cobaltstrike | aaaa138368ec8fbbdf79a3fa6e33397552bc9135bf759ad16afa67a7cfd932ff

Analysis

max time kernel
149s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

010b062d1a32bd61c7c5e3dc18f9b3d7
SHA1

bf5762cbdfac65af3b3a15f2f4bb53d37ebc0177
SHA256

aaaa138368ec8fbbdf79a3fa6e33397552bc9135bf759ad16afa67a7cfd932ff
SHA512

8bebec4c4490d405a4218dcb158d1b3a35fcd92482701946880498a0b77e608602e9269d7883fdb78e1aade2a613087308778327b4facf3ff35cf05e592b417f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUO:T+q56utgpPF8u/7O

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\system\DRDnsNh.exe	cobalt_reflective_dll
\Windows\system\rFErfpg.exe	cobalt_reflective_dll
C:\Windows\system\eqwZHCx.exe	cobalt_reflective_dll
\Windows\system\mZbiAnZ.exe	cobalt_reflective_dll
C:\Windows\system\aaEXlLl.exe	cobalt_reflective_dll
C:\Windows\system\CYvxqPe.exe	cobalt_reflective_dll
C:\Windows\system\JVNLbAz.exe	cobalt_reflective_dll
C:\Windows\system\IyLyfgj.exe	cobalt_reflective_dll
C:\Windows\system\aBLlazF.exe	cobalt_reflective_dll
\Windows\system\kWgrJjr.exe	cobalt_reflective_dll
\Windows\system\JYBxYSy.exe	cobalt_reflective_dll
C:\Windows\system\pnFkFyQ.exe	cobalt_reflective_dll
C:\Windows\system\rUprvfc.exe	cobalt_reflective_dll
\Windows\system\pNPsDCK.exe	cobalt_reflective_dll
C:\Windows\system\JnuUuKK.exe	cobalt_reflective_dll
C:\Windows\system\NSWjixb.exe	cobalt_reflective_dll
C:\Windows\system\SZsaUbT.exe	cobalt_reflective_dll
C:\Windows\system\wHebEox.exe	cobalt_reflective_dll
C:\Windows\system\IMJKLGZ.exe	cobalt_reflective_dll
C:\Windows\system\SxNxZnd.exe	cobalt_reflective_dll
C:\Windows\system\shyLHlc.exe	cobalt_reflective_dll
C:\Windows\system\YiXGFxr.exe	cobalt_reflective_dll
C:\Windows\system\YncbkwV.exe	cobalt_reflective_dll
C:\Windows\system\dSppgwq.exe	cobalt_reflective_dll
C:\Windows\system\MZIdsDC.exe	cobalt_reflective_dll
C:\Windows\system\AqdJVST.exe	cobalt_reflective_dll
C:\Windows\system\ZWIOnXv.exe	cobalt_reflective_dll
C:\Windows\system\yzjAJMU.exe	cobalt_reflective_dll
C:\Windows\system\VkwNpme.exe	cobalt_reflective_dll
C:\Windows\system\wTSmjAU.exe	cobalt_reflective_dll
C:\Windows\system\eBfQLke.exe	cobalt_reflective_dll
C:\Windows\system\RiMKKeH.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/576-0-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
C:\Windows\system\DRDnsNh.exe	xmrig
\Windows\system\rFErfpg.exe	xmrig
C:\Windows\system\eqwZHCx.exe	xmrig
behavioral1/memory/2460-21-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2252-20-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2888-19-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
\Windows\system\mZbiAnZ.exe	xmrig
C:\Windows\system\aaEXlLl.exe	xmrig
behavioral1/memory/1468-35-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
C:\Windows\system\CYvxqPe.exe	xmrig
behavioral1/memory/2912-48-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
C:\Windows\system\JVNLbAz.exe	xmrig
behavioral1/memory/576-58-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
C:\Windows\system\IyLyfgj.exe	xmrig
behavioral1/memory/2860-65-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
C:\Windows\system\aBLlazF.exe	xmrig
\Windows\system\kWgrJjr.exe	xmrig
\Windows\system\JYBxYSy.exe	xmrig
behavioral1/memory/576-110-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
C:\Windows\system\pnFkFyQ.exe	xmrig
behavioral1/memory/576-115-0x00000000023E0000-0x0000000002734000-memory.dmp	xmrig
behavioral1/memory/1636-109-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/576-97-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/940-96-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/576-119-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
C:\Windows\system\rUprvfc.exe	xmrig
\Windows\system\pNPsDCK.exe	xmrig
C:\Windows\system\JnuUuKK.exe	xmrig
C:\Windows\system\NSWjixb.exe	xmrig
C:\Windows\system\SZsaUbT.exe	xmrig
behavioral1/memory/2252-512-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2460-526-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2888-522-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2896-571-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2168-586-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/1468-554-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2912-589-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2752-590-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2552-663-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2700-676-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/1636-677-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/940-658-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/3052-653-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2860-601-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
C:\Windows\system\wHebEox.exe	xmrig
C:\Windows\system\IMJKLGZ.exe	xmrig
C:\Windows\system\SxNxZnd.exe	xmrig
C:\Windows\system\shyLHlc.exe	xmrig
C:\Windows\system\YiXGFxr.exe	xmrig
C:\Windows\system\YncbkwV.exe	xmrig
C:\Windows\system\dSppgwq.exe	xmrig
C:\Windows\system\MZIdsDC.exe	xmrig
C:\Windows\system\AqdJVST.exe	xmrig
C:\Windows\system\ZWIOnXv.exe	xmrig
behavioral1/memory/2700-94-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
C:\Windows\system\yzjAJMU.exe	xmrig
behavioral1/memory/2912-105-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
C:\Windows\system\VkwNpme.exe	xmrig
C:\Windows\system\wTSmjAU.exe	xmrig
behavioral1/memory/3052-79-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2552-72-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
C:\Windows\system\eBfQLke.exe	xmrig
C:\Windows\system\RiMKKeH.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

DRDnsNh.exerFErfpg.exeeqwZHCx.exemZbiAnZ.exeaaEXlLl.exeCYvxqPe.exeJVNLbAz.exeRiMKKeH.exeIyLyfgj.exeaBLlazF.exeeBfQLke.exeyzjAJMU.exewTSmjAU.exekWgrJjr.exeVkwNpme.exeJYBxYSy.exepnFkFyQ.exeZWIOnXv.exeAqdJVST.exerUprvfc.exeMZIdsDC.exedSppgwq.exeYncbkwV.exepNPsDCK.exeYiXGFxr.exeJnuUuKK.exeshyLHlc.exeSxNxZnd.exeNSWjixb.exeIMJKLGZ.exeSZsaUbT.exewHebEox.exeNMeiTOO.exesddfmic.exeiQYRWCy.exekweyiQc.exebkHmXOW.exeJWUgjMq.exeaMwEcph.exedrFembo.exeRFlqUti.exeuDWeDtf.exektGXgpX.exexZMXrnc.exeJBUHnkH.exeCQmKmDg.exeylXgWLR.execOeyhva.exepcAuZpq.exeLnMpEVF.exeQELakRL.exeWNyStkq.exeFqmQZbf.exeuWRilVM.exeWELpijp.exefPygvDx.exeUxYogIL.exegRqbmvV.exetFbYbft.exeEuWrwjH.exekdicOWH.execMuZpze.exemFYbDGJ.exenHnfgmK.exe

pid	process
2252	DRDnsNh.exe
2460	rFErfpg.exe
2888	eqwZHCx.exe
2896	mZbiAnZ.exe
1468	aaEXlLl.exe
2168	CYvxqPe.exe
2912	JVNLbAz.exe
2752	RiMKKeH.exe
2860	IyLyfgj.exe
2552	aBLlazF.exe
3052	eBfQLke.exe
2700	yzjAJMU.exe
940	wTSmjAU.exe
1636	kWgrJjr.exe
1888	VkwNpme.exe
3008	JYBxYSy.exe
2176	pnFkFyQ.exe
3032	ZWIOnXv.exe
2236	AqdJVST.exe
304	rUprvfc.exe
1112	MZIdsDC.exe
676	dSppgwq.exe
2472	YncbkwV.exe
2060	pNPsDCK.exe
1088	YiXGFxr.exe
2528	JnuUuKK.exe
1644	shyLHlc.exe
2436	SxNxZnd.exe
900	NSWjixb.exe
1936	IMJKLGZ.exe
708	SZsaUbT.exe
956	wHebEox.exe
1952	NMeiTOO.exe
1224	sddfmic.exe
1464	iQYRWCy.exe
2668	kweyiQc.exe
2388	bkHmXOW.exe
1804	JWUgjMq.exe
1896	aMwEcph.exe
1084	drFembo.exe
2188	RFlqUti.exe
108	uDWeDtf.exe
948	ktGXgpX.exe
2692	xZMXrnc.exe
2544	JBUHnkH.exe
1288	CQmKmDg.exe
580	ylXgWLR.exe
2208	cOeyhva.exe
1728	pcAuZpq.exe
688	LnMpEVF.exe
2572	QELakRL.exe
2140	WNyStkq.exe
1560	FqmQZbf.exe
2992	uWRilVM.exe
1172	WELpijp.exe
2776	fPygvDx.exe
2904	UxYogIL.exe
2504	gRqbmvV.exe
2812	tFbYbft.exe
2112	EuWrwjH.exe
1476	kdicOWH.exe
1168	cMuZpze.exe
2372	mFYbDGJ.exe
2728	nHnfgmK.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/576-0-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
C:\Windows\system\DRDnsNh.exe	upx
\Windows\system\rFErfpg.exe	upx
C:\Windows\system\eqwZHCx.exe	upx
behavioral1/memory/2460-21-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2252-20-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2888-19-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
\Windows\system\mZbiAnZ.exe	upx
C:\Windows\system\aaEXlLl.exe	upx
behavioral1/memory/1468-35-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
C:\Windows\system\CYvxqPe.exe	upx
behavioral1/memory/2912-48-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
C:\Windows\system\JVNLbAz.exe	upx
behavioral1/memory/576-58-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
C:\Windows\system\IyLyfgj.exe	upx
behavioral1/memory/2860-65-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
C:\Windows\system\aBLlazF.exe	upx
\Windows\system\kWgrJjr.exe	upx
\Windows\system\JYBxYSy.exe	upx
C:\Windows\system\pnFkFyQ.exe	upx
behavioral1/memory/1636-109-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/940-96-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
C:\Windows\system\rUprvfc.exe	upx
\Windows\system\pNPsDCK.exe	upx
C:\Windows\system\JnuUuKK.exe	upx
C:\Windows\system\NSWjixb.exe	upx
C:\Windows\system\SZsaUbT.exe	upx
behavioral1/memory/2252-512-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2460-526-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2888-522-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2896-571-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2168-586-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/1468-554-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2912-589-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2752-590-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2552-663-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2700-676-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/1636-677-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/940-658-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/3052-653-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2860-601-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
C:\Windows\system\wHebEox.exe	upx
C:\Windows\system\IMJKLGZ.exe	upx
C:\Windows\system\SxNxZnd.exe	upx
C:\Windows\system\shyLHlc.exe	upx
C:\Windows\system\YiXGFxr.exe	upx
C:\Windows\system\YncbkwV.exe	upx
C:\Windows\system\dSppgwq.exe	upx
C:\Windows\system\MZIdsDC.exe	upx
C:\Windows\system\AqdJVST.exe	upx
C:\Windows\system\ZWIOnXv.exe	upx
behavioral1/memory/2700-94-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
C:\Windows\system\yzjAJMU.exe	upx
behavioral1/memory/2912-105-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
C:\Windows\system\VkwNpme.exe	upx
C:\Windows\system\wTSmjAU.exe	upx
behavioral1/memory/3052-79-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2552-72-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
C:\Windows\system\eBfQLke.exe	upx
C:\Windows\system\RiMKKeH.exe	upx
behavioral1/memory/2752-57-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2168-45-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2896-28-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\IKoTpCn.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pJbGmWM.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UEEoxzW.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nvrFkMr.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AlJLNzU.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFbYbft.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fviDARe.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DgQvVYY.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wNZSnBw.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNvlWOR.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nHnfgmK.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aJYHgme.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHqhoaZ.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\InaGiVL.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rjKvNSy.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FystDtb.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LGTWDQL.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LgCWApf.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cEnFPYq.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\agHOrXc.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hMQzFHJ.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WhjlKcz.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zaeSexk.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrqTwSq.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XWcyaYx.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\biWXuvl.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ejrITUx.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QvVDqPI.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FnBQlVf.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\naIIZAx.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dDQwbyF.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YnpJfAw.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGFiCtS.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\heiSRGp.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\etGDWcn.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ihXkdXv.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cFmonhU.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BbITALO.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdicOWH.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LWTcfvE.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IakVEJS.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNAzyRD.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wWfoada.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lCwFlvW.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gmPtMQn.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNfHTcX.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrVaOLZ.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YZLnOQr.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\paJmAXx.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lmurZNz.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dyEHtDQ.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vxynGpq.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OestmYq.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VRpPIkV.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SGCDsHY.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGYVJAM.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KTiVygA.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GfotWnq.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wvmVhEt.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNJCpRa.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOboWtD.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EquTUec.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtECJHz.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OWNYtab.exe	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 576 wrote to memory of 2252	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	DRDnsNh.exe
PID 576 wrote to memory of 2252	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	DRDnsNh.exe
PID 576 wrote to memory of 2252	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	DRDnsNh.exe
PID 576 wrote to memory of 2460	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	rFErfpg.exe
PID 576 wrote to memory of 2460	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	rFErfpg.exe
PID 576 wrote to memory of 2460	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	rFErfpg.exe
PID 576 wrote to memory of 2888	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	eqwZHCx.exe
PID 576 wrote to memory of 2888	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	eqwZHCx.exe
PID 576 wrote to memory of 2888	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	eqwZHCx.exe
PID 576 wrote to memory of 2896	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	mZbiAnZ.exe
PID 576 wrote to memory of 2896	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	mZbiAnZ.exe
PID 576 wrote to memory of 2896	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	mZbiAnZ.exe
PID 576 wrote to memory of 1468	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	aaEXlLl.exe
PID 576 wrote to memory of 1468	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	aaEXlLl.exe
PID 576 wrote to memory of 1468	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	aaEXlLl.exe
PID 576 wrote to memory of 2168	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	CYvxqPe.exe
PID 576 wrote to memory of 2168	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	CYvxqPe.exe
PID 576 wrote to memory of 2168	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	CYvxqPe.exe
PID 576 wrote to memory of 2912	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	JVNLbAz.exe
PID 576 wrote to memory of 2912	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	JVNLbAz.exe
PID 576 wrote to memory of 2912	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	JVNLbAz.exe
PID 576 wrote to memory of 2752	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	RiMKKeH.exe
PID 576 wrote to memory of 2752	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	RiMKKeH.exe
PID 576 wrote to memory of 2752	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	RiMKKeH.exe
PID 576 wrote to memory of 2860	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	IyLyfgj.exe
PID 576 wrote to memory of 2860	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	IyLyfgj.exe
PID 576 wrote to memory of 2860	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	IyLyfgj.exe
PID 576 wrote to memory of 2552	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	aBLlazF.exe
PID 576 wrote to memory of 2552	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	aBLlazF.exe
PID 576 wrote to memory of 2552	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	aBLlazF.exe
PID 576 wrote to memory of 3052	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	eBfQLke.exe
PID 576 wrote to memory of 3052	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	eBfQLke.exe
PID 576 wrote to memory of 3052	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	eBfQLke.exe
PID 576 wrote to memory of 2700	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	yzjAJMU.exe
PID 576 wrote to memory of 2700	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	yzjAJMU.exe
PID 576 wrote to memory of 2700	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	yzjAJMU.exe
PID 576 wrote to memory of 940	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	wTSmjAU.exe
PID 576 wrote to memory of 940	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	wTSmjAU.exe
PID 576 wrote to memory of 940	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	wTSmjAU.exe
PID 576 wrote to memory of 1636	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	kWgrJjr.exe
PID 576 wrote to memory of 1636	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	kWgrJjr.exe
PID 576 wrote to memory of 1636	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	kWgrJjr.exe
PID 576 wrote to memory of 1888	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	VkwNpme.exe
PID 576 wrote to memory of 1888	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	VkwNpme.exe
PID 576 wrote to memory of 1888	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	VkwNpme.exe
PID 576 wrote to memory of 3008	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	JYBxYSy.exe
PID 576 wrote to memory of 3008	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	JYBxYSy.exe
PID 576 wrote to memory of 3008	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	JYBxYSy.exe
PID 576 wrote to memory of 2176	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	pnFkFyQ.exe
PID 576 wrote to memory of 2176	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	pnFkFyQ.exe
PID 576 wrote to memory of 2176	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	pnFkFyQ.exe
PID 576 wrote to memory of 3032	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	ZWIOnXv.exe
PID 576 wrote to memory of 3032	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	ZWIOnXv.exe
PID 576 wrote to memory of 3032	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	ZWIOnXv.exe
PID 576 wrote to memory of 2236	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	AqdJVST.exe
PID 576 wrote to memory of 2236	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	AqdJVST.exe
PID 576 wrote to memory of 2236	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	AqdJVST.exe
PID 576 wrote to memory of 304	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	rUprvfc.exe
PID 576 wrote to memory of 304	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	rUprvfc.exe
PID 576 wrote to memory of 304	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	rUprvfc.exe
PID 576 wrote to memory of 1112	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	MZIdsDC.exe
PID 576 wrote to memory of 1112	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	MZIdsDC.exe
PID 576 wrote to memory of 1112	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	MZIdsDC.exe
PID 576 wrote to memory of 676	576	2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe	dSppgwq.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_010b062d1a32bd61c7c5e3dc18f9b3d7_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:576
- C:\Windows\System\DRDnsNh.exe
  C:\Windows\System\DRDnsNh.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\rFErfpg.exe
  C:\Windows\System\rFErfpg.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\eqwZHCx.exe
  C:\Windows\System\eqwZHCx.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\mZbiAnZ.exe
  C:\Windows\System\mZbiAnZ.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\aaEXlLl.exe
  C:\Windows\System\aaEXlLl.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\CYvxqPe.exe
  C:\Windows\System\CYvxqPe.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\JVNLbAz.exe
  C:\Windows\System\JVNLbAz.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\RiMKKeH.exe
  C:\Windows\System\RiMKKeH.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\IyLyfgj.exe
  C:\Windows\System\IyLyfgj.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\aBLlazF.exe
  C:\Windows\System\aBLlazF.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\eBfQLke.exe
  C:\Windows\System\eBfQLke.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\yzjAJMU.exe
  C:\Windows\System\yzjAJMU.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\wTSmjAU.exe
  C:\Windows\System\wTSmjAU.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\kWgrJjr.exe
  C:\Windows\System\kWgrJjr.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\VkwNpme.exe
  C:\Windows\System\VkwNpme.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\JYBxYSy.exe
  C:\Windows\System\JYBxYSy.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\pnFkFyQ.exe
  C:\Windows\System\pnFkFyQ.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\ZWIOnXv.exe
  C:\Windows\System\ZWIOnXv.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\AqdJVST.exe
  C:\Windows\System\AqdJVST.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\rUprvfc.exe
  C:\Windows\System\rUprvfc.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\MZIdsDC.exe
  C:\Windows\System\MZIdsDC.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\dSppgwq.exe
  C:\Windows\System\dSppgwq.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\YncbkwV.exe
  C:\Windows\System\YncbkwV.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\pNPsDCK.exe
  C:\Windows\System\pNPsDCK.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\YiXGFxr.exe
  C:\Windows\System\YiXGFxr.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\JnuUuKK.exe
  C:\Windows\System\JnuUuKK.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\shyLHlc.exe
  C:\Windows\System\shyLHlc.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\SxNxZnd.exe
  C:\Windows\System\SxNxZnd.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\NSWjixb.exe
  C:\Windows\System\NSWjixb.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\IMJKLGZ.exe
  C:\Windows\System\IMJKLGZ.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\SZsaUbT.exe
  C:\Windows\System\SZsaUbT.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\wHebEox.exe
  C:\Windows\System\wHebEox.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\NMeiTOO.exe
  C:\Windows\System\NMeiTOO.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\sddfmic.exe
  C:\Windows\System\sddfmic.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\iQYRWCy.exe
  C:\Windows\System\iQYRWCy.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\JWUgjMq.exe
  C:\Windows\System\JWUgjMq.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\kweyiQc.exe
  C:\Windows\System\kweyiQc.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\drFembo.exe
  C:\Windows\System\drFembo.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\bkHmXOW.exe
  C:\Windows\System\bkHmXOW.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\RFlqUti.exe
  C:\Windows\System\RFlqUti.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\aMwEcph.exe
  C:\Windows\System\aMwEcph.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\uDWeDtf.exe
  C:\Windows\System\uDWeDtf.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\ktGXgpX.exe
  C:\Windows\System\ktGXgpX.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\xZMXrnc.exe
  C:\Windows\System\xZMXrnc.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\JBUHnkH.exe
  C:\Windows\System\JBUHnkH.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\CQmKmDg.exe
  C:\Windows\System\CQmKmDg.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\ylXgWLR.exe
  C:\Windows\System\ylXgWLR.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\cOeyhva.exe
  C:\Windows\System\cOeyhva.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\pcAuZpq.exe
  C:\Windows\System\pcAuZpq.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\QELakRL.exe
  C:\Windows\System\QELakRL.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\LnMpEVF.exe
  C:\Windows\System\LnMpEVF.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\FqmQZbf.exe
  C:\Windows\System\FqmQZbf.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\WNyStkq.exe
  C:\Windows\System\WNyStkq.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\WELpijp.exe
  C:\Windows\System\WELpijp.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\uWRilVM.exe
  C:\Windows\System\uWRilVM.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\fPygvDx.exe
  C:\Windows\System\fPygvDx.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\UxYogIL.exe
  C:\Windows\System\UxYogIL.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\gRqbmvV.exe
  C:\Windows\System\gRqbmvV.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\tFbYbft.exe
  C:\Windows\System\tFbYbft.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\cMuZpze.exe
  C:\Windows\System\cMuZpze.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\EuWrwjH.exe
  C:\Windows\System\EuWrwjH.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\mFYbDGJ.exe
  C:\Windows\System\mFYbDGJ.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\kdicOWH.exe
  C:\Windows\System\kdicOWH.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\nHnfgmK.exe
  C:\Windows\System\nHnfgmK.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\LBtfusT.exe
  C:\Windows\System\LBtfusT.exe
  2⤵
  PID:1968
- C:\Windows\System\LXKzXOd.exe
  C:\Windows\System\LXKzXOd.exe
  2⤵
  PID:1096
- C:\Windows\System\PPktLak.exe
  C:\Windows\System\PPktLak.exe
  2⤵
  PID:788
- C:\Windows\System\xWhvQXm.exe
  C:\Windows\System\xWhvQXm.exe
  2⤵
  PID:2304
- C:\Windows\System\iygfsjK.exe
  C:\Windows\System\iygfsjK.exe
  2⤵
  PID:2492
- C:\Windows\System\VkHlgVl.exe
  C:\Windows\System\VkHlgVl.exe
  2⤵
  PID:2704
- C:\Windows\System\dRdibhc.exe
  C:\Windows\System\dRdibhc.exe
  2⤵
  PID:1956
- C:\Windows\System\owVcQuk.exe
  C:\Windows\System\owVcQuk.exe
  2⤵
  PID:1064
- C:\Windows\System\tGqjrFE.exe
  C:\Windows\System\tGqjrFE.exe
  2⤵
  PID:2228
- C:\Windows\System\YiVQHLk.exe
  C:\Windows\System\YiVQHLk.exe
  2⤵
  PID:2960
- C:\Windows\System\fQYBWJg.exe
  C:\Windows\System\fQYBWJg.exe
  2⤵
  PID:1916
- C:\Windows\System\MczqwyW.exe
  C:\Windows\System\MczqwyW.exe
  2⤵
  PID:1780
- C:\Windows\System\TgGnMsL.exe
  C:\Windows\System\TgGnMsL.exe
  2⤵
  PID:2232
- C:\Windows\System\dGgbIvF.exe
  C:\Windows\System\dGgbIvF.exe
  2⤵
  PID:952
- C:\Windows\System\VTQDZHV.exe
  C:\Windows\System\VTQDZHV.exe
  2⤵
  PID:2688
- C:\Windows\System\pvhDMCg.exe
  C:\Windows\System\pvhDMCg.exe
  2⤵
  PID:392
- C:\Windows\System\beQiQAD.exe
  C:\Windows\System\beQiQAD.exe
  2⤵
  PID:1716
- C:\Windows\System\XesDRxi.exe
  C:\Windows\System\XesDRxi.exe
  2⤵
  PID:2540
- C:\Windows\System\JLkPyxa.exe
  C:\Windows\System\JLkPyxa.exe
  2⤵
  PID:2128
- C:\Windows\System\OvZRzvs.exe
  C:\Windows\System\OvZRzvs.exe
  2⤵
  PID:892
- C:\Windows\System\yuFAlCc.exe
  C:\Windows\System\yuFAlCc.exe
  2⤵
  PID:1144
- C:\Windows\System\SSODbdK.exe
  C:\Windows\System\SSODbdK.exe
  2⤵
  PID:3000
- C:\Windows\System\WwSizEw.exe
  C:\Windows\System\WwSizEw.exe
  2⤵
  PID:2584
- C:\Windows\System\SGCDsHY.exe
  C:\Windows\System\SGCDsHY.exe
  2⤵
  PID:2980
- C:\Windows\System\QOJafye.exe
  C:\Windows\System\QOJafye.exe
  2⤵
  PID:3028
- C:\Windows\System\KnRtPnb.exe
  C:\Windows\System\KnRtPnb.exe
  2⤵
  PID:2224
- C:\Windows\System\vTlaalB.exe
  C:\Windows\System\vTlaalB.exe
  2⤵
  PID:2268
- C:\Windows\System\jHXGHdh.exe
  C:\Windows\System\jHXGHdh.exe
  2⤵
  PID:2804
- C:\Windows\System\eVIkiWQ.exe
  C:\Windows\System\eVIkiWQ.exe
  2⤵
  PID:1208
- C:\Windows\System\HsqEExA.exe
  C:\Windows\System\HsqEExA.exe
  2⤵
  PID:2284
- C:\Windows\System\PbcDVnr.exe
  C:\Windows\System\PbcDVnr.exe
  2⤵
  PID:1184
- C:\Windows\System\NcSRRLL.exe
  C:\Windows\System\NcSRRLL.exe
  2⤵
  PID:364
- C:\Windows\System\WVYlGIk.exe
  C:\Windows\System\WVYlGIk.exe
  2⤵
  PID:1752
- C:\Windows\System\eifbcTn.exe
  C:\Windows\System\eifbcTn.exe
  2⤵
  PID:2216
- C:\Windows\System\FnBQlVf.exe
  C:\Windows\System\FnBQlVf.exe
  2⤵
  PID:2088
- C:\Windows\System\RVVwNPT.exe
  C:\Windows\System\RVVwNPT.exe
  2⤵
  PID:2640
- C:\Windows\System\wkZzKYE.exe
  C:\Windows\System\wkZzKYE.exe
  2⤵
  PID:1656
- C:\Windows\System\ilIsKoP.exe
  C:\Windows\System\ilIsKoP.exe
  2⤵
  PID:584
- C:\Windows\System\qotmeDS.exe
  C:\Windows\System\qotmeDS.exe
  2⤵
  PID:1196
- C:\Windows\System\iHDDxRV.exe
  C:\Windows\System\iHDDxRV.exe
  2⤵
  PID:936
- C:\Windows\System\KTVBsME.exe
  C:\Windows\System\KTVBsME.exe
  2⤵
  PID:944
- C:\Windows\System\gcSqpqO.exe
  C:\Windows\System\gcSqpqO.exe
  2⤵
  PID:2680
- C:\Windows\System\ZsiRdMR.exe
  C:\Windows\System\ZsiRdMR.exe
  2⤵
  PID:1724
- C:\Windows\System\DhiJaeo.exe
  C:\Windows\System\DhiJaeo.exe
  2⤵
  PID:2480
- C:\Windows\System\Wswuzbw.exe
  C:\Windows\System\Wswuzbw.exe
  2⤵
  PID:2796
- C:\Windows\System\dbzSMAD.exe
  C:\Windows\System\dbzSMAD.exe
  2⤵
  PID:596
- C:\Windows\System\SNyVrmw.exe
  C:\Windows\System\SNyVrmw.exe
  2⤵
  PID:3020
- C:\Windows\System\YGBxatA.exe
  C:\Windows\System\YGBxatA.exe
  2⤵
  PID:2308
- C:\Windows\System\HBvmbBB.exe
  C:\Windows\System\HBvmbBB.exe
  2⤵
  PID:2084
- C:\Windows\System\AEbiJHT.exe
  C:\Windows\System\AEbiJHT.exe
  2⤵
  PID:1700
- C:\Windows\System\Gyrazvl.exe
  C:\Windows\System\Gyrazvl.exe
  2⤵
  PID:2852
- C:\Windows\System\FKCELSI.exe
  C:\Windows\System\FKCELSI.exe
  2⤵
  PID:3080
- C:\Windows\System\jilKSQn.exe
  C:\Windows\System\jilKSQn.exe
  2⤵
  PID:3100
- C:\Windows\System\EueNACF.exe
  C:\Windows\System\EueNACF.exe
  2⤵
  PID:3116
- C:\Windows\System\bjEgwpt.exe
  C:\Windows\System\bjEgwpt.exe
  2⤵
  PID:3136
- C:\Windows\System\hrVaOLZ.exe
  C:\Windows\System\hrVaOLZ.exe
  2⤵
  PID:3152
- C:\Windows\System\vxbcatw.exe
  C:\Windows\System\vxbcatw.exe
  2⤵
  PID:3172
- C:\Windows\System\EGkdseO.exe
  C:\Windows\System\EGkdseO.exe
  2⤵
  PID:3192
- C:\Windows\System\wckAPnW.exe
  C:\Windows\System\wckAPnW.exe
  2⤵
  PID:3212
- C:\Windows\System\stJarBo.exe
  C:\Windows\System\stJarBo.exe
  2⤵
  PID:3232
- C:\Windows\System\rgbjTfJ.exe
  C:\Windows\System\rgbjTfJ.exe
  2⤵
  PID:3252
- C:\Windows\System\jpvaQFf.exe
  C:\Windows\System\jpvaQFf.exe
  2⤵
  PID:3268
- C:\Windows\System\iBtqWUr.exe
  C:\Windows\System\iBtqWUr.exe
  2⤵
  PID:3360
- C:\Windows\System\okaBGjM.exe
  C:\Windows\System\okaBGjM.exe
  2⤵
  PID:3404
- C:\Windows\System\RwffUMN.exe
  C:\Windows\System\RwffUMN.exe
  2⤵
  PID:3448
- C:\Windows\System\LDdmMLt.exe
  C:\Windows\System\LDdmMLt.exe
  2⤵
  PID:3472
- C:\Windows\System\UNJCpRa.exe
  C:\Windows\System\UNJCpRa.exe
  2⤵
  PID:3492
- C:\Windows\System\KqVKzgU.exe
  C:\Windows\System\KqVKzgU.exe
  2⤵
  PID:3512
- C:\Windows\System\SiVBRZW.exe
  C:\Windows\System\SiVBRZW.exe
  2⤵
  PID:3532
- C:\Windows\System\OUFBZsF.exe
  C:\Windows\System\OUFBZsF.exe
  2⤵
  PID:3552
- C:\Windows\System\ehwSKCu.exe
  C:\Windows\System\ehwSKCu.exe
  2⤵
  PID:3572
- C:\Windows\System\TcQwcdc.exe
  C:\Windows\System\TcQwcdc.exe
  2⤵
  PID:3588
- C:\Windows\System\FQNIyUJ.exe
  C:\Windows\System\FQNIyUJ.exe
  2⤵
  PID:3608
- C:\Windows\System\axbRCBZ.exe
  C:\Windows\System\axbRCBZ.exe
  2⤵
  PID:3624
- C:\Windows\System\DdacACl.exe
  C:\Windows\System\DdacACl.exe
  2⤵
  PID:3644
- C:\Windows\System\QXSkHaw.exe
  C:\Windows\System\QXSkHaw.exe
  2⤵
  PID:3668
- C:\Windows\System\NeaVbvJ.exe
  C:\Windows\System\NeaVbvJ.exe
  2⤵
  PID:3692
- C:\Windows\System\qcXLKgn.exe
  C:\Windows\System\qcXLKgn.exe
  2⤵
  PID:3712
- C:\Windows\System\KsmtwtI.exe
  C:\Windows\System\KsmtwtI.exe
  2⤵
  PID:3732
- C:\Windows\System\xTifSdh.exe
  C:\Windows\System\xTifSdh.exe
  2⤵
  PID:3772
- C:\Windows\System\ihrRYmS.exe
  C:\Windows\System\ihrRYmS.exe
  2⤵
  PID:3788
- C:\Windows\System\lAQTobv.exe
  C:\Windows\System\lAQTobv.exe
  2⤵
  PID:3804
- C:\Windows\System\SdQLEeP.exe
  C:\Windows\System\SdQLEeP.exe
  2⤵
  PID:3824
- C:\Windows\System\iiUTqZt.exe
  C:\Windows\System\iiUTqZt.exe
  2⤵
  PID:3844
- C:\Windows\System\qsupLAR.exe
  C:\Windows\System\qsupLAR.exe
  2⤵
  PID:3860
- C:\Windows\System\dydNDWz.exe
  C:\Windows\System\dydNDWz.exe
  2⤵
  PID:3876
- C:\Windows\System\yJfAOBU.exe
  C:\Windows\System\yJfAOBU.exe
  2⤵
  PID:3896
- C:\Windows\System\ecpsmfB.exe
  C:\Windows\System\ecpsmfB.exe
  2⤵
  PID:3912
- C:\Windows\System\yBlCpBa.exe
  C:\Windows\System\yBlCpBa.exe
  2⤵
  PID:3936
- C:\Windows\System\LtWbZEA.exe
  C:\Windows\System\LtWbZEA.exe
  2⤵
  PID:3952
- C:\Windows\System\OLJaPXM.exe
  C:\Windows\System\OLJaPXM.exe
  2⤵
  PID:3968
- C:\Windows\System\qHwwwYV.exe
  C:\Windows\System\qHwwwYV.exe
  2⤵
  PID:3984
- C:\Windows\System\ONanQNs.exe
  C:\Windows\System\ONanQNs.exe
  2⤵
  PID:4012
- C:\Windows\System\PfznFiN.exe
  C:\Windows\System\PfznFiN.exe
  2⤵
  PID:4028
- C:\Windows\System\NtSzrnf.exe
  C:\Windows\System\NtSzrnf.exe
  2⤵
  PID:4044
- C:\Windows\System\SVYcEap.exe
  C:\Windows\System\SVYcEap.exe
  2⤵
  PID:4064
- C:\Windows\System\sepbySj.exe
  C:\Windows\System\sepbySj.exe
  2⤵
  PID:4080
- C:\Windows\System\QYOxYHk.exe
  C:\Windows\System\QYOxYHk.exe
  2⤵
  PID:884
- C:\Windows\System\cniAKgC.exe
  C:\Windows\System\cniAKgC.exe
  2⤵
  PID:1556
- C:\Windows\System\bftYWbZ.exe
  C:\Windows\System\bftYWbZ.exe
  2⤵
  PID:2196
- C:\Windows\System\INEyMoQ.exe
  C:\Windows\System\INEyMoQ.exe
  2⤵
  PID:1532
- C:\Windows\System\EyOyBqP.exe
  C:\Windows\System\EyOyBqP.exe
  2⤵
  PID:2068
- C:\Windows\System\CklaWtG.exe
  C:\Windows\System\CklaWtG.exe
  2⤵
  PID:2864
- C:\Windows\System\bRSDEkV.exe
  C:\Windows\System\bRSDEkV.exe
  2⤵
  PID:2600
- C:\Windows\System\wpVeXnk.exe
  C:\Windows\System\wpVeXnk.exe
  2⤵
  PID:3088
- C:\Windows\System\JrugVaz.exe
  C:\Windows\System\JrugVaz.exe
  2⤵
  PID:3124
- C:\Windows\System\tpWFXWB.exe
  C:\Windows\System\tpWFXWB.exe
  2⤵
  PID:3164
- C:\Windows\System\pcmUMGU.exe
  C:\Windows\System\pcmUMGU.exe
  2⤵
  PID:3204
- C:\Windows\System\SFxrZmj.exe
  C:\Windows\System\SFxrZmj.exe
  2⤵
  PID:2784
- C:\Windows\System\pJbGmWM.exe
  C:\Windows\System\pJbGmWM.exe
  2⤵
  PID:2260
- C:\Windows\System\MQbZkzz.exe
  C:\Windows\System\MQbZkzz.exe
  2⤵
  PID:2920
- C:\Windows\System\rzpCQlz.exe
  C:\Windows\System\rzpCQlz.exe
  2⤵
  PID:2964
- C:\Windows\System\TuIfwaN.exe
  C:\Windows\System\TuIfwaN.exe
  2⤵
  PID:1576
- C:\Windows\System\cEnFPYq.exe
  C:\Windows\System\cEnFPYq.exe
  2⤵
  PID:2148
- C:\Windows\System\FPUpwAE.exe
  C:\Windows\System\FPUpwAE.exe
  2⤵
  PID:2944
- C:\Windows\System\CiUkQip.exe
  C:\Windows\System\CiUkQip.exe
  2⤵
  PID:2740
- C:\Windows\System\QwQxdEz.exe
  C:\Windows\System\QwQxdEz.exe
  2⤵
  PID:800
- C:\Windows\System\ATpVlGb.exe
  C:\Windows\System\ATpVlGb.exe
  2⤵
  PID:1976
- C:\Windows\System\SzaTuWY.exe
  C:\Windows\System\SzaTuWY.exe
  2⤵
  PID:1744
- C:\Windows\System\AXRykfT.exe
  C:\Windows\System\AXRykfT.exe
  2⤵
  PID:776
- C:\Windows\System\PYZYQcC.exe
  C:\Windows\System\PYZYQcC.exe
  2⤵
  PID:2096
- C:\Windows\System\RIzcfcN.exe
  C:\Windows\System\RIzcfcN.exe
  2⤵
  PID:3344
- C:\Windows\System\vwDlBfZ.exe
  C:\Windows\System\vwDlBfZ.exe
  2⤵
  PID:1124
- C:\Windows\System\hBfTotz.exe
  C:\Windows\System\hBfTotz.exe
  2⤵
  PID:3400
- C:\Windows\System\oaKlgaC.exe
  C:\Windows\System\oaKlgaC.exe
  2⤵
  PID:2288
- C:\Windows\System\ebJdtSF.exe
  C:\Windows\System\ebJdtSF.exe
  2⤵
  PID:3460
- C:\Windows\System\ZXDNdMA.exe
  C:\Windows\System\ZXDNdMA.exe
  2⤵
  PID:3432
- C:\Windows\System\catOaEZ.exe
  C:\Windows\System\catOaEZ.exe
  2⤵
  PID:3500
- C:\Windows\System\cevoNuE.exe
  C:\Windows\System\cevoNuE.exe
  2⤵
  PID:3548
- C:\Windows\System\nLwLqPA.exe
  C:\Windows\System\nLwLqPA.exe
  2⤵
  PID:1120
- C:\Windows\System\VLzmhTf.exe
  C:\Windows\System\VLzmhTf.exe
  2⤵
  PID:3744
- C:\Windows\System\ZiswmTC.exe
  C:\Windows\System\ZiswmTC.exe
  2⤵
  PID:3764
- C:\Windows\System\SwiBTqF.exe
  C:\Windows\System\SwiBTqF.exe
  2⤵
  PID:3800
- C:\Windows\System\xrmtudB.exe
  C:\Windows\System\xrmtudB.exe
  2⤵
  PID:3832
- C:\Windows\System\dcRexdN.exe
  C:\Windows\System\dcRexdN.exe
  2⤵
  PID:3868
- C:\Windows\System\ZtzzSMq.exe
  C:\Windows\System\ZtzzSMq.exe
  2⤵
  PID:3908
- C:\Windows\System\FeuZtYY.exe
  C:\Windows\System\FeuZtYY.exe
  2⤵
  PID:3724
- C:\Windows\System\vQWUvHS.exe
  C:\Windows\System\vQWUvHS.exe
  2⤵
  PID:3856
- C:\Windows\System\GaVBKJh.exe
  C:\Windows\System\GaVBKJh.exe
  2⤵
  PID:4052
- C:\Windows\System\CeELBjj.exe
  C:\Windows\System\CeELBjj.exe
  2⤵
  PID:2264
- C:\Windows\System\PVEVMxi.exe
  C:\Windows\System\PVEVMxi.exe
  2⤵
  PID:4088
- C:\Windows\System\aJYHgme.exe
  C:\Windows\System\aJYHgme.exe
  2⤵
  PID:2836
- C:\Windows\System\cFmonhU.exe
  C:\Windows\System\cFmonhU.exe
  2⤵
  PID:3920
- C:\Windows\System\MAoZBnw.exe
  C:\Windows\System\MAoZBnw.exe
  2⤵
  PID:1588
- C:\Windows\System\vnzjnBK.exe
  C:\Windows\System\vnzjnBK.exe
  2⤵
  PID:3964
- C:\Windows\System\OjpwNTc.exe
  C:\Windows\System\OjpwNTc.exe
  2⤵
  PID:4040
- C:\Windows\System\mQlBYvL.exe
  C:\Windows\System\mQlBYvL.exe
  2⤵
  PID:2092
- C:\Windows\System\ozmhpjy.exe
  C:\Windows\System\ozmhpjy.exe
  2⤵
  PID:756
- C:\Windows\System\THEdLVY.exe
  C:\Windows\System\THEdLVY.exe
  2⤵
  PID:2596
- C:\Windows\System\dknMydQ.exe
  C:\Windows\System\dknMydQ.exe
  2⤵
  PID:1912
- C:\Windows\System\EVaTcOp.exe
  C:\Windows\System\EVaTcOp.exe
  2⤵
  PID:2824
- C:\Windows\System\iTBbafd.exe
  C:\Windows\System\iTBbafd.exe
  2⤵
  PID:1100
- C:\Windows\System\RYzaHsy.exe
  C:\Windows\System\RYzaHsy.exe
  2⤵
  PID:1312
- C:\Windows\System\vIvvVjT.exe
  C:\Windows\System\vIvvVjT.exe
  2⤵
  PID:2328
- C:\Windows\System\pbVxVAm.exe
  C:\Windows\System\pbVxVAm.exe
  2⤵
  PID:2724
- C:\Windows\System\aaTxBcC.exe
  C:\Windows\System\aaTxBcC.exe
  2⤵
  PID:3160
- C:\Windows\System\abUkfMf.exe
  C:\Windows\System\abUkfMf.exe
  2⤵
  PID:1660
- C:\Windows\System\BZxeqbS.exe
  C:\Windows\System\BZxeqbS.exe
  2⤵
  PID:692
- C:\Windows\System\VRYwkdk.exe
  C:\Windows\System\VRYwkdk.exe
  2⤵
  PID:2200
- C:\Windows\System\urGmYog.exe
  C:\Windows\System\urGmYog.exe
  2⤵
  PID:3244
- C:\Windows\System\NBImVCi.exe
  C:\Windows\System\NBImVCi.exe
  2⤵
  PID:2816
- C:\Windows\System\eESJuSo.exe
  C:\Windows\System\eESJuSo.exe
  2⤵
  PID:2708
- C:\Windows\System\ypIjcpo.exe
  C:\Windows\System\ypIjcpo.exe
  2⤵
  PID:2508
- C:\Windows\System\XwbQTsD.exe
  C:\Windows\System\XwbQTsD.exe
  2⤵
  PID:3412
- C:\Windows\System\MLUDzfV.exe
  C:\Windows\System\MLUDzfV.exe
  2⤵
  PID:3504
- C:\Windows\System\TGakMJY.exe
  C:\Windows\System\TGakMJY.exe
  2⤵
  PID:3740
- C:\Windows\System\MOEJxVP.exe
  C:\Windows\System\MOEJxVP.exe
  2⤵
  PID:3528
- C:\Windows\System\voRJYup.exe
  C:\Windows\System\voRJYup.exe
  2⤵
  PID:1708
- C:\Windows\System\QLgLRIB.exe
  C:\Windows\System\QLgLRIB.exe
  2⤵
  PID:2368
- C:\Windows\System\Xcjkilu.exe
  C:\Windows\System\Xcjkilu.exe
  2⤵
  PID:3520
- C:\Windows\System\szDwDvY.exe
  C:\Windows\System\szDwDvY.exe
  2⤵
  PID:3620
- C:\Windows\System\iCxqOkm.exe
  C:\Windows\System\iCxqOkm.exe
  2⤵
  PID:2064
- C:\Windows\System\RWTLBjl.exe
  C:\Windows\System\RWTLBjl.exe
  2⤵
  PID:3568
- C:\Windows\System\vuiWPhh.exe
  C:\Windows\System\vuiWPhh.exe
  2⤵
  PID:3976
- C:\Windows\System\fePexaX.exe
  C:\Windows\System\fePexaX.exe
  2⤵
  PID:3760
- C:\Windows\System\bRhlglq.exe
  C:\Windows\System\bRhlglq.exe
  2⤵
  PID:3932
- C:\Windows\System\dlMflwi.exe
  C:\Windows\System\dlMflwi.exe
  2⤵
  PID:4060
- C:\Windows\System\DJAdvcg.exe
  C:\Windows\System\DJAdvcg.exe
  2⤵
  PID:3928
- C:\Windows\System\jxZvPsd.exe
  C:\Windows\System\jxZvPsd.exe
  2⤵
  PID:3812
- C:\Windows\System\pJithAm.exe
  C:\Windows\System\pJithAm.exe
  2⤵
  PID:1584
- C:\Windows\System\UggtKze.exe
  C:\Windows\System\UggtKze.exe
  2⤵
  PID:2440
- C:\Windows\System\pHSldDs.exe
  C:\Windows\System\pHSldDs.exe
  2⤵
  PID:2152
- C:\Windows\System\nOTCspH.exe
  C:\Windows\System\nOTCspH.exe
  2⤵
  PID:4024
- C:\Windows\System\iVmUPOw.exe
  C:\Windows\System\iVmUPOw.exe
  2⤵
  PID:1060
- C:\Windows\System\OCdUKQh.exe
  C:\Windows\System\OCdUKQh.exe
  2⤵
  PID:1624
- C:\Windows\System\lECmUVr.exe
  C:\Windows\System\lECmUVr.exe
  2⤵
  PID:3392
- C:\Windows\System\ttFloae.exe
  C:\Windows\System\ttFloae.exe
  2⤵
  PID:2628
- C:\Windows\System\gwsdBKP.exe
  C:\Windows\System\gwsdBKP.exe
  2⤵
  PID:2424
- C:\Windows\System\OestmYq.exe
  C:\Windows\System\OestmYq.exe
  2⤵
  PID:1200
- C:\Windows\System\jRxouMB.exe
  C:\Windows\System\jRxouMB.exe
  2⤵
  PID:3424
- C:\Windows\System\ypILDwB.exe
  C:\Windows\System\ypILDwB.exe
  2⤵
  PID:2648
- C:\Windows\System\IFJdDXw.exe
  C:\Windows\System\IFJdDXw.exe
  2⤵
  PID:3584
- C:\Windows\System\dbJUBUY.exe
  C:\Windows\System\dbJUBUY.exe
  2⤵
  PID:1868
- C:\Windows\System\GpwmXBx.exe
  C:\Windows\System\GpwmXBx.exe
  2⤵
  PID:1828
- C:\Windows\System\hYBAOgK.exe
  C:\Windows\System\hYBAOgK.exe
  2⤵
  PID:3684
- C:\Windows\System\BxyOhmh.exe
  C:\Windows\System\BxyOhmh.exe
  2⤵
  PID:3884
- C:\Windows\System\NrBXreW.exe
  C:\Windows\System\NrBXreW.exe
  2⤵
  PID:3720
- C:\Windows\System\uxehraP.exe
  C:\Windows\System\uxehraP.exe
  2⤵
  PID:2868
- C:\Windows\System\quelkhY.exe
  C:\Windows\System\quelkhY.exe
  2⤵
  PID:3660
- C:\Windows\System\rbCAZxi.exe
  C:\Windows\System\rbCAZxi.exe
  2⤵
  PID:2744
- C:\Windows\System\IvuHLKj.exe
  C:\Windows\System\IvuHLKj.exe
  2⤵
  PID:4008
- C:\Windows\System\wFitxwd.exe
  C:\Windows\System\wFitxwd.exe
  2⤵
  PID:2788
- C:\Windows\System\SRslHEH.exe
  C:\Windows\System\SRslHEH.exe
  2⤵
  PID:4000
- C:\Windows\System\xngZbBv.exe
  C:\Windows\System\xngZbBv.exe
  2⤵
  PID:3200
- C:\Windows\System\kJWwLid.exe
  C:\Windows\System\kJWwLid.exe
  2⤵
  PID:2580
- C:\Windows\System\HyEfdZt.exe
  C:\Windows\System\HyEfdZt.exe
  2⤵
  PID:2340
- C:\Windows\System\kAqKmGt.exe
  C:\Windows\System\kAqKmGt.exe
  2⤵
  PID:876
- C:\Windows\System\fnvaOUa.exe
  C:\Windows\System\fnvaOUa.exe
  2⤵
  PID:3544
- C:\Windows\System\BAymFmD.exe
  C:\Windows\System\BAymFmD.exe
  2⤵
  PID:3484
- C:\Windows\System\vfSUIzz.exe
  C:\Windows\System\vfSUIzz.exe
  2⤵
  PID:3656
- C:\Windows\System\SZTiunm.exe
  C:\Windows\System\SZTiunm.exe
  2⤵
  PID:4056
- C:\Windows\System\sbXXkLs.exe
  C:\Windows\System\sbXXkLs.exe
  2⤵
  PID:3664
- C:\Windows\System\fviDARe.exe
  C:\Windows\System\fviDARe.exe
  2⤵
  PID:2808
- C:\Windows\System\vWPCkEX.exe
  C:\Windows\System\vWPCkEX.exe
  2⤵
  PID:2736
- C:\Windows\System\zsMeGOu.exe
  C:\Windows\System\zsMeGOu.exe
  2⤵
  PID:2192
- C:\Windows\System\CUulERk.exe
  C:\Windows\System\CUulERk.exe
  2⤵
  PID:960
- C:\Windows\System\eGtzJFH.exe
  C:\Windows\System\eGtzJFH.exe
  2⤵
  PID:3368
- C:\Windows\System\fMUanqw.exe
  C:\Windows\System\fMUanqw.exe
  2⤵
  PID:1940
- C:\Windows\System\vZDqtVv.exe
  C:\Windows\System\vZDqtVv.exe
  2⤵
  PID:3816
- C:\Windows\System\DRxnaxc.exe
  C:\Windows\System\DRxnaxc.exe
  2⤵
  PID:3996
- C:\Windows\System\FNbjceL.exe
  C:\Windows\System\FNbjceL.exe
  2⤵
  PID:3440
- C:\Windows\System\UrjhWCn.exe
  C:\Windows\System\UrjhWCn.exe
  2⤵
  PID:3948
- C:\Windows\System\XNMYcgC.exe
  C:\Windows\System\XNMYcgC.exe
  2⤵
  PID:3596
- C:\Windows\System\CLUGahH.exe
  C:\Windows\System\CLUGahH.exe
  2⤵
  PID:4020
- C:\Windows\System\rEaMfbu.exe
  C:\Windows\System\rEaMfbu.exe
  2⤵
  PID:3752
- C:\Windows\System\zEzrNEn.exe
  C:\Windows\System\zEzrNEn.exe
  2⤵
  PID:2884
- C:\Windows\System\AcPsACo.exe
  C:\Windows\System\AcPsACo.exe
  2⤵
  PID:3640
- C:\Windows\System\AQwpvKS.exe
  C:\Windows\System\AQwpvKS.exe
  2⤵
  PID:3600
- C:\Windows\System\PPYWoVa.exe
  C:\Windows\System\PPYWoVa.exe
  2⤵
  PID:1040
- C:\Windows\System\pCJvydF.exe
  C:\Windows\System\pCJvydF.exe
  2⤵
  PID:3676
- C:\Windows\System\UUOtYJQ.exe
  C:\Windows\System\UUOtYJQ.exe
  2⤵
  PID:3352
- C:\Windows\System\aRRYGDH.exe
  C:\Windows\System\aRRYGDH.exe
  2⤵
  PID:4112
- C:\Windows\System\RfJggKK.exe
  C:\Windows\System\RfJggKK.exe
  2⤵
  PID:4128
- C:\Windows\System\HZhahIt.exe
  C:\Windows\System\HZhahIt.exe
  2⤵
  PID:4144
- C:\Windows\System\DWYgwwd.exe
  C:\Windows\System\DWYgwwd.exe
  2⤵
  PID:4160
- C:\Windows\System\EHvZEuD.exe
  C:\Windows\System\EHvZEuD.exe
  2⤵
  PID:4180
- C:\Windows\System\cZphGcu.exe
  C:\Windows\System\cZphGcu.exe
  2⤵
  PID:4196
- C:\Windows\System\PePeZEn.exe
  C:\Windows\System\PePeZEn.exe
  2⤵
  PID:4212
- C:\Windows\System\YjSuCFY.exe
  C:\Windows\System\YjSuCFY.exe
  2⤵
  PID:4228
- C:\Windows\System\hjyueAP.exe
  C:\Windows\System\hjyueAP.exe
  2⤵
  PID:4244
- C:\Windows\System\QcLcNHr.exe
  C:\Windows\System\QcLcNHr.exe
  2⤵
  PID:4260
- C:\Windows\System\qkSQQTs.exe
  C:\Windows\System\qkSQQTs.exe
  2⤵
  PID:4276
- C:\Windows\System\ZMPCvAF.exe
  C:\Windows\System\ZMPCvAF.exe
  2⤵
  PID:4292
- C:\Windows\System\unVpBmk.exe
  C:\Windows\System\unVpBmk.exe
  2⤵
  PID:4308
- C:\Windows\System\IstoAgT.exe
  C:\Windows\System\IstoAgT.exe
  2⤵
  PID:4324
- C:\Windows\System\oGSCKJn.exe
  C:\Windows\System\oGSCKJn.exe
  2⤵
  PID:4340
- C:\Windows\System\VFuRewO.exe
  C:\Windows\System\VFuRewO.exe
  2⤵
  PID:4356
- C:\Windows\System\bAXJvYM.exe
  C:\Windows\System\bAXJvYM.exe
  2⤵
  PID:4372
- C:\Windows\System\lvXNjdh.exe
  C:\Windows\System\lvXNjdh.exe
  2⤵
  PID:4388
- C:\Windows\System\wQmRulQ.exe
  C:\Windows\System\wQmRulQ.exe
  2⤵
  PID:4404
- C:\Windows\System\jbVvRcq.exe
  C:\Windows\System\jbVvRcq.exe
  2⤵
  PID:4420
- C:\Windows\System\cGbrZjD.exe
  C:\Windows\System\cGbrZjD.exe
  2⤵
  PID:4436
- C:\Windows\System\fXMDySw.exe
  C:\Windows\System\fXMDySw.exe
  2⤵
  PID:4452
- C:\Windows\System\tGUvaId.exe
  C:\Windows\System\tGUvaId.exe
  2⤵
  PID:4468
- C:\Windows\System\IeriuNL.exe
  C:\Windows\System\IeriuNL.exe
  2⤵
  PID:4484
- C:\Windows\System\sZOxOGi.exe
  C:\Windows\System\sZOxOGi.exe
  2⤵
  PID:4500
- C:\Windows\System\QADZyng.exe
  C:\Windows\System\QADZyng.exe
  2⤵
  PID:4516
- C:\Windows\System\NstDgLl.exe
  C:\Windows\System\NstDgLl.exe
  2⤵
  PID:4532
- C:\Windows\System\JFMAkkT.exe
  C:\Windows\System\JFMAkkT.exe
  2⤵
  PID:4548
- C:\Windows\System\faKMrbk.exe
  C:\Windows\System\faKMrbk.exe
  2⤵
  PID:4564
- C:\Windows\System\oTPndie.exe
  C:\Windows\System\oTPndie.exe
  2⤵
  PID:4580
- C:\Windows\System\UiExHds.exe
  C:\Windows\System\UiExHds.exe
  2⤵
  PID:4596
- C:\Windows\System\trQBjSo.exe
  C:\Windows\System\trQBjSo.exe
  2⤵
  PID:4612
- C:\Windows\System\luaXaKK.exe
  C:\Windows\System\luaXaKK.exe
  2⤵
  PID:4628
- C:\Windows\System\sPcAiwC.exe
  C:\Windows\System\sPcAiwC.exe
  2⤵
  PID:4644
- C:\Windows\System\BjuslQi.exe
  C:\Windows\System\BjuslQi.exe
  2⤵
  PID:4660
- C:\Windows\System\tUbqNWH.exe
  C:\Windows\System\tUbqNWH.exe
  2⤵
  PID:4676
- C:\Windows\System\ysDwoEH.exe
  C:\Windows\System\ysDwoEH.exe
  2⤵
  PID:4696
- C:\Windows\System\pCUpTiL.exe
  C:\Windows\System\pCUpTiL.exe
  2⤵
  PID:4712
- C:\Windows\System\ViKvSed.exe
  C:\Windows\System\ViKvSed.exe
  2⤵
  PID:4728
- C:\Windows\System\OHYtYXy.exe
  C:\Windows\System\OHYtYXy.exe
  2⤵
  PID:4744
- C:\Windows\System\eWiEMsu.exe
  C:\Windows\System\eWiEMsu.exe
  2⤵
  PID:4760
- C:\Windows\System\JogJUkt.exe
  C:\Windows\System\JogJUkt.exe
  2⤵
  PID:4776
- C:\Windows\System\IUwWQRw.exe
  C:\Windows\System\IUwWQRw.exe
  2⤵
  PID:4792
- C:\Windows\System\OWNYtab.exe
  C:\Windows\System\OWNYtab.exe
  2⤵
  PID:4808
- C:\Windows\System\OLKCyIT.exe
  C:\Windows\System\OLKCyIT.exe
  2⤵
  PID:4824
- C:\Windows\System\zYpmLoS.exe
  C:\Windows\System\zYpmLoS.exe
  2⤵
  PID:4840
- C:\Windows\System\rXOQupi.exe
  C:\Windows\System\rXOQupi.exe
  2⤵
  PID:4856
- C:\Windows\System\USlBjeM.exe
  C:\Windows\System\USlBjeM.exe
  2⤵
  PID:4124
- C:\Windows\System\RFQcrjN.exe
  C:\Windows\System\RFQcrjN.exe
  2⤵
  PID:4188
- C:\Windows\System\wTJDOaB.exe
  C:\Windows\System\wTJDOaB.exe
  2⤵
  PID:4136
- C:\Windows\System\qpTXiEI.exe
  C:\Windows\System\qpTXiEI.exe
  2⤵
  PID:4192
- C:\Windows\System\BwUlXRr.exe
  C:\Windows\System\BwUlXRr.exe
  2⤵
  PID:4204
- C:\Windows\System\LqGorQq.exe
  C:\Windows\System\LqGorQq.exe
  2⤵
  PID:4256
- C:\Windows\System\sxfNufr.exe
  C:\Windows\System\sxfNufr.exe
  2⤵
  PID:4320
- C:\Windows\System\hTHMuiJ.exe
  C:\Windows\System\hTHMuiJ.exe
  2⤵
  PID:4300
- C:\Windows\System\KLitQkA.exe
  C:\Windows\System\KLitQkA.exe
  2⤵
  PID:3184
- C:\Windows\System\WYXgWxU.exe
  C:\Windows\System\WYXgWxU.exe
  2⤵
  PID:4540
- C:\Windows\System\SCDDlFm.exe
  C:\Windows\System\SCDDlFm.exe
  2⤵
  PID:4576
- C:\Windows\System\DRwrhiA.exe
  C:\Windows\System\DRwrhiA.exe
  2⤵
  PID:4460
- C:\Windows\System\SDqrOyL.exe
  C:\Windows\System\SDqrOyL.exe
  2⤵
  PID:4464
- C:\Windows\System\rbYhzRm.exe
  C:\Windows\System\rbYhzRm.exe
  2⤵
  PID:4560
- C:\Windows\System\pnNnXel.exe
  C:\Windows\System\pnNnXel.exe
  2⤵
  PID:4592
- C:\Windows\System\cQvxNGf.exe
  C:\Windows\System\cQvxNGf.exe
  2⤵
  PID:4720
- C:\Windows\System\hBahqae.exe
  C:\Windows\System\hBahqae.exe
  2⤵
  PID:4708
- C:\Windows\System\ynmaabH.exe
  C:\Windows\System\ynmaabH.exe
  2⤵
  PID:4752
- C:\Windows\System\cHsedQU.exe
  C:\Windows\System\cHsedQU.exe
  2⤵
  PID:4804
- C:\Windows\System\Avnaiht.exe
  C:\Windows\System\Avnaiht.exe
  2⤵
  PID:4848
- C:\Windows\System\SKGqbnp.exe
  C:\Windows\System\SKGqbnp.exe
  2⤵
  PID:4876
- C:\Windows\System\QLrHZSu.exe
  C:\Windows\System\QLrHZSu.exe
  2⤵
  PID:4896
- C:\Windows\System\zZgJJUp.exe
  C:\Windows\System\zZgJJUp.exe
  2⤵
  PID:4908
- C:\Windows\System\hZvGBlF.exe
  C:\Windows\System\hZvGBlF.exe
  2⤵
  PID:4924
- C:\Windows\System\TMTvudp.exe
  C:\Windows\System\TMTvudp.exe
  2⤵
  PID:4940
- C:\Windows\System\ALPuRaj.exe
  C:\Windows\System\ALPuRaj.exe
  2⤵
  PID:4956
- C:\Windows\System\hqgxZjA.exe
  C:\Windows\System\hqgxZjA.exe
  2⤵
  PID:4972
- C:\Windows\System\FYclDxP.exe
  C:\Windows\System\FYclDxP.exe
  2⤵
  PID:5000
- C:\Windows\System\eYxwJSE.exe
  C:\Windows\System\eYxwJSE.exe
  2⤵
  PID:5012
- C:\Windows\System\wwQuNyz.exe
  C:\Windows\System\wwQuNyz.exe
  2⤵
  PID:4692
- C:\Windows\System\ImSxgVD.exe
  C:\Windows\System\ImSxgVD.exe
  2⤵
  PID:5048
- C:\Windows\System\EJIWuVu.exe
  C:\Windows\System\EJIWuVu.exe
  2⤵
  PID:5068
- C:\Windows\System\cekQPxv.exe
  C:\Windows\System\cekQPxv.exe
  2⤵
  PID:5088
- C:\Windows\System\UIELRhK.exe
  C:\Windows\System\UIELRhK.exe
  2⤵
  PID:5100
- C:\Windows\System\rgRtMzN.exe
  C:\Windows\System\rgRtMzN.exe
  2⤵
  PID:976
- C:\Windows\System\wOODTBI.exe
  C:\Windows\System\wOODTBI.exe
  2⤵
  PID:4172
- C:\Windows\System\NXhHfud.exe
  C:\Windows\System\NXhHfud.exe
  2⤵
  PID:4304
- C:\Windows\System\mbFQSWH.exe
  C:\Windows\System\mbFQSWH.exe
  2⤵
  PID:4364
- C:\Windows\System\UpcMPCx.exe
  C:\Windows\System\UpcMPCx.exe
  2⤵
  PID:4444
- C:\Windows\System\dSJymMt.exe
  C:\Windows\System\dSJymMt.exe
  2⤵
  PID:4412
- C:\Windows\System\sjlJEAZ.exe
  C:\Windows\System\sjlJEAZ.exe
  2⤵
  PID:4636
- C:\Windows\System\PfocLHO.exe
  C:\Windows\System\PfocLHO.exe
  2⤵
  PID:4432
- C:\Windows\System\oLiKyQV.exe
  C:\Windows\System\oLiKyQV.exe
  2⤵
  PID:4528
- C:\Windows\System\zQDHAcQ.exe
  C:\Windows\System\zQDHAcQ.exe
  2⤵
  PID:4656
- C:\Windows\System\QPwuhLL.exe
  C:\Windows\System\QPwuhLL.exe
  2⤵
  PID:4772
- C:\Windows\System\TvZjRZo.exe
  C:\Windows\System\TvZjRZo.exe
  2⤵
  PID:4904
- C:\Windows\System\WYLSIhk.exe
  C:\Windows\System\WYLSIhk.exe
  2⤵
  PID:4968
- C:\Windows\System\YqRqzQb.exe
  C:\Windows\System\YqRqzQb.exe
  2⤵
  PID:5112
- C:\Windows\System\tsCpZMs.exe
  C:\Windows\System\tsCpZMs.exe
  2⤵
  PID:5080
- C:\Windows\System\eGXIpKs.exe
  C:\Windows\System\eGXIpKs.exe
  2⤵
  PID:2000
- C:\Windows\System\aWZyPTy.exe
  C:\Windows\System\aWZyPTy.exe
  2⤵
  PID:4916
- C:\Windows\System\pGaRyHi.exe
  C:\Windows\System\pGaRyHi.exe
  2⤵
  PID:3208
- C:\Windows\System\fZsCJfH.exe
  C:\Windows\System\fZsCJfH.exe
  2⤵
  PID:4396
- C:\Windows\System\xMZraEU.exe
  C:\Windows\System\xMZraEU.exe
  2⤵
  PID:5024
- C:\Windows\System\uhjkJZP.exe
  C:\Windows\System\uhjkJZP.exe
  2⤵
  PID:5060
- C:\Windows\System\twTPjPK.exe
  C:\Windows\System\twTPjPK.exe
  2⤵
  PID:4168
- C:\Windows\System\KhsAeGr.exe
  C:\Windows\System\KhsAeGr.exe
  2⤵
  PID:4156
- C:\Windows\System\krlsUgB.exe
  C:\Windows\System\krlsUgB.exe
  2⤵
  PID:4496
- C:\Windows\System\LItsOPj.exe
  C:\Windows\System\LItsOPj.exe
  2⤵
  PID:5044
- C:\Windows\System\pzyVazV.exe
  C:\Windows\System\pzyVazV.exe
  2⤵
  PID:4620
- C:\Windows\System\JZTZtwv.exe
  C:\Windows\System\JZTZtwv.exe
  2⤵
  PID:4724
- C:\Windows\System\YhrcAuy.exe
  C:\Windows\System\YhrcAuy.exe
  2⤵
  PID:4900
- C:\Windows\System\OqUowjt.exe
  C:\Windows\System\OqUowjt.exe
  2⤵
  PID:5004
- C:\Windows\System\UbsnsXB.exe
  C:\Windows\System\UbsnsXB.exe
  2⤵
  PID:4240
- C:\Windows\System\SDQYMLe.exe
  C:\Windows\System\SDQYMLe.exe
  2⤵
  PID:4980
- C:\Windows\System\oACBQjo.exe
  C:\Windows\System\oACBQjo.exe
  2⤵
  PID:3444
- C:\Windows\System\ofDcuVL.exe
  C:\Windows\System\ofDcuVL.exe
  2⤵
  PID:4624
- C:\Windows\System\lvGirRL.exe
  C:\Windows\System\lvGirRL.exe
  2⤵
  PID:5040
- C:\Windows\System\PMDGqjl.exe
  C:\Windows\System\PMDGqjl.exe
  2⤵
  PID:4964
- C:\Windows\System\kvhmrDp.exe
  C:\Windows\System\kvhmrDp.exe
  2⤵
  PID:4952
- C:\Windows\System\rRTMXbB.exe
  C:\Windows\System\rRTMXbB.exe
  2⤵
  PID:4448
- C:\Windows\System\kDGwFDM.exe
  C:\Windows\System\kDGwFDM.exe
  2⤵
  PID:4476
- C:\Windows\System\bJzawtT.exe
  C:\Windows\System\bJzawtT.exe
  2⤵
  PID:5124
- C:\Windows\System\hqPQAYU.exe
  C:\Windows\System\hqPQAYU.exe
  2⤵
  PID:5144
- C:\Windows\System\bviOHoE.exe
  C:\Windows\System\bviOHoE.exe
  2⤵
  PID:5160
- C:\Windows\System\kEKWMuA.exe
  C:\Windows\System\kEKWMuA.exe
  2⤵
  PID:5176
- C:\Windows\System\fsKExlF.exe
  C:\Windows\System\fsKExlF.exe
  2⤵
  PID:5196
- C:\Windows\System\fSWuLCa.exe
  C:\Windows\System\fSWuLCa.exe
  2⤵
  PID:5236
- C:\Windows\System\sBnvnOX.exe
  C:\Windows\System\sBnvnOX.exe
  2⤵
  PID:5256
- C:\Windows\System\sejougG.exe
  C:\Windows\System\sejougG.exe
  2⤵
  PID:5272
- C:\Windows\System\cNZKkBV.exe
  C:\Windows\System\cNZKkBV.exe
  2⤵
  PID:5288
- C:\Windows\System\BlnKTGT.exe
  C:\Windows\System\BlnKTGT.exe
  2⤵
  PID:5304
- C:\Windows\System\dJGIDAS.exe
  C:\Windows\System\dJGIDAS.exe
  2⤵
  PID:5332
- C:\Windows\System\QHqhoaZ.exe
  C:\Windows\System\QHqhoaZ.exe
  2⤵
  PID:5348
- C:\Windows\System\tgJPUWo.exe
  C:\Windows\System\tgJPUWo.exe
  2⤵
  PID:5364
- C:\Windows\System\NzGKuDl.exe
  C:\Windows\System\NzGKuDl.exe
  2⤵
  PID:5380
- C:\Windows\System\GCLPKCD.exe
  C:\Windows\System\GCLPKCD.exe
  2⤵
  PID:5396
- C:\Windows\System\QQVOuoc.exe
  C:\Windows\System\QQVOuoc.exe
  2⤵
  PID:5412
- C:\Windows\System\zPHYZLP.exe
  C:\Windows\System\zPHYZLP.exe
  2⤵
  PID:5428
- C:\Windows\System\SJxPqDN.exe
  C:\Windows\System\SJxPqDN.exe
  2⤵
  PID:5444
- C:\Windows\System\oTIuVVf.exe
  C:\Windows\System\oTIuVVf.exe
  2⤵
  PID:5460
- C:\Windows\System\bVDoYCB.exe
  C:\Windows\System\bVDoYCB.exe
  2⤵
  PID:5476
- C:\Windows\System\ftYThUx.exe
  C:\Windows\System\ftYThUx.exe
  2⤵
  PID:5492
- C:\Windows\System\McdmZCL.exe
  C:\Windows\System\McdmZCL.exe
  2⤵
  PID:5508
- C:\Windows\System\TNMcWhV.exe
  C:\Windows\System\TNMcWhV.exe
  2⤵
  PID:5524
- C:\Windows\System\uqVjqpe.exe
  C:\Windows\System\uqVjqpe.exe
  2⤵
  PID:5540
- C:\Windows\System\VnkXYrv.exe
  C:\Windows\System\VnkXYrv.exe
  2⤵
  PID:5556
- C:\Windows\System\hlHoRBr.exe
  C:\Windows\System\hlHoRBr.exe
  2⤵
  PID:5572
- C:\Windows\System\GLhmYrZ.exe
  C:\Windows\System\GLhmYrZ.exe
  2⤵
  PID:5588
- C:\Windows\System\TlMDYvS.exe
  C:\Windows\System\TlMDYvS.exe
  2⤵
  PID:5604
- C:\Windows\System\WTCVvKe.exe
  C:\Windows\System\WTCVvKe.exe
  2⤵
  PID:5620
- C:\Windows\System\uDhqFqB.exe
  C:\Windows\System\uDhqFqB.exe
  2⤵
  PID:5636
- C:\Windows\System\AFxqeyU.exe
  C:\Windows\System\AFxqeyU.exe
  2⤵
  PID:5652
- C:\Windows\System\SlZRdpm.exe
  C:\Windows\System\SlZRdpm.exe
  2⤵
  PID:5668
- C:\Windows\System\SKKIdst.exe
  C:\Windows\System\SKKIdst.exe
  2⤵
  PID:5684
- C:\Windows\System\TdOFFcR.exe
  C:\Windows\System\TdOFFcR.exe
  2⤵
  PID:5700
- C:\Windows\System\qGFDlua.exe
  C:\Windows\System\qGFDlua.exe
  2⤵
  PID:5716
- C:\Windows\System\plhoNcN.exe
  C:\Windows\System\plhoNcN.exe
  2⤵
  PID:5732
- C:\Windows\System\jzsOnui.exe
  C:\Windows\System\jzsOnui.exe
  2⤵
  PID:5748
- C:\Windows\System\kzvmCUR.exe
  C:\Windows\System\kzvmCUR.exe
  2⤵
  PID:5764
- C:\Windows\System\NqTKNSB.exe
  C:\Windows\System\NqTKNSB.exe
  2⤵
  PID:5780
- C:\Windows\System\VFpfDNy.exe
  C:\Windows\System\VFpfDNy.exe
  2⤵
  PID:5796
- C:\Windows\System\ajOmDzZ.exe
  C:\Windows\System\ajOmDzZ.exe
  2⤵
  PID:5812
- C:\Windows\System\iQpHRpo.exe
  C:\Windows\System\iQpHRpo.exe
  2⤵
  PID:5828
- C:\Windows\System\JApwtoX.exe
  C:\Windows\System\JApwtoX.exe
  2⤵
  PID:5844
- C:\Windows\System\dWgRNxF.exe
  C:\Windows\System\dWgRNxF.exe
  2⤵
  PID:5860
- C:\Windows\System\eDJTmnd.exe
  C:\Windows\System\eDJTmnd.exe
  2⤵
  PID:5880
- C:\Windows\System\dPlyOWp.exe
  C:\Windows\System\dPlyOWp.exe
  2⤵
  PID:5896
- C:\Windows\System\mwvRAYn.exe
  C:\Windows\System\mwvRAYn.exe
  2⤵
  PID:5912
- C:\Windows\System\vivTbqj.exe
  C:\Windows\System\vivTbqj.exe
  2⤵
  PID:5928
- C:\Windows\System\naLDLSm.exe
  C:\Windows\System\naLDLSm.exe
  2⤵
  PID:5944
- C:\Windows\System\OZiHimD.exe
  C:\Windows\System\OZiHimD.exe
  2⤵
  PID:5960
- C:\Windows\System\uKgrTCB.exe
  C:\Windows\System\uKgrTCB.exe
  2⤵
  PID:5976
- C:\Windows\System\tmdjdcM.exe
  C:\Windows\System\tmdjdcM.exe
  2⤵
  PID:5992
- C:\Windows\System\kEvrIuW.exe
  C:\Windows\System\kEvrIuW.exe
  2⤵
  PID:6008
- C:\Windows\System\BfkvtSO.exe
  C:\Windows\System\BfkvtSO.exe
  2⤵
  PID:6024
- C:\Windows\System\tOcYSAv.exe
  C:\Windows\System\tOcYSAv.exe
  2⤵
  PID:6040
- C:\Windows\System\bWoummF.exe
  C:\Windows\System\bWoummF.exe
  2⤵
  PID:5228
- C:\Windows\System\OHFwhWK.exe
  C:\Windows\System\OHFwhWK.exe
  2⤵
  PID:5136
- C:\Windows\System\DPEJrDC.exe
  C:\Windows\System\DPEJrDC.exe
  2⤵
  PID:5216
- C:\Windows\System\yeJtmNq.exe
  C:\Windows\System\yeJtmNq.exe
  2⤵
  PID:5284
- C:\Windows\System\caFjOxV.exe
  C:\Windows\System\caFjOxV.exe
  2⤵
  PID:5360
- C:\Windows\System\ElKNXxR.exe
  C:\Windows\System\ElKNXxR.exe
  2⤵
  PID:5264
- C:\Windows\System\GrvYuEl.exe
  C:\Windows\System\GrvYuEl.exe
  2⤵
  PID:5452
- C:\Windows\System\FnkKcSa.exe
  C:\Windows\System\FnkKcSa.exe
  2⤵
  PID:5520
- C:\Windows\System\QVHnBRI.exe
  C:\Windows\System\QVHnBRI.exe
  2⤵
  PID:5376
- C:\Windows\System\hivbPsS.exe
  C:\Windows\System\hivbPsS.exe
  2⤵
  PID:5440
- C:\Windows\System\ElkqvPq.exe
  C:\Windows\System\ElkqvPq.exe
  2⤵
  PID:5548
- C:\Windows\System\CkQdYct.exe
  C:\Windows\System\CkQdYct.exe
  2⤵
  PID:5564
- C:\Windows\System\UowGwmj.exe
  C:\Windows\System\UowGwmj.exe
  2⤵
  PID:5676
- C:\Windows\System\AumLmjx.exe
  C:\Windows\System\AumLmjx.exe
  2⤵
  PID:3260
- C:\Windows\System\dLHGWvj.exe
  C:\Windows\System\dLHGWvj.exe
  2⤵
  PID:5660
- C:\Windows\System\aTRcoOf.exe
  C:\Windows\System\aTRcoOf.exe
  2⤵
  PID:5740
- C:\Windows\System\bvqCQIB.exe
  C:\Windows\System\bvqCQIB.exe
  2⤵
  PID:5776
- C:\Windows\System\wsOCqhs.exe
  C:\Windows\System\wsOCqhs.exe
  2⤵
  PID:5788
- C:\Windows\System\ntdQyJF.exe
  C:\Windows\System\ntdQyJF.exe
  2⤵
  PID:5016
- C:\Windows\System\bXTpgmR.exe
  C:\Windows\System\bXTpgmR.exe
  2⤵
  PID:5936
- C:\Windows\System\XHiVAKT.exe
  C:\Windows\System\XHiVAKT.exe
  2⤵
  PID:5920
- C:\Windows\System\HyEWqAx.exe
  C:\Windows\System\HyEWqAx.exe
  2⤵
  PID:5952
- C:\Windows\System\EiXNeZp.exe
  C:\Windows\System\EiXNeZp.exe
  2⤵
  PID:5956
- C:\Windows\System\AwvXwRD.exe
  C:\Windows\System\AwvXwRD.exe
  2⤵
  PID:6020
- C:\Windows\System\sJiLyvY.exe
  C:\Windows\System\sJiLyvY.exe
  2⤵
  PID:6060
- C:\Windows\System\BWRpZde.exe
  C:\Windows\System\BWRpZde.exe
  2⤵
  PID:6076
- C:\Windows\System\wboPwPS.exe
  C:\Windows\System\wboPwPS.exe
  2⤵
  PID:6096
- C:\Windows\System\YTGXcbG.exe
  C:\Windows\System\YTGXcbG.exe
  2⤵
  PID:6128
- C:\Windows\System\NzqheXZ.exe
  C:\Windows\System\NzqheXZ.exe
  2⤵
  PID:4740
- C:\Windows\System\QDbBCxp.exe
  C:\Windows\System\QDbBCxp.exe
  2⤵
  PID:5084
- C:\Windows\System\JzcvkEP.exe
  C:\Windows\System\JzcvkEP.exe
  2⤵
  PID:5172
- C:\Windows\System\OheBxsu.exe
  C:\Windows\System\OheBxsu.exe
  2⤵
  PID:5192
- C:\Windows\System\uLJfNvC.exe
  C:\Windows\System\uLJfNvC.exe
  2⤵
  PID:4252
- C:\Windows\System\MTLWAOZ.exe
  C:\Windows\System\MTLWAOZ.exe
  2⤵
  PID:2296
- C:\Windows\System\GfWmOEb.exe
  C:\Windows\System\GfWmOEb.exe
  2⤵
  PID:5140
- C:\Windows\System\aqHToXj.exe
  C:\Windows\System\aqHToXj.exe
  2⤵
  PID:5248
- C:\Windows\System\tFZhsFv.exe
  C:\Windows\System\tFZhsFv.exe
  2⤵
  PID:5324
- C:\Windows\System\bprlJeq.exe
  C:\Windows\System\bprlJeq.exe
  2⤵
  PID:5392
- C:\Windows\System\DjlAtwz.exe
  C:\Windows\System\DjlAtwz.exe
  2⤵
  PID:5488
- C:\Windows\System\stWPele.exe
  C:\Windows\System\stWPele.exe
  2⤵
  PID:5580
- C:\Windows\System\RYMhcgs.exe
  C:\Windows\System\RYMhcgs.exe
  2⤵
  PID:5584
- C:\Windows\System\VoVzyJM.exe
  C:\Windows\System\VoVzyJM.exe
  2⤵
  PID:5372
- C:\Windows\System\ptZlhMb.exe
  C:\Windows\System\ptZlhMb.exe
  2⤵
  PID:5696
- C:\Windows\System\agWMpYV.exe
  C:\Windows\System\agWMpYV.exe
  2⤵
  PID:5772
- C:\Windows\System\TgnckHV.exe
  C:\Windows\System\TgnckHV.exe
  2⤵
  PID:3224
- C:\Windows\System\WvAMOgQ.exe
  C:\Windows\System\WvAMOgQ.exe
  2⤵
  PID:5988
- C:\Windows\System\byPYfci.exe
  C:\Windows\System\byPYfci.exe
  2⤵
  PID:6068
- C:\Windows\System\qtvtEHt.exe
  C:\Windows\System\qtvtEHt.exe
  2⤵
  PID:6108
- C:\Windows\System\oITLmfp.exe
  C:\Windows\System\oITLmfp.exe
  2⤵
  PID:6000
- C:\Windows\System\KmRCAfL.exe
  C:\Windows\System\KmRCAfL.exe
  2⤵
  PID:5924
- C:\Windows\System\LWTcfvE.exe
  C:\Windows\System\LWTcfvE.exe
  2⤵
  PID:6084
- C:\Windows\System\yerlNSp.exe
  C:\Windows\System\yerlNSp.exe
  2⤵
  PID:4544
- C:\Windows\System\wPeemjb.exe
  C:\Windows\System\wPeemjb.exe
  2⤵
  PID:5132
- C:\Windows\System\biWXuvl.exe
  C:\Windows\System\biWXuvl.exe
  2⤵
  PID:5296
- C:\Windows\System\emoZnII.exe
  C:\Windows\System\emoZnII.exe
  2⤵
  PID:5516
- C:\Windows\System\OVMEVhI.exe
  C:\Windows\System\OVMEVhI.exe
  2⤵
  PID:5484
- C:\Windows\System\vzJYfKN.exe
  C:\Windows\System\vzJYfKN.exe
  2⤵
  PID:5708
- C:\Windows\System\mbdClMp.exe
  C:\Windows\System\mbdClMp.exe
  2⤵
  PID:5680
- C:\Windows\System\oAfMNcb.exe
  C:\Windows\System\oAfMNcb.exe
  2⤵
  PID:5904
- C:\Windows\System\jsGOIcw.exe
  C:\Windows\System\jsGOIcw.exe
  2⤵
  PID:2120
- C:\Windows\System\AvtcPQp.exe
  C:\Windows\System\AvtcPQp.exe
  2⤵
  PID:1884
- C:\Windows\System\TRSIACv.exe
  C:\Windows\System\TRSIACv.exe
  2⤵
  PID:5320
- C:\Windows\System\PMiGmma.exe
  C:\Windows\System\PMiGmma.exe
  2⤵
  PID:2324
- C:\Windows\System\ACpraNP.exe
  C:\Windows\System\ACpraNP.exe
  2⤵
  PID:5968
- C:\Windows\System\HsvIbDy.exe
  C:\Windows\System\HsvIbDy.exe
  2⤵
  PID:6140
- C:\Windows\System\EiKvFFZ.exe
  C:\Windows\System\EiKvFFZ.exe
  2⤵
  PID:5300
- C:\Windows\System\BIzrrOT.exe
  C:\Windows\System\BIzrrOT.exe
  2⤵
  PID:5108
- C:\Windows\System\iklhSKK.exe
  C:\Windows\System\iklhSKK.exe
  2⤵
  PID:6052
- C:\Windows\System\WPJmCUN.exe
  C:\Windows\System\WPJmCUN.exe
  2⤵
  PID:5532
- C:\Windows\System\FjGqtqg.exe
  C:\Windows\System\FjGqtqg.exe
  2⤵
  PID:5692
- C:\Windows\System\CKXSZqd.exe
  C:\Windows\System\CKXSZqd.exe
  2⤵
  PID:5232
- C:\Windows\System\jiWhoBi.exe
  C:\Windows\System\jiWhoBi.exe
  2⤵
  PID:5852
- C:\Windows\System\OXjTLgE.exe
  C:\Windows\System\OXjTLgE.exe
  2⤵
  PID:6112
- C:\Windows\System\WKCouPO.exe
  C:\Windows\System\WKCouPO.exe
  2⤵
  PID:5876
- C:\Windows\System\OFNKzAf.exe
  C:\Windows\System\OFNKzAf.exe
  2⤵
  PID:5872
- C:\Windows\System\KTgcmGw.exe
  C:\Windows\System\KTgcmGw.exe
  2⤵
  PID:2420
- C:\Windows\System\rlHNlpY.exe
  C:\Windows\System\rlHNlpY.exe
  2⤵
  PID:5420
- C:\Windows\System\sNnZogg.exe
  C:\Windows\System\sNnZogg.exe
  2⤵
  PID:5500
- C:\Windows\System\BYLDdOB.exe
  C:\Windows\System\BYLDdOB.exe
  2⤵
  PID:6036
- C:\Windows\System\XfwUoka.exe
  C:\Windows\System\XfwUoka.exe
  2⤵
  PID:1020
- C:\Windows\System\WrAhRot.exe
  C:\Windows\System\WrAhRot.exe
  2⤵
  PID:5804
- C:\Windows\System\KaWGrmE.exe
  C:\Windows\System\KaWGrmE.exe
  2⤵
  PID:5212
- C:\Windows\System\lezxrDZ.exe
  C:\Windows\System\lezxrDZ.exe
  2⤵
  PID:6148
- C:\Windows\System\rQXXdQd.exe
  C:\Windows\System\rQXXdQd.exe
  2⤵
  PID:6164
- C:\Windows\System\fZmcyNo.exe
  C:\Windows\System\fZmcyNo.exe
  2⤵
  PID:6184
- C:\Windows\System\YKsfuxh.exe
  C:\Windows\System\YKsfuxh.exe
  2⤵
  PID:6208
- C:\Windows\System\IfXcnYF.exe
  C:\Windows\System\IfXcnYF.exe
  2⤵
  PID:6224
- C:\Windows\System\CfkNrmK.exe
  C:\Windows\System\CfkNrmK.exe
  2⤵
  PID:6244
- C:\Windows\System\LWOnmHk.exe
  C:\Windows\System\LWOnmHk.exe
  2⤵
  PID:6260
- C:\Windows\System\lYOislB.exe
  C:\Windows\System\lYOislB.exe
  2⤵
  PID:6276
- C:\Windows\System\lKHJUmu.exe
  C:\Windows\System\lKHJUmu.exe
  2⤵
  PID:6296
- C:\Windows\System\darMzPt.exe
  C:\Windows\System\darMzPt.exe
  2⤵
  PID:6340
- C:\Windows\System\uKGwmiQ.exe
  C:\Windows\System\uKGwmiQ.exe
  2⤵
  PID:6356
- C:\Windows\System\sTIhNFE.exe
  C:\Windows\System\sTIhNFE.exe
  2⤵
  PID:6372
- C:\Windows\System\kpWcjjQ.exe
  C:\Windows\System\kpWcjjQ.exe
  2⤵
  PID:6392
- C:\Windows\System\YOREBvu.exe
  C:\Windows\System\YOREBvu.exe
  2⤵
  PID:6408
- C:\Windows\System\DODYMun.exe
  C:\Windows\System\DODYMun.exe
  2⤵
  PID:6428
- C:\Windows\System\xSBSUuv.exe
  C:\Windows\System\xSBSUuv.exe
  2⤵
  PID:6448
- C:\Windows\System\qKlvdfR.exe
  C:\Windows\System\qKlvdfR.exe
  2⤵
  PID:6464
- C:\Windows\System\hQMEExF.exe
  C:\Windows\System\hQMEExF.exe
  2⤵
  PID:6480
- C:\Windows\System\ryIdAOy.exe
  C:\Windows\System\ryIdAOy.exe
  2⤵
  PID:6524
- C:\Windows\System\EMFIEYJ.exe
  C:\Windows\System\EMFIEYJ.exe
  2⤵
  PID:6540
- C:\Windows\System\mFGKoyx.exe
  C:\Windows\System\mFGKoyx.exe
  2⤵
  PID:6560
- C:\Windows\System\wPMGFbj.exe
  C:\Windows\System\wPMGFbj.exe
  2⤵
  PID:6576
- C:\Windows\System\qtVITgO.exe
  C:\Windows\System\qtVITgO.exe
  2⤵
  PID:6592
- C:\Windows\System\KSmqLHR.exe
  C:\Windows\System\KSmqLHR.exe
  2⤵
  PID:6624
- C:\Windows\System\DJYiyDP.exe
  C:\Windows\System\DJYiyDP.exe
  2⤵
  PID:6640
- C:\Windows\System\HZahnor.exe
  C:\Windows\System\HZahnor.exe
  2⤵
  PID:6656
- C:\Windows\System\IfPtcSP.exe
  C:\Windows\System\IfPtcSP.exe
  2⤵
  PID:6672
- C:\Windows\System\spmJEsg.exe
  C:\Windows\System\spmJEsg.exe
  2⤵
  PID:6704
- C:\Windows\System\zUSDsNk.exe
  C:\Windows\System\zUSDsNk.exe
  2⤵
  PID:6720
- C:\Windows\System\waMuQLb.exe
  C:\Windows\System\waMuQLb.exe
  2⤵
  PID:6736
- C:\Windows\System\lVEkkCV.exe
  C:\Windows\System\lVEkkCV.exe
  2⤵
  PID:6752
- C:\Windows\System\XcGLpkR.exe
  C:\Windows\System\XcGLpkR.exe
  2⤵
  PID:6772
- C:\Windows\System\neenSMi.exe
  C:\Windows\System\neenSMi.exe
  2⤵
  PID:6792
- C:\Windows\System\BaYjaQn.exe
  C:\Windows\System\BaYjaQn.exe
  2⤵
  PID:6808
- C:\Windows\System\fpQmwXH.exe
  C:\Windows\System\fpQmwXH.exe
  2⤵
  PID:6828
- C:\Windows\System\JKAlGVw.exe
  C:\Windows\System\JKAlGVw.exe
  2⤵
  PID:6844
- C:\Windows\System\aPpsXEi.exe
  C:\Windows\System\aPpsXEi.exe
  2⤵
  PID:6884
- C:\Windows\System\SfZJTCx.exe
  C:\Windows\System\SfZJTCx.exe
  2⤵
  PID:6900
- C:\Windows\System\ocSpebc.exe
  C:\Windows\System\ocSpebc.exe
  2⤵
  PID:6916
- C:\Windows\System\GmpRJeE.exe
  C:\Windows\System\GmpRJeE.exe
  2⤵
  PID:6936
- C:\Windows\System\FgsPCFi.exe
  C:\Windows\System\FgsPCFi.exe
  2⤵
  PID:6956
- C:\Windows\System\OkKxBis.exe
  C:\Windows\System\OkKxBis.exe
  2⤵
  PID:6984
- C:\Windows\System\PMaCtbp.exe
  C:\Windows\System\PMaCtbp.exe
  2⤵
  PID:7008
- C:\Windows\System\hzfbaCv.exe
  C:\Windows\System\hzfbaCv.exe
  2⤵
  PID:7024
- C:\Windows\System\vAkxfjL.exe
  C:\Windows\System\vAkxfjL.exe
  2⤵
  PID:7040
- C:\Windows\System\qgjjbFW.exe
  C:\Windows\System\qgjjbFW.exe
  2⤵
  PID:7060
- C:\Windows\System\BZsfUsH.exe
  C:\Windows\System\BZsfUsH.exe
  2⤵
  PID:7076
- C:\Windows\System\jtRKZGW.exe
  C:\Windows\System\jtRKZGW.exe
  2⤵
  PID:7104
- C:\Windows\System\ryLrxsz.exe
  C:\Windows\System\ryLrxsz.exe
  2⤵
  PID:7120
- C:\Windows\System\XVvuKMC.exe
  C:\Windows\System\XVvuKMC.exe
  2⤵
  PID:7148
- C:\Windows\System\ApaPYGD.exe
  C:\Windows\System\ApaPYGD.exe
  2⤵
  PID:7164
- C:\Windows\System\dDqiVbS.exe
  C:\Windows\System\dDqiVbS.exe
  2⤵
  PID:6192
- C:\Windows\System\cYONwEa.exe
  C:\Windows\System\cYONwEa.exe
  2⤵
  PID:6204
- C:\Windows\System\cCIjdSE.exe
  C:\Windows\System\cCIjdSE.exe
  2⤵
  PID:6268
- C:\Windows\System\RAWWaEU.exe
  C:\Windows\System\RAWWaEU.exe
  2⤵
  PID:5856
- C:\Windows\System\fFLRhkL.exe
  C:\Windows\System\fFLRhkL.exe
  2⤵
  PID:1400
- C:\Windows\System\MOboWtD.exe
  C:\Windows\System\MOboWtD.exe
  2⤵
  PID:6328
- C:\Windows\System\YZLnOQr.exe
  C:\Windows\System\YZLnOQr.exe
  2⤵
  PID:4768
- C:\Windows\System\GHiOEvs.exe
  C:\Windows\System\GHiOEvs.exe
  2⤵
  PID:6404
- C:\Windows\System\NmdkYdh.exe
  C:\Windows\System\NmdkYdh.exe
  2⤵
  PID:6120
- C:\Windows\System\GcJIUWn.exe
  C:\Windows\System\GcJIUWn.exe
  2⤵
  PID:6476
- C:\Windows\System\kskiVSs.exe
  C:\Windows\System\kskiVSs.exe
  2⤵
  PID:6220
- C:\Windows\System\MSkQRKu.exe
  C:\Windows\System\MSkQRKu.exe
  2⤵
  PID:6388
- C:\Windows\System\mnlfIAt.exe
  C:\Windows\System\mnlfIAt.exe
  2⤵
  PID:6456
- C:\Windows\System\nIGjxvw.exe
  C:\Windows\System\nIGjxvw.exe
  2⤵
  PID:6568
- C:\Windows\System\kIBNtDB.exe
  C:\Windows\System\kIBNtDB.exe
  2⤵
  PID:6616
- C:\Windows\System\FgnthPL.exe
  C:\Windows\System\FgnthPL.exe
  2⤵
  PID:6512
- C:\Windows\System\pKgGXUs.exe
  C:\Windows\System\pKgGXUs.exe
  2⤵
  PID:6496
- C:\Windows\System\vwOUusq.exe
  C:\Windows\System\vwOUusq.exe
  2⤵
  PID:6588
- C:\Windows\System\nkitRuw.exe
  C:\Windows\System\nkitRuw.exe
  2⤵
  PID:6680
- C:\Windows\System\fpEQxpJ.exe
  C:\Windows\System\fpEQxpJ.exe
  2⤵
  PID:6664
- C:\Windows\System\OVSoeyF.exe
  C:\Windows\System\OVSoeyF.exe
  2⤵
  PID:6764
- C:\Windows\System\eDjFmtw.exe
  C:\Windows\System\eDjFmtw.exe
  2⤵
  PID:2696
- C:\Windows\System\pgbRuoK.exe
  C:\Windows\System\pgbRuoK.exe
  2⤵
  PID:6780
- C:\Windows\System\zOPtkxx.exe
  C:\Windows\System\zOPtkxx.exe
  2⤵
  PID:6748
- C:\Windows\System\srkPlIV.exe
  C:\Windows\System\srkPlIV.exe
  2⤵
  PID:6820
- C:\Windows\System\FvLJtvN.exe
  C:\Windows\System\FvLJtvN.exe
  2⤵
  PID:6868
- C:\Windows\System\KERmIsY.exe
  C:\Windows\System\KERmIsY.exe
  2⤵
  PID:6932
- C:\Windows\System\GpsBemh.exe
  C:\Windows\System\GpsBemh.exe
  2⤵
  PID:6972
- C:\Windows\System\XMxpogK.exe
  C:\Windows\System\XMxpogK.exe
  2⤵
  PID:6948
- C:\Windows\System\RPpmakW.exe
  C:\Windows\System\RPpmakW.exe
  2⤵
  PID:6992
- C:\Windows\System\ARQNjLj.exe
  C:\Windows\System\ARQNjLj.exe
  2⤵
  PID:7096
- C:\Windows\System\lUXMXBE.exe
  C:\Windows\System\lUXMXBE.exe
  2⤵
  PID:7036
- C:\Windows\System\cgwgley.exe
  C:\Windows\System\cgwgley.exe
  2⤵
  PID:7116
- C:\Windows\System\frvNjdg.exe
  C:\Windows\System\frvNjdg.exe
  2⤵
  PID:6156
- C:\Windows\System\TdqeQkf.exe
  C:\Windows\System\TdqeQkf.exe
  2⤵
  PID:6304
- C:\Windows\System\kFpQlZF.exe
  C:\Windows\System\kFpQlZF.exe
  2⤵
  PID:2160
- C:\Windows\System\BzLigSm.exe
  C:\Windows\System\BzLigSm.exe
  2⤵
  PID:5712
- C:\Windows\System\dHsddhi.exe
  C:\Windows\System\dHsddhi.exe
  2⤵
  PID:6308
- C:\Windows\System\eZIXyZD.exe
  C:\Windows\System\eZIXyZD.exe
  2⤵
  PID:6320
- C:\Windows\System\dsuNGrB.exe
  C:\Windows\System\dsuNGrB.exe
  2⤵
  PID:6288
- C:\Windows\System\yIInegb.exe
  C:\Windows\System\yIInegb.exe
  2⤵
  PID:6424
- C:\Windows\System\hSkOBzi.exe
  C:\Windows\System\hSkOBzi.exe
  2⤵
  PID:6380
- C:\Windows\System\prWZqvE.exe
  C:\Windows\System\prWZqvE.exe
  2⤵
  PID:6532
- C:\Windows\System\XqklLWy.exe
  C:\Windows\System\XqklLWy.exe
  2⤵
  PID:6612
- C:\Windows\System\pEyDmTU.exe
  C:\Windows\System\pEyDmTU.exe
  2⤵
  PID:6648
- C:\Windows\System\eGZpbka.exe
  C:\Windows\System\eGZpbka.exe
  2⤵
  PID:6692
- C:\Windows\System\tuzSegx.exe
  C:\Windows\System\tuzSegx.exe
  2⤵
  PID:6840
- C:\Windows\System\KNvQsjR.exe
  C:\Windows\System\KNvQsjR.exe
  2⤵
  PID:6856
- C:\Windows\System\yrblhvS.exe
  C:\Windows\System\yrblhvS.exe
  2⤵
  PID:6860
- C:\Windows\System\jTBDOMe.exe
  C:\Windows\System\jTBDOMe.exe
  2⤵
  PID:6908
- C:\Windows\System\ZiPBUug.exe
  C:\Windows\System\ZiPBUug.exe
  2⤵
  PID:6712
- C:\Windows\System\fTaNuZn.exe
  C:\Windows\System\fTaNuZn.exe
  2⤵
  PID:6872
- C:\Windows\System\UcgVaVA.exe
  C:\Windows\System\UcgVaVA.exe
  2⤵
  PID:7136
- C:\Windows\System\RZaIAxo.exe
  C:\Windows\System\RZaIAxo.exe
  2⤵
  PID:6196
- C:\Windows\System\ucBMBhN.exe
  C:\Windows\System\ucBMBhN.exe
  2⤵
  PID:2332
- C:\Windows\System\eXfGqVQ.exe
  C:\Windows\System\eXfGqVQ.exe
  2⤵
  PID:6336
- C:\Windows\System\naIIZAx.exe
  C:\Windows\System\naIIZAx.exe
  2⤵
  PID:5892
- C:\Windows\System\dDQwbyF.exe
  C:\Windows\System\dDQwbyF.exe
  2⤵
  PID:6488
- C:\Windows\System\YnpJfAw.exe
  C:\Windows\System\YnpJfAw.exe
  2⤵
  PID:6292
- C:\Windows\System\paJmAXx.exe
  C:\Windows\System\paJmAXx.exe
  2⤵
  PID:6552
- C:\Windows\System\AHeGtYH.exe
  C:\Windows\System\AHeGtYH.exe
  2⤵
  PID:6700
- C:\Windows\System\dVMddNx.exe
  C:\Windows\System\dVMddNx.exe
  2⤵
  PID:6876
- C:\Windows\System\pqoENTj.exe
  C:\Windows\System\pqoENTj.exe
  2⤵
  PID:6836
- C:\Windows\System\GXDTHLN.exe
  C:\Windows\System\GXDTHLN.exe
  2⤵
  PID:7016
- C:\Windows\System\BvzvHKr.exe
  C:\Windows\System\BvzvHKr.exe
  2⤵
  PID:6996
- C:\Windows\System\TdADPYI.exe
  C:\Windows\System\TdADPYI.exe
  2⤵
  PID:6744
- C:\Windows\System\JTbjvzg.exe
  C:\Windows\System\JTbjvzg.exe
  2⤵
  PID:6200
- C:\Windows\System\qATCAZq.exe
  C:\Windows\System\qATCAZq.exe
  2⤵
  PID:5908
- C:\Windows\System\vrvzjhZ.exe
  C:\Windows\System\vrvzjhZ.exe
  2⤵
  PID:6216
- C:\Windows\System\OJBBylt.exe
  C:\Windows\System\OJBBylt.exe
  2⤵
  PID:6520
- C:\Windows\System\EnRbCkH.exe
  C:\Windows\System\EnRbCkH.exe
  2⤵
  PID:7088
- C:\Windows\System\pqLglIO.exe
  C:\Windows\System\pqLglIO.exe
  2⤵
  PID:6584
- C:\Windows\System\IPrWGId.exe
  C:\Windows\System\IPrWGId.exe
  2⤵
  PID:7020
- C:\Windows\System\xXWpuaO.exe
  C:\Windows\System\xXWpuaO.exe
  2⤵
  PID:6864
- C:\Windows\System\lmAmzmc.exe
  C:\Windows\System\lmAmzmc.exe
  2⤵
  PID:6316
- C:\Windows\System\jgzLdlf.exe
  C:\Windows\System\jgzLdlf.exe
  2⤵
  PID:6352
- C:\Windows\System\ooasIXu.exe
  C:\Windows\System\ooasIXu.exe
  2⤵
  PID:6892
- C:\Windows\System\IkWAZzS.exe
  C:\Windows\System\IkWAZzS.exe
  2⤵
  PID:7176
- C:\Windows\System\IUmIFAu.exe
  C:\Windows\System\IUmIFAu.exe
  2⤵
  PID:7192
- C:\Windows\System\scdISop.exe
  C:\Windows\System\scdISop.exe
  2⤵
  PID:7208
- C:\Windows\System\OAFHegl.exe
  C:\Windows\System\OAFHegl.exe
  2⤵
  PID:7224
- C:\Windows\System\OkHrahk.exe
  C:\Windows\System\OkHrahk.exe
  2⤵
  PID:7256
- C:\Windows\System\IBkYoBo.exe
  C:\Windows\System\IBkYoBo.exe
  2⤵
  PID:7276
- C:\Windows\System\okVJwgW.exe
  C:\Windows\System\okVJwgW.exe
  2⤵
  PID:7292
- C:\Windows\System\xJshkIu.exe
  C:\Windows\System\xJshkIu.exe
  2⤵
  PID:7308
- C:\Windows\System\zdbfdCJ.exe
  C:\Windows\System\zdbfdCJ.exe
  2⤵
  PID:7328
- C:\Windows\System\mxNuoSO.exe
  C:\Windows\System\mxNuoSO.exe
  2⤵
  PID:7348
- C:\Windows\System\skhlPDd.exe
  C:\Windows\System\skhlPDd.exe
  2⤵
  PID:7364
- C:\Windows\System\QlujkGM.exe
  C:\Windows\System\QlujkGM.exe
  2⤵
  PID:7384
- C:\Windows\System\nkraHMr.exe
  C:\Windows\System\nkraHMr.exe
  2⤵
  PID:7400
- C:\Windows\System\sYxhwlF.exe
  C:\Windows\System\sYxhwlF.exe
  2⤵
  PID:7416
- C:\Windows\System\WzjeITj.exe
  C:\Windows\System\WzjeITj.exe
  2⤵
  PID:7440
- C:\Windows\System\blopnSZ.exe
  C:\Windows\System\blopnSZ.exe
  2⤵
  PID:7456
- C:\Windows\System\ZMKzUBJ.exe
  C:\Windows\System\ZMKzUBJ.exe
  2⤵
  PID:7476
- C:\Windows\System\upbeWby.exe
  C:\Windows\System\upbeWby.exe
  2⤵
  PID:7492
- C:\Windows\System\ejrITUx.exe
  C:\Windows\System\ejrITUx.exe
  2⤵
  PID:7512
- C:\Windows\System\AdvjQHy.exe
  C:\Windows\System\AdvjQHy.exe
  2⤵
  PID:7528
- C:\Windows\System\BYqHZac.exe
  C:\Windows\System\BYqHZac.exe
  2⤵
  PID:7552
- C:\Windows\System\GdRdyQV.exe
  C:\Windows\System\GdRdyQV.exe
  2⤵
  PID:7572
- C:\Windows\System\AFUArCF.exe
  C:\Windows\System\AFUArCF.exe
  2⤵
  PID:7612
- C:\Windows\System\Bjmdgej.exe
  C:\Windows\System\Bjmdgej.exe
  2⤵
  PID:7628
- C:\Windows\System\jGRDCTz.exe
  C:\Windows\System\jGRDCTz.exe
  2⤵
  PID:7648
- C:\Windows\System\uEtUgHP.exe
  C:\Windows\System\uEtUgHP.exe
  2⤵
  PID:7680
- C:\Windows\System\edXnSUM.exe
  C:\Windows\System\edXnSUM.exe
  2⤵
  PID:7696
- C:\Windows\System\nYGIjzs.exe
  C:\Windows\System\nYGIjzs.exe
  2⤵
  PID:7720
- C:\Windows\System\lCwFlvW.exe
  C:\Windows\System\lCwFlvW.exe
  2⤵
  PID:7736
- C:\Windows\System\xGhCtVY.exe
  C:\Windows\System\xGhCtVY.exe
  2⤵
  PID:7756
- C:\Windows\System\rKCKhEs.exe
  C:\Windows\System\rKCKhEs.exe
  2⤵
  PID:7780
- C:\Windows\System\RkhsGbT.exe
  C:\Windows\System\RkhsGbT.exe
  2⤵
  PID:7796
- C:\Windows\System\JAxsycJ.exe
  C:\Windows\System\JAxsycJ.exe
  2⤵
  PID:7816
- C:\Windows\System\XNlAWJN.exe
  C:\Windows\System\XNlAWJN.exe
  2⤵
  PID:7832
- C:\Windows\System\wZrseeL.exe
  C:\Windows\System\wZrseeL.exe
  2⤵
  PID:7852
- C:\Windows\System\XlLjELr.exe
  C:\Windows\System\XlLjELr.exe
  2⤵
  PID:7868
- C:\Windows\System\RnMXtWu.exe
  C:\Windows\System\RnMXtWu.exe
  2⤵
  PID:7892
- C:\Windows\System\IGFiCtS.exe
  C:\Windows\System\IGFiCtS.exe
  2⤵
  PID:7908
- C:\Windows\System\HtgKsoD.exe
  C:\Windows\System\HtgKsoD.exe
  2⤵
  PID:7940
- C:\Windows\System\UiiUiCZ.exe
  C:\Windows\System\UiiUiCZ.exe
  2⤵
  PID:7968
- C:\Windows\System\SrZjQIc.exe
  C:\Windows\System\SrZjQIc.exe
  2⤵
  PID:7984
- C:\Windows\System\IjvEZeS.exe
  C:\Windows\System\IjvEZeS.exe
  2⤵
  PID:8000
- C:\Windows\System\pvQZYqt.exe
  C:\Windows\System\pvQZYqt.exe
  2⤵
  PID:8016
- C:\Windows\System\szWvmaO.exe
  C:\Windows\System\szWvmaO.exe
  2⤵
  PID:8036
- C:\Windows\System\wdLjjKP.exe
  C:\Windows\System\wdLjjKP.exe
  2⤵
  PID:8052
- C:\Windows\System\mnXuDCo.exe
  C:\Windows\System\mnXuDCo.exe
  2⤵
  PID:8072
- C:\Windows\System\uKXKMeE.exe
  C:\Windows\System\uKXKMeE.exe
  2⤵
  PID:8096
- C:\Windows\System\jfPKgPk.exe
  C:\Windows\System\jfPKgPk.exe
  2⤵
  PID:8116
- C:\Windows\System\qdNdKdm.exe
  C:\Windows\System\qdNdKdm.exe
  2⤵
  PID:8132
- C:\Windows\System\uRItDfV.exe
  C:\Windows\System\uRItDfV.exe
  2⤵
  PID:8148
- C:\Windows\System\TfNkoYZ.exe
  C:\Windows\System\TfNkoYZ.exe
  2⤵
  PID:8164
- C:\Windows\System\NxpLKAi.exe
  C:\Windows\System\NxpLKAi.exe
  2⤵
  PID:8180
- C:\Windows\System\EiEZZGG.exe
  C:\Windows\System\EiEZZGG.exe
  2⤵
  PID:7092
- C:\Windows\System\aKmlEWs.exe
  C:\Windows\System\aKmlEWs.exe
  2⤵
  PID:7184
- C:\Windows\System\BEvGJwU.exe
  C:\Windows\System\BEvGJwU.exe
  2⤵
  PID:6696
- C:\Windows\System\wRZMRMj.exe
  C:\Windows\System\wRZMRMj.exe
  2⤵
  PID:7272
- C:\Windows\System\HYEUjwO.exe
  C:\Windows\System\HYEUjwO.exe
  2⤵
  PID:7236
- C:\Windows\System\xkhKSgb.exe
  C:\Windows\System\xkhKSgb.exe
  2⤵
  PID:7340
- C:\Windows\System\gmPtMQn.exe
  C:\Windows\System\gmPtMQn.exe
  2⤵
  PID:7452
- C:\Windows\System\cKuVZLY.exe
  C:\Windows\System\cKuVZLY.exe
  2⤵
  PID:7252
- C:\Windows\System\VRpPIkV.exe
  C:\Windows\System\VRpPIkV.exe
  2⤵
  PID:7524
- C:\Windows\System\VOFkraL.exe
  C:\Windows\System\VOFkraL.exe
  2⤵
  PID:7288
- C:\Windows\System\EGIDNop.exe
  C:\Windows\System\EGIDNop.exe
  2⤵
  PID:7428
- C:\Windows\System\jPOEojw.exe
  C:\Windows\System\jPOEojw.exe
  2⤵
  PID:7508
- C:\Windows\System\lYmaTGf.exe
  C:\Windows\System\lYmaTGf.exe
  2⤵
  PID:7564
- C:\Windows\System\smJithg.exe
  C:\Windows\System\smJithg.exe
  2⤵
  PID:7584
- C:\Windows\System\epzJgUW.exe
  C:\Windows\System\epzJgUW.exe
  2⤵
  PID:7600
- C:\Windows\System\jrHWHKF.exe
  C:\Windows\System\jrHWHKF.exe
  2⤵
  PID:7664
- C:\Windows\System\IkPnlca.exe
  C:\Windows\System\IkPnlca.exe
  2⤵
  PID:7608
- C:\Windows\System\BMaAJoP.exe
  C:\Windows\System\BMaAJoP.exe
  2⤵
  PID:7688
- C:\Windows\System\rSgKyrE.exe
  C:\Windows\System\rSgKyrE.exe
  2⤵
  PID:7716
- C:\Windows\System\hclvCLr.exe
  C:\Windows\System\hclvCLr.exe
  2⤵
  PID:7764
- C:\Windows\System\rTwrCPQ.exe
  C:\Windows\System\rTwrCPQ.exe
  2⤵
  PID:7828
- C:\Windows\System\lSmAuhE.exe
  C:\Windows\System\lSmAuhE.exe
  2⤵
  PID:7772
- C:\Windows\System\JeyOQkY.exe
  C:\Windows\System\JeyOQkY.exe
  2⤵
  PID:7884
- C:\Windows\System\jAwZXUn.exe
  C:\Windows\System\jAwZXUn.exe
  2⤵
  PID:7916
- C:\Windows\System\DwtflPq.exe
  C:\Windows\System\DwtflPq.exe
  2⤵
  PID:7960
- C:\Windows\System\NsGjVER.exe
  C:\Windows\System\NsGjVER.exe
  2⤵
  PID:7996
- C:\Windows\System\ckRMiti.exe
  C:\Windows\System\ckRMiti.exe
  2⤵
  PID:8064
- C:\Windows\System\gxKdKpR.exe
  C:\Windows\System\gxKdKpR.exe
  2⤵
  PID:7004
- C:\Windows\System\gDQyINz.exe
  C:\Windows\System\gDQyINz.exe
  2⤵
  PID:7976
- C:\Windows\System\dQIfNQa.exe
  C:\Windows\System\dQIfNQa.exe
  2⤵
  PID:7216
- C:\Windows\System\YjDLFCE.exe
  C:\Windows\System\YjDLFCE.exe
  2⤵
  PID:6472
- C:\Windows\System\XXzAgnY.exe
  C:\Windows\System\XXzAgnY.exe
  2⤵
  PID:6508
- C:\Windows\System\RQfGrkl.exe
  C:\Windows\System\RQfGrkl.exe
  2⤵
  PID:8048
- C:\Windows\System\xSBTtbx.exe
  C:\Windows\System\xSBTtbx.exe
  2⤵
  PID:8128
- C:\Windows\System\SwZUwaZ.exe
  C:\Windows\System\SwZUwaZ.exe
  2⤵
  PID:6368
- C:\Windows\System\LWzRUwq.exe
  C:\Windows\System\LWzRUwq.exe
  2⤵
  PID:7412
- C:\Windows\System\UGOHxzM.exe
  C:\Windows\System\UGOHxzM.exe
  2⤵
  PID:7536
- C:\Windows\System\lmVKyzT.exe
  C:\Windows\System\lmVKyzT.exe
  2⤵
  PID:7360
- C:\Windows\System\WsQnDPv.exe
  C:\Windows\System\WsQnDPv.exe
  2⤵
  PID:7248
- C:\Windows\System\xtirpmM.exe
  C:\Windows\System\xtirpmM.exe
  2⤵
  PID:7392
- C:\Windows\System\KOPBEjh.exe
  C:\Windows\System\KOPBEjh.exe
  2⤵
  PID:7580
- C:\Windows\System\WiUZGei.exe
  C:\Windows\System\WiUZGei.exe
  2⤵
  PID:7752
- C:\Windows\System\NFfQDWm.exe
  C:\Windows\System\NFfQDWm.exe
  2⤵
  PID:7732
- C:\Windows\System\zAyRGHb.exe
  C:\Windows\System\zAyRGHb.exe
  2⤵
  PID:7712
- C:\Windows\System\IXhaKSH.exe
  C:\Windows\System\IXhaKSH.exe
  2⤵
  PID:7804
- C:\Windows\System\LTuuZoJ.exe
  C:\Windows\System\LTuuZoJ.exe
  2⤵
  PID:8028
- C:\Windows\System\OXsSxXr.exe
  C:\Windows\System\OXsSxXr.exe
  2⤵
  PID:7848
- C:\Windows\System\vhToavS.exe
  C:\Windows\System\vhToavS.exe
  2⤵
  PID:7928
- C:\Windows\System\yKxawxe.exe
  C:\Windows\System\yKxawxe.exe
  2⤵
  PID:8060
- C:\Windows\System\yzgCVnW.exe
  C:\Windows\System\yzgCVnW.exe
  2⤵
  PID:7924
- C:\Windows\System\ZfRznBL.exe
  C:\Windows\System\ZfRznBL.exe
  2⤵
  PID:7032
- C:\Windows\System\NTesRcL.exe
  C:\Windows\System\NTesRcL.exe
  2⤵
  PID:7264
- C:\Windows\System\GipkKOv.exe
  C:\Windows\System\GipkKOv.exe
  2⤵
  PID:8012
- C:\Windows\System\glnjFLk.exe
  C:\Windows\System\glnjFLk.exe
  2⤵
  PID:7488
- C:\Windows\System\vEjFsnV.exe
  C:\Windows\System\vEjFsnV.exe
  2⤵
  PID:7472
- C:\Windows\System\BoohEnG.exe
  C:\Windows\System\BoohEnG.exe
  2⤵
  PID:7448
- C:\Windows\System\QLkWSrm.exe
  C:\Windows\System\QLkWSrm.exe
  2⤵
  PID:7568
- C:\Windows\System\rMuRurj.exe
  C:\Windows\System\rMuRurj.exe
  2⤵
  PID:7656
- C:\Windows\System\hopFXrb.exe
  C:\Windows\System\hopFXrb.exe
  2⤵
  PID:7792
- C:\Windows\System\HXCajbj.exe
  C:\Windows\System\HXCajbj.exe
  2⤵
  PID:7728
- C:\Windows\System\PqLTsEl.exe
  C:\Windows\System\PqLTsEl.exe
  2⤵
  PID:7840
- C:\Windows\System\YYqeORz.exe
  C:\Windows\System\YYqeORz.exe
  2⤵
  PID:7220
- C:\Windows\System\YYEkyQH.exe
  C:\Windows\System\YYEkyQH.exe
  2⤵
  PID:8032
- C:\Windows\System\gsfpTCI.exe
  C:\Windows\System\gsfpTCI.exe
  2⤵
  PID:8188
- C:\Windows\System\DJnQjEp.exe
  C:\Windows\System\DJnQjEp.exe
  2⤵
  PID:7432
- C:\Windows\System\ehKVqJS.exe
  C:\Windows\System\ehKVqJS.exe
  2⤵
  PID:7268
- C:\Windows\System\OmlKLoq.exe
  C:\Windows\System\OmlKLoq.exe
  2⤵
  PID:7660
- C:\Windows\System\nhGiDkp.exe
  C:\Windows\System\nhGiDkp.exe
  2⤵
  PID:2948
- C:\Windows\System\Exrsiul.exe
  C:\Windows\System\Exrsiul.exe
  2⤵
  PID:7676
- C:\Windows\System\UUAyWas.exe
  C:\Windows\System\UUAyWas.exe
  2⤵
  PID:7952
- C:\Windows\System\GfhNsLX.exe
  C:\Windows\System\GfhNsLX.exe
  2⤵
  PID:7160
- C:\Windows\System\KRFzmId.exe
  C:\Windows\System\KRFzmId.exe
  2⤵
  PID:7336
- C:\Windows\System\LufUFsJ.exe
  C:\Windows\System\LufUFsJ.exe
  2⤵
  PID:8008
- C:\Windows\System\dmGgtBd.exe
  C:\Windows\System\dmGgtBd.exe
  2⤵
  PID:7320
- C:\Windows\System\uCImRBj.exe
  C:\Windows\System\uCImRBj.exe
  2⤵
  PID:7864
- C:\Windows\System\TGEZMQS.exe
  C:\Windows\System\TGEZMQS.exe
  2⤵
  PID:8196
- C:\Windows\System\SGPTSEK.exe
  C:\Windows\System\SGPTSEK.exe
  2⤵
  PID:8212
- C:\Windows\System\nXXkQsW.exe
  C:\Windows\System\nXXkQsW.exe
  2⤵
  PID:8228
- C:\Windows\System\IPeIwDR.exe
  C:\Windows\System\IPeIwDR.exe
  2⤵
  PID:8244
- C:\Windows\System\jnVLdPj.exe
  C:\Windows\System\jnVLdPj.exe
  2⤵
  PID:8264
- C:\Windows\System\XieKMnx.exe
  C:\Windows\System\XieKMnx.exe
  2⤵
  PID:8284
- C:\Windows\System\xHhbjtp.exe
  C:\Windows\System\xHhbjtp.exe
  2⤵
  PID:8300
- C:\Windows\System\MvCvFsj.exe
  C:\Windows\System\MvCvFsj.exe
  2⤵
  PID:8316
- C:\Windows\System\PCxsHDd.exe
  C:\Windows\System\PCxsHDd.exe
  2⤵
  PID:8332
- C:\Windows\System\LziRdzH.exe
  C:\Windows\System\LziRdzH.exe
  2⤵
  PID:8356
- C:\Windows\System\NuGSbdW.exe
  C:\Windows\System\NuGSbdW.exe
  2⤵
  PID:8376
- C:\Windows\System\ECZmGUh.exe
  C:\Windows\System\ECZmGUh.exe
  2⤵
  PID:8400
- C:\Windows\System\SUDKFME.exe
  C:\Windows\System\SUDKFME.exe
  2⤵
  PID:8416
- C:\Windows\System\AqJZvSh.exe
  C:\Windows\System\AqJZvSh.exe
  2⤵
  PID:8432
- C:\Windows\System\uasDJbj.exe
  C:\Windows\System\uasDJbj.exe
  2⤵
  PID:8452
- C:\Windows\System\kFaBQYO.exe
  C:\Windows\System\kFaBQYO.exe
  2⤵
  PID:8468
- C:\Windows\System\TVSlVqu.exe
  C:\Windows\System\TVSlVqu.exe
  2⤵
  PID:8488
- C:\Windows\System\GHmAess.exe
  C:\Windows\System\GHmAess.exe
  2⤵
  PID:8508
- C:\Windows\System\CCjlfSW.exe
  C:\Windows\System\CCjlfSW.exe
  2⤵
  PID:8548
- C:\Windows\System\UZwrkgC.exe
  C:\Windows\System\UZwrkgC.exe
  2⤵
  PID:8580
- C:\Windows\System\GqgvCGh.exe
  C:\Windows\System\GqgvCGh.exe
  2⤵
  PID:8608
- C:\Windows\System\TjkQcWm.exe
  C:\Windows\System\TjkQcWm.exe
  2⤵
  PID:8624
- C:\Windows\System\Tgaqixp.exe
  C:\Windows\System\Tgaqixp.exe
  2⤵
  PID:8652
- C:\Windows\System\tGgIFWW.exe
  C:\Windows\System\tGgIFWW.exe
  2⤵
  PID:8672
- C:\Windows\System\OcwoLKJ.exe
  C:\Windows\System\OcwoLKJ.exe
  2⤵
  PID:8688
- C:\Windows\System\BbIxYXS.exe
  C:\Windows\System\BbIxYXS.exe
  2⤵
  PID:8708
- C:\Windows\System\sozXzTx.exe
  C:\Windows\System\sozXzTx.exe
  2⤵
  PID:8724
- C:\Windows\System\qsKxKOw.exe
  C:\Windows\System\qsKxKOw.exe
  2⤵
  PID:8748
- C:\Windows\System\RvNsBbj.exe
  C:\Windows\System\RvNsBbj.exe
  2⤵
  PID:8768
- C:\Windows\System\FwIkTZy.exe
  C:\Windows\System\FwIkTZy.exe
  2⤵
  PID:8788
- C:\Windows\System\hLwChTL.exe
  C:\Windows\System\hLwChTL.exe
  2⤵
  PID:8804
- C:\Windows\System\ojetUms.exe
  C:\Windows\System\ojetUms.exe
  2⤵
  PID:8820
- C:\Windows\System\zaeSexk.exe
  C:\Windows\System\zaeSexk.exe
  2⤵
  PID:8836
- C:\Windows\System\vDbycMz.exe
  C:\Windows\System\vDbycMz.exe
  2⤵
  PID:8856
- C:\Windows\System\sAdJZjB.exe
  C:\Windows\System\sAdJZjB.exe
  2⤵
  PID:8904
- C:\Windows\System\YedOmsx.exe
  C:\Windows\System\YedOmsx.exe
  2⤵
  PID:8920
- C:\Windows\System\fJnOFmY.exe
  C:\Windows\System\fJnOFmY.exe
  2⤵
  PID:8936
- C:\Windows\System\EgZWjdP.exe
  C:\Windows\System\EgZWjdP.exe
  2⤵
  PID:8952
- C:\Windows\System\AJnwCwp.exe
  C:\Windows\System\AJnwCwp.exe
  2⤵
  PID:8968
- C:\Windows\System\xkYtZic.exe
  C:\Windows\System\xkYtZic.exe
  2⤵
  PID:8992
- C:\Windows\System\kHlUFqR.exe
  C:\Windows\System\kHlUFqR.exe
  2⤵
  PID:9008
- C:\Windows\System\qfpnVgo.exe
  C:\Windows\System\qfpnVgo.exe
  2⤵
  PID:9028
- C:\Windows\System\hrqTwSq.exe
  C:\Windows\System\hrqTwSq.exe
  2⤵
  PID:9048
- C:\Windows\System\VOaIBHA.exe
  C:\Windows\System\VOaIBHA.exe
  2⤵
  PID:9084
- C:\Windows\System\OnPEAnk.exe
  C:\Windows\System\OnPEAnk.exe
  2⤵
  PID:9100
- C:\Windows\System\DzUiSRK.exe
  C:\Windows\System\DzUiSRK.exe
  2⤵
  PID:9116
- C:\Windows\System\suCtmAN.exe
  C:\Windows\System\suCtmAN.exe
  2⤵
  PID:9132
- C:\Windows\System\SSRALdj.exe
  C:\Windows\System\SSRALdj.exe
  2⤵
  PID:9156
- C:\Windows\System\tWHKFEy.exe
  C:\Windows\System\tWHKFEy.exe
  2⤵
  PID:9172
- C:\Windows\System\rxdwtfH.exe
  C:\Windows\System\rxdwtfH.exe
  2⤵
  PID:9188
- C:\Windows\System\PibYIbx.exe
  C:\Windows\System\PibYIbx.exe
  2⤵
  PID:9204
- C:\Windows\System\cGnlXGp.exe
  C:\Windows\System\cGnlXGp.exe
  2⤵
  PID:8220
- C:\Windows\System\ncyBivQ.exe
  C:\Windows\System\ncyBivQ.exe
  2⤵
  PID:7464
- C:\Windows\System\vIVvULA.exe
  C:\Windows\System\vIVvULA.exe
  2⤵
  PID:8292
- C:\Windows\System\yyDAxXW.exe
  C:\Windows\System\yyDAxXW.exe
  2⤵
  PID:8440
- C:\Windows\System\kjCiMkl.exe
  C:\Windows\System\kjCiMkl.exe
  2⤵
  PID:8112
- C:\Windows\System\PhtkkBQ.exe
  C:\Windows\System\PhtkkBQ.exe
  2⤵
  PID:7900
- C:\Windows\System\RHUnDjn.exe
  C:\Windows\System\RHUnDjn.exe
  2⤵
  PID:8384
- C:\Windows\System\pTmuZVl.exe
  C:\Windows\System\pTmuZVl.exe
  2⤵
  PID:8428
- C:\Windows\System\fSXCmNR.exe
  C:\Windows\System\fSXCmNR.exe
  2⤵
  PID:8504
- C:\Windows\System\hmKTZdx.exe
  C:\Windows\System\hmKTZdx.exe
  2⤵
  PID:8204
- C:\Windows\System\DGoVewa.exe
  C:\Windows\System\DGoVewa.exe
  2⤵
  PID:8444
- C:\Windows\System\BjwfZfp.exe
  C:\Windows\System\BjwfZfp.exe
  2⤵
  PID:8524
- C:\Windows\System\GqrdsAm.exe
  C:\Windows\System\GqrdsAm.exe
  2⤵
  PID:8556
- C:\Windows\System\hgGmfnp.exe
  C:\Windows\System\hgGmfnp.exe
  2⤵
  PID:8568
- C:\Windows\System\WgkuymT.exe
  C:\Windows\System\WgkuymT.exe
  2⤵
  PID:8616
- C:\Windows\System\XQEbzAl.exe
  C:\Windows\System\XQEbzAl.exe
  2⤵
  PID:8600
- C:\Windows\System\BvtZSOH.exe
  C:\Windows\System\BvtZSOH.exe
  2⤵
  PID:8640
- C:\Windows\System\DgQvVYY.exe
  C:\Windows\System\DgQvVYY.exe
  2⤵
  PID:8680
- C:\Windows\System\oTzeiAd.exe
  C:\Windows\System\oTzeiAd.exe
  2⤵
  PID:8720
- C:\Windows\System\BolsDaV.exe
  C:\Windows\System\BolsDaV.exe
  2⤵
  PID:8796
- C:\Windows\System\ecngfia.exe
  C:\Windows\System\ecngfia.exe
  2⤵
  PID:8864
- C:\Windows\System\jEXukFL.exe
  C:\Windows\System\jEXukFL.exe
  2⤵
  PID:8696
- C:\Windows\System\qgAiRpf.exe
  C:\Windows\System\qgAiRpf.exe
  2⤵
  PID:8732
- C:\Windows\System\PokscmR.exe
  C:\Windows\System\PokscmR.exe
  2⤵
  PID:8744
- C:\Windows\System\UyAkLfF.exe
  C:\Windows\System\UyAkLfF.exe
  2⤵
  PID:8812
- C:\Windows\System\xpSMwAL.exe
  C:\Windows\System\xpSMwAL.exe
  2⤵
  PID:8852
- C:\Windows\System\XlJekut.exe
  C:\Windows\System\XlJekut.exe
  2⤵
  PID:8868
- C:\Windows\System\DlqRCpQ.exe
  C:\Windows\System\DlqRCpQ.exe
  2⤵
  PID:8932
- C:\Windows\System\FgxHpJG.exe
  C:\Windows\System\FgxHpJG.exe
  2⤵
  PID:9036
- C:\Windows\System\EzhNDkT.exe
  C:\Windows\System\EzhNDkT.exe
  2⤵
  PID:8912
- C:\Windows\System\QYILZaf.exe
  C:\Windows\System\QYILZaf.exe
  2⤵
  PID:9056
- C:\Windows\System\UXirZFD.exe
  C:\Windows\System\UXirZFD.exe
  2⤵
  PID:8988
- C:\Windows\System\Mklatkv.exe
  C:\Windows\System\Mklatkv.exe
  2⤵
  PID:9060
- C:\Windows\System\lzVsdop.exe
  C:\Windows\System\lzVsdop.exe
  2⤵
  PID:9064
- C:\Windows\System\qdvbmCT.exe
  C:\Windows\System\qdvbmCT.exe
  2⤵
  PID:9096
- C:\Windows\System\NrDXwXa.exe
  C:\Windows\System\NrDXwXa.exe
  2⤵
  PID:8172
- C:\Windows\System\WjHVens.exe
  C:\Windows\System\WjHVens.exe
  2⤵
  PID:9200
- C:\Windows\System\EFvIyOw.exe
  C:\Windows\System\EFvIyOw.exe
  2⤵
  PID:9108
- C:\Windows\System\JSGhqJE.exe
  C:\Windows\System\JSGhqJE.exe
  2⤵
  PID:9148
- C:\Windows\System\eIsdUVG.exe
  C:\Windows\System\eIsdUVG.exe
  2⤵
  PID:9212
- C:\Windows\System\qxAaXUT.exe
  C:\Windows\System\qxAaXUT.exe
  2⤵
  PID:7520
- C:\Windows\System\SKiPyvI.exe
  C:\Windows\System\SKiPyvI.exe
  2⤵
  PID:6800
- C:\Windows\System\SqUYKsH.exe
  C:\Windows\System\SqUYKsH.exe
  2⤵
  PID:8280
- C:\Windows\System\FpUSpPu.exe
  C:\Windows\System\FpUSpPu.exe
  2⤵
  PID:8348
- C:\Windows\System\hcordTw.exe
  C:\Windows\System\hcordTw.exe
  2⤵
  PID:8308
- C:\Windows\System\EPIPZcq.exe
  C:\Windows\System\EPIPZcq.exe
  2⤵
  PID:8240
- C:\Windows\System\FxkIgZG.exe
  C:\Windows\System\FxkIgZG.exe
  2⤵
  PID:8480
- C:\Windows\System\PMXXfrG.exe
  C:\Windows\System\PMXXfrG.exe
  2⤵
  PID:8604
- C:\Windows\System\RuXVYsS.exe
  C:\Windows\System\RuXVYsS.exe
  2⤵
  PID:8496
- C:\Windows\System\TLlrmks.exe
  C:\Windows\System\TLlrmks.exe
  2⤵
  PID:8592
- C:\Windows\System\nZkWlex.exe
  C:\Windows\System\nZkWlex.exe
  2⤵
  PID:8648
- C:\Windows\System\adAEpAK.exe
  C:\Windows\System\adAEpAK.exe
  2⤵
  PID:8828
- C:\Windows\System\GnayOxa.exe
  C:\Windows\System\GnayOxa.exe
  2⤵
  PID:8668
- C:\Windows\System\UuPQXmT.exe
  C:\Windows\System\UuPQXmT.exe
  2⤵
  PID:8888
- C:\Windows\System\ZgdVisk.exe
  C:\Windows\System\ZgdVisk.exe
  2⤵
  PID:8960
- C:\Windows\System\zHoTfeJ.exe
  C:\Windows\System\zHoTfeJ.exe
  2⤵
  PID:8896
- C:\Windows\System\yuhlkFV.exe
  C:\Windows\System\yuhlkFV.exe
  2⤵
  PID:8980
- C:\Windows\System\KuvCuKp.exe
  C:\Windows\System\KuvCuKp.exe
  2⤵
  PID:9196
- C:\Windows\System\TfDVccK.exe
  C:\Windows\System\TfDVccK.exe
  2⤵
  PID:8976
- C:\Windows\System\oaTworh.exe
  C:\Windows\System\oaTworh.exe
  2⤵
  PID:9092
- C:\Windows\System\AfPstwT.exe
  C:\Windows\System\AfPstwT.exe
  2⤵
  PID:7640
- C:\Windows\System\QgDGrip.exe
  C:\Windows\System\QgDGrip.exe
  2⤵
  PID:7244
- C:\Windows\System\XQsWrNQ.exe
  C:\Windows\System\XQsWrNQ.exe
  2⤵
  PID:8256
- C:\Windows\System\MDbpFPl.exe
  C:\Windows\System\MDbpFPl.exe
  2⤵
  PID:8272
- C:\Windows\System\AlrhRAY.exe
  C:\Windows\System\AlrhRAY.exe
  2⤵
  PID:8560
- C:\Windows\System\dtVXaff.exe
  C:\Windows\System\dtVXaff.exe
  2⤵
  PID:8208
- C:\Windows\System\hmJdVog.exe
  C:\Windows\System\hmJdVog.exe
  2⤵
  PID:8832
- C:\Windows\System\yYQwaUR.exe
  C:\Windows\System\yYQwaUR.exe
  2⤵
  PID:8620
- C:\Windows\System\HEWXEKZ.exe
  C:\Windows\System\HEWXEKZ.exe
  2⤵
  PID:8884
- C:\Windows\System\BIwaNMo.exe
  C:\Windows\System\BIwaNMo.exe
  2⤵
  PID:8984
- C:\Windows\System\tRYwlrw.exe
  C:\Windows\System\tRYwlrw.exe
  2⤵
  PID:8108
- C:\Windows\System\Ldeikdw.exe
  C:\Windows\System\Ldeikdw.exe
  2⤵
  PID:9000
- C:\Windows\System\RxyNxTO.exe
  C:\Windows\System\RxyNxTO.exe
  2⤵
  PID:8344
- C:\Windows\System\ToyxdRk.exe
  C:\Windows\System\ToyxdRk.exe
  2⤵
  PID:8364
- C:\Windows\System\cdvHPRH.exe
  C:\Windows\System\cdvHPRH.exe
  2⤵
  PID:8464
- C:\Windows\System\YOPLCRM.exe
  C:\Windows\System\YOPLCRM.exe
  2⤵
  PID:8532
- C:\Windows\System\EwwVfvK.exe
  C:\Windows\System\EwwVfvK.exe
  2⤵
  PID:9044
- C:\Windows\System\NYVoSaR.exe
  C:\Windows\System\NYVoSaR.exe
  2⤵
  PID:8740
- C:\Windows\System\qgzvFSA.exe
  C:\Windows\System\qgzvFSA.exe
  2⤵
  PID:8484
- C:\Windows\System\goDmZpt.exe
  C:\Windows\System\goDmZpt.exe
  2⤵
  PID:8764
- C:\Windows\System\uXFZBkf.exe
  C:\Windows\System\uXFZBkf.exe
  2⤵
  PID:9024
- C:\Windows\System\KOMRHXc.exe
  C:\Windows\System\KOMRHXc.exe
  2⤵
  PID:9224
- C:\Windows\System\yQzqYaZ.exe
  C:\Windows\System\yQzqYaZ.exe
  2⤵
  PID:9240
- C:\Windows\System\EquTUec.exe
  C:\Windows\System\EquTUec.exe
  2⤵
  PID:9256
- C:\Windows\System\bzeiIey.exe
  C:\Windows\System\bzeiIey.exe
  2⤵
  PID:9272
- C:\Windows\System\UEEoxzW.exe
  C:\Windows\System\UEEoxzW.exe
  2⤵
  PID:9288
- C:\Windows\System\ZXTIvkX.exe
  C:\Windows\System\ZXTIvkX.exe
  2⤵
  PID:9304
- C:\Windows\System\GGNBBoE.exe
  C:\Windows\System\GGNBBoE.exe
  2⤵
  PID:9320
- C:\Windows\System\TcEowhU.exe
  C:\Windows\System\TcEowhU.exe
  2⤵
  PID:9336
- C:\Windows\System\TbuBUvC.exe
  C:\Windows\System\TbuBUvC.exe
  2⤵
  PID:9352
- C:\Windows\System\oaPgYol.exe
  C:\Windows\System\oaPgYol.exe
  2⤵
  PID:9368
- C:\Windows\System\zVxtIyL.exe
  C:\Windows\System\zVxtIyL.exe
  2⤵
  PID:9384
- C:\Windows\System\ADDEJyf.exe
  C:\Windows\System\ADDEJyf.exe
  2⤵
  PID:9400
- C:\Windows\System\CxadBDh.exe
  C:\Windows\System\CxadBDh.exe
  2⤵
  PID:9416
- C:\Windows\System\SqIhmTR.exe
  C:\Windows\System\SqIhmTR.exe
  2⤵
  PID:9432
- C:\Windows\System\UkHYyBR.exe
  C:\Windows\System\UkHYyBR.exe
  2⤵
  PID:9448
- C:\Windows\System\oPgXcbC.exe
  C:\Windows\System\oPgXcbC.exe
  2⤵
  PID:9464
- C:\Windows\System\rojDWKn.exe
  C:\Windows\System\rojDWKn.exe
  2⤵
  PID:9480
- C:\Windows\System\yGwmyzu.exe
  C:\Windows\System\yGwmyzu.exe
  2⤵
  PID:9496
- C:\Windows\System\erwzwYf.exe
  C:\Windows\System\erwzwYf.exe
  2⤵
  PID:9512
- C:\Windows\System\AfMVGCu.exe
  C:\Windows\System\AfMVGCu.exe
  2⤵
  PID:9528
- C:\Windows\System\GtUUgfA.exe
  C:\Windows\System\GtUUgfA.exe
  2⤵
  PID:9544
- C:\Windows\System\xReDNzI.exe
  C:\Windows\System\xReDNzI.exe
  2⤵
  PID:9560
- C:\Windows\System\hMQzFHJ.exe
  C:\Windows\System\hMQzFHJ.exe
  2⤵
  PID:9576
- C:\Windows\System\FTHsFxt.exe
  C:\Windows\System\FTHsFxt.exe
  2⤵
  PID:9592
- C:\Windows\System\iDLsVjc.exe
  C:\Windows\System\iDLsVjc.exe
  2⤵
  PID:9608
- C:\Windows\System\UTOjBYM.exe
  C:\Windows\System\UTOjBYM.exe
  2⤵
  PID:9624
- C:\Windows\System\sIhPfxt.exe
  C:\Windows\System\sIhPfxt.exe
  2⤵
  PID:9640
- C:\Windows\System\nowgJsk.exe
  C:\Windows\System\nowgJsk.exe
  2⤵
  PID:9656
- C:\Windows\System\uUtwklU.exe
  C:\Windows\System\uUtwklU.exe
  2⤵
  PID:9672
- C:\Windows\System\XLDYhtY.exe
  C:\Windows\System\XLDYhtY.exe
  2⤵
  PID:9688
- C:\Windows\System\HbkCSNk.exe
  C:\Windows\System\HbkCSNk.exe
  2⤵
  PID:9708
- C:\Windows\System\ynhxoMi.exe
  C:\Windows\System\ynhxoMi.exe
  2⤵
  PID:9728
- C:\Windows\System\OyjZJRv.exe
  C:\Windows\System\OyjZJRv.exe
  2⤵
  PID:9744
- C:\Windows\System\wNZSnBw.exe
  C:\Windows\System\wNZSnBw.exe
  2⤵
  PID:9760
- C:\Windows\System\HtQOpUi.exe
  C:\Windows\System\HtQOpUi.exe
  2⤵
  PID:9776
- C:\Windows\System\ZerzwNw.exe
  C:\Windows\System\ZerzwNw.exe
  2⤵
  PID:9792
- C:\Windows\System\CsfIqzT.exe
  C:\Windows\System\CsfIqzT.exe
  2⤵
  PID:9808
- C:\Windows\System\ELzBxAv.exe
  C:\Windows\System\ELzBxAv.exe
  2⤵
  PID:9824
- C:\Windows\System\cagjqLV.exe
  C:\Windows\System\cagjqLV.exe
  2⤵
  PID:9840
- C:\Windows\System\vapcojV.exe
  C:\Windows\System\vapcojV.exe
  2⤵
  PID:9856
- C:\Windows\System\SzrlKRJ.exe
  C:\Windows\System\SzrlKRJ.exe
  2⤵
  PID:9872
- C:\Windows\System\QVMdjwP.exe
  C:\Windows\System\QVMdjwP.exe
  2⤵
  PID:9888
- C:\Windows\System\gWEtXqc.exe
  C:\Windows\System\gWEtXqc.exe
  2⤵
  PID:9904
- C:\Windows\System\ojNwkMV.exe
  C:\Windows\System\ojNwkMV.exe
  2⤵
  PID:9924
- C:\Windows\System\heiSRGp.exe
  C:\Windows\System\heiSRGp.exe
  2⤵
  PID:9940
- C:\Windows\System\nNAzyRD.exe
  C:\Windows\System\nNAzyRD.exe
  2⤵
  PID:9956
- C:\Windows\System\jzhjvIV.exe
  C:\Windows\System\jzhjvIV.exe
  2⤵
  PID:9972
- C:\Windows\System\IqcnAxX.exe
  C:\Windows\System\IqcnAxX.exe
  2⤵
  PID:9988
- C:\Windows\System\bjJTgad.exe
  C:\Windows\System\bjJTgad.exe
  2⤵
  PID:10004
- C:\Windows\System\hnEkKpN.exe
  C:\Windows\System\hnEkKpN.exe
  2⤵
  PID:10028
- C:\Windows\System\lmurZNz.exe
  C:\Windows\System\lmurZNz.exe
  2⤵
  PID:10044
- C:\Windows\System\ZEYTgVe.exe
  C:\Windows\System\ZEYTgVe.exe
  2⤵
  PID:10060
- C:\Windows\System\cZsYdvh.exe
  C:\Windows\System\cZsYdvh.exe
  2⤵
  PID:10076
- C:\Windows\System\BNGMOij.exe
  C:\Windows\System\BNGMOij.exe
  2⤵
  PID:10092
- C:\Windows\System\HCpKmva.exe
  C:\Windows\System\HCpKmva.exe
  2⤵
  PID:10108
- C:\Windows\System\WONbiMq.exe
  C:\Windows\System\WONbiMq.exe
  2⤵
  PID:10124
- C:\Windows\System\lbcmPEV.exe
  C:\Windows\System\lbcmPEV.exe
  2⤵
  PID:10140
- C:\Windows\System\zotFrwR.exe
  C:\Windows\System\zotFrwR.exe
  2⤵
  PID:10156
- C:\Windows\System\LuyOlRB.exe
  C:\Windows\System\LuyOlRB.exe
  2⤵
  PID:10176
- C:\Windows\System\feARJDK.exe
  C:\Windows\System\feARJDK.exe
  2⤵
  PID:10192
- C:\Windows\System\HksRVXx.exe
  C:\Windows\System\HksRVXx.exe
  2⤵
  PID:10208
- C:\Windows\System\ahZmtqv.exe
  C:\Windows\System\ahZmtqv.exe
  2⤵
  PID:10224
- C:\Windows\System\LndUQPJ.exe
  C:\Windows\System\LndUQPJ.exe
  2⤵
  PID:8424
- C:\Windows\System\vtaOmcC.exe
  C:\Windows\System\vtaOmcC.exe
  2⤵
  PID:9280
- C:\Windows\System\daUoGWm.exe
  C:\Windows\System\daUoGWm.exe
  2⤵
  PID:7232
- C:\Windows\System\GfaGBQK.exe
  C:\Windows\System\GfaGBQK.exe
  2⤵
  PID:9268
- C:\Windows\System\rFjwvxi.exe
  C:\Windows\System\rFjwvxi.exe
  2⤵
  PID:9316
- C:\Windows\System\IKoTpCn.exe
  C:\Windows\System\IKoTpCn.exe
  2⤵
  PID:9360
- C:\Windows\System\vMAqVvm.exe
  C:\Windows\System\vMAqVvm.exe
  2⤵
  PID:9412
- C:\Windows\System\kSjNeJd.exe
  C:\Windows\System\kSjNeJd.exe
  2⤵
  PID:9424
- C:\Windows\System\YrBcdsg.exe
  C:\Windows\System\YrBcdsg.exe
  2⤵
  PID:9472
- C:\Windows\System\qHVSgvZ.exe
  C:\Windows\System\qHVSgvZ.exe
  2⤵
  PID:9476
- C:\Windows\System\wWfoada.exe
  C:\Windows\System\wWfoada.exe
  2⤵
  PID:9552
- C:\Windows\System\HajukPS.exe
  C:\Windows\System\HajukPS.exe
  2⤵
  PID:9540
- C:\Windows\System\vOUfIah.exe
  C:\Windows\System\vOUfIah.exe
  2⤵
  PID:9536
- C:\Windows\System\BYIqthA.exe
  C:\Windows\System\BYIqthA.exe
  2⤵
  PID:9620
- C:\Windows\System\WGmdzPf.exe
  C:\Windows\System\WGmdzPf.exe
  2⤵
  PID:9680
- C:\Windows\System\ABQEYbi.exe
  C:\Windows\System\ABQEYbi.exe
  2⤵
  PID:9668
- C:\Windows\System\CoGGbPP.exe
  C:\Windows\System\CoGGbPP.exe
  2⤵
  PID:9600
- C:\Windows\System\UMCCMSM.exe
  C:\Windows\System\UMCCMSM.exe
  2⤵
  PID:9740
- C:\Windows\System\BXdohac.exe
  C:\Windows\System\BXdohac.exe
  2⤵
  PID:9756
- C:\Windows\System\JvkdPGp.exe
  C:\Windows\System\JvkdPGp.exe
  2⤵
  PID:9804
- C:\Windows\System\zpDEBrO.exe
  C:\Windows\System\zpDEBrO.exe
  2⤵
  PID:9868
- C:\Windows\System\YqEtapI.exe
  C:\Windows\System\YqEtapI.exe
  2⤵
  PID:9936
- C:\Windows\System\ztgYvgN.exe
  C:\Windows\System\ztgYvgN.exe
  2⤵
  PID:9852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AqdJVST.exe

Filesize
6.0MB

MD5
622e59b0b53b7cc655004df1846354c6

SHA1
068d24921c7d7a79b1f6325620a52ff29f422936

SHA256
7bdb79567b9ae4d212b328a8ab8789eb2f4c982486e1068d0dd069ff21eaf2fd

SHA512
e546f27e2e713f354bfc6788ce1296e68f4cedd141782d6670b9c4d9b2133bca7f9ded5e0076c7f6b14c6941632611b200aa4bd8209c9ecf989ef129b2593f50

Download Submit
C:\Windows\system\CYvxqPe.exe

Filesize
6.0MB

MD5
973583171a7c5e00215d53d53daeae7b

SHA1
a0f99ecc87d0b0007d27711abb46156523b1e329

SHA256
74d4f1200247e17543814a1333beef303110d205876af7f5fb934fd1490d2999

SHA512
00098264a46afc4d6a18f8f3af432912bdc015f7eaef5b86b5995d507515bd172abdbf10da05a0066b25413dd6f9b3ad942d0e648289fe5608de7c5afc8e1be6

Download Submit
C:\Windows\system\DRDnsNh.exe

Filesize
6.0MB

MD5
36db5c9f00da9f693bb86e58a3ea2d65

SHA1
a38eab26259b5000d0cdeefc5fc97c7eecb80072

SHA256
c39e6d136704db4553061e5e00d5cef20cd4afa437a220b991c71da701cf17ea

SHA512
661ac467ee076623df87dd57a2222c8dc2129535f476cdd32c989bb60c30eb57c363cd81264878f4bd2a80b070eb1417117a486468264969423a840df729d0c8

Download Submit
C:\Windows\system\IMJKLGZ.exe

Filesize
6.0MB

MD5
85b30399bf3ee10b0ef61a0f05b0aedb

SHA1
e82bc504f58b97b22d8b5c84088936bbe74a593c

SHA256
042164d60fcecff22ada39bff5a001059721465c17eab4521d0f2c957fe7c9a1

SHA512
ddd06af6a17b8ffa07b8f9d56588db4d5705cd0634f5faa3d216bd487385a4d610310535c48b225d700e574d4ea645c04a09c93be2ba416520c4a72a28c9d29d

Download Submit
C:\Windows\system\IyLyfgj.exe

Filesize
6.0MB

MD5
eb7064016120b99680bb194ac1f0573e

SHA1
7abd1a482366adaeaad1ef160f734e14eab7b1e9

SHA256
99a5ad1e1fe8268278478ed9da4ee55e3dd8a983c38fceb04785879a705a2e66

SHA512
ff6ca42975b46142450048c79c72e522746abd4aa04fa5b7568d17c816c39fcb3a2b92b3a31f22d57b7bc0f38474d6d984b05553dbc34aca23824dc1ff709c85

Download Submit
C:\Windows\system\JVNLbAz.exe

Filesize
6.0MB

MD5
c1e99f8b3eb17d7f0a54b99a9cef7737

SHA1
958d5f7116d1cf357e655efe94823b9b067b5ae1

SHA256
ee559f320f7883ef75b49cd6c23f8147d4efd7f00c46ca33c0179e8b73a8b076

SHA512
ffe0b682946fc5de8fbea56fc3b33729bcb5e33bdf147a420cb4a03e8abbd84a1644e6f8de882fe25cd61197fff99033474350c27c60d5489151306ee28c85d6

Download Submit
C:\Windows\system\JnuUuKK.exe

Filesize
6.0MB

MD5
9a1a07cfbeb92e647057ada6805ad9a2

SHA1
ad612654b43a14d5551c58995d63ac4cd6a158d3

SHA256
b3d087127fec73c9da13dbcd68a57d2cf695b9fcc8e29d073dfb4d60ec2d8fd2

SHA512
85e498a78fa7ad6dccd753d0f43356e0f067b4d6163653186b00057587fee2d0b750131a1a8f020b9e089e148a1775d13b45cebbe05eb854fa9ebc160005febd

Download Submit
C:\Windows\system\MZIdsDC.exe

Filesize
6.0MB

MD5
f4569f8e75e9a7b974a6795b7b6eae1c

SHA1
92b11e00afe55666a615bcca23af66ada7c3ed9f

SHA256
9da983c820a1fbed3accb7db9870e409acef98425c8611498764008ba198db8b

SHA512
4fcc97a2f8f20d01d603f7fbac6637c8a7ceec615a4cb5abadedfee57b21dfb77830d1828c169e2a48fa60b147b59ae400e466346371ecb84a2fcc58ac432217

Download Submit
C:\Windows\system\NSWjixb.exe

Filesize
6.0MB

MD5
3ceb6bc97813c3c5ef0a8c3dbf7d6c3c

SHA1
7c20652735589863b1b54d122d63f1c0df8d76a8

SHA256
8815fda9fdb73db7016479af114e8f7441c257a31c36ded5a9c646e6ebefc855

SHA512
18e1eaf0e531357775feb1bcdab1510ef77117c0e64a0e1d02d8aa523c5ffb3ab47007a5c279ede8f749853f9c8de2451afc29b22da9aea278ba8c7936109a49

Download Submit
C:\Windows\system\RiMKKeH.exe

Filesize
6.0MB

MD5
02b3dd818f226258bce833c44e68f4e8

SHA1
620b2242000923f9fe2af55de9c4fe227120a73b

SHA256
50fb6f320bb083a46c986337775d0edbb468895a98f68d39bff9d334b0a1f76e

SHA512
32b25977ca5b1179d592decad1a292ad83032306f7c02715ff580f113fcf310210f4ef31c38b450cab3d4f2d40b5a7deffb34e157d90be6419913be6e507816c

Download Submit
C:\Windows\system\SZsaUbT.exe

Filesize
6.0MB

MD5
fb0c9565c37d8085ed3e40747587ea6c

SHA1
75aad6e22d18dcbd5fa3451ad573825fb27c523b

SHA256
fa9ee32ce59e51c8c4108ed0c6ee02d34f26cef346cdffaba76b97d2022fce08

SHA512
e908d3d621bb10f264273c1f49b3c7b19fe5f3b785ebb5301bfc8e40548800e23d14386b7e4515fb8584d5f4d1c16faf983e83edd1c0f38efcb2d3f96203b3ee

Download Submit
C:\Windows\system\SxNxZnd.exe

Filesize
6.0MB

MD5
9eedfc0ce73442dcecaee552617728c3

SHA1
4c4070fbb16715a5cf89449c35af51f02a7fd0cb

SHA256
fb74e0d0d351fa752287be1845f420ca75150f34f84f1212ed845c2da7c3e755

SHA512
e22266926dd6f0605548a1c8b699de5c995ca7c6dcead7372078f4dc4a2880561a432372bbadc26588512bbcb999db36a9ecd39669a064297cecf4666446ab5e

Download Submit
C:\Windows\system\VkwNpme.exe

Filesize
6.0MB

MD5
ac9d9875c235956d34a2ab3b189eda44

SHA1
f75f698f0051fba837ef701a2d1691c560056c15

SHA256
d36b0c4a781206eaf7955f0865f2e5b00113e21544a762d1d65d68532386184e

SHA512
35ddc5e1f2cf8a6ac82c3de1091489cc5221cc2e34068a0361502b6f5e1a0dd77df52e391629ceb255a86b23a82b533077703563e52c3b0ec8ad57666325097a

Download Submit
C:\Windows\system\YiXGFxr.exe

Filesize
6.0MB

MD5
e3b5af95512604482739e82f2cdb1d4f

SHA1
802078d2e8dd5a7bad41a0d2359d42e0f5ea4317

SHA256
69731dadad1aff7a4383c643ab1b8f65aed15b988aa379d39dbd495d0a4a879c

SHA512
65f8905ee18edf0bdf6fe5e0331bc5d5cde4d39519f0f4f6b49484bf1d286691b8a6b0be79fe49714afe33528844df55186d1377573646ac22ff7aae5d7b902f

Download Submit
C:\Windows\system\YncbkwV.exe

Filesize
6.0MB

MD5
9551e07b87c9b18098deba5044774504

SHA1
202559d8e17e64d58726cf50b266690eff39c875

SHA256
07ab858180322d0b8d3caabfba4879eda9202959f4cf58891a1cc305c493f900

SHA512
7f0858a27519f1d1f4ed4ee286a346e84031ec2d697ac219b7a5561e40c703809e909cdb6d785ec563f9730c5d8ac87888d1326200466a2af8ca5e434cfca766

Download Submit
C:\Windows\system\ZWIOnXv.exe

Filesize
6.0MB

MD5
5d3c140efb85badb3deef34fe64391da

SHA1
c265186ec3b7e94b630f3ead8405b5447c2f8d47

SHA256
c07e8c487e93bd5993637ba20481323e0a45a6122aec549f6e7b3b8beaa2e414

SHA512
485dad17a5a5b91a9bc6d0fedeb266ada70144e52efb795c9448f1038aac74115866a00ab7bff98281c693f0b0bfa5872a657831a467c0777d1d09439e33f9f8

Download Submit
C:\Windows\system\aBLlazF.exe

Filesize
6.0MB

MD5
85e22ad901490a63263f7dec1fe66de9

SHA1
590da14b645cf18187893b86139423f7393d1a8e

SHA256
66afe82069f81985c44f237d951a2070e282e9b74460d118c312870752fab4c9

SHA512
91295d0facdafc9ae5d6ab88c0e5817e474f91669440f5d752903bba402ce156c121707a112492520c8045d025bf86615f900ee94b73e7c9b2916599d87833cd

Download Submit
C:\Windows\system\aaEXlLl.exe

Filesize
6.0MB

MD5
2778229fc371843ddcd4e9ddacb3b97f

SHA1
a96636be4906706f23ba3ae321fa636ee4a5a685

SHA256
13b5c739524f8046d79d89e20f5dbe20e0c5fa5aaa24610270daa8bd446d9a20

SHA512
9830511de1b90e889abb2b7cd3e4dcce8c6eab86f71f5ee2e64b7f6207fc9e9ac92782179517a37e39a766a8786df3a983b5960b98d165ae557592ef95ac06a7

Download Submit
C:\Windows\system\dSppgwq.exe

Filesize
6.0MB

MD5
f4560d632ffb1913c5ac087effb62a4a

SHA1
a24c9ea77b6208c484e8f35615d92ce2987747d1

SHA256
6797469b49b45aa84d0ec0232d4f399181d2618095213ac45ebad9752be1d2a3

SHA512
bc7463f9574e2667371df939412d0af08df8a4dafa8a2790f2063ab046e6f77fd11fcc98e5e784540c4925eac11daab2299cce1cd1ba80cc55f101a9b4cd198a

Download Submit
C:\Windows\system\eBfQLke.exe

Filesize
6.0MB

MD5
dae66bf7bc221b09622ddb1510915324

SHA1
be69c023d4a56da3a39529e918d78c80b327bcb2

SHA256
9a7428af973106d199034624797651ecb2ada07428f4479e99b8b92834bed595

SHA512
3c3d9ca05a951823a021e2bab116bee5856018bfea240edf6ea1d0fd737338041529330f07d5d4511c65d87cc9f77ee86588c93b710049941856ff128fd0c48b

Download Submit
C:\Windows\system\eqwZHCx.exe

Filesize
6.0MB

MD5
f9750e0322903ca72ab4194b61b42745

SHA1
0abfd3f202dc19055eb7d4abe25568fbf04a19ad

SHA256
c003a6f5a004ee73de3be7e5bd5bade956db011290876e77cc9497ec452b30a5

SHA512
1699a51ed87e68df18fa410148ec93a5987dcec0b886cd962a9d6dfd3dd089a2e3b4f26bd91b42b835f73a6545f0c862402582c6ab08f974feb7ea58df1ec4ca

Download Submit
C:\Windows\system\pnFkFyQ.exe

Filesize
6.0MB

MD5
9391f0537878e973f2d75efe91956ce6

SHA1
b98421e5868304b8ec290030c8f5a788a6a4011c

SHA256
ea76de17d9528b2e711e1911bc431c87f638adc1fd3425776b414e3509da3514

SHA512
663f9e65689d7708c65b479036aadd07a74a8128c295c601544da6a93589cda911198db7d369762cb06dd1771b9a7d2d70cc3e068682502bc8dbdb3c3b26e3cc

Download Submit
C:\Windows\system\rUprvfc.exe

Filesize
6.0MB

MD5
965571bb0d11f158b45c82be28360962

SHA1
1b14db635f399b849d2508bd695e41347a10a6a6

SHA256
ff7e4a456b8b52c0a712374c4489cfa1fb3dd2766e31bf35bd223ee003881cec

SHA512
08fb024739b74b7409b4e70e19b58e9700ad93905321fc574040df6393fca61794a37449f53a30fbd9a35699408fd94b147ab5812580ca5ce3a8a2ea783e2d29

Download Submit
C:\Windows\system\shyLHlc.exe

Filesize
6.0MB

MD5
166a563b658ce0fc89df48de2e26df7d

SHA1
7962e5c3fef6a476a3d5ff8eb9732c93f58ec5ff

SHA256
f990b2da1b25f8ac8d2f7859c6750610dd3c462470464794d0237d74dda22400

SHA512
434d24455a1167ee73213cec12281efd342cfe63f8e09467759ce699314f7681a7963aa26752eacc03915bca233b9b2b4c5c5d0c5c7c5689a3c265f129426fe0

Download Submit
C:\Windows\system\wHebEox.exe

Filesize
6.0MB

MD5
a1ec912410211981cfecd1bd24208b38

SHA1
99c233220301dbe54f055d96be5a8b43bd5b7fe9

SHA256
6be5fb0d5af6e99a9685bf6d085eaeb5bcda3a18308e6c50a935adb189062fee

SHA512
3e6a567626c5c54f7b20756d3b47eccf07ca31fa13e52cc5e9baa410bbd239e5ef956b2971a43e741e16fafd3e6638db7abf34e9e819ced93511ed17f87af098

Download Submit
C:\Windows\system\wTSmjAU.exe

Filesize
6.0MB

MD5
0d7bef9c07b07ee40b87390aafacecc4

SHA1
5c657b00ae8c1af6e9a4e79b4725969a48ae7f4e

SHA256
eb0a7210e54a29d0979ec605592d94a939d7c9d9af4ee47e589d0fbba84fe21f

SHA512
e187e6fab3286e4c4c333d5fc76901860129b9a5131c53c32a809a7305e421cc6c51cedc8a730d5494ffb8dafb5b46af2e62fd775852ad9e32e30ef318719bf9

Download Submit
C:\Windows\system\yzjAJMU.exe

Filesize
6.0MB

MD5
303c02fef103be5bdb0857871a1d3af5

SHA1
2073df907984ef4a30516500f53f34795e246467

SHA256
4502c90f5c185c8e0674a0f2db6b6c5206a5ab97502d6c81c6d2ec762af75158

SHA512
619d8f0f0dfbcd6a2ab547718386874be43c9cbcf6db4838bb11d85d72b4d9702f7f6dbc4f6394103f43042ddc319592aebdf0c5d95410dc94dc4a8c4db38b76

Download Submit
\Windows\system\JYBxYSy.exe

Filesize
6.0MB

MD5
65fa1a01b8dd57b73335377e8eeee8c5

SHA1
32b292ded39d7e7e2fc3c04b53febba72099f741

SHA256
fa4698033fbd27ec18ee8ff66b9079863e32e63d7a50d2557dc83219eeba5b34

SHA512
d37fd9a9a1f6b63c84e11908233e5b695b29d3c515e2e885ebd502412679e0a47a4b07d0dd72f37af1eb1e0751666e5ed258af3f374e73df4c37fd69e1e645c8

Download Submit
\Windows\system\kWgrJjr.exe

Filesize
6.0MB

MD5
6455956f2f504e8a16504bf083c2bbef

SHA1
d825e5be25f928d170807a8960dcf4bd626ba412

SHA256
2644764dd91015073e281b628069f1c4973a250679f191dba22d357430cb1c35

SHA512
b59291ac8d5dc76359917dbccd5fdffe5d2de6c277d11317b46b9bba4283da671554c6e4b6d8d603799f052a95cfd12dd1f85c0f373a2f266b0742686056024d

Download Submit
\Windows\system\mZbiAnZ.exe

Filesize
6.0MB

MD5
b89746928026418fbe643497ed6714c0

SHA1
a30bc8329466029b2124e35cb6b9e108083e70b5

SHA256
8fc75b51b527803de52d5e7e8124c89d6ec5ee30a64f190c6a56dddacb6b868d

SHA512
39c2e625a874c16a997065500f0e8de34fb10704b8705583bd41ec5294942ae63ae3184b1d8bbeb197ff47553d9bd33bac49107c69b14f4cc9ea52863dc19eb1

Download Submit
\Windows\system\pNPsDCK.exe

Filesize
6.0MB

MD5
5f606e056e9f72e05f264f9c5cf7694b

SHA1
93c06cd50d20a15554f5b0c38089c43058b7850e

SHA256
8d527015e6c7aac33c47103b3711aee66b360598b46282a0ab1c263a7d5da70b

SHA512
f7c652b53a8caf8642c74e969097e91b62f1bd766663f3ce5a43fba0bd8d272f9454bb475e410710a1dd99d5695bb51a004ce251f0f37c310b43bc44c328fd22

Download Submit
\Windows\system\rFErfpg.exe

Filesize
6.0MB

MD5
26b0dab950a1cf83985f589872321a41

SHA1
fe43cf968b0494577acdcb4f54aa16167e426725

SHA256
45fcfd99200db9012d3a41352de224595f06a11428066edfbaafef4b212ff9bd

SHA512
fba57d902d82ddcd094514253d8c4728616c3ef78fdb864e763f4b223206dafa557897af901fa95afc06e8d0c386f3e873e52d26668adc8623637f87977e0da8

Download Submit
memory/576-78-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/576-64-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/576-47-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/576-115-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/576-282-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/576-225-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/576-34-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/576-44-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/576-59-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/576-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/576-95-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/576-119-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/576-55-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/576-97-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/576-58-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/576-71-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/576-93-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/576-0-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/576-27-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/576-17-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/576-110-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/940-658-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/940-96-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1468-554-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/1468-35-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/1636-677-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-109-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-586-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-45-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2252-20-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2252-512-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2460-21-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2460-526-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2552-72-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2552-663-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2700-94-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-676-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-590-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-57-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-65-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2860-601-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2888-522-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-19-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-571-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2896-28-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2912-48-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-589-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-105-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-653-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/3052-79-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download