cobaltstrike | a01848c6bd2b3dfe189408f99f1f3247f25d9593b667c0886b7d8b57d7c98f5a

Analysis

max time kernel
150s
max time network
127s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a7150a41daefbef12624e8c65e7dee85
SHA1

41979266a1ec538da17219624807518e90153f67
SHA256

a01848c6bd2b3dfe189408f99f1f3247f25d9593b667c0886b7d8b57d7c98f5a
SHA512

22b0abaed6302ccf1ca04e45b8e078acce6fed138406924ff71199b156186b83dd8d900d4b71ac5e5d9bd5be3728f7fd01e11e35428b7e245088beca8a97fe0a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUI:T+q56utgpPF8u/7I

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001225c-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019394-11.dat	cobalt_reflective_dll
behavioral1/files/0x002f000000018bd7-38.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019480-33.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019470-28.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019489-42.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195b3-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a475-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a473-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a404-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-73.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001948c-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019490-56.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b8-10.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2004-0-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x000a00000001225c-6.dat	xmrig
behavioral1/files/0x0008000000019394-11.dat	xmrig
behavioral1/memory/2016-37-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x002f000000018bd7-38.dat	xmrig
behavioral1/memory/3068-29-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019480-33.dat	xmrig
behavioral1/files/0x0006000000019470-28.dat	xmrig
behavioral1/memory/2872-26-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2140-25-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/3020-23-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019489-42.dat	xmrig
behavioral1/memory/804-60-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x00070000000195b3-75.dat	xmrig
behavioral1/memory/1472-96-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2316-97-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3ab-95.dat	xmrig
behavioral1/files/0x000500000001a3f6-100.dat	xmrig
behavioral1/files/0x000500000001a400-113.dat	xmrig
behavioral1/files/0x000500000001a457-133.dat	xmrig
behavioral1/memory/2004-238-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2316-550-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/1472-549-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2560-403-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/files/0x000500000001a475-170.dat	xmrig
behavioral1/files/0x000500000001a473-165.dat	xmrig
behavioral1/files/0x000500000001a471-162.dat	xmrig
behavioral1/files/0x000500000001a46f-157.dat	xmrig
behavioral1/files/0x000500000001a46d-154.dat	xmrig
behavioral1/files/0x000500000001a46b-149.dat	xmrig
behavioral1/files/0x000500000001a469-146.dat	xmrig
behavioral1/files/0x000500000001a463-141.dat	xmrig
behavioral1/files/0x000500000001a459-137.dat	xmrig
behavioral1/files/0x000500000001a44f-129.dat	xmrig
behavioral1/files/0x000500000001a44d-126.dat	xmrig
behavioral1/files/0x000500000001a438-121.dat	xmrig
behavioral1/files/0x000500000001a404-117.dat	xmrig
behavioral1/files/0x000500000001a3fd-109.dat	xmrig
behavioral1/files/0x000500000001a3f8-105.dat	xmrig
behavioral1/files/0x000500000001a0b6-94.dat	xmrig
behavioral1/memory/2004-93-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/2560-92-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2492-80-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2004-69-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2840-68-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2004-66-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x000500000001a309-86.dat	xmrig
behavioral1/memory/3068-85-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/1804-77-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x000500000001a049-73.dat	xmrig
behavioral1/files/0x000800000001948c-45.dat	xmrig
behavioral1/memory/2792-59-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2788-58-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019490-56.dat	xmrig
behavioral1/files/0x00070000000193b8-10.dat	xmrig
behavioral1/memory/3020-1353-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2872-1352-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2140-1360-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2016-1625-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2788-1627-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2792-1626-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/804-1629-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2560-1636-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/3068-1628-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2872	SACJvdr.exe
3020	dbfnOha.exe
2140	JABsNno.exe
3068	rMiUdks.exe
2016	RGCUSFb.exe
2788	CQjPvxv.exe
2792	rrFwaaG.exe
804	hGPGrHE.exe
2840	BHwbKDF.exe
1804	VuAtjOx.exe
2492	UeeybDl.exe
2560	OvYgZjT.exe
1472	lxlIsvA.exe
2316	IxtbxcU.exe
2420	KdcStOV.exe
1124	WDeOUZm.exe
2344	xxalUWF.exe
2348	kfvamdt.exe
884	NPjnyAS.exe
1240	LDjMIBI.exe
2612	MpCvTIE.exe
2508	kestwnt.exe
944	XhtLgrN.exe
2604	WyErszg.exe
2028	hczwYxz.exe
2112	DxGmnEv.exe
2180	IUnbMBY.exe
2496	vePYVPV.exe
2176	sdhlueh.exe
2168	cJPXgpG.exe
1712	qJJkjGr.exe
3000	GCTNiHa.exe
900	yuxADIa.exe
2568	ciPJGxz.exe
2076	SJXGJDp.exe
956	BcitGkr.exe
2072	JXkrLzD.exe
2440	xndWfXD.exe
1604	mvpsOfi.exe
908	CsSEWqc.exe
1952	DLTkqZC.exe
1576	XeUfJyt.exe
1512	adRGSeM.exe
1080	xRgwAuy.exe
2052	hcCkTCE.exe
2732	cdVNEoS.exe
1656	GVFJJkB.exe
1568	NBynsts.exe
1676	JQgfDxA.exe
2720	CwPDsWP.exe
2060	rnPCBqZ.exe
1760	ClcFQMR.exe
576	nnvopsV.exe
868	qvTxwre.exe
2944	IEPJyuF.exe
484	TCuMpag.exe
1504	ahktZxf.exe
1660	fQwLqUn.exe
2584	TLensfD.exe
872	KwUELlB.exe
2116	DhLoHek.exe
1260	DECqrKG.exe
1720	SlVlCKj.exe
3032	riUiuSn.exe

Loads dropped DLL 64 IoCs

pid	Process
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2004-0-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x000a00000001225c-6.dat	upx
behavioral1/files/0x0008000000019394-11.dat	upx
behavioral1/memory/2016-37-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x002f000000018bd7-38.dat	upx
behavioral1/memory/3068-29-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x0006000000019480-33.dat	upx
behavioral1/files/0x0006000000019470-28.dat	upx
behavioral1/memory/2872-26-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2140-25-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/3020-23-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x0006000000019489-42.dat	upx
behavioral1/memory/804-60-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x00070000000195b3-75.dat	upx
behavioral1/memory/1472-96-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2316-97-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x000500000001a3ab-95.dat	upx
behavioral1/files/0x000500000001a3f6-100.dat	upx
behavioral1/files/0x000500000001a400-113.dat	upx
behavioral1/files/0x000500000001a457-133.dat	upx
behavioral1/memory/2316-550-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/1472-549-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2560-403-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/files/0x000500000001a475-170.dat	upx
behavioral1/files/0x000500000001a473-165.dat	upx
behavioral1/files/0x000500000001a471-162.dat	upx
behavioral1/files/0x000500000001a46f-157.dat	upx
behavioral1/files/0x000500000001a46d-154.dat	upx
behavioral1/files/0x000500000001a46b-149.dat	upx
behavioral1/files/0x000500000001a469-146.dat	upx
behavioral1/files/0x000500000001a463-141.dat	upx
behavioral1/files/0x000500000001a459-137.dat	upx
behavioral1/files/0x000500000001a44f-129.dat	upx
behavioral1/files/0x000500000001a44d-126.dat	upx
behavioral1/files/0x000500000001a438-121.dat	upx
behavioral1/files/0x000500000001a404-117.dat	upx
behavioral1/files/0x000500000001a3fd-109.dat	upx
behavioral1/files/0x000500000001a3f8-105.dat	upx
behavioral1/files/0x000500000001a0b6-94.dat	upx
behavioral1/memory/2560-92-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2492-80-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2840-68-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2004-66-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x000500000001a309-86.dat	upx
behavioral1/memory/3068-85-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/1804-77-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x000500000001a049-73.dat	upx
behavioral1/files/0x000800000001948c-45.dat	upx
behavioral1/memory/2792-59-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2788-58-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/files/0x0007000000019490-56.dat	upx
behavioral1/files/0x00070000000193b8-10.dat	upx
behavioral1/memory/3020-1353-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2872-1352-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2140-1360-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/2016-1625-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2788-1627-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2792-1626-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/804-1629-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2560-1636-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/3068-1628-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2840-1701-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/1804-1666-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2492-1744-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\aGnlXyX.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\moQwDnR.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tpMoBBy.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kvKnIDu.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qAaHvpC.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fVRrBLo.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZSSMpx.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GJbpNWO.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kisMOJB.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HAhehXZ.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHUKsrU.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKsddvw.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VIJnfIr.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\edtKRGX.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChZaCtm.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nOGfQTK.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHZIfzg.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IyVhVKx.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YVTOhoR.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dUtbYTu.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UhjQiIg.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjqeiKG.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AEcNhRN.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMYRfea.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\keyUeyq.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWsfEyV.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iaAnpIn.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BeOueFU.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YQEDZZY.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mBsInPe.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xEUGlHt.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zWStZdH.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxtSOaM.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tIycGgs.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SHlPLXM.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMPSJKI.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEPJyuF.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sBRiyvJ.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kQmeUie.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FuVqPys.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NSHBSdt.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xRIqhGe.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sYoZHPF.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwGSpEY.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\REIZlUF.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RVdmOPE.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\izdFLnh.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KdcStOV.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MmgcFum.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WvKXepS.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LDLrmak.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\voEKEwF.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\juExsoe.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rthJkvD.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HXhzPaT.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCIvROI.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kestwnt.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBynsts.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\grOPPBD.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJSbQOf.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WazbUdU.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPRDVVK.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GVFJJkB.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXLtvxu.exe	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2872	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2004 wrote to memory of 2872	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2004 wrote to memory of 2872	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2004 wrote to memory of 3020	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2004 wrote to memory of 3020	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2004 wrote to memory of 3020	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2004 wrote to memory of 2140	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2004 wrote to memory of 2140	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2004 wrote to memory of 2140	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2004 wrote to memory of 3068	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2004 wrote to memory of 3068	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2004 wrote to memory of 3068	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2004 wrote to memory of 2016	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2004 wrote to memory of 2016	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2004 wrote to memory of 2016	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2004 wrote to memory of 2792	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2004 wrote to memory of 2792	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2004 wrote to memory of 2792	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2004 wrote to memory of 2788	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2004 wrote to memory of 2788	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2004 wrote to memory of 2788	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2004 wrote to memory of 2840	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2004 wrote to memory of 2840	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2004 wrote to memory of 2840	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2004 wrote to memory of 804	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2004 wrote to memory of 804	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2004 wrote to memory of 804	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2004 wrote to memory of 2492	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2004 wrote to memory of 2492	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2004 wrote to memory of 2492	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2004 wrote to memory of 1804	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2004 wrote to memory of 1804	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2004 wrote to memory of 1804	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2004 wrote to memory of 1472	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2004 wrote to memory of 1472	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2004 wrote to memory of 1472	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2004 wrote to memory of 2560	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2004 wrote to memory of 2560	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2004 wrote to memory of 2560	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2004 wrote to memory of 2316	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2004 wrote to memory of 2316	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2004 wrote to memory of 2316	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2004 wrote to memory of 2420	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2004 wrote to memory of 2420	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2004 wrote to memory of 2420	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2004 wrote to memory of 1124	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2004 wrote to memory of 1124	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2004 wrote to memory of 1124	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2004 wrote to memory of 2344	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2004 wrote to memory of 2344	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2004 wrote to memory of 2344	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2004 wrote to memory of 2348	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2004 wrote to memory of 2348	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2004 wrote to memory of 2348	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2004 wrote to memory of 884	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2004 wrote to memory of 884	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2004 wrote to memory of 884	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2004 wrote to memory of 1240	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2004 wrote to memory of 1240	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2004 wrote to memory of 1240	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2004 wrote to memory of 2612	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2004 wrote to memory of 2612	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2004 wrote to memory of 2612	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2004 wrote to memory of 2508	2004	2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_a7150a41daefbef12624e8c65e7dee85_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\System\SACJvdr.exe
  C:\Windows\System\SACJvdr.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\dbfnOha.exe
  C:\Windows\System\dbfnOha.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\JABsNno.exe
  C:\Windows\System\JABsNno.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\rMiUdks.exe
  C:\Windows\System\rMiUdks.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\RGCUSFb.exe
  C:\Windows\System\RGCUSFb.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\rrFwaaG.exe
  C:\Windows\System\rrFwaaG.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\CQjPvxv.exe
  C:\Windows\System\CQjPvxv.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\BHwbKDF.exe
  C:\Windows\System\BHwbKDF.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\hGPGrHE.exe
  C:\Windows\System\hGPGrHE.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\UeeybDl.exe
  C:\Windows\System\UeeybDl.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\VuAtjOx.exe
  C:\Windows\System\VuAtjOx.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\lxlIsvA.exe
  C:\Windows\System\lxlIsvA.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\OvYgZjT.exe
  C:\Windows\System\OvYgZjT.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\IxtbxcU.exe
  C:\Windows\System\IxtbxcU.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\KdcStOV.exe
  C:\Windows\System\KdcStOV.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\WDeOUZm.exe
  C:\Windows\System\WDeOUZm.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\xxalUWF.exe
  C:\Windows\System\xxalUWF.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\kfvamdt.exe
  C:\Windows\System\kfvamdt.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\NPjnyAS.exe
  C:\Windows\System\NPjnyAS.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\LDjMIBI.exe
  C:\Windows\System\LDjMIBI.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\MpCvTIE.exe
  C:\Windows\System\MpCvTIE.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\kestwnt.exe
  C:\Windows\System\kestwnt.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\XhtLgrN.exe
  C:\Windows\System\XhtLgrN.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\WyErszg.exe
  C:\Windows\System\WyErszg.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\hczwYxz.exe
  C:\Windows\System\hczwYxz.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\DxGmnEv.exe
  C:\Windows\System\DxGmnEv.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\IUnbMBY.exe
  C:\Windows\System\IUnbMBY.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\vePYVPV.exe
  C:\Windows\System\vePYVPV.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\sdhlueh.exe
  C:\Windows\System\sdhlueh.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\cJPXgpG.exe
  C:\Windows\System\cJPXgpG.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\qJJkjGr.exe
  C:\Windows\System\qJJkjGr.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\GCTNiHa.exe
  C:\Windows\System\GCTNiHa.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\yuxADIa.exe
  C:\Windows\System\yuxADIa.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\ciPJGxz.exe
  C:\Windows\System\ciPJGxz.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\SJXGJDp.exe
  C:\Windows\System\SJXGJDp.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\BcitGkr.exe
  C:\Windows\System\BcitGkr.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\JXkrLzD.exe
  C:\Windows\System\JXkrLzD.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\xndWfXD.exe
  C:\Windows\System\xndWfXD.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\mvpsOfi.exe
  C:\Windows\System\mvpsOfi.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\CsSEWqc.exe
  C:\Windows\System\CsSEWqc.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\DLTkqZC.exe
  C:\Windows\System\DLTkqZC.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\XeUfJyt.exe
  C:\Windows\System\XeUfJyt.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\adRGSeM.exe
  C:\Windows\System\adRGSeM.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\xRgwAuy.exe
  C:\Windows\System\xRgwAuy.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\hcCkTCE.exe
  C:\Windows\System\hcCkTCE.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\cdVNEoS.exe
  C:\Windows\System\cdVNEoS.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\GVFJJkB.exe
  C:\Windows\System\GVFJJkB.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\NBynsts.exe
  C:\Windows\System\NBynsts.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\JQgfDxA.exe
  C:\Windows\System\JQgfDxA.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\CwPDsWP.exe
  C:\Windows\System\CwPDsWP.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\rnPCBqZ.exe
  C:\Windows\System\rnPCBqZ.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\ClcFQMR.exe
  C:\Windows\System\ClcFQMR.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\nnvopsV.exe
  C:\Windows\System\nnvopsV.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\qvTxwre.exe
  C:\Windows\System\qvTxwre.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\IEPJyuF.exe
  C:\Windows\System\IEPJyuF.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\TCuMpag.exe
  C:\Windows\System\TCuMpag.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\ahktZxf.exe
  C:\Windows\System\ahktZxf.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\fQwLqUn.exe
  C:\Windows\System\fQwLqUn.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\TLensfD.exe
  C:\Windows\System\TLensfD.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\KwUELlB.exe
  C:\Windows\System\KwUELlB.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\DhLoHek.exe
  C:\Windows\System\DhLoHek.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\DECqrKG.exe
  C:\Windows\System\DECqrKG.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\SlVlCKj.exe
  C:\Windows\System\SlVlCKj.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\TsLnomF.exe
  C:\Windows\System\TsLnomF.exe
  2⤵
  PID:1632
- C:\Windows\System\riUiuSn.exe
  C:\Windows\System\riUiuSn.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\SHALjjv.exe
  C:\Windows\System\SHALjjv.exe
  2⤵
  PID:2904
- C:\Windows\System\jnAchdm.exe
  C:\Windows\System\jnAchdm.exe
  2⤵
  PID:2096
- C:\Windows\System\XSGByBs.exe
  C:\Windows\System\XSGByBs.exe
  2⤵
  PID:2940
- C:\Windows\System\cymOAHm.exe
  C:\Windows\System\cymOAHm.exe
  2⤵
  PID:2824
- C:\Windows\System\wJMXvzk.exe
  C:\Windows\System\wJMXvzk.exe
  2⤵
  PID:928
- C:\Windows\System\XLBfWWt.exe
  C:\Windows\System\XLBfWWt.exe
  2⤵
  PID:2820
- C:\Windows\System\VuPfBxM.exe
  C:\Windows\System\VuPfBxM.exe
  2⤵
  PID:1620
- C:\Windows\System\fWjialj.exe
  C:\Windows\System\fWjialj.exe
  2⤵
  PID:1992
- C:\Windows\System\NGRlrEi.exe
  C:\Windows\System\NGRlrEi.exe
  2⤵
  PID:2472
- C:\Windows\System\LKWZZIf.exe
  C:\Windows\System\LKWZZIf.exe
  2⤵
  PID:1064
- C:\Windows\System\RnyBnif.exe
  C:\Windows\System\RnyBnif.exe
  2⤵
  PID:1112
- C:\Windows\System\MEGesgR.exe
  C:\Windows\System\MEGesgR.exe
  2⤵
  PID:784
- C:\Windows\System\FUEbgcv.exe
  C:\Windows\System\FUEbgcv.exe
  2⤵
  PID:2528
- C:\Windows\System\OkaQSNE.exe
  C:\Windows\System\OkaQSNE.exe
  2⤵
  PID:2868
- C:\Windows\System\vCCYXxi.exe
  C:\Windows\System\vCCYXxi.exe
  2⤵
  PID:2576
- C:\Windows\System\YaEaHbr.exe
  C:\Windows\System\YaEaHbr.exe
  2⤵
  PID:1836
- C:\Windows\System\tlaCajX.exe
  C:\Windows\System\tlaCajX.exe
  2⤵
  PID:1600
- C:\Windows\System\abbaHwm.exe
  C:\Windows\System\abbaHwm.exe
  2⤵
  PID:2876
- C:\Windows\System\vKpHabJ.exe
  C:\Windows\System\vKpHabJ.exe
  2⤵
  PID:3080
- C:\Windows\System\rEbFKwb.exe
  C:\Windows\System\rEbFKwb.exe
  2⤵
  PID:3104
- C:\Windows\System\zvKbxby.exe
  C:\Windows\System\zvKbxby.exe
  2⤵
  PID:3120
- C:\Windows\System\bFEsEUf.exe
  C:\Windows\System\bFEsEUf.exe
  2⤵
  PID:3140
- C:\Windows\System\mwOYdgd.exe
  C:\Windows\System\mwOYdgd.exe
  2⤵
  PID:3164
- C:\Windows\System\aDjAlTp.exe
  C:\Windows\System\aDjAlTp.exe
  2⤵
  PID:3184
- C:\Windows\System\FlSmHFy.exe
  C:\Windows\System\FlSmHFy.exe
  2⤵
  PID:3204
- C:\Windows\System\TNYliML.exe
  C:\Windows\System\TNYliML.exe
  2⤵
  PID:3224
- C:\Windows\System\SUirlmA.exe
  C:\Windows\System\SUirlmA.exe
  2⤵
  PID:3244
- C:\Windows\System\qdxEwDo.exe
  C:\Windows\System\qdxEwDo.exe
  2⤵
  PID:3264
- C:\Windows\System\jHLgdRq.exe
  C:\Windows\System\jHLgdRq.exe
  2⤵
  PID:3284
- C:\Windows\System\PTzVggA.exe
  C:\Windows\System\PTzVggA.exe
  2⤵
  PID:3304
- C:\Windows\System\OLULjOL.exe
  C:\Windows\System\OLULjOL.exe
  2⤵
  PID:3324
- C:\Windows\System\FnxmYSd.exe
  C:\Windows\System\FnxmYSd.exe
  2⤵
  PID:3344
- C:\Windows\System\PaHEWtP.exe
  C:\Windows\System\PaHEWtP.exe
  2⤵
  PID:3364
- C:\Windows\System\vkqtkfj.exe
  C:\Windows\System\vkqtkfj.exe
  2⤵
  PID:3380
- C:\Windows\System\CqNMNpr.exe
  C:\Windows\System\CqNMNpr.exe
  2⤵
  PID:3400
- C:\Windows\System\ZytXeAM.exe
  C:\Windows\System\ZytXeAM.exe
  2⤵
  PID:3420
- C:\Windows\System\sQRqmIA.exe
  C:\Windows\System\sQRqmIA.exe
  2⤵
  PID:3444
- C:\Windows\System\LsfUhCc.exe
  C:\Windows\System\LsfUhCc.exe
  2⤵
  PID:3460
- C:\Windows\System\wrYTskn.exe
  C:\Windows\System\wrYTskn.exe
  2⤵
  PID:3484
- C:\Windows\System\YczHyZO.exe
  C:\Windows\System\YczHyZO.exe
  2⤵
  PID:3504
- C:\Windows\System\oUxzTOM.exe
  C:\Windows\System\oUxzTOM.exe
  2⤵
  PID:3524
- C:\Windows\System\VFQbiUs.exe
  C:\Windows\System\VFQbiUs.exe
  2⤵
  PID:3544
- C:\Windows\System\phClpre.exe
  C:\Windows\System\phClpre.exe
  2⤵
  PID:3568
- C:\Windows\System\xRTwSgK.exe
  C:\Windows\System\xRTwSgK.exe
  2⤵
  PID:3596
- C:\Windows\System\MWsJYCz.exe
  C:\Windows\System\MWsJYCz.exe
  2⤵
  PID:3616
- C:\Windows\System\EMVMFDm.exe
  C:\Windows\System\EMVMFDm.exe
  2⤵
  PID:3636
- C:\Windows\System\eyPaJYi.exe
  C:\Windows\System\eyPaJYi.exe
  2⤵
  PID:3656
- C:\Windows\System\SAoVhSx.exe
  C:\Windows\System\SAoVhSx.exe
  2⤵
  PID:3676
- C:\Windows\System\lHZakdJ.exe
  C:\Windows\System\lHZakdJ.exe
  2⤵
  PID:3696
- C:\Windows\System\qTOjVfi.exe
  C:\Windows\System\qTOjVfi.exe
  2⤵
  PID:3712
- C:\Windows\System\bjgetmp.exe
  C:\Windows\System\bjgetmp.exe
  2⤵
  PID:3736
- C:\Windows\System\PwCvOAn.exe
  C:\Windows\System\PwCvOAn.exe
  2⤵
  PID:3752
- C:\Windows\System\LejVXDp.exe
  C:\Windows\System\LejVXDp.exe
  2⤵
  PID:3776
- C:\Windows\System\AgqTfyz.exe
  C:\Windows\System\AgqTfyz.exe
  2⤵
  PID:3796
- C:\Windows\System\VkbQzNB.exe
  C:\Windows\System\VkbQzNB.exe
  2⤵
  PID:3816
- C:\Windows\System\iKplmiD.exe
  C:\Windows\System\iKplmiD.exe
  2⤵
  PID:3832
- C:\Windows\System\Zjscchc.exe
  C:\Windows\System\Zjscchc.exe
  2⤵
  PID:3856
- C:\Windows\System\Lmpawpc.exe
  C:\Windows\System\Lmpawpc.exe
  2⤵
  PID:3872
- C:\Windows\System\kjjOYTx.exe
  C:\Windows\System\kjjOYTx.exe
  2⤵
  PID:3896
- C:\Windows\System\rxSFZAz.exe
  C:\Windows\System\rxSFZAz.exe
  2⤵
  PID:3916
- C:\Windows\System\nXGTIpm.exe
  C:\Windows\System\nXGTIpm.exe
  2⤵
  PID:3936
- C:\Windows\System\xCkEClP.exe
  C:\Windows\System\xCkEClP.exe
  2⤵
  PID:3960
- C:\Windows\System\sDFGHfQ.exe
  C:\Windows\System\sDFGHfQ.exe
  2⤵
  PID:3976
- C:\Windows\System\AHeKatc.exe
  C:\Windows\System\AHeKatc.exe
  2⤵
  PID:4004
- C:\Windows\System\frXMLMk.exe
  C:\Windows\System\frXMLMk.exe
  2⤵
  PID:4024
- C:\Windows\System\DHmdVan.exe
  C:\Windows\System\DHmdVan.exe
  2⤵
  PID:4044
- C:\Windows\System\yzWuHjr.exe
  C:\Windows\System\yzWuHjr.exe
  2⤵
  PID:4064
- C:\Windows\System\pLwiNXp.exe
  C:\Windows\System\pLwiNXp.exe
  2⤵
  PID:4084
- C:\Windows\System\xVOdkkw.exe
  C:\Windows\System\xVOdkkw.exe
  2⤵
  PID:1524
- C:\Windows\System\fVDfHvh.exe
  C:\Windows\System\fVDfHvh.exe
  2⤵
  PID:1920
- C:\Windows\System\BJsRXhE.exe
  C:\Windows\System\BJsRXhE.exe
  2⤵
  PID:1608
- C:\Windows\System\gRnkigc.exe
  C:\Windows\System\gRnkigc.exe
  2⤵
  PID:2224
- C:\Windows\System\nSHNKIr.exe
  C:\Windows\System\nSHNKIr.exe
  2⤵
  PID:2240
- C:\Windows\System\SgiTzdk.exe
  C:\Windows\System\SgiTzdk.exe
  2⤵
  PID:1168
- C:\Windows\System\IPEigWV.exe
  C:\Windows\System\IPEigWV.exe
  2⤵
  PID:688
- C:\Windows\System\XdJCSXP.exe
  C:\Windows\System\XdJCSXP.exe
  2⤵
  PID:2012
- C:\Windows\System\VagvoAh.exe
  C:\Windows\System\VagvoAh.exe
  2⤵
  PID:2400
- C:\Windows\System\UvkcghV.exe
  C:\Windows\System\UvkcghV.exe
  2⤵
  PID:1988
- C:\Windows\System\ZVzZGDD.exe
  C:\Windows\System\ZVzZGDD.exe
  2⤵
  PID:2624
- C:\Windows\System\DOOmEdf.exe
  C:\Windows\System\DOOmEdf.exe
  2⤵
  PID:1840
- C:\Windows\System\PRUkJcE.exe
  C:\Windows\System\PRUkJcE.exe
  2⤵
  PID:876
- C:\Windows\System\AsJenKf.exe
  C:\Windows\System\AsJenKf.exe
  2⤵
  PID:2252
- C:\Windows\System\uwDqCRR.exe
  C:\Windows\System\uwDqCRR.exe
  2⤵
  PID:2324
- C:\Windows\System\XDTgxvf.exe
  C:\Windows\System\XDTgxvf.exe
  2⤵
  PID:2212
- C:\Windows\System\ReZlHnc.exe
  C:\Windows\System\ReZlHnc.exe
  2⤵
  PID:2248
- C:\Windows\System\GinFeKS.exe
  C:\Windows\System\GinFeKS.exe
  2⤵
  PID:2784
- C:\Windows\System\zGVmiMl.exe
  C:\Windows\System\zGVmiMl.exe
  2⤵
  PID:3076
- C:\Windows\System\iaIQuyN.exe
  C:\Windows\System\iaIQuyN.exe
  2⤵
  PID:1932
- C:\Windows\System\AiToWWp.exe
  C:\Windows\System\AiToWWp.exe
  2⤵
  PID:1888
- C:\Windows\System\jjAwUmH.exe
  C:\Windows\System\jjAwUmH.exe
  2⤵
  PID:3148
- C:\Windows\System\kooFrGw.exe
  C:\Windows\System\kooFrGw.exe
  2⤵
  PID:3200
- C:\Windows\System\mOfTlOE.exe
  C:\Windows\System\mOfTlOE.exe
  2⤵
  PID:3236
- C:\Windows\System\WwjtCxb.exe
  C:\Windows\System\WwjtCxb.exe
  2⤵
  PID:3172
- C:\Windows\System\EwVlLnQ.exe
  C:\Windows\System\EwVlLnQ.exe
  2⤵
  PID:3220
- C:\Windows\System\EELbbSQ.exe
  C:\Windows\System\EELbbSQ.exe
  2⤵
  PID:3360
- C:\Windows\System\TsFsrdS.exe
  C:\Windows\System\TsFsrdS.exe
  2⤵
  PID:3292
- C:\Windows\System\nCUISrQ.exe
  C:\Windows\System\nCUISrQ.exe
  2⤵
  PID:3336
- C:\Windows\System\qILlTBM.exe
  C:\Windows\System\qILlTBM.exe
  2⤵
  PID:3432
- C:\Windows\System\uCTTgHR.exe
  C:\Windows\System\uCTTgHR.exe
  2⤵
  PID:3376
- C:\Windows\System\fxYzMMe.exe
  C:\Windows\System\fxYzMMe.exe
  2⤵
  PID:3512
- C:\Windows\System\GIeeaKP.exe
  C:\Windows\System\GIeeaKP.exe
  2⤵
  PID:3552
- C:\Windows\System\DfxcSqh.exe
  C:\Windows\System\DfxcSqh.exe
  2⤵
  PID:3496
- C:\Windows\System\wLYkZyy.exe
  C:\Windows\System\wLYkZyy.exe
  2⤵
  PID:3604
- C:\Windows\System\lAvmSuQ.exe
  C:\Windows\System\lAvmSuQ.exe
  2⤵
  PID:3608
- C:\Windows\System\iTcDYJT.exe
  C:\Windows\System\iTcDYJT.exe
  2⤵
  PID:3648
- C:\Windows\System\EUlmVAv.exe
  C:\Windows\System\EUlmVAv.exe
  2⤵
  PID:3688
- C:\Windows\System\DTjCeJI.exe
  C:\Windows\System\DTjCeJI.exe
  2⤵
  PID:3728
- C:\Windows\System\HndKohw.exe
  C:\Windows\System\HndKohw.exe
  2⤵
  PID:3708
- C:\Windows\System\McrVxhK.exe
  C:\Windows\System\McrVxhK.exe
  2⤵
  PID:3808
- C:\Windows\System\AVFuZfa.exe
  C:\Windows\System\AVFuZfa.exe
  2⤵
  PID:3788
- C:\Windows\System\NcSARhq.exe
  C:\Windows\System\NcSARhq.exe
  2⤵
  PID:3852
- C:\Windows\System\SDsvoII.exe
  C:\Windows\System\SDsvoII.exe
  2⤵
  PID:3892
- C:\Windows\System\eHOaOXu.exe
  C:\Windows\System\eHOaOXu.exe
  2⤵
  PID:3932
- C:\Windows\System\LcHOcPz.exe
  C:\Windows\System\LcHOcPz.exe
  2⤵
  PID:3972
- C:\Windows\System\DUUrHJb.exe
  C:\Windows\System\DUUrHJb.exe
  2⤵
  PID:4020
- C:\Windows\System\vxDbqOk.exe
  C:\Windows\System\vxDbqOk.exe
  2⤵
  PID:3952
- C:\Windows\System\aoAdPcP.exe
  C:\Windows\System\aoAdPcP.exe
  2⤵
  PID:4060
- C:\Windows\System\OvVDVWI.exe
  C:\Windows\System\OvVDVWI.exe
  2⤵
  PID:4092
- C:\Windows\System\sfRxLip.exe
  C:\Windows\System\sfRxLip.exe
  2⤵
  PID:324
- C:\Windows\System\qKaJkns.exe
  C:\Windows\System\qKaJkns.exe
  2⤵
  PID:3052
- C:\Windows\System\xamqRop.exe
  C:\Windows\System\xamqRop.exe
  2⤵
  PID:836
- C:\Windows\System\cSVjbSC.exe
  C:\Windows\System\cSVjbSC.exe
  2⤵
  PID:1076
- C:\Windows\System\VIJnfIr.exe
  C:\Windows\System\VIJnfIr.exe
  2⤵
  PID:2416
- C:\Windows\System\NWrPdVS.exe
  C:\Windows\System\NWrPdVS.exe
  2⤵
  PID:2676
- C:\Windows\System\FKvoaQN.exe
  C:\Windows\System\FKvoaQN.exe
  2⤵
  PID:2388
- C:\Windows\System\rqIKzIi.exe
  C:\Windows\System\rqIKzIi.exe
  2⤵
  PID:968
- C:\Windows\System\KjpuRrX.exe
  C:\Windows\System\KjpuRrX.exe
  2⤵
  PID:2300
- C:\Windows\System\LyMibzo.exe
  C:\Windows\System\LyMibzo.exe
  2⤵
  PID:2744
- C:\Windows\System\ackvvos.exe
  C:\Windows\System\ackvvos.exe
  2⤵
  PID:2848
- C:\Windows\System\IXRJrip.exe
  C:\Windows\System\IXRJrip.exe
  2⤵
  PID:2556
- C:\Windows\System\crPGRZA.exe
  C:\Windows\System\crPGRZA.exe
  2⤵
  PID:3192
- C:\Windows\System\HwNjhmh.exe
  C:\Windows\System\HwNjhmh.exe
  2⤵
  PID:3272
- C:\Windows\System\cIlSbaq.exe
  C:\Windows\System\cIlSbaq.exe
  2⤵
  PID:3212
- C:\Windows\System\eitrsdP.exe
  C:\Windows\System\eitrsdP.exe
  2⤵
  PID:3312
- C:\Windows\System\XRjAgjH.exe
  C:\Windows\System\XRjAgjH.exe
  2⤵
  PID:3260
- C:\Windows\System\wmXfLbW.exe
  C:\Windows\System\wmXfLbW.exe
  2⤵
  PID:3396
- C:\Windows\System\VrnCVio.exe
  C:\Windows\System\VrnCVio.exe
  2⤵
  PID:3452
- C:\Windows\System\quYjItK.exe
  C:\Windows\System\quYjItK.exe
  2⤵
  PID:3556
- C:\Windows\System\WLBXCmE.exe
  C:\Windows\System\WLBXCmE.exe
  2⤵
  PID:3500
- C:\Windows\System\DbvbEZB.exe
  C:\Windows\System\DbvbEZB.exe
  2⤵
  PID:3592
- C:\Windows\System\AOvyiFm.exe
  C:\Windows\System\AOvyiFm.exe
  2⤵
  PID:3720
- C:\Windows\System\qruFkGs.exe
  C:\Windows\System\qruFkGs.exe
  2⤵
  PID:3704
- C:\Windows\System\xJvfToZ.exe
  C:\Windows\System\xJvfToZ.exe
  2⤵
  PID:3848
- C:\Windows\System\oMUCJjR.exe
  C:\Windows\System\oMUCJjR.exe
  2⤵
  PID:3924
- C:\Windows\System\qpDrzXy.exe
  C:\Windows\System\qpDrzXy.exe
  2⤵
  PID:4012
- C:\Windows\System\TNJIecE.exe
  C:\Windows\System\TNJIecE.exe
  2⤵
  PID:3828
- C:\Windows\System\LcyUWFq.exe
  C:\Windows\System\LcyUWFq.exe
  2⤵
  PID:3908
- C:\Windows\System\cGhxGti.exe
  C:\Windows\System\cGhxGti.exe
  2⤵
  PID:4080
- C:\Windows\System\qrPymYt.exe
  C:\Windows\System\qrPymYt.exe
  2⤵
  PID:2548
- C:\Windows\System\sbjOBIY.exe
  C:\Windows\System\sbjOBIY.exe
  2⤵
  PID:2292
- C:\Windows\System\dWnyxWl.exe
  C:\Windows\System\dWnyxWl.exe
  2⤵
  PID:2888
- C:\Windows\System\lztPAhD.exe
  C:\Windows\System\lztPAhD.exe
  2⤵
  PID:472
- C:\Windows\System\gvCvcAk.exe
  C:\Windows\System\gvCvcAk.exe
  2⤵
  PID:1256
- C:\Windows\System\dlBqNiu.exe
  C:\Windows\System\dlBqNiu.exe
  2⤵
  PID:1132
- C:\Windows\System\dLfyXmr.exe
  C:\Windows\System\dLfyXmr.exe
  2⤵
  PID:1052
- C:\Windows\System\STHBCIP.exe
  C:\Windows\System\STHBCIP.exe
  2⤵
  PID:3092
- C:\Windows\System\MgoNVPH.exe
  C:\Windows\System\MgoNVPH.exe
  2⤵
  PID:3276
- C:\Windows\System\nXLGujt.exe
  C:\Windows\System\nXLGujt.exe
  2⤵
  PID:3480
- C:\Windows\System\CKgMjmJ.exe
  C:\Windows\System\CKgMjmJ.exe
  2⤵
  PID:4100
- C:\Windows\System\EKayeIg.exe
  C:\Windows\System\EKayeIg.exe
  2⤵
  PID:4120
- C:\Windows\System\REIZlUF.exe
  C:\Windows\System\REIZlUF.exe
  2⤵
  PID:4144
- C:\Windows\System\JkhYJKq.exe
  C:\Windows\System\JkhYJKq.exe
  2⤵
  PID:4160
- C:\Windows\System\aBhBZuN.exe
  C:\Windows\System\aBhBZuN.exe
  2⤵
  PID:4184
- C:\Windows\System\pkqqqCL.exe
  C:\Windows\System\pkqqqCL.exe
  2⤵
  PID:4204
- C:\Windows\System\juTarwY.exe
  C:\Windows\System\juTarwY.exe
  2⤵
  PID:4224
- C:\Windows\System\RhnoYqg.exe
  C:\Windows\System\RhnoYqg.exe
  2⤵
  PID:4248
- C:\Windows\System\wjamqmO.exe
  C:\Windows\System\wjamqmO.exe
  2⤵
  PID:4268
- C:\Windows\System\djvgcfU.exe
  C:\Windows\System\djvgcfU.exe
  2⤵
  PID:4288
- C:\Windows\System\RrBycaO.exe
  C:\Windows\System\RrBycaO.exe
  2⤵
  PID:4308
- C:\Windows\System\VlMDkrj.exe
  C:\Windows\System\VlMDkrj.exe
  2⤵
  PID:4332
- C:\Windows\System\lfFaEbs.exe
  C:\Windows\System\lfFaEbs.exe
  2⤵
  PID:4352
- C:\Windows\System\aSGOZAu.exe
  C:\Windows\System\aSGOZAu.exe
  2⤵
  PID:4372
- C:\Windows\System\XKrIjJX.exe
  C:\Windows\System\XKrIjJX.exe
  2⤵
  PID:4392
- C:\Windows\System\LFVYLEZ.exe
  C:\Windows\System\LFVYLEZ.exe
  2⤵
  PID:4412
- C:\Windows\System\hafGsBt.exe
  C:\Windows\System\hafGsBt.exe
  2⤵
  PID:4432
- C:\Windows\System\RcFZgGa.exe
  C:\Windows\System\RcFZgGa.exe
  2⤵
  PID:4452
- C:\Windows\System\DPIsMYA.exe
  C:\Windows\System\DPIsMYA.exe
  2⤵
  PID:4472
- C:\Windows\System\MOCzDxs.exe
  C:\Windows\System\MOCzDxs.exe
  2⤵
  PID:4492
- C:\Windows\System\ikxXTxY.exe
  C:\Windows\System\ikxXTxY.exe
  2⤵
  PID:4512
- C:\Windows\System\VLClRPW.exe
  C:\Windows\System\VLClRPW.exe
  2⤵
  PID:4532
- C:\Windows\System\lBMFlpq.exe
  C:\Windows\System\lBMFlpq.exe
  2⤵
  PID:4552
- C:\Windows\System\oxkkcyG.exe
  C:\Windows\System\oxkkcyG.exe
  2⤵
  PID:4572
- C:\Windows\System\hGaryxm.exe
  C:\Windows\System\hGaryxm.exe
  2⤵
  PID:4592
- C:\Windows\System\UVrkzMr.exe
  C:\Windows\System\UVrkzMr.exe
  2⤵
  PID:4612
- C:\Windows\System\RtbWsaq.exe
  C:\Windows\System\RtbWsaq.exe
  2⤵
  PID:4628
- C:\Windows\System\CDEBNWc.exe
  C:\Windows\System\CDEBNWc.exe
  2⤵
  PID:4652
- C:\Windows\System\iBMxbHn.exe
  C:\Windows\System\iBMxbHn.exe
  2⤵
  PID:4676
- C:\Windows\System\YIzQZoy.exe
  C:\Windows\System\YIzQZoy.exe
  2⤵
  PID:4696
- C:\Windows\System\fvHIWry.exe
  C:\Windows\System\fvHIWry.exe
  2⤵
  PID:4716
- C:\Windows\System\kxRcZwX.exe
  C:\Windows\System\kxRcZwX.exe
  2⤵
  PID:4736
- C:\Windows\System\FjEZBOi.exe
  C:\Windows\System\FjEZBOi.exe
  2⤵
  PID:4756
- C:\Windows\System\eQCdxze.exe
  C:\Windows\System\eQCdxze.exe
  2⤵
  PID:4776
- C:\Windows\System\uRzzhmt.exe
  C:\Windows\System\uRzzhmt.exe
  2⤵
  PID:4796
- C:\Windows\System\JQfigoT.exe
  C:\Windows\System\JQfigoT.exe
  2⤵
  PID:4820
- C:\Windows\System\RVnWhMT.exe
  C:\Windows\System\RVnWhMT.exe
  2⤵
  PID:4840
- C:\Windows\System\ZezqYwo.exe
  C:\Windows\System\ZezqYwo.exe
  2⤵
  PID:4860
- C:\Windows\System\vqDwOgn.exe
  C:\Windows\System\vqDwOgn.exe
  2⤵
  PID:4880
- C:\Windows\System\oxQSDgH.exe
  C:\Windows\System\oxQSDgH.exe
  2⤵
  PID:4900
- C:\Windows\System\autlgBS.exe
  C:\Windows\System\autlgBS.exe
  2⤵
  PID:4920
- C:\Windows\System\QCLRpff.exe
  C:\Windows\System\QCLRpff.exe
  2⤵
  PID:4940
- C:\Windows\System\ZZpSeHR.exe
  C:\Windows\System\ZZpSeHR.exe
  2⤵
  PID:4960
- C:\Windows\System\rthJkvD.exe
  C:\Windows\System\rthJkvD.exe
  2⤵
  PID:4980
- C:\Windows\System\vtzbxWF.exe
  C:\Windows\System\vtzbxWF.exe
  2⤵
  PID:5000
- C:\Windows\System\wSrJIeX.exe
  C:\Windows\System\wSrJIeX.exe
  2⤵
  PID:5020
- C:\Windows\System\zIHtMnE.exe
  C:\Windows\System\zIHtMnE.exe
  2⤵
  PID:5040
- C:\Windows\System\bPEpIXd.exe
  C:\Windows\System\bPEpIXd.exe
  2⤵
  PID:5060
- C:\Windows\System\xWNmoDy.exe
  C:\Windows\System\xWNmoDy.exe
  2⤵
  PID:5080
- C:\Windows\System\BUqlQxW.exe
  C:\Windows\System\BUqlQxW.exe
  2⤵
  PID:5100
- C:\Windows\System\OhVLdJs.exe
  C:\Windows\System\OhVLdJs.exe
  2⤵
  PID:3540
- C:\Windows\System\ffrnYwR.exe
  C:\Windows\System\ffrnYwR.exe
  2⤵
  PID:3724
- C:\Windows\System\AjAWURx.exe
  C:\Windows\System\AjAWURx.exe
  2⤵
  PID:3536
- C:\Windows\System\KGVYjNq.exe
  C:\Windows\System\KGVYjNq.exe
  2⤵
  PID:3652
- C:\Windows\System\bzusNCj.exe
  C:\Windows\System\bzusNCj.exe
  2⤵
  PID:2908
- C:\Windows\System\xCmqpHT.exe
  C:\Windows\System\xCmqpHT.exe
  2⤵
  PID:2636
- C:\Windows\System\wlDcMDK.exe
  C:\Windows\System\wlDcMDK.exe
  2⤵
  PID:1796
- C:\Windows\System\rnKWYpM.exe
  C:\Windows\System\rnKWYpM.exe
  2⤵
  PID:2200
- C:\Windows\System\JZUASeP.exe
  C:\Windows\System\JZUASeP.exe
  2⤵
  PID:4128
- C:\Windows\System\LwdAgty.exe
  C:\Windows\System\LwdAgty.exe
  2⤵
  PID:4140
- C:\Windows\System\FRiDTjo.exe
  C:\Windows\System\FRiDTjo.exe
  2⤵
  PID:4176
- C:\Windows\System\khqQtYG.exe
  C:\Windows\System\khqQtYG.exe
  2⤵
  PID:4152
- C:\Windows\System\dCgtVRt.exe
  C:\Windows\System\dCgtVRt.exe
  2⤵
  PID:4216
- C:\Windows\System\GBxmnzp.exe
  C:\Windows\System\GBxmnzp.exe
  2⤵
  PID:4260
- C:\Windows\System\aZsDhMC.exe
  C:\Windows\System\aZsDhMC.exe
  2⤵
  PID:4244
- C:\Windows\System\NEGvvMV.exe
  C:\Windows\System\NEGvvMV.exe
  2⤵
  PID:4296
- C:\Windows\System\zZrgznS.exe
  C:\Windows\System\zZrgznS.exe
  2⤵
  PID:4316
- C:\Windows\System\JOCfaFI.exe
  C:\Windows\System\JOCfaFI.exe
  2⤵
  PID:4380
- C:\Windows\System\MbAbENz.exe
  C:\Windows\System\MbAbENz.exe
  2⤵
  PID:4428
- C:\Windows\System\sBRiyvJ.exe
  C:\Windows\System\sBRiyvJ.exe
  2⤵
  PID:4404
- C:\Windows\System\LrrhpqX.exe
  C:\Windows\System\LrrhpqX.exe
  2⤵
  PID:4444
- C:\Windows\System\fKmLjfe.exe
  C:\Windows\System\fKmLjfe.exe
  2⤵
  PID:4488
- C:\Windows\System\KofqJst.exe
  C:\Windows\System\KofqJst.exe
  2⤵
  PID:4540
- C:\Windows\System\oxTaLta.exe
  C:\Windows\System\oxTaLta.exe
  2⤵
  PID:4524
- C:\Windows\System\eXUSrKp.exe
  C:\Windows\System\eXUSrKp.exe
  2⤵
  PID:4564
- C:\Windows\System\zWStZdH.exe
  C:\Windows\System\zWStZdH.exe
  2⤵
  PID:812
- C:\Windows\System\hnrOIGX.exe
  C:\Windows\System\hnrOIGX.exe
  2⤵
  PID:4672
- C:\Windows\System\hhBMFKd.exe
  C:\Windows\System\hhBMFKd.exe
  2⤵
  PID:4648
- C:\Windows\System\EaSbeBv.exe
  C:\Windows\System\EaSbeBv.exe
  2⤵
  PID:4692
- C:\Windows\System\yUVaKxR.exe
  C:\Windows\System\yUVaKxR.exe
  2⤵
  PID:4724
- C:\Windows\System\eVSzqYs.exe
  C:\Windows\System\eVSzqYs.exe
  2⤵
  PID:4748
- C:\Windows\System\nstudRR.exe
  C:\Windows\System\nstudRR.exe
  2⤵
  PID:4784
- C:\Windows\System\qAJsBPC.exe
  C:\Windows\System\qAJsBPC.exe
  2⤵
  PID:4788
- C:\Windows\System\rcQNhKh.exe
  C:\Windows\System\rcQNhKh.exe
  2⤵
  PID:4868
- C:\Windows\System\ZWVmbNO.exe
  C:\Windows\System\ZWVmbNO.exe
  2⤵
  PID:4916
- C:\Windows\System\fpvksTv.exe
  C:\Windows\System\fpvksTv.exe
  2⤵
  PID:2536
- C:\Windows\System\PFdUjXA.exe
  C:\Windows\System\PFdUjXA.exe
  2⤵
  PID:4968
- C:\Windows\System\cBIQhvz.exe
  C:\Windows\System\cBIQhvz.exe
  2⤵
  PID:4996
- C:\Windows\System\PDBgQYe.exe
  C:\Windows\System\PDBgQYe.exe
  2⤵
  PID:5016
- C:\Windows\System\mmcHLXp.exe
  C:\Windows\System\mmcHLXp.exe
  2⤵
  PID:5048
- C:\Windows\System\nmGAfjL.exe
  C:\Windows\System\nmGAfjL.exe
  2⤵
  PID:5108
- C:\Windows\System\xQZAHkR.exe
  C:\Windows\System\xQZAHkR.exe
  2⤵
  PID:5088
- C:\Windows\System\tALpbGF.exe
  C:\Windows\System\tALpbGF.exe
  2⤵
  PID:3668
- C:\Windows\System\cmEJcRx.exe
  C:\Windows\System\cmEJcRx.exe
  2⤵
  PID:3584
- C:\Windows\System\PyUbebs.exe
  C:\Windows\System\PyUbebs.exe
  2⤵
  PID:3792
- C:\Windows\System\lXRWwRV.exe
  C:\Windows\System\lXRWwRV.exe
  2⤵
  PID:2880
- C:\Windows\System\ZEsMZHF.exe
  C:\Windows\System\ZEsMZHF.exe
  2⤵
  PID:4032
- C:\Windows\System\YpZMxTK.exe
  C:\Windows\System\YpZMxTK.exe
  2⤵
  PID:2040
- C:\Windows\System\jzAFLni.exe
  C:\Windows\System\jzAFLni.exe
  2⤵
  PID:2368
- C:\Windows\System\gBXpthR.exe
  C:\Windows\System\gBXpthR.exe
  2⤵
  PID:1664
- C:\Windows\System\RmUuyIs.exe
  C:\Windows\System\RmUuyIs.exe
  2⤵
  PID:2984
- C:\Windows\System\xJgzGQs.exe
  C:\Windows\System\xJgzGQs.exe
  2⤵
  PID:2524
- C:\Windows\System\hqWBjXB.exe
  C:\Windows\System\hqWBjXB.exe
  2⤵
  PID:2832
- C:\Windows\System\uDKVKDt.exe
  C:\Windows\System\uDKVKDt.exe
  2⤵
  PID:628
- C:\Windows\System\WvAIPxq.exe
  C:\Windows\System\WvAIPxq.exe
  2⤵
  PID:1444
- C:\Windows\System\aFrjtXi.exe
  C:\Windows\System\aFrjtXi.exe
  2⤵
  PID:580
- C:\Windows\System\OEpHPqi.exe
  C:\Windows\System\OEpHPqi.exe
  2⤵
  PID:3176
- C:\Windows\System\tIrkTot.exe
  C:\Windows\System\tIrkTot.exe
  2⤵
  PID:972
- C:\Windows\System\jphnpcJ.exe
  C:\Windows\System\jphnpcJ.exe
  2⤵
  PID:2312
- C:\Windows\System\COJJkpu.exe
  C:\Windows\System\COJJkpu.exe
  2⤵
  PID:1672
- C:\Windows\System\cuagMhg.exe
  C:\Windows\System\cuagMhg.exe
  2⤵
  PID:920
- C:\Windows\System\UhjQiIg.exe
  C:\Windows\System\UhjQiIg.exe
  2⤵
  PID:2384
- C:\Windows\System\qnRQQpn.exe
  C:\Windows\System\qnRQQpn.exe
  2⤵
  PID:320
- C:\Windows\System\scdIrhZ.exe
  C:\Windows\System\scdIrhZ.exe
  2⤵
  PID:1060
- C:\Windows\System\PPUOdCa.exe
  C:\Windows\System\PPUOdCa.exe
  2⤵
  PID:3008
- C:\Windows\System\MmgcFum.exe
  C:\Windows\System\MmgcFum.exe
  2⤵
  PID:2084
- C:\Windows\System\AtjsHWr.exe
  C:\Windows\System\AtjsHWr.exe
  2⤵
  PID:3096
- C:\Windows\System\dLHcjwq.exe
  C:\Windows\System\dLHcjwq.exe
  2⤵
  PID:3456
- C:\Windows\System\WyJkvYk.exe
  C:\Windows\System\WyJkvYk.exe
  2⤵
  PID:4172
- C:\Windows\System\hvieeDh.exe
  C:\Windows\System\hvieeDh.exe
  2⤵
  PID:4108
- C:\Windows\System\RSVjCLe.exe
  C:\Windows\System\RSVjCLe.exe
  2⤵
  PID:4256
- C:\Windows\System\RtYFgqy.exe
  C:\Windows\System\RtYFgqy.exe
  2⤵
  PID:4324
- C:\Windows\System\nDcySGC.exe
  C:\Windows\System\nDcySGC.exe
  2⤵
  PID:4192
- C:\Windows\System\vTTBHai.exe
  C:\Windows\System\vTTBHai.exe
  2⤵
  PID:2128
- C:\Windows\System\oRkcAIv.exe
  C:\Windows\System\oRkcAIv.exe
  2⤵
  PID:4388
- C:\Windows\System\CUqcjLu.exe
  C:\Windows\System\CUqcjLu.exe
  2⤵
  PID:4508
- C:\Windows\System\hzFoODB.exe
  C:\Windows\System\hzFoODB.exe
  2⤵
  PID:4764
- C:\Windows\System\cOABRsr.exe
  C:\Windows\System\cOABRsr.exe
  2⤵
  PID:4832
- C:\Windows\System\bcKsnZA.exe
  C:\Windows\System\bcKsnZA.exe
  2⤵
  PID:2196
- C:\Windows\System\QAvExoJ.exe
  C:\Windows\System\QAvExoJ.exe
  2⤵
  PID:4936
- C:\Windows\System\nMDJYhL.exe
  C:\Windows\System\nMDJYhL.exe
  2⤵
  PID:4584
- C:\Windows\System\vbpZyXC.exe
  C:\Windows\System\vbpZyXC.exe
  2⤵
  PID:4728
- C:\Windows\System\mnncHJz.exe
  C:\Windows\System\mnncHJz.exe
  2⤵
  PID:4816
- C:\Windows\System\hqTniHP.exe
  C:\Windows\System\hqTniHP.exe
  2⤵
  PID:4896
- C:\Windows\System\HWsfEyV.exe
  C:\Windows\System\HWsfEyV.exe
  2⤵
  PID:4976
- C:\Windows\System\sdEtUpx.exe
  C:\Windows\System\sdEtUpx.exe
  2⤵
  PID:5036
- C:\Windows\System\QOdcEOl.exe
  C:\Windows\System\QOdcEOl.exe
  2⤵
  PID:3768
- C:\Windows\System\Opnzvce.exe
  C:\Windows\System\Opnzvce.exe
  2⤵
  PID:4932
- C:\Windows\System\bUFkZhc.exe
  C:\Windows\System\bUFkZhc.exe
  2⤵
  PID:3612
- C:\Windows\System\OXRRSFX.exe
  C:\Windows\System\OXRRSFX.exe
  2⤵
  PID:5028
- C:\Windows\System\hYFuIKE.exe
  C:\Windows\System\hYFuIKE.exe
  2⤵
  PID:2932
- C:\Windows\System\WxmnlLj.exe
  C:\Windows\System\WxmnlLj.exe
  2⤵
  PID:2616
- C:\Windows\System\tcaNKRo.exe
  C:\Windows\System\tcaNKRo.exe
  2⤵
  PID:1744
- C:\Windows\System\YNFkTzH.exe
  C:\Windows\System\YNFkTzH.exe
  2⤵
  PID:1772
- C:\Windows\System\IwnFgSw.exe
  C:\Windows\System\IwnFgSw.exe
  2⤵
  PID:1276
- C:\Windows\System\grOPPBD.exe
  C:\Windows\System\grOPPBD.exe
  2⤵
  PID:3056
- C:\Windows\System\KRoFtBQ.exe
  C:\Windows\System\KRoFtBQ.exe
  2⤵
  PID:2948
- C:\Windows\System\zvrxSqq.exe
  C:\Windows\System\zvrxSqq.exe
  2⤵
  PID:808
- C:\Windows\System\KLWWkyn.exe
  C:\Windows\System\KLWWkyn.exe
  2⤵
  PID:1972
- C:\Windows\System\jQOBNdB.exe
  C:\Windows\System\jQOBNdB.exe
  2⤵
  PID:2172
- C:\Windows\System\ATiiLBE.exe
  C:\Windows\System\ATiiLBE.exe
  2⤵
  PID:2080
- C:\Windows\System\IkQzWZC.exe
  C:\Windows\System\IkQzWZC.exe
  2⤵
  PID:3252
- C:\Windows\System\eLfeWBj.exe
  C:\Windows\System\eLfeWBj.exe
  2⤵
  PID:4364
- C:\Windows\System\PuJdkWF.exe
  C:\Windows\System\PuJdkWF.exe
  2⤵
  PID:4448
- C:\Windows\System\aqKftGF.exe
  C:\Windows\System\aqKftGF.exe
  2⤵
  PID:4136
- C:\Windows\System\JyIGjJT.exe
  C:\Windows\System\JyIGjJT.exe
  2⤵
  PID:4304
- C:\Windows\System\MhGadmZ.exe
  C:\Windows\System\MhGadmZ.exe
  2⤵
  PID:4624
- C:\Windows\System\pJYpqmJ.exe
  C:\Windows\System\pJYpqmJ.exe
  2⤵
  PID:4640
- C:\Windows\System\XVYnoIB.exe
  C:\Windows\System\XVYnoIB.exe
  2⤵
  PID:4660
- C:\Windows\System\InZrlWK.exe
  C:\Windows\System\InZrlWK.exe
  2⤵
  PID:4468
- C:\Windows\System\uyniVLF.exe
  C:\Windows\System\uyniVLF.exe
  2⤵
  PID:4620
- C:\Windows\System\pInrZQg.exe
  C:\Windows\System\pInrZQg.exe
  2⤵
  PID:5096
- C:\Windows\System\aGnlXyX.exe
  C:\Windows\System\aGnlXyX.exe
  2⤵
  PID:3128
- C:\Windows\System\ZwNdBss.exe
  C:\Windows\System\ZwNdBss.exe
  2⤵
  PID:3372
- C:\Windows\System\UeohLQP.exe
  C:\Windows\System\UeohLQP.exe
  2⤵
  PID:2036
- C:\Windows\System\yoOWXno.exe
  C:\Windows\System\yoOWXno.exe
  2⤵
  PID:672
- C:\Windows\System\iNFdNny.exe
  C:\Windows\System\iNFdNny.exe
  2⤵
  PID:5072
- C:\Windows\System\DshwbzB.exe
  C:\Windows\System\DshwbzB.exe
  2⤵
  PID:1924
- C:\Windows\System\vtKdVHe.exe
  C:\Windows\System\vtKdVHe.exe
  2⤵
  PID:1596
- C:\Windows\System\Ifzcdks.exe
  C:\Windows\System\Ifzcdks.exe
  2⤵
  PID:1148
- C:\Windows\System\YbQZfgk.exe
  C:\Windows\System\YbQZfgk.exe
  2⤵
  PID:4636
- C:\Windows\System\FoodajT.exe
  C:\Windows\System\FoodajT.exe
  2⤵
  PID:4424
- C:\Windows\System\LczKCqX.exe
  C:\Windows\System\LczKCqX.exe
  2⤵
  PID:2924
- C:\Windows\System\yWtPTnx.exe
  C:\Windows\System\yWtPTnx.exe
  2⤵
  PID:2360
- C:\Windows\System\ttqCVUT.exe
  C:\Windows\System\ttqCVUT.exe
  2⤵
  PID:4344
- C:\Windows\System\HSVUdny.exe
  C:\Windows\System\HSVUdny.exe
  2⤵
  PID:1628
- C:\Windows\System\FJzyLmp.exe
  C:\Windows\System\FJzyLmp.exe
  2⤵
  PID:4808
- C:\Windows\System\TmAOYFV.exe
  C:\Windows\System\TmAOYFV.exe
  2⤵
  PID:4464
- C:\Windows\System\aYyyUJQ.exe
  C:\Windows\System\aYyyUJQ.exe
  2⤵
  PID:4836
- C:\Windows\System\DZuXGPD.exe
  C:\Windows\System\DZuXGPD.exe
  2⤵
  PID:4908
- C:\Windows\System\PZShTbn.exe
  C:\Windows\System\PZShTbn.exe
  2⤵
  PID:3576
- C:\Windows\System\lRvCmhe.exe
  C:\Windows\System\lRvCmhe.exe
  2⤵
  PID:652
- C:\Windows\System\NoYhpbX.exe
  C:\Windows\System\NoYhpbX.exe
  2⤵
  PID:2372
- C:\Windows\System\ZMFlcXB.exe
  C:\Windows\System\ZMFlcXB.exe
  2⤵
  PID:1316
- C:\Windows\System\mPVUrRb.exe
  C:\Windows\System\mPVUrRb.exe
  2⤵
  PID:3016
- C:\Windows\System\RKVLKjP.exe
  C:\Windows\System\RKVLKjP.exe
  2⤵
  PID:5052
- C:\Windows\System\DjWaSAa.exe
  C:\Windows\System\DjWaSAa.exe
  2⤵
  PID:1784
- C:\Windows\System\wHLvGzu.exe
  C:\Windows\System\wHLvGzu.exe
  2⤵
  PID:1136
- C:\Windows\System\moQwDnR.exe
  C:\Windows\System\moQwDnR.exe
  2⤵
  PID:5128
- C:\Windows\System\yPFjJhe.exe
  C:\Windows\System\yPFjJhe.exe
  2⤵
  PID:5148
- C:\Windows\System\AzGfcSf.exe
  C:\Windows\System\AzGfcSf.exe
  2⤵
  PID:5168
- C:\Windows\System\VxGsQez.exe
  C:\Windows\System\VxGsQez.exe
  2⤵
  PID:5232
- C:\Windows\System\FEVmLEF.exe
  C:\Windows\System\FEVmLEF.exe
  2⤵
  PID:5248
- C:\Windows\System\zWbEUpW.exe
  C:\Windows\System\zWbEUpW.exe
  2⤵
  PID:5276
- C:\Windows\System\sfJjsys.exe
  C:\Windows\System\sfJjsys.exe
  2⤵
  PID:5296
- C:\Windows\System\GGWYBYB.exe
  C:\Windows\System\GGWYBYB.exe
  2⤵
  PID:5316
- C:\Windows\System\vWpRfZZ.exe
  C:\Windows\System\vWpRfZZ.exe
  2⤵
  PID:5332
- C:\Windows\System\unDTNpV.exe
  C:\Windows\System\unDTNpV.exe
  2⤵
  PID:5356
- C:\Windows\System\tVZSliQ.exe
  C:\Windows\System\tVZSliQ.exe
  2⤵
  PID:5376
- C:\Windows\System\VznoJnW.exe
  C:\Windows\System\VznoJnW.exe
  2⤵
  PID:5392
- C:\Windows\System\kAqjeOl.exe
  C:\Windows\System\kAqjeOl.exe
  2⤵
  PID:5408
- C:\Windows\System\cTIVkoI.exe
  C:\Windows\System\cTIVkoI.exe
  2⤵
  PID:5424
- C:\Windows\System\WJFTLuI.exe
  C:\Windows\System\WJFTLuI.exe
  2⤵
  PID:5440
- C:\Windows\System\yKPTSAv.exe
  C:\Windows\System\yKPTSAv.exe
  2⤵
  PID:5456
- C:\Windows\System\QpPNiea.exe
  C:\Windows\System\QpPNiea.exe
  2⤵
  PID:5472
- C:\Windows\System\gVyjnOW.exe
  C:\Windows\System\gVyjnOW.exe
  2⤵
  PID:5488
- C:\Windows\System\xBmXoLA.exe
  C:\Windows\System\xBmXoLA.exe
  2⤵
  PID:5504
- C:\Windows\System\dZmlEKM.exe
  C:\Windows\System\dZmlEKM.exe
  2⤵
  PID:5520
- C:\Windows\System\vUyIcOv.exe
  C:\Windows\System\vUyIcOv.exe
  2⤵
  PID:5536
- C:\Windows\System\poTLLBf.exe
  C:\Windows\System\poTLLBf.exe
  2⤵
  PID:5552
- C:\Windows\System\HccQAtP.exe
  C:\Windows\System\HccQAtP.exe
  2⤵
  PID:5568
- C:\Windows\System\MvlaaFj.exe
  C:\Windows\System\MvlaaFj.exe
  2⤵
  PID:5584
- C:\Windows\System\rarFPMG.exe
  C:\Windows\System\rarFPMG.exe
  2⤵
  PID:5600
- C:\Windows\System\QQvAOiP.exe
  C:\Windows\System\QQvAOiP.exe
  2⤵
  PID:5616
- C:\Windows\System\UIPQwkW.exe
  C:\Windows\System\UIPQwkW.exe
  2⤵
  PID:5632
- C:\Windows\System\XWTjZkr.exe
  C:\Windows\System\XWTjZkr.exe
  2⤵
  PID:5648
- C:\Windows\System\uRupDsI.exe
  C:\Windows\System\uRupDsI.exe
  2⤵
  PID:5664
- C:\Windows\System\fcLfmNS.exe
  C:\Windows\System\fcLfmNS.exe
  2⤵
  PID:5684
- C:\Windows\System\WwpbvEq.exe
  C:\Windows\System\WwpbvEq.exe
  2⤵
  PID:5700
- C:\Windows\System\fQNJjMd.exe
  C:\Windows\System\fQNJjMd.exe
  2⤵
  PID:5716
- C:\Windows\System\uZlGgmf.exe
  C:\Windows\System\uZlGgmf.exe
  2⤵
  PID:5732
- C:\Windows\System\ktqyYNo.exe
  C:\Windows\System\ktqyYNo.exe
  2⤵
  PID:5748
- C:\Windows\System\eWtiWmE.exe
  C:\Windows\System\eWtiWmE.exe
  2⤵
  PID:5764
- C:\Windows\System\rluoGcR.exe
  C:\Windows\System\rluoGcR.exe
  2⤵
  PID:5780
- C:\Windows\System\pwEBTSQ.exe
  C:\Windows\System\pwEBTSQ.exe
  2⤵
  PID:5796
- C:\Windows\System\hqKdnxx.exe
  C:\Windows\System\hqKdnxx.exe
  2⤵
  PID:5812
- C:\Windows\System\tKlWfch.exe
  C:\Windows\System\tKlWfch.exe
  2⤵
  PID:5828
- C:\Windows\System\GqlfvuS.exe
  C:\Windows\System\GqlfvuS.exe
  2⤵
  PID:5844
- C:\Windows\System\DcJcKkY.exe
  C:\Windows\System\DcJcKkY.exe
  2⤵
  PID:5860
- C:\Windows\System\hAPyjIQ.exe
  C:\Windows\System\hAPyjIQ.exe
  2⤵
  PID:5876
- C:\Windows\System\SGEtILw.exe
  C:\Windows\System\SGEtILw.exe
  2⤵
  PID:5892
- C:\Windows\System\mfvqFMo.exe
  C:\Windows\System\mfvqFMo.exe
  2⤵
  PID:5908
- C:\Windows\System\mgubjkG.exe
  C:\Windows\System\mgubjkG.exe
  2⤵
  PID:5924
- C:\Windows\System\tPYpTCP.exe
  C:\Windows\System\tPYpTCP.exe
  2⤵
  PID:5940
- C:\Windows\System\IOYVqpJ.exe
  C:\Windows\System\IOYVqpJ.exe
  2⤵
  PID:5956
- C:\Windows\System\lVePfut.exe
  C:\Windows\System\lVePfut.exe
  2⤵
  PID:5972
- C:\Windows\System\OuVhIAy.exe
  C:\Windows\System\OuVhIAy.exe
  2⤵
  PID:5988
- C:\Windows\System\iaAnpIn.exe
  C:\Windows\System\iaAnpIn.exe
  2⤵
  PID:6004
- C:\Windows\System\EMCsTcr.exe
  C:\Windows\System\EMCsTcr.exe
  2⤵
  PID:6020
- C:\Windows\System\lpfTUed.exe
  C:\Windows\System\lpfTUed.exe
  2⤵
  PID:6036
- C:\Windows\System\xDMnBZy.exe
  C:\Windows\System\xDMnBZy.exe
  2⤵
  PID:6052
- C:\Windows\System\ZCiFORk.exe
  C:\Windows\System\ZCiFORk.exe
  2⤵
  PID:6068
- C:\Windows\System\Ofmbbmr.exe
  C:\Windows\System\Ofmbbmr.exe
  2⤵
  PID:6084
- C:\Windows\System\CFffqTR.exe
  C:\Windows\System\CFffqTR.exe
  2⤵
  PID:6100
- C:\Windows\System\JctZApY.exe
  C:\Windows\System\JctZApY.exe
  2⤵
  PID:6116
- C:\Windows\System\LnKWoCm.exe
  C:\Windows\System\LnKWoCm.exe
  2⤵
  PID:6140
- C:\Windows\System\fIPlsuc.exe
  C:\Windows\System\fIPlsuc.exe
  2⤵
  PID:4684
- C:\Windows\System\njdwHwP.exe
  C:\Windows\System\njdwHwP.exe
  2⤵
  PID:4384
- C:\Windows\System\FZcyAWA.exe
  C:\Windows\System\FZcyAWA.exe
  2⤵
  PID:2320
- C:\Windows\System\BeDFFBG.exe
  C:\Windows\System\BeDFFBG.exe
  2⤵
  PID:5144
- C:\Windows\System\fqGTYiJ.exe
  C:\Windows\System\fqGTYiJ.exe
  2⤵
  PID:5192
- C:\Windows\System\qAaHvpC.exe
  C:\Windows\System\qAaHvpC.exe
  2⤵
  PID:5196
- C:\Windows\System\rRfIelA.exe
  C:\Windows\System\rRfIelA.exe
  2⤵
  PID:5208
- C:\Windows\System\nHmnihd.exe
  C:\Windows\System\nHmnihd.exe
  2⤵
  PID:1816
- C:\Windows\System\LpHOLCr.exe
  C:\Windows\System\LpHOLCr.exe
  2⤵
  PID:2920
- C:\Windows\System\BTRLsAh.exe
  C:\Windows\System\BTRLsAh.exe
  2⤵
  PID:4480
- C:\Windows\System\YZrSTeH.exe
  C:\Windows\System\YZrSTeH.exe
  2⤵
  PID:2628
- C:\Windows\System\NboEVDZ.exe
  C:\Windows\System\NboEVDZ.exe
  2⤵
  PID:5164
- C:\Windows\System\WSiYEFR.exe
  C:\Windows\System\WSiYEFR.exe
  2⤵
  PID:5220
- C:\Windows\System\Zlilwrf.exe
  C:\Windows\System\Zlilwrf.exe
  2⤵
  PID:5240
- C:\Windows\System\TrACxuZ.exe
  C:\Windows\System\TrACxuZ.exe
  2⤵
  PID:5348
- C:\Windows\System\BNcfKyL.exe
  C:\Windows\System\BNcfKyL.exe
  2⤵
  PID:5284
- C:\Windows\System\nJKQzqG.exe
  C:\Windows\System\nJKQzqG.exe
  2⤵
  PID:5340
- C:\Windows\System\kQmeUie.exe
  C:\Windows\System\kQmeUie.exe
  2⤵
  PID:5288
- C:\Windows\System\JjRgzkZ.exe
  C:\Windows\System\JjRgzkZ.exe
  2⤵
  PID:5400
- C:\Windows\System\IZAVqsA.exe
  C:\Windows\System\IZAVqsA.exe
  2⤵
  PID:5512
- C:\Windows\System\KbesDuz.exe
  C:\Windows\System\KbesDuz.exe
  2⤵
  PID:5608
- C:\Windows\System\zFvqpBf.exe
  C:\Windows\System\zFvqpBf.exe
  2⤵
  PID:5580
- C:\Windows\System\GQBctPz.exe
  C:\Windows\System\GQBctPz.exe
  2⤵
  PID:5312
- C:\Windows\System\oerSRkN.exe
  C:\Windows\System\oerSRkN.exe
  2⤵
  PID:5404
- C:\Windows\System\plmdeZl.exe
  C:\Windows\System\plmdeZl.exe
  2⤵
  PID:5432
- C:\Windows\System\FoapKJW.exe
  C:\Windows\System\FoapKJW.exe
  2⤵
  PID:5468
- C:\Windows\System\nxkaIUr.exe
  C:\Windows\System\nxkaIUr.exe
  2⤵
  PID:5624
- C:\Windows\System\MsnfbSZ.exe
  C:\Windows\System\MsnfbSZ.exe
  2⤵
  PID:5744
- C:\Windows\System\NavEewl.exe
  C:\Windows\System\NavEewl.exe
  2⤵
  PID:5496
- C:\Windows\System\KTZJNiA.exe
  C:\Windows\System\KTZJNiA.exe
  2⤵
  PID:5656
- C:\Windows\System\ndMLbar.exe
  C:\Windows\System\ndMLbar.exe
  2⤵
  PID:5808
- C:\Windows\System\qAHEhxl.exe
  C:\Windows\System\qAHEhxl.exe
  2⤵
  PID:5692
- C:\Windows\System\kjwyukK.exe
  C:\Windows\System\kjwyukK.exe
  2⤵
  PID:5900
- C:\Windows\System\tGbGJfe.exe
  C:\Windows\System\tGbGJfe.exe
  2⤵
  PID:5728
- C:\Windows\System\zzPzCmZ.exe
  C:\Windows\System\zzPzCmZ.exe
  2⤵
  PID:5936
- C:\Windows\System\GtBNaZq.exe
  C:\Windows\System\GtBNaZq.exe
  2⤵
  PID:5884
- C:\Windows\System\niKuvFE.exe
  C:\Windows\System\niKuvFE.exe
  2⤵
  PID:5952
- C:\Windows\System\VnNpGWY.exe
  C:\Windows\System\VnNpGWY.exe
  2⤵
  PID:5996
- C:\Windows\System\zcsGITo.exe
  C:\Windows\System\zcsGITo.exe
  2⤵
  PID:6064
- C:\Windows\System\TdGJEyA.exe
  C:\Windows\System\TdGJEyA.exe
  2⤵
  PID:6124
- C:\Windows\System\sBuwikC.exe
  C:\Windows\System\sBuwikC.exe
  2⤵
  PID:5140
- C:\Windows\System\FbONJWC.exe
  C:\Windows\System\FbONJWC.exe
  2⤵
  PID:6012
- C:\Windows\System\cbfGwLg.exe
  C:\Windows\System\cbfGwLg.exe
  2⤵
  PID:6080
- C:\Windows\System\ZPlbGLr.exe
  C:\Windows\System\ZPlbGLr.exe
  2⤵
  PID:2088
- C:\Windows\System\SqQNOZS.exe
  C:\Windows\System\SqQNOZS.exe
  2⤵
  PID:3316
- C:\Windows\System\IuIWpDo.exe
  C:\Windows\System\IuIWpDo.exe
  2⤵
  PID:5204
- C:\Windows\System\IBKraaw.exe
  C:\Windows\System\IBKraaw.exe
  2⤵
  PID:4348
- C:\Windows\System\oIafTRw.exe
  C:\Windows\System\oIafTRw.exe
  2⤵
  PID:5180
- C:\Windows\System\VaYlAQV.exe
  C:\Windows\System\VaYlAQV.exe
  2⤵
  PID:5680
- C:\Windows\System\ttesENF.exe
  C:\Windows\System\ttesENF.exe
  2⤵
  PID:5452
- C:\Windows\System\dLkKbEa.exe
  C:\Windows\System\dLkKbEa.exe
  2⤵
  PID:1520
- C:\Windows\System\FpwaVsw.exe
  C:\Windows\System\FpwaVsw.exe
  2⤵
  PID:5272
- C:\Windows\System\oHXjYEb.exe
  C:\Windows\System\oHXjYEb.exe
  2⤵
  PID:5612
- C:\Windows\System\bCnTwOo.exe
  C:\Windows\System\bCnTwOo.exe
  2⤵
  PID:5372
- C:\Windows\System\HHnwYbw.exe
  C:\Windows\System\HHnwYbw.exe
  2⤵
  PID:5464
- C:\Windows\System\EYQwibq.exe
  C:\Windows\System\EYQwibq.exe
  2⤵
  PID:5868
- C:\Windows\System\rVudScq.exe
  C:\Windows\System\rVudScq.exe
  2⤵
  PID:5932
- C:\Windows\System\Tzihthz.exe
  C:\Windows\System\Tzihthz.exe
  2⤵
  PID:5856
- C:\Windows\System\WCKFifM.exe
  C:\Windows\System\WCKFifM.exe
  2⤵
  PID:5824
- C:\Windows\System\qZhOhiF.exe
  C:\Windows\System\qZhOhiF.exe
  2⤵
  PID:5804
- C:\Windows\System\qOUHNnJ.exe
  C:\Windows\System\qOUHNnJ.exe
  2⤵
  PID:6092
- C:\Windows\System\nOmpkhS.exe
  C:\Windows\System\nOmpkhS.exe
  2⤵
  PID:4504
- C:\Windows\System\fRYaHPs.exe
  C:\Windows\System\fRYaHPs.exe
  2⤵
  PID:6032
- C:\Windows\System\xhWzxwm.exe
  C:\Windows\System\xhWzxwm.exe
  2⤵
  PID:4668
- C:\Windows\System\EjvBJSQ.exe
  C:\Windows\System\EjvBJSQ.exe
  2⤵
  PID:4420
- C:\Windows\System\hAJDPtr.exe
  C:\Windows\System\hAJDPtr.exe
  2⤵
  PID:5124
- C:\Windows\System\NbUmrlR.exe
  C:\Windows\System\NbUmrlR.exe
  2⤵
  PID:5448
- C:\Windows\System\wYIGVPH.exe
  C:\Windows\System\wYIGVPH.exe
  2⤵
  PID:5740
- C:\Windows\System\ZDIzWmF.exe
  C:\Windows\System\ZDIzWmF.exe
  2⤵
  PID:4528
- C:\Windows\System\hCmYPby.exe
  C:\Windows\System\hCmYPby.exe
  2⤵
  PID:5416
- C:\Windows\System\UZGUzVe.exe
  C:\Windows\System\UZGUzVe.exe
  2⤵
  PID:5500
- C:\Windows\System\hjZYiMt.exe
  C:\Windows\System\hjZYiMt.exe
  2⤵
  PID:2120
- C:\Windows\System\kaIMPbZ.exe
  C:\Windows\System\kaIMPbZ.exe
  2⤵
  PID:5188
- C:\Windows\System\dIryVPl.exe
  C:\Windows\System\dIryVPl.exe
  2⤵
  PID:4848
- C:\Windows\System\AuDvqCB.exe
  C:\Windows\System\AuDvqCB.exe
  2⤵
  PID:5836
- C:\Windows\System\qLBgSSf.exe
  C:\Windows\System\qLBgSSf.exe
  2⤵
  PID:5268
- C:\Windows\System\hjclejf.exe
  C:\Windows\System\hjclejf.exe
  2⤵
  PID:6048
- C:\Windows\System\mZDHlpy.exe
  C:\Windows\System\mZDHlpy.exe
  2⤵
  PID:5264
- C:\Windows\System\eAHiDkM.exe
  C:\Windows\System\eAHiDkM.exe
  2⤵
  PID:5676
- C:\Windows\System\hwkanhF.exe
  C:\Windows\System\hwkanhF.exe
  2⤵
  PID:5984
- C:\Windows\System\jZAxZIO.exe
  C:\Windows\System\jZAxZIO.exe
  2⤵
  PID:5244
- C:\Windows\System\GXVHLes.exe
  C:\Windows\System\GXVHLes.exe
  2⤵
  PID:5968
- C:\Windows\System\HDKCvhh.exe
  C:\Windows\System\HDKCvhh.exe
  2⤵
  PID:6160
- C:\Windows\System\PBxyRcT.exe
  C:\Windows\System\PBxyRcT.exe
  2⤵
  PID:6176
- C:\Windows\System\zqOTTVf.exe
  C:\Windows\System\zqOTTVf.exe
  2⤵
  PID:6192
- C:\Windows\System\qEVfLFn.exe
  C:\Windows\System\qEVfLFn.exe
  2⤵
  PID:6208
- C:\Windows\System\UqAOtxW.exe
  C:\Windows\System\UqAOtxW.exe
  2⤵
  PID:6224
- C:\Windows\System\IwLKVpI.exe
  C:\Windows\System\IwLKVpI.exe
  2⤵
  PID:6240
- C:\Windows\System\rQeCyLJ.exe
  C:\Windows\System\rQeCyLJ.exe
  2⤵
  PID:6256
- C:\Windows\System\stXSepr.exe
  C:\Windows\System\stXSepr.exe
  2⤵
  PID:6272
- C:\Windows\System\EGvlfFT.exe
  C:\Windows\System\EGvlfFT.exe
  2⤵
  PID:6288
- C:\Windows\System\bPcnZnR.exe
  C:\Windows\System\bPcnZnR.exe
  2⤵
  PID:6304
- C:\Windows\System\FuVqPys.exe
  C:\Windows\System\FuVqPys.exe
  2⤵
  PID:6320
- C:\Windows\System\JMHWrhK.exe
  C:\Windows\System\JMHWrhK.exe
  2⤵
  PID:6336
- C:\Windows\System\aBtRQBG.exe
  C:\Windows\System\aBtRQBG.exe
  2⤵
  PID:6352
- C:\Windows\System\FBcuozU.exe
  C:\Windows\System\FBcuozU.exe
  2⤵
  PID:6368
- C:\Windows\System\uFOsJRd.exe
  C:\Windows\System\uFOsJRd.exe
  2⤵
  PID:6384
- C:\Windows\System\vFnwiDf.exe
  C:\Windows\System\vFnwiDf.exe
  2⤵
  PID:6404
- C:\Windows\System\hhbZJba.exe
  C:\Windows\System\hhbZJba.exe
  2⤵
  PID:6420
- C:\Windows\System\Ngmuyyo.exe
  C:\Windows\System\Ngmuyyo.exe
  2⤵
  PID:6436
- C:\Windows\System\xRJamcS.exe
  C:\Windows\System\xRJamcS.exe
  2⤵
  PID:6452
- C:\Windows\System\lXujjPu.exe
  C:\Windows\System\lXujjPu.exe
  2⤵
  PID:6468
- C:\Windows\System\DdYpSRC.exe
  C:\Windows\System\DdYpSRC.exe
  2⤵
  PID:6484
- C:\Windows\System\QGMJbGs.exe
  C:\Windows\System\QGMJbGs.exe
  2⤵
  PID:6500
- C:\Windows\System\VrnyHuN.exe
  C:\Windows\System\VrnyHuN.exe
  2⤵
  PID:6516
- C:\Windows\System\RbrxxFq.exe
  C:\Windows\System\RbrxxFq.exe
  2⤵
  PID:6536
- C:\Windows\System\ZGQAdPs.exe
  C:\Windows\System\ZGQAdPs.exe
  2⤵
  PID:6552
- C:\Windows\System\LmYUOCw.exe
  C:\Windows\System\LmYUOCw.exe
  2⤵
  PID:6568
- C:\Windows\System\TGypgow.exe
  C:\Windows\System\TGypgow.exe
  2⤵
  PID:6588
- C:\Windows\System\YysjOqb.exe
  C:\Windows\System\YysjOqb.exe
  2⤵
  PID:6604
- C:\Windows\System\xcfxgAF.exe
  C:\Windows\System\xcfxgAF.exe
  2⤵
  PID:6620
- C:\Windows\System\YRnjdnF.exe
  C:\Windows\System\YRnjdnF.exe
  2⤵
  PID:6636
- C:\Windows\System\jNjUmys.exe
  C:\Windows\System\jNjUmys.exe
  2⤵
  PID:6652
- C:\Windows\System\byJZIvT.exe
  C:\Windows\System\byJZIvT.exe
  2⤵
  PID:6668
- C:\Windows\System\uHwcTzu.exe
  C:\Windows\System\uHwcTzu.exe
  2⤵
  PID:6688
- C:\Windows\System\sSledHw.exe
  C:\Windows\System\sSledHw.exe
  2⤵
  PID:6704
- C:\Windows\System\SUPjxOd.exe
  C:\Windows\System\SUPjxOd.exe
  2⤵
  PID:6720
- C:\Windows\System\iUaBfiW.exe
  C:\Windows\System\iUaBfiW.exe
  2⤵
  PID:6736
- C:\Windows\System\QSGOoLN.exe
  C:\Windows\System\QSGOoLN.exe
  2⤵
  PID:6752
- C:\Windows\System\DunjeJp.exe
  C:\Windows\System\DunjeJp.exe
  2⤵
  PID:6768
- C:\Windows\System\tRqmChP.exe
  C:\Windows\System\tRqmChP.exe
  2⤵
  PID:6784
- C:\Windows\System\fzhXfCr.exe
  C:\Windows\System\fzhXfCr.exe
  2⤵
  PID:6800
- C:\Windows\System\TGXhiPC.exe
  C:\Windows\System\TGXhiPC.exe
  2⤵
  PID:6820
- C:\Windows\System\HDgwiAo.exe
  C:\Windows\System\HDgwiAo.exe
  2⤵
  PID:6836
- C:\Windows\System\QWQUhCs.exe
  C:\Windows\System\QWQUhCs.exe
  2⤵
  PID:6852
- C:\Windows\System\NDPdmKg.exe
  C:\Windows\System\NDPdmKg.exe
  2⤵
  PID:6868
- C:\Windows\System\rhzqyiT.exe
  C:\Windows\System\rhzqyiT.exe
  2⤵
  PID:6884
- C:\Windows\System\hFxFKWK.exe
  C:\Windows\System\hFxFKWK.exe
  2⤵
  PID:6900
- C:\Windows\System\EEWQGXF.exe
  C:\Windows\System\EEWQGXF.exe
  2⤵
  PID:6916
- C:\Windows\System\SgZZNnC.exe
  C:\Windows\System\SgZZNnC.exe
  2⤵
  PID:6932
- C:\Windows\System\xOXoVIS.exe
  C:\Windows\System\xOXoVIS.exe
  2⤵
  PID:6948
- C:\Windows\System\ChekSuG.exe
  C:\Windows\System\ChekSuG.exe
  2⤵
  PID:6964
- C:\Windows\System\kgUgzAV.exe
  C:\Windows\System\kgUgzAV.exe
  2⤵
  PID:6980
- C:\Windows\System\BcxDfbT.exe
  C:\Windows\System\BcxDfbT.exe
  2⤵
  PID:6996
- C:\Windows\System\nktPJVl.exe
  C:\Windows\System\nktPJVl.exe
  2⤵
  PID:7012
- C:\Windows\System\gQGjBxt.exe
  C:\Windows\System\gQGjBxt.exe
  2⤵
  PID:7032
- C:\Windows\System\xlFqtol.exe
  C:\Windows\System\xlFqtol.exe
  2⤵
  PID:7048
- C:\Windows\System\nHeoEqU.exe
  C:\Windows\System\nHeoEqU.exe
  2⤵
  PID:7064
- C:\Windows\System\poFbcGD.exe
  C:\Windows\System\poFbcGD.exe
  2⤵
  PID:7080
- C:\Windows\System\KmmHxsu.exe
  C:\Windows\System\KmmHxsu.exe
  2⤵
  PID:7096
- C:\Windows\System\dsFYwgQ.exe
  C:\Windows\System\dsFYwgQ.exe
  2⤵
  PID:7112
- C:\Windows\System\YxHneWk.exe
  C:\Windows\System\YxHneWk.exe
  2⤵
  PID:7128
- C:\Windows\System\AGvWHqV.exe
  C:\Windows\System\AGvWHqV.exe
  2⤵
  PID:7144
- C:\Windows\System\GELqETX.exe
  C:\Windows\System\GELqETX.exe
  2⤵
  PID:7160
- C:\Windows\System\nHFXZef.exe
  C:\Windows\System\nHFXZef.exe
  2⤵
  PID:6152
- C:\Windows\System\oxktoiE.exe
  C:\Windows\System\oxktoiE.exe
  2⤵
  PID:6200
- C:\Windows\System\OXxyalh.exe
  C:\Windows\System\OXxyalh.exe
  2⤵
  PID:6216
- C:\Windows\System\GLGSSWs.exe
  C:\Windows\System\GLGSSWs.exe
  2⤵
  PID:5516
- C:\Windows\System\RNsvqCr.exe
  C:\Windows\System\RNsvqCr.exe
  2⤵
  PID:6316
- C:\Windows\System\VwVNsIE.exe
  C:\Windows\System\VwVNsIE.exe
  2⤵
  PID:6236
- C:\Windows\System\caSkuPv.exe
  C:\Windows\System\caSkuPv.exe
  2⤵
  PID:6380
- C:\Windows\System\ReYfxgz.exe
  C:\Windows\System\ReYfxgz.exe
  2⤵
  PID:6416
- C:\Windows\System\gNCbjyP.exe
  C:\Windows\System\gNCbjyP.exe
  2⤵
  PID:6480
- C:\Windows\System\WBEWySC.exe
  C:\Windows\System\WBEWySC.exe
  2⤵
  PID:6328
- C:\Windows\System\TURlpRv.exe
  C:\Windows\System\TURlpRv.exe
  2⤵
  PID:6548
- C:\Windows\System\JYtKItL.exe
  C:\Windows\System\JYtKItL.exe
  2⤵
  PID:6464
- C:\Windows\System\lmcyMCS.exe
  C:\Windows\System\lmcyMCS.exe
  2⤵
  PID:6532
- C:\Windows\System\uKzIlEY.exe
  C:\Windows\System\uKzIlEY.exe
  2⤵
  PID:6596
- C:\Windows\System\YhCbekH.exe
  C:\Windows\System\YhCbekH.exe
  2⤵
  PID:6616
- C:\Windows\System\RLQxyUy.exe
  C:\Windows\System\RLQxyUy.exe
  2⤵
  PID:6628
- C:\Windows\System\gSTdhKN.exe
  C:\Windows\System\gSTdhKN.exe
  2⤵
  PID:6664
- C:\Windows\System\fGzecjv.exe
  C:\Windows\System\fGzecjv.exe
  2⤵
  PID:6716
- C:\Windows\System\ZdgizfT.exe
  C:\Windows\System\ZdgizfT.exe
  2⤵
  PID:6732
- C:\Windows\System\qnYHAIR.exe
  C:\Windows\System\qnYHAIR.exe
  2⤵
  PID:6156
- C:\Windows\System\lUbIVSn.exe
  C:\Windows\System\lUbIVSn.exe
  2⤵
  PID:5776
- C:\Windows\System\SnerRCQ.exe
  C:\Windows\System\SnerRCQ.exe
  2⤵
  PID:6812
- C:\Windows\System\yBnEIfX.exe
  C:\Windows\System\yBnEIfX.exe
  2⤵
  PID:5032
- C:\Windows\System\BDkvWVk.exe
  C:\Windows\System\BDkvWVk.exe
  2⤵
  PID:6896
- C:\Windows\System\JskAlaS.exe
  C:\Windows\System\JskAlaS.exe
  2⤵
  PID:6960
- C:\Windows\System\dBwdKJX.exe
  C:\Windows\System\dBwdKJX.exe
  2⤵
  PID:6880
- C:\Windows\System\raTcRuM.exe
  C:\Windows\System\raTcRuM.exe
  2⤵
  PID:6944
- C:\Windows\System\ZXLtvxu.exe
  C:\Windows\System\ZXLtvxu.exe
  2⤵
  PID:7020
- C:\Windows\System\qXCXByp.exe
  C:\Windows\System\qXCXByp.exe
  2⤵
  PID:7028
- C:\Windows\System\seveTAG.exe
  C:\Windows\System\seveTAG.exe
  2⤵
  PID:7120
- C:\Windows\System\xGtmyON.exe
  C:\Windows\System\xGtmyON.exe
  2⤵
  PID:7072
- C:\Windows\System\OXmMbtN.exe
  C:\Windows\System\OXmMbtN.exe
  2⤵
  PID:7108
- C:\Windows\System\wymDcgh.exe
  C:\Windows\System\wymDcgh.exe
  2⤵
  PID:6148
- C:\Windows\System\cxtSOaM.exe
  C:\Windows\System\cxtSOaM.exe
  2⤵
  PID:6252
- C:\Windows\System\vbmuaou.exe
  C:\Windows\System\vbmuaou.exe
  2⤵
  PID:6268
- C:\Windows\System\eaKCqbC.exe
  C:\Windows\System\eaKCqbC.exe
  2⤵
  PID:6364
- C:\Windows\System\ERGIdqP.exe
  C:\Windows\System\ERGIdqP.exe
  2⤵
  PID:6348
- C:\Windows\System\ayvEaok.exe
  C:\Windows\System\ayvEaok.exe
  2⤵
  PID:6476
- C:\Windows\System\oLAQWwv.exe
  C:\Windows\System\oLAQWwv.exe
  2⤵
  PID:6524
- C:\Windows\System\bYfPads.exe
  C:\Windows\System\bYfPads.exe
  2⤵
  PID:6400
- C:\Windows\System\uzWnPzy.exe
  C:\Windows\System\uzWnPzy.exe
  2⤵
  PID:6648
- C:\Windows\System\fjktDmV.exe
  C:\Windows\System\fjktDmV.exe
  2⤵
  PID:6764
- C:\Windows\System\vyhmqDA.exe
  C:\Windows\System\vyhmqDA.exe
  2⤵
  PID:6728
- C:\Windows\System\uMwJTHR.exe
  C:\Windows\System\uMwJTHR.exe
  2⤵
  PID:6864
- C:\Windows\System\vijOZPX.exe
  C:\Windows\System\vijOZPX.exe
  2⤵
  PID:7060
- C:\Windows\System\ctmiLym.exe
  C:\Windows\System\ctmiLym.exe
  2⤵
  PID:6832
- C:\Windows\System\LcKNHur.exe
  C:\Windows\System\LcKNHur.exe
  2⤵
  PID:6908
- C:\Windows\System\edtKRGX.exe
  C:\Windows\System\edtKRGX.exe
  2⤵
  PID:7104
- C:\Windows\System\rYuTtYt.exe
  C:\Windows\System\rYuTtYt.exe
  2⤵
  PID:6300
- C:\Windows\System\irNnTaS.exe
  C:\Windows\System\irNnTaS.exe
  2⤵
  PID:7140
- C:\Windows\System\fykfnUE.exe
  C:\Windows\System\fykfnUE.exe
  2⤵
  PID:6284
- C:\Windows\System\nJgwUCP.exe
  C:\Windows\System\nJgwUCP.exe
  2⤵
  PID:6576
- C:\Windows\System\omGaftB.exe
  C:\Windows\System\omGaftB.exe
  2⤵
  PID:6700
- C:\Windows\System\iOdcRCz.exe
  C:\Windows\System\iOdcRCz.exe
  2⤵
  PID:6816
- C:\Windows\System\ytpGMFD.exe
  C:\Windows\System\ytpGMFD.exe
  2⤵
  PID:6528
- C:\Windows\System\oeFszly.exe
  C:\Windows\System\oeFszly.exe
  2⤵
  PID:2456
- C:\Windows\System\tTegkVg.exe
  C:\Windows\System\tTegkVg.exe
  2⤵
  PID:1120
- C:\Windows\System\tFdRDeI.exe
  C:\Windows\System\tFdRDeI.exe
  2⤵
  PID:360
- C:\Windows\System\LuxHSXt.exe
  C:\Windows\System\LuxHSXt.exe
  2⤵
  PID:6360
- C:\Windows\System\pXHGkYQ.exe
  C:\Windows\System\pXHGkYQ.exe
  2⤵
  PID:7040
- C:\Windows\System\ytspRjK.exe
  C:\Windows\System\ytspRjK.exe
  2⤵
  PID:7156
- C:\Windows\System\syEJRxX.exe
  C:\Windows\System\syEJRxX.exe
  2⤵
  PID:5576
- C:\Windows\System\yAWqYRv.exe
  C:\Windows\System\yAWqYRv.exe
  2⤵
  PID:6600
- C:\Windows\System\QwvYLMi.exe
  C:\Windows\System\QwvYLMi.exe
  2⤵
  PID:6892
- C:\Windows\System\yTrDKgM.exe
  C:\Windows\System\yTrDKgM.exe
  2⤵
  PID:6988
- C:\Windows\System\plfNmrq.exe
  C:\Windows\System\plfNmrq.exe
  2⤵
  PID:6248
- C:\Windows\System\iMjsNnx.exe
  C:\Windows\System\iMjsNnx.exe
  2⤵
  PID:6712
- C:\Windows\System\wEHNXki.exe
  C:\Windows\System\wEHNXki.exe
  2⤵
  PID:7008
- C:\Windows\System\QNvVgeH.exe
  C:\Windows\System\QNvVgeH.exe
  2⤵
  PID:6448
- C:\Windows\System\exDNBhc.exe
  C:\Windows\System\exDNBhc.exe
  2⤵
  PID:6956
- C:\Windows\System\oFZqkmv.exe
  C:\Windows\System\oFZqkmv.exe
  2⤵
  PID:7180
- C:\Windows\System\INQqoyu.exe
  C:\Windows\System\INQqoyu.exe
  2⤵
  PID:7196
- C:\Windows\System\VxqHwSb.exe
  C:\Windows\System\VxqHwSb.exe
  2⤵
  PID:7212
- C:\Windows\System\DkhNILn.exe
  C:\Windows\System\DkhNILn.exe
  2⤵
  PID:7228
- C:\Windows\System\jLRvmwH.exe
  C:\Windows\System\jLRvmwH.exe
  2⤵
  PID:7244
- C:\Windows\System\ufrBQMf.exe
  C:\Windows\System\ufrBQMf.exe
  2⤵
  PID:7260
- C:\Windows\System\fLxYzhN.exe
  C:\Windows\System\fLxYzhN.exe
  2⤵
  PID:7284
- C:\Windows\System\DsZctMy.exe
  C:\Windows\System\DsZctMy.exe
  2⤵
  PID:7300
- C:\Windows\System\trPNFUq.exe
  C:\Windows\System\trPNFUq.exe
  2⤵
  PID:7316
- C:\Windows\System\XxmaXfc.exe
  C:\Windows\System\XxmaXfc.exe
  2⤵
  PID:7332
- C:\Windows\System\RVdmOPE.exe
  C:\Windows\System\RVdmOPE.exe
  2⤵
  PID:7348
- C:\Windows\System\SKzkXIU.exe
  C:\Windows\System\SKzkXIU.exe
  2⤵
  PID:7364
- C:\Windows\System\FxkEolg.exe
  C:\Windows\System\FxkEolg.exe
  2⤵
  PID:7380
- C:\Windows\System\bfSAfiH.exe
  C:\Windows\System\bfSAfiH.exe
  2⤵
  PID:7400
- C:\Windows\System\lsCjbnd.exe
  C:\Windows\System\lsCjbnd.exe
  2⤵
  PID:7424
- C:\Windows\System\zMjpRgD.exe
  C:\Windows\System\zMjpRgD.exe
  2⤵
  PID:7440
- C:\Windows\System\UQTDYSK.exe
  C:\Windows\System\UQTDYSK.exe
  2⤵
  PID:7456
- C:\Windows\System\sRCLIqh.exe
  C:\Windows\System\sRCLIqh.exe
  2⤵
  PID:7472
- C:\Windows\System\VTeeUua.exe
  C:\Windows\System\VTeeUua.exe
  2⤵
  PID:7488
- C:\Windows\System\MqZYYRL.exe
  C:\Windows\System\MqZYYRL.exe
  2⤵
  PID:7504
- C:\Windows\System\OjodjbQ.exe
  C:\Windows\System\OjodjbQ.exe
  2⤵
  PID:7520
- C:\Windows\System\OEiCVxD.exe
  C:\Windows\System\OEiCVxD.exe
  2⤵
  PID:7536
- C:\Windows\System\uhMjOnb.exe
  C:\Windows\System\uhMjOnb.exe
  2⤵
  PID:7552
- C:\Windows\System\qYTXOpk.exe
  C:\Windows\System\qYTXOpk.exe
  2⤵
  PID:7568
- C:\Windows\System\DDeYlWj.exe
  C:\Windows\System\DDeYlWj.exe
  2⤵
  PID:7584
- C:\Windows\System\FaQKAFd.exe
  C:\Windows\System\FaQKAFd.exe
  2⤵
  PID:7600
- C:\Windows\System\hKCuISc.exe
  C:\Windows\System\hKCuISc.exe
  2⤵
  PID:7616
- C:\Windows\System\hygvAVj.exe
  C:\Windows\System\hygvAVj.exe
  2⤵
  PID:7632
- C:\Windows\System\yYOrAEq.exe
  C:\Windows\System\yYOrAEq.exe
  2⤵
  PID:7648
- C:\Windows\System\HNbFkfh.exe
  C:\Windows\System\HNbFkfh.exe
  2⤵
  PID:7664
- C:\Windows\System\YzXaBZZ.exe
  C:\Windows\System\YzXaBZZ.exe
  2⤵
  PID:7680
- C:\Windows\System\zJrhsMf.exe
  C:\Windows\System\zJrhsMf.exe
  2⤵
  PID:7696
- C:\Windows\System\rHTSxFL.exe
  C:\Windows\System\rHTSxFL.exe
  2⤵
  PID:7712
- C:\Windows\System\sgaNAos.exe
  C:\Windows\System\sgaNAos.exe
  2⤵
  PID:7728
- C:\Windows\System\WAzkehv.exe
  C:\Windows\System\WAzkehv.exe
  2⤵
  PID:7744
- C:\Windows\System\iwbyXcV.exe
  C:\Windows\System\iwbyXcV.exe
  2⤵
  PID:7760
- C:\Windows\System\bTKpIsW.exe
  C:\Windows\System\bTKpIsW.exe
  2⤵
  PID:7776
- C:\Windows\System\UvLtVmZ.exe
  C:\Windows\System\UvLtVmZ.exe
  2⤵
  PID:7792
- C:\Windows\System\cXDGNEZ.exe
  C:\Windows\System\cXDGNEZ.exe
  2⤵
  PID:7808
- C:\Windows\System\gnrQjIv.exe
  C:\Windows\System\gnrQjIv.exe
  2⤵
  PID:7824
- C:\Windows\System\lNixUaV.exe
  C:\Windows\System\lNixUaV.exe
  2⤵
  PID:7840
- C:\Windows\System\ARMgIBP.exe
  C:\Windows\System\ARMgIBP.exe
  2⤵
  PID:7856
- C:\Windows\System\ZXJhVae.exe
  C:\Windows\System\ZXJhVae.exe
  2⤵
  PID:7872
- C:\Windows\System\dIiVzNh.exe
  C:\Windows\System\dIiVzNh.exe
  2⤵
  PID:7888
- C:\Windows\System\yKOggAJ.exe
  C:\Windows\System\yKOggAJ.exe
  2⤵
  PID:7904
- C:\Windows\System\nvilYvP.exe
  C:\Windows\System\nvilYvP.exe
  2⤵
  PID:7920
- C:\Windows\System\pozqjNB.exe
  C:\Windows\System\pozqjNB.exe
  2⤵
  PID:7940
- C:\Windows\System\pdUenrY.exe
  C:\Windows\System\pdUenrY.exe
  2⤵
  PID:7956
- C:\Windows\System\Ullswuz.exe
  C:\Windows\System\Ullswuz.exe
  2⤵
  PID:7972
- C:\Windows\System\ppvXUka.exe
  C:\Windows\System\ppvXUka.exe
  2⤵
  PID:7988
- C:\Windows\System\sYoZHPF.exe
  C:\Windows\System\sYoZHPF.exe
  2⤵
  PID:8004
- C:\Windows\System\VNQvErr.exe
  C:\Windows\System\VNQvErr.exe
  2⤵
  PID:8020
- C:\Windows\System\vRoqmQv.exe
  C:\Windows\System\vRoqmQv.exe
  2⤵
  PID:8036
- C:\Windows\System\PjcFtAs.exe
  C:\Windows\System\PjcFtAs.exe
  2⤵
  PID:8052
- C:\Windows\System\tvxcMRk.exe
  C:\Windows\System\tvxcMRk.exe
  2⤵
  PID:8068
- C:\Windows\System\MvQUoPe.exe
  C:\Windows\System\MvQUoPe.exe
  2⤵
  PID:8088
- C:\Windows\System\eYVpSYQ.exe
  C:\Windows\System\eYVpSYQ.exe
  2⤵
  PID:8104
- C:\Windows\System\fVRrBLo.exe
  C:\Windows\System\fVRrBLo.exe
  2⤵
  PID:8132
- C:\Windows\System\sbYAonu.exe
  C:\Windows\System\sbYAonu.exe
  2⤵
  PID:8148
- C:\Windows\System\AAreVgi.exe
  C:\Windows\System\AAreVgi.exe
  2⤵
  PID:8164
- C:\Windows\System\kpWfqsm.exe
  C:\Windows\System\kpWfqsm.exe
  2⤵
  PID:8180
- C:\Windows\System\VgsxOaj.exe
  C:\Windows\System\VgsxOaj.exe
  2⤵
  PID:608
- C:\Windows\System\wtFsVRH.exe
  C:\Windows\System\wtFsVRH.exe
  2⤵
  PID:7220
- C:\Windows\System\DXPHsRZ.exe
  C:\Windows\System\DXPHsRZ.exe
  2⤵
  PID:7172
- C:\Windows\System\mXLoEhQ.exe
  C:\Windows\System\mXLoEhQ.exe
  2⤵
  PID:7236
- C:\Windows\System\zcGbSqd.exe
  C:\Windows\System\zcGbSqd.exe
  2⤵
  PID:7292
- C:\Windows\System\RjPEzvV.exe
  C:\Windows\System\RjPEzvV.exe
  2⤵
  PID:7356
- C:\Windows\System\gFWgTla.exe
  C:\Windows\System\gFWgTla.exe
  2⤵
  PID:7276
- C:\Windows\System\XqXHSlH.exe
  C:\Windows\System\XqXHSlH.exe
  2⤵
  PID:7312
- C:\Windows\System\eKMjtLO.exe
  C:\Windows\System\eKMjtLO.exe
  2⤵
  PID:7412
- C:\Windows\System\mENWOTs.exe
  C:\Windows\System\mENWOTs.exe
  2⤵
  PID:7464
- C:\Windows\System\SetSlAH.exe
  C:\Windows\System\SetSlAH.exe
  2⤵
  PID:7500
- C:\Windows\System\xERKZNA.exe
  C:\Windows\System\xERKZNA.exe
  2⤵
  PID:7560
- C:\Windows\System\NkZlbJD.exe
  C:\Windows\System\NkZlbJD.exe
  2⤵
  PID:7420
- C:\Windows\System\NvrydNA.exe
  C:\Windows\System\NvrydNA.exe
  2⤵
  PID:7484
- C:\Windows\System\BxgOXGs.exe
  C:\Windows\System\BxgOXGs.exe
  2⤵
  PID:7544
- C:\Windows\System\jxykxtO.exe
  C:\Windows\System\jxykxtO.exe
  2⤵
  PID:7608
- C:\Windows\System\WnIAHcP.exe
  C:\Windows\System\WnIAHcP.exe
  2⤵
  PID:7720
- C:\Windows\System\HtIUjas.exe
  C:\Windows\System\HtIUjas.exe
  2⤵
  PID:7784
- C:\Windows\System\eOLcMNS.exe
  C:\Windows\System\eOLcMNS.exe
  2⤵
  PID:7676
- C:\Windows\System\upjVwSy.exe
  C:\Windows\System\upjVwSy.exe
  2⤵
  PID:7800
- C:\Windows\System\AEjoIzJ.exe
  C:\Windows\System\AEjoIzJ.exe
  2⤵
  PID:7864
- C:\Windows\System\PFTnFSE.exe
  C:\Windows\System\PFTnFSE.exe
  2⤵
  PID:7804
- C:\Windows\System\rKiMnCk.exe
  C:\Windows\System\rKiMnCk.exe
  2⤵
  PID:7980
- C:\Windows\System\CkkVdHg.exe
  C:\Windows\System\CkkVdHg.exe
  2⤵
  PID:8016
- C:\Windows\System\RzWnkCq.exe
  C:\Windows\System\RzWnkCq.exe
  2⤵
  PID:7392
- C:\Windows\System\bkIkZqJ.exe
  C:\Windows\System\bkIkZqJ.exe
  2⤵
  PID:8032
- C:\Windows\System\hGyJgAf.exe
  C:\Windows\System\hGyJgAf.exe
  2⤵
  PID:8112
- C:\Windows\System\uOglCNX.exe
  C:\Windows\System\uOglCNX.exe
  2⤵
  PID:8128
- C:\Windows\System\AJjGEfu.exe
  C:\Windows\System\AJjGEfu.exe
  2⤵
  PID:8100
- C:\Windows\System\IVCAcuJ.exe
  C:\Windows\System\IVCAcuJ.exe
  2⤵
  PID:8140
- C:\Windows\System\UrrPwhN.exe
  C:\Windows\System\UrrPwhN.exe
  2⤵
  PID:8144
- C:\Windows\System\OmlRBej.exe
  C:\Windows\System\OmlRBej.exe
  2⤵
  PID:2184
- C:\Windows\System\UCosvYj.exe
  C:\Windows\System\UCosvYj.exe
  2⤵
  PID:7268
- C:\Windows\System\haynjfn.exe
  C:\Windows\System\haynjfn.exe
  2⤵
  PID:7396
- C:\Windows\System\WVEjxUC.exe
  C:\Windows\System\WVEjxUC.exe
  2⤵
  PID:7408
- C:\Windows\System\JeefJiB.exe
  C:\Windows\System\JeefJiB.exe
  2⤵
  PID:7496
- C:\Windows\System\qfnZueH.exe
  C:\Windows\System\qfnZueH.exe
  2⤵
  PID:7624
- C:\Windows\System\ZUjwRPO.exe
  C:\Windows\System\ZUjwRPO.exe
  2⤵
  PID:7688
- C:\Windows\System\kJSbQOf.exe
  C:\Windows\System\kJSbQOf.exe
  2⤵
  PID:7532
- C:\Windows\System\AQZqChp.exe
  C:\Windows\System\AQZqChp.exe
  2⤵
  PID:7576
- C:\Windows\System\yQiGlZi.exe
  C:\Windows\System\yQiGlZi.exe
  2⤵
  PID:7644
- C:\Windows\System\hFGozCE.exe
  C:\Windows\System\hFGozCE.exe
  2⤵
  PID:7848
- C:\Windows\System\NSHBSdt.exe
  C:\Windows\System\NSHBSdt.exe
  2⤵
  PID:7736
- C:\Windows\System\jxpQLra.exe
  C:\Windows\System\jxpQLra.exe
  2⤵
  PID:7704
- C:\Windows\System\baJzBSM.exe
  C:\Windows\System\baJzBSM.exe
  2⤵
  PID:8084
- C:\Windows\System\LExgSBG.exe
  C:\Windows\System\LExgSBG.exe
  2⤵
  PID:8408
- C:\Windows\System\nZSSMpx.exe
  C:\Windows\System\nZSSMpx.exe
  2⤵
  PID:8436
- C:\Windows\System\PHLHruT.exe
  C:\Windows\System\PHLHruT.exe
  2⤵
  PID:8464
- C:\Windows\System\WUQxIYI.exe
  C:\Windows\System\WUQxIYI.exe
  2⤵
  PID:8900
- C:\Windows\System\LbtYdwp.exe
  C:\Windows\System\LbtYdwp.exe
  2⤵
  PID:8920
- C:\Windows\System\slhysHI.exe
  C:\Windows\System\slhysHI.exe
  2⤵
  PID:8936
- C:\Windows\System\NoUitgh.exe
  C:\Windows\System\NoUitgh.exe
  2⤵
  PID:8952
- C:\Windows\System\goqjIWe.exe
  C:\Windows\System\goqjIWe.exe
  2⤵
  PID:8968
- C:\Windows\System\evlmMKP.exe
  C:\Windows\System\evlmMKP.exe
  2⤵
  PID:8984
- C:\Windows\System\FEvrxUr.exe
  C:\Windows\System\FEvrxUr.exe
  2⤵
  PID:9000
- C:\Windows\System\vFMGJPR.exe
  C:\Windows\System\vFMGJPR.exe
  2⤵
  PID:9016
- C:\Windows\System\gVmrbFO.exe
  C:\Windows\System\gVmrbFO.exe
  2⤵
  PID:9032
- C:\Windows\System\YqAQTSO.exe
  C:\Windows\System\YqAQTSO.exe
  2⤵
  PID:9048
- C:\Windows\System\lKilaEp.exe
  C:\Windows\System\lKilaEp.exe
  2⤵
  PID:9064
- C:\Windows\System\uStgpND.exe
  C:\Windows\System\uStgpND.exe
  2⤵
  PID:9080
- C:\Windows\System\simgXRn.exe
  C:\Windows\System\simgXRn.exe
  2⤵
  PID:9096
- C:\Windows\System\JBOwULW.exe
  C:\Windows\System\JBOwULW.exe
  2⤵
  PID:9112
- C:\Windows\System\DOOKFyg.exe
  C:\Windows\System\DOOKFyg.exe
  2⤵
  PID:9128
- C:\Windows\System\yHPIjwy.exe
  C:\Windows\System\yHPIjwy.exe
  2⤵
  PID:9144
- C:\Windows\System\lOVseRy.exe
  C:\Windows\System\lOVseRy.exe
  2⤵
  PID:6940
- C:\Windows\System\KKamtWn.exe
  C:\Windows\System\KKamtWn.exe
  2⤵
  PID:7756
- C:\Windows\System\utZCHcq.exe
  C:\Windows\System\utZCHcq.exe
  2⤵
  PID:8320
- C:\Windows\System\griRoRQ.exe
  C:\Windows\System\griRoRQ.exe
  2⤵
  PID:8376
- C:\Windows\System\UxGCTtV.exe
  C:\Windows\System\UxGCTtV.exe
  2⤵
  PID:8432
- C:\Windows\System\kUEPAwu.exe
  C:\Windows\System\kUEPAwu.exe
  2⤵
  PID:8424
- C:\Windows\System\nNHPPvf.exe
  C:\Windows\System\nNHPPvf.exe
  2⤵
  PID:8476
- C:\Windows\System\hWDNJgX.exe
  C:\Windows\System\hWDNJgX.exe
  2⤵
  PID:8500
- C:\Windows\System\pbltPza.exe
  C:\Windows\System\pbltPza.exe
  2⤵
  PID:8656
- C:\Windows\System\JiSzIjv.exe
  C:\Windows\System\JiSzIjv.exe
  2⤵
  PID:8664
- C:\Windows\System\NKcVIuS.exe
  C:\Windows\System\NKcVIuS.exe
  2⤵
  PID:8532
- C:\Windows\System\YXSeLeX.exe
  C:\Windows\System\YXSeLeX.exe
  2⤵
  PID:8704
- C:\Windows\System\NonCGKu.exe
  C:\Windows\System\NonCGKu.exe
  2⤵
  PID:8544
- C:\Windows\System\nUMeMoH.exe
  C:\Windows\System\nUMeMoH.exe
  2⤵
  PID:8564
- C:\Windows\System\fnEnVoG.exe
  C:\Windows\System\fnEnVoG.exe
  2⤵
  PID:8752
- C:\Windows\System\yOSdghb.exe
  C:\Windows\System\yOSdghb.exe
  2⤵
  PID:8596
- C:\Windows\System\NZWEIMS.exe
  C:\Windows\System\NZWEIMS.exe
  2⤵
  PID:8780
- C:\Windows\System\WWXqfbW.exe
  C:\Windows\System\WWXqfbW.exe
  2⤵
  PID:8792
- C:\Windows\System\GwhBOkU.exe
  C:\Windows\System\GwhBOkU.exe
  2⤵
  PID:8624
- C:\Windows\System\ahizOqd.exe
  C:\Windows\System\ahizOqd.exe
  2⤵
  PID:8636
- C:\Windows\System\xrhvkRW.exe
  C:\Windows\System\xrhvkRW.exe
  2⤵
  PID:8836
- C:\Windows\System\JKtYWkI.exe
  C:\Windows\System\JKtYWkI.exe
  2⤵
  PID:8676
- C:\Windows\System\UhzCLUw.exe
  C:\Windows\System\UhzCLUw.exe
  2⤵
  PID:8696
- C:\Windows\System\biZhqtF.exe
  C:\Windows\System\biZhqtF.exe
  2⤵
  PID:8396
- C:\Windows\System\cdtzRzX.exe
  C:\Windows\System\cdtzRzX.exe
  2⤵
  PID:8448
- C:\Windows\System\lfGrMUn.exe
  C:\Windows\System\lfGrMUn.exe
  2⤵
  PID:8908
- C:\Windows\System\BgrEuKn.exe
  C:\Windows\System\BgrEuKn.exe
  2⤵
  PID:8876
- C:\Windows\System\rkdhnqV.exe
  C:\Windows\System\rkdhnqV.exe
  2⤵
  PID:8756
- C:\Windows\System\pMNALpb.exe
  C:\Windows\System\pMNALpb.exe
  2⤵
  PID:8804
- C:\Windows\System\LyCyCGo.exe
  C:\Windows\System\LyCyCGo.exe
  2⤵
  PID:8840
- C:\Windows\System\WazbUdU.exe
  C:\Windows\System\WazbUdU.exe
  2⤵
  PID:8852
- C:\Windows\System\jQtlRrg.exe
  C:\Windows\System\jQtlRrg.exe
  2⤵
  PID:8896
- C:\Windows\System\QKyHIyM.exe
  C:\Windows\System\QKyHIyM.exe
  2⤵
  PID:8932
- C:\Windows\System\ruPVJIZ.exe
  C:\Windows\System\ruPVJIZ.exe
  2⤵
  PID:9024
- C:\Windows\System\JtPbyqp.exe
  C:\Windows\System\JtPbyqp.exe
  2⤵
  PID:9056
- C:\Windows\System\rsFsqli.exe
  C:\Windows\System\rsFsqli.exe
  2⤵
  PID:9072
- C:\Windows\System\RQaaOPn.exe
  C:\Windows\System\RQaaOPn.exe
  2⤵
  PID:9124
- C:\Windows\System\sOsDqDg.exe
  C:\Windows\System\sOsDqDg.exe
  2⤵
  PID:9104
- C:\Windows\System\pQRQDNX.exe
  C:\Windows\System\pQRQDNX.exe
  2⤵
  PID:9140
- C:\Windows\System\fimEjQv.exe
  C:\Windows\System\fimEjQv.exe
  2⤵
  PID:9168
- C:\Windows\System\vBaSueO.exe
  C:\Windows\System\vBaSueO.exe
  2⤵
  PID:9188
- C:\Windows\System\TLLTwYb.exe
  C:\Windows\System\TLLTwYb.exe
  2⤵
  PID:9204
- C:\Windows\System\vmsrloI.exe
  C:\Windows\System\vmsrloI.exe
  2⤵
  PID:8000
- C:\Windows\System\woRKTZU.exe
  C:\Windows\System\woRKTZU.exe
  2⤵
  PID:2532
- C:\Windows\System\nscYWup.exe
  C:\Windows\System\nscYWup.exe
  2⤵
  PID:8012
- C:\Windows\System\nMBlooU.exe
  C:\Windows\System\nMBlooU.exe
  2⤵
  PID:7752
- C:\Windows\System\crXruGM.exe
  C:\Windows\System\crXruGM.exe
  2⤵
  PID:7512
- C:\Windows\System\cATfuCA.exe
  C:\Windows\System\cATfuCA.exe
  2⤵
  PID:7932
- C:\Windows\System\sDTcqZM.exe
  C:\Windows\System\sDTcqZM.exe
  2⤵
  PID:8028
- C:\Windows\System\WvKXepS.exe
  C:\Windows\System\WvKXepS.exe
  2⤵
  PID:7964
- C:\Windows\System\JucnYdR.exe
  C:\Windows\System\JucnYdR.exe
  2⤵
  PID:8064
- C:\Windows\System\NJkQrnN.exe
  C:\Windows\System\NJkQrnN.exe
  2⤵
  PID:7324
- C:\Windows\System\YvAwkxP.exe
  C:\Windows\System\YvAwkxP.exe
  2⤵
  PID:7204
- C:\Windows\System\DlDTGao.exe
  C:\Windows\System\DlDTGao.exe
  2⤵
  PID:7376
- C:\Windows\System\MybcQCu.exe
  C:\Windows\System\MybcQCu.exe
  2⤵
  PID:7596
- C:\Windows\System\VVLzEdP.exe
  C:\Windows\System\VVLzEdP.exe
  2⤵
  PID:8216
- C:\Windows\System\BWrxCby.exe
  C:\Windows\System\BWrxCby.exe
  2⤵
  PID:8208
- C:\Windows\System\lOZqOdI.exe
  C:\Windows\System\lOZqOdI.exe
  2⤵
  PID:8236
- C:\Windows\System\QBObLDw.exe
  C:\Windows\System\QBObLDw.exe
  2⤵
  PID:8252
- C:\Windows\System\kAJCppk.exe
  C:\Windows\System\kAJCppk.exe
  2⤵
  PID:8264
- C:\Windows\System\hMYzrSi.exe
  C:\Windows\System\hMYzrSi.exe
  2⤵
  PID:8280
- C:\Windows\System\etskYPM.exe
  C:\Windows\System\etskYPM.exe
  2⤵
  PID:8316
- C:\Windows\System\BeOueFU.exe
  C:\Windows\System\BeOueFU.exe
  2⤵
  PID:8332
- C:\Windows\System\uyvLDqr.exe
  C:\Windows\System\uyvLDqr.exe
  2⤵
  PID:8388
- C:\Windows\System\UAayihb.exe
  C:\Windows\System\UAayihb.exe
  2⤵
  PID:8652
- C:\Windows\System\skgkcRk.exe
  C:\Windows\System\skgkcRk.exe
  2⤵
  PID:8372
- C:\Windows\System\GTCLhdW.exe
  C:\Windows\System\GTCLhdW.exe
  2⤵
  PID:8480
- C:\Windows\System\NChFWyh.exe
  C:\Windows\System\NChFWyh.exe
  2⤵
  PID:8600
- C:\Windows\System\epcqHvM.exe
  C:\Windows\System\epcqHvM.exe
  2⤵
  PID:8488
- C:\Windows\System\yLQzNZU.exe
  C:\Windows\System\yLQzNZU.exe
  2⤵
  PID:8516
- C:\Windows\System\yLlCwqT.exe
  C:\Windows\System\yLlCwqT.exe
  2⤵
  PID:8576
- C:\Windows\System\MCFArrs.exe
  C:\Windows\System\MCFArrs.exe
  2⤵
  PID:8736
- C:\Windows\System\XSHrSsx.exe
  C:\Windows\System\XSHrSsx.exe
  2⤵
  PID:8616
- C:\Windows\System\exapMmi.exe
  C:\Windows\System\exapMmi.exe
  2⤵
  PID:8760
- C:\Windows\System\mOQSCnE.exe
  C:\Windows\System\mOQSCnE.exe
  2⤵
  PID:2900
- C:\Windows\System\jREDtAl.exe
  C:\Windows\System\jREDtAl.exe
  2⤵
  PID:2228
- C:\Windows\System\GMMwFxh.exe
  C:\Windows\System\GMMwFxh.exe
  2⤵
  PID:8404
- C:\Windows\System\mPeCdIM.exe
  C:\Windows\System\mPeCdIM.exe
  2⤵
  PID:2484
- C:\Windows\System\jSBrzPd.exe
  C:\Windows\System\jSBrzPd.exe
  2⤵
  PID:8724
- C:\Windows\System\SIYUvvF.exe
  C:\Windows\System\SIYUvvF.exe
  2⤵
  PID:8456
- C:\Windows\System\vyFTSku.exe
  C:\Windows\System\vyFTSku.exe
  2⤵
  PID:8460
- C:\Windows\System\pENOSYI.exe
  C:\Windows\System\pENOSYI.exe
  2⤵
  PID:7916
- C:\Windows\System\YXdDgeD.exe
  C:\Windows\System\YXdDgeD.exe
  2⤵
  PID:9060
- C:\Windows\System\iAWNBHb.exe
  C:\Windows\System\iAWNBHb.exe
  2⤵
  PID:9092
- C:\Windows\System\PjKDvWG.exe
  C:\Windows\System\PjKDvWG.exe
  2⤵
  PID:9184
- C:\Windows\System\ttbYFJe.exe
  C:\Windows\System\ttbYFJe.exe
  2⤵
  PID:8980
- C:\Windows\System\hGVBZqO.exe
  C:\Windows\System\hGVBZqO.exe
  2⤵
  PID:9164
- C:\Windows\System\hVJcKWp.exe
  C:\Windows\System\hVJcKWp.exe
  2⤵
  PID:1440
- C:\Windows\System\ChZaCtm.exe
  C:\Windows\System\ChZaCtm.exe
  2⤵
  PID:7820
- C:\Windows\System\sfKIVkV.exe
  C:\Windows\System\sfKIVkV.exe
  2⤵
  PID:7880
- C:\Windows\System\eTGhHSK.exe
  C:\Windows\System\eTGhHSK.exe
  2⤵
  PID:7256
- C:\Windows\System\HtHSCTZ.exe
  C:\Windows\System\HtHSCTZ.exe
  2⤵
  PID:8204
- C:\Windows\System\ctMQREA.exe
  C:\Windows\System\ctMQREA.exe
  2⤵
  PID:8188
- C:\Windows\System\RCOolne.exe
  C:\Windows\System\RCOolne.exe
  2⤵
  PID:8336
- C:\Windows\System\sXCnWud.exe
  C:\Windows\System\sXCnWud.exe
  2⤵
  PID:8552
- C:\Windows\System\FfYmoWY.exe
  C:\Windows\System\FfYmoWY.exe
  2⤵
  PID:8672
- C:\Windows\System\OErpZge.exe
  C:\Windows\System\OErpZge.exe
  2⤵
  PID:8356
- C:\Windows\System\yivISfM.exe
  C:\Windows\System\yivISfM.exe
  2⤵
  PID:2968
- C:\Windows\System\RaNJpiL.exe
  C:\Windows\System\RaNJpiL.exe
  2⤵
  PID:8612
- C:\Windows\System\PAAUMwR.exe
  C:\Windows\System\PAAUMwR.exe
  2⤵
  PID:7272
- C:\Windows\System\CVDByNu.exe
  C:\Windows\System\CVDByNu.exe
  2⤵
  PID:8684
- C:\Windows\System\FTJScPP.exe
  C:\Windows\System\FTJScPP.exe
  2⤵
  PID:8588
- C:\Windows\System\ZOZwPAh.exe
  C:\Windows\System\ZOZwPAh.exe
  2⤵
  PID:8304
- C:\Windows\System\uRKMDtF.exe
  C:\Windows\System\uRKMDtF.exe
  2⤵
  PID:8368
- C:\Windows\System\nAlVMnn.exe
  C:\Windows\System\nAlVMnn.exe
  2⤵
  PID:8560
- C:\Windows\System\ratQFcH.exe
  C:\Windows\System\ratQFcH.exe
  2⤵
  PID:2928
- C:\Windows\System\PaIvWWK.exe
  C:\Windows\System\PaIvWWK.exe
  2⤵
  PID:8716
- C:\Windows\System\QBFsAbB.exe
  C:\Windows\System\QBFsAbB.exe
  2⤵
  PID:9152
- C:\Windows\System\BbtPugG.exe
  C:\Windows\System\BbtPugG.exe
  2⤵
  PID:9120
- C:\Windows\System\DGhPDoc.exe
  C:\Windows\System\DGhPDoc.exe
  2⤵
  PID:8232
- C:\Windows\System\tMDnJrR.exe
  C:\Windows\System\tMDnJrR.exe
  2⤵
  PID:7656
- C:\Windows\System\GmUhYBi.exe
  C:\Windows\System\GmUhYBi.exe
  2⤵
  PID:8256
- C:\Windows\System\OdFEtDW.exe
  C:\Windows\System\OdFEtDW.exe
  2⤵
  PID:8352
- C:\Windows\System\jjxUXAq.exe
  C:\Windows\System\jjxUXAq.exe
  2⤵
  PID:8744
- C:\Windows\System\jLVfrCG.exe
  C:\Windows\System\jLVfrCG.exe
  2⤵
  PID:6612
- C:\Windows\System\IdodHur.exe
  C:\Windows\System\IdodHur.exe
  2⤵
  PID:7308
- C:\Windows\System\EjYMvoU.exe
  C:\Windows\System\EjYMvoU.exe
  2⤵
  PID:8328
- C:\Windows\System\vKFvNaX.exe
  C:\Windows\System\vKFvNaX.exe
  2⤵
  PID:8800
- C:\Windows\System\eviowQD.exe
  C:\Windows\System\eviowQD.exe
  2⤵
  PID:8556
- C:\Windows\System\oKEbmBq.exe
  C:\Windows\System\oKEbmBq.exe
  2⤵
  PID:8540
- C:\Windows\System\VyRqCRc.exe
  C:\Windows\System\VyRqCRc.exe
  2⤵
  PID:8608
- C:\Windows\System\nipZLfe.exe
  C:\Windows\System\nipZLfe.exe
  2⤵
  PID:8520
- C:\Windows\System\rooHIkP.exe
  C:\Windows\System\rooHIkP.exe
  2⤵
  PID:7912
- C:\Windows\System\mAAMDnT.exe
  C:\Windows\System\mAAMDnT.exe
  2⤵
  PID:8496
- C:\Windows\System\ACxbrtx.exe
  C:\Windows\System\ACxbrtx.exe
  2⤵
  PID:9160
- C:\Windows\System\xkiHxMx.exe
  C:\Windows\System\xkiHxMx.exe
  2⤵
  PID:8844
- C:\Windows\System\PNZtNgn.exe
  C:\Windows\System\PNZtNgn.exe
  2⤵
  PID:9028
- C:\Windows\System\ChBvVvs.exe
  C:\Windows\System\ChBvVvs.exe
  2⤵
  PID:8472
- C:\Windows\System\qHQMAhz.exe
  C:\Windows\System\qHQMAhz.exe
  2⤵
  PID:9220
- C:\Windows\System\cWQNuEg.exe
  C:\Windows\System\cWQNuEg.exe
  2⤵
  PID:9240
- C:\Windows\System\jiNhSVM.exe
  C:\Windows\System\jiNhSVM.exe
  2⤵
  PID:9256
- C:\Windows\System\tHwxJXJ.exe
  C:\Windows\System\tHwxJXJ.exe
  2⤵
  PID:9272
- C:\Windows\System\pTQnvvI.exe
  C:\Windows\System\pTQnvvI.exe
  2⤵
  PID:9292
- C:\Windows\System\TyFiDoh.exe
  C:\Windows\System\TyFiDoh.exe
  2⤵
  PID:9308
- C:\Windows\System\ssuQfKA.exe
  C:\Windows\System\ssuQfKA.exe
  2⤵
  PID:9340
- C:\Windows\System\kbpAtIU.exe
  C:\Windows\System\kbpAtIU.exe
  2⤵
  PID:9356
- C:\Windows\System\ZphASlW.exe
  C:\Windows\System\ZphASlW.exe
  2⤵
  PID:9372
- C:\Windows\System\FEsZkjR.exe
  C:\Windows\System\FEsZkjR.exe
  2⤵
  PID:9392
- C:\Windows\System\ceDdDGW.exe
  C:\Windows\System\ceDdDGW.exe
  2⤵
  PID:9420
- C:\Windows\System\tdGPhDN.exe
  C:\Windows\System\tdGPhDN.exe
  2⤵
  PID:9440
- C:\Windows\System\IJeXKPE.exe
  C:\Windows\System\IJeXKPE.exe
  2⤵
  PID:9460
- C:\Windows\System\PJcRDgX.exe
  C:\Windows\System\PJcRDgX.exe
  2⤵
  PID:9476
- C:\Windows\System\DBebbmr.exe
  C:\Windows\System\DBebbmr.exe
  2⤵
  PID:9500
- C:\Windows\System\fuFRgrT.exe
  C:\Windows\System\fuFRgrT.exe
  2⤵
  PID:9516
- C:\Windows\System\YVTOhoR.exe
  C:\Windows\System\YVTOhoR.exe
  2⤵
  PID:9536
- C:\Windows\System\urZsUnj.exe
  C:\Windows\System\urZsUnj.exe
  2⤵
  PID:9552
- C:\Windows\System\aeDfNrS.exe
  C:\Windows\System\aeDfNrS.exe
  2⤵
  PID:9580
- C:\Windows\System\dpzqdAO.exe
  C:\Windows\System\dpzqdAO.exe
  2⤵
  PID:9600
- C:\Windows\System\LwVZeaL.exe
  C:\Windows\System\LwVZeaL.exe
  2⤵
  PID:9616
- C:\Windows\System\JPAsgQS.exe
  C:\Windows\System\JPAsgQS.exe
  2⤵
  PID:9632
- C:\Windows\System\ExSLPVa.exe
  C:\Windows\System\ExSLPVa.exe
  2⤵
  PID:9660
- C:\Windows\System\xgzQWCi.exe
  C:\Windows\System\xgzQWCi.exe
  2⤵
  PID:9676
- C:\Windows\System\kkJqpnk.exe
  C:\Windows\System\kkJqpnk.exe
  2⤵
  PID:9696
- C:\Windows\System\tjwKSAo.exe
  C:\Windows\System\tjwKSAo.exe
  2⤵
  PID:9712
- C:\Windows\System\wXvsWdR.exe
  C:\Windows\System\wXvsWdR.exe
  2⤵
  PID:9728
- C:\Windows\System\OgpuWlT.exe
  C:\Windows\System\OgpuWlT.exe
  2⤵
  PID:9744
- C:\Windows\System\TluZerJ.exe
  C:\Windows\System\TluZerJ.exe
  2⤵
  PID:9760
- C:\Windows\System\OkaxRMC.exe
  C:\Windows\System\OkaxRMC.exe
  2⤵
  PID:9776
- C:\Windows\System\RUWihcR.exe
  C:\Windows\System\RUWihcR.exe
  2⤵
  PID:9792
- C:\Windows\System\VbBhqdx.exe
  C:\Windows\System\VbBhqdx.exe
  2⤵
  PID:9808
- C:\Windows\System\AxwfQCG.exe
  C:\Windows\System\AxwfQCG.exe
  2⤵
  PID:9824
- C:\Windows\System\uiAxeoG.exe
  C:\Windows\System\uiAxeoG.exe
  2⤵
  PID:9840
- C:\Windows\System\TUBwTpD.exe
  C:\Windows\System\TUBwTpD.exe
  2⤵
  PID:9856
- C:\Windows\System\XPngrHa.exe
  C:\Windows\System\XPngrHa.exe
  2⤵
  PID:9876
- C:\Windows\System\sLPJZXi.exe
  C:\Windows\System\sLPJZXi.exe
  2⤵
  PID:9892
- C:\Windows\System\izdFLnh.exe
  C:\Windows\System\izdFLnh.exe
  2⤵
  PID:9908
- C:\Windows\System\pqAkYsO.exe
  C:\Windows\System\pqAkYsO.exe
  2⤵
  PID:9924
- C:\Windows\System\zgnJyWE.exe
  C:\Windows\System\zgnJyWE.exe
  2⤵
  PID:9940
- C:\Windows\System\ydNcLoD.exe
  C:\Windows\System\ydNcLoD.exe
  2⤵
  PID:9956
- C:\Windows\System\nOGfQTK.exe
  C:\Windows\System\nOGfQTK.exe
  2⤵
  PID:9972
- C:\Windows\System\fHZIfzg.exe
  C:\Windows\System\fHZIfzg.exe
  2⤵
  PID:9988
- C:\Windows\System\cxhmGCM.exe
  C:\Windows\System\cxhmGCM.exe
  2⤵
  PID:10004
- C:\Windows\System\DClUNFf.exe
  C:\Windows\System\DClUNFf.exe
  2⤵
  PID:10020
- C:\Windows\System\aHdADom.exe
  C:\Windows\System\aHdADom.exe
  2⤵
  PID:10036
- C:\Windows\System\YQEDZZY.exe
  C:\Windows\System\YQEDZZY.exe
  2⤵
  PID:10052
- C:\Windows\System\mJrouvU.exe
  C:\Windows\System\mJrouvU.exe
  2⤵
  PID:10068
- C:\Windows\System\eqQuYOd.exe
  C:\Windows\System\eqQuYOd.exe
  2⤵
  PID:10084
- C:\Windows\System\cgyzbbj.exe
  C:\Windows\System\cgyzbbj.exe
  2⤵
  PID:10100
- C:\Windows\System\GVMbNus.exe
  C:\Windows\System\GVMbNus.exe
  2⤵
  PID:10116
- C:\Windows\System\TbROvGP.exe
  C:\Windows\System\TbROvGP.exe
  2⤵
  PID:10132
- C:\Windows\System\mURUAVo.exe
  C:\Windows\System\mURUAVo.exe
  2⤵
  PID:10148
- C:\Windows\System\vJKTWXh.exe
  C:\Windows\System\vJKTWXh.exe
  2⤵
  PID:10164
- C:\Windows\System\vqeglra.exe
  C:\Windows\System\vqeglra.exe
  2⤵
  PID:10180
- C:\Windows\System\koTUDod.exe
  C:\Windows\System\koTUDod.exe
  2⤵
  PID:10196
- C:\Windows\System\bULcXDV.exe
  C:\Windows\System\bULcXDV.exe
  2⤵
  PID:10212
- C:\Windows\System\yqWeLPV.exe
  C:\Windows\System\yqWeLPV.exe
  2⤵
  PID:10228
- C:\Windows\System\EMEpfhj.exe
  C:\Windows\System\EMEpfhj.exe
  2⤵
  PID:8300
- C:\Windows\System\zWQONBR.exe
  C:\Windows\System\zWQONBR.exe
  2⤵
  PID:9264
- C:\Windows\System\MeotGXk.exe
  C:\Windows\System\MeotGXk.exe
  2⤵
  PID:6748
- C:\Windows\System\IuoiUuk.exe
  C:\Windows\System\IuoiUuk.exe
  2⤵
  PID:8868
- C:\Windows\System\DLBgYgj.exe
  C:\Windows\System\DLBgYgj.exe
  2⤵
  PID:9280
- C:\Windows\System\MhNFbzJ.exe
  C:\Windows\System\MhNFbzJ.exe
  2⤵
  PID:9328
- C:\Windows\System\sytOYms.exe
  C:\Windows\System\sytOYms.exe
  2⤵
  PID:9364
- C:\Windows\System\FtnfwRl.exe
  C:\Windows\System\FtnfwRl.exe
  2⤵
  PID:9408
- C:\Windows\System\VuNGaLt.exe
  C:\Windows\System\VuNGaLt.exe
  2⤵
  PID:9484
- C:\Windows\System\YjvFhlT.exe
  C:\Windows\System\YjvFhlT.exe
  2⤵
  PID:9456
- C:\Windows\System\ppbPpmc.exe
  C:\Windows\System\ppbPpmc.exe
  2⤵
  PID:9496
- C:\Windows\System\PPaArrj.exe
  C:\Windows\System\PPaArrj.exe
  2⤵
  PID:1724
- C:\Windows\System\pgcdKCY.exe
  C:\Windows\System\pgcdKCY.exe
  2⤵
  PID:9532
- C:\Windows\System\CpDjWbB.exe
  C:\Windows\System\CpDjWbB.exe
  2⤵
  PID:9432
- C:\Windows\System\pavVgjV.exe
  C:\Windows\System\pavVgjV.exe
  2⤵
  PID:9576
- C:\Windows\System\oEMvgrx.exe
  C:\Windows\System\oEMvgrx.exe
  2⤵
  PID:9640
- C:\Windows\System\bYkhzMU.exe
  C:\Windows\System\bYkhzMU.exe
  2⤵
  PID:9548
- C:\Windows\System\xRIqhGe.exe
  C:\Windows\System\xRIqhGe.exe
  2⤵
  PID:9692
- C:\Windows\System\neCRzPj.exe
  C:\Windows\System\neCRzPj.exe
  2⤵
  PID:9596
- C:\Windows\System\LBjYmhA.exe
  C:\Windows\System\LBjYmhA.exe
  2⤵
  PID:9672
- C:\Windows\System\PuzroOE.exe
  C:\Windows\System\PuzroOE.exe
  2⤵
  PID:9756
- C:\Windows\System\FRjjdyN.exe
  C:\Windows\System\FRjjdyN.exe
  2⤵
  PID:9804
- C:\Windows\System\AnmBOVG.exe
  C:\Windows\System\AnmBOVG.exe
  2⤵
  PID:9784
- C:\Windows\System\JKjkmkV.exe
  C:\Windows\System\JKjkmkV.exe
  2⤵
  PID:9848
- C:\Windows\System\mWkIMmu.exe
  C:\Windows\System\mWkIMmu.exe
  2⤵
  PID:9904
- C:\Windows\System\yoLvOCD.exe
  C:\Windows\System\yoLvOCD.exe
  2⤵
  PID:9964
- C:\Windows\System\PNKdrtQ.exe
  C:\Windows\System\PNKdrtQ.exe
  2⤵
  PID:9920
- C:\Windows\System\QcevJvE.exe
  C:\Windows\System\QcevJvE.exe
  2⤵
  PID:9980
- C:\Windows\System\DkUUTAg.exe
  C:\Windows\System\DkUUTAg.exe
  2⤵
  PID:10016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DxGmnEv.exe

Filesize
6.0MB

MD5
16194733bbca716ebf93472af024a806

SHA1
99c98053176560fe2c3d8020531d6ae7b642375d

SHA256
e3f4c9fa87d42459dc2a8e89360e89007cff454ede8e61bf91018fd5059a38ec

SHA512
8cbbbaca27797c0b99a4e08cd35de50a65beead11c03f5a93556ecc411900bfebb9055604aa81c5db3e0aa6208402bd5a5919281342445f5f204d1e0f861a9c2

Download Submit
C:\Windows\system\GCTNiHa.exe

Filesize
6.0MB

MD5
0a5065a684634637810c51104d4e0575

SHA1
959e57c6a1ba6c3fac85750aab7cc7df8e7a04cf

SHA256
b7ddc3ec921c5f55c413507dc57864dbcca5a0639b04c708c0dee507ce1e8a79

SHA512
65793d0eb25bb8653874238155ddf839935849e4222789ff63c33b8f7bf6eb85f522a29692cc604e1fb554321404f5ed933b512a1144639fbee68a6e43ba6c39

Download Submit
C:\Windows\system\IUnbMBY.exe

Filesize
6.0MB

MD5
cb4e1e2bd1d7b965339e5f4e7f4eca22

SHA1
88f6fd6de1534e381279699c4305f6d24da2b4f5

SHA256
be79c575c84e97a8b7ef072423f610b2c1a19fcd18cf11d51c2304a5aab29050

SHA512
61e316a9687a894f6f5cd3d677135245c05af98bc52a9f94cab3fc47dda605d7232fdbc6133e4a25411cc852e14f98846448b81c7243b5dae9c216711e80da04

Download Submit
C:\Windows\system\IxtbxcU.exe

Filesize
6.0MB

MD5
c656a22a97fc419b37d358b365cc6734

SHA1
1d7b4868c1fa61ceaeaf1b800f4952525880d90f

SHA256
1a876be7e972451c1dfb9c726b01342e7217f93ce13813b8dd2e8f7ee59b0364

SHA512
aa13c8156d67a8bafa9c7b35662fafea6537348a94fca9e7344f5bd43bffce16de9e4ec53037dfe91307d371e2ecc52eb45c213250918e29f24af910a401957d

Download Submit
C:\Windows\system\JABsNno.exe

Filesize
6.0MB

MD5
77b7437fbff8187092aa5a73fb28802a

SHA1
ad0c22a31f0c12217c0ca1a04fe919fe534b39be

SHA256
800ca7c435baacd143e3c77ae81864506101b706b8eadf5c8d3ac342fb1fa9b6

SHA512
76eb2fc99fef00676223cc17a20f8923f5c3e918f60a1943204b948626e2a1af23037ae173ea92eeac034fe392c84ec4934a4bd3dbb7dd6744dc426489819e36

Download Submit
C:\Windows\system\KdcStOV.exe

Filesize
6.0MB

MD5
a0ad39b4051e7bebaeaa3c4b5e71688a

SHA1
cdecc724745f7e49571c3d6a1ce2a576e559d083

SHA256
1ffd11f381d4bc62e6701979b0125270a1d48b88763ebb4d0a3ad1854063347d

SHA512
b381745b68a896126f77a7765bbdb22d728ab80d81bbf55826ef9c873790c4f4a204ae1d5b0d6ce34e83590ebd0e192ce4cd3e1a90dbb64447a069c28c4aa307

Download Submit
C:\Windows\system\LDjMIBI.exe

Filesize
6.0MB

MD5
fd4b803b09503bc43a693391c0f54a73

SHA1
2a029dd908f5ad496d78a562593b69641930f4e7

SHA256
acf6e9f2ddb1c90bd85fdabf07f85e6c374a5524cee3df0f1a2133a60b7953ab

SHA512
ba789f0d73d5ca87f11fab667b7c3beff2aad342049e7eeef749367f28101dd399e78d698bd07aeba70238305943bcaea85cf6218b81c3c42b50e1e3b7556de0

Download Submit
C:\Windows\system\MpCvTIE.exe

Filesize
6.0MB

MD5
2d29e8c646f6700a5fddb66e8895cefe

SHA1
4afb000764f0dafafa77ddecb24c0af80c66ed2b

SHA256
46170d33ded5f616047a6f3f88885ed5559f1a43bd2abf60a77e43494d852b63

SHA512
c44b73a7a96546c406915a2685d38840d2d90fbe6c67ca630d09257a8b121fafdc6586efab81a02fac9e4fc12ac6daf67dfa7876a9f63658733a0275587e5d83

Download Submit
C:\Windows\system\NPjnyAS.exe

Filesize
6.0MB

MD5
dc806be16952639c248d950a667ebfba

SHA1
a46ee35c6ff604ab73c5170334bf127fc0dcba19

SHA256
0aa620515775ecba715681cf76b5c8a638e55390120d1a3893981104ee502637

SHA512
4eb2495be18be94929c544614fed4ad472e57697604c93ca585bfc9fd9a51df4dff9723badb72c72d3c0170c84287f26d016b849522153543cdc3418e0d2adda

Download Submit
C:\Windows\system\OvYgZjT.exe

Filesize
6.0MB

MD5
0cacbf7a8b63d285149bb5d4ea57ae38

SHA1
2f4508986b3b5aaa4ad3f9eb2c12628802b1dfb1

SHA256
49f891d31826178efcc9f3e35afebcfc7f01fa6815664cfad83f1cf4ebd8399c

SHA512
a2772d4055f0b7d2d2e29b917b4adc7451f85ee73d07be2f0bcc6c514074f07c5a55e9bc3d5baa1ebc82c271ccff19aaed67a28a16951186a894938875ed7865

Download Submit
C:\Windows\system\RGCUSFb.exe

Filesize
6.0MB

MD5
e4a81abd92b122813c11934a587b674a

SHA1
ab1c631261bdcbf5d68b0c5649912f8f286bfda1

SHA256
14ed69b7225152accaacd6ddeae32d1471fba32c29d00d03013943e9977fec94

SHA512
427dfbb525b7f2605ca4fd764013c3e0c732a7bc8da06e954eedf115c92bc7c6d295fde598491e442222a7de27d6593667b4c4c35cbfa87ab4c9d0085bb5f5bd

Download Submit
C:\Windows\system\SACJvdr.exe

Filesize
6.0MB

MD5
ee9b6190bb5975ebe3e4bc55b12741a8

SHA1
27eef37f57548af9ebdabe3c20295c327dffa5ef

SHA256
b4f0c88455343f280c5bd504654c1f407d68a4edf6aade89738b07be468f7ae5

SHA512
ea3498dffccede5891bdccf3a2b6872a4956aaa0d6615dcd4bac8b9cde9ca7036c6bee49a7e551e8bbe3a0fcbe9a94c9564d058141aa3282a88df8c2522ffcd4

Download Submit
C:\Windows\system\UeeybDl.exe

Filesize
6.0MB

MD5
5d0c00beb9f41216dea7a89bb287661d

SHA1
74d34be39ad392143bff03a6060d812f983d95f5

SHA256
2c954992406b9e4990c03a4236fdaa872fa3b6f53102ad609e3e42c934e2703e

SHA512
5897bc4358075d11ee29eff6a5ea889374d95a567f6723abdc969e424caf79a8eca6d95c4170a5c2e3d1a34fbc811cc4b374b680ceb35d18b76d4cee868e702c

Download Submit
C:\Windows\system\VuAtjOx.exe

Filesize
6.0MB

MD5
3ca8ac00fb427c26a69742cb29e2feba

SHA1
e3ffaf0252689d1e989743ea351c31b1919710c0

SHA256
643d028dedc79f015a026fae9553958740fb6736543af77b76c5d9ea42b7afb1

SHA512
db306e30fd8de180b2388e7c6b6ed6dd96282b13dd98c488ec47716650758d40d9a44aea4a8923504cd43d0ded6cdc0d7f196a289db5f9275c50f3ee38dc4288

Download Submit
C:\Windows\system\WDeOUZm.exe

Filesize
6.0MB

MD5
ed9118e11f631cc5e07105de389202d2

SHA1
4fc29103ad9bf825e25bf9f63dc83c5ff11fbc18

SHA256
3c3d6bc9864d9e43f667f11649ce4d16ca65426b7779ae3a734823f4d53a7e4d

SHA512
f676b5b343b206dd2c306ea005d5d132497e59b8003468404a12e895f19820af45c70935afb78d1c9c03b7840c0f2086169db8bbb9616a30a5edd443458dca60

Download Submit
C:\Windows\system\WyErszg.exe

Filesize
6.0MB

MD5
bc573fb87f26fe80562c6a037c0d7ed7

SHA1
79018b7dff98313315d32ecc34905dbad9a0d421

SHA256
4e339562f7ddbc79bf6a2d777add40dde06d0018e5d11cda6ec7cc09da0dd385

SHA512
e450665a6b6774fae82ea237890d2d213d4ed69e34618125ee65db25fe8942dcef493245d80d471cb3ad70f8d8ba09b4193dc6d47ee705e2329f2a1c1e1b92c3

Download Submit
C:\Windows\system\XhtLgrN.exe

Filesize
6.0MB

MD5
1f454b2208003f531d1972c905f837d9

SHA1
e8dd355b7352419ca017ace30964b0aea0771b07

SHA256
5acd0158778a6ef47e9b2805a40cac11f8686f7e4a5cc144f8a1d0750a46fcc5

SHA512
68c948fe49a47ed6b93148a2eba1a9450fcc36ffe5e72abe396dac33def5d1225e7e086125a4bed2041c0f782c5590781dcaeb115a357f40141cb330be447d16

Download Submit
C:\Windows\system\cJPXgpG.exe

Filesize
6.0MB

MD5
93c592e75b218062e2d7e4fe68fcaab9

SHA1
93476414f2724d46db32e7dea4ac1592ee702a8e

SHA256
532525e61128ca675af6d5f47658d366874f9524d7911c37e042a877c6d9f266

SHA512
bd3510e48c1764fe3d716064431b3db943694add51f63aadd34cd8af46e29c201aa5c48f97dd8637d9324f4f7a4b1fac1cebd3f0ae10b6aeb57002e6375ac67f

Download Submit
C:\Windows\system\dbfnOha.exe

Filesize
6.0MB

MD5
ec784b4db29b9ce08504a4003f6c7920

SHA1
d2abbadb196f23b3672150142b20fcc4b29dccbf

SHA256
5c3644cb77e00b3469e4fd83fffa38d7b0941be32206d628be6c12500d3c2b15

SHA512
9159724b574d4bff210977f8b26e9b25e24417dc763f3347a7a3cc35a1e44741c23155afd0917fe5049e1d3987851cfda31cc6207f111a08a53d5e8470a762d1

Download Submit
C:\Windows\system\hGPGrHE.exe

Filesize
6.0MB

MD5
03712d96f618d1b22e6486d7fd953971

SHA1
0a8b715b6e3820b5ca3da00c3b247d608da19cf9

SHA256
a2593dd25ef770c20fad01bee1df974649eab1373dcdee1e237504c8ea09fa1f

SHA512
698136f397002db5e325d695df0db365eb65ddd203206ff8879bd5f19030db032ffaada7a4017d71649ca11b9cc1f39eaee0b83fb7f470824405e305b24bb336

Download Submit
C:\Windows\system\hczwYxz.exe

Filesize
6.0MB

MD5
0e5f3f32a178eadeb481057d40b9828d

SHA1
e11510bf7c6af60675117b6f3f7e1a07f7408302

SHA256
c8a0cfb08f6317f3ed826f5829c4c1ffeb6a4540df62070a36d34f368ef7143a

SHA512
c6596f27ca445b3a4a932e1a86cfb3621635d1356b5c9d2c8da25714867f8e09803bfc6cd551dee1f52bcc4a3c01df06dad991a5cbea68a25f2fd4053497019d

Download Submit
C:\Windows\system\kestwnt.exe

Filesize
6.0MB

MD5
7325625cd38ac921e6f24a807e7f8a32

SHA1
37a93fb78e5216a7189edcea7f1364abcc22f37f

SHA256
4a3ea682cb0f13f00bc8ecfceebd618aa7d2fc3f842df02f7bf8d2e60e001ec6

SHA512
a7ce611964a798a2a0bff2c39a952912c4e7960b9bf07230f309bc68ba5130b5d4a69114beed09a57d03edd8879a4e3742e8d9a902a5d6dd57431b431610816a

Download Submit
C:\Windows\system\kfvamdt.exe

Filesize
6.0MB

MD5
ec7a0562f4c54752e9f8f867fd4e5b84

SHA1
64588c0bbbac1dbd838d9a5a82fd844e695295b2

SHA256
f9e8007642251ecf6378d74b1e74a23e51e668a87d142b18035fc343cd62385a

SHA512
72ed585d5ceca42c2fcb5aeec42c531e1dadb86a712faa7e70f2be6af415a9b68589c2212a71d237fee14726964bd716c203e283180e563bec5f8cdeffd15118

Download Submit
C:\Windows\system\lxlIsvA.exe

Filesize
6.0MB

MD5
bfdde00ea11a2f6d93502debfde2ce14

SHA1
3ad8b3b19624ded1f7bf93e6a77651c5d2abc3a0

SHA256
74a52b1f74116a7555d7ae812ea1c5dab7adab0361abefef84566285b568cd72

SHA512
b472ba875439abc66e3471a96b8bc207c73600d205d7bfdb8d3e0e7c86934efbc2a459c29057aa103a9f5e957b50b06f32c288a0f93416b6b0312f703d7af957

Download Submit
C:\Windows\system\qJJkjGr.exe

Filesize
6.0MB

MD5
a4ee74f669a54466d7489f2290efdfda

SHA1
6be86df7f59780a091e89bde9a1db17a1aa6ae9f

SHA256
fdcf8a466761ec7a5281a599ceba00868c5df39f477c23111bae358dc57ee368

SHA512
9c748e35a73462a2ca4d9c58242a5d8781c9047df6ca3c26e26767a3dd524e4146199974a052f6a0bf78c73ebf35384f83440176ca3b07200dbc049b1e16d602

Download Submit
C:\Windows\system\rMiUdks.exe

Filesize
6.0MB

MD5
1b4367765779eedd2dee543bc6a2bf9f

SHA1
c54b7c8d91e3a75a49a698db2af94e7e5b25c735

SHA256
ea4b35d95eb425b3349d8fd4c37daf350f3d0a7742e9d8b839309ae7350d9d51

SHA512
19e66f13dbff74e61ce8e7beb2a2f5f3b3a21bd5a8d454c3f0e573a02c82509326cd748a79e3223087d7372f50e186a36949aecbab88dd3dfc25d4f55e897156

Download Submit
C:\Windows\system\sdhlueh.exe

Filesize
6.0MB

MD5
4a925547aa2c9b6f770543798cabdc7c

SHA1
cbffd8fa74f6deffc6fcc5d92a4974826d77d535

SHA256
24e6732edae982705db223bde5510b0081808ebf5bb7bcd93f7782a5f40d0153

SHA512
07fe96d15e31592d06025b87ae1500ac3a8f04b2ed934d558e11de4bee6199236ab64869096abf188889a8b38d472ae00cad3076f5ebabb235c0e0d852af8ac6

Download Submit
C:\Windows\system\vePYVPV.exe

Filesize
6.0MB

MD5
08ea62d8e6d1e15f2417cf6c876cdc8f

SHA1
7ea8d9b799f83f4e2abed97353da1fb9268068d5

SHA256
83f82a016aaef965cc14d71e14535a521df751cc3c2c59ce05611e7441190d88

SHA512
00a42bf067287c64530e4cf7323a9b140897d7c92db35c7eb06154f86f1cdd3192828d135c9193a7c4c90f9d2c0f154e85b7c00e821189eddcbcb476443bd92d

Download Submit
C:\Windows\system\xxalUWF.exe

Filesize
6.0MB

MD5
675e44f8117bb9b219fc0929669ac4d4

SHA1
d7fd9a801e8ecea2645849251cfffdf0b6999192

SHA256
7389858811467f0b4a2e8c0a7101132ca53429735c14e724113f782ea0c46c2a

SHA512
ca044dd7ed84829283551960fb8726f7c3267e92678b4ebde4cb6eecdd72cbb2c40940eb07553a2a87c773a44cb9b1d820959ffd9bc43d84187f7f66445cd940

Download Submit
\Windows\system\BHwbKDF.exe

Filesize
6.0MB

MD5
bea524ae53dfe01a4103b39fc0f0c95f

SHA1
6a8fcf1b19c172834ae435490eb84f260051cd07

SHA256
064860a6731b13d9a58eb6268e9494e4590e11f796f6d08094ba99f65798db84

SHA512
557b3dc47bab72bdd36d284b160ebd65d0fcea65f828e609577800684aaa72c741c5efd487f1261801dd106becd8d8772e6e094fd2c402d51627bb17a1932917

Download Submit
\Windows\system\CQjPvxv.exe

Filesize
6.0MB

MD5
ff26d53eb3012d6801507061cd780062

SHA1
932eb0c6cd3f68ca34b3bf23003028343255b4f4

SHA256
21c22d0e2108b48a42cad15c29784ace6a4aea2f440f5f2e69bb72dc8ed425f2

SHA512
0713f55f2983d5c8fc9884c5905d49cca8e9669d005c836f94892c13a7bd4903b1820fac46aa487423506e600555cd2acf34e6c8f553e56b84f9ac93c7b25ba5

Download Submit
\Windows\system\rrFwaaG.exe

Filesize
6.0MB

MD5
7fd4052854344eab49ce0dd5bd9b3b36

SHA1
8a73915723b5f5e937e9a442cbbcb8ce24e19424

SHA256
6459e1b14c2feb8eeb79f919250284d98b9bf0fab5bdb9c7ffb3c0db228fed81

SHA512
b4c27b8624fa43c3beb0d166dbe63c6a8e9de23ede4cd351fab446560e784b27a80b90f188888ed66eebc6a74004e26c771df9b6c3a9469c224e22b4769115a0

Download Submit
memory/804-1629-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/804-60-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1472-96-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1472-1796-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1472-549-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1804-1666-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/1804-77-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2004-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2004-52-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-484-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2004-233-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2004-24-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2004-17-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2004-19-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-27-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2004-57-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-39-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-238-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2004-93-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2004-61-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-91-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2004-0-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2004-70-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-69-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-35-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2004-67-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2004-66-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2004-87-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2004-101-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2004-76-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2004-699-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2016-37-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2016-1625-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2140-1360-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2140-25-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2316-97-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-1773-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-550-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-80-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-1744-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-92-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2560-403-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2560-1636-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2788-58-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1627-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1626-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-59-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-1701-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-68-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1352-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2872-26-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/3020-1353-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-23-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1628-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-29-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-85-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download