cobaltstrike | 0cea25ce2a79b08f727d83cd0eb4f31d3af1a72d4b778b818176d8659a59167f

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 13:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

caffe66405dc30993c5df3e68003e6ee
SHA1

a6a6b142e97d11cc958a8f0f0ded1c67ff9828d2
SHA256

0cea25ce2a79b08f727d83cd0eb4f31d3af1a72d4b778b818176d8659a59167f
SHA512

2dded0046117a40cd282542391a819ac6c3746f7b838d63dbc5bb22c3e0ded76a875e8118ccbdb99facbb3cd310a731a16625e9bfba57cd97d24584bc496c68b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUD:T+q56utgpPF8u/7D

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\waaIodn.exe	cobalt_reflective_dll
C:\Windows\system\jVmcAdS.exe	cobalt_reflective_dll
\Windows\system\PoEPMXL.exe	cobalt_reflective_dll
C:\Windows\system\AmhivWc.exe	cobalt_reflective_dll
C:\Windows\system\fseMHgr.exe	cobalt_reflective_dll
C:\Windows\system\zUYOoAP.exe	cobalt_reflective_dll
C:\Windows\system\eUJzfra.exe	cobalt_reflective_dll
C:\Windows\system\gqHWWUA.exe	cobalt_reflective_dll
C:\Windows\system\DvUHbFU.exe	cobalt_reflective_dll
C:\Windows\system\eWsYsMs.exe	cobalt_reflective_dll
C:\Windows\system\QRHnMFj.exe	cobalt_reflective_dll
C:\Windows\system\LKwovkU.exe	cobalt_reflective_dll
C:\Windows\system\VJXUTor.exe	cobalt_reflective_dll
C:\Windows\system\wQqGvjj.exe	cobalt_reflective_dll
C:\Windows\system\RpGWfKR.exe	cobalt_reflective_dll
C:\Windows\system\qEcpHgM.exe	cobalt_reflective_dll
C:\Windows\system\YlyNFWY.exe	cobalt_reflective_dll
C:\Windows\system\BXalTOQ.exe	cobalt_reflective_dll
C:\Windows\system\xXjttii.exe	cobalt_reflective_dll
C:\Windows\system\RpBPMxV.exe	cobalt_reflective_dll
C:\Windows\system\HjuVFWm.exe	cobalt_reflective_dll
C:\Windows\system\MxgjyRv.exe	cobalt_reflective_dll
C:\Windows\system\TFHtazW.exe	cobalt_reflective_dll
C:\Windows\system\EgQwOZi.exe	cobalt_reflective_dll
C:\Windows\system\SXhmHpu.exe	cobalt_reflective_dll
C:\Windows\system\uwPexKo.exe	cobalt_reflective_dll
C:\Windows\system\OzEHspj.exe	cobalt_reflective_dll
C:\Windows\system\WoVXAtr.exe	cobalt_reflective_dll
C:\Windows\system\mxgmMTX.exe	cobalt_reflective_dll
C:\Windows\system\GUeXuuY.exe	cobalt_reflective_dll
\Windows\system\bQzuFcB.exe	cobalt_reflective_dll
C:\Windows\system\EddrMqk.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2088-0-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
\Windows\system\waaIodn.exe	xmrig
C:\Windows\system\jVmcAdS.exe	xmrig
behavioral1/memory/2708-13-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2160-11-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
\Windows\system\PoEPMXL.exe	xmrig
behavioral1/memory/3004-20-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
C:\Windows\system\AmhivWc.exe	xmrig
behavioral1/memory/2860-26-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
C:\Windows\system\fseMHgr.exe	xmrig
behavioral1/memory/2160-40-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2708-48-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
C:\Windows\system\zUYOoAP.exe	xmrig
behavioral1/memory/2612-54-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/3004-56-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/1448-88-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/1972-106-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
C:\Windows\system\eUJzfra.exe	xmrig
C:\Windows\system\gqHWWUA.exe	xmrig
C:\Windows\system\DvUHbFU.exe	xmrig
behavioral1/memory/1972-920-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/1712-771-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/1448-581-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2220-402-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/1744-228-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
C:\Windows\system\eWsYsMs.exe	xmrig
C:\Windows\system\QRHnMFj.exe	xmrig
C:\Windows\system\LKwovkU.exe	xmrig
C:\Windows\system\VJXUTor.exe	xmrig
C:\Windows\system\wQqGvjj.exe	xmrig
C:\Windows\system\RpGWfKR.exe	xmrig
C:\Windows\system\qEcpHgM.exe	xmrig
C:\Windows\system\YlyNFWY.exe	xmrig
C:\Windows\system\BXalTOQ.exe	xmrig
C:\Windows\system\xXjttii.exe	xmrig
C:\Windows\system\RpBPMxV.exe	xmrig
C:\Windows\system\HjuVFWm.exe	xmrig
C:\Windows\system\MxgjyRv.exe	xmrig
C:\Windows\system\TFHtazW.exe	xmrig
C:\Windows\system\EgQwOZi.exe	xmrig
behavioral1/memory/1712-97-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2824-96-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
C:\Windows\system\SXhmHpu.exe	xmrig
behavioral1/memory/2612-92-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/1620-105-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
C:\Windows\system\uwPexKo.exe	xmrig
behavioral1/memory/2220-80-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
C:\Windows\system\OzEHspj.exe	xmrig
behavioral1/memory/2624-77-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
C:\Windows\system\WoVXAtr.exe	xmrig
behavioral1/memory/1620-66-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2860-65-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
C:\Windows\system\mxgmMTX.exe	xmrig
behavioral1/memory/1744-73-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2720-72-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
C:\Windows\system\GUeXuuY.exe	xmrig
behavioral1/memory/2088-69-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2624-45-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2824-57-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
\Windows\system\bQzuFcB.exe	xmrig
behavioral1/memory/2720-33-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
C:\Windows\system\EddrMqk.exe	xmrig
behavioral1/memory/2088-36-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2160-3163-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

waaIodn.exejVmcAdS.exePoEPMXL.exeAmhivWc.exeEddrMqk.exefseMHgr.exezUYOoAP.exebQzuFcB.exemxgmMTX.exeGUeXuuY.exeOzEHspj.exeWoVXAtr.exeSXhmHpu.exeuwPexKo.exeEgQwOZi.exeTFHtazW.exeMxgjyRv.exeeUJzfra.exeHjuVFWm.exeRpBPMxV.exegqHWWUA.exexXjttii.exeBXalTOQ.exeYlyNFWY.exeqEcpHgM.exeRpGWfKR.exewQqGvjj.exeDvUHbFU.exeVJXUTor.exeLKwovkU.exeQRHnMFj.exeeWsYsMs.exeiZViFML.exembwjMjX.exeMCbYaGl.exePCkXqQE.exeALlhUzx.exetKoxkrG.exeCYiOsnv.exeoEkJJOL.exeBrvAgTQ.exeYyIuDZe.exeDyeFzwy.exeaLECsOm.exeebSmBvr.exelzcJDrA.exeKsFTSbf.exeemSWcvl.exebfjpePe.exeJNuYvzG.exeIyRpJRj.exejddVzaS.exeKdaMaRv.exetVJGJrY.exexgOsuGi.exeMMYqCYb.exeqkJEzYj.exeNLaoioc.exeDLhPsyo.exevxBOtCd.exePLIrBVb.exeZSiyBiA.execVPKuKr.exefcGWyhW.exe

pid	process
2160	waaIodn.exe
2708	jVmcAdS.exe
3004	PoEPMXL.exe
2860	AmhivWc.exe
2720	EddrMqk.exe
2624	fseMHgr.exe
2612	zUYOoAP.exe
2824	bQzuFcB.exe
1620	mxgmMTX.exe
1744	GUeXuuY.exe
2220	OzEHspj.exe
1448	WoVXAtr.exe
1712	SXhmHpu.exe
1972	uwPexKo.exe
2344	EgQwOZi.exe
2588	TFHtazW.exe
864	MxgjyRv.exe
2920	eUJzfra.exe
1916	HjuVFWm.exe
568	RpBPMxV.exe
1332	gqHWWUA.exe
544	xXjttii.exe
1148	BXalTOQ.exe
2332	YlyNFWY.exe
2460	qEcpHgM.exe
2244	RpGWfKR.exe
2492	wQqGvjj.exe
748	DvUHbFU.exe
1604	VJXUTor.exe
2260	LKwovkU.exe
1680	QRHnMFj.exe
1232	eWsYsMs.exe
332	iZViFML.exe
1696	mbwjMjX.exe
1668	MCbYaGl.exe
1664	PCkXqQE.exe
2192	ALlhUzx.exe
2376	tKoxkrG.exe
880	CYiOsnv.exe
2216	oEkJJOL.exe
2872	BrvAgTQ.exe
976	YyIuDZe.exe
356	DyeFzwy.exe
3032	aLECsOm.exe
796	ebSmBvr.exe
1320	lzcJDrA.exe
1632	KsFTSbf.exe
1984	emSWcvl.exe
268	bfjpePe.exe
2532	JNuYvzG.exe
2292	IyRpJRj.exe
2976	jddVzaS.exe
1932	KdaMaRv.exe
2328	tVJGJrY.exe
2848	xgOsuGi.exe
2988	MMYqCYb.exe
2676	qkJEzYj.exe
2892	NLaoioc.exe
2604	DLhPsyo.exe
2468	vxBOtCd.exe
1720	PLIrBVb.exe
1644	ZSiyBiA.exe
2004	cVPKuKr.exe
588	fcGWyhW.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2088-0-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
\Windows\system\waaIodn.exe	upx
C:\Windows\system\jVmcAdS.exe	upx
behavioral1/memory/2708-13-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2160-11-0x000000013F600000-0x000000013F954000-memory.dmp	upx
\Windows\system\PoEPMXL.exe	upx
behavioral1/memory/3004-20-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
C:\Windows\system\AmhivWc.exe	upx
behavioral1/memory/2860-26-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
C:\Windows\system\fseMHgr.exe	upx
behavioral1/memory/2160-40-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2708-48-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
C:\Windows\system\zUYOoAP.exe	upx
behavioral1/memory/2612-54-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/3004-56-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/1448-88-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/1972-106-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
C:\Windows\system\eUJzfra.exe	upx
C:\Windows\system\gqHWWUA.exe	upx
C:\Windows\system\DvUHbFU.exe	upx
behavioral1/memory/1972-920-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/1712-771-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/1448-581-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2220-402-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/1744-228-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
C:\Windows\system\eWsYsMs.exe	upx
C:\Windows\system\QRHnMFj.exe	upx
C:\Windows\system\LKwovkU.exe	upx
C:\Windows\system\VJXUTor.exe	upx
C:\Windows\system\wQqGvjj.exe	upx
C:\Windows\system\RpGWfKR.exe	upx
C:\Windows\system\qEcpHgM.exe	upx
C:\Windows\system\YlyNFWY.exe	upx
C:\Windows\system\BXalTOQ.exe	upx
C:\Windows\system\xXjttii.exe	upx
C:\Windows\system\RpBPMxV.exe	upx
C:\Windows\system\HjuVFWm.exe	upx
C:\Windows\system\MxgjyRv.exe	upx
C:\Windows\system\TFHtazW.exe	upx
C:\Windows\system\EgQwOZi.exe	upx
behavioral1/memory/1712-97-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2824-96-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
C:\Windows\system\SXhmHpu.exe	upx
behavioral1/memory/2612-92-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/1620-105-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
C:\Windows\system\uwPexKo.exe	upx
behavioral1/memory/2220-80-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
C:\Windows\system\OzEHspj.exe	upx
behavioral1/memory/2624-77-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
C:\Windows\system\WoVXAtr.exe	upx
behavioral1/memory/1620-66-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2860-65-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
C:\Windows\system\mxgmMTX.exe	upx
behavioral1/memory/1744-73-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2720-72-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
C:\Windows\system\GUeXuuY.exe	upx
behavioral1/memory/2624-45-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2824-57-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
\Windows\system\bQzuFcB.exe	upx
behavioral1/memory/2720-33-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
C:\Windows\system\EddrMqk.exe	upx
behavioral1/memory/2088-36-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2160-3163-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2708-3161-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\LPELMxG.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VLsqEax.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BQQQLDX.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\epjvBYI.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RAlROKT.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iylehJh.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpKkpba.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdzfVJC.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jABQnmt.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yonFSkQ.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DnStgoX.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPIEyZg.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FGZESke.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHDTaRu.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xDAAiLK.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MeJOjtE.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQuoQMO.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aqjuUjq.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqnMNPP.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oufjAtU.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GclWgEC.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MoHdNBW.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UqGVrMH.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LOgHUpz.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XaIJqci.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwVyxwu.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPLqHOZ.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KimhXCA.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnFVhgn.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stNjBWQ.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ALOogxc.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ujuDnQB.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCDGzeD.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fYYufBG.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OmEEzNI.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NvoYLCt.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mxSfMcQ.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RxjpEbP.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzskAoI.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sANQxhZ.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CYiOsnv.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pVfmkUu.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cZpxlmj.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXVKtiW.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMJLTwd.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWZjZPu.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zzNYAKm.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\udKCrfE.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AekeUlj.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tYjESXb.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUfwsYy.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXtLVob.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NoQWuVZ.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEIonnI.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NyQcUBm.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YrTjCnU.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fyikjUe.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tPigjBf.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DespPAV.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pAZktLb.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfMiQOb.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\njiLSYV.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LwYExjG.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbEpWJb.exe	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2088 wrote to memory of 2160	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	waaIodn.exe
PID 2088 wrote to memory of 2160	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	waaIodn.exe
PID 2088 wrote to memory of 2160	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	waaIodn.exe
PID 2088 wrote to memory of 2708	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	jVmcAdS.exe
PID 2088 wrote to memory of 2708	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	jVmcAdS.exe
PID 2088 wrote to memory of 2708	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	jVmcAdS.exe
PID 2088 wrote to memory of 3004	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	PoEPMXL.exe
PID 2088 wrote to memory of 3004	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	PoEPMXL.exe
PID 2088 wrote to memory of 3004	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	PoEPMXL.exe
PID 2088 wrote to memory of 2860	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	AmhivWc.exe
PID 2088 wrote to memory of 2860	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	AmhivWc.exe
PID 2088 wrote to memory of 2860	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	AmhivWc.exe
PID 2088 wrote to memory of 2720	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	EddrMqk.exe
PID 2088 wrote to memory of 2720	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	EddrMqk.exe
PID 2088 wrote to memory of 2720	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	EddrMqk.exe
PID 2088 wrote to memory of 2624	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	fseMHgr.exe
PID 2088 wrote to memory of 2624	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	fseMHgr.exe
PID 2088 wrote to memory of 2624	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	fseMHgr.exe
PID 2088 wrote to memory of 2824	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	bQzuFcB.exe
PID 2088 wrote to memory of 2824	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	bQzuFcB.exe
PID 2088 wrote to memory of 2824	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	bQzuFcB.exe
PID 2088 wrote to memory of 2612	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	zUYOoAP.exe
PID 2088 wrote to memory of 2612	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	zUYOoAP.exe
PID 2088 wrote to memory of 2612	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	zUYOoAP.exe
PID 2088 wrote to memory of 1620	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	mxgmMTX.exe
PID 2088 wrote to memory of 1620	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	mxgmMTX.exe
PID 2088 wrote to memory of 1620	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	mxgmMTX.exe
PID 2088 wrote to memory of 1744	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	GUeXuuY.exe
PID 2088 wrote to memory of 1744	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	GUeXuuY.exe
PID 2088 wrote to memory of 1744	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	GUeXuuY.exe
PID 2088 wrote to memory of 2220	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	OzEHspj.exe
PID 2088 wrote to memory of 2220	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	OzEHspj.exe
PID 2088 wrote to memory of 2220	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	OzEHspj.exe
PID 2088 wrote to memory of 1448	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	WoVXAtr.exe
PID 2088 wrote to memory of 1448	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	WoVXAtr.exe
PID 2088 wrote to memory of 1448	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	WoVXAtr.exe
PID 2088 wrote to memory of 1712	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	SXhmHpu.exe
PID 2088 wrote to memory of 1712	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	SXhmHpu.exe
PID 2088 wrote to memory of 1712	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	SXhmHpu.exe
PID 2088 wrote to memory of 1972	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	uwPexKo.exe
PID 2088 wrote to memory of 1972	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	uwPexKo.exe
PID 2088 wrote to memory of 1972	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	uwPexKo.exe
PID 2088 wrote to memory of 2344	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	EgQwOZi.exe
PID 2088 wrote to memory of 2344	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	EgQwOZi.exe
PID 2088 wrote to memory of 2344	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	EgQwOZi.exe
PID 2088 wrote to memory of 2588	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	TFHtazW.exe
PID 2088 wrote to memory of 2588	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	TFHtazW.exe
PID 2088 wrote to memory of 2588	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	TFHtazW.exe
PID 2088 wrote to memory of 864	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	MxgjyRv.exe
PID 2088 wrote to memory of 864	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	MxgjyRv.exe
PID 2088 wrote to memory of 864	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	MxgjyRv.exe
PID 2088 wrote to memory of 2920	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	eUJzfra.exe
PID 2088 wrote to memory of 2920	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	eUJzfra.exe
PID 2088 wrote to memory of 2920	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	eUJzfra.exe
PID 2088 wrote to memory of 1916	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	HjuVFWm.exe
PID 2088 wrote to memory of 1916	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	HjuVFWm.exe
PID 2088 wrote to memory of 1916	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	HjuVFWm.exe
PID 2088 wrote to memory of 568	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	RpBPMxV.exe
PID 2088 wrote to memory of 568	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	RpBPMxV.exe
PID 2088 wrote to memory of 568	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	RpBPMxV.exe
PID 2088 wrote to memory of 1332	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	gqHWWUA.exe
PID 2088 wrote to memory of 1332	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	gqHWWUA.exe
PID 2088 wrote to memory of 1332	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	gqHWWUA.exe
PID 2088 wrote to memory of 544	2088	2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe	xXjttii.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-22_caffe66405dc30993c5df3e68003e6ee_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\System\waaIodn.exe
  C:\Windows\System\waaIodn.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\jVmcAdS.exe
  C:\Windows\System\jVmcAdS.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\PoEPMXL.exe
  C:\Windows\System\PoEPMXL.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\AmhivWc.exe
  C:\Windows\System\AmhivWc.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\EddrMqk.exe
  C:\Windows\System\EddrMqk.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\fseMHgr.exe
  C:\Windows\System\fseMHgr.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\bQzuFcB.exe
  C:\Windows\System\bQzuFcB.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\zUYOoAP.exe
  C:\Windows\System\zUYOoAP.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\mxgmMTX.exe
  C:\Windows\System\mxgmMTX.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\GUeXuuY.exe
  C:\Windows\System\GUeXuuY.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\OzEHspj.exe
  C:\Windows\System\OzEHspj.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\WoVXAtr.exe
  C:\Windows\System\WoVXAtr.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\SXhmHpu.exe
  C:\Windows\System\SXhmHpu.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\uwPexKo.exe
  C:\Windows\System\uwPexKo.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\EgQwOZi.exe
  C:\Windows\System\EgQwOZi.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\TFHtazW.exe
  C:\Windows\System\TFHtazW.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\MxgjyRv.exe
  C:\Windows\System\MxgjyRv.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\eUJzfra.exe
  C:\Windows\System\eUJzfra.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\HjuVFWm.exe
  C:\Windows\System\HjuVFWm.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\RpBPMxV.exe
  C:\Windows\System\RpBPMxV.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\gqHWWUA.exe
  C:\Windows\System\gqHWWUA.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\xXjttii.exe
  C:\Windows\System\xXjttii.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\BXalTOQ.exe
  C:\Windows\System\BXalTOQ.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\YlyNFWY.exe
  C:\Windows\System\YlyNFWY.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\qEcpHgM.exe
  C:\Windows\System\qEcpHgM.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\RpGWfKR.exe
  C:\Windows\System\RpGWfKR.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\wQqGvjj.exe
  C:\Windows\System\wQqGvjj.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\DvUHbFU.exe
  C:\Windows\System\DvUHbFU.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\VJXUTor.exe
  C:\Windows\System\VJXUTor.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\LKwovkU.exe
  C:\Windows\System\LKwovkU.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\QRHnMFj.exe
  C:\Windows\System\QRHnMFj.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\eWsYsMs.exe
  C:\Windows\System\eWsYsMs.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\iZViFML.exe
  C:\Windows\System\iZViFML.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\mbwjMjX.exe
  C:\Windows\System\mbwjMjX.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\MCbYaGl.exe
  C:\Windows\System\MCbYaGl.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\PCkXqQE.exe
  C:\Windows\System\PCkXqQE.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\ALlhUzx.exe
  C:\Windows\System\ALlhUzx.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\tKoxkrG.exe
  C:\Windows\System\tKoxkrG.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\CYiOsnv.exe
  C:\Windows\System\CYiOsnv.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\oEkJJOL.exe
  C:\Windows\System\oEkJJOL.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\BrvAgTQ.exe
  C:\Windows\System\BrvAgTQ.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\YyIuDZe.exe
  C:\Windows\System\YyIuDZe.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\DyeFzwy.exe
  C:\Windows\System\DyeFzwy.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\aLECsOm.exe
  C:\Windows\System\aLECsOm.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\ebSmBvr.exe
  C:\Windows\System\ebSmBvr.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\lzcJDrA.exe
  C:\Windows\System\lzcJDrA.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\KsFTSbf.exe
  C:\Windows\System\KsFTSbf.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\emSWcvl.exe
  C:\Windows\System\emSWcvl.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\bfjpePe.exe
  C:\Windows\System\bfjpePe.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\JNuYvzG.exe
  C:\Windows\System\JNuYvzG.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\IyRpJRj.exe
  C:\Windows\System\IyRpJRj.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\jddVzaS.exe
  C:\Windows\System\jddVzaS.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\KdaMaRv.exe
  C:\Windows\System\KdaMaRv.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\tVJGJrY.exe
  C:\Windows\System\tVJGJrY.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\xgOsuGi.exe
  C:\Windows\System\xgOsuGi.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\MMYqCYb.exe
  C:\Windows\System\MMYqCYb.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\qkJEzYj.exe
  C:\Windows\System\qkJEzYj.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\NLaoioc.exe
  C:\Windows\System\NLaoioc.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\DLhPsyo.exe
  C:\Windows\System\DLhPsyo.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\vxBOtCd.exe
  C:\Windows\System\vxBOtCd.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\PLIrBVb.exe
  C:\Windows\System\PLIrBVb.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\ZSiyBiA.exe
  C:\Windows\System\ZSiyBiA.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\cVPKuKr.exe
  C:\Windows\System\cVPKuKr.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\fcGWyhW.exe
  C:\Windows\System\fcGWyhW.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\duZGNmW.exe
  C:\Windows\System\duZGNmW.exe
  2⤵
  PID:2936
- C:\Windows\System\NnQUhva.exe
  C:\Windows\System\NnQUhva.exe
  2⤵
  PID:572
- C:\Windows\System\HzJTjZs.exe
  C:\Windows\System\HzJTjZs.exe
  2⤵
  PID:1268
- C:\Windows\System\zxXuEzs.exe
  C:\Windows\System\zxXuEzs.exe
  2⤵
  PID:908
- C:\Windows\System\BoYwlCP.exe
  C:\Windows\System\BoYwlCP.exe
  2⤵
  PID:1672
- C:\Windows\System\ALaUoMl.exe
  C:\Windows\System\ALaUoMl.exe
  2⤵
  PID:2436
- C:\Windows\System\IZALNvr.exe
  C:\Windows\System\IZALNvr.exe
  2⤵
  PID:496
- C:\Windows\System\KtUQeqw.exe
  C:\Windows\System\KtUQeqw.exe
  2⤵
  PID:1800
- C:\Windows\System\XonFTqN.exe
  C:\Windows\System\XonFTqN.exe
  2⤵
  PID:408
- C:\Windows\System\ecbnqLY.exe
  C:\Windows\System\ecbnqLY.exe
  2⤵
  PID:1612
- C:\Windows\System\HrNUOfm.exe
  C:\Windows\System\HrNUOfm.exe
  2⤵
  PID:1536
- C:\Windows\System\ysXOSOf.exe
  C:\Windows\System\ysXOSOf.exe
  2⤵
  PID:1616
- C:\Windows\System\QuOQpsG.exe
  C:\Windows\System\QuOQpsG.exe
  2⤵
  PID:1732
- C:\Windows\System\aJfbGjg.exe
  C:\Windows\System\aJfbGjg.exe
  2⤵
  PID:772
- C:\Windows\System\vZUeuym.exe
  C:\Windows\System\vZUeuym.exe
  2⤵
  PID:2688
- C:\Windows\System\dgdXJjk.exe
  C:\Windows\System\dgdXJjk.exe
  2⤵
  PID:2868
- C:\Windows\System\GlwrzFi.exe
  C:\Windows\System\GlwrzFi.exe
  2⤵
  PID:1500
- C:\Windows\System\RmUJfJp.exe
  C:\Windows\System\RmUJfJp.exe
  2⤵
  PID:1284
- C:\Windows\System\RVexQOr.exe
  C:\Windows\System\RVexQOr.exe
  2⤵
  PID:1736
- C:\Windows\System\YNXDoEc.exe
  C:\Windows\System\YNXDoEc.exe
  2⤵
  PID:2240
- C:\Windows\System\MkVVcnx.exe
  C:\Windows\System\MkVVcnx.exe
  2⤵
  PID:1524
- C:\Windows\System\LuuruRk.exe
  C:\Windows\System\LuuruRk.exe
  2⤵
  PID:3052
- C:\Windows\System\YEDyIuH.exe
  C:\Windows\System\YEDyIuH.exe
  2⤵
  PID:2748
- C:\Windows\System\vOKtiBr.exe
  C:\Windows\System\vOKtiBr.exe
  2⤵
  PID:2760
- C:\Windows\System\xTaIGRY.exe
  C:\Windows\System\xTaIGRY.exe
  2⤵
  PID:2472
- C:\Windows\System\PGtWOtk.exe
  C:\Windows\System\PGtWOtk.exe
  2⤵
  PID:3064
- C:\Windows\System\yhEDsKf.exe
  C:\Windows\System\yhEDsKf.exe
  2⤵
  PID:2864
- C:\Windows\System\NHpRjHy.exe
  C:\Windows\System\NHpRjHy.exe
  2⤵
  PID:1988
- C:\Windows\System\ubBynkT.exe
  C:\Windows\System\ubBynkT.exe
  2⤵
  PID:1904
- C:\Windows\System\OrXUBSK.exe
  C:\Windows\System\OrXUBSK.exe
  2⤵
  PID:1608
- C:\Windows\System\YGZHPZP.exe
  C:\Windows\System\YGZHPZP.exe
  2⤵
  PID:2052
- C:\Windows\System\LxJsFww.exe
  C:\Windows\System\LxJsFww.exe
  2⤵
  PID:2580
- C:\Windows\System\cOmLsvk.exe
  C:\Windows\System\cOmLsvk.exe
  2⤵
  PID:2236
- C:\Windows\System\LHgjEMz.exe
  C:\Windows\System\LHgjEMz.exe
  2⤵
  PID:2448
- C:\Windows\System\VMnPxWt.exe
  C:\Windows\System\VMnPxWt.exe
  2⤵
  PID:956
- C:\Windows\System\MObuWyX.exe
  C:\Windows\System\MObuWyX.exe
  2⤵
  PID:1780
- C:\Windows\System\FGZESke.exe
  C:\Windows\System\FGZESke.exe
  2⤵
  PID:2212
- C:\Windows\System\DTScjQf.exe
  C:\Windows\System\DTScjQf.exe
  2⤵
  PID:2956
- C:\Windows\System\SkDpgaB.exe
  C:\Windows\System\SkDpgaB.exe
  2⤵
  PID:2068
- C:\Windows\System\JPKnnDw.exe
  C:\Windows\System\JPKnnDw.exe
  2⤵
  PID:1676
- C:\Windows\System\OIWBKaf.exe
  C:\Windows\System\OIWBKaf.exe
  2⤵
  PID:876
- C:\Windows\System\YvjYIDU.exe
  C:\Windows\System\YvjYIDU.exe
  2⤵
  PID:1600
- C:\Windows\System\UuTMirP.exe
  C:\Windows\System\UuTMirP.exe
  2⤵
  PID:2060
- C:\Windows\System\ZhymrHP.exe
  C:\Windows\System\ZhymrHP.exe
  2⤵
  PID:2800
- C:\Windows\System\tPigjBf.exe
  C:\Windows\System\tPigjBf.exe
  2⤵
  PID:2504
- C:\Windows\System\EDYLpMp.exe
  C:\Windows\System\EDYLpMp.exe
  2⤵
  PID:2312
- C:\Windows\System\CXqIXVx.exe
  C:\Windows\System\CXqIXVx.exe
  2⤵
  PID:484
- C:\Windows\System\AWwmUkN.exe
  C:\Windows\System\AWwmUkN.exe
  2⤵
  PID:980
- C:\Windows\System\XwBUtpX.exe
  C:\Windows\System\XwBUtpX.exe
  2⤵
  PID:2024
- C:\Windows\System\RcbbWdo.exe
  C:\Windows\System\RcbbWdo.exe
  2⤵
  PID:1848
- C:\Windows\System\Hhzynko.exe
  C:\Windows\System\Hhzynko.exe
  2⤵
  PID:3092
- C:\Windows\System\DigopLf.exe
  C:\Windows\System\DigopLf.exe
  2⤵
  PID:3112
- C:\Windows\System\avVeNmB.exe
  C:\Windows\System\avVeNmB.exe
  2⤵
  PID:3132
- C:\Windows\System\cNFIAIN.exe
  C:\Windows\System\cNFIAIN.exe
  2⤵
  PID:3152
- C:\Windows\System\nwCLueB.exe
  C:\Windows\System\nwCLueB.exe
  2⤵
  PID:3172
- C:\Windows\System\hTbXalm.exe
  C:\Windows\System\hTbXalm.exe
  2⤵
  PID:3192
- C:\Windows\System\YrXVjAD.exe
  C:\Windows\System\YrXVjAD.exe
  2⤵
  PID:3212
- C:\Windows\System\HwSmHQd.exe
  C:\Windows\System\HwSmHQd.exe
  2⤵
  PID:3232
- C:\Windows\System\ZgESGWk.exe
  C:\Windows\System\ZgESGWk.exe
  2⤵
  PID:3252
- C:\Windows\System\oomShYj.exe
  C:\Windows\System\oomShYj.exe
  2⤵
  PID:3272
- C:\Windows\System\rPIchgS.exe
  C:\Windows\System\rPIchgS.exe
  2⤵
  PID:3292
- C:\Windows\System\reUjIUL.exe
  C:\Windows\System\reUjIUL.exe
  2⤵
  PID:3312
- C:\Windows\System\RKLOfUq.exe
  C:\Windows\System\RKLOfUq.exe
  2⤵
  PID:3332
- C:\Windows\System\dzPAkOX.exe
  C:\Windows\System\dzPAkOX.exe
  2⤵
  PID:3356
- C:\Windows\System\LczWKON.exe
  C:\Windows\System\LczWKON.exe
  2⤵
  PID:3376
- C:\Windows\System\YlzoFLS.exe
  C:\Windows\System\YlzoFLS.exe
  2⤵
  PID:3396
- C:\Windows\System\HnjGcXI.exe
  C:\Windows\System\HnjGcXI.exe
  2⤵
  PID:3416
- C:\Windows\System\NqMkikW.exe
  C:\Windows\System\NqMkikW.exe
  2⤵
  PID:3436
- C:\Windows\System\vfEGgBZ.exe
  C:\Windows\System\vfEGgBZ.exe
  2⤵
  PID:3456
- C:\Windows\System\SBCuobU.exe
  C:\Windows\System\SBCuobU.exe
  2⤵
  PID:3476
- C:\Windows\System\fsZodrG.exe
  C:\Windows\System\fsZodrG.exe
  2⤵
  PID:3496
- C:\Windows\System\tehGvaI.exe
  C:\Windows\System\tehGvaI.exe
  2⤵
  PID:3516
- C:\Windows\System\CoCPFdN.exe
  C:\Windows\System\CoCPFdN.exe
  2⤵
  PID:3536
- C:\Windows\System\ahqfIam.exe
  C:\Windows\System\ahqfIam.exe
  2⤵
  PID:3556
- C:\Windows\System\nHnWWKZ.exe
  C:\Windows\System\nHnWWKZ.exe
  2⤵
  PID:3576
- C:\Windows\System\DccvJnY.exe
  C:\Windows\System\DccvJnY.exe
  2⤵
  PID:3596
- C:\Windows\System\JglruOO.exe
  C:\Windows\System\JglruOO.exe
  2⤵
  PID:3616
- C:\Windows\System\MgDmMIu.exe
  C:\Windows\System\MgDmMIu.exe
  2⤵
  PID:3636
- C:\Windows\System\scMeVNG.exe
  C:\Windows\System\scMeVNG.exe
  2⤵
  PID:3656
- C:\Windows\System\PLbpSCk.exe
  C:\Windows\System\PLbpSCk.exe
  2⤵
  PID:3676
- C:\Windows\System\yzclkVq.exe
  C:\Windows\System\yzclkVq.exe
  2⤵
  PID:3696
- C:\Windows\System\PLrBFyw.exe
  C:\Windows\System\PLrBFyw.exe
  2⤵
  PID:3716
- C:\Windows\System\nqiGmzY.exe
  C:\Windows\System\nqiGmzY.exe
  2⤵
  PID:3736
- C:\Windows\System\ZbsBbPM.exe
  C:\Windows\System\ZbsBbPM.exe
  2⤵
  PID:3756
- C:\Windows\System\QypRxtl.exe
  C:\Windows\System\QypRxtl.exe
  2⤵
  PID:3776
- C:\Windows\System\AHDAXoD.exe
  C:\Windows\System\AHDAXoD.exe
  2⤵
  PID:3796
- C:\Windows\System\xnGOFez.exe
  C:\Windows\System\xnGOFez.exe
  2⤵
  PID:3816
- C:\Windows\System\SeXrVNe.exe
  C:\Windows\System\SeXrVNe.exe
  2⤵
  PID:3836
- C:\Windows\System\XwQGiBZ.exe
  C:\Windows\System\XwQGiBZ.exe
  2⤵
  PID:3856
- C:\Windows\System\MHBLUVz.exe
  C:\Windows\System\MHBLUVz.exe
  2⤵
  PID:3876
- C:\Windows\System\UiPJzXR.exe
  C:\Windows\System\UiPJzXR.exe
  2⤵
  PID:3896
- C:\Windows\System\lkZOzNA.exe
  C:\Windows\System\lkZOzNA.exe
  2⤵
  PID:3916
- C:\Windows\System\EBMPeaO.exe
  C:\Windows\System\EBMPeaO.exe
  2⤵
  PID:3936
- C:\Windows\System\rWtnEwJ.exe
  C:\Windows\System\rWtnEwJ.exe
  2⤵
  PID:3956
- C:\Windows\System\zFKqbdI.exe
  C:\Windows\System\zFKqbdI.exe
  2⤵
  PID:3980
- C:\Windows\System\IKjgQaD.exe
  C:\Windows\System\IKjgQaD.exe
  2⤵
  PID:4000
- C:\Windows\System\gFxaHpm.exe
  C:\Windows\System\gFxaHpm.exe
  2⤵
  PID:4020
- C:\Windows\System\IGWTuTm.exe
  C:\Windows\System\IGWTuTm.exe
  2⤵
  PID:4040
- C:\Windows\System\nBvfRoA.exe
  C:\Windows\System\nBvfRoA.exe
  2⤵
  PID:4060
- C:\Windows\System\mkiLppw.exe
  C:\Windows\System\mkiLppw.exe
  2⤵
  PID:4076
- C:\Windows\System\mNCYSbC.exe
  C:\Windows\System\mNCYSbC.exe
  2⤵
  PID:1708
- C:\Windows\System\XNzaNco.exe
  C:\Windows\System\XNzaNco.exe
  2⤵
  PID:1968
- C:\Windows\System\bhjXsFw.exe
  C:\Windows\System\bhjXsFw.exe
  2⤵
  PID:292
- C:\Windows\System\miuJqiA.exe
  C:\Windows\System\miuJqiA.exe
  2⤵
  PID:804
- C:\Windows\System\gwQEFdX.exe
  C:\Windows\System\gwQEFdX.exe
  2⤵
  PID:1692
- C:\Windows\System\hWCWXSE.exe
  C:\Windows\System\hWCWXSE.exe
  2⤵
  PID:2608
- C:\Windows\System\tWhImDX.exe
  C:\Windows\System\tWhImDX.exe
  2⤵
  PID:536
- C:\Windows\System\pZLVCkw.exe
  C:\Windows\System\pZLVCkw.exe
  2⤵
  PID:3000
- C:\Windows\System\dHbbmiX.exe
  C:\Windows\System\dHbbmiX.exe
  2⤵
  PID:3080
- C:\Windows\System\ZZzgTIz.exe
  C:\Windows\System\ZZzgTIz.exe
  2⤵
  PID:3120
- C:\Windows\System\MrbkhzJ.exe
  C:\Windows\System\MrbkhzJ.exe
  2⤵
  PID:3108
- C:\Windows\System\ucPWWfL.exe
  C:\Windows\System\ucPWWfL.exe
  2⤵
  PID:3148
- C:\Windows\System\IOTuEfm.exe
  C:\Windows\System\IOTuEfm.exe
  2⤵
  PID:3204
- C:\Windows\System\yrpTbcm.exe
  C:\Windows\System\yrpTbcm.exe
  2⤵
  PID:3228
- C:\Windows\System\fgWbIAE.exe
  C:\Windows\System\fgWbIAE.exe
  2⤵
  PID:3268
- C:\Windows\System\dtrGnPm.exe
  C:\Windows\System\dtrGnPm.exe
  2⤵
  PID:3320
- C:\Windows\System\vVBYTEr.exe
  C:\Windows\System\vVBYTEr.exe
  2⤵
  PID:3304
- C:\Windows\System\KGMYrJC.exe
  C:\Windows\System\KGMYrJC.exe
  2⤵
  PID:3352
- C:\Windows\System\ouVgjeC.exe
  C:\Windows\System\ouVgjeC.exe
  2⤵
  PID:3412
- C:\Windows\System\iJLZtgZ.exe
  C:\Windows\System\iJLZtgZ.exe
  2⤵
  PID:3452
- C:\Windows\System\RassKXo.exe
  C:\Windows\System\RassKXo.exe
  2⤵
  PID:3492
- C:\Windows\System\AVLRyRN.exe
  C:\Windows\System\AVLRyRN.exe
  2⤵
  PID:3504
- C:\Windows\System\HUvOXsE.exe
  C:\Windows\System\HUvOXsE.exe
  2⤵
  PID:3508
- C:\Windows\System\HoFZVhd.exe
  C:\Windows\System\HoFZVhd.exe
  2⤵
  PID:3552
- C:\Windows\System\yHBHTdF.exe
  C:\Windows\System\yHBHTdF.exe
  2⤵
  PID:3608
- C:\Windows\System\qIqgCdC.exe
  C:\Windows\System\qIqgCdC.exe
  2⤵
  PID:3628
- C:\Windows\System\deiwZxa.exe
  C:\Windows\System\deiwZxa.exe
  2⤵
  PID:3692
- C:\Windows\System\mQBucEj.exe
  C:\Windows\System\mQBucEj.exe
  2⤵
  PID:3732
- C:\Windows\System\AsEYnOW.exe
  C:\Windows\System\AsEYnOW.exe
  2⤵
  PID:3744
- C:\Windows\System\DyYJiVM.exe
  C:\Windows\System\DyYJiVM.exe
  2⤵
  PID:3748
- C:\Windows\System\CiDznEL.exe
  C:\Windows\System\CiDznEL.exe
  2⤵
  PID:3792
- C:\Windows\System\BUhoEgx.exe
  C:\Windows\System\BUhoEgx.exe
  2⤵
  PID:3828
- C:\Windows\System\YxhApMb.exe
  C:\Windows\System\YxhApMb.exe
  2⤵
  PID:3864
- C:\Windows\System\jHdDBps.exe
  C:\Windows\System\jHdDBps.exe
  2⤵
  PID:3924
- C:\Windows\System\LIxCldu.exe
  C:\Windows\System\LIxCldu.exe
  2⤵
  PID:3944
- C:\Windows\System\kTEZFHX.exe
  C:\Windows\System\kTEZFHX.exe
  2⤵
  PID:3952
- C:\Windows\System\IiEYEYV.exe
  C:\Windows\System\IiEYEYV.exe
  2⤵
  PID:4016
- C:\Windows\System\TwLhxno.exe
  C:\Windows\System\TwLhxno.exe
  2⤵
  PID:4032
- C:\Windows\System\VSRQUvj.exe
  C:\Windows\System\VSRQUvj.exe
  2⤵
  PID:984
- C:\Windows\System\jLFfwbb.exe
  C:\Windows\System\jLFfwbb.exe
  2⤵
  PID:2496
- C:\Windows\System\TxFyQxx.exe
  C:\Windows\System\TxFyQxx.exe
  2⤵
  PID:2080
- C:\Windows\System\MYhYNAZ.exe
  C:\Windows\System\MYhYNAZ.exe
  2⤵
  PID:1596
- C:\Windows\System\fVyxptI.exe
  C:\Windows\System\fVyxptI.exe
  2⤵
  PID:1928
- C:\Windows\System\JmHLxFM.exe
  C:\Windows\System\JmHLxFM.exe
  2⤵
  PID:1480
- C:\Windows\System\BuUDpVP.exe
  C:\Windows\System\BuUDpVP.exe
  2⤵
  PID:3084
- C:\Windows\System\SovlIMh.exe
  C:\Windows\System\SovlIMh.exe
  2⤵
  PID:3208
- C:\Windows\System\kLMUaSA.exe
  C:\Windows\System\kLMUaSA.exe
  2⤵
  PID:3184
- C:\Windows\System\AHgXvRR.exe
  C:\Windows\System\AHgXvRR.exe
  2⤵
  PID:3240
- C:\Windows\System\dfxqvQU.exe
  C:\Windows\System\dfxqvQU.exe
  2⤵
  PID:3324
- C:\Windows\System\OBcHwCT.exe
  C:\Windows\System\OBcHwCT.exe
  2⤵
  PID:3404
- C:\Windows\System\EwhxeWl.exe
  C:\Windows\System\EwhxeWl.exe
  2⤵
  PID:3432
- C:\Windows\System\NPmFKvJ.exe
  C:\Windows\System\NPmFKvJ.exe
  2⤵
  PID:3512
- C:\Windows\System\DqpqNkr.exe
  C:\Windows\System\DqpqNkr.exe
  2⤵
  PID:3572
- C:\Windows\System\SUXIQnR.exe
  C:\Windows\System\SUXIQnR.exe
  2⤵
  PID:3612
- C:\Windows\System\iCLXZJS.exe
  C:\Windows\System\iCLXZJS.exe
  2⤵
  PID:3648
- C:\Windows\System\nzEujer.exe
  C:\Windows\System\nzEujer.exe
  2⤵
  PID:3712
- C:\Windows\System\hecafWs.exe
  C:\Windows\System\hecafWs.exe
  2⤵
  PID:3784
- C:\Windows\System\OvLRjth.exe
  C:\Windows\System\OvLRjth.exe
  2⤵
  PID:3892
- C:\Windows\System\QxKcGVC.exe
  C:\Windows\System\QxKcGVC.exe
  2⤵
  PID:3904
- C:\Windows\System\GouFshQ.exe
  C:\Windows\System\GouFshQ.exe
  2⤵
  PID:3972
- C:\Windows\System\SWwAeCl.exe
  C:\Windows\System\SWwAeCl.exe
  2⤵
  PID:3996
- C:\Windows\System\tpxMPTQ.exe
  C:\Windows\System\tpxMPTQ.exe
  2⤵
  PID:4052
- C:\Windows\System\FixQPDP.exe
  C:\Windows\System\FixQPDP.exe
  2⤵
  PID:4088
- C:\Windows\System\fLYrVzR.exe
  C:\Windows\System\fLYrVzR.exe
  2⤵
  PID:2732
- C:\Windows\System\onwZEIp.exe
  C:\Windows\System\onwZEIp.exe
  2⤵
  PID:2016
- C:\Windows\System\FcIOERz.exe
  C:\Windows\System\FcIOERz.exe
  2⤵
  PID:3124
- C:\Windows\System\nwKPoYJ.exe
  C:\Windows\System\nwKPoYJ.exe
  2⤵
  PID:3164
- C:\Windows\System\fYPpsKK.exe
  C:\Windows\System\fYPpsKK.exe
  2⤵
  PID:3284
- C:\Windows\System\JdKSHvo.exe
  C:\Windows\System\JdKSHvo.exe
  2⤵
  PID:3428
- C:\Windows\System\teDqJAn.exe
  C:\Windows\System\teDqJAn.exe
  2⤵
  PID:3472
- C:\Windows\System\KlEdlVq.exe
  C:\Windows\System\KlEdlVq.exe
  2⤵
  PID:3588
- C:\Windows\System\kyLWJIX.exe
  C:\Windows\System\kyLWJIX.exe
  2⤵
  PID:3724
- C:\Windows\System\UjSTbEe.exe
  C:\Windows\System\UjSTbEe.exe
  2⤵
  PID:3668
- C:\Windows\System\tQdXoMv.exe
  C:\Windows\System\tQdXoMv.exe
  2⤵
  PID:3872
- C:\Windows\System\YkfWCcB.exe
  C:\Windows\System\YkfWCcB.exe
  2⤵
  PID:4112
- C:\Windows\System\wzPQPsY.exe
  C:\Windows\System\wzPQPsY.exe
  2⤵
  PID:4132
- C:\Windows\System\Qqbfbwq.exe
  C:\Windows\System\Qqbfbwq.exe
  2⤵
  PID:4152
- C:\Windows\System\rSIvGtP.exe
  C:\Windows\System\rSIvGtP.exe
  2⤵
  PID:4172
- C:\Windows\System\bjbpjmb.exe
  C:\Windows\System\bjbpjmb.exe
  2⤵
  PID:4192
- C:\Windows\System\xOYfdrJ.exe
  C:\Windows\System\xOYfdrJ.exe
  2⤵
  PID:4212
- C:\Windows\System\PGqHeso.exe
  C:\Windows\System\PGqHeso.exe
  2⤵
  PID:4232
- C:\Windows\System\hpOryNx.exe
  C:\Windows\System\hpOryNx.exe
  2⤵
  PID:4252
- C:\Windows\System\SpPwEqY.exe
  C:\Windows\System\SpPwEqY.exe
  2⤵
  PID:4272
- C:\Windows\System\fXwndpK.exe
  C:\Windows\System\fXwndpK.exe
  2⤵
  PID:4292
- C:\Windows\System\IIVVyzH.exe
  C:\Windows\System\IIVVyzH.exe
  2⤵
  PID:4312
- C:\Windows\System\SFJQXMl.exe
  C:\Windows\System\SFJQXMl.exe
  2⤵
  PID:4332
- C:\Windows\System\hYgzRnz.exe
  C:\Windows\System\hYgzRnz.exe
  2⤵
  PID:4352
- C:\Windows\System\hxECpza.exe
  C:\Windows\System\hxECpza.exe
  2⤵
  PID:4372
- C:\Windows\System\yqgJDci.exe
  C:\Windows\System\yqgJDci.exe
  2⤵
  PID:4396
- C:\Windows\System\ArLWteP.exe
  C:\Windows\System\ArLWteP.exe
  2⤵
  PID:4416
- C:\Windows\System\bWvdDby.exe
  C:\Windows\System\bWvdDby.exe
  2⤵
  PID:4436
- C:\Windows\System\vmZKCpm.exe
  C:\Windows\System\vmZKCpm.exe
  2⤵
  PID:4456
- C:\Windows\System\npdxAqg.exe
  C:\Windows\System\npdxAqg.exe
  2⤵
  PID:4476
- C:\Windows\System\GnpuNQy.exe
  C:\Windows\System\GnpuNQy.exe
  2⤵
  PID:4496
- C:\Windows\System\iNjkNyJ.exe
  C:\Windows\System\iNjkNyJ.exe
  2⤵
  PID:4516
- C:\Windows\System\uAUXegN.exe
  C:\Windows\System\uAUXegN.exe
  2⤵
  PID:4536
- C:\Windows\System\pDIXcCL.exe
  C:\Windows\System\pDIXcCL.exe
  2⤵
  PID:4556
- C:\Windows\System\mUniXrl.exe
  C:\Windows\System\mUniXrl.exe
  2⤵
  PID:4576
- C:\Windows\System\OSMcZcL.exe
  C:\Windows\System\OSMcZcL.exe
  2⤵
  PID:4596
- C:\Windows\System\jzHcuOa.exe
  C:\Windows\System\jzHcuOa.exe
  2⤵
  PID:4616
- C:\Windows\System\PiJbHuD.exe
  C:\Windows\System\PiJbHuD.exe
  2⤵
  PID:4636
- C:\Windows\System\UkYOflN.exe
  C:\Windows\System\UkYOflN.exe
  2⤵
  PID:4656
- C:\Windows\System\elVrjNH.exe
  C:\Windows\System\elVrjNH.exe
  2⤵
  PID:4676
- C:\Windows\System\JLYKbbG.exe
  C:\Windows\System\JLYKbbG.exe
  2⤵
  PID:4692
- C:\Windows\System\xHSiBek.exe
  C:\Windows\System\xHSiBek.exe
  2⤵
  PID:4716
- C:\Windows\System\LyzAfEZ.exe
  C:\Windows\System\LyzAfEZ.exe
  2⤵
  PID:4736
- C:\Windows\System\MjovhED.exe
  C:\Windows\System\MjovhED.exe
  2⤵
  PID:4760
- C:\Windows\System\UEUfDHz.exe
  C:\Windows\System\UEUfDHz.exe
  2⤵
  PID:4780
- C:\Windows\System\NPKSKpp.exe
  C:\Windows\System\NPKSKpp.exe
  2⤵
  PID:4800
- C:\Windows\System\hxdBuHq.exe
  C:\Windows\System\hxdBuHq.exe
  2⤵
  PID:4816
- C:\Windows\System\OsvCMTn.exe
  C:\Windows\System\OsvCMTn.exe
  2⤵
  PID:4840
- C:\Windows\System\BlfafvH.exe
  C:\Windows\System\BlfafvH.exe
  2⤵
  PID:4860
- C:\Windows\System\xErbwNO.exe
  C:\Windows\System\xErbwNO.exe
  2⤵
  PID:4880
- C:\Windows\System\XVEFdMs.exe
  C:\Windows\System\XVEFdMs.exe
  2⤵
  PID:4900
- C:\Windows\System\tWPyHBr.exe
  C:\Windows\System\tWPyHBr.exe
  2⤵
  PID:4920
- C:\Windows\System\ofhUVya.exe
  C:\Windows\System\ofhUVya.exe
  2⤵
  PID:4940
- C:\Windows\System\tngVBLO.exe
  C:\Windows\System\tngVBLO.exe
  2⤵
  PID:4960
- C:\Windows\System\UAtyOzF.exe
  C:\Windows\System\UAtyOzF.exe
  2⤵
  PID:4980
- C:\Windows\System\AekeUlj.exe
  C:\Windows\System\AekeUlj.exe
  2⤵
  PID:5000
- C:\Windows\System\ozyVvLg.exe
  C:\Windows\System\ozyVvLg.exe
  2⤵
  PID:5020
- C:\Windows\System\rLBtezZ.exe
  C:\Windows\System\rLBtezZ.exe
  2⤵
  PID:5040
- C:\Windows\System\vlfhaiX.exe
  C:\Windows\System\vlfhaiX.exe
  2⤵
  PID:5056
- C:\Windows\System\jCKYWoq.exe
  C:\Windows\System\jCKYWoq.exe
  2⤵
  PID:5080
- C:\Windows\System\PJCzHat.exe
  C:\Windows\System\PJCzHat.exe
  2⤵
  PID:5100
- C:\Windows\System\ykSgVEi.exe
  C:\Windows\System\ykSgVEi.exe
  2⤵
  PID:4008
- C:\Windows\System\SrBmBZK.exe
  C:\Windows\System\SrBmBZK.exe
  2⤵
  PID:3912
- C:\Windows\System\XyYZcgA.exe
  C:\Windows\System\XyYZcgA.exe
  2⤵
  PID:4056
- C:\Windows\System\GsZxFYE.exe
  C:\Windows\System\GsZxFYE.exe
  2⤵
  PID:1124
- C:\Windows\System\JNfnsuD.exe
  C:\Windows\System\JNfnsuD.exe
  2⤵
  PID:3168
- C:\Windows\System\FGfVkxy.exe
  C:\Windows\System\FGfVkxy.exe
  2⤵
  PID:3372
- C:\Windows\System\tRhCsKn.exe
  C:\Windows\System\tRhCsKn.exe
  2⤵
  PID:3532
- C:\Windows\System\YKFcYIs.exe
  C:\Windows\System\YKFcYIs.exe
  2⤵
  PID:3424
- C:\Windows\System\vDTKWpr.exe
  C:\Windows\System\vDTKWpr.exe
  2⤵
  PID:3568
- C:\Windows\System\Ghtqkne.exe
  C:\Windows\System\Ghtqkne.exe
  2⤵
  PID:4108
- C:\Windows\System\vjNOKsB.exe
  C:\Windows\System\vjNOKsB.exe
  2⤵
  PID:4148
- C:\Windows\System\JFSjsIj.exe
  C:\Windows\System\JFSjsIj.exe
  2⤵
  PID:4180
- C:\Windows\System\YGlTfvr.exe
  C:\Windows\System\YGlTfvr.exe
  2⤵
  PID:4220
- C:\Windows\System\awqFGEr.exe
  C:\Windows\System\awqFGEr.exe
  2⤵
  PID:4204
- C:\Windows\System\TPHTgNv.exe
  C:\Windows\System\TPHTgNv.exe
  2⤵
  PID:4248
- C:\Windows\System\TNUxByd.exe
  C:\Windows\System\TNUxByd.exe
  2⤵
  PID:4284
- C:\Windows\System\FDTmWqm.exe
  C:\Windows\System\FDTmWqm.exe
  2⤵
  PID:4324
- C:\Windows\System\IEIonnI.exe
  C:\Windows\System\IEIonnI.exe
  2⤵
  PID:4380
- C:\Windows\System\vJgTUxW.exe
  C:\Windows\System\vJgTUxW.exe
  2⤵
  PID:4404
- C:\Windows\System\AYJijfi.exe
  C:\Windows\System\AYJijfi.exe
  2⤵
  PID:4428
- C:\Windows\System\Ymsvwqc.exe
  C:\Windows\System\Ymsvwqc.exe
  2⤵
  PID:4472
- C:\Windows\System\zCMkVBR.exe
  C:\Windows\System\zCMkVBR.exe
  2⤵
  PID:4508
- C:\Windows\System\yqcbVpL.exe
  C:\Windows\System\yqcbVpL.exe
  2⤵
  PID:2808
- C:\Windows\System\wNqaLrD.exe
  C:\Windows\System\wNqaLrD.exe
  2⤵
  PID:4548
- C:\Windows\System\qjwtOyr.exe
  C:\Windows\System\qjwtOyr.exe
  2⤵
  PID:2876
- C:\Windows\System\wRktSsD.exe
  C:\Windows\System\wRktSsD.exe
  2⤵
  PID:4632
- C:\Windows\System\bzlMaoJ.exe
  C:\Windows\System\bzlMaoJ.exe
  2⤵
  PID:4664
- C:\Windows\System\oFmWhjr.exe
  C:\Windows\System\oFmWhjr.exe
  2⤵
  PID:4648
- C:\Windows\System\aRkBdYn.exe
  C:\Windows\System\aRkBdYn.exe
  2⤵
  PID:4712
- C:\Windows\System\pNvMQHh.exe
  C:\Windows\System\pNvMQHh.exe
  2⤵
  PID:4748
- C:\Windows\System\zxgYlAE.exe
  C:\Windows\System\zxgYlAE.exe
  2⤵
  PID:4792
- C:\Windows\System\NXtBNyB.exe
  C:\Windows\System\NXtBNyB.exe
  2⤵
  PID:4832
- C:\Windows\System\MUAlxtT.exe
  C:\Windows\System\MUAlxtT.exe
  2⤵
  PID:4808
- C:\Windows\System\tvgUrVT.exe
  C:\Windows\System\tvgUrVT.exe
  2⤵
  PID:4876
- C:\Windows\System\CjxBsae.exe
  C:\Windows\System\CjxBsae.exe
  2⤵
  PID:4892
- C:\Windows\System\WqrJYUe.exe
  C:\Windows\System\WqrJYUe.exe
  2⤵
  PID:4928
- C:\Windows\System\bhTHVkD.exe
  C:\Windows\System\bhTHVkD.exe
  2⤵
  PID:4996
- C:\Windows\System\PSgkopn.exe
  C:\Windows\System\PSgkopn.exe
  2⤵
  PID:5008
- C:\Windows\System\DtiYlWJ.exe
  C:\Windows\System\DtiYlWJ.exe
  2⤵
  PID:5032
- C:\Windows\System\aCTthnf.exe
  C:\Windows\System\aCTthnf.exe
  2⤵
  PID:5076
- C:\Windows\System\FcidegC.exe
  C:\Windows\System\FcidegC.exe
  2⤵
  PID:5116
- C:\Windows\System\YvWJwpN.exe
  C:\Windows\System\YvWJwpN.exe
  2⤵
  PID:4072
- C:\Windows\System\HsKuaOX.exe
  C:\Windows\System\HsKuaOX.exe
  2⤵
  PID:3908
- C:\Windows\System\tYTUrTS.exe
  C:\Windows\System\tYTUrTS.exe
  2⤵
  PID:2096
- C:\Windows\System\bbQbfkF.exe
  C:\Windows\System\bbQbfkF.exe
  2⤵
  PID:3260
- C:\Windows\System\MCIQJwe.exe
  C:\Windows\System\MCIQJwe.exe
  2⤵
  PID:3684
- C:\Windows\System\UzUfpLw.exe
  C:\Windows\System\UzUfpLw.exe
  2⤵
  PID:4140
- C:\Windows\System\iKRrOye.exe
  C:\Windows\System\iKRrOye.exe
  2⤵
  PID:4124
- C:\Windows\System\gNXpXYF.exe
  C:\Windows\System\gNXpXYF.exe
  2⤵
  PID:4128
- C:\Windows\System\YZcmORx.exe
  C:\Windows\System\YZcmORx.exe
  2⤵
  PID:4208
- C:\Windows\System\lsilQhs.exe
  C:\Windows\System\lsilQhs.exe
  2⤵
  PID:4280
- C:\Windows\System\BkCpjca.exe
  C:\Windows\System\BkCpjca.exe
  2⤵
  PID:4364
- C:\Windows\System\SJqdeLI.exe
  C:\Windows\System\SJqdeLI.exe
  2⤵
  PID:4348
- C:\Windows\System\NznaaGD.exe
  C:\Windows\System\NznaaGD.exe
  2⤵
  PID:4448
- C:\Windows\System\lmgqoIj.exe
  C:\Windows\System\lmgqoIj.exe
  2⤵
  PID:4524
- C:\Windows\System\MmCXPHC.exe
  C:\Windows\System\MmCXPHC.exe
  2⤵
  PID:4484
- C:\Windows\System\JUzjZSC.exe
  C:\Windows\System\JUzjZSC.exe
  2⤵
  PID:4544
- C:\Windows\System\xcRkesd.exe
  C:\Windows\System\xcRkesd.exe
  2⤵
  PID:4624
- C:\Windows\System\yhXWSrS.exe
  C:\Windows\System\yhXWSrS.exe
  2⤵
  PID:4644
- C:\Windows\System\mdgiEoa.exe
  C:\Windows\System\mdgiEoa.exe
  2⤵
  PID:4788
- C:\Windows\System\JYjNYSZ.exe
  C:\Windows\System\JYjNYSZ.exe
  2⤵
  PID:4848
- C:\Windows\System\WRbcxCh.exe
  C:\Windows\System\WRbcxCh.exe
  2⤵
  PID:4856
- C:\Windows\System\IycDGGO.exe
  C:\Windows\System\IycDGGO.exe
  2⤵
  PID:4912
- C:\Windows\System\FmbtUNJ.exe
  C:\Windows\System\FmbtUNJ.exe
  2⤵
  PID:4952
- C:\Windows\System\oPnXUpw.exe
  C:\Windows\System\oPnXUpw.exe
  2⤵
  PID:4968
- C:\Windows\System\DNuAalK.exe
  C:\Windows\System\DNuAalK.exe
  2⤵
  PID:5068
- C:\Windows\System\FetneDF.exe
  C:\Windows\System\FetneDF.exe
  2⤵
  PID:3040
- C:\Windows\System\DONXZWj.exe
  C:\Windows\System\DONXZWj.exe
  2⤵
  PID:872
- C:\Windows\System\baPFKSI.exe
  C:\Windows\System\baPFKSI.exe
  2⤵
  PID:3100
- C:\Windows\System\PReKXkj.exe
  C:\Windows\System\PReKXkj.exe
  2⤵
  PID:5136
- C:\Windows\System\NPPXwwq.exe
  C:\Windows\System\NPPXwwq.exe
  2⤵
  PID:5156
- C:\Windows\System\uEcVqwW.exe
  C:\Windows\System\uEcVqwW.exe
  2⤵
  PID:5176
- C:\Windows\System\ocqmFba.exe
  C:\Windows\System\ocqmFba.exe
  2⤵
  PID:5196
- C:\Windows\System\vQsiSDj.exe
  C:\Windows\System\vQsiSDj.exe
  2⤵
  PID:5216
- C:\Windows\System\JuCsVtK.exe
  C:\Windows\System\JuCsVtK.exe
  2⤵
  PID:5236
- C:\Windows\System\kVsNPro.exe
  C:\Windows\System\kVsNPro.exe
  2⤵
  PID:5256
- C:\Windows\System\cAlUhMQ.exe
  C:\Windows\System\cAlUhMQ.exe
  2⤵
  PID:5276
- C:\Windows\System\GHzJsrV.exe
  C:\Windows\System\GHzJsrV.exe
  2⤵
  PID:5296
- C:\Windows\System\TQNrGeC.exe
  C:\Windows\System\TQNrGeC.exe
  2⤵
  PID:5316
- C:\Windows\System\drzMGqR.exe
  C:\Windows\System\drzMGqR.exe
  2⤵
  PID:5336
- C:\Windows\System\RjGUFDY.exe
  C:\Windows\System\RjGUFDY.exe
  2⤵
  PID:5356
- C:\Windows\System\xPBBebb.exe
  C:\Windows\System\xPBBebb.exe
  2⤵
  PID:5376
- C:\Windows\System\LvCObyP.exe
  C:\Windows\System\LvCObyP.exe
  2⤵
  PID:5396
- C:\Windows\System\sQVUZmI.exe
  C:\Windows\System\sQVUZmI.exe
  2⤵
  PID:5416
- C:\Windows\System\IPInAJP.exe
  C:\Windows\System\IPInAJP.exe
  2⤵
  PID:5436
- C:\Windows\System\qQUAoUe.exe
  C:\Windows\System\qQUAoUe.exe
  2⤵
  PID:5456
- C:\Windows\System\pxREHMj.exe
  C:\Windows\System\pxREHMj.exe
  2⤵
  PID:5476
- C:\Windows\System\qWNKAzL.exe
  C:\Windows\System\qWNKAzL.exe
  2⤵
  PID:5496
- C:\Windows\System\lvHICsz.exe
  C:\Windows\System\lvHICsz.exe
  2⤵
  PID:5520
- C:\Windows\System\hVoVfys.exe
  C:\Windows\System\hVoVfys.exe
  2⤵
  PID:5540
- C:\Windows\System\KDYiUOK.exe
  C:\Windows\System\KDYiUOK.exe
  2⤵
  PID:5560
- C:\Windows\System\ahTQOwZ.exe
  C:\Windows\System\ahTQOwZ.exe
  2⤵
  PID:5576
- C:\Windows\System\isgBOVy.exe
  C:\Windows\System\isgBOVy.exe
  2⤵
  PID:5596
- C:\Windows\System\Pbaczfw.exe
  C:\Windows\System\Pbaczfw.exe
  2⤵
  PID:5616
- C:\Windows\System\dtdvfsH.exe
  C:\Windows\System\dtdvfsH.exe
  2⤵
  PID:5640
- C:\Windows\System\CbTqYqq.exe
  C:\Windows\System\CbTqYqq.exe
  2⤵
  PID:5656
- C:\Windows\System\AtDTaAT.exe
  C:\Windows\System\AtDTaAT.exe
  2⤵
  PID:5680
- C:\Windows\System\InvrvUr.exe
  C:\Windows\System\InvrvUr.exe
  2⤵
  PID:5700
- C:\Windows\System\DJIEGHa.exe
  C:\Windows\System\DJIEGHa.exe
  2⤵
  PID:5720
- C:\Windows\System\otUKajY.exe
  C:\Windows\System\otUKajY.exe
  2⤵
  PID:5740
- C:\Windows\System\NyQcUBm.exe
  C:\Windows\System\NyQcUBm.exe
  2⤵
  PID:5760
- C:\Windows\System\vaYhtGS.exe
  C:\Windows\System\vaYhtGS.exe
  2⤵
  PID:5780
- C:\Windows\System\mKjHFnR.exe
  C:\Windows\System\mKjHFnR.exe
  2⤵
  PID:5800
- C:\Windows\System\uqFZOtA.exe
  C:\Windows\System\uqFZOtA.exe
  2⤵
  PID:5820
- C:\Windows\System\pHZNpZS.exe
  C:\Windows\System\pHZNpZS.exe
  2⤵
  PID:5840
- C:\Windows\System\pZKPGmU.exe
  C:\Windows\System\pZKPGmU.exe
  2⤵
  PID:5860
- C:\Windows\System\ViIiqAC.exe
  C:\Windows\System\ViIiqAC.exe
  2⤵
  PID:5880
- C:\Windows\System\zPdweWA.exe
  C:\Windows\System\zPdweWA.exe
  2⤵
  PID:5900
- C:\Windows\System\BknMkwN.exe
  C:\Windows\System\BknMkwN.exe
  2⤵
  PID:5920
- C:\Windows\System\encJPfo.exe
  C:\Windows\System\encJPfo.exe
  2⤵
  PID:5940
- C:\Windows\System\mRoqpVV.exe
  C:\Windows\System\mRoqpVV.exe
  2⤵
  PID:5960
- C:\Windows\System\tXsTMnb.exe
  C:\Windows\System\tXsTMnb.exe
  2⤵
  PID:5980
- C:\Windows\System\FNwqIeV.exe
  C:\Windows\System\FNwqIeV.exe
  2⤵
  PID:6000
- C:\Windows\System\nZUQJoc.exe
  C:\Windows\System\nZUQJoc.exe
  2⤵
  PID:6020
- C:\Windows\System\rsgMGlW.exe
  C:\Windows\System\rsgMGlW.exe
  2⤵
  PID:6040
- C:\Windows\System\SYPWrBX.exe
  C:\Windows\System\SYPWrBX.exe
  2⤵
  PID:6060
- C:\Windows\System\PFasnHs.exe
  C:\Windows\System\PFasnHs.exe
  2⤵
  PID:6080
- C:\Windows\System\CyFWwXq.exe
  C:\Windows\System\CyFWwXq.exe
  2⤵
  PID:6100
- C:\Windows\System\DTwkhHA.exe
  C:\Windows\System\DTwkhHA.exe
  2⤵
  PID:6120
- C:\Windows\System\fdkfKmW.exe
  C:\Windows\System\fdkfKmW.exe
  2⤵
  PID:6140
- C:\Windows\System\wUGHFsn.exe
  C:\Windows\System\wUGHFsn.exe
  2⤵
  PID:3384
- C:\Windows\System\fAavEPk.exe
  C:\Windows\System\fAavEPk.exe
  2⤵
  PID:3768
- C:\Windows\System\NsCKtaB.exe
  C:\Windows\System\NsCKtaB.exe
  2⤵
  PID:4224
- C:\Windows\System\fxoRAUR.exe
  C:\Windows\System\fxoRAUR.exe
  2⤵
  PID:4388
- C:\Windows\System\nFnljag.exe
  C:\Windows\System\nFnljag.exe
  2⤵
  PID:4344
- C:\Windows\System\TLtlICs.exe
  C:\Windows\System\TLtlICs.exe
  2⤵
  PID:4432
- C:\Windows\System\nvmAWVg.exe
  C:\Windows\System\nvmAWVg.exe
  2⤵
  PID:4552
- C:\Windows\System\eeFMjhU.exe
  C:\Windows\System\eeFMjhU.exe
  2⤵
  PID:4568
- C:\Windows\System\sBkJfJK.exe
  C:\Windows\System\sBkJfJK.exe
  2⤵
  PID:4744
- C:\Windows\System\MXILdGO.exe
  C:\Windows\System\MXILdGO.exe
  2⤵
  PID:4756
- C:\Windows\System\zSamXbZ.exe
  C:\Windows\System\zSamXbZ.exe
  2⤵
  PID:4824
- C:\Windows\System\yWsWFbM.exe
  C:\Windows\System\yWsWFbM.exe
  2⤵
  PID:4988
- C:\Windows\System\hoQLzfs.exe
  C:\Windows\System\hoQLzfs.exe
  2⤵
  PID:1576
- C:\Windows\System\Tlweynp.exe
  C:\Windows\System\Tlweynp.exe
  2⤵
  PID:5108
- C:\Windows\System\LPELMxG.exe
  C:\Windows\System\LPELMxG.exe
  2⤵
  PID:3244
- C:\Windows\System\jZIWCtu.exe
  C:\Windows\System\jZIWCtu.exe
  2⤵
  PID:5132
- C:\Windows\System\XlBnYgf.exe
  C:\Windows\System\XlBnYgf.exe
  2⤵
  PID:5172
- C:\Windows\System\MDMwFms.exe
  C:\Windows\System\MDMwFms.exe
  2⤵
  PID:5212
- C:\Windows\System\OEZqnIv.exe
  C:\Windows\System\OEZqnIv.exe
  2⤵
  PID:5244
- C:\Windows\System\NrpzjPe.exe
  C:\Windows\System\NrpzjPe.exe
  2⤵
  PID:5284
- C:\Windows\System\UTjyJfk.exe
  C:\Windows\System\UTjyJfk.exe
  2⤵
  PID:5308
- C:\Windows\System\ojmErGr.exe
  C:\Windows\System\ojmErGr.exe
  2⤵
  PID:5348
- C:\Windows\System\uqytUSO.exe
  C:\Windows\System\uqytUSO.exe
  2⤵
  PID:5372
- C:\Windows\System\gASCQAs.exe
  C:\Windows\System\gASCQAs.exe
  2⤵
  PID:5404
- C:\Windows\System\DwgMIXD.exe
  C:\Windows\System\DwgMIXD.exe
  2⤵
  PID:5444
- C:\Windows\System\ugUHXVV.exe
  C:\Windows\System\ugUHXVV.exe
  2⤵
  PID:5504
- C:\Windows\System\TFyigdE.exe
  C:\Windows\System\TFyigdE.exe
  2⤵
  PID:5508
- C:\Windows\System\fBQAzRb.exe
  C:\Windows\System\fBQAzRb.exe
  2⤵
  PID:5532
- C:\Windows\System\tDoEpaV.exe
  C:\Windows\System\tDoEpaV.exe
  2⤵
  PID:5624
- C:\Windows\System\kEMXAzA.exe
  C:\Windows\System\kEMXAzA.exe
  2⤵
  PID:5636
- C:\Windows\System\CBgjoas.exe
  C:\Windows\System\CBgjoas.exe
  2⤵
  PID:5664
- C:\Windows\System\DryyChK.exe
  C:\Windows\System\DryyChK.exe
  2⤵
  PID:5668
- C:\Windows\System\eWUieqJ.exe
  C:\Windows\System\eWUieqJ.exe
  2⤵
  PID:5696
- C:\Windows\System\LIZPmGJ.exe
  C:\Windows\System\LIZPmGJ.exe
  2⤵
  PID:5748
- C:\Windows\System\ERQlRWn.exe
  C:\Windows\System\ERQlRWn.exe
  2⤵
  PID:5768
- C:\Windows\System\lgvtScM.exe
  C:\Windows\System\lgvtScM.exe
  2⤵
  PID:5792
- C:\Windows\System\iymqsol.exe
  C:\Windows\System\iymqsol.exe
  2⤵
  PID:5816
- C:\Windows\System\rIUHKLY.exe
  C:\Windows\System\rIUHKLY.exe
  2⤵
  PID:5856
- C:\Windows\System\NDMrlsQ.exe
  C:\Windows\System\NDMrlsQ.exe
  2⤵
  PID:5916
- C:\Windows\System\QrCvkTL.exe
  C:\Windows\System\QrCvkTL.exe
  2⤵
  PID:5948
- C:\Windows\System\ZbBVLyl.exe
  C:\Windows\System\ZbBVLyl.exe
  2⤵
  PID:5952
- C:\Windows\System\HOECYcO.exe
  C:\Windows\System\HOECYcO.exe
  2⤵
  PID:5972
- C:\Windows\System\TuHyaGG.exe
  C:\Windows\System\TuHyaGG.exe
  2⤵
  PID:6036
- C:\Windows\System\BiNdApz.exe
  C:\Windows\System\BiNdApz.exe
  2⤵
  PID:6048
- C:\Windows\System\fbWpCLs.exe
  C:\Windows\System\fbWpCLs.exe
  2⤵
  PID:6116
- C:\Windows\System\oPUIHjL.exe
  C:\Windows\System\oPUIHjL.exe
  2⤵
  PID:3708
- C:\Windows\System\MhMYdxZ.exe
  C:\Windows\System\MhMYdxZ.exe
  2⤵
  PID:3812
- C:\Windows\System\BxcXRNs.exe
  C:\Windows\System\BxcXRNs.exe
  2⤵
  PID:4264
- C:\Windows\System\bjzYoCk.exe
  C:\Windows\System\bjzYoCk.exe
  2⤵
  PID:4328
- C:\Windows\System\CIazXpL.exe
  C:\Windows\System\CIazXpL.exe
  2⤵
  PID:4504
- C:\Windows\System\yHIDcXc.exe
  C:\Windows\System\yHIDcXc.exe
  2⤵
  PID:2736
- C:\Windows\System\rUWOipP.exe
  C:\Windows\System\rUWOipP.exe
  2⤵
  PID:4604
- C:\Windows\System\DELCvWh.exe
  C:\Windows\System\DELCvWh.exe
  2⤵
  PID:2940
- C:\Windows\System\rejmShL.exe
  C:\Windows\System\rejmShL.exe
  2⤵
  PID:4852
- C:\Windows\System\pAPLFbr.exe
  C:\Windows\System\pAPLFbr.exe
  2⤵
  PID:2064
- C:\Windows\System\QkkNTNP.exe
  C:\Windows\System\QkkNTNP.exe
  2⤵
  PID:3868
- C:\Windows\System\QPvKtJT.exe
  C:\Windows\System\QPvKtJT.exe
  2⤵
  PID:5148
- C:\Windows\System\vUJaJwK.exe
  C:\Windows\System\vUJaJwK.exe
  2⤵
  PID:5188
- C:\Windows\System\pzaoaKS.exe
  C:\Windows\System\pzaoaKS.exe
  2⤵
  PID:5228
- C:\Windows\System\iHgCsSY.exe
  C:\Windows\System\iHgCsSY.exe
  2⤵
  PID:5292
- C:\Windows\System\INHDuJI.exe
  C:\Windows\System\INHDuJI.exe
  2⤵
  PID:5364
- C:\Windows\System\RnGQdkP.exe
  C:\Windows\System\RnGQdkP.exe
  2⤵
  PID:5432
- C:\Windows\System\KarxzNl.exe
  C:\Windows\System\KarxzNl.exe
  2⤵
  PID:5468
- C:\Windows\System\vUjcMiw.exe
  C:\Windows\System\vUjcMiw.exe
  2⤵
  PID:2784
- C:\Windows\System\EBjtNGK.exe
  C:\Windows\System\EBjtNGK.exe
  2⤵
  PID:5588
- C:\Windows\System\uPQbdXa.exe
  C:\Windows\System\uPQbdXa.exe
  2⤵
  PID:5604
- C:\Windows\System\QPrfrLj.exe
  C:\Windows\System\QPrfrLj.exe
  2⤵
  PID:1912
- C:\Windows\System\KWwMZQw.exe
  C:\Windows\System\KWwMZQw.exe
  2⤵
  PID:5708
- C:\Windows\System\pVfmkUu.exe
  C:\Windows\System\pVfmkUu.exe
  2⤵
  PID:5732
- C:\Windows\System\DaLlfGx.exe
  C:\Windows\System\DaLlfGx.exe
  2⤵
  PID:5836
- C:\Windows\System\INvwyvf.exe
  C:\Windows\System\INvwyvf.exe
  2⤵
  PID:5872
- C:\Windows\System\AyAvpvq.exe
  C:\Windows\System\AyAvpvq.exe
  2⤵
  PID:2596
- C:\Windows\System\DAbiLGW.exe
  C:\Windows\System\DAbiLGW.exe
  2⤵
  PID:5932
- C:\Windows\System\FFzTBdt.exe
  C:\Windows\System\FFzTBdt.exe
  2⤵
  PID:5968
- C:\Windows\System\SdsBmRI.exe
  C:\Windows\System\SdsBmRI.exe
  2⤵
  PID:6076
- C:\Windows\System\PQjdOTO.exe
  C:\Windows\System\PQjdOTO.exe
  2⤵
  PID:6128
- C:\Windows\System\fsevdmQ.exe
  C:\Windows\System\fsevdmQ.exe
  2⤵
  PID:2888
- C:\Windows\System\GrZdOGA.exe
  C:\Windows\System\GrZdOGA.exe
  2⤵
  PID:1492
- C:\Windows\System\ogLqFun.exe
  C:\Windows\System\ogLqFun.exe
  2⤵
  PID:4304
- C:\Windows\System\xGlIIbl.exe
  C:\Windows\System\xGlIIbl.exe
  2⤵
  PID:2032
- C:\Windows\System\shbgbZt.exe
  C:\Windows\System\shbgbZt.exe
  2⤵
  PID:4668
- C:\Windows\System\VpJSves.exe
  C:\Windows\System\VpJSves.exe
  2⤵
  PID:5036
- C:\Windows\System\QhNlKse.exe
  C:\Windows\System\QhNlKse.exe
  2⤵
  PID:3160
- C:\Windows\System\JzWfCVF.exe
  C:\Windows\System\JzWfCVF.exe
  2⤵
  PID:3048
- C:\Windows\System\Ygisncg.exe
  C:\Windows\System\Ygisncg.exe
  2⤵
  PID:5152
- C:\Windows\System\wJpqVpr.exe
  C:\Windows\System\wJpqVpr.exe
  2⤵
  PID:5344
- C:\Windows\System\rCDGzeD.exe
  C:\Windows\System\rCDGzeD.exe
  2⤵
  PID:5492
- C:\Windows\System\ftnCpHy.exe
  C:\Windows\System\ftnCpHy.exe
  2⤵
  PID:5548
- C:\Windows\System\XSpPonQ.exe
  C:\Windows\System\XSpPonQ.exe
  2⤵
  PID:5592
- C:\Windows\System\glnWWcH.exe
  C:\Windows\System\glnWWcH.exe
  2⤵
  PID:5728
- C:\Windows\System\oufjAtU.exe
  C:\Windows\System\oufjAtU.exe
  2⤵
  PID:5752
- C:\Windows\System\wUCDVXP.exe
  C:\Windows\System\wUCDVXP.exe
  2⤵
  PID:5772
- C:\Windows\System\CyORSou.exe
  C:\Windows\System\CyORSou.exe
  2⤵
  PID:5956
- C:\Windows\System\IiPwgOD.exe
  C:\Windows\System\IiPwgOD.exe
  2⤵
  PID:6028
- C:\Windows\System\hnbmFsf.exe
  C:\Windows\System\hnbmFsf.exe
  2⤵
  PID:6068
- C:\Windows\System\doHvbwY.exe
  C:\Windows\System\doHvbwY.exe
  2⤵
  PID:6092
- C:\Windows\System\eGNCaUU.exe
  C:\Windows\System\eGNCaUU.exe
  2⤵
  PID:2144
- C:\Windows\System\anoRgvQ.exe
  C:\Windows\System\anoRgvQ.exe
  2⤵
  PID:2992
- C:\Windows\System\TgNccYO.exe
  C:\Windows\System\TgNccYO.exe
  2⤵
  PID:1924
- C:\Windows\System\DwjlDPt.exe
  C:\Windows\System\DwjlDPt.exe
  2⤵
  PID:5144
- C:\Windows\System\mQdrddX.exe
  C:\Windows\System\mQdrddX.exe
  2⤵
  PID:6148
- C:\Windows\System\iOyMiul.exe
  C:\Windows\System\iOyMiul.exe
  2⤵
  PID:6168
- C:\Windows\System\QqCTPIh.exe
  C:\Windows\System\QqCTPIh.exe
  2⤵
  PID:6188
- C:\Windows\System\KLlZmBL.exe
  C:\Windows\System\KLlZmBL.exe
  2⤵
  PID:6208
- C:\Windows\System\NbKIlED.exe
  C:\Windows\System\NbKIlED.exe
  2⤵
  PID:6228
- C:\Windows\System\XieKkFt.exe
  C:\Windows\System\XieKkFt.exe
  2⤵
  PID:6248
- C:\Windows\System\fnAaYXM.exe
  C:\Windows\System\fnAaYXM.exe
  2⤵
  PID:6272
- C:\Windows\System\PZdWWYc.exe
  C:\Windows\System\PZdWWYc.exe
  2⤵
  PID:6292
- C:\Windows\System\tnNeljh.exe
  C:\Windows\System\tnNeljh.exe
  2⤵
  PID:6312
- C:\Windows\System\kCWmAgI.exe
  C:\Windows\System\kCWmAgI.exe
  2⤵
  PID:6332
- C:\Windows\System\PZzQGKr.exe
  C:\Windows\System\PZzQGKr.exe
  2⤵
  PID:6352
- C:\Windows\System\hXrdfrK.exe
  C:\Windows\System\hXrdfrK.exe
  2⤵
  PID:6372
- C:\Windows\System\bytinve.exe
  C:\Windows\System\bytinve.exe
  2⤵
  PID:6392
- C:\Windows\System\siMLKOE.exe
  C:\Windows\System\siMLKOE.exe
  2⤵
  PID:6412
- C:\Windows\System\wdcwZcB.exe
  C:\Windows\System\wdcwZcB.exe
  2⤵
  PID:6432
- C:\Windows\System\JjmsJwa.exe
  C:\Windows\System\JjmsJwa.exe
  2⤵
  PID:6452
- C:\Windows\System\FAQcUdQ.exe
  C:\Windows\System\FAQcUdQ.exe
  2⤵
  PID:6472
- C:\Windows\System\aOBRUsk.exe
  C:\Windows\System\aOBRUsk.exe
  2⤵
  PID:6492
- C:\Windows\System\DRpnldb.exe
  C:\Windows\System\DRpnldb.exe
  2⤵
  PID:6512
- C:\Windows\System\ipOjJFH.exe
  C:\Windows\System\ipOjJFH.exe
  2⤵
  PID:6532
- C:\Windows\System\xeeYnPm.exe
  C:\Windows\System\xeeYnPm.exe
  2⤵
  PID:6552
- C:\Windows\System\OYjpDSz.exe
  C:\Windows\System\OYjpDSz.exe
  2⤵
  PID:6572
- C:\Windows\System\oeJRhJh.exe
  C:\Windows\System\oeJRhJh.exe
  2⤵
  PID:6592
- C:\Windows\System\srDMwCH.exe
  C:\Windows\System\srDMwCH.exe
  2⤵
  PID:6612
- C:\Windows\System\RoBnbIX.exe
  C:\Windows\System\RoBnbIX.exe
  2⤵
  PID:6632
- C:\Windows\System\utGUDRN.exe
  C:\Windows\System\utGUDRN.exe
  2⤵
  PID:6652
- C:\Windows\System\UjNpMrE.exe
  C:\Windows\System\UjNpMrE.exe
  2⤵
  PID:6672
- C:\Windows\System\yjfBIAu.exe
  C:\Windows\System\yjfBIAu.exe
  2⤵
  PID:6692
- C:\Windows\System\fkvDeUF.exe
  C:\Windows\System\fkvDeUF.exe
  2⤵
  PID:6712
- C:\Windows\System\oWLnvVn.exe
  C:\Windows\System\oWLnvVn.exe
  2⤵
  PID:6732
- C:\Windows\System\mFYsLis.exe
  C:\Windows\System\mFYsLis.exe
  2⤵
  PID:6752
- C:\Windows\System\OBjhRXC.exe
  C:\Windows\System\OBjhRXC.exe
  2⤵
  PID:6772
- C:\Windows\System\MwZYkwM.exe
  C:\Windows\System\MwZYkwM.exe
  2⤵
  PID:6792
- C:\Windows\System\gLEoKFX.exe
  C:\Windows\System\gLEoKFX.exe
  2⤵
  PID:6812
- C:\Windows\System\QhPDXwO.exe
  C:\Windows\System\QhPDXwO.exe
  2⤵
  PID:6832
- C:\Windows\System\GqtjoeA.exe
  C:\Windows\System\GqtjoeA.exe
  2⤵
  PID:6852
- C:\Windows\System\HxSROJH.exe
  C:\Windows\System\HxSROJH.exe
  2⤵
  PID:6872
- C:\Windows\System\LOgHUpz.exe
  C:\Windows\System\LOgHUpz.exe
  2⤵
  PID:6892
- C:\Windows\System\cggxDAS.exe
  C:\Windows\System\cggxDAS.exe
  2⤵
  PID:6912
- C:\Windows\System\vwgeKnl.exe
  C:\Windows\System\vwgeKnl.exe
  2⤵
  PID:6932
- C:\Windows\System\xhGPSvP.exe
  C:\Windows\System\xhGPSvP.exe
  2⤵
  PID:6952
- C:\Windows\System\qXlKepg.exe
  C:\Windows\System\qXlKepg.exe
  2⤵
  PID:6972
- C:\Windows\System\GQHXhfV.exe
  C:\Windows\System\GQHXhfV.exe
  2⤵
  PID:6992
- C:\Windows\System\KGvGZcY.exe
  C:\Windows\System\KGvGZcY.exe
  2⤵
  PID:7012
- C:\Windows\System\TiYfnVn.exe
  C:\Windows\System\TiYfnVn.exe
  2⤵
  PID:7032
- C:\Windows\System\miUIrTb.exe
  C:\Windows\System\miUIrTb.exe
  2⤵
  PID:7052
- C:\Windows\System\SuGZEat.exe
  C:\Windows\System\SuGZEat.exe
  2⤵
  PID:7072
- C:\Windows\System\GMaheUm.exe
  C:\Windows\System\GMaheUm.exe
  2⤵
  PID:7092
- C:\Windows\System\NGabXSe.exe
  C:\Windows\System\NGabXSe.exe
  2⤵
  PID:7112
- C:\Windows\System\OUWmTHw.exe
  C:\Windows\System\OUWmTHw.exe
  2⤵
  PID:7132
- C:\Windows\System\iEPZZFB.exe
  C:\Windows\System\iEPZZFB.exe
  2⤵
  PID:7152
- C:\Windows\System\OpBCIQH.exe
  C:\Windows\System\OpBCIQH.exe
  2⤵
  PID:5288
- C:\Windows\System\duJJbTp.exe
  C:\Windows\System\duJJbTp.exe
  2⤵
  PID:5556
- C:\Windows\System\BOcJQlf.exe
  C:\Windows\System\BOcJQlf.exe
  2⤵
  PID:1804
- C:\Windows\System\wbdApTm.exe
  C:\Windows\System\wbdApTm.exe
  2⤵
  PID:5688
- C:\Windows\System\XFfdgFI.exe
  C:\Windows\System\XFfdgFI.exe
  2⤵
  PID:5876
- C:\Windows\System\zqVrYYz.exe
  C:\Windows\System\zqVrYYz.exe
  2⤵
  PID:5848
- C:\Windows\System\iRgsrkU.exe
  C:\Windows\System\iRgsrkU.exe
  2⤵
  PID:6136
- C:\Windows\System\ezFzXaq.exe
  C:\Windows\System\ezFzXaq.exe
  2⤵
  PID:4588
- C:\Windows\System\HQSxGsx.exe
  C:\Windows\System\HQSxGsx.exe
  2⤵
  PID:2768
- C:\Windows\System\LPFRbal.exe
  C:\Windows\System\LPFRbal.exe
  2⤵
  PID:5204
- C:\Windows\System\YuYbTmz.exe
  C:\Windows\System\YuYbTmz.exe
  2⤵
  PID:6184
- C:\Windows\System\qWUgFLp.exe
  C:\Windows\System\qWUgFLp.exe
  2⤵
  PID:6200
- C:\Windows\System\fSFngzH.exe
  C:\Windows\System\fSFngzH.exe
  2⤵
  PID:6240
- C:\Windows\System\aVyhnEU.exe
  C:\Windows\System\aVyhnEU.exe
  2⤵
  PID:6288
- C:\Windows\System\CBuQVtf.exe
  C:\Windows\System\CBuQVtf.exe
  2⤵
  PID:6320
- C:\Windows\System\gzYBpDL.exe
  C:\Windows\System\gzYBpDL.exe
  2⤵
  PID:6344
- C:\Windows\System\cHDTaRu.exe
  C:\Windows\System\cHDTaRu.exe
  2⤵
  PID:692
- C:\Windows\System\WxmLbCL.exe
  C:\Windows\System\WxmLbCL.exe
  2⤵
  PID:6420
- C:\Windows\System\qMlyKdG.exe
  C:\Windows\System\qMlyKdG.exe
  2⤵
  PID:6448
- C:\Windows\System\UYTqMBy.exe
  C:\Windows\System\UYTqMBy.exe
  2⤵
  PID:6480
- C:\Windows\System\TVIbhel.exe
  C:\Windows\System\TVIbhel.exe
  2⤵
  PID:6504
- C:\Windows\System\TUFlrcN.exe
  C:\Windows\System\TUFlrcN.exe
  2⤵
  PID:6548
- C:\Windows\System\ZnQnqor.exe
  C:\Windows\System\ZnQnqor.exe
  2⤵
  PID:6564
- C:\Windows\System\xnSfnmO.exe
  C:\Windows\System\xnSfnmO.exe
  2⤵
  PID:6608
- C:\Windows\System\hZEwyqx.exe
  C:\Windows\System\hZEwyqx.exe
  2⤵
  PID:6660
- C:\Windows\System\pGyWebl.exe
  C:\Windows\System\pGyWebl.exe
  2⤵
  PID:6664
- C:\Windows\System\xjvAbcZ.exe
  C:\Windows\System\xjvAbcZ.exe
  2⤵
  PID:6704
- C:\Windows\System\aWqmXze.exe
  C:\Windows\System\aWqmXze.exe
  2⤵
  PID:6748
- C:\Windows\System\uXVzBin.exe
  C:\Windows\System\uXVzBin.exe
  2⤵
  PID:6788
- C:\Windows\System\XTPXPey.exe
  C:\Windows\System\XTPXPey.exe
  2⤵
  PID:6800
- C:\Windows\System\nZemvWV.exe
  C:\Windows\System\nZemvWV.exe
  2⤵
  PID:6824
- C:\Windows\System\jrXiSCE.exe
  C:\Windows\System\jrXiSCE.exe
  2⤵
  PID:6864
- C:\Windows\System\GiQxpjC.exe
  C:\Windows\System\GiQxpjC.exe
  2⤵
  PID:6884
- C:\Windows\System\QfEtJEF.exe
  C:\Windows\System\QfEtJEF.exe
  2⤵
  PID:6928
- C:\Windows\System\CSmBEaz.exe
  C:\Windows\System\CSmBEaz.exe
  2⤵
  PID:6980
- C:\Windows\System\qRRmGyk.exe
  C:\Windows\System\qRRmGyk.exe
  2⤵
  PID:7020
- C:\Windows\System\MMWVtuH.exe
  C:\Windows\System\MMWVtuH.exe
  2⤵
  PID:7040
- C:\Windows\System\KjFbrtR.exe
  C:\Windows\System\KjFbrtR.exe
  2⤵
  PID:7064
- C:\Windows\System\JNmjVpg.exe
  C:\Windows\System\JNmjVpg.exe
  2⤵
  PID:7104
- C:\Windows\System\kVfDWAx.exe
  C:\Windows\System\kVfDWAx.exe
  2⤵
  PID:7128
- C:\Windows\System\SJcjCAH.exe
  C:\Windows\System\SJcjCAH.exe
  2⤵
  PID:5272
- C:\Windows\System\IYLrqVi.exe
  C:\Windows\System\IYLrqVi.exe
  2⤵
  PID:5608
- C:\Windows\System\mIvMsJw.exe
  C:\Windows\System\mIvMsJw.exe
  2⤵
  PID:5832
- C:\Windows\System\ZTnChGA.exe
  C:\Windows\System\ZTnChGA.exe
  2⤵
  PID:5788
- C:\Windows\System\VpJwSqQ.exe
  C:\Windows\System\VpJwSqQ.exe
  2⤵
  PID:4408
- C:\Windows\System\qnYqGhI.exe
  C:\Windows\System\qnYqGhI.exe
  2⤵
  PID:4908
- C:\Windows\System\QZoVmIa.exe
  C:\Windows\System\QZoVmIa.exe
  2⤵
  PID:6204
- C:\Windows\System\pXqkLhv.exe
  C:\Windows\System\pXqkLhv.exe
  2⤵
  PID:6268
- C:\Windows\System\speANbU.exe
  C:\Windows\System\speANbU.exe
  2⤵
  PID:6340
- C:\Windows\System\qnbqitV.exe
  C:\Windows\System\qnbqitV.exe
  2⤵
  PID:6348
- C:\Windows\System\tapcWMs.exe
  C:\Windows\System\tapcWMs.exe
  2⤵
  PID:6408
- C:\Windows\System\XzQxqRr.exe
  C:\Windows\System\XzQxqRr.exe
  2⤵
  PID:6468
- C:\Windows\System\oAhBDvR.exe
  C:\Windows\System\oAhBDvR.exe
  2⤵
  PID:6528
- C:\Windows\System\vVqvtpI.exe
  C:\Windows\System\vVqvtpI.exe
  2⤵
  PID:6584
- C:\Windows\System\JFMKpfN.exe
  C:\Windows\System\JFMKpfN.exe
  2⤵
  PID:6600
- C:\Windows\System\vYxfGLZ.exe
  C:\Windows\System\vYxfGLZ.exe
  2⤵
  PID:6624
- C:\Windows\System\UGvNTCN.exe
  C:\Windows\System\UGvNTCN.exe
  2⤵
  PID:6708
- C:\Windows\System\QVVZSVg.exe
  C:\Windows\System\QVVZSVg.exe
  2⤵
  PID:6784
- C:\Windows\System\gwvzViF.exe
  C:\Windows\System\gwvzViF.exe
  2⤵
  PID:6804
- C:\Windows\System\wLUhjyz.exe
  C:\Windows\System\wLUhjyz.exe
  2⤵
  PID:6900
- C:\Windows\System\NjoquWH.exe
  C:\Windows\System\NjoquWH.exe
  2⤵
  PID:6940
- C:\Windows\System\BTrSZaD.exe
  C:\Windows\System\BTrSZaD.exe
  2⤵
  PID:6984
- C:\Windows\System\CpfleBf.exe
  C:\Windows\System\CpfleBf.exe
  2⤵
  PID:7000
- C:\Windows\System\DbKrvQw.exe
  C:\Windows\System\DbKrvQw.exe
  2⤵
  PID:3348
- C:\Windows\System\dSMXVCL.exe
  C:\Windows\System\dSMXVCL.exe
  2⤵
  PID:7100
- C:\Windows\System\NklZHiH.exe
  C:\Windows\System\NklZHiH.exe
  2⤵
  PID:7144
- C:\Windows\System\DnStgoX.exe
  C:\Windows\System\DnStgoX.exe
  2⤵
  PID:5652
- C:\Windows\System\tsPZxuN.exe
  C:\Windows\System\tsPZxuN.exe
  2⤵
  PID:296
- C:\Windows\System\krsxizT.exe
  C:\Windows\System\krsxizT.exe
  2⤵
  PID:6176
- C:\Windows\System\kUlqACS.exe
  C:\Windows\System\kUlqACS.exe
  2⤵
  PID:6160
- C:\Windows\System\TqVrPeJ.exe
  C:\Windows\System\TqVrPeJ.exe
  2⤵
  PID:6244
- C:\Windows\System\NouyZLH.exe
  C:\Windows\System\NouyZLH.exe
  2⤵
  PID:6428
- C:\Windows\System\YMSvjLq.exe
  C:\Windows\System\YMSvjLq.exe
  2⤵
  PID:6484
- C:\Windows\System\basGTzy.exe
  C:\Windows\System\basGTzy.exe
  2⤵
  PID:6464
- C:\Windows\System\ucwnZCV.exe
  C:\Windows\System\ucwnZCV.exe
  2⤵
  PID:6648
- C:\Windows\System\pUfwsYy.exe
  C:\Windows\System\pUfwsYy.exe
  2⤵
  PID:6724
- C:\Windows\System\JdTUAWZ.exe
  C:\Windows\System\JdTUAWZ.exe
  2⤵
  PID:6820
- C:\Windows\System\nqzHUok.exe
  C:\Windows\System\nqzHUok.exe
  2⤵
  PID:6920
- C:\Windows\System\ZHqfhEi.exe
  C:\Windows\System\ZHqfhEi.exe
  2⤵
  PID:7004
- C:\Windows\System\veYmMmf.exe
  C:\Windows\System\veYmMmf.exe
  2⤵
  PID:7044
- C:\Windows\System\CataZfw.exe
  C:\Windows\System\CataZfw.exe
  2⤵
  PID:5672
- C:\Windows\System\ycpLwnT.exe
  C:\Windows\System\ycpLwnT.exe
  2⤵
  PID:5996
- C:\Windows\System\iLtDuar.exe
  C:\Windows\System\iLtDuar.exe
  2⤵
  PID:4452
- C:\Windows\System\xpKDCtn.exe
  C:\Windows\System\xpKDCtn.exe
  2⤵
  PID:6324
- C:\Windows\System\GLuWvXo.exe
  C:\Windows\System\GLuWvXo.exe
  2⤵
  PID:6308
- C:\Windows\System\NfKPnzw.exe
  C:\Windows\System\NfKPnzw.exe
  2⤵
  PID:3976
- C:\Windows\System\dldCosr.exe
  C:\Windows\System\dldCosr.exe
  2⤵
  PID:6568
- C:\Windows\System\UXoADSe.exe
  C:\Windows\System\UXoADSe.exe
  2⤵
  PID:6764
- C:\Windows\System\FrGrMTy.exe
  C:\Windows\System\FrGrMTy.exe
  2⤵
  PID:7176
- C:\Windows\System\NbxlKPS.exe
  C:\Windows\System\NbxlKPS.exe
  2⤵
  PID:7196
- C:\Windows\System\WUHBuIc.exe
  C:\Windows\System\WUHBuIc.exe
  2⤵
  PID:7216
- C:\Windows\System\sawZsLR.exe
  C:\Windows\System\sawZsLR.exe
  2⤵
  PID:7236
- C:\Windows\System\BdLmBMB.exe
  C:\Windows\System\BdLmBMB.exe
  2⤵
  PID:7256
- C:\Windows\System\eWWPxAj.exe
  C:\Windows\System\eWWPxAj.exe
  2⤵
  PID:7276
- C:\Windows\System\XQeLVHg.exe
  C:\Windows\System\XQeLVHg.exe
  2⤵
  PID:7296
- C:\Windows\System\tjrbWrC.exe
  C:\Windows\System\tjrbWrC.exe
  2⤵
  PID:7316
- C:\Windows\System\JuvUTiD.exe
  C:\Windows\System\JuvUTiD.exe
  2⤵
  PID:7336
- C:\Windows\System\pZVkylG.exe
  C:\Windows\System\pZVkylG.exe
  2⤵
  PID:7356
- C:\Windows\System\ZZfpnXT.exe
  C:\Windows\System\ZZfpnXT.exe
  2⤵
  PID:7376
- C:\Windows\System\BjfcAgF.exe
  C:\Windows\System\BjfcAgF.exe
  2⤵
  PID:7396
- C:\Windows\System\mfgxdBc.exe
  C:\Windows\System\mfgxdBc.exe
  2⤵
  PID:7416
- C:\Windows\System\jCZkQDK.exe
  C:\Windows\System\jCZkQDK.exe
  2⤵
  PID:7436
- C:\Windows\System\mrsxjNg.exe
  C:\Windows\System\mrsxjNg.exe
  2⤵
  PID:7456
- C:\Windows\System\zFbsoZW.exe
  C:\Windows\System\zFbsoZW.exe
  2⤵
  PID:7476
- C:\Windows\System\efjJihH.exe
  C:\Windows\System\efjJihH.exe
  2⤵
  PID:7496
- C:\Windows\System\KahyPmY.exe
  C:\Windows\System\KahyPmY.exe
  2⤵
  PID:7516
- C:\Windows\System\dKQumKz.exe
  C:\Windows\System\dKQumKz.exe
  2⤵
  PID:7536
- C:\Windows\System\owzFKAP.exe
  C:\Windows\System\owzFKAP.exe
  2⤵
  PID:7556
- C:\Windows\System\DceinFH.exe
  C:\Windows\System\DceinFH.exe
  2⤵
  PID:7576
- C:\Windows\System\RCPlqUQ.exe
  C:\Windows\System\RCPlqUQ.exe
  2⤵
  PID:7596
- C:\Windows\System\CKPVSym.exe
  C:\Windows\System\CKPVSym.exe
  2⤵
  PID:7616
- C:\Windows\System\JHQwwCa.exe
  C:\Windows\System\JHQwwCa.exe
  2⤵
  PID:7636
- C:\Windows\System\qwRtlCw.exe
  C:\Windows\System\qwRtlCw.exe
  2⤵
  PID:7652
- C:\Windows\System\jnkKGst.exe
  C:\Windows\System\jnkKGst.exe
  2⤵
  PID:7676
- C:\Windows\System\SnsxZfw.exe
  C:\Windows\System\SnsxZfw.exe
  2⤵
  PID:7696
- C:\Windows\System\adOvbME.exe
  C:\Windows\System\adOvbME.exe
  2⤵
  PID:7716
- C:\Windows\System\ILRYfLK.exe
  C:\Windows\System\ILRYfLK.exe
  2⤵
  PID:7736
- C:\Windows\System\dMUlKJl.exe
  C:\Windows\System\dMUlKJl.exe
  2⤵
  PID:7756
- C:\Windows\System\OcOIxFk.exe
  C:\Windows\System\OcOIxFk.exe
  2⤵
  PID:7772
- C:\Windows\System\VriCPnd.exe
  C:\Windows\System\VriCPnd.exe
  2⤵
  PID:7796
- C:\Windows\System\muLNsFS.exe
  C:\Windows\System\muLNsFS.exe
  2⤵
  PID:7816
- C:\Windows\System\MRApiVB.exe
  C:\Windows\System\MRApiVB.exe
  2⤵
  PID:7836
- C:\Windows\System\FNMnSnK.exe
  C:\Windows\System\FNMnSnK.exe
  2⤵
  PID:7856
- C:\Windows\System\KonqNfI.exe
  C:\Windows\System\KonqNfI.exe
  2⤵
  PID:7876
- C:\Windows\System\rEuyqnm.exe
  C:\Windows\System\rEuyqnm.exe
  2⤵
  PID:7896
- C:\Windows\System\GYheyDI.exe
  C:\Windows\System\GYheyDI.exe
  2⤵
  PID:7916
- C:\Windows\System\BbDjVye.exe
  C:\Windows\System\BbDjVye.exe
  2⤵
  PID:7936
- C:\Windows\System\GYYMGLY.exe
  C:\Windows\System\GYYMGLY.exe
  2⤵
  PID:7956
- C:\Windows\System\EpEtUCa.exe
  C:\Windows\System\EpEtUCa.exe
  2⤵
  PID:7976
- C:\Windows\System\QnPgDNj.exe
  C:\Windows\System\QnPgDNj.exe
  2⤵
  PID:7996
- C:\Windows\System\NbJStYi.exe
  C:\Windows\System\NbJStYi.exe
  2⤵
  PID:8016
- C:\Windows\System\Cowjjvi.exe
  C:\Windows\System\Cowjjvi.exe
  2⤵
  PID:8036
- C:\Windows\System\HDXAplG.exe
  C:\Windows\System\HDXAplG.exe
  2⤵
  PID:8056
- C:\Windows\System\aXiBatp.exe
  C:\Windows\System\aXiBatp.exe
  2⤵
  PID:8076
- C:\Windows\System\RUaMrwQ.exe
  C:\Windows\System\RUaMrwQ.exe
  2⤵
  PID:8096
- C:\Windows\System\uzmkPMF.exe
  C:\Windows\System\uzmkPMF.exe
  2⤵
  PID:8184
- C:\Windows\System\yEbaCvF.exe
  C:\Windows\System\yEbaCvF.exe
  2⤵
  PID:6888
- C:\Windows\System\VjuKQjE.exe
  C:\Windows\System\VjuKQjE.exe
  2⤵
  PID:7164
- C:\Windows\System\liGjBxC.exe
  C:\Windows\System\liGjBxC.exe
  2⤵
  PID:7088
- C:\Windows\System\kdfRyLH.exe
  C:\Windows\System\kdfRyLH.exe
  2⤵
  PID:6008
- C:\Windows\System\ByfPRcN.exe
  C:\Windows\System\ByfPRcN.exe
  2⤵
  PID:6388
- C:\Windows\System\TbhjrmQ.exe
  C:\Windows\System\TbhjrmQ.exe
  2⤵
  PID:6424
- C:\Windows\System\CWJEJHf.exe
  C:\Windows\System\CWJEJHf.exe
  2⤵
  PID:6700
- C:\Windows\System\jOItzRE.exe
  C:\Windows\System\jOItzRE.exe
  2⤵
  PID:6868
- C:\Windows\System\UVgiOHx.exe
  C:\Windows\System\UVgiOHx.exe
  2⤵
  PID:7224
- C:\Windows\System\IILbCcJ.exe
  C:\Windows\System\IILbCcJ.exe
  2⤵
  PID:7208
- C:\Windows\System\ShqBREW.exe
  C:\Windows\System\ShqBREW.exe
  2⤵
  PID:7304
- C:\Windows\System\ZVecmnP.exe
  C:\Windows\System\ZVecmnP.exe
  2⤵
  PID:7312
- C:\Windows\System\HugDGFQ.exe
  C:\Windows\System\HugDGFQ.exe
  2⤵
  PID:7328
- C:\Windows\System\bXtLVob.exe
  C:\Windows\System\bXtLVob.exe
  2⤵
  PID:7388
- C:\Windows\System\TZxIiUU.exe
  C:\Windows\System\TZxIiUU.exe
  2⤵
  PID:7424
- C:\Windows\System\WUUAsyH.exe
  C:\Windows\System\WUUAsyH.exe
  2⤵
  PID:7432
- C:\Windows\System\NdePzJi.exe
  C:\Windows\System\NdePzJi.exe
  2⤵
  PID:7452
- C:\Windows\System\QyMDNPk.exe
  C:\Windows\System\QyMDNPk.exe
  2⤵
  PID:7484
- C:\Windows\System\IJEskab.exe
  C:\Windows\System\IJEskab.exe
  2⤵
  PID:7524
- C:\Windows\System\qTIIHhI.exe
  C:\Windows\System\qTIIHhI.exe
  2⤵
  PID:7548
- C:\Windows\System\pMZTlxF.exe
  C:\Windows\System\pMZTlxF.exe
  2⤵
  PID:7572
- C:\Windows\System\QlrjIJH.exe
  C:\Windows\System\QlrjIJH.exe
  2⤵
  PID:7604
- C:\Windows\System\EGGKApI.exe
  C:\Windows\System\EGGKApI.exe
  2⤵
  PID:7672
- C:\Windows\System\ednXXIp.exe
  C:\Windows\System\ednXXIp.exe
  2⤵
  PID:7704
- C:\Windows\System\UlcEnDE.exe
  C:\Windows\System\UlcEnDE.exe
  2⤵
  PID:7692
- C:\Windows\System\dhdzEWw.exe
  C:\Windows\System\dhdzEWw.exe
  2⤵
  PID:2232
- C:\Windows\System\VLsqEax.exe
  C:\Windows\System\VLsqEax.exe
  2⤵
  PID:7780
- C:\Windows\System\wlGPlIa.exe
  C:\Windows\System\wlGPlIa.exe
  2⤵
  PID:7768
- C:\Windows\System\SMNzKRu.exe
  C:\Windows\System\SMNzKRu.exe
  2⤵
  PID:7804
- C:\Windows\System\sgzSbzu.exe
  C:\Windows\System\sgzSbzu.exe
  2⤵
  PID:7852
- C:\Windows\System\iaCKpsN.exe
  C:\Windows\System\iaCKpsN.exe
  2⤵
  PID:7904
- C:\Windows\System\DHDsSWA.exe
  C:\Windows\System\DHDsSWA.exe
  2⤵
  PID:7884
- C:\Windows\System\SQuoQMO.exe
  C:\Windows\System\SQuoQMO.exe
  2⤵
  PID:7944
- C:\Windows\System\HiHbfnb.exe
  C:\Windows\System\HiHbfnb.exe
  2⤵
  PID:7928
- C:\Windows\System\XsuIvJu.exe
  C:\Windows\System\XsuIvJu.exe
  2⤵
  PID:8004
- C:\Windows\System\fmAMoXW.exe
  C:\Windows\System\fmAMoXW.exe
  2⤵
  PID:8028
- C:\Windows\System\eLubIDo.exe
  C:\Windows\System\eLubIDo.exe
  2⤵
  PID:8064
- C:\Windows\System\LpMJgJv.exe
  C:\Windows\System\LpMJgJv.exe
  2⤵
  PID:8092
- C:\Windows\System\arCYNFD.exe
  C:\Windows\System\arCYNFD.exe
  2⤵
  PID:376
- C:\Windows\System\bYpvcWB.exe
  C:\Windows\System\bYpvcWB.exe
  2⤵
  PID:2952
- C:\Windows\System\ZjBTneD.exe
  C:\Windows\System\ZjBTneD.exe
  2⤵
  PID:4188
- C:\Windows\System\GoEtSLd.exe
  C:\Windows\System\GoEtSLd.exe
  2⤵
  PID:3008
- C:\Windows\System\oKADqBL.exe
  C:\Windows\System\oKADqBL.exe
  2⤵
  PID:2908
- C:\Windows\System\QThEDBH.exe
  C:\Windows\System\QThEDBH.exe
  2⤵
  PID:1348
- C:\Windows\System\KLgBAyo.exe
  C:\Windows\System\KLgBAyo.exe
  2⤵
  PID:2428
- C:\Windows\System\kDHGNyR.exe
  C:\Windows\System\kDHGNyR.exe
  2⤵
  PID:1100
- C:\Windows\System\NcMZdyf.exe
  C:\Windows\System\NcMZdyf.exe
  2⤵
  PID:1048
- C:\Windows\System\mbLDQDz.exe
  C:\Windows\System\mbLDQDz.exe
  2⤵
  PID:2584
- C:\Windows\System\IxBxPGC.exe
  C:\Windows\System\IxBxPGC.exe
  2⤵
  PID:1564
- C:\Windows\System\xjjwlZr.exe
  C:\Windows\System\xjjwlZr.exe
  2⤵
  PID:7068
- C:\Windows\System\LVtvoJz.exe
  C:\Windows\System\LVtvoJz.exe
  2⤵
  PID:5464
- C:\Windows\System\IQXEJyc.exe
  C:\Windows\System\IQXEJyc.exe
  2⤵
  PID:4776
- C:\Windows\System\ryPtqVu.exe
  C:\Windows\System\ryPtqVu.exe
  2⤵
  PID:3592
- C:\Windows\System\SUUTgGH.exe
  C:\Windows\System\SUUTgGH.exe
  2⤵
  PID:7192
- C:\Windows\System\lnSPnzi.exe
  C:\Windows\System\lnSPnzi.exe
  2⤵
  PID:7204
- C:\Windows\System\ISFLdlC.exe
  C:\Windows\System\ISFLdlC.exe
  2⤵
  PID:7212
- C:\Windows\System\IRRPVoN.exe
  C:\Windows\System\IRRPVoN.exe
  2⤵
  PID:7248
- C:\Windows\System\Uslpjsj.exe
  C:\Windows\System\Uslpjsj.exe
  2⤵
  PID:7348
- C:\Windows\System\vnNfdSY.exe
  C:\Windows\System\vnNfdSY.exe
  2⤵
  PID:2276
- C:\Windows\System\DsZGTqa.exe
  C:\Windows\System\DsZGTqa.exe
  2⤵
  PID:7492
- C:\Windows\System\INyqEtr.exe
  C:\Windows\System\INyqEtr.exe
  2⤵
  PID:7592
- C:\Windows\System\DFYpjKr.exe
  C:\Windows\System\DFYpjKr.exe
  2⤵
  PID:7608
- C:\Windows\System\ZgxLztQ.exe
  C:\Windows\System\ZgxLztQ.exe
  2⤵
  PID:7528
- C:\Windows\System\ZTxlRIM.exe
  C:\Windows\System\ZTxlRIM.exe
  2⤵
  PID:7468
- C:\Windows\System\BrZRggU.exe
  C:\Windows\System\BrZRggU.exe
  2⤵
  PID:7668
- C:\Windows\System\tGAgxcQ.exe
  C:\Windows\System\tGAgxcQ.exe
  2⤵
  PID:7744
- C:\Windows\System\QcBrLUm.exe
  C:\Windows\System\QcBrLUm.exe
  2⤵
  PID:7728
- C:\Windows\System\bWxztvv.exe
  C:\Windows\System\bWxztvv.exe
  2⤵
  PID:7872
- C:\Windows\System\cQraHGu.exe
  C:\Windows\System\cQraHGu.exe
  2⤵
  PID:7844
- C:\Windows\System\kHlvcRC.exe
  C:\Windows\System\kHlvcRC.exe
  2⤵
  PID:2512
- C:\Windows\System\heDkEgd.exe
  C:\Windows\System\heDkEgd.exe
  2⤵
  PID:7924
- C:\Windows\System\ugnvhbh.exe
  C:\Windows\System\ugnvhbh.exe
  2⤵
  PID:7972
- C:\Windows\System\rTcaQsh.exe
  C:\Windows\System\rTcaQsh.exe
  2⤵
  PID:7992
- C:\Windows\System\obttIMk.exe
  C:\Windows\System\obttIMk.exe
  2⤵
  PID:8108
- C:\Windows\System\KjlMBFZ.exe
  C:\Windows\System\KjlMBFZ.exe
  2⤵
  PID:1792
- C:\Windows\System\CYgyZCy.exe
  C:\Windows\System\CYgyZCy.exe
  2⤵
  PID:2104
- C:\Windows\System\pHkjFOp.exe
  C:\Windows\System\pHkjFOp.exe
  2⤵
  PID:8084
- C:\Windows\System\KaATlyx.exe
  C:\Windows\System\KaATlyx.exe
  2⤵
  PID:1260
- C:\Windows\System\TKoooLC.exe
  C:\Windows\System\TKoooLC.exe
  2⤵
  PID:660
- C:\Windows\System\CXIqZax.exe
  C:\Windows\System\CXIqZax.exe
  2⤵
  PID:1656
- C:\Windows\System\lSyDlBh.exe
  C:\Windows\System\lSyDlBh.exe
  2⤵
  PID:6524
- C:\Windows\System\sfSHNaq.exe
  C:\Windows\System\sfSHNaq.exe
  2⤵
  PID:7244
- C:\Windows\System\qSPGzxJ.exe
  C:\Windows\System\qSPGzxJ.exe
  2⤵
  PID:6560
- C:\Windows\System\AWVYotp.exe
  C:\Windows\System\AWVYotp.exe
  2⤵
  PID:7792
- C:\Windows\System\sxpbpyp.exe
  C:\Windows\System\sxpbpyp.exe
  2⤵
  PID:7908
- C:\Windows\System\rbRgqSi.exe
  C:\Windows\System\rbRgqSi.exe
  2⤵
  PID:7964
- C:\Windows\System\IJtvPpR.exe
  C:\Windows\System\IJtvPpR.exe
  2⤵
  PID:1312
- C:\Windows\System\osdmwcJ.exe
  C:\Windows\System\osdmwcJ.exe
  2⤵
  PID:2792
- C:\Windows\System\PByoyRs.exe
  C:\Windows\System\PByoyRs.exe
  2⤵
  PID:1272
- C:\Windows\System\qjMnSbA.exe
  C:\Windows\System\qjMnSbA.exe
  2⤵
  PID:2896
- C:\Windows\System\tYjESXb.exe
  C:\Windows\System\tYjESXb.exe
  2⤵
  PID:7352
- C:\Windows\System\jvVSoJy.exe
  C:\Windows\System\jvVSoJy.exe
  2⤵
  PID:8008
- C:\Windows\System\dzxszbx.exe
  C:\Windows\System\dzxszbx.exe
  2⤵
  PID:904
- C:\Windows\System\iqWkJRi.exe
  C:\Windows\System\iqWkJRi.exe
  2⤵
  PID:2744
- C:\Windows\System\TDzBXXc.exe
  C:\Windows\System\TDzBXXc.exe
  2⤵
  PID:7268
- C:\Windows\System\teiisLY.exe
  C:\Windows\System\teiisLY.exe
  2⤵
  PID:7512
- C:\Windows\System\uZDopEk.exe
  C:\Windows\System\uZDopEk.exe
  2⤵
  PID:7732
- C:\Windows\System\fjgnwLz.exe
  C:\Windows\System\fjgnwLz.exe
  2⤵
  PID:7868
- C:\Windows\System\ypijqeU.exe
  C:\Windows\System\ypijqeU.exe
  2⤵
  PID:7968
- C:\Windows\System\rGmwNcr.exe
  C:\Windows\System\rGmwNcr.exe
  2⤵
  PID:1108
- C:\Windows\System\HFGrZBV.exe
  C:\Windows\System\HFGrZBV.exe
  2⤵
  PID:7368
- C:\Windows\System\OfXVknd.exe
  C:\Windows\System\OfXVknd.exe
  2⤵
  PID:7464
- C:\Windows\System\cHfddSt.exe
  C:\Windows\System\cHfddSt.exe
  2⤵
  PID:2352
- C:\Windows\System\PudMhLF.exe
  C:\Windows\System\PudMhLF.exe
  2⤵
  PID:8032
- C:\Windows\System\XhaGjMc.exe
  C:\Windows\System\XhaGjMc.exe
  2⤵
  PID:1944
- C:\Windows\System\XozrqVP.exe
  C:\Windows\System\XozrqVP.exe
  2⤵
  PID:7708
- C:\Windows\System\CaRymgF.exe
  C:\Windows\System\CaRymgF.exe
  2⤵
  PID:7724
- C:\Windows\System\zRpDkeO.exe
  C:\Windows\System\zRpDkeO.exe
  2⤵
  PID:7384
- C:\Windows\System\yFqslIk.exe
  C:\Windows\System\yFqslIk.exe
  2⤵
  PID:7660
- C:\Windows\System\SeflyFQ.exe
  C:\Windows\System\SeflyFQ.exe
  2⤵
  PID:7684
- C:\Windows\System\GvEpOfM.exe
  C:\Windows\System\GvEpOfM.exe
  2⤵
  PID:6968
- C:\Windows\System\pwaPNix.exe
  C:\Windows\System\pwaPNix.exe
  2⤵
  PID:740
- C:\Windows\System\OcEyLhF.exe
  C:\Windows\System\OcEyLhF.exe
  2⤵
  PID:7324
- C:\Windows\System\tTotlIS.exe
  C:\Windows\System\tTotlIS.exe
  2⤵
  PID:8212
- C:\Windows\System\pyUwhFi.exe
  C:\Windows\System\pyUwhFi.exe
  2⤵
  PID:8236
- C:\Windows\System\urhCzyr.exe
  C:\Windows\System\urhCzyr.exe
  2⤵
  PID:8252
- C:\Windows\System\JlXOetj.exe
  C:\Windows\System\JlXOetj.exe
  2⤵
  PID:8272
- C:\Windows\System\vIRUVaG.exe
  C:\Windows\System\vIRUVaG.exe
  2⤵
  PID:8296
- C:\Windows\System\spJKiYU.exe
  C:\Windows\System\spJKiYU.exe
  2⤵
  PID:8312
- C:\Windows\System\HilVsTF.exe
  C:\Windows\System\HilVsTF.exe
  2⤵
  PID:8328
- C:\Windows\System\bATFJjn.exe
  C:\Windows\System\bATFJjn.exe
  2⤵
  PID:8344
- C:\Windows\System\zfmJHiR.exe
  C:\Windows\System\zfmJHiR.exe
  2⤵
  PID:8364
- C:\Windows\System\taSZzlh.exe
  C:\Windows\System\taSZzlh.exe
  2⤵
  PID:8384
- C:\Windows\System\IzzCBmJ.exe
  C:\Windows\System\IzzCBmJ.exe
  2⤵
  PID:8408
- C:\Windows\System\ogMufuV.exe
  C:\Windows\System\ogMufuV.exe
  2⤵
  PID:8444
- C:\Windows\System\VHPamsE.exe
  C:\Windows\System\VHPamsE.exe
  2⤵
  PID:8460
- C:\Windows\System\ASLuTOh.exe
  C:\Windows\System\ASLuTOh.exe
  2⤵
  PID:8476
- C:\Windows\System\fZABHhc.exe
  C:\Windows\System\fZABHhc.exe
  2⤵
  PID:8504
- C:\Windows\System\zqQlnoW.exe
  C:\Windows\System\zqQlnoW.exe
  2⤵
  PID:8524
- C:\Windows\System\jqoORst.exe
  C:\Windows\System\jqoORst.exe
  2⤵
  PID:8540
- C:\Windows\System\SpJgvSm.exe
  C:\Windows\System\SpJgvSm.exe
  2⤵
  PID:8564
- C:\Windows\System\evUNLFi.exe
  C:\Windows\System\evUNLFi.exe
  2⤵
  PID:8584
- C:\Windows\System\ohuWYAM.exe
  C:\Windows\System\ohuWYAM.exe
  2⤵
  PID:8600
- C:\Windows\System\JXeDXWk.exe
  C:\Windows\System\JXeDXWk.exe
  2⤵
  PID:8624
- C:\Windows\System\WIsXAKs.exe
  C:\Windows\System\WIsXAKs.exe
  2⤵
  PID:8640
- C:\Windows\System\jHhTUJE.exe
  C:\Windows\System\jHhTUJE.exe
  2⤵
  PID:8656
- C:\Windows\System\tNyPxiJ.exe
  C:\Windows\System\tNyPxiJ.exe
  2⤵
  PID:8676
- C:\Windows\System\SLFCKwU.exe
  C:\Windows\System\SLFCKwU.exe
  2⤵
  PID:8692
- C:\Windows\System\aoMDQCL.exe
  C:\Windows\System\aoMDQCL.exe
  2⤵
  PID:8708
- C:\Windows\System\vcyZlLU.exe
  C:\Windows\System\vcyZlLU.exe
  2⤵
  PID:8732
- C:\Windows\System\emsqMmz.exe
  C:\Windows\System\emsqMmz.exe
  2⤵
  PID:8748
- C:\Windows\System\oERwvqt.exe
  C:\Windows\System\oERwvqt.exe
  2⤵
  PID:8764
- C:\Windows\System\hFWkiOp.exe
  C:\Windows\System\hFWkiOp.exe
  2⤵
  PID:8812
- C:\Windows\System\orgESNA.exe
  C:\Windows\System\orgESNA.exe
  2⤵
  PID:8828
- C:\Windows\System\VmDFtbY.exe
  C:\Windows\System\VmDFtbY.exe
  2⤵
  PID:8848
- C:\Windows\System\POcWlpq.exe
  C:\Windows\System\POcWlpq.exe
  2⤵
  PID:8864
- C:\Windows\System\AiSOpOS.exe
  C:\Windows\System\AiSOpOS.exe
  2⤵
  PID:8884
- C:\Windows\System\KyjEjym.exe
  C:\Windows\System\KyjEjym.exe
  2⤵
  PID:8904
- C:\Windows\System\ljhFZbe.exe
  C:\Windows\System\ljhFZbe.exe
  2⤵
  PID:8924
- C:\Windows\System\ytAaliE.exe
  C:\Windows\System\ytAaliE.exe
  2⤵
  PID:8940
- C:\Windows\System\hZqLGqn.exe
  C:\Windows\System\hZqLGqn.exe
  2⤵
  PID:8964
- C:\Windows\System\BFrXZLi.exe
  C:\Windows\System\BFrXZLi.exe
  2⤵
  PID:8980
- C:\Windows\System\PfZhqVE.exe
  C:\Windows\System\PfZhqVE.exe
  2⤵
  PID:8996
- C:\Windows\System\WuGHcHI.exe
  C:\Windows\System\WuGHcHI.exe
  2⤵
  PID:9012
- C:\Windows\System\NZXOUVU.exe
  C:\Windows\System\NZXOUVU.exe
  2⤵
  PID:9028
- C:\Windows\System\OAWORdt.exe
  C:\Windows\System\OAWORdt.exe
  2⤵
  PID:9044
- C:\Windows\System\BvJzoyx.exe
  C:\Windows\System\BvJzoyx.exe
  2⤵
  PID:9060
- C:\Windows\System\kgFnRMg.exe
  C:\Windows\System\kgFnRMg.exe
  2⤵
  PID:9084
- C:\Windows\System\fyrrJuv.exe
  C:\Windows\System\fyrrJuv.exe
  2⤵
  PID:9104
- C:\Windows\System\ejLqyqA.exe
  C:\Windows\System\ejLqyqA.exe
  2⤵
  PID:9120
- C:\Windows\System\OVoILWh.exe
  C:\Windows\System\OVoILWh.exe
  2⤵
  PID:9140
- C:\Windows\System\QSsZlGs.exe
  C:\Windows\System\QSsZlGs.exe
  2⤵
  PID:9156
- C:\Windows\System\xCrvboQ.exe
  C:\Windows\System\xCrvboQ.exe
  2⤵
  PID:9192
- C:\Windows\System\KniFfHI.exe
  C:\Windows\System\KniFfHI.exe
  2⤵
  PID:7444
- C:\Windows\System\zwERKjI.exe
  C:\Windows\System\zwERKjI.exe
  2⤵
  PID:7648
- C:\Windows\System\hlGJWCS.exe
  C:\Windows\System\hlGJWCS.exe
  2⤵
  PID:8204
- C:\Windows\System\ogINVIk.exe
  C:\Windows\System\ogINVIk.exe
  2⤵
  PID:8224
- C:\Windows\System\ZDVwiSb.exe
  C:\Windows\System\ZDVwiSb.exe
  2⤵
  PID:8264
- C:\Windows\System\mvUxZbN.exe
  C:\Windows\System\mvUxZbN.exe
  2⤵
  PID:8288
- C:\Windows\System\uQRDuHR.exe
  C:\Windows\System\uQRDuHR.exe
  2⤵
  PID:8320
- C:\Windows\System\klzBLoT.exe
  C:\Windows\System\klzBLoT.exe
  2⤵
  PID:8360
- C:\Windows\System\vOayUGo.exe
  C:\Windows\System\vOayUGo.exe
  2⤵
  PID:8420
- C:\Windows\System\AhTCenV.exe
  C:\Windows\System\AhTCenV.exe
  2⤵
  PID:8468
- C:\Windows\System\JZMkNWf.exe
  C:\Windows\System\JZMkNWf.exe
  2⤵
  PID:8484
- C:\Windows\System\xDAAiLK.exe
  C:\Windows\System\xDAAiLK.exe
  2⤵
  PID:8556
- C:\Windows\System\mgxdSFd.exe
  C:\Windows\System\mgxdSFd.exe
  2⤵
  PID:8576
- C:\Windows\System\tykfuqT.exe
  C:\Windows\System\tykfuqT.exe
  2⤵
  PID:8616
- C:\Windows\System\isVOVyP.exe
  C:\Windows\System\isVOVyP.exe
  2⤵
  PID:8672
- C:\Windows\System\nZEGjfJ.exe
  C:\Windows\System\nZEGjfJ.exe
  2⤵
  PID:8620
- C:\Windows\System\RHHgzQO.exe
  C:\Windows\System\RHHgzQO.exe
  2⤵
  PID:8716
- C:\Windows\System\lrbOPOJ.exe
  C:\Windows\System\lrbOPOJ.exe
  2⤵
  PID:8688
- C:\Windows\System\YkuCEFg.exe
  C:\Windows\System\YkuCEFg.exe
  2⤵
  PID:8776
- C:\Windows\System\sYyvpoO.exe
  C:\Windows\System\sYyvpoO.exe
  2⤵
  PID:8796
- C:\Windows\System\RswJLVw.exe
  C:\Windows\System\RswJLVw.exe
  2⤵
  PID:8824
- C:\Windows\System\DvqNCkD.exe
  C:\Windows\System\DvqNCkD.exe
  2⤵
  PID:8912
- C:\Windows\System\grywjgo.exe
  C:\Windows\System\grywjgo.exe
  2⤵
  PID:8856
- C:\Windows\System\DphjDHK.exe
  C:\Windows\System\DphjDHK.exe
  2⤵
  PID:8960
- C:\Windows\System\tWPqxwY.exe
  C:\Windows\System\tWPqxwY.exe
  2⤵
  PID:9024
- C:\Windows\System\BFRNyyg.exe
  C:\Windows\System\BFRNyyg.exe
  2⤵
  PID:9092
- C:\Windows\System\CYEDCIw.exe
  C:\Windows\System\CYEDCIw.exe
  2⤵
  PID:9132
- C:\Windows\System\FFBTAzD.exe
  C:\Windows\System\FFBTAzD.exe
  2⤵
  PID:9180
- C:\Windows\System\eFFTFMh.exe
  C:\Windows\System\eFFTFMh.exe
  2⤵
  PID:8936
- C:\Windows\System\pYIKlov.exe
  C:\Windows\System\pYIKlov.exe
  2⤵
  PID:9148
- C:\Windows\System\MbIyiPS.exe
  C:\Windows\System\MbIyiPS.exe
  2⤵
  PID:9172
- C:\Windows\System\BGiWxpg.exe
  C:\Windows\System\BGiWxpg.exe
  2⤵
  PID:8356
- C:\Windows\System\izEAaEI.exe
  C:\Windows\System\izEAaEI.exe
  2⤵
  PID:8496
- C:\Windows\System\rOYCdmY.exe
  C:\Windows\System\rOYCdmY.exe
  2⤵
  PID:8500
- C:\Windows\System\GTHYIAp.exe
  C:\Windows\System\GTHYIAp.exe
  2⤵
  PID:8416
- C:\Windows\System\xcMwpHb.exe
  C:\Windows\System\xcMwpHb.exe
  2⤵
  PID:8200
- C:\Windows\System\WNyGfqg.exe
  C:\Windows\System\WNyGfqg.exe
  2⤵
  PID:8456
- C:\Windows\System\wbFoAXD.exe
  C:\Windows\System\wbFoAXD.exe
  2⤵
  PID:8520
- C:\Windows\System\rMxlsMl.exe
  C:\Windows\System\rMxlsMl.exe
  2⤵
  PID:8548
- C:\Windows\System\CpJWYmo.exe
  C:\Windows\System\CpJWYmo.exe
  2⤵
  PID:8704
- C:\Windows\System\dnKYMpV.exe
  C:\Windows\System\dnKYMpV.exe
  2⤵
  PID:8788
- C:\Windows\System\lqGgbSC.exe
  C:\Windows\System\lqGgbSC.exe
  2⤵
  PID:8664
- C:\Windows\System\zfmBPQp.exe
  C:\Windows\System\zfmBPQp.exe
  2⤵
  PID:8892
- C:\Windows\System\NCHlFEh.exe
  C:\Windows\System\NCHlFEh.exe
  2⤵
  PID:8896
- C:\Windows\System\cVyrwHp.exe
  C:\Windows\System\cVyrwHp.exe
  2⤵
  PID:9176
- C:\Windows\System\hDyCnKG.exe
  C:\Windows\System\hDyCnKG.exe
  2⤵
  PID:8920
- C:\Windows\System\omsMxMg.exe
  C:\Windows\System\omsMxMg.exe
  2⤵
  PID:8988
- C:\Windows\System\BNuZEAu.exe
  C:\Windows\System\BNuZEAu.exe
  2⤵
  PID:9188
- C:\Windows\System\xFamMxq.exe
  C:\Windows\System\xFamMxq.exe
  2⤵
  PID:9068
- C:\Windows\System\UUsiKTJ.exe
  C:\Windows\System\UUsiKTJ.exe
  2⤵
  PID:8280
- C:\Windows\System\dqcMPzW.exe
  C:\Windows\System\dqcMPzW.exe
  2⤵
  PID:8452
- C:\Windows\System\xfHKVGK.exe
  C:\Windows\System\xfHKVGK.exe
  2⤵
  PID:8220
- C:\Windows\System\TckPmHs.exe
  C:\Windows\System\TckPmHs.exe
  2⤵
  PID:8516
- C:\Windows\System\XysLlLS.exe
  C:\Windows\System\XysLlLS.exe
  2⤵
  PID:8612
- C:\Windows\System\QbYRLie.exe
  C:\Windows\System\QbYRLie.exe
  2⤵
  PID:8956
- C:\Windows\System\mCwFLBj.exe
  C:\Windows\System\mCwFLBj.exe
  2⤵
  PID:8380
- C:\Windows\System\pJQyAlL.exe
  C:\Windows\System\pJQyAlL.exe
  2⤵
  PID:8700
- C:\Windows\System\MoLpJYb.exe
  C:\Windows\System\MoLpJYb.exe
  2⤵
  PID:9112
- C:\Windows\System\dJmLLtO.exe
  C:\Windows\System\dJmLLtO.exe
  2⤵
  PID:8728
- C:\Windows\System\dyKLnsQ.exe
  C:\Windows\System\dyKLnsQ.exe
  2⤵
  PID:8900
- C:\Windows\System\tSAagSa.exe
  C:\Windows\System\tSAagSa.exe
  2⤵
  PID:7228
- C:\Windows\System\fKnJway.exe
  C:\Windows\System\fKnJway.exe
  2⤵
  PID:8340
- C:\Windows\System\nKXuamz.exe
  C:\Windows\System\nKXuamz.exe
  2⤵
  PID:8304
- C:\Windows\System\crlrzEw.exe
  C:\Windows\System\crlrzEw.exe
  2⤵
  PID:8140
- C:\Windows\System\RHmCQHv.exe
  C:\Windows\System\RHmCQHv.exe
  2⤵
  PID:8536
- C:\Windows\System\osSxEoE.exe
  C:\Windows\System\osSxEoE.exe
  2⤵
  PID:8880
- C:\Windows\System\YKyraQH.exe
  C:\Windows\System\YKyraQH.exe
  2⤵
  PID:8756
- C:\Windows\System\aaLjKdl.exe
  C:\Windows\System\aaLjKdl.exe
  2⤵
  PID:9008
- C:\Windows\System\RFUWDNp.exe
  C:\Windows\System\RFUWDNp.exe
  2⤵
  PID:8396
- C:\Windows\System\oATNhIG.exe
  C:\Windows\System\oATNhIG.exe
  2⤵
  PID:9152
- C:\Windows\System\QPeSCgR.exe
  C:\Windows\System\QPeSCgR.exe
  2⤵
  PID:8872
- C:\Windows\System\CAiZDTz.exe
  C:\Windows\System\CAiZDTz.exe
  2⤵
  PID:8820
- C:\Windows\System\mipJuDA.exe
  C:\Windows\System\mipJuDA.exe
  2⤵
  PID:9040
- C:\Windows\System\EafjnRK.exe
  C:\Windows\System\EafjnRK.exe
  2⤵
  PID:8596
- C:\Windows\System\YLHUmwY.exe
  C:\Windows\System\YLHUmwY.exe
  2⤵
  PID:9164
- C:\Windows\System\KondGMY.exe
  C:\Windows\System\KondGMY.exe
  2⤵
  PID:9208
- C:\Windows\System\FFTaXEa.exe
  C:\Windows\System\FFTaXEa.exe
  2⤵
  PID:9232
- C:\Windows\System\TkRWkEY.exe
  C:\Windows\System\TkRWkEY.exe
  2⤵
  PID:9248
- C:\Windows\System\Gbpchlh.exe
  C:\Windows\System\Gbpchlh.exe
  2⤵
  PID:9264
- C:\Windows\System\dFFwQab.exe
  C:\Windows\System\dFFwQab.exe
  2⤵
  PID:9292
- C:\Windows\System\zmLAhYz.exe
  C:\Windows\System\zmLAhYz.exe
  2⤵
  PID:9308
- C:\Windows\System\DOpkHCI.exe
  C:\Windows\System\DOpkHCI.exe
  2⤵
  PID:9328
- C:\Windows\System\lfJooYt.exe
  C:\Windows\System\lfJooYt.exe
  2⤵
  PID:9348
- C:\Windows\System\vZuvxQq.exe
  C:\Windows\System\vZuvxQq.exe
  2⤵
  PID:9368
- C:\Windows\System\ALPAuuh.exe
  C:\Windows\System\ALPAuuh.exe
  2⤵
  PID:9388
- C:\Windows\System\KdndCSL.exe
  C:\Windows\System\KdndCSL.exe
  2⤵
  PID:9404
- C:\Windows\System\XZlqHlk.exe
  C:\Windows\System\XZlqHlk.exe
  2⤵
  PID:9420
- C:\Windows\System\dcguKdZ.exe
  C:\Windows\System\dcguKdZ.exe
  2⤵
  PID:9444
- C:\Windows\System\ChzbvMC.exe
  C:\Windows\System\ChzbvMC.exe
  2⤵
  PID:9460
- C:\Windows\System\pIZCFeU.exe
  C:\Windows\System\pIZCFeU.exe
  2⤵
  PID:9476
- C:\Windows\System\cZpxlmj.exe
  C:\Windows\System\cZpxlmj.exe
  2⤵
  PID:9496
- C:\Windows\System\sOtHUba.exe
  C:\Windows\System\sOtHUba.exe
  2⤵
  PID:9512
- C:\Windows\System\QGigbYH.exe
  C:\Windows\System\QGigbYH.exe
  2⤵
  PID:9532
- C:\Windows\System\kmFjsHz.exe
  C:\Windows\System\kmFjsHz.exe
  2⤵
  PID:9548
- C:\Windows\System\WCmAjyl.exe
  C:\Windows\System\WCmAjyl.exe
  2⤵
  PID:9568
- C:\Windows\System\gGZYxBW.exe
  C:\Windows\System\gGZYxBW.exe
  2⤵
  PID:9592
- C:\Windows\System\hXdgAGt.exe
  C:\Windows\System\hXdgAGt.exe
  2⤵
  PID:9620
- C:\Windows\System\XCFMvvU.exe
  C:\Windows\System\XCFMvvU.exe
  2⤵
  PID:9636
- C:\Windows\System\jeayIlo.exe
  C:\Windows\System\jeayIlo.exe
  2⤵
  PID:9672
- C:\Windows\System\HGTjhoc.exe
  C:\Windows\System\HGTjhoc.exe
  2⤵
  PID:9688
- C:\Windows\System\MzmUKHq.exe
  C:\Windows\System\MzmUKHq.exe
  2⤵
  PID:9712
- C:\Windows\System\vooqqJR.exe
  C:\Windows\System\vooqqJR.exe
  2⤵
  PID:9732
- C:\Windows\System\VYQfvsI.exe
  C:\Windows\System\VYQfvsI.exe
  2⤵
  PID:9748
- C:\Windows\System\CSGmXLA.exe
  C:\Windows\System\CSGmXLA.exe
  2⤵
  PID:9768
- C:\Windows\System\uBDgVxW.exe
  C:\Windows\System\uBDgVxW.exe
  2⤵
  PID:9792
- C:\Windows\System\bwEMuKW.exe
  C:\Windows\System\bwEMuKW.exe
  2⤵
  PID:9816
- C:\Windows\System\aNpfqfU.exe
  C:\Windows\System\aNpfqfU.exe
  2⤵
  PID:9832
- C:\Windows\System\MNnKbeb.exe
  C:\Windows\System\MNnKbeb.exe
  2⤵
  PID:9852
- C:\Windows\System\iNTGtKK.exe
  C:\Windows\System\iNTGtKK.exe
  2⤵
  PID:9872
- C:\Windows\System\KDGRLfz.exe
  C:\Windows\System\KDGRLfz.exe
  2⤵
  PID:9900
- C:\Windows\System\rPTgBGi.exe
  C:\Windows\System\rPTgBGi.exe
  2⤵
  PID:9916
- C:\Windows\System\IxQuigO.exe
  C:\Windows\System\IxQuigO.exe
  2⤵
  PID:9932
- C:\Windows\System\fwinzlF.exe
  C:\Windows\System\fwinzlF.exe
  2⤵
  PID:9956
- C:\Windows\System\NGuCyLd.exe
  C:\Windows\System\NGuCyLd.exe
  2⤵
  PID:9976
- C:\Windows\System\IPVzDJu.exe
  C:\Windows\System\IPVzDJu.exe
  2⤵
  PID:9996
- C:\Windows\System\rjnkMuC.exe
  C:\Windows\System\rjnkMuC.exe
  2⤵
  PID:10012
- C:\Windows\System\scYJLSs.exe
  C:\Windows\System\scYJLSs.exe
  2⤵
  PID:10028
- C:\Windows\System\qkiFKOf.exe
  C:\Windows\System\qkiFKOf.exe
  2⤵
  PID:10052
- C:\Windows\System\AiwShmw.exe
  C:\Windows\System\AiwShmw.exe
  2⤵
  PID:10068
- C:\Windows\System\ODOMMrK.exe
  C:\Windows\System\ODOMMrK.exe
  2⤵
  PID:10084
- C:\Windows\System\stvjeMk.exe
  C:\Windows\System\stvjeMk.exe
  2⤵
  PID:10104
- C:\Windows\System\lYFauFV.exe
  C:\Windows\System\lYFauFV.exe
  2⤵
  PID:10124
- C:\Windows\System\nygHDIX.exe
  C:\Windows\System\nygHDIX.exe
  2⤵
  PID:10152
- C:\Windows\System\tTsOSCF.exe
  C:\Windows\System\tTsOSCF.exe
  2⤵
  PID:10176
- C:\Windows\System\xKdUrRh.exe
  C:\Windows\System\xKdUrRh.exe
  2⤵
  PID:10192
- C:\Windows\System\nmPXuzd.exe
  C:\Windows\System\nmPXuzd.exe
  2⤵
  PID:10208
- C:\Windows\System\lYlWnpC.exe
  C:\Windows\System\lYlWnpC.exe
  2⤵
  PID:10224
- C:\Windows\System\jHfvsdA.exe
  C:\Windows\System\jHfvsdA.exe
  2⤵
  PID:9220
- C:\Windows\System\pOvUHFu.exe
  C:\Windows\System\pOvUHFu.exe
  2⤵
  PID:8840
- C:\Windows\System\gPexFFx.exe
  C:\Windows\System\gPexFFx.exe
  2⤵
  PID:9244
- C:\Windows\System\vvEtRTy.exe
  C:\Windows\System\vvEtRTy.exe
  2⤵
  PID:9276
- C:\Windows\System\PKOoyFC.exe
  C:\Windows\System\PKOoyFC.exe
  2⤵
  PID:9316
- C:\Windows\System\PIBQEYR.exe
  C:\Windows\System\PIBQEYR.exe
  2⤵
  PID:9336
- C:\Windows\System\fpwhrHR.exe
  C:\Windows\System\fpwhrHR.exe
  2⤵
  PID:9360
- C:\Windows\System\vnvXLaW.exe
  C:\Windows\System\vnvXLaW.exe
  2⤵
  PID:9428
- C:\Windows\System\NOOGJPb.exe
  C:\Windows\System\NOOGJPb.exe
  2⤵
  PID:9384
- C:\Windows\System\pLIVuOE.exe
  C:\Windows\System\pLIVuOE.exe
  2⤵
  PID:9540
- C:\Windows\System\uwiOxuN.exe
  C:\Windows\System\uwiOxuN.exe
  2⤵
  PID:9484
- C:\Windows\System\HMWgCwl.exe
  C:\Windows\System\HMWgCwl.exe
  2⤵
  PID:9588
- C:\Windows\System\mDFUnTQ.exe
  C:\Windows\System\mDFUnTQ.exe
  2⤵
  PID:9632
- C:\Windows\System\rXEiVaE.exe
  C:\Windows\System\rXEiVaE.exe
  2⤵
  PID:9724
- C:\Windows\System\GSzgTMN.exe
  C:\Windows\System\GSzgTMN.exe
  2⤵
  PID:9656
- C:\Windows\System\wfsGBbD.exe
  C:\Windows\System\wfsGBbD.exe
  2⤵
  PID:9700
- C:\Windows\System\nUbLLnM.exe
  C:\Windows\System\nUbLLnM.exe
  2⤵
  PID:9760
- C:\Windows\System\eEQouhI.exe
  C:\Windows\System\eEQouhI.exe
  2⤵
  PID:9740
- C:\Windows\System\DPGNIuc.exe
  C:\Windows\System\DPGNIuc.exe
  2⤵
  PID:9804
- C:\Windows\System\CORIPOF.exe
  C:\Windows\System\CORIPOF.exe
  2⤵
  PID:9840
- C:\Windows\System\UkKGUHX.exe
  C:\Windows\System\UkKGUHX.exe
  2⤵
  PID:9864
- C:\Windows\System\aoAGJXH.exe
  C:\Windows\System\aoAGJXH.exe
  2⤵
  PID:9888
- C:\Windows\System\yzRtMLi.exe
  C:\Windows\System\yzRtMLi.exe
  2⤵
  PID:9928
- C:\Windows\System\cYXugDF.exe
  C:\Windows\System\cYXugDF.exe
  2⤵
  PID:9968
- C:\Windows\System\gOxSuGg.exe
  C:\Windows\System\gOxSuGg.exe
  2⤵
  PID:10036
- C:\Windows\System\sjtMkle.exe
  C:\Windows\System\sjtMkle.exe
  2⤵
  PID:10080
- C:\Windows\System\HIwCJOZ.exe
  C:\Windows\System\HIwCJOZ.exe
  2⤵
  PID:10060
- C:\Windows\System\WCUkiSN.exe
  C:\Windows\System\WCUkiSN.exe
  2⤵
  PID:10096
- C:\Windows\System\VFFRRWi.exe
  C:\Windows\System\VFFRRWi.exe
  2⤵
  PID:10160
- C:\Windows\System\ERRjePP.exe
  C:\Windows\System\ERRjePP.exe
  2⤵
  PID:10204
- C:\Windows\System\OIAZyfK.exe
  C:\Windows\System\OIAZyfK.exe
  2⤵
  PID:9228
- C:\Windows\System\TDkJlRd.exe
  C:\Windows\System\TDkJlRd.exe
  2⤵
  PID:9284
- C:\Windows\System\LKQjjoa.exe
  C:\Windows\System\LKQjjoa.exe
  2⤵
  PID:9376
- C:\Windows\System\FyfYAYa.exe
  C:\Windows\System\FyfYAYa.exe
  2⤵
  PID:10216
- C:\Windows\System\mLRsATu.exe
  C:\Windows\System\mLRsATu.exe
  2⤵
  PID:9472
- C:\Windows\System\sFywtPD.exe
  C:\Windows\System\sFywtPD.exe
  2⤵
  PID:9416
- C:\Windows\System\GxlSBMv.exe
  C:\Windows\System\GxlSBMv.exe
  2⤵
  PID:9396
- C:\Windows\System\LgCJSUI.exe
  C:\Windows\System\LgCJSUI.exe
  2⤵
  PID:9604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AmhivWc.exe

Filesize
6.0MB

MD5
8f6f31de3743682e6f4dab71707d851b

SHA1
b836875a600c193eb77827a6c307a9388311380f

SHA256
7dda6a155eafd9b51fb1e2072b468cf334ae8525c35e5d00cbc253b9123084d3

SHA512
b381a115825a9e9a1d92ec7ff20bc1d27e3d577c461a2a5881a689aefd80a8ef2a17646ba43b4b03947a9b2f3d5cc4624a9016df354391a18366b59812f3cbd9

Download Submit
C:\Windows\system\BXalTOQ.exe

Filesize
6.0MB

MD5
831166d54bfc3cc226a9a725bc0a5fa7

SHA1
8c184c607c62b5dbd3564c14954db609732986d5

SHA256
f42399dc47eb7051d496ec28c7e3a98513d00b9d9c36134a2ca7254588c8437f

SHA512
a87763783e11b8c43a60fb3acf9ebbfbfb5a2856ec9b50ee55640b6884761fbbaf8d4087ad44efb81471e73018e0231b9a81ed5dd06a7f4bac4c03fe05f1ff40

Download Submit
C:\Windows\system\DvUHbFU.exe

Filesize
6.0MB

MD5
ad21e593879ba6ca8d406651abc69391

SHA1
b2d91d03e56225c37ed35d84d97832df238a7586

SHA256
4b51e86599d5d6ed21afb11bbc6948431cb0fd2de3b978346d7dcc2d4895fd17

SHA512
d412a1881a337190cba30fb339b851f7f28b70edbf6059756864b4ab5e4e67949a1b4694641e8f3519c20079e38573acbc3a1e301f7af17a9f45dc48dd180321

Download Submit
C:\Windows\system\EddrMqk.exe

Filesize
6.0MB

MD5
b330aff29e489bb2fa0adfc9e8a47214

SHA1
479cc20d06493d76f21c58999ae824c47a961bee

SHA256
39a7e90a2972358980dcd0c774daa905c747ccdf71d24170d134fa8c915e99a0

SHA512
2cc2594f20c6b8c051f480ec364bbe5313cf4f4bcd31ee9ab75306021fe08e455935cf220be8670a38d031d450e9ac49a9d6bf92257e5b4ec5952eec2a51a49a

Download Submit
C:\Windows\system\EgQwOZi.exe

Filesize
6.0MB

MD5
bab3543e16f5f289213bb9aea93b6392

SHA1
61c70f170f3c37975ab22a3f8c5bca8f10c31e75

SHA256
09a3eb25613f4e53a2f154411f54707d7c15106a108ecb5ecabc412726102743

SHA512
b75e93f30c209af97e851f162b25352742f0519dbfe2ae08b6a8ce4aa6ff4994e9d9b5193c83b2b493c5daa861238811efef7fceb14c1b0b395410d4274087df

Download Submit
C:\Windows\system\FmWgrsV.exe

Filesize
8B

MD5
9dfc25d240707324078787beb2add1bc

SHA1
254888a92ba3d9dbeb53160e8ba2538241a4b115

SHA256
95986ad3b089aedb0b2b76089a66c13fb04fa75423c77431de10a8632f7435c3

SHA512
5a10f977bb5a41197bdab8e130625d6a4188190449cec3518bd2d4a453f686710cc974161a64073d1b474eca2dfa109b35f119193e4fe852e65eeefc6a8e5b0b

Download Submit
C:\Windows\system\GUeXuuY.exe

Filesize
6.0MB

MD5
243273295f394b19ef8384544d51d6b3

SHA1
6ff28d54d7a3427b883c40edb61248a742cd1948

SHA256
6da6c1d191fc273806000db5a44dac4643f6776bc84a46d617a823fe5a123a6f

SHA512
2139d07fc0576a757fc5887c13caecf015d611823a615f7042f71fdcb37e02ca7ae83294dbaf0e60186483d60afc1ac1be9d9064d479c1c8214604feed6be918

Download Submit
C:\Windows\system\HjuVFWm.exe

Filesize
6.0MB

MD5
efba4c3b45ffe39f0c35d81837093880

SHA1
032c9a6c0b4ce8ec6bb194e264eb030e1e65691f

SHA256
3567d62488e744f88d32a4c423f639b41ca940005ca89ee394fe41d3e66ba919

SHA512
69a7e428725aa88904574ccb7d77d7aef56f992cc2d500de76eb7b2698e2b1f87e684425803720383cc819becedd590cd296d59a8efa4a61c61bc04be77a0ec8

Download Submit
C:\Windows\system\LKwovkU.exe

Filesize
6.0MB

MD5
7ffd70b6c2b074c581e55cec92ef83b4

SHA1
6c565cc7882f1a19ae7a5d4a62e2179d2e92f991

SHA256
7f85ba20acb0afac920500e077499518f825ac503a228b74f4351fed7221fc50

SHA512
2b6b556eefe4664e5849f2576bb0535d7b8dfd1a68224926effd37413dbe470458ccf095255648c02907fb12afbc89c5436a41f4a4e7f63825bceb8171970cd6

Download Submit
C:\Windows\system\MxgjyRv.exe

Filesize
6.0MB

MD5
23a9ad4c0d1547d47535eea1c854e400

SHA1
f73cc37380f9c1c5fcdd658d02745a1790f8e167

SHA256
f085030a6a87067675337c5dff310f22b44344a759b8822a7dd50d6af1684647

SHA512
d9ffd637d66c33b0815672f9387c456d328f74622bd38d96bde10e713f4a1bfbfcadab74d8ef83e7939e1c9869e3669cea8194029714734127d2efc4b6e7ceb8

Download Submit
C:\Windows\system\OzEHspj.exe

Filesize
6.0MB

MD5
1a2cf7d34a38d947655d727db182dd3e

SHA1
7bc24aee85e55fa15897580f766cd7123deeacaa

SHA256
b84d673a5d638cf18535385637f1ada881780acf02f19bc61815b17a3ddb83f8

SHA512
625ce1eefaa1a75a535a840887d883b7bc90d6df014dc6ed25b8076a574956919a2e85f7bad6e5aeb89504080128bf16bb12105257703bddb02e2b0d35e3a6df

Download Submit
C:\Windows\system\QRHnMFj.exe

Filesize
6.0MB

MD5
c6aad3884895e64068f6c5abd6b0d2cd

SHA1
056aa7ba5899873197ca69cf9e8a2d98750e8002

SHA256
b17b971bd68612976fcebe039ecd875ff0cdbf7eaaed6d918fc7925500a2c87a

SHA512
548c2dbaa0f39f1b3845a9f2b444e21fc8e6238aea59a824183838718f1ae24dbd939192a7b9f6a4dc0c7b9306ec8cce75adfaf9329ea53b0250b746abaf4fe2

Download Submit
C:\Windows\system\RpBPMxV.exe

Filesize
6.0MB

MD5
e5763953b87f8934dd8e04e5320331aa

SHA1
f6eb17d7ed6b69d48ce8a23095dc098a36a7538c

SHA256
47cb912fc32543ca41bb6ceeccdf150d88bc6114be495a618d17703dd7ca3379

SHA512
b35b2c132771aa7e6a7dcb63be959d4082e66b453c082a9cc823f5863197dcce1406f5ffc7572ca099dcb421aea54b41ed9ea5ab563860156fde1e6b2847d45f

Download Submit
C:\Windows\system\RpGWfKR.exe

Filesize
6.0MB

MD5
19b79ec44e880af90cee5b8e0965b984

SHA1
6f3ad17c5bfa3996c4eae1d0dbce1a9577bc42da

SHA256
24c47162fc9011c79027486c57e77b5abde3b042e55bbbdd718e7797e0c514da

SHA512
cb246f2fb248db4271cb44639440941c9183c06d9af43a1585493c05ffab3b210bcd48c87d5852e77567cf24c88d8729d3afa1df373acd6bd1af76be32cb9631

Download Submit
C:\Windows\system\SXhmHpu.exe

Filesize
6.0MB

MD5
f9070d86e8bc72a7fbc19be052f2c03f

SHA1
abc618112920f04b2831fdbc1b75061cdb8f5112

SHA256
c4e66512fc8af3ca2072c617d6122531154908419de7791300840040b32d7685

SHA512
ab7702d451fa7951b91949ce2d81ab978da71ee1a56c1ee0b95ff483b2e59ce3a338f89e885e9db9462c6c1d5884cb544c7fd5e8bd060f7df32b56deb9bffcc1

Download Submit
C:\Windows\system\TFHtazW.exe

Filesize
6.0MB

MD5
744b147a85d10e48b884a77d7970001a

SHA1
7b8ead818335224f70da4ba6c5a5763c15549720

SHA256
e8b2f66b8d5dc64385f9a8548398c288f207a56f4166b7b31885a5fc75ab40c2

SHA512
d48342a0fcafb72871ae8ad4fb1fde51f2d7e049b42023313903fa0a69a9b8b46572a2964b41dd7a549e5fb9cc29d281c7bf1744317ed8b6e360f21bf4238118

Download Submit
C:\Windows\system\VJXUTor.exe

Filesize
6.0MB

MD5
2ea293eea7b6d827cc781811dc55f67e

SHA1
30642b7ff77febc44f8c22dd43a3280a46983a53

SHA256
38386e4147ba010554a2dc836e692d1961579011114b9d392ebdf0fe4430b221

SHA512
a52e61381ede6a03a4de9475dd2859ccd8da3a78cf82c9f7a72a97080d546b45a10c993d4bbb941530365fe78f471474e001b16fbf33138c819d5d76c6dcdc0e

Download Submit
C:\Windows\system\WoVXAtr.exe

Filesize
6.0MB

MD5
f11fa92f5bbfb93b8d9e9fb4ab24ac33

SHA1
86787e6478ba370336f9902e44bfd02c6aae0d3c

SHA256
d259f54cf0fb2496ee7890f1d041164054320fa027c952022dccea39cbf50832

SHA512
db860667938952f7e05ed19da19dec0f80fe81c107e15678af162cb8e0f2fa73491c1cb8d1912bcd4c3f3833839cf826eb24b8df7221ec87add9454b2de12588

Download Submit
C:\Windows\system\YlyNFWY.exe

Filesize
6.0MB

MD5
c98410424d40145bd756b93cf0072fa4

SHA1
4e1b82ce7ba8b4394f0f4fb50f119d84a12f0693

SHA256
2d5790adbe9e37dcf1663f7f60074b242ae1fced7afb52a8380e1b1f84dd0dc4

SHA512
f4c0220e7f88e79ab05d9c93a18f3f2cc378f4b105d9a310d9de00a6f63327a7e884b05dc3e0a1efebde33377978f7d4c6f81d2a75dcd5cf554a086e2bb2bfa4

Download Submit
C:\Windows\system\eUJzfra.exe

Filesize
6.0MB

MD5
f819d2aeb605ae89068c16e8db10087f

SHA1
4fc874ff665ee0d126f1ba19508f52489d237b98

SHA256
1399cb2cd6664f3653d5342f4e135e1a299dfcf16be0dc6a4ceee86a2c5ebc82

SHA512
722ffd343a59c9e49eea8cf04bda94fb29b73e7bdfc103f7ba2c597bfcc4c7436755ed075fb4520868370648d22c5f94ac6ac5b8c6728b5318a48b25d7c341f2

Download Submit
C:\Windows\system\eWsYsMs.exe

Filesize
6.0MB

MD5
174bf8f1120975e44a8fbd785d869cbc

SHA1
300f367fca2a60b44a5e63e8e84ac2bebc5cd679

SHA256
752fae31b0fa47e0da0ea1fd694ad7fbd97c5a8a7db0eb35319c392657b6e133

SHA512
1f158b5e8e77e770d92a19770acb7fde066a4c97843ff2cde273dbddd151f5fb85592a30a9e2c2463c8e1d7621fd1aa9df0fc9b18dd2c45fa31d8e1703b40ae9

Download Submit
C:\Windows\system\fseMHgr.exe

Filesize
6.0MB

MD5
dd537f9dac1573232f3a41d471366256

SHA1
3792dff5727ab8cae61f364791b117f4a14a3be8

SHA256
971950749b5351cf25f1a6b043c453dcac988cdca0e863aabaefd59690859a8e

SHA512
7ff3bb25a43a317ae7d0e31a4ff59918fb16d8db2668b608967270fc8f1d7c970120542268add99bd2b85b93de1dc9a5b7c50fedf007b585f422d69dbfa3413d

Download Submit
C:\Windows\system\gqHWWUA.exe

Filesize
6.0MB

MD5
5002b1e4d038a5737371309099ebb4d0

SHA1
5eb9c92486845fc23e0bca94c485c92c4d9aeef5

SHA256
ac7b892876088e21985fc811ef86e14266825b63fcafbc85b6ab42d4f737f69d

SHA512
7c8507765e9fae31f7878ed02f1d29cc62bd30944212761b31690aa08d80192c4a2f961b253b7462837019928d32d9e3add3849f217f8ed445a998499dfcdabd

Download Submit
C:\Windows\system\jVmcAdS.exe

Filesize
6.0MB

MD5
4a489fdc9cf18d776468e73c399bf6c1

SHA1
0afcfb38273d0dd4753f42cafda572809108d5c6

SHA256
b14ecc36e81b9b0001e175bb3133908a0116dae9427b36da022c311c25309fb2

SHA512
b22e39f5a6eeacc2f40ad24d6a8adbc0444cbee952a158f65b070bbf7e14e6a19f4bd77e3e56a40b7e2081159bba18b8b5c2618777d4f6f8db5e866d402999c2

Download Submit
C:\Windows\system\mxgmMTX.exe

Filesize
6.0MB

MD5
4852bc85b5db904c2b897102c68638cd

SHA1
9d3794145be095c02306fc59e1e85bad38892b3b

SHA256
b09f2d41051f9ea92cf2347275741ee4fb361fa1898185b76fd151fc71e1d458

SHA512
ac49724b8502418fef795f9e1a2be466d4595992f103fba97ce9915b76a6116e85fe15749c1cbed27362c273316f0444365afcef5ea25ed23682d41dfccd55a9

Download Submit
C:\Windows\system\qEcpHgM.exe

Filesize
6.0MB

MD5
07ed70545ab1300eb2d5f79a37121881

SHA1
e1b8eaf6608d8678e36db4b10501ed1d454836d3

SHA256
b0fd9983c8315c5d48bf13a985a9df64b891268ff1316f94195c265eba63620e

SHA512
d6ce915718ae4e7fe232a30faa14c008494ec2b90f070289d1afac4b148e1dc974f4611b4adf39435c253f3e6f2acb9eb130f23fcd8f32f1a0e567e48dca2f09

Download Submit
C:\Windows\system\uwPexKo.exe

Filesize
6.0MB

MD5
54cb0c80c56f8c111745904b49a19aad

SHA1
cabb11630a2ac2284782606cb1fd377dc3856253

SHA256
ec41a28af53a32460f0c26aa15058a00a5799b23638c2bce2f6dcc931349c399

SHA512
ba4cf5f032aa1459aec28f0ef89c6a3e612b87b806a2fc0bc774f02274f130bc614e3dc14068f13e9d5c519114b6ebb28b356b100628e64504ed902b3b7b60c4

Download Submit
C:\Windows\system\wQqGvjj.exe

Filesize
6.0MB

MD5
ecb9fa29391cf87c1b5cf33d8dcd1833

SHA1
fe83b35aa411f0c3ed0ce3edf18d0db95347c116

SHA256
9189411cb8e40c26295263d4b938076b9bb289b736c39fd0b09e8e069fa7f026

SHA512
ad0f8f627027a23c66c47fcde94810c0312b9f55e2aa2200c536ac468867790b2b808e9540b34f849d6163fee1ea5bd9dafbd882ee030856345fe3963356cc7a

Download Submit
C:\Windows\system\xXjttii.exe

Filesize
6.0MB

MD5
b3ba16c216adc94ec7b68231753e998b

SHA1
acf817ba069ba1044f28b0a53c06e56e69938bc2

SHA256
bdd767e35c6683e7b7356db2769daf8d4c6e9d9f14a43e73477c8d6a4f7e1282

SHA512
a88ae839c006ce4fde297e75507e9f73de7d0e71808e49672b483a5e48edcdba67a874a79347ad84ec7d5b4d472e8434f732cc213dd38cd3010e076c7d83234b

Download Submit
C:\Windows\system\zUYOoAP.exe

Filesize
6.0MB

MD5
4aca40fe0d71ca0d1c4baef27b3c6719

SHA1
d50d1a472044946720a668e9f8ff4bb5fa92fbd9

SHA256
5da569035e04e8b8a712636617bc08a5f8e950b05f56cc0ae1e8a7d8093738eb

SHA512
469b51b50e86adac11940383f4a71f1c9489143a26cf5cbcf4d9a93c0069930743c1559bce7d1633296f726f5ad592476aac90336852bbd0c031c14a2417e17f

Download Submit
\Windows\system\PoEPMXL.exe

Filesize
6.0MB

MD5
30d1018957f4c37515b3a3bf95e4e76b

SHA1
9f5fca240619780a9b5fcaae78b5d72b1e6264e4

SHA256
e515b18175c675ddb41497d0232fc7b85765805a057424982dfcae60d9371376

SHA512
f2d37856a9f287101a6040d46d4296507fca505252c4584fdd96ed8e980cde50d752300344996b78bb51f1fceef78e2da31f4583a36e57e4d4a760c9d134307c

Download Submit
\Windows\system\bQzuFcB.exe

Filesize
6.0MB

MD5
2d1571a4c86bf0384f733118800d2213

SHA1
581fbefb4abb2584ae2f9c478a5eff42aa844aa5

SHA256
019b864b06aa2953c74246fc51a89a9d978f1c371dfaaf8a1c5086d2d9eb99a1

SHA512
3628ffcedfe92462ea01b06d3c30a3cd4e0144a731d5bad4b3bc0c599d0631059b08e76f8345e2927a222e4ced7dbbfe0206461283ee1425207f8be7f80c627a

Download Submit
\Windows\system\waaIodn.exe

Filesize
6.0MB

MD5
0a2fc8b1f02a984dfaff552a21229046

SHA1
a1d02fd80718332117a6c40c6049dbcec7670309

SHA256
a55d81326de9e4844b4edb1c9d82721e0af6c26312674f160518a24c728ad449

SHA512
18642249c189878da96158bfa70c7e7b729fd11844d154369b20f8e2db82b164e01445772369c0e147a5a83b96d83dd55ff5d6e3597d27eff12e09b86319ae15

Download Submit
memory/1448-88-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1448-581-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1448-3214-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1620-66-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-105-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-3206-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-97-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1712-771-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1712-3222-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1744-228-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1744-3213-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1744-73-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1972-920-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1972-3226-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1972-106-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-111-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2088-69-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2088-0-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2088-486-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2088-93-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2088-15-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2088-672-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2088-1012-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2088-102-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2088-101-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-22-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2088-866-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2088-36-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-87-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2088-84-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2088-39-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2088-53-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2088-29-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2088-61-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-110-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2160-3163-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2160-11-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2160-40-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2220-80-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-3210-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-402-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3207-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2612-92-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2612-54-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2624-45-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3184-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-77-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-48-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3161-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2708-13-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2720-33-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3176-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2720-72-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3203-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2824-96-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2824-57-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3171-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2860-65-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2860-26-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/3004-3177-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-56-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-20-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download