cobaltstrike | 4b6bb9d51555a1578bd290a76e98b6206a71649ea98392499da5bf8b0933952c

Analysis

max time kernel
152s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

fcced9dbbb1c2754c744dede4f90f01f
SHA1

966e3f1d919a39b4e6c05937a63b220a33a3417a
SHA256

4b6bb9d51555a1578bd290a76e98b6206a71649ea98392499da5bf8b0933952c
SHA512

fb32326dbd9c8798a18583a7199557ba94c8b37c4e1595dcf3a737b0e9a549445757ae1730aaaf94c084595e45aab341b845f9445cbe97d764497ff83d60e6d0
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUR:T+q56utgpPF8u/7R

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012254-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d64-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d69-15.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-54.dat	cobalt_reflective_dll
behavioral1/files/0x000f000000016d3f-67.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-76.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-111.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-92.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000186b7-61.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000170f8-52.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001756b-44.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016fe5-28.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d70-27.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2164-0-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/files/0x000a000000012254-3.dat	xmrig
behavioral1/files/0x0009000000016d64-8.dat	xmrig
behavioral1/files/0x0008000000016d69-15.dat	xmrig
behavioral1/memory/2576-45-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-54.dat	xmrig
behavioral1/memory/884-74-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2452-77-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2164-70-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/files/0x000f000000016d3f-67.dat	xmrig
behavioral1/files/0x00050000000195bb-76.dat	xmrig
behavioral1/files/0x00050000000195bd-82.dat	xmrig
behavioral1/memory/2372-86-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/1772-102-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-122.dat	xmrig
behavioral1/files/0x00050000000197fd-140.dat	xmrig
behavioral1/files/0x000500000001998d-152.dat	xmrig
behavioral1/files/0x0005000000019bf6-162.dat	xmrig
behavioral1/memory/2452-242-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2372-245-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2900-1738-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/1772-1902-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2372-1872-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/1468-1871-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2452-1846-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/884-1777-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/1932-1758-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2796-1739-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2856-1742-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2576-1737-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2948-1720-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2588-1682-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2892-1706-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2968-1691-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x0005000000019e92-192.dat	xmrig
behavioral1/files/0x0005000000019d6d-187.dat	xmrig
behavioral1/files/0x0005000000019d62-182.dat	xmrig
behavioral1/files/0x0005000000019d61-178.dat	xmrig
behavioral1/files/0x0005000000019c3c-172.dat	xmrig
behavioral1/files/0x0005000000019bf9-167.dat	xmrig
behavioral1/files/0x0005000000019bf5-158.dat	xmrig
behavioral1/files/0x0005000000019820-147.dat	xmrig
behavioral1/files/0x0005000000019761-137.dat	xmrig
behavioral1/files/0x000500000001975a-132.dat	xmrig
behavioral1/files/0x0005000000019643-126.dat	xmrig
behavioral1/files/0x00050000000195c7-116.dat	xmrig
behavioral1/files/0x00050000000195c6-111.dat	xmrig
behavioral1/files/0x00050000000195c5-106.dat	xmrig
behavioral1/files/0x00050000000195c3-100.dat	xmrig
behavioral1/memory/2164-97-0x0000000002200000-0x0000000002554000-memory.dmp	xmrig
behavioral1/memory/1468-96-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2164-85-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2576-84-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2856-83-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c1-92.dat	xmrig
behavioral1/memory/2796-57-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2900-56-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/1932-64-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x00080000000186b7-61.dat	xmrig
behavioral1/files/0x00070000000170f8-52.dat	xmrig
behavioral1/memory/2968-25-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2948-23-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/files/0x000700000001756b-44.dat	xmrig
behavioral1/memory/2856-36-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2588	BwlUiiW.exe
2948	bBUIhja.exe
2968	hDYDmUm.exe
2856	zGTCZOt.exe
2892	pEqkHHX.exe
2576	osvELVN.exe
2900	dYRaIQi.exe
2796	JgAUSSr.exe
1932	wBUfkif.exe
884	mDEznBG.exe
2452	XBTKYbt.exe
2372	qoXLJmk.exe
1468	RuMQyjO.exe
1772	LMfLfbT.exe
2792	GsqOCuY.exe
1880	iMljWgD.exe
784	XMFGrCa.exe
1808	LSByZZW.exe
2820	mEPEAMR.exe
1768	GxAYljR.exe
1044	VTrBCeV.exe
1752	FTUmPQu.exe
2280	oMRhMVj.exe
2292	VpaZwhg.exe
2660	GCcFwUW.exe
1644	siYwwyx.exe
2296	ZsEfcBs.exe
572	pYVlBCm.exe
1860	wILCxhP.exe
1260	OvlzkId.exe
2272	CQgrqNx.exe
1836	HRWieNP.exe
2340	CxWqgev.exe
2812	aSdqNDm.exe
564	OKrNNTy.exe
1812	woiSKif.exe
1296	ZfLcrjs.exe
844	XJVWXmE.exe
1920	ISYLgRa.exe
1348	IMHRVRU.exe
1844	ydGLpOg.exe
864	ILQAjvs.exe
2328	yztfqHa.exe
652	kAaRPMu.exe
964	vRYdowF.exe
2416	PAyGWNU.exe
764	YPFQudq.exe
1636	egsqGCz.exe
2348	OKUUChm.exe
876	KGegoyd.exe
2532	YDCCfct.exe
368	aQFjeaf.exe
2140	cIPoDvx.exe
2824	zpOsXXI.exe
2736	PucKdqi.exe
2468	RFuRSdL.exe
2944	RQNmqwz.exe
2216	SUZHOEP.exe
3008	RRsnBcI.exe
1804	cQrOWLD.exe
2108	pwmgfJu.exe
2440	zmTCYqG.exe
3024	zNZdHZw.exe
796	oJkhaCx.exe

Loads dropped DLL 64 IoCs

pid	Process
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2164-0-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/files/0x000a000000012254-3.dat	upx
behavioral1/files/0x0009000000016d64-8.dat	upx
behavioral1/files/0x0008000000016d69-15.dat	upx
behavioral1/memory/2576-45-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/files/0x0002000000018334-54.dat	upx
behavioral1/memory/884-74-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2452-77-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2164-70-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/files/0x000f000000016d3f-67.dat	upx
behavioral1/files/0x00050000000195bb-76.dat	upx
behavioral1/files/0x00050000000195bd-82.dat	upx
behavioral1/memory/2372-86-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/1772-102-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x000500000001960c-122.dat	upx
behavioral1/files/0x00050000000197fd-140.dat	upx
behavioral1/files/0x000500000001998d-152.dat	upx
behavioral1/files/0x0005000000019bf6-162.dat	upx
behavioral1/memory/2452-242-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2372-245-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2900-1738-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/1772-1902-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2372-1872-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/1468-1871-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2452-1846-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/884-1777-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/1932-1758-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2796-1739-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2856-1742-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2576-1737-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2948-1720-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2588-1682-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2892-1706-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2968-1691-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x0005000000019e92-192.dat	upx
behavioral1/files/0x0005000000019d6d-187.dat	upx
behavioral1/files/0x0005000000019d62-182.dat	upx
behavioral1/files/0x0005000000019d61-178.dat	upx
behavioral1/files/0x0005000000019c3c-172.dat	upx
behavioral1/files/0x0005000000019bf9-167.dat	upx
behavioral1/files/0x0005000000019bf5-158.dat	upx
behavioral1/files/0x0005000000019820-147.dat	upx
behavioral1/files/0x0005000000019761-137.dat	upx
behavioral1/files/0x000500000001975a-132.dat	upx
behavioral1/files/0x0005000000019643-126.dat	upx
behavioral1/files/0x00050000000195c7-116.dat	upx
behavioral1/files/0x00050000000195c6-111.dat	upx
behavioral1/files/0x00050000000195c5-106.dat	upx
behavioral1/files/0x00050000000195c3-100.dat	upx
behavioral1/memory/1468-96-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2576-84-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2856-83-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x00050000000195c1-92.dat	upx
behavioral1/memory/2796-57-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2900-56-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/1932-64-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x00080000000186b7-61.dat	upx
behavioral1/files/0x00070000000170f8-52.dat	upx
behavioral1/memory/2968-25-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2948-23-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/files/0x000700000001756b-44.dat	upx
behavioral1/memory/2856-36-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2892-35-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2588-33-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JHjczTI.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHbnVIB.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AuaxVoq.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EcpIcLU.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbPMEGv.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBJoeop.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLbVvWC.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEUwalR.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xjGtbvc.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\updtrzt.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RZBsmRq.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mIpfhJJ.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQOlUJa.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XpLCMEJ.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LkJasyq.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PnEaQjf.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gQVLwNq.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PvOfRsi.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OSMhIRQ.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XQFZIQT.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKaRxpw.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OKVcLhv.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CstLqQx.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYUUUtB.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FPnoJkM.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WLkFkkP.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sfMXbRd.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HOnPENE.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FgVcpkp.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KHvbiUY.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FnesDON.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UdTnCTU.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kCJrsBe.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRmLVYF.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ASrfHxN.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cQrOWLD.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCHcdCy.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mLffWZK.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sZkiXPx.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XOhFNIN.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JtUpedM.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\skluQcT.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYXRIcu.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GsqOCuY.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbpAELv.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XBzuvWa.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bFQSKUl.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UefXUul.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CHESavt.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpAnILf.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XakWguS.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pfHiBVW.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KKKAYWu.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ljuoNsr.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SpLRGVS.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEOyLoE.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IuyphkX.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RoRiyPl.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ReKbMNk.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwdPFRc.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JnGLYcE.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UCbuLmI.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqOTjDt.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uJsYTSm.exe	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2588	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2164 wrote to memory of 2588	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2164 wrote to memory of 2588	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2164 wrote to memory of 2948	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2164 wrote to memory of 2948	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2164 wrote to memory of 2948	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2164 wrote to memory of 2968	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2164 wrote to memory of 2968	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2164 wrote to memory of 2968	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2164 wrote to memory of 2856	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2164 wrote to memory of 2856	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2164 wrote to memory of 2856	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2164 wrote to memory of 2892	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2164 wrote to memory of 2892	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2164 wrote to memory of 2892	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2164 wrote to memory of 2900	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2164 wrote to memory of 2900	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2164 wrote to memory of 2900	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2164 wrote to memory of 2576	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2164 wrote to memory of 2576	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2164 wrote to memory of 2576	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2164 wrote to memory of 2796	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2164 wrote to memory of 2796	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2164 wrote to memory of 2796	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2164 wrote to memory of 1932	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2164 wrote to memory of 1932	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2164 wrote to memory of 1932	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2164 wrote to memory of 884	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2164 wrote to memory of 884	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2164 wrote to memory of 884	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2164 wrote to memory of 2452	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2164 wrote to memory of 2452	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2164 wrote to memory of 2452	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2164 wrote to memory of 2372	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2164 wrote to memory of 2372	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2164 wrote to memory of 2372	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2164 wrote to memory of 1468	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2164 wrote to memory of 1468	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2164 wrote to memory of 1468	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2164 wrote to memory of 1772	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2164 wrote to memory of 1772	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2164 wrote to memory of 1772	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2164 wrote to memory of 2792	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2164 wrote to memory of 2792	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2164 wrote to memory of 2792	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2164 wrote to memory of 1880	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2164 wrote to memory of 1880	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2164 wrote to memory of 1880	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2164 wrote to memory of 784	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2164 wrote to memory of 784	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2164 wrote to memory of 784	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2164 wrote to memory of 1808	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2164 wrote to memory of 1808	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2164 wrote to memory of 1808	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2164 wrote to memory of 2820	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2164 wrote to memory of 2820	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2164 wrote to memory of 2820	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2164 wrote to memory of 1768	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2164 wrote to memory of 1768	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2164 wrote to memory of 1768	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2164 wrote to memory of 1044	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2164 wrote to memory of 1044	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2164 wrote to memory of 1044	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2164 wrote to memory of 1752	2164	2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_fcced9dbbb1c2754c744dede4f90f01f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\System\BwlUiiW.exe
  C:\Windows\System\BwlUiiW.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\bBUIhja.exe
  C:\Windows\System\bBUIhja.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\hDYDmUm.exe
  C:\Windows\System\hDYDmUm.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\zGTCZOt.exe
  C:\Windows\System\zGTCZOt.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\pEqkHHX.exe
  C:\Windows\System\pEqkHHX.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\dYRaIQi.exe
  C:\Windows\System\dYRaIQi.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\osvELVN.exe
  C:\Windows\System\osvELVN.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\JgAUSSr.exe
  C:\Windows\System\JgAUSSr.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\wBUfkif.exe
  C:\Windows\System\wBUfkif.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\mDEznBG.exe
  C:\Windows\System\mDEznBG.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\XBTKYbt.exe
  C:\Windows\System\XBTKYbt.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\qoXLJmk.exe
  C:\Windows\System\qoXLJmk.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\RuMQyjO.exe
  C:\Windows\System\RuMQyjO.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\LMfLfbT.exe
  C:\Windows\System\LMfLfbT.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\GsqOCuY.exe
  C:\Windows\System\GsqOCuY.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\iMljWgD.exe
  C:\Windows\System\iMljWgD.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\XMFGrCa.exe
  C:\Windows\System\XMFGrCa.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\LSByZZW.exe
  C:\Windows\System\LSByZZW.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\mEPEAMR.exe
  C:\Windows\System\mEPEAMR.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\GxAYljR.exe
  C:\Windows\System\GxAYljR.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\VTrBCeV.exe
  C:\Windows\System\VTrBCeV.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\FTUmPQu.exe
  C:\Windows\System\FTUmPQu.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\oMRhMVj.exe
  C:\Windows\System\oMRhMVj.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\VpaZwhg.exe
  C:\Windows\System\VpaZwhg.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\GCcFwUW.exe
  C:\Windows\System\GCcFwUW.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\siYwwyx.exe
  C:\Windows\System\siYwwyx.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\ZsEfcBs.exe
  C:\Windows\System\ZsEfcBs.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\pYVlBCm.exe
  C:\Windows\System\pYVlBCm.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\wILCxhP.exe
  C:\Windows\System\wILCxhP.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\OvlzkId.exe
  C:\Windows\System\OvlzkId.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\CQgrqNx.exe
  C:\Windows\System\CQgrqNx.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\HRWieNP.exe
  C:\Windows\System\HRWieNP.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\CxWqgev.exe
  C:\Windows\System\CxWqgev.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\aSdqNDm.exe
  C:\Windows\System\aSdqNDm.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\OKrNNTy.exe
  C:\Windows\System\OKrNNTy.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\woiSKif.exe
  C:\Windows\System\woiSKif.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\ZfLcrjs.exe
  C:\Windows\System\ZfLcrjs.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\XJVWXmE.exe
  C:\Windows\System\XJVWXmE.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\ISYLgRa.exe
  C:\Windows\System\ISYLgRa.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\IMHRVRU.exe
  C:\Windows\System\IMHRVRU.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\ydGLpOg.exe
  C:\Windows\System\ydGLpOg.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\vRYdowF.exe
  C:\Windows\System\vRYdowF.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\ILQAjvs.exe
  C:\Windows\System\ILQAjvs.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\PAyGWNU.exe
  C:\Windows\System\PAyGWNU.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\yztfqHa.exe
  C:\Windows\System\yztfqHa.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\YPFQudq.exe
  C:\Windows\System\YPFQudq.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\kAaRPMu.exe
  C:\Windows\System\kAaRPMu.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\egsqGCz.exe
  C:\Windows\System\egsqGCz.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\OKUUChm.exe
  C:\Windows\System\OKUUChm.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\KGegoyd.exe
  C:\Windows\System\KGegoyd.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\YDCCfct.exe
  C:\Windows\System\YDCCfct.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\zpOsXXI.exe
  C:\Windows\System\zpOsXXI.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\aQFjeaf.exe
  C:\Windows\System\aQFjeaf.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\RFuRSdL.exe
  C:\Windows\System\RFuRSdL.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\cIPoDvx.exe
  C:\Windows\System\cIPoDvx.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\RQNmqwz.exe
  C:\Windows\System\RQNmqwz.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\PucKdqi.exe
  C:\Windows\System\PucKdqi.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\RRsnBcI.exe
  C:\Windows\System\RRsnBcI.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\SUZHOEP.exe
  C:\Windows\System\SUZHOEP.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\cQrOWLD.exe
  C:\Windows\System\cQrOWLD.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\pwmgfJu.exe
  C:\Windows\System\pwmgfJu.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\oJkhaCx.exe
  C:\Windows\System\oJkhaCx.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\zmTCYqG.exe
  C:\Windows\System\zmTCYqG.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\NbSTqLA.exe
  C:\Windows\System\NbSTqLA.exe
  2⤵
  PID:932
- C:\Windows\System\zNZdHZw.exe
  C:\Windows\System\zNZdHZw.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\ZKVkbhi.exe
  C:\Windows\System\ZKVkbhi.exe
  2⤵
  PID:2924
- C:\Windows\System\QkVDTTO.exe
  C:\Windows\System\QkVDTTO.exe
  2⤵
  PID:1560
- C:\Windows\System\POHngeU.exe
  C:\Windows\System\POHngeU.exe
  2⤵
  PID:1472
- C:\Windows\System\lXuqTsf.exe
  C:\Windows\System\lXuqTsf.exe
  2⤵
  PID:1052
- C:\Windows\System\nOCzAQt.exe
  C:\Windows\System\nOCzAQt.exe
  2⤵
  PID:816
- C:\Windows\System\DkmRxyx.exe
  C:\Windows\System\DkmRxyx.exe
  2⤵
  PID:908
- C:\Windows\System\bEHUBUi.exe
  C:\Windows\System\bEHUBUi.exe
  2⤵
  PID:2436
- C:\Windows\System\DyrsIeU.exe
  C:\Windows\System\DyrsIeU.exe
  2⤵
  PID:1256
- C:\Windows\System\SPnzVqZ.exe
  C:\Windows\System\SPnzVqZ.exe
  2⤵
  PID:1584
- C:\Windows\System\lDoNiES.exe
  C:\Windows\System\lDoNiES.exe
  2⤵
  PID:2368
- C:\Windows\System\ToKgbWL.exe
  C:\Windows\System\ToKgbWL.exe
  2⤵
  PID:2516
- C:\Windows\System\QuQgXtt.exe
  C:\Windows\System\QuQgXtt.exe
  2⤵
  PID:1828
- C:\Windows\System\rlqTYoE.exe
  C:\Windows\System\rlqTYoE.exe
  2⤵
  PID:936
- C:\Windows\System\mviDkep.exe
  C:\Windows\System\mviDkep.exe
  2⤵
  PID:2396
- C:\Windows\System\awvWhWk.exe
  C:\Windows\System\awvWhWk.exe
  2⤵
  PID:2352
- C:\Windows\System\MiMgMBo.exe
  C:\Windows\System\MiMgMBo.exe
  2⤵
  PID:472
- C:\Windows\System\MzrKSaC.exe
  C:\Windows\System\MzrKSaC.exe
  2⤵
  PID:2708
- C:\Windows\System\qyZeKvf.exe
  C:\Windows\System\qyZeKvf.exe
  2⤵
  PID:1864
- C:\Windows\System\KIZMkZj.exe
  C:\Windows\System\KIZMkZj.exe
  2⤵
  PID:1648
- C:\Windows\System\XpLCMEJ.exe
  C:\Windows\System\XpLCMEJ.exe
  2⤵
  PID:2524
- C:\Windows\System\VSpAZgx.exe
  C:\Windows\System\VSpAZgx.exe
  2⤵
  PID:2836
- C:\Windows\System\CeRtZuM.exe
  C:\Windows\System\CeRtZuM.exe
  2⤵
  PID:2976
- C:\Windows\System\CymaSJr.exe
  C:\Windows\System\CymaSJr.exe
  2⤵
  PID:432
- C:\Windows\System\MSLcnlQ.exe
  C:\Windows\System\MSLcnlQ.exe
  2⤵
  PID:1592
- C:\Windows\System\IChZSXF.exe
  C:\Windows\System\IChZSXF.exe
  2⤵
  PID:2116
- C:\Windows\System\qHOfLKC.exe
  C:\Windows\System\qHOfLKC.exe
  2⤵
  PID:1032
- C:\Windows\System\mKZcnHv.exe
  C:\Windows\System\mKZcnHv.exe
  2⤵
  PID:2772
- C:\Windows\System\tcrjxiv.exe
  C:\Windows\System\tcrjxiv.exe
  2⤵
  PID:2788
- C:\Windows\System\imwKwiC.exe
  C:\Windows\System\imwKwiC.exe
  2⤵
  PID:2268
- C:\Windows\System\RMkBqau.exe
  C:\Windows\System\RMkBqau.exe
  2⤵
  PID:316
- C:\Windows\System\wcvfnWI.exe
  C:\Windows\System\wcvfnWI.exe
  2⤵
  PID:1820
- C:\Windows\System\imrUVjI.exe
  C:\Windows\System\imrUVjI.exe
  2⤵
  PID:2208
- C:\Windows\System\fucsHIl.exe
  C:\Windows\System\fucsHIl.exe
  2⤵
  PID:2400
- C:\Windows\System\sxRXjcR.exe
  C:\Windows\System\sxRXjcR.exe
  2⤵
  PID:1528
- C:\Windows\System\bMekwsc.exe
  C:\Windows\System\bMekwsc.exe
  2⤵
  PID:3040
- C:\Windows\System\TSQiBRB.exe
  C:\Windows\System\TSQiBRB.exe
  2⤵
  PID:2672
- C:\Windows\System\gnOQjkU.exe
  C:\Windows\System\gnOQjkU.exe
  2⤵
  PID:1328
- C:\Windows\System\TFmUWqO.exe
  C:\Windows\System\TFmUWqO.exe
  2⤵
  PID:2288
- C:\Windows\System\ZKcFEyl.exe
  C:\Windows\System\ZKcFEyl.exe
  2⤵
  PID:1832
- C:\Windows\System\xJzXqHV.exe
  C:\Windows\System\xJzXqHV.exe
  2⤵
  PID:1680
- C:\Windows\System\YIHSFGM.exe
  C:\Windows\System\YIHSFGM.exe
  2⤵
  PID:3088
- C:\Windows\System\LRVHbNd.exe
  C:\Windows\System\LRVHbNd.exe
  2⤵
  PID:3104
- C:\Windows\System\MDYymOM.exe
  C:\Windows\System\MDYymOM.exe
  2⤵
  PID:3120
- C:\Windows\System\MwXKHxo.exe
  C:\Windows\System\MwXKHxo.exe
  2⤵
  PID:3140
- C:\Windows\System\pXyokeq.exe
  C:\Windows\System\pXyokeq.exe
  2⤵
  PID:3160
- C:\Windows\System\ATPjMex.exe
  C:\Windows\System\ATPjMex.exe
  2⤵
  PID:3180
- C:\Windows\System\ssJlTKB.exe
  C:\Windows\System\ssJlTKB.exe
  2⤵
  PID:3204
- C:\Windows\System\pZwAlGi.exe
  C:\Windows\System\pZwAlGi.exe
  2⤵
  PID:3224
- C:\Windows\System\ZCtmdtY.exe
  C:\Windows\System\ZCtmdtY.exe
  2⤵
  PID:3244
- C:\Windows\System\rvSeFNa.exe
  C:\Windows\System\rvSeFNa.exe
  2⤵
  PID:3264
- C:\Windows\System\dNkrZTf.exe
  C:\Windows\System\dNkrZTf.exe
  2⤵
  PID:3280
- C:\Windows\System\SOpByZT.exe
  C:\Windows\System\SOpByZT.exe
  2⤵
  PID:3296
- C:\Windows\System\MZghYLo.exe
  C:\Windows\System\MZghYLo.exe
  2⤵
  PID:3312
- C:\Windows\System\KeOUlZS.exe
  C:\Windows\System\KeOUlZS.exe
  2⤵
  PID:3328
- C:\Windows\System\ZDqaEoF.exe
  C:\Windows\System\ZDqaEoF.exe
  2⤵
  PID:3352
- C:\Windows\System\Ntyyqng.exe
  C:\Windows\System\Ntyyqng.exe
  2⤵
  PID:3372
- C:\Windows\System\DpsFNCB.exe
  C:\Windows\System\DpsFNCB.exe
  2⤵
  PID:3388
- C:\Windows\System\FnesDON.exe
  C:\Windows\System\FnesDON.exe
  2⤵
  PID:3404
- C:\Windows\System\hZmhmkT.exe
  C:\Windows\System\hZmhmkT.exe
  2⤵
  PID:3420
- C:\Windows\System\OJQLfpl.exe
  C:\Windows\System\OJQLfpl.exe
  2⤵
  PID:3436
- C:\Windows\System\MLFrIbm.exe
  C:\Windows\System\MLFrIbm.exe
  2⤵
  PID:3452
- C:\Windows\System\FXPJbpl.exe
  C:\Windows\System\FXPJbpl.exe
  2⤵
  PID:3468
- C:\Windows\System\AuaxVoq.exe
  C:\Windows\System\AuaxVoq.exe
  2⤵
  PID:3484
- C:\Windows\System\XEXYoYe.exe
  C:\Windows\System\XEXYoYe.exe
  2⤵
  PID:3516
- C:\Windows\System\CwuRSxP.exe
  C:\Windows\System\CwuRSxP.exe
  2⤵
  PID:3532
- C:\Windows\System\pRpjQLM.exe
  C:\Windows\System\pRpjQLM.exe
  2⤵
  PID:3556
- C:\Windows\System\sfcfBBL.exe
  C:\Windows\System\sfcfBBL.exe
  2⤵
  PID:3576
- C:\Windows\System\wvvFQHN.exe
  C:\Windows\System\wvvFQHN.exe
  2⤵
  PID:3596
- C:\Windows\System\CNpuzHT.exe
  C:\Windows\System\CNpuzHT.exe
  2⤵
  PID:3612
- C:\Windows\System\vSQetPF.exe
  C:\Windows\System\vSQetPF.exe
  2⤵
  PID:3704
- C:\Windows\System\wZqiUIC.exe
  C:\Windows\System\wZqiUIC.exe
  2⤵
  PID:3724
- C:\Windows\System\WuTQXjR.exe
  C:\Windows\System\WuTQXjR.exe
  2⤵
  PID:3740
- C:\Windows\System\xKLYkNN.exe
  C:\Windows\System\xKLYkNN.exe
  2⤵
  PID:3760
- C:\Windows\System\uZoUWbb.exe
  C:\Windows\System\uZoUWbb.exe
  2⤵
  PID:3776
- C:\Windows\System\lhHQULy.exe
  C:\Windows\System\lhHQULy.exe
  2⤵
  PID:3792
- C:\Windows\System\aCoKgSO.exe
  C:\Windows\System\aCoKgSO.exe
  2⤵
  PID:3812
- C:\Windows\System\RgiPHkI.exe
  C:\Windows\System\RgiPHkI.exe
  2⤵
  PID:3832
- C:\Windows\System\sXQGMHe.exe
  C:\Windows\System\sXQGMHe.exe
  2⤵
  PID:3848
- C:\Windows\System\wMYlIjC.exe
  C:\Windows\System\wMYlIjC.exe
  2⤵
  PID:3868
- C:\Windows\System\BPtSfIu.exe
  C:\Windows\System\BPtSfIu.exe
  2⤵
  PID:3888
- C:\Windows\System\fdHUkYs.exe
  C:\Windows\System\fdHUkYs.exe
  2⤵
  PID:3908
- C:\Windows\System\YlDkBQr.exe
  C:\Windows\System\YlDkBQr.exe
  2⤵
  PID:3944
- C:\Windows\System\zdUAeac.exe
  C:\Windows\System\zdUAeac.exe
  2⤵
  PID:3964
- C:\Windows\System\fXSJrhi.exe
  C:\Windows\System\fXSJrhi.exe
  2⤵
  PID:3984
- C:\Windows\System\CTjJTDX.exe
  C:\Windows\System\CTjJTDX.exe
  2⤵
  PID:4004
- C:\Windows\System\BvLdcgp.exe
  C:\Windows\System\BvLdcgp.exe
  2⤵
  PID:4020
- C:\Windows\System\iTBINMT.exe
  C:\Windows\System\iTBINMT.exe
  2⤵
  PID:4040
- C:\Windows\System\KwbrmjS.exe
  C:\Windows\System\KwbrmjS.exe
  2⤵
  PID:4064
- C:\Windows\System\ibirldD.exe
  C:\Windows\System\ibirldD.exe
  2⤵
  PID:4084
- C:\Windows\System\POPwWAV.exe
  C:\Windows\System\POPwWAV.exe
  2⤵
  PID:2860
- C:\Windows\System\DiGHrtP.exe
  C:\Windows\System\DiGHrtP.exe
  2⤵
  PID:2584
- C:\Windows\System\uwilWJA.exe
  C:\Windows\System\uwilWJA.exe
  2⤵
  PID:2828
- C:\Windows\System\LEccUTj.exe
  C:\Windows\System\LEccUTj.exe
  2⤵
  PID:1888
- C:\Windows\System\huxmxjS.exe
  C:\Windows\System\huxmxjS.exe
  2⤵
  PID:1060
- C:\Windows\System\YrrSJIC.exe
  C:\Windows\System\YrrSJIC.exe
  2⤵
  PID:2200
- C:\Windows\System\IuyphkX.exe
  C:\Windows\System\IuyphkX.exe
  2⤵
  PID:2404
- C:\Windows\System\rZbIKPN.exe
  C:\Windows\System\rZbIKPN.exe
  2⤵
  PID:3084
- C:\Windows\System\gAvyUXN.exe
  C:\Windows\System\gAvyUXN.exe
  2⤵
  PID:3156
- C:\Windows\System\urEapVl.exe
  C:\Windows\System\urEapVl.exe
  2⤵
  PID:3232
- C:\Windows\System\nCoqoxv.exe
  C:\Windows\System\nCoqoxv.exe
  2⤵
  PID:3308
- C:\Windows\System\JMSlUaN.exe
  C:\Windows\System\JMSlUaN.exe
  2⤵
  PID:3348
- C:\Windows\System\ryOUbmq.exe
  C:\Windows\System\ryOUbmq.exe
  2⤵
  PID:2488
- C:\Windows\System\aJtRkmc.exe
  C:\Windows\System\aJtRkmc.exe
  2⤵
  PID:752
- C:\Windows\System\QcqHiLd.exe
  C:\Windows\System\QcqHiLd.exe
  2⤵
  PID:3032
- C:\Windows\System\EcLzaOK.exe
  C:\Windows\System\EcLzaOK.exe
  2⤵
  PID:2696
- C:\Windows\System\hjxMlho.exe
  C:\Windows\System\hjxMlho.exe
  2⤵
  PID:2832
- C:\Windows\System\rvYuwOX.exe
  C:\Windows\System\rvYuwOX.exe
  2⤵
  PID:1896
- C:\Windows\System\tiAWowI.exe
  C:\Windows\System\tiAWowI.exe
  2⤵
  PID:1040
- C:\Windows\System\fCRTVGV.exe
  C:\Windows\System\fCRTVGV.exe
  2⤵
  PID:2704
- C:\Windows\System\TJxonRf.exe
  C:\Windows\System\TJxonRf.exe
  2⤵
  PID:3100
- C:\Windows\System\rsLxlkc.exe
  C:\Windows\System\rsLxlkc.exe
  2⤵
  PID:3136
- C:\Windows\System\BbeKQrG.exe
  C:\Windows\System\BbeKQrG.exe
  2⤵
  PID:3220
- C:\Windows\System\ohHKvLh.exe
  C:\Windows\System\ohHKvLh.exe
  2⤵
  PID:3288
- C:\Windows\System\kglYUhV.exe
  C:\Windows\System\kglYUhV.exe
  2⤵
  PID:3396
- C:\Windows\System\UnMMHWF.exe
  C:\Windows\System\UnMMHWF.exe
  2⤵
  PID:3464
- C:\Windows\System\AscsDLh.exe
  C:\Windows\System\AscsDLh.exe
  2⤵
  PID:3512
- C:\Windows\System\DHeAtdc.exe
  C:\Windows\System\DHeAtdc.exe
  2⤵
  PID:3584
- C:\Windows\System\dRuniPL.exe
  C:\Windows\System\dRuniPL.exe
  2⤵
  PID:3628
- C:\Windows\System\UCbuLmI.exe
  C:\Windows\System\UCbuLmI.exe
  2⤵
  PID:3652
- C:\Windows\System\baGkihl.exe
  C:\Windows\System\baGkihl.exe
  2⤵
  PID:3672
- C:\Windows\System\OKVcLhv.exe
  C:\Windows\System\OKVcLhv.exe
  2⤵
  PID:3712
- C:\Windows\System\jGPxANK.exe
  C:\Windows\System\jGPxANK.exe
  2⤵
  PID:3752
- C:\Windows\System\DYWYnyr.exe
  C:\Windows\System\DYWYnyr.exe
  2⤵
  PID:3828
- C:\Windows\System\NHNUsbV.exe
  C:\Windows\System\NHNUsbV.exe
  2⤵
  PID:3864
- C:\Windows\System\ZMBtQlv.exe
  C:\Windows\System\ZMBtQlv.exe
  2⤵
  PID:3916
- C:\Windows\System\GZNEJvr.exe
  C:\Windows\System\GZNEJvr.exe
  2⤵
  PID:3732
- C:\Windows\System\FqeohQE.exe
  C:\Windows\System\FqeohQE.exe
  2⤵
  PID:3800
- C:\Windows\System\ulaWfPX.exe
  C:\Windows\System\ulaWfPX.exe
  2⤵
  PID:3920
- C:\Windows\System\tCTXNXe.exe
  C:\Windows\System\tCTXNXe.exe
  2⤵
  PID:3972
- C:\Windows\System\RuskOZn.exe
  C:\Windows\System\RuskOZn.exe
  2⤵
  PID:3980
- C:\Windows\System\pfHiBVW.exe
  C:\Windows\System\pfHiBVW.exe
  2⤵
  PID:4036
- C:\Windows\System\aSXaxkw.exe
  C:\Windows\System\aSXaxkw.exe
  2⤵
  PID:4052
- C:\Windows\System\xjBJYDJ.exe
  C:\Windows\System\xjBJYDJ.exe
  2⤵
  PID:3700
- C:\Windows\System\bqGarck.exe
  C:\Windows\System\bqGarck.exe
  2⤵
  PID:1696
- C:\Windows\System\HGhZdrs.exe
  C:\Windows\System\HGhZdrs.exe
  2⤵
  PID:1840
- C:\Windows\System\xnNXcwx.exe
  C:\Windows\System\xnNXcwx.exe
  2⤵
  PID:860
- C:\Windows\System\exWKXmr.exe
  C:\Windows\System\exWKXmr.exe
  2⤵
  PID:2540
- C:\Windows\System\troNysT.exe
  C:\Windows\System\troNysT.exe
  2⤵
  PID:3152
- C:\Windows\System\EZKYgAN.exe
  C:\Windows\System\EZKYgAN.exe
  2⤵
  PID:3344
- C:\Windows\System\apfdecF.exe
  C:\Windows\System\apfdecF.exe
  2⤵
  PID:3416
- C:\Windows\System\jFEpmBj.exe
  C:\Windows\System\jFEpmBj.exe
  2⤵
  PID:1816
- C:\Windows\System\iFPxOEC.exe
  C:\Windows\System\iFPxOEC.exe
  2⤵
  PID:1244
- C:\Windows\System\VMRNFva.exe
  C:\Windows\System\VMRNFva.exe
  2⤵
  PID:3480
- C:\Windows\System\TuImtjb.exe
  C:\Windows\System\TuImtjb.exe
  2⤵
  PID:3528
- C:\Windows\System\pHYuGtf.exe
  C:\Windows\System\pHYuGtf.exe
  2⤵
  PID:916
- C:\Windows\System\EcpIcLU.exe
  C:\Windows\System\EcpIcLU.exe
  2⤵
  PID:3096
- C:\Windows\System\lckDfIQ.exe
  C:\Windows\System\lckDfIQ.exe
  2⤵
  PID:3176
- C:\Windows\System\XuhYqDV.exe
  C:\Windows\System\XuhYqDV.exe
  2⤵
  PID:3320
- C:\Windows\System\niOOLDt.exe
  C:\Windows\System\niOOLDt.exe
  2⤵
  PID:3540
- C:\Windows\System\oNeTiml.exe
  C:\Windows\System\oNeTiml.exe
  2⤵
  PID:3592
- C:\Windows\System\coowwhx.exe
  C:\Windows\System\coowwhx.exe
  2⤵
  PID:3644
- C:\Windows\System\ZwpRTZD.exe
  C:\Windows\System\ZwpRTZD.exe
  2⤵
  PID:3684
- C:\Windows\System\PLeDxyy.exe
  C:\Windows\System\PLeDxyy.exe
  2⤵
  PID:3756
- C:\Windows\System\KaYHSNa.exe
  C:\Windows\System\KaYHSNa.exe
  2⤵
  PID:3808
- C:\Windows\System\pQBmiLT.exe
  C:\Windows\System\pQBmiLT.exe
  2⤵
  PID:3840
- C:\Windows\System\VLJIjaM.exe
  C:\Windows\System\VLJIjaM.exe
  2⤵
  PID:3960
- C:\Windows\System\gceVKRQ.exe
  C:\Windows\System\gceVKRQ.exe
  2⤵
  PID:4028
- C:\Windows\System\lCTbWXC.exe
  C:\Windows\System\lCTbWXC.exe
  2⤵
  PID:1668
- C:\Windows\System\LKTRnRF.exe
  C:\Windows\System\LKTRnRF.exe
  2⤵
  PID:2056
- C:\Windows\System\eMyNzpL.exe
  C:\Windows\System\eMyNzpL.exe
  2⤵
  PID:4080
- C:\Windows\System\FdhVFxT.exe
  C:\Windows\System\FdhVFxT.exe
  2⤵
  PID:1384
- C:\Windows\System\LToSrRX.exe
  C:\Windows\System\LToSrRX.exe
  2⤵
  PID:1580
- C:\Windows\System\JDMvYvG.exe
  C:\Windows\System\JDMvYvG.exe
  2⤵
  PID:3116
- C:\Windows\System\etQvrDv.exe
  C:\Windows\System\etQvrDv.exe
  2⤵
  PID:3272
- C:\Windows\System\SbjqxAQ.exe
  C:\Windows\System\SbjqxAQ.exe
  2⤵
  PID:1876
- C:\Windows\System\LtgMXkR.exe
  C:\Windows\System\LtgMXkR.exe
  2⤵
  PID:4104
- C:\Windows\System\VoevBbx.exe
  C:\Windows\System\VoevBbx.exe
  2⤵
  PID:4132
- C:\Windows\System\wUnFRMZ.exe
  C:\Windows\System\wUnFRMZ.exe
  2⤵
  PID:4152
- C:\Windows\System\zPuqTZw.exe
  C:\Windows\System\zPuqTZw.exe
  2⤵
  PID:4172
- C:\Windows\System\updtrzt.exe
  C:\Windows\System\updtrzt.exe
  2⤵
  PID:4188
- C:\Windows\System\yGBdJft.exe
  C:\Windows\System\yGBdJft.exe
  2⤵
  PID:4212
- C:\Windows\System\pwdLaaJ.exe
  C:\Windows\System\pwdLaaJ.exe
  2⤵
  PID:4232
- C:\Windows\System\JSyxRfp.exe
  C:\Windows\System\JSyxRfp.exe
  2⤵
  PID:4252
- C:\Windows\System\oUhQFEx.exe
  C:\Windows\System\oUhQFEx.exe
  2⤵
  PID:4268
- C:\Windows\System\uofizoN.exe
  C:\Windows\System\uofizoN.exe
  2⤵
  PID:4292
- C:\Windows\System\xPCcZgV.exe
  C:\Windows\System\xPCcZgV.exe
  2⤵
  PID:4312
- C:\Windows\System\dVRzxvv.exe
  C:\Windows\System\dVRzxvv.exe
  2⤵
  PID:4332
- C:\Windows\System\sJVGMnZ.exe
  C:\Windows\System\sJVGMnZ.exe
  2⤵
  PID:4352
- C:\Windows\System\QDVJOGc.exe
  C:\Windows\System\QDVJOGc.exe
  2⤵
  PID:4372
- C:\Windows\System\AbHtZyU.exe
  C:\Windows\System\AbHtZyU.exe
  2⤵
  PID:4392
- C:\Windows\System\zQPqQXz.exe
  C:\Windows\System\zQPqQXz.exe
  2⤵
  PID:4408
- C:\Windows\System\tzpeRRb.exe
  C:\Windows\System\tzpeRRb.exe
  2⤵
  PID:4428
- C:\Windows\System\NtvgLuF.exe
  C:\Windows\System\NtvgLuF.exe
  2⤵
  PID:4456
- C:\Windows\System\yNfFYTS.exe
  C:\Windows\System\yNfFYTS.exe
  2⤵
  PID:4476
- C:\Windows\System\FixUtLg.exe
  C:\Windows\System\FixUtLg.exe
  2⤵
  PID:4496
- C:\Windows\System\UtQErvv.exe
  C:\Windows\System\UtQErvv.exe
  2⤵
  PID:4516
- C:\Windows\System\NiwFUMW.exe
  C:\Windows\System\NiwFUMW.exe
  2⤵
  PID:4536
- C:\Windows\System\sdaSaYH.exe
  C:\Windows\System\sdaSaYH.exe
  2⤵
  PID:4556
- C:\Windows\System\rneGMXT.exe
  C:\Windows\System\rneGMXT.exe
  2⤵
  PID:4576
- C:\Windows\System\NCIqNKd.exe
  C:\Windows\System\NCIqNKd.exe
  2⤵
  PID:4596
- C:\Windows\System\RBSxmqZ.exe
  C:\Windows\System\RBSxmqZ.exe
  2⤵
  PID:4612
- C:\Windows\System\fkLoVWl.exe
  C:\Windows\System\fkLoVWl.exe
  2⤵
  PID:4632
- C:\Windows\System\HPHaEYv.exe
  C:\Windows\System\HPHaEYv.exe
  2⤵
  PID:4656
- C:\Windows\System\nvYXpmD.exe
  C:\Windows\System\nvYXpmD.exe
  2⤵
  PID:4672
- C:\Windows\System\XAzIUlw.exe
  C:\Windows\System\XAzIUlw.exe
  2⤵
  PID:4688
- C:\Windows\System\CqOTjDt.exe
  C:\Windows\System\CqOTjDt.exe
  2⤵
  PID:4716
- C:\Windows\System\FHDvwrG.exe
  C:\Windows\System\FHDvwrG.exe
  2⤵
  PID:4736
- C:\Windows\System\UwHlwhL.exe
  C:\Windows\System\UwHlwhL.exe
  2⤵
  PID:4756
- C:\Windows\System\lXUOWcv.exe
  C:\Windows\System\lXUOWcv.exe
  2⤵
  PID:4772
- C:\Windows\System\WjMpodt.exe
  C:\Windows\System\WjMpodt.exe
  2⤵
  PID:4796
- C:\Windows\System\iJlBrWK.exe
  C:\Windows\System\iJlBrWK.exe
  2⤵
  PID:4816
- C:\Windows\System\INXXqvc.exe
  C:\Windows\System\INXXqvc.exe
  2⤵
  PID:4836
- C:\Windows\System\nXCCatQ.exe
  C:\Windows\System\nXCCatQ.exe
  2⤵
  PID:4852
- C:\Windows\System\tpWJxhd.exe
  C:\Windows\System\tpWJxhd.exe
  2⤵
  PID:4872
- C:\Windows\System\ywTmfim.exe
  C:\Windows\System\ywTmfim.exe
  2⤵
  PID:4896
- C:\Windows\System\IWcPjhF.exe
  C:\Windows\System\IWcPjhF.exe
  2⤵
  PID:4920
- C:\Windows\System\ZBmjdYE.exe
  C:\Windows\System\ZBmjdYE.exe
  2⤵
  PID:4940
- C:\Windows\System\myQxVCo.exe
  C:\Windows\System\myQxVCo.exe
  2⤵
  PID:4956
- C:\Windows\System\BUcCNQc.exe
  C:\Windows\System\BUcCNQc.exe
  2⤵
  PID:4980
- C:\Windows\System\TjSBssf.exe
  C:\Windows\System\TjSBssf.exe
  2⤵
  PID:5000
- C:\Windows\System\bViVeCQ.exe
  C:\Windows\System\bViVeCQ.exe
  2⤵
  PID:5020
- C:\Windows\System\tQMFWMt.exe
  C:\Windows\System\tQMFWMt.exe
  2⤵
  PID:5040
- C:\Windows\System\VYsmNni.exe
  C:\Windows\System\VYsmNni.exe
  2⤵
  PID:5060
- C:\Windows\System\IyDBzox.exe
  C:\Windows\System\IyDBzox.exe
  2⤵
  PID:5080
- C:\Windows\System\NFaIUdl.exe
  C:\Windows\System\NFaIUdl.exe
  2⤵
  PID:5100
- C:\Windows\System\YGVeafs.exe
  C:\Windows\System\YGVeafs.exe
  2⤵
  PID:2596
- C:\Windows\System\bsNXVdf.exe
  C:\Windows\System\bsNXVdf.exe
  2⤵
  PID:2620
- C:\Windows\System\sZkiXPx.exe
  C:\Windows\System\sZkiXPx.exe
  2⤵
  PID:3608
- C:\Windows\System\nQqzwpy.exe
  C:\Windows\System\nQqzwpy.exe
  2⤵
  PID:3648
- C:\Windows\System\yroYtNg.exe
  C:\Windows\System\yroYtNg.exe
  2⤵
  PID:3552
- C:\Windows\System\aFSSGvM.exe
  C:\Windows\System\aFSSGvM.exe
  2⤵
  PID:3820
- C:\Windows\System\ikQCmYC.exe
  C:\Windows\System\ikQCmYC.exe
  2⤵
  PID:3876
- C:\Windows\System\QhTqKnH.exe
  C:\Windows\System\QhTqKnH.exe
  2⤵
  PID:3636
- C:\Windows\System\plbAwma.exe
  C:\Windows\System\plbAwma.exe
  2⤵
  PID:3772
- C:\Windows\System\LxjOuMq.exe
  C:\Windows\System\LxjOuMq.exe
  2⤵
  PID:4032
- C:\Windows\System\FaebKAT.exe
  C:\Windows\System\FaebKAT.exe
  2⤵
  PID:900
- C:\Windows\System\CWxvaRq.exe
  C:\Windows\System\CWxvaRq.exe
  2⤵
  PID:3996
- C:\Windows\System\jVDNTLl.exe
  C:\Windows\System\jVDNTLl.exe
  2⤵
  PID:1564
- C:\Windows\System\Aoplweg.exe
  C:\Windows\System\Aoplweg.exe
  2⤵
  PID:3340
- C:\Windows\System\BGrrSdE.exe
  C:\Windows\System\BGrrSdE.exe
  2⤵
  PID:2040
- C:\Windows\System\qPuOifr.exe
  C:\Windows\System\qPuOifr.exe
  2⤵
  PID:4160
- C:\Windows\System\xPBbWhR.exe
  C:\Windows\System\xPBbWhR.exe
  2⤵
  PID:2312
- C:\Windows\System\MTIhiZF.exe
  C:\Windows\System\MTIhiZF.exe
  2⤵
  PID:4248
- C:\Windows\System\CIYEubP.exe
  C:\Windows\System\CIYEubP.exe
  2⤵
  PID:4228
- C:\Windows\System\dHNHgJg.exe
  C:\Windows\System\dHNHgJg.exe
  2⤵
  PID:4224
- C:\Windows\System\nCCmpuB.exe
  C:\Windows\System\nCCmpuB.exe
  2⤵
  PID:4300
- C:\Windows\System\wEQibgE.exe
  C:\Windows\System\wEQibgE.exe
  2⤵
  PID:4360
- C:\Windows\System\dOTIVLf.exe
  C:\Windows\System\dOTIVLf.exe
  2⤵
  PID:4400
- C:\Windows\System\DhsoryQ.exe
  C:\Windows\System\DhsoryQ.exe
  2⤵
  PID:4440
- C:\Windows\System\usLFBFU.exe
  C:\Windows\System\usLFBFU.exe
  2⤵
  PID:4384
- C:\Windows\System\BFrRJtT.exe
  C:\Windows\System\BFrRJtT.exe
  2⤵
  PID:4420
- C:\Windows\System\WLkFkkP.exe
  C:\Windows\System\WLkFkkP.exe
  2⤵
  PID:4528
- C:\Windows\System\RCHcdCy.exe
  C:\Windows\System\RCHcdCy.exe
  2⤵
  PID:4572
- C:\Windows\System\cmxqLYy.exe
  C:\Windows\System\cmxqLYy.exe
  2⤵
  PID:4552
- C:\Windows\System\LetQKxe.exe
  C:\Windows\System\LetQKxe.exe
  2⤵
  PID:4680
- C:\Windows\System\duszPsn.exe
  C:\Windows\System\duszPsn.exe
  2⤵
  PID:4592
- C:\Windows\System\dgkfEJA.exe
  C:\Windows\System\dgkfEJA.exe
  2⤵
  PID:4728
- C:\Windows\System\uaBOVZP.exe
  C:\Windows\System\uaBOVZP.exe
  2⤵
  PID:4704
- C:\Windows\System\qTkxTDZ.exe
  C:\Windows\System\qTkxTDZ.exe
  2⤵
  PID:4764
- C:\Windows\System\DtMkWij.exe
  C:\Windows\System\DtMkWij.exe
  2⤵
  PID:4808
- C:\Windows\System\vJEyXqe.exe
  C:\Windows\System\vJEyXqe.exe
  2⤵
  PID:4884
- C:\Windows\System\QbPMEGv.exe
  C:\Windows\System\QbPMEGv.exe
  2⤵
  PID:4868
- C:\Windows\System\ZcoWagb.exe
  C:\Windows\System\ZcoWagb.exe
  2⤵
  PID:4824
- C:\Windows\System\wyGHlRW.exe
  C:\Windows\System\wyGHlRW.exe
  2⤵
  PID:4932
- C:\Windows\System\EYJyPyf.exe
  C:\Windows\System\EYJyPyf.exe
  2⤵
  PID:4972
- C:\Windows\System\kSGptdt.exe
  C:\Windows\System\kSGptdt.exe
  2⤵
  PID:5012
- C:\Windows\System\MZeydWd.exe
  C:\Windows\System\MZeydWd.exe
  2⤵
  PID:4988
- C:\Windows\System\YwaPoxu.exe
  C:\Windows\System\YwaPoxu.exe
  2⤵
  PID:5036
- C:\Windows\System\NkNuJUW.exe
  C:\Windows\System\NkNuJUW.exe
  2⤵
  PID:5092
- C:\Windows\System\dmqudgL.exe
  C:\Windows\System\dmqudgL.exe
  2⤵
  PID:2872
- C:\Windows\System\lRKYmPc.exe
  C:\Windows\System\lRKYmPc.exe
  2⤵
  PID:5112
- C:\Windows\System\NgdAkai.exe
  C:\Windows\System\NgdAkai.exe
  2⤵
  PID:3508
- C:\Windows\System\KoWbzqc.exe
  C:\Windows\System\KoWbzqc.exe
  2⤵
  PID:3680
- C:\Windows\System\SpZLeWU.exe
  C:\Windows\System\SpZLeWU.exe
  2⤵
  PID:3932
- C:\Windows\System\NZDKsXo.exe
  C:\Windows\System\NZDKsXo.exe
  2⤵
  PID:3900
- C:\Windows\System\QwuKDAH.exe
  C:\Windows\System\QwuKDAH.exe
  2⤵
  PID:3976
- C:\Windows\System\DOEobeK.exe
  C:\Windows\System\DOEobeK.exe
  2⤵
  PID:3200
- C:\Windows\System\HRAekwn.exe
  C:\Windows\System\HRAekwn.exe
  2⤵
  PID:4148
- C:\Windows\System\BmInamN.exe
  C:\Windows\System\BmInamN.exe
  2⤵
  PID:4200
- C:\Windows\System\YYzTnGN.exe
  C:\Windows\System\YYzTnGN.exe
  2⤵
  PID:2160
- C:\Windows\System\LJuKHnM.exe
  C:\Windows\System\LJuKHnM.exe
  2⤵
  PID:4304
- C:\Windows\System\NtyQoZF.exe
  C:\Windows\System\NtyQoZF.exe
  2⤵
  PID:4264
- C:\Windows\System\pSrywRP.exe
  C:\Windows\System\pSrywRP.exe
  2⤵
  PID:4328
- C:\Windows\System\dPLnUvc.exe
  C:\Windows\System\dPLnUvc.exe
  2⤵
  PID:4532
- C:\Windows\System\mNtuskc.exe
  C:\Windows\System\mNtuskc.exe
  2⤵
  PID:4380
- C:\Windows\System\tzOXXHb.exe
  C:\Windows\System\tzOXXHb.exe
  2⤵
  PID:4652
- C:\Windows\System\YDnIaPP.exe
  C:\Windows\System\YDnIaPP.exe
  2⤵
  PID:4504
- C:\Windows\System\psVyWrl.exe
  C:\Windows\System\psVyWrl.exe
  2⤵
  PID:4604
- C:\Windows\System\IyECRiy.exe
  C:\Windows\System\IyECRiy.exe
  2⤵
  PID:4732
- C:\Windows\System\MKfqoNI.exe
  C:\Windows\System\MKfqoNI.exe
  2⤵
  PID:4744
- C:\Windows\System\xsZdmCq.exe
  C:\Windows\System\xsZdmCq.exe
  2⤵
  PID:4748
- C:\Windows\System\EEQSsUF.exe
  C:\Windows\System\EEQSsUF.exe
  2⤵
  PID:4832
- C:\Windows\System\ezEHhPR.exe
  C:\Windows\System\ezEHhPR.exe
  2⤵
  PID:5008
- C:\Windows\System\aDiSDOn.exe
  C:\Windows\System\aDiSDOn.exe
  2⤵
  PID:4948
- C:\Windows\System\cBjZBcY.exe
  C:\Windows\System\cBjZBcY.exe
  2⤵
  PID:5096
- C:\Windows\System\vMWpFRl.exe
  C:\Windows\System\vMWpFRl.exe
  2⤵
  PID:3632
- C:\Windows\System\IBmwJIu.exe
  C:\Windows\System\IBmwJIu.exe
  2⤵
  PID:5108
- C:\Windows\System\wzfyMjg.exe
  C:\Windows\System\wzfyMjg.exe
  2⤵
  PID:3604
- C:\Windows\System\uZZNKFz.exe
  C:\Windows\System\uZZNKFz.exe
  2⤵
  PID:3860
- C:\Windows\System\lhSiByc.exe
  C:\Windows\System\lhSiByc.exe
  2⤵
  PID:4128
- C:\Windows\System\CHESavt.exe
  C:\Windows\System\CHESavt.exe
  2⤵
  PID:2356
- C:\Windows\System\EdaJEiY.exe
  C:\Windows\System\EdaJEiY.exe
  2⤵
  PID:4284
- C:\Windows\System\vjaUSAy.exe
  C:\Windows\System\vjaUSAy.exe
  2⤵
  PID:2132
- C:\Windows\System\edAhXay.exe
  C:\Windows\System\edAhXay.exe
  2⤵
  PID:4340
- C:\Windows\System\mmSFIdL.exe
  C:\Windows\System\mmSFIdL.exe
  2⤵
  PID:4180
- C:\Windows\System\qcdomyE.exe
  C:\Windows\System\qcdomyE.exe
  2⤵
  PID:4416
- C:\Windows\System\EbGOxsT.exe
  C:\Windows\System\EbGOxsT.exe
  2⤵
  PID:4524
- C:\Windows\System\ESrvRpy.exe
  C:\Windows\System\ESrvRpy.exe
  2⤵
  PID:4564
- C:\Windows\System\ZSpICiF.exe
  C:\Windows\System\ZSpICiF.exe
  2⤵
  PID:4888
- C:\Windows\System\gQamBQV.exe
  C:\Windows\System\gQamBQV.exe
  2⤵
  PID:5132
- C:\Windows\System\IhrWIJz.exe
  C:\Windows\System\IhrWIJz.exe
  2⤵
  PID:5156
- C:\Windows\System\CmyeZGQ.exe
  C:\Windows\System\CmyeZGQ.exe
  2⤵
  PID:5176
- C:\Windows\System\HFkPiLs.exe
  C:\Windows\System\HFkPiLs.exe
  2⤵
  PID:5196
- C:\Windows\System\gMWxTHO.exe
  C:\Windows\System\gMWxTHO.exe
  2⤵
  PID:5216
- C:\Windows\System\UpMkkhs.exe
  C:\Windows\System\UpMkkhs.exe
  2⤵
  PID:5236
- C:\Windows\System\vwLiVen.exe
  C:\Windows\System\vwLiVen.exe
  2⤵
  PID:5256
- C:\Windows\System\CynXaCr.exe
  C:\Windows\System\CynXaCr.exe
  2⤵
  PID:5276
- C:\Windows\System\tZLNqcE.exe
  C:\Windows\System\tZLNqcE.exe
  2⤵
  PID:5292
- C:\Windows\System\ozRYGbh.exe
  C:\Windows\System\ozRYGbh.exe
  2⤵
  PID:5316
- C:\Windows\System\uUVgAee.exe
  C:\Windows\System\uUVgAee.exe
  2⤵
  PID:5336
- C:\Windows\System\AfrTdZk.exe
  C:\Windows\System\AfrTdZk.exe
  2⤵
  PID:5356
- C:\Windows\System\vOheEvj.exe
  C:\Windows\System\vOheEvj.exe
  2⤵
  PID:5372
- C:\Windows\System\tozXWhl.exe
  C:\Windows\System\tozXWhl.exe
  2⤵
  PID:5396
- C:\Windows\System\AEYJJQI.exe
  C:\Windows\System\AEYJJQI.exe
  2⤵
  PID:5416
- C:\Windows\System\XGZONhI.exe
  C:\Windows\System\XGZONhI.exe
  2⤵
  PID:5432
- C:\Windows\System\UhXAqeY.exe
  C:\Windows\System\UhXAqeY.exe
  2⤵
  PID:5452
- C:\Windows\System\IPgNCmy.exe
  C:\Windows\System\IPgNCmy.exe
  2⤵
  PID:5472
- C:\Windows\System\IzAgKUb.exe
  C:\Windows\System\IzAgKUb.exe
  2⤵
  PID:5492
- C:\Windows\System\VoEhhXT.exe
  C:\Windows\System\VoEhhXT.exe
  2⤵
  PID:5516
- C:\Windows\System\SdqRAsC.exe
  C:\Windows\System\SdqRAsC.exe
  2⤵
  PID:5532
- C:\Windows\System\rzuwSeR.exe
  C:\Windows\System\rzuwSeR.exe
  2⤵
  PID:5552
- C:\Windows\System\kGdQwVG.exe
  C:\Windows\System\kGdQwVG.exe
  2⤵
  PID:5576
- C:\Windows\System\hmhmpIf.exe
  C:\Windows\System\hmhmpIf.exe
  2⤵
  PID:5600
- C:\Windows\System\HOVewYQ.exe
  C:\Windows\System\HOVewYQ.exe
  2⤵
  PID:5616
- C:\Windows\System\yxIIDAg.exe
  C:\Windows\System\yxIIDAg.exe
  2⤵
  PID:5640
- C:\Windows\System\zKRNusA.exe
  C:\Windows\System\zKRNusA.exe
  2⤵
  PID:5656
- C:\Windows\System\KGXZZrb.exe
  C:\Windows\System\KGXZZrb.exe
  2⤵
  PID:5676
- C:\Windows\System\QtMbTXD.exe
  C:\Windows\System\QtMbTXD.exe
  2⤵
  PID:5696
- C:\Windows\System\OMZnBXa.exe
  C:\Windows\System\OMZnBXa.exe
  2⤵
  PID:5720
- C:\Windows\System\kCZfpLU.exe
  C:\Windows\System\kCZfpLU.exe
  2⤵
  PID:5740
- C:\Windows\System\okUQeTf.exe
  C:\Windows\System\okUQeTf.exe
  2⤵
  PID:5760
- C:\Windows\System\fluoEVj.exe
  C:\Windows\System\fluoEVj.exe
  2⤵
  PID:5780
- C:\Windows\System\ZaufsPI.exe
  C:\Windows\System\ZaufsPI.exe
  2⤵
  PID:5800
- C:\Windows\System\UdTnCTU.exe
  C:\Windows\System\UdTnCTU.exe
  2⤵
  PID:5816
- C:\Windows\System\EaqetdV.exe
  C:\Windows\System\EaqetdV.exe
  2⤵
  PID:5840
- C:\Windows\System\BGyhqtR.exe
  C:\Windows\System\BGyhqtR.exe
  2⤵
  PID:5860
- C:\Windows\System\aYzoZQv.exe
  C:\Windows\System\aYzoZQv.exe
  2⤵
  PID:5884
- C:\Windows\System\JKnCFMb.exe
  C:\Windows\System\JKnCFMb.exe
  2⤵
  PID:5900
- C:\Windows\System\puibsOv.exe
  C:\Windows\System\puibsOv.exe
  2⤵
  PID:5924
- C:\Windows\System\YGcKAYG.exe
  C:\Windows\System\YGcKAYG.exe
  2⤵
  PID:5944
- C:\Windows\System\PtfSmww.exe
  C:\Windows\System\PtfSmww.exe
  2⤵
  PID:5964
- C:\Windows\System\SRxHAJE.exe
  C:\Windows\System\SRxHAJE.exe
  2⤵
  PID:5984
- C:\Windows\System\eHqgSyq.exe
  C:\Windows\System\eHqgSyq.exe
  2⤵
  PID:6004
- C:\Windows\System\phSFRPA.exe
  C:\Windows\System\phSFRPA.exe
  2⤵
  PID:6020
- C:\Windows\System\CBwnkpa.exe
  C:\Windows\System\CBwnkpa.exe
  2⤵
  PID:6036
- C:\Windows\System\noEgWbX.exe
  C:\Windows\System\noEgWbX.exe
  2⤵
  PID:6060
- C:\Windows\System\CrEPUKg.exe
  C:\Windows\System\CrEPUKg.exe
  2⤵
  PID:6080
- C:\Windows\System\pIsMuuX.exe
  C:\Windows\System\pIsMuuX.exe
  2⤵
  PID:6100
- C:\Windows\System\vMeQbej.exe
  C:\Windows\System\vMeQbej.exe
  2⤵
  PID:6120
- C:\Windows\System\VGdLaPI.exe
  C:\Windows\System\VGdLaPI.exe
  2⤵
  PID:4628
- C:\Windows\System\bsVnaLW.exe
  C:\Windows\System\bsVnaLW.exe
  2⤵
  PID:4916
- C:\Windows\System\YUgUqVG.exe
  C:\Windows\System\YUgUqVG.exe
  2⤵
  PID:4904
- C:\Windows\System\hxSpnhi.exe
  C:\Windows\System\hxSpnhi.exe
  2⤵
  PID:4908
- C:\Windows\System\EtXNVSH.exe
  C:\Windows\System\EtXNVSH.exe
  2⤵
  PID:3368
- C:\Windows\System\oaAEFhB.exe
  C:\Windows\System\oaAEFhB.exe
  2⤵
  PID:5016
- C:\Windows\System\TdFpdWh.exe
  C:\Windows\System\TdFpdWh.exe
  2⤵
  PID:4016
- C:\Windows\System\fIAtqWF.exe
  C:\Windows\System\fIAtqWF.exe
  2⤵
  PID:4208
- C:\Windows\System\VqvRuUE.exe
  C:\Windows\System\VqvRuUE.exe
  2⤵
  PID:620
- C:\Windows\System\VGqWnBY.exe
  C:\Windows\System\VGqWnBY.exe
  2⤵
  PID:2844
- C:\Windows\System\gbakYLH.exe
  C:\Windows\System\gbakYLH.exe
  2⤵
  PID:4648
- C:\Windows\System\PWoYQcC.exe
  C:\Windows\System\PWoYQcC.exe
  2⤵
  PID:2912
- C:\Windows\System\gJBQtqD.exe
  C:\Windows\System\gJBQtqD.exe
  2⤵
  PID:4584
- C:\Windows\System\WvUYjzT.exe
  C:\Windows\System\WvUYjzT.exe
  2⤵
  PID:5128
- C:\Windows\System\fCSmVsA.exe
  C:\Windows\System\fCSmVsA.exe
  2⤵
  PID:5232
- C:\Windows\System\wgBJzaR.exe
  C:\Windows\System\wgBJzaR.exe
  2⤵
  PID:5168
- C:\Windows\System\ofPcONd.exe
  C:\Windows\System\ofPcONd.exe
  2⤵
  PID:5212
- C:\Windows\System\VmEAvlG.exe
  C:\Windows\System\VmEAvlG.exe
  2⤵
  PID:5300
- C:\Windows\System\CKSAosc.exe
  C:\Windows\System\CKSAosc.exe
  2⤵
  PID:5352
- C:\Windows\System\ZBqVlfz.exe
  C:\Windows\System\ZBqVlfz.exe
  2⤵
  PID:5388
- C:\Windows\System\fdFEyWE.exe
  C:\Windows\System\fdFEyWE.exe
  2⤵
  PID:5332
- C:\Windows\System\LVNZGCQ.exe
  C:\Windows\System\LVNZGCQ.exe
  2⤵
  PID:5468
- C:\Windows\System\ywpQtmt.exe
  C:\Windows\System\ywpQtmt.exe
  2⤵
  PID:5412
- C:\Windows\System\VlqXZZI.exe
  C:\Windows\System\VlqXZZI.exe
  2⤵
  PID:5504
- C:\Windows\System\kYoLrcJ.exe
  C:\Windows\System\kYoLrcJ.exe
  2⤵
  PID:5484
- C:\Windows\System\iWzdGIC.exe
  C:\Windows\System\iWzdGIC.exe
  2⤵
  PID:5528
- C:\Windows\System\wfroOlL.exe
  C:\Windows\System\wfroOlL.exe
  2⤵
  PID:5564
- C:\Windows\System\nxuimta.exe
  C:\Windows\System\nxuimta.exe
  2⤵
  PID:5568
- C:\Windows\System\oIYntoH.exe
  C:\Windows\System\oIYntoH.exe
  2⤵
  PID:5664
- C:\Windows\System\rKYNdjb.exe
  C:\Windows\System\rKYNdjb.exe
  2⤵
  PID:5704
- C:\Windows\System\Wrzhmhv.exe
  C:\Windows\System\Wrzhmhv.exe
  2⤵
  PID:5684
- C:\Windows\System\vciLBRa.exe
  C:\Windows\System\vciLBRa.exe
  2⤵
  PID:5788
- C:\Windows\System\MmhDTco.exe
  C:\Windows\System\MmhDTco.exe
  2⤵
  PID:5792
- C:\Windows\System\xjDYHkY.exe
  C:\Windows\System\xjDYHkY.exe
  2⤵
  PID:5772
- C:\Windows\System\ITIbqca.exe
  C:\Windows\System\ITIbqca.exe
  2⤵
  PID:5836
- C:\Windows\System\ZRNWzJS.exe
  C:\Windows\System\ZRNWzJS.exe
  2⤵
  PID:5908
- C:\Windows\System\ivDiBwf.exe
  C:\Windows\System\ivDiBwf.exe
  2⤵
  PID:5856
- C:\Windows\System\oaaaTRx.exe
  C:\Windows\System\oaaaTRx.exe
  2⤵
  PID:5960
- C:\Windows\System\jOLXIpd.exe
  C:\Windows\System\jOLXIpd.exe
  2⤵
  PID:5936
- C:\Windows\System\EXCHHkV.exe
  C:\Windows\System\EXCHHkV.exe
  2⤵
  PID:6000
- C:\Windows\System\aKKCLRO.exe
  C:\Windows\System\aKKCLRO.exe
  2⤵
  PID:6072
- C:\Windows\System\UXplsqD.exe
  C:\Windows\System\UXplsqD.exe
  2⤵
  PID:6112
- C:\Windows\System\WfUHTIq.exe
  C:\Windows\System\WfUHTIq.exe
  2⤵
  PID:6056
- C:\Windows\System\asblLgT.exe
  C:\Windows\System\asblLgT.exe
  2⤵
  PID:4936
- C:\Windows\System\lNsEDZm.exe
  C:\Windows\System\lNsEDZm.exe
  2⤵
  PID:5088
- C:\Windows\System\pQpUoNd.exe
  C:\Windows\System\pQpUoNd.exe
  2⤵
  PID:3956
- C:\Windows\System\VGYskUI.exe
  C:\Windows\System\VGYskUI.exe
  2⤵
  PID:3460
- C:\Windows\System\BPnipFK.exe
  C:\Windows\System\BPnipFK.exe
  2⤵
  PID:3428
- C:\Windows\System\kUhPrYi.exe
  C:\Windows\System\kUhPrYi.exe
  2⤵
  PID:3564
- C:\Windows\System\wepnvMk.exe
  C:\Windows\System\wepnvMk.exe
  2⤵
  PID:4368
- C:\Windows\System\WljyyMt.exe
  C:\Windows\System\WljyyMt.exe
  2⤵
  PID:4464
- C:\Windows\System\rLpLBNd.exe
  C:\Windows\System\rLpLBNd.exe
  2⤵
  PID:4880
- C:\Windows\System\IBPyXYH.exe
  C:\Windows\System\IBPyXYH.exe
  2⤵
  PID:5124
- C:\Windows\System\FWVqjsS.exe
  C:\Windows\System\FWVqjsS.exe
  2⤵
  PID:5248
- C:\Windows\System\OZpPavE.exe
  C:\Windows\System\OZpPavE.exe
  2⤵
  PID:5348
- C:\Windows\System\bFZzwMc.exe
  C:\Windows\System\bFZzwMc.exe
  2⤵
  PID:5464
- C:\Windows\System\QczOZUj.exe
  C:\Windows\System\QczOZUj.exe
  2⤵
  PID:5364
- C:\Windows\System\bhPwYjG.exe
  C:\Windows\System\bhPwYjG.exe
  2⤵
  PID:5404
- C:\Windows\System\OxiLdpQ.exe
  C:\Windows\System\OxiLdpQ.exe
  2⤵
  PID:5444
- C:\Windows\System\FmCTuGM.exe
  C:\Windows\System\FmCTuGM.exe
  2⤵
  PID:5592
- C:\Windows\System\lQjKQAv.exe
  C:\Windows\System\lQjKQAv.exe
  2⤵
  PID:5668
- C:\Windows\System\SKuZFsy.exe
  C:\Windows\System\SKuZFsy.exe
  2⤵
  PID:1392
- C:\Windows\System\SUScivk.exe
  C:\Windows\System\SUScivk.exe
  2⤵
  PID:5828
- C:\Windows\System\PkflINW.exe
  C:\Windows\System\PkflINW.exe
  2⤵
  PID:5776
- C:\Windows\System\IrXcJkH.exe
  C:\Windows\System\IrXcJkH.exe
  2⤵
  PID:5868
- C:\Windows\System\ckfQOQg.exe
  C:\Windows\System\ckfQOQg.exe
  2⤵
  PID:5812
- C:\Windows\System\ReHALOM.exe
  C:\Windows\System\ReHALOM.exe
  2⤵
  PID:5848
- C:\Windows\System\mxGHpTu.exe
  C:\Windows\System\mxGHpTu.exe
  2⤵
  PID:5956
- C:\Windows\System\isneOcT.exe
  C:\Windows\System\isneOcT.exe
  2⤵
  PID:6012
- C:\Windows\System\mfapTXn.exe
  C:\Windows\System\mfapTXn.exe
  2⤵
  PID:6016
- C:\Windows\System\IRLXfpI.exe
  C:\Windows\System\IRLXfpI.exe
  2⤵
  PID:2552
- C:\Windows\System\zrvmdNj.exe
  C:\Windows\System\zrvmdNj.exe
  2⤵
  PID:984
- C:\Windows\System\kiPaxNK.exe
  C:\Windows\System\kiPaxNK.exe
  2⤵
  PID:6136
- C:\Windows\System\WVlZmnT.exe
  C:\Windows\System\WVlZmnT.exe
  2⤵
  PID:2768
- C:\Windows\System\WUNbZpp.exe
  C:\Windows\System\WUNbZpp.exe
  2⤵
  PID:616
- C:\Windows\System\YienFnc.exe
  C:\Windows\System\YienFnc.exe
  2⤵
  PID:2232
- C:\Windows\System\rHwGiAa.exe
  C:\Windows\System\rHwGiAa.exe
  2⤵
  PID:4608
- C:\Windows\System\kuwYmdY.exe
  C:\Windows\System\kuwYmdY.exe
  2⤵
  PID:5288
- C:\Windows\System\RUVMGOI.exe
  C:\Windows\System\RUVMGOI.exe
  2⤵
  PID:2320
- C:\Windows\System\VksItrz.exe
  C:\Windows\System\VksItrz.exe
  2⤵
  PID:5312
- C:\Windows\System\nXmwfQp.exe
  C:\Windows\System\nXmwfQp.exe
  2⤵
  PID:2952
- C:\Windows\System\OLbVvWC.exe
  C:\Windows\System\OLbVvWC.exe
  2⤵
  PID:5736
- C:\Windows\System\sGFKEGC.exe
  C:\Windows\System\sGFKEGC.exe
  2⤵
  PID:5596
- C:\Windows\System\VxqaCLI.exe
  C:\Windows\System\VxqaCLI.exe
  2⤵
  PID:5608
- C:\Windows\System\ZrrTAln.exe
  C:\Windows\System\ZrrTAln.exe
  2⤵
  PID:6116
- C:\Windows\System\yhdGMWZ.exe
  C:\Windows\System\yhdGMWZ.exe
  2⤵
  PID:5732
- C:\Windows\System\tvGdlmb.exe
  C:\Windows\System\tvGdlmb.exe
  2⤵
  PID:6048
- C:\Windows\System\smluPwG.exe
  C:\Windows\System\smluPwG.exe
  2⤵
  PID:1824
- C:\Windows\System\uSNCFHU.exe
  C:\Windows\System\uSNCFHU.exe
  2⤵
  PID:4640
- C:\Windows\System\OmCbwEi.exe
  C:\Windows\System\OmCbwEi.exe
  2⤵
  PID:2848
- C:\Windows\System\JLfyDby.exe
  C:\Windows\System\JLfyDby.exe
  2⤵
  PID:6152
- C:\Windows\System\gGUmqPA.exe
  C:\Windows\System\gGUmqPA.exe
  2⤵
  PID:6172
- C:\Windows\System\DAPeemP.exe
  C:\Windows\System\DAPeemP.exe
  2⤵
  PID:6192
- C:\Windows\System\jYArQlB.exe
  C:\Windows\System\jYArQlB.exe
  2⤵
  PID:6208
- C:\Windows\System\nWKwqRX.exe
  C:\Windows\System\nWKwqRX.exe
  2⤵
  PID:6228
- C:\Windows\System\XLtEbfs.exe
  C:\Windows\System\XLtEbfs.exe
  2⤵
  PID:6252
- C:\Windows\System\lwXiOXF.exe
  C:\Windows\System\lwXiOXF.exe
  2⤵
  PID:6272
- C:\Windows\System\cjlpmKf.exe
  C:\Windows\System\cjlpmKf.exe
  2⤵
  PID:6292
- C:\Windows\System\TisyCnF.exe
  C:\Windows\System\TisyCnF.exe
  2⤵
  PID:6312
- C:\Windows\System\NcTaKuN.exe
  C:\Windows\System\NcTaKuN.exe
  2⤵
  PID:6332
- C:\Windows\System\PVtJGlr.exe
  C:\Windows\System\PVtJGlr.exe
  2⤵
  PID:6352
- C:\Windows\System\lgJppNl.exe
  C:\Windows\System\lgJppNl.exe
  2⤵
  PID:6368
- C:\Windows\System\umVVYdN.exe
  C:\Windows\System\umVVYdN.exe
  2⤵
  PID:6392
- C:\Windows\System\CsfChcN.exe
  C:\Windows\System\CsfChcN.exe
  2⤵
  PID:6412
- C:\Windows\System\RBFJzXA.exe
  C:\Windows\System\RBFJzXA.exe
  2⤵
  PID:6428
- C:\Windows\System\gYeqUgd.exe
  C:\Windows\System\gYeqUgd.exe
  2⤵
  PID:6452
- C:\Windows\System\JfOVeKo.exe
  C:\Windows\System\JfOVeKo.exe
  2⤵
  PID:6472
- C:\Windows\System\cYQZyMt.exe
  C:\Windows\System\cYQZyMt.exe
  2⤵
  PID:6488
- C:\Windows\System\WciSSYt.exe
  C:\Windows\System\WciSSYt.exe
  2⤵
  PID:6512
- C:\Windows\System\rjATFWq.exe
  C:\Windows\System\rjATFWq.exe
  2⤵
  PID:6528
- C:\Windows\System\zSlEmNj.exe
  C:\Windows\System\zSlEmNj.exe
  2⤵
  PID:6548
- C:\Windows\System\znsgluA.exe
  C:\Windows\System\znsgluA.exe
  2⤵
  PID:6564
- C:\Windows\System\xJEFKCl.exe
  C:\Windows\System\xJEFKCl.exe
  2⤵
  PID:6592
- C:\Windows\System\qvZtHWg.exe
  C:\Windows\System\qvZtHWg.exe
  2⤵
  PID:6612
- C:\Windows\System\ruCytYA.exe
  C:\Windows\System\ruCytYA.exe
  2⤵
  PID:6628
- C:\Windows\System\CxwPXYQ.exe
  C:\Windows\System\CxwPXYQ.exe
  2⤵
  PID:6652
- C:\Windows\System\eBDAtBc.exe
  C:\Windows\System\eBDAtBc.exe
  2⤵
  PID:6672
- C:\Windows\System\lUlRdWl.exe
  C:\Windows\System\lUlRdWl.exe
  2⤵
  PID:6692
- C:\Windows\System\vIuUscu.exe
  C:\Windows\System\vIuUscu.exe
  2⤵
  PID:6712
- C:\Windows\System\wKJndNQ.exe
  C:\Windows\System\wKJndNQ.exe
  2⤵
  PID:6728
- C:\Windows\System\CxiwUqV.exe
  C:\Windows\System\CxiwUqV.exe
  2⤵
  PID:6748
- C:\Windows\System\uKotLbp.exe
  C:\Windows\System\uKotLbp.exe
  2⤵
  PID:6772
- C:\Windows\System\QYJVjYz.exe
  C:\Windows\System\QYJVjYz.exe
  2⤵
  PID:6796
- C:\Windows\System\HLMMwZX.exe
  C:\Windows\System\HLMMwZX.exe
  2⤵
  PID:6820
- C:\Windows\System\houGDXg.exe
  C:\Windows\System\houGDXg.exe
  2⤵
  PID:6840
- C:\Windows\System\LPxjCXg.exe
  C:\Windows\System\LPxjCXg.exe
  2⤵
  PID:6864
- C:\Windows\System\eMDVWLI.exe
  C:\Windows\System\eMDVWLI.exe
  2⤵
  PID:6880
- C:\Windows\System\cqdqTfd.exe
  C:\Windows\System\cqdqTfd.exe
  2⤵
  PID:6896
- C:\Windows\System\DldsAll.exe
  C:\Windows\System\DldsAll.exe
  2⤵
  PID:6920
- C:\Windows\System\oEJRwsY.exe
  C:\Windows\System\oEJRwsY.exe
  2⤵
  PID:6940
- C:\Windows\System\enLYPMW.exe
  C:\Windows\System\enLYPMW.exe
  2⤵
  PID:6976
- C:\Windows\System\alHJAXA.exe
  C:\Windows\System\alHJAXA.exe
  2⤵
  PID:7004
- C:\Windows\System\ygGncgN.exe
  C:\Windows\System\ygGncgN.exe
  2⤵
  PID:7028
- C:\Windows\System\xOCtclK.exe
  C:\Windows\System\xOCtclK.exe
  2⤵
  PID:7048
- C:\Windows\System\IpVZeaE.exe
  C:\Windows\System\IpVZeaE.exe
  2⤵
  PID:7064
- C:\Windows\System\zNIiLTp.exe
  C:\Windows\System\zNIiLTp.exe
  2⤵
  PID:7084
- C:\Windows\System\XnxFyXn.exe
  C:\Windows\System\XnxFyXn.exe
  2⤵
  PID:7108
- C:\Windows\System\GZbUGEM.exe
  C:\Windows\System\GZbUGEM.exe
  2⤵
  PID:7128
- C:\Windows\System\FDupZSU.exe
  C:\Windows\System\FDupZSU.exe
  2⤵
  PID:7144
- C:\Windows\System\MTLTmwG.exe
  C:\Windows\System\MTLTmwG.exe
  2⤵
  PID:7160
- C:\Windows\System\tqNtDJz.exe
  C:\Windows\System\tqNtDJz.exe
  2⤵
  PID:3884
- C:\Windows\System\SzOSUqB.exe
  C:\Windows\System\SzOSUqB.exe
  2⤵
  PID:5268
- C:\Windows\System\yvsvzSm.exe
  C:\Windows\System\yvsvzSm.exe
  2⤵
  PID:5716
- C:\Windows\System\aXgaGtI.exe
  C:\Windows\System\aXgaGtI.exe
  2⤵
  PID:5460
- C:\Windows\System\LJGQqkR.exe
  C:\Windows\System\LJGQqkR.exe
  2⤵
  PID:5508
- C:\Windows\System\hnuQtxX.exe
  C:\Windows\System\hnuQtxX.exe
  2⤵
  PID:5752
- C:\Windows\System\opwIqnI.exe
  C:\Windows\System\opwIqnI.exe
  2⤵
  PID:5184
- C:\Windows\System\bmShcFG.exe
  C:\Windows\System\bmShcFG.exe
  2⤵
  PID:6128
- C:\Windows\System\WAMfjaH.exe
  C:\Windows\System\WAMfjaH.exe
  2⤵
  PID:2748
- C:\Windows\System\MoOGZry.exe
  C:\Windows\System\MoOGZry.exe
  2⤵
  PID:2484
- C:\Windows\System\fGjHupS.exe
  C:\Windows\System\fGjHupS.exe
  2⤵
  PID:6204
- C:\Windows\System\zJCkvek.exe
  C:\Windows\System\zJCkvek.exe
  2⤵
  PID:6220
- C:\Windows\System\RizoeOe.exe
  C:\Windows\System\RizoeOe.exe
  2⤵
  PID:6288
- C:\Windows\System\cSEXnfH.exe
  C:\Windows\System\cSEXnfH.exe
  2⤵
  PID:6328
- C:\Windows\System\rJovPWx.exe
  C:\Windows\System\rJovPWx.exe
  2⤵
  PID:6364
- C:\Windows\System\YHGUDQB.exe
  C:\Windows\System\YHGUDQB.exe
  2⤵
  PID:6308
- C:\Windows\System\dIxjomF.exe
  C:\Windows\System\dIxjomF.exe
  2⤵
  PID:6448
- C:\Windows\System\pPmgCYm.exe
  C:\Windows\System\pPmgCYm.exe
  2⤵
  PID:6380
- C:\Windows\System\CstLqQx.exe
  C:\Windows\System\CstLqQx.exe
  2⤵
  PID:6560
- C:\Windows\System\cRaUTBT.exe
  C:\Windows\System\cRaUTBT.exe
  2⤵
  PID:6604
- C:\Windows\System\fnurjTN.exe
  C:\Windows\System\fnurjTN.exe
  2⤵
  PID:6688
- C:\Windows\System\VLzjeKv.exe
  C:\Windows\System\VLzjeKv.exe
  2⤵
  PID:6424
- C:\Windows\System\SQRXpPx.exe
  C:\Windows\System\SQRXpPx.exe
  2⤵
  PID:6764
- C:\Windows\System\kCJrsBe.exe
  C:\Windows\System\kCJrsBe.exe
  2⤵
  PID:6468
- C:\Windows\System\raqpAJQ.exe
  C:\Windows\System\raqpAJQ.exe
  2⤵
  PID:6500
- C:\Windows\System\eRavwFa.exe
  C:\Windows\System\eRavwFa.exe
  2⤵
  PID:6572
- C:\Windows\System\XafYBbm.exe
  C:\Windows\System\XafYBbm.exe
  2⤵
  PID:6860
- C:\Windows\System\hqRvaFU.exe
  C:\Windows\System\hqRvaFU.exe
  2⤵
  PID:6888
- C:\Windows\System\xyaAVZB.exe
  C:\Windows\System\xyaAVZB.exe
  2⤵
  PID:6740
- C:\Windows\System\UKuXQPA.exe
  C:\Windows\System\UKuXQPA.exe
  2⤵
  PID:6936
- C:\Windows\System\YNVfrvq.exe
  C:\Windows\System\YNVfrvq.exe
  2⤵
  PID:2448
- C:\Windows\System\CNpqZyx.exe
  C:\Windows\System\CNpqZyx.exe
  2⤵
  PID:6952
- C:\Windows\System\xXnamKb.exe
  C:\Windows\System\xXnamKb.exe
  2⤵
  PID:6876
- C:\Windows\System\tLoZMYa.exe
  C:\Windows\System\tLoZMYa.exe
  2⤵
  PID:7036
- C:\Windows\System\nfOybIQ.exe
  C:\Windows\System\nfOybIQ.exe
  2⤵
  PID:7124
- C:\Windows\System\sBUJfTt.exe
  C:\Windows\System\sBUJfTt.exe
  2⤵
  PID:4712
- C:\Windows\System\ncRGRDb.exe
  C:\Windows\System\ncRGRDb.exe
  2⤵
  PID:5500
- C:\Windows\System\TwvAXmm.exe
  C:\Windows\System\TwvAXmm.exe
  2⤵
  PID:7056
- C:\Windows\System\UiLRnAw.exe
  C:\Windows\System\UiLRnAw.exe
  2⤵
  PID:5992
- C:\Windows\System\ADCcNmt.exe
  C:\Windows\System\ADCcNmt.exe
  2⤵
  PID:7096
- C:\Windows\System\SNCWkJE.exe
  C:\Windows\System\SNCWkJE.exe
  2⤵
  PID:5244
- C:\Windows\System\jbDmJEL.exe
  C:\Windows\System\jbDmJEL.exe
  2⤵
  PID:6168
- C:\Windows\System\KwTOTDn.exe
  C:\Windows\System\KwTOTDn.exe
  2⤵
  PID:5712
- C:\Windows\System\puOrRJo.exe
  C:\Windows\System\puOrRJo.exe
  2⤵
  PID:5880
- C:\Windows\System\lQHyShn.exe
  C:\Windows\System\lQHyShn.exe
  2⤵
  PID:588
- C:\Windows\System\gsgrito.exe
  C:\Windows\System\gsgrito.exe
  2⤵
  PID:6268
- C:\Windows\System\jVhOjCC.exe
  C:\Windows\System\jVhOjCC.exe
  2⤵
  PID:6408
- C:\Windows\System\IgqeIzc.exe
  C:\Windows\System\IgqeIzc.exe
  2⤵
  PID:6344
- C:\Windows\System\ocNvbwa.exe
  C:\Windows\System\ocNvbwa.exe
  2⤵
  PID:6184
- C:\Windows\System\YOyotRJ.exe
  C:\Windows\System\YOyotRJ.exe
  2⤵
  PID:6388
- C:\Windows\System\pBomHRB.exe
  C:\Windows\System\pBomHRB.exe
  2⤵
  PID:6804
- C:\Windows\System\tbdGMZX.exe
  C:\Windows\System\tbdGMZX.exe
  2⤵
  PID:6816
- C:\Windows\System\jeSzVTT.exe
  C:\Windows\System\jeSzVTT.exe
  2⤵
  PID:6540
- C:\Windows\System\zUPkitF.exe
  C:\Windows\System\zUPkitF.exe
  2⤵
  PID:6640
- C:\Windows\System\oOZaRSL.exe
  C:\Windows\System\oOZaRSL.exe
  2⤵
  PID:6892
- C:\Windows\System\EyXMPtL.exe
  C:\Windows\System\EyXMPtL.exe
  2⤵
  PID:6916
- C:\Windows\System\RoRiyPl.exe
  C:\Windows\System\RoRiyPl.exe
  2⤵
  PID:7000
- C:\Windows\System\kYktfcI.exe
  C:\Windows\System\kYktfcI.exe
  2⤵
  PID:6580
- C:\Windows\System\PdTddRO.exe
  C:\Windows\System\PdTddRO.exe
  2⤵
  PID:6708
- C:\Windows\System\NoLFzyH.exe
  C:\Windows\System\NoLFzyH.exe
  2⤵
  PID:5896
- C:\Windows\System\gTYXBxk.exe
  C:\Windows\System\gTYXBxk.exe
  2⤵
  PID:5344
- C:\Windows\System\lsSwGWW.exe
  C:\Windows\System\lsSwGWW.exe
  2⤵
  PID:5808
- C:\Windows\System\ZlUfDIx.exe
  C:\Windows\System\ZlUfDIx.exe
  2⤵
  PID:7072
- C:\Windows\System\SzQxjHn.exe
  C:\Windows\System\SzQxjHn.exe
  2⤵
  PID:5304
- C:\Windows\System\eRvJFMF.exe
  C:\Windows\System\eRvJFMF.exe
  2⤵
  PID:6340
- C:\Windows\System\AXVkhQJ.exe
  C:\Windows\System\AXVkhQJ.exe
  2⤵
  PID:6224
- C:\Windows\System\llPvFAV.exe
  C:\Windows\System\llPvFAV.exe
  2⤵
  PID:6436
- C:\Windows\System\xRDKeOd.exe
  C:\Windows\System\xRDKeOd.exe
  2⤵
  PID:7140
- C:\Windows\System\rqkTjzR.exe
  C:\Windows\System\rqkTjzR.exe
  2⤵
  PID:6624
- C:\Windows\System\koRwfJR.exe
  C:\Windows\System\koRwfJR.exe
  2⤵
  PID:2664
- C:\Windows\System\wduYfBZ.exe
  C:\Windows\System\wduYfBZ.exe
  2⤵
  PID:6496
- C:\Windows\System\oyONumy.exe
  C:\Windows\System\oyONumy.exe
  2⤵
  PID:6912
- C:\Windows\System\WWpcWIO.exe
  C:\Windows\System\WWpcWIO.exe
  2⤵
  PID:6636
- C:\Windows\System\oxNppPC.exe
  C:\Windows\System\oxNppPC.exe
  2⤵
  PID:7024
- C:\Windows\System\TdTqPNE.exe
  C:\Windows\System\TdTqPNE.exe
  2⤵
  PID:2136
- C:\Windows\System\KOINKZV.exe
  C:\Windows\System\KOINKZV.exe
  2⤵
  PID:6464
- C:\Windows\System\oUrVdpQ.exe
  C:\Windows\System\oUrVdpQ.exe
  2⤵
  PID:7120
- C:\Windows\System\tdrbbkm.exe
  C:\Windows\System\tdrbbkm.exe
  2⤵
  PID:6700
- C:\Windows\System\mlfUgcA.exe
  C:\Windows\System\mlfUgcA.exe
  2⤵
  PID:7136
- C:\Windows\System\WIESBCb.exe
  C:\Windows\System\WIESBCb.exe
  2⤵
  PID:5480
- C:\Windows\System\hAcECNo.exe
  C:\Windows\System\hAcECNo.exe
  2⤵
  PID:6248
- C:\Windows\System\KRWlWbA.exe
  C:\Windows\System\KRWlWbA.exe
  2⤵
  PID:5324
- C:\Windows\System\sfMXbRd.exe
  C:\Windows\System\sfMXbRd.exe
  2⤵
  PID:7016
- C:\Windows\System\VVNAKgZ.exe
  C:\Windows\System\VVNAKgZ.exe
  2⤵
  PID:2548
- C:\Windows\System\VtYsUes.exe
  C:\Windows\System\VtYsUes.exe
  2⤵
  PID:2556
- C:\Windows\System\BPEeboC.exe
  C:\Windows\System\BPEeboC.exe
  2⤵
  PID:2252
- C:\Windows\System\rovTPPY.exe
  C:\Windows\System\rovTPPY.exe
  2⤵
  PID:6376
- C:\Windows\System\mhLRUuM.exe
  C:\Windows\System\mhLRUuM.exe
  2⤵
  PID:6028
- C:\Windows\System\lwXyWWa.exe
  C:\Windows\System\lwXyWWa.exe
  2⤵
  PID:7180
- C:\Windows\System\ADkQnqu.exe
  C:\Windows\System\ADkQnqu.exe
  2⤵
  PID:7204
- C:\Windows\System\HGIUqft.exe
  C:\Windows\System\HGIUqft.exe
  2⤵
  PID:7224
- C:\Windows\System\lHwIWWM.exe
  C:\Windows\System\lHwIWWM.exe
  2⤵
  PID:7248
- C:\Windows\System\mAkGqre.exe
  C:\Windows\System\mAkGqre.exe
  2⤵
  PID:7268
- C:\Windows\System\qsyqkUe.exe
  C:\Windows\System\qsyqkUe.exe
  2⤵
  PID:7288
- C:\Windows\System\UCfwCxs.exe
  C:\Windows\System\UCfwCxs.exe
  2⤵
  PID:7312
- C:\Windows\System\dpGQROq.exe
  C:\Windows\System\dpGQROq.exe
  2⤵
  PID:7336
- C:\Windows\System\HWkzaqK.exe
  C:\Windows\System\HWkzaqK.exe
  2⤵
  PID:7356
- C:\Windows\System\wCfGyea.exe
  C:\Windows\System\wCfGyea.exe
  2⤵
  PID:7384
- C:\Windows\System\tLfgCSG.exe
  C:\Windows\System\tLfgCSG.exe
  2⤵
  PID:7400
- C:\Windows\System\jRBpTpO.exe
  C:\Windows\System\jRBpTpO.exe
  2⤵
  PID:7420
- C:\Windows\System\SKsPqpU.exe
  C:\Windows\System\SKsPqpU.exe
  2⤵
  PID:7440
- C:\Windows\System\fZSsfEZ.exe
  C:\Windows\System\fZSsfEZ.exe
  2⤵
  PID:7464
- C:\Windows\System\fnVXHkq.exe
  C:\Windows\System\fnVXHkq.exe
  2⤵
  PID:7480
- C:\Windows\System\IeYePFQ.exe
  C:\Windows\System\IeYePFQ.exe
  2⤵
  PID:7496
- C:\Windows\System\NVBCMPl.exe
  C:\Windows\System\NVBCMPl.exe
  2⤵
  PID:7520
- C:\Windows\System\ENjzkTp.exe
  C:\Windows\System\ENjzkTp.exe
  2⤵
  PID:7540
- C:\Windows\System\DDbKXdx.exe
  C:\Windows\System\DDbKXdx.exe
  2⤵
  PID:7560
- C:\Windows\System\CNNhbGv.exe
  C:\Windows\System\CNNhbGv.exe
  2⤵
  PID:7576
- C:\Windows\System\dtOinAJ.exe
  C:\Windows\System\dtOinAJ.exe
  2⤵
  PID:7596
- C:\Windows\System\decnypG.exe
  C:\Windows\System\decnypG.exe
  2⤵
  PID:7612
- C:\Windows\System\uoeNWps.exe
  C:\Windows\System\uoeNWps.exe
  2⤵
  PID:7636
- C:\Windows\System\QGstkar.exe
  C:\Windows\System\QGstkar.exe
  2⤵
  PID:7656
- C:\Windows\System\povJLsX.exe
  C:\Windows\System\povJLsX.exe
  2⤵
  PID:7684
- C:\Windows\System\fDBMOMq.exe
  C:\Windows\System\fDBMOMq.exe
  2⤵
  PID:7700
- C:\Windows\System\yKBlEFL.exe
  C:\Windows\System\yKBlEFL.exe
  2⤵
  PID:7724
- C:\Windows\System\GyXpFgR.exe
  C:\Windows\System\GyXpFgR.exe
  2⤵
  PID:7744
- C:\Windows\System\olAFUVs.exe
  C:\Windows\System\olAFUVs.exe
  2⤵
  PID:7764
- C:\Windows\System\gcEjgYg.exe
  C:\Windows\System\gcEjgYg.exe
  2⤵
  PID:7788
- C:\Windows\System\KrgYiwH.exe
  C:\Windows\System\KrgYiwH.exe
  2⤵
  PID:7808
- C:\Windows\System\ZbSBvdN.exe
  C:\Windows\System\ZbSBvdN.exe
  2⤵
  PID:7828
- C:\Windows\System\PnEaQjf.exe
  C:\Windows\System\PnEaQjf.exe
  2⤵
  PID:7844
- C:\Windows\System\Erizkya.exe
  C:\Windows\System\Erizkya.exe
  2⤵
  PID:7868
- C:\Windows\System\IGcWBCe.exe
  C:\Windows\System\IGcWBCe.exe
  2⤵
  PID:7884
- C:\Windows\System\rmcbulY.exe
  C:\Windows\System\rmcbulY.exe
  2⤵
  PID:7900
- C:\Windows\System\ApBgjrR.exe
  C:\Windows\System\ApBgjrR.exe
  2⤵
  PID:7920
- C:\Windows\System\OMcGLiK.exe
  C:\Windows\System\OMcGLiK.exe
  2⤵
  PID:7948
- C:\Windows\System\CogzsmP.exe
  C:\Windows\System\CogzsmP.exe
  2⤵
  PID:7968
- C:\Windows\System\zXEPNoV.exe
  C:\Windows\System\zXEPNoV.exe
  2⤵
  PID:7988
- C:\Windows\System\xJYbItV.exe
  C:\Windows\System\xJYbItV.exe
  2⤵
  PID:8004
- C:\Windows\System\MgydECB.exe
  C:\Windows\System\MgydECB.exe
  2⤵
  PID:8028
- C:\Windows\System\TUiZEVy.exe
  C:\Windows\System\TUiZEVy.exe
  2⤵
  PID:8048
- C:\Windows\System\HYHmUIO.exe
  C:\Windows\System\HYHmUIO.exe
  2⤵
  PID:8072
- C:\Windows\System\jAkdILo.exe
  C:\Windows\System\jAkdILo.exe
  2⤵
  PID:8088
- C:\Windows\System\ESXVKgm.exe
  C:\Windows\System\ESXVKgm.exe
  2⤵
  PID:8108
- C:\Windows\System\xgsYnvB.exe
  C:\Windows\System\xgsYnvB.exe
  2⤵
  PID:8128
- C:\Windows\System\UnidpoA.exe
  C:\Windows\System\UnidpoA.exe
  2⤵
  PID:8148
- C:\Windows\System\IIeuOFJ.exe
  C:\Windows\System\IIeuOFJ.exe
  2⤵
  PID:8168
- C:\Windows\System\sElQTQp.exe
  C:\Windows\System\sElQTQp.exe
  2⤵
  PID:1784
- C:\Windows\System\GZnmFLf.exe
  C:\Windows\System\GZnmFLf.exe
  2⤵
  PID:2192
- C:\Windows\System\qxoVEAy.exe
  C:\Windows\System\qxoVEAy.exe
  2⤵
  PID:5188
- C:\Windows\System\oowVbcO.exe
  C:\Windows\System\oowVbcO.exe
  2⤵
  PID:2864
- C:\Windows\System\BdNpDry.exe
  C:\Windows\System\BdNpDry.exe
  2⤵
  PID:6972
- C:\Windows\System\SnTzlzS.exe
  C:\Windows\System\SnTzlzS.exe
  2⤵
  PID:7192
- C:\Windows\System\SiVqfHy.exe
  C:\Windows\System\SiVqfHy.exe
  2⤵
  PID:7232
- C:\Windows\System\ckuHIlq.exe
  C:\Windows\System\ckuHIlq.exe
  2⤵
  PID:6440
- C:\Windows\System\RFnUxWZ.exe
  C:\Windows\System\RFnUxWZ.exe
  2⤵
  PID:7284
- C:\Windows\System\hZqlhkn.exe
  C:\Windows\System\hZqlhkn.exe
  2⤵
  PID:2592
- C:\Windows\System\bSJCcWb.exe
  C:\Windows\System\bSJCcWb.exe
  2⤵
  PID:7176
- C:\Windows\System\sNWgryT.exe
  C:\Windows\System\sNWgryT.exe
  2⤵
  PID:7372
- C:\Windows\System\TDmOQBu.exe
  C:\Windows\System\TDmOQBu.exe
  2⤵
  PID:7408
- C:\Windows\System\veQObLi.exe
  C:\Windows\System\veQObLi.exe
  2⤵
  PID:7460
- C:\Windows\System\GbVQkVI.exe
  C:\Windows\System\GbVQkVI.exe
  2⤵
  PID:7452
- C:\Windows\System\migdBRS.exe
  C:\Windows\System\migdBRS.exe
  2⤵
  PID:7396
- C:\Windows\System\mwMIgSZ.exe
  C:\Windows\System\mwMIgSZ.exe
  2⤵
  PID:7568
- C:\Windows\System\yHZmxVh.exe
  C:\Windows\System\yHZmxVh.exe
  2⤵
  PID:7476
- C:\Windows\System\lyqosjr.exe
  C:\Windows\System\lyqosjr.exe
  2⤵
  PID:7512
- C:\Windows\System\HFQXFdS.exe
  C:\Windows\System\HFQXFdS.exe
  2⤵
  PID:7552
- C:\Windows\System\eOCGusk.exe
  C:\Windows\System\eOCGusk.exe
  2⤵
  PID:7692
- C:\Windows\System\hQVYACZ.exe
  C:\Windows\System\hQVYACZ.exe
  2⤵
  PID:7628
- C:\Windows\System\IRmLVYF.exe
  C:\Windows\System\IRmLVYF.exe
  2⤵
  PID:7740
- C:\Windows\System\jFZhPEe.exe
  C:\Windows\System\jFZhPEe.exe
  2⤵
  PID:7676
- C:\Windows\System\gWqLnIu.exe
  C:\Windows\System\gWqLnIu.exe
  2⤵
  PID:7772
- C:\Windows\System\vEvMFRq.exe
  C:\Windows\System\vEvMFRq.exe
  2⤵
  PID:2560
- C:\Windows\System\iggNnmb.exe
  C:\Windows\System\iggNnmb.exe
  2⤵
  PID:7864
- C:\Windows\System\BZYypzR.exe
  C:\Windows\System\BZYypzR.exe
  2⤵
  PID:7756
- C:\Windows\System\dCgKIwL.exe
  C:\Windows\System\dCgKIwL.exe
  2⤵
  PID:7892
- C:\Windows\System\uvlkush.exe
  C:\Windows\System\uvlkush.exe
  2⤵
  PID:7932
- C:\Windows\System\LZVeHzt.exe
  C:\Windows\System\LZVeHzt.exe
  2⤵
  PID:7976
- C:\Windows\System\vpAnILf.exe
  C:\Windows\System\vpAnILf.exe
  2⤵
  PID:8024
- C:\Windows\System\XuoXWCP.exe
  C:\Windows\System\XuoXWCP.exe
  2⤵
  PID:7908
- C:\Windows\System\ASrfHxN.exe
  C:\Windows\System\ASrfHxN.exe
  2⤵
  PID:8064
- C:\Windows\System\dJWHcDG.exe
  C:\Windows\System\dJWHcDG.exe
  2⤵
  PID:8100
- C:\Windows\System\VRuaezy.exe
  C:\Windows\System\VRuaezy.exe
  2⤵
  PID:8036
- C:\Windows\System\EUszqTl.exe
  C:\Windows\System\EUszqTl.exe
  2⤵
  PID:8176
- C:\Windows\System\aZWAkYC.exe
  C:\Windows\System\aZWAkYC.exe
  2⤵
  PID:8120
- C:\Windows\System\GXRNswD.exe
  C:\Windows\System\GXRNswD.exe
  2⤵
  PID:6320
- C:\Windows\System\pYUUUtB.exe
  C:\Windows\System\pYUUUtB.exe
  2⤵
  PID:8084
- C:\Windows\System\JadbCLn.exe
  C:\Windows\System\JadbCLn.exe
  2⤵
  PID:8160
- C:\Windows\System\ieJGSff.exe
  C:\Windows\System\ieJGSff.exe
  2⤵
  PID:6600
- C:\Windows\System\EqyzsDO.exe
  C:\Windows\System\EqyzsDO.exe
  2⤵
  PID:2360
- C:\Windows\System\liwrHmZ.exe
  C:\Windows\System\liwrHmZ.exe
  2⤵
  PID:696
- C:\Windows\System\UopscuF.exe
  C:\Windows\System\UopscuF.exe
  2⤵
  PID:7244
- C:\Windows\System\CiCpSSc.exe
  C:\Windows\System\CiCpSSc.exe
  2⤵
  PID:2384
- C:\Windows\System\driPvXz.exe
  C:\Windows\System\driPvXz.exe
  2⤵
  PID:1764
- C:\Windows\System\THrXwNR.exe
  C:\Windows\System\THrXwNR.exe
  2⤵
  PID:6984
- C:\Windows\System\ttHRRhr.exe
  C:\Windows\System\ttHRRhr.exe
  2⤵
  PID:6588
- C:\Windows\System\gKdUxNP.exe
  C:\Windows\System\gKdUxNP.exe
  2⤵
  PID:6908
- C:\Windows\System\tyWBIcQ.exe
  C:\Windows\System\tyWBIcQ.exe
  2⤵
  PID:2960
- C:\Windows\System\OBwlUlp.exe
  C:\Windows\System\OBwlUlp.exe
  2⤵
  PID:1120
- C:\Windows\System\isFUdNU.exe
  C:\Windows\System\isFUdNU.exe
  2⤵
  PID:7364
- C:\Windows\System\iOivvrk.exe
  C:\Windows\System\iOivvrk.exe
  2⤵
  PID:828
- C:\Windows\System\XIsrYbt.exe
  C:\Windows\System\XIsrYbt.exe
  2⤵
  PID:2412
- C:\Windows\System\bERFXwS.exe
  C:\Windows\System\bERFXwS.exe
  2⤵
  PID:1380
- C:\Windows\System\AIUsqMh.exe
  C:\Windows\System\AIUsqMh.exe
  2⤵
  PID:2744
- C:\Windows\System\MfIXfQA.exe
  C:\Windows\System\MfIXfQA.exe
  2⤵
  PID:2068
- C:\Windows\System\zVUJoZj.exe
  C:\Windows\System\zVUJoZj.exe
  2⤵
  PID:1320
- C:\Windows\System\RtRaqXj.exe
  C:\Windows\System\RtRaqXj.exe
  2⤵
  PID:2908
- C:\Windows\System\obJPOes.exe
  C:\Windows\System\obJPOes.exe
  2⤵
  PID:2084
- C:\Windows\System\mIpfhJJ.exe
  C:\Windows\System\mIpfhJJ.exe
  2⤵
  PID:1852
- C:\Windows\System\GgBbhpH.exe
  C:\Windows\System\GgBbhpH.exe
  2⤵
  PID:2568
- C:\Windows\System\JWCRCYf.exe
  C:\Windows\System\JWCRCYf.exe
  2⤵
  PID:7264
- C:\Windows\System\VlPpwpR.exe
  C:\Windows\System\VlPpwpR.exe
  2⤵
  PID:7416
- C:\Windows\System\AUTkIgr.exe
  C:\Windows\System\AUTkIgr.exe
  2⤵
  PID:7488
- C:\Windows\System\DbpAELv.exe
  C:\Windows\System\DbpAELv.exe
  2⤵
  PID:7492
- C:\Windows\System\ZnrdYHT.exe
  C:\Windows\System\ZnrdYHT.exe
  2⤵
  PID:7472
- C:\Windows\System\sBqIgAc.exe
  C:\Windows\System\sBqIgAc.exe
  2⤵
  PID:7624
- C:\Windows\System\mTFtIWQ.exe
  C:\Windows\System\mTFtIWQ.exe
  2⤵
  PID:7428
- C:\Windows\System\qLyfCKv.exe
  C:\Windows\System\qLyfCKv.exe
  2⤵
  PID:7776
- C:\Windows\System\hknyIME.exe
  C:\Windows\System\hknyIME.exe
  2⤵
  PID:7504
- C:\Windows\System\QgqPuJF.exe
  C:\Windows\System\QgqPuJF.exe
  2⤵
  PID:7664
- C:\Windows\System\UkYQMBO.exe
  C:\Windows\System\UkYQMBO.exe
  2⤵
  PID:7716
- C:\Windows\System\GibsANg.exe
  C:\Windows\System\GibsANg.exe
  2⤵
  PID:7824
- C:\Windows\System\zrjHguW.exe
  C:\Windows\System\zrjHguW.exe
  2⤵
  PID:7796
- C:\Windows\System\ljuoNsr.exe
  C:\Windows\System\ljuoNsr.exe
  2⤵
  PID:7800
- C:\Windows\System\NKGVSng.exe
  C:\Windows\System\NKGVSng.exe
  2⤵
  PID:8012
- C:\Windows\System\FGqYtqG.exe
  C:\Windows\System\FGqYtqG.exe
  2⤵
  PID:7276
- C:\Windows\System\aIUpFrQ.exe
  C:\Windows\System\aIUpFrQ.exe
  2⤵
  PID:8164
- C:\Windows\System\RmVfDjc.exe
  C:\Windows\System\RmVfDjc.exe
  2⤵
  PID:7152
- C:\Windows\System\fvGwjNr.exe
  C:\Windows\System\fvGwjNr.exe
  2⤵
  PID:6756
- C:\Windows\System\CqAuZcN.exe
  C:\Windows\System\CqAuZcN.exe
  2⤵
  PID:2984
- C:\Windows\System\FIZTIrW.exe
  C:\Windows\System\FIZTIrW.exe
  2⤵
  PID:6164
- C:\Windows\System\RkecUmh.exe
  C:\Windows\System\RkecUmh.exe
  2⤵
  PID:2504
- C:\Windows\System\CpOrxkO.exe
  C:\Windows\System\CpOrxkO.exe
  2⤵
  PID:2104
- C:\Windows\System\FOanqZB.exe
  C:\Windows\System\FOanqZB.exe
  2⤵
  PID:7332
- C:\Windows\System\WVukMEh.exe
  C:\Windows\System\WVukMEh.exe
  2⤵
  PID:1692
- C:\Windows\System\IJkiyiy.exe
  C:\Windows\System\IJkiyiy.exe
  2⤵
  PID:1196
- C:\Windows\System\ndvhcjL.exe
  C:\Windows\System\ndvhcjL.exe
  2⤵
  PID:7392
- C:\Windows\System\ikkfgMX.exe
  C:\Windows\System\ikkfgMX.exe
  2⤵
  PID:8020
- C:\Windows\System\sDStfZu.exe
  C:\Windows\System\sDStfZu.exe
  2⤵
  PID:8096
- C:\Windows\System\RPlkSWy.exe
  C:\Windows\System\RPlkSWy.exe
  2⤵
  PID:7156
- C:\Windows\System\pkOYzcL.exe
  C:\Windows\System\pkOYzcL.exe
  2⤵
  PID:7200
- C:\Windows\System\AcKKHLX.exe
  C:\Windows\System\AcKKHLX.exe
  2⤵
  PID:7188
- C:\Windows\System\vdelhVH.exe
  C:\Windows\System\vdelhVH.exe
  2⤵
  PID:6780
- C:\Windows\System\qgjKWYc.exe
  C:\Windows\System\qgjKWYc.exe
  2⤵
  PID:2868
- C:\Windows\System\HGLlwWu.exe
  C:\Windows\System\HGLlwWu.exe
  2⤵
  PID:1344
- C:\Windows\System\wLwjbUw.exe
  C:\Windows\System\wLwjbUw.exe
  2⤵
  PID:7352
- C:\Windows\System\KCkVUKX.exe
  C:\Windows\System\KCkVUKX.exe
  2⤵
  PID:7380
- C:\Windows\System\yGzkzrq.exe
  C:\Windows\System\yGzkzrq.exe
  2⤵
  PID:7668
- C:\Windows\System\iUeyNPw.exe
  C:\Windows\System\iUeyNPw.exe
  2⤵
  PID:7592
- C:\Windows\System\OdRzZMl.exe
  C:\Windows\System\OdRzZMl.exe
  2⤵
  PID:7820
- C:\Windows\System\sMexWRo.exe
  C:\Windows\System\sMexWRo.exe
  2⤵
  PID:7980
- C:\Windows\System\RLfVhqn.exe
  C:\Windows\System\RLfVhqn.exe
  2⤵
  PID:2388
- C:\Windows\System\JTlfRbR.exe
  C:\Windows\System\JTlfRbR.exe
  2⤵
  PID:7936
- C:\Windows\System\fBaZZxj.exe
  C:\Windows\System\fBaZZxj.exe
  2⤵
  PID:1884
- C:\Windows\System\rZtvHEe.exe
  C:\Windows\System\rZtvHEe.exe
  2⤵
  PID:7324
- C:\Windows\System\CBZaYen.exe
  C:\Windows\System\CBZaYen.exe
  2⤵
  PID:7220
- C:\Windows\System\BXIpoQc.exe
  C:\Windows\System\BXIpoQc.exe
  2⤵
  PID:7172
- C:\Windows\System\HUZqEDY.exe
  C:\Windows\System\HUZqEDY.exe
  2⤵
  PID:2228
- C:\Windows\System\GIphUqq.exe
  C:\Windows\System\GIphUqq.exe
  2⤵
  PID:7896
- C:\Windows\System\uFxGbgo.exe
  C:\Windows\System\uFxGbgo.exe
  2⤵
  PID:8044
- C:\Windows\System\vrRTWGR.exe
  C:\Windows\System\vrRTWGR.exe
  2⤵
  PID:5624
- C:\Windows\System\AsBxYvJ.exe
  C:\Windows\System\AsBxYvJ.exe
  2⤵
  PID:2060
- C:\Windows\System\MXYNUXN.exe
  C:\Windows\System\MXYNUXN.exe
  2⤵
  PID:7752
- C:\Windows\System\kwnYTuH.exe
  C:\Windows\System\kwnYTuH.exe
  2⤵
  PID:7584
- C:\Windows\System\QaZWytU.exe
  C:\Windows\System\QaZWytU.exe
  2⤵
  PID:6948
- C:\Windows\System\lgjHHdy.exe
  C:\Windows\System\lgjHHdy.exe
  2⤵
  PID:8200
- C:\Windows\System\zXxBTVB.exe
  C:\Windows\System\zXxBTVB.exe
  2⤵
  PID:8216
- C:\Windows\System\YVUcCms.exe
  C:\Windows\System\YVUcCms.exe
  2⤵
  PID:8232
- C:\Windows\System\rehDDkh.exe
  C:\Windows\System\rehDDkh.exe
  2⤵
  PID:8264
- C:\Windows\System\nxbnDHj.exe
  C:\Windows\System\nxbnDHj.exe
  2⤵
  PID:8280
- C:\Windows\System\LbTrYnm.exe
  C:\Windows\System\LbTrYnm.exe
  2⤵
  PID:8296
- C:\Windows\System\KEuOiRQ.exe
  C:\Windows\System\KEuOiRQ.exe
  2⤵
  PID:8312
- C:\Windows\System\kLLBZrt.exe
  C:\Windows\System\kLLBZrt.exe
  2⤵
  PID:8344
- C:\Windows\System\fVAPhoc.exe
  C:\Windows\System\fVAPhoc.exe
  2⤵
  PID:8360
- C:\Windows\System\sgOKvlW.exe
  C:\Windows\System\sgOKvlW.exe
  2⤵
  PID:8380
- C:\Windows\System\axzOYdY.exe
  C:\Windows\System\axzOYdY.exe
  2⤵
  PID:8396
- C:\Windows\System\skiKLbt.exe
  C:\Windows\System\skiKLbt.exe
  2⤵
  PID:8412
- C:\Windows\System\EigazOf.exe
  C:\Windows\System\EigazOf.exe
  2⤵
  PID:8444
- C:\Windows\System\WXEvrKA.exe
  C:\Windows\System\WXEvrKA.exe
  2⤵
  PID:8460
- C:\Windows\System\thzYxDE.exe
  C:\Windows\System\thzYxDE.exe
  2⤵
  PID:8476
- C:\Windows\System\rBBbupe.exe
  C:\Windows\System\rBBbupe.exe
  2⤵
  PID:8504
- C:\Windows\System\YVDhGXy.exe
  C:\Windows\System\YVDhGXy.exe
  2⤵
  PID:8520
- C:\Windows\System\lxcjQsp.exe
  C:\Windows\System\lxcjQsp.exe
  2⤵
  PID:8540
- C:\Windows\System\YMTtLIh.exe
  C:\Windows\System\YMTtLIh.exe
  2⤵
  PID:8568
- C:\Windows\System\iDafLZa.exe
  C:\Windows\System\iDafLZa.exe
  2⤵
  PID:8592
- C:\Windows\System\RkLZrwp.exe
  C:\Windows\System\RkLZrwp.exe
  2⤵
  PID:8608
- C:\Windows\System\kjZVgiB.exe
  C:\Windows\System\kjZVgiB.exe
  2⤵
  PID:8628
- C:\Windows\System\EsLqTBe.exe
  C:\Windows\System\EsLqTBe.exe
  2⤵
  PID:8644
- C:\Windows\System\vlpzbLy.exe
  C:\Windows\System\vlpzbLy.exe
  2⤵
  PID:8664
- C:\Windows\System\yNuuait.exe
  C:\Windows\System\yNuuait.exe
  2⤵
  PID:8680
- C:\Windows\System\QCgFFzz.exe
  C:\Windows\System\QCgFFzz.exe
  2⤵
  PID:8700
- C:\Windows\System\QfIaVIX.exe
  C:\Windows\System\QfIaVIX.exe
  2⤵
  PID:8716
- C:\Windows\System\zkiUDfS.exe
  C:\Windows\System\zkiUDfS.exe
  2⤵
  PID:8756
- C:\Windows\System\QhxsYxH.exe
  C:\Windows\System\QhxsYxH.exe
  2⤵
  PID:8776
- C:\Windows\System\ntMeAJu.exe
  C:\Windows\System\ntMeAJu.exe
  2⤵
  PID:8792
- C:\Windows\System\bKdGWpn.exe
  C:\Windows\System\bKdGWpn.exe
  2⤵
  PID:8808
- C:\Windows\System\EscGlaX.exe
  C:\Windows\System\EscGlaX.exe
  2⤵
  PID:8824
- C:\Windows\System\cXBMYrf.exe
  C:\Windows\System\cXBMYrf.exe
  2⤵
  PID:8840
- C:\Windows\System\oAmoiKs.exe
  C:\Windows\System\oAmoiKs.exe
  2⤵
  PID:8856
- C:\Windows\System\pWbVAgd.exe
  C:\Windows\System\pWbVAgd.exe
  2⤵
  PID:8872
- C:\Windows\System\VKHzQXi.exe
  C:\Windows\System\VKHzQXi.exe
  2⤵
  PID:8888
- C:\Windows\System\ePqdNaT.exe
  C:\Windows\System\ePqdNaT.exe
  2⤵
  PID:8904
- C:\Windows\System\BChPwrK.exe
  C:\Windows\System\BChPwrK.exe
  2⤵
  PID:8920
- C:\Windows\System\hFXkEuy.exe
  C:\Windows\System\hFXkEuy.exe
  2⤵
  PID:8936
- C:\Windows\System\dcpsLUF.exe
  C:\Windows\System\dcpsLUF.exe
  2⤵
  PID:8952
- C:\Windows\System\FjfUTFy.exe
  C:\Windows\System\FjfUTFy.exe
  2⤵
  PID:8968
- C:\Windows\System\WhIAaJZ.exe
  C:\Windows\System\WhIAaJZ.exe
  2⤵
  PID:8984
- C:\Windows\System\OonJpHB.exe
  C:\Windows\System\OonJpHB.exe
  2⤵
  PID:9000
- C:\Windows\System\USCcSiN.exe
  C:\Windows\System\USCcSiN.exe
  2⤵
  PID:9016
- C:\Windows\System\koErWJe.exe
  C:\Windows\System\koErWJe.exe
  2⤵
  PID:9032
- C:\Windows\System\gOMvsio.exe
  C:\Windows\System\gOMvsio.exe
  2⤵
  PID:9048
- C:\Windows\System\KYCHFhg.exe
  C:\Windows\System\KYCHFhg.exe
  2⤵
  PID:9064
- C:\Windows\System\jGFHQGt.exe
  C:\Windows\System\jGFHQGt.exe
  2⤵
  PID:9084
- C:\Windows\System\arWhfmN.exe
  C:\Windows\System\arWhfmN.exe
  2⤵
  PID:9100
- C:\Windows\System\JRrmcaK.exe
  C:\Windows\System\JRrmcaK.exe
  2⤵
  PID:9116
- C:\Windows\System\luKuXxz.exe
  C:\Windows\System\luKuXxz.exe
  2⤵
  PID:9132
- C:\Windows\System\qMopBit.exe
  C:\Windows\System\qMopBit.exe
  2⤵
  PID:9148
- C:\Windows\System\HuBJqIQ.exe
  C:\Windows\System\HuBJqIQ.exe
  2⤵
  PID:9164
- C:\Windows\System\RawfniW.exe
  C:\Windows\System\RawfniW.exe
  2⤵
  PID:9180
- C:\Windows\System\Dtmtkgn.exe
  C:\Windows\System\Dtmtkgn.exe
  2⤵
  PID:9196
- C:\Windows\System\GyJRgCL.exe
  C:\Windows\System\GyJRgCL.exe
  2⤵
  PID:9212
- C:\Windows\System\odXxKyq.exe
  C:\Windows\System\odXxKyq.exe
  2⤵
  PID:8224
- C:\Windows\System\vwXRkVI.exe
  C:\Windows\System\vwXRkVI.exe
  2⤵
  PID:1048
- C:\Windows\System\kjtyVDt.exe
  C:\Windows\System\kjtyVDt.exe
  2⤵
  PID:8304
- C:\Windows\System\gQVLwNq.exe
  C:\Windows\System\gQVLwNq.exe
  2⤵
  PID:8248
- C:\Windows\System\MIjJfSF.exe
  C:\Windows\System\MIjJfSF.exe
  2⤵
  PID:8288
- C:\Windows\System\DjaEGVJ.exe
  C:\Windows\System\DjaEGVJ.exe
  2⤵
  PID:8292
- C:\Windows\System\JtUpedM.exe
  C:\Windows\System\JtUpedM.exe
  2⤵
  PID:8324
- C:\Windows\System\qrWAiPZ.exe
  C:\Windows\System\qrWAiPZ.exe
  2⤵
  PID:8336
- C:\Windows\System\ytXVHIB.exe
  C:\Windows\System\ytXVHIB.exe
  2⤵
  PID:8376
- C:\Windows\System\urVdHMu.exe
  C:\Windows\System\urVdHMu.exe
  2⤵
  PID:8440
- C:\Windows\System\xtKShgT.exe
  C:\Windows\System\xtKShgT.exe
  2⤵
  PID:8452
- C:\Windows\System\ptHrwnb.exe
  C:\Windows\System\ptHrwnb.exe
  2⤵
  PID:8496
- C:\Windows\System\bKoABBC.exe
  C:\Windows\System\bKoABBC.exe
  2⤵
  PID:8548
- C:\Windows\System\BsEKMHo.exe
  C:\Windows\System\BsEKMHo.exe
  2⤵
  PID:8560
- C:\Windows\System\DyHWmKx.exe
  C:\Windows\System\DyHWmKx.exe
  2⤵
  PID:8536
- C:\Windows\System\akruJKF.exe
  C:\Windows\System\akruJKF.exe
  2⤵
  PID:8672
- C:\Windows\System\eyGbKBq.exe
  C:\Windows\System\eyGbKBq.exe
  2⤵
  PID:8580
- C:\Windows\System\eLGvVhS.exe
  C:\Windows\System\eLGvVhS.exe
  2⤵
  PID:8764
- C:\Windows\System\kyIeOmC.exe
  C:\Windows\System\kyIeOmC.exe
  2⤵
  PID:8696
- C:\Windows\System\HYptvcl.exe
  C:\Windows\System\HYptvcl.exe
  2⤵
  PID:8624
- C:\Windows\System\yIRzIdX.exe
  C:\Windows\System\yIRzIdX.exe
  2⤵
  PID:8744
- C:\Windows\System\oOaJAFE.exe
  C:\Windows\System\oOaJAFE.exe
  2⤵
  PID:8832
- C:\Windows\System\tOQBDtt.exe
  C:\Windows\System\tOQBDtt.exe
  2⤵
  PID:8748
- C:\Windows\System\gieDfQj.exe
  C:\Windows\System\gieDfQj.exe
  2⤵
  PID:8784
- C:\Windows\System\kffMueK.exe
  C:\Windows\System\kffMueK.exe
  2⤵
  PID:8848
- C:\Windows\System\ARtBofb.exe
  C:\Windows\System\ARtBofb.exe
  2⤵
  PID:8880
- C:\Windows\System\EyFOVTp.exe
  C:\Windows\System\EyFOVTp.exe
  2⤵
  PID:8960
- C:\Windows\System\uejQOCI.exe
  C:\Windows\System\uejQOCI.exe
  2⤵
  PID:8944
- C:\Windows\System\NcYBJzt.exe
  C:\Windows\System\NcYBJzt.exe
  2⤵
  PID:8980
- C:\Windows\System\UhVmneX.exe
  C:\Windows\System\UhVmneX.exe
  2⤵
  PID:9024
- C:\Windows\System\LUPyeHH.exe
  C:\Windows\System\LUPyeHH.exe
  2⤵
  PID:9060
- C:\Windows\System\qNDorIr.exe
  C:\Windows\System\qNDorIr.exe
  2⤵
  PID:9092
- C:\Windows\System\bUvsUDe.exe
  C:\Windows\System\bUvsUDe.exe
  2⤵
  PID:9080
- C:\Windows\System\gVobKtc.exe
  C:\Windows\System\gVobKtc.exe
  2⤵
  PID:9144
- C:\Windows\System\tKdrydS.exe
  C:\Windows\System\tKdrydS.exe
  2⤵
  PID:9192
- C:\Windows\System\OlWVXoQ.exe
  C:\Windows\System\OlWVXoQ.exe
  2⤵
  PID:9204
- C:\Windows\System\WvbuCaV.exe
  C:\Windows\System\WvbuCaV.exe
  2⤵
  PID:8552
- C:\Windows\System\vpVNEch.exe
  C:\Windows\System\vpVNEch.exe
  2⤵
  PID:8352
- C:\Windows\System\jAnlRze.exe
  C:\Windows\System\jAnlRze.exe
  2⤵
  PID:8244
- C:\Windows\System\bBUvPYf.exe
  C:\Windows\System\bBUvPYf.exe
  2⤵
  PID:8260
- C:\Windows\System\aAkLGov.exe
  C:\Windows\System\aAkLGov.exe
  2⤵
  PID:8516
- C:\Windows\System\MQqBdPK.exe
  C:\Windows\System\MQqBdPK.exe
  2⤵
  PID:8432
- C:\Windows\System\ShzCkSn.exe
  C:\Windows\System\ShzCkSn.exe
  2⤵
  PID:8588
- C:\Windows\System\eDKjdlD.exe
  C:\Windows\System\eDKjdlD.exe
  2⤵
  PID:8488
- C:\Windows\System\zPZiMQq.exe
  C:\Windows\System\zPZiMQq.exe
  2⤵
  PID:8712
- C:\Windows\System\NkDkExa.exe
  C:\Windows\System\NkDkExa.exe
  2⤵
  PID:8804
- C:\Windows\System\zWclvRo.exe
  C:\Windows\System\zWclvRo.exe
  2⤵
  PID:8736
- C:\Windows\System\KmSuiBK.exe
  C:\Windows\System\KmSuiBK.exe
  2⤵
  PID:8820
- C:\Windows\System\HOnPENE.exe
  C:\Windows\System\HOnPENE.exe
  2⤵
  PID:8896
- C:\Windows\System\vNJcQol.exe
  C:\Windows\System\vNJcQol.exe
  2⤵
  PID:8992
- C:\Windows\System\iHVyDWB.exe
  C:\Windows\System\iHVyDWB.exe
  2⤵
  PID:8916
- C:\Windows\System\kaBIYUS.exe
  C:\Windows\System\kaBIYUS.exe
  2⤵
  PID:6784
- C:\Windows\System\YeueSWY.exe
  C:\Windows\System\YeueSWY.exe
  2⤵
  PID:9160
- C:\Windows\System\OstUDdo.exe
  C:\Windows\System\OstUDdo.exe
  2⤵
  PID:9176
- C:\Windows\System\RyFfruA.exe
  C:\Windows\System\RyFfruA.exe
  2⤵
  PID:8392
- C:\Windows\System\RZBsmRq.exe
  C:\Windows\System\RZBsmRq.exe
  2⤵
  PID:8528
- C:\Windows\System\zMKVuKa.exe
  C:\Windows\System\zMKVuKa.exe
  2⤵
  PID:8616
- C:\Windows\System\VpsVjaZ.exe
  C:\Windows\System\VpsVjaZ.exe
  2⤵
  PID:8660
- C:\Windows\System\tAHPjlz.exe
  C:\Windows\System\tAHPjlz.exe
  2⤵
  PID:8372
- C:\Windows\System\ytXFxSq.exe
  C:\Windows\System\ytXFxSq.exe
  2⤵
  PID:8752
- C:\Windows\System\DGVpQXx.exe
  C:\Windows\System\DGVpQXx.exe
  2⤵
  PID:8900
- C:\Windows\System\MVsetNC.exe
  C:\Windows\System\MVsetNC.exe
  2⤵
  PID:8912
- C:\Windows\System\XOhFNIN.exe
  C:\Windows\System\XOhFNIN.exe
  2⤵
  PID:7532
- C:\Windows\System\HgHjwwS.exe
  C:\Windows\System\HgHjwwS.exe
  2⤵
  PID:8408
- C:\Windows\System\zeNHsmt.exe
  C:\Windows\System\zeNHsmt.exe
  2⤵
  PID:8272
- C:\Windows\System\zgsFJuo.exe
  C:\Windows\System\zgsFJuo.exe
  2⤵
  PID:9056
- C:\Windows\System\uHTxhCJ.exe
  C:\Windows\System\uHTxhCJ.exe
  2⤵
  PID:9076
- C:\Windows\System\gpZdWbE.exe
  C:\Windows\System\gpZdWbE.exe
  2⤵
  PID:8652
- C:\Windows\System\ReKbMNk.exe
  C:\Windows\System\ReKbMNk.exe
  2⤵
  PID:8996
- C:\Windows\System\GmJaSMw.exe
  C:\Windows\System\GmJaSMw.exe
  2⤵
  PID:8600
- C:\Windows\System\ddoXBiO.exe
  C:\Windows\System\ddoXBiO.exe
  2⤵
  PID:9240
- C:\Windows\System\lnFNaSF.exe
  C:\Windows\System\lnFNaSF.exe
  2⤵
  PID:9256
- C:\Windows\System\KKKAYWu.exe
  C:\Windows\System\KKKAYWu.exe
  2⤵
  PID:9272
- C:\Windows\System\YCIPcSk.exe
  C:\Windows\System\YCIPcSk.exe
  2⤵
  PID:9288
- C:\Windows\System\jXyvXOp.exe
  C:\Windows\System\jXyvXOp.exe
  2⤵
  PID:9304
- C:\Windows\System\dUEdJoa.exe
  C:\Windows\System\dUEdJoa.exe
  2⤵
  PID:9320
- C:\Windows\System\heqNifu.exe
  C:\Windows\System\heqNifu.exe
  2⤵
  PID:9336
- C:\Windows\System\pnuJDHK.exe
  C:\Windows\System\pnuJDHK.exe
  2⤵
  PID:9356
- C:\Windows\System\WnEYIKY.exe
  C:\Windows\System\WnEYIKY.exe
  2⤵
  PID:9372
- C:\Windows\System\JPxCzwU.exe
  C:\Windows\System\JPxCzwU.exe
  2⤵
  PID:9388
- C:\Windows\System\ULkILQi.exe
  C:\Windows\System\ULkILQi.exe
  2⤵
  PID:9404
- C:\Windows\System\fJZmLOk.exe
  C:\Windows\System\fJZmLOk.exe
  2⤵
  PID:9420
- C:\Windows\System\jOndHrt.exe
  C:\Windows\System\jOndHrt.exe
  2⤵
  PID:9436
- C:\Windows\System\hgkGEXS.exe
  C:\Windows\System\hgkGEXS.exe
  2⤵
  PID:9452
- C:\Windows\System\lYrcEJa.exe
  C:\Windows\System\lYrcEJa.exe
  2⤵
  PID:9468
- C:\Windows\System\OHCuRxk.exe
  C:\Windows\System\OHCuRxk.exe
  2⤵
  PID:9484
- C:\Windows\System\HOsjaoI.exe
  C:\Windows\System\HOsjaoI.exe
  2⤵
  PID:9500
- C:\Windows\System\ycxjyvw.exe
  C:\Windows\System\ycxjyvw.exe
  2⤵
  PID:9516
- C:\Windows\System\DwuUrXE.exe
  C:\Windows\System\DwuUrXE.exe
  2⤵
  PID:9536
- C:\Windows\System\NeyAdYP.exe
  C:\Windows\System\NeyAdYP.exe
  2⤵
  PID:9552
- C:\Windows\System\dfVSDmp.exe
  C:\Windows\System\dfVSDmp.exe
  2⤵
  PID:9568
- C:\Windows\System\NiwaruE.exe
  C:\Windows\System\NiwaruE.exe
  2⤵
  PID:9584
- C:\Windows\System\dinQNCe.exe
  C:\Windows\System\dinQNCe.exe
  2⤵
  PID:9600
- C:\Windows\System\iGOCNed.exe
  C:\Windows\System\iGOCNed.exe
  2⤵
  PID:9616
- C:\Windows\System\oBKialF.exe
  C:\Windows\System\oBKialF.exe
  2⤵
  PID:9632
- C:\Windows\System\xwhHakg.exe
  C:\Windows\System\xwhHakg.exe
  2⤵
  PID:9652
- C:\Windows\System\JHjczTI.exe
  C:\Windows\System\JHjczTI.exe
  2⤵
  PID:9668
- C:\Windows\System\gnbOTYX.exe
  C:\Windows\System\gnbOTYX.exe
  2⤵
  PID:9684
- C:\Windows\System\dHXQqGw.exe
  C:\Windows\System\dHXQqGw.exe
  2⤵
  PID:9700
- C:\Windows\System\HuiDPea.exe
  C:\Windows\System\HuiDPea.exe
  2⤵
  PID:9716
- C:\Windows\System\tOjKLvi.exe
  C:\Windows\System\tOjKLvi.exe
  2⤵
  PID:9732
- C:\Windows\System\KaHyyio.exe
  C:\Windows\System\KaHyyio.exe
  2⤵
  PID:9748
- C:\Windows\System\uDOyxwY.exe
  C:\Windows\System\uDOyxwY.exe
  2⤵
  PID:9764
- C:\Windows\System\OMxkALm.exe
  C:\Windows\System\OMxkALm.exe
  2⤵
  PID:9780
- C:\Windows\System\bcjKdmx.exe
  C:\Windows\System\bcjKdmx.exe
  2⤵
  PID:9796
- C:\Windows\System\DnhUwZl.exe
  C:\Windows\System\DnhUwZl.exe
  2⤵
  PID:9812
- C:\Windows\System\saRTjwS.exe
  C:\Windows\System\saRTjwS.exe
  2⤵
  PID:9828
- C:\Windows\System\KUUjHdZ.exe
  C:\Windows\System\KUUjHdZ.exe
  2⤵
  PID:9844
- C:\Windows\System\pmrKyqp.exe
  C:\Windows\System\pmrKyqp.exe
  2⤵
  PID:9860
- C:\Windows\System\PoVIWja.exe
  C:\Windows\System\PoVIWja.exe
  2⤵
  PID:9876
- C:\Windows\System\PcMnbBk.exe
  C:\Windows\System\PcMnbBk.exe
  2⤵
  PID:9892
- C:\Windows\System\siEUblj.exe
  C:\Windows\System\siEUblj.exe
  2⤵
  PID:9908
- C:\Windows\System\lBPXSXi.exe
  C:\Windows\System\lBPXSXi.exe
  2⤵
  PID:9924
- C:\Windows\System\bGCZnMq.exe
  C:\Windows\System\bGCZnMq.exe
  2⤵
  PID:9940
- C:\Windows\System\HbFiLKV.exe
  C:\Windows\System\HbFiLKV.exe
  2⤵
  PID:9960
- C:\Windows\System\vOzVDMY.exe
  C:\Windows\System\vOzVDMY.exe
  2⤵
  PID:9984
- C:\Windows\System\RjBcqIh.exe
  C:\Windows\System\RjBcqIh.exe
  2⤵
  PID:10000
- C:\Windows\System\dQzJltI.exe
  C:\Windows\System\dQzJltI.exe
  2⤵
  PID:10024
- C:\Windows\System\HBzsWtO.exe
  C:\Windows\System\HBzsWtO.exe
  2⤵
  PID:10048
- C:\Windows\System\zjPDaoD.exe
  C:\Windows\System\zjPDaoD.exe
  2⤵
  PID:10064
- C:\Windows\System\IiRqtsN.exe
  C:\Windows\System\IiRqtsN.exe
  2⤵
  PID:10080
- C:\Windows\System\QaUIvcx.exe
  C:\Windows\System\QaUIvcx.exe
  2⤵
  PID:10096
- C:\Windows\System\PvOfRsi.exe
  C:\Windows\System\PvOfRsi.exe
  2⤵
  PID:10116
- C:\Windows\System\UzypZdc.exe
  C:\Windows\System\UzypZdc.exe
  2⤵
  PID:10136
- C:\Windows\System\kvGzaeR.exe
  C:\Windows\System\kvGzaeR.exe
  2⤵
  PID:10160
- C:\Windows\System\oXXsijW.exe
  C:\Windows\System\oXXsijW.exe
  2⤵
  PID:10176
- C:\Windows\System\FaVyLyA.exe
  C:\Windows\System\FaVyLyA.exe
  2⤵
  PID:10200
- C:\Windows\System\gAqNODF.exe
  C:\Windows\System\gAqNODF.exe
  2⤵
  PID:10216
- C:\Windows\System\RYLhTdr.exe
  C:\Windows\System\RYLhTdr.exe
  2⤵
  PID:10236
- C:\Windows\System\etBrzxi.exe
  C:\Windows\System\etBrzxi.exe
  2⤵
  PID:8276
- C:\Windows\System\yROTcNJ.exe
  C:\Windows\System\yROTcNJ.exe
  2⤵
  PID:9232
- C:\Windows\System\WGkvZKz.exe
  C:\Windows\System\WGkvZKz.exe
  2⤵
  PID:9268
- C:\Windows\System\aiOpApX.exe
  C:\Windows\System\aiOpApX.exe
  2⤵
  PID:9332
- C:\Windows\System\myCPWCq.exe
  C:\Windows\System\myCPWCq.exe
  2⤵
  PID:9284
- C:\Windows\System\TxIuNJi.exe
  C:\Windows\System\TxIuNJi.exe
  2⤵
  PID:9364
- C:\Windows\System\ZaVpoAo.exe
  C:\Windows\System\ZaVpoAo.exe
  2⤵
  PID:9352
- C:\Windows\System\oTYcRVc.exe
  C:\Windows\System\oTYcRVc.exe
  2⤵
  PID:9464
- C:\Windows\System\wesWaxY.exe
  C:\Windows\System\wesWaxY.exe
  2⤵
  PID:9528
- C:\Windows\System\ugrjMZg.exe
  C:\Windows\System\ugrjMZg.exe
  2⤵
  PID:9380
- C:\Windows\System\sbMoTPn.exe
  C:\Windows\System\sbMoTPn.exe
  2⤵
  PID:9416
- C:\Windows\System\HQegddZ.exe
  C:\Windows\System\HQegddZ.exe
  2⤵
  PID:9480
- C:\Windows\System\skluQcT.exe
  C:\Windows\System\skluQcT.exe
  2⤵
  PID:9576
- C:\Windows\System\wpIGmHA.exe
  C:\Windows\System\wpIGmHA.exe
  2⤵
  PID:9608
- C:\Windows\System\RoAJMTj.exe
  C:\Windows\System\RoAJMTj.exe
  2⤵
  PID:9664
- C:\Windows\System\Zwyjhuk.exe
  C:\Windows\System\Zwyjhuk.exe
  2⤵
  PID:9728
- C:\Windows\System\yYEWmSA.exe
  C:\Windows\System\yYEWmSA.exe
  2⤵
  PID:9648
- C:\Windows\System\mLffWZK.exe
  C:\Windows\System\mLffWZK.exe
  2⤵
  PID:9712
- C:\Windows\System\lMeMhkO.exe
  C:\Windows\System\lMeMhkO.exe
  2⤵
  PID:9744
- C:\Windows\System\oVvrrUl.exe
  C:\Windows\System\oVvrrUl.exe
  2⤵
  PID:9804
- C:\Windows\System\OSMhIRQ.exe
  C:\Windows\System\OSMhIRQ.exe
  2⤵
  PID:9852
- C:\Windows\System\wCpnBqQ.exe
  C:\Windows\System\wCpnBqQ.exe
  2⤵
  PID:9888
- C:\Windows\System\JJKCPjQ.exe
  C:\Windows\System\JJKCPjQ.exe
  2⤵
  PID:9900
- C:\Windows\System\hfmCUSM.exe
  C:\Windows\System\hfmCUSM.exe
  2⤵
  PID:9932
- C:\Windows\System\xjGtbvc.exe
  C:\Windows\System\xjGtbvc.exe
  2⤵
  PID:9956
- C:\Windows\System\PyudHGE.exe
  C:\Windows\System\PyudHGE.exe
  2⤵
  PID:9996
- C:\Windows\System\XxomYjm.exe
  C:\Windows\System\XxomYjm.exe
  2⤵
  PID:10012
- C:\Windows\System\CvrKvVd.exe
  C:\Windows\System\CvrKvVd.exe
  2⤵
  PID:10072
- C:\Windows\System\wAhelfS.exe
  C:\Windows\System\wAhelfS.exe
  2⤵
  PID:10044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CQgrqNx.exe

Filesize
6.0MB

MD5
023c207917f645d5595778bc96347ef6

SHA1
aa5958b037c28e0f117a8bdc82f7ebba5781feef

SHA256
8e11040af333f5019caf3b20d39387d802f84809ed9f161d24ea4d2cb837f59d

SHA512
46373b1d1c10fc4a785770ead2f017014954c89536bf10fa8fc08451aac76f2d932d1d0bf9a602bf43e4236ca4cfec9e70bbabd44c3b65853a7b188b654fac0e

Download Submit
C:\Windows\system\GCcFwUW.exe

Filesize
6.0MB

MD5
87f1ae1ee8748ba93da838845a8594f7

SHA1
1f8d1da7eb257169e3a4e7e90aaaba5e89d6025f

SHA256
c6b84368bd382f55c750be1fc85fd56e74e294797d65187f51dbdf321a8e1431

SHA512
baba3c1fba375cacf907dec2cef22c3855ff5877e23e0576163866d72bd12ccd6ec627351e24e2c7a83736ba29fb666100324c905fdce3f4dca2bf9d4f8d1803

Download Submit
C:\Windows\system\GsqOCuY.exe

Filesize
6.0MB

MD5
5796349e223ac59200bc097d3b4af477

SHA1
d6279d23aa4887e63bbf1b9da0569e5b61ff6b50

SHA256
31f38aa05cbb79bc5d0a9bc6d854fbab26c49168656a9a277b5640ce75391974

SHA512
eaa30f7dfad2a863d74bd79e1289b37acf476b6862a1e536a7ad903b31ca32320e4c18c35ea1bd54acf416502e583deba4f416f1a8c524ceb0fc4ec6cc157948

Download Submit
C:\Windows\system\GxAYljR.exe

Filesize
6.0MB

MD5
95bd737a51c7a5d91119d190667e2d12

SHA1
66c9631d96ad98db5cee8c896de1d91f457cb586

SHA256
5c413b003bd14f1c28f45b8d40c977669e30f84661caa6db167c6e20af540350

SHA512
187f0a8e25a4ae8279105e55bb8e7768efd456fb09cf4355a343920c5f8b7b168ff73875535aabc5459b8d3ce804a444ac8df5077f014a1ef7650f40d3553e32

Download Submit
C:\Windows\system\HRWieNP.exe

Filesize
6.0MB

MD5
c30e08856d0a092e95bf3926782e4fd6

SHA1
2fce3024abbb134e548bcbd4947c569d26287a08

SHA256
095b85c26f1a2ac3a1a7b6d6867df004664a2a030ba4d6509801d2f7d5c2ec3f

SHA512
2bd22090b394ccc602ba6a992f087916f275627fe64326f6a6f08d41276daef3880992c9be15a4732017e6eec4f6958a741ebe9310b469c8dc6379b96493997f

Download Submit
C:\Windows\system\JgAUSSr.exe

Filesize
6.0MB

MD5
87e2ece4a5a0e2afe43dac747e4d9802

SHA1
f6b445451a68e72de6f26b843b24cd7017f03c38

SHA256
263ffa65fa25eb8f4627a9ace3fa603dfc968bed6dd2f07484d6b1eaa85f8c63

SHA512
89f1feb8cf362cc870ddf70c4e2c964ace9cadbdf8aa6f452439e6725b8343c388d711d53b5256637e33ee7a42653d29337beff4c130cb352feaa7e54bec987f

Download Submit
C:\Windows\system\LMfLfbT.exe

Filesize
6.0MB

MD5
35a017c2059c76295e44c4204bc34c9c

SHA1
eca6cca44544364a6ebe5bd028965c0bc25cde49

SHA256
bbc96c065015c10b3c99131ca4016708707e92d14f8dacc6595856c8c4ffa0ec

SHA512
2410b7ae5e73bb5f21fdc11d1b6de20d79dcfe1ddf747e1a1e9685c06d7110d75bcbaf19a017ac3ba84410f5d1c4fe85e9657f3ff7e72309fa1cb1a2d7829b38

Download Submit
C:\Windows\system\LSByZZW.exe

Filesize
6.0MB

MD5
fa9f8012a41d154e72dc459d6f4dc60f

SHA1
226ee198b8fcb171c00d3b91a2c9c8338b6d8bfe

SHA256
dd50bba050867350135867bdb26ba29d994e0496660c82ec3fa49045e023cb7c

SHA512
c681d2f8c10d22eac5cd82f6f7ef67097002cf4fcccb0f0075e653b13846828ba86ed70307a42a223552b081fbb3cccb8dd14e824c34d0ded34cb186f0460ec2

Download Submit
C:\Windows\system\OvlzkId.exe

Filesize
6.0MB

MD5
4503a6482d6e522fd519b427311c32ec

SHA1
6dae6c5a1a3c117eda3dfe1df802f887bf4ac367

SHA256
074eafbeb9ce27e050c21fbadba316ab15e99c7f0228d8f8a60294fc547e14ea

SHA512
f3526afbaa9765380367fbe30d358b0fde18513090c34482a615a28bdfb4764053d0f34e3a15f89f2cb7823f4d5b4307af8dae4363a1eaf6daa9e101811dd573

Download Submit
C:\Windows\system\RuMQyjO.exe

Filesize
6.0MB

MD5
3bba6dc1979e8bdd4856fb520fa5a0a6

SHA1
ce65f61bed74bf79c61b8d32f379e8acc33a0b2f

SHA256
53696417aa8d46c16066e7bf248bc4125e25fe09764f388cd24be626d8c18bb7

SHA512
ca9136da1a5e2abf44470e6886e1e75e6fc7381182c7f07a23a78f95fb6d91868c17f05c3fe4583288480a508a3ea5964175c6d8d22791a9911330ec8c7b9175

Download Submit
C:\Windows\system\VTrBCeV.exe

Filesize
6.0MB

MD5
d73e32ad8ab3494a7c2a0653a7c677e9

SHA1
67d98ae40047765490508a24049f27f6028d28a9

SHA256
4b1609c363644c76b73f4aa66c92b4a9edea8bbbfd1f87bf44b3852c0df1e927

SHA512
05e278a2cb7210870e6fdd5e99f4a5d7b873d31d1bfb1eaee91d10a439577408f173949a1dce5b9ccf638faf499250286a11228a3dc942b6cb80ddaeac10b3f1

Download Submit
C:\Windows\system\VpaZwhg.exe

Filesize
6.0MB

MD5
a7a848ca4050f4c470475a7b73efc0bb

SHA1
83bb9f6d139e222eb44b5bf3dcb62b8cb8a260e4

SHA256
8c51f10e948bf795b2969db4ccb855ce9adc281ec4586b0739b601d2cc370997

SHA512
e8d0249a2d637b5c32b714389737b3cd8df15408d42b382f41ea204ce8efd877fde104166a6c84ac771413373fe8e9484a188b20d075fda373e1ba85c0a40ff2

Download Submit
C:\Windows\system\XBTKYbt.exe

Filesize
6.0MB

MD5
ab0b4f64a26ec040e639244261174d94

SHA1
ec1d4a8b6af1d83b230e0e3a1db463d1d28ac88a

SHA256
0aff404c03667b29669a20557b9095a58efbbe32a59d4ca5bd50f8437eb35fef

SHA512
2d78444b59e65ef89ffb7a8adc49e6bef907983191d59ee23f50e4bef964cd919578e4819b22470d8b9de92b0e051b7fb69e10f45e7e60cda39a7d780bc104e3

Download Submit
C:\Windows\system\XMFGrCa.exe

Filesize
6.0MB

MD5
b56ebb7ff140c13b49a1573566a92e33

SHA1
0eeda36d08e0a297b39be90a102b80b8db9aa5df

SHA256
d6d2347f8f1aa42b0a8e944276b0235384ce7b3a48a1de4f7fba79b3f1850664

SHA512
e0b243994014eb679d0f4b10a6617449ebcd2174e7e96dfcd5290f5e9b453bdbe3ef5586dbfd7d78c482438cac99004dd6b478bfb71d189e17339e693030f51e

Download Submit
C:\Windows\system\ZsEfcBs.exe

Filesize
6.0MB

MD5
9a2aad24ee73b6ec998c896c17fe2429

SHA1
a0f6e4f7b3dddc08d4dbadfd0ce5100b5cbde4ca

SHA256
f5749740290ea98fab4993dbd303ca1257301f394b641a6dda8b6083a553cce4

SHA512
a5e7ff2709bf2a32adc998c03ef254340cfac07cf0504846ea68f65653b5da18a78f78a2c6177ed9c9682f8595510f404703404728782c66b89202d372b47173

Download Submit
C:\Windows\system\dYRaIQi.exe

Filesize
6.0MB

MD5
1b9bdfcb5efef27e6ee7bea87f0064a1

SHA1
0a749d0afdc86f00dfb91bea534941a01f33ca46

SHA256
978fb82b6f661397458192b426b4294bf79752a5e083d6925fa1b310875c0fe3

SHA512
c6032a510219f60658bd8ce3dd0bcbd201ce5d713085cb3828b9c1a15f414d7664571e6ef787999bfd579e586e3a08f75a83aa5a589007fb48d038a54d1848f3

Download Submit
C:\Windows\system\hDYDmUm.exe

Filesize
6.0MB

MD5
001150d588bf07c122a09994bc3eee24

SHA1
5ee649cb20509d5227b147eeb82fdb551171799a

SHA256
b8288d5ba384bd71fe74756dd0eca302259daff19fd85f6917144bf1065f770e

SHA512
d2e3af74daacc0bce29b289f2c10d1d43fc83d78c12d9ebeea0e6afdd7e4b2f05dd8a39b0ad6270f57af197e9af95631ff981eed5a12b38abc5f91ca3bdaa85f

Download Submit
C:\Windows\system\iMljWgD.exe

Filesize
6.0MB

MD5
3d711f5be0dd7d88031bb72e1377d7b7

SHA1
67763b43ce88083285d0b0972a4c3cb897a3ce47

SHA256
688ec7f0d1b653edeb3bb201a8b37d3b092e93c35d366807c9c0491b4215948d

SHA512
d304552834cc37a872b089852d455605a7f562fd2ee37bc2b8fb40090cc148db8604882b7542c9fea1dd30978c297d48e63ad71a94e378432fc3b91074a6d6c6

Download Submit
C:\Windows\system\mDEznBG.exe

Filesize
6.0MB

MD5
edea8b469d516a531ec924955741ee7b

SHA1
997f17b29e2013403d0048018e485fffdaf1fe4e

SHA256
eb9321640e34a3d1fbfb852dfd1b45400535e72e598475e4300b77a62554acaf

SHA512
3f9ac835745c62f851697291c3c83f1ef5578ca9c32b0eca163001241798ebadfeea4370df178a14d3efea651daaa4a201c60536a53fedd5625dc3856205d33c

Download Submit
C:\Windows\system\mEPEAMR.exe

Filesize
6.0MB

MD5
c91288876e5799c1855d31296a626e6e

SHA1
477eb3e6ed140fe7c342a6aa66a06dfda2c1f369

SHA256
041076c5940ac37fc8a62d914e9cc3e654ba8e5be9f97c5c5e272465847fa8ff

SHA512
166330eb5d8b2a339dfe58e634dd44f51a415090ef535da7d69fea2c6feed6c7232344d28344a733d0b760f4b7e7f1243b2ed89852a52925b30c6e5feba7a810

Download Submit
C:\Windows\system\oMRhMVj.exe

Filesize
6.0MB

MD5
11c87bfb5e8a24cb1d06ecd6bce91bc3

SHA1
09ae7bf4d9d83e4bbcb5f66d1f2946d083297864

SHA256
ca954b2431432d6f2ef97c6a4d0c2b99d85c5bc665428190f45090765488881b

SHA512
7110bd75ae25ccf5e324f36ce6e3d66e176e926eb6b7c4575c2019c93c73141baaeb2f6ff954f1c996541581c7352af4fffa51c2d148b71322c4e941ec7716e8

Download Submit
C:\Windows\system\osvELVN.exe

Filesize
6.0MB

MD5
bf660dd7bc825e4cb3bf6c9f39f9fd09

SHA1
4a440abeeb643fed29b4242309175e9d5977bed2

SHA256
f2abd61ddfe0dbf1b5b35501a24a3c21c41421fb59eda8d0bd845f55ee27ec41

SHA512
dc37b72a3410873e52afb540b680ea0dec11cd75df9c01bfdbe9c2fcec57f4f6c7e407f6e2737943ede452b8f9832cc8a907d8db3a32b29c10a54e352a65e087

Download Submit
C:\Windows\system\pYVlBCm.exe

Filesize
6.0MB

MD5
6558b306e56c338aa60c57f0e43a654d

SHA1
da6c2288fe5945c2ec869c46ae5e5cd40ab9acee

SHA256
0d720c4ea5b78164281d3c5e5a1fce9c7ab81d799fc47060c803fa5effef14e6

SHA512
348fd65bb8bbcc65c27c8995cc185f1bfead532e0aefc2fdfb55a70d912651cd6a07acfe219d759bf1140f8ed761a11721f0285cd5d084f0e25f75875679ad46

Download Submit
C:\Windows\system\qoXLJmk.exe

Filesize
6.0MB

MD5
9348b9d52c3e1fbbfd2f6b65dfc5025d

SHA1
7bf242563a1720b4724f8cccc3c11ed53fec7df7

SHA256
7da02f86af0984f6223ba0d033982e98ff55483b1581c3b62fda16be01237a4c

SHA512
6a3af78cbd1800b79e02bc8d20b3b8db3db8ef455ca048d76b1bc5a9c1d97669cedf2a279ed25394992f71e5a2c60e380ee868e40d2fa40e61c493d249963332

Download Submit
C:\Windows\system\siYwwyx.exe

Filesize
6.0MB

MD5
16bcdf85f1035dbcd10305ac64199d08

SHA1
c43035cdad943f5e64434a6af8733ee98bb62ebe

SHA256
9f09e50bd0f559d08553c60c57321a2f4a08f66fdbeefcf1c239331c65d140f2

SHA512
4bcf376d08f4e7cb6e28bd3c39174e8e11164abe3703d51be3acdcdb37dc4e652ac7049091fa7f81e3ba6c4313c89692ba35cb7564d528b1e32b4a98db748ff4

Download Submit
C:\Windows\system\wBUfkif.exe

Filesize
6.0MB

MD5
e9f91f7bfd7837dde292e2539d7793be

SHA1
b3c435eaa34aad2dce8133ce15ffd9368cb871a7

SHA256
b5012cd42eb155c77bd7a4c768ca4e302444e61f3c97669f0ecec1c22eb9d7cb

SHA512
3abe168e90c634a394e634b927c69bdab30a735ed5e7cea0573b62958ea749fa5cc1aeea28bf9a65d0ae4145fdc1fddfc3c11b5fe66a48516ef31d5a27d2cb79

Download Submit
C:\Windows\system\wILCxhP.exe

Filesize
6.0MB

MD5
cdf83899143ace69957fd8556c764c42

SHA1
2975596f6c6bd29ed1d04336a64727a0459a3f6f

SHA256
5e5b1d1ed71e85e6e7e8383a397bbda4df2345153486be56fac0b8fb60fcb64b

SHA512
70ac524e833b4a771599ffc1b1438c493f5713f15d0f47c3fdf4c2aaa904ebd95cf5629f738dd518ba7b89bf48b25b38ce9994bc2f860287e819a2a45c8381cb

Download Submit
C:\Windows\system\zGTCZOt.exe

Filesize
6.0MB

MD5
d320684a3b74f8a87afb389669472d36

SHA1
8430dd5904d43f18c46779a2f77620586f75672a

SHA256
71e3ea89ca676479127f01e4b4902ec928817fcd1a78e8157104c700ba6225c0

SHA512
71d66da9c341062aa94cf228199b88cdc0adeb466976c6fd572bb2aa30daf146a480a2de70297e9057a4d4be1e1128e7e826f0f7c0b4d4a1967413b1e4a27633

Download Submit
\Windows\system\BwlUiiW.exe

Filesize
6.0MB

MD5
bd64b56c7014d281b6d9ef67230abeac

SHA1
6c2af9e850711c301a24b043ab1d036354f72a9d

SHA256
dddfcd4869c108488e895f9306a7f19df5f0c820a36c65695a8ee656fd034b0f

SHA512
f537bacedec6b173c74d9b008131c34f3e43dd0fbfce68d71a8cffcf898100a3250bf422fa471a3cf95d8ac615ef927591c28ffa1a6692e2d62ae8b9b9366119

Download Submit
\Windows\system\FTUmPQu.exe

Filesize
6.0MB

MD5
9ac1297650e13c3b53264f2aacc3078c

SHA1
5b92eec1a21a90b74cd9a5e165c447e8789b288c

SHA256
6263402866bf1cc4ae5e755d841011f3cf5c3e53103f5f35f080ce587d8fd1ea

SHA512
f67a26b768e0cb0b0fd997a4b57002d71b840f24cd728842c967d4794830c7cb788b98a86f2d8c3baa2313e7868e1b1b8bd55827eafb8b942d4d9afbdfae7f5b

Download Submit
\Windows\system\bBUIhja.exe

Filesize
6.0MB

MD5
b674c1b7461d7611c504eb42b54a3cf4

SHA1
6de99b0e6a8481641da4c2514d25e74deda527a8

SHA256
e9fd42da668ff5a72eb79f618eb74185f9ae9f48edb85dffdf4c4facecde8242

SHA512
4d3928d0a2df54333f4768acec93b8e9b7c48c60d759c2f11028ba67a3cf20b10eb284ecbc74822ee5d36802687b2da6e9b74f941b108d6ae996bdf9be0df544

Download Submit
\Windows\system\pEqkHHX.exe

Filesize
6.0MB

MD5
bbe3ef1808132ddce5f639f13f8be91d

SHA1
c9f960ba0edf427a6b76819e436e5576d754af24

SHA256
77e02e93d02948f91c6662eef78f22f7c24935bb9846607f5ea74561925f3b35

SHA512
5e2446e06c8fed9ec79f1cd28beb9c10d521f38b19640fc9a57f658303d995b33fc4d05281fa8506a920ede2fb3106284d24d8b460849e272713e0a190219791

Download Submit
memory/884-1777-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/884-74-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/1468-1871-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1468-96-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1772-102-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1772-1902-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1932-64-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1932-1758-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2164-63-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2164-0-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2164-244-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-506-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/2164-49-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2164-40-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/2164-289-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/2164-24-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2164-22-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-390-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/2164-134-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/2164-73-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/2164-20-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/2164-34-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2164-70-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2164-108-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/2164-71-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/2164-26-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/2164-97-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/2164-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2164-95-0x0000000002200000-0x0000000002554000-memory.dmp

Filesize
3.3MB

Download
memory/2164-85-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-245-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-86-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1872-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-242-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2452-77-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2452-1846-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2576-84-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2576-45-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2576-1737-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2588-1682-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-33-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-57-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2796-1739-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2856-1742-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-36-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-83-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-1706-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-35-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-1738-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2900-56-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2948-23-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-1720-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-25-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2968-1691-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download