cobaltstrike | 49a0951d226e3256fc1c66ab1e22571bb31f7b38ca021a03dc50cc3f1010ea65

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
26-11-2024 00:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

6de8b3a21020f0e21ca9a6535b686b0f
SHA1

0ecbba5365a73150b672f7843d85e9c9f6a9ae56
SHA256

49a0951d226e3256fc1c66ab1e22571bb31f7b38ca021a03dc50cc3f1010ea65
SHA512

2819660eaf8d6b71a8fce420733c45d63d682027d957f8a0b27da3aa122a20337343e4fc24257518511181ab172cc9b32a885ac1e85d89ddaacbe390e6ae3d34
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUL:T+q56utgpPF8u/7L

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\system\lgpIXlQ.exe	cobalt_reflective_dll
C:\Windows\system\qJrrUZB.exe	cobalt_reflective_dll
C:\Windows\system\uyKtpSS.exe	cobalt_reflective_dll
C:\Windows\system\SZtowPv.exe	cobalt_reflective_dll
C:\Windows\system\lmjIPDp.exe	cobalt_reflective_dll
C:\Windows\system\xYKcIRY.exe	cobalt_reflective_dll
\Windows\system\dBuMZSR.exe	cobalt_reflective_dll
C:\Windows\system\UjUfdgw.exe	cobalt_reflective_dll
C:\Windows\system\MaOVmKN.exe	cobalt_reflective_dll
\Windows\system\XEcnslA.exe	cobalt_reflective_dll
C:\Windows\system\almNwYi.exe	cobalt_reflective_dll
C:\Windows\system\HSqPUzh.exe	cobalt_reflective_dll
\Windows\system\nnhklBD.exe	cobalt_reflective_dll
C:\Windows\system\uDMehsZ.exe	cobalt_reflective_dll
C:\Windows\system\kkDCrCe.exe	cobalt_reflective_dll
C:\Windows\system\qgYyIyB.exe	cobalt_reflective_dll
C:\Windows\system\JVDWWMq.exe	cobalt_reflective_dll
C:\Windows\system\QTetkiP.exe	cobalt_reflective_dll
C:\Windows\system\ZJVLfQs.exe	cobalt_reflective_dll
C:\Windows\system\kVUAxEo.exe	cobalt_reflective_dll
C:\Windows\system\JHedVCR.exe	cobalt_reflective_dll
C:\Windows\system\mTKvqIs.exe	cobalt_reflective_dll
C:\Windows\system\jKSgogU.exe	cobalt_reflective_dll
C:\Windows\system\buswhrs.exe	cobalt_reflective_dll
C:\Windows\system\AKfYipw.exe	cobalt_reflective_dll
C:\Windows\system\mUniEgM.exe	cobalt_reflective_dll
C:\Windows\system\NNANvHU.exe	cobalt_reflective_dll
C:\Windows\system\XxJdPyW.exe	cobalt_reflective_dll
C:\Windows\system\PwezqXC.exe	cobalt_reflective_dll
C:\Windows\system\pHUieUk.exe	cobalt_reflective_dll
C:\Windows\system\DYYAgAl.exe	cobalt_reflective_dll
C:\Windows\system\qQwLVgI.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 47 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2932-0-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
C:\Windows\system\lgpIXlQ.exe	xmrig
C:\Windows\system\qJrrUZB.exe	xmrig
C:\Windows\system\uyKtpSS.exe	xmrig
C:\Windows\system\SZtowPv.exe	xmrig
C:\Windows\system\lmjIPDp.exe	xmrig
C:\Windows\system\xYKcIRY.exe	xmrig
\Windows\system\dBuMZSR.exe	xmrig
C:\Windows\system\UjUfdgw.exe	xmrig
C:\Windows\system\MaOVmKN.exe	xmrig
\Windows\system\XEcnslA.exe	xmrig
C:\Windows\system\almNwYi.exe	xmrig
behavioral1/memory/2932-1745-0x00000000024A0000-0x00000000027F4000-memory.dmp	xmrig
C:\Windows\system\HSqPUzh.exe	xmrig
\Windows\system\nnhklBD.exe	xmrig
C:\Windows\system\uDMehsZ.exe	xmrig
C:\Windows\system\kkDCrCe.exe	xmrig
C:\Windows\system\qgYyIyB.exe	xmrig
C:\Windows\system\JVDWWMq.exe	xmrig
C:\Windows\system\QTetkiP.exe	xmrig
C:\Windows\system\ZJVLfQs.exe	xmrig
C:\Windows\system\kVUAxEo.exe	xmrig
C:\Windows\system\JHedVCR.exe	xmrig
C:\Windows\system\mTKvqIs.exe	xmrig
C:\Windows\system\jKSgogU.exe	xmrig
C:\Windows\system\buswhrs.exe	xmrig
C:\Windows\system\AKfYipw.exe	xmrig
C:\Windows\system\mUniEgM.exe	xmrig
C:\Windows\system\NNANvHU.exe	xmrig
C:\Windows\system\XxJdPyW.exe	xmrig
C:\Windows\system\PwezqXC.exe	xmrig
C:\Windows\system\pHUieUk.exe	xmrig
C:\Windows\system\DYYAgAl.exe	xmrig
C:\Windows\system\qQwLVgI.exe	xmrig
behavioral1/memory/2740-1883-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2756-1974-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2672-2078-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2780-2268-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2708-2318-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2932-2915-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2932-2996-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2780-3161-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2820-3160-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2756-3157-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2672-3177-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2740-3166-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2708-3172-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

lgpIXlQ.exeqJrrUZB.exeuyKtpSS.exeSZtowPv.exelmjIPDp.exexYKcIRY.exedBuMZSR.exeqQwLVgI.exeDYYAgAl.exepHUieUk.exeUjUfdgw.exePwezqXC.exeMaOVmKN.exeXxJdPyW.exeNNANvHU.exemUniEgM.exeAKfYipw.exebuswhrs.exejKSgogU.exemTKvqIs.exeJHedVCR.exeQTetkiP.exekVUAxEo.exeJVDWWMq.exeZJVLfQs.exeqgYyIyB.exeXEcnslA.exekkDCrCe.exennhklBD.exeHSqPUzh.exeuDMehsZ.exealmNwYi.exemPfUbfo.exeCpgIwun.exedoNbpqB.exezTwpngv.exenCYsbpf.exeEPVlWVc.exexaqcwPo.exeWfUuBnk.exeeaHiQgH.exemNHRnkL.exeivlUciH.exeYvuTnJw.exelmdmOIM.exeYzftDYZ.execvLmlAH.exeZwGMoaV.exeguClCou.exeLEHCjXb.exeMobPUsq.exenfjZDxu.exeJalcJrG.exekgjSnUK.exeiSihxsM.exeNkfJTWe.exeumnreYG.exeFfRvjxM.exeZuoiJfw.execORRpCY.exeqCPHwHa.exeGyvoIQQ.exeovkMkUR.exeLjnMVpy.exe

pid	process
2656	lgpIXlQ.exe
2740	qJrrUZB.exe
2756	uyKtpSS.exe
2672	SZtowPv.exe
2780	lmjIPDp.exe
2708	xYKcIRY.exe
2820	dBuMZSR.exe
2764	qQwLVgI.exe
2604	DYYAgAl.exe
2592	pHUieUk.exe
3024	UjUfdgw.exe
2360	PwezqXC.exe
1308	MaOVmKN.exe
2868	XxJdPyW.exe
2912	NNANvHU.exe
2916	mUniEgM.exe
2616	AKfYipw.exe
1684	buswhrs.exe
2044	jKSgogU.exe
776	mTKvqIs.exe
2288	JHedVCR.exe
868	QTetkiP.exe
2724	kVUAxEo.exe
1468	JVDWWMq.exe
596	ZJVLfQs.exe
2268	qgYyIyB.exe
1692	XEcnslA.exe
2952	kkDCrCe.exe
2088	nnhklBD.exe
2400	HSqPUzh.exe
1920	uDMehsZ.exe
1312	almNwYi.exe
1832	mPfUbfo.exe
1628	CpgIwun.exe
1736	doNbpqB.exe
984	zTwpngv.exe
2404	nCYsbpf.exe
2488	EPVlWVc.exe
2148	xaqcwPo.exe
1652	WfUuBnk.exe
2644	eaHiQgH.exe
1728	mNHRnkL.exe
1892	ivlUciH.exe
2496	YvuTnJw.exe
2468	lmdmOIM.exe
1972	YzftDYZ.exe
1900	cvLmlAH.exe
2152	ZwGMoaV.exe
2492	guClCou.exe
2508	LEHCjXb.exe
888	MobPUsq.exe
1192	nfjZDxu.exe
808	JalcJrG.exe
2096	kgjSnUK.exe
1592	iSihxsM.exe
2956	NkfJTWe.exe
1352	umnreYG.exe
2456	FfRvjxM.exe
1880	ZuoiJfw.exe
2688	cORRpCY.exe
2784	qCPHwHa.exe
1088	GyvoIQQ.exe
2624	ovkMkUR.exe
2832	LjnMVpy.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 45 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2932-0-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
C:\Windows\system\lgpIXlQ.exe	upx
C:\Windows\system\qJrrUZB.exe	upx
C:\Windows\system\uyKtpSS.exe	upx
C:\Windows\system\SZtowPv.exe	upx
C:\Windows\system\lmjIPDp.exe	upx
C:\Windows\system\xYKcIRY.exe	upx
\Windows\system\dBuMZSR.exe	upx
C:\Windows\system\UjUfdgw.exe	upx
C:\Windows\system\MaOVmKN.exe	upx
\Windows\system\XEcnslA.exe	upx
C:\Windows\system\almNwYi.exe	upx
C:\Windows\system\HSqPUzh.exe	upx
\Windows\system\nnhklBD.exe	upx
C:\Windows\system\uDMehsZ.exe	upx
C:\Windows\system\kkDCrCe.exe	upx
C:\Windows\system\qgYyIyB.exe	upx
C:\Windows\system\JVDWWMq.exe	upx
C:\Windows\system\QTetkiP.exe	upx
C:\Windows\system\ZJVLfQs.exe	upx
C:\Windows\system\kVUAxEo.exe	upx
C:\Windows\system\JHedVCR.exe	upx
C:\Windows\system\mTKvqIs.exe	upx
C:\Windows\system\jKSgogU.exe	upx
C:\Windows\system\buswhrs.exe	upx
C:\Windows\system\AKfYipw.exe	upx
C:\Windows\system\mUniEgM.exe	upx
C:\Windows\system\NNANvHU.exe	upx
C:\Windows\system\XxJdPyW.exe	upx
C:\Windows\system\PwezqXC.exe	upx
C:\Windows\system\pHUieUk.exe	upx
C:\Windows\system\DYYAgAl.exe	upx
C:\Windows\system\qQwLVgI.exe	upx
behavioral1/memory/2740-1883-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2756-1974-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2672-2078-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2780-2268-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2708-2318-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2932-2915-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2780-3161-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2820-3160-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2756-3157-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2672-3177-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2740-3166-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2708-3172-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\huocbdL.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHihrwL.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YdJuTZF.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HTPXeoc.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ECabFGt.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AQgwJUA.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RnMCxtF.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ICiJzaG.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdRpaEW.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FVcRpZM.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SFeiHAK.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UPfTffz.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fSMtJCK.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\enLeyhE.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TsYOmWi.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oUoyfIR.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CnmuYxV.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UsPefmA.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hxzITsE.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ieKIVnW.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cWmUOtZ.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVhKhaw.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYAlaOg.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ofaNVkT.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gOotBvY.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VqlyIdD.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sVmXISv.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vbBbQTj.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CUcRLPh.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRXyTUo.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWKnNRj.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTKbWiD.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mPfUbfo.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQSDYKu.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TomKkbC.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VYaOCil.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RArKuHg.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KyKDxEg.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uDMehsZ.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CUaRVJe.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KDDEutS.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IZhbaVx.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xZAQCYd.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kcXXNRY.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TGWmJKU.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FfRvjxM.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XThLeeN.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VftNpiW.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zTSHvoM.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dokQiRI.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxHMsLG.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OioLIzT.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHwynZd.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MobPUsq.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MmizRNL.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\maWihXN.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rHHRBwU.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yixSSXM.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJWFODt.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QuDIksJ.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RUTcXZo.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwoCmhM.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RIlpZeB.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tiimfIl.exe	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2932 wrote to memory of 2656	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	lgpIXlQ.exe
PID 2932 wrote to memory of 2656	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	lgpIXlQ.exe
PID 2932 wrote to memory of 2656	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	lgpIXlQ.exe
PID 2932 wrote to memory of 2740	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	qJrrUZB.exe
PID 2932 wrote to memory of 2740	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	qJrrUZB.exe
PID 2932 wrote to memory of 2740	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	qJrrUZB.exe
PID 2932 wrote to memory of 2756	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	uyKtpSS.exe
PID 2932 wrote to memory of 2756	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	uyKtpSS.exe
PID 2932 wrote to memory of 2756	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	uyKtpSS.exe
PID 2932 wrote to memory of 2672	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	SZtowPv.exe
PID 2932 wrote to memory of 2672	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	SZtowPv.exe
PID 2932 wrote to memory of 2672	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	SZtowPv.exe
PID 2932 wrote to memory of 2780	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	lmjIPDp.exe
PID 2932 wrote to memory of 2780	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	lmjIPDp.exe
PID 2932 wrote to memory of 2780	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	lmjIPDp.exe
PID 2932 wrote to memory of 2708	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	xYKcIRY.exe
PID 2932 wrote to memory of 2708	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	xYKcIRY.exe
PID 2932 wrote to memory of 2708	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	xYKcIRY.exe
PID 2932 wrote to memory of 2820	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	dBuMZSR.exe
PID 2932 wrote to memory of 2820	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	dBuMZSR.exe
PID 2932 wrote to memory of 2820	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	dBuMZSR.exe
PID 2932 wrote to memory of 2764	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	qQwLVgI.exe
PID 2932 wrote to memory of 2764	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	qQwLVgI.exe
PID 2932 wrote to memory of 2764	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	qQwLVgI.exe
PID 2932 wrote to memory of 2604	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	DYYAgAl.exe
PID 2932 wrote to memory of 2604	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	DYYAgAl.exe
PID 2932 wrote to memory of 2604	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	DYYAgAl.exe
PID 2932 wrote to memory of 2592	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	pHUieUk.exe
PID 2932 wrote to memory of 2592	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	pHUieUk.exe
PID 2932 wrote to memory of 2592	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	pHUieUk.exe
PID 2932 wrote to memory of 3024	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	UjUfdgw.exe
PID 2932 wrote to memory of 3024	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	UjUfdgw.exe
PID 2932 wrote to memory of 3024	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	UjUfdgw.exe
PID 2932 wrote to memory of 2360	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	PwezqXC.exe
PID 2932 wrote to memory of 2360	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	PwezqXC.exe
PID 2932 wrote to memory of 2360	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	PwezqXC.exe
PID 2932 wrote to memory of 1308	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	MaOVmKN.exe
PID 2932 wrote to memory of 1308	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	MaOVmKN.exe
PID 2932 wrote to memory of 1308	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	MaOVmKN.exe
PID 2932 wrote to memory of 2868	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	XxJdPyW.exe
PID 2932 wrote to memory of 2868	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	XxJdPyW.exe
PID 2932 wrote to memory of 2868	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	XxJdPyW.exe
PID 2932 wrote to memory of 2912	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	NNANvHU.exe
PID 2932 wrote to memory of 2912	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	NNANvHU.exe
PID 2932 wrote to memory of 2912	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	NNANvHU.exe
PID 2932 wrote to memory of 2916	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	mUniEgM.exe
PID 2932 wrote to memory of 2916	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	mUniEgM.exe
PID 2932 wrote to memory of 2916	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	mUniEgM.exe
PID 2932 wrote to memory of 2616	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	AKfYipw.exe
PID 2932 wrote to memory of 2616	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	AKfYipw.exe
PID 2932 wrote to memory of 2616	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	AKfYipw.exe
PID 2932 wrote to memory of 1684	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	buswhrs.exe
PID 2932 wrote to memory of 1684	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	buswhrs.exe
PID 2932 wrote to memory of 1684	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	buswhrs.exe
PID 2932 wrote to memory of 2044	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	jKSgogU.exe
PID 2932 wrote to memory of 2044	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	jKSgogU.exe
PID 2932 wrote to memory of 2044	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	jKSgogU.exe
PID 2932 wrote to memory of 776	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	mTKvqIs.exe
PID 2932 wrote to memory of 776	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	mTKvqIs.exe
PID 2932 wrote to memory of 776	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	mTKvqIs.exe
PID 2932 wrote to memory of 2288	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	JHedVCR.exe
PID 2932 wrote to memory of 2288	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	JHedVCR.exe
PID 2932 wrote to memory of 2288	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	JHedVCR.exe
PID 2932 wrote to memory of 868	2932	2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe	QTetkiP.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-26_6de8b3a21020f0e21ca9a6535b686b0f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\System\lgpIXlQ.exe
  C:\Windows\System\lgpIXlQ.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\qJrrUZB.exe
  C:\Windows\System\qJrrUZB.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\uyKtpSS.exe
  C:\Windows\System\uyKtpSS.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\SZtowPv.exe
  C:\Windows\System\SZtowPv.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\lmjIPDp.exe
  C:\Windows\System\lmjIPDp.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\xYKcIRY.exe
  C:\Windows\System\xYKcIRY.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\dBuMZSR.exe
  C:\Windows\System\dBuMZSR.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\qQwLVgI.exe
  C:\Windows\System\qQwLVgI.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\DYYAgAl.exe
  C:\Windows\System\DYYAgAl.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\pHUieUk.exe
  C:\Windows\System\pHUieUk.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\UjUfdgw.exe
  C:\Windows\System\UjUfdgw.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\PwezqXC.exe
  C:\Windows\System\PwezqXC.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\MaOVmKN.exe
  C:\Windows\System\MaOVmKN.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\XxJdPyW.exe
  C:\Windows\System\XxJdPyW.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\NNANvHU.exe
  C:\Windows\System\NNANvHU.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\mUniEgM.exe
  C:\Windows\System\mUniEgM.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\AKfYipw.exe
  C:\Windows\System\AKfYipw.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\buswhrs.exe
  C:\Windows\System\buswhrs.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\jKSgogU.exe
  C:\Windows\System\jKSgogU.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\mTKvqIs.exe
  C:\Windows\System\mTKvqIs.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\JHedVCR.exe
  C:\Windows\System\JHedVCR.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\QTetkiP.exe
  C:\Windows\System\QTetkiP.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\kVUAxEo.exe
  C:\Windows\System\kVUAxEo.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\JVDWWMq.exe
  C:\Windows\System\JVDWWMq.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\ZJVLfQs.exe
  C:\Windows\System\ZJVLfQs.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\XEcnslA.exe
  C:\Windows\System\XEcnslA.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\qgYyIyB.exe
  C:\Windows\System\qgYyIyB.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\nnhklBD.exe
  C:\Windows\System\nnhklBD.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\kkDCrCe.exe
  C:\Windows\System\kkDCrCe.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\HSqPUzh.exe
  C:\Windows\System\HSqPUzh.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\uDMehsZ.exe
  C:\Windows\System\uDMehsZ.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\almNwYi.exe
  C:\Windows\System\almNwYi.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\mPfUbfo.exe
  C:\Windows\System\mPfUbfo.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\CpgIwun.exe
  C:\Windows\System\CpgIwun.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\doNbpqB.exe
  C:\Windows\System\doNbpqB.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\zTwpngv.exe
  C:\Windows\System\zTwpngv.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\nCYsbpf.exe
  C:\Windows\System\nCYsbpf.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\EPVlWVc.exe
  C:\Windows\System\EPVlWVc.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\xaqcwPo.exe
  C:\Windows\System\xaqcwPo.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\WfUuBnk.exe
  C:\Windows\System\WfUuBnk.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\eaHiQgH.exe
  C:\Windows\System\eaHiQgH.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\mNHRnkL.exe
  C:\Windows\System\mNHRnkL.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\ivlUciH.exe
  C:\Windows\System\ivlUciH.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\YvuTnJw.exe
  C:\Windows\System\YvuTnJw.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\lmdmOIM.exe
  C:\Windows\System\lmdmOIM.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\YzftDYZ.exe
  C:\Windows\System\YzftDYZ.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\cvLmlAH.exe
  C:\Windows\System\cvLmlAH.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\ZwGMoaV.exe
  C:\Windows\System\ZwGMoaV.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\guClCou.exe
  C:\Windows\System\guClCou.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\LEHCjXb.exe
  C:\Windows\System\LEHCjXb.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\MobPUsq.exe
  C:\Windows\System\MobPUsq.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\nfjZDxu.exe
  C:\Windows\System\nfjZDxu.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\JalcJrG.exe
  C:\Windows\System\JalcJrG.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\FfRvjxM.exe
  C:\Windows\System\FfRvjxM.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\kgjSnUK.exe
  C:\Windows\System\kgjSnUK.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\ZuoiJfw.exe
  C:\Windows\System\ZuoiJfw.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\iSihxsM.exe
  C:\Windows\System\iSihxsM.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\cORRpCY.exe
  C:\Windows\System\cORRpCY.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\NkfJTWe.exe
  C:\Windows\System\NkfJTWe.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\qCPHwHa.exe
  C:\Windows\System\qCPHwHa.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\umnreYG.exe
  C:\Windows\System\umnreYG.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\GyvoIQQ.exe
  C:\Windows\System\GyvoIQQ.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\ovkMkUR.exe
  C:\Windows\System\ovkMkUR.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\LjnMVpy.exe
  C:\Windows\System\LjnMVpy.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\dQnTCig.exe
  C:\Windows\System\dQnTCig.exe
  2⤵
  PID:2884
- C:\Windows\System\tCtzqXN.exe
  C:\Windows\System\tCtzqXN.exe
  2⤵
  PID:1292
- C:\Windows\System\DRjbsyc.exe
  C:\Windows\System\DRjbsyc.exe
  2⤵
  PID:1624
- C:\Windows\System\yfpFomO.exe
  C:\Windows\System\yfpFomO.exe
  2⤵
  PID:1748
- C:\Windows\System\ynuNlCt.exe
  C:\Windows\System\ynuNlCt.exe
  2⤵
  PID:1996
- C:\Windows\System\kRjmzPz.exe
  C:\Windows\System\kRjmzPz.exe
  2⤵
  PID:1644
- C:\Windows\System\NVfXpJd.exe
  C:\Windows\System\NVfXpJd.exe
  2⤵
  PID:1744
- C:\Windows\System\CUaRVJe.exe
  C:\Windows\System\CUaRVJe.exe
  2⤵
  PID:532
- C:\Windows\System\gnnFhyq.exe
  C:\Windows\System\gnnFhyq.exe
  2⤵
  PID:2532
- C:\Windows\System\adjTEUC.exe
  C:\Windows\System\adjTEUC.exe
  2⤵
  PID:2132
- C:\Windows\System\NzQtRGA.exe
  C:\Windows\System\NzQtRGA.exe
  2⤵
  PID:2368
- C:\Windows\System\VtsNWXQ.exe
  C:\Windows\System\VtsNWXQ.exe
  2⤵
  PID:2504
- C:\Windows\System\ELmVxvj.exe
  C:\Windows\System\ELmVxvj.exe
  2⤵
  PID:1828
- C:\Windows\System\BmVIfld.exe
  C:\Windows\System\BmVIfld.exe
  2⤵
  PID:756
- C:\Windows\System\DPfBvNX.exe
  C:\Windows\System\DPfBvNX.exe
  2⤵
  PID:2416
- C:\Windows\System\UqJuDto.exe
  C:\Windows\System\UqJuDto.exe
  2⤵
  PID:1532
- C:\Windows\System\bixzPkR.exe
  C:\Windows\System\bixzPkR.exe
  2⤵
  PID:1716
- C:\Windows\System\otXbGyh.exe
  C:\Windows\System\otXbGyh.exe
  2⤵
  PID:2988
- C:\Windows\System\kWeCZjd.exe
  C:\Windows\System\kWeCZjd.exe
  2⤵
  PID:1708
- C:\Windows\System\vPAKgQt.exe
  C:\Windows\System\vPAKgQt.exe
  2⤵
  PID:1696
- C:\Windows\System\tyQnRNt.exe
  C:\Windows\System\tyQnRNt.exe
  2⤵
  PID:612
- C:\Windows\System\qYWPKrG.exe
  C:\Windows\System\qYWPKrG.exe
  2⤵
  PID:2076
- C:\Windows\System\oHFUBLN.exe
  C:\Windows\System\oHFUBLN.exe
  2⤵
  PID:2692
- C:\Windows\System\EgJvRiC.exe
  C:\Windows\System\EgJvRiC.exe
  2⤵
  PID:1084
- C:\Windows\System\oqQRkhD.exe
  C:\Windows\System\oqQRkhD.exe
  2⤵
  PID:1188
- C:\Windows\System\XJYMorT.exe
  C:\Windows\System\XJYMorT.exe
  2⤵
  PID:2636
- C:\Windows\System\jHFsZCw.exe
  C:\Windows\System\jHFsZCw.exe
  2⤵
  PID:2668
- C:\Windows\System\FNkfdUK.exe
  C:\Windows\System\FNkfdUK.exe
  2⤵
  PID:2664
- C:\Windows\System\bDQZxDx.exe
  C:\Windows\System\bDQZxDx.exe
  2⤵
  PID:1596
- C:\Windows\System\lwLoxxS.exe
  C:\Windows\System\lwLoxxS.exe
  2⤵
  PID:3028
- C:\Windows\System\rBXuRtk.exe
  C:\Windows\System\rBXuRtk.exe
  2⤵
  PID:1304
- C:\Windows\System\qpfkrJd.exe
  C:\Windows\System\qpfkrJd.exe
  2⤵
  PID:3040
- C:\Windows\System\ppGBOjD.exe
  C:\Windows\System\ppGBOjD.exe
  2⤵
  PID:2308
- C:\Windows\System\pBGzbQe.exe
  C:\Windows\System\pBGzbQe.exe
  2⤵
  PID:2072
- C:\Windows\System\uzJMlai.exe
  C:\Windows\System\uzJMlai.exe
  2⤵
  PID:2792
- C:\Windows\System\nLJgvWZ.exe
  C:\Windows\System\nLJgvWZ.exe
  2⤵
  PID:304
- C:\Windows\System\aJzGQut.exe
  C:\Windows\System\aJzGQut.exe
  2⤵
  PID:2964
- C:\Windows\System\yzUuyid.exe
  C:\Windows\System\yzUuyid.exe
  2⤵
  PID:944
- C:\Windows\System\ePqAjAV.exe
  C:\Windows\System\ePqAjAV.exe
  2⤵
  PID:2356
- C:\Windows\System\WNpLiUy.exe
  C:\Windows\System\WNpLiUy.exe
  2⤵
  PID:1608
- C:\Windows\System\waeTYXJ.exe
  C:\Windows\System\waeTYXJ.exe
  2⤵
  PID:1420
- C:\Windows\System\xkzAhKO.exe
  C:\Windows\System\xkzAhKO.exe
  2⤵
  PID:2484
- C:\Windows\System\MEFbEmB.exe
  C:\Windows\System\MEFbEmB.exe
  2⤵
  PID:1768
- C:\Windows\System\XBcdRKq.exe
  C:\Windows\System\XBcdRKq.exe
  2⤵
  PID:2980
- C:\Windows\System\xtwVSZR.exe
  C:\Windows\System\xtwVSZR.exe
  2⤵
  PID:1564
- C:\Windows\System\sofEqPR.exe
  C:\Windows\System\sofEqPR.exe
  2⤵
  PID:2812
- C:\Windows\System\ZMQkmqA.exe
  C:\Windows\System\ZMQkmqA.exe
  2⤵
  PID:2984
- C:\Windows\System\pnhPOAn.exe
  C:\Windows\System\pnhPOAn.exe
  2⤵
  PID:2568
- C:\Windows\System\GcduxPh.exe
  C:\Windows\System\GcduxPh.exe
  2⤵
  PID:2996
- C:\Windows\System\ZqxwOGY.exe
  C:\Windows\System\ZqxwOGY.exe
  2⤵
  PID:3020
- C:\Windows\System\Fnqomku.exe
  C:\Windows\System\Fnqomku.exe
  2⤵
  PID:1992
- C:\Windows\System\PtKfgcu.exe
  C:\Windows\System\PtKfgcu.exe
  2⤵
  PID:1432
- C:\Windows\System\jxQUFwE.exe
  C:\Windows\System\jxQUFwE.exe
  2⤵
  PID:348
- C:\Windows\System\iDYoaIu.exe
  C:\Windows\System\iDYoaIu.exe
  2⤵
  PID:2588
- C:\Windows\System\lOkTyEZ.exe
  C:\Windows\System\lOkTyEZ.exe
  2⤵
  PID:3080
- C:\Windows\System\gzlKRZP.exe
  C:\Windows\System\gzlKRZP.exe
  2⤵
  PID:3100
- C:\Windows\System\jfFUVDc.exe
  C:\Windows\System\jfFUVDc.exe
  2⤵
  PID:3116
- C:\Windows\System\rpXEMCt.exe
  C:\Windows\System\rpXEMCt.exe
  2⤵
  PID:3140
- C:\Windows\System\kckVgwa.exe
  C:\Windows\System\kckVgwa.exe
  2⤵
  PID:3160
- C:\Windows\System\eUVvKQu.exe
  C:\Windows\System\eUVvKQu.exe
  2⤵
  PID:3180
- C:\Windows\System\pEqaZFl.exe
  C:\Windows\System\pEqaZFl.exe
  2⤵
  PID:3200
- C:\Windows\System\VMsRnPi.exe
  C:\Windows\System\VMsRnPi.exe
  2⤵
  PID:3216
- C:\Windows\System\MLhigov.exe
  C:\Windows\System\MLhigov.exe
  2⤵
  PID:3244
- C:\Windows\System\REWAakL.exe
  C:\Windows\System\REWAakL.exe
  2⤵
  PID:3264
- C:\Windows\System\MtBjxda.exe
  C:\Windows\System\MtBjxda.exe
  2⤵
  PID:3280
- C:\Windows\System\zVuKSdU.exe
  C:\Windows\System\zVuKSdU.exe
  2⤵
  PID:3304
- C:\Windows\System\MWmrRzx.exe
  C:\Windows\System\MWmrRzx.exe
  2⤵
  PID:3320
- C:\Windows\System\FxUmxYj.exe
  C:\Windows\System\FxUmxYj.exe
  2⤵
  PID:3336
- C:\Windows\System\oXvEluN.exe
  C:\Windows\System\oXvEluN.exe
  2⤵
  PID:3356
- C:\Windows\System\STPZLDH.exe
  C:\Windows\System\STPZLDH.exe
  2⤵
  PID:3376
- C:\Windows\System\UCzbOHT.exe
  C:\Windows\System\UCzbOHT.exe
  2⤵
  PID:3392
- C:\Windows\System\uuaKrKt.exe
  C:\Windows\System\uuaKrKt.exe
  2⤵
  PID:3412
- C:\Windows\System\mkVCmad.exe
  C:\Windows\System\mkVCmad.exe
  2⤵
  PID:3432
- C:\Windows\System\DlEzdFi.exe
  C:\Windows\System\DlEzdFi.exe
  2⤵
  PID:3448
- C:\Windows\System\ZNxqxEl.exe
  C:\Windows\System\ZNxqxEl.exe
  2⤵
  PID:3472
- C:\Windows\System\aeqwGBD.exe
  C:\Windows\System\aeqwGBD.exe
  2⤵
  PID:3496
- C:\Windows\System\UOAsSrs.exe
  C:\Windows\System\UOAsSrs.exe
  2⤵
  PID:3516
- C:\Windows\System\iCFxcVh.exe
  C:\Windows\System\iCFxcVh.exe
  2⤵
  PID:3540
- C:\Windows\System\XeVJECT.exe
  C:\Windows\System\XeVJECT.exe
  2⤵
  PID:3564
- C:\Windows\System\WrpChVD.exe
  C:\Windows\System\WrpChVD.exe
  2⤵
  PID:3584
- C:\Windows\System\IDnvmFv.exe
  C:\Windows\System\IDnvmFv.exe
  2⤵
  PID:3604
- C:\Windows\System\KHbpedV.exe
  C:\Windows\System\KHbpedV.exe
  2⤵
  PID:3624
- C:\Windows\System\vzrPAHV.exe
  C:\Windows\System\vzrPAHV.exe
  2⤵
  PID:3644
- C:\Windows\System\rcBhNmB.exe
  C:\Windows\System\rcBhNmB.exe
  2⤵
  PID:3660
- C:\Windows\System\ZzoAQtQ.exe
  C:\Windows\System\ZzoAQtQ.exe
  2⤵
  PID:3680
- C:\Windows\System\WWmLJWT.exe
  C:\Windows\System\WWmLJWT.exe
  2⤵
  PID:3700
- C:\Windows\System\CteuKIc.exe
  C:\Windows\System\CteuKIc.exe
  2⤵
  PID:3720
- C:\Windows\System\LIBHrsZ.exe
  C:\Windows\System\LIBHrsZ.exe
  2⤵
  PID:3744
- C:\Windows\System\vDsQmVP.exe
  C:\Windows\System\vDsQmVP.exe
  2⤵
  PID:3760
- C:\Windows\System\hpTMxFt.exe
  C:\Windows\System\hpTMxFt.exe
  2⤵
  PID:3784
- C:\Windows\System\EwYkSTi.exe
  C:\Windows\System\EwYkSTi.exe
  2⤵
  PID:3800
- C:\Windows\System\ZTKbWiD.exe
  C:\Windows\System\ZTKbWiD.exe
  2⤵
  PID:3820
- C:\Windows\System\XsSWOlH.exe
  C:\Windows\System\XsSWOlH.exe
  2⤵
  PID:3844
- C:\Windows\System\mWfxupw.exe
  C:\Windows\System\mWfxupw.exe
  2⤵
  PID:3860
- C:\Windows\System\uMpGmtN.exe
  C:\Windows\System\uMpGmtN.exe
  2⤵
  PID:3884
- C:\Windows\System\mTzNDig.exe
  C:\Windows\System\mTzNDig.exe
  2⤵
  PID:3900
- C:\Windows\System\jHKcyNU.exe
  C:\Windows\System\jHKcyNU.exe
  2⤵
  PID:3920
- C:\Windows\System\crNyxmu.exe
  C:\Windows\System\crNyxmu.exe
  2⤵
  PID:3936
- C:\Windows\System\UTKgkbM.exe
  C:\Windows\System\UTKgkbM.exe
  2⤵
  PID:3952
- C:\Windows\System\RXOwQzt.exe
  C:\Windows\System\RXOwQzt.exe
  2⤵
  PID:3976
- C:\Windows\System\qtYvUIr.exe
  C:\Windows\System\qtYvUIr.exe
  2⤵
  PID:4000
- C:\Windows\System\XThLeeN.exe
  C:\Windows\System\XThLeeN.exe
  2⤵
  PID:4020
- C:\Windows\System\yUqRSyE.exe
  C:\Windows\System\yUqRSyE.exe
  2⤵
  PID:4048
- C:\Windows\System\THboldh.exe
  C:\Windows\System\THboldh.exe
  2⤵
  PID:4076
- C:\Windows\System\YSIWkgJ.exe
  C:\Windows\System\YSIWkgJ.exe
  2⤵
  PID:4092
- C:\Windows\System\URRyNUg.exe
  C:\Windows\System\URRyNUg.exe
  2⤵
  PID:860
- C:\Windows\System\cDXmjqH.exe
  C:\Windows\System\cDXmjqH.exe
  2⤵
  PID:1544
- C:\Windows\System\JiRtYhr.exe
  C:\Windows\System\JiRtYhr.exe
  2⤵
  PID:2684
- C:\Windows\System\SvEAtdT.exe
  C:\Windows\System\SvEAtdT.exe
  2⤵
  PID:1712
- C:\Windows\System\Oknxddy.exe
  C:\Windows\System\Oknxddy.exe
  2⤵
  PID:2344
- C:\Windows\System\tEMTDZA.exe
  C:\Windows\System\tEMTDZA.exe
  2⤵
  PID:1056
- C:\Windows\System\yVCcAjT.exe
  C:\Windows\System\yVCcAjT.exe
  2⤵
  PID:2900
- C:\Windows\System\LOBRbDy.exe
  C:\Windows\System\LOBRbDy.exe
  2⤵
  PID:676
- C:\Windows\System\TbwpzdU.exe
  C:\Windows\System\TbwpzdU.exe
  2⤵
  PID:1384
- C:\Windows\System\ogqFenO.exe
  C:\Windows\System\ogqFenO.exe
  2⤵
  PID:3132
- C:\Windows\System\mXdZrBF.exe
  C:\Windows\System\mXdZrBF.exe
  2⤵
  PID:3172
- C:\Windows\System\dHYTDOJ.exe
  C:\Windows\System\dHYTDOJ.exe
  2⤵
  PID:3108
- C:\Windows\System\OPtKRWO.exe
  C:\Windows\System\OPtKRWO.exe
  2⤵
  PID:3148
- C:\Windows\System\JQgiKDx.exe
  C:\Windows\System\JQgiKDx.exe
  2⤵
  PID:3256
- C:\Windows\System\IXcSMLP.exe
  C:\Windows\System\IXcSMLP.exe
  2⤵
  PID:3300
- C:\Windows\System\PEkHNbJ.exe
  C:\Windows\System\PEkHNbJ.exe
  2⤵
  PID:3372
- C:\Windows\System\jOeBZLR.exe
  C:\Windows\System\jOeBZLR.exe
  2⤵
  PID:3240
- C:\Windows\System\HboXTCy.exe
  C:\Windows\System\HboXTCy.exe
  2⤵
  PID:3312
- C:\Windows\System\PTLMxKw.exe
  C:\Windows\System\PTLMxKw.exe
  2⤵
  PID:3440
- C:\Windows\System\pwTbsKr.exe
  C:\Windows\System\pwTbsKr.exe
  2⤵
  PID:3484
- C:\Windows\System\TZRDGLI.exe
  C:\Windows\System\TZRDGLI.exe
  2⤵
  PID:3528
- C:\Windows\System\WIROxOT.exe
  C:\Windows\System\WIROxOT.exe
  2⤵
  PID:3504
- C:\Windows\System\ArGzWnc.exe
  C:\Windows\System\ArGzWnc.exe
  2⤵
  PID:3536
- C:\Windows\System\JNWYVuF.exe
  C:\Windows\System\JNWYVuF.exe
  2⤵
  PID:3580
- C:\Windows\System\nXTUpDX.exe
  C:\Windows\System\nXTUpDX.exe
  2⤵
  PID:3620
- C:\Windows\System\BJymtLC.exe
  C:\Windows\System\BJymtLC.exe
  2⤵
  PID:3692
- C:\Windows\System\rQjlOnG.exe
  C:\Windows\System\rQjlOnG.exe
  2⤵
  PID:3640
- C:\Windows\System\ekwiExI.exe
  C:\Windows\System\ekwiExI.exe
  2⤵
  PID:3728
- C:\Windows\System\mJblLqq.exe
  C:\Windows\System\mJblLqq.exe
  2⤵
  PID:3732
- C:\Windows\System\xrCBsqX.exe
  C:\Windows\System\xrCBsqX.exe
  2⤵
  PID:3780
- C:\Windows\System\fmXaIXe.exe
  C:\Windows\System\fmXaIXe.exe
  2⤵
  PID:3816
- C:\Windows\System\ksvBwwd.exe
  C:\Windows\System\ksvBwwd.exe
  2⤵
  PID:3836
- C:\Windows\System\kPLrlxX.exe
  C:\Windows\System\kPLrlxX.exe
  2⤵
  PID:3896
- C:\Windows\System\XtsbfTs.exe
  C:\Windows\System\XtsbfTs.exe
  2⤵
  PID:3932
- C:\Windows\System\RUTcXZo.exe
  C:\Windows\System\RUTcXZo.exe
  2⤵
  PID:4008
- C:\Windows\System\VLAqyDV.exe
  C:\Windows\System\VLAqyDV.exe
  2⤵
  PID:3944
- C:\Windows\System\WrFWaLb.exe
  C:\Windows\System\WrFWaLb.exe
  2⤵
  PID:3992
- C:\Windows\System\KkwfKxO.exe
  C:\Windows\System\KkwfKxO.exe
  2⤵
  PID:4060
- C:\Windows\System\RurdSil.exe
  C:\Windows\System\RurdSil.exe
  2⤵
  PID:2240
- C:\Windows\System\EvwABJz.exe
  C:\Windows\System\EvwABJz.exe
  2⤵
  PID:996
- C:\Windows\System\ZHyupkB.exe
  C:\Windows\System\ZHyupkB.exe
  2⤵
  PID:2500
- C:\Windows\System\yTOvCuZ.exe
  C:\Windows\System\yTOvCuZ.exe
  2⤵
  PID:1688
- C:\Windows\System\ZQOWUXO.exe
  C:\Windows\System\ZQOWUXO.exe
  2⤵
  PID:292
- C:\Windows\System\JWxYyUU.exe
  C:\Windows\System\JWxYyUU.exe
  2⤵
  PID:296
- C:\Windows\System\pcOzJbO.exe
  C:\Windows\System\pcOzJbO.exe
  2⤵
  PID:3124
- C:\Windows\System\XTvFITF.exe
  C:\Windows\System\XTvFITF.exe
  2⤵
  PID:3156
- C:\Windows\System\ErrqAOw.exe
  C:\Windows\System\ErrqAOw.exe
  2⤵
  PID:3292
- C:\Windows\System\goCEMmB.exe
  C:\Windows\System\goCEMmB.exe
  2⤵
  PID:3192
- C:\Windows\System\HTPXeoc.exe
  C:\Windows\System\HTPXeoc.exe
  2⤵
  PID:3332
- C:\Windows\System\VQAYsjr.exe
  C:\Windows\System\VQAYsjr.exe
  2⤵
  PID:3316
- C:\Windows\System\wiExfBx.exe
  C:\Windows\System\wiExfBx.exe
  2⤵
  PID:3480
- C:\Windows\System\TgOrmWh.exe
  C:\Windows\System\TgOrmWh.exe
  2⤵
  PID:3492
- C:\Windows\System\ZDQQcbL.exe
  C:\Windows\System\ZDQQcbL.exe
  2⤵
  PID:3548
- C:\Windows\System\YzMEnCE.exe
  C:\Windows\System\YzMEnCE.exe
  2⤵
  PID:3616
- C:\Windows\System\vDkmfzX.exe
  C:\Windows\System\vDkmfzX.exe
  2⤵
  PID:3600
- C:\Windows\System\QidPqRm.exe
  C:\Windows\System\QidPqRm.exe
  2⤵
  PID:3672
- C:\Windows\System\UbVkBgp.exe
  C:\Windows\System\UbVkBgp.exe
  2⤵
  PID:3756
- C:\Windows\System\iJZfNEg.exe
  C:\Windows\System\iJZfNEg.exe
  2⤵
  PID:3892
- C:\Windows\System\uXHVGSm.exe
  C:\Windows\System\uXHVGSm.exe
  2⤵
  PID:3868
- C:\Windows\System\nEXHKKM.exe
  C:\Windows\System\nEXHKKM.exe
  2⤵
  PID:3972
- C:\Windows\System\zjjaCzS.exe
  C:\Windows\System\zjjaCzS.exe
  2⤵
  PID:4012
- C:\Windows\System\BFlPanI.exe
  C:\Windows\System\BFlPanI.exe
  2⤵
  PID:4040
- C:\Windows\System\kCLcXLu.exe
  C:\Windows\System\kCLcXLu.exe
  2⤵
  PID:4088
- C:\Windows\System\WKalcHm.exe
  C:\Windows\System\WKalcHm.exe
  2⤵
  PID:2224
- C:\Windows\System\UMFGYji.exe
  C:\Windows\System\UMFGYji.exe
  2⤵
  PID:1932
- C:\Windows\System\wfvkkms.exe
  C:\Windows\System\wfvkkms.exe
  2⤵
  PID:1076
- C:\Windows\System\esudfeA.exe
  C:\Windows\System\esudfeA.exe
  2⤵
  PID:3328
- C:\Windows\System\rXTKWSc.exe
  C:\Windows\System\rXTKWSc.exe
  2⤵
  PID:3404
- C:\Windows\System\TFaLJQx.exe
  C:\Windows\System\TFaLJQx.exe
  2⤵
  PID:3400
- C:\Windows\System\YNoveDx.exe
  C:\Windows\System\YNoveDx.exe
  2⤵
  PID:3408
- C:\Windows\System\bJUkAqI.exe
  C:\Windows\System\bJUkAqI.exe
  2⤵
  PID:3488
- C:\Windows\System\yFwNDKd.exe
  C:\Windows\System\yFwNDKd.exe
  2⤵
  PID:3656
- C:\Windows\System\WyRSkNI.exe
  C:\Windows\System\WyRSkNI.exe
  2⤵
  PID:3716
- C:\Windows\System\fXLBlbq.exe
  C:\Windows\System\fXLBlbq.exe
  2⤵
  PID:3852
- C:\Windows\System\gRUhVEc.exe
  C:\Windows\System\gRUhVEc.exe
  2⤵
  PID:3964
- C:\Windows\System\oXbJwQD.exe
  C:\Windows\System\oXbJwQD.exe
  2⤵
  PID:4104
- C:\Windows\System\UjbBpGr.exe
  C:\Windows\System\UjbBpGr.exe
  2⤵
  PID:4124
- C:\Windows\System\TihtWrO.exe
  C:\Windows\System\TihtWrO.exe
  2⤵
  PID:4148
- C:\Windows\System\VMAwOWZ.exe
  C:\Windows\System\VMAwOWZ.exe
  2⤵
  PID:4164
- C:\Windows\System\WuLopaU.exe
  C:\Windows\System\WuLopaU.exe
  2⤵
  PID:4188
- C:\Windows\System\PlPisDx.exe
  C:\Windows\System\PlPisDx.exe
  2⤵
  PID:4208
- C:\Windows\System\nPVkhVZ.exe
  C:\Windows\System\nPVkhVZ.exe
  2⤵
  PID:4224
- C:\Windows\System\QBJidjz.exe
  C:\Windows\System\QBJidjz.exe
  2⤵
  PID:4248
- C:\Windows\System\SnmfBEN.exe
  C:\Windows\System\SnmfBEN.exe
  2⤵
  PID:4264
- C:\Windows\System\szlqnfB.exe
  C:\Windows\System\szlqnfB.exe
  2⤵
  PID:4284
- C:\Windows\System\EhlyrPs.exe
  C:\Windows\System\EhlyrPs.exe
  2⤵
  PID:4304
- C:\Windows\System\gUsupyw.exe
  C:\Windows\System\gUsupyw.exe
  2⤵
  PID:4328
- C:\Windows\System\NObOphi.exe
  C:\Windows\System\NObOphi.exe
  2⤵
  PID:4348
- C:\Windows\System\LezBLpS.exe
  C:\Windows\System\LezBLpS.exe
  2⤵
  PID:4364
- C:\Windows\System\YHUtMkj.exe
  C:\Windows\System\YHUtMkj.exe
  2⤵
  PID:4384
- C:\Windows\System\bKutUFW.exe
  C:\Windows\System\bKutUFW.exe
  2⤵
  PID:4408
- C:\Windows\System\FIAYWhD.exe
  C:\Windows\System\FIAYWhD.exe
  2⤵
  PID:4428
- C:\Windows\System\aXirAKS.exe
  C:\Windows\System\aXirAKS.exe
  2⤵
  PID:4448
- C:\Windows\System\VoqwacQ.exe
  C:\Windows\System\VoqwacQ.exe
  2⤵
  PID:4464
- C:\Windows\System\ZttRDIA.exe
  C:\Windows\System\ZttRDIA.exe
  2⤵
  PID:4484
- C:\Windows\System\AQktbkT.exe
  C:\Windows\System\AQktbkT.exe
  2⤵
  PID:4508
- C:\Windows\System\rgfFLSz.exe
  C:\Windows\System\rgfFLSz.exe
  2⤵
  PID:4528
- C:\Windows\System\NroOkVb.exe
  C:\Windows\System\NroOkVb.exe
  2⤵
  PID:4548
- C:\Windows\System\rhbhxLf.exe
  C:\Windows\System\rhbhxLf.exe
  2⤵
  PID:4564
- C:\Windows\System\vepnlUm.exe
  C:\Windows\System\vepnlUm.exe
  2⤵
  PID:4584
- C:\Windows\System\AMYgQAH.exe
  C:\Windows\System\AMYgQAH.exe
  2⤵
  PID:4608
- C:\Windows\System\UTudhZm.exe
  C:\Windows\System\UTudhZm.exe
  2⤵
  PID:4628
- C:\Windows\System\UyyLWTb.exe
  C:\Windows\System\UyyLWTb.exe
  2⤵
  PID:4648
- C:\Windows\System\vsEaMSV.exe
  C:\Windows\System\vsEaMSV.exe
  2⤵
  PID:4668
- C:\Windows\System\YMiijLF.exe
  C:\Windows\System\YMiijLF.exe
  2⤵
  PID:4684
- C:\Windows\System\lhGrWCw.exe
  C:\Windows\System\lhGrWCw.exe
  2⤵
  PID:4708
- C:\Windows\System\iEiBvhE.exe
  C:\Windows\System\iEiBvhE.exe
  2⤵
  PID:4724
- C:\Windows\System\ijQoioT.exe
  C:\Windows\System\ijQoioT.exe
  2⤵
  PID:4744
- C:\Windows\System\HqxZhSS.exe
  C:\Windows\System\HqxZhSS.exe
  2⤵
  PID:4768
- C:\Windows\System\GxrFjto.exe
  C:\Windows\System\GxrFjto.exe
  2⤵
  PID:4788
- C:\Windows\System\QUeUnFq.exe
  C:\Windows\System\QUeUnFq.exe
  2⤵
  PID:4808
- C:\Windows\System\sVFVPaR.exe
  C:\Windows\System\sVFVPaR.exe
  2⤵
  PID:4828
- C:\Windows\System\VftNpiW.exe
  C:\Windows\System\VftNpiW.exe
  2⤵
  PID:4848
- C:\Windows\System\QJyHWnc.exe
  C:\Windows\System\QJyHWnc.exe
  2⤵
  PID:4864
- C:\Windows\System\usyXlLB.exe
  C:\Windows\System\usyXlLB.exe
  2⤵
  PID:4884
- C:\Windows\System\QCXrAsT.exe
  C:\Windows\System\QCXrAsT.exe
  2⤵
  PID:4908
- C:\Windows\System\vZoLSrF.exe
  C:\Windows\System\vZoLSrF.exe
  2⤵
  PID:4924
- C:\Windows\System\diFTEpw.exe
  C:\Windows\System\diFTEpw.exe
  2⤵
  PID:4948
- C:\Windows\System\tRKCtMN.exe
  C:\Windows\System\tRKCtMN.exe
  2⤵
  PID:4968
- C:\Windows\System\bUTsbrC.exe
  C:\Windows\System\bUTsbrC.exe
  2⤵
  PID:4984
- C:\Windows\System\UegYgCj.exe
  C:\Windows\System\UegYgCj.exe
  2⤵
  PID:5008
- C:\Windows\System\kqWBFcB.exe
  C:\Windows\System\kqWBFcB.exe
  2⤵
  PID:5028
- C:\Windows\System\KEnwwGR.exe
  C:\Windows\System\KEnwwGR.exe
  2⤵
  PID:5048
- C:\Windows\System\oUoyfIR.exe
  C:\Windows\System\oUoyfIR.exe
  2⤵
  PID:5068
- C:\Windows\System\ibYeMrR.exe
  C:\Windows\System\ibYeMrR.exe
  2⤵
  PID:5088
- C:\Windows\System\CGYHnyK.exe
  C:\Windows\System\CGYHnyK.exe
  2⤵
  PID:5104
- C:\Windows\System\mjhvIwI.exe
  C:\Windows\System\mjhvIwI.exe
  2⤵
  PID:1132
- C:\Windows\System\sqHtdUh.exe
  C:\Windows\System\sqHtdUh.exe
  2⤵
  PID:3912
- C:\Windows\System\FqGiqxU.exe
  C:\Windows\System\FqGiqxU.exe
  2⤵
  PID:4084
- C:\Windows\System\QjUZwHh.exe
  C:\Windows\System\QjUZwHh.exe
  2⤵
  PID:3096
- C:\Windows\System\dtvPblY.exe
  C:\Windows\System\dtvPblY.exe
  2⤵
  PID:3276
- C:\Windows\System\JyuDmmM.exe
  C:\Windows\System\JyuDmmM.exe
  2⤵
  PID:3512
- C:\Windows\System\bGJGWeS.exe
  C:\Windows\System\bGJGWeS.exe
  2⤵
  PID:3560
- C:\Windows\System\NSchQLs.exe
  C:\Windows\System\NSchQLs.exe
  2⤵
  PID:3572
- C:\Windows\System\FvsEvOw.exe
  C:\Windows\System\FvsEvOw.exe
  2⤵
  PID:4120
- C:\Windows\System\EMSWWHG.exe
  C:\Windows\System\EMSWWHG.exe
  2⤵
  PID:4032
- C:\Windows\System\SbYWCEA.exe
  C:\Windows\System\SbYWCEA.exe
  2⤵
  PID:4136
- C:\Windows\System\PQiYXPF.exe
  C:\Windows\System\PQiYXPF.exe
  2⤵
  PID:4200
- C:\Windows\System\gIqCZBC.exe
  C:\Windows\System\gIqCZBC.exe
  2⤵
  PID:4184
- C:\Windows\System\XyKqwST.exe
  C:\Windows\System\XyKqwST.exe
  2⤵
  PID:4244
- C:\Windows\System\STAOBVC.exe
  C:\Windows\System\STAOBVC.exe
  2⤵
  PID:4280
- C:\Windows\System\kAdKutx.exe
  C:\Windows\System\kAdKutx.exe
  2⤵
  PID:4292
- C:\Windows\System\mwKCGUr.exe
  C:\Windows\System\mwKCGUr.exe
  2⤵
  PID:4336
- C:\Windows\System\fzZNjrA.exe
  C:\Windows\System\fzZNjrA.exe
  2⤵
  PID:4404
- C:\Windows\System\wlZFLgJ.exe
  C:\Windows\System\wlZFLgJ.exe
  2⤵
  PID:4416
- C:\Windows\System\MCfpiLk.exe
  C:\Windows\System\MCfpiLk.exe
  2⤵
  PID:4440
- C:\Windows\System\SMndluk.exe
  C:\Windows\System\SMndluk.exe
  2⤵
  PID:4456
- C:\Windows\System\PQSDYKu.exe
  C:\Windows\System\PQSDYKu.exe
  2⤵
  PID:4524
- C:\Windows\System\zdEnzcn.exe
  C:\Windows\System\zdEnzcn.exe
  2⤵
  PID:4544
- C:\Windows\System\gGtTZdE.exe
  C:\Windows\System\gGtTZdE.exe
  2⤵
  PID:4604
- C:\Windows\System\gLvPvJk.exe
  C:\Windows\System\gLvPvJk.exe
  2⤵
  PID:4616
- C:\Windows\System\jmLhOqx.exe
  C:\Windows\System\jmLhOqx.exe
  2⤵
  PID:4640
- C:\Windows\System\PnEyEwh.exe
  C:\Windows\System\PnEyEwh.exe
  2⤵
  PID:4660
- C:\Windows\System\jqgvlJr.exe
  C:\Windows\System\jqgvlJr.exe
  2⤵
  PID:4704
- C:\Windows\System\SwoCmhM.exe
  C:\Windows\System\SwoCmhM.exe
  2⤵
  PID:4736
- C:\Windows\System\UextyJG.exe
  C:\Windows\System\UextyJG.exe
  2⤵
  PID:4776
- C:\Windows\System\PddRqBr.exe
  C:\Windows\System\PddRqBr.exe
  2⤵
  PID:4800
- C:\Windows\System\XxEkRsK.exe
  C:\Windows\System\XxEkRsK.exe
  2⤵
  PID:4824
- C:\Windows\System\LdGEhGx.exe
  C:\Windows\System\LdGEhGx.exe
  2⤵
  PID:4876
- C:\Windows\System\jdlOeiv.exe
  C:\Windows\System\jdlOeiv.exe
  2⤵
  PID:4920
- C:\Windows\System\aGluQqi.exe
  C:\Windows\System\aGluQqi.exe
  2⤵
  PID:4944
- C:\Windows\System\gHygPkW.exe
  C:\Windows\System\gHygPkW.exe
  2⤵
  PID:4996
- C:\Windows\System\wTAoPMv.exe
  C:\Windows\System\wTAoPMv.exe
  2⤵
  PID:5000
- C:\Windows\System\KDDEutS.exe
  C:\Windows\System\KDDEutS.exe
  2⤵
  PID:5044
- C:\Windows\System\ZxWkTTt.exe
  C:\Windows\System\ZxWkTTt.exe
  2⤵
  PID:5064
- C:\Windows\System\hqvdkwj.exe
  C:\Windows\System\hqvdkwj.exe
  2⤵
  PID:5116
- C:\Windows\System\lFDAIhJ.exe
  C:\Windows\System\lFDAIhJ.exe
  2⤵
  PID:640
- C:\Windows\System\EVhKhaw.exe
  C:\Windows\System\EVhKhaw.exe
  2⤵
  PID:3076
- C:\Windows\System\cdzRbfA.exe
  C:\Windows\System\cdzRbfA.exe
  2⤵
  PID:3592
- C:\Windows\System\dKMtVWj.exe
  C:\Windows\System\dKMtVWj.exe
  2⤵
  PID:3596
- C:\Windows\System\WxycLJx.exe
  C:\Windows\System\WxycLJx.exe
  2⤵
  PID:4112
- C:\Windows\System\sbhuRkd.exe
  C:\Windows\System\sbhuRkd.exe
  2⤵
  PID:4068
- C:\Windows\System\wIEIaDA.exe
  C:\Windows\System\wIEIaDA.exe
  2⤵
  PID:4180
- C:\Windows\System\cfPWOQU.exe
  C:\Windows\System\cfPWOQU.exe
  2⤵
  PID:4276
- C:\Windows\System\KXWOgnk.exe
  C:\Windows\System\KXWOgnk.exe
  2⤵
  PID:4356
- C:\Windows\System\WTrEvAW.exe
  C:\Windows\System\WTrEvAW.exe
  2⤵
  PID:4312
- C:\Windows\System\YlsWWpD.exe
  C:\Windows\System\YlsWWpD.exe
  2⤵
  PID:4396
- C:\Windows\System\zFhGeAx.exe
  C:\Windows\System\zFhGeAx.exe
  2⤵
  PID:4480
- C:\Windows\System\WDrLsfb.exe
  C:\Windows\System\WDrLsfb.exe
  2⤵
  PID:4492
- C:\Windows\System\qSXTRyc.exe
  C:\Windows\System\qSXTRyc.exe
  2⤵
  PID:4540
- C:\Windows\System\IbHwSJL.exe
  C:\Windows\System\IbHwSJL.exe
  2⤵
  PID:4676
- C:\Windows\System\MhDDDXe.exe
  C:\Windows\System\MhDDDXe.exe
  2⤵
  PID:4624
- C:\Windows\System\zqqRWRX.exe
  C:\Windows\System\zqqRWRX.exe
  2⤵
  PID:4716
- C:\Windows\System\BjSdMvY.exe
  C:\Windows\System\BjSdMvY.exe
  2⤵
  PID:4804
- C:\Windows\System\ZSPcyFC.exe
  C:\Windows\System\ZSPcyFC.exe
  2⤵
  PID:4820
- C:\Windows\System\TVJmgRJ.exe
  C:\Windows\System\TVJmgRJ.exe
  2⤵
  PID:2020
- C:\Windows\System\QETPbFO.exe
  C:\Windows\System\QETPbFO.exe
  2⤵
  PID:4936
- C:\Windows\System\mPmYqKq.exe
  C:\Windows\System\mPmYqKq.exe
  2⤵
  PID:4992
- C:\Windows\System\XvRAWtJ.exe
  C:\Windows\System\XvRAWtJ.exe
  2⤵
  PID:5100
- C:\Windows\System\ybzLILl.exe
  C:\Windows\System\ybzLILl.exe
  2⤵
  PID:5096
- C:\Windows\System\tXQBTqV.exe
  C:\Windows\System\tXQBTqV.exe
  2⤵
  PID:3988
- C:\Windows\System\kfQjXTO.exe
  C:\Windows\System\kfQjXTO.exe
  2⤵
  PID:692
- C:\Windows\System\qdRpaEW.exe
  C:\Windows\System\qdRpaEW.exe
  2⤵
  PID:4232
- C:\Windows\System\RgnFnEm.exe
  C:\Windows\System\RgnFnEm.exe
  2⤵
  PID:3776
- C:\Windows\System\jnnKQjR.exe
  C:\Windows\System\jnnKQjR.exe
  2⤵
  PID:4240
- C:\Windows\System\EugydbA.exe
  C:\Windows\System\EugydbA.exe
  2⤵
  PID:4400
- C:\Windows\System\trgubCU.exe
  C:\Windows\System\trgubCU.exe
  2⤵
  PID:4300
- C:\Windows\System\lTrXkNU.exe
  C:\Windows\System\lTrXkNU.exe
  2⤵
  PID:4580
- C:\Windows\System\bfeLstQ.exe
  C:\Windows\System\bfeLstQ.exe
  2⤵
  PID:4536
- C:\Windows\System\cagYTxD.exe
  C:\Windows\System\cagYTxD.exe
  2⤵
  PID:4720
- C:\Windows\System\iuEgYfv.exe
  C:\Windows\System\iuEgYfv.exe
  2⤵
  PID:4796
- C:\Windows\System\TnTyLzs.exe
  C:\Windows\System\TnTyLzs.exe
  2⤵
  PID:4896
- C:\Windows\System\vOwzdVV.exe
  C:\Windows\System\vOwzdVV.exe
  2⤵
  PID:4900
- C:\Windows\System\XmIiiUc.exe
  C:\Windows\System\XmIiiUc.exe
  2⤵
  PID:4940
- C:\Windows\System\dThLiVL.exe
  C:\Windows\System\dThLiVL.exe
  2⤵
  PID:5020
- C:\Windows\System\XuEjYSS.exe
  C:\Windows\System\XuEjYSS.exe
  2⤵
  PID:2384
- C:\Windows\System\ECabFGt.exe
  C:\Windows\System\ECabFGt.exe
  2⤵
  PID:4160
- C:\Windows\System\SJLApVm.exe
  C:\Windows\System\SJLApVm.exe
  2⤵
  PID:3524
- C:\Windows\System\ixeoUJE.exe
  C:\Windows\System\ixeoUJE.exe
  2⤵
  PID:4376
- C:\Windows\System\dDsJNCP.exe
  C:\Windows\System\dDsJNCP.exe
  2⤵
  PID:5128
- C:\Windows\System\UvQJuTv.exe
  C:\Windows\System\UvQJuTv.exe
  2⤵
  PID:5148
- C:\Windows\System\lnAWDkI.exe
  C:\Windows\System\lnAWDkI.exe
  2⤵
  PID:5168
- C:\Windows\System\pDcoJfu.exe
  C:\Windows\System\pDcoJfu.exe
  2⤵
  PID:5192
- C:\Windows\System\ePsCfOk.exe
  C:\Windows\System\ePsCfOk.exe
  2⤵
  PID:5208
- C:\Windows\System\kFMvzVY.exe
  C:\Windows\System\kFMvzVY.exe
  2⤵
  PID:5232
- C:\Windows\System\Vzrpkyy.exe
  C:\Windows\System\Vzrpkyy.exe
  2⤵
  PID:5252
- C:\Windows\System\FLqNreL.exe
  C:\Windows\System\FLqNreL.exe
  2⤵
  PID:5272
- C:\Windows\System\icZMpOD.exe
  C:\Windows\System\icZMpOD.exe
  2⤵
  PID:5292
- C:\Windows\System\QDioubz.exe
  C:\Windows\System\QDioubz.exe
  2⤵
  PID:5312
- C:\Windows\System\FVcRpZM.exe
  C:\Windows\System\FVcRpZM.exe
  2⤵
  PID:5328
- C:\Windows\System\QQcVQWq.exe
  C:\Windows\System\QQcVQWq.exe
  2⤵
  PID:5344
- C:\Windows\System\UXnFkai.exe
  C:\Windows\System\UXnFkai.exe
  2⤵
  PID:5372
- C:\Windows\System\KgYRKnO.exe
  C:\Windows\System\KgYRKnO.exe
  2⤵
  PID:5388
- C:\Windows\System\ARKwuPZ.exe
  C:\Windows\System\ARKwuPZ.exe
  2⤵
  PID:5412
- C:\Windows\System\pfpDkvy.exe
  C:\Windows\System\pfpDkvy.exe
  2⤵
  PID:5432
- C:\Windows\System\TdCiJeh.exe
  C:\Windows\System\TdCiJeh.exe
  2⤵
  PID:5452
- C:\Windows\System\nhcjGep.exe
  C:\Windows\System\nhcjGep.exe
  2⤵
  PID:5472
- C:\Windows\System\pusfSxy.exe
  C:\Windows\System\pusfSxy.exe
  2⤵
  PID:5492
- C:\Windows\System\UmNUTvo.exe
  C:\Windows\System\UmNUTvo.exe
  2⤵
  PID:5512
- C:\Windows\System\kZAaYeu.exe
  C:\Windows\System\kZAaYeu.exe
  2⤵
  PID:5528
- C:\Windows\System\tGlcFKD.exe
  C:\Windows\System\tGlcFKD.exe
  2⤵
  PID:5552
- C:\Windows\System\IlxqCEJ.exe
  C:\Windows\System\IlxqCEJ.exe
  2⤵
  PID:5572
- C:\Windows\System\ELeTxyL.exe
  C:\Windows\System\ELeTxyL.exe
  2⤵
  PID:5588
- C:\Windows\System\ukUvSuC.exe
  C:\Windows\System\ukUvSuC.exe
  2⤵
  PID:5612
- C:\Windows\System\ktSQzkb.exe
  C:\Windows\System\ktSQzkb.exe
  2⤵
  PID:5628
- C:\Windows\System\CIzAOov.exe
  C:\Windows\System\CIzAOov.exe
  2⤵
  PID:5652
- C:\Windows\System\LTGYTCX.exe
  C:\Windows\System\LTGYTCX.exe
  2⤵
  PID:5672
- C:\Windows\System\VOCxNCp.exe
  C:\Windows\System\VOCxNCp.exe
  2⤵
  PID:5692
- C:\Windows\System\AQtmBWG.exe
  C:\Windows\System\AQtmBWG.exe
  2⤵
  PID:5712
- C:\Windows\System\LFZjTYQ.exe
  C:\Windows\System\LFZjTYQ.exe
  2⤵
  PID:5732
- C:\Windows\System\ItNzafE.exe
  C:\Windows\System\ItNzafE.exe
  2⤵
  PID:5752
- C:\Windows\System\KXGXAFx.exe
  C:\Windows\System\KXGXAFx.exe
  2⤵
  PID:5772
- C:\Windows\System\huocbdL.exe
  C:\Windows\System\huocbdL.exe
  2⤵
  PID:5788
- C:\Windows\System\gLTNRLV.exe
  C:\Windows\System\gLTNRLV.exe
  2⤵
  PID:5808
- C:\Windows\System\zdOGFtI.exe
  C:\Windows\System\zdOGFtI.exe
  2⤵
  PID:5824
- C:\Windows\System\SwQsSiq.exe
  C:\Windows\System\SwQsSiq.exe
  2⤵
  PID:5844
- C:\Windows\System\moojRnk.exe
  C:\Windows\System\moojRnk.exe
  2⤵
  PID:5868
- C:\Windows\System\WeEcOuH.exe
  C:\Windows\System\WeEcOuH.exe
  2⤵
  PID:5888
- C:\Windows\System\vFhzuXY.exe
  C:\Windows\System\vFhzuXY.exe
  2⤵
  PID:5908
- C:\Windows\System\rFpbJuo.exe
  C:\Windows\System\rFpbJuo.exe
  2⤵
  PID:5928
- C:\Windows\System\ZZDEWeU.exe
  C:\Windows\System\ZZDEWeU.exe
  2⤵
  PID:5948
- C:\Windows\System\tMVCgQa.exe
  C:\Windows\System\tMVCgQa.exe
  2⤵
  PID:5972
- C:\Windows\System\yLFuswL.exe
  C:\Windows\System\yLFuswL.exe
  2⤵
  PID:5992
- C:\Windows\System\gottuma.exe
  C:\Windows\System\gottuma.exe
  2⤵
  PID:6008
- C:\Windows\System\IAxihHp.exe
  C:\Windows\System\IAxihHp.exe
  2⤵
  PID:6032
- C:\Windows\System\OHQmpJk.exe
  C:\Windows\System\OHQmpJk.exe
  2⤵
  PID:6052
- C:\Windows\System\MzVoxDv.exe
  C:\Windows\System\MzVoxDv.exe
  2⤵
  PID:6072
- C:\Windows\System\DPDUwYW.exe
  C:\Windows\System\DPDUwYW.exe
  2⤵
  PID:6092
- C:\Windows\System\npvWZyA.exe
  C:\Windows\System\npvWZyA.exe
  2⤵
  PID:6112
- C:\Windows\System\ncneqYA.exe
  C:\Windows\System\ncneqYA.exe
  2⤵
  PID:6132
- C:\Windows\System\iIOjpgI.exe
  C:\Windows\System\iIOjpgI.exe
  2⤵
  PID:4576
- C:\Windows\System\jcGOgpy.exe
  C:\Windows\System\jcGOgpy.exe
  2⤵
  PID:4664
- C:\Windows\System\TFJxUIT.exe
  C:\Windows\System\TFJxUIT.exe
  2⤵
  PID:4760
- C:\Windows\System\sVmXISv.exe
  C:\Windows\System\sVmXISv.exe
  2⤵
  PID:5056
- C:\Windows\System\XDKOQbS.exe
  C:\Windows\System\XDKOQbS.exe
  2⤵
  PID:5076
- C:\Windows\System\EgivSjK.exe
  C:\Windows\System\EgivSjK.exe
  2⤵
  PID:3212
- C:\Windows\System\FRZipaC.exe
  C:\Windows\System\FRZipaC.exe
  2⤵
  PID:4340
- C:\Windows\System\klDVHek.exe
  C:\Windows\System\klDVHek.exe
  2⤵
  PID:5140
- C:\Windows\System\ooByEbR.exe
  C:\Windows\System\ooByEbR.exe
  2⤵
  PID:5180
- C:\Windows\System\dFwGCpR.exe
  C:\Windows\System\dFwGCpR.exe
  2⤵
  PID:5216
- C:\Windows\System\OGnzTxP.exe
  C:\Windows\System\OGnzTxP.exe
  2⤵
  PID:5224
- C:\Windows\System\tWIkzyR.exe
  C:\Windows\System\tWIkzyR.exe
  2⤵
  PID:5248
- C:\Windows\System\MerOTRr.exe
  C:\Windows\System\MerOTRr.exe
  2⤵
  PID:5288
- C:\Windows\System\XWaMjlV.exe
  C:\Windows\System\XWaMjlV.exe
  2⤵
  PID:5324
- C:\Windows\System\wlxebOH.exe
  C:\Windows\System\wlxebOH.exe
  2⤵
  PID:5360
- C:\Windows\System\TUwkPlc.exe
  C:\Windows\System\TUwkPlc.exe
  2⤵
  PID:5400
- C:\Windows\System\FdPiDcI.exe
  C:\Windows\System\FdPiDcI.exe
  2⤵
  PID:5424
- C:\Windows\System\PEHiGgP.exe
  C:\Windows\System\PEHiGgP.exe
  2⤵
  PID:5468
- C:\Windows\System\OAvDhIz.exe
  C:\Windows\System\OAvDhIz.exe
  2⤵
  PID:5488
- C:\Windows\System\pcniqDM.exe
  C:\Windows\System\pcniqDM.exe
  2⤵
  PID:5524
- C:\Windows\System\LZXUotY.exe
  C:\Windows\System\LZXUotY.exe
  2⤵
  PID:5580
- C:\Windows\System\PoIQnbS.exe
  C:\Windows\System\PoIQnbS.exe
  2⤵
  PID:5564
- C:\Windows\System\IWvftXN.exe
  C:\Windows\System\IWvftXN.exe
  2⤵
  PID:5660
- C:\Windows\System\CrlESpS.exe
  C:\Windows\System\CrlESpS.exe
  2⤵
  PID:5668
- C:\Windows\System\LiOSfNL.exe
  C:\Windows\System\LiOSfNL.exe
  2⤵
  PID:5680
- C:\Windows\System\gMJTUrg.exe
  C:\Windows\System\gMJTUrg.exe
  2⤵
  PID:5740
- C:\Windows\System\uQralle.exe
  C:\Windows\System\uQralle.exe
  2⤵
  PID:2804
- C:\Windows\System\gqzTHxL.exe
  C:\Windows\System\gqzTHxL.exe
  2⤵
  PID:5816
- C:\Windows\System\ieyfWMF.exe
  C:\Windows\System\ieyfWMF.exe
  2⤵
  PID:5800
- C:\Windows\System\TmDqdZb.exe
  C:\Windows\System\TmDqdZb.exe
  2⤵
  PID:5796
- C:\Windows\System\tXfwuXN.exe
  C:\Windows\System\tXfwuXN.exe
  2⤵
  PID:5904
- C:\Windows\System\YQWWRWS.exe
  C:\Windows\System\YQWWRWS.exe
  2⤵
  PID:5916
- C:\Windows\System\KDryDCo.exe
  C:\Windows\System\KDryDCo.exe
  2⤵
  PID:5956
- C:\Windows\System\uUhwMVb.exe
  C:\Windows\System\uUhwMVb.exe
  2⤵
  PID:5984
- C:\Windows\System\TllkYbQ.exe
  C:\Windows\System\TllkYbQ.exe
  2⤵
  PID:6024
- C:\Windows\System\rCIsnYz.exe
  C:\Windows\System\rCIsnYz.exe
  2⤵
  PID:6048
- C:\Windows\System\RLzhXei.exe
  C:\Windows\System\RLzhXei.exe
  2⤵
  PID:6100
- C:\Windows\System\LQNsSug.exe
  C:\Windows\System\LQNsSug.exe
  2⤵
  PID:6120
- C:\Windows\System\ZilCUAe.exe
  C:\Windows\System\ZilCUAe.exe
  2⤵
  PID:4460
- C:\Windows\System\FUvpTEp.exe
  C:\Windows\System\FUvpTEp.exe
  2⤵
  PID:4860
- C:\Windows\System\IxkZlcY.exe
  C:\Windows\System\IxkZlcY.exe
  2⤵
  PID:3464
- C:\Windows\System\YUloJac.exe
  C:\Windows\System\YUloJac.exe
  2⤵
  PID:628
- C:\Windows\System\vfFlcFD.exe
  C:\Windows\System\vfFlcFD.exe
  2⤵
  PID:3812
- C:\Windows\System\TiakQud.exe
  C:\Windows\System\TiakQud.exe
  2⤵
  PID:5164
- C:\Windows\System\gjIOlCt.exe
  C:\Windows\System\gjIOlCt.exe
  2⤵
  PID:5188
- C:\Windows\System\eLFHxCW.exe
  C:\Windows\System\eLFHxCW.exe
  2⤵
  PID:5284
- C:\Windows\System\CFVePtv.exe
  C:\Windows\System\CFVePtv.exe
  2⤵
  PID:5340
- C:\Windows\System\LXeyzRF.exe
  C:\Windows\System\LXeyzRF.exe
  2⤵
  PID:5364
- C:\Windows\System\VLZNuQO.exe
  C:\Windows\System\VLZNuQO.exe
  2⤵
  PID:5384
- C:\Windows\System\ajJfxsv.exe
  C:\Windows\System\ajJfxsv.exe
  2⤵
  PID:5448
- C:\Windows\System\GVYoLUJ.exe
  C:\Windows\System\GVYoLUJ.exe
  2⤵
  PID:5536
- C:\Windows\System\JpRAdmA.exe
  C:\Windows\System\JpRAdmA.exe
  2⤵
  PID:5620
- C:\Windows\System\xiwqZON.exe
  C:\Windows\System\xiwqZON.exe
  2⤵
  PID:5640
- C:\Windows\System\gsGatbQ.exe
  C:\Windows\System\gsGatbQ.exe
  2⤵
  PID:2800
- C:\Windows\System\tdqaSSM.exe
  C:\Windows\System\tdqaSSM.exe
  2⤵
  PID:5744
- C:\Windows\System\ojneBal.exe
  C:\Windows\System\ojneBal.exe
  2⤵
  PID:5684
- C:\Windows\System\VERJzeW.exe
  C:\Windows\System\VERJzeW.exe
  2⤵
  PID:5764
- C:\Windows\System\pmfLAfF.exe
  C:\Windows\System\pmfLAfF.exe
  2⤵
  PID:5900
- C:\Windows\System\YgTiGdp.exe
  C:\Windows\System\YgTiGdp.exe
  2⤵
  PID:5940
- C:\Windows\System\sABaMgc.exe
  C:\Windows\System\sABaMgc.exe
  2⤵
  PID:6016
- C:\Windows\System\TLzlbaX.exe
  C:\Windows\System\TLzlbaX.exe
  2⤵
  PID:6004
- C:\Windows\System\FtdWMRq.exe
  C:\Windows\System\FtdWMRq.exe
  2⤵
  PID:6084
- C:\Windows\System\zTSHvoM.exe
  C:\Windows\System\zTSHvoM.exe
  2⤵
  PID:6124
- C:\Windows\System\zNkMuls.exe
  C:\Windows\System\zNkMuls.exe
  2⤵
  PID:4856
- C:\Windows\System\tpjiYoV.exe
  C:\Windows\System\tpjiYoV.exe
  2⤵
  PID:2748
- C:\Windows\System\YKVjhwO.exe
  C:\Windows\System\YKVjhwO.exe
  2⤵
  PID:5176
- C:\Windows\System\SFeiHAK.exe
  C:\Windows\System\SFeiHAK.exe
  2⤵
  PID:3064
- C:\Windows\System\uwYbqWk.exe
  C:\Windows\System\uwYbqWk.exe
  2⤵
  PID:5268
- C:\Windows\System\MatnGzI.exe
  C:\Windows\System\MatnGzI.exe
  2⤵
  PID:972
- C:\Windows\System\yMmErvd.exe
  C:\Windows\System\yMmErvd.exe
  2⤵
  PID:5460
- C:\Windows\System\xkSeTGc.exe
  C:\Windows\System\xkSeTGc.exe
  2⤵
  PID:5444
- C:\Windows\System\hhQHmYP.exe
  C:\Windows\System\hhQHmYP.exe
  2⤵
  PID:5604
- C:\Windows\System\VIZWmMV.exe
  C:\Windows\System\VIZWmMV.exe
  2⤵
  PID:5708
- C:\Windows\System\CnmuYxV.exe
  C:\Windows\System\CnmuYxV.exe
  2⤵
  PID:5856
- C:\Windows\System\RNyyHcc.exe
  C:\Windows\System\RNyyHcc.exe
  2⤵
  PID:5880
- C:\Windows\System\VEZliyW.exe
  C:\Windows\System\VEZliyW.exe
  2⤵
  PID:5924
- C:\Windows\System\mJrnlKC.exe
  C:\Windows\System\mJrnlKC.exe
  2⤵
  PID:2560
- C:\Windows\System\dLRuITf.exe
  C:\Windows\System\dLRuITf.exe
  2⤵
  PID:6040
- C:\Windows\System\jBFtlbB.exe
  C:\Windows\System\jBFtlbB.exe
  2⤵
  PID:3752
- C:\Windows\System\GTxNbQV.exe
  C:\Windows\System\GTxNbQV.exe
  2⤵
  PID:4500
- C:\Windows\System\YMNqpkn.exe
  C:\Windows\System\YMNqpkn.exe
  2⤵
  PID:5144
- C:\Windows\System\rFZTutT.exe
  C:\Windows\System\rFZTutT.exe
  2⤵
  PID:5308
- C:\Windows\System\vGnGTAq.exe
  C:\Windows\System\vGnGTAq.exe
  2⤵
  PID:5508
- C:\Windows\System\ztKZdTb.exe
  C:\Windows\System\ztKZdTb.exe
  2⤵
  PID:5540
- C:\Windows\System\ddFZdzm.exe
  C:\Windows\System\ddFZdzm.exe
  2⤵
  PID:5704
- C:\Windows\System\DWIzggp.exe
  C:\Windows\System\DWIzggp.exe
  2⤵
  PID:2840
- C:\Windows\System\jUYoulD.exe
  C:\Windows\System\jUYoulD.exe
  2⤵
  PID:5724
- C:\Windows\System\XQjGSeI.exe
  C:\Windows\System\XQjGSeI.exe
  2⤵
  PID:6160
- C:\Windows\System\ABYwCWx.exe
  C:\Windows\System\ABYwCWx.exe
  2⤵
  PID:6180
- C:\Windows\System\WmDmhhI.exe
  C:\Windows\System\WmDmhhI.exe
  2⤵
  PID:6200
- C:\Windows\System\GrguXPS.exe
  C:\Windows\System\GrguXPS.exe
  2⤵
  PID:6220
- C:\Windows\System\envkQGw.exe
  C:\Windows\System\envkQGw.exe
  2⤵
  PID:6240
- C:\Windows\System\rfJGnND.exe
  C:\Windows\System\rfJGnND.exe
  2⤵
  PID:6260
- C:\Windows\System\IQCipEd.exe
  C:\Windows\System\IQCipEd.exe
  2⤵
  PID:6280
- C:\Windows\System\JdnVieq.exe
  C:\Windows\System\JdnVieq.exe
  2⤵
  PID:6300
- C:\Windows\System\lMVMOYp.exe
  C:\Windows\System\lMVMOYp.exe
  2⤵
  PID:6320
- C:\Windows\System\fgwpIzj.exe
  C:\Windows\System\fgwpIzj.exe
  2⤵
  PID:6340
- C:\Windows\System\yoqLhaS.exe
  C:\Windows\System\yoqLhaS.exe
  2⤵
  PID:6360
- C:\Windows\System\NfHmuVV.exe
  C:\Windows\System\NfHmuVV.exe
  2⤵
  PID:6380
- C:\Windows\System\oTYvVqf.exe
  C:\Windows\System\oTYvVqf.exe
  2⤵
  PID:6400
- C:\Windows\System\bRBRGho.exe
  C:\Windows\System\bRBRGho.exe
  2⤵
  PID:6420
- C:\Windows\System\ZTgrpKG.exe
  C:\Windows\System\ZTgrpKG.exe
  2⤵
  PID:6440
- C:\Windows\System\xPIcBnf.exe
  C:\Windows\System\xPIcBnf.exe
  2⤵
  PID:6460
- C:\Windows\System\FpVdZVf.exe
  C:\Windows\System\FpVdZVf.exe
  2⤵
  PID:6476
- C:\Windows\System\dYiXsjP.exe
  C:\Windows\System\dYiXsjP.exe
  2⤵
  PID:6496
- C:\Windows\System\qrgluEB.exe
  C:\Windows\System\qrgluEB.exe
  2⤵
  PID:6516
- C:\Windows\System\GIKcZXs.exe
  C:\Windows\System\GIKcZXs.exe
  2⤵
  PID:6536
- C:\Windows\System\ZwnNhaT.exe
  C:\Windows\System\ZwnNhaT.exe
  2⤵
  PID:6560
- C:\Windows\System\dYEFXRu.exe
  C:\Windows\System\dYEFXRu.exe
  2⤵
  PID:6576
- C:\Windows\System\XBZvZOx.exe
  C:\Windows\System\XBZvZOx.exe
  2⤵
  PID:6600
- C:\Windows\System\ykBBPDC.exe
  C:\Windows\System\ykBBPDC.exe
  2⤵
  PID:6620
- C:\Windows\System\OWGTsYy.exe
  C:\Windows\System\OWGTsYy.exe
  2⤵
  PID:6640
- C:\Windows\System\taYhXcq.exe
  C:\Windows\System\taYhXcq.exe
  2⤵
  PID:6664
- C:\Windows\System\djVeOQS.exe
  C:\Windows\System\djVeOQS.exe
  2⤵
  PID:6680
- C:\Windows\System\Ksdcoea.exe
  C:\Windows\System\Ksdcoea.exe
  2⤵
  PID:6704
- C:\Windows\System\bMSdApi.exe
  C:\Windows\System\bMSdApi.exe
  2⤵
  PID:6724
- C:\Windows\System\UJljzlC.exe
  C:\Windows\System\UJljzlC.exe
  2⤵
  PID:6744
- C:\Windows\System\ddGdnIO.exe
  C:\Windows\System\ddGdnIO.exe
  2⤵
  PID:6764
- C:\Windows\System\PuZFPDe.exe
  C:\Windows\System\PuZFPDe.exe
  2⤵
  PID:6784
- C:\Windows\System\HYGidQV.exe
  C:\Windows\System\HYGidQV.exe
  2⤵
  PID:6804
- C:\Windows\System\KoJifHj.exe
  C:\Windows\System\KoJifHj.exe
  2⤵
  PID:6824
- C:\Windows\System\BYpDTHF.exe
  C:\Windows\System\BYpDTHF.exe
  2⤵
  PID:6844
- C:\Windows\System\hSDypTh.exe
  C:\Windows\System\hSDypTh.exe
  2⤵
  PID:6864
- C:\Windows\System\QJwHAaZ.exe
  C:\Windows\System\QJwHAaZ.exe
  2⤵
  PID:6884
- C:\Windows\System\uJfRHJY.exe
  C:\Windows\System\uJfRHJY.exe
  2⤵
  PID:6904
- C:\Windows\System\ogBjPie.exe
  C:\Windows\System\ogBjPie.exe
  2⤵
  PID:6924
- C:\Windows\System\EZhCmgi.exe
  C:\Windows\System\EZhCmgi.exe
  2⤵
  PID:6944
- C:\Windows\System\YkONICX.exe
  C:\Windows\System\YkONICX.exe
  2⤵
  PID:6964
- C:\Windows\System\HPtVrSo.exe
  C:\Windows\System\HPtVrSo.exe
  2⤵
  PID:6984
- C:\Windows\System\gnrhusT.exe
  C:\Windows\System\gnrhusT.exe
  2⤵
  PID:7004
- C:\Windows\System\rzIKcng.exe
  C:\Windows\System\rzIKcng.exe
  2⤵
  PID:7020
- C:\Windows\System\mLlQMrj.exe
  C:\Windows\System\mLlQMrj.exe
  2⤵
  PID:7044
- C:\Windows\System\qsiHzOy.exe
  C:\Windows\System\qsiHzOy.exe
  2⤵
  PID:7084
- C:\Windows\System\oRPHAjC.exe
  C:\Windows\System\oRPHAjC.exe
  2⤵
  PID:7100
- C:\Windows\System\kTDwAUw.exe
  C:\Windows\System\kTDwAUw.exe
  2⤵
  PID:7120
- C:\Windows\System\zACVMDH.exe
  C:\Windows\System\zACVMDH.exe
  2⤵
  PID:7136
- C:\Windows\System\klAGJaP.exe
  C:\Windows\System\klAGJaP.exe
  2⤵
  PID:7152
- C:\Windows\System\hepzDsy.exe
  C:\Windows\System\hepzDsy.exe
  2⤵
  PID:5836
- C:\Windows\System\BpmwKvx.exe
  C:\Windows\System\BpmwKvx.exe
  2⤵
  PID:5964
- C:\Windows\System\FiuQOvN.exe
  C:\Windows\System\FiuQOvN.exe
  2⤵
  PID:6080
- C:\Windows\System\ivkoGzk.exe
  C:\Windows\System\ivkoGzk.exe
  2⤵
  PID:4752
- C:\Windows\System\IyGXnik.exe
  C:\Windows\System\IyGXnik.exe
  2⤵
  PID:5648
- C:\Windows\System\wgJokWc.exe
  C:\Windows\System\wgJokWc.exe
  2⤵
  PID:5860
- C:\Windows\System\SkEpJGB.exe
  C:\Windows\System\SkEpJGB.exe
  2⤵
  PID:6148
- C:\Windows\System\muwvBWn.exe
  C:\Windows\System\muwvBWn.exe
  2⤵
  PID:6176
- C:\Windows\System\RLUZbsA.exe
  C:\Windows\System\RLUZbsA.exe
  2⤵
  PID:6208
- C:\Windows\System\ieZMTXg.exe
  C:\Windows\System\ieZMTXg.exe
  2⤵
  PID:6192
- C:\Windows\System\IKZBZlI.exe
  C:\Windows\System\IKZBZlI.exe
  2⤵
  PID:6248
- C:\Windows\System\gvUqrST.exe
  C:\Windows\System\gvUqrST.exe
  2⤵
  PID:6288
- C:\Windows\System\lmixUVM.exe
  C:\Windows\System\lmixUVM.exe
  2⤵
  PID:6272
- C:\Windows\System\VbZpLWw.exe
  C:\Windows\System\VbZpLWw.exe
  2⤵
  PID:2596
- C:\Windows\System\FqPblmZ.exe
  C:\Windows\System\FqPblmZ.exe
  2⤵
  PID:6348
- C:\Windows\System\xHpTOVx.exe
  C:\Windows\System\xHpTOVx.exe
  2⤵
  PID:480
- C:\Windows\System\XAoTulJ.exe
  C:\Windows\System\XAoTulJ.exe
  2⤵
  PID:6396
- C:\Windows\System\PYLlkFG.exe
  C:\Windows\System\PYLlkFG.exe
  2⤵
  PID:6488
- C:\Windows\System\QseVelK.exe
  C:\Windows\System\QseVelK.exe
  2⤵
  PID:6436
- C:\Windows\System\wiOEfCx.exe
  C:\Windows\System\wiOEfCx.exe
  2⤵
  PID:6568
- C:\Windows\System\FlDVmjG.exe
  C:\Windows\System\FlDVmjG.exe
  2⤵
  PID:6504
- C:\Windows\System\ATCoHTd.exe
  C:\Windows\System\ATCoHTd.exe
  2⤵
  PID:6616
- C:\Windows\System\JtDpuhc.exe
  C:\Windows\System\JtDpuhc.exe
  2⤵
  PID:2976
- C:\Windows\System\eiZdFDD.exe
  C:\Windows\System\eiZdFDD.exe
  2⤵
  PID:6592
- C:\Windows\System\pTabraS.exe
  C:\Windows\System\pTabraS.exe
  2⤵
  PID:3036
- C:\Windows\System\gOaMKzF.exe
  C:\Windows\System\gOaMKzF.exe
  2⤵
  PID:6652
- C:\Windows\System\YpmPobR.exe
  C:\Windows\System\YpmPobR.exe
  2⤵
  PID:6696
- C:\Windows\System\daNNJtS.exe
  C:\Windows\System\daNNJtS.exe
  2⤵
  PID:6676
- C:\Windows\System\wvcePuI.exe
  C:\Windows\System\wvcePuI.exe
  2⤵
  PID:6740
- C:\Windows\System\LMjkcIW.exe
  C:\Windows\System\LMjkcIW.exe
  2⤵
  PID:6780
- C:\Windows\System\RJYcHZY.exe
  C:\Windows\System\RJYcHZY.exe
  2⤵
  PID:6760
- C:\Windows\System\MbYTTRc.exe
  C:\Windows\System\MbYTTRc.exe
  2⤵
  PID:6812
- C:\Windows\System\vxSigko.exe
  C:\Windows\System\vxSigko.exe
  2⤵
  PID:6796
- C:\Windows\System\GYCixSN.exe
  C:\Windows\System\GYCixSN.exe
  2⤵
  PID:6840
- C:\Windows\System\qGfswAC.exe
  C:\Windows\System\qGfswAC.exe
  2⤵
  PID:6880
- C:\Windows\System\bminTBK.exe
  C:\Windows\System\bminTBK.exe
  2⤵
  PID:6920
- C:\Windows\System\dZHpsgN.exe
  C:\Windows\System\dZHpsgN.exe
  2⤵
  PID:1560
- C:\Windows\System\dvlBQgi.exe
  C:\Windows\System\dvlBQgi.exe
  2⤵
  PID:6976
- C:\Windows\System\emvnTOV.exe
  C:\Windows\System\emvnTOV.exe
  2⤵
  PID:2016
- C:\Windows\System\EEmLcvz.exe
  C:\Windows\System\EEmLcvz.exe
  2⤵
  PID:6956
- C:\Windows\System\ziRXGKO.exe
  C:\Windows\System\ziRXGKO.exe
  2⤵
  PID:1648
- C:\Windows\System\DxLUToe.exe
  C:\Windows\System\DxLUToe.exe
  2⤵
  PID:7000
- C:\Windows\System\zfbXYWy.exe
  C:\Windows\System\zfbXYWy.exe
  2⤵
  PID:1044
- C:\Windows\System\jGXjXsj.exe
  C:\Windows\System\jGXjXsj.exe
  2⤵
  PID:2388
- C:\Windows\System\DhOfgCB.exe
  C:\Windows\System\DhOfgCB.exe
  2⤵
  PID:6000
- C:\Windows\System\UvjxtaN.exe
  C:\Windows\System\UvjxtaN.exe
  2⤵
  PID:7116
- C:\Windows\System\cwadrfQ.exe
  C:\Windows\System\cwadrfQ.exe
  2⤵
  PID:2908
- C:\Windows\System\tlkkIBq.exe
  C:\Windows\System\tlkkIBq.exe
  2⤵
  PID:6140
- C:\Windows\System\ndeQnIf.exe
  C:\Windows\System\ndeQnIf.exe
  2⤵
  PID:2572
- C:\Windows\System\mWxovlN.exe
  C:\Windows\System\mWxovlN.exe
  2⤵
  PID:5320
- C:\Windows\System\aCUpQKo.exe
  C:\Windows\System\aCUpQKo.exe
  2⤵
  PID:6216
- C:\Windows\System\SFUVeIU.exe
  C:\Windows\System\SFUVeIU.exe
  2⤵
  PID:6276
- C:\Windows\System\cSissfp.exe
  C:\Windows\System\cSissfp.exe
  2⤵
  PID:6528
- C:\Windows\System\tbMNtai.exe
  C:\Windows\System\tbMNtai.exe
  2⤵
  PID:6572
- C:\Windows\System\tsGeWPB.exe
  C:\Windows\System\tsGeWPB.exe
  2⤵
  PID:6648
- C:\Windows\System\YcaCjOJ.exe
  C:\Windows\System\YcaCjOJ.exe
  2⤵
  PID:832
- C:\Windows\System\GJFQgni.exe
  C:\Windows\System\GJFQgni.exe
  2⤵
  PID:6752
- C:\Windows\System\AYgRsjT.exe
  C:\Windows\System\AYgRsjT.exe
  2⤵
  PID:6932
- C:\Windows\System\prJHjCA.exe
  C:\Windows\System\prJHjCA.exe
  2⤵
  PID:6952
- C:\Windows\System\NPtezaA.exe
  C:\Windows\System\NPtezaA.exe
  2⤵
  PID:2648
- C:\Windows\System\nlfiaXo.exe
  C:\Windows\System\nlfiaXo.exe
  2⤵
  PID:7148
- C:\Windows\System\BeUKbMm.exe
  C:\Windows\System\BeUKbMm.exe
  2⤵
  PID:4620
- C:\Windows\System\ydCFpBV.exe
  C:\Windows\System\ydCFpBV.exe
  2⤵
  PID:6228
- C:\Windows\System\HZgMdDq.exe
  C:\Windows\System\HZgMdDq.exe
  2⤵
  PID:6492
- C:\Windows\System\LRPWjRW.exe
  C:\Windows\System\LRPWjRW.exe
  2⤵
  PID:6472
- C:\Windows\System\icAFjeV.exe
  C:\Windows\System\icAFjeV.exe
  2⤵
  PID:6584
- C:\Windows\System\HYHbOyK.exe
  C:\Windows\System\HYHbOyK.exe
  2⤵
  PID:6772
- C:\Windows\System\mmLLhtW.exe
  C:\Windows\System\mmLLhtW.exe
  2⤵
  PID:6832
- C:\Windows\System\wjJXkiG.exe
  C:\Windows\System\wjJXkiG.exe
  2⤵
  PID:6972
- C:\Windows\System\RbdNHgV.exe
  C:\Windows\System\RbdNHgV.exe
  2⤵
  PID:2200
- C:\Windows\System\jDQUSAQ.exe
  C:\Windows\System\jDQUSAQ.exe
  2⤵
  PID:1604
- C:\Windows\System\GhCFdxd.exe
  C:\Windows\System\GhCFdxd.exe
  2⤵
  PID:5336
- C:\Windows\System\mQVEMdY.exe
  C:\Windows\System\mQVEMdY.exe
  2⤵
  PID:6336
- C:\Windows\System\tEUJtfe.exe
  C:\Windows\System\tEUJtfe.exe
  2⤵
  PID:6156
- C:\Windows\System\wbYBFAr.exe
  C:\Windows\System\wbYBFAr.exe
  2⤵
  PID:6552
- C:\Windows\System\kHZqxFL.exe
  C:\Windows\System\kHZqxFL.exe
  2⤵
  PID:2892
- C:\Windows\System\fNmaDSO.exe
  C:\Windows\System\fNmaDSO.exe
  2⤵
  PID:6692
- C:\Windows\System\BuhYQci.exe
  C:\Windows\System\BuhYQci.exe
  2⤵
  PID:6872
- C:\Windows\System\kaUACni.exe
  C:\Windows\System\kaUACni.exe
  2⤵
  PID:6452
- C:\Windows\System\kSqDrur.exe
  C:\Windows\System\kSqDrur.exe
  2⤵
  PID:2924
- C:\Windows\System\zJVUckX.exe
  C:\Windows\System\zJVUckX.exe
  2⤵
  PID:3228
- C:\Windows\System\Bvwjnzx.exe
  C:\Windows\System\Bvwjnzx.exe
  2⤵
  PID:6368
- C:\Windows\System\nlaYdCu.exe
  C:\Windows\System\nlaYdCu.exe
  2⤵
  PID:6292
- C:\Windows\System\WLIRlrf.exe
  C:\Windows\System\WLIRlrf.exe
  2⤵
  PID:6612
- C:\Windows\System\fEpjfub.exe
  C:\Windows\System\fEpjfub.exe
  2⤵
  PID:1764
- C:\Windows\System\mqwosmp.exe
  C:\Windows\System\mqwosmp.exe
  2⤵
  PID:6716
- C:\Windows\System\zBtpsyy.exe
  C:\Windows\System\zBtpsyy.exe
  2⤵
  PID:6992
- C:\Windows\System\cXqeXMs.exe
  C:\Windows\System\cXqeXMs.exe
  2⤵
  PID:7032
- C:\Windows\System\zDlRFTr.exe
  C:\Windows\System\zDlRFTr.exe
  2⤵
  PID:6104
- C:\Windows\System\fAzJalp.exe
  C:\Windows\System\fAzJalp.exe
  2⤵
  PID:2348
- C:\Windows\System\iqpITVQ.exe
  C:\Windows\System\iqpITVQ.exe
  2⤵
  PID:6232
- C:\Windows\System\UwTMWNM.exe
  C:\Windows\System\UwTMWNM.exe
  2⤵
  PID:2816
- C:\Windows\System\XCiJvbN.exe
  C:\Windows\System\XCiJvbN.exe
  2⤵
  PID:6412
- C:\Windows\System\UtpJOjP.exe
  C:\Windows\System\UtpJOjP.exe
  2⤵
  PID:7096
- C:\Windows\System\qjBeHik.exe
  C:\Windows\System\qjBeHik.exe
  2⤵
  PID:6912
- C:\Windows\System\pxpDzly.exe
  C:\Windows\System\pxpDzly.exe
  2⤵
  PID:2320
- C:\Windows\System\qEoBKaA.exe
  C:\Windows\System\qEoBKaA.exe
  2⤵
  PID:6660
- C:\Windows\System\vRnLsZZ.exe
  C:\Windows\System\vRnLsZZ.exe
  2⤵
  PID:6632
- C:\Windows\System\dokQiRI.exe
  C:\Windows\System\dokQiRI.exe
  2⤵
  PID:6388
- C:\Windows\System\tvWgmEx.exe
  C:\Windows\System\tvWgmEx.exe
  2⤵
  PID:7184
- C:\Windows\System\vrTHpVn.exe
  C:\Windows\System\vrTHpVn.exe
  2⤵
  PID:7244
- C:\Windows\System\nHcyGeo.exe
  C:\Windows\System\nHcyGeo.exe
  2⤵
  PID:7260
- C:\Windows\System\nYqRlYl.exe
  C:\Windows\System\nYqRlYl.exe
  2⤵
  PID:7280
- C:\Windows\System\SXHRqwu.exe
  C:\Windows\System\SXHRqwu.exe
  2⤵
  PID:7296
- C:\Windows\System\zadMges.exe
  C:\Windows\System\zadMges.exe
  2⤵
  PID:7316
- C:\Windows\System\ccEmZFi.exe
  C:\Windows\System\ccEmZFi.exe
  2⤵
  PID:7336
- C:\Windows\System\GTHHgpQ.exe
  C:\Windows\System\GTHHgpQ.exe
  2⤵
  PID:7352
- C:\Windows\System\PlLzyfX.exe
  C:\Windows\System\PlLzyfX.exe
  2⤵
  PID:7368
- C:\Windows\System\ZuFEcjn.exe
  C:\Windows\System\ZuFEcjn.exe
  2⤵
  PID:7384
- C:\Windows\System\LsmGjEq.exe
  C:\Windows\System\LsmGjEq.exe
  2⤵
  PID:7412
- C:\Windows\System\dtEjztG.exe
  C:\Windows\System\dtEjztG.exe
  2⤵
  PID:7428
- C:\Windows\System\gqnyxhT.exe
  C:\Windows\System\gqnyxhT.exe
  2⤵
  PID:7444
- C:\Windows\System\cDHijoK.exe
  C:\Windows\System\cDHijoK.exe
  2⤵
  PID:7460
- C:\Windows\System\woEuLvo.exe
  C:\Windows\System\woEuLvo.exe
  2⤵
  PID:7476
- C:\Windows\System\XXToBYB.exe
  C:\Windows\System\XXToBYB.exe
  2⤵
  PID:7504
- C:\Windows\System\OjXkvHn.exe
  C:\Windows\System\OjXkvHn.exe
  2⤵
  PID:7524
- C:\Windows\System\kmxPEEA.exe
  C:\Windows\System\kmxPEEA.exe
  2⤵
  PID:7548
- C:\Windows\System\kSeKFSP.exe
  C:\Windows\System\kSeKFSP.exe
  2⤵
  PID:7568
- C:\Windows\System\rncZRxI.exe
  C:\Windows\System\rncZRxI.exe
  2⤵
  PID:7596
- C:\Windows\System\XeyvjID.exe
  C:\Windows\System\XeyvjID.exe
  2⤵
  PID:7616
- C:\Windows\System\DSTPPHC.exe
  C:\Windows\System\DSTPPHC.exe
  2⤵
  PID:7636
- C:\Windows\System\peGvzzA.exe
  C:\Windows\System\peGvzzA.exe
  2⤵
  PID:7656
- C:\Windows\System\LuGybgS.exe
  C:\Windows\System\LuGybgS.exe
  2⤵
  PID:7672
- C:\Windows\System\YNRFuud.exe
  C:\Windows\System\YNRFuud.exe
  2⤵
  PID:7688
- C:\Windows\System\jLILEkl.exe
  C:\Windows\System\jLILEkl.exe
  2⤵
  PID:7712
- C:\Windows\System\yRgpeSl.exe
  C:\Windows\System\yRgpeSl.exe
  2⤵
  PID:7732
- C:\Windows\System\BYoZwYc.exe
  C:\Windows\System\BYoZwYc.exe
  2⤵
  PID:7752
- C:\Windows\System\fOODhab.exe
  C:\Windows\System\fOODhab.exe
  2⤵
  PID:7768
- C:\Windows\System\EIZpQJr.exe
  C:\Windows\System\EIZpQJr.exe
  2⤵
  PID:7788
- C:\Windows\System\ucAiANZ.exe
  C:\Windows\System\ucAiANZ.exe
  2⤵
  PID:7808
- C:\Windows\System\wujgfcc.exe
  C:\Windows\System\wujgfcc.exe
  2⤵
  PID:7824
- C:\Windows\System\GojFsaf.exe
  C:\Windows\System\GojFsaf.exe
  2⤵
  PID:7844
- C:\Windows\System\oidGhlS.exe
  C:\Windows\System\oidGhlS.exe
  2⤵
  PID:7864
- C:\Windows\System\nyUvLwU.exe
  C:\Windows\System\nyUvLwU.exe
  2⤵
  PID:7880
- C:\Windows\System\UZunFij.exe
  C:\Windows\System\UZunFij.exe
  2⤵
  PID:7900
- C:\Windows\System\JDDstXx.exe
  C:\Windows\System\JDDstXx.exe
  2⤵
  PID:7920
- C:\Windows\System\mSXEaop.exe
  C:\Windows\System\mSXEaop.exe
  2⤵
  PID:7936
- C:\Windows\System\JYVNurA.exe
  C:\Windows\System\JYVNurA.exe
  2⤵
  PID:7956
- C:\Windows\System\KhCPeiI.exe
  C:\Windows\System\KhCPeiI.exe
  2⤵
  PID:7972
- C:\Windows\System\FZkhtcj.exe
  C:\Windows\System\FZkhtcj.exe
  2⤵
  PID:8032
- C:\Windows\System\GFbzIUo.exe
  C:\Windows\System\GFbzIUo.exe
  2⤵
  PID:8048
- C:\Windows\System\kKBzPRJ.exe
  C:\Windows\System\kKBzPRJ.exe
  2⤵
  PID:8064
- C:\Windows\System\vxXXKLO.exe
  C:\Windows\System\vxXXKLO.exe
  2⤵
  PID:8084
- C:\Windows\System\JBnBsyK.exe
  C:\Windows\System\JBnBsyK.exe
  2⤵
  PID:8100
- C:\Windows\System\hzSfPNo.exe
  C:\Windows\System\hzSfPNo.exe
  2⤵
  PID:8116
- C:\Windows\System\PYmAcFI.exe
  C:\Windows\System\PYmAcFI.exe
  2⤵
  PID:8136
- C:\Windows\System\yeIEYlT.exe
  C:\Windows\System\yeIEYlT.exe
  2⤵
  PID:8152
- C:\Windows\System\xCbpBgo.exe
  C:\Windows\System\xCbpBgo.exe
  2⤵
  PID:8168
- C:\Windows\System\esIQyqs.exe
  C:\Windows\System\esIQyqs.exe
  2⤵
  PID:8184
- C:\Windows\System\CwGRHnL.exe
  C:\Windows\System\CwGRHnL.exe
  2⤵
  PID:1268
- C:\Windows\System\NPecRgF.exe
  C:\Windows\System\NPecRgF.exe
  2⤵
  PID:7200
- C:\Windows\System\ZlaZSXD.exe
  C:\Windows\System\ZlaZSXD.exe
  2⤵
  PID:7212
- C:\Windows\System\vbBbQTj.exe
  C:\Windows\System\vbBbQTj.exe
  2⤵
  PID:7224
- C:\Windows\System\nHVwbnt.exe
  C:\Windows\System\nHVwbnt.exe
  2⤵
  PID:7128
- C:\Windows\System\fbfqnep.exe
  C:\Windows\System\fbfqnep.exe
  2⤵
  PID:6720
- C:\Windows\System\oRWiuNB.exe
  C:\Windows\System\oRWiuNB.exe
  2⤵
  PID:6900
- C:\Windows\System\jPCKNvm.exe
  C:\Windows\System\jPCKNvm.exe
  2⤵
  PID:2324
- C:\Windows\System\byHLyMR.exe
  C:\Windows\System\byHLyMR.exe
  2⤵
  PID:6960
- C:\Windows\System\vnznljF.exe
  C:\Windows\System\vnznljF.exe
  2⤵
  PID:6836
- C:\Windows\System\xQZJzHB.exe
  C:\Windows\System\xQZJzHB.exe
  2⤵
  PID:7196
- C:\Windows\System\UTJZdKq.exe
  C:\Windows\System\UTJZdKq.exe
  2⤵
  PID:7252
- C:\Windows\System\IZhbaVx.exe
  C:\Windows\System\IZhbaVx.exe
  2⤵
  PID:7360
- C:\Windows\System\firpCru.exe
  C:\Windows\System\firpCru.exe
  2⤵
  PID:7408
- C:\Windows\System\Iirwnzx.exe
  C:\Windows\System\Iirwnzx.exe
  2⤵
  PID:7472
- C:\Windows\System\xYcgNuu.exe
  C:\Windows\System\xYcgNuu.exe
  2⤵
  PID:7376
- C:\Windows\System\XyTcwXw.exe
  C:\Windows\System\XyTcwXw.exe
  2⤵
  PID:7456
- C:\Windows\System\YNbPeXE.exe
  C:\Windows\System\YNbPeXE.exe
  2⤵
  PID:7492
- C:\Windows\System\mCpltbP.exe
  C:\Windows\System\mCpltbP.exe
  2⤵
  PID:7544
- C:\Windows\System\uVwLOUw.exe
  C:\Windows\System\uVwLOUw.exe
  2⤵
  PID:7588
- C:\Windows\System\vZmIxnV.exe
  C:\Windows\System\vZmIxnV.exe
  2⤵
  PID:7624
- C:\Windows\System\MmDLqOP.exe
  C:\Windows\System\MmDLqOP.exe
  2⤵
  PID:7740
- C:\Windows\System\UuJWPaD.exe
  C:\Windows\System\UuJWPaD.exe
  2⤵
  PID:7780
- C:\Windows\System\EhFsyFR.exe
  C:\Windows\System\EhFsyFR.exe
  2⤵
  PID:7860
- C:\Windows\System\CmfUxMQ.exe
  C:\Windows\System\CmfUxMQ.exe
  2⤵
  PID:7932
- C:\Windows\System\TBgAmUc.exe
  C:\Windows\System\TBgAmUc.exe
  2⤵
  PID:7564
- C:\Windows\System\wDOaGgB.exe
  C:\Windows\System\wDOaGgB.exe
  2⤵
  PID:7608
- C:\Windows\System\LBfhwOc.exe
  C:\Windows\System\LBfhwOc.exe
  2⤵
  PID:7796
- C:\Windows\System\uAJbmhv.exe
  C:\Windows\System\uAJbmhv.exe
  2⤵
  PID:7908
- C:\Windows\System\PQWoeUL.exe
  C:\Windows\System\PQWoeUL.exe
  2⤵
  PID:7728
- C:\Windows\System\DnMmnzO.exe
  C:\Windows\System\DnMmnzO.exe
  2⤵
  PID:7840
- C:\Windows\System\NAyiWKi.exe
  C:\Windows\System\NAyiWKi.exe
  2⤵
  PID:7912
- C:\Windows\System\VcobpAu.exe
  C:\Windows\System\VcobpAu.exe
  2⤵
  PID:7980
- C:\Windows\System\RpnoQqp.exe
  C:\Windows\System\RpnoQqp.exe
  2⤵
  PID:7256
- C:\Windows\System\Rwrmwlf.exe
  C:\Windows\System\Rwrmwlf.exe
  2⤵
  PID:7312
- C:\Windows\System\XYAlaOg.exe
  C:\Windows\System\XYAlaOg.exe
  2⤵
  PID:7520
- C:\Windows\System\kfFNcnK.exe
  C:\Windows\System\kfFNcnK.exe
  2⤵
  PID:7668
- C:\Windows\System\HiNznrZ.exe
  C:\Windows\System\HiNznrZ.exe
  2⤵
  PID:8000
- C:\Windows\System\wtLWXzu.exe
  C:\Windows\System\wtLWXzu.exe
  2⤵
  PID:7984
- C:\Windows\System\HLeIcgZ.exe
  C:\Windows\System\HLeIcgZ.exe
  2⤵
  PID:7820
- C:\Windows\System\wMzOCSK.exe
  C:\Windows\System\wMzOCSK.exe
  2⤵
  PID:7964
- C:\Windows\System\RJfIWDi.exe
  C:\Windows\System\RJfIWDi.exe
  2⤵
  PID:7644
- C:\Windows\System\HDtEmHx.exe
  C:\Windows\System\HDtEmHx.exe
  2⤵
  PID:8040
- C:\Windows\System\DDWJRqV.exe
  C:\Windows\System\DDWJRqV.exe
  2⤵
  PID:8012
- C:\Windows\System\sfNpuQd.exe
  C:\Windows\System\sfNpuQd.exe
  2⤵
  PID:8080
- C:\Windows\System\XxCJhfH.exe
  C:\Windows\System\XxCJhfH.exe
  2⤵
  PID:8056
- C:\Windows\System\YgdPwrl.exe
  C:\Windows\System\YgdPwrl.exe
  2⤵
  PID:264
- C:\Windows\System\FkHxYUT.exe
  C:\Windows\System\FkHxYUT.exe
  2⤵
  PID:2476
- C:\Windows\System\RyrKcpo.exe
  C:\Windows\System\RyrKcpo.exe
  2⤵
  PID:7872
- C:\Windows\System\lYmYXRa.exe
  C:\Windows\System\lYmYXRa.exe
  2⤵
  PID:7180
- C:\Windows\System\rugESfq.exe
  C:\Windows\System\rugESfq.exe
  2⤵
  PID:7328
- C:\Windows\System\EIwRcqv.exe
  C:\Windows\System\EIwRcqv.exe
  2⤵
  PID:7452
- C:\Windows\System\lWYwGDy.exe
  C:\Windows\System\lWYwGDy.exe
  2⤵
  PID:7628
- C:\Windows\System\bisGbfu.exe
  C:\Windows\System\bisGbfu.exe
  2⤵
  PID:7892
- C:\Windows\System\GRtkAQP.exe
  C:\Windows\System\GRtkAQP.exe
  2⤵
  PID:7832
- C:\Windows\System\ZfivTeB.exe
  C:\Windows\System\ZfivTeB.exe
  2⤵
  PID:6252
- C:\Windows\System\llwIiYP.exe
  C:\Windows\System\llwIiYP.exe
  2⤵
  PID:7576
- C:\Windows\System\TxUOcYW.exe
  C:\Windows\System\TxUOcYW.exe
  2⤵
  PID:8020
- C:\Windows\System\FEzjWLj.exe
  C:\Windows\System\FEzjWLj.exe
  2⤵
  PID:7516
- C:\Windows\System\GRKuSYW.exe
  C:\Windows\System\GRKuSYW.exe
  2⤵
  PID:7208
- C:\Windows\System\ibmNJPv.exe
  C:\Windows\System\ibmNJPv.exe
  2⤵
  PID:7856
- C:\Windows\System\TDzlcmP.exe
  C:\Windows\System\TDzlcmP.exe
  2⤵
  PID:7684
- C:\Windows\System\YLdxJWB.exe
  C:\Windows\System\YLdxJWB.exe
  2⤵
  PID:8112
- C:\Windows\System\VseUAZw.exe
  C:\Windows\System\VseUAZw.exe
  2⤵
  PID:7680
- C:\Windows\System\ZLAYVCn.exe
  C:\Windows\System\ZLAYVCn.exe
  2⤵
  PID:6608
- C:\Windows\System\IPYWpVm.exe
  C:\Windows\System\IPYWpVm.exe
  2⤵
  PID:2640
- C:\Windows\System\QzCAthQ.exe
  C:\Windows\System\QzCAthQ.exe
  2⤵
  PID:6776
- C:\Windows\System\SSELoVs.exe
  C:\Windows\System\SSELoVs.exe
  2⤵
  PID:6876
- C:\Windows\System\zhubQpI.exe
  C:\Windows\System\zhubQpI.exe
  2⤵
  PID:6372
- C:\Windows\System\bBVxEcT.exe
  C:\Windows\System\bBVxEcT.exe
  2⤵
  PID:1772
- C:\Windows\System\QszPMad.exe
  C:\Windows\System\QszPMad.exe
  2⤵
  PID:8176
- C:\Windows\System\TyrKyUz.exe
  C:\Windows\System\TyrKyUz.exe
  2⤵
  PID:7532
- C:\Windows\System\RXAKWIk.exe
  C:\Windows\System\RXAKWIk.exe
  2⤵
  PID:7776
- C:\Windows\System\qlnoacl.exe
  C:\Windows\System\qlnoacl.exe
  2⤵
  PID:7272
- C:\Windows\System\sTVgEXS.exe
  C:\Windows\System\sTVgEXS.exe
  2⤵
  PID:7400
- C:\Windows\System\sKfKMsF.exe
  C:\Windows\System\sKfKMsF.exe
  2⤵
  PID:7700
- C:\Windows\System\KvhGOQY.exe
  C:\Windows\System\KvhGOQY.exe
  2⤵
  PID:8076
- C:\Windows\System\ERfzpQn.exe
  C:\Windows\System\ERfzpQn.exe
  2⤵
  PID:7220
- C:\Windows\System\oXybjLI.exe
  C:\Windows\System\oXybjLI.exe
  2⤵
  PID:8132
- C:\Windows\System\VaPQrLg.exe
  C:\Windows\System\VaPQrLg.exe
  2⤵
  PID:7424
- C:\Windows\System\JOmQXyB.exe
  C:\Windows\System\JOmQXyB.exe
  2⤵
  PID:7348
- C:\Windows\System\qcasdta.exe
  C:\Windows\System\qcasdta.exe
  2⤵
  PID:5852
- C:\Windows\System\lUSRlQF.exe
  C:\Windows\System\lUSRlQF.exe
  2⤵
  PID:8128
- C:\Windows\System\wBnbtZZ.exe
  C:\Windows\System\wBnbtZZ.exe
  2⤵
  PID:7704
- C:\Windows\System\RIlpZeB.exe
  C:\Windows\System\RIlpZeB.exe
  2⤵
  PID:7192
- C:\Windows\System\wKbJndo.exe
  C:\Windows\System\wKbJndo.exe
  2⤵
  PID:7468
- C:\Windows\System\xiMDDdj.exe
  C:\Windows\System\xiMDDdj.exe
  2⤵
  PID:8196
- C:\Windows\System\MTfrjeq.exe
  C:\Windows\System\MTfrjeq.exe
  2⤵
  PID:8212
- C:\Windows\System\SfNsUJg.exe
  C:\Windows\System\SfNsUJg.exe
  2⤵
  PID:8228
- C:\Windows\System\RKBgsbC.exe
  C:\Windows\System\RKBgsbC.exe
  2⤵
  PID:8244
- C:\Windows\System\AQgwJUA.exe
  C:\Windows\System\AQgwJUA.exe
  2⤵
  PID:8260
- C:\Windows\System\Rbzmequ.exe
  C:\Windows\System\Rbzmequ.exe
  2⤵
  PID:8276
- C:\Windows\System\BCEzkEV.exe
  C:\Windows\System\BCEzkEV.exe
  2⤵
  PID:8292
- C:\Windows\System\xSIqYOf.exe
  C:\Windows\System\xSIqYOf.exe
  2⤵
  PID:8308
- C:\Windows\System\pqSmeyZ.exe
  C:\Windows\System\pqSmeyZ.exe
  2⤵
  PID:8324
- C:\Windows\System\SIkgvfQ.exe
  C:\Windows\System\SIkgvfQ.exe
  2⤵
  PID:8340
- C:\Windows\System\CPCaiUX.exe
  C:\Windows\System\CPCaiUX.exe
  2⤵
  PID:8356
- C:\Windows\System\FgIGMoX.exe
  C:\Windows\System\FgIGMoX.exe
  2⤵
  PID:8376
- C:\Windows\System\maWihXN.exe
  C:\Windows\System\maWihXN.exe
  2⤵
  PID:8392
- C:\Windows\System\RudnOPA.exe
  C:\Windows\System\RudnOPA.exe
  2⤵
  PID:8412
- C:\Windows\System\SeatEDH.exe
  C:\Windows\System\SeatEDH.exe
  2⤵
  PID:8428
- C:\Windows\System\SxhBcFv.exe
  C:\Windows\System\SxhBcFv.exe
  2⤵
  PID:8444
- C:\Windows\System\UPfTffz.exe
  C:\Windows\System\UPfTffz.exe
  2⤵
  PID:8460
- C:\Windows\System\EJeAOhq.exe
  C:\Windows\System\EJeAOhq.exe
  2⤵
  PID:8568
- C:\Windows\System\mAfAmgc.exe
  C:\Windows\System\mAfAmgc.exe
  2⤵
  PID:8584
- C:\Windows\System\pcwKfBw.exe
  C:\Windows\System\pcwKfBw.exe
  2⤵
  PID:8604
- C:\Windows\System\hdnZXKR.exe
  C:\Windows\System\hdnZXKR.exe
  2⤵
  PID:8628
- C:\Windows\System\AivbCpx.exe
  C:\Windows\System\AivbCpx.exe
  2⤵
  PID:8644
- C:\Windows\System\yYEMsIo.exe
  C:\Windows\System\yYEMsIo.exe
  2⤵
  PID:8684
- C:\Windows\System\JbZQvFF.exe
  C:\Windows\System\JbZQvFF.exe
  2⤵
  PID:8712
- C:\Windows\System\dGlkkhF.exe
  C:\Windows\System\dGlkkhF.exe
  2⤵
  PID:8728
- C:\Windows\System\bzbWqIr.exe
  C:\Windows\System\bzbWqIr.exe
  2⤵
  PID:8744
- C:\Windows\System\AepWlhy.exe
  C:\Windows\System\AepWlhy.exe
  2⤵
  PID:8760
- C:\Windows\System\XeLxEUp.exe
  C:\Windows\System\XeLxEUp.exe
  2⤵
  PID:8776
- C:\Windows\System\fZdtYhx.exe
  C:\Windows\System\fZdtYhx.exe
  2⤵
  PID:8792
- C:\Windows\System\RytsTZf.exe
  C:\Windows\System\RytsTZf.exe
  2⤵
  PID:8808
- C:\Windows\System\KbxuhTT.exe
  C:\Windows\System\KbxuhTT.exe
  2⤵
  PID:8824
- C:\Windows\System\nMlydtW.exe
  C:\Windows\System\nMlydtW.exe
  2⤵
  PID:8840
- C:\Windows\System\fkHtJXz.exe
  C:\Windows\System\fkHtJXz.exe
  2⤵
  PID:8856
- C:\Windows\System\pcztFXf.exe
  C:\Windows\System\pcztFXf.exe
  2⤵
  PID:8872
- C:\Windows\System\JAEmxdh.exe
  C:\Windows\System\JAEmxdh.exe
  2⤵
  PID:8888
- C:\Windows\System\MUOwOZa.exe
  C:\Windows\System\MUOwOZa.exe
  2⤵
  PID:8904
- C:\Windows\System\EzfTtbV.exe
  C:\Windows\System\EzfTtbV.exe
  2⤵
  PID:8920
- C:\Windows\System\BkKbWEB.exe
  C:\Windows\System\BkKbWEB.exe
  2⤵
  PID:8936
- C:\Windows\System\txrIYWh.exe
  C:\Windows\System\txrIYWh.exe
  2⤵
  PID:8952
- C:\Windows\System\KFxfgdf.exe
  C:\Windows\System\KFxfgdf.exe
  2⤵
  PID:8968
- C:\Windows\System\QXEffcq.exe
  C:\Windows\System\QXEffcq.exe
  2⤵
  PID:8984
- C:\Windows\System\BNZskpA.exe
  C:\Windows\System\BNZskpA.exe
  2⤵
  PID:9000
- C:\Windows\System\jdtvpjI.exe
  C:\Windows\System\jdtvpjI.exe
  2⤵
  PID:9020
- C:\Windows\System\faAfPLs.exe
  C:\Windows\System\faAfPLs.exe
  2⤵
  PID:9036
- C:\Windows\System\ulesJRe.exe
  C:\Windows\System\ulesJRe.exe
  2⤵
  PID:9056
- C:\Windows\System\LuWwsJK.exe
  C:\Windows\System\LuWwsJK.exe
  2⤵
  PID:9072
- C:\Windows\System\xdPeDHP.exe
  C:\Windows\System\xdPeDHP.exe
  2⤵
  PID:9088
- C:\Windows\System\VLGepFT.exe
  C:\Windows\System\VLGepFT.exe
  2⤵
  PID:9104
- C:\Windows\System\hxxXBaK.exe
  C:\Windows\System\hxxXBaK.exe
  2⤵
  PID:9120
- C:\Windows\System\IDqeSdr.exe
  C:\Windows\System\IDqeSdr.exe
  2⤵
  PID:9136
- C:\Windows\System\ihOSzJa.exe
  C:\Windows\System\ihOSzJa.exe
  2⤵
  PID:9152
- C:\Windows\System\wdJbKUE.exe
  C:\Windows\System\wdJbKUE.exe
  2⤵
  PID:9168
- C:\Windows\System\CHFgOtx.exe
  C:\Windows\System\CHFgOtx.exe
  2⤵
  PID:9184
- C:\Windows\System\fKjgshq.exe
  C:\Windows\System\fKjgshq.exe
  2⤵
  PID:9200
- C:\Windows\System\ZyzQEfU.exe
  C:\Windows\System\ZyzQEfU.exe
  2⤵
  PID:7584
- C:\Windows\System\XLmnWHl.exe
  C:\Windows\System\XLmnWHl.exe
  2⤵
  PID:7604
- C:\Windows\System\YmyVOGS.exe
  C:\Windows\System\YmyVOGS.exe
  2⤵
  PID:7992
- C:\Windows\System\NzTjQlK.exe
  C:\Windows\System\NzTjQlK.exe
  2⤵
  PID:8240
- C:\Windows\System\yCkZrHc.exe
  C:\Windows\System\yCkZrHc.exe
  2⤵
  PID:8304
- C:\Windows\System\VwSlHkJ.exe
  C:\Windows\System\VwSlHkJ.exe
  2⤵
  PID:7836
- C:\Windows\System\KPmjxHx.exe
  C:\Windows\System\KPmjxHx.exe
  2⤵
  PID:8316
- C:\Windows\System\wZtsELM.exe
  C:\Windows\System\wZtsELM.exe
  2⤵
  PID:8364
- C:\Windows\System\lGWlSkf.exe
  C:\Windows\System\lGWlSkf.exe
  2⤵
  PID:8368
- C:\Windows\System\PyyHemX.exe
  C:\Windows\System\PyyHemX.exe
  2⤵
  PID:8404
- C:\Windows\System\HrNcuxa.exe
  C:\Windows\System\HrNcuxa.exe
  2⤵
  PID:8532
- C:\Windows\System\kHihrwL.exe
  C:\Windows\System\kHihrwL.exe
  2⤵
  PID:8560
- C:\Windows\System\SJywAFm.exe
  C:\Windows\System\SJywAFm.exe
  2⤵
  PID:8652
- C:\Windows\System\MqdchSo.exe
  C:\Windows\System\MqdchSo.exe
  2⤵
  PID:8720
- C:\Windows\System\eZuyXTm.exe
  C:\Windows\System\eZuyXTm.exe
  2⤵
  PID:8704
- C:\Windows\System\eOzTwIv.exe
  C:\Windows\System\eOzTwIv.exe
  2⤵
  PID:8768
- C:\Windows\System\ZTwCseD.exe
  C:\Windows\System\ZTwCseD.exe
  2⤵
  PID:8784
- C:\Windows\System\aPeMfSw.exe
  C:\Windows\System\aPeMfSw.exe
  2⤵
  PID:8832
- C:\Windows\System\jeyLruw.exe
  C:\Windows\System\jeyLruw.exe
  2⤵
  PID:8880
- C:\Windows\System\kqwlbJO.exe
  C:\Windows\System\kqwlbJO.exe
  2⤵
  PID:8912
- C:\Windows\System\JuTiADt.exe
  C:\Windows\System\JuTiADt.exe
  2⤵
  PID:8868
- C:\Windows\System\kheHsis.exe
  C:\Windows\System\kheHsis.exe
  2⤵
  PID:9128
- C:\Windows\System\tgePgAA.exe
  C:\Windows\System\tgePgAA.exe
  2⤵
  PID:9052
- C:\Windows\System\GcdWKKN.exe
  C:\Windows\System\GcdWKKN.exe
  2⤵
  PID:7784
- C:\Windows\System\eXVFabU.exe
  C:\Windows\System\eXVFabU.exe
  2⤵
  PID:8284
- C:\Windows\System\otowiFW.exe
  C:\Windows\System\otowiFW.exe
  2⤵
  PID:8476
- C:\Windows\System\RHgOpTn.exe
  C:\Windows\System\RHgOpTn.exe
  2⤵
  PID:8516
- C:\Windows\System\hVQTreG.exe
  C:\Windows\System\hVQTreG.exe
  2⤵
  PID:8564
- C:\Windows\System\WTlnfhs.exe
  C:\Windows\System\WTlnfhs.exe
  2⤵
  PID:8544
- C:\Windows\System\aBCnyRF.exe
  C:\Windows\System\aBCnyRF.exe
  2⤵
  PID:8620
- C:\Windows\System\iSpkhDD.exe
  C:\Windows\System\iSpkhDD.exe
  2⤵
  PID:8536
- C:\Windows\System\ZlsyFLT.exe
  C:\Windows\System\ZlsyFLT.exe
  2⤵
  PID:8752
- C:\Windows\System\FXhuUzn.exe
  C:\Windows\System\FXhuUzn.exe
  2⤵
  PID:8736
- C:\Windows\System\uiYQetA.exe
  C:\Windows\System\uiYQetA.exe
  2⤵
  PID:8948
- C:\Windows\System\wyegBHi.exe
  C:\Windows\System\wyegBHi.exe
  2⤵
  PID:8864
- C:\Windows\System\FpMzGHK.exe
  C:\Windows\System\FpMzGHK.exe
  2⤵
  PID:8816
- C:\Windows\System\rhDDzDS.exe
  C:\Windows\System\rhDDzDS.exe
  2⤵
  PID:9032
- C:\Windows\System\KCSgnKz.exe
  C:\Windows\System\KCSgnKz.exe
  2⤵
  PID:9064
- C:\Windows\System\ygZDHCy.exe
  C:\Windows\System\ygZDHCy.exe
  2⤵
  PID:8992
- C:\Windows\System\wcxoDvZ.exe
  C:\Windows\System\wcxoDvZ.exe
  2⤵
  PID:9084
- C:\Windows\System\MFrwuTL.exe
  C:\Windows\System\MFrwuTL.exe
  2⤵
  PID:9008
- C:\Windows\System\luuAMFz.exe
  C:\Windows\System\luuAMFz.exe
  2⤵
  PID:9180
- C:\Windows\System\mkmKxaO.exe
  C:\Windows\System\mkmKxaO.exe
  2⤵
  PID:9192
- C:\Windows\System\xHxTCtf.exe
  C:\Windows\System\xHxTCtf.exe
  2⤵
  PID:8348
- C:\Windows\System\IUaRZQq.exe
  C:\Windows\System\IUaRZQq.exe
  2⤵
  PID:8452
- C:\Windows\System\BZiwpeJ.exe
  C:\Windows\System\BZiwpeJ.exe
  2⤵
  PID:8440
- C:\Windows\System\ZPbQwFd.exe
  C:\Windows\System\ZPbQwFd.exe
  2⤵
  PID:8524
- C:\Windows\System\fexZPsn.exe
  C:\Windows\System\fexZPsn.exe
  2⤵
  PID:8492
- C:\Windows\System\xEePqAf.exe
  C:\Windows\System\xEePqAf.exe
  2⤵
  PID:8576
- C:\Windows\System\lyDCtCm.exe
  C:\Windows\System\lyDCtCm.exe
  2⤵
  PID:8788
- C:\Windows\System\hkEBfJa.exe
  C:\Windows\System\hkEBfJa.exe
  2⤵
  PID:8804
- C:\Windows\System\BgOaLkX.exe
  C:\Windows\System\BgOaLkX.exe
  2⤵
  PID:8252
- C:\Windows\System\DQmkZjz.exe
  C:\Windows\System\DQmkZjz.exe
  2⤵
  PID:9100
- C:\Windows\System\TSVIwlB.exe
  C:\Windows\System\TSVIwlB.exe
  2⤵
  PID:8980
- C:\Windows\System\qvFOKKD.exe
  C:\Windows\System\qvFOKKD.exe
  2⤵
  PID:7748
- C:\Windows\System\sbQidbG.exe
  C:\Windows\System\sbQidbG.exe
  2⤵
  PID:8300
- C:\Windows\System\qrvDlRt.exe
  C:\Windows\System\qrvDlRt.exe
  2⤵
  PID:9116
- C:\Windows\System\eBXTjoB.exe
  C:\Windows\System\eBXTjoB.exe
  2⤵
  PID:9196
- C:\Windows\System\CcdaxbO.exe
  C:\Windows\System\CcdaxbO.exe
  2⤵
  PID:8556
- C:\Windows\System\abroBZS.exe
  C:\Windows\System\abroBZS.exe
  2⤵
  PID:8960
- C:\Windows\System\pOawUIg.exe
  C:\Windows\System\pOawUIg.exe
  2⤵
  PID:8996
- C:\Windows\System\UIMWRev.exe
  C:\Windows\System\UIMWRev.exe
  2⤵
  PID:8612
- C:\Windows\System\aOxthJO.exe
  C:\Windows\System\aOxthJO.exe
  2⤵
  PID:8424
- C:\Windows\System\dZQchbt.exe
  C:\Windows\System\dZQchbt.exe
  2⤵
  PID:9212
- C:\Windows\System\cEKiOLO.exe
  C:\Windows\System\cEKiOLO.exe
  2⤵
  PID:9164
- C:\Windows\System\pWNXXQt.exe
  C:\Windows\System\pWNXXQt.exe
  2⤵
  PID:8552
- C:\Windows\System\ZnwjXyw.exe
  C:\Windows\System\ZnwjXyw.exe
  2⤵
  PID:8388
- C:\Windows\System\ZqNmrrX.exe
  C:\Windows\System\ZqNmrrX.exe
  2⤵
  PID:9048
- C:\Windows\System\yheOTeA.exe
  C:\Windows\System\yheOTeA.exe
  2⤵
  PID:9028
- C:\Windows\System\MfIorXT.exe
  C:\Windows\System\MfIorXT.exe
  2⤵
  PID:8916
- C:\Windows\System\uDKSVpO.exe
  C:\Windows\System\uDKSVpO.exe
  2⤵
  PID:9228
- C:\Windows\System\rBHGEkl.exe
  C:\Windows\System\rBHGEkl.exe
  2⤵
  PID:9244
- C:\Windows\System\ltJwDiO.exe
  C:\Windows\System\ltJwDiO.exe
  2⤵
  PID:9260
- C:\Windows\System\VtNfhan.exe
  C:\Windows\System\VtNfhan.exe
  2⤵
  PID:9276
- C:\Windows\System\qDzULUl.exe
  C:\Windows\System\qDzULUl.exe
  2⤵
  PID:9296
- C:\Windows\System\dBPPtSA.exe
  C:\Windows\System\dBPPtSA.exe
  2⤵
  PID:9332
- C:\Windows\System\gSmWxvN.exe
  C:\Windows\System\gSmWxvN.exe
  2⤵
  PID:9352
- C:\Windows\System\LUBaopF.exe
  C:\Windows\System\LUBaopF.exe
  2⤵
  PID:9368
- C:\Windows\System\jvztXYN.exe
  C:\Windows\System\jvztXYN.exe
  2⤵
  PID:9388
- C:\Windows\System\twOaTUd.exe
  C:\Windows\System\twOaTUd.exe
  2⤵
  PID:9444
- C:\Windows\System\NVhATBx.exe
  C:\Windows\System\NVhATBx.exe
  2⤵
  PID:9460
- C:\Windows\System\adUwKZL.exe
  C:\Windows\System\adUwKZL.exe
  2⤵
  PID:9476
- C:\Windows\System\aBTyrqi.exe
  C:\Windows\System\aBTyrqi.exe
  2⤵
  PID:9500
- C:\Windows\System\PeiVVvg.exe
  C:\Windows\System\PeiVVvg.exe
  2⤵
  PID:9524
- C:\Windows\System\OlgvOXp.exe
  C:\Windows\System\OlgvOXp.exe
  2⤵
  PID:9544
- C:\Windows\System\hFDbyAF.exe
  C:\Windows\System\hFDbyAF.exe
  2⤵
  PID:9564
- C:\Windows\System\nqhVvDt.exe
  C:\Windows\System\nqhVvDt.exe
  2⤵
  PID:9584
- C:\Windows\System\dmVfPvc.exe
  C:\Windows\System\dmVfPvc.exe
  2⤵
  PID:9604
- C:\Windows\System\qyhIXEg.exe
  C:\Windows\System\qyhIXEg.exe
  2⤵
  PID:9624
- C:\Windows\System\wxHMsLG.exe
  C:\Windows\System\wxHMsLG.exe
  2⤵
  PID:9648
- C:\Windows\System\DRLlSEv.exe
  C:\Windows\System\DRLlSEv.exe
  2⤵
  PID:9664
- C:\Windows\System\PAHdPfx.exe
  C:\Windows\System\PAHdPfx.exe
  2⤵
  PID:9692
- C:\Windows\System\knEuVYO.exe
  C:\Windows\System\knEuVYO.exe
  2⤵
  PID:9712
- C:\Windows\System\IBGnnIG.exe
  C:\Windows\System\IBGnnIG.exe
  2⤵
  PID:9728
- C:\Windows\System\FnCbgfK.exe
  C:\Windows\System\FnCbgfK.exe
  2⤵
  PID:9756
- C:\Windows\System\YpsCgbP.exe
  C:\Windows\System\YpsCgbP.exe
  2⤵
  PID:9772
- C:\Windows\System\RAjfWfF.exe
  C:\Windows\System\RAjfWfF.exe
  2⤵
  PID:9792
- C:\Windows\System\ZwrxGbk.exe
  C:\Windows\System\ZwrxGbk.exe
  2⤵
  PID:9812
- C:\Windows\System\LQlvuJe.exe
  C:\Windows\System\LQlvuJe.exe
  2⤵
  PID:9828
- C:\Windows\System\YxDvlft.exe
  C:\Windows\System\YxDvlft.exe
  2⤵
  PID:9852
- C:\Windows\System\EhZyJzv.exe
  C:\Windows\System\EhZyJzv.exe
  2⤵
  PID:9868
- C:\Windows\System\CMXfxlk.exe
  C:\Windows\System\CMXfxlk.exe
  2⤵
  PID:9888
- C:\Windows\System\HzxbqgI.exe
  C:\Windows\System\HzxbqgI.exe
  2⤵
  PID:9904
- C:\Windows\System\OCBsXbI.exe
  C:\Windows\System\OCBsXbI.exe
  2⤵
  PID:9920
- C:\Windows\System\GOGMdsL.exe
  C:\Windows\System\GOGMdsL.exe
  2⤵
  PID:9940
- C:\Windows\System\KEzanMC.exe
  C:\Windows\System\KEzanMC.exe
  2⤵
  PID:9956
- C:\Windows\System\BrIRkKg.exe
  C:\Windows\System\BrIRkKg.exe
  2⤵
  PID:9976
- C:\Windows\System\voNoGPI.exe
  C:\Windows\System\voNoGPI.exe
  2⤵
  PID:9992
- C:\Windows\System\RwBWmJM.exe
  C:\Windows\System\RwBWmJM.exe
  2⤵
  PID:10012
- C:\Windows\System\bgbYMfg.exe
  C:\Windows\System\bgbYMfg.exe
  2⤵
  PID:10032
- C:\Windows\System\pCauQlX.exe
  C:\Windows\System\pCauQlX.exe
  2⤵
  PID:10076
- C:\Windows\System\QUxwYFl.exe
  C:\Windows\System\QUxwYFl.exe
  2⤵
  PID:10096
- C:\Windows\System\eSqxOvI.exe
  C:\Windows\System\eSqxOvI.exe
  2⤵
  PID:10112
- C:\Windows\System\WYcanSO.exe
  C:\Windows\System\WYcanSO.exe
  2⤵
  PID:10132
- C:\Windows\System\GAjqaXO.exe
  C:\Windows\System\GAjqaXO.exe
  2⤵
  PID:10152
- C:\Windows\System\KpMoFsD.exe
  C:\Windows\System\KpMoFsD.exe
  2⤵
  PID:10168
- C:\Windows\System\mLHxRxo.exe
  C:\Windows\System\mLHxRxo.exe
  2⤵
  PID:10188
- C:\Windows\System\IBoMbfx.exe
  C:\Windows\System\IBoMbfx.exe
  2⤵
  PID:10204
- C:\Windows\System\hpglfmk.exe
  C:\Windows\System\hpglfmk.exe
  2⤵
  PID:9240
- C:\Windows\System\GPylGDI.exe
  C:\Windows\System\GPylGDI.exe
  2⤵
  PID:9328
- C:\Windows\System\JDkfFEr.exe
  C:\Windows\System\JDkfFEr.exe
  2⤵
  PID:9396
- C:\Windows\System\RnMCxtF.exe
  C:\Windows\System\RnMCxtF.exe
  2⤵
  PID:9408
- C:\Windows\System\kmPMDjx.exe
  C:\Windows\System\kmPMDjx.exe
  2⤵
  PID:8756
- C:\Windows\System\VMpqqfW.exe
  C:\Windows\System\VMpqqfW.exe
  2⤵
  PID:8592
- C:\Windows\System\jkLiCmh.exe
  C:\Windows\System\jkLiCmh.exe
  2⤵
  PID:9252
- C:\Windows\System\oYdwavi.exe
  C:\Windows\System\oYdwavi.exe
  2⤵
  PID:9340
- C:\Windows\System\QdQDYMQ.exe
  C:\Windows\System\QdQDYMQ.exe
  2⤵
  PID:9380
- C:\Windows\System\xZAQCYd.exe
  C:\Windows\System\xZAQCYd.exe
  2⤵
  PID:9432
- C:\Windows\System\AxPyaTF.exe
  C:\Windows\System\AxPyaTF.exe
  2⤵
  PID:9400
- C:\Windows\System\KVrpVLi.exe
  C:\Windows\System\KVrpVLi.exe
  2⤵
  PID:9484
- C:\Windows\System\mmcfzma.exe
  C:\Windows\System\mmcfzma.exe
  2⤵
  PID:9508
- C:\Windows\System\andbuxQ.exe
  C:\Windows\System\andbuxQ.exe
  2⤵
  PID:9532
- C:\Windows\System\xNohrPS.exe
  C:\Windows\System\xNohrPS.exe
  2⤵
  PID:9556
- C:\Windows\System\UsPefmA.exe
  C:\Windows\System\UsPefmA.exe
  2⤵
  PID:9592
- C:\Windows\System\tiimfIl.exe
  C:\Windows\System\tiimfIl.exe
  2⤵
  PID:9616
- C:\Windows\System\QeNGMnX.exe
  C:\Windows\System\QeNGMnX.exe
  2⤵
  PID:9672
- C:\Windows\System\NLGCqBE.exe
  C:\Windows\System\NLGCqBE.exe
  2⤵
  PID:9680
- C:\Windows\System\FtwUgPJ.exe
  C:\Windows\System\FtwUgPJ.exe
  2⤵
  PID:9720
- C:\Windows\System\hxzITsE.exe
  C:\Windows\System\hxzITsE.exe
  2⤵
  PID:9780
- C:\Windows\System\XAWzxMk.exe
  C:\Windows\System\XAWzxMk.exe
  2⤵
  PID:9764
- C:\Windows\System\gkihynq.exe
  C:\Windows\System\gkihynq.exe
  2⤵
  PID:9800
- C:\Windows\System\zQgESxG.exe
  C:\Windows\System\zQgESxG.exe
  2⤵
  PID:9836
- C:\Windows\System\CUcRLPh.exe
  C:\Windows\System\CUcRLPh.exe
  2⤵
  PID:9864
- C:\Windows\System\DPdZeKI.exe
  C:\Windows\System\DPdZeKI.exe
  2⤵
  PID:9900
- C:\Windows\System\eaRRxou.exe
  C:\Windows\System\eaRRxou.exe
  2⤵
  PID:9912
- C:\Windows\System\oXRNOds.exe
  C:\Windows\System\oXRNOds.exe
  2⤵
  PID:9988
- C:\Windows\System\SiWUuGM.exe
  C:\Windows\System\SiWUuGM.exe
  2⤵
  PID:9932
- C:\Windows\System\adRAOsY.exe
  C:\Windows\System\adRAOsY.exe
  2⤵
  PID:9972
- C:\Windows\System\CUUZVqC.exe
  C:\Windows\System\CUUZVqC.exe
  2⤵
  PID:10068
- C:\Windows\System\WKIWLSl.exe
  C:\Windows\System\WKIWLSl.exe
  2⤵
  PID:10092
- C:\Windows\System\XQcVqIA.exe
  C:\Windows\System\XQcVqIA.exe
  2⤵
  PID:10124
- C:\Windows\System\DsBslDh.exe
  C:\Windows\System\DsBslDh.exe
  2⤵
  PID:10148
- C:\Windows\System\DvvKnIY.exe
  C:\Windows\System\DvvKnIY.exe
  2⤵
  PID:10212
- C:\Windows\System\bpJprzY.exe
  C:\Windows\System\bpJprzY.exe
  2⤵
  PID:10236
- C:\Windows\System\edEHeZK.exe
  C:\Windows\System\edEHeZK.exe
  2⤵
  PID:9360
- C:\Windows\System\aINXuQg.exe
  C:\Windows\System\aINXuQg.exe
  2⤵
  PID:9220
- C:\Windows\System\GXeMLUh.exe
  C:\Windows\System\GXeMLUh.exe
  2⤵
  PID:9424
- C:\Windows\System\OioLIzT.exe
  C:\Windows\System\OioLIzT.exe
  2⤵
  PID:9708
- C:\Windows\System\DJDIDoj.exe
  C:\Windows\System\DJDIDoj.exe
  2⤵
  PID:9600
- C:\Windows\System\uMMbDcQ.exe
  C:\Windows\System\uMMbDcQ.exe
  2⤵
  PID:9660
- C:\Windows\System\VXfbXLE.exe
  C:\Windows\System\VXfbXLE.exe
  2⤵
  PID:9284
- C:\Windows\System\bvhbOne.exe
  C:\Windows\System\bvhbOne.exe
  2⤵
  PID:9520
- C:\Windows\System\HgNhtft.exe
  C:\Windows\System\HgNhtft.exe
  2⤵
  PID:9860
- C:\Windows\System\UnESuXI.exe
  C:\Windows\System\UnESuXI.exe
  2⤵
  PID:10028
- C:\Windows\System\cVeVBla.exe
  C:\Windows\System\cVeVBla.exe
  2⤵
  PID:10044
- C:\Windows\System\SMFJJsC.exe
  C:\Windows\System\SMFJJsC.exe
  2⤵
  PID:10064
- C:\Windows\System\YyNbxZA.exe
  C:\Windows\System\YyNbxZA.exe
  2⤵
  PID:9640
- C:\Windows\System\TkoKIQF.exe
  C:\Windows\System\TkoKIQF.exe
  2⤵
  PID:9916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AKfYipw.exe

Filesize
6.0MB

MD5
4882976a11dcc7e7f98f8ae2a7ddec67

SHA1
dcb5e1e72266e500931f50787082941f023a7987

SHA256
7cde0169a950e3cc18a1b321711c617f995ae06b484eda64caa12a40c73348c8

SHA512
d27c1945ee5eddd02d701a71fd2807ab2715e295b4799559b5aaddfc809d16f64009c3d19c7e2fcffb977570f900d87ae9ed26b4bb035e18b77abd46df7f7d49

Download Submit
C:\Windows\system\DYYAgAl.exe

Filesize
6.0MB

MD5
318525914961ad02a778d4780cde9d35

SHA1
a59e0d3da35e288e6a6d8584d519b6882f5de545

SHA256
b8f8f1729df76844d7060260f0d64e1da0c3eeb4dbd9c721dc55cdaf1c49345e

SHA512
ed98c70f74cbcb16fb58d3cfd889bc50c5aaed0b8bf047cd7002fb1c3fde750bc8dfbb6276ce3a09ad162a5bc2278c5181af041c677c031628f3934e2b90f6d9

Download Submit
C:\Windows\system\HSqPUzh.exe

Filesize
6.0MB

MD5
c88e0eb98b2d50e9109aeb215ef00687

SHA1
d2fb17cd5524a3b67830c9fd6697599df36fd396

SHA256
828e9a85f8e42f2ebb28eb477bb1448f47930a8461f0935818e3632b730ec624

SHA512
0f6d0505c07beef368a2e90ffc11a5a6aac9baf5d8723f735d37ee3e80416d8deb8040c2c1b0c2c60bb66a8a994f053360f04f33741874164da596a3e8cb5df4

Download Submit
C:\Windows\system\JHedVCR.exe

Filesize
6.0MB

MD5
b4f351efe4d4b226ec8763adc9424ee0

SHA1
2cfebc3e72584801fa5397469606100ea18db22a

SHA256
bba6512ca87aa51836a43a7fc0e1299f8e1508b373fcd9e73cad2dccc58cf9ea

SHA512
2c7bd8815e82b8667142aeb4b454a57b2ce7cf5f0625504e1319c65ab5abb4b941d8931f9ca6963e00faecda4ec0d53a68a955d65242f30b0ff68e5134793836

Download Submit
C:\Windows\system\JVDWWMq.exe

Filesize
6.0MB

MD5
e22cf4004390d5a8c9b3c6b2df6ddfca

SHA1
81dc8365ea866c8a56b7901c8ebc2f0de7dad4e9

SHA256
f3f9f3f627481a2204d8bea437190c0fb02f8a502d65d5c22a995f316acb65c0

SHA512
dd9e4839cfa49c23c0c9fe8d42ad7fd96cd00d40bf84d5fed49f11cee2a7b5cc6fb94927c4cebe6fe463dc397c266be21200c109a6ea5f99ecab800c72d0a2b0

Download Submit
C:\Windows\system\MaOVmKN.exe

Filesize
6.0MB

MD5
156c9872903088bcce697d3a9afc45b4

SHA1
02e3871781f15246278fed0ab939727db11d8105

SHA256
4badd55c4c08b7d2e398707644f8f5e34f94176826880b0fa5b74cd42cabf74e

SHA512
b0c570dd7e352525d820443f518ccf33075a73924d3259491ca033a63fe3201cbd3c6025f316565b10e038057edb57ec8eb0ba41109e7b1d4b00981ef556d8c5

Download Submit
C:\Windows\system\NNANvHU.exe

Filesize
6.0MB

MD5
939de0f2d28ec82dd04a1c0e6ba4d91e

SHA1
250da9fdc3bdf7146c8868cbf7a2d09d84c7374a

SHA256
cd99279e21568fbc8c94dd09c0a32425c4b28ca7e288d8605f765b403bf0866c

SHA512
f21254c5961cca3dcedeb51457dbad9c3f0c8680c5cb4194752c6d48375719dd4fd6f873b3f55353e47d413b85b58fb117be8d9b5c55e481ff32eec1e0146b5e

Download Submit
C:\Windows\system\PwezqXC.exe

Filesize
6.0MB

MD5
0c5b3c3631eacc9bed2c68a5a891b063

SHA1
3d25d10736d107832503a5ab64c3c756dcee27a9

SHA256
03f034dd0c2a6f6cd4ad3e4812c83d064abace65b781ea7bfd9aaaad8ea120eb

SHA512
317ca31b2ae72d02c85e8bbd3031771fc4c42aac6c8bd75159193d776de2b7bd3adb15665cb2ae69b5c646f20cc29ceb57a5dc1e83d557cff15101187e2c9d6c

Download Submit
C:\Windows\system\QTetkiP.exe

Filesize
6.0MB

MD5
48b37ade6d1c2a3faeaff0e05c4bdb7f

SHA1
f3c85a99b08ab514912ca9205d1a0e1bcb99863a

SHA256
7aebbeaa7ad9e2e0cee552081b0747cdb945aab91d8c38e9d64efe461558a8a1

SHA512
ed78cd9384afe3f84278e223e569066ea7e6343ecc98addc11e5b2440e6c2cf6cf9b8ca1b50753fbb05c0ba5ad344c7bcc9f06b60d406a8db4601fdb7d009381

Download Submit
C:\Windows\system\SZtowPv.exe

Filesize
6.0MB

MD5
3820396baa8a5dad683cc0c26d41299e

SHA1
ab132d96efe3f49934d38247361affda5d906f66

SHA256
b8e8b3594956021f795e176812e6dc6805cde8ed7655b3e8b1b7e0bf87b95b58

SHA512
c775bc8e72933b11b1549044c7f1f5279d4d8b39d92317f01d462aaa66c47c491286fdfe3f32dcc26eb240e4bf209189bd94ab28ededce09928cd63526456d6e

Download Submit
C:\Windows\system\UjUfdgw.exe

Filesize
6.0MB

MD5
9bae63bf5d771dd4b8e0f1c5e5f773da

SHA1
b3d37756c1fdbdd6771acb584987f269577f3b9a

SHA256
55871aa1ffcfdfd2eb785272a3758813c1dcb14b6dc079ad64cc81279dc95eb7

SHA512
d1c48adfcbdb24cc027b4668befa15d6f66592d1513b3f8f1009f2d7b680420d78c4e2c6d4d3b9b1b6f3dc3cc208f0113557098e371ab1884a3aea24834d6330

Download Submit
C:\Windows\system\XxJdPyW.exe

Filesize
6.0MB

MD5
cafd4735bcc11d90d2b195a93f96be42

SHA1
dec5aa7d599521f0443fde4ab63c0c2fea957e8e

SHA256
3ee2951b86cac65eacee8d24f161c64a8005c389ba7297f68116745e481d5834

SHA512
c2eb5bddfd4ea44c3700d69a30f7bf303e7b5dc6c467b3805a07b7ea77001774c4a354ed2859f22dc9b2b415923bce58f78d529b999edf9fcced98b0d4177fab

Download Submit
C:\Windows\system\ZJVLfQs.exe

Filesize
6.0MB

MD5
34232a8e3eed07361336cbbe37a0fcbe

SHA1
d4305ec8ae3a5fa5297c3e451a1765415f13478b

SHA256
c490721a06df1423d79f6954d398bb80f1b1129116536c0017f9af7ff2bcd860

SHA512
5396ba8cbb1f66bb4b89e424ed25af55cf0eedd56eba1dfb2e2a1dc102673ac374f51844a5349539144f7ecbeda538b7dd91b2912386b310f435677f46516c2d

Download Submit
C:\Windows\system\almNwYi.exe

Filesize
6.0MB

MD5
869691a30477dc5579af983d4af132fc

SHA1
dadec058d48de46fa0481b9b543c24a6e9783f9f

SHA256
357b7a2afc62d2cde1574f770d83d677aa8122376015f28a6832ad37c8ada0a3

SHA512
5901acf859ec0a7ab068b6d620bd20901a56be5252e1da1f1d4597dd35c1b085b69d906d060b0e8750c47ea7b1b042ac3266fa5c9fb37ce542ad0d7638f3c5db

Download Submit
C:\Windows\system\buswhrs.exe

Filesize
6.0MB

MD5
392b093c05b3aa0cc7d83c362e71c23d

SHA1
ad4a2c00e713795e9fb05756809d13bc927f1130

SHA256
624d6361a51c25c359de06c0f5e536670da3902529a13eff97dfc674cd1dbca2

SHA512
571b0d997f5c2db7b9c56b3a947a47687d40a79862954dc4655a5b82865645dc29727b67eab0eb30baf9cc3581cd654bae76ac20d795cd8218504f94c60d8327

Download Submit
C:\Windows\system\jKSgogU.exe

Filesize
6.0MB

MD5
8a2fa3d7b45ab6eccb508f02a0ae74c0

SHA1
c77c312b68d65eca4db344a3c26fa79547896981

SHA256
ce2bc0295edf1683f2cb2a146228099a04408e38ff19f277ee2118c3b3492b39

SHA512
4203d1cee43e93d28eb515e12bae754478f018886bb322b0d6e5a87f9f8545310758f98411a2ad02cda5a338cb9b380967a5b262caa4722ed2d98aea51de9210

Download Submit
C:\Windows\system\kVUAxEo.exe

Filesize
6.0MB

MD5
a0079b9c73c10bf6583f6b250db910ba

SHA1
dd2beb067cc4e03a1ef8c56c0c49a83dabedc966

SHA256
4dadf5cfb6a9bcc62e27706a168b391d8a15cd92e543a4ad4487a349ecbeb85c

SHA512
1fc5f32bacfa3622c3b2c79f4c80e1c1513e13344810e1d5d9f50f6e593702da209d0b8e89f069f850ecccb7a63cdd0a4f330f03f03907e60bd89615633854bd

Download Submit
C:\Windows\system\kkDCrCe.exe

Filesize
6.0MB

MD5
0237e9da1c991d3e827832e79cbc5e83

SHA1
3652a3cc6e291387941aad2ffae44e88b1f9f444

SHA256
43f45161bb66890bc4f8ef9c478950de6f43b410555b1fee20af5208dc78f3e8

SHA512
0a6940ff9e3081ab8399443445ea766610c005b02d2732a7635d4614b34817cf7d3bb7cdf6fbdda6d1dfed491ad260bff2c9c29d250cbfd34c443f05fbf86566

Download Submit
C:\Windows\system\lgpIXlQ.exe

Filesize
6.0MB

MD5
11ec8f4f2a39c2b57f4d809cf0fbba42

SHA1
93dad1e2335d194ce4039ecf098cbe44a3978cb1

SHA256
74d8d58a634470956448c5f42eb122740a2c472f6d30c82aa36d926dd22f41de

SHA512
f740cfb2010c37cfcf61b34b3e52836b0808e7a4138aed38e457637682eba3cfa2d77a829f9da8f90ac3f389d54e7a1d9cdbc1a0ab0e6772f1a07c36a56de4b0

Download Submit
C:\Windows\system\lmjIPDp.exe

Filesize
6.0MB

MD5
9f5328a15ec0eefd8a3aae850822b224

SHA1
547a9606806320ea58f127b5be3651bd3cbb3a96

SHA256
4e2dca75dce9f356991800896d2c2e7df7a195ff5fef7303e2753f085698f42d

SHA512
3261e13da93bd4f0c1d14889f28eceaeaa0d481aa6c824e29fe5939ee86636fae78be34f1c391d762bfbb05b64538ab6fb71a5bf00938ad1746bb12d7839981a

Download Submit
C:\Windows\system\mTKvqIs.exe

Filesize
6.0MB

MD5
83407d0aea6c754d191f0918c4969789

SHA1
a57d91f83f90fa9b7ffba741cdc402ebbefa0d18

SHA256
044a42ef15e6f539f6b3a070b8352f8bf9097a5d2c0abd55649ea14e06ebe39b

SHA512
940e1843f108a6cfad5a8c094e82f371ce6bb5d8bd9d4b9e72fcd12a979355d5f9a6ee5f1e0384ef33cebd9239a40ed8c5ca7ebc601859e2aa5f11ce100caf0f

Download Submit
C:\Windows\system\mUniEgM.exe

Filesize
6.0MB

MD5
f95c8a9bb02f42805a174d21774e4310

SHA1
0918fc84aa1fa99fc649139e9a3d6a6ac7b323f4

SHA256
b7e07c1f4d48259011aa5c0a512f832b6e4c6fcb9c4464e9c06aa558cf517585

SHA512
21994ebada58777919b7594465b40f93b9d9f078dd7625253a6b7986b9524c6a84cbd98634984884acf89daabc1982fd6c6ce1569cb3ce7533ef3ef9bd45aa59

Download Submit
C:\Windows\system\pHUieUk.exe

Filesize
6.0MB

MD5
015997775bde3c21c2d84dadb3bd19be

SHA1
5ff23be58232c7f60f8213614684668a4c0539d9

SHA256
2c23e0526a49d9bca7451e9ff220a903bc85ea5d243e209939ce457388a5e845

SHA512
9a854e0154e2ec4c456a658b6f8a5b50b10ad8c1d5bca547e7020400a8d63e30a16b7b80f77cf0beb04bd86801e8925d4f0436de9e986c9687ff195765be16f8

Download Submit
C:\Windows\system\qJrrUZB.exe

Filesize
6.0MB

MD5
026eca20d44480fb0c735c3e84e170a1

SHA1
642265a626b90b2b20e96ce5083578c0b8eddb2c

SHA256
d8c221827159b8af35cf2c8c1fd6bd45ddd0687ac222b92a3244bf29ee5b8225

SHA512
bc2d66458f926d7681ffd9df5431eded3039c91019d627d94bcd43ffca2b6864b808e7783e3d7f5e5923c5d9651148018eb06023c8c4ba564c90a5df07d6a32a

Download Submit
C:\Windows\system\qQwLVgI.exe

Filesize
6.0MB

MD5
919c032aabacecb0ae4ed3537b938635

SHA1
9b5f92d23ec934f926ebca0ab455ebbc347d7448

SHA256
e734c9b9b59c69a5846dd54601430d3d0b7d47b85bcc4eedb582371cdbefbe5e

SHA512
51b31d0724fba0ddca8bf4ae6ed70019209b41219c9d97894d09142801a60b249c2913154a4dba6c096895da106cabd90003efbeeb62eb997fa02f8fba3e60cb

Download Submit
C:\Windows\system\qgYyIyB.exe

Filesize
6.0MB

MD5
13093193d19500e68b58b6bbc7673518

SHA1
72ce55a4a64c639c922103e6fde42f3ac20e7cf1

SHA256
c01f2a774dade97240b1962b28b3bd48f097a863e934f6044362adca1f693af9

SHA512
72b47c319b1703ff10958debc8a986a5ea6a56eb893b1b4efff2c584a58ee0330916b0c26207a14c61d201da889877f057584372c3f1c443e5b15c853f25ecff

Download Submit
C:\Windows\system\uDMehsZ.exe

Filesize
6.0MB

MD5
74a5c8b6e961dd51b5056a522990aa36

SHA1
ae65894678ef9223e58e60c2404fe4955914851d

SHA256
71fd87d426338f1cd9c53341fd47e46ad732467f9fa4637c027a3b60833c861f

SHA512
6d6b889e6a51d7358a83b2ad8a7b5833beb9e9a87f547335532ebfe37e2265b8f2f586b8464453f34ca2d48aa923ac62d9ab313abd70cf256ecd9acfd16339b2

Download Submit
C:\Windows\system\uyKtpSS.exe

Filesize
6.0MB

MD5
87bb5db8229af5aa5699d780b2ef6f9c

SHA1
bb7823f58e57a34f3801d9ea2082b177e241d870

SHA256
3548454a7fa2e65e4a4fbcb18a5091f9cf6807e394852edcd5b79ce4e5450831

SHA512
d0c65b9fd00bbc8a0f4dea429e4134f136c69cae0188add5464da6f10c77974f7b9bdd99cce1f56d7b0ca3cfada58fe096f39cd0c5bd47aa57533c6a72140c5d

Download Submit
C:\Windows\system\xYKcIRY.exe

Filesize
6.0MB

MD5
601a7fecb74c5ce3420d5bba2161059e

SHA1
279a3e77ea7f7173ceaf5ae35724351ad170956c

SHA256
312a0f569e3ae4999cb0183a7d5b0d3db56273df7b5291886958afe98e92c20c

SHA512
742c3265ae5419e2546b395bbc9148443f473bbe1e156f5a54b1a94d7c387af25ab3b9017ce351c5686d71fc3f21915202acfe1fa0c040a3ce101768f0994c23

Download Submit
\Windows\system\XEcnslA.exe

Filesize
6.0MB

MD5
b43b43e5c41cc522caadbd20684aa601

SHA1
b4957d51d78a462f82819faddf5e6fda9ebe6524

SHA256
429cec0f72f66cd7d27b830a06d6a38aa2974c864c8289bbfe69e19626934e9e

SHA512
e82ce7a988862213f76fb0aef90cc83ac25d45e5a92e056c60829c03a42d774289ba803aeaec58516848748206ad18dd4b1af8a0501d4a350e2e7a1b4737c9bf

Download Submit
\Windows\system\dBuMZSR.exe

Filesize
6.0MB

MD5
0a0b4c0b8ae8eb4f699ec5338df08cd5

SHA1
07b7e93b6fd2386a04503411bf4f114d0da4772c

SHA256
2f98fa91d48f44d01ee07fc79fd0bd8d225ab32599167bfc2e2b4f5c2ae4b100

SHA512
16a3afb05276ee468cf0d3a657c63cc2877cbdefc47701b011361ab8ddd19adac5283dddda5431ef4a562834cb89c50d02dbf4664c83492b390d9b8c69cc5103

Download Submit
\Windows\system\nnhklBD.exe

Filesize
6.0MB

MD5
6c377b88a06fd7b3649417f0fd45bcc0

SHA1
41224c2111d0cec48a76d458984f60e7d2683290

SHA256
f569e5afde050c5e99f6529eda900ccf151620189087c1caf9a6df439590bb1d

SHA512
ca8b9814f2ee96f35e9ef40861e7cb565d83da684da8c79675b62aba127cfedeee517541e26db7fbe44d598842e6d8ef574d623e693a51ea0928ce0992c5fe1b

Download Submit
memory/2672-3177-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2672-2078-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3172-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-2318-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-3166-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-1883-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3157-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1974-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2780-2268-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3161-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3160-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2356-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3005-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2270-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-0-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2915-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2921-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2996-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3003-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3002-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2320-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3006-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3007-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2932-3008-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2081-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1980-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1901-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2932-1745-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1747-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download