cobaltstrike | 051c39d300b4be26bb67ee683e4a6faecf72536a9ef2ece775cf2f6f17ab25e0

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-11-2024 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

90f22507c00d45614973f0e1d4b4dc25
SHA1

c7385c1887a3f9b86cf3e3ad2afb4b9fe64dd2e9
SHA256

051c39d300b4be26bb67ee683e4a6faecf72536a9ef2ece775cf2f6f17ab25e0
SHA512

14a2e7e65bb389cfc2e086fba3472ab46da4bb2606b342471eeb8690ad43e039905f2c48d5683d5a46a4a51837e2e4ad14b88616e964aa79c1b58f25375db818
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUQ:T+q56utgpPF8u/7Q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012263-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015ed2-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f96-17.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016009-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016334-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016210-39.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000164db-54.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015db6-46.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-71.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016645-62.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eb8-79.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-120.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-130.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-154.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-201.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-196.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-186.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-191.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-181.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-160.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-146.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a6-136.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-141.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746a-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017400-117.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707c-98.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f3-107.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edb-89.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2280-0-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x000b000000012263-3.dat	xmrig
behavioral1/memory/2280-6-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/files/0x0008000000015ed2-12.dat	xmrig
behavioral1/memory/2264-15-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/1404-11-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/files/0x0008000000015f96-17.dat	xmrig
behavioral1/files/0x0008000000016009-26.dat	xmrig
behavioral1/memory/2692-28-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016334-33.dat	xmrig
behavioral1/files/0x0007000000016210-39.dat	xmrig
behavioral1/memory/2744-41-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2876-43-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x00070000000164db-54.dat	xmrig
behavioral1/memory/1552-59-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x0009000000015db6-46.dat	xmrig
behavioral1/files/0x0006000000016de8-71.dat	xmrig
behavioral1/memory/2364-52-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0009000000016645-62.dat	xmrig
behavioral1/memory/2656-68-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/1992-91-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x0006000000016eb8-79.dat	xmrig
behavioral1/memory/2280-104-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/1568-109-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2656-108-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x0006000000017403-120.dat	xmrig
behavioral1/files/0x0006000000017488-130.dat	xmrig
behavioral1/files/0x0015000000018676-151.dat	xmrig
behavioral1/files/0x0005000000018696-154.dat	xmrig
behavioral1/files/0x0006000000018c44-176.dat	xmrig
behavioral1/files/0x00050000000191f6-201.dat	xmrig
behavioral1/memory/1828-645-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/1568-776-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2280-699-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/1992-502-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/1720-344-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/824-210-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191d2-196.dat	xmrig
behavioral1/files/0x000600000001904c-186.dat	xmrig
behavioral1/files/0x00060000000190e1-191.dat	xmrig
behavioral1/files/0x0006000000018f65-181.dat	xmrig
behavioral1/files/0x0006000000018c34-171.dat	xmrig
behavioral1/files/0x00050000000187a2-166.dat	xmrig
behavioral1/files/0x0005000000018697-160.dat	xmrig
behavioral1/files/0x000600000001757f-146.dat	xmrig
behavioral1/files/0x00060000000174a6-136.dat	xmrig
behavioral1/files/0x00060000000174c3-141.dat	xmrig
behavioral1/files/0x000600000001746a-126.dat	xmrig
behavioral1/files/0x0006000000017400-117.dat	xmrig
behavioral1/memory/1828-100-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2500-99-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x000600000001707c-98.dat	xmrig
behavioral1/memory/1720-84-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2876-83-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x00060000000173f3-107.dat	xmrig
behavioral1/memory/2280-105-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2364-90-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2280-65-0x00000000023C0000-0x0000000002714000-memory.dmp	xmrig
behavioral1/memory/2692-63-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016edb-89.dat	xmrig
behavioral1/memory/824-76-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2264-51-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/1404-47-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2744-75-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1404	SLQnGTc.exe
2264	vTDdAvw.exe
1552	nXDPXQI.exe
2692	hJonvSB.exe
2744	mHCkjqy.exe
2876	FjOyNPT.exe
2364	ohWgtYW.exe
2500	BeYijWx.exe
2656	KoefdLC.exe
824	QqFgUQk.exe
1720	smGCJoh.exe
1992	kVgILbV.exe
1828	wmRlihm.exe
1568	BasiwCx.exe
1676	VQhWAuf.exe
2768	ElWDFKa.exe
1884	UePbUPA.exe
1192	agQWFLE.exe
2776	nKSVTZz.exe
2684	getYFXO.exe
2232	JxMkyND.exe
2188	yKNqzRv.exe
2936	scNuUvW.exe
1108	qaOyvrw.exe
908	zNYzDmv.exe
1624	nvQDMaW.exe
2568	LVErvIb.exe
2036	HuBojMT.exe
1320	gCVRahy.exe
1876	mSJbNNb.exe
2028	daBMErk.exe
1612	fMiCHHp.exe
2144	rwzugPR.exe
1380	LVmBCWR.exe
1532	kcrgsXS.exe
1064	zcugbbk.exe
1540	jwikHzt.exe
2496	MWBLAel.exe
1736	CyUiAvd.exe
700	CNTjHbN.exe
1700	tPkyavw.exe
580	ciZjapW.exe
2528	SeHvqqP.exe
976	hsMhXnr.exe
2172	maLcJhT.exe
1648	JQNnEZF.exe
884	GwDnFUe.exe
768	GXWlmTA.exe
2104	tyyMNYB.exe
1600	CobgjBX.exe
2340	VuBKjvY.exe
2676	XNfcVSi.exe
2044	udDWZWq.exe
2872	JQAanuK.exe
2624	HajYnKr.exe
3064	SdiVurK.exe
2852	tDQoKzc.exe
3052	FgzZTmZ.exe
1892	zvrDtOC.exe
1680	LUbwGFR.exe
1716	gTvGcNF.exe
2808	LCHfljM.exe
2812	zGPiFqr.exe
2956	tYmAnpQ.exe

Loads dropped DLL 64 IoCs

pid	Process
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2280-0-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x000b000000012263-3.dat	upx
behavioral1/memory/2280-6-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x0008000000015ed2-12.dat	upx
behavioral1/memory/2264-15-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/1404-11-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x0008000000015f96-17.dat	upx
behavioral1/files/0x0008000000016009-26.dat	upx
behavioral1/memory/2692-28-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x0007000000016334-33.dat	upx
behavioral1/files/0x0007000000016210-39.dat	upx
behavioral1/memory/2744-41-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2876-43-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x00070000000164db-54.dat	upx
behavioral1/memory/1552-59-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x0009000000015db6-46.dat	upx
behavioral1/files/0x0006000000016de8-71.dat	upx
behavioral1/memory/2364-52-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0009000000016645-62.dat	upx
behavioral1/memory/2656-68-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/1992-91-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x0006000000016eb8-79.dat	upx
behavioral1/memory/1568-109-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2656-108-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x0006000000017403-120.dat	upx
behavioral1/files/0x0006000000017488-130.dat	upx
behavioral1/files/0x0015000000018676-151.dat	upx
behavioral1/files/0x0005000000018696-154.dat	upx
behavioral1/files/0x0006000000018c44-176.dat	upx
behavioral1/files/0x00050000000191f6-201.dat	upx
behavioral1/memory/1828-645-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/1568-776-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/1992-502-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/1720-344-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/824-210-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x00050000000191d2-196.dat	upx
behavioral1/files/0x000600000001904c-186.dat	upx
behavioral1/files/0x00060000000190e1-191.dat	upx
behavioral1/files/0x0006000000018f65-181.dat	upx
behavioral1/files/0x0006000000018c34-171.dat	upx
behavioral1/files/0x00050000000187a2-166.dat	upx
behavioral1/files/0x0005000000018697-160.dat	upx
behavioral1/files/0x000600000001757f-146.dat	upx
behavioral1/files/0x00060000000174a6-136.dat	upx
behavioral1/files/0x00060000000174c3-141.dat	upx
behavioral1/files/0x000600000001746a-126.dat	upx
behavioral1/files/0x0006000000017400-117.dat	upx
behavioral1/memory/1828-100-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2500-99-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x000600000001707c-98.dat	upx
behavioral1/memory/1720-84-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2876-83-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x00060000000173f3-107.dat	upx
behavioral1/memory/2364-90-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2280-64-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2692-63-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x0006000000016edb-89.dat	upx
behavioral1/memory/824-76-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2264-51-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/1404-47-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2744-75-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2500-60-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2280-42-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/1552-24-0x000000013FE40000-0x0000000140194000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xRZFrwY.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igFIGba.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFTTlEl.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lVbYQdm.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PECatRv.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RKIYSwR.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XkayDWa.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzrVYRQ.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MRFkYAH.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TNNwDIM.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kcjywgU.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXBxfei.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PxqpOZJ.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PKsQoRW.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iLMTXCx.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kcQdZqp.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TXpOwyT.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNTjHbN.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mRpakCm.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mXrCjul.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\plMjWNw.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvHyJZj.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gVZQfcw.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vemdCjT.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pxnzoQZ.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wCtaSRO.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qlEkTzp.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bnDFnLQ.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FGDOTKM.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwkUnQn.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eOkjyju.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WNJcUqB.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lHAqWJC.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gmFEXdr.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EUohxAV.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmKOccY.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nrkvYou.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INXFQvk.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vdjZPCX.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TWNtwFI.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\minRtHB.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\itzDFwq.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JmLIIYY.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\anabvdW.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zadlYRq.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rBalNIu.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RHTHDlB.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CUJtoYZ.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UwwRjyg.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aemRWMR.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kLUhCNA.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PecQvcW.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VWHOCfH.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rzUSLJd.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\huFSRKP.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Zoxtiqe.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HajYnKr.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CdPhQtw.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jbDcDNv.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gownVtq.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ypqQLxZ.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HXiWSuP.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ihhlGod.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKxquCx.exe	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 1404	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2280 wrote to memory of 1404	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2280 wrote to memory of 1404	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2280 wrote to memory of 2264	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2280 wrote to memory of 2264	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2280 wrote to memory of 2264	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2280 wrote to memory of 1552	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2280 wrote to memory of 1552	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2280 wrote to memory of 1552	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2280 wrote to memory of 2692	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2280 wrote to memory of 2692	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2280 wrote to memory of 2692	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2280 wrote to memory of 2876	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2280 wrote to memory of 2876	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2280 wrote to memory of 2876	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2280 wrote to memory of 2744	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2280 wrote to memory of 2744	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2280 wrote to memory of 2744	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2280 wrote to memory of 2364	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2280 wrote to memory of 2364	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2280 wrote to memory of 2364	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2280 wrote to memory of 2500	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2280 wrote to memory of 2500	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2280 wrote to memory of 2500	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2280 wrote to memory of 2656	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2280 wrote to memory of 2656	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2280 wrote to memory of 2656	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2280 wrote to memory of 824	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2280 wrote to memory of 824	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2280 wrote to memory of 824	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2280 wrote to memory of 1720	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2280 wrote to memory of 1720	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2280 wrote to memory of 1720	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2280 wrote to memory of 1992	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2280 wrote to memory of 1992	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2280 wrote to memory of 1992	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2280 wrote to memory of 1828	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2280 wrote to memory of 1828	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2280 wrote to memory of 1828	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2280 wrote to memory of 1568	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2280 wrote to memory of 1568	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2280 wrote to memory of 1568	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2280 wrote to memory of 1676	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2280 wrote to memory of 1676	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2280 wrote to memory of 1676	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2280 wrote to memory of 2768	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2280 wrote to memory of 2768	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2280 wrote to memory of 2768	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2280 wrote to memory of 1884	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2280 wrote to memory of 1884	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2280 wrote to memory of 1884	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2280 wrote to memory of 1192	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2280 wrote to memory of 1192	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2280 wrote to memory of 1192	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2280 wrote to memory of 2776	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2280 wrote to memory of 2776	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2280 wrote to memory of 2776	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2280 wrote to memory of 2684	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2280 wrote to memory of 2684	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2280 wrote to memory of 2684	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2280 wrote to memory of 2232	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2280 wrote to memory of 2232	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2280 wrote to memory of 2232	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2280 wrote to memory of 2188	2280	2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-17_90f22507c00d45614973f0e1d4b4dc25_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Windows\System\SLQnGTc.exe
  C:\Windows\System\SLQnGTc.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\vTDdAvw.exe
  C:\Windows\System\vTDdAvw.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\nXDPXQI.exe
  C:\Windows\System\nXDPXQI.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\hJonvSB.exe
  C:\Windows\System\hJonvSB.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\FjOyNPT.exe
  C:\Windows\System\FjOyNPT.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\mHCkjqy.exe
  C:\Windows\System\mHCkjqy.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\ohWgtYW.exe
  C:\Windows\System\ohWgtYW.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\BeYijWx.exe
  C:\Windows\System\BeYijWx.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\KoefdLC.exe
  C:\Windows\System\KoefdLC.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\QqFgUQk.exe
  C:\Windows\System\QqFgUQk.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\smGCJoh.exe
  C:\Windows\System\smGCJoh.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\kVgILbV.exe
  C:\Windows\System\kVgILbV.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\wmRlihm.exe
  C:\Windows\System\wmRlihm.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\BasiwCx.exe
  C:\Windows\System\BasiwCx.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\VQhWAuf.exe
  C:\Windows\System\VQhWAuf.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\ElWDFKa.exe
  C:\Windows\System\ElWDFKa.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\UePbUPA.exe
  C:\Windows\System\UePbUPA.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\agQWFLE.exe
  C:\Windows\System\agQWFLE.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\nKSVTZz.exe
  C:\Windows\System\nKSVTZz.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\getYFXO.exe
  C:\Windows\System\getYFXO.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\JxMkyND.exe
  C:\Windows\System\JxMkyND.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\yKNqzRv.exe
  C:\Windows\System\yKNqzRv.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\scNuUvW.exe
  C:\Windows\System\scNuUvW.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\qaOyvrw.exe
  C:\Windows\System\qaOyvrw.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\zNYzDmv.exe
  C:\Windows\System\zNYzDmv.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\nvQDMaW.exe
  C:\Windows\System\nvQDMaW.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\LVErvIb.exe
  C:\Windows\System\LVErvIb.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\HuBojMT.exe
  C:\Windows\System\HuBojMT.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\gCVRahy.exe
  C:\Windows\System\gCVRahy.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\mSJbNNb.exe
  C:\Windows\System\mSJbNNb.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\daBMErk.exe
  C:\Windows\System\daBMErk.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\fMiCHHp.exe
  C:\Windows\System\fMiCHHp.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\rwzugPR.exe
  C:\Windows\System\rwzugPR.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\LVmBCWR.exe
  C:\Windows\System\LVmBCWR.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\kcrgsXS.exe
  C:\Windows\System\kcrgsXS.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\zcugbbk.exe
  C:\Windows\System\zcugbbk.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\jwikHzt.exe
  C:\Windows\System\jwikHzt.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\MWBLAel.exe
  C:\Windows\System\MWBLAel.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\CyUiAvd.exe
  C:\Windows\System\CyUiAvd.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\CNTjHbN.exe
  C:\Windows\System\CNTjHbN.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\tPkyavw.exe
  C:\Windows\System\tPkyavw.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\ciZjapW.exe
  C:\Windows\System\ciZjapW.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\SeHvqqP.exe
  C:\Windows\System\SeHvqqP.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\hsMhXnr.exe
  C:\Windows\System\hsMhXnr.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\maLcJhT.exe
  C:\Windows\System\maLcJhT.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\JQNnEZF.exe
  C:\Windows\System\JQNnEZF.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\GwDnFUe.exe
  C:\Windows\System\GwDnFUe.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\GXWlmTA.exe
  C:\Windows\System\GXWlmTA.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\tyyMNYB.exe
  C:\Windows\System\tyyMNYB.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\CobgjBX.exe
  C:\Windows\System\CobgjBX.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\VuBKjvY.exe
  C:\Windows\System\VuBKjvY.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\XNfcVSi.exe
  C:\Windows\System\XNfcVSi.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\udDWZWq.exe
  C:\Windows\System\udDWZWq.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\JQAanuK.exe
  C:\Windows\System\JQAanuK.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\HajYnKr.exe
  C:\Windows\System\HajYnKr.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\SdiVurK.exe
  C:\Windows\System\SdiVurK.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\tDQoKzc.exe
  C:\Windows\System\tDQoKzc.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\FgzZTmZ.exe
  C:\Windows\System\FgzZTmZ.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\zvrDtOC.exe
  C:\Windows\System\zvrDtOC.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\LUbwGFR.exe
  C:\Windows\System\LUbwGFR.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\gTvGcNF.exe
  C:\Windows\System\gTvGcNF.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\LCHfljM.exe
  C:\Windows\System\LCHfljM.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\zGPiFqr.exe
  C:\Windows\System\zGPiFqr.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\tYmAnpQ.exe
  C:\Windows\System\tYmAnpQ.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\lLmCaZZ.exe
  C:\Windows\System\lLmCaZZ.exe
  2⤵
  PID:2436
- C:\Windows\System\bMQlQYm.exe
  C:\Windows\System\bMQlQYm.exe
  2⤵
  PID:2564
- C:\Windows\System\ywSDIdg.exe
  C:\Windows\System\ywSDIdg.exe
  2⤵
  PID:1132
- C:\Windows\System\blsNTnB.exe
  C:\Windows\System\blsNTnB.exe
  2⤵
  PID:1072
- C:\Windows\System\oHHKNeo.exe
  C:\Windows\System\oHHKNeo.exe
  2⤵
  PID:1224
- C:\Windows\System\BMIVZyO.exe
  C:\Windows\System\BMIVZyO.exe
  2⤵
  PID:344
- C:\Windows\System\wUUfvcS.exe
  C:\Windows\System\wUUfvcS.exe
  2⤵
  PID:2680
- C:\Windows\System\VQfjQpg.exe
  C:\Windows\System\VQfjQpg.exe
  2⤵
  PID:2272
- C:\Windows\System\uxrvIHh.exe
  C:\Windows\System\uxrvIHh.exe
  2⤵
  PID:3004
- C:\Windows\System\EmBxwyT.exe
  C:\Windows\System\EmBxwyT.exe
  2⤵
  PID:2516
- C:\Windows\System\vYBRZPp.exe
  C:\Windows\System\vYBRZPp.exe
  2⤵
  PID:2292
- C:\Windows\System\jbCxfZM.exe
  C:\Windows\System\jbCxfZM.exe
  2⤵
  PID:2148
- C:\Windows\System\zFYbAZp.exe
  C:\Windows\System\zFYbAZp.exe
  2⤵
  PID:540
- C:\Windows\System\ktoUpYM.exe
  C:\Windows\System\ktoUpYM.exe
  2⤵
  PID:1272
- C:\Windows\System\UifJpLd.exe
  C:\Windows\System\UifJpLd.exe
  2⤵
  PID:1776
- C:\Windows\System\dFWFDtL.exe
  C:\Windows\System\dFWFDtL.exe
  2⤵
  PID:3012
- C:\Windows\System\myCzZdo.exe
  C:\Windows\System\myCzZdo.exe
  2⤵
  PID:1592
- C:\Windows\System\DBYnhco.exe
  C:\Windows\System\DBYnhco.exe
  2⤵
  PID:2196
- C:\Windows\System\deDZtUL.exe
  C:\Windows\System\deDZtUL.exe
  2⤵
  PID:2984
- C:\Windows\System\yAPNcbX.exe
  C:\Windows\System\yAPNcbX.exe
  2⤵
  PID:2756
- C:\Windows\System\wUrRJcE.exe
  C:\Windows\System\wUrRJcE.exe
  2⤵
  PID:2636
- C:\Windows\System\cCVBGRq.exe
  C:\Windows\System\cCVBGRq.exe
  2⤵
  PID:3048
- C:\Windows\System\MYmHwVL.exe
  C:\Windows\System\MYmHwVL.exe
  2⤵
  PID:1028
- C:\Windows\System\vMgtLTd.exe
  C:\Windows\System\vMgtLTd.exe
  2⤵
  PID:972
- C:\Windows\System\vfLBFHn.exe
  C:\Windows\System\vfLBFHn.exe
  2⤵
  PID:2940
- C:\Windows\System\aMESsNQ.exe
  C:\Windows\System\aMESsNQ.exe
  2⤵
  PID:2908
- C:\Windows\System\cgrNfdT.exe
  C:\Windows\System\cgrNfdT.exe
  2⤵
  PID:1604
- C:\Windows\System\ZBpIpPn.exe
  C:\Windows\System\ZBpIpPn.exe
  2⤵
  PID:1836
- C:\Windows\System\vdjZPCX.exe
  C:\Windows\System\vdjZPCX.exe
  2⤵
  PID:1820
- C:\Windows\System\dzrTFEy.exe
  C:\Windows\System\dzrTFEy.exe
  2⤵
  PID:636
- C:\Windows\System\fwZzeEl.exe
  C:\Windows\System\fwZzeEl.exe
  2⤵
  PID:2344
- C:\Windows\System\FzwpkKT.exe
  C:\Windows\System\FzwpkKT.exe
  2⤵
  PID:2176
- C:\Windows\System\yuORruv.exe
  C:\Windows\System\yuORruv.exe
  2⤵
  PID:1636
- C:\Windows\System\rRQNwVB.exe
  C:\Windows\System\rRQNwVB.exe
  2⤵
  PID:2116
- C:\Windows\System\cggBSyk.exe
  C:\Windows\System\cggBSyk.exe
  2⤵
  PID:1332
- C:\Windows\System\RBKGkWc.exe
  C:\Windows\System\RBKGkWc.exe
  2⤵
  PID:2228
- C:\Windows\System\BEmnqvW.exe
  C:\Windows\System\BEmnqvW.exe
  2⤵
  PID:2068
- C:\Windows\System\zYYQmxu.exe
  C:\Windows\System\zYYQmxu.exe
  2⤵
  PID:2696
- C:\Windows\System\PIMPtnd.exe
  C:\Windows\System\PIMPtnd.exe
  2⤵
  PID:3076
- C:\Windows\System\qsvVhpC.exe
  C:\Windows\System\qsvVhpC.exe
  2⤵
  PID:3096
- C:\Windows\System\vzbZkXX.exe
  C:\Windows\System\vzbZkXX.exe
  2⤵
  PID:3116
- C:\Windows\System\velHljB.exe
  C:\Windows\System\velHljB.exe
  2⤵
  PID:3136
- C:\Windows\System\LsshtGX.exe
  C:\Windows\System\LsshtGX.exe
  2⤵
  PID:3156
- C:\Windows\System\hJPIWhJ.exe
  C:\Windows\System\hJPIWhJ.exe
  2⤵
  PID:3176
- C:\Windows\System\sLHLJdh.exe
  C:\Windows\System\sLHLJdh.exe
  2⤵
  PID:3196
- C:\Windows\System\KDbDnjq.exe
  C:\Windows\System\KDbDnjq.exe
  2⤵
  PID:3216
- C:\Windows\System\RQKBqvZ.exe
  C:\Windows\System\RQKBqvZ.exe
  2⤵
  PID:3236
- C:\Windows\System\GTFmHAV.exe
  C:\Windows\System\GTFmHAV.exe
  2⤵
  PID:3256
- C:\Windows\System\igFIGba.exe
  C:\Windows\System\igFIGba.exe
  2⤵
  PID:3276
- C:\Windows\System\sYtWZpJ.exe
  C:\Windows\System\sYtWZpJ.exe
  2⤵
  PID:3296
- C:\Windows\System\YMrmImS.exe
  C:\Windows\System\YMrmImS.exe
  2⤵
  PID:3316
- C:\Windows\System\FvONpYt.exe
  C:\Windows\System\FvONpYt.exe
  2⤵
  PID:3336
- C:\Windows\System\ssmBkKE.exe
  C:\Windows\System\ssmBkKE.exe
  2⤵
  PID:3356
- C:\Windows\System\PxjlnJj.exe
  C:\Windows\System\PxjlnJj.exe
  2⤵
  PID:3376
- C:\Windows\System\YppjqDa.exe
  C:\Windows\System\YppjqDa.exe
  2⤵
  PID:3396
- C:\Windows\System\kBREMGB.exe
  C:\Windows\System\kBREMGB.exe
  2⤵
  PID:3416
- C:\Windows\System\OERAuNk.exe
  C:\Windows\System\OERAuNk.exe
  2⤵
  PID:3436
- C:\Windows\System\KmDzHjb.exe
  C:\Windows\System\KmDzHjb.exe
  2⤵
  PID:3456
- C:\Windows\System\bmSTNwx.exe
  C:\Windows\System\bmSTNwx.exe
  2⤵
  PID:3476
- C:\Windows\System\WxMIegM.exe
  C:\Windows\System\WxMIegM.exe
  2⤵
  PID:3496
- C:\Windows\System\xQbuXJk.exe
  C:\Windows\System\xQbuXJk.exe
  2⤵
  PID:3516
- C:\Windows\System\oGiVPSq.exe
  C:\Windows\System\oGiVPSq.exe
  2⤵
  PID:3536
- C:\Windows\System\gFbdnNJ.exe
  C:\Windows\System\gFbdnNJ.exe
  2⤵
  PID:3556
- C:\Windows\System\dILtjCO.exe
  C:\Windows\System\dILtjCO.exe
  2⤵
  PID:3576
- C:\Windows\System\ILxVajj.exe
  C:\Windows\System\ILxVajj.exe
  2⤵
  PID:3596
- C:\Windows\System\cRyWHHZ.exe
  C:\Windows\System\cRyWHHZ.exe
  2⤵
  PID:3616
- C:\Windows\System\izUgInY.exe
  C:\Windows\System\izUgInY.exe
  2⤵
  PID:3636
- C:\Windows\System\UIQHApr.exe
  C:\Windows\System\UIQHApr.exe
  2⤵
  PID:3660
- C:\Windows\System\JEykoHY.exe
  C:\Windows\System\JEykoHY.exe
  2⤵
  PID:3680
- C:\Windows\System\PDTLYic.exe
  C:\Windows\System\PDTLYic.exe
  2⤵
  PID:3700
- C:\Windows\System\PavKixN.exe
  C:\Windows\System\PavKixN.exe
  2⤵
  PID:3720
- C:\Windows\System\CywWker.exe
  C:\Windows\System\CywWker.exe
  2⤵
  PID:3740
- C:\Windows\System\GVwDJMb.exe
  C:\Windows\System\GVwDJMb.exe
  2⤵
  PID:3760
- C:\Windows\System\aqTsfCS.exe
  C:\Windows\System\aqTsfCS.exe
  2⤵
  PID:3776
- C:\Windows\System\nHiVAYJ.exe
  C:\Windows\System\nHiVAYJ.exe
  2⤵
  PID:3800
- C:\Windows\System\swkWULp.exe
  C:\Windows\System\swkWULp.exe
  2⤵
  PID:3816
- C:\Windows\System\KJFjhAd.exe
  C:\Windows\System\KJFjhAd.exe
  2⤵
  PID:3840
- C:\Windows\System\GAYeDiM.exe
  C:\Windows\System\GAYeDiM.exe
  2⤵
  PID:3856
- C:\Windows\System\yuiPGtN.exe
  C:\Windows\System\yuiPGtN.exe
  2⤵
  PID:3880
- C:\Windows\System\oxUZcLE.exe
  C:\Windows\System\oxUZcLE.exe
  2⤵
  PID:3896
- C:\Windows\System\fxmfSja.exe
  C:\Windows\System\fxmfSja.exe
  2⤵
  PID:3920
- C:\Windows\System\ajeuRgN.exe
  C:\Windows\System\ajeuRgN.exe
  2⤵
  PID:3936
- C:\Windows\System\JKTSzpr.exe
  C:\Windows\System\JKTSzpr.exe
  2⤵
  PID:3960
- C:\Windows\System\QEmCZfL.exe
  C:\Windows\System\QEmCZfL.exe
  2⤵
  PID:3976
- C:\Windows\System\pEgjbtJ.exe
  C:\Windows\System\pEgjbtJ.exe
  2⤵
  PID:4000
- C:\Windows\System\VJEnGKI.exe
  C:\Windows\System\VJEnGKI.exe
  2⤵
  PID:4016
- C:\Windows\System\aHaouOq.exe
  C:\Windows\System\aHaouOq.exe
  2⤵
  PID:4040
- C:\Windows\System\CWNojpq.exe
  C:\Windows\System\CWNojpq.exe
  2⤵
  PID:4056
- C:\Windows\System\anabvdW.exe
  C:\Windows\System\anabvdW.exe
  2⤵
  PID:4080
- C:\Windows\System\aarncLa.exe
  C:\Windows\System\aarncLa.exe
  2⤵
  PID:852
- C:\Windows\System\vsMQfAa.exe
  C:\Windows\System\vsMQfAa.exe
  2⤵
  PID:776
- C:\Windows\System\vWpGNeU.exe
  C:\Windows\System\vWpGNeU.exe
  2⤵
  PID:616
- C:\Windows\System\MRPSgCp.exe
  C:\Windows\System\MRPSgCp.exe
  2⤵
  PID:1216
- C:\Windows\System\jiJmhHP.exe
  C:\Windows\System\jiJmhHP.exe
  2⤵
  PID:496
- C:\Windows\System\jsxHhSk.exe
  C:\Windows\System\jsxHhSk.exe
  2⤵
  PID:1768
- C:\Windows\System\JfwRUwd.exe
  C:\Windows\System\JfwRUwd.exe
  2⤵
  PID:2088
- C:\Windows\System\gyMQMDm.exe
  C:\Windows\System\gyMQMDm.exe
  2⤵
  PID:2312
- C:\Windows\System\llwopkl.exe
  C:\Windows\System\llwopkl.exe
  2⤵
  PID:1780
- C:\Windows\System\otGzAsa.exe
  C:\Windows\System\otGzAsa.exe
  2⤵
  PID:2000
- C:\Windows\System\phtIRPI.exe
  C:\Windows\System\phtIRPI.exe
  2⤵
  PID:3104
- C:\Windows\System\YJckVqG.exe
  C:\Windows\System\YJckVqG.exe
  2⤵
  PID:3092
- C:\Windows\System\NwWCavt.exe
  C:\Windows\System\NwWCavt.exe
  2⤵
  PID:3148
- C:\Windows\System\smlsTYG.exe
  C:\Windows\System\smlsTYG.exe
  2⤵
  PID:3188
- C:\Windows\System\ANxEXyn.exe
  C:\Windows\System\ANxEXyn.exe
  2⤵
  PID:3232
- C:\Windows\System\YuOSzAo.exe
  C:\Windows\System\YuOSzAo.exe
  2⤵
  PID:3212
- C:\Windows\System\DnKtMJl.exe
  C:\Windows\System\DnKtMJl.exe
  2⤵
  PID:3304
- C:\Windows\System\mPkcotD.exe
  C:\Windows\System\mPkcotD.exe
  2⤵
  PID:3288
- C:\Windows\System\ktzrdbh.exe
  C:\Windows\System\ktzrdbh.exe
  2⤵
  PID:3328
- C:\Windows\System\FxVcQDO.exe
  C:\Windows\System\FxVcQDO.exe
  2⤵
  PID:3424
- C:\Windows\System\mRpakCm.exe
  C:\Windows\System\mRpakCm.exe
  2⤵
  PID:3428
- C:\Windows\System\OCMbJri.exe
  C:\Windows\System\OCMbJri.exe
  2⤵
  PID:3472
- C:\Windows\System\UUeowDu.exe
  C:\Windows\System\UUeowDu.exe
  2⤵
  PID:3444
- C:\Windows\System\zkxHEgV.exe
  C:\Windows\System\zkxHEgV.exe
  2⤵
  PID:3484
- C:\Windows\System\PIwhKIX.exe
  C:\Windows\System\PIwhKIX.exe
  2⤵
  PID:3584
- C:\Windows\System\gybsXmQ.exe
  C:\Windows\System\gybsXmQ.exe
  2⤵
  PID:3568
- C:\Windows\System\HdZOOyN.exe
  C:\Windows\System\HdZOOyN.exe
  2⤵
  PID:3628
- C:\Windows\System\AAaSFUR.exe
  C:\Windows\System\AAaSFUR.exe
  2⤵
  PID:3672
- C:\Windows\System\zBzLwYJ.exe
  C:\Windows\System\zBzLwYJ.exe
  2⤵
  PID:3712
- C:\Windows\System\gPAeKyh.exe
  C:\Windows\System\gPAeKyh.exe
  2⤵
  PID:3688
- C:\Windows\System\bqzNtYk.exe
  C:\Windows\System\bqzNtYk.exe
  2⤵
  PID:3736
- C:\Windows\System\zUOkgLd.exe
  C:\Windows\System\zUOkgLd.exe
  2⤵
  PID:3788
- C:\Windows\System\lMRjXyJ.exe
  C:\Windows\System\lMRjXyJ.exe
  2⤵
  PID:3772
- C:\Windows\System\ESOFdUh.exe
  C:\Windows\System\ESOFdUh.exe
  2⤵
  PID:3876
- C:\Windows\System\ZmaJMsQ.exe
  C:\Windows\System\ZmaJMsQ.exe
  2⤵
  PID:3888
- C:\Windows\System\aTcwaQc.exe
  C:\Windows\System\aTcwaQc.exe
  2⤵
  PID:3928
- C:\Windows\System\UYPqzCe.exe
  C:\Windows\System\UYPqzCe.exe
  2⤵
  PID:3984
- C:\Windows\System\MaTEbBa.exe
  C:\Windows\System\MaTEbBa.exe
  2⤵
  PID:4024
- C:\Windows\System\fAPQuVc.exe
  C:\Windows\System\fAPQuVc.exe
  2⤵
  PID:4064
- C:\Windows\System\ptkTzyw.exe
  C:\Windows\System\ptkTzyw.exe
  2⤵
  PID:4076
- C:\Windows\System\jTTdGcf.exe
  C:\Windows\System\jTTdGcf.exe
  2⤵
  PID:2932
- C:\Windows\System\rWUXHBg.exe
  C:\Windows\System\rWUXHBg.exe
  2⤵
  PID:4092
- C:\Windows\System\oJjBLrn.exe
  C:\Windows\System\oJjBLrn.exe
  2⤵
  PID:1440
- C:\Windows\System\LFXrzzU.exe
  C:\Windows\System\LFXrzzU.exe
  2⤵
  PID:1960
- C:\Windows\System\YwuEkkg.exe
  C:\Windows\System\YwuEkkg.exe
  2⤵
  PID:2424
- C:\Windows\System\FvhxuCe.exe
  C:\Windows\System\FvhxuCe.exe
  2⤵
  PID:2740
- C:\Windows\System\IVrqvHa.exe
  C:\Windows\System\IVrqvHa.exe
  2⤵
  PID:2720
- C:\Windows\System\FvpPmpv.exe
  C:\Windows\System\FvpPmpv.exe
  2⤵
  PID:3192
- C:\Windows\System\pXUoRxd.exe
  C:\Windows\System\pXUoRxd.exe
  2⤵
  PID:3152
- C:\Windows\System\EaULacW.exe
  C:\Windows\System\EaULacW.exe
  2⤵
  PID:3224
- C:\Windows\System\xnZGSmw.exe
  C:\Windows\System\xnZGSmw.exe
  2⤵
  PID:3268
- C:\Windows\System\rhoZZiJ.exe
  C:\Windows\System\rhoZZiJ.exe
  2⤵
  PID:3348
- C:\Windows\System\AFIzzhT.exe
  C:\Windows\System\AFIzzhT.exe
  2⤵
  PID:3408
- C:\Windows\System\LNlZRrb.exe
  C:\Windows\System\LNlZRrb.exe
  2⤵
  PID:3544
- C:\Windows\System\BioaAYO.exe
  C:\Windows\System\BioaAYO.exe
  2⤵
  PID:3524
- C:\Windows\System\vrumpGy.exe
  C:\Windows\System\vrumpGy.exe
  2⤵
  PID:3528
- C:\Windows\System\WqSefyl.exe
  C:\Windows\System\WqSefyl.exe
  2⤵
  PID:3624
- C:\Windows\System\NUYwohD.exe
  C:\Windows\System\NUYwohD.exe
  2⤵
  PID:3708
- C:\Windows\System\JTVbyXo.exe
  C:\Windows\System\JTVbyXo.exe
  2⤵
  PID:3768
- C:\Windows\System\bkUjnsb.exe
  C:\Windows\System\bkUjnsb.exe
  2⤵
  PID:3812
- C:\Windows\System\xCItovL.exe
  C:\Windows\System\xCItovL.exe
  2⤵
  PID:3864
- C:\Windows\System\kgLgYJv.exe
  C:\Windows\System\kgLgYJv.exe
  2⤵
  PID:3848
- C:\Windows\System\pdDCyOD.exe
  C:\Windows\System\pdDCyOD.exe
  2⤵
  PID:3996
- C:\Windows\System\JjFMLYG.exe
  C:\Windows\System\JjFMLYG.exe
  2⤵
  PID:4036
- C:\Windows\System\nEgeHjZ.exe
  C:\Windows\System\nEgeHjZ.exe
  2⤵
  PID:2916
- C:\Windows\System\KAjoeyF.exe
  C:\Windows\System\KAjoeyF.exe
  2⤵
  PID:2156
- C:\Windows\System\zKMBZyA.exe
  C:\Windows\System\zKMBZyA.exe
  2⤵
  PID:1436
- C:\Windows\System\imCZYMe.exe
  C:\Windows\System\imCZYMe.exe
  2⤵
  PID:1596
- C:\Windows\System\dgbdHPa.exe
  C:\Windows\System\dgbdHPa.exe
  2⤵
  PID:2648
- C:\Windows\System\DLxtdAi.exe
  C:\Windows\System\DLxtdAi.exe
  2⤵
  PID:3264
- C:\Windows\System\hDTaTtf.exe
  C:\Windows\System\hDTaTtf.exe
  2⤵
  PID:3308
- C:\Windows\System\dyzyyos.exe
  C:\Windows\System\dyzyyos.exe
  2⤵
  PID:3388
- C:\Windows\System\YlmfhZi.exe
  C:\Windows\System\YlmfhZi.exe
  2⤵
  PID:3448
- C:\Windows\System\KifzQxw.exe
  C:\Windows\System\KifzQxw.exe
  2⤵
  PID:3492
- C:\Windows\System\lsdOsPt.exe
  C:\Windows\System\lsdOsPt.exe
  2⤵
  PID:3512
- C:\Windows\System\UDgKGbz.exe
  C:\Windows\System\UDgKGbz.exe
  2⤵
  PID:3648
- C:\Windows\System\ZXxbirS.exe
  C:\Windows\System\ZXxbirS.exe
  2⤵
  PID:3692
- C:\Windows\System\vGlUqea.exe
  C:\Windows\System\vGlUqea.exe
  2⤵
  PID:3836
- C:\Windows\System\TWNtwFI.exe
  C:\Windows\System\TWNtwFI.exe
  2⤵
  PID:3988
- C:\Windows\System\oQNkXqf.exe
  C:\Windows\System\oQNkXqf.exe
  2⤵
  PID:2140
- C:\Windows\System\ggVguJA.exe
  C:\Windows\System\ggVguJA.exe
  2⤵
  PID:4072
- C:\Windows\System\NfiJSyw.exe
  C:\Windows\System\NfiJSyw.exe
  2⤵
  PID:468
- C:\Windows\System\bTDVOiU.exe
  C:\Windows\System\bTDVOiU.exe
  2⤵
  PID:2904
- C:\Windows\System\KwNKGUQ.exe
  C:\Windows\System\KwNKGUQ.exe
  2⤵
  PID:3292
- C:\Windows\System\hNrxKJz.exe
  C:\Windows\System\hNrxKJz.exe
  2⤵
  PID:3372
- C:\Windows\System\HiXFwsR.exe
  C:\Windows\System\HiXFwsR.exe
  2⤵
  PID:3548
- C:\Windows\System\jJKIcSb.exe
  C:\Windows\System\jJKIcSb.exe
  2⤵
  PID:4116
- C:\Windows\System\HLRCnRC.exe
  C:\Windows\System\HLRCnRC.exe
  2⤵
  PID:4136
- C:\Windows\System\nxdeWuu.exe
  C:\Windows\System\nxdeWuu.exe
  2⤵
  PID:4152
- C:\Windows\System\RONjBqq.exe
  C:\Windows\System\RONjBqq.exe
  2⤵
  PID:4176
- C:\Windows\System\PNEmoxo.exe
  C:\Windows\System\PNEmoxo.exe
  2⤵
  PID:4196
- C:\Windows\System\MZRhCRb.exe
  C:\Windows\System\MZRhCRb.exe
  2⤵
  PID:4216
- C:\Windows\System\DAzBCPu.exe
  C:\Windows\System\DAzBCPu.exe
  2⤵
  PID:4236
- C:\Windows\System\PwDQEEZ.exe
  C:\Windows\System\PwDQEEZ.exe
  2⤵
  PID:4256
- C:\Windows\System\zLOrNYf.exe
  C:\Windows\System\zLOrNYf.exe
  2⤵
  PID:4276
- C:\Windows\System\rDvQyyl.exe
  C:\Windows\System\rDvQyyl.exe
  2⤵
  PID:4300
- C:\Windows\System\RWNBOwE.exe
  C:\Windows\System\RWNBOwE.exe
  2⤵
  PID:4320
- C:\Windows\System\WXEQLHU.exe
  C:\Windows\System\WXEQLHU.exe
  2⤵
  PID:4340
- C:\Windows\System\kxoFwYX.exe
  C:\Windows\System\kxoFwYX.exe
  2⤵
  PID:4360
- C:\Windows\System\RmAkYmE.exe
  C:\Windows\System\RmAkYmE.exe
  2⤵
  PID:4380
- C:\Windows\System\SljzLDY.exe
  C:\Windows\System\SljzLDY.exe
  2⤵
  PID:4400
- C:\Windows\System\AOzPIuh.exe
  C:\Windows\System\AOzPIuh.exe
  2⤵
  PID:4420
- C:\Windows\System\WgpoNzn.exe
  C:\Windows\System\WgpoNzn.exe
  2⤵
  PID:4440
- C:\Windows\System\aJrNNZW.exe
  C:\Windows\System\aJrNNZW.exe
  2⤵
  PID:4460
- C:\Windows\System\eaiuwBe.exe
  C:\Windows\System\eaiuwBe.exe
  2⤵
  PID:4480
- C:\Windows\System\JpmcJFR.exe
  C:\Windows\System\JpmcJFR.exe
  2⤵
  PID:4500
- C:\Windows\System\DZwSifd.exe
  C:\Windows\System\DZwSifd.exe
  2⤵
  PID:4520
- C:\Windows\System\ubyQYyp.exe
  C:\Windows\System\ubyQYyp.exe
  2⤵
  PID:4540
- C:\Windows\System\NEZZdtW.exe
  C:\Windows\System\NEZZdtW.exe
  2⤵
  PID:4560
- C:\Windows\System\mOMTAkQ.exe
  C:\Windows\System\mOMTAkQ.exe
  2⤵
  PID:4580
- C:\Windows\System\EQsLFNN.exe
  C:\Windows\System\EQsLFNN.exe
  2⤵
  PID:4600
- C:\Windows\System\mFySlHF.exe
  C:\Windows\System\mFySlHF.exe
  2⤵
  PID:4620
- C:\Windows\System\xRmyPGd.exe
  C:\Windows\System\xRmyPGd.exe
  2⤵
  PID:4640
- C:\Windows\System\yaJvXnW.exe
  C:\Windows\System\yaJvXnW.exe
  2⤵
  PID:4660
- C:\Windows\System\hxPSFhV.exe
  C:\Windows\System\hxPSFhV.exe
  2⤵
  PID:4676
- C:\Windows\System\hyRklOx.exe
  C:\Windows\System\hyRklOx.exe
  2⤵
  PID:4700
- C:\Windows\System\IlIkLZL.exe
  C:\Windows\System\IlIkLZL.exe
  2⤵
  PID:4720
- C:\Windows\System\LfofpCz.exe
  C:\Windows\System\LfofpCz.exe
  2⤵
  PID:4740
- C:\Windows\System\akuonMD.exe
  C:\Windows\System\akuonMD.exe
  2⤵
  PID:4760
- C:\Windows\System\ePydEhk.exe
  C:\Windows\System\ePydEhk.exe
  2⤵
  PID:4780
- C:\Windows\System\XxpsprK.exe
  C:\Windows\System\XxpsprK.exe
  2⤵
  PID:4800
- C:\Windows\System\bFjEbsI.exe
  C:\Windows\System\bFjEbsI.exe
  2⤵
  PID:4820
- C:\Windows\System\pswnphQ.exe
  C:\Windows\System\pswnphQ.exe
  2⤵
  PID:4840
- C:\Windows\System\zJBkwTw.exe
  C:\Windows\System\zJBkwTw.exe
  2⤵
  PID:4860
- C:\Windows\System\sGIvydd.exe
  C:\Windows\System\sGIvydd.exe
  2⤵
  PID:4880
- C:\Windows\System\ZoHxwEy.exe
  C:\Windows\System\ZoHxwEy.exe
  2⤵
  PID:4900
- C:\Windows\System\mhUhAZU.exe
  C:\Windows\System\mhUhAZU.exe
  2⤵
  PID:4920
- C:\Windows\System\mkQKIPl.exe
  C:\Windows\System\mkQKIPl.exe
  2⤵
  PID:4940
- C:\Windows\System\pTzXlyX.exe
  C:\Windows\System\pTzXlyX.exe
  2⤵
  PID:4960
- C:\Windows\System\mBNCoCZ.exe
  C:\Windows\System\mBNCoCZ.exe
  2⤵
  PID:4980
- C:\Windows\System\ncArzKK.exe
  C:\Windows\System\ncArzKK.exe
  2⤵
  PID:5000
- C:\Windows\System\dzrVYRQ.exe
  C:\Windows\System\dzrVYRQ.exe
  2⤵
  PID:5020
- C:\Windows\System\pslYeQQ.exe
  C:\Windows\System\pslYeQQ.exe
  2⤵
  PID:5040
- C:\Windows\System\GcVgGLy.exe
  C:\Windows\System\GcVgGLy.exe
  2⤵
  PID:5060
- C:\Windows\System\XwMxtEm.exe
  C:\Windows\System\XwMxtEm.exe
  2⤵
  PID:5080
- C:\Windows\System\lDycdRP.exe
  C:\Windows\System\lDycdRP.exe
  2⤵
  PID:5100
- C:\Windows\System\EKaxBQr.exe
  C:\Windows\System\EKaxBQr.exe
  2⤵
  PID:3588
- C:\Windows\System\pcuFoFW.exe
  C:\Windows\System\pcuFoFW.exe
  2⤵
  PID:3508
- C:\Windows\System\cduTgZs.exe
  C:\Windows\System\cduTgZs.exe
  2⤵
  PID:3792
- C:\Windows\System\ORaGHPr.exe
  C:\Windows\System\ORaGHPr.exe
  2⤵
  PID:3968
- C:\Windows\System\hUMDwfF.exe
  C:\Windows\System\hUMDwfF.exe
  2⤵
  PID:860
- C:\Windows\System\KUmFqkQ.exe
  C:\Windows\System\KUmFqkQ.exe
  2⤵
  PID:3204
- C:\Windows\System\nYQEjjJ.exe
  C:\Windows\System\nYQEjjJ.exe
  2⤵
  PID:2844
- C:\Windows\System\ohcFsls.exe
  C:\Windows\System\ohcFsls.exe
  2⤵
  PID:3368
- C:\Windows\System\XazFfYX.exe
  C:\Windows\System\XazFfYX.exe
  2⤵
  PID:4112
- C:\Windows\System\mnakaaE.exe
  C:\Windows\System\mnakaaE.exe
  2⤵
  PID:4172
- C:\Windows\System\wpmvMmo.exe
  C:\Windows\System\wpmvMmo.exe
  2⤵
  PID:4204
- C:\Windows\System\AYzCDYC.exe
  C:\Windows\System\AYzCDYC.exe
  2⤵
  PID:4224
- C:\Windows\System\vcZMShr.exe
  C:\Windows\System\vcZMShr.exe
  2⤵
  PID:4248
- C:\Windows\System\bhuOZFG.exe
  C:\Windows\System\bhuOZFG.exe
  2⤵
  PID:4296
- C:\Windows\System\SzTyLOt.exe
  C:\Windows\System\SzTyLOt.exe
  2⤵
  PID:4328
- C:\Windows\System\ygRFQfS.exe
  C:\Windows\System\ygRFQfS.exe
  2⤵
  PID:4376
- C:\Windows\System\ISFptGd.exe
  C:\Windows\System\ISFptGd.exe
  2⤵
  PID:4372
- C:\Windows\System\vySgLwA.exe
  C:\Windows\System\vySgLwA.exe
  2⤵
  PID:4392
- C:\Windows\System\fozaEpp.exe
  C:\Windows\System\fozaEpp.exe
  2⤵
  PID:4436
- C:\Windows\System\mqyFBdU.exe
  C:\Windows\System\mqyFBdU.exe
  2⤵
  PID:4472
- C:\Windows\System\OxjSRsl.exe
  C:\Windows\System\OxjSRsl.exe
  2⤵
  PID:4516
- C:\Windows\System\yfZqCwP.exe
  C:\Windows\System\yfZqCwP.exe
  2⤵
  PID:4568
- C:\Windows\System\kRYbhXa.exe
  C:\Windows\System\kRYbhXa.exe
  2⤵
  PID:4572
- C:\Windows\System\KgYSuaf.exe
  C:\Windows\System\KgYSuaf.exe
  2⤵
  PID:4616
- C:\Windows\System\VxfMDsm.exe
  C:\Windows\System\VxfMDsm.exe
  2⤵
  PID:4636
- C:\Windows\System\dIVJNpA.exe
  C:\Windows\System\dIVJNpA.exe
  2⤵
  PID:4672
- C:\Windows\System\RHmhslk.exe
  C:\Windows\System\RHmhslk.exe
  2⤵
  PID:4716
- C:\Windows\System\gJWFECE.exe
  C:\Windows\System\gJWFECE.exe
  2⤵
  PID:4768
- C:\Windows\System\odjIxgg.exe
  C:\Windows\System\odjIxgg.exe
  2⤵
  PID:4772
- C:\Windows\System\itLVFTi.exe
  C:\Windows\System\itLVFTi.exe
  2⤵
  PID:4792
- C:\Windows\System\WSlWvTB.exe
  C:\Windows\System\WSlWvTB.exe
  2⤵
  PID:4832
- C:\Windows\System\OgGbBdr.exe
  C:\Windows\System\OgGbBdr.exe
  2⤵
  PID:4876
- C:\Windows\System\DOnoFso.exe
  C:\Windows\System\DOnoFso.exe
  2⤵
  PID:4916
- C:\Windows\System\RROSewF.exe
  C:\Windows\System\RROSewF.exe
  2⤵
  PID:4936
- C:\Windows\System\iLMTXCx.exe
  C:\Windows\System\iLMTXCx.exe
  2⤵
  PID:4952
- C:\Windows\System\yBnXEHW.exe
  C:\Windows\System\yBnXEHW.exe
  2⤵
  PID:4992
- C:\Windows\System\oTAVvcu.exe
  C:\Windows\System\oTAVvcu.exe
  2⤵
  PID:5032
- C:\Windows\System\CEHJjqB.exe
  C:\Windows\System\CEHJjqB.exe
  2⤵
  PID:5096
- C:\Windows\System\kYkLKDk.exe
  C:\Windows\System\kYkLKDk.exe
  2⤵
  PID:5108
- C:\Windows\System\HsLNZaS.exe
  C:\Windows\System\HsLNZaS.exe
  2⤵
  PID:3612
- C:\Windows\System\abHWfSQ.exe
  C:\Windows\System\abHWfSQ.exe
  2⤵
  PID:2296
- C:\Windows\System\luAEccX.exe
  C:\Windows\System\luAEccX.exe
  2⤵
  PID:4012
- C:\Windows\System\oeBqqdE.exe
  C:\Windows\System\oeBqqdE.exe
  2⤵
  PID:2980
- C:\Windows\System\cYgMvVt.exe
  C:\Windows\System\cYgMvVt.exe
  2⤵
  PID:4128
- C:\Windows\System\MnQBpRG.exe
  C:\Windows\System\MnQBpRG.exe
  2⤵
  PID:4160
- C:\Windows\System\qkLAeZW.exe
  C:\Windows\System\qkLAeZW.exe
  2⤵
  PID:4148
- C:\Windows\System\EmTdGKo.exe
  C:\Windows\System\EmTdGKo.exe
  2⤵
  PID:4252
- C:\Windows\System\deaLVJY.exe
  C:\Windows\System\deaLVJY.exe
  2⤵
  PID:4312
- C:\Windows\System\oISoVnj.exe
  C:\Windows\System\oISoVnj.exe
  2⤵
  PID:4416
- C:\Windows\System\VwJeHBg.exe
  C:\Windows\System\VwJeHBg.exe
  2⤵
  PID:4388
- C:\Windows\System\ccUvBam.exe
  C:\Windows\System\ccUvBam.exe
  2⤵
  PID:4448
- C:\Windows\System\frhXDvW.exe
  C:\Windows\System\frhXDvW.exe
  2⤵
  PID:4508
- C:\Windows\System\XUIUGcx.exe
  C:\Windows\System\XUIUGcx.exe
  2⤵
  PID:2580
- C:\Windows\System\ZSsNNQg.exe
  C:\Windows\System\ZSsNNQg.exe
  2⤵
  PID:4652
- C:\Windows\System\zdbiRcB.exe
  C:\Windows\System\zdbiRcB.exe
  2⤵
  PID:4696
- C:\Windows\System\XdfuzXy.exe
  C:\Windows\System\XdfuzXy.exe
  2⤵
  PID:4732
- C:\Windows\System\duURDUF.exe
  C:\Windows\System\duURDUF.exe
  2⤵
  PID:4752
- C:\Windows\System\cTEuhVl.exe
  C:\Windows\System\cTEuhVl.exe
  2⤵
  PID:4836
- C:\Windows\System\RKIYSwR.exe
  C:\Windows\System\RKIYSwR.exe
  2⤵
  PID:4912
- C:\Windows\System\ddFPGdm.exe
  C:\Windows\System\ddFPGdm.exe
  2⤵
  PID:4976
- C:\Windows\System\QXsLytf.exe
  C:\Windows\System\QXsLytf.exe
  2⤵
  PID:5012
- C:\Windows\System\sRpGFCU.exe
  C:\Windows\System\sRpGFCU.exe
  2⤵
  PID:5028
- C:\Windows\System\NhTGWVQ.exe
  C:\Windows\System\NhTGWVQ.exe
  2⤵
  PID:5112
- C:\Windows\System\IsFxtbh.exe
  C:\Windows\System\IsFxtbh.exe
  2⤵
  PID:3908
- C:\Windows\System\ycAAHfT.exe
  C:\Windows\System\ycAAHfT.exe
  2⤵
  PID:3464
- C:\Windows\System\VuzAjHp.exe
  C:\Windows\System\VuzAjHp.exe
  2⤵
  PID:3168
- C:\Windows\System\WJyYBHZ.exe
  C:\Windows\System\WJyYBHZ.exe
  2⤵
  PID:4184
- C:\Windows\System\RPOnjuk.exe
  C:\Windows\System\RPOnjuk.exe
  2⤵
  PID:4272
- C:\Windows\System\pdDbHEW.exe
  C:\Windows\System\pdDbHEW.exe
  2⤵
  PID:2616
- C:\Windows\System\jdnUHvk.exe
  C:\Windows\System\jdnUHvk.exe
  2⤵
  PID:4468
- C:\Windows\System\YGcoOcG.exe
  C:\Windows\System\YGcoOcG.exe
  2⤵
  PID:4532
- C:\Windows\System\aoPOrAn.exe
  C:\Windows\System\aoPOrAn.exe
  2⤵
  PID:4592
- C:\Windows\System\mlHgzhT.exe
  C:\Windows\System\mlHgzhT.exe
  2⤵
  PID:4728
- C:\Windows\System\IQIgWNF.exe
  C:\Windows\System\IQIgWNF.exe
  2⤵
  PID:4852
- C:\Windows\System\RIuAbWG.exe
  C:\Windows\System\RIuAbWG.exe
  2⤵
  PID:4776
- C:\Windows\System\YcUDbGI.exe
  C:\Windows\System\YcUDbGI.exe
  2⤵
  PID:4896
- C:\Windows\System\gCYmClJ.exe
  C:\Windows\System\gCYmClJ.exe
  2⤵
  PID:4996
- C:\Windows\System\KTWfSGS.exe
  C:\Windows\System\KTWfSGS.exe
  2⤵
  PID:5136
- C:\Windows\System\LWOVxGq.exe
  C:\Windows\System\LWOVxGq.exe
  2⤵
  PID:5156
- C:\Windows\System\AchEJhf.exe
  C:\Windows\System\AchEJhf.exe
  2⤵
  PID:5176
- C:\Windows\System\zYHVnJj.exe
  C:\Windows\System\zYHVnJj.exe
  2⤵
  PID:5196
- C:\Windows\System\emErLpH.exe
  C:\Windows\System\emErLpH.exe
  2⤵
  PID:5216
- C:\Windows\System\RpmaEZw.exe
  C:\Windows\System\RpmaEZw.exe
  2⤵
  PID:5236
- C:\Windows\System\dMIvUXC.exe
  C:\Windows\System\dMIvUXC.exe
  2⤵
  PID:5256
- C:\Windows\System\AQfEhJd.exe
  C:\Windows\System\AQfEhJd.exe
  2⤵
  PID:5276
- C:\Windows\System\LxsEBMI.exe
  C:\Windows\System\LxsEBMI.exe
  2⤵
  PID:5296
- C:\Windows\System\bcERAEp.exe
  C:\Windows\System\bcERAEp.exe
  2⤵
  PID:5316
- C:\Windows\System\RDNFrOW.exe
  C:\Windows\System\RDNFrOW.exe
  2⤵
  PID:5336
- C:\Windows\System\PxnpovB.exe
  C:\Windows\System\PxnpovB.exe
  2⤵
  PID:5356
- C:\Windows\System\tmHguRU.exe
  C:\Windows\System\tmHguRU.exe
  2⤵
  PID:5376
- C:\Windows\System\NIUcVvD.exe
  C:\Windows\System\NIUcVvD.exe
  2⤵
  PID:5396
- C:\Windows\System\VCackxk.exe
  C:\Windows\System\VCackxk.exe
  2⤵
  PID:5416
- C:\Windows\System\lHvQjBD.exe
  C:\Windows\System\lHvQjBD.exe
  2⤵
  PID:5436
- C:\Windows\System\ILrLgFl.exe
  C:\Windows\System\ILrLgFl.exe
  2⤵
  PID:5456
- C:\Windows\System\gTnZTeb.exe
  C:\Windows\System\gTnZTeb.exe
  2⤵
  PID:5476
- C:\Windows\System\hGpMqVK.exe
  C:\Windows\System\hGpMqVK.exe
  2⤵
  PID:5500
- C:\Windows\System\xavApRP.exe
  C:\Windows\System\xavApRP.exe
  2⤵
  PID:5520
- C:\Windows\System\lWIHDNy.exe
  C:\Windows\System\lWIHDNy.exe
  2⤵
  PID:5540
- C:\Windows\System\fAEQork.exe
  C:\Windows\System\fAEQork.exe
  2⤵
  PID:5560
- C:\Windows\System\PMDjIjC.exe
  C:\Windows\System\PMDjIjC.exe
  2⤵
  PID:5580
- C:\Windows\System\Ltjlvvl.exe
  C:\Windows\System\Ltjlvvl.exe
  2⤵
  PID:5600
- C:\Windows\System\CBeXKGI.exe
  C:\Windows\System\CBeXKGI.exe
  2⤵
  PID:5620
- C:\Windows\System\CJdwDzX.exe
  C:\Windows\System\CJdwDzX.exe
  2⤵
  PID:5640
- C:\Windows\System\LDxjmFY.exe
  C:\Windows\System\LDxjmFY.exe
  2⤵
  PID:5660
- C:\Windows\System\UeKLLNI.exe
  C:\Windows\System\UeKLLNI.exe
  2⤵
  PID:5680
- C:\Windows\System\SPBPrII.exe
  C:\Windows\System\SPBPrII.exe
  2⤵
  PID:5700
- C:\Windows\System\utvBvee.exe
  C:\Windows\System\utvBvee.exe
  2⤵
  PID:5716
- C:\Windows\System\IbCjFaZ.exe
  C:\Windows\System\IbCjFaZ.exe
  2⤵
  PID:5740
- C:\Windows\System\rwdtsyX.exe
  C:\Windows\System\rwdtsyX.exe
  2⤵
  PID:5760
- C:\Windows\System\BbGEkxa.exe
  C:\Windows\System\BbGEkxa.exe
  2⤵
  PID:5780
- C:\Windows\System\kRJLwCe.exe
  C:\Windows\System\kRJLwCe.exe
  2⤵
  PID:5796
- C:\Windows\System\XkayDWa.exe
  C:\Windows\System\XkayDWa.exe
  2⤵
  PID:5820
- C:\Windows\System\ccoldhf.exe
  C:\Windows\System\ccoldhf.exe
  2⤵
  PID:5836
- C:\Windows\System\FyJGhxp.exe
  C:\Windows\System\FyJGhxp.exe
  2⤵
  PID:5860
- C:\Windows\System\aTnHGNC.exe
  C:\Windows\System\aTnHGNC.exe
  2⤵
  PID:5880
- C:\Windows\System\opbEtPk.exe
  C:\Windows\System\opbEtPk.exe
  2⤵
  PID:5900
- C:\Windows\System\sJslLXr.exe
  C:\Windows\System\sJslLXr.exe
  2⤵
  PID:5920
- C:\Windows\System\QTFwfUD.exe
  C:\Windows\System\QTFwfUD.exe
  2⤵
  PID:5940
- C:\Windows\System\qGEIlUu.exe
  C:\Windows\System\qGEIlUu.exe
  2⤵
  PID:5956
- C:\Windows\System\jUyPSId.exe
  C:\Windows\System\jUyPSId.exe
  2⤵
  PID:5980
- C:\Windows\System\RmzsHoI.exe
  C:\Windows\System\RmzsHoI.exe
  2⤵
  PID:6000
- C:\Windows\System\TxSbSat.exe
  C:\Windows\System\TxSbSat.exe
  2⤵
  PID:6020
- C:\Windows\System\vNctman.exe
  C:\Windows\System\vNctman.exe
  2⤵
  PID:6036
- C:\Windows\System\DHSvLTt.exe
  C:\Windows\System\DHSvLTt.exe
  2⤵
  PID:6060
- C:\Windows\System\jFaNfXs.exe
  C:\Windows\System\jFaNfXs.exe
  2⤵
  PID:6080
- C:\Windows\System\GLhQsSw.exe
  C:\Windows\System\GLhQsSw.exe
  2⤵
  PID:6100
- C:\Windows\System\tUQEHCX.exe
  C:\Windows\System\tUQEHCX.exe
  2⤵
  PID:6120
- C:\Windows\System\TfULmWp.exe
  C:\Windows\System\TfULmWp.exe
  2⤵
  PID:6140
- C:\Windows\System\AXwYtLE.exe
  C:\Windows\System\AXwYtLE.exe
  2⤵
  PID:5072
- C:\Windows\System\ipLxVXD.exe
  C:\Windows\System\ipLxVXD.exe
  2⤵
  PID:2832
- C:\Windows\System\TbecAux.exe
  C:\Windows\System\TbecAux.exe
  2⤵
  PID:4268
- C:\Windows\System\krBvWfF.exe
  C:\Windows\System\krBvWfF.exe
  2⤵
  PID:2012
- C:\Windows\System\fzOvvJu.exe
  C:\Windows\System\fzOvvJu.exe
  2⤵
  PID:4348
- C:\Windows\System\kdIgBiC.exe
  C:\Windows\System\kdIgBiC.exe
  2⤵
  PID:4556
- C:\Windows\System\uxzukvY.exe
  C:\Windows\System\uxzukvY.exe
  2⤵
  PID:2096
- C:\Windows\System\gdXWjHx.exe
  C:\Windows\System\gdXWjHx.exe
  2⤵
  PID:4888
- C:\Windows\System\HccseJL.exe
  C:\Windows\System\HccseJL.exe
  2⤵
  PID:4988
- C:\Windows\System\vxsiNGi.exe
  C:\Windows\System\vxsiNGi.exe
  2⤵
  PID:5144
- C:\Windows\System\ULvhjTb.exe
  C:\Windows\System\ULvhjTb.exe
  2⤵
  PID:5204
- C:\Windows\System\EEmCaei.exe
  C:\Windows\System\EEmCaei.exe
  2⤵
  PID:5188
- C:\Windows\System\UGaIHzR.exe
  C:\Windows\System\UGaIHzR.exe
  2⤵
  PID:5228
- C:\Windows\System\cjtQNFL.exe
  C:\Windows\System\cjtQNFL.exe
  2⤵
  PID:5264
- C:\Windows\System\ZhMCyMg.exe
  C:\Windows\System\ZhMCyMg.exe
  2⤵
  PID:5312
- C:\Windows\System\NDBaUQX.exe
  C:\Windows\System\NDBaUQX.exe
  2⤵
  PID:5328
- C:\Windows\System\nKWcsDy.exe
  C:\Windows\System\nKWcsDy.exe
  2⤵
  PID:5348
- C:\Windows\System\zgdbzoF.exe
  C:\Windows\System\zgdbzoF.exe
  2⤵
  PID:5392
- C:\Windows\System\btqJGSN.exe
  C:\Windows\System\btqJGSN.exe
  2⤵
  PID:2016
- C:\Windows\System\VCdLSAE.exe
  C:\Windows\System\VCdLSAE.exe
  2⤵
  PID:5428
- C:\Windows\System\pvbMrOI.exe
  C:\Windows\System\pvbMrOI.exe
  2⤵
  PID:5472
- C:\Windows\System\kuPdWAS.exe
  C:\Windows\System\kuPdWAS.exe
  2⤵
  PID:5492
- C:\Windows\System\CjKkWgF.exe
  C:\Windows\System\CjKkWgF.exe
  2⤵
  PID:5536
- C:\Windows\System\emjPMfU.exe
  C:\Windows\System\emjPMfU.exe
  2⤵
  PID:5556
- C:\Windows\System\GdNXQpn.exe
  C:\Windows\System\GdNXQpn.exe
  2⤵
  PID:5616
- C:\Windows\System\OBkQeMD.exe
  C:\Windows\System\OBkQeMD.exe
  2⤵
  PID:5656
- C:\Windows\System\ZHOzkZI.exe
  C:\Windows\System\ZHOzkZI.exe
  2⤵
  PID:5668
- C:\Windows\System\XiYlLqM.exe
  C:\Windows\System\XiYlLqM.exe
  2⤵
  PID:5676
- C:\Windows\System\lsccrET.exe
  C:\Windows\System\lsccrET.exe
  2⤵
  PID:5708
- C:\Windows\System\lzXoMfy.exe
  C:\Windows\System\lzXoMfy.exe
  2⤵
  PID:5756
- C:\Windows\System\SiXLrAG.exe
  C:\Windows\System\SiXLrAG.exe
  2⤵
  PID:5752
- C:\Windows\System\XvgZPGr.exe
  C:\Windows\System\XvgZPGr.exe
  2⤵
  PID:5848
- C:\Windows\System\wWgpQhy.exe
  C:\Windows\System\wWgpQhy.exe
  2⤵
  PID:5868
- C:\Windows\System\vHAQyVS.exe
  C:\Windows\System\vHAQyVS.exe
  2⤵
  PID:5872
- C:\Windows\System\AokQvcJ.exe
  C:\Windows\System\AokQvcJ.exe
  2⤵
  PID:5932
- C:\Windows\System\JwohKeX.exe
  C:\Windows\System\JwohKeX.exe
  2⤵
  PID:5976
- C:\Windows\System\ZFeNQWN.exe
  C:\Windows\System\ZFeNQWN.exe
  2⤵
  PID:6008
- C:\Windows\System\QUhUnJB.exe
  C:\Windows\System\QUhUnJB.exe
  2⤵
  PID:5992
- C:\Windows\System\tqdrPKj.exe
  C:\Windows\System\tqdrPKj.exe
  2⤵
  PID:320
- C:\Windows\System\PMmNAhV.exe
  C:\Windows\System\PMmNAhV.exe
  2⤵
  PID:6076
- C:\Windows\System\vWbCdOr.exe
  C:\Windows\System\vWbCdOr.exe
  2⤵
  PID:6128
- C:\Windows\System\nRdQiDU.exe
  C:\Windows\System\nRdQiDU.exe
  2⤵
  PID:1492
- C:\Windows\System\DzdQeDW.exe
  C:\Windows\System\DzdQeDW.exe
  2⤵
  PID:3796
- C:\Windows\System\FKxquCx.exe
  C:\Windows\System\FKxquCx.exe
  2⤵
  PID:4104
- C:\Windows\System\RchdYDy.exe
  C:\Windows\System\RchdYDy.exe
  2⤵
  PID:4496
- C:\Windows\System\eViVAyJ.exe
  C:\Windows\System\eViVAyJ.exe
  2⤵
  PID:4428
- C:\Windows\System\QxKmYGI.exe
  C:\Windows\System\QxKmYGI.exe
  2⤵
  PID:1984
- C:\Windows\System\AwKbCLX.exe
  C:\Windows\System\AwKbCLX.exe
  2⤵
  PID:4868
- C:\Windows\System\IJJQUmw.exe
  C:\Windows\System\IJJQUmw.exe
  2⤵
  PID:5192
- C:\Windows\System\OiWHaMx.exe
  C:\Windows\System\OiWHaMx.exe
  2⤵
  PID:5284
- C:\Windows\System\oMGKcYk.exe
  C:\Windows\System\oMGKcYk.exe
  2⤵
  PID:5224
- C:\Windows\System\rsPvqZO.exe
  C:\Windows\System\rsPvqZO.exe
  2⤵
  PID:5324
- C:\Windows\System\JRVNVrv.exe
  C:\Windows\System\JRVNVrv.exe
  2⤵
  PID:5352
- C:\Windows\System\CHKvWpV.exe
  C:\Windows\System\CHKvWpV.exe
  2⤵
  PID:2856
- C:\Windows\System\CHvkdMg.exe
  C:\Windows\System\CHvkdMg.exe
  2⤵
  PID:1800
- C:\Windows\System\ahCTiFO.exe
  C:\Windows\System\ahCTiFO.exe
  2⤵
  PID:5464
- C:\Windows\System\rrleTzD.exe
  C:\Windows\System\rrleTzD.exe
  2⤵
  PID:5576
- C:\Windows\System\zEaOpbo.exe
  C:\Windows\System\zEaOpbo.exe
  2⤵
  PID:5648
- C:\Windows\System\AEoeHQs.exe
  C:\Windows\System\AEoeHQs.exe
  2⤵
  PID:5696
- C:\Windows\System\JGJskfH.exe
  C:\Windows\System\JGJskfH.exe
  2⤵
  PID:5776
- C:\Windows\System\ddVveeo.exe
  C:\Windows\System\ddVveeo.exe
  2⤵
  PID:5768
- C:\Windows\System\qVBxFLO.exe
  C:\Windows\System\qVBxFLO.exe
  2⤵
  PID:5816
- C:\Windows\System\qqnUSdl.exe
  C:\Windows\System\qqnUSdl.exe
  2⤵
  PID:5832
- C:\Windows\System\oZfjdeP.exe
  C:\Windows\System\oZfjdeP.exe
  2⤵
  PID:5972
- C:\Windows\System\cWiPJPd.exe
  C:\Windows\System\cWiPJPd.exe
  2⤵
  PID:5948
- C:\Windows\System\IRIYmuq.exe
  C:\Windows\System\IRIYmuq.exe
  2⤵
  PID:1236
- C:\Windows\System\boXMfpz.exe
  C:\Windows\System\boXMfpz.exe
  2⤵
  PID:6056
- C:\Windows\System\RbpXYjm.exe
  C:\Windows\System\RbpXYjm.exe
  2⤵
  PID:6112
- C:\Windows\System\wtWvAfT.exe
  C:\Windows\System\wtWvAfT.exe
  2⤵
  PID:1792
- C:\Windows\System\sMNnJny.exe
  C:\Windows\System\sMNnJny.exe
  2⤵
  PID:4316
- C:\Windows\System\JZDVRVZ.exe
  C:\Windows\System\JZDVRVZ.exe
  2⤵
  PID:5164
- C:\Windows\System\kCqurwg.exe
  C:\Windows\System\kCqurwg.exe
  2⤵
  PID:5172
- C:\Windows\System\ZswpEcm.exe
  C:\Windows\System\ZswpEcm.exe
  2⤵
  PID:5208
- C:\Windows\System\DDHBwWD.exe
  C:\Windows\System\DDHBwWD.exe
  2⤵
  PID:5252
- C:\Windows\System\TEXygti.exe
  C:\Windows\System\TEXygti.exe
  2⤵
  PID:5412
- C:\Windows\System\SujvEyE.exe
  C:\Windows\System\SujvEyE.exe
  2⤵
  PID:5452
- C:\Windows\System\gZxmSMj.exe
  C:\Windows\System\gZxmSMj.exe
  2⤵
  PID:5592
- C:\Windows\System\FqAgpEj.exe
  C:\Windows\System\FqAgpEj.exe
  2⤵
  PID:5516
- C:\Windows\System\RdwIGgt.exe
  C:\Windows\System\RdwIGgt.exe
  2⤵
  PID:5608
- C:\Windows\System\qttLvgs.exe
  C:\Windows\System\qttLvgs.exe
  2⤵
  PID:5736
- C:\Windows\System\TacPJnV.exe
  C:\Windows\System\TacPJnV.exe
  2⤵
  PID:5912
- C:\Windows\System\cqIdiew.exe
  C:\Windows\System\cqIdiew.exe
  2⤵
  PID:6012
- C:\Windows\System\Igdcojw.exe
  C:\Windows\System\Igdcojw.exe
  2⤵
  PID:6092
- C:\Windows\System\CNZoDby.exe
  C:\Windows\System\CNZoDby.exe
  2⤵
  PID:6108
- C:\Windows\System\hsoNJMK.exe
  C:\Windows\System\hsoNJMK.exe
  2⤵
  PID:2440
- C:\Windows\System\EdPGECP.exe
  C:\Windows\System\EdPGECP.exe
  2⤵
  PID:4692
- C:\Windows\System\bnDFnLQ.exe
  C:\Windows\System\bnDFnLQ.exe
  2⤵
  PID:5268
- C:\Windows\System\CDUZglV.exe
  C:\Windows\System\CDUZglV.exe
  2⤵
  PID:5288
- C:\Windows\System\HqGcbhm.exe
  C:\Windows\System\HqGcbhm.exe
  2⤵
  PID:5404
- C:\Windows\System\pUvCRao.exe
  C:\Windows\System\pUvCRao.exe
  2⤵
  PID:5512
- C:\Windows\System\rtUqDDr.exe
  C:\Windows\System\rtUqDDr.exe
  2⤵
  PID:5572
- C:\Windows\System\OAsXROA.exe
  C:\Windows\System\OAsXROA.exe
  2⤵
  PID:5892
- C:\Windows\System\pkNUcfS.exe
  C:\Windows\System\pkNUcfS.exe
  2⤵
  PID:1740
- C:\Windows\System\RFodxuJ.exe
  C:\Windows\System\RFodxuJ.exe
  2⤵
  PID:4796
- C:\Windows\System\JJJxTMp.exe
  C:\Windows\System\JJJxTMp.exe
  2⤵
  PID:5332
- C:\Windows\System\ESjWCUa.exe
  C:\Windows\System\ESjWCUa.exe
  2⤵
  PID:5444
- C:\Windows\System\wYnQCYx.exe
  C:\Windows\System\wYnQCYx.exe
  2⤵
  PID:5792
- C:\Windows\System\ydmrhAv.exe
  C:\Windows\System\ydmrhAv.exe
  2⤵
  PID:2868
- C:\Windows\System\gmFEXdr.exe
  C:\Windows\System\gmFEXdr.exe
  2⤵
  PID:2604
- C:\Windows\System\QQAtcvx.exe
  C:\Windows\System\QQAtcvx.exe
  2⤵
  PID:484
- C:\Windows\System\irVkBDQ.exe
  C:\Windows\System\irVkBDQ.exe
  2⤵
  PID:2864
- C:\Windows\System\yNgFNms.exe
  C:\Windows\System\yNgFNms.exe
  2⤵
  PID:2752
- C:\Windows\System\sgujdfq.exe
  C:\Windows\System\sgujdfq.exe
  2⤵
  PID:6088
- C:\Windows\System\VrkXcOj.exe
  C:\Windows\System\VrkXcOj.exe
  2⤵
  PID:1812
- C:\Windows\System\wyJqrmX.exe
  C:\Windows\System\wyJqrmX.exe
  2⤵
  PID:2540
- C:\Windows\System\mIaKzkq.exe
  C:\Windows\System\mIaKzkq.exe
  2⤵
  PID:2320
- C:\Windows\System\svUzqJv.exe
  C:\Windows\System\svUzqJv.exe
  2⤵
  PID:3056
- C:\Windows\System\bRncqFh.exe
  C:\Windows\System\bRncqFh.exe
  2⤵
  PID:4928
- C:\Windows\System\GyWElGH.exe
  C:\Windows\System\GyWElGH.exe
  2⤵
  PID:2472
- C:\Windows\System\zBRtEzJ.exe
  C:\Windows\System\zBRtEzJ.exe
  2⤵
  PID:1764
- C:\Windows\System\WtlPAjh.exe
  C:\Windows\System\WtlPAjh.exe
  2⤵
  PID:2712
- C:\Windows\System\TumhKtS.exe
  C:\Windows\System\TumhKtS.exe
  2⤵
  PID:1704
- C:\Windows\System\RjENmxt.exe
  C:\Windows\System\RjENmxt.exe
  2⤵
  PID:1480
- C:\Windows\System\UaiBeJu.exe
  C:\Windows\System\UaiBeJu.exe
  2⤵
  PID:2084
- C:\Windows\System\wcKtngc.exe
  C:\Windows\System\wcKtngc.exe
  2⤵
  PID:5496
- C:\Windows\System\jnNzfCk.exe
  C:\Windows\System\jnNzfCk.exe
  2⤵
  PID:2304
- C:\Windows\System\hrNGAzF.exe
  C:\Windows\System\hrNGAzF.exe
  2⤵
  PID:1868
- C:\Windows\System\cCsObfE.exe
  C:\Windows\System\cCsObfE.exe
  2⤵
  PID:5852
- C:\Windows\System\gBQGzqF.exe
  C:\Windows\System\gBQGzqF.exe
  2⤵
  PID:3564
- C:\Windows\System\AGBiQuR.exe
  C:\Windows\System\AGBiQuR.exe
  2⤵
  PID:3008
- C:\Windows\System\qMgxRBW.exe
  C:\Windows\System\qMgxRBW.exe
  2⤵
  PID:1308
- C:\Windows\System\UEgLwNJ.exe
  C:\Windows\System\UEgLwNJ.exe
  2⤵
  PID:1616
- C:\Windows\System\hdVPlje.exe
  C:\Windows\System\hdVPlje.exe
  2⤵
  PID:1664
- C:\Windows\System\RGfTIzl.exe
  C:\Windows\System\RGfTIzl.exe
  2⤵
  PID:6152
- C:\Windows\System\GcngxdW.exe
  C:\Windows\System\GcngxdW.exe
  2⤵
  PID:6168
- C:\Windows\System\eFeqGBC.exe
  C:\Windows\System\eFeqGBC.exe
  2⤵
  PID:6188
- C:\Windows\System\MmwuBmM.exe
  C:\Windows\System\MmwuBmM.exe
  2⤵
  PID:6208
- C:\Windows\System\BNnYkqP.exe
  C:\Windows\System\BNnYkqP.exe
  2⤵
  PID:6228
- C:\Windows\System\olbHBlS.exe
  C:\Windows\System\olbHBlS.exe
  2⤵
  PID:6252
- C:\Windows\System\YdLAycJ.exe
  C:\Windows\System\YdLAycJ.exe
  2⤵
  PID:6280
- C:\Windows\System\mEzIoFO.exe
  C:\Windows\System\mEzIoFO.exe
  2⤵
  PID:6296
- C:\Windows\System\DHUqaJz.exe
  C:\Windows\System\DHUqaJz.exe
  2⤵
  PID:6312
- C:\Windows\System\xdNubqj.exe
  C:\Windows\System\xdNubqj.exe
  2⤵
  PID:6328
- C:\Windows\System\cJSxlXo.exe
  C:\Windows\System\cJSxlXo.exe
  2⤵
  PID:6344
- C:\Windows\System\eRaKKmL.exe
  C:\Windows\System\eRaKKmL.exe
  2⤵
  PID:6368
- C:\Windows\System\chKphlG.exe
  C:\Windows\System\chKphlG.exe
  2⤵
  PID:6384
- C:\Windows\System\Ygelita.exe
  C:\Windows\System\Ygelita.exe
  2⤵
  PID:6400
- C:\Windows\System\gCXetow.exe
  C:\Windows\System\gCXetow.exe
  2⤵
  PID:6420
- C:\Windows\System\ZwPzXXW.exe
  C:\Windows\System\ZwPzXXW.exe
  2⤵
  PID:6468
- C:\Windows\System\ZoRBWMH.exe
  C:\Windows\System\ZoRBWMH.exe
  2⤵
  PID:6484
- C:\Windows\System\GvIjGnP.exe
  C:\Windows\System\GvIjGnP.exe
  2⤵
  PID:6504
- C:\Windows\System\BgQgent.exe
  C:\Windows\System\BgQgent.exe
  2⤵
  PID:6524
- C:\Windows\System\xORwuXj.exe
  C:\Windows\System\xORwuXj.exe
  2⤵
  PID:6540
- C:\Windows\System\RhpcYAY.exe
  C:\Windows\System\RhpcYAY.exe
  2⤵
  PID:6560
- C:\Windows\System\ZNAZEOh.exe
  C:\Windows\System\ZNAZEOh.exe
  2⤵
  PID:6576
- C:\Windows\System\jslkoWP.exe
  C:\Windows\System\jslkoWP.exe
  2⤵
  PID:6592
- C:\Windows\System\wJRrUlJ.exe
  C:\Windows\System\wJRrUlJ.exe
  2⤵
  PID:6628
- C:\Windows\System\IFaTPpA.exe
  C:\Windows\System\IFaTPpA.exe
  2⤵
  PID:6644
- C:\Windows\System\IgIBhnx.exe
  C:\Windows\System\IgIBhnx.exe
  2⤵
  PID:6660
- C:\Windows\System\nmmvzAC.exe
  C:\Windows\System\nmmvzAC.exe
  2⤵
  PID:6676
- C:\Windows\System\dTdonkE.exe
  C:\Windows\System\dTdonkE.exe
  2⤵
  PID:6692
- C:\Windows\System\iGiDErX.exe
  C:\Windows\System\iGiDErX.exe
  2⤵
  PID:6708
- C:\Windows\System\EUohxAV.exe
  C:\Windows\System\EUohxAV.exe
  2⤵
  PID:6724
- C:\Windows\System\UwwRjyg.exe
  C:\Windows\System\UwwRjyg.exe
  2⤵
  PID:6744
- C:\Windows\System\tNqoInc.exe
  C:\Windows\System\tNqoInc.exe
  2⤵
  PID:6764
- C:\Windows\System\qKmajRB.exe
  C:\Windows\System\qKmajRB.exe
  2⤵
  PID:6788
- C:\Windows\System\DCpDOaT.exe
  C:\Windows\System\DCpDOaT.exe
  2⤵
  PID:6808
- C:\Windows\System\AHkSESO.exe
  C:\Windows\System\AHkSESO.exe
  2⤵
  PID:6824
- C:\Windows\System\KhRuFPE.exe
  C:\Windows\System\KhRuFPE.exe
  2⤵
  PID:6840
- C:\Windows\System\oXzWGTD.exe
  C:\Windows\System\oXzWGTD.exe
  2⤵
  PID:6860
- C:\Windows\System\FqppXql.exe
  C:\Windows\System\FqppXql.exe
  2⤵
  PID:6876
- C:\Windows\System\CYnIDRk.exe
  C:\Windows\System\CYnIDRk.exe
  2⤵
  PID:6892
- C:\Windows\System\SfSrgXw.exe
  C:\Windows\System\SfSrgXw.exe
  2⤵
  PID:6948
- C:\Windows\System\lpamFHy.exe
  C:\Windows\System\lpamFHy.exe
  2⤵
  PID:6968
- C:\Windows\System\OZBfYwt.exe
  C:\Windows\System\OZBfYwt.exe
  2⤵
  PID:6988
- C:\Windows\System\KyMZwvm.exe
  C:\Windows\System\KyMZwvm.exe
  2⤵
  PID:7004
- C:\Windows\System\ZvSlLzm.exe
  C:\Windows\System\ZvSlLzm.exe
  2⤵
  PID:7020
- C:\Windows\System\maxgUXE.exe
  C:\Windows\System\maxgUXE.exe
  2⤵
  PID:7048
- C:\Windows\System\JHnpEoT.exe
  C:\Windows\System\JHnpEoT.exe
  2⤵
  PID:7068
- C:\Windows\System\GLOewkH.exe
  C:\Windows\System\GLOewkH.exe
  2⤵
  PID:7084
- C:\Windows\System\HOaFfEP.exe
  C:\Windows\System\HOaFfEP.exe
  2⤵
  PID:7104
- C:\Windows\System\LxTfJmG.exe
  C:\Windows\System\LxTfJmG.exe
  2⤵
  PID:7132
- C:\Windows\System\KbPvzgT.exe
  C:\Windows\System\KbPvzgT.exe
  2⤵
  PID:7148
- C:\Windows\System\ncNdCVM.exe
  C:\Windows\System\ncNdCVM.exe
  2⤵
  PID:7164
- C:\Windows\System\lCOSrIf.exe
  C:\Windows\System\lCOSrIf.exe
  2⤵
  PID:6148
- C:\Windows\System\CknGUAL.exe
  C:\Windows\System\CknGUAL.exe
  2⤵
  PID:6184
- C:\Windows\System\AxZTjvH.exe
  C:\Windows\System\AxZTjvH.exe
  2⤵
  PID:6224
- C:\Windows\System\wvkGGxz.exe
  C:\Windows\System\wvkGGxz.exe
  2⤵
  PID:2208
- C:\Windows\System\wHmHEMv.exe
  C:\Windows\System\wHmHEMv.exe
  2⤵
  PID:6268
- C:\Windows\System\nTuUbBS.exe
  C:\Windows\System\nTuUbBS.exe
  2⤵
  PID:1840
- C:\Windows\System\fMCRMIt.exe
  C:\Windows\System\fMCRMIt.exe
  2⤵
  PID:6240
- C:\Windows\System\QjFEcFa.exe
  C:\Windows\System\QjFEcFa.exe
  2⤵
  PID:2392
- C:\Windows\System\acAdNmz.exe
  C:\Windows\System\acAdNmz.exe
  2⤵
  PID:6052
- C:\Windows\System\NBdWTlK.exe
  C:\Windows\System\NBdWTlK.exe
  2⤵
  PID:6160
- C:\Windows\System\BuWBLNJ.exe
  C:\Windows\System\BuWBLNJ.exe
  2⤵
  PID:6352
- C:\Windows\System\aMwJlnZ.exe
  C:\Windows\System\aMwJlnZ.exe
  2⤵
  PID:6340
- C:\Windows\System\QxtfQfu.exe
  C:\Windows\System\QxtfQfu.exe
  2⤵
  PID:6428
- C:\Windows\System\JruQbpQ.exe
  C:\Windows\System\JruQbpQ.exe
  2⤵
  PID:6452
- C:\Windows\System\qSaNWhF.exe
  C:\Windows\System\qSaNWhF.exe
  2⤵
  PID:6444
- C:\Windows\System\wPHSFjd.exe
  C:\Windows\System\wPHSFjd.exe
  2⤵
  PID:6480
- C:\Windows\System\bOElLyf.exe
  C:\Windows\System\bOElLyf.exe
  2⤵
  PID:6556
- C:\Windows\System\NIykVXa.exe
  C:\Windows\System\NIykVXa.exe
  2⤵
  PID:6532
- C:\Windows\System\yVGQsGQ.exe
  C:\Windows\System\yVGQsGQ.exe
  2⤵
  PID:6604
- C:\Windows\System\gOpNihA.exe
  C:\Windows\System\gOpNihA.exe
  2⤵
  PID:6672
- C:\Windows\System\VigzFhw.exe
  C:\Windows\System\VigzFhw.exe
  2⤵
  PID:6736
- C:\Windows\System\qNlyGGM.exe
  C:\Windows\System\qNlyGGM.exe
  2⤵
  PID:6612
- C:\Windows\System\kfFkqJJ.exe
  C:\Windows\System\kfFkqJJ.exe
  2⤵
  PID:6848
- C:\Windows\System\yFkErVB.exe
  C:\Windows\System\yFkErVB.exe
  2⤵
  PID:6796
- C:\Windows\System\DaXdBVw.exe
  C:\Windows\System\DaXdBVw.exe
  2⤵
  PID:6868
- C:\Windows\System\PGyVEKK.exe
  C:\Windows\System\PGyVEKK.exe
  2⤵
  PID:6624
- C:\Windows\System\clOmWRm.exe
  C:\Windows\System\clOmWRm.exe
  2⤵
  PID:6688
- C:\Windows\System\PxqpOZJ.exe
  C:\Windows\System\PxqpOZJ.exe
  2⤵
  PID:6752
- C:\Windows\System\iqQPuCl.exe
  C:\Windows\System\iqQPuCl.exe
  2⤵
  PID:6832
- C:\Windows\System\pGeFPFJ.exe
  C:\Windows\System\pGeFPFJ.exe
  2⤵
  PID:6920
- C:\Windows\System\ELTMDSS.exe
  C:\Windows\System\ELTMDSS.exe
  2⤵
  PID:6980
- C:\Windows\System\hsIbkLZ.exe
  C:\Windows\System\hsIbkLZ.exe
  2⤵
  PID:7012
- C:\Windows\System\KfJWMZZ.exe
  C:\Windows\System\KfJWMZZ.exe
  2⤵
  PID:7044
- C:\Windows\System\wjCxuVi.exe
  C:\Windows\System\wjCxuVi.exe
  2⤵
  PID:7120
- C:\Windows\System\oqHvLPE.exe
  C:\Windows\System\oqHvLPE.exe
  2⤵
  PID:7096
- C:\Windows\System\HHMhNVi.exe
  C:\Windows\System\HHMhNVi.exe
  2⤵
  PID:7156
- C:\Windows\System\jpRZNsl.exe
  C:\Windows\System\jpRZNsl.exe
  2⤵
  PID:6180
- C:\Windows\System\EJZbueq.exe
  C:\Windows\System\EJZbueq.exe
  2⤵
  PID:2632
- C:\Windows\System\rKZgFOu.exe
  C:\Windows\System\rKZgFOu.exe
  2⤵
  PID:6216
- C:\Windows\System\BHdffaL.exe
  C:\Windows\System\BHdffaL.exe
  2⤵
  PID:2628
- C:\Windows\System\DQhEGQj.exe
  C:\Windows\System\DQhEGQj.exe
  2⤵
  PID:6276
- C:\Windows\System\ZZAghpH.exe
  C:\Windows\System\ZZAghpH.exe
  2⤵
  PID:4308
- C:\Windows\System\yOBhTVY.exe
  C:\Windows\System\yOBhTVY.exe
  2⤵
  PID:6364
- C:\Windows\System\dATjEhU.exe
  C:\Windows\System\dATjEhU.exe
  2⤵
  PID:6200
- C:\Windows\System\GcViuTk.exe
  C:\Windows\System\GcViuTk.exe
  2⤵
  PID:6432
- C:\Windows\System\HFCcnKx.exe
  C:\Windows\System\HFCcnKx.exe
  2⤵
  PID:2780
- C:\Windows\System\hXqapSy.exe
  C:\Windows\System\hXqapSy.exe
  2⤵
  PID:6584
- C:\Windows\System\KbJXDqy.exe
  C:\Windows\System\KbJXDqy.exe
  2⤵
  PID:6884
- C:\Windows\System\EFAYisr.exe
  C:\Windows\System\EFAYisr.exe
  2⤵
  PID:6608
- C:\Windows\System\nsmdvSf.exe
  C:\Windows\System\nsmdvSf.exe
  2⤵
  PID:6944
- C:\Windows\System\HkJDkSQ.exe
  C:\Windows\System\HkJDkSQ.exe
  2⤵
  PID:6652
- C:\Windows\System\znenXVF.exe
  C:\Windows\System\znenXVF.exe
  2⤵
  PID:6816
- C:\Windows\System\sTOmnCf.exe
  C:\Windows\System\sTOmnCf.exe
  2⤵
  PID:6720
- C:\Windows\System\vitVJVz.exe
  C:\Windows\System\vitVJVz.exe
  2⤵
  PID:6908
- C:\Windows\System\BhJZAhY.exe
  C:\Windows\System\BhJZAhY.exe
  2⤵
  PID:7080
- C:\Windows\System\eVjRZFp.exe
  C:\Windows\System\eVjRZFp.exe
  2⤵
  PID:6976
- C:\Windows\System\PKsQoRW.exe
  C:\Windows\System\PKsQoRW.exe
  2⤵
  PID:7116
- C:\Windows\System\nyXBqxz.exe
  C:\Windows\System\nyXBqxz.exe
  2⤵
  PID:7092
- C:\Windows\System\QkCcwVP.exe
  C:\Windows\System\QkCcwVP.exe
  2⤵
  PID:3088
- C:\Windows\System\HaLTEKQ.exe
  C:\Windows\System\HaLTEKQ.exe
  2⤵
  PID:6336
- C:\Windows\System\KIJnhTl.exe
  C:\Windows\System\KIJnhTl.exe
  2⤵
  PID:2592
- C:\Windows\System\rqJwLym.exe
  C:\Windows\System\rqJwLym.exe
  2⤵
  PID:288
- C:\Windows\System\lXcCHEs.exe
  C:\Windows\System\lXcCHEs.exe
  2⤵
  PID:6416
- C:\Windows\System\OJcUojt.exe
  C:\Windows\System\OJcUojt.exe
  2⤵
  PID:6636
- C:\Windows\System\ZklHBPd.exe
  C:\Windows\System\ZklHBPd.exe
  2⤵
  PID:1512
- C:\Windows\System\JsDXOjF.exe
  C:\Windows\System\JsDXOjF.exe
  2⤵
  PID:6904
- C:\Windows\System\vQVTTcU.exe
  C:\Windows\System\vQVTTcU.exe
  2⤵
  PID:6984
- C:\Windows\System\MEtQtsg.exe
  C:\Windows\System\MEtQtsg.exe
  2⤵
  PID:6804
- C:\Windows\System\bsNFhdH.exe
  C:\Windows\System\bsNFhdH.exe
  2⤵
  PID:6616
- C:\Windows\System\lEIbiXZ.exe
  C:\Windows\System\lEIbiXZ.exe
  2⤵
  PID:6928
- C:\Windows\System\NUOlRSw.exe
  C:\Windows\System\NUOlRSw.exe
  2⤵
  PID:7064
- C:\Windows\System\syXynMu.exe
  C:\Windows\System\syXynMu.exe
  2⤵
  PID:2796
- C:\Windows\System\JbpySBV.exe
  C:\Windows\System\JbpySBV.exe
  2⤵
  PID:2952
- C:\Windows\System\tClhmYy.exe
  C:\Windows\System\tClhmYy.exe
  2⤵
  PID:6264
- C:\Windows\System\uFGPccs.exe
  C:\Windows\System\uFGPccs.exe
  2⤵
  PID:6360
- C:\Windows\System\FlWNebh.exe
  C:\Windows\System\FlWNebh.exe
  2⤵
  PID:6912
- C:\Windows\System\WfWaozZ.exe
  C:\Windows\System\WfWaozZ.exe
  2⤵
  PID:6548
- C:\Windows\System\zwvaxJu.exe
  C:\Windows\System\zwvaxJu.exe
  2⤵
  PID:6520
- C:\Windows\System\dSRyzir.exe
  C:\Windows\System\dSRyzir.exe
  2⤵
  PID:1204
- C:\Windows\System\eEfnFdZ.exe
  C:\Windows\System\eEfnFdZ.exe
  2⤵
  PID:3036
- C:\Windows\System\sOVSLhW.exe
  C:\Windows\System\sOVSLhW.exe
  2⤵
  PID:6780
- C:\Windows\System\omyDmou.exe
  C:\Windows\System\omyDmou.exe
  2⤵
  PID:6220
- C:\Windows\System\VeubSVF.exe
  C:\Windows\System\VeubSVF.exe
  2⤵
  PID:6412
- C:\Windows\System\yEtdscT.exe
  C:\Windows\System\yEtdscT.exe
  2⤵
  PID:7184
- C:\Windows\System\afpqUeI.exe
  C:\Windows\System\afpqUeI.exe
  2⤵
  PID:7200
- C:\Windows\System\GCEvmKe.exe
  C:\Windows\System\GCEvmKe.exe
  2⤵
  PID:7224
- C:\Windows\System\zFRfDBN.exe
  C:\Windows\System\zFRfDBN.exe
  2⤵
  PID:7240
- C:\Windows\System\zHtiWHf.exe
  C:\Windows\System\zHtiWHf.exe
  2⤵
  PID:7268
- C:\Windows\System\ebWOcDa.exe
  C:\Windows\System\ebWOcDa.exe
  2⤵
  PID:7292
- C:\Windows\System\NuePQUs.exe
  C:\Windows\System\NuePQUs.exe
  2⤵
  PID:7308
- C:\Windows\System\tbxYivm.exe
  C:\Windows\System\tbxYivm.exe
  2⤵
  PID:7328
- C:\Windows\System\ytORBBD.exe
  C:\Windows\System\ytORBBD.exe
  2⤵
  PID:7364
- C:\Windows\System\yroinxq.exe
  C:\Windows\System\yroinxq.exe
  2⤵
  PID:7380
- C:\Windows\System\aVlHSIY.exe
  C:\Windows\System\aVlHSIY.exe
  2⤵
  PID:7400
- C:\Windows\System\pmmJUia.exe
  C:\Windows\System\pmmJUia.exe
  2⤵
  PID:7420
- C:\Windows\System\rDnyTIX.exe
  C:\Windows\System\rDnyTIX.exe
  2⤵
  PID:7440
- C:\Windows\System\BNHdaSn.exe
  C:\Windows\System\BNHdaSn.exe
  2⤵
  PID:7456
- C:\Windows\System\pZvatuu.exe
  C:\Windows\System\pZvatuu.exe
  2⤵
  PID:7480
- C:\Windows\System\QvDEtLH.exe
  C:\Windows\System\QvDEtLH.exe
  2⤵
  PID:7500
- C:\Windows\System\cfBAVvp.exe
  C:\Windows\System\cfBAVvp.exe
  2⤵
  PID:7528
- C:\Windows\System\qsUjTne.exe
  C:\Windows\System\qsUjTne.exe
  2⤵
  PID:7544
- C:\Windows\System\ISnFZtN.exe
  C:\Windows\System\ISnFZtN.exe
  2⤵
  PID:7560
- C:\Windows\System\IDSjPaO.exe
  C:\Windows\System\IDSjPaO.exe
  2⤵
  PID:7576
- C:\Windows\System\KixDsxK.exe
  C:\Windows\System\KixDsxK.exe
  2⤵
  PID:7596
- C:\Windows\System\TGwBIan.exe
  C:\Windows\System\TGwBIan.exe
  2⤵
  PID:7612
- C:\Windows\System\zqKQPhK.exe
  C:\Windows\System\zqKQPhK.exe
  2⤵
  PID:7644
- C:\Windows\System\aBwGDVA.exe
  C:\Windows\System\aBwGDVA.exe
  2⤵
  PID:7660
- C:\Windows\System\vdANkCs.exe
  C:\Windows\System\vdANkCs.exe
  2⤵
  PID:7684
- C:\Windows\System\GuosJXV.exe
  C:\Windows\System\GuosJXV.exe
  2⤵
  PID:7704
- C:\Windows\System\ugBnLiy.exe
  C:\Windows\System\ugBnLiy.exe
  2⤵
  PID:7724
- C:\Windows\System\NrbgRff.exe
  C:\Windows\System\NrbgRff.exe
  2⤵
  PID:7744
- C:\Windows\System\zpmHALf.exe
  C:\Windows\System\zpmHALf.exe
  2⤵
  PID:7760
- C:\Windows\System\PecQvcW.exe
  C:\Windows\System\PecQvcW.exe
  2⤵
  PID:7776
- C:\Windows\System\WryBSNQ.exe
  C:\Windows\System\WryBSNQ.exe
  2⤵
  PID:7792
- C:\Windows\System\HMHvXoz.exe
  C:\Windows\System\HMHvXoz.exe
  2⤵
  PID:7808
- C:\Windows\System\BDaffbO.exe
  C:\Windows\System\BDaffbO.exe
  2⤵
  PID:7832
- C:\Windows\System\dhbpWqw.exe
  C:\Windows\System\dhbpWqw.exe
  2⤵
  PID:7856
- C:\Windows\System\dhfBcqt.exe
  C:\Windows\System\dhfBcqt.exe
  2⤵
  PID:7876
- C:\Windows\System\TLsYNDt.exe
  C:\Windows\System\TLsYNDt.exe
  2⤵
  PID:7896
- C:\Windows\System\NOHVeXf.exe
  C:\Windows\System\NOHVeXf.exe
  2⤵
  PID:7924
- C:\Windows\System\XmAhULu.exe
  C:\Windows\System\XmAhULu.exe
  2⤵
  PID:7940
- C:\Windows\System\eyRqcIs.exe
  C:\Windows\System\eyRqcIs.exe
  2⤵
  PID:7960
- C:\Windows\System\AGTacZk.exe
  C:\Windows\System\AGTacZk.exe
  2⤵
  PID:7984
- C:\Windows\System\VCjnQLJ.exe
  C:\Windows\System\VCjnQLJ.exe
  2⤵
  PID:8008
- C:\Windows\System\owDggyF.exe
  C:\Windows\System\owDggyF.exe
  2⤵
  PID:8024
- C:\Windows\System\tUpmEhn.exe
  C:\Windows\System\tUpmEhn.exe
  2⤵
  PID:8040
- C:\Windows\System\gVZQfcw.exe
  C:\Windows\System\gVZQfcw.exe
  2⤵
  PID:8060
- C:\Windows\System\cGMPIeU.exe
  C:\Windows\System\cGMPIeU.exe
  2⤵
  PID:8076
- C:\Windows\System\yqWtXFM.exe
  C:\Windows\System\yqWtXFM.exe
  2⤵
  PID:8096
- C:\Windows\System\mCQnWHm.exe
  C:\Windows\System\mCQnWHm.exe
  2⤵
  PID:8116
- C:\Windows\System\gbuwzHW.exe
  C:\Windows\System\gbuwzHW.exe
  2⤵
  PID:8136
- C:\Windows\System\dzvvilx.exe
  C:\Windows\System\dzvvilx.exe
  2⤵
  PID:8168
- C:\Windows\System\tgVTYfm.exe
  C:\Windows\System\tgVTYfm.exe
  2⤵
  PID:8184
- C:\Windows\System\MRFkYAH.exe
  C:\Windows\System\MRFkYAH.exe
  2⤵
  PID:6496
- C:\Windows\System\nSLIrQg.exe
  C:\Windows\System\nSLIrQg.exe
  2⤵
  PID:6176
- C:\Windows\System\nFUkejk.exe
  C:\Windows\System\nFUkejk.exe
  2⤵
  PID:7036
- C:\Windows\System\CbVNRfr.exe
  C:\Windows\System\CbVNRfr.exe
  2⤵
  PID:7208
- C:\Windows\System\hChPTsn.exe
  C:\Windows\System\hChPTsn.exe
  2⤵
  PID:7256
- C:\Windows\System\wwrjEFP.exe
  C:\Windows\System\wwrjEFP.exe
  2⤵
  PID:7196
- C:\Windows\System\RSqHOee.exe
  C:\Windows\System\RSqHOee.exe
  2⤵
  PID:7280
- C:\Windows\System\UkTeaoV.exe
  C:\Windows\System\UkTeaoV.exe
  2⤵
  PID:7348
- C:\Windows\System\GljWCdR.exe
  C:\Windows\System\GljWCdR.exe
  2⤵
  PID:7232
- C:\Windows\System\ftgeGjr.exe
  C:\Windows\System\ftgeGjr.exe
  2⤵
  PID:7372
- C:\Windows\System\bAweKto.exe
  C:\Windows\System\bAweKto.exe
  2⤵
  PID:7408
- C:\Windows\System\FcBAXSu.exe
  C:\Windows\System\FcBAXSu.exe
  2⤵
  PID:7436
- C:\Windows\System\WiCapKV.exe
  C:\Windows\System\WiCapKV.exe
  2⤵
  PID:7468
- C:\Windows\System\hIdofvj.exe
  C:\Windows\System\hIdofvj.exe
  2⤵
  PID:7512
- C:\Windows\System\ZmXyeuK.exe
  C:\Windows\System\ZmXyeuK.exe
  2⤵
  PID:7540
- C:\Windows\System\PeWEwcn.exe
  C:\Windows\System\PeWEwcn.exe
  2⤵
  PID:7584
- C:\Windows\System\YBNXhYL.exe
  C:\Windows\System\YBNXhYL.exe
  2⤵
  PID:7624
- C:\Windows\System\RkspUVL.exe
  C:\Windows\System\RkspUVL.exe
  2⤵
  PID:7628
- C:\Windows\System\EsTbWdk.exe
  C:\Windows\System\EsTbWdk.exe
  2⤵
  PID:7672
- C:\Windows\System\iBHbhsY.exe
  C:\Windows\System\iBHbhsY.exe
  2⤵
  PID:7680
- C:\Windows\System\mJWiBfs.exe
  C:\Windows\System\mJWiBfs.exe
  2⤵
  PID:7712
- C:\Windows\System\AtFxFYr.exe
  C:\Windows\System\AtFxFYr.exe
  2⤵
  PID:7756
- C:\Windows\System\HmxrwDU.exe
  C:\Windows\System\HmxrwDU.exe
  2⤵
  PID:7820
- C:\Windows\System\KTFphCO.exe
  C:\Windows\System\KTFphCO.exe
  2⤵
  PID:7772
- C:\Windows\System\YxOuFmT.exe
  C:\Windows\System\YxOuFmT.exe
  2⤵
  PID:7840
- C:\Windows\System\JHxVcaB.exe
  C:\Windows\System\JHxVcaB.exe
  2⤵
  PID:7768
- C:\Windows\System\lJflfuv.exe
  C:\Windows\System\lJflfuv.exe
  2⤵
  PID:7884
- C:\Windows\System\xzguDBG.exe
  C:\Windows\System\xzguDBG.exe
  2⤵
  PID:7948
- C:\Windows\System\uNHWpBc.exe
  C:\Windows\System\uNHWpBc.exe
  2⤵
  PID:7968
- C:\Windows\System\uBtiWuT.exe
  C:\Windows\System\uBtiWuT.exe
  2⤵
  PID:8000
- C:\Windows\System\GfRIxcx.exe
  C:\Windows\System\GfRIxcx.exe
  2⤵
  PID:8032
- C:\Windows\System\rlYYeXK.exe
  C:\Windows\System\rlYYeXK.exe
  2⤵
  PID:8072
- C:\Windows\System\mAGNunf.exe
  C:\Windows\System\mAGNunf.exe
  2⤵
  PID:2284
- C:\Windows\System\VWHOCfH.exe
  C:\Windows\System\VWHOCfH.exe
  2⤵
  PID:8020
- C:\Windows\System\SbNqyZT.exe
  C:\Windows\System\SbNqyZT.exe
  2⤵
  PID:8048
- C:\Windows\System\UsBhOYP.exe
  C:\Windows\System\UsBhOYP.exe
  2⤵
  PID:8056
- C:\Windows\System\wNwVvFC.exe
  C:\Windows\System\wNwVvFC.exe
  2⤵
  PID:8148
- C:\Windows\System\OBtgXcX.exe
  C:\Windows\System\OBtgXcX.exe
  2⤵
  PID:6288
- C:\Windows\System\xTEGMmV.exe
  C:\Windows\System\xTEGMmV.exe
  2⤵
  PID:6324
- C:\Windows\System\NymdJhF.exe
  C:\Windows\System\NymdJhF.exe
  2⤵
  PID:6260
- C:\Windows\System\FMOrNBP.exe
  C:\Windows\System\FMOrNBP.exe
  2⤵
  PID:7248
- C:\Windows\System\ZtQaOhy.exe
  C:\Windows\System\ZtQaOhy.exe
  2⤵
  PID:7264
- C:\Windows\System\QyvmVdr.exe
  C:\Windows\System\QyvmVdr.exe
  2⤵
  PID:7316
- C:\Windows\System\TwnhOrN.exe
  C:\Windows\System\TwnhOrN.exe
  2⤵
  PID:7472
- C:\Windows\System\UgGoZKA.exe
  C:\Windows\System\UgGoZKA.exe
  2⤵
  PID:7524
- C:\Windows\System\LrDJSKH.exe
  C:\Windows\System\LrDJSKH.exe
  2⤵
  PID:7432
- C:\Windows\System\YstZTMT.exe
  C:\Windows\System\YstZTMT.exe
  2⤵
  PID:7604
- C:\Windows\System\yCwLOSf.exe
  C:\Windows\System\yCwLOSf.exe
  2⤵
  PID:7788
- C:\Windows\System\xLQjDGe.exe
  C:\Windows\System\xLQjDGe.exe
  2⤵
  PID:7388
- C:\Windows\System\xcElLqM.exe
  C:\Windows\System\xcElLqM.exe
  2⤵
  PID:7732
- C:\Windows\System\jbeItCL.exe
  C:\Windows\System\jbeItCL.exe
  2⤵
  PID:7552
- C:\Windows\System\PyXszCi.exe
  C:\Windows\System\PyXszCi.exe
  2⤵
  PID:7992
- C:\Windows\System\VADqcXv.exe
  C:\Windows\System\VADqcXv.exe
  2⤵
  PID:7572
- C:\Windows\System\ZtDxGIs.exe
  C:\Windows\System\ZtDxGIs.exe
  2⤵
  PID:8016
- C:\Windows\System\ErpXGDP.exe
  C:\Windows\System\ErpXGDP.exe
  2⤵
  PID:6888
- C:\Windows\System\gHOVNXX.exe
  C:\Windows\System\gHOVNXX.exe
  2⤵
  PID:8068
- C:\Windows\System\sSzmtaU.exe
  C:\Windows\System\sSzmtaU.exe
  2⤵
  PID:6684
- C:\Windows\System\hiieBIN.exe
  C:\Windows\System\hiieBIN.exe
  2⤵
  PID:7276
- C:\Windows\System\BMUtJOG.exe
  C:\Windows\System\BMUtJOG.exe
  2⤵
  PID:7448
- C:\Windows\System\QppNzVa.exe
  C:\Windows\System\QppNzVa.exe
  2⤵
  PID:7608
- C:\Windows\System\uPBvKLC.exe
  C:\Windows\System\uPBvKLC.exe
  2⤵
  PID:7740
- C:\Windows\System\ifdHVJj.exe
  C:\Windows\System\ifdHVJj.exe
  2⤵
  PID:7324
- C:\Windows\System\ExvcvkH.exe
  C:\Windows\System\ExvcvkH.exe
  2⤵
  PID:7360
- C:\Windows\System\eDFMbpX.exe
  C:\Windows\System\eDFMbpX.exe
  2⤵
  PID:7872
- C:\Windows\System\NPbDlvO.exe
  C:\Windows\System\NPbDlvO.exe
  2⤵
  PID:7828
- C:\Windows\System\zzIHvLX.exe
  C:\Windows\System\zzIHvLX.exe
  2⤵
  PID:7904
- C:\Windows\System\EGSdLTh.exe
  C:\Windows\System\EGSdLTh.exe
  2⤵
  PID:7636
- C:\Windows\System\jYTpwMV.exe
  C:\Windows\System\jYTpwMV.exe
  2⤵
  PID:7936
- C:\Windows\System\HRVRBMT.exe
  C:\Windows\System\HRVRBMT.exe
  2⤵
  PID:8084
- C:\Windows\System\QUUJHJb.exe
  C:\Windows\System\QUUJHJb.exe
  2⤵
  PID:8160
- C:\Windows\System\XAlOFHq.exe
  C:\Windows\System\XAlOFHq.exe
  2⤵
  PID:6856
- C:\Windows\System\UTfdRiE.exe
  C:\Windows\System\UTfdRiE.exe
  2⤵
  PID:7668
- C:\Windows\System\iktriqs.exe
  C:\Windows\System\iktriqs.exe
  2⤵
  PID:7356
- C:\Windows\System\gqPqOVm.exe
  C:\Windows\System\gqPqOVm.exe
  2⤵
  PID:8108
- C:\Windows\System\DHpmExl.exe
  C:\Windows\System\DHpmExl.exe
  2⤵
  PID:7952
- C:\Windows\System\Harhnjd.exe
  C:\Windows\System\Harhnjd.exe
  2⤵
  PID:7176
- C:\Windows\System\LVeRZoK.exe
  C:\Windows\System\LVeRZoK.exe
  2⤵
  PID:7736
- C:\Windows\System\uuaWUEY.exe
  C:\Windows\System\uuaWUEY.exe
  2⤵
  PID:7428
- C:\Windows\System\MdXgyum.exe
  C:\Windows\System\MdXgyum.exe
  2⤵
  PID:7288
- C:\Windows\System\GYrzRPf.exe
  C:\Windows\System\GYrzRPf.exe
  2⤵
  PID:7304
- C:\Windows\System\CAUHCFx.exe
  C:\Windows\System\CAUHCFx.exe
  2⤵
  PID:7652
- C:\Windows\System\WvAKfiL.exe
  C:\Windows\System\WvAKfiL.exe
  2⤵
  PID:7720
- C:\Windows\System\rLVEjwz.exe
  C:\Windows\System\rLVEjwz.exe
  2⤵
  PID:8204
- C:\Windows\System\vQHfePq.exe
  C:\Windows\System\vQHfePq.exe
  2⤵
  PID:8224
- C:\Windows\System\fPqsMmC.exe
  C:\Windows\System\fPqsMmC.exe
  2⤵
  PID:8240
- C:\Windows\System\rAYevkf.exe
  C:\Windows\System\rAYevkf.exe
  2⤵
  PID:8268
- C:\Windows\System\ZfSbyoS.exe
  C:\Windows\System\ZfSbyoS.exe
  2⤵
  PID:8292
- C:\Windows\System\EdmosuT.exe
  C:\Windows\System\EdmosuT.exe
  2⤵
  PID:8324
- C:\Windows\System\oyGrLii.exe
  C:\Windows\System\oyGrLii.exe
  2⤵
  PID:8344
- C:\Windows\System\gnMtITJ.exe
  C:\Windows\System\gnMtITJ.exe
  2⤵
  PID:8364
- C:\Windows\System\iFTTlEl.exe
  C:\Windows\System\iFTTlEl.exe
  2⤵
  PID:8388
- C:\Windows\System\tqGcLWc.exe
  C:\Windows\System\tqGcLWc.exe
  2⤵
  PID:8408
- C:\Windows\System\ODweung.exe
  C:\Windows\System\ODweung.exe
  2⤵
  PID:8448
- C:\Windows\System\IHiqqTf.exe
  C:\Windows\System\IHiqqTf.exe
  2⤵
  PID:8520
- C:\Windows\System\NoCXvTg.exe
  C:\Windows\System\NoCXvTg.exe
  2⤵
  PID:8540
- C:\Windows\System\AlVpDUQ.exe
  C:\Windows\System\AlVpDUQ.exe
  2⤵
  PID:8560
- C:\Windows\System\tuYOHQe.exe
  C:\Windows\System\tuYOHQe.exe
  2⤵
  PID:8580
- C:\Windows\System\dpUlaEb.exe
  C:\Windows\System\dpUlaEb.exe
  2⤵
  PID:8612
- C:\Windows\System\WMMVZRK.exe
  C:\Windows\System\WMMVZRK.exe
  2⤵
  PID:8632
- C:\Windows\System\rPTimDo.exe
  C:\Windows\System\rPTimDo.exe
  2⤵
  PID:8648
- C:\Windows\System\oXShHhN.exe
  C:\Windows\System\oXShHhN.exe
  2⤵
  PID:8664
- C:\Windows\System\YpAZVlq.exe
  C:\Windows\System\YpAZVlq.exe
  2⤵
  PID:8688
- C:\Windows\System\yZVgXFm.exe
  C:\Windows\System\yZVgXFm.exe
  2⤵
  PID:8708
- C:\Windows\System\PlheiTf.exe
  C:\Windows\System\PlheiTf.exe
  2⤵
  PID:8728
- C:\Windows\System\qgcavao.exe
  C:\Windows\System\qgcavao.exe
  2⤵
  PID:8752
- C:\Windows\System\ABiYpfX.exe
  C:\Windows\System\ABiYpfX.exe
  2⤵
  PID:8772
- C:\Windows\System\HWINIHp.exe
  C:\Windows\System\HWINIHp.exe
  2⤵
  PID:8792
- C:\Windows\System\YKUsZFV.exe
  C:\Windows\System\YKUsZFV.exe
  2⤵
  PID:8812
- C:\Windows\System\kgufGjm.exe
  C:\Windows\System\kgufGjm.exe
  2⤵
  PID:8836
- C:\Windows\System\NghQkOD.exe
  C:\Windows\System\NghQkOD.exe
  2⤵
  PID:8852
- C:\Windows\System\ZdWgNkl.exe
  C:\Windows\System\ZdWgNkl.exe
  2⤵
  PID:8868
- C:\Windows\System\JpiZYmd.exe
  C:\Windows\System\JpiZYmd.exe
  2⤵
  PID:8884
- C:\Windows\System\unOHQQQ.exe
  C:\Windows\System\unOHQQQ.exe
  2⤵
  PID:8908
- C:\Windows\System\ZkYbzVN.exe
  C:\Windows\System\ZkYbzVN.exe
  2⤵
  PID:8928
- C:\Windows\System\YiGLodo.exe
  C:\Windows\System\YiGLodo.exe
  2⤵
  PID:8944
- C:\Windows\System\tvXkmJe.exe
  C:\Windows\System\tvXkmJe.exe
  2⤵
  PID:8960
- C:\Windows\System\DNRGNqJ.exe
  C:\Windows\System\DNRGNqJ.exe
  2⤵
  PID:8976
- C:\Windows\System\TUYifps.exe
  C:\Windows\System\TUYifps.exe
  2⤵
  PID:9000
- C:\Windows\System\dVJKHdN.exe
  C:\Windows\System\dVJKHdN.exe
  2⤵
  PID:9020
- C:\Windows\System\UwRCmYU.exe
  C:\Windows\System\UwRCmYU.exe
  2⤵
  PID:9036
- C:\Windows\System\wxjwUud.exe
  C:\Windows\System\wxjwUud.exe
  2⤵
  PID:9056
- C:\Windows\System\adTUQtx.exe
  C:\Windows\System\adTUQtx.exe
  2⤵
  PID:9088
- C:\Windows\System\aWYXHiF.exe
  C:\Windows\System\aWYXHiF.exe
  2⤵
  PID:9112
- C:\Windows\System\okSOKIw.exe
  C:\Windows\System\okSOKIw.exe
  2⤵
  PID:9128
- C:\Windows\System\SbSSsET.exe
  C:\Windows\System\SbSSsET.exe
  2⤵
  PID:9148
- C:\Windows\System\RAzsfGN.exe
  C:\Windows\System\RAzsfGN.exe
  2⤵
  PID:9164
- C:\Windows\System\YZGDbTo.exe
  C:\Windows\System\YZGDbTo.exe
  2⤵
  PID:9184
- C:\Windows\System\ycypUgV.exe
  C:\Windows\System\ycypUgV.exe
  2⤵
  PID:9208
- C:\Windows\System\GaYTNJp.exe
  C:\Windows\System\GaYTNJp.exe
  2⤵
  PID:7344
- C:\Windows\System\CDFNIbM.exe
  C:\Windows\System\CDFNIbM.exe
  2⤵
  PID:8232
- C:\Windows\System\FloKdsv.exe
  C:\Windows\System\FloKdsv.exe
  2⤵
  PID:8248
- C:\Windows\System\SZvPvvP.exe
  C:\Windows\System\SZvPvvP.exe
  2⤵
  PID:8264
- C:\Windows\System\lrdLZhp.exe
  C:\Windows\System\lrdLZhp.exe
  2⤵
  PID:8288
- C:\Windows\System\IwqUVAG.exe
  C:\Windows\System\IwqUVAG.exe
  2⤵
  PID:8336
- C:\Windows\System\KTBTXfT.exe
  C:\Windows\System\KTBTXfT.exe
  2⤵
  PID:8384
- C:\Windows\System\kWIfQQx.exe
  C:\Windows\System\kWIfQQx.exe
  2⤵
  PID:8360
- C:\Windows\System\kCAqVHP.exe
  C:\Windows\System\kCAqVHP.exe
  2⤵
  PID:8396
- C:\Windows\System\hKTZjnS.exe
  C:\Windows\System\hKTZjnS.exe
  2⤵
  PID:8436
- C:\Windows\System\GceRoxI.exe
  C:\Windows\System\GceRoxI.exe
  2⤵
  PID:8468
- C:\Windows\System\vsPKJNY.exe
  C:\Windows\System\vsPKJNY.exe
  2⤵
  PID:8508
- C:\Windows\System\reOceUs.exe
  C:\Windows\System\reOceUs.exe
  2⤵
  PID:8516
- C:\Windows\System\QdeSbDm.exe
  C:\Windows\System\QdeSbDm.exe
  2⤵
  PID:8552
- C:\Windows\System\tsphqBF.exe
  C:\Windows\System\tsphqBF.exe
  2⤵
  PID:8624
- C:\Windows\System\FlgUfCR.exe
  C:\Windows\System\FlgUfCR.exe
  2⤵
  PID:8656
- C:\Windows\System\aUheHxr.exe
  C:\Windows\System\aUheHxr.exe
  2⤵
  PID:8604
- C:\Windows\System\eMZLfUJ.exe
  C:\Windows\System\eMZLfUJ.exe
  2⤵
  PID:8684
- C:\Windows\System\uSvtBkk.exe
  C:\Windows\System\uSvtBkk.exe
  2⤵
  PID:8740
- C:\Windows\System\Bnogytp.exe
  C:\Windows\System\Bnogytp.exe
  2⤵
  PID:8820
- C:\Windows\System\qLahHvm.exe
  C:\Windows\System\qLahHvm.exe
  2⤵
  PID:8832
- C:\Windows\System\cQQGYWY.exe
  C:\Windows\System\cQQGYWY.exe
  2⤵
  PID:8892
- C:\Windows\System\EpZUbIE.exe
  C:\Windows\System\EpZUbIE.exe
  2⤵
  PID:8808
- C:\Windows\System\GWnTAgK.exe
  C:\Windows\System\GWnTAgK.exe
  2⤵
  PID:9016
- C:\Windows\System\oTvZktd.exe
  C:\Windows\System\oTvZktd.exe
  2⤵
  PID:8848
- C:\Windows\System\bavsdgs.exe
  C:\Windows\System\bavsdgs.exe
  2⤵
  PID:8996
- C:\Windows\System\qYQVzuG.exe
  C:\Windows\System\qYQVzuG.exe
  2⤵
  PID:8992
- C:\Windows\System\vemdCjT.exe
  C:\Windows\System\vemdCjT.exe
  2⤵
  PID:9064
- C:\Windows\System\VwBplfC.exe
  C:\Windows\System\VwBplfC.exe
  2⤵
  PID:9096
- C:\Windows\System\cexvRDO.exe
  C:\Windows\System\cexvRDO.exe
  2⤵
  PID:9144
- C:\Windows\System\FKuCpAb.exe
  C:\Windows\System\FKuCpAb.exe
  2⤵
  PID:9180
- C:\Windows\System\kPhiIhI.exe
  C:\Windows\System\kPhiIhI.exe
  2⤵
  PID:9160
- C:\Windows\System\UJgNvLB.exe
  C:\Windows\System\UJgNvLB.exe
  2⤵
  PID:7520
- C:\Windows\System\vJdXPyN.exe
  C:\Windows\System\vJdXPyN.exe
  2⤵
  PID:8276
- C:\Windows\System\EGMweic.exe
  C:\Windows\System\EGMweic.exe
  2⤵
  PID:8260
- C:\Windows\System\WyQAqOs.exe
  C:\Windows\System\WyQAqOs.exe
  2⤵
  PID:8304
- C:\Windows\System\rIsQdqy.exe
  C:\Windows\System\rIsQdqy.exe
  2⤵
  PID:8332
- C:\Windows\System\veRmXJC.exe
  C:\Windows\System\veRmXJC.exe
  2⤵
  PID:8340
- C:\Windows\System\TUtfQiq.exe
  C:\Windows\System\TUtfQiq.exe
  2⤵
  PID:8424
- C:\Windows\System\gesWwtr.exe
  C:\Windows\System\gesWwtr.exe
  2⤵
  PID:8512
- C:\Windows\System\EuRSUKh.exe
  C:\Windows\System\EuRSUKh.exe
  2⤵
  PID:8500
- C:\Windows\System\WdLVsmi.exe
  C:\Windows\System\WdLVsmi.exe
  2⤵
  PID:8556
- C:\Windows\System\KsZcEqt.exe
  C:\Windows\System\KsZcEqt.exe
  2⤵
  PID:9196
- C:\Windows\System\ylLwjMM.exe
  C:\Windows\System\ylLwjMM.exe
  2⤵
  PID:8680
- C:\Windows\System\srCFzkG.exe
  C:\Windows\System\srCFzkG.exe
  2⤵
  PID:8764
- C:\Windows\System\YJRBJMK.exe
  C:\Windows\System\YJRBJMK.exe
  2⤵
  PID:8784
- C:\Windows\System\yTdhCWi.exe
  C:\Windows\System\yTdhCWi.exe
  2⤵
  PID:8824
- C:\Windows\System\cXTfPcY.exe
  C:\Windows\System\cXTfPcY.exe
  2⤵
  PID:8968
- C:\Windows\System\kLSEtpm.exe
  C:\Windows\System\kLSEtpm.exe
  2⤵
  PID:8984
- C:\Windows\System\dbZgnBk.exe
  C:\Windows\System\dbZgnBk.exe
  2⤵
  PID:9080
- C:\Windows\System\BHSedxQ.exe
  C:\Windows\System\BHSedxQ.exe
  2⤵
  PID:9104
- C:\Windows\System\nZhGLOu.exe
  C:\Windows\System\nZhGLOu.exe
  2⤵
  PID:9192
- C:\Windows\System\UQwCfvc.exe
  C:\Windows\System\UQwCfvc.exe
  2⤵
  PID:8196
- C:\Windows\System\ascoIEF.exe
  C:\Windows\System\ascoIEF.exe
  2⤵
  PID:8220
- C:\Windows\System\enTuMWa.exe
  C:\Windows\System\enTuMWa.exe
  2⤵
  PID:8320
- C:\Windows\System\cpAiRCe.exe
  C:\Windows\System\cpAiRCe.exe
  2⤵
  PID:8588
- C:\Windows\System\RYJffoK.exe
  C:\Windows\System\RYJffoK.exe
  2⤵
  PID:8380
- C:\Windows\System\mvNVsbf.exe
  C:\Windows\System\mvNVsbf.exe
  2⤵
  PID:9012
- C:\Windows\System\lOJpiXX.exe
  C:\Windows\System\lOJpiXX.exe
  2⤵
  PID:8844
- C:\Windows\System\AsCltaX.exe
  C:\Windows\System\AsCltaX.exe
  2⤵
  PID:8672
- C:\Windows\System\pKrmfKS.exe
  C:\Windows\System\pKrmfKS.exe
  2⤵
  PID:8676
- C:\Windows\System\plHiEFz.exe
  C:\Windows\System\plHiEFz.exe
  2⤵
  PID:8860
- C:\Windows\System\xYTETUO.exe
  C:\Windows\System\xYTETUO.exe
  2⤵
  PID:9072
- C:\Windows\System\tfuFuPW.exe
  C:\Windows\System\tfuFuPW.exe
  2⤵
  PID:8200
- C:\Windows\System\QdPlAqX.exe
  C:\Windows\System\QdPlAqX.exe
  2⤵
  PID:8300
- C:\Windows\System\JFyzJvT.exe
  C:\Windows\System\JFyzJvT.exe
  2⤵
  PID:8596
- C:\Windows\System\ibaukdQ.exe
  C:\Windows\System\ibaukdQ.exe
  2⤵
  PID:9028
- C:\Windows\System\KHdugtS.exe
  C:\Windows\System\KHdugtS.exe
  2⤵
  PID:8352
- C:\Windows\System\iXKoJqp.exe
  C:\Windows\System\iXKoJqp.exe
  2⤵
  PID:8956
- C:\Windows\System\etaBrZu.exe
  C:\Windows\System\etaBrZu.exe
  2⤵
  PID:8864
- C:\Windows\System\lGAdNJM.exe
  C:\Windows\System\lGAdNJM.exe
  2⤵
  PID:9176
- C:\Windows\System\DmxdBDM.exe
  C:\Windows\System\DmxdBDM.exe
  2⤵
  PID:7932
- C:\Windows\System\qmqnkCm.exe
  C:\Windows\System\qmqnkCm.exe
  2⤵
  PID:8492
- C:\Windows\System\EpSAtyE.exe
  C:\Windows\System\EpSAtyE.exe
  2⤵
  PID:8700
- C:\Windows\System\EAMMcaR.exe
  C:\Windows\System\EAMMcaR.exe
  2⤵
  PID:8548
- C:\Windows\System\wrRmOeg.exe
  C:\Windows\System\wrRmOeg.exe
  2⤵
  PID:8916
- C:\Windows\System\HHSCdAN.exe
  C:\Windows\System\HHSCdAN.exe
  2⤵
  PID:9220
- C:\Windows\System\DgbgOJQ.exe
  C:\Windows\System\DgbgOJQ.exe
  2⤵
  PID:9236
- C:\Windows\System\MwlqlDJ.exe
  C:\Windows\System\MwlqlDJ.exe
  2⤵
  PID:9252
- C:\Windows\System\fwyOChm.exe
  C:\Windows\System\fwyOChm.exe
  2⤵
  PID:9268
- C:\Windows\System\egZOADR.exe
  C:\Windows\System\egZOADR.exe
  2⤵
  PID:9304
- C:\Windows\System\NARYoeC.exe
  C:\Windows\System\NARYoeC.exe
  2⤵
  PID:9324
- C:\Windows\System\EKJpYpz.exe
  C:\Windows\System\EKJpYpz.exe
  2⤵
  PID:9348
- C:\Windows\System\IfQntJD.exe
  C:\Windows\System\IfQntJD.exe
  2⤵
  PID:9364
- C:\Windows\System\xlrDYfh.exe
  C:\Windows\System\xlrDYfh.exe
  2⤵
  PID:9380
- C:\Windows\System\ikzrcvg.exe
  C:\Windows\System\ikzrcvg.exe
  2⤵
  PID:9396
- C:\Windows\System\UDbrbmp.exe
  C:\Windows\System\UDbrbmp.exe
  2⤵
  PID:9416
- C:\Windows\System\mtINNWE.exe
  C:\Windows\System\mtINNWE.exe
  2⤵
  PID:9432
- C:\Windows\System\OQCVEjk.exe
  C:\Windows\System\OQCVEjk.exe
  2⤵
  PID:9448
- C:\Windows\System\sjzrTWN.exe
  C:\Windows\System\sjzrTWN.exe
  2⤵
  PID:9468
- C:\Windows\System\ZJsHTeM.exe
  C:\Windows\System\ZJsHTeM.exe
  2⤵
  PID:9500
- C:\Windows\System\qClqcOl.exe
  C:\Windows\System\qClqcOl.exe
  2⤵
  PID:9520
- C:\Windows\System\MsHAAzH.exe
  C:\Windows\System\MsHAAzH.exe
  2⤵
  PID:9540
- C:\Windows\System\gJtzbtC.exe
  C:\Windows\System\gJtzbtC.exe
  2⤵
  PID:9560
- C:\Windows\System\bQsHNFz.exe
  C:\Windows\System\bQsHNFz.exe
  2⤵
  PID:9576
- C:\Windows\System\iMtmfXC.exe
  C:\Windows\System\iMtmfXC.exe
  2⤵
  PID:9592
- C:\Windows\System\NNqWJJo.exe
  C:\Windows\System\NNqWJJo.exe
  2⤵
  PID:9620
- C:\Windows\System\NhKxaJN.exe
  C:\Windows\System\NhKxaJN.exe
  2⤵
  PID:9656
- C:\Windows\System\SEwucMf.exe
  C:\Windows\System\SEwucMf.exe
  2⤵
  PID:9676
- C:\Windows\System\ueIwJDc.exe
  C:\Windows\System\ueIwJDc.exe
  2⤵
  PID:9692
- C:\Windows\System\enfrsQN.exe
  C:\Windows\System\enfrsQN.exe
  2⤵
  PID:9708
- C:\Windows\System\TPomEsK.exe
  C:\Windows\System\TPomEsK.exe
  2⤵
  PID:9732
- C:\Windows\System\lkvktaz.exe
  C:\Windows\System\lkvktaz.exe
  2⤵
  PID:9748
- C:\Windows\System\JGsiAMh.exe
  C:\Windows\System\JGsiAMh.exe
  2⤵
  PID:9772
- C:\Windows\System\mnErUMO.exe
  C:\Windows\System\mnErUMO.exe
  2⤵
  PID:9792
- C:\Windows\System\nDFaVBo.exe
  C:\Windows\System\nDFaVBo.exe
  2⤵
  PID:9816
- C:\Windows\System\ESWnxuj.exe
  C:\Windows\System\ESWnxuj.exe
  2⤵
  PID:9832
- C:\Windows\System\tYsKEvc.exe
  C:\Windows\System\tYsKEvc.exe
  2⤵
  PID:9852
- C:\Windows\System\nVqreWw.exe
  C:\Windows\System\nVqreWw.exe
  2⤵
  PID:9868
- C:\Windows\System\QjPYdtC.exe
  C:\Windows\System\QjPYdtC.exe
  2⤵
  PID:9888
- C:\Windows\System\ldjonHQ.exe
  C:\Windows\System\ldjonHQ.exe
  2⤵
  PID:9904
- C:\Windows\System\BsEofei.exe
  C:\Windows\System\BsEofei.exe
  2⤵
  PID:9920
- C:\Windows\System\UzBTAYU.exe
  C:\Windows\System\UzBTAYU.exe
  2⤵
  PID:9936
- C:\Windows\System\AoFoFKK.exe
  C:\Windows\System\AoFoFKK.exe
  2⤵
  PID:9956
- C:\Windows\System\sLOknmf.exe
  C:\Windows\System\sLOknmf.exe
  2⤵
  PID:9972
- C:\Windows\System\PfCqQqz.exe
  C:\Windows\System\PfCqQqz.exe
  2⤵
  PID:9988
- C:\Windows\System\MyulmAB.exe
  C:\Windows\System\MyulmAB.exe
  2⤵
  PID:10024
- C:\Windows\System\PUOEQeG.exe
  C:\Windows\System\PUOEQeG.exe
  2⤵
  PID:10048
- C:\Windows\System\RyYnLRI.exe
  C:\Windows\System\RyYnLRI.exe
  2⤵
  PID:10064
- C:\Windows\System\anjyVgb.exe
  C:\Windows\System\anjyVgb.exe
  2⤵
  PID:10100
- C:\Windows\System\Dwqstqn.exe
  C:\Windows\System\Dwqstqn.exe
  2⤵
  PID:10116
- C:\Windows\System\hUiCZmD.exe
  C:\Windows\System\hUiCZmD.exe
  2⤵
  PID:10132
- C:\Windows\System\chtvGNG.exe
  C:\Windows\System\chtvGNG.exe
  2⤵
  PID:10148
- C:\Windows\System\ygEJLGG.exe
  C:\Windows\System\ygEJLGG.exe
  2⤵
  PID:10164
- C:\Windows\System\mzQcTYM.exe
  C:\Windows\System\mzQcTYM.exe
  2⤵
  PID:10180
- C:\Windows\System\OnlGUzN.exe
  C:\Windows\System\OnlGUzN.exe
  2⤵
  PID:10220
- C:\Windows\System\zdpOxPj.exe
  C:\Windows\System\zdpOxPj.exe
  2⤵
  PID:9228
- C:\Windows\System\XWuJdLS.exe
  C:\Windows\System\XWuJdLS.exe
  2⤵
  PID:9260
- C:\Windows\System\EhkQTBu.exe
  C:\Windows\System\EhkQTBu.exe
  2⤵
  PID:9264
- C:\Windows\System\SdkgEsY.exe
  C:\Windows\System\SdkgEsY.exe
  2⤵
  PID:8760
- C:\Windows\System\BMEjIna.exe
  C:\Windows\System\BMEjIna.exe
  2⤵
  PID:9284
- C:\Windows\System\HRVTkBU.exe
  C:\Windows\System\HRVTkBU.exe
  2⤵
  PID:9280
- C:\Windows\System\OdiFWMn.exe
  C:\Windows\System\OdiFWMn.exe
  2⤵
  PID:9372
- C:\Windows\System\QDYrjlR.exe
  C:\Windows\System\QDYrjlR.exe
  2⤵
  PID:9440
- C:\Windows\System\eqBNpPR.exe
  C:\Windows\System\eqBNpPR.exe
  2⤵
  PID:9456
- C:\Windows\System\dCbDTSV.exe
  C:\Windows\System\dCbDTSV.exe
  2⤵
  PID:9476
- C:\Windows\System\VuapFYd.exe
  C:\Windows\System\VuapFYd.exe
  2⤵
  PID:9496
- C:\Windows\System\feCnkql.exe
  C:\Windows\System\feCnkql.exe
  2⤵
  PID:9572
- C:\Windows\System\KmdGCwU.exe
  C:\Windows\System\KmdGCwU.exe
  2⤵
  PID:9552
- C:\Windows\System\inVjriI.exe
  C:\Windows\System\inVjriI.exe
  2⤵
  PID:9616
- C:\Windows\System\ZdiQAMs.exe
  C:\Windows\System\ZdiQAMs.exe
  2⤵
  PID:9632
- C:\Windows\System\MkivTVC.exe
  C:\Windows\System\MkivTVC.exe
  2⤵
  PID:9688
- C:\Windows\System\jpLqbPc.exe
  C:\Windows\System\jpLqbPc.exe
  2⤵
  PID:9740
- C:\Windows\System\VaHPjqo.exe
  C:\Windows\System\VaHPjqo.exe
  2⤵
  PID:9768
- C:\Windows\System\YteUHoL.exe
  C:\Windows\System\YteUHoL.exe
  2⤵
  PID:9800
- C:\Windows\System\cOBdylp.exe
  C:\Windows\System\cOBdylp.exe
  2⤵
  PID:9840
- C:\Windows\System\penNpak.exe
  C:\Windows\System\penNpak.exe
  2⤵
  PID:9896
- C:\Windows\System\kkhXfYd.exe
  C:\Windows\System\kkhXfYd.exe
  2⤵
  PID:9916
- C:\Windows\System\zDLwmkm.exe
  C:\Windows\System\zDLwmkm.exe
  2⤵
  PID:9952
- C:\Windows\System\VVcyXrN.exe
  C:\Windows\System\VVcyXrN.exe
  2⤵
  PID:9948
- C:\Windows\System\NuSbqDX.exe
  C:\Windows\System\NuSbqDX.exe
  2⤵
  PID:10040
- C:\Windows\System\WjtrfAg.exe
  C:\Windows\System\WjtrfAg.exe
  2⤵
  PID:10088
- C:\Windows\System\oLoXEwr.exe
  C:\Windows\System\oLoXEwr.exe
  2⤵
  PID:10096
- C:\Windows\System\MDaWbJs.exe
  C:\Windows\System\MDaWbJs.exe
  2⤵
  PID:10128
- C:\Windows\System\zVIAcGF.exe
  C:\Windows\System\zVIAcGF.exe
  2⤵
  PID:10228
- C:\Windows\System\brqGhvI.exe
  C:\Windows\System\brqGhvI.exe
  2⤵
  PID:9232
- C:\Windows\System\BGkbtPK.exe
  C:\Windows\System\BGkbtPK.exe
  2⤵
  PID:10212
- C:\Windows\System\eGoLRCy.exe
  C:\Windows\System\eGoLRCy.exe
  2⤵
  PID:8536
- C:\Windows\System\lnMidEn.exe
  C:\Windows\System\lnMidEn.exe
  2⤵
  PID:9316
- C:\Windows\System\AoWauJS.exe
  C:\Windows\System\AoWauJS.exe
  2⤵
  PID:9340
- C:\Windows\System\IBuYLqL.exe
  C:\Windows\System\IBuYLqL.exe
  2⤵
  PID:9388
- C:\Windows\System\TLzSZkj.exe
  C:\Windows\System\TLzSZkj.exe
  2⤵
  PID:9464
- C:\Windows\System\bYFMyCB.exe
  C:\Windows\System\bYFMyCB.exe
  2⤵
  PID:9516
- C:\Windows\System\cPBOvrl.exe
  C:\Windows\System\cPBOvrl.exe
  2⤵
  PID:9588
- C:\Windows\System\rpZyErG.exe
  C:\Windows\System\rpZyErG.exe
  2⤵
  PID:9628
- C:\Windows\System\QJyTUZh.exe
  C:\Windows\System\QJyTUZh.exe
  2⤵
  PID:9344
- C:\Windows\System\ckPnlkQ.exe
  C:\Windows\System\ckPnlkQ.exe
  2⤵
  PID:9668
- C:\Windows\System\clTuIYh.exe
  C:\Windows\System\clTuIYh.exe
  2⤵
  PID:9724
- C:\Windows\System\WyFKzRw.exe
  C:\Windows\System\WyFKzRw.exe
  2⤵
  PID:9876
- C:\Windows\System\cXCTLNI.exe
  C:\Windows\System\cXCTLNI.exe
  2⤵
  PID:9828
- C:\Windows\System\NloNjWj.exe
  C:\Windows\System\NloNjWj.exe
  2⤵
  PID:9912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BasiwCx.exe

Filesize
6.0MB

MD5
4531f640738863721620344acc6efc0a

SHA1
68518cfc02a34a82f97cdf7ae9b89067e7db2dfc

SHA256
772823ee7802d10fa4353422763e76517325bc415536020e29b131bcb66277cf

SHA512
61de611f75f27364ce9cf030ac0b5482a5c7262dd55b57c3fd76685800c5723c4ed16eb58d57b897e12d658a66953c8e185b4bb1ba98cf472a3f0a47907560b3

Download Submit
C:\Windows\system\ElWDFKa.exe

Filesize
6.0MB

MD5
d2c8783b7463edceb0834fe9a51ebe4a

SHA1
acd57c180d2a1b69206e8bb3944e2f8cee7e9a7b

SHA256
0dee735b75128079fef988b2c19f3bed214b49f0dc34396cd4c292ce9dae53d2

SHA512
f5bf512c9b7e10af862ce491d36ad5e0f9688672aa2594599ee18b2931ebaa2a14e6ae94c711f9838cb6b378a2e27c0a9aa4922fe8f02be3304a73e310dd4bd6

Download Submit
C:\Windows\system\FjOyNPT.exe

Filesize
6.0MB

MD5
a171ae0c60c726c9043a17f341e926e3

SHA1
665383042872354aafba1e49822745ec896f7485

SHA256
5e21b4158fafbd01471baa5f886db14e0f07644c327d1b27e1f60a7357cc6e8e

SHA512
271c4d9039f70e8c4dbb869a63ed3ff1575d6d35a0a9f1c311da78dd10158805429764f0f856b13e84f97b8b107c928ac1fa495ac7e64a67de4e059e901f2963

Download Submit
C:\Windows\system\HuBojMT.exe

Filesize
6.0MB

MD5
af44e019224ac2a600e360667c5a6fb3

SHA1
3561676b815490566d6d58c4689380117fd90e1a

SHA256
293234fa9f86d5c087554fb43cb03d095af6e09e98c44376a2f4e72e6eabf39c

SHA512
4a6c62da5b11ae5cd789b0af83ab5b5574e9193ef38b109a8693703127ccd22ee474313246645e3b09e12f4251a85c153c9f9698fcc205eaa5e6b93c8746761b

Download Submit
C:\Windows\system\JxMkyND.exe

Filesize
6.0MB

MD5
eb100b296b17d43da0c2464f40423646

SHA1
a0ea454795c7b854826a96b2d751e18d621ba75c

SHA256
51c866f8f3e0f2c2e83d1568c37b05322c140ebe491c9a23f2491fd204eedd30

SHA512
bba8a6c01a5b55b6e806cbc8220cb6ff738933eb08ba9aa5ade8bdb7a52b748b5eba2dbd07a3d368612b83cd6bbe0c2b002138fd1c1f179dc0d8c799b544e18a

Download Submit
C:\Windows\system\LVErvIb.exe

Filesize
6.0MB

MD5
31dceebb723bb82976db9759b565ffd3

SHA1
dc36a567771c3313a3d61f972ac8719536a46b14

SHA256
334e0865dea5fce7a2abb38a99c4082ddd59c0a36b7ba13a7218211043e3998a

SHA512
0ada2401481653b6c32d708048d4dd158041905aca443be14614e71e10e01b077b9b78fde07924ba75f341a73128b50da8be266a43f239d28a8ea827d57ab861

Download Submit
C:\Windows\system\OZZWWHE.exe

Filesize
8B

MD5
14b461b76be1e9871da49ef1975dc011

SHA1
7d1bd1c0f3fc14ae3ca169cc09d763b97dedd229

SHA256
8f2185d3ee39cd7c66d0c259dc9a4e7be92634a2a60b4f89f14e5391a16dcb27

SHA512
d49f8cda5d955c3963b04a45ce15e3ca3f26df346e854766aee0a0ffdb4ce5a05a6ff8ad4941ce8d2dd010d66f688457e4003d7a55455fede82e00f9f8e97373

Download Submit
C:\Windows\system\UePbUPA.exe

Filesize
6.0MB

MD5
7db8413ae60c5579a9bba2062ba65a67

SHA1
61a87d0d9be406784e526fcc46230a72357207af

SHA256
1e0e77615bdfa77d8f6abd4035fb3485fe3d785f88d6a3b9013bf1fe513a206a

SHA512
6c1760a357a4e2a4f2269f8163803ccb7f4095be4b531ffdc8e2b9e82c01346c4f81cbce2ed401af37ff1a9bf3edaf5f5ba902b9fca536f5eecd1c05f56a6acd

Download Submit
C:\Windows\system\VQhWAuf.exe

Filesize
6.0MB

MD5
6bc39972d8692f74b446bce612adc69a

SHA1
d1b02141cc60a302d297d705101d036bd7b60da9

SHA256
1ab0d1444b63c4c22d3582a6382b8d83514f11226c92a2e6d0a1fc7f8a805d28

SHA512
2d6937a0f3496acf71cc4b76d8b4c7274e7329e251059663ddd8c7a6ae60f05bce6fbcb05c769fc3a6bc183624ef5cf2e655c05adf71a34216b1fe1fd2572c0b

Download Submit
C:\Windows\system\agQWFLE.exe

Filesize
6.0MB

MD5
7700d0ec232aec92d061ce988a323d8a

SHA1
79c1ff091f144e48cf38ee0b137d7f3fd40efa65

SHA256
2508d9cfd6195b1fcb6d74fe36b6b6d920f4e60ad2199cfb613922721b0dbb94

SHA512
236bc5afb4ea90789518482f71c54d543c0c6fd8a871ed77f3351f5f5382f992008decdf085a2d043e487dfe9e03035e93dcd5b0434e02f695a3944796be593b

Download Submit
C:\Windows\system\daBMErk.exe

Filesize
6.0MB

MD5
ff9267f9e41bdd81f5278bfc3af0d5a4

SHA1
76de0ee413df0b6debfba4a6739e4ad51b13fcf3

SHA256
f15fc0cc6eff4710a20711c7482824f58fa45004a3e5e960634707b2f47e3f9d

SHA512
0311b8e4140910d46f6b16656638a584678b704dac1f4241f2b48013044d54df5003a958aa5660686c799188a8929354f24179c957a63f37e29f45a83a376f8d

Download Submit
C:\Windows\system\fMiCHHp.exe

Filesize
6.0MB

MD5
db20708dc143efd43aa1852555a95a34

SHA1
000627dd229fdba8bcdb405626ca2486dbe28197

SHA256
2e6b415758895020bc1291b414a34d7dab1b3d4d4b8895b2dd9579ada2ca3daf

SHA512
b3d70461d7049d0f9769e634dbf58b4b3f35c47bee968989b4dae5793b970a34e5df687a8cfb209d137ec3666681f95379726f9beb25e7748688d1251f0563c0

Download Submit
C:\Windows\system\gCVRahy.exe

Filesize
6.0MB

MD5
7efcf99a12fc90e5d2d55d58e7300e9f

SHA1
984e5af86ef48d3e38238e83ea709c5209ef2340

SHA256
9c7b25cc11514feaad6af9534335a98dcd2a85766f8a8a72880a5ffe4bc7dc92

SHA512
6be8f31d083a622308f63b71e8bd321fc7f1f8aaeab880a2d708b6f1fdea0075356b4c3287c8fb4061836c0917fdff4e6a6e649ab46b755246b76ade20fe568c

Download Submit
C:\Windows\system\getYFXO.exe

Filesize
6.0MB

MD5
06bb676e780ed4d060ee6fd9a59b74ae

SHA1
4b807cef29207d1d6a5365db1b4f56216fc4a845

SHA256
513f83ea943fed42b21b198db06d8d73c079a8d9120f53e753f149c82576d13f

SHA512
a9100fd185b9460b8443720193e00c958d2dd988c0a13013500cc96a55dc00eda5910f708dd8e898186ffe1c3aaf2ad6abefcea3a9fa5598323cdae59dd380a5

Download Submit
C:\Windows\system\hJonvSB.exe

Filesize
6.0MB

MD5
1434f6884de1648c82ceb2bd0aa58331

SHA1
34d44d0413b3b578e16a46c1c1123bc7fb60dd5b

SHA256
3abf803ca0595d041cb3df28e1695a510d76cd7aeb9bc539ecdd8d567e903d72

SHA512
727852ef3af9ba30c79ae0cea03ebf9c038eecde117bae5a44c4f2e489030723d8ac9a1f7872e7d66a8305aa167b05dcf2419ddf759e2d9bccbd1497ddee04c3

Download Submit
C:\Windows\system\kVgILbV.exe

Filesize
6.0MB

MD5
462c7eae69528e515766f0231e901a9a

SHA1
e6e1a263cce5c7400591fbb4c0a106d0226625ea

SHA256
4a1bcd940d1a54a03d5c6e0fea4ff7993e902ae33a0c437f3667e27026ae1a36

SHA512
b98f4100008cd92535104ea761be1b4a4f642bf39113d5dc79758aa4b5a69cd0b386249eac74bce096cc9837aeb2e8587512ed5392dab0398ea3dcea96672cd9

Download Submit
C:\Windows\system\mSJbNNb.exe

Filesize
6.0MB

MD5
184e7c003427c2b804d4a83571ce365c

SHA1
ce07bd47a86aae4f9327844ce8e704aee91fecaa

SHA256
e63fc91c99c3dad1ae0338f1ca8f4e614c10266b363e7ce262058565abed56ca

SHA512
e2015fac1c2a642a93fbd8c14777efae119697eb587df2ea3a3cba13996764a6644b356be2061ad72f2d15fe134fbd0e2f243edf44f8f72cbca36f41ca3ada1e

Download Submit
C:\Windows\system\nKSVTZz.exe

Filesize
6.0MB

MD5
dab3eee19d33844076e02cbf4afafcaf

SHA1
a58ec5932978f4bb40406585ffd468a3363cb069

SHA256
bd34d38a113045305ebe2bf228a00c25627e7e7398c922e476bf54e25a424973

SHA512
44ae0ba3af8952bd1e14ef1f4180045385df6e6d69a7d10a8b725b23a8e630e7c89c1be4f0d38eb658b33076a01c3d23d217d191e27a939b9e2940164fd7ce68

Download Submit
C:\Windows\system\nvQDMaW.exe

Filesize
6.0MB

MD5
6e42be1decf9c90c7d6ddb57004ff91a

SHA1
be6ddd16663d493da5d0692711e63c0a1903110f

SHA256
ffe68c5764081f1241d0a57b917940b7f2050a833013970957001f7121f17cc1

SHA512
71c30ef7ebe44a5eddbceb6ccbe3f15ce06a9a6c3b028551ddd85af87a14e21c95154818bef90a4c83ced6d4d2606f332e1e64c7c7a0b5fd1fa44a5c249c2594

Download Submit
C:\Windows\system\qaOyvrw.exe

Filesize
6.0MB

MD5
36d92741f67cf28cfb34d627d6a0174a

SHA1
6020dd0f56ed008372dfef6f36bf283236dab6bb

SHA256
4d49bacac7b1674bf1aa87a15113c835fbe3a38cbbe266f262d17f00826de173

SHA512
8905a2b79f57b7871102322d2163865358707f61e4a894605e2f3aee21063db765241c2c13ec8f92780fd096fecf033b137c6b3f764329b26ed0de5d26e74072

Download Submit
C:\Windows\system\vTDdAvw.exe

Filesize
6.0MB

MD5
3012e3285aa3fff93343e7020ab3c802

SHA1
b0697ba27e5c41cead8cc55fca73fddae9b29300

SHA256
d2ac4823dc5e77672b3c1616cd1a9f05768226264430940fdd5e322a43fd90f0

SHA512
869a54cb8fc45a76987d3eaab9d8fcef6ca759ca13f2e9ba416712e23e5016fbc3e6867f74b240413d88b2ece461ef39235a1baf509f99883de94a84e15c9612

Download Submit
C:\Windows\system\wmRlihm.exe

Filesize
6.0MB

MD5
0bcfa3c080445dcfe72a5adb8b63d21e

SHA1
54dcb69e9450319e284c9a3724dc833c115e36c5

SHA256
d293e8f757951e58ed522c82968013b1ca74f467f8a24f1bc7653645ac26ea28

SHA512
aff8c70f5cc23be46e1245fcb28e0e09a0e8d3e29a7f7acb47152487c5c829a3013af253c79f95c1d455ae5b1f5ef1daa37340bd67bb45f85d409ca0d4c5a5d3

Download Submit
C:\Windows\system\yKNqzRv.exe

Filesize
6.0MB

MD5
7332ae56c73477e562ab08691933da11

SHA1
df9060004729a24c73693ed564801a74ab27a9a3

SHA256
5e0baf97f7a3ed4563f9405a56ba5bea62c61e4898fdfb8d2dafcb6076da6625

SHA512
6188b2642b191f441ff843fd3e5aca21898c540b284e39d086cfb6542d36c0bdd694180cc07319380246943c8dfa7d38744fcb60e0632539ba9041b9a6c30f29

Download Submit
C:\Windows\system\zNYzDmv.exe

Filesize
6.0MB

MD5
7b0790b11d3214f6911e425cbe69ded4

SHA1
fe83386860ce30c9779f1a6bb3164934692e45c6

SHA256
e483c1e789fe945cba7c136dc9a31a65a74c3b595b2880e5a7cda4a92e4c0f0b

SHA512
e780af2533c5ae707b5a80d713d7f889245f721e42ec0ae73a0676842d7b1db61bec28013e19149da63ebc6607cd90bc325b97e5177a8a228ffd277309920032

Download Submit
\Windows\system\BeYijWx.exe

Filesize
6.0MB

MD5
86293543c315249f8a68cfcb19f428b2

SHA1
d7100c13b8e1e3b0065e7cc2ea6abee4925f461d

SHA256
16ccc0384dda1c18cfe7cd30b7a36cf3236462b174d78af74c320ca670507c0c

SHA512
f903493bc1a547597dfcd020e5526093bdcf3d3e4ea66ce830df00fc6801dc56a9de85a6154bfb4d463af76e1ec6647d64549ebc5fcb57d2e5b7ac93f5e1cc88

Download Submit
\Windows\system\KoefdLC.exe

Filesize
6.0MB

MD5
fab92061d1e222799e8b53d51801ce34

SHA1
fb5e6acabfb366bc198f4ba80316dc1f7fc3f481

SHA256
d0dd82fe6443d75341ccd316fd054234e515e073643f549fb5ee67d2f65630b8

SHA512
cb25f6f1f42a4045372e28f2583e01736e5b676ae9eff8c7c4ed06e2923889ef5b1ff317fff37ca646ec261d97300b2979545aba879a819bb64540752e913877

Download Submit
\Windows\system\QqFgUQk.exe

Filesize
6.0MB

MD5
5cae706e3819a8f65ea632cf878eae7c

SHA1
7a3cfe5fcd692f85c3b6e3fd48c310e02aaf845a

SHA256
710f564fde3b3ffe903cd5ce4356976ba62c2fa48596688f91197758b8c090b6

SHA512
824fca53b26108cec369a2f5e2877faadedb313219d651f97f7a39078f03e5cc261be31a55787c885e6390a07bbdc5f384428af2e59a100db346a4e82f7cba57

Download Submit
\Windows\system\SLQnGTc.exe

Filesize
6.0MB

MD5
a24a0646c7f8d98510ff6ca1bc576cbe

SHA1
d55545be1ec63a6e74b95495ef1d6d49cadd2a53

SHA256
b1a482c26333526f48b991b12ab4487750f9c2d2010d2754a2c5c47d897c4eee

SHA512
bddd21ab6f7ed1afeb62a5c432630a83cd19aebd048533e35c0c0261616a4fd384b537f3ac32983d38888fa7d7bdcce1aeadf03616cc57fdae1bb9e619296125

Download Submit
\Windows\system\mHCkjqy.exe

Filesize
6.0MB

MD5
52f5ddc88367e626e74480e2d7620023

SHA1
08dd445c51484b72617ef58e548c737d1b09c422

SHA256
8ca8ffa7bc0cc134985be7b68dad90daa999f91adbda33821f0eaba311e7c662

SHA512
886e389ac06563595b102e57e3d61dd6584718055ca578caa24e170e03ec08101e7887370e45f64b0b9a95287578fa37da0a79b26fd076bffffcfd8ae80ba190

Download Submit
\Windows\system\nXDPXQI.exe

Filesize
6.0MB

MD5
29fc3c61e74979550905049a88550e9f

SHA1
b35e1eb451f762095b1565a04bad41d12f883051

SHA256
02ab9bcd3788d1b28a6147eff7c3f954c70ef3e69dbb66e3e5fca68278e5a892

SHA512
3b8f088ffe037e2f9de1f963e05048661cc1b4e59364d301f2cee5d2f9afa6774934390a3f43f17d1f435b50df0ed1822c862d3088dd904e03b4ca81ef8695dd

Download Submit
\Windows\system\ohWgtYW.exe

Filesize
6.0MB

MD5
5c570a48a13af92de711d8220a21bdd9

SHA1
8cb6ccb6262d0397d13ab8256f25e94f3f897e19

SHA256
48b9734b2c4c7e65b39a68b02bf4cc2e15b55742839d2468bbf3d191a4b6fd44

SHA512
292ecacdcccdfee9253ec9405b8632d7d31c392105ec721dcfaec6af0a5cc90332dae06e813deff5981cae1edd18e6e29f397fe27684a6d54a6ff4b71b11e6cc

Download Submit
\Windows\system\scNuUvW.exe

Filesize
6.0MB

MD5
45455c07984386a576f196f8cffc965e

SHA1
dff2b3a61618aa7885a67ef27838b8260ae1d5df

SHA256
a8a8f6b48a64e3f2c3400f9cc69ec3018f5941632f4bc17709e7f0fede8e8815

SHA512
a184121adb13929696c9c6984c33877b051e01b95f15afd7e6d8fdcef9172063138404f4e3d0f78b6b7c0dc0bebfe30ffd2e2dca0cc2cf1fa943c49ab8d39f9f

Download Submit
\Windows\system\smGCJoh.exe

Filesize
6.0MB

MD5
92bc53814fd9c43bdc4825c9878b2bae

SHA1
476e18aa7f7fd836b9389b392f11474246cf10ea

SHA256
9ffca81b88f6e166cff678ad59aa12f7a01faa29819a0ef08de22b0c462981f4

SHA512
30ae93d4293c9f5a2166f0be0625cdfa85bbec7c710e00cd96a278801f9fbe193bdcfb42ce1a99d9c321d52badad2c6c3c5a7d50febc54a429935d480c4fe148

Download Submit
memory/824-76-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/824-210-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/824-3100-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1404-3025-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/1404-11-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/1404-47-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/1552-3079-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1552-24-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1552-59-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1568-3136-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1568-776-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1568-109-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1720-344-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-3133-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-84-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/1828-3129-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/1828-100-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/1828-645-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/1992-91-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1992-502-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1992-3127-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2264-3020-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-51-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-15-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-31-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-64-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2280-16-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-96-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2280-95-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-114-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2280-855-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2280-80-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-699-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2280-105-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2280-34-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2280-65-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2280-20-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2280-577-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2280-6-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2280-0-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2280-38-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-104-0x00000000023C0000-0x0000000002714000-memory.dmp

Filesize
3.3MB

Download
memory/2280-42-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2280-72-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-113-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2280-55-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-3104-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2364-90-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2364-52-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2500-60-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2500-99-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2500-3091-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3105-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2656-108-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2656-68-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3062-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-28-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-63-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-75-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-41-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3067-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-3108-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2876-43-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2876-83-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download