cobaltstrike | 1259029860e9481ae12b83169ad0271bbea7f4d1fa221d39ceaff7561834bce7

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 13:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1e36445debbd2160a43a3c8a7fe415b1
SHA1

190a19c3b420b4e3ebf2facfefae3322fdcebaf5
SHA256

1259029860e9481ae12b83169ad0271bbea7f4d1fa221d39ceaff7561834bce7
SHA512

cc0986c22f947e7244c2b7d671db009e2dbac014151070962df93083f8ca07341ac16cbc332bcccce6e02ebaf3ddea06b034dfc38a2abdd5fb85b073324f849b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU/:T+q56utgpPF8u/7/

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\system\isTDnrw.exe	cobalt_reflective_dll
\Windows\system\GkgBJIJ.exe	cobalt_reflective_dll
C:\Windows\system\uSWtiWz.exe	cobalt_reflective_dll
\Windows\system\HHLdSkj.exe	cobalt_reflective_dll
\Windows\system\jrbAqNR.exe	cobalt_reflective_dll
C:\Windows\system\uVVXQec.exe	cobalt_reflective_dll
\Windows\system\eDyehyH.exe	cobalt_reflective_dll
C:\Windows\system\gVqzJKM.exe	cobalt_reflective_dll
C:\Windows\system\zQDEeKp.exe	cobalt_reflective_dll
\Windows\system\ezZyghk.exe	cobalt_reflective_dll
C:\Windows\system\LyMhHLE.exe	cobalt_reflective_dll
C:\Windows\system\gdwqTYn.exe	cobalt_reflective_dll
\Windows\system\Qvdxtuh.exe	cobalt_reflective_dll
\Windows\system\IqHLqki.exe	cobalt_reflective_dll
C:\Windows\system\cgJqGfq.exe	cobalt_reflective_dll
C:\Windows\system\VgtvcYg.exe	cobalt_reflective_dll
C:\Windows\system\svtTUAx.exe	cobalt_reflective_dll
C:\Windows\system\RVhLFwi.exe	cobalt_reflective_dll
C:\Windows\system\lrYuTPy.exe	cobalt_reflective_dll
C:\Windows\system\HBLzUCp.exe	cobalt_reflective_dll
C:\Windows\system\dwkXVXR.exe	cobalt_reflective_dll
C:\Windows\system\TGroXDa.exe	cobalt_reflective_dll
C:\Windows\system\UOBdfnP.exe	cobalt_reflective_dll
C:\Windows\system\CAACIXT.exe	cobalt_reflective_dll
C:\Windows\system\kdPHKhp.exe	cobalt_reflective_dll
C:\Windows\system\swZwgVx.exe	cobalt_reflective_dll
C:\Windows\system\lubHKed.exe	cobalt_reflective_dll
C:\Windows\system\tdqTkfk.exe	cobalt_reflective_dll
C:\Windows\system\ddRPZyl.exe	cobalt_reflective_dll
C:\Windows\system\ceMasdp.exe	cobalt_reflective_dll
C:\Windows\system\LvrWdkw.exe	cobalt_reflective_dll
C:\Windows\system\gqSnunC.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2228-0-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
C:\Windows\system\isTDnrw.exe	xmrig
\Windows\system\GkgBJIJ.exe	xmrig
C:\Windows\system\uSWtiWz.exe	xmrig
\Windows\system\HHLdSkj.exe	xmrig
behavioral1/memory/2744-35-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2228-34-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/memory/2784-33-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
\Windows\system\jrbAqNR.exe	xmrig
behavioral1/memory/2832-31-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2708-29-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
C:\Windows\system\uVVXQec.exe	xmrig
behavioral1/memory/2820-26-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2716-42-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2628-49-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
\Windows\system\eDyehyH.exe	xmrig
C:\Windows\system\gVqzJKM.exe	xmrig
behavioral1/memory/2196-56-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
C:\Windows\system\zQDEeKp.exe	xmrig
\Windows\system\ezZyghk.exe	xmrig
behavioral1/memory/2276-71-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2096-78-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/308-91-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
C:\Windows\system\LyMhHLE.exe	xmrig
C:\Windows\system\gdwqTYn.exe	xmrig
\Windows\system\Qvdxtuh.exe	xmrig
\Windows\system\IqHLqki.exe	xmrig
C:\Windows\system\cgJqGfq.exe	xmrig
behavioral1/memory/308-765-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/816-575-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
C:\Windows\system\VgtvcYg.exe	xmrig
C:\Windows\system\svtTUAx.exe	xmrig
C:\Windows\system\RVhLFwi.exe	xmrig
C:\Windows\system\lrYuTPy.exe	xmrig
C:\Windows\system\HBLzUCp.exe	xmrig
C:\Windows\system\dwkXVXR.exe	xmrig
C:\Windows\system\TGroXDa.exe	xmrig
C:\Windows\system\UOBdfnP.exe	xmrig
C:\Windows\system\CAACIXT.exe	xmrig
C:\Windows\system\kdPHKhp.exe	xmrig
C:\Windows\system\swZwgVx.exe	xmrig
C:\Windows\system\lubHKed.exe	xmrig
C:\Windows\system\tdqTkfk.exe	xmrig
C:\Windows\system\ddRPZyl.exe	xmrig
behavioral1/memory/1744-99-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
C:\Windows\system\ceMasdp.exe	xmrig
behavioral1/memory/816-83-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
C:\Windows\system\LvrWdkw.exe	xmrig
behavioral1/memory/2228-64-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/576-63-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
C:\Windows\system\gqSnunC.exe	xmrig
behavioral1/memory/2820-3960-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2784-4023-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2628-4087-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2708-4086-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2744-4085-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/816-4092-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/1744-4091-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2096-4090-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/576-4089-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/308-4088-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2716-4135-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2832-4136-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2196-4137-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

isTDnrw.exeGkgBJIJ.exeuSWtiWz.exeHHLdSkj.exeuVVXQec.exejrbAqNR.exegVqzJKM.exeeDyehyH.exegqSnunC.exezQDEeKp.exeezZyghk.exeLvrWdkw.execeMasdp.exeLyMhHLE.exeddRPZyl.exegdwqTYn.exetdqTkfk.exeswZwgVx.exekdPHKhp.exeQvdxtuh.exelubHKed.exeCAACIXT.exeTGroXDa.exeUOBdfnP.exeIqHLqki.exedwkXVXR.exeHBLzUCp.exelrYuTPy.execgJqGfq.exeRVhLFwi.exesvtTUAx.exeVgtvcYg.exevXBVAFV.exedvDdrzM.exeoGUiScx.exefjSaLYr.exeGgYMSIO.exeXhuFdQc.exeyHeMoTL.exedmUdrEE.exeLOmjWee.exeiwDFoNk.exefdILjqz.exePFTEBvn.exegSQSOcw.exeSHPMaHC.exenROpWbj.exeTcLGluS.exeaBxZhRp.exesBqerYC.exevATQava.exeMWMdeSW.exeJqyrbEJ.exeyZTJBSN.exeDXPQdkX.exeTdhAIWV.exeflMMnta.exeEwdcLhC.exeVitBERW.exeKsSHsIm.exeQAMHINM.exeuEDTaAL.exeWcbykqX.exepyekQVH.exe

pid	process
2784	isTDnrw.exe
2820	GkgBJIJ.exe
2708	uSWtiWz.exe
2832	HHLdSkj.exe
2744	uVVXQec.exe
2716	jrbAqNR.exe
2628	gVqzJKM.exe
2196	eDyehyH.exe
576	gqSnunC.exe
2276	zQDEeKp.exe
2096	ezZyghk.exe
816	LvrWdkw.exe
308	ceMasdp.exe
1744	LyMhHLE.exe
2860	ddRPZyl.exe
484	gdwqTYn.exe
496	tdqTkfk.exe
2880	swZwgVx.exe
2848	kdPHKhp.exe
1820	Qvdxtuh.exe
592	lubHKed.exe
3060	CAACIXT.exe
1936	TGroXDa.exe
1788	UOBdfnP.exe
2180	IqHLqki.exe
2344	dwkXVXR.exe
2176	HBLzUCp.exe
1076	lrYuTPy.exe
2116	cgJqGfq.exe
2152	RVhLFwi.exe
1372	svtTUAx.exe
1868	VgtvcYg.exe
2432	vXBVAFV.exe
860	dvDdrzM.exe
2200	oGUiScx.exe
2248	fjSaLYr.exe
1528	GgYMSIO.exe
1380	XhuFdQc.exe
1776	yHeMoTL.exe
988	dmUdrEE.exe
1512	LOmjWee.exe
1516	iwDFoNk.exe
1360	fdILjqz.exe
2264	PFTEBvn.exe
1224	gSQSOcw.exe
280	SHPMaHC.exe
688	nROpWbj.exe
2240	TcLGluS.exe
272	aBxZhRp.exe
1320	sBqerYC.exe
892	vATQava.exe
1008	MWMdeSW.exe
1956	JqyrbEJ.exe
1848	yZTJBSN.exe
1584	DXPQdkX.exe
1588	TdhAIWV.exe
2700	flMMnta.exe
2656	EwdcLhC.exe
2136	VitBERW.exe
1312	KsSHsIm.exe
2612	QAMHINM.exe
276	uEDTaAL.exe
2160	WcbykqX.exe
620	pyekQVH.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2228-0-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
C:\Windows\system\isTDnrw.exe	upx
\Windows\system\GkgBJIJ.exe	upx
C:\Windows\system\uSWtiWz.exe	upx
\Windows\system\HHLdSkj.exe	upx
behavioral1/memory/2744-35-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2784-33-0x000000013F120000-0x000000013F474000-memory.dmp	upx
\Windows\system\jrbAqNR.exe	upx
behavioral1/memory/2832-31-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2708-29-0x000000013F240000-0x000000013F594000-memory.dmp	upx
C:\Windows\system\uVVXQec.exe	upx
behavioral1/memory/2820-26-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2716-42-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2628-49-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
\Windows\system\eDyehyH.exe	upx
C:\Windows\system\gVqzJKM.exe	upx
behavioral1/memory/2196-56-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
C:\Windows\system\zQDEeKp.exe	upx
\Windows\system\ezZyghk.exe	upx
behavioral1/memory/2276-71-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2096-78-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/308-91-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
C:\Windows\system\LyMhHLE.exe	upx
C:\Windows\system\gdwqTYn.exe	upx
\Windows\system\Qvdxtuh.exe	upx
\Windows\system\IqHLqki.exe	upx
C:\Windows\system\cgJqGfq.exe	upx
behavioral1/memory/308-765-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/816-575-0x000000013F230000-0x000000013F584000-memory.dmp	upx
C:\Windows\system\VgtvcYg.exe	upx
C:\Windows\system\svtTUAx.exe	upx
C:\Windows\system\RVhLFwi.exe	upx
C:\Windows\system\lrYuTPy.exe	upx
C:\Windows\system\HBLzUCp.exe	upx
C:\Windows\system\dwkXVXR.exe	upx
C:\Windows\system\TGroXDa.exe	upx
C:\Windows\system\UOBdfnP.exe	upx
C:\Windows\system\CAACIXT.exe	upx
C:\Windows\system\kdPHKhp.exe	upx
C:\Windows\system\swZwgVx.exe	upx
C:\Windows\system\lubHKed.exe	upx
C:\Windows\system\tdqTkfk.exe	upx
C:\Windows\system\ddRPZyl.exe	upx
behavioral1/memory/1744-99-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
C:\Windows\system\ceMasdp.exe	upx
behavioral1/memory/816-83-0x000000013F230000-0x000000013F584000-memory.dmp	upx
C:\Windows\system\LvrWdkw.exe	upx
behavioral1/memory/2228-64-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/576-63-0x000000013F200000-0x000000013F554000-memory.dmp	upx
C:\Windows\system\gqSnunC.exe	upx
behavioral1/memory/2820-3960-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2784-4023-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2628-4087-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2708-4086-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2744-4085-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/816-4092-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/1744-4091-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2096-4090-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/576-4089-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/308-4088-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2716-4135-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2832-4136-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2196-4137-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2276-4138-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\DexgTkl.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdVsCnc.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLjhCjt.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bWqMcse.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EEajUwW.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WcbykqX.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iYFXtea.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QkkUewh.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBOJLOn.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DXPQdkX.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qSJpWsg.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QQRESjU.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bviRQzi.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\isTDnrw.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dmUdrEE.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CLaROpg.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jYlDIui.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PsyOyWf.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dTlVhdi.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WhSDfvY.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OEHoSlp.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhuFdQc.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFjJzHQ.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WTOqzUm.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EhxEikv.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KOaiRrT.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tBHFsHc.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXvYExR.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZnzMdIo.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SaxPwkt.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BRjXLtv.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FbQkLPL.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IJYqnbz.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rnEwNBj.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQqtDlP.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUBGtZh.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HaRhLdc.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jywRfvO.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GHxebyN.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QhkAfpv.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GJJVXTY.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TojqhBm.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cmTmUXi.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iJBVoAN.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UREaYtc.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qppiYbh.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wBvAqSn.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tZqgWGZ.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PFtutyu.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UPwdOKs.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Qvdxtuh.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ULHaxGf.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkZRxrG.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MJVbHAe.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\opXqprd.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvtYCWP.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMVDcss.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\InJojlH.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjSaLYr.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iwDFoNk.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IfskXfW.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gjSkQKT.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TCXestF.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dFzCdBF.exe	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2228 wrote to memory of 2784	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	isTDnrw.exe
PID 2228 wrote to memory of 2784	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	isTDnrw.exe
PID 2228 wrote to memory of 2784	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	isTDnrw.exe
PID 2228 wrote to memory of 2820	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	GkgBJIJ.exe
PID 2228 wrote to memory of 2820	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	GkgBJIJ.exe
PID 2228 wrote to memory of 2820	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	GkgBJIJ.exe
PID 2228 wrote to memory of 2708	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	uSWtiWz.exe
PID 2228 wrote to memory of 2708	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	uSWtiWz.exe
PID 2228 wrote to memory of 2708	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	uSWtiWz.exe
PID 2228 wrote to memory of 2832	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	HHLdSkj.exe
PID 2228 wrote to memory of 2832	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	HHLdSkj.exe
PID 2228 wrote to memory of 2832	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	HHLdSkj.exe
PID 2228 wrote to memory of 2744	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	uVVXQec.exe
PID 2228 wrote to memory of 2744	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	uVVXQec.exe
PID 2228 wrote to memory of 2744	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	uVVXQec.exe
PID 2228 wrote to memory of 2716	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	jrbAqNR.exe
PID 2228 wrote to memory of 2716	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	jrbAqNR.exe
PID 2228 wrote to memory of 2716	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	jrbAqNR.exe
PID 2228 wrote to memory of 2628	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	gVqzJKM.exe
PID 2228 wrote to memory of 2628	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	gVqzJKM.exe
PID 2228 wrote to memory of 2628	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	gVqzJKM.exe
PID 2228 wrote to memory of 2196	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	eDyehyH.exe
PID 2228 wrote to memory of 2196	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	eDyehyH.exe
PID 2228 wrote to memory of 2196	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	eDyehyH.exe
PID 2228 wrote to memory of 576	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	gqSnunC.exe
PID 2228 wrote to memory of 576	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	gqSnunC.exe
PID 2228 wrote to memory of 576	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	gqSnunC.exe
PID 2228 wrote to memory of 2276	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	zQDEeKp.exe
PID 2228 wrote to memory of 2276	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	zQDEeKp.exe
PID 2228 wrote to memory of 2276	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	zQDEeKp.exe
PID 2228 wrote to memory of 2096	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	ezZyghk.exe
PID 2228 wrote to memory of 2096	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	ezZyghk.exe
PID 2228 wrote to memory of 2096	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	ezZyghk.exe
PID 2228 wrote to memory of 816	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	LvrWdkw.exe
PID 2228 wrote to memory of 816	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	LvrWdkw.exe
PID 2228 wrote to memory of 816	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	LvrWdkw.exe
PID 2228 wrote to memory of 308	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	ceMasdp.exe
PID 2228 wrote to memory of 308	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	ceMasdp.exe
PID 2228 wrote to memory of 308	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	ceMasdp.exe
PID 2228 wrote to memory of 1744	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	LyMhHLE.exe
PID 2228 wrote to memory of 1744	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	LyMhHLE.exe
PID 2228 wrote to memory of 1744	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	LyMhHLE.exe
PID 2228 wrote to memory of 2860	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	ddRPZyl.exe
PID 2228 wrote to memory of 2860	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	ddRPZyl.exe
PID 2228 wrote to memory of 2860	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	ddRPZyl.exe
PID 2228 wrote to memory of 484	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	gdwqTYn.exe
PID 2228 wrote to memory of 484	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	gdwqTYn.exe
PID 2228 wrote to memory of 484	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	gdwqTYn.exe
PID 2228 wrote to memory of 496	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	tdqTkfk.exe
PID 2228 wrote to memory of 496	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	tdqTkfk.exe
PID 2228 wrote to memory of 496	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	tdqTkfk.exe
PID 2228 wrote to memory of 2880	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	swZwgVx.exe
PID 2228 wrote to memory of 2880	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	swZwgVx.exe
PID 2228 wrote to memory of 2880	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	swZwgVx.exe
PID 2228 wrote to memory of 2848	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	kdPHKhp.exe
PID 2228 wrote to memory of 2848	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	kdPHKhp.exe
PID 2228 wrote to memory of 2848	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	kdPHKhp.exe
PID 2228 wrote to memory of 1820	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	Qvdxtuh.exe
PID 2228 wrote to memory of 1820	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	Qvdxtuh.exe
PID 2228 wrote to memory of 1820	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	Qvdxtuh.exe
PID 2228 wrote to memory of 592	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	lubHKed.exe
PID 2228 wrote to memory of 592	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	lubHKed.exe
PID 2228 wrote to memory of 592	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	lubHKed.exe
PID 2228 wrote to memory of 1936	2228	2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe	TGroXDa.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-22_1e36445debbd2160a43a3c8a7fe415b1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\System\isTDnrw.exe
  C:\Windows\System\isTDnrw.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\GkgBJIJ.exe
  C:\Windows\System\GkgBJIJ.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\uSWtiWz.exe
  C:\Windows\System\uSWtiWz.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\HHLdSkj.exe
  C:\Windows\System\HHLdSkj.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\uVVXQec.exe
  C:\Windows\System\uVVXQec.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\jrbAqNR.exe
  C:\Windows\System\jrbAqNR.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\gVqzJKM.exe
  C:\Windows\System\gVqzJKM.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\eDyehyH.exe
  C:\Windows\System\eDyehyH.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\gqSnunC.exe
  C:\Windows\System\gqSnunC.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\zQDEeKp.exe
  C:\Windows\System\zQDEeKp.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\ezZyghk.exe
  C:\Windows\System\ezZyghk.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\LvrWdkw.exe
  C:\Windows\System\LvrWdkw.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\ceMasdp.exe
  C:\Windows\System\ceMasdp.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\LyMhHLE.exe
  C:\Windows\System\LyMhHLE.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\ddRPZyl.exe
  C:\Windows\System\ddRPZyl.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\gdwqTYn.exe
  C:\Windows\System\gdwqTYn.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\tdqTkfk.exe
  C:\Windows\System\tdqTkfk.exe
  2⤵
  - Executes dropped EXE
  PID:496
- C:\Windows\System\swZwgVx.exe
  C:\Windows\System\swZwgVx.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\kdPHKhp.exe
  C:\Windows\System\kdPHKhp.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\Qvdxtuh.exe
  C:\Windows\System\Qvdxtuh.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\lubHKed.exe
  C:\Windows\System\lubHKed.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\TGroXDa.exe
  C:\Windows\System\TGroXDa.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\CAACIXT.exe
  C:\Windows\System\CAACIXT.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\IqHLqki.exe
  C:\Windows\System\IqHLqki.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\UOBdfnP.exe
  C:\Windows\System\UOBdfnP.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\dwkXVXR.exe
  C:\Windows\System\dwkXVXR.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\HBLzUCp.exe
  C:\Windows\System\HBLzUCp.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\lrYuTPy.exe
  C:\Windows\System\lrYuTPy.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\cgJqGfq.exe
  C:\Windows\System\cgJqGfq.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\RVhLFwi.exe
  C:\Windows\System\RVhLFwi.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\svtTUAx.exe
  C:\Windows\System\svtTUAx.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\VgtvcYg.exe
  C:\Windows\System\VgtvcYg.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\vXBVAFV.exe
  C:\Windows\System\vXBVAFV.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\dvDdrzM.exe
  C:\Windows\System\dvDdrzM.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\oGUiScx.exe
  C:\Windows\System\oGUiScx.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\fjSaLYr.exe
  C:\Windows\System\fjSaLYr.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\GgYMSIO.exe
  C:\Windows\System\GgYMSIO.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\XhuFdQc.exe
  C:\Windows\System\XhuFdQc.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\yHeMoTL.exe
  C:\Windows\System\yHeMoTL.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\dmUdrEE.exe
  C:\Windows\System\dmUdrEE.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\LOmjWee.exe
  C:\Windows\System\LOmjWee.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\iwDFoNk.exe
  C:\Windows\System\iwDFoNk.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\fdILjqz.exe
  C:\Windows\System\fdILjqz.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\PFTEBvn.exe
  C:\Windows\System\PFTEBvn.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\gSQSOcw.exe
  C:\Windows\System\gSQSOcw.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\SHPMaHC.exe
  C:\Windows\System\SHPMaHC.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\nROpWbj.exe
  C:\Windows\System\nROpWbj.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\TcLGluS.exe
  C:\Windows\System\TcLGluS.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\aBxZhRp.exe
  C:\Windows\System\aBxZhRp.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\MWMdeSW.exe
  C:\Windows\System\MWMdeSW.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\sBqerYC.exe
  C:\Windows\System\sBqerYC.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\JqyrbEJ.exe
  C:\Windows\System\JqyrbEJ.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\vATQava.exe
  C:\Windows\System\vATQava.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\yZTJBSN.exe
  C:\Windows\System\yZTJBSN.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\DXPQdkX.exe
  C:\Windows\System\DXPQdkX.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\TdhAIWV.exe
  C:\Windows\System\TdhAIWV.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\flMMnta.exe
  C:\Windows\System\flMMnta.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\EwdcLhC.exe
  C:\Windows\System\EwdcLhC.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\VitBERW.exe
  C:\Windows\System\VitBERW.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\KsSHsIm.exe
  C:\Windows\System\KsSHsIm.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\QAMHINM.exe
  C:\Windows\System\QAMHINM.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\uEDTaAL.exe
  C:\Windows\System\uEDTaAL.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\WcbykqX.exe
  C:\Windows\System\WcbykqX.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\pyekQVH.exe
  C:\Windows\System\pyekQVH.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\dNuDplW.exe
  C:\Windows\System\dNuDplW.exe
  2⤵
  PID:2572
- C:\Windows\System\mDSsbtN.exe
  C:\Windows\System\mDSsbtN.exe
  2⤵
  PID:2060
- C:\Windows\System\QHDPXDs.exe
  C:\Windows\System\QHDPXDs.exe
  2⤵
  PID:2284
- C:\Windows\System\XeczFqz.exe
  C:\Windows\System\XeczFqz.exe
  2⤵
  PID:1304
- C:\Windows\System\PvWfUlU.exe
  C:\Windows\System\PvWfUlU.exe
  2⤵
  PID:264
- C:\Windows\System\QNEnYAz.exe
  C:\Windows\System\QNEnYAz.exe
  2⤵
  PID:604
- C:\Windows\System\hSAqTwA.exe
  C:\Windows\System\hSAqTwA.exe
  2⤵
  PID:2184
- C:\Windows\System\KhMpMJo.exe
  C:\Windows\System\KhMpMJo.exe
  2⤵
  PID:2332
- C:\Windows\System\IxsKApi.exe
  C:\Windows\System\IxsKApi.exe
  2⤵
  PID:1720
- C:\Windows\System\PjKHJGc.exe
  C:\Windows\System\PjKHJGc.exe
  2⤵
  PID:1264
- C:\Windows\System\IkprORG.exe
  C:\Windows\System\IkprORG.exe
  2⤵
  PID:1960
- C:\Windows\System\bkeStqq.exe
  C:\Windows\System\bkeStqq.exe
  2⤵
  PID:1604
- C:\Windows\System\FTLZOCR.exe
  C:\Windows\System\FTLZOCR.exe
  2⤵
  PID:1092
- C:\Windows\System\CMKtzSX.exe
  C:\Windows\System\CMKtzSX.exe
  2⤵
  PID:1500
- C:\Windows\System\MCculjM.exe
  C:\Windows\System\MCculjM.exe
  2⤵
  PID:1228
- C:\Windows\System\EpwXNlP.exe
  C:\Windows\System\EpwXNlP.exe
  2⤵
  PID:2484
- C:\Windows\System\SmqxQuY.exe
  C:\Windows\System\SmqxQuY.exe
  2⤵
  PID:1644
- C:\Windows\System\OMonRya.exe
  C:\Windows\System\OMonRya.exe
  2⤵
  PID:2536
- C:\Windows\System\ulLLnYh.exe
  C:\Windows\System\ulLLnYh.exe
  2⤵
  PID:1796
- C:\Windows\System\sJdnUZc.exe
  C:\Windows\System\sJdnUZc.exe
  2⤵
  PID:3028
- C:\Windows\System\npBLEUl.exe
  C:\Windows\System\npBLEUl.exe
  2⤵
  PID:1784
- C:\Windows\System\loABOwC.exe
  C:\Windows\System\loABOwC.exe
  2⤵
  PID:2072
- C:\Windows\System\aSTcxgx.exe
  C:\Windows\System\aSTcxgx.exe
  2⤵
  PID:2324
- C:\Windows\System\vSPEDDR.exe
  C:\Windows\System\vSPEDDR.exe
  2⤵
  PID:992
- C:\Windows\System\SaxPwkt.exe
  C:\Windows\System\SaxPwkt.exe
  2⤵
  PID:2412
- C:\Windows\System\AHtbyWj.exe
  C:\Windows\System\AHtbyWj.exe
  2⤵
  PID:1940
- C:\Windows\System\gRdSvkd.exe
  C:\Windows\System\gRdSvkd.exe
  2⤵
  PID:1000
- C:\Windows\System\txodCQj.exe
  C:\Windows\System\txodCQj.exe
  2⤵
  PID:1592
- C:\Windows\System\bnxGqto.exe
  C:\Windows\System\bnxGqto.exe
  2⤵
  PID:2884
- C:\Windows\System\XAlOoFD.exe
  C:\Windows\System\XAlOoFD.exe
  2⤵
  PID:2920
- C:\Windows\System\sQNdJwl.exe
  C:\Windows\System\sQNdJwl.exe
  2⤵
  PID:3020
- C:\Windows\System\VatUgUd.exe
  C:\Windows\System\VatUgUd.exe
  2⤵
  PID:2356
- C:\Windows\System\sizrYlw.exe
  C:\Windows\System\sizrYlw.exe
  2⤵
  PID:340
- C:\Windows\System\bcRStLC.exe
  C:\Windows\System\bcRStLC.exe
  2⤵
  PID:1700
- C:\Windows\System\gRhjyNX.exe
  C:\Windows\System\gRhjyNX.exe
  2⤵
  PID:1708
- C:\Windows\System\IBPeYQH.exe
  C:\Windows\System\IBPeYQH.exe
  2⤵
  PID:2652
- C:\Windows\System\rakVTMJ.exe
  C:\Windows\System\rakVTMJ.exe
  2⤵
  PID:540
- C:\Windows\System\VMtlUxb.exe
  C:\Windows\System\VMtlUxb.exe
  2⤵
  PID:1132
- C:\Windows\System\KAFLaid.exe
  C:\Windows\System\KAFLaid.exe
  2⤵
  PID:1792
- C:\Windows\System\fTnvBrG.exe
  C:\Windows\System\fTnvBrG.exe
  2⤵
  PID:1640
- C:\Windows\System\BsOqoxY.exe
  C:\Windows\System\BsOqoxY.exe
  2⤵
  PID:760
- C:\Windows\System\RAZVPQe.exe
  C:\Windows\System\RAZVPQe.exe
  2⤵
  PID:1864
- C:\Windows\System\SDWWiYZ.exe
  C:\Windows\System\SDWWiYZ.exe
  2⤵
  PID:1824
- C:\Windows\System\LOrgNqY.exe
  C:\Windows\System\LOrgNqY.exe
  2⤵
  PID:856
- C:\Windows\System\XCjYeAx.exe
  C:\Windows\System\XCjYeAx.exe
  2⤵
  PID:1036
- C:\Windows\System\kxixOmM.exe
  C:\Windows\System\kxixOmM.exe
  2⤵
  PID:2388
- C:\Windows\System\KcYXnyj.exe
  C:\Windows\System\KcYXnyj.exe
  2⤵
  PID:2452
- C:\Windows\System\ylxgUQp.exe
  C:\Windows\System\ylxgUQp.exe
  2⤵
  PID:2480
- C:\Windows\System\scMhjLF.exe
  C:\Windows\System\scMhjLF.exe
  2⤵
  PID:2124
- C:\Windows\System\YKjzSzR.exe
  C:\Windows\System\YKjzSzR.exe
  2⤵
  PID:2692
- C:\Windows\System\zBmeLbg.exe
  C:\Windows\System\zBmeLbg.exe
  2⤵
  PID:1996
- C:\Windows\System\xlirgpB.exe
  C:\Windows\System\xlirgpB.exe
  2⤵
  PID:1376
- C:\Windows\System\FIbaZrh.exe
  C:\Windows\System\FIbaZrh.exe
  2⤵
  PID:1724
- C:\Windows\System\BYLjfNB.exe
  C:\Windows\System\BYLjfNB.exe
  2⤵
  PID:1424
- C:\Windows\System\VBsFuSI.exe
  C:\Windows\System\VBsFuSI.exe
  2⤵
  PID:3084
- C:\Windows\System\HMZTYBN.exe
  C:\Windows\System\HMZTYBN.exe
  2⤵
  PID:3100
- C:\Windows\System\kJpyIrb.exe
  C:\Windows\System\kJpyIrb.exe
  2⤵
  PID:3124
- C:\Windows\System\DnIxqRY.exe
  C:\Windows\System\DnIxqRY.exe
  2⤵
  PID:3140
- C:\Windows\System\iDpQXwy.exe
  C:\Windows\System\iDpQXwy.exe
  2⤵
  PID:3156
- C:\Windows\System\wyLSbLF.exe
  C:\Windows\System\wyLSbLF.exe
  2⤵
  PID:3184
- C:\Windows\System\JypCDDW.exe
  C:\Windows\System\JypCDDW.exe
  2⤵
  PID:3204
- C:\Windows\System\DShymWa.exe
  C:\Windows\System\DShymWa.exe
  2⤵
  PID:3224
- C:\Windows\System\OLWVbjg.exe
  C:\Windows\System\OLWVbjg.exe
  2⤵
  PID:3244
- C:\Windows\System\OdPOVDD.exe
  C:\Windows\System\OdPOVDD.exe
  2⤵
  PID:3264
- C:\Windows\System\npDzTjy.exe
  C:\Windows\System\npDzTjy.exe
  2⤵
  PID:3280
- C:\Windows\System\SWowbMv.exe
  C:\Windows\System\SWowbMv.exe
  2⤵
  PID:3296
- C:\Windows\System\wgIzSWX.exe
  C:\Windows\System\wgIzSWX.exe
  2⤵
  PID:3324
- C:\Windows\System\NlxRYRP.exe
  C:\Windows\System\NlxRYRP.exe
  2⤵
  PID:3344
- C:\Windows\System\PZwyrGu.exe
  C:\Windows\System\PZwyrGu.exe
  2⤵
  PID:3364
- C:\Windows\System\qmetivT.exe
  C:\Windows\System\qmetivT.exe
  2⤵
  PID:3380
- C:\Windows\System\HLwkRQp.exe
  C:\Windows\System\HLwkRQp.exe
  2⤵
  PID:3396
- C:\Windows\System\eAgzVnv.exe
  C:\Windows\System\eAgzVnv.exe
  2⤵
  PID:3424
- C:\Windows\System\wDAsGgv.exe
  C:\Windows\System\wDAsGgv.exe
  2⤵
  PID:3440
- C:\Windows\System\iYFXtea.exe
  C:\Windows\System\iYFXtea.exe
  2⤵
  PID:3464
- C:\Windows\System\HSiOPBD.exe
  C:\Windows\System\HSiOPBD.exe
  2⤵
  PID:3484
- C:\Windows\System\OZPOpqS.exe
  C:\Windows\System\OZPOpqS.exe
  2⤵
  PID:3500
- C:\Windows\System\uOXKYmb.exe
  C:\Windows\System\uOXKYmb.exe
  2⤵
  PID:3516
- C:\Windows\System\rCDeXhW.exe
  C:\Windows\System\rCDeXhW.exe
  2⤵
  PID:3540
- C:\Windows\System\weCOZdU.exe
  C:\Windows\System\weCOZdU.exe
  2⤵
  PID:3560
- C:\Windows\System\rrkSVNR.exe
  C:\Windows\System\rrkSVNR.exe
  2⤵
  PID:3576
- C:\Windows\System\FSMjkPE.exe
  C:\Windows\System\FSMjkPE.exe
  2⤵
  PID:3600
- C:\Windows\System\QqwcnqT.exe
  C:\Windows\System\QqwcnqT.exe
  2⤵
  PID:3624
- C:\Windows\System\DDAuXHk.exe
  C:\Windows\System\DDAuXHk.exe
  2⤵
  PID:3652
- C:\Windows\System\JqslvoU.exe
  C:\Windows\System\JqslvoU.exe
  2⤵
  PID:3672
- C:\Windows\System\cBzBcGL.exe
  C:\Windows\System\cBzBcGL.exe
  2⤵
  PID:3692
- C:\Windows\System\kcIRqKP.exe
  C:\Windows\System\kcIRqKP.exe
  2⤵
  PID:3708
- C:\Windows\System\PIVdZDQ.exe
  C:\Windows\System\PIVdZDQ.exe
  2⤵
  PID:3732
- C:\Windows\System\sgLemOG.exe
  C:\Windows\System\sgLemOG.exe
  2⤵
  PID:3752
- C:\Windows\System\VhfBQXE.exe
  C:\Windows\System\VhfBQXE.exe
  2⤵
  PID:3776
- C:\Windows\System\mXLRCfc.exe
  C:\Windows\System\mXLRCfc.exe
  2⤵
  PID:3796
- C:\Windows\System\BHPTeJE.exe
  C:\Windows\System\BHPTeJE.exe
  2⤵
  PID:3812
- C:\Windows\System\tGDdtvk.exe
  C:\Windows\System\tGDdtvk.exe
  2⤵
  PID:3836
- C:\Windows\System\msebbub.exe
  C:\Windows\System\msebbub.exe
  2⤵
  PID:3852
- C:\Windows\System\SGrWncd.exe
  C:\Windows\System\SGrWncd.exe
  2⤵
  PID:3876
- C:\Windows\System\dQDzrgS.exe
  C:\Windows\System\dQDzrgS.exe
  2⤵
  PID:3896
- C:\Windows\System\WlRHZYY.exe
  C:\Windows\System\WlRHZYY.exe
  2⤵
  PID:3912
- C:\Windows\System\ysAFAKs.exe
  C:\Windows\System\ysAFAKs.exe
  2⤵
  PID:3940
- C:\Windows\System\hKkqfGx.exe
  C:\Windows\System\hKkqfGx.exe
  2⤵
  PID:3960
- C:\Windows\System\SFDyIMo.exe
  C:\Windows\System\SFDyIMo.exe
  2⤵
  PID:3984
- C:\Windows\System\eVCiwmo.exe
  C:\Windows\System\eVCiwmo.exe
  2⤵
  PID:4000
- C:\Windows\System\EFUZCzu.exe
  C:\Windows\System\EFUZCzu.exe
  2⤵
  PID:4024
- C:\Windows\System\cmTmUXi.exe
  C:\Windows\System\cmTmUXi.exe
  2⤵
  PID:4040
- C:\Windows\System\kkzKXyk.exe
  C:\Windows\System\kkzKXyk.exe
  2⤵
  PID:4060
- C:\Windows\System\lhqskYb.exe
  C:\Windows\System\lhqskYb.exe
  2⤵
  PID:4080
- C:\Windows\System\hyUVKtL.exe
  C:\Windows\System\hyUVKtL.exe
  2⤵
  PID:2704
- C:\Windows\System\dVPSsZo.exe
  C:\Windows\System\dVPSsZo.exe
  2⤵
  PID:2108
- C:\Windows\System\wBUafBw.exe
  C:\Windows\System\wBUafBw.exe
  2⤵
  PID:1524
- C:\Windows\System\kpxRlmW.exe
  C:\Windows\System\kpxRlmW.exe
  2⤵
  PID:2192
- C:\Windows\System\ybXEYcx.exe
  C:\Windows\System\ybXEYcx.exe
  2⤵
  PID:2956
- C:\Windows\System\kiNhGiy.exe
  C:\Windows\System\kiNhGiy.exe
  2⤵
  PID:2252
- C:\Windows\System\vWtQRDP.exe
  C:\Windows\System\vWtQRDP.exe
  2⤵
  PID:2372
- C:\Windows\System\hfXNZKT.exe
  C:\Windows\System\hfXNZKT.exe
  2⤵
  PID:1912
- C:\Windows\System\sutVtym.exe
  C:\Windows\System\sutVtym.exe
  2⤵
  PID:2144
- C:\Windows\System\farPbvH.exe
  C:\Windows\System\farPbvH.exe
  2⤵
  PID:2752
- C:\Windows\System\NpXXONg.exe
  C:\Windows\System\NpXXONg.exe
  2⤵
  PID:1664
- C:\Windows\System\PPIjVKB.exe
  C:\Windows\System\PPIjVKB.exe
  2⤵
  PID:1680
- C:\Windows\System\uBcpGlj.exe
  C:\Windows\System\uBcpGlj.exe
  2⤵
  PID:3108
- C:\Windows\System\KeOuEFm.exe
  C:\Windows\System\KeOuEFm.exe
  2⤵
  PID:3172
- C:\Windows\System\BCkoimt.exe
  C:\Windows\System\BCkoimt.exe
  2⤵
  PID:3176
- C:\Windows\System\bZxQmnz.exe
  C:\Windows\System\bZxQmnz.exe
  2⤵
  PID:3212
- C:\Windows\System\yLEwkzg.exe
  C:\Windows\System\yLEwkzg.exe
  2⤵
  PID:3256
- C:\Windows\System\NzgkeUA.exe
  C:\Windows\System\NzgkeUA.exe
  2⤵
  PID:3292
- C:\Windows\System\fJKSUjE.exe
  C:\Windows\System\fJKSUjE.exe
  2⤵
  PID:3308
- C:\Windows\System\cSzuiuB.exe
  C:\Windows\System\cSzuiuB.exe
  2⤵
  PID:3336
- C:\Windows\System\apmPbLz.exe
  C:\Windows\System\apmPbLz.exe
  2⤵
  PID:3372
- C:\Windows\System\toBmgae.exe
  C:\Windows\System\toBmgae.exe
  2⤵
  PID:3420
- C:\Windows\System\VEDJTLN.exe
  C:\Windows\System\VEDJTLN.exe
  2⤵
  PID:3392
- C:\Windows\System\ORuSLAh.exe
  C:\Windows\System\ORuSLAh.exe
  2⤵
  PID:3472
- C:\Windows\System\mhQQpzG.exe
  C:\Windows\System\mhQQpzG.exe
  2⤵
  PID:3524
- C:\Windows\System\lDTLJng.exe
  C:\Windows\System\lDTLJng.exe
  2⤵
  PID:3568
- C:\Windows\System\hvqVPVZ.exe
  C:\Windows\System\hvqVPVZ.exe
  2⤵
  PID:3620
- C:\Windows\System\soUwmVM.exe
  C:\Windows\System\soUwmVM.exe
  2⤵
  PID:3660
- C:\Windows\System\IJLrnTL.exe
  C:\Windows\System\IJLrnTL.exe
  2⤵
  PID:3592
- C:\Windows\System\WOYoHcK.exe
  C:\Windows\System\WOYoHcK.exe
  2⤵
  PID:3644
- C:\Windows\System\jzsYaoK.exe
  C:\Windows\System\jzsYaoK.exe
  2⤵
  PID:3700
- C:\Windows\System\aBbvjIO.exe
  C:\Windows\System\aBbvjIO.exe
  2⤵
  PID:3744
- C:\Windows\System\zwbEnIp.exe
  C:\Windows\System\zwbEnIp.exe
  2⤵
  PID:3820
- C:\Windows\System\GZJWSBj.exe
  C:\Windows\System\GZJWSBj.exe
  2⤵
  PID:3764
- C:\Windows\System\EpvQVHu.exe
  C:\Windows\System\EpvQVHu.exe
  2⤵
  PID:3828
- C:\Windows\System\ugGzlOm.exe
  C:\Windows\System\ugGzlOm.exe
  2⤵
  PID:3848
- C:\Windows\System\uVvZpyT.exe
  C:\Windows\System\uVvZpyT.exe
  2⤵
  PID:3904
- C:\Windows\System\tjbivtK.exe
  C:\Windows\System\tjbivtK.exe
  2⤵
  PID:3952
- C:\Windows\System\pGuSEYo.exe
  C:\Windows\System\pGuSEYo.exe
  2⤵
  PID:3968
- C:\Windows\System\magEXDC.exe
  C:\Windows\System\magEXDC.exe
  2⤵
  PID:4008
- C:\Windows\System\pWRKoUW.exe
  C:\Windows\System\pWRKoUW.exe
  2⤵
  PID:4036
- C:\Windows\System\iekjnGJ.exe
  C:\Windows\System\iekjnGJ.exe
  2⤵
  PID:4056
- C:\Windows\System\fOVyEBe.exe
  C:\Windows\System\fOVyEBe.exe
  2⤵
  PID:1508
- C:\Windows\System\nyagVsc.exe
  C:\Windows\System\nyagVsc.exe
  2⤵
  PID:2476
- C:\Windows\System\dSWJuWp.exe
  C:\Windows\System\dSWJuWp.exe
  2⤵
  PID:2660
- C:\Windows\System\ZkOGNcQ.exe
  C:\Windows\System\ZkOGNcQ.exe
  2⤵
  PID:2348
- C:\Windows\System\JgWoJPL.exe
  C:\Windows\System\JgWoJPL.exe
  2⤵
  PID:1980
- C:\Windows\System\engSroh.exe
  C:\Windows\System\engSroh.exe
  2⤵
  PID:2804
- C:\Windows\System\uzwHpbf.exe
  C:\Windows\System\uzwHpbf.exe
  2⤵
  PID:1676
- C:\Windows\System\QUZpvYD.exe
  C:\Windows\System\QUZpvYD.exe
  2⤵
  PID:3136
- C:\Windows\System\SlKiUhu.exe
  C:\Windows\System\SlKiUhu.exe
  2⤵
  PID:3192
- C:\Windows\System\IiItknC.exe
  C:\Windows\System\IiItknC.exe
  2⤵
  PID:2624
- C:\Windows\System\gmgvmya.exe
  C:\Windows\System\gmgvmya.exe
  2⤵
  PID:3288
- C:\Windows\System\DIEuuEn.exe
  C:\Windows\System\DIEuuEn.exe
  2⤵
  PID:3332
- C:\Windows\System\MvkIfyE.exe
  C:\Windows\System\MvkIfyE.exe
  2⤵
  PID:3404
- C:\Windows\System\RBKbUGu.exe
  C:\Windows\System\RBKbUGu.exe
  2⤵
  PID:3456
- C:\Windows\System\iFbfTgY.exe
  C:\Windows\System\iFbfTgY.exe
  2⤵
  PID:2600
- C:\Windows\System\XeXAgkw.exe
  C:\Windows\System\XeXAgkw.exe
  2⤵
  PID:3496
- C:\Windows\System\RzeXLej.exe
  C:\Windows\System\RzeXLej.exe
  2⤵
  PID:3552
- C:\Windows\System\eJdLptZ.exe
  C:\Windows\System\eJdLptZ.exe
  2⤵
  PID:3588
- C:\Windows\System\YeJHzpe.exe
  C:\Windows\System\YeJHzpe.exe
  2⤵
  PID:3688
- C:\Windows\System\AUcfGCP.exe
  C:\Windows\System\AUcfGCP.exe
  2⤵
  PID:3784
- C:\Windows\System\rDzRIHb.exe
  C:\Windows\System\rDzRIHb.exe
  2⤵
  PID:3768
- C:\Windows\System\yMDLpVX.exe
  C:\Windows\System\yMDLpVX.exe
  2⤵
  PID:3872
- C:\Windows\System\CDYAbuL.exe
  C:\Windows\System\CDYAbuL.exe
  2⤵
  PID:3956
- C:\Windows\System\IUpWWCE.exe
  C:\Windows\System\IUpWWCE.exe
  2⤵
  PID:3936
- C:\Windows\System\ZJIFmlP.exe
  C:\Windows\System\ZJIFmlP.exe
  2⤵
  PID:4076
- C:\Windows\System\bgCJFbY.exe
  C:\Windows\System\bgCJFbY.exe
  2⤵
  PID:4052
- C:\Windows\System\IJYqnbz.exe
  C:\Windows\System\IJYqnbz.exe
  2⤵
  PID:1536
- C:\Windows\System\xvWqBnc.exe
  C:\Windows\System\xvWqBnc.exe
  2⤵
  PID:2272
- C:\Windows\System\OOsOGZr.exe
  C:\Windows\System\OOsOGZr.exe
  2⤵
  PID:2976
- C:\Windows\System\QrWDnuf.exe
  C:\Windows\System\QrWDnuf.exe
  2⤵
  PID:596
- C:\Windows\System\dyJtuac.exe
  C:\Windows\System\dyJtuac.exe
  2⤵
  PID:3168
- C:\Windows\System\jEfJiyn.exe
  C:\Windows\System\jEfJiyn.exe
  2⤵
  PID:3252
- C:\Windows\System\czdbZCX.exe
  C:\Windows\System\czdbZCX.exe
  2⤵
  PID:2384
- C:\Windows\System\axxgZNd.exe
  C:\Windows\System\axxgZNd.exe
  2⤵
  PID:3448
- C:\Windows\System\zaBaQHs.exe
  C:\Windows\System\zaBaQHs.exe
  2⤵
  PID:3476
- C:\Windows\System\UHYpkXA.exe
  C:\Windows\System\UHYpkXA.exe
  2⤵
  PID:3612
- C:\Windows\System\ruqmumW.exe
  C:\Windows\System\ruqmumW.exe
  2⤵
  PID:2712
- C:\Windows\System\manbJNc.exe
  C:\Windows\System\manbJNc.exe
  2⤵
  PID:3716
- C:\Windows\System\aAKuVDe.exe
  C:\Windows\System\aAKuVDe.exe
  2⤵
  PID:3844
- C:\Windows\System\XJZhIuz.exe
  C:\Windows\System\XJZhIuz.exe
  2⤵
  PID:3892
- C:\Windows\System\PsEPWZR.exe
  C:\Windows\System\PsEPWZR.exe
  2⤵
  PID:3948
- C:\Windows\System\tiqNMGl.exe
  C:\Windows\System\tiqNMGl.exe
  2⤵
  PID:4032
- C:\Windows\System\CRAaFLn.exe
  C:\Windows\System\CRAaFLn.exe
  2⤵
  PID:2964
- C:\Windows\System\oRTtryT.exe
  C:\Windows\System\oRTtryT.exe
  2⤵
  PID:2056
- C:\Windows\System\hlwFhHH.exe
  C:\Windows\System\hlwFhHH.exe
  2⤵
  PID:3164
- C:\Windows\System\NZtQGYO.exe
  C:\Windows\System\NZtQGYO.exe
  2⤵
  PID:2780
- C:\Windows\System\KvqcezL.exe
  C:\Windows\System\KvqcezL.exe
  2⤵
  PID:3340
- C:\Windows\System\lVXoMlw.exe
  C:\Windows\System\lVXoMlw.exe
  2⤵
  PID:4108
- C:\Windows\System\tHNRhXS.exe
  C:\Windows\System\tHNRhXS.exe
  2⤵
  PID:4124
- C:\Windows\System\wxSikaC.exe
  C:\Windows\System\wxSikaC.exe
  2⤵
  PID:4148
- C:\Windows\System\jCKegTS.exe
  C:\Windows\System\jCKegTS.exe
  2⤵
  PID:4168
- C:\Windows\System\DZIbzpL.exe
  C:\Windows\System\DZIbzpL.exe
  2⤵
  PID:4188
- C:\Windows\System\ZSlnLOX.exe
  C:\Windows\System\ZSlnLOX.exe
  2⤵
  PID:4204
- C:\Windows\System\JPcRLMu.exe
  C:\Windows\System\JPcRLMu.exe
  2⤵
  PID:4228
- C:\Windows\System\DRxfImv.exe
  C:\Windows\System\DRxfImv.exe
  2⤵
  PID:4244
- C:\Windows\System\kUyndnm.exe
  C:\Windows\System\kUyndnm.exe
  2⤵
  PID:4264
- C:\Windows\System\mVcosFj.exe
  C:\Windows\System\mVcosFj.exe
  2⤵
  PID:4288
- C:\Windows\System\oCAIkYa.exe
  C:\Windows\System\oCAIkYa.exe
  2⤵
  PID:4304
- C:\Windows\System\WWQLHMn.exe
  C:\Windows\System\WWQLHMn.exe
  2⤵
  PID:4328
- C:\Windows\System\FWBPGHT.exe
  C:\Windows\System\FWBPGHT.exe
  2⤵
  PID:4344
- C:\Windows\System\RIpKSVl.exe
  C:\Windows\System\RIpKSVl.exe
  2⤵
  PID:4368
- C:\Windows\System\MSmTOFa.exe
  C:\Windows\System\MSmTOFa.exe
  2⤵
  PID:4388
- C:\Windows\System\oEwUPHg.exe
  C:\Windows\System\oEwUPHg.exe
  2⤵
  PID:4408
- C:\Windows\System\DyskcFr.exe
  C:\Windows\System\DyskcFr.exe
  2⤵
  PID:4424
- C:\Windows\System\rfvpehu.exe
  C:\Windows\System\rfvpehu.exe
  2⤵
  PID:4448
- C:\Windows\System\vNuyrKt.exe
  C:\Windows\System\vNuyrKt.exe
  2⤵
  PID:4464
- C:\Windows\System\WRdkRWp.exe
  C:\Windows\System\WRdkRWp.exe
  2⤵
  PID:4480
- C:\Windows\System\MDfPzIN.exe
  C:\Windows\System\MDfPzIN.exe
  2⤵
  PID:4500
- C:\Windows\System\GIaONfH.exe
  C:\Windows\System\GIaONfH.exe
  2⤵
  PID:4516
- C:\Windows\System\fbesRxo.exe
  C:\Windows\System\fbesRxo.exe
  2⤵
  PID:4536
- C:\Windows\System\pcXpIPs.exe
  C:\Windows\System\pcXpIPs.exe
  2⤵
  PID:4560
- C:\Windows\System\uSscxsd.exe
  C:\Windows\System\uSscxsd.exe
  2⤵
  PID:4588
- C:\Windows\System\ShSvnhi.exe
  C:\Windows\System\ShSvnhi.exe
  2⤵
  PID:4612
- C:\Windows\System\IZkMCsR.exe
  C:\Windows\System\IZkMCsR.exe
  2⤵
  PID:4632
- C:\Windows\System\OoyxSRH.exe
  C:\Windows\System\OoyxSRH.exe
  2⤵
  PID:4648
- C:\Windows\System\lUIVQsC.exe
  C:\Windows\System\lUIVQsC.exe
  2⤵
  PID:4668
- C:\Windows\System\xmfWIBm.exe
  C:\Windows\System\xmfWIBm.exe
  2⤵
  PID:4684
- C:\Windows\System\dWgOtQW.exe
  C:\Windows\System\dWgOtQW.exe
  2⤵
  PID:4700
- C:\Windows\System\HpBCuDl.exe
  C:\Windows\System\HpBCuDl.exe
  2⤵
  PID:4724
- C:\Windows\System\MCnHmGl.exe
  C:\Windows\System\MCnHmGl.exe
  2⤵
  PID:4744
- C:\Windows\System\XJVmUoR.exe
  C:\Windows\System\XJVmUoR.exe
  2⤵
  PID:4768
- C:\Windows\System\jYifZJH.exe
  C:\Windows\System\jYifZJH.exe
  2⤵
  PID:4792
- C:\Windows\System\fPCTijp.exe
  C:\Windows\System\fPCTijp.exe
  2⤵
  PID:4808
- C:\Windows\System\HkAsdOf.exe
  C:\Windows\System\HkAsdOf.exe
  2⤵
  PID:4832
- C:\Windows\System\rOiItJf.exe
  C:\Windows\System\rOiItJf.exe
  2⤵
  PID:4848
- C:\Windows\System\fAbcshd.exe
  C:\Windows\System\fAbcshd.exe
  2⤵
  PID:4868
- C:\Windows\System\NKbDcUz.exe
  C:\Windows\System\NKbDcUz.exe
  2⤵
  PID:4892
- C:\Windows\System\fbZsOtD.exe
  C:\Windows\System\fbZsOtD.exe
  2⤵
  PID:4908
- C:\Windows\System\yOglDkY.exe
  C:\Windows\System\yOglDkY.exe
  2⤵
  PID:4928
- C:\Windows\System\IiKWkBb.exe
  C:\Windows\System\IiKWkBb.exe
  2⤵
  PID:4948
- C:\Windows\System\yQhXQZL.exe
  C:\Windows\System\yQhXQZL.exe
  2⤵
  PID:4968
- C:\Windows\System\vGBmBRT.exe
  C:\Windows\System\vGBmBRT.exe
  2⤵
  PID:4984
- C:\Windows\System\affkGkl.exe
  C:\Windows\System\affkGkl.exe
  2⤵
  PID:5000
- C:\Windows\System\SDqrntu.exe
  C:\Windows\System\SDqrntu.exe
  2⤵
  PID:5020
- C:\Windows\System\ICEerQy.exe
  C:\Windows\System\ICEerQy.exe
  2⤵
  PID:5044
- C:\Windows\System\mzgZmNp.exe
  C:\Windows\System\mzgZmNp.exe
  2⤵
  PID:5064
- C:\Windows\System\WOTMLqQ.exe
  C:\Windows\System\WOTMLqQ.exe
  2⤵
  PID:5084
- C:\Windows\System\XtZodOy.exe
  C:\Windows\System\XtZodOy.exe
  2⤵
  PID:5112
- C:\Windows\System\LhiqIET.exe
  C:\Windows\System\LhiqIET.exe
  2⤵
  PID:3528
- C:\Windows\System\rwIwldJ.exe
  C:\Windows\System\rwIwldJ.exe
  2⤵
  PID:3760
- C:\Windows\System\WNqACXI.exe
  C:\Windows\System\WNqACXI.exe
  2⤵
  PID:3052
- C:\Windows\System\ppRlCRk.exe
  C:\Windows\System\ppRlCRk.exe
  2⤵
  PID:4048
- C:\Windows\System\ntblQMs.exe
  C:\Windows\System\ntblQMs.exe
  2⤵
  PID:408
- C:\Windows\System\RMqobYM.exe
  C:\Windows\System\RMqobYM.exe
  2⤵
  PID:1992
- C:\Windows\System\LYWVaaN.exe
  C:\Windows\System\LYWVaaN.exe
  2⤵
  PID:3120
- C:\Windows\System\IRXpKkC.exe
  C:\Windows\System\IRXpKkC.exe
  2⤵
  PID:3460
- C:\Windows\System\tDCfwBp.exe
  C:\Windows\System\tDCfwBp.exe
  2⤵
  PID:3260
- C:\Windows\System\RBMddDs.exe
  C:\Windows\System\RBMddDs.exe
  2⤵
  PID:4144
- C:\Windows\System\GhmVkwh.exe
  C:\Windows\System\GhmVkwh.exe
  2⤵
  PID:4184
- C:\Windows\System\UjBkQDy.exe
  C:\Windows\System\UjBkQDy.exe
  2⤵
  PID:4216
- C:\Windows\System\hpwBjhY.exe
  C:\Windows\System\hpwBjhY.exe
  2⤵
  PID:4200
- C:\Windows\System\LYPHxSj.exe
  C:\Windows\System\LYPHxSj.exe
  2⤵
  PID:4296
- C:\Windows\System\BAcjQId.exe
  C:\Windows\System\BAcjQId.exe
  2⤵
  PID:4316
- C:\Windows\System\PZOFWoU.exe
  C:\Windows\System\PZOFWoU.exe
  2⤵
  PID:4376
- C:\Windows\System\DhyLDhc.exe
  C:\Windows\System\DhyLDhc.exe
  2⤵
  PID:4352
- C:\Windows\System\GXvmzsA.exe
  C:\Windows\System\GXvmzsA.exe
  2⤵
  PID:4404
- C:\Windows\System\pwaqvIu.exe
  C:\Windows\System\pwaqvIu.exe
  2⤵
  PID:4456
- C:\Windows\System\sZBdgYG.exe
  C:\Windows\System\sZBdgYG.exe
  2⤵
  PID:4528
- C:\Windows\System\pAWGxwJ.exe
  C:\Windows\System\pAWGxwJ.exe
  2⤵
  PID:4572
- C:\Windows\System\XYkeuAM.exe
  C:\Windows\System\XYkeuAM.exe
  2⤵
  PID:4472
- C:\Windows\System\TzeVOGM.exe
  C:\Windows\System\TzeVOGM.exe
  2⤵
  PID:4584
- C:\Windows\System\PAJFTzT.exe
  C:\Windows\System\PAJFTzT.exe
  2⤵
  PID:4596
- C:\Windows\System\OPOnmtd.exe
  C:\Windows\System\OPOnmtd.exe
  2⤵
  PID:4628
- C:\Windows\System\jFOYBqh.exe
  C:\Windows\System\jFOYBqh.exe
  2⤵
  PID:1660
- C:\Windows\System\KOaiRrT.exe
  C:\Windows\System\KOaiRrT.exe
  2⤵
  PID:4732
- C:\Windows\System\qTsAXCo.exe
  C:\Windows\System\qTsAXCo.exe
  2⤵
  PID:4716
- C:\Windows\System\PZmPqjO.exe
  C:\Windows\System\PZmPqjO.exe
  2⤵
  PID:4676
- C:\Windows\System\fjCokbX.exe
  C:\Windows\System\fjCokbX.exe
  2⤵
  PID:4784
- C:\Windows\System\HYGOHZh.exe
  C:\Windows\System\HYGOHZh.exe
  2⤵
  PID:4856
- C:\Windows\System\dTlVhdi.exe
  C:\Windows\System\dTlVhdi.exe
  2⤵
  PID:4840
- C:\Windows\System\aUlINEb.exe
  C:\Windows\System\aUlINEb.exe
  2⤵
  PID:4936
- C:\Windows\System\pZyAVJE.exe
  C:\Windows\System\pZyAVJE.exe
  2⤵
  PID:4980
- C:\Windows\System\rnEwNBj.exe
  C:\Windows\System\rnEwNBj.exe
  2⤵
  PID:4924
- C:\Windows\System\EwkdtFl.exe
  C:\Windows\System\EwkdtFl.exe
  2⤵
  PID:5052
- C:\Windows\System\RoVEEJg.exe
  C:\Windows\System\RoVEEJg.exe
  2⤵
  PID:5032
- C:\Windows\System\jhooZXC.exe
  C:\Windows\System\jhooZXC.exe
  2⤵
  PID:5096
- C:\Windows\System\mFbbfvp.exe
  C:\Windows\System\mFbbfvp.exe
  2⤵
  PID:4992
- C:\Windows\System\moOcUmY.exe
  C:\Windows\System\moOcUmY.exe
  2⤵
  PID:3584
- C:\Windows\System\wkZRxrG.exe
  C:\Windows\System\wkZRxrG.exe
  2⤵
  PID:3980
- C:\Windows\System\tArBmim.exe
  C:\Windows\System\tArBmim.exe
  2⤵
  PID:2316
- C:\Windows\System\gbZpolV.exe
  C:\Windows\System\gbZpolV.exe
  2⤵
  PID:3216
- C:\Windows\System\otGXnJF.exe
  C:\Windows\System\otGXnJF.exe
  2⤵
  PID:4016
- C:\Windows\System\mcuJVob.exe
  C:\Windows\System\mcuJVob.exe
  2⤵
  PID:4272
- C:\Windows\System\wMnptyF.exe
  C:\Windows\System\wMnptyF.exe
  2⤵
  PID:2364
- C:\Windows\System\ktYUixC.exe
  C:\Windows\System\ktYUixC.exe
  2⤵
  PID:4364
- C:\Windows\System\TGJAwaG.exe
  C:\Windows\System\TGJAwaG.exe
  2⤵
  PID:3092
- C:\Windows\System\uecdyjW.exe
  C:\Windows\System\uecdyjW.exe
  2⤵
  PID:4524
- C:\Windows\System\fIOdPPh.exe
  C:\Windows\System\fIOdPPh.exe
  2⤵
  PID:4256
- C:\Windows\System\ywQwqck.exe
  C:\Windows\System\ywQwqck.exe
  2⤵
  PID:2148
- C:\Windows\System\ICZDMwF.exe
  C:\Windows\System\ICZDMwF.exe
  2⤵
  PID:4640
- C:\Windows\System\KtdrUvs.exe
  C:\Windows\System\KtdrUvs.exe
  2⤵
  PID:4432
- C:\Windows\System\FkQcMAM.exe
  C:\Windows\System\FkQcMAM.exe
  2⤵
  PID:4444
- C:\Windows\System\LEMUBib.exe
  C:\Windows\System\LEMUBib.exe
  2⤵
  PID:4788
- C:\Windows\System\GHwvypb.exe
  C:\Windows\System\GHwvypb.exe
  2⤵
  PID:4900
- C:\Windows\System\zIfeeSb.exe
  C:\Windows\System\zIfeeSb.exe
  2⤵
  PID:4692
- C:\Windows\System\oczbnAX.exe
  C:\Windows\System\oczbnAX.exe
  2⤵
  PID:2312
- C:\Windows\System\cWPSKID.exe
  C:\Windows\System\cWPSKID.exe
  2⤵
  PID:4828
- C:\Windows\System\oxKSBEM.exe
  C:\Windows\System\oxKSBEM.exe
  2⤵
  PID:4880
- C:\Windows\System\ZBpzYiw.exe
  C:\Windows\System\ZBpzYiw.exe
  2⤵
  PID:4884
- C:\Windows\System\gjSkQKT.exe
  C:\Windows\System\gjSkQKT.exe
  2⤵
  PID:5108
- C:\Windows\System\fuacquw.exe
  C:\Windows\System\fuacquw.exe
  2⤵
  PID:3536
- C:\Windows\System\tBHFsHc.exe
  C:\Windows\System\tBHFsHc.exe
  2⤵
  PID:4920
- C:\Windows\System\DhlARFF.exe
  C:\Windows\System\DhlARFF.exe
  2⤵
  PID:3788
- C:\Windows\System\RPibZxo.exe
  C:\Windows\System\RPibZxo.exe
  2⤵
  PID:2788
- C:\Windows\System\XYOyNeP.exe
  C:\Windows\System\XYOyNeP.exe
  2⤵
  PID:4400
- C:\Windows\System\AcHFRxe.exe
  C:\Windows\System\AcHFRxe.exe
  2⤵
  PID:4156
- C:\Windows\System\ChCjErj.exe
  C:\Windows\System\ChCjErj.exe
  2⤵
  PID:4340
- C:\Windows\System\iPAWQME.exe
  C:\Windows\System\iPAWQME.exe
  2⤵
  PID:1704
- C:\Windows\System\XFxhzOL.exe
  C:\Windows\System\XFxhzOL.exe
  2⤵
  PID:4556
- C:\Windows\System\tablsKA.exe
  C:\Windows\System\tablsKA.exe
  2⤵
  PID:4580
- C:\Windows\System\dJlmhju.exe
  C:\Windows\System\dJlmhju.exe
  2⤵
  PID:4780
- C:\Windows\System\UhQhXqy.exe
  C:\Windows\System\UhQhXqy.exe
  2⤵
  PID:4756
- C:\Windows\System\BAUlGzM.exe
  C:\Windows\System\BAUlGzM.exe
  2⤵
  PID:4940
- C:\Windows\System\vyZufZs.exe
  C:\Windows\System\vyZufZs.exe
  2⤵
  PID:5140
- C:\Windows\System\AyXxcky.exe
  C:\Windows\System\AyXxcky.exe
  2⤵
  PID:5160
- C:\Windows\System\aZoAvec.exe
  C:\Windows\System\aZoAvec.exe
  2⤵
  PID:5180
- C:\Windows\System\leJPepL.exe
  C:\Windows\System\leJPepL.exe
  2⤵
  PID:5200
- C:\Windows\System\bJdAfwX.exe
  C:\Windows\System\bJdAfwX.exe
  2⤵
  PID:5220
- C:\Windows\System\eciWYjU.exe
  C:\Windows\System\eciWYjU.exe
  2⤵
  PID:5240
- C:\Windows\System\TMkFXcW.exe
  C:\Windows\System\TMkFXcW.exe
  2⤵
  PID:5260
- C:\Windows\System\iJBVoAN.exe
  C:\Windows\System\iJBVoAN.exe
  2⤵
  PID:5280
- C:\Windows\System\bNfvrSv.exe
  C:\Windows\System\bNfvrSv.exe
  2⤵
  PID:5300
- C:\Windows\System\AWFlxgs.exe
  C:\Windows\System\AWFlxgs.exe
  2⤵
  PID:5320
- C:\Windows\System\FVebgkl.exe
  C:\Windows\System\FVebgkl.exe
  2⤵
  PID:5340
- C:\Windows\System\LhVBcZm.exe
  C:\Windows\System\LhVBcZm.exe
  2⤵
  PID:5360
- C:\Windows\System\YxBaOPZ.exe
  C:\Windows\System\YxBaOPZ.exe
  2⤵
  PID:5380
- C:\Windows\System\hSEgQGV.exe
  C:\Windows\System\hSEgQGV.exe
  2⤵
  PID:5400
- C:\Windows\System\mLOFUtX.exe
  C:\Windows\System\mLOFUtX.exe
  2⤵
  PID:5420
- C:\Windows\System\kvWGbRl.exe
  C:\Windows\System\kvWGbRl.exe
  2⤵
  PID:5440
- C:\Windows\System\Uhuwpbl.exe
  C:\Windows\System\Uhuwpbl.exe
  2⤵
  PID:5460
- C:\Windows\System\YaKFchR.exe
  C:\Windows\System\YaKFchR.exe
  2⤵
  PID:5480
- C:\Windows\System\gGsJpbG.exe
  C:\Windows\System\gGsJpbG.exe
  2⤵
  PID:5500
- C:\Windows\System\KmBRAUX.exe
  C:\Windows\System\KmBRAUX.exe
  2⤵
  PID:5520
- C:\Windows\System\YQXQqMc.exe
  C:\Windows\System\YQXQqMc.exe
  2⤵
  PID:5540
- C:\Windows\System\KpJPTmA.exe
  C:\Windows\System\KpJPTmA.exe
  2⤵
  PID:5560
- C:\Windows\System\HWIOfcX.exe
  C:\Windows\System\HWIOfcX.exe
  2⤵
  PID:5580
- C:\Windows\System\blwjEZs.exe
  C:\Windows\System\blwjEZs.exe
  2⤵
  PID:5600
- C:\Windows\System\QWrESRU.exe
  C:\Windows\System\QWrESRU.exe
  2⤵
  PID:5620
- C:\Windows\System\WTOqzUm.exe
  C:\Windows\System\WTOqzUm.exe
  2⤵
  PID:5640
- C:\Windows\System\ceETfVZ.exe
  C:\Windows\System\ceETfVZ.exe
  2⤵
  PID:5660
- C:\Windows\System\yXQYypj.exe
  C:\Windows\System\yXQYypj.exe
  2⤵
  PID:5680
- C:\Windows\System\xpAUJNk.exe
  C:\Windows\System\xpAUJNk.exe
  2⤵
  PID:5700
- C:\Windows\System\dVsQsVl.exe
  C:\Windows\System\dVsQsVl.exe
  2⤵
  PID:5720
- C:\Windows\System\iLYNrFS.exe
  C:\Windows\System\iLYNrFS.exe
  2⤵
  PID:5740
- C:\Windows\System\YcKXgWo.exe
  C:\Windows\System\YcKXgWo.exe
  2⤵
  PID:5760
- C:\Windows\System\GAoXrRf.exe
  C:\Windows\System\GAoXrRf.exe
  2⤵
  PID:5780
- C:\Windows\System\zWJjAJd.exe
  C:\Windows\System\zWJjAJd.exe
  2⤵
  PID:5800
- C:\Windows\System\kHQFLKj.exe
  C:\Windows\System\kHQFLKj.exe
  2⤵
  PID:5820
- C:\Windows\System\mtNDrAF.exe
  C:\Windows\System\mtNDrAF.exe
  2⤵
  PID:5844
- C:\Windows\System\fPYhvsB.exe
  C:\Windows\System\fPYhvsB.exe
  2⤵
  PID:5864
- C:\Windows\System\BSXdXrq.exe
  C:\Windows\System\BSXdXrq.exe
  2⤵
  PID:5880
- C:\Windows\System\ULHaxGf.exe
  C:\Windows\System\ULHaxGf.exe
  2⤵
  PID:5900
- C:\Windows\System\FwIfCJJ.exe
  C:\Windows\System\FwIfCJJ.exe
  2⤵
  PID:5924
- C:\Windows\System\gQnIGWk.exe
  C:\Windows\System\gQnIGWk.exe
  2⤵
  PID:5944
- C:\Windows\System\oTZOgTG.exe
  C:\Windows\System\oTZOgTG.exe
  2⤵
  PID:5960
- C:\Windows\System\zNhiLGQ.exe
  C:\Windows\System\zNhiLGQ.exe
  2⤵
  PID:5980
- C:\Windows\System\IHFpRkN.exe
  C:\Windows\System\IHFpRkN.exe
  2⤵
  PID:6004
- C:\Windows\System\qcpUJhj.exe
  C:\Windows\System\qcpUJhj.exe
  2⤵
  PID:6024
- C:\Windows\System\olSSTqx.exe
  C:\Windows\System\olSSTqx.exe
  2⤵
  PID:6040
- C:\Windows\System\yWAMGtk.exe
  C:\Windows\System\yWAMGtk.exe
  2⤵
  PID:6064
- C:\Windows\System\HIrNmyh.exe
  C:\Windows\System\HIrNmyh.exe
  2⤵
  PID:6084
- C:\Windows\System\mkzbMyw.exe
  C:\Windows\System\mkzbMyw.exe
  2⤵
  PID:6104
- C:\Windows\System\XsdPYuM.exe
  C:\Windows\System\XsdPYuM.exe
  2⤵
  PID:6120
- C:\Windows\System\yIUEMbf.exe
  C:\Windows\System\yIUEMbf.exe
  2⤵
  PID:6140
- C:\Windows\System\kfyaOoD.exe
  C:\Windows\System\kfyaOoD.exe
  2⤵
  PID:4824
- C:\Windows\System\GAsWrJD.exe
  C:\Windows\System\GAsWrJD.exe
  2⤵
  PID:2396
- C:\Windows\System\XDLvkQB.exe
  C:\Windows\System\XDLvkQB.exe
  2⤵
  PID:3680
- C:\Windows\System\oqMnwij.exe
  C:\Windows\System\oqMnwij.exe
  2⤵
  PID:2588
- C:\Windows\System\RpoNcyW.exe
  C:\Windows\System\RpoNcyW.exe
  2⤵
  PID:4136
- C:\Windows\System\qFfutYH.exe
  C:\Windows\System\qFfutYH.exe
  2⤵
  PID:4324
- C:\Windows\System\ePwCjGn.exe
  C:\Windows\System\ePwCjGn.exe
  2⤵
  PID:4488
- C:\Windows\System\jEzaDYb.exe
  C:\Windows\System\jEzaDYb.exe
  2⤵
  PID:4552
- C:\Windows\System\igAMCtY.exe
  C:\Windows\System\igAMCtY.exe
  2⤵
  PID:4712
- C:\Windows\System\HrVBROC.exe
  C:\Windows\System\HrVBROC.exe
  2⤵
  PID:4708
- C:\Windows\System\MJVbHAe.exe
  C:\Windows\System\MJVbHAe.exe
  2⤵
  PID:4860
- C:\Windows\System\oLjREBN.exe
  C:\Windows\System\oLjREBN.exe
  2⤵
  PID:5148
- C:\Windows\System\KyQBnys.exe
  C:\Windows\System\KyQBnys.exe
  2⤵
  PID:5208
- C:\Windows\System\Cizioft.exe
  C:\Windows\System\Cizioft.exe
  2⤵
  PID:5228
- C:\Windows\System\meSaAwk.exe
  C:\Windows\System\meSaAwk.exe
  2⤵
  PID:5256
- C:\Windows\System\ISljLWv.exe
  C:\Windows\System\ISljLWv.exe
  2⤵
  PID:5288
- C:\Windows\System\saJmBUT.exe
  C:\Windows\System\saJmBUT.exe
  2⤵
  PID:5316
- C:\Windows\System\AvmCgFb.exe
  C:\Windows\System\AvmCgFb.exe
  2⤵
  PID:5368
- C:\Windows\System\BRjXLtv.exe
  C:\Windows\System\BRjXLtv.exe
  2⤵
  PID:5372
- C:\Windows\System\WlhlHhg.exe
  C:\Windows\System\WlhlHhg.exe
  2⤵
  PID:5392
- C:\Windows\System\JRuVYxs.exe
  C:\Windows\System\JRuVYxs.exe
  2⤵
  PID:5456
- C:\Windows\System\Jixzowc.exe
  C:\Windows\System\Jixzowc.exe
  2⤵
  PID:5476
- C:\Windows\System\xEChdNg.exe
  C:\Windows\System\xEChdNg.exe
  2⤵
  PID:5516
- C:\Windows\System\LIdaAIk.exe
  C:\Windows\System\LIdaAIk.exe
  2⤵
  PID:5548
- C:\Windows\System\optHtEk.exe
  C:\Windows\System\optHtEk.exe
  2⤵
  PID:5552
- C:\Windows\System\PgbToIf.exe
  C:\Windows\System\PgbToIf.exe
  2⤵
  PID:5592
- C:\Windows\System\EOHMbGl.exe
  C:\Windows\System\EOHMbGl.exe
  2⤵
  PID:5628
- C:\Windows\System\fAMaiaR.exe
  C:\Windows\System\fAMaiaR.exe
  2⤵
  PID:5696
- C:\Windows\System\UbtioRw.exe
  C:\Windows\System\UbtioRw.exe
  2⤵
  PID:5728
- C:\Windows\System\ZlimZCt.exe
  C:\Windows\System\ZlimZCt.exe
  2⤵
  PID:5748
- C:\Windows\System\LyGUOzJ.exe
  C:\Windows\System\LyGUOzJ.exe
  2⤵
  PID:5756
- C:\Windows\System\YdeBbkj.exe
  C:\Windows\System\YdeBbkj.exe
  2⤵
  PID:5852
- C:\Windows\System\FqxiEez.exe
  C:\Windows\System\FqxiEez.exe
  2⤵
  PID:5840
- C:\Windows\System\xxbrPlP.exe
  C:\Windows\System\xxbrPlP.exe
  2⤵
  PID:5892
- C:\Windows\System\azLMrTo.exe
  C:\Windows\System\azLMrTo.exe
  2⤵
  PID:5872
- C:\Windows\System\HitjQPq.exe
  C:\Windows\System\HitjQPq.exe
  2⤵
  PID:5916
- C:\Windows\System\EywhjJO.exe
  C:\Windows\System\EywhjJO.exe
  2⤵
  PID:6016
- C:\Windows\System\NtLVRXb.exe
  C:\Windows\System\NtLVRXb.exe
  2⤵
  PID:6048
- C:\Windows\System\qSJpWsg.exe
  C:\Windows\System\qSJpWsg.exe
  2⤵
  PID:5996
- C:\Windows\System\VTFzXKv.exe
  C:\Windows\System\VTFzXKv.exe
  2⤵
  PID:6072
- C:\Windows\System\ViZMWqb.exe
  C:\Windows\System\ViZMWqb.exe
  2⤵
  PID:6136
- C:\Windows\System\euTIqhd.exe
  C:\Windows\System\euTIqhd.exe
  2⤵
  PID:3664
- C:\Windows\System\unIMWBq.exe
  C:\Windows\System\unIMWBq.exe
  2⤵
  PID:1764
- C:\Windows\System\SpUlQef.exe
  C:\Windows\System\SpUlQef.exe
  2⤵
  PID:1356
- C:\Windows\System\FfFtssY.exe
  C:\Windows\System\FfFtssY.exe
  2⤵
  PID:4996
- C:\Windows\System\FRoIdgj.exe
  C:\Windows\System\FRoIdgj.exe
  2⤵
  PID:4132
- C:\Windows\System\FEDCqEk.exe
  C:\Windows\System\FEDCqEk.exe
  2⤵
  PID:1856
- C:\Windows\System\YHecCRg.exe
  C:\Windows\System\YHecCRg.exe
  2⤵
  PID:5136
- C:\Windows\System\LPiotDb.exe
  C:\Windows\System\LPiotDb.exe
  2⤵
  PID:5152
- C:\Windows\System\ybFZeDJ.exe
  C:\Windows\System\ybFZeDJ.exe
  2⤵
  PID:5192
- C:\Windows\System\AfuorlY.exe
  C:\Windows\System\AfuorlY.exe
  2⤵
  PID:5252
- C:\Windows\System\LZiMGqK.exe
  C:\Windows\System\LZiMGqK.exe
  2⤵
  PID:5308
- C:\Windows\System\TcLvZGj.exe
  C:\Windows\System\TcLvZGj.exe
  2⤵
  PID:5376
- C:\Windows\System\YoSMxnC.exe
  C:\Windows\System\YoSMxnC.exe
  2⤵
  PID:5452
- C:\Windows\System\UREaYtc.exe
  C:\Windows\System\UREaYtc.exe
  2⤵
  PID:5496
- C:\Windows\System\RAWCwzK.exe
  C:\Windows\System\RAWCwzK.exe
  2⤵
  PID:5532
- C:\Windows\System\IjLkmMO.exe
  C:\Windows\System\IjLkmMO.exe
  2⤵
  PID:5556
- C:\Windows\System\TfolTjz.exe
  C:\Windows\System\TfolTjz.exe
  2⤵
  PID:5632
- C:\Windows\System\BopVARp.exe
  C:\Windows\System\BopVARp.exe
  2⤵
  PID:5708
- C:\Windows\System\RfsuQGx.exe
  C:\Windows\System\RfsuQGx.exe
  2⤵
  PID:5768
- C:\Windows\System\MaxvdYZ.exe
  C:\Windows\System\MaxvdYZ.exe
  2⤵
  PID:5816
- C:\Windows\System\rglqBzn.exe
  C:\Windows\System\rglqBzn.exe
  2⤵
  PID:5896
- C:\Windows\System\ixkAEHk.exe
  C:\Windows\System\ixkAEHk.exe
  2⤵
  PID:5936
- C:\Windows\System\YSDvVey.exe
  C:\Windows\System\YSDvVey.exe
  2⤵
  PID:5988
- C:\Windows\System\pFKGlWx.exe
  C:\Windows\System\pFKGlWx.exe
  2⤵
  PID:6100
- C:\Windows\System\PuoTaVu.exe
  C:\Windows\System\PuoTaVu.exe
  2⤵
  PID:6080
- C:\Windows\System\HZndlax.exe
  C:\Windows\System\HZndlax.exe
  2⤵
  PID:6076
- C:\Windows\System\oQAOrwL.exe
  C:\Windows\System\oQAOrwL.exe
  2⤵
  PID:4116
- C:\Windows\System\lSUjvuL.exe
  C:\Windows\System\lSUjvuL.exe
  2⤵
  PID:2648
- C:\Windows\System\QTnaPKf.exe
  C:\Windows\System\QTnaPKf.exe
  2⤵
  PID:4380
- C:\Windows\System\BlpMRzE.exe
  C:\Windows\System\BlpMRzE.exe
  2⤵
  PID:5172
- C:\Windows\System\jjiLLvw.exe
  C:\Windows\System\jjiLLvw.exe
  2⤵
  PID:5188
- C:\Windows\System\FbQkLPL.exe
  C:\Windows\System\FbQkLPL.exe
  2⤵
  PID:5332
- C:\Windows\System\vAyhmLN.exe
  C:\Windows\System\vAyhmLN.exe
  2⤵
  PID:5356
- C:\Windows\System\uNVPbsc.exe
  C:\Windows\System\uNVPbsc.exe
  2⤵
  PID:5492
- C:\Windows\System\uIQxxaI.exe
  C:\Windows\System\uIQxxaI.exe
  2⤵
  PID:5588
- C:\Windows\System\RnTehno.exe
  C:\Windows\System\RnTehno.exe
  2⤵
  PID:5656
- C:\Windows\System\QkkUewh.exe
  C:\Windows\System\QkkUewh.exe
  2⤵
  PID:5712
- C:\Windows\System\dtbXAxb.exe
  C:\Windows\System\dtbXAxb.exe
  2⤵
  PID:5856
- C:\Windows\System\ewPoRcS.exe
  C:\Windows\System\ewPoRcS.exe
  2⤵
  PID:5912
- C:\Windows\System\eOuXeWO.exe
  C:\Windows\System\eOuXeWO.exe
  2⤵
  PID:6060
- C:\Windows\System\IRSddyL.exe
  C:\Windows\System\IRSddyL.exe
  2⤵
  PID:5028
- C:\Windows\System\nepjPRR.exe
  C:\Windows\System\nepjPRR.exe
  2⤵
  PID:4752
- C:\Windows\System\BsLIavz.exe
  C:\Windows\System\BsLIavz.exe
  2⤵
  PID:6160
- C:\Windows\System\FFjJzHQ.exe
  C:\Windows\System\FFjJzHQ.exe
  2⤵
  PID:6180
- C:\Windows\System\nIYiWVP.exe
  C:\Windows\System\nIYiWVP.exe
  2⤵
  PID:6200
- C:\Windows\System\EFbZVjZ.exe
  C:\Windows\System\EFbZVjZ.exe
  2⤵
  PID:6220
- C:\Windows\System\czcnSmO.exe
  C:\Windows\System\czcnSmO.exe
  2⤵
  PID:6240
- C:\Windows\System\oKRPPzk.exe
  C:\Windows\System\oKRPPzk.exe
  2⤵
  PID:6260
- C:\Windows\System\rrAEReS.exe
  C:\Windows\System\rrAEReS.exe
  2⤵
  PID:6280
- C:\Windows\System\PTTqzhq.exe
  C:\Windows\System\PTTqzhq.exe
  2⤵
  PID:6300
- C:\Windows\System\NpQrQIR.exe
  C:\Windows\System\NpQrQIR.exe
  2⤵
  PID:6324
- C:\Windows\System\OmSHRaL.exe
  C:\Windows\System\OmSHRaL.exe
  2⤵
  PID:6344
- C:\Windows\System\yhpmrwP.exe
  C:\Windows\System\yhpmrwP.exe
  2⤵
  PID:6364
- C:\Windows\System\cNkDsCZ.exe
  C:\Windows\System\cNkDsCZ.exe
  2⤵
  PID:6384
- C:\Windows\System\zCWTvvT.exe
  C:\Windows\System\zCWTvvT.exe
  2⤵
  PID:6404
- C:\Windows\System\kXtphAd.exe
  C:\Windows\System\kXtphAd.exe
  2⤵
  PID:6424
- C:\Windows\System\MwCSAHe.exe
  C:\Windows\System\MwCSAHe.exe
  2⤵
  PID:6444
- C:\Windows\System\ltcrNzP.exe
  C:\Windows\System\ltcrNzP.exe
  2⤵
  PID:6464
- C:\Windows\System\IWcsZru.exe
  C:\Windows\System\IWcsZru.exe
  2⤵
  PID:6484
- C:\Windows\System\bWGkpSY.exe
  C:\Windows\System\bWGkpSY.exe
  2⤵
  PID:6504
- C:\Windows\System\EeXkSdn.exe
  C:\Windows\System\EeXkSdn.exe
  2⤵
  PID:6524
- C:\Windows\System\zTvkQqa.exe
  C:\Windows\System\zTvkQqa.exe
  2⤵
  PID:6544
- C:\Windows\System\NajOYKk.exe
  C:\Windows\System\NajOYKk.exe
  2⤵
  PID:6564
- C:\Windows\System\UqElruO.exe
  C:\Windows\System\UqElruO.exe
  2⤵
  PID:6584
- C:\Windows\System\ZBORLPS.exe
  C:\Windows\System\ZBORLPS.exe
  2⤵
  PID:6604
- C:\Windows\System\qLNTwRx.exe
  C:\Windows\System\qLNTwRx.exe
  2⤵
  PID:6624
- C:\Windows\System\WmGmdns.exe
  C:\Windows\System\WmGmdns.exe
  2⤵
  PID:6644
- C:\Windows\System\IeDUPPJ.exe
  C:\Windows\System\IeDUPPJ.exe
  2⤵
  PID:6664
- C:\Windows\System\XLwjQiS.exe
  C:\Windows\System\XLwjQiS.exe
  2⤵
  PID:6684
- C:\Windows\System\dNjhrLL.exe
  C:\Windows\System\dNjhrLL.exe
  2⤵
  PID:6704
- C:\Windows\System\oAxsSnc.exe
  C:\Windows\System\oAxsSnc.exe
  2⤵
  PID:6724
- C:\Windows\System\feHAUpP.exe
  C:\Windows\System\feHAUpP.exe
  2⤵
  PID:6744
- C:\Windows\System\KiIKQjh.exe
  C:\Windows\System\KiIKQjh.exe
  2⤵
  PID:6764
- C:\Windows\System\GNeUDLa.exe
  C:\Windows\System\GNeUDLa.exe
  2⤵
  PID:6784
- C:\Windows\System\YSINjOJ.exe
  C:\Windows\System\YSINjOJ.exe
  2⤵
  PID:6804
- C:\Windows\System\SXdDxxV.exe
  C:\Windows\System\SXdDxxV.exe
  2⤵
  PID:6824
- C:\Windows\System\gwtJaQb.exe
  C:\Windows\System\gwtJaQb.exe
  2⤵
  PID:6844
- C:\Windows\System\lluZDPj.exe
  C:\Windows\System\lluZDPj.exe
  2⤵
  PID:6864
- C:\Windows\System\GgMRzvX.exe
  C:\Windows\System\GgMRzvX.exe
  2⤵
  PID:6884
- C:\Windows\System\rQalRIK.exe
  C:\Windows\System\rQalRIK.exe
  2⤵
  PID:6904
- C:\Windows\System\qhabcVZ.exe
  C:\Windows\System\qhabcVZ.exe
  2⤵
  PID:6924
- C:\Windows\System\dXleoIE.exe
  C:\Windows\System\dXleoIE.exe
  2⤵
  PID:6944
- C:\Windows\System\vKmzthy.exe
  C:\Windows\System\vKmzthy.exe
  2⤵
  PID:6964
- C:\Windows\System\PWROEMQ.exe
  C:\Windows\System\PWROEMQ.exe
  2⤵
  PID:6984
- C:\Windows\System\sFrbzPR.exe
  C:\Windows\System\sFrbzPR.exe
  2⤵
  PID:7004
- C:\Windows\System\sxJBLdB.exe
  C:\Windows\System\sxJBLdB.exe
  2⤵
  PID:7024
- C:\Windows\System\dBjUklD.exe
  C:\Windows\System\dBjUklD.exe
  2⤵
  PID:7044
- C:\Windows\System\JonNxPR.exe
  C:\Windows\System\JonNxPR.exe
  2⤵
  PID:7064
- C:\Windows\System\DPuYwNN.exe
  C:\Windows\System\DPuYwNN.exe
  2⤵
  PID:7084
- C:\Windows\System\qYzpzsO.exe
  C:\Windows\System\qYzpzsO.exe
  2⤵
  PID:7104
- C:\Windows\System\yNnSGXQ.exe
  C:\Windows\System\yNnSGXQ.exe
  2⤵
  PID:7124
- C:\Windows\System\eKgqBAv.exe
  C:\Windows\System\eKgqBAv.exe
  2⤵
  PID:7144
- C:\Windows\System\tCvkijh.exe
  C:\Windows\System\tCvkijh.exe
  2⤵
  PID:7164
- C:\Windows\System\YfcTrVg.exe
  C:\Windows\System\YfcTrVg.exe
  2⤵
  PID:4568
- C:\Windows\System\DSyHBlQ.exe
  C:\Windows\System\DSyHBlQ.exe
  2⤵
  PID:5168
- C:\Windows\System\IoFDSdW.exe
  C:\Windows\System\IoFDSdW.exe
  2⤵
  PID:5268
- C:\Windows\System\EPKWaJU.exe
  C:\Windows\System\EPKWaJU.exe
  2⤵
  PID:5436
- C:\Windows\System\RHushgN.exe
  C:\Windows\System\RHushgN.exe
  2⤵
  PID:5716
- C:\Windows\System\OJsahsU.exe
  C:\Windows\System\OJsahsU.exe
  2⤵
  PID:5940
- C:\Windows\System\pQsympx.exe
  C:\Windows\System\pQsympx.exe
  2⤵
  PID:5968
- C:\Windows\System\lCjlePH.exe
  C:\Windows\System\lCjlePH.exe
  2⤵
  PID:6096
- C:\Windows\System\qbTgHTL.exe
  C:\Windows\System\qbTgHTL.exe
  2⤵
  PID:6156
- C:\Windows\System\nouTAmC.exe
  C:\Windows\System\nouTAmC.exe
  2⤵
  PID:6176
- C:\Windows\System\lQwJcYc.exe
  C:\Windows\System\lQwJcYc.exe
  2⤵
  PID:6208
- C:\Windows\System\NKtpFFw.exe
  C:\Windows\System\NKtpFFw.exe
  2⤵
  PID:6232
- C:\Windows\System\ZFXgJIW.exe
  C:\Windows\System\ZFXgJIW.exe
  2⤵
  PID:6268
- C:\Windows\System\jPMYVfj.exe
  C:\Windows\System\jPMYVfj.exe
  2⤵
  PID:6308
- C:\Windows\System\DziYKTR.exe
  C:\Windows\System\DziYKTR.exe
  2⤵
  PID:6336
- C:\Windows\System\AswuiwR.exe
  C:\Windows\System\AswuiwR.exe
  2⤵
  PID:6380
- C:\Windows\System\UhtYYmu.exe
  C:\Windows\System\UhtYYmu.exe
  2⤵
  PID:6412
- C:\Windows\System\RnYrdkj.exe
  C:\Windows\System\RnYrdkj.exe
  2⤵
  PID:6436
- C:\Windows\System\LQCabYL.exe
  C:\Windows\System\LQCabYL.exe
  2⤵
  PID:6460
- C:\Windows\System\ltDZzBO.exe
  C:\Windows\System\ltDZzBO.exe
  2⤵
  PID:6496
- C:\Windows\System\dtLWJjT.exe
  C:\Windows\System\dtLWJjT.exe
  2⤵
  PID:6540
- C:\Windows\System\dsYJxvx.exe
  C:\Windows\System\dsYJxvx.exe
  2⤵
  PID:6580
- C:\Windows\System\eMmLmUM.exe
  C:\Windows\System\eMmLmUM.exe
  2⤵
  PID:6612
- C:\Windows\System\rrWcCeA.exe
  C:\Windows\System\rrWcCeA.exe
  2⤵
  PID:6636
- C:\Windows\System\yvIShjO.exe
  C:\Windows\System\yvIShjO.exe
  2⤵
  PID:6680
- C:\Windows\System\OoqvhRV.exe
  C:\Windows\System\OoqvhRV.exe
  2⤵
  PID:6696
- C:\Windows\System\eQyKwgn.exe
  C:\Windows\System\eQyKwgn.exe
  2⤵
  PID:6760
- C:\Windows\System\ErDdojq.exe
  C:\Windows\System\ErDdojq.exe
  2⤵
  PID:6800
- C:\Windows\System\gaLgcOk.exe
  C:\Windows\System\gaLgcOk.exe
  2⤵
  PID:6812
- C:\Windows\System\vEmamJz.exe
  C:\Windows\System\vEmamJz.exe
  2⤵
  PID:6836
- C:\Windows\System\HZmvTtn.exe
  C:\Windows\System\HZmvTtn.exe
  2⤵
  PID:6880
- C:\Windows\System\EvkxcJn.exe
  C:\Windows\System\EvkxcJn.exe
  2⤵
  PID:6916
- C:\Windows\System\tIkGGAq.exe
  C:\Windows\System\tIkGGAq.exe
  2⤵
  PID:6960
- C:\Windows\System\VWRzqCj.exe
  C:\Windows\System\VWRzqCj.exe
  2⤵
  PID:7000
- C:\Windows\System\ybjtihr.exe
  C:\Windows\System\ybjtihr.exe
  2⤵
  PID:6996
- C:\Windows\System\REHxjVM.exe
  C:\Windows\System\REHxjVM.exe
  2⤵
  PID:7016
- C:\Windows\System\qzGfRkz.exe
  C:\Windows\System\qzGfRkz.exe
  2⤵
  PID:7080
- C:\Windows\System\Zejyxpq.exe
  C:\Windows\System\Zejyxpq.exe
  2⤵
  PID:7092
- C:\Windows\System\NoICpMC.exe
  C:\Windows\System\NoICpMC.exe
  2⤵
  PID:2128
- C:\Windows\System\cGAxQrY.exe
  C:\Windows\System\cGAxQrY.exe
  2⤵
  PID:4496
- C:\Windows\System\LMawQov.exe
  C:\Windows\System\LMawQov.exe
  2⤵
  PID:4220
- C:\Windows\System\LmUOQEe.exe
  C:\Windows\System\LmUOQEe.exe
  2⤵
  PID:5276
- C:\Windows\System\PmCapmG.exe
  C:\Windows\System\PmCapmG.exe
  2⤵
  PID:5616
- C:\Windows\System\YFCouVi.exe
  C:\Windows\System\YFCouVi.exe
  2⤵
  PID:5956
- C:\Windows\System\QlPbqgZ.exe
  C:\Windows\System\QlPbqgZ.exe
  2⤵
  PID:5828
- C:\Windows\System\ybBvLEx.exe
  C:\Windows\System\ybBvLEx.exe
  2⤵
  PID:6112
- C:\Windows\System\rhBaHpM.exe
  C:\Windows\System\rhBaHpM.exe
  2⤵
  PID:6212
- C:\Windows\System\zOxxJjm.exe
  C:\Windows\System\zOxxJjm.exe
  2⤵
  PID:6288
- C:\Windows\System\EkWtOfu.exe
  C:\Windows\System\EkWtOfu.exe
  2⤵
  PID:6360
- C:\Windows\System\PxCFfer.exe
  C:\Windows\System\PxCFfer.exe
  2⤵
  PID:6432
- C:\Windows\System\fDhdljI.exe
  C:\Windows\System\fDhdljI.exe
  2⤵
  PID:6440
- C:\Windows\System\LXvIdpf.exe
  C:\Windows\System\LXvIdpf.exe
  2⤵
  PID:6480
- C:\Windows\System\BEFChlu.exe
  C:\Windows\System\BEFChlu.exe
  2⤵
  PID:6560
- C:\Windows\System\htPQLdJ.exe
  C:\Windows\System\htPQLdJ.exe
  2⤵
  PID:6640
- C:\Windows\System\DexgTkl.exe
  C:\Windows\System\DexgTkl.exe
  2⤵
  PID:6656
- C:\Windows\System\QzCyUap.exe
  C:\Windows\System\QzCyUap.exe
  2⤵
  PID:6792
- C:\Windows\System\DZpamIi.exe
  C:\Windows\System\DZpamIi.exe
  2⤵
  PID:6772
- C:\Windows\System\iSvbBDf.exe
  C:\Windows\System\iSvbBDf.exe
  2⤵
  PID:6780
- C:\Windows\System\GcoReDz.exe
  C:\Windows\System\GcoReDz.exe
  2⤵
  PID:6872
- C:\Windows\System\QTjRCfS.exe
  C:\Windows\System\QTjRCfS.exe
  2⤵
  PID:6932
- C:\Windows\System\QhkAfpv.exe
  C:\Windows\System\QhkAfpv.exe
  2⤵
  PID:7040
- C:\Windows\System\qVgFVTh.exe
  C:\Windows\System\qVgFVTh.exe
  2⤵
  PID:7112
- C:\Windows\System\GJJVXTY.exe
  C:\Windows\System\GJJVXTY.exe
  2⤵
  PID:7120
- C:\Windows\System\TSokDvy.exe
  C:\Windows\System\TSokDvy.exe
  2⤵
  PID:7156
- C:\Windows\System\aXWGRMa.exe
  C:\Windows\System\aXWGRMa.exe
  2⤵
  PID:5416
- C:\Windows\System\ryjFgOC.exe
  C:\Windows\System\ryjFgOC.exe
  2⤵
  PID:5528
- C:\Windows\System\ehmgZVy.exe
  C:\Windows\System\ehmgZVy.exe
  2⤵
  PID:5812
- C:\Windows\System\rVUyiQY.exe
  C:\Windows\System\rVUyiQY.exe
  2⤵
  PID:6168
- C:\Windows\System\euEUQys.exe
  C:\Windows\System\euEUQys.exe
  2⤵
  PID:6216
- C:\Windows\System\zVyKJPw.exe
  C:\Windows\System\zVyKJPw.exe
  2⤵
  PID:6296
- C:\Windows\System\OHIbucL.exe
  C:\Windows\System\OHIbucL.exe
  2⤵
  PID:6492
- C:\Windows\System\vKucXiQ.exe
  C:\Windows\System\vKucXiQ.exe
  2⤵
  PID:6552
- C:\Windows\System\sNmxOic.exe
  C:\Windows\System\sNmxOic.exe
  2⤵
  PID:6576
- C:\Windows\System\ohBlVOO.exe
  C:\Windows\System\ohBlVOO.exe
  2⤵
  PID:6672
- C:\Windows\System\TCXestF.exe
  C:\Windows\System\TCXestF.exe
  2⤵
  PID:6736
- C:\Windows\System\PyvAFBB.exe
  C:\Windows\System\PyvAFBB.exe
  2⤵
  PID:6892
- C:\Windows\System\mZKEQTR.exe
  C:\Windows\System\mZKEQTR.exe
  2⤵
  PID:3360
- C:\Windows\System\yZcrPbf.exe
  C:\Windows\System\yZcrPbf.exe
  2⤵
  PID:6976
- C:\Windows\System\rRTghzj.exe
  C:\Windows\System\rRTghzj.exe
  2⤵
  PID:7116
- C:\Windows\System\JcIdfPB.exe
  C:\Windows\System\JcIdfPB.exe
  2⤵
  PID:3008
- C:\Windows\System\GkzoOOg.exe
  C:\Windows\System\GkzoOOg.exe
  2⤵
  PID:4416
- C:\Windows\System\CVpAaBi.exe
  C:\Windows\System\CVpAaBi.exe
  2⤵
  PID:6012
- C:\Windows\System\ubDSYsk.exe
  C:\Windows\System\ubDSYsk.exe
  2⤵
  PID:6192
- C:\Windows\System\gCpjwiC.exe
  C:\Windows\System\gCpjwiC.exe
  2⤵
  PID:2104
- C:\Windows\System\iwTBZsC.exe
  C:\Windows\System\iwTBZsC.exe
  2⤵
  PID:6692
- C:\Windows\System\LiaGeAt.exe
  C:\Windows\System\LiaGeAt.exe
  2⤵
  PID:6816
- C:\Windows\System\zdVsCnc.exe
  C:\Windows\System\zdVsCnc.exe
  2⤵
  PID:6776
- C:\Windows\System\buPALyk.exe
  C:\Windows\System\buPALyk.exe
  2⤵
  PID:6936
- C:\Windows\System\WgTtWkA.exe
  C:\Windows\System\WgTtWkA.exe
  2⤵
  PID:2044
- C:\Windows\System\tbWZcqD.exe
  C:\Windows\System\tbWZcqD.exe
  2⤵
  PID:5576
- C:\Windows\System\IzoZUjT.exe
  C:\Windows\System\IzoZUjT.exe
  2⤵
  PID:5596
- C:\Windows\System\qJYczHX.exe
  C:\Windows\System\qJYczHX.exe
  2⤵
  PID:7188
- C:\Windows\System\ynmXpET.exe
  C:\Windows\System\ynmXpET.exe
  2⤵
  PID:7208
- C:\Windows\System\gifkqYZ.exe
  C:\Windows\System\gifkqYZ.exe
  2⤵
  PID:7228
- C:\Windows\System\xAlmtIb.exe
  C:\Windows\System\xAlmtIb.exe
  2⤵
  PID:7248
- C:\Windows\System\aKJAUxp.exe
  C:\Windows\System\aKJAUxp.exe
  2⤵
  PID:7268
- C:\Windows\System\iEvRkwi.exe
  C:\Windows\System\iEvRkwi.exe
  2⤵
  PID:7288
- C:\Windows\System\lToKrsV.exe
  C:\Windows\System\lToKrsV.exe
  2⤵
  PID:7308
- C:\Windows\System\IiOLXXP.exe
  C:\Windows\System\IiOLXXP.exe
  2⤵
  PID:7328
- C:\Windows\System\XuPanxG.exe
  C:\Windows\System\XuPanxG.exe
  2⤵
  PID:7348
- C:\Windows\System\OtcCjmM.exe
  C:\Windows\System\OtcCjmM.exe
  2⤵
  PID:7372
- C:\Windows\System\dFzCdBF.exe
  C:\Windows\System\dFzCdBF.exe
  2⤵
  PID:7392
- C:\Windows\System\sFvxEdg.exe
  C:\Windows\System\sFvxEdg.exe
  2⤵
  PID:7412
- C:\Windows\System\pOiVfgw.exe
  C:\Windows\System\pOiVfgw.exe
  2⤵
  PID:7432
- C:\Windows\System\GbYrtSk.exe
  C:\Windows\System\GbYrtSk.exe
  2⤵
  PID:7452
- C:\Windows\System\aBzLQIn.exe
  C:\Windows\System\aBzLQIn.exe
  2⤵
  PID:7472
- C:\Windows\System\frgakjk.exe
  C:\Windows\System\frgakjk.exe
  2⤵
  PID:7492
- C:\Windows\System\HSfhofE.exe
  C:\Windows\System\HSfhofE.exe
  2⤵
  PID:7512
- C:\Windows\System\plYMqgA.exe
  C:\Windows\System\plYMqgA.exe
  2⤵
  PID:7532
- C:\Windows\System\jywRfvO.exe
  C:\Windows\System\jywRfvO.exe
  2⤵
  PID:7552
- C:\Windows\System\FmMqexc.exe
  C:\Windows\System\FmMqexc.exe
  2⤵
  PID:7572
- C:\Windows\System\OZGXJOk.exe
  C:\Windows\System\OZGXJOk.exe
  2⤵
  PID:7592
- C:\Windows\System\pHJJJcC.exe
  C:\Windows\System\pHJJJcC.exe
  2⤵
  PID:7612
- C:\Windows\System\bfVwMwe.exe
  C:\Windows\System\bfVwMwe.exe
  2⤵
  PID:7636
- C:\Windows\System\WrMOkNp.exe
  C:\Windows\System\WrMOkNp.exe
  2⤵
  PID:7656
- C:\Windows\System\RsCGSKN.exe
  C:\Windows\System\RsCGSKN.exe
  2⤵
  PID:7676
- C:\Windows\System\JaSnvGz.exe
  C:\Windows\System\JaSnvGz.exe
  2⤵
  PID:7704
- C:\Windows\System\ybeaUZP.exe
  C:\Windows\System\ybeaUZP.exe
  2⤵
  PID:7724
- C:\Windows\System\llrTpKO.exe
  C:\Windows\System\llrTpKO.exe
  2⤵
  PID:7748
- C:\Windows\System\oLlXdIU.exe
  C:\Windows\System\oLlXdIU.exe
  2⤵
  PID:7768
- C:\Windows\System\DsfUBQE.exe
  C:\Windows\System\DsfUBQE.exe
  2⤵
  PID:7788
- C:\Windows\System\nTLQXAB.exe
  C:\Windows\System\nTLQXAB.exe
  2⤵
  PID:7820
- C:\Windows\System\NOyPhyl.exe
  C:\Windows\System\NOyPhyl.exe
  2⤵
  PID:7840
- C:\Windows\System\nvCCsWO.exe
  C:\Windows\System\nvCCsWO.exe
  2⤵
  PID:7860
- C:\Windows\System\qDBsFJm.exe
  C:\Windows\System\qDBsFJm.exe
  2⤵
  PID:7876
- C:\Windows\System\YkElHAz.exe
  C:\Windows\System\YkElHAz.exe
  2⤵
  PID:7896
- C:\Windows\System\WHWoscO.exe
  C:\Windows\System\WHWoscO.exe
  2⤵
  PID:7912
- C:\Windows\System\fTWzSHR.exe
  C:\Windows\System\fTWzSHR.exe
  2⤵
  PID:7932
- C:\Windows\System\BiXlDsY.exe
  C:\Windows\System\BiXlDsY.exe
  2⤵
  PID:7948
- C:\Windows\System\vgEdGij.exe
  C:\Windows\System\vgEdGij.exe
  2⤵
  PID:7976
- C:\Windows\System\gkIHjRa.exe
  C:\Windows\System\gkIHjRa.exe
  2⤵
  PID:7992
- C:\Windows\System\MDhreoR.exe
  C:\Windows\System\MDhreoR.exe
  2⤵
  PID:8008
- C:\Windows\System\wKmmBHe.exe
  C:\Windows\System\wKmmBHe.exe
  2⤵
  PID:8024
- C:\Windows\System\WYrjtjJ.exe
  C:\Windows\System\WYrjtjJ.exe
  2⤵
  PID:8040
- C:\Windows\System\KWOYaUR.exe
  C:\Windows\System\KWOYaUR.exe
  2⤵
  PID:8056
- C:\Windows\System\gyNYCsL.exe
  C:\Windows\System\gyNYCsL.exe
  2⤵
  PID:8072
- C:\Windows\System\opXqprd.exe
  C:\Windows\System\opXqprd.exe
  2⤵
  PID:8096
- C:\Windows\System\gjNhACo.exe
  C:\Windows\System\gjNhACo.exe
  2⤵
  PID:8116
- C:\Windows\System\sauRRgT.exe
  C:\Windows\System\sauRRgT.exe
  2⤵
  PID:8140
- C:\Windows\System\LhTHQyb.exe
  C:\Windows\System\LhTHQyb.exe
  2⤵
  PID:8160
- C:\Windows\System\PSyGpkW.exe
  C:\Windows\System\PSyGpkW.exe
  2⤵
  PID:6272
- C:\Windows\System\vqHvtdo.exe
  C:\Windows\System\vqHvtdo.exe
  2⤵
  PID:6400
- C:\Windows\System\cuzsrcd.exe
  C:\Windows\System\cuzsrcd.exe
  2⤵
  PID:6572
- C:\Windows\System\OStiSSs.exe
  C:\Windows\System\OStiSSs.exe
  2⤵
  PID:6332
- C:\Windows\System\JWXghkm.exe
  C:\Windows\System\JWXghkm.exe
  2⤵
  PID:6752
- C:\Windows\System\mkOgxlX.exe
  C:\Windows\System\mkOgxlX.exe
  2⤵
  PID:2032
- C:\Windows\System\hvpYTwI.exe
  C:\Windows\System\hvpYTwI.exe
  2⤵
  PID:7152
- C:\Windows\System\FjWRpHj.exe
  C:\Windows\System\FjWRpHj.exe
  2⤵
  PID:3928
- C:\Windows\System\UZpZPkM.exe
  C:\Windows\System\UZpZPkM.exe
  2⤵
  PID:3932
- C:\Windows\System\ugucTFD.exe
  C:\Windows\System\ugucTFD.exe
  2⤵
  PID:1600
- C:\Windows\System\leuJbwS.exe
  C:\Windows\System\leuJbwS.exe
  2⤵
  PID:7224
- C:\Windows\System\zuNmCKW.exe
  C:\Windows\System\zuNmCKW.exe
  2⤵
  PID:7244
- C:\Windows\System\LQpBLre.exe
  C:\Windows\System\LQpBLre.exe
  2⤵
  PID:7264
- C:\Windows\System\kPPVdzC.exe
  C:\Windows\System\kPPVdzC.exe
  2⤵
  PID:444
- C:\Windows\System\BTyXqGx.exe
  C:\Windows\System\BTyXqGx.exe
  2⤵
  PID:7304
- C:\Windows\System\yCSzPUo.exe
  C:\Windows\System\yCSzPUo.exe
  2⤵
  PID:7324
- C:\Windows\System\gJCdjqO.exe
  C:\Windows\System\gJCdjqO.exe
  2⤵
  PID:7340
- C:\Windows\System\aXSCCPT.exe
  C:\Windows\System\aXSCCPT.exe
  2⤵
  PID:7356
- C:\Windows\System\xNzButn.exe
  C:\Windows\System\xNzButn.exe
  2⤵
  PID:7384
- C:\Windows\System\dKrVhcW.exe
  C:\Windows\System\dKrVhcW.exe
  2⤵
  PID:7468
- C:\Windows\System\kiloFYu.exe
  C:\Windows\System\kiloFYu.exe
  2⤵
  PID:1732
- C:\Windows\System\QNbPBax.exe
  C:\Windows\System\QNbPBax.exe
  2⤵
  PID:7540
- C:\Windows\System\CluvZky.exe
  C:\Windows\System\CluvZky.exe
  2⤵
  PID:7524
- C:\Windows\System\GHxebyN.exe
  C:\Windows\System\GHxebyN.exe
  2⤵
  PID:7560
- C:\Windows\System\tfHfbbz.exe
  C:\Windows\System\tfHfbbz.exe
  2⤵
  PID:2856
- C:\Windows\System\vgJXZKc.exe
  C:\Windows\System\vgJXZKc.exe
  2⤵
  PID:1768
- C:\Windows\System\EhxEikv.exe
  C:\Windows\System\EhxEikv.exe
  2⤵
  PID:7624
- C:\Windows\System\SbkjXDv.exe
  C:\Windows\System\SbkjXDv.exe
  2⤵
  PID:2036
- C:\Windows\System\LFxbKxG.exe
  C:\Windows\System\LFxbKxG.exe
  2⤵
  PID:7672
- C:\Windows\System\wZXqhbK.exe
  C:\Windows\System\wZXqhbK.exe
  2⤵
  PID:7648
- C:\Windows\System\maMkImc.exe
  C:\Windows\System\maMkImc.exe
  2⤵
  PID:624
- C:\Windows\System\YbySBbv.exe
  C:\Windows\System\YbySBbv.exe
  2⤵
  PID:7736
- C:\Windows\System\qrqfYLN.exe
  C:\Windows\System\qrqfYLN.exe
  2⤵
  PID:7796
- C:\Windows\System\EtyvrDT.exe
  C:\Windows\System\EtyvrDT.exe
  2⤵
  PID:7848
- C:\Windows\System\pLBbcwt.exe
  C:\Windows\System\pLBbcwt.exe
  2⤵
  PID:7888
- C:\Windows\System\RdfOjLo.exe
  C:\Windows\System\RdfOjLo.exe
  2⤵
  PID:7924
- C:\Windows\System\vBOJLOn.exe
  C:\Windows\System\vBOJLOn.exe
  2⤵
  PID:7872
- C:\Windows\System\XnlIQWH.exe
  C:\Windows\System\XnlIQWH.exe
  2⤵
  PID:2824
- C:\Windows\System\kjBSbCE.exe
  C:\Windows\System\kjBSbCE.exe
  2⤵
  PID:8004
- C:\Windows\System\BQgPLMk.exe
  C:\Windows\System\BQgPLMk.exe
  2⤵
  PID:8084
- C:\Windows\System\MBMOTSK.exe
  C:\Windows\System\MBMOTSK.exe
  2⤵
  PID:8128
- C:\Windows\System\cVowYDX.exe
  C:\Windows\System\cVowYDX.exe
  2⤵
  PID:8172
- C:\Windows\System\cvXmPhM.exe
  C:\Windows\System\cvXmPhM.exe
  2⤵
  PID:8188
- C:\Windows\System\UXhyVdd.exe
  C:\Windows\System\UXhyVdd.exe
  2⤵
  PID:7096
- C:\Windows\System\mBABsJS.exe
  C:\Windows\System\mBABsJS.exe
  2⤵
  PID:7216
- C:\Windows\System\LuBTvAK.exe
  C:\Windows\System\LuBTvAK.exe
  2⤵
  PID:7284
- C:\Windows\System\sYBEOQx.exe
  C:\Windows\System\sYBEOQx.exe
  2⤵
  PID:8064
- C:\Windows\System\flMEdes.exe
  C:\Windows\System\flMEdes.exe
  2⤵
  PID:8112
- C:\Windows\System\EtbmQQb.exe
  C:\Windows\System\EtbmQQb.exe
  2⤵
  PID:7320
- C:\Windows\System\DqyFpOt.exe
  C:\Windows\System\DqyFpOt.exe
  2⤵
  PID:7388
- C:\Windows\System\NkpHhJF.exe
  C:\Windows\System\NkpHhJF.exe
  2⤵
  PID:6500
- C:\Windows\System\MKQPKBv.exe
  C:\Windows\System\MKQPKBv.exe
  2⤵
  PID:6896
- C:\Windows\System\CZWcExD.exe
  C:\Windows\System\CZWcExD.exe
  2⤵
  PID:7184
- C:\Windows\System\FupIYtP.exe
  C:\Windows\System\FupIYtP.exe
  2⤵
  PID:7236
- C:\Windows\System\uAOkSQw.exe
  C:\Windows\System\uAOkSQw.exe
  2⤵
  PID:7500
- C:\Windows\System\SvtYCWP.exe
  C:\Windows\System\SvtYCWP.exe
  2⤵
  PID:2904
- C:\Windows\System\ZrteUcb.exe
  C:\Windows\System\ZrteUcb.exe
  2⤵
  PID:7620
- C:\Windows\System\bxyvdlH.exe
  C:\Windows\System\bxyvdlH.exe
  2⤵
  PID:7600
- C:\Windows\System\mQYtOlk.exe
  C:\Windows\System\mQYtOlk.exe
  2⤵
  PID:2512
- C:\Windows\System\wsVHzZd.exe
  C:\Windows\System\wsVHzZd.exe
  2⤵
  PID:7696
- C:\Windows\System\etWkHBy.exe
  C:\Windows\System\etWkHBy.exe
  2⤵
  PID:2320
- C:\Windows\System\MeqGgph.exe
  C:\Windows\System\MeqGgph.exe
  2⤵
  PID:2436
- C:\Windows\System\JnOGhvt.exe
  C:\Windows\System\JnOGhvt.exe
  2⤵
  PID:7764
- C:\Windows\System\xsZLvZe.exe
  C:\Windows\System\xsZLvZe.exe
  2⤵
  PID:7964
- C:\Windows\System\gsSiHJj.exe
  C:\Windows\System\gsSiHJj.exe
  2⤵
  PID:7988
- C:\Windows\System\iykrPPG.exe
  C:\Windows\System\iykrPPG.exe
  2⤵
  PID:7836
- C:\Windows\System\zeONJfP.exe
  C:\Windows\System\zeONJfP.exe
  2⤵
  PID:8052
- C:\Windows\System\ywbdzjy.exe
  C:\Windows\System\ywbdzjy.exe
  2⤵
  PID:8184
- C:\Windows\System\eLmtbqp.exe
  C:\Windows\System\eLmtbqp.exe
  2⤵
  PID:8152
- C:\Windows\System\WYEOlkU.exe
  C:\Windows\System\WYEOlkU.exe
  2⤵
  PID:7200
- C:\Windows\System\nosFAmD.exe
  C:\Windows\System\nosFAmD.exe
  2⤵
  PID:8168
- C:\Windows\System\YexClih.exe
  C:\Windows\System\YexClih.exe
  2⤵
  PID:1968
- C:\Windows\System\VSnXWrU.exe
  C:\Windows\System\VSnXWrU.exe
  2⤵
  PID:1028
- C:\Windows\System\HFSxHUY.exe
  C:\Windows\System\HFSxHUY.exe
  2⤵
  PID:7220
- C:\Windows\System\ClOKCFM.exe
  C:\Windows\System\ClOKCFM.exe
  2⤵
  PID:1628
- C:\Windows\System\fXjPiFb.exe
  C:\Windows\System\fXjPiFb.exe
  2⤵
  PID:7444
- C:\Windows\System\uMBobvF.exe
  C:\Windows\System\uMBobvF.exe
  2⤵
  PID:536
- C:\Windows\System\yYNXsXR.exe
  C:\Windows\System\yYNXsXR.exe
  2⤵
  PID:1932
- C:\Windows\System\WZNeKMD.exe
  C:\Windows\System\WZNeKMD.exe
  2⤵
  PID:7720
- C:\Windows\System\XqMbqPm.exe
  C:\Windows\System\XqMbqPm.exe
  2⤵
  PID:7884
- C:\Windows\System\yUGQTGb.exe
  C:\Windows\System\yUGQTGb.exe
  2⤵
  PID:7908
- C:\Windows\System\ivIcuod.exe
  C:\Windows\System\ivIcuod.exe
  2⤵
  PID:7784
- C:\Windows\System\quIIXns.exe
  C:\Windows\System\quIIXns.exe
  2⤵
  PID:7944
- C:\Windows\System\rLaBlOV.exe
  C:\Windows\System\rLaBlOV.exe
  2⤵
  PID:7196
- C:\Windows\System\vANcyqX.exe
  C:\Windows\System\vANcyqX.exe
  2⤵
  PID:6312
- C:\Windows\System\XEzPsfk.exe
  C:\Windows\System\XEzPsfk.exe
  2⤵
  PID:8020
- C:\Windows\System\HKbxmsf.exe
  C:\Windows\System\HKbxmsf.exe
  2⤵
  PID:7960
- C:\Windows\System\DLaTWUt.exe
  C:\Windows\System\DLaTWUt.exe
  2⤵
  PID:6700
- C:\Windows\System\YjeeATx.exe
  C:\Windows\System\YjeeATx.exe
  2⤵
  PID:7424
- C:\Windows\System\ORmAgcg.exe
  C:\Windows\System\ORmAgcg.exe
  2⤵
  PID:7520
- C:\Windows\System\NpyzDAq.exe
  C:\Windows\System\NpyzDAq.exe
  2⤵
  PID:7480
- C:\Windows\System\aFSTYSU.exe
  C:\Windows\System\aFSTYSU.exe
  2⤵
  PID:7712
- C:\Windows\System\BXouils.exe
  C:\Windows\System\BXouils.exe
  2⤵
  PID:7920
- C:\Windows\System\unkLUiY.exe
  C:\Windows\System\unkLUiY.exe
  2⤵
  PID:8208
- C:\Windows\System\VtcwaRL.exe
  C:\Windows\System\VtcwaRL.exe
  2⤵
  PID:8224
- C:\Windows\System\OzoECce.exe
  C:\Windows\System\OzoECce.exe
  2⤵
  PID:8240
- C:\Windows\System\TBVUPqs.exe
  C:\Windows\System\TBVUPqs.exe
  2⤵
  PID:8256
- C:\Windows\System\HOqNfId.exe
  C:\Windows\System\HOqNfId.exe
  2⤵
  PID:8272
- C:\Windows\System\LedvivO.exe
  C:\Windows\System\LedvivO.exe
  2⤵
  PID:8288
- C:\Windows\System\PnlwrYn.exe
  C:\Windows\System\PnlwrYn.exe
  2⤵
  PID:8304
- C:\Windows\System\bBqGNdY.exe
  C:\Windows\System\bBqGNdY.exe
  2⤵
  PID:8320
- C:\Windows\System\XvRrZue.exe
  C:\Windows\System\XvRrZue.exe
  2⤵
  PID:8336
- C:\Windows\System\XRyvBGC.exe
  C:\Windows\System\XRyvBGC.exe
  2⤵
  PID:8352
- C:\Windows\System\ajZBrsg.exe
  C:\Windows\System\ajZBrsg.exe
  2⤵
  PID:8368
- C:\Windows\System\nlmYxRn.exe
  C:\Windows\System\nlmYxRn.exe
  2⤵
  PID:8384
- C:\Windows\System\wJwhUqv.exe
  C:\Windows\System\wJwhUqv.exe
  2⤵
  PID:8400
- C:\Windows\System\tIKtoNu.exe
  C:\Windows\System\tIKtoNu.exe
  2⤵
  PID:8416
- C:\Windows\System\fhiUCOh.exe
  C:\Windows\System\fhiUCOh.exe
  2⤵
  PID:8436
- C:\Windows\System\VKsSast.exe
  C:\Windows\System\VKsSast.exe
  2⤵
  PID:8452
- C:\Windows\System\nKHZYLi.exe
  C:\Windows\System\nKHZYLi.exe
  2⤵
  PID:8468
- C:\Windows\System\PEITAFz.exe
  C:\Windows\System\PEITAFz.exe
  2⤵
  PID:8484
- C:\Windows\System\ZXxRyXG.exe
  C:\Windows\System\ZXxRyXG.exe
  2⤵
  PID:8500
- C:\Windows\System\CRyvNmA.exe
  C:\Windows\System\CRyvNmA.exe
  2⤵
  PID:8516
- C:\Windows\System\vYfBiGo.exe
  C:\Windows\System\vYfBiGo.exe
  2⤵
  PID:8532
- C:\Windows\System\VQPnuXg.exe
  C:\Windows\System\VQPnuXg.exe
  2⤵
  PID:8548
- C:\Windows\System\IlHOUTc.exe
  C:\Windows\System\IlHOUTc.exe
  2⤵
  PID:8564
- C:\Windows\System\UOsTVvz.exe
  C:\Windows\System\UOsTVvz.exe
  2⤵
  PID:8580
- C:\Windows\System\EiAwZnF.exe
  C:\Windows\System\EiAwZnF.exe
  2⤵
  PID:8596
- C:\Windows\System\XBJjbGU.exe
  C:\Windows\System\XBJjbGU.exe
  2⤵
  PID:8612
- C:\Windows\System\STnUBwx.exe
  C:\Windows\System\STnUBwx.exe
  2⤵
  PID:8628
- C:\Windows\System\GKBgowq.exe
  C:\Windows\System\GKBgowq.exe
  2⤵
  PID:8644
- C:\Windows\System\JXlIMzt.exe
  C:\Windows\System\JXlIMzt.exe
  2⤵
  PID:8660
- C:\Windows\System\tdbmVTE.exe
  C:\Windows\System\tdbmVTE.exe
  2⤵
  PID:8676
- C:\Windows\System\UDSkKyC.exe
  C:\Windows\System\UDSkKyC.exe
  2⤵
  PID:8692
- C:\Windows\System\FDJFJTp.exe
  C:\Windows\System\FDJFJTp.exe
  2⤵
  PID:8708
- C:\Windows\System\AOvqmHY.exe
  C:\Windows\System\AOvqmHY.exe
  2⤵
  PID:8724
- C:\Windows\System\SlWFdyJ.exe
  C:\Windows\System\SlWFdyJ.exe
  2⤵
  PID:8740
- C:\Windows\System\QdPyeYp.exe
  C:\Windows\System\QdPyeYp.exe
  2⤵
  PID:8756
- C:\Windows\System\pXvYExR.exe
  C:\Windows\System\pXvYExR.exe
  2⤵
  PID:8772
- C:\Windows\System\ahUrMLA.exe
  C:\Windows\System\ahUrMLA.exe
  2⤵
  PID:8788
- C:\Windows\System\HhTxnfP.exe
  C:\Windows\System\HhTxnfP.exe
  2⤵
  PID:8804
- C:\Windows\System\KgdyljC.exe
  C:\Windows\System\KgdyljC.exe
  2⤵
  PID:8820
- C:\Windows\System\dDDNomp.exe
  C:\Windows\System\dDDNomp.exe
  2⤵
  PID:8840
- C:\Windows\System\BhbRHeb.exe
  C:\Windows\System\BhbRHeb.exe
  2⤵
  PID:8856
- C:\Windows\System\qyPwWIw.exe
  C:\Windows\System\qyPwWIw.exe
  2⤵
  PID:8872
- C:\Windows\System\AFbUFmr.exe
  C:\Windows\System\AFbUFmr.exe
  2⤵
  PID:8892
- C:\Windows\System\FRVcCSr.exe
  C:\Windows\System\FRVcCSr.exe
  2⤵
  PID:8908
- C:\Windows\System\KFQzDPf.exe
  C:\Windows\System\KFQzDPf.exe
  2⤵
  PID:8924
- C:\Windows\System\AEEjVsK.exe
  C:\Windows\System\AEEjVsK.exe
  2⤵
  PID:8940
- C:\Windows\System\mRSpUPi.exe
  C:\Windows\System\mRSpUPi.exe
  2⤵
  PID:8976
- C:\Windows\System\TWkUHAU.exe
  C:\Windows\System\TWkUHAU.exe
  2⤵
  PID:9108
- C:\Windows\System\QrrksBi.exe
  C:\Windows\System\QrrksBi.exe
  2⤵
  PID:9124
- C:\Windows\System\TztofVv.exe
  C:\Windows\System\TztofVv.exe
  2⤵
  PID:9144
- C:\Windows\System\edkiESU.exe
  C:\Windows\System\edkiESU.exe
  2⤵
  PID:9176
- C:\Windows\System\XFryJyq.exe
  C:\Windows\System\XFryJyq.exe
  2⤵
  PID:5016
- C:\Windows\System\PWgGZON.exe
  C:\Windows\System\PWgGZON.exe
  2⤵
  PID:8108
- C:\Windows\System\NiPXzSZ.exe
  C:\Windows\System\NiPXzSZ.exe
  2⤵
  PID:7360
- C:\Windows\System\dlBKxLD.exe
  C:\Windows\System\dlBKxLD.exe
  2⤵
  PID:7484
- C:\Windows\System\oKIfzdN.exe
  C:\Windows\System\oKIfzdN.exe
  2⤵
  PID:8204
- C:\Windows\System\VkUYdfe.exe
  C:\Windows\System\VkUYdfe.exe
  2⤵
  PID:8280
- C:\Windows\System\MTAFXYr.exe
  C:\Windows\System\MTAFXYr.exe
  2⤵
  PID:8284
- C:\Windows\System\mrZgBjN.exe
  C:\Windows\System\mrZgBjN.exe
  2⤵
  PID:8360
- C:\Windows\System\akxvQSe.exe
  C:\Windows\System\akxvQSe.exe
  2⤵
  PID:8432
- C:\Windows\System\fiahvfV.exe
  C:\Windows\System\fiahvfV.exe
  2⤵
  PID:8424
- C:\Windows\System\VbFekoa.exe
  C:\Windows\System\VbFekoa.exe
  2⤵
  PID:8376
- C:\Windows\System\CdxpocI.exe
  C:\Windows\System\CdxpocI.exe
  2⤵
  PID:8444
- C:\Windows\System\NLpiCbK.exe
  C:\Windows\System\NLpiCbK.exe
  2⤵
  PID:8316
- C:\Windows\System\EKGKdsV.exe
  C:\Windows\System\EKGKdsV.exe
  2⤵
  PID:8480
- C:\Windows\System\kKlaiao.exe
  C:\Windows\System\kKlaiao.exe
  2⤵
  PID:8544
- C:\Windows\System\napSzWt.exe
  C:\Windows\System\napSzWt.exe
  2⤵
  PID:8608
- C:\Windows\System\vtcDIDa.exe
  C:\Windows\System\vtcDIDa.exe
  2⤵
  PID:8624
- C:\Windows\System\oHNbmHn.exe
  C:\Windows\System\oHNbmHn.exe
  2⤵
  PID:8560
- C:\Windows\System\SNczvXH.exe
  C:\Windows\System\SNczvXH.exe
  2⤵
  PID:8748
- C:\Windows\System\ERfBUIh.exe
  C:\Windows\System\ERfBUIh.exe
  2⤵
  PID:8592
- C:\Windows\System\YltOalW.exe
  C:\Windows\System\YltOalW.exe
  2⤵
  PID:8704
- C:\Windows\System\yJaUHON.exe
  C:\Windows\System\yJaUHON.exe
  2⤵
  PID:8768
- C:\Windows\System\MYnfsNi.exe
  C:\Windows\System\MYnfsNi.exe
  2⤵
  PID:8784
- C:\Windows\System\dpwTXgB.exe
  C:\Windows\System\dpwTXgB.exe
  2⤵
  PID:8864
- C:\Windows\System\dCVsBng.exe
  C:\Windows\System\dCVsBng.exe
  2⤵
  PID:8920
- C:\Windows\System\ZAoPwPo.exe
  C:\Windows\System\ZAoPwPo.exe
  2⤵
  PID:8972
- C:\Windows\System\UAwgJmR.exe
  C:\Windows\System\UAwgJmR.exe
  2⤵
  PID:9004
- C:\Windows\System\KAHcMVA.exe
  C:\Windows\System\KAHcMVA.exe
  2⤵
  PID:9012
- C:\Windows\System\fSOoTHZ.exe
  C:\Windows\System\fSOoTHZ.exe
  2⤵
  PID:9028
- C:\Windows\System\XbOAHCM.exe
  C:\Windows\System\XbOAHCM.exe
  2⤵
  PID:9064
- C:\Windows\System\SNwzAmI.exe
  C:\Windows\System\SNwzAmI.exe
  2⤵
  PID:9152
- C:\Windows\System\dgQrSlZ.exe
  C:\Windows\System\dgQrSlZ.exe
  2⤵
  PID:9164
- C:\Windows\System\vyperfS.exe
  C:\Windows\System\vyperfS.exe
  2⤵
  PID:9192
- C:\Windows\System\moLRnSv.exe
  C:\Windows\System\moLRnSv.exe
  2⤵
  PID:1260
- C:\Windows\System\XTLeyzs.exe
  C:\Windows\System\XTLeyzs.exe
  2⤵
  PID:7420
- C:\Windows\System\neHKcIz.exe
  C:\Windows\System\neHKcIz.exe
  2⤵
  PID:7816
- C:\Windows\System\AzondHj.exe
  C:\Windows\System\AzondHj.exe
  2⤵
  PID:8180
- C:\Windows\System\aHHPjFK.exe
  C:\Windows\System\aHHPjFK.exe
  2⤵
  PID:8328
- C:\Windows\System\QQRESjU.exe
  C:\Windows\System\QQRESjU.exe
  2⤵
  PID:8396
- C:\Windows\System\fyQRvsj.exe
  C:\Windows\System\fyQRvsj.exe
  2⤵
  PID:7684
- C:\Windows\System\WlFcWrk.exe
  C:\Windows\System\WlFcWrk.exe
  2⤵
  PID:8604
- C:\Windows\System\JXyReGo.exe
  C:\Windows\System\JXyReGo.exe
  2⤵
  PID:8736
- C:\Windows\System\hFOnQjc.exe
  C:\Windows\System\hFOnQjc.exe
  2⤵
  PID:8268
- C:\Windows\System\ALAgeBG.exe
  C:\Windows\System\ALAgeBG.exe
  2⤵
  PID:8848
- C:\Windows\System\WhSDfvY.exe
  C:\Windows\System\WhSDfvY.exe
  2⤵
  PID:8464
- C:\Windows\System\sDhYtoC.exe
  C:\Windows\System\sDhYtoC.exe
  2⤵
  PID:8524
- C:\Windows\System\vULnQLQ.exe
  C:\Windows\System\vULnQLQ.exe
  2⤵
  PID:8836
- C:\Windows\System\lanyMtN.exe
  C:\Windows\System\lanyMtN.exe
  2⤵
  PID:8904
- C:\Windows\System\ZHsAlsr.exe
  C:\Windows\System\ZHsAlsr.exe
  2⤵
  PID:8968
- C:\Windows\System\zQyAFsK.exe
  C:\Windows\System\zQyAFsK.exe
  2⤵
  PID:8780
- C:\Windows\System\BDvZwQb.exe
  C:\Windows\System\BDvZwQb.exe
  2⤵
  PID:8996
- C:\Windows\System\WVMxlzd.exe
  C:\Windows\System\WVMxlzd.exe
  2⤵
  PID:7176
- C:\Windows\System\JLjhCjt.exe
  C:\Windows\System\JLjhCjt.exe
  2⤵
  PID:9160
- C:\Windows\System\VHuLeDI.exe
  C:\Windows\System\VHuLeDI.exe
  2⤵
  PID:8036
- C:\Windows\System\DWnpGVw.exe
  C:\Windows\System\DWnpGVw.exe
  2⤵
  PID:9188
- C:\Windows\System\yefikKK.exe
  C:\Windows\System\yefikKK.exe
  2⤵
  PID:7408
- C:\Windows\System\yElLpcp.exe
  C:\Windows\System\yElLpcp.exe
  2⤵
  PID:9048
- C:\Windows\System\eYIpbYy.exe
  C:\Windows\System\eYIpbYy.exe
  2⤵
  PID:1084
- C:\Windows\System\bWqMcse.exe
  C:\Windows\System\bWqMcse.exe
  2⤵
  PID:8888
- C:\Windows\System\kcOqzoE.exe
  C:\Windows\System\kcOqzoE.exe
  2⤵
  PID:8828
- C:\Windows\System\FkibSqA.exe
  C:\Windows\System\FkibSqA.exe
  2⤵
  PID:8700
- C:\Windows\System\ximiWjq.exe
  C:\Windows\System\ximiWjq.exe
  2⤵
  PID:8252
- C:\Windows\System\EaRkWll.exe
  C:\Windows\System\EaRkWll.exe
  2⤵
  PID:8752
- C:\Windows\System\CvGuvHg.exe
  C:\Windows\System\CvGuvHg.exe
  2⤵
  PID:9008
- C:\Windows\System\cWFWsBo.exe
  C:\Windows\System\cWFWsBo.exe
  2⤵
  PID:9052
- C:\Windows\System\CEwkAit.exe
  C:\Windows\System\CEwkAit.exe
  2⤵
  PID:9092
- C:\Windows\System\yFUDjKX.exe
  C:\Windows\System\yFUDjKX.exe
  2⤵
  PID:9068
- C:\Windows\System\ykBKUcD.exe
  C:\Windows\System\ykBKUcD.exe
  2⤵
  PID:7544
- C:\Windows\System\zWiCTlc.exe
  C:\Windows\System\zWiCTlc.exe
  2⤵
  PID:9184
- C:\Windows\System\HBpYQKq.exe
  C:\Windows\System\HBpYQKq.exe
  2⤵
  PID:8216
- C:\Windows\System\tauYWDi.exe
  C:\Windows\System\tauYWDi.exe
  2⤵
  PID:8576
- C:\Windows\System\eBLdjfW.exe
  C:\Windows\System\eBLdjfW.exe
  2⤵
  PID:8588
- C:\Windows\System\hqumIZR.exe
  C:\Windows\System\hqumIZR.exe
  2⤵
  PID:8992
- C:\Windows\System\iewiFLa.exe
  C:\Windows\System\iewiFLa.exe
  2⤵
  PID:9088
- C:\Windows\System\SBnBhKe.exe
  C:\Windows\System\SBnBhKe.exe
  2⤵
  PID:9104
- C:\Windows\System\ChhFcRr.exe
  C:\Windows\System\ChhFcRr.exe
  2⤵
  PID:9172
- C:\Windows\System\TOaVZJZ.exe
  C:\Windows\System\TOaVZJZ.exe
  2⤵
  PID:2100
- C:\Windows\System\ttYjvYc.exe
  C:\Windows\System\ttYjvYc.exe
  2⤵
  PID:8512
- C:\Windows\System\WUODnfh.exe
  C:\Windows\System\WUODnfh.exe
  2⤵
  PID:9044
- C:\Windows\System\YIcHTVB.exe
  C:\Windows\System\YIcHTVB.exe
  2⤵
  PID:9072
- C:\Windows\System\vCDMbUn.exe
  C:\Windows\System\vCDMbUn.exe
  2⤵
  PID:8104
- C:\Windows\System\vzbFgSy.exe
  C:\Windows\System\vzbFgSy.exe
  2⤵
  PID:8684
- C:\Windows\System\LDxIQMF.exe
  C:\Windows\System\LDxIQMF.exe
  2⤵
  PID:9020
- C:\Windows\System\awSjfDF.exe
  C:\Windows\System\awSjfDF.exe
  2⤵
  PID:9132
- C:\Windows\System\XgOmfmJ.exe
  C:\Windows\System\XgOmfmJ.exe
  2⤵
  PID:8428
- C:\Windows\System\FjPXrRe.exe
  C:\Windows\System\FjPXrRe.exe
  2⤵
  PID:8900
- C:\Windows\System\ysFppfq.exe
  C:\Windows\System\ysFppfq.exe
  2⤵
  PID:8220
- C:\Windows\System\SiutSJC.exe
  C:\Windows\System\SiutSJC.exe
  2⤵
  PID:8476
- C:\Windows\System\PwJpWUm.exe
  C:\Windows\System\PwJpWUm.exe
  2⤵
  PID:9228
- C:\Windows\System\ILJNbYB.exe
  C:\Windows\System\ILJNbYB.exe
  2⤵
  PID:9252
- C:\Windows\System\NElvyxk.exe
  C:\Windows\System\NElvyxk.exe
  2⤵
  PID:9268
- C:\Windows\System\NHBFxwV.exe
  C:\Windows\System\NHBFxwV.exe
  2⤵
  PID:9288
- C:\Windows\System\eKnmdAC.exe
  C:\Windows\System\eKnmdAC.exe
  2⤵
  PID:9308
- C:\Windows\System\qppiYbh.exe
  C:\Windows\System\qppiYbh.exe
  2⤵
  PID:9332
- C:\Windows\System\UbcOaZg.exe
  C:\Windows\System\UbcOaZg.exe
  2⤵
  PID:9348
- C:\Windows\System\CLaROpg.exe
  C:\Windows\System\CLaROpg.exe
  2⤵
  PID:9372
- C:\Windows\System\kBlajHU.exe
  C:\Windows\System\kBlajHU.exe
  2⤵
  PID:9388
- C:\Windows\System\aUWWLso.exe
  C:\Windows\System\aUWWLso.exe
  2⤵
  PID:9412
- C:\Windows\System\uOOaqcI.exe
  C:\Windows\System\uOOaqcI.exe
  2⤵
  PID:9428
- C:\Windows\System\PkDVljl.exe
  C:\Windows\System\PkDVljl.exe
  2⤵
  PID:9452
- C:\Windows\System\JbHqpbX.exe
  C:\Windows\System\JbHqpbX.exe
  2⤵
  PID:9472
- C:\Windows\System\kFuLiaa.exe
  C:\Windows\System\kFuLiaa.exe
  2⤵
  PID:9496
- C:\Windows\System\ULhwKrS.exe
  C:\Windows\System\ULhwKrS.exe
  2⤵
  PID:9512
- C:\Windows\System\TojqhBm.exe
  C:\Windows\System\TojqhBm.exe
  2⤵
  PID:9536
- C:\Windows\System\SiFOSUd.exe
  C:\Windows\System\SiFOSUd.exe
  2⤵
  PID:9556
- C:\Windows\System\OGleRDE.exe
  C:\Windows\System\OGleRDE.exe
  2⤵
  PID:9576
- C:\Windows\System\zYbsLvM.exe
  C:\Windows\System\zYbsLvM.exe
  2⤵
  PID:9596
- C:\Windows\System\wEOBrgM.exe
  C:\Windows\System\wEOBrgM.exe
  2⤵
  PID:9612
- C:\Windows\System\lCRpAAf.exe
  C:\Windows\System\lCRpAAf.exe
  2⤵
  PID:9636
- C:\Windows\System\rZnYKwz.exe
  C:\Windows\System\rZnYKwz.exe
  2⤵
  PID:9652
- C:\Windows\System\zQZqUjO.exe
  C:\Windows\System\zQZqUjO.exe
  2⤵
  PID:9668
- C:\Windows\System\gpRqamS.exe
  C:\Windows\System\gpRqamS.exe
  2⤵
  PID:9684
- C:\Windows\System\MFintCL.exe
  C:\Windows\System\MFintCL.exe
  2⤵
  PID:9700
- C:\Windows\System\HVnIlWG.exe
  C:\Windows\System\HVnIlWG.exe
  2⤵
  PID:9716
- C:\Windows\System\hkmGZiv.exe
  C:\Windows\System\hkmGZiv.exe
  2⤵
  PID:9732
- C:\Windows\System\BHnCzpz.exe
  C:\Windows\System\BHnCzpz.exe
  2⤵
  PID:9748
- C:\Windows\System\fJeanAq.exe
  C:\Windows\System\fJeanAq.exe
  2⤵
  PID:9768
- C:\Windows\System\PqKwTUZ.exe
  C:\Windows\System\PqKwTUZ.exe
  2⤵
  PID:9784
- C:\Windows\System\ovbszVf.exe
  C:\Windows\System\ovbszVf.exe
  2⤵
  PID:9800
- C:\Windows\System\OLyUrJd.exe
  C:\Windows\System\OLyUrJd.exe
  2⤵
  PID:9816
- C:\Windows\System\WxNwkgJ.exe
  C:\Windows\System\WxNwkgJ.exe
  2⤵
  PID:9832
- C:\Windows\System\EOnfSWC.exe
  C:\Windows\System\EOnfSWC.exe
  2⤵
  PID:9848
- C:\Windows\System\UWpVvNl.exe
  C:\Windows\System\UWpVvNl.exe
  2⤵
  PID:9872
- C:\Windows\System\jJyBklN.exe
  C:\Windows\System\jJyBklN.exe
  2⤵
  PID:9892
- C:\Windows\System\poOPmVd.exe
  C:\Windows\System\poOPmVd.exe
  2⤵
  PID:9912
- C:\Windows\System\CLCDBIw.exe
  C:\Windows\System\CLCDBIw.exe
  2⤵
  PID:9980
- C:\Windows\System\UbeOOQe.exe
  C:\Windows\System\UbeOOQe.exe
  2⤵
  PID:10000
- C:\Windows\System\wFDWVlL.exe
  C:\Windows\System\wFDWVlL.exe
  2⤵
  PID:10016
- C:\Windows\System\JhDwhnB.exe
  C:\Windows\System\JhDwhnB.exe
  2⤵
  PID:10032
- C:\Windows\System\rlROGmN.exe
  C:\Windows\System\rlROGmN.exe
  2⤵
  PID:10048
- C:\Windows\System\QnFKLfe.exe
  C:\Windows\System\QnFKLfe.exe
  2⤵
  PID:10064
- C:\Windows\System\EoxUYPj.exe
  C:\Windows\System\EoxUYPj.exe
  2⤵
  PID:10080
- C:\Windows\System\PRqWDWP.exe
  C:\Windows\System\PRqWDWP.exe
  2⤵
  PID:10096
- C:\Windows\System\hUPBtYJ.exe
  C:\Windows\System\hUPBtYJ.exe
  2⤵
  PID:10112
- C:\Windows\System\RSlMbMT.exe
  C:\Windows\System\RSlMbMT.exe
  2⤵
  PID:10128
- C:\Windows\System\QvQGlYI.exe
  C:\Windows\System\QvQGlYI.exe
  2⤵
  PID:10144
- C:\Windows\System\uRLkbKv.exe
  C:\Windows\System\uRLkbKv.exe
  2⤵
  PID:10160
- C:\Windows\System\CMVDcss.exe
  C:\Windows\System\CMVDcss.exe
  2⤵
  PID:10176
- C:\Windows\System\wBvAqSn.exe
  C:\Windows\System\wBvAqSn.exe
  2⤵
  PID:10192
- C:\Windows\System\BDhPbhU.exe
  C:\Windows\System\BDhPbhU.exe
  2⤵
  PID:10208
- C:\Windows\System\ihwlMdx.exe
  C:\Windows\System\ihwlMdx.exe
  2⤵
  PID:10232
- C:\Windows\System\GOrKPYW.exe
  C:\Windows\System\GOrKPYW.exe
  2⤵
  PID:9320
- C:\Windows\System\wOMpGHj.exe
  C:\Windows\System\wOMpGHj.exe
  2⤵
  PID:9356
- C:\Windows\System\EtWNfFm.exe
  C:\Windows\System\EtWNfFm.exe
  2⤵
  PID:9364
- C:\Windows\System\OoUcPHL.exe
  C:\Windows\System\OoUcPHL.exe
  2⤵
  PID:9208
- C:\Windows\System\PiDErbO.exe
  C:\Windows\System\PiDErbO.exe
  2⤵
  PID:9440
- C:\Windows\System\qPBABfc.exe
  C:\Windows\System\qPBABfc.exe
  2⤵
  PID:9468
- C:\Windows\System\vdWLbtE.exe
  C:\Windows\System\vdWLbtE.exe
  2⤵
  PID:9492
- C:\Windows\System\UqubcpM.exe
  C:\Windows\System\UqubcpM.exe
  2⤵
  PID:9532
- C:\Windows\System\IHhEJnt.exe
  C:\Windows\System\IHhEJnt.exe
  2⤵
  PID:9548
- C:\Windows\System\TRUtTds.exe
  C:\Windows\System\TRUtTds.exe
  2⤵
  PID:9572
- C:\Windows\System\UaWXdso.exe
  C:\Windows\System\UaWXdso.exe
  2⤵
  PID:9608
- C:\Windows\System\NURdRgU.exe
  C:\Windows\System\NURdRgU.exe
  2⤵
  PID:9632
- C:\Windows\System\BVmDGrX.exe
  C:\Windows\System\BVmDGrX.exe
  2⤵
  PID:9696
- C:\Windows\System\HqMjnYp.exe
  C:\Windows\System\HqMjnYp.exe
  2⤵
  PID:9824
- C:\Windows\System\fQYhayt.exe
  C:\Windows\System\fQYhayt.exe
  2⤵
  PID:9864
- C:\Windows\System\fcLYBqX.exe
  C:\Windows\System\fcLYBqX.exe
  2⤵
  PID:9904
- C:\Windows\System\hQFOycx.exe
  C:\Windows\System\hQFOycx.exe
  2⤵
  PID:9712
- C:\Windows\System\uyFrZcT.exe
  C:\Windows\System\uyFrZcT.exe
  2⤵
  PID:9744
- C:\Windows\System\lOWjiBA.exe
  C:\Windows\System\lOWjiBA.exe
  2⤵
  PID:9936
- C:\Windows\System\MkixZLw.exe
  C:\Windows\System\MkixZLw.exe
  2⤵
  PID:9956
- C:\Windows\System\fbrCwDF.exe
  C:\Windows\System\fbrCwDF.exe
  2⤵
  PID:9976
- C:\Windows\System\HzgVait.exe
  C:\Windows\System\HzgVait.exe
  2⤵
  PID:10024
- C:\Windows\System\BKgCYSV.exe
  C:\Windows\System\BKgCYSV.exe
  2⤵
  PID:10088
- C:\Windows\System\hqoGERV.exe
  C:\Windows\System\hqoGERV.exe
  2⤵
  PID:10152
- C:\Windows\System\KUfmARo.exe
  C:\Windows\System\KUfmARo.exe
  2⤵
  PID:10188
- C:\Windows\System\sEGxbiG.exe
  C:\Windows\System\sEGxbiG.exe
  2⤵
  PID:10228
- C:\Windows\System\XticTby.exe
  C:\Windows\System\XticTby.exe
  2⤵
  PID:10044
- C:\Windows\System\GInbrCM.exe
  C:\Windows\System\GInbrCM.exe
  2⤵
  PID:10108
- C:\Windows\System\phnIqhs.exe
  C:\Windows\System\phnIqhs.exe
  2⤵
  PID:10204
- C:\Windows\System\ainStRe.exe
  C:\Windows\System\ainStRe.exe
  2⤵
  PID:9220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CAACIXT.exe

Filesize
6.0MB

MD5
6fb0909ac6be1169c775cf9e2e94f83e

SHA1
0c47a83ccd77dba588b08ae1f8f2849723b57c2c

SHA256
b1b7b1e5270e50b57fc44048eeba47bd809492e2b858f266827ecf8ddce8a304

SHA512
a52543763d9618cf314c49c276b98903239cd3a9bb0783caa54576a02c7f12dbcf5fea8050974db830ec1f4babe2b9799b9fba01f2cbad8e89860bceb695c54a

Download Submit
C:\Windows\system\HBLzUCp.exe

Filesize
6.0MB

MD5
aa9564431c62560edeb18521b828a07d

SHA1
fba800a870bed3861cdec01fc24e5144d5db56c2

SHA256
e7c819c9670793b33d73a8c5319c47360f8bb74929c110587e5488ac568d0dd2

SHA512
05ccac175311ae2dc0c3db4e05368167331be68d6b97e5fd71b9646507745ed97275f5ef3a78f8319b49c7d24e1d3d7bdb756a295c7e50bf142674e3ca674f07

Download Submit
C:\Windows\system\LvrWdkw.exe

Filesize
6.0MB

MD5
c3776350697b839ba79a3ba1f2fcef9f

SHA1
c8625f41e7c7c711d25cc706b2e257539a6523e8

SHA256
efb96fb5271a1bd4f4a9f0e62275206b9c4406b9ce37d3b81e7c07f66d3fc12c

SHA512
ea1f5a61e8c7b30934f96159af85faf61c5e5b44141bdf535d65f8fb20b6401d8b325a5e5477917e40e27c5c925de07814e09a59e32cca3a28088f801dc2ac71

Download Submit
C:\Windows\system\LyMhHLE.exe

Filesize
6.0MB

MD5
4f37b89df209ba664ff2edd45d02bacb

SHA1
a30cc1c63aa49297510781494805788312472dd2

SHA256
d91eb456aea34c0f8693612281fb1bce69fbe9006f23c1dc0f80b7f8f4de1535

SHA512
4e193463691a635cce9a7da03da745f35627f2d661a521491887f19e29c35587d3b10707f199cecd07652c947d8a45e22cb1a7db53cbdd46f0635a3d60ba27a8

Download Submit
C:\Windows\system\RVhLFwi.exe

Filesize
6.0MB

MD5
3dcc043a5255be1b9b0510a3eb8b38ce

SHA1
e5ca370f979cad1e708b2ac3642033cf2b0bf2e8

SHA256
008b37fd03fd987b6bb656bf63822829362911473de3e8b49e7820430aa466a6

SHA512
f6ed26e4f9d49db830b98cb7e10d19f73fcf803c051678de99a297b5ec73546725712bac65258698d06c09b8989a5acc9729d8acfa4b2c7035c17b40b81f246a

Download Submit
C:\Windows\system\TGroXDa.exe

Filesize
6.0MB

MD5
2ae17d2f2668d56e5a8e9c742076b6b7

SHA1
ecfd2e67b1399ae21189551062e423f0aee2dfd1

SHA256
67900140f59890865b2a522f58dc792b191b0d3e558fde7fe8bf9bdac47eac96

SHA512
2a2067bd810118320727a90bd6fc12d5e4b7856f493e3d1b7ed77d92ed70aa99590cad71088e3b48516a9ca15d2302c4f117474de24eeda4b7c1cd48c7a553a9

Download Submit
C:\Windows\system\UOBdfnP.exe

Filesize
6.0MB

MD5
d0ae5ae49b9f8d7ae1ba347ae97771c9

SHA1
9dc3fd1a69666d98d9f326f1d24c4e10653ab372

SHA256
b7822fd7af622b1fc96be6e6b000b38bceec8b15703b9f528f238a29c0e7c61b

SHA512
b7bad3fbc1e76cb4273171cab8992f94e7c12b28e8e46c301d8bc20f2a2f75bda8eca52897b0ad3c66ca823ac54806327c56166740ddacba256c31f157bdb854

Download Submit
C:\Windows\system\VgtvcYg.exe

Filesize
6.0MB

MD5
7d864616056fe0d25e686d9f723728d9

SHA1
07348338f933c5572ae901fb4e9a39f83a5f3707

SHA256
91c3e66fbfc21fb408c77f2202e3921008e58ab2dff0a7adc99488c296b66c79

SHA512
86e7831eb09f8ff7899c19b548a17898d19e7e7437773cc92edd9ee78194ff46a0a9855a26884fe77c5b1eade446c6421b57cb664df93baa4ab83e798d0a3701

Download Submit
C:\Windows\system\ceMasdp.exe

Filesize
6.0MB

MD5
034649da36a0e2fd96c61c4d7c083808

SHA1
2fb107c4cd4db06fc29c6197df305a1fdf1a94e9

SHA256
1d0be5beb3c20411a49815d325ee9729bf6ad31fa124fbcd3caf5ea221937a9d

SHA512
7a9045e3b8fff189ed5f8e92a261bb7ff8a438e01186c1b9b8a50dc3aa9ab922cccb00871614b59a8b0f69e81062a61e2f2b78b3db45803382eff3d73f86cf6f

Download Submit
C:\Windows\system\cgJqGfq.exe

Filesize
6.0MB

MD5
8e82e64928fd499a1513b0306202b4ba

SHA1
a5199f5e6883d9a04fbd06eac01eacd638670e71

SHA256
a4f17fd8d2a69a5bcfcf93c6da9e6ab9ab4b2a75ae1e6891caf39f67e37bed82

SHA512
765ed0b0872384bb5dc9198a4e01d47665854f5a2ccabe012d305495b14e162990b74e016e0c9d8c8181cf39c0731c8c015d7fe003f98a686f9ccaf62b58acfd

Download Submit
C:\Windows\system\ddRPZyl.exe

Filesize
6.0MB

MD5
725a058d0352fdc3e4d90f563cc0db85

SHA1
d8f474de903c997faf62284127af57083d3effb6

SHA256
a7b26f0e0bcfd32e3df9eade19a1e9422f6d869e81f25814cc2712c2fb114405

SHA512
bae31fab534c14b1bb533d45a7ae3b7ee866bf72a9aeb6b2ec271b611356e4a15c6335faf067904670c1bed59d36dc70ac4c5341b4d8a9dfa2c6168e8e18bed1

Download Submit
C:\Windows\system\dwkXVXR.exe

Filesize
6.0MB

MD5
f18cbac14af7fa7ca70a80a3c133b32d

SHA1
3dd979ce9a9f3cd51c8ccb730a071658168c1df8

SHA256
9d5d6734a9fc31a4535e47a8a5cd544a74816c3c46e6ff9f13db9f5997679a11

SHA512
d9d630a0e4655d649837615d02fa9f2790a94305cb8e6d8c680a558946f1896851153ffe8158b94922b017c9cab6e5c83d4a0854b4642e1a6358b1bdf14fed6d

Download Submit
C:\Windows\system\gVqzJKM.exe

Filesize
6.0MB

MD5
2e1031153dcd2c23b50f816d08fadade

SHA1
90191ce241771513c274c4cbfa620a7cc001a271

SHA256
f563f4587b225c15e359ad3fc03cb0f4eda475b2aaa44b50372525a1ad68525f

SHA512
8f18f19efe44630d4291f8f6ee1b92d7eeb464a8a084308ac1c8135919aa24818fb330d519bf9e83e2bd20f11d1e0f371603a3957d7e69f0ee596d53848829b9

Download Submit
C:\Windows\system\gdwqTYn.exe

Filesize
6.0MB

MD5
9e8f2e6148a5d8b6d04a3f0cb8d18d90

SHA1
9bdca765d7be8c6df50ee3838adcf1ff247602bc

SHA256
81887c1268443d2e962db11b906ad97e23a319e225e1e47d9665e485cf48899e

SHA512
5be1558a591686b397b1e3d1a28f4d1d3f6dbe692dc00aa430e555c633ff0bf87a389947d3f4636a6ae350f9275e523f70d5df861a50bf342a71f46b5785a5c6

Download Submit
C:\Windows\system\gqSnunC.exe

Filesize
6.0MB

MD5
2d29dc062d704122c5aeabd83ddaada2

SHA1
a7b73b8cbf74358031dd1ca98b61754f0b3c5f8a

SHA256
65e9d520ff0cd8853692d502478934b06af42dab6c84c257f13a7cd66d606f1d

SHA512
2d76bfc25373cb67bf56aabddb851554e43ec303eab3ae73736a2762640f194f288fb4de652f57d253f23dfa591d88ce8b41551ebe8f15345a7048d2cfab1752

Download Submit
C:\Windows\system\isTDnrw.exe

Filesize
6.0MB

MD5
3afc4ff0192c97c363db064ea9712ca6

SHA1
0521cb06c733da20a8b5b56042f09c3a2ab87da4

SHA256
1bdbd365d148dda39b9d5c2293f161a57fdd9e9b269008500acd2c5d28e49a24

SHA512
4a0ae6b62ccc6307cb01fc0fa8315b58ec317fdc31bd360a8f517666a3729b87e418ae4c08a1c21828ad694b6f8e25f06edfe8bb8440148d3d7c86fce2d263e1

Download Submit
C:\Windows\system\kdPHKhp.exe

Filesize
6.0MB

MD5
3adf27ef64c04a8fea6652ec6720a8ec

SHA1
6ef343006bc7e2003a8a7ff77886ca228740d4b6

SHA256
177824cad132c06cf3c2e92511e02d1680c5eafa4a9c4274c8cc341b23ee4c96

SHA512
98857b47e57fe35a5907f3ee3f316da8062543bf64edf4915fe4e98ba61c5744555642f2fd6fe05c58b63fb4c7ad1ff9e954eb983980bfd7f85e96b920398a99

Download Submit
C:\Windows\system\lrYuTPy.exe

Filesize
6.0MB

MD5
555f910c16d9f2bf53ea148178f59e1d

SHA1
49167598968c3e50c57dbd728f0aa8f092a23454

SHA256
21a1025c956ff9edc8b482c6068446a4370c98bdad2884cc7f8261db4337dcaa

SHA512
57019de089133aa61a329087d3ba2871d5356329d326dbeca5f9ed8e3dde514243cec41e537bd241efdc6127575dc4308bac0d73ab4571ba4c3935fa304b2579

Download Submit
C:\Windows\system\lubHKed.exe

Filesize
6.0MB

MD5
3df242c5513a903aaf94404ca8b5a45a

SHA1
be451f457ac86d0576f35a5572fd587988ec2388

SHA256
93eaf7c255ed36a9cefdacad6b42248d0f0a5053ed2dda4d935d082585336f8f

SHA512
9b0087b5e44b2d0ab61505f14e8ac97116ec4a3286e86f19b12ecc0e23d8dda5508c380a7219a5477f80ae3839d3c156294c66c2365381cb5dcf94e55dee3915

Download Submit
C:\Windows\system\svtTUAx.exe

Filesize
6.0MB

MD5
25d57341086f2823e50058bc5d3e5d1c

SHA1
3f6e87fee9d436b5424c28694580be3eb31627e0

SHA256
95a6b632d41958cc54daaf88b6de77ea699afe71113bc357758e284aa0087bbc

SHA512
4b40552c61d500d4ec275c755b731953c2e922eec7a55d462357afe3d6974565911c5502f9d9574e82a337d540e6083107c531419408d9bf7b677e8076a83c2b

Download Submit
C:\Windows\system\swZwgVx.exe

Filesize
6.0MB

MD5
55e3364363fc59261e2d9773cefbc4e9

SHA1
5d8327c87948982c29cdceaffcaf0eaae5273d28

SHA256
1f9b063dc9019fa57ed3e98481284815651a2dd67ab7829f5a88555159e39d6e

SHA512
60eb6e930f8c4b000767eca5e263ad4f855ef26338a2e5cb3aaa5b991c11bc2c5b3816a5729a703e05da01dec6e18c638cab4d44b78072e84c8242bc6f90f11b

Download Submit
C:\Windows\system\tdqTkfk.exe

Filesize
6.0MB

MD5
bb0cad616f577e42fbb5e1a7a6ba1135

SHA1
0ff311a29c4f7771a5c7b4b69c413bd63a2e128c

SHA256
b8f32562a6a97441c1fc750b13d00c017b7cd176750449f49220ae8aaca2f771

SHA512
604ab3b0de492b5cbcf8c3960186a35113016314e30aa06eaea25176b10c7f945d74d36f9e2a0d63c2f2c41fd046dcb5010738e733e741359ca223c8a3e658d6

Download Submit
C:\Windows\system\uSWtiWz.exe

Filesize
6.0MB

MD5
f6611a235942b86212e3d96e33341ab3

SHA1
57949257a7b52bbdd1f57cc1addc83b9457c2d94

SHA256
f3314d97ef42006240c927fe62351c9ba018f1eef7f13d035ff259915c3be0c7

SHA512
b5badaf410a74244de87549dfc14e287cff0f18c01b7251a3bdf568f6cc06b2293ec970fad88b0820f4d1e941e730ef475b3a11b5c9fd3fe29d88a43c1d458d3

Download Submit
C:\Windows\system\uVVXQec.exe

Filesize
6.0MB

MD5
0b34c512492fc4cec7d60edebbc236c5

SHA1
b45ce6997586dad594084a198eb408eb561b5150

SHA256
a1f32308bdc46dc2fc09a379ca103e26ab944fe97f50eb5fdf085049431a3ea1

SHA512
813185633a696bc8b8b1e216302a9ed2444d10ca13e9e50a05476c2384f39ae929ce4787808b4ccbb72cbc739eb7140dbce583cf34f19c48619e0f3798721067

Download Submit
C:\Windows\system\zQDEeKp.exe

Filesize
6.0MB

MD5
f9764a931e67cab9ba155a29986e1b9e

SHA1
56da38f90ab0a90a033774fb1b7c57ebd8680417

SHA256
6f825b163fad04424366eb3432aa9ee81628134c575286c9dd10769276489f78

SHA512
a2412d9d3e9f5dfe7c1654c7a6d30e4de177c3900bba8f17581a9cff3e2561821bcad31575a03a2ab8e2844a71a8593af1266e0fd9de2d3711bda4223a96b957

Download Submit
\Windows\system\GkgBJIJ.exe

Filesize
6.0MB

MD5
d2d42b41d73a5f4c8e6e47dd0f5f6cc7

SHA1
2e58397114ce11a434baac96743203c88587efc7

SHA256
7f6a8ac162cbd580a6c65d41de423afbf65a7164461cfe19d1e512f0911139ca

SHA512
3a5623827a2fd98fb04c11d708441856be7ead83d00a9d3bcee4c991e554072c9edee991635f6ce4438563edb10f7aaa6510bd73ad8c0cbdebe9f47ce052cd00

Download Submit
\Windows\system\HHLdSkj.exe

Filesize
6.0MB

MD5
e088a750dd383f1bceb51fd7ef5252d1

SHA1
bc1595d0509d8bfc96b040221a263699ff6217ca

SHA256
f9ee791d43042b7e8814d54ca584c17e78b37f5b8138d883a308b74458809482

SHA512
08689caa4fe0b4992dbe07bd0fce9a02a7f2828264a76ae36c8d862eb4bc5ef51be9e2d3621fae34c4717dd6ca12e55d1da1b6cfee8aa9bc960ecf4e1cb1c23c

Download Submit
\Windows\system\IqHLqki.exe

Filesize
6.0MB

MD5
7e099ee18e198a44d053d01d2ec4b677

SHA1
292f954119e35abfc0e9d3030d5ca908ab4f8bc3

SHA256
c891d365a4ea93e10ccc260a39bf754be713047f15aab0af649762a3e1d2a24a

SHA512
10b0972d5c30f2be6ae3c8a3dba12808e1709a44b73fbc2b23795f2f30db3b470a25f5cb94ae4875ad9c79ff17a26060a12739b9026f1197e230edac1f3984c4

Download Submit
\Windows\system\Qvdxtuh.exe

Filesize
6.0MB

MD5
8912c514b7c82443b0e2a8b7bd7f899c

SHA1
ab113b7b6f8b670a7b0a8d4622728ead38f1b491

SHA256
5a68a938f616f98fef65eb26426f4e7cf0686954e93cfc7dc396969166f748b0

SHA512
6311d8292db194842625500bee17be08a44d9014535a42d76054c0bbc3cbc9b2ac849bd39d274f5a9790b353ccd0aebdb8bf6b9a2503ad21033dadbfa84b3b3f

Download Submit
\Windows\system\eDyehyH.exe

Filesize
6.0MB

MD5
99e93f9e6dc81e97c4864f1369539ead

SHA1
2f6c0b78946e24cb2902075e5063034efffadd56

SHA256
a661afb8ebf45651d3153d0b4a3509e6121e3a0bd4734996559edb304a5d5432

SHA512
6643cb45c9c1ed5a97ab000a407b3b8300602d03a27cf303741d7bcc9bd869524d6900ed859965674f1eee4901eb2a61ab79e560fc13a77c756dd9d034def2d5

Download Submit
\Windows\system\ezZyghk.exe

Filesize
6.0MB

MD5
5bfbb11136d7217536617653b7aff548

SHA1
e0de735725b1887bbc9285d651c2a0c19398331c

SHA256
3fc40511adbb6d74cf882b336dc36995c9dacf7316b9dce791dc8fbf4c1a7b59

SHA512
e30f1d8fd174d8e06435976fc675a9751c8f5dbe505b8be9548ec50b5234a5a1a3248a9dc08a5d9042d12b0b042f4c11b194a1f76a900549b7c054d22e822984

Download Submit
\Windows\system\jrbAqNR.exe

Filesize
6.0MB

MD5
e894b77da9502a50ed2b5c876c1f9c9f

SHA1
bc9934425f1aaf481991eec62d460e5ca2742a20

SHA256
8565c029cfbdb62157ba54f303dad6dd07d645442f23928e6e6ad214959d99e7

SHA512
4d40de6526bd27dd3c55b93587f782568e7ea5377775aa9da48c2258114b6642e94e8cc6a1f2b6b89a786bbc8d3202339934625aa1f3ed66674f775f936dc858

Download Submit
memory/308-91-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/308-765-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/308-4088-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/576-4089-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/576-63-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/816-4092-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/816-575-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/816-83-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1744-4091-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-99-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-78-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2096-4090-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2196-56-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2196-4137-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2228-1196-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2228-64-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-574-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2228-764-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2228-0-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-946-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-105-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2228-70-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2228-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2228-73-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2228-48-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2228-51-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2228-32-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2228-98-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-90-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2228-22-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2228-34-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2228-82-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2228-37-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2228-345-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2228-62-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2276-4138-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2276-71-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2628-49-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-4087-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-29-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2708-4086-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4135-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2716-42-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2744-35-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2744-4085-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2784-33-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2784-4023-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2820-26-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3960-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-31-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-4136-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download