cobaltstrike | 8d3cbd7ba487be4af487db4bbc0ae8e7527ec4b64a3be29d83c60a0b43def671

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-11-2024 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

fc9ce0b63dbc03b8e55725233ca550ce
SHA1

891c0913fcdb4b30c78cfeabbb5acbe53887eb79
SHA256

8d3cbd7ba487be4af487db4bbc0ae8e7527ec4b64a3be29d83c60a0b43def671
SHA512

f10c7e03d64e1972cf6af51de0a58f1eaea0e0b63a3f6eceae2bec4e1851bced5e43cee435728ebffd00551f2933d989ddadf9b22e7d786e8673f063c17465ee
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUo:eOl56utgpPF8u/7o

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174cc-27.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196af-195.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019582-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-91.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-75.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186ea-54.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186fd-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018683-52.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017492-49.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186e4-46.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017488-22.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173a9-12.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2384-0-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/memory/2384-30-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x00080000000174cc-27.dat	xmrig
behavioral1/memory/2828-56-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2820-81-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2180-96-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/files/0x0005000000019617-146.dat	xmrig
behavioral1/memory/2384-1530-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/1812-1080-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/3068-554-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x0005000000019615-193.dat	xmrig
behavioral1/files/0x0005000000019611-192.dat	xmrig
behavioral1/files/0x0005000000019667-190.dat	xmrig
behavioral1/files/0x000500000001960d-183.dat	xmrig
behavioral1/files/0x0005000000019623-179.dat	xmrig
behavioral1/files/0x0005000000019609-173.dat	xmrig
behavioral1/files/0x0005000000019621-170.dat	xmrig
behavioral1/files/0x000500000001961b-159.dat	xmrig
behavioral1/files/0x000500000001961d-156.dat	xmrig
behavioral1/files/0x0005000000019619-149.dat	xmrig
behavioral1/files/0x00050000000196af-195.dat	xmrig
behavioral1/files/0x0005000000019625-186.dat	xmrig
behavioral1/memory/2668-112-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019582-109.dat	xmrig
behavioral1/files/0x0005000000019622-178.dat	xmrig
behavioral1/memory/1812-101-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019461-100.dat	xmrig
behavioral1/files/0x000500000001961f-165.dat	xmrig
behavioral1/files/0x0005000000019613-140.dat	xmrig
behavioral1/files/0x000500000001960f-132.dat	xmrig
behavioral1/files/0x000500000001960b-125.dat	xmrig
behavioral1/memory/2384-117-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c5-116.dat	xmrig
behavioral1/files/0x000500000001950c-106.dat	xmrig
behavioral1/memory/2384-95-0x0000000002550000-0x00000000028A4000-memory.dmp	xmrig
behavioral1/memory/2828-94-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/files/0x000500000001944f-91.dat	xmrig
behavioral1/memory/2904-88-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/3068-87-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x0005000000019441-84.dat	xmrig
behavioral1/memory/2668-72-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2632-80-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019427-69.dat	xmrig
behavioral1/files/0x0005000000019431-75.dat	xmrig
behavioral1/memory/2804-66-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2724-57-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2336-65-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2384-64-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186ea-54.dat	xmrig
behavioral1/files/0x00070000000186fd-60.dat	xmrig
behavioral1/files/0x0006000000018683-52.dat	xmrig
behavioral1/memory/2904-51-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2820-50-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x0008000000017492-49.dat	xmrig
behavioral1/files/0x00060000000186e4-46.dat	xmrig
behavioral1/memory/2764-45-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2300-26-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x0008000000017488-22.dat	xmrig
behavioral1/memory/2396-13-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x00080000000173a9-12.dat	xmrig
behavioral1/memory/2336-17-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2632-3777-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2764-3778-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2396	NQyrapM.exe
2336	gGJfXeN.exe
2300	KzXwokK.exe
2764	RDaHqRi.exe
2820	VWNZiHM.exe
2904	oDfWrwj.exe
2828	tIGkgHd.exe
2724	GDrTaFJ.exe
2804	LIywCNh.exe
2668	osIAveb.exe
2632	kVKwONM.exe
3068	UgRHfOX.exe
2180	sOfIiCU.exe
1812	dCNoHVp.exe
1652	TnmQjHm.exe
1160	lSiYBtB.exe
1036	qoaYUdc.exe
1708	aMZzexj.exe
596	OUfVsef.exe
2440	INiGblU.exe
2056	KAaGyoQ.exe
1948	PdxvRsu.exe
1692	FNoNIWO.exe
1500	pnnykPm.exe
2964	QBZbKqd.exe
1596	COJyFzs.exe
1404	aCbMSdt.exe
664	ehYcKFl.exe
3008	JylVivp.exe
1772	DUvsNVx.exe
2932	UWlYtqp.exe
2092	monPQxw.exe
408	EKvsiMk.exe
1776	KPBYwej.exe
1524	MwSIlSV.exe
796	RUZcbnH.exe
1572	wDeIYVr.exe
1392	ukOaKkv.exe
912	qvZqmis.exe
716	XpJJYel.exe
2216	hXlMHcp.exe
844	xAPCPVP.exe
2252	vekAKFb.exe
1352	JZYatbP.exe
1796	KqDhPAx.exe
2540	kxrFyuB.exe
2596	pgTogLJ.exe
1680	LZgFibQ.exe
3056	yljIZdP.exe
2392	eyxsYAv.exe
1632	LzgVSrQ.exe
784	cNnYQuB.exe
3004	DELcjtW.exe
2728	RVieSgS.exe
2256	bxOBwgC.exe
2840	aJVKAcl.exe
2884	lEVLZkK.exe
2872	TLejBMu.exe
112	ceUvAaH.exe
1232	fxtPyKq.exe
444	oOnkmvm.exe
1968	abXzaUA.exe
2868	YIxfyXZ.exe
1544	zEkcjfO.exe

Loads dropped DLL 64 IoCs

pid	Process
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2384-0-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x00080000000174cc-27.dat	upx
behavioral1/memory/2828-56-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2820-81-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2180-96-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/files/0x0005000000019617-146.dat	upx
behavioral1/memory/1812-1080-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/3068-554-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x0005000000019615-193.dat	upx
behavioral1/files/0x0005000000019611-192.dat	upx
behavioral1/files/0x0005000000019667-190.dat	upx
behavioral1/files/0x000500000001960d-183.dat	upx
behavioral1/files/0x0005000000019623-179.dat	upx
behavioral1/files/0x0005000000019609-173.dat	upx
behavioral1/files/0x0005000000019621-170.dat	upx
behavioral1/files/0x000500000001961b-159.dat	upx
behavioral1/files/0x000500000001961d-156.dat	upx
behavioral1/files/0x0005000000019619-149.dat	upx
behavioral1/files/0x00050000000196af-195.dat	upx
behavioral1/files/0x0005000000019625-186.dat	upx
behavioral1/memory/2668-112-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/files/0x0005000000019582-109.dat	upx
behavioral1/files/0x0005000000019622-178.dat	upx
behavioral1/memory/1812-101-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x0005000000019461-100.dat	upx
behavioral1/files/0x000500000001961f-165.dat	upx
behavioral1/files/0x0005000000019613-140.dat	upx
behavioral1/files/0x000500000001960f-132.dat	upx
behavioral1/files/0x000500000001960b-125.dat	upx
behavioral1/files/0x00050000000195c5-116.dat	upx
behavioral1/files/0x000500000001950c-106.dat	upx
behavioral1/memory/2828-94-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/files/0x000500000001944f-91.dat	upx
behavioral1/memory/2904-88-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/3068-87-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x0005000000019441-84.dat	upx
behavioral1/memory/2668-72-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2632-80-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x0005000000019427-69.dat	upx
behavioral1/files/0x0005000000019431-75.dat	upx
behavioral1/memory/2804-66-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2724-57-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2336-65-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2384-64-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x00060000000186ea-54.dat	upx
behavioral1/files/0x00070000000186fd-60.dat	upx
behavioral1/files/0x0006000000018683-52.dat	upx
behavioral1/memory/2904-51-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2820-50-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x0008000000017492-49.dat	upx
behavioral1/files/0x00060000000186e4-46.dat	upx
behavioral1/memory/2764-45-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2300-26-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x0008000000017488-22.dat	upx
behavioral1/memory/2396-13-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x00080000000173a9-12.dat	upx
behavioral1/memory/2336-17-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2632-3777-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2764-3778-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2396-3783-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2904-3786-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2668-3787-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2336-3789-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\eEvMkui.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwmDgRD.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wyFXVIX.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HydXXwC.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zcmNxbd.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnSjXib.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWVINiE.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gRZgZDd.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TqlHjHE.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SXAKGma.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UEavPRl.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rTLJErh.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRIGnVH.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZEKTpU.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qoUrHCr.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xIVhPED.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jBCYgnR.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FkOLafZ.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAGAVMd.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COeirQr.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zQKescw.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XXyopFr.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jIMtbyU.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPQkLmk.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FaLcofU.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JIjHFjb.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BZTcMQF.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhEriWd.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ytPMmjE.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TmjiQRD.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yljIZdP.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wnXTGGc.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnQZZbl.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uWKgbvY.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btodkUh.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNmDWoS.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QUWgPtp.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JvROYHy.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIAEtoE.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VYoOEWA.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YEhhSfe.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vTWwqOu.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKKaMWx.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nENMUFD.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iHJxipi.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXcIQVK.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JTXeKmk.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zzOMDdp.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jgcgLLn.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vfnJjml.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AanhLfm.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dlVtaNJ.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTlalKj.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EDxDWau.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Tadibui.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BnyHLJa.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AztxsnA.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AfmsFRB.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYvuraq.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WSZiSxO.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kiAGTCg.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fvtOgWy.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mcbddsT.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZfLklL.exe	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2396	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2384 wrote to memory of 2396	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2384 wrote to memory of 2396	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2384 wrote to memory of 2336	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2384 wrote to memory of 2336	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2384 wrote to memory of 2336	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2384 wrote to memory of 2300	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2384 wrote to memory of 2300	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2384 wrote to memory of 2300	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2384 wrote to memory of 2904	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2384 wrote to memory of 2904	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2384 wrote to memory of 2904	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2384 wrote to memory of 2764	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2384 wrote to memory of 2764	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2384 wrote to memory of 2764	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2384 wrote to memory of 2828	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2384 wrote to memory of 2828	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2384 wrote to memory of 2828	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2384 wrote to memory of 2820	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2384 wrote to memory of 2820	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2384 wrote to memory of 2820	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2384 wrote to memory of 2724	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2384 wrote to memory of 2724	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2384 wrote to memory of 2724	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2384 wrote to memory of 2804	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2384 wrote to memory of 2804	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2384 wrote to memory of 2804	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2384 wrote to memory of 2668	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2384 wrote to memory of 2668	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2384 wrote to memory of 2668	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2384 wrote to memory of 2632	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2384 wrote to memory of 2632	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2384 wrote to memory of 2632	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2384 wrote to memory of 3068	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2384 wrote to memory of 3068	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2384 wrote to memory of 3068	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2384 wrote to memory of 2180	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2384 wrote to memory of 2180	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2384 wrote to memory of 2180	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2384 wrote to memory of 1812	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2384 wrote to memory of 1812	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2384 wrote to memory of 1812	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2384 wrote to memory of 1652	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2384 wrote to memory of 1652	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2384 wrote to memory of 1652	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2384 wrote to memory of 1692	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2384 wrote to memory of 1692	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2384 wrote to memory of 1692	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2384 wrote to memory of 1160	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2384 wrote to memory of 1160	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2384 wrote to memory of 1160	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2384 wrote to memory of 1500	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2384 wrote to memory of 1500	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2384 wrote to memory of 1500	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2384 wrote to memory of 1036	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2384 wrote to memory of 1036	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2384 wrote to memory of 1036	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2384 wrote to memory of 1596	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2384 wrote to memory of 1596	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2384 wrote to memory of 1596	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2384 wrote to memory of 1708	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2384 wrote to memory of 1708	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2384 wrote to memory of 1708	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2384 wrote to memory of 664	2384	2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-19_fc9ce0b63dbc03b8e55725233ca550ce_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\System\NQyrapM.exe
  C:\Windows\System\NQyrapM.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\gGJfXeN.exe
  C:\Windows\System\gGJfXeN.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\KzXwokK.exe
  C:\Windows\System\KzXwokK.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\oDfWrwj.exe
  C:\Windows\System\oDfWrwj.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\RDaHqRi.exe
  C:\Windows\System\RDaHqRi.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\tIGkgHd.exe
  C:\Windows\System\tIGkgHd.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\VWNZiHM.exe
  C:\Windows\System\VWNZiHM.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\GDrTaFJ.exe
  C:\Windows\System\GDrTaFJ.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\LIywCNh.exe
  C:\Windows\System\LIywCNh.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\osIAveb.exe
  C:\Windows\System\osIAveb.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\kVKwONM.exe
  C:\Windows\System\kVKwONM.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\UgRHfOX.exe
  C:\Windows\System\UgRHfOX.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\sOfIiCU.exe
  C:\Windows\System\sOfIiCU.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\dCNoHVp.exe
  C:\Windows\System\dCNoHVp.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\TnmQjHm.exe
  C:\Windows\System\TnmQjHm.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\FNoNIWO.exe
  C:\Windows\System\FNoNIWO.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\lSiYBtB.exe
  C:\Windows\System\lSiYBtB.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\pnnykPm.exe
  C:\Windows\System\pnnykPm.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\qoaYUdc.exe
  C:\Windows\System\qoaYUdc.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\COJyFzs.exe
  C:\Windows\System\COJyFzs.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\aMZzexj.exe
  C:\Windows\System\aMZzexj.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\ehYcKFl.exe
  C:\Windows\System\ehYcKFl.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\OUfVsef.exe
  C:\Windows\System\OUfVsef.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\JylVivp.exe
  C:\Windows\System\JylVivp.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\INiGblU.exe
  C:\Windows\System\INiGblU.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\UWlYtqp.exe
  C:\Windows\System\UWlYtqp.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\KAaGyoQ.exe
  C:\Windows\System\KAaGyoQ.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\monPQxw.exe
  C:\Windows\System\monPQxw.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\PdxvRsu.exe
  C:\Windows\System\PdxvRsu.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\EKvsiMk.exe
  C:\Windows\System\EKvsiMk.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\QBZbKqd.exe
  C:\Windows\System\QBZbKqd.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\MwSIlSV.exe
  C:\Windows\System\MwSIlSV.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\aCbMSdt.exe
  C:\Windows\System\aCbMSdt.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\RUZcbnH.exe
  C:\Windows\System\RUZcbnH.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\DUvsNVx.exe
  C:\Windows\System\DUvsNVx.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\wDeIYVr.exe
  C:\Windows\System\wDeIYVr.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\KPBYwej.exe
  C:\Windows\System\KPBYwej.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\qvZqmis.exe
  C:\Windows\System\qvZqmis.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\ukOaKkv.exe
  C:\Windows\System\ukOaKkv.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\XpJJYel.exe
  C:\Windows\System\XpJJYel.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\hXlMHcp.exe
  C:\Windows\System\hXlMHcp.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\vekAKFb.exe
  C:\Windows\System\vekAKFb.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\xAPCPVP.exe
  C:\Windows\System\xAPCPVP.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\JZYatbP.exe
  C:\Windows\System\JZYatbP.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\KqDhPAx.exe
  C:\Windows\System\KqDhPAx.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\pgTogLJ.exe
  C:\Windows\System\pgTogLJ.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\kxrFyuB.exe
  C:\Windows\System\kxrFyuB.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\LZgFibQ.exe
  C:\Windows\System\LZgFibQ.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\yljIZdP.exe
  C:\Windows\System\yljIZdP.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\eyxsYAv.exe
  C:\Windows\System\eyxsYAv.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\LzgVSrQ.exe
  C:\Windows\System\LzgVSrQ.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\DELcjtW.exe
  C:\Windows\System\DELcjtW.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\cNnYQuB.exe
  C:\Windows\System\cNnYQuB.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\bxOBwgC.exe
  C:\Windows\System\bxOBwgC.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\RVieSgS.exe
  C:\Windows\System\RVieSgS.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\aJVKAcl.exe
  C:\Windows\System\aJVKAcl.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\lEVLZkK.exe
  C:\Windows\System\lEVLZkK.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\TLejBMu.exe
  C:\Windows\System\TLejBMu.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\ceUvAaH.exe
  C:\Windows\System\ceUvAaH.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\fxtPyKq.exe
  C:\Windows\System\fxtPyKq.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\oOnkmvm.exe
  C:\Windows\System\oOnkmvm.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\abXzaUA.exe
  C:\Windows\System\abXzaUA.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\YIxfyXZ.exe
  C:\Windows\System\YIxfyXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\vlSMlPX.exe
  C:\Windows\System\vlSMlPX.exe
  2⤵
  PID:2716
- C:\Windows\System\zEkcjfO.exe
  C:\Windows\System\zEkcjfO.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\PFezoCl.exe
  C:\Windows\System\PFezoCl.exe
  2⤵
  PID:860
- C:\Windows\System\nRiSwbZ.exe
  C:\Windows\System\nRiSwbZ.exe
  2⤵
  PID:1644
- C:\Windows\System\YSnkygy.exe
  C:\Windows\System\YSnkygy.exe
  2⤵
  PID:2272
- C:\Windows\System\tFPGFHG.exe
  C:\Windows\System\tFPGFHG.exe
  2⤵
  PID:1648
- C:\Windows\System\LGULZzE.exe
  C:\Windows\System\LGULZzE.exe
  2⤵
  PID:2608
- C:\Windows\System\ziFpWDk.exe
  C:\Windows\System\ziFpWDk.exe
  2⤵
  PID:2140
- C:\Windows\System\GAuCZLA.exe
  C:\Windows\System\GAuCZLA.exe
  2⤵
  PID:2796
- C:\Windows\System\UXdbCQO.exe
  C:\Windows\System\UXdbCQO.exe
  2⤵
  PID:2412
- C:\Windows\System\vhwHHnU.exe
  C:\Windows\System\vhwHHnU.exe
  2⤵
  PID:468
- C:\Windows\System\BZTcMQF.exe
  C:\Windows\System\BZTcMQF.exe
  2⤵
  PID:2104
- C:\Windows\System\hZYyaSy.exe
  C:\Windows\System\hZYyaSy.exe
  2⤵
  PID:960
- C:\Windows\System\UErspfG.exe
  C:\Windows\System\UErspfG.exe
  2⤵
  PID:2236
- C:\Windows\System\FMakPNa.exe
  C:\Windows\System\FMakPNa.exe
  2⤵
  PID:2152
- C:\Windows\System\KwFfkSS.exe
  C:\Windows\System\KwFfkSS.exe
  2⤵
  PID:1300
- C:\Windows\System\XRdrXSK.exe
  C:\Windows\System\XRdrXSK.exe
  2⤵
  PID:1888
- C:\Windows\System\QzFZjys.exe
  C:\Windows\System\QzFZjys.exe
  2⤵
  PID:1612
- C:\Windows\System\eNRdXRb.exe
  C:\Windows\System\eNRdXRb.exe
  2⤵
  PID:2520
- C:\Windows\System\GAsaowB.exe
  C:\Windows\System\GAsaowB.exe
  2⤵
  PID:856
- C:\Windows\System\VtPqPIR.exe
  C:\Windows\System\VtPqPIR.exe
  2⤵
  PID:2072
- C:\Windows\System\mRtvhpA.exe
  C:\Windows\System\mRtvhpA.exe
  2⤵
  PID:2944
- C:\Windows\System\lHWedQB.exe
  C:\Windows\System\lHWedQB.exe
  2⤵
  PID:2756
- C:\Windows\System\prZpSrQ.exe
  C:\Windows\System\prZpSrQ.exe
  2⤵
  PID:2892
- C:\Windows\System\iSYJfTW.exe
  C:\Windows\System\iSYJfTW.exe
  2⤵
  PID:264
- C:\Windows\System\KWjqOhb.exe
  C:\Windows\System\KWjqOhb.exe
  2⤵
  PID:2504
- C:\Windows\System\JrHmtuR.exe
  C:\Windows\System\JrHmtuR.exe
  2⤵
  PID:1580
- C:\Windows\System\XEjKPjf.exe
  C:\Windows\System\XEjKPjf.exe
  2⤵
  PID:2928
- C:\Windows\System\QQTnCXA.exe
  C:\Windows\System\QQTnCXA.exe
  2⤵
  PID:1932
- C:\Windows\System\UXGZZQB.exe
  C:\Windows\System\UXGZZQB.exe
  2⤵
  PID:2012
- C:\Windows\System\PzFUkJH.exe
  C:\Windows\System\PzFUkJH.exe
  2⤵
  PID:1728
- C:\Windows\System\EXBxpCC.exe
  C:\Windows\System\EXBxpCC.exe
  2⤵
  PID:3088
- C:\Windows\System\CPkEIQN.exe
  C:\Windows\System\CPkEIQN.exe
  2⤵
  PID:3108
- C:\Windows\System\LzkLUIL.exe
  C:\Windows\System\LzkLUIL.exe
  2⤵
  PID:3132
- C:\Windows\System\lQWaSuA.exe
  C:\Windows\System\lQWaSuA.exe
  2⤵
  PID:3152
- C:\Windows\System\kESUAyc.exe
  C:\Windows\System\kESUAyc.exe
  2⤵
  PID:3172
- C:\Windows\System\MOgjkmV.exe
  C:\Windows\System\MOgjkmV.exe
  2⤵
  PID:3196
- C:\Windows\System\MwbHOhN.exe
  C:\Windows\System\MwbHOhN.exe
  2⤵
  PID:3212
- C:\Windows\System\kNxWEvz.exe
  C:\Windows\System\kNxWEvz.exe
  2⤵
  PID:3232
- C:\Windows\System\mcbddsT.exe
  C:\Windows\System\mcbddsT.exe
  2⤵
  PID:3252
- C:\Windows\System\HYsNpHB.exe
  C:\Windows\System\HYsNpHB.exe
  2⤵
  PID:3272
- C:\Windows\System\nMtaynU.exe
  C:\Windows\System\nMtaynU.exe
  2⤵
  PID:3292
- C:\Windows\System\ACFfTvf.exe
  C:\Windows\System\ACFfTvf.exe
  2⤵
  PID:3312
- C:\Windows\System\JHtScEO.exe
  C:\Windows\System\JHtScEO.exe
  2⤵
  PID:3328
- C:\Windows\System\TcLATnr.exe
  C:\Windows\System\TcLATnr.exe
  2⤵
  PID:3344
- C:\Windows\System\Cdjjfck.exe
  C:\Windows\System\Cdjjfck.exe
  2⤵
  PID:3364
- C:\Windows\System\TqlHjHE.exe
  C:\Windows\System\TqlHjHE.exe
  2⤵
  PID:3380
- C:\Windows\System\uWoVlPg.exe
  C:\Windows\System\uWoVlPg.exe
  2⤵
  PID:3404
- C:\Windows\System\pUHgpYu.exe
  C:\Windows\System\pUHgpYu.exe
  2⤵
  PID:3424
- C:\Windows\System\ovbzgwp.exe
  C:\Windows\System\ovbzgwp.exe
  2⤵
  PID:3456
- C:\Windows\System\LOeAhyN.exe
  C:\Windows\System\LOeAhyN.exe
  2⤵
  PID:3476
- C:\Windows\System\fJdxVNF.exe
  C:\Windows\System\fJdxVNF.exe
  2⤵
  PID:3492
- C:\Windows\System\ircoScm.exe
  C:\Windows\System\ircoScm.exe
  2⤵
  PID:3508
- C:\Windows\System\yZMYHys.exe
  C:\Windows\System\yZMYHys.exe
  2⤵
  PID:3532
- C:\Windows\System\RYuQIBx.exe
  C:\Windows\System\RYuQIBx.exe
  2⤵
  PID:3556
- C:\Windows\System\eCUVEtw.exe
  C:\Windows\System\eCUVEtw.exe
  2⤵
  PID:3572
- C:\Windows\System\bzscHPm.exe
  C:\Windows\System\bzscHPm.exe
  2⤵
  PID:3592
- C:\Windows\System\iDuKGbT.exe
  C:\Windows\System\iDuKGbT.exe
  2⤵
  PID:3612
- C:\Windows\System\eweRglE.exe
  C:\Windows\System\eweRglE.exe
  2⤵
  PID:3632
- C:\Windows\System\naXusRs.exe
  C:\Windows\System\naXusRs.exe
  2⤵
  PID:3648
- C:\Windows\System\LnxSfXQ.exe
  C:\Windows\System\LnxSfXQ.exe
  2⤵
  PID:3668
- C:\Windows\System\StzhYRO.exe
  C:\Windows\System\StzhYRO.exe
  2⤵
  PID:3692
- C:\Windows\System\GeqqvEk.exe
  C:\Windows\System\GeqqvEk.exe
  2⤵
  PID:3708
- C:\Windows\System\zXrziDW.exe
  C:\Windows\System\zXrziDW.exe
  2⤵
  PID:3732
- C:\Windows\System\dXcIQVK.exe
  C:\Windows\System\dXcIQVK.exe
  2⤵
  PID:3752
- C:\Windows\System\ItfMlTf.exe
  C:\Windows\System\ItfMlTf.exe
  2⤵
  PID:3772
- C:\Windows\System\jblDJAS.exe
  C:\Windows\System\jblDJAS.exe
  2⤵
  PID:3792
- C:\Windows\System\VKMMkjr.exe
  C:\Windows\System\VKMMkjr.exe
  2⤵
  PID:3816
- C:\Windows\System\ETwNajv.exe
  C:\Windows\System\ETwNajv.exe
  2⤵
  PID:3832
- C:\Windows\System\SqihCKg.exe
  C:\Windows\System\SqihCKg.exe
  2⤵
  PID:3856
- C:\Windows\System\VwKgUxd.exe
  C:\Windows\System\VwKgUxd.exe
  2⤵
  PID:3872
- C:\Windows\System\vMKaomV.exe
  C:\Windows\System\vMKaomV.exe
  2⤵
  PID:3896
- C:\Windows\System\fIQMMOI.exe
  C:\Windows\System\fIQMMOI.exe
  2⤵
  PID:3916
- C:\Windows\System\QfxxIeS.exe
  C:\Windows\System\QfxxIeS.exe
  2⤵
  PID:3936
- C:\Windows\System\XEfeQRb.exe
  C:\Windows\System\XEfeQRb.exe
  2⤵
  PID:3956
- C:\Windows\System\tvppxRK.exe
  C:\Windows\System\tvppxRK.exe
  2⤵
  PID:3972
- C:\Windows\System\dfLwvyA.exe
  C:\Windows\System\dfLwvyA.exe
  2⤵
  PID:3996
- C:\Windows\System\txKwrKJ.exe
  C:\Windows\System\txKwrKJ.exe
  2⤵
  PID:4016
- C:\Windows\System\tgkRsoa.exe
  C:\Windows\System\tgkRsoa.exe
  2⤵
  PID:4036
- C:\Windows\System\snhkwwl.exe
  C:\Windows\System\snhkwwl.exe
  2⤵
  PID:4052
- C:\Windows\System\DIqidID.exe
  C:\Windows\System\DIqidID.exe
  2⤵
  PID:4072
- C:\Windows\System\SNEJXDZ.exe
  C:\Windows\System\SNEJXDZ.exe
  2⤵
  PID:4088
- C:\Windows\System\PvFXpxe.exe
  C:\Windows\System\PvFXpxe.exe
  2⤵
  PID:2920
- C:\Windows\System\YnJIgEL.exe
  C:\Windows\System\YnJIgEL.exe
  2⤵
  PID:1824
- C:\Windows\System\QUWgPtp.exe
  C:\Windows\System\QUWgPtp.exe
  2⤵
  PID:2988
- C:\Windows\System\UdQrUlR.exe
  C:\Windows\System\UdQrUlR.exe
  2⤵
  PID:1264
- C:\Windows\System\Ybozdjz.exe
  C:\Windows\System\Ybozdjz.exe
  2⤵
  PID:2112
- C:\Windows\System\wnXTGGc.exe
  C:\Windows\System\wnXTGGc.exe
  2⤵
  PID:2324
- C:\Windows\System\laPREFT.exe
  C:\Windows\System\laPREFT.exe
  2⤵
  PID:2704
- C:\Windows\System\ULXMOMp.exe
  C:\Windows\System\ULXMOMp.exe
  2⤵
  PID:2248
- C:\Windows\System\nfHhEYO.exe
  C:\Windows\System\nfHhEYO.exe
  2⤵
  PID:2100
- C:\Windows\System\QbIZPKL.exe
  C:\Windows\System\QbIZPKL.exe
  2⤵
  PID:2312
- C:\Windows\System\nsfZycA.exe
  C:\Windows\System\nsfZycA.exe
  2⤵
  PID:1740
- C:\Windows\System\aYNrFFp.exe
  C:\Windows\System\aYNrFFp.exe
  2⤵
  PID:1752
- C:\Windows\System\AxguAVt.exe
  C:\Windows\System\AxguAVt.exe
  2⤵
  PID:1072
- C:\Windows\System\zLBmecN.exe
  C:\Windows\System\zLBmecN.exe
  2⤵
  PID:2864
- C:\Windows\System\vJwjXum.exe
  C:\Windows\System\vJwjXum.exe
  2⤵
  PID:3140
- C:\Windows\System\EIpEvGn.exe
  C:\Windows\System\EIpEvGn.exe
  2⤵
  PID:3188
- C:\Windows\System\usttECF.exe
  C:\Windows\System\usttECF.exe
  2⤵
  PID:3228
- C:\Windows\System\PPvkSBL.exe
  C:\Windows\System\PPvkSBL.exe
  2⤵
  PID:3128
- C:\Windows\System\czcZBOl.exe
  C:\Windows\System\czcZBOl.exe
  2⤵
  PID:3164
- C:\Windows\System\gtXavoV.exe
  C:\Windows\System\gtXavoV.exe
  2⤵
  PID:3300
- C:\Windows\System\KkCcQjI.exe
  C:\Windows\System\KkCcQjI.exe
  2⤵
  PID:3284
- C:\Windows\System\kggFeqS.exe
  C:\Windows\System\kggFeqS.exe
  2⤵
  PID:3372
- C:\Windows\System\dlVtaNJ.exe
  C:\Windows\System\dlVtaNJ.exe
  2⤵
  PID:3356
- C:\Windows\System\pKtzbFd.exe
  C:\Windows\System\pKtzbFd.exe
  2⤵
  PID:3472
- C:\Windows\System\bWxWnmw.exe
  C:\Windows\System\bWxWnmw.exe
  2⤵
  PID:3360
- C:\Windows\System\rRFbRtO.exe
  C:\Windows\System\rRFbRtO.exe
  2⤵
  PID:3468
- C:\Windows\System\ydeBjDC.exe
  C:\Windows\System\ydeBjDC.exe
  2⤵
  PID:3452
- C:\Windows\System\IkVtrRX.exe
  C:\Windows\System\IkVtrRX.exe
  2⤵
  PID:3552
- C:\Windows\System\kgXTTqN.exe
  C:\Windows\System\kgXTTqN.exe
  2⤵
  PID:3520
- C:\Windows\System\QFOnpXT.exe
  C:\Windows\System\QFOnpXT.exe
  2⤵
  PID:3600
- C:\Windows\System\crBiyil.exe
  C:\Windows\System\crBiyil.exe
  2⤵
  PID:3608
- C:\Windows\System\aClrRCW.exe
  C:\Windows\System\aClrRCW.exe
  2⤵
  PID:3664
- C:\Windows\System\iZmJFAE.exe
  C:\Windows\System\iZmJFAE.exe
  2⤵
  PID:3688
- C:\Windows\System\WyBBTjs.exe
  C:\Windows\System\WyBBTjs.exe
  2⤵
  PID:3720
- C:\Windows\System\UHisKiJ.exe
  C:\Windows\System\UHisKiJ.exe
  2⤵
  PID:3824
- C:\Windows\System\fgssCDX.exe
  C:\Windows\System\fgssCDX.exe
  2⤵
  PID:3764
- C:\Windows\System\gMnKBpX.exe
  C:\Windows\System\gMnKBpX.exe
  2⤵
  PID:3864
- C:\Windows\System\fhKingU.exe
  C:\Windows\System\fhKingU.exe
  2⤵
  PID:3840
- C:\Windows\System\PsGzRPc.exe
  C:\Windows\System\PsGzRPc.exe
  2⤵
  PID:3848
- C:\Windows\System\KzDbiGt.exe
  C:\Windows\System\KzDbiGt.exe
  2⤵
  PID:3908
- C:\Windows\System\sEjwnjn.exe
  C:\Windows\System\sEjwnjn.exe
  2⤵
  PID:3952
- C:\Windows\System\vpJeQpe.exe
  C:\Windows\System\vpJeQpe.exe
  2⤵
  PID:3980
- C:\Windows\System\TyKXBIF.exe
  C:\Windows\System\TyKXBIF.exe
  2⤵
  PID:3928
- C:\Windows\System\BkdpdIL.exe
  C:\Windows\System\BkdpdIL.exe
  2⤵
  PID:4024
- C:\Windows\System\SrJfFMr.exe
  C:\Windows\System\SrJfFMr.exe
  2⤵
  PID:4060
- C:\Windows\System\yThcbTQ.exe
  C:\Windows\System\yThcbTQ.exe
  2⤵
  PID:2604
- C:\Windows\System\UYGfuoN.exe
  C:\Windows\System\UYGfuoN.exe
  2⤵
  PID:4008
- C:\Windows\System\oUWbeLS.exe
  C:\Windows\System\oUWbeLS.exe
  2⤵
  PID:2432
- C:\Windows\System\NUIrZek.exe
  C:\Windows\System\NUIrZek.exe
  2⤵
  PID:2108
- C:\Windows\System\ZXRqkAP.exe
  C:\Windows\System\ZXRqkAP.exe
  2⤵
  PID:2316
- C:\Windows\System\vUCLcVX.exe
  C:\Windows\System\vUCLcVX.exe
  2⤵
  PID:964
- C:\Windows\System\tGgUYWZ.exe
  C:\Windows\System\tGgUYWZ.exe
  2⤵
  PID:2388
- C:\Windows\System\uQBjhPi.exe
  C:\Windows\System\uQBjhPi.exe
  2⤵
  PID:1668
- C:\Windows\System\wPEasYu.exe
  C:\Windows\System\wPEasYu.exe
  2⤵
  PID:2484
- C:\Windows\System\qPkGWKB.exe
  C:\Windows\System\qPkGWKB.exe
  2⤵
  PID:1592
- C:\Windows\System\AztxsnA.exe
  C:\Windows\System\AztxsnA.exe
  2⤵
  PID:3220
- C:\Windows\System\grANoxK.exe
  C:\Windows\System\grANoxK.exe
  2⤵
  PID:3280
- C:\Windows\System\RhzVySR.exe
  C:\Windows\System\RhzVySR.exe
  2⤵
  PID:3324
- C:\Windows\System\hmzzuNE.exe
  C:\Windows\System\hmzzuNE.exe
  2⤵
  PID:3588
- C:\Windows\System\fejYkBh.exe
  C:\Windows\System\fejYkBh.exe
  2⤵
  PID:3644
- C:\Windows\System\RJrsbLc.exe
  C:\Windows\System\RJrsbLc.exe
  2⤵
  PID:3788
- C:\Windows\System\impTIKq.exe
  C:\Windows\System\impTIKq.exe
  2⤵
  PID:3904
- C:\Windows\System\tulEeKl.exe
  C:\Windows\System\tulEeKl.exe
  2⤵
  PID:4012
- C:\Windows\System\zZryZCF.exe
  C:\Windows\System\zZryZCF.exe
  2⤵
  PID:1168
- C:\Windows\System\jIMtbyU.exe
  C:\Windows\System\jIMtbyU.exe
  2⤵
  PID:3288
- C:\Windows\System\POoqMyq.exe
  C:\Windows\System\POoqMyq.exe
  2⤵
  PID:3504
- C:\Windows\System\iFWwYJb.exe
  C:\Windows\System\iFWwYJb.exe
  2⤵
  PID:2780
- C:\Windows\System\vwGjamX.exe
  C:\Windows\System\vwGjamX.exe
  2⤵
  PID:3660
- C:\Windows\System\SALZXgs.exe
  C:\Windows\System\SALZXgs.exe
  2⤵
  PID:3096
- C:\Windows\System\rguwQpi.exe
  C:\Windows\System\rguwQpi.exe
  2⤵
  PID:3260
- C:\Windows\System\ZFQhUzM.exe
  C:\Windows\System\ZFQhUzM.exe
  2⤵
  PID:3656
- C:\Windows\System\GiFIECt.exe
  C:\Windows\System\GiFIECt.exe
  2⤵
  PID:3716
- C:\Windows\System\nfqnrPH.exe
  C:\Windows\System\nfqnrPH.exe
  2⤵
  PID:2808
- C:\Windows\System\kavAnDz.exe
  C:\Windows\System\kavAnDz.exe
  2⤵
  PID:3076
- C:\Windows\System\NJIRDvi.exe
  C:\Windows\System\NJIRDvi.exe
  2⤵
  PID:2968
- C:\Windows\System\nMrJtnq.exe
  C:\Windows\System\nMrJtnq.exe
  2⤵
  PID:4084
- C:\Windows\System\CcIWadB.exe
  C:\Windows\System\CcIWadB.exe
  2⤵
  PID:3968
- C:\Windows\System\dARxIdz.exe
  C:\Windows\System\dARxIdz.exe
  2⤵
  PID:3892
- C:\Windows\System\FquDWOs.exe
  C:\Windows\System\FquDWOs.exe
  2⤵
  PID:3728
- C:\Windows\System\tfnrUXt.exe
  C:\Windows\System\tfnrUXt.exe
  2⤵
  PID:3580
- C:\Windows\System\dyqrDrT.exe
  C:\Windows\System\dyqrDrT.exe
  2⤵
  PID:4028
- C:\Windows\System\MlrFcIP.exe
  C:\Windows\System\MlrFcIP.exe
  2⤵
  PID:1956
- C:\Windows\System\XlMwEeM.exe
  C:\Windows\System\XlMwEeM.exe
  2⤵
  PID:4100
- C:\Windows\System\tNTZUdh.exe
  C:\Windows\System\tNTZUdh.exe
  2⤵
  PID:4116
- C:\Windows\System\PMXYqWf.exe
  C:\Windows\System\PMXYqWf.exe
  2⤵
  PID:4136
- C:\Windows\System\fKWwcUk.exe
  C:\Windows\System\fKWwcUk.exe
  2⤵
  PID:4156
- C:\Windows\System\JKVSuLq.exe
  C:\Windows\System\JKVSuLq.exe
  2⤵
  PID:4172
- C:\Windows\System\POtCKWh.exe
  C:\Windows\System\POtCKWh.exe
  2⤵
  PID:4188
- C:\Windows\System\HwYezWt.exe
  C:\Windows\System\HwYezWt.exe
  2⤵
  PID:4204
- C:\Windows\System\jfHXubH.exe
  C:\Windows\System\jfHXubH.exe
  2⤵
  PID:4220
- C:\Windows\System\ELDXhmg.exe
  C:\Windows\System\ELDXhmg.exe
  2⤵
  PID:4236
- C:\Windows\System\vSCgCrz.exe
  C:\Windows\System\vSCgCrz.exe
  2⤵
  PID:4252
- C:\Windows\System\SAuydgs.exe
  C:\Windows\System\SAuydgs.exe
  2⤵
  PID:4268
- C:\Windows\System\hNJPbeb.exe
  C:\Windows\System\hNJPbeb.exe
  2⤵
  PID:4284
- C:\Windows\System\UZBBMNN.exe
  C:\Windows\System\UZBBMNN.exe
  2⤵
  PID:4300
- C:\Windows\System\fOPmnLd.exe
  C:\Windows\System\fOPmnLd.exe
  2⤵
  PID:4316
- C:\Windows\System\WwopFDD.exe
  C:\Windows\System\WwopFDD.exe
  2⤵
  PID:4332
- C:\Windows\System\KWMyQjS.exe
  C:\Windows\System\KWMyQjS.exe
  2⤵
  PID:4348
- C:\Windows\System\GMAhYUP.exe
  C:\Windows\System\GMAhYUP.exe
  2⤵
  PID:4364
- C:\Windows\System\JnvIwJU.exe
  C:\Windows\System\JnvIwJU.exe
  2⤵
  PID:4380
- C:\Windows\System\eGwxUgb.exe
  C:\Windows\System\eGwxUgb.exe
  2⤵
  PID:4396
- C:\Windows\System\XdplDSc.exe
  C:\Windows\System\XdplDSc.exe
  2⤵
  PID:4412
- C:\Windows\System\YImVDQW.exe
  C:\Windows\System\YImVDQW.exe
  2⤵
  PID:4428
- C:\Windows\System\FZxeTAD.exe
  C:\Windows\System\FZxeTAD.exe
  2⤵
  PID:4460
- C:\Windows\System\SXAKGma.exe
  C:\Windows\System\SXAKGma.exe
  2⤵
  PID:4496
- C:\Windows\System\RvVdsrF.exe
  C:\Windows\System\RvVdsrF.exe
  2⤵
  PID:4644
- C:\Windows\System\XyLKdrc.exe
  C:\Windows\System\XyLKdrc.exe
  2⤵
  PID:4660
- C:\Windows\System\OxXtnts.exe
  C:\Windows\System\OxXtnts.exe
  2⤵
  PID:4676
- C:\Windows\System\BZluuvp.exe
  C:\Windows\System\BZluuvp.exe
  2⤵
  PID:4692
- C:\Windows\System\hogwyiW.exe
  C:\Windows\System\hogwyiW.exe
  2⤵
  PID:4716
- C:\Windows\System\tlVzdtN.exe
  C:\Windows\System\tlVzdtN.exe
  2⤵
  PID:4736
- C:\Windows\System\FPyfTSQ.exe
  C:\Windows\System\FPyfTSQ.exe
  2⤵
  PID:4756
- C:\Windows\System\dcxopaG.exe
  C:\Windows\System\dcxopaG.exe
  2⤵
  PID:4772
- C:\Windows\System\nfNYYuz.exe
  C:\Windows\System\nfNYYuz.exe
  2⤵
  PID:4792
- C:\Windows\System\KisAkGF.exe
  C:\Windows\System\KisAkGF.exe
  2⤵
  PID:4808
- C:\Windows\System\pVsThAo.exe
  C:\Windows\System\pVsThAo.exe
  2⤵
  PID:4832
- C:\Windows\System\LcUULsd.exe
  C:\Windows\System\LcUULsd.exe
  2⤵
  PID:4852
- C:\Windows\System\AfmsFRB.exe
  C:\Windows\System\AfmsFRB.exe
  2⤵
  PID:4868
- C:\Windows\System\ORLlEsa.exe
  C:\Windows\System\ORLlEsa.exe
  2⤵
  PID:4900
- C:\Windows\System\zRmqNkB.exe
  C:\Windows\System\zRmqNkB.exe
  2⤵
  PID:4916
- C:\Windows\System\PJcUTNB.exe
  C:\Windows\System\PJcUTNB.exe
  2⤵
  PID:4932
- C:\Windows\System\keTSnlc.exe
  C:\Windows\System\keTSnlc.exe
  2⤵
  PID:4952
- C:\Windows\System\drYlDTn.exe
  C:\Windows\System\drYlDTn.exe
  2⤵
  PID:4968
- C:\Windows\System\wtPMqqp.exe
  C:\Windows\System\wtPMqqp.exe
  2⤵
  PID:4984
- C:\Windows\System\MbiqkEJ.exe
  C:\Windows\System\MbiqkEJ.exe
  2⤵
  PID:5004
- C:\Windows\System\PKqELfG.exe
  C:\Windows\System\PKqELfG.exe
  2⤵
  PID:5028
- C:\Windows\System\pnSjXib.exe
  C:\Windows\System\pnSjXib.exe
  2⤵
  PID:5044
- C:\Windows\System\ZqnOQZg.exe
  C:\Windows\System\ZqnOQZg.exe
  2⤵
  PID:5060
- C:\Windows\System\gAKEtws.exe
  C:\Windows\System\gAKEtws.exe
  2⤵
  PID:5076
- C:\Windows\System\kzqAHkR.exe
  C:\Windows\System\kzqAHkR.exe
  2⤵
  PID:5092
- C:\Windows\System\oCDCLXl.exe
  C:\Windows\System\oCDCLXl.exe
  2⤵
  PID:5108
- C:\Windows\System\cKyLcBa.exe
  C:\Windows\System\cKyLcBa.exe
  2⤵
  PID:888
- C:\Windows\System\oWLmHho.exe
  C:\Windows\System\oWLmHho.exe
  2⤵
  PID:4064
- C:\Windows\System\JvROYHy.exe
  C:\Windows\System\JvROYHy.exe
  2⤵
  PID:3084
- C:\Windows\System\fjkWQDT.exe
  C:\Windows\System\fjkWQDT.exe
  2⤵
  PID:3204
- C:\Windows\System\QzHOoHL.exe
  C:\Windows\System\QzHOoHL.exe
  2⤵
  PID:3144
- C:\Windows\System\BlUJRjR.exe
  C:\Windows\System\BlUJRjR.exe
  2⤵
  PID:3988
- C:\Windows\System\ZMYsTdw.exe
  C:\Windows\System\ZMYsTdw.exe
  2⤵
  PID:3704
- C:\Windows\System\KMeTCGr.exe
  C:\Windows\System\KMeTCGr.exe
  2⤵
  PID:3868
- C:\Windows\System\QHEwoGo.exe
  C:\Windows\System\QHEwoGo.exe
  2⤵
  PID:4132
- C:\Windows\System\zpRYFrL.exe
  C:\Windows\System\zpRYFrL.exe
  2⤵
  PID:4168
- C:\Windows\System\EhGScag.exe
  C:\Windows\System\EhGScag.exe
  2⤵
  PID:4260
- C:\Windows\System\FijTUba.exe
  C:\Windows\System\FijTUba.exe
  2⤵
  PID:4108
- C:\Windows\System\tjZxrQH.exe
  C:\Windows\System\tjZxrQH.exe
  2⤵
  PID:4324
- C:\Windows\System\qgfGgmS.exe
  C:\Windows\System\qgfGgmS.exe
  2⤵
  PID:3568
- C:\Windows\System\yPSJddX.exe
  C:\Windows\System\yPSJddX.exe
  2⤵
  PID:4112
- C:\Windows\System\GIoqYkG.exe
  C:\Windows\System\GIoqYkG.exe
  2⤵
  PID:3888
- C:\Windows\System\VsQcdHK.exe
  C:\Windows\System\VsQcdHK.exe
  2⤵
  PID:1808
- C:\Windows\System\kZFeRpt.exe
  C:\Windows\System\kZFeRpt.exe
  2⤵
  PID:2936
- C:\Windows\System\JEdlohA.exe
  C:\Windows\System\JEdlohA.exe
  2⤵
  PID:3436
- C:\Windows\System\mmfSqHk.exe
  C:\Windows\System\mmfSqHk.exe
  2⤵
  PID:4148
- C:\Windows\System\heTymOj.exe
  C:\Windows\System\heTymOj.exe
  2⤵
  PID:4472
- C:\Windows\System\tZZVWbr.exe
  C:\Windows\System\tZZVWbr.exe
  2⤵
  PID:4308
- C:\Windows\System\MPQkLmk.exe
  C:\Windows\System\MPQkLmk.exe
  2⤵
  PID:4376
- C:\Windows\System\FaLcofU.exe
  C:\Windows\System\FaLcofU.exe
  2⤵
  PID:4440
- C:\Windows\System\kvBaqOI.exe
  C:\Windows\System\kvBaqOI.exe
  2⤵
  PID:4456
- C:\Windows\System\roOSYFr.exe
  C:\Windows\System\roOSYFr.exe
  2⤵
  PID:4212
- C:\Windows\System\uKEKCVT.exe
  C:\Windows\System\uKEKCVT.exe
  2⤵
  PID:4508
- C:\Windows\System\OiwIBmq.exe
  C:\Windows\System\OiwIBmq.exe
  2⤵
  PID:4656
- C:\Windows\System\MYxXHPL.exe
  C:\Windows\System\MYxXHPL.exe
  2⤵
  PID:4528
- C:\Windows\System\cNhaRQL.exe
  C:\Windows\System\cNhaRQL.exe
  2⤵
  PID:4544
- C:\Windows\System\slxaxIu.exe
  C:\Windows\System\slxaxIu.exe
  2⤵
  PID:4560
- C:\Windows\System\oLTAosg.exe
  C:\Windows\System\oLTAosg.exe
  2⤵
  PID:4576
- C:\Windows\System\wJpFWcN.exe
  C:\Windows\System\wJpFWcN.exe
  2⤵
  PID:4728
- C:\Windows\System\vwmnUSK.exe
  C:\Windows\System\vwmnUSK.exe
  2⤵
  PID:4592
- C:\Windows\System\vqRKusC.exe
  C:\Windows\System\vqRKusC.exe
  2⤵
  PID:4608
- C:\Windows\System\fctAVfM.exe
  C:\Windows\System\fctAVfM.exe
  2⤵
  PID:4624
- C:\Windows\System\RsPkhMD.exe
  C:\Windows\System\RsPkhMD.exe
  2⤵
  PID:4632
- C:\Windows\System\PNnMgnT.exe
  C:\Windows\System\PNnMgnT.exe
  2⤵
  PID:4804
- C:\Windows\System\dQApclY.exe
  C:\Windows\System\dQApclY.exe
  2⤵
  PID:4876
- C:\Windows\System\LvpjrCu.exe
  C:\Windows\System\LvpjrCu.exe
  2⤵
  PID:4892
- C:\Windows\System\laDGQym.exe
  C:\Windows\System\laDGQym.exe
  2⤵
  PID:4960
- C:\Windows\System\UEavPRl.exe
  C:\Windows\System\UEavPRl.exe
  2⤵
  PID:5000
- C:\Windows\System\jTYeDce.exe
  C:\Windows\System\jTYeDce.exe
  2⤵
  PID:4780
- C:\Windows\System\YdcHruK.exe
  C:\Windows\System\YdcHruK.exe
  2⤵
  PID:4824
- C:\Windows\System\JQfRzkN.exe
  C:\Windows\System\JQfRzkN.exe
  2⤵
  PID:5040
- C:\Windows\System\vnQZZbl.exe
  C:\Windows\System\vnQZZbl.exe
  2⤵
  PID:5104
- C:\Windows\System\CxrDPpv.exe
  C:\Windows\System\CxrDPpv.exe
  2⤵
  PID:3416
- C:\Windows\System\lunfxyW.exe
  C:\Windows\System\lunfxyW.exe
  2⤵
  PID:3124
- C:\Windows\System\PIHGySX.exe
  C:\Windows\System\PIHGySX.exe
  2⤵
  PID:3760
- C:\Windows\System\cOYzPIe.exe
  C:\Windows\System\cOYzPIe.exe
  2⤵
  PID:3340
- C:\Windows\System\spdIjuq.exe
  C:\Windows\System\spdIjuq.exe
  2⤵
  PID:3584
- C:\Windows\System\AvNrqag.exe
  C:\Windows\System\AvNrqag.exe
  2⤵
  PID:3304
- C:\Windows\System\LATKEDZ.exe
  C:\Windows\System\LATKEDZ.exe
  2⤵
  PID:4744
- C:\Windows\System\USnsLrC.exe
  C:\Windows\System\USnsLrC.exe
  2⤵
  PID:4944
- C:\Windows\System\wWpWzEn.exe
  C:\Windows\System\wWpWzEn.exe
  2⤵
  PID:4708
- C:\Windows\System\MYZhdRZ.exe
  C:\Windows\System\MYZhdRZ.exe
  2⤵
  PID:4276
- C:\Windows\System\mcyJyQi.exe
  C:\Windows\System\mcyJyQi.exe
  2⤵
  PID:4488
- C:\Windows\System\vWCOuxt.exe
  C:\Windows\System\vWCOuxt.exe
  2⤵
  PID:4516
- C:\Windows\System\wEkMPfZ.exe
  C:\Windows\System\wEkMPfZ.exe
  2⤵
  PID:4568
- C:\Windows\System\uYfGAfG.exe
  C:\Windows\System\uYfGAfG.exe
  2⤵
  PID:4588
- C:\Windows\System\NMAkBGh.exe
  C:\Windows\System\NMAkBGh.exe
  2⤵
  PID:4788
- C:\Windows\System\TjiLfXo.exe
  C:\Windows\System\TjiLfXo.exe
  2⤵
  PID:4884
- C:\Windows\System\bwXfKkB.exe
  C:\Windows\System\bwXfKkB.exe
  2⤵
  PID:5016
- C:\Windows\System\KZEKTpU.exe
  C:\Windows\System\KZEKTpU.exe
  2⤵
  PID:5056
- C:\Windows\System\qvMohVJ.exe
  C:\Windows\System\qvMohVJ.exe
  2⤵
  PID:5116
- C:\Windows\System\pFPNkoa.exe
  C:\Windows\System\pFPNkoa.exe
  2⤵
  PID:3808
- C:\Windows\System\aqBGdUW.exe
  C:\Windows\System\aqBGdUW.exe
  2⤵
  PID:5128
- C:\Windows\System\HYazfMy.exe
  C:\Windows\System\HYazfMy.exe
  2⤵
  PID:5144
- C:\Windows\System\FkOLafZ.exe
  C:\Windows\System\FkOLafZ.exe
  2⤵
  PID:5160
- C:\Windows\System\AXgzvQL.exe
  C:\Windows\System\AXgzvQL.exe
  2⤵
  PID:5176
- C:\Windows\System\TolEuAm.exe
  C:\Windows\System\TolEuAm.exe
  2⤵
  PID:5192
- C:\Windows\System\EYBHiUu.exe
  C:\Windows\System\EYBHiUu.exe
  2⤵
  PID:5208
- C:\Windows\System\cqveOOm.exe
  C:\Windows\System\cqveOOm.exe
  2⤵
  PID:5224
- C:\Windows\System\sCSkmgB.exe
  C:\Windows\System\sCSkmgB.exe
  2⤵
  PID:5244
- C:\Windows\System\CQopmSn.exe
  C:\Windows\System\CQopmSn.exe
  2⤵
  PID:5260
- C:\Windows\System\yhnLNSh.exe
  C:\Windows\System\yhnLNSh.exe
  2⤵
  PID:5276
- C:\Windows\System\REcwXra.exe
  C:\Windows\System\REcwXra.exe
  2⤵
  PID:5296
- C:\Windows\System\QluUyVx.exe
  C:\Windows\System\QluUyVx.exe
  2⤵
  PID:5312
- C:\Windows\System\mPTCSXs.exe
  C:\Windows\System\mPTCSXs.exe
  2⤵
  PID:5328
- C:\Windows\System\wslSmWe.exe
  C:\Windows\System\wslSmWe.exe
  2⤵
  PID:5344
- C:\Windows\System\ZixYeub.exe
  C:\Windows\System\ZixYeub.exe
  2⤵
  PID:5360
- C:\Windows\System\ULbyNye.exe
  C:\Windows\System\ULbyNye.exe
  2⤵
  PID:5376
- C:\Windows\System\uQksWUL.exe
  C:\Windows\System\uQksWUL.exe
  2⤵
  PID:5392
- C:\Windows\System\RFsnRRi.exe
  C:\Windows\System\RFsnRRi.exe
  2⤵
  PID:5408
- C:\Windows\System\WoUZIRg.exe
  C:\Windows\System\WoUZIRg.exe
  2⤵
  PID:5424
- C:\Windows\System\VWVElNC.exe
  C:\Windows\System\VWVElNC.exe
  2⤵
  PID:5440
- C:\Windows\System\HvopDLq.exe
  C:\Windows\System\HvopDLq.exe
  2⤵
  PID:5456
- C:\Windows\System\yyRvtkr.exe
  C:\Windows\System\yyRvtkr.exe
  2⤵
  PID:5472
- C:\Windows\System\rTLJErh.exe
  C:\Windows\System\rTLJErh.exe
  2⤵
  PID:5488
- C:\Windows\System\biuFaVI.exe
  C:\Windows\System\biuFaVI.exe
  2⤵
  PID:5504
- C:\Windows\System\vkciLml.exe
  C:\Windows\System\vkciLml.exe
  2⤵
  PID:5520
- C:\Windows\System\CuObGfX.exe
  C:\Windows\System\CuObGfX.exe
  2⤵
  PID:5536
- C:\Windows\System\huAyFPM.exe
  C:\Windows\System\huAyFPM.exe
  2⤵
  PID:5552
- C:\Windows\System\wWdTsyv.exe
  C:\Windows\System\wWdTsyv.exe
  2⤵
  PID:5568
- C:\Windows\System\XjVveGy.exe
  C:\Windows\System\XjVveGy.exe
  2⤵
  PID:5584
- C:\Windows\System\ZqilFDH.exe
  C:\Windows\System\ZqilFDH.exe
  2⤵
  PID:5676
- C:\Windows\System\tyNRLsi.exe
  C:\Windows\System\tyNRLsi.exe
  2⤵
  PID:5692
- C:\Windows\System\VIxzDII.exe
  C:\Windows\System\VIxzDII.exe
  2⤵
  PID:5708
- C:\Windows\System\PcROmQa.exe
  C:\Windows\System\PcROmQa.exe
  2⤵
  PID:5724
- C:\Windows\System\HaqCXOM.exe
  C:\Windows\System\HaqCXOM.exe
  2⤵
  PID:5740
- C:\Windows\System\Ubuftwx.exe
  C:\Windows\System\Ubuftwx.exe
  2⤵
  PID:5768
- C:\Windows\System\VmUfiwf.exe
  C:\Windows\System\VmUfiwf.exe
  2⤵
  PID:5788
- C:\Windows\System\fUaZbRQ.exe
  C:\Windows\System\fUaZbRQ.exe
  2⤵
  PID:5804
- C:\Windows\System\qBQDCHW.exe
  C:\Windows\System\qBQDCHW.exe
  2⤵
  PID:5820
- C:\Windows\System\VGhekpQ.exe
  C:\Windows\System\VGhekpQ.exe
  2⤵
  PID:5836
- C:\Windows\System\qoUrHCr.exe
  C:\Windows\System\qoUrHCr.exe
  2⤵
  PID:5852
- C:\Windows\System\IuwCdGd.exe
  C:\Windows\System\IuwCdGd.exe
  2⤵
  PID:5868
- C:\Windows\System\cDRzkRH.exe
  C:\Windows\System\cDRzkRH.exe
  2⤵
  PID:5884
- C:\Windows\System\IhsGQRM.exe
  C:\Windows\System\IhsGQRM.exe
  2⤵
  PID:5900
- C:\Windows\System\iavJQNV.exe
  C:\Windows\System\iavJQNV.exe
  2⤵
  PID:5916
- C:\Windows\System\zrLtlKp.exe
  C:\Windows\System\zrLtlKp.exe
  2⤵
  PID:5932
- C:\Windows\System\vffgjpe.exe
  C:\Windows\System\vffgjpe.exe
  2⤵
  PID:5948
- C:\Windows\System\TdRCqSf.exe
  C:\Windows\System\TdRCqSf.exe
  2⤵
  PID:5964
- C:\Windows\System\UVRMsri.exe
  C:\Windows\System\UVRMsri.exe
  2⤵
  PID:5980
- C:\Windows\System\zbVegZD.exe
  C:\Windows\System\zbVegZD.exe
  2⤵
  PID:5996
- C:\Windows\System\InNKTuC.exe
  C:\Windows\System\InNKTuC.exe
  2⤵
  PID:6012
- C:\Windows\System\hUqopWn.exe
  C:\Windows\System\hUqopWn.exe
  2⤵
  PID:6028
- C:\Windows\System\Xekfqyj.exe
  C:\Windows\System\Xekfqyj.exe
  2⤵
  PID:6048
- C:\Windows\System\qdWTrdX.exe
  C:\Windows\System\qdWTrdX.exe
  2⤵
  PID:6064
- C:\Windows\System\PHTropl.exe
  C:\Windows\System\PHTropl.exe
  2⤵
  PID:6080
- C:\Windows\System\xtHeLDI.exe
  C:\Windows\System\xtHeLDI.exe
  2⤵
  PID:6096
- C:\Windows\System\hrXMSVj.exe
  C:\Windows\System\hrXMSVj.exe
  2⤵
  PID:6112
- C:\Windows\System\oziBRea.exe
  C:\Windows\System\oziBRea.exe
  2⤵
  PID:6128
- C:\Windows\System\QDNhNJp.exe
  C:\Windows\System\QDNhNJp.exe
  2⤵
  PID:4816
- C:\Windows\System\ineIDnd.exe
  C:\Windows\System\ineIDnd.exe
  2⤵
  PID:5100
- C:\Windows\System\jxpNgrV.exe
  C:\Windows\System\jxpNgrV.exe
  2⤵
  PID:4164
- C:\Windows\System\rnKtpsV.exe
  C:\Windows\System\rnKtpsV.exe
  2⤵
  PID:4940
- C:\Windows\System\zBtVyGj.exe
  C:\Windows\System\zBtVyGj.exe
  2⤵
  PID:3624
- C:\Windows\System\WcGMfKV.exe
  C:\Windows\System\WcGMfKV.exe
  2⤵
  PID:4924
- C:\Windows\System\yRgFDfn.exe
  C:\Windows\System\yRgFDfn.exe
  2⤵
  PID:4764
- C:\Windows\System\UnaFsgQ.exe
  C:\Windows\System\UnaFsgQ.exe
  2⤵
  PID:4688
- C:\Windows\System\YQbnzKO.exe
  C:\Windows\System\YQbnzKO.exe
  2⤵
  PID:4180
- C:\Windows\System\JKpRxbd.exe
  C:\Windows\System\JKpRxbd.exe
  2⤵
  PID:3540
- C:\Windows\System\FIPuRym.exe
  C:\Windows\System\FIPuRym.exe
  2⤵
  PID:2832
- C:\Windows\System\zIAEtoE.exe
  C:\Windows\System\zIAEtoE.exe
  2⤵
  PID:4232
- C:\Windows\System\VYoOEWA.exe
  C:\Windows\System\VYoOEWA.exe
  2⤵
  PID:4912
- C:\Windows\System\VHxptvQ.exe
  C:\Windows\System\VHxptvQ.exe
  2⤵
  PID:2376
- C:\Windows\System\UFsDQhA.exe
  C:\Windows\System\UFsDQhA.exe
  2⤵
  PID:2740
- C:\Windows\System\bgnqlMR.exe
  C:\Windows\System\bgnqlMR.exe
  2⤵
  PID:3028
- C:\Windows\System\pDGvzRo.exe
  C:\Windows\System\pDGvzRo.exe
  2⤵
  PID:3516
- C:\Windows\System\QDoWJep.exe
  C:\Windows\System\QDoWJep.exe
  2⤵
  PID:4700
- C:\Windows\System\ANzHzqV.exe
  C:\Windows\System\ANzHzqV.exe
  2⤵
  PID:4436
- C:\Windows\System\cfrKmeC.exe
  C:\Windows\System\cfrKmeC.exe
  2⤵
  PID:5168
- C:\Windows\System\yJvIxzt.exe
  C:\Windows\System\yJvIxzt.exe
  2⤵
  PID:5200
- C:\Windows\System\YXEjSyZ.exe
  C:\Windows\System\YXEjSyZ.exe
  2⤵
  PID:5188
- C:\Windows\System\wTaNEbW.exe
  C:\Windows\System\wTaNEbW.exe
  2⤵
  PID:5156
- C:\Windows\System\bhIFhTx.exe
  C:\Windows\System\bhIFhTx.exe
  2⤵
  PID:5204
- C:\Windows\System\ZqcMETx.exe
  C:\Windows\System\ZqcMETx.exe
  2⤵
  PID:5236
- C:\Windows\System\KqDOzzY.exe
  C:\Windows\System\KqDOzzY.exe
  2⤵
  PID:5272
- C:\Windows\System\eNIoohV.exe
  C:\Windows\System\eNIoohV.exe
  2⤵
  PID:2304
- C:\Windows\System\YVTuPkI.exe
  C:\Windows\System\YVTuPkI.exe
  2⤵
  PID:5340
- C:\Windows\System\brDgfkl.exe
  C:\Windows\System\brDgfkl.exe
  2⤵
  PID:5404
- C:\Windows\System\QjkULkL.exe
  C:\Windows\System\QjkULkL.exe
  2⤵
  PID:5468
- C:\Windows\System\cFjyssX.exe
  C:\Windows\System\cFjyssX.exe
  2⤵
  PID:5452
- C:\Windows\System\wIJZCDq.exe
  C:\Windows\System\wIJZCDq.exe
  2⤵
  PID:5564
- C:\Windows\System\MZeGuKE.exe
  C:\Windows\System\MZeGuKE.exe
  2⤵
  PID:5608
- C:\Windows\System\dGgnoJT.exe
  C:\Windows\System\dGgnoJT.exe
  2⤵
  PID:5624
- C:\Windows\System\dlHfTEk.exe
  C:\Windows\System\dlHfTEk.exe
  2⤵
  PID:5640
- C:\Windows\System\ZEUbDVj.exe
  C:\Windows\System\ZEUbDVj.exe
  2⤵
  PID:5656
- C:\Windows\System\OOeBsmQ.exe
  C:\Windows\System\OOeBsmQ.exe
  2⤵
  PID:5672
- C:\Windows\System\cxXNsuI.exe
  C:\Windows\System\cxXNsuI.exe
  2⤵
  PID:5704
- C:\Windows\System\WdMNCgU.exe
  C:\Windows\System\WdMNCgU.exe
  2⤵
  PID:5480
- C:\Windows\System\SLiYHIS.exe
  C:\Windows\System\SLiYHIS.exe
  2⤵
  PID:5516
- C:\Windows\System\dEbdsnA.exe
  C:\Windows\System\dEbdsnA.exe
  2⤵
  PID:5320
- C:\Windows\System\qkWZDzr.exe
  C:\Windows\System\qkWZDzr.exe
  2⤵
  PID:5780
- C:\Windows\System\lTBxsvV.exe
  C:\Windows\System\lTBxsvV.exe
  2⤵
  PID:5240
- C:\Windows\System\aoOZllN.exe
  C:\Windows\System\aoOZllN.exe
  2⤵
  PID:5716
- C:\Windows\System\gtPcXUK.exe
  C:\Windows\System\gtPcXUK.exe
  2⤵
  PID:5752
- C:\Windows\System\nZfLklL.exe
  C:\Windows\System\nZfLklL.exe
  2⤵
  PID:5796
- C:\Windows\System\cBGYIKs.exe
  C:\Windows\System\cBGYIKs.exe
  2⤵
  PID:5800
- C:\Windows\System\CzlUduK.exe
  C:\Windows\System\CzlUduK.exe
  2⤵
  PID:5860
- C:\Windows\System\aRpLRNl.exe
  C:\Windows\System\aRpLRNl.exe
  2⤵
  PID:5908
- C:\Windows\System\YkmYjBG.exe
  C:\Windows\System\YkmYjBG.exe
  2⤵
  PID:5972
- C:\Windows\System\ifvWjEN.exe
  C:\Windows\System\ifvWjEN.exe
  2⤵
  PID:5892
- C:\Windows\System\GYHUozf.exe
  C:\Windows\System\GYHUozf.exe
  2⤵
  PID:5576
- C:\Windows\System\JADDcfA.exe
  C:\Windows\System\JADDcfA.exe
  2⤵
  PID:6076
- C:\Windows\System\oqNpuPj.exe
  C:\Windows\System\oqNpuPj.exe
  2⤵
  PID:5072
- C:\Windows\System\QJqIXRx.exe
  C:\Windows\System\QJqIXRx.exe
  2⤵
  PID:4864
- C:\Windows\System\qSJSCYO.exe
  C:\Windows\System\qSJSCYO.exe
  2⤵
  PID:3244
- C:\Windows\System\ZDkZAXe.exe
  C:\Windows\System\ZDkZAXe.exe
  2⤵
  PID:5956
- C:\Windows\System\AdYYzIk.exe
  C:\Windows\System\AdYYzIk.exe
  2⤵
  PID:5988
- C:\Windows\System\LBwHMiw.exe
  C:\Windows\System\LBwHMiw.exe
  2⤵
  PID:3208
- C:\Windows\System\ZnGgSnU.exe
  C:\Windows\System\ZnGgSnU.exe
  2⤵
  PID:4600
- C:\Windows\System\mWJHSZM.exe
  C:\Windows\System\mWJHSZM.exe
  2⤵
  PID:5448
- C:\Windows\System\GWrKHjK.exe
  C:\Windows\System\GWrKHjK.exe
  2⤵
  PID:4672
- C:\Windows\System\fMMUIwM.exe
  C:\Windows\System\fMMUIwM.exe
  2⤵
  PID:3020
- C:\Windows\System\lXVpMEW.exe
  C:\Windows\System\lXVpMEW.exe
  2⤵
  PID:4860
- C:\Windows\System\oyHQhIp.exe
  C:\Windows\System\oyHQhIp.exe
  2⤵
  PID:5124
- C:\Windows\System\uDUyIXT.exe
  C:\Windows\System\uDUyIXT.exe
  2⤵
  PID:5268
- C:\Windows\System\izPAVZO.exe
  C:\Windows\System\izPAVZO.exe
  2⤵
  PID:6196
- C:\Windows\System\JqMgXae.exe
  C:\Windows\System\JqMgXae.exe
  2⤵
  PID:6268
- C:\Windows\System\oeIltDD.exe
  C:\Windows\System\oeIltDD.exe
  2⤵
  PID:6296
- C:\Windows\System\kXmhIYh.exe
  C:\Windows\System\kXmhIYh.exe
  2⤵
  PID:6316
- C:\Windows\System\vSdoApe.exe
  C:\Windows\System\vSdoApe.exe
  2⤵
  PID:6332
- C:\Windows\System\RVbissU.exe
  C:\Windows\System\RVbissU.exe
  2⤵
  PID:6356
- C:\Windows\System\WjWYNVG.exe
  C:\Windows\System\WjWYNVG.exe
  2⤵
  PID:6376
- C:\Windows\System\KWBGBiz.exe
  C:\Windows\System\KWBGBiz.exe
  2⤵
  PID:6392
- C:\Windows\System\gUJBnFy.exe
  C:\Windows\System\gUJBnFy.exe
  2⤵
  PID:6408
- C:\Windows\System\tvlkXhb.exe
  C:\Windows\System\tvlkXhb.exe
  2⤵
  PID:6424
- C:\Windows\System\lmnGAyo.exe
  C:\Windows\System\lmnGAyo.exe
  2⤵
  PID:6448
- C:\Windows\System\bQewvyc.exe
  C:\Windows\System\bQewvyc.exe
  2⤵
  PID:6468
- C:\Windows\System\QpuPIIf.exe
  C:\Windows\System\QpuPIIf.exe
  2⤵
  PID:6488
- C:\Windows\System\QZqBKqi.exe
  C:\Windows\System\QZqBKqi.exe
  2⤵
  PID:6504
- C:\Windows\System\edzXERg.exe
  C:\Windows\System\edzXERg.exe
  2⤵
  PID:6520
- C:\Windows\System\HqQhtce.exe
  C:\Windows\System\HqQhtce.exe
  2⤵
  PID:6548
- C:\Windows\System\xoPGbDK.exe
  C:\Windows\System\xoPGbDK.exe
  2⤵
  PID:6576
- C:\Windows\System\PxKTCOs.exe
  C:\Windows\System\PxKTCOs.exe
  2⤵
  PID:6592
- C:\Windows\System\UMiIPHb.exe
  C:\Windows\System\UMiIPHb.exe
  2⤵
  PID:6612
- C:\Windows\System\MfpbizA.exe
  C:\Windows\System\MfpbizA.exe
  2⤵
  PID:6628
- C:\Windows\System\sfGxkPc.exe
  C:\Windows\System\sfGxkPc.exe
  2⤵
  PID:6648
- C:\Windows\System\ErYQGuF.exe
  C:\Windows\System\ErYQGuF.exe
  2⤵
  PID:6664
- C:\Windows\System\wEmJnOA.exe
  C:\Windows\System\wEmJnOA.exe
  2⤵
  PID:6680
- C:\Windows\System\iKKmQhu.exe
  C:\Windows\System\iKKmQhu.exe
  2⤵
  PID:6696
- C:\Windows\System\hwNEuRB.exe
  C:\Windows\System\hwNEuRB.exe
  2⤵
  PID:6712
- C:\Windows\System\ibwXaKz.exe
  C:\Windows\System\ibwXaKz.exe
  2⤵
  PID:6728
- C:\Windows\System\ghOPrPx.exe
  C:\Windows\System\ghOPrPx.exe
  2⤵
  PID:6780
- C:\Windows\System\CpDOonJ.exe
  C:\Windows\System\CpDOonJ.exe
  2⤵
  PID:6800
- C:\Windows\System\DtZVhTe.exe
  C:\Windows\System\DtZVhTe.exe
  2⤵
  PID:6816
- C:\Windows\System\owCqSyZ.exe
  C:\Windows\System\owCqSyZ.exe
  2⤵
  PID:6836
- C:\Windows\System\XLZVmBD.exe
  C:\Windows\System\XLZVmBD.exe
  2⤵
  PID:6852
- C:\Windows\System\JGtSdbd.exe
  C:\Windows\System\JGtSdbd.exe
  2⤵
  PID:6868
- C:\Windows\System\MAIMRsq.exe
  C:\Windows\System\MAIMRsq.exe
  2⤵
  PID:6884
- C:\Windows\System\HlhUbqM.exe
  C:\Windows\System\HlhUbqM.exe
  2⤵
  PID:6900
- C:\Windows\System\DEzipso.exe
  C:\Windows\System\DEzipso.exe
  2⤵
  PID:6916
- C:\Windows\System\dNFGZYr.exe
  C:\Windows\System\dNFGZYr.exe
  2⤵
  PID:6932
- C:\Windows\System\uLMtLkH.exe
  C:\Windows\System\uLMtLkH.exe
  2⤵
  PID:6948
- C:\Windows\System\MDkjSTs.exe
  C:\Windows\System\MDkjSTs.exe
  2⤵
  PID:6964
- C:\Windows\System\oRusgAU.exe
  C:\Windows\System\oRusgAU.exe
  2⤵
  PID:6984
- C:\Windows\System\ESeoDSS.exe
  C:\Windows\System\ESeoDSS.exe
  2⤵
  PID:7040
- C:\Windows\System\yyEgNrX.exe
  C:\Windows\System\yyEgNrX.exe
  2⤵
  PID:7060
- C:\Windows\System\OudhzTu.exe
  C:\Windows\System\OudhzTu.exe
  2⤵
  PID:7076
- C:\Windows\System\npDsCsE.exe
  C:\Windows\System\npDsCsE.exe
  2⤵
  PID:7092
- C:\Windows\System\eEvMkui.exe
  C:\Windows\System\eEvMkui.exe
  2⤵
  PID:7108
- C:\Windows\System\aXEMjFs.exe
  C:\Windows\System\aXEMjFs.exe
  2⤵
  PID:7132
- C:\Windows\System\TkOMjWq.exe
  C:\Windows\System\TkOMjWq.exe
  2⤵
  PID:7148
- C:\Windows\System\KqbfiaD.exe
  C:\Windows\System\KqbfiaD.exe
  2⤵
  PID:7164
- C:\Windows\System\GsBJvdm.exe
  C:\Windows\System\GsBJvdm.exe
  2⤵
  PID:2456
- C:\Windows\System\JsrDtMC.exe
  C:\Windows\System\JsrDtMC.exe
  2⤵
  PID:3032
- C:\Windows\System\uhEriWd.exe
  C:\Windows\System\uhEriWd.exe
  2⤵
  PID:5848
- C:\Windows\System\XTwUiph.exe
  C:\Windows\System\XTwUiph.exe
  2⤵
  PID:6040
- C:\Windows\System\PqkRhdk.exe
  C:\Windows\System\PqkRhdk.exe
  2⤵
  PID:6092
- C:\Windows\System\jeAFwDC.exe
  C:\Windows\System\jeAFwDC.exe
  2⤵
  PID:4448
- C:\Windows\System\lXdEpVL.exe
  C:\Windows\System\lXdEpVL.exe
  2⤵
  PID:4524
- C:\Windows\System\wVxwVFZ.exe
  C:\Windows\System\wVxwVFZ.exe
  2⤵
  PID:4344
- C:\Windows\System\agQSnRY.exe
  C:\Windows\System\agQSnRY.exe
  2⤵
  PID:3744
- C:\Windows\System\FLLDmfa.exe
  C:\Windows\System\FLLDmfa.exe
  2⤵
  PID:5532
- C:\Windows\System\HttZlSt.exe
  C:\Windows\System\HttZlSt.exe
  2⤵
  PID:5512
- C:\Windows\System\YTlBlDN.exe
  C:\Windows\System\YTlBlDN.exe
  2⤵
  PID:5688
- C:\Windows\System\VSyTbcQ.exe
  C:\Windows\System\VSyTbcQ.exe
  2⤵
  PID:5940
- C:\Windows\System\pjuiLeI.exe
  C:\Windows\System\pjuiLeI.exe
  2⤵
  PID:5944
- C:\Windows\System\FQdLaxd.exe
  C:\Windows\System\FQdLaxd.exe
  2⤵
  PID:6240
- C:\Windows\System\CEjThFK.exe
  C:\Windows\System\CEjThFK.exe
  2⤵
  PID:5924
- C:\Windows\System\usDuJbE.exe
  C:\Windows\System\usDuJbE.exe
  2⤵
  PID:6020
- C:\Windows\System\dHrbtXg.exe
  C:\Windows\System\dHrbtXg.exe
  2⤵
  PID:4908
- C:\Windows\System\YcEvNZY.exe
  C:\Windows\System\YcEvNZY.exe
  2⤵
  PID:4620
- C:\Windows\System\wwvAfaf.exe
  C:\Windows\System\wwvAfaf.exe
  2⤵
  PID:5232
- C:\Windows\System\DyQVkLW.exe
  C:\Windows\System\DyQVkLW.exe
  2⤵
  PID:2260
- C:\Windows\System\jNQqyTE.exe
  C:\Windows\System\jNQqyTE.exe
  2⤵
  PID:2708
- C:\Windows\System\dvRAGuT.exe
  C:\Windows\System\dvRAGuT.exe
  2⤵
  PID:6252
- C:\Windows\System\LGwNQdj.exe
  C:\Windows\System\LGwNQdj.exe
  2⤵
  PID:2624
- C:\Windows\System\uWKgbvY.exe
  C:\Windows\System\uWKgbvY.exe
  2⤵
  PID:6156
- C:\Windows\System\gXlkgVi.exe
  C:\Windows\System\gXlkgVi.exe
  2⤵
  PID:6176
- C:\Windows\System\ZFFMJvW.exe
  C:\Windows\System\ZFFMJvW.exe
  2⤵
  PID:1760
- C:\Windows\System\ZVTRRNH.exe
  C:\Windows\System\ZVTRRNH.exe
  2⤵
  PID:6340
- C:\Windows\System\zUtfphX.exe
  C:\Windows\System\zUtfphX.exe
  2⤵
  PID:6384
- C:\Windows\System\nFRqlrE.exe
  C:\Windows\System\nFRqlrE.exe
  2⤵
  PID:6280
- C:\Windows\System\ZQFetPh.exe
  C:\Windows\System\ZQFetPh.exe
  2⤵
  PID:6292
- C:\Windows\System\INHHUbZ.exe
  C:\Windows\System\INHHUbZ.exe
  2⤵
  PID:6456
- C:\Windows\System\CnxnKNG.exe
  C:\Windows\System\CnxnKNG.exe
  2⤵
  PID:6500
- C:\Windows\System\EmiNMST.exe
  C:\Windows\System\EmiNMST.exe
  2⤵
  PID:6532
- C:\Windows\System\APbcGnr.exe
  C:\Windows\System\APbcGnr.exe
  2⤵
  PID:6476
- C:\Windows\System\tTlalKj.exe
  C:\Windows\System\tTlalKj.exe
  2⤵
  PID:6512
- C:\Windows\System\unmzBqz.exe
  C:\Windows\System\unmzBqz.exe
  2⤵
  PID:6568
- C:\Windows\System\TxyQdOJ.exe
  C:\Windows\System\TxyQdOJ.exe
  2⤵
  PID:6536
- C:\Windows\System\JyhCkbs.exe
  C:\Windows\System\JyhCkbs.exe
  2⤵
  PID:6584
- C:\Windows\System\DUfOBjA.exe
  C:\Windows\System\DUfOBjA.exe
  2⤵
  PID:1108
- C:\Windows\System\WXibPZT.exe
  C:\Windows\System\WXibPZT.exe
  2⤵
  PID:6656
- C:\Windows\System\OeRwIfp.exe
  C:\Windows\System\OeRwIfp.exe
  2⤵
  PID:6720
- C:\Windows\System\acYUFWr.exe
  C:\Windows\System\acYUFWr.exe
  2⤵
  PID:1712
- C:\Windows\System\IgNcRBE.exe
  C:\Windows\System\IgNcRBE.exe
  2⤵
  PID:6792
- C:\Windows\System\FLBZCfE.exe
  C:\Windows\System\FLBZCfE.exe
  2⤵
  PID:6672
- C:\Windows\System\DuDyfAi.exe
  C:\Windows\System\DuDyfAi.exe
  2⤵
  PID:2720
- C:\Windows\System\jCQAkdL.exe
  C:\Windows\System\jCQAkdL.exe
  2⤵
  PID:6760
- C:\Windows\System\HcqMhGe.exe
  C:\Windows\System\HcqMhGe.exe
  2⤵
  PID:6776
- C:\Windows\System\lQqTUrB.exe
  C:\Windows\System\lQqTUrB.exe
  2⤵
  PID:6860
- C:\Windows\System\ZSTeXxY.exe
  C:\Windows\System\ZSTeXxY.exe
  2⤵
  PID:6876
- C:\Windows\System\YEhhSfe.exe
  C:\Windows\System\YEhhSfe.exe
  2⤵
  PID:1528
- C:\Windows\System\XrAeDxn.exe
  C:\Windows\System\XrAeDxn.exe
  2⤵
  PID:1884
- C:\Windows\System\rDFzdEy.exe
  C:\Windows\System\rDFzdEy.exe
  2⤵
  PID:6924
- C:\Windows\System\eiQDymU.exe
  C:\Windows\System\eiQDymU.exe
  2⤵
  PID:7020
- C:\Windows\System\PRGNvFM.exe
  C:\Windows\System\PRGNvFM.exe
  2⤵
  PID:6976
- C:\Windows\System\KVvXEjq.exe
  C:\Windows\System\KVvXEjq.exe
  2⤵
  PID:7056
- C:\Windows\System\KiTKEXd.exe
  C:\Windows\System\KiTKEXd.exe
  2⤵
  PID:7124
- C:\Windows\System\lhtLSEt.exe
  C:\Windows\System\lhtLSEt.exe
  2⤵
  PID:5012
- C:\Windows\System\cQmVxOM.exe
  C:\Windows\System\cQmVxOM.exe
  2⤵
  PID:1660
- C:\Windows\System\RvguaXA.exe
  C:\Windows\System\RvguaXA.exe
  2⤵
  PID:7100
- C:\Windows\System\LVdFcMv.exe
  C:\Windows\System\LVdFcMv.exe
  2⤵
  PID:2664
- C:\Windows\System\nXEVPbT.exe
  C:\Windows\System\nXEVPbT.exe
  2⤵
  PID:3264
- C:\Windows\System\vnQHiIw.exe
  C:\Windows\System\vnQHiIw.exe
  2⤵
  PID:4504
- C:\Windows\System\DuILXIW.exe
  C:\Windows\System\DuILXIW.exe
  2⤵
  PID:4128
- C:\Windows\System\ZtIEFDl.exe
  C:\Windows\System\ZtIEFDl.exe
  2⤵
  PID:2792
- C:\Windows\System\lsVczBb.exe
  C:\Windows\System\lsVczBb.exe
  2⤵
  PID:2292
- C:\Windows\System\TYpWLaU.exe
  C:\Windows\System\TYpWLaU.exe
  2⤵
  PID:4296
- C:\Windows\System\AfxPdKt.exe
  C:\Windows\System\AfxPdKt.exe
  2⤵
  PID:5356
- C:\Windows\System\glqAVgt.exe
  C:\Windows\System\glqAVgt.exe
  2⤵
  PID:5684
- C:\Windows\System\uZXJiDj.exe
  C:\Windows\System\uZXJiDj.exe
  2⤵
  PID:5828
- C:\Windows\System\nFTFfyz.exe
  C:\Windows\System\nFTFfyz.exe
  2⤵
  PID:6228
- C:\Windows\System\JjxDNQa.exe
  C:\Windows\System\JjxDNQa.exe
  2⤵
  PID:5184
- C:\Windows\System\IfUDYRi.exe
  C:\Windows\System\IfUDYRi.exe
  2⤵
  PID:1096
- C:\Windows\System\UNgvoFN.exe
  C:\Windows\System\UNgvoFN.exe
  2⤵
  PID:6236
- C:\Windows\System\dlCTAmL.exe
  C:\Windows\System\dlCTAmL.exe
  2⤵
  PID:2052
- C:\Windows\System\WVgtxpp.exe
  C:\Windows\System\WVgtxpp.exe
  2⤵
  PID:2760
- C:\Windows\System\ytPMmjE.exe
  C:\Windows\System\ytPMmjE.exe
  2⤵
  PID:2876
- C:\Windows\System\COgigXe.exe
  C:\Windows\System\COgigXe.exe
  2⤵
  PID:7128
- C:\Windows\System\AeFjAaG.exe
  C:\Windows\System\AeFjAaG.exe
  2⤵
  PID:768
- C:\Windows\System\mZWnomz.exe
  C:\Windows\System\mZWnomz.exe
  2⤵
  PID:6184
- C:\Windows\System\hiOpxlA.exe
  C:\Windows\System\hiOpxlA.exe
  2⤵
  PID:6308
- C:\Windows\System\SLyvlDj.exe
  C:\Windows\System\SLyvlDj.exe
  2⤵
  PID:6364
- C:\Windows\System\pRIGnVH.exe
  C:\Windows\System\pRIGnVH.exe
  2⤵
  PID:6528
- C:\Windows\System\AUeByol.exe
  C:\Windows\System\AUeByol.exe
  2⤵
  PID:6436
- C:\Windows\System\gQaewjI.exe
  C:\Windows\System\gQaewjI.exe
  2⤵
  PID:6692
- C:\Windows\System\LtWleDt.exe
  C:\Windows\System\LtWleDt.exe
  2⤵
  PID:944
- C:\Windows\System\JDTNWMB.exe
  C:\Windows\System\JDTNWMB.exe
  2⤵
  PID:2508
- C:\Windows\System\FLZyCiU.exe
  C:\Windows\System\FLZyCiU.exe
  2⤵
  PID:6752
- C:\Windows\System\hITBroI.exe
  C:\Windows\System\hITBroI.exe
  2⤵
  PID:6768
- C:\Windows\System\VBMrozv.exe
  C:\Windows\System\VBMrozv.exe
  2⤵
  PID:6892
- C:\Windows\System\mncQLzD.exe
  C:\Windows\System\mncQLzD.exe
  2⤵
  PID:6992
- C:\Windows\System\diIqkER.exe
  C:\Windows\System\diIqkER.exe
  2⤵
  PID:6944
- C:\Windows\System\JTXeKmk.exe
  C:\Windows\System\JTXeKmk.exe
  2⤵
  PID:6748
- C:\Windows\System\nTUPhdk.exe
  C:\Windows\System\nTUPhdk.exe
  2⤵
  PID:6808
- C:\Windows\System\xnWCNoH.exe
  C:\Windows\System\xnWCNoH.exe
  2⤵
  PID:7052
- C:\Windows\System\ARNsFOj.exe
  C:\Windows\System\ARNsFOj.exe
  2⤵
  PID:2676
- C:\Windows\System\UYerxFw.exe
  C:\Windows\System\UYerxFw.exe
  2⤵
  PID:5844
- C:\Windows\System\JggNDeU.exe
  C:\Windows\System\JggNDeU.exe
  2⤵
  PID:4468
- C:\Windows\System\PArZFFC.exe
  C:\Windows\System\PArZFFC.exe
  2⤵
  PID:5764
- C:\Windows\System\KUtPaEq.exe
  C:\Windows\System\KUtPaEq.exe
  2⤵
  PID:2360
- C:\Windows\System\pNtSIRH.exe
  C:\Windows\System\pNtSIRH.exe
  2⤵
  PID:2204
- C:\Windows\System\mUzpIco.exe
  C:\Windows\System\mUzpIco.exe
  2⤵
  PID:6164
- C:\Windows\System\pCntEbp.exe
  C:\Windows\System\pCntEbp.exe
  2⤵
  PID:6416
- C:\Windows\System\dfifvwJ.exe
  C:\Windows\System\dfifvwJ.exe
  2⤵
  PID:2844
- C:\Windows\System\StCefhi.exe
  C:\Windows\System\StCefhi.exe
  2⤵
  PID:2276
- C:\Windows\System\MTgsGuS.exe
  C:\Windows\System\MTgsGuS.exe
  2⤵
  PID:5352
- C:\Windows\System\QwCpbPD.exe
  C:\Windows\System\QwCpbPD.exe
  2⤵
  PID:5548
- C:\Windows\System\PBpcFHF.exe
  C:\Windows\System\PBpcFHF.exe
  2⤵
  PID:2752
- C:\Windows\System\DfxsTMI.exe
  C:\Windows\System\DfxsTMI.exe
  2⤵
  PID:2948
- C:\Windows\System\WcFtqZW.exe
  C:\Windows\System\WcFtqZW.exe
  2⤵
  PID:6188
- C:\Windows\System\vwLBfbr.exe
  C:\Windows\System\vwLBfbr.exe
  2⤵
  PID:6324
- C:\Windows\System\eFygxct.exe
  C:\Windows\System\eFygxct.exe
  2⤵
  PID:6640
- C:\Windows\System\MLznMbY.exe
  C:\Windows\System\MLznMbY.exe
  2⤵
  PID:1456
- C:\Windows\System\nTGnlIn.exe
  C:\Windows\System\nTGnlIn.exe
  2⤵
  PID:6140
- C:\Windows\System\RfsCWiZ.exe
  C:\Windows\System\RfsCWiZ.exe
  2⤵
  PID:832
- C:\Windows\System\zzOMDdp.exe
  C:\Windows\System\zzOMDdp.exe
  2⤵
  PID:2024
- C:\Windows\System\PQfEBFX.exe
  C:\Windows\System\PQfEBFX.exe
  2⤵
  PID:6464
- C:\Windows\System\OmNvjgw.exe
  C:\Windows\System\OmNvjgw.exe
  2⤵
  PID:6404
- C:\Windows\System\ZrtlmGb.exe
  C:\Windows\System\ZrtlmGb.exe
  2⤵
  PID:6724
- C:\Windows\System\gErLAvr.exe
  C:\Windows\System\gErLAvr.exe
  2⤵
  PID:6788
- C:\Windows\System\jONSWvm.exe
  C:\Windows\System\jONSWvm.exe
  2⤵
  PID:2160
- C:\Windows\System\VzBiCOM.exe
  C:\Windows\System\VzBiCOM.exe
  2⤵
  PID:6844
- C:\Windows\System\IxetPim.exe
  C:\Windows\System\IxetPim.exe
  2⤵
  PID:2584
- C:\Windows\System\CWJCMFT.exe
  C:\Windows\System\CWJCMFT.exe
  2⤵
  PID:6928
- C:\Windows\System\GpieDfD.exe
  C:\Windows\System\GpieDfD.exe
  2⤵
  PID:6972
- C:\Windows\System\ETPtRdI.exe
  C:\Windows\System\ETPtRdI.exe
  2⤵
  PID:2880
- C:\Windows\System\XzjXjmu.exe
  C:\Windows\System\XzjXjmu.exe
  2⤵
  PID:4292
- C:\Windows\System\VWMADvW.exe
  C:\Windows\System\VWMADvW.exe
  2⤵
  PID:4616
- C:\Windows\System\LzUZBRj.exe
  C:\Windows\System\LzUZBRj.exe
  2⤵
  PID:6908
- C:\Windows\System\SfqKJYC.exe
  C:\Windows\System\SfqKJYC.exe
  2⤵
  PID:5324
- C:\Windows\System\DiolNuQ.exe
  C:\Windows\System\DiolNuQ.exe
  2⤵
  PID:2672
- C:\Windows\System\loTFDRv.exe
  C:\Windows\System\loTFDRv.exe
  2⤵
  PID:6556
- C:\Windows\System\GHeoLUj.exe
  C:\Windows\System\GHeoLUj.exe
  2⤵
  PID:6216
- C:\Windows\System\BYuTCTV.exe
  C:\Windows\System\BYuTCTV.exe
  2⤵
  PID:1992
- C:\Windows\System\BMFnqaK.exe
  C:\Windows\System\BMFnqaK.exe
  2⤵
  PID:3684
- C:\Windows\System\nYAGJkj.exe
  C:\Windows\System\nYAGJkj.exe
  2⤵
  PID:6444
- C:\Windows\System\xIVhPED.exe
  C:\Windows\System\xIVhPED.exe
  2⤵
  PID:1864
- C:\Windows\System\RdEDlhB.exe
  C:\Windows\System\RdEDlhB.exe
  2⤵
  PID:1688
- C:\Windows\System\FpRYnUm.exe
  C:\Windows\System\FpRYnUm.exe
  2⤵
  PID:6540
- C:\Windows\System\PUpYPSc.exe
  C:\Windows\System\PUpYPSc.exe
  2⤵
  PID:2656
- C:\Windows\System\UArGRWE.exe
  C:\Windows\System\UArGRWE.exe
  2⤵
  PID:6368
- C:\Windows\System\TzPwybO.exe
  C:\Windows\System\TzPwybO.exe
  2⤵
  PID:1600
- C:\Windows\System\rtKZxRG.exe
  C:\Windows\System\rtKZxRG.exe
  2⤵
  PID:6480
- C:\Windows\System\TpXSHht.exe
  C:\Windows\System\TpXSHht.exe
  2⤵
  PID:7012
- C:\Windows\System\kumdGKC.exe
  C:\Windows\System\kumdGKC.exe
  2⤵
  PID:6832
- C:\Windows\System\JZDyAsK.exe
  C:\Windows\System\JZDyAsK.exe
  2⤵
  PID:6304
- C:\Windows\System\wypFUCZ.exe
  C:\Windows\System\wypFUCZ.exe
  2⤵
  PID:676
- C:\Windows\System\QcyYKiu.exe
  C:\Windows\System\QcyYKiu.exe
  2⤵
  PID:7072
- C:\Windows\System\fIFzsdy.exe
  C:\Windows\System\fIFzsdy.exe
  2⤵
  PID:6688
- C:\Windows\System\zJGiHiQ.exe
  C:\Windows\System\zJGiHiQ.exe
  2⤵
  PID:6560
- C:\Windows\System\FhukHom.exe
  C:\Windows\System\FhukHom.exe
  2⤵
  PID:1280
- C:\Windows\System\IMVIMFD.exe
  C:\Windows\System\IMVIMFD.exe
  2⤵
  PID:6736
- C:\Windows\System\kTVEZkj.exe
  C:\Windows\System\kTVEZkj.exe
  2⤵
  PID:7068
- C:\Windows\System\piJSlGt.exe
  C:\Windows\System\piJSlGt.exe
  2⤵
  PID:6420
- C:\Windows\System\ErhBQDn.exe
  C:\Windows\System\ErhBQDn.exe
  2⤵
  PID:4392
- C:\Windows\System\YXqlZSm.exe
  C:\Windows\System\YXqlZSm.exe
  2⤵
  PID:6008
- C:\Windows\System\plrZfYV.exe
  C:\Windows\System\plrZfYV.exe
  2⤵
  PID:2404
- C:\Windows\System\xKhBteG.exe
  C:\Windows\System\xKhBteG.exe
  2⤵
  PID:2776
- C:\Windows\System\BzfzuLE.exe
  C:\Windows\System\BzfzuLE.exe
  2⤵
  PID:7088
- C:\Windows\System\CoKMFud.exe
  C:\Windows\System\CoKMFud.exe
  2⤵
  PID:7180
- C:\Windows\System\aLhlNgB.exe
  C:\Windows\System\aLhlNgB.exe
  2⤵
  PID:7196
- C:\Windows\System\jgcgLLn.exe
  C:\Windows\System\jgcgLLn.exe
  2⤵
  PID:7212
- C:\Windows\System\rYtGURK.exe
  C:\Windows\System\rYtGURK.exe
  2⤵
  PID:7228
- C:\Windows\System\HJZJExk.exe
  C:\Windows\System\HJZJExk.exe
  2⤵
  PID:7244
- C:\Windows\System\OPmaTGr.exe
  C:\Windows\System\OPmaTGr.exe
  2⤵
  PID:7260
- C:\Windows\System\QkRMxly.exe
  C:\Windows\System\QkRMxly.exe
  2⤵
  PID:7276
- C:\Windows\System\oopHqPp.exe
  C:\Windows\System\oopHqPp.exe
  2⤵
  PID:7292
- C:\Windows\System\IykUJrP.exe
  C:\Windows\System\IykUJrP.exe
  2⤵
  PID:7308
- C:\Windows\System\xArgJAA.exe
  C:\Windows\System\xArgJAA.exe
  2⤵
  PID:7324
- C:\Windows\System\UvVUrmI.exe
  C:\Windows\System\UvVUrmI.exe
  2⤵
  PID:7340
- C:\Windows\System\jDjLCxg.exe
  C:\Windows\System\jDjLCxg.exe
  2⤵
  PID:7356
- C:\Windows\System\nWyBqzB.exe
  C:\Windows\System\nWyBqzB.exe
  2⤵
  PID:7372
- C:\Windows\System\dXgsgqU.exe
  C:\Windows\System\dXgsgqU.exe
  2⤵
  PID:7388
- C:\Windows\System\pAFXnZk.exe
  C:\Windows\System\pAFXnZk.exe
  2⤵
  PID:7404
- C:\Windows\System\REmtQUi.exe
  C:\Windows\System\REmtQUi.exe
  2⤵
  PID:7420
- C:\Windows\System\ydlLLHp.exe
  C:\Windows\System\ydlLLHp.exe
  2⤵
  PID:7436
- C:\Windows\System\vTWwqOu.exe
  C:\Windows\System\vTWwqOu.exe
  2⤵
  PID:7452
- C:\Windows\System\XwiIjvf.exe
  C:\Windows\System\XwiIjvf.exe
  2⤵
  PID:7468
- C:\Windows\System\pllbpCA.exe
  C:\Windows\System\pllbpCA.exe
  2⤵
  PID:7484
- C:\Windows\System\Tskkswt.exe
  C:\Windows\System\Tskkswt.exe
  2⤵
  PID:7500
- C:\Windows\System\YVYRErP.exe
  C:\Windows\System\YVYRErP.exe
  2⤵
  PID:7516
- C:\Windows\System\WfzWtJX.exe
  C:\Windows\System\WfzWtJX.exe
  2⤵
  PID:7532
- C:\Windows\System\qXgzuKx.exe
  C:\Windows\System\qXgzuKx.exe
  2⤵
  PID:7548
- C:\Windows\System\FLmygAq.exe
  C:\Windows\System\FLmygAq.exe
  2⤵
  PID:7564
- C:\Windows\System\IDHgzLa.exe
  C:\Windows\System\IDHgzLa.exe
  2⤵
  PID:7580
- C:\Windows\System\YscZTdw.exe
  C:\Windows\System\YscZTdw.exe
  2⤵
  PID:7596
- C:\Windows\System\mNZyYHd.exe
  C:\Windows\System\mNZyYHd.exe
  2⤵
  PID:7612
- C:\Windows\System\zObMLWJ.exe
  C:\Windows\System\zObMLWJ.exe
  2⤵
  PID:7628
- C:\Windows\System\SRiHent.exe
  C:\Windows\System\SRiHent.exe
  2⤵
  PID:7644
- C:\Windows\System\NNwHhlY.exe
  C:\Windows\System\NNwHhlY.exe
  2⤵
  PID:7664
- C:\Windows\System\XcuiSnt.exe
  C:\Windows\System\XcuiSnt.exe
  2⤵
  PID:7680
- C:\Windows\System\iYqliUa.exe
  C:\Windows\System\iYqliUa.exe
  2⤵
  PID:7696
- C:\Windows\System\VrMoaZr.exe
  C:\Windows\System\VrMoaZr.exe
  2⤵
  PID:7712
- C:\Windows\System\RJhLSgI.exe
  C:\Windows\System\RJhLSgI.exe
  2⤵
  PID:7728
- C:\Windows\System\kAGAVMd.exe
  C:\Windows\System\kAGAVMd.exe
  2⤵
  PID:7744
- C:\Windows\System\RjeAOQE.exe
  C:\Windows\System\RjeAOQE.exe
  2⤵
  PID:7760
- C:\Windows\System\FoxcatG.exe
  C:\Windows\System\FoxcatG.exe
  2⤵
  PID:7776
- C:\Windows\System\PQmTYyr.exe
  C:\Windows\System\PQmTYyr.exe
  2⤵
  PID:7792
- C:\Windows\System\Xvvsydv.exe
  C:\Windows\System\Xvvsydv.exe
  2⤵
  PID:7808
- C:\Windows\System\HQaKoVY.exe
  C:\Windows\System\HQaKoVY.exe
  2⤵
  PID:7824
- C:\Windows\System\quKOwbS.exe
  C:\Windows\System\quKOwbS.exe
  2⤵
  PID:7840
- C:\Windows\System\wtuTedB.exe
  C:\Windows\System\wtuTedB.exe
  2⤵
  PID:7856
- C:\Windows\System\rbQhlOV.exe
  C:\Windows\System\rbQhlOV.exe
  2⤵
  PID:7872
- C:\Windows\System\pYScvax.exe
  C:\Windows\System\pYScvax.exe
  2⤵
  PID:7888
- C:\Windows\System\whprYjQ.exe
  C:\Windows\System\whprYjQ.exe
  2⤵
  PID:7904
- C:\Windows\System\PVPdCqy.exe
  C:\Windows\System\PVPdCqy.exe
  2⤵
  PID:7920
- C:\Windows\System\ixTZecY.exe
  C:\Windows\System\ixTZecY.exe
  2⤵
  PID:7936
- C:\Windows\System\SwLiCwn.exe
  C:\Windows\System\SwLiCwn.exe
  2⤵
  PID:7952
- C:\Windows\System\HnfgEXf.exe
  C:\Windows\System\HnfgEXf.exe
  2⤵
  PID:7972
- C:\Windows\System\iTbBQuW.exe
  C:\Windows\System\iTbBQuW.exe
  2⤵
  PID:7988
- C:\Windows\System\wlWJkEt.exe
  C:\Windows\System\wlWJkEt.exe
  2⤵
  PID:8004
- C:\Windows\System\zeHZpGa.exe
  C:\Windows\System\zeHZpGa.exe
  2⤵
  PID:8020
- C:\Windows\System\rgsonft.exe
  C:\Windows\System\rgsonft.exe
  2⤵
  PID:8036
- C:\Windows\System\WjiyydW.exe
  C:\Windows\System\WjiyydW.exe
  2⤵
  PID:8052
- C:\Windows\System\drCKKox.exe
  C:\Windows\System\drCKKox.exe
  2⤵
  PID:8072
- C:\Windows\System\qQvZNAR.exe
  C:\Windows\System\qQvZNAR.exe
  2⤵
  PID:8088
- C:\Windows\System\bjXpgHo.exe
  C:\Windows\System\bjXpgHo.exe
  2⤵
  PID:8104
- C:\Windows\System\WzmxwxX.exe
  C:\Windows\System\WzmxwxX.exe
  2⤵
  PID:8120
- C:\Windows\System\RHZlhRR.exe
  C:\Windows\System\RHZlhRR.exe
  2⤵
  PID:8136
- C:\Windows\System\rhEGvrh.exe
  C:\Windows\System\rhEGvrh.exe
  2⤵
  PID:8152
- C:\Windows\System\yGepXqz.exe
  C:\Windows\System\yGepXqz.exe
  2⤵
  PID:8168
- C:\Windows\System\wrpComn.exe
  C:\Windows\System\wrpComn.exe
  2⤵
  PID:8184
- C:\Windows\System\RREDuZz.exe
  C:\Windows\System\RREDuZz.exe
  2⤵
  PID:7204
- C:\Windows\System\ZmWBAOv.exe
  C:\Windows\System\ZmWBAOv.exe
  2⤵
  PID:2004
- C:\Windows\System\vfnJjml.exe
  C:\Windows\System\vfnJjml.exe
  2⤵
  PID:6152
- C:\Windows\System\jAazKNu.exe
  C:\Windows\System\jAazKNu.exe
  2⤵
  PID:7188
- C:\Windows\System\xXabzND.exe
  C:\Windows\System\xXabzND.exe
  2⤵
  PID:7268
- C:\Windows\System\DceyIGc.exe
  C:\Windows\System\DceyIGc.exe
  2⤵
  PID:7252
- C:\Windows\System\QwqOxQs.exe
  C:\Windows\System\QwqOxQs.exe
  2⤵
  PID:7316
- C:\Windows\System\mFvJDRv.exe
  C:\Windows\System\mFvJDRv.exe
  2⤵
  PID:7412
- C:\Windows\System\ImcSNZY.exe
  C:\Windows\System\ImcSNZY.exe
  2⤵
  PID:7416
- C:\Windows\System\cXJmeXZ.exe
  C:\Windows\System\cXJmeXZ.exe
  2⤵
  PID:7444
- C:\Windows\System\AUdvRSh.exe
  C:\Windows\System\AUdvRSh.exe
  2⤵
  PID:7428
- C:\Windows\System\Byoscby.exe
  C:\Windows\System\Byoscby.exe
  2⤵
  PID:7492
- C:\Windows\System\PuXooMe.exe
  C:\Windows\System\PuXooMe.exe
  2⤵
  PID:7524
- C:\Windows\System\dFzlUjY.exe
  C:\Windows\System\dFzlUjY.exe
  2⤵
  PID:7588
- C:\Windows\System\yyuzoBp.exe
  C:\Windows\System\yyuzoBp.exe
  2⤵
  PID:7508
- C:\Windows\System\vEdiKQB.exe
  C:\Windows\System\vEdiKQB.exe
  2⤵
  PID:7540
- C:\Windows\System\MdZKTZE.exe
  C:\Windows\System\MdZKTZE.exe
  2⤵
  PID:7576
- C:\Windows\System\HrKnuka.exe
  C:\Windows\System\HrKnuka.exe
  2⤵
  PID:7636
- C:\Windows\System\VkdkBsm.exe
  C:\Windows\System\VkdkBsm.exe
  2⤵
  PID:7676
- C:\Windows\System\sLamQDv.exe
  C:\Windows\System\sLamQDv.exe
  2⤵
  PID:7752
- C:\Windows\System\OWMZPLQ.exe
  C:\Windows\System\OWMZPLQ.exe
  2⤵
  PID:7736
- C:\Windows\System\mmraXOA.exe
  C:\Windows\System\mmraXOA.exe
  2⤵
  PID:7800
- C:\Windows\System\TgoSYSQ.exe
  C:\Windows\System\TgoSYSQ.exe
  2⤵
  PID:7852
- C:\Windows\System\hBpOhBc.exe
  C:\Windows\System\hBpOhBc.exe
  2⤵
  PID:7832
- C:\Windows\System\IwkcIKB.exe
  C:\Windows\System\IwkcIKB.exe
  2⤵
  PID:7896
- C:\Windows\System\vMXxHix.exe
  C:\Windows\System\vMXxHix.exe
  2⤵
  PID:7916
- C:\Windows\System\pWVINiE.exe
  C:\Windows\System\pWVINiE.exe
  2⤵
  PID:7960
- C:\Windows\System\IgeMCqh.exe
  C:\Windows\System\IgeMCqh.exe
  2⤵
  PID:7984
- C:\Windows\System\RwmKtld.exe
  C:\Windows\System\RwmKtld.exe
  2⤵
  PID:8000
- C:\Windows\System\YDZcYLd.exe
  C:\Windows\System\YDZcYLd.exe
  2⤵
  PID:8048
- C:\Windows\System\AAUVIdj.exe
  C:\Windows\System\AAUVIdj.exe
  2⤵
  PID:8084
- C:\Windows\System\lMRjiBu.exe
  C:\Windows\System\lMRjiBu.exe
  2⤵
  PID:8112
- C:\Windows\System\TSifqnw.exe
  C:\Windows\System\TSifqnw.exe
  2⤵
  PID:8132
- C:\Windows\System\subpGxv.exe
  C:\Windows\System\subpGxv.exe
  2⤵
  PID:8164
- C:\Windows\System\KHlNhle.exe
  C:\Windows\System\KHlNhle.exe
  2⤵
  PID:7224
- C:\Windows\System\OKvBTEE.exe
  C:\Windows\System\OKvBTEE.exe
  2⤵
  PID:7476
- C:\Windows\System\WpCwaIK.exe
  C:\Windows\System\WpCwaIK.exe
  2⤵
  PID:7572
- C:\Windows\System\hutKuaj.exe
  C:\Windows\System\hutKuaj.exe
  2⤵
  PID:7672
- C:\Windows\System\LFCFozu.exe
  C:\Windows\System\LFCFozu.exe
  2⤵
  PID:6756
- C:\Windows\System\ZOOxznK.exe
  C:\Windows\System\ZOOxznK.exe
  2⤵
  PID:7288
- C:\Windows\System\wBTbgPH.exe
  C:\Windows\System\wBTbgPH.exe
  2⤵
  PID:7364
- C:\Windows\System\gLqJHMf.exe
  C:\Windows\System\gLqJHMf.exe
  2⤵
  PID:7556
- C:\Windows\System\KkUBWUo.exe
  C:\Windows\System\KkUBWUo.exe
  2⤵
  PID:7864
- C:\Windows\System\MMzPfbx.exe
  C:\Windows\System\MMzPfbx.exe
  2⤵
  PID:7944
- C:\Windows\System\LRtvWqF.exe
  C:\Windows\System\LRtvWqF.exe
  2⤵
  PID:7768
- C:\Windows\System\RBDfZhx.exe
  C:\Windows\System\RBDfZhx.exe
  2⤵
  PID:8080
- C:\Windows\System\hSyMOIS.exe
  C:\Windows\System\hSyMOIS.exe
  2⤵
  PID:7968
- C:\Windows\System\TEzHIpE.exe
  C:\Windows\System\TEzHIpE.exe
  2⤵
  PID:8144
- C:\Windows\System\EDxDWau.exe
  C:\Windows\System\EDxDWau.exe
  2⤵
  PID:1356
- C:\Windows\System\iKdWYBy.exe
  C:\Windows\System\iKdWYBy.exe
  2⤵
  PID:6256
- C:\Windows\System\FgQVRWL.exe
  C:\Windows\System\FgQVRWL.exe
  2⤵
  PID:7652
- C:\Windows\System\goeVKZq.exe
  C:\Windows\System\goeVKZq.exe
  2⤵
  PID:1832
- C:\Windows\System\yPNoBYJ.exe
  C:\Windows\System\yPNoBYJ.exe
  2⤵
  PID:7784
- C:\Windows\System\ygxolao.exe
  C:\Windows\System\ygxolao.exe
  2⤵
  PID:7140
- C:\Windows\System\RcJZmTN.exe
  C:\Windows\System\RcJZmTN.exe
  2⤵
  PID:7560
- C:\Windows\System\JGCbCOP.exe
  C:\Windows\System\JGCbCOP.exe
  2⤵
  PID:8160
- C:\Windows\System\AanhLfm.exe
  C:\Windows\System\AanhLfm.exe
  2⤵
  PID:7400
- C:\Windows\System\UTDLiJJ.exe
  C:\Windows\System\UTDLiJJ.exe
  2⤵
  PID:7624
- C:\Windows\System\qkipdWr.exe
  C:\Windows\System\qkipdWr.exe
  2⤵
  PID:1792
- C:\Windows\System\FicgYOq.exe
  C:\Windows\System\FicgYOq.exe
  2⤵
  PID:8032
- C:\Windows\System\PFkyiQr.exe
  C:\Windows\System\PFkyiQr.exe
  2⤵
  PID:1136
- C:\Windows\System\aFPlfqS.exe
  C:\Windows\System\aFPlfqS.exe
  2⤵
  PID:7964
- C:\Windows\System\RCsojKJ.exe
  C:\Windows\System\RCsojKJ.exe
  2⤵
  PID:7724
- C:\Windows\System\KofuAuz.exe
  C:\Windows\System\KofuAuz.exe
  2⤵
  PID:2980
- C:\Windows\System\QAPZfTJ.exe
  C:\Windows\System\QAPZfTJ.exe
  2⤵
  PID:7996
- C:\Windows\System\mfMmLZu.exe
  C:\Windows\System\mfMmLZu.exe
  2⤵
  PID:7656
- C:\Windows\System\BMzDXrn.exe
  C:\Windows\System\BMzDXrn.exe
  2⤵
  PID:628
- C:\Windows\System\tuwbJpy.exe
  C:\Windows\System\tuwbJpy.exe
  2⤵
  PID:7740
- C:\Windows\System\IhKlxrA.exe
  C:\Windows\System\IhKlxrA.exe
  2⤵
  PID:7848
- C:\Windows\System\TEPBVtm.exe
  C:\Windows\System\TEPBVtm.exe
  2⤵
  PID:7240
- C:\Windows\System\lHNTrfK.exe
  C:\Windows\System\lHNTrfK.exe
  2⤵
  PID:7496
- C:\Windows\System\ErdwbEK.exe
  C:\Windows\System\ErdwbEK.exe
  2⤵
  PID:8208
- C:\Windows\System\fmrYiPJ.exe
  C:\Windows\System\fmrYiPJ.exe
  2⤵
  PID:8224
- C:\Windows\System\PcwTTwH.exe
  C:\Windows\System\PcwTTwH.exe
  2⤵
  PID:8240
- C:\Windows\System\imfJCfk.exe
  C:\Windows\System\imfJCfk.exe
  2⤵
  PID:8256
- C:\Windows\System\cNDkAlF.exe
  C:\Windows\System\cNDkAlF.exe
  2⤵
  PID:8272
- C:\Windows\System\qjVqZEs.exe
  C:\Windows\System\qjVqZEs.exe
  2⤵
  PID:8288
- C:\Windows\System\EZtDQGZ.exe
  C:\Windows\System\EZtDQGZ.exe
  2⤵
  PID:8304
- C:\Windows\System\sYGXhJP.exe
  C:\Windows\System\sYGXhJP.exe
  2⤵
  PID:8320
- C:\Windows\System\FmhYXuM.exe
  C:\Windows\System\FmhYXuM.exe
  2⤵
  PID:8336
- C:\Windows\System\SvKxjcV.exe
  C:\Windows\System\SvKxjcV.exe
  2⤵
  PID:8352
- C:\Windows\System\XByfABg.exe
  C:\Windows\System\XByfABg.exe
  2⤵
  PID:8368
- C:\Windows\System\TXsKKZp.exe
  C:\Windows\System\TXsKKZp.exe
  2⤵
  PID:8384
- C:\Windows\System\LmgPUVQ.exe
  C:\Windows\System\LmgPUVQ.exe
  2⤵
  PID:8400
- C:\Windows\System\RyfeltR.exe
  C:\Windows\System\RyfeltR.exe
  2⤵
  PID:8416
- C:\Windows\System\NhTvkrx.exe
  C:\Windows\System\NhTvkrx.exe
  2⤵
  PID:8432
- C:\Windows\System\QvzvyiK.exe
  C:\Windows\System\QvzvyiK.exe
  2⤵
  PID:8448
- C:\Windows\System\DxYluww.exe
  C:\Windows\System\DxYluww.exe
  2⤵
  PID:8464
- C:\Windows\System\ICpCPQc.exe
  C:\Windows\System\ICpCPQc.exe
  2⤵
  PID:8480
- C:\Windows\System\GkrlmJB.exe
  C:\Windows\System\GkrlmJB.exe
  2⤵
  PID:8496
- C:\Windows\System\NChLUUt.exe
  C:\Windows\System\NChLUUt.exe
  2⤵
  PID:8512
- C:\Windows\System\dvGwyXW.exe
  C:\Windows\System\dvGwyXW.exe
  2⤵
  PID:8528
- C:\Windows\System\mCWnZpd.exe
  C:\Windows\System\mCWnZpd.exe
  2⤵
  PID:8544
- C:\Windows\System\JlgWLuA.exe
  C:\Windows\System\JlgWLuA.exe
  2⤵
  PID:8560
- C:\Windows\System\wtFSmPi.exe
  C:\Windows\System\wtFSmPi.exe
  2⤵
  PID:8576
- C:\Windows\System\xMTZxgT.exe
  C:\Windows\System\xMTZxgT.exe
  2⤵
  PID:8592
- C:\Windows\System\iKKaMWx.exe
  C:\Windows\System\iKKaMWx.exe
  2⤵
  PID:8608
- C:\Windows\System\zWvuBMl.exe
  C:\Windows\System\zWvuBMl.exe
  2⤵
  PID:8624
- C:\Windows\System\vdHAKAo.exe
  C:\Windows\System\vdHAKAo.exe
  2⤵
  PID:8640
- C:\Windows\System\kioWzmE.exe
  C:\Windows\System\kioWzmE.exe
  2⤵
  PID:8656
- C:\Windows\System\vdhvmQP.exe
  C:\Windows\System\vdhvmQP.exe
  2⤵
  PID:8672
- C:\Windows\System\RDNmAzR.exe
  C:\Windows\System\RDNmAzR.exe
  2⤵
  PID:8688
- C:\Windows\System\ugCtRXW.exe
  C:\Windows\System\ugCtRXW.exe
  2⤵
  PID:8704
- C:\Windows\System\btodkUh.exe
  C:\Windows\System\btodkUh.exe
  2⤵
  PID:8724
- C:\Windows\System\ETWgskq.exe
  C:\Windows\System\ETWgskq.exe
  2⤵
  PID:8740
- C:\Windows\System\PmwtibO.exe
  C:\Windows\System\PmwtibO.exe
  2⤵
  PID:8756
- C:\Windows\System\OgWdORh.exe
  C:\Windows\System\OgWdORh.exe
  2⤵
  PID:8772
- C:\Windows\System\yVjfnFv.exe
  C:\Windows\System\yVjfnFv.exe
  2⤵
  PID:8788
- C:\Windows\System\IGUtcmq.exe
  C:\Windows\System\IGUtcmq.exe
  2⤵
  PID:8804
- C:\Windows\System\OMtcwkg.exe
  C:\Windows\System\OMtcwkg.exe
  2⤵
  PID:8820
- C:\Windows\System\cJaKknw.exe
  C:\Windows\System\cJaKknw.exe
  2⤵
  PID:8836
- C:\Windows\System\zAYknSJ.exe
  C:\Windows\System\zAYknSJ.exe
  2⤵
  PID:8852
- C:\Windows\System\KtkAXDx.exe
  C:\Windows\System\KtkAXDx.exe
  2⤵
  PID:8868
- C:\Windows\System\gUfGCvS.exe
  C:\Windows\System\gUfGCvS.exe
  2⤵
  PID:8884
- C:\Windows\System\HPqPzRt.exe
  C:\Windows\System\HPqPzRt.exe
  2⤵
  PID:8900
- C:\Windows\System\cQzBxhH.exe
  C:\Windows\System\cQzBxhH.exe
  2⤵
  PID:8916
- C:\Windows\System\GhCrNwe.exe
  C:\Windows\System\GhCrNwe.exe
  2⤵
  PID:8932
- C:\Windows\System\JkvRKpc.exe
  C:\Windows\System\JkvRKpc.exe
  2⤵
  PID:8948
- C:\Windows\System\UKNrlPV.exe
  C:\Windows\System\UKNrlPV.exe
  2⤵
  PID:8964
- C:\Windows\System\LeYXdzm.exe
  C:\Windows\System\LeYXdzm.exe
  2⤵
  PID:8980
- C:\Windows\System\SjASxdX.exe
  C:\Windows\System\SjASxdX.exe
  2⤵
  PID:9000
- C:\Windows\System\FdDAefR.exe
  C:\Windows\System\FdDAefR.exe
  2⤵
  PID:9016
- C:\Windows\System\ovyeTbW.exe
  C:\Windows\System\ovyeTbW.exe
  2⤵
  PID:9032
- C:\Windows\System\RNyUbIN.exe
  C:\Windows\System\RNyUbIN.exe
  2⤵
  PID:9048
- C:\Windows\System\ufJvSUB.exe
  C:\Windows\System\ufJvSUB.exe
  2⤵
  PID:9064
- C:\Windows\System\QSyXMyb.exe
  C:\Windows\System\QSyXMyb.exe
  2⤵
  PID:9080
- C:\Windows\System\hCogjYI.exe
  C:\Windows\System\hCogjYI.exe
  2⤵
  PID:9096
- C:\Windows\System\HnJzeod.exe
  C:\Windows\System\HnJzeod.exe
  2⤵
  PID:9112
- C:\Windows\System\HohZxgJ.exe
  C:\Windows\System\HohZxgJ.exe
  2⤵
  PID:9132
- C:\Windows\System\wbBvmMC.exe
  C:\Windows\System\wbBvmMC.exe
  2⤵
  PID:9148
- C:\Windows\System\NmvAckE.exe
  C:\Windows\System\NmvAckE.exe
  2⤵
  PID:9164
- C:\Windows\System\AAcXTlG.exe
  C:\Windows\System\AAcXTlG.exe
  2⤵
  PID:9180
- C:\Windows\System\ZfoSHSa.exe
  C:\Windows\System\ZfoSHSa.exe
  2⤵
  PID:9196
- C:\Windows\System\SNqxIEQ.exe
  C:\Windows\System\SNqxIEQ.exe
  2⤵
  PID:9212
- C:\Windows\System\ammPUrN.exe
  C:\Windows\System\ammPUrN.exe
  2⤵
  PID:8204
- C:\Windows\System\GfphRHc.exe
  C:\Windows\System\GfphRHc.exe
  2⤵
  PID:7384
- C:\Windows\System\pjIYFYV.exe
  C:\Windows\System\pjIYFYV.exe
  2⤵
  PID:8252
- C:\Windows\System\SEuFTSK.exe
  C:\Windows\System\SEuFTSK.exe
  2⤵
  PID:8316
- C:\Windows\System\YMidMLS.exe
  C:\Windows\System\YMidMLS.exe
  2⤵
  PID:8300
- C:\Windows\System\VyctgQd.exe
  C:\Windows\System\VyctgQd.exe
  2⤵
  PID:8364
- C:\Windows\System\mzGoKpD.exe
  C:\Windows\System\mzGoKpD.exe
  2⤵
  PID:8428
- C:\Windows\System\WSomObZ.exe
  C:\Windows\System\WSomObZ.exe
  2⤵
  PID:8376
- C:\Windows\System\IBVeELh.exe
  C:\Windows\System\IBVeELh.exe
  2⤵
  PID:8492
- C:\Windows\System\icfgpHy.exe
  C:\Windows\System\icfgpHy.exe
  2⤵
  PID:8440
- C:\Windows\System\YyXfZSc.exe
  C:\Windows\System\YyXfZSc.exe
  2⤵
  PID:8524
- C:\Windows\System\HugPdXe.exe
  C:\Windows\System\HugPdXe.exe
  2⤵
  PID:8508
- C:\Windows\System\dicuBGP.exe
  C:\Windows\System\dicuBGP.exe
  2⤵
  PID:8584
- C:\Windows\System\TnABEsV.exe
  C:\Windows\System\TnABEsV.exe
  2⤵
  PID:8600
- C:\Windows\System\exwInUC.exe
  C:\Windows\System\exwInUC.exe
  2⤵
  PID:8680
- C:\Windows\System\PePNbkp.exe
  C:\Windows\System\PePNbkp.exe
  2⤵
  PID:8636
- C:\Windows\System\mlgYFrZ.exe
  C:\Windows\System\mlgYFrZ.exe
  2⤵
  PID:8716
- C:\Windows\System\KmImlHe.exe
  C:\Windows\System\KmImlHe.exe
  2⤵
  PID:8780
- C:\Windows\System\dBumEKC.exe
  C:\Windows\System\dBumEKC.exe
  2⤵
  PID:8844
- C:\Windows\System\kwiRUqR.exe
  C:\Windows\System\kwiRUqR.exe
  2⤵
  PID:8908
- C:\Windows\System\Rzhfldd.exe
  C:\Windows\System\Rzhfldd.exe
  2⤵
  PID:8972
- C:\Windows\System\clAPdGk.exe
  C:\Windows\System\clAPdGk.exe
  2⤵
  PID:8864
- C:\Windows\System\kDBgVNO.exe
  C:\Windows\System\kDBgVNO.exe
  2⤵
  PID:9076
- C:\Windows\System\ZskzvhW.exe
  C:\Windows\System\ZskzvhW.exe
  2⤵
  PID:8896
- C:\Windows\System\NiVYzTh.exe
  C:\Windows\System\NiVYzTh.exe
  2⤵
  PID:9092
- C:\Windows\System\NJpGaOC.exe
  C:\Windows\System\NJpGaOC.exe
  2⤵
  PID:9160
- C:\Windows\System\QeEXfop.exe
  C:\Windows\System\QeEXfop.exe
  2⤵
  PID:9204
- C:\Windows\System\FiZPPQv.exe
  C:\Windows\System\FiZPPQv.exe
  2⤵
  PID:8284
- C:\Windows\System\QUGCIas.exe
  C:\Windows\System\QUGCIas.exe
  2⤵
  PID:8312
- C:\Windows\System\YpLYgxI.exe
  C:\Windows\System\YpLYgxI.exe
  2⤵
  PID:8344
- C:\Windows\System\ocrbWZa.exe
  C:\Windows\System\ocrbWZa.exe
  2⤵
  PID:8556
- C:\Windows\System\YgaQokG.exe
  C:\Windows\System\YgaQokG.exe
  2⤵
  PID:8620
- C:\Windows\System\qbthjzC.exe
  C:\Windows\System\qbthjzC.exe
  2⤵
  PID:8296
- C:\Windows\System\sFRwSMO.exe
  C:\Windows\System\sFRwSMO.exe
  2⤵
  PID:8668
- C:\Windows\System\dGDDltn.exe
  C:\Windows\System\dGDDltn.exe
  2⤵
  PID:8520
- C:\Windows\System\UjtIIoF.exe
  C:\Windows\System\UjtIIoF.exe
  2⤵
  PID:8732
- C:\Windows\System\yGVkQxU.exe
  C:\Windows\System\yGVkQxU.exe
  2⤵
  PID:8796
- C:\Windows\System\tHNMbtE.exe
  C:\Windows\System\tHNMbtE.exe
  2⤵
  PID:8876
- C:\Windows\System\TSzfwED.exe
  C:\Windows\System\TSzfwED.exe
  2⤵
  PID:8816
- C:\Windows\System\yHQLkNZ.exe
  C:\Windows\System\yHQLkNZ.exe
  2⤵
  PID:9040
- C:\Windows\System\wMgThDK.exe
  C:\Windows\System\wMgThDK.exe
  2⤵
  PID:8892
- C:\Windows\System\TCFHInU.exe
  C:\Windows\System\TCFHInU.exe
  2⤵
  PID:8928
- C:\Windows\System\gVDySTU.exe
  C:\Windows\System\gVDySTU.exe
  2⤵
  PID:8996
- C:\Windows\System\IYvuraq.exe
  C:\Windows\System\IYvuraq.exe
  2⤵
  PID:9088
- C:\Windows\System\YzQgWru.exe
  C:\Windows\System\YzQgWru.exe
  2⤵
  PID:9176
- C:\Windows\System\pTzEzOt.exe
  C:\Windows\System\pTzEzOt.exe
  2⤵
  PID:8216
- C:\Windows\System\DKvnkSc.exe
  C:\Windows\System\DKvnkSc.exe
  2⤵
  PID:8696
- C:\Windows\System\fhhVBzA.exe
  C:\Windows\System\fhhVBzA.exe
  2⤵
  PID:8220
- C:\Windows\System\NXnITpS.exe
  C:\Windows\System\NXnITpS.exe
  2⤵
  PID:8412
- C:\Windows\System\CnNVJzk.exe
  C:\Windows\System\CnNVJzk.exe
  2⤵
  PID:8348
- C:\Windows\System\pgNSAiG.exe
  C:\Windows\System\pgNSAiG.exe
  2⤵
  PID:8764
- C:\Windows\System\Tadibui.exe
  C:\Windows\System\Tadibui.exe
  2⤵
  PID:8832
- C:\Windows\System\COeirQr.exe
  C:\Windows\System\COeirQr.exe
  2⤵
  PID:9056
- C:\Windows\System\fbaHGHx.exe
  C:\Windows\System\fbaHGHx.exe
  2⤵
  PID:8236
- C:\Windows\System\csFHCtd.exe
  C:\Windows\System\csFHCtd.exe
  2⤵
  PID:8752
- C:\Windows\System\uEKiLUS.exe
  C:\Windows\System\uEKiLUS.exe
  2⤵
  PID:8860
- C:\Windows\System\HEnfPSY.exe
  C:\Windows\System\HEnfPSY.exe
  2⤵
  PID:8960
- C:\Windows\System\JKEaRBu.exe
  C:\Windows\System\JKEaRBu.exe
  2⤵
  PID:8044
- C:\Windows\System\yZVTuYQ.exe
  C:\Windows\System\yZVTuYQ.exe
  2⤵
  PID:8940
- C:\Windows\System\UXkwUUX.exe
  C:\Windows\System\UXkwUUX.exe
  2⤵
  PID:9156
- C:\Windows\System\SNXCzMU.exe
  C:\Windows\System\SNXCzMU.exe
  2⤵
  PID:9192
- C:\Windows\System\xVWypnT.exe
  C:\Windows\System\xVWypnT.exe
  2⤵
  PID:8476
- C:\Windows\System\IvFEZip.exe
  C:\Windows\System\IvFEZip.exe
  2⤵
  PID:9220
- C:\Windows\System\CUZIcek.exe
  C:\Windows\System\CUZIcek.exe
  2⤵
  PID:9236
- C:\Windows\System\GdmfRMw.exe
  C:\Windows\System\GdmfRMw.exe
  2⤵
  PID:9252
- C:\Windows\System\PjFdYFU.exe
  C:\Windows\System\PjFdYFU.exe
  2⤵
  PID:9268
- C:\Windows\System\PNsapoU.exe
  C:\Windows\System\PNsapoU.exe
  2⤵
  PID:9284
- C:\Windows\System\cbTrPlq.exe
  C:\Windows\System\cbTrPlq.exe
  2⤵
  PID:9300
- C:\Windows\System\aIRHliL.exe
  C:\Windows\System\aIRHliL.exe
  2⤵
  PID:9316
- C:\Windows\System\bncdUdZ.exe
  C:\Windows\System\bncdUdZ.exe
  2⤵
  PID:9332
- C:\Windows\System\TvCCrby.exe
  C:\Windows\System\TvCCrby.exe
  2⤵
  PID:9348
- C:\Windows\System\UIPoKMA.exe
  C:\Windows\System\UIPoKMA.exe
  2⤵
  PID:9364
- C:\Windows\System\NZXOUVU.exe
  C:\Windows\System\NZXOUVU.exe
  2⤵
  PID:9380
- C:\Windows\System\EEMydPS.exe
  C:\Windows\System\EEMydPS.exe
  2⤵
  PID:9396
- C:\Windows\System\BuoiVYZ.exe
  C:\Windows\System\BuoiVYZ.exe
  2⤵
  PID:9416
- C:\Windows\System\SapDnbU.exe
  C:\Windows\System\SapDnbU.exe
  2⤵
  PID:9432
- C:\Windows\System\aHBgWhf.exe
  C:\Windows\System\aHBgWhf.exe
  2⤵
  PID:9448
- C:\Windows\System\GcTDsnj.exe
  C:\Windows\System\GcTDsnj.exe
  2⤵
  PID:9464
- C:\Windows\System\MbnhcME.exe
  C:\Windows\System\MbnhcME.exe
  2⤵
  PID:9480
- C:\Windows\System\hTMJLXw.exe
  C:\Windows\System\hTMJLXw.exe
  2⤵
  PID:9496
- C:\Windows\System\uiTiXWY.exe
  C:\Windows\System\uiTiXWY.exe
  2⤵
  PID:9512
- C:\Windows\System\rLYJmQD.exe
  C:\Windows\System\rLYJmQD.exe
  2⤵
  PID:9528
- C:\Windows\System\ddcFizy.exe
  C:\Windows\System\ddcFizy.exe
  2⤵
  PID:9544
- C:\Windows\System\fPDIure.exe
  C:\Windows\System\fPDIure.exe
  2⤵
  PID:9560
- C:\Windows\System\JhuWYtn.exe
  C:\Windows\System\JhuWYtn.exe
  2⤵
  PID:9576
- C:\Windows\System\BnyHLJa.exe
  C:\Windows\System\BnyHLJa.exe
  2⤵
  PID:9592
- C:\Windows\System\UsqlpzU.exe
  C:\Windows\System\UsqlpzU.exe
  2⤵
  PID:9608
- C:\Windows\System\cgsJVuK.exe
  C:\Windows\System\cgsJVuK.exe
  2⤵
  PID:9624
- C:\Windows\System\IHPehMB.exe
  C:\Windows\System\IHPehMB.exe
  2⤵
  PID:9640
- C:\Windows\System\wXQQAnJ.exe
  C:\Windows\System\wXQQAnJ.exe
  2⤵
  PID:9656
- C:\Windows\System\jUtygOD.exe
  C:\Windows\System\jUtygOD.exe
  2⤵
  PID:9672
- C:\Windows\System\gBuIJRK.exe
  C:\Windows\System\gBuIJRK.exe
  2⤵
  PID:9688
- C:\Windows\System\ADkFvgX.exe
  C:\Windows\System\ADkFvgX.exe
  2⤵
  PID:9704
- C:\Windows\System\ycFmjZJ.exe
  C:\Windows\System\ycFmjZJ.exe
  2⤵
  PID:9720
- C:\Windows\System\cubOpYd.exe
  C:\Windows\System\cubOpYd.exe
  2⤵
  PID:9736
- C:\Windows\System\jvrstTl.exe
  C:\Windows\System\jvrstTl.exe
  2⤵
  PID:9752
- C:\Windows\System\VAGmUBI.exe
  C:\Windows\System\VAGmUBI.exe
  2⤵
  PID:9768
- C:\Windows\System\NWwEvAC.exe
  C:\Windows\System\NWwEvAC.exe
  2⤵
  PID:9784
- C:\Windows\System\ZLMAIsX.exe
  C:\Windows\System\ZLMAIsX.exe
  2⤵
  PID:9800
- C:\Windows\System\eHtcGip.exe
  C:\Windows\System\eHtcGip.exe
  2⤵
  PID:9816
- C:\Windows\System\CYBFnTq.exe
  C:\Windows\System\CYBFnTq.exe
  2⤵
  PID:9832
- C:\Windows\System\inCdvef.exe
  C:\Windows\System\inCdvef.exe
  2⤵
  PID:9848
- C:\Windows\System\vmbBFbc.exe
  C:\Windows\System\vmbBFbc.exe
  2⤵
  PID:9864
- C:\Windows\System\JYwMjOd.exe
  C:\Windows\System\JYwMjOd.exe
  2⤵
  PID:9880
- C:\Windows\System\zGNBzgd.exe
  C:\Windows\System\zGNBzgd.exe
  2⤵
  PID:9896
- C:\Windows\System\ugUUbbG.exe
  C:\Windows\System\ugUUbbG.exe
  2⤵
  PID:9912
- C:\Windows\System\pGjjHuZ.exe
  C:\Windows\System\pGjjHuZ.exe
  2⤵
  PID:9928
- C:\Windows\System\JwZCUqz.exe
  C:\Windows\System\JwZCUqz.exe
  2⤵
  PID:9948
- C:\Windows\System\WIbPPgu.exe
  C:\Windows\System\WIbPPgu.exe
  2⤵
  PID:9376
- C:\Windows\System\sSBINIX.exe
  C:\Windows\System\sSBINIX.exe
  2⤵
  PID:9260
- C:\Windows\System\maWLIFK.exe
  C:\Windows\System\maWLIFK.exe
  2⤵
  PID:9536
- C:\Windows\System\ZXhqSwu.exe
  C:\Windows\System\ZXhqSwu.exe
  2⤵
  PID:9604
- C:\Windows\System\kYYCdAn.exe
  C:\Windows\System\kYYCdAn.exe
  2⤵
  PID:9684
- C:\Windows\System\PioxeCs.exe
  C:\Windows\System\PioxeCs.exe
  2⤵
  PID:9780
- C:\Windows\System\CPLsmjf.exe
  C:\Windows\System\CPLsmjf.exe
  2⤵
  PID:9844
- C:\Windows\System\zCRcKmL.exe
  C:\Windows\System\zCRcKmL.exe
  2⤵
  PID:9908
- C:\Windows\System\fGDTpvC.exe
  C:\Windows\System\fGDTpvC.exe
  2⤵
  PID:9732
- C:\Windows\System\GgAzQom.exe
  C:\Windows\System\GgAzQom.exe
  2⤵
  PID:9828
- C:\Windows\System\qQDgFXt.exe
  C:\Windows\System\qQDgFXt.exe
  2⤵
  PID:9920
- C:\Windows\System\UTzsANT.exe
  C:\Windows\System\UTzsANT.exe
  2⤵
  PID:9944
- C:\Windows\System\jWNXads.exe
  C:\Windows\System\jWNXads.exe
  2⤵
  PID:9968
- C:\Windows\System\KXXAiCm.exe
  C:\Windows\System\KXXAiCm.exe
  2⤵
  PID:9988
- C:\Windows\System\wzdrPXa.exe
  C:\Windows\System\wzdrPXa.exe
  2⤵
  PID:10008
- C:\Windows\System\eRmdqWM.exe
  C:\Windows\System\eRmdqWM.exe
  2⤵
  PID:10016
- C:\Windows\System\aWlrkKK.exe
  C:\Windows\System\aWlrkKK.exe
  2⤵
  PID:10032
- C:\Windows\System\HNTqDVU.exe
  C:\Windows\System\HNTqDVU.exe
  2⤵
  PID:10052
- C:\Windows\System\QfBaSrI.exe
  C:\Windows\System\QfBaSrI.exe
  2⤵
  PID:10068
- C:\Windows\System\gvEpzTK.exe
  C:\Windows\System\gvEpzTK.exe
  2⤵
  PID:10080
- C:\Windows\System\TCtkaiT.exe
  C:\Windows\System\TCtkaiT.exe
  2⤵
  PID:10120
- C:\Windows\System\LdOmRdH.exe
  C:\Windows\System\LdOmRdH.exe
  2⤵
  PID:10196
- C:\Windows\System\RQWLbXF.exe
  C:\Windows\System\RQWLbXF.exe
  2⤵
  PID:10224
- C:\Windows\System\fNalvhj.exe
  C:\Windows\System\fNalvhj.exe
  2⤵
  PID:10228
- C:\Windows\System\vdxDzFK.exe
  C:\Windows\System\vdxDzFK.exe
  2⤵
  PID:9244
- C:\Windows\System\DfKSjKu.exe
  C:\Windows\System\DfKSjKu.exe
  2⤵
  PID:8632
- C:\Windows\System\rmUAfDC.exe
  C:\Windows\System\rmUAfDC.exe
  2⤵
  PID:9344
- C:\Windows\System\lDLVbQR.exe
  C:\Windows\System\lDLVbQR.exe
  2⤵
  PID:9264
- C:\Windows\System\ApDmTdD.exe
  C:\Windows\System\ApDmTdD.exe
  2⤵
  PID:9456
- C:\Windows\System\Itjmebm.exe
  C:\Windows\System\Itjmebm.exe
  2⤵
  PID:9488
- C:\Windows\System\iILUSVK.exe
  C:\Windows\System\iILUSVK.exe
  2⤵
  PID:10156
- C:\Windows\System\OBtHIcI.exe
  C:\Windows\System\OBtHIcI.exe
  2⤵
  PID:9588
- C:\Windows\System\HYHAAku.exe
  C:\Windows\System\HYHAAku.exe
  2⤵
  PID:9664
- C:\Windows\System\WslZckW.exe
  C:\Windows\System\WslZckW.exe
  2⤵
  PID:9472
- C:\Windows\System\fNyrqdG.exe
  C:\Windows\System\fNyrqdG.exe
  2⤵
  PID:9508
- C:\Windows\System\HmqEgKB.exe
  C:\Windows\System\HmqEgKB.exe
  2⤵
  PID:9716
- C:\Windows\System\zmWgURY.exe
  C:\Windows\System\zmWgURY.exe
  2⤵
  PID:9776
- C:\Windows\System\JWFOsRL.exe
  C:\Windows\System\JWFOsRL.exe
  2⤵
  PID:9876
- C:\Windows\System\lSXGrul.exe
  C:\Windows\System\lSXGrul.exe
  2⤵
  PID:9700
- C:\Windows\System\TpDAQKc.exe
  C:\Windows\System\TpDAQKc.exe
  2⤵
  PID:9792
- C:\Windows\System\YwPSVYo.exe
  C:\Windows\System\YwPSVYo.exe
  2⤵
  PID:9964
- C:\Windows\System\rXiTVmh.exe
  C:\Windows\System\rXiTVmh.exe
  2⤵
  PID:9984
- C:\Windows\System\ufOyUaO.exe
  C:\Windows\System\ufOyUaO.exe
  2⤵
  PID:10004
- C:\Windows\System\kiZyNrJ.exe
  C:\Windows\System\kiZyNrJ.exe
  2⤵
  PID:10048
- C:\Windows\System\siIcOqO.exe
  C:\Windows\System\siIcOqO.exe
  2⤵
  PID:10084
- C:\Windows\System\zmsFrnG.exe
  C:\Windows\System\zmsFrnG.exe
  2⤵
  PID:10112
- C:\Windows\System\deQvHiY.exe
  C:\Windows\System\deQvHiY.exe
  2⤵
  PID:10176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\COJyFzs.exe

Filesize
6.0MB

MD5
4aeb819036cbcbc6821c0647d4bb31bf

SHA1
ed2a2c5d3ea9c79d32230af4c4165bd19e224aa2

SHA256
47d5031bd5f4d8613f27a38c9dc2b213a765de8ddfc1ef2c0775b4ae0df09082

SHA512
b17141db4b67dbe89cd2cfa36c5b78c8513c726f73f98229bc89ca8d347e9ddab20855d3a2e68fe628692b351e5bd11fa8ad6cca7e814fbaeba9c5f738a023d1

Download Submit
C:\Windows\system\GDrTaFJ.exe

Filesize
6.0MB

MD5
3865b29c5f9cd9d5e52628529b1a16a8

SHA1
e4e64b1609636aeb86be4e637e4c1110bd2b3771

SHA256
b858f6e15eda181c194330f89a823969d8a523024273373145ca7556e6c70740

SHA512
75a2dab98afcc78a5d657e731b31c6b28b571fd25518a0b2f91dab0d0fe1784e6f4818b834b88dd99fe9453d4b82ce4cfd2feac01290bd1589f266ce302af222

Download Submit
C:\Windows\system\JylVivp.exe

Filesize
6.0MB

MD5
02944dc79491aad106a0c020d6c8a994

SHA1
87f8d52ab2bd2b102be9750d52ae17808fef493f

SHA256
4d11e483a84fc744f7afbb3c8300bfa487931fbf61ce6b9cb20cac217078b0b0

SHA512
cfd23c54a8fef8779e3340c43e213ac73990197727da226fa6829ced469cc9828af126e2fe59182a536dde03fc970e7649f160daefeb2e9bf25dc0607fb1a989

Download Submit
C:\Windows\system\KAaGyoQ.exe

Filesize
6.0MB

MD5
283d3e71164420bfb34a32e25eaa95a1

SHA1
266346fcda93e792a7e71d67a502d150cbbdd85a

SHA256
b81bc1e48f21c5b7e5004d79ef3c219f9f62ee0de81235899ce73562793b1b39

SHA512
368def1acb90507ff053522acd60a7b8e2da36cbb80433e213d4a6cc6b5f3cf2f9e21fbcee4cc7b285a9a330e33b80cead9378b42a80dfa14816e8b147d182a0

Download Submit
C:\Windows\system\KzXwokK.exe

Filesize
6.0MB

MD5
39f2110359cee7244b2aa4f2463ba2b3

SHA1
4b111bb444d1d0f3d8d71b18d9d130d5056bec8e

SHA256
810897b704e5f5a262bea684828b0911827050a0790082a03284553543a993b9

SHA512
2e01382c45eff73006a8a8ad213c9f93ecb5691cff4958a74f4628bcda4a0948a388548b003106d1f74e5e75dee879ef5b5c2a533170eb844eae5b9487ec98ba

Download Submit
C:\Windows\system\LIywCNh.exe

Filesize
6.0MB

MD5
0f9f01272d182b22bccf76c9a5cb6f47

SHA1
5c6a7ecbd7978ddec5f2bf14e9631d22fb7d5261

SHA256
1224ff13b3dd45d42c272b04fb578d232e506022abf1b95ddc3b487078d3d0cd

SHA512
3002da9a9d7a6afe70696e69fb940a74064f050eb58d80728298400c65fa1f1a324892bda04c014be655a8d7ad34fb1f56f5e766b8a9139ee55a27d1e8b0e7eb

Download Submit
C:\Windows\system\NQyrapM.exe

Filesize
6.0MB

MD5
8c70351e88f48288f2d878105c6c4e80

SHA1
a5dbd7d3946c269ff8c0abd00c68d853aa102e9e

SHA256
82160f44c511fe6461641f3a31d127a5a4f7a495193d6dd63034e2c8eb9f948e

SHA512
1a040c936851eb584e63d32f847e1c8078508c78d6afd62f0d4e6984b94a29a547e1524451f59f167d9bcf2303d01d91cc845110004161f87804b520623268f8

Download Submit
C:\Windows\system\OUfVsef.exe

Filesize
6.0MB

MD5
90ea5ff2765ae6b0668cfd257c24600a

SHA1
8ca3628aae38d5aed4d2030237d6bb3438c9526c

SHA256
a7b204217693f308e6fdf59d903e8a295684256b767b69fb615b71f66989e5d8

SHA512
144359be6b912147188e1f9ea0ac2de2ed3441a60ecc9534172d3a2b34f01f9faa643fde096ca21ce5f3c365183909477ed4fab2fc2bea265606bfec1ec05a6d

Download Submit
C:\Windows\system\PdxvRsu.exe

Filesize
6.0MB

MD5
a0f6bffb5e01281906ae07a221463b32

SHA1
f57b37eba70b8309c1b1dbb8bdd4748c0e6696c1

SHA256
0e24c2993dc1a8090855b93f1cafd43154d9e8e57237bd93d359bd4149f0fb10

SHA512
39b8771c9f7468af105d03de75915f4da0202f98fd9a0e5516e1b28743abe99a25e9ec8941937954b13672d2bba68a7acf07472042b62d547965a5847626dad8

Download Submit
C:\Windows\system\QBZbKqd.exe

Filesize
6.0MB

MD5
e6ddbd329f00b160333e7b75ef4cf661

SHA1
2efa342aa78a8610cf6e765d899a4fcbdbfbfdbf

SHA256
0885c4db0ced9e714f0283460e49294270604483cf5a8b2c5b7cad57d4847d61

SHA512
ecff6b1cc6c5096968fb68597896bbc7a36571b607bebca9ca014cf80e2cfd6d52655f26d7055b63b7ae81ebe48a1a93e398a8bb32ff42c683a0b11a52f80fc5

Download Submit
C:\Windows\system\TnmQjHm.exe

Filesize
6.0MB

MD5
1ffe67a17764385fcf51c873cef275ca

SHA1
1b548b8ca2de37c797c718213bed1341d84f0e75

SHA256
f4bcfdd6ab59858cd30bfb03d3a8c9b0b653661788f2096024b352744f5f149d

SHA512
0b94a8a67fe25ebb134852b7f44e948e028041fdbbc4ffec56e889bf47e26a407b4a926990b19bd1d7ee1b6adcade136345651b87711f6e0202e1522eb4c76a6

Download Submit
C:\Windows\system\UgRHfOX.exe

Filesize
6.0MB

MD5
2591d9e5456182507fedac49b0b9f9a1

SHA1
a861f814d1fd0fdbe975a1c5fbb025551be6aa98

SHA256
2b755b059c99cbccd52230613e841f96872280f8b2553e9ba21d89946f8c67ce

SHA512
7614715282997e502c8fb28792dc291ddb16b3605c0ff79e4aa784385ea082b5fae20c9813c15178a91e24107a0babcb4259df5561b45af9d824238186821492

Download Submit
C:\Windows\system\VWNZiHM.exe

Filesize
6.0MB

MD5
0fc80ecb2e19cd97f7bebed65d05d4c2

SHA1
0b00e24235d0523dc8bfff6c9f09f2f1fb491179

SHA256
85357fa1fbc76e89e8bcf2e34133d3084965151e25c64366e6f0b2334f6f55fe

SHA512
ea1bbd8eb48fb562f19ac6a10f6f546a91342205c37cf9564e4da032904bc23ff89652e9768b5b23009499b830efbfd39be13b503d96bfbd70db7befdc881f45

Download Submit
C:\Windows\system\aCbMSdt.exe

Filesize
6.0MB

MD5
4eb7baf61843b62083b2beb1ea50020a

SHA1
6d5bbf05702216268fe69a5d3739119587b98d21

SHA256
773874f9c8f683aa1891bd3c89e174af46790c195ee96451c9f85d3cb3325282

SHA512
a3e55b2acf89e313479851595c747f9f6e6757d027ad47aaf45096772fe83f2dc51b5cbef74cb4a22470a7eb1886f7e6e8661a3aaf48ef5ddce2796ff6a83724

Download Submit
C:\Windows\system\aMZzexj.exe

Filesize
6.0MB

MD5
a9e3a77c86cf5fe003a07570de38f58d

SHA1
dd0b085bb49fcc1b78325ee4ead6ed263655a5fe

SHA256
b96affcd08b737a78365e70b0e7662bdcd0f501b16781dd522e4238a5a18549f

SHA512
1090eafc4d351508498f35bae605b1c4ff0bbd7ca719aa0a37b98de934e0faaf3287c5f98ea9e52a997aeadc95985a1d2676b858aa4153c340d6b6b085602c0a

Download Submit
C:\Windows\system\dCNoHVp.exe

Filesize
6.0MB

MD5
c85b307a2370a0b965897db883b32311

SHA1
b0f197f220ec1937fac34a6ce25ea61f2a8c9719

SHA256
bd4ac1034d69c61600629fa0ea9539ad31695ca8d79d7a5e31ce0eef7454eef8

SHA512
3d571eeb404987513aa0693902454d5068d236ff4f29a87c8962a6a387d4843215f143ced97f099099dbdccbfce6d3dec951fd02a4dca1a7d72a59566aac1a9f

Download Submit
C:\Windows\system\ehYcKFl.exe

Filesize
6.0MB

MD5
572dbc9abe55b80bf137ad9ebe5b9f07

SHA1
4a3e238613a64b6149ee95754dfed5348ea7c898

SHA256
f2e355ba009e581ad1bddda8bd46b739b0f684f219f1915e3ee60e2ee05d5e79

SHA512
7bc20878dfb00a38c289cfc5f6e82a8a809e507bae8f72bac43183e7b5fe3c0c00cbcf5e8b6fdeed2a8bf11973c149643f1cb024dd5f51629b5cf338e77a2764

Download Submit
C:\Windows\system\gGJfXeN.exe

Filesize
6.0MB

MD5
42e06d1dc46141f2a52b1b25f1afa950

SHA1
fb76323ea8577dc7d5ed6887e4ba2256cce9fcf1

SHA256
0d5a32bdfe05019384d7efa6601fcd184e82c23e4f55159a20cda87d8d85f727

SHA512
6b7590e45ae628c4c1801614d1c91ba5e8e39440c254f0a161df54fd068eced678ceabdc09829e5ec1e863af0a6e77520a5926ad269137c61158be31b0a6f6c0

Download Submit
C:\Windows\system\kVKwONM.exe

Filesize
6.0MB

MD5
09c7ee254da78141349620c35a501d10

SHA1
c2b0b5615d0a40c7fa27b5884ec94ae72e7b2188

SHA256
7d70da8e369359f9c35d0e5484f0569db15c2448026cec0ce605cbdb2e476a84

SHA512
ef7e4ba07b49669b2aaeb2e41ab0438616f2799626ba0f0adf72bede9a2f8de3b8933c557be8a2318c70cfbf9b39765857c855e62f234619d282a2a9df4d48f3

Download Submit
C:\Windows\system\lSiYBtB.exe

Filesize
6.0MB

MD5
b3cb029d1e23555dade1d50de7bdec77

SHA1
6b1412ce8ba2224d6f66554e1772b012d843799e

SHA256
e3e89242bb990b2ad58e22b0b661064b2db5ef0b7cc899e4c944f6c305027a74

SHA512
75991cb467c5f0eddcc0b10f21a8769bb2c58962763b343ce939f784c17bcd323341868216982f93d38aa9473a8d10d130c6d5ec3d6893b23d14dacc84e09727

Download Submit
C:\Windows\system\oDfWrwj.exe

Filesize
6.0MB

MD5
c2486031e64fd48ec35aaba7f61f66d4

SHA1
0094c4ccadbf3a482591daf0fd1c9cbbf5639dd9

SHA256
f9a1ab36056f29ef30b2989d8329c63a676cd571def185f5fa6696deb5483c8e

SHA512
0a6f7d1392b3abeeeb1dcb24605a0c11eb157a891521a65bdc06c85a616201a7a4e4591400f8856c3b1cba6cd8cbbde316ab1402307424b79edd9b4e9f43ad6b

Download Submit
C:\Windows\system\osIAveb.exe

Filesize
6.0MB

MD5
3274a57bb1e78f1a789a3145f7ef06fb

SHA1
eab74e5afc2f0654c34c534ec7653eafec24ebe8

SHA256
87dc9d3b2aa7af300e59f3243fce79d175437396893a8574a0b8e407be84cde7

SHA512
5ec8856e4ecf8c3ad81bfd6767f934edd5541421801b02c6e14e6a243c9c81d6e6f939e17b930b957c27b15e0421eeb8dbeab0eafdf124f5d913526c01eee373

Download Submit
C:\Windows\system\pnnykPm.exe

Filesize
6.0MB

MD5
a512a86cd31045035afd63d6bca6463e

SHA1
b4a093487b8202ebbd08edc3dd0218383615728f

SHA256
4d2e74e196bb678ed7c2f6123dcd729e2fe964af3a048595cb1940184387ce97

SHA512
614b3b5db856cc27523c5ab82ed03254a34ae2fb4c9bb3da7f8e0a62b26a03abfc12e258485e4c2e441036048d332c35f962f69af9ec2da61cf62317da622563

Download Submit
C:\Windows\system\qoaYUdc.exe

Filesize
6.0MB

MD5
741bb3b0070529f6361a3bf557bf9adc

SHA1
c04e23f5c82eb7ba9ec437399db33b25b0aa98af

SHA256
c2462f37957e0233ba66dcb12795d0f859799cb0c0fd4832f1c403f0b0fb01f8

SHA512
856fb5ea8d93c838e7aa0a426babdf3d3f5e25adc819cc99bce755e7ab7415daafaa894f023b7cdd8721a583c95819e2404fcb70387bfa90346768ae1f10733c

Download Submit
C:\Windows\system\sOfIiCU.exe

Filesize
6.0MB

MD5
517228edcd02583ac1e0d18a2c313b00

SHA1
5e7c6dff13e52bfb76509e540710360eebb928ff

SHA256
792e0e5aeee55b96fcf482e74c30ba73d258b011ff4de56b2883e378f716682e

SHA512
857f1cf1cef7a5fbfe831cbdab6084d3d4cb452607fcfdc4d81168184fb4d226e900dcd36cce54897c385ec574ba1165166bfbfeaa898ea9a33d2d38436ab002

Download Submit
C:\Windows\system\tIGkgHd.exe

Filesize
6.0MB

MD5
5cf7736db9628473babba1fac8752e6a

SHA1
3ccd06d894770bbbf8d024cb97606934daad642b

SHA256
8e2875b7278473da5664dd3c99ff4e3c961824b73abfff292de7ff78a51aa41c

SHA512
4d2fc1b6be9d90de802483ed933705c376019fb15533dc5b3ee7b7b3a6eb3bee05190e7676e05a676e0110e5cbcc21239905ada0c7a5bddc040b3f2338396370

Download Submit
\Windows\system\DUvsNVx.exe

Filesize
6.0MB

MD5
334f429707b99544265a8c9ace11cb25

SHA1
9974099c1615223565b07f673fec0779abddc8db

SHA256
f712fe0e8ee178d6eff8eacc4b0df9d15855fccee8cabebb14fa4738da0b075a

SHA512
b3162e937885b8cbc91f5ccd8dc57540746a044a9dd1238e453638737c9660e24f3af498f3dafa6d899fbc602b6e8ba9cefed8d10bae38bed13c2b206f9aebc8

Download Submit
\Windows\system\EKvsiMk.exe

Filesize
6.0MB

MD5
822bfc6d6ee0068b1268d6fd99805460

SHA1
00644351129bc74b6a4a09368963f0ecf290fbba

SHA256
d0e762815d379c55155f6cf009faafd98c3a1691de6bc17980ad5124e831686a

SHA512
77404b33b3b80eaf3def1be6201257b21019e68431a4304521e22619c98e302242ad8b1f4581b46dd56cb152e7e8b057bd79bf7d8928862a6685f8af8f38de13

Download Submit
\Windows\system\FNoNIWO.exe

Filesize
6.0MB

MD5
5fb337cd64d0b923f983dc0d2973633d

SHA1
90e918032af80a2055b3e246fd55550ce576b27f

SHA256
8195aa2399e30e68a013cd7963459985eccbcd313af10d3edd3c824cfb5b67a9

SHA512
9e672cb83958527ed4ff644422800344031e7447e648658e562cc4035df33e3ba9aef218b688bc973e09d3d4d3187400d3c53966d318d4b550dceb5284ae7084

Download Submit
\Windows\system\INiGblU.exe

Filesize
6.0MB

MD5
31b405ae92071381b1ed35ef8053acec

SHA1
d864144116622ffbc8e63d71993338741065b597

SHA256
ca28a9d4cbac4225d39940dc36a58a2da48a2c057225a86e068bb5dc97c9968a

SHA512
e1f4157c48f123db6d12c2b8c27ce5d0caca21d827bdc8b95c1c53d79343caba3538fec6ac215a9a7cd0d9dac9711f9347423762b4f3d51d6b7c501ae67124e9

Download Submit
\Windows\system\MwSIlSV.exe

Filesize
6.0MB

MD5
9ac85f04a0d826815eda22282868b16a

SHA1
9e29bfac6965a9390df91a9745ccf0aaa14272a4

SHA256
e840ad298e2a848f44f958bc96ab3f07deca05fb3813443bdfdf3c7cd3799de8

SHA512
8a7fab85db4b73cb5ad0636ec5f790313739614c2a91ede2db210082f63870f8f8c9b82a052d870ef272bd046dae59fa0e6b8f1d5353220266a7b9dbe39e87cb

Download Submit
\Windows\system\RDaHqRi.exe

Filesize
6.0MB

MD5
e8a2d1c83c9748fb400cc6335eb4dbf9

SHA1
458cfc2ff56e92283a7d98c81bee40817f2b4a27

SHA256
db4965c10bed4e53403f58e9abf008b0da097e36c25b90671c5f7ea4e42cc930

SHA512
7f52f81a786e0a4db0291800b88d2d8963d7a9784f809e0df25cdb03d3d107aff5cfc2b9151f9011e4f355ef73cdc3b3203d00f36f12371f60c958f4d850541b

Download Submit
\Windows\system\RUZcbnH.exe

Filesize
6.0MB

MD5
416b2ad3a40396e9979e296ca6127a4c

SHA1
3b30488c1806e7b73e8879fe6814711d9c734c0f

SHA256
73f8a3483b29e471423d10294921a5cccc794ce2ed00423c1315006aeb10a7d3

SHA512
6d4cc9c153861d7cc74f1592501a22393ff9f4d3d3c57b104a424c8d2c0de377b8739adb60adb8909b3e02f318843c881b9515a573853a5ee4fd472cb54e0923

Download Submit
\Windows\system\UWlYtqp.exe

Filesize
6.0MB

MD5
ed32d05b0480cbdc602523a1a5cdee22

SHA1
6cdfe6c4813ae9ebb0bd420e75d69a7b346316b3

SHA256
51b855d7221b9324e092eb45db38a3c27dcc2e7c2f42a44ea11128787898feab

SHA512
372fffddfe501a98790608e10931fdcb1f987221c8d62db004edcea85647ffb7920d579a9246b8400ef2c6ce1c6dc3b916dc8ab6d9645758250d1717ed792614

Download Submit
\Windows\system\monPQxw.exe

Filesize
6.0MB

MD5
2c906034193b87c55741e33e4544cb02

SHA1
a41f0381d35e273e79e5677b43d02fe2e6741a17

SHA256
bf079b3518ae83bf7fd208c7f7beb326ce4f1a6ffde589a745a3e356fa3f787a

SHA512
e1d5ae4cb3a2b8f0af3e43a43e71b7c865a8b315ac68aa2edd1fad78c69dec044dc3c374f28ed77e85930e9e5cdf096b0577fbe71348b94390c95e6fc3f27422

Download Submit
memory/1812-101-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1812-1080-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1812-3837-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-96-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2180-3801-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2300-26-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2300-3798-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2336-65-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-17-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-3789-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-95-0x0000000002550000-0x00000000028A4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-86-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2384-30-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2384-39-0x0000000002550000-0x00000000028A4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-47-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2384-0-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-79-0x0000000002550000-0x00000000028A4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-108-0x0000000002550000-0x00000000028A4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-8-0x0000000002550000-0x00000000028A4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-71-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2384-117-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2384-64-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-23-0x0000000002550000-0x00000000028A4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-365-0x0000000002550000-0x00000000028A4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-25-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2384-34-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-44-0x0000000002550000-0x00000000028A4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1530-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2384-816-0x0000000002550000-0x00000000028A4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3783-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-13-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-3777-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2632-80-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2668-72-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3787-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-112-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3800-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2724-57-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3778-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-45-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-66-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3806-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2820-81-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-50-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3797-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3788-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2828-56-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2828-94-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3786-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2904-88-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2904-51-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/3068-554-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/3068-87-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3838-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download