cobaltstrike | 269e0b4cfac2fb08312e0ffd1385bc0258c0542cfe90c3b9c9f4c00025ea520f

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
16-11-2024 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

fe9b4b319959a9d472b5b2973ac70486
SHA1

5f0114ecaedae4f6a0d6d376d89dca06832a2a36
SHA256

269e0b4cfac2fb08312e0ffd1385bc0258c0542cfe90c3b9c9f4c00025ea520f
SHA512

4c23ab8bac219e6868ad64b271f459d8b24e796b17c8c2461f3b376c5c7c2b9e37a7acb60292aac774ed09ff48d491561d604fabdc0a995c2cba6df41aa50588
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUr:T+q56utgpPF8u/7r

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001202b-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015cc8-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cd1-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cee-27.dat	cobalt_reflective_dll
behavioral1/files/0x0034000000015c8b-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cfc-33.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d41-64.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d2a-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c80-88.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cd7-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c88-98.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cf5-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d2a-120.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3a-125.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4b-135.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-140.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-172.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-184.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-201.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-196.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-191.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df3-181.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-176.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-166.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d77-161.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-156.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6b-150.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d67-145.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d43-130.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c66-81.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d18-59.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d0e-51.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2816-0-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x000c00000001202b-3.dat	xmrig
behavioral1/memory/3024-8-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x0009000000015cc8-9.dat	xmrig
behavioral1/memory/2352-14-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/files/0x0008000000015cd1-11.dat	xmrig
behavioral1/memory/2956-20-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2696-28-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x0008000000015cee-27.dat	xmrig
behavioral1/files/0x0034000000015c8b-41.dat	xmrig
behavioral1/memory/3024-42-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2152-44-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2688-35-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2816-34-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cfc-33.dat	xmrig
behavioral1/memory/2352-47-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2956-52-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/files/0x0009000000015d41-64.dat	xmrig
behavioral1/files/0x0007000000015d2a-70.dat	xmrig
behavioral1/memory/2688-74-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2056-75-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c80-88.dat	xmrig
behavioral1/memory/2204-89-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x0006000000016cd7-105.dat	xmrig
behavioral1/memory/2332-107-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c88-98.dat	xmrig
behavioral1/files/0x0006000000016cf5-115.dat	xmrig
behavioral1/files/0x0006000000016d2a-120.dat	xmrig
behavioral1/files/0x0006000000016d3a-125.dat	xmrig
behavioral1/files/0x0006000000016d4b-135.dat	xmrig
behavioral1/files/0x0006000000016d54-140.dat	xmrig
behavioral1/memory/2056-153-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/files/0x0006000000016de8-172.dat	xmrig
behavioral1/files/0x0006000000016ecf-184.dat	xmrig
behavioral1/memory/2816-548-0x0000000002480000-0x00000000027D4000-memory.dmp	xmrig
behavioral1/memory/2332-800-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/760-633-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2204-459-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2544-315-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/files/0x000600000001749c-201.dat	xmrig
behavioral1/files/0x0006000000017497-196.dat	xmrig
behavioral1/files/0x0006000000017049-191.dat	xmrig
behavioral1/files/0x0006000000016df3-181.dat	xmrig
behavioral1/files/0x0006000000016dea-176.dat	xmrig
behavioral1/files/0x0006000000016d9f-166.dat	xmrig
behavioral1/files/0x0006000000016d77-161.dat	xmrig
behavioral1/files/0x0006000000016d6f-156.dat	xmrig
behavioral1/files/0x0006000000016d6b-150.dat	xmrig
behavioral1/files/0x0006000000016d67-145.dat	xmrig
behavioral1/files/0x0006000000016d43-130.dat	xmrig
behavioral1/memory/2816-113-0x0000000002480000-0x00000000027D4000-memory.dmp	xmrig
behavioral1/memory/1108-112-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2816-94-0x0000000002480000-0x00000000027D4000-memory.dmp	xmrig
behavioral1/memory/2816-93-0x0000000002480000-0x00000000027D4000-memory.dmp	xmrig
behavioral1/memory/2544-83-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2152-82-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c66-81.dat	xmrig
behavioral1/memory/2816-106-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/760-101-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/1364-100-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/768-60-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d18-59.dat	xmrig
behavioral1/memory/1108-71-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2696-68-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3024	RwPIBLu.exe
2352	SMQeUcu.exe
2956	uAzjqoL.exe
2696	nVnkHaB.exe
2688	rIGIzyi.exe
2152	fCMOWDv.exe
768	kwxsGvz.exe
1364	ZROooBl.exe
1108	bhYDDdf.exe
2056	BLJzsym.exe
2544	kRCeLqL.exe
2204	NKBUmKm.exe
760	pmNHzMB.exe
2332	XzqpmSU.exe
1936	jHSHQBN.exe
1692	CcQPVVs.exe
664	DgDHrvT.exe
2876	TYPvtmi.exe
1748	fsFjimF.exe
1816	JSxaHuI.exe
2648	OWCfjQJ.exe
1056	xbPuGTA.exe
2856	LOYLLMI.exe
656	zeURVRv.exe
2456	kSpqOuY.exe
2524	QRXdUXZ.exe
2300	kwmDWkn.exe
1332	IsYxVhv.exe
1788	kOuKNfm.exe
1140	AVawuAr.exe
1288	VIJisaU.exe
1528	mgHloXZ.exe
1624	nGnEvFv.exe
2464	KCdvYzF.exe
1868	vHOGxTV.exe
1376	gAnnyOS.exe
872	qjCNeCW.exe
1760	URWIlnC.exe
1752	gYMCKIm.exe
544	lfrofPv.exe
832	lfIAUYh.exe
1312	ROBzFus.exe
2388	JHgkBra.exe
2548	GDPBeFz.exe
2036	vZqcHKR.exe
2748	fsPqYhy.exe
2396	tCbtaVZ.exe
1704	nmNzjtR.exe
1508	NVtCEnj.exe
876	yZeIXBZ.exe
1668	IpsLZPE.exe
2988	bmjCXVS.exe
1608	QkUSllR.exe
2944	uJCABNA.exe
2980	sFprfxe.exe
1576	exMwiyh.exe
2484	QYNsNAC.exe
2744	xXoyiPZ.exe
2820	LoNlYmV.exe
2628	gxWqXvV.exe
2712	MvqrElb.exe
2836	yIpwonb.exe
1164	XqybNjf.exe
2880	qhquHJh.exe

Loads dropped DLL 64 IoCs

pid	Process
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2816-0-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x000c00000001202b-3.dat	upx
behavioral1/memory/3024-8-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x0009000000015cc8-9.dat	upx
behavioral1/memory/2352-14-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/files/0x0008000000015cd1-11.dat	upx
behavioral1/memory/2956-20-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2696-28-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x0008000000015cee-27.dat	upx
behavioral1/files/0x0034000000015c8b-41.dat	upx
behavioral1/memory/3024-42-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2152-44-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2688-35-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2816-34-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x0007000000015cfc-33.dat	upx
behavioral1/memory/2352-47-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2956-52-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/files/0x0009000000015d41-64.dat	upx
behavioral1/files/0x0007000000015d2a-70.dat	upx
behavioral1/memory/2688-74-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2056-75-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/files/0x0006000000016c80-88.dat	upx
behavioral1/memory/2204-89-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x0006000000016cd7-105.dat	upx
behavioral1/memory/2332-107-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x0006000000016c88-98.dat	upx
behavioral1/files/0x0006000000016cf5-115.dat	upx
behavioral1/files/0x0006000000016d2a-120.dat	upx
behavioral1/files/0x0006000000016d3a-125.dat	upx
behavioral1/files/0x0006000000016d4b-135.dat	upx
behavioral1/files/0x0006000000016d54-140.dat	upx
behavioral1/memory/2056-153-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/files/0x0006000000016de8-172.dat	upx
behavioral1/files/0x0006000000016ecf-184.dat	upx
behavioral1/memory/2332-800-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/760-633-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2204-459-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2544-315-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x000600000001749c-201.dat	upx
behavioral1/files/0x0006000000017497-196.dat	upx
behavioral1/files/0x0006000000017049-191.dat	upx
behavioral1/files/0x0006000000016df3-181.dat	upx
behavioral1/files/0x0006000000016dea-176.dat	upx
behavioral1/files/0x0006000000016d9f-166.dat	upx
behavioral1/files/0x0006000000016d77-161.dat	upx
behavioral1/files/0x0006000000016d6f-156.dat	upx
behavioral1/files/0x0006000000016d6b-150.dat	upx
behavioral1/files/0x0006000000016d67-145.dat	upx
behavioral1/files/0x0006000000016d43-130.dat	upx
behavioral1/memory/1108-112-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2544-83-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2152-82-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x0006000000016c66-81.dat	upx
behavioral1/memory/760-101-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/1364-100-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/768-60-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x0007000000015d18-59.dat	upx
behavioral1/memory/1108-71-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2696-68-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/1364-66-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x0007000000015d0e-51.dat	upx
behavioral1/memory/2352-2914-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/3024-2925-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2956-2929-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QPkEizL.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VYSBcuy.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iRCtcTN.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yUgdszR.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VuabfWb.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhEUvdy.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mgmAoxe.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VZWWtdu.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CGPqORS.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zUZofAv.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DKuKbAD.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LjpEpIr.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jIagEDA.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fzSejig.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEyduKa.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pdaLHpv.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TUbrcFW.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvqNUJs.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGnYUpq.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUHkLVy.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OcupKaD.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jbGZBbG.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtqsyeB.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcxBGpv.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gSDNUbK.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sHmKTgl.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXifJKI.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCdUPsb.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\knwXoeX.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UEWLECS.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOOFDzM.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWnaqWz.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQnxayo.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CiaNwKo.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjtJnHf.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhejBBm.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OnVlIDQ.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZEPxXum.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVnkHaB.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VqEdlbe.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GcKiHCy.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IiOAJEc.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cOxOGSs.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\riDyuyH.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vbzWBMb.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CLtrEXy.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UlPLYev.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YnBcxPp.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgMHxiW.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jTKgscf.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LDHwpOI.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QuhQlSQ.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ycbNYWg.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\szBgcAZ.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\loWhAXg.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ShYOijI.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\juMhyyl.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PngXsSv.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ziRCBPM.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Dqfjbrb.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\baslDOZ.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCKrvrL.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCBmoUW.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CxYOCMf.exe	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 3024	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 3024	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 3024	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 2352	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 2352	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 2352	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 2956	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 2956	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 2956	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 2696	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2696	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2696	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2688	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2688	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2688	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2152	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 2152	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 2152	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 768	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 768	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 768	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 1364	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 1364	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 1364	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 1108	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 1108	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 1108	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 2056	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 2056	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 2056	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 2544	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 2544	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 2544	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 2204	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 2204	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 2204	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 760	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 760	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 760	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 2332	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 2332	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 2332	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 1936	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 1936	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 1936	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 1692	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 1692	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 1692	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 664	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 664	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 664	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 2876	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 2876	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 2876	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 1748	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 1748	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 1748	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 1816	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 1816	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 1816	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 2648	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 2648	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 2648	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 1056	2816	2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-16_fe9b4b319959a9d472b5b2973ac70486_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Windows\System\RwPIBLu.exe
  C:\Windows\System\RwPIBLu.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\SMQeUcu.exe
  C:\Windows\System\SMQeUcu.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\uAzjqoL.exe
  C:\Windows\System\uAzjqoL.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\nVnkHaB.exe
  C:\Windows\System\nVnkHaB.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\rIGIzyi.exe
  C:\Windows\System\rIGIzyi.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\fCMOWDv.exe
  C:\Windows\System\fCMOWDv.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\kwxsGvz.exe
  C:\Windows\System\kwxsGvz.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\ZROooBl.exe
  C:\Windows\System\ZROooBl.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\bhYDDdf.exe
  C:\Windows\System\bhYDDdf.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\BLJzsym.exe
  C:\Windows\System\BLJzsym.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\kRCeLqL.exe
  C:\Windows\System\kRCeLqL.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\NKBUmKm.exe
  C:\Windows\System\NKBUmKm.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\pmNHzMB.exe
  C:\Windows\System\pmNHzMB.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\XzqpmSU.exe
  C:\Windows\System\XzqpmSU.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\jHSHQBN.exe
  C:\Windows\System\jHSHQBN.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\CcQPVVs.exe
  C:\Windows\System\CcQPVVs.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\DgDHrvT.exe
  C:\Windows\System\DgDHrvT.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\TYPvtmi.exe
  C:\Windows\System\TYPvtmi.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\fsFjimF.exe
  C:\Windows\System\fsFjimF.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\JSxaHuI.exe
  C:\Windows\System\JSxaHuI.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\OWCfjQJ.exe
  C:\Windows\System\OWCfjQJ.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\xbPuGTA.exe
  C:\Windows\System\xbPuGTA.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\LOYLLMI.exe
  C:\Windows\System\LOYLLMI.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\zeURVRv.exe
  C:\Windows\System\zeURVRv.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\kSpqOuY.exe
  C:\Windows\System\kSpqOuY.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\QRXdUXZ.exe
  C:\Windows\System\QRXdUXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\kwmDWkn.exe
  C:\Windows\System\kwmDWkn.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\IsYxVhv.exe
  C:\Windows\System\IsYxVhv.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\kOuKNfm.exe
  C:\Windows\System\kOuKNfm.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\AVawuAr.exe
  C:\Windows\System\AVawuAr.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\VIJisaU.exe
  C:\Windows\System\VIJisaU.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\mgHloXZ.exe
  C:\Windows\System\mgHloXZ.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\nGnEvFv.exe
  C:\Windows\System\nGnEvFv.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\KCdvYzF.exe
  C:\Windows\System\KCdvYzF.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\vHOGxTV.exe
  C:\Windows\System\vHOGxTV.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\gAnnyOS.exe
  C:\Windows\System\gAnnyOS.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\qjCNeCW.exe
  C:\Windows\System\qjCNeCW.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\URWIlnC.exe
  C:\Windows\System\URWIlnC.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\gYMCKIm.exe
  C:\Windows\System\gYMCKIm.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\lfrofPv.exe
  C:\Windows\System\lfrofPv.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\lfIAUYh.exe
  C:\Windows\System\lfIAUYh.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\ROBzFus.exe
  C:\Windows\System\ROBzFus.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\JHgkBra.exe
  C:\Windows\System\JHgkBra.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\GDPBeFz.exe
  C:\Windows\System\GDPBeFz.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\vZqcHKR.exe
  C:\Windows\System\vZqcHKR.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\fsPqYhy.exe
  C:\Windows\System\fsPqYhy.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\tCbtaVZ.exe
  C:\Windows\System\tCbtaVZ.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\nmNzjtR.exe
  C:\Windows\System\nmNzjtR.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\NVtCEnj.exe
  C:\Windows\System\NVtCEnj.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\yZeIXBZ.exe
  C:\Windows\System\yZeIXBZ.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\IpsLZPE.exe
  C:\Windows\System\IpsLZPE.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\bmjCXVS.exe
  C:\Windows\System\bmjCXVS.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\QkUSllR.exe
  C:\Windows\System\QkUSllR.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\uJCABNA.exe
  C:\Windows\System\uJCABNA.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\sFprfxe.exe
  C:\Windows\System\sFprfxe.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\exMwiyh.exe
  C:\Windows\System\exMwiyh.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\QYNsNAC.exe
  C:\Windows\System\QYNsNAC.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\xXoyiPZ.exe
  C:\Windows\System\xXoyiPZ.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\LoNlYmV.exe
  C:\Windows\System\LoNlYmV.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\gxWqXvV.exe
  C:\Windows\System\gxWqXvV.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\MvqrElb.exe
  C:\Windows\System\MvqrElb.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\yIpwonb.exe
  C:\Windows\System\yIpwonb.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\XqybNjf.exe
  C:\Windows\System\XqybNjf.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\qhquHJh.exe
  C:\Windows\System\qhquHJh.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\SETlNna.exe
  C:\Windows\System\SETlNna.exe
  2⤵
  PID:2356
- C:\Windows\System\yKbqyPZ.exe
  C:\Windows\System\yKbqyPZ.exe
  2⤵
  PID:1296
- C:\Windows\System\zjHazvI.exe
  C:\Windows\System\zjHazvI.exe
  2⤵
  PID:2000
- C:\Windows\System\mwSLJrO.exe
  C:\Windows\System\mwSLJrO.exe
  2⤵
  PID:2012
- C:\Windows\System\bKrIgtu.exe
  C:\Windows\System\bKrIgtu.exe
  2⤵
  PID:1740
- C:\Windows\System\aIDTYBq.exe
  C:\Windows\System\aIDTYBq.exe
  2⤵
  PID:2892
- C:\Windows\System\FQeZhsF.exe
  C:\Windows\System\FQeZhsF.exe
  2⤵
  PID:1532
- C:\Windows\System\DLovWXT.exe
  C:\Windows\System\DLovWXT.exe
  2⤵
  PID:1344
- C:\Windows\System\lyxnKEd.exe
  C:\Windows\System\lyxnKEd.exe
  2⤵
  PID:2184
- C:\Windows\System\xEAaGPk.exe
  C:\Windows\System\xEAaGPk.exe
  2⤵
  PID:3040
- C:\Windows\System\Zhneblm.exe
  C:\Windows\System\Zhneblm.exe
  2⤵
  PID:2296
- C:\Windows\System\kcgRIgl.exe
  C:\Windows\System\kcgRIgl.exe
  2⤵
  PID:1588
- C:\Windows\System\MNmAepu.exe
  C:\Windows\System\MNmAepu.exe
  2⤵
  PID:1664
- C:\Windows\System\iaJREaS.exe
  C:\Windows\System\iaJREaS.exe
  2⤵
  PID:2196
- C:\Windows\System\uqRByEG.exe
  C:\Windows\System\uqRByEG.exe
  2⤵
  PID:1956
- C:\Windows\System\ZdRlbgD.exe
  C:\Windows\System\ZdRlbgD.exe
  2⤵
  PID:2468
- C:\Windows\System\udchbdD.exe
  C:\Windows\System\udchbdD.exe
  2⤵
  PID:1556
- C:\Windows\System\bcsNejq.exe
  C:\Windows\System\bcsNejq.exe
  2⤵
  PID:2604
- C:\Windows\System\juSbdiO.exe
  C:\Windows\System\juSbdiO.exe
  2⤵
  PID:744
- C:\Windows\System\cUfaYuz.exe
  C:\Windows\System\cUfaYuz.exe
  2⤵
  PID:2324
- C:\Windows\System\mVRZmom.exe
  C:\Windows\System\mVRZmom.exe
  2⤵
  PID:2076
- C:\Windows\System\HOjeZed.exe
  C:\Windows\System\HOjeZed.exe
  2⤵
  PID:2188
- C:\Windows\System\npqaMwG.exe
  C:\Windows\System\npqaMwG.exe
  2⤵
  PID:1632
- C:\Windows\System\RtCKKhP.exe
  C:\Windows\System\RtCKKhP.exe
  2⤵
  PID:1724
- C:\Windows\System\dlLyfEi.exe
  C:\Windows\System\dlLyfEi.exe
  2⤵
  PID:2560
- C:\Windows\System\pBmEiXV.exe
  C:\Windows\System\pBmEiXV.exe
  2⤵
  PID:1612
- C:\Windows\System\PObvqaR.exe
  C:\Windows\System\PObvqaR.exe
  2⤵
  PID:2972
- C:\Windows\System\iEFhkme.exe
  C:\Windows\System\iEFhkme.exe
  2⤵
  PID:2796
- C:\Windows\System\PGCFDiV.exe
  C:\Windows\System\PGCFDiV.exe
  2⤵
  PID:2668
- C:\Windows\System\nyOYVSV.exe
  C:\Windows\System\nyOYVSV.exe
  2⤵
  PID:2828
- C:\Windows\System\rpIqGiw.exe
  C:\Windows\System\rpIqGiw.exe
  2⤵
  PID:2800
- C:\Windows\System\QdeEwIE.exe
  C:\Windows\System\QdeEwIE.exe
  2⤵
  PID:696
- C:\Windows\System\uaHPKyo.exe
  C:\Windows\System\uaHPKyo.exe
  2⤵
  PID:2952
- C:\Windows\System\itDuHsl.exe
  C:\Windows\System\itDuHsl.exe
  2⤵
  PID:2472
- C:\Windows\System\QsqQCxc.exe
  C:\Windows\System\QsqQCxc.exe
  2⤵
  PID:2140
- C:\Windows\System\ZrxVXAA.exe
  C:\Windows\System\ZrxVXAA.exe
  2⤵
  PID:2060
- C:\Windows\System\HJJDiRW.exe
  C:\Windows\System\HJJDiRW.exe
  2⤵
  PID:2736
- C:\Windows\System\eMNQzLA.exe
  C:\Windows\System\eMNQzLA.exe
  2⤵
  PID:2788
- C:\Windows\System\unGwfsB.exe
  C:\Windows\System\unGwfsB.exe
  2⤵
  PID:1672
- C:\Windows\System\iaapZPS.exe
  C:\Windows\System\iaapZPS.exe
  2⤵
  PID:1872
- C:\Windows\System\DnatJPc.exe
  C:\Windows\System\DnatJPc.exe
  2⤵
  PID:2488
- C:\Windows\System\GDisOvl.exe
  C:\Windows\System\GDisOvl.exe
  2⤵
  PID:1336
- C:\Windows\System\TKHGrTB.exe
  C:\Windows\System\TKHGrTB.exe
  2⤵
  PID:1544
- C:\Windows\System\pvLuAys.exe
  C:\Windows\System\pvLuAys.exe
  2⤵
  PID:1776
- C:\Windows\System\xVzJbJX.exe
  C:\Windows\System\xVzJbJX.exe
  2⤵
  PID:3048
- C:\Windows\System\LprPsFC.exe
  C:\Windows\System\LprPsFC.exe
  2⤵
  PID:1156
- C:\Windows\System\LxBKzpa.exe
  C:\Windows\System\LxBKzpa.exe
  2⤵
  PID:2168
- C:\Windows\System\DKYDfUG.exe
  C:\Windows\System\DKYDfUG.exe
  2⤵
  PID:1712
- C:\Windows\System\jyZYkye.exe
  C:\Windows\System\jyZYkye.exe
  2⤵
  PID:3000
- C:\Windows\System\CxPGBsu.exe
  C:\Windows\System\CxPGBsu.exe
  2⤵
  PID:2072
- C:\Windows\System\wFNaEVC.exe
  C:\Windows\System\wFNaEVC.exe
  2⤵
  PID:2936
- C:\Windows\System\YEMFbWB.exe
  C:\Windows\System\YEMFbWB.exe
  2⤵
  PID:2160
- C:\Windows\System\FvtmLFN.exe
  C:\Windows\System\FvtmLFN.exe
  2⤵
  PID:2704
- C:\Windows\System\LRCDQuq.exe
  C:\Windows\System\LRCDQuq.exe
  2⤵
  PID:584
- C:\Windows\System\NpAAtcB.exe
  C:\Windows\System\NpAAtcB.exe
  2⤵
  PID:1960
- C:\Windows\System\UphtzsS.exe
  C:\Windows\System\UphtzsS.exe
  2⤵
  PID:2720
- C:\Windows\System\KZIEYlu.exe
  C:\Windows\System\KZIEYlu.exe
  2⤵
  PID:1440
- C:\Windows\System\JOJrKgA.exe
  C:\Windows\System\JOJrKgA.exe
  2⤵
  PID:2304
- C:\Windows\System\zywrHEK.exe
  C:\Windows\System\zywrHEK.exe
  2⤵
  PID:2564
- C:\Windows\System\OrUGHOW.exe
  C:\Windows\System\OrUGHOW.exe
  2⤵
  PID:1068
- C:\Windows\System\DINTfOi.exe
  C:\Windows\System\DINTfOi.exe
  2⤵
  PID:2348
- C:\Windows\System\xXuERFg.exe
  C:\Windows\System\xXuERFg.exe
  2⤵
  PID:1520
- C:\Windows\System\kvJbXxz.exe
  C:\Windows\System\kvJbXxz.exe
  2⤵
  PID:1616
- C:\Windows\System\meUPaiP.exe
  C:\Windows\System\meUPaiP.exe
  2⤵
  PID:2920
- C:\Windows\System\kYmLAab.exe
  C:\Windows\System\kYmLAab.exe
  2⤵
  PID:2740
- C:\Windows\System\JiVYKmG.exe
  C:\Windows\System\JiVYKmG.exe
  2⤵
  PID:264
- C:\Windows\System\AxvAtAA.exe
  C:\Windows\System\AxvAtAA.exe
  2⤵
  PID:3092
- C:\Windows\System\xPcoSKM.exe
  C:\Windows\System\xPcoSKM.exe
  2⤵
  PID:3112
- C:\Windows\System\CzcPSNV.exe
  C:\Windows\System\CzcPSNV.exe
  2⤵
  PID:3132
- C:\Windows\System\bbyvOBQ.exe
  C:\Windows\System\bbyvOBQ.exe
  2⤵
  PID:3152
- C:\Windows\System\rwFDQoT.exe
  C:\Windows\System\rwFDQoT.exe
  2⤵
  PID:3172
- C:\Windows\System\DXvskRI.exe
  C:\Windows\System\DXvskRI.exe
  2⤵
  PID:3188
- C:\Windows\System\oAvdtTT.exe
  C:\Windows\System\oAvdtTT.exe
  2⤵
  PID:3212
- C:\Windows\System\YcQJJUr.exe
  C:\Windows\System\YcQJJUr.exe
  2⤵
  PID:3228
- C:\Windows\System\pjsGMgD.exe
  C:\Windows\System\pjsGMgD.exe
  2⤵
  PID:3248
- C:\Windows\System\TmFjgQo.exe
  C:\Windows\System\TmFjgQo.exe
  2⤵
  PID:3272
- C:\Windows\System\CiDcqrh.exe
  C:\Windows\System\CiDcqrh.exe
  2⤵
  PID:3296
- C:\Windows\System\jVqMwtx.exe
  C:\Windows\System\jVqMwtx.exe
  2⤵
  PID:3316
- C:\Windows\System\LKGyyBb.exe
  C:\Windows\System\LKGyyBb.exe
  2⤵
  PID:3336
- C:\Windows\System\nAuXvHH.exe
  C:\Windows\System\nAuXvHH.exe
  2⤵
  PID:3352
- C:\Windows\System\OGLuGhq.exe
  C:\Windows\System\OGLuGhq.exe
  2⤵
  PID:3376
- C:\Windows\System\PixDxtF.exe
  C:\Windows\System\PixDxtF.exe
  2⤵
  PID:3396
- C:\Windows\System\KXASEXh.exe
  C:\Windows\System\KXASEXh.exe
  2⤵
  PID:3420
- C:\Windows\System\LKDLPNa.exe
  C:\Windows\System\LKDLPNa.exe
  2⤵
  PID:3440
- C:\Windows\System\NTQKbUp.exe
  C:\Windows\System\NTQKbUp.exe
  2⤵
  PID:3460
- C:\Windows\System\ejKwIIa.exe
  C:\Windows\System\ejKwIIa.exe
  2⤵
  PID:3480
- C:\Windows\System\VrKMgCA.exe
  C:\Windows\System\VrKMgCA.exe
  2⤵
  PID:3500
- C:\Windows\System\urjOPdV.exe
  C:\Windows\System\urjOPdV.exe
  2⤵
  PID:3520
- C:\Windows\System\fBADwJz.exe
  C:\Windows\System\fBADwJz.exe
  2⤵
  PID:3540
- C:\Windows\System\mLGfBYv.exe
  C:\Windows\System\mLGfBYv.exe
  2⤵
  PID:3560
- C:\Windows\System\wjkDnll.exe
  C:\Windows\System\wjkDnll.exe
  2⤵
  PID:3580
- C:\Windows\System\pwbnHFp.exe
  C:\Windows\System\pwbnHFp.exe
  2⤵
  PID:3600
- C:\Windows\System\yhFAzui.exe
  C:\Windows\System\yhFAzui.exe
  2⤵
  PID:3620
- C:\Windows\System\LcJFUoI.exe
  C:\Windows\System\LcJFUoI.exe
  2⤵
  PID:3640
- C:\Windows\System\mOdxDpc.exe
  C:\Windows\System\mOdxDpc.exe
  2⤵
  PID:3660
- C:\Windows\System\yJSguAh.exe
  C:\Windows\System\yJSguAh.exe
  2⤵
  PID:3680
- C:\Windows\System\nvdkpSI.exe
  C:\Windows\System\nvdkpSI.exe
  2⤵
  PID:3700
- C:\Windows\System\YXVkrSj.exe
  C:\Windows\System\YXVkrSj.exe
  2⤵
  PID:3720
- C:\Windows\System\LiCKxks.exe
  C:\Windows\System\LiCKxks.exe
  2⤵
  PID:3740
- C:\Windows\System\HHyFgVm.exe
  C:\Windows\System\HHyFgVm.exe
  2⤵
  PID:3760
- C:\Windows\System\khIkzdj.exe
  C:\Windows\System\khIkzdj.exe
  2⤵
  PID:3780
- C:\Windows\System\OnKCYoX.exe
  C:\Windows\System\OnKCYoX.exe
  2⤵
  PID:3800
- C:\Windows\System\ANWqnfR.exe
  C:\Windows\System\ANWqnfR.exe
  2⤵
  PID:3820
- C:\Windows\System\SjErIzg.exe
  C:\Windows\System\SjErIzg.exe
  2⤵
  PID:3836
- C:\Windows\System\jjSEuEE.exe
  C:\Windows\System\jjSEuEE.exe
  2⤵
  PID:3860
- C:\Windows\System\nCsJTYv.exe
  C:\Windows\System\nCsJTYv.exe
  2⤵
  PID:3876
- C:\Windows\System\VYCPzLB.exe
  C:\Windows\System\VYCPzLB.exe
  2⤵
  PID:3896
- C:\Windows\System\GMtZias.exe
  C:\Windows\System\GMtZias.exe
  2⤵
  PID:3916
- C:\Windows\System\KXMMshY.exe
  C:\Windows\System\KXMMshY.exe
  2⤵
  PID:3944
- C:\Windows\System\RjxmuLj.exe
  C:\Windows\System\RjxmuLj.exe
  2⤵
  PID:3964
- C:\Windows\System\PFElHEf.exe
  C:\Windows\System\PFElHEf.exe
  2⤵
  PID:3988
- C:\Windows\System\rwgmpMK.exe
  C:\Windows\System\rwgmpMK.exe
  2⤵
  PID:4008
- C:\Windows\System\JIDbLzK.exe
  C:\Windows\System\JIDbLzK.exe
  2⤵
  PID:4028
- C:\Windows\System\ipEARIW.exe
  C:\Windows\System\ipEARIW.exe
  2⤵
  PID:4048
- C:\Windows\System\LIGhAEC.exe
  C:\Windows\System\LIGhAEC.exe
  2⤵
  PID:4068
- C:\Windows\System\yfLpODE.exe
  C:\Windows\System\yfLpODE.exe
  2⤵
  PID:4084
- C:\Windows\System\BMSxKeK.exe
  C:\Windows\System\BMSxKeK.exe
  2⤵
  PID:1096
- C:\Windows\System\kOEXuRb.exe
  C:\Windows\System\kOEXuRb.exe
  2⤵
  PID:2180
- C:\Windows\System\TiBSvSp.exe
  C:\Windows\System\TiBSvSp.exe
  2⤵
  PID:2288
- C:\Windows\System\sRfqmDZ.exe
  C:\Windows\System\sRfqmDZ.exe
  2⤵
  PID:772
- C:\Windows\System\MYKmepC.exe
  C:\Windows\System\MYKmepC.exe
  2⤵
  PID:2776
- C:\Windows\System\nwTkEQB.exe
  C:\Windows\System\nwTkEQB.exe
  2⤵
  PID:1720
- C:\Windows\System\abfJSvx.exe
  C:\Windows\System\abfJSvx.exe
  2⤵
  PID:2752
- C:\Windows\System\KuXdbNe.exe
  C:\Windows\System\KuXdbNe.exe
  2⤵
  PID:2756
- C:\Windows\System\yNFFfpM.exe
  C:\Windows\System\yNFFfpM.exe
  2⤵
  PID:3128
- C:\Windows\System\eDaTVqB.exe
  C:\Windows\System\eDaTVqB.exe
  2⤵
  PID:3168
- C:\Windows\System\uslAXNr.exe
  C:\Windows\System\uslAXNr.exe
  2⤵
  PID:3196
- C:\Windows\System\dxNhqvb.exe
  C:\Windows\System\dxNhqvb.exe
  2⤵
  PID:3184
- C:\Windows\System\riPKRnQ.exe
  C:\Windows\System\riPKRnQ.exe
  2⤵
  PID:3224
- C:\Windows\System\PhTfyix.exe
  C:\Windows\System\PhTfyix.exe
  2⤵
  PID:3284
- C:\Windows\System\vFHGwVx.exe
  C:\Windows\System\vFHGwVx.exe
  2⤵
  PID:3328
- C:\Windows\System\ZfHjFcu.exe
  C:\Windows\System\ZfHjFcu.exe
  2⤵
  PID:3368
- C:\Windows\System\gjOOqFJ.exe
  C:\Windows\System\gjOOqFJ.exe
  2⤵
  PID:3384
- C:\Windows\System\NXqjPYf.exe
  C:\Windows\System\NXqjPYf.exe
  2⤵
  PID:3448
- C:\Windows\System\qumSNWZ.exe
  C:\Windows\System\qumSNWZ.exe
  2⤵
  PID:3468
- C:\Windows\System\DKuKbAD.exe
  C:\Windows\System\DKuKbAD.exe
  2⤵
  PID:3476
- C:\Windows\System\AHgVfDB.exe
  C:\Windows\System\AHgVfDB.exe
  2⤵
  PID:3508
- C:\Windows\System\PjDXMKZ.exe
  C:\Windows\System\PjDXMKZ.exe
  2⤵
  PID:3568
- C:\Windows\System\kYVdmpL.exe
  C:\Windows\System\kYVdmpL.exe
  2⤵
  PID:3572
- C:\Windows\System\AhsXALu.exe
  C:\Windows\System\AhsXALu.exe
  2⤵
  PID:3592
- C:\Windows\System\KakXzVb.exe
  C:\Windows\System\KakXzVb.exe
  2⤵
  PID:3636
- C:\Windows\System\ZxtTYLw.exe
  C:\Windows\System\ZxtTYLw.exe
  2⤵
  PID:3668
- C:\Windows\System\xzVretg.exe
  C:\Windows\System\xzVretg.exe
  2⤵
  PID:3708
- C:\Windows\System\YSQwHIy.exe
  C:\Windows\System\YSQwHIy.exe
  2⤵
  PID:3712
- C:\Windows\System\UlVcxkK.exe
  C:\Windows\System\UlVcxkK.exe
  2⤵
  PID:1784
- C:\Windows\System\SKPspPh.exe
  C:\Windows\System\SKPspPh.exe
  2⤵
  PID:2908
- C:\Windows\System\JPxBIgu.exe
  C:\Windows\System\JPxBIgu.exe
  2⤵
  PID:3852
- C:\Windows\System\gpBaOnF.exe
  C:\Windows\System\gpBaOnF.exe
  2⤵
  PID:3892
- C:\Windows\System\bjPfhZC.exe
  C:\Windows\System\bjPfhZC.exe
  2⤵
  PID:3932
- C:\Windows\System\KQbnKJo.exe
  C:\Windows\System\KQbnKJo.exe
  2⤵
  PID:3912
- C:\Windows\System\HzdfPrt.exe
  C:\Windows\System\HzdfPrt.exe
  2⤵
  PID:3976
- C:\Windows\System\uTVPmOS.exe
  C:\Windows\System\uTVPmOS.exe
  2⤵
  PID:3960
- C:\Windows\System\muGmwFh.exe
  C:\Windows\System\muGmwFh.exe
  2⤵
  PID:4036
- C:\Windows\System\PhteZdX.exe
  C:\Windows\System\PhteZdX.exe
  2⤵
  PID:1260
- C:\Windows\System\VfhCJsn.exe
  C:\Windows\System\VfhCJsn.exe
  2⤵
  PID:1400
- C:\Windows\System\JtgykOj.exe
  C:\Windows\System\JtgykOj.exe
  2⤵
  PID:2964
- C:\Windows\System\DXxPjyp.exe
  C:\Windows\System\DXxPjyp.exe
  2⤵
  PID:2896
- C:\Windows\System\oGeNugv.exe
  C:\Windows\System\oGeNugv.exe
  2⤵
  PID:1944
- C:\Windows\System\KHRZbmQ.exe
  C:\Windows\System\KHRZbmQ.exe
  2⤵
  PID:2584
- C:\Windows\System\XIBXwGk.exe
  C:\Windows\System\XIBXwGk.exe
  2⤵
  PID:3104
- C:\Windows\System\oABiGpZ.exe
  C:\Windows\System\oABiGpZ.exe
  2⤵
  PID:3144
- C:\Windows\System\SMwTMEn.exe
  C:\Windows\System\SMwTMEn.exe
  2⤵
  PID:3124
- C:\Windows\System\TcCARjH.exe
  C:\Windows\System\TcCARjH.exe
  2⤵
  PID:3304
- C:\Windows\System\SPtirYc.exe
  C:\Windows\System\SPtirYc.exe
  2⤵
  PID:3288
- C:\Windows\System\EYwFpJD.exe
  C:\Windows\System\EYwFpJD.exe
  2⤵
  PID:3404
- C:\Windows\System\CnlGRYx.exe
  C:\Windows\System\CnlGRYx.exe
  2⤵
  PID:3428
- C:\Windows\System\QVADydJ.exe
  C:\Windows\System\QVADydJ.exe
  2⤵
  PID:868
- C:\Windows\System\ZEjsgwo.exe
  C:\Windows\System\ZEjsgwo.exe
  2⤵
  PID:3556
- C:\Windows\System\fAwQlIg.exe
  C:\Windows\System\fAwQlIg.exe
  2⤵
  PID:3656
- C:\Windows\System\HYWhBfY.exe
  C:\Windows\System\HYWhBfY.exe
  2⤵
  PID:3264
- C:\Windows\System\ipNRTjg.exe
  C:\Windows\System\ipNRTjg.exe
  2⤵
  PID:3728
- C:\Windows\System\zpaeDoN.exe
  C:\Windows\System\zpaeDoN.exe
  2⤵
  PID:3752
- C:\Windows\System\HpREyqa.exe
  C:\Windows\System\HpREyqa.exe
  2⤵
  PID:3816
- C:\Windows\System\PROPwoI.exe
  C:\Windows\System\PROPwoI.exe
  2⤵
  PID:3928
- C:\Windows\System\bOXVedc.exe
  C:\Windows\System\bOXVedc.exe
  2⤵
  PID:3872
- C:\Windows\System\lOLBsBU.exe
  C:\Windows\System\lOLBsBU.exe
  2⤵
  PID:3904
- C:\Windows\System\NjAwVoq.exe
  C:\Windows\System\NjAwVoq.exe
  2⤵
  PID:4064
- C:\Windows\System\AfmpNZM.exe
  C:\Windows\System\AfmpNZM.exe
  2⤵
  PID:2092
- C:\Windows\System\AxfoFrw.exe
  C:\Windows\System\AxfoFrw.exe
  2⤵
  PID:1884
- C:\Windows\System\dmtjoFD.exe
  C:\Windows\System\dmtjoFD.exe
  2⤵
  PID:2436
- C:\Windows\System\BwDMWjX.exe
  C:\Windows\System\BwDMWjX.exe
  2⤵
  PID:3120
- C:\Windows\System\nHzyLHB.exe
  C:\Windows\System\nHzyLHB.exe
  2⤵
  PID:3108
- C:\Windows\System\eslioiZ.exe
  C:\Windows\System\eslioiZ.exe
  2⤵
  PID:3240
- C:\Windows\System\UDtWFeD.exe
  C:\Windows\System\UDtWFeD.exe
  2⤵
  PID:3308
- C:\Windows\System\wLhaQsK.exe
  C:\Windows\System\wLhaQsK.exe
  2⤵
  PID:3788
- C:\Windows\System\RNxUzeF.exe
  C:\Windows\System\RNxUzeF.exe
  2⤵
  PID:2432
- C:\Windows\System\BWGqvTm.exe
  C:\Windows\System\BWGqvTm.exe
  2⤵
  PID:3528
- C:\Windows\System\fpNlmRf.exe
  C:\Windows\System\fpNlmRf.exe
  2⤵
  PID:3516
- C:\Windows\System\TTRgQDp.exe
  C:\Windows\System\TTRgQDp.exe
  2⤵
  PID:3732
- C:\Windows\System\HgMHxiW.exe
  C:\Windows\System\HgMHxiW.exe
  2⤵
  PID:3716
- C:\Windows\System\FWcjvEj.exe
  C:\Windows\System\FWcjvEj.exe
  2⤵
  PID:3792
- C:\Windows\System\ofzdsxt.exe
  C:\Windows\System\ofzdsxt.exe
  2⤵
  PID:2884
- C:\Windows\System\jfmfiHc.exe
  C:\Windows\System\jfmfiHc.exe
  2⤵
  PID:3952
- C:\Windows\System\dLeZEbe.exe
  C:\Windows\System\dLeZEbe.exe
  2⤵
  PID:4060
- C:\Windows\System\GPkrEmV.exe
  C:\Windows\System\GPkrEmV.exe
  2⤵
  PID:1688
- C:\Windows\System\zsFDopc.exe
  C:\Windows\System\zsFDopc.exe
  2⤵
  PID:2764
- C:\Windows\System\ORzdipM.exe
  C:\Windows\System\ORzdipM.exe
  2⤵
  PID:3084
- C:\Windows\System\gIgWDim.exe
  C:\Windows\System\gIgWDim.exe
  2⤵
  PID:3204
- C:\Windows\System\WrNsWjj.exe
  C:\Windows\System\WrNsWjj.exe
  2⤵
  PID:3268
- C:\Windows\System\BAETQcv.exe
  C:\Windows\System\BAETQcv.exe
  2⤵
  PID:3496
- C:\Windows\System\FioWYzn.exe
  C:\Windows\System\FioWYzn.exe
  2⤵
  PID:3616
- C:\Windows\System\UsPOJxd.exe
  C:\Windows\System\UsPOJxd.exe
  2⤵
  PID:3844
- C:\Windows\System\CUiNxeY.exe
  C:\Windows\System\CUiNxeY.exe
  2⤵
  PID:3776
- C:\Windows\System\iwCJyMd.exe
  C:\Windows\System\iwCJyMd.exe
  2⤵
  PID:3832
- C:\Windows\System\iAVTKgK.exe
  C:\Windows\System\iAVTKgK.exe
  2⤵
  PID:1852
- C:\Windows\System\seHxYrH.exe
  C:\Windows\System\seHxYrH.exe
  2⤵
  PID:3220
- C:\Windows\System\cIGeobF.exe
  C:\Windows\System\cIGeobF.exe
  2⤵
  PID:4104
- C:\Windows\System\IfJwxIL.exe
  C:\Windows\System\IfJwxIL.exe
  2⤵
  PID:4124
- C:\Windows\System\asdzjey.exe
  C:\Windows\System\asdzjey.exe
  2⤵
  PID:4144
- C:\Windows\System\YekZhyQ.exe
  C:\Windows\System\YekZhyQ.exe
  2⤵
  PID:4164
- C:\Windows\System\OhGHGeB.exe
  C:\Windows\System\OhGHGeB.exe
  2⤵
  PID:4184
- C:\Windows\System\Ghefcnw.exe
  C:\Windows\System\Ghefcnw.exe
  2⤵
  PID:4204
- C:\Windows\System\syOrHTB.exe
  C:\Windows\System\syOrHTB.exe
  2⤵
  PID:4224
- C:\Windows\System\jBSoigS.exe
  C:\Windows\System\jBSoigS.exe
  2⤵
  PID:4244
- C:\Windows\System\WjZUZzb.exe
  C:\Windows\System\WjZUZzb.exe
  2⤵
  PID:4264
- C:\Windows\System\CHreygA.exe
  C:\Windows\System\CHreygA.exe
  2⤵
  PID:4284
- C:\Windows\System\CTDyWfk.exe
  C:\Windows\System\CTDyWfk.exe
  2⤵
  PID:4304
- C:\Windows\System\iwFcuHx.exe
  C:\Windows\System\iwFcuHx.exe
  2⤵
  PID:4324
- C:\Windows\System\VmShVsD.exe
  C:\Windows\System\VmShVsD.exe
  2⤵
  PID:4344
- C:\Windows\System\qHfjkqC.exe
  C:\Windows\System\qHfjkqC.exe
  2⤵
  PID:4364
- C:\Windows\System\kLtpRYG.exe
  C:\Windows\System\kLtpRYG.exe
  2⤵
  PID:4384
- C:\Windows\System\qpcZPLK.exe
  C:\Windows\System\qpcZPLK.exe
  2⤵
  PID:4404
- C:\Windows\System\QuCbvqM.exe
  C:\Windows\System\QuCbvqM.exe
  2⤵
  PID:4424
- C:\Windows\System\PtppgQa.exe
  C:\Windows\System\PtppgQa.exe
  2⤵
  PID:4444
- C:\Windows\System\nWnquOC.exe
  C:\Windows\System\nWnquOC.exe
  2⤵
  PID:4464
- C:\Windows\System\jiqwmTW.exe
  C:\Windows\System\jiqwmTW.exe
  2⤵
  PID:4480
- C:\Windows\System\hcnBGTL.exe
  C:\Windows\System\hcnBGTL.exe
  2⤵
  PID:4504
- C:\Windows\System\CQppSaa.exe
  C:\Windows\System\CQppSaa.exe
  2⤵
  PID:4524
- C:\Windows\System\rCThwKs.exe
  C:\Windows\System\rCThwKs.exe
  2⤵
  PID:4544
- C:\Windows\System\Ikjzknc.exe
  C:\Windows\System\Ikjzknc.exe
  2⤵
  PID:4560
- C:\Windows\System\VJwxYpZ.exe
  C:\Windows\System\VJwxYpZ.exe
  2⤵
  PID:4580
- C:\Windows\System\TraRFae.exe
  C:\Windows\System\TraRFae.exe
  2⤵
  PID:4604
- C:\Windows\System\pFASgHY.exe
  C:\Windows\System\pFASgHY.exe
  2⤵
  PID:4624
- C:\Windows\System\WVsJNdD.exe
  C:\Windows\System\WVsJNdD.exe
  2⤵
  PID:4640
- C:\Windows\System\JcQupEQ.exe
  C:\Windows\System\JcQupEQ.exe
  2⤵
  PID:4660
- C:\Windows\System\OiIYotS.exe
  C:\Windows\System\OiIYotS.exe
  2⤵
  PID:4684
- C:\Windows\System\OUerBXD.exe
  C:\Windows\System\OUerBXD.exe
  2⤵
  PID:4704
- C:\Windows\System\yUgdszR.exe
  C:\Windows\System\yUgdszR.exe
  2⤵
  PID:4724
- C:\Windows\System\dIjzMYa.exe
  C:\Windows\System\dIjzMYa.exe
  2⤵
  PID:4748
- C:\Windows\System\rebXECU.exe
  C:\Windows\System\rebXECU.exe
  2⤵
  PID:4768
- C:\Windows\System\eKneavS.exe
  C:\Windows\System\eKneavS.exe
  2⤵
  PID:4788
- C:\Windows\System\mbPxyGP.exe
  C:\Windows\System\mbPxyGP.exe
  2⤵
  PID:4808
- C:\Windows\System\lQlyzvc.exe
  C:\Windows\System\lQlyzvc.exe
  2⤵
  PID:4828
- C:\Windows\System\CqYqVDm.exe
  C:\Windows\System\CqYqVDm.exe
  2⤵
  PID:4848
- C:\Windows\System\wGwygJh.exe
  C:\Windows\System\wGwygJh.exe
  2⤵
  PID:4868
- C:\Windows\System\vdltfon.exe
  C:\Windows\System\vdltfon.exe
  2⤵
  PID:4884
- C:\Windows\System\eOysIBN.exe
  C:\Windows\System\eOysIBN.exe
  2⤵
  PID:4904
- C:\Windows\System\XvTderC.exe
  C:\Windows\System\XvTderC.exe
  2⤵
  PID:4924
- C:\Windows\System\pCfrIOq.exe
  C:\Windows\System\pCfrIOq.exe
  2⤵
  PID:4948
- C:\Windows\System\BorsPMa.exe
  C:\Windows\System\BorsPMa.exe
  2⤵
  PID:4968
- C:\Windows\System\ObRvZgN.exe
  C:\Windows\System\ObRvZgN.exe
  2⤵
  PID:4988
- C:\Windows\System\stBXgNg.exe
  C:\Windows\System\stBXgNg.exe
  2⤵
  PID:5008
- C:\Windows\System\LJFKzDT.exe
  C:\Windows\System\LJFKzDT.exe
  2⤵
  PID:5028
- C:\Windows\System\WhYsfIn.exe
  C:\Windows\System\WhYsfIn.exe
  2⤵
  PID:5048
- C:\Windows\System\dxoMmJX.exe
  C:\Windows\System\dxoMmJX.exe
  2⤵
  PID:5068
- C:\Windows\System\OQoWWLe.exe
  C:\Windows\System\OQoWWLe.exe
  2⤵
  PID:5088
- C:\Windows\System\lGbmmmB.exe
  C:\Windows\System\lGbmmmB.exe
  2⤵
  PID:5108
- C:\Windows\System\JnsSTYy.exe
  C:\Windows\System\JnsSTYy.exe
  2⤵
  PID:3344
- C:\Windows\System\TFIwexn.exe
  C:\Windows\System\TFIwexn.exe
  2⤵
  PID:1820
- C:\Windows\System\CBhIbYe.exe
  C:\Windows\System\CBhIbYe.exe
  2⤵
  PID:2064
- C:\Windows\System\avcXMqV.exe
  C:\Windows\System\avcXMqV.exe
  2⤵
  PID:4044
- C:\Windows\System\AFFSyiI.exe
  C:\Windows\System\AFFSyiI.exe
  2⤵
  PID:4024
- C:\Windows\System\TeKjtiV.exe
  C:\Windows\System\TeKjtiV.exe
  2⤵
  PID:2476
- C:\Windows\System\Dwnbake.exe
  C:\Windows\System\Dwnbake.exe
  2⤵
  PID:4132
- C:\Windows\System\TCFZcdx.exe
  C:\Windows\System\TCFZcdx.exe
  2⤵
  PID:4160
- C:\Windows\System\VQvvAkz.exe
  C:\Windows\System\VQvvAkz.exe
  2⤵
  PID:4212
- C:\Windows\System\UHrbSvQ.exe
  C:\Windows\System\UHrbSvQ.exe
  2⤵
  PID:4232
- C:\Windows\System\uwdoEFY.exe
  C:\Windows\System\uwdoEFY.exe
  2⤵
  PID:4236
- C:\Windows\System\OpimOng.exe
  C:\Windows\System\OpimOng.exe
  2⤵
  PID:4280
- C:\Windows\System\kTaMyaO.exe
  C:\Windows\System\kTaMyaO.exe
  2⤵
  PID:4312
- C:\Windows\System\xGBbekm.exe
  C:\Windows\System\xGBbekm.exe
  2⤵
  PID:2480
- C:\Windows\System\zybtXie.exe
  C:\Windows\System\zybtXie.exe
  2⤵
  PID:4356
- C:\Windows\System\SjqBfOi.exe
  C:\Windows\System\SjqBfOi.exe
  2⤵
  PID:4400
- C:\Windows\System\xAiSzlt.exe
  C:\Windows\System\xAiSzlt.exe
  2⤵
  PID:4460
- C:\Windows\System\uOEFRUC.exe
  C:\Windows\System\uOEFRUC.exe
  2⤵
  PID:4436
- C:\Windows\System\pacFxiD.exe
  C:\Windows\System\pacFxiD.exe
  2⤵
  PID:4540
- C:\Windows\System\oMykLmy.exe
  C:\Windows\System\oMykLmy.exe
  2⤵
  PID:4576
- C:\Windows\System\uzfCWOg.exe
  C:\Windows\System\uzfCWOg.exe
  2⤵
  PID:4588
- C:\Windows\System\LfcKLNh.exe
  C:\Windows\System\LfcKLNh.exe
  2⤵
  PID:4596
- C:\Windows\System\EoliziA.exe
  C:\Windows\System\EoliziA.exe
  2⤵
  PID:4700
- C:\Windows\System\IJSRswy.exe
  C:\Windows\System\IJSRswy.exe
  2⤵
  PID:4680
- C:\Windows\System\wrBhApa.exe
  C:\Windows\System\wrBhApa.exe
  2⤵
  PID:4736
- C:\Windows\System\YLzExFx.exe
  C:\Windows\System\YLzExFx.exe
  2⤵
  PID:4780
- C:\Windows\System\JxAistl.exe
  C:\Windows\System\JxAistl.exe
  2⤵
  PID:4816
- C:\Windows\System\EimHIhG.exe
  C:\Windows\System\EimHIhG.exe
  2⤵
  PID:4800
- C:\Windows\System\iclgzRp.exe
  C:\Windows\System\iclgzRp.exe
  2⤵
  PID:4844
- C:\Windows\System\WtWSplQ.exe
  C:\Windows\System\WtWSplQ.exe
  2⤵
  PID:4876
- C:\Windows\System\HxNnxeF.exe
  C:\Windows\System\HxNnxeF.exe
  2⤵
  PID:4940
- C:\Windows\System\zZfIGqD.exe
  C:\Windows\System\zZfIGqD.exe
  2⤵
  PID:4956
- C:\Windows\System\voZGhbu.exe
  C:\Windows\System\voZGhbu.exe
  2⤵
  PID:4980
- C:\Windows\System\aWriEri.exe
  C:\Windows\System\aWriEri.exe
  2⤵
  PID:5020
- C:\Windows\System\baslDOZ.exe
  C:\Windows\System\baslDOZ.exe
  2⤵
  PID:5040
- C:\Windows\System\dTHtZHo.exe
  C:\Windows\System\dTHtZHo.exe
  2⤵
  PID:5096
- C:\Windows\System\yVGybRP.exe
  C:\Windows\System\yVGybRP.exe
  2⤵
  PID:5116
- C:\Windows\System\KyGpZId.exe
  C:\Windows\System\KyGpZId.exe
  2⤵
  PID:268
- C:\Windows\System\loptPly.exe
  C:\Windows\System\loptPly.exe
  2⤵
  PID:2428
- C:\Windows\System\Ibaipxt.exe
  C:\Windows\System\Ibaipxt.exe
  2⤵
  PID:4040
- C:\Windows\System\IMCBOFA.exe
  C:\Windows\System\IMCBOFA.exe
  2⤵
  PID:4152
- C:\Windows\System\ANDmEWr.exe
  C:\Windows\System\ANDmEWr.exe
  2⤵
  PID:4216
- C:\Windows\System\OVFVPYD.exe
  C:\Windows\System\OVFVPYD.exe
  2⤵
  PID:4292
- C:\Windows\System\pbXmVFW.exe
  C:\Windows\System\pbXmVFW.exe
  2⤵
  PID:4496
- C:\Windows\System\bcNlwJG.exe
  C:\Windows\System\bcNlwJG.exe
  2⤵
  PID:4536
- C:\Windows\System\YaxraHz.exe
  C:\Windows\System\YaxraHz.exe
  2⤵
  PID:4556
- C:\Windows\System\sonpGcu.exe
  C:\Windows\System\sonpGcu.exe
  2⤵
  PID:4600
- C:\Windows\System\JSTiWwq.exe
  C:\Windows\System\JSTiWwq.exe
  2⤵
  PID:4632
- C:\Windows\System\ivRCdod.exe
  C:\Windows\System\ivRCdod.exe
  2⤵
  PID:4776
- C:\Windows\System\xHLEGcT.exe
  C:\Windows\System\xHLEGcT.exe
  2⤵
  PID:4824
- C:\Windows\System\oveTGrh.exe
  C:\Windows\System\oveTGrh.exe
  2⤵
  PID:4896
- C:\Windows\System\abeAKUB.exe
  C:\Windows\System\abeAKUB.exe
  2⤵
  PID:1568
- C:\Windows\System\QcJjHPt.exe
  C:\Windows\System\QcJjHPt.exe
  2⤵
  PID:4920
- C:\Windows\System\TxOTDOp.exe
  C:\Windows\System\TxOTDOp.exe
  2⤵
  PID:1304
- C:\Windows\System\FqdVvTH.exe
  C:\Windows\System\FqdVvTH.exe
  2⤵
  PID:4984
- C:\Windows\System\jvDKjWO.exe
  C:\Windows\System\jvDKjWO.exe
  2⤵
  PID:5000
- C:\Windows\System\dKlwfON.exe
  C:\Windows\System\dKlwfON.exe
  2⤵
  PID:3348
- C:\Windows\System\HAkDZpS.exe
  C:\Windows\System\HAkDZpS.exe
  2⤵
  PID:3360
- C:\Windows\System\DmDPRPt.exe
  C:\Windows\System\DmDPRPt.exe
  2⤵
  PID:3672
- C:\Windows\System\bhOISnT.exe
  C:\Windows\System\bhOISnT.exe
  2⤵
  PID:4112
- C:\Windows\System\yXmYFFQ.exe
  C:\Windows\System\yXmYFFQ.exe
  2⤵
  PID:4240
- C:\Windows\System\OArSYVo.exe
  C:\Windows\System\OArSYVo.exe
  2⤵
  PID:4300
- C:\Windows\System\uTuSuSc.exe
  C:\Windows\System\uTuSuSc.exe
  2⤵
  PID:2068
- C:\Windows\System\LxLPRLO.exe
  C:\Windows\System\LxLPRLO.exe
  2⤵
  PID:3984
- C:\Windows\System\RSzruGP.exe
  C:\Windows\System\RSzruGP.exe
  2⤵
  PID:860
- C:\Windows\System\cZRpwXO.exe
  C:\Windows\System\cZRpwXO.exe
  2⤵
  PID:844
- C:\Windows\System\OnbgIlJ.exe
  C:\Windows\System\OnbgIlJ.exe
  2⤵
  PID:2224
- C:\Windows\System\uaaBvgj.exe
  C:\Windows\System\uaaBvgj.exe
  2⤵
  PID:1276
- C:\Windows\System\qCzsQhL.exe
  C:\Windows\System\qCzsQhL.exe
  2⤵
  PID:1912
- C:\Windows\System\ypNrIFr.exe
  C:\Windows\System\ypNrIFr.exe
  2⤵
  PID:3436
- C:\Windows\System\AHjvZpn.exe
  C:\Windows\System\AHjvZpn.exe
  2⤵
  PID:2556
- C:\Windows\System\LmYRnuL.exe
  C:\Windows\System\LmYRnuL.exe
  2⤵
  PID:468
- C:\Windows\System\wqjZnMP.exe
  C:\Windows\System\wqjZnMP.exe
  2⤵
  PID:4500
- C:\Windows\System\ooNePuq.exe
  C:\Windows\System\ooNePuq.exe
  2⤵
  PID:4616
- C:\Windows\System\WdfNdXD.exe
  C:\Windows\System\WdfNdXD.exe
  2⤵
  PID:4720
- C:\Windows\System\gdXoyMI.exe
  C:\Windows\System\gdXoyMI.exe
  2⤵
  PID:4512
- C:\Windows\System\NRkdTvp.exe
  C:\Windows\System\NRkdTvp.exe
  2⤵
  PID:4892
- C:\Windows\System\asqWXAc.exe
  C:\Windows\System\asqWXAc.exe
  2⤵
  PID:4860
- C:\Windows\System\uwhFLEv.exe
  C:\Windows\System\uwhFLEv.exe
  2⤵
  PID:4932
- C:\Windows\System\vrifXVW.exe
  C:\Windows\System\vrifXVW.exe
  2⤵
  PID:5024
- C:\Windows\System\ScYOONw.exe
  C:\Windows\System\ScYOONw.exe
  2⤵
  PID:4744
- C:\Windows\System\CqpKAXt.exe
  C:\Windows\System\CqpKAXt.exe
  2⤵
  PID:3280
- C:\Windows\System\dXdBxnb.exe
  C:\Windows\System\dXdBxnb.exe
  2⤵
  PID:2888
- C:\Windows\System\QAtDFZO.exe
  C:\Windows\System\QAtDFZO.exe
  2⤵
  PID:4192
- C:\Windows\System\xeWGhHS.exe
  C:\Windows\System\xeWGhHS.exe
  2⤵
  PID:1516
- C:\Windows\System\topqfCg.exe
  C:\Windows\System\topqfCg.exe
  2⤵
  PID:1920
- C:\Windows\System\mVbpFlH.exe
  C:\Windows\System\mVbpFlH.exe
  2⤵
  PID:2492
- C:\Windows\System\HzPkdLc.exe
  C:\Windows\System\HzPkdLc.exe
  2⤵
  PID:952
- C:\Windows\System\NsBXYYg.exe
  C:\Windows\System\NsBXYYg.exe
  2⤵
  PID:2512
- C:\Windows\System\TnAqvax.exe
  C:\Windows\System\TnAqvax.exe
  2⤵
  PID:840
- C:\Windows\System\EQfmPvY.exe
  C:\Windows\System\EQfmPvY.exe
  2⤵
  PID:4712
- C:\Windows\System\jTKgscf.exe
  C:\Windows\System\jTKgscf.exe
  2⤵
  PID:4516
- C:\Windows\System\WspcyFs.exe
  C:\Windows\System\WspcyFs.exe
  2⤵
  PID:4760
- C:\Windows\System\mckfbWZ.exe
  C:\Windows\System\mckfbWZ.exe
  2⤵
  PID:4960
- C:\Windows\System\BEFJruf.exe
  C:\Windows\System\BEFJruf.exe
  2⤵
  PID:5016
- C:\Windows\System\wdqDhIk.exe
  C:\Windows\System\wdqDhIk.exe
  2⤵
  PID:1888
- C:\Windows\System\CsgjOjl.exe
  C:\Windows\System\CsgjOjl.exe
  2⤵
  PID:4180
- C:\Windows\System\qsYufVD.exe
  C:\Windows\System\qsYufVD.exe
  2⤵
  PID:1796
- C:\Windows\System\OgBYEtv.exe
  C:\Windows\System\OgBYEtv.exe
  2⤵
  PID:2532
- C:\Windows\System\idyFGqi.exe
  C:\Windows\System\idyFGqi.exe
  2⤵
  PID:4568
- C:\Windows\System\KTkbBZG.exe
  C:\Windows\System\KTkbBZG.exe
  2⤵
  PID:4156
- C:\Windows\System\xnPmulp.exe
  C:\Windows\System\xnPmulp.exe
  2⤵
  PID:1476
- C:\Windows\System\hcYdrkM.exe
  C:\Windows\System\hcYdrkM.exe
  2⤵
  PID:1836
- C:\Windows\System\IGXvChx.exe
  C:\Windows\System\IGXvChx.exe
  2⤵
  PID:4764
- C:\Windows\System\deEwrtD.exe
  C:\Windows\System\deEwrtD.exe
  2⤵
  PID:5084
- C:\Windows\System\qKbWolY.exe
  C:\Windows\System\qKbWolY.exe
  2⤵
  PID:1676
- C:\Windows\System\yAfetmM.exe
  C:\Windows\System\yAfetmM.exe
  2⤵
  PID:4332
- C:\Windows\System\ngNAeXn.exe
  C:\Windows\System\ngNAeXn.exe
  2⤵
  PID:4652
- C:\Windows\System\VMfDjeP.exe
  C:\Windows\System\VMfDjeP.exe
  2⤵
  PID:4676
- C:\Windows\System\wkhYugw.exe
  C:\Windows\System\wkhYugw.exe
  2⤵
  PID:5100
- C:\Windows\System\ESyjoeW.exe
  C:\Windows\System\ESyjoeW.exe
  2⤵
  PID:5140
- C:\Windows\System\sXCQqkG.exe
  C:\Windows\System\sXCQqkG.exe
  2⤵
  PID:5164
- C:\Windows\System\Kljiwqx.exe
  C:\Windows\System\Kljiwqx.exe
  2⤵
  PID:5184
- C:\Windows\System\twQtDpf.exe
  C:\Windows\System\twQtDpf.exe
  2⤵
  PID:5200
- C:\Windows\System\aMBKpiN.exe
  C:\Windows\System\aMBKpiN.exe
  2⤵
  PID:5216
- C:\Windows\System\PbXSurs.exe
  C:\Windows\System\PbXSurs.exe
  2⤵
  PID:5236
- C:\Windows\System\WrwatJD.exe
  C:\Windows\System\WrwatJD.exe
  2⤵
  PID:5264
- C:\Windows\System\VRYAhiJ.exe
  C:\Windows\System\VRYAhiJ.exe
  2⤵
  PID:5280
- C:\Windows\System\bIvrOkn.exe
  C:\Windows\System\bIvrOkn.exe
  2⤵
  PID:5296
- C:\Windows\System\WbpzOYD.exe
  C:\Windows\System\WbpzOYD.exe
  2⤵
  PID:5316
- C:\Windows\System\kuHLOeX.exe
  C:\Windows\System\kuHLOeX.exe
  2⤵
  PID:5336
- C:\Windows\System\HTAYpmK.exe
  C:\Windows\System\HTAYpmK.exe
  2⤵
  PID:5380
- C:\Windows\System\IPXAdMi.exe
  C:\Windows\System\IPXAdMi.exe
  2⤵
  PID:5400
- C:\Windows\System\JQSNzAm.exe
  C:\Windows\System\JQSNzAm.exe
  2⤵
  PID:5420
- C:\Windows\System\PxCdlkN.exe
  C:\Windows\System\PxCdlkN.exe
  2⤵
  PID:5436
- C:\Windows\System\wQgFikI.exe
  C:\Windows\System\wQgFikI.exe
  2⤵
  PID:5456
- C:\Windows\System\WZMVuCt.exe
  C:\Windows\System\WZMVuCt.exe
  2⤵
  PID:5472
- C:\Windows\System\TRwhUHE.exe
  C:\Windows\System\TRwhUHE.exe
  2⤵
  PID:5488
- C:\Windows\System\jDukPJP.exe
  C:\Windows\System\jDukPJP.exe
  2⤵
  PID:5504
- C:\Windows\System\QrNJYvY.exe
  C:\Windows\System\QrNJYvY.exe
  2⤵
  PID:5528
- C:\Windows\System\zprVsub.exe
  C:\Windows\System\zprVsub.exe
  2⤵
  PID:5544
- C:\Windows\System\ZUkKrPo.exe
  C:\Windows\System\ZUkKrPo.exe
  2⤵
  PID:5560
- C:\Windows\System\QtgPFSy.exe
  C:\Windows\System\QtgPFSy.exe
  2⤵
  PID:5576
- C:\Windows\System\hhniOpB.exe
  C:\Windows\System\hhniOpB.exe
  2⤵
  PID:5596
- C:\Windows\System\gYCfVKH.exe
  C:\Windows\System\gYCfVKH.exe
  2⤵
  PID:5616
- C:\Windows\System\PHKXChW.exe
  C:\Windows\System\PHKXChW.exe
  2⤵
  PID:5632
- C:\Windows\System\bXHifIZ.exe
  C:\Windows\System\bXHifIZ.exe
  2⤵
  PID:5660
- C:\Windows\System\UrKQCcS.exe
  C:\Windows\System\UrKQCcS.exe
  2⤵
  PID:5676
- C:\Windows\System\buuQpZm.exe
  C:\Windows\System\buuQpZm.exe
  2⤵
  PID:5692
- C:\Windows\System\VrVmAMu.exe
  C:\Windows\System\VrVmAMu.exe
  2⤵
  PID:5716
- C:\Windows\System\TMLDMjJ.exe
  C:\Windows\System\TMLDMjJ.exe
  2⤵
  PID:5732
- C:\Windows\System\EPeWziZ.exe
  C:\Windows\System\EPeWziZ.exe
  2⤵
  PID:5752
- C:\Windows\System\IhbgMzG.exe
  C:\Windows\System\IhbgMzG.exe
  2⤵
  PID:5768
- C:\Windows\System\twoQuui.exe
  C:\Windows\System\twoQuui.exe
  2⤵
  PID:5788
- C:\Windows\System\tPiBnGt.exe
  C:\Windows\System\tPiBnGt.exe
  2⤵
  PID:5804
- C:\Windows\System\tsXsJTX.exe
  C:\Windows\System\tsXsJTX.exe
  2⤵
  PID:5820
- C:\Windows\System\DszmETK.exe
  C:\Windows\System\DszmETK.exe
  2⤵
  PID:5836
- C:\Windows\System\SDlTXgH.exe
  C:\Windows\System\SDlTXgH.exe
  2⤵
  PID:5856
- C:\Windows\System\ahTEfas.exe
  C:\Windows\System\ahTEfas.exe
  2⤵
  PID:5872
- C:\Windows\System\oeAszFK.exe
  C:\Windows\System\oeAszFK.exe
  2⤵
  PID:5888
- C:\Windows\System\PglElhA.exe
  C:\Windows\System\PglElhA.exe
  2⤵
  PID:5904
- C:\Windows\System\GzWOGJz.exe
  C:\Windows\System\GzWOGJz.exe
  2⤵
  PID:5920
- C:\Windows\System\uMNoxwZ.exe
  C:\Windows\System\uMNoxwZ.exe
  2⤵
  PID:5936
- C:\Windows\System\EJaEmkI.exe
  C:\Windows\System\EJaEmkI.exe
  2⤵
  PID:5952
- C:\Windows\System\tDwgUjs.exe
  C:\Windows\System\tDwgUjs.exe
  2⤵
  PID:5976
- C:\Windows\System\BbGhhbv.exe
  C:\Windows\System\BbGhhbv.exe
  2⤵
  PID:6008
- C:\Windows\System\UdqeAPg.exe
  C:\Windows\System\UdqeAPg.exe
  2⤵
  PID:6024
- C:\Windows\System\TAQlASJ.exe
  C:\Windows\System\TAQlASJ.exe
  2⤵
  PID:6040
- C:\Windows\System\WxZDGSm.exe
  C:\Windows\System\WxZDGSm.exe
  2⤵
  PID:6056
- C:\Windows\System\mtmYGVl.exe
  C:\Windows\System\mtmYGVl.exe
  2⤵
  PID:6072
- C:\Windows\System\YfbIbsl.exe
  C:\Windows\System\YfbIbsl.exe
  2⤵
  PID:6092
- C:\Windows\System\aUpaLiu.exe
  C:\Windows\System\aUpaLiu.exe
  2⤵
  PID:6108
- C:\Windows\System\dnxsIrR.exe
  C:\Windows\System\dnxsIrR.exe
  2⤵
  PID:6124
- C:\Windows\System\WfagZAu.exe
  C:\Windows\System\WfagZAu.exe
  2⤵
  PID:6140
- C:\Windows\System\HiTpmot.exe
  C:\Windows\System\HiTpmot.exe
  2⤵
  PID:848
- C:\Windows\System\aRxhhtW.exe
  C:\Windows\System\aRxhhtW.exe
  2⤵
  PID:5172
- C:\Windows\System\dvXxbUI.exe
  C:\Windows\System\dvXxbUI.exe
  2⤵
  PID:5208
- C:\Windows\System\dZJCGDa.exe
  C:\Windows\System\dZJCGDa.exe
  2⤵
  PID:5252
- C:\Windows\System\ySirOuA.exe
  C:\Windows\System\ySirOuA.exe
  2⤵
  PID:812
- C:\Windows\System\UVOOZgb.exe
  C:\Windows\System\UVOOZgb.exe
  2⤵
  PID:5156
- C:\Windows\System\UXMCnzi.exe
  C:\Windows\System\UXMCnzi.exe
  2⤵
  PID:5192
- C:\Windows\System\QrqChzm.exe
  C:\Windows\System\QrqChzm.exe
  2⤵
  PID:808
- C:\Windows\System\clAONSV.exe
  C:\Windows\System\clAONSV.exe
  2⤵
  PID:5228
- C:\Windows\System\pEsPWXi.exe
  C:\Windows\System\pEsPWXi.exe
  2⤵
  PID:5304
- C:\Windows\System\MhPQrCM.exe
  C:\Windows\System\MhPQrCM.exe
  2⤵
  PID:5352
- C:\Windows\System\QcrXUDi.exe
  C:\Windows\System\QcrXUDi.exe
  2⤵
  PID:5368
- C:\Windows\System\xphtVFI.exe
  C:\Windows\System\xphtVFI.exe
  2⤵
  PID:5388
- C:\Windows\System\zLWCkfC.exe
  C:\Windows\System\zLWCkfC.exe
  2⤵
  PID:5432
- C:\Windows\System\uavScvY.exe
  C:\Windows\System\uavScvY.exe
  2⤵
  PID:5500
- C:\Windows\System\DdRfzXA.exe
  C:\Windows\System\DdRfzXA.exe
  2⤵
  PID:5536
- C:\Windows\System\BqgibJF.exe
  C:\Windows\System\BqgibJF.exe
  2⤵
  PID:5604
- C:\Windows\System\RNwCqte.exe
  C:\Windows\System\RNwCqte.exe
  2⤵
  PID:5648
- C:\Windows\System\XYdqWCd.exe
  C:\Windows\System\XYdqWCd.exe
  2⤵
  PID:5688
- C:\Windows\System\PZZxQOL.exe
  C:\Windows\System\PZZxQOL.exe
  2⤵
  PID:5592
- C:\Windows\System\XxVFhaH.exe
  C:\Windows\System\XxVFhaH.exe
  2⤵
  PID:5704
- C:\Windows\System\KYHTORc.exe
  C:\Windows\System\KYHTORc.exe
  2⤵
  PID:5584
- C:\Windows\System\JwBWArw.exe
  C:\Windows\System\JwBWArw.exe
  2⤵
  PID:5728
- C:\Windows\System\vFDCIla.exe
  C:\Windows\System\vFDCIla.exe
  2⤵
  PID:5740
- C:\Windows\System\FgcXxWb.exe
  C:\Windows\System\FgcXxWb.exe
  2⤵
  PID:5780
- C:\Windows\System\PhXLedt.exe
  C:\Windows\System\PhXLedt.exe
  2⤵
  PID:5832
- C:\Windows\System\lVutgKY.exe
  C:\Windows\System\lVutgKY.exe
  2⤵
  PID:5868
- C:\Windows\System\XpEpZpp.exe
  C:\Windows\System\XpEpZpp.exe
  2⤵
  PID:5932
- C:\Windows\System\Jkxxtox.exe
  C:\Windows\System\Jkxxtox.exe
  2⤵
  PID:5852
- C:\Windows\System\XkSZBnx.exe
  C:\Windows\System\XkSZBnx.exe
  2⤵
  PID:5912
- C:\Windows\System\RUuwQVa.exe
  C:\Windows\System\RUuwQVa.exe
  2⤵
  PID:5968
- C:\Windows\System\yZRzEmv.exe
  C:\Windows\System\yZRzEmv.exe
  2⤵
  PID:5992
- C:\Windows\System\sfbgWaS.exe
  C:\Windows\System\sfbgWaS.exe
  2⤵
  PID:6048
- C:\Windows\System\KhqpbJw.exe
  C:\Windows\System\KhqpbJw.exe
  2⤵
  PID:6064
- C:\Windows\System\fAZPScE.exe
  C:\Windows\System\fAZPScE.exe
  2⤵
  PID:6032
- C:\Windows\System\Jpxbzjk.exe
  C:\Windows\System\Jpxbzjk.exe
  2⤵
  PID:6104
- C:\Windows\System\VrAClFd.exe
  C:\Windows\System\VrAClFd.exe
  2⤵
  PID:2536
- C:\Windows\System\mOQdtcg.exe
  C:\Windows\System\mOQdtcg.exe
  2⤵
  PID:5180
- C:\Windows\System\GAAssxi.exe
  C:\Windows\System\GAAssxi.exe
  2⤵
  PID:5212
- C:\Windows\System\OEKgHyW.exe
  C:\Windows\System\OEKgHyW.exe
  2⤵
  PID:5160
- C:\Windows\System\DDdXHKg.exe
  C:\Windows\System\DDdXHKg.exe
  2⤵
  PID:5324
- C:\Windows\System\UPDImPL.exe
  C:\Windows\System\UPDImPL.exe
  2⤵
  PID:3848
- C:\Windows\System\cQBvmyD.exe
  C:\Windows\System\cQBvmyD.exe
  2⤵
  PID:5348
- C:\Windows\System\wKQeYGa.exe
  C:\Windows\System\wKQeYGa.exe
  2⤵
  PID:5468
- C:\Windows\System\ktQZQsV.exe
  C:\Windows\System\ktQZQsV.exe
  2⤵
  PID:5640
- C:\Windows\System\PBhArTH.exe
  C:\Windows\System\PBhArTH.exe
  2⤵
  PID:5572
- C:\Windows\System\ReYBCOi.exe
  C:\Windows\System\ReYBCOi.exe
  2⤵
  PID:5624
- C:\Windows\System\MdtOKBT.exe
  C:\Windows\System\MdtOKBT.exe
  2⤵
  PID:5628
- C:\Windows\System\geSAVvi.exe
  C:\Windows\System\geSAVvi.exe
  2⤵
  PID:5484
- C:\Windows\System\wttPWbN.exe
  C:\Windows\System\wttPWbN.exe
  2⤵
  PID:5784
- C:\Windows\System\PWQWFpu.exe
  C:\Windows\System\PWQWFpu.exe
  2⤵
  PID:5816
- C:\Windows\System\vCXddOB.exe
  C:\Windows\System\vCXddOB.exe
  2⤵
  PID:5944
- C:\Windows\System\CKucagE.exe
  C:\Windows\System\CKucagE.exe
  2⤵
  PID:5900
- C:\Windows\System\Juctynl.exe
  C:\Windows\System\Juctynl.exe
  2⤵
  PID:6036
- C:\Windows\System\vHPvJNH.exe
  C:\Windows\System\vHPvJNH.exe
  2⤵
  PID:5928
- C:\Windows\System\yanOMac.exe
  C:\Windows\System\yanOMac.exe
  2⤵
  PID:6100
- C:\Windows\System\HzVRVpP.exe
  C:\Windows\System\HzVRVpP.exe
  2⤵
  PID:5136
- C:\Windows\System\xNOmoZO.exe
  C:\Windows\System\xNOmoZO.exe
  2⤵
  PID:4668
- C:\Windows\System\PBVknyY.exe
  C:\Windows\System\PBVknyY.exe
  2⤵
  PID:5256
- C:\Windows\System\WFJSHxP.exe
  C:\Windows\System\WFJSHxP.exe
  2⤵
  PID:5276
- C:\Windows\System\yBasSKE.exe
  C:\Windows\System\yBasSKE.exe
  2⤵
  PID:5524
- C:\Windows\System\RSeaUxL.exe
  C:\Windows\System\RSeaUxL.exe
  2⤵
  PID:5364
- C:\Windows\System\mOOFDzM.exe
  C:\Windows\System\mOOFDzM.exe
  2⤵
  PID:5448
- C:\Windows\System\yLuTwgI.exe
  C:\Windows\System\yLuTwgI.exe
  2⤵
  PID:5708
- C:\Windows\System\dtdhaRE.exe
  C:\Windows\System\dtdhaRE.exe
  2⤵
  PID:5668
- C:\Windows\System\rceSUEm.exe
  C:\Windows\System\rceSUEm.exe
  2⤵
  PID:5724
- C:\Windows\System\XUTstUC.exe
  C:\Windows\System\XUTstUC.exe
  2⤵
  PID:5132
- C:\Windows\System\jFOqpVa.exe
  C:\Windows\System\jFOqpVa.exe
  2⤵
  PID:6004
- C:\Windows\System\BRgByTc.exe
  C:\Windows\System\BRgByTc.exe
  2⤵
  PID:5248
- C:\Windows\System\IyOpLsN.exe
  C:\Windows\System\IyOpLsN.exe
  2⤵
  PID:5428
- C:\Windows\System\TcrWAGz.exe
  C:\Windows\System\TcrWAGz.exe
  2⤵
  PID:5800
- C:\Windows\System\UWgAMib.exe
  C:\Windows\System\UWgAMib.exe
  2⤵
  PID:6080
- C:\Windows\System\IPjbqEi.exe
  C:\Windows\System\IPjbqEi.exe
  2⤵
  PID:6156
- C:\Windows\System\DAscdus.exe
  C:\Windows\System\DAscdus.exe
  2⤵
  PID:6172
- C:\Windows\System\eMPFUtc.exe
  C:\Windows\System\eMPFUtc.exe
  2⤵
  PID:6188
- C:\Windows\System\yKPUaoK.exe
  C:\Windows\System\yKPUaoK.exe
  2⤵
  PID:6204
- C:\Windows\System\LAjATls.exe
  C:\Windows\System\LAjATls.exe
  2⤵
  PID:6220
- C:\Windows\System\MVULjmi.exe
  C:\Windows\System\MVULjmi.exe
  2⤵
  PID:6236
- C:\Windows\System\rlDAinw.exe
  C:\Windows\System\rlDAinw.exe
  2⤵
  PID:6252
- C:\Windows\System\uSTsdkn.exe
  C:\Windows\System\uSTsdkn.exe
  2⤵
  PID:6268
- C:\Windows\System\KPeAUQH.exe
  C:\Windows\System\KPeAUQH.exe
  2⤵
  PID:6284
- C:\Windows\System\hCqqaqq.exe
  C:\Windows\System\hCqqaqq.exe
  2⤵
  PID:6300
- C:\Windows\System\mMskLRx.exe
  C:\Windows\System\mMskLRx.exe
  2⤵
  PID:6316
- C:\Windows\System\offllmg.exe
  C:\Windows\System\offllmg.exe
  2⤵
  PID:6336
- C:\Windows\System\onzEZml.exe
  C:\Windows\System\onzEZml.exe
  2⤵
  PID:6352
- C:\Windows\System\QdrbREX.exe
  C:\Windows\System\QdrbREX.exe
  2⤵
  PID:6368
- C:\Windows\System\fLmPLhR.exe
  C:\Windows\System\fLmPLhR.exe
  2⤵
  PID:6384
- C:\Windows\System\ItnmzbZ.exe
  C:\Windows\System\ItnmzbZ.exe
  2⤵
  PID:6400
- C:\Windows\System\IEZfkDk.exe
  C:\Windows\System\IEZfkDk.exe
  2⤵
  PID:6416
- C:\Windows\System\IKkemZa.exe
  C:\Windows\System\IKkemZa.exe
  2⤵
  PID:6432
- C:\Windows\System\DwgLPPp.exe
  C:\Windows\System\DwgLPPp.exe
  2⤵
  PID:6448
- C:\Windows\System\RSaCxqW.exe
  C:\Windows\System\RSaCxqW.exe
  2⤵
  PID:6464
- C:\Windows\System\OGsplws.exe
  C:\Windows\System\OGsplws.exe
  2⤵
  PID:6480
- C:\Windows\System\OgvlqQD.exe
  C:\Windows\System\OgvlqQD.exe
  2⤵
  PID:6496
- C:\Windows\System\YUuMKSA.exe
  C:\Windows\System\YUuMKSA.exe
  2⤵
  PID:6512
- C:\Windows\System\zFrMiOp.exe
  C:\Windows\System\zFrMiOp.exe
  2⤵
  PID:6532
- C:\Windows\System\AjonJlR.exe
  C:\Windows\System\AjonJlR.exe
  2⤵
  PID:6548
- C:\Windows\System\IyAPbDS.exe
  C:\Windows\System\IyAPbDS.exe
  2⤵
  PID:6568
- C:\Windows\System\VDpGIXr.exe
  C:\Windows\System\VDpGIXr.exe
  2⤵
  PID:6584
- C:\Windows\System\LTnwMIP.exe
  C:\Windows\System\LTnwMIP.exe
  2⤵
  PID:6600
- C:\Windows\System\ulUjzjH.exe
  C:\Windows\System\ulUjzjH.exe
  2⤵
  PID:6620
- C:\Windows\System\EziyiQo.exe
  C:\Windows\System\EziyiQo.exe
  2⤵
  PID:6636
- C:\Windows\System\hCkKqgt.exe
  C:\Windows\System\hCkKqgt.exe
  2⤵
  PID:6652
- C:\Windows\System\FYseXMs.exe
  C:\Windows\System\FYseXMs.exe
  2⤵
  PID:6668
- C:\Windows\System\nXtlWDM.exe
  C:\Windows\System\nXtlWDM.exe
  2⤵
  PID:6684
- C:\Windows\System\JXHPNzR.exe
  C:\Windows\System\JXHPNzR.exe
  2⤵
  PID:6700
- C:\Windows\System\otzWVaT.exe
  C:\Windows\System\otzWVaT.exe
  2⤵
  PID:6724
- C:\Windows\System\YQjCehv.exe
  C:\Windows\System\YQjCehv.exe
  2⤵
  PID:6740
- C:\Windows\System\pSOEHai.exe
  C:\Windows\System\pSOEHai.exe
  2⤵
  PID:6756
- C:\Windows\System\EQfpvwo.exe
  C:\Windows\System\EQfpvwo.exe
  2⤵
  PID:6772
- C:\Windows\System\tFLukTa.exe
  C:\Windows\System\tFLukTa.exe
  2⤵
  PID:6788
- C:\Windows\System\dRlxvmA.exe
  C:\Windows\System\dRlxvmA.exe
  2⤵
  PID:6804
- C:\Windows\System\juAxxkk.exe
  C:\Windows\System\juAxxkk.exe
  2⤵
  PID:6820
- C:\Windows\System\pkogAgH.exe
  C:\Windows\System\pkogAgH.exe
  2⤵
  PID:6836
- C:\Windows\System\uCekbiH.exe
  C:\Windows\System\uCekbiH.exe
  2⤵
  PID:6852
- C:\Windows\System\pzmqrlw.exe
  C:\Windows\System\pzmqrlw.exe
  2⤵
  PID:6868
- C:\Windows\System\BrqoptR.exe
  C:\Windows\System\BrqoptR.exe
  2⤵
  PID:6884
- C:\Windows\System\UdxPzqf.exe
  C:\Windows\System\UdxPzqf.exe
  2⤵
  PID:6900
- C:\Windows\System\KIFotbm.exe
  C:\Windows\System\KIFotbm.exe
  2⤵
  PID:6916
- C:\Windows\System\nToSDLk.exe
  C:\Windows\System\nToSDLk.exe
  2⤵
  PID:6936
- C:\Windows\System\ihXqeBv.exe
  C:\Windows\System\ihXqeBv.exe
  2⤵
  PID:6952
- C:\Windows\System\cLqnLmH.exe
  C:\Windows\System\cLqnLmH.exe
  2⤵
  PID:6968
- C:\Windows\System\nfVAMjM.exe
  C:\Windows\System\nfVAMjM.exe
  2⤵
  PID:6984
- C:\Windows\System\qmaXvYk.exe
  C:\Windows\System\qmaXvYk.exe
  2⤵
  PID:7000
- C:\Windows\System\axZQmMV.exe
  C:\Windows\System\axZQmMV.exe
  2⤵
  PID:7016
- C:\Windows\System\GLDhrUP.exe
  C:\Windows\System\GLDhrUP.exe
  2⤵
  PID:7032
- C:\Windows\System\oCRcVaH.exe
  C:\Windows\System\oCRcVaH.exe
  2⤵
  PID:7048
- C:\Windows\System\UGeWpMt.exe
  C:\Windows\System\UGeWpMt.exe
  2⤵
  PID:7064
- C:\Windows\System\MptCpFc.exe
  C:\Windows\System\MptCpFc.exe
  2⤵
  PID:7080
- C:\Windows\System\NzhcmBf.exe
  C:\Windows\System\NzhcmBf.exe
  2⤵
  PID:7096
- C:\Windows\System\NMqPElL.exe
  C:\Windows\System\NMqPElL.exe
  2⤵
  PID:7112
- C:\Windows\System\iCZobwf.exe
  C:\Windows\System\iCZobwf.exe
  2⤵
  PID:7128
- C:\Windows\System\AzPnjtR.exe
  C:\Windows\System\AzPnjtR.exe
  2⤵
  PID:7152
- C:\Windows\System\jrmsiMs.exe
  C:\Windows\System\jrmsiMs.exe
  2⤵
  PID:5360
- C:\Windows\System\QQgtcEs.exe
  C:\Windows\System\QQgtcEs.exe
  2⤵
  PID:5376
- C:\Windows\System\bzCRhDa.exe
  C:\Windows\System\bzCRhDa.exe
  2⤵
  PID:5984
- C:\Windows\System\pBMZGEs.exe
  C:\Windows\System\pBMZGEs.exe
  2⤵
  PID:5272
- C:\Windows\System\iYDGDGe.exe
  C:\Windows\System\iYDGDGe.exe
  2⤵
  PID:6168
- C:\Windows\System\DFnuCmf.exe
  C:\Windows\System\DFnuCmf.exe
  2⤵
  PID:6212
- C:\Windows\System\RwQXnQH.exe
  C:\Windows\System\RwQXnQH.exe
  2⤵
  PID:6248
- C:\Windows\System\FCtrmJS.exe
  C:\Windows\System\FCtrmJS.exe
  2⤵
  PID:6276
- C:\Windows\System\pmSfjhJ.exe
  C:\Windows\System\pmSfjhJ.exe
  2⤵
  PID:6296
- C:\Windows\System\hQFQvZM.exe
  C:\Windows\System\hQFQvZM.exe
  2⤵
  PID:6348
- C:\Windows\System\MNBQoNs.exe
  C:\Windows\System\MNBQoNs.exe
  2⤵
  PID:6412
- C:\Windows\System\nIzUYSB.exe
  C:\Windows\System\nIzUYSB.exe
  2⤵
  PID:6328
- C:\Windows\System\fDXgOCz.exe
  C:\Windows\System\fDXgOCz.exe
  2⤵
  PID:6428
- C:\Windows\System\Jduaxsr.exe
  C:\Windows\System\Jduaxsr.exe
  2⤵
  PID:6444
- C:\Windows\System\PujrVwZ.exe
  C:\Windows\System\PujrVwZ.exe
  2⤵
  PID:6492
- C:\Windows\System\YLqSybJ.exe
  C:\Windows\System\YLqSybJ.exe
  2⤵
  PID:6544
- C:\Windows\System\BQnSAbJ.exe
  C:\Windows\System\BQnSAbJ.exe
  2⤵
  PID:6556
- C:\Windows\System\TWMRVSz.exe
  C:\Windows\System\TWMRVSz.exe
  2⤵
  PID:6592
- C:\Windows\System\gYAifpG.exe
  C:\Windows\System\gYAifpG.exe
  2⤵
  PID:6612
- C:\Windows\System\xIHRauq.exe
  C:\Windows\System\xIHRauq.exe
  2⤵
  PID:6660
- C:\Windows\System\lfYGssv.exe
  C:\Windows\System\lfYGssv.exe
  2⤵
  PID:6692
- C:\Windows\System\BeDavAY.exe
  C:\Windows\System\BeDavAY.exe
  2⤵
  PID:6716
- C:\Windows\System\IPFRNGc.exe
  C:\Windows\System\IPFRNGc.exe
  2⤵
  PID:6764
- C:\Windows\System\ysfhlJi.exe
  C:\Windows\System\ysfhlJi.exe
  2⤵
  PID:6736
- C:\Windows\System\HjwMhdT.exe
  C:\Windows\System\HjwMhdT.exe
  2⤵
  PID:6796
- C:\Windows\System\doUCwPv.exe
  C:\Windows\System\doUCwPv.exe
  2⤵
  PID:6844
- C:\Windows\System\ovVUKWg.exe
  C:\Windows\System\ovVUKWg.exe
  2⤵
  PID:6800
- C:\Windows\System\KrrfwiY.exe
  C:\Windows\System\KrrfwiY.exe
  2⤵
  PID:6908
- C:\Windows\System\vbwabTt.exe
  C:\Windows\System\vbwabTt.exe
  2⤵
  PID:6948
- C:\Windows\System\XgMMgGZ.exe
  C:\Windows\System\XgMMgGZ.exe
  2⤵
  PID:6980
- C:\Windows\System\jazzMra.exe
  C:\Windows\System\jazzMra.exe
  2⤵
  PID:7044
- C:\Windows\System\qewjDKQ.exe
  C:\Windows\System\qewjDKQ.exe
  2⤵
  PID:7104
- C:\Windows\System\dunTghP.exe
  C:\Windows\System\dunTghP.exe
  2⤵
  PID:7124
- C:\Windows\System\mKKBYBd.exe
  C:\Windows\System\mKKBYBd.exe
  2⤵
  PID:7060
- C:\Windows\System\cKSDVPp.exe
  C:\Windows\System\cKSDVPp.exe
  2⤵
  PID:5416
- C:\Windows\System\NobUATH.exe
  C:\Windows\System\NobUATH.exe
  2⤵
  PID:6180
- C:\Windows\System\LQBIStb.exe
  C:\Windows\System\LQBIStb.exe
  2⤵
  PID:7164
- C:\Windows\System\XSyMBHc.exe
  C:\Windows\System\XSyMBHc.exe
  2⤵
  PID:6244
- C:\Windows\System\lHzDmWj.exe
  C:\Windows\System\lHzDmWj.exe
  2⤵
  PID:6164
- C:\Windows\System\GJsaugi.exe
  C:\Windows\System\GJsaugi.exe
  2⤵
  PID:6408
- C:\Windows\System\ETVlrpc.exe
  C:\Windows\System\ETVlrpc.exe
  2⤵
  PID:6324
- C:\Windows\System\xtMAcbG.exe
  C:\Windows\System\xtMAcbG.exe
  2⤵
  PID:6488
- C:\Windows\System\tsRjJLs.exe
  C:\Windows\System\tsRjJLs.exe
  2⤵
  PID:6524
- C:\Windows\System\TbzbELX.exe
  C:\Windows\System\TbzbELX.exe
  2⤵
  PID:6632
- C:\Windows\System\HoKGlPq.exe
  C:\Windows\System\HoKGlPq.exe
  2⤵
  PID:6752
- C:\Windows\System\IxdmpLu.exe
  C:\Windows\System\IxdmpLu.exe
  2⤵
  PID:6680
- C:\Windows\System\pQHQBPP.exe
  C:\Windows\System\pQHQBPP.exe
  2⤵
  PID:6696
- C:\Windows\System\LDHwpOI.exe
  C:\Windows\System\LDHwpOI.exe
  2⤵
  PID:6784
- C:\Windows\System\DQnzFqY.exe
  C:\Windows\System\DQnzFqY.exe
  2⤵
  PID:6876
- C:\Windows\System\OZQvBHq.exe
  C:\Windows\System\OZQvBHq.exe
  2⤵
  PID:7088
- C:\Windows\System\SHNSsPe.exe
  C:\Windows\System\SHNSsPe.exe
  2⤵
  PID:6928
- C:\Windows\System\jbGZBbG.exe
  C:\Windows\System\jbGZBbG.exe
  2⤵
  PID:7092
- C:\Windows\System\kdlzhyE.exe
  C:\Windows\System\kdlzhyE.exe
  2⤵
  PID:7160
- C:\Windows\System\dwJFDFq.exe
  C:\Windows\System\dwJFDFq.exe
  2⤵
  PID:6280
- C:\Windows\System\EERQzFy.exe
  C:\Windows\System\EERQzFy.exe
  2⤵
  PID:5844
- C:\Windows\System\ifsbDro.exe
  C:\Windows\System\ifsbDro.exe
  2⤵
  PID:6560
- C:\Windows\System\zzgIKIw.exe
  C:\Windows\System\zzgIKIw.exe
  2⤵
  PID:6148
- C:\Windows\System\bLrJjIu.exe
  C:\Windows\System\bLrJjIu.exe
  2⤵
  PID:5748
- C:\Windows\System\ikegfJv.exe
  C:\Windows\System\ikegfJv.exe
  2⤵
  PID:6992
- C:\Windows\System\dlYtTEL.exe
  C:\Windows\System\dlYtTEL.exe
  2⤵
  PID:7136
- C:\Windows\System\BDRwKtw.exe
  C:\Windows\System\BDRwKtw.exe
  2⤵
  PID:5684
- C:\Windows\System\yDOCYXh.exe
  C:\Windows\System\yDOCYXh.exe
  2⤵
  PID:2260
- C:\Windows\System\zzSIpfQ.exe
  C:\Windows\System\zzSIpfQ.exe
  2⤵
  PID:6396
- C:\Windows\System\anVlmgV.exe
  C:\Windows\System\anVlmgV.exe
  2⤵
  PID:7176
- C:\Windows\System\SlKrXtt.exe
  C:\Windows\System\SlKrXtt.exe
  2⤵
  PID:7192
- C:\Windows\System\BCPpPdi.exe
  C:\Windows\System\BCPpPdi.exe
  2⤵
  PID:7208
- C:\Windows\System\ZqMiLEc.exe
  C:\Windows\System\ZqMiLEc.exe
  2⤵
  PID:7224
- C:\Windows\System\fwzlWbq.exe
  C:\Windows\System\fwzlWbq.exe
  2⤵
  PID:7244
- C:\Windows\System\bdkyAGQ.exe
  C:\Windows\System\bdkyAGQ.exe
  2⤵
  PID:7260
- C:\Windows\System\ANXyALP.exe
  C:\Windows\System\ANXyALP.exe
  2⤵
  PID:7276
- C:\Windows\System\pLfTPTo.exe
  C:\Windows\System\pLfTPTo.exe
  2⤵
  PID:7296
- C:\Windows\System\hWnaqWz.exe
  C:\Windows\System\hWnaqWz.exe
  2⤵
  PID:7312
- C:\Windows\System\RWojvNC.exe
  C:\Windows\System\RWojvNC.exe
  2⤵
  PID:7332
- C:\Windows\System\wEtJnnb.exe
  C:\Windows\System\wEtJnnb.exe
  2⤵
  PID:7364
- C:\Windows\System\KvHckDn.exe
  C:\Windows\System\KvHckDn.exe
  2⤵
  PID:7388
- C:\Windows\System\WlSarGk.exe
  C:\Windows\System\WlSarGk.exe
  2⤵
  PID:7692
- C:\Windows\System\KhtPxBU.exe
  C:\Windows\System\KhtPxBU.exe
  2⤵
  PID:7712
- C:\Windows\System\PdVLQQf.exe
  C:\Windows\System\PdVLQQf.exe
  2⤵
  PID:7800
- C:\Windows\System\nNKKYNa.exe
  C:\Windows\System\nNKKYNa.exe
  2⤵
  PID:7820
- C:\Windows\System\sONEpNj.exe
  C:\Windows\System\sONEpNj.exe
  2⤵
  PID:7836
- C:\Windows\System\OhTwZLl.exe
  C:\Windows\System\OhTwZLl.exe
  2⤵
  PID:7852
- C:\Windows\System\nBJANFE.exe
  C:\Windows\System\nBJANFE.exe
  2⤵
  PID:7868
- C:\Windows\System\fhtywFR.exe
  C:\Windows\System\fhtywFR.exe
  2⤵
  PID:7884
- C:\Windows\System\ahshnsM.exe
  C:\Windows\System\ahshnsM.exe
  2⤵
  PID:7904
- C:\Windows\System\cyJFaxI.exe
  C:\Windows\System\cyJFaxI.exe
  2⤵
  PID:7952
- C:\Windows\System\tepAcmF.exe
  C:\Windows\System\tepAcmF.exe
  2⤵
  PID:7984
- C:\Windows\System\YdvNcwh.exe
  C:\Windows\System\YdvNcwh.exe
  2⤵
  PID:8028
- C:\Windows\System\BgjMCKn.exe
  C:\Windows\System\BgjMCKn.exe
  2⤵
  PID:8056
- C:\Windows\System\zEKuSbm.exe
  C:\Windows\System\zEKuSbm.exe
  2⤵
  PID:8088
- C:\Windows\System\GlhRtBa.exe
  C:\Windows\System\GlhRtBa.exe
  2⤵
  PID:8108
- C:\Windows\System\DkHMazi.exe
  C:\Windows\System\DkHMazi.exe
  2⤵
  PID:8144
- C:\Windows\System\pQUxiik.exe
  C:\Windows\System\pQUxiik.exe
  2⤵
  PID:8176
- C:\Windows\System\XimzdqU.exe
  C:\Windows\System\XimzdqU.exe
  2⤵
  PID:6976
- C:\Windows\System\zoYnUyU.exe
  C:\Windows\System\zoYnUyU.exe
  2⤵
  PID:6944
- C:\Windows\System\gZhkWZF.exe
  C:\Windows\System\gZhkWZF.exe
  2⤵
  PID:6892
- C:\Windows\System\WeNeogP.exe
  C:\Windows\System\WeNeogP.exe
  2⤵
  PID:6360
- C:\Windows\System\BoZELiD.exe
  C:\Windows\System\BoZELiD.exe
  2⤵
  PID:7252
- C:\Windows\System\IlyectR.exe
  C:\Windows\System\IlyectR.exe
  2⤵
  PID:7324
- C:\Windows\System\SDUPDWj.exe
  C:\Windows\System\SDUPDWj.exe
  2⤵
  PID:7344
- C:\Windows\System\ohXRFOL.exe
  C:\Windows\System\ohXRFOL.exe
  2⤵
  PID:7396
- C:\Windows\System\WRpnbut.exe
  C:\Windows\System\WRpnbut.exe
  2⤵
  PID:7420
- C:\Windows\System\GNgCXEM.exe
  C:\Windows\System\GNgCXEM.exe
  2⤵
  PID:7424
- C:\Windows\System\LGReuGg.exe
  C:\Windows\System\LGReuGg.exe
  2⤵
  PID:7456
- C:\Windows\System\GibxbIf.exe
  C:\Windows\System\GibxbIf.exe
  2⤵
  PID:7468
- C:\Windows\System\jrDtgYu.exe
  C:\Windows\System\jrDtgYu.exe
  2⤵
  PID:7488
- C:\Windows\System\DpvIkVq.exe
  C:\Windows\System\DpvIkVq.exe
  2⤵
  PID:7504
- C:\Windows\System\wthlTBS.exe
  C:\Windows\System\wthlTBS.exe
  2⤵
  PID:7520
- C:\Windows\System\sJFUjYV.exe
  C:\Windows\System\sJFUjYV.exe
  2⤵
  PID:7536
- C:\Windows\System\vsFaFlV.exe
  C:\Windows\System\vsFaFlV.exe
  2⤵
  PID:7560
- C:\Windows\System\NfwzBeI.exe
  C:\Windows\System\NfwzBeI.exe
  2⤵
  PID:7580
- C:\Windows\System\JeHYtrK.exe
  C:\Windows\System\JeHYtrK.exe
  2⤵
  PID:7592
- C:\Windows\System\ApTsesF.exe
  C:\Windows\System\ApTsesF.exe
  2⤵
  PID:7612
- C:\Windows\System\lQdoQnT.exe
  C:\Windows\System\lQdoQnT.exe
  2⤵
  PID:7628
- C:\Windows\System\bjCEbVe.exe
  C:\Windows\System\bjCEbVe.exe
  2⤵
  PID:7648
- C:\Windows\System\VZWWtdu.exe
  C:\Windows\System\VZWWtdu.exe
  2⤵
  PID:7428
- C:\Windows\System\hKMJgYu.exe
  C:\Windows\System\hKMJgYu.exe
  2⤵
  PID:7676
- C:\Windows\System\xDxEbwF.exe
  C:\Windows\System\xDxEbwF.exe
  2⤵
  PID:7720
- C:\Windows\System\XwGZeET.exe
  C:\Windows\System\XwGZeET.exe
  2⤵
  PID:7740
- C:\Windows\System\eLegNQL.exe
  C:\Windows\System\eLegNQL.exe
  2⤵
  PID:7756
- C:\Windows\System\IdIeVSd.exe
  C:\Windows\System\IdIeVSd.exe
  2⤵
  PID:7772
- C:\Windows\System\rxFrrEQ.exe
  C:\Windows\System\rxFrrEQ.exe
  2⤵
  PID:7788
- C:\Windows\System\rUvvzkd.exe
  C:\Windows\System\rUvvzkd.exe
  2⤵
  PID:7704
- C:\Windows\System\PcCiSOk.exe
  C:\Windows\System\PcCiSOk.exe
  2⤵
  PID:7860
- C:\Windows\System\KGcaBBz.exe
  C:\Windows\System\KGcaBBz.exe
  2⤵
  PID:7900
- C:\Windows\System\CTYtKsR.exe
  C:\Windows\System\CTYtKsR.exe
  2⤵
  PID:7876
- C:\Windows\System\uUCIFZS.exe
  C:\Windows\System\uUCIFZS.exe
  2⤵
  PID:7960
- C:\Windows\System\ghZdlYF.exe
  C:\Windows\System\ghZdlYF.exe
  2⤵
  PID:7980
- C:\Windows\System\KyEqpja.exe
  C:\Windows\System\KyEqpja.exe
  2⤵
  PID:8044
- C:\Windows\System\QXqVBHZ.exe
  C:\Windows\System\QXqVBHZ.exe
  2⤵
  PID:8100
- C:\Windows\System\vcgvlUc.exe
  C:\Windows\System\vcgvlUc.exe
  2⤵
  PID:7924
- C:\Windows\System\zIeLudz.exe
  C:\Windows\System\zIeLudz.exe
  2⤵
  PID:8064
- C:\Windows\System\CfYnENw.exe
  C:\Windows\System\CfYnENw.exe
  2⤵
  PID:8012
- C:\Windows\System\sHLHEwe.exe
  C:\Windows\System\sHLHEwe.exe
  2⤵
  PID:8000
- C:\Windows\System\QncGIsW.exe
  C:\Windows\System\QncGIsW.exe
  2⤵
  PID:8068
- C:\Windows\System\OLRFOII.exe
  C:\Windows\System\OLRFOII.exe
  2⤵
  PID:8084
- C:\Windows\System\BdmoQky.exe
  C:\Windows\System\BdmoQky.exe
  2⤵
  PID:8132
- C:\Windows\System\ncnamlB.exe
  C:\Windows\System\ncnamlB.exe
  2⤵
  PID:8184
- C:\Windows\System\lMbTSeY.exe
  C:\Windows\System\lMbTSeY.exe
  2⤵
  PID:6580
- C:\Windows\System\eQmsCuM.exe
  C:\Windows\System\eQmsCuM.exe
  2⤵
  PID:6712
- C:\Windows\System\aMOJdxf.exe
  C:\Windows\System\aMOJdxf.exe
  2⤵
  PID:6364
- C:\Windows\System\usCAiOJ.exe
  C:\Windows\System\usCAiOJ.exe
  2⤵
  PID:7272
- C:\Windows\System\MIcYYgJ.exe
  C:\Windows\System\MIcYYgJ.exe
  2⤵
  PID:7308
- C:\Windows\System\LRCXiNH.exe
  C:\Windows\System\LRCXiNH.exe
  2⤵
  PID:7240
- C:\Windows\System\ukrRtAr.exe
  C:\Windows\System\ukrRtAr.exe
  2⤵
  PID:7360
- C:\Windows\System\RpHWzUD.exe
  C:\Windows\System\RpHWzUD.exe
  2⤵
  PID:7408
- C:\Windows\System\VqEdlbe.exe
  C:\Windows\System\VqEdlbe.exe
  2⤵
  PID:7460
- C:\Windows\System\RlWWrkW.exe
  C:\Windows\System\RlWWrkW.exe
  2⤵
  PID:7528
- C:\Windows\System\dvjawZW.exe
  C:\Windows\System\dvjawZW.exe
  2⤵
  PID:7448
- C:\Windows\System\gNdFvlJ.exe
  C:\Windows\System\gNdFvlJ.exe
  2⤵
  PID:7508
- C:\Windows\System\kVQauxA.exe
  C:\Windows\System\kVQauxA.exe
  2⤵
  PID:7568
- C:\Windows\System\qEcsyFH.exe
  C:\Windows\System\qEcsyFH.exe
  2⤵
  PID:7636
- C:\Windows\System\TeGzxUR.exe
  C:\Windows\System\TeGzxUR.exe
  2⤵
  PID:7732
- C:\Windows\System\XonhPKe.exe
  C:\Windows\System\XonhPKe.exe
  2⤵
  PID:7544
- C:\Windows\System\RPAndfZ.exe
  C:\Windows\System\RPAndfZ.exe
  2⤵
  PID:7596
- C:\Windows\System\hnysEVp.exe
  C:\Windows\System\hnysEVp.exe
  2⤵
  PID:7656
- C:\Windows\System\pVjFTxA.exe
  C:\Windows\System\pVjFTxA.exe
  2⤵
  PID:7752
- C:\Windows\System\UoGVjAv.exe
  C:\Windows\System\UoGVjAv.exe
  2⤵
  PID:7808
- C:\Windows\System\PzoVGzS.exe
  C:\Windows\System\PzoVGzS.exe
  2⤵
  PID:7912
- C:\Windows\System\GdZGshE.exe
  C:\Windows\System\GdZGshE.exe
  2⤵
  PID:7748
- C:\Windows\System\QImVaYD.exe
  C:\Windows\System\QImVaYD.exe
  2⤵
  PID:8168
- C:\Windows\System\lFAYXsS.exe
  C:\Windows\System\lFAYXsS.exe
  2⤵
  PID:7964
- C:\Windows\System\vuwJsHs.exe
  C:\Windows\System\vuwJsHs.exe
  2⤵
  PID:8160
- C:\Windows\System\bSKMnis.exe
  C:\Windows\System\bSKMnis.exe
  2⤵
  PID:8008
- C:\Windows\System\ryqfdjT.exe
  C:\Windows\System\ryqfdjT.exe
  2⤵
  PID:6864
- C:\Windows\System\ivHXKtr.exe
  C:\Windows\System\ivHXKtr.exe
  2⤵
  PID:7304
- C:\Windows\System\LSDcFaS.exe
  C:\Windows\System\LSDcFaS.exe
  2⤵
  PID:7400
- C:\Windows\System\nmevMZN.exe
  C:\Windows\System\nmevMZN.exe
  2⤵
  PID:7232
- C:\Windows\System\pXJfRAP.exe
  C:\Windows\System\pXJfRAP.exe
  2⤵
  PID:8024
- C:\Windows\System\RveoLKv.exe
  C:\Windows\System\RveoLKv.exe
  2⤵
  PID:7996
- C:\Windows\System\aOxibSy.exe
  C:\Windows\System\aOxibSy.exe
  2⤵
  PID:6456
- C:\Windows\System\OptyrcP.exe
  C:\Windows\System\OptyrcP.exe
  2⤵
  PID:6768
- C:\Windows\System\fQNWBVk.exe
  C:\Windows\System\fQNWBVk.exe
  2⤵
  PID:7444
- C:\Windows\System\nZDgwZQ.exe
  C:\Windows\System\nZDgwZQ.exe
  2⤵
  PID:7532
- C:\Windows\System\qDqMmgv.exe
  C:\Windows\System\qDqMmgv.exe
  2⤵
  PID:7672
- C:\Windows\System\qEdpJLx.exe
  C:\Windows\System\qEdpJLx.exe
  2⤵
  PID:7624
- C:\Windows\System\kqErpfA.exe
  C:\Windows\System\kqErpfA.exe
  2⤵
  PID:7620
- C:\Windows\System\WksItEV.exe
  C:\Windows\System\WksItEV.exe
  2⤵
  PID:7784
- C:\Windows\System\RCOmoOm.exe
  C:\Windows\System\RCOmoOm.exe
  2⤵
  PID:8048
- C:\Windows\System\faTpcHs.exe
  C:\Windows\System\faTpcHs.exe
  2⤵
  PID:7932
- C:\Windows\System\BKonaMq.exe
  C:\Windows\System\BKonaMq.exe
  2⤵
  PID:7816
- C:\Windows\System\gHwvPBm.exe
  C:\Windows\System\gHwvPBm.exe
  2⤵
  PID:7416
- C:\Windows\System\AunIHrR.exe
  C:\Windows\System\AunIHrR.exe
  2⤵
  PID:7476
- C:\Windows\System\CSdlyKt.exe
  C:\Windows\System\CSdlyKt.exe
  2⤵
  PID:7432
- C:\Windows\System\aRbZgSZ.exe
  C:\Windows\System\aRbZgSZ.exe
  2⤵
  PID:7764
- C:\Windows\System\iirtBJB.exe
  C:\Windows\System\iirtBJB.exe
  2⤵
  PID:8016
- C:\Windows\System\UihjrjI.exe
  C:\Windows\System\UihjrjI.exe
  2⤵
  PID:8036
- C:\Windows\System\KiizGQO.exe
  C:\Windows\System\KiizGQO.exe
  2⤵
  PID:7380
- C:\Windows\System\RAKoNpe.exe
  C:\Windows\System\RAKoNpe.exe
  2⤵
  PID:7292
- C:\Windows\System\rJapmxi.exe
  C:\Windows\System\rJapmxi.exe
  2⤵
  PID:8152
- C:\Windows\System\CwelzkZ.exe
  C:\Windows\System\CwelzkZ.exe
  2⤵
  PID:8040
- C:\Windows\System\XPOAZEK.exe
  C:\Windows\System\XPOAZEK.exe
  2⤵
  PID:8128
- C:\Windows\System\iojfqPe.exe
  C:\Windows\System\iojfqPe.exe
  2⤵
  PID:7916
- C:\Windows\System\UPCbvVH.exe
  C:\Windows\System\UPCbvVH.exe
  2⤵
  PID:8204
- C:\Windows\System\DrHOmCm.exe
  C:\Windows\System\DrHOmCm.exe
  2⤵
  PID:8220
- C:\Windows\System\zFgTuUN.exe
  C:\Windows\System\zFgTuUN.exe
  2⤵
  PID:8236
- C:\Windows\System\nDQGGmy.exe
  C:\Windows\System\nDQGGmy.exe
  2⤵
  PID:8252
- C:\Windows\System\jyAGPtw.exe
  C:\Windows\System\jyAGPtw.exe
  2⤵
  PID:8268
- C:\Windows\System\rMhFmuv.exe
  C:\Windows\System\rMhFmuv.exe
  2⤵
  PID:8292
- C:\Windows\System\szBgcAZ.exe
  C:\Windows\System\szBgcAZ.exe
  2⤵
  PID:8308
- C:\Windows\System\frFJGej.exe
  C:\Windows\System\frFJGej.exe
  2⤵
  PID:8324
- C:\Windows\System\dkhFNbK.exe
  C:\Windows\System\dkhFNbK.exe
  2⤵
  PID:8344
- C:\Windows\System\WRowBdc.exe
  C:\Windows\System\WRowBdc.exe
  2⤵
  PID:8360
- C:\Windows\System\SsoTcdn.exe
  C:\Windows\System\SsoTcdn.exe
  2⤵
  PID:8376
- C:\Windows\System\vaNiCLN.exe
  C:\Windows\System\vaNiCLN.exe
  2⤵
  PID:8392
- C:\Windows\System\HjoWvqO.exe
  C:\Windows\System\HjoWvqO.exe
  2⤵
  PID:8408
- C:\Windows\System\kSjRqNR.exe
  C:\Windows\System\kSjRqNR.exe
  2⤵
  PID:8432
- C:\Windows\System\piVFPUM.exe
  C:\Windows\System\piVFPUM.exe
  2⤵
  PID:8448
- C:\Windows\System\UMeGijl.exe
  C:\Windows\System\UMeGijl.exe
  2⤵
  PID:8464
- C:\Windows\System\wAzEuGj.exe
  C:\Windows\System\wAzEuGj.exe
  2⤵
  PID:8480
- C:\Windows\System\QzFUkMU.exe
  C:\Windows\System\QzFUkMU.exe
  2⤵
  PID:8496
- C:\Windows\System\ybnFuZd.exe
  C:\Windows\System\ybnFuZd.exe
  2⤵
  PID:8512
- C:\Windows\System\plUgzkc.exe
  C:\Windows\System\plUgzkc.exe
  2⤵
  PID:8528
- C:\Windows\System\NcauTXi.exe
  C:\Windows\System\NcauTXi.exe
  2⤵
  PID:8544
- C:\Windows\System\bDeLmhJ.exe
  C:\Windows\System\bDeLmhJ.exe
  2⤵
  PID:8564
- C:\Windows\System\AUSfTgV.exe
  C:\Windows\System\AUSfTgV.exe
  2⤵
  PID:8580
- C:\Windows\System\lEmZhOl.exe
  C:\Windows\System\lEmZhOl.exe
  2⤵
  PID:8600
- C:\Windows\System\KaAHVNd.exe
  C:\Windows\System\KaAHVNd.exe
  2⤵
  PID:8616
- C:\Windows\System\cVNdwfR.exe
  C:\Windows\System\cVNdwfR.exe
  2⤵
  PID:8632
- C:\Windows\System\zFoneTz.exe
  C:\Windows\System\zFoneTz.exe
  2⤵
  PID:8648
- C:\Windows\System\abByriL.exe
  C:\Windows\System\abByriL.exe
  2⤵
  PID:8664
- C:\Windows\System\TostHZG.exe
  C:\Windows\System\TostHZG.exe
  2⤵
  PID:8688
- C:\Windows\System\CUICJAG.exe
  C:\Windows\System\CUICJAG.exe
  2⤵
  PID:8704
- C:\Windows\System\yGTJiAL.exe
  C:\Windows\System\yGTJiAL.exe
  2⤵
  PID:8720
- C:\Windows\System\iZDcBMa.exe
  C:\Windows\System\iZDcBMa.exe
  2⤵
  PID:8736
- C:\Windows\System\vZmsVKr.exe
  C:\Windows\System\vZmsVKr.exe
  2⤵
  PID:8756
- C:\Windows\System\fvdprQo.exe
  C:\Windows\System\fvdprQo.exe
  2⤵
  PID:8780
- C:\Windows\System\HhYsDDn.exe
  C:\Windows\System\HhYsDDn.exe
  2⤵
  PID:8804
- C:\Windows\System\hNGvMfD.exe
  C:\Windows\System\hNGvMfD.exe
  2⤵
  PID:8824
- C:\Windows\System\nKfFxXN.exe
  C:\Windows\System\nKfFxXN.exe
  2⤵
  PID:8840
- C:\Windows\System\zzytVVi.exe
  C:\Windows\System\zzytVVi.exe
  2⤵
  PID:8856
- C:\Windows\System\cKZlmWS.exe
  C:\Windows\System\cKZlmWS.exe
  2⤵
  PID:8872
- C:\Windows\System\biMgIwV.exe
  C:\Windows\System\biMgIwV.exe
  2⤵
  PID:8888
- C:\Windows\System\TNUfbSp.exe
  C:\Windows\System\TNUfbSp.exe
  2⤵
  PID:8904
- C:\Windows\System\GHEJNGe.exe
  C:\Windows\System\GHEJNGe.exe
  2⤵
  PID:8928
- C:\Windows\System\vsaPgLp.exe
  C:\Windows\System\vsaPgLp.exe
  2⤵
  PID:8944
- C:\Windows\System\aPzhCAv.exe
  C:\Windows\System\aPzhCAv.exe
  2⤵
  PID:8960
- C:\Windows\System\VyiXrYf.exe
  C:\Windows\System\VyiXrYf.exe
  2⤵
  PID:8976
- C:\Windows\System\pGZcscs.exe
  C:\Windows\System\pGZcscs.exe
  2⤵
  PID:8992
- C:\Windows\System\lPAhMsI.exe
  C:\Windows\System\lPAhMsI.exe
  2⤵
  PID:9008
- C:\Windows\System\HmtFkiC.exe
  C:\Windows\System\HmtFkiC.exe
  2⤵
  PID:9024
- C:\Windows\System\aayfTpc.exe
  C:\Windows\System\aayfTpc.exe
  2⤵
  PID:9040
- C:\Windows\System\hloVdaK.exe
  C:\Windows\System\hloVdaK.exe
  2⤵
  PID:9056
- C:\Windows\System\caAUsmA.exe
  C:\Windows\System\caAUsmA.exe
  2⤵
  PID:9072
- C:\Windows\System\BfyKXzO.exe
  C:\Windows\System\BfyKXzO.exe
  2⤵
  PID:9088
- C:\Windows\System\HSczjlY.exe
  C:\Windows\System\HSczjlY.exe
  2⤵
  PID:9104
- C:\Windows\System\hTPXxyl.exe
  C:\Windows\System\hTPXxyl.exe
  2⤵
  PID:9120
- C:\Windows\System\rCKrvrL.exe
  C:\Windows\System\rCKrvrL.exe
  2⤵
  PID:9136
- C:\Windows\System\vzPAULa.exe
  C:\Windows\System\vzPAULa.exe
  2⤵
  PID:9152
- C:\Windows\System\lOMXIyt.exe
  C:\Windows\System\lOMXIyt.exe
  2⤵
  PID:9168
- C:\Windows\System\mMBRJoX.exe
  C:\Windows\System\mMBRJoX.exe
  2⤵
  PID:9192
- C:\Windows\System\qgXMYmH.exe
  C:\Windows\System\qgXMYmH.exe
  2⤵
  PID:9208
- C:\Windows\System\VzfwxsS.exe
  C:\Windows\System\VzfwxsS.exe
  2⤵
  PID:7500
- C:\Windows\System\WOplUEH.exe
  C:\Windows\System\WOplUEH.exe
  2⤵
  PID:8196
- C:\Windows\System\kyefCfW.exe
  C:\Windows\System\kyefCfW.exe
  2⤵
  PID:8260
- C:\Windows\System\HettDev.exe
  C:\Windows\System\HettDev.exe
  2⤵
  PID:8276
- C:\Windows\System\JQCkDEk.exe
  C:\Windows\System\JQCkDEk.exe
  2⤵
  PID:8304
- C:\Windows\System\AublDgW.exe
  C:\Windows\System\AublDgW.exe
  2⤵
  PID:8404
- C:\Windows\System\sihbarM.exe
  C:\Windows\System\sihbarM.exe
  2⤵
  PID:8288
- C:\Windows\System\DZmHjXd.exe
  C:\Windows\System\DZmHjXd.exe
  2⤵
  PID:8356
- C:\Windows\System\ogxnbBw.exe
  C:\Windows\System\ogxnbBw.exe
  2⤵
  PID:8424
- C:\Windows\System\zdgjZQb.exe
  C:\Windows\System\zdgjZQb.exe
  2⤵
  PID:8444
- C:\Windows\System\BjlgchK.exe
  C:\Windows\System\BjlgchK.exe
  2⤵
  PID:8508
- C:\Windows\System\foiROvi.exe
  C:\Windows\System\foiROvi.exe
  2⤵
  PID:8576
- C:\Windows\System\hPXTuBa.exe
  C:\Windows\System\hPXTuBa.exe
  2⤵
  PID:8608
- C:\Windows\System\OAAcdoy.exe
  C:\Windows\System\OAAcdoy.exe
  2⤵
  PID:8672
- C:\Windows\System\pTemmac.exe
  C:\Windows\System\pTemmac.exe
  2⤵
  PID:9004
- C:\Windows\System\RWGKoAg.exe
  C:\Windows\System\RWGKoAg.exe
  2⤵
  PID:7040
- C:\Windows\System\VSaYPbE.exe
  C:\Windows\System\VSaYPbE.exe
  2⤵
  PID:8476
- C:\Windows\System\BvZPvIX.exe
  C:\Windows\System\BvZPvIX.exe
  2⤵
  PID:8556
- C:\Windows\System\bqalRvk.exe
  C:\Windows\System\bqalRvk.exe
  2⤵
  PID:8644
- C:\Windows\System\wnSlIFx.exe
  C:\Windows\System\wnSlIFx.exe
  2⤵
  PID:8492
- C:\Windows\System\FLFukKm.exe
  C:\Windows\System\FLFukKm.exe
  2⤵
  PID:8588
- C:\Windows\System\FtfeSYi.exe
  C:\Windows\System\FtfeSYi.exe
  2⤵
  PID:8700
- C:\Windows\System\oEgZWnG.exe
  C:\Windows\System\oEgZWnG.exe
  2⤵
  PID:8716
- C:\Windows\System\XsYbqyC.exe
  C:\Windows\System\XsYbqyC.exe
  2⤵
  PID:7340
- C:\Windows\System\iAPBKlG.exe
  C:\Windows\System\iAPBKlG.exe
  2⤵
  PID:8764
- C:\Windows\System\LlypCoX.exe
  C:\Windows\System\LlypCoX.exe
  2⤵
  PID:8772
- C:\Windows\System\VnNUWBx.exe
  C:\Windows\System\VnNUWBx.exe
  2⤵
  PID:8900
- C:\Windows\System\zQytvzT.exe
  C:\Windows\System\zQytvzT.exe
  2⤵
  PID:8884
- C:\Windows\System\NUasOxw.exe
  C:\Windows\System\NUasOxw.exe
  2⤵
  PID:8836
- C:\Windows\System\ADiBdVm.exe
  C:\Windows\System\ADiBdVm.exe
  2⤵
  PID:9016
- C:\Windows\System\JgwaCyw.exe
  C:\Windows\System\JgwaCyw.exe
  2⤵
  PID:8972
- C:\Windows\System\riDyuyH.exe
  C:\Windows\System\riDyuyH.exe
  2⤵
  PID:9112
- C:\Windows\System\UScUGmH.exe
  C:\Windows\System\UScUGmH.exe
  2⤵
  PID:9144
- C:\Windows\System\eMMWPUp.exe
  C:\Windows\System\eMMWPUp.exe
  2⤵
  PID:9128
- C:\Windows\System\gUgbsGY.exe
  C:\Windows\System\gUgbsGY.exe
  2⤵
  PID:9100
- C:\Windows\System\uzEfqmC.exe
  C:\Windows\System\uzEfqmC.exe
  2⤵
  PID:8156
- C:\Windows\System\SdMrRFD.exe
  C:\Windows\System\SdMrRFD.exe
  2⤵
  PID:8332
- C:\Windows\System\oDwPzmS.exe
  C:\Windows\System\oDwPzmS.exe
  2⤵
  PID:8388
- C:\Windows\System\xQXTpQo.exe
  C:\Windows\System\xQXTpQo.exe
  2⤵
  PID:8416
- C:\Windows\System\eZeHtUU.exe
  C:\Windows\System\eZeHtUU.exe
  2⤵
  PID:8440
- C:\Windows\System\HURJmpr.exe
  C:\Windows\System\HURJmpr.exe
  2⤵
  PID:8572
- C:\Windows\System\BGFNrQU.exe
  C:\Windows\System\BGFNrQU.exe
  2⤵
  PID:8552
- C:\Windows\System\XqEaakY.exe
  C:\Windows\System\XqEaakY.exe
  2⤵
  PID:8712
- C:\Windows\System\JEmxPqr.exe
  C:\Windows\System\JEmxPqr.exe
  2⤵
  PID:9048
- C:\Windows\System\hPLxwtx.exe
  C:\Windows\System\hPLxwtx.exe
  2⤵
  PID:8880
- C:\Windows\System\AtfBLuN.exe
  C:\Windows\System\AtfBLuN.exe
  2⤵
  PID:8940
- C:\Windows\System\DdCaqZe.exe
  C:\Windows\System\DdCaqZe.exe
  2⤵
  PID:8956
- C:\Windows\System\DZWcmvJ.exe
  C:\Windows\System\DZWcmvJ.exe
  2⤵
  PID:9084
- C:\Windows\System\rPjaatm.exe
  C:\Windows\System\rPjaatm.exe
  2⤵
  PID:9160
- C:\Windows\System\PdEcsOW.exe
  C:\Windows\System\PdEcsOW.exe
  2⤵
  PID:8228
- C:\Windows\System\kLhYfck.exe
  C:\Windows\System\kLhYfck.exe
  2⤵
  PID:9200
- C:\Windows\System\Myeqidr.exe
  C:\Windows\System\Myeqidr.exe
  2⤵
  PID:8244
- C:\Windows\System\OkCAUep.exe
  C:\Windows\System\OkCAUep.exe
  2⤵
  PID:8460
- C:\Windows\System\hTgbpop.exe
  C:\Windows\System\hTgbpop.exe
  2⤵
  PID:8628
- C:\Windows\System\xhwLxpi.exe
  C:\Windows\System\xhwLxpi.exe
  2⤵
  PID:8696
- C:\Windows\System\gRxLtNH.exe
  C:\Windows\System\gRxLtNH.exe
  2⤵
  PID:8284
- C:\Windows\System\uEuMTQr.exe
  C:\Windows\System\uEuMTQr.exe
  2⤵
  PID:8968
- C:\Windows\System\grrllTd.exe
  C:\Windows\System\grrllTd.exe
  2⤵
  PID:4376
- C:\Windows\System\oHkqkbc.exe
  C:\Windows\System\oHkqkbc.exe
  2⤵
  PID:8524
- C:\Windows\System\RWSIynR.exe
  C:\Windows\System\RWSIynR.exe
  2⤵
  PID:8984
- C:\Windows\System\fZLypsO.exe
  C:\Windows\System\fZLypsO.exe
  2⤵
  PID:8660
- C:\Windows\System\mQWYAJD.exe
  C:\Windows\System\mQWYAJD.exe
  2⤵
  PID:8212
- C:\Windows\System\WzHEDAP.exe
  C:\Windows\System\WzHEDAP.exe
  2⤵
  PID:8248
- C:\Windows\System\cInhWOS.exe
  C:\Windows\System\cInhWOS.exe
  2⤵
  PID:8952
- C:\Windows\System\RNNKUly.exe
  C:\Windows\System\RNNKUly.exe
  2⤵
  PID:8420
- C:\Windows\System\OFWwhzU.exe
  C:\Windows\System\OFWwhzU.exe
  2⤵
  PID:8752
- C:\Windows\System\FcSwzst.exe
  C:\Windows\System\FcSwzst.exe
  2⤵
  PID:8788
- C:\Windows\System\cOLfZzZ.exe
  C:\Windows\System\cOLfZzZ.exe
  2⤵
  PID:7844
- C:\Windows\System\EXRgWFk.exe
  C:\Windows\System\EXRgWFk.exe
  2⤵
  PID:9184
- C:\Windows\System\fTXmokw.exe
  C:\Windows\System\fTXmokw.exe
  2⤵
  PID:9064
- C:\Windows\System\KiJSaGy.exe
  C:\Windows\System\KiJSaGy.exe
  2⤵
  PID:9228
- C:\Windows\System\SPIihmz.exe
  C:\Windows\System\SPIihmz.exe
  2⤵
  PID:9252
- C:\Windows\System\rxxBDXS.exe
  C:\Windows\System\rxxBDXS.exe
  2⤵
  PID:9276
- C:\Windows\System\LcZxnGh.exe
  C:\Windows\System\LcZxnGh.exe
  2⤵
  PID:9292
- C:\Windows\System\mSyLLxv.exe
  C:\Windows\System\mSyLLxv.exe
  2⤵
  PID:9308
- C:\Windows\System\PNikywb.exe
  C:\Windows\System\PNikywb.exe
  2⤵
  PID:9324
- C:\Windows\System\OuWcOpv.exe
  C:\Windows\System\OuWcOpv.exe
  2⤵
  PID:9344
- C:\Windows\System\PCGTOTP.exe
  C:\Windows\System\PCGTOTP.exe
  2⤵
  PID:9372
- C:\Windows\System\xRLtbek.exe
  C:\Windows\System\xRLtbek.exe
  2⤵
  PID:9392
- C:\Windows\System\HuBNQBA.exe
  C:\Windows\System\HuBNQBA.exe
  2⤵
  PID:9408
- C:\Windows\System\ceFsmib.exe
  C:\Windows\System\ceFsmib.exe
  2⤵
  PID:9444
- C:\Windows\System\EMMEmCk.exe
  C:\Windows\System\EMMEmCk.exe
  2⤵
  PID:9464
- C:\Windows\System\xJdpwpB.exe
  C:\Windows\System\xJdpwpB.exe
  2⤵
  PID:9488
- C:\Windows\System\dhdXbAj.exe
  C:\Windows\System\dhdXbAj.exe
  2⤵
  PID:9512
- C:\Windows\System\tMAaDLc.exe
  C:\Windows\System\tMAaDLc.exe
  2⤵
  PID:9532
- C:\Windows\System\SJUjwSC.exe
  C:\Windows\System\SJUjwSC.exe
  2⤵
  PID:9548
- C:\Windows\System\pOZrUYk.exe
  C:\Windows\System\pOZrUYk.exe
  2⤵
  PID:9564
- C:\Windows\System\XYiWEYC.exe
  C:\Windows\System\XYiWEYC.exe
  2⤵
  PID:9584
- C:\Windows\System\QLYDgKo.exe
  C:\Windows\System\QLYDgKo.exe
  2⤵
  PID:9604
- C:\Windows\System\eSQWtct.exe
  C:\Windows\System\eSQWtct.exe
  2⤵
  PID:9624
- C:\Windows\System\uGABotO.exe
  C:\Windows\System\uGABotO.exe
  2⤵
  PID:9640
- C:\Windows\System\YIhEyvV.exe
  C:\Windows\System\YIhEyvV.exe
  2⤵
  PID:9656
- C:\Windows\System\xKOKLhs.exe
  C:\Windows\System\xKOKLhs.exe
  2⤵
  PID:9672
- C:\Windows\System\hKsyWJZ.exe
  C:\Windows\System\hKsyWJZ.exe
  2⤵
  PID:9692
- C:\Windows\System\vvBgkDf.exe
  C:\Windows\System\vvBgkDf.exe
  2⤵
  PID:9708
- C:\Windows\System\DtdhjZt.exe
  C:\Windows\System\DtdhjZt.exe
  2⤵
  PID:9728
- C:\Windows\System\kxSBZAT.exe
  C:\Windows\System\kxSBZAT.exe
  2⤵
  PID:9756
- C:\Windows\System\fdzSKOc.exe
  C:\Windows\System\fdzSKOc.exe
  2⤵
  PID:9776
- C:\Windows\System\VWQANws.exe
  C:\Windows\System\VWQANws.exe
  2⤵
  PID:9808
- C:\Windows\System\UByCJOS.exe
  C:\Windows\System\UByCJOS.exe
  2⤵
  PID:9832
- C:\Windows\System\SvdJqni.exe
  C:\Windows\System\SvdJqni.exe
  2⤵
  PID:9852
- C:\Windows\System\VPrqLWL.exe
  C:\Windows\System\VPrqLWL.exe
  2⤵
  PID:9868
- C:\Windows\System\LXYiKTB.exe
  C:\Windows\System\LXYiKTB.exe
  2⤵
  PID:9888
- C:\Windows\System\ZdYWEav.exe
  C:\Windows\System\ZdYWEav.exe
  2⤵
  PID:9908
- C:\Windows\System\WLeYkiM.exe
  C:\Windows\System\WLeYkiM.exe
  2⤵
  PID:9928
- C:\Windows\System\NiyGADy.exe
  C:\Windows\System\NiyGADy.exe
  2⤵
  PID:9948
- C:\Windows\System\hfjjoIM.exe
  C:\Windows\System\hfjjoIM.exe
  2⤵
  PID:9964
- C:\Windows\System\gthSTYQ.exe
  C:\Windows\System\gthSTYQ.exe
  2⤵
  PID:9984
- C:\Windows\System\VcOWNHv.exe
  C:\Windows\System\VcOWNHv.exe
  2⤵
  PID:10012
- C:\Windows\System\HBOMtqQ.exe
  C:\Windows\System\HBOMtqQ.exe
  2⤵
  PID:10028
- C:\Windows\System\JrdEyGj.exe
  C:\Windows\System\JrdEyGj.exe
  2⤵
  PID:10048
- C:\Windows\System\DVHBOAo.exe
  C:\Windows\System\DVHBOAo.exe
  2⤵
  PID:10064
- C:\Windows\System\ETxRFdV.exe
  C:\Windows\System\ETxRFdV.exe
  2⤵
  PID:10084
- C:\Windows\System\ncAPlHh.exe
  C:\Windows\System\ncAPlHh.exe
  2⤵
  PID:10100
- C:\Windows\System\ufYsocy.exe
  C:\Windows\System\ufYsocy.exe
  2⤵
  PID:10120
- C:\Windows\System\NaucnEv.exe
  C:\Windows\System\NaucnEv.exe
  2⤵
  PID:10144
- C:\Windows\System\zZjmqTD.exe
  C:\Windows\System\zZjmqTD.exe
  2⤵
  PID:10164
- C:\Windows\System\wKbClzh.exe
  C:\Windows\System\wKbClzh.exe
  2⤵
  PID:10188
- C:\Windows\System\vtidbqe.exe
  C:\Windows\System\vtidbqe.exe
  2⤵
  PID:10208
- C:\Windows\System\HuzNXJf.exe
  C:\Windows\System\HuzNXJf.exe
  2⤵
  PID:10228
- C:\Windows\System\ZWcCrcf.exe
  C:\Windows\System\ZWcCrcf.exe
  2⤵
  PID:9224
- C:\Windows\System\GkQgnAP.exe
  C:\Windows\System\GkQgnAP.exe
  2⤵
  PID:9268
- C:\Windows\System\ipJZZsp.exe
  C:\Windows\System\ipJZZsp.exe
  2⤵
  PID:9336
- C:\Windows\System\oHnqpVM.exe
  C:\Windows\System\oHnqpVM.exe
  2⤵
  PID:9320
- C:\Windows\System\uAbjISj.exe
  C:\Windows\System\uAbjISj.exe
  2⤵
  PID:9380
- C:\Windows\System\DRgFlzP.exe
  C:\Windows\System\DRgFlzP.exe
  2⤵
  PID:9424
- C:\Windows\System\ifTtIzq.exe
  C:\Windows\System\ifTtIzq.exe
  2⤵
  PID:9436
- C:\Windows\System\pOQdeFT.exe
  C:\Windows\System\pOQdeFT.exe
  2⤵
  PID:9440
- C:\Windows\System\DZGhtdb.exe
  C:\Windows\System\DZGhtdb.exe
  2⤵
  PID:9480
- C:\Windows\System\zQmQmUd.exe
  C:\Windows\System\zQmQmUd.exe
  2⤵
  PID:9524
- C:\Windows\System\mPeBMsi.exe
  C:\Windows\System\mPeBMsi.exe
  2⤵
  PID:9592
- C:\Windows\System\KmebWDW.exe
  C:\Windows\System\KmebWDW.exe
  2⤵
  PID:9664
- C:\Windows\System\dAAcyye.exe
  C:\Windows\System\dAAcyye.exe
  2⤵
  PID:9504
- C:\Windows\System\CDUrucs.exe
  C:\Windows\System\CDUrucs.exe
  2⤵
  PID:9580
- C:\Windows\System\BLCOsHg.exe
  C:\Windows\System\BLCOsHg.exe
  2⤵
  PID:9680
- C:\Windows\System\oHHlhOP.exe
  C:\Windows\System\oHHlhOP.exe
  2⤵
  PID:9720
- C:\Windows\System\nTTBiLB.exe
  C:\Windows\System\nTTBiLB.exe
  2⤵
  PID:9784
- C:\Windows\System\KRQdzLU.exe
  C:\Windows\System\KRQdzLU.exe
  2⤵
  PID:9788
- C:\Windows\System\GqTBQJS.exe
  C:\Windows\System\GqTBQJS.exe
  2⤵
  PID:9824
- C:\Windows\System\VYsISzl.exe
  C:\Windows\System\VYsISzl.exe
  2⤵
  PID:9844
- C:\Windows\System\KsVIUJC.exe
  C:\Windows\System\KsVIUJC.exe
  2⤵
  PID:9880
- C:\Windows\System\uGJRlWT.exe
  C:\Windows\System\uGJRlWT.exe
  2⤵
  PID:9916
- C:\Windows\System\eQZTCMJ.exe
  C:\Windows\System\eQZTCMJ.exe
  2⤵
  PID:9940
- C:\Windows\System\QpQLWet.exe
  C:\Windows\System\QpQLWet.exe
  2⤵
  PID:9976
- C:\Windows\System\QbLulvP.exe
  C:\Windows\System\QbLulvP.exe
  2⤵
  PID:10036
- C:\Windows\System\BVBUNRO.exe
  C:\Windows\System\BVBUNRO.exe
  2⤵
  PID:10072
- C:\Windows\System\yexNRMn.exe
  C:\Windows\System\yexNRMn.exe
  2⤵
  PID:10060
- C:\Windows\System\Gvqeerc.exe
  C:\Windows\System\Gvqeerc.exe
  2⤵
  PID:10128
- C:\Windows\System\oQcWLgZ.exe
  C:\Windows\System\oQcWLgZ.exe
  2⤵
  PID:10196
- C:\Windows\System\KkhDyel.exe
  C:\Windows\System\KkhDyel.exe
  2⤵
  PID:10172
- C:\Windows\System\LlETQdH.exe
  C:\Windows\System\LlETQdH.exe
  2⤵
  PID:10176
- C:\Windows\System\BuXMDOL.exe
  C:\Windows\System\BuXMDOL.exe
  2⤵
  PID:9240
- C:\Windows\System\HHHWgRz.exe
  C:\Windows\System\HHHWgRz.exe
  2⤵
  PID:9304
- C:\Windows\System\uzEEuKT.exe
  C:\Windows\System\uzEEuKT.exe
  2⤵
  PID:9316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AVawuAr.exe

Filesize
6.0MB

MD5
9feed090adb641c8972c4ed65f398e50

SHA1
ff6081061823f72bf09c7e972c88513e711bfd91

SHA256
5b07637001b85ced125d26b36ffae6abeca55a98b097cea579a7f5260a880ba0

SHA512
f76cbf51ad6098725da154c8a4be838c53a775b1b4c18f273f8b2c6f806133b5be31c99ec5415096e0a54cf50956c0fd3087bba376fe2daa7e747d31cfc9fbaf

Download Submit
C:\Windows\system\CcQPVVs.exe

Filesize
6.0MB

MD5
09923f3507638719d96bc86ce7fee02b

SHA1
3aacd30c13a507520e740ddc36b40709720c96bd

SHA256
07bc537d01e3861bdaded75cd73659527db1d0c8e9d5042924ea8ac01267d73e

SHA512
0f27b64e4a1f735387909f2a721064ab149b27cba0030fb4a25d35324ff7fe4106e267b20f966c69cba9ab8b84d8f07287edf2c3b65b0f121c1b2cb3e71fa485

Download Submit
C:\Windows\system\DgDHrvT.exe

Filesize
6.0MB

MD5
35a433d48e17e0b9409aca9239c405e5

SHA1
ba7e4706a9ead6213c51a95276f669fc50759424

SHA256
f7831b503ad58f659f7567d67c1f5f56c870269faf5e5b0b2221773cf848464c

SHA512
1d2f579b5b125c48a7acc1727a29e545272d274525646403f904ca0aef66a9e5365e67833b2aeef28fa0d90bbe6a3fefad8a29fea249ca9941fb50f445daf049

Download Submit
C:\Windows\system\IsYxVhv.exe

Filesize
6.0MB

MD5
dc41a143af9157cf015322a39926f3ad

SHA1
90248b059300301e4d9ba209bd83dda73309742c

SHA256
4b136b1e19ecb3c5d2c943fd1fe5897930c5454f9a3a146b3e60610e09c5cc8d

SHA512
cd1e7ef8577ea719d274dedb9f047b9a039f301104b078badcb136bce28657a20c67d63176f3b53a018462b7c51929b74f1aebd726ae1b3660b55e6d773de102

Download Submit
C:\Windows\system\JSxaHuI.exe

Filesize
6.0MB

MD5
4f5ddc0f506c8ca06300496cc85a91b5

SHA1
9e3b14b07073f296f633997cde9933f7faef921c

SHA256
fe17f1ca58de2b182635ad7841e0f976f98e7c757143bb6bbbbeabcf8c49eb39

SHA512
721906ea817609f51ec8152b923b85b10d8952058e462dcaa6c5e43723496589c6b29aa4daca26cc8e782818da4383528b8bb80509b0666b63ba0dbfc37d2ed6

Download Submit
C:\Windows\system\LOYLLMI.exe

Filesize
6.0MB

MD5
9007e1cb7a067d33bbd63e36cafea65e

SHA1
b801e18ba6feb6d658f9ea3a9777540aa533209c

SHA256
0547efd4601ca39572145f2ae43da0d250164116ca2d3f15390f442bfeef3b79

SHA512
b1b49f2225d69420ef5b81a492616f289014f3287a6c48c1eeee2951845e100953a84203eb5bca08141d3128e7957db1c4cf8ddb9fbafddb53d7bf5ddaa1b7aa

Download Submit
C:\Windows\system\NKBUmKm.exe

Filesize
6.0MB

MD5
0611e50bf22d91d728d38a4e338ac027

SHA1
17a38ba730c7c0d14d7d31183a79a2a1bedc4f04

SHA256
8074d2eb71e136e2fedd2c6efc8f1cf96c4a97d0d282875852ebf401e731cbd6

SHA512
69c179df94596af8e2e76c1c22d168303fd496b1eae469b8f21c22b036154e7879c3ce89d7f7744e7ff0f514f7cfb32f6fa518505f23cbb81869d317f0f81e7e

Download Submit
C:\Windows\system\OWCfjQJ.exe

Filesize
6.0MB

MD5
1f42d18d547be8afb8b1479f54460e82

SHA1
1cab2ef456f48b068cb4c6fe6ed8a913e2a7c231

SHA256
aebfb3c5264f2d223fae32a995cb64912b7dc2b2ba12e26be7a25b98d23692a0

SHA512
5161b113955a970dab4121649f821d631dfed99de88ac42d2a73f45c7a5e46f00e88d61c9abbe73f5ef18be6620c0152db2bea30aa6310f53271e6e5a1447409

Download Submit
C:\Windows\system\QRXdUXZ.exe

Filesize
6.0MB

MD5
a094392ce935dd068c08086e4135c6bf

SHA1
242ba7c8cc6bb02740fa46a71ae62794d17032bd

SHA256
727c1f1f92b7624fb4b37834ab85202ea505ba9cc5c84cec2ce9076e5f962fb9

SHA512
d060676f258f0b61d78eb4c250e45e1b693e7a2f5a6561cc22ab0b474a963d97a6056b2684b006ac40d493a5b6a7636a8d3f0129eef9d2670e7adf761b8c82dc

Download Submit
C:\Windows\system\TYPvtmi.exe

Filesize
6.0MB

MD5
a400918848c27fe042194d11022e1d3e

SHA1
ad6cf0ad488bd41ed938f626a9dacb02654400d4

SHA256
56be872e891885c15b411b9d2d8cbd3090458dd6cb57c154b30bdcbbec8d974d

SHA512
4b98f3a541bcd597acc8829751386f96106aba92f2fd43cab1014ca9c3223865e052a7603e2e6b859b3647fb9c5c6b18c236a7ebb883c24caf99cf28b7f817cf

Download Submit
C:\Windows\system\VIJisaU.exe

Filesize
6.0MB

MD5
6140e0a2dc729307a0476058be498d32

SHA1
6d68921514cef026109b2ca70e9d0dbf9dcb2c24

SHA256
085c0b39ac7e6ad5385d19555c7d480864c93cec4fb477848cc2171ad8a7631c

SHA512
fd50df786a1f3d3c74b4917cb757ea016f4d36a86af722ecce30846afdd342fe39bbeea818f2ce2b36a5983d335c0711017b834a9c39c680fbbf44d939d7ef7e

Download Submit
C:\Windows\system\XzqpmSU.exe

Filesize
6.0MB

MD5
5d0b92ee216d4d8164c9e44bcd0cab3b

SHA1
010791b872eca38f6cacd565fdfe8b6da23fda1e

SHA256
84137b1f2623864b9db4a6275714ea2823e89ff7aef52057a6b9c1a572491fad

SHA512
588ee060593a466cc8993ef1134190995563d78d18c195cd045f4a567fe17eae4bf9d3126bace4950588fa3c414bfe66ee8286a92d827b88c0e1098d5afdd8f8

Download Submit
C:\Windows\system\ZROooBl.exe

Filesize
6.0MB

MD5
a70dfd323a86bc92083bbdff566df2bc

SHA1
760b983603a3ef795a36476e5a333f90478c76f1

SHA256
172daea51e6b5c371697e43cc64336d62a07fcbaaf216401356040ef1f36f749

SHA512
432f6896d843724e319fa6f11536c289efe1357eb3d6d03a57ea5aadbe23a7524419fe01287afb5263dc715dada6b558ec6ed1e12a44b017bda2349ecb4a3125

Download Submit
C:\Windows\system\bhYDDdf.exe

Filesize
6.0MB

MD5
43a1e852c2be7424cab2eab9609518df

SHA1
2e9bcdb598b8da3c695e889395f348f8b75c15eb

SHA256
51af54c30f8219808bcd4b0c326444516a24dcd3581c5eb3dd395702533ef905

SHA512
bacc0fde3c5700347f04a0b6f3feb80f61c0029bc491cd9440cc18a9a4a11a161e571b6331debd79fe21a6dd7a6e6a1636747dac305ee3f9c61bd9d703d263e3

Download Submit
C:\Windows\system\fCMOWDv.exe

Filesize
6.0MB

MD5
0bed51c41aba501f4f31da73f1a3fa1c

SHA1
53cbfee7161ea3b32b71645855ca3fd130d80f3d

SHA256
c4317a7be4c441e2ff13b317e48e5d0b59711e67f0fcf4bcaf6fc603b85a2733

SHA512
9f69520e70ae57d9c4706ebf71b63cd5d1c454ba3fd0e4d2d2b1ec88daa5acb831c8af66118ee960cfeb929f917cb03e1942be3076515629f026b6cc3962063d

Download Submit
C:\Windows\system\fsFjimF.exe

Filesize
6.0MB

MD5
216b33a44fe6a12cb3093dbe7852df90

SHA1
67cee1749469a94db80bb5bddb25ba0cfa915535

SHA256
0bd2008095b31c3b41c936b7bcf74aa9bc57d31b4c84149693401f04dc2462ac

SHA512
05f5210cb407b83d9f50f4e8c12c268ceab9b438f228470d999c821f40cee578ea3ef79f3a61e8ac13397be9c7f499a527911ae222c27ae257a9a4b503fa3067

Download Submit
C:\Windows\system\jHSHQBN.exe

Filesize
6.0MB

MD5
b4f3ce94ff6a2bf57c312c157509b112

SHA1
b83962f869964cdb25b5eeb5536586766886f1c6

SHA256
846ef3f2b157ce0d7df14ad4975ec72eb4e2dc0348170508bae7526f03cf1e37

SHA512
b4f6a77a1572b5052d992f10b878580463e00afdfc310f294875776ccb2f50d98d0b047be4cc0d6abe9c95521ab8500d6790b51c581185bd01734186686376a7

Download Submit
C:\Windows\system\kBGaNtP.exe

Filesize
8B

MD5
df291bcdb8ebdc7240b14dd827f6398f

SHA1
5affc65a790ce656995e39f445b2dfa1d6848c65

SHA256
144f1bfac73422bcb8b83c7b1273e93e2b5f3245068bd656105f2fca31b15f7d

SHA512
e56b89dd2f235ef75da5439f19ca2d42261b414efc1d93983268accfee6e54dd7508bb12579c397372b6b2bfa70f21e2b1f411642303fd76c261a57c09a175d9

Download Submit
C:\Windows\system\kRCeLqL.exe

Filesize
6.0MB

MD5
ea874990e1c8eebfb3647129bb55aeaa

SHA1
3efbe786bd56e77fac456404d5d00b7e1fe60b55

SHA256
4f9fc33e1261883964b5ac855e4bf7d9dc9fd0940bcf34a1386da2c3d609407c

SHA512
ff08c7cdf98b468e811f6697a9f648a21bda154cdb35b7cabe47aba390b4ba7f0b587971a3b5a1750d25bd51e48e59eb19c5b5129aaf19c4a11c16f6cf149773

Download Submit
C:\Windows\system\kSpqOuY.exe

Filesize
6.0MB

MD5
5e846531fca68cce903ff7be4d6739a5

SHA1
d0db63089bfa2c941f8cf9fd7890f0982f416452

SHA256
f2ae3b8784d3203669a3d4000241cac615921f59b5037e61272cb5747b6f8212

SHA512
83f21415723f8312ea01d0115d904b14ceb7fe34677e3f0324f63d17f8c6c1f18dd355a89776728c291b4918f57186fb57996b0eaae493ecda033a10c97215d4

Download Submit
C:\Windows\system\kwmDWkn.exe

Filesize
6.0MB

MD5
6a3cd35f3fae16126a7183d45e476b62

SHA1
bc907843633629705bbea8d37811fd32ca8a2c1b

SHA256
92df69e84ce8caa537af909543ca325b57a5a242a1fbdda8d867c8d097a8f5bd

SHA512
0d7f79a209618b9259f8f388655f5b34134a434abe1e99c5b874d5a5998f056be83d86d8787109ff9f00ded48c1dd90aad21e272d3b6321267c62aeeec802806

Download Submit
C:\Windows\system\kwxsGvz.exe

Filesize
6.0MB

MD5
b4e40fd179466800fb546fcb107b4c46

SHA1
08e2359bb3256a59b12f2810867ff660bf2f9ef3

SHA256
de875677f95fbd5cb4d60ab2ca1c19fdd5cae7f4072446868841e2eb7ff8e783

SHA512
ddaab4e4213c980ddbf72d266c9b39bcc29928d4284ca11c667aebff8f8c4bc93d9f8a2973824200f728ae9380c6e066cc41029d0db2a3cb29e559ea66570e78

Download Submit
C:\Windows\system\mgHloXZ.exe

Filesize
6.0MB

MD5
69443dc12209a7741616ca859f4f2844

SHA1
26a8d3e2880ca9ac688f9fc929c28f0a2c009ed7

SHA256
684720dc53c446338ecc0a6302d5220e887f2999f1aa1123532b45166da88be5

SHA512
bd6289f525e49fb3d0159150120a17ec1b6ab36d347e86db16084342e9e532cc3ddd7b61a6c87e256574c02d339b39ce8322fa7284628906c031db374d3e7c89

Download Submit
C:\Windows\system\nVnkHaB.exe

Filesize
6.0MB

MD5
ba63eabb21f947c2e3246037185c4a6e

SHA1
a4550556ca7bf9669c939ddb23eb3c968475fe63

SHA256
21ad2d70d999d8f650c369876df6841619c858dd7e69e827df981c8c60cd6fde

SHA512
2f6eae684402694cd3c0c7f9ea89cadac52ffee32b211228ca0dbc2836a1ed15093c01701549dff9453f41fe83970eb831f5fd8c4c12b4940d3345c6e8b62877

Download Submit
C:\Windows\system\pmNHzMB.exe

Filesize
6.0MB

MD5
4c0a39872b88478a15f1756a354ff5ba

SHA1
f197a833b3a5c589ad8e65ba1ab6d8dbb8831921

SHA256
fb32acd82119d43858b2443070d59189c7009b094fbeb5397bbc782ba46721ff

SHA512
68ecca0f24a08065f025ef98cfa7c511a06bdd63bcd3c2e240b5b2fbb61a0d14225aa9d29a16df9789cb6b988da17d1f80ce8cc375b12009620d49b7bfa8a24d

Download Submit
C:\Windows\system\rIGIzyi.exe

Filesize
6.0MB

MD5
1268e4819d73e3d194bcdf84d9bd600b

SHA1
b57a4a8405ef13f9029d0d87677d5ad0d6252c85

SHA256
deeec2546a7ad4f382a366a4ddb7c585b9dd3f3b34ae765e4252b913525840dc

SHA512
f8eeeb7597bbc2cdc9f3693be172891387a979a927099e561dd3f8bb29763fb2b6c1215b1cd7d2d8fb34f15a65647c89a8c48e015bd7779aeb39c344f1b6c372

Download Submit
C:\Windows\system\uAzjqoL.exe

Filesize
6.0MB

MD5
7852c2e94dea6942509f86f1b172e517

SHA1
bd86ddc9417598aec3a6d43a6b7f8664772dfc2c

SHA256
dfa0e7bdd62aea18cb4333c4f01b01077a06a75abc564a6b764f7dc05ceb51c7

SHA512
7b2a04fc66cd90d1075f6fff34753700b08af8c8aac2fb81e6798280844eb7d9e0839f066aed1f6b5fccf53de652e999b0a66484eb0da8f1e9e6c84cb76c7e65

Download Submit
C:\Windows\system\xbPuGTA.exe

Filesize
6.0MB

MD5
c0d223a58cad88d5a5bcd90aa470867d

SHA1
9cffa94f1c5d04b7d4a6fde21fc4f4b6c21a5e71

SHA256
3e0adcd08a80ad5265f2eab66be71293de90b781fbd0830f5b27612786a9eeb5

SHA512
5e181c4b60006d5faf9ce3824b52abe5afc6879726b8aa4f24a7c33865538875fedfb99b76f476f704254e1db6d883ab65b786da537b54151404ca0cffdefae5

Download Submit
C:\Windows\system\zeURVRv.exe

Filesize
6.0MB

MD5
6521c7a2fb16afceb5d8c9fa59f564f4

SHA1
ac3c0b9467813d742c5ccb62aa23df3a5857f128

SHA256
ae9bb277ad0bd00dc2ec0bfbcd53cbef304457ebbe42e3406a475a45a07cbc57

SHA512
a7478371f7e298d28c125bfaf3c111fbc7d6026ca5170ea6053b20f380b373e9c6e585f059465d285a7e9357a1d871ecdad406e1d5b25bd56e6756b6e3a966c7

Download Submit
\Windows\system\BLJzsym.exe

Filesize
6.0MB

MD5
8232f8e3850e27c47f87715482808b92

SHA1
6315021ef683a9f69cee0a499143c0df3bcdc11c

SHA256
aca1f19b060e4fc39b7bd66167bc4cda068222d85a0c91f7d62280c37caea12d

SHA512
879169d3828033a089754fb983712d9dbbc6d57ec2c600b4c1f6b5dc8c0cda4330baf54dc8e177bed9732141a1d2b95a713265bdbd3916f779aca562e39e94fb

Download Submit
\Windows\system\RwPIBLu.exe

Filesize
6.0MB

MD5
dbad089873839244eef3d28bf89e0617

SHA1
6f02f17a7504dd01ded8a892954917f25e0da2dd

SHA256
ce88217c2c326d47c520f1df1edb1c6ea28647e0d2d82cf2de3755feffa5f970

SHA512
8d4adcb4ec98bea79d08169139f1180eb5c6ab2db9d73c948482e2969022f2bbf1f5ee34bb5d3c77f9195bfb95215b7dd39da760f8c8913d7ad2e0ee25357989

Download Submit
\Windows\system\SMQeUcu.exe

Filesize
6.0MB

MD5
3e6ff94bb5e94a62e0740f89bfdd9161

SHA1
289b39f484f9114ec969e3e74cefc3154a9c6658

SHA256
34b7941483958b918052560f39696830053e9c168fa285006f96fd18395e196e

SHA512
cc7da1f7c96782a521c1a36ee4eda3e744a5051b8b613e9d5673a196d5cad8bc7a6e2f84fafe165f51f21245d023f775118a39893c8ccbe6602ed60d04d72225

Download Submit
\Windows\system\kOuKNfm.exe

Filesize
6.0MB

MD5
82229646a5fb4f95a05ad3435d2bfc1f

SHA1
c221640b3407456e3fcc253735a0fd1fcd2bc4e5

SHA256
78ff0a23bcf77d9abe7ef752a4fab01a1e07b64be5bf50787a43fbf2b51bba88

SHA512
2019f3774fd8ee48e326d186966c82077008d67c3a1ad47a8fee7714eb8849476c0241c5f017bdf51a9d58e5eba416a4cf905046872fd5bc6c61ddce7b61a703

Download Submit
memory/760-633-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/760-3247-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/760-101-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/768-60-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/768-3188-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1108-3209-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1108-112-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1108-71-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1364-100-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1364-66-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1364-3191-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2056-153-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2056-75-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2056-3195-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2152-44-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2152-2963-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2152-82-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2204-89-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2204-459-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2204-3229-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2332-107-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2332-3207-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2332-800-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2352-2914-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2352-47-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2352-14-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2544-83-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2544-315-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2544-3242-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2968-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-74-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-35-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-2953-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2696-68-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2696-28-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2816-106-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2816-63-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2816-0-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-86-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2816-18-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2816-93-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-548-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-69-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2816-94-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-67-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2816-113-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-57-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-22-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2816-39-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2816-861-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-727-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2816-34-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-30-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-46-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2816-12-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2816-102-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2816-103-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2956-52-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2956-2929-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2956-20-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/3024-2925-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/3024-8-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/3024-42-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download