cobaltstrike | 12e9e71d967ad6257227deb168a12bf0317df220c810a965525e14f3b14a2690

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

211a1f04c8e44e936df111a477f55b40
SHA1

88be74bec34974f0a33dc67fcd9abf9ad7cfe563
SHA256

12e9e71d967ad6257227deb168a12bf0317df220c810a965525e14f3b14a2690
SHA512

66c785e0fbeefe21056a64bc832d13b103574b6063ecb65d2107a0e78049f684a4f95b27dbbd16f3df9154214c91a914ec8407e3b9114e08646a4ac73e3b3280
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUH:T+q56utgpPF8u/7H

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\AMujePY.exe	cobalt_reflective_dll
\Windows\system\XadGhwH.exe	cobalt_reflective_dll
\Windows\system\HYBZalJ.exe	cobalt_reflective_dll
C:\Windows\system\ILHHAkx.exe	cobalt_reflective_dll
C:\Windows\system\EBEHuya.exe	cobalt_reflective_dll
C:\Windows\system\pKnyPzu.exe	cobalt_reflective_dll
C:\Windows\system\VZUiRFV.exe	cobalt_reflective_dll
C:\Windows\system\EthMEOD.exe	cobalt_reflective_dll
C:\Windows\system\PzeQpyi.exe	cobalt_reflective_dll
C:\Windows\system\mZjsVDh.exe	cobalt_reflective_dll
C:\Windows\system\RbCsFKA.exe	cobalt_reflective_dll
C:\Windows\system\zvxsnVU.exe	cobalt_reflective_dll
C:\Windows\system\rBvjuDA.exe	cobalt_reflective_dll
C:\Windows\system\kexhnyT.exe	cobalt_reflective_dll
C:\Windows\system\ZcBhGAk.exe	cobalt_reflective_dll
C:\Windows\system\wEJktkm.exe	cobalt_reflective_dll
C:\Windows\system\mHZtZbQ.exe	cobalt_reflective_dll
C:\Windows\system\kBUkAsg.exe	cobalt_reflective_dll
C:\Windows\system\EvKSaUr.exe	cobalt_reflective_dll
C:\Windows\system\zTgNXXr.exe	cobalt_reflective_dll
C:\Windows\system\ImaMFSW.exe	cobalt_reflective_dll
C:\Windows\system\HSHPogg.exe	cobalt_reflective_dll
C:\Windows\system\FFWtAJv.exe	cobalt_reflective_dll
C:\Windows\system\IjYPbSn.exe	cobalt_reflective_dll
C:\Windows\system\NibvhTW.exe	cobalt_reflective_dll
C:\Windows\system\cObUeoT.exe	cobalt_reflective_dll
C:\Windows\system\dmlfisn.exe	cobalt_reflective_dll
C:\Windows\system\SBSQTsM.exe	cobalt_reflective_dll
C:\Windows\system\jepyvvA.exe	cobalt_reflective_dll
C:\Windows\system\jJRXLRh.exe	cobalt_reflective_dll
C:\Windows\system\znofBad.exe	cobalt_reflective_dll
C:\Windows\system\BuOqJzT.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2120-0-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
\Windows\system\AMujePY.exe	xmrig
\Windows\system\XadGhwH.exe	xmrig
\Windows\system\HYBZalJ.exe	xmrig
C:\Windows\system\ILHHAkx.exe	xmrig
C:\Windows\system\EBEHuya.exe	xmrig
C:\Windows\system\pKnyPzu.exe	xmrig
C:\Windows\system\VZUiRFV.exe	xmrig
C:\Windows\system\EthMEOD.exe	xmrig
C:\Windows\system\PzeQpyi.exe	xmrig
behavioral1/memory/2644-152-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
C:\Windows\system\mZjsVDh.exe	xmrig
behavioral1/memory/2120-1128-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
C:\Windows\system\RbCsFKA.exe	xmrig
C:\Windows\system\zvxsnVU.exe	xmrig
C:\Windows\system\rBvjuDA.exe	xmrig
C:\Windows\system\kexhnyT.exe	xmrig
C:\Windows\system\ZcBhGAk.exe	xmrig
C:\Windows\system\wEJktkm.exe	xmrig
behavioral1/memory/2296-153-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2120-151-0x0000000002480000-0x00000000027D4000-memory.dmp	xmrig
behavioral1/memory/2912-150-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2780-148-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2120-147-0x0000000002480000-0x00000000027D4000-memory.dmp	xmrig
behavioral1/memory/2468-146-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2776-144-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2120-143-0x0000000002480000-0x00000000027D4000-memory.dmp	xmrig
behavioral1/memory/2900-142-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2120-141-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2768-140-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2728-138-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2120-137-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2152-136-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2120-135-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2804-134-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/1864-132-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2416-131-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2556-128-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
C:\Windows\system\mHZtZbQ.exe	xmrig
C:\Windows\system\kBUkAsg.exe	xmrig
C:\Windows\system\EvKSaUr.exe	xmrig
C:\Windows\system\zTgNXXr.exe	xmrig
C:\Windows\system\ImaMFSW.exe	xmrig
C:\Windows\system\HSHPogg.exe	xmrig
C:\Windows\system\FFWtAJv.exe	xmrig
C:\Windows\system\IjYPbSn.exe	xmrig
C:\Windows\system\NibvhTW.exe	xmrig
C:\Windows\system\cObUeoT.exe	xmrig
C:\Windows\system\dmlfisn.exe	xmrig
C:\Windows\system\SBSQTsM.exe	xmrig
C:\Windows\system\jepyvvA.exe	xmrig
C:\Windows\system\jJRXLRh.exe	xmrig
C:\Windows\system\znofBad.exe	xmrig
C:\Windows\system\BuOqJzT.exe	xmrig
behavioral1/memory/2296-3732-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2556-3737-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2416-3741-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2912-3740-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2804-3742-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2768-3785-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/1864-3784-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2644-3777-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2776-3764-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2152-3760-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

AMujePY.exeXadGhwH.exeHYBZalJ.exeBuOqJzT.exeILHHAkx.exeEBEHuya.exeznofBad.exepKnyPzu.exejJRXLRh.exejepyvvA.exeSBSQTsM.exedmlfisn.exeVZUiRFV.execObUeoT.exeNibvhTW.exeIjYPbSn.exeFFWtAJv.exeEthMEOD.exeHSHPogg.exeImaMFSW.exezTgNXXr.exeEvKSaUr.exekBUkAsg.exePzeQpyi.exemHZtZbQ.exewEJktkm.exerBvjuDA.exeZcBhGAk.exemZjsVDh.exekexhnyT.exeRbCsFKA.exezvxsnVU.exeKZQdRJn.exesqPpGDl.exexldQLPg.exekZTiOVW.exePLsTYnx.exepgaqcgj.exeqXYiGlR.exeiGQoAIx.exeFbRFRiN.exebzUPRrn.exeJcGeXmi.exeRAGEipC.exeWhiojvS.exexzLdWJG.exeszNhsLI.exeMzxqaoA.exelQJyeae.exeELQIlgk.exeFVKXYXf.exevblbVKl.exeHVMwlAz.exemFioLue.exemvldVDw.exexjihoNP.exeekfkYlq.exenoCngcW.exeaXgxJHF.exejKcvaGE.exeHxykYnu.exeBvxyzak.exertMIFtW.execsuYlbi.exe

pid	process
2296	AMujePY.exe
2556	XadGhwH.exe
2416	HYBZalJ.exe
1864	BuOqJzT.exe
2804	ILHHAkx.exe
2152	EBEHuya.exe
2728	znofBad.exe
2768	pKnyPzu.exe
2900	jJRXLRh.exe
2776	jepyvvA.exe
2468	SBSQTsM.exe
2780	dmlfisn.exe
2912	VZUiRFV.exe
2644	cObUeoT.exe
2756	NibvhTW.exe
2816	IjYPbSn.exe
2628	FFWtAJv.exe
2684	EthMEOD.exe
2160	HSHPogg.exe
2512	ImaMFSW.exe
684	zTgNXXr.exe
1856	EvKSaUr.exe
2352	kBUkAsg.exe
1960	PzeQpyi.exe
1736	mHZtZbQ.exe
2960	wEJktkm.exe
1780	rBvjuDA.exe
2240	ZcBhGAk.exe
2836	mZjsVDh.exe
1100	kexhnyT.exe
1868	RbCsFKA.exe
2844	zvxsnVU.exe
2196	KZQdRJn.exe
1700	sqPpGDl.exe
956	xldQLPg.exe
2136	kZTiOVW.exe
952	PLsTYnx.exe
2176	pgaqcgj.exe
756	qXYiGlR.exe
1300	iGQoAIx.exe
1092	FbRFRiN.exe
2412	bzUPRrn.exe
2260	JcGeXmi.exe
2268	RAGEipC.exe
1312	WhiojvS.exe
2076	xzLdWJG.exe
600	szNhsLI.exe
1724	MzxqaoA.exe
2548	lQJyeae.exe
1492	ELQIlgk.exe
2904	FVKXYXf.exe
2616	vblbVKl.exe
1028	HVMwlAz.exe
2084	mFioLue.exe
2248	mvldVDw.exe
3004	xjihoNP.exe
2376	ekfkYlq.exe
2324	noCngcW.exe
2924	aXgxJHF.exe
2964	jKcvaGE.exe
1752	HxykYnu.exe
2440	Bvxyzak.exe
2604	rtMIFtW.exe
2848	csuYlbi.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2120-0-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
\Windows\system\AMujePY.exe	upx
\Windows\system\XadGhwH.exe	upx
\Windows\system\HYBZalJ.exe	upx
C:\Windows\system\ILHHAkx.exe	upx
C:\Windows\system\EBEHuya.exe	upx
C:\Windows\system\pKnyPzu.exe	upx
C:\Windows\system\VZUiRFV.exe	upx
C:\Windows\system\EthMEOD.exe	upx
C:\Windows\system\PzeQpyi.exe	upx
behavioral1/memory/2644-152-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
C:\Windows\system\mZjsVDh.exe	upx
behavioral1/memory/2120-1128-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
C:\Windows\system\RbCsFKA.exe	upx
C:\Windows\system\zvxsnVU.exe	upx
C:\Windows\system\rBvjuDA.exe	upx
C:\Windows\system\kexhnyT.exe	upx
C:\Windows\system\ZcBhGAk.exe	upx
C:\Windows\system\wEJktkm.exe	upx
behavioral1/memory/2296-153-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2912-150-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2780-148-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2468-146-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2776-144-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2900-142-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2768-140-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2728-138-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2152-136-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2804-134-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/1864-132-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2416-131-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2556-128-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
C:\Windows\system\mHZtZbQ.exe	upx
C:\Windows\system\kBUkAsg.exe	upx
C:\Windows\system\EvKSaUr.exe	upx
C:\Windows\system\zTgNXXr.exe	upx
C:\Windows\system\ImaMFSW.exe	upx
C:\Windows\system\HSHPogg.exe	upx
C:\Windows\system\FFWtAJv.exe	upx
C:\Windows\system\IjYPbSn.exe	upx
C:\Windows\system\NibvhTW.exe	upx
C:\Windows\system\cObUeoT.exe	upx
C:\Windows\system\dmlfisn.exe	upx
C:\Windows\system\SBSQTsM.exe	upx
C:\Windows\system\jepyvvA.exe	upx
C:\Windows\system\jJRXLRh.exe	upx
C:\Windows\system\znofBad.exe	upx
C:\Windows\system\BuOqJzT.exe	upx
behavioral1/memory/2296-3732-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2556-3737-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2416-3741-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2912-3740-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2804-3742-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2768-3785-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/1864-3784-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2644-3777-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2776-3764-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2152-3760-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2468-3756-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2728-3755-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2900-3743-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2780-4039-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\FFOgwmV.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cccnJoP.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nTvluks.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QEVgKdL.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iwpLGce.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEyGurh.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GrWchWH.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BuOqJzT.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bvgdkUH.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YPOoQtZ.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fnAsDUi.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vHiiGHG.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHIErtd.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ndsLVCm.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uGcaJDn.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hyVtwuE.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jRnEsBU.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ACIFNWG.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmkGTEC.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAnxESg.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GZDWzcr.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWWNVWg.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kkkdXeg.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QkwBURp.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KIkSImk.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZcBhGAk.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbCsFKA.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fSkTIQv.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pKUYzCE.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sbQolmQ.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tSKDVlK.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MhKVZPY.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVBIAEQ.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AUFAujT.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXKEMIt.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ppZeKPK.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ytknZLO.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OlvFCoy.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aLrvKWE.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mevyZKQ.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Eaifeot.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KkVtXQS.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rTvZNCM.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRcJMav.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cadJpdj.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUyjbFp.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fSzqpuc.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VcwunZc.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sQGSNtM.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PzEUNiq.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lLSYcpM.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HbzPrhg.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UnFFAfA.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xAHsSAR.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mBdNwyf.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SElpWXW.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JeufENt.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YyIenAM.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RAGEipC.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FIZmMcv.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wGVdLkP.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qENdZLB.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HcZrMVt.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZLkErK.exe	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2120 wrote to memory of 2296	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	AMujePY.exe
PID 2120 wrote to memory of 2296	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	AMujePY.exe
PID 2120 wrote to memory of 2296	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	AMujePY.exe
PID 2120 wrote to memory of 2556	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	XadGhwH.exe
PID 2120 wrote to memory of 2556	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	XadGhwH.exe
PID 2120 wrote to memory of 2556	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	XadGhwH.exe
PID 2120 wrote to memory of 2416	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	HYBZalJ.exe
PID 2120 wrote to memory of 2416	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	HYBZalJ.exe
PID 2120 wrote to memory of 2416	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	HYBZalJ.exe
PID 2120 wrote to memory of 1864	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	BuOqJzT.exe
PID 2120 wrote to memory of 1864	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	BuOqJzT.exe
PID 2120 wrote to memory of 1864	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	BuOqJzT.exe
PID 2120 wrote to memory of 2804	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	ILHHAkx.exe
PID 2120 wrote to memory of 2804	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	ILHHAkx.exe
PID 2120 wrote to memory of 2804	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	ILHHAkx.exe
PID 2120 wrote to memory of 2152	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	EBEHuya.exe
PID 2120 wrote to memory of 2152	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	EBEHuya.exe
PID 2120 wrote to memory of 2152	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	EBEHuya.exe
PID 2120 wrote to memory of 2728	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	znofBad.exe
PID 2120 wrote to memory of 2728	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	znofBad.exe
PID 2120 wrote to memory of 2728	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	znofBad.exe
PID 2120 wrote to memory of 2768	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	pKnyPzu.exe
PID 2120 wrote to memory of 2768	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	pKnyPzu.exe
PID 2120 wrote to memory of 2768	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	pKnyPzu.exe
PID 2120 wrote to memory of 2900	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	jJRXLRh.exe
PID 2120 wrote to memory of 2900	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	jJRXLRh.exe
PID 2120 wrote to memory of 2900	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	jJRXLRh.exe
PID 2120 wrote to memory of 2776	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	jepyvvA.exe
PID 2120 wrote to memory of 2776	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	jepyvvA.exe
PID 2120 wrote to memory of 2776	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	jepyvvA.exe
PID 2120 wrote to memory of 2468	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	SBSQTsM.exe
PID 2120 wrote to memory of 2468	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	SBSQTsM.exe
PID 2120 wrote to memory of 2468	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	SBSQTsM.exe
PID 2120 wrote to memory of 2780	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	dmlfisn.exe
PID 2120 wrote to memory of 2780	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	dmlfisn.exe
PID 2120 wrote to memory of 2780	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	dmlfisn.exe
PID 2120 wrote to memory of 2912	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	VZUiRFV.exe
PID 2120 wrote to memory of 2912	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	VZUiRFV.exe
PID 2120 wrote to memory of 2912	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	VZUiRFV.exe
PID 2120 wrote to memory of 2644	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	cObUeoT.exe
PID 2120 wrote to memory of 2644	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	cObUeoT.exe
PID 2120 wrote to memory of 2644	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	cObUeoT.exe
PID 2120 wrote to memory of 2756	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	NibvhTW.exe
PID 2120 wrote to memory of 2756	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	NibvhTW.exe
PID 2120 wrote to memory of 2756	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	NibvhTW.exe
PID 2120 wrote to memory of 2816	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	IjYPbSn.exe
PID 2120 wrote to memory of 2816	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	IjYPbSn.exe
PID 2120 wrote to memory of 2816	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	IjYPbSn.exe
PID 2120 wrote to memory of 2628	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	FFWtAJv.exe
PID 2120 wrote to memory of 2628	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	FFWtAJv.exe
PID 2120 wrote to memory of 2628	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	FFWtAJv.exe
PID 2120 wrote to memory of 2684	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	EthMEOD.exe
PID 2120 wrote to memory of 2684	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	EthMEOD.exe
PID 2120 wrote to memory of 2684	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	EthMEOD.exe
PID 2120 wrote to memory of 2160	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	HSHPogg.exe
PID 2120 wrote to memory of 2160	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	HSHPogg.exe
PID 2120 wrote to memory of 2160	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	HSHPogg.exe
PID 2120 wrote to memory of 2512	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	ImaMFSW.exe
PID 2120 wrote to memory of 2512	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	ImaMFSW.exe
PID 2120 wrote to memory of 2512	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	ImaMFSW.exe
PID 2120 wrote to memory of 684	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	zTgNXXr.exe
PID 2120 wrote to memory of 684	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	zTgNXXr.exe
PID 2120 wrote to memory of 684	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	zTgNXXr.exe
PID 2120 wrote to memory of 1856	2120	2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe	EvKSaUr.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_211a1f04c8e44e936df111a477f55b40_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\System\AMujePY.exe
  C:\Windows\System\AMujePY.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\XadGhwH.exe
  C:\Windows\System\XadGhwH.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\HYBZalJ.exe
  C:\Windows\System\HYBZalJ.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\BuOqJzT.exe
  C:\Windows\System\BuOqJzT.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\ILHHAkx.exe
  C:\Windows\System\ILHHAkx.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\EBEHuya.exe
  C:\Windows\System\EBEHuya.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\znofBad.exe
  C:\Windows\System\znofBad.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\pKnyPzu.exe
  C:\Windows\System\pKnyPzu.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\jJRXLRh.exe
  C:\Windows\System\jJRXLRh.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\jepyvvA.exe
  C:\Windows\System\jepyvvA.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\SBSQTsM.exe
  C:\Windows\System\SBSQTsM.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\dmlfisn.exe
  C:\Windows\System\dmlfisn.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\VZUiRFV.exe
  C:\Windows\System\VZUiRFV.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\cObUeoT.exe
  C:\Windows\System\cObUeoT.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\NibvhTW.exe
  C:\Windows\System\NibvhTW.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\IjYPbSn.exe
  C:\Windows\System\IjYPbSn.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\FFWtAJv.exe
  C:\Windows\System\FFWtAJv.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\EthMEOD.exe
  C:\Windows\System\EthMEOD.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\HSHPogg.exe
  C:\Windows\System\HSHPogg.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\ImaMFSW.exe
  C:\Windows\System\ImaMFSW.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\zTgNXXr.exe
  C:\Windows\System\zTgNXXr.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\EvKSaUr.exe
  C:\Windows\System\EvKSaUr.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\kBUkAsg.exe
  C:\Windows\System\kBUkAsg.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\PzeQpyi.exe
  C:\Windows\System\PzeQpyi.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\mHZtZbQ.exe
  C:\Windows\System\mHZtZbQ.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\wEJktkm.exe
  C:\Windows\System\wEJktkm.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\rBvjuDA.exe
  C:\Windows\System\rBvjuDA.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\ZcBhGAk.exe
  C:\Windows\System\ZcBhGAk.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\mZjsVDh.exe
  C:\Windows\System\mZjsVDh.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\kexhnyT.exe
  C:\Windows\System\kexhnyT.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\RbCsFKA.exe
  C:\Windows\System\RbCsFKA.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\zvxsnVU.exe
  C:\Windows\System\zvxsnVU.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\KZQdRJn.exe
  C:\Windows\System\KZQdRJn.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\sqPpGDl.exe
  C:\Windows\System\sqPpGDl.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\xldQLPg.exe
  C:\Windows\System\xldQLPg.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\kZTiOVW.exe
  C:\Windows\System\kZTiOVW.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\PLsTYnx.exe
  C:\Windows\System\PLsTYnx.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\pgaqcgj.exe
  C:\Windows\System\pgaqcgj.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\qXYiGlR.exe
  C:\Windows\System\qXYiGlR.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\iGQoAIx.exe
  C:\Windows\System\iGQoAIx.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\FbRFRiN.exe
  C:\Windows\System\FbRFRiN.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\bzUPRrn.exe
  C:\Windows\System\bzUPRrn.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\xzLdWJG.exe
  C:\Windows\System\xzLdWJG.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\JcGeXmi.exe
  C:\Windows\System\JcGeXmi.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\HVMwlAz.exe
  C:\Windows\System\HVMwlAz.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\RAGEipC.exe
  C:\Windows\System\RAGEipC.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\mFioLue.exe
  C:\Windows\System\mFioLue.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\WhiojvS.exe
  C:\Windows\System\WhiojvS.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\mvldVDw.exe
  C:\Windows\System\mvldVDw.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\szNhsLI.exe
  C:\Windows\System\szNhsLI.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\xjihoNP.exe
  C:\Windows\System\xjihoNP.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\MzxqaoA.exe
  C:\Windows\System\MzxqaoA.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\ekfkYlq.exe
  C:\Windows\System\ekfkYlq.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\lQJyeae.exe
  C:\Windows\System\lQJyeae.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\noCngcW.exe
  C:\Windows\System\noCngcW.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\ELQIlgk.exe
  C:\Windows\System\ELQIlgk.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\aXgxJHF.exe
  C:\Windows\System\aXgxJHF.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\FVKXYXf.exe
  C:\Windows\System\FVKXYXf.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\jKcvaGE.exe
  C:\Windows\System\jKcvaGE.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\vblbVKl.exe
  C:\Windows\System\vblbVKl.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\HxykYnu.exe
  C:\Windows\System\HxykYnu.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\Bvxyzak.exe
  C:\Windows\System\Bvxyzak.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\RjeXmge.exe
  C:\Windows\System\RjeXmge.exe
  2⤵
  PID:1588
- C:\Windows\System\rtMIFtW.exe
  C:\Windows\System\rtMIFtW.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\dBdDSLL.exe
  C:\Windows\System\dBdDSLL.exe
  2⤵
  PID:2864
- C:\Windows\System\csuYlbi.exe
  C:\Windows\System\csuYlbi.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\PaWEedd.exe
  C:\Windows\System\PaWEedd.exe
  2⤵
  PID:2404
- C:\Windows\System\wXzSGXm.exe
  C:\Windows\System\wXzSGXm.exe
  2⤵
  PID:2132
- C:\Windows\System\JOCfYqE.exe
  C:\Windows\System\JOCfYqE.exe
  2⤵
  PID:2428
- C:\Windows\System\nCuBcqR.exe
  C:\Windows\System\nCuBcqR.exe
  2⤵
  PID:1356
- C:\Windows\System\AxOUMex.exe
  C:\Windows\System\AxOUMex.exe
  2⤵
  PID:1620
- C:\Windows\System\pRzZJDB.exe
  C:\Windows\System\pRzZJDB.exe
  2⤵
  PID:3020
- C:\Windows\System\kZAUXjA.exe
  C:\Windows\System\kZAUXjA.exe
  2⤵
  PID:1656
- C:\Windows\System\nxWGCde.exe
  C:\Windows\System\nxWGCde.exe
  2⤵
  PID:2008
- C:\Windows\System\xaUihhK.exe
  C:\Windows\System\xaUihhK.exe
  2⤵
  PID:1872
- C:\Windows\System\AsZJinW.exe
  C:\Windows\System\AsZJinW.exe
  2⤵
  PID:884
- C:\Windows\System\cyqYjrk.exe
  C:\Windows\System\cyqYjrk.exe
  2⤵
  PID:348
- C:\Windows\System\meAKWEq.exe
  C:\Windows\System\meAKWEq.exe
  2⤵
  PID:296
- C:\Windows\System\NpqkKuF.exe
  C:\Windows\System\NpqkKuF.exe
  2⤵
  PID:1792
- C:\Windows\System\MDRXZla.exe
  C:\Windows\System\MDRXZla.exe
  2⤵
  PID:2064
- C:\Windows\System\mGpPYyY.exe
  C:\Windows\System\mGpPYyY.exe
  2⤵
  PID:2884
- C:\Windows\System\dYEtamT.exe
  C:\Windows\System\dYEtamT.exe
  2⤵
  PID:2740
- C:\Windows\System\tzopIQX.exe
  C:\Windows\System\tzopIQX.exe
  2⤵
  PID:3080
- C:\Windows\System\yWEHDES.exe
  C:\Windows\System\yWEHDES.exe
  2⤵
  PID:3096
- C:\Windows\System\XNkasJZ.exe
  C:\Windows\System\XNkasJZ.exe
  2⤵
  PID:3116
- C:\Windows\System\IhkRfJY.exe
  C:\Windows\System\IhkRfJY.exe
  2⤵
  PID:3136
- C:\Windows\System\AcacQpH.exe
  C:\Windows\System\AcacQpH.exe
  2⤵
  PID:3152
- C:\Windows\System\LbQBhTm.exe
  C:\Windows\System\LbQBhTm.exe
  2⤵
  PID:3172
- C:\Windows\System\FdRcCSr.exe
  C:\Windows\System\FdRcCSr.exe
  2⤵
  PID:3188
- C:\Windows\System\lxWjPMC.exe
  C:\Windows\System\lxWjPMC.exe
  2⤵
  PID:3208
- C:\Windows\System\PEDMfiw.exe
  C:\Windows\System\PEDMfiw.exe
  2⤵
  PID:3224
- C:\Windows\System\OyBXjNT.exe
  C:\Windows\System\OyBXjNT.exe
  2⤵
  PID:3240
- C:\Windows\System\JvgoNWE.exe
  C:\Windows\System\JvgoNWE.exe
  2⤵
  PID:3256
- C:\Windows\System\UTDusMt.exe
  C:\Windows\System\UTDusMt.exe
  2⤵
  PID:3272
- C:\Windows\System\WKIaSmF.exe
  C:\Windows\System\WKIaSmF.exe
  2⤵
  PID:3292
- C:\Windows\System\uWXlGQf.exe
  C:\Windows\System\uWXlGQf.exe
  2⤵
  PID:3312
- C:\Windows\System\rxJyfZo.exe
  C:\Windows\System\rxJyfZo.exe
  2⤵
  PID:3328
- C:\Windows\System\TfaBtqQ.exe
  C:\Windows\System\TfaBtqQ.exe
  2⤵
  PID:3344
- C:\Windows\System\fzcdSTb.exe
  C:\Windows\System\fzcdSTb.exe
  2⤵
  PID:3364
- C:\Windows\System\cYJSUZL.exe
  C:\Windows\System\cYJSUZL.exe
  2⤵
  PID:3384
- C:\Windows\System\kPwPNkt.exe
  C:\Windows\System\kPwPNkt.exe
  2⤵
  PID:3404
- C:\Windows\System\oUtIbTw.exe
  C:\Windows\System\oUtIbTw.exe
  2⤵
  PID:3420
- C:\Windows\System\ChRShuB.exe
  C:\Windows\System\ChRShuB.exe
  2⤵
  PID:3436
- C:\Windows\System\HIJdskr.exe
  C:\Windows\System\HIJdskr.exe
  2⤵
  PID:3456
- C:\Windows\System\UUHZhwh.exe
  C:\Windows\System\UUHZhwh.exe
  2⤵
  PID:3476
- C:\Windows\System\fUaLIMG.exe
  C:\Windows\System\fUaLIMG.exe
  2⤵
  PID:3492
- C:\Windows\System\wxZnIgg.exe
  C:\Windows\System\wxZnIgg.exe
  2⤵
  PID:3520
- C:\Windows\System\KVJcWOW.exe
  C:\Windows\System\KVJcWOW.exe
  2⤵
  PID:3536
- C:\Windows\System\chZdpud.exe
  C:\Windows\System\chZdpud.exe
  2⤵
  PID:3552
- C:\Windows\System\JAWuyfd.exe
  C:\Windows\System\JAWuyfd.exe
  2⤵
  PID:3572
- C:\Windows\System\yCeSKAv.exe
  C:\Windows\System\yCeSKAv.exe
  2⤵
  PID:3592
- C:\Windows\System\OlvFCoy.exe
  C:\Windows\System\OlvFCoy.exe
  2⤵
  PID:3704
- C:\Windows\System\krVrzzH.exe
  C:\Windows\System\krVrzzH.exe
  2⤵
  PID:3720
- C:\Windows\System\vxyvYjs.exe
  C:\Windows\System\vxyvYjs.exe
  2⤵
  PID:3736
- C:\Windows\System\BwNlfdZ.exe
  C:\Windows\System\BwNlfdZ.exe
  2⤵
  PID:3752
- C:\Windows\System\flUWtaC.exe
  C:\Windows\System\flUWtaC.exe
  2⤵
  PID:3768
- C:\Windows\System\VojNqSx.exe
  C:\Windows\System\VojNqSx.exe
  2⤵
  PID:3784
- C:\Windows\System\BQsGVuR.exe
  C:\Windows\System\BQsGVuR.exe
  2⤵
  PID:3800
- C:\Windows\System\RUbiAna.exe
  C:\Windows\System\RUbiAna.exe
  2⤵
  PID:3816
- C:\Windows\System\lOwPXSv.exe
  C:\Windows\System\lOwPXSv.exe
  2⤵
  PID:3836
- C:\Windows\System\XhPfloU.exe
  C:\Windows\System\XhPfloU.exe
  2⤵
  PID:3868
- C:\Windows\System\CwvuCRn.exe
  C:\Windows\System\CwvuCRn.exe
  2⤵
  PID:3888
- C:\Windows\System\LKckzTI.exe
  C:\Windows\System\LKckzTI.exe
  2⤵
  PID:3920
- C:\Windows\System\jGkbVcf.exe
  C:\Windows\System\jGkbVcf.exe
  2⤵
  PID:3936
- C:\Windows\System\MyhaWeo.exe
  C:\Windows\System\MyhaWeo.exe
  2⤵
  PID:3952
- C:\Windows\System\nkOOLZy.exe
  C:\Windows\System\nkOOLZy.exe
  2⤵
  PID:3976
- C:\Windows\System\LIpqAcN.exe
  C:\Windows\System\LIpqAcN.exe
  2⤵
  PID:4000
- C:\Windows\System\nBvKdyG.exe
  C:\Windows\System\nBvKdyG.exe
  2⤵
  PID:4020
- C:\Windows\System\yETlOyi.exe
  C:\Windows\System\yETlOyi.exe
  2⤵
  PID:4048
- C:\Windows\System\pBfzyGx.exe
  C:\Windows\System\pBfzyGx.exe
  2⤵
  PID:4064
- C:\Windows\System\aLrvKWE.exe
  C:\Windows\System\aLrvKWE.exe
  2⤵
  PID:4080
- C:\Windows\System\UpKTeih.exe
  C:\Windows\System\UpKTeih.exe
  2⤵
  PID:1956
- C:\Windows\System\pzqnSIY.exe
  C:\Windows\System\pzqnSIY.exe
  2⤵
  PID:2184
- C:\Windows\System\SRnIJpt.exe
  C:\Windows\System\SRnIJpt.exe
  2⤵
  PID:620
- C:\Windows\System\zYSgrBx.exe
  C:\Windows\System\zYSgrBx.exe
  2⤵
  PID:2932
- C:\Windows\System\nWGsknf.exe
  C:\Windows\System\nWGsknf.exe
  2⤵
  PID:564
- C:\Windows\System\eaRDzPo.exe
  C:\Windows\System\eaRDzPo.exe
  2⤵
  PID:1760
- C:\Windows\System\THUitXy.exe
  C:\Windows\System\THUitXy.exe
  2⤵
  PID:580
- C:\Windows\System\cKJQAWa.exe
  C:\Windows\System\cKJQAWa.exe
  2⤵
  PID:3032
- C:\Windows\System\MlfStIW.exe
  C:\Windows\System\MlfStIW.exe
  2⤵
  PID:3180
- C:\Windows\System\DVtGRat.exe
  C:\Windows\System\DVtGRat.exe
  2⤵
  PID:3280
- C:\Windows\System\dGkWSnp.exe
  C:\Windows\System\dGkWSnp.exe
  2⤵
  PID:3324
- C:\Windows\System\uBTjrQR.exe
  C:\Windows\System\uBTjrQR.exe
  2⤵
  PID:3392
- C:\Windows\System\gsDnRxT.exe
  C:\Windows\System\gsDnRxT.exe
  2⤵
  PID:1672
- C:\Windows\System\RBOmYGp.exe
  C:\Windows\System\RBOmYGp.exe
  2⤵
  PID:996
- C:\Windows\System\VZspRuW.exe
  C:\Windows\System\VZspRuW.exe
  2⤵
  PID:2280
- C:\Windows\System\KyqsZos.exe
  C:\Windows\System\KyqsZos.exe
  2⤵
  PID:3512
- C:\Windows\System\uNJPMiF.exe
  C:\Windows\System\uNJPMiF.exe
  2⤵
  PID:2344
- C:\Windows\System\aLNyzIp.exe
  C:\Windows\System\aLNyzIp.exe
  2⤵
  PID:2208
- C:\Windows\System\drsuIUJ.exe
  C:\Windows\System\drsuIUJ.exe
  2⤵
  PID:2396
- C:\Windows\System\MMbabWy.exe
  C:\Windows\System\MMbabWy.exe
  2⤵
  PID:2232
- C:\Windows\System\pdRKLZI.exe
  C:\Windows\System\pdRKLZI.exe
  2⤵
  PID:3544
- C:\Windows\System\BbGOCwS.exe
  C:\Windows\System\BbGOCwS.exe
  2⤵
  PID:3588
- C:\Windows\System\upDGGlj.exe
  C:\Windows\System\upDGGlj.exe
  2⤵
  PID:2328
- C:\Windows\System\CdYFSyR.exe
  C:\Windows\System\CdYFSyR.exe
  2⤵
  PID:3168
- C:\Windows\System\siHZigZ.exe
  C:\Windows\System\siHZigZ.exe
  2⤵
  PID:3560
- C:\Windows\System\DrBUypW.exe
  C:\Windows\System\DrBUypW.exe
  2⤵
  PID:3444
- C:\Windows\System\WQKcdpr.exe
  C:\Windows\System\WQKcdpr.exe
  2⤵
  PID:3336
- C:\Windows\System\YKxTyBz.exe
  C:\Windows\System\YKxTyBz.exe
  2⤵
  PID:3232
- C:\Windows\System\Zfeujnf.exe
  C:\Windows\System\Zfeujnf.exe
  2⤵
  PID:3132
- C:\Windows\System\dZUcUfd.exe
  C:\Windows\System\dZUcUfd.exe
  2⤵
  PID:2652
- C:\Windows\System\BvddsWB.exe
  C:\Windows\System\BvddsWB.exe
  2⤵
  PID:2204
- C:\Windows\System\ofEKpcc.exe
  C:\Windows\System\ofEKpcc.exe
  2⤵
  PID:1048
- C:\Windows\System\UAtEKPI.exe
  C:\Windows\System\UAtEKPI.exe
  2⤵
  PID:2840
- C:\Windows\System\QGLjHhT.exe
  C:\Windows\System\QGLjHhT.exe
  2⤵
  PID:3600
- C:\Windows\System\NBjNlBi.exe
  C:\Windows\System\NBjNlBi.exe
  2⤵
  PID:3620
- C:\Windows\System\DAsIbCO.exe
  C:\Windows\System\DAsIbCO.exe
  2⤵
  PID:3640
- C:\Windows\System\gNrOuRM.exe
  C:\Windows\System\gNrOuRM.exe
  2⤵
  PID:3660
- C:\Windows\System\hJzXoqd.exe
  C:\Windows\System\hJzXoqd.exe
  2⤵
  PID:3672
- C:\Windows\System\LHsnpAf.exe
  C:\Windows\System\LHsnpAf.exe
  2⤵
  PID:3776
- C:\Windows\System\OCSEMAd.exe
  C:\Windows\System\OCSEMAd.exe
  2⤵
  PID:3848
- C:\Windows\System\MYOPtBe.exe
  C:\Windows\System\MYOPtBe.exe
  2⤵
  PID:3696
- C:\Windows\System\sYecbBZ.exe
  C:\Windows\System\sYecbBZ.exe
  2⤵
  PID:3832
- C:\Windows\System\nIwAZbs.exe
  C:\Windows\System\nIwAZbs.exe
  2⤵
  PID:3760
- C:\Windows\System\cwhigtx.exe
  C:\Windows\System\cwhigtx.exe
  2⤵
  PID:3896
- C:\Windows\System\KYdIieo.exe
  C:\Windows\System\KYdIieo.exe
  2⤵
  PID:3916
- C:\Windows\System\YIcvAim.exe
  C:\Windows\System\YIcvAim.exe
  2⤵
  PID:3996
- C:\Windows\System\oeQZKXa.exe
  C:\Windows\System\oeQZKXa.exe
  2⤵
  PID:4044
- C:\Windows\System\LzVyuxs.exe
  C:\Windows\System\LzVyuxs.exe
  2⤵
  PID:3972
- C:\Windows\System\HfebcPX.exe
  C:\Windows\System\HfebcPX.exe
  2⤵
  PID:3928
- C:\Windows\System\QykBxbW.exe
  C:\Windows\System\QykBxbW.exe
  2⤵
  PID:4056
- C:\Windows\System\TIJQwAd.exe
  C:\Windows\System\TIJQwAd.exe
  2⤵
  PID:1388
- C:\Windows\System\NUyjbFp.exe
  C:\Windows\System\NUyjbFp.exe
  2⤵
  PID:2044
- C:\Windows\System\pXUmrYR.exe
  C:\Windows\System\pXUmrYR.exe
  2⤵
  PID:3216
- C:\Windows\System\uHkIlTz.exe
  C:\Windows\System\uHkIlTz.exe
  2⤵
  PID:3360
- C:\Windows\System\vNkJyky.exe
  C:\Windows\System\vNkJyky.exe
  2⤵
  PID:2668
- C:\Windows\System\NBtYmum.exe
  C:\Windows\System\NBtYmum.exe
  2⤵
  PID:4092
- C:\Windows\System\rJKJwMK.exe
  C:\Windows\System\rJKJwMK.exe
  2⤵
  PID:3148
- C:\Windows\System\EhkgpqR.exe
  C:\Windows\System\EhkgpqR.exe
  2⤵
  PID:2400
- C:\Windows\System\LGgDPTY.exe
  C:\Windows\System\LGgDPTY.exe
  2⤵
  PID:3288
- C:\Windows\System\CXHvmtt.exe
  C:\Windows\System\CXHvmtt.exe
  2⤵
  PID:2664
- C:\Windows\System\xgyCSoc.exe
  C:\Windows\System\xgyCSoc.exe
  2⤵
  PID:2288
- C:\Windows\System\ZObANIV.exe
  C:\Windows\System\ZObANIV.exe
  2⤵
  PID:2744
- C:\Windows\System\slUoEOl.exe
  C:\Windows\System\slUoEOl.exe
  2⤵
  PID:2648
- C:\Windows\System\UnFFAfA.exe
  C:\Windows\System\UnFFAfA.exe
  2⤵
  PID:3448
- C:\Windows\System\lLHigLh.exe
  C:\Windows\System\lLHigLh.exe
  2⤵
  PID:3380
- C:\Windows\System\oYlycwT.exe
  C:\Windows\System\oYlycwT.exe
  2⤵
  PID:3712
- C:\Windows\System\DkOxBuk.exe
  C:\Windows\System\DkOxBuk.exe
  2⤵
  PID:3268
- C:\Windows\System\DHrZxei.exe
  C:\Windows\System\DHrZxei.exe
  2⤵
  PID:3164
- C:\Windows\System\JmCiYNH.exe
  C:\Windows\System\JmCiYNH.exe
  2⤵
  PID:2036
- C:\Windows\System\xYwUdiE.exe
  C:\Windows\System\xYwUdiE.exe
  2⤵
  PID:1740
- C:\Windows\System\qIOiOTc.exe
  C:\Windows\System\qIOiOTc.exe
  2⤵
  PID:968
- C:\Windows\System\xEnpIQs.exe
  C:\Windows\System\xEnpIQs.exe
  2⤵
  PID:3628
- C:\Windows\System\xAHsSAR.exe
  C:\Windows\System\xAHsSAR.exe
  2⤵
  PID:3744
- C:\Windows\System\ELEoVVJ.exe
  C:\Windows\System\ELEoVVJ.exe
  2⤵
  PID:3844
- C:\Windows\System\KHBAlwY.exe
  C:\Windows\System\KHBAlwY.exe
  2⤵
  PID:3692
- C:\Windows\System\cVjHScU.exe
  C:\Windows\System\cVjHScU.exe
  2⤵
  PID:3728
- C:\Windows\System\XNBDxFK.exe
  C:\Windows\System\XNBDxFK.exe
  2⤵
  PID:3948
- C:\Windows\System\NAuqmEK.exe
  C:\Windows\System\NAuqmEK.exe
  2⤵
  PID:3984
- C:\Windows\System\YFvxyDv.exe
  C:\Windows\System\YFvxyDv.exe
  2⤵
  PID:4072
- C:\Windows\System\GZDWzcr.exe
  C:\Windows\System\GZDWzcr.exe
  2⤵
  PID:3932
- C:\Windows\System\mevyZKQ.exe
  C:\Windows\System\mevyZKQ.exe
  2⤵
  PID:316
- C:\Windows\System\JDSPqbI.exe
  C:\Windows\System\JDSPqbI.exe
  2⤵
  PID:3356
- C:\Windows\System\HPXRYCn.exe
  C:\Windows\System\HPXRYCn.exe
  2⤵
  PID:3252
- C:\Windows\System\uFBJKlq.exe
  C:\Windows\System\uFBJKlq.exe
  2⤵
  PID:2212
- C:\Windows\System\zhrfVrp.exe
  C:\Windows\System\zhrfVrp.exe
  2⤵
  PID:3428
- C:\Windows\System\WyKtOFd.exe
  C:\Windows\System\WyKtOFd.exe
  2⤵
  PID:3508
- C:\Windows\System\JHogqGn.exe
  C:\Windows\System\JHogqGn.exe
  2⤵
  PID:2528
- C:\Windows\System\AZIlFis.exe
  C:\Windows\System\AZIlFis.exe
  2⤵
  PID:2988
- C:\Windows\System\EZQZltE.exe
  C:\Windows\System\EZQZltE.exe
  2⤵
  PID:2444
- C:\Windows\System\RFuvoBW.exe
  C:\Windows\System\RFuvoBW.exe
  2⤵
  PID:3716
- C:\Windows\System\kqYwoAu.exe
  C:\Windows\System\kqYwoAu.exe
  2⤵
  PID:3376
- C:\Windows\System\sbQolmQ.exe
  C:\Windows\System\sbQolmQ.exe
  2⤵
  PID:3608
- C:\Windows\System\jvxHFUC.exe
  C:\Windows\System\jvxHFUC.exe
  2⤵
  PID:3632
- C:\Windows\System\QTBoxFa.exe
  C:\Windows\System\QTBoxFa.exe
  2⤵
  PID:3656
- C:\Windows\System\CCElMWM.exe
  C:\Windows\System\CCElMWM.exe
  2⤵
  PID:3808
- C:\Windows\System\oqTipiA.exe
  C:\Windows\System\oqTipiA.exe
  2⤵
  PID:3864
- C:\Windows\System\CNnQike.exe
  C:\Windows\System\CNnQike.exe
  2⤵
  PID:3912
- C:\Windows\System\XozeGyK.exe
  C:\Windows\System\XozeGyK.exe
  2⤵
  PID:3700
- C:\Windows\System\SebTvmL.exe
  C:\Windows\System\SebTvmL.exe
  2⤵
  PID:4076
- C:\Windows\System\xAhIURW.exe
  C:\Windows\System\xAhIURW.exe
  2⤵
  PID:2852
- C:\Windows\System\zUEyxKX.exe
  C:\Windows\System\zUEyxKX.exe
  2⤵
  PID:4104
- C:\Windows\System\iTRaaul.exe
  C:\Windows\System\iTRaaul.exe
  2⤵
  PID:4128
- C:\Windows\System\xFeiWCG.exe
  C:\Windows\System\xFeiWCG.exe
  2⤵
  PID:4144
- C:\Windows\System\elcSJkk.exe
  C:\Windows\System\elcSJkk.exe
  2⤵
  PID:4172
- C:\Windows\System\wHNcKip.exe
  C:\Windows\System\wHNcKip.exe
  2⤵
  PID:4192
- C:\Windows\System\btvURVg.exe
  C:\Windows\System\btvURVg.exe
  2⤵
  PID:4212
- C:\Windows\System\mBdNwyf.exe
  C:\Windows\System\mBdNwyf.exe
  2⤵
  PID:4232
- C:\Windows\System\GLFPFdG.exe
  C:\Windows\System\GLFPFdG.exe
  2⤵
  PID:4252
- C:\Windows\System\UmDoDUR.exe
  C:\Windows\System\UmDoDUR.exe
  2⤵
  PID:4272
- C:\Windows\System\UdIEVwi.exe
  C:\Windows\System\UdIEVwi.exe
  2⤵
  PID:4292
- C:\Windows\System\BehXllx.exe
  C:\Windows\System\BehXllx.exe
  2⤵
  PID:4308
- C:\Windows\System\VoIariP.exe
  C:\Windows\System\VoIariP.exe
  2⤵
  PID:4324
- C:\Windows\System\syBLmKZ.exe
  C:\Windows\System\syBLmKZ.exe
  2⤵
  PID:4340
- C:\Windows\System\FchCCRy.exe
  C:\Windows\System\FchCCRy.exe
  2⤵
  PID:4368
- C:\Windows\System\uSxwFqY.exe
  C:\Windows\System\uSxwFqY.exe
  2⤵
  PID:4392
- C:\Windows\System\tVgFRNl.exe
  C:\Windows\System\tVgFRNl.exe
  2⤵
  PID:4408
- C:\Windows\System\snHsQSM.exe
  C:\Windows\System\snHsQSM.exe
  2⤵
  PID:4432
- C:\Windows\System\RXymgNy.exe
  C:\Windows\System\RXymgNy.exe
  2⤵
  PID:4452
- C:\Windows\System\agdfDAT.exe
  C:\Windows\System\agdfDAT.exe
  2⤵
  PID:4472
- C:\Windows\System\TaecGcj.exe
  C:\Windows\System\TaecGcj.exe
  2⤵
  PID:4492
- C:\Windows\System\JtNoebd.exe
  C:\Windows\System\JtNoebd.exe
  2⤵
  PID:4508
- C:\Windows\System\DPzxqzU.exe
  C:\Windows\System\DPzxqzU.exe
  2⤵
  PID:4528
- C:\Windows\System\hktievj.exe
  C:\Windows\System\hktievj.exe
  2⤵
  PID:4548
- C:\Windows\System\SSTeLaI.exe
  C:\Windows\System\SSTeLaI.exe
  2⤵
  PID:4564
- C:\Windows\System\upRfoak.exe
  C:\Windows\System\upRfoak.exe
  2⤵
  PID:4580
- C:\Windows\System\supFXNZ.exe
  C:\Windows\System\supFXNZ.exe
  2⤵
  PID:4596
- C:\Windows\System\iPpGbqj.exe
  C:\Windows\System\iPpGbqj.exe
  2⤵
  PID:4632
- C:\Windows\System\GFaLHhb.exe
  C:\Windows\System\GFaLHhb.exe
  2⤵
  PID:4648
- C:\Windows\System\bSibCTQ.exe
  C:\Windows\System\bSibCTQ.exe
  2⤵
  PID:4664
- C:\Windows\System\zXhNcwk.exe
  C:\Windows\System\zXhNcwk.exe
  2⤵
  PID:4684
- C:\Windows\System\BnCowWY.exe
  C:\Windows\System\BnCowWY.exe
  2⤵
  PID:4704
- C:\Windows\System\TEbDZOr.exe
  C:\Windows\System\TEbDZOr.exe
  2⤵
  PID:4720
- C:\Windows\System\yQWclCt.exe
  C:\Windows\System\yQWclCt.exe
  2⤵
  PID:4736
- C:\Windows\System\lumifzA.exe
  C:\Windows\System\lumifzA.exe
  2⤵
  PID:4752
- C:\Windows\System\IjUlQuZ.exe
  C:\Windows\System\IjUlQuZ.exe
  2⤵
  PID:4768
- C:\Windows\System\mZhOtnM.exe
  C:\Windows\System\mZhOtnM.exe
  2⤵
  PID:4788
- C:\Windows\System\rThPnyV.exe
  C:\Windows\System\rThPnyV.exe
  2⤵
  PID:4804
- C:\Windows\System\dXTJKEa.exe
  C:\Windows\System\dXTJKEa.exe
  2⤵
  PID:4820
- C:\Windows\System\LYcTDUc.exe
  C:\Windows\System\LYcTDUc.exe
  2⤵
  PID:4852
- C:\Windows\System\Lykpwzj.exe
  C:\Windows\System\Lykpwzj.exe
  2⤵
  PID:4876
- C:\Windows\System\ZonKTJk.exe
  C:\Windows\System\ZonKTJk.exe
  2⤵
  PID:4908
- C:\Windows\System\KwTVgpM.exe
  C:\Windows\System\KwTVgpM.exe
  2⤵
  PID:4924
- C:\Windows\System\ywKAzNi.exe
  C:\Windows\System\ywKAzNi.exe
  2⤵
  PID:4940
- C:\Windows\System\JaBoutU.exe
  C:\Windows\System\JaBoutU.exe
  2⤵
  PID:4968
- C:\Windows\System\kLcuxkM.exe
  C:\Windows\System\kLcuxkM.exe
  2⤵
  PID:4984
- C:\Windows\System\SlKiHrU.exe
  C:\Windows\System\SlKiHrU.exe
  2⤵
  PID:5008
- C:\Windows\System\vyDFnjg.exe
  C:\Windows\System\vyDFnjg.exe
  2⤵
  PID:5024
- C:\Windows\System\FmmSwmd.exe
  C:\Windows\System\FmmSwmd.exe
  2⤵
  PID:5044
- C:\Windows\System\oMxvgKr.exe
  C:\Windows\System\oMxvgKr.exe
  2⤵
  PID:5060
- C:\Windows\System\MtYOIQo.exe
  C:\Windows\System\MtYOIQo.exe
  2⤵
  PID:5080
- C:\Windows\System\wMlmfIJ.exe
  C:\Windows\System\wMlmfIJ.exe
  2⤵
  PID:5096
- C:\Windows\System\SElpWXW.exe
  C:\Windows\System\SElpWXW.exe
  2⤵
  PID:5116
- C:\Windows\System\ICCrrOX.exe
  C:\Windows\System\ICCrrOX.exe
  2⤵
  PID:1560
- C:\Windows\System\pKfOzCA.exe
  C:\Windows\System\pKfOzCA.exe
  2⤵
  PID:3112
- C:\Windows\System\cNoKvlA.exe
  C:\Windows\System\cNoKvlA.exe
  2⤵
  PID:3484
- C:\Windows\System\oclUzlh.exe
  C:\Windows\System\oclUzlh.exe
  2⤵
  PID:2432
- C:\Windows\System\fSkTIQv.exe
  C:\Windows\System\fSkTIQv.exe
  2⤵
  PID:3648
- C:\Windows\System\loDGgww.exe
  C:\Windows\System\loDGgww.exe
  2⤵
  PID:3092
- C:\Windows\System\ufAQeTK.exe
  C:\Windows\System\ufAQeTK.exe
  2⤵
  PID:2284
- C:\Windows\System\GUrFysp.exe
  C:\Windows\System\GUrFysp.exe
  2⤵
  PID:2820
- C:\Windows\System\pWLBxzT.exe
  C:\Windows\System\pWLBxzT.exe
  2⤵
  PID:4124
- C:\Windows\System\JUrpacY.exe
  C:\Windows\System\JUrpacY.exe
  2⤵
  PID:4032
- C:\Windows\System\lMFyAlt.exe
  C:\Windows\System\lMFyAlt.exe
  2⤵
  PID:4136
- C:\Windows\System\FJEWBOT.exe
  C:\Windows\System\FJEWBOT.exe
  2⤵
  PID:4140
- C:\Windows\System\aGiOwVo.exe
  C:\Windows\System\aGiOwVo.exe
  2⤵
  PID:4204
- C:\Windows\System\JeufENt.exe
  C:\Windows\System\JeufENt.exe
  2⤵
  PID:4184
- C:\Windows\System\rxYxJcw.exe
  C:\Windows\System\rxYxJcw.exe
  2⤵
  PID:4224
- C:\Windows\System\ncajmlF.exe
  C:\Windows\System\ncajmlF.exe
  2⤵
  PID:4284
- C:\Windows\System\duySbuB.exe
  C:\Windows\System\duySbuB.exe
  2⤵
  PID:4264
- C:\Windows\System\GlMrwFw.exe
  C:\Windows\System\GlMrwFw.exe
  2⤵
  PID:4400
- C:\Windows\System\yTDTpDS.exe
  C:\Windows\System\yTDTpDS.exe
  2⤵
  PID:4488
- C:\Windows\System\uGcaJDn.exe
  C:\Windows\System\uGcaJDn.exe
  2⤵
  PID:4556
- C:\Windows\System\SfdPdPX.exe
  C:\Windows\System\SfdPdPX.exe
  2⤵
  PID:4332
- C:\Windows\System\mnXvsol.exe
  C:\Windows\System\mnXvsol.exe
  2⤵
  PID:4416
- C:\Windows\System\dIywcXT.exe
  C:\Windows\System\dIywcXT.exe
  2⤵
  PID:4672
- C:\Windows\System\iFEJwvv.exe
  C:\Windows\System\iFEJwvv.exe
  2⤵
  PID:4748
- C:\Windows\System\OFbnMgi.exe
  C:\Windows\System\OFbnMgi.exe
  2⤵
  PID:4460
- C:\Windows\System\GDSVXfv.exe
  C:\Windows\System\GDSVXfv.exe
  2⤵
  PID:2384
- C:\Windows\System\eMOJFGI.exe
  C:\Windows\System\eMOJFGI.exe
  2⤵
  PID:4544
- C:\Windows\System\nTvluks.exe
  C:\Windows\System\nTvluks.exe
  2⤵
  PID:4812
- C:\Windows\System\CVLCyiy.exe
  C:\Windows\System\CVLCyiy.exe
  2⤵
  PID:4616
- C:\Windows\System\qGrZuZR.exe
  C:\Windows\System\qGrZuZR.exe
  2⤵
  PID:4864
- C:\Windows\System\hWypEky.exe
  C:\Windows\System\hWypEky.exe
  2⤵
  PID:4920
- C:\Windows\System\Ymjsbjy.exe
  C:\Windows\System\Ymjsbjy.exe
  2⤵
  PID:4948
- C:\Windows\System\syvQbhj.exe
  C:\Windows\System\syvQbhj.exe
  2⤵
  PID:5004
- C:\Windows\System\RPmCAsh.exe
  C:\Windows\System\RPmCAsh.exe
  2⤵
  PID:4848
- C:\Windows\System\zXUShiN.exe
  C:\Windows\System\zXUShiN.exe
  2⤵
  PID:4796
- C:\Windows\System\rhZiXJr.exe
  C:\Windows\System\rhZiXJr.exe
  2⤵
  PID:4728
- C:\Windows\System\PVcPEyC.exe
  C:\Windows\System\PVcPEyC.exe
  2⤵
  PID:5068
- C:\Windows\System\tGdPQgI.exe
  C:\Windows\System\tGdPQgI.exe
  2⤵
  PID:4896
- C:\Windows\System\MHjjnrU.exe
  C:\Windows\System\MHjjnrU.exe
  2⤵
  PID:5112
- C:\Windows\System\uycNrUr.exe
  C:\Windows\System\uycNrUr.exe
  2⤵
  PID:3580
- C:\Windows\System\yVTpnaU.exe
  C:\Windows\System\yVTpnaU.exe
  2⤵
  PID:5052
- C:\Windows\System\BwdEEwj.exe
  C:\Windows\System\BwdEEwj.exe
  2⤵
  PID:3340
- C:\Windows\System\YvSBKwj.exe
  C:\Windows\System\YvSBKwj.exe
  2⤵
  PID:1520
- C:\Windows\System\lUuXVkP.exe
  C:\Windows\System\lUuXVkP.exe
  2⤵
  PID:4248
- C:\Windows\System\OCquDFJ.exe
  C:\Windows\System\OCquDFJ.exe
  2⤵
  PID:3468
- C:\Windows\System\ihBekLt.exe
  C:\Windows\System\ihBekLt.exe
  2⤵
  PID:4352
- C:\Windows\System\RdiwXjT.exe
  C:\Windows\System\RdiwXjT.exe
  2⤵
  PID:4520
- C:\Windows\System\ZNPzETy.exe
  C:\Windows\System\ZNPzETy.exe
  2⤵
  PID:1268
- C:\Windows\System\GbRUsEx.exe
  C:\Windows\System\GbRUsEx.exe
  2⤵
  PID:4120
- C:\Windows\System\ZWqOYpi.exe
  C:\Windows\System\ZWqOYpi.exe
  2⤵
  PID:4028
- C:\Windows\System\mKaYrjv.exe
  C:\Windows\System\mKaYrjv.exe
  2⤵
  PID:4100
- C:\Windows\System\boIZKFr.exe
  C:\Windows\System\boIZKFr.exe
  2⤵
  PID:4712
- C:\Windows\System\XSSZhfb.exe
  C:\Windows\System\XSSZhfb.exe
  2⤵
  PID:4480
- C:\Windows\System\MozdNZJ.exe
  C:\Windows\System\MozdNZJ.exe
  2⤵
  PID:4260
- C:\Windows\System\UNqfdPz.exe
  C:\Windows\System\UNqfdPz.exe
  2⤵
  PID:4608
- C:\Windows\System\rdOdKrz.exe
  C:\Windows\System\rdOdKrz.exe
  2⤵
  PID:4300
- C:\Windows\System\WMCDPqI.exe
  C:\Windows\System\WMCDPqI.exe
  2⤵
  PID:4700
- C:\Windows\System\CiXapsn.exe
  C:\Windows\System\CiXapsn.exe
  2⤵
  PID:4844
- C:\Windows\System\HLubFOu.exe
  C:\Windows\System\HLubFOu.exe
  2⤵
  PID:4784
- C:\Windows\System\qkkRQLl.exe
  C:\Windows\System\qkkRQLl.exe
  2⤵
  PID:4888
- C:\Windows\System\fSzqpuc.exe
  C:\Windows\System\fSzqpuc.exe
  2⤵
  PID:3488
- C:\Windows\System\EGgUCpL.exe
  C:\Windows\System\EGgUCpL.exe
  2⤵
  PID:4800
- C:\Windows\System\qHawOLR.exe
  C:\Windows\System\qHawOLR.exe
  2⤵
  PID:4692
- C:\Windows\System\WlyZvBe.exe
  C:\Windows\System\WlyZvBe.exe
  2⤵
  PID:4936
- C:\Windows\System\pHrHXAO.exe
  C:\Windows\System\pHrHXAO.exe
  2⤵
  PID:5092
- C:\Windows\System\FekJAQM.exe
  C:\Windows\System\FekJAQM.exe
  2⤵
  PID:3108
- C:\Windows\System\RcqRYmO.exe
  C:\Windows\System\RcqRYmO.exe
  2⤵
  PID:1136
- C:\Windows\System\eNsNRcX.exe
  C:\Windows\System\eNsNRcX.exe
  2⤵
  PID:3880
- C:\Windows\System\DzAPUaa.exe
  C:\Windows\System\DzAPUaa.exe
  2⤵
  PID:4676
- C:\Windows\System\qPRFjXd.exe
  C:\Windows\System\qPRFjXd.exe
  2⤵
  PID:4288
- C:\Windows\System\VvTTxot.exe
  C:\Windows\System\VvTTxot.exe
  2⤵
  PID:4444
- C:\Windows\System\NMGtpTl.exe
  C:\Windows\System\NMGtpTl.exe
  2⤵
  PID:4360
- C:\Windows\System\ogVogFd.exe
  C:\Windows\System\ogVogFd.exe
  2⤵
  PID:4112
- C:\Windows\System\qzzHzTU.exe
  C:\Windows\System\qzzHzTU.exe
  2⤵
  PID:4628
- C:\Windows\System\ceFTUbn.exe
  C:\Windows\System\ceFTUbn.exe
  2⤵
  PID:2936
- C:\Windows\System\hyVtwuE.exe
  C:\Windows\System\hyVtwuE.exe
  2⤵
  PID:3264
- C:\Windows\System\vDEllbb.exe
  C:\Windows\System\vDEllbb.exe
  2⤵
  PID:5152
- C:\Windows\System\AJUSMeW.exe
  C:\Windows\System\AJUSMeW.exe
  2⤵
  PID:5168
- C:\Windows\System\cUnosTj.exe
  C:\Windows\System\cUnosTj.exe
  2⤵
  PID:5192
- C:\Windows\System\OhMLFXZ.exe
  C:\Windows\System\OhMLFXZ.exe
  2⤵
  PID:5208
- C:\Windows\System\mixSWcF.exe
  C:\Windows\System\mixSWcF.exe
  2⤵
  PID:5224
- C:\Windows\System\nviNpBP.exe
  C:\Windows\System\nviNpBP.exe
  2⤵
  PID:5244
- C:\Windows\System\XNAreDe.exe
  C:\Windows\System\XNAreDe.exe
  2⤵
  PID:5264
- C:\Windows\System\XOIucQN.exe
  C:\Windows\System\XOIucQN.exe
  2⤵
  PID:5288
- C:\Windows\System\ziMykPk.exe
  C:\Windows\System\ziMykPk.exe
  2⤵
  PID:5304
- C:\Windows\System\AKPYfbd.exe
  C:\Windows\System\AKPYfbd.exe
  2⤵
  PID:5348
- C:\Windows\System\kcYJZRL.exe
  C:\Windows\System\kcYJZRL.exe
  2⤵
  PID:5368
- C:\Windows\System\GkIQHFZ.exe
  C:\Windows\System\GkIQHFZ.exe
  2⤵
  PID:5384
- C:\Windows\System\VpWuoVo.exe
  C:\Windows\System\VpWuoVo.exe
  2⤵
  PID:5408
- C:\Windows\System\WubpJKz.exe
  C:\Windows\System\WubpJKz.exe
  2⤵
  PID:5424
- C:\Windows\System\TqCXFMn.exe
  C:\Windows\System\TqCXFMn.exe
  2⤵
  PID:5448
- C:\Windows\System\mVdqGqE.exe
  C:\Windows\System\mVdqGqE.exe
  2⤵
  PID:5464
- C:\Windows\System\gDXXpCh.exe
  C:\Windows\System\gDXXpCh.exe
  2⤵
  PID:5492
- C:\Windows\System\knXijkl.exe
  C:\Windows\System\knXijkl.exe
  2⤵
  PID:5516
- C:\Windows\System\mnbvrdb.exe
  C:\Windows\System\mnbvrdb.exe
  2⤵
  PID:5532
- C:\Windows\System\cVsDdDa.exe
  C:\Windows\System\cVsDdDa.exe
  2⤵
  PID:5552
- C:\Windows\System\YTLDwFa.exe
  C:\Windows\System\YTLDwFa.exe
  2⤵
  PID:5572
- C:\Windows\System\GehXzOE.exe
  C:\Windows\System\GehXzOE.exe
  2⤵
  PID:5596
- C:\Windows\System\euhAOos.exe
  C:\Windows\System\euhAOos.exe
  2⤵
  PID:5616
- C:\Windows\System\ptCsiOX.exe
  C:\Windows\System\ptCsiOX.exe
  2⤵
  PID:5636
- C:\Windows\System\GEjeMxW.exe
  C:\Windows\System\GEjeMxW.exe
  2⤵
  PID:5656
- C:\Windows\System\XPzjspA.exe
  C:\Windows\System\XPzjspA.exe
  2⤵
  PID:5672
- C:\Windows\System\VTYUQtG.exe
  C:\Windows\System\VTYUQtG.exe
  2⤵
  PID:5692
- C:\Windows\System\aCWWIbC.exe
  C:\Windows\System\aCWWIbC.exe
  2⤵
  PID:5708
- C:\Windows\System\TxydbXQ.exe
  C:\Windows\System\TxydbXQ.exe
  2⤵
  PID:5732
- C:\Windows\System\dYRKKdw.exe
  C:\Windows\System\dYRKKdw.exe
  2⤵
  PID:5756
- C:\Windows\System\QYLnYeX.exe
  C:\Windows\System\QYLnYeX.exe
  2⤵
  PID:5772
- C:\Windows\System\IWWNVWg.exe
  C:\Windows\System\IWWNVWg.exe
  2⤵
  PID:5792
- C:\Windows\System\lduLnkz.exe
  C:\Windows\System\lduLnkz.exe
  2⤵
  PID:5812
- C:\Windows\System\MJnLoKd.exe
  C:\Windows\System\MJnLoKd.exe
  2⤵
  PID:5832
- C:\Windows\System\SJZOTIk.exe
  C:\Windows\System\SJZOTIk.exe
  2⤵
  PID:5852
- C:\Windows\System\MvJDPni.exe
  C:\Windows\System\MvJDPni.exe
  2⤵
  PID:5868
- C:\Windows\System\SXXTLYR.exe
  C:\Windows\System\SXXTLYR.exe
  2⤵
  PID:5884
- C:\Windows\System\YkKWTqT.exe
  C:\Windows\System\YkKWTqT.exe
  2⤵
  PID:5900
- C:\Windows\System\FIZmMcv.exe
  C:\Windows\System\FIZmMcv.exe
  2⤵
  PID:5916
- C:\Windows\System\FKRunFG.exe
  C:\Windows\System\FKRunFG.exe
  2⤵
  PID:5932
- C:\Windows\System\nOssRMN.exe
  C:\Windows\System\nOssRMN.exe
  2⤵
  PID:5948
- C:\Windows\System\fJYCprH.exe
  C:\Windows\System\fJYCprH.exe
  2⤵
  PID:5968
- C:\Windows\System\kNNOFmq.exe
  C:\Windows\System\kNNOFmq.exe
  2⤵
  PID:5996
- C:\Windows\System\VcwunZc.exe
  C:\Windows\System\VcwunZc.exe
  2⤵
  PID:6012
- C:\Windows\System\iXDLVWH.exe
  C:\Windows\System\iXDLVWH.exe
  2⤵
  PID:6028
- C:\Windows\System\CWtZMtn.exe
  C:\Windows\System\CWtZMtn.exe
  2⤵
  PID:6044
- C:\Windows\System\ozyeKEo.exe
  C:\Windows\System\ozyeKEo.exe
  2⤵
  PID:6060
- C:\Windows\System\LnlVYJx.exe
  C:\Windows\System\LnlVYJx.exe
  2⤵
  PID:6088
- C:\Windows\System\CLphPmq.exe
  C:\Windows\System\CLphPmq.exe
  2⤵
  PID:6108
- C:\Windows\System\MGewKaC.exe
  C:\Windows\System\MGewKaC.exe
  2⤵
  PID:6124
- C:\Windows\System\oNwNVaT.exe
  C:\Windows\System\oNwNVaT.exe
  2⤵
  PID:6140
- C:\Windows\System\KpDIuXs.exe
  C:\Windows\System\KpDIuXs.exe
  2⤵
  PID:4956
- C:\Windows\System\EwuUPWt.exe
  C:\Windows\System\EwuUPWt.exe
  2⤵
  PID:4960
- C:\Windows\System\YgWXhiW.exe
  C:\Windows\System\YgWXhiW.exe
  2⤵
  PID:3884
- C:\Windows\System\PLyipBh.exe
  C:\Windows\System\PLyipBh.exe
  2⤵
  PID:4780
- C:\Windows\System\cohjtlk.exe
  C:\Windows\System\cohjtlk.exe
  2⤵
  PID:4860
- C:\Windows\System\vgrmVAc.exe
  C:\Windows\System\vgrmVAc.exe
  2⤵
  PID:5076
- C:\Windows\System\EKQqZUX.exe
  C:\Windows\System\EKQqZUX.exe
  2⤵
  PID:2424
- C:\Windows\System\HqnWJWv.exe
  C:\Windows\System\HqnWJWv.exe
  2⤵
  PID:5204
- C:\Windows\System\OjWgRvP.exe
  C:\Windows\System\OjWgRvP.exe
  2⤵
  PID:4976
- C:\Windows\System\KaVRRhD.exe
  C:\Windows\System\KaVRRhD.exe
  2⤵
  PID:5016
- C:\Windows\System\HQnReaX.exe
  C:\Windows\System\HQnReaX.exe
  2⤵
  PID:5240
- C:\Windows\System\NprWvMk.exe
  C:\Windows\System\NprWvMk.exe
  2⤵
  PID:5276
- C:\Windows\System\fIoFjEZ.exe
  C:\Windows\System\fIoFjEZ.exe
  2⤵
  PID:5136
- C:\Windows\System\IimJvfd.exe
  C:\Windows\System\IimJvfd.exe
  2⤵
  PID:5184
- C:\Windows\System\NdFOneq.exe
  C:\Windows\System\NdFOneq.exe
  2⤵
  PID:5312
- C:\Windows\System\kyxGRmN.exe
  C:\Windows\System\kyxGRmN.exe
  2⤵
  PID:5332
- C:\Windows\System\wkqjpOi.exe
  C:\Windows\System\wkqjpOi.exe
  2⤵
  PID:5220
- C:\Windows\System\ZjCDNVZ.exe
  C:\Windows\System\ZjCDNVZ.exe
  2⤵
  PID:5128
- C:\Windows\System\rwvwzSL.exe
  C:\Windows\System\rwvwzSL.exe
  2⤵
  PID:3796
- C:\Windows\System\pQnEJqd.exe
  C:\Windows\System\pQnEJqd.exe
  2⤵
  PID:5344
- C:\Windows\System\tfXMKkj.exe
  C:\Windows\System\tfXMKkj.exe
  2⤵
  PID:904
- C:\Windows\System\fDuERvX.exe
  C:\Windows\System\fDuERvX.exe
  2⤵
  PID:2708
- C:\Windows\System\AhCmUFs.exe
  C:\Windows\System\AhCmUFs.exe
  2⤵
  PID:5400
- C:\Windows\System\yACRUMe.exe
  C:\Windows\System\yACRUMe.exe
  2⤵
  PID:5440
- C:\Windows\System\xBcrvsx.exe
  C:\Windows\System\xBcrvsx.exe
  2⤵
  PID:5436
- C:\Windows\System\hdwircS.exe
  C:\Windows\System\hdwircS.exe
  2⤵
  PID:5540
- C:\Windows\System\hLIDZmF.exe
  C:\Windows\System\hLIDZmF.exe
  2⤵
  PID:5528
- C:\Windows\System\BCzjAuj.exe
  C:\Windows\System\BCzjAuj.exe
  2⤵
  PID:5588
- C:\Windows\System\VYFlWmE.exe
  C:\Windows\System\VYFlWmE.exe
  2⤵
  PID:5632
- C:\Windows\System\cizceCH.exe
  C:\Windows\System\cizceCH.exe
  2⤵
  PID:5700
- C:\Windows\System\kkkdXeg.exe
  C:\Windows\System\kkkdXeg.exe
  2⤵
  PID:5752
- C:\Windows\System\TSRUPeO.exe
  C:\Windows\System\TSRUPeO.exe
  2⤵
  PID:5828
- C:\Windows\System\XWtzpsF.exe
  C:\Windows\System\XWtzpsF.exe
  2⤵
  PID:5892
- C:\Windows\System\thsnnEu.exe
  C:\Windows\System\thsnnEu.exe
  2⤵
  PID:5964
- C:\Windows\System\GQpfXwF.exe
  C:\Windows\System\GQpfXwF.exe
  2⤵
  PID:6036
- C:\Windows\System\LfhYigK.exe
  C:\Windows\System\LfhYigK.exe
  2⤵
  PID:5680
- C:\Windows\System\cSgzoHf.exe
  C:\Windows\System\cSgzoHf.exe
  2⤵
  PID:6072
- C:\Windows\System\xejmCCs.exe
  C:\Windows\System\xejmCCs.exe
  2⤵
  PID:6116
- C:\Windows\System\uUHtERX.exe
  C:\Windows\System\uUHtERX.exe
  2⤵
  PID:4916
- C:\Windows\System\xJGEyzL.exe
  C:\Windows\System\xJGEyzL.exe
  2⤵
  PID:5728
- C:\Windows\System\NsEfGHj.exe
  C:\Windows\System\NsEfGHj.exe
  2⤵
  PID:5764
- C:\Windows\System\caDGqTI.exe
  C:\Windows\System\caDGqTI.exe
  2⤵
  PID:5848
- C:\Windows\System\pjRUZTM.exe
  C:\Windows\System\pjRUZTM.exe
  2⤵
  PID:5984
- C:\Windows\System\OhyCYmL.exe
  C:\Windows\System\OhyCYmL.exe
  2⤵
  PID:4468
- C:\Windows\System\FQUVPmd.exe
  C:\Windows\System\FQUVPmd.exe
  2⤵
  PID:5912
- C:\Windows\System\AkmcnUc.exe
  C:\Windows\System\AkmcnUc.exe
  2⤵
  PID:2712
- C:\Windows\System\EFnDfDp.exe
  C:\Windows\System\EFnDfDp.exe
  2⤵
  PID:5040
- C:\Windows\System\BEjkhZq.exe
  C:\Windows\System\BEjkhZq.exe
  2⤵
  PID:2956
- C:\Windows\System\aYbPwDd.exe
  C:\Windows\System\aYbPwDd.exe
  2⤵
  PID:4304
- C:\Windows\System\YofbRmN.exe
  C:\Windows\System\YofbRmN.exe
  2⤵
  PID:6056
- C:\Windows\System\KgNaUzH.exe
  C:\Windows\System\KgNaUzH.exe
  2⤵
  PID:5980
- C:\Windows\System\CITbPMK.exe
  C:\Windows\System\CITbPMK.exe
  2⤵
  PID:3068
- C:\Windows\System\rJtlPAG.exe
  C:\Windows\System\rJtlPAG.exe
  2⤵
  PID:4280
- C:\Windows\System\yVKaCPF.exe
  C:\Windows\System\yVKaCPF.exe
  2⤵
  PID:4356
- C:\Windows\System\LCMtUkF.exe
  C:\Windows\System\LCMtUkF.exe
  2⤵
  PID:2380
- C:\Windows\System\QEVgKdL.exe
  C:\Windows\System\QEVgKdL.exe
  2⤵
  PID:5420
- C:\Windows\System\NoSHawI.exe
  C:\Windows\System\NoSHawI.exe
  2⤵
  PID:2764
- C:\Windows\System\fRenaEL.exe
  C:\Windows\System\fRenaEL.exe
  2⤵
  PID:2460
- C:\Windows\System\tNKoIXa.exe
  C:\Windows\System\tNKoIXa.exe
  2⤵
  PID:5284
- C:\Windows\System\DZFPKxW.exe
  C:\Windows\System\DZFPKxW.exe
  2⤵
  PID:5472
- C:\Windows\System\dygnvDJ.exe
  C:\Windows\System\dygnvDJ.exe
  2⤵
  PID:5488
- C:\Windows\System\lmLkOTv.exe
  C:\Windows\System\lmLkOTv.exe
  2⤵
  PID:2920
- C:\Windows\System\SsnFqNa.exe
  C:\Windows\System\SsnFqNa.exe
  2⤵
  PID:5748
- C:\Windows\System\MCRCGeX.exe
  C:\Windows\System\MCRCGeX.exe
  2⤵
  PID:2916
- C:\Windows\System\ETozCOj.exe
  C:\Windows\System\ETozCOj.exe
  2⤵
  PID:2808
- C:\Windows\System\EKbrjSY.exe
  C:\Windows\System\EKbrjSY.exe
  2⤵
  PID:6068
- C:\Windows\System\ZNHlAJa.exe
  C:\Windows\System\ZNHlAJa.exe
  2⤵
  PID:5404
- C:\Windows\System\WgBlRCE.exe
  C:\Windows\System\WgBlRCE.exe
  2⤵
  PID:1648
- C:\Windows\System\QntYpYy.exe
  C:\Windows\System\QntYpYy.exe
  2⤵
  PID:5336
- C:\Windows\System\tSKlHbr.exe
  C:\Windows\System\tSKlHbr.exe
  2⤵
  PID:5320
- C:\Windows\System\IypNajZ.exe
  C:\Windows\System\IypNajZ.exe
  2⤵
  PID:5512
- C:\Windows\System\VXHYOse.exe
  C:\Windows\System\VXHYOse.exe
  2⤵
  PID:5876
- C:\Windows\System\KYSiprT.exe
  C:\Windows\System\KYSiprT.exe
  2⤵
  PID:5820
- C:\Windows\System\IFEriZd.exe
  C:\Windows\System\IFEriZd.exe
  2⤵
  PID:5960
- C:\Windows\System\yIEjpHb.exe
  C:\Windows\System\yIEjpHb.exe
  2⤵
  PID:2480
- C:\Windows\System\TZPPdLq.exe
  C:\Windows\System\TZPPdLq.exe
  2⤵
  PID:5036
- C:\Windows\System\tSKDVlK.exe
  C:\Windows\System\tSKDVlK.exe
  2⤵
  PID:5104
- C:\Windows\System\UQtfCzI.exe
  C:\Windows\System\UQtfCzI.exe
  2⤵
  PID:5644
- C:\Windows\System\nmIgGlP.exe
  C:\Windows\System\nmIgGlP.exe
  2⤵
  PID:4660
- C:\Windows\System\fuoATux.exe
  C:\Windows\System\fuoATux.exe
  2⤵
  PID:2088
- C:\Windows\System\mOYTmVi.exe
  C:\Windows\System\mOYTmVi.exe
  2⤵
  PID:5380
- C:\Windows\System\xoSvXNe.exe
  C:\Windows\System\xoSvXNe.exe
  2⤵
  PID:5280
- C:\Windows\System\LgpFyYW.exe
  C:\Windows\System\LgpFyYW.exe
  2⤵
  PID:5544
- C:\Windows\System\EQnfMLV.exe
  C:\Windows\System\EQnfMLV.exe
  2⤵
  PID:6008
- C:\Windows\System\UMEkgOt.exe
  C:\Windows\System\UMEkgOt.exe
  2⤵
  PID:5844
- C:\Windows\System\qMtiiww.exe
  C:\Windows\System\qMtiiww.exe
  2⤵
  PID:5500
- C:\Windows\System\xBzeRdM.exe
  C:\Windows\System\xBzeRdM.exe
  2⤵
  PID:2716
- C:\Windows\System\PNfuDca.exe
  C:\Windows\System\PNfuDca.exe
  2⤵
  PID:5252
- C:\Windows\System\DlAKwTA.exe
  C:\Windows\System\DlAKwTA.exe
  2⤵
  PID:5232
- C:\Windows\System\jrMjKiA.exe
  C:\Windows\System\jrMjKiA.exe
  2⤵
  PID:5688
- C:\Windows\System\czZqKqY.exe
  C:\Windows\System\czZqKqY.exe
  2⤵
  PID:5324
- C:\Windows\System\wuXpSRH.exe
  C:\Windows\System\wuXpSRH.exe
  2⤵
  PID:2660
- C:\Windows\System\WMzOIVg.exe
  C:\Windows\System\WMzOIVg.exe
  2⤵
  PID:5940
- C:\Windows\System\YpUpPXn.exe
  C:\Windows\System\YpUpPXn.exe
  2⤵
  PID:1200
- C:\Windows\System\sODZDyk.exe
  C:\Windows\System\sODZDyk.exe
  2⤵
  PID:2596
- C:\Windows\System\fQuxUEX.exe
  C:\Windows\System\fQuxUEX.exe
  2⤵
  PID:6104
- C:\Windows\System\FCSNlRG.exe
  C:\Windows\System\FCSNlRG.exe
  2⤵
  PID:4208
- C:\Windows\System\cQgUmtd.exe
  C:\Windows\System\cQgUmtd.exe
  2⤵
  PID:4612
- C:\Windows\System\NIcrcfd.exe
  C:\Windows\System\NIcrcfd.exe
  2⤵
  PID:5720
- C:\Windows\System\onCteDt.exe
  C:\Windows\System\onCteDt.exe
  2⤵
  PID:5956
- C:\Windows\System\IPkRZWX.exe
  C:\Windows\System\IPkRZWX.exe
  2⤵
  PID:3144
- C:\Windows\System\fGOEJrt.exe
  C:\Windows\System\fGOEJrt.exe
  2⤵
  PID:5768
- C:\Windows\System\qSKAGsf.exe
  C:\Windows\System\qSKAGsf.exe
  2⤵
  PID:6156
- C:\Windows\System\YZkESGW.exe
  C:\Windows\System\YZkESGW.exe
  2⤵
  PID:6172
- C:\Windows\System\axijOvC.exe
  C:\Windows\System\axijOvC.exe
  2⤵
  PID:6188
- C:\Windows\System\rTvZNCM.exe
  C:\Windows\System\rTvZNCM.exe
  2⤵
  PID:6204
- C:\Windows\System\MkGShlR.exe
  C:\Windows\System\MkGShlR.exe
  2⤵
  PID:6220
- C:\Windows\System\QoXjgcj.exe
  C:\Windows\System\QoXjgcj.exe
  2⤵
  PID:6236
- C:\Windows\System\aCNaEIG.exe
  C:\Windows\System\aCNaEIG.exe
  2⤵
  PID:6252
- C:\Windows\System\tteBBMm.exe
  C:\Windows\System\tteBBMm.exe
  2⤵
  PID:6276
- C:\Windows\System\IihnZPK.exe
  C:\Windows\System\IihnZPK.exe
  2⤵
  PID:6292
- C:\Windows\System\siGCrrH.exe
  C:\Windows\System\siGCrrH.exe
  2⤵
  PID:6412
- C:\Windows\System\DHdjVZl.exe
  C:\Windows\System\DHdjVZl.exe
  2⤵
  PID:6428
- C:\Windows\System\iWKtjzy.exe
  C:\Windows\System\iWKtjzy.exe
  2⤵
  PID:6444
- C:\Windows\System\XbpaJdl.exe
  C:\Windows\System\XbpaJdl.exe
  2⤵
  PID:6460
- C:\Windows\System\skLwFDC.exe
  C:\Windows\System\skLwFDC.exe
  2⤵
  PID:6480
- C:\Windows\System\fwrZKCu.exe
  C:\Windows\System\fwrZKCu.exe
  2⤵
  PID:6496
- C:\Windows\System\NbJkIWP.exe
  C:\Windows\System\NbJkIWP.exe
  2⤵
  PID:6512
- C:\Windows\System\RhGWncP.exe
  C:\Windows\System\RhGWncP.exe
  2⤵
  PID:6528
- C:\Windows\System\rVdeHJO.exe
  C:\Windows\System\rVdeHJO.exe
  2⤵
  PID:6544
- C:\Windows\System\Zkcvtoh.exe
  C:\Windows\System\Zkcvtoh.exe
  2⤵
  PID:6564
- C:\Windows\System\FhDCOJX.exe
  C:\Windows\System\FhDCOJX.exe
  2⤵
  PID:6684
- C:\Windows\System\zmnGeaL.exe
  C:\Windows\System\zmnGeaL.exe
  2⤵
  PID:6700
- C:\Windows\System\TLOiOYU.exe
  C:\Windows\System\TLOiOYU.exe
  2⤵
  PID:6728
- C:\Windows\System\JqhaZPJ.exe
  C:\Windows\System\JqhaZPJ.exe
  2⤵
  PID:6748
- C:\Windows\System\iwpLGce.exe
  C:\Windows\System\iwpLGce.exe
  2⤵
  PID:6764
- C:\Windows\System\dadtlCO.exe
  C:\Windows\System\dadtlCO.exe
  2⤵
  PID:6784
- C:\Windows\System\ndPTnSC.exe
  C:\Windows\System\ndPTnSC.exe
  2⤵
  PID:6804
- C:\Windows\System\qUKBHle.exe
  C:\Windows\System\qUKBHle.exe
  2⤵
  PID:6820
- C:\Windows\System\BlqLFlM.exe
  C:\Windows\System\BlqLFlM.exe
  2⤵
  PID:6836
- C:\Windows\System\WppXDIp.exe
  C:\Windows\System\WppXDIp.exe
  2⤵
  PID:6856
- C:\Windows\System\CFFRkby.exe
  C:\Windows\System\CFFRkby.exe
  2⤵
  PID:6876
- C:\Windows\System\xzKCAaA.exe
  C:\Windows\System\xzKCAaA.exe
  2⤵
  PID:6896
- C:\Windows\System\SXGILmV.exe
  C:\Windows\System\SXGILmV.exe
  2⤵
  PID:6912
- C:\Windows\System\RaJdylD.exe
  C:\Windows\System\RaJdylD.exe
  2⤵
  PID:6932
- C:\Windows\System\hrreAsA.exe
  C:\Windows\System\hrreAsA.exe
  2⤵
  PID:6948
- C:\Windows\System\OpiMLcN.exe
  C:\Windows\System\OpiMLcN.exe
  2⤵
  PID:6968
- C:\Windows\System\TlYjyGr.exe
  C:\Windows\System\TlYjyGr.exe
  2⤵
  PID:6988
- C:\Windows\System\FLMoSTy.exe
  C:\Windows\System\FLMoSTy.exe
  2⤵
  PID:7008
- C:\Windows\System\KtCpqFc.exe
  C:\Windows\System\KtCpqFc.exe
  2⤵
  PID:7024
- C:\Windows\System\NBlDVVn.exe
  C:\Windows\System\NBlDVVn.exe
  2⤵
  PID:7040
- C:\Windows\System\rwjqnPm.exe
  C:\Windows\System\rwjqnPm.exe
  2⤵
  PID:7056
- C:\Windows\System\WrFswOz.exe
  C:\Windows\System\WrFswOz.exe
  2⤵
  PID:7084
- C:\Windows\System\pdiiOmj.exe
  C:\Windows\System\pdiiOmj.exe
  2⤵
  PID:7100
- C:\Windows\System\SnniFwT.exe
  C:\Windows\System\SnniFwT.exe
  2⤵
  PID:7116
- C:\Windows\System\PyjQYIq.exe
  C:\Windows\System\PyjQYIq.exe
  2⤵
  PID:7132
- C:\Windows\System\GuuriXH.exe
  C:\Windows\System\GuuriXH.exe
  2⤵
  PID:7148
- C:\Windows\System\dkuTWHt.exe
  C:\Windows\System\dkuTWHt.exe
  2⤵
  PID:7164
- C:\Windows\System\cGXBkHq.exe
  C:\Windows\System\cGXBkHq.exe
  2⤵
  PID:6096
- C:\Windows\System\QnbodyT.exe
  C:\Windows\System\QnbodyT.exe
  2⤵
  PID:4536
- C:\Windows\System\XtyMJgo.exe
  C:\Windows\System\XtyMJgo.exe
  2⤵
  PID:4964
- C:\Windows\System\HWdhzwk.exe
  C:\Windows\System\HWdhzwk.exe
  2⤵
  PID:2032
- C:\Windows\System\EwQAOzA.exe
  C:\Windows\System\EwQAOzA.exe
  2⤵
  PID:6180
- C:\Windows\System\dcSzAiy.exe
  C:\Windows\System\dcSzAiy.exe
  2⤵
  PID:2872
- C:\Windows\System\FZLkErK.exe
  C:\Windows\System\FZLkErK.exe
  2⤵
  PID:2892
- C:\Windows\System\wGVdLkP.exe
  C:\Windows\System\wGVdLkP.exe
  2⤵
  PID:6136
- C:\Windows\System\BYLoiyk.exe
  C:\Windows\System\BYLoiyk.exe
  2⤵
  PID:5476
- C:\Windows\System\TKYdeFt.exe
  C:\Windows\System\TKYdeFt.exe
  2⤵
  PID:6196
- C:\Windows\System\VYBjZJH.exe
  C:\Windows\System\VYBjZJH.exe
  2⤵
  PID:6260
- C:\Windows\System\CNEBLDD.exe
  C:\Windows\System\CNEBLDD.exe
  2⤵
  PID:2500
- C:\Windows\System\jAbUrbF.exe
  C:\Windows\System\jAbUrbF.exe
  2⤵
  PID:5584
- C:\Windows\System\HrmUkdw.exe
  C:\Windows\System\HrmUkdw.exe
  2⤵
  PID:5340
- C:\Windows\System\EDkKiPa.exe
  C:\Windows\System\EDkKiPa.exe
  2⤵
  PID:3860
- C:\Windows\System\rxSYwRw.exe
  C:\Windows\System\rxSYwRw.exe
  2⤵
  PID:6396
- C:\Windows\System\CtbThzL.exe
  C:\Windows\System\CtbThzL.exe
  2⤵
  PID:6452
- C:\Windows\System\QEWbVYX.exe
  C:\Windows\System\QEWbVYX.exe
  2⤵
  PID:6520
- C:\Windows\System\bxmRcyf.exe
  C:\Windows\System\bxmRcyf.exe
  2⤵
  PID:6304
- C:\Windows\System\SEmorRP.exe
  C:\Windows\System\SEmorRP.exe
  2⤵
  PID:6328
- C:\Windows\System\TUALiwP.exe
  C:\Windows\System\TUALiwP.exe
  2⤵
  PID:6356
- C:\Windows\System\nRwuybg.exe
  C:\Windows\System\nRwuybg.exe
  2⤵
  PID:6372
- C:\Windows\System\vMSnOwd.exe
  C:\Windows\System\vMSnOwd.exe
  2⤵
  PID:6392
- C:\Windows\System\wWXeXhv.exe
  C:\Windows\System\wWXeXhv.exe
  2⤵
  PID:6472
- C:\Windows\System\cajsldr.exe
  C:\Windows\System\cajsldr.exe
  2⤵
  PID:6536
- C:\Windows\System\mZjlctD.exe
  C:\Windows\System\mZjlctD.exe
  2⤵
  PID:6580
- C:\Windows\System\qMNmmaf.exe
  C:\Windows\System\qMNmmaf.exe
  2⤵
  PID:6604
- C:\Windows\System\WyNvjKi.exe
  C:\Windows\System\WyNvjKi.exe
  2⤵
  PID:6620
- C:\Windows\System\DZIawHQ.exe
  C:\Windows\System\DZIawHQ.exe
  2⤵
  PID:6632
- C:\Windows\System\mYahDfq.exe
  C:\Windows\System\mYahDfq.exe
  2⤵
  PID:6656
- C:\Windows\System\PNNBUAN.exe
  C:\Windows\System\PNNBUAN.exe
  2⤵
  PID:6672
- C:\Windows\System\rEpQSUm.exe
  C:\Windows\System\rEpQSUm.exe
  2⤵
  PID:6744
- C:\Windows\System\EMXPgCW.exe
  C:\Windows\System\EMXPgCW.exe
  2⤵
  PID:6676
- C:\Windows\System\zLkVQWD.exe
  C:\Windows\System\zLkVQWD.exe
  2⤵
  PID:6716
- C:\Windows\System\TfaQkyN.exe
  C:\Windows\System\TfaQkyN.exe
  2⤵
  PID:6760
- C:\Windows\System\NFJfaqQ.exe
  C:\Windows\System\NFJfaqQ.exe
  2⤵
  PID:6864
- C:\Windows\System\Eaifeot.exe
  C:\Windows\System\Eaifeot.exe
  2⤵
  PID:6960
- C:\Windows\System\EpCeyBU.exe
  C:\Windows\System\EpCeyBU.exe
  2⤵
  PID:7076
- C:\Windows\System\vlBQAZi.exe
  C:\Windows\System\vlBQAZi.exe
  2⤵
  PID:7112
- C:\Windows\System\sKtSYiu.exe
  C:\Windows\System\sKtSYiu.exe
  2⤵
  PID:7016
- C:\Windows\System\KCkTLea.exe
  C:\Windows\System\KCkTLea.exe
  2⤵
  PID:7144
- C:\Windows\System\SQMVrqX.exe
  C:\Windows\System\SQMVrqX.exe
  2⤵
  PID:7092
- C:\Windows\System\JQOBnTF.exe
  C:\Windows\System\JQOBnTF.exe
  2⤵
  PID:7156
- C:\Windows\System\ePxnSvS.exe
  C:\Windows\System\ePxnSvS.exe
  2⤵
  PID:6828
- C:\Windows\System\HoTIZdO.exe
  C:\Windows\System\HoTIZdO.exe
  2⤵
  PID:6980
- C:\Windows\System\bBnlOOL.exe
  C:\Windows\System\bBnlOOL.exe
  2⤵
  PID:5148
- C:\Windows\System\ODWsIwd.exe
  C:\Windows\System\ODWsIwd.exe
  2⤵
  PID:6212
- C:\Windows\System\nrYLGlN.exe
  C:\Windows\System\nrYLGlN.exe
  2⤵
  PID:5864
- C:\Windows\System\zzCdWPi.exe
  C:\Windows\System\zzCdWPi.exe
  2⤵
  PID:2620
- C:\Windows\System\zjyiTWY.exe
  C:\Windows\System\zjyiTWY.exe
  2⤵
  PID:6324
- C:\Windows\System\uvmbhix.exe
  C:\Windows\System\uvmbhix.exe
  2⤵
  PID:2600
- C:\Windows\System\pZnXrXs.exe
  C:\Windows\System\pZnXrXs.exe
  2⤵
  PID:6148
- C:\Windows\System\EDviWxN.exe
  C:\Windows\System\EDviWxN.exe
  2⤵
  PID:6508
- C:\Windows\System\jVHxZvF.exe
  C:\Windows\System\jVHxZvF.exe
  2⤵
  PID:2672
- C:\Windows\System\KkVtXQS.exe
  C:\Windows\System\KkVtXQS.exe
  2⤵
  PID:6300
- C:\Windows\System\SmqYeNv.exe
  C:\Windows\System\SmqYeNv.exe
  2⤵
  PID:6348
- C:\Windows\System\ORrdZAc.exe
  C:\Windows\System\ORrdZAc.exe
  2⤵
  PID:6388
- C:\Windows\System\RzFUEtN.exe
  C:\Windows\System\RzFUEtN.exe
  2⤵
  PID:6592
- C:\Windows\System\ThgxJik.exe
  C:\Windows\System\ThgxJik.exe
  2⤵
  PID:6724
- C:\Windows\System\SvFTmbT.exe
  C:\Windows\System\SvFTmbT.exe
  2⤵
  PID:6920
- C:\Windows\System\WiZWkof.exe
  C:\Windows\System\WiZWkof.exe
  2⤵
  PID:6872
- C:\Windows\System\JlbWIpW.exe
  C:\Windows\System\JlbWIpW.exe
  2⤵
  PID:6940
- C:\Windows\System\MbcAvGm.exe
  C:\Windows\System\MbcAvGm.exe
  2⤵
  PID:6560
- C:\Windows\System\CxcdXJV.exe
  C:\Windows\System\CxcdXJV.exe
  2⤵
  PID:6572
- C:\Windows\System\aEIUkfJ.exe
  C:\Windows\System\aEIUkfJ.exe
  2⤵
  PID:6164
- C:\Windows\System\tomBpUA.exe
  C:\Windows\System\tomBpUA.exe
  2⤵
  PID:6268
- C:\Windows\System\WDfrsxE.exe
  C:\Windows\System\WDfrsxE.exe
  2⤵
  PID:6248
- C:\Windows\System\TxvVhZJ.exe
  C:\Windows\System\TxvVhZJ.exe
  2⤵
  PID:6288
- C:\Windows\System\AGAWWof.exe
  C:\Windows\System\AGAWWof.exe
  2⤵
  PID:5992
- C:\Windows\System\lLSYcpM.exe
  C:\Windows\System\lLSYcpM.exe
  2⤵
  PID:6424
- C:\Windows\System\GyUujsL.exe
  C:\Windows\System\GyUujsL.exe
  2⤵
  PID:6796
- C:\Windows\System\CXheDNs.exe
  C:\Windows\System\CXheDNs.exe
  2⤵
  PID:6600
- C:\Windows\System\UlJEDKt.exe
  C:\Windows\System\UlJEDKt.exe
  2⤵
  PID:6772
- C:\Windows\System\luZFhUR.exe
  C:\Windows\System\luZFhUR.exe
  2⤵
  PID:1668
- C:\Windows\System\gTUvXbP.exe
  C:\Windows\System\gTUvXbP.exe
  2⤵
  PID:6792
- C:\Windows\System\MoKtWiM.exe
  C:\Windows\System\MoKtWiM.exe
  2⤵
  PID:5724
- C:\Windows\System\HNFVFdb.exe
  C:\Windows\System\HNFVFdb.exe
  2⤵
  PID:6652
- C:\Windows\System\cbrgJMg.exe
  C:\Windows\System\cbrgJMg.exe
  2⤵
  PID:6776
- C:\Windows\System\ShQpGzK.exe
  C:\Windows\System\ShQpGzK.exe
  2⤵
  PID:6996
- C:\Windows\System\DnrFOFH.exe
  C:\Windows\System\DnrFOFH.exe
  2⤵
  PID:7032
- C:\Windows\System\dQAMlDz.exe
  C:\Windows\System\dQAMlDz.exe
  2⤵
  PID:7068
- C:\Windows\System\oxeBOTs.exe
  C:\Windows\System\oxeBOTs.exe
  2⤵
  PID:5484
- C:\Windows\System\CkhwBWT.exe
  C:\Windows\System\CkhwBWT.exe
  2⤵
  PID:6320
- C:\Windows\System\rewngeS.exe
  C:\Windows\System\rewngeS.exe
  2⤵
  PID:6232
- C:\Windows\System\semrgOL.exe
  C:\Windows\System\semrgOL.exe
  2⤵
  PID:6364
- C:\Windows\System\AIEwXuI.exe
  C:\Windows\System\AIEwXuI.exe
  2⤵
  PID:6848
- C:\Windows\System\sLzEZsS.exe
  C:\Windows\System\sLzEZsS.exe
  2⤵
  PID:5480
- C:\Windows\System\dplLNJr.exe
  C:\Windows\System\dplLNJr.exe
  2⤵
  PID:2876
- C:\Windows\System\kiMpwJh.exe
  C:\Windows\System\kiMpwJh.exe
  2⤵
  PID:1004
- C:\Windows\System\mfDVErN.exe
  C:\Windows\System\mfDVErN.exe
  2⤵
  PID:1532
- C:\Windows\System\JqnezvI.exe
  C:\Windows\System\JqnezvI.exe
  2⤵
  PID:7128
- C:\Windows\System\PFzAjmj.exe
  C:\Windows\System\PFzAjmj.exe
  2⤵
  PID:6100
- C:\Windows\System\KuepktR.exe
  C:\Windows\System\KuepktR.exe
  2⤵
  PID:6272
- C:\Windows\System\XnZerdv.exe
  C:\Windows\System\XnZerdv.exe
  2⤵
  PID:7052
- C:\Windows\System\DBwsDQv.exe
  C:\Windows\System\DBwsDQv.exe
  2⤵
  PID:6168
- C:\Windows\System\vBxhDMG.exe
  C:\Windows\System\vBxhDMG.exe
  2⤵
  PID:1488
- C:\Windows\System\etuTtpe.exe
  C:\Windows\System\etuTtpe.exe
  2⤵
  PID:6668
- C:\Windows\System\IKSyUmZ.exe
  C:\Windows\System\IKSyUmZ.exe
  2⤵
  PID:6736
- C:\Windows\System\HrUspDv.exe
  C:\Windows\System\HrUspDv.exe
  2⤵
  PID:6964
- C:\Windows\System\OzRhKzH.exe
  C:\Windows\System\OzRhKzH.exe
  2⤵
  PID:6228
- C:\Windows\System\ufJjsdz.exe
  C:\Windows\System\ufJjsdz.exe
  2⤵
  PID:1720
- C:\Windows\System\wyjgovo.exe
  C:\Windows\System\wyjgovo.exe
  2⤵
  PID:7048
- C:\Windows\System\sQGmQEf.exe
  C:\Windows\System\sQGmQEf.exe
  2⤵
  PID:6244
- C:\Windows\System\iZiwmiE.exe
  C:\Windows\System\iZiwmiE.exe
  2⤵
  PID:1744
- C:\Windows\System\LzZajva.exe
  C:\Windows\System\LzZajva.exe
  2⤵
  PID:7176
- C:\Windows\System\ejCjRNH.exe
  C:\Windows\System\ejCjRNH.exe
  2⤵
  PID:7192
- C:\Windows\System\CgQAxyB.exe
  C:\Windows\System\CgQAxyB.exe
  2⤵
  PID:7208
- C:\Windows\System\HsnXmBp.exe
  C:\Windows\System\HsnXmBp.exe
  2⤵
  PID:7224
- C:\Windows\System\jORFwuA.exe
  C:\Windows\System\jORFwuA.exe
  2⤵
  PID:7240
- C:\Windows\System\ahGBneH.exe
  C:\Windows\System\ahGBneH.exe
  2⤵
  PID:7256
- C:\Windows\System\yssZGUs.exe
  C:\Windows\System\yssZGUs.exe
  2⤵
  PID:7272
- C:\Windows\System\StQeQvw.exe
  C:\Windows\System\StQeQvw.exe
  2⤵
  PID:7288
- C:\Windows\System\OUsKvTo.exe
  C:\Windows\System\OUsKvTo.exe
  2⤵
  PID:7304
- C:\Windows\System\iKOwhem.exe
  C:\Windows\System\iKOwhem.exe
  2⤵
  PID:7324
- C:\Windows\System\tleuraT.exe
  C:\Windows\System\tleuraT.exe
  2⤵
  PID:7340
- C:\Windows\System\EPjAXIr.exe
  C:\Windows\System\EPjAXIr.exe
  2⤵
  PID:7356
- C:\Windows\System\aJfkKHg.exe
  C:\Windows\System\aJfkKHg.exe
  2⤵
  PID:7372
- C:\Windows\System\ZycofGs.exe
  C:\Windows\System\ZycofGs.exe
  2⤵
  PID:7388
- C:\Windows\System\fMBKqWt.exe
  C:\Windows\System\fMBKqWt.exe
  2⤵
  PID:7404
- C:\Windows\System\XAhCOsx.exe
  C:\Windows\System\XAhCOsx.exe
  2⤵
  PID:7420
- C:\Windows\System\gtbstxC.exe
  C:\Windows\System\gtbstxC.exe
  2⤵
  PID:7436
- C:\Windows\System\jJMlTvH.exe
  C:\Windows\System\jJMlTvH.exe
  2⤵
  PID:7452
- C:\Windows\System\oDxIZxl.exe
  C:\Windows\System\oDxIZxl.exe
  2⤵
  PID:7468
- C:\Windows\System\XHIErtd.exe
  C:\Windows\System\XHIErtd.exe
  2⤵
  PID:7484
- C:\Windows\System\VEQshJl.exe
  C:\Windows\System\VEQshJl.exe
  2⤵
  PID:7500
- C:\Windows\System\QodSjAX.exe
  C:\Windows\System\QodSjAX.exe
  2⤵
  PID:7516
- C:\Windows\System\JLulZaQ.exe
  C:\Windows\System\JLulZaQ.exe
  2⤵
  PID:7532
- C:\Windows\System\VCXJffV.exe
  C:\Windows\System\VCXJffV.exe
  2⤵
  PID:7548
- C:\Windows\System\svwpPJj.exe
  C:\Windows\System\svwpPJj.exe
  2⤵
  PID:7564
- C:\Windows\System\KtBOKOX.exe
  C:\Windows\System\KtBOKOX.exe
  2⤵
  PID:7580
- C:\Windows\System\SkyMiBE.exe
  C:\Windows\System\SkyMiBE.exe
  2⤵
  PID:7596
- C:\Windows\System\BnaUjfU.exe
  C:\Windows\System\BnaUjfU.exe
  2⤵
  PID:7612
- C:\Windows\System\wyoDKtw.exe
  C:\Windows\System\wyoDKtw.exe
  2⤵
  PID:7628
- C:\Windows\System\KexCAfL.exe
  C:\Windows\System\KexCAfL.exe
  2⤵
  PID:7644
- C:\Windows\System\ViOknaN.exe
  C:\Windows\System\ViOknaN.exe
  2⤵
  PID:7660
- C:\Windows\System\AJwpuxs.exe
  C:\Windows\System\AJwpuxs.exe
  2⤵
  PID:7676
- C:\Windows\System\cOhmPpB.exe
  C:\Windows\System\cOhmPpB.exe
  2⤵
  PID:7692
- C:\Windows\System\CkxdObk.exe
  C:\Windows\System\CkxdObk.exe
  2⤵
  PID:7708
- C:\Windows\System\TvyIoLL.exe
  C:\Windows\System\TvyIoLL.exe
  2⤵
  PID:7724
- C:\Windows\System\VSkpfWY.exe
  C:\Windows\System\VSkpfWY.exe
  2⤵
  PID:7740
- C:\Windows\System\fcnrNAS.exe
  C:\Windows\System\fcnrNAS.exe
  2⤵
  PID:7756
- C:\Windows\System\dXFHlNj.exe
  C:\Windows\System\dXFHlNj.exe
  2⤵
  PID:7772
- C:\Windows\System\ONAgaQA.exe
  C:\Windows\System\ONAgaQA.exe
  2⤵
  PID:7788
- C:\Windows\System\glLzHAC.exe
  C:\Windows\System\glLzHAC.exe
  2⤵
  PID:7804
- C:\Windows\System\sPnyHav.exe
  C:\Windows\System\sPnyHav.exe
  2⤵
  PID:7820
- C:\Windows\System\nVSDEeX.exe
  C:\Windows\System\nVSDEeX.exe
  2⤵
  PID:7836
- C:\Windows\System\pYhgNpn.exe
  C:\Windows\System\pYhgNpn.exe
  2⤵
  PID:7852
- C:\Windows\System\bnmGLGX.exe
  C:\Windows\System\bnmGLGX.exe
  2⤵
  PID:7868
- C:\Windows\System\nXhuasA.exe
  C:\Windows\System\nXhuasA.exe
  2⤵
  PID:7884
- C:\Windows\System\OLaQaJg.exe
  C:\Windows\System\OLaQaJg.exe
  2⤵
  PID:7900
- C:\Windows\System\ogUgsAu.exe
  C:\Windows\System\ogUgsAu.exe
  2⤵
  PID:7916
- C:\Windows\System\XZoRSfA.exe
  C:\Windows\System\XZoRSfA.exe
  2⤵
  PID:7932
- C:\Windows\System\AeLfHri.exe
  C:\Windows\System\AeLfHri.exe
  2⤵
  PID:7948
- C:\Windows\System\UkUhJRy.exe
  C:\Windows\System\UkUhJRy.exe
  2⤵
  PID:7964
- C:\Windows\System\FNrzKLV.exe
  C:\Windows\System\FNrzKLV.exe
  2⤵
  PID:7980
- C:\Windows\System\TyeZpyr.exe
  C:\Windows\System\TyeZpyr.exe
  2⤵
  PID:7996
- C:\Windows\System\NNJbZcU.exe
  C:\Windows\System\NNJbZcU.exe
  2⤵
  PID:8012
- C:\Windows\System\lHWdqmP.exe
  C:\Windows\System\lHWdqmP.exe
  2⤵
  PID:8032
- C:\Windows\System\xQATskr.exe
  C:\Windows\System\xQATskr.exe
  2⤵
  PID:8048
- C:\Windows\System\YTMnbKe.exe
  C:\Windows\System\YTMnbKe.exe
  2⤵
  PID:8064
- C:\Windows\System\dOixtyW.exe
  C:\Windows\System\dOixtyW.exe
  2⤵
  PID:8080
- C:\Windows\System\kkRzlDC.exe
  C:\Windows\System\kkRzlDC.exe
  2⤵
  PID:8096
- C:\Windows\System\MvVOkaZ.exe
  C:\Windows\System\MvVOkaZ.exe
  2⤵
  PID:8112
- C:\Windows\System\aYVZUhl.exe
  C:\Windows\System\aYVZUhl.exe
  2⤵
  PID:8128
- C:\Windows\System\jmHCHPD.exe
  C:\Windows\System\jmHCHPD.exe
  2⤵
  PID:8144
- C:\Windows\System\eTbzhwA.exe
  C:\Windows\System\eTbzhwA.exe
  2⤵
  PID:8160
- C:\Windows\System\rUUvcNz.exe
  C:\Windows\System\rUUvcNz.exe
  2⤵
  PID:8176
- C:\Windows\System\VOGofJr.exe
  C:\Windows\System\VOGofJr.exe
  2⤵
  PID:2696
- C:\Windows\System\SNtWGbi.exe
  C:\Windows\System\SNtWGbi.exe
  2⤵
  PID:6648
- C:\Windows\System\QIRYYgM.exe
  C:\Windows\System\QIRYYgM.exe
  2⤵
  PID:2100
- C:\Windows\System\IchkhvJ.exe
  C:\Windows\System\IchkhvJ.exe
  2⤵
  PID:7220
- C:\Windows\System\YjZiHft.exe
  C:\Windows\System\YjZiHft.exe
  2⤵
  PID:6340
- C:\Windows\System\GjDXdQh.exe
  C:\Windows\System\GjDXdQh.exe
  2⤵
  PID:7108
- C:\Windows\System\mtfeuJm.exe
  C:\Windows\System\mtfeuJm.exe
  2⤵
  PID:7252
- C:\Windows\System\YoqBVSx.exe
  C:\Windows\System\YoqBVSx.exe
  2⤵
  PID:3008
- C:\Windows\System\JEbzMLk.exe
  C:\Windows\System\JEbzMLk.exe
  2⤵
  PID:6664
- C:\Windows\System\zVgFzBP.exe
  C:\Windows\System\zVgFzBP.exe
  2⤵
  PID:6844
- C:\Windows\System\tjmavEW.exe
  C:\Windows\System\tjmavEW.exe
  2⤵
  PID:2952
- C:\Windows\System\WLsLJkZ.exe
  C:\Windows\System\WLsLJkZ.exe
  2⤵
  PID:7384
- C:\Windows\System\SePxFdv.exe
  C:\Windows\System\SePxFdv.exe
  2⤵
  PID:7380
- C:\Windows\System\vNnJACc.exe
  C:\Windows\System\vNnJACc.exe
  2⤵
  PID:7480
- C:\Windows\System\gLTBEzO.exe
  C:\Windows\System\gLTBEzO.exe
  2⤵
  PID:7364
- C:\Windows\System\rrGeCtq.exe
  C:\Windows\System\rrGeCtq.exe
  2⤵
  PID:7576
- C:\Windows\System\KOCtMOP.exe
  C:\Windows\System\KOCtMOP.exe
  2⤵
  PID:7296
- C:\Windows\System\YCJxDYL.exe
  C:\Windows\System\YCJxDYL.exe
  2⤵
  PID:7508
- C:\Windows\System\LVjbiRv.exe
  C:\Windows\System\LVjbiRv.exe
  2⤵
  PID:7332
- C:\Windows\System\WiZEkqa.exe
  C:\Windows\System\WiZEkqa.exe
  2⤵
  PID:7704
- C:\Windows\System\uKTYtcF.exe
  C:\Windows\System\uKTYtcF.exe
  2⤵
  PID:7796
- C:\Windows\System\zFiiCfd.exe
  C:\Windows\System\zFiiCfd.exe
  2⤵
  PID:7828
- C:\Windows\System\NMFACWo.exe
  C:\Windows\System\NMFACWo.exe
  2⤵
  PID:7396
- C:\Windows\System\pRcJMav.exe
  C:\Windows\System\pRcJMav.exe
  2⤵
  PID:7432
- C:\Windows\System\NoYDSyh.exe
  C:\Windows\System\NoYDSyh.exe
  2⤵
  PID:7464
- C:\Windows\System\MrNTJll.exe
  C:\Windows\System\MrNTJll.exe
  2⤵
  PID:7928
- C:\Windows\System\NngCwGp.exe
  C:\Windows\System\NngCwGp.exe
  2⤵
  PID:7992
- C:\Windows\System\sXjqLYh.exe
  C:\Windows\System\sXjqLYh.exe
  2⤵
  PID:7528
- C:\Windows\System\fHMCnRE.exe
  C:\Windows\System\fHMCnRE.exe
  2⤵
  PID:7684
- C:\Windows\System\uoxYsnL.exe
  C:\Windows\System\uoxYsnL.exe
  2⤵
  PID:8060
- C:\Windows\System\weleTDl.exe
  C:\Windows\System\weleTDl.exe
  2⤵
  PID:7912
- C:\Windows\System\QkwBURp.exe
  C:\Windows\System\QkwBURp.exe
  2⤵
  PID:8120
- C:\Windows\System\QjwJhfw.exe
  C:\Windows\System\QjwJhfw.exe
  2⤵
  PID:8088
- C:\Windows\System\qcoVWKa.exe
  C:\Windows\System\qcoVWKa.exe
  2⤵
  PID:7944
- C:\Windows\System\qNGEUSQ.exe
  C:\Windows\System\qNGEUSQ.exe
  2⤵
  PID:1628
- C:\Windows\System\YfGHAan.exe
  C:\Windows\System\YfGHAan.exe
  2⤵
  PID:7816
- C:\Windows\System\JGasYDq.exe
  C:\Windows\System\JGasYDq.exe
  2⤵
  PID:7908
- C:\Windows\System\KTocmAs.exe
  C:\Windows\System\KTocmAs.exe
  2⤵
  PID:8008
- C:\Windows\System\gktfkxX.exe
  C:\Windows\System\gktfkxX.exe
  2⤵
  PID:8072
- C:\Windows\System\KIkSImk.exe
  C:\Windows\System\KIkSImk.exe
  2⤵
  PID:8140
- C:\Windows\System\GIxbrtB.exe
  C:\Windows\System\GIxbrtB.exe
  2⤵
  PID:6344
- C:\Windows\System\VfHhJLj.exe
  C:\Windows\System\VfHhJLj.exe
  2⤵
  PID:6284
- C:\Windows\System\hsCsDNg.exe
  C:\Windows\System\hsCsDNg.exe
  2⤵
  PID:6552
- C:\Windows\System\SVAGguU.exe
  C:\Windows\System\SVAGguU.exe
  2⤵
  PID:1796
- C:\Windows\System\HCpsXwC.exe
  C:\Windows\System\HCpsXwC.exe
  2⤵
  PID:7312
- C:\Windows\System\BCvtufM.exe
  C:\Windows\System\BCvtufM.exe
  2⤵
  PID:7320
- C:\Windows\System\pLymRKt.exe
  C:\Windows\System\pLymRKt.exe
  2⤵
  PID:7608
- C:\Windows\System\wYQYJlY.exe
  C:\Windows\System\wYQYJlY.exe
  2⤵
  PID:7668
- C:\Windows\System\yKCFigo.exe
  C:\Windows\System\yKCFigo.exe
  2⤵
  PID:7544
- C:\Windows\System\uXoWBYg.exe
  C:\Windows\System\uXoWBYg.exe
  2⤵
  PID:7700
- C:\Windows\System\WXVMHAZ.exe
  C:\Windows\System\WXVMHAZ.exe
  2⤵
  PID:7860
- C:\Windows\System\WYabNFS.exe
  C:\Windows\System\WYabNFS.exe
  2⤵
  PID:7896
- C:\Windows\System\GSWtkeA.exe
  C:\Windows\System\GSWtkeA.exe
  2⤵
  PID:7876
- C:\Windows\System\izsVQAV.exe
  C:\Windows\System\izsVQAV.exe
  2⤵
  PID:7720
- C:\Windows\System\kDpGAmo.exe
  C:\Windows\System\kDpGAmo.exe
  2⤵
  PID:7496
- C:\Windows\System\rFpFawK.exe
  C:\Windows\System\rFpFawK.exe
  2⤵
  PID:7624
- C:\Windows\System\DRUTRXe.exe
  C:\Windows\System\DRUTRXe.exe
  2⤵
  PID:8184
- C:\Windows\System\NMBoluP.exe
  C:\Windows\System\NMBoluP.exe
  2⤵
  PID:8076
- C:\Windows\System\XQETMho.exe
  C:\Windows\System\XQETMho.exe
  2⤵
  PID:6492
- C:\Windows\System\yQTpjAf.exe
  C:\Windows\System\yQTpjAf.exe
  2⤵
  PID:7880
- C:\Windows\System\FEyGurh.exe
  C:\Windows\System\FEyGurh.exe
  2⤵
  PID:7232
- C:\Windows\System\vsqtPdB.exe
  C:\Windows\System\vsqtPdB.exe
  2⤵
  PID:8136
- C:\Windows\System\wFUkiAl.exe
  C:\Windows\System\wFUkiAl.exe
  2⤵
  PID:6800
- C:\Windows\System\tkSAmmM.exe
  C:\Windows\System\tkSAmmM.exe
  2⤵
  PID:7640
- C:\Windows\System\ZyPdDTR.exe
  C:\Windows\System\ZyPdDTR.exe
  2⤵
  PID:7316
- C:\Windows\System\GrWchWH.exe
  C:\Windows\System\GrWchWH.exe
  2⤵
  PID:7460
- C:\Windows\System\ahQxBgw.exe
  C:\Windows\System\ahQxBgw.exe
  2⤵
  PID:8092
- C:\Windows\System\LsEOUnN.exe
  C:\Windows\System\LsEOUnN.exe
  2⤵
  PID:7656
- C:\Windows\System\YxLJlGw.exe
  C:\Windows\System\YxLJlGw.exe
  2⤵
  PID:8108
- C:\Windows\System\tPAoilz.exe
  C:\Windows\System\tPAoilz.exe
  2⤵
  PID:8200
- C:\Windows\System\UvztNam.exe
  C:\Windows\System\UvztNam.exe
  2⤵
  PID:8216
- C:\Windows\System\ViwyOws.exe
  C:\Windows\System\ViwyOws.exe
  2⤵
  PID:8232
- C:\Windows\System\OToiEuX.exe
  C:\Windows\System\OToiEuX.exe
  2⤵
  PID:8248
- C:\Windows\System\sTmGGpJ.exe
  C:\Windows\System\sTmGGpJ.exe
  2⤵
  PID:8268
- C:\Windows\System\jvWbnag.exe
  C:\Windows\System\jvWbnag.exe
  2⤵
  PID:8284
- C:\Windows\System\LeQmyQr.exe
  C:\Windows\System\LeQmyQr.exe
  2⤵
  PID:8300
- C:\Windows\System\XxXVTXt.exe
  C:\Windows\System\XxXVTXt.exe
  2⤵
  PID:8316
- C:\Windows\System\DHsKaVf.exe
  C:\Windows\System\DHsKaVf.exe
  2⤵
  PID:8332
- C:\Windows\System\Pmoftod.exe
  C:\Windows\System\Pmoftod.exe
  2⤵
  PID:8348
- C:\Windows\System\usbCrkB.exe
  C:\Windows\System\usbCrkB.exe
  2⤵
  PID:8364
- C:\Windows\System\xJFRqKy.exe
  C:\Windows\System\xJFRqKy.exe
  2⤵
  PID:8380
- C:\Windows\System\UXNHEnZ.exe
  C:\Windows\System\UXNHEnZ.exe
  2⤵
  PID:8396
- C:\Windows\System\vQKwjYx.exe
  C:\Windows\System\vQKwjYx.exe
  2⤵
  PID:8412
- C:\Windows\System\yGOeymn.exe
  C:\Windows\System\yGOeymn.exe
  2⤵
  PID:8428
- C:\Windows\System\pbOYBPH.exe
  C:\Windows\System\pbOYBPH.exe
  2⤵
  PID:8444
- C:\Windows\System\wgpoFhP.exe
  C:\Windows\System\wgpoFhP.exe
  2⤵
  PID:8464
- C:\Windows\System\qwjTfjV.exe
  C:\Windows\System\qwjTfjV.exe
  2⤵
  PID:8480
- C:\Windows\System\MhKVZPY.exe
  C:\Windows\System\MhKVZPY.exe
  2⤵
  PID:8496
- C:\Windows\System\STQeZde.exe
  C:\Windows\System\STQeZde.exe
  2⤵
  PID:8512
- C:\Windows\System\sfpzyRc.exe
  C:\Windows\System\sfpzyRc.exe
  2⤵
  PID:8528
- C:\Windows\System\YpvijeQ.exe
  C:\Windows\System\YpvijeQ.exe
  2⤵
  PID:8544
- C:\Windows\System\KSrukSp.exe
  C:\Windows\System\KSrukSp.exe
  2⤵
  PID:8560
- C:\Windows\System\wWmgYYT.exe
  C:\Windows\System\wWmgYYT.exe
  2⤵
  PID:8576
- C:\Windows\System\oOqNqlc.exe
  C:\Windows\System\oOqNqlc.exe
  2⤵
  PID:8592
- C:\Windows\System\rmMgZqc.exe
  C:\Windows\System\rmMgZqc.exe
  2⤵
  PID:8608
- C:\Windows\System\axGNLcg.exe
  C:\Windows\System\axGNLcg.exe
  2⤵
  PID:8624
- C:\Windows\System\ZWDLKsp.exe
  C:\Windows\System\ZWDLKsp.exe
  2⤵
  PID:8640
- C:\Windows\System\gjwhsyH.exe
  C:\Windows\System\gjwhsyH.exe
  2⤵
  PID:8656
- C:\Windows\System\FADHXXX.exe
  C:\Windows\System\FADHXXX.exe
  2⤵
  PID:8672
- C:\Windows\System\iYQYbLA.exe
  C:\Windows\System\iYQYbLA.exe
  2⤵
  PID:8688
- C:\Windows\System\dlIvDUa.exe
  C:\Windows\System\dlIvDUa.exe
  2⤵
  PID:8704
- C:\Windows\System\LAGdkoD.exe
  C:\Windows\System\LAGdkoD.exe
  2⤵
  PID:8720
- C:\Windows\System\UOwxSPH.exe
  C:\Windows\System\UOwxSPH.exe
  2⤵
  PID:8736
- C:\Windows\System\RxcgbwK.exe
  C:\Windows\System\RxcgbwK.exe
  2⤵
  PID:8752
- C:\Windows\System\ZYpoitt.exe
  C:\Windows\System\ZYpoitt.exe
  2⤵
  PID:8768
- C:\Windows\System\zDXKSnw.exe
  C:\Windows\System\zDXKSnw.exe
  2⤵
  PID:8784
- C:\Windows\System\TdqZMxf.exe
  C:\Windows\System\TdqZMxf.exe
  2⤵
  PID:8800
- C:\Windows\System\kGRJSuw.exe
  C:\Windows\System\kGRJSuw.exe
  2⤵
  PID:8816
- C:\Windows\System\BXHuVGo.exe
  C:\Windows\System\BXHuVGo.exe
  2⤵
  PID:8832
- C:\Windows\System\HsOrnHd.exe
  C:\Windows\System\HsOrnHd.exe
  2⤵
  PID:8848
- C:\Windows\System\yPQpnlK.exe
  C:\Windows\System\yPQpnlK.exe
  2⤵
  PID:8864
- C:\Windows\System\abtrmGo.exe
  C:\Windows\System\abtrmGo.exe
  2⤵
  PID:8880
- C:\Windows\System\GLGqFcx.exe
  C:\Windows\System\GLGqFcx.exe
  2⤵
  PID:8896
- C:\Windows\System\lBHHuge.exe
  C:\Windows\System\lBHHuge.exe
  2⤵
  PID:8912
- C:\Windows\System\EGmairy.exe
  C:\Windows\System\EGmairy.exe
  2⤵
  PID:8928
- C:\Windows\System\kUyoHKL.exe
  C:\Windows\System\kUyoHKL.exe
  2⤵
  PID:8944
- C:\Windows\System\UBhJMIv.exe
  C:\Windows\System\UBhJMIv.exe
  2⤵
  PID:8960
- C:\Windows\System\HbzPrhg.exe
  C:\Windows\System\HbzPrhg.exe
  2⤵
  PID:8976
- C:\Windows\System\IImsxgd.exe
  C:\Windows\System\IImsxgd.exe
  2⤵
  PID:8992
- C:\Windows\System\wxFLBCa.exe
  C:\Windows\System\wxFLBCa.exe
  2⤵
  PID:9008
- C:\Windows\System\iwXJvfz.exe
  C:\Windows\System\iwXJvfz.exe
  2⤵
  PID:9024
- C:\Windows\System\uvFonNz.exe
  C:\Windows\System\uvFonNz.exe
  2⤵
  PID:9040
- C:\Windows\System\BDwjgfR.exe
  C:\Windows\System\BDwjgfR.exe
  2⤵
  PID:9056
- C:\Windows\System\hVnWxta.exe
  C:\Windows\System\hVnWxta.exe
  2⤵
  PID:9072
- C:\Windows\System\nuWuZTX.exe
  C:\Windows\System\nuWuZTX.exe
  2⤵
  PID:9088
- C:\Windows\System\WtsDscV.exe
  C:\Windows\System\WtsDscV.exe
  2⤵
  PID:9104
- C:\Windows\System\oAcreqq.exe
  C:\Windows\System\oAcreqq.exe
  2⤵
  PID:9120
- C:\Windows\System\uuQZJMs.exe
  C:\Windows\System\uuQZJMs.exe
  2⤵
  PID:9136
- C:\Windows\System\zofMOXE.exe
  C:\Windows\System\zofMOXE.exe
  2⤵
  PID:9152
- C:\Windows\System\ECScvbQ.exe
  C:\Windows\System\ECScvbQ.exe
  2⤵
  PID:9168
- C:\Windows\System\jALKbZZ.exe
  C:\Windows\System\jALKbZZ.exe
  2⤵
  PID:9184
- C:\Windows\System\oZdFfSO.exe
  C:\Windows\System\oZdFfSO.exe
  2⤵
  PID:9200
- C:\Windows\System\LxZMhJV.exe
  C:\Windows\System\LxZMhJV.exe
  2⤵
  PID:7476
- C:\Windows\System\KVGYFYc.exe
  C:\Windows\System\KVGYFYc.exe
  2⤵
  PID:7268
- C:\Windows\System\CxZWfum.exe
  C:\Windows\System\CxZWfum.exe
  2⤵
  PID:7236
- C:\Windows\System\aejdzSF.exe
  C:\Windows\System\aejdzSF.exe
  2⤵
  PID:8244
- C:\Windows\System\YXHifXa.exe
  C:\Windows\System\YXHifXa.exe
  2⤵
  PID:7848
- C:\Windows\System\jKyEwdI.exe
  C:\Windows\System\jKyEwdI.exe
  2⤵
  PID:7416
- C:\Windows\System\gJeYwYk.exe
  C:\Windows\System\gJeYwYk.exe
  2⤵
  PID:7184
- C:\Windows\System\NVySZoG.exe
  C:\Windows\System\NVySZoG.exe
  2⤵
  PID:8224
- C:\Windows\System\zWIFrpa.exe
  C:\Windows\System\zWIFrpa.exe
  2⤵
  PID:8308
- C:\Windows\System\ydhyyBD.exe
  C:\Windows\System\ydhyyBD.exe
  2⤵
  PID:8372
- C:\Windows\System\gEzrszf.exe
  C:\Windows\System\gEzrszf.exe
  2⤵
  PID:8264
- C:\Windows\System\swMJaki.exe
  C:\Windows\System\swMJaki.exe
  2⤵
  PID:8324
- C:\Windows\System\msqkzlR.exe
  C:\Windows\System\msqkzlR.exe
  2⤵
  PID:8392
- C:\Windows\System\BZnHFzX.exe
  C:\Windows\System\BZnHFzX.exe
  2⤵
  PID:8472
- C:\Windows\System\pdNwZsJ.exe
  C:\Windows\System\pdNwZsJ.exe
  2⤵
  PID:8508
- C:\Windows\System\HWeSrAx.exe
  C:\Windows\System\HWeSrAx.exe
  2⤵
  PID:8572
- C:\Windows\System\XvBgCOY.exe
  C:\Windows\System\XvBgCOY.exe
  2⤵
  PID:8556
- C:\Windows\System\smwedwT.exe
  C:\Windows\System\smwedwT.exe
  2⤵
  PID:8584
- C:\Windows\System\xdPsUjy.exe
  C:\Windows\System\xdPsUjy.exe
  2⤵
  PID:8632
- C:\Windows\System\utsdvlo.exe
  C:\Windows\System\utsdvlo.exe
  2⤵
  PID:8668
- C:\Windows\System\wOlmaSm.exe
  C:\Windows\System\wOlmaSm.exe
  2⤵
  PID:8732
- C:\Windows\System\OYiYOrm.exe
  C:\Windows\System\OYiYOrm.exe
  2⤵
  PID:8620
- C:\Windows\System\yhymnuy.exe
  C:\Windows\System\yhymnuy.exe
  2⤵
  PID:8716
- C:\Windows\System\eRNgTKO.exe
  C:\Windows\System\eRNgTKO.exe
  2⤵
  PID:8680
- C:\Windows\System\UwVOiDw.exe
  C:\Windows\System\UwVOiDw.exe
  2⤵
  PID:8776
- C:\Windows\System\xNOZGog.exe
  C:\Windows\System\xNOZGog.exe
  2⤵
  PID:8812
- C:\Windows\System\bDEfDYT.exe
  C:\Windows\System\bDEfDYT.exe
  2⤵
  PID:8872
- C:\Windows\System\HYwqOos.exe
  C:\Windows\System\HYwqOos.exe
  2⤵
  PID:8920
- C:\Windows\System\LanDHTi.exe
  C:\Windows\System\LanDHTi.exe
  2⤵
  PID:8984
- C:\Windows\System\EeLslVj.exe
  C:\Windows\System\EeLslVj.exe
  2⤵
  PID:8940
- C:\Windows\System\wispTAP.exe
  C:\Windows\System\wispTAP.exe
  2⤵
  PID:9016
- C:\Windows\System\VZoWdLY.exe
  C:\Windows\System\VZoWdLY.exe
  2⤵
  PID:9080
- C:\Windows\System\nrStDaM.exe
  C:\Windows\System\nrStDaM.exe
  2⤵
  PID:9144
- C:\Windows\System\gDkhktd.exe
  C:\Windows\System\gDkhktd.exe
  2⤵
  PID:9036
- C:\Windows\System\pkNYgFX.exe
  C:\Windows\System\pkNYgFX.exe
  2⤵
  PID:9100
- C:\Windows\System\jRQCXyW.exe
  C:\Windows\System\jRQCXyW.exe
  2⤵
  PID:9176
- C:\Windows\System\xhHrtcU.exe
  C:\Windows\System\xhHrtcU.exe
  2⤵
  PID:9160
- C:\Windows\System\iAwNKmM.exe
  C:\Windows\System\iAwNKmM.exe
  2⤵
  PID:8024
- C:\Windows\System\rtqqpmI.exe
  C:\Windows\System\rtqqpmI.exe
  2⤵
  PID:8276
- C:\Windows\System\bUlPbxB.exe
  C:\Windows\System\bUlPbxB.exe
  2⤵
  PID:8240
- C:\Windows\System\jgKwbIr.exe
  C:\Windows\System\jgKwbIr.exe
  2⤵
  PID:8280
- C:\Windows\System\vxdxFvZ.exe
  C:\Windows\System\vxdxFvZ.exe
  2⤵
  PID:8404
- C:\Windows\System\zpIaIcG.exe
  C:\Windows\System\zpIaIcG.exe
  2⤵
  PID:8452
- C:\Windows\System\QUqnJZq.exe
  C:\Windows\System\QUqnJZq.exe
  2⤵
  PID:8604
- C:\Windows\System\Dxkpcua.exe
  C:\Windows\System\Dxkpcua.exe
  2⤵
  PID:8796
- C:\Windows\System\xQEeCmk.exe
  C:\Windows\System\xQEeCmk.exe
  2⤵
  PID:8860
- C:\Windows\System\IHrxvvm.exe
  C:\Windows\System\IHrxvvm.exe
  2⤵
  PID:8988
- C:\Windows\System\fMxukGA.exe
  C:\Windows\System\fMxukGA.exe
  2⤵
  PID:8328
- C:\Windows\System\NfUgJCF.exe
  C:\Windows\System\NfUgJCF.exe
  2⤵
  PID:8568
- C:\Windows\System\nzGVryt.exe
  C:\Windows\System\nzGVryt.exe
  2⤵
  PID:9068
- C:\Windows\System\OhdEJZa.exe
  C:\Windows\System\OhdEJZa.exe
  2⤵
  PID:7940
- C:\Windows\System\gQxsZUh.exe
  C:\Windows\System\gQxsZUh.exe
  2⤵
  PID:8360
- C:\Windows\System\nwnlYBX.exe
  C:\Windows\System\nwnlYBX.exe
  2⤵
  PID:8424
- C:\Windows\System\RmomJKw.exe
  C:\Windows\System\RmomJKw.exe
  2⤵
  PID:8764
- C:\Windows\System\yArfpGA.exe
  C:\Windows\System\yArfpGA.exe
  2⤵
  PID:8856
- C:\Windows\System\VnOsmkY.exe
  C:\Windows\System\VnOsmkY.exe
  2⤵
  PID:9052
- C:\Windows\System\VPHlyOr.exe
  C:\Windows\System\VPHlyOr.exe
  2⤵
  PID:9196
- C:\Windows\System\JMXRHvD.exe
  C:\Windows\System\JMXRHvD.exe
  2⤵
  PID:8196
- C:\Windows\System\cDajBTe.exe
  C:\Windows\System\cDajBTe.exe
  2⤵
  PID:8728
- C:\Windows\System\fXqFtyF.exe
  C:\Windows\System\fXqFtyF.exe
  2⤵
  PID:8440
- C:\Windows\System\tpAIIOv.exe
  C:\Windows\System\tpAIIOv.exe
  2⤵
  PID:8844
- C:\Windows\System\ieQhEbh.exe
  C:\Windows\System\ieQhEbh.exe
  2⤵
  PID:9112
- C:\Windows\System\XVqGVyF.exe
  C:\Windows\System\XVqGVyF.exe
  2⤵
  PID:9208
- C:\Windows\System\hzoWZHe.exe
  C:\Windows\System\hzoWZHe.exe
  2⤵
  PID:8828
- C:\Windows\System\NkPHpFM.exe
  C:\Windows\System\NkPHpFM.exe
  2⤵
  PID:8792
- C:\Windows\System\HagtNHL.exe
  C:\Windows\System\HagtNHL.exe
  2⤵
  PID:8936
- C:\Windows\System\CvcYQEq.exe
  C:\Windows\System\CvcYQEq.exe
  2⤵
  PID:8892
- C:\Windows\System\KCRxZVU.exe
  C:\Windows\System\KCRxZVU.exe
  2⤵
  PID:7200
- C:\Windows\System\Sgwwsze.exe
  C:\Windows\System\Sgwwsze.exe
  2⤵
  PID:9116
- C:\Windows\System\quQbKTW.exe
  C:\Windows\System\quQbKTW.exe
  2⤵
  PID:9232
- C:\Windows\System\wCOMjbW.exe
  C:\Windows\System\wCOMjbW.exe
  2⤵
  PID:9248
- C:\Windows\System\FFOgwmV.exe
  C:\Windows\System\FFOgwmV.exe
  2⤵
  PID:9264
- C:\Windows\System\OVBIAEQ.exe
  C:\Windows\System\OVBIAEQ.exe
  2⤵
  PID:9280
- C:\Windows\System\AASWqJW.exe
  C:\Windows\System\AASWqJW.exe
  2⤵
  PID:9296
- C:\Windows\System\yoIljoG.exe
  C:\Windows\System\yoIljoG.exe
  2⤵
  PID:9312
- C:\Windows\System\CKpwdAV.exe
  C:\Windows\System\CKpwdAV.exe
  2⤵
  PID:9328
- C:\Windows\System\AEBHrjI.exe
  C:\Windows\System\AEBHrjI.exe
  2⤵
  PID:9344
- C:\Windows\System\EQTpBLF.exe
  C:\Windows\System\EQTpBLF.exe
  2⤵
  PID:9360
- C:\Windows\System\TVQoYdz.exe
  C:\Windows\System\TVQoYdz.exe
  2⤵
  PID:9376
- C:\Windows\System\VbzzQVe.exe
  C:\Windows\System\VbzzQVe.exe
  2⤵
  PID:9392
- C:\Windows\System\syFbjHz.exe
  C:\Windows\System\syFbjHz.exe
  2⤵
  PID:9412
- C:\Windows\System\XCLjSne.exe
  C:\Windows\System\XCLjSne.exe
  2⤵
  PID:9428
- C:\Windows\System\JfJbwFz.exe
  C:\Windows\System\JfJbwFz.exe
  2⤵
  PID:9444
- C:\Windows\System\EjbMhzW.exe
  C:\Windows\System\EjbMhzW.exe
  2⤵
  PID:9460
- C:\Windows\System\bClhrVL.exe
  C:\Windows\System\bClhrVL.exe
  2⤵
  PID:9476
- C:\Windows\System\ZWOLJrB.exe
  C:\Windows\System\ZWOLJrB.exe
  2⤵
  PID:9492
- C:\Windows\System\rMuJEcC.exe
  C:\Windows\System\rMuJEcC.exe
  2⤵
  PID:9512
- C:\Windows\System\GeALOci.exe
  C:\Windows\System\GeALOci.exe
  2⤵
  PID:9540
- C:\Windows\System\foEoFgX.exe
  C:\Windows\System\foEoFgX.exe
  2⤵
  PID:9556
- C:\Windows\System\JAnhHwd.exe
  C:\Windows\System\JAnhHwd.exe
  2⤵
  PID:9572
- C:\Windows\System\YkTsnMp.exe
  C:\Windows\System\YkTsnMp.exe
  2⤵
  PID:9588
- C:\Windows\System\XWqyXtr.exe
  C:\Windows\System\XWqyXtr.exe
  2⤵
  PID:9604
- C:\Windows\System\KmCsOiz.exe
  C:\Windows\System\KmCsOiz.exe
  2⤵
  PID:9624
- C:\Windows\System\dWoMKug.exe
  C:\Windows\System\dWoMKug.exe
  2⤵
  PID:9644
- C:\Windows\System\hHNftJq.exe
  C:\Windows\System\hHNftJq.exe
  2⤵
  PID:9660
- C:\Windows\System\ZfilSGw.exe
  C:\Windows\System\ZfilSGw.exe
  2⤵
  PID:9680
- C:\Windows\System\VoFQUEI.exe
  C:\Windows\System\VoFQUEI.exe
  2⤵
  PID:9696
- C:\Windows\System\JVuqgrR.exe
  C:\Windows\System\JVuqgrR.exe
  2⤵
  PID:9712
- C:\Windows\System\bvgdkUH.exe
  C:\Windows\System\bvgdkUH.exe
  2⤵
  PID:9728
- C:\Windows\System\RkJzUSk.exe
  C:\Windows\System\RkJzUSk.exe
  2⤵
  PID:9744
- C:\Windows\System\LevgaBA.exe
  C:\Windows\System\LevgaBA.exe
  2⤵
  PID:9760
- C:\Windows\System\HyXWJbJ.exe
  C:\Windows\System\HyXWJbJ.exe
  2⤵
  PID:9776
- C:\Windows\System\TzCagvb.exe
  C:\Windows\System\TzCagvb.exe
  2⤵
  PID:9792
- C:\Windows\System\bWOFMWe.exe
  C:\Windows\System\bWOFMWe.exe
  2⤵
  PID:9808
- C:\Windows\System\wLgCGEx.exe
  C:\Windows\System\wLgCGEx.exe
  2⤵
  PID:9824
- C:\Windows\System\XgMHIkX.exe
  C:\Windows\System\XgMHIkX.exe
  2⤵
  PID:9840
- C:\Windows\System\GeDcdkr.exe
  C:\Windows\System\GeDcdkr.exe
  2⤵
  PID:9880
- C:\Windows\System\doouZrW.exe
  C:\Windows\System\doouZrW.exe
  2⤵
  PID:9912
- C:\Windows\System\NjZCpjr.exe
  C:\Windows\System\NjZCpjr.exe
  2⤵
  PID:9928
- C:\Windows\System\ufnedby.exe
  C:\Windows\System\ufnedby.exe
  2⤵
  PID:9944
- C:\Windows\System\PKIfpAX.exe
  C:\Windows\System\PKIfpAX.exe
  2⤵
  PID:9960
- C:\Windows\System\buiOgpS.exe
  C:\Windows\System\buiOgpS.exe
  2⤵
  PID:9976
- C:\Windows\System\STYvsgt.exe
  C:\Windows\System\STYvsgt.exe
  2⤵
  PID:9992
- C:\Windows\System\qENdZLB.exe
  C:\Windows\System\qENdZLB.exe
  2⤵
  PID:10012
- C:\Windows\System\ADzRMIz.exe
  C:\Windows\System\ADzRMIz.exe
  2⤵
  PID:10028
- C:\Windows\System\rRupXuG.exe
  C:\Windows\System\rRupXuG.exe
  2⤵
  PID:10048
- C:\Windows\System\FAeKBSY.exe
  C:\Windows\System\FAeKBSY.exe
  2⤵
  PID:10068
- C:\Windows\System\kWNyOyN.exe
  C:\Windows\System\kWNyOyN.exe
  2⤵
  PID:10084
- C:\Windows\System\vwiGHGN.exe
  C:\Windows\System\vwiGHGN.exe
  2⤵
  PID:10100
- C:\Windows\System\WBDAGWX.exe
  C:\Windows\System\WBDAGWX.exe
  2⤵
  PID:10116
- C:\Windows\System\STzlsDp.exe
  C:\Windows\System\STzlsDp.exe
  2⤵
  PID:10144
- C:\Windows\System\umuPWzI.exe
  C:\Windows\System\umuPWzI.exe
  2⤵
  PID:10160
- C:\Windows\System\KfJFfrP.exe
  C:\Windows\System\KfJFfrP.exe
  2⤵
  PID:10180
- C:\Windows\System\nicwGdJ.exe
  C:\Windows\System\nicwGdJ.exe
  2⤵
  PID:10196
- C:\Windows\System\RoMGaDK.exe
  C:\Windows\System\RoMGaDK.exe
  2⤵
  PID:9404
- C:\Windows\System\JeEwoBW.exe
  C:\Windows\System\JeEwoBW.exe
  2⤵
  PID:9472
- C:\Windows\System\KlJOxEn.exe
  C:\Windows\System\KlJOxEn.exe
  2⤵
  PID:9548
- C:\Windows\System\EBKMNfL.exe
  C:\Windows\System\EBKMNfL.exe
  2⤵
  PID:9424
- C:\Windows\System\PuqMzKi.exe
  C:\Windows\System\PuqMzKi.exe
  2⤵
  PID:9528
- C:\Windows\System\udLsVvw.exe
  C:\Windows\System\udLsVvw.exe
  2⤵
  PID:9564
- C:\Windows\System\TaWAIZW.exe
  C:\Windows\System\TaWAIZW.exe
  2⤵
  PID:9524
- C:\Windows\System\lIEYpNe.exe
  C:\Windows\System\lIEYpNe.exe
  2⤵
  PID:9620
- C:\Windows\System\ndsLVCm.exe
  C:\Windows\System\ndsLVCm.exe
  2⤵
  PID:9720
- C:\Windows\System\HSZJeDJ.exe
  C:\Windows\System\HSZJeDJ.exe
  2⤵
  PID:9784
- C:\Windows\System\AeXwWfn.exe
  C:\Windows\System\AeXwWfn.exe
  2⤵
  PID:9668
- C:\Windows\System\FuELGKL.exe
  C:\Windows\System\FuELGKL.exe
  2⤵
  PID:9816
- C:\Windows\System\RkNkaYl.exe
  C:\Windows\System\RkNkaYl.exe
  2⤵
  PID:9768
- C:\Windows\System\NLbZwTH.exe
  C:\Windows\System\NLbZwTH.exe
  2⤵
  PID:9856
- C:\Windows\System\FkEIhYJ.exe
  C:\Windows\System\FkEIhYJ.exe
  2⤵
  PID:9892
- C:\Windows\System\uLubtBy.exe
  C:\Windows\System\uLubtBy.exe
  2⤵
  PID:10232
- C:\Windows\System\jVjRGTX.exe
  C:\Windows\System\jVjRGTX.exe
  2⤵
  PID:8388
- C:\Windows\System\ordgfRz.exe
  C:\Windows\System\ordgfRz.exe
  2⤵
  PID:9148
- C:\Windows\System\kYjUcuI.exe
  C:\Windows\System\kYjUcuI.exe
  2⤵
  PID:8600
- C:\Windows\System\EtfaoRr.exe
  C:\Windows\System\EtfaoRr.exe
  2⤵
  PID:9272
- C:\Windows\System\MskOqzv.exe
  C:\Windows\System\MskOqzv.exe
  2⤵
  PID:9340
- C:\Windows\System\yJrYAXG.exe
  C:\Windows\System\yJrYAXG.exe
  2⤵
  PID:9356
- C:\Windows\System\WiCLPiE.exe
  C:\Windows\System\WiCLPiE.exe
  2⤵
  PID:9536
- C:\Windows\System\tklLpWC.exe
  C:\Windows\System\tklLpWC.exe
  2⤵
  PID:9484
- C:\Windows\System\zazpuYX.exe
  C:\Windows\System\zazpuYX.exe
  2⤵
  PID:9848
- C:\Windows\System\pkcwEuo.exe
  C:\Windows\System\pkcwEuo.exe
  2⤵
  PID:9868
- C:\Windows\System\vtdUzZs.exe
  C:\Windows\System\vtdUzZs.exe
  2⤵
  PID:9896
- C:\Windows\System\kuqYUdb.exe
  C:\Windows\System\kuqYUdb.exe
  2⤵
  PID:9952
- C:\Windows\System\VrexVsN.exe
  C:\Windows\System\VrexVsN.exe
  2⤵
  PID:9920
- C:\Windows\System\oRoohAk.exe
  C:\Windows\System\oRoohAk.exe
  2⤵
  PID:10020
- C:\Windows\System\XPMvzbM.exe
  C:\Windows\System\XPMvzbM.exe
  2⤵
  PID:10092
- C:\Windows\System\WzUloKs.exe
  C:\Windows\System\WzUloKs.exe
  2⤵
  PID:10040
- C:\Windows\System\CLPXpLw.exe
  C:\Windows\System\CLPXpLw.exe
  2⤵
  PID:10172
- C:\Windows\System\nqHBtGp.exe
  C:\Windows\System\nqHBtGp.exe
  2⤵
  PID:10080
- C:\Windows\System\qvKFrjD.exe
  C:\Windows\System\qvKFrjD.exe
  2⤵
  PID:10224
- C:\Windows\System\mevPrjh.exe
  C:\Windows\System\mevPrjh.exe
  2⤵
  PID:10208
- C:\Windows\System\iCrFKve.exe
  C:\Windows\System\iCrFKve.exe
  2⤵
  PID:10076
- C:\Windows\System\cadJpdj.exe
  C:\Windows\System\cadJpdj.exe
  2⤵
  PID:8456
- C:\Windows\System\LSdoUfM.exe
  C:\Windows\System\LSdoUfM.exe
  2⤵
  PID:9752
- C:\Windows\System\phNreup.exe
  C:\Windows\System\phNreup.exe
  2⤵
  PID:9304
- C:\Windows\System\NPuCGVY.exe
  C:\Windows\System\NPuCGVY.exe
  2⤵
  PID:9324
- C:\Windows\System\EMNIfXy.exe
  C:\Windows\System\EMNIfXy.exe
  2⤵
  PID:9440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BuOqJzT.exe

Filesize
6.0MB

MD5
0a1bfb6e969590f27fef432f346e9047

SHA1
2c5f92600958fb34355db05e50755a21c57dc535

SHA256
ee29de2fec7df16f90c2b11a0e536dd63b8d11373d9c4dbfd1e000408d95ee0b

SHA512
1b99ba5fd0563d026fb7df6822c9a0eccad06655d336d76827bd6635ef5c78af1e1fa42195e968fe7fde32381573bc0610f70de609fa1fcba2dd7fb113f14506

Download Submit
C:\Windows\system\EBEHuya.exe

Filesize
6.0MB

MD5
b66e59bbf63a843b787f111b5c53f082

SHA1
3ac8259e0bccae9325dcdb83b7a188fb39cce747

SHA256
53756c81f901a352756f80b360646b37156b3f46272cdd21748fda1f2b8624ad

SHA512
056c711b8e3036a8e33318101e786811b2dcb7117fbe0d71c02af1b12fd681a8cf8109a62b26d1ca22c8efb12107af9b1e3495476351e1d7fe81cd1ac095d519

Download Submit
C:\Windows\system\EthMEOD.exe

Filesize
6.0MB

MD5
b8c7b8522b881b46dc834aafc8d66551

SHA1
df042e325290e0d8874af017999ca76037d643df

SHA256
45ecc64f43317c9ca7a34dd87817bb770cbcebcd0975ad26e871d63e1dab2797

SHA512
258441df772af42364854daa8a24ddc65f16c710857c89ccbb310e1f7351dcb68b197b3f3c284d21556f41b5c77e86f53df8b384a65e6510a7585d61953d0478

Download Submit
C:\Windows\system\EvKSaUr.exe

Filesize
6.0MB

MD5
6a8f66b621c786bc1822dafc9b5bdcfc

SHA1
6d0fd2b26b15fb1d8e491004dd04f9fea1a16e24

SHA256
8a163cbd755357235e0225d31fc3163e6641e9af5a07f3b880c336bb4368bcc4

SHA512
315e006405903bd396d46132bf346e003deefe91f30880769f3c17148f0e1a145a9eff7248cfcc54abaa50a3732a9b555f4cf8bbd144118f6241cb1fa292c839

Download Submit
C:\Windows\system\FFWtAJv.exe

Filesize
6.0MB

MD5
54008c69b90b1e90e1fa2a0eaf8490a6

SHA1
eb93c311c42785d57f2398b6b130b936114e4ead

SHA256
192310a3cb6db3051d2260d8d9d8c62b860b2a9710838cf8f6793972609c45b6

SHA512
c1c2b80d9455c0a16f4d5f3d3ba72e492c6c3290999113b5a535f30a5da0733356c530803542f039ac07dd05595d8d315151505cd938b89276a16080e2f356be

Download Submit
C:\Windows\system\HSHPogg.exe

Filesize
6.0MB

MD5
b41e2498d77c2a4d90725fc6ee1b7610

SHA1
8f3a7aa0b20dda0a622e3db5b6f5f482eed0d7b2

SHA256
b906804de2150a3ecfe52542ec2edc86480c6a3283663d57b7d367e35c698276

SHA512
bc96fbb4af2c21d05c4a8a4a2b17e0bc9162baf457dcc1e1634e7532195e9e0eb9b98434061ee69b12b82595e676d35280da1d2f38336588fabf15cf80a38381

Download Submit
C:\Windows\system\ILHHAkx.exe

Filesize
6.0MB

MD5
c633ef346386358a6908d73c59b0a371

SHA1
f002418a108807b596d4501cc1795a0e79c76efb

SHA256
5f43602c143644fe3583f6097fab3a5e5c46fc1e477eb85d3b1c0da0b945cc14

SHA512
c84ebae57231c24a73e4c567dc4004472ddc18c9ac7b89b3287d6ce23514f785e6b8e167c1f571a65d7c425b9e3e95fa55474395583bf434793bf44d478d06cd

Download Submit
C:\Windows\system\IjYPbSn.exe

Filesize
6.0MB

MD5
d4927d4c0db52c09b0a8e811eeb23465

SHA1
549030d3c22b4eeefc55567c7a12a798c07a7676

SHA256
feab86f14ff8aa49c76f726f54f8258955fa78e55f930170a7d00aaf16173bc0

SHA512
fe9b3b3a4039eab6a0583cb375c80b9146e4f6ec6e2d6ccb3a2602c32ce37db72781ceb4cd31c84053f4ca3a8a2767f499553415a459ea9c6475ba51236f4744

Download Submit
C:\Windows\system\ImaMFSW.exe

Filesize
6.0MB

MD5
a2132c22069a87b70169b18d17d26b7d

SHA1
939ac2a10f40c8617705f5f273212a72a5143f9c

SHA256
9098eb900dca668c526aeebfd80f4bc9eb3e162edef5724b55444025aaf8ce57

SHA512
14e04bb05f361c93b5f89ab1fc032ef30c6ef8bbb1fced69f292d9a90d9d23e3697dc7f09271a43727e20d75c4919adf3da115f610bc6ba598101552d3673ccb

Download Submit
C:\Windows\system\NibvhTW.exe

Filesize
6.0MB

MD5
4adf88cd012da9eee52855cfab45ba74

SHA1
d4d3df08eb6e5b1b92c13c300fd8fe99f232e43c

SHA256
eeb756b0e9d3c6bbc0aa14b34a1a3d76fdc7ebc28606f823de961290b91a331c

SHA512
b76254b4fef5edaffc8e7f461b460ff881cadd3b296558ec193ebfa45eb067c15f122e980977719b0c8524f0c95b1c7a7b532055fd37bf726426486c11ebffab

Download Submit
C:\Windows\system\PzeQpyi.exe

Filesize
6.0MB

MD5
4886743d1ef9108efcfa6ac770686358

SHA1
c5fcd52d2896826503ebea3d390ce55b6834d810

SHA256
0f6ca48e3f5482f3b13392007a9252e22a264cbf1aae0b848042b6f7b5c47e8b

SHA512
273d90a2c3f1e9d749d2b2d9659d250fed926558765a86b430517333fe7f554fe73d1abf446c1a280fccb10f99b0f2c3052546aafb1edba553ee8423997671b3

Download Submit
C:\Windows\system\RbCsFKA.exe

Filesize
6.0MB

MD5
9fe4128847a971a462952171ceb76aff

SHA1
93600eaf765e3488745b4b1e275312cd07a6b32e

SHA256
eb152cd717316461844f06675524d34d8c79c250cb646df4afa62920cbfe1471

SHA512
c39e48ca0d5f68fda02e99d3e5cb21199fb4ddc4d0cb955841f577effc21887a707203fc328600c4c47b129e6cbd8c3f7156ad4d6e9bb68b88ae84a17bad41da

Download Submit
C:\Windows\system\SBSQTsM.exe

Filesize
6.0MB

MD5
e80a9892b56f688deb6c9a3377e5726c

SHA1
215120dd7bc7af1bfdfc4ac2e7d4c9f06decf987

SHA256
c2a33ac671f7f3c65031af97c45d72035c9b6d669f82f63fd23520080d8a991b

SHA512
e12dc65f9ebfcc01bfc86bdaf922d6b27c2bdad463d05e7221a2a28e1a7cf03ede05206bb270d8a02ad34d35606a5f910a1a6d353a07887377792aa1305b95fa

Download Submit
C:\Windows\system\VZUiRFV.exe

Filesize
6.0MB

MD5
9a1965642237071bdad3ba3d203e0787

SHA1
93795197518eebaca1609f7a65d432e09dbe4766

SHA256
43d508b648ee685cba5b4675d3d538d4e96201a463fa1744da91e68d2279b7f7

SHA512
467c9ef4e386e8bd41706be0164a6b1818f6841f5e839d0085885203762ee738b869dd619c229af243933220602772c32198d82d73f316574a294916c47ed2c6

Download Submit
C:\Windows\system\ZcBhGAk.exe

Filesize
6.0MB

MD5
1d25921aced5fd351c074480293accf0

SHA1
7f9478de1e9ac6d1bf2bb5dc67d627734fba6bd1

SHA256
19c9f7c93f3d369794d90bf0f8b3711e2fcf715bd10d4bc6068ac1d3d006f588

SHA512
69cc8cafbb84b931fb3ba2555fbbb5e238317648bbdf68c7da392b549bccd60288e08a12452e38b72c4e88b9ed8216cb013942c371589b9f3bd0e3aad0c65a0a

Download Submit
C:\Windows\system\cObUeoT.exe

Filesize
6.0MB

MD5
273c8a8835f5c982c05fefc489cb87fd

SHA1
6a9042e3636561146770e318f8470ee5533d5a99

SHA256
7eb5c6bf1c5280185a682dfaf9d0e1b15f54d4bae3a424b757c90aca6d5e4d44

SHA512
90a0d551c7c24ea29fa0a0e7fe5cc947f94ec03cb3268483bd5488c5226f5c07491c91e44662edef2247da1c5b96707696afe1c98edb8cba5dab7e7e625e357c

Download Submit
C:\Windows\system\dmlfisn.exe

Filesize
6.0MB

MD5
9362b2059c56dc700a1f9f8f0fde5531

SHA1
9f2adf58b44b579443666a3f4ba9c8fa26bb33f7

SHA256
590bb0b5f85eb10da506de9489b4e78f05a33bb8d7ce4ead7fb6917454a8eef0

SHA512
74ac4aaacb40f9cbffaa323eeabd33361c97f25bed8cc216f478611f193795bc20f4f7c9ddeef3eb1e69f5c0c9ad64210c479cc56f7461e57b27a8dba623d934

Download Submit
C:\Windows\system\jJRXLRh.exe

Filesize
6.0MB

MD5
f6b731f6d9cf424bc8a9f92cece65f65

SHA1
84a4a2cc2732c725e6b27266e5d55ea5e065f456

SHA256
395af9c8c1f8e975f81ac644d0f5df7eb0a60aa33b28fb1cbb36b9524b5defdc

SHA512
a9ca95f71cb5d6739e2e2bb69eb785a407abfa98e517f6c455ada5952828a0329ef6265c3b7ea7e2b5f32fc66071e3cfd5ed578b8cf2595ad1725c9a28490739

Download Submit
C:\Windows\system\jepyvvA.exe

Filesize
6.0MB

MD5
0a6692d8fbfffe26d4964e74c807aba9

SHA1
8880423a411a779b157a987e9932ec363d2aa604

SHA256
80ce19b9d09be71894904ce2906ac1b5f58670b1485d540364f7ee587df2dce6

SHA512
f52eeb48299b72b082ca424185ddb6501ddf3fb8ea9948b87bc017a14bdd1a8853225fa1c473f40aacb6028846cfd009507475cfdb745efc5ae3870d18978e7a

Download Submit
C:\Windows\system\kBUkAsg.exe

Filesize
6.0MB

MD5
1de8be0b979d0644bac7b450104369a0

SHA1
0254183111505a2c485c806ef7dd5244be959994

SHA256
6ae051d834fa235b3d22916af0c33eb2c411a20d64d5421506739e8fafc60f5b

SHA512
ac9e9814e9429ec372e2a86dd79ecfa7c15d64d0e049df1fb6a804b694709a9df0e5f4b95e31df0832edc3304278fcaf85dc229b627d2c6d4964e3b124e951e0

Download Submit
C:\Windows\system\kexhnyT.exe

Filesize
6.0MB

MD5
27029386865b0543540b047377bd3113

SHA1
5fde39d19e6def5e693b176c3211d484af8986a8

SHA256
d1d272fc833035a7da4116dbb647fa85794d47ae1639e47e3ede0d9b8e7b8fff

SHA512
793e9cb832a867670ed4f36bb9d8ac143b67cf471454237e64ca341adafed611a5bdc18cf6bff8dfbf9e4d7679e75d548baac369d55e49c3802999f534664bb6

Download Submit
C:\Windows\system\mHZtZbQ.exe

Filesize
6.0MB

MD5
c477e4ed86d5578043f83a98bb6226aa

SHA1
359cea91d570f5aca8999b718dfd70b44f8ce606

SHA256
bd1bab199f9cfd41c7812661ac00b2f1d25ca18b6c297d4027775271f661b815

SHA512
e7870f1f3bba45754293efc601b4bb735b223aa320ece7052be3fc8eff529fa54b0d97828eb8a2b69113401a096bbc2c6f97e273fc52bec517ac2fd652474011

Download Submit
C:\Windows\system\mZjsVDh.exe

Filesize
6.0MB

MD5
758dc8691f7f32e33dc42496300f5eef

SHA1
5609b30308a10e2c90ff202020f20edfd1539059

SHA256
e5fd0344e254bd3ddfa00f8d3f9b9f65198cd6b281be55f1637ff097046920ef

SHA512
fc0f702a7d410e0a5b563878bbd7aa32e103e42059d33ddfde5153ebf2c649635e8c84fe53cf30ebbf03392809aa668584e4b5b981a1da35a453ad0000b7e1b5

Download Submit
C:\Windows\system\pKnyPzu.exe

Filesize
6.0MB

MD5
d8ca24c11559649a2d88c16eb6c32d40

SHA1
bfa1b76c7c6ecd78c958f1857e8a14369a70ecf2

SHA256
82a6658025b9c30673bbfc4010278463942f89033742b6deac02d822e5aaa9da

SHA512
537ce6025053e492eb607cc6822078775ee7ccd0837bb56a31228d41842f6063b55651c3e6b1b95299c9fc8c23268e50673ef6324b854ccbdcf1568ee19d71b4

Download Submit
C:\Windows\system\rBvjuDA.exe

Filesize
6.0MB

MD5
4560458ed0301fd7ff11034e2cfd2066

SHA1
493239d9fad643ba622fd8f762814a1b5146c4bb

SHA256
5879155e316131e3a3f3eb7ccdc705053a68bbf612f628d7d113f556a2c394d3

SHA512
fbbdb22e2de0d2b452d92f2462a4b819aee7b1b234ee6f16c7eaf5ff29eb8f852ff05db5d2c306ccba3705d6584d77df5ff399f4f420318a4ad1c2aea8dcf8c8

Download Submit
C:\Windows\system\wEJktkm.exe

Filesize
6.0MB

MD5
cde77da718f35f9ce162069b4f5e47b3

SHA1
ef8fbb7ad118cee7c7ebd2b17d1a9d1593f6263b

SHA256
b1f1d53efdccd37bed55c545dd43c17c54a2daa0d6ad6b25e74abc8431e5ce05

SHA512
0e89cd5e0d182ad096f4cd519f9a70eac697764bd31cf010476ced5b91e112f200791467f54c3368d3e7035ef3ec77be85a6d44c560d1def86d938f47d844b8e

Download Submit
C:\Windows\system\zTgNXXr.exe

Filesize
6.0MB

MD5
8b5453847aa1e2dc76c2a9f3a95a0c64

SHA1
4bd01a56e4d2ba9c6ae3eed577a638fff15fbfeb

SHA256
1e699bfca84b4d8ef2a189fbd1d9636feb5c172bc4b6d6c55dd99fde9009cb65

SHA512
1a6e8c07deabae03ef7d0b297bd50a9d9af3001cffd39f2b49b4d71826b085ba836ec69f6b32466e5177e163e255f41fd04d1d4d32851a2e242ba61a2c319caa

Download Submit
C:\Windows\system\znofBad.exe

Filesize
6.0MB

MD5
06b658549883e2dcfbfd147621b1dd88

SHA1
60adb0418098017bb72d82664f74cac398655ff2

SHA256
957c12ead20b21ad49d83d3cb3c60ff1c9ca94209999bf06b0efbe5ae920d24d

SHA512
f1df9e5b07b7de50559b2b03e7869d6d9ff022896f080a8c676f32cc79ccee42455f7e185a6b9ba63350704142f73138af7995eea1568b342cf56e6ad793fa8e

Download Submit
C:\Windows\system\zvxsnVU.exe

Filesize
6.0MB

MD5
67fca7f278cbbd8ae2e1cac8fabafee4

SHA1
fdf424bbf52950a73cf62bd18c77edfb27ad732e

SHA256
cb2c307cd61fdefbda8de2aa3842162ae71a64331740887006ef045b3fea5fa5

SHA512
286934422bd5b52772cbb312a5ec40c1c9ab1c256a32f07d77bfb72927fde589a5edeb0aaa1dcceb14e935380c1a45c3c69b2433a3ee9849692cc6935cc2dca9

Download Submit
\Windows\system\AMujePY.exe

Filesize
6.0MB

MD5
b81209bb19b3e8b1b3467554186c3300

SHA1
2ded7ffcba904a4360d0ed54a27f5430c0119988

SHA256
87e02e7d63ecd917a1c588343762388feeb25c7e0111b216f44fecc2b4db0cb2

SHA512
bfab4a04b666a1d52336855b8e19b5e3b45648e7e5937e7587dccfc91b15a6df6819951a6f1594b8f62c0026a0f5744a699beeabb54c0be9e9b453a827aa47ed

Download Submit
\Windows\system\HYBZalJ.exe

Filesize
6.0MB

MD5
0d89632c44a50e52c319f7ee2c071ad2

SHA1
c6568a7bdc644d2dfa91f26cf32a38dcf6de9154

SHA256
d370b91a39c80c87dffc5080f046f510d16f00805e788961ddcc64b06d9651f3

SHA512
2a0a6e3a2db06521c70cd5bf73007c3e3a64dabd766bdf54f3b255eead7b4a446e53a40963243c832168d9dc7b732f1c07058c9449bba6ae8ee101cbfafe8797

Download Submit
\Windows\system\XadGhwH.exe

Filesize
6.0MB

MD5
a0a241a8e0aef92c0728db08a14782e8

SHA1
6ae99155e2f4acc8a9eb6438ce3ad3c6e3eb3822

SHA256
dcadf352dc0392a09df939ade421cfdc674f7bdf4263dc9cf24666f4aab13a1a

SHA512
8e108443f342d2f3c20dc6fa925f4af48f3de5e4f1fdf4d184ff7a317c7ead26822dd83d2f86560156e685f7bccf2c12ff0eedc76aaf38190d96ba44e4f254f2

Download Submit
memory/1864-3784-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1864-132-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-139-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-147-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-141-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-154-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2120-137-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2120-135-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2120-151-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-133-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-149-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1216-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-130-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1321-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-143-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-0-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1128-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-145-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2152-3760-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2152-136-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2296-3732-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-153-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-131-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-3741-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-3756-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-146-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-128-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2556-3737-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2644-152-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3777-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-138-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3755-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-140-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3785-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3764-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-144-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-148-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4039-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2804-134-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3742-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-142-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-3743-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-3740-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2912-150-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download