cobaltstrike | 2e8f9f971ad229fbd61f8898baab7aa9c53f39b75973dcb8d70040dd5054ff5e

Analysis

max time kernel
149s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 15:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ab86ff5abe5f004c59df940e48e01d5f
SHA1

ec301abd2df78493f82b033262dfdf00928dda8f
SHA256

2e8f9f971ad229fbd61f8898baab7aa9c53f39b75973dcb8d70040dd5054ff5e
SHA512

f62830499ff7a3779856eac6cad90c1e364cebd3835c402f95481a863c5ffc15327e89d52dfb6282a34ac5112dddf1cdf617a6119da447371003ecef906e919d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU8:T+q56utgpPF8u/78

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 39 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\JgTBOBs.exe	cobalt_reflective_dll
\Windows\system\qvIXtmS.exe	cobalt_reflective_dll
\Windows\system\DoadBxI.exe	cobalt_reflective_dll
C:\Windows\system\ljyFbvd.exe	cobalt_reflective_dll
\Windows\system\tbdIAnC.exe	cobalt_reflective_dll
C:\Windows\system\TjDlGdf.exe	cobalt_reflective_dll
C:\Windows\system\yZVbhvL.exe	cobalt_reflective_dll
\Windows\system\VuwrRqo.exe	cobalt_reflective_dll
C:\Windows\system\duzsJng.exe	cobalt_reflective_dll
C:\Windows\system\yVOsGls.exe	cobalt_reflective_dll
C:\Windows\system\YbTYJsy.exe	cobalt_reflective_dll
\Windows\system\XWCGNID.exe	cobalt_reflective_dll
C:\Windows\system\gHRtNIm.exe	cobalt_reflective_dll
\Windows\system\YkADwNW.exe	cobalt_reflective_dll
\Windows\system\jYDUaCt.exe	cobalt_reflective_dll
\Windows\system\ioCPgOe.exe	cobalt_reflective_dll
\Windows\system\ovmGerf.exe	cobalt_reflective_dll
\Windows\system\aiZiyRh.exe	cobalt_reflective_dll
C:\Windows\system\qJlkODC.exe	cobalt_reflective_dll
\Windows\system\ZkNeiVZ.exe	cobalt_reflective_dll
\Windows\system\UDkJqKa.exe	cobalt_reflective_dll
\Windows\system\nQvSpoL.exe	cobalt_reflective_dll
C:\Windows\system\dyrNOhB.exe	cobalt_reflective_dll
\Windows\system\IAHYftJ.exe	cobalt_reflective_dll
\Windows\system\EHTKnJD.exe	cobalt_reflective_dll
\Windows\system\PWaYMgN.exe	cobalt_reflective_dll
\Windows\system\UVgWHaS.exe	cobalt_reflective_dll
\Windows\system\ZZVQHFG.exe	cobalt_reflective_dll
\Windows\system\nAnXaMq.exe	cobalt_reflective_dll
\Windows\system\YVXtyYD.exe	cobalt_reflective_dll
C:\Windows\system\nfyJLmO.exe	cobalt_reflective_dll
C:\Windows\system\lgNVJqf.exe	cobalt_reflective_dll
C:\Windows\system\QWHafrO.exe	cobalt_reflective_dll
C:\Windows\system\vSJegTF.exe	cobalt_reflective_dll
C:\Windows\system\vSoQvqT.exe	cobalt_reflective_dll
C:\Windows\system\VjtYLZK.exe	cobalt_reflective_dll
C:\Windows\system\vNklKxR.exe	cobalt_reflective_dll
C:\Windows\system\MDvmCdB.exe	cobalt_reflective_dll
C:\Windows\system\VHVrhAa.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2532-0-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
\Windows\system\JgTBOBs.exe	xmrig
\Windows\system\qvIXtmS.exe	xmrig
behavioral1/memory/1924-23-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
\Windows\system\DoadBxI.exe	xmrig
C:\Windows\system\ljyFbvd.exe	xmrig
\Windows\system\tbdIAnC.exe	xmrig
behavioral1/memory/2076-12-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2376-82-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
C:\Windows\system\TjDlGdf.exe	xmrig
C:\Windows\system\yZVbhvL.exe	xmrig
\Windows\system\VuwrRqo.exe	xmrig
C:\Windows\system\duzsJng.exe	xmrig
C:\Windows\system\yVOsGls.exe	xmrig
C:\Windows\system\YbTYJsy.exe	xmrig
\Windows\system\XWCGNID.exe	xmrig
C:\Windows\system\gHRtNIm.exe	xmrig
\Windows\system\YkADwNW.exe	xmrig
\Windows\system\jYDUaCt.exe	xmrig
behavioral1/memory/2532-791-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/1924-793-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2076-792-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2172-190-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
\Windows\system\ioCPgOe.exe	xmrig
\Windows\system\ovmGerf.exe	xmrig
\Windows\system\aiZiyRh.exe	xmrig
behavioral1/memory/2724-150-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
C:\Windows\system\qJlkODC.exe	xmrig
\Windows\system\ZkNeiVZ.exe	xmrig
\Windows\system\UDkJqKa.exe	xmrig
\Windows\system\nQvSpoL.exe	xmrig
C:\Windows\system\dyrNOhB.exe	xmrig
\Windows\system\IAHYftJ.exe	xmrig
\Windows\system\EHTKnJD.exe	xmrig
\Windows\system\PWaYMgN.exe	xmrig
\Windows\system\UVgWHaS.exe	xmrig
\Windows\system\ZZVQHFG.exe	xmrig
\Windows\system\nAnXaMq.exe	xmrig
behavioral1/memory/2060-62-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
\Windows\system\YVXtyYD.exe	xmrig
behavioral1/memory/1108-196-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
C:\Windows\system\nfyJLmO.exe	xmrig
C:\Windows\system\lgNVJqf.exe	xmrig
C:\Windows\system\QWHafrO.exe	xmrig
behavioral1/memory/2996-166-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2608-157-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
C:\Windows\system\vSJegTF.exe	xmrig
behavioral1/memory/2856-154-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
C:\Windows\system\vSoQvqT.exe	xmrig
behavioral1/memory/2760-136-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
C:\Windows\system\VjtYLZK.exe	xmrig
C:\Windows\system\vNklKxR.exe	xmrig
C:\Windows\system\MDvmCdB.exe	xmrig
C:\Windows\system\VHVrhAa.exe	xmrig
behavioral1/memory/2696-94-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2996-2824-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2696-2825-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/1924-2866-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2076-2874-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2172-2873-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2760-2872-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2060-2883-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2724-2893-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2376-2896-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

JgTBOBs.exeqvIXtmS.exeljyFbvd.exeDoadBxI.exetbdIAnC.exeYbTYJsy.exeyVOsGls.exeduzsJng.exegHRtNIm.exeYkADwNW.exeyZVbhvL.exeTjDlGdf.exeXWCGNID.exeVuwrRqo.exeVHVrhAa.exeMDvmCdB.exedyrNOhB.exevNklKxR.exeVjtYLZK.exevSoQvqT.exeqJlkODC.exevSJegTF.exeQWHafrO.exelgNVJqf.exenfyJLmO.exeElUqywM.exeLtxKdYO.exeOJJgLNf.exegDeJFDZ.exeFHWbwmK.exeylIHyhz.exeYVXtyYD.exenAnXaMq.exeiWoqyIm.exeZZVQHFG.exeUVgWHaS.exeaQcblAA.exePWaYMgN.exeEHTKnJD.exeIAHYftJ.exejYDUaCt.exeyFCdVTl.exenQvSpoL.exeUDkJqKa.exeDHctJOo.exeZkNeiVZ.exeaiZiyRh.exeYgCXsUW.exeovmGerf.exeioCPgOe.exesREWNve.exehqwZZLR.exeJTepAhH.exewdQgiPv.exeoEEgIix.exeMGukqeA.exeyvRcwxm.exeCxEJNsW.exekaqTkpo.exehozqiUo.exeJTObOZu.exewvqKNRO.exevCAlDNY.execVKLxcL.exe

pid	process
2076	JgTBOBs.exe
1924	qvIXtmS.exe
2060	ljyFbvd.exe
2376	DoadBxI.exe
2696	tbdIAnC.exe
2760	YbTYJsy.exe
2724	yVOsGls.exe
2856	duzsJng.exe
2608	gHRtNIm.exe
2996	YkADwNW.exe
2172	yZVbhvL.exe
1108	TjDlGdf.exe
2912	XWCGNID.exe
1788	VuwrRqo.exe
2136	VHVrhAa.exe
1892	MDvmCdB.exe
620	dyrNOhB.exe
1816	vNklKxR.exe
1608	VjtYLZK.exe
2972	vSoQvqT.exe
2708	qJlkODC.exe
2692	vSJegTF.exe
856	QWHafrO.exe
3016	lgNVJqf.exe
928	nfyJLmO.exe
1372	ElUqywM.exe
308	LtxKdYO.exe
828	OJJgLNf.exe
1316	gDeJFDZ.exe
3040	FHWbwmK.exe
2560	ylIHyhz.exe
2676	YVXtyYD.exe
2436	nAnXaMq.exe
1592	iWoqyIm.exe
984	ZZVQHFG.exe
1092	UVgWHaS.exe
2108	aQcblAA.exe
2364	PWaYMgN.exe
2804	EHTKnJD.exe
2664	IAHYftJ.exe
1508	jYDUaCt.exe
2756	yFCdVTl.exe
2976	nQvSpoL.exe
264	UDkJqKa.exe
2636	DHctJOo.exe
1632	ZkNeiVZ.exe
552	aiZiyRh.exe
2024	YgCXsUW.exe
1128	ovmGerf.exe
2828	ioCPgOe.exe
2960	sREWNve.exe
2928	hqwZZLR.exe
1544	JTepAhH.exe
1048	wdQgiPv.exe
1072	oEEgIix.exe
2244	MGukqeA.exe
3048	yvRcwxm.exe
1292	CxEJNsW.exe
776	kaqTkpo.exe
2052	hozqiUo.exe
2624	JTObOZu.exe
3104	wvqKNRO.exe
3136	vCAlDNY.exe
3172	cVKLxcL.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2532-0-0x000000013F210000-0x000000013F564000-memory.dmp	upx
\Windows\system\JgTBOBs.exe	upx
\Windows\system\qvIXtmS.exe	upx
behavioral1/memory/1924-23-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
\Windows\system\DoadBxI.exe	upx
C:\Windows\system\ljyFbvd.exe	upx
\Windows\system\tbdIAnC.exe	upx
behavioral1/memory/2076-12-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2376-82-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
C:\Windows\system\TjDlGdf.exe	upx
C:\Windows\system\yZVbhvL.exe	upx
\Windows\system\VuwrRqo.exe	upx
C:\Windows\system\duzsJng.exe	upx
C:\Windows\system\yVOsGls.exe	upx
C:\Windows\system\YbTYJsy.exe	upx
\Windows\system\XWCGNID.exe	upx
C:\Windows\system\gHRtNIm.exe	upx
\Windows\system\YkADwNW.exe	upx
\Windows\system\jYDUaCt.exe	upx
behavioral1/memory/2532-791-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/1924-793-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2076-792-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2172-190-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
\Windows\system\ioCPgOe.exe	upx
\Windows\system\ovmGerf.exe	upx
\Windows\system\aiZiyRh.exe	upx
behavioral1/memory/2724-150-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
C:\Windows\system\qJlkODC.exe	upx
\Windows\system\ZkNeiVZ.exe	upx
\Windows\system\UDkJqKa.exe	upx
\Windows\system\nQvSpoL.exe	upx
C:\Windows\system\dyrNOhB.exe	upx
\Windows\system\IAHYftJ.exe	upx
\Windows\system\EHTKnJD.exe	upx
\Windows\system\PWaYMgN.exe	upx
\Windows\system\UVgWHaS.exe	upx
\Windows\system\ZZVQHFG.exe	upx
\Windows\system\nAnXaMq.exe	upx
behavioral1/memory/2060-62-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
\Windows\system\YVXtyYD.exe	upx
behavioral1/memory/1108-196-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
C:\Windows\system\nfyJLmO.exe	upx
C:\Windows\system\lgNVJqf.exe	upx
C:\Windows\system\QWHafrO.exe	upx
behavioral1/memory/2996-166-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2608-157-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
C:\Windows\system\vSJegTF.exe	upx
behavioral1/memory/2856-154-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
C:\Windows\system\vSoQvqT.exe	upx
behavioral1/memory/2760-136-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
C:\Windows\system\VjtYLZK.exe	upx
C:\Windows\system\vNklKxR.exe	upx
C:\Windows\system\MDvmCdB.exe	upx
C:\Windows\system\VHVrhAa.exe	upx
behavioral1/memory/2696-94-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2996-2824-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2696-2825-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/1924-2866-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2076-2874-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2172-2873-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2760-2872-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2060-2883-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2724-2893-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2376-2896-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\CALGuik.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\agRsZpp.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hkYzhld.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zApBfzP.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HLSyGLQ.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xykyHbG.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFVdfcB.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KAyhGGv.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kafibcL.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgQNEEQ.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UgQDhtJ.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bjqdoGT.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PeVxwcH.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjCEdrG.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WrLcKzY.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kkwzvFY.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OUSMIZg.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hOjJvcX.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VHVrhAa.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWebDil.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWpUtCu.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RXovnkW.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vyGZUtv.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vOQaRga.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTVEckQ.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgNVJqf.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DPkutqC.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BUleWZz.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KtCLgjb.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\paiCESE.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkcInPh.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rkJqhxt.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HDIPuZl.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\clNVZuF.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gaOLmuM.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gJFsRCj.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\clwWZzT.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UEIcrdA.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZIzKsOW.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yVowMVT.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\szXkKpy.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AlXHLbQ.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYKuYBM.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMEiqew.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftLqpCX.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gQtYvNf.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TVVljZK.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HNmzSpA.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bTDaiwA.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZgCPpzK.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDiHJqx.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dSIrVAQ.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwGqrIN.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EicgAXy.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iCddnAz.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jQYhueN.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afvAjBH.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JCWSzAk.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QWHafrO.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qArvjfQ.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EBVEFpg.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ANWqxoO.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJUviSz.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTxjVmx.exe	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs
Adversaries may check for Internet connectivity on compromised systems.
discovery

Internet Connection Discovery
T1016.001

Processes:

iJZping.exe

pid process

3980 iJZping.exe

pid	process
3980	iJZping.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2532 wrote to memory of 2076	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	JgTBOBs.exe
PID 2532 wrote to memory of 2076	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	JgTBOBs.exe
PID 2532 wrote to memory of 2076	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	JgTBOBs.exe
PID 2532 wrote to memory of 1924	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	qvIXtmS.exe
PID 2532 wrote to memory of 1924	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	qvIXtmS.exe
PID 2532 wrote to memory of 1924	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	qvIXtmS.exe
PID 2532 wrote to memory of 2060	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	ljyFbvd.exe
PID 2532 wrote to memory of 2060	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	ljyFbvd.exe
PID 2532 wrote to memory of 2060	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	ljyFbvd.exe
PID 2532 wrote to memory of 2696	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	tbdIAnC.exe
PID 2532 wrote to memory of 2696	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	tbdIAnC.exe
PID 2532 wrote to memory of 2696	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	tbdIAnC.exe
PID 2532 wrote to memory of 2376	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	DoadBxI.exe
PID 2532 wrote to memory of 2376	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	DoadBxI.exe
PID 2532 wrote to memory of 2376	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	DoadBxI.exe
PID 2532 wrote to memory of 2856	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	duzsJng.exe
PID 2532 wrote to memory of 2856	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	duzsJng.exe
PID 2532 wrote to memory of 2856	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	duzsJng.exe
PID 2532 wrote to memory of 2760	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	YbTYJsy.exe
PID 2532 wrote to memory of 2760	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	YbTYJsy.exe
PID 2532 wrote to memory of 2760	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	YbTYJsy.exe
PID 2532 wrote to memory of 2996	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	YkADwNW.exe
PID 2532 wrote to memory of 2996	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	YkADwNW.exe
PID 2532 wrote to memory of 2996	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	YkADwNW.exe
PID 2532 wrote to memory of 2724	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	yVOsGls.exe
PID 2532 wrote to memory of 2724	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	yVOsGls.exe
PID 2532 wrote to memory of 2724	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	yVOsGls.exe
PID 2532 wrote to memory of 2912	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	XWCGNID.exe
PID 2532 wrote to memory of 2912	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	XWCGNID.exe
PID 2532 wrote to memory of 2912	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	XWCGNID.exe
PID 2532 wrote to memory of 2608	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	gHRtNIm.exe
PID 2532 wrote to memory of 2608	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	gHRtNIm.exe
PID 2532 wrote to memory of 2608	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	gHRtNIm.exe
PID 2532 wrote to memory of 2676	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	YVXtyYD.exe
PID 2532 wrote to memory of 2676	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	YVXtyYD.exe
PID 2532 wrote to memory of 2676	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	YVXtyYD.exe
PID 2532 wrote to memory of 2172	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	yZVbhvL.exe
PID 2532 wrote to memory of 2172	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	yZVbhvL.exe
PID 2532 wrote to memory of 2172	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	yZVbhvL.exe
PID 2532 wrote to memory of 2436	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	nAnXaMq.exe
PID 2532 wrote to memory of 2436	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	nAnXaMq.exe
PID 2532 wrote to memory of 2436	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	nAnXaMq.exe
PID 2532 wrote to memory of 1108	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	TjDlGdf.exe
PID 2532 wrote to memory of 1108	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	TjDlGdf.exe
PID 2532 wrote to memory of 1108	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	TjDlGdf.exe
PID 2532 wrote to memory of 984	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	ZZVQHFG.exe
PID 2532 wrote to memory of 984	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	ZZVQHFG.exe
PID 2532 wrote to memory of 984	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	ZZVQHFG.exe
PID 2532 wrote to memory of 1788	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	VuwrRqo.exe
PID 2532 wrote to memory of 1788	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	VuwrRqo.exe
PID 2532 wrote to memory of 1788	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	VuwrRqo.exe
PID 2532 wrote to memory of 1092	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	UVgWHaS.exe
PID 2532 wrote to memory of 1092	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	UVgWHaS.exe
PID 2532 wrote to memory of 1092	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	UVgWHaS.exe
PID 2532 wrote to memory of 2136	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	VHVrhAa.exe
PID 2532 wrote to memory of 2136	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	VHVrhAa.exe
PID 2532 wrote to memory of 2136	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	VHVrhAa.exe
PID 2532 wrote to memory of 2364	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	PWaYMgN.exe
PID 2532 wrote to memory of 2364	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	PWaYMgN.exe
PID 2532 wrote to memory of 2364	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	PWaYMgN.exe
PID 2532 wrote to memory of 1892	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	MDvmCdB.exe
PID 2532 wrote to memory of 1892	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	MDvmCdB.exe
PID 2532 wrote to memory of 1892	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	MDvmCdB.exe
PID 2532 wrote to memory of 2804	2532	2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe	EHTKnJD.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_ab86ff5abe5f004c59df940e48e01d5f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\System\JgTBOBs.exe
  C:\Windows\System\JgTBOBs.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\qvIXtmS.exe
  C:\Windows\System\qvIXtmS.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\ljyFbvd.exe
  C:\Windows\System\ljyFbvd.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\tbdIAnC.exe
  C:\Windows\System\tbdIAnC.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\DoadBxI.exe
  C:\Windows\System\DoadBxI.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\duzsJng.exe
  C:\Windows\System\duzsJng.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\YbTYJsy.exe
  C:\Windows\System\YbTYJsy.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\YkADwNW.exe
  C:\Windows\System\YkADwNW.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\yVOsGls.exe
  C:\Windows\System\yVOsGls.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\XWCGNID.exe
  C:\Windows\System\XWCGNID.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\gHRtNIm.exe
  C:\Windows\System\gHRtNIm.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\YVXtyYD.exe
  C:\Windows\System\YVXtyYD.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\yZVbhvL.exe
  C:\Windows\System\yZVbhvL.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\nAnXaMq.exe
  C:\Windows\System\nAnXaMq.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\TjDlGdf.exe
  C:\Windows\System\TjDlGdf.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\ZZVQHFG.exe
  C:\Windows\System\ZZVQHFG.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\VuwrRqo.exe
  C:\Windows\System\VuwrRqo.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\UVgWHaS.exe
  C:\Windows\System\UVgWHaS.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\VHVrhAa.exe
  C:\Windows\System\VHVrhAa.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\PWaYMgN.exe
  C:\Windows\System\PWaYMgN.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\MDvmCdB.exe
  C:\Windows\System\MDvmCdB.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\EHTKnJD.exe
  C:\Windows\System\EHTKnJD.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\dyrNOhB.exe
  C:\Windows\System\dyrNOhB.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\IAHYftJ.exe
  C:\Windows\System\IAHYftJ.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\vNklKxR.exe
  C:\Windows\System\vNklKxR.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\jYDUaCt.exe
  C:\Windows\System\jYDUaCt.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\VjtYLZK.exe
  C:\Windows\System\VjtYLZK.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\nQvSpoL.exe
  C:\Windows\System\nQvSpoL.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\vSoQvqT.exe
  C:\Windows\System\vSoQvqT.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\UDkJqKa.exe
  C:\Windows\System\UDkJqKa.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\qJlkODC.exe
  C:\Windows\System\qJlkODC.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\ZkNeiVZ.exe
  C:\Windows\System\ZkNeiVZ.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\vSJegTF.exe
  C:\Windows\System\vSJegTF.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\aiZiyRh.exe
  C:\Windows\System\aiZiyRh.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\QWHafrO.exe
  C:\Windows\System\QWHafrO.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\ovmGerf.exe
  C:\Windows\System\ovmGerf.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\lgNVJqf.exe
  C:\Windows\System\lgNVJqf.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\ioCPgOe.exe
  C:\Windows\System\ioCPgOe.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\nfyJLmO.exe
  C:\Windows\System\nfyJLmO.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\hqwZZLR.exe
  C:\Windows\System\hqwZZLR.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\ElUqywM.exe
  C:\Windows\System\ElUqywM.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\JTepAhH.exe
  C:\Windows\System\JTepAhH.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\LtxKdYO.exe
  C:\Windows\System\LtxKdYO.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\wdQgiPv.exe
  C:\Windows\System\wdQgiPv.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\OJJgLNf.exe
  C:\Windows\System\OJJgLNf.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\MGukqeA.exe
  C:\Windows\System\MGukqeA.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\gDeJFDZ.exe
  C:\Windows\System\gDeJFDZ.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\yvRcwxm.exe
  C:\Windows\System\yvRcwxm.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\FHWbwmK.exe
  C:\Windows\System\FHWbwmK.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\kaqTkpo.exe
  C:\Windows\System\kaqTkpo.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\ylIHyhz.exe
  C:\Windows\System\ylIHyhz.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\orpNrDV.exe
  C:\Windows\System\orpNrDV.exe
  2⤵
  PID:3032
- C:\Windows\System\iWoqyIm.exe
  C:\Windows\System\iWoqyIm.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\DMifqmL.exe
  C:\Windows\System\DMifqmL.exe
  2⤵
  PID:2068
- C:\Windows\System\aQcblAA.exe
  C:\Windows\System\aQcblAA.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\BAlNQLc.exe
  C:\Windows\System\BAlNQLc.exe
  2⤵
  PID:2316
- C:\Windows\System\yFCdVTl.exe
  C:\Windows\System\yFCdVTl.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\EvwvHEl.exe
  C:\Windows\System\EvwvHEl.exe
  2⤵
  PID:3000
- C:\Windows\System\DHctJOo.exe
  C:\Windows\System\DHctJOo.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\PpYzoKb.exe
  C:\Windows\System\PpYzoKb.exe
  2⤵
  PID:820
- C:\Windows\System\YgCXsUW.exe
  C:\Windows\System\YgCXsUW.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\nfbPcBC.exe
  C:\Windows\System\nfbPcBC.exe
  2⤵
  PID:2796
- C:\Windows\System\sREWNve.exe
  C:\Windows\System\sREWNve.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\CZOJWCz.exe
  C:\Windows\System\CZOJWCz.exe
  2⤵
  PID:1472
- C:\Windows\System\oEEgIix.exe
  C:\Windows\System\oEEgIix.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\sXWbstv.exe
  C:\Windows\System\sXWbstv.exe
  2⤵
  PID:1500
- C:\Windows\System\CxEJNsW.exe
  C:\Windows\System\CxEJNsW.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\jLeWWph.exe
  C:\Windows\System\jLeWWph.exe
  2⤵
  PID:2548
- C:\Windows\System\hozqiUo.exe
  C:\Windows\System\hozqiUo.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\YDiHJqx.exe
  C:\Windows\System\YDiHJqx.exe
  2⤵
  PID:2572
- C:\Windows\System\JTObOZu.exe
  C:\Windows\System\JTObOZu.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\SDboNZe.exe
  C:\Windows\System\SDboNZe.exe
  2⤵
  PID:3088
- C:\Windows\System\wvqKNRO.exe
  C:\Windows\System\wvqKNRO.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\qmsYFFG.exe
  C:\Windows\System\qmsYFFG.exe
  2⤵
  PID:3120
- C:\Windows\System\vCAlDNY.exe
  C:\Windows\System\vCAlDNY.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\jZyLYXi.exe
  C:\Windows\System\jZyLYXi.exe
  2⤵
  PID:3156
- C:\Windows\System\cVKLxcL.exe
  C:\Windows\System\cVKLxcL.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\TFTDFHv.exe
  C:\Windows\System\TFTDFHv.exe
  2⤵
  PID:3188
- C:\Windows\System\IWIsXcG.exe
  C:\Windows\System\IWIsXcG.exe
  2⤵
  PID:3208
- C:\Windows\System\yzWvCbi.exe
  C:\Windows\System\yzWvCbi.exe
  2⤵
  PID:3228
- C:\Windows\System\WzUiGFD.exe
  C:\Windows\System\WzUiGFD.exe
  2⤵
  PID:3252
- C:\Windows\System\VHbRIkr.exe
  C:\Windows\System\VHbRIkr.exe
  2⤵
  PID:3268
- C:\Windows\System\QhOQeOl.exe
  C:\Windows\System\QhOQeOl.exe
  2⤵
  PID:3284
- C:\Windows\System\DWYfKJn.exe
  C:\Windows\System\DWYfKJn.exe
  2⤵
  PID:3304
- C:\Windows\System\cMidgms.exe
  C:\Windows\System\cMidgms.exe
  2⤵
  PID:3324
- C:\Windows\System\DpwIaeR.exe
  C:\Windows\System\DpwIaeR.exe
  2⤵
  PID:3344
- C:\Windows\System\oUbNUxs.exe
  C:\Windows\System\oUbNUxs.exe
  2⤵
  PID:3360
- C:\Windows\System\RprkNbt.exe
  C:\Windows\System\RprkNbt.exe
  2⤵
  PID:3380
- C:\Windows\System\blBbeNR.exe
  C:\Windows\System\blBbeNR.exe
  2⤵
  PID:3396
- C:\Windows\System\yLIPRTk.exe
  C:\Windows\System\yLIPRTk.exe
  2⤵
  PID:3412
- C:\Windows\System\LRSUQCm.exe
  C:\Windows\System\LRSUQCm.exe
  2⤵
  PID:3432
- C:\Windows\System\cHTcnSc.exe
  C:\Windows\System\cHTcnSc.exe
  2⤵
  PID:3452
- C:\Windows\System\dVjzRif.exe
  C:\Windows\System\dVjzRif.exe
  2⤵
  PID:3468
- C:\Windows\System\ZqoJawZ.exe
  C:\Windows\System\ZqoJawZ.exe
  2⤵
  PID:3484
- C:\Windows\System\fORfidm.exe
  C:\Windows\System\fORfidm.exe
  2⤵
  PID:3500
- C:\Windows\System\MHSfqAT.exe
  C:\Windows\System\MHSfqAT.exe
  2⤵
  PID:3520
- C:\Windows\System\OvaZjer.exe
  C:\Windows\System\OvaZjer.exe
  2⤵
  PID:3536
- C:\Windows\System\AlXHLbQ.exe
  C:\Windows\System\AlXHLbQ.exe
  2⤵
  PID:3552
- C:\Windows\System\KqCOjPl.exe
  C:\Windows\System\KqCOjPl.exe
  2⤵
  PID:3576
- C:\Windows\System\tRLsUPT.exe
  C:\Windows\System\tRLsUPT.exe
  2⤵
  PID:3592
- C:\Windows\System\GMipSSH.exe
  C:\Windows\System\GMipSSH.exe
  2⤵
  PID:3608
- C:\Windows\System\dSkVscY.exe
  C:\Windows\System\dSkVscY.exe
  2⤵
  PID:3624
- C:\Windows\System\RXovnkW.exe
  C:\Windows\System\RXovnkW.exe
  2⤵
  PID:3640
- C:\Windows\System\QAMfreM.exe
  C:\Windows\System\QAMfreM.exe
  2⤵
  PID:3716
- C:\Windows\System\UOLRsxl.exe
  C:\Windows\System\UOLRsxl.exe
  2⤵
  PID:3732
- C:\Windows\System\jwEjPUN.exe
  C:\Windows\System\jwEjPUN.exe
  2⤵
  PID:3752
- C:\Windows\System\IgyVqyM.exe
  C:\Windows\System\IgyVqyM.exe
  2⤵
  PID:3876
- C:\Windows\System\JcCXzyp.exe
  C:\Windows\System\JcCXzyp.exe
  2⤵
  PID:3900
- C:\Windows\System\IvPNJhl.exe
  C:\Windows\System\IvPNJhl.exe
  2⤵
  PID:3920
- C:\Windows\System\yyglQtP.exe
  C:\Windows\System\yyglQtP.exe
  2⤵
  PID:3940
- C:\Windows\System\VEDImgl.exe
  C:\Windows\System\VEDImgl.exe
  2⤵
  PID:3956
- C:\Windows\System\RxNFmfx.exe
  C:\Windows\System\RxNFmfx.exe
  2⤵
  PID:3972
- C:\Windows\System\pCGppAK.exe
  C:\Windows\System\pCGppAK.exe
  2⤵
  PID:3992
- C:\Windows\System\mLPfeyP.exe
  C:\Windows\System\mLPfeyP.exe
  2⤵
  PID:4008
- C:\Windows\System\BlPlpuF.exe
  C:\Windows\System\BlPlpuF.exe
  2⤵
  PID:4028
- C:\Windows\System\MQDEabI.exe
  C:\Windows\System\MQDEabI.exe
  2⤵
  PID:4044
- C:\Windows\System\FQFkTGN.exe
  C:\Windows\System\FQFkTGN.exe
  2⤵
  PID:4064
- C:\Windows\System\uwPhBaO.exe
  C:\Windows\System\uwPhBaO.exe
  2⤵
  PID:4084
- C:\Windows\System\yeFZGNV.exe
  C:\Windows\System\yeFZGNV.exe
  2⤵
  PID:2880
- C:\Windows\System\TDCSUtO.exe
  C:\Windows\System\TDCSUtO.exe
  2⤵
  PID:752
- C:\Windows\System\rRAhXsh.exe
  C:\Windows\System\rRAhXsh.exe
  2⤵
  PID:1008
- C:\Windows\System\ZHsdmXp.exe
  C:\Windows\System\ZHsdmXp.exe
  2⤵
  PID:2380
- C:\Windows\System\sOYfpMk.exe
  C:\Windows\System\sOYfpMk.exe
  2⤵
  PID:3116
- C:\Windows\System\JSufRgr.exe
  C:\Windows\System\JSufRgr.exe
  2⤵
  PID:3184
- C:\Windows\System\yEKQkDo.exe
  C:\Windows\System\yEKQkDo.exe
  2⤵
  PID:3292
- C:\Windows\System\rGmwCnU.exe
  C:\Windows\System\rGmwCnU.exe
  2⤵
  PID:3340
- C:\Windows\System\uYsZKPr.exe
  C:\Windows\System\uYsZKPr.exe
  2⤵
  PID:3408
- C:\Windows\System\oFymNne.exe
  C:\Windows\System\oFymNne.exe
  2⤵
  PID:3508
- C:\Windows\System\HXJQLsN.exe
  C:\Windows\System\HXJQLsN.exe
  2⤵
  PID:3548
- C:\Windows\System\LcexfPE.exe
  C:\Windows\System\LcexfPE.exe
  2⤵
  PID:3648
- C:\Windows\System\NYVCiIb.exe
  C:\Windows\System\NYVCiIb.exe
  2⤵
  PID:3064
- C:\Windows\System\IPvIArW.exe
  C:\Windows\System\IPvIArW.exe
  2⤵
  PID:1504
- C:\Windows\System\xQPBOxE.exe
  C:\Windows\System\xQPBOxE.exe
  2⤵
  PID:2824
- C:\Windows\System\SKIedqU.exe
  C:\Windows\System\SKIedqU.exe
  2⤵
  PID:2704
- C:\Windows\System\sGCzJnl.exe
  C:\Windows\System\sGCzJnl.exe
  2⤵
  PID:2944
- C:\Windows\System\izILRrW.exe
  C:\Windows\System\izILRrW.exe
  2⤵
  PID:2072
- C:\Windows\System\AjCEdrG.exe
  C:\Windows\System\AjCEdrG.exe
  2⤵
  PID:2460
- C:\Windows\System\CTlwANB.exe
  C:\Windows\System\CTlwANB.exe
  2⤵
  PID:1760
- C:\Windows\System\CuYygED.exe
  C:\Windows\System\CuYygED.exe
  2⤵
  PID:1276
- C:\Windows\System\BzawLGL.exe
  C:\Windows\System\BzawLGL.exe
  2⤵
  PID:2212
- C:\Windows\System\nChBNsb.exe
  C:\Windows\System\nChBNsb.exe
  2⤵
  PID:3704
- C:\Windows\System\epMfGSC.exe
  C:\Windows\System\epMfGSC.exe
  2⤵
  PID:2324
- C:\Windows\System\AxxkZQa.exe
  C:\Windows\System\AxxkZQa.exe
  2⤵
  PID:2660
- C:\Windows\System\oGFPkrl.exe
  C:\Windows\System\oGFPkrl.exe
  2⤵
  PID:1348
- C:\Windows\System\pEUAVdw.exe
  C:\Windows\System\pEUAVdw.exe
  2⤵
  PID:1736
- C:\Windows\System\TXlWgBs.exe
  C:\Windows\System\TXlWgBs.exe
  2⤵
  PID:3244
- C:\Windows\System\fYuKjyp.exe
  C:\Windows\System\fYuKjyp.exe
  2⤵
  PID:3564
- C:\Windows\System\fRWFScw.exe
  C:\Windows\System\fRWFScw.exe
  2⤵
  PID:3724
- C:\Windows\System\exaWZVm.exe
  C:\Windows\System\exaWZVm.exe
  2⤵
  PID:3600
- C:\Windows\System\yBuhZVq.exe
  C:\Windows\System\yBuhZVq.exe
  2⤵
  PID:3528
- C:\Windows\System\VarwbTJ.exe
  C:\Windows\System\VarwbTJ.exe
  2⤵
  PID:3420
- C:\Windows\System\syOWLdC.exe
  C:\Windows\System\syOWLdC.exe
  2⤵
  PID:3352
- C:\Windows\System\ZAhkGWo.exe
  C:\Windows\System\ZAhkGWo.exe
  2⤵
  PID:3236
- C:\Windows\System\WrLcKzY.exe
  C:\Windows\System\WrLcKzY.exe
  2⤵
  PID:3164
- C:\Windows\System\TYFywJB.exe
  C:\Windows\System\TYFywJB.exe
  2⤵
  PID:2384
- C:\Windows\System\QQzNntI.exe
  C:\Windows\System\QQzNntI.exe
  2⤵
  PID:1636
- C:\Windows\System\vzLYelj.exe
  C:\Windows\System\vzLYelj.exe
  2⤵
  PID:2628
- C:\Windows\System\DthdfaG.exe
  C:\Windows\System\DthdfaG.exe
  2⤵
  PID:2540
- C:\Windows\System\AWNpPrI.exe
  C:\Windows\System\AWNpPrI.exe
  2⤵
  PID:3784
- C:\Windows\System\YfWScOm.exe
  C:\Windows\System\YfWScOm.exe
  2⤵
  PID:3816
- C:\Windows\System\AHrEyCj.exe
  C:\Windows\System\AHrEyCj.exe
  2⤵
  PID:3836
- C:\Windows\System\LVclzhT.exe
  C:\Windows\System\LVclzhT.exe
  2⤵
  PID:3856
- C:\Windows\System\JTEcxXh.exe
  C:\Windows\System\JTEcxXh.exe
  2⤵
  PID:3908
- C:\Windows\System\KNBuHMB.exe
  C:\Windows\System\KNBuHMB.exe
  2⤵
  PID:4000
- C:\Windows\System\wUhqyRH.exe
  C:\Windows\System\wUhqyRH.exe
  2⤵
  PID:4072
- C:\Windows\System\eqagBqw.exe
  C:\Windows\System\eqagBqw.exe
  2⤵
  PID:4060
- C:\Windows\System\KZBEZmr.exe
  C:\Windows\System\KZBEZmr.exe
  2⤵
  PID:1848
- C:\Windows\System\EByzhoy.exe
  C:\Windows\System\EByzhoy.exe
  2⤵
  PID:3948
- C:\Windows\System\iJZping.exe
  C:\Windows\System\iJZping.exe
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3980
- C:\Windows\System\FxvGqhk.exe
  C:\Windows\System\FxvGqhk.exe
  2⤵
  PID:1604
- C:\Windows\System\yditjfj.exe
  C:\Windows\System\yditjfj.exe
  2⤵
  PID:3112
- C:\Windows\System\YqsCBGh.exe
  C:\Windows\System\YqsCBGh.exe
  2⤵
  PID:3448
- C:\Windows\System\QePfepH.exe
  C:\Windows\System\QePfepH.exe
  2⤵
  PID:3588
- C:\Windows\System\nxnzksl.exe
  C:\Windows\System\nxnzksl.exe
  2⤵
  PID:1896
- C:\Windows\System\QkIzJbr.exe
  C:\Windows\System\QkIzJbr.exe
  2⤵
  PID:2392
- C:\Windows\System\KgvZHVx.exe
  C:\Windows\System\KgvZHVx.exe
  2⤵
  PID:980
- C:\Windows\System\cgKfESU.exe
  C:\Windows\System\cgKfESU.exe
  2⤵
  PID:2472
- C:\Windows\System\oBZFUGC.exe
  C:\Windows\System\oBZFUGC.exe
  2⤵
  PID:3744
- C:\Windows\System\SeEIQua.exe
  C:\Windows\System\SeEIQua.exe
  2⤵
  PID:3516
- C:\Windows\System\nRqKSUS.exe
  C:\Windows\System\nRqKSUS.exe
  2⤵
  PID:3728
- C:\Windows\System\GhNgQKQ.exe
  C:\Windows\System\GhNgQKQ.exe
  2⤵
  PID:2080
- C:\Windows\System\JaAOGbA.exe
  C:\Windows\System\JaAOGbA.exe
  2⤵
  PID:3560
- C:\Windows\System\NLzyjap.exe
  C:\Windows\System\NLzyjap.exe
  2⤵
  PID:1860
- C:\Windows\System\jXWpXuU.exe
  C:\Windows\System\jXWpXuU.exe
  2⤵
  PID:2452
- C:\Windows\System\vvXceVW.exe
  C:\Windows\System\vvXceVW.exe
  2⤵
  PID:3168
- C:\Windows\System\EASAnYV.exe
  C:\Windows\System\EASAnYV.exe
  2⤵
  PID:1320
- C:\Windows\System\uFqAcUX.exe
  C:\Windows\System\uFqAcUX.exe
  2⤵
  PID:3464
- C:\Windows\System\rvMiQbm.exe
  C:\Windows\System\rvMiQbm.exe
  2⤵
  PID:3280
- C:\Windows\System\BxDmzRX.exe
  C:\Windows\System\BxDmzRX.exe
  2⤵
  PID:3100
- C:\Windows\System\dPNeuRM.exe
  C:\Windows\System\dPNeuRM.exe
  2⤵
  PID:2648
- C:\Windows\System\yKsrkPK.exe
  C:\Windows\System\yKsrkPK.exe
  2⤵
  PID:1524
- C:\Windows\System\vRxHnqA.exe
  C:\Windows\System\vRxHnqA.exe
  2⤵
  PID:3428
- C:\Windows\System\BoOmjaS.exe
  C:\Windows\System\BoOmjaS.exe
  2⤵
  PID:3764
- C:\Windows\System\qeYsYcJ.exe
  C:\Windows\System\qeYsYcJ.exe
  2⤵
  PID:3800
- C:\Windows\System\UrXBiLx.exe
  C:\Windows\System\UrXBiLx.exe
  2⤵
  PID:3912
- C:\Windows\System\DlEpcBl.exe
  C:\Windows\System\DlEpcBl.exe
  2⤵
  PID:3828
- C:\Windows\System\ZNhVamk.exe
  C:\Windows\System\ZNhVamk.exe
  2⤵
  PID:3868
- C:\Windows\System\vEHYDHJ.exe
  C:\Windows\System\vEHYDHJ.exe
  2⤵
  PID:4036
- C:\Windows\System\LIueNul.exe
  C:\Windows\System\LIueNul.exe
  2⤵
  PID:2904
- C:\Windows\System\SnXLjwX.exe
  C:\Windows\System\SnXLjwX.exe
  2⤵
  PID:3332
- C:\Windows\System\Iijxnxc.exe
  C:\Windows\System\Iijxnxc.exe
  2⤵
  PID:692
- C:\Windows\System\wRfamAo.exe
  C:\Windows\System\wRfamAo.exe
  2⤵
  PID:3224
- C:\Windows\System\DPvZtWJ.exe
  C:\Windows\System\DPvZtWJ.exe
  2⤵
  PID:4016
- C:\Windows\System\bwvVsuy.exe
  C:\Windows\System\bwvVsuy.exe
  2⤵
  PID:3748
- C:\Windows\System\kfusrfv.exe
  C:\Windows\System\kfusrfv.exe
  2⤵
  PID:3712
- C:\Windows\System\YrluABS.exe
  C:\Windows\System\YrluABS.exe
  2⤵
  PID:628
- C:\Windows\System\bKiLlpV.exe
  C:\Windows\System\bKiLlpV.exe
  2⤵
  PID:3312
- C:\Windows\System\nJSNlRd.exe
  C:\Windows\System\nJSNlRd.exe
  2⤵
  PID:3404
- C:\Windows\System\UWgOkuz.exe
  C:\Windows\System\UWgOkuz.exe
  2⤵
  PID:3632
- C:\Windows\System\qLMNTkp.exe
  C:\Windows\System\qLMNTkp.exe
  2⤵
  PID:3964
- C:\Windows\System\kkwzvFY.exe
  C:\Windows\System\kkwzvFY.exe
  2⤵
  PID:2932
- C:\Windows\System\hHxEjLG.exe
  C:\Windows\System\hHxEjLG.exe
  2⤵
  PID:4120
- C:\Windows\System\NTxNJHV.exe
  C:\Windows\System\NTxNJHV.exe
  2⤵
  PID:4140
- C:\Windows\System\gZXaasJ.exe
  C:\Windows\System\gZXaasJ.exe
  2⤵
  PID:4156
- C:\Windows\System\yaDLTEM.exe
  C:\Windows\System\yaDLTEM.exe
  2⤵
  PID:4180
- C:\Windows\System\wZnuwcW.exe
  C:\Windows\System\wZnuwcW.exe
  2⤵
  PID:4208
- C:\Windows\System\LheFUno.exe
  C:\Windows\System\LheFUno.exe
  2⤵
  PID:4228
- C:\Windows\System\oQUaHRk.exe
  C:\Windows\System\oQUaHRk.exe
  2⤵
  PID:4248
- C:\Windows\System\wcOdvCR.exe
  C:\Windows\System\wcOdvCR.exe
  2⤵
  PID:4268
- C:\Windows\System\jQgukIx.exe
  C:\Windows\System\jQgukIx.exe
  2⤵
  PID:4288
- C:\Windows\System\HjSDCGb.exe
  C:\Windows\System\HjSDCGb.exe
  2⤵
  PID:4308
- C:\Windows\System\ndKIepC.exe
  C:\Windows\System\ndKIepC.exe
  2⤵
  PID:4328
- C:\Windows\System\QxpTuZx.exe
  C:\Windows\System\QxpTuZx.exe
  2⤵
  PID:4352
- C:\Windows\System\CALGuik.exe
  C:\Windows\System\CALGuik.exe
  2⤵
  PID:4376
- C:\Windows\System\FJUjfXa.exe
  C:\Windows\System\FJUjfXa.exe
  2⤵
  PID:4400
- C:\Windows\System\cNEFSVD.exe
  C:\Windows\System\cNEFSVD.exe
  2⤵
  PID:4424
- C:\Windows\System\OFDQvAA.exe
  C:\Windows\System\OFDQvAA.exe
  2⤵
  PID:4448
- C:\Windows\System\dFenfpN.exe
  C:\Windows\System\dFenfpN.exe
  2⤵
  PID:4472
- C:\Windows\System\rtqllTj.exe
  C:\Windows\System\rtqllTj.exe
  2⤵
  PID:4496
- C:\Windows\System\TVVljZK.exe
  C:\Windows\System\TVVljZK.exe
  2⤵
  PID:4516
- C:\Windows\System\LCjUPlW.exe
  C:\Windows\System\LCjUPlW.exe
  2⤵
  PID:4536
- C:\Windows\System\JomABIs.exe
  C:\Windows\System\JomABIs.exe
  2⤵
  PID:4556
- C:\Windows\System\HDIPuZl.exe
  C:\Windows\System\HDIPuZl.exe
  2⤵
  PID:4576
- C:\Windows\System\pbZyEan.exe
  C:\Windows\System\pbZyEan.exe
  2⤵
  PID:4668
- C:\Windows\System\BuLmiye.exe
  C:\Windows\System\BuLmiye.exe
  2⤵
  PID:4688
- C:\Windows\System\ziWhgrz.exe
  C:\Windows\System\ziWhgrz.exe
  2⤵
  PID:4704
- C:\Windows\System\BpdHaLK.exe
  C:\Windows\System\BpdHaLK.exe
  2⤵
  PID:4724
- C:\Windows\System\rLaEgAV.exe
  C:\Windows\System\rLaEgAV.exe
  2⤵
  PID:4748
- C:\Windows\System\DjlSBaa.exe
  C:\Windows\System\DjlSBaa.exe
  2⤵
  PID:4764
- C:\Windows\System\IkTyQQB.exe
  C:\Windows\System\IkTyQQB.exe
  2⤵
  PID:4780
- C:\Windows\System\OUSMIZg.exe
  C:\Windows\System\OUSMIZg.exe
  2⤵
  PID:4800
- C:\Windows\System\IjGhZFp.exe
  C:\Windows\System\IjGhZFp.exe
  2⤵
  PID:4820
- C:\Windows\System\noDhZEc.exe
  C:\Windows\System\noDhZEc.exe
  2⤵
  PID:4840
- C:\Windows\System\dUYhUhl.exe
  C:\Windows\System\dUYhUhl.exe
  2⤵
  PID:4856
- C:\Windows\System\Tbiasqb.exe
  C:\Windows\System\Tbiasqb.exe
  2⤵
  PID:4876
- C:\Windows\System\qCWuzog.exe
  C:\Windows\System\qCWuzog.exe
  2⤵
  PID:4892
- C:\Windows\System\crRaCRj.exe
  C:\Windows\System\crRaCRj.exe
  2⤵
  PID:4916
- C:\Windows\System\jgMtdRj.exe
  C:\Windows\System\jgMtdRj.exe
  2⤵
  PID:4932
- C:\Windows\System\WrtznKW.exe
  C:\Windows\System\WrtznKW.exe
  2⤵
  PID:4952
- C:\Windows\System\NVyNkgd.exe
  C:\Windows\System\NVyNkgd.exe
  2⤵
  PID:4968
- C:\Windows\System\WhPCTvf.exe
  C:\Windows\System\WhPCTvf.exe
  2⤵
  PID:4988
- C:\Windows\System\sSuhDzW.exe
  C:\Windows\System\sSuhDzW.exe
  2⤵
  PID:5016
- C:\Windows\System\JXzVVOZ.exe
  C:\Windows\System\JXzVVOZ.exe
  2⤵
  PID:5044
- C:\Windows\System\zncPDwb.exe
  C:\Windows\System\zncPDwb.exe
  2⤵
  PID:5060
- C:\Windows\System\qqstvEI.exe
  C:\Windows\System\qqstvEI.exe
  2⤵
  PID:5080
- C:\Windows\System\PKyXQjL.exe
  C:\Windows\System\PKyXQjL.exe
  2⤵
  PID:5096
- C:\Windows\System\SYEtYJa.exe
  C:\Windows\System\SYEtYJa.exe
  2⤵
  PID:5116
- C:\Windows\System\rhUZNnb.exe
  C:\Windows\System\rhUZNnb.exe
  2⤵
  PID:3952
- C:\Windows\System\NnYRNcu.exe
  C:\Windows\System\NnYRNcu.exe
  2⤵
  PID:2736
- C:\Windows\System\uxCCQVO.exe
  C:\Windows\System\uxCCQVO.exe
  2⤵
  PID:3300
- C:\Windows\System\XSibUQw.exe
  C:\Windows\System\XSibUQw.exe
  2⤵
  PID:1920
- C:\Windows\System\zkdxZUg.exe
  C:\Windows\System\zkdxZUg.exe
  2⤵
  PID:3356
- C:\Windows\System\FIGwiBQ.exe
  C:\Windows\System\FIGwiBQ.exe
  2⤵
  PID:3320
- C:\Windows\System\UwYVFon.exe
  C:\Windows\System\UwYVFon.exe
  2⤵
  PID:1388
- C:\Windows\System\PnfxZYo.exe
  C:\Windows\System\PnfxZYo.exe
  2⤵
  PID:3844
- C:\Windows\System\eXQRfWz.exe
  C:\Windows\System\eXQRfWz.exe
  2⤵
  PID:2964
- C:\Windows\System\BsfdMvk.exe
  C:\Windows\System\BsfdMvk.exe
  2⤵
  PID:3148
- C:\Windows\System\HgTCxnv.exe
  C:\Windows\System\HgTCxnv.exe
  2⤵
  PID:3264
- C:\Windows\System\tdFVNQb.exe
  C:\Windows\System\tdFVNQb.exe
  2⤵
  PID:3492
- C:\Windows\System\WEehzxh.exe
  C:\Windows\System\WEehzxh.exe
  2⤵
  PID:4108
- C:\Windows\System\xewGdOK.exe
  C:\Windows\System\xewGdOK.exe
  2⤵
  PID:4136
- C:\Windows\System\clNVZuF.exe
  C:\Windows\System\clNVZuF.exe
  2⤵
  PID:4200
- C:\Windows\System\JUNTcLw.exe
  C:\Windows\System\JUNTcLw.exe
  2⤵
  PID:4176
- C:\Windows\System\yLGFSKL.exe
  C:\Windows\System\yLGFSKL.exe
  2⤵
  PID:4244
- C:\Windows\System\ngVZynQ.exe
  C:\Windows\System\ngVZynQ.exe
  2⤵
  PID:4276
- C:\Windows\System\TfXNRKT.exe
  C:\Windows\System\TfXNRKT.exe
  2⤵
  PID:4304
- C:\Windows\System\tiyWsbF.exe
  C:\Windows\System\tiyWsbF.exe
  2⤵
  PID:4348
- C:\Windows\System\uzdyUHS.exe
  C:\Windows\System\uzdyUHS.exe
  2⤵
  PID:4368
- C:\Windows\System\udLdxrJ.exe
  C:\Windows\System\udLdxrJ.exe
  2⤵
  PID:4392
- C:\Windows\System\UAVfvDz.exe
  C:\Windows\System\UAVfvDz.exe
  2⤵
  PID:4464
- C:\Windows\System\MZeNLpz.exe
  C:\Windows\System\MZeNLpz.exe
  2⤵
  PID:4484
- C:\Windows\System\baHaEKU.exe
  C:\Windows\System\baHaEKU.exe
  2⤵
  PID:4524
- C:\Windows\System\asZahyZ.exe
  C:\Windows\System\asZahyZ.exe
  2⤵
  PID:4564
- C:\Windows\System\xCwmKMR.exe
  C:\Windows\System\xCwmKMR.exe
  2⤵
  PID:2848
- C:\Windows\System\gaOLmuM.exe
  C:\Windows\System\gaOLmuM.exe
  2⤵
  PID:1984
- C:\Windows\System\epPahkL.exe
  C:\Windows\System\epPahkL.exe
  2⤵
  PID:1124
- C:\Windows\System\DXJkupD.exe
  C:\Windows\System\DXJkupD.exe
  2⤵
  PID:2432
- C:\Windows\System\VxLFXJP.exe
  C:\Windows\System\VxLFXJP.exe
  2⤵
  PID:4660
- C:\Windows\System\yqRNIQb.exe
  C:\Windows\System\yqRNIQb.exe
  2⤵
  PID:4736
- C:\Windows\System\BKJvogS.exe
  C:\Windows\System\BKJvogS.exe
  2⤵
  PID:4812
- C:\Windows\System\rHdJUQg.exe
  C:\Windows\System\rHdJUQg.exe
  2⤵
  PID:4684
- C:\Windows\System\LLAgMec.exe
  C:\Windows\System\LLAgMec.exe
  2⤵
  PID:4960
- C:\Windows\System\wDxaLnP.exe
  C:\Windows\System\wDxaLnP.exe
  2⤵
  PID:4712
- C:\Windows\System\HnQniVP.exe
  C:\Windows\System\HnQniVP.exe
  2⤵
  PID:4792
- C:\Windows\System\TqllHxU.exe
  C:\Windows\System\TqllHxU.exe
  2⤵
  PID:5000
- C:\Windows\System\DXVKEvT.exe
  C:\Windows\System\DXVKEvT.exe
  2⤵
  PID:5056
- C:\Windows\System\YYKuYBM.exe
  C:\Windows\System\YYKuYBM.exe
  2⤵
  PID:4980
- C:\Windows\System\eWJgJAu.exe
  C:\Windows\System\eWJgJAu.exe
  2⤵
  PID:4976
- C:\Windows\System\dXLhJAF.exe
  C:\Windows\System\dXLhJAF.exe
  2⤵
  PID:4868
- C:\Windows\System\WlFIIAP.exe
  C:\Windows\System\WlFIIAP.exe
  2⤵
  PID:2992
- C:\Windows\System\bJBZhEQ.exe
  C:\Windows\System\bJBZhEQ.exe
  2⤵
  PID:3128
- C:\Windows\System\uPRgWBL.exe
  C:\Windows\System\uPRgWBL.exe
  2⤵
  PID:2468
- C:\Windows\System\FcWFuxZ.exe
  C:\Windows\System\FcWFuxZ.exe
  2⤵
  PID:5112
- C:\Windows\System\HYVwsvt.exe
  C:\Windows\System\HYVwsvt.exe
  2⤵
  PID:4020
- C:\Windows\System\nCjNFAz.exe
  C:\Windows\System\nCjNFAz.exe
  2⤵
  PID:2044
- C:\Windows\System\lqJupfB.exe
  C:\Windows\System\lqJupfB.exe
  2⤵
  PID:3424
- C:\Windows\System\iLBwOxx.exe
  C:\Windows\System\iLBwOxx.exe
  2⤵
  PID:5108
- C:\Windows\System\LBbemHz.exe
  C:\Windows\System\LBbemHz.exe
  2⤵
  PID:1684
- C:\Windows\System\SmStrbS.exe
  C:\Windows\System\SmStrbS.exe
  2⤵
  PID:2440
- C:\Windows\System\DugvSie.exe
  C:\Windows\System\DugvSie.exe
  2⤵
  PID:3832
- C:\Windows\System\lNjjmrX.exe
  C:\Windows\System\lNjjmrX.exe
  2⤵
  PID:4188
- C:\Windows\System\gNbTWqt.exe
  C:\Windows\System\gNbTWqt.exe
  2⤵
  PID:3480
- C:\Windows\System\FqIRMUA.exe
  C:\Windows\System\FqIRMUA.exe
  2⤵
  PID:4076
- C:\Windows\System\SyMwDiN.exe
  C:\Windows\System\SyMwDiN.exe
  2⤵
  PID:4148
- C:\Windows\System\OqVRFor.exe
  C:\Windows\System\OqVRFor.exe
  2⤵
  PID:4260
- C:\Windows\System\MgpzXDx.exe
  C:\Windows\System\MgpzXDx.exe
  2⤵
  PID:4468
- C:\Windows\System\vJwuWKr.exe
  C:\Windows\System\vJwuWKr.exe
  2⤵
  PID:4324
- C:\Windows\System\EmPLloz.exe
  C:\Windows\System\EmPLloz.exe
  2⤵
  PID:2412
- C:\Windows\System\ssIazWD.exe
  C:\Windows\System\ssIazWD.exe
  2⤵
  PID:4548
- C:\Windows\System\IwQcxwO.exe
  C:\Windows\System\IwQcxwO.exe
  2⤵
  PID:4552
- C:\Windows\System\maJHvBI.exe
  C:\Windows\System\maJHvBI.exe
  2⤵
  PID:376
- C:\Windows\System\GEysxRA.exe
  C:\Windows\System\GEysxRA.exe
  2⤵
  PID:1824
- C:\Windows\System\bcfPHrM.exe
  C:\Windows\System\bcfPHrM.exe
  2⤵
  PID:4816
- C:\Windows\System\EpQPytN.exe
  C:\Windows\System\EpQPytN.exe
  2⤵
  PID:4732
- C:\Windows\System\CMEiqew.exe
  C:\Windows\System\CMEiqew.exe
  2⤵
  PID:4884
- C:\Windows\System\DPkutqC.exe
  C:\Windows\System\DPkutqC.exe
  2⤵
  PID:4716
- C:\Windows\System\HneqcFU.exe
  C:\Windows\System\HneqcFU.exe
  2⤵
  PID:5012
- C:\Windows\System\GdHUOWk.exe
  C:\Windows\System\GdHUOWk.exe
  2⤵
  PID:4828
- C:\Windows\System\SbEiZni.exe
  C:\Windows\System\SbEiZni.exe
  2⤵
  PID:4984
- C:\Windows\System\WWXOImO.exe
  C:\Windows\System\WWXOImO.exe
  2⤵
  PID:5088
- C:\Windows\System\MmqfeGL.exe
  C:\Windows\System\MmqfeGL.exe
  2⤵
  PID:2192
- C:\Windows\System\fqnOIQj.exe
  C:\Windows\System\fqnOIQj.exe
  2⤵
  PID:5076
- C:\Windows\System\wvWkicI.exe
  C:\Windows\System\wvWkicI.exe
  2⤵
  PID:2924
- C:\Windows\System\PzzTIGa.exe
  C:\Windows\System\PzzTIGa.exe
  2⤵
  PID:3760
- C:\Windows\System\SotMHrF.exe
  C:\Windows\System\SotMHrF.exe
  2⤵
  PID:1872
- C:\Windows\System\xivPIWx.exe
  C:\Windows\System\xivPIWx.exe
  2⤵
  PID:2312
- C:\Windows\System\uApgmIL.exe
  C:\Windows\System\uApgmIL.exe
  2⤵
  PID:4104
- C:\Windows\System\AxiLHPw.exe
  C:\Windows\System\AxiLHPw.exe
  2⤵
  PID:4116
- C:\Windows\System\mlDsYfI.exe
  C:\Windows\System\mlDsYfI.exe
  2⤵
  PID:4224
- C:\Windows\System\USarIiC.exe
  C:\Windows\System\USarIiC.exe
  2⤵
  PID:4336
- C:\Windows\System\KJAIvKI.exe
  C:\Windows\System\KJAIvKI.exe
  2⤵
  PID:4508
- C:\Windows\System\SHTnbDZ.exe
  C:\Windows\System\SHTnbDZ.exe
  2⤵
  PID:4492
- C:\Windows\System\VfLnjSA.exe
  C:\Windows\System\VfLnjSA.exe
  2⤵
  PID:960
- C:\Windows\System\SvOOiHP.exe
  C:\Windows\System\SvOOiHP.exe
  2⤵
  PID:2644
- C:\Windows\System\wUTyzgM.exe
  C:\Windows\System\wUTyzgM.exe
  2⤵
  PID:4760
- C:\Windows\System\OEVffKJ.exe
  C:\Windows\System\OEVffKJ.exe
  2⤵
  PID:4996
- C:\Windows\System\xCqkupJ.exe
  C:\Windows\System\xCqkupJ.exe
  2⤵
  PID:4872
- C:\Windows\System\PvgjddL.exe
  C:\Windows\System\PvgjddL.exe
  2⤵
  PID:5092
- C:\Windows\System\ubFRcpc.exe
  C:\Windows\System\ubFRcpc.exe
  2⤵
  PID:5028
- C:\Windows\System\tPoZRgn.exe
  C:\Windows\System\tPoZRgn.exe
  2⤵
  PID:5036
- C:\Windows\System\RfiufBo.exe
  C:\Windows\System\RfiufBo.exe
  2⤵
  PID:4912
- C:\Windows\System\pPtQfLK.exe
  C:\Windows\System\pPtQfLK.exe
  2⤵
  PID:2124
- C:\Windows\System\lGffXqy.exe
  C:\Windows\System\lGffXqy.exe
  2⤵
  PID:356
- C:\Windows\System\sXELytN.exe
  C:\Windows\System\sXELytN.exe
  2⤵
  PID:4412
- C:\Windows\System\aadkXzT.exe
  C:\Windows\System\aadkXzT.exe
  2⤵
  PID:4928
- C:\Windows\System\lnVYLNE.exe
  C:\Windows\System\lnVYLNE.exe
  2⤵
  PID:2544
- C:\Windows\System\VRyIIBL.exe
  C:\Windows\System\VRyIIBL.exe
  2⤵
  PID:4848
- C:\Windows\System\WDKkXJB.exe
  C:\Windows\System\WDKkXJB.exe
  2⤵
  PID:5136
- C:\Windows\System\eYkVjFk.exe
  C:\Windows\System\eYkVjFk.exe
  2⤵
  PID:5160
- C:\Windows\System\qjFfHRi.exe
  C:\Windows\System\qjFfHRi.exe
  2⤵
  PID:5188
- C:\Windows\System\kDtoaoy.exe
  C:\Windows\System\kDtoaoy.exe
  2⤵
  PID:5212
- C:\Windows\System\UNOgVWS.exe
  C:\Windows\System\UNOgVWS.exe
  2⤵
  PID:5236
- C:\Windows\System\XJxmbss.exe
  C:\Windows\System\XJxmbss.exe
  2⤵
  PID:5252
- C:\Windows\System\XfDmRRy.exe
  C:\Windows\System\XfDmRRy.exe
  2⤵
  PID:5276
- C:\Windows\System\zGwsnTz.exe
  C:\Windows\System\zGwsnTz.exe
  2⤵
  PID:5292
- C:\Windows\System\omwFtuT.exe
  C:\Windows\System\omwFtuT.exe
  2⤵
  PID:5308
- C:\Windows\System\efwfIhJ.exe
  C:\Windows\System\efwfIhJ.exe
  2⤵
  PID:5332
- C:\Windows\System\XyGhmwR.exe
  C:\Windows\System\XyGhmwR.exe
  2⤵
  PID:5348
- C:\Windows\System\nobezUf.exe
  C:\Windows\System\nobezUf.exe
  2⤵
  PID:5372
- C:\Windows\System\jCOZQHE.exe
  C:\Windows\System\jCOZQHE.exe
  2⤵
  PID:5388
- C:\Windows\System\SCUsdpb.exe
  C:\Windows\System\SCUsdpb.exe
  2⤵
  PID:5412
- C:\Windows\System\vWFrOZn.exe
  C:\Windows\System\vWFrOZn.exe
  2⤵
  PID:5428
- C:\Windows\System\NOYWtEi.exe
  C:\Windows\System\NOYWtEi.exe
  2⤵
  PID:5448
- C:\Windows\System\nvirJsC.exe
  C:\Windows\System\nvirJsC.exe
  2⤵
  PID:5468
- C:\Windows\System\CaqyzXe.exe
  C:\Windows\System\CaqyzXe.exe
  2⤵
  PID:5488
- C:\Windows\System\HzNLrCo.exe
  C:\Windows\System\HzNLrCo.exe
  2⤵
  PID:5504
- C:\Windows\System\qArvjfQ.exe
  C:\Windows\System\qArvjfQ.exe
  2⤵
  PID:5528
- C:\Windows\System\shhsOvO.exe
  C:\Windows\System\shhsOvO.exe
  2⤵
  PID:5544
- C:\Windows\System\QHRWxJP.exe
  C:\Windows\System\QHRWxJP.exe
  2⤵
  PID:5568
- C:\Windows\System\PMPFlgi.exe
  C:\Windows\System\PMPFlgi.exe
  2⤵
  PID:5584
- C:\Windows\System\dQEZWvG.exe
  C:\Windows\System\dQEZWvG.exe
  2⤵
  PID:5608
- C:\Windows\System\YcuHgkq.exe
  C:\Windows\System\YcuHgkq.exe
  2⤵
  PID:5624
- C:\Windows\System\eCZPAkB.exe
  C:\Windows\System\eCZPAkB.exe
  2⤵
  PID:5648
- C:\Windows\System\DqZScmh.exe
  C:\Windows\System\DqZScmh.exe
  2⤵
  PID:5672
- C:\Windows\System\pDrdmBU.exe
  C:\Windows\System\pDrdmBU.exe
  2⤵
  PID:5692
- C:\Windows\System\NjPcEOu.exe
  C:\Windows\System\NjPcEOu.exe
  2⤵
  PID:5708
- C:\Windows\System\mBIrFJy.exe
  C:\Windows\System\mBIrFJy.exe
  2⤵
  PID:5732
- C:\Windows\System\yPRzhaH.exe
  C:\Windows\System\yPRzhaH.exe
  2⤵
  PID:5748
- C:\Windows\System\WnUsruJ.exe
  C:\Windows\System\WnUsruJ.exe
  2⤵
  PID:5772
- C:\Windows\System\uMXHGlZ.exe
  C:\Windows\System\uMXHGlZ.exe
  2⤵
  PID:5792
- C:\Windows\System\vgaUsOf.exe
  C:\Windows\System\vgaUsOf.exe
  2⤵
  PID:5816
- C:\Windows\System\ardVbbd.exe
  C:\Windows\System\ardVbbd.exe
  2⤵
  PID:5832
- C:\Windows\System\vxdxyjH.exe
  C:\Windows\System\vxdxyjH.exe
  2⤵
  PID:5856
- C:\Windows\System\CyUZflt.exe
  C:\Windows\System\CyUZflt.exe
  2⤵
  PID:5872
- C:\Windows\System\sVfDIcS.exe
  C:\Windows\System\sVfDIcS.exe
  2⤵
  PID:5896
- C:\Windows\System\WfkqoKM.exe
  C:\Windows\System\WfkqoKM.exe
  2⤵
  PID:5916
- C:\Windows\System\kKmkOfp.exe
  C:\Windows\System\kKmkOfp.exe
  2⤵
  PID:5940
- C:\Windows\System\KOYZhQx.exe
  C:\Windows\System\KOYZhQx.exe
  2⤵
  PID:5960
- C:\Windows\System\ftLqpCX.exe
  C:\Windows\System\ftLqpCX.exe
  2⤵
  PID:5980
- C:\Windows\System\gfuGGdJ.exe
  C:\Windows\System\gfuGGdJ.exe
  2⤵
  PID:6004
- C:\Windows\System\uaylZbF.exe
  C:\Windows\System\uaylZbF.exe
  2⤵
  PID:6024
- C:\Windows\System\KqgXYee.exe
  C:\Windows\System\KqgXYee.exe
  2⤵
  PID:6044
- C:\Windows\System\uerRBmH.exe
  C:\Windows\System\uerRBmH.exe
  2⤵
  PID:6064
- C:\Windows\System\AoxIsLz.exe
  C:\Windows\System\AoxIsLz.exe
  2⤵
  PID:6084
- C:\Windows\System\ENxnYcT.exe
  C:\Windows\System\ENxnYcT.exe
  2⤵
  PID:6104
- C:\Windows\System\xSduUIW.exe
  C:\Windows\System\xSduUIW.exe
  2⤵
  PID:6124
- C:\Windows\System\nPrxbKx.exe
  C:\Windows\System\nPrxbKx.exe
  2⤵
  PID:4788
- C:\Windows\System\SzJSEXI.exe
  C:\Windows\System\SzJSEXI.exe
  2⤵
  PID:3848
- C:\Windows\System\LxkZwDz.exe
  C:\Windows\System\LxkZwDz.exe
  2⤵
  PID:4280
- C:\Windows\System\TekydZZ.exe
  C:\Windows\System\TekydZZ.exe
  2⤵
  PID:4480
- C:\Windows\System\aDaYabt.exe
  C:\Windows\System\aDaYabt.exe
  2⤵
  PID:1148
- C:\Windows\System\rfhuNCr.exe
  C:\Windows\System\rfhuNCr.exe
  2⤵
  PID:4372
- C:\Windows\System\lkeRaWN.exe
  C:\Windows\System\lkeRaWN.exe
  2⤵
  PID:2668
- C:\Windows\System\awVHbBk.exe
  C:\Windows\System\awVHbBk.exe
  2⤵
  PID:2748
- C:\Windows\System\GBSzNVz.exe
  C:\Windows\System\GBSzNVz.exe
  2⤵
  PID:5132
- C:\Windows\System\iFRmyjF.exe
  C:\Windows\System\iFRmyjF.exe
  2⤵
  PID:872
- C:\Windows\System\gQtYvNf.exe
  C:\Windows\System\gQtYvNf.exe
  2⤵
  PID:5152
- C:\Windows\System\sxCgypF.exe
  C:\Windows\System\sxCgypF.exe
  2⤵
  PID:5228
- C:\Windows\System\VtrYuJb.exe
  C:\Windows\System\VtrYuJb.exe
  2⤵
  PID:2368
- C:\Windows\System\OvnkyYC.exe
  C:\Windows\System\OvnkyYC.exe
  2⤵
  PID:4568
- C:\Windows\System\DICQdHU.exe
  C:\Windows\System\DICQdHU.exe
  2⤵
  PID:5264
- C:\Windows\System\NihUwiK.exe
  C:\Windows\System\NihUwiK.exe
  2⤵
  PID:5204
- C:\Windows\System\ncashay.exe
  C:\Windows\System\ncashay.exe
  2⤵
  PID:5344
- C:\Windows\System\GfrhpZk.exe
  C:\Windows\System\GfrhpZk.exe
  2⤵
  PID:5284
- C:\Windows\System\HlsWZBx.exe
  C:\Windows\System\HlsWZBx.exe
  2⤵
  PID:444
- C:\Windows\System\khGCYaR.exe
  C:\Windows\System\khGCYaR.exe
  2⤵
  PID:5324
- C:\Windows\System\Rgthkzv.exe
  C:\Windows\System\Rgthkzv.exe
  2⤵
  PID:5360
- C:\Windows\System\franTky.exe
  C:\Windows\System\franTky.exe
  2⤵
  PID:5368
- C:\Windows\System\XzkhdRR.exe
  C:\Windows\System\XzkhdRR.exe
  2⤵
  PID:5404
- C:\Windows\System\FvjpdsZ.exe
  C:\Windows\System\FvjpdsZ.exe
  2⤵
  PID:1536
- C:\Windows\System\mOZdTan.exe
  C:\Windows\System\mOZdTan.exe
  2⤵
  PID:5484
- C:\Windows\System\sDwugMF.exe
  C:\Windows\System\sDwugMF.exe
  2⤵
  PID:5660
- C:\Windows\System\fkcbClF.exe
  C:\Windows\System\fkcbClF.exe
  2⤵
  PID:5552
- C:\Windows\System\aaBFfdk.exe
  C:\Windows\System\aaBFfdk.exe
  2⤵
  PID:5704
- C:\Windows\System\rlWKwvx.exe
  C:\Windows\System\rlWKwvx.exe
  2⤵
  PID:5600
- C:\Windows\System\DBcUbYN.exe
  C:\Windows\System\DBcUbYN.exe
  2⤵
  PID:5632
- C:\Windows\System\WSAQSHd.exe
  C:\Windows\System\WSAQSHd.exe
  2⤵
  PID:5684
- C:\Windows\System\eIsmyfU.exe
  C:\Windows\System\eIsmyfU.exe
  2⤵
  PID:5716
- C:\Windows\System\BFAyFzm.exe
  C:\Windows\System\BFAyFzm.exe
  2⤵
  PID:5756
- C:\Windows\System\HdJwWFj.exe
  C:\Windows\System\HdJwWFj.exe
  2⤵
  PID:5800
- C:\Windows\System\rRudSnG.exe
  C:\Windows\System\rRudSnG.exe
  2⤵
  PID:5904
- C:\Windows\System\QcXKwja.exe
  C:\Windows\System\QcXKwja.exe
  2⤵
  PID:5852
- C:\Windows\System\Pdsptvn.exe
  C:\Windows\System\Pdsptvn.exe
  2⤵
  PID:5884
- C:\Windows\System\BLuvUiF.exe
  C:\Windows\System\BLuvUiF.exe
  2⤵
  PID:5956
- C:\Windows\System\RDyplcF.exe
  C:\Windows\System\RDyplcF.exe
  2⤵
  PID:5988
- C:\Windows\System\TUhDshK.exe
  C:\Windows\System\TUhDshK.exe
  2⤵
  PID:5972
- C:\Windows\System\Lmukvjh.exe
  C:\Windows\System\Lmukvjh.exe
  2⤵
  PID:6040
- C:\Windows\System\uBgPHgM.exe
  C:\Windows\System\uBgPHgM.exe
  2⤵
  PID:6016
- C:\Windows\System\HmJKXGK.exe
  C:\Windows\System\HmJKXGK.exe
  2⤵
  PID:6112
- C:\Windows\System\BUleWZz.exe
  C:\Windows\System\BUleWZz.exe
  2⤵
  PID:6116
- C:\Windows\System\jDfwNyc.exe
  C:\Windows\System\jDfwNyc.exe
  2⤵
  PID:6140
- C:\Windows\System\iHbzpjn.exe
  C:\Windows\System\iHbzpjn.exe
  2⤵
  PID:3872
- C:\Windows\System\TyDzHsZ.exe
  C:\Windows\System\TyDzHsZ.exe
  2⤵
  PID:4196
- C:\Windows\System\TQqUAIn.exe
  C:\Windows\System\TQqUAIn.exe
  2⤵
  PID:5068
- C:\Windows\System\rUTFYzg.exe
  C:\Windows\System\rUTFYzg.exe
  2⤵
  PID:4772
- C:\Windows\System\feZIKLB.exe
  C:\Windows\System\feZIKLB.exe
  2⤵
  PID:272
- C:\Windows\System\nKOJYMB.exe
  C:\Windows\System\nKOJYMB.exe
  2⤵
  PID:5232
- C:\Windows\System\wWbJOOZ.exe
  C:\Windows\System\wWbJOOZ.exe
  2⤵
  PID:2860
- C:\Windows\System\NASAVQS.exe
  C:\Windows\System\NASAVQS.exe
  2⤵
  PID:5156
- C:\Windows\System\ITlCNZM.exe
  C:\Windows\System\ITlCNZM.exe
  2⤵
  PID:5244
- C:\Windows\System\ZujRxYd.exe
  C:\Windows\System\ZujRxYd.exe
  2⤵
  PID:2652
- C:\Windows\System\hCxLHuD.exe
  C:\Windows\System\hCxLHuD.exe
  2⤵
  PID:5316
- C:\Windows\System\jNcbNxu.exe
  C:\Windows\System\jNcbNxu.exe
  2⤵
  PID:4628
- C:\Windows\System\gFICUqx.exe
  C:\Windows\System\gFICUqx.exe
  2⤵
  PID:5304
- C:\Windows\System\tgyldal.exe
  C:\Windows\System\tgyldal.exe
  2⤵
  PID:2844
- C:\Windows\System\SRwAkcf.exe
  C:\Windows\System\SRwAkcf.exe
  2⤵
  PID:5620
- C:\Windows\System\kMiMucD.exe
  C:\Windows\System\kMiMucD.exe
  2⤵
  PID:5400
- C:\Windows\System\LcAtNNy.exe
  C:\Windows\System\LcAtNNy.exe
  2⤵
  PID:5668
- C:\Windows\System\HJoUZYH.exe
  C:\Windows\System\HJoUZYH.exe
  2⤵
  PID:5444
- C:\Windows\System\gwviddF.exe
  C:\Windows\System\gwviddF.exe
  2⤵
  PID:5564
- C:\Windows\System\odoeTyQ.exe
  C:\Windows\System\odoeTyQ.exe
  2⤵
  PID:4592
- C:\Windows\System\GMGYJpl.exe
  C:\Windows\System\GMGYJpl.exe
  2⤵
  PID:5640
- C:\Windows\System\ZxpVeXg.exe
  C:\Windows\System\ZxpVeXg.exe
  2⤵
  PID:5680
- C:\Windows\System\RWebDil.exe
  C:\Windows\System\RWebDil.exe
  2⤵
  PID:5768
- C:\Windows\System\nFDWujZ.exe
  C:\Windows\System\nFDWujZ.exe
  2⤵
  PID:5892
- C:\Windows\System\fFGCmwZ.exe
  C:\Windows\System\fFGCmwZ.exe
  2⤵
  PID:2808
- C:\Windows\System\xyhSTSq.exe
  C:\Windows\System\xyhSTSq.exe
  2⤵
  PID:5968
- C:\Windows\System\XPKsKOE.exe
  C:\Windows\System\XPKsKOE.exe
  2⤵
  PID:5924
- C:\Windows\System\fHHvEak.exe
  C:\Windows\System\fHHvEak.exe
  2⤵
  PID:6080
- C:\Windows\System\EIvJged.exe
  C:\Windows\System\EIvJged.exe
  2⤵
  PID:6100
- C:\Windows\System\KVClksq.exe
  C:\Windows\System\KVClksq.exe
  2⤵
  PID:6076
- C:\Windows\System\xQNCejh.exe
  C:\Windows\System\xQNCejh.exe
  2⤵
  PID:2428
- C:\Windows\System\iyPnltf.exe
  C:\Windows\System\iyPnltf.exe
  2⤵
  PID:5168
- C:\Windows\System\qclojXb.exe
  C:\Windows\System\qclojXb.exe
  2⤵
  PID:6096
- C:\Windows\System\HMfCgjA.exe
  C:\Windows\System\HMfCgjA.exe
  2⤵
  PID:2892
- C:\Windows\System\mYENLQN.exe
  C:\Windows\System\mYENLQN.exe
  2⤵
  PID:4900
- C:\Windows\System\AYIHYMy.exe
  C:\Windows\System\AYIHYMy.exe
  2⤵
  PID:4808
- C:\Windows\System\MoAouQT.exe
  C:\Windows\System\MoAouQT.exe
  2⤵
  PID:1716
- C:\Windows\System\lCfjuiT.exe
  C:\Windows\System\lCfjuiT.exe
  2⤵
  PID:2496
- C:\Windows\System\glZNOBk.exe
  C:\Windows\System\glZNOBk.exe
  2⤵
  PID:5288
- C:\Windows\System\ZcXtpla.exe
  C:\Windows\System\ZcXtpla.exe
  2⤵
  PID:5420
- C:\Windows\System\fyYhbTV.exe
  C:\Windows\System\fyYhbTV.exe
  2⤵
  PID:5320
- C:\Windows\System\hFXkKlU.exe
  C:\Windows\System\hFXkKlU.exe
  2⤵
  PID:1080
- C:\Windows\System\SbKACue.exe
  C:\Windows\System\SbKACue.exe
  2⤵
  PID:4616
- C:\Windows\System\hbbKUzo.exe
  C:\Windows\System\hbbKUzo.exe
  2⤵
  PID:2632
- C:\Windows\System\TNputaV.exe
  C:\Windows\System\TNputaV.exe
  2⤵
  PID:2084
- C:\Windows\System\mCVvnaC.exe
  C:\Windows\System\mCVvnaC.exe
  2⤵
  PID:5840
- C:\Windows\System\CjqncqU.exe
  C:\Windows\System\CjqncqU.exe
  2⤵
  PID:5616
- C:\Windows\System\ROZamQf.exe
  C:\Windows\System\ROZamQf.exe
  2⤵
  PID:6032
- C:\Windows\System\dmbxAYx.exe
  C:\Windows\System\dmbxAYx.exe
  2⤵
  PID:5268
- C:\Windows\System\wniACAx.exe
  C:\Windows\System\wniACAx.exe
  2⤵
  PID:5700
- C:\Windows\System\QLmtYPV.exe
  C:\Windows\System\QLmtYPV.exe
  2⤵
  PID:5824
- C:\Windows\System\sLqVVcI.exe
  C:\Windows\System\sLqVVcI.exe
  2⤵
  PID:5880
- C:\Windows\System\vcETlnK.exe
  C:\Windows\System\vcETlnK.exe
  2⤵
  PID:6092
- C:\Windows\System\DkFifTe.exe
  C:\Windows\System\DkFifTe.exe
  2⤵
  PID:5172
- C:\Windows\System\EPghtVT.exe
  C:\Windows\System\EPghtVT.exe
  2⤵
  PID:680
- C:\Windows\System\jYcasVI.exe
  C:\Windows\System\jYcasVI.exe
  2⤵
  PID:4632
- C:\Windows\System\WcYcTYK.exe
  C:\Windows\System\WcYcTYK.exe
  2⤵
  PID:3604
- C:\Windows\System\OMXfkbM.exe
  C:\Windows\System\OMXfkbM.exe
  2⤵
  PID:1988
- C:\Windows\System\lOsWhPx.exe
  C:\Windows\System\lOsWhPx.exe
  2⤵
  PID:2812
- C:\Windows\System\rgawTff.exe
  C:\Windows\System\rgawTff.exe
  2⤵
  PID:2888
- C:\Windows\System\DomtJMT.exe
  C:\Windows\System\DomtJMT.exe
  2⤵
  PID:6136
- C:\Windows\System\xRmbYDK.exe
  C:\Windows\System\xRmbYDK.exe
  2⤵
  PID:6056
- C:\Windows\System\zxONPrR.exe
  C:\Windows\System\zxONPrR.exe
  2⤵
  PID:5644
- C:\Windows\System\YBQLhyu.exe
  C:\Windows\System\YBQLhyu.exe
  2⤵
  PID:5436
- C:\Windows\System\BKJqOVU.exe
  C:\Windows\System\BKJqOVU.exe
  2⤵
  PID:6000
- C:\Windows\System\tiTHaam.exe
  C:\Windows\System\tiTHaam.exe
  2⤵
  PID:6132
- C:\Windows\System\ULRAoAr.exe
  C:\Windows\System\ULRAoAr.exe
  2⤵
  PID:2868
- C:\Windows\System\NPHGyxL.exe
  C:\Windows\System\NPHGyxL.exe
  2⤵
  PID:5340
- C:\Windows\System\tBiYgtG.exe
  C:\Windows\System\tBiYgtG.exe
  2⤵
  PID:5808
- C:\Windows\System\TCTcvli.exe
  C:\Windows\System\TCTcvli.exe
  2⤵
  PID:2612
- C:\Windows\System\XLATACw.exe
  C:\Windows\System\XLATACw.exe
  2⤵
  PID:6020
- C:\Windows\System\nUTPYfd.exe
  C:\Windows\System\nUTPYfd.exe
  2⤵
  PID:5500
- C:\Windows\System\RFVdfcB.exe
  C:\Windows\System\RFVdfcB.exe
  2⤵
  PID:5560
- C:\Windows\System\bWzlnca.exe
  C:\Windows\System\bWzlnca.exe
  2⤵
  PID:6148
- C:\Windows\System\jmngfQe.exe
  C:\Windows\System\jmngfQe.exe
  2⤵
  PID:6164
- C:\Windows\System\BrKhaFs.exe
  C:\Windows\System\BrKhaFs.exe
  2⤵
  PID:6180
- C:\Windows\System\dczdteB.exe
  C:\Windows\System\dczdteB.exe
  2⤵
  PID:6196
- C:\Windows\System\EPrxBxO.exe
  C:\Windows\System\EPrxBxO.exe
  2⤵
  PID:6212
- C:\Windows\System\TYqfHRV.exe
  C:\Windows\System\TYqfHRV.exe
  2⤵
  PID:6228
- C:\Windows\System\OyjQNoc.exe
  C:\Windows\System\OyjQNoc.exe
  2⤵
  PID:6244
- C:\Windows\System\tbjFgrz.exe
  C:\Windows\System\tbjFgrz.exe
  2⤵
  PID:6260
- C:\Windows\System\oSCjpfC.exe
  C:\Windows\System\oSCjpfC.exe
  2⤵
  PID:6276
- C:\Windows\System\KNtxsjz.exe
  C:\Windows\System\KNtxsjz.exe
  2⤵
  PID:6292
- C:\Windows\System\ZrUjpvW.exe
  C:\Windows\System\ZrUjpvW.exe
  2⤵
  PID:6308
- C:\Windows\System\TKZkJOW.exe
  C:\Windows\System\TKZkJOW.exe
  2⤵
  PID:6324
- C:\Windows\System\TnOgBTn.exe
  C:\Windows\System\TnOgBTn.exe
  2⤵
  PID:6340
- C:\Windows\System\FpBFrdW.exe
  C:\Windows\System\FpBFrdW.exe
  2⤵
  PID:6356
- C:\Windows\System\mIzVxFG.exe
  C:\Windows\System\mIzVxFG.exe
  2⤵
  PID:6372
- C:\Windows\System\WuSxsml.exe
  C:\Windows\System\WuSxsml.exe
  2⤵
  PID:6388
- C:\Windows\System\vweNbEr.exe
  C:\Windows\System\vweNbEr.exe
  2⤵
  PID:6404
- C:\Windows\System\bhIdOUO.exe
  C:\Windows\System\bhIdOUO.exe
  2⤵
  PID:6420
- C:\Windows\System\KKwPwcX.exe
  C:\Windows\System\KKwPwcX.exe
  2⤵
  PID:6436
- C:\Windows\System\DYYamXE.exe
  C:\Windows\System\DYYamXE.exe
  2⤵
  PID:6460
- C:\Windows\System\jNkeXbv.exe
  C:\Windows\System\jNkeXbv.exe
  2⤵
  PID:6476
- C:\Windows\System\nXLiZtV.exe
  C:\Windows\System\nXLiZtV.exe
  2⤵
  PID:6492
- C:\Windows\System\YetiyMn.exe
  C:\Windows\System\YetiyMn.exe
  2⤵
  PID:6508
- C:\Windows\System\VxvjIUa.exe
  C:\Windows\System\VxvjIUa.exe
  2⤵
  PID:6524
- C:\Windows\System\wErVjJd.exe
  C:\Windows\System\wErVjJd.exe
  2⤵
  PID:6540
- C:\Windows\System\qgApraC.exe
  C:\Windows\System\qgApraC.exe
  2⤵
  PID:6556
- C:\Windows\System\ZWjioWM.exe
  C:\Windows\System\ZWjioWM.exe
  2⤵
  PID:6572
- C:\Windows\System\rhXdCib.exe
  C:\Windows\System\rhXdCib.exe
  2⤵
  PID:6588
- C:\Windows\System\WhGwbjW.exe
  C:\Windows\System\WhGwbjW.exe
  2⤵
  PID:6604
- C:\Windows\System\FGVtgeg.exe
  C:\Windows\System\FGVtgeg.exe
  2⤵
  PID:6620
- C:\Windows\System\uALmkCS.exe
  C:\Windows\System\uALmkCS.exe
  2⤵
  PID:6636
- C:\Windows\System\ZIzKsOW.exe
  C:\Windows\System\ZIzKsOW.exe
  2⤵
  PID:6652
- C:\Windows\System\PIYQRdz.exe
  C:\Windows\System\PIYQRdz.exe
  2⤵
  PID:6668
- C:\Windows\System\eCKvsxk.exe
  C:\Windows\System\eCKvsxk.exe
  2⤵
  PID:6684
- C:\Windows\System\HexnZBq.exe
  C:\Windows\System\HexnZBq.exe
  2⤵
  PID:6700
- C:\Windows\System\mMALpjF.exe
  C:\Windows\System\mMALpjF.exe
  2⤵
  PID:6716
- C:\Windows\System\PDGiIoB.exe
  C:\Windows\System\PDGiIoB.exe
  2⤵
  PID:6732
- C:\Windows\System\skJzRWo.exe
  C:\Windows\System\skJzRWo.exe
  2⤵
  PID:6748
- C:\Windows\System\YrXLvrF.exe
  C:\Windows\System\YrXLvrF.exe
  2⤵
  PID:6764
- C:\Windows\System\TaKNYtE.exe
  C:\Windows\System\TaKNYtE.exe
  2⤵
  PID:6780
- C:\Windows\System\ngOeCBo.exe
  C:\Windows\System\ngOeCBo.exe
  2⤵
  PID:6796
- C:\Windows\System\dxUAfrv.exe
  C:\Windows\System\dxUAfrv.exe
  2⤵
  PID:6812
- C:\Windows\System\agRsZpp.exe
  C:\Windows\System\agRsZpp.exe
  2⤵
  PID:6832
- C:\Windows\System\NIcsDbZ.exe
  C:\Windows\System\NIcsDbZ.exe
  2⤵
  PID:6848
- C:\Windows\System\dSIrVAQ.exe
  C:\Windows\System\dSIrVAQ.exe
  2⤵
  PID:6864
- C:\Windows\System\yETKRyb.exe
  C:\Windows\System\yETKRyb.exe
  2⤵
  PID:6880
- C:\Windows\System\AXrAPZc.exe
  C:\Windows\System\AXrAPZc.exe
  2⤵
  PID:6896
- C:\Windows\System\LJblwqi.exe
  C:\Windows\System\LJblwqi.exe
  2⤵
  PID:6912
- C:\Windows\System\UEtXBlz.exe
  C:\Windows\System\UEtXBlz.exe
  2⤵
  PID:6928
- C:\Windows\System\TAYNsVa.exe
  C:\Windows\System\TAYNsVa.exe
  2⤵
  PID:6944
- C:\Windows\System\WZTYLvH.exe
  C:\Windows\System\WZTYLvH.exe
  2⤵
  PID:6960
- C:\Windows\System\JsxcazL.exe
  C:\Windows\System\JsxcazL.exe
  2⤵
  PID:6976
- C:\Windows\System\hSMjjdU.exe
  C:\Windows\System\hSMjjdU.exe
  2⤵
  PID:6992
- C:\Windows\System\RqpOTEL.exe
  C:\Windows\System\RqpOTEL.exe
  2⤵
  PID:7008
- C:\Windows\System\agjUAMM.exe
  C:\Windows\System\agjUAMM.exe
  2⤵
  PID:7024
- C:\Windows\System\MoLxxbo.exe
  C:\Windows\System\MoLxxbo.exe
  2⤵
  PID:7040
- C:\Windows\System\cbStQKf.exe
  C:\Windows\System\cbStQKf.exe
  2⤵
  PID:7056
- C:\Windows\System\YFobURV.exe
  C:\Windows\System\YFobURV.exe
  2⤵
  PID:7072
- C:\Windows\System\TYMfAnQ.exe
  C:\Windows\System\TYMfAnQ.exe
  2⤵
  PID:7088
- C:\Windows\System\UReimGU.exe
  C:\Windows\System\UReimGU.exe
  2⤵
  PID:7104
- C:\Windows\System\mNwXbTl.exe
  C:\Windows\System\mNwXbTl.exe
  2⤵
  PID:7120
- C:\Windows\System\TcPHlgc.exe
  C:\Windows\System\TcPHlgc.exe
  2⤵
  PID:7136
- C:\Windows\System\qUzzXdI.exe
  C:\Windows\System\qUzzXdI.exe
  2⤵
  PID:7152
- C:\Windows\System\ByuUykF.exe
  C:\Windows\System\ByuUykF.exe
  2⤵
  PID:852
- C:\Windows\System\yDJuUfX.exe
  C:\Windows\System\yDJuUfX.exe
  2⤵
  PID:5928
- C:\Windows\System\dQMFoIU.exe
  C:\Windows\System\dQMFoIU.exe
  2⤵
  PID:1300
- C:\Windows\System\nAsRQpX.exe
  C:\Windows\System\nAsRQpX.exe
  2⤵
  PID:6160
- C:\Windows\System\bTtFUQl.exe
  C:\Windows\System\bTtFUQl.exe
  2⤵
  PID:6172
- C:\Windows\System\dCAMMeq.exe
  C:\Windows\System\dCAMMeq.exe
  2⤵
  PID:6220
- C:\Windows\System\FcPrxET.exe
  C:\Windows\System\FcPrxET.exe
  2⤵
  PID:6300
- C:\Windows\System\mieeYTE.exe
  C:\Windows\System\mieeYTE.exe
  2⤵
  PID:6236
- C:\Windows\System\HQmdfyT.exe
  C:\Windows\System\HQmdfyT.exe
  2⤵
  PID:6272
- C:\Windows\System\dcdsIhC.exe
  C:\Windows\System\dcdsIhC.exe
  2⤵
  PID:6352
- C:\Windows\System\aQHrXSu.exe
  C:\Windows\System\aQHrXSu.exe
  2⤵
  PID:6416
- C:\Windows\System\gbZLERS.exe
  C:\Windows\System\gbZLERS.exe
  2⤵
  PID:6448
- C:\Windows\System\GYzVZiX.exe
  C:\Windows\System\GYzVZiX.exe
  2⤵
  PID:6520
- C:\Windows\System\ngLfSgR.exe
  C:\Windows\System\ngLfSgR.exe
  2⤵
  PID:6580
- C:\Windows\System\hOjJvcX.exe
  C:\Windows\System\hOjJvcX.exe
  2⤵
  PID:6364
- C:\Windows\System\xEVuyTy.exe
  C:\Windows\System\xEVuyTy.exe
  2⤵
  PID:6428
- C:\Windows\System\AtDAwRM.exe
  C:\Windows\System\AtDAwRM.exe
  2⤵
  PID:6676
- C:\Windows\System\FPShmqo.exe
  C:\Windows\System\FPShmqo.exe
  2⤵
  PID:6712
- C:\Windows\System\OWBibWC.exe
  C:\Windows\System\OWBibWC.exe
  2⤵
  PID:6804
- C:\Windows\System\BZZvhLI.exe
  C:\Windows\System\BZZvhLI.exe
  2⤵
  PID:6504
- C:\Windows\System\LUyAaTn.exe
  C:\Windows\System\LUyAaTn.exe
  2⤵
  PID:6568
- C:\Windows\System\HXGbGAG.exe
  C:\Windows\System\HXGbGAG.exe
  2⤵
  PID:6660
- C:\Windows\System\GjvUDRp.exe
  C:\Windows\System\GjvUDRp.exe
  2⤵
  PID:996
- C:\Windows\System\rsegmxY.exe
  C:\Windows\System\rsegmxY.exe
  2⤵
  PID:6728
- C:\Windows\System\rICqPsv.exe
  C:\Windows\System\rICqPsv.exe
  2⤵
  PID:6872
- C:\Windows\System\iJBGhfy.exe
  C:\Windows\System\iJBGhfy.exe
  2⤵
  PID:6936
- C:\Windows\System\WmnUfdh.exe
  C:\Windows\System\WmnUfdh.exe
  2⤵
  PID:6972
- C:\Windows\System\syiIatI.exe
  C:\Windows\System\syiIatI.exe
  2⤵
  PID:7036
- C:\Windows\System\KkkEpCi.exe
  C:\Windows\System\KkkEpCi.exe
  2⤵
  PID:7096
- C:\Windows\System\uCWpWps.exe
  C:\Windows\System\uCWpWps.exe
  2⤵
  PID:7160
- C:\Windows\System\EsnYIaU.exe
  C:\Windows\System\EsnYIaU.exe
  2⤵
  PID:5356
- C:\Windows\System\cweyPpV.exe
  C:\Windows\System\cweyPpV.exe
  2⤵
  PID:6252
- C:\Windows\System\bcaGVSg.exe
  C:\Windows\System\bcaGVSg.exe
  2⤵
  PID:6860
- C:\Windows\System\zTSysCG.exe
  C:\Windows\System\zTSysCG.exe
  2⤵
  PID:6952
- C:\Windows\System\gHRSHlp.exe
  C:\Windows\System\gHRSHlp.exe
  2⤵
  PID:7016
- C:\Windows\System\FILQYgT.exe
  C:\Windows\System\FILQYgT.exe
  2⤵
  PID:7080
- C:\Windows\System\TcAipnG.exe
  C:\Windows\System\TcAipnG.exe
  2⤵
  PID:7144
- C:\Windows\System\ozvWnSW.exe
  C:\Windows\System\ozvWnSW.exe
  2⤵
  PID:6204
- C:\Windows\System\KWHwgRY.exe
  C:\Windows\System\KWHwgRY.exe
  2⤵
  PID:6240
- C:\Windows\System\MMfePZX.exe
  C:\Windows\System\MMfePZX.exe
  2⤵
  PID:6336
- C:\Windows\System\MJOZwyY.exe
  C:\Windows\System\MJOZwyY.exe
  2⤵
  PID:6176
- C:\Windows\System\bSNxgco.exe
  C:\Windows\System\bSNxgco.exe
  2⤵
  PID:6320
- C:\Windows\System\WpODDgg.exe
  C:\Windows\System\WpODDgg.exe
  2⤵
  PID:6612
- C:\Windows\System\vPcCfTY.exe
  C:\Windows\System\vPcCfTY.exe
  2⤵
  PID:6708
- C:\Windows\System\AAKygGc.exe
  C:\Windows\System\AAKygGc.exe
  2⤵
  PID:6536
- C:\Windows\System\zWHLgxs.exe
  C:\Windows\System\zWHLgxs.exe
  2⤵
  PID:6600
- C:\Windows\System\ZBUFxaI.exe
  C:\Windows\System\ZBUFxaI.exe
  2⤵
  PID:6844
- C:\Windows\System\SfUMMTg.exe
  C:\Windows\System\SfUMMTg.exe
  2⤵
  PID:6696
- C:\Windows\System\KAyhGGv.exe
  C:\Windows\System\KAyhGGv.exe
  2⤵
  PID:332
- C:\Windows\System\XCxsyai.exe
  C:\Windows\System\XCxsyai.exe
  2⤵
  PID:6988
- C:\Windows\System\fUUUnMx.exe
  C:\Windows\System\fUUUnMx.exe
  2⤵
  PID:3012
- C:\Windows\System\Atcvhkl.exe
  C:\Windows\System\Atcvhkl.exe
  2⤵
  PID:6488
- C:\Windows\System\QFqpeQS.exe
  C:\Windows\System\QFqpeQS.exe
  2⤵
  PID:6632
- C:\Windows\System\FRmoTQV.exe
  C:\Windows\System\FRmoTQV.exe
  2⤵
  PID:6908
- C:\Windows\System\dgKxXfN.exe
  C:\Windows\System\dgKxXfN.exe
  2⤵
  PID:6920
- C:\Windows\System\mUVKilG.exe
  C:\Windows\System\mUVKilG.exe
  2⤵
  PID:7052
- C:\Windows\System\qhqcozu.exe
  C:\Windows\System\qhqcozu.exe
  2⤵
  PID:6332
- C:\Windows\System\xEXBBsv.exe
  C:\Windows\System\xEXBBsv.exe
  2⤵
  PID:6740
- C:\Windows\System\LJYTlix.exe
  C:\Windows\System\LJYTlix.exe
  2⤵
  PID:6756
- C:\Windows\System\IANLEiP.exe
  C:\Windows\System\IANLEiP.exe
  2⤵
  PID:7172
- C:\Windows\System\RhsabNh.exe
  C:\Windows\System\RhsabNh.exe
  2⤵
  PID:7188
- C:\Windows\System\XKqBEya.exe
  C:\Windows\System\XKqBEya.exe
  2⤵
  PID:7204
- C:\Windows\System\QSlIBaE.exe
  C:\Windows\System\QSlIBaE.exe
  2⤵
  PID:7220
- C:\Windows\System\bBoxFBQ.exe
  C:\Windows\System\bBoxFBQ.exe
  2⤵
  PID:7236
- C:\Windows\System\YefmKpj.exe
  C:\Windows\System\YefmKpj.exe
  2⤵
  PID:7252
- C:\Windows\System\ushBZgU.exe
  C:\Windows\System\ushBZgU.exe
  2⤵
  PID:7268
- C:\Windows\System\psqOmUr.exe
  C:\Windows\System\psqOmUr.exe
  2⤵
  PID:7284
- C:\Windows\System\ovWWYet.exe
  C:\Windows\System\ovWWYet.exe
  2⤵
  PID:7300
- C:\Windows\System\SXNCnBC.exe
  C:\Windows\System\SXNCnBC.exe
  2⤵
  PID:7316
- C:\Windows\System\VfSjvGw.exe
  C:\Windows\System\VfSjvGw.exe
  2⤵
  PID:7332
- C:\Windows\System\EMZNKxR.exe
  C:\Windows\System\EMZNKxR.exe
  2⤵
  PID:7348
- C:\Windows\System\zGzqJMU.exe
  C:\Windows\System\zGzqJMU.exe
  2⤵
  PID:7364
- C:\Windows\System\jktJQho.exe
  C:\Windows\System\jktJQho.exe
  2⤵
  PID:7380
- C:\Windows\System\ovmWWhW.exe
  C:\Windows\System\ovmWWhW.exe
  2⤵
  PID:7396
- C:\Windows\System\CBiGUhw.exe
  C:\Windows\System\CBiGUhw.exe
  2⤵
  PID:7412
- C:\Windows\System\rBmTEHj.exe
  C:\Windows\System\rBmTEHj.exe
  2⤵
  PID:7428
- C:\Windows\System\tSyIHop.exe
  C:\Windows\System\tSyIHop.exe
  2⤵
  PID:7444
- C:\Windows\System\XshtQmQ.exe
  C:\Windows\System\XshtQmQ.exe
  2⤵
  PID:7460
- C:\Windows\System\qXPfiMw.exe
  C:\Windows\System\qXPfiMw.exe
  2⤵
  PID:7476
- C:\Windows\System\CkVdLjL.exe
  C:\Windows\System\CkVdLjL.exe
  2⤵
  PID:7492
- C:\Windows\System\tzsygRM.exe
  C:\Windows\System\tzsygRM.exe
  2⤵
  PID:7508
- C:\Windows\System\lPvYEpZ.exe
  C:\Windows\System\lPvYEpZ.exe
  2⤵
  PID:7528
- C:\Windows\System\AtPfZVs.exe
  C:\Windows\System\AtPfZVs.exe
  2⤵
  PID:7544
- C:\Windows\System\PyKCsqr.exe
  C:\Windows\System\PyKCsqr.exe
  2⤵
  PID:7560
- C:\Windows\System\llGQqSH.exe
  C:\Windows\System\llGQqSH.exe
  2⤵
  PID:7576
- C:\Windows\System\qEtjfNY.exe
  C:\Windows\System\qEtjfNY.exe
  2⤵
  PID:7592
- C:\Windows\System\zXNwwTp.exe
  C:\Windows\System\zXNwwTp.exe
  2⤵
  PID:7608
- C:\Windows\System\PWEPmtQ.exe
  C:\Windows\System\PWEPmtQ.exe
  2⤵
  PID:7640
- C:\Windows\System\sacwDSO.exe
  C:\Windows\System\sacwDSO.exe
  2⤵
  PID:7672
- C:\Windows\System\BbBZSir.exe
  C:\Windows\System\BbBZSir.exe
  2⤵
  PID:7692
- C:\Windows\System\xcWXCci.exe
  C:\Windows\System\xcWXCci.exe
  2⤵
  PID:7708
- C:\Windows\System\CWsnIkC.exe
  C:\Windows\System\CWsnIkC.exe
  2⤵
  PID:7724
- C:\Windows\System\DWHYfUZ.exe
  C:\Windows\System\DWHYfUZ.exe
  2⤵
  PID:7740
- C:\Windows\System\GbJNegc.exe
  C:\Windows\System\GbJNegc.exe
  2⤵
  PID:7756
- C:\Windows\System\MuEAIUE.exe
  C:\Windows\System\MuEAIUE.exe
  2⤵
  PID:7772
- C:\Windows\System\TqSbwGZ.exe
  C:\Windows\System\TqSbwGZ.exe
  2⤵
  PID:7788
- C:\Windows\System\oLtqArm.exe
  C:\Windows\System\oLtqArm.exe
  2⤵
  PID:7804
- C:\Windows\System\QTfmGPR.exe
  C:\Windows\System\QTfmGPR.exe
  2⤵
  PID:7820
- C:\Windows\System\CXNIbFj.exe
  C:\Windows\System\CXNIbFj.exe
  2⤵
  PID:7836
- C:\Windows\System\xBtEUbq.exe
  C:\Windows\System\xBtEUbq.exe
  2⤵
  PID:7852
- C:\Windows\System\tYzmzda.exe
  C:\Windows\System\tYzmzda.exe
  2⤵
  PID:7868
- C:\Windows\System\kGwtzCd.exe
  C:\Windows\System\kGwtzCd.exe
  2⤵
  PID:7884
- C:\Windows\System\WtyTbWU.exe
  C:\Windows\System\WtyTbWU.exe
  2⤵
  PID:7900
- C:\Windows\System\KaluWyu.exe
  C:\Windows\System\KaluWyu.exe
  2⤵
  PID:7916
- C:\Windows\System\wmVIxnD.exe
  C:\Windows\System\wmVIxnD.exe
  2⤵
  PID:7932
- C:\Windows\System\MtNGmZI.exe
  C:\Windows\System\MtNGmZI.exe
  2⤵
  PID:7948
- C:\Windows\System\VQxpdGO.exe
  C:\Windows\System\VQxpdGO.exe
  2⤵
  PID:7964
- C:\Windows\System\HBfgFpV.exe
  C:\Windows\System\HBfgFpV.exe
  2⤵
  PID:7984
- C:\Windows\System\wpLSYzc.exe
  C:\Windows\System\wpLSYzc.exe
  2⤵
  PID:8000
- C:\Windows\System\phHvEjz.exe
  C:\Windows\System\phHvEjz.exe
  2⤵
  PID:8016
- C:\Windows\System\RGbJzcl.exe
  C:\Windows\System\RGbJzcl.exe
  2⤵
  PID:8032
- C:\Windows\System\RLLJsZl.exe
  C:\Windows\System\RLLJsZl.exe
  2⤵
  PID:8048
- C:\Windows\System\hNaRemT.exe
  C:\Windows\System\hNaRemT.exe
  2⤵
  PID:8064
- C:\Windows\System\HIwHKJN.exe
  C:\Windows\System\HIwHKJN.exe
  2⤵
  PID:8084
- C:\Windows\System\fKfqsTb.exe
  C:\Windows\System\fKfqsTb.exe
  2⤵
  PID:8100
- C:\Windows\System\JUhncpS.exe
  C:\Windows\System\JUhncpS.exe
  2⤵
  PID:8116
- C:\Windows\System\wCSMZMq.exe
  C:\Windows\System\wCSMZMq.exe
  2⤵
  PID:8132
- C:\Windows\System\YXxbUPX.exe
  C:\Windows\System\YXxbUPX.exe
  2⤵
  PID:8148
- C:\Windows\System\arFRxJr.exe
  C:\Windows\System\arFRxJr.exe
  2⤵
  PID:8164
- C:\Windows\System\XMgmnsd.exe
  C:\Windows\System\XMgmnsd.exe
  2⤵
  PID:8180
- C:\Windows\System\eccGZiq.exe
  C:\Windows\System\eccGZiq.exe
  2⤵
  PID:6692
- C:\Windows\System\ayCuChE.exe
  C:\Windows\System\ayCuChE.exe
  2⤵
  PID:7032
- C:\Windows\System\qfveUnD.exe
  C:\Windows\System\qfveUnD.exe
  2⤵
  PID:6192
- C:\Windows\System\cDJHZGt.exe
  C:\Windows\System\cDJHZGt.exe
  2⤵
  PID:7180
- C:\Windows\System\eDYnujO.exe
  C:\Windows\System\eDYnujO.exe
  2⤵
  PID:7212
- C:\Windows\System\MtfHbZF.exe
  C:\Windows\System\MtfHbZF.exe
  2⤵
  PID:6924
- C:\Windows\System\rtoLwqY.exe
  C:\Windows\System\rtoLwqY.exe
  2⤵
  PID:7196
- C:\Windows\System\ojAhfkg.exe
  C:\Windows\System\ojAhfkg.exe
  2⤵
  PID:7244
- C:\Windows\System\fsgUIen.exe
  C:\Windows\System\fsgUIen.exe
  2⤵
  PID:7308
- C:\Windows\System\QqnFdHe.exe
  C:\Windows\System\QqnFdHe.exe
  2⤵
  PID:7372
- C:\Windows\System\kMoCRMl.exe
  C:\Windows\System\kMoCRMl.exe
  2⤵
  PID:7436
- C:\Windows\System\wFMGQnR.exe
  C:\Windows\System\wFMGQnR.exe
  2⤵
  PID:7500
- C:\Windows\System\HzHpRxP.exe
  C:\Windows\System\HzHpRxP.exe
  2⤵
  PID:7568
- C:\Windows\System\lLHubEg.exe
  C:\Windows\System\lLHubEg.exe
  2⤵
  PID:7232
- C:\Windows\System\gduZzyY.exe
  C:\Windows\System\gduZzyY.exe
  2⤵
  PID:7484
- C:\Windows\System\JKajisZ.exe
  C:\Windows\System\JKajisZ.exe
  2⤵
  PID:7292
- C:\Windows\System\vfdEyhU.exe
  C:\Windows\System\vfdEyhU.exe
  2⤵
  PID:7388
- C:\Windows\System\UqGynMy.exe
  C:\Windows\System\UqGynMy.exe
  2⤵
  PID:7456
- C:\Windows\System\VWALaNc.exe
  C:\Windows\System\VWALaNc.exe
  2⤵
  PID:7556
- C:\Windows\System\hizjlin.exe
  C:\Windows\System\hizjlin.exe
  2⤵
  PID:7604
- C:\Windows\System\iesVdAe.exe
  C:\Windows\System\iesVdAe.exe
  2⤵
  PID:7632
- C:\Windows\System\tmebiEy.exe
  C:\Windows\System\tmebiEy.exe
  2⤵
  PID:7656
- C:\Windows\System\ldxacco.exe
  C:\Windows\System\ldxacco.exe
  2⤵
  PID:7688
- C:\Windows\System\INvlnNA.exe
  C:\Windows\System\INvlnNA.exe
  2⤵
  PID:7680
- C:\Windows\System\dEikiJf.exe
  C:\Windows\System\dEikiJf.exe
  2⤵
  PID:7752
- C:\Windows\System\xjfvCIO.exe
  C:\Windows\System\xjfvCIO.exe
  2⤵
  PID:7768
- C:\Windows\System\hHZXsNF.exe
  C:\Windows\System\hHZXsNF.exe
  2⤵
  PID:7876
- C:\Windows\System\kefRXBR.exe
  C:\Windows\System\kefRXBR.exe
  2⤵
  PID:7796
- C:\Windows\System\APhaUTr.exe
  C:\Windows\System\APhaUTr.exe
  2⤵
  PID:7832
- C:\Windows\System\hDvWser.exe
  C:\Windows\System\hDvWser.exe
  2⤵
  PID:7896
- C:\Windows\System\EERBMcd.exe
  C:\Windows\System\EERBMcd.exe
  2⤵
  PID:7960
- C:\Windows\System\oMBfokl.exe
  C:\Windows\System\oMBfokl.exe
  2⤵
  PID:8028
- C:\Windows\System\wySSkEL.exe
  C:\Windows\System\wySSkEL.exe
  2⤵
  PID:8096
- C:\Windows\System\NhjhWNY.exe
  C:\Windows\System\NhjhWNY.exe
  2⤵
  PID:7912
- C:\Windows\System\LoKuVox.exe
  C:\Windows\System\LoKuVox.exe
  2⤵
  PID:8008
- C:\Windows\System\cfrAQMv.exe
  C:\Windows\System\cfrAQMv.exe
  2⤵
  PID:8072
- C:\Windows\System\taAvkuV.exe
  C:\Windows\System\taAvkuV.exe
  2⤵
  PID:8112
- C:\Windows\System\wCVtrwC.exe
  C:\Windows\System\wCVtrwC.exe
  2⤵
  PID:8156
- C:\Windows\System\FFylDdw.exe
  C:\Windows\System\FFylDdw.exe
  2⤵
  PID:8188
- C:\Windows\System\rMJRVWB.exe
  C:\Windows\System\rMJRVWB.exe
  2⤵
  PID:7184
- C:\Windows\System\QElWctR.exe
  C:\Windows\System\QElWctR.exe
  2⤵
  PID:7276
- C:\Windows\System\izLzzGR.exe
  C:\Windows\System\izLzzGR.exe
  2⤵
  PID:7536
- C:\Windows\System\HupKhKw.exe
  C:\Windows\System\HupKhKw.exe
  2⤵
  PID:7328
- C:\Windows\System\ZBzcgXD.exe
  C:\Windows\System\ZBzcgXD.exe
  2⤵
  PID:7624
- C:\Windows\System\gJFsRCj.exe
  C:\Windows\System\gJFsRCj.exe
  2⤵
  PID:7716
- C:\Windows\System\LnFbIta.exe
  C:\Windows\System\LnFbIta.exe
  2⤵
  PID:7880
- C:\Windows\System\nsQPJqM.exe
  C:\Windows\System\nsQPJqM.exe
  2⤵
  PID:7956
- C:\Windows\System\EBVEFpg.exe
  C:\Windows\System\EBVEFpg.exe
  2⤵
  PID:8176
- C:\Windows\System\vKsTPSr.exe
  C:\Windows\System\vKsTPSr.exe
  2⤵
  PID:6724
- C:\Windows\System\bQcFTtg.exe
  C:\Windows\System\bQcFTtg.exe
  2⤵
  PID:6208
- C:\Windows\System\kafibcL.exe
  C:\Windows\System\kafibcL.exe
  2⤵
  PID:7748
- C:\Windows\System\fRWptkk.exe
  C:\Windows\System\fRWptkk.exe
  2⤵
  PID:8080
- C:\Windows\System\mnmjnHP.exe
  C:\Windows\System\mnmjnHP.exe
  2⤵
  PID:7424
- C:\Windows\System\lvvrqyo.exe
  C:\Windows\System\lvvrqyo.exe
  2⤵
  PID:8144
- C:\Windows\System\GMUTtNy.exe
  C:\Windows\System\GMUTtNy.exe
  2⤵
  PID:7848
- C:\Windows\System\qFoYkJG.exe
  C:\Windows\System\qFoYkJG.exe
  2⤵
  PID:7472
- C:\Windows\System\LpBxuaQ.exe
  C:\Windows\System\LpBxuaQ.exe
  2⤵
  PID:7908
- C:\Windows\System\MWsYRCE.exe
  C:\Windows\System\MWsYRCE.exe
  2⤵
  PID:7996
- C:\Windows\System\OsbEKva.exe
  C:\Windows\System\OsbEKva.exe
  2⤵
  PID:6500
- C:\Windows\System\mNSNtXM.exe
  C:\Windows\System\mNSNtXM.exe
  2⤵
  PID:7668
- C:\Windows\System\xYEUjHV.exe
  C:\Windows\System\xYEUjHV.exe
  2⤵
  PID:7408
- C:\Windows\System\WIfHmXI.exe
  C:\Windows\System\WIfHmXI.exe
  2⤵
  PID:6776
- C:\Windows\System\cXuffla.exe
  C:\Windows\System\cXuffla.exe
  2⤵
  PID:7704
- C:\Windows\System\BdGfDOz.exe
  C:\Windows\System\BdGfDOz.exe
  2⤵
  PID:7648
- C:\Windows\System\GRXQWrs.exe
  C:\Windows\System\GRXQWrs.exe
  2⤵
  PID:7520
- C:\Windows\System\ZAXpRxZ.exe
  C:\Windows\System\ZAXpRxZ.exe
  2⤵
  PID:7404
- C:\Windows\System\fhDMIuA.exe
  C:\Windows\System\fhDMIuA.exe
  2⤵
  PID:7764
- C:\Windows\System\PcemPCI.exe
  C:\Windows\System\PcemPCI.exe
  2⤵
  PID:7736
- C:\Windows\System\BQuOVIc.exe
  C:\Windows\System\BQuOVIc.exe
  2⤵
  PID:8024
- C:\Windows\System\UQJtehq.exe
  C:\Windows\System\UQJtehq.exe
  2⤵
  PID:7892
- C:\Windows\System\ykmrjsU.exe
  C:\Windows\System\ykmrjsU.exe
  2⤵
  PID:7844
- C:\Windows\System\ntJfXWH.exe
  C:\Windows\System\ntJfXWH.exe
  2⤵
  PID:6456
- C:\Windows\System\YAqiaAW.exe
  C:\Windows\System\YAqiaAW.exe
  2⤵
  PID:7552
- C:\Windows\System\yhffDyr.exe
  C:\Windows\System\yhffDyr.exe
  2⤵
  PID:7340
- C:\Windows\System\XJpuVlR.exe
  C:\Windows\System\XJpuVlR.exe
  2⤵
  PID:8208
- C:\Windows\System\EOyCFVX.exe
  C:\Windows\System\EOyCFVX.exe
  2⤵
  PID:8224
- C:\Windows\System\cokCerP.exe
  C:\Windows\System\cokCerP.exe
  2⤵
  PID:8240
- C:\Windows\System\MNokNiK.exe
  C:\Windows\System\MNokNiK.exe
  2⤵
  PID:8256
- C:\Windows\System\JLMeypa.exe
  C:\Windows\System\JLMeypa.exe
  2⤵
  PID:8272
- C:\Windows\System\cXbaKzp.exe
  C:\Windows\System\cXbaKzp.exe
  2⤵
  PID:8288
- C:\Windows\System\hkYzhld.exe
  C:\Windows\System\hkYzhld.exe
  2⤵
  PID:8304
- C:\Windows\System\hRwvkFy.exe
  C:\Windows\System\hRwvkFy.exe
  2⤵
  PID:8320
- C:\Windows\System\kFDhFGu.exe
  C:\Windows\System\kFDhFGu.exe
  2⤵
  PID:8336
- C:\Windows\System\WSkrEZx.exe
  C:\Windows\System\WSkrEZx.exe
  2⤵
  PID:8352
- C:\Windows\System\kucfKQc.exe
  C:\Windows\System\kucfKQc.exe
  2⤵
  PID:8368
- C:\Windows\System\bnEAKrx.exe
  C:\Windows\System\bnEAKrx.exe
  2⤵
  PID:8384
- C:\Windows\System\hTSPBGy.exe
  C:\Windows\System\hTSPBGy.exe
  2⤵
  PID:8400
- C:\Windows\System\revXmTw.exe
  C:\Windows\System\revXmTw.exe
  2⤵
  PID:8416
- C:\Windows\System\ZADBtGo.exe
  C:\Windows\System\ZADBtGo.exe
  2⤵
  PID:8432
- C:\Windows\System\jIldahH.exe
  C:\Windows\System\jIldahH.exe
  2⤵
  PID:8448
- C:\Windows\System\xIzrYRj.exe
  C:\Windows\System\xIzrYRj.exe
  2⤵
  PID:8464
- C:\Windows\System\UIIEcKc.exe
  C:\Windows\System\UIIEcKc.exe
  2⤵
  PID:8484
- C:\Windows\System\XxuNqDC.exe
  C:\Windows\System\XxuNqDC.exe
  2⤵
  PID:8504
- C:\Windows\System\CVZVnpx.exe
  C:\Windows\System\CVZVnpx.exe
  2⤵
  PID:8524
- C:\Windows\System\PujELsJ.exe
  C:\Windows\System\PujELsJ.exe
  2⤵
  PID:8544
- C:\Windows\System\fkIWShB.exe
  C:\Windows\System\fkIWShB.exe
  2⤵
  PID:8560
- C:\Windows\System\sJFQDnO.exe
  C:\Windows\System\sJFQDnO.exe
  2⤵
  PID:8580
- C:\Windows\System\uArbVOR.exe
  C:\Windows\System\uArbVOR.exe
  2⤵
  PID:8600
- C:\Windows\System\cimpFtf.exe
  C:\Windows\System\cimpFtf.exe
  2⤵
  PID:8624
- C:\Windows\System\lUidMRF.exe
  C:\Windows\System\lUidMRF.exe
  2⤵
  PID:8640
- C:\Windows\System\kaLyFug.exe
  C:\Windows\System\kaLyFug.exe
  2⤵
  PID:8656
- C:\Windows\System\aDIUdoz.exe
  C:\Windows\System\aDIUdoz.exe
  2⤵
  PID:8672
- C:\Windows\System\PZngAtY.exe
  C:\Windows\System\PZngAtY.exe
  2⤵
  PID:8688
- C:\Windows\System\wqSltdc.exe
  C:\Windows\System\wqSltdc.exe
  2⤵
  PID:8708
- C:\Windows\System\vsMqRXq.exe
  C:\Windows\System\vsMqRXq.exe
  2⤵
  PID:8724
- C:\Windows\System\JgQNEEQ.exe
  C:\Windows\System\JgQNEEQ.exe
  2⤵
  PID:8740
- C:\Windows\System\bvpAknP.exe
  C:\Windows\System\bvpAknP.exe
  2⤵
  PID:8756
- C:\Windows\System\wfJnuzm.exe
  C:\Windows\System\wfJnuzm.exe
  2⤵
  PID:8772
- C:\Windows\System\omIIhiM.exe
  C:\Windows\System\omIIhiM.exe
  2⤵
  PID:8788
- C:\Windows\System\KiHdmyN.exe
  C:\Windows\System\KiHdmyN.exe
  2⤵
  PID:8804
- C:\Windows\System\MoLaeMV.exe
  C:\Windows\System\MoLaeMV.exe
  2⤵
  PID:8820
- C:\Windows\System\wgLIWTD.exe
  C:\Windows\System\wgLIWTD.exe
  2⤵
  PID:8836
- C:\Windows\System\pZgeLhO.exe
  C:\Windows\System\pZgeLhO.exe
  2⤵
  PID:8852
- C:\Windows\System\eURBXMM.exe
  C:\Windows\System\eURBXMM.exe
  2⤵
  PID:8868
- C:\Windows\System\FmCIXvy.exe
  C:\Windows\System\FmCIXvy.exe
  2⤵
  PID:8884
- C:\Windows\System\FBRfKQB.exe
  C:\Windows\System\FBRfKQB.exe
  2⤵
  PID:8900
- C:\Windows\System\kpKiFGb.exe
  C:\Windows\System\kpKiFGb.exe
  2⤵
  PID:8916
- C:\Windows\System\wzaPAJq.exe
  C:\Windows\System\wzaPAJq.exe
  2⤵
  PID:8932
- C:\Windows\System\sLXbBsH.exe
  C:\Windows\System\sLXbBsH.exe
  2⤵
  PID:8948
- C:\Windows\System\jSkxiLX.exe
  C:\Windows\System\jSkxiLX.exe
  2⤵
  PID:8964
- C:\Windows\System\IwEMzoA.exe
  C:\Windows\System\IwEMzoA.exe
  2⤵
  PID:8980
- C:\Windows\System\rmrmvTk.exe
  C:\Windows\System\rmrmvTk.exe
  2⤵
  PID:8996
- C:\Windows\System\knDmlIQ.exe
  C:\Windows\System\knDmlIQ.exe
  2⤵
  PID:9012
- C:\Windows\System\twEoqKB.exe
  C:\Windows\System\twEoqKB.exe
  2⤵
  PID:9028
- C:\Windows\System\LjLqVgJ.exe
  C:\Windows\System\LjLqVgJ.exe
  2⤵
  PID:9044
- C:\Windows\System\zLyyqUn.exe
  C:\Windows\System\zLyyqUn.exe
  2⤵
  PID:9060
- C:\Windows\System\HfVrYsw.exe
  C:\Windows\System\HfVrYsw.exe
  2⤵
  PID:9076
- C:\Windows\System\sXqmSOC.exe
  C:\Windows\System\sXqmSOC.exe
  2⤵
  PID:9092
- C:\Windows\System\ZexWJIp.exe
  C:\Windows\System\ZexWJIp.exe
  2⤵
  PID:9108
- C:\Windows\System\JDvGAkb.exe
  C:\Windows\System\JDvGAkb.exe
  2⤵
  PID:9124
- C:\Windows\System\spbPUhy.exe
  C:\Windows\System\spbPUhy.exe
  2⤵
  PID:9140
- C:\Windows\System\FsMemfa.exe
  C:\Windows\System\FsMemfa.exe
  2⤵
  PID:9156
- C:\Windows\System\EHHXrPh.exe
  C:\Windows\System\EHHXrPh.exe
  2⤵
  PID:9172
- C:\Windows\System\gpzaftd.exe
  C:\Windows\System\gpzaftd.exe
  2⤵
  PID:9188
- C:\Windows\System\KgehshU.exe
  C:\Windows\System\KgehshU.exe
  2⤵
  PID:9204
- C:\Windows\System\HIBGGeP.exe
  C:\Windows\System\HIBGGeP.exe
  2⤵
  PID:8204
- C:\Windows\System\dEDniea.exe
  C:\Windows\System\dEDniea.exe
  2⤵
  PID:8268
- C:\Windows\System\WdNeFLM.exe
  C:\Windows\System\WdNeFLM.exe
  2⤵
  PID:8332
- C:\Windows\System\wWAleXv.exe
  C:\Windows\System\wWAleXv.exe
  2⤵
  PID:8396
- C:\Windows\System\aiBpQUL.exe
  C:\Windows\System\aiBpQUL.exe
  2⤵
  PID:8220
- C:\Windows\System\TqmNukw.exe
  C:\Windows\System\TqmNukw.exe
  2⤵
  PID:7260
- C:\Windows\System\dueSLdL.exe
  C:\Windows\System\dueSLdL.exe
  2⤵
  PID:8252
- C:\Windows\System\IlxtlzU.exe
  C:\Windows\System\IlxtlzU.exe
  2⤵
  PID:8344
- C:\Windows\System\ANWqxoO.exe
  C:\Windows\System\ANWqxoO.exe
  2⤵
  PID:8428
- C:\Windows\System\zkwxFPZ.exe
  C:\Windows\System\zkwxFPZ.exe
  2⤵
  PID:8460
- C:\Windows\System\TxEubhX.exe
  C:\Windows\System\TxEubhX.exe
  2⤵
  PID:8532
- C:\Windows\System\VmuGNXK.exe
  C:\Windows\System\VmuGNXK.exe
  2⤵
  PID:8572
- C:\Windows\System\axJSTZu.exe
  C:\Windows\System\axJSTZu.exe
  2⤵
  PID:8472
- C:\Windows\System\jmObFaJ.exe
  C:\Windows\System\jmObFaJ.exe
  2⤵
  PID:8516
- C:\Windows\System\kPeSTfv.exe
  C:\Windows\System\kPeSTfv.exe
  2⤵
  PID:8592
- C:\Windows\System\VaQFZbr.exe
  C:\Windows\System\VaQFZbr.exe
  2⤵
  PID:8612
- C:\Windows\System\zwyCIux.exe
  C:\Windows\System\zwyCIux.exe
  2⤵
  PID:8652
- C:\Windows\System\rCkWhje.exe
  C:\Windows\System\rCkWhje.exe
  2⤵
  PID:8668
- C:\Windows\System\yGEUaMx.exe
  C:\Windows\System\yGEUaMx.exe
  2⤵
  PID:8748
- C:\Windows\System\RfNuGeM.exe
  C:\Windows\System\RfNuGeM.exe
  2⤵
  PID:8764
- C:\Windows\System\rRuGibq.exe
  C:\Windows\System\rRuGibq.exe
  2⤵
  PID:8812
- C:\Windows\System\cQdGrJW.exe
  C:\Windows\System\cQdGrJW.exe
  2⤵
  PID:8876
- C:\Windows\System\HqgwrEl.exe
  C:\Windows\System\HqgwrEl.exe
  2⤵
  PID:8912
- C:\Windows\System\ytIcxqO.exe
  C:\Windows\System\ytIcxqO.exe
  2⤵
  PID:8768
- C:\Windows\System\eTUJvNW.exe
  C:\Windows\System\eTUJvNW.exe
  2⤵
  PID:9008
- C:\Windows\System\fDclSCo.exe
  C:\Windows\System\fDclSCo.exe
  2⤵
  PID:9040
- C:\Windows\System\cDuKviW.exe
  C:\Windows\System\cDuKviW.exe
  2⤵
  PID:9072
- C:\Windows\System\UkNvSia.exe
  C:\Windows\System\UkNvSia.exe
  2⤵
  PID:8928
- C:\Windows\System\UHyueWG.exe
  C:\Windows\System\UHyueWG.exe
  2⤵
  PID:8864
- C:\Windows\System\lrJnBgU.exe
  C:\Windows\System\lrJnBgU.exe
  2⤵
  PID:9024
- C:\Windows\System\aMYzQsl.exe
  C:\Windows\System\aMYzQsl.exe
  2⤵
  PID:9116
- C:\Windows\System\GdqhNYs.exe
  C:\Windows\System\GdqhNYs.exe
  2⤵
  PID:9164
- C:\Windows\System\vmMPkvY.exe
  C:\Windows\System\vmMPkvY.exe
  2⤵
  PID:9200
- C:\Windows\System\CbvJAJZ.exe
  C:\Windows\System\CbvJAJZ.exe
  2⤵
  PID:8392
- C:\Windows\System\xuvuTMs.exe
  C:\Windows\System\xuvuTMs.exe
  2⤵
  PID:8316
- C:\Windows\System\OftxLtE.exe
  C:\Windows\System\OftxLtE.exe
  2⤵
  PID:8300
- C:\Windows\System\qHsCiUL.exe
  C:\Windows\System\qHsCiUL.exe
  2⤵
  PID:9148
- C:\Windows\System\VMRFtwF.exe
  C:\Windows\System\VMRFtwF.exe
  2⤵
  PID:9212
- C:\Windows\System\zpoPVHv.exe
  C:\Windows\System\zpoPVHv.exe
  2⤵
  PID:8444
- C:\Windows\System\fZVZqBZ.exe
  C:\Windows\System\fZVZqBZ.exe
  2⤵
  PID:7216
- C:\Windows\System\VUsBzEa.exe
  C:\Windows\System\VUsBzEa.exe
  2⤵
  PID:8552
- C:\Windows\System\niIIQAD.exe
  C:\Windows\System\niIIQAD.exe
  2⤵
  PID:8588
- C:\Windows\System\ntcrapV.exe
  C:\Windows\System\ntcrapV.exe
  2⤵
  PID:8696
- C:\Windows\System\mBplTOf.exe
  C:\Windows\System\mBplTOf.exe
  2⤵
  PID:8648
- C:\Windows\System\rGYvkZU.exe
  C:\Windows\System\rGYvkZU.exe
  2⤵
  PID:8784
- C:\Windows\System\MgJHbjv.exe
  C:\Windows\System\MgJHbjv.exe
  2⤵
  PID:8752
- C:\Windows\System\vyGZUtv.exe
  C:\Windows\System\vyGZUtv.exe
  2⤵
  PID:8972
- C:\Windows\System\EWMEFCw.exe
  C:\Windows\System\EWMEFCw.exe
  2⤵
  PID:9068
- C:\Windows\System\mhRDUkM.exe
  C:\Windows\System\mhRDUkM.exe
  2⤵
  PID:9020
- C:\Windows\System\cpIHCFO.exe
  C:\Windows\System\cpIHCFO.exe
  2⤵
  PID:8284
- C:\Windows\System\axoCUuL.exe
  C:\Windows\System\axoCUuL.exe
  2⤵
  PID:8364
- C:\Windows\System\lKLPVtH.exe
  C:\Windows\System\lKLPVtH.exe
  2⤵
  PID:9184
- C:\Windows\System\YTNGcpA.exe
  C:\Windows\System\YTNGcpA.exe
  2⤵
  PID:8616
- C:\Windows\System\rKRaJsh.exe
  C:\Windows\System\rKRaJsh.exe
  2⤵
  PID:9036
- C:\Windows\System\TtghWZU.exe
  C:\Windows\System\TtghWZU.exe
  2⤵
  PID:8828
- C:\Windows\System\QXjkISf.exe
  C:\Windows\System\QXjkISf.exe
  2⤵
  PID:8376
- C:\Windows\System\wZoHQax.exe
  C:\Windows\System\wZoHQax.exe
  2⤵
  PID:8736
- C:\Windows\System\UUgzFiP.exe
  C:\Windows\System\UUgzFiP.exe
  2⤵
  PID:8780
- C:\Windows\System\anMEuRE.exe
  C:\Windows\System\anMEuRE.exe
  2⤵
  PID:9180
- C:\Windows\System\LHqYSEz.exe
  C:\Windows\System\LHqYSEz.exe
  2⤵
  PID:8248
- C:\Windows\System\iuVQrly.exe
  C:\Windows\System\iuVQrly.exe
  2⤵
  PID:9232
- C:\Windows\System\ZCBlVZz.exe
  C:\Windows\System\ZCBlVZz.exe
  2⤵
  PID:9248
- C:\Windows\System\ecMDJqL.exe
  C:\Windows\System\ecMDJqL.exe
  2⤵
  PID:9264
- C:\Windows\System\MUQlhRw.exe
  C:\Windows\System\MUQlhRw.exe
  2⤵
  PID:9280
- C:\Windows\System\cfzmNkn.exe
  C:\Windows\System\cfzmNkn.exe
  2⤵
  PID:9296
- C:\Windows\System\pCFoPBw.exe
  C:\Windows\System\pCFoPBw.exe
  2⤵
  PID:9312
- C:\Windows\System\PdaIyeS.exe
  C:\Windows\System\PdaIyeS.exe
  2⤵
  PID:9328
- C:\Windows\System\VFGcYOb.exe
  C:\Windows\System\VFGcYOb.exe
  2⤵
  PID:9344
- C:\Windows\System\zEjIwgB.exe
  C:\Windows\System\zEjIwgB.exe
  2⤵
  PID:9360
- C:\Windows\System\GYGtevt.exe
  C:\Windows\System\GYGtevt.exe
  2⤵
  PID:9376
- C:\Windows\System\aOngXQF.exe
  C:\Windows\System\aOngXQF.exe
  2⤵
  PID:9392
- C:\Windows\System\XYkePLT.exe
  C:\Windows\System\XYkePLT.exe
  2⤵
  PID:9408
- C:\Windows\System\mPEorcz.exe
  C:\Windows\System\mPEorcz.exe
  2⤵
  PID:9424
- C:\Windows\System\ILsXOBv.exe
  C:\Windows\System\ILsXOBv.exe
  2⤵
  PID:9440
- C:\Windows\System\SupjSQr.exe
  C:\Windows\System\SupjSQr.exe
  2⤵
  PID:9456
- C:\Windows\System\ViEjCBw.exe
  C:\Windows\System\ViEjCBw.exe
  2⤵
  PID:9472
- C:\Windows\System\tayogGs.exe
  C:\Windows\System\tayogGs.exe
  2⤵
  PID:9488
- C:\Windows\System\bjqdoGT.exe
  C:\Windows\System\bjqdoGT.exe
  2⤵
  PID:9504
- C:\Windows\System\clwWZzT.exe
  C:\Windows\System\clwWZzT.exe
  2⤵
  PID:9520
- C:\Windows\System\zeRBlyM.exe
  C:\Windows\System\zeRBlyM.exe
  2⤵
  PID:9536
- C:\Windows\System\gbaPipX.exe
  C:\Windows\System\gbaPipX.exe
  2⤵
  PID:9552
- C:\Windows\System\lquTKeT.exe
  C:\Windows\System\lquTKeT.exe
  2⤵
  PID:9568
- C:\Windows\System\iYmAFTL.exe
  C:\Windows\System\iYmAFTL.exe
  2⤵
  PID:9584
- C:\Windows\System\nNHVlEG.exe
  C:\Windows\System\nNHVlEG.exe
  2⤵
  PID:9600
- C:\Windows\System\hpHgFsy.exe
  C:\Windows\System\hpHgFsy.exe
  2⤵
  PID:9616
- C:\Windows\System\ismUbOu.exe
  C:\Windows\System\ismUbOu.exe
  2⤵
  PID:9632
- C:\Windows\System\KtCLgjb.exe
  C:\Windows\System\KtCLgjb.exe
  2⤵
  PID:9648
- C:\Windows\System\vsuqPzq.exe
  C:\Windows\System\vsuqPzq.exe
  2⤵
  PID:9664
- C:\Windows\System\bMXPzov.exe
  C:\Windows\System\bMXPzov.exe
  2⤵
  PID:9680
- C:\Windows\System\YHiurOf.exe
  C:\Windows\System\YHiurOf.exe
  2⤵
  PID:9700
- C:\Windows\System\oDabQME.exe
  C:\Windows\System\oDabQME.exe
  2⤵
  PID:9716
- C:\Windows\System\jvxItEc.exe
  C:\Windows\System\jvxItEc.exe
  2⤵
  PID:9732
- C:\Windows\System\HBVXFoF.exe
  C:\Windows\System\HBVXFoF.exe
  2⤵
  PID:9748
- C:\Windows\System\ykQaPOg.exe
  C:\Windows\System\ykQaPOg.exe
  2⤵
  PID:9764
- C:\Windows\System\iWwKZue.exe
  C:\Windows\System\iWwKZue.exe
  2⤵
  PID:9784
- C:\Windows\System\ymTgWJN.exe
  C:\Windows\System\ymTgWJN.exe
  2⤵
  PID:9800
- C:\Windows\System\KNxfyjp.exe
  C:\Windows\System\KNxfyjp.exe
  2⤵
  PID:9816
- C:\Windows\System\fEjAzBf.exe
  C:\Windows\System\fEjAzBf.exe
  2⤵
  PID:9832
- C:\Windows\System\HwlQSvz.exe
  C:\Windows\System\HwlQSvz.exe
  2⤵
  PID:9848
- C:\Windows\System\ZhJeUsr.exe
  C:\Windows\System\ZhJeUsr.exe
  2⤵
  PID:9864
- C:\Windows\System\zrbJKOu.exe
  C:\Windows\System\zrbJKOu.exe
  2⤵
  PID:9880
- C:\Windows\System\bbJQUFm.exe
  C:\Windows\System\bbJQUFm.exe
  2⤵
  PID:9896
- C:\Windows\System\IqeoZUG.exe
  C:\Windows\System\IqeoZUG.exe
  2⤵
  PID:9912
- C:\Windows\System\rCVvSpq.exe
  C:\Windows\System\rCVvSpq.exe
  2⤵
  PID:9928
- C:\Windows\System\PBWMrPF.exe
  C:\Windows\System\PBWMrPF.exe
  2⤵
  PID:9944
- C:\Windows\System\vOQaRga.exe
  C:\Windows\System\vOQaRga.exe
  2⤵
  PID:9960
- C:\Windows\System\dSNeQlJ.exe
  C:\Windows\System\dSNeQlJ.exe
  2⤵
  PID:9976
- C:\Windows\System\SPMZdaX.exe
  C:\Windows\System\SPMZdaX.exe
  2⤵
  PID:9992
- C:\Windows\System\cHnwXmN.exe
  C:\Windows\System\cHnwXmN.exe
  2⤵
  PID:10008
- C:\Windows\System\QoilXrr.exe
  C:\Windows\System\QoilXrr.exe
  2⤵
  PID:10028
- C:\Windows\System\ZryUIBK.exe
  C:\Windows\System\ZryUIBK.exe
  2⤵
  PID:10044
- C:\Windows\System\cesfYvK.exe
  C:\Windows\System\cesfYvK.exe
  2⤵
  PID:10060
- C:\Windows\System\ywxTNUt.exe
  C:\Windows\System\ywxTNUt.exe
  2⤵
  PID:10076
- C:\Windows\System\XZnKZoK.exe
  C:\Windows\System\XZnKZoK.exe
  2⤵
  PID:10092
- C:\Windows\System\TWfLIfD.exe
  C:\Windows\System\TWfLIfD.exe
  2⤵
  PID:10108
- C:\Windows\System\JPjAOvR.exe
  C:\Windows\System\JPjAOvR.exe
  2⤵
  PID:10124
- C:\Windows\System\KkLYwhN.exe
  C:\Windows\System\KkLYwhN.exe
  2⤵
  PID:10140
- C:\Windows\System\HqavNSp.exe
  C:\Windows\System\HqavNSp.exe
  2⤵
  PID:10156
- C:\Windows\System\OqznAPr.exe
  C:\Windows\System\OqznAPr.exe
  2⤵
  PID:10172
- C:\Windows\System\dlqHTSx.exe
  C:\Windows\System\dlqHTSx.exe
  2⤵
  PID:10188
- C:\Windows\System\FoAtaww.exe
  C:\Windows\System\FoAtaww.exe
  2⤵
  PID:10204
- C:\Windows\System\lWnEGws.exe
  C:\Windows\System\lWnEGws.exe
  2⤵
  PID:10220
- C:\Windows\System\YLsMvUW.exe
  C:\Windows\System\YLsMvUW.exe
  2⤵
  PID:10236
- C:\Windows\System\uECeSVC.exe
  C:\Windows\System\uECeSVC.exe
  2⤵
  PID:8704
- C:\Windows\System\HDaDMDX.exe
  C:\Windows\System\HDaDMDX.exe
  2⤵
  PID:9240
- C:\Windows\System\jpekliJ.exe
  C:\Windows\System\jpekliJ.exe
  2⤵
  PID:9308
- C:\Windows\System\zaOwYkS.exe
  C:\Windows\System\zaOwYkS.exe
  2⤵
  PID:8908
- C:\Windows\System\PKsSEPR.exe
  C:\Windows\System\PKsSEPR.exe
  2⤵
  PID:9404
- C:\Windows\System\WPTZDus.exe
  C:\Windows\System\WPTZDus.exe
  2⤵
  PID:9432
- C:\Windows\System\YKakRRF.exe
  C:\Windows\System\YKakRRF.exe
  2⤵
  PID:9320
- C:\Windows\System\xZMOeBE.exe
  C:\Windows\System\xZMOeBE.exe
  2⤵
  PID:9496
- C:\Windows\System\NDArIpR.exe
  C:\Windows\System\NDArIpR.exe
  2⤵
  PID:9228
- C:\Windows\System\gIiOAwi.exe
  C:\Windows\System\gIiOAwi.exe
  2⤵
  PID:9560
- C:\Windows\System\HTVycVi.exe
  C:\Windows\System\HTVycVi.exe
  2⤵
  PID:9484
- C:\Windows\System\KABZEUy.exe
  C:\Windows\System\KABZEUy.exe
  2⤵
  PID:9352
- C:\Windows\System\EzRUbCW.exe
  C:\Windows\System\EzRUbCW.exe
  2⤵
  PID:9576
- C:\Windows\System\cavgpWg.exe
  C:\Windows\System\cavgpWg.exe
  2⤵
  PID:9656
- C:\Windows\System\cccBhnr.exe
  C:\Windows\System\cccBhnr.exe
  2⤵
  PID:9516
- C:\Windows\System\HcChAVr.exe
  C:\Windows\System\HcChAVr.exe
  2⤵
  PID:9640
- C:\Windows\System\tVjXADU.exe
  C:\Windows\System\tVjXADU.exe
  2⤵
  PID:9676
- C:\Windows\System\ndrKqvc.exe
  C:\Windows\System\ndrKqvc.exe
  2⤵
  PID:9712
- C:\Windows\System\gxEMHFR.exe
  C:\Windows\System\gxEMHFR.exe
  2⤵
  PID:9120
- C:\Windows\System\MmWDsUx.exe
  C:\Windows\System\MmWDsUx.exe
  2⤵
  PID:9796
- C:\Windows\System\GCrvzAS.exe
  C:\Windows\System\GCrvzAS.exe
  2⤵
  PID:9856
- C:\Windows\System\nOZSyqM.exe
  C:\Windows\System\nOZSyqM.exe
  2⤵
  PID:9812
- C:\Windows\System\KWMMMEb.exe
  C:\Windows\System\KWMMMEb.exe
  2⤵
  PID:9924
- C:\Windows\System\EDLuqwo.exe
  C:\Windows\System\EDLuqwo.exe
  2⤵
  PID:9988
- C:\Windows\System\FhlbIOn.exe
  C:\Windows\System\FhlbIOn.exe
  2⤵
  PID:10056
- C:\Windows\System\DrVVtew.exe
  C:\Windows\System\DrVVtew.exe
  2⤵
  PID:10116
- C:\Windows\System\pEZkbWf.exe
  C:\Windows\System\pEZkbWf.exe
  2⤵
  PID:10180
- C:\Windows\System\dLZZafr.exe
  C:\Windows\System\dLZZafr.exe
  2⤵
  PID:9936
- C:\Windows\System\xbjuwnL.exe
  C:\Windows\System\xbjuwnL.exe
  2⤵
  PID:9844
- C:\Windows\System\BJBKiNM.exe
  C:\Windows\System\BJBKiNM.exe
  2⤵
  PID:10196
- C:\Windows\System\hGVbcDN.exe
  C:\Windows\System\hGVbcDN.exe
  2⤵
  PID:9908
- C:\Windows\System\BEFChVx.exe
  C:\Windows\System\BEFChVx.exe
  2⤵
  PID:10004
- C:\Windows\System\paiCESE.exe
  C:\Windows\System\paiCESE.exe
  2⤵
  PID:10100
- C:\Windows\System\lpcbtaW.exe
  C:\Windows\System\lpcbtaW.exe
  2⤵
  PID:10168
- C:\Windows\System\JemDdZM.exe
  C:\Windows\System\JemDdZM.exe
  2⤵
  PID:8684
- C:\Windows\System\RMcwOIo.exe
  C:\Windows\System\RMcwOIo.exe
  2⤵
  PID:9276
- C:\Windows\System\fbGApsl.exe
  C:\Windows\System\fbGApsl.exe
  2⤵
  PID:8896
- C:\Windows\System\zWhczWx.exe
  C:\Windows\System\zWhczWx.exe
  2⤵
  PID:8480
- C:\Windows\System\wQjOYRH.exe
  C:\Windows\System\wQjOYRH.exe
  2⤵
  PID:8216
- C:\Windows\System\RzkHTYj.exe
  C:\Windows\System\RzkHTYj.exe
  2⤵
  PID:9384
- C:\Windows\System\OyeySYR.exe
  C:\Windows\System\OyeySYR.exe
  2⤵
  PID:9532
- C:\Windows\System\nshPnUw.exe
  C:\Windows\System\nshPnUw.exe
  2⤵
  PID:9324
- C:\Windows\System\DyLQygn.exe
  C:\Windows\System\DyLQygn.exe
  2⤵
  PID:9448
- C:\Windows\System\TVAxjTU.exe
  C:\Windows\System\TVAxjTU.exe
  2⤵
  PID:9660
- C:\Windows\System\lskGAzX.exe
  C:\Windows\System\lskGAzX.exe
  2⤵
  PID:9744
- C:\Windows\System\uWXVFpo.exe
  C:\Windows\System\uWXVFpo.exe
  2⤵
  PID:10024
- C:\Windows\System\XBcEwZr.exe
  C:\Windows\System\XBcEwZr.exe
  2⤵
  PID:9876
- C:\Windows\System\scMzxcK.exe
  C:\Windows\System\scMzxcK.exe
  2⤵
  PID:10040
- C:\Windows\System\ZLzhAbI.exe
  C:\Windows\System\ZLzhAbI.exe
  2⤵
  PID:8608
- C:\Windows\System\zGHwbfF.exe
  C:\Windows\System\zGHwbfF.exe
  2⤵
  PID:9792
- C:\Windows\System\aAaRXVr.exe
  C:\Windows\System\aAaRXVr.exe
  2⤵
  PID:9888
- C:\Windows\System\hYmWeGg.exe
  C:\Windows\System\hYmWeGg.exe
  2⤵
  PID:10088
- C:\Windows\System\eDWUuyT.exe
  C:\Windows\System\eDWUuyT.exe
  2⤵
  PID:10164
- C:\Windows\System\XTiAZCK.exe
  C:\Windows\System\XTiAZCK.exe
  2⤵
  PID:10136
- C:\Windows\System\pMDwSHY.exe
  C:\Windows\System\pMDwSHY.exe
  2⤵
  PID:9088
- C:\Windows\System\dHEyLMv.exe
  C:\Windows\System\dHEyLMv.exe
  2⤵
  PID:9420
- C:\Windows\System\UzcMYRd.exe
  C:\Windows\System\UzcMYRd.exe
  2⤵
  PID:8720
- C:\Windows\System\bbRhVJs.exe
  C:\Windows\System\bbRhVJs.exe
  2⤵
  PID:9468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\MDvmCdB.exe

Filesize
6.0MB

MD5
10db31636b76ac3a7c4eed59d8eaec58

SHA1
439c6b065527b7a4756d41502d7f764a3e3bfb76

SHA256
f130b0468a785614ef53ceea21e3ef65f44aaf47997ffe4705e59d8a15877bc1

SHA512
f32c90734ee218c51630cf2695e0b778091b9afa6063a516ca046272dc8383295a766930852da47e37d24efefc51dd9800bddcfae45b27c1c70ab513dd4fbe2f

Download Submit
C:\Windows\system\QWHafrO.exe

Filesize
6.0MB

MD5
d89d549b3eb52c091f42ff84300d5417

SHA1
25a1ab4fdf00bce8747cd16276ad91a779c8b73e

SHA256
bda76ac2f617beb002659220cc47d0db2304c9cb0b9c638cf133a9d7f1a2ffae

SHA512
7f9c8503aef9ffe11f657eec9c736664a35f4307b3b8050e9fe897122cb509bb566afe024574200db5e6bedff535e69cb4a24220a432461ca674bd938191c30e

Download Submit
C:\Windows\system\TjDlGdf.exe

Filesize
6.0MB

MD5
d0a5eec87eee0b13957024d9db8b6570

SHA1
e78bd094b2bcdfc5f19d605763878b5e4303d535

SHA256
baed5092550c71a14ca7c213020a3ed23b59236f15e15e99481fa52a75dcf595

SHA512
ea3db589709f6860a64bfd70ef25babbc4ab7f4c38ce32c836bab33b0bb716aba795ee5fb0984682230550136b726c020f38c8efd7dae051ab7a534a6abb0208

Download Submit
C:\Windows\system\VHVrhAa.exe

Filesize
6.0MB

MD5
ba13e1617fcfe9be9077fe440b041166

SHA1
6a0897cbbb11c2946838d17a69e92c9a69a3bd62

SHA256
193618f2638916c3c00c762298732578d13ac2ff7a49e9e50bf9c00b6531aa63

SHA512
2c9d444ab4b0112f1f163bfce8c1e09516dff169cd472faeb7741038591d9c57b80de647936244769754e1b2519f85df3ea9473f509609eb0c1b37355ff8e937

Download Submit
C:\Windows\system\VjtYLZK.exe

Filesize
6.0MB

MD5
9d97c8b83daee2332edb8242835b3e07

SHA1
3ea8d60d3bc404e7047ccbaa1bd5aa29ec6e63a5

SHA256
03da6a26e6ed19dc363229a126b13312a09ca9112fe62aeed4323127728c549b

SHA512
859fdfb2f9eb7e6b32ef52d3eb562d58fd0d6b767ac68baf8b8361e7eb91c950640e005bd790bcb671cb344849944f1fd76584158a1775c379348ba285db0ef3

Download Submit
C:\Windows\system\YbTYJsy.exe

Filesize
6.0MB

MD5
73cbb5601c0a584bd071108dbfd93e2b

SHA1
1fddd3fc407a57a304806eccaf29a69bc46f4830

SHA256
f04da937ee23a4f146bc406fd51b8dd57d7daa6a327017ca521244e155ce57d4

SHA512
4bd74cc61357b46254b8f3c5e0b57bbfab4cdbb8dc750e0c9cea816b09206e29b7d83fba5e43a8b89d084173b02c4fdf2601829f5fb793d141c61bb418469620

Download Submit
C:\Windows\system\duzsJng.exe

Filesize
6.0MB

MD5
c4365bce3a94bb437aef35b7bec56308

SHA1
298cec3d434e05251c282252cb5ab5fbe65789b4

SHA256
8184e5afa8f2646a09c16a463bebe2012223378e2bedb329e6cdf0ea3a32e329

SHA512
24b18b0c4ccb73e4428f97558096f80bf0ccd4478161c50f58d68bb50e50e70ed24e002c45f5c3bf62424195303229977c4b6a153090c1473c380c53752a7f2c

Download Submit
C:\Windows\system\dyrNOhB.exe

Filesize
6.0MB

MD5
00e962f696da79a1f5d7d5ef969db535

SHA1
a6ecc66c450c5d5463d89ae4647996678fca1c64

SHA256
a504f62fc423e92d0575cf82756d18c11256ae3df65ed3842dc524c5257e6bc1

SHA512
0c038957385ae40f1adca78c7b0c8e1cd6995abdbde917586cd7fa548e163ba8d17ff52502ab550858dbf0da2e3cd7be7a9da8b3de3841169eae74d36c164bf5

Download Submit
C:\Windows\system\gHRtNIm.exe

Filesize
6.0MB

MD5
21092433a4dd82f51c54f9e7bd1a8399

SHA1
859f01febb4e4de38381a971cde53eacef67d76b

SHA256
72b24927d6974b70a235e0bd643f64ab72ecfbc940bd1b992178f0a97dc11e9e

SHA512
e42fde8fbbd5884656df5b31ffe64eca52c506ecc4de7311ca949ffc81a632f6d0a2d4da86629cadf6e87da311a0eb5c39cd2ef1394176aa2f22ce55c7331c7a

Download Submit
C:\Windows\system\lgNVJqf.exe

Filesize
6.0MB

MD5
b987ff7e19737bb0c0417952c22a3d9c

SHA1
1e0678cd2930376ddeadf4d9acde46e537a21ecf

SHA256
34fc7af72ebedc2e4f783b4f54f4d1b3efeaf0ad5df000fe53e73096065c6e15

SHA512
3cba2c92f29111e6c4fe321967b81620c0c7867a9e2e2eae2b44885267d9172e64ab46704a57a65c2447191ea73cd700fc7be13c0a6322c590c0a14980299766

Download Submit
C:\Windows\system\ljyFbvd.exe

Filesize
6.0MB

MD5
1ba9d00a31570682e276c77534d39083

SHA1
6f5999aaf532e5a5ac43b14b842e71839adacda2

SHA256
05ab726f1db8fd792bd4cf557c3c641858d23640afa665ab77d6a855fe623fdf

SHA512
6c14547ca9c2673851d2c3830cca5dd638917efaa95897d01e07b25f59881cfc708af760a8cb5a27e7614aa7fa65df339b81db82b810e0c0b7c0ac30eb2ec86b

Download Submit
C:\Windows\system\nfyJLmO.exe

Filesize
6.0MB

MD5
429d84d2d75924722a0138b62da3e1af

SHA1
8b3431aa012e9003beced267096335dd75b2519f

SHA256
127c41eca6a889789fd59da9d85792a927ee6daeca86e7f6452083be77627251

SHA512
86cd722e48e0a6f15754ec1c9129e1efc6e6e399d2e5acfde75d188caf40b4606999ffe2ec7a253fd3d611cc4bc05a177db03fe08ac54824009084b6ae8770d3

Download Submit
C:\Windows\system\qJlkODC.exe

Filesize
6.0MB

MD5
dee65bc81f1d7356cc67d583e0e8c5ea

SHA1
f0a02699b5e997edea164b3ff56cdaf796a4c7f3

SHA256
6b55d9d77649f2567b956bebc9c92bfe53fb073870d1ea6d78468fcecb95926b

SHA512
60296ec3cc2dc99b5cff823aa296ed63776f582b04207688f64f0929631361e76f26b0fa9d8a6c07d1ab8a253ce5677deabcd9dcd40234f3199b7546dfa4810d

Download Submit
C:\Windows\system\vNklKxR.exe

Filesize
6.0MB

MD5
75e0f5b35e852c3a0e8bc62567cd81d3

SHA1
028ad7c8b81d3e97ba5c3cc1a72730da6495826c

SHA256
9edf14827069717ceef5106deb1452e80cce9e8714229e89fc41004b472bc3f4

SHA512
67e2d6c03a9d9c46efc15b62448b3d155393168df4f1a1b153f4262b904f32deca69f07f84548498e87e398611da5af1a8375d55f2064c165c44503337463c79

Download Submit
C:\Windows\system\vSJegTF.exe

Filesize
6.0MB

MD5
12726889005df4007ecd88e87e009d24

SHA1
d252b6597d8a0366ccc10eb2e1682bad3d7137ee

SHA256
4e5b6deb281b8bcb86f6dfeea659f8570d7af07e9af92c968bfb385164c490d7

SHA512
78e9f6121f83359359c1488c841ebe0d97834f9b5f5428c2669f618f7e8a1dc41083adc1363ed6ac629380b657d47128da28ee0a454087e9fbec222d5627e4e8

Download Submit
C:\Windows\system\vSoQvqT.exe

Filesize
6.0MB

MD5
fca957d6271c61fbd81ddf2b69e39b16

SHA1
9fef61488a1926afdeb823dbe7e0c5c612fd50a9

SHA256
41f8ea14d469962c13ec6226759287d860df3e2acfd06131c2e96c159652479a

SHA512
415ca02cf0182976f38e127c9c8ccc4785ac8afe523bd622f51e5de2c1d8abe0e2cf60bd4ecb4c18150bd9105439dd680619b1a83d46895b3352e4668965d5e0

Download Submit
C:\Windows\system\yVOsGls.exe

Filesize
6.0MB

MD5
63aabe5db34ef2f97a48c43ab5cc0d96

SHA1
cae4b6977b7fef46a8a62a0c0569602dd800f0ee

SHA256
af3d4a70cb8d1dcfaacef4022473bca406880e399611fbf2a428404bccc1e459

SHA512
cee1b51d30f257ff59dc4e2f5064df9e4301e1cb9a2da1a41401f7f87413a29a413d2339d37c20eafe1e9fc9f3d9fce05728b37d6fae840a94f8836659283206

Download Submit
C:\Windows\system\yZVbhvL.exe

Filesize
6.0MB

MD5
eb7d0ea84aea4daa7e8aa1949f9f387a

SHA1
d0e4432222b26bdc44cf217ae4357445ba7e12b2

SHA256
adb45451a755490cbe43d05bf2f905b5ebcee73aeb27143f80814a6a5d789398

SHA512
a6f08e93637b976c810499deb85a1d1b602c81bcdd3025bd8527a3feb30e2f23e5d573eccf347b817d2fd20e8923c9c76d17ba88d497605fb809cddae5d6937a

Download Submit
\Windows\system\DoadBxI.exe

Filesize
6.0MB

MD5
2408f16009891c3832650dbd1361ed5a

SHA1
b6aa0eae064f7ac53eb0f96653f2073573754c6e

SHA256
142d42094934e92d2444767d67cd6b9b34b51e4092ad50f194b3a2e4c16fcbc8

SHA512
9b026747f4bce9457d70c21a192dd8112a63a12c08ba152419d845f8e3bdca5b5545bc11f647d68c9a557f16c85e1e781b3c3ec8cecbd34bada257d64b5e7995

Download Submit
\Windows\system\EHTKnJD.exe

Filesize
6.0MB

MD5
f165503ae4f1e7ca6b6039eccc21511d

SHA1
9da84d279ced5bfdcd680867d3402d146ac52385

SHA256
9d3fb695d871127befdb796e9a573fb4e7a0e6075c423ff922d3d6702e5a47f5

SHA512
31ee16f2f257e4e1be603f4e63e77fb51f8a53378974b9d49d25d85d73a45cc1866e6547879841903a68ea6c29e8d8c8cc6235f1d7af0bffb8ee703f44a29428

Download Submit
\Windows\system\IAHYftJ.exe

Filesize
6.0MB

MD5
effa8128dad12fc3f96a095490f5ebf8

SHA1
c22431aad5c4faf1ba7e452017bc5ecb67dff240

SHA256
283e620745db6d6ca4efc0502b194367cf98dcfbbf0838d649198a6772f4a16c

SHA512
232144d13b3900a80a8eada26fcca3a4d7afecba11002bc1be3ad265c0e5313c29c3c2619925efa7c07d96fa681e89792b53c5bd79053087787f1f8252a563dd

Download Submit
\Windows\system\JgTBOBs.exe

Filesize
6.0MB

MD5
32e4d6f32757b2bfdc1be727e3702daa

SHA1
00b0a85418b0962ad94e3f68723b9f3e177f4855

SHA256
7ac7b16409cd16315ca3713127c2d1912d04c337844f69d9ab9497037661188f

SHA512
17fe30ca2a8e480e8897ceb6edbff8b15893d5f566148bef9e8c38aaf8ba34b4a9047aad3d5435716b5dca2209e1cf01eed7404de8d6a9132b98e0fe508e306b

Download Submit
\Windows\system\PWaYMgN.exe

Filesize
6.0MB

MD5
28d7311591ae3a2680686c5add98d4e4

SHA1
689850798ed5fe255ac1f76ebdd1003e5db7c33e

SHA256
10e34e3d40abd154b641fd4129bfb56f321ed25f2e3930a090253d2f5aafe812

SHA512
b317124c36530965c09ac505603df96a738d246a6deaeec956769ca9bfb242e6a4c8c44d8d7ae2b39f8c1cb08c087f63fceea75e1416f6f8e527a450d5c17b24

Download Submit
\Windows\system\UDkJqKa.exe

Filesize
6.0MB

MD5
595be8de5162a0f39f812327ec1b373b

SHA1
8f1f5e42b54faea8d8f9a859409d2de3ba89d6f9

SHA256
4d3b318753444cba75c2a4ff53e71c3a020c3fb5e82639e0dde808b377a932d6

SHA512
1d79d7217045324519ed808d4f8a91774612af14a8de9a4996bbbda2b930ae58a9964ca7c03640d32e2eb2ffe024fdd3601642525204ef1a76b9476fa52b2b54

Download Submit
\Windows\system\UVgWHaS.exe

Filesize
6.0MB

MD5
c35a8886aed8a4c490743051918184c1

SHA1
58bdf8a50dd217a751ab0a625150898d5dfb4ae0

SHA256
e0ad6b206cfd445507e3a1c3e1d265d631f6c254c375d4dd3fb41f7744c4cedb

SHA512
cc18e6bd6d7320cc2d320c860f7ebda915c7a7118f41a6204a60784a6da595416212c1804ac6966d92a8364c977d80428e21dff8df1c151ccffc7cab0e1ab0ff

Download Submit
\Windows\system\VuwrRqo.exe

Filesize
6.0MB

MD5
d7d190b3ac8fffaeae246e5fcc96f86a

SHA1
005ecb863ce8712fe893ddecc2df703bb78ca338

SHA256
59b48b04f439b2272bfab0095d90e0e3f181d6ea0ee17e0b230af1ba5546edee

SHA512
d436c7407be0fa075fe4635f6cb1d129db786ecb5a6990ff42fa8695a99ea101aaef6de89d8550bf8ab52915823b929deb54ef1643855a2f33fdba708c91a282

Download Submit
\Windows\system\XWCGNID.exe

Filesize
6.0MB

MD5
fc2abd5cfa0618fa75eab2a5346f43d2

SHA1
7a2bd8f6a23c5bc5e97ed8e88c4c8d7673e54652

SHA256
965cadd7492497fe5a01505dc7d031690aeff7d984f26d41e577aad8cff08b09

SHA512
77a0054cc0a19d3adcc37e7be6eed0af25ce54c0e1a3619c2e619374b9481be627775c00734199c15b6678f6052937d51972123b55f84f091018998f9f145a8c

Download Submit
\Windows\system\YVXtyYD.exe

Filesize
6.0MB

MD5
84b58861d60267da4b00803f3123d041

SHA1
fb15fc0eb1a5272691536779e753d55c02cd1f1e

SHA256
046c20e9f194ee90c1a0d7d9857220bb6d364e74150f16d223cf16cfbdf254aa

SHA512
b7c6756f093ba8e0d020c7ab2d0842dc0caa64beed2cf70cca1f8da5b2f7447fcf863984508083c69782918a08d59a3ca88dad58363d7ccd515a8c90b7609976

Download Submit
\Windows\system\YkADwNW.exe

Filesize
6.0MB

MD5
c55b0b8d43cbf68cfbcc40ea93687529

SHA1
2092df4e295618a63e15189405a2f407f5ead895

SHA256
4d359395030c1bbc05311833561c5119505246060da4c459859513b79f581d9e

SHA512
6480541bea0b0bfdc96dac0967256fb079e65501d2afdab8db45adc34a67aee1ae73db2695186d9f9bef96f3280d620dab69a1ce614da94755b2ccff325642ed

Download Submit
\Windows\system\ZZVQHFG.exe

Filesize
6.0MB

MD5
20aa7f402b69061202fa0e7e31804423

SHA1
f8b673bfaff62a856d86a6b18d77d62e0d10d605

SHA256
d6b6d79028e9e5e095d2adaabf28022ccaddd4b5f7133ddf4953f79d3dda5186

SHA512
91a7f81498f6453dd7ac95f2d47a9d9f978adf307f7fdf0c36504f64a083419ba4845943936fe16454cbe0cbf4fcf07013ce432865956e3da49dcf5e6317dde3

Download Submit
\Windows\system\ZkNeiVZ.exe

Filesize
6.0MB

MD5
997841c92ea675ecbee484e7327e66d5

SHA1
339ad9796997324eb9818c02ffd17a8c2bde8760

SHA256
4ee71018527ced9c72b09a2e04f3ec0e90000e7e251fc4736f1182b4a994876b

SHA512
18afe9454c24713d44492fc6ac0d042b2c6e0ed5c6fb496420fe8e8a209fb51910edd3a53c665a61d473fcf95d8c8301c8f674d108a8f06ab4b68e4d472f4437

Download Submit
\Windows\system\aiZiyRh.exe

Filesize
6.0MB

MD5
a1ea97adc581f53fefa25374d7330c8b

SHA1
607a514b2d41d0affc43b190120662d80125a329

SHA256
1b3c954a57eccbc4934b4c36e08f06057c4f6fef459cfd9a362ad3e7b252e8d6

SHA512
7d5413bfd74d168ea848c56f7c9cee912e32e622f567526e096d55565d4c11b0e7a90e1e0ece98e819bb44df8e8e4558ea34c1e7b5346de3a18454d15ceaa5df

Download Submit
\Windows\system\ioCPgOe.exe

Filesize
6.0MB

MD5
c9aa801b8df96e217584a98c18123b40

SHA1
0dd2e5cad342a7aa87d5c5529afb0e881823de3a

SHA256
1344c42f2d9c458524a041bf73181866337cbeb75d178018717c7411433090a2

SHA512
8428864aef768dd36f6338d77329dbc0d76c83bf8e1771434b153a08a99f7783afc431ffb9a9b4dff178ff48569b20c22610c71b86489b05cbfe8bccf8bda83a

Download Submit
\Windows\system\jYDUaCt.exe

Filesize
6.0MB

MD5
47fd602f2469caf220b652d578e5de6a

SHA1
23f3815b82dada8ad31d49c8a40e5cbbd90cadc3

SHA256
a4e9883955eb992df35713e3c84d35ea63705c5d511bd30ed41395f1f8a990e8

SHA512
637c1e614dce35e71e08672339adfeeeed40e8d5855e0d97473e49fbadd77ac92ea3eca679ed709d394e2d6e22ffd9d54a340d94e07d8339a5751e5770e97347

Download Submit
\Windows\system\nAnXaMq.exe

Filesize
6.0MB

MD5
14977437be84a30fe0bbd9fada308503

SHA1
cf2c872bc3b2fb6798606bd0a6b3ae2794f6387a

SHA256
366c1661f87a4b38d6125a0c8d0b792fc70d1dea72f3d0177c0f61f15eb23915

SHA512
e253649e6bc24ff3a51b8fdac81ef1b032216781793b31cbbad9454c6429d756e0e2bd53a3915eebda7d12628d729002b01ab03bde151a277b0ca274aff6b678

Download Submit
\Windows\system\nQvSpoL.exe

Filesize
6.0MB

MD5
16dc0bc102165a579a8abd4fa23bfdf4

SHA1
99f0a7ef3ec27d0ba4d44a155655bc2181d5608b

SHA256
d5c1378a9ed1f63a0a280f6920e548f1880b2cc653d5d56d2a1ae27155b1d1ed

SHA512
296f0b59734a01f83c4739ab4c67322d244ae00defb10d719a8258ae26c5bacae516b284b7f2abc533e539a4b36acdc5000cb6f8524f15cf47f0d3c3d83fa37e

Download Submit
\Windows\system\ovmGerf.exe

Filesize
6.0MB

MD5
ced85588c7ebd1fa70813c9728a7252b

SHA1
2fd0fe117dfa77174fd461a63d084d0e1f2d7a53

SHA256
cf098b7ff8f98131e63ed2cbe417e0f9709afed7d57991f8f25e7a7713cf2c9e

SHA512
92d7d33d84efe1ace751bb9d7b46509abe63a76905d8a8ee9073b53dae73f7d933666ca4510e81f953ceaae852c9b576a87e6a679730df5769c0bd1313817ec9

Download Submit
\Windows\system\qvIXtmS.exe

Filesize
6.0MB

MD5
aba8f8a2816bd3f05fd49a577005230f

SHA1
39252267c870c09bad61d823f5b3a14ccaca52fa

SHA256
1bae0a91778d7f879eebffd7d6bf0bbb34a68db65c215a0dace63bd3013ffe8e

SHA512
f2408c5bfe60fd015440d1f064e492eebed9b8d1dcf086d887e9fed5c184c028ce89ee5939f3741e554b8dc8b6ed0097a9e7908ef070685ea31a4513de9a7926

Download Submit
\Windows\system\tbdIAnC.exe

Filesize
6.0MB

MD5
c37e735bfb56da2c3c9be97847d76a6e

SHA1
c952bc6c9cb6fb49e298148b7880fcf0f0fd513f

SHA256
4623c7fbb521881275eaf655575b7205bd8066917acbc2c5f105f59678122827

SHA512
17dcabbd96bf25c874537216835be8342524b99db797da59fa72aa5821763b779ee4b56eb69acd4e646e1ff1edad5ace1b67259f8148968c657643ddb5ec7350

Download Submit
memory/1108-2895-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1108-196-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1924-793-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1924-2866-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1924-23-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2060-2883-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2060-62-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2076-792-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-2874-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-12-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-190-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-2873-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2376-2896-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2376-82-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2532-218-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-799-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-200-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2532-198-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2532-800-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-794-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-179-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2532-178-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-795-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2532-175-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2532-0-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2532-796-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2532-158-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2532-797-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-791-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2532-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2532-42-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2532-206-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-130-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2532-129-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-56-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2532-52-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2532-215-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-798-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-209-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-157-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-2886-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-94-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2696-2825-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2724-150-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2724-2893-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2760-136-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-2872-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-154-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2824-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2996-166-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download