cobaltstrike | b0e71d2de09748fd1c05a1766210a8682e6f4f321419b031bd065282fa8e2da0

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

09862660dbc12e2c0841de37d8f0c589
SHA1

c08a4f51dbdcb68554e261dae8972d3192e2a35c
SHA256

b0e71d2de09748fd1c05a1766210a8682e6f4f321419b031bd065282fa8e2da0
SHA512

a15d6bbf4aceabd7fc3c7bebbac6b3571f4db27670e16a49fe6a246e647dc82a73e10d21357524ce264f8e26587b63c02952eefd0797d05d43326d99780265d6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU2:T+q56utgpPF8u/72

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x000c00000001225c-3.dat	cobalt_reflective_dll
behavioral1/files/0x00100000000162e9-11.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ace-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c10-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c23-45.dat	cobalt_reflective_dll
behavioral1/files/0x000c000000016458-53.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948c-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019489-84.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-186.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-185.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-180.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-88.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019470-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019480-75.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193c7-61.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c1a-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2304-0-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x000c00000001225c-3.dat	xmrig
behavioral1/files/0x00100000000162e9-11.dat	xmrig
behavioral1/files/0x0009000000016ace-12.dat	xmrig
behavioral1/files/0x0007000000016c10-16.dat	xmrig
behavioral1/memory/2304-20-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/1644-27-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/636-30-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c23-45.dat	xmrig
behavioral1/memory/2812-40-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x000c000000016458-53.dat	xmrig
behavioral1/memory/2840-65-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2304-79-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x000500000001948c-85.dat	xmrig
behavioral1/files/0x0005000000019489-84.dat	xmrig
behavioral1/memory/1836-104-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x00050000000194eb-108.dat	xmrig
behavioral1/files/0x000500000001950f-117.dat	xmrig
behavioral1/files/0x0005000000019515-122.dat	xmrig
behavioral1/files/0x0005000000019547-127.dat	xmrig
behavioral1/files/0x00050000000195af-154.dat	xmrig
behavioral1/files/0x00050000000195bd-186.dat	xmrig
behavioral1/memory/2668-339-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195b7-185.dat	xmrig
behavioral1/files/0x00050000000195b3-176.dat	xmrig
behavioral1/files/0x00050000000195bb-180.dat	xmrig
behavioral1/files/0x00050000000195b5-171.dat	xmrig
behavioral1/files/0x00050000000195ab-147.dat	xmrig
behavioral1/files/0x00050000000195b1-161.dat	xmrig
behavioral1/files/0x00050000000195ad-153.dat	xmrig
behavioral1/files/0x00050000000195a9-143.dat	xmrig
behavioral1/files/0x00050000000195a7-137.dat	xmrig
behavioral1/files/0x000500000001957c-132.dat	xmrig
behavioral1/files/0x00050000000194ef-112.dat	xmrig
behavioral1/memory/1884-95-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2152-94-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x0005000000019490-88.dat	xmrig
behavioral1/files/0x00050000000194a3-101.dat	xmrig
behavioral1/memory/1668-70-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2720-80-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x0005000000019470-66.dat	xmrig
behavioral1/memory/2668-76-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019480-75.dat	xmrig
behavioral1/memory/2304-64-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x00060000000193c7-61.dat	xmrig
behavioral1/memory/2528-58-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2868-57-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2896-52-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-46.dat	xmrig
behavioral1/memory/2856-29-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c1a-34.dat	xmrig
behavioral1/memory/2304-25-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/1668-24-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/1668-1632-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/1836-1700-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/636-1729-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2720-1728-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2840-1727-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2812-1726-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/1644-1725-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/1884-1724-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2528-1723-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2896-1722-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2668-1712-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

bvvdBpl.exejmZSEgh.exesRBYPjc.exeKoeeGAe.exeCRAuwwj.exefDIqlZN.exePdirDyr.exeRsLmtbK.exeBiAmEhx.exegqcnFwi.exehOaEkWG.exeaKMvJlC.exemsERZBT.exerjFzCbc.exeMLhspEs.exeTYGQHZE.exeaKKFrop.exepWXdYJP.exeVpeomrj.exefdywvEe.exevJSsmvi.exeAsSlaJe.exePFYUyLI.exeFOmMLHW.exeNObMqit.exepLOYeoH.exeKXKSqlK.exeRhcqTRU.exeiUXiQoE.exexHlrRUQ.exetiRPVTB.exetoDncXD.exePpAQKbl.exeWtQDOVH.exeSWpIBhQ.exeYGphqlY.exeyJpVvdG.exezCehODF.exevjaLBAI.exeCHrpjwQ.exexnxUCOA.exemXvYgEK.exevNWbJTA.exejkvOLeb.exevmNEGTF.exeJIEjjOp.exehsaiVlu.exeMlfvgRf.exeSUQNHCB.exehpOsPht.exeLUWgroq.exetJpvLEO.exeKNdAWKP.exePCGfJeX.exejCPZNas.exeEBxfTUW.exeMuatKDS.exeYXbeOme.exekhxJvmY.exeaGhGgTl.exeByhFbWH.exezwstlde.exeWlmUrZQ.exeLtPwjXJ.exe

pid	Process
636	bvvdBpl.exe
1668	jmZSEgh.exe
1644	sRBYPjc.exe
2856	KoeeGAe.exe
2812	CRAuwwj.exe
2896	fDIqlZN.exe
2868	PdirDyr.exe
2528	RsLmtbK.exe
2840	BiAmEhx.exe
2668	gqcnFwi.exe
2720	hOaEkWG.exe
2152	aKMvJlC.exe
1884	msERZBT.exe
1836	rjFzCbc.exe
2992	MLhspEs.exe
1176	TYGQHZE.exe
1984	aKKFrop.exe
1996	pWXdYJP.exe
1720	Vpeomrj.exe
2968	fdywvEe.exe
3012	vJSsmvi.exe
1072	AsSlaJe.exe
1656	PFYUyLI.exe
236	FOmMLHW.exe
2080	NObMqit.exe
1376	pLOYeoH.exe
2476	KXKSqlK.exe
2424	RhcqTRU.exe
3052	iUXiQoE.exe
1712	xHlrRUQ.exe
980	tiRPVTB.exe
2480	toDncXD.exe
2064	PpAQKbl.exe
1092	WtQDOVH.exe
792	SWpIBhQ.exe
1732	YGphqlY.exe
1492	yJpVvdG.exe
2032	zCehODF.exe
316	vjaLBAI.exe
856	CHrpjwQ.exe
932	xnxUCOA.exe
2104	mXvYgEK.exe
1580	vNWbJTA.exe
2640	jkvOLeb.exe
1792	vmNEGTF.exe
892	JIEjjOp.exe
2592	hsaiVlu.exe
1816	MlfvgRf.exe
1628	SUQNHCB.exe
3016	hpOsPht.exe
2676	LUWgroq.exe
2828	tJpvLEO.exe
2648	KNdAWKP.exe
2708	PCGfJeX.exe
2276	jCPZNas.exe
2012	EBxfTUW.exe
1028	MuatKDS.exe
2524	YXbeOme.exe
1204	khxJvmY.exe
1536	aGhGgTl.exe
804	ByhFbWH.exe
1624	zwstlde.exe
2240	WlmUrZQ.exe
2608	LtPwjXJ.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2304-0-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x000c00000001225c-3.dat	upx
behavioral1/files/0x00100000000162e9-11.dat	upx
behavioral1/files/0x0009000000016ace-12.dat	upx
behavioral1/files/0x0007000000016c10-16.dat	upx
behavioral1/memory/1644-27-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/636-30-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x0007000000016c23-45.dat	upx
behavioral1/memory/2812-40-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x000c000000016458-53.dat	upx
behavioral1/memory/2840-65-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/files/0x000500000001948c-85.dat	upx
behavioral1/files/0x0005000000019489-84.dat	upx
behavioral1/memory/1836-104-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x00050000000194eb-108.dat	upx
behavioral1/files/0x000500000001950f-117.dat	upx
behavioral1/files/0x0005000000019515-122.dat	upx
behavioral1/files/0x0005000000019547-127.dat	upx
behavioral1/files/0x00050000000195af-154.dat	upx
behavioral1/files/0x00050000000195bd-186.dat	upx
behavioral1/memory/2668-339-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x00050000000195b7-185.dat	upx
behavioral1/files/0x00050000000195b3-176.dat	upx
behavioral1/files/0x00050000000195bb-180.dat	upx
behavioral1/files/0x00050000000195b5-171.dat	upx
behavioral1/files/0x00050000000195ab-147.dat	upx
behavioral1/files/0x00050000000195b1-161.dat	upx
behavioral1/files/0x00050000000195ad-153.dat	upx
behavioral1/files/0x00050000000195a9-143.dat	upx
behavioral1/files/0x00050000000195a7-137.dat	upx
behavioral1/files/0x000500000001957c-132.dat	upx
behavioral1/files/0x00050000000194ef-112.dat	upx
behavioral1/memory/1884-95-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2152-94-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x0005000000019490-88.dat	upx
behavioral1/files/0x00050000000194a3-101.dat	upx
behavioral1/memory/1668-70-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2720-80-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x0005000000019470-66.dat	upx
behavioral1/memory/2668-76-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x0005000000019480-75.dat	upx
behavioral1/memory/2304-64-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x00060000000193c7-61.dat	upx
behavioral1/memory/2528-58-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2868-57-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2896-52-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x0002000000018334-46.dat	upx
behavioral1/memory/2856-29-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x0007000000016c1a-34.dat	upx
behavioral1/memory/1668-24-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/1668-1632-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/1836-1700-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/636-1729-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2720-1728-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2840-1727-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2812-1726-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/1644-1725-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/1884-1724-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2528-1723-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2896-1722-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2668-1712-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2856-1707-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2868-1703-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2152-1828-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\edlLEIQ.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ywFQzkq.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RCQMcJK.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WjGcauq.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HTAxFdi.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TNduquH.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GDMAOCV.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ayPmbzo.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKxyVqI.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xtBTUDy.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qtDxjFm.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\syeIoqJ.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VPmiSUR.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vJkSmvY.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KvReYaJ.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\njmIJvI.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xBPSNNx.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\USOfBPa.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xnxUCOA.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ojpniea.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cUNbAoY.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKqtTap.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AOuDGzh.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLZDfgB.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mfkYtGb.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PFYUyLI.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cddddcb.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTtEnbE.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XBDarvE.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHIWPQh.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpgfZKo.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lZiHDRx.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OaUnoCm.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hsObffo.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ANKVwwU.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhCtZFu.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QtmMqeO.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmchILV.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OfElBZE.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UmcZlyW.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\otACTYK.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ucVIxhY.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YQrepsj.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\shSCDmG.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pugXZUG.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\koVgTHi.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BBtLZwa.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aArdvjZ.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YOVqWKW.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vsLIFen.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vLyHQcN.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bhuTwhm.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vryETgl.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rhgjUeH.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RqyJGRa.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LaREvEU.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\utPTRCY.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\noPYWZY.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pykbTvt.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\swVDuuZ.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rlehRCH.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gqcnFwi.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wLvKPgs.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OcJlmVX.exe	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 2304 wrote to memory of 636	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2304 wrote to memory of 636	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2304 wrote to memory of 636	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2304 wrote to memory of 1668	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2304 wrote to memory of 1668	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2304 wrote to memory of 1668	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2304 wrote to memory of 1644	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2304 wrote to memory of 1644	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2304 wrote to memory of 1644	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2304 wrote to memory of 2856	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2304 wrote to memory of 2856	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2304 wrote to memory of 2856	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2304 wrote to memory of 2812	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2304 wrote to memory of 2812	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2304 wrote to memory of 2812	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2304 wrote to memory of 2868	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2304 wrote to memory of 2868	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2304 wrote to memory of 2868	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2304 wrote to memory of 2896	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2304 wrote to memory of 2896	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2304 wrote to memory of 2896	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2304 wrote to memory of 2528	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2304 wrote to memory of 2528	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2304 wrote to memory of 2528	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2304 wrote to memory of 2840	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2304 wrote to memory of 2840	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2304 wrote to memory of 2840	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2304 wrote to memory of 2668	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2304 wrote to memory of 2668	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2304 wrote to memory of 2668	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2304 wrote to memory of 2720	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2304 wrote to memory of 2720	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2304 wrote to memory of 2720	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2304 wrote to memory of 2152	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2304 wrote to memory of 2152	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2304 wrote to memory of 2152	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2304 wrote to memory of 1884	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2304 wrote to memory of 1884	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2304 wrote to memory of 1884	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2304 wrote to memory of 1836	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2304 wrote to memory of 1836	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2304 wrote to memory of 1836	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2304 wrote to memory of 2992	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2304 wrote to memory of 2992	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2304 wrote to memory of 2992	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2304 wrote to memory of 1176	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2304 wrote to memory of 1176	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2304 wrote to memory of 1176	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2304 wrote to memory of 1984	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2304 wrote to memory of 1984	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2304 wrote to memory of 1984	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2304 wrote to memory of 1996	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2304 wrote to memory of 1996	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2304 wrote to memory of 1996	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2304 wrote to memory of 1720	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2304 wrote to memory of 1720	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2304 wrote to memory of 1720	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2304 wrote to memory of 2968	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2304 wrote to memory of 2968	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2304 wrote to memory of 2968	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2304 wrote to memory of 3012	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2304 wrote to memory of 3012	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2304 wrote to memory of 3012	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2304 wrote to memory of 1072	2304	2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-25_09862660dbc12e2c0841de37d8f0c589_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Windows\System\bvvdBpl.exe
  C:\Windows\System\bvvdBpl.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\jmZSEgh.exe
  C:\Windows\System\jmZSEgh.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\sRBYPjc.exe
  C:\Windows\System\sRBYPjc.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\KoeeGAe.exe
  C:\Windows\System\KoeeGAe.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\CRAuwwj.exe
  C:\Windows\System\CRAuwwj.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\PdirDyr.exe
  C:\Windows\System\PdirDyr.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\fDIqlZN.exe
  C:\Windows\System\fDIqlZN.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\RsLmtbK.exe
  C:\Windows\System\RsLmtbK.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\BiAmEhx.exe
  C:\Windows\System\BiAmEhx.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\gqcnFwi.exe
  C:\Windows\System\gqcnFwi.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\hOaEkWG.exe
  C:\Windows\System\hOaEkWG.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\aKMvJlC.exe
  C:\Windows\System\aKMvJlC.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\msERZBT.exe
  C:\Windows\System\msERZBT.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\rjFzCbc.exe
  C:\Windows\System\rjFzCbc.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\MLhspEs.exe
  C:\Windows\System\MLhspEs.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\TYGQHZE.exe
  C:\Windows\System\TYGQHZE.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\aKKFrop.exe
  C:\Windows\System\aKKFrop.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\pWXdYJP.exe
  C:\Windows\System\pWXdYJP.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\Vpeomrj.exe
  C:\Windows\System\Vpeomrj.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\fdywvEe.exe
  C:\Windows\System\fdywvEe.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\vJSsmvi.exe
  C:\Windows\System\vJSsmvi.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\AsSlaJe.exe
  C:\Windows\System\AsSlaJe.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\PFYUyLI.exe
  C:\Windows\System\PFYUyLI.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\FOmMLHW.exe
  C:\Windows\System\FOmMLHW.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\NObMqit.exe
  C:\Windows\System\NObMqit.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\KXKSqlK.exe
  C:\Windows\System\KXKSqlK.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\pLOYeoH.exe
  C:\Windows\System\pLOYeoH.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\iUXiQoE.exe
  C:\Windows\System\iUXiQoE.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\RhcqTRU.exe
  C:\Windows\System\RhcqTRU.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\tiRPVTB.exe
  C:\Windows\System\tiRPVTB.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\xHlrRUQ.exe
  C:\Windows\System\xHlrRUQ.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\toDncXD.exe
  C:\Windows\System\toDncXD.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\PpAQKbl.exe
  C:\Windows\System\PpAQKbl.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\YGphqlY.exe
  C:\Windows\System\YGphqlY.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\WtQDOVH.exe
  C:\Windows\System\WtQDOVH.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\yJpVvdG.exe
  C:\Windows\System\yJpVvdG.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\SWpIBhQ.exe
  C:\Windows\System\SWpIBhQ.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\zCehODF.exe
  C:\Windows\System\zCehODF.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\vjaLBAI.exe
  C:\Windows\System\vjaLBAI.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\MlfvgRf.exe
  C:\Windows\System\MlfvgRf.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\CHrpjwQ.exe
  C:\Windows\System\CHrpjwQ.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\jCPZNas.exe
  C:\Windows\System\jCPZNas.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\xnxUCOA.exe
  C:\Windows\System\xnxUCOA.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\EBxfTUW.exe
  C:\Windows\System\EBxfTUW.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\mXvYgEK.exe
  C:\Windows\System\mXvYgEK.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\MuatKDS.exe
  C:\Windows\System\MuatKDS.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\vNWbJTA.exe
  C:\Windows\System\vNWbJTA.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\YXbeOme.exe
  C:\Windows\System\YXbeOme.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\jkvOLeb.exe
  C:\Windows\System\jkvOLeb.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\khxJvmY.exe
  C:\Windows\System\khxJvmY.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\vmNEGTF.exe
  C:\Windows\System\vmNEGTF.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\aGhGgTl.exe
  C:\Windows\System\aGhGgTl.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\JIEjjOp.exe
  C:\Windows\System\JIEjjOp.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\ByhFbWH.exe
  C:\Windows\System\ByhFbWH.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\hsaiVlu.exe
  C:\Windows\System\hsaiVlu.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\zwstlde.exe
  C:\Windows\System\zwstlde.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\SUQNHCB.exe
  C:\Windows\System\SUQNHCB.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\WlmUrZQ.exe
  C:\Windows\System\WlmUrZQ.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\hpOsPht.exe
  C:\Windows\System\hpOsPht.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\LtPwjXJ.exe
  C:\Windows\System\LtPwjXJ.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\LUWgroq.exe
  C:\Windows\System\LUWgroq.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\oXiagKt.exe
  C:\Windows\System\oXiagKt.exe
  2⤵
  PID:2972
- C:\Windows\System\tJpvLEO.exe
  C:\Windows\System\tJpvLEO.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\wFOunqW.exe
  C:\Windows\System\wFOunqW.exe
  2⤵
  PID:2744
- C:\Windows\System\KNdAWKP.exe
  C:\Windows\System\KNdAWKP.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\qvnByUE.exe
  C:\Windows\System\qvnByUE.exe
  2⤵
  PID:576
- C:\Windows\System\PCGfJeX.exe
  C:\Windows\System\PCGfJeX.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\LaREvEU.exe
  C:\Windows\System\LaREvEU.exe
  2⤵
  PID:2916
- C:\Windows\System\rMbOyop.exe
  C:\Windows\System\rMbOyop.exe
  2⤵
  PID:2848
- C:\Windows\System\OaioGCu.exe
  C:\Windows\System\OaioGCu.exe
  2⤵
  PID:2248
- C:\Windows\System\RMmUOhY.exe
  C:\Windows\System\RMmUOhY.exe
  2⤵
  PID:1776
- C:\Windows\System\XaLrZMf.exe
  C:\Windows\System\XaLrZMf.exe
  2⤵
  PID:1684
- C:\Windows\System\gMrYqWD.exe
  C:\Windows\System\gMrYqWD.exe
  2⤵
  PID:584
- C:\Windows\System\wiyYesr.exe
  C:\Windows\System\wiyYesr.exe
  2⤵
  PID:2160
- C:\Windows\System\NQtbQPW.exe
  C:\Windows\System\NQtbQPW.exe
  2⤵
  PID:2568
- C:\Windows\System\jVuCHMW.exe
  C:\Windows\System\jVuCHMW.exe
  2⤵
  PID:1752
- C:\Windows\System\ncsbQKa.exe
  C:\Windows\System\ncsbQKa.exe
  2⤵
  PID:2456
- C:\Windows\System\xLIadCO.exe
  C:\Windows\System\xLIadCO.exe
  2⤵
  PID:1404
- C:\Windows\System\oOUMZqQ.exe
  C:\Windows\System\oOUMZqQ.exe
  2⤵
  PID:2036
- C:\Windows\System\EKPbTya.exe
  C:\Windows\System\EKPbTya.exe
  2⤵
  PID:1548
- C:\Windows\System\tyatHPW.exe
  C:\Windows\System\tyatHPW.exe
  2⤵
  PID:2428
- C:\Windows\System\rhgDgIw.exe
  C:\Windows\System\rhgDgIw.exe
  2⤵
  PID:1592
- C:\Windows\System\tvhvcAt.exe
  C:\Windows\System\tvhvcAt.exe
  2⤵
  PID:2484
- C:\Windows\System\rPDmFWF.exe
  C:\Windows\System\rPDmFWF.exe
  2⤵
  PID:2148
- C:\Windows\System\WCCAhRF.exe
  C:\Windows\System\WCCAhRF.exe
  2⤵
  PID:1584
- C:\Windows\System\XvDHVkt.exe
  C:\Windows\System\XvDHVkt.exe
  2⤵
  PID:1520
- C:\Windows\System\vJkSmvY.exe
  C:\Windows\System\vJkSmvY.exe
  2⤵
  PID:3008
- C:\Windows\System\HYpPlPK.exe
  C:\Windows\System\HYpPlPK.exe
  2⤵
  PID:776
- C:\Windows\System\uXnJUHu.exe
  C:\Windows\System\uXnJUHu.exe
  2⤵
  PID:2028
- C:\Windows\System\nMUPIKy.exe
  C:\Windows\System\nMUPIKy.exe
  2⤵
  PID:1516
- C:\Windows\System\VeuOVOu.exe
  C:\Windows\System\VeuOVOu.exe
  2⤵
  PID:2156
- C:\Windows\System\IzzzWGN.exe
  C:\Windows\System\IzzzWGN.exe
  2⤵
  PID:544
- C:\Windows\System\pAEtMMa.exe
  C:\Windows\System\pAEtMMa.exe
  2⤵
  PID:2116
- C:\Windows\System\lxSwAyL.exe
  C:\Windows\System\lxSwAyL.exe
  2⤵
  PID:2948
- C:\Windows\System\dYZlUuw.exe
  C:\Windows\System\dYZlUuw.exe
  2⤵
  PID:2324
- C:\Windows\System\YQuyNOd.exe
  C:\Windows\System\YQuyNOd.exe
  2⤵
  PID:1964
- C:\Windows\System\xiiUzsI.exe
  C:\Windows\System\xiiUzsI.exe
  2⤵
  PID:2020
- C:\Windows\System\bOMrJKx.exe
  C:\Windows\System\bOMrJKx.exe
  2⤵
  PID:540
- C:\Windows\System\SOqBdGb.exe
  C:\Windows\System\SOqBdGb.exe
  2⤵
  PID:2268
- C:\Windows\System\fxYgVeA.exe
  C:\Windows\System\fxYgVeA.exe
  2⤵
  PID:1680
- C:\Windows\System\ufubffy.exe
  C:\Windows\System\ufubffy.exe
  2⤵
  PID:2136
- C:\Windows\System\USOfBPa.exe
  C:\Windows\System\USOfBPa.exe
  2⤵
  PID:2124
- C:\Windows\System\ClZdsTC.exe
  C:\Windows\System\ClZdsTC.exe
  2⤵
  PID:3084
- C:\Windows\System\LPgKpSq.exe
  C:\Windows\System\LPgKpSq.exe
  2⤵
  PID:3100
- C:\Windows\System\ayPmbzo.exe
  C:\Windows\System\ayPmbzo.exe
  2⤵
  PID:3120
- C:\Windows\System\ldoCMeI.exe
  C:\Windows\System\ldoCMeI.exe
  2⤵
  PID:3144
- C:\Windows\System\nHzniSM.exe
  C:\Windows\System\nHzniSM.exe
  2⤵
  PID:3160
- C:\Windows\System\NxlZcwE.exe
  C:\Windows\System\NxlZcwE.exe
  2⤵
  PID:3180
- C:\Windows\System\vXokRxf.exe
  C:\Windows\System\vXokRxf.exe
  2⤵
  PID:3204
- C:\Windows\System\eSjbogq.exe
  C:\Windows\System\eSjbogq.exe
  2⤵
  PID:3220
- C:\Windows\System\qrlMddp.exe
  C:\Windows\System\qrlMddp.exe
  2⤵
  PID:3240
- C:\Windows\System\LLuZhRH.exe
  C:\Windows\System\LLuZhRH.exe
  2⤵
  PID:3260
- C:\Windows\System\NDyHLlR.exe
  C:\Windows\System\NDyHLlR.exe
  2⤵
  PID:3284
- C:\Windows\System\qRDEffS.exe
  C:\Windows\System\qRDEffS.exe
  2⤵
  PID:3308
- C:\Windows\System\vokeZFs.exe
  C:\Windows\System\vokeZFs.exe
  2⤵
  PID:3328
- C:\Windows\System\JDqFmxs.exe
  C:\Windows\System\JDqFmxs.exe
  2⤵
  PID:3352
- C:\Windows\System\OHAUJfn.exe
  C:\Windows\System\OHAUJfn.exe
  2⤵
  PID:3376
- C:\Windows\System\XASQWRz.exe
  C:\Windows\System\XASQWRz.exe
  2⤵
  PID:3400
- C:\Windows\System\ZVSHDHk.exe
  C:\Windows\System\ZVSHDHk.exe
  2⤵
  PID:3416
- C:\Windows\System\sRwvgiC.exe
  C:\Windows\System\sRwvgiC.exe
  2⤵
  PID:3440
- C:\Windows\System\UrudDEt.exe
  C:\Windows\System\UrudDEt.exe
  2⤵
  PID:3460
- C:\Windows\System\sYmZRBI.exe
  C:\Windows\System\sYmZRBI.exe
  2⤵
  PID:3480
- C:\Windows\System\jKxyVqI.exe
  C:\Windows\System\jKxyVqI.exe
  2⤵
  PID:3500
- C:\Windows\System\agkNgkk.exe
  C:\Windows\System\agkNgkk.exe
  2⤵
  PID:3520
- C:\Windows\System\DDySZhs.exe
  C:\Windows\System\DDySZhs.exe
  2⤵
  PID:3536
- C:\Windows\System\YTxbazm.exe
  C:\Windows\System\YTxbazm.exe
  2⤵
  PID:3552
- C:\Windows\System\YFlnaJX.exe
  C:\Windows\System\YFlnaJX.exe
  2⤵
  PID:3576
- C:\Windows\System\VXEGvXk.exe
  C:\Windows\System\VXEGvXk.exe
  2⤵
  PID:3596
- C:\Windows\System\TtThajW.exe
  C:\Windows\System\TtThajW.exe
  2⤵
  PID:3616
- C:\Windows\System\mfmlFau.exe
  C:\Windows\System\mfmlFau.exe
  2⤵
  PID:3640
- C:\Windows\System\iPovenM.exe
  C:\Windows\System\iPovenM.exe
  2⤵
  PID:3660
- C:\Windows\System\yhCtZFu.exe
  C:\Windows\System\yhCtZFu.exe
  2⤵
  PID:3684
- C:\Windows\System\ZnmOTpf.exe
  C:\Windows\System\ZnmOTpf.exe
  2⤵
  PID:3700
- C:\Windows\System\XQaemGv.exe
  C:\Windows\System\XQaemGv.exe
  2⤵
  PID:3720
- C:\Windows\System\xiGyjNZ.exe
  C:\Windows\System\xiGyjNZ.exe
  2⤵
  PID:3740
- C:\Windows\System\GEBwYaA.exe
  C:\Windows\System\GEBwYaA.exe
  2⤵
  PID:3764
- C:\Windows\System\hXAFPDh.exe
  C:\Windows\System\hXAFPDh.exe
  2⤵
  PID:3780
- C:\Windows\System\RjYeUTw.exe
  C:\Windows\System\RjYeUTw.exe
  2⤵
  PID:3796
- C:\Windows\System\FbzGzyu.exe
  C:\Windows\System\FbzGzyu.exe
  2⤵
  PID:3812
- C:\Windows\System\uBfguyk.exe
  C:\Windows\System\uBfguyk.exe
  2⤵
  PID:3828
- C:\Windows\System\kwFdWwV.exe
  C:\Windows\System\kwFdWwV.exe
  2⤵
  PID:3848
- C:\Windows\System\xAznBhS.exe
  C:\Windows\System\xAznBhS.exe
  2⤵
  PID:3864
- C:\Windows\System\ejfXFkK.exe
  C:\Windows\System\ejfXFkK.exe
  2⤵
  PID:3884
- C:\Windows\System\hAtmJEi.exe
  C:\Windows\System\hAtmJEi.exe
  2⤵
  PID:3900
- C:\Windows\System\fIIcWTQ.exe
  C:\Windows\System\fIIcWTQ.exe
  2⤵
  PID:3916
- C:\Windows\System\VYiNRuE.exe
  C:\Windows\System\VYiNRuE.exe
  2⤵
  PID:3932
- C:\Windows\System\qZwzEuu.exe
  C:\Windows\System\qZwzEuu.exe
  2⤵
  PID:3948
- C:\Windows\System\xmjaQbA.exe
  C:\Windows\System\xmjaQbA.exe
  2⤵
  PID:3964
- C:\Windows\System\xzYRmoX.exe
  C:\Windows\System\xzYRmoX.exe
  2⤵
  PID:3980
- C:\Windows\System\BkrXDiB.exe
  C:\Windows\System\BkrXDiB.exe
  2⤵
  PID:3996
- C:\Windows\System\IsqFnDA.exe
  C:\Windows\System\IsqFnDA.exe
  2⤵
  PID:4016
- C:\Windows\System\sVmfpIQ.exe
  C:\Windows\System\sVmfpIQ.exe
  2⤵
  PID:4036
- C:\Windows\System\oOfBejB.exe
  C:\Windows\System\oOfBejB.exe
  2⤵
  PID:4052
- C:\Windows\System\zQeLNxp.exe
  C:\Windows\System\zQeLNxp.exe
  2⤵
  PID:4080
- C:\Windows\System\VUnVWts.exe
  C:\Windows\System\VUnVWts.exe
  2⤵
  PID:2440
- C:\Windows\System\hTmcFYW.exe
  C:\Windows\System\hTmcFYW.exe
  2⤵
  PID:2852
- C:\Windows\System\pSkWfKy.exe
  C:\Windows\System\pSkWfKy.exe
  2⤵
  PID:2072
- C:\Windows\System\KOjUQcj.exe
  C:\Windows\System\KOjUQcj.exe
  2⤵
  PID:2040
- C:\Windows\System\vHphfDF.exe
  C:\Windows\System\vHphfDF.exe
  2⤵
  PID:1184
- C:\Windows\System\bcXCYmX.exe
  C:\Windows\System\bcXCYmX.exe
  2⤵
  PID:1496
- C:\Windows\System\VEDnIMn.exe
  C:\Windows\System\VEDnIMn.exe
  2⤵
  PID:3032
- C:\Windows\System\KyflOJc.exe
  C:\Windows\System\KyflOJc.exe
  2⤵
  PID:2680
- C:\Windows\System\NPcXbbS.exe
  C:\Windows\System\NPcXbbS.exe
  2⤵
  PID:2560
- C:\Windows\System\ZTpqbOb.exe
  C:\Windows\System\ZTpqbOb.exe
  2⤵
  PID:1532
- C:\Windows\System\loYsODH.exe
  C:\Windows\System\loYsODH.exe
  2⤵
  PID:2944
- C:\Windows\System\cMJLwCX.exe
  C:\Windows\System\cMJLwCX.exe
  2⤵
  PID:2628
- C:\Windows\System\rwPGnMZ.exe
  C:\Windows\System\rwPGnMZ.exe
  2⤵
  PID:604
- C:\Windows\System\FVqKNic.exe
  C:\Windows\System\FVqKNic.exe
  2⤵
  PID:2232
- C:\Windows\System\EOLuPdN.exe
  C:\Windows\System\EOLuPdN.exe
  2⤵
  PID:2284
- C:\Windows\System\gzZUerZ.exe
  C:\Windows\System\gzZUerZ.exe
  2⤵
  PID:3132
- C:\Windows\System\xHzyPQj.exe
  C:\Windows\System\xHzyPQj.exe
  2⤵
  PID:3172
- C:\Windows\System\BikOsoY.exe
  C:\Windows\System\BikOsoY.exe
  2⤵
  PID:1764
- C:\Windows\System\AvuoDIr.exe
  C:\Windows\System\AvuoDIr.exe
  2⤵
  PID:3248
- C:\Windows\System\nNbkpNk.exe
  C:\Windows\System\nNbkpNk.exe
  2⤵
  PID:3232
- C:\Windows\System\XKHoZzs.exe
  C:\Windows\System\XKHoZzs.exe
  2⤵
  PID:3280
- C:\Windows\System\ejnULSv.exe
  C:\Windows\System\ejnULSv.exe
  2⤵
  PID:3396
- C:\Windows\System\icwwiEk.exe
  C:\Windows\System\icwwiEk.exe
  2⤵
  PID:3516
- C:\Windows\System\tzylWRU.exe
  C:\Windows\System\tzylWRU.exe
  2⤵
  PID:3592
- C:\Windows\System\waMgWwX.exe
  C:\Windows\System\waMgWwX.exe
  2⤵
  PID:3632
- C:\Windows\System\iBiSdqd.exe
  C:\Windows\System\iBiSdqd.exe
  2⤵
  PID:3708
- C:\Windows\System\fSIJtll.exe
  C:\Windows\System\fSIJtll.exe
  2⤵
  PID:3756
- C:\Windows\System\AIKlUTU.exe
  C:\Windows\System\AIKlUTU.exe
  2⤵
  PID:3820
- C:\Windows\System\IQmKmtY.exe
  C:\Windows\System\IQmKmtY.exe
  2⤵
  PID:3896
- C:\Windows\System\CeSBBZy.exe
  C:\Windows\System\CeSBBZy.exe
  2⤵
  PID:3960
- C:\Windows\System\zOjkfPG.exe
  C:\Windows\System\zOjkfPG.exe
  2⤵
  PID:2208
- C:\Windows\System\byAmBuK.exe
  C:\Windows\System\byAmBuK.exe
  2⤵
  PID:4076
- C:\Windows\System\BKJVBoa.exe
  C:\Windows\System\BKJVBoa.exe
  2⤵
  PID:2228
- C:\Windows\System\cFJAADc.exe
  C:\Windows\System\cFJAADc.exe
  2⤵
  PID:2212
- C:\Windows\System\rinRNzS.exe
  C:\Windows\System\rinRNzS.exe
  2⤵
  PID:3408
- C:\Windows\System\XBDarvE.exe
  C:\Windows\System\XBDarvE.exe
  2⤵
  PID:3488
- C:\Windows\System\GDMAOCV.exe
  C:\Windows\System\GDMAOCV.exe
  2⤵
  PID:3528
- C:\Windows\System\fdrHVjJ.exe
  C:\Windows\System\fdrHVjJ.exe
  2⤵
  PID:3564
- C:\Windows\System\SyERfbW.exe
  C:\Windows\System\SyERfbW.exe
  2⤵
  PID:3128
- C:\Windows\System\RvLeTJP.exe
  C:\Windows\System\RvLeTJP.exe
  2⤵
  PID:3652
- C:\Windows\System\qorMsCJ.exe
  C:\Windows\System\qorMsCJ.exe
  2⤵
  PID:3108
- C:\Windows\System\EGbsHlu.exe
  C:\Windows\System\EGbsHlu.exe
  2⤵
  PID:3776
- C:\Windows\System\aWjehnP.exe
  C:\Windows\System\aWjehnP.exe
  2⤵
  PID:3304
- C:\Windows\System\qFpEFZJ.exe
  C:\Windows\System\qFpEFZJ.exe
  2⤵
  PID:3840
- C:\Windows\System\PHWBUVu.exe
  C:\Windows\System\PHWBUVu.exe
  2⤵
  PID:4012
- C:\Windows\System\ACzrMSo.exe
  C:\Windows\System\ACzrMSo.exe
  2⤵
  PID:1900
- C:\Windows\System\cYZZyfV.exe
  C:\Windows\System\cYZZyfV.exe
  2⤵
  PID:700
- C:\Windows\System\RSscNnj.exe
  C:\Windows\System\RSscNnj.exe
  2⤵
  PID:1292
- C:\Windows\System\lVxuPDA.exe
  C:\Windows\System\lVxuPDA.exe
  2⤵
  PID:3200
- C:\Windows\System\rcssAzC.exe
  C:\Windows\System\rcssAzC.exe
  2⤵
  PID:3336
- C:\Windows\System\tbMMCXG.exe
  C:\Windows\System\tbMMCXG.exe
  2⤵
  PID:2724
- C:\Windows\System\vUdrVbO.exe
  C:\Windows\System\vUdrVbO.exe
  2⤵
  PID:3168
- C:\Windows\System\yxFxdCB.exe
  C:\Windows\System\yxFxdCB.exe
  2⤵
  PID:952
- C:\Windows\System\ypMNugG.exe
  C:\Windows\System\ypMNugG.exe
  2⤵
  PID:3672
- C:\Windows\System\LQCuqWM.exe
  C:\Windows\System\LQCuqWM.exe
  2⤵
  PID:4008
- C:\Windows\System\gHyrtJW.exe
  C:\Windows\System\gHyrtJW.exe
  2⤵
  PID:3792
- C:\Windows\System\eGVcSaD.exe
  C:\Windows\System\eGVcSaD.exe
  2⤵
  PID:3956
- C:\Windows\System\dUfhLkR.exe
  C:\Windows\System\dUfhLkR.exe
  2⤵
  PID:3456
- C:\Windows\System\IcXzGCA.exe
  C:\Windows\System\IcXzGCA.exe
  2⤵
  PID:3136
- C:\Windows\System\cXHOZQf.exe
  C:\Windows\System\cXHOZQf.exe
  2⤵
  PID:3292
- C:\Windows\System\YnLEAWm.exe
  C:\Windows\System\YnLEAWm.exe
  2⤵
  PID:2548
- C:\Windows\System\ixPwHYS.exe
  C:\Windows\System\ixPwHYS.exe
  2⤵
  PID:3972
- C:\Windows\System\BvWnETF.exe
  C:\Windows\System\BvWnETF.exe
  2⤵
  PID:3388
- C:\Windows\System\ocypgNU.exe
  C:\Windows\System\ocypgNU.exe
  2⤵
  PID:3436
- C:\Windows\System\xiOsxSK.exe
  C:\Windows\System\xiOsxSK.exe
  2⤵
  PID:3508
- C:\Windows\System\jJQznOl.exe
  C:\Windows\System\jJQznOl.exe
  2⤵
  PID:3716
- C:\Windows\System\BpSjRJp.exe
  C:\Windows\System\BpSjRJp.exe
  2⤵
  PID:4024
- C:\Windows\System\mNefkbX.exe
  C:\Windows\System\mNefkbX.exe
  2⤵
  PID:816
- C:\Windows\System\MUfoSXL.exe
  C:\Windows\System\MUfoSXL.exe
  2⤵
  PID:3196
- C:\Windows\System\zbgLJJo.exe
  C:\Windows\System\zbgLJJo.exe
  2⤵
  PID:1572
- C:\Windows\System\bkwQRwQ.exe
  C:\Windows\System\bkwQRwQ.exe
  2⤵
  PID:3092
- C:\Windows\System\SmYIxFD.exe
  C:\Windows\System\SmYIxFD.exe
  2⤵
  PID:460
- C:\Windows\System\cvkCqvU.exe
  C:\Windows\System\cvkCqvU.exe
  2⤵
  PID:3808
- C:\Windows\System\KvRPVyf.exe
  C:\Windows\System\KvRPVyf.exe
  2⤵
  PID:2316
- C:\Windows\System\YdXNoNH.exe
  C:\Windows\System\YdXNoNH.exe
  2⤵
  PID:3452
- C:\Windows\System\XrItAZW.exe
  C:\Windows\System\XrItAZW.exe
  2⤵
  PID:3276
- C:\Windows\System\mNApuqx.exe
  C:\Windows\System\mNApuqx.exe
  2⤵
  PID:2596
- C:\Windows\System\ojpniea.exe
  C:\Windows\System\ojpniea.exe
  2⤵
  PID:1324
- C:\Windows\System\cIRxDfL.exe
  C:\Windows\System\cIRxDfL.exe
  2⤵
  PID:1440
- C:\Windows\System\utPTRCY.exe
  C:\Windows\System\utPTRCY.exe
  2⤵
  PID:3348
- C:\Windows\System\LHgqbjR.exe
  C:\Windows\System\LHgqbjR.exe
  2⤵
  PID:3788
- C:\Windows\System\AuSiRkl.exe
  C:\Windows\System\AuSiRkl.exe
  2⤵
  PID:3568
- C:\Windows\System\ZSZSsBW.exe
  C:\Windows\System\ZSZSsBW.exe
  2⤵
  PID:3836
- C:\Windows\System\flvLPNX.exe
  C:\Windows\System\flvLPNX.exe
  2⤵
  PID:3468
- C:\Windows\System\SrgTaxr.exe
  C:\Windows\System\SrgTaxr.exe
  2⤵
  PID:3696
- C:\Windows\System\eihUftH.exe
  C:\Windows\System\eihUftH.exe
  2⤵
  PID:3944
- C:\Windows\System\pbeDOXs.exe
  C:\Windows\System\pbeDOXs.exe
  2⤵
  PID:3772
- C:\Windows\System\rCyWuRY.exe
  C:\Windows\System\rCyWuRY.exe
  2⤵
  PID:3212
- C:\Windows\System\MTtbdpd.exe
  C:\Windows\System\MTtbdpd.exe
  2⤵
  PID:1980
- C:\Windows\System\xtBTUDy.exe
  C:\Windows\System\xtBTUDy.exe
  2⤵
  PID:1716
- C:\Windows\System\YwdrrdC.exe
  C:\Windows\System\YwdrrdC.exe
  2⤵
  PID:4112
- C:\Windows\System\vldOTxS.exe
  C:\Windows\System\vldOTxS.exe
  2⤵
  PID:4132
- C:\Windows\System\oNZwZfI.exe
  C:\Windows\System\oNZwZfI.exe
  2⤵
  PID:4152
- C:\Windows\System\ESEAkph.exe
  C:\Windows\System\ESEAkph.exe
  2⤵
  PID:4168
- C:\Windows\System\JkDyzFF.exe
  C:\Windows\System\JkDyzFF.exe
  2⤵
  PID:4192
- C:\Windows\System\NvukHeo.exe
  C:\Windows\System\NvukHeo.exe
  2⤵
  PID:4208
- C:\Windows\System\rSCMzor.exe
  C:\Windows\System\rSCMzor.exe
  2⤵
  PID:4228
- C:\Windows\System\DrISlnl.exe
  C:\Windows\System\DrISlnl.exe
  2⤵
  PID:4252
- C:\Windows\System\vUGYLTf.exe
  C:\Windows\System\vUGYLTf.exe
  2⤵
  PID:4268
- C:\Windows\System\LBogBvk.exe
  C:\Windows\System\LBogBvk.exe
  2⤵
  PID:4284
- C:\Windows\System\mbeRpbL.exe
  C:\Windows\System\mbeRpbL.exe
  2⤵
  PID:4308
- C:\Windows\System\QuDwNEK.exe
  C:\Windows\System\QuDwNEK.exe
  2⤵
  PID:4332
- C:\Windows\System\UtIEMnM.exe
  C:\Windows\System\UtIEMnM.exe
  2⤵
  PID:4352
- C:\Windows\System\syIXoHf.exe
  C:\Windows\System\syIXoHf.exe
  2⤵
  PID:4372
- C:\Windows\System\RgvhtmN.exe
  C:\Windows\System\RgvhtmN.exe
  2⤵
  PID:4392
- C:\Windows\System\XdbuxIW.exe
  C:\Windows\System\XdbuxIW.exe
  2⤵
  PID:4412
- C:\Windows\System\PglzSMn.exe
  C:\Windows\System\PglzSMn.exe
  2⤵
  PID:4440
- C:\Windows\System\LmGEJcJ.exe
  C:\Windows\System\LmGEJcJ.exe
  2⤵
  PID:4460
- C:\Windows\System\PtsYFkx.exe
  C:\Windows\System\PtsYFkx.exe
  2⤵
  PID:4480
- C:\Windows\System\HzySHje.exe
  C:\Windows\System\HzySHje.exe
  2⤵
  PID:4496
- C:\Windows\System\tzCHEHV.exe
  C:\Windows\System\tzCHEHV.exe
  2⤵
  PID:4528
- C:\Windows\System\qipHfcG.exe
  C:\Windows\System\qipHfcG.exe
  2⤵
  PID:4544
- C:\Windows\System\qTQTeVO.exe
  C:\Windows\System\qTQTeVO.exe
  2⤵
  PID:4564
- C:\Windows\System\GEXXfhN.exe
  C:\Windows\System\GEXXfhN.exe
  2⤵
  PID:4588
- C:\Windows\System\WKksnkz.exe
  C:\Windows\System\WKksnkz.exe
  2⤵
  PID:4608
- C:\Windows\System\nAmxUVo.exe
  C:\Windows\System\nAmxUVo.exe
  2⤵
  PID:4628
- C:\Windows\System\YJKNekx.exe
  C:\Windows\System\YJKNekx.exe
  2⤵
  PID:4648
- C:\Windows\System\QiFGFZp.exe
  C:\Windows\System\QiFGFZp.exe
  2⤵
  PID:4668
- C:\Windows\System\AtbWWBc.exe
  C:\Windows\System\AtbWWBc.exe
  2⤵
  PID:4684
- C:\Windows\System\qtPTuVg.exe
  C:\Windows\System\qtPTuVg.exe
  2⤵
  PID:4708
- C:\Windows\System\ufOtygS.exe
  C:\Windows\System\ufOtygS.exe
  2⤵
  PID:4724
- C:\Windows\System\DvVjWxb.exe
  C:\Windows\System\DvVjWxb.exe
  2⤵
  PID:4748
- C:\Windows\System\gUDajIB.exe
  C:\Windows\System\gUDajIB.exe
  2⤵
  PID:4764
- C:\Windows\System\qTtQMKt.exe
  C:\Windows\System\qTtQMKt.exe
  2⤵
  PID:4784
- C:\Windows\System\BJwdNGt.exe
  C:\Windows\System\BJwdNGt.exe
  2⤵
  PID:4804
- C:\Windows\System\odelzlK.exe
  C:\Windows\System\odelzlK.exe
  2⤵
  PID:4824
- C:\Windows\System\wtYAiDa.exe
  C:\Windows\System\wtYAiDa.exe
  2⤵
  PID:4848
- C:\Windows\System\czYnCDZ.exe
  C:\Windows\System\czYnCDZ.exe
  2⤵
  PID:4864
- C:\Windows\System\BYRHvxW.exe
  C:\Windows\System\BYRHvxW.exe
  2⤵
  PID:4884
- C:\Windows\System\UEJYyDB.exe
  C:\Windows\System\UEJYyDB.exe
  2⤵
  PID:4916
- C:\Windows\System\lbBlMaw.exe
  C:\Windows\System\lbBlMaw.exe
  2⤵
  PID:4936
- C:\Windows\System\gJJMTMl.exe
  C:\Windows\System\gJJMTMl.exe
  2⤵
  PID:4952
- C:\Windows\System\nWFCWga.exe
  C:\Windows\System\nWFCWga.exe
  2⤵
  PID:4972
- C:\Windows\System\uazNoJb.exe
  C:\Windows\System\uazNoJb.exe
  2⤵
  PID:4992
- C:\Windows\System\ninghLG.exe
  C:\Windows\System\ninghLG.exe
  2⤵
  PID:5012
- C:\Windows\System\lBGHSTg.exe
  C:\Windows\System\lBGHSTg.exe
  2⤵
  PID:5032
- C:\Windows\System\wDxuQEq.exe
  C:\Windows\System\wDxuQEq.exe
  2⤵
  PID:5052
- C:\Windows\System\ZkNGfRs.exe
  C:\Windows\System\ZkNGfRs.exe
  2⤵
  PID:5072
- C:\Windows\System\YdDyYkS.exe
  C:\Windows\System\YdDyYkS.exe
  2⤵
  PID:5092
- C:\Windows\System\PHtfXIC.exe
  C:\Windows\System\PHtfXIC.exe
  2⤵
  PID:5116
- C:\Windows\System\PgQHZDW.exe
  C:\Windows\System\PgQHZDW.exe
  2⤵
  PID:3544
- C:\Windows\System\DkxcGJq.exe
  C:\Windows\System\DkxcGJq.exe
  2⤵
  PID:1400
- C:\Windows\System\CEHKjtG.exe
  C:\Windows\System\CEHKjtG.exe
  2⤵
  PID:3448
- C:\Windows\System\dSmaDCW.exe
  C:\Windows\System\dSmaDCW.exe
  2⤵
  PID:2716
- C:\Windows\System\NfGLJgf.exe
  C:\Windows\System\NfGLJgf.exe
  2⤵
  PID:3860
- C:\Windows\System\wuTAWjb.exe
  C:\Windows\System\wuTAWjb.exe
  2⤵
  PID:4124
- C:\Windows\System\KxNTbjB.exe
  C:\Windows\System\KxNTbjB.exe
  2⤵
  PID:3676
- C:\Windows\System\gOVJRFz.exe
  C:\Windows\System\gOVJRFz.exe
  2⤵
  PID:4160
- C:\Windows\System\vmdVKGo.exe
  C:\Windows\System\vmdVKGo.exe
  2⤵
  PID:4204
- C:\Windows\System\BxIFoxy.exe
  C:\Windows\System\BxIFoxy.exe
  2⤵
  PID:3256
- C:\Windows\System\ZPakaOl.exe
  C:\Windows\System\ZPakaOl.exe
  2⤵
  PID:4240
- C:\Windows\System\ZgYnlSL.exe
  C:\Windows\System\ZgYnlSL.exe
  2⤵
  PID:560
- C:\Windows\System\hLArKPu.exe
  C:\Windows\System\hLArKPu.exe
  2⤵
  PID:4328
- C:\Windows\System\rXXRPXM.exe
  C:\Windows\System\rXXRPXM.exe
  2⤵
  PID:4220
- C:\Windows\System\SGoqATa.exe
  C:\Windows\System\SGoqATa.exe
  2⤵
  PID:4264
- C:\Windows\System\ncfxhGR.exe
  C:\Windows\System\ncfxhGR.exe
  2⤵
  PID:4296
- C:\Windows\System\vPfsEIV.exe
  C:\Windows\System\vPfsEIV.exe
  2⤵
  PID:4448
- C:\Windows\System\mWnbqTQ.exe
  C:\Windows\System\mWnbqTQ.exe
  2⤵
  PID:4384
- C:\Windows\System\VTHGTTM.exe
  C:\Windows\System\VTHGTTM.exe
  2⤵
  PID:4420
- C:\Windows\System\shSCDmG.exe
  C:\Windows\System\shSCDmG.exe
  2⤵
  PID:4476
- C:\Windows\System\eFAEAZP.exe
  C:\Windows\System\eFAEAZP.exe
  2⤵
  PID:4576
- C:\Windows\System\xAXXiOE.exe
  C:\Windows\System\xAXXiOE.exe
  2⤵
  PID:4520
- C:\Windows\System\zpNUzIj.exe
  C:\Windows\System\zpNUzIj.exe
  2⤵
  PID:4560
- C:\Windows\System\SiJETzY.exe
  C:\Windows\System\SiJETzY.exe
  2⤵
  PID:4556
- C:\Windows\System\LYPMozn.exe
  C:\Windows\System\LYPMozn.exe
  2⤵
  PID:4660
- C:\Windows\System\evguzfF.exe
  C:\Windows\System\evguzfF.exe
  2⤵
  PID:4696
- C:\Windows\System\XdThlWG.exe
  C:\Windows\System\XdThlWG.exe
  2⤵
  PID:4640
- C:\Windows\System\QdzJmFy.exe
  C:\Windows\System\QdzJmFy.exe
  2⤵
  PID:4740
- C:\Windows\System\RLZboUf.exe
  C:\Windows\System\RLZboUf.exe
  2⤵
  PID:4816
- C:\Windows\System\NZqzfgA.exe
  C:\Windows\System\NZqzfgA.exe
  2⤵
  PID:4720
- C:\Windows\System\VaThBBe.exe
  C:\Windows\System\VaThBBe.exe
  2⤵
  PID:4912
- C:\Windows\System\mafCEOx.exe
  C:\Windows\System\mafCEOx.exe
  2⤵
  PID:4832
- C:\Windows\System\WQGZeTR.exe
  C:\Windows\System\WQGZeTR.exe
  2⤵
  PID:4948
- C:\Windows\System\CsLdoOk.exe
  C:\Windows\System\CsLdoOk.exe
  2⤵
  PID:2900
- C:\Windows\System\oTFcCqT.exe
  C:\Windows\System\oTFcCqT.exe
  2⤵
  PID:5020
- C:\Windows\System\fFTrwng.exe
  C:\Windows\System\fFTrwng.exe
  2⤵
  PID:4964
- C:\Windows\System\SgkUTpz.exe
  C:\Windows\System\SgkUTpz.exe
  2⤵
  PID:5064
- C:\Windows\System\QtmMqeO.exe
  C:\Windows\System\QtmMqeO.exe
  2⤵
  PID:5040
- C:\Windows\System\ExQUjjv.exe
  C:\Windows\System\ExQUjjv.exe
  2⤵
  PID:5088
- C:\Windows\System\ZnWWwby.exe
  C:\Windows\System\ZnWWwby.exe
  2⤵
  PID:1156
- C:\Windows\System\IfSLihq.exe
  C:\Windows\System\IfSLihq.exe
  2⤵
  PID:3432
- C:\Windows\System\FPaahcD.exe
  C:\Windows\System\FPaahcD.exe
  2⤵
  PID:3608
- C:\Windows\System\UYzlKTC.exe
  C:\Windows\System\UYzlKTC.exe
  2⤵
  PID:860
- C:\Windows\System\lnpvWXx.exe
  C:\Windows\System\lnpvWXx.exe
  2⤵
  PID:4244
- C:\Windows\System\fwNTlnl.exe
  C:\Windows\System\fwNTlnl.exe
  2⤵
  PID:4048
- C:\Windows\System\gTDDpZm.exe
  C:\Windows\System\gTDDpZm.exe
  2⤵
  PID:4140
- C:\Windows\System\TccFSNQ.exe
  C:\Windows\System\TccFSNQ.exe
  2⤵
  PID:4360
- C:\Windows\System\GVHkbLZ.exe
  C:\Windows\System\GVHkbLZ.exe
  2⤵
  PID:4388
- C:\Windows\System\lQLxHsN.exe
  C:\Windows\System\lQLxHsN.exe
  2⤵
  PID:4432
- C:\Windows\System\NdmKdLO.exe
  C:\Windows\System\NdmKdLO.exe
  2⤵
  PID:4504
- C:\Windows\System\dVhblfQ.exe
  C:\Windows\System\dVhblfQ.exe
  2⤵
  PID:4552
- C:\Windows\System\xbaWpLO.exe
  C:\Windows\System\xbaWpLO.exe
  2⤵
  PID:4180
- C:\Windows\System\WxysaFS.exe
  C:\Windows\System\WxysaFS.exe
  2⤵
  PID:4368
- C:\Windows\System\TRGoBEG.exe
  C:\Windows\System\TRGoBEG.exe
  2⤵
  PID:4400
- C:\Windows\System\eUBLREu.exe
  C:\Windows\System\eUBLREu.exe
  2⤵
  PID:4716
- C:\Windows\System\kLLoTyY.exe
  C:\Windows\System\kLLoTyY.exe
  2⤵
  PID:4452
- C:\Windows\System\YKJWFwG.exe
  C:\Windows\System\YKJWFwG.exe
  2⤵
  PID:4836
- C:\Windows\System\mYPPNiS.exe
  C:\Windows\System\mYPPNiS.exe
  2⤵
  PID:4980
- C:\Windows\System\qZGanHp.exe
  C:\Windows\System\qZGanHp.exe
  2⤵
  PID:4656
- C:\Windows\System\xDBbOGp.exe
  C:\Windows\System\xDBbOGp.exe
  2⤵
  PID:5028
- C:\Windows\System\cWLagzG.exe
  C:\Windows\System\cWLagzG.exe
  2⤵
  PID:5080
- C:\Windows\System\tXnUdgC.exe
  C:\Windows\System\tXnUdgC.exe
  2⤵
  PID:1616
- C:\Windows\System\zAxEmUx.exe
  C:\Windows\System\zAxEmUx.exe
  2⤵
  PID:4148
- C:\Windows\System\BKpeLea.exe
  C:\Windows\System\BKpeLea.exe
  2⤵
  PID:3112
- C:\Windows\System\nhnPYUs.exe
  C:\Windows\System\nhnPYUs.exe
  2⤵
  PID:4900
- C:\Windows\System\JBmaIdC.exe
  C:\Windows\System\JBmaIdC.exe
  2⤵
  PID:4636
- C:\Windows\System\DtMjoDz.exe
  C:\Windows\System\DtMjoDz.exe
  2⤵
  PID:4924
- C:\Windows\System\wLvKPgs.exe
  C:\Windows\System\wLvKPgs.exe
  2⤵
  PID:4200
- C:\Windows\System\kWpZdvL.exe
  C:\Windows\System\kWpZdvL.exe
  2⤵
  PID:5048
- C:\Windows\System\qtDxjFm.exe
  C:\Windows\System\qtDxjFm.exe
  2⤵
  PID:3020
- C:\Windows\System\HrOWwKG.exe
  C:\Windows\System\HrOWwKG.exe
  2⤵
  PID:4248
- C:\Windows\System\fybObwk.exe
  C:\Windows\System\fybObwk.exe
  2⤵
  PID:4428
- C:\Windows\System\vKoxeTF.exe
  C:\Windows\System\vKoxeTF.exe
  2⤵
  PID:4856
- C:\Windows\System\hXUaEXH.exe
  C:\Windows\System\hXUaEXH.exe
  2⤵
  PID:2860
- C:\Windows\System\UktomML.exe
  C:\Windows\System\UktomML.exe
  2⤵
  PID:268
- C:\Windows\System\giShKpS.exe
  C:\Windows\System\giShKpS.exe
  2⤵
  PID:1476
- C:\Windows\System\ZMTLWDK.exe
  C:\Windows\System\ZMTLWDK.exe
  2⤵
  PID:2940
- C:\Windows\System\GLZTWjc.exe
  C:\Windows\System\GLZTWjc.exe
  2⤵
  PID:912
- C:\Windows\System\cQgpGaR.exe
  C:\Windows\System\cQgpGaR.exe
  2⤵
  PID:2780
- C:\Windows\System\uZhioAF.exe
  C:\Windows\System\uZhioAF.exe
  2⤵
  PID:3268
- C:\Windows\System\YjcnsUI.exe
  C:\Windows\System\YjcnsUI.exe
  2⤵
  PID:2924
- C:\Windows\System\bewzZeh.exe
  C:\Windows\System\bewzZeh.exe
  2⤵
  PID:1588
- C:\Windows\System\vryETgl.exe
  C:\Windows\System\vryETgl.exe
  2⤵
  PID:2264
- C:\Windows\System\LRTtidW.exe
  C:\Windows\System\LRTtidW.exe
  2⤵
  PID:4596
- C:\Windows\System\QAndikf.exe
  C:\Windows\System\QAndikf.exe
  2⤵
  PID:4472
- C:\Windows\System\xlRLrMH.exe
  C:\Windows\System\xlRLrMH.exe
  2⤵
  PID:4408
- C:\Windows\System\IDShSUD.exe
  C:\Windows\System\IDShSUD.exe
  2⤵
  PID:4892
- C:\Windows\System\PwQvBWq.exe
  C:\Windows\System\PwQvBWq.exe
  2⤵
  PID:4876
- C:\Windows\System\fKLJsjA.exe
  C:\Windows\System\fKLJsjA.exe
  2⤵
  PID:5104
- C:\Windows\System\DjnwPXM.exe
  C:\Windows\System\DjnwPXM.exe
  2⤵
  PID:2188
- C:\Windows\System\gHtpGBW.exe
  C:\Windows\System\gHtpGBW.exe
  2⤵
  PID:2652
- C:\Windows\System\bUWnCaZ.exe
  C:\Windows\System\bUWnCaZ.exe
  2⤵
  PID:4144
- C:\Windows\System\AnoGJIJ.exe
  C:\Windows\System\AnoGJIJ.exe
  2⤵
  PID:4780
- C:\Windows\System\VXkWtDD.exe
  C:\Windows\System\VXkWtDD.exe
  2⤵
  PID:2768
- C:\Windows\System\nTvMuBf.exe
  C:\Windows\System\nTvMuBf.exe
  2⤵
  PID:3272
- C:\Windows\System\cznrMMu.exe
  C:\Windows\System\cznrMMu.exe
  2⤵
  PID:2288
- C:\Windows\System\aNLhflt.exe
  C:\Windows\System\aNLhflt.exe
  2⤵
  PID:4492
- C:\Windows\System\NJNFOzS.exe
  C:\Windows\System\NJNFOzS.exe
  2⤵
  PID:2700
- C:\Windows\System\iFHPAKK.exe
  C:\Windows\System\iFHPAKK.exe
  2⤵
  PID:5132
- C:\Windows\System\QQSDHgx.exe
  C:\Windows\System\QQSDHgx.exe
  2⤵
  PID:5148
- C:\Windows\System\zNWSCeT.exe
  C:\Windows\System\zNWSCeT.exe
  2⤵
  PID:5164
- C:\Windows\System\Hlbddus.exe
  C:\Windows\System\Hlbddus.exe
  2⤵
  PID:5180
- C:\Windows\System\pbypFUu.exe
  C:\Windows\System\pbypFUu.exe
  2⤵
  PID:5196
- C:\Windows\System\SXNiIwa.exe
  C:\Windows\System\SXNiIwa.exe
  2⤵
  PID:5212
- C:\Windows\System\LOZFXed.exe
  C:\Windows\System\LOZFXed.exe
  2⤵
  PID:5228
- C:\Windows\System\HzZMsRd.exe
  C:\Windows\System\HzZMsRd.exe
  2⤵
  PID:5244
- C:\Windows\System\aQGuOZZ.exe
  C:\Windows\System\aQGuOZZ.exe
  2⤵
  PID:5260
- C:\Windows\System\nsQrovG.exe
  C:\Windows\System\nsQrovG.exe
  2⤵
  PID:5276
- C:\Windows\System\IItmZcf.exe
  C:\Windows\System\IItmZcf.exe
  2⤵
  PID:5292
- C:\Windows\System\eNkyYFq.exe
  C:\Windows\System\eNkyYFq.exe
  2⤵
  PID:5308
- C:\Windows\System\jfqEwGz.exe
  C:\Windows\System\jfqEwGz.exe
  2⤵
  PID:5324
- C:\Windows\System\YIYjSgR.exe
  C:\Windows\System\YIYjSgR.exe
  2⤵
  PID:5340
- C:\Windows\System\bUmDIPm.exe
  C:\Windows\System\bUmDIPm.exe
  2⤵
  PID:5356
- C:\Windows\System\LJrhOPB.exe
  C:\Windows\System\LJrhOPB.exe
  2⤵
  PID:5372
- C:\Windows\System\YaBdTun.exe
  C:\Windows\System\YaBdTun.exe
  2⤵
  PID:5400
- C:\Windows\System\KlNNGoW.exe
  C:\Windows\System\KlNNGoW.exe
  2⤵
  PID:5416
- C:\Windows\System\KmchILV.exe
  C:\Windows\System\KmchILV.exe
  2⤵
  PID:5432
- C:\Windows\System\cUNbAoY.exe
  C:\Windows\System\cUNbAoY.exe
  2⤵
  PID:5448
- C:\Windows\System\ilCuBke.exe
  C:\Windows\System\ilCuBke.exe
  2⤵
  PID:5464
- C:\Windows\System\aicnMvg.exe
  C:\Windows\System\aicnMvg.exe
  2⤵
  PID:5480
- C:\Windows\System\Twxtxgw.exe
  C:\Windows\System\Twxtxgw.exe
  2⤵
  PID:5496
- C:\Windows\System\OfElBZE.exe
  C:\Windows\System\OfElBZE.exe
  2⤵
  PID:5512
- C:\Windows\System\qOEjIlZ.exe
  C:\Windows\System\qOEjIlZ.exe
  2⤵
  PID:5528
- C:\Windows\System\cKOsfQZ.exe
  C:\Windows\System\cKOsfQZ.exe
  2⤵
  PID:5544
- C:\Windows\System\rZqjKPq.exe
  C:\Windows\System\rZqjKPq.exe
  2⤵
  PID:5560
- C:\Windows\System\koVgTHi.exe
  C:\Windows\System\koVgTHi.exe
  2⤵
  PID:5576
- C:\Windows\System\LoHvqjO.exe
  C:\Windows\System\LoHvqjO.exe
  2⤵
  PID:5592
- C:\Windows\System\iiVtfYU.exe
  C:\Windows\System\iiVtfYU.exe
  2⤵
  PID:5608
- C:\Windows\System\UvqyjoQ.exe
  C:\Windows\System\UvqyjoQ.exe
  2⤵
  PID:5624
- C:\Windows\System\BtcEkaI.exe
  C:\Windows\System\BtcEkaI.exe
  2⤵
  PID:5640
- C:\Windows\System\NgMdAkM.exe
  C:\Windows\System\NgMdAkM.exe
  2⤵
  PID:5656
- C:\Windows\System\fgxaZAw.exe
  C:\Windows\System\fgxaZAw.exe
  2⤵
  PID:5672
- C:\Windows\System\qphLfzT.exe
  C:\Windows\System\qphLfzT.exe
  2⤵
  PID:5692
- C:\Windows\System\vRzgcon.exe
  C:\Windows\System\vRzgcon.exe
  2⤵
  PID:5708
- C:\Windows\System\tFNFXkn.exe
  C:\Windows\System\tFNFXkn.exe
  2⤵
  PID:5724
- C:\Windows\System\dPgNBvP.exe
  C:\Windows\System\dPgNBvP.exe
  2⤵
  PID:5740
- C:\Windows\System\QwfDDko.exe
  C:\Windows\System\QwfDDko.exe
  2⤵
  PID:5756
- C:\Windows\System\xNhISTA.exe
  C:\Windows\System\xNhISTA.exe
  2⤵
  PID:5772
- C:\Windows\System\JAIjXWG.exe
  C:\Windows\System\JAIjXWG.exe
  2⤵
  PID:5788
- C:\Windows\System\nHxgxiU.exe
  C:\Windows\System\nHxgxiU.exe
  2⤵
  PID:5804
- C:\Windows\System\SoPMfVa.exe
  C:\Windows\System\SoPMfVa.exe
  2⤵
  PID:5820
- C:\Windows\System\YYhPWOt.exe
  C:\Windows\System\YYhPWOt.exe
  2⤵
  PID:5836
- C:\Windows\System\BtIBzzr.exe
  C:\Windows\System\BtIBzzr.exe
  2⤵
  PID:5852
- C:\Windows\System\Tblqjoe.exe
  C:\Windows\System\Tblqjoe.exe
  2⤵
  PID:5868
- C:\Windows\System\vQEJrtQ.exe
  C:\Windows\System\vQEJrtQ.exe
  2⤵
  PID:5884
- C:\Windows\System\OlBIDPu.exe
  C:\Windows\System\OlBIDPu.exe
  2⤵
  PID:5900
- C:\Windows\System\PSPWsJi.exe
  C:\Windows\System\PSPWsJi.exe
  2⤵
  PID:5916
- C:\Windows\System\WKplSVB.exe
  C:\Windows\System\WKplSVB.exe
  2⤵
  PID:5932
- C:\Windows\System\zTsqnVp.exe
  C:\Windows\System\zTsqnVp.exe
  2⤵
  PID:5948
- C:\Windows\System\fxylcjo.exe
  C:\Windows\System\fxylcjo.exe
  2⤵
  PID:5964
- C:\Windows\System\oIHeuQh.exe
  C:\Windows\System\oIHeuQh.exe
  2⤵
  PID:5980
- C:\Windows\System\uRvBLNc.exe
  C:\Windows\System\uRvBLNc.exe
  2⤵
  PID:6076
- C:\Windows\System\xXjOQqW.exe
  C:\Windows\System\xXjOQqW.exe
  2⤵
  PID:6092
- C:\Windows\System\BXeLmJZ.exe
  C:\Windows\System\BXeLmJZ.exe
  2⤵
  PID:6108
- C:\Windows\System\gLqDXkW.exe
  C:\Windows\System\gLqDXkW.exe
  2⤵
  PID:6124
- C:\Windows\System\HKjexEe.exe
  C:\Windows\System\HKjexEe.exe
  2⤵
  PID:6140
- C:\Windows\System\wyHZINW.exe
  C:\Windows\System\wyHZINW.exe
  2⤵
  PID:3176
- C:\Windows\System\vepPXdT.exe
  C:\Windows\System\vepPXdT.exe
  2⤵
  PID:4580
- C:\Windows\System\UBdTJyQ.exe
  C:\Windows\System\UBdTJyQ.exe
  2⤵
  PID:4744
- C:\Windows\System\XGXXUid.exe
  C:\Windows\System\XGXXUid.exe
  2⤵
  PID:5004
- C:\Windows\System\hQfrtcD.exe
  C:\Windows\System\hQfrtcD.exe
  2⤵
  PID:4776
- C:\Windows\System\IZsGUKW.exe
  C:\Windows\System\IZsGUKW.exe
  2⤵
  PID:5140
- C:\Windows\System\JthJvQy.exe
  C:\Windows\System\JthJvQy.exe
  2⤵
  PID:5128
- C:\Windows\System\BSWkgzN.exe
  C:\Windows\System\BSWkgzN.exe
  2⤵
  PID:5156
- C:\Windows\System\PSBgPFT.exe
  C:\Windows\System\PSBgPFT.exe
  2⤵
  PID:5236
- C:\Windows\System\deUHkKH.exe
  C:\Windows\System\deUHkKH.exe
  2⤵
  PID:5240
- C:\Windows\System\PtBixyU.exe
  C:\Windows\System\PtBixyU.exe
  2⤵
  PID:5304
- C:\Windows\System\Uhfhplz.exe
  C:\Windows\System\Uhfhplz.exe
  2⤵
  PID:5288
- C:\Windows\System\XyHADSw.exe
  C:\Windows\System\XyHADSw.exe
  2⤵
  PID:2984
- C:\Windows\System\tLRydIZ.exe
  C:\Windows\System\tLRydIZ.exe
  2⤵
  PID:5320
- C:\Windows\System\OakGHag.exe
  C:\Windows\System\OakGHag.exe
  2⤵
  PID:1760
- C:\Windows\System\OhgMsgl.exe
  C:\Windows\System\OhgMsgl.exe
  2⤵
  PID:5440
- C:\Windows\System\RsKhITA.exe
  C:\Windows\System\RsKhITA.exe
  2⤵
  PID:5424
- C:\Windows\System\rdwfzov.exe
  C:\Windows\System\rdwfzov.exe
  2⤵
  PID:5504
- C:\Windows\System\fSyRzyd.exe
  C:\Windows\System\fSyRzyd.exe
  2⤵
  PID:5492
- C:\Windows\System\oWIUlJj.exe
  C:\Windows\System\oWIUlJj.exe
  2⤵
  PID:5524
- C:\Windows\System\LSUAltx.exe
  C:\Windows\System\LSUAltx.exe
  2⤵
  PID:5600
- C:\Windows\System\WglIsJr.exe
  C:\Windows\System\WglIsJr.exe
  2⤵
  PID:3000
- C:\Windows\System\lBMiKFv.exe
  C:\Windows\System\lBMiKFv.exe
  2⤵
  PID:5636
- C:\Windows\System\jIqFePB.exe
  C:\Windows\System\jIqFePB.exe
  2⤵
  PID:5616
- C:\Windows\System\vjPuHOP.exe
  C:\Windows\System\vjPuHOP.exe
  2⤵
  PID:2552
- C:\Windows\System\LUwNDsj.exe
  C:\Windows\System\LUwNDsj.exe
  2⤵
  PID:5652
- C:\Windows\System\LqVSqRO.exe
  C:\Windows\System\LqVSqRO.exe
  2⤵
  PID:1300
- C:\Windows\System\ijAgIAx.exe
  C:\Windows\System\ijAgIAx.exe
  2⤵
  PID:2844
- C:\Windows\System\UTYvsnj.exe
  C:\Windows\System\UTYvsnj.exe
  2⤵
  PID:5800
- C:\Windows\System\yYiZWCK.exe
  C:\Windows\System\yYiZWCK.exe
  2⤵
  PID:712
- C:\Windows\System\BBtLZwa.exe
  C:\Windows\System\BBtLZwa.exe
  2⤵
  PID:5860
- C:\Windows\System\EQvpnms.exe
  C:\Windows\System\EQvpnms.exe
  2⤵
  PID:5896
- C:\Windows\System\noPYWZY.exe
  C:\Windows\System\noPYWZY.exe
  2⤵
  PID:5956
- C:\Windows\System\JymzCBq.exe
  C:\Windows\System\JymzCBq.exe
  2⤵
  PID:5812
- C:\Windows\System\zTrzoHD.exe
  C:\Windows\System\zTrzoHD.exe
  2⤵
  PID:5880
- C:\Windows\System\cLECzJb.exe
  C:\Windows\System\cLECzJb.exe
  2⤵
  PID:5940
- C:\Windows\System\UuDAzQY.exe
  C:\Windows\System\UuDAzQY.exe
  2⤵
  PID:5688
- C:\Windows\System\gdEbqxO.exe
  C:\Windows\System\gdEbqxO.exe
  2⤵
  PID:5996
- C:\Windows\System\OFzilUf.exe
  C:\Windows\System\OFzilUf.exe
  2⤵
  PID:2808
- C:\Windows\System\qQTrFpg.exe
  C:\Windows\System\qQTrFpg.exe
  2⤵
  PID:1560
- C:\Windows\System\BfueDRW.exe
  C:\Windows\System\BfueDRW.exe
  2⤵
  PID:6020
- C:\Windows\System\dnxOVyM.exe
  C:\Windows\System\dnxOVyM.exe
  2⤵
  PID:6044
- C:\Windows\System\KbgtorW.exe
  C:\Windows\System\KbgtorW.exe
  2⤵
  PID:6060
- C:\Windows\System\Bpwqvuu.exe
  C:\Windows\System\Bpwqvuu.exe
  2⤵
  PID:2564
- C:\Windows\System\UwJccgk.exe
  C:\Windows\System\UwJccgk.exe
  2⤵
  PID:1952
- C:\Windows\System\ZLHSeIs.exe
  C:\Windows\System\ZLHSeIs.exe
  2⤵
  PID:2712
- C:\Windows\System\JxSwjPv.exe
  C:\Windows\System\JxSwjPv.exe
  2⤵
  PID:824
- C:\Windows\System\esqQuIh.exe
  C:\Windows\System\esqQuIh.exe
  2⤵
  PID:2096
- C:\Windows\System\vrJWPxY.exe
  C:\Windows\System\vrJWPxY.exe
  2⤵
  PID:2496
- C:\Windows\System\LuRGNuD.exe
  C:\Windows\System\LuRGNuD.exe
  2⤵
  PID:6072
- C:\Windows\System\zyWyJxU.exe
  C:\Windows\System\zyWyJxU.exe
  2⤵
  PID:6116
- C:\Windows\System\PvhBqxY.exe
  C:\Windows\System\PvhBqxY.exe
  2⤵
  PID:3384
- C:\Windows\System\oXYNPEt.exe
  C:\Windows\System\oXYNPEt.exe
  2⤵
  PID:5144
- C:\Windows\System\ckglSSd.exe
  C:\Windows\System\ckglSSd.exe
  2⤵
  PID:6100
- C:\Windows\System\hBwilRx.exe
  C:\Windows\System\hBwilRx.exe
  2⤵
  PID:2292
- C:\Windows\System\ZGchhXY.exe
  C:\Windows\System\ZGchhXY.exe
  2⤵
  PID:5204
- C:\Windows\System\ONVQRnv.exe
  C:\Windows\System\ONVQRnv.exe
  2⤵
  PID:5252
- C:\Windows\System\berSRVC.exe
  C:\Windows\System\berSRVC.exe
  2⤵
  PID:5300
- C:\Windows\System\pIikFfO.exe
  C:\Windows\System\pIikFfO.exe
  2⤵
  PID:5284
- C:\Windows\System\cjMGlgA.exe
  C:\Windows\System\cjMGlgA.exe
  2⤵
  PID:5476
- C:\Windows\System\StNpzZh.exe
  C:\Windows\System\StNpzZh.exe
  2⤵
  PID:5456
- C:\Windows\System\PLfXSwu.exe
  C:\Windows\System\PLfXSwu.exe
  2⤵
  PID:5584
- C:\Windows\System\CwTIhiA.exe
  C:\Windows\System\CwTIhiA.exe
  2⤵
  PID:968
- C:\Windows\System\vUFCxDX.exe
  C:\Windows\System\vUFCxDX.exe
  2⤵
  PID:2464
- C:\Windows\System\UAwMprb.exe
  C:\Windows\System\UAwMprb.exe
  2⤵
  PID:5796
- C:\Windows\System\LvOcinE.exe
  C:\Windows\System\LvOcinE.exe
  2⤵
  PID:5924
- C:\Windows\System\ehLjqZF.exe
  C:\Windows\System\ehLjqZF.exe
  2⤵
  PID:5716
- C:\Windows\System\lKFWsDE.exe
  C:\Windows\System\lKFWsDE.exe
  2⤵
  PID:5752
- C:\Windows\System\VhCoWFT.exe
  C:\Windows\System\VhCoWFT.exe
  2⤵
  PID:5960
- C:\Windows\System\HNcsbSR.exe
  C:\Windows\System\HNcsbSR.exe
  2⤵
  PID:5976
- C:\Windows\System\fKluejf.exe
  C:\Windows\System\fKluejf.exe
  2⤵
  PID:1216
- C:\Windows\System\qsIJLnE.exe
  C:\Windows\System\qsIJLnE.exe
  2⤵
  PID:1800
- C:\Windows\System\kiMXeuF.exe
  C:\Windows\System\kiMXeuF.exe
  2⤵
  PID:6056
- C:\Windows\System\sAANzKv.exe
  C:\Windows\System\sAANzKv.exe
  2⤵
  PID:2068
- C:\Windows\System\EKZkMaV.exe
  C:\Windows\System\EKZkMaV.exe
  2⤵
  PID:2584
- C:\Windows\System\pkBWtqx.exe
  C:\Windows\System\pkBWtqx.exe
  2⤵
  PID:3028
- C:\Windows\System\qZsfESg.exe
  C:\Windows\System\qZsfESg.exe
  2⤵
  PID:2764
- C:\Windows\System\neldZgJ.exe
  C:\Windows\System\neldZgJ.exe
  2⤵
  PID:6104
- C:\Windows\System\lSFZXTy.exe
  C:\Windows\System\lSFZXTy.exe
  2⤵
  PID:5220
- C:\Windows\System\RSJueLb.exe
  C:\Windows\System\RSJueLb.exe
  2⤵
  PID:4216
- C:\Windows\System\SXEJVLI.exe
  C:\Windows\System\SXEJVLI.exe
  2⤵
  PID:2500
- C:\Windows\System\VbvDbnm.exe
  C:\Windows\System\VbvDbnm.exe
  2⤵
  PID:2736
- C:\Windows\System\LJWBJDy.exe
  C:\Windows\System\LJWBJDy.exe
  2⤵
  PID:5748
- C:\Windows\System\agLpcZK.exe
  C:\Windows\System\agLpcZK.exe
  2⤵
  PID:5536
- C:\Windows\System\FGlgPLY.exe
  C:\Windows\System\FGlgPLY.exe
  2⤵
  PID:5784
- C:\Windows\System\onJXVxs.exe
  C:\Windows\System\onJXVxs.exe
  2⤵
  PID:5396
- C:\Windows\System\sSDpIDd.exe
  C:\Windows\System\sSDpIDd.exe
  2⤵
  PID:2076
- C:\Windows\System\MWvWkEL.exe
  C:\Windows\System\MWvWkEL.exe
  2⤵
  PID:1908
- C:\Windows\System\MLLdhLw.exe
  C:\Windows\System\MLLdhLw.exe
  2⤵
  PID:308
- C:\Windows\System\sWGhGcL.exe
  C:\Windows\System\sWGhGcL.exe
  2⤵
  PID:4600
- C:\Windows\System\XmQCGUV.exe
  C:\Windows\System\XmQCGUV.exe
  2⤵
  PID:5336
- C:\Windows\System\AyfPYIk.exe
  C:\Windows\System\AyfPYIk.exe
  2⤵
  PID:2956
- C:\Windows\System\jICPIWW.exe
  C:\Windows\System\jICPIWW.exe
  2⤵
  PID:5620
- C:\Windows\System\GmVtuoC.exe
  C:\Windows\System\GmVtuoC.exe
  2⤵
  PID:5876
- C:\Windows\System\mdderWc.exe
  C:\Windows\System\mdderWc.exe
  2⤵
  PID:2632
- C:\Windows\System\cWGfUbm.exe
  C:\Windows\System\cWGfUbm.exe
  2⤵
  PID:2408
- C:\Windows\System\TWsitUa.exe
  C:\Windows\System\TWsitUa.exe
  2⤵
  PID:5188
- C:\Windows\System\ZmipYbI.exe
  C:\Windows\System\ZmipYbI.exe
  2⤵
  PID:6008
- C:\Windows\System\XdELksC.exe
  C:\Windows\System\XdELksC.exe
  2⤵
  PID:5460
- C:\Windows\System\ZOuyPjU.exe
  C:\Windows\System\ZOuyPjU.exe
  2⤵
  PID:5208
- C:\Windows\System\iDQgzsC.exe
  C:\Windows\System\iDQgzsC.exe
  2⤵
  PID:5780
- C:\Windows\System\TNkTWGL.exe
  C:\Windows\System\TNkTWGL.exe
  2⤵
  PID:6156
- C:\Windows\System\RHFyWAD.exe
  C:\Windows\System\RHFyWAD.exe
  2⤵
  PID:6172
- C:\Windows\System\xAHFvMD.exe
  C:\Windows\System\xAHFvMD.exe
  2⤵
  PID:6188
- C:\Windows\System\UlAtZhY.exe
  C:\Windows\System\UlAtZhY.exe
  2⤵
  PID:6204
- C:\Windows\System\WWbzGEf.exe
  C:\Windows\System\WWbzGEf.exe
  2⤵
  PID:6220
- C:\Windows\System\UoFxznJ.exe
  C:\Windows\System\UoFxznJ.exe
  2⤵
  PID:6236
- C:\Windows\System\mBXHysz.exe
  C:\Windows\System\mBXHysz.exe
  2⤵
  PID:6252
- C:\Windows\System\CttYBUd.exe
  C:\Windows\System\CttYBUd.exe
  2⤵
  PID:6268
- C:\Windows\System\ZBveQXb.exe
  C:\Windows\System\ZBveQXb.exe
  2⤵
  PID:6284
- C:\Windows\System\uTWcYkA.exe
  C:\Windows\System\uTWcYkA.exe
  2⤵
  PID:6300
- C:\Windows\System\VYIwNQV.exe
  C:\Windows\System\VYIwNQV.exe
  2⤵
  PID:6316
- C:\Windows\System\orwAxSK.exe
  C:\Windows\System\orwAxSK.exe
  2⤵
  PID:6332
- C:\Windows\System\tOYPVpi.exe
  C:\Windows\System\tOYPVpi.exe
  2⤵
  PID:6348
- C:\Windows\System\xDmHCJB.exe
  C:\Windows\System\xDmHCJB.exe
  2⤵
  PID:6364
- C:\Windows\System\gRLrBVg.exe
  C:\Windows\System\gRLrBVg.exe
  2⤵
  PID:6380
- C:\Windows\System\zkKcKIb.exe
  C:\Windows\System\zkKcKIb.exe
  2⤵
  PID:6396
- C:\Windows\System\OTcTMSQ.exe
  C:\Windows\System\OTcTMSQ.exe
  2⤵
  PID:6412
- C:\Windows\System\yDYEJKV.exe
  C:\Windows\System\yDYEJKV.exe
  2⤵
  PID:6428
- C:\Windows\System\EOoWeWp.exe
  C:\Windows\System\EOoWeWp.exe
  2⤵
  PID:6444
- C:\Windows\System\QjoLGfw.exe
  C:\Windows\System\QjoLGfw.exe
  2⤵
  PID:6460
- C:\Windows\System\pZmFqKg.exe
  C:\Windows\System\pZmFqKg.exe
  2⤵
  PID:6476
- C:\Windows\System\WISjOXv.exe
  C:\Windows\System\WISjOXv.exe
  2⤵
  PID:6492
- C:\Windows\System\HihpUCZ.exe
  C:\Windows\System\HihpUCZ.exe
  2⤵
  PID:6508
- C:\Windows\System\gYvajgC.exe
  C:\Windows\System\gYvajgC.exe
  2⤵
  PID:6524
- C:\Windows\System\pihLVCa.exe
  C:\Windows\System\pihLVCa.exe
  2⤵
  PID:6540
- C:\Windows\System\WTjwSUH.exe
  C:\Windows\System\WTjwSUH.exe
  2⤵
  PID:6556
- C:\Windows\System\vVgqwhP.exe
  C:\Windows\System\vVgqwhP.exe
  2⤵
  PID:6572
- C:\Windows\System\caiRxki.exe
  C:\Windows\System\caiRxki.exe
  2⤵
  PID:6592
- C:\Windows\System\CqNjspK.exe
  C:\Windows\System\CqNjspK.exe
  2⤵
  PID:6608
- C:\Windows\System\wqOruxM.exe
  C:\Windows\System\wqOruxM.exe
  2⤵
  PID:6624
- C:\Windows\System\psCnQUx.exe
  C:\Windows\System\psCnQUx.exe
  2⤵
  PID:6640
- C:\Windows\System\crpoEvH.exe
  C:\Windows\System\crpoEvH.exe
  2⤵
  PID:6656
- C:\Windows\System\HopuEvM.exe
  C:\Windows\System\HopuEvM.exe
  2⤵
  PID:6680
- C:\Windows\System\fdVxopB.exe
  C:\Windows\System\fdVxopB.exe
  2⤵
  PID:6700
- C:\Windows\System\TeyLwgL.exe
  C:\Windows\System\TeyLwgL.exe
  2⤵
  PID:6716
- C:\Windows\System\lydDUwP.exe
  C:\Windows\System\lydDUwP.exe
  2⤵
  PID:6732
- C:\Windows\System\GgEFqWQ.exe
  C:\Windows\System\GgEFqWQ.exe
  2⤵
  PID:6752
- C:\Windows\System\WMXXcvW.exe
  C:\Windows\System\WMXXcvW.exe
  2⤵
  PID:6768
- C:\Windows\System\wtxttqw.exe
  C:\Windows\System\wtxttqw.exe
  2⤵
  PID:6784
- C:\Windows\System\vVpcVGC.exe
  C:\Windows\System\vVpcVGC.exe
  2⤵
  PID:6800
- C:\Windows\System\xSAYOpT.exe
  C:\Windows\System\xSAYOpT.exe
  2⤵
  PID:6816
- C:\Windows\System\dcGCksw.exe
  C:\Windows\System\dcGCksw.exe
  2⤵
  PID:6832
- C:\Windows\System\AHjtqwp.exe
  C:\Windows\System\AHjtqwp.exe
  2⤵
  PID:6848
- C:\Windows\System\fqcmkhb.exe
  C:\Windows\System\fqcmkhb.exe
  2⤵
  PID:6864
- C:\Windows\System\CeqCzyx.exe
  C:\Windows\System\CeqCzyx.exe
  2⤵
  PID:6880
- C:\Windows\System\zfYbhSO.exe
  C:\Windows\System\zfYbhSO.exe
  2⤵
  PID:6900
- C:\Windows\System\bVVjHZK.exe
  C:\Windows\System\bVVjHZK.exe
  2⤵
  PID:6916
- C:\Windows\System\KQNSlQk.exe
  C:\Windows\System\KQNSlQk.exe
  2⤵
  PID:6932
- C:\Windows\System\ultgsOs.exe
  C:\Windows\System\ultgsOs.exe
  2⤵
  PID:6948
- C:\Windows\System\RgMXDtf.exe
  C:\Windows\System\RgMXDtf.exe
  2⤵
  PID:6964
- C:\Windows\System\KnenvyA.exe
  C:\Windows\System\KnenvyA.exe
  2⤵
  PID:6980
- C:\Windows\System\QvArNCp.exe
  C:\Windows\System\QvArNCp.exe
  2⤵
  PID:6996
- C:\Windows\System\fGrbufN.exe
  C:\Windows\System\fGrbufN.exe
  2⤵
  PID:7012
- C:\Windows\System\AmFbQZM.exe
  C:\Windows\System\AmFbQZM.exe
  2⤵
  PID:7028
- C:\Windows\System\wSGOlIz.exe
  C:\Windows\System\wSGOlIz.exe
  2⤵
  PID:7044
- C:\Windows\System\cCbGkUX.exe
  C:\Windows\System\cCbGkUX.exe
  2⤵
  PID:7060
- C:\Windows\System\CvJdQIx.exe
  C:\Windows\System\CvJdQIx.exe
  2⤵
  PID:7076
- C:\Windows\System\trEGYwg.exe
  C:\Windows\System\trEGYwg.exe
  2⤵
  PID:7092
- C:\Windows\System\UPViktE.exe
  C:\Windows\System\UPViktE.exe
  2⤵
  PID:7108
- C:\Windows\System\bszBBuz.exe
  C:\Windows\System\bszBBuz.exe
  2⤵
  PID:7124
- C:\Windows\System\ijdpTxb.exe
  C:\Windows\System\ijdpTxb.exe
  2⤵
  PID:7140
- C:\Windows\System\HreLLMN.exe
  C:\Windows\System\HreLLMN.exe
  2⤵
  PID:7156
- C:\Windows\System\oTzMrXV.exe
  C:\Windows\System\oTzMrXV.exe
  2⤵
  PID:6168
- C:\Windows\System\pWEbyPZ.exe
  C:\Windows\System\pWEbyPZ.exe
  2⤵
  PID:6180
- C:\Windows\System\ScOgQBn.exe
  C:\Windows\System\ScOgQBn.exe
  2⤵
  PID:6228
- C:\Windows\System\eyOByEX.exe
  C:\Windows\System\eyOByEX.exe
  2⤵
  PID:6212
- C:\Windows\System\kzsUPYp.exe
  C:\Windows\System\kzsUPYp.exe
  2⤵
  PID:6264
- C:\Windows\System\nfIFmqp.exe
  C:\Windows\System\nfIFmqp.exe
  2⤵
  PID:6280
- C:\Windows\System\RvLOEBu.exe
  C:\Windows\System\RvLOEBu.exe
  2⤵
  PID:6328
- C:\Windows\System\GtzWhZv.exe
  C:\Windows\System\GtzWhZv.exe
  2⤵
  PID:6308
- C:\Windows\System\KvReYaJ.exe
  C:\Windows\System\KvReYaJ.exe
  2⤵
  PID:6340
- C:\Windows\System\OQhzSbb.exe
  C:\Windows\System\OQhzSbb.exe
  2⤵
  PID:6408
- C:\Windows\System\JVbBVXh.exe
  C:\Windows\System\JVbBVXh.exe
  2⤵
  PID:6552
- C:\Windows\System\ZrOjksD.exe
  C:\Windows\System\ZrOjksD.exe
  2⤵
  PID:6520
- C:\Windows\System\UZXEuBw.exe
  C:\Windows\System\UZXEuBw.exe
  2⤵
  PID:5472
- C:\Windows\System\eOsDlMi.exe
  C:\Windows\System\eOsDlMi.exe
  2⤵
  PID:5176
- C:\Windows\System\ZwOnULS.exe
  C:\Windows\System\ZwOnULS.exe
  2⤵
  PID:6564
- C:\Windows\System\vvCNJfg.exe
  C:\Windows\System\vvCNJfg.exe
  2⤵
  PID:6604
- C:\Windows\System\DQJTVoI.exe
  C:\Windows\System\DQJTVoI.exe
  2⤵
  PID:6760
- C:\Windows\System\RqYKOfu.exe
  C:\Windows\System\RqYKOfu.exe
  2⤵
  PID:6780
- C:\Windows\System\wtJdUMa.exe
  C:\Windows\System\wtJdUMa.exe
  2⤵
  PID:6812
- C:\Windows\System\ISTJuhu.exe
  C:\Windows\System\ISTJuhu.exe
  2⤵
  PID:6876
- C:\Windows\System\kFRIcLS.exe
  C:\Windows\System\kFRIcLS.exe
  2⤵
  PID:6828
- C:\Windows\System\XVAappn.exe
  C:\Windows\System\XVAappn.exe
  2⤵
  PID:6924
- C:\Windows\System\utcPwDY.exe
  C:\Windows\System\utcPwDY.exe
  2⤵
  PID:6344
- C:\Windows\System\XUDuVEL.exe
  C:\Windows\System\XUDuVEL.exe
  2⤵
  PID:6548
- C:\Windows\System\cHBmucD.exe
  C:\Windows\System\cHBmucD.exe
  2⤵
  PID:6664
- C:\Windows\System\QaAWzyr.exe
  C:\Windows\System\QaAWzyr.exe
  2⤵
  PID:6856
- C:\Windows\System\vlPAONl.exe
  C:\Windows\System\vlPAONl.exe
  2⤵
  PID:6840
- C:\Windows\System\UQVycRr.exe
  C:\Windows\System\UQVycRr.exe
  2⤵
  PID:6908
- C:\Windows\System\zSdrRrC.exe
  C:\Windows\System\zSdrRrC.exe
  2⤵
  PID:6976
- C:\Windows\System\JIeSeiR.exe
  C:\Windows\System\JIeSeiR.exe
  2⤵
  PID:7008
- C:\Windows\System\quwsbeC.exe
  C:\Windows\System\quwsbeC.exe
  2⤵
  PID:7084
- C:\Windows\System\KKvozvq.exe
  C:\Windows\System\KKvozvq.exe
  2⤵
  PID:7056
- C:\Windows\System\bcTTlsD.exe
  C:\Windows\System\bcTTlsD.exe
  2⤵
  PID:7116
- C:\Windows\System\dmSKiEg.exe
  C:\Windows\System\dmSKiEg.exe
  2⤵
  PID:6148
- C:\Windows\System\aArdvjZ.exe
  C:\Windows\System\aArdvjZ.exe
  2⤵
  PID:6152
- C:\Windows\System\pykbTvt.exe
  C:\Windows\System\pykbTvt.exe
  2⤵
  PID:6196
- C:\Windows\System\lbKyMEE.exe
  C:\Windows\System\lbKyMEE.exe
  2⤵
  PID:1736
- C:\Windows\System\SlbLnIj.exe
  C:\Windows\System\SlbLnIj.exe
  2⤵
  PID:6356
- C:\Windows\System\KuysqJa.exe
  C:\Windows\System\KuysqJa.exe
  2⤵
  PID:7072
- C:\Windows\System\swVDuuZ.exe
  C:\Windows\System\swVDuuZ.exe
  2⤵
  PID:6944
- C:\Windows\System\lcVgShw.exe
  C:\Windows\System\lcVgShw.exe
  2⤵
  PID:7100
- C:\Windows\System\WTcgClh.exe
  C:\Windows\System\WTcgClh.exe
  2⤵
  PID:6244
- C:\Windows\System\nIjshwN.exe
  C:\Windows\System\nIjshwN.exe
  2⤵
  PID:6712
- C:\Windows\System\THhSNhj.exe
  C:\Windows\System\THhSNhj.exe
  2⤵
  PID:6484
- C:\Windows\System\PvLgNKt.exe
  C:\Windows\System\PvLgNKt.exe
  2⤵
  PID:6708
- C:\Windows\System\wxIThQN.exe
  C:\Windows\System\wxIThQN.exe
  2⤵
  PID:6688
- C:\Windows\System\ZCfbacy.exe
  C:\Windows\System\ZCfbacy.exe
  2⤵
  PID:6724
- C:\Windows\System\rhvxzDF.exe
  C:\Windows\System\rhvxzDF.exe
  2⤵
  PID:6620
- C:\Windows\System\JvztiYj.exe
  C:\Windows\System\JvztiYj.exe
  2⤵
  PID:6808
- C:\Windows\System\cbYDTZC.exe
  C:\Windows\System\cbYDTZC.exe
  2⤵
  PID:6912
- C:\Windows\System\FrHMZAI.exe
  C:\Windows\System\FrHMZAI.exe
  2⤵
  PID:6588
- C:\Windows\System\dspDCrb.exe
  C:\Windows\System\dspDCrb.exe
  2⤵
  PID:6676
- C:\Windows\System\HQCNlxQ.exe
  C:\Windows\System\HQCNlxQ.exe
  2⤵
  PID:7152
- C:\Windows\System\pufrLTk.exe
  C:\Windows\System\pufrLTk.exe
  2⤵
  PID:1968
- C:\Windows\System\xnDlNmv.exe
  C:\Windows\System\xnDlNmv.exe
  2⤵
  PID:6728
- C:\Windows\System\pSikQEl.exe
  C:\Windows\System\pSikQEl.exe
  2⤵
  PID:6928
- C:\Windows\System\bknHNgc.exe
  C:\Windows\System\bknHNgc.exe
  2⤵
  PID:6740
- C:\Windows\System\oSczUmV.exe
  C:\Windows\System\oSczUmV.exe
  2⤵
  PID:6600
- C:\Windows\System\ucLKwOA.exe
  C:\Windows\System\ucLKwOA.exe
  2⤵
  PID:6452
- C:\Windows\System\OOKeitc.exe
  C:\Windows\System\OOKeitc.exe
  2⤵
  PID:7136
- C:\Windows\System\MomRGlQ.exe
  C:\Windows\System\MomRGlQ.exe
  2⤵
  PID:6584
- C:\Windows\System\wCLIcgL.exe
  C:\Windows\System\wCLIcgL.exe
  2⤵
  PID:6872
- C:\Windows\System\WeDwheD.exe
  C:\Windows\System\WeDwheD.exe
  2⤵
  PID:6860
- C:\Windows\System\vNNdTEH.exe
  C:\Windows\System\vNNdTEH.exe
  2⤵
  PID:7180
- C:\Windows\System\xmLFQIj.exe
  C:\Windows\System\xmLFQIj.exe
  2⤵
  PID:7196
- C:\Windows\System\zPLoimN.exe
  C:\Windows\System\zPLoimN.exe
  2⤵
  PID:7212
- C:\Windows\System\ajNNxZe.exe
  C:\Windows\System\ajNNxZe.exe
  2⤵
  PID:7228
- C:\Windows\System\NcbWncJ.exe
  C:\Windows\System\NcbWncJ.exe
  2⤵
  PID:7244
- C:\Windows\System\MyCHyWu.exe
  C:\Windows\System\MyCHyWu.exe
  2⤵
  PID:7260
- C:\Windows\System\WMcWoxp.exe
  C:\Windows\System\WMcWoxp.exe
  2⤵
  PID:7276
- C:\Windows\System\OFHYpOL.exe
  C:\Windows\System\OFHYpOL.exe
  2⤵
  PID:7292
- C:\Windows\System\QpagYxQ.exe
  C:\Windows\System\QpagYxQ.exe
  2⤵
  PID:7308
- C:\Windows\System\wqSXjcr.exe
  C:\Windows\System\wqSXjcr.exe
  2⤵
  PID:7324
- C:\Windows\System\ggJIHWf.exe
  C:\Windows\System\ggJIHWf.exe
  2⤵
  PID:7340
- C:\Windows\System\putiDtX.exe
  C:\Windows\System\putiDtX.exe
  2⤵
  PID:7356
- C:\Windows\System\vpuUVVv.exe
  C:\Windows\System\vpuUVVv.exe
  2⤵
  PID:7372
- C:\Windows\System\fMLeqAq.exe
  C:\Windows\System\fMLeqAq.exe
  2⤵
  PID:7388
- C:\Windows\System\TMhqjIm.exe
  C:\Windows\System\TMhqjIm.exe
  2⤵
  PID:7404
- C:\Windows\System\TkidsFr.exe
  C:\Windows\System\TkidsFr.exe
  2⤵
  PID:7420
- C:\Windows\System\eujXWev.exe
  C:\Windows\System\eujXWev.exe
  2⤵
  PID:7436
- C:\Windows\System\NpytcUm.exe
  C:\Windows\System\NpytcUm.exe
  2⤵
  PID:7452
- C:\Windows\System\YOVqWKW.exe
  C:\Windows\System\YOVqWKW.exe
  2⤵
  PID:7468
- C:\Windows\System\zHThavn.exe
  C:\Windows\System\zHThavn.exe
  2⤵
  PID:7484
- C:\Windows\System\NbFBDtx.exe
  C:\Windows\System\NbFBDtx.exe
  2⤵
  PID:7500
- C:\Windows\System\LYIeNtO.exe
  C:\Windows\System\LYIeNtO.exe
  2⤵
  PID:7516
- C:\Windows\System\PWtKisK.exe
  C:\Windows\System\PWtKisK.exe
  2⤵
  PID:7536
- C:\Windows\System\cjOUxIi.exe
  C:\Windows\System\cjOUxIi.exe
  2⤵
  PID:7552
- C:\Windows\System\YsOOqba.exe
  C:\Windows\System\YsOOqba.exe
  2⤵
  PID:7568
- C:\Windows\System\YqQPtRy.exe
  C:\Windows\System\YqQPtRy.exe
  2⤵
  PID:7584
- C:\Windows\System\bgcJXYK.exe
  C:\Windows\System\bgcJXYK.exe
  2⤵
  PID:7600
- C:\Windows\System\erzZdpX.exe
  C:\Windows\System\erzZdpX.exe
  2⤵
  PID:7616
- C:\Windows\System\IuPLWeg.exe
  C:\Windows\System\IuPLWeg.exe
  2⤵
  PID:7632
- C:\Windows\System\rbeYokc.exe
  C:\Windows\System\rbeYokc.exe
  2⤵
  PID:7648
- C:\Windows\System\hNOvSRi.exe
  C:\Windows\System\hNOvSRi.exe
  2⤵
  PID:7664
- C:\Windows\System\pQyMWDW.exe
  C:\Windows\System\pQyMWDW.exe
  2⤵
  PID:7680
- C:\Windows\System\BNQyDTA.exe
  C:\Windows\System\BNQyDTA.exe
  2⤵
  PID:7696
- C:\Windows\System\HNfNRNa.exe
  C:\Windows\System\HNfNRNa.exe
  2⤵
  PID:7712
- C:\Windows\System\EkfTUZj.exe
  C:\Windows\System\EkfTUZj.exe
  2⤵
  PID:7728
- C:\Windows\System\uGzMlQO.exe
  C:\Windows\System\uGzMlQO.exe
  2⤵
  PID:7744
- C:\Windows\System\loeDaYl.exe
  C:\Windows\System\loeDaYl.exe
  2⤵
  PID:7760
- C:\Windows\System\GouptpV.exe
  C:\Windows\System\GouptpV.exe
  2⤵
  PID:7776
- C:\Windows\System\vsLIFen.exe
  C:\Windows\System\vsLIFen.exe
  2⤵
  PID:7792
- C:\Windows\System\IRnRZfi.exe
  C:\Windows\System\IRnRZfi.exe
  2⤵
  PID:7808
- C:\Windows\System\WFJyPXM.exe
  C:\Windows\System\WFJyPXM.exe
  2⤵
  PID:7824
- C:\Windows\System\ogQZjpW.exe
  C:\Windows\System\ogQZjpW.exe
  2⤵
  PID:7840
- C:\Windows\System\ninKskl.exe
  C:\Windows\System\ninKskl.exe
  2⤵
  PID:7856
- C:\Windows\System\CvfVrle.exe
  C:\Windows\System\CvfVrle.exe
  2⤵
  PID:7872
- C:\Windows\System\oXQVVFb.exe
  C:\Windows\System\oXQVVFb.exe
  2⤵
  PID:7888
- C:\Windows\System\DaTvBOF.exe
  C:\Windows\System\DaTvBOF.exe
  2⤵
  PID:7904
- C:\Windows\System\iLWJIJm.exe
  C:\Windows\System\iLWJIJm.exe
  2⤵
  PID:7920
- C:\Windows\System\GJArmKI.exe
  C:\Windows\System\GJArmKI.exe
  2⤵
  PID:7936
- C:\Windows\System\LfjUDdr.exe
  C:\Windows\System\LfjUDdr.exe
  2⤵
  PID:7952
- C:\Windows\System\yXPBCDt.exe
  C:\Windows\System\yXPBCDt.exe
  2⤵
  PID:7968
- C:\Windows\System\ZciCteR.exe
  C:\Windows\System\ZciCteR.exe
  2⤵
  PID:7984
- C:\Windows\System\rJhCExS.exe
  C:\Windows\System\rJhCExS.exe
  2⤵
  PID:8000
- C:\Windows\System\zGRDlwE.exe
  C:\Windows\System\zGRDlwE.exe
  2⤵
  PID:8016
- C:\Windows\System\tRLXJHg.exe
  C:\Windows\System\tRLXJHg.exe
  2⤵
  PID:8032
- C:\Windows\System\flePvlm.exe
  C:\Windows\System\flePvlm.exe
  2⤵
  PID:8048
- C:\Windows\System\UeapZZT.exe
  C:\Windows\System\UeapZZT.exe
  2⤵
  PID:8064
- C:\Windows\System\OttmKMx.exe
  C:\Windows\System\OttmKMx.exe
  2⤵
  PID:8080
- C:\Windows\System\fMguezx.exe
  C:\Windows\System\fMguezx.exe
  2⤵
  PID:8100
- C:\Windows\System\xkzzloZ.exe
  C:\Windows\System\xkzzloZ.exe
  2⤵
  PID:8116
- C:\Windows\System\boRcaRS.exe
  C:\Windows\System\boRcaRS.exe
  2⤵
  PID:8132
- C:\Windows\System\dncEEWu.exe
  C:\Windows\System\dncEEWu.exe
  2⤵
  PID:8148
- C:\Windows\System\ZIUNWOQ.exe
  C:\Windows\System\ZIUNWOQ.exe
  2⤵
  PID:8164
- C:\Windows\System\AnvcsRm.exe
  C:\Windows\System\AnvcsRm.exe
  2⤵
  PID:8180
- C:\Windows\System\rzUucrY.exe
  C:\Windows\System\rzUucrY.exe
  2⤵
  PID:7176
- C:\Windows\System\zbpPifE.exe
  C:\Windows\System\zbpPifE.exe
  2⤵
  PID:7236
- C:\Windows\System\EeaBosf.exe
  C:\Windows\System\EeaBosf.exe
  2⤵
  PID:7220
- C:\Windows\System\YZdpyUW.exe
  C:\Windows\System\YZdpyUW.exe
  2⤵
  PID:7192
- C:\Windows\System\mJRavPJ.exe
  C:\Windows\System\mJRavPJ.exe
  2⤵
  PID:7272
- C:\Windows\System\KjaiZTo.exe
  C:\Windows\System\KjaiZTo.exe
  2⤵
  PID:7316
- C:\Windows\System\XNqOuyi.exe
  C:\Windows\System\XNqOuyi.exe
  2⤵
  PID:7288
- C:\Windows\System\lhyLdZc.exe
  C:\Windows\System\lhyLdZc.exe
  2⤵
  PID:7380
- C:\Windows\System\hKqtTap.exe
  C:\Windows\System\hKqtTap.exe
  2⤵
  PID:7428
- C:\Windows\System\SSqKmLQ.exe
  C:\Windows\System\SSqKmLQ.exe
  2⤵
  PID:7412
- C:\Windows\System\scPkSJb.exe
  C:\Windows\System\scPkSJb.exe
  2⤵
  PID:7464
- C:\Windows\System\ILfsstb.exe
  C:\Windows\System\ILfsstb.exe
  2⤵
  PID:7480
- C:\Windows\System\FicfAdD.exe
  C:\Windows\System\FicfAdD.exe
  2⤵
  PID:7532
- C:\Windows\System\PlYYCIs.exe
  C:\Windows\System\PlYYCIs.exe
  2⤵
  PID:7548
- C:\Windows\System\GEkkftb.exe
  C:\Windows\System\GEkkftb.exe
  2⤵
  PID:7596
- C:\Windows\System\cGLCvOZ.exe
  C:\Windows\System\cGLCvOZ.exe
  2⤵
  PID:7608
- C:\Windows\System\HZXXknB.exe
  C:\Windows\System\HZXXknB.exe
  2⤵
  PID:7644
- C:\Windows\System\AOuDGzh.exe
  C:\Windows\System\AOuDGzh.exe
  2⤵
  PID:7688
- C:\Windows\System\wzCTHiV.exe
  C:\Windows\System\wzCTHiV.exe
  2⤵
  PID:7692
- C:\Windows\System\abplyIT.exe
  C:\Windows\System\abplyIT.exe
  2⤵
  PID:7736
- C:\Windows\System\uwCEyNH.exe
  C:\Windows\System\uwCEyNH.exe
  2⤵
  PID:7768
- C:\Windows\System\rVrksUo.exe
  C:\Windows\System\rVrksUo.exe
  2⤵
  PID:7772
- C:\Windows\System\vrzJtiR.exe
  C:\Windows\System\vrzJtiR.exe
  2⤵
  PID:7836
- C:\Windows\System\KLbqaho.exe
  C:\Windows\System\KLbqaho.exe
  2⤵
  PID:7916
- C:\Windows\System\FvfXrxU.exe
  C:\Windows\System\FvfXrxU.exe
  2⤵
  PID:7944
- C:\Windows\System\FjBSJEY.exe
  C:\Windows\System\FjBSJEY.exe
  2⤵
  PID:7932
- C:\Windows\System\avahgGC.exe
  C:\Windows\System\avahgGC.exe
  2⤵
  PID:8008
- C:\Windows\System\DpLfYeW.exe
  C:\Windows\System\DpLfYeW.exe
  2⤵
  PID:7996
- C:\Windows\System\sVtnSDo.exe
  C:\Windows\System\sVtnSDo.exe
  2⤵
  PID:8028
- C:\Windows\System\uiAeYLK.exe
  C:\Windows\System\uiAeYLK.exe
  2⤵
  PID:8108
- C:\Windows\System\wrYSJGR.exe
  C:\Windows\System\wrYSJGR.exe
  2⤵
  PID:8144
- C:\Windows\System\ZaXasPv.exe
  C:\Windows\System\ZaXasPv.exe
  2⤵
  PID:8096
- C:\Windows\System\FISftUM.exe
  C:\Windows\System\FISftUM.exe
  2⤵
  PID:8160
- C:\Windows\System\jhjUVoc.exe
  C:\Windows\System\jhjUVoc.exe
  2⤵
  PID:7268
- C:\Windows\System\VIOKugG.exe
  C:\Windows\System\VIOKugG.exe
  2⤵
  PID:6532
- C:\Windows\System\xTyKKNe.exe
  C:\Windows\System\xTyKKNe.exe
  2⤵
  PID:7396
- C:\Windows\System\JBHstKK.exe
  C:\Windows\System\JBHstKK.exe
  2⤵
  PID:7332
- C:\Windows\System\jwXauJv.exe
  C:\Windows\System\jwXauJv.exe
  2⤵
  PID:7400
- C:\Windows\System\UBIdVnx.exe
  C:\Windows\System\UBIdVnx.exe
  2⤵
  PID:7448
- C:\Windows\System\ALDKFxK.exe
  C:\Windows\System\ALDKFxK.exe
  2⤵
  PID:7460
- C:\Windows\System\UmcZlyW.exe
  C:\Windows\System\UmcZlyW.exe
  2⤵
  PID:7528
- C:\Windows\System\UJNPmdm.exe
  C:\Windows\System\UJNPmdm.exe
  2⤵
  PID:7592
- C:\Windows\System\ZKuwQkA.exe
  C:\Windows\System\ZKuwQkA.exe
  2⤵
  PID:7740
- C:\Windows\System\SXpgdiK.exe
  C:\Windows\System\SXpgdiK.exe
  2⤵
  PID:7832
- C:\Windows\System\otACTYK.exe
  C:\Windows\System\otACTYK.exe
  2⤵
  PID:7804
- C:\Windows\System\zZmSOsR.exe
  C:\Windows\System\zZmSOsR.exe
  2⤵
  PID:7900
- C:\Windows\System\edlLEIQ.exe
  C:\Windows\System\edlLEIQ.exe
  2⤵
  PID:7980
- C:\Windows\System\bpAvhEf.exe
  C:\Windows\System\bpAvhEf.exe
  2⤵
  PID:8024
- C:\Windows\System\ddzticD.exe
  C:\Windows\System\ddzticD.exe
  2⤵
  PID:8056
- C:\Windows\System\YMofBIR.exe
  C:\Windows\System\YMofBIR.exe
  2⤵
  PID:6516
- C:\Windows\System\BALXBWl.exe
  C:\Windows\System\BALXBWl.exe
  2⤵
  PID:7416
- C:\Windows\System\AaolLmB.exe
  C:\Windows\System\AaolLmB.exe
  2⤵
  PID:7252
- C:\Windows\System\WqdMFbI.exe
  C:\Windows\System\WqdMFbI.exe
  2⤵
  PID:7496
- C:\Windows\System\SRAghVe.exe
  C:\Windows\System\SRAghVe.exe
  2⤵
  PID:7752
- C:\Windows\System\uaNuTyu.exe
  C:\Windows\System\uaNuTyu.exe
  2⤵
  PID:7820
- C:\Windows\System\EMbsSsc.exe
  C:\Windows\System\EMbsSsc.exe
  2⤵
  PID:8040
- C:\Windows\System\WSkzIXI.exe
  C:\Windows\System\WSkzIXI.exe
  2⤵
  PID:7912
- C:\Windows\System\TgZhvRx.exe
  C:\Windows\System\TgZhvRx.exe
  2⤵
  PID:7284
- C:\Windows\System\uhkITeI.exe
  C:\Windows\System\uhkITeI.exe
  2⤵
  PID:1988
- C:\Windows\System\NDWOhGF.exe
  C:\Windows\System\NDWOhGF.exe
  2⤵
  PID:2368
- C:\Windows\System\nERHqCm.exe
  C:\Windows\System\nERHqCm.exe
  2⤵
  PID:7384
- C:\Windows\System\eSkhqOJ.exe
  C:\Windows\System\eSkhqOJ.exe
  2⤵
  PID:7852
- C:\Windows\System\ZIDhIly.exe
  C:\Windows\System\ZIDhIly.exe
  2⤵
  PID:7304
- C:\Windows\System\dIdZDTw.exe
  C:\Windows\System\dIdZDTw.exe
  2⤵
  PID:2392
- C:\Windows\System\PytarHm.exe
  C:\Windows\System\PytarHm.exe
  2⤵
  PID:1648
- C:\Windows\System\EIaJbTc.exe
  C:\Windows\System\EIaJbTc.exe
  2⤵
  PID:2340
- C:\Windows\System\RsZDdHA.exe
  C:\Windows\System\RsZDdHA.exe
  2⤵
  PID:7348
- C:\Windows\System\ylmPKCc.exe
  C:\Windows\System\ylmPKCc.exe
  2⤵
  PID:8200
- C:\Windows\System\ZoGkcCu.exe
  C:\Windows\System\ZoGkcCu.exe
  2⤵
  PID:8216
- C:\Windows\System\ZDxwKOp.exe
  C:\Windows\System\ZDxwKOp.exe
  2⤵
  PID:8232
- C:\Windows\System\zouOdAp.exe
  C:\Windows\System\zouOdAp.exe
  2⤵
  PID:8248
- C:\Windows\System\kKVhkrb.exe
  C:\Windows\System\kKVhkrb.exe
  2⤵
  PID:8264
- C:\Windows\System\erAMRaM.exe
  C:\Windows\System\erAMRaM.exe
  2⤵
  PID:8280
- C:\Windows\System\IdjNCiY.exe
  C:\Windows\System\IdjNCiY.exe
  2⤵
  PID:8296
- C:\Windows\System\XOaGFyF.exe
  C:\Windows\System\XOaGFyF.exe
  2⤵
  PID:8312
- C:\Windows\System\COUyCvd.exe
  C:\Windows\System\COUyCvd.exe
  2⤵
  PID:8328
- C:\Windows\System\COwcHin.exe
  C:\Windows\System\COwcHin.exe
  2⤵
  PID:8344
- C:\Windows\System\VyBePcu.exe
  C:\Windows\System\VyBePcu.exe
  2⤵
  PID:8360
- C:\Windows\System\qDauvHQ.exe
  C:\Windows\System\qDauvHQ.exe
  2⤵
  PID:8376
- C:\Windows\System\ykujGqL.exe
  C:\Windows\System\ykujGqL.exe
  2⤵
  PID:8392
- C:\Windows\System\FoKKUkZ.exe
  C:\Windows\System\FoKKUkZ.exe
  2⤵
  PID:8408
- C:\Windows\System\CJFODxS.exe
  C:\Windows\System\CJFODxS.exe
  2⤵
  PID:8424
- C:\Windows\System\SAhnfpd.exe
  C:\Windows\System\SAhnfpd.exe
  2⤵
  PID:8440
- C:\Windows\System\CvkamOO.exe
  C:\Windows\System\CvkamOO.exe
  2⤵
  PID:8456
- C:\Windows\System\hFmtILq.exe
  C:\Windows\System\hFmtILq.exe
  2⤵
  PID:8472
- C:\Windows\System\YdbtKHE.exe
  C:\Windows\System\YdbtKHE.exe
  2⤵
  PID:8488
- C:\Windows\System\HVUcqPX.exe
  C:\Windows\System\HVUcqPX.exe
  2⤵
  PID:8504
- C:\Windows\System\VXSLLDu.exe
  C:\Windows\System\VXSLLDu.exe
  2⤵
  PID:8520
- C:\Windows\System\QMntdRP.exe
  C:\Windows\System\QMntdRP.exe
  2⤵
  PID:8536
- C:\Windows\System\qhhrbvN.exe
  C:\Windows\System\qhhrbvN.exe
  2⤵
  PID:8552
- C:\Windows\System\xFIzjzA.exe
  C:\Windows\System\xFIzjzA.exe
  2⤵
  PID:8568
- C:\Windows\System\ybxHQfy.exe
  C:\Windows\System\ybxHQfy.exe
  2⤵
  PID:8584
- C:\Windows\System\bHXOOvY.exe
  C:\Windows\System\bHXOOvY.exe
  2⤵
  PID:8600
- C:\Windows\System\aTwxCMq.exe
  C:\Windows\System\aTwxCMq.exe
  2⤵
  PID:8616
- C:\Windows\System\APslEqR.exe
  C:\Windows\System\APslEqR.exe
  2⤵
  PID:8632
- C:\Windows\System\WvSxPqH.exe
  C:\Windows\System\WvSxPqH.exe
  2⤵
  PID:8648
- C:\Windows\System\IZatYoy.exe
  C:\Windows\System\IZatYoy.exe
  2⤵
  PID:8664
- C:\Windows\System\aTnzYvY.exe
  C:\Windows\System\aTnzYvY.exe
  2⤵
  PID:8684
- C:\Windows\System\JMkteYf.exe
  C:\Windows\System\JMkteYf.exe
  2⤵
  PID:8700
- C:\Windows\System\lXxAwFr.exe
  C:\Windows\System\lXxAwFr.exe
  2⤵
  PID:8716
- C:\Windows\System\JiJcWaV.exe
  C:\Windows\System\JiJcWaV.exe
  2⤵
  PID:8732
- C:\Windows\System\MVHMZem.exe
  C:\Windows\System\MVHMZem.exe
  2⤵
  PID:8748
- C:\Windows\System\mlHiDTI.exe
  C:\Windows\System\mlHiDTI.exe
  2⤵
  PID:8764
- C:\Windows\System\uVwUvqw.exe
  C:\Windows\System\uVwUvqw.exe
  2⤵
  PID:8780
- C:\Windows\System\bljLlAs.exe
  C:\Windows\System\bljLlAs.exe
  2⤵
  PID:8796
- C:\Windows\System\bUHovJr.exe
  C:\Windows\System\bUHovJr.exe
  2⤵
  PID:8812
- C:\Windows\System\FBbCFaE.exe
  C:\Windows\System\FBbCFaE.exe
  2⤵
  PID:8828
- C:\Windows\System\DJKDqsQ.exe
  C:\Windows\System\DJKDqsQ.exe
  2⤵
  PID:8844
- C:\Windows\System\rqnoIYV.exe
  C:\Windows\System\rqnoIYV.exe
  2⤵
  PID:8860
- C:\Windows\System\gRSyjwM.exe
  C:\Windows\System\gRSyjwM.exe
  2⤵
  PID:8876
- C:\Windows\System\xwokRnm.exe
  C:\Windows\System\xwokRnm.exe
  2⤵
  PID:8892
- C:\Windows\System\RXIKFYy.exe
  C:\Windows\System\RXIKFYy.exe
  2⤵
  PID:8908
- C:\Windows\System\vSGmeBX.exe
  C:\Windows\System\vSGmeBX.exe
  2⤵
  PID:8924
- C:\Windows\System\Ahanmuh.exe
  C:\Windows\System\Ahanmuh.exe
  2⤵
  PID:8940
- C:\Windows\System\VXCdRct.exe
  C:\Windows\System\VXCdRct.exe
  2⤵
  PID:8956
- C:\Windows\System\QeARxiu.exe
  C:\Windows\System\QeARxiu.exe
  2⤵
  PID:8972
- C:\Windows\System\BXyPcyJ.exe
  C:\Windows\System\BXyPcyJ.exe
  2⤵
  PID:8988
- C:\Windows\System\sKipMdJ.exe
  C:\Windows\System\sKipMdJ.exe
  2⤵
  PID:9004
- C:\Windows\System\wukGIuU.exe
  C:\Windows\System\wukGIuU.exe
  2⤵
  PID:9020
- C:\Windows\System\pagNaBx.exe
  C:\Windows\System\pagNaBx.exe
  2⤵
  PID:9036
- C:\Windows\System\WUCkkhW.exe
  C:\Windows\System\WUCkkhW.exe
  2⤵
  PID:9052
- C:\Windows\System\FKKJBwI.exe
  C:\Windows\System\FKKJBwI.exe
  2⤵
  PID:9068
- C:\Windows\System\HArhAtU.exe
  C:\Windows\System\HArhAtU.exe
  2⤵
  PID:9084
- C:\Windows\System\ngMYNLK.exe
  C:\Windows\System\ngMYNLK.exe
  2⤵
  PID:9100
- C:\Windows\System\gvmKgVK.exe
  C:\Windows\System\gvmKgVK.exe
  2⤵
  PID:9116
- C:\Windows\System\iaARcLp.exe
  C:\Windows\System\iaARcLp.exe
  2⤵
  PID:9132
- C:\Windows\System\GorOdVE.exe
  C:\Windows\System\GorOdVE.exe
  2⤵
  PID:9148
- C:\Windows\System\pkJycHy.exe
  C:\Windows\System\pkJycHy.exe
  2⤵
  PID:9164
- C:\Windows\System\dyUxXzN.exe
  C:\Windows\System\dyUxXzN.exe
  2⤵
  PID:9180
- C:\Windows\System\NYpFOJo.exe
  C:\Windows\System\NYpFOJo.exe
  2⤵
  PID:9196
- C:\Windows\System\VXiciqu.exe
  C:\Windows\System\VXiciqu.exe
  2⤵
  PID:9212
- C:\Windows\System\ayjlTQH.exe
  C:\Windows\System\ayjlTQH.exe
  2⤵
  PID:8196
- C:\Windows\System\tdAzPHD.exe
  C:\Windows\System\tdAzPHD.exe
  2⤵
  PID:8208
- C:\Windows\System\bSbhPsO.exe
  C:\Windows\System\bSbhPsO.exe
  2⤵
  PID:8256
- C:\Windows\System\LqsXeDU.exe
  C:\Windows\System\LqsXeDU.exe
  2⤵
  PID:8324
- C:\Windows\System\YKdwdjd.exe
  C:\Windows\System\YKdwdjd.exe
  2⤵
  PID:8244
- C:\Windows\System\JHpqOuQ.exe
  C:\Windows\System\JHpqOuQ.exe
  2⤵
  PID:8304
- C:\Windows\System\blFFIOC.exe
  C:\Windows\System\blFFIOC.exe
  2⤵
  PID:8352
- C:\Windows\System\TaBsIyH.exe
  C:\Windows\System\TaBsIyH.exe
  2⤵
  PID:8420
- C:\Windows\System\qoJDvhv.exe
  C:\Windows\System\qoJDvhv.exe
  2⤵
  PID:8484
- C:\Windows\System\LmZWkxh.exe
  C:\Windows\System\LmZWkxh.exe
  2⤵
  PID:8404
- C:\Windows\System\wQagYPt.exe
  C:\Windows\System\wQagYPt.exe
  2⤵
  PID:8468
- C:\Windows\System\ZaiaFPL.exe
  C:\Windows\System\ZaiaFPL.exe
  2⤵
  PID:8516
- C:\Windows\System\wJiQGvw.exe
  C:\Windows\System\wJiQGvw.exe
  2⤵
  PID:8548
- C:\Windows\System\mUkRktF.exe
  C:\Windows\System\mUkRktF.exe
  2⤵
  PID:8576
- C:\Windows\System\ZnGvGxa.exe
  C:\Windows\System\ZnGvGxa.exe
  2⤵
  PID:8640
- C:\Windows\System\mdAtbvu.exe
  C:\Windows\System\mdAtbvu.exe
  2⤵
  PID:8628
- C:\Windows\System\EjamjIx.exe
  C:\Windows\System\EjamjIx.exe
  2⤵
  PID:8696
- C:\Windows\System\MCEGRAk.exe
  C:\Windows\System\MCEGRAk.exe
  2⤵
  PID:8724
- C:\Windows\System\XPbkLFq.exe
  C:\Windows\System\XPbkLFq.exe
  2⤵
  PID:8760
- C:\Windows\System\njmIJvI.exe
  C:\Windows\System\njmIJvI.exe
  2⤵
  PID:8744
- C:\Windows\System\pXGFLHG.exe
  C:\Windows\System\pXGFLHG.exe
  2⤵
  PID:8804
- C:\Windows\System\lPWSfcA.exe
  C:\Windows\System\lPWSfcA.exe
  2⤵
  PID:8824
- C:\Windows\System\vcTZaLF.exe
  C:\Windows\System\vcTZaLF.exe
  2⤵
  PID:8856
- C:\Windows\System\bQsbqXe.exe
  C:\Windows\System\bQsbqXe.exe
  2⤵
  PID:8872
- C:\Windows\System\znKtJAw.exe
  C:\Windows\System\znKtJAw.exe
  2⤵
  PID:8868
- C:\Windows\System\CBelnoY.exe
  C:\Windows\System\CBelnoY.exe
  2⤵
  PID:8964
- C:\Windows\System\JKXFIQy.exe
  C:\Windows\System\JKXFIQy.exe
  2⤵
  PID:8996
- C:\Windows\System\BTVJSLs.exe
  C:\Windows\System\BTVJSLs.exe
  2⤵
  PID:9000
- C:\Windows\System\njmsVWS.exe
  C:\Windows\System\njmsVWS.exe
  2⤵
  PID:9012
- C:\Windows\System\ZYOVvAS.exe
  C:\Windows\System\ZYOVvAS.exe
  2⤵
  PID:9060
- C:\Windows\System\wmcamkL.exe
  C:\Windows\System\wmcamkL.exe
  2⤵
  PID:9112
- C:\Windows\System\ILJgvTW.exe
  C:\Windows\System\ILJgvTW.exe
  2⤵
  PID:9140
- C:\Windows\System\OpnNysZ.exe
  C:\Windows\System\OpnNysZ.exe
  2⤵
  PID:9128
- C:\Windows\System\BMAuycj.exe
  C:\Windows\System\BMAuycj.exe
  2⤵
  PID:5572
- C:\Windows\System\SoLgkyS.exe
  C:\Windows\System\SoLgkyS.exe
  2⤵
  PID:9160
- C:\Windows\System\bVTPypu.exe
  C:\Windows\System\bVTPypu.exe
  2⤵
  PID:7640
- C:\Windows\System\vPnDzol.exe
  C:\Windows\System\vPnDzol.exe
  2⤵
  PID:8288
- C:\Windows\System\DhigZBf.exe
  C:\Windows\System\DhigZBf.exe
  2⤵
  PID:8340
- C:\Windows\System\dfCmaCX.exe
  C:\Windows\System\dfCmaCX.exe
  2⤵
  PID:8464
- C:\Windows\System\CeTXWVt.exe
  C:\Windows\System\CeTXWVt.exe
  2⤵
  PID:8416
- C:\Windows\System\XdqeIuf.exe
  C:\Windows\System\XdqeIuf.exe
  2⤵
  PID:8544
- C:\Windows\System\esnfYin.exe
  C:\Windows\System\esnfYin.exe
  2⤵
  PID:8564
- C:\Windows\System\XXSIliv.exe
  C:\Windows\System\XXSIliv.exe
  2⤵
  PID:8660
- C:\Windows\System\NnAiAwr.exe
  C:\Windows\System\NnAiAwr.exe
  2⤵
  PID:8772
- C:\Windows\System\fIJyiCV.exe
  C:\Windows\System\fIJyiCV.exe
  2⤵
  PID:8792
- C:\Windows\System\WVoyuJk.exe
  C:\Windows\System\WVoyuJk.exe
  2⤵
  PID:2880
- C:\Windows\System\JRlEshp.exe
  C:\Windows\System\JRlEshp.exe
  2⤵
  PID:8952
- C:\Windows\System\EfMghmL.exe
  C:\Windows\System\EfMghmL.exe
  2⤵
  PID:8888
- C:\Windows\System\LDElbBk.exe
  C:\Windows\System\LDElbBk.exe
  2⤵
  PID:9028
- C:\Windows\System\gDsKuzp.exe
  C:\Windows\System\gDsKuzp.exe
  2⤵
  PID:9064
- C:\Windows\System\cEXkvdB.exe
  C:\Windows\System\cEXkvdB.exe
  2⤵
  PID:8984
- C:\Windows\System\GJRSaFl.exe
  C:\Windows\System\GJRSaFl.exe
  2⤵
  PID:9108
- C:\Windows\System\vMTzBMJ.exe
  C:\Windows\System\vMTzBMJ.exe
  2⤵
  PID:5520
- C:\Windows\System\MMCMMfd.exe
  C:\Windows\System\MMCMMfd.exe
  2⤵
  PID:8276
- C:\Windows\System\CBYFSZN.exe
  C:\Windows\System\CBYFSZN.exe
  2⤵
  PID:8436
- C:\Windows\System\qdxpNzJ.exe
  C:\Windows\System\qdxpNzJ.exe
  2⤵
  PID:8500
- C:\Windows\System\DTkjKLt.exe
  C:\Windows\System\DTkjKLt.exe
  2⤵
  PID:7208
- C:\Windows\System\YrAJVBJ.exe
  C:\Windows\System\YrAJVBJ.exe
  2⤵
  PID:8756
- C:\Windows\System\PMvLeSy.exe
  C:\Windows\System\PMvLeSy.exe
  2⤵
  PID:8712
- C:\Windows\System\icIovLh.exe
  C:\Windows\System\icIovLh.exe
  2⤵
  PID:8936
- C:\Windows\System\ywFQzkq.exe
  C:\Windows\System\ywFQzkq.exe
  2⤵
  PID:9208
- C:\Windows\System\lrPyqfe.exe
  C:\Windows\System\lrPyqfe.exe
  2⤵
  PID:9048
- C:\Windows\System\dFwwLce.exe
  C:\Windows\System\dFwwLce.exe
  2⤵
  PID:9144
- C:\Windows\System\aIfMzRA.exe
  C:\Windows\System\aIfMzRA.exe
  2⤵
  PID:8400
- C:\Windows\System\phWJbxU.exe
  C:\Windows\System\phWJbxU.exe
  2⤵
  PID:8612
- C:\Windows\System\tTzfAOm.exe
  C:\Windows\System\tTzfAOm.exe
  2⤵
  PID:8840
- C:\Windows\System\KpYhluY.exe
  C:\Windows\System\KpYhluY.exe
  2⤵
  PID:8968
- C:\Windows\System\rzCFRft.exe
  C:\Windows\System\rzCFRft.exe
  2⤵
  PID:8708
- C:\Windows\System\zmCfkUd.exe
  C:\Windows\System\zmCfkUd.exe
  2⤵
  PID:9224
- C:\Windows\System\zUyrRZi.exe
  C:\Windows\System\zUyrRZi.exe
  2⤵
  PID:9240
- C:\Windows\System\JgtdsNY.exe
  C:\Windows\System\JgtdsNY.exe
  2⤵
  PID:9256
- C:\Windows\System\uAbUfey.exe
  C:\Windows\System\uAbUfey.exe
  2⤵
  PID:9272
- C:\Windows\System\lnAfpbf.exe
  C:\Windows\System\lnAfpbf.exe
  2⤵
  PID:9288
- C:\Windows\System\MBPVfaT.exe
  C:\Windows\System\MBPVfaT.exe
  2⤵
  PID:9304
- C:\Windows\System\TFVjFea.exe
  C:\Windows\System\TFVjFea.exe
  2⤵
  PID:9320
- C:\Windows\System\ZsKZdVW.exe
  C:\Windows\System\ZsKZdVW.exe
  2⤵
  PID:9336
- C:\Windows\System\lCgWVRd.exe
  C:\Windows\System\lCgWVRd.exe
  2⤵
  PID:9352
- C:\Windows\System\keOWZer.exe
  C:\Windows\System\keOWZer.exe
  2⤵
  PID:9368
- C:\Windows\System\spMoIvZ.exe
  C:\Windows\System\spMoIvZ.exe
  2⤵
  PID:9384
- C:\Windows\System\cZxSvtc.exe
  C:\Windows\System\cZxSvtc.exe
  2⤵
  PID:9400
- C:\Windows\System\AmLJbVe.exe
  C:\Windows\System\AmLJbVe.exe
  2⤵
  PID:9416
- C:\Windows\System\rCfTbKi.exe
  C:\Windows\System\rCfTbKi.exe
  2⤵
  PID:9432
- C:\Windows\System\QuSbVPJ.exe
  C:\Windows\System\QuSbVPJ.exe
  2⤵
  PID:9448
- C:\Windows\System\LlZBvwJ.exe
  C:\Windows\System\LlZBvwJ.exe
  2⤵
  PID:9464
- C:\Windows\System\wXHbQJZ.exe
  C:\Windows\System\wXHbQJZ.exe
  2⤵
  PID:9480
- C:\Windows\System\ELkBxQN.exe
  C:\Windows\System\ELkBxQN.exe
  2⤵
  PID:9500
- C:\Windows\System\ltuXcUA.exe
  C:\Windows\System\ltuXcUA.exe
  2⤵
  PID:9516
- C:\Windows\System\ziMqhPW.exe
  C:\Windows\System\ziMqhPW.exe
  2⤵
  PID:9532
- C:\Windows\System\WMjWxws.exe
  C:\Windows\System\WMjWxws.exe
  2⤵
  PID:9548
- C:\Windows\System\QKLZWHD.exe
  C:\Windows\System\QKLZWHD.exe
  2⤵
  PID:9564
- C:\Windows\System\ZryVuLo.exe
  C:\Windows\System\ZryVuLo.exe
  2⤵
  PID:9580
- C:\Windows\System\iuKJFCP.exe
  C:\Windows\System\iuKJFCP.exe
  2⤵
  PID:9596
- C:\Windows\System\UreECIE.exe
  C:\Windows\System\UreECIE.exe
  2⤵
  PID:9612
- C:\Windows\System\IYkMycn.exe
  C:\Windows\System\IYkMycn.exe
  2⤵
  PID:9628
- C:\Windows\System\rkiqLiR.exe
  C:\Windows\System\rkiqLiR.exe
  2⤵
  PID:9644
- C:\Windows\System\oCpxkhR.exe
  C:\Windows\System\oCpxkhR.exe
  2⤵
  PID:9660
- C:\Windows\System\axowVvw.exe
  C:\Windows\System\axowVvw.exe
  2⤵
  PID:9676
- C:\Windows\System\ZpPDMLM.exe
  C:\Windows\System\ZpPDMLM.exe
  2⤵
  PID:9692
- C:\Windows\System\HxdrMaD.exe
  C:\Windows\System\HxdrMaD.exe
  2⤵
  PID:9708
- C:\Windows\System\pchthpT.exe
  C:\Windows\System\pchthpT.exe
  2⤵
  PID:9724
- C:\Windows\System\xBPSNNx.exe
  C:\Windows\System\xBPSNNx.exe
  2⤵
  PID:9740
- C:\Windows\System\JnckpPC.exe
  C:\Windows\System\JnckpPC.exe
  2⤵
  PID:9756
- C:\Windows\System\YaOVDtW.exe
  C:\Windows\System\YaOVDtW.exe
  2⤵
  PID:9772
- C:\Windows\System\upfvvbT.exe
  C:\Windows\System\upfvvbT.exe
  2⤵
  PID:9788
- C:\Windows\System\EfNKijU.exe
  C:\Windows\System\EfNKijU.exe
  2⤵
  PID:9804
- C:\Windows\System\kRTOCFd.exe
  C:\Windows\System\kRTOCFd.exe
  2⤵
  PID:9820
- C:\Windows\System\oyCZCBE.exe
  C:\Windows\System\oyCZCBE.exe
  2⤵
  PID:9840
- C:\Windows\System\BdNMFOg.exe
  C:\Windows\System\BdNMFOg.exe
  2⤵
  PID:9856
- C:\Windows\System\IdvaqFr.exe
  C:\Windows\System\IdvaqFr.exe
  2⤵
  PID:9872
- C:\Windows\System\EKZcLGe.exe
  C:\Windows\System\EKZcLGe.exe
  2⤵
  PID:9892
- C:\Windows\System\iJeRNZU.exe
  C:\Windows\System\iJeRNZU.exe
  2⤵
  PID:9908
- C:\Windows\System\KJlfNkC.exe
  C:\Windows\System\KJlfNkC.exe
  2⤵
  PID:9924
- C:\Windows\System\VzHzeMH.exe
  C:\Windows\System\VzHzeMH.exe
  2⤵
  PID:9940
- C:\Windows\System\vzPSxGI.exe
  C:\Windows\System\vzPSxGI.exe
  2⤵
  PID:9956
- C:\Windows\System\ywLpzpO.exe
  C:\Windows\System\ywLpzpO.exe
  2⤵
  PID:9972
- C:\Windows\System\olWjvAl.exe
  C:\Windows\System\olWjvAl.exe
  2⤵
  PID:9988
- C:\Windows\System\lJnKxtI.exe
  C:\Windows\System\lJnKxtI.exe
  2⤵
  PID:10004
- C:\Windows\System\EpqfcMN.exe
  C:\Windows\System\EpqfcMN.exe
  2⤵
  PID:10024
- C:\Windows\System\EWkFQYu.exe
  C:\Windows\System\EWkFQYu.exe
  2⤵
  PID:10040
- C:\Windows\System\XTarqhk.exe
  C:\Windows\System\XTarqhk.exe
  2⤵
  PID:10056
- C:\Windows\System\ZHIWPQh.exe
  C:\Windows\System\ZHIWPQh.exe
  2⤵
  PID:10072
- C:\Windows\System\tRjyQjM.exe
  C:\Windows\System\tRjyQjM.exe
  2⤵
  PID:9748
- C:\Windows\System\boVrpWw.exe
  C:\Windows\System\boVrpWw.exe
  2⤵
  PID:9920
- C:\Windows\System\vPnmULd.exe
  C:\Windows\System\vPnmULd.exe
  2⤵
  PID:10068
- C:\Windows\System\vYyacfu.exe
  C:\Windows\System\vYyacfu.exe
  2⤵
  PID:10096
- C:\Windows\System\DyBSlCD.exe
  C:\Windows\System\DyBSlCD.exe
  2⤵
  PID:10144
- C:\Windows\System\OxJpSBU.exe
  C:\Windows\System\OxJpSBU.exe
  2⤵
  PID:10184
- C:\Windows\System\yePyIsJ.exe
  C:\Windows\System\yePyIsJ.exe
  2⤵
  PID:10416
- C:\Windows\System\NOtwzet.exe
  C:\Windows\System\NOtwzet.exe
  2⤵
  PID:10432
- C:\Windows\System\FEYzrGF.exe
  C:\Windows\System\FEYzrGF.exe
  2⤵
  PID:10448
- C:\Windows\System\orAvagQ.exe
  C:\Windows\System\orAvagQ.exe
  2⤵
  PID:10468
- C:\Windows\System\zYObKJG.exe
  C:\Windows\System\zYObKJG.exe
  2⤵
  PID:10484
- C:\Windows\System\zZQCdbJ.exe
  C:\Windows\System\zZQCdbJ.exe
  2⤵
  PID:10500
- C:\Windows\System\DONeDUs.exe
  C:\Windows\System\DONeDUs.exe
  2⤵
  PID:10516
- C:\Windows\System\wOZuWJA.exe
  C:\Windows\System\wOZuWJA.exe
  2⤵
  PID:10532
- C:\Windows\System\OMwLmWz.exe
  C:\Windows\System\OMwLmWz.exe
  2⤵
  PID:10548
- C:\Windows\System\tHnFTQg.exe
  C:\Windows\System\tHnFTQg.exe
  2⤵
  PID:10564
- C:\Windows\System\cvjhwcw.exe
  C:\Windows\System\cvjhwcw.exe
  2⤵
  PID:10580
- C:\Windows\System\TrkeDoP.exe
  C:\Windows\System\TrkeDoP.exe
  2⤵
  PID:10596
- C:\Windows\System\lOwKXgY.exe
  C:\Windows\System\lOwKXgY.exe
  2⤵
  PID:10612
- C:\Windows\System\fLLhlGs.exe
  C:\Windows\System\fLLhlGs.exe
  2⤵
  PID:10628
- C:\Windows\System\RqCepie.exe
  C:\Windows\System\RqCepie.exe
  2⤵
  PID:10644
- C:\Windows\System\nTDlULY.exe
  C:\Windows\System\nTDlULY.exe
  2⤵
  PID:10660
- C:\Windows\System\YSimHaI.exe
  C:\Windows\System\YSimHaI.exe
  2⤵
  PID:10680
- C:\Windows\System\OCrmjiw.exe
  C:\Windows\System\OCrmjiw.exe
  2⤵
  PID:10700
- C:\Windows\System\GuWukRe.exe
  C:\Windows\System\GuWukRe.exe
  2⤵
  PID:10716
- C:\Windows\System\LnzEmYF.exe
  C:\Windows\System\LnzEmYF.exe
  2⤵
  PID:10732
- C:\Windows\System\HapWyWw.exe
  C:\Windows\System\HapWyWw.exe
  2⤵
  PID:10748
- C:\Windows\System\AWyukIM.exe
  C:\Windows\System\AWyukIM.exe
  2⤵
  PID:10768
- C:\Windows\System\pBxanfU.exe
  C:\Windows\System\pBxanfU.exe
  2⤵
  PID:10788
- C:\Windows\System\TLGGHAv.exe
  C:\Windows\System\TLGGHAv.exe
  2⤵
  PID:10804
- C:\Windows\System\qRLvkff.exe
  C:\Windows\System\qRLvkff.exe
  2⤵
  PID:10824
- C:\Windows\System\PvemeVU.exe
  C:\Windows\System\PvemeVU.exe
  2⤵
  PID:10840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AsSlaJe.exe

Filesize
6.0MB

MD5
90da0e7a36eca962caf247f77d7c3857

SHA1
83a7b4b7a8838e266cbe698a01b27c90a2804c3c

SHA256
ed93f5a841d086b1784d97a026527ee743281f73b66c607733a21a49323c3455

SHA512
201e27a234235a1acc1e26b95270f1f8aae45d1ddbb8ff4d32d89a6aa5a83e9a0d0da44333944dbdbeb05938e006650c39b3ec3de7fb4c77e78ae55487d0ba1a

Download Submit
C:\Windows\system\BiAmEhx.exe

Filesize
6.0MB

MD5
69f014276e91fb99beb627c7af99cf65

SHA1
ded5f95f37f587a15625113682271b698477b038

SHA256
802f9c7e8ce5a0f73293377b28071a071ef181b839cac3a99f11b570460fd469

SHA512
5f35b78cfca83bfb4f796314762ef66e7688ff6ee854df4fc229e8760224ce2ef070ea52247feb71c9b15155f7dc738acb14034ac67102cba0b348a83c400eb7

Download Submit
C:\Windows\system\CRAuwwj.exe

Filesize
6.0MB

MD5
da9b8125fa0d617807e9e848445787bd

SHA1
9f7897429e70f4bcdc63982f295bbcac7be6f8b0

SHA256
54a33ca9fdbe415cf69a9e129d8c843f5ed65ff1f3a098059b3850ebe8330001

SHA512
58226ca7fb5f061470b7cb70d90c5c3c649d09fe469b73a3dd27ef15c0e2f52d02ac1c67b26a768b1ac78d835241a44f6643204048f6e3a0fb6894b8b86c4e14

Download Submit
C:\Windows\system\FOmMLHW.exe

Filesize
6.0MB

MD5
d1df8d1214596f412fdeb7cfa67642a0

SHA1
4ce0417e1c8c9aee102240352222a497b2547005

SHA256
0bc42dba60a8e3f2815bcf8a8dcb258cc2e4470b4ce5426af8fb5b89d46b0d96

SHA512
80aa33689eaa75faa9f061edac2afc55dbdd0b747e64d0608c53a0c0aa4b3b8262d0cb76e15d568cf7f73f972c4253659525ea2b44afbbfa82a17736738ff8d0

Download Submit
C:\Windows\system\MLhspEs.exe

Filesize
6.0MB

MD5
345cd8c5d65ba0bf102d9762f9d8b838

SHA1
b1d86e08826fc319d88dcd26bcb40d8c5ecc4619

SHA256
8a656f2891a4e2ef51389e9c3937a715cfbcc7d45704660a786b59d6886b2cf5

SHA512
d8622f26c67992f5b9ab17b5addca0b1e40865b24306c6c6137d8028f72509289eb60dc2d517fed820f4ab282dbf3197550391f03e4630011b44560f061f62a5

Download Submit
C:\Windows\system\NObMqit.exe

Filesize
6.0MB

MD5
b75b45efca5eb56aa1096cc64b664d9b

SHA1
4c6a9330a4b7893f9bd89bdb3ce10a53751ec195

SHA256
015243e60290e03dfca96cd7c555770a40eb8c5bfe0f2ac45b4224f4cc6e3d3a

SHA512
d72aecbed2ff8223ba5b53ee78024732353fdedbcd496b24972ede6c5f749cbef2caf960fe63c512d7a7e83ebe4350fb8d50ab66c8e77b56d411e03866a7c121

Download Submit
C:\Windows\system\PFYUyLI.exe

Filesize
6.0MB

MD5
40a2c1d292397839a7baad6f9aa1d13e

SHA1
a715f25e23ccca233145549346905c7e12e79b47

SHA256
f5990e2b7a5e367248866e27b8c4f41a7449412e3b2b8c828e98118fe70b5fd9

SHA512
21b46998b38b5b5179ec7b718b464ec49a42e90797c18481a89fbd21d10411e4ccb830db0ce5328f199e14c69c73e0190cefac35c28c64641238d2399df6040e

Download Submit
C:\Windows\system\PdirDyr.exe

Filesize
6.0MB

MD5
34f4852844de6c8e06357c1147cd22e0

SHA1
5b74d3a4a849cc568768cefb0968dd5619513cf9

SHA256
27237b080212088e94d834de71ac12f11c6c325acced55e15de65c72dec22e1a

SHA512
ca5740f54de3b92c4ff05ee72eacf699ff1dd27c3e9b8e388d2236c06579a44ee6cd82f4d59dbe3fa1abc7ae29039efe36b4ccb87f42eb84d6cb36f15b0a3bc5

Download Submit
C:\Windows\system\RhcqTRU.exe

Filesize
6.0MB

MD5
0297eb69350e4f22149fd1d411086079

SHA1
22c8fda3615e4f326271e836eb34cea33f43d081

SHA256
68466d776155c52b9ece23d65c153f93075ab644d6efce200fc8b997bba7a428

SHA512
eb012d3e6d54b629366860b6778cc70149fa24166bd41f6a55aa7dba7aa9a4b0a41443a28eb985cc79f3d5214564760e7999054618db29c56bd673261976ec5e

Download Submit
C:\Windows\system\TYGQHZE.exe

Filesize
6.0MB

MD5
6b3e5b2f803e3c0c8ba3c6eccbe786c4

SHA1
1ed3cbc01657c5063edbf11ae2ff82fe20a65197

SHA256
e456a2cee6ad6b6a8c3f938fb9b8942ff41ff395834b110f969c8ecd3a6eeb78

SHA512
7dff03643a5880b81707925d74fd59598d4125e51fcfc8d1e5e1ac5596e857133c506b84e16818901c8a5693e3ab9c8dc88a6f8263558fcd306779ee66663565

Download Submit
C:\Windows\system\Vpeomrj.exe

Filesize
6.0MB

MD5
f124e5a40298d6f3824fe710278e2773

SHA1
eb8bedd27a2bbc2c61c29b719839797e614de759

SHA256
418ad303c180082aeb9439ddd1a1e6d4fc37e9195065e6f825fdcd76dbe5a43b

SHA512
100c164137ad965f63f5182bdba6513e4ccac105aa89d61e9bb3d84b13b2020fa72334db03e9490504923fa3f1394eaf298a1f35218f98fc66e4a7bc9ac4c35c

Download Submit
C:\Windows\system\aKKFrop.exe

Filesize
6.0MB

MD5
0d0c63d60f054616314b27db420c4c91

SHA1
63c4527d3b86891cfceb1182a630f3f1cf3b8c79

SHA256
4d47a43accce2accbb9ed8c4cc4d8aa16c26626e462303ab2162a94a4e741676

SHA512
6bab9d097fcd3d8ef53f4515feb1cbd4f37339cd3287c9d665f01cbdc933667ff7841f539d45ea666a04540addc371844fa160de2c5cd91f6c2a66788cafdfb8

Download Submit
C:\Windows\system\aKMvJlC.exe

Filesize
6.0MB

MD5
d2ba98e4e03a6d755dc7fcda8bd758eb

SHA1
036aa2dd99b00f8fd2583ac0a3aaac53c4642b03

SHA256
fab9842979e69e92eac4c200a4301dc88582b98a26465ce88852e009cf841ece

SHA512
9a60afec16ebdebc064594c59e1301cf34846a27fca5c17479caf866eaedf84ff5df539fd9acd66aff63c3013782f1956949b355300683d794d81e100d36d34c

Download Submit
C:\Windows\system\fDIqlZN.exe

Filesize
6.0MB

MD5
bed2fc2fe0fb379dc1b60c65d60c18dd

SHA1
e61001214e67cd8e24eff4d65599e0e042e837e4

SHA256
31bc2490ac0cf0e9a5b37d81f9dbaf6a2b4bde3784aefbd220f651fa3ad1edfe

SHA512
d836da2d762205bfef98cb347e5d046cee05d9068b555e1e1907b7cdafdc5ca0d97f39b2cb3a9281fe639abaac871ed18758dbc5fd47674e535ce3ae6740471f

Download Submit
C:\Windows\system\fdywvEe.exe

Filesize
6.0MB

MD5
5eee35f593d7dcc1f7380db7d9fcaf77

SHA1
63fdbffa2f68255f736a22bc86a7c5a61acbd8d8

SHA256
687b57fa9c2c59e44a58877767cea1b8ee316f3c4ce76d375f6541f5da32f60e

SHA512
e3fcefafa246d027c4f0f85d5bac9e198058371d93424d41c0bc1ef153f8040b68484959f47eb11673e650673679138a998d301fcc61812ac626c6cd11ee8ad2

Download Submit
C:\Windows\system\hOaEkWG.exe

Filesize
6.0MB

MD5
f85ab3f279ef376e22e247a6d3815306

SHA1
885fede7654e4ef6f2dc19ac03e06c11978dd84b

SHA256
8a9b11057cfafa1f55529f4a985ef337d3d07ad039e30971d3695d95d96328a3

SHA512
921f203498762599ad660cb51d9910640c416532cb39d1c78ff5b8ef8a52d4135445cdfa1e33885bf4923d51e1edcbb72bd2aba4778af2b21547f79dc98fbcdd

Download Submit
C:\Windows\system\iUXiQoE.exe

Filesize
6.0MB

MD5
45918d15553736c398804c1fde22f708

SHA1
4b2d7bcf09d1266d84a901ffdd2d469ead76fd0d

SHA256
2d9314e28b56b597bfec266279d5b07a4f0978306e7a1cfdea15c947d178f3c9

SHA512
0757adcf609f1ad12ad401be44f9ba6be6d2c98c1dbd901fb6aca2dfbd0138bb6d82e94eeaf445824596d07560f0b24e2b7733d1b495d68cb21c4b8cde7e7016

Download Submit
C:\Windows\system\jmZSEgh.exe

Filesize
6.0MB

MD5
28ac31a31f30659ae30b27dd0f08897d

SHA1
3fd8be3e98aca324922f68afaf427054de30c078

SHA256
a1a16a680dec4b53971b4e407e2963c702723b1b2a6d7e082438a8c43bf74d56

SHA512
29b601c61fbd32d09611355c70fd62ff9be9df04df58a78a76786b5565ea6bd7468f8e47406f1eebd8fbc80112d833bb0fc0c030788a822bc9b48865ac0da671

Download Submit
C:\Windows\system\pLOYeoH.exe

Filesize
6.0MB

MD5
72cedfa14904267af21c5da1faf837c4

SHA1
664b007327186c1d23a64a1f5e1f732e7fa3b869

SHA256
df46748ebede216eae12a9ec207364ba28ce50a46eaa0e995215e5e94942316e

SHA512
dcd7f9729ece18271947e0fdeb0e7040b05a2a4ba9a108903bb08c87cea273d40d41659ea644ae09d56b22ea367fc9002ba5360035cd2f8a60daeadb0588261a

Download Submit
C:\Windows\system\pWXdYJP.exe

Filesize
6.0MB

MD5
e84d857bc087890e687e13c9bb5bea0a

SHA1
7994ca80b6d8f06f6bd18fb19002400ff4cefe84

SHA256
4e940552f6e3bd3774e8d2ebcf07a71e2bf56e218968ecfa1cad5789b5b08e1e

SHA512
e12f5d8ce8d649b0f55faaa9980cecafc07b113c33893f1b368587edf5dad19cc347f3ec16138e90e2b5f761ed9f000d3e7fa122966fa4461d3e3debc860ca4f

Download Submit
C:\Windows\system\tiRPVTB.exe

Filesize
6.0MB

MD5
895a325d63d851ea3c3b74c151376a58

SHA1
1b937655826377696ad197d980682a7fd852ec0a

SHA256
73839e359d1639ee947cfc89ce762a4fe5fe7d5379d3d648d1be38e0d4029b6d

SHA512
d2579fae5a9c0b60ca7de7338770a9d232aefaeb83af148bdcfd6af9ff115750a06c577902c4b8a857498d0a0af46430c20f08452b14491676032c247ffaab09

Download Submit
C:\Windows\system\toDncXD.exe

Filesize
6.0MB

MD5
9d395eb1916b5104a38da3e45af6d860

SHA1
986bec7c6f2c2dfd351d7dc58bc91923466f83db

SHA256
40afd16537c2b947015debfebc13e728e5ce5e2faa9d57c4130368603d1c9672

SHA512
3fbe5d5d0fb6c148b2b634f4e45b4ab07f974ddf655c484cc48a1c8b3275b58c13854a3fa33e9c5af65d6a35951b5311c76a6b908e9220cb535c7df9ca00e8db

Download Submit
C:\Windows\system\vJSsmvi.exe

Filesize
6.0MB

MD5
80715b8af7b0a4009ae1b3c0add47888

SHA1
352ac0fe838d2f83f6bb3b6671fdbcdceca48f03

SHA256
53c1ed26d33ca37e0ba75590f0e45a2925015816aab9ed043696d858c8116302

SHA512
590d3534cdb03b061b5ad2b63bf1287b2dbf8cd9cd6299b2fe1843b666c27165e96adaf65ce1ef787589ef48e4895eaf7b25d6b383874e8cac7a2c026ad4208c

Download Submit
C:\Windows\system\xHlrRUQ.exe

Filesize
6.0MB

MD5
d8282b531cf69ce4094f268e12380816

SHA1
6d8c64a07cb29e9aaca9b6bcc04976af0d96b2f9

SHA256
0a4e92fb9343be390e3ced78e744c10b60d2cb6335658d4f15e83ed92a77610b

SHA512
938ea145dc0af82b5b8558c3937bb9d119d03f559e3cfadae0a71226168ead6fb0457572b0210c32a525670df27657afe3e9924a5f6a34d378efe25cf8392d0c

Download Submit
\Windows\system\KXKSqlK.exe

Filesize
6.0MB

MD5
289ae65434f8761447e9547cb55aa419

SHA1
941576e371637358ee993006c339d94139636715

SHA256
fa8307df60a623ce833ff1404ec49f0fd42f81bbe3807ed37bb852f7c6b03b74

SHA512
158167cf49a065e0b81aaae85d412f02399fa39ea55a21469bae07210d5b72ad62f7536d01b722fb657d07583b255b77e979424d4075e2d37fb2e30b74286aef

Download Submit
\Windows\system\KoeeGAe.exe

Filesize
6.0MB

MD5
8a2cce3587c60eee7c7fccb5c37429e5

SHA1
1074a80a121770a97ed32aa945eaccd9844cd759

SHA256
016aff8f0534a8ba2cca16cc027d7cd70d449342f9b913d10c1a4c2ef10c4df3

SHA512
0d06935e4f69e119ed6f489cdeb0f985e7f627c809ba3f8877fe9c4b13f8c7eee8a9fad0afc121fdf4a05cc649a7a8784eba5f9e91a03f2ba5b3c18595971d32

Download Submit
\Windows\system\RsLmtbK.exe

Filesize
6.0MB

MD5
7743d6edf6c4fc1388033ef6e31eb109

SHA1
bbe09ee1bb4782b06510811871889df49c47bf02

SHA256
2c02e72bf4ce5a052ee07797ea533a5ff355bd4974ec14c8cdce128303f39980

SHA512
c6184247373c2fc71e1d8f5550ddaf499a4cca4be28f84c2478894b99466d25dc432f805cd672767d72848dd79c2993844675cb3b3dc73bb9448adc3287d874d

Download Submit
\Windows\system\bvvdBpl.exe

Filesize
6.0MB

MD5
fb0ec7d517bb949f5741e0d0da9c1e65

SHA1
1f60e392707ef0121abb7dd8889b261ccbc6b325

SHA256
7e092d89cdda996b18dae2708d0951579bbbf8e970c444d6a901352c004e4059

SHA512
25a4a48361ea7beaab1a5e7b2cd59a4f44e4900508d7623fd8b797be91f7ea2e9420122542f4458bcd2d8aa07a9ad80acdf4e6b9eb68800261f3ac1f206ff90f

Download Submit
\Windows\system\gqcnFwi.exe

Filesize
6.0MB

MD5
624cf5d1eee366946e00ecefecb2d616

SHA1
62a0fe532d958568b2231ee02d91fa719f3a1db8

SHA256
3b7ec26f0dab04707df3e716577da7d0ba73771bc2e538737b971f39631aaccd

SHA512
2bf999e0d57f21e71b51b3558b6e8276505af6bf85d125c2f68c7daca08cffe8330e52e3b601c53e6a0e7d106886a7e30bd685c70dcc38c0ae16aab7f5eec833

Download Submit
\Windows\system\msERZBT.exe

Filesize
6.0MB

MD5
52b2bebc24af0bb480fdf0da87c81b2b

SHA1
75cc75326b395b850d43d1fc8d47b6d085578f13

SHA256
abbedc4024142a07aee47715aa4b0846010deba2bc2ff256875e62487a3315ee

SHA512
b0ee29fa3df57c1229e3b06405dc745154286e0ec6d537d8d79df34b201aea6534bb6a42ab22ee6253dffba989a0d67a6dbbba0c9e5ac2883613b4a0df06d09d

Download Submit
\Windows\system\rjFzCbc.exe

Filesize
6.0MB

MD5
3b052c2caf84f5097d049e687d63b60c

SHA1
b00f047cb9aa53b297b9fc3812a0e7bdb98779ef

SHA256
919699da8e246502f3690990a70c3544d389f6cdb80fa3adbfe1b22e0485ba3c

SHA512
485d8638c15c237d1829893b39d69f1709cae6be4a4117298bb1097c29e81123e25c489b17137227e9316e526d0202bf3f04f91e620cb6c5a843e80e9c8522cc

Download Submit
\Windows\system\sRBYPjc.exe

Filesize
6.0MB

MD5
d28c5d4726645e8a2ea24b7118540c5e

SHA1
8ea4e9ea53c1aa5ed8f4f1065d102fc1e579ffc8

SHA256
5783b160afeed1653e367090ca59b8b37eeaeb55ec867ea770a3018e24f3c945

SHA512
cad0c28aa89e2827ef7cf0863a795034d801fcff758b95f89e60dd685c11ec3307d43cac763002cb6cb5a718f1054aca717b89441789bbf2d4195d06b1c2f307

Download Submit
memory/636-30-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/636-1729-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1644-27-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-1725-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-1632-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1668-24-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1668-70-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1836-1700-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1836-104-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1884-95-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1884-1724-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2152-1828-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2152-94-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2304-50-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2304-22-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2304-700-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2304-442-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2304-44-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2304-604-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2304-74-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-64-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2304-605-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2304-93-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2304-96-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2304-35-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2304-51-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2304-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2304-20-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2304-0-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2304-79-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2304-25-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-28-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2304-510-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2528-1723-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2528-58-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2668-1712-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-339-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-76-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-80-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1728-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2812-40-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1726-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2840-1727-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2840-65-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2856-29-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2856-1707-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2868-1703-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-57-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-1722-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2896-52-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download