed7d1e24b

SHA256
716b6e991dee64d28675828ad16396ebdacf2001ccb96711aeffdd08bd437440

SHA512
401349d93980fa5d2d3179a89288cfcee238160a0e0f03897663d37901654b0d5b3636d0c0af46d5b7fd6ef1056f88aedc624c21c60004e24ff6a8030bb27c75

Download Submit
C:\Windows\system\uOHObfn.exe

Filesize
6.0MB

MD5
5a7809b1a58a3bfce3d88de77fc715a2

SHA1
c3ed409d2a3904605c3beaca784f9ce7f3cb8bfe

SHA256
152c5ca2d156e88d30eea63175515846003fd6e852cb4eefcdcda3e0e8c337f0

SHA512
6cec88eb2b0c9013b1a30b790ac65b3656274e3ec071feb32e89e079958a22d4b12fd38039dee1987a2b0103f01b4564d00d8a5d8182132bbe59a40ebc16aa61

Download Submit
C:\Windows\system\uxyyFgU.exe

Filesize
6.0MB

MD5
187cdd971f86f2206dd98c88545a175a

SHA1
69f20dc6863a768e3fb68ce58a38e8140c93fd9b

SHA256
d9e0f0f045b9675380c6d86812750e1367daea0393359509b0a6fe33333c9465

SHA512
714c382ab2a991c76185ba22fed713ddc2cc1b373f7e25076a66f520d741fb586867beefc3c6abdb8529d1974450ffd6c0b889512e6a18f923a9b1aa986692bf

Download Submit
C:\Windows\system\xeMlsan.exe

Filesize
6.0MB

MD5
11eb34e4a70fd63d973aeee7cf1131c2

SHA1
7a554dfb996ffe3ecf3db87138754943213e8d5c

SHA256
935f56ff91aa168c7c4827b8add3b6f9b8828cc5473e97836ac6051654ca7c91

SHA512
62f643c9f7349e4b1cd7c1069e45d4c6ca557572daf85d8f1ffbc5e716cfb35d94319995ae292bb973dc89894fc5ed96bf09958d3255c6b4c6f83a3181c8bbdc

Download Submit
C:\Windows\system\xuBjEuD.exe

Filesize
6.0MB

MD5
327f4719bc471fd6a2c91ea1169e92a6

SHA1
51268b1077b496ac05aef51f12c9e6f06edd93e3

SHA256
2c5614da9fcc1e0400f134b6ace797cc58a1f4c2e6e0470e0f5fbc4308729e35

SHA512
3a09523ed3a4668757072f7db2079e0d634baeb919356620e88d72fefbcbacc241e6a3285b0ef4f577ac2d781017124be8ebe78a2b3d09af1ee32bfd7573d18e

Download Submit
C:\Windows\system\yBncoVL.exe

Filesize
6.0MB

MD5
9b57a5d8e50d4eb2ff4e6ca7c0f8c1a7

SHA1
8bb0eccc10e6ef8fd8a7fd527ce9d8aea5826d8d

SHA256
f576e74e460f6737a3466a0457396513b3b8c69d90ac7b7c75db18fd09b5fcc7

SHA512
49c6e2aa82612502d9316f1b5cec023fafe864ca1815b200466f2971bc44e0006f0422c5a05608eeb2dd898b614f9497e1b8ad483c85670cbcdb2b75f81442d2

Download Submit
\Windows\system\IrBegvH.exe

Filesize
6.0MB

MD5
ed6975ef7ee9dff4a4f3efc23993ab0c

SHA1
d8b49ec15d4e2f3a442ef7692e1b7b361aec9257

SHA256
bca2ce90464f6f08bc58b4e6c803e4beaf55a64f28d0708df7c24bd6ec969161

SHA512
20742198efd602c6cb49e558c116052ae3783e5af0d54dac4d8b9e180a6724e5aa7f699c6309322725725dad7a7a252973a386217e57708315fd2bba6811f341

Download Submit
\Windows\system\ONxvhVa.exe

Filesize
6.0MB

MD5
cebe6d4d97e0c318e4af1e4cf9ee6fca

SHA1
0dd615984bb93d6225920ad1b29565fa31716ad4

SHA256
0656d206db1dca10a65d492e46b89297c7a963ccf4032839e1e584a629fdbd68

SHA512
95fecd6971d4a1d4bd33b330004d82cc521b0df92abdc012e19d7b42be651573dee67699e6a7be13c66eeb8223e66c5b7cb057ca30209b13e3de86b1cef4dfbf

Download Submit
\Windows\system\POvtvMe.exe

Filesize
6.0MB

MD5
3c704c90c70005f758e7adca6a98d883

SHA1
c78332b690942cd49fb80e07e7040f5bdbb93de2

SHA256
b9516e984886b80905bfd5e1fd92bcf70fa930a1a5a8c5595b193acddec35a3b

SHA512
6666813be42207246592aa4cc7856df0a00838293572fc8a84b2f66db93d7f4b69f741fe85fb2fa9bc6ce238ab8c5c8759c4cf420d38acd890ee66ff351e518f

Download Submit
\Windows\system\PRHyMLH.exe

Filesize
6.0MB

MD5
6495f51acb2b8b8fd7208403579947cf

SHA1
291140c3defef6f47b64b0d702cd7f8b1e4eb905

SHA256
f587ea4060ac1e37a1f615f74939d62f1ce170e884d6cb0509a8d701e2227270

SHA512
29deb5c039c321f0ae6fd2fa63c1e72fa2dbe126a92e234f727f44310743509ffece3ea4e843724c2df1e69ea72f8abd74a2fbcec94e0bc42613872abdc96b01

Download Submit
\Windows\system\VUqlvfl.exe

Filesize
6.0MB

MD5
f44190acc70d051a507154d62cc3160c

SHA1
be6a91ec2070016572ad060ead030ff18ec9b70b

SHA256
0da60635bf55a953db834242ef5e4fa0ae5621522958a9fd21e820ac029202e2

SHA512
847416af1fa41875e468200e985cbda7a43fa3f23f7a5c7aa2b0f7a890904e32dcfd5a3bd699f71ab9eece66da5381bdadb3961784fd8c05e43388146c561003

Download Submit
\Windows\system\XnstfSv.exe

Filesize
6.0MB

MD5
82f7c354833dedf9be72a94e003ea7d7

SHA1
c3750ac1a086cbe7a5f3d093569fa3e6210d6ba3

SHA256
9e3d8cd1e79fd7a8f49e35dcbe6b1b317c3cb0c068cb6f15370fd1953c902762

SHA512
66f9116c0fe9fc66675756b5560e2e4e1474ccae0c9ddf1936c4356e2c20412985ff9cca74f0765e0b74c4d524938eab06ff478706d150353263bd67d8852601

Download Submit
\Windows\system\dafrpaK.exe

Filesize
6.0MB

MD5
4dde03b848d7767d964dd26d81fe0ac0

SHA1
91c64ac99fe41c9715a8331ca74c411611e5459a

SHA256
69f7142fb93a8baf152b4f393df53fbbaaa57b7a18a3323457d17a00c2d37096

SHA512
735d7147282dc2d8b0fb090f16066df074c5342989b87eb817e92fa41d7a1bf5b9ca8f5d2a45555fbf7da6406a4214751d1d7e227bc45929315acf37aa6f6793

Download Submit
\Windows\system\xVxrmNE.exe

Filesize
6.0MB

MD5
693b50c7b5da33c6cfd77cdca8de7cf5

SHA1
f6608043c7e3ae02ddc36626bbf5f8cc9a53330c

SHA256
c858d92668fbbfb5dee0974caf7579a8b4c7c23ec44f56a4d5bda57fdd8b2f2c

SHA512
f2eae5ad8d43a0a0935df0106ce0ceabe1342f9cf30decb7b10d31e928864c2bc15e0ec7263c60a71a25a395c99d25deb6b7b8d19ea6e8546a44ea9cfc733b09

Download Submit
\Windows\system\yxeGovM.exe

Filesize
6.0MB

MD5
f4c263ebc9400e56414b80edb71b51cf

SHA1
d3302bfa2c6b1c9e14c4e5df0f68d168c94754bb

SHA256
6889e43563b9b978d3083f777332e5e1cf2189cf717f3f4fac895c86899d3f16

SHA512
1848e0f7e6e0821feedff012b063af535461d96c28a029f21d59b580a3684fcd3cd2bcce686d36f9cbbe9642805124f1b98a611393e2ec6ef9731dbe33590bd4

Download Submit
\Windows\system\zqzsNIr.exe

Filesize
6.0MB

MD5
92df5992af3450db9bad221820e86dc3

SHA1
fc122777ebf8faa74ab1def55058e625c8ebe737

SHA256
fd558d89f77aaf34c2f75299f816672c20857bab79d6645e35d6b03ff0ab180c

SHA512
f04234c374df52247ffff6af7986e0dc0ab60e870294748efe0d783a30e67e1eb697b82f92459cfa8782d63c04f9077ecb97f1ecbece074844c11f3dddc29bc9

Download Submit
memory/1632-19-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1632-3946-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1798-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1701-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-243-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-242-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/2372-240-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-7-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2372-238-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-22-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-236-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-245-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-234-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-0-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-232-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1797-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-230-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-228-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1721-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1716-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-225-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2372-856-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1037-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1715-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1713-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1673-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1640-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2500-3970-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2500-241-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3971-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2600-237-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2608-229-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3965-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2632-239-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3939-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-1038-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3964-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2680-14-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1390-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2708-38-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3966-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2740-226-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-3949-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3947-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-231-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3945-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2764-235-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2788-21-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3948-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1205-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-244-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3976-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2936-233-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3967-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/3016-3950-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/3016-227-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download