cobaltstrike | e3f17319bcab428cba6ad552560100f886796a9be00c6967b378a95951cb02ab

Analysis

max time kernel
137s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
16-11-2024 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c30b445969d2abdaaf16afb525889788
SHA1

ed68b5f474dc8e7eb2698de2348e0caece27ff1a
SHA256

e3f17319bcab428cba6ad552560100f886796a9be00c6967b378a95951cb02ab
SHA512

ed3648e28c3fe125c7b12d4134b8a1b5e4d63bdee6ace3d91221f4e42a825591befce8a551f44da50f9cc62fa5b3a7c18f4644aaa4d4a95bfd8d8e760185ef58
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUj:T+q56utgpPF8u/7j

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000500000001a4d4-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d1-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cf-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cd-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cb-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c7-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c9-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c3-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c1-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c5-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ad-87.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001941b-78.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ab-73.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a5-67.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a495-63.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019551-53.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194e6-47.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194e4-38.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194da-37.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194d0-33.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001949d-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019490-10.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000012257-6.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/files/0x000500000001a4d4-170.dat	xmrig
behavioral1/files/0x000500000001a4d1-165.dat	xmrig
behavioral1/files/0x000500000001a4cf-161.dat	xmrig
behavioral1/files/0x000500000001a4cd-158.dat	xmrig
behavioral1/files/0x000500000001a4cb-153.dat	xmrig
behavioral1/files/0x000500000001a4c7-152.dat	xmrig
behavioral1/files/0x000500000001a4c9-151.dat	xmrig
behavioral1/files/0x000500000001a4c3-144.dat	xmrig
behavioral1/files/0x000500000001a4bb-136.dat	xmrig
behavioral1/files/0x000500000001a4c1-134.dat	xmrig
behavioral1/files/0x000500000001a4b7-127.dat	xmrig
behavioral1/files/0x000500000001a4bf-125.dat	xmrig
behavioral1/files/0x000500000001a4c5-140.dat	xmrig
behavioral1/files/0x000500000001a4b3-103.dat	xmrig
behavioral1/files/0x000500000001a4bd-123.dat	xmrig
behavioral1/files/0x000500000001a4b9-122.dat	xmrig
behavioral1/files/0x000500000001a4b5-121.dat	xmrig
behavioral1/memory/2036-96-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2664-101-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b1-100.dat	xmrig
behavioral1/memory/2892-95-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2776-94-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4af-92.dat	xmrig
behavioral1/memory/604-89-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4ad-87.dat	xmrig
behavioral1/memory/2832-83-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2752-82-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2504-81-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2292-80-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x000800000001941b-78.dat	xmrig
behavioral1/memory/2488-75-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4ab-73.dat	xmrig
behavioral1/memory/2660-69-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/768-68-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4a5-67.dat	xmrig
behavioral1/memory/2664-66-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2292-64-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x000500000001a495-63.dat	xmrig
behavioral1/memory/2892-62-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/1536-54-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x0007000000019551-53.dat	xmrig
behavioral1/memory/2776-49-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2608-48-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x00080000000194e6-47.dat	xmrig
behavioral1/memory/2832-41-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2752-39-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000194e4-38.dat	xmrig
behavioral1/memory/2292-44-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x00060000000194da-37.dat	xmrig
behavioral1/memory/2420-36-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/files/0x00060000000194d0-33.dat	xmrig
behavioral1/memory/2292-31-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/768-28-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/files/0x000700000001949d-20.dat	xmrig
behavioral1/memory/2608-12-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/1536-14-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x0007000000019490-10.dat	xmrig
behavioral1/files/0x000d000000012257-6.dat	xmrig
behavioral1/memory/2292-0-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2892-3512-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/768-3514-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2608-3515-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2832-3519-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2776-3518-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2608	lpHCROQ.exe
1536	ovXMqDP.exe
768	XsHyywA.exe
2420	IJclgsl.exe
2752	LVhTRJL.exe
2832	FxmeLUA.exe
2776	JKOTzhi.exe
2892	BZbQfoy.exe
2664	dpGFgLW.exe
2660	XTJvDZp.exe
2488	acfMZNn.exe
2504	oYQCYtq.exe
604	CxrldgL.exe
2036	BSXtLnc.exe
2900	yxkPzCd.exe
2008	McKONIG.exe
2740	ivEujOZ.exe
380	NBpxDLG.exe
2996	OTSvesW.exe
2896	VhjvaYH.exe
1336	jSdLDmR.exe
3052	UAhbYrA.exe
2480	kkxmsXM.exe
1784	TXrGdnU.exe
1828	CPlcfzY.exe
2364	aQnVLPC.exe
2148	kYBgugB.exe
668	BTcrmWl.exe
1716	FGFSZST.exe
1100	uyRwmaX.exe
1128	AKwmOed.exe
2200	lKcDqjy.exe
1044	pSEjzMU.exe
952	ZqUQeRN.exe
672	kfTrQcv.exe
1592	ZcgaoNS.exe
2876	pTSlJDu.exe
1048	dIKNzjK.exe
1692	aVTtAZB.exe
900	NFKNzhh.exe
560	NSJAVNn.exe
1748	LvjbqPG.exe
2232	JgJzGqq.exe
928	dGMkioX.exe
2068	fLgpjWf.exe
1740	dJttVYX.exe
1372	ctPBrrc.exe
868	BhVMQfZ.exe
2216	dcSpdrk.exe
2020	cfGXMXt.exe
2016	iNePBUB.exe
780	IyacujA.exe
2392	vUtWKXT.exe
2164	BgUUgcg.exe
2108	xuzLaYX.exe
1948	uWXhnGu.exe
320	JseMNqz.exe
2412	SgqyPOS.exe
2568	oNcGCvh.exe
876	pXfNiqw.exe
2496	wyTBleo.exe
2312	AImbmEg.exe
1576	pVMeaOx.exe
2340	pGIJmOI.exe

Loads dropped DLL 64 IoCs

pid	Process
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001a4d4-170.dat	upx
behavioral1/files/0x000500000001a4d1-165.dat	upx
behavioral1/files/0x000500000001a4cf-161.dat	upx
behavioral1/files/0x000500000001a4cd-158.dat	upx
behavioral1/files/0x000500000001a4cb-153.dat	upx
behavioral1/files/0x000500000001a4c7-152.dat	upx
behavioral1/files/0x000500000001a4c9-151.dat	upx
behavioral1/files/0x000500000001a4c3-144.dat	upx
behavioral1/files/0x000500000001a4bb-136.dat	upx
behavioral1/files/0x000500000001a4c1-134.dat	upx
behavioral1/files/0x000500000001a4b7-127.dat	upx
behavioral1/files/0x000500000001a4bf-125.dat	upx
behavioral1/files/0x000500000001a4c5-140.dat	upx
behavioral1/files/0x000500000001a4b3-103.dat	upx
behavioral1/files/0x000500000001a4bd-123.dat	upx
behavioral1/files/0x000500000001a4b9-122.dat	upx
behavioral1/files/0x000500000001a4b5-121.dat	upx
behavioral1/memory/2036-96-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2664-101-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x000500000001a4b1-100.dat	upx
behavioral1/memory/2892-95-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2776-94-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x000500000001a4af-92.dat	upx
behavioral1/memory/604-89-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x000500000001a4ad-87.dat	upx
behavioral1/memory/2832-83-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2752-82-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2504-81-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x000800000001941b-78.dat	upx
behavioral1/memory/2488-75-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/files/0x000500000001a4ab-73.dat	upx
behavioral1/memory/2660-69-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/768-68-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x000500000001a4a5-67.dat	upx
behavioral1/memory/2664-66-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x000500000001a495-63.dat	upx
behavioral1/memory/2892-62-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/1536-54-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x0007000000019551-53.dat	upx
behavioral1/memory/2776-49-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2608-48-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/files/0x00080000000194e6-47.dat	upx
behavioral1/memory/2832-41-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2752-39-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/files/0x00060000000194e4-38.dat	upx
behavioral1/memory/2292-44-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x00060000000194da-37.dat	upx
behavioral1/memory/2420-36-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/files/0x00060000000194d0-33.dat	upx
behavioral1/memory/768-28-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/files/0x000700000001949d-20.dat	upx
behavioral1/memory/2608-12-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/1536-14-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x0007000000019490-10.dat	upx
behavioral1/files/0x000d000000012257-6.dat	upx
behavioral1/memory/2292-0-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2892-3512-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/768-3514-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2608-3515-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2832-3519-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2776-3518-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2752-3517-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2488-4483-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/604-4514-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xuzLaYX.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGNUaEY.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JNWughQ.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RGZuGDX.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCPsiFp.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NikNSsl.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\crWaCEN.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yOdJCLL.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FtVKDXk.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xyplHQq.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YtQFZDV.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aQFXBdr.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yXFSTUh.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dKDnHcN.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QlJEVAi.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rbwSiTC.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fEfuSua.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ijJVPeS.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JMYmZAw.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yHHlRGA.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nKqajZr.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AqehtNQ.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NGbmaVW.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jzaGFlI.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qDphhyH.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uBqrEvf.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\glGoJRT.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dqrOstz.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSyQtuo.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MHSJYiF.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QRaOGzg.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MHbjbbZ.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WxDxMsg.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTiTgnC.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rMWzRkR.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZnaQvut.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zWvVVaX.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wyoqXEZ.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SOWzhpE.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kGEdLzk.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbOLimI.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZaakZSh.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\npPJgep.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NsmYAyT.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AEJdVpO.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uBlmDaA.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QChGGoQ.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChcQTvF.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJnXiNb.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bgXialV.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wrGHNyx.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yxkPzCd.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLGtNxz.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lPrATZL.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BhNghYi.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnOGsjk.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sjlWkYy.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ovyeeyj.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dpGFgLW.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgQEzwV.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FRPsrxM.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ooJJDpm.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zDvNmgL.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zgwMVff.exe	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2608	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2292 wrote to memory of 2608	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2292 wrote to memory of 2608	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2292 wrote to memory of 1536	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2292 wrote to memory of 1536	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2292 wrote to memory of 1536	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2292 wrote to memory of 768	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2292 wrote to memory of 768	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2292 wrote to memory of 768	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2292 wrote to memory of 2420	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2292 wrote to memory of 2420	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2292 wrote to memory of 2420	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2292 wrote to memory of 2752	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2292 wrote to memory of 2752	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2292 wrote to memory of 2752	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2292 wrote to memory of 2832	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2292 wrote to memory of 2832	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2292 wrote to memory of 2832	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2292 wrote to memory of 2776	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2292 wrote to memory of 2776	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2292 wrote to memory of 2776	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2292 wrote to memory of 2892	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2292 wrote to memory of 2892	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2292 wrote to memory of 2892	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2292 wrote to memory of 2664	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2292 wrote to memory of 2664	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2292 wrote to memory of 2664	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2292 wrote to memory of 2660	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2292 wrote to memory of 2660	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2292 wrote to memory of 2660	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2292 wrote to memory of 2488	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2292 wrote to memory of 2488	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2292 wrote to memory of 2488	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2292 wrote to memory of 2504	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2292 wrote to memory of 2504	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2292 wrote to memory of 2504	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2292 wrote to memory of 604	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2292 wrote to memory of 604	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2292 wrote to memory of 604	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2292 wrote to memory of 2036	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2292 wrote to memory of 2036	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2292 wrote to memory of 2036	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2292 wrote to memory of 2900	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2292 wrote to memory of 2900	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2292 wrote to memory of 2900	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2292 wrote to memory of 2996	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2292 wrote to memory of 2996	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2292 wrote to memory of 2996	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2292 wrote to memory of 2008	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2292 wrote to memory of 2008	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2292 wrote to memory of 2008	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2292 wrote to memory of 2896	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2292 wrote to memory of 2896	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2292 wrote to memory of 2896	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2292 wrote to memory of 2740	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2292 wrote to memory of 2740	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2292 wrote to memory of 2740	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2292 wrote to memory of 3052	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2292 wrote to memory of 3052	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2292 wrote to memory of 3052	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2292 wrote to memory of 380	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2292 wrote to memory of 380	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2292 wrote to memory of 380	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2292 wrote to memory of 1784	2292	2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Windows\System32\9w3j6e.exe
"C:\Windows\System32\9w3j6e.exe"
1⤵
PID:1556
- C:\Users\Admin\AppData\Local\Temp\4200708864\zmstage.exe
  C:\Users\Admin\AppData\Local\Temp\4200708864\zmstage.exe
  2⤵
  PID:2348

C:\Users\Admin\AppData\Local\Temp\2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-16_c30b445969d2abdaaf16afb525889788_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\System\lpHCROQ.exe
  C:\Windows\System\lpHCROQ.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\ovXMqDP.exe
  C:\Windows\System\ovXMqDP.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\XsHyywA.exe
  C:\Windows\System\XsHyywA.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\IJclgsl.exe
  C:\Windows\System\IJclgsl.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\LVhTRJL.exe
  C:\Windows\System\LVhTRJL.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\FxmeLUA.exe
  C:\Windows\System\FxmeLUA.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\JKOTzhi.exe
  C:\Windows\System\JKOTzhi.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\BZbQfoy.exe
  C:\Windows\System\BZbQfoy.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\dpGFgLW.exe
  C:\Windows\System\dpGFgLW.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\XTJvDZp.exe
  C:\Windows\System\XTJvDZp.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\acfMZNn.exe
  C:\Windows\System\acfMZNn.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\oYQCYtq.exe
  C:\Windows\System\oYQCYtq.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\CxrldgL.exe
  C:\Windows\System\CxrldgL.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\BSXtLnc.exe
  C:\Windows\System\BSXtLnc.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\yxkPzCd.exe
  C:\Windows\System\yxkPzCd.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\OTSvesW.exe
  C:\Windows\System\OTSvesW.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\McKONIG.exe
  C:\Windows\System\McKONIG.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\VhjvaYH.exe
  C:\Windows\System\VhjvaYH.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\ivEujOZ.exe
  C:\Windows\System\ivEujOZ.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\UAhbYrA.exe
  C:\Windows\System\UAhbYrA.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\NBpxDLG.exe
  C:\Windows\System\NBpxDLG.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\TXrGdnU.exe
  C:\Windows\System\TXrGdnU.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\jSdLDmR.exe
  C:\Windows\System\jSdLDmR.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\CPlcfzY.exe
  C:\Windows\System\CPlcfzY.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\kkxmsXM.exe
  C:\Windows\System\kkxmsXM.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\kYBgugB.exe
  C:\Windows\System\kYBgugB.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\aQnVLPC.exe
  C:\Windows\System\aQnVLPC.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\BTcrmWl.exe
  C:\Windows\System\BTcrmWl.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\FGFSZST.exe
  C:\Windows\System\FGFSZST.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\uyRwmaX.exe
  C:\Windows\System\uyRwmaX.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\AKwmOed.exe
  C:\Windows\System\AKwmOed.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\lKcDqjy.exe
  C:\Windows\System\lKcDqjy.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\pSEjzMU.exe
  C:\Windows\System\pSEjzMU.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\ZqUQeRN.exe
  C:\Windows\System\ZqUQeRN.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\kfTrQcv.exe
  C:\Windows\System\kfTrQcv.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\ZcgaoNS.exe
  C:\Windows\System\ZcgaoNS.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\pTSlJDu.exe
  C:\Windows\System\pTSlJDu.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\dIKNzjK.exe
  C:\Windows\System\dIKNzjK.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\aVTtAZB.exe
  C:\Windows\System\aVTtAZB.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\NFKNzhh.exe
  C:\Windows\System\NFKNzhh.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\NSJAVNn.exe
  C:\Windows\System\NSJAVNn.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\LvjbqPG.exe
  C:\Windows\System\LvjbqPG.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\JgJzGqq.exe
  C:\Windows\System\JgJzGqq.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\dGMkioX.exe
  C:\Windows\System\dGMkioX.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\fLgpjWf.exe
  C:\Windows\System\fLgpjWf.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\ctPBrrc.exe
  C:\Windows\System\ctPBrrc.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\dJttVYX.exe
  C:\Windows\System\dJttVYX.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\BhVMQfZ.exe
  C:\Windows\System\BhVMQfZ.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\dcSpdrk.exe
  C:\Windows\System\dcSpdrk.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\cfGXMXt.exe
  C:\Windows\System\cfGXMXt.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\iNePBUB.exe
  C:\Windows\System\iNePBUB.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\IyacujA.exe
  C:\Windows\System\IyacujA.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\vUtWKXT.exe
  C:\Windows\System\vUtWKXT.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\xuzLaYX.exe
  C:\Windows\System\xuzLaYX.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\BgUUgcg.exe
  C:\Windows\System\BgUUgcg.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\JseMNqz.exe
  C:\Windows\System\JseMNqz.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\uWXhnGu.exe
  C:\Windows\System\uWXhnGu.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\SgqyPOS.exe
  C:\Windows\System\SgqyPOS.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\oNcGCvh.exe
  C:\Windows\System\oNcGCvh.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\pXfNiqw.exe
  C:\Windows\System\pXfNiqw.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\wyTBleo.exe
  C:\Windows\System\wyTBleo.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\AImbmEg.exe
  C:\Windows\System\AImbmEg.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\pVMeaOx.exe
  C:\Windows\System\pVMeaOx.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\QqazgLm.exe
  C:\Windows\System\QqazgLm.exe
  2⤵
  PID:1588
- C:\Windows\System\pGIJmOI.exe
  C:\Windows\System\pGIJmOI.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\GDVIDGo.exe
  C:\Windows\System\GDVIDGo.exe
  2⤵
  PID:1512
- C:\Windows\System\yEDnrHz.exe
  C:\Windows\System\yEDnrHz.exe
  2⤵
  PID:2440
- C:\Windows\System\zuYUYTk.exe
  C:\Windows\System\zuYUYTk.exe
  2⤵
  PID:2788
- C:\Windows\System\nOXJENi.exe
  C:\Windows\System\nOXJENi.exe
  2⤵
  PID:2864
- C:\Windows\System\mrKpzHk.exe
  C:\Windows\System\mrKpzHk.exe
  2⤵
  PID:2768
- C:\Windows\System\zJmDNFv.exe
  C:\Windows\System\zJmDNFv.exe
  2⤵
  PID:2936
- C:\Windows\System\kPfkSbG.exe
  C:\Windows\System\kPfkSbG.exe
  2⤵
  PID:2884
- C:\Windows\System\OiYNcip.exe
  C:\Windows\System\OiYNcip.exe
  2⤵
  PID:2808
- C:\Windows\System\ERXBrSo.exe
  C:\Windows\System\ERXBrSo.exe
  2⤵
  PID:2944
- C:\Windows\System\MVAhbOx.exe
  C:\Windows\System\MVAhbOx.exe
  2⤵
  PID:2820
- C:\Windows\System\mLnSrTO.exe
  C:\Windows\System\mLnSrTO.exe
  2⤵
  PID:3044
- C:\Windows\System\IGNUaEY.exe
  C:\Windows\System\IGNUaEY.exe
  2⤵
  PID:3060
- C:\Windows\System\IznbwMW.exe
  C:\Windows\System\IznbwMW.exe
  2⤵
  PID:1980
- C:\Windows\System\nOfWZGb.exe
  C:\Windows\System\nOfWZGb.exe
  2⤵
  PID:2284
- C:\Windows\System\OJJKGrG.exe
  C:\Windows\System\OJJKGrG.exe
  2⤵
  PID:1996
- C:\Windows\System\JRgXsWP.exe
  C:\Windows\System\JRgXsWP.exe
  2⤵
  PID:760
- C:\Windows\System\iXrUaPi.exe
  C:\Windows\System\iXrUaPi.exe
  2⤵
  PID:528
- C:\Windows\System\YHLpqMw.exe
  C:\Windows\System\YHLpqMw.exe
  2⤵
  PID:424
- C:\Windows\System\LWQDXnW.exe
  C:\Windows\System\LWQDXnW.exe
  2⤵
  PID:1628
- C:\Windows\System\amHkvvm.exe
  C:\Windows\System\amHkvvm.exe
  2⤵
  PID:1600
- C:\Windows\System\idwLbss.exe
  C:\Windows\System\idwLbss.exe
  2⤵
  PID:496
- C:\Windows\System\nuPiYUo.exe
  C:\Windows\System\nuPiYUo.exe
  2⤵
  PID:1680
- C:\Windows\System\UbWgcsl.exe
  C:\Windows\System\UbWgcsl.exe
  2⤵
  PID:1444
- C:\Windows\System\LJIguVY.exe
  C:\Windows\System\LJIguVY.exe
  2⤵
  PID:2236
- C:\Windows\System\HdBnZjz.exe
  C:\Windows\System\HdBnZjz.exe
  2⤵
  PID:1548
- C:\Windows\System\gZycIlS.exe
  C:\Windows\System\gZycIlS.exe
  2⤵
  PID:1504
- C:\Windows\System\eHUlMDL.exe
  C:\Windows\System\eHUlMDL.exe
  2⤵
  PID:1636
- C:\Windows\System\peYFFTu.exe
  C:\Windows\System\peYFFTu.exe
  2⤵
  PID:1744
- C:\Windows\System\azrGuen.exe
  C:\Windows\System\azrGuen.exe
  2⤵
  PID:1992
- C:\Windows\System\SzUTOwl.exe
  C:\Windows\System\SzUTOwl.exe
  2⤵
  PID:2344
- C:\Windows\System\TZrCXGn.exe
  C:\Windows\System\TZrCXGn.exe
  2⤵
  PID:1772
- C:\Windows\System\RpoYuqo.exe
  C:\Windows\System\RpoYuqo.exe
  2⤵
  PID:700
- C:\Windows\System\thLDGjo.exe
  C:\Windows\System\thLDGjo.exe
  2⤵
  PID:2260
- C:\Windows\System\tBLuFCo.exe
  C:\Windows\System\tBLuFCo.exe
  2⤵
  PID:2348
- C:\Windows\System\yuPzdXm.exe
  C:\Windows\System\yuPzdXm.exe
  2⤵
  PID:2208
- C:\Windows\System\lYeIQtV.exe
  C:\Windows\System\lYeIQtV.exe
  2⤵
  PID:648
- C:\Windows\System\AslOpNC.exe
  C:\Windows\System\AslOpNC.exe
  2⤵
  PID:1940
- C:\Windows\System\fMQCBNs.exe
  C:\Windows\System\fMQCBNs.exe
  2⤵
  PID:2772
- C:\Windows\System\KtWQYwp.exe
  C:\Windows\System\KtWQYwp.exe
  2⤵
  PID:2692
- C:\Windows\System\pqkYYkw.exe
  C:\Windows\System\pqkYYkw.exe
  2⤵
  PID:2508
- C:\Windows\System\biXGOus.exe
  C:\Windows\System\biXGOus.exe
  2⤵
  PID:2736
- C:\Windows\System\rnBqkUL.exe
  C:\Windows\System\rnBqkUL.exe
  2⤵
  PID:2456
- C:\Windows\System\XmUbxKt.exe
  C:\Windows\System\XmUbxKt.exe
  2⤵
  PID:688
- C:\Windows\System\TXCjnCm.exe
  C:\Windows\System\TXCjnCm.exe
  2⤵
  PID:1200
- C:\Windows\System\tgQEzwV.exe
  C:\Windows\System\tgQEzwV.exe
  2⤵
  PID:612
- C:\Windows\System\nkjCgjZ.exe
  C:\Windows\System\nkjCgjZ.exe
  2⤵
  PID:1732
- C:\Windows\System\FwiMdss.exe
  C:\Windows\System\FwiMdss.exe
  2⤵
  PID:2380
- C:\Windows\System\kKLAavJ.exe
  C:\Windows\System\kKLAavJ.exe
  2⤵
  PID:1620
- C:\Windows\System\WvqKjGm.exe
  C:\Windows\System\WvqKjGm.exe
  2⤵
  PID:588
- C:\Windows\System\KvCpGJF.exe
  C:\Windows\System\KvCpGJF.exe
  2⤵
  PID:2368
- C:\Windows\System\QWQVQiv.exe
  C:\Windows\System\QWQVQiv.exe
  2⤵
  PID:2176
- C:\Windows\System\cWmZTku.exe
  C:\Windows\System\cWmZTku.exe
  2⤵
  PID:1584
- C:\Windows\System\BRryyUE.exe
  C:\Windows\System\BRryyUE.exe
  2⤵
  PID:1688
- C:\Windows\System\kgPjxnu.exe
  C:\Windows\System\kgPjxnu.exe
  2⤵
  PID:2948
- C:\Windows\System\vzXbRFp.exe
  C:\Windows\System\vzXbRFp.exe
  2⤵
  PID:3076
- C:\Windows\System\wfUYFUq.exe
  C:\Windows\System\wfUYFUq.exe
  2⤵
  PID:3092
- C:\Windows\System\JPwrTGf.exe
  C:\Windows\System\JPwrTGf.exe
  2⤵
  PID:3108
- C:\Windows\System\tPBHEfh.exe
  C:\Windows\System\tPBHEfh.exe
  2⤵
  PID:3124
- C:\Windows\System\FLpAkrU.exe
  C:\Windows\System\FLpAkrU.exe
  2⤵
  PID:3140
- C:\Windows\System\acvHALQ.exe
  C:\Windows\System\acvHALQ.exe
  2⤵
  PID:3156
- C:\Windows\System\MBCxxlO.exe
  C:\Windows\System\MBCxxlO.exe
  2⤵
  PID:3172
- C:\Windows\System\QrUJDPB.exe
  C:\Windows\System\QrUJDPB.exe
  2⤵
  PID:3188
- C:\Windows\System\BOnXXLL.exe
  C:\Windows\System\BOnXXLL.exe
  2⤵
  PID:3204
- C:\Windows\System\CyfoXXQ.exe
  C:\Windows\System\CyfoXXQ.exe
  2⤵
  PID:3220
- C:\Windows\System\pUgSDsp.exe
  C:\Windows\System\pUgSDsp.exe
  2⤵
  PID:3236
- C:\Windows\System\VIcRPEt.exe
  C:\Windows\System\VIcRPEt.exe
  2⤵
  PID:3252
- C:\Windows\System\FJXLEoL.exe
  C:\Windows\System\FJXLEoL.exe
  2⤵
  PID:3268
- C:\Windows\System\zjtyNsL.exe
  C:\Windows\System\zjtyNsL.exe
  2⤵
  PID:3284
- C:\Windows\System\WnNRzEU.exe
  C:\Windows\System\WnNRzEU.exe
  2⤵
  PID:3300
- C:\Windows\System\GoJAKZI.exe
  C:\Windows\System\GoJAKZI.exe
  2⤵
  PID:3316
- C:\Windows\System\LmsKOOj.exe
  C:\Windows\System\LmsKOOj.exe
  2⤵
  PID:3332
- C:\Windows\System\hlcVjNk.exe
  C:\Windows\System\hlcVjNk.exe
  2⤵
  PID:3348
- C:\Windows\System\wJRZUCa.exe
  C:\Windows\System\wJRZUCa.exe
  2⤵
  PID:3364
- C:\Windows\System\WMFVGhG.exe
  C:\Windows\System\WMFVGhG.exe
  2⤵
  PID:3380
- C:\Windows\System\TeAlayn.exe
  C:\Windows\System\TeAlayn.exe
  2⤵
  PID:3396
- C:\Windows\System\yxHhZkE.exe
  C:\Windows\System\yxHhZkE.exe
  2⤵
  PID:3412
- C:\Windows\System\YuuLobQ.exe
  C:\Windows\System\YuuLobQ.exe
  2⤵
  PID:3432
- C:\Windows\System\huBtaLq.exe
  C:\Windows\System\huBtaLq.exe
  2⤵
  PID:3448
- C:\Windows\System\OBcPzpR.exe
  C:\Windows\System\OBcPzpR.exe
  2⤵
  PID:3464
- C:\Windows\System\EAzADlI.exe
  C:\Windows\System\EAzADlI.exe
  2⤵
  PID:3480
- C:\Windows\System\CGLWYik.exe
  C:\Windows\System\CGLWYik.exe
  2⤵
  PID:3496
- C:\Windows\System\rQjOOUt.exe
  C:\Windows\System\rQjOOUt.exe
  2⤵
  PID:3512
- C:\Windows\System\MHNuXod.exe
  C:\Windows\System\MHNuXod.exe
  2⤵
  PID:3528
- C:\Windows\System\zZGYluM.exe
  C:\Windows\System\zZGYluM.exe
  2⤵
  PID:3544
- C:\Windows\System\fSnIYTW.exe
  C:\Windows\System\fSnIYTW.exe
  2⤵
  PID:3560
- C:\Windows\System\tGrCQAY.exe
  C:\Windows\System\tGrCQAY.exe
  2⤵
  PID:3576
- C:\Windows\System\AgUuXbZ.exe
  C:\Windows\System\AgUuXbZ.exe
  2⤵
  PID:3592
- C:\Windows\System\tKGHEAm.exe
  C:\Windows\System\tKGHEAm.exe
  2⤵
  PID:3608
- C:\Windows\System\ukSxmFv.exe
  C:\Windows\System\ukSxmFv.exe
  2⤵
  PID:3624
- C:\Windows\System\srOmXyS.exe
  C:\Windows\System\srOmXyS.exe
  2⤵
  PID:3640
- C:\Windows\System\JerAumi.exe
  C:\Windows\System\JerAumi.exe
  2⤵
  PID:3656
- C:\Windows\System\JvUXKsw.exe
  C:\Windows\System\JvUXKsw.exe
  2⤵
  PID:3672
- C:\Windows\System\ZsDkhYw.exe
  C:\Windows\System\ZsDkhYw.exe
  2⤵
  PID:3688
- C:\Windows\System\yTTURXZ.exe
  C:\Windows\System\yTTURXZ.exe
  2⤵
  PID:3704
- C:\Windows\System\QGKrLEW.exe
  C:\Windows\System\QGKrLEW.exe
  2⤵
  PID:3720
- C:\Windows\System\AqehtNQ.exe
  C:\Windows\System\AqehtNQ.exe
  2⤵
  PID:3736
- C:\Windows\System\NsOoAwa.exe
  C:\Windows\System\NsOoAwa.exe
  2⤵
  PID:3752
- C:\Windows\System\GxkvLPq.exe
  C:\Windows\System\GxkvLPq.exe
  2⤵
  PID:3768
- C:\Windows\System\MHCMDma.exe
  C:\Windows\System\MHCMDma.exe
  2⤵
  PID:3784
- C:\Windows\System\NGbmaVW.exe
  C:\Windows\System\NGbmaVW.exe
  2⤵
  PID:3800
- C:\Windows\System\EGfMeEW.exe
  C:\Windows\System\EGfMeEW.exe
  2⤵
  PID:3816
- C:\Windows\System\ticiHlY.exe
  C:\Windows\System\ticiHlY.exe
  2⤵
  PID:3832
- C:\Windows\System\LqXVHGo.exe
  C:\Windows\System\LqXVHGo.exe
  2⤵
  PID:3848
- C:\Windows\System\zJNEfNe.exe
  C:\Windows\System\zJNEfNe.exe
  2⤵
  PID:3864
- C:\Windows\System\XaAcoLh.exe
  C:\Windows\System\XaAcoLh.exe
  2⤵
  PID:3880
- C:\Windows\System\ZaJDsVb.exe
  C:\Windows\System\ZaJDsVb.exe
  2⤵
  PID:3896
- C:\Windows\System\CkTTsuw.exe
  C:\Windows\System\CkTTsuw.exe
  2⤵
  PID:3912
- C:\Windows\System\aQFXBdr.exe
  C:\Windows\System\aQFXBdr.exe
  2⤵
  PID:3928
- C:\Windows\System\gkxTrfJ.exe
  C:\Windows\System\gkxTrfJ.exe
  2⤵
  PID:3944
- C:\Windows\System\OekUfax.exe
  C:\Windows\System\OekUfax.exe
  2⤵
  PID:3960
- C:\Windows\System\poEHYsG.exe
  C:\Windows\System\poEHYsG.exe
  2⤵
  PID:3976
- C:\Windows\System\jDOLPBW.exe
  C:\Windows\System\jDOLPBW.exe
  2⤵
  PID:3992
- C:\Windows\System\YRbgQcZ.exe
  C:\Windows\System\YRbgQcZ.exe
  2⤵
  PID:4008
- C:\Windows\System\fLGtNxz.exe
  C:\Windows\System\fLGtNxz.exe
  2⤵
  PID:4024
- C:\Windows\System\uNpOlhG.exe
  C:\Windows\System\uNpOlhG.exe
  2⤵
  PID:4040
- C:\Windows\System\UFjXuIE.exe
  C:\Windows\System\UFjXuIE.exe
  2⤵
  PID:4056
- C:\Windows\System\DjthhZN.exe
  C:\Windows\System\DjthhZN.exe
  2⤵
  PID:4072
- C:\Windows\System\MzwyBfo.exe
  C:\Windows\System\MzwyBfo.exe
  2⤵
  PID:4088
- C:\Windows\System\yDFczgV.exe
  C:\Windows\System\yDFczgV.exe
  2⤵
  PID:536
- C:\Windows\System\pGnbfAu.exe
  C:\Windows\System\pGnbfAu.exe
  2⤵
  PID:896
- C:\Windows\System\zWvVVaX.exe
  C:\Windows\System\zWvVVaX.exe
  2⤵
  PID:1000
- C:\Windows\System\GmPRTdo.exe
  C:\Windows\System\GmPRTdo.exe
  2⤵
  PID:1660
- C:\Windows\System\rmxulyZ.exe
  C:\Windows\System\rmxulyZ.exe
  2⤵
  PID:2264
- C:\Windows\System\LsbgMiu.exe
  C:\Windows\System\LsbgMiu.exe
  2⤵
  PID:2924
- C:\Windows\System\txrTMrZ.exe
  C:\Windows\System\txrTMrZ.exe
  2⤵
  PID:2276
- C:\Windows\System\ZxdZkpN.exe
  C:\Windows\System\ZxdZkpN.exe
  2⤵
  PID:3100
- C:\Windows\System\WLFRPvJ.exe
  C:\Windows\System\WLFRPvJ.exe
  2⤵
  PID:3132
- C:\Windows\System\uphPsJR.exe
  C:\Windows\System\uphPsJR.exe
  2⤵
  PID:3164
- C:\Windows\System\elEukRM.exe
  C:\Windows\System\elEukRM.exe
  2⤵
  PID:3180
- C:\Windows\System\Teltktp.exe
  C:\Windows\System\Teltktp.exe
  2⤵
  PID:3228
- C:\Windows\System\TIMnbBs.exe
  C:\Windows\System\TIMnbBs.exe
  2⤵
  PID:3260
- C:\Windows\System\OlNgPSc.exe
  C:\Windows\System\OlNgPSc.exe
  2⤵
  PID:3292
- C:\Windows\System\rImEWKA.exe
  C:\Windows\System\rImEWKA.exe
  2⤵
  PID:3312
- C:\Windows\System\ryKUHCD.exe
  C:\Windows\System\ryKUHCD.exe
  2⤵
  PID:3360
- C:\Windows\System\tWNKEUE.exe
  C:\Windows\System\tWNKEUE.exe
  2⤵
  PID:3376
- C:\Windows\System\eUrlpOU.exe
  C:\Windows\System\eUrlpOU.exe
  2⤵
  PID:3408
- C:\Windows\System\Tugrbhv.exe
  C:\Windows\System\Tugrbhv.exe
  2⤵
  PID:3460
- C:\Windows\System\IATvijd.exe
  C:\Windows\System\IATvijd.exe
  2⤵
  PID:3492
- C:\Windows\System\NQQpxWw.exe
  C:\Windows\System\NQQpxWw.exe
  2⤵
  PID:3524
- C:\Windows\System\oZikOyr.exe
  C:\Windows\System\oZikOyr.exe
  2⤵
  PID:3540
- C:\Windows\System\BRAaQeT.exe
  C:\Windows\System\BRAaQeT.exe
  2⤵
  PID:3588
- C:\Windows\System\qadhvpB.exe
  C:\Windows\System\qadhvpB.exe
  2⤵
  PID:3620
- C:\Windows\System\OxFvjTm.exe
  C:\Windows\System\OxFvjTm.exe
  2⤵
  PID:3636
- C:\Windows\System\VDaVKNy.exe
  C:\Windows\System\VDaVKNy.exe
  2⤵
  PID:3684
- C:\Windows\System\ifsXnrZ.exe
  C:\Windows\System\ifsXnrZ.exe
  2⤵
  PID:3716
- C:\Windows\System\lyrtjQd.exe
  C:\Windows\System\lyrtjQd.exe
  2⤵
  PID:3748
- C:\Windows\System\iQhpCad.exe
  C:\Windows\System\iQhpCad.exe
  2⤵
  PID:3780
- C:\Windows\System\XEBOdsh.exe
  C:\Windows\System\XEBOdsh.exe
  2⤵
  PID:3796
- C:\Windows\System\RGZuGDX.exe
  C:\Windows\System\RGZuGDX.exe
  2⤵
  PID:3828
- C:\Windows\System\hQiJAlI.exe
  C:\Windows\System\hQiJAlI.exe
  2⤵
  PID:3876
- C:\Windows\System\BSyCQGD.exe
  C:\Windows\System\BSyCQGD.exe
  2⤵
  PID:3892
- C:\Windows\System\QpPyhEg.exe
  C:\Windows\System\QpPyhEg.exe
  2⤵
  PID:3940
- C:\Windows\System\lcHNQZa.exe
  C:\Windows\System\lcHNQZa.exe
  2⤵
  PID:3972
- C:\Windows\System\tSSlDuo.exe
  C:\Windows\System\tSSlDuo.exe
  2⤵
  PID:4032
- C:\Windows\System\pJgLPVO.exe
  C:\Windows\System\pJgLPVO.exe
  2⤵
  PID:3988
- C:\Windows\System\IhkHVXk.exe
  C:\Windows\System\IhkHVXk.exe
  2⤵
  PID:4068
- C:\Windows\System\FXGqgLl.exe
  C:\Windows\System\FXGqgLl.exe
  2⤵
  PID:2096
- C:\Windows\System\wyoqXEZ.exe
  C:\Windows\System\wyoqXEZ.exe
  2⤵
  PID:1012
- C:\Windows\System\IwGePpE.exe
  C:\Windows\System\IwGePpE.exe
  2⤵
  PID:568
- C:\Windows\System\UqTucyd.exe
  C:\Windows\System\UqTucyd.exe
  2⤵
  PID:3088
- C:\Windows\System\VoGTsdm.exe
  C:\Windows\System\VoGTsdm.exe
  2⤵
  PID:3116
- C:\Windows\System\SdivvTg.exe
  C:\Windows\System\SdivvTg.exe
  2⤵
  PID:3148
- C:\Windows\System\wQyWYqK.exe
  C:\Windows\System\wQyWYqK.exe
  2⤵
  PID:3244
- C:\Windows\System\AtFSRRN.exe
  C:\Windows\System\AtFSRRN.exe
  2⤵
  PID:3372
- C:\Windows\System\OYAFPYz.exe
  C:\Windows\System\OYAFPYz.exe
  2⤵
  PID:3276
- C:\Windows\System\MHbjbbZ.exe
  C:\Windows\System\MHbjbbZ.exe
  2⤵
  PID:3444
- C:\Windows\System\nFxAgbu.exe
  C:\Windows\System\nFxAgbu.exe
  2⤵
  PID:3508
- C:\Windows\System\CbRkdeI.exe
  C:\Windows\System\CbRkdeI.exe
  2⤵
  PID:3572
- C:\Windows\System\mbCrssd.exe
  C:\Windows\System\mbCrssd.exe
  2⤵
  PID:3700
- C:\Windows\System\KPJCdhO.exe
  C:\Windows\System\KPJCdhO.exe
  2⤵
  PID:3844
- C:\Windows\System\LFkDaTb.exe
  C:\Windows\System\LFkDaTb.exe
  2⤵
  PID:3904
- C:\Windows\System\aeoNIPP.exe
  C:\Windows\System\aeoNIPP.exe
  2⤵
  PID:3808
- C:\Windows\System\UmTCbvT.exe
  C:\Windows\System\UmTCbvT.exe
  2⤵
  PID:3908
- C:\Windows\System\UuspRng.exe
  C:\Windows\System\UuspRng.exe
  2⤵
  PID:4020
- C:\Windows\System\JdKXQPr.exe
  C:\Windows\System\JdKXQPr.exe
  2⤵
  PID:4108
- C:\Windows\System\lAUbkMs.exe
  C:\Windows\System\lAUbkMs.exe
  2⤵
  PID:4124
- C:\Windows\System\msEcCdP.exe
  C:\Windows\System\msEcCdP.exe
  2⤵
  PID:4140
- C:\Windows\System\XPvjtwI.exe
  C:\Windows\System\XPvjtwI.exe
  2⤵
  PID:4156
- C:\Windows\System\prkUaGq.exe
  C:\Windows\System\prkUaGq.exe
  2⤵
  PID:4172
- C:\Windows\System\QChGGoQ.exe
  C:\Windows\System\QChGGoQ.exe
  2⤵
  PID:4188
- C:\Windows\System\WxDxMsg.exe
  C:\Windows\System\WxDxMsg.exe
  2⤵
  PID:4204
- C:\Windows\System\OttaRga.exe
  C:\Windows\System\OttaRga.exe
  2⤵
  PID:4220
- C:\Windows\System\cMEoyCx.exe
  C:\Windows\System\cMEoyCx.exe
  2⤵
  PID:4236
- C:\Windows\System\npBesda.exe
  C:\Windows\System\npBesda.exe
  2⤵
  PID:4252
- C:\Windows\System\anKmkoy.exe
  C:\Windows\System\anKmkoy.exe
  2⤵
  PID:4268
- C:\Windows\System\ayyeUzR.exe
  C:\Windows\System\ayyeUzR.exe
  2⤵
  PID:4284
- C:\Windows\System\WgsRTGT.exe
  C:\Windows\System\WgsRTGT.exe
  2⤵
  PID:4304
- C:\Windows\System\ApXHWpU.exe
  C:\Windows\System\ApXHWpU.exe
  2⤵
  PID:4320
- C:\Windows\System\MQgFHfg.exe
  C:\Windows\System\MQgFHfg.exe
  2⤵
  PID:4336
- C:\Windows\System\QtSEcIy.exe
  C:\Windows\System\QtSEcIy.exe
  2⤵
  PID:4352
- C:\Windows\System\iFvpklf.exe
  C:\Windows\System\iFvpklf.exe
  2⤵
  PID:4368
- C:\Windows\System\eLRvlAK.exe
  C:\Windows\System\eLRvlAK.exe
  2⤵
  PID:4384
- C:\Windows\System\gtIQOtZ.exe
  C:\Windows\System\gtIQOtZ.exe
  2⤵
  PID:4400
- C:\Windows\System\FRPsrxM.exe
  C:\Windows\System\FRPsrxM.exe
  2⤵
  PID:4416
- C:\Windows\System\QmwmaId.exe
  C:\Windows\System\QmwmaId.exe
  2⤵
  PID:4432
- C:\Windows\System\ZdMlzPf.exe
  C:\Windows\System\ZdMlzPf.exe
  2⤵
  PID:4448
- C:\Windows\System\KzOTdEe.exe
  C:\Windows\System\KzOTdEe.exe
  2⤵
  PID:4464
- C:\Windows\System\RrilERS.exe
  C:\Windows\System\RrilERS.exe
  2⤵
  PID:4480
- C:\Windows\System\oDTMQRD.exe
  C:\Windows\System\oDTMQRD.exe
  2⤵
  PID:4496
- C:\Windows\System\UdUVTIt.exe
  C:\Windows\System\UdUVTIt.exe
  2⤵
  PID:4512
- C:\Windows\System\eMETLXC.exe
  C:\Windows\System\eMETLXC.exe
  2⤵
  PID:4528
- C:\Windows\System\BquzRpr.exe
  C:\Windows\System\BquzRpr.exe
  2⤵
  PID:4544
- C:\Windows\System\AJLhzDG.exe
  C:\Windows\System\AJLhzDG.exe
  2⤵
  PID:4560
- C:\Windows\System\JmaaoAU.exe
  C:\Windows\System\JmaaoAU.exe
  2⤵
  PID:4576
- C:\Windows\System\Yzspgnb.exe
  C:\Windows\System\Yzspgnb.exe
  2⤵
  PID:4592
- C:\Windows\System\MUoUDhm.exe
  C:\Windows\System\MUoUDhm.exe
  2⤵
  PID:4608
- C:\Windows\System\xrFAoTe.exe
  C:\Windows\System\xrFAoTe.exe
  2⤵
  PID:4624
- C:\Windows\System\PpTLNiN.exe
  C:\Windows\System\PpTLNiN.exe
  2⤵
  PID:4640
- C:\Windows\System\BoCeUUE.exe
  C:\Windows\System\BoCeUUE.exe
  2⤵
  PID:4656
- C:\Windows\System\DJxmfCT.exe
  C:\Windows\System\DJxmfCT.exe
  2⤵
  PID:4672
- C:\Windows\System\WnQJpdB.exe
  C:\Windows\System\WnQJpdB.exe
  2⤵
  PID:4688
- C:\Windows\System\jZNiihZ.exe
  C:\Windows\System\jZNiihZ.exe
  2⤵
  PID:4704
- C:\Windows\System\SwiLyQO.exe
  C:\Windows\System\SwiLyQO.exe
  2⤵
  PID:4720
- C:\Windows\System\xictgOm.exe
  C:\Windows\System\xictgOm.exe
  2⤵
  PID:4736
- C:\Windows\System\peFJhnz.exe
  C:\Windows\System\peFJhnz.exe
  2⤵
  PID:4752
- C:\Windows\System\hzGdiJv.exe
  C:\Windows\System\hzGdiJv.exe
  2⤵
  PID:4768
- C:\Windows\System\HqxeAJI.exe
  C:\Windows\System\HqxeAJI.exe
  2⤵
  PID:4784
- C:\Windows\System\BXDXwdw.exe
  C:\Windows\System\BXDXwdw.exe
  2⤵
  PID:4800
- C:\Windows\System\jLtFoZq.exe
  C:\Windows\System\jLtFoZq.exe
  2⤵
  PID:4816
- C:\Windows\System\HEJNyiz.exe
  C:\Windows\System\HEJNyiz.exe
  2⤵
  PID:4832
- C:\Windows\System\iKQoqDz.exe
  C:\Windows\System\iKQoqDz.exe
  2⤵
  PID:4848
- C:\Windows\System\IYLrySn.exe
  C:\Windows\System\IYLrySn.exe
  2⤵
  PID:4864
- C:\Windows\System\AbnXGpZ.exe
  C:\Windows\System\AbnXGpZ.exe
  2⤵
  PID:4880
- C:\Windows\System\hKrEGPj.exe
  C:\Windows\System\hKrEGPj.exe
  2⤵
  PID:4896
- C:\Windows\System\sqXdBch.exe
  C:\Windows\System\sqXdBch.exe
  2⤵
  PID:4912
- C:\Windows\System\ViwoBPE.exe
  C:\Windows\System\ViwoBPE.exe
  2⤵
  PID:4928
- C:\Windows\System\JLGvdkQ.exe
  C:\Windows\System\JLGvdkQ.exe
  2⤵
  PID:4944
- C:\Windows\System\KRfMtAo.exe
  C:\Windows\System\KRfMtAo.exe
  2⤵
  PID:4960
- C:\Windows\System\uwHbQKF.exe
  C:\Windows\System\uwHbQKF.exe
  2⤵
  PID:4976
- C:\Windows\System\ioYLQOO.exe
  C:\Windows\System\ioYLQOO.exe
  2⤵
  PID:4992
- C:\Windows\System\DZHVHga.exe
  C:\Windows\System\DZHVHga.exe
  2⤵
  PID:5008
- C:\Windows\System\LoQobUn.exe
  C:\Windows\System\LoQobUn.exe
  2⤵
  PID:5024
- C:\Windows\System\FiUwhzs.exe
  C:\Windows\System\FiUwhzs.exe
  2⤵
  PID:5040
- C:\Windows\System\jtCHRwP.exe
  C:\Windows\System\jtCHRwP.exe
  2⤵
  PID:5056
- C:\Windows\System\lWoTQIE.exe
  C:\Windows\System\lWoTQIE.exe
  2⤵
  PID:5072
- C:\Windows\System\xyQyhJd.exe
  C:\Windows\System\xyQyhJd.exe
  2⤵
  PID:5088
- C:\Windows\System\yXFSTUh.exe
  C:\Windows\System\yXFSTUh.exe
  2⤵
  PID:5104
- C:\Windows\System\qmWOTJh.exe
  C:\Windows\System\qmWOTJh.exe
  2⤵
  PID:3924
- C:\Windows\System\IfhCKdf.exe
  C:\Windows\System\IfhCKdf.exe
  2⤵
  PID:1664
- C:\Windows\System\QvUWQQH.exe
  C:\Windows\System\QvUWQQH.exe
  2⤵
  PID:3084
- C:\Windows\System\jzaGFlI.exe
  C:\Windows\System\jzaGFlI.exe
  2⤵
  PID:3212
- C:\Windows\System\GtobLCg.exe
  C:\Windows\System\GtobLCg.exe
  2⤵
  PID:3488
- C:\Windows\System\awmNzbK.exe
  C:\Windows\System\awmNzbK.exe
  2⤵
  PID:3556
- C:\Windows\System\gXfDQCH.exe
  C:\Windows\System\gXfDQCH.exe
  2⤵
  PID:3196
- C:\Windows\System\TxvhXHq.exe
  C:\Windows\System\TxvhXHq.exe
  2⤵
  PID:2396
- C:\Windows\System\WecukjW.exe
  C:\Windows\System\WecukjW.exe
  2⤵
  PID:3668
- C:\Windows\System\KmjZbAr.exe
  C:\Windows\System\KmjZbAr.exe
  2⤵
  PID:4104
- C:\Windows\System\qDphhyH.exe
  C:\Windows\System\qDphhyH.exe
  2⤵
  PID:3840
- C:\Windows\System\EZXFABr.exe
  C:\Windows\System\EZXFABr.exe
  2⤵
  PID:3984
- C:\Windows\System\ybpAbAp.exe
  C:\Windows\System\ybpAbAp.exe
  2⤵
  PID:4164
- C:\Windows\System\uBCIPnZ.exe
  C:\Windows\System\uBCIPnZ.exe
  2⤵
  PID:4180
- C:\Windows\System\dCQkBcY.exe
  C:\Windows\System\dCQkBcY.exe
  2⤵
  PID:4228
- C:\Windows\System\YaDkVnl.exe
  C:\Windows\System\YaDkVnl.exe
  2⤵
  PID:4264
- C:\Windows\System\YxZrEwM.exe
  C:\Windows\System\YxZrEwM.exe
  2⤵
  PID:4276
- C:\Windows\System\uBqrEvf.exe
  C:\Windows\System\uBqrEvf.exe
  2⤵
  PID:4332
- C:\Windows\System\JMYmZAw.exe
  C:\Windows\System\JMYmZAw.exe
  2⤵
  PID:4316
- C:\Windows\System\JpNJOsa.exe
  C:\Windows\System\JpNJOsa.exe
  2⤵
  PID:4424
- C:\Windows\System\vFqJoYR.exe
  C:\Windows\System\vFqJoYR.exe
  2⤵
  PID:4408
- C:\Windows\System\erLuUAr.exe
  C:\Windows\System\erLuUAr.exe
  2⤵
  PID:4488
- C:\Windows\System\MFpAMvw.exe
  C:\Windows\System\MFpAMvw.exe
  2⤵
  PID:4552
- C:\Windows\System\uNFnQII.exe
  C:\Windows\System\uNFnQII.exe
  2⤵
  PID:4472
- C:\Windows\System\WXROAgB.exe
  C:\Windows\System\WXROAgB.exe
  2⤵
  PID:4536
- C:\Windows\System\FyFUdZo.exe
  C:\Windows\System\FyFUdZo.exe
  2⤵
  PID:4540
- C:\Windows\System\gCYhVjG.exe
  C:\Windows\System\gCYhVjG.exe
  2⤵
  PID:4680
- C:\Windows\System\xzQWNIr.exe
  C:\Windows\System\xzQWNIr.exe
  2⤵
  PID:4716
- C:\Windows\System\xwyFRev.exe
  C:\Windows\System\xwyFRev.exe
  2⤵
  PID:4600
- C:\Windows\System\Jxcldig.exe
  C:\Windows\System\Jxcldig.exe
  2⤵
  PID:4664
- C:\Windows\System\WwmpkJH.exe
  C:\Windows\System\WwmpkJH.exe
  2⤵
  PID:4728
- C:\Windows\System\VQyAnof.exe
  C:\Windows\System\VQyAnof.exe
  2⤵
  PID:4764
- C:\Windows\System\nKGozxK.exe
  C:\Windows\System\nKGozxK.exe
  2⤵
  PID:4812
- C:\Windows\System\wlqIiHJ.exe
  C:\Windows\System\wlqIiHJ.exe
  2⤵
  PID:4876
- C:\Windows\System\jabUHtc.exe
  C:\Windows\System\jabUHtc.exe
  2⤵
  PID:4940
- C:\Windows\System\wiQzWcW.exe
  C:\Windows\System\wiQzWcW.exe
  2⤵
  PID:4972
- C:\Windows\System\AxCRngU.exe
  C:\Windows\System\AxCRngU.exe
  2⤵
  PID:4860
- C:\Windows\System\USJRLFK.exe
  C:\Windows\System\USJRLFK.exe
  2⤵
  PID:4952
- C:\Windows\System\TLetlhT.exe
  C:\Windows\System\TLetlhT.exe
  2⤵
  PID:4888
- C:\Windows\System\vDNtXqp.exe
  C:\Windows\System\vDNtXqp.exe
  2⤵
  PID:4988
- C:\Windows\System\suYlDpv.exe
  C:\Windows\System\suYlDpv.exe
  2⤵
  PID:4004
- C:\Windows\System\InxhFcT.exe
  C:\Windows\System\InxhFcT.exe
  2⤵
  PID:3232
- C:\Windows\System\PdUJzIH.exe
  C:\Windows\System\PdUJzIH.exe
  2⤵
  PID:5020
- C:\Windows\System\YUHSJsN.exe
  C:\Windows\System\YUHSJsN.exe
  2⤵
  PID:5084
- C:\Windows\System\wJxWEwr.exe
  C:\Windows\System\wJxWEwr.exe
  2⤵
  PID:3064
- C:\Windows\System\PkEwlTW.exe
  C:\Windows\System\PkEwlTW.exe
  2⤵
  PID:3420
- C:\Windows\System\aQOdUbE.exe
  C:\Windows\System\aQOdUbE.exe
  2⤵
  PID:4132
- C:\Windows\System\CfMjMsJ.exe
  C:\Windows\System\CfMjMsJ.exe
  2⤵
  PID:2404
- C:\Windows\System\VFqxzpB.exe
  C:\Windows\System\VFqxzpB.exe
  2⤵
  PID:4328
- C:\Windows\System\UXJeKII.exe
  C:\Windows\System\UXJeKII.exe
  2⤵
  PID:4376
- C:\Windows\System\hRVNkix.exe
  C:\Windows\System\hRVNkix.exe
  2⤵
  PID:4148
- C:\Windows\System\ntYQcHn.exe
  C:\Windows\System\ntYQcHn.exe
  2⤵
  PID:4212
- C:\Windows\System\pdDgItP.exe
  C:\Windows\System\pdDgItP.exe
  2⤵
  PID:4292
- C:\Windows\System\UtTdRKG.exe
  C:\Windows\System\UtTdRKG.exe
  2⤵
  PID:4444
- C:\Windows\System\VueQDlB.exe
  C:\Windows\System\VueQDlB.exe
  2⤵
  PID:4524
- C:\Windows\System\LodwNYT.exe
  C:\Windows\System\LodwNYT.exe
  2⤵
  PID:4712
- C:\Windows\System\RncQMTQ.exe
  C:\Windows\System\RncQMTQ.exe
  2⤵
  PID:4748
- C:\Windows\System\Tqqwvbd.exe
  C:\Windows\System\Tqqwvbd.exe
  2⤵
  PID:4732
- C:\Windows\System\qAlIBUn.exe
  C:\Windows\System\qAlIBUn.exe
  2⤵
  PID:4844
- C:\Windows\System\QKOkcyx.exe
  C:\Windows\System\QKOkcyx.exe
  2⤵
  PID:4824
- C:\Windows\System\UUsmZyX.exe
  C:\Windows\System\UUsmZyX.exe
  2⤵
  PID:5032
- C:\Windows\System\ReCHRrM.exe
  C:\Windows\System\ReCHRrM.exe
  2⤵
  PID:5064
- C:\Windows\System\LfZMMRi.exe
  C:\Windows\System\LfZMMRi.exe
  2⤵
  PID:4052
- C:\Windows\System\qYBtSvH.exe
  C:\Windows\System\qYBtSvH.exe
  2⤵
  PID:5016
- C:\Windows\System\bOvUNYq.exe
  C:\Windows\System\bOvUNYq.exe
  2⤵
  PID:5052
- C:\Windows\System\OWlOZat.exe
  C:\Windows\System\OWlOZat.exe
  2⤵
  PID:5132
- C:\Windows\System\UJvCkBz.exe
  C:\Windows\System\UJvCkBz.exe
  2⤵
  PID:5148
- C:\Windows\System\MMYyPhD.exe
  C:\Windows\System\MMYyPhD.exe
  2⤵
  PID:5164
- C:\Windows\System\NkqBzAb.exe
  C:\Windows\System\NkqBzAb.exe
  2⤵
  PID:5180
- C:\Windows\System\kJOzHCD.exe
  C:\Windows\System\kJOzHCD.exe
  2⤵
  PID:5196
- C:\Windows\System\nZGjYQl.exe
  C:\Windows\System\nZGjYQl.exe
  2⤵
  PID:5212
- C:\Windows\System\ORRsZwa.exe
  C:\Windows\System\ORRsZwa.exe
  2⤵
  PID:5228
- C:\Windows\System\zTJGHKe.exe
  C:\Windows\System\zTJGHKe.exe
  2⤵
  PID:5244
- C:\Windows\System\DlvtJsf.exe
  C:\Windows\System\DlvtJsf.exe
  2⤵
  PID:5260
- C:\Windows\System\DMIYhdx.exe
  C:\Windows\System\DMIYhdx.exe
  2⤵
  PID:5276
- C:\Windows\System\NELOTWO.exe
  C:\Windows\System\NELOTWO.exe
  2⤵
  PID:5292
- C:\Windows\System\RlFNvsz.exe
  C:\Windows\System\RlFNvsz.exe
  2⤵
  PID:5308
- C:\Windows\System\ZyKfoJo.exe
  C:\Windows\System\ZyKfoJo.exe
  2⤵
  PID:5324
- C:\Windows\System\edWzjdm.exe
  C:\Windows\System\edWzjdm.exe
  2⤵
  PID:5340
- C:\Windows\System\mbIKPFF.exe
  C:\Windows\System\mbIKPFF.exe
  2⤵
  PID:5356
- C:\Windows\System\iwaHsyS.exe
  C:\Windows\System\iwaHsyS.exe
  2⤵
  PID:5372
- C:\Windows\System\mxqnMwd.exe
  C:\Windows\System\mxqnMwd.exe
  2⤵
  PID:5388
- C:\Windows\System\BQualdH.exe
  C:\Windows\System\BQualdH.exe
  2⤵
  PID:5404
- C:\Windows\System\mKnfUiI.exe
  C:\Windows\System\mKnfUiI.exe
  2⤵
  PID:5420
- C:\Windows\System\caNLqap.exe
  C:\Windows\System\caNLqap.exe
  2⤵
  PID:5436
- C:\Windows\System\GLgSHVN.exe
  C:\Windows\System\GLgSHVN.exe
  2⤵
  PID:5452
- C:\Windows\System\GbSOfnZ.exe
  C:\Windows\System\GbSOfnZ.exe
  2⤵
  PID:5468
- C:\Windows\System\AeiXeZW.exe
  C:\Windows\System\AeiXeZW.exe
  2⤵
  PID:5484
- C:\Windows\System\zCmPwFB.exe
  C:\Windows\System\zCmPwFB.exe
  2⤵
  PID:5500
- C:\Windows\System\PJwuIsw.exe
  C:\Windows\System\PJwuIsw.exe
  2⤵
  PID:5516
- C:\Windows\System\penRrHw.exe
  C:\Windows\System\penRrHw.exe
  2⤵
  PID:5532
- C:\Windows\System\YrZeJBw.exe
  C:\Windows\System\YrZeJBw.exe
  2⤵
  PID:5548
- C:\Windows\System\GcKCSJK.exe
  C:\Windows\System\GcKCSJK.exe
  2⤵
  PID:5564
- C:\Windows\System\IMgFeZj.exe
  C:\Windows\System\IMgFeZj.exe
  2⤵
  PID:5580
- C:\Windows\System\WfjTlpe.exe
  C:\Windows\System\WfjTlpe.exe
  2⤵
  PID:5596
- C:\Windows\System\YQAYqnc.exe
  C:\Windows\System\YQAYqnc.exe
  2⤵
  PID:5612
- C:\Windows\System\xaivvHI.exe
  C:\Windows\System\xaivvHI.exe
  2⤵
  PID:5628
- C:\Windows\System\jRQufJi.exe
  C:\Windows\System\jRQufJi.exe
  2⤵
  PID:5644
- C:\Windows\System\QShaQQY.exe
  C:\Windows\System\QShaQQY.exe
  2⤵
  PID:5660
- C:\Windows\System\varenXW.exe
  C:\Windows\System\varenXW.exe
  2⤵
  PID:5676
- C:\Windows\System\ROVeeBU.exe
  C:\Windows\System\ROVeeBU.exe
  2⤵
  PID:5692
- C:\Windows\System\vgBIpXH.exe
  C:\Windows\System\vgBIpXH.exe
  2⤵
  PID:5708
- C:\Windows\System\KCXOlco.exe
  C:\Windows\System\KCXOlco.exe
  2⤵
  PID:5724
- C:\Windows\System\DIbvDNR.exe
  C:\Windows\System\DIbvDNR.exe
  2⤵
  PID:5740
- C:\Windows\System\oyLNGpN.exe
  C:\Windows\System\oyLNGpN.exe
  2⤵
  PID:5756
- C:\Windows\System\QUJcGQg.exe
  C:\Windows\System\QUJcGQg.exe
  2⤵
  PID:5772
- C:\Windows\System\XaYoHTj.exe
  C:\Windows\System\XaYoHTj.exe
  2⤵
  PID:5788
- C:\Windows\System\yHHlRGA.exe
  C:\Windows\System\yHHlRGA.exe
  2⤵
  PID:5804
- C:\Windows\System\sbLMxpp.exe
  C:\Windows\System\sbLMxpp.exe
  2⤵
  PID:5820
- C:\Windows\System\woNYJez.exe
  C:\Windows\System\woNYJez.exe
  2⤵
  PID:5836
- C:\Windows\System\NaAjkcU.exe
  C:\Windows\System\NaAjkcU.exe
  2⤵
  PID:5852
- C:\Windows\System\SAvNCus.exe
  C:\Windows\System\SAvNCus.exe
  2⤵
  PID:5868
- C:\Windows\System\PCTOVkb.exe
  C:\Windows\System\PCTOVkb.exe
  2⤵
  PID:5884
- C:\Windows\System\QIHzAHS.exe
  C:\Windows\System\QIHzAHS.exe
  2⤵
  PID:5900
- C:\Windows\System\GzmXWqQ.exe
  C:\Windows\System\GzmXWqQ.exe
  2⤵
  PID:5916
- C:\Windows\System\iNWqhVT.exe
  C:\Windows\System\iNWqhVT.exe
  2⤵
  PID:5932
- C:\Windows\System\AQfyJDQ.exe
  C:\Windows\System\AQfyJDQ.exe
  2⤵
  PID:5948
- C:\Windows\System\IrszJKk.exe
  C:\Windows\System\IrszJKk.exe
  2⤵
  PID:5964
- C:\Windows\System\PtNKfeg.exe
  C:\Windows\System\PtNKfeg.exe
  2⤵
  PID:5980
- C:\Windows\System\GzKCIAe.exe
  C:\Windows\System\GzKCIAe.exe
  2⤵
  PID:5996
- C:\Windows\System\tqjlMQy.exe
  C:\Windows\System\tqjlMQy.exe
  2⤵
  PID:6012
- C:\Windows\System\ispVoWT.exe
  C:\Windows\System\ispVoWT.exe
  2⤵
  PID:6028
- C:\Windows\System\icFBqpj.exe
  C:\Windows\System\icFBqpj.exe
  2⤵
  PID:6044
- C:\Windows\System\eaGxcYx.exe
  C:\Windows\System\eaGxcYx.exe
  2⤵
  PID:6064
- C:\Windows\System\AcGssTx.exe
  C:\Windows\System\AcGssTx.exe
  2⤵
  PID:6080
- C:\Windows\System\esszWXS.exe
  C:\Windows\System\esszWXS.exe
  2⤵
  PID:6096
- C:\Windows\System\usexclq.exe
  C:\Windows\System\usexclq.exe
  2⤵
  PID:6112
- C:\Windows\System\TLPhYuG.exe
  C:\Windows\System\TLPhYuG.exe
  2⤵
  PID:6128
- C:\Windows\System\pIPuTBE.exe
  C:\Windows\System\pIPuTBE.exe
  2⤵
  PID:3356
- C:\Windows\System\tDptuuB.exe
  C:\Windows\System\tDptuuB.exe
  2⤵
  PID:4168
- C:\Windows\System\XvctLjH.exe
  C:\Windows\System\XvctLjH.exe
  2⤵
  PID:4396
- C:\Windows\System\dnzkqPl.exe
  C:\Windows\System\dnzkqPl.exe
  2⤵
  PID:3732
- C:\Windows\System\oUxFEIk.exe
  C:\Windows\System\oUxFEIk.exe
  2⤵
  PID:4312
- C:\Windows\System\gQqpLGN.exe
  C:\Windows\System\gQqpLGN.exe
  2⤵
  PID:4588
- C:\Windows\System\yNNBlVB.exe
  C:\Windows\System\yNNBlVB.exe
  2⤵
  PID:4648
- C:\Windows\System\CsfQfaS.exe
  C:\Windows\System\CsfQfaS.exe
  2⤵
  PID:4872
- C:\Windows\System\GGxuSzy.exe
  C:\Windows\System\GGxuSzy.exe
  2⤵
  PID:4968
- C:\Windows\System\RxQnpna.exe
  C:\Windows\System\RxQnpna.exe
  2⤵
  PID:4984
- C:\Windows\System\GRiYFxs.exe
  C:\Windows\System\GRiYFxs.exe
  2⤵
  PID:5080
- C:\Windows\System\qUdBjaN.exe
  C:\Windows\System\qUdBjaN.exe
  2⤵
  PID:5140
- C:\Windows\System\cUSExPM.exe
  C:\Windows\System\cUSExPM.exe
  2⤵
  PID:5172
- C:\Windows\System\FVJCUdQ.exe
  C:\Windows\System\FVJCUdQ.exe
  2⤵
  PID:5204
- C:\Windows\System\CVIsdZU.exe
  C:\Windows\System\CVIsdZU.exe
  2⤵
  PID:5236
- C:\Windows\System\ubhFlHb.exe
  C:\Windows\System\ubhFlHb.exe
  2⤵
  PID:5268
- C:\Windows\System\dKDnHcN.exe
  C:\Windows\System\dKDnHcN.exe
  2⤵
  PID:5300
- C:\Windows\System\VjHVrUX.exe
  C:\Windows\System\VjHVrUX.exe
  2⤵
  PID:5332
- C:\Windows\System\fIOZQYC.exe
  C:\Windows\System\fIOZQYC.exe
  2⤵
  PID:5364
- C:\Windows\System\yItELXO.exe
  C:\Windows\System\yItELXO.exe
  2⤵
  PID:5396
- C:\Windows\System\JslUKIo.exe
  C:\Windows\System\JslUKIo.exe
  2⤵
  PID:5428
- C:\Windows\System\bSgikvM.exe
  C:\Windows\System\bSgikvM.exe
  2⤵
  PID:5460
- C:\Windows\System\EOgNoVb.exe
  C:\Windows\System\EOgNoVb.exe
  2⤵
  PID:5492
- C:\Windows\System\YvCfAvB.exe
  C:\Windows\System\YvCfAvB.exe
  2⤵
  PID:5524
- C:\Windows\System\roKcbjC.exe
  C:\Windows\System\roKcbjC.exe
  2⤵
  PID:5556
- C:\Windows\System\QCMqISX.exe
  C:\Windows\System\QCMqISX.exe
  2⤵
  PID:5576
- C:\Windows\System\wFMSUJn.exe
  C:\Windows\System\wFMSUJn.exe
  2⤵
  PID:5608
- C:\Windows\System\CIDNeIv.exe
  C:\Windows\System\CIDNeIv.exe
  2⤵
  PID:5640
- C:\Windows\System\WcmcSQM.exe
  C:\Windows\System\WcmcSQM.exe
  2⤵
  PID:5672
- C:\Windows\System\cSCxneb.exe
  C:\Windows\System\cSCxneb.exe
  2⤵
  PID:5704
- C:\Windows\System\SrRrAcy.exe
  C:\Windows\System\SrRrAcy.exe
  2⤵
  PID:5736
- C:\Windows\System\ELQIdDC.exe
  C:\Windows\System\ELQIdDC.exe
  2⤵
  PID:5752
- C:\Windows\System\YulbSaO.exe
  C:\Windows\System\YulbSaO.exe
  2⤵
  PID:5784
- C:\Windows\System\lyXNljy.exe
  C:\Windows\System\lyXNljy.exe
  2⤵
  PID:5832
- C:\Windows\System\LRuUiZI.exe
  C:\Windows\System\LRuUiZI.exe
  2⤵
  PID:5864
- C:\Windows\System\VTqPExt.exe
  C:\Windows\System\VTqPExt.exe
  2⤵
  PID:5896
- C:\Windows\System\epwmSBW.exe
  C:\Windows\System\epwmSBW.exe
  2⤵
  PID:5928
- C:\Windows\System\EVEsTtl.exe
  C:\Windows\System\EVEsTtl.exe
  2⤵
  PID:2888
- C:\Windows\System\QSFFHOE.exe
  C:\Windows\System\QSFFHOE.exe
  2⤵
  PID:5988
- C:\Windows\System\wMIJvOh.exe
  C:\Windows\System\wMIJvOh.exe
  2⤵
  PID:6008
- C:\Windows\System\CdQdcHE.exe
  C:\Windows\System\CdQdcHE.exe
  2⤵
  PID:6040
- C:\Windows\System\irCxFjZ.exe
  C:\Windows\System\irCxFjZ.exe
  2⤵
  PID:6076
- C:\Windows\System\QGvgLEb.exe
  C:\Windows\System\QGvgLEb.exe
  2⤵
  PID:6108
- C:\Windows\System\vEOhZYa.exe
  C:\Windows\System\vEOhZYa.exe
  2⤵
  PID:3504
- C:\Windows\System\mLGQLWZ.exe
  C:\Windows\System\mLGQLWZ.exe
  2⤵
  PID:4232
- C:\Windows\System\jXVXJCp.exe
  C:\Windows\System\jXVXJCp.exe
  2⤵
  PID:4460
- C:\Windows\System\rcHLSYi.exe
  C:\Windows\System\rcHLSYi.exe
  2⤵
  PID:4696
- C:\Windows\System\ZcpcwhY.exe
  C:\Windows\System\ZcpcwhY.exe
  2⤵
  PID:4908
- C:\Windows\System\YliUCen.exe
  C:\Windows\System\YliUCen.exe
  2⤵
  PID:5100
- C:\Windows\System\nKqajZr.exe
  C:\Windows\System\nKqajZr.exe
  2⤵
  PID:5160
- C:\Windows\System\cUuVPrk.exe
  C:\Windows\System\cUuVPrk.exe
  2⤵
  PID:5224
- C:\Windows\System\URdqPCu.exe
  C:\Windows\System\URdqPCu.exe
  2⤵
  PID:5288
- C:\Windows\System\aJDScQw.exe
  C:\Windows\System\aJDScQw.exe
  2⤵
  PID:5368
- C:\Windows\System\zYnRJuX.exe
  C:\Windows\System\zYnRJuX.exe
  2⤵
  PID:5416
- C:\Windows\System\ZgFqhne.exe
  C:\Windows\System\ZgFqhne.exe
  2⤵
  PID:5480
- C:\Windows\System\mdlEcgR.exe
  C:\Windows\System\mdlEcgR.exe
  2⤵
  PID:5544
- C:\Windows\System\owcCDzN.exe
  C:\Windows\System\owcCDzN.exe
  2⤵
  PID:5592
- C:\Windows\System\wzZJDsX.exe
  C:\Windows\System\wzZJDsX.exe
  2⤵
  PID:5700
- C:\Windows\System\kGEdLzk.exe
  C:\Windows\System\kGEdLzk.exe
  2⤵
  PID:1356
- C:\Windows\System\ccFBWlz.exe
  C:\Windows\System\ccFBWlz.exe
  2⤵
  PID:5812
- C:\Windows\System\sxNfQYa.exe
  C:\Windows\System\sxNfQYa.exe
  2⤵
  PID:5860
- C:\Windows\System\CmvPfUc.exe
  C:\Windows\System\CmvPfUc.exe
  2⤵
  PID:5956
- C:\Windows\System\wDsgWIw.exe
  C:\Windows\System\wDsgWIw.exe
  2⤵
  PID:6156
- C:\Windows\System\GqlAPrm.exe
  C:\Windows\System\GqlAPrm.exe
  2⤵
  PID:6172
- C:\Windows\System\dJBDEOq.exe
  C:\Windows\System\dJBDEOq.exe
  2⤵
  PID:6188
- C:\Windows\System\vcquddA.exe
  C:\Windows\System\vcquddA.exe
  2⤵
  PID:6204
- C:\Windows\System\rAdNbmD.exe
  C:\Windows\System\rAdNbmD.exe
  2⤵
  PID:6220
- C:\Windows\System\NCPsiFp.exe
  C:\Windows\System\NCPsiFp.exe
  2⤵
  PID:6236
- C:\Windows\System\zRMQbYr.exe
  C:\Windows\System\zRMQbYr.exe
  2⤵
  PID:6252
- C:\Windows\System\mrnPyXf.exe
  C:\Windows\System\mrnPyXf.exe
  2⤵
  PID:6268
- C:\Windows\System\ReCZkBQ.exe
  C:\Windows\System\ReCZkBQ.exe
  2⤵
  PID:6284
- C:\Windows\System\glGoJRT.exe
  C:\Windows\System\glGoJRT.exe
  2⤵
  PID:6300
- C:\Windows\System\HlMispU.exe
  C:\Windows\System\HlMispU.exe
  2⤵
  PID:6320
- C:\Windows\System\tHRXrGs.exe
  C:\Windows\System\tHRXrGs.exe
  2⤵
  PID:6336
- C:\Windows\System\GYyThGD.exe
  C:\Windows\System\GYyThGD.exe
  2⤵
  PID:6352
- C:\Windows\System\XhvLgQG.exe
  C:\Windows\System\XhvLgQG.exe
  2⤵
  PID:6368
- C:\Windows\System\rxrJQKE.exe
  C:\Windows\System\rxrJQKE.exe
  2⤵
  PID:6384
- C:\Windows\System\WMedIJo.exe
  C:\Windows\System\WMedIJo.exe
  2⤵
  PID:6400
- C:\Windows\System\eSQcOtE.exe
  C:\Windows\System\eSQcOtE.exe
  2⤵
  PID:6416
- C:\Windows\System\fHIDGft.exe
  C:\Windows\System\fHIDGft.exe
  2⤵
  PID:6432
- C:\Windows\System\mHCbaog.exe
  C:\Windows\System\mHCbaog.exe
  2⤵
  PID:6448
- C:\Windows\System\ACkSPYj.exe
  C:\Windows\System\ACkSPYj.exe
  2⤵
  PID:6464
- C:\Windows\System\CCxxnfm.exe
  C:\Windows\System\CCxxnfm.exe
  2⤵
  PID:6480
- C:\Windows\System\ikUbIMW.exe
  C:\Windows\System\ikUbIMW.exe
  2⤵
  PID:6496
- C:\Windows\System\dcdrnMx.exe
  C:\Windows\System\dcdrnMx.exe
  2⤵
  PID:6512
- C:\Windows\System\ikiqiDz.exe
  C:\Windows\System\ikiqiDz.exe
  2⤵
  PID:6528
- C:\Windows\System\hKimuXZ.exe
  C:\Windows\System\hKimuXZ.exe
  2⤵
  PID:6544
- C:\Windows\System\RfUTJeh.exe
  C:\Windows\System\RfUTJeh.exe
  2⤵
  PID:6560
- C:\Windows\System\UhFJTWb.exe
  C:\Windows\System\UhFJTWb.exe
  2⤵
  PID:6576
- C:\Windows\System\gYMxyHh.exe
  C:\Windows\System\gYMxyHh.exe
  2⤵
  PID:6592
- C:\Windows\System\tncOonO.exe
  C:\Windows\System\tncOonO.exe
  2⤵
  PID:6608
- C:\Windows\System\TWBqtnV.exe
  C:\Windows\System\TWBqtnV.exe
  2⤵
  PID:6624
- C:\Windows\System\lmwRGeU.exe
  C:\Windows\System\lmwRGeU.exe
  2⤵
  PID:6640
- C:\Windows\System\uovBPTj.exe
  C:\Windows\System\uovBPTj.exe
  2⤵
  PID:6656
- C:\Windows\System\KtnhZXe.exe
  C:\Windows\System\KtnhZXe.exe
  2⤵
  PID:6672
- C:\Windows\System\OFSrncU.exe
  C:\Windows\System\OFSrncU.exe
  2⤵
  PID:6688
- C:\Windows\System\cBLbVtF.exe
  C:\Windows\System\cBLbVtF.exe
  2⤵
  PID:6704
- C:\Windows\System\PYKzQkt.exe
  C:\Windows\System\PYKzQkt.exe
  2⤵
  PID:6720
- C:\Windows\System\oPVyKrt.exe
  C:\Windows\System\oPVyKrt.exe
  2⤵
  PID:6736
- C:\Windows\System\jEGaIGT.exe
  C:\Windows\System\jEGaIGT.exe
  2⤵
  PID:6752
- C:\Windows\System\KMTIQUz.exe
  C:\Windows\System\KMTIQUz.exe
  2⤵
  PID:6768
- C:\Windows\System\uxRIYxE.exe
  C:\Windows\System\uxRIYxE.exe
  2⤵
  PID:6784
- C:\Windows\System\LgvdfcS.exe
  C:\Windows\System\LgvdfcS.exe
  2⤵
  PID:6800
- C:\Windows\System\LgDbCfW.exe
  C:\Windows\System\LgDbCfW.exe
  2⤵
  PID:6816
- C:\Windows\System\abNFyFo.exe
  C:\Windows\System\abNFyFo.exe
  2⤵
  PID:6832
- C:\Windows\System\RHcYWJI.exe
  C:\Windows\System\RHcYWJI.exe
  2⤵
  PID:6848
- C:\Windows\System\cNBbThB.exe
  C:\Windows\System\cNBbThB.exe
  2⤵
  PID:6864
- C:\Windows\System\DqbDski.exe
  C:\Windows\System\DqbDski.exe
  2⤵
  PID:6880
- C:\Windows\System\lAJGMeo.exe
  C:\Windows\System\lAJGMeo.exe
  2⤵
  PID:6896
- C:\Windows\System\PNYakHg.exe
  C:\Windows\System\PNYakHg.exe
  2⤵
  PID:6916
- C:\Windows\System\sQWapXM.exe
  C:\Windows\System\sQWapXM.exe
  2⤵
  PID:6932
- C:\Windows\System\FPVLdJE.exe
  C:\Windows\System\FPVLdJE.exe
  2⤵
  PID:6948
- C:\Windows\System\JokmnYK.exe
  C:\Windows\System\JokmnYK.exe
  2⤵
  PID:6964
- C:\Windows\System\ZWdkQNe.exe
  C:\Windows\System\ZWdkQNe.exe
  2⤵
  PID:6980
- C:\Windows\System\gYcjEhw.exe
  C:\Windows\System\gYcjEhw.exe
  2⤵
  PID:6996
- C:\Windows\System\CcgUPmz.exe
  C:\Windows\System\CcgUPmz.exe
  2⤵
  PID:7012
- C:\Windows\System\VPcMoYn.exe
  C:\Windows\System\VPcMoYn.exe
  2⤵
  PID:7028
- C:\Windows\System\DQFvIAD.exe
  C:\Windows\System\DQFvIAD.exe
  2⤵
  PID:7044
- C:\Windows\System\OBqZQyz.exe
  C:\Windows\System\OBqZQyz.exe
  2⤵
  PID:7060
- C:\Windows\System\xzXSzqN.exe
  C:\Windows\System\xzXSzqN.exe
  2⤵
  PID:7076
- C:\Windows\System\odMzCqF.exe
  C:\Windows\System\odMzCqF.exe
  2⤵
  PID:7092
- C:\Windows\System\jrieMVu.exe
  C:\Windows\System\jrieMVu.exe
  2⤵
  PID:7108
- C:\Windows\System\sUxyoKN.exe
  C:\Windows\System\sUxyoKN.exe
  2⤵
  PID:7124
- C:\Windows\System\NnSrSJk.exe
  C:\Windows\System\NnSrSJk.exe
  2⤵
  PID:7140
- C:\Windows\System\zLRZJwS.exe
  C:\Windows\System\zLRZJwS.exe
  2⤵
  PID:7156
- C:\Windows\System\yTiTgnC.exe
  C:\Windows\System\yTiTgnC.exe
  2⤵
  PID:5960
- C:\Windows\System\ZzKRWxt.exe
  C:\Windows\System\ZzKRWxt.exe
  2⤵
  PID:6060
- C:\Windows\System\Lgxwhgv.exe
  C:\Windows\System\Lgxwhgv.exe
  2⤵
  PID:6072
- C:\Windows\System\qyiZYUh.exe
  C:\Windows\System\qyiZYUh.exe
  2⤵
  PID:6136
- C:\Windows\System\InDdxsG.exe
  C:\Windows\System\InDdxsG.exe
  2⤵
  PID:4456
- C:\Windows\System\wEglFbB.exe
  C:\Windows\System\wEglFbB.exe
  2⤵
  PID:2800
- C:\Windows\System\ICEyFGA.exe
  C:\Windows\System\ICEyFGA.exe
  2⤵
  PID:5128
- C:\Windows\System\pnQRoup.exe
  C:\Windows\System\pnQRoup.exe
  2⤵
  PID:5220
- C:\Windows\System\BswlVBO.exe
  C:\Windows\System\BswlVBO.exe
  2⤵
  PID:5320
- C:\Windows\System\rMWzRkR.exe
  C:\Windows\System\rMWzRkR.exe
  2⤵
  PID:5448
- C:\Windows\System\wiBcyho.exe
  C:\Windows\System\wiBcyho.exe
  2⤵
  PID:5572
- C:\Windows\System\tymmaHZ.exe
  C:\Windows\System\tymmaHZ.exe
  2⤵
  PID:2872
- C:\Windows\System\qBHRewp.exe
  C:\Windows\System\qBHRewp.exe
  2⤵
  PID:5780
- C:\Windows\System\QjdPFVy.exe
  C:\Windows\System\QjdPFVy.exe
  2⤵
  PID:5912
- C:\Windows\System\XnOKbSa.exe
  C:\Windows\System\XnOKbSa.exe
  2⤵
  PID:6168
- C:\Windows\System\pqVExvi.exe
  C:\Windows\System\pqVExvi.exe
  2⤵
  PID:6200
- C:\Windows\System\KWCVXDJ.exe
  C:\Windows\System\KWCVXDJ.exe
  2⤵
  PID:6232
- C:\Windows\System\NZzVYse.exe
  C:\Windows\System\NZzVYse.exe
  2⤵
  PID:6264
- C:\Windows\System\mWpKfgj.exe
  C:\Windows\System\mWpKfgj.exe
  2⤵
  PID:6296
- C:\Windows\System\doDPZVN.exe
  C:\Windows\System\doDPZVN.exe
  2⤵
  PID:6332
- C:\Windows\System\jiZdlup.exe
  C:\Windows\System\jiZdlup.exe
  2⤵
  PID:6364
- C:\Windows\System\fcbtmoC.exe
  C:\Windows\System\fcbtmoC.exe
  2⤵
  PID:6396
- C:\Windows\System\ChcQTvF.exe
  C:\Windows\System\ChcQTvF.exe
  2⤵
  PID:6428
- C:\Windows\System\dgLsWQl.exe
  C:\Windows\System\dgLsWQl.exe
  2⤵
  PID:6472
- C:\Windows\System\nezunLb.exe
  C:\Windows\System\nezunLb.exe
  2⤵
  PID:6504
- C:\Windows\System\qXFKeAN.exe
  C:\Windows\System\qXFKeAN.exe
  2⤵
  PID:6536
- C:\Windows\System\UJhbmHe.exe
  C:\Windows\System\UJhbmHe.exe
  2⤵
  PID:6568
- C:\Windows\System\HWeexmB.exe
  C:\Windows\System\HWeexmB.exe
  2⤵
  PID:6600
- C:\Windows\System\AONBWsB.exe
  C:\Windows\System\AONBWsB.exe
  2⤵
  PID:6632
- C:\Windows\System\IRHrVDu.exe
  C:\Windows\System\IRHrVDu.exe
  2⤵
  PID:6664
- C:\Windows\System\NikNSsl.exe
  C:\Windows\System\NikNSsl.exe
  2⤵
  PID:6696
- C:\Windows\System\hFmDBYn.exe
  C:\Windows\System\hFmDBYn.exe
  2⤵
  PID:6728
- C:\Windows\System\egfKIeY.exe
  C:\Windows\System\egfKIeY.exe
  2⤵
  PID:2472
- C:\Windows\System\dfWFvUI.exe
  C:\Windows\System\dfWFvUI.exe
  2⤵
  PID:6776
- C:\Windows\System\RjLHATz.exe
  C:\Windows\System\RjLHATz.exe
  2⤵
  PID:6808
- C:\Windows\System\ufHDHTI.exe
  C:\Windows\System\ufHDHTI.exe
  2⤵
  PID:6828
- C:\Windows\System\MsSkBUa.exe
  C:\Windows\System\MsSkBUa.exe
  2⤵
  PID:6860
- C:\Windows\System\fFzEvar.exe
  C:\Windows\System\fFzEvar.exe
  2⤵
  PID:6904
- C:\Windows\System\lbzMNfU.exe
  C:\Windows\System\lbzMNfU.exe
  2⤵
  PID:6940
- C:\Windows\System\uJUHXji.exe
  C:\Windows\System\uJUHXji.exe
  2⤵
  PID:6944
- C:\Windows\System\CYhFtpj.exe
  C:\Windows\System\CYhFtpj.exe
  2⤵
  PID:6976
- C:\Windows\System\FuvZYwv.exe
  C:\Windows\System\FuvZYwv.exe
  2⤵
  PID:2688
- C:\Windows\System\nKpJdKQ.exe
  C:\Windows\System\nKpJdKQ.exe
  2⤵
  PID:7020
- C:\Windows\System\PljtsIY.exe
  C:\Windows\System\PljtsIY.exe
  2⤵
  PID:3036
- C:\Windows\System\jgitoeO.exe
  C:\Windows\System\jgitoeO.exe
  2⤵
  PID:3028
- C:\Windows\System\EnxPOAL.exe
  C:\Windows\System\EnxPOAL.exe
  2⤵
  PID:7100
- C:\Windows\System\YxEoYgN.exe
  C:\Windows\System\YxEoYgN.exe
  2⤵
  PID:7132
- C:\Windows\System\nSBOJda.exe
  C:\Windows\System\nSBOJda.exe
  2⤵
  PID:7164
- C:\Windows\System\FLJObZr.exe
  C:\Windows\System\FLJObZr.exe
  2⤵
  PID:6036
- C:\Windows\System\ddmGGOf.exe
  C:\Windows\System\ddmGGOf.exe
  2⤵
  PID:4196
- C:\Windows\System\nSMmZXB.exe
  C:\Windows\System\nSMmZXB.exe
  2⤵
  PID:2792
- C:\Windows\System\xWFgvXn.exe
  C:\Windows\System\xWFgvXn.exe
  2⤵
  PID:5284
- C:\Windows\System\QuJMGxc.exe
  C:\Windows\System\QuJMGxc.exe
  2⤵
  PID:5464
- C:\Windows\System\ObNlMkl.exe
  C:\Windows\System\ObNlMkl.exe
  2⤵
  PID:5764
- C:\Windows\System\XzkwQVD.exe
  C:\Windows\System\XzkwQVD.exe
  2⤵
  PID:6152
- C:\Windows\System\GKVwuXM.exe
  C:\Windows\System\GKVwuXM.exe
  2⤵
  PID:6280
- C:\Windows\System\YftNrnc.exe
  C:\Windows\System\YftNrnc.exe
  2⤵
  PID:6360
- C:\Windows\System\vyfpcwf.exe
  C:\Windows\System\vyfpcwf.exe
  2⤵
  PID:6424
- C:\Windows\System\MHvByJK.exe
  C:\Windows\System\MHvByJK.exe
  2⤵
  PID:6492
- C:\Windows\System\RhyxpXZ.exe
  C:\Windows\System\RhyxpXZ.exe
  2⤵
  PID:6556
- C:\Windows\System\xZPiLBz.exe
  C:\Windows\System\xZPiLBz.exe
  2⤵
  PID:6620
- C:\Windows\System\hZFXUaP.exe
  C:\Windows\System\hZFXUaP.exe
  2⤵
  PID:6684
- C:\Windows\System\ujvPokc.exe
  C:\Windows\System\ujvPokc.exe
  2⤵
  PID:6716
- C:\Windows\System\mnNtVSc.exe
  C:\Windows\System\mnNtVSc.exe
  2⤵
  PID:6792
- C:\Windows\System\VLfYwGy.exe
  C:\Windows\System\VLfYwGy.exe
  2⤵
  PID:6840
- C:\Windows\System\SoxoryQ.exe
  C:\Windows\System\SoxoryQ.exe
  2⤵
  PID:6888
- C:\Windows\System\ZZfUCzY.exe
  C:\Windows\System\ZZfUCzY.exe
  2⤵
  PID:6972
- C:\Windows\System\JuSLhgF.exe
  C:\Windows\System\JuSLhgF.exe
  2⤵
  PID:1752
- C:\Windows\System\mXWyzWL.exe
  C:\Windows\System\mXWyzWL.exe
  2⤵
  PID:1556
- C:\Windows\System\vLVVcQb.exe
  C:\Windows\System\vLVVcQb.exe
  2⤵
  PID:4776
- C:\Windows\System\wodDwKe.exe
  C:\Windows\System\wodDwKe.exe
  2⤵
  PID:5848
- C:\Windows\System\DOhXSAq.exe
  C:\Windows\System\DOhXSAq.exe
  2⤵
  PID:2652
- C:\Windows\System\WBjTwlK.exe
  C:\Windows\System\WBjTwlK.exe
  2⤵
  PID:7040
- C:\Windows\System\hnUPrOx.exe
  C:\Windows\System\hnUPrOx.exe
  2⤵
  PID:7152
- C:\Windows\System\VbehDSm.exe
  C:\Windows\System\VbehDSm.exe
  2⤵
  PID:5192
- C:\Windows\System\RjKibvE.exe
  C:\Windows\System\RjKibvE.exe
  2⤵
  PID:6316
- C:\Windows\System\ZBFNPwU.exe
  C:\Windows\System\ZBFNPwU.exe
  2⤵
  PID:1228
- C:\Windows\System\Yovjsom.exe
  C:\Windows\System\Yovjsom.exe
  2⤵
  PID:6488
- C:\Windows\System\MWRgwAY.exe
  C:\Windows\System\MWRgwAY.exe
  2⤵
  PID:6588
- C:\Windows\System\rJDpkbL.exe
  C:\Windows\System\rJDpkbL.exe
  2⤵
  PID:944
- C:\Windows\System\GLFQmBq.exe
  C:\Windows\System\GLFQmBq.exe
  2⤵
  PID:484
- C:\Windows\System\Iwvtfxb.exe
  C:\Windows\System\Iwvtfxb.exe
  2⤵
  PID:6856
- C:\Windows\System\jnNxQaf.exe
  C:\Windows\System\jnNxQaf.exe
  2⤵
  PID:7184
- C:\Windows\System\Fbvbvzp.exe
  C:\Windows\System\Fbvbvzp.exe
  2⤵
  PID:7200
- C:\Windows\System\VvEFgTu.exe
  C:\Windows\System\VvEFgTu.exe
  2⤵
  PID:7216
- C:\Windows\System\RRDRYmH.exe
  C:\Windows\System\RRDRYmH.exe
  2⤵
  PID:7232
- C:\Windows\System\dKorDOm.exe
  C:\Windows\System\dKorDOm.exe
  2⤵
  PID:7248
- C:\Windows\System\RWkUnGn.exe
  C:\Windows\System\RWkUnGn.exe
  2⤵
  PID:7264
- C:\Windows\System\VPjuXZQ.exe
  C:\Windows\System\VPjuXZQ.exe
  2⤵
  PID:7280
- C:\Windows\System\fuhnvXY.exe
  C:\Windows\System\fuhnvXY.exe
  2⤵
  PID:7296
- C:\Windows\System\NrhzzQL.exe
  C:\Windows\System\NrhzzQL.exe
  2⤵
  PID:7312
- C:\Windows\System\bBlrkgs.exe
  C:\Windows\System\bBlrkgs.exe
  2⤵
  PID:7328
- C:\Windows\System\MGPcbHA.exe
  C:\Windows\System\MGPcbHA.exe
  2⤵
  PID:7344
- C:\Windows\System\EhcQBLu.exe
  C:\Windows\System\EhcQBLu.exe
  2⤵
  PID:7360
- C:\Windows\System\KTfuwFI.exe
  C:\Windows\System\KTfuwFI.exe
  2⤵
  PID:7376
- C:\Windows\System\jtIwtQl.exe
  C:\Windows\System\jtIwtQl.exe
  2⤵
  PID:7392
- C:\Windows\System\TEpCIKK.exe
  C:\Windows\System\TEpCIKK.exe
  2⤵
  PID:7408
- C:\Windows\System\EzZTbll.exe
  C:\Windows\System\EzZTbll.exe
  2⤵
  PID:7424
- C:\Windows\System\OnvviOW.exe
  C:\Windows\System\OnvviOW.exe
  2⤵
  PID:7440
- C:\Windows\System\WVOrhtc.exe
  C:\Windows\System\WVOrhtc.exe
  2⤵
  PID:7456
- C:\Windows\System\BgKmoky.exe
  C:\Windows\System\BgKmoky.exe
  2⤵
  PID:7472
- C:\Windows\System\zNsSfad.exe
  C:\Windows\System\zNsSfad.exe
  2⤵
  PID:7488
- C:\Windows\System\mXognCD.exe
  C:\Windows\System\mXognCD.exe
  2⤵
  PID:7504
- C:\Windows\System\izdtsEF.exe
  C:\Windows\System\izdtsEF.exe
  2⤵
  PID:7520
- C:\Windows\System\QTXxWzP.exe
  C:\Windows\System\QTXxWzP.exe
  2⤵
  PID:7536
- C:\Windows\System\vKumzkO.exe
  C:\Windows\System\vKumzkO.exe
  2⤵
  PID:7552
- C:\Windows\System\FMFHDmq.exe
  C:\Windows\System\FMFHDmq.exe
  2⤵
  PID:7568
- C:\Windows\System\FBZxZVF.exe
  C:\Windows\System\FBZxZVF.exe
  2⤵
  PID:7584
- C:\Windows\System\FLZxXGi.exe
  C:\Windows\System\FLZxXGi.exe
  2⤵
  PID:7604
- C:\Windows\System\bQgntEt.exe
  C:\Windows\System\bQgntEt.exe
  2⤵
  PID:7620
- C:\Windows\System\zBlGJiK.exe
  C:\Windows\System\zBlGJiK.exe
  2⤵
  PID:7636
- C:\Windows\System\hquZVfK.exe
  C:\Windows\System\hquZVfK.exe
  2⤵
  PID:7652
- C:\Windows\System\RbxlGIr.exe
  C:\Windows\System\RbxlGIr.exe
  2⤵
  PID:7668
- C:\Windows\System\SrPFAPC.exe
  C:\Windows\System\SrPFAPC.exe
  2⤵
  PID:7684
- C:\Windows\System\GLZVOWD.exe
  C:\Windows\System\GLZVOWD.exe
  2⤵
  PID:7700
- C:\Windows\System\mDFeDUg.exe
  C:\Windows\System\mDFeDUg.exe
  2⤵
  PID:7716
- C:\Windows\System\mwphqYw.exe
  C:\Windows\System\mwphqYw.exe
  2⤵
  PID:7732
- C:\Windows\System\NhIDopS.exe
  C:\Windows\System\NhIDopS.exe
  2⤵
  PID:7748
- C:\Windows\System\cTMGIDi.exe
  C:\Windows\System\cTMGIDi.exe
  2⤵
  PID:7764
- C:\Windows\System\YyPjVtA.exe
  C:\Windows\System\YyPjVtA.exe
  2⤵
  PID:7780
- C:\Windows\System\bdksFMZ.exe
  C:\Windows\System\bdksFMZ.exe
  2⤵
  PID:7796
- C:\Windows\System\nZFEXed.exe
  C:\Windows\System\nZFEXed.exe
  2⤵
  PID:7876
- C:\Windows\System\SOWzhpE.exe
  C:\Windows\System\SOWzhpE.exe
  2⤵
  PID:7892
- C:\Windows\System\YwbKfFK.exe
  C:\Windows\System\YwbKfFK.exe
  2⤵
  PID:7908
- C:\Windows\System\zTFoLsf.exe
  C:\Windows\System\zTFoLsf.exe
  2⤵
  PID:7924
- C:\Windows\System\QdYcjju.exe
  C:\Windows\System\QdYcjju.exe
  2⤵
  PID:7940
- C:\Windows\System\TUdxTjS.exe
  C:\Windows\System\TUdxTjS.exe
  2⤵
  PID:7956
- C:\Windows\System\BnqiFUJ.exe
  C:\Windows\System\BnqiFUJ.exe
  2⤵
  PID:7972
- C:\Windows\System\lzelLfq.exe
  C:\Windows\System\lzelLfq.exe
  2⤵
  PID:7988
- C:\Windows\System\nLplxTu.exe
  C:\Windows\System\nLplxTu.exe
  2⤵
  PID:8008
- C:\Windows\System\NlMEvPJ.exe
  C:\Windows\System\NlMEvPJ.exe
  2⤵
  PID:8024
- C:\Windows\System\ZYYmZBB.exe
  C:\Windows\System\ZYYmZBB.exe
  2⤵
  PID:8040
- C:\Windows\System\GYYCfWC.exe
  C:\Windows\System\GYYCfWC.exe
  2⤵
  PID:8056
- C:\Windows\System\odNdWzd.exe
  C:\Windows\System\odNdWzd.exe
  2⤵
  PID:8072
- C:\Windows\System\vCyeGJu.exe
  C:\Windows\System\vCyeGJu.exe
  2⤵
  PID:8088
- C:\Windows\System\UfyIelW.exe
  C:\Windows\System\UfyIelW.exe
  2⤵
  PID:8104
- C:\Windows\System\sJdSGBO.exe
  C:\Windows\System\sJdSGBO.exe
  2⤵
  PID:8120
- C:\Windows\System\uDKRKjk.exe
  C:\Windows\System\uDKRKjk.exe
  2⤵
  PID:8136
- C:\Windows\System\rmepDQI.exe
  C:\Windows\System\rmepDQI.exe
  2⤵
  PID:8152
- C:\Windows\System\DHYTJNj.exe
  C:\Windows\System\DHYTJNj.exe
  2⤵
  PID:8168
- C:\Windows\System\xmInRIF.exe
  C:\Windows\System\xmInRIF.exe
  2⤵
  PID:8184
- C:\Windows\System\dJnXiNb.exe
  C:\Windows\System\dJnXiNb.exe
  2⤵
  PID:7008
- C:\Windows\System\DTNnHoR.exe
  C:\Windows\System\DTNnHoR.exe
  2⤵
  PID:6004
- C:\Windows\System\xVqxADX.exe
  C:\Windows\System\xVqxADX.exe
  2⤵
  PID:7036
- C:\Windows\System\NPyUIxQ.exe
  C:\Windows\System\NPyUIxQ.exe
  2⤵
  PID:948
- C:\Windows\System\zpAzQCH.exe
  C:\Windows\System\zpAzQCH.exe
  2⤵
  PID:7088
- C:\Windows\System\xAgIkRy.exe
  C:\Windows\System\xAgIkRy.exe
  2⤵
  PID:6616
- C:\Windows\System\XuWbtSf.exe
  C:\Windows\System\XuWbtSf.exe
  2⤵
  PID:6412
- C:\Windows\System\rVSslMG.exe
  C:\Windows\System\rVSslMG.exe
  2⤵
  PID:6652
- C:\Windows\System\GxxBWpZ.exe
  C:\Windows\System\GxxBWpZ.exe
  2⤵
  PID:7212
- C:\Windows\System\QlJEVAi.exe
  C:\Windows\System\QlJEVAi.exe
  2⤵
  PID:7196
- C:\Windows\System\kYrRZIZ.exe
  C:\Windows\System\kYrRZIZ.exe
  2⤵
  PID:7272
- C:\Windows\System\ZydWQMp.exe
  C:\Windows\System\ZydWQMp.exe
  2⤵
  PID:7308
- C:\Windows\System\gRpnzzh.exe
  C:\Windows\System\gRpnzzh.exe
  2⤵
  PID:7368
- C:\Windows\System\TIHYDbd.exe
  C:\Windows\System\TIHYDbd.exe
  2⤵
  PID:7288
- C:\Windows\System\tsMxqaD.exe
  C:\Windows\System\tsMxqaD.exe
  2⤵
  PID:7356
- C:\Windows\System\ArFVuat.exe
  C:\Windows\System\ArFVuat.exe
  2⤵
  PID:7384
- C:\Windows\System\hRQFYxX.exe
  C:\Windows\System\hRQFYxX.exe
  2⤵
  PID:7468
- C:\Windows\System\aBoRwRt.exe
  C:\Windows\System\aBoRwRt.exe
  2⤵
  PID:7452
- C:\Windows\System\ayDbjbB.exe
  C:\Windows\System\ayDbjbB.exe
  2⤵
  PID:7480
- C:\Windows\System\OryHjng.exe
  C:\Windows\System\OryHjng.exe
  2⤵
  PID:7592
- C:\Windows\System\HYBfRsE.exe
  C:\Windows\System\HYBfRsE.exe
  2⤵
  PID:7516
- C:\Windows\System\xjSUPDa.exe
  C:\Windows\System\xjSUPDa.exe
  2⤵
  PID:7580
- C:\Windows\System\TBHvrop.exe
  C:\Windows\System\TBHvrop.exe
  2⤵
  PID:7632
- C:\Windows\System\OhXmEGI.exe
  C:\Windows\System\OhXmEGI.exe
  2⤵
  PID:7616
- C:\Windows\System\QZUYTHc.exe
  C:\Windows\System\QZUYTHc.exe
  2⤵
  PID:3324
- C:\Windows\System\eBWNIBA.exe
  C:\Windows\System\eBWNIBA.exe
  2⤵
  PID:7708
- C:\Windows\System\lqSFDFd.exe
  C:\Windows\System\lqSFDFd.exe
  2⤵
  PID:7760
- C:\Windows\System\zkkdiKQ.exe
  C:\Windows\System\zkkdiKQ.exe
  2⤵
  PID:7740
- C:\Windows\System\gmHxQPk.exe
  C:\Windows\System\gmHxQPk.exe
  2⤵
  PID:7884
- C:\Windows\System\wxEWaDV.exe
  C:\Windows\System\wxEWaDV.exe
  2⤵
  PID:7808
- C:\Windows\System\aNJyKLi.exe
  C:\Windows\System\aNJyKLi.exe
  2⤵
  PID:7900
- C:\Windows\System\uWgyFyl.exe
  C:\Windows\System\uWgyFyl.exe
  2⤵
  PID:7600
- C:\Windows\System\foxDXpl.exe
  C:\Windows\System\foxDXpl.exe
  2⤵
  PID:8016
- C:\Windows\System\DGEzhsz.exe
  C:\Windows\System\DGEzhsz.exe
  2⤵
  PID:8052
- C:\Windows\System\mmLxyoN.exe
  C:\Windows\System\mmLxyoN.exe
  2⤵
  PID:8036
- C:\Windows\System\CvghJpX.exe
  C:\Windows\System\CvghJpX.exe
  2⤵
  PID:8064
- C:\Windows\System\DWsWAXb.exe
  C:\Windows\System\DWsWAXb.exe
  2⤵
  PID:8144
- C:\Windows\System\PvRoGFJ.exe
  C:\Windows\System\PvRoGFJ.exe
  2⤵
  PID:2160
- C:\Windows\System\lbPUXFa.exe
  C:\Windows\System\lbPUXFa.exe
  2⤵
  PID:8132
- C:\Windows\System\XyzBUyX.exe
  C:\Windows\System\XyzBUyX.exe
  2⤵
  PID:6104
- C:\Windows\System\GzKBoKo.exe
  C:\Windows\System\GzKBoKo.exe
  2⤵
  PID:2632
- C:\Windows\System\lFJOAcj.exe
  C:\Windows\System\lFJOAcj.exe
  2⤵
  PID:4684
- C:\Windows\System\NwejCvK.exe
  C:\Windows\System\NwejCvK.exe
  2⤵
  PID:6924
- C:\Windows\System\oGaeXha.exe
  C:\Windows\System\oGaeXha.exe
  2⤵
  PID:7276
- C:\Windows\System\cBQJTWF.exe
  C:\Windows\System\cBQJTWF.exe
  2⤵
  PID:7180
- C:\Windows\System\pxwtXSW.exe
  C:\Windows\System\pxwtXSW.exe
  2⤵
  PID:7324
- C:\Windows\System\ZWHwhAw.exe
  C:\Windows\System\ZWHwhAw.exe
  2⤵
  PID:7436
- C:\Windows\System\QPkYNqq.exe
  C:\Windows\System\QPkYNqq.exe
  2⤵
  PID:7416
- C:\Windows\System\ooJJDpm.exe
  C:\Windows\System\ooJJDpm.exe
  2⤵
  PID:7548
- C:\Windows\System\jbvifsX.exe
  C:\Windows\System\jbvifsX.exe
  2⤵
  PID:3428
- C:\Windows\System\jdEugdB.exe
  C:\Windows\System\jdEugdB.exe
  2⤵
  PID:7728
- C:\Windows\System\jZFBngu.exe
  C:\Windows\System\jZFBngu.exe
  2⤵
  PID:7712
- C:\Windows\System\nyZdCiv.exe
  C:\Windows\System\nyZdCiv.exe
  2⤵
  PID:7756
- C:\Windows\System\CYQhgAY.exe
  C:\Windows\System\CYQhgAY.exe
  2⤵
  PID:7948
- C:\Windows\System\weIUoPq.exe
  C:\Windows\System\weIUoPq.exe
  2⤵
  PID:7304
- C:\Windows\System\DGAboGU.exe
  C:\Windows\System\DGAboGU.exe
  2⤵
  PID:8232
- C:\Windows\System\fuECfaJ.exe
  C:\Windows\System\fuECfaJ.exe
  2⤵
  PID:8556
- C:\Windows\System\diUOJrB.exe
  C:\Windows\System\diUOJrB.exe
  2⤵
  PID:9192
- C:\Windows\System\ZoYTrBs.exe
  C:\Windows\System\ZoYTrBs.exe
  2⤵
  PID:9208
- C:\Windows\System\JYlQYjn.exe
  C:\Windows\System\JYlQYjn.exe
  2⤵
  PID:2804
- C:\Windows\System\jEldIfJ.exe
  C:\Windows\System\jEldIfJ.exe
  2⤵
  PID:7432
- C:\Windows\System\UoAhfkv.exe
  C:\Windows\System\UoAhfkv.exe
  2⤵
  PID:7336
- C:\Windows\System\umKzZnP.exe
  C:\Windows\System\umKzZnP.exe
  2⤵
  PID:7560
- C:\Windows\System\YMYEdLG.exe
  C:\Windows\System\YMYEdLG.exe
  2⤵
  PID:8200
- C:\Windows\System\QlqfVSF.exe
  C:\Windows\System\QlqfVSF.exe
  2⤵
  PID:7648
- C:\Windows\System\uJddTrs.exe
  C:\Windows\System\uJddTrs.exe
  2⤵
  PID:7792
- C:\Windows\System\aOSGWCt.exe
  C:\Windows\System\aOSGWCt.exe
  2⤵
  PID:8004
- C:\Windows\System\NuqoXKD.exe
  C:\Windows\System\NuqoXKD.exe
  2⤵
  PID:7936
- C:\Windows\System\tumqbKp.exe
  C:\Windows\System\tumqbKp.exe
  2⤵
  PID:7192
- C:\Windows\System\hIGMDCP.exe
  C:\Windows\System\hIGMDCP.exe
  2⤵
  PID:8224
- C:\Windows\System\rwrzmqJ.exe
  C:\Windows\System\rwrzmqJ.exe
  2⤵
  PID:2088
- C:\Windows\System\kMalYIg.exe
  C:\Windows\System\kMalYIg.exe
  2⤵
  PID:8252
- C:\Windows\System\fwvmPVr.exe
  C:\Windows\System\fwvmPVr.exe
  2⤵
  PID:2856
- C:\Windows\System\WtCbRZt.exe
  C:\Windows\System\WtCbRZt.exe
  2⤵
  PID:2028
- C:\Windows\System\rASVBhE.exe
  C:\Windows\System\rASVBhE.exe
  2⤵
  PID:2912
- C:\Windows\System\TZqTUTv.exe
  C:\Windows\System\TZqTUTv.exe
  2⤵
  PID:1956
- C:\Windows\System\wKCRXRB.exe
  C:\Windows\System\wKCRXRB.exe
  2⤵
  PID:2524
- C:\Windows\System\DhcIHXj.exe
  C:\Windows\System\DhcIHXj.exe
  2⤵
  PID:2460
- C:\Windows\System\smJmTmz.exe
  C:\Windows\System\smJmTmz.exe
  2⤵
  PID:2984
- C:\Windows\System\HmogHYR.exe
  C:\Windows\System\HmogHYR.exe
  2⤵
  PID:624
- C:\Windows\System\NDHSPER.exe
  C:\Windows\System\NDHSPER.exe
  2⤵
  PID:8588
- C:\Windows\System\eDsbxwm.exe
  C:\Windows\System\eDsbxwm.exe
  2⤵
  PID:8604
- C:\Windows\System\AMzoqOY.exe
  C:\Windows\System\AMzoqOY.exe
  2⤵
  PID:8620
- C:\Windows\System\bBOoqOz.exe
  C:\Windows\System\bBOoqOz.exe
  2⤵
  PID:8636
- C:\Windows\System\dOqyIrC.exe
  C:\Windows\System\dOqyIrC.exe
  2⤵
  PID:8652
- C:\Windows\System\BabAvET.exe
  C:\Windows\System\BabAvET.exe
  2⤵
  PID:8668
- C:\Windows\System\acTwQES.exe
  C:\Windows\System\acTwQES.exe
  2⤵
  PID:8724
- C:\Windows\System\mARhiXF.exe
  C:\Windows\System\mARhiXF.exe
  2⤵
  PID:8708
- C:\Windows\System\jsWmOpv.exe
  C:\Windows\System\jsWmOpv.exe
  2⤵
  PID:8692
- C:\Windows\System\DDBxSrx.exe
  C:\Windows\System\DDBxSrx.exe
  2⤵
  PID:8676
- C:\Windows\System\MqwnzAF.exe
  C:\Windows\System\MqwnzAF.exe
  2⤵
  PID:8748
- C:\Windows\System\EFYGiqN.exe
  C:\Windows\System\EFYGiqN.exe
  2⤵
  PID:8764
- C:\Windows\System\NUEmWxZ.exe
  C:\Windows\System\NUEmWxZ.exe
  2⤵
  PID:8776
- C:\Windows\System\SZSEQRQ.exe
  C:\Windows\System\SZSEQRQ.exe
  2⤵
  PID:8796
- C:\Windows\System\QvXvqNE.exe
  C:\Windows\System\QvXvqNE.exe
  2⤵
  PID:8812
- C:\Windows\System\TSoNgRv.exe
  C:\Windows\System\TSoNgRv.exe
  2⤵
  PID:8828
- C:\Windows\System\QcpDCDU.exe
  C:\Windows\System\QcpDCDU.exe
  2⤵
  PID:8844
- C:\Windows\System\OkuaRFJ.exe
  C:\Windows\System\OkuaRFJ.exe
  2⤵
  PID:8860
- C:\Windows\System\rQFAtEv.exe
  C:\Windows\System\rQFAtEv.exe
  2⤵
  PID:2180
- C:\Windows\System\NVRdvyI.exe
  C:\Windows\System\NVRdvyI.exe
  2⤵
  PID:8880
- C:\Windows\System\zuOFWzL.exe
  C:\Windows\System\zuOFWzL.exe
  2⤵
  PID:8896
- C:\Windows\System\ivsvViI.exe
  C:\Windows\System\ivsvViI.exe
  2⤵
  PID:8900
- C:\Windows\System\tPwbOEY.exe
  C:\Windows\System\tPwbOEY.exe
  2⤵
  PID:8936
- C:\Windows\System\huovAEp.exe
  C:\Windows\System\huovAEp.exe
  2⤵
  PID:8920
- C:\Windows\System\NzzkrVn.exe
  C:\Windows\System\NzzkrVn.exe
  2⤵
  PID:8976
- C:\Windows\System\lPrATZL.exe
  C:\Windows\System\lPrATZL.exe
  2⤵
  PID:8996
- C:\Windows\System\OudatXz.exe
  C:\Windows\System\OudatXz.exe
  2⤵
  PID:9012
- C:\Windows\System\OTaFVnt.exe
  C:\Windows\System\OTaFVnt.exe
  2⤵
  PID:9028
- C:\Windows\System\bOXcIiI.exe
  C:\Windows\System\bOXcIiI.exe
  2⤵
  PID:9044
- C:\Windows\System\pPcANUk.exe
  C:\Windows\System\pPcANUk.exe
  2⤵
  PID:9060
- C:\Windows\System\TrxJuAy.exe
  C:\Windows\System\TrxJuAy.exe
  2⤵
  PID:9076
- C:\Windows\System\xMTyAvD.exe
  C:\Windows\System\xMTyAvD.exe
  2⤵
  PID:9096
- C:\Windows\System\uOFCuJq.exe
  C:\Windows\System\uOFCuJq.exe
  2⤵
  PID:9112
- C:\Windows\System\Xemkmxq.exe
  C:\Windows\System\Xemkmxq.exe
  2⤵
  PID:9128
- C:\Windows\System\ZASlwxz.exe
  C:\Windows\System\ZASlwxz.exe
  2⤵
  PID:9144
- C:\Windows\System\OntOirL.exe
  C:\Windows\System\OntOirL.exe
  2⤵
  PID:9160
- C:\Windows\System\bSiuIkC.exe
  C:\Windows\System\bSiuIkC.exe
  2⤵
  PID:9176
- C:\Windows\System\dHuhFev.exe
  C:\Windows\System\dHuhFev.exe
  2⤵
  PID:2848
- C:\Windows\System\PrEePOY.exe
  C:\Windows\System\PrEePOY.exe
  2⤵
  PID:8536
- C:\Windows\System\rxcDLho.exe
  C:\Windows\System\rxcDLho.exe
  2⤵
  PID:8268
- C:\Windows\System\zapmwnM.exe
  C:\Windows\System\zapmwnM.exe
  2⤵
  PID:7208
- C:\Windows\System\zDvNmgL.exe
  C:\Windows\System\zDvNmgL.exe
  2⤵
  PID:388
- C:\Windows\System\qnWQGpR.exe
  C:\Windows\System\qnWQGpR.exe
  2⤵
  PID:8212
- C:\Windows\System\meYbSBp.exe
  C:\Windows\System\meYbSBp.exe
  2⤵
  PID:8288
- C:\Windows\System\UXAoXjd.exe
  C:\Windows\System\UXAoXjd.exe
  2⤵
  PID:8304
- C:\Windows\System\iCZCXon.exe
  C:\Windows\System\iCZCXon.exe
  2⤵
  PID:8316
- C:\Windows\System\LAeUmKX.exe
  C:\Windows\System\LAeUmKX.exe
  2⤵
  PID:8332
- C:\Windows\System\bjcmzip.exe
  C:\Windows\System\bjcmzip.exe
  2⤵
  PID:8348
- C:\Windows\System\QofDmxT.exe
  C:\Windows\System\QofDmxT.exe
  2⤵
  PID:8364
- C:\Windows\System\drrdgRS.exe
  C:\Windows\System\drrdgRS.exe
  2⤵
  PID:8380
- C:\Windows\System\LoKuWUW.exe
  C:\Windows\System\LoKuWUW.exe
  2⤵
  PID:8396
- C:\Windows\System\DUpkAYG.exe
  C:\Windows\System\DUpkAYG.exe
  2⤵
  PID:8412
- C:\Windows\System\zBgIgNq.exe
  C:\Windows\System\zBgIgNq.exe
  2⤵
  PID:8428
- C:\Windows\System\GrSnffg.exe
  C:\Windows\System\GrSnffg.exe
  2⤵
  PID:8444
- C:\Windows\System\sQTsfrc.exe
  C:\Windows\System\sQTsfrc.exe
  2⤵
  PID:8460
- C:\Windows\System\VlKwIOS.exe
  C:\Windows\System\VlKwIOS.exe
  2⤵
  PID:8476
- C:\Windows\System\nSLygue.exe
  C:\Windows\System\nSLygue.exe
  2⤵
  PID:8492
- C:\Windows\System\kCkxKZS.exe
  C:\Windows\System\kCkxKZS.exe
  2⤵
  PID:8508
- C:\Windows\System\xRRWqhb.exe
  C:\Windows\System\xRRWqhb.exe
  2⤵
  PID:8524
- C:\Windows\System\yjuIrcK.exe
  C:\Windows\System\yjuIrcK.exe
  2⤵
  PID:2112
- C:\Windows\System\nPThaaw.exe
  C:\Windows\System\nPThaaw.exe
  2⤵
  PID:1236
- C:\Windows\System\ogQBTDe.exe
  C:\Windows\System\ogQBTDe.exe
  2⤵
  PID:8572
- C:\Windows\System\qbEIZaU.exe
  C:\Windows\System\qbEIZaU.exe
  2⤵
  PID:8632
- C:\Windows\System\qJkZpBg.exe
  C:\Windows\System\qJkZpBg.exe
  2⤵
  PID:8716
- C:\Windows\System\ZtYHWQv.exe
  C:\Windows\System\ZtYHWQv.exe
  2⤵
  PID:8756
- C:\Windows\System\mnOGsjk.exe
  C:\Windows\System\mnOGsjk.exe
  2⤵
  PID:8824
- C:\Windows\System\iTgDHLx.exe
  C:\Windows\System\iTgDHLx.exe
  2⤵
  PID:1928
- C:\Windows\System\BCwZVpr.exe
  C:\Windows\System\BCwZVpr.exe
  2⤵
  PID:8912
- C:\Windows\System\DFzyhFn.exe
  C:\Windows\System\DFzyhFn.exe
  2⤵
  PID:7664
- C:\Windows\System\LAuwkDw.exe
  C:\Windows\System\LAuwkDw.exe
  2⤵
  PID:8048
- C:\Windows\System\nraMliw.exe
  C:\Windows\System\nraMliw.exe
  2⤵
  PID:8128
- C:\Windows\System\GcHtqEZ.exe
  C:\Windows\System\GcHtqEZ.exe
  2⤵
  PID:2784
- C:\Windows\System\wmOdJhg.exe
  C:\Windows\System\wmOdJhg.exe
  2⤵
  PID:8112
- C:\Windows\System\jagTZnH.exe
  C:\Windows\System\jagTZnH.exe
  2⤵
  PID:2916
- C:\Windows\System\yTXjJnz.exe
  C:\Windows\System\yTXjJnz.exe
  2⤵
  PID:1296
- C:\Windows\System\ThezVMz.exe
  C:\Windows\System\ThezVMz.exe
  2⤵
  PID:8732
- C:\Windows\System\FfNeOag.exe
  C:\Windows\System\FfNeOag.exe
  2⤵
  PID:8740
- C:\Windows\System\kIqfxQc.exe
  C:\Windows\System\kIqfxQc.exe
  2⤵
  PID:8804
- C:\Windows\System\ndVHjln.exe
  C:\Windows\System\ndVHjln.exe
  2⤵
  PID:8868
- C:\Windows\System\YURPMCT.exe
  C:\Windows\System\YURPMCT.exe
  2⤵
  PID:8888
- C:\Windows\System\cqsnjDV.exe
  C:\Windows\System\cqsnjDV.exe
  2⤵
  PID:8904
- C:\Windows\System\BnizEJr.exe
  C:\Windows\System\BnizEJr.exe
  2⤵
  PID:2960
- C:\Windows\System\QSkxdMT.exe
  C:\Windows\System\QSkxdMT.exe
  2⤵
  PID:8612
- C:\Windows\System\qPdFoBW.exe
  C:\Windows\System\qPdFoBW.exe
  2⤵
  PID:8932
- C:\Windows\System\WTEytCt.exe
  C:\Windows\System\WTEytCt.exe
  2⤵
  PID:8960
- C:\Windows\System\OqCzwQb.exe
  C:\Windows\System\OqCzwQb.exe
  2⤵
  PID:2144
- C:\Windows\System\nxzRpMn.exe
  C:\Windows\System\nxzRpMn.exe
  2⤵
  PID:2564
- C:\Windows\System\dHTDlgm.exe
  C:\Windows\System\dHTDlgm.exe
  2⤵
  PID:2484
- C:\Windows\System\NzCCiUq.exe
  C:\Windows\System\NzCCiUq.exe
  2⤵
  PID:8992
- C:\Windows\System\hHZFWha.exe
  C:\Windows\System\hHZFWha.exe
  2⤵
  PID:9052
- C:\Windows\System\KxJXdPb.exe
  C:\Windows\System\KxJXdPb.exe
  2⤵
  PID:9072
- C:\Windows\System\amdsCbM.exe
  C:\Windows\System\amdsCbM.exe
  2⤵
  PID:9100
- C:\Windows\System\DlHtQhm.exe
  C:\Windows\System\DlHtQhm.exe
  2⤵
  PID:9168
- C:\Windows\System\XgLPCMI.exe
  C:\Windows\System\XgLPCMI.exe
  2⤵
  PID:9088
- C:\Windows\System\HYSDLdB.exe
  C:\Windows\System\HYSDLdB.exe
  2⤵
  PID:4412
- C:\Windows\System\ZyriFgT.exe
  C:\Windows\System\ZyriFgT.exe
  2⤵
  PID:8324
- C:\Windows\System\CgrfYeW.exe
  C:\Windows\System\CgrfYeW.exe
  2⤵
  PID:8388
- C:\Windows\System\LraVChA.exe
  C:\Windows\System\LraVChA.exe
  2⤵
  PID:8456
- C:\Windows\System\yQMdaIs.exe
  C:\Windows\System\yQMdaIs.exe
  2⤵
  PID:9124
- C:\Windows\System\vPtDErt.exe
  C:\Windows\System\vPtDErt.exe
  2⤵
  PID:9156
- C:\Windows\System\LEsiAeE.exe
  C:\Windows\System\LEsiAeE.exe
  2⤵
  PID:8272
- C:\Windows\System\agHZVqm.exe
  C:\Windows\System\agHZVqm.exe
  2⤵
  PID:7952
- C:\Windows\System\Rkapaem.exe
  C:\Windows\System\Rkapaem.exe
  2⤵
  PID:8532
- C:\Windows\System\vFYUbwX.exe
  C:\Windows\System\vFYUbwX.exe
  2⤵
  PID:2824
- C:\Windows\System\wOhTlNd.exe
  C:\Windows\System\wOhTlNd.exe
  2⤵
  PID:8680
- C:\Windows\System\RFzKQND.exe
  C:\Windows\System\RFzKQND.exe
  2⤵
  PID:7352
- C:\Windows\System\mLusTvo.exe
  C:\Windows\System\mLusTvo.exe
  2⤵
  PID:8180
- C:\Windows\System\aceKjJT.exe
  C:\Windows\System\aceKjJT.exe
  2⤵
  PID:8696
- C:\Windows\System\UKsNrOU.exe
  C:\Windows\System\UKsNrOU.exe
  2⤵
  PID:1708
- C:\Windows\System\putDuaE.exe
  C:\Windows\System\putDuaE.exe
  2⤵
  PID:6960
- C:\Windows\System\VqMRqzI.exe
  C:\Windows\System\VqMRqzI.exe
  2⤵
  PID:8408
- C:\Windows\System\BHZrDnm.exe
  C:\Windows\System\BHZrDnm.exe
  2⤵
  PID:1060
- C:\Windows\System\DWPTYVC.exe
  C:\Windows\System\DWPTYVC.exe
  2⤵
  PID:7120
- C:\Windows\System\QLUPsLH.exe
  C:\Windows\System\QLUPsLH.exe
  2⤵
  PID:8164
- C:\Windows\System\HfvYLVZ.exe
  C:\Windows\System\HfvYLVZ.exe
  2⤵
  PID:8244
- C:\Windows\System\qmisaHi.exe
  C:\Windows\System\qmisaHi.exe
  2⤵
  PID:8664
- C:\Windows\System\dtnhOIC.exe
  C:\Windows\System\dtnhOIC.exe
  2⤵
  PID:8872
- C:\Windows\System\RqknOmy.exe
  C:\Windows\System\RqknOmy.exe
  2⤵
  PID:2904
- C:\Windows\System\PgqUcan.exe
  C:\Windows\System\PgqUcan.exe
  2⤵
  PID:2704
- C:\Windows\System\aWTdukl.exe
  C:\Windows\System\aWTdukl.exe
  2⤵
  PID:7148
- C:\Windows\System\sfJTlUG.exe
  C:\Windows\System\sfJTlUG.exe
  2⤵
  PID:9004
- C:\Windows\System\OlnUFsO.exe
  C:\Windows\System\OlnUFsO.exe
  2⤵
  PID:9136
- C:\Windows\System\LXFexgs.exe
  C:\Windows\System\LXFexgs.exe
  2⤵
  PID:9020
- C:\Windows\System\zMkQaqZ.exe
  C:\Windows\System\zMkQaqZ.exe
  2⤵
  PID:8424
- C:\Windows\System\yeRLeGR.exe
  C:\Windows\System\yeRLeGR.exe
  2⤵
  PID:2700
- C:\Windows\System\jiyuWlB.exe
  C:\Windows\System\jiyuWlB.exe
  2⤵
  PID:9068
- C:\Windows\System\crWaCEN.exe
  C:\Windows\System\crWaCEN.exe
  2⤵
  PID:8420
- C:\Windows\System\ghcQVdZ.exe
  C:\Windows\System\ghcQVdZ.exe
  2⤵
  PID:7612
- C:\Windows\System\cWDRtte.exe
  C:\Windows\System\cWDRtte.exe
  2⤵
  PID:448
- C:\Windows\System\mBckVkS.exe
  C:\Windows\System\mBckVkS.exe
  2⤵
  PID:8116
- C:\Windows\System\TIJptoy.exe
  C:\Windows\System\TIJptoy.exe
  2⤵
  PID:8376
- C:\Windows\System\wmBGPtP.exe
  C:\Windows\System\wmBGPtP.exe
  2⤵
  PID:8788
- C:\Windows\System\EBpZkCu.exe
  C:\Windows\System\EBpZkCu.exe
  2⤵
  PID:8700
- C:\Windows\System\ClJNozC.exe
  C:\Windows\System\ClJNozC.exe
  2⤵
  PID:2980
- C:\Windows\System\tVbVaVi.exe
  C:\Windows\System\tVbVaVi.exe
  2⤵
  PID:8568
- C:\Windows\System\xBuwHYv.exe
  C:\Windows\System\xBuwHYv.exe
  2⤵
  PID:8792
- C:\Windows\System\DTWDoBk.exe
  C:\Windows\System\DTWDoBk.exe
  2⤵
  PID:8968
- C:\Windows\System\KzsvSvZ.exe
  C:\Windows\System\KzsvSvZ.exe
  2⤵
  PID:2976
- C:\Windows\System\oqKexFE.exe
  C:\Windows\System\oqKexFE.exe
  2⤵
  PID:9224
- C:\Windows\System\PDnIgiF.exe
  C:\Windows\System\PDnIgiF.exe
  2⤵
  PID:9240
- C:\Windows\System\xDMonKK.exe
  C:\Windows\System\xDMonKK.exe
  2⤵
  PID:9256
- C:\Windows\System\FWhyuoR.exe
  C:\Windows\System\FWhyuoR.exe
  2⤵
  PID:9272
- C:\Windows\System\EKkQOCW.exe
  C:\Windows\System\EKkQOCW.exe
  2⤵
  PID:9288
- C:\Windows\System\MzuvyLa.exe
  C:\Windows\System\MzuvyLa.exe
  2⤵
  PID:9304
- C:\Windows\System\tAVMtbS.exe
  C:\Windows\System\tAVMtbS.exe
  2⤵
  PID:9320
- C:\Windows\System\fUiiwwb.exe
  C:\Windows\System\fUiiwwb.exe
  2⤵
  PID:9336
- C:\Windows\System\QOXjDOu.exe
  C:\Windows\System\QOXjDOu.exe
  2⤵
  PID:9352
- C:\Windows\System\ggLZpUY.exe
  C:\Windows\System\ggLZpUY.exe
  2⤵
  PID:9368
- C:\Windows\System\qqDdGIG.exe
  C:\Windows\System\qqDdGIG.exe
  2⤵
  PID:9384
- C:\Windows\System\EcSqvrv.exe
  C:\Windows\System\EcSqvrv.exe
  2⤵
  PID:9400
- C:\Windows\System\LOdEoZP.exe
  C:\Windows\System\LOdEoZP.exe
  2⤵
  PID:9416
- C:\Windows\System\KOWmfLU.exe
  C:\Windows\System\KOWmfLU.exe
  2⤵
  PID:9432
- C:\Windows\System\zywBxZq.exe
  C:\Windows\System\zywBxZq.exe
  2⤵
  PID:9448
- C:\Windows\System\wsgEMbH.exe
  C:\Windows\System\wsgEMbH.exe
  2⤵
  PID:9464
- C:\Windows\System\aWupvdp.exe
  C:\Windows\System\aWupvdp.exe
  2⤵
  PID:9480
- C:\Windows\System\IJjyzjf.exe
  C:\Windows\System\IJjyzjf.exe
  2⤵
  PID:9496
- C:\Windows\System\CcbsMbb.exe
  C:\Windows\System\CcbsMbb.exe
  2⤵
  PID:9512
- C:\Windows\System\HkZqbgL.exe
  C:\Windows\System\HkZqbgL.exe
  2⤵
  PID:9528
- C:\Windows\System\REuNozw.exe
  C:\Windows\System\REuNozw.exe
  2⤵
  PID:9544
- C:\Windows\System\dRrQQgx.exe
  C:\Windows\System\dRrQQgx.exe
  2⤵
  PID:9560
- C:\Windows\System\HgIErXU.exe
  C:\Windows\System\HgIErXU.exe
  2⤵
  PID:9576
- C:\Windows\System\mtSHXcB.exe
  C:\Windows\System\mtSHXcB.exe
  2⤵
  PID:9592
- C:\Windows\System\opMLlnv.exe
  C:\Windows\System\opMLlnv.exe
  2⤵
  PID:9608
- C:\Windows\System\hjfEOgn.exe
  C:\Windows\System\hjfEOgn.exe
  2⤵
  PID:9624
- C:\Windows\System\GPOgdWR.exe
  C:\Windows\System\GPOgdWR.exe
  2⤵
  PID:9640
- C:\Windows\System\UxHWouX.exe
  C:\Windows\System\UxHWouX.exe
  2⤵
  PID:9656
- C:\Windows\System\sTmsljZ.exe
  C:\Windows\System\sTmsljZ.exe
  2⤵
  PID:9672
- C:\Windows\System\SzFkKZB.exe
  C:\Windows\System\SzFkKZB.exe
  2⤵
  PID:9688
- C:\Windows\System\khgjOci.exe
  C:\Windows\System\khgjOci.exe
  2⤵
  PID:9704
- C:\Windows\System\bcjiMgq.exe
  C:\Windows\System\bcjiMgq.exe
  2⤵
  PID:9720
- C:\Windows\System\OcxpmtO.exe
  C:\Windows\System\OcxpmtO.exe
  2⤵
  PID:9736
- C:\Windows\System\XkGUoSx.exe
  C:\Windows\System\XkGUoSx.exe
  2⤵
  PID:9752
- C:\Windows\System\kLxzeHV.exe
  C:\Windows\System\kLxzeHV.exe
  2⤵
  PID:9768
- C:\Windows\System\jCPQFxR.exe
  C:\Windows\System\jCPQFxR.exe
  2⤵
  PID:9784
- C:\Windows\System\lOFeJoa.exe
  C:\Windows\System\lOFeJoa.exe
  2⤵
  PID:9800
- C:\Windows\System\kYXOADH.exe
  C:\Windows\System\kYXOADH.exe
  2⤵
  PID:9816
- C:\Windows\System\uDKYlGh.exe
  C:\Windows\System\uDKYlGh.exe
  2⤵
  PID:9832
- C:\Windows\System\SwrntUT.exe
  C:\Windows\System\SwrntUT.exe
  2⤵
  PID:9848
- C:\Windows\System\rbkIqpr.exe
  C:\Windows\System\rbkIqpr.exe
  2⤵
  PID:9864
- C:\Windows\System\TyaQHgj.exe
  C:\Windows\System\TyaQHgj.exe
  2⤵
  PID:9880
- C:\Windows\System\SmeHpFk.exe
  C:\Windows\System\SmeHpFk.exe
  2⤵
  PID:9896
- C:\Windows\System\SXKWwtU.exe
  C:\Windows\System\SXKWwtU.exe
  2⤵
  PID:9912
- C:\Windows\System\nHjJYJH.exe
  C:\Windows\System\nHjJYJH.exe
  2⤵
  PID:9928
- C:\Windows\System\OlYdtdv.exe
  C:\Windows\System\OlYdtdv.exe
  2⤵
  PID:9944
- C:\Windows\System\XfnItom.exe
  C:\Windows\System\XfnItom.exe
  2⤵
  PID:9960
- C:\Windows\System\YsCOVGI.exe
  C:\Windows\System\YsCOVGI.exe
  2⤵
  PID:9976
- C:\Windows\System\NOGgeGH.exe
  C:\Windows\System\NOGgeGH.exe
  2⤵
  PID:9996
- C:\Windows\System\NsRthap.exe
  C:\Windows\System\NsRthap.exe
  2⤵
  PID:10012
- C:\Windows\System\VmcwPmZ.exe
  C:\Windows\System\VmcwPmZ.exe
  2⤵
  PID:10028
- C:\Windows\System\ggbOJIe.exe
  C:\Windows\System\ggbOJIe.exe
  2⤵
  PID:10044
- C:\Windows\System\hmngiXC.exe
  C:\Windows\System\hmngiXC.exe
  2⤵
  PID:10060
- C:\Windows\System\ivoyqwp.exe
  C:\Windows\System\ivoyqwp.exe
  2⤵
  PID:10076
- C:\Windows\System\oWuyHQK.exe
  C:\Windows\System\oWuyHQK.exe
  2⤵
  PID:10092
- C:\Windows\System\dzubHMi.exe
  C:\Windows\System\dzubHMi.exe
  2⤵
  PID:10108
- C:\Windows\System\IlSUuMw.exe
  C:\Windows\System\IlSUuMw.exe
  2⤵
  PID:10124
- C:\Windows\System\iSMvNfT.exe
  C:\Windows\System\iSMvNfT.exe
  2⤵
  PID:10140
- C:\Windows\System\deICMyc.exe
  C:\Windows\System\deICMyc.exe
  2⤵
  PID:10156
- C:\Windows\System\vhiBrYI.exe
  C:\Windows\System\vhiBrYI.exe
  2⤵
  PID:10172
- C:\Windows\System\RmruyFp.exe
  C:\Windows\System\RmruyFp.exe
  2⤵
  PID:10188
- C:\Windows\System\VziVOrs.exe
  C:\Windows\System\VziVOrs.exe
  2⤵
  PID:10204
- C:\Windows\System\rbwSiTC.exe
  C:\Windows\System\rbwSiTC.exe
  2⤵
  PID:10220
- C:\Windows\System\uBQupTZ.exe
  C:\Windows\System\uBQupTZ.exe
  2⤵
  PID:10236
- C:\Windows\System\OduWiKL.exe
  C:\Windows\System\OduWiKL.exe
  2⤵
  PID:8404
- C:\Windows\System\ldOkLJM.exe
  C:\Windows\System\ldOkLJM.exe
  2⤵
  PID:3056
- C:\Windows\System\BMfgOdi.exe
  C:\Windows\System\BMfgOdi.exe
  2⤵
  PID:9280
- C:\Windows\System\fTmVHNL.exe
  C:\Windows\System\fTmVHNL.exe
  2⤵
  PID:9552
- C:\Windows\System\rWzlaBa.exe
  C:\Windows\System\rWzlaBa.exe
  2⤵
  PID:9536
- C:\Windows\System\MjYNiTM.exe
  C:\Windows\System\MjYNiTM.exe
  2⤵
  PID:8948
- C:\Windows\System\vJNwWhA.exe
  C:\Windows\System\vJNwWhA.exe
  2⤵
  PID:9744
- C:\Windows\System\NBTXSmG.exe
  C:\Windows\System\NBTXSmG.exe
  2⤵
  PID:8552
- C:\Windows\System\wbrAjUL.exe
  C:\Windows\System\wbrAjUL.exe
  2⤵
  PID:9268
- C:\Windows\System\AQUJKNb.exe
  C:\Windows\System\AQUJKNb.exe
  2⤵
  PID:9364
- C:\Windows\System\RSLmkBp.exe
  C:\Windows\System\RSLmkBp.exe
  2⤵
  PID:9456
- C:\Windows\System\AggSxwc.exe
  C:\Windows\System\AggSxwc.exe
  2⤵
  PID:9520
- C:\Windows\System\grRLyjP.exe
  C:\Windows\System\grRLyjP.exe
  2⤵
  PID:9648
- C:\Windows\System\udKawWa.exe
  C:\Windows\System\udKawWa.exe
  2⤵
  PID:9712
- C:\Windows\System\rwpPzbn.exe
  C:\Windows\System\rwpPzbn.exe
  2⤵
  PID:2328
- C:\Windows\System\kCEIrNu.exe
  C:\Windows\System\kCEIrNu.exe
  2⤵
  PID:8468
- C:\Windows\System\dYHSWbS.exe
  C:\Windows\System\dYHSWbS.exe
  2⤵
  PID:8312
- C:\Windows\System\fHHFodP.exe
  C:\Windows\System\fHHFodP.exe
  2⤵
  PID:9760
- C:\Windows\System\sEIavUO.exe
  C:\Windows\System\sEIavUO.exe
  2⤵
  PID:9348
- C:\Windows\System\hXNccSk.exe
  C:\Windows\System\hXNccSk.exe
  2⤵
  PID:9632
- C:\Windows\System\weoPwbM.exe
  C:\Windows\System\weoPwbM.exe
  2⤵
  PID:9380
- C:\Windows\System\VpAJsaX.exe
  C:\Windows\System\VpAJsaX.exe
  2⤵
  PID:9444
- C:\Windows\System\CsYyByd.exe
  C:\Windows\System\CsYyByd.exe
  2⤵
  PID:9636
- C:\Windows\System\xcfsGqE.exe
  C:\Windows\System\xcfsGqE.exe
  2⤵
  PID:9764
- C:\Windows\System\EfYwmMh.exe
  C:\Windows\System\EfYwmMh.exe
  2⤵
  PID:9812
- C:\Windows\System\SOExsaW.exe
  C:\Windows\System\SOExsaW.exe
  2⤵
  PID:9876
- C:\Windows\System\ZLVDQeo.exe
  C:\Windows\System\ZLVDQeo.exe
  2⤵
  PID:9936
- C:\Windows\System\Qplnkcn.exe
  C:\Windows\System\Qplnkcn.exe
  2⤵
  PID:9972
- C:\Windows\System\NViyTxI.exe
  C:\Windows\System\NViyTxI.exe
  2⤵
  PID:9860
- C:\Windows\System\VVXWVVR.exe
  C:\Windows\System\VVXWVVR.exe
  2⤵
  PID:10040
- C:\Windows\System\sOtEOJU.exe
  C:\Windows\System\sOtEOJU.exe
  2⤵
  PID:10104
- C:\Windows\System\cIYLWLn.exe
  C:\Windows\System\cIYLWLn.exe
  2⤵
  PID:9892
- C:\Windows\System\paahpRP.exe
  C:\Windows\System\paahpRP.exe
  2⤵
  PID:9956
- C:\Windows\System\xgpLJgh.exe
  C:\Windows\System\xgpLJgh.exe
  2⤵
  PID:10024
- C:\Windows\System\okiYBEF.exe
  C:\Windows\System\okiYBEF.exe
  2⤵
  PID:10120
- C:\Windows\System\OxIpLpu.exe
  C:\Windows\System\OxIpLpu.exe
  2⤵
  PID:10216
- C:\Windows\System\LKRbpXI.exe
  C:\Windows\System\LKRbpXI.exe
  2⤵
  PID:308
- C:\Windows\System\tXFHuXR.exe
  C:\Windows\System\tXFHuXR.exe
  2⤵
  PID:9204
- C:\Windows\System\EoTcKYZ.exe
  C:\Windows\System\EoTcKYZ.exe
  2⤵
  PID:10132
- C:\Windows\System\gWCeHkB.exe
  C:\Windows\System\gWCeHkB.exe
  2⤵
  PID:10196
- C:\Windows\System\nlzGGYc.exe
  C:\Windows\System\nlzGGYc.exe
  2⤵
  PID:1776
- C:\Windows\System\qCkgAhw.exe
  C:\Windows\System\qCkgAhw.exe
  2⤵
  PID:9360
- C:\Windows\System\DIGzbuF.exe
  C:\Windows\System\DIGzbuF.exe
  2⤵
  PID:9264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AKwmOed.exe

Filesize
6.0MB

MD5
73cdd5dd5ddc78da622479223ce8c035

SHA1
62e1323fd9995d11211508888556179ef9bdb3a8

SHA256
7131a2e8c887a6e25fa87b0c9a7813e25e83e4d82884c2d7d6912f505f67c5f5

SHA512
ea67d0e868a02a1e118efe2729530f5a43ec23071657b0e87588a24c6825d8e531b18a00e618ad8916c73c3ffc4140364472f0c21f3240df430392fd415d014b

Download Submit
C:\Windows\system\BSXtLnc.exe

Filesize
6.0MB

MD5
21e1bdef05372b6187feedd2ceccb511

SHA1
b289d4a7673bbdf8f46b1f813d5aaa335d648abe

SHA256
64fa1079c7d852577d53016ce6457c36598753ee4b4aead57fc3a7a5d6fe9bac

SHA512
d123224d8dccb91e9f57cde8a0c56f517f18ebea0fd11f61c8345e1d42391daa4820a475ee6ae037798aa1e34a08054936a1209a51f815ed602a29ec2a6c8371

Download Submit
C:\Windows\system\BTcrmWl.exe

Filesize
6.0MB

MD5
5e30cfc76c96d37a11fffb07ae2c1012

SHA1
d079a66ffb14b235da098d6c72df5f325339c4b4

SHA256
72be777753298ddd2a36590e6c3a7527b9dd8cfa8087e94128e0c7d268bad93c

SHA512
46a876685734958a7b447e02aedfd9c6d1e7228531ea0a7938e91817dddc758fdb026091a9e0d21056ae799445c04f2db124d57ee45cda92ec0f81f8fd61577c

Download Submit
C:\Windows\system\BZbQfoy.exe

Filesize
6.0MB

MD5
c4adebee611e867431ecc247ee03a4b3

SHA1
1880540b92ff43c870e68981b40815a7eb65ed72

SHA256
afe98ef09f4c5eb5ef9436513380c5d95e09dca090cf5c8e5f20d7d7d5f43287

SHA512
0a79630ea71268d0520dd83b0845702d9ef41a576e728ddcc745a76124e326fd5c1b851df57637131e7e916c8143b339f4e88ffb1ea228aaef6357e527637989

Download Submit
C:\Windows\system\CPlcfzY.exe

Filesize
6.0MB

MD5
dbfcdecf7158de2fcc5beab42f7d782b

SHA1
aa1d3be03766000c208573be2818aa9b83105d89

SHA256
d6241469ff58f40dcdfe968a3ab6a9babcacf1c1b69a47afdc7ef00444921602

SHA512
314221d986d1822eabad4108b956187cb490f8f59dd606ff5553674ea25e66873dc94e918b23a048a208610ab4df97913b63395aa9f0eb4bb99f8b0dae990ebc

Download Submit
C:\Windows\system\CxrldgL.exe

Filesize
6.0MB

MD5
286456d18d7397dfbe17c07b2fbbfaf3

SHA1
9f7d118c98a6b5428db44c31d454de8da4c16c39

SHA256
0b7c1556625996f921e5ea95eb523fc5ba70abc33528c5fc2491f55a717dc33d

SHA512
234eab7e7ff108973f9b6a108fd9d9b2fd77c6b4651665849e8894a25e82a05e1170a86d45d3030fc1e10d8ee9a166b4f62f35dc6c5c668d5cb3fc152cd2d068

Download Submit
C:\Windows\system\FGFSZST.exe

Filesize
6.0MB

MD5
236d70024f0a5eb5b52563556975fb00

SHA1
fbef8186565c4bcc1c2e1a687ca9bbd1c36fa97c

SHA256
45f9437cc5418d87b0339c8dd547df511b403df918d63ae44a60d02c13facc97

SHA512
807517bf0f6897719030d0ae604c05c3b5a8efae093f2def3a4f5c54be18d85ddd097967fba743101831f37364928ad932a7574121e08506598bed87b612cad3

Download Submit
C:\Windows\system\FxmeLUA.exe

Filesize
6.0MB

MD5
7189129cd02131e9629ba3f32f15ca0d

SHA1
367e844aa9bf49e06cd5c815052fbf819ee38d3f

SHA256
dcfc498cef0c69f314e654bd3eac45b5ef0f1726d3f2b6992809fff7f6475402

SHA512
a38684f30933234e70a7827161ce14ef15f6da563c7118e6b0a9f52043284bea20eb5d5c0d6e1000b7ae4d4b186239c64783f731a3de38231ff0381232968977

Download Submit
C:\Windows\system\IJclgsl.exe

Filesize
6.0MB

MD5
3889a384fb6df5cb05129293aa57e43b

SHA1
5cd9bfd13941b03adef65032f46ab319813c523d

SHA256
ba9d665057c5a4869152090be038466b55e2578fb8396a2a3f57fa75b5145026

SHA512
0ea919498d777ad1d2cc5389bc73c9c1c653089680c9efbdb8e84d425e6b3eb592cdbf6849cf2ac376b9f5e3e993253b40f59939c3b12777d1320ecdfb75b80f

Download Submit
C:\Windows\system\JKOTzhi.exe

Filesize
6.0MB

MD5
96c866a9ee45a28efad96371216cb7a3

SHA1
12e05f6304c90b86b037f8d4c9b26d7df3dfeea1

SHA256
4157c491e1569dd29f7f867e5200d1928401b61ef71efae4b19af4aa4eb06d7f

SHA512
a3584806d81e059ac6580cb6cc9a30e28cb2f9a1cbabe9d165fc467df609f81b1f79b3361ed044521e9b15619dc7c825f489bb37c6575e5eb0f0a27248dab062

Download Submit
C:\Windows\system\LVhTRJL.exe

Filesize
6.0MB

MD5
51695040a5d37e3c065110e8a39a89b6

SHA1
9443ee96938de9dd756588f5ac814727e41cab68

SHA256
b79c8a23f92b6b184ce041e08b9ab4c2bec61ecd75a4dd702243d4803c6c7a2f

SHA512
c31639062e259b67ff877989cd6af217f7fff4fa8dd2df40225efaad9b84f84bc854b543f9b6ddd4addb7b5ca71948ac33c2f5e18c0170e5998c0ba9b0d6f728

Download Submit
C:\Windows\system\McKONIG.exe

Filesize
6.0MB

MD5
560a6151bcfefb13afe193232fe7ff01

SHA1
55c2680761962d755141831506deaede234b3c4b

SHA256
697ab018ac82b031233ce4711e174985172a36a0b06a941faf00c8da2d3176b0

SHA512
cc802542ddc9a107146540030a11218716ff792ecf9a642981c1f6574b6f6de379af9e238018f7d1e62754c4cd14bf971cc07ef0fa7f1a6486c0cbb64bd904c8

Download Submit
C:\Windows\system\NBpxDLG.exe

Filesize
6.0MB

MD5
b07cd99359008675d05acf9aa8062f6c

SHA1
bc13a24bf31d4955c29ae96f92d8d620c55cc71a

SHA256
ba6462721eb5ed7a3a10c06e9e84741bc9c56b70d220e259eda2ca8977aede41

SHA512
669a9bfab2e017b3891ebec975493bc7a5f8643beaf68300440bccd9ba6a682a713444f31b7a0ed181c6904be43ff505b916cac03219e96df6bc6a34f1ad3202

Download Submit
C:\Windows\system\UAhbYrA.exe

Filesize
6.0MB

MD5
d611129aaef1ee35d99755b5ef0c75f6

SHA1
aa016bc97de39ae549bc7ec03448da41b8a3fbbd

SHA256
bb34e8ea615fd4a12afa5e2128da0b3f6b83e6ba0b4f5f1c5ca8ed88e534dfd1

SHA512
323a9e93d8d68355bdaa71c40587b5c0b7b5339b42c4b3d75bf7af4ed17b76bddeeec2b686d31b4b2e81e76d79440e72af9c3a051691f99bd11dc93897020e68

Download Submit
C:\Windows\system\VhjvaYH.exe

Filesize
6.0MB

MD5
0e7c1871185ffbbc30c4d28f878d95a8

SHA1
0be0f5bd5b04a0f525cba1aed8a5f77bbaaa7b6f

SHA256
b67a49e17cb6f4c573ca1ba6507315e5ff92bf747076e3446999c64fe260ef9c

SHA512
d5660f940509db3254a2f875e50e7e9566f6f65ad84b4f7c1d1ab33c31ec0cde846e81621fb6eb5b6f89175366f53fb7dbcae489e718789c124a9c98322c7b66

Download Submit
C:\Windows\system\XTJvDZp.exe

Filesize
6.0MB

MD5
046afa9e9dbac67a8eb809032215a5cf

SHA1
ab30002057954d78a4ee09fd31d1c5d4df6ea2d2

SHA256
8a0ef280263c3e75f51b4083dc3bc37a26a0a7e5128618cd85b8883f6667080f

SHA512
b9e60a1f120d35309597345723f56ba2ceb0181b6403fd9fc82bbf247e7d5886903423ba1ff1a217ae6866c5151d22608ea33f48b2d0f5ff47c7aa1d7efc73b7

Download Submit
C:\Windows\system\XsHyywA.exe

Filesize
6.0MB

MD5
24caa5815798c676303b56b372b8e356

SHA1
1de5694c9341a2b297e5e667bc5f7694364032da

SHA256
6e2332b46d37d984eaf2b3c4147ef7457007a5dc7ad32fe768ad8662ba9b08ae

SHA512
9e614b0b5b2e8af1fc5fa31460c9a2e0cc23fea7a9c2073e4a0a8ebc8fd4be60dcbc122acd80e1cad7d03366802d18060287bbd824a9d1bb025b2685530fda67

Download Submit
C:\Windows\system\aQnVLPC.exe

Filesize
6.0MB

MD5
e334c8ee0967bdbe164c4df0efbd1aa6

SHA1
58b3d0c40c0f5ec83c31ddb91e44aa862ad5cf98

SHA256
c7407fbec2ceb0d168ef9378d4b44347e9254c20d793c641ce993c167479999c

SHA512
c502d850ec6aef4b906adda16be15c899a1a07388cd4cf01e7d8012f46a63aa609c63b8eac12d0e6106fa5eda48eea04d877f970c1f432735895a77fbc6fd6b8

Download Submit
C:\Windows\system\acfMZNn.exe

Filesize
6.0MB

MD5
ef62913fa8febaf6f347bed3936d0c26

SHA1
d45c8307dd754521d284bd6f75e10c7c9e577645

SHA256
674c86cb14f3059ef145f0df0f91339c00b83ad39309178f3aceb93ec1d679a3

SHA512
8a54d426e133f96c3ab0ff8fa66926edf0949370e26a92d745f351fe8ea6b91e802b8a1b29b1e99892aa7ca1dea64ded2f7e1ededa324fe7a1bd6678568f3d13

Download Submit
C:\Windows\system\dpGFgLW.exe

Filesize
6.0MB

MD5
dfcbaf25a21e3312985f65e5336caef0

SHA1
a120fad4abe208ec087fd01f322c6c81637ae2a6

SHA256
f9f96dfac27836641b9ff0343d01757d58ab2fc5068366c5bbd92aca3376917a

SHA512
aeb5085728dcdeb19dbc2f06e351314cac1970eb8fc7f80f74df2cf27a875a4b303ac07ea4bde74e27d0d2ad962ca76140c0e7a92ac84a2b489e88c436933472

Download Submit
C:\Windows\system\ivEujOZ.exe

Filesize
6.0MB

MD5
99dbce5683e69bf7fec0033ce83c9b27

SHA1
ddd85249746709fb6db2e6a0b9a09121ddf3f8dd

SHA256
8994fcf74133089023e0e2f8bb0eb48626ae7481bb1a8e0a18397b336d77c16f

SHA512
e56bfc5d759425c4238b660847bbf47f02b3de0f904c28cfd364ba3f139e7e6a767d3e259a3a8be4a6013b60cbce4126a070f4879864bc9c1e2978cca49babe2

Download Submit
C:\Windows\system\jSdLDmR.exe

Filesize
6.0MB

MD5
b963a06362fa8d7b37153f9b1b6ee567

SHA1
59790277dd98274979e917bb9c9a5ec3e26e779c

SHA256
1e6180ab281cdd3fd42b72147c8130defacb80b76ffad60da1ff99cf39abee97

SHA512
aa5ac5a5e7cf13acb544d9e323bf8a2e58fc21b07dadc4820fd345cff8e7adf6b1abcb417e2fb40fcdeef1e9dcee29db580a5bca2f281a2d03c71166d07574a1

Download Submit
C:\Windows\system\kYBgugB.exe

Filesize
6.0MB

MD5
a3c1893debd5e8d9f87406f2aeaacc47

SHA1
88404d003bd13c613b619ae65537014640aae78f

SHA256
81ef8aec26aa568dacf6bacb1b66907c7dd473b57836f0b4890d67d63a366627

SHA512
00a995823ff2302eb8e9011b52ebe76c627dbb54390e9d9e6006c605b09a83acbbf92989532a4d9a347f8a80b0565d625d8c6676f3fdd0ed7980697036843566

Download Submit
C:\Windows\system\kkxmsXM.exe

Filesize
6.0MB

MD5
c2758dde28c0e5b610811acf588aea73

SHA1
83316c78b39d281fb639da54e04896e059682154

SHA256
a18661ceefa8e94722ad398938c28d08aae87054efc96edb1b8a31a7728ed558

SHA512
47fc1dec86577ab97557d712da5e9ede9d881feb7952d5c549cc4007bc810e9fb48e3c403737482de8378bfec9a60b40b7c6b98eef5630bc391917e6f250e657

Download Submit
C:\Windows\system\lKcDqjy.exe

Filesize
6.0MB

MD5
ac1782c5f0b505d556160d2eae22a3ac

SHA1
8eb0a192206d4361f7081726c7ffbd35f079908a

SHA256
e70cfbd3ed445e7098357235d2c405a8faeb089cb68baaf2f685bcef2f90100f

SHA512
1fe43a4fbad497e3ff8bfe50a9f1a6bbf3c429c6405645dbe98e69f25433a56dfac90f7bb1e1a148e0b399262519e315310a554e6c92fb15140b63f473fa44e4

Download Submit
C:\Windows\system\lpHCROQ.exe

Filesize
6.0MB

MD5
c2081903737211f906d1d5ea4c4b4d92

SHA1
d74871fb2125c32da367ca110737aa297946973a

SHA256
2c4653bacfc36df76ac32fd259fbd9de4aeedbf152ea5db6f0c37cb69d334690

SHA512
34e429f0ff95053f6d0fb077fa48e17186a43b8e676b7adc64c878a4c1358db90e7033ff37bbb6e7e52290019199df475b93f4c86def311e7941fd63159be4bd

Download Submit
C:\Windows\system\oYQCYtq.exe

Filesize
6.0MB

MD5
9b07d8156ea13b2cdedcb8ea47e2ddb5

SHA1
82742dae646d2d3326d5233a9280a7b7f19f9202

SHA256
c14c574b2b7221b2c458e5b55102e7b5bc45e7d78ddd764845fd84aa1c1335d7

SHA512
17ad3b9be3c1c48fc065fc0ea303c3cbe76f973ef6e9dd39411dd83aa1cca07ca2872bd7d8f812f8732bd30ec95af39e053432aa0b5a897371ee9a76e89f377c

Download Submit
C:\Windows\system\ovXMqDP.exe

Filesize
6.0MB

MD5
5dc58e6e8a75e9f1ff2e5551c6e19d84

SHA1
f998301cbd3932af06444af128c592a85d44e6f9

SHA256
4f4e72cb7e970220e7a2afcc1754a97007390cccb723ed351879a3d4643a8565

SHA512
021beebcd8255f9faf9d67e45a9fee506fa77369b9e6f94f9fa7870c31ee764c49cf2cf81385a588f97bbfc765e9435936f9e5c0ed088a25cf03bd41894180da

Download Submit
C:\Windows\system\uyRwmaX.exe

Filesize
6.0MB

MD5
1722267bff9d0e329dc5715b15d48f1c

SHA1
9d6fd22d3322960ac44c67de865a625fd5a52553

SHA256
d025803fa18731fa537941ef6e5a4fed2df4d5d15e09c56167f75b3eaf0a86cd

SHA512
4737371261005e55ae3a56c5de87f1b1544672ee6052f0a2d1463eb74dc6969ca7245506ecdf4f6cee3a205400b307c3506dc7b17d116ac24a234d5f22f40e9d

Download Submit
C:\Windows\system\yxkPzCd.exe

Filesize
6.0MB

MD5
841106ecf71cc96e67c617976260acc6

SHA1
b23d260411c0790be7aa262a9494a469eb03f76f

SHA256
7ae98c145f7ca03907c621f5d705cfa70719dfde8ad91592c3834f4ae93da186

SHA512
3102beae01a41404e0b6468f6856883617347aa8db87767e482dca41c08753a582e063c85c9500d3cc273b5d8dd91289eea25af1cb8d8bc06577cc91323b850a

Download Submit
\Windows\system\OTSvesW.exe

Filesize
6.0MB

MD5
9b0d27ceaeb7d7f9eb1d42dfc6671f36

SHA1
e82652b153131b919bdee96f6c504d2b98b929bd

SHA256
047fe0f8b2659d1fc8db0a65625d36d6402a7312eb992bd3abe3b311573167bf

SHA512
ab746a807f9e67a2abd1c04b18614ba987a61063e02bf9f72495b5984c88f8368d6831b53df558a7421cbee0b70e5faecc3c7a86d6d5b763dbdfd6d15267d814

Download Submit
\Windows\system\TXrGdnU.exe

Filesize
6.0MB

MD5
d724c2bc51926bee4d4fa65104a4675f

SHA1
3d554de5b82f89f01ce6257267acf001fd852bfa

SHA256
e3ad97c749f3efb1c32ad5aad43efb7eccc97ced3c1e2263e9089e6b11c3c20f

SHA512
a295cb3446c55d6bc6847f929775c91e33a1b50b3e894ef6ad2fa55c3901dcd69e7f55700c38dc3cfbc28bfd427c70f362eaaa9a105f0a214b80b8f91aa7948f

Download Submit
memory/604-89-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/604-4514-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/768-28-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/768-68-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/768-3514-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1536-54-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1536-14-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2036-96-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2292-74-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2292-88-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/2292-756-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/2292-612-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/2292-64-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2292-31-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2292-18-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2292-80-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2292-34-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/2292-503-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/2292-0-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2292-1-0x0000000000300000-0x0000000000310000-memory.dmp

Filesize
64KB

Download
memory/2292-390-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2292-283-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2292-102-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/2292-44-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2292-19-0x00000000021E0000-0x0000000002534000-memory.dmp

Filesize
3.3MB

Download
memory/2420-36-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2488-4483-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2488-75-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2504-81-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2608-48-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3515-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2608-12-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2660-69-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2664-66-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2664-101-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2752-39-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3517-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-82-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-94-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3518-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2776-49-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2832-83-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3519-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2832-41-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3512-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-62-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-95-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download