cobaltstrike | 5347e8ffc22a7e36033588504f79b1b9be0fadf702f39f7dddba179866cc40d4

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 10:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

2197d270add6b33d487bc11ec7b27cee
SHA1

47d102a12cc48e47166681b315b5ca35d661ecb6
SHA256

5347e8ffc22a7e36033588504f79b1b9be0fadf702f39f7dddba179866cc40d4
SHA512

6b3e1d72a9f186999887d4ebc6bdd53e0aee936cfb58c3f16108e293f4f127dd4a01156c815ea75cb9f48a6859d1397effb804e721a39f63d667f474fcba22bd
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUL:T+q56utgpPF8u/7L

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\mNWkwfr.exe	cobalt_reflective_dll
\Windows\system\SItmaOI.exe	cobalt_reflective_dll
C:\Windows\system\FaJCpMB.exe	cobalt_reflective_dll
\Windows\system\pTDSojU.exe	cobalt_reflective_dll
\Windows\system\dCwGKec.exe	cobalt_reflective_dll
\Windows\system\OijdWsE.exe	cobalt_reflective_dll
C:\Windows\system\UVQcRjZ.exe	cobalt_reflective_dll
C:\Windows\system\zVEUeNm.exe	cobalt_reflective_dll
C:\Windows\system\ddCMvtX.exe	cobalt_reflective_dll
C:\Windows\system\kIhxbLp.exe	cobalt_reflective_dll
C:\Windows\system\VQcPzzV.exe	cobalt_reflective_dll
C:\Windows\system\pFqzncq.exe	cobalt_reflective_dll
C:\Windows\system\HOyhvOF.exe	cobalt_reflective_dll
C:\Windows\system\HdeShJN.exe	cobalt_reflective_dll
C:\Windows\system\ucGrrvt.exe	cobalt_reflective_dll
C:\Windows\system\hPGzBBe.exe	cobalt_reflective_dll
C:\Windows\system\sXyouZr.exe	cobalt_reflective_dll
C:\Windows\system\rxOoPxs.exe	cobalt_reflective_dll
C:\Windows\system\oPSVvxT.exe	cobalt_reflective_dll
C:\Windows\system\MrdCeEo.exe	cobalt_reflective_dll
C:\Windows\system\zNZiKTv.exe	cobalt_reflective_dll
C:\Windows\system\cXgpiaN.exe	cobalt_reflective_dll
C:\Windows\system\OSmXDkH.exe	cobalt_reflective_dll
C:\Windows\system\qbVjRTK.exe	cobalt_reflective_dll
C:\Windows\system\vNJIZlv.exe	cobalt_reflective_dll
C:\Windows\system\zbWctBH.exe	cobalt_reflective_dll
C:\Windows\system\BTKbdwg.exe	cobalt_reflective_dll
C:\Windows\system\BpJoWtI.exe	cobalt_reflective_dll
C:\Windows\system\nyfySrn.exe	cobalt_reflective_dll
C:\Windows\system\FwSzcbh.exe	cobalt_reflective_dll
C:\Windows\system\bzgzOGe.exe	cobalt_reflective_dll
C:\Windows\system\kvgVbTE.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2824-0-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
\Windows\system\mNWkwfr.exe	xmrig
behavioral1/memory/2824-6-0x0000000002460000-0x00000000027B4000-memory.dmp	xmrig
behavioral1/memory/2916-9-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
\Windows\system\SItmaOI.exe	xmrig
behavioral1/memory/2976-15-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
C:\Windows\system\FaJCpMB.exe	xmrig
\Windows\system\pTDSojU.exe	xmrig
behavioral1/memory/2408-28-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2704-20-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2732-43-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
\Windows\system\dCwGKec.exe	xmrig
behavioral1/memory/2704-60-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
\Windows\system\OijdWsE.exe	xmrig
C:\Windows\system\UVQcRjZ.exe	xmrig
behavioral1/memory/2060-111-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
C:\Windows\system\zVEUeNm.exe	xmrig
C:\Windows\system\ddCMvtX.exe	xmrig
behavioral1/memory/2060-647-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/1248-519-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2260-384-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2872-277-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
C:\Windows\system\kIhxbLp.exe	xmrig
C:\Windows\system\VQcPzzV.exe	xmrig
C:\Windows\system\pFqzncq.exe	xmrig
C:\Windows\system\HOyhvOF.exe	xmrig
C:\Windows\system\HdeShJN.exe	xmrig
C:\Windows\system\ucGrrvt.exe	xmrig
C:\Windows\system\hPGzBBe.exe	xmrig
C:\Windows\system\sXyouZr.exe	xmrig
C:\Windows\system\rxOoPxs.exe	xmrig
C:\Windows\system\oPSVvxT.exe	xmrig
behavioral1/memory/2064-150-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
C:\Windows\system\MrdCeEo.exe	xmrig
C:\Windows\system\zNZiKTv.exe	xmrig
C:\Windows\system\cXgpiaN.exe	xmrig
C:\Windows\system\OSmXDkH.exe	xmrig
C:\Windows\system\qbVjRTK.exe	xmrig
C:\Windows\system\vNJIZlv.exe	xmrig
behavioral1/memory/1248-102-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/480-101-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
C:\Windows\system\zbWctBH.exe	xmrig
behavioral1/memory/712-110-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
C:\Windows\system\BTKbdwg.exe	xmrig
behavioral1/memory/2260-93-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2176-92-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2872-84-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2732-83-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
C:\Windows\system\BpJoWtI.exe	xmrig
behavioral1/memory/2064-76-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2940-75-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/712-69-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2408-68-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
C:\Windows\system\nyfySrn.exe	xmrig
behavioral1/memory/2824-64-0x0000000002460000-0x00000000027B4000-memory.dmp	xmrig
behavioral1/memory/480-61-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2176-52-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2976-51-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
C:\Windows\system\FwSzcbh.exe	xmrig
behavioral1/memory/2916-42-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
C:\Windows\system\bzgzOGe.exe	xmrig
behavioral1/memory/2940-36-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2824-35-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
C:\Windows\system\kvgVbTE.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

mNWkwfr.exeSItmaOI.exeFaJCpMB.exepTDSojU.exekvgVbTE.exebzgzOGe.exeFwSzcbh.exedCwGKec.exenyfySrn.exeOijdWsE.exeBpJoWtI.exeUVQcRjZ.exezbWctBH.exeBTKbdwg.exevNJIZlv.exeqbVjRTK.exezVEUeNm.exeOSmXDkH.execXgpiaN.exezNZiKTv.exeMrdCeEo.exeoPSVvxT.exerxOoPxs.exeddCMvtX.exesXyouZr.exehPGzBBe.exeucGrrvt.exeHdeShJN.exeHOyhvOF.exepFqzncq.exeVQcPzzV.exekIhxbLp.exeCLLewIQ.exeIoXELfd.exezySOIRX.exeZbEkMin.exescmlNwQ.exeSnoZcsa.exepCoxPLT.exeWdHtQMX.exeWkKjTWk.exemxFOlcH.exedcdVfFi.exeAbxJnSe.exeZHTzSXD.exeubaMOIy.exelzGkUtQ.exexWQwily.exeEJXDqXL.exeBvBcJiM.exegpvAvEk.exeNAFWgUT.exeqVFffFk.exewoNAeEY.exeaeEwqfp.exeGJvxLTR.exekuYBNwd.exeeepYKsM.exePfvNNCe.execShlYED.exexPQaZJt.exeNrWeICo.exeHHTAEJn.exetsKHacl.exe

pid	process
2916	mNWkwfr.exe
2976	SItmaOI.exe
2704	FaJCpMB.exe
2408	pTDSojU.exe
2940	kvgVbTE.exe
2732	bzgzOGe.exe
2176	FwSzcbh.exe
480	dCwGKec.exe
712	nyfySrn.exe
2064	OijdWsE.exe
2872	BpJoWtI.exe
2260	UVQcRjZ.exe
1248	zbWctBH.exe
2060	BTKbdwg.exe
1856	vNJIZlv.exe
2736	qbVjRTK.exe
2892	zVEUeNm.exe
1852	OSmXDkH.exe
1032	cXgpiaN.exe
888	zNZiKTv.exe
2180	MrdCeEo.exe
3036	oPSVvxT.exe
2212	rxOoPxs.exe
2488	ddCMvtX.exe
1052	sXyouZr.exe
2440	hPGzBBe.exe
2540	ucGrrvt.exe
448	HdeShJN.exe
2304	HOyhvOF.exe
1068	pFqzncq.exe
1336	VQcPzzV.exe
2464	kIhxbLp.exe
2228	CLLewIQ.exe
1544	IoXELfd.exe
1764	zySOIRX.exe
2564	ZbEkMin.exe
688	scmlNwQ.exe
2436	SnoZcsa.exe
2124	pCoxPLT.exe
1156	WdHtQMX.exe
3060	WkKjTWk.exe
556	mxFOlcH.exe
1632	dcdVfFi.exe
2632	AbxJnSe.exe
3056	ZHTzSXD.exe
2252	ubaMOIy.exe
1732	lzGkUtQ.exe
2136	xWQwily.exe
2996	EJXDqXL.exe
2016	BvBcJiM.exe
1616	gpvAvEk.exe
2972	NAFWgUT.exe
2784	qVFffFk.exe
2756	woNAeEY.exe
2720	aeEwqfp.exe
300	GJvxLTR.exe
352	kuYBNwd.exe
2864	eepYKsM.exe
2024	PfvNNCe.exe
2068	cShlYED.exe
1564	xPQaZJt.exe
2728	NrWeICo.exe
844	HHTAEJn.exe
1836	tsKHacl.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2824-0-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
\Windows\system\mNWkwfr.exe	upx
behavioral1/memory/2824-6-0x0000000002460000-0x00000000027B4000-memory.dmp	upx
behavioral1/memory/2916-9-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
\Windows\system\SItmaOI.exe	upx
behavioral1/memory/2976-15-0x000000013F120000-0x000000013F474000-memory.dmp	upx
C:\Windows\system\FaJCpMB.exe	upx
\Windows\system\pTDSojU.exe	upx
behavioral1/memory/2408-28-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2704-20-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2732-43-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
\Windows\system\dCwGKec.exe	upx
behavioral1/memory/2704-60-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
\Windows\system\OijdWsE.exe	upx
C:\Windows\system\UVQcRjZ.exe	upx
behavioral1/memory/2060-111-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
C:\Windows\system\zVEUeNm.exe	upx
C:\Windows\system\ddCMvtX.exe	upx
behavioral1/memory/2060-647-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/1248-519-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2260-384-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2872-277-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
C:\Windows\system\kIhxbLp.exe	upx
C:\Windows\system\VQcPzzV.exe	upx
C:\Windows\system\pFqzncq.exe	upx
C:\Windows\system\HOyhvOF.exe	upx
C:\Windows\system\HdeShJN.exe	upx
C:\Windows\system\ucGrrvt.exe	upx
C:\Windows\system\hPGzBBe.exe	upx
C:\Windows\system\sXyouZr.exe	upx
C:\Windows\system\rxOoPxs.exe	upx
C:\Windows\system\oPSVvxT.exe	upx
behavioral1/memory/2064-150-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
C:\Windows\system\MrdCeEo.exe	upx
C:\Windows\system\zNZiKTv.exe	upx
C:\Windows\system\cXgpiaN.exe	upx
C:\Windows\system\OSmXDkH.exe	upx
C:\Windows\system\qbVjRTK.exe	upx
C:\Windows\system\vNJIZlv.exe	upx
behavioral1/memory/1248-102-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/480-101-0x000000013F500000-0x000000013F854000-memory.dmp	upx
C:\Windows\system\zbWctBH.exe	upx
behavioral1/memory/712-110-0x000000013F440000-0x000000013F794000-memory.dmp	upx
C:\Windows\system\BTKbdwg.exe	upx
behavioral1/memory/2260-93-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2176-92-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2872-84-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2732-83-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
C:\Windows\system\BpJoWtI.exe	upx
behavioral1/memory/2064-76-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2940-75-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/712-69-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2408-68-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
C:\Windows\system\nyfySrn.exe	upx
behavioral1/memory/480-61-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2176-52-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2976-51-0x000000013F120000-0x000000013F474000-memory.dmp	upx
C:\Windows\system\FwSzcbh.exe	upx
behavioral1/memory/2916-42-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
C:\Windows\system\bzgzOGe.exe	upx
behavioral1/memory/2940-36-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2824-35-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
C:\Windows\system\kvgVbTE.exe	upx
behavioral1/memory/2408-3107-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\YCeBiYD.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jUplvWi.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDHuEAi.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUhWZBk.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRBpBdS.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ymRuLHE.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHpBeko.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRExZRI.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PbzNwFw.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fSbCKAu.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zlxRixn.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZpPixpp.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DKRvdgw.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wPLSSbF.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xSCUWTH.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\otAwtyD.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PHwhjbb.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHGCFmP.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZLmDyy.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVMEmZH.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LYVzxbZ.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HMGdTpy.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CUxsiNc.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gipNNYj.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ljSCVMq.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ugoGmHC.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dNbgKQb.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DQlpHOd.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vKfVhlH.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DRjcuOz.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DPAdsIz.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OszGYGp.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FiZVcWq.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SjymWoS.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FoqpLUO.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LnizZGT.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZZEhRPR.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DEuIAMN.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iOWPgAK.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qRPxQMf.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUNnMxi.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQuNLvX.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VvLTPzZ.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CROOQwa.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgBFIfu.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKEOSAN.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FNMIlfI.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wRLlYXJ.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IuoDRik.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GwbcipJ.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rMcOjCC.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NEWhVrk.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JkVIJzW.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYMxgHv.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qnPSoWK.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uKrmnXW.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wPdNTNT.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FgIOiyO.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JMNMBjr.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YJzdOkH.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\grDgTCg.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QyDKnbB.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYEfFzJ.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhmOzQk.exe	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2824 wrote to memory of 2916	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	mNWkwfr.exe
PID 2824 wrote to memory of 2916	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	mNWkwfr.exe
PID 2824 wrote to memory of 2916	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	mNWkwfr.exe
PID 2824 wrote to memory of 2976	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	SItmaOI.exe
PID 2824 wrote to memory of 2976	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	SItmaOI.exe
PID 2824 wrote to memory of 2976	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	SItmaOI.exe
PID 2824 wrote to memory of 2704	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	FaJCpMB.exe
PID 2824 wrote to memory of 2704	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	FaJCpMB.exe
PID 2824 wrote to memory of 2704	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	FaJCpMB.exe
PID 2824 wrote to memory of 2408	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	pTDSojU.exe
PID 2824 wrote to memory of 2408	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	pTDSojU.exe
PID 2824 wrote to memory of 2408	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	pTDSojU.exe
PID 2824 wrote to memory of 2940	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	kvgVbTE.exe
PID 2824 wrote to memory of 2940	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	kvgVbTE.exe
PID 2824 wrote to memory of 2940	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	kvgVbTE.exe
PID 2824 wrote to memory of 2732	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	bzgzOGe.exe
PID 2824 wrote to memory of 2732	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	bzgzOGe.exe
PID 2824 wrote to memory of 2732	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	bzgzOGe.exe
PID 2824 wrote to memory of 2176	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	FwSzcbh.exe
PID 2824 wrote to memory of 2176	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	FwSzcbh.exe
PID 2824 wrote to memory of 2176	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	FwSzcbh.exe
PID 2824 wrote to memory of 480	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	dCwGKec.exe
PID 2824 wrote to memory of 480	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	dCwGKec.exe
PID 2824 wrote to memory of 480	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	dCwGKec.exe
PID 2824 wrote to memory of 712	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	nyfySrn.exe
PID 2824 wrote to memory of 712	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	nyfySrn.exe
PID 2824 wrote to memory of 712	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	nyfySrn.exe
PID 2824 wrote to memory of 2064	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	OijdWsE.exe
PID 2824 wrote to memory of 2064	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	OijdWsE.exe
PID 2824 wrote to memory of 2064	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	OijdWsE.exe
PID 2824 wrote to memory of 2872	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	BpJoWtI.exe
PID 2824 wrote to memory of 2872	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	BpJoWtI.exe
PID 2824 wrote to memory of 2872	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	BpJoWtI.exe
PID 2824 wrote to memory of 2260	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	UVQcRjZ.exe
PID 2824 wrote to memory of 2260	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	UVQcRjZ.exe
PID 2824 wrote to memory of 2260	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	UVQcRjZ.exe
PID 2824 wrote to memory of 1248	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	zbWctBH.exe
PID 2824 wrote to memory of 1248	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	zbWctBH.exe
PID 2824 wrote to memory of 1248	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	zbWctBH.exe
PID 2824 wrote to memory of 2060	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	BTKbdwg.exe
PID 2824 wrote to memory of 2060	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	BTKbdwg.exe
PID 2824 wrote to memory of 2060	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	BTKbdwg.exe
PID 2824 wrote to memory of 1856	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	vNJIZlv.exe
PID 2824 wrote to memory of 1856	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	vNJIZlv.exe
PID 2824 wrote to memory of 1856	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	vNJIZlv.exe
PID 2824 wrote to memory of 2736	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	qbVjRTK.exe
PID 2824 wrote to memory of 2736	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	qbVjRTK.exe
PID 2824 wrote to memory of 2736	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	qbVjRTK.exe
PID 2824 wrote to memory of 2892	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	zVEUeNm.exe
PID 2824 wrote to memory of 2892	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	zVEUeNm.exe
PID 2824 wrote to memory of 2892	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	zVEUeNm.exe
PID 2824 wrote to memory of 1852	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	OSmXDkH.exe
PID 2824 wrote to memory of 1852	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	OSmXDkH.exe
PID 2824 wrote to memory of 1852	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	OSmXDkH.exe
PID 2824 wrote to memory of 1032	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	cXgpiaN.exe
PID 2824 wrote to memory of 1032	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	cXgpiaN.exe
PID 2824 wrote to memory of 1032	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	cXgpiaN.exe
PID 2824 wrote to memory of 888	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	zNZiKTv.exe
PID 2824 wrote to memory of 888	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	zNZiKTv.exe
PID 2824 wrote to memory of 888	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	zNZiKTv.exe
PID 2824 wrote to memory of 2180	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	MrdCeEo.exe
PID 2824 wrote to memory of 2180	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	MrdCeEo.exe
PID 2824 wrote to memory of 2180	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	MrdCeEo.exe
PID 2824 wrote to memory of 3036	2824	2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe	oPSVvxT.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-22_2197d270add6b33d487bc11ec7b27cee_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Windows\System\mNWkwfr.exe
  C:\Windows\System\mNWkwfr.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\SItmaOI.exe
  C:\Windows\System\SItmaOI.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\FaJCpMB.exe
  C:\Windows\System\FaJCpMB.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\pTDSojU.exe
  C:\Windows\System\pTDSojU.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\kvgVbTE.exe
  C:\Windows\System\kvgVbTE.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\bzgzOGe.exe
  C:\Windows\System\bzgzOGe.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\FwSzcbh.exe
  C:\Windows\System\FwSzcbh.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\dCwGKec.exe
  C:\Windows\System\dCwGKec.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\nyfySrn.exe
  C:\Windows\System\nyfySrn.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\OijdWsE.exe
  C:\Windows\System\OijdWsE.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\BpJoWtI.exe
  C:\Windows\System\BpJoWtI.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\UVQcRjZ.exe
  C:\Windows\System\UVQcRjZ.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\zbWctBH.exe
  C:\Windows\System\zbWctBH.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\BTKbdwg.exe
  C:\Windows\System\BTKbdwg.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\vNJIZlv.exe
  C:\Windows\System\vNJIZlv.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\qbVjRTK.exe
  C:\Windows\System\qbVjRTK.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\zVEUeNm.exe
  C:\Windows\System\zVEUeNm.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\OSmXDkH.exe
  C:\Windows\System\OSmXDkH.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\cXgpiaN.exe
  C:\Windows\System\cXgpiaN.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\zNZiKTv.exe
  C:\Windows\System\zNZiKTv.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\MrdCeEo.exe
  C:\Windows\System\MrdCeEo.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\oPSVvxT.exe
  C:\Windows\System\oPSVvxT.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\rxOoPxs.exe
  C:\Windows\System\rxOoPxs.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\ddCMvtX.exe
  C:\Windows\System\ddCMvtX.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\sXyouZr.exe
  C:\Windows\System\sXyouZr.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\hPGzBBe.exe
  C:\Windows\System\hPGzBBe.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\ucGrrvt.exe
  C:\Windows\System\ucGrrvt.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\HdeShJN.exe
  C:\Windows\System\HdeShJN.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\HOyhvOF.exe
  C:\Windows\System\HOyhvOF.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\pFqzncq.exe
  C:\Windows\System\pFqzncq.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\VQcPzzV.exe
  C:\Windows\System\VQcPzzV.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\kIhxbLp.exe
  C:\Windows\System\kIhxbLp.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\CLLewIQ.exe
  C:\Windows\System\CLLewIQ.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\IoXELfd.exe
  C:\Windows\System\IoXELfd.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\zySOIRX.exe
  C:\Windows\System\zySOIRX.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\ZbEkMin.exe
  C:\Windows\System\ZbEkMin.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\scmlNwQ.exe
  C:\Windows\System\scmlNwQ.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\SnoZcsa.exe
  C:\Windows\System\SnoZcsa.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\pCoxPLT.exe
  C:\Windows\System\pCoxPLT.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\WdHtQMX.exe
  C:\Windows\System\WdHtQMX.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\WkKjTWk.exe
  C:\Windows\System\WkKjTWk.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\mxFOlcH.exe
  C:\Windows\System\mxFOlcH.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\dcdVfFi.exe
  C:\Windows\System\dcdVfFi.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\AbxJnSe.exe
  C:\Windows\System\AbxJnSe.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\ZHTzSXD.exe
  C:\Windows\System\ZHTzSXD.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\ubaMOIy.exe
  C:\Windows\System\ubaMOIy.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\lzGkUtQ.exe
  C:\Windows\System\lzGkUtQ.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\xWQwily.exe
  C:\Windows\System\xWQwily.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\EJXDqXL.exe
  C:\Windows\System\EJXDqXL.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\BvBcJiM.exe
  C:\Windows\System\BvBcJiM.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\gpvAvEk.exe
  C:\Windows\System\gpvAvEk.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\NAFWgUT.exe
  C:\Windows\System\NAFWgUT.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\qVFffFk.exe
  C:\Windows\System\qVFffFk.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\woNAeEY.exe
  C:\Windows\System\woNAeEY.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\aeEwqfp.exe
  C:\Windows\System\aeEwqfp.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\GJvxLTR.exe
  C:\Windows\System\GJvxLTR.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\kuYBNwd.exe
  C:\Windows\System\kuYBNwd.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\eepYKsM.exe
  C:\Windows\System\eepYKsM.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\PfvNNCe.exe
  C:\Windows\System\PfvNNCe.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\cShlYED.exe
  C:\Windows\System\cShlYED.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\xPQaZJt.exe
  C:\Windows\System\xPQaZJt.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\NrWeICo.exe
  C:\Windows\System\NrWeICo.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\HHTAEJn.exe
  C:\Windows\System\HHTAEJn.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\tsKHacl.exe
  C:\Windows\System\tsKHacl.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\ohvXXQW.exe
  C:\Windows\System\ohvXXQW.exe
  2⤵
  PID:1828
- C:\Windows\System\osnUEjd.exe
  C:\Windows\System\osnUEjd.exe
  2⤵
  PID:2556
- C:\Windows\System\AdizDAg.exe
  C:\Windows\System\AdizDAg.exe
  2⤵
  PID:1028
- C:\Windows\System\gArhIFc.exe
  C:\Windows\System\gArhIFc.exe
  2⤵
  PID:1912
- C:\Windows\System\xgttquq.exe
  C:\Windows\System\xgttquq.exe
  2⤵
  PID:812
- C:\Windows\System\YPTeetQ.exe
  C:\Windows\System\YPTeetQ.exe
  2⤵
  PID:2196
- C:\Windows\System\GtWyxZC.exe
  C:\Windows\System\GtWyxZC.exe
  2⤵
  PID:1768
- C:\Windows\System\DVjEHVj.exe
  C:\Windows\System\DVjEHVj.exe
  2⤵
  PID:1552
- C:\Windows\System\xhLAlqw.exe
  C:\Windows\System\xhLAlqw.exe
  2⤵
  PID:1752
- C:\Windows\System\JwDxdri.exe
  C:\Windows\System\JwDxdri.exe
  2⤵
  PID:3048
- C:\Windows\System\eOOyyZV.exe
  C:\Windows\System\eOOyyZV.exe
  2⤵
  PID:2388
- C:\Windows\System\hsuPufc.exe
  C:\Windows\System\hsuPufc.exe
  2⤵
  PID:2168
- C:\Windows\System\ZZWHqfm.exe
  C:\Windows\System\ZZWHqfm.exe
  2⤵
  PID:3064
- C:\Windows\System\eskpMIM.exe
  C:\Windows\System\eskpMIM.exe
  2⤵
  PID:2396
- C:\Windows\System\bnblVvl.exe
  C:\Windows\System\bnblVvl.exe
  2⤵
  PID:1512
- C:\Windows\System\ESCbnmh.exe
  C:\Windows\System\ESCbnmh.exe
  2⤵
  PID:2600
- C:\Windows\System\IoHrsjM.exe
  C:\Windows\System\IoHrsjM.exe
  2⤵
  PID:1604
- C:\Windows\System\FqnYJMs.exe
  C:\Windows\System\FqnYJMs.exe
  2⤵
  PID:2560
- C:\Windows\System\JAjrSjS.exe
  C:\Windows\System\JAjrSjS.exe
  2⤵
  PID:1728
- C:\Windows\System\jOisbTX.exe
  C:\Windows\System\jOisbTX.exe
  2⤵
  PID:2664
- C:\Windows\System\csgrRAh.exe
  C:\Windows\System\csgrRAh.exe
  2⤵
  PID:2152
- C:\Windows\System\tVXcrlQ.exe
  C:\Windows\System\tVXcrlQ.exe
  2⤵
  PID:808
- C:\Windows\System\cYCYBYB.exe
  C:\Windows\System\cYCYBYB.exe
  2⤵
  PID:2428
- C:\Windows\System\iUhsxnx.exe
  C:\Windows\System\iUhsxnx.exe
  2⤵
  PID:1516
- C:\Windows\System\KZiUKBM.exe
  C:\Windows\System\KZiUKBM.exe
  2⤵
  PID:3028
- C:\Windows\System\ZiiCeYw.exe
  C:\Windows\System\ZiiCeYw.exe
  2⤵
  PID:1796
- C:\Windows\System\QWHpgbq.exe
  C:\Windows\System\QWHpgbq.exe
  2⤵
  PID:1808
- C:\Windows\System\UWXdDqg.exe
  C:\Windows\System\UWXdDqg.exe
  2⤵
  PID:1744
- C:\Windows\System\xhWjQLM.exe
  C:\Windows\System\xhWjQLM.exe
  2⤵
  PID:372
- C:\Windows\System\uxfiDOz.exe
  C:\Windows\System\uxfiDOz.exe
  2⤵
  PID:1688
- C:\Windows\System\cXJAHNG.exe
  C:\Windows\System\cXJAHNG.exe
  2⤵
  PID:744
- C:\Windows\System\kqQmIzm.exe
  C:\Windows\System\kqQmIzm.exe
  2⤵
  PID:2008
- C:\Windows\System\wNvPsQn.exe
  C:\Windows\System\wNvPsQn.exe
  2⤵
  PID:2004
- C:\Windows\System\ACtKQYg.exe
  C:\Windows\System\ACtKQYg.exe
  2⤵
  PID:1508
- C:\Windows\System\UYDbZIo.exe
  C:\Windows\System\UYDbZIo.exe
  2⤵
  PID:876
- C:\Windows\System\FNbVRXP.exe
  C:\Windows\System\FNbVRXP.exe
  2⤵
  PID:2352
- C:\Windows\System\JqiJhQZ.exe
  C:\Windows\System\JqiJhQZ.exe
  2⤵
  PID:2692
- C:\Windows\System\YoGaiSF.exe
  C:\Windows\System\YoGaiSF.exe
  2⤵
  PID:264
- C:\Windows\System\FbGBMKC.exe
  C:\Windows\System\FbGBMKC.exe
  2⤵
  PID:2448
- C:\Windows\System\NDjeYHj.exe
  C:\Windows\System\NDjeYHj.exe
  2⤵
  PID:860
- C:\Windows\System\jHANSGE.exe
  C:\Windows\System\jHANSGE.exe
  2⤵
  PID:3080
- C:\Windows\System\hXoWxAp.exe
  C:\Windows\System\hXoWxAp.exe
  2⤵
  PID:3100
- C:\Windows\System\iZIsAvD.exe
  C:\Windows\System\iZIsAvD.exe
  2⤵
  PID:3120
- C:\Windows\System\nlXjkCc.exe
  C:\Windows\System\nlXjkCc.exe
  2⤵
  PID:3140
- C:\Windows\System\tzAZxlU.exe
  C:\Windows\System\tzAZxlU.exe
  2⤵
  PID:3164
- C:\Windows\System\JUBaKFx.exe
  C:\Windows\System\JUBaKFx.exe
  2⤵
  PID:3184
- C:\Windows\System\FtArmmB.exe
  C:\Windows\System\FtArmmB.exe
  2⤵
  PID:3204
- C:\Windows\System\yajxkVo.exe
  C:\Windows\System\yajxkVo.exe
  2⤵
  PID:3224
- C:\Windows\System\FRaQGHS.exe
  C:\Windows\System\FRaQGHS.exe
  2⤵
  PID:3244
- C:\Windows\System\ZWWsftK.exe
  C:\Windows\System\ZWWsftK.exe
  2⤵
  PID:3264
- C:\Windows\System\zNKheke.exe
  C:\Windows\System\zNKheke.exe
  2⤵
  PID:3284
- C:\Windows\System\ymRuLHE.exe
  C:\Windows\System\ymRuLHE.exe
  2⤵
  PID:3308
- C:\Windows\System\BDLqnLd.exe
  C:\Windows\System\BDLqnLd.exe
  2⤵
  PID:3328
- C:\Windows\System\Czppsni.exe
  C:\Windows\System\Czppsni.exe
  2⤵
  PID:3348
- C:\Windows\System\yRKVIqR.exe
  C:\Windows\System\yRKVIqR.exe
  2⤵
  PID:3368
- C:\Windows\System\ZPpobZF.exe
  C:\Windows\System\ZPpobZF.exe
  2⤵
  PID:3388
- C:\Windows\System\xkqtNhF.exe
  C:\Windows\System\xkqtNhF.exe
  2⤵
  PID:3408
- C:\Windows\System\SVURQci.exe
  C:\Windows\System\SVURQci.exe
  2⤵
  PID:3428
- C:\Windows\System\VhfPDTH.exe
  C:\Windows\System\VhfPDTH.exe
  2⤵
  PID:3452
- C:\Windows\System\HDIpGhp.exe
  C:\Windows\System\HDIpGhp.exe
  2⤵
  PID:3472
- C:\Windows\System\xMkjFKd.exe
  C:\Windows\System\xMkjFKd.exe
  2⤵
  PID:3492
- C:\Windows\System\tjNhMYi.exe
  C:\Windows\System\tjNhMYi.exe
  2⤵
  PID:3508
- C:\Windows\System\rIITVJr.exe
  C:\Windows\System\rIITVJr.exe
  2⤵
  PID:3532
- C:\Windows\System\ROzKsSq.exe
  C:\Windows\System\ROzKsSq.exe
  2⤵
  PID:3552
- C:\Windows\System\KZmeZaO.exe
  C:\Windows\System\KZmeZaO.exe
  2⤵
  PID:3572
- C:\Windows\System\XFhxQoV.exe
  C:\Windows\System\XFhxQoV.exe
  2⤵
  PID:3592
- C:\Windows\System\jOLveDy.exe
  C:\Windows\System\jOLveDy.exe
  2⤵
  PID:3612
- C:\Windows\System\cHpBeko.exe
  C:\Windows\System\cHpBeko.exe
  2⤵
  PID:3632
- C:\Windows\System\OXkbjDb.exe
  C:\Windows\System\OXkbjDb.exe
  2⤵
  PID:3652
- C:\Windows\System\fagxZyX.exe
  C:\Windows\System\fagxZyX.exe
  2⤵
  PID:3672
- C:\Windows\System\JpuJpQg.exe
  C:\Windows\System\JpuJpQg.exe
  2⤵
  PID:3692
- C:\Windows\System\UWbTuIx.exe
  C:\Windows\System\UWbTuIx.exe
  2⤵
  PID:3716
- C:\Windows\System\sDfDoSu.exe
  C:\Windows\System\sDfDoSu.exe
  2⤵
  PID:3736
- C:\Windows\System\IjkONQH.exe
  C:\Windows\System\IjkONQH.exe
  2⤵
  PID:3756
- C:\Windows\System\DfEiItt.exe
  C:\Windows\System\DfEiItt.exe
  2⤵
  PID:3776
- C:\Windows\System\PGKanvI.exe
  C:\Windows\System\PGKanvI.exe
  2⤵
  PID:3796
- C:\Windows\System\fMnMYtw.exe
  C:\Windows\System\fMnMYtw.exe
  2⤵
  PID:3816
- C:\Windows\System\kdMHkGI.exe
  C:\Windows\System\kdMHkGI.exe
  2⤵
  PID:3836
- C:\Windows\System\UPUmIuG.exe
  C:\Windows\System\UPUmIuG.exe
  2⤵
  PID:3856
- C:\Windows\System\BqsFubj.exe
  C:\Windows\System\BqsFubj.exe
  2⤵
  PID:3876
- C:\Windows\System\WZdyaVH.exe
  C:\Windows\System\WZdyaVH.exe
  2⤵
  PID:3896
- C:\Windows\System\jLVjJXM.exe
  C:\Windows\System\jLVjJXM.exe
  2⤵
  PID:3916
- C:\Windows\System\yTFLbuK.exe
  C:\Windows\System\yTFLbuK.exe
  2⤵
  PID:3940
- C:\Windows\System\FlVREkN.exe
  C:\Windows\System\FlVREkN.exe
  2⤵
  PID:3960
- C:\Windows\System\DKRvdgw.exe
  C:\Windows\System\DKRvdgw.exe
  2⤵
  PID:3980
- C:\Windows\System\DRjcuOz.exe
  C:\Windows\System\DRjcuOz.exe
  2⤵
  PID:4000
- C:\Windows\System\MjMRfdD.exe
  C:\Windows\System\MjMRfdD.exe
  2⤵
  PID:4020
- C:\Windows\System\TRUKNJL.exe
  C:\Windows\System\TRUKNJL.exe
  2⤵
  PID:4040
- C:\Windows\System\iKlUpTj.exe
  C:\Windows\System\iKlUpTj.exe
  2⤵
  PID:4060
- C:\Windows\System\dTfvEFB.exe
  C:\Windows\System\dTfvEFB.exe
  2⤵
  PID:4080
- C:\Windows\System\qJJBjbP.exe
  C:\Windows\System\qJJBjbP.exe
  2⤵
  PID:2248
- C:\Windows\System\mbXltwY.exe
  C:\Windows\System\mbXltwY.exe
  2⤵
  PID:1040
- C:\Windows\System\Gsazrga.exe
  C:\Windows\System\Gsazrga.exe
  2⤵
  PID:984
- C:\Windows\System\NQjBEhn.exe
  C:\Windows\System\NQjBEhn.exe
  2⤵
  PID:2468
- C:\Windows\System\MVhRiZX.exe
  C:\Windows\System\MVhRiZX.exe
  2⤵
  PID:2424
- C:\Windows\System\dtkiXub.exe
  C:\Windows\System\dtkiXub.exe
  2⤵
  PID:2348
- C:\Windows\System\ICmIgwH.exe
  C:\Windows\System\ICmIgwH.exe
  2⤵
  PID:1712
- C:\Windows\System\YGzBzsd.exe
  C:\Windows\System\YGzBzsd.exe
  2⤵
  PID:2392
- C:\Windows\System\ZTFNbTb.exe
  C:\Windows\System\ZTFNbTb.exe
  2⤵
  PID:2568
- C:\Windows\System\BmNHmAv.exe
  C:\Windows\System\BmNHmAv.exe
  2⤵
  PID:2020
- C:\Windows\System\BeSArwV.exe
  C:\Windows\System\BeSArwV.exe
  2⤵
  PID:3092
- C:\Windows\System\EYnfnVk.exe
  C:\Windows\System\EYnfnVk.exe
  2⤵
  PID:3132
- C:\Windows\System\uSmIcxm.exe
  C:\Windows\System\uSmIcxm.exe
  2⤵
  PID:3192
- C:\Windows\System\MibYOJO.exe
  C:\Windows\System\MibYOJO.exe
  2⤵
  PID:3232
- C:\Windows\System\FNMIlfI.exe
  C:\Windows\System\FNMIlfI.exe
  2⤵
  PID:3272
- C:\Windows\System\ryXFCHR.exe
  C:\Windows\System\ryXFCHR.exe
  2⤵
  PID:3256
- C:\Windows\System\fQkBSoG.exe
  C:\Windows\System\fQkBSoG.exe
  2⤵
  PID:3296
- C:\Windows\System\YClahfO.exe
  C:\Windows\System\YClahfO.exe
  2⤵
  PID:3340
- C:\Windows\System\UhdFKSf.exe
  C:\Windows\System\UhdFKSf.exe
  2⤵
  PID:3384
- C:\Windows\System\zYrMRHr.exe
  C:\Windows\System\zYrMRHr.exe
  2⤵
  PID:3448
- C:\Windows\System\TnASvXY.exe
  C:\Windows\System\TnASvXY.exe
  2⤵
  PID:3480
- C:\Windows\System\bOfAool.exe
  C:\Windows\System\bOfAool.exe
  2⤵
  PID:3500
- C:\Windows\System\EQrhKcl.exe
  C:\Windows\System\EQrhKcl.exe
  2⤵
  PID:3520
- C:\Windows\System\lKrOasD.exe
  C:\Windows\System\lKrOasD.exe
  2⤵
  PID:3564
- C:\Windows\System\xyVFSAr.exe
  C:\Windows\System\xyVFSAr.exe
  2⤵
  PID:3584
- C:\Windows\System\Uzcmunl.exe
  C:\Windows\System\Uzcmunl.exe
  2⤵
  PID:3648
- C:\Windows\System\NxSuIsX.exe
  C:\Windows\System\NxSuIsX.exe
  2⤵
  PID:3668
- C:\Windows\System\RlJXRKA.exe
  C:\Windows\System\RlJXRKA.exe
  2⤵
  PID:3664
- C:\Windows\System\MfuhdbV.exe
  C:\Windows\System\MfuhdbV.exe
  2⤵
  PID:3712
- C:\Windows\System\YeNdZmb.exe
  C:\Windows\System\YeNdZmb.exe
  2⤵
  PID:3772
- C:\Windows\System\sgioAbB.exe
  C:\Windows\System\sgioAbB.exe
  2⤵
  PID:3808
- C:\Windows\System\SCrrTTP.exe
  C:\Windows\System\SCrrTTP.exe
  2⤵
  PID:3844
- C:\Windows\System\fQqcPAP.exe
  C:\Windows\System\fQqcPAP.exe
  2⤵
  PID:3884
- C:\Windows\System\JsxlgHj.exe
  C:\Windows\System\JsxlgHj.exe
  2⤵
  PID:3868
- C:\Windows\System\tigGmmc.exe
  C:\Windows\System\tigGmmc.exe
  2⤵
  PID:3908
- C:\Windows\System\uRScYMh.exe
  C:\Windows\System\uRScYMh.exe
  2⤵
  PID:3976
- C:\Windows\System\wzPyyXQ.exe
  C:\Windows\System\wzPyyXQ.exe
  2⤵
  PID:3992
- C:\Windows\System\hKSWION.exe
  C:\Windows\System\hKSWION.exe
  2⤵
  PID:4048
- C:\Windows\System\vkMFCKX.exe
  C:\Windows\System\vkMFCKX.exe
  2⤵
  PID:4076
- C:\Windows\System\EnwbtXY.exe
  C:\Windows\System\EnwbtXY.exe
  2⤵
  PID:3936
- C:\Windows\System\xTCBHRi.exe
  C:\Windows\System\xTCBHRi.exe
  2⤵
  PID:2504
- C:\Windows\System\tunoxQF.exe
  C:\Windows\System\tunoxQF.exe
  2⤵
  PID:900
- C:\Windows\System\ebiXpoO.exe
  C:\Windows\System\ebiXpoO.exe
  2⤵
  PID:1572
- C:\Windows\System\jnwcZID.exe
  C:\Windows\System\jnwcZID.exe
  2⤵
  PID:836
- C:\Windows\System\RfTNxce.exe
  C:\Windows\System\RfTNxce.exe
  2⤵
  PID:3108
- C:\Windows\System\QzcxrSp.exe
  C:\Windows\System\QzcxrSp.exe
  2⤵
  PID:1428
- C:\Windows\System\xVFVyPR.exe
  C:\Windows\System\xVFVyPR.exe
  2⤵
  PID:3136
- C:\Windows\System\WzxOPBK.exe
  C:\Windows\System\WzxOPBK.exe
  2⤵
  PID:3220
- C:\Windows\System\IeWdroE.exe
  C:\Windows\System\IeWdroE.exe
  2⤵
  PID:3324
- C:\Windows\System\umBhsRN.exe
  C:\Windows\System\umBhsRN.exe
  2⤵
  PID:3276
- C:\Windows\System\YdhsgZV.exe
  C:\Windows\System\YdhsgZV.exe
  2⤵
  PID:3356
- C:\Windows\System\IcLBWRi.exe
  C:\Windows\System\IcLBWRi.exe
  2⤵
  PID:3436
- C:\Windows\System\HHkTjKp.exe
  C:\Windows\System\HHkTjKp.exe
  2⤵
  PID:3544
- C:\Windows\System\qbGtrvz.exe
  C:\Windows\System\qbGtrvz.exe
  2⤵
  PID:3540
- C:\Windows\System\uuJpftD.exe
  C:\Windows\System\uuJpftD.exe
  2⤵
  PID:3560
- C:\Windows\System\UiLdnhK.exe
  C:\Windows\System\UiLdnhK.exe
  2⤵
  PID:3688
- C:\Windows\System\mupOCdQ.exe
  C:\Windows\System\mupOCdQ.exe
  2⤵
  PID:3300
- C:\Windows\System\kXDbkbu.exe
  C:\Windows\System\kXDbkbu.exe
  2⤵
  PID:3832
- C:\Windows\System\qJqgzfa.exe
  C:\Windows\System\qJqgzfa.exe
  2⤵
  PID:3792
- C:\Windows\System\vRizRsC.exe
  C:\Windows\System\vRizRsC.exe
  2⤵
  PID:3932
- C:\Windows\System\ZRyNEiZ.exe
  C:\Windows\System\ZRyNEiZ.exe
  2⤵
  PID:3988
- C:\Windows\System\ofoKaZf.exe
  C:\Windows\System\ofoKaZf.exe
  2⤵
  PID:3968
- C:\Windows\System\neDnpNZ.exe
  C:\Windows\System\neDnpNZ.exe
  2⤵
  PID:3032
- C:\Windows\System\kowboyB.exe
  C:\Windows\System\kowboyB.exe
  2⤵
  PID:4072
- C:\Windows\System\IBnzYpO.exe
  C:\Windows\System\IBnzYpO.exe
  2⤵
  PID:2036
- C:\Windows\System\aSuROHV.exe
  C:\Windows\System\aSuROHV.exe
  2⤵
  PID:2748
- C:\Windows\System\gtjFjri.exe
  C:\Windows\System\gtjFjri.exe
  2⤵
  PID:3180
- C:\Windows\System\RqCRDVR.exe
  C:\Windows\System\RqCRDVR.exe
  2⤵
  PID:2828
- C:\Windows\System\bizfxFI.exe
  C:\Windows\System\bizfxFI.exe
  2⤵
  PID:3212
- C:\Windows\System\wtNPDUC.exe
  C:\Windows\System\wtNPDUC.exe
  2⤵
  PID:3420
- C:\Windows\System\NHDhQmU.exe
  C:\Windows\System\NHDhQmU.exe
  2⤵
  PID:3464
- C:\Windows\System\YPCLPkd.exe
  C:\Windows\System\YPCLPkd.exe
  2⤵
  PID:3528
- C:\Windows\System\dvgmucF.exe
  C:\Windows\System\dvgmucF.exe
  2⤵
  PID:3588
- C:\Windows\System\YzeFSro.exe
  C:\Windows\System\YzeFSro.exe
  2⤵
  PID:3804
- C:\Windows\System\dOwxSGU.exe
  C:\Windows\System\dOwxSGU.exe
  2⤵
  PID:3764
- C:\Windows\System\lMqRBWF.exe
  C:\Windows\System\lMqRBWF.exe
  2⤵
  PID:3828
- C:\Windows\System\OhtsgOG.exe
  C:\Windows\System\OhtsgOG.exe
  2⤵
  PID:4036
- C:\Windows\System\qqIFRiI.exe
  C:\Windows\System\qqIFRiI.exe
  2⤵
  PID:1772
- C:\Windows\System\xiIDvpZ.exe
  C:\Windows\System\xiIDvpZ.exe
  2⤵
  PID:1664
- C:\Windows\System\qHGCFmP.exe
  C:\Windows\System\qHGCFmP.exe
  2⤵
  PID:3152
- C:\Windows\System\fPUNjEw.exe
  C:\Windows\System\fPUNjEw.exe
  2⤵
  PID:756
- C:\Windows\System\WDBZlpx.exe
  C:\Windows\System\WDBZlpx.exe
  2⤵
  PID:4116
- C:\Windows\System\jMPgNSt.exe
  C:\Windows\System\jMPgNSt.exe
  2⤵
  PID:4136
- C:\Windows\System\JzbmQCL.exe
  C:\Windows\System\JzbmQCL.exe
  2⤵
  PID:4156
- C:\Windows\System\LhTZjSe.exe
  C:\Windows\System\LhTZjSe.exe
  2⤵
  PID:4180
- C:\Windows\System\AsgFmKt.exe
  C:\Windows\System\AsgFmKt.exe
  2⤵
  PID:4200
- C:\Windows\System\NjzKeXN.exe
  C:\Windows\System\NjzKeXN.exe
  2⤵
  PID:4220
- C:\Windows\System\lLqPyCb.exe
  C:\Windows\System\lLqPyCb.exe
  2⤵
  PID:4240
- C:\Windows\System\TENWwSC.exe
  C:\Windows\System\TENWwSC.exe
  2⤵
  PID:4264
- C:\Windows\System\krFhwkM.exe
  C:\Windows\System\krFhwkM.exe
  2⤵
  PID:4284
- C:\Windows\System\MJNVzdF.exe
  C:\Windows\System\MJNVzdF.exe
  2⤵
  PID:4304
- C:\Windows\System\efPIyHg.exe
  C:\Windows\System\efPIyHg.exe
  2⤵
  PID:4320
- C:\Windows\System\gsoOKlJ.exe
  C:\Windows\System\gsoOKlJ.exe
  2⤵
  PID:4340
- C:\Windows\System\OzFABOh.exe
  C:\Windows\System\OzFABOh.exe
  2⤵
  PID:4360
- C:\Windows\System\UUhsPGr.exe
  C:\Windows\System\UUhsPGr.exe
  2⤵
  PID:4384
- C:\Windows\System\VECrDpe.exe
  C:\Windows\System\VECrDpe.exe
  2⤵
  PID:4400
- C:\Windows\System\gxfrlIl.exe
  C:\Windows\System\gxfrlIl.exe
  2⤵
  PID:4420
- C:\Windows\System\jnRddPy.exe
  C:\Windows\System\jnRddPy.exe
  2⤵
  PID:4440
- C:\Windows\System\gBWfOJt.exe
  C:\Windows\System\gBWfOJt.exe
  2⤵
  PID:4464
- C:\Windows\System\iffLEsB.exe
  C:\Windows\System\iffLEsB.exe
  2⤵
  PID:4484
- C:\Windows\System\MCJmaGC.exe
  C:\Windows\System\MCJmaGC.exe
  2⤵
  PID:4504
- C:\Windows\System\tPxBdus.exe
  C:\Windows\System\tPxBdus.exe
  2⤵
  PID:4520
- C:\Windows\System\puUosef.exe
  C:\Windows\System\puUosef.exe
  2⤵
  PID:4544
- C:\Windows\System\WergUKZ.exe
  C:\Windows\System\WergUKZ.exe
  2⤵
  PID:4560
- C:\Windows\System\feUdlOK.exe
  C:\Windows\System\feUdlOK.exe
  2⤵
  PID:4580
- C:\Windows\System\RkTYvpy.exe
  C:\Windows\System\RkTYvpy.exe
  2⤵
  PID:4600
- C:\Windows\System\aYiNlZU.exe
  C:\Windows\System\aYiNlZU.exe
  2⤵
  PID:4620
- C:\Windows\System\SkLMjzY.exe
  C:\Windows\System\SkLMjzY.exe
  2⤵
  PID:4636
- C:\Windows\System\bWcAVCo.exe
  C:\Windows\System\bWcAVCo.exe
  2⤵
  PID:4664
- C:\Windows\System\RyJdZKw.exe
  C:\Windows\System\RyJdZKw.exe
  2⤵
  PID:4680
- C:\Windows\System\ExNgQaA.exe
  C:\Windows\System\ExNgQaA.exe
  2⤵
  PID:4700
- C:\Windows\System\lsTwLpk.exe
  C:\Windows\System\lsTwLpk.exe
  2⤵
  PID:4720
- C:\Windows\System\YKoJYhx.exe
  C:\Windows\System\YKoJYhx.exe
  2⤵
  PID:4744
- C:\Windows\System\DWGwQDi.exe
  C:\Windows\System\DWGwQDi.exe
  2⤵
  PID:4764
- C:\Windows\System\BGzRapM.exe
  C:\Windows\System\BGzRapM.exe
  2⤵
  PID:4784
- C:\Windows\System\uTRvtZj.exe
  C:\Windows\System\uTRvtZj.exe
  2⤵
  PID:4804
- C:\Windows\System\spShdXM.exe
  C:\Windows\System\spShdXM.exe
  2⤵
  PID:4824
- C:\Windows\System\SdBkWra.exe
  C:\Windows\System\SdBkWra.exe
  2⤵
  PID:4840
- C:\Windows\System\suYgRqL.exe
  C:\Windows\System\suYgRqL.exe
  2⤵
  PID:4860
- C:\Windows\System\eBBQyjb.exe
  C:\Windows\System\eBBQyjb.exe
  2⤵
  PID:4884
- C:\Windows\System\iLVKPXN.exe
  C:\Windows\System\iLVKPXN.exe
  2⤵
  PID:4904
- C:\Windows\System\wRLlYXJ.exe
  C:\Windows\System\wRLlYXJ.exe
  2⤵
  PID:4924
- C:\Windows\System\pZXMDtT.exe
  C:\Windows\System\pZXMDtT.exe
  2⤵
  PID:4944
- C:\Windows\System\FvfXYXq.exe
  C:\Windows\System\FvfXYXq.exe
  2⤵
  PID:4964
- C:\Windows\System\XuumcJE.exe
  C:\Windows\System\XuumcJE.exe
  2⤵
  PID:4988
- C:\Windows\System\MCQQUZd.exe
  C:\Windows\System\MCQQUZd.exe
  2⤵
  PID:5004
- C:\Windows\System\GuvjQxF.exe
  C:\Windows\System\GuvjQxF.exe
  2⤵
  PID:5028
- C:\Windows\System\XTyUFFM.exe
  C:\Windows\System\XTyUFFM.exe
  2⤵
  PID:5048
- C:\Windows\System\hyinSLY.exe
  C:\Windows\System\hyinSLY.exe
  2⤵
  PID:5068
- C:\Windows\System\EBDJwnu.exe
  C:\Windows\System\EBDJwnu.exe
  2⤵
  PID:5088
- C:\Windows\System\piMlpeN.exe
  C:\Windows\System\piMlpeN.exe
  2⤵
  PID:5108
- C:\Windows\System\XMwIbSH.exe
  C:\Windows\System\XMwIbSH.exe
  2⤵
  PID:1736
- C:\Windows\System\TjUgvez.exe
  C:\Windows\System\TjUgvez.exe
  2⤵
  PID:3624
- C:\Windows\System\AbyXZdn.exe
  C:\Windows\System\AbyXZdn.exe
  2⤵
  PID:2948
- C:\Windows\System\ACPynxZ.exe
  C:\Windows\System\ACPynxZ.exe
  2⤵
  PID:4008
- C:\Windows\System\XNGTUGI.exe
  C:\Windows\System\XNGTUGI.exe
  2⤵
  PID:4068
- C:\Windows\System\ccnZkBJ.exe
  C:\Windows\System\ccnZkBJ.exe
  2⤵
  PID:3952
- C:\Windows\System\gaNHCPi.exe
  C:\Windows\System\gaNHCPi.exe
  2⤵
  PID:3848
- C:\Windows\System\pIhhbge.exe
  C:\Windows\System\pIhhbge.exe
  2⤵
  PID:4132
- C:\Windows\System\gecyVfx.exe
  C:\Windows\System\gecyVfx.exe
  2⤵
  PID:4028
- C:\Windows\System\PerXMUk.exe
  C:\Windows\System\PerXMUk.exe
  2⤵
  PID:4112
- C:\Windows\System\MwmYero.exe
  C:\Windows\System\MwmYero.exe
  2⤵
  PID:4208
- C:\Windows\System\GKdKhYX.exe
  C:\Windows\System\GKdKhYX.exe
  2⤵
  PID:4260
- C:\Windows\System\vxOxGvM.exe
  C:\Windows\System\vxOxGvM.exe
  2⤵
  PID:4228
- C:\Windows\System\zABmQvk.exe
  C:\Windows\System\zABmQvk.exe
  2⤵
  PID:4280
- C:\Windows\System\uewVFog.exe
  C:\Windows\System\uewVFog.exe
  2⤵
  PID:4328
- C:\Windows\System\aIahVSJ.exe
  C:\Windows\System\aIahVSJ.exe
  2⤵
  PID:4380
- C:\Windows\System\eZaAODb.exe
  C:\Windows\System\eZaAODb.exe
  2⤵
  PID:4316
- C:\Windows\System\hdxdceC.exe
  C:\Windows\System\hdxdceC.exe
  2⤵
  PID:4460
- C:\Windows\System\smCdOPz.exe
  C:\Windows\System\smCdOPz.exe
  2⤵
  PID:4492
- C:\Windows\System\XwaDZuJ.exe
  C:\Windows\System\XwaDZuJ.exe
  2⤵
  PID:4536
- C:\Windows\System\UJJVQbV.exe
  C:\Windows\System\UJJVQbV.exe
  2⤵
  PID:4436
- C:\Windows\System\BAVWgDc.exe
  C:\Windows\System\BAVWgDc.exe
  2⤵
  PID:4512
- C:\Windows\System\lCldaOb.exe
  C:\Windows\System\lCldaOb.exe
  2⤵
  PID:4612
- C:\Windows\System\amNGrgB.exe
  C:\Windows\System\amNGrgB.exe
  2⤵
  PID:4652
- C:\Windows\System\wLzWLlI.exe
  C:\Windows\System\wLzWLlI.exe
  2⤵
  PID:4596
- C:\Windows\System\lJyOucm.exe
  C:\Windows\System\lJyOucm.exe
  2⤵
  PID:4696
- C:\Windows\System\YkCqLlg.exe
  C:\Windows\System\YkCqLlg.exe
  2⤵
  PID:4736
- C:\Windows\System\WTWwOeE.exe
  C:\Windows\System\WTWwOeE.exe
  2⤵
  PID:4716
- C:\Windows\System\AzPyJqM.exe
  C:\Windows\System\AzPyJqM.exe
  2⤵
  PID:4760
- C:\Windows\System\VrEIQXP.exe
  C:\Windows\System\VrEIQXP.exe
  2⤵
  PID:4792
- C:\Windows\System\AtvRGPi.exe
  C:\Windows\System\AtvRGPi.exe
  2⤵
  PID:4852
- C:\Windows\System\ulveOPR.exe
  C:\Windows\System\ulveOPR.exe
  2⤵
  PID:4896
- C:\Windows\System\mUVrfqJ.exe
  C:\Windows\System\mUVrfqJ.exe
  2⤵
  PID:4832
- C:\Windows\System\YAdpWeV.exe
  C:\Windows\System\YAdpWeV.exe
  2⤵
  PID:4912
- C:\Windows\System\EJomUxV.exe
  C:\Windows\System\EJomUxV.exe
  2⤵
  PID:4972
- C:\Windows\System\hDXHhMR.exe
  C:\Windows\System\hDXHhMR.exe
  2⤵
  PID:5012
- C:\Windows\System\vDQHEsN.exe
  C:\Windows\System\vDQHEsN.exe
  2⤵
  PID:4996
- C:\Windows\System\JVYTxmX.exe
  C:\Windows\System\JVYTxmX.exe
  2⤵
  PID:5036
- C:\Windows\System\NZRswAI.exe
  C:\Windows\System\NZRswAI.exe
  2⤵
  PID:5080
- C:\Windows\System\tyWlnsN.exe
  C:\Windows\System\tyWlnsN.exe
  2⤵
  PID:3660
- C:\Windows\System\loAMOrd.exe
  C:\Windows\System\loAMOrd.exe
  2⤵
  PID:3424
- C:\Windows\System\bfCAAcI.exe
  C:\Windows\System\bfCAAcI.exe
  2⤵
  PID:3732
- C:\Windows\System\YyzrRyd.exe
  C:\Windows\System\YyzrRyd.exe
  2⤵
  PID:4052
- C:\Windows\System\olwbSxc.exe
  C:\Windows\System\olwbSxc.exe
  2⤵
  PID:3236
- C:\Windows\System\CyBAREs.exe
  C:\Windows\System\CyBAREs.exe
  2⤵
  PID:4104
- C:\Windows\System\kjsIfuB.exe
  C:\Windows\System\kjsIfuB.exe
  2⤵
  PID:4176
- C:\Windows\System\OmmbkjE.exe
  C:\Windows\System\OmmbkjE.exe
  2⤵
  PID:4188
- C:\Windows\System\SdyFZst.exe
  C:\Windows\System\SdyFZst.exe
  2⤵
  PID:4232
- C:\Windows\System\pUaKDKa.exe
  C:\Windows\System\pUaKDKa.exe
  2⤵
  PID:4416
- C:\Windows\System\GzzmPpg.exe
  C:\Windows\System\GzzmPpg.exe
  2⤵
  PID:4348
- C:\Windows\System\CUxsiNc.exe
  C:\Windows\System\CUxsiNc.exe
  2⤵
  PID:2936
- C:\Windows\System\XZSHiAA.exe
  C:\Windows\System\XZSHiAA.exe
  2⤵
  PID:4480
- C:\Windows\System\naVaDob.exe
  C:\Windows\System\naVaDob.exe
  2⤵
  PID:4432
- C:\Windows\System\NphNGkk.exe
  C:\Windows\System\NphNGkk.exe
  2⤵
  PID:4552
- C:\Windows\System\uKrzIfo.exe
  C:\Windows\System\uKrzIfo.exe
  2⤵
  PID:4588
- C:\Windows\System\fPiqkGG.exe
  C:\Windows\System\fPiqkGG.exe
  2⤵
  PID:4740
- C:\Windows\System\AxzyTUi.exe
  C:\Windows\System\AxzyTUi.exe
  2⤵
  PID:4812
- C:\Windows\System\nWEPhYU.exe
  C:\Windows\System\nWEPhYU.exe
  2⤵
  PID:4236
- C:\Windows\System\IuVREUy.exe
  C:\Windows\System\IuVREUy.exe
  2⤵
  PID:4900
- C:\Windows\System\DoqrKmZ.exe
  C:\Windows\System\DoqrKmZ.exe
  2⤵
  PID:4848
- C:\Windows\System\aOBwsgR.exe
  C:\Windows\System\aOBwsgR.exe
  2⤵
  PID:2672
- C:\Windows\System\lkxdaPV.exe
  C:\Windows\System\lkxdaPV.exe
  2⤵
  PID:1364
- C:\Windows\System\rPuRgMs.exe
  C:\Windows\System\rPuRgMs.exe
  2⤵
  PID:5076
- C:\Windows\System\RBmTJvq.exe
  C:\Windows\System\RBmTJvq.exe
  2⤵
  PID:2700
- C:\Windows\System\nEYUeIR.exe
  C:\Windows\System\nEYUeIR.exe
  2⤵
  PID:3748
- C:\Windows\System\AToJhRZ.exe
  C:\Windows\System\AToJhRZ.exe
  2⤵
  PID:3280
- C:\Windows\System\vBoNRlU.exe
  C:\Windows\System\vBoNRlU.exe
  2⤵
  PID:4248
- C:\Windows\System\cBdXqyP.exe
  C:\Windows\System\cBdXqyP.exe
  2⤵
  PID:3516
- C:\Windows\System\KoXVwTB.exe
  C:\Windows\System\KoXVwTB.exe
  2⤵
  PID:4192
- C:\Windows\System\YWbjCJI.exe
  C:\Windows\System\YWbjCJI.exe
  2⤵
  PID:4296
- C:\Windows\System\VBDJSUI.exe
  C:\Windows\System\VBDJSUI.exe
  2⤵
  PID:4108
- C:\Windows\System\YDUiaZK.exe
  C:\Windows\System\YDUiaZK.exe
  2⤵
  PID:2200
- C:\Windows\System\RkhsVyn.exe
  C:\Windows\System\RkhsVyn.exe
  2⤵
  PID:2476
- C:\Windows\System\VvLTPzZ.exe
  C:\Windows\System\VvLTPzZ.exe
  2⤵
  PID:4608
- C:\Windows\System\WGwFNqj.exe
  C:\Windows\System\WGwFNqj.exe
  2⤵
  PID:4496
- C:\Windows\System\RuqhyEB.exe
  C:\Windows\System\RuqhyEB.exe
  2⤵
  PID:4728
- C:\Windows\System\ZYvKsMk.exe
  C:\Windows\System\ZYvKsMk.exe
  2⤵
  PID:2116
- C:\Windows\System\bhjuseT.exe
  C:\Windows\System\bhjuseT.exe
  2⤵
  PID:320
- C:\Windows\System\gBZoBBN.exe
  C:\Windows\System\gBZoBBN.exe
  2⤵
  PID:4708
- C:\Windows\System\dNRXfIQ.exe
  C:\Windows\System\dNRXfIQ.exe
  2⤵
  PID:4776
- C:\Windows\System\oyEXMUY.exe
  C:\Windows\System\oyEXMUY.exe
  2⤵
  PID:4916
- C:\Windows\System\IgJUwCq.exe
  C:\Windows\System\IgJUwCq.exe
  2⤵
  PID:4856
- C:\Windows\System\ECICjXM.exe
  C:\Windows\System\ECICjXM.exe
  2⤵
  PID:5024
- C:\Windows\System\bQTwLaC.exe
  C:\Windows\System\bQTwLaC.exe
  2⤵
  PID:848
- C:\Windows\System\WsBCgMG.exe
  C:\Windows\System\WsBCgMG.exe
  2⤵
  PID:3600
- C:\Windows\System\moOExIx.exe
  C:\Windows\System\moOExIx.exe
  2⤵
  PID:4732
- C:\Windows\System\cwktbiW.exe
  C:\Windows\System\cwktbiW.exe
  2⤵
  PID:2884
- C:\Windows\System\oURUhzb.exe
  C:\Windows\System\oURUhzb.exe
  2⤵
  PID:3176
- C:\Windows\System\kiuorMU.exe
  C:\Windows\System\kiuorMU.exe
  2⤵
  PID:4556
- C:\Windows\System\UYmDTxE.exe
  C:\Windows\System\UYmDTxE.exe
  2⤵
  PID:4300
- C:\Windows\System\mLjRGMz.exe
  C:\Windows\System\mLjRGMz.exe
  2⤵
  PID:4984
- C:\Windows\System\VNewIQn.exe
  C:\Windows\System\VNewIQn.exe
  2⤵
  PID:2160
- C:\Windows\System\aPoGVjU.exe
  C:\Windows\System\aPoGVjU.exe
  2⤵
  PID:2896
- C:\Windows\System\WKGAVSC.exe
  C:\Windows\System\WKGAVSC.exe
  2⤵
  PID:2708
- C:\Windows\System\qXgizVm.exe
  C:\Windows\System\qXgizVm.exe
  2⤵
  PID:5060
- C:\Windows\System\VCSUlIo.exe
  C:\Windows\System\VCSUlIo.exe
  2⤵
  PID:5064
- C:\Windows\System\JcbKqlG.exe
  C:\Windows\System\JcbKqlG.exe
  2⤵
  PID:2112
- C:\Windows\System\PCsJSnM.exe
  C:\Windows\System\PCsJSnM.exe
  2⤵
  PID:4312
- C:\Windows\System\jEABczY.exe
  C:\Windows\System\jEABczY.exe
  2⤵
  PID:1496
- C:\Windows\System\OAJGlLL.exe
  C:\Windows\System\OAJGlLL.exe
  2⤵
  PID:2992
- C:\Windows\System\LsMQPZM.exe
  C:\Windows\System\LsMQPZM.exe
  2⤵
  PID:4532
- C:\Windows\System\GaMgbFQ.exe
  C:\Windows\System\GaMgbFQ.exe
  2⤵
  PID:4392
- C:\Windows\System\sBysSXn.exe
  C:\Windows\System\sBysSXn.exe
  2⤵
  PID:4656
- C:\Windows\System\VZfziuo.exe
  C:\Windows\System\VZfziuo.exe
  2⤵
  PID:5140
- C:\Windows\System\PUgYMAT.exe
  C:\Windows\System\PUgYMAT.exe
  2⤵
  PID:5160
- C:\Windows\System\NPMAncM.exe
  C:\Windows\System\NPMAncM.exe
  2⤵
  PID:5180
- C:\Windows\System\QrZLiWB.exe
  C:\Windows\System\QrZLiWB.exe
  2⤵
  PID:5200
- C:\Windows\System\ikWaruB.exe
  C:\Windows\System\ikWaruB.exe
  2⤵
  PID:5220
- C:\Windows\System\sWAOsSD.exe
  C:\Windows\System\sWAOsSD.exe
  2⤵
  PID:5240
- C:\Windows\System\HqfZben.exe
  C:\Windows\System\HqfZben.exe
  2⤵
  PID:5260
- C:\Windows\System\fQdavMy.exe
  C:\Windows\System\fQdavMy.exe
  2⤵
  PID:5280
- C:\Windows\System\GUyruiu.exe
  C:\Windows\System\GUyruiu.exe
  2⤵
  PID:5300
- C:\Windows\System\axVwNEp.exe
  C:\Windows\System\axVwNEp.exe
  2⤵
  PID:5320
- C:\Windows\System\eQjAJRI.exe
  C:\Windows\System\eQjAJRI.exe
  2⤵
  PID:5340
- C:\Windows\System\eFRvArE.exe
  C:\Windows\System\eFRvArE.exe
  2⤵
  PID:5360
- C:\Windows\System\wPLSSbF.exe
  C:\Windows\System\wPLSSbF.exe
  2⤵
  PID:5380
- C:\Windows\System\DgVhqDF.exe
  C:\Windows\System\DgVhqDF.exe
  2⤵
  PID:5400
- C:\Windows\System\csvGWAu.exe
  C:\Windows\System\csvGWAu.exe
  2⤵
  PID:5420
- C:\Windows\System\aOERfBE.exe
  C:\Windows\System\aOERfBE.exe
  2⤵
  PID:5444
- C:\Windows\System\BpUGqqM.exe
  C:\Windows\System\BpUGqqM.exe
  2⤵
  PID:5464
- C:\Windows\System\lumSBFX.exe
  C:\Windows\System\lumSBFX.exe
  2⤵
  PID:5484
- C:\Windows\System\VRyPMNk.exe
  C:\Windows\System\VRyPMNk.exe
  2⤵
  PID:5504
- C:\Windows\System\zrTjaJC.exe
  C:\Windows\System\zrTjaJC.exe
  2⤵
  PID:5520
- C:\Windows\System\FaXTkci.exe
  C:\Windows\System\FaXTkci.exe
  2⤵
  PID:5544
- C:\Windows\System\wfEFICJ.exe
  C:\Windows\System\wfEFICJ.exe
  2⤵
  PID:5560
- C:\Windows\System\GYNxsHQ.exe
  C:\Windows\System\GYNxsHQ.exe
  2⤵
  PID:5580
- C:\Windows\System\gUpGpez.exe
  C:\Windows\System\gUpGpez.exe
  2⤵
  PID:5600
- C:\Windows\System\VpFQqki.exe
  C:\Windows\System\VpFQqki.exe
  2⤵
  PID:5624
- C:\Windows\System\UEWTFcM.exe
  C:\Windows\System\UEWTFcM.exe
  2⤵
  PID:5644
- C:\Windows\System\QNOnvtF.exe
  C:\Windows\System\QNOnvtF.exe
  2⤵
  PID:5664
- C:\Windows\System\VFWJShr.exe
  C:\Windows\System\VFWJShr.exe
  2⤵
  PID:5684
- C:\Windows\System\nfusEzW.exe
  C:\Windows\System\nfusEzW.exe
  2⤵
  PID:5704
- C:\Windows\System\kggttcV.exe
  C:\Windows\System\kggttcV.exe
  2⤵
  PID:5720
- C:\Windows\System\TyvODwO.exe
  C:\Windows\System\TyvODwO.exe
  2⤵
  PID:5740
- C:\Windows\System\BKbvBSr.exe
  C:\Windows\System\BKbvBSr.exe
  2⤵
  PID:5760
- C:\Windows\System\jKTRCVk.exe
  C:\Windows\System\jKTRCVk.exe
  2⤵
  PID:5780
- C:\Windows\System\DcQCdid.exe
  C:\Windows\System\DcQCdid.exe
  2⤵
  PID:5804
- C:\Windows\System\VXKnOvr.exe
  C:\Windows\System\VXKnOvr.exe
  2⤵
  PID:5824
- C:\Windows\System\DabMJVM.exe
  C:\Windows\System\DabMJVM.exe
  2⤵
  PID:5844
- C:\Windows\System\ykJQbVk.exe
  C:\Windows\System\ykJQbVk.exe
  2⤵
  PID:5864
- C:\Windows\System\WgBFIfu.exe
  C:\Windows\System\WgBFIfu.exe
  2⤵
  PID:5884
- C:\Windows\System\CcFMJnt.exe
  C:\Windows\System\CcFMJnt.exe
  2⤵
  PID:5904
- C:\Windows\System\DntvwaZ.exe
  C:\Windows\System\DntvwaZ.exe
  2⤵
  PID:5924
- C:\Windows\System\DflUvGu.exe
  C:\Windows\System\DflUvGu.exe
  2⤵
  PID:5944
- C:\Windows\System\cWIaaLJ.exe
  C:\Windows\System\cWIaaLJ.exe
  2⤵
  PID:5964
- C:\Windows\System\QDoUHsS.exe
  C:\Windows\System\QDoUHsS.exe
  2⤵
  PID:5984
- C:\Windows\System\wrSWWiA.exe
  C:\Windows\System\wrSWWiA.exe
  2⤵
  PID:6004
- C:\Windows\System\NEKdaEs.exe
  C:\Windows\System\NEKdaEs.exe
  2⤵
  PID:6024
- C:\Windows\System\RdBgtXJ.exe
  C:\Windows\System\RdBgtXJ.exe
  2⤵
  PID:6044
- C:\Windows\System\zOTDMkU.exe
  C:\Windows\System\zOTDMkU.exe
  2⤵
  PID:6064
- C:\Windows\System\pWZJwyi.exe
  C:\Windows\System\pWZJwyi.exe
  2⤵
  PID:6084
- C:\Windows\System\CjHtogp.exe
  C:\Windows\System\CjHtogp.exe
  2⤵
  PID:6104
- C:\Windows\System\KRAmzot.exe
  C:\Windows\System\KRAmzot.exe
  2⤵
  PID:6124
- C:\Windows\System\NnIcWiz.exe
  C:\Windows\System\NnIcWiz.exe
  2⤵
  PID:5096
- C:\Windows\System\TvJPmFs.exe
  C:\Windows\System\TvJPmFs.exe
  2⤵
  PID:3216
- C:\Windows\System\qHFcCqa.exe
  C:\Windows\System\qHFcCqa.exe
  2⤵
  PID:4292
- C:\Windows\System\UNVNuWv.exe
  C:\Windows\System\UNVNuWv.exe
  2⤵
  PID:4820
- C:\Windows\System\mqMFjTt.exe
  C:\Windows\System\mqMFjTt.exe
  2⤵
  PID:5020
- C:\Windows\System\BDQaDAz.exe
  C:\Windows\System\BDQaDAz.exe
  2⤵
  PID:5128
- C:\Windows\System\nFRPxMV.exe
  C:\Windows\System\nFRPxMV.exe
  2⤵
  PID:5168
- C:\Windows\System\pfvOFRM.exe
  C:\Windows\System\pfvOFRM.exe
  2⤵
  PID:5156
- C:\Windows\System\HCSoKpQ.exe
  C:\Windows\System\HCSoKpQ.exe
  2⤵
  PID:5212
- C:\Windows\System\pIluGYi.exe
  C:\Windows\System\pIluGYi.exe
  2⤵
  PID:5228
- C:\Windows\System\xbFqqve.exe
  C:\Windows\System\xbFqqve.exe
  2⤵
  PID:5232
- C:\Windows\System\UnesKdl.exe
  C:\Windows\System\UnesKdl.exe
  2⤵
  PID:5276
- C:\Windows\System\jsNmmkT.exe
  C:\Windows\System\jsNmmkT.exe
  2⤵
  PID:5312
- C:\Windows\System\EYCojkG.exe
  C:\Windows\System\EYCojkG.exe
  2⤵
  PID:5376
- C:\Windows\System\LWQsvIe.exe
  C:\Windows\System\LWQsvIe.exe
  2⤵
  PID:5416
- C:\Windows\System\CCenWjh.exe
  C:\Windows\System\CCenWjh.exe
  2⤵
  PID:2952
- C:\Windows\System\ISYIuMo.exe
  C:\Windows\System\ISYIuMo.exe
  2⤵
  PID:5428
- C:\Windows\System\jBtBNwA.exe
  C:\Windows\System\jBtBNwA.exe
  2⤵
  PID:5492
- C:\Windows\System\lWbVwAG.exe
  C:\Windows\System\lWbVwAG.exe
  2⤵
  PID:5536
- C:\Windows\System\tawGFPt.exe
  C:\Windows\System\tawGFPt.exe
  2⤵
  PID:5512
- C:\Windows\System\SlYcZJc.exe
  C:\Windows\System\SlYcZJc.exe
  2⤵
  PID:872
- C:\Windows\System\NNmmHyG.exe
  C:\Windows\System\NNmmHyG.exe
  2⤵
  PID:5552
- C:\Windows\System\uxKPkXp.exe
  C:\Windows\System\uxKPkXp.exe
  2⤵
  PID:5652
- C:\Windows\System\JRafSDh.exe
  C:\Windows\System\JRafSDh.exe
  2⤵
  PID:5640
- C:\Windows\System\bENdSVt.exe
  C:\Windows\System\bENdSVt.exe
  2⤵
  PID:5672
- C:\Windows\System\haarMMv.exe
  C:\Windows\System\haarMMv.exe
  2⤵
  PID:5712
- C:\Windows\System\mAOiKbz.exe
  C:\Windows\System\mAOiKbz.exe
  2⤵
  PID:5812
- C:\Windows\System\PPlLemO.exe
  C:\Windows\System\PPlLemO.exe
  2⤵
  PID:5796
- C:\Windows\System\XYMxgHv.exe
  C:\Windows\System\XYMxgHv.exe
  2⤵
  PID:1776
- C:\Windows\System\wNljSkd.exe
  C:\Windows\System\wNljSkd.exe
  2⤵
  PID:5836
- C:\Windows\System\fRkMHZN.exe
  C:\Windows\System\fRkMHZN.exe
  2⤵
  PID:5892
- C:\Windows\System\PSPOCsc.exe
  C:\Windows\System\PSPOCsc.exe
  2⤵
  PID:5920
- C:\Windows\System\UfFwszc.exe
  C:\Windows\System\UfFwszc.exe
  2⤵
  PID:5960
- C:\Windows\System\uaRkOWl.exe
  C:\Windows\System\uaRkOWl.exe
  2⤵
  PID:6012
- C:\Windows\System\BXQbObb.exe
  C:\Windows\System\BXQbObb.exe
  2⤵
  PID:6016
- C:\Windows\System\WNkVyLn.exe
  C:\Windows\System\WNkVyLn.exe
  2⤵
  PID:6060
- C:\Windows\System\WkSETml.exe
  C:\Windows\System\WkSETml.exe
  2⤵
  PID:6092
- C:\Windows\System\eEOmlGq.exe
  C:\Windows\System\eEOmlGq.exe
  2⤵
  PID:6132
- C:\Windows\System\RWYeJkx.exe
  C:\Windows\System\RWYeJkx.exe
  2⤵
  PID:4976
- C:\Windows\System\TLbnTgc.exe
  C:\Windows\System\TLbnTgc.exe
  2⤵
  PID:4172
- C:\Windows\System\hDLJIBx.exe
  C:\Windows\System\hDLJIBx.exe
  2⤵
  PID:4632
- C:\Windows\System\napTNIk.exe
  C:\Windows\System\napTNIk.exe
  2⤵
  PID:5124
- C:\Windows\System\TUSSKNh.exe
  C:\Windows\System\TUSSKNh.exe
  2⤵
  PID:5172
- C:\Windows\System\eJWXbor.exe
  C:\Windows\System\eJWXbor.exe
  2⤵
  PID:536
- C:\Windows\System\ymYTlmu.exe
  C:\Windows\System\ymYTlmu.exe
  2⤵
  PID:5192
- C:\Windows\System\yPaFLtT.exe
  C:\Windows\System\yPaFLtT.exe
  2⤵
  PID:5328
- C:\Windows\System\hHKzLIV.exe
  C:\Windows\System\hHKzLIV.exe
  2⤵
  PID:5352
- C:\Windows\System\nMOYtXz.exe
  C:\Windows\System\nMOYtXz.exe
  2⤵
  PID:5348
- C:\Windows\System\vyTfwga.exe
  C:\Windows\System\vyTfwga.exe
  2⤵
  PID:5500
- C:\Windows\System\QuiNLfx.exe
  C:\Windows\System\QuiNLfx.exe
  2⤵
  PID:5496
- C:\Windows\System\ECXXsvv.exe
  C:\Windows\System\ECXXsvv.exe
  2⤵
  PID:2276
- C:\Windows\System\vNXySSD.exe
  C:\Windows\System\vNXySSD.exe
  2⤵
  PID:5616
- C:\Windows\System\ZcowrcF.exe
  C:\Windows\System\ZcowrcF.exe
  2⤵
  PID:5632
- C:\Windows\System\oAMbrVv.exe
  C:\Windows\System\oAMbrVv.exe
  2⤵
  PID:5732
- C:\Windows\System\YuVfsmm.exe
  C:\Windows\System\YuVfsmm.exe
  2⤵
  PID:5788
- C:\Windows\System\RyvQvjD.exe
  C:\Windows\System\RyvQvjD.exe
  2⤵
  PID:5820
- C:\Windows\System\TsSISbM.exe
  C:\Windows\System\TsSISbM.exe
  2⤵
  PID:4956
- C:\Windows\System\PlNbeBu.exe
  C:\Windows\System\PlNbeBu.exe
  2⤵
  PID:5940
- C:\Windows\System\oPZrcDK.exe
  C:\Windows\System\oPZrcDK.exe
  2⤵
  PID:5956
- C:\Windows\System\niGBslj.exe
  C:\Windows\System\niGBslj.exe
  2⤵
  PID:6000
- C:\Windows\System\YRilVPC.exe
  C:\Windows\System\YRilVPC.exe
  2⤵
  PID:6036
- C:\Windows\System\Hbsmloj.exe
  C:\Windows\System\Hbsmloj.exe
  2⤵
  PID:6136
- C:\Windows\System\ELMQyhR.exe
  C:\Windows\System\ELMQyhR.exe
  2⤵
  PID:4780
- C:\Windows\System\dTRoGNL.exe
  C:\Windows\System\dTRoGNL.exe
  2⤵
  PID:4428
- C:\Windows\System\rtFlaUO.exe
  C:\Windows\System\rtFlaUO.exe
  2⤵
  PID:5248
- C:\Windows\System\soUmNKY.exe
  C:\Windows\System\soUmNKY.exe
  2⤵
  PID:5252
- C:\Windows\System\JLfVwiB.exe
  C:\Windows\System\JLfVwiB.exe
  2⤵
  PID:5292
- C:\Windows\System\urAKBFJ.exe
  C:\Windows\System\urAKBFJ.exe
  2⤵
  PID:5456
- C:\Windows\System\CrHBXIi.exe
  C:\Windows\System\CrHBXIi.exe
  2⤵
  PID:5440
- C:\Windows\System\HjSLrkR.exe
  C:\Windows\System\HjSLrkR.exe
  2⤵
  PID:5696
- C:\Windows\System\UssZTgt.exe
  C:\Windows\System\UssZTgt.exe
  2⤵
  PID:2744
- C:\Windows\System\nCFSDKC.exe
  C:\Windows\System\nCFSDKC.exe
  2⤵
  PID:5776
- C:\Windows\System\ZZGEVVY.exe
  C:\Windows\System\ZZGEVVY.exe
  2⤵
  PID:2484
- C:\Windows\System\XqqpqYX.exe
  C:\Windows\System\XqqpqYX.exe
  2⤵
  PID:5880
- C:\Windows\System\OpUxhEa.exe
  C:\Windows\System\OpUxhEa.exe
  2⤵
  PID:5992
- C:\Windows\System\gbwVsEA.exe
  C:\Windows\System\gbwVsEA.exe
  2⤵
  PID:6072
- C:\Windows\System\zraiHpg.exe
  C:\Windows\System\zraiHpg.exe
  2⤵
  PID:4676
- C:\Windows\System\CPQlbGW.exe
  C:\Windows\System\CPQlbGW.exe
  2⤵
  PID:296
- C:\Windows\System\GvaHKYT.exe
  C:\Windows\System\GvaHKYT.exe
  2⤵
  PID:2832
- C:\Windows\System\HnnbbmM.exe
  C:\Windows\System\HnnbbmM.exe
  2⤵
  PID:5332
- C:\Windows\System\kdnsMKC.exe
  C:\Windows\System\kdnsMKC.exe
  2⤵
  PID:5572
- C:\Windows\System\mgMtahC.exe
  C:\Windows\System\mgMtahC.exe
  2⤵
  PID:5700
- C:\Windows\System\afOBQjk.exe
  C:\Windows\System\afOBQjk.exe
  2⤵
  PID:5756
- C:\Windows\System\RwtFzcB.exe
  C:\Windows\System\RwtFzcB.exe
  2⤵
  PID:5932
- C:\Windows\System\JpNdYUk.exe
  C:\Windows\System\JpNdYUk.exe
  2⤵
  PID:6112
- C:\Windows\System\UyeyRqV.exe
  C:\Windows\System\UyeyRqV.exe
  2⤵
  PID:5132
- C:\Windows\System\GXjtAnn.exe
  C:\Windows\System\GXjtAnn.exe
  2⤵
  PID:5208
- C:\Windows\System\loKmPrV.exe
  C:\Windows\System\loKmPrV.exe
  2⤵
  PID:5396
- C:\Windows\System\OjqjPnq.exe
  C:\Windows\System\OjqjPnq.exe
  2⤵
  PID:5792
- C:\Windows\System\AVAKVwo.exe
  C:\Windows\System\AVAKVwo.exe
  2⤵
  PID:6156
- C:\Windows\System\uErBuoG.exe
  C:\Windows\System\uErBuoG.exe
  2⤵
  PID:6176
- C:\Windows\System\frOjUAR.exe
  C:\Windows\System\frOjUAR.exe
  2⤵
  PID:6196
- C:\Windows\System\GqDKfey.exe
  C:\Windows\System\GqDKfey.exe
  2⤵
  PID:6216
- C:\Windows\System\rLAdsYa.exe
  C:\Windows\System\rLAdsYa.exe
  2⤵
  PID:6236
- C:\Windows\System\siQgZYc.exe
  C:\Windows\System\siQgZYc.exe
  2⤵
  PID:6256
- C:\Windows\System\AGHGXka.exe
  C:\Windows\System\AGHGXka.exe
  2⤵
  PID:6276
- C:\Windows\System\uUwSDOq.exe
  C:\Windows\System\uUwSDOq.exe
  2⤵
  PID:6300
- C:\Windows\System\hdMbnrq.exe
  C:\Windows\System\hdMbnrq.exe
  2⤵
  PID:6320
- C:\Windows\System\PryQoHB.exe
  C:\Windows\System\PryQoHB.exe
  2⤵
  PID:6340
- C:\Windows\System\gMAfqvY.exe
  C:\Windows\System\gMAfqvY.exe
  2⤵
  PID:6360
- C:\Windows\System\BOrMsgu.exe
  C:\Windows\System\BOrMsgu.exe
  2⤵
  PID:6380
- C:\Windows\System\isRLkii.exe
  C:\Windows\System\isRLkii.exe
  2⤵
  PID:6400
- C:\Windows\System\BYcPBHC.exe
  C:\Windows\System\BYcPBHC.exe
  2⤵
  PID:6420
- C:\Windows\System\coTjxCV.exe
  C:\Windows\System\coTjxCV.exe
  2⤵
  PID:6440
- C:\Windows\System\LwfbRzO.exe
  C:\Windows\System\LwfbRzO.exe
  2⤵
  PID:6460
- C:\Windows\System\RgFAWBk.exe
  C:\Windows\System\RgFAWBk.exe
  2⤵
  PID:6484
- C:\Windows\System\kokckVt.exe
  C:\Windows\System\kokckVt.exe
  2⤵
  PID:6504
- C:\Windows\System\crgYgmU.exe
  C:\Windows\System\crgYgmU.exe
  2⤵
  PID:6524
- C:\Windows\System\kwunhzx.exe
  C:\Windows\System\kwunhzx.exe
  2⤵
  PID:6544
- C:\Windows\System\AjIziKn.exe
  C:\Windows\System\AjIziKn.exe
  2⤵
  PID:6564
- C:\Windows\System\MpnnnGd.exe
  C:\Windows\System\MpnnnGd.exe
  2⤵
  PID:6584
- C:\Windows\System\ZrzGsxz.exe
  C:\Windows\System\ZrzGsxz.exe
  2⤵
  PID:6604
- C:\Windows\System\TEXzeei.exe
  C:\Windows\System\TEXzeei.exe
  2⤵
  PID:6624
- C:\Windows\System\hMuUrsX.exe
  C:\Windows\System\hMuUrsX.exe
  2⤵
  PID:6644
- C:\Windows\System\cmHKYvD.exe
  C:\Windows\System\cmHKYvD.exe
  2⤵
  PID:6664
- C:\Windows\System\rvluFAP.exe
  C:\Windows\System\rvluFAP.exe
  2⤵
  PID:6684
- C:\Windows\System\TlPmfMc.exe
  C:\Windows\System\TlPmfMc.exe
  2⤵
  PID:6704
- C:\Windows\System\aABeGlF.exe
  C:\Windows\System\aABeGlF.exe
  2⤵
  PID:6724
- C:\Windows\System\yvWFXSF.exe
  C:\Windows\System\yvWFXSF.exe
  2⤵
  PID:6744
- C:\Windows\System\IJEHQUG.exe
  C:\Windows\System\IJEHQUG.exe
  2⤵
  PID:6772
- C:\Windows\System\qJGcdot.exe
  C:\Windows\System\qJGcdot.exe
  2⤵
  PID:6792
- C:\Windows\System\CwBnUaS.exe
  C:\Windows\System\CwBnUaS.exe
  2⤵
  PID:6812
- C:\Windows\System\Ftetpvd.exe
  C:\Windows\System\Ftetpvd.exe
  2⤵
  PID:6828
- C:\Windows\System\kNbYFzI.exe
  C:\Windows\System\kNbYFzI.exe
  2⤵
  PID:6856
- C:\Windows\System\QkYifFv.exe
  C:\Windows\System\QkYifFv.exe
  2⤵
  PID:6880
- C:\Windows\System\zaTiNCw.exe
  C:\Windows\System\zaTiNCw.exe
  2⤵
  PID:6904
- C:\Windows\System\RVTiRlf.exe
  C:\Windows\System\RVTiRlf.exe
  2⤵
  PID:6920
- C:\Windows\System\afcmNMS.exe
  C:\Windows\System\afcmNMS.exe
  2⤵
  PID:6944
- C:\Windows\System\POZGFkd.exe
  C:\Windows\System\POZGFkd.exe
  2⤵
  PID:6972
- C:\Windows\System\cuDoFxm.exe
  C:\Windows\System\cuDoFxm.exe
  2⤵
  PID:6992
- C:\Windows\System\WezJhCS.exe
  C:\Windows\System\WezJhCS.exe
  2⤵
  PID:7008
- C:\Windows\System\zLGhGvt.exe
  C:\Windows\System\zLGhGvt.exe
  2⤵
  PID:7068
- C:\Windows\System\dpTyxPh.exe
  C:\Windows\System\dpTyxPh.exe
  2⤵
  PID:7088
- C:\Windows\System\xeLPqlz.exe
  C:\Windows\System\xeLPqlz.exe
  2⤵
  PID:7112
- C:\Windows\System\OVJxGHY.exe
  C:\Windows\System\OVJxGHY.exe
  2⤵
  PID:7128
- C:\Windows\System\mXyGZIh.exe
  C:\Windows\System\mXyGZIh.exe
  2⤵
  PID:7156
- C:\Windows\System\QERonRR.exe
  C:\Windows\System\QERonRR.exe
  2⤵
  PID:5772
- C:\Windows\System\VAtXfYD.exe
  C:\Windows\System\VAtXfYD.exe
  2⤵
  PID:2512
- C:\Windows\System\UrCRliK.exe
  C:\Windows\System\UrCRliK.exe
  2⤵
  PID:2604
- C:\Windows\System\LAeoHOX.exe
  C:\Windows\System\LAeoHOX.exe
  2⤵
  PID:5460
- C:\Windows\System\PbUZuSx.exe
  C:\Windows\System\PbUZuSx.exe
  2⤵
  PID:5540
- C:\Windows\System\ZgJZbxz.exe
  C:\Windows\System\ZgJZbxz.exe
  2⤵
  PID:6148
- C:\Windows\System\sKxPCEC.exe
  C:\Windows\System\sKxPCEC.exe
  2⤵
  PID:6212
- C:\Windows\System\dsbkEXQ.exe
  C:\Windows\System\dsbkEXQ.exe
  2⤵
  PID:6188
- C:\Windows\System\LHQsCNX.exe
  C:\Windows\System\LHQsCNX.exe
  2⤵
  PID:6252
- C:\Windows\System\ENBXEqO.exe
  C:\Windows\System\ENBXEqO.exe
  2⤵
  PID:6292
- C:\Windows\System\pvvAgHC.exe
  C:\Windows\System\pvvAgHC.exe
  2⤵
  PID:6328
- C:\Windows\System\dnORTbo.exe
  C:\Windows\System\dnORTbo.exe
  2⤵
  PID:1676
- C:\Windows\System\rzTwVVq.exe
  C:\Windows\System\rzTwVVq.exe
  2⤵
  PID:6372
- C:\Windows\System\eRBlQiO.exe
  C:\Windows\System\eRBlQiO.exe
  2⤵
  PID:6352
- C:\Windows\System\VCMaebn.exe
  C:\Windows\System\VCMaebn.exe
  2⤵
  PID:6392
- C:\Windows\System\zDxVcxe.exe
  C:\Windows\System\zDxVcxe.exe
  2⤵
  PID:6492
- C:\Windows\System\PSCxcSd.exe
  C:\Windows\System\PSCxcSd.exe
  2⤵
  PID:6540
- C:\Windows\System\HoOTEPc.exe
  C:\Windows\System\HoOTEPc.exe
  2⤵
  PID:6516
- C:\Windows\System\oMMVhfV.exe
  C:\Windows\System\oMMVhfV.exe
  2⤵
  PID:6560
- C:\Windows\System\ewAxfZX.exe
  C:\Windows\System\ewAxfZX.exe
  2⤵
  PID:6600
- C:\Windows\System\QkOpYrA.exe
  C:\Windows\System\QkOpYrA.exe
  2⤵
  PID:3416
- C:\Windows\System\IcOEOCj.exe
  C:\Windows\System\IcOEOCj.exe
  2⤵
  PID:6640
- C:\Windows\System\xgBCJxO.exe
  C:\Windows\System\xgBCJxO.exe
  2⤵
  PID:6692
- C:\Windows\System\VsVSchN.exe
  C:\Windows\System\VsVSchN.exe
  2⤵
  PID:6700
- C:\Windows\System\cRlXCCk.exe
  C:\Windows\System\cRlXCCk.exe
  2⤵
  PID:6732
- C:\Windows\System\fasYyOt.exe
  C:\Windows\System\fasYyOt.exe
  2⤵
  PID:6768
- C:\Windows\System\WOUoVkM.exe
  C:\Windows\System\WOUoVkM.exe
  2⤵
  PID:6752
- C:\Windows\System\BwWnYzk.exe
  C:\Windows\System\BwWnYzk.exe
  2⤵
  PID:6804
- C:\Windows\System\EFtLyBl.exe
  C:\Windows\System\EFtLyBl.exe
  2⤵
  PID:6844
- C:\Windows\System\QWQIIEH.exe
  C:\Windows\System\QWQIIEH.exe
  2⤵
  PID:6872
- C:\Windows\System\sEVaYim.exe
  C:\Windows\System\sEVaYim.exe
  2⤵
  PID:2712
- C:\Windows\System\etqbilS.exe
  C:\Windows\System\etqbilS.exe
  2⤵
  PID:6984
- C:\Windows\System\HYlNlqL.exe
  C:\Windows\System\HYlNlqL.exe
  2⤵
  PID:6960
- C:\Windows\System\rLFCYyT.exe
  C:\Windows\System\rLFCYyT.exe
  2⤵
  PID:2492
- C:\Windows\System\nbZFhSx.exe
  C:\Windows\System\nbZFhSx.exe
  2⤵
  PID:2888
- C:\Windows\System\JvTaVMI.exe
  C:\Windows\System\JvTaVMI.exe
  2⤵
  PID:7096
- C:\Windows\System\OKsxivT.exe
  C:\Windows\System\OKsxivT.exe
  2⤵
  PID:2508
- C:\Windows\System\gWwKMbg.exe
  C:\Windows\System\gWwKMbg.exe
  2⤵
  PID:3068
- C:\Windows\System\ldUoIvE.exe
  C:\Windows\System\ldUoIvE.exe
  2⤵
  PID:7120
- C:\Windows\System\AlGcLkT.exe
  C:\Windows\System\AlGcLkT.exe
  2⤵
  PID:7164
- C:\Windows\System\otmjcCu.exe
  C:\Windows\System\otmjcCu.exe
  2⤵
  PID:5872
- C:\Windows\System\hDXmwAR.exe
  C:\Windows\System\hDXmwAR.exe
  2⤵
  PID:5596
- C:\Windows\System\CKiqsTc.exe
  C:\Windows\System\CKiqsTc.exe
  2⤵
  PID:5996
- C:\Windows\System\fblnehh.exe
  C:\Windows\System\fblnehh.exe
  2⤵
  PID:5592
- C:\Windows\System\BjIGlzq.exe
  C:\Windows\System\BjIGlzq.exe
  2⤵
  PID:6192
- C:\Windows\System\mrRKcyc.exe
  C:\Windows\System\mrRKcyc.exe
  2⤵
  PID:6312
- C:\Windows\System\fIAsstX.exe
  C:\Windows\System\fIAsstX.exe
  2⤵
  PID:1788
- C:\Windows\System\guVCEON.exe
  C:\Windows\System\guVCEON.exe
  2⤵
  PID:6228
- C:\Windows\System\gpNwfBU.exe
  C:\Windows\System\gpNwfBU.exe
  2⤵
  PID:6348
- C:\Windows\System\kpKZsDy.exe
  C:\Windows\System\kpKZsDy.exe
  2⤵
  PID:568
- C:\Windows\System\IeBKWER.exe
  C:\Windows\System\IeBKWER.exe
  2⤵
  PID:6168
- C:\Windows\System\uhJtTUT.exe
  C:\Windows\System\uhJtTUT.exe
  2⤵
  PID:6432
- C:\Windows\System\otgwnay.exe
  C:\Windows\System\otgwnay.exe
  2⤵
  PID:1288
- C:\Windows\System\xlMDZai.exe
  C:\Windows\System\xlMDZai.exe
  2⤵
  PID:2300
- C:\Windows\System\ZjuBRQw.exe
  C:\Windows\System\ZjuBRQw.exe
  2⤵
  PID:1824
- C:\Windows\System\triIcrt.exe
  C:\Windows\System\triIcrt.exe
  2⤵
  PID:6572
- C:\Windows\System\ReHrPBW.exe
  C:\Windows\System\ReHrPBW.exe
  2⤵
  PID:6660
- C:\Windows\System\dNbgKQb.exe
  C:\Windows\System\dNbgKQb.exe
  2⤵
  PID:6800
- C:\Windows\System\zJJuqET.exe
  C:\Windows\System\zJJuqET.exe
  2⤵
  PID:6824
- C:\Windows\System\gPWCEDM.exe
  C:\Windows\System\gPWCEDM.exe
  2⤵
  PID:6980
- C:\Windows\System\kZHyIKo.exe
  C:\Windows\System\kZHyIKo.exe
  2⤵
  PID:7004
- C:\Windows\System\mcTEFjy.exe
  C:\Windows\System\mcTEFjy.exe
  2⤵
  PID:6716
- C:\Windows\System\DPBTbkV.exe
  C:\Windows\System\DPBTbkV.exe
  2⤵
  PID:6784
- C:\Windows\System\fomqGEc.exe
  C:\Windows\System\fomqGEc.exe
  2⤵
  PID:1864
- C:\Windows\System\xSCUWTH.exe
  C:\Windows\System\xSCUWTH.exe
  2⤵
  PID:6916
- C:\Windows\System\uUbyiSV.exe
  C:\Windows\System\uUbyiSV.exe
  2⤵
  PID:2656
- C:\Windows\System\kIqVAdi.exe
  C:\Windows\System\kIqVAdi.exe
  2⤵
  PID:6912
- C:\Windows\System\yGSWowk.exe
  C:\Windows\System\yGSWowk.exe
  2⤵
  PID:1064
- C:\Windows\System\XpeKCWP.exe
  C:\Windows\System\XpeKCWP.exe
  2⤵
  PID:2340
- C:\Windows\System\WpZCvNE.exe
  C:\Windows\System\WpZCvNE.exe
  2⤵
  PID:5980
- C:\Windows\System\pGoCYbE.exe
  C:\Windows\System\pGoCYbE.exe
  2⤵
  PID:6272
- C:\Windows\System\louUoIc.exe
  C:\Windows\System\louUoIc.exe
  2⤵
  PID:1296
- C:\Windows\System\qAspclG.exe
  C:\Windows\System\qAspclG.exe
  2⤵
  PID:696
- C:\Windows\System\qiiwkNA.exe
  C:\Windows\System\qiiwkNA.exe
  2⤵
  PID:2532
- C:\Windows\System\ufYIQQp.exe
  C:\Windows\System\ufYIQQp.exe
  2⤵
  PID:6316
- C:\Windows\System\xfvQBGu.exe
  C:\Windows\System\xfvQBGu.exe
  2⤵
  PID:6436
- C:\Windows\System\JWJFQmj.exe
  C:\Windows\System\JWJFQmj.exe
  2⤵
  PID:6468
- C:\Windows\System\AQqpaIj.exe
  C:\Windows\System\AQqpaIj.exe
  2⤵
  PID:468
- C:\Windows\System\siyEFNK.exe
  C:\Windows\System\siyEFNK.exe
  2⤵
  PID:2868
- C:\Windows\System\GIzMAAr.exe
  C:\Windows\System\GIzMAAr.exe
  2⤵
  PID:6576
- C:\Windows\System\VnkbMiH.exe
  C:\Windows\System\VnkbMiH.exe
  2⤵
  PID:6864
- C:\Windows\System\VFxuUhP.exe
  C:\Windows\System\VFxuUhP.exe
  2⤵
  PID:6712
- C:\Windows\System\QyChEON.exe
  C:\Windows\System\QyChEON.exe
  2⤵
  PID:7000
- C:\Windows\System\yazdxKo.exe
  C:\Windows\System\yazdxKo.exe
  2⤵
  PID:6632
- C:\Windows\System\VEyyrIp.exe
  C:\Windows\System\VEyyrIp.exe
  2⤵
  PID:7076
- C:\Windows\System\CROOQwa.exe
  C:\Windows\System\CROOQwa.exe
  2⤵
  PID:7020
- C:\Windows\System\JziqqqO.exe
  C:\Windows\System\JziqqqO.exe
  2⤵
  PID:400
- C:\Windows\System\RFeHJjZ.exe
  C:\Windows\System\RFeHJjZ.exe
  2⤵
  PID:3708
- C:\Windows\System\FIVAEkC.exe
  C:\Windows\System\FIVAEkC.exe
  2⤵
  PID:1800
- C:\Windows\System\RkQLegk.exe
  C:\Windows\System\RkQLegk.exe
  2⤵
  PID:6448
- C:\Windows\System\jAMRxLP.exe
  C:\Windows\System\jAMRxLP.exe
  2⤵
  PID:6396
- C:\Windows\System\FNXNXVy.exe
  C:\Windows\System\FNXNXVy.exe
  2⤵
  PID:2204
- C:\Windows\System\jFwMSFO.exe
  C:\Windows\System\jFwMSFO.exe
  2⤵
  PID:2444
- C:\Windows\System\bHFljvs.exe
  C:\Windows\System\bHFljvs.exe
  2⤵
  PID:6736
- C:\Windows\System\KgazPfB.exe
  C:\Windows\System\KgazPfB.exe
  2⤵
  PID:1504
- C:\Windows\System\CezDElM.exe
  C:\Windows\System\CezDElM.exe
  2⤵
  PID:2856
- C:\Windows\System\hIFbhHV.exe
  C:\Windows\System\hIFbhHV.exe
  2⤵
  PID:6652
- C:\Windows\System\kLyLcWs.exe
  C:\Windows\System\kLyLcWs.exe
  2⤵
  PID:6896
- C:\Windows\System\INlbaAe.exe
  C:\Windows\System\INlbaAe.exe
  2⤵
  PID:1332
- C:\Windows\System\mcPTtlK.exe
  C:\Windows\System\mcPTtlK.exe
  2⤵
  PID:5148
- C:\Windows\System\zKnoFrv.exe
  C:\Windows\System\zKnoFrv.exe
  2⤵
  PID:1272
- C:\Windows\System\SYvhFqe.exe
  C:\Windows\System\SYvhFqe.exe
  2⤵
  PID:6820
- C:\Windows\System\XttEDgF.exe
  C:\Windows\System\XttEDgF.exe
  2⤵
  PID:1344
- C:\Windows\System\EnrjZcL.exe
  C:\Windows\System\EnrjZcL.exe
  2⤵
  PID:7024
- C:\Windows\System\WKfUFav.exe
  C:\Windows\System\WKfUFav.exe
  2⤵
  PID:1140
- C:\Windows\System\VzQKebB.exe
  C:\Windows\System\VzQKebB.exe
  2⤵
  PID:2284
- C:\Windows\System\RpAWARB.exe
  C:\Windows\System\RpAWARB.exe
  2⤵
  PID:6616
- C:\Windows\System\PvpfAde.exe
  C:\Windows\System\PvpfAde.exe
  2⤵
  PID:7176
- C:\Windows\System\zWQpRda.exe
  C:\Windows\System\zWQpRda.exe
  2⤵
  PID:7196
- C:\Windows\System\IFcSOAH.exe
  C:\Windows\System\IFcSOAH.exe
  2⤵
  PID:7228
- C:\Windows\System\PzKdiXv.exe
  C:\Windows\System\PzKdiXv.exe
  2⤵
  PID:7248
- C:\Windows\System\XbfBEBR.exe
  C:\Windows\System\XbfBEBR.exe
  2⤵
  PID:7264
- C:\Windows\System\rQyMZvD.exe
  C:\Windows\System\rQyMZvD.exe
  2⤵
  PID:7284
- C:\Windows\System\CKrNhLQ.exe
  C:\Windows\System\CKrNhLQ.exe
  2⤵
  PID:7312
- C:\Windows\System\USrITWt.exe
  C:\Windows\System\USrITWt.exe
  2⤵
  PID:7328
- C:\Windows\System\yqspDoN.exe
  C:\Windows\System\yqspDoN.exe
  2⤵
  PID:7344
- C:\Windows\System\zkIwUyw.exe
  C:\Windows\System\zkIwUyw.exe
  2⤵
  PID:7360
- C:\Windows\System\AzvDMjN.exe
  C:\Windows\System\AzvDMjN.exe
  2⤵
  PID:7376
- C:\Windows\System\qrFKfHs.exe
  C:\Windows\System\qrFKfHs.exe
  2⤵
  PID:7396
- C:\Windows\System\RGuaiMk.exe
  C:\Windows\System\RGuaiMk.exe
  2⤵
  PID:7432
- C:\Windows\System\YJUBRbr.exe
  C:\Windows\System\YJUBRbr.exe
  2⤵
  PID:7448
- C:\Windows\System\caXKpub.exe
  C:\Windows\System\caXKpub.exe
  2⤵
  PID:7468
- C:\Windows\System\nvDuvrk.exe
  C:\Windows\System\nvDuvrk.exe
  2⤵
  PID:7488
- C:\Windows\System\plSBofx.exe
  C:\Windows\System\plSBofx.exe
  2⤵
  PID:7504
- C:\Windows\System\LRkgJMF.exe
  C:\Windows\System\LRkgJMF.exe
  2⤵
  PID:7520
- C:\Windows\System\wllhIKF.exe
  C:\Windows\System\wllhIKF.exe
  2⤵
  PID:7544
- C:\Windows\System\POXfRJh.exe
  C:\Windows\System\POXfRJh.exe
  2⤵
  PID:7560
- C:\Windows\System\ebpuXUU.exe
  C:\Windows\System\ebpuXUU.exe
  2⤵
  PID:7576
- C:\Windows\System\TOqEseR.exe
  C:\Windows\System\TOqEseR.exe
  2⤵
  PID:7608
- C:\Windows\System\HxeEnsp.exe
  C:\Windows\System\HxeEnsp.exe
  2⤵
  PID:7628
- C:\Windows\System\ygpxHNw.exe
  C:\Windows\System\ygpxHNw.exe
  2⤵
  PID:7648
- C:\Windows\System\dZSWiBv.exe
  C:\Windows\System\dZSWiBv.exe
  2⤵
  PID:7664
- C:\Windows\System\TPKZYtV.exe
  C:\Windows\System\TPKZYtV.exe
  2⤵
  PID:7680
- C:\Windows\System\FZLmDyy.exe
  C:\Windows\System\FZLmDyy.exe
  2⤵
  PID:7708
- C:\Windows\System\quETElY.exe
  C:\Windows\System\quETElY.exe
  2⤵
  PID:7724
- C:\Windows\System\enPABnF.exe
  C:\Windows\System\enPABnF.exe
  2⤵
  PID:7740
- C:\Windows\System\sHXtxSJ.exe
  C:\Windows\System\sHXtxSJ.exe
  2⤵
  PID:7756
- C:\Windows\System\AJHPGMS.exe
  C:\Windows\System\AJHPGMS.exe
  2⤵
  PID:7784
- C:\Windows\System\IBLbEWB.exe
  C:\Windows\System\IBLbEWB.exe
  2⤵
  PID:7804
- C:\Windows\System\RYxggMO.exe
  C:\Windows\System\RYxggMO.exe
  2⤵
  PID:7828
- C:\Windows\System\HpgNoJX.exe
  C:\Windows\System\HpgNoJX.exe
  2⤵
  PID:7844
- C:\Windows\System\tqydnug.exe
  C:\Windows\System\tqydnug.exe
  2⤵
  PID:7864
- C:\Windows\System\aPJEWPj.exe
  C:\Windows\System\aPJEWPj.exe
  2⤵
  PID:7880
- C:\Windows\System\XoHDIHK.exe
  C:\Windows\System\XoHDIHK.exe
  2⤵
  PID:7900
- C:\Windows\System\pMJqwXr.exe
  C:\Windows\System\pMJqwXr.exe
  2⤵
  PID:7916
- C:\Windows\System\LnUrSvg.exe
  C:\Windows\System\LnUrSvg.exe
  2⤵
  PID:7932
- C:\Windows\System\YQcRDjJ.exe
  C:\Windows\System\YQcRDjJ.exe
  2⤵
  PID:7952
- C:\Windows\System\QCqDfRr.exe
  C:\Windows\System\QCqDfRr.exe
  2⤵
  PID:7992
- C:\Windows\System\KNmOnkE.exe
  C:\Windows\System\KNmOnkE.exe
  2⤵
  PID:8008
- C:\Windows\System\SQNxekZ.exe
  C:\Windows\System\SQNxekZ.exe
  2⤵
  PID:8028
- C:\Windows\System\SPIVROx.exe
  C:\Windows\System\SPIVROx.exe
  2⤵
  PID:8044
- C:\Windows\System\iSCrJOh.exe
  C:\Windows\System\iSCrJOh.exe
  2⤵
  PID:8060
- C:\Windows\System\uXPCKmq.exe
  C:\Windows\System\uXPCKmq.exe
  2⤵
  PID:8080
- C:\Windows\System\bHtoUSM.exe
  C:\Windows\System\bHtoUSM.exe
  2⤵
  PID:8108
- C:\Windows\System\JZuCOiL.exe
  C:\Windows\System\JZuCOiL.exe
  2⤵
  PID:8128
- C:\Windows\System\GcaNvjT.exe
  C:\Windows\System\GcaNvjT.exe
  2⤵
  PID:8144
- C:\Windows\System\GyHjUlL.exe
  C:\Windows\System\GyHjUlL.exe
  2⤵
  PID:8176
- C:\Windows\System\cIgKdzK.exe
  C:\Windows\System\cIgKdzK.exe
  2⤵
  PID:1316
- C:\Windows\System\NGUKNzO.exe
  C:\Windows\System\NGUKNzO.exe
  2⤵
  PID:7108
- C:\Windows\System\fdHXcCG.exe
  C:\Windows\System\fdHXcCG.exe
  2⤵
  PID:7212
- C:\Windows\System\gipNNYj.exe
  C:\Windows\System\gipNNYj.exe
  2⤵
  PID:7184
- C:\Windows\System\dEwRdiY.exe
  C:\Windows\System\dEwRdiY.exe
  2⤵
  PID:7236
- C:\Windows\System\qfTRGiM.exe
  C:\Windows\System\qfTRGiM.exe
  2⤵
  PID:7260
- C:\Windows\System\ThjOWCP.exe
  C:\Windows\System\ThjOWCP.exe
  2⤵
  PID:7300
- C:\Windows\System\FLjWidS.exe
  C:\Windows\System\FLjWidS.exe
  2⤵
  PID:7352
- C:\Windows\System\NCZfHGA.exe
  C:\Windows\System\NCZfHGA.exe
  2⤵
  PID:7368
- C:\Windows\System\QyDKnbB.exe
  C:\Windows\System\QyDKnbB.exe
  2⤵
  PID:7404
- C:\Windows\System\TTkZfSE.exe
  C:\Windows\System\TTkZfSE.exe
  2⤵
  PID:7428
- C:\Windows\System\bdbYGkA.exe
  C:\Windows\System\bdbYGkA.exe
  2⤵
  PID:7460
- C:\Windows\System\oUibbZb.exe
  C:\Windows\System\oUibbZb.exe
  2⤵
  PID:7528
- C:\Windows\System\mfohXEz.exe
  C:\Windows\System\mfohXEz.exe
  2⤵
  PID:7480
- C:\Windows\System\yxJxcpC.exe
  C:\Windows\System\yxJxcpC.exe
  2⤵
  PID:7592
- C:\Windows\System\dDGxquh.exe
  C:\Windows\System\dDGxquh.exe
  2⤵
  PID:7620
- C:\Windows\System\jnJqjTX.exe
  C:\Windows\System\jnJqjTX.exe
  2⤵
  PID:7644
- C:\Windows\System\oflpGBe.exe
  C:\Windows\System\oflpGBe.exe
  2⤵
  PID:7692
- C:\Windows\System\nbNhcKx.exe
  C:\Windows\System\nbNhcKx.exe
  2⤵
  PID:7732
- C:\Windows\System\UeHQnLj.exe
  C:\Windows\System\UeHQnLj.exe
  2⤵
  PID:7776
- C:\Windows\System\cBFAkeB.exe
  C:\Windows\System\cBFAkeB.exe
  2⤵
  PID:7716
- C:\Windows\System\aRIicFC.exe
  C:\Windows\System\aRIicFC.exe
  2⤵
  PID:7852
- C:\Windows\System\DUICRTm.exe
  C:\Windows\System\DUICRTm.exe
  2⤵
  PID:7840
- C:\Windows\System\CvkjPxY.exe
  C:\Windows\System\CvkjPxY.exe
  2⤵
  PID:7888
- C:\Windows\System\dIeQMpU.exe
  C:\Windows\System\dIeQMpU.exe
  2⤵
  PID:7876
- C:\Windows\System\VHCCbQy.exe
  C:\Windows\System\VHCCbQy.exe
  2⤵
  PID:7976
- C:\Windows\System\fcNxgJl.exe
  C:\Windows\System\fcNxgJl.exe
  2⤵
  PID:8016
- C:\Windows\System\MPgSPeY.exe
  C:\Windows\System\MPgSPeY.exe
  2⤵
  PID:8000
- C:\Windows\System\sPEHmXR.exe
  C:\Windows\System\sPEHmXR.exe
  2⤵
  PID:8068
- C:\Windows\System\YMWTfDu.exe
  C:\Windows\System\YMWTfDu.exe
  2⤵
  PID:8040
- C:\Windows\System\xYDqFCi.exe
  C:\Windows\System\xYDqFCi.exe
  2⤵
  PID:8172
- C:\Windows\System\ZvNUzVE.exe
  C:\Windows\System\ZvNUzVE.exe
  2⤵
  PID:8104
- C:\Windows\System\cdiGqnB.exe
  C:\Windows\System\cdiGqnB.exe
  2⤵
  PID:8188
- C:\Windows\System\PmxRpBQ.exe
  C:\Windows\System\PmxRpBQ.exe
  2⤵
  PID:7280
- C:\Windows\System\KOSSoKd.exe
  C:\Windows\System\KOSSoKd.exe
  2⤵
  PID:7172
- C:\Windows\System\ISVRBhQ.exe
  C:\Windows\System\ISVRBhQ.exe
  2⤵
  PID:6204
- C:\Windows\System\AGuPxAF.exe
  C:\Windows\System\AGuPxAF.exe
  2⤵
  PID:7320
- C:\Windows\System\JnChJLW.exe
  C:\Windows\System\JnChJLW.exe
  2⤵
  PID:7420
- C:\Windows\System\vNmguwq.exe
  C:\Windows\System\vNmguwq.exe
  2⤵
  PID:7556
- C:\Windows\System\VzWyLTx.exe
  C:\Windows\System\VzWyLTx.exe
  2⤵
  PID:7572
- C:\Windows\System\FjAbyJA.exe
  C:\Windows\System\FjAbyJA.exe
  2⤵
  PID:7672
- C:\Windows\System\nwoyZKX.exe
  C:\Windows\System\nwoyZKX.exe
  2⤵
  PID:6988
- C:\Windows\System\eQmptjS.exe
  C:\Windows\System\eQmptjS.exe
  2⤵
  PID:7444
- C:\Windows\System\zngaBwl.exe
  C:\Windows\System\zngaBwl.exe
  2⤵
  PID:7604
- C:\Windows\System\ZVKLpGJ.exe
  C:\Windows\System\ZVKLpGJ.exe
  2⤵
  PID:7908
- C:\Windows\System\rPQnrWx.exe
  C:\Windows\System\rPQnrWx.exe
  2⤵
  PID:7752
- C:\Windows\System\oOsbhYN.exe
  C:\Windows\System\oOsbhYN.exe
  2⤵
  PID:7940
- C:\Windows\System\MKEOSAN.exe
  C:\Windows\System\MKEOSAN.exe
  2⤵
  PID:7924
- C:\Windows\System\HfIBRSv.exe
  C:\Windows\System\HfIBRSv.exe
  2⤵
  PID:8036
- C:\Windows\System\cWkPlAL.exe
  C:\Windows\System\cWkPlAL.exe
  2⤵
  PID:8052
- C:\Windows\System\acSqAgs.exe
  C:\Windows\System\acSqAgs.exe
  2⤵
  PID:8072
- C:\Windows\System\zLwUPFL.exe
  C:\Windows\System\zLwUPFL.exe
  2⤵
  PID:7208
- C:\Windows\System\MLcWmTs.exe
  C:\Windows\System\MLcWmTs.exe
  2⤵
  PID:6472
- C:\Windows\System\jZEBFxa.exe
  C:\Windows\System\jZEBFxa.exe
  2⤵
  PID:7500
- C:\Windows\System\vLFYIAh.exe
  C:\Windows\System\vLFYIAh.exe
  2⤵
  PID:7412
- C:\Windows\System\DCTbVfR.exe
  C:\Windows\System\DCTbVfR.exe
  2⤵
  PID:7340
- C:\Windows\System\AXuASko.exe
  C:\Windows\System\AXuASko.exe
  2⤵
  PID:7700
- C:\Windows\System\pIXyVtf.exe
  C:\Windows\System\pIXyVtf.exe
  2⤵
  PID:7600
- C:\Windows\System\cucMNax.exe
  C:\Windows\System\cucMNax.exe
  2⤵
  PID:7764
- C:\Windows\System\ilAncia.exe
  C:\Windows\System\ilAncia.exe
  2⤵
  PID:7968
- C:\Windows\System\oLOzAyM.exe
  C:\Windows\System\oLOzAyM.exe
  2⤵
  PID:8152
- C:\Windows\System\FarOCnP.exe
  C:\Windows\System\FarOCnP.exe
  2⤵
  PID:8164
- C:\Windows\System\CHpwObG.exe
  C:\Windows\System\CHpwObG.exe
  2⤵
  PID:7928
- C:\Windows\System\IMTkTvV.exe
  C:\Windows\System\IMTkTvV.exe
  2⤵
  PID:8184
- C:\Windows\System\rweHLcA.exe
  C:\Windows\System\rweHLcA.exe
  2⤵
  PID:7244
- C:\Windows\System\HYWDgvm.exe
  C:\Windows\System\HYWDgvm.exe
  2⤵
  PID:7616
- C:\Windows\System\ajdLZUt.exe
  C:\Windows\System\ajdLZUt.exe
  2⤵
  PID:7860
- C:\Windows\System\dbzLcaz.exe
  C:\Windows\System\dbzLcaz.exe
  2⤵
  PID:7476
- C:\Windows\System\JnuywoP.exe
  C:\Windows\System\JnuywoP.exe
  2⤵
  PID:7204
- C:\Windows\System\WzMbera.exe
  C:\Windows\System\WzMbera.exe
  2⤵
  PID:7912
- C:\Windows\System\XIUDBxD.exe
  C:\Windows\System\XIUDBxD.exe
  2⤵
  PID:7256
- C:\Windows\System\dxrbQDH.exe
  C:\Windows\System\dxrbQDH.exe
  2⤵
  PID:7720
- C:\Windows\System\qeBCULW.exe
  C:\Windows\System\qeBCULW.exe
  2⤵
  PID:7792
- C:\Windows\System\kRarRWn.exe
  C:\Windows\System\kRarRWn.exe
  2⤵
  PID:7388
- C:\Windows\System\HDbsFkm.exe
  C:\Windows\System\HDbsFkm.exe
  2⤵
  PID:7568
- C:\Windows\System\lgOlnnu.exe
  C:\Windows\System\lgOlnnu.exe
  2⤵
  PID:7192
- C:\Windows\System\PfNbdSU.exe
  C:\Windows\System\PfNbdSU.exe
  2⤵
  PID:7836
- C:\Windows\System\wtXRiIm.exe
  C:\Windows\System\wtXRiIm.exe
  2⤵
  PID:7816
- C:\Windows\System\FcOdGLY.exe
  C:\Windows\System\FcOdGLY.exe
  2⤵
  PID:8216
- C:\Windows\System\iQcotrT.exe
  C:\Windows\System\iQcotrT.exe
  2⤵
  PID:8236
- C:\Windows\System\EbdOcXz.exe
  C:\Windows\System\EbdOcXz.exe
  2⤵
  PID:8252
- C:\Windows\System\HYNLfNT.exe
  C:\Windows\System\HYNLfNT.exe
  2⤵
  PID:8276
- C:\Windows\System\USZgjDz.exe
  C:\Windows\System\USZgjDz.exe
  2⤵
  PID:8296
- C:\Windows\System\urhtwgT.exe
  C:\Windows\System\urhtwgT.exe
  2⤵
  PID:8312
- C:\Windows\System\FBboYkg.exe
  C:\Windows\System\FBboYkg.exe
  2⤵
  PID:8332
- C:\Windows\System\tPgBwFP.exe
  C:\Windows\System\tPgBwFP.exe
  2⤵
  PID:8352
- C:\Windows\System\HPAFcRV.exe
  C:\Windows\System\HPAFcRV.exe
  2⤵
  PID:8380
- C:\Windows\System\ZPuzAkz.exe
  C:\Windows\System\ZPuzAkz.exe
  2⤵
  PID:8400
- C:\Windows\System\LEzZSMU.exe
  C:\Windows\System\LEzZSMU.exe
  2⤵
  PID:8440
- C:\Windows\System\pdvAoMv.exe
  C:\Windows\System\pdvAoMv.exe
  2⤵
  PID:8456
- C:\Windows\System\CGTAygi.exe
  C:\Windows\System\CGTAygi.exe
  2⤵
  PID:8476
- C:\Windows\System\DFWwFGC.exe
  C:\Windows\System\DFWwFGC.exe
  2⤵
  PID:8496
- C:\Windows\System\vOeBlzW.exe
  C:\Windows\System\vOeBlzW.exe
  2⤵
  PID:8512
- C:\Windows\System\vopEGlZ.exe
  C:\Windows\System\vopEGlZ.exe
  2⤵
  PID:8536
- C:\Windows\System\hYAqops.exe
  C:\Windows\System\hYAqops.exe
  2⤵
  PID:8552
- C:\Windows\System\rGgSMti.exe
  C:\Windows\System\rGgSMti.exe
  2⤵
  PID:8568
- C:\Windows\System\pwlXYwa.exe
  C:\Windows\System\pwlXYwa.exe
  2⤵
  PID:8596
- C:\Windows\System\jHQFHop.exe
  C:\Windows\System\jHQFHop.exe
  2⤵
  PID:8612
- C:\Windows\System\sYhHMkS.exe
  C:\Windows\System\sYhHMkS.exe
  2⤵
  PID:8636
- C:\Windows\System\VhSBymw.exe
  C:\Windows\System\VhSBymw.exe
  2⤵
  PID:8652
- C:\Windows\System\gZPRhUD.exe
  C:\Windows\System\gZPRhUD.exe
  2⤵
  PID:8672
- C:\Windows\System\CpndbBw.exe
  C:\Windows\System\CpndbBw.exe
  2⤵
  PID:8696
- C:\Windows\System\VjbULXv.exe
  C:\Windows\System\VjbULXv.exe
  2⤵
  PID:8724
- C:\Windows\System\cPaFtcQ.exe
  C:\Windows\System\cPaFtcQ.exe
  2⤵
  PID:8740
- C:\Windows\System\nFgYgYD.exe
  C:\Windows\System\nFgYgYD.exe
  2⤵
  PID:8764
- C:\Windows\System\MABUnfZ.exe
  C:\Windows\System\MABUnfZ.exe
  2⤵
  PID:8780
- C:\Windows\System\CKdmUVA.exe
  C:\Windows\System\CKdmUVA.exe
  2⤵
  PID:8796
- C:\Windows\System\UFsiuAN.exe
  C:\Windows\System\UFsiuAN.exe
  2⤵
  PID:8816
- C:\Windows\System\WCMGyrU.exe
  C:\Windows\System\WCMGyrU.exe
  2⤵
  PID:8836
- C:\Windows\System\EYIvJme.exe
  C:\Windows\System\EYIvJme.exe
  2⤵
  PID:8856
- C:\Windows\System\rhgcXce.exe
  C:\Windows\System\rhgcXce.exe
  2⤵
  PID:8876
- C:\Windows\System\FgIOiyO.exe
  C:\Windows\System\FgIOiyO.exe
  2⤵
  PID:8892
- C:\Windows\System\nHedZzN.exe
  C:\Windows\System\nHedZzN.exe
  2⤵
  PID:8908
- C:\Windows\System\ytoIdkC.exe
  C:\Windows\System\ytoIdkC.exe
  2⤵
  PID:8928
- C:\Windows\System\OvfWHaA.exe
  C:\Windows\System\OvfWHaA.exe
  2⤵
  PID:8944
- C:\Windows\System\qiKmusT.exe
  C:\Windows\System\qiKmusT.exe
  2⤵
  PID:8964
- C:\Windows\System\FbtYfrD.exe
  C:\Windows\System\FbtYfrD.exe
  2⤵
  PID:8984
- C:\Windows\System\zBbJrvc.exe
  C:\Windows\System\zBbJrvc.exe
  2⤵
  PID:9008
- C:\Windows\System\IUiaSBe.exe
  C:\Windows\System\IUiaSBe.exe
  2⤵
  PID:9040
- C:\Windows\System\QdZTcpK.exe
  C:\Windows\System\QdZTcpK.exe
  2⤵
  PID:9064
- C:\Windows\System\fZCnLKU.exe
  C:\Windows\System\fZCnLKU.exe
  2⤵
  PID:9080
- C:\Windows\System\xjSgXbT.exe
  C:\Windows\System\xjSgXbT.exe
  2⤵
  PID:9096
- C:\Windows\System\YhJYwYu.exe
  C:\Windows\System\YhJYwYu.exe
  2⤵
  PID:9120
- C:\Windows\System\fOUxhee.exe
  C:\Windows\System\fOUxhee.exe
  2⤵
  PID:9140
- C:\Windows\System\cgsMpqW.exe
  C:\Windows\System\cgsMpqW.exe
  2⤵
  PID:9172
- C:\Windows\System\LZbTdRg.exe
  C:\Windows\System\LZbTdRg.exe
  2⤵
  PID:9188
- C:\Windows\System\FIcshTA.exe
  C:\Windows\System\FIcshTA.exe
  2⤵
  PID:9204
- C:\Windows\System\SUvPUBL.exe
  C:\Windows\System\SUvPUBL.exe
  2⤵
  PID:7704
- C:\Windows\System\TPjAdyP.exe
  C:\Windows\System\TPjAdyP.exe
  2⤵
  PID:8120
- C:\Windows\System\okFmQSU.exe
  C:\Windows\System\okFmQSU.exe
  2⤵
  PID:8228
- C:\Windows\System\rNCgFbM.exe
  C:\Windows\System\rNCgFbM.exe
  2⤵
  PID:8272
- C:\Windows\System\cgkermb.exe
  C:\Windows\System\cgkermb.exe
  2⤵
  PID:8304
- C:\Windows\System\FKBZRJM.exe
  C:\Windows\System\FKBZRJM.exe
  2⤵
  PID:8360
- C:\Windows\System\EvvaawR.exe
  C:\Windows\System\EvvaawR.exe
  2⤵
  PID:8372
- C:\Windows\System\roduRTF.exe
  C:\Windows\System\roduRTF.exe
  2⤵
  PID:8424
- C:\Windows\System\qRPxQMf.exe
  C:\Windows\System\qRPxQMf.exe
  2⤵
  PID:8436
- C:\Windows\System\lukxAlm.exe
  C:\Windows\System\lukxAlm.exe
  2⤵
  PID:8472
- C:\Windows\System\JlFpIgw.exe
  C:\Windows\System\JlFpIgw.exe
  2⤵
  PID:8492
- C:\Windows\System\Alcjucd.exe
  C:\Windows\System\Alcjucd.exe
  2⤵
  PID:8524
- C:\Windows\System\spzGjXl.exe
  C:\Windows\System\spzGjXl.exe
  2⤵
  PID:8580
- C:\Windows\System\WqkpBDE.exe
  C:\Windows\System\WqkpBDE.exe
  2⤵
  PID:8620
- C:\Windows\System\sRUFpFZ.exe
  C:\Windows\System\sRUFpFZ.exe
  2⤵
  PID:8644
- C:\Windows\System\EjAndZZ.exe
  C:\Windows\System\EjAndZZ.exe
  2⤵
  PID:8688
- C:\Windows\System\WLWclez.exe
  C:\Windows\System\WLWclez.exe
  2⤵
  PID:8416
- C:\Windows\System\vfHaZZN.exe
  C:\Windows\System\vfHaZZN.exe
  2⤵
  PID:8756
- C:\Windows\System\XalTqwP.exe
  C:\Windows\System\XalTqwP.exe
  2⤵
  PID:8776
- C:\Windows\System\vxcgCqk.exe
  C:\Windows\System\vxcgCqk.exe
  2⤵
  PID:8864
- C:\Windows\System\GcDhVig.exe
  C:\Windows\System\GcDhVig.exe
  2⤵
  PID:8904
- C:\Windows\System\eBSiadS.exe
  C:\Windows\System\eBSiadS.exe
  2⤵
  PID:9016
- C:\Windows\System\ydWjnHF.exe
  C:\Windows\System\ydWjnHF.exe
  2⤵
  PID:9036
- C:\Windows\System\jLcXlan.exe
  C:\Windows\System\jLcXlan.exe
  2⤵
  PID:8844
- C:\Windows\System\TdQiqNB.exe
  C:\Windows\System\TdQiqNB.exe
  2⤵
  PID:8916
- C:\Windows\System\XYKKxFt.exe
  C:\Windows\System\XYKKxFt.exe
  2⤵
  PID:8956
- C:\Windows\System\UoQwDML.exe
  C:\Windows\System\UoQwDML.exe
  2⤵
  PID:9076
- C:\Windows\System\niLWLEb.exe
  C:\Windows\System\niLWLEb.exe
  2⤵
  PID:9056
- C:\Windows\System\HlvCSzx.exe
  C:\Windows\System\HlvCSzx.exe
  2⤵
  PID:9128
- C:\Windows\System\ZZEhRPR.exe
  C:\Windows\System\ZZEhRPR.exe
  2⤵
  PID:8716
- C:\Windows\System\ozmJqTg.exe
  C:\Windows\System\ozmJqTg.exe
  2⤵
  PID:9184
- C:\Windows\System\gpCjNqC.exe
  C:\Windows\System\gpCjNqC.exe
  2⤵
  PID:7964
- C:\Windows\System\YeqCVcP.exe
  C:\Windows\System\YeqCVcP.exe
  2⤵
  PID:8244
- C:\Windows\System\QzLRWnn.exe
  C:\Windows\System\QzLRWnn.exe
  2⤵
  PID:8232
- C:\Windows\System\CurHjnI.exe
  C:\Windows\System\CurHjnI.exe
  2⤵
  PID:8412
- C:\Windows\System\XVIPQYA.exe
  C:\Windows\System\XVIPQYA.exe
  2⤵
  PID:8348
- C:\Windows\System\VvOybtM.exe
  C:\Windows\System\VvOybtM.exe
  2⤵
  PID:8396
- C:\Windows\System\YZUVrXP.exe
  C:\Windows\System\YZUVrXP.exe
  2⤵
  PID:8528
- C:\Windows\System\YOlxklr.exe
  C:\Windows\System\YOlxklr.exe
  2⤵
  PID:8564
- C:\Windows\System\jRtSulm.exe
  C:\Windows\System\jRtSulm.exe
  2⤵
  PID:8488
- C:\Windows\System\yhTWHlt.exe
  C:\Windows\System\yhTWHlt.exe
  2⤵
  PID:8632
- C:\Windows\System\WOOBPZH.exe
  C:\Windows\System\WOOBPZH.exe
  2⤵
  PID:8732
- C:\Windows\System\AYTPoql.exe
  C:\Windows\System\AYTPoql.exe
  2⤵
  PID:8736
- C:\Windows\System\VSVirHP.exe
  C:\Windows\System\VSVirHP.exe
  2⤵
  PID:8972
- C:\Windows\System\eOjTyMm.exe
  C:\Windows\System\eOjTyMm.exe
  2⤵
  PID:8900
- C:\Windows\System\OAorAnh.exe
  C:\Windows\System\OAorAnh.exe
  2⤵
  PID:9020
- C:\Windows\System\XQjzsIw.exe
  C:\Windows\System\XQjzsIw.exe
  2⤵
  PID:8924
- C:\Windows\System\VuUjTkX.exe
  C:\Windows\System\VuUjTkX.exe
  2⤵
  PID:9072
- C:\Windows\System\FMxwnDZ.exe
  C:\Windows\System\FMxwnDZ.exe
  2⤵
  PID:9136
- C:\Windows\System\YuFCeFF.exe
  C:\Windows\System\YuFCeFF.exe
  2⤵
  PID:9180
- C:\Windows\System\DGAzvPD.exe
  C:\Windows\System\DGAzvPD.exe
  2⤵
  PID:8056
- C:\Windows\System\INTlepM.exe
  C:\Windows\System\INTlepM.exe
  2⤵
  PID:8248
- C:\Windows\System\roPNxsp.exe
  C:\Windows\System\roPNxsp.exe
  2⤵
  PID:8428
- C:\Windows\System\OACzSyA.exe
  C:\Windows\System\OACzSyA.exe
  2⤵
  PID:8576
- C:\Windows\System\dIIJMIC.exe
  C:\Windows\System\dIIJMIC.exe
  2⤵
  PID:8432
- C:\Windows\System\KDfrdGJ.exe
  C:\Windows\System\KDfrdGJ.exe
  2⤵
  PID:7144
- C:\Windows\System\sdTVJux.exe
  C:\Windows\System\sdTVJux.exe
  2⤵
  PID:7028
- C:\Windows\System\kmJGDFV.exe
  C:\Windows\System\kmJGDFV.exe
  2⤵
  PID:8832
- C:\Windows\System\oOOFvgi.exe
  C:\Windows\System\oOOFvgi.exe
  2⤵
  PID:8868
- C:\Windows\System\erNxniU.exe
  C:\Windows\System\erNxniU.exe
  2⤵
  PID:9052
- C:\Windows\System\qWKnagn.exe
  C:\Windows\System\qWKnagn.exe
  2⤵
  PID:9116
- C:\Windows\System\FGrEINX.exe
  C:\Windows\System\FGrEINX.exe
  2⤵
  PID:9156
- C:\Windows\System\OwmlYEW.exe
  C:\Windows\System\OwmlYEW.exe
  2⤵
  PID:9164
- C:\Windows\System\BtlzrOF.exe
  C:\Windows\System\BtlzrOF.exe
  2⤵
  PID:8308
- C:\Windows\System\fcIUfKT.exe
  C:\Windows\System\fcIUfKT.exe
  2⤵
  PID:8604
- C:\Windows\System\lNSBuhL.exe
  C:\Windows\System\lNSBuhL.exe
  2⤵
  PID:8684
- C:\Windows\System\FFFkWvp.exe
  C:\Windows\System\FFFkWvp.exe
  2⤵
  PID:8760
- C:\Windows\System\xtmgREx.exe
  C:\Windows\System\xtmgREx.exe
  2⤵
  PID:8976
- C:\Windows\System\sUjdaXn.exe
  C:\Windows\System\sUjdaXn.exe
  2⤵
  PID:8592
- C:\Windows\System\BTsOXeQ.exe
  C:\Windows\System\BTsOXeQ.exe
  2⤵
  PID:9212
- C:\Windows\System\baFMuGU.exe
  C:\Windows\System\baFMuGU.exe
  2⤵
  PID:8368
- C:\Windows\System\WJDvzlC.exe
  C:\Windows\System\WJDvzlC.exe
  2⤵
  PID:8680
- C:\Windows\System\SptFqgS.exe
  C:\Windows\System\SptFqgS.exe
  2⤵
  PID:8852
- C:\Windows\System\BcxoQES.exe
  C:\Windows\System\BcxoQES.exe
  2⤵
  PID:9160
- C:\Windows\System\tNBJGdo.exe
  C:\Windows\System\tNBJGdo.exe
  2⤵
  PID:8484
- C:\Windows\System\svgFnps.exe
  C:\Windows\System\svgFnps.exe
  2⤵
  PID:9032
- C:\Windows\System\iSfLfkc.exe
  C:\Windows\System\iSfLfkc.exe
  2⤵
  PID:8560
- C:\Windows\System\wDsZafD.exe
  C:\Windows\System\wDsZafD.exe
  2⤵
  PID:8824
- C:\Windows\System\qEshbnR.exe
  C:\Windows\System\qEshbnR.exe
  2⤵
  PID:9220
- C:\Windows\System\uUXDiVM.exe
  C:\Windows\System\uUXDiVM.exe
  2⤵
  PID:9240
- C:\Windows\System\aPZLDxK.exe
  C:\Windows\System\aPZLDxK.exe
  2⤵
  PID:9260
- C:\Windows\System\jmcvljS.exe
  C:\Windows\System\jmcvljS.exe
  2⤵
  PID:9276
- C:\Windows\System\WVOJvPu.exe
  C:\Windows\System\WVOJvPu.exe
  2⤵
  PID:9296
- C:\Windows\System\AalrNpT.exe
  C:\Windows\System\AalrNpT.exe
  2⤵
  PID:9320
- C:\Windows\System\krGqeZG.exe
  C:\Windows\System\krGqeZG.exe
  2⤵
  PID:9340
- C:\Windows\System\abuPSlS.exe
  C:\Windows\System\abuPSlS.exe
  2⤵
  PID:9360
- C:\Windows\System\hFqhztc.exe
  C:\Windows\System\hFqhztc.exe
  2⤵
  PID:9376
- C:\Windows\System\SMFPnOT.exe
  C:\Windows\System\SMFPnOT.exe
  2⤵
  PID:9396
- C:\Windows\System\FvGfGqp.exe
  C:\Windows\System\FvGfGqp.exe
  2⤵
  PID:9412
- C:\Windows\System\Rawzjee.exe
  C:\Windows\System\Rawzjee.exe
  2⤵
  PID:9432
- C:\Windows\System\fUeqsvh.exe
  C:\Windows\System\fUeqsvh.exe
  2⤵
  PID:9452
- C:\Windows\System\GqWdoVZ.exe
  C:\Windows\System\GqWdoVZ.exe
  2⤵
  PID:9472
- C:\Windows\System\cpLczJl.exe
  C:\Windows\System\cpLczJl.exe
  2⤵
  PID:9504
- C:\Windows\System\zebQSJz.exe
  C:\Windows\System\zebQSJz.exe
  2⤵
  PID:9520
- C:\Windows\System\ORSGZjg.exe
  C:\Windows\System\ORSGZjg.exe
  2⤵
  PID:9540
- C:\Windows\System\zIJfvzO.exe
  C:\Windows\System\zIJfvzO.exe
  2⤵
  PID:9556
- C:\Windows\System\djSRBKH.exe
  C:\Windows\System\djSRBKH.exe
  2⤵
  PID:9572
- C:\Windows\System\NdYijbR.exe
  C:\Windows\System\NdYijbR.exe
  2⤵
  PID:9596
- C:\Windows\System\FxDsMQn.exe
  C:\Windows\System\FxDsMQn.exe
  2⤵
  PID:9612
- C:\Windows\System\UtVUrRi.exe
  C:\Windows\System\UtVUrRi.exe
  2⤵
  PID:9628
- C:\Windows\System\yBNOkwE.exe
  C:\Windows\System\yBNOkwE.exe
  2⤵
  PID:9652
- C:\Windows\System\fTSvadS.exe
  C:\Windows\System\fTSvadS.exe
  2⤵
  PID:9668
- C:\Windows\System\gOnWKeb.exe
  C:\Windows\System\gOnWKeb.exe
  2⤵
  PID:9688
- C:\Windows\System\oVIyvOs.exe
  C:\Windows\System\oVIyvOs.exe
  2⤵
  PID:9708
- C:\Windows\System\AMpCYUB.exe
  C:\Windows\System\AMpCYUB.exe
  2⤵
  PID:9732
- C:\Windows\System\vfjOFrj.exe
  C:\Windows\System\vfjOFrj.exe
  2⤵
  PID:9752
- C:\Windows\System\XxdwSgM.exe
  C:\Windows\System\XxdwSgM.exe
  2⤵
  PID:9780
- C:\Windows\System\llhbqOm.exe
  C:\Windows\System\llhbqOm.exe
  2⤵
  PID:9796
- C:\Windows\System\GSMkRqk.exe
  C:\Windows\System\GSMkRqk.exe
  2⤵
  PID:9812
- C:\Windows\System\rbAexSV.exe
  C:\Windows\System\rbAexSV.exe
  2⤵
  PID:9828
- C:\Windows\System\QntDCHe.exe
  C:\Windows\System\QntDCHe.exe
  2⤵
  PID:9864
- C:\Windows\System\vDBFhaN.exe
  C:\Windows\System\vDBFhaN.exe
  2⤵
  PID:9888
- C:\Windows\System\loDDGbn.exe
  C:\Windows\System\loDDGbn.exe
  2⤵
  PID:9904
- C:\Windows\System\zJkiicF.exe
  C:\Windows\System\zJkiicF.exe
  2⤵
  PID:9920
- C:\Windows\System\wUGwOxf.exe
  C:\Windows\System\wUGwOxf.exe
  2⤵
  PID:9944
- C:\Windows\System\zqRFISl.exe
  C:\Windows\System\zqRFISl.exe
  2⤵
  PID:9960
- C:\Windows\System\dVysjWT.exe
  C:\Windows\System\dVysjWT.exe
  2⤵
  PID:9976
- C:\Windows\System\jXApqUs.exe
  C:\Windows\System\jXApqUs.exe
  2⤵
  PID:10004
- C:\Windows\System\wygCuZV.exe
  C:\Windows\System\wygCuZV.exe
  2⤵
  PID:10020
- C:\Windows\System\zDMaGCz.exe
  C:\Windows\System\zDMaGCz.exe
  2⤵
  PID:10036
- C:\Windows\System\Afaloun.exe
  C:\Windows\System\Afaloun.exe
  2⤵
  PID:10052
- C:\Windows\System\qinFbZv.exe
  C:\Windows\System\qinFbZv.exe
  2⤵
  PID:10068
- C:\Windows\System\WDyUFoo.exe
  C:\Windows\System\WDyUFoo.exe
  2⤵
  PID:10088
- C:\Windows\System\KQbmGOf.exe
  C:\Windows\System\KQbmGOf.exe
  2⤵
  PID:10108
- C:\Windows\System\axrdjzB.exe
  C:\Windows\System\axrdjzB.exe
  2⤵
  PID:10136
- C:\Windows\System\hmGuUPi.exe
  C:\Windows\System\hmGuUPi.exe
  2⤵
  PID:10156
- C:\Windows\System\PqrWzEM.exe
  C:\Windows\System\PqrWzEM.exe
  2⤵
  PID:10180
- C:\Windows\System\kACsqks.exe
  C:\Windows\System\kACsqks.exe
  2⤵
  PID:10200
- C:\Windows\System\YOyovau.exe
  C:\Windows\System\YOyovau.exe
  2⤵
  PID:10216
- C:\Windows\System\QaELoRj.exe
  C:\Windows\System\QaELoRj.exe
  2⤵
  PID:10232
- C:\Windows\System\qjxDCYJ.exe
  C:\Windows\System\qjxDCYJ.exe
  2⤵
  PID:8264
- C:\Windows\System\hxUxMNV.exe
  C:\Windows\System\hxUxMNV.exe
  2⤵
  PID:9268
- C:\Windows\System\GXxvcUE.exe
  C:\Windows\System\GXxvcUE.exe
  2⤵
  PID:9292
- C:\Windows\System\wpRdDCD.exe
  C:\Windows\System\wpRdDCD.exe
  2⤵
  PID:9332
- C:\Windows\System\gwSipWM.exe
  C:\Windows\System\gwSipWM.exe
  2⤵
  PID:9352
- C:\Windows\System\xAWCzat.exe
  C:\Windows\System\xAWCzat.exe
  2⤵
  PID:9392
- C:\Windows\System\xvXclfT.exe
  C:\Windows\System\xvXclfT.exe
  2⤵
  PID:9448
- C:\Windows\System\bueMEEC.exe
  C:\Windows\System\bueMEEC.exe
  2⤵
  PID:9464
- C:\Windows\System\EnqcAxa.exe
  C:\Windows\System\EnqcAxa.exe
  2⤵
  PID:9496
- C:\Windows\System\wQbInPz.exe
  C:\Windows\System\wQbInPz.exe
  2⤵
  PID:9536
- C:\Windows\System\YiqgCeU.exe
  C:\Windows\System\YiqgCeU.exe
  2⤵
  PID:9660
- C:\Windows\System\eMoLFmk.exe
  C:\Windows\System\eMoLFmk.exe
  2⤵
  PID:9568
- C:\Windows\System\pfzGYaO.exe
  C:\Windows\System\pfzGYaO.exe
  2⤵
  PID:9564
- C:\Windows\System\YfadpVu.exe
  C:\Windows\System\YfadpVu.exe
  2⤵
  PID:9676
- C:\Windows\System\uPVkTuj.exe
  C:\Windows\System\uPVkTuj.exe
  2⤵
  PID:9788
- C:\Windows\System\dwQnZHV.exe
  C:\Windows\System\dwQnZHV.exe
  2⤵
  PID:9772
- C:\Windows\System\JWfJhxv.exe
  C:\Windows\System\JWfJhxv.exe
  2⤵
  PID:9848
- C:\Windows\System\CvxjTqO.exe
  C:\Windows\System\CvxjTqO.exe
  2⤵
  PID:9884
- C:\Windows\System\nqNLalY.exe
  C:\Windows\System\nqNLalY.exe
  2⤵
  PID:9916
- C:\Windows\System\DmqejJh.exe
  C:\Windows\System\DmqejJh.exe
  2⤵
  PID:9952
- C:\Windows\System\VFqcdtz.exe
  C:\Windows\System\VFqcdtz.exe
  2⤵
  PID:10012
- C:\Windows\System\pHzkTGX.exe
  C:\Windows\System\pHzkTGX.exe
  2⤵
  PID:10016
- C:\Windows\System\HrhunuU.exe
  C:\Windows\System\HrhunuU.exe
  2⤵
  PID:10044
- C:\Windows\System\woBIQRo.exe
  C:\Windows\System\woBIQRo.exe
  2⤵
  PID:10128
- C:\Windows\System\xypKuVy.exe
  C:\Windows\System\xypKuVy.exe
  2⤵
  PID:10188
- C:\Windows\System\KQLosoU.exe
  C:\Windows\System\KQLosoU.exe
  2⤵
  PID:10228
- C:\Windows\System\ULFiPRF.exe
  C:\Windows\System\ULFiPRF.exe
  2⤵
  PID:9252
- C:\Windows\System\xgjRuzk.exe
  C:\Windows\System\xgjRuzk.exe
  2⤵
  PID:10168
- C:\Windows\System\JiIfLnV.exe
  C:\Windows\System\JiIfLnV.exe
  2⤵
  PID:8788
- C:\Windows\System\CDMZDSJ.exe
  C:\Windows\System\CDMZDSJ.exe
  2⤵
  PID:10212
- C:\Windows\System\uxyZech.exe
  C:\Windows\System\uxyZech.exe
  2⤵
  PID:9424
- C:\Windows\System\zJLsoMU.exe
  C:\Windows\System\zJLsoMU.exe
  2⤵
  PID:9408
- C:\Windows\System\EWwOmQM.exe
  C:\Windows\System\EWwOmQM.exe
  2⤵
  PID:9488
- C:\Windows\System\PVcFany.exe
  C:\Windows\System\PVcFany.exe
  2⤵
  PID:9580
- C:\Windows\System\BpebsIG.exe
  C:\Windows\System\BpebsIG.exe
  2⤵
  PID:9696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BTKbdwg.exe

Filesize
6.0MB

MD5
7ba6183f009efff8c8599f350345ded0

SHA1
de120f38a80950d47c8db01642e4ffeeeca41fa3

SHA256
b059384d5857dd6b2610209806aa7aec7d09d1fd62f75a5e186d11115045a244

SHA512
9a696f5f7e3dc0d89c37c8ce688a0ee81c26eca42a3cc5b360e26736e8aaea82aa4383d18385b87d3005cd368193fa53bce5e238fc28bced8fd8657c212ebfb1

Download Submit
C:\Windows\system\BpJoWtI.exe

Filesize
6.0MB

MD5
c427d980d394fceff51bcd73042bf856

SHA1
46313313e84b667c2efbdb903906efb1ab6b36f5

SHA256
36108d789706733f5419548d99b6b68b0e6723ddcb4c0cba9a87d469cee2e4d8

SHA512
6d59e617d8d874e528ba48a7f74ef9374fe3d584b6faca9758ad12dd5ad085814eed11c5a9c1c56583ad0319311c76ef130f7031ee0156741bf592b6806cb343

Download Submit
C:\Windows\system\FaJCpMB.exe

Filesize
6.0MB

MD5
75c8cfc75db608acd54763e6f477093f

SHA1
8804f101785739e833371c71782168a3153ed4d7

SHA256
614caca67cf3a0ed57a9c3be18ddad46725cd24f8e834646024cca2aa8011907

SHA512
ff9e9fa939c059dc6d02374cfa815d3fd86b67822bd9f7f2725f02b390daba5dcf65783cef430a03cfb69b768d5217d47c49d85912ea190e60faebb040ed6fef

Download Submit
C:\Windows\system\FoqpLUO.exe

Filesize
8B

MD5
2e44aa507959b1bce97f8f21d37609c5

SHA1
873c017c84db9d139743c00ad0377a752577ee1f

SHA256
e9d77b03259d4a224bd233da4004dc6f1c60d59542c36f1a26a6a33348c54a78

SHA512
fb25f4b7fd4b162d83cbab07ce22debea6df8776184290940e7b5722719fbf28a520034531bfc7ffe4699052391dffd3300477e9c2eae5eebbd2c09f9fcebd90

Download Submit
C:\Windows\system\FwSzcbh.exe

Filesize
6.0MB

MD5
482cb3e94f27780adaff47662169e37f

SHA1
961de5e5af8dabde7c1fea9295b4448e6e5b80c1

SHA256
f864c4f9497319dfe0fff090bc75d393840ae1c3da0a21ae9157d1ea355f6313

SHA512
949cff82824e4b602342c5287f0ee5c3ded67974f15663c379391c45b6d159e3bb8eeef82277d750f28356dd8030032e8af431cc5c6a3aa77dd5251af2df8626

Download Submit
C:\Windows\system\HOyhvOF.exe

Filesize
6.0MB

MD5
26d907a017cd5e2cedefedc23ab137d6

SHA1
248ac07f5cee6a71bc1912ecc7fccbd4e7b6965a

SHA256
3abc945927f9f3fe6effb1d096ba44631e29838dd8b1dfcd9a8fa181ead46e30

SHA512
34e67f7cdda668c6690b1abdcd0f89720ea2462ed0bf1de8431407b81b15d12481feab4a5e77151865fff43b52f4f4576551106f78b5e6267e53e5c963531e01

Download Submit
C:\Windows\system\HdeShJN.exe

Filesize
6.0MB

MD5
cabc692f10ee96fc7b0768916f811c67

SHA1
ec5b2a2d2fc13bca90d67b0eb65d7b3d2dda2830

SHA256
fe1f3eeb557fa18a2a9929a44736d47ab866328af545cde8bacdcac13b137ff1

SHA512
fb5adc73d7ff6a2ef08c3b51a8de83888ceae8de92c918af15abe498aa572ed882f57b9d2440a5929a94fbd3d9d8ba447d6dd4bf2a6c95f2104e2c87d6fe55c5

Download Submit
C:\Windows\system\MrdCeEo.exe

Filesize
6.0MB

MD5
65750b83bb53333bc492018534351ae1

SHA1
2092460b4dc7182e4297a69e26824bd6286db254

SHA256
2647d84306dad59bb4fe32a9054c7b924f133ed9265e12874a36f10a982ab36f

SHA512
59508ac336db33af98ed4bf1ccc8754e94e7f6d252ad8cec7b18d801f5eab9282f388e7c82716698a896701dfd49d6f994091831460a99dc524245347129c280

Download Submit
C:\Windows\system\OSmXDkH.exe

Filesize
6.0MB

MD5
09af374b48f86b7722e7ed7cbf537118

SHA1
32e5c85422d71166266f3b33f12bf3a3e2b02567

SHA256
e73bd0dee2c23ca2c2d2a138560217d4176613b7f375fc8fd8bea36152ea1b37

SHA512
a6f6fe03c8c8d5a9d5bef8af176940a56d81ca108403d34cc8b974b520cc39b004c048e4dd05ef8046dbee32fdd44188013b0a9981a1e83e9f5f5dfd089154e9

Download Submit
C:\Windows\system\UVQcRjZ.exe

Filesize
6.0MB

MD5
64975e6091338e3ddd99fca8b46b61b8

SHA1
6edb272c23e25434ff7e985fbe0f48eec39823e8

SHA256
20494d5cf422e22f93c88054d1cd15e61a38c5e78c47cef8d500315d51de9867

SHA512
2cad972105fbcfc8ba615629d4bc31fb3f78125261c60601c11a6c2a033aec45bd1cc998ebdb47f3eb98691ef28d4b462b2b7fae64a7c7a8d0a29e0e97a5b033

Download Submit
C:\Windows\system\VQcPzzV.exe

Filesize
6.0MB

MD5
7d6b6977cafcd925f8ab2557a9abc75d

SHA1
1cd340d34b9dae661cc5f1d78f242fcbf53fa9d0

SHA256
1becc8be94d79e9134255b22113072e9b90f8bb5b235e7969f4c051760faecfa

SHA512
ad512a34977adac516509979194ee4badf69a0092841863ac11f436ecb3d62e3887d0d6e076a6674dcb1fb43ae8de520ab33a60ae37f4f2a8fc12766c7b60cde

Download Submit
C:\Windows\system\bzgzOGe.exe

Filesize
6.0MB

MD5
876bab6cb007609d3719eb699e708fca

SHA1
a5acde5bd1b2c5b2a3731151728c1d8450a37f00

SHA256
6576cc4217e01d1012aece082a5e5760b81ecb5d7bcc8c0e003db2ec2748358c

SHA512
e4bbb5a6b0913c27cca86e0ba2a5a605b0a3cd47a61e24d5de18a02e5c7f0f466cf2f7a785dd87ccd3620e35a065e135adeffa26fc1baf6e872584336516e505

Download Submit
C:\Windows\system\cXgpiaN.exe

Filesize
6.0MB

MD5
0391bf73d507af9fabdfad4ae9c7bfb0

SHA1
674f40e15e942ab8ff17e2afef09b468a8292ce5

SHA256
9c2273cd85086e7cb71474b2d257f5c5299fe770971cd46a148e300d128ef88e

SHA512
477583fa9397b7923d73c7db994e5fa75b20e70803be0ec179e3a0f3f70388a4d7696324fda381dc0e0188f904339af73de402adc835f2c0839f98a8584dc89e

Download Submit
C:\Windows\system\ddCMvtX.exe

Filesize
6.0MB

MD5
253b1d841bde427c455634612df3a4cc

SHA1
86b87866b730efa98187f35656822fe6a4108486

SHA256
49ee481f2f719c72d3ac282303edf8c36b8078ba58c375f24036cf7900af1570

SHA512
788a3dbc1886cdc6702b1d4f5661503988e015a90184885e82100729c436fbd50fc3b76b1848cda92faad53d497e04a4d72a6153adc50e0ad6a36acbfc3a5eea

Download Submit
C:\Windows\system\hPGzBBe.exe

Filesize
6.0MB

MD5
d41e4af4744bda1d8ac358da0c858bae

SHA1
bf82b93339060263e34644e0f4187a7643a6f22e

SHA256
d44b565bc45f71d311afb680b3d2a140f3fefcc28b407bbc3ec50875e52b38bb

SHA512
0ac6650bbcd2904e61c2e24976ecfc9e34add9cff5c7aa740a344579e725e892b8ace5d4b9d54c54dba3cc348e1e76f32ddcc81f91f31c40afed1abfefbf2048

Download Submit
C:\Windows\system\kIhxbLp.exe

Filesize
6.0MB

MD5
4bf00ad81b33510fcb04d1e87a7dbef6

SHA1
de1534157b0f93a3f9c1db97d69db3d3199fd016

SHA256
c5f2a6d4582bd5065138f7e54cb73fdf65fdc35290cada924d58bcd0cd91398b

SHA512
3d7d4eff0771f151dafc1ced1ffc5028e24ee93f808cb049e534dcd6fe31d267b8754d8c8cdf0f55caf91d0f01ce49c125eb6ea85a1358577e1abf3ecf67a91d

Download Submit
C:\Windows\system\kvgVbTE.exe

Filesize
6.0MB

MD5
39619f0358130664fd7591582ef591e4

SHA1
9aad7b89eefb4c7b37193b05c3cf28ac3cf3f896

SHA256
a7fe88e36bc82d89aadd4a180e9ad6f58dc48ac8829f16d76382f58889a038f7

SHA512
610beb4690a594f03a3fe2ad813ee5f5e06e364ac2f2a64d4838abf5eb6a2c65afaab8ea576b7ee98ff3eb00775c1f563098e9bdd73bd0abfdf1c14ba07742d9

Download Submit
C:\Windows\system\nyfySrn.exe

Filesize
6.0MB

MD5
b7de4930e66b7f39310daaab4e9642f5

SHA1
5f5bfd12211e271581b0cfbc815876dee890482f

SHA256
81c31d7f4226fbfee6cdc54a3c5c4d92219721d5ae49c7965db66658c8864ddd

SHA512
51c391d9b8e8ad3c82845687ee79dfd899c3fd0e71e538ba7d87d36b0c209cca725743bb9278add15de46df7b87f0713863be5224320b547d67cf1e8640820cc

Download Submit
C:\Windows\system\oPSVvxT.exe

Filesize
6.0MB

MD5
42d2924a7a27deeb702d36d8182358fd

SHA1
d5aab5fbe42877daf121ec491604eb123e7b9eae

SHA256
bbcf54dc25ffd8212fe6da62af537297885b1832e46aeaa722e759a207c05752

SHA512
68e51a2fd4333ad9fc9a14bf5d1ae43c050c6aac03556d97d994f8d00ddbbc68e306c60bcbfa27d147b8fb32d078a621805396d2a9d55ff5a70ffe84cd73c436

Download Submit
C:\Windows\system\pFqzncq.exe

Filesize
6.0MB

MD5
bab8ecd9635981eb2b971b56f425e348

SHA1
18c32b38555698a78f8e064fa3ea77487815479b

SHA256
98abd70206c63dcb2451fbf6aa28d57ead5701d797641593f1f872b51273187f

SHA512
d4172c8c8ff5379c7e66d1602d5568f6975668308aebc6fdf6a717707bfa3c3848f43181040ecb42ce52d81c720ac7a49ceaa40e156b89abdc1170045586a120

Download Submit
C:\Windows\system\qbVjRTK.exe

Filesize
6.0MB

MD5
d394c5f9504bf7fd8b00fd0bb0c40550

SHA1
431f5eeefe25251e02403d2bb036054abd42f5e9

SHA256
2b3d2da553f8d4df83ee73327456114a24e30a72494987e44da9928921d39068

SHA512
26a885c0490206a1f87db0496fc2f8033f6ab3a907f66c47e5cd874d30496d5716eeb3892e56f241822188113e5e328b983d90613758e9f1c1d6871b8c4a404c

Download Submit
C:\Windows\system\rxOoPxs.exe

Filesize
6.0MB

MD5
23a06cd991748d9b5ebb9d91bcc5e9a6

SHA1
3007e4566e745bec957e2b4064e8d881db352fea

SHA256
b76c4414b04c581f566ff50637011142a2cd5d2afe69e8e7da5b01a5fd6077de

SHA512
72d93ef5690142ff58927b80c9e3880b476056ea30c951b78625d82c64617e6accda5dc1e28d68d9a779aaf9dff156296cd367216ae9208332d3ba4e109f5d6d

Download Submit
C:\Windows\system\sXyouZr.exe

Filesize
6.0MB

MD5
d6c81ef472507b304a47b50d745c2161

SHA1
221457da944d166ec624e6e86608dcc487a4ee60

SHA256
2b89a68915b690c626aed45c6bb1e35779ea52eb7da075b51aa2f7a773478515

SHA512
455e1e56ba8591b4e727ae0a7b9070b6ce1d2fe4b0f1e76f19887d67c84496d9d2b2dceb191ce3e732d54f1e1790fca6cbbb112c96736c461a0a194969782916

Download Submit
C:\Windows\system\ucGrrvt.exe

Filesize
6.0MB

MD5
defef33685a15f07710b742f88fdd699

SHA1
204fc6a2862e0725fe4bfbdb668fa662f4b9dc85

SHA256
e98d6290a880c0ae064ff9a9e7421fc23ba13a8c3bcff5c72323fee5619f1898

SHA512
f2b4ea701f07ee0835083a88e422b7520d5112530c040cb8d6c206e31730290485e360490f46c68afd77f562e62e1948d267ac25314e790234ca0021dbb62593

Download Submit
C:\Windows\system\vNJIZlv.exe

Filesize
6.0MB

MD5
3ad679b370a2ba87f285b12f395a23cd

SHA1
3cb4b3d6004b40c2302d40e44bdefa03c1362eae

SHA256
f87c740337c517b6348186c44f9507e603f0f1c134c5c34028d99fc0bad7affe

SHA512
79e7a967542d82bc6448844f4375cc41c51f81b3940f9d3df605a5de21955d843b51dac1148991b7631a4e59b8b0832b187aa1874ce239701fd0d568fae26414

Download Submit
C:\Windows\system\zNZiKTv.exe

Filesize
6.0MB

MD5
3bd5ce15946c28941d74a486135db838

SHA1
68f2a9369d0137d67e5240ac432e82041b4e8109

SHA256
aa1dce14c87a5cf655fb80d0aa85ae0f4d99a954e30c3eb24fc06871b92610e4

SHA512
02fcb0b88b14e6fd498a9bbbe92819489466817ce2020bec57b554300f20bbfb05e4d9aa9b97b80bdca67463c004895fdba065135c32f7293d06171d955df3a2

Download Submit
C:\Windows\system\zVEUeNm.exe

Filesize
6.0MB

MD5
849678edc78b9265ec55a9a2b4b813f5

SHA1
5ede59054c329cdf4a0d14a2dcb36feace195db4

SHA256
3aa41744da9b888d8d606fe4c208d44254b02f55e3e13be9b7e643957cb53feb

SHA512
d0e40e6723ee2a208d0048c52a62135d7750829dac1c6506c94803751f5d875598afa8f0defaa884d68200605dc709dc39158fe3caacb94540cf9018d901ff83

Download Submit
C:\Windows\system\zbWctBH.exe

Filesize
6.0MB

MD5
2798d7cb0a4a0ef75188cf0555ea00f2

SHA1
64a6a4f7e95881b884445e49faccb6b5e60689e0

SHA256
23d88d34f0b9fa43fe261c23dd2544fc59cefb81cc6ad443416977c1e7896269

SHA512
0810f931236c351ff9e34f269220870cd642db5d24bc05cecab737248326f7768d320825aa6f33105443b0909d5450cc5457c2dfe355b11f15dd9c167aebf6fe

Download Submit
\Windows\system\OijdWsE.exe

Filesize
6.0MB

MD5
d2123efffee5e1325fb0292b8f6a8348

SHA1
8de48e29e3068e54116030a775b129a459e25170

SHA256
1b8c2945a9667bd150110fc05d95682f6a693e89d28c8b4d110cb32d48ca885d

SHA512
e1d5ffe202768105b0566e461863705e3b14a739807180b31875178ca8cc91862b9399be9c61b6bb26467030af27230ce6747bc21795ba2d4b7d2986a118ee87

Download Submit
\Windows\system\SItmaOI.exe

Filesize
6.0MB

MD5
ba01c02df98fbfd4822d0a3891054d45

SHA1
ccbdc917032b14d7ff8cc6e7dff0be216e64d128

SHA256
18d9c7df1e3e3c9e6f4e907b19f2cdfb8152865fd15d3598e3982699c2cdd058

SHA512
deb21ed2fca326bc810cc6e9590e5465470445f2b737b24788248f52554d3315e6040e1d3327345f937ea2ac25df1d761eaa01695000c84aa4ce190271384596

Download Submit
\Windows\system\dCwGKec.exe

Filesize
6.0MB

MD5
5664a1282541a511bea5b77de7016eee

SHA1
81afd389a40d33af01eac8787e38863912180afb

SHA256
d92fe2c76927d5feea52faaa9b8abaafff78beb6792e60f4066732ff2b770c82

SHA512
59b3bb03836fa8c89f563f6951f35dee6384b53140b4f5b72db14849b8825ce3939c3853fc8d0a680a31c6764bc9b72589438229e6d5148614030284fac04c3d

Download Submit
\Windows\system\mNWkwfr.exe

Filesize
6.0MB

MD5
b9f2a81f59cc09c4ae5ddec95ad3be7d

SHA1
ee9393d7ef310a9bbda819db6a9fd7bc37ba095f

SHA256
94740f853d55a19bfdbf308666f151e1454accd76207d27d2b7c32aa63d06961

SHA512
01e30218fe8afdb2de796fc31158169adb96b65dadc2a766e2ebde58401bec2b741fe8efc56610352dd69cbfb1def61ebd226f2a8a0ddace1d7c1d35bac081bf

Download Submit
\Windows\system\pTDSojU.exe

Filesize
6.0MB

MD5
079849a791ebf74cd96dc899c01f0ff7

SHA1
7666be01c725bdab87d1a9f83407614bfa634deb

SHA256
5036fe10de44636de45ead27159b35dd9a2a725074a395d3220a63dcf2c8aa6a

SHA512
007d6a33cbb3f9287cb8f128a1dc02474c87dc1bf162ca8ed12a59f3c9d3ea8a3628e71f0d6226733e189548b409b18e66b48a23916bbe2fe0849273fdcdf882

Download Submit
memory/480-61-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/480-3123-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/480-101-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/712-69-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/712-3142-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/712-110-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1248-102-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/1248-3154-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/1248-519-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2060-3147-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2060-647-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2060-111-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2064-3135-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2064-150-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2064-76-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2176-52-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2176-92-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2176-3120-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2260-93-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2260-3144-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2260-384-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2408-3107-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-68-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-28-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-20-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3114-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-60-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-83-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2732-43-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3124-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2824-89-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2824-35-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-80-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-438-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2824-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2824-72-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2824-587-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2824-115-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2824-733-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-64-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-90-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2824-0-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-6-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-106-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-47-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2824-56-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2824-116-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-39-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-13-0x0000000002460000-0x00000000027B4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-216-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-107-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2824-31-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-18-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-24-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-326-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2824-98-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2824-97-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2872-277-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-84-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-3152-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-3112-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-42-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-9-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-3118-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-36-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-75-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-3128-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2976-15-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2976-51-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download