cobaltstrike | 077da16395c8d76414890a58db3f09cf367b2f23043a163ea92bfc470d69951d

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 07:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

04f2c2487b79099b72b6488e84a0d3cf
SHA1

40205a5074bc6b6f3b4f275dc45c6febb40a2511
SHA256

077da16395c8d76414890a58db3f09cf367b2f23043a163ea92bfc470d69951d
SHA512

a749a51be99f21b3e75b2a1227ae42b481b48a18ade46e9d5cd49ef1e20d5bffda858456f55aa5f99b9ed65fae6fcbed79a09e6ba63d97618acb340f0b149d80
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUs:T+q56utgpPF8u/7s

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x000f0000000139a5-6.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173b2-12.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001746c-25.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173f6-9.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017481-38.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019614-47.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019618-57.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001966c-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da4-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9f-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07b-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42b-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a345-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a1-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a067-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb9-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db8-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d44-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d20-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c53-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3a-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c38-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001997c-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196e8-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ac-91.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016f97-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019616-73.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962a-70.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001749c-62.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017474-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/1752-0-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x000f0000000139a5-6.dat	xmrig
behavioral1/files/0x00080000000173b2-12.dat	xmrig
behavioral1/memory/2536-15-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2500-14-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/1752-20-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/files/0x000700000001746c-25.dat	xmrig
behavioral1/memory/3064-26-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/1900-27-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x00070000000173f6-9.dat	xmrig
behavioral1/files/0x0009000000017481-38.dat	xmrig
behavioral1/files/0x0005000000019614-47.dat	xmrig
behavioral1/memory/1752-50-0x00000000022D0000-0x0000000002624000-memory.dmp	xmrig
behavioral1/files/0x0005000000019618-57.dat	xmrig
behavioral1/memory/2568-68-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2720-54-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x000500000001966c-79.dat	xmrig
behavioral1/memory/1752-74-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2720-96-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2628-101-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x0005000000019da4-148.dat	xmrig
behavioral1/files/0x0005000000019f9f-159.dat	xmrig
behavioral1/files/0x000500000001a07b-173.dat	xmrig
behavioral1/files/0x000500000001a42b-193.dat	xmrig
behavioral1/memory/2628-1112-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/1752-1159-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2112-884-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2572-643-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/1752-531-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2748-350-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x000500000001a345-188.dat	xmrig
behavioral1/files/0x000500000001a301-182.dat	xmrig
behavioral1/files/0x000500000001a0a1-178.dat	xmrig
behavioral1/files/0x000500000001a067-168.dat	xmrig
behavioral1/files/0x0005000000019fb9-163.dat	xmrig
behavioral1/files/0x0005000000019db8-153.dat	xmrig
behavioral1/files/0x0005000000019d44-143.dat	xmrig
behavioral1/files/0x0005000000019d20-138.dat	xmrig
behavioral1/files/0x0005000000019c53-133.dat	xmrig
behavioral1/files/0x0005000000019c3a-128.dat	xmrig
behavioral1/files/0x0005000000019c38-124.dat	xmrig
behavioral1/files/0x0005000000019c36-118.dat	xmrig
behavioral1/files/0x000500000001997c-113.dat	xmrig
behavioral1/files/0x00050000000196e8-108.dat	xmrig
behavioral1/memory/1752-106-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2832-105-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/1752-99-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/2112-92-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000196ac-91.dat	xmrig
behavioral1/files/0x0009000000016f97-98.dat	xmrig
behavioral1/files/0x0005000000019616-73.dat	xmrig
behavioral1/files/0x000500000001962a-70.dat	xmrig
behavioral1/memory/2572-86-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2636-84-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2716-80-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2748-77-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/1900-69-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2832-65-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x000900000001749c-62.dat	xmrig
behavioral1/memory/3064-60-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/1752-58-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/memory/1752-46-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2860-43-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2716-34-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

ifHSWGP.exeRIxWDxG.exekbKFeMx.exeEKMegbk.exeHPVeEhn.exeWhkwWSy.execgdlUgL.exefxpWIxR.exexQbivoY.exeoAYlQFx.exefRWqvNZ.exeIUKZqgq.exeidsidSQ.exepTiAQhy.exeMhDDUhX.exeviZOJHe.exeLIIhvLE.exeHHZdipR.exekOlaIel.exeaRNRqtl.exejKQfjDJ.exelAziPYM.exeLYsWtsK.exeVTvuOvF.exeIqBjfok.exeUJJKljb.exekIbbEuw.exeyZqJdLJ.exeoVsxPZr.exeGJmPUWP.exejFUAten.exeApSlmLz.exedyweGmy.exejAhpYbc.exeZaQgYEj.exeXHNtHSC.exeDHCpuVF.exeYItcpaS.exenADohHk.exefwKvizS.exeSFMDmwb.exeMgaZOxN.exeDbsnJMA.exeesQhQxM.exeUcWmQLz.exeBXjeWPK.exehbexxwy.exeMXkkhDg.exeeHuAAew.exelDpDsJx.exeDcgmYQt.exeaKRsSQh.exeFxPZPMW.exefXilzOw.exeSKiPZRw.exeANxMkhW.exeDBHGRwP.exeYbRUthH.exeMMakkKV.exetOSyygQ.exeSTmBLoZ.exesNEFCHN.exehTRYrov.exefIGaggk.exe

pid	Process
2500	ifHSWGP.exe
2536	RIxWDxG.exe
3064	kbKFeMx.exe
1900	EKMegbk.exe
2716	HPVeEhn.exe
2860	WhkwWSy.exe
2720	cgdlUgL.exe
2568	fxpWIxR.exe
2832	xQbivoY.exe
2748	oAYlQFx.exe
2636	fRWqvNZ.exe
2572	IUKZqgq.exe
2112	idsidSQ.exe
2628	pTiAQhy.exe
2888	MhDDUhX.exe
1720	viZOJHe.exe
2792	LIIhvLE.exe
2756	HHZdipR.exe
1940	kOlaIel.exe
1216	aRNRqtl.exe
1880	jKQfjDJ.exe
536	lAziPYM.exe
1328	LYsWtsK.exe
1268	VTvuOvF.exe
1028	IqBjfok.exe
2308	UJJKljb.exe
1668	kIbbEuw.exe
112	yZqJdLJ.exe
1912	oVsxPZr.exe
1732	GJmPUWP.exe
1228	jFUAten.exe
1960	ApSlmLz.exe
1508	dyweGmy.exe
2124	jAhpYbc.exe
2132	ZaQgYEj.exe
2116	XHNtHSC.exe
2424	DHCpuVF.exe
624	YItcpaS.exe
564	nADohHk.exe
960	fwKvizS.exe
2440	SFMDmwb.exe
1604	MgaZOxN.exe
1280	DbsnJMA.exe
276	esQhQxM.exe
2348	UcWmQLz.exe
1504	BXjeWPK.exe
2480	hbexxwy.exe
1428	MXkkhDg.exe
2272	eHuAAew.exe
2684	lDpDsJx.exe
2608	DcgmYQt.exe
2584	aKRsSQh.exe
2728	FxPZPMW.exe
2604	fXilzOw.exe
600	SKiPZRw.exe
484	ANxMkhW.exe
2784	DBHGRwP.exe
2780	YbRUthH.exe
2008	MMakkKV.exe
1364	tOSyygQ.exe
2200	STmBLoZ.exe
3060	sNEFCHN.exe
1496	hTRYrov.exe
916	fIGaggk.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1752-0-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x000f0000000139a5-6.dat	upx
behavioral1/files/0x00080000000173b2-12.dat	upx
behavioral1/memory/2536-15-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2500-14-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/files/0x000700000001746c-25.dat	upx
behavioral1/memory/3064-26-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/1900-27-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x00070000000173f6-9.dat	upx
behavioral1/files/0x0009000000017481-38.dat	upx
behavioral1/files/0x0005000000019614-47.dat	upx
behavioral1/files/0x0005000000019618-57.dat	upx
behavioral1/memory/2568-68-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2720-54-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/files/0x000500000001966c-79.dat	upx
behavioral1/memory/2720-96-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2628-101-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x0005000000019da4-148.dat	upx
behavioral1/files/0x0005000000019f9f-159.dat	upx
behavioral1/files/0x000500000001a07b-173.dat	upx
behavioral1/files/0x000500000001a42b-193.dat	upx
behavioral1/memory/2628-1112-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/2112-884-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2572-643-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2748-350-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x000500000001a345-188.dat	upx
behavioral1/files/0x000500000001a301-182.dat	upx
behavioral1/files/0x000500000001a0a1-178.dat	upx
behavioral1/files/0x000500000001a067-168.dat	upx
behavioral1/files/0x0005000000019fb9-163.dat	upx
behavioral1/files/0x0005000000019db8-153.dat	upx
behavioral1/files/0x0005000000019d44-143.dat	upx
behavioral1/files/0x0005000000019d20-138.dat	upx
behavioral1/files/0x0005000000019c53-133.dat	upx
behavioral1/files/0x0005000000019c3a-128.dat	upx
behavioral1/files/0x0005000000019c38-124.dat	upx
behavioral1/files/0x0005000000019c36-118.dat	upx
behavioral1/files/0x000500000001997c-113.dat	upx
behavioral1/files/0x00050000000196e8-108.dat	upx
behavioral1/memory/2832-105-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2112-92-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x00050000000196ac-91.dat	upx
behavioral1/files/0x0009000000016f97-98.dat	upx
behavioral1/files/0x0005000000019616-73.dat	upx
behavioral1/files/0x000500000001962a-70.dat	upx
behavioral1/memory/2572-86-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2636-84-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2716-80-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2748-77-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/memory/1900-69-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2832-65-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x000900000001749c-62.dat	upx
behavioral1/memory/3064-60-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/1752-46-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2860-43-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2716-34-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x0007000000017474-33.dat	upx
behavioral1/memory/2536-4015-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/3064-4026-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2860-4028-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2500-4030-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2720-4029-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2832-4031-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2628-4035-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\GAOObXl.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sQkAhra.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OGJlKoh.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jvosYrC.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZZxzZIh.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xQsAGDp.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jnorlui.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nDegQnr.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ebDJRbJ.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ORAtUrN.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJJKljb.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpkBmgG.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKiuyda.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NkEzJMG.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EcQBUvy.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sEeQmgt.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxPZPMW.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SKiPZRw.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zDRrFOJ.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFRmTLW.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bIHeeCO.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LSryHbd.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGkEhkb.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PLqLxgt.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RSyALUW.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wSfjKlJ.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iABRlYh.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iDeGxof.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\puKMzjz.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOjGVkl.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEWcJvd.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nhEyoqV.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KexwoAu.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LBdmtIc.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VcEuTWN.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\icogzbE.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\siTsVdy.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qZOQgZy.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABzSHLr.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BoGzZTh.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wIAPgPe.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bRCnirQ.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vCyccko.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDdCeoc.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KGAibux.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fOdhLUY.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PnePRPL.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IwECFKL.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fMsgquG.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSYJmyU.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWHyXWm.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vgGYRmK.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ocRXpwu.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FvnqjeL.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DuVaOmj.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UqHcYzH.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\psBjcKp.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jfLypNk.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afuNjst.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DBHGRwP.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZwfVtTw.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aJwxRgO.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNanUta.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XgaJcSh.exe	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 1752 wrote to memory of 2500	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1752 wrote to memory of 2500	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1752 wrote to memory of 2500	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1752 wrote to memory of 2536	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1752 wrote to memory of 2536	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1752 wrote to memory of 2536	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1752 wrote to memory of 3064	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1752 wrote to memory of 3064	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1752 wrote to memory of 3064	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1752 wrote to memory of 1900	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1752 wrote to memory of 1900	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1752 wrote to memory of 1900	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1752 wrote to memory of 2716	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1752 wrote to memory of 2716	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1752 wrote to memory of 2716	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1752 wrote to memory of 2860	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1752 wrote to memory of 2860	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1752 wrote to memory of 2860	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1752 wrote to memory of 2568	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1752 wrote to memory of 2568	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1752 wrote to memory of 2568	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1752 wrote to memory of 2720	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1752 wrote to memory of 2720	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1752 wrote to memory of 2720	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1752 wrote to memory of 2748	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1752 wrote to memory of 2748	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1752 wrote to memory of 2748	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1752 wrote to memory of 2832	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1752 wrote to memory of 2832	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1752 wrote to memory of 2832	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1752 wrote to memory of 2572	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1752 wrote to memory of 2572	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1752 wrote to memory of 2572	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1752 wrote to memory of 2636	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1752 wrote to memory of 2636	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1752 wrote to memory of 2636	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1752 wrote to memory of 2112	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1752 wrote to memory of 2112	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1752 wrote to memory of 2112	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1752 wrote to memory of 2628	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1752 wrote to memory of 2628	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1752 wrote to memory of 2628	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1752 wrote to memory of 2888	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1752 wrote to memory of 2888	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1752 wrote to memory of 2888	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1752 wrote to memory of 1720	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1752 wrote to memory of 1720	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1752 wrote to memory of 1720	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1752 wrote to memory of 2792	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1752 wrote to memory of 2792	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1752 wrote to memory of 2792	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1752 wrote to memory of 2756	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1752 wrote to memory of 2756	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1752 wrote to memory of 2756	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1752 wrote to memory of 1940	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1752 wrote to memory of 1940	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1752 wrote to memory of 1940	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1752 wrote to memory of 1216	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1752 wrote to memory of 1216	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1752 wrote to memory of 1216	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1752 wrote to memory of 1880	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1752 wrote to memory of 1880	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1752 wrote to memory of 1880	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1752 wrote to memory of 536	1752	2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-25_04f2c2487b79099b72b6488e84a0d3cf_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\System\ifHSWGP.exe
  C:\Windows\System\ifHSWGP.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\RIxWDxG.exe
  C:\Windows\System\RIxWDxG.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\kbKFeMx.exe
  C:\Windows\System\kbKFeMx.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\EKMegbk.exe
  C:\Windows\System\EKMegbk.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\HPVeEhn.exe
  C:\Windows\System\HPVeEhn.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\WhkwWSy.exe
  C:\Windows\System\WhkwWSy.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\fxpWIxR.exe
  C:\Windows\System\fxpWIxR.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\cgdlUgL.exe
  C:\Windows\System\cgdlUgL.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\oAYlQFx.exe
  C:\Windows\System\oAYlQFx.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\xQbivoY.exe
  C:\Windows\System\xQbivoY.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\IUKZqgq.exe
  C:\Windows\System\IUKZqgq.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\fRWqvNZ.exe
  C:\Windows\System\fRWqvNZ.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\idsidSQ.exe
  C:\Windows\System\idsidSQ.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\pTiAQhy.exe
  C:\Windows\System\pTiAQhy.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\MhDDUhX.exe
  C:\Windows\System\MhDDUhX.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\viZOJHe.exe
  C:\Windows\System\viZOJHe.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\LIIhvLE.exe
  C:\Windows\System\LIIhvLE.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\HHZdipR.exe
  C:\Windows\System\HHZdipR.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\kOlaIel.exe
  C:\Windows\System\kOlaIel.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\aRNRqtl.exe
  C:\Windows\System\aRNRqtl.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\jKQfjDJ.exe
  C:\Windows\System\jKQfjDJ.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\lAziPYM.exe
  C:\Windows\System\lAziPYM.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\LYsWtsK.exe
  C:\Windows\System\LYsWtsK.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\VTvuOvF.exe
  C:\Windows\System\VTvuOvF.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\IqBjfok.exe
  C:\Windows\System\IqBjfok.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\UJJKljb.exe
  C:\Windows\System\UJJKljb.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\kIbbEuw.exe
  C:\Windows\System\kIbbEuw.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\yZqJdLJ.exe
  C:\Windows\System\yZqJdLJ.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\oVsxPZr.exe
  C:\Windows\System\oVsxPZr.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\GJmPUWP.exe
  C:\Windows\System\GJmPUWP.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\jFUAten.exe
  C:\Windows\System\jFUAten.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\ApSlmLz.exe
  C:\Windows\System\ApSlmLz.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\dyweGmy.exe
  C:\Windows\System\dyweGmy.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\jAhpYbc.exe
  C:\Windows\System\jAhpYbc.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\ZaQgYEj.exe
  C:\Windows\System\ZaQgYEj.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\XHNtHSC.exe
  C:\Windows\System\XHNtHSC.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\DHCpuVF.exe
  C:\Windows\System\DHCpuVF.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\YItcpaS.exe
  C:\Windows\System\YItcpaS.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\nADohHk.exe
  C:\Windows\System\nADohHk.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\fwKvizS.exe
  C:\Windows\System\fwKvizS.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\SFMDmwb.exe
  C:\Windows\System\SFMDmwb.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\MgaZOxN.exe
  C:\Windows\System\MgaZOxN.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\DbsnJMA.exe
  C:\Windows\System\DbsnJMA.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\esQhQxM.exe
  C:\Windows\System\esQhQxM.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\UcWmQLz.exe
  C:\Windows\System\UcWmQLz.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\BXjeWPK.exe
  C:\Windows\System\BXjeWPK.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\hbexxwy.exe
  C:\Windows\System\hbexxwy.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\MXkkhDg.exe
  C:\Windows\System\MXkkhDg.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\eHuAAew.exe
  C:\Windows\System\eHuAAew.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\lDpDsJx.exe
  C:\Windows\System\lDpDsJx.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\DcgmYQt.exe
  C:\Windows\System\DcgmYQt.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\aKRsSQh.exe
  C:\Windows\System\aKRsSQh.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\FxPZPMW.exe
  C:\Windows\System\FxPZPMW.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\fXilzOw.exe
  C:\Windows\System\fXilzOw.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\SKiPZRw.exe
  C:\Windows\System\SKiPZRw.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\ANxMkhW.exe
  C:\Windows\System\ANxMkhW.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\DBHGRwP.exe
  C:\Windows\System\DBHGRwP.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\YbRUthH.exe
  C:\Windows\System\YbRUthH.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\MMakkKV.exe
  C:\Windows\System\MMakkKV.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\tOSyygQ.exe
  C:\Windows\System\tOSyygQ.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\STmBLoZ.exe
  C:\Windows\System\STmBLoZ.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\sNEFCHN.exe
  C:\Windows\System\sNEFCHN.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\hTRYrov.exe
  C:\Windows\System\hTRYrov.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\fIGaggk.exe
  C:\Windows\System\fIGaggk.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\qJVwssH.exe
  C:\Windows\System\qJVwssH.exe
  2⤵
  PID:1712
- C:\Windows\System\WDTAsSO.exe
  C:\Windows\System\WDTAsSO.exe
  2⤵
  PID:2524
- C:\Windows\System\siTsVdy.exe
  C:\Windows\System\siTsVdy.exe
  2⤵
  PID:2120
- C:\Windows\System\wEzlEAq.exe
  C:\Windows\System\wEzlEAq.exe
  2⤵
  PID:3016
- C:\Windows\System\QNrfJsK.exe
  C:\Windows\System\QNrfJsK.exe
  2⤵
  PID:604
- C:\Windows\System\TPLDuIP.exe
  C:\Windows\System\TPLDuIP.exe
  2⤵
  PID:2340
- C:\Windows\System\HNdzwnj.exe
  C:\Windows\System\HNdzwnj.exe
  2⤵
  PID:2296
- C:\Windows\System\NQvjYhZ.exe
  C:\Windows\System\NQvjYhZ.exe
  2⤵
  PID:1436
- C:\Windows\System\jjhtzSb.exe
  C:\Windows\System\jjhtzSb.exe
  2⤵
  PID:1764
- C:\Windows\System\XzLiJjI.exe
  C:\Windows\System\XzLiJjI.exe
  2⤵
  PID:1648
- C:\Windows\System\KeeBKTY.exe
  C:\Windows\System\KeeBKTY.exe
  2⤵
  PID:1532
- C:\Windows\System\hPOqFpD.exe
  C:\Windows\System\hPOqFpD.exe
  2⤵
  PID:2492
- C:\Windows\System\nVxPius.exe
  C:\Windows\System\nVxPius.exe
  2⤵
  PID:2828
- C:\Windows\System\yInTwcA.exe
  C:\Windows\System\yInTwcA.exe
  2⤵
  PID:1868
- C:\Windows\System\KDAPaQd.exe
  C:\Windows\System\KDAPaQd.exe
  2⤵
  PID:2920
- C:\Windows\System\YLcIQRk.exe
  C:\Windows\System\YLcIQRk.exe
  2⤵
  PID:2916
- C:\Windows\System\lrPzcVm.exe
  C:\Windows\System\lrPzcVm.exe
  2⤵
  PID:2908
- C:\Windows\System\DDBMbDE.exe
  C:\Windows\System\DDBMbDE.exe
  2⤵
  PID:2788
- C:\Windows\System\afeoYyG.exe
  C:\Windows\System\afeoYyG.exe
  2⤵
  PID:1992
- C:\Windows\System\qOAmSnY.exe
  C:\Windows\System\qOAmSnY.exe
  2⤵
  PID:1408
- C:\Windows\System\JbIseru.exe
  C:\Windows\System\JbIseru.exe
  2⤵
  PID:1684
- C:\Windows\System\NfMcPZH.exe
  C:\Windows\System\NfMcPZH.exe
  2⤵
  PID:784
- C:\Windows\System\rduTIBj.exe
  C:\Windows\System\rduTIBj.exe
  2⤵
  PID:376
- C:\Windows\System\hirGcmB.exe
  C:\Windows\System\hirGcmB.exe
  2⤵
  PID:2388
- C:\Windows\System\zDRrFOJ.exe
  C:\Windows\System\zDRrFOJ.exe
  2⤵
  PID:1016
- C:\Windows\System\BBcRLtP.exe
  C:\Windows\System\BBcRLtP.exe
  2⤵
  PID:888
- C:\Windows\System\GfimhEm.exe
  C:\Windows\System\GfimhEm.exe
  2⤵
  PID:2948
- C:\Windows\System\bpkBmgG.exe
  C:\Windows\System\bpkBmgG.exe
  2⤵
  PID:2284
- C:\Windows\System\IdsEsOu.exe
  C:\Windows\System\IdsEsOu.exe
  2⤵
  PID:2676
- C:\Windows\System\GwmHkeY.exe
  C:\Windows\System\GwmHkeY.exe
  2⤵
  PID:2588
- C:\Windows\System\IcfLGRr.exe
  C:\Windows\System\IcfLGRr.exe
  2⤵
  PID:3044
- C:\Windows\System\TEWPEhK.exe
  C:\Windows\System\TEWPEhK.exe
  2⤵
  PID:2000
- C:\Windows\System\jZTpYtN.exe
  C:\Windows\System\jZTpYtN.exe
  2⤵
  PID:2452
- C:\Windows\System\AlerGJf.exe
  C:\Windows\System\AlerGJf.exe
  2⤵
  PID:1476
- C:\Windows\System\FVzcEfL.exe
  C:\Windows\System\FVzcEfL.exe
  2⤵
  PID:2160
- C:\Windows\System\jRxsSMj.exe
  C:\Windows\System\jRxsSMj.exe
  2⤵
  PID:3004
- C:\Windows\System\GlhABbZ.exe
  C:\Windows\System\GlhABbZ.exe
  2⤵
  PID:2960
- C:\Windows\System\UaFHmcl.exe
  C:\Windows\System\UaFHmcl.exe
  2⤵
  PID:3088
- C:\Windows\System\oluTrHf.exe
  C:\Windows\System\oluTrHf.exe
  2⤵
  PID:3108
- C:\Windows\System\EceiqKP.exe
  C:\Windows\System\EceiqKP.exe
  2⤵
  PID:3128
- C:\Windows\System\OGJlKoh.exe
  C:\Windows\System\OGJlKoh.exe
  2⤵
  PID:3148
- C:\Windows\System\wtCATfm.exe
  C:\Windows\System\wtCATfm.exe
  2⤵
  PID:3168
- C:\Windows\System\OjUPpWI.exe
  C:\Windows\System\OjUPpWI.exe
  2⤵
  PID:3188
- C:\Windows\System\dMjUbDO.exe
  C:\Windows\System\dMjUbDO.exe
  2⤵
  PID:3208
- C:\Windows\System\ppSpTxK.exe
  C:\Windows\System\ppSpTxK.exe
  2⤵
  PID:3228
- C:\Windows\System\KmgTgZA.exe
  C:\Windows\System\KmgTgZA.exe
  2⤵
  PID:3248
- C:\Windows\System\iAdhmUi.exe
  C:\Windows\System\iAdhmUi.exe
  2⤵
  PID:3268
- C:\Windows\System\TmXmnIa.exe
  C:\Windows\System\TmXmnIa.exe
  2⤵
  PID:3288
- C:\Windows\System\XODOtMM.exe
  C:\Windows\System\XODOtMM.exe
  2⤵
  PID:3308
- C:\Windows\System\hPQzJle.exe
  C:\Windows\System\hPQzJle.exe
  2⤵
  PID:3328
- C:\Windows\System\MmHRRKi.exe
  C:\Windows\System\MmHRRKi.exe
  2⤵
  PID:3348
- C:\Windows\System\urFQiaG.exe
  C:\Windows\System\urFQiaG.exe
  2⤵
  PID:3364
- C:\Windows\System\ZwfVtTw.exe
  C:\Windows\System\ZwfVtTw.exe
  2⤵
  PID:3388
- C:\Windows\System\mZYfbEG.exe
  C:\Windows\System\mZYfbEG.exe
  2⤵
  PID:3404
- C:\Windows\System\WdsuHRN.exe
  C:\Windows\System\WdsuHRN.exe
  2⤵
  PID:3428
- C:\Windows\System\MxbZDtS.exe
  C:\Windows\System\MxbZDtS.exe
  2⤵
  PID:3444
- C:\Windows\System\XrjwRhU.exe
  C:\Windows\System\XrjwRhU.exe
  2⤵
  PID:3468
- C:\Windows\System\sdQViaA.exe
  C:\Windows\System\sdQViaA.exe
  2⤵
  PID:3488
- C:\Windows\System\ABtOkfw.exe
  C:\Windows\System\ABtOkfw.exe
  2⤵
  PID:3508
- C:\Windows\System\XwkERjN.exe
  C:\Windows\System\XwkERjN.exe
  2⤵
  PID:3528
- C:\Windows\System\iTIxVja.exe
  C:\Windows\System\iTIxVja.exe
  2⤵
  PID:3548
- C:\Windows\System\JKrCrem.exe
  C:\Windows\System\JKrCrem.exe
  2⤵
  PID:3568
- C:\Windows\System\FBWQvLN.exe
  C:\Windows\System\FBWQvLN.exe
  2⤵
  PID:3588
- C:\Windows\System\PaGIZOo.exe
  C:\Windows\System\PaGIZOo.exe
  2⤵
  PID:3608
- C:\Windows\System\mXeTWvH.exe
  C:\Windows\System\mXeTWvH.exe
  2⤵
  PID:3628
- C:\Windows\System\HodbTGF.exe
  C:\Windows\System\HodbTGF.exe
  2⤵
  PID:3648
- C:\Windows\System\gfgoBZR.exe
  C:\Windows\System\gfgoBZR.exe
  2⤵
  PID:3668
- C:\Windows\System\mKcFbOJ.exe
  C:\Windows\System\mKcFbOJ.exe
  2⤵
  PID:3688
- C:\Windows\System\IlvxzFo.exe
  C:\Windows\System\IlvxzFo.exe
  2⤵
  PID:3708
- C:\Windows\System\HlsmrSZ.exe
  C:\Windows\System\HlsmrSZ.exe
  2⤵
  PID:3728
- C:\Windows\System\hgbYDxu.exe
  C:\Windows\System\hgbYDxu.exe
  2⤵
  PID:3748
- C:\Windows\System\ulxTFal.exe
  C:\Windows\System\ulxTFal.exe
  2⤵
  PID:3768
- C:\Windows\System\chmNRVl.exe
  C:\Windows\System\chmNRVl.exe
  2⤵
  PID:3788
- C:\Windows\System\wTwsAlX.exe
  C:\Windows\System\wTwsAlX.exe
  2⤵
  PID:3808
- C:\Windows\System\QWHwght.exe
  C:\Windows\System\QWHwght.exe
  2⤵
  PID:3828
- C:\Windows\System\xMYqlGZ.exe
  C:\Windows\System\xMYqlGZ.exe
  2⤵
  PID:3848
- C:\Windows\System\MPHTSYC.exe
  C:\Windows\System\MPHTSYC.exe
  2⤵
  PID:3868
- C:\Windows\System\EdjSLRf.exe
  C:\Windows\System\EdjSLRf.exe
  2⤵
  PID:3888
- C:\Windows\System\uDYcbMn.exe
  C:\Windows\System\uDYcbMn.exe
  2⤵
  PID:3908
- C:\Windows\System\YRoAFtT.exe
  C:\Windows\System\YRoAFtT.exe
  2⤵
  PID:3928
- C:\Windows\System\oOxRlPp.exe
  C:\Windows\System\oOxRlPp.exe
  2⤵
  PID:3952
- C:\Windows\System\fPylFVB.exe
  C:\Windows\System\fPylFVB.exe
  2⤵
  PID:3972
- C:\Windows\System\DVMhWBq.exe
  C:\Windows\System\DVMhWBq.exe
  2⤵
  PID:3992
- C:\Windows\System\pGpeqOj.exe
  C:\Windows\System\pGpeqOj.exe
  2⤵
  PID:4012
- C:\Windows\System\AFkDnpN.exe
  C:\Windows\System\AFkDnpN.exe
  2⤵
  PID:4032
- C:\Windows\System\Ppfimfz.exe
  C:\Windows\System\Ppfimfz.exe
  2⤵
  PID:4052
- C:\Windows\System\IuHsIYF.exe
  C:\Windows\System\IuHsIYF.exe
  2⤵
  PID:4072
- C:\Windows\System\hGAcBdY.exe
  C:\Windows\System\hGAcBdY.exe
  2⤵
  PID:4092
- C:\Windows\System\bTADXJz.exe
  C:\Windows\System\bTADXJz.exe
  2⤵
  PID:1916
- C:\Windows\System\WagdDKh.exe
  C:\Windows\System\WagdDKh.exe
  2⤵
  PID:2708
- C:\Windows\System\ICSgDIS.exe
  C:\Windows\System\ICSgDIS.exe
  2⤵
  PID:1060
- C:\Windows\System\GTxqKxH.exe
  C:\Windows\System\GTxqKxH.exe
  2⤵
  PID:1928
- C:\Windows\System\oObZGTi.exe
  C:\Windows\System\oObZGTi.exe
  2⤵
  PID:3000
- C:\Windows\System\UeAGort.exe
  C:\Windows\System\UeAGort.exe
  2⤵
  PID:2052
- C:\Windows\System\KttmysA.exe
  C:\Windows\System\KttmysA.exe
  2⤵
  PID:3080
- C:\Windows\System\xZjAvXz.exe
  C:\Windows\System\xZjAvXz.exe
  2⤵
  PID:3144
- C:\Windows\System\PiREZgc.exe
  C:\Windows\System\PiREZgc.exe
  2⤵
  PID:3184
- C:\Windows\System\QGbkSLF.exe
  C:\Windows\System\QGbkSLF.exe
  2⤵
  PID:3224
- C:\Windows\System\tOjGVkl.exe
  C:\Windows\System\tOjGVkl.exe
  2⤵
  PID:3256
- C:\Windows\System\TCwMpXJ.exe
  C:\Windows\System\TCwMpXJ.exe
  2⤵
  PID:3240
- C:\Windows\System\oDdCeoc.exe
  C:\Windows\System\oDdCeoc.exe
  2⤵
  PID:3280
- C:\Windows\System\SjwGSHB.exe
  C:\Windows\System\SjwGSHB.exe
  2⤵
  PID:3372
- C:\Windows\System\PxomMES.exe
  C:\Windows\System\PxomMES.exe
  2⤵
  PID:3384
- C:\Windows\System\VmbLAwP.exe
  C:\Windows\System\VmbLAwP.exe
  2⤵
  PID:3420
- C:\Windows\System\klcXehM.exe
  C:\Windows\System\klcXehM.exe
  2⤵
  PID:3452
- C:\Windows\System\vEbORJu.exe
  C:\Windows\System\vEbORJu.exe
  2⤵
  PID:3456
- C:\Windows\System\iBNZWkq.exe
  C:\Windows\System\iBNZWkq.exe
  2⤵
  PID:3504
- C:\Windows\System\hahilPJ.exe
  C:\Windows\System\hahilPJ.exe
  2⤵
  PID:3524
- C:\Windows\System\ebBezBY.exe
  C:\Windows\System\ebBezBY.exe
  2⤵
  PID:3556
- C:\Windows\System\dEMABtT.exe
  C:\Windows\System\dEMABtT.exe
  2⤵
  PID:3624
- C:\Windows\System\REimsMn.exe
  C:\Windows\System\REimsMn.exe
  2⤵
  PID:3656
- C:\Windows\System\tzjFncr.exe
  C:\Windows\System\tzjFncr.exe
  2⤵
  PID:3640
- C:\Windows\System\FEWcJvd.exe
  C:\Windows\System\FEWcJvd.exe
  2⤵
  PID:3704
- C:\Windows\System\xffxEQP.exe
  C:\Windows\System\xffxEQP.exe
  2⤵
  PID:3716
- C:\Windows\System\tkrrLTB.exe
  C:\Windows\System\tkrrLTB.exe
  2⤵
  PID:3764
- C:\Windows\System\bPrduqz.exe
  C:\Windows\System\bPrduqz.exe
  2⤵
  PID:3824
- C:\Windows\System\VxEjBBV.exe
  C:\Windows\System\VxEjBBV.exe
  2⤵
  PID:3844
- C:\Windows\System\PfEduSI.exe
  C:\Windows\System\PfEduSI.exe
  2⤵
  PID:3840
- C:\Windows\System\QLYxonr.exe
  C:\Windows\System\QLYxonr.exe
  2⤵
  PID:3880
- C:\Windows\System\omqXNpY.exe
  C:\Windows\System\omqXNpY.exe
  2⤵
  PID:3940
- C:\Windows\System\QJBbhOO.exe
  C:\Windows\System\QJBbhOO.exe
  2⤵
  PID:3960
- C:\Windows\System\OcUtMvo.exe
  C:\Windows\System\OcUtMvo.exe
  2⤵
  PID:4020
- C:\Windows\System\XnVPmDy.exe
  C:\Windows\System\XnVPmDy.exe
  2⤵
  PID:4024
- C:\Windows\System\XQMSvXL.exe
  C:\Windows\System\XQMSvXL.exe
  2⤵
  PID:4048
- C:\Windows\System\qZOQgZy.exe
  C:\Windows\System\qZOQgZy.exe
  2⤵
  PID:4088
- C:\Windows\System\sFVXNKQ.exe
  C:\Windows\System\sFVXNKQ.exe
  2⤵
  PID:2884
- C:\Windows\System\mGVbXrY.exe
  C:\Windows\System\mGVbXrY.exe
  2⤵
  PID:2128
- C:\Windows\System\EZscbXL.exe
  C:\Windows\System\EZscbXL.exe
  2⤵
  PID:840
- C:\Windows\System\hxlKLQN.exe
  C:\Windows\System\hxlKLQN.exe
  2⤵
  PID:1596
- C:\Windows\System\YyhhvEe.exe
  C:\Windows\System\YyhhvEe.exe
  2⤵
  PID:3176
- C:\Windows\System\QoevvAv.exe
  C:\Windows\System\QoevvAv.exe
  2⤵
  PID:3196
- C:\Windows\System\aScxeBN.exe
  C:\Windows\System\aScxeBN.exe
  2⤵
  PID:3276
- C:\Windows\System\ImDWLmg.exe
  C:\Windows\System\ImDWLmg.exe
  2⤵
  PID:3236
- C:\Windows\System\AVgFXSz.exe
  C:\Windows\System\AVgFXSz.exe
  2⤵
  PID:3340
- C:\Windows\System\ptsFmFN.exe
  C:\Windows\System\ptsFmFN.exe
  2⤵
  PID:3396
- C:\Windows\System\bHUCbJY.exe
  C:\Windows\System\bHUCbJY.exe
  2⤵
  PID:3412
- C:\Windows\System\meAhSAt.exe
  C:\Windows\System\meAhSAt.exe
  2⤵
  PID:3440
- C:\Windows\System\ABRBNfk.exe
  C:\Windows\System\ABRBNfk.exe
  2⤵
  PID:3540
- C:\Windows\System\VqgNMuM.exe
  C:\Windows\System\VqgNMuM.exe
  2⤵
  PID:3596
- C:\Windows\System\ukZviEY.exe
  C:\Windows\System\ukZviEY.exe
  2⤵
  PID:3684
- C:\Windows\System\NiNtnGz.exe
  C:\Windows\System\NiNtnGz.exe
  2⤵
  PID:3760
- C:\Windows\System\wQyCyYq.exe
  C:\Windows\System\wQyCyYq.exe
  2⤵
  PID:3800
- C:\Windows\System\gXzgcJa.exe
  C:\Windows\System\gXzgcJa.exe
  2⤵
  PID:3804
- C:\Windows\System\gAUTwVm.exe
  C:\Windows\System\gAUTwVm.exe
  2⤵
  PID:3856
- C:\Windows\System\BoGzZTh.exe
  C:\Windows\System\BoGzZTh.exe
  2⤵
  PID:3988
- C:\Windows\System\PovQgNF.exe
  C:\Windows\System\PovQgNF.exe
  2⤵
  PID:4000
- C:\Windows\System\nrezhYg.exe
  C:\Windows\System\nrezhYg.exe
  2⤵
  PID:4080
- C:\Windows\System\hBwrmbb.exe
  C:\Windows\System\hBwrmbb.exe
  2⤵
  PID:2488
- C:\Windows\System\xkRVJCf.exe
  C:\Windows\System\xkRVJCf.exe
  2⤵
  PID:2964
- C:\Windows\System\OHoMNWI.exe
  C:\Windows\System\OHoMNWI.exe
  2⤵
  PID:1440
- C:\Windows\System\blnpyAQ.exe
  C:\Windows\System\blnpyAQ.exe
  2⤵
  PID:3076
- C:\Windows\System\IIxgPOq.exe
  C:\Windows\System\IIxgPOq.exe
  2⤵
  PID:3216
- C:\Windows\System\JKFHQFV.exe
  C:\Windows\System\JKFHQFV.exe
  2⤵
  PID:3400
- C:\Windows\System\jvosYrC.exe
  C:\Windows\System\jvosYrC.exe
  2⤵
  PID:3496
- C:\Windows\System\JPiLDEF.exe
  C:\Windows\System\JPiLDEF.exe
  2⤵
  PID:3356
- C:\Windows\System\qFRmTLW.exe
  C:\Windows\System\qFRmTLW.exe
  2⤵
  PID:3576
- C:\Windows\System\XMEFDqG.exe
  C:\Windows\System\XMEFDqG.exe
  2⤵
  PID:3724
- C:\Windows\System\Qceufxr.exe
  C:\Windows\System\Qceufxr.exe
  2⤵
  PID:3820
- C:\Windows\System\WCFKuQN.exe
  C:\Windows\System\WCFKuQN.exe
  2⤵
  PID:3876
- C:\Windows\System\naVnofc.exe
  C:\Windows\System\naVnofc.exe
  2⤵
  PID:3920
- C:\Windows\System\MHFPLBv.exe
  C:\Windows\System\MHFPLBv.exe
  2⤵
  PID:4068
- C:\Windows\System\NNUzbPZ.exe
  C:\Windows\System\NNUzbPZ.exe
  2⤵
  PID:468
- C:\Windows\System\lAjyfUH.exe
  C:\Windows\System\lAjyfUH.exe
  2⤵
  PID:1012
- C:\Windows\System\WCdLkiz.exe
  C:\Windows\System\WCdLkiz.exe
  2⤵
  PID:2696
- C:\Windows\System\VutSBAx.exe
  C:\Windows\System\VutSBAx.exe
  2⤵
  PID:3304
- C:\Windows\System\eHheVkq.exe
  C:\Windows\System\eHheVkq.exe
  2⤵
  PID:3316
- C:\Windows\System\zcEhpDB.exe
  C:\Windows\System\zcEhpDB.exe
  2⤵
  PID:3636
- C:\Windows\System\xtVjbpp.exe
  C:\Windows\System\xtVjbpp.exe
  2⤵
  PID:3780
- C:\Windows\System\foOWlvj.exe
  C:\Windows\System\foOWlvj.exe
  2⤵
  PID:2940
- C:\Windows\System\pgtdIqF.exe
  C:\Windows\System\pgtdIqF.exe
  2⤵
  PID:3916
- C:\Windows\System\pQXxMEn.exe
  C:\Windows\System\pQXxMEn.exe
  2⤵
  PID:2732
- C:\Windows\System\PghcXTA.exe
  C:\Windows\System\PghcXTA.exe
  2⤵
  PID:2260
- C:\Windows\System\afutlMg.exe
  C:\Windows\System\afutlMg.exe
  2⤵
  PID:3436
- C:\Windows\System\SNeOSGa.exe
  C:\Windows\System\SNeOSGa.exe
  2⤵
  PID:3360
- C:\Windows\System\ComSpWM.exe
  C:\Windows\System\ComSpWM.exe
  2⤵
  PID:3604
- C:\Windows\System\zgsCQTb.exe
  C:\Windows\System\zgsCQTb.exe
  2⤵
  PID:4112
- C:\Windows\System\BOFWpfn.exe
  C:\Windows\System\BOFWpfn.exe
  2⤵
  PID:4136
- C:\Windows\System\gNyFBqe.exe
  C:\Windows\System\gNyFBqe.exe
  2⤵
  PID:4156
- C:\Windows\System\RrnmXYf.exe
  C:\Windows\System\RrnmXYf.exe
  2⤵
  PID:4176
- C:\Windows\System\aJwxRgO.exe
  C:\Windows\System\aJwxRgO.exe
  2⤵
  PID:4196
- C:\Windows\System\FTlomqs.exe
  C:\Windows\System\FTlomqs.exe
  2⤵
  PID:4216
- C:\Windows\System\ZcbYUCy.exe
  C:\Windows\System\ZcbYUCy.exe
  2⤵
  PID:4236
- C:\Windows\System\YoTwYhO.exe
  C:\Windows\System\YoTwYhO.exe
  2⤵
  PID:4256
- C:\Windows\System\bMCUgop.exe
  C:\Windows\System\bMCUgop.exe
  2⤵
  PID:4276
- C:\Windows\System\yudlgVR.exe
  C:\Windows\System\yudlgVR.exe
  2⤵
  PID:4296
- C:\Windows\System\FwRnIKm.exe
  C:\Windows\System\FwRnIKm.exe
  2⤵
  PID:4316
- C:\Windows\System\mmGZxnz.exe
  C:\Windows\System\mmGZxnz.exe
  2⤵
  PID:4336
- C:\Windows\System\AzDtpzO.exe
  C:\Windows\System\AzDtpzO.exe
  2⤵
  PID:4352
- C:\Windows\System\hwVEtWt.exe
  C:\Windows\System\hwVEtWt.exe
  2⤵
  PID:4376
- C:\Windows\System\ckKhhjL.exe
  C:\Windows\System\ckKhhjL.exe
  2⤵
  PID:4396
- C:\Windows\System\oyqbvwY.exe
  C:\Windows\System\oyqbvwY.exe
  2⤵
  PID:4416
- C:\Windows\System\zUSGXbV.exe
  C:\Windows\System\zUSGXbV.exe
  2⤵
  PID:4436
- C:\Windows\System\BRuBYNj.exe
  C:\Windows\System\BRuBYNj.exe
  2⤵
  PID:4456
- C:\Windows\System\YupVxyy.exe
  C:\Windows\System\YupVxyy.exe
  2⤵
  PID:4476
- C:\Windows\System\fDdYmqk.exe
  C:\Windows\System\fDdYmqk.exe
  2⤵
  PID:4496
- C:\Windows\System\nWPMMWR.exe
  C:\Windows\System\nWPMMWR.exe
  2⤵
  PID:4516
- C:\Windows\System\wIPZgSj.exe
  C:\Windows\System\wIPZgSj.exe
  2⤵
  PID:4540
- C:\Windows\System\ixHAaju.exe
  C:\Windows\System\ixHAaju.exe
  2⤵
  PID:4560
- C:\Windows\System\mKgjoqR.exe
  C:\Windows\System\mKgjoqR.exe
  2⤵
  PID:4580
- C:\Windows\System\raASYYx.exe
  C:\Windows\System\raASYYx.exe
  2⤵
  PID:4600
- C:\Windows\System\uTWNTZc.exe
  C:\Windows\System\uTWNTZc.exe
  2⤵
  PID:4620
- C:\Windows\System\VjzjLLk.exe
  C:\Windows\System\VjzjLLk.exe
  2⤵
  PID:4640
- C:\Windows\System\aEqIaqS.exe
  C:\Windows\System\aEqIaqS.exe
  2⤵
  PID:4660
- C:\Windows\System\UnpjGsQ.exe
  C:\Windows\System\UnpjGsQ.exe
  2⤵
  PID:4680
- C:\Windows\System\tCsZtDW.exe
  C:\Windows\System\tCsZtDW.exe
  2⤵
  PID:4700
- C:\Windows\System\ebDJRbJ.exe
  C:\Windows\System\ebDJRbJ.exe
  2⤵
  PID:4720
- C:\Windows\System\jWkZhfK.exe
  C:\Windows\System\jWkZhfK.exe
  2⤵
  PID:4740
- C:\Windows\System\UQhXEnH.exe
  C:\Windows\System\UQhXEnH.exe
  2⤵
  PID:4760
- C:\Windows\System\IFytZgN.exe
  C:\Windows\System\IFytZgN.exe
  2⤵
  PID:4780
- C:\Windows\System\CvJhGhn.exe
  C:\Windows\System\CvJhGhn.exe
  2⤵
  PID:4800
- C:\Windows\System\fncUyue.exe
  C:\Windows\System\fncUyue.exe
  2⤵
  PID:4820
- C:\Windows\System\zbTAlBr.exe
  C:\Windows\System\zbTAlBr.exe
  2⤵
  PID:4840
- C:\Windows\System\HJjsdnf.exe
  C:\Windows\System\HJjsdnf.exe
  2⤵
  PID:4860
- C:\Windows\System\LfxnHaN.exe
  C:\Windows\System\LfxnHaN.exe
  2⤵
  PID:4880
- C:\Windows\System\UIVCRqb.exe
  C:\Windows\System\UIVCRqb.exe
  2⤵
  PID:4900
- C:\Windows\System\nuDpzWO.exe
  C:\Windows\System\nuDpzWO.exe
  2⤵
  PID:4920
- C:\Windows\System\MkRgpaU.exe
  C:\Windows\System\MkRgpaU.exe
  2⤵
  PID:4940
- C:\Windows\System\nullWCG.exe
  C:\Windows\System\nullWCG.exe
  2⤵
  PID:4960
- C:\Windows\System\CBvtFXf.exe
  C:\Windows\System\CBvtFXf.exe
  2⤵
  PID:4980
- C:\Windows\System\laLXzXU.exe
  C:\Windows\System\laLXzXU.exe
  2⤵
  PID:5000
- C:\Windows\System\zbRqshs.exe
  C:\Windows\System\zbRqshs.exe
  2⤵
  PID:5020
- C:\Windows\System\VQuFxdm.exe
  C:\Windows\System\VQuFxdm.exe
  2⤵
  PID:5040
- C:\Windows\System\AeYWiKn.exe
  C:\Windows\System\AeYWiKn.exe
  2⤵
  PID:5060
- C:\Windows\System\dwXILvu.exe
  C:\Windows\System\dwXILvu.exe
  2⤵
  PID:5080
- C:\Windows\System\XbsiHPE.exe
  C:\Windows\System\XbsiHPE.exe
  2⤵
  PID:5100
- C:\Windows\System\BFGMpiU.exe
  C:\Windows\System\BFGMpiU.exe
  2⤵
  PID:3816
- C:\Windows\System\gcYIYgS.exe
  C:\Windows\System\gcYIYgS.exe
  2⤵
  PID:2672
- C:\Windows\System\uxtfqnt.exe
  C:\Windows\System\uxtfqnt.exe
  2⤵
  PID:4064
- C:\Windows\System\LjKkpMp.exe
  C:\Windows\System\LjKkpMp.exe
  2⤵
  PID:3320
- C:\Windows\System\QiRxlBr.exe
  C:\Windows\System\QiRxlBr.exe
  2⤵
  PID:3676
- C:\Windows\System\tzfdlOR.exe
  C:\Windows\System\tzfdlOR.exe
  2⤵
  PID:4104
- C:\Windows\System\lcbsQRi.exe
  C:\Windows\System\lcbsQRi.exe
  2⤵
  PID:4152
- C:\Windows\System\UqHcYzH.exe
  C:\Windows\System\UqHcYzH.exe
  2⤵
  PID:4184
- C:\Windows\System\ThbChSy.exe
  C:\Windows\System\ThbChSy.exe
  2⤵
  PID:2952
- C:\Windows\System\ocRXpwu.exe
  C:\Windows\System\ocRXpwu.exe
  2⤵
  PID:4224
- C:\Windows\System\CxIfpNQ.exe
  C:\Windows\System\CxIfpNQ.exe
  2⤵
  PID:4264
- C:\Windows\System\SDzmoHC.exe
  C:\Windows\System\SDzmoHC.exe
  2⤵
  PID:4288
- C:\Windows\System\QiaQjDe.exe
  C:\Windows\System\QiaQjDe.exe
  2⤵
  PID:3048
- C:\Windows\System\rjdLJtu.exe
  C:\Windows\System\rjdLJtu.exe
  2⤵
  PID:4368
- C:\Windows\System\MLRqvCS.exe
  C:\Windows\System\MLRqvCS.exe
  2⤵
  PID:4404
- C:\Windows\System\eKVgxZi.exe
  C:\Windows\System\eKVgxZi.exe
  2⤵
  PID:4408
- C:\Windows\System\DkvkbDA.exe
  C:\Windows\System\DkvkbDA.exe
  2⤵
  PID:4428
- C:\Windows\System\dIkYVTY.exe
  C:\Windows\System\dIkYVTY.exe
  2⤵
  PID:4488
- C:\Windows\System\HXcacOc.exe
  C:\Windows\System\HXcacOc.exe
  2⤵
  PID:4532
- C:\Windows\System\kSvSJGa.exe
  C:\Windows\System\kSvSJGa.exe
  2⤵
  PID:4528
- C:\Windows\System\NMlqSbW.exe
  C:\Windows\System\NMlqSbW.exe
  2⤵
  PID:4552
- C:\Windows\System\ShRUkdF.exe
  C:\Windows\System\ShRUkdF.exe
  2⤵
  PID:2796
- C:\Windows\System\CPOzIyB.exe
  C:\Windows\System\CPOzIyB.exe
  2⤵
  PID:1480
- C:\Windows\System\TVBwLMk.exe
  C:\Windows\System\TVBwLMk.exe
  2⤵
  PID:4632
- C:\Windows\System\reOjClT.exe
  C:\Windows\System\reOjClT.exe
  2⤵
  PID:4692
- C:\Windows\System\lDbiVtO.exe
  C:\Windows\System\lDbiVtO.exe
  2⤵
  PID:4736
- C:\Windows\System\bidPHGx.exe
  C:\Windows\System\bidPHGx.exe
  2⤵
  PID:4768
- C:\Windows\System\wzoHgrG.exe
  C:\Windows\System\wzoHgrG.exe
  2⤵
  PID:4808
- C:\Windows\System\iiRzOBG.exe
  C:\Windows\System\iiRzOBG.exe
  2⤵
  PID:4792
- C:\Windows\System\ZKGenWU.exe
  C:\Windows\System\ZKGenWU.exe
  2⤵
  PID:4852
- C:\Windows\System\nhEyoqV.exe
  C:\Windows\System\nhEyoqV.exe
  2⤵
  PID:1488
- C:\Windows\System\bAjxBYN.exe
  C:\Windows\System\bAjxBYN.exe
  2⤵
  PID:4892
- C:\Windows\System\zaZLYTp.exe
  C:\Windows\System\zaZLYTp.exe
  2⤵
  PID:4912
- C:\Windows\System\arsbsTL.exe
  C:\Windows\System\arsbsTL.exe
  2⤵
  PID:4948
- C:\Windows\System\OFAgCra.exe
  C:\Windows\System\OFAgCra.exe
  2⤵
  PID:4988
- C:\Windows\System\TLsmspt.exe
  C:\Windows\System\TLsmspt.exe
  2⤵
  PID:4992
- C:\Windows\System\ffMUZRh.exe
  C:\Windows\System\ffMUZRh.exe
  2⤵
  PID:5052
- C:\Windows\System\RSyALUW.exe
  C:\Windows\System\RSyALUW.exe
  2⤵
  PID:5092
- C:\Windows\System\qjwVJRi.exe
  C:\Windows\System\qjwVJRi.exe
  2⤵
  PID:2704
- C:\Windows\System\QSSWQHt.exe
  C:\Windows\System\QSSWQHt.exe
  2⤵
  PID:3336
- C:\Windows\System\BbVDrDT.exe
  C:\Windows\System\BbVDrDT.exe
  2⤵
  PID:3968
- C:\Windows\System\LKgZVRz.exe
  C:\Windows\System\LKgZVRz.exe
  2⤵
  PID:4008
- C:\Windows\System\pJPwKwh.exe
  C:\Windows\System\pJPwKwh.exe
  2⤵
  PID:1056
- C:\Windows\System\BvbTZPU.exe
  C:\Windows\System\BvbTZPU.exe
  2⤵
  PID:4244
- C:\Windows\System\ptTRnnR.exe
  C:\Windows\System\ptTRnnR.exe
  2⤵
  PID:4268
- C:\Windows\System\MlsVtDG.exe
  C:\Windows\System\MlsVtDG.exe
  2⤵
  PID:2140
- C:\Windows\System\UxjaCVn.exe
  C:\Windows\System\UxjaCVn.exe
  2⤵
  PID:4360
- C:\Windows\System\UlEItmq.exe
  C:\Windows\System\UlEItmq.exe
  2⤵
  PID:4384
- C:\Windows\System\cSEpZoQ.exe
  C:\Windows\System\cSEpZoQ.exe
  2⤵
  PID:4492
- C:\Windows\System\bMwiJXB.exe
  C:\Windows\System\bMwiJXB.exe
  2⤵
  PID:2640
- C:\Windows\System\ORAtUrN.exe
  C:\Windows\System\ORAtUrN.exe
  2⤵
  PID:4508
- C:\Windows\System\gGdOTHL.exe
  C:\Windows\System\gGdOTHL.exe
  2⤵
  PID:4612
- C:\Windows\System\qLoJdDi.exe
  C:\Windows\System\qLoJdDi.exe
  2⤵
  PID:2248
- C:\Windows\System\uWysDou.exe
  C:\Windows\System\uWysDou.exe
  2⤵
  PID:4592
- C:\Windows\System\ieqOYaB.exe
  C:\Windows\System\ieqOYaB.exe
  2⤵
  PID:4676
- C:\Windows\System\BBMEqcI.exe
  C:\Windows\System\BBMEqcI.exe
  2⤵
  PID:4752
- C:\Windows\System\Xijsvos.exe
  C:\Windows\System\Xijsvos.exe
  2⤵
  PID:4668
- C:\Windows\System\zAtUdVz.exe
  C:\Windows\System\zAtUdVz.exe
  2⤵
  PID:4732
- C:\Windows\System\oHsHKQc.exe
  C:\Windows\System\oHsHKQc.exe
  2⤵
  PID:2376
- C:\Windows\System\hUKOcPV.exe
  C:\Windows\System\hUKOcPV.exe
  2⤵
  PID:1120
- C:\Windows\System\vUwJzCK.exe
  C:\Windows\System\vUwJzCK.exe
  2⤵
  PID:4872
- C:\Windows\System\vtuZdMS.exe
  C:\Windows\System\vtuZdMS.exe
  2⤵
  PID:4996
- C:\Windows\System\iYCHTRs.exe
  C:\Windows\System\iYCHTRs.exe
  2⤵
  PID:5012
- C:\Windows\System\kFSVEzl.exe
  C:\Windows\System\kFSVEzl.exe
  2⤵
  PID:5088
- C:\Windows\System\MWZzexO.exe
  C:\Windows\System\MWZzexO.exe
  2⤵
  PID:5068
- C:\Windows\System\CcBEyqt.exe
  C:\Windows\System\CcBEyqt.exe
  2⤵
  PID:3116
- C:\Windows\System\EcIPQNx.exe
  C:\Windows\System\EcIPQNx.exe
  2⤵
  PID:4144
- C:\Windows\System\AhLEryM.exe
  C:\Windows\System\AhLEryM.exe
  2⤵
  PID:4212
- C:\Windows\System\zoIxAQh.exe
  C:\Windows\System\zoIxAQh.exe
  2⤵
  PID:4364
- C:\Windows\System\hRdIRfK.exe
  C:\Windows\System\hRdIRfK.exe
  2⤵
  PID:2820
- C:\Windows\System\kRlUfcF.exe
  C:\Windows\System\kRlUfcF.exe
  2⤵
  PID:4392
- C:\Windows\System\qTiTXDg.exe
  C:\Windows\System\qTiTXDg.exe
  2⤵
  PID:4512
- C:\Windows\System\xQxiQmO.exe
  C:\Windows\System\xQxiQmO.exe
  2⤵
  PID:3032
- C:\Windows\System\uGgTuvA.exe
  C:\Windows\System\uGgTuvA.exe
  2⤵
  PID:4772
- C:\Windows\System\sNmOLkh.exe
  C:\Windows\System\sNmOLkh.exe
  2⤵
  PID:3036
- C:\Windows\System\axxhBRU.exe
  C:\Windows\System\axxhBRU.exe
  2⤵
  PID:4908
- C:\Windows\System\MFxpbKb.exe
  C:\Windows\System\MFxpbKb.exe
  2⤵
  PID:5016
- C:\Windows\System\rcqUFFd.exe
  C:\Windows\System\rcqUFFd.exe
  2⤵
  PID:5076
- C:\Windows\System\aDTXALX.exe
  C:\Windows\System\aDTXALX.exe
  2⤵
  PID:4652
- C:\Windows\System\dOdXcDt.exe
  C:\Windows\System\dOdXcDt.exe
  2⤵
  PID:4596
- C:\Windows\System\VosZDro.exe
  C:\Windows\System\VosZDro.exe
  2⤵
  PID:5056
- C:\Windows\System\hhWzwhn.exe
  C:\Windows\System\hhWzwhn.exe
  2⤵
  PID:3264
- C:\Windows\System\dUyHXlI.exe
  C:\Windows\System\dUyHXlI.exe
  2⤵
  PID:4168
- C:\Windows\System\byOPpdy.exe
  C:\Windows\System\byOPpdy.exe
  2⤵
  PID:2288
- C:\Windows\System\aDZFoYW.exe
  C:\Windows\System\aDZFoYW.exe
  2⤵
  PID:4304
- C:\Windows\System\psBjcKp.exe
  C:\Windows\System\psBjcKp.exe
  2⤵
  PID:4424
- C:\Windows\System\sTrQSHb.exe
  C:\Windows\System\sTrQSHb.exe
  2⤵
  PID:4524
- C:\Windows\System\UgTiuRs.exe
  C:\Windows\System\UgTiuRs.exe
  2⤵
  PID:3028
- C:\Windows\System\oUAdNfy.exe
  C:\Windows\System\oUAdNfy.exe
  2⤵
  PID:4448
- C:\Windows\System\boBYknA.exe
  C:\Windows\System\boBYknA.exe
  2⤵
  PID:4976
- C:\Windows\System\okNepVF.exe
  C:\Windows\System\okNepVF.exe
  2⤵
  PID:4712
- C:\Windows\System\ngAzECK.exe
  C:\Windows\System\ngAzECK.exe
  2⤵
  PID:2328
- C:\Windows\System\FgvkSky.exe
  C:\Windows\System\FgvkSky.exe
  2⤵
  PID:4656
- C:\Windows\System\vUteWFB.exe
  C:\Windows\System\vUteWFB.exe
  2⤵
  PID:4132
- C:\Windows\System\aEnUzkc.exe
  C:\Windows\System\aEnUzkc.exe
  2⤵
  PID:5116
- C:\Windows\System\eTCEdIt.exe
  C:\Windows\System\eTCEdIt.exe
  2⤵
  PID:4788
- C:\Windows\System\rzqDGfe.exe
  C:\Windows\System\rzqDGfe.exe
  2⤵
  PID:2992
- C:\Windows\System\NkgZmrJ.exe
  C:\Windows\System\NkgZmrJ.exe
  2⤵
  PID:4324
- C:\Windows\System\vvEEoyI.exe
  C:\Windows\System\vvEEoyI.exe
  2⤵
  PID:1164
- C:\Windows\System\BfCSorJ.exe
  C:\Windows\System\BfCSorJ.exe
  2⤵
  PID:4588
- C:\Windows\System\QlUzIgt.exe
  C:\Windows\System\QlUzIgt.exe
  2⤵
  PID:4468
- C:\Windows\System\xObycnf.exe
  C:\Windows\System\xObycnf.exe
  2⤵
  PID:3744
- C:\Windows\System\ycldtWl.exe
  C:\Windows\System\ycldtWl.exe
  2⤵
  PID:1368
- C:\Windows\System\TNQLpPS.exe
  C:\Windows\System\TNQLpPS.exe
  2⤵
  PID:2928
- C:\Windows\System\EEASUqI.exe
  C:\Windows\System\EEASUqI.exe
  2⤵
  PID:4188
- C:\Windows\System\LODkOwu.exe
  C:\Windows\System\LODkOwu.exe
  2⤵
  PID:1644
- C:\Windows\System\vLUgtBZ.exe
  C:\Windows\System\vLUgtBZ.exe
  2⤵
  PID:4548
- C:\Windows\System\cZYnjnx.exe
  C:\Windows\System\cZYnjnx.exe
  2⤵
  PID:4856
- C:\Windows\System\SCKBdlq.exe
  C:\Windows\System\SCKBdlq.exe
  2⤵
  PID:4968
- C:\Windows\System\OGfOlDT.exe
  C:\Windows\System\OGfOlDT.exe
  2⤵
  PID:2616
- C:\Windows\System\jABOdmN.exe
  C:\Windows\System\jABOdmN.exe
  2⤵
  PID:2088
- C:\Windows\System\RoseslD.exe
  C:\Windows\System\RoseslD.exe
  2⤵
  PID:4312
- C:\Windows\System\GPDHlyU.exe
  C:\Windows\System\GPDHlyU.exe
  2⤵
  PID:5144
- C:\Windows\System\bnQrZTk.exe
  C:\Windows\System\bnQrZTk.exe
  2⤵
  PID:5172
- C:\Windows\System\nqjqWvi.exe
  C:\Windows\System\nqjqWvi.exe
  2⤵
  PID:5188
- C:\Windows\System\oMkaKms.exe
  C:\Windows\System\oMkaKms.exe
  2⤵
  PID:5212
- C:\Windows\System\KdVwTGU.exe
  C:\Windows\System\KdVwTGU.exe
  2⤵
  PID:5228
- C:\Windows\System\SDaVtzD.exe
  C:\Windows\System\SDaVtzD.exe
  2⤵
  PID:5244
- C:\Windows\System\QLJQrBu.exe
  C:\Windows\System\QLJQrBu.exe
  2⤵
  PID:5276
- C:\Windows\System\gmNpCUE.exe
  C:\Windows\System\gmNpCUE.exe
  2⤵
  PID:5292
- C:\Windows\System\XHRxlqV.exe
  C:\Windows\System\XHRxlqV.exe
  2⤵
  PID:5308
- C:\Windows\System\bIHeeCO.exe
  C:\Windows\System\bIHeeCO.exe
  2⤵
  PID:5328
- C:\Windows\System\eKcAWZE.exe
  C:\Windows\System\eKcAWZE.exe
  2⤵
  PID:5344
- C:\Windows\System\IlJMNgQ.exe
  C:\Windows\System\IlJMNgQ.exe
  2⤵
  PID:5364
- C:\Windows\System\vClllwy.exe
  C:\Windows\System\vClllwy.exe
  2⤵
  PID:5380
- C:\Windows\System\IDKJokJ.exe
  C:\Windows\System\IDKJokJ.exe
  2⤵
  PID:5400
- C:\Windows\System\flZAlTU.exe
  C:\Windows\System\flZAlTU.exe
  2⤵
  PID:5432
- C:\Windows\System\qUyZQHG.exe
  C:\Windows\System\qUyZQHG.exe
  2⤵
  PID:5452
- C:\Windows\System\rsFEczX.exe
  C:\Windows\System\rsFEczX.exe
  2⤵
  PID:5468
- C:\Windows\System\lOjWtsO.exe
  C:\Windows\System\lOjWtsO.exe
  2⤵
  PID:5488
- C:\Windows\System\zFtnddl.exe
  C:\Windows\System\zFtnddl.exe
  2⤵
  PID:5508
- C:\Windows\System\cTRGbwy.exe
  C:\Windows\System\cTRGbwy.exe
  2⤵
  PID:5528
- C:\Windows\System\sCJoWzb.exe
  C:\Windows\System\sCJoWzb.exe
  2⤵
  PID:5548
- C:\Windows\System\qhVcdQs.exe
  C:\Windows\System\qhVcdQs.exe
  2⤵
  PID:5564
- C:\Windows\System\rDkNDjf.exe
  C:\Windows\System\rDkNDjf.exe
  2⤵
  PID:5596
- C:\Windows\System\SzsSNNu.exe
  C:\Windows\System\SzsSNNu.exe
  2⤵
  PID:5612
- C:\Windows\System\OjJYoUg.exe
  C:\Windows\System\OjJYoUg.exe
  2⤵
  PID:5628
- C:\Windows\System\EErdaVl.exe
  C:\Windows\System\EErdaVl.exe
  2⤵
  PID:5644
- C:\Windows\System\GQewcIe.exe
  C:\Windows\System\GQewcIe.exe
  2⤵
  PID:5660
- C:\Windows\System\xjXSfto.exe
  C:\Windows\System\xjXSfto.exe
  2⤵
  PID:5684
- C:\Windows\System\ugfjrHQ.exe
  C:\Windows\System\ugfjrHQ.exe
  2⤵
  PID:5704
- C:\Windows\System\EZGRBic.exe
  C:\Windows\System\EZGRBic.exe
  2⤵
  PID:5720
- C:\Windows\System\vUGDyIv.exe
  C:\Windows\System\vUGDyIv.exe
  2⤵
  PID:5740
- C:\Windows\System\NlTNfbI.exe
  C:\Windows\System\NlTNfbI.exe
  2⤵
  PID:5756
- C:\Windows\System\PChXkPI.exe
  C:\Windows\System\PChXkPI.exe
  2⤵
  PID:5776
- C:\Windows\System\sUMpxbN.exe
  C:\Windows\System\sUMpxbN.exe
  2⤵
  PID:5792
- C:\Windows\System\khrASug.exe
  C:\Windows\System\khrASug.exe
  2⤵
  PID:5808
- C:\Windows\System\RTFeTUV.exe
  C:\Windows\System\RTFeTUV.exe
  2⤵
  PID:5840
- C:\Windows\System\tBYPqDa.exe
  C:\Windows\System\tBYPqDa.exe
  2⤵
  PID:5860
- C:\Windows\System\NewHYse.exe
  C:\Windows\System\NewHYse.exe
  2⤵
  PID:5880
- C:\Windows\System\WAMQyPQ.exe
  C:\Windows\System\WAMQyPQ.exe
  2⤵
  PID:5900
- C:\Windows\System\wKvBsPd.exe
  C:\Windows\System\wKvBsPd.exe
  2⤵
  PID:5936
- C:\Windows\System\uQaZyEc.exe
  C:\Windows\System\uQaZyEc.exe
  2⤵
  PID:5952
- C:\Windows\System\lDIZcTI.exe
  C:\Windows\System\lDIZcTI.exe
  2⤵
  PID:5968
- C:\Windows\System\KRYNqhJ.exe
  C:\Windows\System\KRYNqhJ.exe
  2⤵
  PID:5984
- C:\Windows\System\RycKSpF.exe
  C:\Windows\System\RycKSpF.exe
  2⤵
  PID:6000
- C:\Windows\System\OAoqyYG.exe
  C:\Windows\System\OAoqyYG.exe
  2⤵
  PID:6016
- C:\Windows\System\qyDuwSC.exe
  C:\Windows\System\qyDuwSC.exe
  2⤵
  PID:6040
- C:\Windows\System\NffAsCZ.exe
  C:\Windows\System\NffAsCZ.exe
  2⤵
  PID:6056
- C:\Windows\System\noQcJUx.exe
  C:\Windows\System\noQcJUx.exe
  2⤵
  PID:6072
- C:\Windows\System\aGUpETN.exe
  C:\Windows\System\aGUpETN.exe
  2⤵
  PID:6088
- C:\Windows\System\rasYPCp.exe
  C:\Windows\System\rasYPCp.exe
  2⤵
  PID:6112
- C:\Windows\System\hMSEdSq.exe
  C:\Windows\System\hMSEdSq.exe
  2⤵
  PID:6128
- C:\Windows\System\YFAXHsH.exe
  C:\Windows\System\YFAXHsH.exe
  2⤵
  PID:380
- C:\Windows\System\cSrTyJW.exe
  C:\Windows\System\cSrTyJW.exe
  2⤵
  PID:5168
- C:\Windows\System\PgHrSXt.exe
  C:\Windows\System\PgHrSXt.exe
  2⤵
  PID:2144
- C:\Windows\System\trXwOWC.exe
  C:\Windows\System\trXwOWC.exe
  2⤵
  PID:3836
- C:\Windows\System\AHRoxnA.exe
  C:\Windows\System\AHRoxnA.exe
  2⤵
  PID:5236
- C:\Windows\System\vOrrkkA.exe
  C:\Windows\System\vOrrkkA.exe
  2⤵
  PID:5224
- C:\Windows\System\zvvuYdc.exe
  C:\Windows\System\zvvuYdc.exe
  2⤵
  PID:5220
- C:\Windows\System\iQolUsP.exe
  C:\Windows\System\iQolUsP.exe
  2⤵
  PID:5256
- C:\Windows\System\PwIiqNA.exe
  C:\Windows\System\PwIiqNA.exe
  2⤵
  PID:5320
- C:\Windows\System\siXtXMw.exe
  C:\Windows\System\siXtXMw.exe
  2⤵
  PID:5360
- C:\Windows\System\iGszNpp.exe
  C:\Windows\System\iGszNpp.exe
  2⤵
  PID:3052
- C:\Windows\System\hzoJuLe.exe
  C:\Windows\System\hzoJuLe.exe
  2⤵
  PID:5372
- C:\Windows\System\BnUBbFF.exe
  C:\Windows\System\BnUBbFF.exe
  2⤵
  PID:5424
- C:\Windows\System\ABzSHLr.exe
  C:\Windows\System\ABzSHLr.exe
  2⤵
  PID:5516
- C:\Windows\System\KGAibux.exe
  C:\Windows\System\KGAibux.exe
  2⤵
  PID:5428
- C:\Windows\System\ZZxzZIh.exe
  C:\Windows\System\ZZxzZIh.exe
  2⤵
  PID:2280
- C:\Windows\System\ZkkMHgV.exe
  C:\Windows\System\ZkkMHgV.exe
  2⤵
  PID:5588
- C:\Windows\System\gnqncFj.exe
  C:\Windows\System\gnqncFj.exe
  2⤵
  PID:5496
- C:\Windows\System\XLQXOkr.exe
  C:\Windows\System\XLQXOkr.exe
  2⤵
  PID:5608
- C:\Windows\System\elcwTOy.exe
  C:\Windows\System\elcwTOy.exe
  2⤵
  PID:5672
- C:\Windows\System\oFtuCIR.exe
  C:\Windows\System\oFtuCIR.exe
  2⤵
  PID:2268
- C:\Windows\System\aiXxQzE.exe
  C:\Windows\System\aiXxQzE.exe
  2⤵
  PID:5748
- C:\Windows\System\XRuKVyg.exe
  C:\Windows\System\XRuKVyg.exe
  2⤵
  PID:5820
- C:\Windows\System\JwOFVcV.exe
  C:\Windows\System\JwOFVcV.exe
  2⤵
  PID:5584
- C:\Windows\System\egTAQwu.exe
  C:\Windows\System\egTAQwu.exe
  2⤵
  PID:5876
- C:\Windows\System\hMxdPKa.exe
  C:\Windows\System\hMxdPKa.exe
  2⤵
  PID:5848
- C:\Windows\System\mgBJXFg.exe
  C:\Windows\System\mgBJXFg.exe
  2⤵
  PID:5852
- C:\Windows\System\oChMBkv.exe
  C:\Windows\System\oChMBkv.exe
  2⤵
  PID:5620
- C:\Windows\System\CRxFUIo.exe
  C:\Windows\System\CRxFUIo.exe
  2⤵
  PID:5888
- C:\Windows\System\yLlHvzm.exe
  C:\Windows\System\yLlHvzm.exe
  2⤵
  PID:5916
- C:\Windows\System\LgOTeFm.exe
  C:\Windows\System\LgOTeFm.exe
  2⤵
  PID:5932
- C:\Windows\System\sGxvaRJ.exe
  C:\Windows\System\sGxvaRJ.exe
  2⤵
  PID:5976
- C:\Windows\System\ojIjMRS.exe
  C:\Windows\System\ojIjMRS.exe
  2⤵
  PID:6024
- C:\Windows\System\KexwoAu.exe
  C:\Windows\System\KexwoAu.exe
  2⤵
  PID:6064
- C:\Windows\System\xZEYkfC.exe
  C:\Windows\System\xZEYkfC.exe
  2⤵
  PID:6104
- C:\Windows\System\mPgZlkQ.exe
  C:\Windows\System\mPgZlkQ.exe
  2⤵
  PID:5112
- C:\Windows\System\UvdIXgA.exe
  C:\Windows\System\UvdIXgA.exe
  2⤵
  PID:6120
- C:\Windows\System\LcgAORZ.exe
  C:\Windows\System\LcgAORZ.exe
  2⤵
  PID:4876
- C:\Windows\System\agDmfmQ.exe
  C:\Windows\System\agDmfmQ.exe
  2⤵
  PID:5180
- C:\Windows\System\vutDBVQ.exe
  C:\Windows\System\vutDBVQ.exe
  2⤵
  PID:5316
- C:\Windows\System\kzmSYFO.exe
  C:\Windows\System\kzmSYFO.exe
  2⤵
  PID:2580
- C:\Windows\System\dhwFawm.exe
  C:\Windows\System\dhwFawm.exe
  2⤵
  PID:5412
- C:\Windows\System\LBdmtIc.exe
  C:\Windows\System\LBdmtIc.exe
  2⤵
  PID:5448
- C:\Windows\System\LSVVCLh.exe
  C:\Windows\System\LSVVCLh.exe
  2⤵
  PID:5196
- C:\Windows\System\MvnMiDp.exe
  C:\Windows\System\MvnMiDp.exe
  2⤵
  PID:5460
- C:\Windows\System\doQInFZ.exe
  C:\Windows\System\doQInFZ.exe
  2⤵
  PID:5540
- C:\Windows\System\fsvZYYN.exe
  C:\Windows\System\fsvZYYN.exe
  2⤵
  PID:2932
- C:\Windows\System\SQSlErJ.exe
  C:\Windows\System\SQSlErJ.exe
  2⤵
  PID:1160
- C:\Windows\System\vBhXXuT.exe
  C:\Windows\System\vBhXXuT.exe
  2⤵
  PID:5696
- C:\Windows\System\OyCqznH.exe
  C:\Windows\System\OyCqznH.exe
  2⤵
  PID:5800
- C:\Windows\System\QAOfvPn.exe
  C:\Windows\System\QAOfvPn.exe
  2⤵
  PID:5736
- C:\Windows\System\EjeJnKb.exe
  C:\Windows\System\EjeJnKb.exe
  2⤵
  PID:1708
- C:\Windows\System\hPWcaae.exe
  C:\Windows\System\hPWcaae.exe
  2⤵
  PID:5828
- C:\Windows\System\PJxQUhx.exe
  C:\Windows\System\PJxQUhx.exe
  2⤵
  PID:2892
- C:\Windows\System\PWPAZXv.exe
  C:\Windows\System\PWPAZXv.exe
  2⤵
  PID:1688
- C:\Windows\System\KxigyHa.exe
  C:\Windows\System\KxigyHa.exe
  2⤵
  PID:5992
- C:\Windows\System\bpqXGPC.exe
  C:\Windows\System\bpqXGPC.exe
  2⤵
  PID:5728
- C:\Windows\System\xDbIJeT.exe
  C:\Windows\System\xDbIJeT.exe
  2⤵
  PID:6012
- C:\Windows\System\QXDOXHU.exe
  C:\Windows\System\QXDOXHU.exe
  2⤵
  PID:6084
- C:\Windows\System\DLLHGCZ.exe
  C:\Windows\System\DLLHGCZ.exe
  2⤵
  PID:6140
- C:\Windows\System\yBMHsWN.exe
  C:\Windows\System\yBMHsWN.exe
  2⤵
  PID:5132
- C:\Windows\System\giSStdE.exe
  C:\Windows\System\giSStdE.exe
  2⤵
  PID:5396
- C:\Windows\System\BhVqdhY.exe
  C:\Windows\System\BhVqdhY.exe
  2⤵
  PID:5352
- C:\Windows\System\xQsAGDp.exe
  C:\Windows\System\xQsAGDp.exe
  2⤵
  PID:5484
- C:\Windows\System\yDzKnRN.exe
  C:\Windows\System\yDzKnRN.exe
  2⤵
  PID:5556
- C:\Windows\System\xmADwST.exe
  C:\Windows\System\xmADwST.exe
  2⤵
  PID:2620
- C:\Windows\System\nxNNHIz.exe
  C:\Windows\System\nxNNHIz.exe
  2⤵
  PID:5536
- C:\Windows\System\vHdNxhW.exe
  C:\Windows\System\vHdNxhW.exe
  2⤵
  PID:5640
- C:\Windows\System\STlkIci.exe
  C:\Windows\System\STlkIci.exe
  2⤵
  PID:6052
- C:\Windows\System\uVIOtJu.exe
  C:\Windows\System\uVIOtJu.exe
  2⤵
  PID:4696
- C:\Windows\System\mxPFQSV.exe
  C:\Windows\System\mxPFQSV.exe
  2⤵
  PID:5576
- C:\Windows\System\kTemzod.exe
  C:\Windows\System\kTemzod.exe
  2⤵
  PID:5652
- C:\Windows\System\WYWyfXe.exe
  C:\Windows\System\WYWyfXe.exe
  2⤵
  PID:5304
- C:\Windows\System\ZJWlUXu.exe
  C:\Windows\System\ZJWlUXu.exe
  2⤵
  PID:5964
- C:\Windows\System\MSYIgMX.exe
  C:\Windows\System\MSYIgMX.exe
  2⤵
  PID:4536
- C:\Windows\System\QcUilCa.exe
  C:\Windows\System\QcUilCa.exe
  2⤵
  PID:5356
- C:\Windows\System\aYivtWA.exe
  C:\Windows\System\aYivtWA.exe
  2⤵
  PID:5336
- C:\Windows\System\iorgnDo.exe
  C:\Windows\System\iorgnDo.exe
  2⤵
  PID:5420
- C:\Windows\System\MWhnaIt.exe
  C:\Windows\System\MWhnaIt.exe
  2⤵
  PID:6048
- C:\Windows\System\igGoOac.exe
  C:\Windows\System\igGoOac.exe
  2⤵
  PID:6136
- C:\Windows\System\JtsstJo.exe
  C:\Windows\System\JtsstJo.exe
  2⤵
  PID:5716
- C:\Windows\System\EAFZxiT.exe
  C:\Windows\System\EAFZxiT.exe
  2⤵
  PID:6096
- C:\Windows\System\KKtpblt.exe
  C:\Windows\System\KKtpblt.exe
  2⤵
  PID:5300
- C:\Windows\System\kwdyObl.exe
  C:\Windows\System\kwdyObl.exe
  2⤵
  PID:4952
- C:\Windows\System\qUAfOmD.exe
  C:\Windows\System\qUAfOmD.exe
  2⤵
  PID:5604
- C:\Windows\System\kBXOeqe.exe
  C:\Windows\System\kBXOeqe.exe
  2⤵
  PID:6164
- C:\Windows\System\WXOwtSs.exe
  C:\Windows\System\WXOwtSs.exe
  2⤵
  PID:6180
- C:\Windows\System\lezePka.exe
  C:\Windows\System\lezePka.exe
  2⤵
  PID:6196
- C:\Windows\System\DTfKogz.exe
  C:\Windows\System\DTfKogz.exe
  2⤵
  PID:6220
- C:\Windows\System\tRgVcLY.exe
  C:\Windows\System\tRgVcLY.exe
  2⤵
  PID:6236
- C:\Windows\System\SRuBdXd.exe
  C:\Windows\System\SRuBdXd.exe
  2⤵
  PID:6252
- C:\Windows\System\IZuFSgI.exe
  C:\Windows\System\IZuFSgI.exe
  2⤵
  PID:6300
- C:\Windows\System\zxPkbrv.exe
  C:\Windows\System\zxPkbrv.exe
  2⤵
  PID:6316
- C:\Windows\System\cfhhMfX.exe
  C:\Windows\System\cfhhMfX.exe
  2⤵
  PID:6332
- C:\Windows\System\YghZttk.exe
  C:\Windows\System\YghZttk.exe
  2⤵
  PID:6352
- C:\Windows\System\Htnnfia.exe
  C:\Windows\System\Htnnfia.exe
  2⤵
  PID:6372
- C:\Windows\System\EkjlXBc.exe
  C:\Windows\System\EkjlXBc.exe
  2⤵
  PID:6388
- C:\Windows\System\imUUumm.exe
  C:\Windows\System\imUUumm.exe
  2⤵
  PID:6404
- C:\Windows\System\VICgLrB.exe
  C:\Windows\System\VICgLrB.exe
  2⤵
  PID:6420
- C:\Windows\System\wjxvtdQ.exe
  C:\Windows\System\wjxvtdQ.exe
  2⤵
  PID:6448
- C:\Windows\System\zBcHxEK.exe
  C:\Windows\System\zBcHxEK.exe
  2⤵
  PID:6472
- C:\Windows\System\clRNOiZ.exe
  C:\Windows\System\clRNOiZ.exe
  2⤵
  PID:6492
- C:\Windows\System\fMsgquG.exe
  C:\Windows\System\fMsgquG.exe
  2⤵
  PID:6512
- C:\Windows\System\xfemxYD.exe
  C:\Windows\System\xfemxYD.exe
  2⤵
  PID:6528
- C:\Windows\System\KQOnJNA.exe
  C:\Windows\System\KQOnJNA.exe
  2⤵
  PID:6560
- C:\Windows\System\eGPDhGY.exe
  C:\Windows\System\eGPDhGY.exe
  2⤵
  PID:6576
- C:\Windows\System\IAmzond.exe
  C:\Windows\System\IAmzond.exe
  2⤵
  PID:6592
- C:\Windows\System\bBJVwSi.exe
  C:\Windows\System\bBJVwSi.exe
  2⤵
  PID:6608
- C:\Windows\System\jYjPQVW.exe
  C:\Windows\System\jYjPQVW.exe
  2⤵
  PID:6628
- C:\Windows\System\yYyTzTV.exe
  C:\Windows\System\yYyTzTV.exe
  2⤵
  PID:6644
- C:\Windows\System\mBXHEgo.exe
  C:\Windows\System\mBXHEgo.exe
  2⤵
  PID:6660
- C:\Windows\System\Jnorlui.exe
  C:\Windows\System\Jnorlui.exe
  2⤵
  PID:6676
- C:\Windows\System\pExWUqf.exe
  C:\Windows\System\pExWUqf.exe
  2⤵
  PID:6696
- C:\Windows\System\sjydIZl.exe
  C:\Windows\System\sjydIZl.exe
  2⤵
  PID:6712
- C:\Windows\System\EViOKPN.exe
  C:\Windows\System\EViOKPN.exe
  2⤵
  PID:6728
- C:\Windows\System\tPBcedF.exe
  C:\Windows\System\tPBcedF.exe
  2⤵
  PID:6748
- C:\Windows\System\IHQrHfw.exe
  C:\Windows\System\IHQrHfw.exe
  2⤵
  PID:6780
- C:\Windows\System\nTRsMcI.exe
  C:\Windows\System\nTRsMcI.exe
  2⤵
  PID:6796
- C:\Windows\System\IzbZIOw.exe
  C:\Windows\System\IzbZIOw.exe
  2⤵
  PID:6812
- C:\Windows\System\zIuTzBY.exe
  C:\Windows\System\zIuTzBY.exe
  2⤵
  PID:6828
- C:\Windows\System\IpbqjEi.exe
  C:\Windows\System\IpbqjEi.exe
  2⤵
  PID:6880
- C:\Windows\System\BKArgdp.exe
  C:\Windows\System\BKArgdp.exe
  2⤵
  PID:6896
- C:\Windows\System\jymexaX.exe
  C:\Windows\System\jymexaX.exe
  2⤵
  PID:6912
- C:\Windows\System\tdYvSes.exe
  C:\Windows\System\tdYvSes.exe
  2⤵
  PID:6932
- C:\Windows\System\aRvrfKC.exe
  C:\Windows\System\aRvrfKC.exe
  2⤵
  PID:6948
- C:\Windows\System\WPRYrbp.exe
  C:\Windows\System\WPRYrbp.exe
  2⤵
  PID:6964
- C:\Windows\System\qBPFkCO.exe
  C:\Windows\System\qBPFkCO.exe
  2⤵
  PID:6980
- C:\Windows\System\WTPZSRN.exe
  C:\Windows\System\WTPZSRN.exe
  2⤵
  PID:6996
- C:\Windows\System\HznQogp.exe
  C:\Windows\System\HznQogp.exe
  2⤵
  PID:7012
- C:\Windows\System\wNsTaMx.exe
  C:\Windows\System\wNsTaMx.exe
  2⤵
  PID:7028
- C:\Windows\System\cemfPny.exe
  C:\Windows\System\cemfPny.exe
  2⤵
  PID:7044
- C:\Windows\System\ScgYxYB.exe
  C:\Windows\System\ScgYxYB.exe
  2⤵
  PID:7060
- C:\Windows\System\XDUCwbN.exe
  C:\Windows\System\XDUCwbN.exe
  2⤵
  PID:7124
- C:\Windows\System\ABsfLNX.exe
  C:\Windows\System\ABsfLNX.exe
  2⤵
  PID:7140
- C:\Windows\System\xoULBuo.exe
  C:\Windows\System\xoULBuo.exe
  2⤵
  PID:7164
- C:\Windows\System\jmPfhtg.exe
  C:\Windows\System\jmPfhtg.exe
  2⤵
  PID:5184
- C:\Windows\System\kqcVajL.exe
  C:\Windows\System\kqcVajL.exe
  2⤵
  PID:6172
- C:\Windows\System\qkhNVIl.exe
  C:\Windows\System\qkhNVIl.exe
  2⤵
  PID:6212
- C:\Windows\System\TBKhffC.exe
  C:\Windows\System\TBKhffC.exe
  2⤵
  PID:6248
- C:\Windows\System\iukRBEU.exe
  C:\Windows\System\iukRBEU.exe
  2⤵
  PID:6228
- C:\Windows\System\kxiyPNv.exe
  C:\Windows\System\kxiyPNv.exe
  2⤵
  PID:5868
- C:\Windows\System\zQZccGL.exe
  C:\Windows\System\zQZccGL.exe
  2⤵
  PID:5072
- C:\Windows\System\zYTiXmr.exe
  C:\Windows\System\zYTiXmr.exe
  2⤵
  PID:6272
- C:\Windows\System\nGFJcWb.exe
  C:\Windows\System\nGFJcWb.exe
  2⤵
  PID:6152
- C:\Windows\System\IDduytV.exe
  C:\Windows\System\IDduytV.exe
  2⤵
  PID:6284
- C:\Windows\System\pICsGkL.exe
  C:\Windows\System\pICsGkL.exe
  2⤵
  PID:6264
- C:\Windows\System\XotLHMb.exe
  C:\Windows\System\XotLHMb.exe
  2⤵
  PID:6368
- C:\Windows\System\VQSHFnz.exe
  C:\Windows\System\VQSHFnz.exe
  2⤵
  PID:6328
- C:\Windows\System\GWBwthB.exe
  C:\Windows\System\GWBwthB.exe
  2⤵
  PID:6468
- C:\Windows\System\jtDSoxn.exe
  C:\Windows\System\jtDSoxn.exe
  2⤵
  PID:6504
- C:\Windows\System\xfmIDkr.exe
  C:\Windows\System\xfmIDkr.exe
  2⤵
  PID:6428
- C:\Windows\System\wDevxSU.exe
  C:\Windows\System\wDevxSU.exe
  2⤵
  PID:6444
- C:\Windows\System\oUfqmGG.exe
  C:\Windows\System\oUfqmGG.exe
  2⤵
  PID:6480
- C:\Windows\System\SlplJki.exe
  C:\Windows\System\SlplJki.exe
  2⤵
  PID:6568
- C:\Windows\System\ccWRHKu.exe
  C:\Windows\System\ccWRHKu.exe
  2⤵
  PID:6624
- C:\Windows\System\wNjhcTQ.exe
  C:\Windows\System\wNjhcTQ.exe
  2⤵
  PID:6656
- C:\Windows\System\qMPcuDf.exe
  C:\Windows\System\qMPcuDf.exe
  2⤵
  PID:6724
- C:\Windows\System\egDoXGY.exe
  C:\Windows\System\egDoXGY.exe
  2⤵
  PID:6740
- C:\Windows\System\yhZeqQB.exe
  C:\Windows\System\yhZeqQB.exe
  2⤵
  PID:6604
- C:\Windows\System\zEQwLhQ.exe
  C:\Windows\System\zEQwLhQ.exe
  2⤵
  PID:6768
- C:\Windows\System\ALXGPgm.exe
  C:\Windows\System\ALXGPgm.exe
  2⤵
  PID:6840
- C:\Windows\System\rVtUElW.exe
  C:\Windows\System\rVtUElW.exe
  2⤵
  PID:6856
- C:\Windows\System\IimENow.exe
  C:\Windows\System\IimENow.exe
  2⤵
  PID:6824
- C:\Windows\System\GIuTGFS.exe
  C:\Windows\System\GIuTGFS.exe
  2⤵
  PID:6792
- C:\Windows\System\QnmLSNa.exe
  C:\Windows\System\QnmLSNa.exe
  2⤵
  PID:6924
- C:\Windows\System\gYyejqX.exe
  C:\Windows\System\gYyejqX.exe
  2⤵
  PID:7020
- C:\Windows\System\UuxBqFf.exe
  C:\Windows\System\UuxBqFf.exe
  2⤵
  PID:6944
- C:\Windows\System\twipZnu.exe
  C:\Windows\System\twipZnu.exe
  2⤵
  PID:7008
- C:\Windows\System\cKCDZzw.exe
  C:\Windows\System\cKCDZzw.exe
  2⤵
  PID:7080
- C:\Windows\System\dOJikWr.exe
  C:\Windows\System\dOJikWr.exe
  2⤵
  PID:7096
- C:\Windows\System\SnlUSky.exe
  C:\Windows\System\SnlUSky.exe
  2⤵
  PID:7112
- C:\Windows\System\DxBTvoa.exe
  C:\Windows\System\DxBTvoa.exe
  2⤵
  PID:6888
- C:\Windows\System\pgQeCgn.exe
  C:\Windows\System\pgQeCgn.exe
  2⤵
  PID:7136
- C:\Windows\System\DISceMA.exe
  C:\Windows\System\DISceMA.exe
  2⤵
  PID:7152
- C:\Windows\System\QHHYSCG.exe
  C:\Windows\System\QHHYSCG.exe
  2⤵
  PID:5444
- C:\Windows\System\dwFweGU.exe
  C:\Windows\System\dwFweGU.exe
  2⤵
  PID:6296
- C:\Windows\System\ytCvTaG.exe
  C:\Windows\System\ytCvTaG.exe
  2⤵
  PID:5572
- C:\Windows\System\EuJcsfk.exe
  C:\Windows\System\EuJcsfk.exe
  2⤵
  PID:6384
- C:\Windows\System\xJBqgMw.exe
  C:\Windows\System\xJBqgMw.exe
  2⤵
  PID:6508
- C:\Windows\System\KzkSzai.exe
  C:\Windows\System\KzkSzai.exe
  2⤵
  PID:6556
- C:\Windows\System\gXpGYIy.exe
  C:\Windows\System\gXpGYIy.exe
  2⤵
  PID:6672
- C:\Windows\System\HahXmKu.exe
  C:\Windows\System\HahXmKu.exe
  2⤵
  PID:6160
- C:\Windows\System\RtntZQp.exe
  C:\Windows\System\RtntZQp.exe
  2⤵
  PID:6588
- C:\Windows\System\nKwaLxW.exe
  C:\Windows\System\nKwaLxW.exe
  2⤵
  PID:5768
- C:\Windows\System\BXKcKEp.exe
  C:\Windows\System\BXKcKEp.exe
  2⤵
  PID:6348
- C:\Windows\System\PMlFDEr.exe
  C:\Windows\System\PMlFDEr.exe
  2⤵
  PID:6736
- C:\Windows\System\jtzLOBa.exe
  C:\Windows\System\jtzLOBa.exe
  2⤵
  PID:6540
- C:\Windows\System\DPmaMEV.exe
  C:\Windows\System\DPmaMEV.exe
  2⤵
  PID:6432
- C:\Windows\System\EYkHSeA.exe
  C:\Windows\System\EYkHSeA.exe
  2⤵
  PID:6464
- C:\Windows\System\UVhNqDg.exe
  C:\Windows\System\UVhNqDg.exe
  2⤵
  PID:6772
- C:\Windows\System\bbtXSjW.exe
  C:\Windows\System\bbtXSjW.exe
  2⤵
  PID:6836
- C:\Windows\System\hJidWUV.exe
  C:\Windows\System\hJidWUV.exe
  2⤵
  PID:6920
- C:\Windows\System\pUHosnX.exe
  C:\Windows\System\pUHosnX.exe
  2⤵
  PID:7068
- C:\Windows\System\sEafjAo.exe
  C:\Windows\System\sEafjAo.exe
  2⤵
  PID:7076
- C:\Windows\System\vGdxorW.exe
  C:\Windows\System\vGdxorW.exe
  2⤵
  PID:7092
- C:\Windows\System\XqrRfBu.exe
  C:\Windows\System\XqrRfBu.exe
  2⤵
  PID:7004
- C:\Windows\System\sHNLbSc.exe
  C:\Windows\System\sHNLbSc.exe
  2⤵
  PID:7156
- C:\Windows\System\bamifAr.exe
  C:\Windows\System\bamifAr.exe
  2⤵
  PID:6788
- C:\Windows\System\ctCvhJi.exe
  C:\Windows\System\ctCvhJi.exe
  2⤵
  PID:5544
- C:\Windows\System\rkqdDbE.exe
  C:\Windows\System\rkqdDbE.exe
  2⤵
  PID:7160
- C:\Windows\System\SBCmiXi.exe
  C:\Windows\System\SBCmiXi.exe
  2⤵
  PID:6216
- C:\Windows\System\CdKFuWQ.exe
  C:\Windows\System\CdKFuWQ.exe
  2⤵
  PID:6380
- C:\Windows\System\wSfjKlJ.exe
  C:\Windows\System\wSfjKlJ.exe
  2⤵
  PID:5504
- C:\Windows\System\XRpGzOh.exe
  C:\Windows\System\XRpGzOh.exe
  2⤵
  PID:5960
- C:\Windows\System\ZBJZtoj.exe
  C:\Windows\System\ZBJZtoj.exe
  2⤵
  PID:6364
- C:\Windows\System\AheuLNt.exe
  C:\Windows\System\AheuLNt.exe
  2⤵
  PID:6940
- C:\Windows\System\xLRDWag.exe
  C:\Windows\System\xLRDWag.exe
  2⤵
  PID:7040
- C:\Windows\System\vMjHZiw.exe
  C:\Windows\System\vMjHZiw.exe
  2⤵
  PID:7056
- C:\Windows\System\jCuWjNa.exe
  C:\Windows\System\jCuWjNa.exe
  2⤵
  PID:6820
- C:\Windows\System\zDSgenD.exe
  C:\Windows\System\zDSgenD.exe
  2⤵
  PID:6892
- C:\Windows\System\lCLJEsO.exe
  C:\Windows\System\lCLJEsO.exe
  2⤵
  PID:6988
- C:\Windows\System\WdPWzmz.exe
  C:\Windows\System\WdPWzmz.exe
  2⤵
  PID:6280
- C:\Windows\System\PfohUtH.exe
  C:\Windows\System\PfohUtH.exe
  2⤵
  PID:6552
- C:\Windows\System\ZzLjJbG.exe
  C:\Windows\System\ZzLjJbG.exe
  2⤵
  PID:6192
- C:\Windows\System\MXqKbax.exe
  C:\Windows\System\MXqKbax.exe
  2⤵
  PID:6484
- C:\Windows\System\AGYwzkr.exe
  C:\Windows\System\AGYwzkr.exe
  2⤵
  PID:6852
- C:\Windows\System\hScIuMw.exe
  C:\Windows\System\hScIuMw.exe
  2⤵
  PID:6992
- C:\Windows\System\llhilmA.exe
  C:\Windows\System\llhilmA.exe
  2⤵
  PID:6652
- C:\Windows\System\jblOszn.exe
  C:\Windows\System\jblOszn.exe
  2⤵
  PID:6636
- C:\Windows\System\rbRyROu.exe
  C:\Windows\System\rbRyROu.exe
  2⤵
  PID:2612
- C:\Windows\System\nDegQnr.exe
  C:\Windows\System\nDegQnr.exe
  2⤵
  PID:6684
- C:\Windows\System\UPNGohO.exe
  C:\Windows\System\UPNGohO.exe
  2⤵
  PID:7172
- C:\Windows\System\mPatkrB.exe
  C:\Windows\System\mPatkrB.exe
  2⤵
  PID:7188
- C:\Windows\System\hKYEXJi.exe
  C:\Windows\System\hKYEXJi.exe
  2⤵
  PID:7204
- C:\Windows\System\rCwtmiq.exe
  C:\Windows\System\rCwtmiq.exe
  2⤵
  PID:7220
- C:\Windows\System\frBkZFb.exe
  C:\Windows\System\frBkZFb.exe
  2⤵
  PID:7236
- C:\Windows\System\bEJoHWs.exe
  C:\Windows\System\bEJoHWs.exe
  2⤵
  PID:7252
- C:\Windows\System\IXMVtwe.exe
  C:\Windows\System\IXMVtwe.exe
  2⤵
  PID:7268
- C:\Windows\System\TjaiTvB.exe
  C:\Windows\System\TjaiTvB.exe
  2⤵
  PID:7284
- C:\Windows\System\wscUqFs.exe
  C:\Windows\System\wscUqFs.exe
  2⤵
  PID:7300
- C:\Windows\System\JJXAosm.exe
  C:\Windows\System\JJXAosm.exe
  2⤵
  PID:7316
- C:\Windows\System\iABRlYh.exe
  C:\Windows\System\iABRlYh.exe
  2⤵
  PID:7332
- C:\Windows\System\ipPFmUm.exe
  C:\Windows\System\ipPFmUm.exe
  2⤵
  PID:7348
- C:\Windows\System\JhhAOGb.exe
  C:\Windows\System\JhhAOGb.exe
  2⤵
  PID:7364
- C:\Windows\System\NAUxpBw.exe
  C:\Windows\System\NAUxpBw.exe
  2⤵
  PID:7380
- C:\Windows\System\aDiDYFE.exe
  C:\Windows\System\aDiDYFE.exe
  2⤵
  PID:7396
- C:\Windows\System\UrdlUUO.exe
  C:\Windows\System\UrdlUUO.exe
  2⤵
  PID:7412
- C:\Windows\System\IiynGsu.exe
  C:\Windows\System\IiynGsu.exe
  2⤵
  PID:7428
- C:\Windows\System\uyrGmdy.exe
  C:\Windows\System\uyrGmdy.exe
  2⤵
  PID:7444
- C:\Windows\System\Qtgerbz.exe
  C:\Windows\System\Qtgerbz.exe
  2⤵
  PID:7460
- C:\Windows\System\XuoHrdo.exe
  C:\Windows\System\XuoHrdo.exe
  2⤵
  PID:7480
- C:\Windows\System\OByHgbr.exe
  C:\Windows\System\OByHgbr.exe
  2⤵
  PID:7700
- C:\Windows\System\gMSLCzj.exe
  C:\Windows\System\gMSLCzj.exe
  2⤵
  PID:7716
- C:\Windows\System\nBUKNnB.exe
  C:\Windows\System\nBUKNnB.exe
  2⤵
  PID:7788
- C:\Windows\System\eVAtdyR.exe
  C:\Windows\System\eVAtdyR.exe
  2⤵
  PID:7804
- C:\Windows\System\LeeHVUj.exe
  C:\Windows\System\LeeHVUj.exe
  2⤵
  PID:7904
- C:\Windows\System\dpESvpP.exe
  C:\Windows\System\dpESvpP.exe
  2⤵
  PID:7920
- C:\Windows\System\PryNGex.exe
  C:\Windows\System\PryNGex.exe
  2⤵
  PID:7936
- C:\Windows\System\mNJjmjy.exe
  C:\Windows\System\mNJjmjy.exe
  2⤵
  PID:7976
- C:\Windows\System\TRArFpW.exe
  C:\Windows\System\TRArFpW.exe
  2⤵
  PID:7992
- C:\Windows\System\hwbvIiG.exe
  C:\Windows\System\hwbvIiG.exe
  2⤵
  PID:8008
- C:\Windows\System\gfgmnWd.exe
  C:\Windows\System\gfgmnWd.exe
  2⤵
  PID:8024
- C:\Windows\System\vKYTVvi.exe
  C:\Windows\System\vKYTVvi.exe
  2⤵
  PID:8040
- C:\Windows\System\WgFjnHm.exe
  C:\Windows\System\WgFjnHm.exe
  2⤵
  PID:8056
- C:\Windows\System\ApkTAnt.exe
  C:\Windows\System\ApkTAnt.exe
  2⤵
  PID:8080
- C:\Windows\System\izzWKAB.exe
  C:\Windows\System\izzWKAB.exe
  2⤵
  PID:8096
- C:\Windows\System\GNAOJhB.exe
  C:\Windows\System\GNAOJhB.exe
  2⤵
  PID:8112
- C:\Windows\System\yhorQpL.exe
  C:\Windows\System\yhorQpL.exe
  2⤵
  PID:8156
- C:\Windows\System\wIAPgPe.exe
  C:\Windows\System\wIAPgPe.exe
  2⤵
  PID:8172
- C:\Windows\System\FljILey.exe
  C:\Windows\System\FljILey.exe
  2⤵
  PID:8188
- C:\Windows\System\MRBwZXF.exe
  C:\Windows\System\MRBwZXF.exe
  2⤵
  PID:6344
- C:\Windows\System\wBcrRLB.exe
  C:\Windows\System\wBcrRLB.exe
  2⤵
  PID:7216
- C:\Windows\System\iSMglPL.exe
  C:\Windows\System\iSMglPL.exe
  2⤵
  PID:7248
- C:\Windows\System\pmMuIqc.exe
  C:\Windows\System\pmMuIqc.exe
  2⤵
  PID:7312
- C:\Windows\System\oYBRQyE.exe
  C:\Windows\System\oYBRQyE.exe
  2⤵
  PID:7200
- C:\Windows\System\HiWWiZk.exe
  C:\Windows\System\HiWWiZk.exe
  2⤵
  PID:7356
- C:\Windows\System\GbHskDN.exe
  C:\Windows\System\GbHskDN.exe
  2⤵
  PID:7404
- C:\Windows\System\gNGCjmt.exe
  C:\Windows\System\gNGCjmt.exe
  2⤵
  PID:7408
- C:\Windows\System\TUrcuFv.exe
  C:\Windows\System\TUrcuFv.exe
  2⤵
  PID:7388
- C:\Windows\System\oQtDoGW.exe
  C:\Windows\System\oQtDoGW.exe
  2⤵
  PID:7456
- C:\Windows\System\GuUrOGP.exe
  C:\Windows\System\GuUrOGP.exe
  2⤵
  PID:7512
- C:\Windows\System\ckMYdUp.exe
  C:\Windows\System\ckMYdUp.exe
  2⤵
  PID:7536
- C:\Windows\System\yyAljfF.exe
  C:\Windows\System\yyAljfF.exe
  2⤵
  PID:7532
- C:\Windows\System\wZpnmrV.exe
  C:\Windows\System\wZpnmrV.exe
  2⤵
  PID:7564
- C:\Windows\System\djADTZJ.exe
  C:\Windows\System\djADTZJ.exe
  2⤵
  PID:7576
- C:\Windows\System\erKDGZZ.exe
  C:\Windows\System\erKDGZZ.exe
  2⤵
  PID:7596
- C:\Windows\System\yHHefqz.exe
  C:\Windows\System\yHHefqz.exe
  2⤵
  PID:7616
- C:\Windows\System\OudHvFU.exe
  C:\Windows\System\OudHvFU.exe
  2⤵
  PID:7632
- C:\Windows\System\eVkLALl.exe
  C:\Windows\System\eVkLALl.exe
  2⤵
  PID:7648
- C:\Windows\System\FlhGAbm.exe
  C:\Windows\System\FlhGAbm.exe
  2⤵
  PID:7664
- C:\Windows\System\WRRELMU.exe
  C:\Windows\System\WRRELMU.exe
  2⤵
  PID:7492
- C:\Windows\System\lXnuBCn.exe
  C:\Windows\System\lXnuBCn.exe
  2⤵
  PID:7736
- C:\Windows\System\QcuCVsq.exe
  C:\Windows\System\QcuCVsq.exe
  2⤵
  PID:7756
- C:\Windows\System\yBoyPTs.exe
  C:\Windows\System\yBoyPTs.exe
  2⤵
  PID:7776
- C:\Windows\System\lFDsvVX.exe
  C:\Windows\System\lFDsvVX.exe
  2⤵
  PID:7768
- C:\Windows\System\prLSiKo.exe
  C:\Windows\System\prLSiKo.exe
  2⤵
  PID:7856
- C:\Windows\System\jKvCfsL.exe
  C:\Windows\System\jKvCfsL.exe
  2⤵
  PID:7876
- C:\Windows\System\kfiBnRy.exe
  C:\Windows\System\kfiBnRy.exe
  2⤵
  PID:7884
- C:\Windows\System\tyVKpnc.exe
  C:\Windows\System\tyVKpnc.exe
  2⤵
  PID:7928
- C:\Windows\System\bULQiLE.exe
  C:\Windows\System\bULQiLE.exe
  2⤵
  PID:7944
- C:\Windows\System\ZIGkdio.exe
  C:\Windows\System\ZIGkdio.exe
  2⤵
  PID:8020
- C:\Windows\System\xPOeaWW.exe
  C:\Windows\System\xPOeaWW.exe
  2⤵
  PID:7960
- C:\Windows\System\nfVVLSG.exe
  C:\Windows\System\nfVVLSG.exe
  2⤵
  PID:8064
- C:\Windows\System\rtewPec.exe
  C:\Windows\System\rtewPec.exe
  2⤵
  PID:8036
- C:\Windows\System\ZhFxUVc.exe
  C:\Windows\System\ZhFxUVc.exe
  2⤵
  PID:8104
- C:\Windows\System\dOKAcNa.exe
  C:\Windows\System\dOKAcNa.exe
  2⤵
  PID:8052
- C:\Windows\System\UCpBNBD.exe
  C:\Windows\System\UCpBNBD.exe
  2⤵
  PID:7280
- C:\Windows\System\nLsXIkb.exe
  C:\Windows\System\nLsXIkb.exe
  2⤵
  PID:7472
- C:\Windows\System\TkxvLoC.exe
  C:\Windows\System\TkxvLoC.exe
  2⤵
  PID:6460
- C:\Windows\System\RuQqadl.exe
  C:\Windows\System\RuQqadl.exe
  2⤵
  PID:7232
- C:\Windows\System\dCUUFSk.exe
  C:\Windows\System\dCUUFSk.exe
  2⤵
  PID:7372
- C:\Windows\System\YVTdHzq.exe
  C:\Windows\System\YVTdHzq.exe
  2⤵
  PID:7420
- C:\Windows\System\TTtOfOR.exe
  C:\Windows\System\TTtOfOR.exe
  2⤵
  PID:7520
- C:\Windows\System\cNanUta.exe
  C:\Windows\System\cNanUta.exe
  2⤵
  PID:7580
- C:\Windows\System\kZuAVbI.exe
  C:\Windows\System\kZuAVbI.exe
  2⤵
  PID:7624
- C:\Windows\System\dfWesTW.exe
  C:\Windows\System\dfWesTW.exe
  2⤵
  PID:7800
- C:\Windows\System\heWjojK.exe
  C:\Windows\System\heWjojK.exe
  2⤵
  PID:7652
- C:\Windows\System\LwsUBXf.exe
  C:\Windows\System\LwsUBXf.exe
  2⤵
  PID:7640
- C:\Windows\System\yXyRJaZ.exe
  C:\Windows\System\yXyRJaZ.exe
  2⤵
  PID:7888
- C:\Windows\System\KPjmmNC.exe
  C:\Windows\System\KPjmmNC.exe
  2⤵
  PID:7956
- C:\Windows\System\VxGZcql.exe
  C:\Windows\System\VxGZcql.exe
  2⤵
  PID:7752
- C:\Windows\System\mkihtER.exe
  C:\Windows\System\mkihtER.exe
  2⤵
  PID:7732
- C:\Windows\System\ilsQURq.exe
  C:\Windows\System\ilsQURq.exe
  2⤵
  PID:7780
- C:\Windows\System\kEKWDHl.exe
  C:\Windows\System\kEKWDHl.exe
  2⤵
  PID:7988
- C:\Windows\System\BJGswYH.exe
  C:\Windows\System\BJGswYH.exe
  2⤵
  PID:7872
- C:\Windows\System\tsPhsvf.exe
  C:\Windows\System\tsPhsvf.exe
  2⤵
  PID:7968
- C:\Windows\System\YzTTvOp.exe
  C:\Windows\System\YzTTvOp.exe
  2⤵
  PID:8072
- C:\Windows\System\bwuoqSL.exe
  C:\Windows\System\bwuoqSL.exe
  2⤵
  PID:8136
- C:\Windows\System\MhPdZmK.exe
  C:\Windows\System\MhPdZmK.exe
  2⤵
  PID:8168
- C:\Windows\System\oUGydFH.exe
  C:\Windows\System\oUGydFH.exe
  2⤵
  PID:7496
- C:\Windows\System\qcqKjeo.exe
  C:\Windows\System\qcqKjeo.exe
  2⤵
  PID:7508
- C:\Windows\System\SeXrVDX.exe
  C:\Windows\System\SeXrVDX.exe
  2⤵
  PID:7556
- C:\Windows\System\KWQiDFD.exe
  C:\Windows\System\KWQiDFD.exe
  2⤵
  PID:7548
- C:\Windows\System\KdAmExd.exe
  C:\Windows\System\KdAmExd.exe
  2⤵
  PID:7528
- C:\Windows\System\NWLZYZW.exe
  C:\Windows\System\NWLZYZW.exe
  2⤵
  PID:7772
- C:\Windows\System\BdvnoAC.exe
  C:\Windows\System\BdvnoAC.exe
  2⤵
  PID:7612
- C:\Windows\System\EhrQYIO.exe
  C:\Windows\System\EhrQYIO.exe
  2⤵
  PID:7476
- C:\Windows\System\dyFrVaU.exe
  C:\Windows\System\dyFrVaU.exe
  2⤵
  PID:7952
- C:\Windows\System\hppybcI.exe
  C:\Windows\System\hppybcI.exe
  2⤵
  PID:7760
- C:\Windows\System\xFsmpKZ.exe
  C:\Windows\System\xFsmpKZ.exe
  2⤵
  PID:7892
- C:\Windows\System\KbJKGim.exe
  C:\Windows\System\KbJKGim.exe
  2⤵
  PID:1548
- C:\Windows\System\Nacjsqv.exe
  C:\Windows\System\Nacjsqv.exe
  2⤵
  PID:8148
- C:\Windows\System\OmIPnPd.exe
  C:\Windows\System\OmIPnPd.exe
  2⤵
  PID:8180
- C:\Windows\System\cLcdOTW.exe
  C:\Windows\System\cLcdOTW.exe
  2⤵
  PID:7604
- C:\Windows\System\vHUUoFi.exe
  C:\Windows\System\vHUUoFi.exe
  2⤵
  PID:7440
- C:\Windows\System\THfyauu.exe
  C:\Windows\System\THfyauu.exe
  2⤵
  PID:7296
- C:\Windows\System\lXXpAty.exe
  C:\Windows\System\lXXpAty.exe
  2⤵
  PID:8004
- C:\Windows\System\iDeGxof.exe
  C:\Windows\System\iDeGxof.exe
  2⤵
  PID:7608
- C:\Windows\System\LSryHbd.exe
  C:\Windows\System\LSryHbd.exe
  2⤵
  PID:7984
- C:\Windows\System\CjQdbeK.exe
  C:\Windows\System\CjQdbeK.exe
  2⤵
  PID:8032
- C:\Windows\System\iGkEhkb.exe
  C:\Windows\System\iGkEhkb.exe
  2⤵
  PID:7676
- C:\Windows\System\zqaJDdx.exe
  C:\Windows\System\zqaJDdx.exe
  2⤵
  PID:7844
- C:\Windows\System\EcuVnLs.exe
  C:\Windows\System\EcuVnLs.exe
  2⤵
  PID:7816
- C:\Windows\System\MPEHloa.exe
  C:\Windows\System\MPEHloa.exe
  2⤵
  PID:7212
- C:\Windows\System\aJDnKgv.exe
  C:\Windows\System\aJDnKgv.exe
  2⤵
  PID:8208
- C:\Windows\System\jlADJGb.exe
  C:\Windows\System\jlADJGb.exe
  2⤵
  PID:8232
- C:\Windows\System\bhSnKbV.exe
  C:\Windows\System\bhSnKbV.exe
  2⤵
  PID:8256
- C:\Windows\System\dgDQnTY.exe
  C:\Windows\System\dgDQnTY.exe
  2⤵
  PID:8280
- C:\Windows\System\BlQMEgN.exe
  C:\Windows\System\BlQMEgN.exe
  2⤵
  PID:8300
- C:\Windows\System\GzyEhqY.exe
  C:\Windows\System\GzyEhqY.exe
  2⤵
  PID:8320
- C:\Windows\System\bWFFdtg.exe
  C:\Windows\System\bWFFdtg.exe
  2⤵
  PID:8340
- C:\Windows\System\ZQzyint.exe
  C:\Windows\System\ZQzyint.exe
  2⤵
  PID:8356
- C:\Windows\System\wMPpDQx.exe
  C:\Windows\System\wMPpDQx.exe
  2⤵
  PID:8384
- C:\Windows\System\SMQhehi.exe
  C:\Windows\System\SMQhehi.exe
  2⤵
  PID:8400
- C:\Windows\System\gfqwquS.exe
  C:\Windows\System\gfqwquS.exe
  2⤵
  PID:8416
- C:\Windows\System\yEVMsLg.exe
  C:\Windows\System\yEVMsLg.exe
  2⤵
  PID:8432
- C:\Windows\System\VOXRLvr.exe
  C:\Windows\System\VOXRLvr.exe
  2⤵
  PID:8472
- C:\Windows\System\bvhfFEa.exe
  C:\Windows\System\bvhfFEa.exe
  2⤵
  PID:8488
- C:\Windows\System\hScIhuk.exe
  C:\Windows\System\hScIhuk.exe
  2⤵
  PID:8508
- C:\Windows\System\RgmgrQf.exe
  C:\Windows\System\RgmgrQf.exe
  2⤵
  PID:8524
- C:\Windows\System\lDbjZQT.exe
  C:\Windows\System\lDbjZQT.exe
  2⤵
  PID:8540
- C:\Windows\System\GYWlSLM.exe
  C:\Windows\System\GYWlSLM.exe
  2⤵
  PID:8564
- C:\Windows\System\aUoJQgZ.exe
  C:\Windows\System\aUoJQgZ.exe
  2⤵
  PID:8584
- C:\Windows\System\ktmeWJo.exe
  C:\Windows\System\ktmeWJo.exe
  2⤵
  PID:8600
- C:\Windows\System\vTWTpkA.exe
  C:\Windows\System\vTWTpkA.exe
  2⤵
  PID:8624
- C:\Windows\System\QpwgONF.exe
  C:\Windows\System\QpwgONF.exe
  2⤵
  PID:8644
- C:\Windows\System\AsnlxeC.exe
  C:\Windows\System\AsnlxeC.exe
  2⤵
  PID:8660
- C:\Windows\System\RwPdAAK.exe
  C:\Windows\System\RwPdAAK.exe
  2⤵
  PID:8684
- C:\Windows\System\wttoRQD.exe
  C:\Windows\System\wttoRQD.exe
  2⤵
  PID:8704
- C:\Windows\System\qodmfRO.exe
  C:\Windows\System\qodmfRO.exe
  2⤵
  PID:8732
- C:\Windows\System\LDNzRfz.exe
  C:\Windows\System\LDNzRfz.exe
  2⤵
  PID:8752
- C:\Windows\System\bYqMTaI.exe
  C:\Windows\System\bYqMTaI.exe
  2⤵
  PID:8776
- C:\Windows\System\LgeItDZ.exe
  C:\Windows\System\LgeItDZ.exe
  2⤵
  PID:8792
- C:\Windows\System\tWSDdZM.exe
  C:\Windows\System\tWSDdZM.exe
  2⤵
  PID:8812
- C:\Windows\System\higfBRV.exe
  C:\Windows\System\higfBRV.exe
  2⤵
  PID:8828
- C:\Windows\System\aURUsHJ.exe
  C:\Windows\System\aURUsHJ.exe
  2⤵
  PID:8852
- C:\Windows\System\KmVwkWY.exe
  C:\Windows\System\KmVwkWY.exe
  2⤵
  PID:8872
- C:\Windows\System\XgaJcSh.exe
  C:\Windows\System\XgaJcSh.exe
  2⤵
  PID:8892
- C:\Windows\System\iJzkRXg.exe
  C:\Windows\System\iJzkRXg.exe
  2⤵
  PID:8912
- C:\Windows\System\Fazmyvk.exe
  C:\Windows\System\Fazmyvk.exe
  2⤵
  PID:8932
- C:\Windows\System\XYBAghl.exe
  C:\Windows\System\XYBAghl.exe
  2⤵
  PID:8956
- C:\Windows\System\glkrXcL.exe
  C:\Windows\System\glkrXcL.exe
  2⤵
  PID:8976
- C:\Windows\System\wanRzIT.exe
  C:\Windows\System\wanRzIT.exe
  2⤵
  PID:8992
- C:\Windows\System\sHEDAQV.exe
  C:\Windows\System\sHEDAQV.exe
  2⤵
  PID:9008
- C:\Windows\System\udsEbuX.exe
  C:\Windows\System\udsEbuX.exe
  2⤵
  PID:9024
- C:\Windows\System\nGCwRuj.exe
  C:\Windows\System\nGCwRuj.exe
  2⤵
  PID:9040
- C:\Windows\System\qPYweEE.exe
  C:\Windows\System\qPYweEE.exe
  2⤵
  PID:9064
- C:\Windows\System\jGtJfEu.exe
  C:\Windows\System\jGtJfEu.exe
  2⤵
  PID:9084
- C:\Windows\System\zLgzBcj.exe
  C:\Windows\System\zLgzBcj.exe
  2⤵
  PID:9104
- C:\Windows\System\iBOsNZd.exe
  C:\Windows\System\iBOsNZd.exe
  2⤵
  PID:9120
- C:\Windows\System\agKnIwr.exe
  C:\Windows\System\agKnIwr.exe
  2⤵
  PID:9140
- C:\Windows\System\aNclacS.exe
  C:\Windows\System\aNclacS.exe
  2⤵
  PID:9156
- C:\Windows\System\ObCNJxr.exe
  C:\Windows\System\ObCNJxr.exe
  2⤵
  PID:9172
- C:\Windows\System\ZcxztjS.exe
  C:\Windows\System\ZcxztjS.exe
  2⤵
  PID:9188
- C:\Windows\System\MzmEPqr.exe
  C:\Windows\System\MzmEPqr.exe
  2⤵
  PID:9208
- C:\Windows\System\RsfDDRI.exe
  C:\Windows\System\RsfDDRI.exe
  2⤵
  PID:8200
- C:\Windows\System\LPrzsNi.exe
  C:\Windows\System\LPrzsNi.exe
  2⤵
  PID:7668
- C:\Windows\System\UUzmeXU.exe
  C:\Windows\System\UUzmeXU.exe
  2⤵
  PID:8228
- C:\Windows\System\AFIkXiO.exe
  C:\Windows\System\AFIkXiO.exe
  2⤵
  PID:8132
- C:\Windows\System\XaFIyaM.exe
  C:\Windows\System\XaFIyaM.exe
  2⤵
  PID:8272
- C:\Windows\System\LCegmCq.exe
  C:\Windows\System\LCegmCq.exe
  2⤵
  PID:8332
- C:\Windows\System\OHKaQSN.exe
  C:\Windows\System\OHKaQSN.exe
  2⤵
  PID:7684
- C:\Windows\System\CdhYqTS.exe
  C:\Windows\System\CdhYqTS.exe
  2⤵
  PID:8392
- C:\Windows\System\VEMLJXi.exe
  C:\Windows\System\VEMLJXi.exe
  2⤵
  PID:8444
- C:\Windows\System\IwUyKDf.exe
  C:\Windows\System\IwUyKDf.exe
  2⤵
  PID:8460
- C:\Windows\System\YLlNgws.exe
  C:\Windows\System\YLlNgws.exe
  2⤵
  PID:8504
- C:\Windows\System\VcEuTWN.exe
  C:\Windows\System\VcEuTWN.exe
  2⤵
  PID:8608
- C:\Windows\System\RReBuRq.exe
  C:\Windows\System\RReBuRq.exe
  2⤵
  PID:8556
- C:\Windows\System\CKmcfbV.exe
  C:\Windows\System\CKmcfbV.exe
  2⤵
  PID:8616
- C:\Windows\System\ntrfcQb.exe
  C:\Windows\System\ntrfcQb.exe
  2⤵
  PID:8596
- C:\Windows\System\blhkmaI.exe
  C:\Windows\System\blhkmaI.exe
  2⤵
  PID:8676
- C:\Windows\System\fhLkELG.exe
  C:\Windows\System\fhLkELG.exe
  2⤵
  PID:8668
- C:\Windows\System\mRyNulr.exe
  C:\Windows\System\mRyNulr.exe
  2⤵
  PID:8452
- C:\Windows\System\npKYfCf.exe
  C:\Windows\System\npKYfCf.exe
  2⤵
  PID:8744
- C:\Windows\System\zLXSYwn.exe
  C:\Windows\System\zLXSYwn.exe
  2⤵
  PID:8784
- C:\Windows\System\UraDdCm.exe
  C:\Windows\System\UraDdCm.exe
  2⤵
  PID:8820
- C:\Windows\System\aPhCiPV.exe
  C:\Windows\System\aPhCiPV.exe
  2⤵
  PID:8840
- C:\Windows\System\Cbkdqxl.exe
  C:\Windows\System\Cbkdqxl.exe
  2⤵
  PID:8868
- C:\Windows\System\AOBdHwb.exe
  C:\Windows\System\AOBdHwb.exe
  2⤵
  PID:8940
- C:\Windows\System\fOdhLUY.exe
  C:\Windows\System\fOdhLUY.exe
  2⤵
  PID:8964
- C:\Windows\System\kQTsjAd.exe
  C:\Windows\System\kQTsjAd.exe
  2⤵
  PID:9048
- C:\Windows\System\tvFDdkP.exe
  C:\Windows\System\tvFDdkP.exe
  2⤵
  PID:9096
- C:\Windows\System\kocpgSD.exe
  C:\Windows\System\kocpgSD.exe
  2⤵
  PID:8968
- C:\Windows\System\kBxjOIB.exe
  C:\Windows\System\kBxjOIB.exe
  2⤵
  PID:9164
- C:\Windows\System\xqCnLzJ.exe
  C:\Windows\System\xqCnLzJ.exe
  2⤵
  PID:9036
- C:\Windows\System\zBaoPDa.exe
  C:\Windows\System\zBaoPDa.exe
  2⤵
  PID:9112
- C:\Windows\System\ynrWVRl.exe
  C:\Windows\System\ynrWVRl.exe
  2⤵
  PID:9180
- C:\Windows\System\iehtora.exe
  C:\Windows\System\iehtora.exe
  2⤵
  PID:8196
- C:\Windows\System\HgWuCTs.exe
  C:\Windows\System\HgWuCTs.exe
  2⤵
  PID:8216
- C:\Windows\System\feuWvbK.exe
  C:\Windows\System\feuWvbK.exe
  2⤵
  PID:8292
- C:\Windows\System\VDJSuOa.exe
  C:\Windows\System\VDJSuOa.exe
  2⤵
  PID:8308
- C:\Windows\System\wOmPbEm.exe
  C:\Windows\System\wOmPbEm.exe
  2⤵
  PID:8348
- C:\Windows\System\ESVtGBk.exe
  C:\Windows\System\ESVtGBk.exe
  2⤵
  PID:7500
- C:\Windows\System\BsqdyYD.exe
  C:\Windows\System\BsqdyYD.exe
  2⤵
  PID:8572
- C:\Windows\System\XQWQmlU.exe
  C:\Windows\System\XQWQmlU.exe
  2⤵
  PID:8612
- C:\Windows\System\GJfCSMb.exe
  C:\Windows\System\GJfCSMb.exe
  2⤵
  PID:8724
- C:\Windows\System\urpoJpe.exe
  C:\Windows\System\urpoJpe.exe
  2⤵
  PID:8824
- C:\Windows\System\AxMitkZ.exe
  C:\Windows\System\AxMitkZ.exe
  2⤵
  PID:8480
- C:\Windows\System\QpDzQEY.exe
  C:\Windows\System\QpDzQEY.exe
  2⤵
  PID:8516
- C:\Windows\System\fKCcifO.exe
  C:\Windows\System\fKCcifO.exe
  2⤵
  PID:8904
- C:\Windows\System\hXieazZ.exe
  C:\Windows\System\hXieazZ.exe
  2⤵
  PID:8800
- C:\Windows\System\LyhDVjm.exe
  C:\Windows\System\LyhDVjm.exe
  2⤵
  PID:9000
- C:\Windows\System\BpnFdQm.exe
  C:\Windows\System\BpnFdQm.exe
  2⤵
  PID:9184
- C:\Windows\System\mRnlbnM.exe
  C:\Windows\System\mRnlbnM.exe
  2⤵
  PID:8244
- C:\Windows\System\DvRoZiZ.exe
  C:\Windows\System\DvRoZiZ.exe
  2⤵
  PID:8808
- C:\Windows\System\coaoRpJ.exe
  C:\Windows\System\coaoRpJ.exe
  2⤵
  PID:8248
- C:\Windows\System\nfYHrNZ.exe
  C:\Windows\System\nfYHrNZ.exe
  2⤵
  PID:8948
- C:\Windows\System\xeRYbDH.exe
  C:\Windows\System\xeRYbDH.exe
  2⤵
  PID:9080
- C:\Windows\System\ymjIddw.exe
  C:\Windows\System\ymjIddw.exe
  2⤵
  PID:9148
- C:\Windows\System\WgTZpig.exe
  C:\Windows\System\WgTZpig.exe
  2⤵
  PID:8376
- C:\Windows\System\LDOfFEr.exe
  C:\Windows\System\LDOfFEr.exe
  2⤵
  PID:8316
- C:\Windows\System\DVLbIau.exe
  C:\Windows\System\DVLbIau.exe
  2⤵
  PID:8424
- C:\Windows\System\EqUlXAJ.exe
  C:\Windows\System\EqUlXAJ.exe
  2⤵
  PID:8428
- C:\Windows\System\HLyEclQ.exe
  C:\Windows\System\HLyEclQ.exe
  2⤵
  PID:8720
- C:\Windows\System\bRCnirQ.exe
  C:\Windows\System\bRCnirQ.exe
  2⤵
  PID:8552
- C:\Windows\System\FYuHaSM.exe
  C:\Windows\System\FYuHaSM.exe
  2⤵
  PID:8740
- C:\Windows\System\GqzGDJV.exe
  C:\Windows\System\GqzGDJV.exe
  2⤵
  PID:8592
- C:\Windows\System\XuwYwWY.exe
  C:\Windows\System\XuwYwWY.exe
  2⤵
  PID:8864
- C:\Windows\System\YxKFMAl.exe
  C:\Windows\System\YxKFMAl.exe
  2⤵
  PID:8240
- C:\Windows\System\lXeQQfL.exe
  C:\Windows\System\lXeQQfL.exe
  2⤵
  PID:8268
- C:\Windows\System\mPkGYxN.exe
  C:\Windows\System\mPkGYxN.exe
  2⤵
  PID:8536
- C:\Windows\System\bhgcolV.exe
  C:\Windows\System\bhgcolV.exe
  2⤵
  PID:8120
- C:\Windows\System\RZVqFHi.exe
  C:\Windows\System\RZVqFHi.exe
  2⤵
  PID:9100
- C:\Windows\System\NwuaVDb.exe
  C:\Windows\System\NwuaVDb.exe
  2⤵
  PID:9116
- C:\Windows\System\whegmKR.exe
  C:\Windows\System\whegmKR.exe
  2⤵
  PID:7896
- C:\Windows\System\LHBJnaJ.exe
  C:\Windows\System\LHBJnaJ.exe
  2⤵
  PID:8336
- C:\Windows\System\PnePRPL.exe
  C:\Windows\System\PnePRPL.exe
  2⤵
  PID:8712
- C:\Windows\System\pFsClqZ.exe
  C:\Windows\System\pFsClqZ.exe
  2⤵
  PID:8928
- C:\Windows\System\wJOTErt.exe
  C:\Windows\System\wJOTErt.exe
  2⤵
  PID:9136
- C:\Windows\System\RFQnTva.exe
  C:\Windows\System\RFQnTva.exe
  2⤵
  PID:8652
- C:\Windows\System\qVsBFQJ.exe
  C:\Windows\System\qVsBFQJ.exe
  2⤵
  PID:8264
- C:\Windows\System\PNvzOsr.exe
  C:\Windows\System\PNvzOsr.exe
  2⤵
  PID:7848
- C:\Windows\System\lNdORNt.exe
  C:\Windows\System\lNdORNt.exe
  2⤵
  PID:8640
- C:\Windows\System\MJyELTF.exe
  C:\Windows\System\MJyELTF.exe
  2⤵
  PID:8772
- C:\Windows\System\NkqFGHY.exe
  C:\Windows\System\NkqFGHY.exe
  2⤵
  PID:8440
- C:\Windows\System\FvnqjeL.exe
  C:\Windows\System\FvnqjeL.exe
  2⤵
  PID:8204
- C:\Windows\System\NQElbqd.exe
  C:\Windows\System\NQElbqd.exe
  2⤵
  PID:9224
- C:\Windows\System\zgmumpk.exe
  C:\Windows\System\zgmumpk.exe
  2⤵
  PID:9248
- C:\Windows\System\quulAHB.exe
  C:\Windows\System\quulAHB.exe
  2⤵
  PID:9264
- C:\Windows\System\Qlxsfry.exe
  C:\Windows\System\Qlxsfry.exe
  2⤵
  PID:9292
- C:\Windows\System\rSYJmyU.exe
  C:\Windows\System\rSYJmyU.exe
  2⤵
  PID:9316
- C:\Windows\System\QBKGmRh.exe
  C:\Windows\System\QBKGmRh.exe
  2⤵
  PID:9336
- C:\Windows\System\zQqdcqq.exe
  C:\Windows\System\zQqdcqq.exe
  2⤵
  PID:9352
- C:\Windows\System\LxBANDb.exe
  C:\Windows\System\LxBANDb.exe
  2⤵
  PID:9372
- C:\Windows\System\Rtikirj.exe
  C:\Windows\System\Rtikirj.exe
  2⤵
  PID:9392
- C:\Windows\System\wzRiarn.exe
  C:\Windows\System\wzRiarn.exe
  2⤵
  PID:9412
- C:\Windows\System\zwNYRhR.exe
  C:\Windows\System\zwNYRhR.exe
  2⤵
  PID:9428
- C:\Windows\System\PROTQRr.exe
  C:\Windows\System\PROTQRr.exe
  2⤵
  PID:9452
- C:\Windows\System\upxpiRe.exe
  C:\Windows\System\upxpiRe.exe
  2⤵
  PID:9476
- C:\Windows\System\CElPsgM.exe
  C:\Windows\System\CElPsgM.exe
  2⤵
  PID:9492
- C:\Windows\System\opXcubN.exe
  C:\Windows\System\opXcubN.exe
  2⤵
  PID:9508
- C:\Windows\System\QsdRjlL.exe
  C:\Windows\System\QsdRjlL.exe
  2⤵
  PID:9524
- C:\Windows\System\gohOCsp.exe
  C:\Windows\System\gohOCsp.exe
  2⤵
  PID:9544
- C:\Windows\System\SNZNJPO.exe
  C:\Windows\System\SNZNJPO.exe
  2⤵
  PID:9564
- C:\Windows\System\xPkdcYF.exe
  C:\Windows\System\xPkdcYF.exe
  2⤵
  PID:9580
- C:\Windows\System\RjAlbWX.exe
  C:\Windows\System\RjAlbWX.exe
  2⤵
  PID:9596
- C:\Windows\System\HcdVhMY.exe
  C:\Windows\System\HcdVhMY.exe
  2⤵
  PID:9616
- C:\Windows\System\tnKBAkd.exe
  C:\Windows\System\tnKBAkd.exe
  2⤵
  PID:9636
- C:\Windows\System\VDSBSMt.exe
  C:\Windows\System\VDSBSMt.exe
  2⤵
  PID:9656
- C:\Windows\System\VkmyzNF.exe
  C:\Windows\System\VkmyzNF.exe
  2⤵
  PID:9696
- C:\Windows\System\vCyccko.exe
  C:\Windows\System\vCyccko.exe
  2⤵
  PID:9712
- C:\Windows\System\KmYIDaA.exe
  C:\Windows\System\KmYIDaA.exe
  2⤵
  PID:9732
- C:\Windows\System\vcCNFGN.exe
  C:\Windows\System\vcCNFGN.exe
  2⤵
  PID:9748
- C:\Windows\System\yYmUpBr.exe
  C:\Windows\System\yYmUpBr.exe
  2⤵
  PID:9764
- C:\Windows\System\JGjeUCh.exe
  C:\Windows\System\JGjeUCh.exe
  2⤵
  PID:9784
- C:\Windows\System\lzqaqwf.exe
  C:\Windows\System\lzqaqwf.exe
  2⤵
  PID:9804
- C:\Windows\System\iIaalhE.exe
  C:\Windows\System\iIaalhE.exe
  2⤵
  PID:9828
- C:\Windows\System\hRfrIRj.exe
  C:\Windows\System\hRfrIRj.exe
  2⤵
  PID:9844
- C:\Windows\System\FajVKQi.exe
  C:\Windows\System\FajVKQi.exe
  2⤵
  PID:9872
- C:\Windows\System\wDkkplF.exe
  C:\Windows\System\wDkkplF.exe
  2⤵
  PID:9892
- C:\Windows\System\zTKEMqb.exe
  C:\Windows\System\zTKEMqb.exe
  2⤵
  PID:9912
- C:\Windows\System\tIhlJAP.exe
  C:\Windows\System\tIhlJAP.exe
  2⤵
  PID:9936
- C:\Windows\System\ZESidDk.exe
  C:\Windows\System\ZESidDk.exe
  2⤵
  PID:9956
- C:\Windows\System\jGeNQva.exe
  C:\Windows\System\jGeNQva.exe
  2⤵
  PID:9984
- C:\Windows\System\CvSZweB.exe
  C:\Windows\System\CvSZweB.exe
  2⤵
  PID:10000
- C:\Windows\System\vteLezA.exe
  C:\Windows\System\vteLezA.exe
  2⤵
  PID:10016
- C:\Windows\System\almmopI.exe
  C:\Windows\System\almmopI.exe
  2⤵
  PID:10032
- C:\Windows\System\rGPpwjw.exe
  C:\Windows\System\rGPpwjw.exe
  2⤵
  PID:10048
- C:\Windows\System\sXfJFiL.exe
  C:\Windows\System\sXfJFiL.exe
  2⤵
  PID:10072
- C:\Windows\System\iduNuma.exe
  C:\Windows\System\iduNuma.exe
  2⤵
  PID:10092
- C:\Windows\System\PvEtkBd.exe
  C:\Windows\System\PvEtkBd.exe
  2⤵
  PID:10108
- C:\Windows\System\LLztCRa.exe
  C:\Windows\System\LLztCRa.exe
  2⤵
  PID:10124
- C:\Windows\System\hiUXZOY.exe
  C:\Windows\System\hiUXZOY.exe
  2⤵
  PID:10140
- C:\Windows\System\BgqQmAN.exe
  C:\Windows\System\BgqQmAN.exe
  2⤵
  PID:10192
- C:\Windows\System\COViIrA.exe
  C:\Windows\System\COViIrA.exe
  2⤵
  PID:10212
- C:\Windows\System\OwJxLIs.exe
  C:\Windows\System\OwJxLIs.exe
  2⤵
  PID:10228
- C:\Windows\System\llbGnkE.exe
  C:\Windows\System\llbGnkE.exe
  2⤵
  PID:9220
- C:\Windows\System\pAJEkdu.exe
  C:\Windows\System\pAJEkdu.exe
  2⤵
  PID:9256
- C:\Windows\System\iSPnAtO.exe
  C:\Windows\System\iSPnAtO.exe
  2⤵
  PID:9272
- C:\Windows\System\WRuJSWo.exe
  C:\Windows\System\WRuJSWo.exe
  2⤵
  PID:9300
- C:\Windows\System\eIlZHgF.exe
  C:\Windows\System\eIlZHgF.exe
  2⤵
  PID:9368
- C:\Windows\System\cgZPDpq.exe
  C:\Windows\System\cgZPDpq.exe
  2⤵
  PID:9380
- C:\Windows\System\hiDVtNb.exe
  C:\Windows\System\hiDVtNb.exe
  2⤵
  PID:9424
- C:\Windows\System\Nkgwsly.exe
  C:\Windows\System\Nkgwsly.exe
  2⤵
  PID:9468
- C:\Windows\System\jfLypNk.exe
  C:\Windows\System\jfLypNk.exe
  2⤵
  PID:9540
- C:\Windows\System\sEeQmgt.exe
  C:\Windows\System\sEeQmgt.exe
  2⤵
  PID:9608
- C:\Windows\System\QgpTFaI.exe
  C:\Windows\System\QgpTFaI.exe
  2⤵
  PID:9440
- C:\Windows\System\HgSVOLG.exe
  C:\Windows\System\HgSVOLG.exe
  2⤵
  PID:9628
- C:\Windows\System\gHWCdBZ.exe
  C:\Windows\System\gHWCdBZ.exe
  2⤵
  PID:9556
- C:\Windows\System\rlYnLoD.exe
  C:\Windows\System\rlYnLoD.exe
  2⤵
  PID:9652
- C:\Windows\System\evUGYMA.exe
  C:\Windows\System\evUGYMA.exe
  2⤵
  PID:9668
- C:\Windows\System\fcsWuTc.exe
  C:\Windows\System\fcsWuTc.exe
  2⤵
  PID:9772
- C:\Windows\System\NxaPjZq.exe
  C:\Windows\System\NxaPjZq.exe
  2⤵
  PID:9824
- C:\Windows\System\ODFBFMU.exe
  C:\Windows\System\ODFBFMU.exe
  2⤵
  PID:9728
- C:\Windows\System\EfgHwQJ.exe
  C:\Windows\System\EfgHwQJ.exe
  2⤵
  PID:9792
- C:\Windows\System\zjfzlrB.exe
  C:\Windows\System\zjfzlrB.exe
  2⤵
  PID:9880
- C:\Windows\System\yRSSUGV.exe
  C:\Windows\System\yRSSUGV.exe
  2⤵
  PID:9904
- C:\Windows\System\HNiEkSl.exe
  C:\Windows\System\HNiEkSl.exe
  2⤵
  PID:9920
- C:\Windows\System\YWbYpDS.exe
  C:\Windows\System\YWbYpDS.exe
  2⤵
  PID:9952
- C:\Windows\System\eAWjNON.exe
  C:\Windows\System\eAWjNON.exe
  2⤵
  PID:9964
- C:\Windows\System\GAOObXl.exe
  C:\Windows\System\GAOObXl.exe
  2⤵
  PID:9996
- C:\Windows\System\pMqDNje.exe
  C:\Windows\System\pMqDNje.exe
  2⤵
  PID:10060
- C:\Windows\System\liVKUWC.exe
  C:\Windows\System\liVKUWC.exe
  2⤵
  PID:10136
- C:\Windows\System\iDeqQSP.exe
  C:\Windows\System\iDeqQSP.exe
  2⤵
  PID:10088
- C:\Windows\System\gWHyXWm.exe
  C:\Windows\System\gWHyXWm.exe
  2⤵
  PID:10012
- C:\Windows\System\hLNAYWe.exe
  C:\Windows\System\hLNAYWe.exe
  2⤵
  PID:10156
- C:\Windows\System\AzfmFuO.exe
  C:\Windows\System\AzfmFuO.exe
  2⤵
  PID:10172
- C:\Windows\System\JQoTRnZ.exe
  C:\Windows\System\JQoTRnZ.exe
  2⤵
  PID:9076
- C:\Windows\System\ZEsCjmT.exe
  C:\Windows\System\ZEsCjmT.exe
  2⤵
  PID:9304
- C:\Windows\System\DjobeUh.exe
  C:\Windows\System\DjobeUh.exe
  2⤵
  PID:9328
- C:\Windows\System\zXqjKvj.exe
  C:\Windows\System\zXqjKvj.exe
  2⤵
  PID:9388
- C:\Windows\System\uVJVbVH.exe
  C:\Windows\System\uVJVbVH.exe
  2⤵
  PID:9536
- C:\Windows\System\IeZJfsU.exe
  C:\Windows\System\IeZJfsU.exe
  2⤵
  PID:9488
- C:\Windows\System\oDZAFWp.exe
  C:\Windows\System\oDZAFWp.exe
  2⤵
  PID:9464
- C:\Windows\System\tAzMPwu.exe
  C:\Windows\System\tAzMPwu.exe
  2⤵
  PID:9592
- C:\Windows\System\McErOfm.exe
  C:\Windows\System\McErOfm.exe
  2⤵
  PID:9644
- C:\Windows\System\iVfpsmV.exe
  C:\Windows\System\iVfpsmV.exe
  2⤵
  PID:9688
- C:\Windows\System\jRoYWfl.exe
  C:\Windows\System\jRoYWfl.exe
  2⤵
  PID:9820
- C:\Windows\System\bHFcthT.exe
  C:\Windows\System\bHFcthT.exe
  2⤵
  PID:9864
- C:\Windows\System\FkmFuWx.exe
  C:\Windows\System\FkmFuWx.exe
  2⤵
  PID:9856
- C:\Windows\System\cJTXALL.exe
  C:\Windows\System\cJTXALL.exe
  2⤵
  PID:9944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ApSlmLz.exe

Filesize
6.0MB

MD5
a77adc973bfff4b953b00a3d8afde516

SHA1
248bfa32b7e541933ec4efbace68d19f96055bee

SHA256
0509a22a45c10b83c0952b3792586295142fa46b3abd5408ddd5294a9ac74aae

SHA512
dff93f5d7521ed1be91a39925062babf7c2f6d7d3fa0490aed1987ec259cb6ac501418aaf256ed1b66cb366e5b6b6166e9aa162a43b67d255ad44793e4d3b30b

Download Submit
C:\Windows\system\EKMegbk.exe

Filesize
6.0MB

MD5
ed49599c2cf43b83736ee6304821385a

SHA1
28ee9df2bd0a77018a7591db4cf89b1a1481713a

SHA256
0f04c345f398ce4697052d7916dfaf176b93787a64faa19d8a347f5c2db3f0f7

SHA512
9b7226debcc0206585772d67f0e39ec4856a522c1234d716686c16056521f393d122bf3e53c4cc5bde5199881f7c741be6a5dac9bc45dfcae9ad3b94c44d6923

Download Submit
C:\Windows\system\GJmPUWP.exe

Filesize
6.0MB

MD5
f91c1e0d0150a999f0f836d0d81579b4

SHA1
7ab48079c2154a8777983d2833fd493b70faf9b7

SHA256
1cf33c9571c10d4b398826fd3d127d5eb48183eedc86f4c74354a4680666fc38

SHA512
54db8d7d08e2877d15b02a027a057493073b0c88b7f07ad63ad37e877040369dd87befeebf42e3e1e0c41da1a5ef62a33135810b29c7ef3cecec32c81a2d2bc5

Download Submit
C:\Windows\system\HHZdipR.exe

Filesize
6.0MB

MD5
e76932a07c59ba177ae8aa488f83a37e

SHA1
071c1e2d1fec77c288a05785800d8dccda31f147

SHA256
f10124d8bf8c39193b7ed4bf37a3913ea1e0e1f48f5ccf0b3b352439b8650b3d

SHA512
e2fa179f8ec5004429119c0fe24bcd9f01cf696fb457f543730349d183f4e75b0f45beefd3523c2b2141ccd934e75710fe3ba11bfb6e2623075c3a2a7f4e0918

Download Submit
C:\Windows\system\HPVeEhn.exe

Filesize
6.0MB

MD5
31c61dc36d044ee90ee4f71168251d93

SHA1
565669750f0c331b0be20eacb756931a0fc4b52e

SHA256
c098237bc5226104c3c41d4c38bf53b3b34101865cb4bbdf02e1d28ae68f0e9a

SHA512
4b6895ea1250e0b6067413678641be4b71e29c3705317229d7a370c30c23de68693d1c940f3e40d90961453836f351ba2d04dfd1cc82a8d2cd31cb113b20b144

Download Submit
C:\Windows\system\IqBjfok.exe

Filesize
6.0MB

MD5
e7856071794c00c3c4111021007164ed

SHA1
a5007536f1aaf9265cecd92ed98a142042a982cf

SHA256
5eaaf33c1250df3ccabf913efde9707a70e5ad09fee9c61582cc1283b241544e

SHA512
15b3494acb10d46b27853668c81224975cef764e5d695196dd652ca74da3ecf6aa4c6a1d3f6bcfca34a198737c4bb7623bb22a07d802266c9830204b4bdc0dfa

Download Submit
C:\Windows\system\LIIhvLE.exe

Filesize
6.0MB

MD5
07b0bf8e1e16ab67c7609b47adc2c417

SHA1
65c12c3ed5d7d4110f5fa8d1e9fa09a3e390e937

SHA256
c65ba666bde73cf3a3368af1d36d8578a914ba5dfb1401f8926d7652cf1a8490

SHA512
e019489c3457c26bcc4113133b0a0a8606f49ac5268eae9691b5481ae4266321bdf2822facf8bd846e426b3e83a72696b7a8657f49644d2f4af815241a6982a7

Download Submit
C:\Windows\system\LYsWtsK.exe

Filesize
6.0MB

MD5
a4c851a3d11bdb199e21daa6f29fd298

SHA1
8c8a0d9eec880003e1a893ee7525c623c7e2f94b

SHA256
5cfb230d92a9c1430cf5c75e03105333c9ced0654316b4b7705444960e0c3773

SHA512
117a762e2f84d8d5e18709daf9e7e963772dad392e1655fa9afacf00c6e7e6efcf0a4a03d2b1803f1f400874fcff189a2898d3ce082b31803f70b1bf964750e7

Download Submit
C:\Windows\system\MhDDUhX.exe

Filesize
6.0MB

MD5
d997ea618cc153c8a4be3545ed50c384

SHA1
fd0c072211deae7c7216a618a1ebdf10dc9a7125

SHA256
251ebefc8444017618b2b1be8445f1d4387643df85686837b936b912b24394e2

SHA512
cd33ac1719288c2990f11faa51bd9d7309f9da786cf748b6c37fd980f66307d63e0df95c80b729d9ab8658ab62f7cf7c44253613fe997b8a9507fc5a0c659bbd

Download Submit
C:\Windows\system\RIxWDxG.exe

Filesize
6.0MB

MD5
0959c4db0af3a5f45ce3f19fe3170e76

SHA1
ada140f909d6312d1bc7497ddbbb13cb2dcc5b18

SHA256
552356f2f12ac97a4c36ce085b90da7f08f8310ea009ab79c28cd67cefd1b91b

SHA512
619a7fd94560c6c9d44cdca12cadaf8d8d5c7c890077c79602d084d11ff8a84959d79cea82d33497321f89b98d0a432749369e2c218600e8a8734c0c24278869

Download Submit
C:\Windows\system\UJJKljb.exe

Filesize
6.0MB

MD5
f94817b3716d725d864bda7928aa7d9a

SHA1
e4d57e3789559c9ddf6581a0a69ce6120014a26e

SHA256
481bacaac38707a7e5d69951a81dfbb6924f5f6ec4778015b926c0c7f79d93c3

SHA512
4725d537fa73865b8e6c762e342ed12b964869365205c3a7121333e6339f38dd236a33a5750df4b82812e45bb66ccd9aba0c61958e6528e0e7a8bc1704f56dab

Download Submit
C:\Windows\system\VTvuOvF.exe

Filesize
6.0MB

MD5
6dd853c1efaa313b2329a35ad3bb5b36

SHA1
fe6ad57936b6c80be548fb095e37a47c4fc23a97

SHA256
521d9b84d870e7218551ce3306df710c440b6f92a8ee2a4839284d860964f900

SHA512
3f9797ba29931b0988a05c11ae4d50cc7d1184928093f89c23e8844570396c8c0f4b76fbd3dcd23156a59ba66d8f1722c896a6367a67c1488c217f32a70b1c26

Download Submit
C:\Windows\system\WhkwWSy.exe

Filesize
6.0MB

MD5
9d01a6b1326e6a3cb477efece56bebc9

SHA1
ac07db0da016a87252e95dea1417cd54870cfccb

SHA256
3739a834f90f1b1af972bdb5347b1fcf4e1d2bf9bfd08892ad165cad818f1fb1

SHA512
b554641c0c93a08644f6fe17ed996f5765eb038e3039b509c93cd610a67214fc89013d78722955d23e840c31a77e9613e082255d4fe3f5811a27c3dade493faa

Download Submit
C:\Windows\system\aRNRqtl.exe

Filesize
6.0MB

MD5
b0f90392f66732f1837aa2824ebb5772

SHA1
ba50cb703132255fb2b813a9fb0c9ae9f6efebe5

SHA256
5e45abd55b7cf05ea32e2c40fe7a203826a8a9860b6febac491842034a3e748a

SHA512
709019749b21151a2c54b8e711a2e87f06ed336aca43832a9d781af036f12245c8e28998a74aaff4d9df5c670fd63bbabef8a206b42af3c31fd9c873cbc47c09

Download Submit
C:\Windows\system\fRWqvNZ.exe

Filesize
6.0MB

MD5
662a45dd1880a43de3ccc9fe02458bad

SHA1
b30cf340f3d713b311195235ba4b1f03bce0406a

SHA256
a4ea16fad46b7d0214f037d110882949eb158daab7c47797732aa271e6159812

SHA512
22ead5d15e415c2a109507eeb4e9a8539160c5e4d91dd4e25b29494b629048f596a21561deffc4fd4a037fe00b1c7be1095f8ec3440f222af756d9ffdc4ba759

Download Submit
C:\Windows\system\fxpWIxR.exe

Filesize
6.0MB

MD5
c337b53975d04f6c2f7f7f9466bedecb

SHA1
a321c5b5ab86e6c3487d1fbdb6fcb7268d36dae1

SHA256
7e7e03381162dbe5a083c4de499af22a3e016bacfc8f5ac2a66265a90563f1fc

SHA512
07827c2dd8d585d6335a50c6c32f26e4621c6b33555f1c9c76e23994cc35f7200d1da135ac34513574c2a523aeeed14a792d00397dd0b019833792401ff00895

Download Submit
C:\Windows\system\idsidSQ.exe

Filesize
6.0MB

MD5
4daa98ac56a7d7023932703e19fb452a

SHA1
b69835141a8540fac96de25ea370978aece1db58

SHA256
e6d719ffb35f380eee88de60c34c39817ca4fbca05b5a7f10bfecb063f4e7be2

SHA512
f0186f312ad529558ce9532e7c7c4383ed8725cba5da30cf4a93b0066b51fc0dda2db52f8a11e56e57e0ba421ace58885b0c6f684247b6486b8f43b3e5eb05f8

Download Submit
C:\Windows\system\ifHSWGP.exe

Filesize
6.0MB

MD5
c1aa146b5c56d9d1cae04d06559feda7

SHA1
419724a4d03bc50cbbb884a8269c8d565e3d7aa2

SHA256
52837ae8c9bf84dfb57056012b33631c801ebf04641df7a539e359c08a503963

SHA512
d0a7125fa47fe28698a49c200530f1327c804667e6b29298eee07e22c8116339e679534ee72b5deb2fd8e94854466f3a21650b17eea2b56b9c509e3dda1f954d

Download Submit
C:\Windows\system\jFUAten.exe

Filesize
6.0MB

MD5
2949b075e2fce0ed20a847252a7affc5

SHA1
f5abfc34f3a3210ed420abda769c3cabc2b575f3

SHA256
92b97fe77a499d23c0681b36a99f8e41f6ba5d64d14c417fc4f94f2fc6117006

SHA512
92bfa131d4cdf51b92738aa8f55ddd3df2cc8f3810646bdce9f85170ef24c85acdbc6cef9472897dc290ccf31cde495b70d9cf0eefea494a6d591b9d24c7e197

Download Submit
C:\Windows\system\jKQfjDJ.exe

Filesize
6.0MB

MD5
e4d99eb2415ea98e97dc4dd0260dbb0a

SHA1
419d5bf7830136066f3dae4dbaf0ef2e69483b44

SHA256
eb929391844ae606df1a86cb2c8d7b4ce16eee1734eaa0bf4f5a6056147cc469

SHA512
b8dbe30004c7b1e0aa8e45c824bfb0607c4b416f5123cab521a4e85f7e666dfa602f02c496db7d122a02320594ced4a44480ad1560eff67967189b1ffd0229dd

Download Submit
C:\Windows\system\kIbbEuw.exe

Filesize
6.0MB

MD5
78abfacf48235c52e6c65936ba43933b

SHA1
b4aca1f8acac6c20d1266826af3afbc1f183683f

SHA256
afbe99e3f81ed19f627d7be54769dca675ef40fd3ebc7f3ea473578c45e21c87

SHA512
728be5837297f6881bcd2b0bb7c54aa47fc74cab690d827cd27f8a7e0979bdb5a00ca34bf637876ceed284300168bda5bbf009ac0def96aefd175f3f2d524917

Download Submit
C:\Windows\system\kOlaIel.exe

Filesize
6.0MB

MD5
dfde3f2ed3010e3b813635e5bdff9cd0

SHA1
f5926648063f2b3b321b2088477d01f26c015785

SHA256
8b1e893fc7c097a8c5456fdd74d2c280653c21d93074cb5c12edae2d290cacdf

SHA512
f76d8ae63f5ac6e67704e425c81b88f8eeda0448d2c3a979a6883853119e46a9ace1c98f7170ac139d389a276e498b0bc18feb4f0c2c50b72f4c85dc06987059

Download Submit
C:\Windows\system\kbKFeMx.exe

Filesize
6.0MB

MD5
ef3d69ee24b41ad5c51af7e14d5b123f

SHA1
b2624130971855c634d5de8e8fc7ef07d78caca1

SHA256
fe757752554a3fd7142cd95ce9d6ef2e54d1e7c25d21bb0eecfb70b6dced28df

SHA512
4e5efbfe6ba9ec0108379e94012a0b4d76d2cb933bd34722875ed3bee1a77c5df4a1aed317e43df4f7d1923dbf0b7fbef8b5b52bf6c7e45d27490e00427b2abf

Download Submit
C:\Windows\system\lAziPYM.exe

Filesize
6.0MB

MD5
3951cae64e815dc6fc711cbfa4c70573

SHA1
4eb25f69730c925cad8dab1e88e676d0f81cfd3a

SHA256
819e12f8043286b8b9d5df32408e2ab13f777dbff482fcf1abd13d71ed00e767

SHA512
d46a195a79401d215213ea2e3ab80c7cd0debf996775d09c1a1f2ea459839956de793c0aada8be6443b53379e20103998ecc64c3dcb4fcea4b9ece78569d377a

Download Submit
C:\Windows\system\oAYlQFx.exe

Filesize
6.0MB

MD5
93aa37cde15381c984b0c57b11f014fe

SHA1
c21e954b9d1e0d567800f675c8a98f19287f893c

SHA256
fa2ee5560ec3e8e4c6a70764379170a1c99ea4cea18a5489303584714ec5a193

SHA512
d12750da164122cce38662a832ab42e134b33d0662e69a6924f6431153707f78435fbc1412b10bec38c215018bfe4a4d2506dd0a8fa09f997db55a34c243d83a

Download Submit
C:\Windows\system\oVsxPZr.exe

Filesize
6.0MB

MD5
1ef09bcca118a9054e1c0ff4067a40e4

SHA1
97a3a592de8db6c667013b0255cfcdb6eb187be7

SHA256
ae841023e91db7ea15baaf648f135d5494be55697093a39c45040ee9f30895ca

SHA512
bc0761bf6eeaddd1884bebcc4ba80072c46810a1b34e2832b11216b6275208e00d075899662d8d78f0944a6ccc12c8a38fb799eee38a402abe1fc6f922233c3b

Download Submit
C:\Windows\system\pTiAQhy.exe

Filesize
6.0MB

MD5
e89cd57b2e05fb3728c59e88eacec8c4

SHA1
e8263159b990b8e69f8c4a5622dc1a09fa853323

SHA256
b8d623d652700ff9a999502b8ac972de2b8725cdd291109395481cb8b724f2ab

SHA512
5b6eb39bc0349df548ba9513099c8945044e60811093cc93b8f42f8b52498ff1bf59138fb08dabf5d2e9dbe0683851ac519308879a32a1316f8b6f5db837c68a

Download Submit
C:\Windows\system\viZOJHe.exe

Filesize
6.0MB

MD5
c59d189ddb491c2a1604cc071c099385

SHA1
7d10a614861dca5e780de4bfb0b17348bd0dbda3

SHA256
7e30e7779170319823d163ddccb6051a8e492e673627c8c4d822f5395739eed9

SHA512
b5942539220d6526e65450751664da2324cf1f6be13af403f50b83c649bcced6a7ec756353bc1bb6900a0d24ae9a94e47da040531c6ca9e87d77bcc7095fb022

Download Submit
C:\Windows\system\yZqJdLJ.exe

Filesize
6.0MB

MD5
c07b93ab6674d3609b39db0629cfe8fc

SHA1
ed58ba9b3ccbcd6a62c194cf53d76117d926fc67

SHA256
f56161f58899bc40dae248eef589a3d6932edef7a9ec062d394678086823cf00

SHA512
b74542b0773f6815431c9e4ec423bea1efa725b73977bbbfd118d79a5cfa760f9d3decf3bf260656f166c52da7ff002f72cd294f0b970d4c2d958f9602e995ba

Download Submit
\Windows\system\IUKZqgq.exe

Filesize
6.0MB

MD5
78d953a8b9e41c094a66fac7a0a844c5

SHA1
b2b4d247dd6938d93cadee11df77c445f33a57aa

SHA256
06e50501de7a1aa46ff9d59c3772ce7e65b619167be808b9f37cf25993cff710

SHA512
ecce22d3085c7ff9c6f5fdf62f0a42589ae445ea700f81287e08cb8a8f47f15d2a612b87885e5a91e2febd3bb36380ea0ce51ad6fb3d32b37ef36ec72f430b07

Download Submit
\Windows\system\cgdlUgL.exe

Filesize
6.0MB

MD5
3358e9a18c25ca9f3e2d2f2d309da1d6

SHA1
e3df0d20112b6eea9243783cf8f8506d24ed00db

SHA256
4da4e94ecb7e70d14a3bb2e3aa183551d22c809bacd0dc04ff045f81aa0a4cb8

SHA512
3895c6bb13ffcac702dc300e45930fe23d2eacfd3262ce98525d128070ee336a6f24389d07e4a843a678368c33d6e3b412974552aa87ce8a1f72933d9627ea79

Download Submit
\Windows\system\xQbivoY.exe

Filesize
6.0MB

MD5
a7147cf56bf131fddfd5f4fd7915de7b

SHA1
5d10ec74d511a122e2e4b3793732e4807c48175c

SHA256
e9079c1ca30eb98eb7d085e31246c48915db0caf456ff44375c3272d9f42d440

SHA512
15880c194be4096078d95048d304b4db319dc3a00f7c72479ebe74d014884842f15f7508cfbf1405dadb6d25f0f75d5d6183b68e28adda46e64c2aae504c0e68

Download Submit
memory/1752-0-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1752-29-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1752-50-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1752-349-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1752-88-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1752-64-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1752-1159-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1752-100-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1752-58-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/1752-531-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/1752-1000-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1752-46-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1752-20-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/1752-83-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/1752-10-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1752-37-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/1752-74-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1752-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1752-106-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1752-99-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/1900-69-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-27-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-4038-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-884-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-92-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2500-4030-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2500-14-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2536-15-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2536-4015-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2568-68-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2568-4039-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2572-4037-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2572-86-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2572-643-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2628-4035-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2628-101-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2628-1112-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2636-84-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2636-4034-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2716-34-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4033-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-80-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-4029-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2720-96-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2720-54-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2748-77-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2748-4036-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2748-350-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2832-4031-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2832-65-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2832-105-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2860-4028-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-43-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-26-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/3064-4026-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/3064-60-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download