cobaltstrike | 1694d72029186c9ed67e9929c6be383b9ce5f6d56f95d98a1e271a30f4810d81

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23/11/2024, 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

8904d5552006d1bfad66993c4971482d
SHA1

d310cbd4325b5bf3be5e72fed08d1dbc22c18df2
SHA256

1694d72029186c9ed67e9929c6be383b9ce5f6d56f95d98a1e271a30f4810d81
SHA512

233eb218e87e9fa0490b8e6c251f36a6f855c1fe976c52227d78ed61305c4cced4b141c6965fbb1d8876894386bdda9bdf9abd4e208c588710e0e5f09ad4f4ea
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUw:T+q56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001202a-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001743a-8.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001747d-15.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017491-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018669-26.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866f-31.dat	cobalt_reflective_dll
behavioral1/files/0x0012000000018682-36.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001868b-42.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939d-52.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ac-61.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-71.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e6-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952f-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019506-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194fc-111.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019496-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019467-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019456-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942c-66.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-56.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186f2-45.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2204-0-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x000a00000001202a-3.dat	xmrig
behavioral1/files/0x000800000001743a-8.dat	xmrig
behavioral1/files/0x000900000001747d-15.dat	xmrig
behavioral1/files/0x0008000000017491-21.dat	xmrig
behavioral1/files/0x0007000000018669-26.dat	xmrig
behavioral1/files/0x001500000001866f-31.dat	xmrig
behavioral1/files/0x0012000000018682-36.dat	xmrig
behavioral1/files/0x000800000001868b-42.dat	xmrig
behavioral1/files/0x000500000001939d-52.dat	xmrig
behavioral1/files/0x00050000000193ac-61.dat	xmrig
behavioral1/files/0x0005000000019438-71.dat	xmrig
behavioral1/files/0x00050000000194ad-96.dat	xmrig
behavioral1/files/0x0005000000019629-163.dat	xmrig
behavioral1/files/0x0005000000019625-157.dat	xmrig
behavioral1/files/0x0005000000019622-145.dat	xmrig
behavioral1/files/0x000500000001961f-139.dat	xmrig
behavioral1/files/0x0005000000019627-160.dat	xmrig
behavioral1/memory/2204-2102-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195e6-151.dat	xmrig
behavioral1/files/0x0005000000019623-149.dat	xmrig
behavioral1/files/0x0005000000019621-142.dat	xmrig
behavioral1/files/0x00050000000195a7-138.dat	xmrig
behavioral1/memory/2088-233-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001961d-135.dat	xmrig
behavioral1/memory/2596-231-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2768-229-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2852-227-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2832-225-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2712-223-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/3000-221-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2840-219-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2344-217-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2724-215-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2268-213-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2204-212-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/1964-211-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2516-209-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2988-207-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x000500000001952f-121.dat	xmrig
behavioral1/files/0x000500000001957e-126.dat	xmrig
behavioral1/files/0x0005000000019506-116.dat	xmrig
behavioral1/files/0x00050000000194fc-111.dat	xmrig
behavioral1/files/0x00050000000194ef-106.dat	xmrig
behavioral1/files/0x00050000000194d0-101.dat	xmrig
behavioral1/files/0x0005000000019496-91.dat	xmrig
behavioral1/files/0x000500000001945c-81.dat	xmrig
behavioral1/files/0x0005000000019467-86.dat	xmrig
behavioral1/files/0x0005000000019456-76.dat	xmrig
behavioral1/files/0x000500000001942c-66.dat	xmrig
behavioral1/files/0x00050000000193a4-56.dat	xmrig
behavioral1/files/0x00070000000186f2-45.dat	xmrig
behavioral1/memory/2516-3575-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/3000-3574-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2268-3578-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2768-3580-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2088-3579-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2832-3581-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2344-3582-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2596-3596-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2840-3594-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2712-3636-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2724-3641-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/1964-3644-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2088	GAhZzfH.exe
2988	wPzOkrI.exe
2516	FzfWdvx.exe
1964	tjkNPLp.exe
2268	rdlQRvJ.exe
2724	dcbyKyr.exe
2344	ZdlfZMD.exe
2840	EPMISRN.exe
3000	GopfAnv.exe
2712	WYcOVqd.exe
2832	rbIoBih.exe
2852	rSRySdh.exe
2768	XLVkIQi.exe
2596	uGWgmMN.exe
2648	EiHCDnX.exe
2120	YbVZvKK.exe
2432	mGSHapE.exe
2860	iPdivqg.exe
2968	tamGStp.exe
2584	pNHrUwF.exe
2892	lyRMPZR.exe
2924	ZWaNPwW.exe
1248	XTTLRBu.exe
564	UvKDmXN.exe
1852	puAgMeE.exe
2316	slmULrf.exe
1996	JNrmFfB.exe
576	OnGasNk.exe
1644	IhibWtw.exe
444	OulCGyh.exe
3016	XdEYLJT.exe
1740	ydOlvyN.exe
2972	WbhuvpW.exe
1800	Uxbvkmq.exe
1744	IvMKrMW.exe
1732	aOoQrNS.exe
2456	FhHOPdd.exe
1312	sZBjbYE.exe
2508	UtVCCLL.exe
708	vBkdgmR.exe
2348	XQkVLAo.exe
2692	bJHkNzI.exe
2896	wmnOmIu.exe
844	gtyIINj.exe
1544	UoDWMKr.exe
1620	rdPAquE.exe
288	oLSiPnq.exe
308	WjRxiHO.exe
1724	gJbkwny.exe
888	jZUkfqd.exe
2200	FEUkWOE.exe
2676	TNxoBjK.exe
572	HTagUnk.exe
1704	QQsCUTk.exe
2368	YHpeHyQ.exe
2216	OJxlVTt.exe
2844	wDUDgbe.exe
864	WqRShxN.exe
2740	mhsGphU.exe
2804	fOPbYlr.exe
2252	KmeQKde.exe
2976	gEPcehP.exe
1748	LJxHfEG.exe
2672	maJPBFr.exe

Loads dropped DLL 64 IoCs

pid	Process
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2204-0-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x000a00000001202a-3.dat	upx
behavioral1/files/0x000800000001743a-8.dat	upx
behavioral1/files/0x000900000001747d-15.dat	upx
behavioral1/files/0x0008000000017491-21.dat	upx
behavioral1/files/0x0007000000018669-26.dat	upx
behavioral1/files/0x001500000001866f-31.dat	upx
behavioral1/files/0x0012000000018682-36.dat	upx
behavioral1/files/0x000800000001868b-42.dat	upx
behavioral1/files/0x000500000001939d-52.dat	upx
behavioral1/files/0x00050000000193ac-61.dat	upx
behavioral1/files/0x0005000000019438-71.dat	upx
behavioral1/files/0x00050000000194ad-96.dat	upx
behavioral1/files/0x0005000000019629-163.dat	upx
behavioral1/files/0x0005000000019625-157.dat	upx
behavioral1/files/0x0005000000019622-145.dat	upx
behavioral1/files/0x000500000001961f-139.dat	upx
behavioral1/files/0x0005000000019627-160.dat	upx
behavioral1/memory/2204-2102-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x00050000000195e6-151.dat	upx
behavioral1/files/0x0005000000019623-149.dat	upx
behavioral1/files/0x0005000000019621-142.dat	upx
behavioral1/files/0x00050000000195a7-138.dat	upx
behavioral1/memory/2088-233-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x000500000001961d-135.dat	upx
behavioral1/memory/2596-231-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2768-229-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2852-227-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2832-225-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2712-223-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/3000-221-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2840-219-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2344-217-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2724-215-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2268-213-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/1964-211-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2516-209-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2988-207-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x000500000001952f-121.dat	upx
behavioral1/files/0x000500000001957e-126.dat	upx
behavioral1/files/0x0005000000019506-116.dat	upx
behavioral1/files/0x00050000000194fc-111.dat	upx
behavioral1/files/0x00050000000194ef-106.dat	upx
behavioral1/files/0x00050000000194d0-101.dat	upx
behavioral1/files/0x0005000000019496-91.dat	upx
behavioral1/files/0x000500000001945c-81.dat	upx
behavioral1/files/0x0005000000019467-86.dat	upx
behavioral1/files/0x0005000000019456-76.dat	upx
behavioral1/files/0x000500000001942c-66.dat	upx
behavioral1/files/0x00050000000193a4-56.dat	upx
behavioral1/files/0x00070000000186f2-45.dat	upx
behavioral1/memory/2516-3575-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/3000-3574-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2268-3578-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2768-3580-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2088-3579-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2832-3581-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2344-3582-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2596-3596-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2840-3594-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2712-3636-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2724-3641-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/1964-3644-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2988-3643-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kexNmYx.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPPvupX.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KdkoSvT.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qEeQAKA.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbCWkwv.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fMPKbVc.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sGTdxxN.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EvANgNY.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IrXIYna.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MflJQNP.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ieqlFOh.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NMDVwKj.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SWiwDLh.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzqmydU.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLtEYNv.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nsXyVis.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlpAnqY.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KjJlyZu.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSRySdh.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PULQDcv.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwsKjty.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YfyuBSj.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FhMfOSv.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YdPoGpG.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wgDgeQm.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KefpjRE.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DerUNjM.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NzhMvZb.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UfadkBB.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\twKarRZ.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TNxoBjK.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dosnxPQ.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UHQxNFg.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jVZkPLU.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpwalwL.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UiGSyUT.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fdAfOzg.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgbsSUY.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LpFNhnF.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rVmDSGc.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQFyteb.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bgpQgPL.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fuXqzHr.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OulCGyh.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\syMkRmq.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lrNNrRi.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uZSdiYj.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmnOmIu.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aGpMsoA.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yPCayIf.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCxEYsO.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SIvnEcq.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NlVhqOX.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EZOeaHd.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aTajFxW.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vOMwwPS.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmLHuso.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mZVCaMb.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBuCLmk.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcMHgpg.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mTQMwiq.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qbXWhrz.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FhHOPdd.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vhNijnV.exe	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2088	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2204 wrote to memory of 2088	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2204 wrote to memory of 2088	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2204 wrote to memory of 2988	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2204 wrote to memory of 2988	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2204 wrote to memory of 2988	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2204 wrote to memory of 2516	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2204 wrote to memory of 2516	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2204 wrote to memory of 2516	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2204 wrote to memory of 1964	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2204 wrote to memory of 1964	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2204 wrote to memory of 1964	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2204 wrote to memory of 2268	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2204 wrote to memory of 2268	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2204 wrote to memory of 2268	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2204 wrote to memory of 2724	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2204 wrote to memory of 2724	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2204 wrote to memory of 2724	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2204 wrote to memory of 2344	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2204 wrote to memory of 2344	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2204 wrote to memory of 2344	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2204 wrote to memory of 2840	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2204 wrote to memory of 2840	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2204 wrote to memory of 2840	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2204 wrote to memory of 3000	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2204 wrote to memory of 3000	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2204 wrote to memory of 3000	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2204 wrote to memory of 2712	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2204 wrote to memory of 2712	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2204 wrote to memory of 2712	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2204 wrote to memory of 2832	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2204 wrote to memory of 2832	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2204 wrote to memory of 2832	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2204 wrote to memory of 2852	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2204 wrote to memory of 2852	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2204 wrote to memory of 2852	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2204 wrote to memory of 2768	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2204 wrote to memory of 2768	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2204 wrote to memory of 2768	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2204 wrote to memory of 2596	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2204 wrote to memory of 2596	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2204 wrote to memory of 2596	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2204 wrote to memory of 2648	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2204 wrote to memory of 2648	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2204 wrote to memory of 2648	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2204 wrote to memory of 2120	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2204 wrote to memory of 2120	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2204 wrote to memory of 2120	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2204 wrote to memory of 2432	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2204 wrote to memory of 2432	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2204 wrote to memory of 2432	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2204 wrote to memory of 2860	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2204 wrote to memory of 2860	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2204 wrote to memory of 2860	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2204 wrote to memory of 2968	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2204 wrote to memory of 2968	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2204 wrote to memory of 2968	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2204 wrote to memory of 2584	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2204 wrote to memory of 2584	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2204 wrote to memory of 2584	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2204 wrote to memory of 2892	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2204 wrote to memory of 2892	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2204 wrote to memory of 2892	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2204 wrote to memory of 2924	2204	2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_8904d5552006d1bfad66993c4971482d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\System\GAhZzfH.exe
  C:\Windows\System\GAhZzfH.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\wPzOkrI.exe
  C:\Windows\System\wPzOkrI.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\FzfWdvx.exe
  C:\Windows\System\FzfWdvx.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\tjkNPLp.exe
  C:\Windows\System\tjkNPLp.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\rdlQRvJ.exe
  C:\Windows\System\rdlQRvJ.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\dcbyKyr.exe
  C:\Windows\System\dcbyKyr.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\ZdlfZMD.exe
  C:\Windows\System\ZdlfZMD.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\EPMISRN.exe
  C:\Windows\System\EPMISRN.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\GopfAnv.exe
  C:\Windows\System\GopfAnv.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\WYcOVqd.exe
  C:\Windows\System\WYcOVqd.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\rbIoBih.exe
  C:\Windows\System\rbIoBih.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\rSRySdh.exe
  C:\Windows\System\rSRySdh.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\XLVkIQi.exe
  C:\Windows\System\XLVkIQi.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\uGWgmMN.exe
  C:\Windows\System\uGWgmMN.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\EiHCDnX.exe
  C:\Windows\System\EiHCDnX.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\YbVZvKK.exe
  C:\Windows\System\YbVZvKK.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\mGSHapE.exe
  C:\Windows\System\mGSHapE.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\iPdivqg.exe
  C:\Windows\System\iPdivqg.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\tamGStp.exe
  C:\Windows\System\tamGStp.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\pNHrUwF.exe
  C:\Windows\System\pNHrUwF.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\lyRMPZR.exe
  C:\Windows\System\lyRMPZR.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\ZWaNPwW.exe
  C:\Windows\System\ZWaNPwW.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\XTTLRBu.exe
  C:\Windows\System\XTTLRBu.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\UvKDmXN.exe
  C:\Windows\System\UvKDmXN.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\puAgMeE.exe
  C:\Windows\System\puAgMeE.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\slmULrf.exe
  C:\Windows\System\slmULrf.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\JNrmFfB.exe
  C:\Windows\System\JNrmFfB.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\XQkVLAo.exe
  C:\Windows\System\XQkVLAo.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\OnGasNk.exe
  C:\Windows\System\OnGasNk.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\bJHkNzI.exe
  C:\Windows\System\bJHkNzI.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\IhibWtw.exe
  C:\Windows\System\IhibWtw.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\wmnOmIu.exe
  C:\Windows\System\wmnOmIu.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\OulCGyh.exe
  C:\Windows\System\OulCGyh.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\gtyIINj.exe
  C:\Windows\System\gtyIINj.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\XdEYLJT.exe
  C:\Windows\System\XdEYLJT.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\UoDWMKr.exe
  C:\Windows\System\UoDWMKr.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\ydOlvyN.exe
  C:\Windows\System\ydOlvyN.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\rdPAquE.exe
  C:\Windows\System\rdPAquE.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\WbhuvpW.exe
  C:\Windows\System\WbhuvpW.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\oLSiPnq.exe
  C:\Windows\System\oLSiPnq.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\Uxbvkmq.exe
  C:\Windows\System\Uxbvkmq.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\WjRxiHO.exe
  C:\Windows\System\WjRxiHO.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\IvMKrMW.exe
  C:\Windows\System\IvMKrMW.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\gJbkwny.exe
  C:\Windows\System\gJbkwny.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\aOoQrNS.exe
  C:\Windows\System\aOoQrNS.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\jZUkfqd.exe
  C:\Windows\System\jZUkfqd.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\FhHOPdd.exe
  C:\Windows\System\FhHOPdd.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\FEUkWOE.exe
  C:\Windows\System\FEUkWOE.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\sZBjbYE.exe
  C:\Windows\System\sZBjbYE.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\TNxoBjK.exe
  C:\Windows\System\TNxoBjK.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\UtVCCLL.exe
  C:\Windows\System\UtVCCLL.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\HTagUnk.exe
  C:\Windows\System\HTagUnk.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\vBkdgmR.exe
  C:\Windows\System\vBkdgmR.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\QQsCUTk.exe
  C:\Windows\System\QQsCUTk.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\YHpeHyQ.exe
  C:\Windows\System\YHpeHyQ.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\WqRShxN.exe
  C:\Windows\System\WqRShxN.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\OJxlVTt.exe
  C:\Windows\System\OJxlVTt.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\mhsGphU.exe
  C:\Windows\System\mhsGphU.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\wDUDgbe.exe
  C:\Windows\System\wDUDgbe.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\KmeQKde.exe
  C:\Windows\System\KmeQKde.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\fOPbYlr.exe
  C:\Windows\System\fOPbYlr.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\gEPcehP.exe
  C:\Windows\System\gEPcehP.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\LJxHfEG.exe
  C:\Windows\System\LJxHfEG.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\QGMdAyU.exe
  C:\Windows\System\QGMdAyU.exe
  2⤵
  PID:1120
- C:\Windows\System\maJPBFr.exe
  C:\Windows\System\maJPBFr.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\XQFEtNp.exe
  C:\Windows\System\XQFEtNp.exe
  2⤵
  PID:2460
- C:\Windows\System\gNQIIHw.exe
  C:\Windows\System\gNQIIHw.exe
  2⤵
  PID:536
- C:\Windows\System\HexqiAL.exe
  C:\Windows\System\HexqiAL.exe
  2⤵
  PID:1816
- C:\Windows\System\kMULsCr.exe
  C:\Windows\System\kMULsCr.exe
  2⤵
  PID:2480
- C:\Windows\System\UogORxo.exe
  C:\Windows\System\UogORxo.exe
  2⤵
  PID:1792
- C:\Windows\System\enXYURa.exe
  C:\Windows\System\enXYURa.exe
  2⤵
  PID:2228
- C:\Windows\System\aIaogut.exe
  C:\Windows\System\aIaogut.exe
  2⤵
  PID:2888
- C:\Windows\System\gMNnQyK.exe
  C:\Windows\System\gMNnQyK.exe
  2⤵
  PID:1132
- C:\Windows\System\DudrAfQ.exe
  C:\Windows\System\DudrAfQ.exe
  2⤵
  PID:3024
- C:\Windows\System\MlBFjFu.exe
  C:\Windows\System\MlBFjFu.exe
  2⤵
  PID:352
- C:\Windows\System\cVElYWI.exe
  C:\Windows\System\cVElYWI.exe
  2⤵
  PID:1756
- C:\Windows\System\pJvySlR.exe
  C:\Windows\System\pJvySlR.exe
  2⤵
  PID:3032
- C:\Windows\System\puCRRek.exe
  C:\Windows\System\puCRRek.exe
  2⤵
  PID:872
- C:\Windows\System\wAAXkmj.exe
  C:\Windows\System\wAAXkmj.exe
  2⤵
  PID:1072
- C:\Windows\System\LOmiqdv.exe
  C:\Windows\System\LOmiqdv.exe
  2⤵
  PID:2880
- C:\Windows\System\fvxJiNd.exe
  C:\Windows\System\fvxJiNd.exe
  2⤵
  PID:2760
- C:\Windows\System\HarzdsK.exe
  C:\Windows\System\HarzdsK.exe
  2⤵
  PID:2816
- C:\Windows\System\SPdmIzj.exe
  C:\Windows\System\SPdmIzj.exe
  2⤵
  PID:1328
- C:\Windows\System\TZtjnZV.exe
  C:\Windows\System\TZtjnZV.exe
  2⤵
  PID:2960
- C:\Windows\System\xJXqPmG.exe
  C:\Windows\System\xJXqPmG.exe
  2⤵
  PID:2932
- C:\Windows\System\QlzdnUo.exe
  C:\Windows\System\QlzdnUo.exe
  2⤵
  PID:780
- C:\Windows\System\FCmqFxy.exe
  C:\Windows\System\FCmqFxy.exe
  2⤵
  PID:2936
- C:\Windows\System\DGYvdZt.exe
  C:\Windows\System\DGYvdZt.exe
  2⤵
  PID:816
- C:\Windows\System\shxZmbw.exe
  C:\Windows\System\shxZmbw.exe
  2⤵
  PID:1000
- C:\Windows\System\LdMdnBb.exe
  C:\Windows\System\LdMdnBb.exe
  2⤵
  PID:2096
- C:\Windows\System\khlIZSk.exe
  C:\Windows\System\khlIZSk.exe
  2⤵
  PID:952
- C:\Windows\System\GfLJPUw.exe
  C:\Windows\System\GfLJPUw.exe
  2⤵
  PID:860
- C:\Windows\System\SGZYnGA.exe
  C:\Windows\System\SGZYnGA.exe
  2⤵
  PID:2156
- C:\Windows\System\fdAfOzg.exe
  C:\Windows\System\fdAfOzg.exe
  2⤵
  PID:1676
- C:\Windows\System\cWyuVKE.exe
  C:\Windows\System\cWyuVKE.exe
  2⤵
  PID:764
- C:\Windows\System\zeTVuJm.exe
  C:\Windows\System\zeTVuJm.exe
  2⤵
  PID:1776
- C:\Windows\System\ukuEQsE.exe
  C:\Windows\System\ukuEQsE.exe
  2⤵
  PID:2020
- C:\Windows\System\jfTmKwb.exe
  C:\Windows\System\jfTmKwb.exe
  2⤵
  PID:2572
- C:\Windows\System\lMrDGzh.exe
  C:\Windows\System\lMrDGzh.exe
  2⤵
  PID:2856
- C:\Windows\System\meBbkPD.exe
  C:\Windows\System\meBbkPD.exe
  2⤵
  PID:1916
- C:\Windows\System\UGhApYE.exe
  C:\Windows\System\UGhApYE.exe
  2⤵
  PID:2124
- C:\Windows\System\oVFvVNb.exe
  C:\Windows\System\oVFvVNb.exe
  2⤵
  PID:1848
- C:\Windows\System\UILpHsd.exe
  C:\Windows\System\UILpHsd.exe
  2⤵
  PID:2628
- C:\Windows\System\qcHTmWh.exe
  C:\Windows\System\qcHTmWh.exe
  2⤵
  PID:1632
- C:\Windows\System\bOPIVLK.exe
  C:\Windows\System\bOPIVLK.exe
  2⤵
  PID:3080
- C:\Windows\System\FjqVbXO.exe
  C:\Windows\System\FjqVbXO.exe
  2⤵
  PID:3096
- C:\Windows\System\TLVWbvF.exe
  C:\Windows\System\TLVWbvF.exe
  2⤵
  PID:3112
- C:\Windows\System\SWuxobQ.exe
  C:\Windows\System\SWuxobQ.exe
  2⤵
  PID:3128
- C:\Windows\System\sExmlwg.exe
  C:\Windows\System\sExmlwg.exe
  2⤵
  PID:3144
- C:\Windows\System\rOIPIrM.exe
  C:\Windows\System\rOIPIrM.exe
  2⤵
  PID:3160
- C:\Windows\System\IHOfAdn.exe
  C:\Windows\System\IHOfAdn.exe
  2⤵
  PID:3176
- C:\Windows\System\GKtQPwu.exe
  C:\Windows\System\GKtQPwu.exe
  2⤵
  PID:3196
- C:\Windows\System\EVuymkD.exe
  C:\Windows\System\EVuymkD.exe
  2⤵
  PID:3212
- C:\Windows\System\wkKKUFg.exe
  C:\Windows\System\wkKKUFg.exe
  2⤵
  PID:3228
- C:\Windows\System\dDCTdfN.exe
  C:\Windows\System\dDCTdfN.exe
  2⤵
  PID:3260
- C:\Windows\System\ruRUXUn.exe
  C:\Windows\System\ruRUXUn.exe
  2⤵
  PID:3276
- C:\Windows\System\tWGrvjg.exe
  C:\Windows\System\tWGrvjg.exe
  2⤵
  PID:3296
- C:\Windows\System\RKTjTfE.exe
  C:\Windows\System\RKTjTfE.exe
  2⤵
  PID:3312
- C:\Windows\System\efPbNMF.exe
  C:\Windows\System\efPbNMF.exe
  2⤵
  PID:3328
- C:\Windows\System\ttiuGgZ.exe
  C:\Windows\System\ttiuGgZ.exe
  2⤵
  PID:3344
- C:\Windows\System\ieqlFOh.exe
  C:\Windows\System\ieqlFOh.exe
  2⤵
  PID:3360
- C:\Windows\System\PICiJXx.exe
  C:\Windows\System\PICiJXx.exe
  2⤵
  PID:3376
- C:\Windows\System\xZLAvyj.exe
  C:\Windows\System\xZLAvyj.exe
  2⤵
  PID:3392
- C:\Windows\System\ifRnMza.exe
  C:\Windows\System\ifRnMza.exe
  2⤵
  PID:3408
- C:\Windows\System\GlkhQny.exe
  C:\Windows\System\GlkhQny.exe
  2⤵
  PID:3428
- C:\Windows\System\YajRNkb.exe
  C:\Windows\System\YajRNkb.exe
  2⤵
  PID:3460
- C:\Windows\System\dROdyJo.exe
  C:\Windows\System\dROdyJo.exe
  2⤵
  PID:3528
- C:\Windows\System\Ecoviny.exe
  C:\Windows\System\Ecoviny.exe
  2⤵
  PID:3548
- C:\Windows\System\xErMTUI.exe
  C:\Windows\System\xErMTUI.exe
  2⤵
  PID:3564
- C:\Windows\System\HmzIDhJ.exe
  C:\Windows\System\HmzIDhJ.exe
  2⤵
  PID:3580
- C:\Windows\System\dIFZtOi.exe
  C:\Windows\System\dIFZtOi.exe
  2⤵
  PID:3604
- C:\Windows\System\QQcPhHi.exe
  C:\Windows\System\QQcPhHi.exe
  2⤵
  PID:3620
- C:\Windows\System\IPYRhsn.exe
  C:\Windows\System\IPYRhsn.exe
  2⤵
  PID:3640
- C:\Windows\System\oboJgNq.exe
  C:\Windows\System\oboJgNq.exe
  2⤵
  PID:3656
- C:\Windows\System\YlUOajS.exe
  C:\Windows\System\YlUOajS.exe
  2⤵
  PID:3680
- C:\Windows\System\MaJKHfg.exe
  C:\Windows\System\MaJKHfg.exe
  2⤵
  PID:3696
- C:\Windows\System\jaovHRi.exe
  C:\Windows\System\jaovHRi.exe
  2⤵
  PID:3712
- C:\Windows\System\HBXyLHl.exe
  C:\Windows\System\HBXyLHl.exe
  2⤵
  PID:3740
- C:\Windows\System\kcXlPnP.exe
  C:\Windows\System\kcXlPnP.exe
  2⤵
  PID:3756
- C:\Windows\System\jEhnKUT.exe
  C:\Windows\System\jEhnKUT.exe
  2⤵
  PID:3772
- C:\Windows\System\DXiOgdH.exe
  C:\Windows\System\DXiOgdH.exe
  2⤵
  PID:3788
- C:\Windows\System\VmSqEGg.exe
  C:\Windows\System\VmSqEGg.exe
  2⤵
  PID:3808
- C:\Windows\System\BtIduTc.exe
  C:\Windows\System\BtIduTc.exe
  2⤵
  PID:3828
- C:\Windows\System\yacFyDS.exe
  C:\Windows\System\yacFyDS.exe
  2⤵
  PID:3844
- C:\Windows\System\CrLoMlK.exe
  C:\Windows\System\CrLoMlK.exe
  2⤵
  PID:3868
- C:\Windows\System\bhiKVML.exe
  C:\Windows\System\bhiKVML.exe
  2⤵
  PID:3892
- C:\Windows\System\bFFcIDg.exe
  C:\Windows\System\bFFcIDg.exe
  2⤵
  PID:3908
- C:\Windows\System\pnSzNuC.exe
  C:\Windows\System\pnSzNuC.exe
  2⤵
  PID:3948
- C:\Windows\System\FNivEnu.exe
  C:\Windows\System\FNivEnu.exe
  2⤵
  PID:3964
- C:\Windows\System\sTPCCxV.exe
  C:\Windows\System\sTPCCxV.exe
  2⤵
  PID:3980
- C:\Windows\System\ULYuxtP.exe
  C:\Windows\System\ULYuxtP.exe
  2⤵
  PID:4004
- C:\Windows\System\ahosKqA.exe
  C:\Windows\System\ahosKqA.exe
  2⤵
  PID:4020
- C:\Windows\System\NXUrexl.exe
  C:\Windows\System\NXUrexl.exe
  2⤵
  PID:4044
- C:\Windows\System\VSWpeGi.exe
  C:\Windows\System\VSWpeGi.exe
  2⤵
  PID:4060
- C:\Windows\System\HrQkXRi.exe
  C:\Windows\System\HrQkXRi.exe
  2⤵
  PID:4076
- C:\Windows\System\CNiSTkQ.exe
  C:\Windows\System\CNiSTkQ.exe
  2⤵
  PID:2944
- C:\Windows\System\MuMbvtf.exe
  C:\Windows\System\MuMbvtf.exe
  2⤵
  PID:2052
- C:\Windows\System\kwQWOdN.exe
  C:\Windows\System\kwQWOdN.exe
  2⤵
  PID:2952
- C:\Windows\System\GWppHUo.exe
  C:\Windows\System\GWppHUo.exe
  2⤵
  PID:3092
- C:\Windows\System\linLqKN.exe
  C:\Windows\System\linLqKN.exe
  2⤵
  PID:3220
- C:\Windows\System\nlKBdMf.exe
  C:\Windows\System\nlKBdMf.exe
  2⤵
  PID:2080
- C:\Windows\System\KmnLxCP.exe
  C:\Windows\System\KmnLxCP.exe
  2⤵
  PID:3304
- C:\Windows\System\KQqNETn.exe
  C:\Windows\System\KQqNETn.exe
  2⤵
  PID:896
- C:\Windows\System\ZcOjuCQ.exe
  C:\Windows\System\ZcOjuCQ.exe
  2⤵
  PID:1236
- C:\Windows\System\ugtVlmt.exe
  C:\Windows\System\ugtVlmt.exe
  2⤵
  PID:3308
- C:\Windows\System\TwSDrGH.exe
  C:\Windows\System\TwSDrGH.exe
  2⤵
  PID:2616
- C:\Windows\System\TfrVTdh.exe
  C:\Windows\System\TfrVTdh.exe
  2⤵
  PID:2784
- C:\Windows\System\LTRiSpD.exe
  C:\Windows\System\LTRiSpD.exe
  2⤵
  PID:3404
- C:\Windows\System\HetaSlW.exe
  C:\Windows\System\HetaSlW.exe
  2⤵
  PID:2828
- C:\Windows\System\PMTXlzM.exe
  C:\Windows\System\PMTXlzM.exe
  2⤵
  PID:3236
- C:\Windows\System\JAbRdcT.exe
  C:\Windows\System\JAbRdcT.exe
  2⤵
  PID:3256
- C:\Windows\System\COHRbIg.exe
  C:\Windows\System\COHRbIg.exe
  2⤵
  PID:3356
- C:\Windows\System\azaTACN.exe
  C:\Windows\System\azaTACN.exe
  2⤵
  PID:3416
- C:\Windows\System\YvLudlw.exe
  C:\Windows\System\YvLudlw.exe
  2⤵
  PID:3172
- C:\Windows\System\oPrZVXi.exe
  C:\Windows\System\oPrZVXi.exe
  2⤵
  PID:3108
- C:\Windows\System\OQHCyCK.exe
  C:\Windows\System\OQHCyCK.exe
  2⤵
  PID:1556
- C:\Windows\System\CFNUQNS.exe
  C:\Windows\System\CFNUQNS.exe
  2⤵
  PID:3448
- C:\Windows\System\rAfPdzY.exe
  C:\Windows\System\rAfPdzY.exe
  2⤵
  PID:3572
- C:\Windows\System\qeUiKBA.exe
  C:\Windows\System\qeUiKBA.exe
  2⤵
  PID:3468
- C:\Windows\System\xscQoaS.exe
  C:\Windows\System\xscQoaS.exe
  2⤵
  PID:3688
- C:\Windows\System\vhNijnV.exe
  C:\Windows\System\vhNijnV.exe
  2⤵
  PID:3728
- C:\Windows\System\RocjHVo.exe
  C:\Windows\System\RocjHVo.exe
  2⤵
  PID:3480
- C:\Windows\System\TSgdngu.exe
  C:\Windows\System\TSgdngu.exe
  2⤵
  PID:3496
- C:\Windows\System\DlkNbCM.exe
  C:\Windows\System\DlkNbCM.exe
  2⤵
  PID:3512
- C:\Windows\System\nygtrnv.exe
  C:\Windows\System\nygtrnv.exe
  2⤵
  PID:3796
- C:\Windows\System\LvdhefB.exe
  C:\Windows\System\LvdhefB.exe
  2⤵
  PID:3804
- C:\Windows\System\RdijcMi.exe
  C:\Windows\System\RdijcMi.exe
  2⤵
  PID:3560
- C:\Windows\System\bfCeCaX.exe
  C:\Windows\System\bfCeCaX.exe
  2⤵
  PID:3596
- C:\Windows\System\FhZGxhA.exe
  C:\Windows\System\FhZGxhA.exe
  2⤵
  PID:3884
- C:\Windows\System\vjLOPlc.exe
  C:\Windows\System\vjLOPlc.exe
  2⤵
  PID:3676
- C:\Windows\System\mQDIIkz.exe
  C:\Windows\System\mQDIIkz.exe
  2⤵
  PID:3928
- C:\Windows\System\lzNEKrq.exe
  C:\Windows\System\lzNEKrq.exe
  2⤵
  PID:3972
- C:\Windows\System\dkIWcYy.exe
  C:\Windows\System\dkIWcYy.exe
  2⤵
  PID:4052
- C:\Windows\System\xmLpPhw.exe
  C:\Windows\System\xmLpPhw.exe
  2⤵
  PID:3820
- C:\Windows\System\fAjYfkD.exe
  C:\Windows\System\fAjYfkD.exe
  2⤵
  PID:3124
- C:\Windows\System\admcsGa.exe
  C:\Windows\System\admcsGa.exe
  2⤵
  PID:3188
- C:\Windows\System\okchMKG.exe
  C:\Windows\System\okchMKG.exe
  2⤵
  PID:268
- C:\Windows\System\VaHFayk.exe
  C:\Windows\System\VaHFayk.exe
  2⤵
  PID:1692
- C:\Windows\System\ciIDrSi.exe
  C:\Windows\System\ciIDrSi.exe
  2⤵
  PID:4040
- C:\Windows\System\ReFGsjh.exe
  C:\Windows\System\ReFGsjh.exe
  2⤵
  PID:3388
- C:\Windows\System\YspjluO.exe
  C:\Windows\System\YspjluO.exe
  2⤵
  PID:3444
- C:\Windows\System\TYBMlrA.exe
  C:\Windows\System\TYBMlrA.exe
  2⤵
  PID:3352
- C:\Windows\System\FUZboce.exe
  C:\Windows\System\FUZboce.exe
  2⤵
  PID:3076
- C:\Windows\System\HKaCnLX.exe
  C:\Windows\System\HKaCnLX.exe
  2⤵
  PID:3652
- C:\Windows\System\JXBgBFk.exe
  C:\Windows\System\JXBgBFk.exe
  2⤵
  PID:3504
- C:\Windows\System\PYwPCuY.exe
  C:\Windows\System\PYwPCuY.exe
  2⤵
  PID:3588
- C:\Windows\System\QJSHfVR.exe
  C:\Windows\System\QJSHfVR.exe
  2⤵
  PID:3936
- C:\Windows\System\AbCWkwv.exe
  C:\Windows\System\AbCWkwv.exe
  2⤵
  PID:3824
- C:\Windows\System\TXgPbrg.exe
  C:\Windows\System\TXgPbrg.exe
  2⤵
  PID:3452
- C:\Windows\System\aidsSnK.exe
  C:\Windows\System\aidsSnK.exe
  2⤵
  PID:3720
- C:\Windows\System\fhZFeTb.exe
  C:\Windows\System\fhZFeTb.exe
  2⤵
  PID:3764
- C:\Windows\System\SROHmFw.exe
  C:\Windows\System\SROHmFw.exe
  2⤵
  PID:3628
- C:\Windows\System\tyZVfnd.exe
  C:\Windows\System\tyZVfnd.exe
  2⤵
  PID:3924
- C:\Windows\System\aoFbtUU.exe
  C:\Windows\System\aoFbtUU.exe
  2⤵
  PID:1108
- C:\Windows\System\aggBlLh.exe
  C:\Windows\System\aggBlLh.exe
  2⤵
  PID:3668
- C:\Windows\System\syMkRmq.exe
  C:\Windows\System\syMkRmq.exe
  2⤵
  PID:3752
- C:\Windows\System\AtGlPcv.exe
  C:\Windows\System\AtGlPcv.exe
  2⤵
  PID:4092
- C:\Windows\System\PEBXZyY.exe
  C:\Windows\System\PEBXZyY.exe
  2⤵
  PID:1648
- C:\Windows\System\xVrWmTD.exe
  C:\Windows\System\xVrWmTD.exe
  2⤵
  PID:3988
- C:\Windows\System\kDCrSep.exe
  C:\Windows\System\kDCrSep.exe
  2⤵
  PID:4028
- C:\Windows\System\HrLhllE.exe
  C:\Windows\System\HrLhllE.exe
  2⤵
  PID:3340
- C:\Windows\System\kenRjom.exe
  C:\Windows\System\kenRjom.exe
  2⤵
  PID:4036
- C:\Windows\System\pkDwlny.exe
  C:\Windows\System\pkDwlny.exe
  2⤵
  PID:3400
- C:\Windows\System\nrpydaO.exe
  C:\Windows\System\nrpydaO.exe
  2⤵
  PID:4032
- C:\Windows\System\ORcffxv.exe
  C:\Windows\System\ORcffxv.exe
  2⤵
  PID:3636
- C:\Windows\System\omJmafR.exe
  C:\Windows\System\omJmafR.exe
  2⤵
  PID:3748
- C:\Windows\System\zkvNjvq.exe
  C:\Windows\System\zkvNjvq.exe
  2⤵
  PID:4112
- C:\Windows\System\ioFMdqO.exe
  C:\Windows\System\ioFMdqO.exe
  2⤵
  PID:4132
- C:\Windows\System\cQhYCHi.exe
  C:\Windows\System\cQhYCHi.exe
  2⤵
  PID:4156
- C:\Windows\System\LOqHNTw.exe
  C:\Windows\System\LOqHNTw.exe
  2⤵
  PID:4172
- C:\Windows\System\vGqgLnt.exe
  C:\Windows\System\vGqgLnt.exe
  2⤵
  PID:4188
- C:\Windows\System\xnfzgLA.exe
  C:\Windows\System\xnfzgLA.exe
  2⤵
  PID:4272
- C:\Windows\System\JFuweAv.exe
  C:\Windows\System\JFuweAv.exe
  2⤵
  PID:4288
- C:\Windows\System\wqaTuep.exe
  C:\Windows\System\wqaTuep.exe
  2⤵
  PID:4308
- C:\Windows\System\HjemJdP.exe
  C:\Windows\System\HjemJdP.exe
  2⤵
  PID:4324
- C:\Windows\System\LWuurBE.exe
  C:\Windows\System\LWuurBE.exe
  2⤵
  PID:4340
- C:\Windows\System\cDkHyPZ.exe
  C:\Windows\System\cDkHyPZ.exe
  2⤵
  PID:4356
- C:\Windows\System\GTlFxEU.exe
  C:\Windows\System\GTlFxEU.exe
  2⤵
  PID:4376
- C:\Windows\System\hXaHCxx.exe
  C:\Windows\System\hXaHCxx.exe
  2⤵
  PID:4396
- C:\Windows\System\eEJKLnx.exe
  C:\Windows\System\eEJKLnx.exe
  2⤵
  PID:4412
- C:\Windows\System\tUPzHne.exe
  C:\Windows\System\tUPzHne.exe
  2⤵
  PID:4428
- C:\Windows\System\fetlHgC.exe
  C:\Windows\System\fetlHgC.exe
  2⤵
  PID:4444
- C:\Windows\System\yueoEWj.exe
  C:\Windows\System\yueoEWj.exe
  2⤵
  PID:4460
- C:\Windows\System\smtMulC.exe
  C:\Windows\System\smtMulC.exe
  2⤵
  PID:4476
- C:\Windows\System\xcVkZfB.exe
  C:\Windows\System\xcVkZfB.exe
  2⤵
  PID:4492
- C:\Windows\System\JgbsSUY.exe
  C:\Windows\System\JgbsSUY.exe
  2⤵
  PID:4508
- C:\Windows\System\pFkXwww.exe
  C:\Windows\System\pFkXwww.exe
  2⤵
  PID:4524
- C:\Windows\System\hKWxzkV.exe
  C:\Windows\System\hKWxzkV.exe
  2⤵
  PID:4540
- C:\Windows\System\SlahOst.exe
  C:\Windows\System\SlahOst.exe
  2⤵
  PID:4596
- C:\Windows\System\CQkagPw.exe
  C:\Windows\System\CQkagPw.exe
  2⤵
  PID:4612
- C:\Windows\System\hKddmyI.exe
  C:\Windows\System\hKddmyI.exe
  2⤵
  PID:4628
- C:\Windows\System\uSqcXiQ.exe
  C:\Windows\System\uSqcXiQ.exe
  2⤵
  PID:4648
- C:\Windows\System\zLDgjhB.exe
  C:\Windows\System\zLDgjhB.exe
  2⤵
  PID:4664
- C:\Windows\System\neJTlyy.exe
  C:\Windows\System\neJTlyy.exe
  2⤵
  PID:4684
- C:\Windows\System\sPiLNDj.exe
  C:\Windows\System\sPiLNDj.exe
  2⤵
  PID:4700
- C:\Windows\System\kDeKXvt.exe
  C:\Windows\System\kDeKXvt.exe
  2⤵
  PID:4720
- C:\Windows\System\ycXcBaM.exe
  C:\Windows\System\ycXcBaM.exe
  2⤵
  PID:4736
- C:\Windows\System\simJJER.exe
  C:\Windows\System\simJJER.exe
  2⤵
  PID:4752
- C:\Windows\System\MtVpvhu.exe
  C:\Windows\System\MtVpvhu.exe
  2⤵
  PID:4772
- C:\Windows\System\OtLBmSO.exe
  C:\Windows\System\OtLBmSO.exe
  2⤵
  PID:4792
- C:\Windows\System\rWxEIqo.exe
  C:\Windows\System\rWxEIqo.exe
  2⤵
  PID:4812
- C:\Windows\System\lvwhAhz.exe
  C:\Windows\System\lvwhAhz.exe
  2⤵
  PID:4832
- C:\Windows\System\hqWFZfX.exe
  C:\Windows\System\hqWFZfX.exe
  2⤵
  PID:4848
- C:\Windows\System\uaqEHHx.exe
  C:\Windows\System\uaqEHHx.exe
  2⤵
  PID:4864
- C:\Windows\System\aZODAYj.exe
  C:\Windows\System\aZODAYj.exe
  2⤵
  PID:4880
- C:\Windows\System\LVbzMxr.exe
  C:\Windows\System\LVbzMxr.exe
  2⤵
  PID:4964
- C:\Windows\System\QhEvygz.exe
  C:\Windows\System\QhEvygz.exe
  2⤵
  PID:4980
- C:\Windows\System\iXNdgTb.exe
  C:\Windows\System\iXNdgTb.exe
  2⤵
  PID:4996
- C:\Windows\System\CoxsHPr.exe
  C:\Windows\System\CoxsHPr.exe
  2⤵
  PID:5012
- C:\Windows\System\aGpMsoA.exe
  C:\Windows\System\aGpMsoA.exe
  2⤵
  PID:5028
- C:\Windows\System\kRnRLgj.exe
  C:\Windows\System\kRnRLgj.exe
  2⤵
  PID:5048
- C:\Windows\System\NOkpwlE.exe
  C:\Windows\System\NOkpwlE.exe
  2⤵
  PID:5064
- C:\Windows\System\NRjaptO.exe
  C:\Windows\System\NRjaptO.exe
  2⤵
  PID:5080
- C:\Windows\System\dkhvdmU.exe
  C:\Windows\System\dkhvdmU.exe
  2⤵
  PID:5096
- C:\Windows\System\fVtbFCY.exe
  C:\Windows\System\fVtbFCY.exe
  2⤵
  PID:908
- C:\Windows\System\wmZnHsW.exe
  C:\Windows\System\wmZnHsW.exe
  2⤵
  PID:3244
- C:\Windows\System\dAJGDmy.exe
  C:\Windows\System\dAJGDmy.exe
  2⤵
  PID:3544
- C:\Windows\System\iYacwXe.exe
  C:\Windows\System\iYacwXe.exe
  2⤵
  PID:2912
- C:\Windows\System\NMDVwKj.exe
  C:\Windows\System\NMDVwKj.exe
  2⤵
  PID:3944
- C:\Windows\System\KfABllz.exe
  C:\Windows\System\KfABllz.exe
  2⤵
  PID:3840
- C:\Windows\System\gdjzzQx.exe
  C:\Windows\System\gdjzzQx.exe
  2⤵
  PID:3780
- C:\Windows\System\gPFDnxM.exe
  C:\Windows\System\gPFDnxM.exe
  2⤵
  PID:2696
- C:\Windows\System\SIvnEcq.exe
  C:\Windows\System\SIvnEcq.exe
  2⤵
  PID:4120
- C:\Windows\System\MIqvpgr.exe
  C:\Windows\System\MIqvpgr.exe
  2⤵
  PID:3184
- C:\Windows\System\FZUUADA.exe
  C:\Windows\System\FZUUADA.exe
  2⤵
  PID:3140
- C:\Windows\System\MrBBugA.exe
  C:\Windows\System\MrBBugA.exe
  2⤵
  PID:4104
- C:\Windows\System\SigDafL.exe
  C:\Windows\System\SigDafL.exe
  2⤵
  PID:4184
- C:\Windows\System\JKGcVJW.exe
  C:\Windows\System\JKGcVJW.exe
  2⤵
  PID:4168
- C:\Windows\System\iAJpnzY.exe
  C:\Windows\System\iAJpnzY.exe
  2⤵
  PID:4208
- C:\Windows\System\jvHDQPt.exe
  C:\Windows\System\jvHDQPt.exe
  2⤵
  PID:4228
- C:\Windows\System\omXvjBd.exe
  C:\Windows\System\omXvjBd.exe
  2⤵
  PID:4244
- C:\Windows\System\ZwnFPHo.exe
  C:\Windows\System\ZwnFPHo.exe
  2⤵
  PID:4280
- C:\Windows\System\NYmdxrh.exe
  C:\Windows\System\NYmdxrh.exe
  2⤵
  PID:4348
- C:\Windows\System\ibBjGCx.exe
  C:\Windows\System\ibBjGCx.exe
  2⤵
  PID:4152
- C:\Windows\System\eDUwyKD.exe
  C:\Windows\System\eDUwyKD.exe
  2⤵
  PID:4268
- C:\Windows\System\ZMKqAfL.exe
  C:\Windows\System\ZMKqAfL.exe
  2⤵
  PID:4576
- C:\Windows\System\wvFyeBQ.exe
  C:\Windows\System\wvFyeBQ.exe
  2⤵
  PID:4304
- C:\Windows\System\KWhGkIl.exe
  C:\Windows\System\KWhGkIl.exe
  2⤵
  PID:4388
- C:\Windows\System\lrNNrRi.exe
  C:\Windows\System\lrNNrRi.exe
  2⤵
  PID:4364
- C:\Windows\System\qUEHxsV.exe
  C:\Windows\System\qUEHxsV.exe
  2⤵
  PID:4728
- C:\Windows\System\BByoczo.exe
  C:\Windows\System\BByoczo.exe
  2⤵
  PID:4804
- C:\Windows\System\mzBUkct.exe
  C:\Windows\System\mzBUkct.exe
  2⤵
  PID:4532
- C:\Windows\System\wugRWQF.exe
  C:\Windows\System\wugRWQF.exe
  2⤵
  PID:4604
- C:\Windows\System\CJEMyfP.exe
  C:\Windows\System\CJEMyfP.exe
  2⤵
  PID:4672
- C:\Windows\System\qOQqMSr.exe
  C:\Windows\System\qOQqMSr.exe
  2⤵
  PID:4716
- C:\Windows\System\GQvyTAs.exe
  C:\Windows\System\GQvyTAs.exe
  2⤵
  PID:4780
- C:\Windows\System\aHhrYjw.exe
  C:\Windows\System\aHhrYjw.exe
  2⤵
  PID:4824
- C:\Windows\System\JiNwXGv.exe
  C:\Windows\System\JiNwXGv.exe
  2⤵
  PID:4888
- C:\Windows\System\CZdzcNQ.exe
  C:\Windows\System\CZdzcNQ.exe
  2⤵
  PID:4892
- C:\Windows\System\octJUoK.exe
  C:\Windows\System\octJUoK.exe
  2⤵
  PID:4920
- C:\Windows\System\BOeAdNS.exe
  C:\Windows\System\BOeAdNS.exe
  2⤵
  PID:4936
- C:\Windows\System\jMlcAoJ.exe
  C:\Windows\System\jMlcAoJ.exe
  2⤵
  PID:4952
- C:\Windows\System\XTydDDb.exe
  C:\Windows\System\XTydDDb.exe
  2⤵
  PID:4760
- C:\Windows\System\puwJlpy.exe
  C:\Windows\System\puwJlpy.exe
  2⤵
  PID:5092
- C:\Windows\System\pMqEiqZ.exe
  C:\Windows\System\pMqEiqZ.exe
  2⤵
  PID:5036
- C:\Windows\System\asBLAry.exe
  C:\Windows\System\asBLAry.exe
  2⤵
  PID:5040
- C:\Windows\System\tRKJoBY.exe
  C:\Windows\System\tRKJoBY.exe
  2⤵
  PID:5116
- C:\Windows\System\UROtLcs.exe
  C:\Windows\System\UROtLcs.exe
  2⤵
  PID:3272
- C:\Windows\System\XIEOjMb.exe
  C:\Windows\System\XIEOjMb.exe
  2⤵
  PID:3960
- C:\Windows\System\kshzKWC.exe
  C:\Windows\System\kshzKWC.exe
  2⤵
  PID:2488
- C:\Windows\System\yPCayIf.exe
  C:\Windows\System\yPCayIf.exe
  2⤵
  PID:4128
- C:\Windows\System\aIfTMBl.exe
  C:\Windows\System\aIfTMBl.exe
  2⤵
  PID:4220
- C:\Windows\System\pAtAcNL.exe
  C:\Windows\System\pAtAcNL.exe
  2⤵
  PID:4972
- C:\Windows\System\bRXGkMO.exe
  C:\Windows\System\bRXGkMO.exe
  2⤵
  PID:4424
- C:\Windows\System\aNKQlVg.exe
  C:\Windows\System\aNKQlVg.exe
  2⤵
  PID:4456
- C:\Windows\System\CwAhVwG.exe
  C:\Windows\System\CwAhVwG.exe
  2⤵
  PID:4560
- C:\Windows\System\BBzLONh.exe
  C:\Windows\System\BBzLONh.exe
  2⤵
  PID:3664
- C:\Windows\System\fTDhbtf.exe
  C:\Windows\System\fTDhbtf.exe
  2⤵
  PID:4620
- C:\Windows\System\DRwTyfx.exe
  C:\Windows\System\DRwTyfx.exe
  2⤵
  PID:4372
- C:\Windows\System\SbbNNCo.exe
  C:\Windows\System\SbbNNCo.exe
  2⤵
  PID:4408
- C:\Windows\System\kYAdjkQ.exe
  C:\Windows\System\kYAdjkQ.exe
  2⤵
  PID:4504
- C:\Windows\System\CbyopRc.exe
  C:\Windows\System\CbyopRc.exe
  2⤵
  PID:4584
- C:\Windows\System\baOSSNN.exe
  C:\Windows\System\baOSSNN.exe
  2⤵
  PID:4744
- C:\Windows\System\fysROWV.exe
  C:\Windows\System\fysROWV.exe
  2⤵
  PID:4916
- C:\Windows\System\qHGbfUd.exe
  C:\Windows\System\qHGbfUd.exe
  2⤵
  PID:4300
- C:\Windows\System\HBUjdQr.exe
  C:\Windows\System\HBUjdQr.exe
  2⤵
  PID:3248
- C:\Windows\System\oXhhKRd.exe
  C:\Windows\System\oXhhKRd.exe
  2⤵
  PID:4260
- C:\Windows\System\EXOBqbB.exe
  C:\Windows\System\EXOBqbB.exe
  2⤵
  PID:4320
- C:\Windows\System\uLrQSEN.exe
  C:\Windows\System\uLrQSEN.exe
  2⤵
  PID:4900
- C:\Windows\System\AKGnwFF.exe
  C:\Windows\System\AKGnwFF.exe
  2⤵
  PID:5060
- C:\Windows\System\YrKxaga.exe
  C:\Windows\System\YrKxaga.exe
  2⤵
  PID:4876
- C:\Windows\System\jgBBuse.exe
  C:\Windows\System\jgBBuse.exe
  2⤵
  PID:3612
- C:\Windows\System\ZTldriC.exe
  C:\Windows\System\ZTldriC.exe
  2⤵
  PID:3156
- C:\Windows\System\gmJBjfe.exe
  C:\Windows\System\gmJBjfe.exe
  2⤵
  PID:4316
- C:\Windows\System\BxnlTpE.exe
  C:\Windows\System\BxnlTpE.exe
  2⤵
  PID:4860
- C:\Windows\System\VESxubO.exe
  C:\Windows\System\VESxubO.exe
  2⤵
  PID:4436
- C:\Windows\System\UhYhuQM.exe
  C:\Windows\System\UhYhuQM.exe
  2⤵
  PID:4568
- C:\Windows\System\lTYUDAR.exe
  C:\Windows\System\lTYUDAR.exe
  2⤵
  PID:4144
- C:\Windows\System\vQJepgm.exe
  C:\Windows\System\vQJepgm.exe
  2⤵
  PID:4200
- C:\Windows\System\TERsexm.exe
  C:\Windows\System\TERsexm.exe
  2⤵
  PID:5076
- C:\Windows\System\kAviXRa.exe
  C:\Windows\System\kAviXRa.exe
  2⤵
  PID:4500
- C:\Windows\System\aNNgHEJ.exe
  C:\Windows\System\aNNgHEJ.exe
  2⤵
  PID:4912
- C:\Windows\System\EzhrAuJ.exe
  C:\Windows\System\EzhrAuJ.exe
  2⤵
  PID:4588
- C:\Windows\System\AhiyIuZ.exe
  C:\Windows\System\AhiyIuZ.exe
  2⤵
  PID:4696
- C:\Windows\System\hptLODq.exe
  C:\Windows\System\hptLODq.exe
  2⤵
  PID:1512
- C:\Windows\System\VHYXVNH.exe
  C:\Windows\System\VHYXVNH.exe
  2⤵
  PID:4976
- C:\Windows\System\uiYoVmm.exe
  C:\Windows\System\uiYoVmm.exe
  2⤵
  PID:5104
- C:\Windows\System\xnWPIqK.exe
  C:\Windows\System\xnWPIqK.exe
  2⤵
  PID:4800
- C:\Windows\System\eocYNiV.exe
  C:\Windows\System\eocYNiV.exe
  2⤵
  PID:4820
- C:\Windows\System\eWdgNDF.exe
  C:\Windows\System\eWdgNDF.exe
  2⤵
  PID:2408
- C:\Windows\System\FhvZKCy.exe
  C:\Windows\System\FhvZKCy.exe
  2⤵
  PID:880
- C:\Windows\System\zGwvnZf.exe
  C:\Windows\System\zGwvnZf.exe
  2⤵
  PID:2212
- C:\Windows\System\GYNqmsc.exe
  C:\Windows\System\GYNqmsc.exe
  2⤵
  PID:4844
- C:\Windows\System\rCxEYsO.exe
  C:\Windows\System\rCxEYsO.exe
  2⤵
  PID:4488
- C:\Windows\System\FvBvxqd.exe
  C:\Windows\System\FvBvxqd.exe
  2⤵
  PID:3492
- C:\Windows\System\kJPrcaG.exe
  C:\Windows\System\kJPrcaG.exe
  2⤵
  PID:4336
- C:\Windows\System\BkVbONS.exe
  C:\Windows\System\BkVbONS.exe
  2⤵
  PID:2468
- C:\Windows\System\FDgRGev.exe
  C:\Windows\System\FDgRGev.exe
  2⤵
  PID:4840
- C:\Windows\System\oXDdWbZ.exe
  C:\Windows\System\oXDdWbZ.exe
  2⤵
  PID:3420
- C:\Windows\System\McGQkTA.exe
  C:\Windows\System\McGQkTA.exe
  2⤵
  PID:4644
- C:\Windows\System\NlVhqOX.exe
  C:\Windows\System\NlVhqOX.exe
  2⤵
  PID:2524
- C:\Windows\System\gGDEcHE.exe
  C:\Windows\System\gGDEcHE.exe
  2⤵
  PID:5072
- C:\Windows\System\LbaRtTB.exe
  C:\Windows\System\LbaRtTB.exe
  2⤵
  PID:2284
- C:\Windows\System\svmSGOQ.exe
  C:\Windows\System\svmSGOQ.exe
  2⤵
  PID:1392
- C:\Windows\System\mTfKqMN.exe
  C:\Windows\System\mTfKqMN.exe
  2⤵
  PID:5020
- C:\Windows\System\ccJNeQL.exe
  C:\Windows\System\ccJNeQL.exe
  2⤵
  PID:5136
- C:\Windows\System\uYtpRzK.exe
  C:\Windows\System\uYtpRzK.exe
  2⤵
  PID:5156
- C:\Windows\System\sFdCyTG.exe
  C:\Windows\System\sFdCyTG.exe
  2⤵
  PID:5172
- C:\Windows\System\QLDawSE.exe
  C:\Windows\System\QLDawSE.exe
  2⤵
  PID:5192
- C:\Windows\System\MNrmoOU.exe
  C:\Windows\System\MNrmoOU.exe
  2⤵
  PID:5208
- C:\Windows\System\zBBAGgS.exe
  C:\Windows\System\zBBAGgS.exe
  2⤵
  PID:5260
- C:\Windows\System\rzxqIcT.exe
  C:\Windows\System\rzxqIcT.exe
  2⤵
  PID:5276
- C:\Windows\System\VtMVAGs.exe
  C:\Windows\System\VtMVAGs.exe
  2⤵
  PID:5292
- C:\Windows\System\zaEGTfC.exe
  C:\Windows\System\zaEGTfC.exe
  2⤵
  PID:5308
- C:\Windows\System\ihqUuIG.exe
  C:\Windows\System\ihqUuIG.exe
  2⤵
  PID:5328
- C:\Windows\System\bbAQFOc.exe
  C:\Windows\System\bbAQFOc.exe
  2⤵
  PID:5348
- C:\Windows\System\ZbEdfkc.exe
  C:\Windows\System\ZbEdfkc.exe
  2⤵
  PID:5364
- C:\Windows\System\WztXizA.exe
  C:\Windows\System\WztXizA.exe
  2⤵
  PID:5380
- C:\Windows\System\lBMONgH.exe
  C:\Windows\System\lBMONgH.exe
  2⤵
  PID:5416
- C:\Windows\System\gzOZOQS.exe
  C:\Windows\System\gzOZOQS.exe
  2⤵
  PID:5436
- C:\Windows\System\tYKFOHn.exe
  C:\Windows\System\tYKFOHn.exe
  2⤵
  PID:5456
- C:\Windows\System\XKIzBnE.exe
  C:\Windows\System\XKIzBnE.exe
  2⤵
  PID:5472
- C:\Windows\System\UIaXzzX.exe
  C:\Windows\System\UIaXzzX.exe
  2⤵
  PID:5492
- C:\Windows\System\FnCYTbf.exe
  C:\Windows\System\FnCYTbf.exe
  2⤵
  PID:5508
- C:\Windows\System\bjshdyX.exe
  C:\Windows\System\bjshdyX.exe
  2⤵
  PID:5528
- C:\Windows\System\nyKTJTe.exe
  C:\Windows\System\nyKTJTe.exe
  2⤵
  PID:5544
- C:\Windows\System\XxczwZN.exe
  C:\Windows\System\XxczwZN.exe
  2⤵
  PID:5564
- C:\Windows\System\Rqajvif.exe
  C:\Windows\System\Rqajvif.exe
  2⤵
  PID:5580
- C:\Windows\System\eYQhzlw.exe
  C:\Windows\System\eYQhzlw.exe
  2⤵
  PID:5596
- C:\Windows\System\QeQSIHV.exe
  C:\Windows\System\QeQSIHV.exe
  2⤵
  PID:5616
- C:\Windows\System\VTiszSB.exe
  C:\Windows\System\VTiszSB.exe
  2⤵
  PID:5632
- C:\Windows\System\rrTpgUg.exe
  C:\Windows\System\rrTpgUg.exe
  2⤵
  PID:5652
- C:\Windows\System\SCRCQNQ.exe
  C:\Windows\System\SCRCQNQ.exe
  2⤵
  PID:5668
- C:\Windows\System\xqyPxXw.exe
  C:\Windows\System\xqyPxXw.exe
  2⤵
  PID:5688
- C:\Windows\System\iADadyx.exe
  C:\Windows\System\iADadyx.exe
  2⤵
  PID:5708
- C:\Windows\System\qqXysOq.exe
  C:\Windows\System\qqXysOq.exe
  2⤵
  PID:5724
- C:\Windows\System\LpFNhnF.exe
  C:\Windows\System\LpFNhnF.exe
  2⤵
  PID:5740
- C:\Windows\System\pmLHuso.exe
  C:\Windows\System\pmLHuso.exe
  2⤵
  PID:5760
- C:\Windows\System\UMRgujj.exe
  C:\Windows\System\UMRgujj.exe
  2⤵
  PID:5776
- C:\Windows\System\yVjVrtQ.exe
  C:\Windows\System\yVjVrtQ.exe
  2⤵
  PID:5792
- C:\Windows\System\FDxOfsR.exe
  C:\Windows\System\FDxOfsR.exe
  2⤵
  PID:5812
- C:\Windows\System\oCBFiBc.exe
  C:\Windows\System\oCBFiBc.exe
  2⤵
  PID:5832
- C:\Windows\System\cteictf.exe
  C:\Windows\System\cteictf.exe
  2⤵
  PID:5856
- C:\Windows\System\PULHZTV.exe
  C:\Windows\System\PULHZTV.exe
  2⤵
  PID:5876
- C:\Windows\System\QARNQzp.exe
  C:\Windows\System\QARNQzp.exe
  2⤵
  PID:5892
- C:\Windows\System\XqQCipK.exe
  C:\Windows\System\XqQCipK.exe
  2⤵
  PID:5912
- C:\Windows\System\kcLdYaz.exe
  C:\Windows\System\kcLdYaz.exe
  2⤵
  PID:5928
- C:\Windows\System\ukFACtL.exe
  C:\Windows\System\ukFACtL.exe
  2⤵
  PID:5944
- C:\Windows\System\FpDRRUF.exe
  C:\Windows\System\FpDRRUF.exe
  2⤵
  PID:5964
- C:\Windows\System\fVwseNz.exe
  C:\Windows\System\fVwseNz.exe
  2⤵
  PID:5980
- C:\Windows\System\HsiabIz.exe
  C:\Windows\System\HsiabIz.exe
  2⤵
  PID:6000
- C:\Windows\System\PaOrQXR.exe
  C:\Windows\System\PaOrQXR.exe
  2⤵
  PID:6016
- C:\Windows\System\PULQDcv.exe
  C:\Windows\System\PULQDcv.exe
  2⤵
  PID:6036
- C:\Windows\System\iNlbYuR.exe
  C:\Windows\System\iNlbYuR.exe
  2⤵
  PID:6052
- C:\Windows\System\oRAbRtR.exe
  C:\Windows\System\oRAbRtR.exe
  2⤵
  PID:6072
- C:\Windows\System\HklyQxE.exe
  C:\Windows\System\HklyQxE.exe
  2⤵
  PID:6088
- C:\Windows\System\bWNpDGc.exe
  C:\Windows\System\bWNpDGc.exe
  2⤵
  PID:6108
- C:\Windows\System\pmJpGWA.exe
  C:\Windows\System\pmJpGWA.exe
  2⤵
  PID:6124
- C:\Windows\System\izFBnYp.exe
  C:\Windows\System\izFBnYp.exe
  2⤵
  PID:992
- C:\Windows\System\nuhbHQM.exe
  C:\Windows\System\nuhbHQM.exe
  2⤵
  PID:1220
- C:\Windows\System\gFIGqfr.exe
  C:\Windows\System\gFIGqfr.exe
  2⤵
  PID:5240
- C:\Windows\System\kyYnsgm.exe
  C:\Windows\System\kyYnsgm.exe
  2⤵
  PID:2064
- C:\Windows\System\ofhsjEv.exe
  C:\Windows\System\ofhsjEv.exe
  2⤵
  PID:5284
- C:\Windows\System\voNBvSq.exe
  C:\Windows\System\voNBvSq.exe
  2⤵
  PID:5356
- C:\Windows\System\UVNxJJy.exe
  C:\Windows\System\UVNxJJy.exe
  2⤵
  PID:5392
- C:\Windows\System\kxQJoem.exe
  C:\Windows\System\kxQJoem.exe
  2⤵
  PID:5408
- C:\Windows\System\PKsBnAx.exe
  C:\Windows\System\PKsBnAx.exe
  2⤵
  PID:5444
- C:\Windows\System\GNuQgAa.exe
  C:\Windows\System\GNuQgAa.exe
  2⤵
  PID:5516
- C:\Windows\System\hOzwyTZ.exe
  C:\Windows\System\hOzwyTZ.exe
  2⤵
  PID:5560
- C:\Windows\System\NsFYSTo.exe
  C:\Windows\System\NsFYSTo.exe
  2⤵
  PID:5624
- C:\Windows\System\WxieiLa.exe
  C:\Windows\System\WxieiLa.exe
  2⤵
  PID:5696
- C:\Windows\System\DpniaYU.exe
  C:\Windows\System\DpniaYU.exe
  2⤵
  PID:5732
- C:\Windows\System\SwsKjty.exe
  C:\Windows\System\SwsKjty.exe
  2⤵
  PID:5808
- C:\Windows\System\gOLawJE.exe
  C:\Windows\System\gOLawJE.exe
  2⤵
  PID:5884
- C:\Windows\System\ISxhtie.exe
  C:\Windows\System\ISxhtie.exe
  2⤵
  PID:5924
- C:\Windows\System\QNPMFxW.exe
  C:\Windows\System\QNPMFxW.exe
  2⤵
  PID:5956
- C:\Windows\System\MhHFQNR.exe
  C:\Windows\System\MhHFQNR.exe
  2⤵
  PID:5996
- C:\Windows\System\qWbHtgV.exe
  C:\Windows\System\qWbHtgV.exe
  2⤵
  PID:6096
- C:\Windows\System\ZWuyWBn.exe
  C:\Windows\System\ZWuyWBn.exe
  2⤵
  PID:6104
- C:\Windows\System\gHaizih.exe
  C:\Windows\System\gHaizih.exe
  2⤵
  PID:3524
- C:\Windows\System\hAZocnX.exe
  C:\Windows\System\hAZocnX.exe
  2⤵
  PID:2664
- C:\Windows\System\rFNxDjC.exe
  C:\Windows\System\rFNxDjC.exe
  2⤵
  PID:2688
- C:\Windows\System\cDTDihJ.exe
  C:\Windows\System\cDTDihJ.exe
  2⤵
  PID:2956
- C:\Windows\System\dmYxnGH.exe
  C:\Windows\System\dmYxnGH.exe
  2⤵
  PID:4148
- C:\Windows\System\QlcjmDm.exe
  C:\Windows\System\QlcjmDm.exe
  2⤵
  PID:4180
- C:\Windows\System\DerUNjM.exe
  C:\Windows\System\DerUNjM.exe
  2⤵
  PID:5008
- C:\Windows\System\UeygIAm.exe
  C:\Windows\System\UeygIAm.exe
  2⤵
  PID:1668
- C:\Windows\System\bTLOnra.exe
  C:\Windows\System\bTLOnra.exe
  2⤵
  PID:5164
- C:\Windows\System\ZkEfMgI.exe
  C:\Windows\System\ZkEfMgI.exe
  2⤵
  PID:5784
- C:\Windows\System\OAhydrI.exe
  C:\Windows\System\OAhydrI.exe
  2⤵
  PID:5272
- C:\Windows\System\AJipbpQ.exe
  C:\Windows\System\AJipbpQ.exe
  2⤵
  PID:5340
- C:\Windows\System\qBLAwvy.exe
  C:\Windows\System\qBLAwvy.exe
  2⤵
  PID:5424
- C:\Windows\System\HxhAmXI.exe
  C:\Windows\System\HxhAmXI.exe
  2⤵
  PID:5468
- C:\Windows\System\wfUkdhV.exe
  C:\Windows\System\wfUkdhV.exe
  2⤵
  PID:5540
- C:\Windows\System\sntTooR.exe
  C:\Windows\System\sntTooR.exe
  2⤵
  PID:5608
- C:\Windows\System\dIJWgQq.exe
  C:\Windows\System\dIJWgQq.exe
  2⤵
  PID:5648
- C:\Windows\System\kOvzIaN.exe
  C:\Windows\System\kOvzIaN.exe
  2⤵
  PID:5680
- C:\Windows\System\AYwYFSk.exe
  C:\Windows\System\AYwYFSk.exe
  2⤵
  PID:5824
- C:\Windows\System\FpJNDiW.exe
  C:\Windows\System\FpJNDiW.exe
  2⤵
  PID:5828
- C:\Windows\System\HkQDKAz.exe
  C:\Windows\System\HkQDKAz.exe
  2⤵
  PID:5936
- C:\Windows\System\ruIFoFZ.exe
  C:\Windows\System\ruIFoFZ.exe
  2⤵
  PID:6012
- C:\Windows\System\mPGcXtU.exe
  C:\Windows\System\mPGcXtU.exe
  2⤵
  PID:6116
- C:\Windows\System\NiBGBDf.exe
  C:\Windows\System\NiBGBDf.exe
  2⤵
  PID:1088
- C:\Windows\System\qIRUpJX.exe
  C:\Windows\System\qIRUpJX.exe
  2⤵
  PID:2396
- C:\Windows\System\JCzFRCU.exe
  C:\Windows\System\JCzFRCU.exe
  2⤵
  PID:5148
- C:\Windows\System\lkMjjzz.exe
  C:\Windows\System\lkMjjzz.exe
  2⤵
  PID:3324
- C:\Windows\System\dWcEYQv.exe
  C:\Windows\System\dWcEYQv.exe
  2⤵
  PID:3520
- C:\Windows\System\Umpnoqd.exe
  C:\Windows\System\Umpnoqd.exe
  2⤵
  PID:5388
- C:\Windows\System\qPJEsXl.exe
  C:\Windows\System\qPJEsXl.exe
  2⤵
  PID:5556
- C:\Windows\System\zMsCbSO.exe
  C:\Windows\System\zMsCbSO.exe
  2⤵
  PID:2640
- C:\Windows\System\NZwvULN.exe
  C:\Windows\System\NZwvULN.exe
  2⤵
  PID:5396
- C:\Windows\System\PNBrlnz.exe
  C:\Windows\System\PNBrlnz.exe
  2⤵
  PID:5488
- C:\Windows\System\pLeKPoA.exe
  C:\Windows\System\pLeKPoA.exe
  2⤵
  PID:5700
- C:\Windows\System\OmWunBT.exe
  C:\Windows\System\OmWunBT.exe
  2⤵
  PID:2036
- C:\Windows\System\fAxZvll.exe
  C:\Windows\System\fAxZvll.exe
  2⤵
  PID:6132
- C:\Windows\System\iosARVQ.exe
  C:\Windows\System\iosARVQ.exe
  2⤵
  PID:2520
- C:\Windows\System\ijMwlSq.exe
  C:\Windows\System\ijMwlSq.exe
  2⤵
  PID:5128
- C:\Windows\System\CZttgRE.exe
  C:\Windows\System\CZttgRE.exe
  2⤵
  PID:2668
- C:\Windows\System\UhbiooQ.exe
  C:\Windows\System\UhbiooQ.exe
  2⤵
  PID:5888
- C:\Windows\System\HzqWrMY.exe
  C:\Windows\System\HzqWrMY.exe
  2⤵
  PID:6068
- C:\Windows\System\zJandLH.exe
  C:\Windows\System\zJandLH.exe
  2⤵
  PID:2388
- C:\Windows\System\ZmnGUQb.exe
  C:\Windows\System\ZmnGUQb.exe
  2⤵
  PID:884
- C:\Windows\System\NzhMvZb.exe
  C:\Windows\System\NzhMvZb.exe
  2⤵
  PID:5304
- C:\Windows\System\AjBeeIT.exe
  C:\Windows\System\AjBeeIT.exe
  2⤵
  PID:5504
- C:\Windows\System\MhqsNqp.exe
  C:\Windows\System\MhqsNqp.exe
  2⤵
  PID:2732
- C:\Windows\System\CKRMrdM.exe
  C:\Windows\System\CKRMrdM.exe
  2⤵
  PID:5752
- C:\Windows\System\SPdULLV.exe
  C:\Windows\System\SPdULLV.exe
  2⤵
  PID:5432
- C:\Windows\System\ZWWIQvz.exe
  C:\Windows\System\ZWWIQvz.exe
  2⤵
  PID:5684
- C:\Windows\System\PJCOOTr.exe
  C:\Windows\System\PJCOOTr.exe
  2⤵
  PID:5972
- C:\Windows\System\CHIdstQ.exe
  C:\Windows\System\CHIdstQ.exe
  2⤵
  PID:6048
- C:\Windows\System\vWejjIf.exe
  C:\Windows\System\vWejjIf.exe
  2⤵
  PID:6120
- C:\Windows\System\mmYBxzt.exe
  C:\Windows\System\mmYBxzt.exe
  2⤵
  PID:2796
- C:\Windows\System\FVdDCMx.exe
  C:\Windows\System\FVdDCMx.exe
  2⤵
  PID:1696
- C:\Windows\System\qOKNgpA.exe
  C:\Windows\System\qOKNgpA.exe
  2⤵
  PID:5180
- C:\Windows\System\LIiunxT.exe
  C:\Windows\System\LIiunxT.exe
  2⤵
  PID:5152
- C:\Windows\System\ZaRrPUh.exe
  C:\Windows\System\ZaRrPUh.exe
  2⤵
  PID:1084
- C:\Windows\System\RhWkUTW.exe
  C:\Windows\System\RhWkUTW.exe
  2⤵
  PID:5316
- C:\Windows\System\FtyhIqf.exe
  C:\Windows\System\FtyhIqf.exe
  2⤵
  PID:2644
- C:\Windows\System\dkBYmjN.exe
  C:\Windows\System\dkBYmjN.exe
  2⤵
  PID:5360
- C:\Windows\System\TxYhWfu.exe
  C:\Windows\System\TxYhWfu.exe
  2⤵
  PID:2872
- C:\Windows\System\IYVAMhI.exe
  C:\Windows\System\IYVAMhI.exe
  2⤵
  PID:4992
- C:\Windows\System\MOHnltm.exe
  C:\Windows\System\MOHnltm.exe
  2⤵
  PID:3488
- C:\Windows\System\RuoItHf.exe
  C:\Windows\System\RuoItHf.exe
  2⤵
  PID:5800
- C:\Windows\System\pwgPDeB.exe
  C:\Windows\System\pwgPDeB.exe
  2⤵
  PID:5452
- C:\Windows\System\AayueJU.exe
  C:\Windows\System\AayueJU.exe
  2⤵
  PID:5900
- C:\Windows\System\pVBCYEo.exe
  C:\Windows\System\pVBCYEo.exe
  2⤵
  PID:5868
- C:\Windows\System\SBOlQqp.exe
  C:\Windows\System\SBOlQqp.exe
  2⤵
  PID:4708
- C:\Windows\System\fMPKbVc.exe
  C:\Windows\System\fMPKbVc.exe
  2⤵
  PID:5228
- C:\Windows\System\kexNmYx.exe
  C:\Windows\System\kexNmYx.exe
  2⤵
  PID:2716
- C:\Windows\System\ubyvyDW.exe
  C:\Windows\System\ubyvyDW.exe
  2⤵
  PID:5376
- C:\Windows\System\xTQwhuy.exe
  C:\Windows\System\xTQwhuy.exe
  2⤵
  PID:1012
- C:\Windows\System\xwEmsiD.exe
  C:\Windows\System\xwEmsiD.exe
  2⤵
  PID:5204
- C:\Windows\System\MpCUqxg.exe
  C:\Windows\System\MpCUqxg.exe
  2⤵
  PID:5848
- C:\Windows\System\HBeixUH.exe
  C:\Windows\System\HBeixUH.exe
  2⤵
  PID:5576
- C:\Windows\System\DuwSXka.exe
  C:\Windows\System\DuwSXka.exe
  2⤵
  PID:2808
- C:\Windows\System\vzaCodN.exe
  C:\Windows\System\vzaCodN.exe
  2⤵
  PID:5236
- C:\Windows\System\OZoGpKs.exe
  C:\Windows\System\OZoGpKs.exe
  2⤵
  PID:5256
- C:\Windows\System\RCSkvJA.exe
  C:\Windows\System\RCSkvJA.exe
  2⤵
  PID:4552
- C:\Windows\System\ZKCKVnq.exe
  C:\Windows\System\ZKCKVnq.exe
  2⤵
  PID:1484
- C:\Windows\System\eOPSSHq.exe
  C:\Windows\System\eOPSSHq.exe
  2⤵
  PID:2624
- C:\Windows\System\zryqWRW.exe
  C:\Windows\System\zryqWRW.exe
  2⤵
  PID:2820
- C:\Windows\System\ROVxJPl.exe
  C:\Windows\System\ROVxJPl.exe
  2⤵
  PID:4572
- C:\Windows\System\fIrimyS.exe
  C:\Windows\System\fIrimyS.exe
  2⤵
  PID:5252
- C:\Windows\System\VhgNPUM.exe
  C:\Windows\System\VhgNPUM.exe
  2⤵
  PID:6152
- C:\Windows\System\AnxZFYF.exe
  C:\Windows\System\AnxZFYF.exe
  2⤵
  PID:6168
- C:\Windows\System\mZVCaMb.exe
  C:\Windows\System\mZVCaMb.exe
  2⤵
  PID:6184
- C:\Windows\System\kHhpQXA.exe
  C:\Windows\System\kHhpQXA.exe
  2⤵
  PID:6200
- C:\Windows\System\WLLoVNe.exe
  C:\Windows\System\WLLoVNe.exe
  2⤵
  PID:6216
- C:\Windows\System\VOmKIAW.exe
  C:\Windows\System\VOmKIAW.exe
  2⤵
  PID:6232
- C:\Windows\System\nRewNmk.exe
  C:\Windows\System\nRewNmk.exe
  2⤵
  PID:6248
- C:\Windows\System\WFzsSzd.exe
  C:\Windows\System\WFzsSzd.exe
  2⤵
  PID:6264
- C:\Windows\System\LQNDebZ.exe
  C:\Windows\System\LQNDebZ.exe
  2⤵
  PID:6280
- C:\Windows\System\ZicgAjN.exe
  C:\Windows\System\ZicgAjN.exe
  2⤵
  PID:6296
- C:\Windows\System\EzwIWBJ.exe
  C:\Windows\System\EzwIWBJ.exe
  2⤵
  PID:6312
- C:\Windows\System\UwrezWI.exe
  C:\Windows\System\UwrezWI.exe
  2⤵
  PID:6328
- C:\Windows\System\zzahufm.exe
  C:\Windows\System\zzahufm.exe
  2⤵
  PID:6344
- C:\Windows\System\MdBsCUk.exe
  C:\Windows\System\MdBsCUk.exe
  2⤵
  PID:6360
- C:\Windows\System\LHOPcSc.exe
  C:\Windows\System\LHOPcSc.exe
  2⤵
  PID:6376
- C:\Windows\System\nxxbVFv.exe
  C:\Windows\System\nxxbVFv.exe
  2⤵
  PID:6392
- C:\Windows\System\vuFUlFP.exe
  C:\Windows\System\vuFUlFP.exe
  2⤵
  PID:6408
- C:\Windows\System\ntEhDGG.exe
  C:\Windows\System\ntEhDGG.exe
  2⤵
  PID:6424
- C:\Windows\System\xujZeaa.exe
  C:\Windows\System\xujZeaa.exe
  2⤵
  PID:6440
- C:\Windows\System\qspwTpI.exe
  C:\Windows\System\qspwTpI.exe
  2⤵
  PID:6456
- C:\Windows\System\rTThLbC.exe
  C:\Windows\System\rTThLbC.exe
  2⤵
  PID:6472
- C:\Windows\System\bRcyFgw.exe
  C:\Windows\System\bRcyFgw.exe
  2⤵
  PID:6488
- C:\Windows\System\TNIAxnm.exe
  C:\Windows\System\TNIAxnm.exe
  2⤵
  PID:6504
- C:\Windows\System\tBiCweo.exe
  C:\Windows\System\tBiCweo.exe
  2⤵
  PID:6520
- C:\Windows\System\LKDeMIf.exe
  C:\Windows\System\LKDeMIf.exe
  2⤵
  PID:6536
- C:\Windows\System\GYTLkKw.exe
  C:\Windows\System\GYTLkKw.exe
  2⤵
  PID:6552
- C:\Windows\System\ArjncaE.exe
  C:\Windows\System\ArjncaE.exe
  2⤵
  PID:6568
- C:\Windows\System\NlcXseQ.exe
  C:\Windows\System\NlcXseQ.exe
  2⤵
  PID:6584
- C:\Windows\System\uZSdiYj.exe
  C:\Windows\System\uZSdiYj.exe
  2⤵
  PID:6600
- C:\Windows\System\FvIKAUO.exe
  C:\Windows\System\FvIKAUO.exe
  2⤵
  PID:6616
- C:\Windows\System\hUKeHKD.exe
  C:\Windows\System\hUKeHKD.exe
  2⤵
  PID:6632
- C:\Windows\System\jnggBvV.exe
  C:\Windows\System\jnggBvV.exe
  2⤵
  PID:6648
- C:\Windows\System\jjMbaQN.exe
  C:\Windows\System\jjMbaQN.exe
  2⤵
  PID:6664
- C:\Windows\System\sXVpCOK.exe
  C:\Windows\System\sXVpCOK.exe
  2⤵
  PID:6680
- C:\Windows\System\qVTdgSu.exe
  C:\Windows\System\qVTdgSu.exe
  2⤵
  PID:6696
- C:\Windows\System\HDNjIZI.exe
  C:\Windows\System\HDNjIZI.exe
  2⤵
  PID:6712
- C:\Windows\System\jsXLWbd.exe
  C:\Windows\System\jsXLWbd.exe
  2⤵
  PID:6728
- C:\Windows\System\bwJYmUS.exe
  C:\Windows\System\bwJYmUS.exe
  2⤵
  PID:6744
- C:\Windows\System\IgHEbvM.exe
  C:\Windows\System\IgHEbvM.exe
  2⤵
  PID:6760
- C:\Windows\System\RjWlZXv.exe
  C:\Windows\System\RjWlZXv.exe
  2⤵
  PID:6776
- C:\Windows\System\vcjPSqa.exe
  C:\Windows\System\vcjPSqa.exe
  2⤵
  PID:6796
- C:\Windows\System\mKtUMeS.exe
  C:\Windows\System\mKtUMeS.exe
  2⤵
  PID:6812
- C:\Windows\System\GAoAmIK.exe
  C:\Windows\System\GAoAmIK.exe
  2⤵
  PID:6828
- C:\Windows\System\LNhXpCN.exe
  C:\Windows\System\LNhXpCN.exe
  2⤵
  PID:6844
- C:\Windows\System\eCfZlgj.exe
  C:\Windows\System\eCfZlgj.exe
  2⤵
  PID:6860
- C:\Windows\System\oRPpmpc.exe
  C:\Windows\System\oRPpmpc.exe
  2⤵
  PID:6876
- C:\Windows\System\ZtzUEyf.exe
  C:\Windows\System\ZtzUEyf.exe
  2⤵
  PID:6892
- C:\Windows\System\XFCugSY.exe
  C:\Windows\System\XFCugSY.exe
  2⤵
  PID:6908
- C:\Windows\System\qJSerVO.exe
  C:\Windows\System\qJSerVO.exe
  2⤵
  PID:6924
- C:\Windows\System\ZdtbKul.exe
  C:\Windows\System\ZdtbKul.exe
  2⤵
  PID:6940
- C:\Windows\System\SJtPVKH.exe
  C:\Windows\System\SJtPVKH.exe
  2⤵
  PID:6956
- C:\Windows\System\kASlxCm.exe
  C:\Windows\System\kASlxCm.exe
  2⤵
  PID:6972
- C:\Windows\System\HjWcTkW.exe
  C:\Windows\System\HjWcTkW.exe
  2⤵
  PID:6988
- C:\Windows\System\ysIStlf.exe
  C:\Windows\System\ysIStlf.exe
  2⤵
  PID:7004
- C:\Windows\System\NGqlkKj.exe
  C:\Windows\System\NGqlkKj.exe
  2⤵
  PID:7020
- C:\Windows\System\nJvlJSu.exe
  C:\Windows\System\nJvlJSu.exe
  2⤵
  PID:7036
- C:\Windows\System\HkcAotB.exe
  C:\Windows\System\HkcAotB.exe
  2⤵
  PID:7052
- C:\Windows\System\zICFcvV.exe
  C:\Windows\System\zICFcvV.exe
  2⤵
  PID:7068
- C:\Windows\System\VOsBzxd.exe
  C:\Windows\System\VOsBzxd.exe
  2⤵
  PID:7084
- C:\Windows\System\fkHGlsM.exe
  C:\Windows\System\fkHGlsM.exe
  2⤵
  PID:7100
- C:\Windows\System\sGTdxxN.exe
  C:\Windows\System\sGTdxxN.exe
  2⤵
  PID:7116
- C:\Windows\System\ZBCLNAM.exe
  C:\Windows\System\ZBCLNAM.exe
  2⤵
  PID:7132
- C:\Windows\System\vyURAci.exe
  C:\Windows\System\vyURAci.exe
  2⤵
  PID:7148
- C:\Windows\System\IMKtiRo.exe
  C:\Windows\System\IMKtiRo.exe
  2⤵
  PID:7164
- C:\Windows\System\VIuqnaz.exe
  C:\Windows\System\VIuqnaz.exe
  2⤵
  PID:6080
- C:\Windows\System\rixiXVX.exe
  C:\Windows\System\rixiXVX.exe
  2⤵
  PID:6064
- C:\Windows\System\mAcqKnh.exe
  C:\Windows\System\mAcqKnh.exe
  2⤵
  PID:2904
- C:\Windows\System\InLwixS.exe
  C:\Windows\System\InLwixS.exe
  2⤵
  PID:6192
- C:\Windows\System\mEGfCMD.exe
  C:\Windows\System\mEGfCMD.exe
  2⤵
  PID:4732
- C:\Windows\System\RzhxOcO.exe
  C:\Windows\System\RzhxOcO.exe
  2⤵
  PID:6208
- C:\Windows\System\qaXtGOw.exe
  C:\Windows\System\qaXtGOw.exe
  2⤵
  PID:6224
- C:\Windows\System\ukeXKxa.exe
  C:\Windows\System\ukeXKxa.exe
  2⤵
  PID:6288
- C:\Windows\System\kVTiUsG.exe
  C:\Windows\System\kVTiUsG.exe
  2⤵
  PID:6324
- C:\Windows\System\afmkoJC.exe
  C:\Windows\System\afmkoJC.exe
  2⤵
  PID:6388
- C:\Windows\System\HPVhqMO.exe
  C:\Windows\System\HPVhqMO.exe
  2⤵
  PID:6448
- C:\Windows\System\NbtAGZk.exe
  C:\Windows\System\NbtAGZk.exe
  2⤵
  PID:6512
- C:\Windows\System\kpvkAvM.exe
  C:\Windows\System\kpvkAvM.exe
  2⤵
  PID:6576
- C:\Windows\System\fFJBzCo.exe
  C:\Windows\System\fFJBzCo.exe
  2⤵
  PID:6612
- C:\Windows\System\WyVZQRS.exe
  C:\Windows\System\WyVZQRS.exe
  2⤵
  PID:920
- C:\Windows\System\rfZjUFr.exe
  C:\Windows\System\rfZjUFr.exe
  2⤵
  PID:6736
- C:\Windows\System\tWJRJts.exe
  C:\Windows\System\tWJRJts.exe
  2⤵
  PID:6768
- C:\Windows\System\SKXhEGe.exe
  C:\Windows\System\SKXhEGe.exe
  2⤵
  PID:6720
- C:\Windows\System\gZVLaCy.exe
  C:\Windows\System\gZVLaCy.exe
  2⤵
  PID:6368
- C:\Windows\System\GeenRTl.exe
  C:\Windows\System\GeenRTl.exe
  2⤵
  PID:6432
- C:\Windows\System\ToxLhwr.exe
  C:\Windows\System\ToxLhwr.exe
  2⤵
  PID:6496
- C:\Windows\System\vHegfHU.exe
  C:\Windows\System\vHegfHU.exe
  2⤵
  PID:2868
- C:\Windows\System\GbHpukK.exe
  C:\Windows\System\GbHpukK.exe
  2⤵
  PID:6624
- C:\Windows\System\ccceTZE.exe
  C:\Windows\System\ccceTZE.exe
  2⤵
  PID:6836
- C:\Windows\System\rZheKGf.exe
  C:\Windows\System\rZheKGf.exe
  2⤵
  PID:6752
- C:\Windows\System\ZDWBCHH.exe
  C:\Windows\System\ZDWBCHH.exe
  2⤵
  PID:6820
- C:\Windows\System\OuhIvhT.exe
  C:\Windows\System\OuhIvhT.exe
  2⤵
  PID:6856
- C:\Windows\System\yPuXbDk.exe
  C:\Windows\System\yPuXbDk.exe
  2⤵
  PID:6900
- C:\Windows\System\LFkUivV.exe
  C:\Windows\System\LFkUivV.exe
  2⤵
  PID:6936
- C:\Windows\System\nKiBEQk.exe
  C:\Windows\System\nKiBEQk.exe
  2⤵
  PID:6920
- C:\Windows\System\DkLHHAD.exe
  C:\Windows\System\DkLHHAD.exe
  2⤵
  PID:6980
- C:\Windows\System\qioytyw.exe
  C:\Windows\System\qioytyw.exe
  2⤵
  PID:7028
- C:\Windows\System\ZywUDux.exe
  C:\Windows\System\ZywUDux.exe
  2⤵
  PID:7032
- C:\Windows\System\DcNvppj.exe
  C:\Windows\System\DcNvppj.exe
  2⤵
  PID:7096
- C:\Windows\System\SQFyteb.exe
  C:\Windows\System\SQFyteb.exe
  2⤵
  PID:7160
- C:\Windows\System\LcioIpm.exe
  C:\Windows\System\LcioIpm.exe
  2⤵
  PID:6160
- C:\Windows\System\UsbcOas.exe
  C:\Windows\System\UsbcOas.exe
  2⤵
  PID:7044
- C:\Windows\System\kjRqCcT.exe
  C:\Windows\System\kjRqCcT.exe
  2⤵
  PID:7112
- C:\Windows\System\BKrsKeZ.exe
  C:\Windows\System\BKrsKeZ.exe
  2⤵
  PID:5976
- C:\Windows\System\lAAJlbL.exe
  C:\Windows\System\lAAJlbL.exe
  2⤵
  PID:2152
- C:\Windows\System\QjhBpiA.exe
  C:\Windows\System\QjhBpiA.exe
  2⤵
  PID:6240
- C:\Windows\System\uXkjvlG.exe
  C:\Windows\System\uXkjvlG.exe
  2⤵
  PID:6384
- C:\Windows\System\oGBPNGA.exe
  C:\Windows\System\oGBPNGA.exe
  2⤵
  PID:6480
- C:\Windows\System\yLglvqf.exe
  C:\Windows\System\yLglvqf.exe
  2⤵
  PID:6704
- C:\Windows\System\yRTCYOA.exe
  C:\Windows\System\yRTCYOA.exe
  2⤵
  PID:2000
- C:\Windows\System\SJWjotT.exe
  C:\Windows\System\SJWjotT.exe
  2⤵
  PID:6304
- C:\Windows\System\mwzGMNj.exe
  C:\Windows\System\mwzGMNj.exe
  2⤵
  PID:6548
- C:\Windows\System\lZPJmVJ.exe
  C:\Windows\System\lZPJmVJ.exe
  2⤵
  PID:6404
- C:\Windows\System\rVmDSGc.exe
  C:\Windows\System\rVmDSGc.exe
  2⤵
  PID:6656
- C:\Windows\System\oMLetme.exe
  C:\Windows\System\oMLetme.exe
  2⤵
  PID:6840
- C:\Windows\System\oMViyoj.exe
  C:\Windows\System\oMViyoj.exe
  2⤵
  PID:6784
- C:\Windows\System\YfyuBSj.exe
  C:\Windows\System\YfyuBSj.exe
  2⤵
  PID:6872
- C:\Windows\System\EvANgNY.exe
  C:\Windows\System\EvANgNY.exe
  2⤵
  PID:6996
- C:\Windows\System\HUWnRcM.exe
  C:\Windows\System\HUWnRcM.exe
  2⤵
  PID:2792
- C:\Windows\System\xRFVXFj.exe
  C:\Windows\System\xRFVXFj.exe
  2⤵
  PID:7092
- C:\Windows\System\OcjxhPh.exe
  C:\Windows\System\OcjxhPh.exe
  2⤵
  PID:5144
- C:\Windows\System\EZdqgxd.exe
  C:\Windows\System\EZdqgxd.exe
  2⤵
  PID:6580
- C:\Windows\System\dZjEmpy.exe
  C:\Windows\System\dZjEmpy.exe
  2⤵
  PID:580
- C:\Windows\System\UfadkBB.exe
  C:\Windows\System\UfadkBB.exe
  2⤵
  PID:2964
- C:\Windows\System\TlixAta.exe
  C:\Windows\System\TlixAta.exe
  2⤵
  PID:7144
- C:\Windows\System\JOGJqKv.exe
  C:\Windows\System\JOGJqKv.exe
  2⤵
  PID:6320
- C:\Windows\System\nNLiuVu.exe
  C:\Windows\System\nNLiuVu.exe
  2⤵
  PID:6276
- C:\Windows\System\junajHg.exe
  C:\Windows\System\junajHg.exe
  2⤵
  PID:7128
- C:\Windows\System\FxaCcyt.exe
  C:\Windows\System\FxaCcyt.exe
  2⤵
  PID:1500
- C:\Windows\System\DHGYssB.exe
  C:\Windows\System\DHGYssB.exe
  2⤵
  PID:7016
- C:\Windows\System\shUmsWE.exe
  C:\Windows\System\shUmsWE.exe
  2⤵
  PID:6964
- C:\Windows\System\ihddIcl.exe
  C:\Windows\System\ihddIcl.exe
  2⤵
  PID:7076
- C:\Windows\System\JWfnMYs.exe
  C:\Windows\System\JWfnMYs.exe
  2⤵
  PID:2536
- C:\Windows\System\tWZUmaf.exe
  C:\Windows\System\tWZUmaf.exe
  2⤵
  PID:6532
- C:\Windows\System\cxdCVEp.exe
  C:\Windows\System\cxdCVEp.exe
  2⤵
  PID:6968
- C:\Windows\System\wVSLPIa.exe
  C:\Windows\System\wVSLPIa.exe
  2⤵
  PID:7184
- C:\Windows\System\mRubrSe.exe
  C:\Windows\System\mRubrSe.exe
  2⤵
  PID:7200
- C:\Windows\System\DxMeuHn.exe
  C:\Windows\System\DxMeuHn.exe
  2⤵
  PID:7216
- C:\Windows\System\tkaTDsQ.exe
  C:\Windows\System\tkaTDsQ.exe
  2⤵
  PID:7232
- C:\Windows\System\vJPjIOy.exe
  C:\Windows\System\vJPjIOy.exe
  2⤵
  PID:7252
- C:\Windows\System\vNmnpag.exe
  C:\Windows\System\vNmnpag.exe
  2⤵
  PID:7268
- C:\Windows\System\rtBGgSE.exe
  C:\Windows\System\rtBGgSE.exe
  2⤵
  PID:7284
- C:\Windows\System\GxGLVby.exe
  C:\Windows\System\GxGLVby.exe
  2⤵
  PID:7300
- C:\Windows\System\WEDfYVE.exe
  C:\Windows\System\WEDfYVE.exe
  2⤵
  PID:7316
- C:\Windows\System\KaaNYvC.exe
  C:\Windows\System\KaaNYvC.exe
  2⤵
  PID:7332
- C:\Windows\System\NajJonU.exe
  C:\Windows\System\NajJonU.exe
  2⤵
  PID:7348
- C:\Windows\System\KromRYv.exe
  C:\Windows\System\KromRYv.exe
  2⤵
  PID:7364
- C:\Windows\System\fRHDXqx.exe
  C:\Windows\System\fRHDXqx.exe
  2⤵
  PID:7380
- C:\Windows\System\DzFeXSi.exe
  C:\Windows\System\DzFeXSi.exe
  2⤵
  PID:7396
- C:\Windows\System\OCUCBtq.exe
  C:\Windows\System\OCUCBtq.exe
  2⤵
  PID:7416
- C:\Windows\System\ipVnWKb.exe
  C:\Windows\System\ipVnWKb.exe
  2⤵
  PID:7432
- C:\Windows\System\bIpXTme.exe
  C:\Windows\System\bIpXTme.exe
  2⤵
  PID:7456
- C:\Windows\System\HguUUES.exe
  C:\Windows\System\HguUUES.exe
  2⤵
  PID:7472
- C:\Windows\System\hzImLFX.exe
  C:\Windows\System\hzImLFX.exe
  2⤵
  PID:7488
- C:\Windows\System\OIkEUBH.exe
  C:\Windows\System\OIkEUBH.exe
  2⤵
  PID:7504
- C:\Windows\System\XFozzok.exe
  C:\Windows\System\XFozzok.exe
  2⤵
  PID:7520
- C:\Windows\System\twKarRZ.exe
  C:\Windows\System\twKarRZ.exe
  2⤵
  PID:7536
- C:\Windows\System\wKuyEOu.exe
  C:\Windows\System\wKuyEOu.exe
  2⤵
  PID:7552
- C:\Windows\System\USwBGPB.exe
  C:\Windows\System\USwBGPB.exe
  2⤵
  PID:7568
- C:\Windows\System\tPvchPP.exe
  C:\Windows\System\tPvchPP.exe
  2⤵
  PID:7584
- C:\Windows\System\tZAmCLv.exe
  C:\Windows\System\tZAmCLv.exe
  2⤵
  PID:7600
- C:\Windows\System\ulpWjUq.exe
  C:\Windows\System\ulpWjUq.exe
  2⤵
  PID:7616
- C:\Windows\System\tAjmAdG.exe
  C:\Windows\System\tAjmAdG.exe
  2⤵
  PID:7632
- C:\Windows\System\SJMeMFS.exe
  C:\Windows\System\SJMeMFS.exe
  2⤵
  PID:7648
- C:\Windows\System\qFmpDCE.exe
  C:\Windows\System\qFmpDCE.exe
  2⤵
  PID:7664
- C:\Windows\System\JISogft.exe
  C:\Windows\System\JISogft.exe
  2⤵
  PID:7680
- C:\Windows\System\uMpqksU.exe
  C:\Windows\System\uMpqksU.exe
  2⤵
  PID:7700
- C:\Windows\System\frCbIGS.exe
  C:\Windows\System\frCbIGS.exe
  2⤵
  PID:7716
- C:\Windows\System\hpSCbRq.exe
  C:\Windows\System\hpSCbRq.exe
  2⤵
  PID:7732
- C:\Windows\System\bUNzlDp.exe
  C:\Windows\System\bUNzlDp.exe
  2⤵
  PID:7748
- C:\Windows\System\zHefWEK.exe
  C:\Windows\System\zHefWEK.exe
  2⤵
  PID:7768
- C:\Windows\System\RWTdKwV.exe
  C:\Windows\System\RWTdKwV.exe
  2⤵
  PID:7788
- C:\Windows\System\TViAuTx.exe
  C:\Windows\System\TViAuTx.exe
  2⤵
  PID:7804
- C:\Windows\System\Bdztdek.exe
  C:\Windows\System\Bdztdek.exe
  2⤵
  PID:7820
- C:\Windows\System\ZOxKbId.exe
  C:\Windows\System\ZOxKbId.exe
  2⤵
  PID:7836
- C:\Windows\System\yKSsoVQ.exe
  C:\Windows\System\yKSsoVQ.exe
  2⤵
  PID:7852
- C:\Windows\System\uLcSyXR.exe
  C:\Windows\System\uLcSyXR.exe
  2⤵
  PID:7868
- C:\Windows\System\GFCoRcw.exe
  C:\Windows\System\GFCoRcw.exe
  2⤵
  PID:7884
- C:\Windows\System\JebAcyL.exe
  C:\Windows\System\JebAcyL.exe
  2⤵
  PID:7900
- C:\Windows\System\LASYgpF.exe
  C:\Windows\System\LASYgpF.exe
  2⤵
  PID:7916
- C:\Windows\System\qikPZgB.exe
  C:\Windows\System\qikPZgB.exe
  2⤵
  PID:7932
- C:\Windows\System\dYXPHZJ.exe
  C:\Windows\System\dYXPHZJ.exe
  2⤵
  PID:7948
- C:\Windows\System\cBuCLmk.exe
  C:\Windows\System\cBuCLmk.exe
  2⤵
  PID:7964
- C:\Windows\System\vYqcZho.exe
  C:\Windows\System\vYqcZho.exe
  2⤵
  PID:7980
- C:\Windows\System\gZUtCcP.exe
  C:\Windows\System\gZUtCcP.exe
  2⤵
  PID:7996
- C:\Windows\System\TwUIXzy.exe
  C:\Windows\System\TwUIXzy.exe
  2⤵
  PID:8012
- C:\Windows\System\tjiuITo.exe
  C:\Windows\System\tjiuITo.exe
  2⤵
  PID:8028
- C:\Windows\System\jVZkPLU.exe
  C:\Windows\System\jVZkPLU.exe
  2⤵
  PID:8044
- C:\Windows\System\AOXRoUB.exe
  C:\Windows\System\AOXRoUB.exe
  2⤵
  PID:8060
- C:\Windows\System\JgDHonL.exe
  C:\Windows\System\JgDHonL.exe
  2⤵
  PID:8076
- C:\Windows\System\EdcoROC.exe
  C:\Windows\System\EdcoROC.exe
  2⤵
  PID:8092
- C:\Windows\System\FhMfOSv.exe
  C:\Windows\System\FhMfOSv.exe
  2⤵
  PID:8108
- C:\Windows\System\CHSSMLR.exe
  C:\Windows\System\CHSSMLR.exe
  2⤵
  PID:8124
- C:\Windows\System\qJVWIjZ.exe
  C:\Windows\System\qJVWIjZ.exe
  2⤵
  PID:8140
- C:\Windows\System\GeVngdD.exe
  C:\Windows\System\GeVngdD.exe
  2⤵
  PID:8156
- C:\Windows\System\JmGxglk.exe
  C:\Windows\System\JmGxglk.exe
  2⤵
  PID:8172
- C:\Windows\System\BZaeCEW.exe
  C:\Windows\System\BZaeCEW.exe
  2⤵
  PID:8188
- C:\Windows\System\EZOeaHd.exe
  C:\Windows\System\EZOeaHd.exe
  2⤵
  PID:7180
- C:\Windows\System\IIhSNTb.exe
  C:\Windows\System\IIhSNTb.exe
  2⤵
  PID:7240
- C:\Windows\System\voIxfSX.exe
  C:\Windows\System\voIxfSX.exe
  2⤵
  PID:7308
- C:\Windows\System\ajbGeGY.exe
  C:\Windows\System\ajbGeGY.exe
  2⤵
  PID:6804
- C:\Windows\System\DQIvLSS.exe
  C:\Windows\System\DQIvLSS.exe
  2⤵
  PID:7344
- C:\Windows\System\tElPmwS.exe
  C:\Windows\System\tElPmwS.exe
  2⤵
  PID:556
- C:\Windows\System\urJMLbk.exe
  C:\Windows\System\urJMLbk.exe
  2⤵
  PID:6272
- C:\Windows\System\zyNOnMl.exe
  C:\Windows\System\zyNOnMl.exe
  2⤵
  PID:7356
- C:\Windows\System\zKEGmJv.exe
  C:\Windows\System\zKEGmJv.exe
  2⤵
  PID:7224
- C:\Windows\System\oHHEVIb.exe
  C:\Windows\System\oHHEVIb.exe
  2⤵
  PID:7296
- C:\Windows\System\IuotYuD.exe
  C:\Windows\System\IuotYuD.exe
  2⤵
  PID:7388
- C:\Windows\System\kHYtqJX.exe
  C:\Windows\System\kHYtqJX.exe
  2⤵
  PID:7452
- C:\Windows\System\eZYCDtu.exe
  C:\Windows\System\eZYCDtu.exe
  2⤵
  PID:7428
- C:\Windows\System\vuICpDd.exe
  C:\Windows\System\vuICpDd.exe
  2⤵
  PID:7484
- C:\Windows\System\RxqVKVm.exe
  C:\Windows\System\RxqVKVm.exe
  2⤵
  PID:7544
- C:\Windows\System\ZLDhsfg.exe
  C:\Windows\System\ZLDhsfg.exe
  2⤵
  PID:7580
- C:\Windows\System\duLjuxA.exe
  C:\Windows\System\duLjuxA.exe
  2⤵
  PID:7640
- C:\Windows\System\dZERDTY.exe
  C:\Windows\System\dZERDTY.exe
  2⤵
  PID:7532
- C:\Windows\System\BNhBbQD.exe
  C:\Windows\System\BNhBbQD.exe
  2⤵
  PID:7628
- C:\Windows\System\ZOloWyv.exe
  C:\Windows\System\ZOloWyv.exe
  2⤵
  PID:7676
- C:\Windows\System\ooLCcZl.exe
  C:\Windows\System\ooLCcZl.exe
  2⤵
  PID:7712
- C:\Windows\System\llprSkT.exe
  C:\Windows\System\llprSkT.exe
  2⤵
  PID:7740
- C:\Windows\System\QSjoRGo.exe
  C:\Windows\System\QSjoRGo.exe
  2⤵
  PID:7784
- C:\Windows\System\JrdmigS.exe
  C:\Windows\System\JrdmigS.exe
  2⤵
  PID:7816
- C:\Windows\System\FUNJPwa.exe
  C:\Windows\System\FUNJPwa.exe
  2⤵
  PID:7848
- C:\Windows\System\iLwPRKR.exe
  C:\Windows\System\iLwPRKR.exe
  2⤵
  PID:2592
- C:\Windows\System\emZdMDo.exe
  C:\Windows\System\emZdMDo.exe
  2⤵
  PID:7896
- C:\Windows\System\sWkFknk.exe
  C:\Windows\System\sWkFknk.exe
  2⤵
  PID:7928
- C:\Windows\System\MOWIjcA.exe
  C:\Windows\System\MOWIjcA.exe
  2⤵
  PID:7960
- C:\Windows\System\YfLZSqg.exe
  C:\Windows\System\YfLZSqg.exe
  2⤵
  PID:7992
- C:\Windows\System\xvjssId.exe
  C:\Windows\System\xvjssId.exe
  2⤵
  PID:8040
- C:\Windows\System\mhYOPxj.exe
  C:\Windows\System\mhYOPxj.exe
  2⤵
  PID:8104
- C:\Windows\System\SWTWAUt.exe
  C:\Windows\System\SWTWAUt.exe
  2⤵
  PID:8168
- C:\Windows\System\iOhcjyv.exe
  C:\Windows\System\iOhcjyv.exe
  2⤵
  PID:7276
- C:\Windows\System\LDvjbPB.exe
  C:\Windows\System\LDvjbPB.exe
  2⤵
  PID:7340
- C:\Windows\System\wHVGnzs.exe
  C:\Windows\System\wHVGnzs.exe
  2⤵
  PID:8152
- C:\Windows\System\QFExAlQ.exe
  C:\Windows\System\QFExAlQ.exe
  2⤵
  PID:7196
- C:\Windows\System\aTajFxW.exe
  C:\Windows\System\aTajFxW.exe
  2⤵
  PID:7496
- C:\Windows\System\mHStgkN.exe
  C:\Windows\System\mHStgkN.exe
  2⤵
  PID:7212
- C:\Windows\System\uCanMxt.exe
  C:\Windows\System\uCanMxt.exe
  2⤵
  PID:2700
- C:\Windows\System\hLUaciW.exe
  C:\Windows\System\hLUaciW.exe
  2⤵
  PID:8120
- C:\Windows\System\vMQIoaV.exe
  C:\Windows\System\vMQIoaV.exe
  2⤵
  PID:7644
- C:\Windows\System\WAIyvnF.exe
  C:\Windows\System\WAIyvnF.exe
  2⤵
  PID:7564
- C:\Windows\System\CKBtDpU.exe
  C:\Windows\System\CKBtDpU.exe
  2⤵
  PID:7596
- C:\Windows\System\WjEVsrr.exe
  C:\Windows\System\WjEVsrr.exe
  2⤵
  PID:7624
- C:\Windows\System\ADuTiwB.exe
  C:\Windows\System\ADuTiwB.exe
  2⤵
  PID:2940
- C:\Windows\System\xVfXrRS.exe
  C:\Windows\System\xVfXrRS.exe
  2⤵
  PID:7756
- C:\Windows\System\BAFskvf.exe
  C:\Windows\System\BAFskvf.exe
  2⤵
  PID:7812
- C:\Windows\System\FdDPDgc.exe
  C:\Windows\System\FdDPDgc.exe
  2⤵
  PID:7892
- C:\Windows\System\ZgRLfLz.exe
  C:\Windows\System\ZgRLfLz.exe
  2⤵
  PID:8036
- C:\Windows\System\SWiwDLh.exe
  C:\Windows\System\SWiwDLh.exe
  2⤵
  PID:8136
- C:\Windows\System\qjtKOHv.exe
  C:\Windows\System\qjtKOHv.exe
  2⤵
  PID:7312
- C:\Windows\System\HzqmydU.exe
  C:\Windows\System\HzqmydU.exe
  2⤵
  PID:7176
- C:\Windows\System\mzwpWrj.exe
  C:\Windows\System\mzwpWrj.exe
  2⤵
  PID:8184
- C:\Windows\System\WsJEgYS.exe
  C:\Windows\System\WsJEgYS.exe
  2⤵
  PID:8148
- C:\Windows\System\HJbhTfg.exe
  C:\Windows\System\HJbhTfg.exe
  2⤵
  PID:8116
- C:\Windows\System\mTQMwiq.exe
  C:\Windows\System\mTQMwiq.exe
  2⤵
  PID:7376
- C:\Windows\System\tXNfZGt.exe
  C:\Windows\System\tXNfZGt.exe
  2⤵
  PID:6788
- C:\Windows\System\IrXIYna.exe
  C:\Windows\System\IrXIYna.exe
  2⤵
  PID:7876
- C:\Windows\System\TWnYSjD.exe
  C:\Windows\System\TWnYSjD.exe
  2⤵
  PID:7560
- C:\Windows\System\HnXAYYA.exe
  C:\Windows\System\HnXAYYA.exe
  2⤵
  PID:8100
- C:\Windows\System\WHpocNG.exe
  C:\Windows\System\WHpocNG.exe
  2⤵
  PID:6528
- C:\Windows\System\ApzUpxZ.exe
  C:\Windows\System\ApzUpxZ.exe
  2⤵
  PID:8084
- C:\Windows\System\GqcBzVG.exe
  C:\Windows\System\GqcBzVG.exe
  2⤵
  PID:8204
- C:\Windows\System\mlmzNHS.exe
  C:\Windows\System\mlmzNHS.exe
  2⤵
  PID:8220
- C:\Windows\System\WBenXlr.exe
  C:\Windows\System\WBenXlr.exe
  2⤵
  PID:8236
- C:\Windows\System\LpRzTyS.exe
  C:\Windows\System\LpRzTyS.exe
  2⤵
  PID:8252
- C:\Windows\System\BaYuShh.exe
  C:\Windows\System\BaYuShh.exe
  2⤵
  PID:8268
- C:\Windows\System\YLTrwfc.exe
  C:\Windows\System\YLTrwfc.exe
  2⤵
  PID:8284
- C:\Windows\System\DDGXExl.exe
  C:\Windows\System\DDGXExl.exe
  2⤵
  PID:8300
- C:\Windows\System\wHsLcjR.exe
  C:\Windows\System\wHsLcjR.exe
  2⤵
  PID:8316
- C:\Windows\System\YzfgZvb.exe
  C:\Windows\System\YzfgZvb.exe
  2⤵
  PID:8332
- C:\Windows\System\WcrMuiB.exe
  C:\Windows\System\WcrMuiB.exe
  2⤵
  PID:8348
- C:\Windows\System\qulvXoC.exe
  C:\Windows\System\qulvXoC.exe
  2⤵
  PID:8364
- C:\Windows\System\ofjXHcK.exe
  C:\Windows\System\ofjXHcK.exe
  2⤵
  PID:8380
- C:\Windows\System\jsariqb.exe
  C:\Windows\System\jsariqb.exe
  2⤵
  PID:8396
- C:\Windows\System\FTzDFBY.exe
  C:\Windows\System\FTzDFBY.exe
  2⤵
  PID:8412
- C:\Windows\System\ztDzdPL.exe
  C:\Windows\System\ztDzdPL.exe
  2⤵
  PID:8428
- C:\Windows\System\zHmpfam.exe
  C:\Windows\System\zHmpfam.exe
  2⤵
  PID:8444
- C:\Windows\System\qXPMhoS.exe
  C:\Windows\System\qXPMhoS.exe
  2⤵
  PID:8460
- C:\Windows\System\PCbrJQF.exe
  C:\Windows\System\PCbrJQF.exe
  2⤵
  PID:8476
- C:\Windows\System\ACdBucM.exe
  C:\Windows\System\ACdBucM.exe
  2⤵
  PID:8492
- C:\Windows\System\ZctrPMV.exe
  C:\Windows\System\ZctrPMV.exe
  2⤵
  PID:8508
- C:\Windows\System\DMcGWbX.exe
  C:\Windows\System\DMcGWbX.exe
  2⤵
  PID:8524
- C:\Windows\System\eowWZGr.exe
  C:\Windows\System\eowWZGr.exe
  2⤵
  PID:8540
- C:\Windows\System\VdEGTJc.exe
  C:\Windows\System\VdEGTJc.exe
  2⤵
  PID:8560
- C:\Windows\System\pErfxyz.exe
  C:\Windows\System\pErfxyz.exe
  2⤵
  PID:8576
- C:\Windows\System\DyTyBZQ.exe
  C:\Windows\System\DyTyBZQ.exe
  2⤵
  PID:8592
- C:\Windows\System\lcMHgpg.exe
  C:\Windows\System\lcMHgpg.exe
  2⤵
  PID:8608
- C:\Windows\System\KdkoSvT.exe
  C:\Windows\System\KdkoSvT.exe
  2⤵
  PID:8624
- C:\Windows\System\kLWuity.exe
  C:\Windows\System\kLWuity.exe
  2⤵
  PID:8640
- C:\Windows\System\CbauZbL.exe
  C:\Windows\System\CbauZbL.exe
  2⤵
  PID:8656
- C:\Windows\System\DrNiyhu.exe
  C:\Windows\System\DrNiyhu.exe
  2⤵
  PID:8672
- C:\Windows\System\huLDEVY.exe
  C:\Windows\System\huLDEVY.exe
  2⤵
  PID:8688
- C:\Windows\System\sLDLKCJ.exe
  C:\Windows\System\sLDLKCJ.exe
  2⤵
  PID:8704
- C:\Windows\System\MghbOIe.exe
  C:\Windows\System\MghbOIe.exe
  2⤵
  PID:8720
- C:\Windows\System\GpwalwL.exe
  C:\Windows\System\GpwalwL.exe
  2⤵
  PID:8736
- C:\Windows\System\DtbtMkQ.exe
  C:\Windows\System\DtbtMkQ.exe
  2⤵
  PID:8752
- C:\Windows\System\UinDkmM.exe
  C:\Windows\System\UinDkmM.exe
  2⤵
  PID:8768
- C:\Windows\System\XTVzMwk.exe
  C:\Windows\System\XTVzMwk.exe
  2⤵
  PID:8796
- C:\Windows\System\XpmTPZj.exe
  C:\Windows\System\XpmTPZj.exe
  2⤵
  PID:8828
- C:\Windows\System\bFtbvPf.exe
  C:\Windows\System\bFtbvPf.exe
  2⤵
  PID:8852
- C:\Windows\System\StJzEQU.exe
  C:\Windows\System\StJzEQU.exe
  2⤵
  PID:8876
- C:\Windows\System\KBmqBJl.exe
  C:\Windows\System\KBmqBJl.exe
  2⤵
  PID:8896
- C:\Windows\System\cGJhAZH.exe
  C:\Windows\System\cGJhAZH.exe
  2⤵
  PID:8916
- C:\Windows\System\dgsIuYP.exe
  C:\Windows\System\dgsIuYP.exe
  2⤵
  PID:8936
- C:\Windows\System\JoZUGlP.exe
  C:\Windows\System\JoZUGlP.exe
  2⤵
  PID:8956
- C:\Windows\System\mWcmFlZ.exe
  C:\Windows\System\mWcmFlZ.exe
  2⤵
  PID:9044
- C:\Windows\System\odFCHLA.exe
  C:\Windows\System\odFCHLA.exe
  2⤵
  PID:8636
- C:\Windows\System\sfsukSj.exe
  C:\Windows\System\sfsukSj.exe
  2⤵
  PID:8484
- C:\Windows\System\XolwFMV.exe
  C:\Windows\System\XolwFMV.exe
  2⤵
  PID:7108
- C:\Windows\System\HgRxLjF.exe
  C:\Windows\System\HgRxLjF.exe
  2⤵
  PID:8264
- C:\Windows\System\RlPCQnG.exe
  C:\Windows\System\RlPCQnG.exe
  2⤵
  PID:8548
- C:\Windows\System\djiKInw.exe
  C:\Windows\System\djiKInw.exe
  2⤵
  PID:7924
- C:\Windows\System\XjpMVhr.exe
  C:\Windows\System\XjpMVhr.exe
  2⤵
  PID:8228
- C:\Windows\System\oGTtGyq.exe
  C:\Windows\System\oGTtGyq.exe
  2⤵
  PID:8392
- C:\Windows\System\lQqIBhm.exe
  C:\Windows\System\lQqIBhm.exe
  2⤵
  PID:8648
- C:\Windows\System\JCZFHQm.exe
  C:\Windows\System\JCZFHQm.exe
  2⤵
  PID:8712
- C:\Windows\System\wBpiqZi.exe
  C:\Windows\System\wBpiqZi.exe
  2⤵
  PID:8764
- C:\Windows\System\EQaJtEQ.exe
  C:\Windows\System\EQaJtEQ.exe
  2⤵
  PID:8812
- C:\Windows\System\FHJqGVk.exe
  C:\Windows\System\FHJqGVk.exe
  2⤵
  PID:8860
- C:\Windows\System\GNAdvdK.exe
  C:\Windows\System\GNAdvdK.exe
  2⤵
  PID:8904
- C:\Windows\System\FQxJiRK.exe
  C:\Windows\System\FQxJiRK.exe
  2⤵
  PID:8944
- C:\Windows\System\PKFTJjc.exe
  C:\Windows\System\PKFTJjc.exe
  2⤵
  PID:8848
- C:\Windows\System\BDACDRV.exe
  C:\Windows\System\BDACDRV.exe
  2⤵
  PID:8888
- C:\Windows\System\szUMoOq.exe
  C:\Windows\System\szUMoOq.exe
  2⤵
  PID:8964
- C:\Windows\System\XtJdbAp.exe
  C:\Windows\System\XtJdbAp.exe
  2⤵
  PID:8972
- C:\Windows\System\QfQMbDt.exe
  C:\Windows\System\QfQMbDt.exe
  2⤵
  PID:8996
- C:\Windows\System\wHMjtSu.exe
  C:\Windows\System\wHMjtSu.exe
  2⤵
  PID:9012
- C:\Windows\System\gPMnjaO.exe
  C:\Windows\System\gPMnjaO.exe
  2⤵
  PID:9032
- C:\Windows\System\iOYhLrt.exe
  C:\Windows\System\iOYhLrt.exe
  2⤵
  PID:9040
- C:\Windows\System\PKOlMzd.exe
  C:\Windows\System\PKOlMzd.exe
  2⤵
  PID:9060
- C:\Windows\System\MYcDkpI.exe
  C:\Windows\System\MYcDkpI.exe
  2⤵
  PID:9092
- C:\Windows\System\WdyLOwN.exe
  C:\Windows\System\WdyLOwN.exe
  2⤵
  PID:9108
- C:\Windows\System\rjkUjqN.exe
  C:\Windows\System\rjkUjqN.exe
  2⤵
  PID:9124
- C:\Windows\System\DqbriHd.exe
  C:\Windows\System\DqbriHd.exe
  2⤵
  PID:9140
- C:\Windows\System\VbfQnGd.exe
  C:\Windows\System\VbfQnGd.exe
  2⤵
  PID:9156
- C:\Windows\System\fiHEGWg.exe
  C:\Windows\System\fiHEGWg.exe
  2⤵
  PID:9172
- C:\Windows\System\pnFFmLu.exe
  C:\Windows\System\pnFFmLu.exe
  2⤵
  PID:9188
- C:\Windows\System\drkXEGp.exe
  C:\Windows\System\drkXEGp.exe
  2⤵
  PID:9204
- C:\Windows\System\KIhwkOD.exe
  C:\Windows\System\KIhwkOD.exe
  2⤵
  PID:7832
- C:\Windows\System\brUYJZC.exe
  C:\Windows\System\brUYJZC.exe
  2⤵
  PID:8212
- C:\Windows\System\QGOgRXd.exe
  C:\Windows\System\QGOgRXd.exe
  2⤵
  PID:7468
- C:\Windows\System\gRyPueF.exe
  C:\Windows\System\gRyPueF.exe
  2⤵
  PID:8280
- C:\Windows\System\RsApNSo.exe
  C:\Windows\System\RsApNSo.exe
  2⤵
  PID:8344
- C:\Windows\System\yjNrCUj.exe
  C:\Windows\System\yjNrCUj.exe
  2⤵
  PID:8468
- C:\Windows\System\HTONOZL.exe
  C:\Windows\System\HTONOZL.exe
  2⤵
  PID:8500
- C:\Windows\System\hMAOfDt.exe
  C:\Windows\System\hMAOfDt.exe
  2⤵
  PID:8504
- C:\Windows\System\AzcLyZJ.exe
  C:\Windows\System\AzcLyZJ.exe
  2⤵
  PID:8572
- C:\Windows\System\HUuJEKi.exe
  C:\Windows\System\HUuJEKi.exe
  2⤵
  PID:8604
- C:\Windows\System\VzgByfx.exe
  C:\Windows\System\VzgByfx.exe
  2⤵
  PID:8356
- C:\Windows\System\Sxzynyi.exe
  C:\Windows\System\Sxzynyi.exe
  2⤵
  PID:8520
- C:\Windows\System\sAsiWRh.exe
  C:\Windows\System\sAsiWRh.exe
  2⤵
  PID:8200
- C:\Windows\System\bAAONwv.exe
  C:\Windows\System\bAAONwv.exe
  2⤵
  PID:8744
- C:\Windows\System\zIJPoro.exe
  C:\Windows\System\zIJPoro.exe
  2⤵
  PID:8912
- C:\Windows\System\wqUZHeR.exe
  C:\Windows\System\wqUZHeR.exe
  2⤵
  PID:8788
- C:\Windows\System\gbLktYZ.exe
  C:\Windows\System\gbLktYZ.exe
  2⤵
  PID:9008
- C:\Windows\System\HDsqmAY.exe
  C:\Windows\System\HDsqmAY.exe
  2⤵
  PID:8680
- C:\Windows\System\iHTBZqt.exe
  C:\Windows\System\iHTBZqt.exe
  2⤵
  PID:9120
- C:\Windows\System\nLtEYNv.exe
  C:\Windows\System\nLtEYNv.exe
  2⤵
  PID:6244
- C:\Windows\System\qEeQAKA.exe
  C:\Windows\System\qEeQAKA.exe
  2⤵
  PID:8804
- C:\Windows\System\LRBgTJt.exe
  C:\Windows\System\LRBgTJt.exe
  2⤵
  PID:8840
- C:\Windows\System\DBhnmVv.exe
  C:\Windows\System\DBhnmVv.exe
  2⤵
  PID:8980
- C:\Windows\System\aUtPHEP.exe
  C:\Windows\System\aUtPHEP.exe
  2⤵
  PID:9076
- C:\Windows\System\bYfOJhH.exe
  C:\Windows\System\bYfOJhH.exe
  2⤵
  PID:9104
- C:\Windows\System\pvSHBNx.exe
  C:\Windows\System\pvSHBNx.exe
  2⤵
  PID:9180
- C:\Windows\System\mUJbOnd.exe
  C:\Windows\System\mUJbOnd.exe
  2⤵
  PID:8244
- C:\Windows\System\UsPpfiZ.exe
  C:\Windows\System\UsPpfiZ.exe
  2⤵
  PID:9200
- C:\Windows\System\OSHmSDT.exe
  C:\Windows\System\OSHmSDT.exe
  2⤵
  PID:8276
- C:\Windows\System\CoJXSgN.exe
  C:\Windows\System\CoJXSgN.exe
  2⤵
  PID:8440
- C:\Windows\System\dbsCVZF.exe
  C:\Windows\System\dbsCVZF.exe
  2⤵
  PID:7528
- C:\Windows\System\SbvOixB.exe
  C:\Windows\System\SbvOixB.exe
  2⤵
  PID:8296
- C:\Windows\System\gpxrFpl.exe
  C:\Windows\System\gpxrFpl.exe
  2⤵
  PID:1576
- C:\Windows\System\CHlJFSH.exe
  C:\Windows\System\CHlJFSH.exe
  2⤵
  PID:8780
- C:\Windows\System\wrEMgfz.exe
  C:\Windows\System\wrEMgfz.exe
  2⤵
  PID:8820
- C:\Windows\System\pUzTBkB.exe
  C:\Windows\System\pUzTBkB.exe
  2⤵
  PID:8968
- C:\Windows\System\RlYvwlP.exe
  C:\Windows\System\RlYvwlP.exe
  2⤵
  PID:9020
- C:\Windows\System\hHTvbbc.exe
  C:\Windows\System\hHTvbbc.exe
  2⤵
  PID:9116
- C:\Windows\System\RriMSta.exe
  C:\Windows\System\RriMSta.exe
  2⤵
  PID:8684
- C:\Windows\System\GCRCEnb.exe
  C:\Windows\System\GCRCEnb.exe
  2⤵
  PID:9100
- C:\Windows\System\EZtnrut.exe
  C:\Windows\System\EZtnrut.exe
  2⤵
  PID:8472
- C:\Windows\System\eFwoova.exe
  C:\Windows\System\eFwoova.exe
  2⤵
  PID:3020
- C:\Windows\System\imazKsw.exe
  C:\Windows\System\imazKsw.exe
  2⤵
  PID:8248
- C:\Windows\System\uRQZPml.exe
  C:\Windows\System\uRQZPml.exe
  2⤵
  PID:9004
- C:\Windows\System\dosnxPQ.exe
  C:\Windows\System\dosnxPQ.exe
  2⤵
  PID:8884
- C:\Windows\System\mVjQavW.exe
  C:\Windows\System\mVjQavW.exe
  2⤵
  PID:700
- C:\Windows\System\jcGDvoL.exe
  C:\Windows\System\jcGDvoL.exe
  2⤵
  PID:8868
- C:\Windows\System\qwPZGhY.exe
  C:\Windows\System\qwPZGhY.exe
  2⤵
  PID:9196
- C:\Windows\System\FafgeUS.exe
  C:\Windows\System\FafgeUS.exe
  2⤵
  PID:9028
- C:\Windows\System\zyFRwAe.exe
  C:\Windows\System\zyFRwAe.exe
  2⤵
  PID:8932
- C:\Windows\System\xVcUsHQ.exe
  C:\Windows\System\xVcUsHQ.exe
  2⤵
  PID:8408
- C:\Windows\System\tPorUqu.exe
  C:\Windows\System\tPorUqu.exe
  2⤵
  PID:8196
- C:\Windows\System\CpmsDdU.exe
  C:\Windows\System\CpmsDdU.exe
  2⤵
  PID:9232
- C:\Windows\System\WxGcwrE.exe
  C:\Windows\System\WxGcwrE.exe
  2⤵
  PID:9248
- C:\Windows\System\eWaTasR.exe
  C:\Windows\System\eWaTasR.exe
  2⤵
  PID:9264
- C:\Windows\System\GElqoNn.exe
  C:\Windows\System\GElqoNn.exe
  2⤵
  PID:9280
- C:\Windows\System\ZVnYERc.exe
  C:\Windows\System\ZVnYERc.exe
  2⤵
  PID:9296
- C:\Windows\System\UiJMsPt.exe
  C:\Windows\System\UiJMsPt.exe
  2⤵
  PID:9312
- C:\Windows\System\BJETwpD.exe
  C:\Windows\System\BJETwpD.exe
  2⤵
  PID:9328
- C:\Windows\System\MIyHTcQ.exe
  C:\Windows\System\MIyHTcQ.exe
  2⤵
  PID:9344
- C:\Windows\System\nsXyVis.exe
  C:\Windows\System\nsXyVis.exe
  2⤵
  PID:9360
- C:\Windows\System\MPujXgd.exe
  C:\Windows\System\MPujXgd.exe
  2⤵
  PID:9376
- C:\Windows\System\IyhjsLj.exe
  C:\Windows\System\IyhjsLj.exe
  2⤵
  PID:9392
- C:\Windows\System\WXkmvBb.exe
  C:\Windows\System\WXkmvBb.exe
  2⤵
  PID:9408
- C:\Windows\System\xgumlsa.exe
  C:\Windows\System\xgumlsa.exe
  2⤵
  PID:9424
- C:\Windows\System\uQApBXF.exe
  C:\Windows\System\uQApBXF.exe
  2⤵
  PID:9440
- C:\Windows\System\tbTEdXj.exe
  C:\Windows\System\tbTEdXj.exe
  2⤵
  PID:9456
- C:\Windows\System\vnAzmWN.exe
  C:\Windows\System\vnAzmWN.exe
  2⤵
  PID:9472
- C:\Windows\System\erdsXzO.exe
  C:\Windows\System\erdsXzO.exe
  2⤵
  PID:9488
- C:\Windows\System\AnHwgTY.exe
  C:\Windows\System\AnHwgTY.exe
  2⤵
  PID:9504
- C:\Windows\System\OIzzRjK.exe
  C:\Windows\System\OIzzRjK.exe
  2⤵
  PID:9520
- C:\Windows\System\WsdhSia.exe
  C:\Windows\System\WsdhSia.exe
  2⤵
  PID:9536
- C:\Windows\System\VyKbWkE.exe
  C:\Windows\System\VyKbWkE.exe
  2⤵
  PID:9552
- C:\Windows\System\aiGYxlw.exe
  C:\Windows\System\aiGYxlw.exe
  2⤵
  PID:9572
- C:\Windows\System\RDNEIqg.exe
  C:\Windows\System\RDNEIqg.exe
  2⤵
  PID:9588
- C:\Windows\System\PSBmhRB.exe
  C:\Windows\System\PSBmhRB.exe
  2⤵
  PID:9604
- C:\Windows\System\EWEYuFZ.exe
  C:\Windows\System\EWEYuFZ.exe
  2⤵
  PID:9620
- C:\Windows\System\HNSjBDf.exe
  C:\Windows\System\HNSjBDf.exe
  2⤵
  PID:9636
- C:\Windows\System\wQLIVTX.exe
  C:\Windows\System\wQLIVTX.exe
  2⤵
  PID:9652
- C:\Windows\System\uKCuuMe.exe
  C:\Windows\System\uKCuuMe.exe
  2⤵
  PID:9672
- C:\Windows\System\ryXyknt.exe
  C:\Windows\System\ryXyknt.exe
  2⤵
  PID:9700
- C:\Windows\System\vQZNbNc.exe
  C:\Windows\System\vQZNbNc.exe
  2⤵
  PID:9736
- C:\Windows\System\AwkdzSv.exe
  C:\Windows\System\AwkdzSv.exe
  2⤵
  PID:9752
- C:\Windows\System\IkkyOnP.exe
  C:\Windows\System\IkkyOnP.exe
  2⤵
  PID:9768
- C:\Windows\System\JFwRBMH.exe
  C:\Windows\System\JFwRBMH.exe
  2⤵
  PID:9788
- C:\Windows\System\jrvMbFv.exe
  C:\Windows\System\jrvMbFv.exe
  2⤵
  PID:9804
- C:\Windows\System\kCiLrpf.exe
  C:\Windows\System\kCiLrpf.exe
  2⤵
  PID:9820
- C:\Windows\System\AuORTXw.exe
  C:\Windows\System\AuORTXw.exe
  2⤵
  PID:9840
- C:\Windows\System\tuicHrb.exe
  C:\Windows\System\tuicHrb.exe
  2⤵
  PID:9856
- C:\Windows\System\hcKozRE.exe
  C:\Windows\System\hcKozRE.exe
  2⤵
  PID:9872
- C:\Windows\System\uJRNhdM.exe
  C:\Windows\System\uJRNhdM.exe
  2⤵
  PID:9896
- C:\Windows\System\vOMwwPS.exe
  C:\Windows\System\vOMwwPS.exe
  2⤵
  PID:9916
- C:\Windows\System\QaexBsB.exe
  C:\Windows\System\QaexBsB.exe
  2⤵
  PID:9932
- C:\Windows\System\XazbUQh.exe
  C:\Windows\System\XazbUQh.exe
  2⤵
  PID:9948
- C:\Windows\System\CWNVHCc.exe
  C:\Windows\System\CWNVHCc.exe
  2⤵
  PID:9964
- C:\Windows\System\RtTXcnv.exe
  C:\Windows\System\RtTXcnv.exe
  2⤵
  PID:9992
- C:\Windows\System\pNLgSEK.exe
  C:\Windows\System\pNLgSEK.exe
  2⤵
  PID:10020
- C:\Windows\System\dZsMnPu.exe
  C:\Windows\System\dZsMnPu.exe
  2⤵
  PID:10036
- C:\Windows\System\hgPZhwk.exe
  C:\Windows\System\hgPZhwk.exe
  2⤵
  PID:10052
- C:\Windows\System\iIAQQGF.exe
  C:\Windows\System\iIAQQGF.exe
  2⤵
  PID:10068
- C:\Windows\System\dGWmxJu.exe
  C:\Windows\System\dGWmxJu.exe
  2⤵
  PID:10084
- C:\Windows\System\RBBKMCT.exe
  C:\Windows\System\RBBKMCT.exe
  2⤵
  PID:10100
- C:\Windows\System\FSKQnFV.exe
  C:\Windows\System\FSKQnFV.exe
  2⤵
  PID:10116
- C:\Windows\System\LfYawEP.exe
  C:\Windows\System\LfYawEP.exe
  2⤵
  PID:10132
- C:\Windows\System\Gpbtxkk.exe
  C:\Windows\System\Gpbtxkk.exe
  2⤵
  PID:10148
- C:\Windows\System\gSpDYSn.exe
  C:\Windows\System\gSpDYSn.exe
  2⤵
  PID:10176
- C:\Windows\System\sxkpkrd.exe
  C:\Windows\System\sxkpkrd.exe
  2⤵
  PID:10192
- C:\Windows\System\iyIVZpe.exe
  C:\Windows\System\iyIVZpe.exe
  2⤵
  PID:10208
- C:\Windows\System\UiGSyUT.exe
  C:\Windows\System\UiGSyUT.exe
  2⤵
  PID:10224
- C:\Windows\System\eKmKbcF.exe
  C:\Windows\System\eKmKbcF.exe
  2⤵
  PID:9212
- C:\Windows\System\fUNQMYg.exe
  C:\Windows\System\fUNQMYg.exe
  2⤵
  PID:9240
- C:\Windows\System\GGSZcOu.exe
  C:\Windows\System\GGSZcOu.exe
  2⤵
  PID:9292
- C:\Windows\System\DxtiIcA.exe
  C:\Windows\System\DxtiIcA.exe
  2⤵
  PID:9356
- C:\Windows\System\fxJzrjr.exe
  C:\Windows\System\fxJzrjr.exe
  2⤵
  PID:9416
- C:\Windows\System\vUkNaMR.exe
  C:\Windows\System\vUkNaMR.exe
  2⤵
  PID:9480
- C:\Windows\System\SCdTErT.exe
  C:\Windows\System\SCdTErT.exe
  2⤵
  PID:9244
- C:\Windows\System\jZlbOKh.exe
  C:\Windows\System\jZlbOKh.exe
  2⤵
  PID:9584
- C:\Windows\System\wlpAnqY.exe
  C:\Windows\System\wlpAnqY.exe
  2⤵
  PID:9644
- C:\Windows\System\LBGtJPS.exe
  C:\Windows\System\LBGtJPS.exe
  2⤵
  PID:9688
- C:\Windows\System\EaElptA.exe
  C:\Windows\System\EaElptA.exe
  2⤵
  PID:9372
- C:\Windows\System\rFWggRY.exe
  C:\Windows\System\rFWggRY.exe
  2⤵
  PID:9780
- C:\Windows\System\WLiYxce.exe
  C:\Windows\System\WLiYxce.exe
  2⤵
  PID:9432
- C:\Windows\System\mERgWCw.exe
  C:\Windows\System\mERgWCw.exe
  2⤵
  PID:9528
- C:\Windows\System\OeYCMfw.exe
  C:\Windows\System\OeYCMfw.exe
  2⤵
  PID:9628
- C:\Windows\System\ltUrmtt.exe
  C:\Windows\System\ltUrmtt.exe
  2⤵
  PID:9708
- C:\Windows\System\FRqdBBg.exe
  C:\Windows\System\FRqdBBg.exe
  2⤵
  PID:9728
- C:\Windows\System\Ygcyidc.exe
  C:\Windows\System\Ygcyidc.exe
  2⤵
  PID:9796
- C:\Windows\System\bbgiITG.exe
  C:\Windows\System\bbgiITG.exe
  2⤵
  PID:9880
- C:\Windows\System\VUyDHfO.exe
  C:\Windows\System\VUyDHfO.exe
  2⤵
  PID:8632
- C:\Windows\System\KkiiAym.exe
  C:\Windows\System\KkiiAym.exe
  2⤵
  PID:9928
- C:\Windows\System\CURfKif.exe
  C:\Windows\System\CURfKif.exe
  2⤵
  PID:9956
- C:\Windows\System\VTYCerh.exe
  C:\Windows\System\VTYCerh.exe
  2⤵
  PID:9988
- C:\Windows\System\oDPOHLP.exe
  C:\Windows\System\oDPOHLP.exe
  2⤵
  PID:10016
- C:\Windows\System\FDJuniQ.exe
  C:\Windows\System\FDJuniQ.exe
  2⤵
  PID:10140
- C:\Windows\System\vduNAju.exe
  C:\Windows\System\vduNAju.exe
  2⤵
  PID:10044
- C:\Windows\System\jqWVrpJ.exe
  C:\Windows\System\jqWVrpJ.exe
  2⤵
  PID:9600
- C:\Windows\System\XXjYBBo.exe
  C:\Windows\System\XXjYBBo.exe
  2⤵
  PID:9908
- C:\Windows\System\rzFAxxj.exe
  C:\Windows\System\rzFAxxj.exe
  2⤵
  PID:9304
- C:\Windows\System\cknmZcP.exe
  C:\Windows\System\cknmZcP.exe
  2⤵
  PID:9868
- C:\Windows\System\KqbWHYh.exe
  C:\Windows\System\KqbWHYh.exe
  2⤵
  PID:9368
- C:\Windows\System\GpyAorL.exe
  C:\Windows\System\GpyAorL.exe
  2⤵
  PID:10064
- C:\Windows\System\TSYOnel.exe
  C:\Windows\System\TSYOnel.exe
  2⤵
  PID:10164
- C:\Windows\System\DvEqCri.exe
  C:\Windows\System\DvEqCri.exe
  2⤵
  PID:10204
- C:\Windows\System\HLNJfNm.exe
  C:\Windows\System\HLNJfNm.exe
  2⤵
  PID:9260
- C:\Windows\System\wMutmvB.exe
  C:\Windows\System\wMutmvB.exe
  2⤵
  PID:9512
- C:\Windows\System\MwAJUmu.exe
  C:\Windows\System\MwAJUmu.exe
  2⤵
  PID:9496
- C:\Windows\System\WDisKtb.exe
  C:\Windows\System\WDisKtb.exe
  2⤵
  PID:9276
- C:\Windows\System\rVgDgCp.exe
  C:\Windows\System\rVgDgCp.exe
  2⤵
  PID:9720
- C:\Windows\System\UQTXjqW.exe
  C:\Windows\System\UQTXjqW.exe
  2⤵
  PID:9924
- C:\Windows\System\uVSjlMV.exe
  C:\Windows\System\uVSjlMV.exe
  2⤵
  PID:9668
- C:\Windows\System\GTaUXvA.exe
  C:\Windows\System\GTaUXvA.exe
  2⤵
  PID:10000
- C:\Windows\System\mhPduhQ.exe
  C:\Windows\System\mhPduhQ.exe
  2⤵
  PID:9352
- C:\Windows\System\EsXzgOo.exe
  C:\Windows\System\EsXzgOo.exe
  2⤵
  PID:10076
- C:\Windows\System\bgpQgPL.exe
  C:\Windows\System\bgpQgPL.exe
  2⤵
  PID:7776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EPMISRN.exe

Filesize
6.0MB

MD5
31e68de8a0b0b35698e441b1da65e00c

SHA1
eceac6770428063c8c8b48b898a57f673d779eff

SHA256
ffd0b623773fd1f75d5b030951d3b0546cd57560e186935d7bdaecb27980a687

SHA512
1e20b11e303e21f7ec933486a40f4b66b547d7701d7bb7a11307f635b10ca33923a020d9116c291c8551871c845c70722560ffee43999aa34ffa954d60c7685f

Download Submit
C:\Windows\system\EiHCDnX.exe

Filesize
6.0MB

MD5
0b428da5dabde5557709d65cce980f21

SHA1
00d0cbe2a5a47ebef3385516317703144486bb8b

SHA256
39ae8ca3b366fc8f110b09bc0831d4b6fc203c934727b0cd90fb3d74044b42c2

SHA512
66485eb466fe5dd58427fa1ee046a61e203129ce97f2d27a236406d02057748f697fe92fa82c1a5203d81b9d7f7b1ab2f1ae78c4a07da0afd61830105869e4d3

Download Submit
C:\Windows\system\FzfWdvx.exe

Filesize
6.0MB

MD5
ad1d887ed602000d9dbeeb600c358bd5

SHA1
aaf7e97b1504dd48f1b29ff8f9172aa44045fd98

SHA256
fee5ba53d000c643aee3252f2ec498df2ac2614786ea5ce631a593c48a21e591

SHA512
9d61c0c45701fa529c8ffb19717fbd4d49e588ec0cd3aa819c3876e06aaf5d7ec5c887c3b1364e41ebe0bb8ee494147eb3912add7e17dabcd9b311115e548573

Download Submit
C:\Windows\system\GopfAnv.exe

Filesize
6.0MB

MD5
05f781b29b602b7fb4f2db17e2216917

SHA1
7471fa54653a58d05f0d08982f1baa34db505947

SHA256
7525b3c04c4a9c25d6d167d5dc532b30ca340b454485c5f80ad9932cdb84ffa0

SHA512
dca7d7d30645102e39e14316655fdc036fe1d08db7487991d40deee122407380f68d1f15e4f9c4b51abed9deb2512a183b1e2cde50f1b0a559a3433cef458634

Download Submit
C:\Windows\system\JNrmFfB.exe

Filesize
6.0MB

MD5
3ffc5c48afca86a2190a8fd65d82239c

SHA1
39c0ad48b17e60c079e9c614cb7e40be6b5747ae

SHA256
023e7f9025abd2b36e1cba3687e7e38c39740e5ed31caeefdcab72e53a8e12ed

SHA512
29806c1e910eb6de5030084e99c6178ecb1adfd52d468ba150f96b8f06a2fc6d93dbd1caeb75b09b4ebf16fa4e24431bb668dee39feaa4926de4731a2eb9fc98

Download Submit
C:\Windows\system\UvKDmXN.exe

Filesize
6.0MB

MD5
7b559588d41bd5915a6bf7b148ed5de8

SHA1
58068170965835ed74a6308b9145b5b5a4dd0c72

SHA256
ff9a1fe4e59f475f4762209959859baece351cdd3ec00a34f74c01c14037d051

SHA512
1553b7600b47b5448d38916853c5e57d8d27cf046d43137919611ba9c365230e0eb61e05231d94bf561ab1011093a5777730b6d7065aef343071dfc80531f928

Download Submit
C:\Windows\system\WYcOVqd.exe

Filesize
6.0MB

MD5
9475f3775a695b5cbce87bad7ef36c45

SHA1
8ad486ce4a27f60516663ad8bae4817c9b979a05

SHA256
0c048995b423123eaaf521a268948b5391fcb208a4b88b2a8d7018f860240306

SHA512
04172544503fb368f1ea9209d97c8538f598e8b5969f0a92eed218df233d1529fdab2f267bd02c33455c30186ddc8834daf1d6e161eeb4d650ef1a85283ae6e4

Download Submit
C:\Windows\system\XLVkIQi.exe

Filesize
6.0MB

MD5
43640632fe8428d9ff11f1513b57aafd

SHA1
889963e9cdeeb2530e42c484d40bc33849bedbaf

SHA256
74df17a64fa85f1152a67f06276c83fcbb177b85d9592a368e4d611fd02edc50

SHA512
99596bfff062baf6d4a9712057eac56858694cb9e5730d3dd236de7194849655cd62dbdc6c466730b531acaa70501620f9056b0fbf1e3e98f02c7ac8b349c891

Download Submit
C:\Windows\system\XTTLRBu.exe

Filesize
6.0MB

MD5
8d8ecab900d1496f1f5a457eebdd135a

SHA1
c6061f7eea5b982d9bb4a89bd17241aa1af37617

SHA256
3b0ddabc607538d34895b8c073b8f483c842082fed7fd3b20d596a00f4790a92

SHA512
ce8ca0e43c2ca4d544590bfcf9c3b7032b62b80266a504798b78c51d4d6f6a5fe6010626fff4cdd2492cb1fc9e984dae721a0b6fe6ec4c9d0a09f4c507cc7370

Download Submit
C:\Windows\system\YbVZvKK.exe

Filesize
6.0MB

MD5
0ff601cc56daeb7f0f07e2a3af3c955a

SHA1
c18e785f81100ffe7ab69fec73720cabf024b9b9

SHA256
de71f1e0d853c7013adb24acf6d28e9dc3175ea9a508e0ce7ee21d3e8ef19087

SHA512
9fec869ffdd13dd2fc9eff4b7740228e4d3d2b905bf99997509ea20e41a7a4248126e621ab968d412722cb15f045b66198ac33cd95421468a95a6b6431f764d1

Download Submit
C:\Windows\system\ZWaNPwW.exe

Filesize
6.0MB

MD5
ff178207d13395522477f7d5dbe4bf85

SHA1
51584c7d6470415ed3b9a3860fe35f18fd674422

SHA256
2321253ee3b62c4892006ded3165dd34e954cb2d07ec30c03d8f5e14ac364970

SHA512
0853059a3fe4fd562796bfb76617bce08de138a3a089b485787a73e42fd3b2645575a41aba5c6ce4063b150f9271e3fa209dba90b33ccd630679e9cf89cb83b3

Download Submit
C:\Windows\system\ZdlfZMD.exe

Filesize
6.0MB

MD5
87c7631b0b135aad880e600e90b11a30

SHA1
d5d05cbf3942595fb1968b2bc9636d8d759d8a59

SHA256
983a36e34f15dc93ae32b10b28654a7e947ed5ea6f7bdf500468168ff9311e5a

SHA512
17b71a27fddd223ab72b47cd309d177bf85cacb5d2bbbfadd05f5945b1f5fbd09a8c5b0c1e008806e87ad7bc31ad7d8f3c15171be300fe4b70cb7e288031fcbe

Download Submit
C:\Windows\system\dcbyKyr.exe

Filesize
6.0MB

MD5
8462651e2347f6058f7993f9b3ecc64e

SHA1
c1d1fbcdff214212fb9ad25f1727e6d751521ca8

SHA256
8b73caf0694b18836755b51f252cbd5636db3fb0f92a07883a7483a0be4b6376

SHA512
682f6cf00510eb0eeee68227034d4485d5074198781e02e16b2bfd7bed484bdead1e73e05573fe3947fcaa67f25bdf693a23c19407eb1cedfbdd018e1f751b71

Download Submit
C:\Windows\system\iPdivqg.exe

Filesize
6.0MB

MD5
246ea9530b29515e4e82111409249193

SHA1
036c1d903c5a33872f9432accff93b11983c696e

SHA256
8c8704f010c181cad033a7d18b9c4b718cb5d61e03e26ba22f647e9c2158160c

SHA512
4e7dcfe1d1ada236510c0dfaa787db2545e74af4932dab8d814aa307a1986ad7bd578060a63627504faf7983f790d1166f577b76cc8fb3b50547a08cbbc5d4f4

Download Submit
C:\Windows\system\lyRMPZR.exe

Filesize
6.0MB

MD5
83303077c46dbda5ca50bdb25f7ddac4

SHA1
047be6dcd1740d16892ed42d760b1cb10de913c4

SHA256
9f722e134b7985d2471e5f5615088773d1c9bc9f6296b58208c249ea55c691d4

SHA512
ebc691b47ce888765a749f5a91ebc15ed4663fc00c5247a48d9c5ee97a73153a812032a07300443b0240da2f95e72fa2e2a1dea7ea5fa518d22226f958608e4d

Download Submit
C:\Windows\system\mGSHapE.exe

Filesize
6.0MB

MD5
66fa88c0ee89bc35bcf3e9b1ed9f4fef

SHA1
24c57608bda1dd3e1fb45101a08ec460dee364c7

SHA256
f9310e20e55c0682fd7f6e3d1a9fb778c8d35b1ef158ac2faae51808cc7f006f

SHA512
9245f4852527033faf8d505b9bddd9c7043752f8fd7258397d2fe629a0cbd8abe4f24d5f22130af0bcbc1df9e1ff6bde6b2d82c6ebf45db10a40e765c23efcf4

Download Submit
C:\Windows\system\pNHrUwF.exe

Filesize
6.0MB

MD5
2fbd3ad6277afaaecb9aa5469e09a333

SHA1
baa2aa00fed198a0714d2b05c6cdc3b738bac0d0

SHA256
144bfb8315fc031e30cdc053320826fd4945a9f537eee0a23f4e822e590eca6d

SHA512
f8bdb83e6da2d31060b9b5a95b97cdeaf88c89a2b220f0e1e6b47cb25c7bb02c0ea1ea2d620974e97909f06f63735b0090018ab620c4610492ed66ccb9f60999

Download Submit
C:\Windows\system\puAgMeE.exe

Filesize
6.0MB

MD5
48e134f39c5751b248501ec77e115dc0

SHA1
d0356455b4d387ed325c5a59d2c29c280158ed08

SHA256
f78055ac63193858b452c8b9f64212c1efeca1e51abcd2d707ca8505de1c0d0d

SHA512
90f4919694f0bf5795b1b488068b0ec22368aaf057b2b6b95d3522a6f7787a5d92d3374bddeab59a5f3728220c1a6dd0199d8ea12816913b93f692555fc71e9b

Download Submit
C:\Windows\system\rSRySdh.exe

Filesize
6.0MB

MD5
bee7c9f56b8c1b07082afc1eb11caaeb

SHA1
3693786f9f3523b12860771d1bda04bb9ae931f5

SHA256
cc5fe1d0279f5d6b8d6305b955feccb842b74af1e8b66354900bb9e1e3148b12

SHA512
f59a1f43090ea614a59b9acd28779ca2d622dd4c65e69eb289b19d3d5c1acf9191283c6e599900997d9454d3ba65a9046597ec448440bb92310b6f89378b0d3c

Download Submit
C:\Windows\system\rbIoBih.exe

Filesize
6.0MB

MD5
598c0fa17b261c9b8e8f083a817e79dd

SHA1
b4429dd2c6735f785f478c992a3c5f52608f07fb

SHA256
39379ac77c4d4f8372f7b8dee5059b01ad7df67a2d5f744f97fcf71b39dd322f

SHA512
d352379cb3ddd00bcb8a7ce7a525b96da99da1f1caf05d88111a28ea4c26df9548e4b01b5cafb6e69ce363371ce6412f1a888560ee983d4556133f7320cc0617

Download Submit
C:\Windows\system\rdlQRvJ.exe

Filesize
6.0MB

MD5
aac5f434b97a53460928d09441ede90a

SHA1
7d642419ffe1b4e5ab9ebf35d6f2138a727c11ec

SHA256
8ae33aed34e633761ef5e9f27f0c081e937c19046fbbd8a06b09fafa03541c23

SHA512
50324cd338b9e314b0ab8b99e7123117270d6dca57585056cd63f85edfc21490430506d91ffe8b024dbed137b31c82f021d16fddd057300d85c521bda9e87ef8

Download Submit
C:\Windows\system\slmULrf.exe

Filesize
6.0MB

MD5
966738dd837922d66d3bf9de90346848

SHA1
7f58bbfe7f58cf665e370813af0df0a4e1887947

SHA256
99a9c49c2a96c046b14fbdd38d5809321221186f4e7ad80bcdf91676cb34574a

SHA512
53330e28c96767919e7b5dd55500087b6c321f20c0eca45b8cfe7ecf30201a8e83ccfb049ea64ac9b6c825fb54e4290e8a0f72b59e9a682fbbd508f530841093

Download Submit
C:\Windows\system\tamGStp.exe

Filesize
6.0MB

MD5
0b8c23168935b4352d9b31214547da75

SHA1
8c61aa08440718874ff9e15471b461235b3492a4

SHA256
edc4fd3f0f1396baee43ea2fa012e210be8c812a24b3c6e77e4cf85ddc8f6150

SHA512
7301b08eae59f8cb75e297e650a1cf2d43665a33364333d6ba553e655e6b34a7e251c5c12325b927d26dce88aa908f4862e5e75e62dcc9ea8bf6848cb76f7eb7

Download Submit
C:\Windows\system\tjkNPLp.exe

Filesize
6.0MB

MD5
749aa2edba28648f6d9c86c20cd20287

SHA1
2388f8f182c6b04077e12ee2c7e32d9756120d76

SHA256
b9122fe9e2ea9e650cd61a49c918282df125a5a3ca9ab557c8a61ae309d7f198

SHA512
60f25d3c1311a8242178a2500cd23f13ceb21f5c7bc3550bf5930a762dac4848da225513346d2739111956835ceb1dede4768e3935dc9ead006e8e27b45da5c7

Download Submit
C:\Windows\system\uGWgmMN.exe

Filesize
6.0MB

MD5
370e01a00a6d67968f759c87f88aac71

SHA1
ea4009f2a686ea4f5faeb811e8c7f3d5f100fece

SHA256
ef2c4c0cf34e4d5021c5b5d50ed2fae28a0a1f78dbe12b41a5a4841741b81d72

SHA512
67c33b92648efaf86a6f4c1f7f4f28557d988be29dd3a34fbb9b01298e5b2bdc26dd3175231b52299e8b0c6d5bd2cfa00b80b48f8795613e91228cc9e6658f71

Download Submit
\Windows\system\GAhZzfH.exe

Filesize
6.0MB

MD5
4447ab1c7420c90efdbca0b0a57b3257

SHA1
bd79db03e7dcaded67ec2f430fb7875c284f0ac9

SHA256
5f97257646d0a85147cfc738b0360f467c72e642b1a2317c744b44bd0b3b6a92

SHA512
fa0fdd65440caa084a8fd5c3fe6632509cdde1c565de3f4c48ac30d0d06512901074f4476c2aedb2da2d4108664320caec6ab2b17c0654b594fb4a1fe27308ba

Download Submit
\Windows\system\IhibWtw.exe

Filesize
6.0MB

MD5
1a2da5b36f18c22a6425cecfea3292e2

SHA1
85c5e5f5177318ebdc4a6da4fd0790394113f3fb

SHA256
d656b78744fff1cbb5ef86f94ab1e24beeabdc9bd9a079de373e6ab6d866cc1e

SHA512
8a021da62e3701e6bf5e0ca39b9dd5cb41c11460873608f7750eb60a5ae996e8879eb6dab5ec65eb714fa592a3ef0e61c5c8ff6ddd5167afa44c549c8b475b47

Download Submit
\Windows\system\OnGasNk.exe

Filesize
6.0MB

MD5
c7ded77678c7af61edfe0752439fc74d

SHA1
377ebb914fcd2e7b3bc64b0206a46bb0d81ca04b

SHA256
a9e30a29a98e61b428a57e733953670a8bdc984ec3353b23eea127ca367019be

SHA512
05ddaafae73ed09010cb776c3cf6cf978ec7b7a4bb7d2e77b4e94c61addab7e7a740b4434c962a12bbb6af48bebdd10f00fc7caaf078a8ad4f8f6dfeab8da531

Download Submit
\Windows\system\OulCGyh.exe

Filesize
6.0MB

MD5
d6f09c87067b7d32b985b28d9db89c83

SHA1
b5342a7b77a82aeff4e2db37992ad2c8347148a5

SHA256
6a536cb89b59fb73567f9ed7197d670c6f72ee2b4c0f80c1ae2c6c195e42144e

SHA512
947322b72bc9cd0a3de6fa74070b607c6f90ad748227d2c26d925ada9367603c8633a2231b87e7f2b4696ec5b1408e6cd56759b598f5081752b54571bc87f0bf

Download Submit
\Windows\system\XQkVLAo.exe

Filesize
6.0MB

MD5
bcc295624ad3981efd41697f53430fba

SHA1
1e2a481f91a8ca36d13be8b8ee28ef068488c874

SHA256
3e49a3261e49938c7da6177a54323cb514905cf31afa58959a42aee9a752dc0b

SHA512
1758a78c74ff2c6adb99dd51878627c77a21317547d56aa7caceb971bf7b5ecc0ac9229e795cfb3407ae33553352b71780ea23c251efd18839efb2b65a9abada

Download Submit
\Windows\system\XdEYLJT.exe

Filesize
6.0MB

MD5
d71996bd3f8a02ec7e80224fecb7c75e

SHA1
f62226c78277cc8d9a40ac8a0962354e2eb32fac

SHA256
5bf4e50f0b541bb35308e754a5cb61e8008e63e4d80942c0e39a5e0eacf68ac9

SHA512
50c0e766abede6f31e2100e76fca28283200c82859e75c44c230c033396d18022336293f5bd50ca823dbd6207d6464860c5a596768cc57d2c4eb285374d7defd

Download Submit
\Windows\system\bJHkNzI.exe

Filesize
6.0MB

MD5
d8e2adebffaa8d1df1ff6309b44eea2c

SHA1
f6ccd742c06dd67643ef32b654685435af3cdb28

SHA256
01aa9531de4e5e953e1a23a2290112044db15d4f18cf7423a9482f2b50be3fb7

SHA512
7dc2271a5eb3cbbca6d33883e9220ead1e2a7a2afbdcbeea01a8859ee6205bd69f663be3551b057e345d3f992ff52a26e200687659c6b9830c958691ea90b1de

Download Submit
\Windows\system\gtyIINj.exe

Filesize
6.0MB

MD5
371e3d272a6489b71a5eace28812a4ea

SHA1
2a5e2415c2bd3bdd959631f921bc11d6c5222ec2

SHA256
c0ec4038b1d9440c5ff9376647a9af1abd11fb48234f5fcdece4aeddd8e59385

SHA512
182d6ec4757feb989650848cf5d98f1927f00560f88a60f8ac0638c3cb06391b9385c2f6498b8dfab002b0cb9c7ce9274d1778592e0df84c5258c372966dde93

Download Submit
\Windows\system\wPzOkrI.exe

Filesize
6.0MB

MD5
650f4ad18d3ae903729b04c458e865e5

SHA1
8db3938219c523763327e5e55356885aab7bf035

SHA256
2055dd400f49e3053260c636149cc1202080e73e48637585a7787b4652f3abc2

SHA512
b6006ce47cbe069f04b3c92ceb3614d96d0987146d930e7beec108f7f326161815030337e33dbe374a4390629712bb1683de39659a6330a0b8a859a9ac4e5c8d

Download Submit
\Windows\system\wmnOmIu.exe

Filesize
6.0MB

MD5
ee8d7446d6aff265e4b67dff77052c8b

SHA1
5456288a27dc5e224dd40cf6907a73c921dbb1ee

SHA256
f7e4d8810476cb07fc8b65b482cd816cf53389572f13c2e7cabdc18104612a05

SHA512
bd7a738b17197ded837be39c66c78c7edc6e7ad2c260f46e84f9071243e69a04092de669225b64a3a367566c02910a8ef5fa23eb7d9c4065ba9b366b9657b43f

Download Submit
memory/1964-211-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-3644-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-233-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-3579-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-2304-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2204-2333-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2204-228-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2204-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2204-226-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2204-27-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-224-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2204-232-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2204-222-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2204-2102-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-220-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2204-0-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-218-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2204-2311-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2204-216-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2204-2316-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2204-214-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2204-2298-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2204-212-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2204-230-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2204-210-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2204-2296-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2204-208-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2204-2318-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2204-206-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2204-2330-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2204-2350-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2204-2317-0x00000000023E0000-0x0000000002734000-memory.dmp

Filesize
3.3MB

Download
memory/2268-213-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2268-3578-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2344-217-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2344-3582-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2516-209-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2516-3575-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2596-231-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3596-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2712-223-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3636-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-215-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3641-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2768-229-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3580-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-225-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3581-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3594-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2840-219-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2852-227-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3642-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2988-207-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2988-3643-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/3000-3574-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/3000-221-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download