cobaltstrike | 3a25f12ec9454cc15af340178f767022a250082c77f9323cabaf5b5f1dab7487

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-11-2024 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a316e01c07e825096964439f4719d26f
SHA1

ac1ed6798134e0551e1debce7e41bd32833c52cb
SHA256

3a25f12ec9454cc15af340178f767022a250082c77f9323cabaf5b5f1dab7487
SHA512

6d3fc57925820015374fc3a15aa15d76cebf015214493834cf5382a38ff8bc9d9d25bbde8ed14d7aabf04a411a5d3bd30c7241e9c343d755d7c0ca7d5c97487b
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU8:T+q56utgpPF8u/78

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\tDkeGfh.exe	cobalt_reflective_dll
\Windows\system\CrSjvOO.exe	cobalt_reflective_dll
\Windows\system\JPxugHo.exe	cobalt_reflective_dll
C:\Windows\system\zkRTjnM.exe	cobalt_reflective_dll
C:\Windows\system\vdYjail.exe	cobalt_reflective_dll
C:\Windows\system\hsbefLz.exe	cobalt_reflective_dll
C:\Windows\system\SnPgcfT.exe	cobalt_reflective_dll
C:\Windows\system\KWqOqtA.exe	cobalt_reflective_dll
C:\Windows\system\LJIlIvo.exe	cobalt_reflective_dll
C:\Windows\system\IwJGNUo.exe	cobalt_reflective_dll
C:\Windows\system\ecNpShi.exe	cobalt_reflective_dll
C:\Windows\system\uaupstM.exe	cobalt_reflective_dll
C:\Windows\system\kmehIfQ.exe	cobalt_reflective_dll
C:\Windows\system\PDruNEm.exe	cobalt_reflective_dll
C:\Windows\system\YnxhFRU.exe	cobalt_reflective_dll
C:\Windows\system\NKGRyDC.exe	cobalt_reflective_dll
C:\Windows\system\dcJhPjq.exe	cobalt_reflective_dll
C:\Windows\system\CtZiRwh.exe	cobalt_reflective_dll
C:\Windows\system\ZSiIGSm.exe	cobalt_reflective_dll
C:\Windows\system\bVnfuLU.exe	cobalt_reflective_dll
C:\Windows\system\UkYhtkX.exe	cobalt_reflective_dll
C:\Windows\system\KwpzWpR.exe	cobalt_reflective_dll
C:\Windows\system\FSAAZKe.exe	cobalt_reflective_dll
C:\Windows\system\oLOsIjC.exe	cobalt_reflective_dll
C:\Windows\system\EvuoHvl.exe	cobalt_reflective_dll
C:\Windows\system\kNEGtDb.exe	cobalt_reflective_dll
C:\Windows\system\AExnNOU.exe	cobalt_reflective_dll
C:\Windows\system\mkQVCWa.exe	cobalt_reflective_dll
C:\Windows\system\dJGUVsV.exe	cobalt_reflective_dll
C:\Windows\system\cdwuwDh.exe	cobalt_reflective_dll
\Windows\system\zKICxwr.exe	cobalt_reflective_dll
C:\Windows\system\oGfAJNi.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2076-0-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
\Windows\system\tDkeGfh.exe	xmrig
\Windows\system\CrSjvOO.exe	xmrig
behavioral1/memory/2828-14-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2720-13-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
\Windows\system\JPxugHo.exe	xmrig
behavioral1/memory/2836-31-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
C:\Windows\system\zkRTjnM.exe	xmrig
behavioral1/memory/2768-44-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
C:\Windows\system\vdYjail.exe	xmrig
behavioral1/memory/2688-55-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2128-66-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/3032-76-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/1996-81-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2076-99-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
C:\Windows\system\hsbefLz.exe	xmrig
C:\Windows\system\SnPgcfT.exe	xmrig
C:\Windows\system\KWqOqtA.exe	xmrig
behavioral1/memory/2184-647-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/592-705-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/1996-522-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2884-390-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/2076-219-0x00000000022E0000-0x0000000002634000-memory.dmp	xmrig
C:\Windows\system\LJIlIvo.exe	xmrig
C:\Windows\system\IwJGNUo.exe	xmrig
C:\Windows\system\ecNpShi.exe	xmrig
C:\Windows\system\uaupstM.exe	xmrig
C:\Windows\system\kmehIfQ.exe	xmrig
C:\Windows\system\PDruNEm.exe	xmrig
C:\Windows\system\YnxhFRU.exe	xmrig
C:\Windows\system\NKGRyDC.exe	xmrig
C:\Windows\system\dcJhPjq.exe	xmrig
C:\Windows\system\CtZiRwh.exe	xmrig
C:\Windows\system\ZSiIGSm.exe	xmrig
C:\Windows\system\bVnfuLU.exe	xmrig
C:\Windows\system\UkYhtkX.exe	xmrig
C:\Windows\system\KwpzWpR.exe	xmrig
behavioral1/memory/2184-90-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2076-88-0x00000000022E0000-0x0000000002634000-memory.dmp	xmrig
C:\Windows\system\FSAAZKe.exe	xmrig
behavioral1/memory/2076-102-0x00000000022E0000-0x0000000002634000-memory.dmp	xmrig
behavioral1/memory/592-95-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
C:\Windows\system\oLOsIjC.exe	xmrig
C:\Windows\system\EvuoHvl.exe	xmrig
C:\Windows\system\kNEGtDb.exe	xmrig
behavioral1/memory/2884-75-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
C:\Windows\system\AExnNOU.exe	xmrig
behavioral1/memory/408-69-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2076-68-0x00000000022E0000-0x0000000002634000-memory.dmp	xmrig
behavioral1/memory/2836-67-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
C:\Windows\system\mkQVCWa.exe	xmrig
behavioral1/memory/3024-61-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2076-60-0x00000000022E0000-0x0000000002634000-memory.dmp	xmrig
C:\Windows\system\dJGUVsV.exe	xmrig
behavioral1/memory/2720-54-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
C:\Windows\system\cdwuwDh.exe	xmrig
behavioral1/memory/2588-52-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2076-50-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
\Windows\system\zKICxwr.exe	xmrig
behavioral1/memory/3032-36-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2076-33-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
C:\Windows\system\oGfAJNi.exe	xmrig
behavioral1/memory/2128-21-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2720-2341-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

tDkeGfh.exeCrSjvOO.exeJPxugHo.exezkRTjnM.exeoGfAJNi.exevdYjail.exezKICxwr.execdwuwDh.exedJGUVsV.exemkQVCWa.exeAExnNOU.exeoLOsIjC.exekNEGtDb.exeEvuoHvl.exeFSAAZKe.exeKwpzWpR.exeUkYhtkX.exebVnfuLU.exeZSiIGSm.exeCtZiRwh.exedcJhPjq.exehsbefLz.exeNKGRyDC.exeSnPgcfT.exeYnxhFRU.exePDruNEm.exeKWqOqtA.exekmehIfQ.exeuaupstM.exeecNpShi.exeIwJGNUo.exeLJIlIvo.exeKdQOLtW.exeTdQsFqi.exeTDNSafU.exepKwpmLp.exeVRqpzwd.exeUuHJHqk.exeSnwTqEF.exeXZpUkfa.exeQVUBUhK.exelcFEojA.exePYSincc.exeLJxckDh.exejWBazJT.exeCMAuCrF.exePNXEvsk.exexxAwlue.exeGFXsmKN.exeBUQtZcM.exeglJJmVH.exeFrBEOHC.exewcITPmn.exeDsiAVtw.exeLpMmepg.exeCxubxoo.exePRAsNWM.execnskhEB.exeGGvVdKh.exetZWcGLW.exeJEGiqcN.exeFvywhir.exeDQiBuzN.exebOrpnGc.exe

pid	process
2828	tDkeGfh.exe
2720	CrSjvOO.exe
2128	JPxugHo.exe
2836	zkRTjnM.exe
3032	oGfAJNi.exe
2768	vdYjail.exe
2588	zKICxwr.exe
2688	cdwuwDh.exe
3024	dJGUVsV.exe
408	mkQVCWa.exe
2884	AExnNOU.exe
1996	oLOsIjC.exe
2184	kNEGtDb.exe
592	EvuoHvl.exe
2448	FSAAZKe.exe
1584	KwpzWpR.exe
2216	UkYhtkX.exe
332	bVnfuLU.exe
2152	ZSiIGSm.exe
2320	CtZiRwh.exe
1500	dcJhPjq.exe
644	hsbefLz.exe
1364	NKGRyDC.exe
2236	SnPgcfT.exe
2436	YnxhFRU.exe
1740	PDruNEm.exe
2284	KWqOqtA.exe
2344	kmehIfQ.exe
2064	uaupstM.exe
2104	ecNpShi.exe
376	IwJGNUo.exe
960	LJIlIvo.exe
1520	KdQOLtW.exe
548	TdQsFqi.exe
1908	TDNSafU.exe
928	pKwpmLp.exe
1484	VRqpzwd.exe
1228	UuHJHqk.exe
892	SnwTqEF.exe
848	XZpUkfa.exe
1588	QVUBUhK.exe
1812	lcFEojA.exe
2536	PYSincc.exe
1292	LJxckDh.exe
1312	jWBazJT.exe
1308	CMAuCrF.exe
1660	PNXEvsk.exe
2556	xxAwlue.exe
860	GFXsmKN.exe
2472	BUQtZcM.exe
2176	glJJmVH.exe
2364	FrBEOHC.exe
3004	wcITPmn.exe
2992	DsiAVtw.exe
1040	LpMmepg.exe
1936	Cxubxoo.exe
2920	PRAsNWM.exe
1548	cnskhEB.exe
1940	GGvVdKh.exe
1512	tZWcGLW.exe
900	JEGiqcN.exe
3044	Fvywhir.exe
3040	DQiBuzN.exe
2788	bOrpnGc.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2076-0-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
\Windows\system\tDkeGfh.exe	upx
\Windows\system\CrSjvOO.exe	upx
behavioral1/memory/2828-14-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2720-13-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
\Windows\system\JPxugHo.exe	upx
behavioral1/memory/2836-31-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
C:\Windows\system\zkRTjnM.exe	upx
behavioral1/memory/2768-44-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
C:\Windows\system\vdYjail.exe	upx
behavioral1/memory/2688-55-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2128-66-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/3032-76-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/1996-81-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
C:\Windows\system\hsbefLz.exe	upx
C:\Windows\system\SnPgcfT.exe	upx
C:\Windows\system\KWqOqtA.exe	upx
behavioral1/memory/2184-647-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/592-705-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/1996-522-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2884-390-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
C:\Windows\system\LJIlIvo.exe	upx
C:\Windows\system\IwJGNUo.exe	upx
C:\Windows\system\ecNpShi.exe	upx
C:\Windows\system\uaupstM.exe	upx
C:\Windows\system\kmehIfQ.exe	upx
C:\Windows\system\PDruNEm.exe	upx
C:\Windows\system\YnxhFRU.exe	upx
C:\Windows\system\NKGRyDC.exe	upx
C:\Windows\system\dcJhPjq.exe	upx
C:\Windows\system\CtZiRwh.exe	upx
C:\Windows\system\ZSiIGSm.exe	upx
C:\Windows\system\bVnfuLU.exe	upx
C:\Windows\system\UkYhtkX.exe	upx
C:\Windows\system\KwpzWpR.exe	upx
behavioral1/memory/2184-90-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
C:\Windows\system\FSAAZKe.exe	upx
behavioral1/memory/592-95-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
C:\Windows\system\oLOsIjC.exe	upx
C:\Windows\system\EvuoHvl.exe	upx
C:\Windows\system\kNEGtDb.exe	upx
behavioral1/memory/2884-75-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
C:\Windows\system\AExnNOU.exe	upx
behavioral1/memory/408-69-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2836-67-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
C:\Windows\system\mkQVCWa.exe	upx
behavioral1/memory/3024-61-0x000000013F220000-0x000000013F574000-memory.dmp	upx
C:\Windows\system\dJGUVsV.exe	upx
behavioral1/memory/2720-54-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
C:\Windows\system\cdwuwDh.exe	upx
behavioral1/memory/2588-52-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2076-50-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
\Windows\system\zKICxwr.exe	upx
behavioral1/memory/3032-36-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
C:\Windows\system\oGfAJNi.exe	upx
behavioral1/memory/2128-21-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2720-2341-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2836-2357-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2588-2365-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2128-2394-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/3032-2389-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2828-2383-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/3024-2971-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2884-2972-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\iKFqkqX.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltDkOTU.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdFFucJ.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UgBoSBW.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWvuxtO.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gFNbBni.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SjvNXcd.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NNoIldO.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DcdFqmA.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fihshPi.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fbwUurd.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\voIJXSz.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xJIKKiR.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SDtQJdH.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yMncGJa.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MedpSqf.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YAZvCzb.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nEjWPkU.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MFqGIiJ.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SlZvNhT.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZGJEQC.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DYTxuyI.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLNToYC.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xRQQmRn.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NQeiWvL.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YaojAcY.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fxkLQxX.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zztPJEa.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bGqVvoc.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aIkLOYb.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbZxyrU.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZsEReFN.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zOHJcYO.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFDVseC.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ayiwizo.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TDNSafU.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RogTBGH.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vscYUCw.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fUrDYSU.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AEDRuwN.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wWNJbEw.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZnAUviH.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EFuSYwr.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rXIzUfM.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqypKKn.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IAQGaEX.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVWnikN.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EElRVaJ.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLvIcMl.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mbVytXc.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\twbzOwJ.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iaRcAmd.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dWKQwgO.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JXzDhQq.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SMdDAMK.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SaeArCL.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tyxQgeY.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MXymVKT.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DTaRgPP.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zaKCaqY.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRHHDBD.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MExHQPG.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fmBkmEd.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CifkFLM.exe	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2076 wrote to memory of 2828	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	tDkeGfh.exe
PID 2076 wrote to memory of 2828	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	tDkeGfh.exe
PID 2076 wrote to memory of 2828	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	tDkeGfh.exe
PID 2076 wrote to memory of 2720	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	CrSjvOO.exe
PID 2076 wrote to memory of 2720	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	CrSjvOO.exe
PID 2076 wrote to memory of 2720	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	CrSjvOO.exe
PID 2076 wrote to memory of 2128	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	JPxugHo.exe
PID 2076 wrote to memory of 2128	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	JPxugHo.exe
PID 2076 wrote to memory of 2128	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	JPxugHo.exe
PID 2076 wrote to memory of 2836	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	zkRTjnM.exe
PID 2076 wrote to memory of 2836	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	zkRTjnM.exe
PID 2076 wrote to memory of 2836	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	zkRTjnM.exe
PID 2076 wrote to memory of 3032	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	oGfAJNi.exe
PID 2076 wrote to memory of 3032	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	oGfAJNi.exe
PID 2076 wrote to memory of 3032	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	oGfAJNi.exe
PID 2076 wrote to memory of 2768	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	vdYjail.exe
PID 2076 wrote to memory of 2768	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	vdYjail.exe
PID 2076 wrote to memory of 2768	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	vdYjail.exe
PID 2076 wrote to memory of 2588	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	zKICxwr.exe
PID 2076 wrote to memory of 2588	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	zKICxwr.exe
PID 2076 wrote to memory of 2588	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	zKICxwr.exe
PID 2076 wrote to memory of 2688	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	cdwuwDh.exe
PID 2076 wrote to memory of 2688	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	cdwuwDh.exe
PID 2076 wrote to memory of 2688	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	cdwuwDh.exe
PID 2076 wrote to memory of 3024	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	dJGUVsV.exe
PID 2076 wrote to memory of 3024	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	dJGUVsV.exe
PID 2076 wrote to memory of 3024	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	dJGUVsV.exe
PID 2076 wrote to memory of 408	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	mkQVCWa.exe
PID 2076 wrote to memory of 408	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	mkQVCWa.exe
PID 2076 wrote to memory of 408	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	mkQVCWa.exe
PID 2076 wrote to memory of 2884	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	AExnNOU.exe
PID 2076 wrote to memory of 2884	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	AExnNOU.exe
PID 2076 wrote to memory of 2884	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	AExnNOU.exe
PID 2076 wrote to memory of 1996	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	oLOsIjC.exe
PID 2076 wrote to memory of 1996	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	oLOsIjC.exe
PID 2076 wrote to memory of 1996	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	oLOsIjC.exe
PID 2076 wrote to memory of 2184	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	kNEGtDb.exe
PID 2076 wrote to memory of 2184	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	kNEGtDb.exe
PID 2076 wrote to memory of 2184	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	kNEGtDb.exe
PID 2076 wrote to memory of 1584	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	KwpzWpR.exe
PID 2076 wrote to memory of 1584	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	KwpzWpR.exe
PID 2076 wrote to memory of 1584	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	KwpzWpR.exe
PID 2076 wrote to memory of 592	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	EvuoHvl.exe
PID 2076 wrote to memory of 592	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	EvuoHvl.exe
PID 2076 wrote to memory of 592	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	EvuoHvl.exe
PID 2076 wrote to memory of 2216	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	UkYhtkX.exe
PID 2076 wrote to memory of 2216	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	UkYhtkX.exe
PID 2076 wrote to memory of 2216	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	UkYhtkX.exe
PID 2076 wrote to memory of 2448	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	FSAAZKe.exe
PID 2076 wrote to memory of 2448	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	FSAAZKe.exe
PID 2076 wrote to memory of 2448	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	FSAAZKe.exe
PID 2076 wrote to memory of 332	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	bVnfuLU.exe
PID 2076 wrote to memory of 332	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	bVnfuLU.exe
PID 2076 wrote to memory of 332	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	bVnfuLU.exe
PID 2076 wrote to memory of 2152	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	ZSiIGSm.exe
PID 2076 wrote to memory of 2152	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	ZSiIGSm.exe
PID 2076 wrote to memory of 2152	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	ZSiIGSm.exe
PID 2076 wrote to memory of 2320	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	CtZiRwh.exe
PID 2076 wrote to memory of 2320	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	CtZiRwh.exe
PID 2076 wrote to memory of 2320	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	CtZiRwh.exe
PID 2076 wrote to memory of 1500	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	dcJhPjq.exe
PID 2076 wrote to memory of 1500	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	dcJhPjq.exe
PID 2076 wrote to memory of 1500	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	dcJhPjq.exe
PID 2076 wrote to memory of 644	2076	2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe	hsbefLz.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-26_a316e01c07e825096964439f4719d26f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\System\tDkeGfh.exe
  C:\Windows\System\tDkeGfh.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\CrSjvOO.exe
  C:\Windows\System\CrSjvOO.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\JPxugHo.exe
  C:\Windows\System\JPxugHo.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\zkRTjnM.exe
  C:\Windows\System\zkRTjnM.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\oGfAJNi.exe
  C:\Windows\System\oGfAJNi.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\vdYjail.exe
  C:\Windows\System\vdYjail.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\zKICxwr.exe
  C:\Windows\System\zKICxwr.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\cdwuwDh.exe
  C:\Windows\System\cdwuwDh.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\dJGUVsV.exe
  C:\Windows\System\dJGUVsV.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\mkQVCWa.exe
  C:\Windows\System\mkQVCWa.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\AExnNOU.exe
  C:\Windows\System\AExnNOU.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\oLOsIjC.exe
  C:\Windows\System\oLOsIjC.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\kNEGtDb.exe
  C:\Windows\System\kNEGtDb.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\KwpzWpR.exe
  C:\Windows\System\KwpzWpR.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\EvuoHvl.exe
  C:\Windows\System\EvuoHvl.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\UkYhtkX.exe
  C:\Windows\System\UkYhtkX.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\FSAAZKe.exe
  C:\Windows\System\FSAAZKe.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\bVnfuLU.exe
  C:\Windows\System\bVnfuLU.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\ZSiIGSm.exe
  C:\Windows\System\ZSiIGSm.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\CtZiRwh.exe
  C:\Windows\System\CtZiRwh.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\dcJhPjq.exe
  C:\Windows\System\dcJhPjq.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\hsbefLz.exe
  C:\Windows\System\hsbefLz.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\NKGRyDC.exe
  C:\Windows\System\NKGRyDC.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\SnPgcfT.exe
  C:\Windows\System\SnPgcfT.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\YnxhFRU.exe
  C:\Windows\System\YnxhFRU.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\PDruNEm.exe
  C:\Windows\System\PDruNEm.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\KWqOqtA.exe
  C:\Windows\System\KWqOqtA.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\kmehIfQ.exe
  C:\Windows\System\kmehIfQ.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\uaupstM.exe
  C:\Windows\System\uaupstM.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\ecNpShi.exe
  C:\Windows\System\ecNpShi.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\IwJGNUo.exe
  C:\Windows\System\IwJGNUo.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\LJIlIvo.exe
  C:\Windows\System\LJIlIvo.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\KdQOLtW.exe
  C:\Windows\System\KdQOLtW.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\TdQsFqi.exe
  C:\Windows\System\TdQsFqi.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\TDNSafU.exe
  C:\Windows\System\TDNSafU.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\pKwpmLp.exe
  C:\Windows\System\pKwpmLp.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\VRqpzwd.exe
  C:\Windows\System\VRqpzwd.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\UuHJHqk.exe
  C:\Windows\System\UuHJHqk.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\SnwTqEF.exe
  C:\Windows\System\SnwTqEF.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\XZpUkfa.exe
  C:\Windows\System\XZpUkfa.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\QVUBUhK.exe
  C:\Windows\System\QVUBUhK.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\lcFEojA.exe
  C:\Windows\System\lcFEojA.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\PYSincc.exe
  C:\Windows\System\PYSincc.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\LJxckDh.exe
  C:\Windows\System\LJxckDh.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\jWBazJT.exe
  C:\Windows\System\jWBazJT.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\CMAuCrF.exe
  C:\Windows\System\CMAuCrF.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\PNXEvsk.exe
  C:\Windows\System\PNXEvsk.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\xxAwlue.exe
  C:\Windows\System\xxAwlue.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\GFXsmKN.exe
  C:\Windows\System\GFXsmKN.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\BUQtZcM.exe
  C:\Windows\System\BUQtZcM.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\glJJmVH.exe
  C:\Windows\System\glJJmVH.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\FrBEOHC.exe
  C:\Windows\System\FrBEOHC.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\wcITPmn.exe
  C:\Windows\System\wcITPmn.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\DsiAVtw.exe
  C:\Windows\System\DsiAVtw.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\LpMmepg.exe
  C:\Windows\System\LpMmepg.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\Cxubxoo.exe
  C:\Windows\System\Cxubxoo.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\PRAsNWM.exe
  C:\Windows\System\PRAsNWM.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\cnskhEB.exe
  C:\Windows\System\cnskhEB.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\GGvVdKh.exe
  C:\Windows\System\GGvVdKh.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\tZWcGLW.exe
  C:\Windows\System\tZWcGLW.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\JEGiqcN.exe
  C:\Windows\System\JEGiqcN.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\Fvywhir.exe
  C:\Windows\System\Fvywhir.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\DQiBuzN.exe
  C:\Windows\System\DQiBuzN.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\bOrpnGc.exe
  C:\Windows\System\bOrpnGc.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\FQkPSIN.exe
  C:\Windows\System\FQkPSIN.exe
  2⤵
  PID:1608
- C:\Windows\System\vbAgelD.exe
  C:\Windows\System\vbAgelD.exe
  2⤵
  PID:2776
- C:\Windows\System\ToLMPHy.exe
  C:\Windows\System\ToLMPHy.exe
  2⤵
  PID:2952
- C:\Windows\System\VToHXIE.exe
  C:\Windows\System\VToHXIE.exe
  2⤵
  PID:2684
- C:\Windows\System\XTFAjpt.exe
  C:\Windows\System\XTFAjpt.exe
  2⤵
  PID:2732
- C:\Windows\System\ACvpqrN.exe
  C:\Windows\System\ACvpqrN.exe
  2⤵
  PID:2620
- C:\Windows\System\mQcsQcK.exe
  C:\Windows\System\mQcsQcK.exe
  2⤵
  PID:2584
- C:\Windows\System\GgyjBBP.exe
  C:\Windows\System\GgyjBBP.exe
  2⤵
  PID:3012
- C:\Windows\System\lpEHabJ.exe
  C:\Windows\System\lpEHabJ.exe
  2⤵
  PID:1148
- C:\Windows\System\feOaOzu.exe
  C:\Windows\System\feOaOzu.exe
  2⤵
  PID:1164
- C:\Windows\System\AgJbOUp.exe
  C:\Windows\System\AgJbOUp.exe
  2⤵
  PID:852
- C:\Windows\System\DcdFqmA.exe
  C:\Windows\System\DcdFqmA.exe
  2⤵
  PID:1956
- C:\Windows\System\kMAMrnJ.exe
  C:\Windows\System\kMAMrnJ.exe
  2⤵
  PID:1972
- C:\Windows\System\mbVytXc.exe
  C:\Windows\System\mbVytXc.exe
  2⤵
  PID:1876
- C:\Windows\System\VrKmYXK.exe
  C:\Windows\System\VrKmYXK.exe
  2⤵
  PID:1768
- C:\Windows\System\Bbysicz.exe
  C:\Windows\System\Bbysicz.exe
  2⤵
  PID:2308
- C:\Windows\System\IGayYlZ.exe
  C:\Windows\System\IGayYlZ.exe
  2⤵
  PID:2352
- C:\Windows\System\QKYwNKI.exe
  C:\Windows\System\QKYwNKI.exe
  2⤵
  PID:788
- C:\Windows\System\NnVceJF.exe
  C:\Windows\System\NnVceJF.exe
  2⤵
  PID:2408
- C:\Windows\System\Zlwkzkq.exe
  C:\Windows\System\Zlwkzkq.exe
  2⤵
  PID:1764
- C:\Windows\System\SaeArCL.exe
  C:\Windows\System\SaeArCL.exe
  2⤵
  PID:2348
- C:\Windows\System\FwZBSRS.exe
  C:\Windows\System\FwZBSRS.exe
  2⤵
  PID:2964
- C:\Windows\System\sAMNGlE.exe
  C:\Windows\System\sAMNGlE.exe
  2⤵
  PID:2296
- C:\Windows\System\XwsCBpo.exe
  C:\Windows\System\XwsCBpo.exe
  2⤵
  PID:1824
- C:\Windows\System\gnObSDI.exe
  C:\Windows\System\gnObSDI.exe
  2⤵
  PID:2456
- C:\Windows\System\uoZDuKN.exe
  C:\Windows\System\uoZDuKN.exe
  2⤵
  PID:1636
- C:\Windows\System\WMSwEMZ.exe
  C:\Windows\System\WMSwEMZ.exe
  2⤵
  PID:572
- C:\Windows\System\owThqgC.exe
  C:\Windows\System\owThqgC.exe
  2⤵
  PID:1400
- C:\Windows\System\cOAoapC.exe
  C:\Windows\System\cOAoapC.exe
  2⤵
  PID:2412
- C:\Windows\System\CwgLeKN.exe
  C:\Windows\System\CwgLeKN.exe
  2⤵
  PID:2300
- C:\Windows\System\pzfBeOs.exe
  C:\Windows\System\pzfBeOs.exe
  2⤵
  PID:2488
- C:\Windows\System\UwfjkTG.exe
  C:\Windows\System\UwfjkTG.exe
  2⤵
  PID:1648
- C:\Windows\System\JiKELby.exe
  C:\Windows\System\JiKELby.exe
  2⤵
  PID:3088
- C:\Windows\System\ZiyTNzn.exe
  C:\Windows\System\ZiyTNzn.exe
  2⤵
  PID:3116
- C:\Windows\System\qKLVeaa.exe
  C:\Windows\System\qKLVeaa.exe
  2⤵
  PID:3136
- C:\Windows\System\LJVhChx.exe
  C:\Windows\System\LJVhChx.exe
  2⤵
  PID:3156
- C:\Windows\System\aKCdlIC.exe
  C:\Windows\System\aKCdlIC.exe
  2⤵
  PID:3176
- C:\Windows\System\loAofgj.exe
  C:\Windows\System\loAofgj.exe
  2⤵
  PID:3192
- C:\Windows\System\rPIIDnZ.exe
  C:\Windows\System\rPIIDnZ.exe
  2⤵
  PID:3216
- C:\Windows\System\NNWwWbk.exe
  C:\Windows\System\NNWwWbk.exe
  2⤵
  PID:3236
- C:\Windows\System\pkinDMX.exe
  C:\Windows\System\pkinDMX.exe
  2⤵
  PID:3256
- C:\Windows\System\ZGVQjYK.exe
  C:\Windows\System\ZGVQjYK.exe
  2⤵
  PID:3276
- C:\Windows\System\mDsbPaU.exe
  C:\Windows\System\mDsbPaU.exe
  2⤵
  PID:3296
- C:\Windows\System\MkkZhZo.exe
  C:\Windows\System\MkkZhZo.exe
  2⤵
  PID:3316
- C:\Windows\System\HGsqHge.exe
  C:\Windows\System\HGsqHge.exe
  2⤵
  PID:3336
- C:\Windows\System\kKIcsxe.exe
  C:\Windows\System\kKIcsxe.exe
  2⤵
  PID:3356
- C:\Windows\System\YJJfJac.exe
  C:\Windows\System\YJJfJac.exe
  2⤵
  PID:3376
- C:\Windows\System\hPrXuvz.exe
  C:\Windows\System\hPrXuvz.exe
  2⤵
  PID:3396
- C:\Windows\System\NiPTWWf.exe
  C:\Windows\System\NiPTWWf.exe
  2⤵
  PID:3416
- C:\Windows\System\rXUYexs.exe
  C:\Windows\System\rXUYexs.exe
  2⤵
  PID:3436
- C:\Windows\System\FskHoGy.exe
  C:\Windows\System\FskHoGy.exe
  2⤵
  PID:3456
- C:\Windows\System\MvqUcBK.exe
  C:\Windows\System\MvqUcBK.exe
  2⤵
  PID:3472
- C:\Windows\System\cmyqvCv.exe
  C:\Windows\System\cmyqvCv.exe
  2⤵
  PID:3496
- C:\Windows\System\XIqtJRy.exe
  C:\Windows\System\XIqtJRy.exe
  2⤵
  PID:3512
- C:\Windows\System\wfvpcbs.exe
  C:\Windows\System\wfvpcbs.exe
  2⤵
  PID:3536
- C:\Windows\System\jruHodK.exe
  C:\Windows\System\jruHodK.exe
  2⤵
  PID:3552
- C:\Windows\System\lEtlkEN.exe
  C:\Windows\System\lEtlkEN.exe
  2⤵
  PID:3576
- C:\Windows\System\dkHpVmv.exe
  C:\Windows\System\dkHpVmv.exe
  2⤵
  PID:3596
- C:\Windows\System\qsfjjKZ.exe
  C:\Windows\System\qsfjjKZ.exe
  2⤵
  PID:3616
- C:\Windows\System\uZLnyrl.exe
  C:\Windows\System\uZLnyrl.exe
  2⤵
  PID:3636
- C:\Windows\System\cuLrbny.exe
  C:\Windows\System\cuLrbny.exe
  2⤵
  PID:3656
- C:\Windows\System\PlmFUOP.exe
  C:\Windows\System\PlmFUOP.exe
  2⤵
  PID:3676
- C:\Windows\System\wzixMPw.exe
  C:\Windows\System\wzixMPw.exe
  2⤵
  PID:3696
- C:\Windows\System\qtAbbGo.exe
  C:\Windows\System\qtAbbGo.exe
  2⤵
  PID:3716
- C:\Windows\System\ISFeLDM.exe
  C:\Windows\System\ISFeLDM.exe
  2⤵
  PID:3736
- C:\Windows\System\WGxhkBt.exe
  C:\Windows\System\WGxhkBt.exe
  2⤵
  PID:3756
- C:\Windows\System\zsQtJtI.exe
  C:\Windows\System\zsQtJtI.exe
  2⤵
  PID:3776
- C:\Windows\System\qGcgYnv.exe
  C:\Windows\System\qGcgYnv.exe
  2⤵
  PID:3796
- C:\Windows\System\zcjlgWV.exe
  C:\Windows\System\zcjlgWV.exe
  2⤵
  PID:3816
- C:\Windows\System\IkvJDOr.exe
  C:\Windows\System\IkvJDOr.exe
  2⤵
  PID:3836
- C:\Windows\System\NAJXwfc.exe
  C:\Windows\System\NAJXwfc.exe
  2⤵
  PID:3856
- C:\Windows\System\JWfllHZ.exe
  C:\Windows\System\JWfllHZ.exe
  2⤵
  PID:3872
- C:\Windows\System\hmSBsSs.exe
  C:\Windows\System\hmSBsSs.exe
  2⤵
  PID:3892
- C:\Windows\System\bjLbVpa.exe
  C:\Windows\System\bjLbVpa.exe
  2⤵
  PID:3916
- C:\Windows\System\KiLInTT.exe
  C:\Windows\System\KiLInTT.exe
  2⤵
  PID:3932
- C:\Windows\System\CiDQFwZ.exe
  C:\Windows\System\CiDQFwZ.exe
  2⤵
  PID:3956
- C:\Windows\System\lZWLuUE.exe
  C:\Windows\System\lZWLuUE.exe
  2⤵
  PID:3976
- C:\Windows\System\WYSgqFa.exe
  C:\Windows\System\WYSgqFa.exe
  2⤵
  PID:4004
- C:\Windows\System\vgCCnDS.exe
  C:\Windows\System\vgCCnDS.exe
  2⤵
  PID:4020
- C:\Windows\System\ExWnPSP.exe
  C:\Windows\System\ExWnPSP.exe
  2⤵
  PID:4040
- C:\Windows\System\mPweFHy.exe
  C:\Windows\System\mPweFHy.exe
  2⤵
  PID:4064
- C:\Windows\System\uPQJvup.exe
  C:\Windows\System\uPQJvup.exe
  2⤵
  PID:4084
- C:\Windows\System\ynvjTpk.exe
  C:\Windows\System\ynvjTpk.exe
  2⤵
  PID:2200
- C:\Windows\System\TynBtsO.exe
  C:\Windows\System\TynBtsO.exe
  2⤵
  PID:2864
- C:\Windows\System\oTxYruZ.exe
  C:\Windows\System\oTxYruZ.exe
  2⤵
  PID:1720
- C:\Windows\System\tBXzzPP.exe
  C:\Windows\System\tBXzzPP.exe
  2⤵
  PID:2800
- C:\Windows\System\PoYLbXK.exe
  C:\Windows\System\PoYLbXK.exe
  2⤵
  PID:812
- C:\Windows\System\erPjFcq.exe
  C:\Windows\System\erPjFcq.exe
  2⤵
  PID:1012
- C:\Windows\System\Hpwvglv.exe
  C:\Windows\System\Hpwvglv.exe
  2⤵
  PID:1580
- C:\Windows\System\doGdidJ.exe
  C:\Windows\System\doGdidJ.exe
  2⤵
  PID:1416
- C:\Windows\System\VOYCNYQ.exe
  C:\Windows\System\VOYCNYQ.exe
  2⤵
  PID:2440
- C:\Windows\System\LypTWhK.exe
  C:\Windows\System\LypTWhK.exe
  2⤵
  PID:584
- C:\Windows\System\RJFSpPL.exe
  C:\Windows\System\RJFSpPL.exe
  2⤵
  PID:912
- C:\Windows\System\pIErDWK.exe
  C:\Windows\System\pIErDWK.exe
  2⤵
  PID:1800
- C:\Windows\System\lzSGYki.exe
  C:\Windows\System\lzSGYki.exe
  2⤵
  PID:340
- C:\Windows\System\tHxNkUA.exe
  C:\Windows\System\tHxNkUA.exe
  2⤵
  PID:1788
- C:\Windows\System\JRxAWNk.exe
  C:\Windows\System\JRxAWNk.exe
  2⤵
  PID:1984
- C:\Windows\System\VXGauiR.exe
  C:\Windows\System\VXGauiR.exe
  2⤵
  PID:3096
- C:\Windows\System\PYXwuCE.exe
  C:\Windows\System\PYXwuCE.exe
  2⤵
  PID:3124
- C:\Windows\System\EJjPMab.exe
  C:\Windows\System\EJjPMab.exe
  2⤵
  PID:3172
- C:\Windows\System\xaYOShR.exe
  C:\Windows\System\xaYOShR.exe
  2⤵
  PID:3204
- C:\Windows\System\ZequJdh.exe
  C:\Windows\System\ZequJdh.exe
  2⤵
  PID:3228
- C:\Windows\System\QZZeLaE.exe
  C:\Windows\System\QZZeLaE.exe
  2⤵
  PID:3248
- C:\Windows\System\dJWoVob.exe
  C:\Windows\System\dJWoVob.exe
  2⤵
  PID:3288
- C:\Windows\System\vscYUCw.exe
  C:\Windows\System\vscYUCw.exe
  2⤵
  PID:3344
- C:\Windows\System\DzLhSms.exe
  C:\Windows\System\DzLhSms.exe
  2⤵
  PID:3364
- C:\Windows\System\nxHHQRA.exe
  C:\Windows\System\nxHHQRA.exe
  2⤵
  PID:3388
- C:\Windows\System\BtLLziK.exe
  C:\Windows\System\BtLLziK.exe
  2⤵
  PID:3428
- C:\Windows\System\FBRDvox.exe
  C:\Windows\System\FBRDvox.exe
  2⤵
  PID:3468
- C:\Windows\System\qNNJoGt.exe
  C:\Windows\System\qNNJoGt.exe
  2⤵
  PID:3484
- C:\Windows\System\BqHshLr.exe
  C:\Windows\System\BqHshLr.exe
  2⤵
  PID:3528
- C:\Windows\System\TAsOLKC.exe
  C:\Windows\System\TAsOLKC.exe
  2⤵
  PID:3568
- C:\Windows\System\fEAxkmU.exe
  C:\Windows\System\fEAxkmU.exe
  2⤵
  PID:3604
- C:\Windows\System\eGfnCMh.exe
  C:\Windows\System\eGfnCMh.exe
  2⤵
  PID:3632
- C:\Windows\System\nyZUaUa.exe
  C:\Windows\System\nyZUaUa.exe
  2⤵
  PID:3672
- C:\Windows\System\SsYqPhV.exe
  C:\Windows\System\SsYqPhV.exe
  2⤵
  PID:3704
- C:\Windows\System\duSxXiH.exe
  C:\Windows\System\duSxXiH.exe
  2⤵
  PID:3732
- C:\Windows\System\qSKrmEP.exe
  C:\Windows\System\qSKrmEP.exe
  2⤵
  PID:3772
- C:\Windows\System\BBjyoFm.exe
  C:\Windows\System\BBjyoFm.exe
  2⤵
  PID:3804
- C:\Windows\System\LAtbSSw.exe
  C:\Windows\System\LAtbSSw.exe
  2⤵
  PID:3844
- C:\Windows\System\eAzcRpt.exe
  C:\Windows\System\eAzcRpt.exe
  2⤵
  PID:3884
- C:\Windows\System\fwBjNal.exe
  C:\Windows\System\fwBjNal.exe
  2⤵
  PID:3912
- C:\Windows\System\DxzhEiV.exe
  C:\Windows\System\DxzhEiV.exe
  2⤵
  PID:3952
- C:\Windows\System\fihshPi.exe
  C:\Windows\System\fihshPi.exe
  2⤵
  PID:3968
- C:\Windows\System\yffPvnI.exe
  C:\Windows\System\yffPvnI.exe
  2⤵
  PID:4016
- C:\Windows\System\MwakMaW.exe
  C:\Windows\System\MwakMaW.exe
  2⤵
  PID:4052
- C:\Windows\System\osGQPSK.exe
  C:\Windows\System\osGQPSK.exe
  2⤵
  PID:4076
- C:\Windows\System\SgLFKAt.exe
  C:\Windows\System\SgLFKAt.exe
  2⤵
  PID:1968
- C:\Windows\System\bhuPrKW.exe
  C:\Windows\System\bhuPrKW.exe
  2⤵
  PID:2808
- C:\Windows\System\SAxWmyf.exe
  C:\Windows\System\SAxWmyf.exe
  2⤵
  PID:1048
- C:\Windows\System\lQInXTH.exe
  C:\Windows\System\lQInXTH.exe
  2⤵
  PID:2648
- C:\Windows\System\fnQXjyN.exe
  C:\Windows\System\fnQXjyN.exe
  2⤵
  PID:2780
- C:\Windows\System\IbLZJUx.exe
  C:\Windows\System\IbLZJUx.exe
  2⤵
  PID:1060
- C:\Windows\System\UzzPutB.exe
  C:\Windows\System\UzzPutB.exe
  2⤵
  PID:2008
- C:\Windows\System\gAmwTZI.exe
  C:\Windows\System\gAmwTZI.exe
  2⤵
  PID:1888
- C:\Windows\System\KCezNWg.exe
  C:\Windows\System\KCezNWg.exe
  2⤵
  PID:2156
- C:\Windows\System\IdJsPzu.exe
  C:\Windows\System\IdJsPzu.exe
  2⤵
  PID:3164
- C:\Windows\System\MYGIwQW.exe
  C:\Windows\System\MYGIwQW.exe
  2⤵
  PID:3208
- C:\Windows\System\aIwhbHm.exe
  C:\Windows\System\aIwhbHm.exe
  2⤵
  PID:3264
- C:\Windows\System\ZiveuUU.exe
  C:\Windows\System\ZiveuUU.exe
  2⤵
  PID:3324
- C:\Windows\System\TOqOAXf.exe
  C:\Windows\System\TOqOAXf.exe
  2⤵
  PID:3372
- C:\Windows\System\FFncsZi.exe
  C:\Windows\System\FFncsZi.exe
  2⤵
  PID:3404
- C:\Windows\System\chzMcWE.exe
  C:\Windows\System\chzMcWE.exe
  2⤵
  PID:3492
- C:\Windows\System\JyZKzRY.exe
  C:\Windows\System\JyZKzRY.exe
  2⤵
  PID:3560
- C:\Windows\System\IFgRkPm.exe
  C:\Windows\System\IFgRkPm.exe
  2⤵
  PID:3612
- C:\Windows\System\WDyOFvi.exe
  C:\Windows\System\WDyOFvi.exe
  2⤵
  PID:3664
- C:\Windows\System\ZbvjWKk.exe
  C:\Windows\System\ZbvjWKk.exe
  2⤵
  PID:3712
- C:\Windows\System\ZLDQWao.exe
  C:\Windows\System\ZLDQWao.exe
  2⤵
  PID:3752
- C:\Windows\System\xnSzrDY.exe
  C:\Windows\System\xnSzrDY.exe
  2⤵
  PID:3828
- C:\Windows\System\YzdnlbP.exe
  C:\Windows\System\YzdnlbP.exe
  2⤵
  PID:3908
- C:\Windows\System\alAbFsK.exe
  C:\Windows\System\alAbFsK.exe
  2⤵
  PID:3964
- C:\Windows\System\ySVVJTc.exe
  C:\Windows\System\ySVVJTc.exe
  2⤵
  PID:4012
- C:\Windows\System\GcWpsZg.exe
  C:\Windows\System\GcWpsZg.exe
  2⤵
  PID:4056
- C:\Windows\System\TYFnOZa.exe
  C:\Windows\System\TYFnOZa.exe
  2⤵
  PID:2476
- C:\Windows\System\tiNACxG.exe
  C:\Windows\System\tiNACxG.exe
  2⤵
  PID:2960
- C:\Windows\System\ZygffQV.exe
  C:\Windows\System\ZygffQV.exe
  2⤵
  PID:2036
- C:\Windows\System\LEQxWZW.exe
  C:\Windows\System\LEQxWZW.exe
  2⤵
  PID:1432
- C:\Windows\System\UiIBiZS.exe
  C:\Windows\System\UiIBiZS.exe
  2⤵
  PID:4108
- C:\Windows\System\wIJekUv.exe
  C:\Windows\System\wIJekUv.exe
  2⤵
  PID:4128
- C:\Windows\System\ssWzfqb.exe
  C:\Windows\System\ssWzfqb.exe
  2⤵
  PID:4148
- C:\Windows\System\MQUnuVx.exe
  C:\Windows\System\MQUnuVx.exe
  2⤵
  PID:4168
- C:\Windows\System\WiRRupI.exe
  C:\Windows\System\WiRRupI.exe
  2⤵
  PID:4188
- C:\Windows\System\lhiUSvw.exe
  C:\Windows\System\lhiUSvw.exe
  2⤵
  PID:4208
- C:\Windows\System\tyxQgeY.exe
  C:\Windows\System\tyxQgeY.exe
  2⤵
  PID:4228
- C:\Windows\System\htemyEX.exe
  C:\Windows\System\htemyEX.exe
  2⤵
  PID:4248
- C:\Windows\System\liZRpxq.exe
  C:\Windows\System\liZRpxq.exe
  2⤵
  PID:4268
- C:\Windows\System\pQmqwje.exe
  C:\Windows\System\pQmqwje.exe
  2⤵
  PID:4288
- C:\Windows\System\fnJfSOa.exe
  C:\Windows\System\fnJfSOa.exe
  2⤵
  PID:4308
- C:\Windows\System\IRkfqXS.exe
  C:\Windows\System\IRkfqXS.exe
  2⤵
  PID:4328
- C:\Windows\System\TbUKxir.exe
  C:\Windows\System\TbUKxir.exe
  2⤵
  PID:4348
- C:\Windows\System\mHGkgyx.exe
  C:\Windows\System\mHGkgyx.exe
  2⤵
  PID:4368
- C:\Windows\System\KjqoamP.exe
  C:\Windows\System\KjqoamP.exe
  2⤵
  PID:4388
- C:\Windows\System\krNgHZo.exe
  C:\Windows\System\krNgHZo.exe
  2⤵
  PID:4412
- C:\Windows\System\jBPcdib.exe
  C:\Windows\System\jBPcdib.exe
  2⤵
  PID:4432
- C:\Windows\System\ideDfvF.exe
  C:\Windows\System\ideDfvF.exe
  2⤵
  PID:4452
- C:\Windows\System\LJkyrdd.exe
  C:\Windows\System\LJkyrdd.exe
  2⤵
  PID:4472
- C:\Windows\System\pfaUbIk.exe
  C:\Windows\System\pfaUbIk.exe
  2⤵
  PID:4492
- C:\Windows\System\qXkuGwb.exe
  C:\Windows\System\qXkuGwb.exe
  2⤵
  PID:4512
- C:\Windows\System\jbUmUAK.exe
  C:\Windows\System\jbUmUAK.exe
  2⤵
  PID:4532
- C:\Windows\System\sjueYNT.exe
  C:\Windows\System\sjueYNT.exe
  2⤵
  PID:4552
- C:\Windows\System\wWNJbEw.exe
  C:\Windows\System\wWNJbEw.exe
  2⤵
  PID:4572
- C:\Windows\System\dVzwFyT.exe
  C:\Windows\System\dVzwFyT.exe
  2⤵
  PID:4592
- C:\Windows\System\pUMJSVE.exe
  C:\Windows\System\pUMJSVE.exe
  2⤵
  PID:4612
- C:\Windows\System\MYKbMMO.exe
  C:\Windows\System\MYKbMMO.exe
  2⤵
  PID:4632
- C:\Windows\System\TlFRApM.exe
  C:\Windows\System\TlFRApM.exe
  2⤵
  PID:4652
- C:\Windows\System\HfKJcbo.exe
  C:\Windows\System\HfKJcbo.exe
  2⤵
  PID:4672
- C:\Windows\System\qBVqBIv.exe
  C:\Windows\System\qBVqBIv.exe
  2⤵
  PID:4692
- C:\Windows\System\HBAbJPL.exe
  C:\Windows\System\HBAbJPL.exe
  2⤵
  PID:4712
- C:\Windows\System\QbBwLdb.exe
  C:\Windows\System\QbBwLdb.exe
  2⤵
  PID:4732
- C:\Windows\System\dJreJhH.exe
  C:\Windows\System\dJreJhH.exe
  2⤵
  PID:4752
- C:\Windows\System\rywQYsC.exe
  C:\Windows\System\rywQYsC.exe
  2⤵
  PID:4772
- C:\Windows\System\gFNbBni.exe
  C:\Windows\System\gFNbBni.exe
  2⤵
  PID:4792
- C:\Windows\System\KGErvBS.exe
  C:\Windows\System\KGErvBS.exe
  2⤵
  PID:4812
- C:\Windows\System\tRPfoIu.exe
  C:\Windows\System\tRPfoIu.exe
  2⤵
  PID:4832
- C:\Windows\System\AnqkYHi.exe
  C:\Windows\System\AnqkYHi.exe
  2⤵
  PID:4852
- C:\Windows\System\AIIdEzN.exe
  C:\Windows\System\AIIdEzN.exe
  2⤵
  PID:4872
- C:\Windows\System\cSBWFHD.exe
  C:\Windows\System\cSBWFHD.exe
  2⤵
  PID:4892
- C:\Windows\System\MLQDrPp.exe
  C:\Windows\System\MLQDrPp.exe
  2⤵
  PID:4912
- C:\Windows\System\eWbcyuz.exe
  C:\Windows\System\eWbcyuz.exe
  2⤵
  PID:4932
- C:\Windows\System\paEBVng.exe
  C:\Windows\System\paEBVng.exe
  2⤵
  PID:4952
- C:\Windows\System\vZdmdQi.exe
  C:\Windows\System\vZdmdQi.exe
  2⤵
  PID:4972
- C:\Windows\System\qEtVSEP.exe
  C:\Windows\System\qEtVSEP.exe
  2⤵
  PID:4992
- C:\Windows\System\vBYGHQZ.exe
  C:\Windows\System\vBYGHQZ.exe
  2⤵
  PID:5012
- C:\Windows\System\zOHJcYO.exe
  C:\Windows\System\zOHJcYO.exe
  2⤵
  PID:5032
- C:\Windows\System\MedpSqf.exe
  C:\Windows\System\MedpSqf.exe
  2⤵
  PID:5052
- C:\Windows\System\IIFVIMV.exe
  C:\Windows\System\IIFVIMV.exe
  2⤵
  PID:5076
- C:\Windows\System\YoJMSbN.exe
  C:\Windows\System\YoJMSbN.exe
  2⤵
  PID:5096
- C:\Windows\System\UKGpHRp.exe
  C:\Windows\System\UKGpHRp.exe
  2⤵
  PID:5116
- C:\Windows\System\yZYOcbZ.exe
  C:\Windows\System\yZYOcbZ.exe
  2⤵
  PID:1132
- C:\Windows\System\rWzfbus.exe
  C:\Windows\System\rWzfbus.exe
  2⤵
  PID:3184
- C:\Windows\System\mtCSmfN.exe
  C:\Windows\System\mtCSmfN.exe
  2⤵
  PID:3224
- C:\Windows\System\SawuMIV.exe
  C:\Windows\System\SawuMIV.exe
  2⤵
  PID:3292
- C:\Windows\System\OXXnSqL.exe
  C:\Windows\System\OXXnSqL.exe
  2⤵
  PID:3328
- C:\Windows\System\yHksRPy.exe
  C:\Windows\System\yHksRPy.exe
  2⤵
  PID:3488
- C:\Windows\System\UnltxQM.exe
  C:\Windows\System\UnltxQM.exe
  2⤵
  PID:3608
- C:\Windows\System\gLtTFMy.exe
  C:\Windows\System\gLtTFMy.exe
  2⤵
  PID:3708
- C:\Windows\System\lUZhahM.exe
  C:\Windows\System\lUZhahM.exe
  2⤵
  PID:3808
- C:\Windows\System\SuzRZOD.exe
  C:\Windows\System\SuzRZOD.exe
  2⤵
  PID:3900
- C:\Windows\System\KGUpngi.exe
  C:\Windows\System\KGUpngi.exe
  2⤵
  PID:3928
- C:\Windows\System\QrTRaLn.exe
  C:\Windows\System\QrTRaLn.exe
  2⤵
  PID:4048
- C:\Windows\System\ilukMNB.exe
  C:\Windows\System\ilukMNB.exe
  2⤵
  PID:2388
- C:\Windows\System\LdRmCsR.exe
  C:\Windows\System\LdRmCsR.exe
  2⤵
  PID:2028
- C:\Windows\System\kugPWgT.exe
  C:\Windows\System\kugPWgT.exe
  2⤵
  PID:4116
- C:\Windows\System\FxJpeGr.exe
  C:\Windows\System\FxJpeGr.exe
  2⤵
  PID:4140
- C:\Windows\System\qxQvnhE.exe
  C:\Windows\System\qxQvnhE.exe
  2⤵
  PID:4184
- C:\Windows\System\pZychSj.exe
  C:\Windows\System\pZychSj.exe
  2⤵
  PID:4200
- C:\Windows\System\FdUcKKf.exe
  C:\Windows\System\FdUcKKf.exe
  2⤵
  PID:4240
- C:\Windows\System\VQwXSlA.exe
  C:\Windows\System\VQwXSlA.exe
  2⤵
  PID:4284
- C:\Windows\System\IbSHeMz.exe
  C:\Windows\System\IbSHeMz.exe
  2⤵
  PID:4316
- C:\Windows\System\FnUuSJN.exe
  C:\Windows\System\FnUuSJN.exe
  2⤵
  PID:4340
- C:\Windows\System\NEkVeYe.exe
  C:\Windows\System\NEkVeYe.exe
  2⤵
  PID:4384
- C:\Windows\System\bYWzAlG.exe
  C:\Windows\System\bYWzAlG.exe
  2⤵
  PID:4420
- C:\Windows\System\tfATqHA.exe
  C:\Windows\System\tfATqHA.exe
  2⤵
  PID:4444
- C:\Windows\System\FKwPDWz.exe
  C:\Windows\System\FKwPDWz.exe
  2⤵
  PID:4500
- C:\Windows\System\qznZjUv.exe
  C:\Windows\System\qznZjUv.exe
  2⤵
  PID:4520
- C:\Windows\System\mqrewCe.exe
  C:\Windows\System\mqrewCe.exe
  2⤵
  PID:4544
- C:\Windows\System\NRvlXbM.exe
  C:\Windows\System\NRvlXbM.exe
  2⤵
  PID:4588
- C:\Windows\System\oWhVMpv.exe
  C:\Windows\System\oWhVMpv.exe
  2⤵
  PID:4620
- C:\Windows\System\acKkKyh.exe
  C:\Windows\System\acKkKyh.exe
  2⤵
  PID:4648
- C:\Windows\System\UEnNSCZ.exe
  C:\Windows\System\UEnNSCZ.exe
  2⤵
  PID:4688
- C:\Windows\System\OPsSxpW.exe
  C:\Windows\System\OPsSxpW.exe
  2⤵
  PID:4728
- C:\Windows\System\JvIKVNB.exe
  C:\Windows\System\JvIKVNB.exe
  2⤵
  PID:4760
- C:\Windows\System\RfPwpov.exe
  C:\Windows\System\RfPwpov.exe
  2⤵
  PID:4784
- C:\Windows\System\RqhcTNL.exe
  C:\Windows\System\RqhcTNL.exe
  2⤵
  PID:4804
- C:\Windows\System\sFzVmjG.exe
  C:\Windows\System\sFzVmjG.exe
  2⤵
  PID:4844
- C:\Windows\System\oppbyzV.exe
  C:\Windows\System\oppbyzV.exe
  2⤵
  PID:4900
- C:\Windows\System\hBtmBIs.exe
  C:\Windows\System\hBtmBIs.exe
  2⤵
  PID:4928
- C:\Windows\System\rPaHVUV.exe
  C:\Windows\System\rPaHVUV.exe
  2⤵
  PID:4960
- C:\Windows\System\MMAJhAd.exe
  C:\Windows\System\MMAJhAd.exe
  2⤵
  PID:4984
- C:\Windows\System\lVtHQhI.exe
  C:\Windows\System\lVtHQhI.exe
  2⤵
  PID:5028
- C:\Windows\System\CMOUJrc.exe
  C:\Windows\System\CMOUJrc.exe
  2⤵
  PID:5072
- C:\Windows\System\fMwxbZV.exe
  C:\Windows\System\fMwxbZV.exe
  2⤵
  PID:5104
- C:\Windows\System\JCiVCDX.exe
  C:\Windows\System\JCiVCDX.exe
  2⤵
  PID:916
- C:\Windows\System\WSwFxef.exe
  C:\Windows\System\WSwFxef.exe
  2⤵
  PID:3100
- C:\Windows\System\qJWLqVd.exe
  C:\Windows\System\qJWLqVd.exe
  2⤵
  PID:3272
- C:\Windows\System\kdxpkfo.exe
  C:\Windows\System\kdxpkfo.exe
  2⤵
  PID:3448
- C:\Windows\System\EveIaKg.exe
  C:\Windows\System\EveIaKg.exe
  2⤵
  PID:3592
- C:\Windows\System\cOoYpXK.exe
  C:\Windows\System\cOoYpXK.exe
  2⤵
  PID:3764
- C:\Windows\System\dBfeGsS.exe
  C:\Windows\System\dBfeGsS.exe
  2⤵
  PID:3996
- C:\Windows\System\YzVVaMU.exe
  C:\Windows\System\YzVVaMU.exe
  2⤵
  PID:4072
- C:\Windows\System\hgqfRnI.exe
  C:\Windows\System\hgqfRnI.exe
  2⤵
  PID:1176
- C:\Windows\System\kgqOBsU.exe
  C:\Windows\System\kgqOBsU.exe
  2⤵
  PID:4104
- C:\Windows\System\MFqGIiJ.exe
  C:\Windows\System\MFqGIiJ.exe
  2⤵
  PID:4196
- C:\Windows\System\tdgLIpE.exe
  C:\Windows\System\tdgLIpE.exe
  2⤵
  PID:4244
- C:\Windows\System\SJZKTcV.exe
  C:\Windows\System\SJZKTcV.exe
  2⤵
  PID:4300
- C:\Windows\System\enNKARt.exe
  C:\Windows\System\enNKARt.exe
  2⤵
  PID:4364
- C:\Windows\System\mVLLWmN.exe
  C:\Windows\System\mVLLWmN.exe
  2⤵
  PID:4360
- C:\Windows\System\NgXLtHq.exe
  C:\Windows\System\NgXLtHq.exe
  2⤵
  PID:4480
- C:\Windows\System\hgnAbzE.exe
  C:\Windows\System\hgnAbzE.exe
  2⤵
  PID:4484
- C:\Windows\System\bfDZCnT.exe
  C:\Windows\System\bfDZCnT.exe
  2⤵
  PID:4580
- C:\Windows\System\chzSGAh.exe
  C:\Windows\System\chzSGAh.exe
  2⤵
  PID:4668
- C:\Windows\System\MJeVOqQ.exe
  C:\Windows\System\MJeVOqQ.exe
  2⤵
  PID:4684
- C:\Windows\System\TSktuaq.exe
  C:\Windows\System\TSktuaq.exe
  2⤵
  PID:4724
- C:\Windows\System\GUmBESX.exe
  C:\Windows\System\GUmBESX.exe
  2⤵
  PID:5132
- C:\Windows\System\Envexja.exe
  C:\Windows\System\Envexja.exe
  2⤵
  PID:5152
- C:\Windows\System\cGuFzwl.exe
  C:\Windows\System\cGuFzwl.exe
  2⤵
  PID:5172
- C:\Windows\System\SlZvNhT.exe
  C:\Windows\System\SlZvNhT.exe
  2⤵
  PID:5192
- C:\Windows\System\ZnAUviH.exe
  C:\Windows\System\ZnAUviH.exe
  2⤵
  PID:5212
- C:\Windows\System\euyZrTd.exe
  C:\Windows\System\euyZrTd.exe
  2⤵
  PID:5232
- C:\Windows\System\ksMdAKq.exe
  C:\Windows\System\ksMdAKq.exe
  2⤵
  PID:5252
- C:\Windows\System\QdMkxDi.exe
  C:\Windows\System\QdMkxDi.exe
  2⤵
  PID:5272
- C:\Windows\System\SwzXkRG.exe
  C:\Windows\System\SwzXkRG.exe
  2⤵
  PID:5292
- C:\Windows\System\mVzgnfG.exe
  C:\Windows\System\mVzgnfG.exe
  2⤵
  PID:5312
- C:\Windows\System\dJnajJX.exe
  C:\Windows\System\dJnajJX.exe
  2⤵
  PID:5332
- C:\Windows\System\QyezNuN.exe
  C:\Windows\System\QyezNuN.exe
  2⤵
  PID:5352
- C:\Windows\System\SlHgMNq.exe
  C:\Windows\System\SlHgMNq.exe
  2⤵
  PID:5372
- C:\Windows\System\TKILhnV.exe
  C:\Windows\System\TKILhnV.exe
  2⤵
  PID:5392
- C:\Windows\System\cZuwkin.exe
  C:\Windows\System\cZuwkin.exe
  2⤵
  PID:5412
- C:\Windows\System\wrRlDsS.exe
  C:\Windows\System\wrRlDsS.exe
  2⤵
  PID:5432
- C:\Windows\System\qXWkwwj.exe
  C:\Windows\System\qXWkwwj.exe
  2⤵
  PID:5452
- C:\Windows\System\TxgXRZg.exe
  C:\Windows\System\TxgXRZg.exe
  2⤵
  PID:5472
- C:\Windows\System\ZAoTRca.exe
  C:\Windows\System\ZAoTRca.exe
  2⤵
  PID:5492
- C:\Windows\System\foAYKhP.exe
  C:\Windows\System\foAYKhP.exe
  2⤵
  PID:5512
- C:\Windows\System\IwQKxfL.exe
  C:\Windows\System\IwQKxfL.exe
  2⤵
  PID:5532
- C:\Windows\System\VmDOOkZ.exe
  C:\Windows\System\VmDOOkZ.exe
  2⤵
  PID:5552
- C:\Windows\System\YdiIBuK.exe
  C:\Windows\System\YdiIBuK.exe
  2⤵
  PID:5572
- C:\Windows\System\Bjsygbc.exe
  C:\Windows\System\Bjsygbc.exe
  2⤵
  PID:5592
- C:\Windows\System\sRaklAr.exe
  C:\Windows\System\sRaklAr.exe
  2⤵
  PID:5612
- C:\Windows\System\DXfeLOF.exe
  C:\Windows\System\DXfeLOF.exe
  2⤵
  PID:5632
- C:\Windows\System\JGILfUE.exe
  C:\Windows\System\JGILfUE.exe
  2⤵
  PID:5652
- C:\Windows\System\AlBWeOd.exe
  C:\Windows\System\AlBWeOd.exe
  2⤵
  PID:5672
- C:\Windows\System\MAIoMnO.exe
  C:\Windows\System\MAIoMnO.exe
  2⤵
  PID:5692
- C:\Windows\System\eVevehk.exe
  C:\Windows\System\eVevehk.exe
  2⤵
  PID:5712
- C:\Windows\System\fbwUurd.exe
  C:\Windows\System\fbwUurd.exe
  2⤵
  PID:5732
- C:\Windows\System\vwPajWH.exe
  C:\Windows\System\vwPajWH.exe
  2⤵
  PID:5752
- C:\Windows\System\tbXtsLg.exe
  C:\Windows\System\tbXtsLg.exe
  2⤵
  PID:5772
- C:\Windows\System\YOURuyx.exe
  C:\Windows\System\YOURuyx.exe
  2⤵
  PID:5796
- C:\Windows\System\iHVQcbu.exe
  C:\Windows\System\iHVQcbu.exe
  2⤵
  PID:5816
- C:\Windows\System\uXTdZno.exe
  C:\Windows\System\uXTdZno.exe
  2⤵
  PID:5836
- C:\Windows\System\qOXUYDd.exe
  C:\Windows\System\qOXUYDd.exe
  2⤵
  PID:5856
- C:\Windows\System\dqOhVva.exe
  C:\Windows\System\dqOhVva.exe
  2⤵
  PID:5876
- C:\Windows\System\LiwbSkd.exe
  C:\Windows\System\LiwbSkd.exe
  2⤵
  PID:5896
- C:\Windows\System\MzEujah.exe
  C:\Windows\System\MzEujah.exe
  2⤵
  PID:5916
- C:\Windows\System\pyXtWEQ.exe
  C:\Windows\System\pyXtWEQ.exe
  2⤵
  PID:5936
- C:\Windows\System\cXirJrb.exe
  C:\Windows\System\cXirJrb.exe
  2⤵
  PID:5956
- C:\Windows\System\DJAgyOr.exe
  C:\Windows\System\DJAgyOr.exe
  2⤵
  PID:5976
- C:\Windows\System\jQuOxGr.exe
  C:\Windows\System\jQuOxGr.exe
  2⤵
  PID:5996
- C:\Windows\System\yAaLJzu.exe
  C:\Windows\System\yAaLJzu.exe
  2⤵
  PID:6016
- C:\Windows\System\xRQQmRn.exe
  C:\Windows\System\xRQQmRn.exe
  2⤵
  PID:6036
- C:\Windows\System\pJcMKMr.exe
  C:\Windows\System\pJcMKMr.exe
  2⤵
  PID:6056
- C:\Windows\System\yaRDyem.exe
  C:\Windows\System\yaRDyem.exe
  2⤵
  PID:6076
- C:\Windows\System\qtbOuEG.exe
  C:\Windows\System\qtbOuEG.exe
  2⤵
  PID:6096
- C:\Windows\System\LuPkfuj.exe
  C:\Windows\System\LuPkfuj.exe
  2⤵
  PID:6116
- C:\Windows\System\krLvmoG.exe
  C:\Windows\System\krLvmoG.exe
  2⤵
  PID:6136
- C:\Windows\System\nJaoxMP.exe
  C:\Windows\System\nJaoxMP.exe
  2⤵
  PID:4828
- C:\Windows\System\PXgKJYp.exe
  C:\Windows\System\PXgKJYp.exe
  2⤵
  PID:4848
- C:\Windows\System\CksZzOp.exe
  C:\Windows\System\CksZzOp.exe
  2⤵
  PID:4944
- C:\Windows\System\rDzFLUN.exe
  C:\Windows\System\rDzFLUN.exe
  2⤵
  PID:4964
- C:\Windows\System\sfWAwLG.exe
  C:\Windows\System\sfWAwLG.exe
  2⤵
  PID:5064
- C:\Windows\System\gNJPykg.exe
  C:\Windows\System\gNJPykg.exe
  2⤵
  PID:5112
- C:\Windows\System\icQIZZC.exe
  C:\Windows\System\icQIZZC.exe
  2⤵
  PID:3076
- C:\Windows\System\THsraVK.exe
  C:\Windows\System\THsraVK.exe
  2⤵
  PID:3200
- C:\Windows\System\xOsjglp.exe
  C:\Windows\System\xOsjglp.exe
  2⤵
  PID:3652
- C:\Windows\System\tMObpdP.exe
  C:\Windows\System\tMObpdP.exe
  2⤵
  PID:2628
- C:\Windows\System\gSdHvQD.exe
  C:\Windows\System\gSdHvQD.exe
  2⤵
  PID:2624
- C:\Windows\System\WTZIdhC.exe
  C:\Windows\System\WTZIdhC.exe
  2⤵
  PID:4164
- C:\Windows\System\cfJCZFS.exe
  C:\Windows\System\cfJCZFS.exe
  2⤵
  PID:4220
- C:\Windows\System\LhgaRKK.exe
  C:\Windows\System\LhgaRKK.exe
  2⤵
  PID:4260
- C:\Windows\System\IwYGAjQ.exe
  C:\Windows\System\IwYGAjQ.exe
  2⤵
  PID:4448
- C:\Windows\System\YLoOEsL.exe
  C:\Windows\System\YLoOEsL.exe
  2⤵
  PID:4540
- C:\Windows\System\qTfzYag.exe
  C:\Windows\System\qTfzYag.exe
  2⤵
  PID:1008
- C:\Windows\System\Lxdrunf.exe
  C:\Windows\System\Lxdrunf.exe
  2⤵
  PID:4748
- C:\Windows\System\rGQjTBZ.exe
  C:\Windows\System\rGQjTBZ.exe
  2⤵
  PID:5140
- C:\Windows\System\ZsOsbtO.exe
  C:\Windows\System\ZsOsbtO.exe
  2⤵
  PID:5164
- C:\Windows\System\GHYUWdH.exe
  C:\Windows\System\GHYUWdH.exe
  2⤵
  PID:5208
- C:\Windows\System\QdTmbVg.exe
  C:\Windows\System\QdTmbVg.exe
  2⤵
  PID:5248
- C:\Windows\System\qqLCDgv.exe
  C:\Windows\System\qqLCDgv.exe
  2⤵
  PID:5264
- C:\Windows\System\vonwtVS.exe
  C:\Windows\System\vonwtVS.exe
  2⤵
  PID:5308
- C:\Windows\System\TOuTKQd.exe
  C:\Windows\System\TOuTKQd.exe
  2⤵
  PID:5340
- C:\Windows\System\ICNdoxG.exe
  C:\Windows\System\ICNdoxG.exe
  2⤵
  PID:5364
- C:\Windows\System\aCRBioS.exe
  C:\Windows\System\aCRBioS.exe
  2⤵
  PID:5408
- C:\Windows\System\kkbOCwM.exe
  C:\Windows\System\kkbOCwM.exe
  2⤵
  PID:5448
- C:\Windows\System\qyyqjyf.exe
  C:\Windows\System\qyyqjyf.exe
  2⤵
  PID:5464
- C:\Windows\System\UgNLHTP.exe
  C:\Windows\System\UgNLHTP.exe
  2⤵
  PID:5508
- C:\Windows\System\Kbfrrhd.exe
  C:\Windows\System\Kbfrrhd.exe
  2⤵
  PID:5540
- C:\Windows\System\BQwehlz.exe
  C:\Windows\System\BQwehlz.exe
  2⤵
  PID:5564
- C:\Windows\System\RdhdeeP.exe
  C:\Windows\System\RdhdeeP.exe
  2⤵
  PID:5584
- C:\Windows\System\fDhnCNQ.exe
  C:\Windows\System\fDhnCNQ.exe
  2⤵
  PID:5628
- C:\Windows\System\wIedczm.exe
  C:\Windows\System\wIedczm.exe
  2⤵
  PID:5680
- C:\Windows\System\uJMgWXY.exe
  C:\Windows\System\uJMgWXY.exe
  2⤵
  PID:5708
- C:\Windows\System\trhXXFz.exe
  C:\Windows\System\trhXXFz.exe
  2⤵
  PID:5740
- C:\Windows\System\QHqaTbo.exe
  C:\Windows\System\QHqaTbo.exe
  2⤵
  PID:5764
- C:\Windows\System\aRRvaWw.exe
  C:\Windows\System\aRRvaWw.exe
  2⤵
  PID:5812
- C:\Windows\System\JQtGPyM.exe
  C:\Windows\System\JQtGPyM.exe
  2⤵
  PID:5844
- C:\Windows\System\sZYjhLj.exe
  C:\Windows\System\sZYjhLj.exe
  2⤵
  PID:5892
- C:\Windows\System\MHvtWkk.exe
  C:\Windows\System\MHvtWkk.exe
  2⤵
  PID:5912
- C:\Windows\System\OnXpxLO.exe
  C:\Windows\System\OnXpxLO.exe
  2⤵
  PID:5944
- C:\Windows\System\sZsQgya.exe
  C:\Windows\System\sZsQgya.exe
  2⤵
  PID:5968
- C:\Windows\System\YHzYTay.exe
  C:\Windows\System\YHzYTay.exe
  2⤵
  PID:6012
- C:\Windows\System\SaUBvrU.exe
  C:\Windows\System\SaUBvrU.exe
  2⤵
  PID:6044
- C:\Windows\System\EkTTvhr.exe
  C:\Windows\System\EkTTvhr.exe
  2⤵
  PID:6068
- C:\Windows\System\DwRvKIP.exe
  C:\Windows\System\DwRvKIP.exe
  2⤵
  PID:6124
- C:\Windows\System\mYKVPdj.exe
  C:\Windows\System\mYKVPdj.exe
  2⤵
  PID:4820
- C:\Windows\System\QwmjIrM.exe
  C:\Windows\System\QwmjIrM.exe
  2⤵
  PID:4888
- C:\Windows\System\MJZrXpv.exe
  C:\Windows\System\MJZrXpv.exe
  2⤵
  PID:4940
- C:\Windows\System\FPtTrmZ.exe
  C:\Windows\System\FPtTrmZ.exe
  2⤵
  PID:5084
- C:\Windows\System\IAQGaEX.exe
  C:\Windows\System\IAQGaEX.exe
  2⤵
  PID:3084
- C:\Windows\System\ODjIpId.exe
  C:\Windows\System\ODjIpId.exe
  2⤵
  PID:3544
- C:\Windows\System\AUotlMG.exe
  C:\Windows\System\AUotlMG.exe
  2⤵
  PID:3848
- C:\Windows\System\aSoevDX.exe
  C:\Windows\System\aSoevDX.exe
  2⤵
  PID:4120
- C:\Windows\System\zWhooLb.exe
  C:\Windows\System\zWhooLb.exe
  2⤵
  PID:4204
- C:\Windows\System\SABuYbj.exe
  C:\Windows\System\SABuYbj.exe
  2⤵
  PID:4524
- C:\Windows\System\YuTzIAb.exe
  C:\Windows\System\YuTzIAb.exe
  2⤵
  PID:4608
- C:\Windows\System\QzySAei.exe
  C:\Windows\System\QzySAei.exe
  2⤵
  PID:5124
- C:\Windows\System\kBlNDme.exe
  C:\Windows\System\kBlNDme.exe
  2⤵
  PID:5240
- C:\Windows\System\VntLvZj.exe
  C:\Windows\System\VntLvZj.exe
  2⤵
  PID:5228
- C:\Windows\System\cWJyXlw.exe
  C:\Windows\System\cWJyXlw.exe
  2⤵
  PID:5260
- C:\Windows\System\DAanLTi.exe
  C:\Windows\System\DAanLTi.exe
  2⤵
  PID:5348
- C:\Windows\System\TZltxTy.exe
  C:\Windows\System\TZltxTy.exe
  2⤵
  PID:5400
- C:\Windows\System\FSjFGvZ.exe
  C:\Windows\System\FSjFGvZ.exe
  2⤵
  PID:5468
- C:\Windows\System\flYXrYU.exe
  C:\Windows\System\flYXrYU.exe
  2⤵
  PID:5528
- C:\Windows\System\qRhotgS.exe
  C:\Windows\System\qRhotgS.exe
  2⤵
  PID:5544
- C:\Windows\System\aqzUmli.exe
  C:\Windows\System\aqzUmli.exe
  2⤵
  PID:5648
- C:\Windows\System\ouHETjr.exe
  C:\Windows\System\ouHETjr.exe
  2⤵
  PID:5660
- C:\Windows\System\ISAJAaH.exe
  C:\Windows\System\ISAJAaH.exe
  2⤵
  PID:5704
- C:\Windows\System\gWapCPz.exe
  C:\Windows\System\gWapCPz.exe
  2⤵
  PID:5824
- C:\Windows\System\eILuAsb.exe
  C:\Windows\System\eILuAsb.exe
  2⤵
  PID:5848
- C:\Windows\System\rqqcGpi.exe
  C:\Windows\System\rqqcGpi.exe
  2⤵
  PID:5888
- C:\Windows\System\TQBZyss.exe
  C:\Windows\System\TQBZyss.exe
  2⤵
  PID:5932
- C:\Windows\System\VBygoEq.exe
  C:\Windows\System\VBygoEq.exe
  2⤵
  PID:6024
- C:\Windows\System\YmnxaqJ.exe
  C:\Windows\System\YmnxaqJ.exe
  2⤵
  PID:6152
- C:\Windows\System\aFdcuEu.exe
  C:\Windows\System\aFdcuEu.exe
  2⤵
  PID:6172
- C:\Windows\System\ZDaeGka.exe
  C:\Windows\System\ZDaeGka.exe
  2⤵
  PID:6192
- C:\Windows\System\ZSuaXnc.exe
  C:\Windows\System\ZSuaXnc.exe
  2⤵
  PID:6212
- C:\Windows\System\twbzOwJ.exe
  C:\Windows\System\twbzOwJ.exe
  2⤵
  PID:6232
- C:\Windows\System\EEizLYd.exe
  C:\Windows\System\EEizLYd.exe
  2⤵
  PID:6252
- C:\Windows\System\ofbQIeo.exe
  C:\Windows\System\ofbQIeo.exe
  2⤵
  PID:6272
- C:\Windows\System\MXymVKT.exe
  C:\Windows\System\MXymVKT.exe
  2⤵
  PID:6292
- C:\Windows\System\QSxzUCr.exe
  C:\Windows\System\QSxzUCr.exe
  2⤵
  PID:6312
- C:\Windows\System\odIwtpb.exe
  C:\Windows\System\odIwtpb.exe
  2⤵
  PID:6332
- C:\Windows\System\ZLDInNE.exe
  C:\Windows\System\ZLDInNE.exe
  2⤵
  PID:6352
- C:\Windows\System\AEsxdSf.exe
  C:\Windows\System\AEsxdSf.exe
  2⤵
  PID:6372
- C:\Windows\System\TRzKKjS.exe
  C:\Windows\System\TRzKKjS.exe
  2⤵
  PID:6392
- C:\Windows\System\WYMHtZR.exe
  C:\Windows\System\WYMHtZR.exe
  2⤵
  PID:6416
- C:\Windows\System\AMHNQld.exe
  C:\Windows\System\AMHNQld.exe
  2⤵
  PID:6436
- C:\Windows\System\eaaZQyl.exe
  C:\Windows\System\eaaZQyl.exe
  2⤵
  PID:6456
- C:\Windows\System\EaYFGXG.exe
  C:\Windows\System\EaYFGXG.exe
  2⤵
  PID:6476
- C:\Windows\System\UASXOvs.exe
  C:\Windows\System\UASXOvs.exe
  2⤵
  PID:6496
- C:\Windows\System\DZtTCnW.exe
  C:\Windows\System\DZtTCnW.exe
  2⤵
  PID:6516
- C:\Windows\System\cmZIAOu.exe
  C:\Windows\System\cmZIAOu.exe
  2⤵
  PID:6536
- C:\Windows\System\oAFGZit.exe
  C:\Windows\System\oAFGZit.exe
  2⤵
  PID:6556
- C:\Windows\System\hjarMOf.exe
  C:\Windows\System\hjarMOf.exe
  2⤵
  PID:6576
- C:\Windows\System\DEiGAVe.exe
  C:\Windows\System\DEiGAVe.exe
  2⤵
  PID:6596
- C:\Windows\System\CLxYyeZ.exe
  C:\Windows\System\CLxYyeZ.exe
  2⤵
  PID:6616
- C:\Windows\System\JFjjQrg.exe
  C:\Windows\System\JFjjQrg.exe
  2⤵
  PID:6636
- C:\Windows\System\ijWTcjJ.exe
  C:\Windows\System\ijWTcjJ.exe
  2⤵
  PID:6656
- C:\Windows\System\DTaRgPP.exe
  C:\Windows\System\DTaRgPP.exe
  2⤵
  PID:6676
- C:\Windows\System\IejjKHj.exe
  C:\Windows\System\IejjKHj.exe
  2⤵
  PID:6696
- C:\Windows\System\SjvNXcd.exe
  C:\Windows\System\SjvNXcd.exe
  2⤵
  PID:6716
- C:\Windows\System\gIfQqZU.exe
  C:\Windows\System\gIfQqZU.exe
  2⤵
  PID:6736
- C:\Windows\System\dqFExrW.exe
  C:\Windows\System\dqFExrW.exe
  2⤵
  PID:6756
- C:\Windows\System\WmDfPSk.exe
  C:\Windows\System\WmDfPSk.exe
  2⤵
  PID:6776
- C:\Windows\System\kingtxE.exe
  C:\Windows\System\kingtxE.exe
  2⤵
  PID:6796
- C:\Windows\System\dQYYJHE.exe
  C:\Windows\System\dQYYJHE.exe
  2⤵
  PID:6820
- C:\Windows\System\POZKjZW.exe
  C:\Windows\System\POZKjZW.exe
  2⤵
  PID:6884
- C:\Windows\System\fvmfZNj.exe
  C:\Windows\System\fvmfZNj.exe
  2⤵
  PID:6908
- C:\Windows\System\rdDlJvS.exe
  C:\Windows\System\rdDlJvS.exe
  2⤵
  PID:6928
- C:\Windows\System\RIBhWxO.exe
  C:\Windows\System\RIBhWxO.exe
  2⤵
  PID:6948
- C:\Windows\System\nZAuXOb.exe
  C:\Windows\System\nZAuXOb.exe
  2⤵
  PID:6968
- C:\Windows\System\ZExEnVK.exe
  C:\Windows\System\ZExEnVK.exe
  2⤵
  PID:6984
- C:\Windows\System\sOdskIk.exe
  C:\Windows\System\sOdskIk.exe
  2⤵
  PID:7000
- C:\Windows\System\guqCHBL.exe
  C:\Windows\System\guqCHBL.exe
  2⤵
  PID:7020
- C:\Windows\System\tdUnNjR.exe
  C:\Windows\System\tdUnNjR.exe
  2⤵
  PID:7036
- C:\Windows\System\RBqlOCe.exe
  C:\Windows\System\RBqlOCe.exe
  2⤵
  PID:7056
- C:\Windows\System\AKKNiBE.exe
  C:\Windows\System\AKKNiBE.exe
  2⤵
  PID:7072
- C:\Windows\System\eRAsIvn.exe
  C:\Windows\System\eRAsIvn.exe
  2⤵
  PID:7092
- C:\Windows\System\WgPgjrW.exe
  C:\Windows\System\WgPgjrW.exe
  2⤵
  PID:7108
- C:\Windows\System\dJKJBJC.exe
  C:\Windows\System\dJKJBJC.exe
  2⤵
  PID:7152
- C:\Windows\System\ZalZzQk.exe
  C:\Windows\System\ZalZzQk.exe
  2⤵
  PID:6072
- C:\Windows\System\VxpRHcY.exe
  C:\Windows\System\VxpRHcY.exe
  2⤵
  PID:6092
- C:\Windows\System\RBeQfJO.exe
  C:\Windows\System\RBeQfJO.exe
  2⤵
  PID:4808
- C:\Windows\System\DyBBaGl.exe
  C:\Windows\System\DyBBaGl.exe
  2⤵
  PID:4988
- C:\Windows\System\NwGaHyh.exe
  C:\Windows\System\NwGaHyh.exe
  2⤵
  PID:2740
- C:\Windows\System\rbbmFtf.exe
  C:\Windows\System\rbbmFtf.exe
  2⤵
  PID:3308
- C:\Windows\System\cnggaKl.exe
  C:\Windows\System\cnggaKl.exe
  2⤵
  PID:3880
- C:\Windows\System\jBxODRs.exe
  C:\Windows\System\jBxODRs.exe
  2⤵
  PID:3052
- C:\Windows\System\fmlymyx.exe
  C:\Windows\System\fmlymyx.exe
  2⤵
  PID:4568
- C:\Windows\System\xKTGIkz.exe
  C:\Windows\System\xKTGIkz.exe
  2⤵
  PID:5168
- C:\Windows\System\QAizmPl.exe
  C:\Windows\System\QAizmPl.exe
  2⤵
  PID:5200
- C:\Windows\System\RzhpTHA.exe
  C:\Windows\System\RzhpTHA.exe
  2⤵
  PID:5268
- C:\Windows\System\BEEOMQp.exe
  C:\Windows\System\BEEOMQp.exe
  2⤵
  PID:5440
- C:\Windows\System\YdzmRhE.exe
  C:\Windows\System\YdzmRhE.exe
  2⤵
  PID:5428
- C:\Windows\System\KgtCnGc.exe
  C:\Windows\System\KgtCnGc.exe
  2⤵
  PID:5500
- C:\Windows\System\qVWnikN.exe
  C:\Windows\System\qVWnikN.exe
  2⤵
  PID:5620
- C:\Windows\System\MSlKZKy.exe
  C:\Windows\System\MSlKZKy.exe
  2⤵
  PID:5684
- C:\Windows\System\uFwKGjP.exe
  C:\Windows\System\uFwKGjP.exe
  2⤵
  PID:5904
- C:\Windows\System\FesCwbi.exe
  C:\Windows\System\FesCwbi.exe
  2⤵
  PID:5992
- C:\Windows\System\phCnwhr.exe
  C:\Windows\System\phCnwhr.exe
  2⤵
  PID:6148
- C:\Windows\System\xQeXETi.exe
  C:\Windows\System\xQeXETi.exe
  2⤵
  PID:6180
- C:\Windows\System\msvpScz.exe
  C:\Windows\System\msvpScz.exe
  2⤵
  PID:6204
- C:\Windows\System\leWXijV.exe
  C:\Windows\System\leWXijV.exe
  2⤵
  PID:6248
- C:\Windows\System\shtxDfM.exe
  C:\Windows\System\shtxDfM.exe
  2⤵
  PID:6288
- C:\Windows\System\drCYdqd.exe
  C:\Windows\System\drCYdqd.exe
  2⤵
  PID:2696
- C:\Windows\System\aUBfLLT.exe
  C:\Windows\System\aUBfLLT.exe
  2⤵
  PID:6320
- C:\Windows\System\hUdSiQm.exe
  C:\Windows\System\hUdSiQm.exe
  2⤵
  PID:6348
- C:\Windows\System\NVGLytb.exe
  C:\Windows\System\NVGLytb.exe
  2⤵
  PID:6408
- C:\Windows\System\JPIdPMH.exe
  C:\Windows\System\JPIdPMH.exe
  2⤵
  PID:6452
- C:\Windows\System\LLosMsu.exe
  C:\Windows\System\LLosMsu.exe
  2⤵
  PID:6472
- C:\Windows\System\qjhbQRE.exe
  C:\Windows\System\qjhbQRE.exe
  2⤵
  PID:6488
- C:\Windows\System\BIjYRyD.exe
  C:\Windows\System\BIjYRyD.exe
  2⤵
  PID:6524
- C:\Windows\System\doHtKnc.exe
  C:\Windows\System\doHtKnc.exe
  2⤵
  PID:6564
- C:\Windows\System\lXqfcQS.exe
  C:\Windows\System\lXqfcQS.exe
  2⤵
  PID:6592
- C:\Windows\System\iaRcAmd.exe
  C:\Windows\System\iaRcAmd.exe
  2⤵
  PID:2116
- C:\Windows\System\fUibvCc.exe
  C:\Windows\System\fUibvCc.exe
  2⤵
  PID:6628
- C:\Windows\System\InvjAib.exe
  C:\Windows\System\InvjAib.exe
  2⤵
  PID:6704
- C:\Windows\System\bNQBAON.exe
  C:\Windows\System\bNQBAON.exe
  2⤵
  PID:6732
- C:\Windows\System\SQWBlKJ.exe
  C:\Windows\System\SQWBlKJ.exe
  2⤵
  PID:6748
- C:\Windows\System\ItdhOhI.exe
  C:\Windows\System\ItdhOhI.exe
  2⤵
  PID:6784
- C:\Windows\System\wPNcvEU.exe
  C:\Windows\System\wPNcvEU.exe
  2⤵
  PID:6808
- C:\Windows\System\WHcBVEP.exe
  C:\Windows\System\WHcBVEP.exe
  2⤵
  PID:2640
- C:\Windows\System\OQSauVP.exe
  C:\Windows\System\OQSauVP.exe
  2⤵
  PID:2772
- C:\Windows\System\SiWLhnR.exe
  C:\Windows\System\SiWLhnR.exe
  2⤵
  PID:2816
- C:\Windows\System\qhsmlno.exe
  C:\Windows\System\qhsmlno.exe
  2⤵
  PID:2052
- C:\Windows\System\bSsFTkj.exe
  C:\Windows\System\bSsFTkj.exe
  2⤵
  PID:2608
- C:\Windows\System\kGnGePt.exe
  C:\Windows\System\kGnGePt.exe
  2⤵
  PID:1916
- C:\Windows\System\WyoDtrm.exe
  C:\Windows\System\WyoDtrm.exe
  2⤵
  PID:3988
- C:\Windows\System\QrTHNDE.exe
  C:\Windows\System\QrTHNDE.exe
  2⤵
  PID:2604
- C:\Windows\System\aFbMjhJ.exe
  C:\Windows\System\aFbMjhJ.exe
  2⤵
  PID:3152
- C:\Windows\System\XCGEHSV.exe
  C:\Windows\System\XCGEHSV.exe
  2⤵
  PID:2692
- C:\Windows\System\HfkyHMC.exe
  C:\Windows\System\HfkyHMC.exe
  2⤵
  PID:2572
- C:\Windows\System\iszxfua.exe
  C:\Windows\System\iszxfua.exe
  2⤵
  PID:2956
- C:\Windows\System\aEpQxrX.exe
  C:\Windows\System\aEpQxrX.exe
  2⤵
  PID:1688
- C:\Windows\System\qubcleN.exe
  C:\Windows\System\qubcleN.exe
  2⤵
  PID:2464
- C:\Windows\System\GXfQrxM.exe
  C:\Windows\System\GXfQrxM.exe
  2⤵
  PID:1240
- C:\Windows\System\jZfLTks.exe
  C:\Windows\System\jZfLTks.exe
  2⤵
  PID:2280
- C:\Windows\System\htYFBvl.exe
  C:\Windows\System\htYFBvl.exe
  2⤵
  PID:2340
- C:\Windows\System\cgYuIOS.exe
  C:\Windows\System\cgYuIOS.exe
  2⤵
  PID:1952
- C:\Windows\System\ntMLaRz.exe
  C:\Windows\System\ntMLaRz.exe
  2⤵
  PID:2520
- C:\Windows\System\beNzwsW.exe
  C:\Windows\System\beNzwsW.exe
  2⤵
  PID:1712
- C:\Windows\System\RnwkaFi.exe
  C:\Windows\System\RnwkaFi.exe
  2⤵
  PID:6936
- C:\Windows\System\ovkTMZD.exe
  C:\Windows\System\ovkTMZD.exe
  2⤵
  PID:6924
- C:\Windows\System\rapMKZm.exe
  C:\Windows\System\rapMKZm.exe
  2⤵
  PID:7028
- C:\Windows\System\OwKHUmq.exe
  C:\Windows\System\OwKHUmq.exe
  2⤵
  PID:7016
- C:\Windows\System\QiJffoC.exe
  C:\Windows\System\QiJffoC.exe
  2⤵
  PID:7068
- C:\Windows\System\dLpOXqt.exe
  C:\Windows\System\dLpOXqt.exe
  2⤵
  PID:7080
- C:\Windows\System\ZlRFzXi.exe
  C:\Windows\System\ZlRFzXi.exe
  2⤵
  PID:7128
- C:\Windows\System\pyqHKjh.exe
  C:\Windows\System\pyqHKjh.exe
  2⤵
  PID:7120
- C:\Windows\System\VVvdivQ.exe
  C:\Windows\System\VVvdivQ.exe
  2⤵
  PID:7164
- C:\Windows\System\svFatzR.exe
  C:\Windows\System\svFatzR.exe
  2⤵
  PID:4296
- C:\Windows\System\KRIdlHX.exe
  C:\Windows\System\KRIdlHX.exe
  2⤵
  PID:4488
- C:\Windows\System\AQIjTDe.exe
  C:\Windows\System\AQIjTDe.exe
  2⤵
  PID:4864
- C:\Windows\System\rqPktZD.exe
  C:\Windows\System\rqPktZD.exe
  2⤵
  PID:4028
- C:\Windows\System\VIjAEmn.exe
  C:\Windows\System\VIjAEmn.exe
  2⤵
  PID:5304
- C:\Windows\System\Nysgaif.exe
  C:\Windows\System\Nysgaif.exe
  2⤵
  PID:5668
- C:\Windows\System\ZTFVohs.exe
  C:\Windows\System\ZTFVohs.exe
  2⤵
  PID:5804
- C:\Windows\System\lJACptU.exe
  C:\Windows\System\lJACptU.exe
  2⤵
  PID:5444
- C:\Windows\System\hMJYJrO.exe
  C:\Windows\System\hMJYJrO.exe
  2⤵
  PID:5948
- C:\Windows\System\NhpzQaG.exe
  C:\Windows\System\NhpzQaG.exe
  2⤵
  PID:6224
- C:\Windows\System\QDAiBiO.exe
  C:\Windows\System\QDAiBiO.exe
  2⤵
  PID:5760
- C:\Windows\System\fPaUSDs.exe
  C:\Windows\System\fPaUSDs.exe
  2⤵
  PID:5792
- C:\Windows\System\JxISied.exe
  C:\Windows\System\JxISied.exe
  2⤵
  PID:6360
- C:\Windows\System\IiOruKZ.exe
  C:\Windows\System\IiOruKZ.exe
  2⤵
  PID:6300
- C:\Windows\System\rvPveDN.exe
  C:\Windows\System\rvPveDN.exe
  2⤵
  PID:6208
- C:\Windows\System\mFaKWge.exe
  C:\Windows\System\mFaKWge.exe
  2⤵
  PID:6380
- C:\Windows\System\ppKrDbR.exe
  C:\Windows\System\ppKrDbR.exe
  2⤵
  PID:6432
- C:\Windows\System\KqvrRmq.exe
  C:\Windows\System\KqvrRmq.exe
  2⤵
  PID:6552
- C:\Windows\System\GYQvypG.exe
  C:\Windows\System\GYQvypG.exe
  2⤵
  PID:6652
- C:\Windows\System\dmzNYWE.exe
  C:\Windows\System\dmzNYWE.exe
  2⤵
  PID:2840
- C:\Windows\System\XvJJlIo.exe
  C:\Windows\System\XvJJlIo.exe
  2⤵
  PID:6508
- C:\Windows\System\xEYwZTS.exe
  C:\Windows\System\xEYwZTS.exe
  2⤵
  PID:6684
- C:\Windows\System\FcTdaZO.exe
  C:\Windows\System\FcTdaZO.exe
  2⤵
  PID:6752
- C:\Windows\System\IIgvxSe.exe
  C:\Windows\System\IIgvxSe.exe
  2⤵
  PID:1508
- C:\Windows\System\zmsHSto.exe
  C:\Windows\System\zmsHSto.exe
  2⤵
  PID:1532
- C:\Windows\System\yozimjS.exe
  C:\Windows\System\yozimjS.exe
  2⤵
  PID:3008
- C:\Windows\System\hOGoISh.exe
  C:\Windows\System\hOGoISh.exe
  2⤵
  PID:1932
- C:\Windows\System\EBVvyPx.exe
  C:\Windows\System\EBVvyPx.exe
  2⤵
  PID:2000
- C:\Windows\System\OSbEBOw.exe
  C:\Windows\System\OSbEBOw.exe
  2⤵
  PID:6828
- C:\Windows\System\aYAoJdR.exe
  C:\Windows\System\aYAoJdR.exe
  2⤵
  PID:1576
- C:\Windows\System\upshGzJ.exe
  C:\Windows\System\upshGzJ.exe
  2⤵
  PID:6900
- C:\Windows\System\RLnBqRJ.exe
  C:\Windows\System\RLnBqRJ.exe
  2⤵
  PID:1328
- C:\Windows\System\AKPWYvO.exe
  C:\Windows\System\AKPWYvO.exe
  2⤵
  PID:7008
- C:\Windows\System\wePJtyP.exe
  C:\Windows\System\wePJtyP.exe
  2⤵
  PID:6724
- C:\Windows\System\bzIfPgL.exe
  C:\Windows\System\bzIfPgL.exe
  2⤵
  PID:6832
- C:\Windows\System\YuUmZTK.exe
  C:\Windows\System\YuUmZTK.exe
  2⤵
  PID:7144
- C:\Windows\System\mYEEMts.exe
  C:\Windows\System\mYEEMts.exe
  2⤵
  PID:3452
- C:\Windows\System\BXVYXSB.exe
  C:\Windows\System\BXVYXSB.exe
  2⤵
  PID:4504
- C:\Windows\System\LybwmWL.exe
  C:\Windows\System\LybwmWL.exe
  2⤵
  PID:5728
- C:\Windows\System\SgJxaXw.exe
  C:\Windows\System\SgJxaXw.exe
  2⤵
  PID:6324
- C:\Windows\System\CrmFNqa.exe
  C:\Windows\System\CrmFNqa.exe
  2⤵
  PID:6280
- C:\Windows\System\nZYPrth.exe
  C:\Windows\System\nZYPrth.exe
  2⤵
  PID:6604
- C:\Windows\System\kEpTyAM.exe
  C:\Windows\System\kEpTyAM.exe
  2⤵
  PID:6692
- C:\Windows\System\NVcgBzz.exe
  C:\Windows\System\NVcgBzz.exe
  2⤵
  PID:1708
- C:\Windows\System\IKJyqkJ.exe
  C:\Windows\System\IKJyqkJ.exe
  2⤵
  PID:1980
- C:\Windows\System\KsOzanU.exe
  C:\Windows\System\KsOzanU.exe
  2⤵
  PID:6772
- C:\Windows\System\XzmeQTX.exe
  C:\Windows\System\XzmeQTX.exe
  2⤵
  PID:5184
- C:\Windows\System\PeGCyoW.exe
  C:\Windows\System\PeGCyoW.exe
  2⤵
  PID:2968
- C:\Windows\System\YkIQcZm.exe
  C:\Windows\System\YkIQcZm.exe
  2⤵
  PID:3108
- C:\Windows\System\ZyMZuyK.exe
  C:\Windows\System\ZyMZuyK.exe
  2⤵
  PID:1284
- C:\Windows\System\mZBpbri.exe
  C:\Windows\System\mZBpbri.exe
  2⤵
  PID:6960
- C:\Windows\System\HPkAuPw.exe
  C:\Windows\System\HPkAuPw.exe
  2⤵
  PID:7064
- C:\Windows\System\hjeMWXz.exe
  C:\Windows\System\hjeMWXz.exe
  2⤵
  PID:6672
- C:\Windows\System\qqKrArf.exe
  C:\Windows\System\qqKrArf.exe
  2⤵
  PID:3112
- C:\Windows\System\EFYsxwd.exe
  C:\Windows\System\EFYsxwd.exe
  2⤵
  PID:6108
- C:\Windows\System\YusCtmz.exe
  C:\Windows\System\YusCtmz.exe
  2⤵
  PID:5488
- C:\Windows\System\NAxMXGr.exe
  C:\Windows\System\NAxMXGr.exe
  2⤵
  PID:6240
- C:\Windows\System\viTvDDf.exe
  C:\Windows\System\viTvDDf.exe
  2⤵
  PID:6260
- C:\Windows\System\vHDjuLB.exe
  C:\Windows\System\vHDjuLB.exe
  2⤵
  PID:6484
- C:\Windows\System\zqyZfpl.exe
  C:\Windows\System\zqyZfpl.exe
  2⤵
  PID:6584
- C:\Windows\System\ChrlWwk.exe
  C:\Windows\System\ChrlWwk.exe
  2⤵
  PID:2616
- C:\Windows\System\oWVYxHO.exe
  C:\Windows\System\oWVYxHO.exe
  2⤵
  PID:1760
- C:\Windows\System\STUFAta.exe
  C:\Windows\System\STUFAta.exe
  2⤵
  PID:5588
- C:\Windows\System\DoEyAXQ.exe
  C:\Windows\System\DoEyAXQ.exe
  2⤵
  PID:1540
- C:\Windows\System\sreKXrs.exe
  C:\Windows\System\sreKXrs.exe
  2⤵
  PID:2068
- C:\Windows\System\Gfejaub.exe
  C:\Windows\System\Gfejaub.exe
  2⤵
  PID:1976
- C:\Windows\System\pyzxSCO.exe
  C:\Windows\System\pyzxSCO.exe
  2⤵
  PID:6920
- C:\Windows\System\EQNxVwM.exe
  C:\Windows\System\EQNxVwM.exe
  2⤵
  PID:5004
- C:\Windows\System\UgHWaGq.exe
  C:\Windows\System\UgHWaGq.exe
  2⤵
  PID:1092
- C:\Windows\System\RhzYqVY.exe
  C:\Windows\System\RhzYqVY.exe
  2⤵
  PID:2876
- C:\Windows\System\rewxwHQ.exe
  C:\Windows\System\rewxwHQ.exe
  2⤵
  PID:6164
- C:\Windows\System\ujdRTbT.exe
  C:\Windows\System\ujdRTbT.exe
  2⤵
  PID:6184
- C:\Windows\System\DKbBtgP.exe
  C:\Windows\System\DKbBtgP.exe
  2⤵
  PID:2764
- C:\Windows\System\dkCredr.exe
  C:\Windows\System\dkCredr.exe
  2⤵
  PID:7084
- C:\Windows\System\kuknncd.exe
  C:\Windows\System\kuknncd.exe
  2⤵
  PID:2916
- C:\Windows\System\zxCyhsu.exe
  C:\Windows\System\zxCyhsu.exe
  2⤵
  PID:1488
- C:\Windows\System\oOvTXHS.exe
  C:\Windows\System\oOvTXHS.exe
  2⤵
  PID:7104
- C:\Windows\System\onqdOqW.exe
  C:\Windows\System\onqdOqW.exe
  2⤵
  PID:5884
- C:\Windows\System\fBPgXYA.exe
  C:\Windows\System\fBPgXYA.exe
  2⤵
  PID:2268
- C:\Windows\System\nXBsnKt.exe
  C:\Windows\System\nXBsnKt.exe
  2⤵
  PID:2056
- C:\Windows\System\ZyTKpRv.exe
  C:\Windows\System\ZyTKpRv.exe
  2⤵
  PID:5108
- C:\Windows\System\ObDqCdc.exe
  C:\Windows\System\ObDqCdc.exe
  2⤵
  PID:6464
- C:\Windows\System\PDCsWAG.exe
  C:\Windows\System\PDCsWAG.exe
  2⤵
  PID:5328
- C:\Windows\System\erlwZmt.exe
  C:\Windows\System\erlwZmt.exe
  2⤵
  PID:2392
- C:\Windows\System\KZlwQtA.exe
  C:\Windows\System\KZlwQtA.exe
  2⤵
  PID:7140
- C:\Windows\System\VLnPOYz.exe
  C:\Windows\System\VLnPOYz.exe
  2⤵
  PID:1036
- C:\Windows\System\eEgViMk.exe
  C:\Windows\System\eEgViMk.exe
  2⤵
  PID:7052
- C:\Windows\System\BNZcvfV.exe
  C:\Windows\System\BNZcvfV.exe
  2⤵
  PID:2012
- C:\Windows\System\IHrSxLs.exe
  C:\Windows\System\IHrSxLs.exe
  2⤵
  PID:4400
- C:\Windows\System\JoKVyNJ.exe
  C:\Windows\System\JoKVyNJ.exe
  2⤵
  PID:316
- C:\Windows\System\OuKpnNw.exe
  C:\Windows\System\OuKpnNw.exe
  2⤵
  PID:7048
- C:\Windows\System\pDCvXaY.exe
  C:\Windows\System\pDCvXaY.exe
  2⤵
  PID:6688
- C:\Windows\System\AhFoevT.exe
  C:\Windows\System\AhFoevT.exe
  2⤵
  PID:6624
- C:\Windows\System\cFjfETY.exe
  C:\Windows\System\cFjfETY.exe
  2⤵
  PID:6200
- C:\Windows\System\qeMacak.exe
  C:\Windows\System\qeMacak.exe
  2⤵
  PID:6368
- C:\Windows\System\PyCTpjd.exe
  C:\Windows\System\PyCTpjd.exe
  2⤵
  PID:2380
- C:\Windows\System\OJFSAiC.exe
  C:\Windows\System\OJFSAiC.exe
  2⤵
  PID:7180
- C:\Windows\System\hLcmRYa.exe
  C:\Windows\System\hLcmRYa.exe
  2⤵
  PID:7196
- C:\Windows\System\mIYRpTo.exe
  C:\Windows\System\mIYRpTo.exe
  2⤵
  PID:7216
- C:\Windows\System\zIMIpCx.exe
  C:\Windows\System\zIMIpCx.exe
  2⤵
  PID:7240
- C:\Windows\System\AjxaZFl.exe
  C:\Windows\System\AjxaZFl.exe
  2⤵
  PID:7260
- C:\Windows\System\PIVXuQQ.exe
  C:\Windows\System\PIVXuQQ.exe
  2⤵
  PID:7276
- C:\Windows\System\aqWGQvv.exe
  C:\Windows\System\aqWGQvv.exe
  2⤵
  PID:7296
- C:\Windows\System\xMDfDpR.exe
  C:\Windows\System\xMDfDpR.exe
  2⤵
  PID:7316
- C:\Windows\System\sxOragm.exe
  C:\Windows\System\sxOragm.exe
  2⤵
  PID:7392
- C:\Windows\System\ykzXERx.exe
  C:\Windows\System\ykzXERx.exe
  2⤵
  PID:7412
- C:\Windows\System\HnTCJMd.exe
  C:\Windows\System\HnTCJMd.exe
  2⤵
  PID:7432
- C:\Windows\System\RcEkCXF.exe
  C:\Windows\System\RcEkCXF.exe
  2⤵
  PID:7448
- C:\Windows\System\AlfxhzG.exe
  C:\Windows\System\AlfxhzG.exe
  2⤵
  PID:7464
- C:\Windows\System\dDBKmdQ.exe
  C:\Windows\System\dDBKmdQ.exe
  2⤵
  PID:7480
- C:\Windows\System\dFLuNhQ.exe
  C:\Windows\System\dFLuNhQ.exe
  2⤵
  PID:7496
- C:\Windows\System\XcPJdLA.exe
  C:\Windows\System\XcPJdLA.exe
  2⤵
  PID:7512
- C:\Windows\System\pjkaNzu.exe
  C:\Windows\System\pjkaNzu.exe
  2⤵
  PID:7528
- C:\Windows\System\GwgiFcd.exe
  C:\Windows\System\GwgiFcd.exe
  2⤵
  PID:7548
- C:\Windows\System\kyMmWAD.exe
  C:\Windows\System\kyMmWAD.exe
  2⤵
  PID:7564
- C:\Windows\System\CsjKzQj.exe
  C:\Windows\System\CsjKzQj.exe
  2⤵
  PID:7596
- C:\Windows\System\vRaPRoo.exe
  C:\Windows\System\vRaPRoo.exe
  2⤵
  PID:7612
- C:\Windows\System\HwpxHgx.exe
  C:\Windows\System\HwpxHgx.exe
  2⤵
  PID:7628
- C:\Windows\System\aLcybVQ.exe
  C:\Windows\System\aLcybVQ.exe
  2⤵
  PID:7644
- C:\Windows\System\TOFWKnr.exe
  C:\Windows\System\TOFWKnr.exe
  2⤵
  PID:7660
- C:\Windows\System\atKQfZC.exe
  C:\Windows\System\atKQfZC.exe
  2⤵
  PID:7676
- C:\Windows\System\sNTentl.exe
  C:\Windows\System\sNTentl.exe
  2⤵
  PID:7696
- C:\Windows\System\nzxJyzs.exe
  C:\Windows\System\nzxJyzs.exe
  2⤵
  PID:7712
- C:\Windows\System\RVnDSfI.exe
  C:\Windows\System\RVnDSfI.exe
  2⤵
  PID:7736
- C:\Windows\System\MVcnpAY.exe
  C:\Windows\System\MVcnpAY.exe
  2⤵
  PID:7756
- C:\Windows\System\aDWoNjl.exe
  C:\Windows\System\aDWoNjl.exe
  2⤵
  PID:7780
- C:\Windows\System\MYlqaAI.exe
  C:\Windows\System\MYlqaAI.exe
  2⤵
  PID:7800
- C:\Windows\System\cshBUzv.exe
  C:\Windows\System\cshBUzv.exe
  2⤵
  PID:7848
- C:\Windows\System\kFURGuJ.exe
  C:\Windows\System\kFURGuJ.exe
  2⤵
  PID:7864
- C:\Windows\System\stCGrvL.exe
  C:\Windows\System\stCGrvL.exe
  2⤵
  PID:7880
- C:\Windows\System\NazWfVN.exe
  C:\Windows\System\NazWfVN.exe
  2⤵
  PID:7896
- C:\Windows\System\CGBzRUa.exe
  C:\Windows\System\CGBzRUa.exe
  2⤵
  PID:7912
- C:\Windows\System\NrNXTnu.exe
  C:\Windows\System\NrNXTnu.exe
  2⤵
  PID:7936
- C:\Windows\System\NtwGUfY.exe
  C:\Windows\System\NtwGUfY.exe
  2⤵
  PID:7976
- C:\Windows\System\fzhJfTA.exe
  C:\Windows\System\fzhJfTA.exe
  2⤵
  PID:7992
- C:\Windows\System\uZfWeId.exe
  C:\Windows\System\uZfWeId.exe
  2⤵
  PID:8008
- C:\Windows\System\VFQAzoe.exe
  C:\Windows\System\VFQAzoe.exe
  2⤵
  PID:8028
- C:\Windows\System\HBubXJd.exe
  C:\Windows\System\HBubXJd.exe
  2⤵
  PID:8048
- C:\Windows\System\fxIDDqW.exe
  C:\Windows\System\fxIDDqW.exe
  2⤵
  PID:8064
- C:\Windows\System\MKJwIDk.exe
  C:\Windows\System\MKJwIDk.exe
  2⤵
  PID:8084
- C:\Windows\System\oqgTMNb.exe
  C:\Windows\System\oqgTMNb.exe
  2⤵
  PID:8100
- C:\Windows\System\PajdTCh.exe
  C:\Windows\System\PajdTCh.exe
  2⤵
  PID:8116
- C:\Windows\System\Euuozaj.exe
  C:\Windows\System\Euuozaj.exe
  2⤵
  PID:8136
- C:\Windows\System\LasBbsm.exe
  C:\Windows\System\LasBbsm.exe
  2⤵
  PID:8156
- C:\Windows\System\ZMMDcPo.exe
  C:\Windows\System\ZMMDcPo.exe
  2⤵
  PID:8172
- C:\Windows\System\bqCxjuf.exe
  C:\Windows\System\bqCxjuf.exe
  2⤵
  PID:8188
- C:\Windows\System\vvVTntE.exe
  C:\Windows\System\vvVTntE.exe
  2⤵
  PID:7212
- C:\Windows\System\YAZvCzb.exe
  C:\Windows\System\YAZvCzb.exe
  2⤵
  PID:7256
- C:\Windows\System\vLfKKEH.exe
  C:\Windows\System\vLfKKEH.exe
  2⤵
  PID:7124
- C:\Windows\System\lAigANH.exe
  C:\Windows\System\lAigANH.exe
  2⤵
  PID:7340
- C:\Windows\System\lAkdUzk.exe
  C:\Windows\System\lAkdUzk.exe
  2⤵
  PID:2288
- C:\Windows\System\FAyETrO.exe
  C:\Windows\System\FAyETrO.exe
  2⤵
  PID:1696
- C:\Windows\System\FuzKidm.exe
  C:\Windows\System\FuzKidm.exe
  2⤵
  PID:7228
- C:\Windows\System\tGIJOAd.exe
  C:\Windows\System\tGIJOAd.exe
  2⤵
  PID:7356
- C:\Windows\System\eOWlcmy.exe
  C:\Windows\System\eOWlcmy.exe
  2⤵
  PID:7408
- C:\Windows\System\TLKDkfX.exe
  C:\Windows\System\TLKDkfX.exe
  2⤵
  PID:7424
- C:\Windows\System\znFJrVf.exe
  C:\Windows\System\znFJrVf.exe
  2⤵
  PID:7504
- C:\Windows\System\yzqFBsq.exe
  C:\Windows\System\yzqFBsq.exe
  2⤵
  PID:7492
- C:\Windows\System\wamMuxE.exe
  C:\Windows\System\wamMuxE.exe
  2⤵
  PID:7604
- C:\Windows\System\sfuTFIq.exe
  C:\Windows\System\sfuTFIq.exe
  2⤵
  PID:7540
- C:\Windows\System\DZDjipx.exe
  C:\Windows\System\DZDjipx.exe
  2⤵
  PID:7668
- C:\Windows\System\gCgDfHz.exe
  C:\Windows\System\gCgDfHz.exe
  2⤵
  PID:7580
- C:\Windows\System\kusVExg.exe
  C:\Windows\System\kusVExg.exe
  2⤵
  PID:7576
- C:\Windows\System\kFFSFKJ.exe
  C:\Windows\System\kFFSFKJ.exe
  2⤵
  PID:7764
- C:\Windows\System\LelHOrT.exe
  C:\Windows\System\LelHOrT.exe
  2⤵
  PID:7684
- C:\Windows\System\knSFbta.exe
  C:\Windows\System\knSFbta.exe
  2⤵
  PID:7772
- C:\Windows\System\mhafhhk.exe
  C:\Windows\System\mhafhhk.exe
  2⤵
  PID:7828
- C:\Windows\System\bdeCVdf.exe
  C:\Windows\System\bdeCVdf.exe
  2⤵
  PID:7844
- C:\Windows\System\SVunAmB.exe
  C:\Windows\System\SVunAmB.exe
  2⤵
  PID:7892
- C:\Windows\System\DBkrtRN.exe
  C:\Windows\System\DBkrtRN.exe
  2⤵
  PID:7988
- C:\Windows\System\yjhSFfO.exe
  C:\Windows\System\yjhSFfO.exe
  2⤵
  PID:7904
- C:\Windows\System\bGqVvoc.exe
  C:\Windows\System\bGqVvoc.exe
  2⤵
  PID:8056
- C:\Windows\System\MLQTkgX.exe
  C:\Windows\System\MLQTkgX.exe
  2⤵
  PID:8124
- C:\Windows\System\cWNfIqe.exe
  C:\Windows\System\cWNfIqe.exe
  2⤵
  PID:8168
- C:\Windows\System\dpPvyki.exe
  C:\Windows\System\dpPvyki.exe
  2⤵
  PID:7224
- C:\Windows\System\zENrpyU.exe
  C:\Windows\System\zENrpyU.exe
  2⤵
  PID:7284
- C:\Windows\System\nnqWbFk.exe
  C:\Windows\System\nnqWbFk.exe
  2⤵
  PID:7444
- C:\Windows\System\UlSLMzk.exe
  C:\Windows\System\UlSLMzk.exe
  2⤵
  PID:7640
- C:\Windows\System\WBvMhNm.exe
  C:\Windows\System\WBvMhNm.exe
  2⤵
  PID:7724
- C:\Windows\System\voIJXSz.exe
  C:\Windows\System\voIJXSz.exe
  2⤵
  PID:7824
- C:\Windows\System\jOVirfW.exe
  C:\Windows\System\jOVirfW.exe
  2⤵
  PID:7964
- C:\Windows\System\tXFRNIv.exe
  C:\Windows\System\tXFRNIv.exe
  2⤵
  PID:8180
- C:\Windows\System\yfEofTY.exe
  C:\Windows\System\yfEofTY.exe
  2⤵
  PID:7796
- C:\Windows\System\dffoNTh.exe
  C:\Windows\System\dffoNTh.exe
  2⤵
  PID:8184
- C:\Windows\System\WsdJRcn.exe
  C:\Windows\System\WsdJRcn.exe
  2⤵
  PID:8076
- C:\Windows\System\DrRhPRz.exe
  C:\Windows\System\DrRhPRz.exe
  2⤵
  PID:8144
- C:\Windows\System\ukMxQGR.exe
  C:\Windows\System\ukMxQGR.exe
  2⤵
  PID:7332
- C:\Windows\System\czSVBmw.exe
  C:\Windows\System\czSVBmw.exe
  2⤵
  PID:7308
- C:\Windows\System\BhnKAFs.exe
  C:\Windows\System\BhnKAFs.exe
  2⤵
  PID:7352
- C:\Windows\System\zSsDPSS.exe
  C:\Windows\System\zSsDPSS.exe
  2⤵
  PID:7488
- C:\Windows\System\ZIJQcYe.exe
  C:\Windows\System\ZIJQcYe.exe
  2⤵
  PID:7652
- C:\Windows\System\pRjulOI.exe
  C:\Windows\System\pRjulOI.exe
  2⤵
  PID:7620
- C:\Windows\System\TzLdLop.exe
  C:\Windows\System\TzLdLop.exe
  2⤵
  PID:7792
- C:\Windows\System\DCZhYdr.exe
  C:\Windows\System\DCZhYdr.exe
  2⤵
  PID:940
- C:\Windows\System\VKYNlDy.exe
  C:\Windows\System\VKYNlDy.exe
  2⤵
  PID:8016
- C:\Windows\System\BXstEhM.exe
  C:\Windows\System\BXstEhM.exe
  2⤵
  PID:7944
- C:\Windows\System\fYqJAJK.exe
  C:\Windows\System\fYqJAJK.exe
  2⤵
  PID:5768
- C:\Windows\System\krhTbYL.exe
  C:\Windows\System\krhTbYL.exe
  2⤵
  PID:7208
- C:\Windows\System\UcJNBXR.exe
  C:\Windows\System\UcJNBXR.exe
  2⤵
  PID:7556
- C:\Windows\System\uNyxbpV.exe
  C:\Windows\System\uNyxbpV.exe
  2⤵
  PID:8072
- C:\Windows\System\udrVGiE.exe
  C:\Windows\System\udrVGiE.exe
  2⤵
  PID:7588
- C:\Windows\System\GqMYMqk.exe
  C:\Windows\System\GqMYMqk.exe
  2⤵
  PID:7752
- C:\Windows\System\pedBAbq.exe
  C:\Windows\System\pedBAbq.exe
  2⤵
  PID:7920
- C:\Windows\System\aCjejuf.exe
  C:\Windows\System\aCjejuf.exe
  2⤵
  PID:7304
- C:\Windows\System\tSIAJEI.exe
  C:\Windows\System\tSIAJEI.exe
  2⤵
  PID:7624
- C:\Windows\System\RyBLeEz.exe
  C:\Windows\System\RyBLeEz.exe
  2⤵
  PID:7872
- C:\Windows\System\yrvhIKg.exe
  C:\Windows\System\yrvhIKg.exe
  2⤵
  PID:7984
- C:\Windows\System\PrhYskK.exe
  C:\Windows\System\PrhYskK.exe
  2⤵
  PID:7820
- C:\Windows\System\wWeCZMP.exe
  C:\Windows\System\wWeCZMP.exe
  2⤵
  PID:7748
- C:\Windows\System\eNEQAEv.exe
  C:\Windows\System\eNEQAEv.exe
  2⤵
  PID:7956
- C:\Windows\System\DYRkJWd.exe
  C:\Windows\System\DYRkJWd.exe
  2⤵
  PID:8132
- C:\Windows\System\ULEOjOh.exe
  C:\Windows\System\ULEOjOh.exe
  2⤵
  PID:7812
- C:\Windows\System\mrPhffc.exe
  C:\Windows\System\mrPhffc.exe
  2⤵
  PID:7536
- C:\Windows\System\oGqbEJx.exe
  C:\Windows\System\oGqbEJx.exe
  2⤵
  PID:7960
- C:\Windows\System\CGDFfMs.exe
  C:\Windows\System\CGDFfMs.exe
  2⤵
  PID:7460
- C:\Windows\System\BYYJEee.exe
  C:\Windows\System\BYYJEee.exe
  2⤵
  PID:8092
- C:\Windows\System\OdwldlO.exe
  C:\Windows\System\OdwldlO.exe
  2⤵
  PID:7456
- C:\Windows\System\vgEEKom.exe
  C:\Windows\System\vgEEKom.exe
  2⤵
  PID:7656
- C:\Windows\System\pAbmTrm.exe
  C:\Windows\System\pAbmTrm.exe
  2⤵
  PID:2760
- C:\Windows\System\HvgTQlf.exe
  C:\Windows\System\HvgTQlf.exe
  2⤵
  PID:8152
- C:\Windows\System\QEHGvoY.exe
  C:\Windows\System\QEHGvoY.exe
  2⤵
  PID:8208
- C:\Windows\System\bqSpnUj.exe
  C:\Windows\System\bqSpnUj.exe
  2⤵
  PID:8224
- C:\Windows\System\rBHKnCw.exe
  C:\Windows\System\rBHKnCw.exe
  2⤵
  PID:8240
- C:\Windows\System\EFuSYwr.exe
  C:\Windows\System\EFuSYwr.exe
  2⤵
  PID:8256
- C:\Windows\System\ASuLBTi.exe
  C:\Windows\System\ASuLBTi.exe
  2⤵
  PID:8272
- C:\Windows\System\ooSgKnc.exe
  C:\Windows\System\ooSgKnc.exe
  2⤵
  PID:8296
- C:\Windows\System\NtBqdyS.exe
  C:\Windows\System\NtBqdyS.exe
  2⤵
  PID:8312
- C:\Windows\System\aeiccQq.exe
  C:\Windows\System\aeiccQq.exe
  2⤵
  PID:8328
- C:\Windows\System\wvPFXNe.exe
  C:\Windows\System\wvPFXNe.exe
  2⤵
  PID:8344
- C:\Windows\System\ZHnxNGK.exe
  C:\Windows\System\ZHnxNGK.exe
  2⤵
  PID:8360
- C:\Windows\System\QICdxgZ.exe
  C:\Windows\System\QICdxgZ.exe
  2⤵
  PID:8384
- C:\Windows\System\pnBAhpx.exe
  C:\Windows\System\pnBAhpx.exe
  2⤵
  PID:8404
- C:\Windows\System\PFjOkWu.exe
  C:\Windows\System\PFjOkWu.exe
  2⤵
  PID:8420
- C:\Windows\System\RevgeXl.exe
  C:\Windows\System\RevgeXl.exe
  2⤵
  PID:8524
- C:\Windows\System\FIxtbGR.exe
  C:\Windows\System\FIxtbGR.exe
  2⤵
  PID:8540
- C:\Windows\System\SUPNIyX.exe
  C:\Windows\System\SUPNIyX.exe
  2⤵
  PID:8560
- C:\Windows\System\HYvOmpV.exe
  C:\Windows\System\HYvOmpV.exe
  2⤵
  PID:8580
- C:\Windows\System\iKFqkqX.exe
  C:\Windows\System\iKFqkqX.exe
  2⤵
  PID:8600
- C:\Windows\System\vZSwWcN.exe
  C:\Windows\System\vZSwWcN.exe
  2⤵
  PID:8700
- C:\Windows\System\SNzXnFT.exe
  C:\Windows\System\SNzXnFT.exe
  2⤵
  PID:8716
- C:\Windows\System\MhsITxp.exe
  C:\Windows\System\MhsITxp.exe
  2⤵
  PID:8740
- C:\Windows\System\PKrwCMc.exe
  C:\Windows\System\PKrwCMc.exe
  2⤵
  PID:8756
- C:\Windows\System\kQnQLuM.exe
  C:\Windows\System\kQnQLuM.exe
  2⤵
  PID:8772
- C:\Windows\System\CjYtkIU.exe
  C:\Windows\System\CjYtkIU.exe
  2⤵
  PID:8788
- C:\Windows\System\smfNcHZ.exe
  C:\Windows\System\smfNcHZ.exe
  2⤵
  PID:8804
- C:\Windows\System\WrZLzLW.exe
  C:\Windows\System\WrZLzLW.exe
  2⤵
  PID:8820
- C:\Windows\System\LQGKMiQ.exe
  C:\Windows\System\LQGKMiQ.exe
  2⤵
  PID:8836
- C:\Windows\System\WmBdxNT.exe
  C:\Windows\System\WmBdxNT.exe
  2⤵
  PID:8852
- C:\Windows\System\LkQlgTP.exe
  C:\Windows\System\LkQlgTP.exe
  2⤵
  PID:8868
- C:\Windows\System\kdDBfGG.exe
  C:\Windows\System\kdDBfGG.exe
  2⤵
  PID:8888
- C:\Windows\System\SronsMd.exe
  C:\Windows\System\SronsMd.exe
  2⤵
  PID:8908
- C:\Windows\System\BIsUryl.exe
  C:\Windows\System\BIsUryl.exe
  2⤵
  PID:8924
- C:\Windows\System\aUBoyPm.exe
  C:\Windows\System\aUBoyPm.exe
  2⤵
  PID:8940
- C:\Windows\System\ZxebSYO.exe
  C:\Windows\System\ZxebSYO.exe
  2⤵
  PID:8956
- C:\Windows\System\HGTexGg.exe
  C:\Windows\System\HGTexGg.exe
  2⤵
  PID:8972
- C:\Windows\System\VDSWxsL.exe
  C:\Windows\System\VDSWxsL.exe
  2⤵
  PID:8988
- C:\Windows\System\OHuIJVY.exe
  C:\Windows\System\OHuIJVY.exe
  2⤵
  PID:9004
- C:\Windows\System\xyikcPQ.exe
  C:\Windows\System\xyikcPQ.exe
  2⤵
  PID:9020
- C:\Windows\System\hUpCVYe.exe
  C:\Windows\System\hUpCVYe.exe
  2⤵
  PID:9036
- C:\Windows\System\OfKPojX.exe
  C:\Windows\System\OfKPojX.exe
  2⤵
  PID:9056
- C:\Windows\System\PhVPAAX.exe
  C:\Windows\System\PhVPAAX.exe
  2⤵
  PID:9072
- C:\Windows\System\PJCqoEZ.exe
  C:\Windows\System\PJCqoEZ.exe
  2⤵
  PID:9092
- C:\Windows\System\jUEZoZD.exe
  C:\Windows\System\jUEZoZD.exe
  2⤵
  PID:9108
- C:\Windows\System\KJGJmUz.exe
  C:\Windows\System\KJGJmUz.exe
  2⤵
  PID:9124
- C:\Windows\System\QGaYXUh.exe
  C:\Windows\System\QGaYXUh.exe
  2⤵
  PID:9140
- C:\Windows\System\zLNckYH.exe
  C:\Windows\System\zLNckYH.exe
  2⤵
  PID:9156
- C:\Windows\System\AXDcDfw.exe
  C:\Windows\System\AXDcDfw.exe
  2⤵
  PID:9172
- C:\Windows\System\WljdtzP.exe
  C:\Windows\System\WljdtzP.exe
  2⤵
  PID:9188
- C:\Windows\System\lASZlQS.exe
  C:\Windows\System\lASZlQS.exe
  2⤵
  PID:9204
- C:\Windows\System\bjPsrKL.exe
  C:\Windows\System\bjPsrKL.exe
  2⤵
  PID:7428
- C:\Windows\System\vmPGkWB.exe
  C:\Windows\System\vmPGkWB.exe
  2⤵
  PID:8112
- C:\Windows\System\OglROEA.exe
  C:\Windows\System\OglROEA.exe
  2⤵
  PID:7248
- C:\Windows\System\bikHYEq.exe
  C:\Windows\System\bikHYEq.exe
  2⤵
  PID:8264
- C:\Windows\System\rXIzUfM.exe
  C:\Windows\System\rXIzUfM.exe
  2⤵
  PID:8248
- C:\Windows\System\iCJYShd.exe
  C:\Windows\System\iCJYShd.exe
  2⤵
  PID:8292
- C:\Windows\System\WeSxHBA.exe
  C:\Windows\System\WeSxHBA.exe
  2⤵
  PID:8304
- C:\Windows\System\SLGYBTh.exe
  C:\Windows\System\SLGYBTh.exe
  2⤵
  PID:8356
- C:\Windows\System\XNrJijm.exe
  C:\Windows\System\XNrJijm.exe
  2⤵
  PID:8392
- C:\Windows\System\EElRVaJ.exe
  C:\Windows\System\EElRVaJ.exe
  2⤵
  PID:8380
- C:\Windows\System\plXwrUw.exe
  C:\Windows\System\plXwrUw.exe
  2⤵
  PID:8428
- C:\Windows\System\yxRmBZq.exe
  C:\Windows\System\yxRmBZq.exe
  2⤵
  PID:8444
- C:\Windows\System\XNfzVmX.exe
  C:\Windows\System\XNfzVmX.exe
  2⤵
  PID:8456
- C:\Windows\System\IPBhbLB.exe
  C:\Windows\System\IPBhbLB.exe
  2⤵
  PID:8480
- C:\Windows\System\ReZEtUg.exe
  C:\Windows\System\ReZEtUg.exe
  2⤵
  PID:8496
- C:\Windows\System\jxtescJ.exe
  C:\Windows\System\jxtescJ.exe
  2⤵
  PID:8532
- C:\Windows\System\UXbPvMS.exe
  C:\Windows\System\UXbPvMS.exe
  2⤵
  PID:8576
- C:\Windows\System\gLvIcMl.exe
  C:\Windows\System\gLvIcMl.exe
  2⤵
  PID:8548
- C:\Windows\System\YYnaAYC.exe
  C:\Windows\System\YYnaAYC.exe
  2⤵
  PID:8592
- C:\Windows\System\RpKwPQi.exe
  C:\Windows\System\RpKwPQi.exe
  2⤵
  PID:8624
- C:\Windows\System\aWztstF.exe
  C:\Windows\System\aWztstF.exe
  2⤵
  PID:8780
- C:\Windows\System\vKfykDY.exe
  C:\Windows\System\vKfykDY.exe
  2⤵
  PID:8628
- C:\Windows\System\yZxmnDP.exe
  C:\Windows\System\yZxmnDP.exe
  2⤵
  PID:8644
- C:\Windows\System\rMgbPBh.exe
  C:\Windows\System\rMgbPBh.exe
  2⤵
  PID:8660
- C:\Windows\System\yFhnVxQ.exe
  C:\Windows\System\yFhnVxQ.exe
  2⤵
  PID:8680
- C:\Windows\System\MpgIFJn.exe
  C:\Windows\System\MpgIFJn.exe
  2⤵
  PID:8684
- C:\Windows\System\iyZMOpx.exe
  C:\Windows\System\iyZMOpx.exe
  2⤵
  PID:8916
- C:\Windows\System\ofIWqCa.exe
  C:\Windows\System\ofIWqCa.exe
  2⤵
  PID:8980
- C:\Windows\System\VJyESZD.exe
  C:\Windows\System\VJyESZD.exe
  2⤵
  PID:8612
- C:\Windows\System\fncSPnT.exe
  C:\Windows\System\fncSPnT.exe
  2⤵
  PID:8984
- C:\Windows\System\zMnVwNj.exe
  C:\Windows\System\zMnVwNj.exe
  2⤵
  PID:8620
- C:\Windows\System\bQJxkco.exe
  C:\Windows\System\bQJxkco.exe
  2⤵
  PID:8800
- C:\Windows\System\AgJsGdn.exe
  C:\Windows\System\AgJsGdn.exe
  2⤵
  PID:9044
- C:\Windows\System\uhroqlE.exe
  C:\Windows\System\uhroqlE.exe
  2⤵
  PID:8900
- C:\Windows\System\dvzdCWl.exe
  C:\Windows\System\dvzdCWl.exe
  2⤵
  PID:8964
- C:\Windows\System\AHXohhB.exe
  C:\Windows\System\AHXohhB.exe
  2⤵
  PID:9028
- C:\Windows\System\RlGtwNd.exe
  C:\Windows\System\RlGtwNd.exe
  2⤵
  PID:9100
- C:\Windows\System\hxcnSdB.exe
  C:\Windows\System\hxcnSdB.exe
  2⤵
  PID:9200
- C:\Windows\System\zdngTwe.exe
  C:\Windows\System\zdngTwe.exe
  2⤵
  PID:7972
- C:\Windows\System\HacgZgI.exe
  C:\Windows\System\HacgZgI.exe
  2⤵
  PID:8436
- C:\Windows\System\TBHvgNR.exe
  C:\Windows\System\TBHvgNR.exe
  2⤵
  PID:8492
- C:\Windows\System\CjPskDt.exe
  C:\Windows\System\CjPskDt.exe
  2⤵
  PID:8460
- C:\Windows\System\ENYfDXy.exe
  C:\Windows\System\ENYfDXy.exe
  2⤵
  PID:8708
- C:\Windows\System\GJLPhoW.exe
  C:\Windows\System\GJLPhoW.exe
  2⤵
  PID:8452
- C:\Windows\System\mpHweYZ.exe
  C:\Windows\System\mpHweYZ.exe
  2⤵
  PID:8440
- C:\Windows\System\puMgBeL.exe
  C:\Windows\System\puMgBeL.exe
  2⤵
  PID:8696
- C:\Windows\System\TVwqZYu.exe
  C:\Windows\System\TVwqZYu.exe
  2⤵
  PID:9016
- C:\Windows\System\OiKLclH.exe
  C:\Windows\System\OiKLclH.exe
  2⤵
  PID:9068
- C:\Windows\System\teJKftQ.exe
  C:\Windows\System\teJKftQ.exe
  2⤵
  PID:8948
- C:\Windows\System\GAYXJIU.exe
  C:\Windows\System\GAYXJIU.exe
  2⤵
  PID:8952
- C:\Windows\System\BadjpNC.exe
  C:\Windows\System\BadjpNC.exe
  2⤵
  PID:8864
- C:\Windows\System\dYylBSZ.exe
  C:\Windows\System\dYylBSZ.exe
  2⤵
  PID:9052
- C:\Windows\System\fVHfIvm.exe
  C:\Windows\System\fVHfIvm.exe
  2⤵
  PID:9184
- C:\Windows\System\MTLRuwI.exe
  C:\Windows\System\MTLRuwI.exe
  2⤵
  PID:9120
- C:\Windows\System\xOHyaLi.exe
  C:\Windows\System\xOHyaLi.exe
  2⤵
  PID:8200
- C:\Windows\System\YizqskA.exe
  C:\Windows\System\YizqskA.exe
  2⤵
  PID:9196
- C:\Windows\System\ChwDDLJ.exe
  C:\Windows\System\ChwDDLJ.exe
  2⤵
  PID:8280
- C:\Windows\System\TXClFgB.exe
  C:\Windows\System\TXClFgB.exe
  2⤵
  PID:8284
- C:\Windows\System\FjWtOnp.exe
  C:\Windows\System\FjWtOnp.exe
  2⤵
  PID:8336
- C:\Windows\System\kIOyyyk.exe
  C:\Windows\System\kIOyyyk.exe
  2⤵
  PID:8572
- C:\Windows\System\qCpswXK.exe
  C:\Windows\System\qCpswXK.exe
  2⤵
  PID:8588
- C:\Windows\System\CWNynqh.exe
  C:\Windows\System\CWNynqh.exe
  2⤵
  PID:8816
- C:\Windows\System\QjiDjRv.exe
  C:\Windows\System\QjiDjRv.exe
  2⤵
  PID:8736
- C:\Windows\System\iSYKkBt.exe
  C:\Windows\System\iSYKkBt.exe
  2⤵
  PID:8832
- C:\Windows\System\NNWqdXr.exe
  C:\Windows\System\NNWqdXr.exe
  2⤵
  PID:8768
- C:\Windows\System\ZRSzPoq.exe
  C:\Windows\System\ZRSzPoq.exe
  2⤵
  PID:7560
- C:\Windows\System\tDHsqft.exe
  C:\Windows\System\tDHsqft.exe
  2⤵
  PID:8488
- C:\Windows\System\psTvAfT.exe
  C:\Windows\System\psTvAfT.exe
  2⤵
  PID:8668
- C:\Windows\System\ZwHeMzd.exe
  C:\Windows\System\ZwHeMzd.exe
  2⤵
  PID:8876
- C:\Windows\System\VpKtUUb.exe
  C:\Windows\System\VpKtUUb.exe
  2⤵
  PID:9148
- C:\Windows\System\FAmYayE.exe
  C:\Windows\System\FAmYayE.exe
  2⤵
  PID:7708
- C:\Windows\System\oewcSJv.exe
  C:\Windows\System\oewcSJv.exe
  2⤵
  PID:1632
- C:\Windows\System\NNoIldO.exe
  C:\Windows\System\NNoIldO.exe
  2⤵
  PID:9132
- C:\Windows\System\IllBXhK.exe
  C:\Windows\System\IllBXhK.exe
  2⤵
  PID:8372
- C:\Windows\System\kXqqEel.exe
  C:\Windows\System\kXqqEel.exe
  2⤵
  PID:9164
- C:\Windows\System\ZPTIzYk.exe
  C:\Windows\System\ZPTIzYk.exe
  2⤵
  PID:9224
- C:\Windows\System\gZkDMcl.exe
  C:\Windows\System\gZkDMcl.exe
  2⤵
  PID:9240
- C:\Windows\System\bbbbRmP.exe
  C:\Windows\System\bbbbRmP.exe
  2⤵
  PID:9256
- C:\Windows\System\oENMoUe.exe
  C:\Windows\System\oENMoUe.exe
  2⤵
  PID:9272
- C:\Windows\System\zQsTfaX.exe
  C:\Windows\System\zQsTfaX.exe
  2⤵
  PID:9288
- C:\Windows\System\xMkztyw.exe
  C:\Windows\System\xMkztyw.exe
  2⤵
  PID:9304
- C:\Windows\System\aVluZLH.exe
  C:\Windows\System\aVluZLH.exe
  2⤵
  PID:9320
- C:\Windows\System\gXhhNaj.exe
  C:\Windows\System\gXhhNaj.exe
  2⤵
  PID:9336
- C:\Windows\System\JgioVQR.exe
  C:\Windows\System\JgioVQR.exe
  2⤵
  PID:9352
- C:\Windows\System\JLGHiLz.exe
  C:\Windows\System\JLGHiLz.exe
  2⤵
  PID:9368
- C:\Windows\System\MvlsISz.exe
  C:\Windows\System\MvlsISz.exe
  2⤵
  PID:9384
- C:\Windows\System\kYPpWjN.exe
  C:\Windows\System\kYPpWjN.exe
  2⤵
  PID:9400
- C:\Windows\System\HfreTqd.exe
  C:\Windows\System\HfreTqd.exe
  2⤵
  PID:9416
- C:\Windows\System\GLsnrYW.exe
  C:\Windows\System\GLsnrYW.exe
  2⤵
  PID:9432
- C:\Windows\System\hyNSNqB.exe
  C:\Windows\System\hyNSNqB.exe
  2⤵
  PID:9448
- C:\Windows\System\LHhSNPz.exe
  C:\Windows\System\LHhSNPz.exe
  2⤵
  PID:9468
- C:\Windows\System\NeGcVop.exe
  C:\Windows\System\NeGcVop.exe
  2⤵
  PID:9484
- C:\Windows\System\ToDhSlB.exe
  C:\Windows\System\ToDhSlB.exe
  2⤵
  PID:9500
- C:\Windows\System\YONJwwH.exe
  C:\Windows\System\YONJwwH.exe
  2⤵
  PID:9516
- C:\Windows\System\hAVCPNU.exe
  C:\Windows\System\hAVCPNU.exe
  2⤵
  PID:9532
- C:\Windows\System\hbWsmAf.exe
  C:\Windows\System\hbWsmAf.exe
  2⤵
  PID:9548
- C:\Windows\System\mXvXNLa.exe
  C:\Windows\System\mXvXNLa.exe
  2⤵
  PID:9568
- C:\Windows\System\PnDKlLk.exe
  C:\Windows\System\PnDKlLk.exe
  2⤵
  PID:9588
- C:\Windows\System\YTKVXyl.exe
  C:\Windows\System\YTKVXyl.exe
  2⤵
  PID:9604
- C:\Windows\System\dfqHkEH.exe
  C:\Windows\System\dfqHkEH.exe
  2⤵
  PID:9620
- C:\Windows\System\ErsiusW.exe
  C:\Windows\System\ErsiusW.exe
  2⤵
  PID:9636
- C:\Windows\System\GylbrHl.exe
  C:\Windows\System\GylbrHl.exe
  2⤵
  PID:9652
- C:\Windows\System\taBPXKv.exe
  C:\Windows\System\taBPXKv.exe
  2⤵
  PID:9668
- C:\Windows\System\QMLXyCk.exe
  C:\Windows\System\QMLXyCk.exe
  2⤵
  PID:9684
- C:\Windows\System\vYAqefS.exe
  C:\Windows\System\vYAqefS.exe
  2⤵
  PID:9700
- C:\Windows\System\jlWnvEn.exe
  C:\Windows\System\jlWnvEn.exe
  2⤵
  PID:9716
- C:\Windows\System\dqIAuEV.exe
  C:\Windows\System\dqIAuEV.exe
  2⤵
  PID:9732
- C:\Windows\System\azzTcwz.exe
  C:\Windows\System\azzTcwz.exe
  2⤵
  PID:9752
- C:\Windows\System\GdFspvC.exe
  C:\Windows\System\GdFspvC.exe
  2⤵
  PID:9828
- C:\Windows\System\rzUObWQ.exe
  C:\Windows\System\rzUObWQ.exe
  2⤵
  PID:10228
- C:\Windows\System\PMbJDuk.exe
  C:\Windows\System\PMbJDuk.exe
  2⤵
  PID:8656
- C:\Windows\System\HzRuhqq.exe
  C:\Windows\System\HzRuhqq.exe
  2⤵
  PID:9180
- C:\Windows\System\KgIzNlZ.exe
  C:\Windows\System\KgIzNlZ.exe
  2⤵
  PID:9300
- C:\Windows\System\zRjymPA.exe
  C:\Windows\System\zRjymPA.exe
  2⤵
  PID:9220
- C:\Windows\System\xPJzEhW.exe
  C:\Windows\System\xPJzEhW.exe
  2⤵
  PID:8748
- C:\Windows\System\fKPUvFJ.exe
  C:\Windows\System\fKPUvFJ.exe
  2⤵
  PID:9332
- C:\Windows\System\IvdTkcp.exe
  C:\Windows\System\IvdTkcp.exe
  2⤵
  PID:8376
- C:\Windows\System\Tzlexnh.exe
  C:\Windows\System\Tzlexnh.exe
  2⤵
  PID:9376
- C:\Windows\System\qcyQlrG.exe
  C:\Windows\System\qcyQlrG.exe
  2⤵
  PID:9440
- C:\Windows\System\zRAQsqq.exe
  C:\Windows\System\zRAQsqq.exe
  2⤵
  PID:9392
- C:\Windows\System\YerGAFI.exe
  C:\Windows\System\YerGAFI.exe
  2⤵
  PID:9460
- C:\Windows\System\KNiqLfg.exe
  C:\Windows\System\KNiqLfg.exe
  2⤵
  PID:9544
- C:\Windows\System\gubCEpt.exe
  C:\Windows\System\gubCEpt.exe
  2⤵
  PID:9612
- C:\Windows\System\VAWtaSy.exe
  C:\Windows\System\VAWtaSy.exe
  2⤵
  PID:9644
- C:\Windows\System\aQvJggP.exe
  C:\Windows\System\aQvJggP.exe
  2⤵
  PID:9556
- C:\Windows\System\TSELRpF.exe
  C:\Windows\System\TSELRpF.exe
  2⤵
  PID:9628
- C:\Windows\System\XogiZXI.exe
  C:\Windows\System\XogiZXI.exe
  2⤵
  PID:9692
- C:\Windows\System\YHzrobp.exe
  C:\Windows\System\YHzrobp.exe
  2⤵
  PID:9712
- C:\Windows\System\moizRnQ.exe
  C:\Windows\System\moizRnQ.exe
  2⤵
  PID:9728
- C:\Windows\System\gjnAbzQ.exe
  C:\Windows\System\gjnAbzQ.exe
  2⤵
  PID:9764
- C:\Windows\System\TPxpApE.exe
  C:\Windows\System\TPxpApE.exe
  2⤵
  PID:9776
- C:\Windows\System\PSPwrCq.exe
  C:\Windows\System\PSPwrCq.exe
  2⤵
  PID:9796
- C:\Windows\System\lkMtbMW.exe
  C:\Windows\System\lkMtbMW.exe
  2⤵
  PID:9816
- C:\Windows\System\cdcNjaL.exe
  C:\Windows\System\cdcNjaL.exe
  2⤵
  PID:9836
- C:\Windows\System\KJMANYQ.exe
  C:\Windows\System\KJMANYQ.exe
  2⤵
  PID:9852
- C:\Windows\System\DcAjeAR.exe
  C:\Windows\System\DcAjeAR.exe
  2⤵
  PID:9864
- C:\Windows\System\zaKCaqY.exe
  C:\Windows\System\zaKCaqY.exe
  2⤵
  PID:9880
- C:\Windows\System\eJbJoBc.exe
  C:\Windows\System\eJbJoBc.exe
  2⤵
  PID:9896
- C:\Windows\System\mauiOnV.exe
  C:\Windows\System\mauiOnV.exe
  2⤵
  PID:9912
- C:\Windows\System\BONRTCU.exe
  C:\Windows\System\BONRTCU.exe
  2⤵
  PID:9928
- C:\Windows\System\asEyPEv.exe
  C:\Windows\System\asEyPEv.exe
  2⤵
  PID:9940
- C:\Windows\System\mwKiIwD.exe
  C:\Windows\System\mwKiIwD.exe
  2⤵
  PID:9968
- C:\Windows\System\VpnNIBk.exe
  C:\Windows\System\VpnNIBk.exe
  2⤵
  PID:9980
- C:\Windows\System\ZHXMmEa.exe
  C:\Windows\System\ZHXMmEa.exe
  2⤵
  PID:9992
- C:\Windows\System\NXuZkAo.exe
  C:\Windows\System\NXuZkAo.exe
  2⤵
  PID:10020
- C:\Windows\System\CRqIlHN.exe
  C:\Windows\System\CRqIlHN.exe
  2⤵
  PID:10072
- C:\Windows\System\sdvupgL.exe
  C:\Windows\System\sdvupgL.exe
  2⤵
  PID:10076
- C:\Windows\System\RhnimDy.exe
  C:\Windows\System\RhnimDy.exe
  2⤵
  PID:10108
- C:\Windows\System\HHgUHDu.exe
  C:\Windows\System\HHgUHDu.exe
  2⤵
  PID:9236
- C:\Windows\System\pOwFSBC.exe
  C:\Windows\System\pOwFSBC.exe
  2⤵
  PID:8232
- C:\Windows\System\DJPXsor.exe
  C:\Windows\System\DJPXsor.exe
  2⤵
  PID:9248
- C:\Windows\System\ditsjIp.exe
  C:\Windows\System\ditsjIp.exe
  2⤵
  PID:8652
- C:\Windows\System\uiHNWWu.exe
  C:\Windows\System\uiHNWWu.exe
  2⤵
  PID:9252
- C:\Windows\System\AiYkIkc.exe
  C:\Windows\System\AiYkIkc.exe
  2⤵
  PID:9584
- C:\Windows\System\kIWnasB.exe
  C:\Windows\System\kIWnasB.exe
  2⤵
  PID:9664
- C:\Windows\System\hSpJOum.exe
  C:\Windows\System\hSpJOum.exe
  2⤵
  PID:9772
- C:\Windows\System\mKyVSyo.exe
  C:\Windows\System\mKyVSyo.exe
  2⤵
  PID:9844
- C:\Windows\System\GWOyTYC.exe
  C:\Windows\System\GWOyTYC.exe
  2⤵
  PID:9904
- C:\Windows\System\qLanXXp.exe
  C:\Windows\System\qLanXXp.exe
  2⤵
  PID:9508
- C:\Windows\System\AKpLnob.exe
  C:\Windows\System\AKpLnob.exe
  2⤵
  PID:9524
- C:\Windows\System\rnZBhhr.exe
  C:\Windows\System\rnZBhhr.exe
  2⤵
  PID:9680
- C:\Windows\System\pkNzEGQ.exe
  C:\Windows\System\pkNzEGQ.exe
  2⤵
  PID:9976
- C:\Windows\System\CvzXemY.exe
  C:\Windows\System\CvzXemY.exe
  2⤵
  PID:10060
- C:\Windows\System\RQOnNqM.exe
  C:\Windows\System\RQOnNqM.exe
  2⤵
  PID:8640
- C:\Windows\System\YRdEvUM.exe
  C:\Windows\System\YRdEvUM.exe
  2⤵
  PID:9952
- C:\Windows\System\DZbyxRD.exe
  C:\Windows\System\DZbyxRD.exe
  2⤵
  PID:9964
- C:\Windows\System\oXVnWkq.exe
  C:\Windows\System\oXVnWkq.exe
  2⤵
  PID:10024
- C:\Windows\System\miRLiNR.exe
  C:\Windows\System\miRLiNR.exe
  2⤵
  PID:10044
- C:\Windows\System\jfCfBcC.exe
  C:\Windows\System\jfCfBcC.exe
  2⤵
  PID:10092
- C:\Windows\System\xToZrbt.exe
  C:\Windows\System\xToZrbt.exe
  2⤵
  PID:10176
- C:\Windows\System\pfsTvNJ.exe
  C:\Windows\System\pfsTvNJ.exe
  2⤵
  PID:10196
- C:\Windows\System\ZiUNsIn.exe
  C:\Windows\System\ZiUNsIn.exe
  2⤵
  PID:10216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AExnNOU.exe

Filesize
6.0MB

MD5
3787ea983336d5a7b9ccfd975d6eab8b

SHA1
316b2b1709b9e01a191663d685cdf94dc0381127

SHA256
2a83c3efe6d4af846e8dd87dbd90ac5c61df6dea89a0335362d02bda02d76172

SHA512
8565611b99885f82f199a6d716c2569f69ecba4f74bf74150b59fd786186514bd8157981aff96432586654a097abcd4895117594a55ec8e68905a76273543f57

Download Submit
C:\Windows\system\CtZiRwh.exe

Filesize
6.0MB

MD5
2d21579fe70b316d0524721d83f2b99e

SHA1
4d4ee5fa92de08152cf8216b8ad0d752490341aa

SHA256
960c584f6fa1f048c6fd907b76783687369a15e81ad6e4ef258545b48b5b5f04

SHA512
332157525e9b3f092e0005391cba85ca7dc858421761075ced558fee3290085fc017bf0d3ec364e835b5610eacc4f00d66c401c403aa83dd65057846fc553db1

Download Submit
C:\Windows\system\EvuoHvl.exe

Filesize
6.0MB

MD5
ca0b20777c30809a09e0231285ce6dad

SHA1
bf600b7419863f656ce0d23caf865f0dcf599c93

SHA256
209183e3a08f6f9bfe3053dae21656596978910dcc0bc7f9328ae8fa7591f369

SHA512
64f44a300f657248943689618c57a502927ecb2739828901a9d159294edef0378a7a9ede7ef9297943dd7fae4e82ade6ca87b9b7529502171df96b6f609f1cb9

Download Submit
C:\Windows\system\FSAAZKe.exe

Filesize
6.0MB

MD5
1778f0d9e60756028e0782c8d5f0d0a5

SHA1
9543dfa63ef3dfcc644d3f15961759e12b1c6be2

SHA256
572ae1f07b93a347b0ae577b7626954fe05862f406e863fc21f21a64581644e3

SHA512
4dcc4610d36c163a8f82b46205313103dba2bfcfa49353b80fadba03478fb87ee1e1456687b276114928f65c7032b2675655c1867974b3fc25fb31baac3ecffd

Download Submit
C:\Windows\system\IwJGNUo.exe

Filesize
6.0MB

MD5
211962032f2278a979cc8f06c16ec1c9

SHA1
3ed0cd2a5895875f044e2465d59dcf470c7c631a

SHA256
9e18c0d10757ccd3056d6524b806056ac84849c09b568cb0a9aad9402b4d88ee

SHA512
b38edf9b76e63db45636833170bf85918f32d90224234da19d31653a284377e58fbc07adcb4b0a56921d2caa608c33d13079f9f894e983c89ac8cae0f3208ab4

Download Submit
C:\Windows\system\KWqOqtA.exe

Filesize
6.0MB

MD5
942628220b919714df151e9525378220

SHA1
6961422458eb336bf013b1ca9a3ab7504c40dfa5

SHA256
982f90e93d15dbd67e431cac9c008ae159c42729462e2fdbf2d4010319f62991

SHA512
6b6d39fe274e929d08f724c4bd4460d8dd366c6668b11f0f6352fdb8605d78d059d87200bc260d8e27a350e837ad5bb2c1b63baefe5b085722fb8a75e402249e

Download Submit
C:\Windows\system\KwpzWpR.exe

Filesize
6.0MB

MD5
fcf5b89e7f0d6abad12a0bba2a560dcb

SHA1
d485cb45109b8a3a0e145b1259995d796c8c41fb

SHA256
9c8dbbaa47dc6faf432174330c3ca3dd5d82020e5f754d045b45bcd86748425d

SHA512
ee45010788460ec1bd786a526e84ee3a0296c32f6e7b1b264fff78a2c154388d82c636c33d922f989593b1782c8173865bf459d2f3d10d5c57654f120f23c7c5

Download Submit
C:\Windows\system\LJIlIvo.exe

Filesize
6.0MB

MD5
1fa430e1d5e917860f29cf933b6b7622

SHA1
b9a66bec4d25f383851edcf39641390df3ed8251

SHA256
12872df917442f1166380f077d689630d751edc68016bc5c710a46eac479cea8

SHA512
af18cff7368ed87fb7dc6d5d93f92c9494cf8f08da985f825fe6f0325c48f4b15f25f6bd770df0709d81fb576fb61633c6c3f9a7ea70b51753ec0170ee795e4c

Download Submit
C:\Windows\system\NKGRyDC.exe

Filesize
6.0MB

MD5
ac54d052f46c34e75a9d41cf93437179

SHA1
44fbad78fae1cbd46f2e23e4214289afb164a7e3

SHA256
b3f8e4ea528fc4c8272542708940187af7a50b0be8fd4991c0ee82c1142dac52

SHA512
650288367e30ea04f862ee4fd56be999f0ce5e3511c7d60c37627d4aac7c62368c8f0ad16e903d08527c4ca049ae2798c411e058570aae9bade0dca6be13fd1f

Download Submit
C:\Windows\system\PDruNEm.exe

Filesize
6.0MB

MD5
b01ff4d6ecf50ef4db28f968f6cf0c1b

SHA1
4b4768d47eafed3fc19228d1805a37b4c1be7dab

SHA256
5b10f57378ea4438ccf0af32068b08662aa2ecbb458fd9c603a1337115ac28d3

SHA512
49f30cb9c8dabdc6fff819a014a00341e918d566ded40a36683cfcb7341999385a95fadc12162f79c55c4320f94fdd5f9f5fb02c72e42b4eb0f9e0a7a3eec884

Download Submit
C:\Windows\system\SnPgcfT.exe

Filesize
6.0MB

MD5
f9382a51161bfc13ed509a25a5db3981

SHA1
69b48bd21404dd082f543d122415ed398076f6f9

SHA256
06f1664088893e965955d1887ce1e454a4d0ec6bda4db86c44a4694cb5340f42

SHA512
43f56e9b4b58ccc709a1382ac82ce3622aa9516ae3646585475ae0ba240bd1207b1b49103f76dbcbc78a34b245852fd208a0f4f6a2c2abd07e86763eb9defa8e

Download Submit
C:\Windows\system\UkYhtkX.exe

Filesize
6.0MB

MD5
6085e0da350051018d7b121627fca02a

SHA1
754857ec861675c4e7509b36af6a7b0f5448f528

SHA256
67a64ce7b619b83a258c2f5fce5a89181246227ae02f0e5acea6f97ba2548787

SHA512
3ec8a4b12f76a0155812d96664b224b3e2b7aa47c62adee33effdba8b8779e40a7975dd7b5b69c9d6f5c3ee5f434081b827a7ed22731bedce3d4f20ef6b27344

Download Submit
C:\Windows\system\YnxhFRU.exe

Filesize
6.0MB

MD5
3cf9a77f22c4daf404f47b8d59cd8602

SHA1
455eb11e5680e57cb872a31483c871648eb716de

SHA256
b55c8d1e5b333aa0c1d6fe9c4961995b00c4d6b8bfb44aaa6115c04483689546

SHA512
8c8c88881aec8ebb78021dac454306ded5fb0dfb27f8e299b0f4dbd485d12f0aafb7206a9f974f8e35ed8177624f95ad2a09f60772a65320e33b0999c4f57639

Download Submit
C:\Windows\system\ZSiIGSm.exe

Filesize
6.0MB

MD5
c1c103e088815b723e1c1d094e3995a6

SHA1
3ed10a3d48985dfe9dc5fbb8e39231329fabc122

SHA256
66edc8c84c63919eecd26806a6016d38575e35b26d7893725370884f5fb96e71

SHA512
179105dd6683add24fdc9e3333865ad737b55f3e1bfbbb39be805613c92d65dcdba95a6dacb933711a7a7b384d79e4c0a70dbfda19bcd1a236d5334eaf0a93a0

Download Submit
C:\Windows\system\bVnfuLU.exe

Filesize
6.0MB

MD5
31d68f5c21044879e0e0c79cfe2a9b06

SHA1
a128c9736542dffca422ae37b5cc8706243bf721

SHA256
6f0c736a53a7fee80a9f568ce0162c8318be0ebdd3cc9f9208f2dd8b3ea0c395

SHA512
3e67e4614555f0f7df9c596a524d582cfbf9264faed55ef0b13a4156f673c4a4286b1cd7e86310c859211e0e9e9a0596cda7a9161fac9c0bcfc12db34bca7bec

Download Submit
C:\Windows\system\cdwuwDh.exe

Filesize
6.0MB

MD5
bf972b2203f52664906cc796f5d30944

SHA1
2861759eac87d7895f1120f634e5b9af04d60b16

SHA256
cca24eae5a8d91b1efeca152255ae7179076a262c0af352bf42c9aa305cb6a91

SHA512
a22ffd523aa80bfc9895c4af3dafb65d4b62d1856716a84ee536b48713f8b28e3464adb3a639f18670da704396379b164ab21d3b9653df1764f2fd761e285d64

Download Submit
C:\Windows\system\dJGUVsV.exe

Filesize
6.0MB

MD5
03dd3b956a75de3c8130edb803b32198

SHA1
8cabc26e37751745a35b38307f3f0aa83abb4bf2

SHA256
1aac74bd3c2dd68bd8ea4ab811f2afeeee66f2dc10af6820e48bd3bfa55602f1

SHA512
d27a8bf2fe9c696b55d7461eb1c41045e972fa71bdeddcd7f35bee5125eac1466a2b4111165ca275822c0a364b96b3f98237752536220652daef4cef41807ea9

Download Submit
C:\Windows\system\dcJhPjq.exe

Filesize
6.0MB

MD5
440ad5f00da5f66f11aa2cc6e36c9f67

SHA1
7190e7f413278a28c34ff77f8489b8b8234f777b

SHA256
db2a81689236aa153954e635811f62a8c91a118ac5a0d0df3a3e9a90b05b657b

SHA512
f7dfcec639b6824145ebb0fed7f40008fec29178b1dab789032793f256fec323f9ca74343b99c785492b9db7bd4a699c054fbc31c64c0b8921d65bd6605d47ea

Download Submit
C:\Windows\system\ecNpShi.exe

Filesize
6.0MB

MD5
9b32e28a699ccc0f675f958f66bba85c

SHA1
19e8f36709d722ff5f6780b8cca0a888a72d91ca

SHA256
64d7f2a374dc0eb472fc5fdb5b6a537510d25574f5646712c242df5d9539d94a

SHA512
3f97250d41caf4e9b253f0bb4b4cc33534bfe1f7fd789e8b78defcb3cc9ba43f2d8a0698f63df92fdd780a9cd7abf835b8b6ce899d4c81b34e28603f333b2752

Download Submit
C:\Windows\system\hsbefLz.exe

Filesize
6.0MB

MD5
1fb38404da237880d24621b7637bd906

SHA1
04923536e5f7e211208f918389bfc071995723d5

SHA256
43156b46443096dc098c112b3e390c114c645d755365a78a0f9a8c3f0f51e80f

SHA512
3c7c037ae0b5fb5e41558a730c3599f6bc856e050cd971109cce7275f7beba9e8cb50d5c3d9a5f673eb57fe14d36822824f3e8d160d3c45aa6d3595e089f5630

Download Submit
C:\Windows\system\kNEGtDb.exe

Filesize
6.0MB

MD5
294ceebc16a97573387122e06ec6a0a8

SHA1
37c22b5020f433f0d7451ab8f4e95faeb13e3716

SHA256
1ff0318538be44b365efdca03f806e2b152eedb8464ff859cbbfa8f5c97958dd

SHA512
2adb51089455175d3a3141b2a4b85542fb96b1d73f85bff6081a9b4be8c0dec4ed967572c2b980e3ccd0aa65b130c776bea2ec3c2c05a9bffc13180ad2e741ff

Download Submit
C:\Windows\system\kmehIfQ.exe

Filesize
6.0MB

MD5
f79bb8a9106061bf0bbc7c338d218ebf

SHA1
648fafcaebe4ace86a39cfc1445ab2b6af7a8788

SHA256
c4ce010e5c7974820b3a79550ff4a4b4aa2a3bd77e261a275cb0af780de7f8fb

SHA512
f9c07bc7aa49f7c5fe9ed55cbb7839da8f28974af56aea38bae955cdb15754d46fe58a174010c263ffbec027006c2221f9032dd48bcd5a2a10c28c716f955590

Download Submit
C:\Windows\system\mkQVCWa.exe

Filesize
6.0MB

MD5
3562cd7186d87c4ce81c535d87415bbf

SHA1
46def54c1ba64dc2d9e008cf1bc6900498daeaf7

SHA256
8efb8514b318293fd9556ea31ea7a228dad0a601ac95e4ba83c454dbd863b7f1

SHA512
8150e9956f9b34ca7a6d71d41fd3d22cacbfb2ca8c616dea43f6d788b5cb16ccd48f4a739bf57d93385af81dc554eb93b76df1c51e331f76de67a2e209260068

Download Submit
C:\Windows\system\oGfAJNi.exe

Filesize
6.0MB

MD5
0e44833ec8d1129eb47d2537d5e41487

SHA1
4dc42453eb3b38ab0d16536a0d6120d7b56b30f0

SHA256
6d3a1f5e286bf7c949dec657f8df3ccdc165ab518b9c19257b0dd4b4653cbec4

SHA512
4c569f24d5c253806274ad5dd8e56e5b820a2e548e482624005aa7b0eb020ef55406b4460682860ef26bdd02b6752a1cbd39c556ddf5cfc73f7384ac5c9eea27

Download Submit
C:\Windows\system\oLOsIjC.exe

Filesize
6.0MB

MD5
935a9173c9a6d4d291dec0a4d5a74a0b

SHA1
a5a3b28a45c7d1a9705c9f7498283d95af760355

SHA256
3114a147929d3872d1241d8525cc928bb22efda8ab1f0d3e1aa9ff1156e488c7

SHA512
05484ca5358ef1e23a62adc4048eabb746457f8473cb39cf4f7afc5c66dde25d4dbb9bf56ad72f78b4bb5456fea95940bfccd18c3d535788c2c9a7e712dc4193

Download Submit
C:\Windows\system\uaupstM.exe

Filesize
6.0MB

MD5
d01e53ade9dc581a3c6dab897eefbe42

SHA1
1522501e9675ced6d416915fbf53ac123c2cc551

SHA256
35daac34958f85c13183a85878fd39a5a1bdeb4b9edf6474be64d4a2e43a8c7c

SHA512
a18d1e4c8483b624f1b13e1e69605bf4ef307090c6e61b477b05649e7286a4cda55a2653af244bbd0e65d0ee9392dabef6219c1fada799802859c54e80d0fbbc

Download Submit
C:\Windows\system\vdYjail.exe

Filesize
6.0MB

MD5
c7d8fcf2a7509fa87f05d8e35e9f1cd2

SHA1
bdf2506c0acd85553b8463305cc5bea0113bb50c

SHA256
c55025dcfa7be467caf6066fbd582087a57619fb89580ea9ca75051b8fe09b3f

SHA512
48b908c8005a452dcfb15cba95d1701e5404eb93dfe25921e042203f0d0aa3ca4c4e0bd4fdd0ce02884d18527d37ce994f0c03e7bb581cd20b458304e18c131a

Download Submit
C:\Windows\system\zkRTjnM.exe

Filesize
6.0MB

MD5
ecd1d7086799493b380ed83ed7893944

SHA1
8af8b8e31aa2d395355421552c3dea73bbdc233d

SHA256
bf28f97dcc801cf0092d3b839a742feecf54222118edea6a208541ad89893fe7

SHA512
d81f759fa3c89971d831b956f82ba79c32b429c85cdf0fe5195f2ae6b562799065b78849c3ab2610634bb68e7e2a6591033b1fa1d57b36ec267d73d7f1309c6c

Download Submit
\Windows\system\CrSjvOO.exe

Filesize
6.0MB

MD5
bcf5ff5d4ca637a636d042d838828cc2

SHA1
21047294cc21217e8a163adf50c89ac4b53859f8

SHA256
ab67104a86a006fb06e1c886582bb95b7fa42d05c589c7ada7faec1cf189255a

SHA512
86ea0154fba4e7c4499f0a76b0a99210b5b4df125b7034a43973865c109d9e137c135ca79513ae94bf56dce1fd8986080add55f9194796c73a4f009912fd8e69

Download Submit
\Windows\system\JPxugHo.exe

Filesize
6.0MB

MD5
a66b26a7afa139f625e5eb0c8c621ad6

SHA1
dd08db3b2ae264357e6fe9b69f99b70137056b3d

SHA256
e4ffe6aeea2807e6caac6c4fe2eb4094a88b075472b17a7184f9b26642db0be9

SHA512
8452542308147b315b47a5c569919155585a44b8f3b39cdb5aad33d5c1dad35d721b980583f72614220987894e2df08d5b9f55dd5cf81e51e705c57d0d200948

Download Submit
\Windows\system\tDkeGfh.exe

Filesize
6.0MB

MD5
aa898e5ac71bc1b9a50e382bc239428d

SHA1
aaf7bec36a20c170bf6f438d8ee680e071300734

SHA256
c4c261db9a4e3608948edc72062b4326c15b446308c39f1c4f1cb701135854ca

SHA512
1ef1ad925fe2597c4c28ac7cd975d1c4a3756dabaa6403f3f412ca66bc9a8e283f47108395eb7ebd551e196e43f36eef112543f58b4220c093c7a5030ecc72ab

Download Submit
\Windows\system\zKICxwr.exe

Filesize
6.0MB

MD5
8b19f440792cd294003534bb2209e5c0

SHA1
5ad623b115e3fdd13812f24312da1d5fb0d172bd

SHA256
24ca97e61866b3193d9d57ff9ac86d0070c0752070f20cc397b94d53d7fce9df

SHA512
e1a28661618e5fa59f88440eaaf45f5aa248806e6e88d0ede43dbbf1979a3fa93f160bdf634dc2b6f570de6f69afbe363ae0500ca4a317a0ba8d2673aeddbfba

Download Submit
memory/408-2977-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/408-69-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/592-95-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/592-705-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/592-2976-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/1996-81-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-2982-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1996-522-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-704-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2076-99-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2076-389-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-51-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2076-88-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2076-219-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2076-102-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2076-521-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2076-585-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2076-0-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2076-26-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2076-74-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-50-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2076-33-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2076-68-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2076-19-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-9-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-60-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2128-21-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-66-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-2394-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-647-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2973-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-90-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-52-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2588-2365-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2979-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2688-55-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2720-54-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-13-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-2341-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-44-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-2978-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-2383-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2828-14-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2357-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2836-67-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2836-31-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2884-75-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-2972-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-390-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-61-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/3024-2971-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2389-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/3032-76-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/3032-36-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download