cobaltstrike | 00867c14a534807ecabc5d36f0e15357495fd1f709e5e204d535a4c70daf9e52

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/11/2024, 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

46d8c6938281426f4fe1e5dd0b6de4cc
SHA1

8c92c4f92da83c61be6f56eb8588e66fd9837c20
SHA256

00867c14a534807ecabc5d36f0e15357495fd1f709e5e204d535a4c70daf9e52
SHA512

9c4f42b25b02ceba7847accf02207a2446746e6c96db8bfa208de94fff3df8984c8d3cbb8c27b1cc898a55e52bbccc205b3390c050c154265db75c5696ee01de
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUb:T+q56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015fc4-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016031-12.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001620e-20.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001650a-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016593-27.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000167dc-32.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dad-47.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f9c-59.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173e4-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017409-87.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001752f-103.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018678-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-131.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-127.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-115.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866d-114.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174ac-99.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001748f-95.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001747b-91.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-83.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fb-79.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173aa-71.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739c-67.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739a-63.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016e74-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dc8-51.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-43.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d50-39.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c3d-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1152-0-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x0008000000015fc4-8.dat	xmrig
behavioral1/files/0x0008000000016031-12.dat	xmrig
behavioral1/files/0x000800000001620e-20.dat	xmrig
behavioral1/files/0x000700000001650a-24.dat	xmrig
behavioral1/files/0x0007000000016593-27.dat	xmrig
behavioral1/files/0x00070000000167dc-32.dat	xmrig
behavioral1/files/0x0006000000016dad-47.dat	xmrig
behavioral1/files/0x0006000000016f9c-59.dat	xmrig
behavioral1/files/0x00060000000173e4-75.dat	xmrig
behavioral1/files/0x0006000000017409-87.dat	xmrig
behavioral1/files/0x000600000001752f-103.dat	xmrig
behavioral1/files/0x0009000000018678-108.dat	xmrig
behavioral1/files/0x00050000000191f3-131.dat	xmrig
behavioral1/memory/1152-1053-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2624-1251-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2756-1232-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2804-1222-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2716-1242-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2208-1213-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/316-1202-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/1768-1093-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2136-381-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2624-379-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2884-377-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2716-375-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2860-373-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2756-371-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2836-369-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2804-367-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2744-365-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2208-363-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2104-361-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/316-359-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2396-332-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/1768-301-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x00060000000190d6-127.dat	xmrig
behavioral1/files/0x00060000000190cd-123.dat	xmrig
behavioral1/files/0x000500000001879b-119.dat	xmrig
behavioral1/files/0x0005000000018690-115.dat	xmrig
behavioral1/files/0x001500000001866d-114.dat	xmrig
behavioral1/files/0x00060000000174ac-99.dat	xmrig
behavioral1/files/0x000600000001748f-95.dat	xmrig
behavioral1/files/0x000600000001747b-91.dat	xmrig
behavioral1/files/0x0006000000017403-83.dat	xmrig
behavioral1/files/0x00060000000173fb-79.dat	xmrig
behavioral1/files/0x00060000000173aa-71.dat	xmrig
behavioral1/files/0x000600000001739c-67.dat	xmrig
behavioral1/files/0x000600000001739a-63.dat	xmrig
behavioral1/files/0x0006000000016e74-55.dat	xmrig
behavioral1/files/0x0006000000016dc8-51.dat	xmrig
behavioral1/files/0x0006000000016d9f-43.dat	xmrig
behavioral1/files/0x0007000000016d50-39.dat	xmrig
behavioral1/files/0x0008000000016c3d-36.dat	xmrig
behavioral1/memory/2860-3620-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2836-3624-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2744-3623-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2396-3622-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2136-3621-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/1768-4144-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2804-4208-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2624-4212-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2716-4211-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2136	FGOhktS.exe
1768	GCzhGxS.exe
2396	fynObcm.exe
316	bPlpAsy.exe
2104	SEPiQFa.exe
2208	BICUHXs.exe
2744	TrUGRqr.exe
2804	OkFWReq.exe
2836	UcYfCre.exe
2756	LFglAky.exe
2860	grNcuRL.exe
2716	GHXGdjy.exe
2884	siaMvgU.exe
2624	hZKBqkZ.exe
2644	DvZedYr.exe
2772	sHxEXAS.exe
2616	pxWrxTD.exe
2720	bGrmbdc.exe
3064	PYTWMHO.exe
2076	wkdknWV.exe
556	hXpAqJY.exe
628	iqmuoXg.exe
2388	WXcbthl.exe
1052	MoygZAa.exe
2700	ZvvFHdG.exe
1988	ZMzBbhb.exe
2840	oKmNYKf.exe
2788	gsouWPb.exe
2948	AoNtkqB.exe
2932	gTIYLga.exe
2280	RqCgaeM.exe
2376	IKVwXjm.exe
2232	RVKdNpR.exe
2188	PTkFjXu.exe
1856	DqYXrDg.exe
2456	MHCqsTN.exe
1112	NKxeqZO.exe
1048	xROdGIc.exe
3008	GTFcvSQ.exe
2916	QLkTUNB.exe
1312	glgKkFD.exe
956	ipTLurE.exe
1804	zVAXCrw.exe
928	RzwmduT.exe
1660	ffLtVSi.exe
2480	xMUpFuw.exe
2696	IHlUrAs.exe
1524	qlnuZcv.exe
1744	eQMbWbR.exe
2172	fxlANyW.exe
1540	rIouDSA.exe
1840	PvpNbbr.exe
564	hDzqzYk.exe
1848	gAMGTGt.exe
2428	NdmYokj.exe
2092	JSIrFOf.exe
292	LWqJhTF.exe
776	bqDfECw.exe
2440	FVZhEle.exe
1652	Wrgofbt.exe
2444	JsobmWr.exe
352	vKGnUYp.exe
1676	ALDlPcw.exe
1700	XRfpEtl.exe

Loads dropped DLL 64 IoCs

pid	Process
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1152-0-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x0008000000015fc4-8.dat	upx
behavioral1/files/0x0008000000016031-12.dat	upx
behavioral1/files/0x000800000001620e-20.dat	upx
behavioral1/files/0x000700000001650a-24.dat	upx
behavioral1/files/0x0007000000016593-27.dat	upx
behavioral1/files/0x00070000000167dc-32.dat	upx
behavioral1/files/0x0006000000016dad-47.dat	upx
behavioral1/files/0x0006000000016f9c-59.dat	upx
behavioral1/files/0x00060000000173e4-75.dat	upx
behavioral1/files/0x0006000000017409-87.dat	upx
behavioral1/files/0x000600000001752f-103.dat	upx
behavioral1/files/0x0009000000018678-108.dat	upx
behavioral1/files/0x00050000000191f3-131.dat	upx
behavioral1/memory/1152-1053-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2624-1251-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2756-1232-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2804-1222-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2716-1242-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2208-1213-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/316-1202-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/1768-1093-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2136-381-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2624-379-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2884-377-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2716-375-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2860-373-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2756-371-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2836-369-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2804-367-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2744-365-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2208-363-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2104-361-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/316-359-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2396-332-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/1768-301-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x00060000000190d6-127.dat	upx
behavioral1/files/0x00060000000190cd-123.dat	upx
behavioral1/files/0x000500000001879b-119.dat	upx
behavioral1/files/0x0005000000018690-115.dat	upx
behavioral1/files/0x001500000001866d-114.dat	upx
behavioral1/files/0x00060000000174ac-99.dat	upx
behavioral1/files/0x000600000001748f-95.dat	upx
behavioral1/files/0x000600000001747b-91.dat	upx
behavioral1/files/0x0006000000017403-83.dat	upx
behavioral1/files/0x00060000000173fb-79.dat	upx
behavioral1/files/0x00060000000173aa-71.dat	upx
behavioral1/files/0x000600000001739c-67.dat	upx
behavioral1/files/0x000600000001739a-63.dat	upx
behavioral1/files/0x0006000000016e74-55.dat	upx
behavioral1/files/0x0006000000016dc8-51.dat	upx
behavioral1/files/0x0006000000016d9f-43.dat	upx
behavioral1/files/0x0007000000016d50-39.dat	upx
behavioral1/files/0x0008000000016c3d-36.dat	upx
behavioral1/memory/2860-3620-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2836-3624-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2744-3623-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2396-3622-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2136-3621-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/1768-4144-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2804-4208-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2624-4212-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2716-4211-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\AVbElsf.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yHmhKnu.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nJDnnxT.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HPauoPT.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TjwJppd.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AQGBdEO.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YzmFHOb.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VXSdnyf.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eoTzQYE.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFJLHBk.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KHMZKZa.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GHXGdjy.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QwMfGDX.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZLvidP.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNVqRFe.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PpMDXhw.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZMzBbhb.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zKEXnFT.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AaXloQn.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NcLeGGK.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uFlMJix.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHlUrAs.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTwhHDd.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmSknUv.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VCpktDO.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KRRREfc.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vvrosBr.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UwRDMzr.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nrVQBav.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HHvKjYy.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\frEGQdp.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kyfpnid.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMuvrBO.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GywtGNX.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEUBlHK.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ViHYyyc.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yKGWrlG.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqPEWpc.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GZVwPqI.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AWLyRul.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DdIkQeL.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aHTpGMs.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgwXqtJ.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pvQuObS.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qOkeYEF.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ALDlPcw.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TjzZjMf.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZurFTse.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\evpfdqE.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CrLVCDH.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DaVZbhM.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MkPqyTf.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JKcKDGI.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fltEjPN.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\enNKMgc.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYwiSNl.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mRrxdrM.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yMkIZrr.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qZNiIpr.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HGGyLEs.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVSkJrV.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gNThuiK.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OCjYonu.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQrJCQG.exe	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 2136	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1152 wrote to memory of 2136	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1152 wrote to memory of 2136	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1152 wrote to memory of 1768	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1152 wrote to memory of 1768	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1152 wrote to memory of 1768	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1152 wrote to memory of 2396	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1152 wrote to memory of 2396	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1152 wrote to memory of 2396	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1152 wrote to memory of 316	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1152 wrote to memory of 316	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1152 wrote to memory of 316	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1152 wrote to memory of 2104	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1152 wrote to memory of 2104	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1152 wrote to memory of 2104	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1152 wrote to memory of 2208	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1152 wrote to memory of 2208	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1152 wrote to memory of 2208	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1152 wrote to memory of 2744	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1152 wrote to memory of 2744	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1152 wrote to memory of 2744	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1152 wrote to memory of 2804	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1152 wrote to memory of 2804	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1152 wrote to memory of 2804	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1152 wrote to memory of 2836	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1152 wrote to memory of 2836	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1152 wrote to memory of 2836	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1152 wrote to memory of 2756	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1152 wrote to memory of 2756	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1152 wrote to memory of 2756	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1152 wrote to memory of 2860	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1152 wrote to memory of 2860	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1152 wrote to memory of 2860	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1152 wrote to memory of 2716	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1152 wrote to memory of 2716	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1152 wrote to memory of 2716	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1152 wrote to memory of 2884	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1152 wrote to memory of 2884	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1152 wrote to memory of 2884	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1152 wrote to memory of 2624	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1152 wrote to memory of 2624	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1152 wrote to memory of 2624	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1152 wrote to memory of 2644	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1152 wrote to memory of 2644	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1152 wrote to memory of 2644	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1152 wrote to memory of 2772	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1152 wrote to memory of 2772	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1152 wrote to memory of 2772	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1152 wrote to memory of 2616	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1152 wrote to memory of 2616	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1152 wrote to memory of 2616	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1152 wrote to memory of 2720	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1152 wrote to memory of 2720	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1152 wrote to memory of 2720	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1152 wrote to memory of 3064	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1152 wrote to memory of 3064	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1152 wrote to memory of 3064	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1152 wrote to memory of 2076	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1152 wrote to memory of 2076	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1152 wrote to memory of 2076	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1152 wrote to memory of 556	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1152 wrote to memory of 556	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1152 wrote to memory of 556	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1152 wrote to memory of 628	1152	2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-27_46d8c6938281426f4fe1e5dd0b6de4cc_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Windows\System\FGOhktS.exe
  C:\Windows\System\FGOhktS.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\GCzhGxS.exe
  C:\Windows\System\GCzhGxS.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\fynObcm.exe
  C:\Windows\System\fynObcm.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\bPlpAsy.exe
  C:\Windows\System\bPlpAsy.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\SEPiQFa.exe
  C:\Windows\System\SEPiQFa.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\BICUHXs.exe
  C:\Windows\System\BICUHXs.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\TrUGRqr.exe
  C:\Windows\System\TrUGRqr.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\OkFWReq.exe
  C:\Windows\System\OkFWReq.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\UcYfCre.exe
  C:\Windows\System\UcYfCre.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\LFglAky.exe
  C:\Windows\System\LFglAky.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\grNcuRL.exe
  C:\Windows\System\grNcuRL.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\GHXGdjy.exe
  C:\Windows\System\GHXGdjy.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\siaMvgU.exe
  C:\Windows\System\siaMvgU.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\hZKBqkZ.exe
  C:\Windows\System\hZKBqkZ.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\DvZedYr.exe
  C:\Windows\System\DvZedYr.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\sHxEXAS.exe
  C:\Windows\System\sHxEXAS.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\pxWrxTD.exe
  C:\Windows\System\pxWrxTD.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\bGrmbdc.exe
  C:\Windows\System\bGrmbdc.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\PYTWMHO.exe
  C:\Windows\System\PYTWMHO.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\wkdknWV.exe
  C:\Windows\System\wkdknWV.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\hXpAqJY.exe
  C:\Windows\System\hXpAqJY.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\iqmuoXg.exe
  C:\Windows\System\iqmuoXg.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\WXcbthl.exe
  C:\Windows\System\WXcbthl.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\MoygZAa.exe
  C:\Windows\System\MoygZAa.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\ZvvFHdG.exe
  C:\Windows\System\ZvvFHdG.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\oKmNYKf.exe
  C:\Windows\System\oKmNYKf.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\ZMzBbhb.exe
  C:\Windows\System\ZMzBbhb.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\gsouWPb.exe
  C:\Windows\System\gsouWPb.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\AoNtkqB.exe
  C:\Windows\System\AoNtkqB.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\gTIYLga.exe
  C:\Windows\System\gTIYLga.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\RqCgaeM.exe
  C:\Windows\System\RqCgaeM.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\IKVwXjm.exe
  C:\Windows\System\IKVwXjm.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\RVKdNpR.exe
  C:\Windows\System\RVKdNpR.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\PTkFjXu.exe
  C:\Windows\System\PTkFjXu.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\DqYXrDg.exe
  C:\Windows\System\DqYXrDg.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\MHCqsTN.exe
  C:\Windows\System\MHCqsTN.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\NKxeqZO.exe
  C:\Windows\System\NKxeqZO.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\xROdGIc.exe
  C:\Windows\System\xROdGIc.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\GTFcvSQ.exe
  C:\Windows\System\GTFcvSQ.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\QLkTUNB.exe
  C:\Windows\System\QLkTUNB.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\glgKkFD.exe
  C:\Windows\System\glgKkFD.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\ipTLurE.exe
  C:\Windows\System\ipTLurE.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\zVAXCrw.exe
  C:\Windows\System\zVAXCrw.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\RzwmduT.exe
  C:\Windows\System\RzwmduT.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\ffLtVSi.exe
  C:\Windows\System\ffLtVSi.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\xMUpFuw.exe
  C:\Windows\System\xMUpFuw.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\IHlUrAs.exe
  C:\Windows\System\IHlUrAs.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\eQMbWbR.exe
  C:\Windows\System\eQMbWbR.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\qlnuZcv.exe
  C:\Windows\System\qlnuZcv.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\fxlANyW.exe
  C:\Windows\System\fxlANyW.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\rIouDSA.exe
  C:\Windows\System\rIouDSA.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\PvpNbbr.exe
  C:\Windows\System\PvpNbbr.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\hDzqzYk.exe
  C:\Windows\System\hDzqzYk.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\gAMGTGt.exe
  C:\Windows\System\gAMGTGt.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\NdmYokj.exe
  C:\Windows\System\NdmYokj.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\JSIrFOf.exe
  C:\Windows\System\JSIrFOf.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\LWqJhTF.exe
  C:\Windows\System\LWqJhTF.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\bqDfECw.exe
  C:\Windows\System\bqDfECw.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\FVZhEle.exe
  C:\Windows\System\FVZhEle.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\JsobmWr.exe
  C:\Windows\System\JsobmWr.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\Wrgofbt.exe
  C:\Windows\System\Wrgofbt.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\vKGnUYp.exe
  C:\Windows\System\vKGnUYp.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\ALDlPcw.exe
  C:\Windows\System\ALDlPcw.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\XRfpEtl.exe
  C:\Windows\System\XRfpEtl.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\fjLjdtJ.exe
  C:\Windows\System\fjLjdtJ.exe
  2⤵
  PID:2284
- C:\Windows\System\rmVfosX.exe
  C:\Windows\System\rmVfosX.exe
  2⤵
  PID:3024
- C:\Windows\System\XEDWQVF.exe
  C:\Windows\System\XEDWQVF.exe
  2⤵
  PID:2400
- C:\Windows\System\zeglzSF.exe
  C:\Windows\System\zeglzSF.exe
  2⤵
  PID:1588
- C:\Windows\System\mdQLDAy.exe
  C:\Windows\System\mdQLDAy.exe
  2⤵
  PID:2152
- C:\Windows\System\tlnlitf.exe
  C:\Windows\System\tlnlitf.exe
  2⤵
  PID:2876
- C:\Windows\System\elejnPW.exe
  C:\Windows\System\elejnPW.exe
  2⤵
  PID:1820
- C:\Windows\System\EinfUxQ.exe
  C:\Windows\System\EinfUxQ.exe
  2⤵
  PID:2340
- C:\Windows\System\FtaUcwC.exe
  C:\Windows\System\FtaUcwC.exe
  2⤵
  PID:2740
- C:\Windows\System\FaTPpVR.exe
  C:\Windows\System\FaTPpVR.exe
  2⤵
  PID:2988
- C:\Windows\System\eycLAPh.exe
  C:\Windows\System\eycLAPh.exe
  2⤵
  PID:2604
- C:\Windows\System\GZVwPqI.exe
  C:\Windows\System\GZVwPqI.exe
  2⤵
  PID:2796
- C:\Windows\System\CmJPyEm.exe
  C:\Windows\System\CmJPyEm.exe
  2⤵
  PID:2800
- C:\Windows\System\oRHhBmx.exe
  C:\Windows\System\oRHhBmx.exe
  2⤵
  PID:2664
- C:\Windows\System\DnLsxoJ.exe
  C:\Windows\System\DnLsxoJ.exe
  2⤵
  PID:2088
- C:\Windows\System\mMpdRmp.exe
  C:\Windows\System\mMpdRmp.exe
  2⤵
  PID:2584
- C:\Windows\System\oxMZfFb.exe
  C:\Windows\System\oxMZfFb.exe
  2⤵
  PID:304
- C:\Windows\System\dAmitNr.exe
  C:\Windows\System\dAmitNr.exe
  2⤵
  PID:1816
- C:\Windows\System\FqzuIrd.exe
  C:\Windows\System\FqzuIrd.exe
  2⤵
  PID:2000
- C:\Windows\System\mubyxgc.exe
  C:\Windows\System\mubyxgc.exe
  2⤵
  PID:1920
- C:\Windows\System\NJLLpwW.exe
  C:\Windows\System\NJLLpwW.exe
  2⤵
  PID:2268
- C:\Windows\System\bDIiUUF.exe
  C:\Windows\System\bDIiUUF.exe
  2⤵
  PID:2164
- C:\Windows\System\zGRdPdb.exe
  C:\Windows\System\zGRdPdb.exe
  2⤵
  PID:1776
- C:\Windows\System\yZSrRvq.exe
  C:\Windows\System\yZSrRvq.exe
  2⤵
  PID:2060
- C:\Windows\System\QbMfHFh.exe
  C:\Windows\System\QbMfHFh.exe
  2⤵
  PID:2580
- C:\Windows\System\sqMKvBN.exe
  C:\Windows\System\sqMKvBN.exe
  2⤵
  PID:752
- C:\Windows\System\NRFfvpB.exe
  C:\Windows\System\NRFfvpB.exe
  2⤵
  PID:344
- C:\Windows\System\SzsJuUY.exe
  C:\Windows\System\SzsJuUY.exe
  2⤵
  PID:1740
- C:\Windows\System\yaCOIiV.exe
  C:\Windows\System\yaCOIiV.exe
  2⤵
  PID:2448
- C:\Windows\System\cXjAsZo.exe
  C:\Windows\System\cXjAsZo.exe
  2⤵
  PID:1728
- C:\Windows\System\mmxGXAA.exe
  C:\Windows\System\mmxGXAA.exe
  2⤵
  PID:1644
- C:\Windows\System\WjNKslL.exe
  C:\Windows\System\WjNKslL.exe
  2⤵
  PID:2260
- C:\Windows\System\WTYwNXd.exe
  C:\Windows\System\WTYwNXd.exe
  2⤵
  PID:2972
- C:\Windows\System\LhDrFdl.exe
  C:\Windows\System\LhDrFdl.exe
  2⤵
  PID:2464
- C:\Windows\System\qHWyUbG.exe
  C:\Windows\System\qHWyUbG.exe
  2⤵
  PID:1120
- C:\Windows\System\ysKbGvZ.exe
  C:\Windows\System\ysKbGvZ.exe
  2⤵
  PID:1232
- C:\Windows\System\WnagPej.exe
  C:\Windows\System\WnagPej.exe
  2⤵
  PID:2408
- C:\Windows\System\coUANgQ.exe
  C:\Windows\System\coUANgQ.exe
  2⤵
  PID:1620
- C:\Windows\System\ZJfMdAv.exe
  C:\Windows\System\ZJfMdAv.exe
  2⤵
  PID:1448
- C:\Windows\System\dsACzyC.exe
  C:\Windows\System\dsACzyC.exe
  2⤵
  PID:2148
- C:\Windows\System\iYqbgZT.exe
  C:\Windows\System\iYqbgZT.exe
  2⤵
  PID:2320
- C:\Windows\System\KVaZlpL.exe
  C:\Windows\System\KVaZlpL.exe
  2⤵
  PID:2816
- C:\Windows\System\PnPqqjj.exe
  C:\Windows\System\PnPqqjj.exe
  2⤵
  PID:2732
- C:\Windows\System\OBZkoNt.exe
  C:\Windows\System\OBZkoNt.exe
  2⤵
  PID:1716
- C:\Windows\System\UNkqQJk.exe
  C:\Windows\System\UNkqQJk.exe
  2⤵
  PID:1640
- C:\Windows\System\TvIIWYc.exe
  C:\Windows\System\TvIIWYc.exe
  2⤵
  PID:2900
- C:\Windows\System\bQAcCWR.exe
  C:\Windows\System\bQAcCWR.exe
  2⤵
  PID:2024
- C:\Windows\System\qVzVOCl.exe
  C:\Windows\System\qVzVOCl.exe
  2⤵
  PID:2904
- C:\Windows\System\zqzJfIa.exe
  C:\Windows\System\zqzJfIa.exe
  2⤵
  PID:1632
- C:\Windows\System\QKewodz.exe
  C:\Windows\System\QKewodz.exe
  2⤵
  PID:3060
- C:\Windows\System\csWWfFq.exe
  C:\Windows\System\csWWfFq.exe
  2⤵
  PID:1392
- C:\Windows\System\flIzAwz.exe
  C:\Windows\System\flIzAwz.exe
  2⤵
  PID:3188
- C:\Windows\System\uNRxRYK.exe
  C:\Windows\System\uNRxRYK.exe
  2⤵
  PID:3308
- C:\Windows\System\zOXoiYT.exe
  C:\Windows\System\zOXoiYT.exe
  2⤵
  PID:3324
- C:\Windows\System\RfeBogx.exe
  C:\Windows\System\RfeBogx.exe
  2⤵
  PID:3340
- C:\Windows\System\XlFxpcW.exe
  C:\Windows\System\XlFxpcW.exe
  2⤵
  PID:3356
- C:\Windows\System\yeSjPbQ.exe
  C:\Windows\System\yeSjPbQ.exe
  2⤵
  PID:3372
- C:\Windows\System\cmJNCKj.exe
  C:\Windows\System\cmJNCKj.exe
  2⤵
  PID:3388
- C:\Windows\System\WrPsXqV.exe
  C:\Windows\System\WrPsXqV.exe
  2⤵
  PID:3404
- C:\Windows\System\ryDmmMH.exe
  C:\Windows\System\ryDmmMH.exe
  2⤵
  PID:3420
- C:\Windows\System\UXrrfPl.exe
  C:\Windows\System\UXrrfPl.exe
  2⤵
  PID:3436
- C:\Windows\System\zKEXnFT.exe
  C:\Windows\System\zKEXnFT.exe
  2⤵
  PID:3452
- C:\Windows\System\ucwBPQO.exe
  C:\Windows\System\ucwBPQO.exe
  2⤵
  PID:3468
- C:\Windows\System\OCjYonu.exe
  C:\Windows\System\OCjYonu.exe
  2⤵
  PID:3484
- C:\Windows\System\PlqYtmL.exe
  C:\Windows\System\PlqYtmL.exe
  2⤵
  PID:3500
- C:\Windows\System\zWuzmVF.exe
  C:\Windows\System\zWuzmVF.exe
  2⤵
  PID:3516
- C:\Windows\System\liTMdgl.exe
  C:\Windows\System\liTMdgl.exe
  2⤵
  PID:3532
- C:\Windows\System\swwnBdD.exe
  C:\Windows\System\swwnBdD.exe
  2⤵
  PID:3548
- C:\Windows\System\dpNlzuI.exe
  C:\Windows\System\dpNlzuI.exe
  2⤵
  PID:3564
- C:\Windows\System\DBpZEIa.exe
  C:\Windows\System\DBpZEIa.exe
  2⤵
  PID:3580
- C:\Windows\System\SSDSmIM.exe
  C:\Windows\System\SSDSmIM.exe
  2⤵
  PID:3596
- C:\Windows\System\chNVYtf.exe
  C:\Windows\System\chNVYtf.exe
  2⤵
  PID:3612
- C:\Windows\System\zDmRJFC.exe
  C:\Windows\System\zDmRJFC.exe
  2⤵
  PID:3628
- C:\Windows\System\yTiajMV.exe
  C:\Windows\System\yTiajMV.exe
  2⤵
  PID:3644
- C:\Windows\System\iEbaDYF.exe
  C:\Windows\System\iEbaDYF.exe
  2⤵
  PID:3660
- C:\Windows\System\zKYufQS.exe
  C:\Windows\System\zKYufQS.exe
  2⤵
  PID:3676
- C:\Windows\System\iCgDNay.exe
  C:\Windows\System\iCgDNay.exe
  2⤵
  PID:3692
- C:\Windows\System\PgOHnIA.exe
  C:\Windows\System\PgOHnIA.exe
  2⤵
  PID:3708
- C:\Windows\System\AaXloQn.exe
  C:\Windows\System\AaXloQn.exe
  2⤵
  PID:3724
- C:\Windows\System\LJMcLSq.exe
  C:\Windows\System\LJMcLSq.exe
  2⤵
  PID:3748
- C:\Windows\System\HjMRIrn.exe
  C:\Windows\System\HjMRIrn.exe
  2⤵
  PID:3764
- C:\Windows\System\VOpZZyA.exe
  C:\Windows\System\VOpZZyA.exe
  2⤵
  PID:3784
- C:\Windows\System\xFrYFMq.exe
  C:\Windows\System\xFrYFMq.exe
  2⤵
  PID:3808
- C:\Windows\System\lJvqpCq.exe
  C:\Windows\System\lJvqpCq.exe
  2⤵
  PID:3832
- C:\Windows\System\DLJutxl.exe
  C:\Windows\System\DLJutxl.exe
  2⤵
  PID:3848
- C:\Windows\System\UOIOqwd.exe
  C:\Windows\System\UOIOqwd.exe
  2⤵
  PID:3864
- C:\Windows\System\svIRNiM.exe
  C:\Windows\System\svIRNiM.exe
  2⤵
  PID:3880
- C:\Windows\System\zpGzCUw.exe
  C:\Windows\System\zpGzCUw.exe
  2⤵
  PID:3896
- C:\Windows\System\nWHYidk.exe
  C:\Windows\System\nWHYidk.exe
  2⤵
  PID:3912
- C:\Windows\System\HeeUTtt.exe
  C:\Windows\System\HeeUTtt.exe
  2⤵
  PID:3928
- C:\Windows\System\njjqkwM.exe
  C:\Windows\System\njjqkwM.exe
  2⤵
  PID:3944
- C:\Windows\System\gYqwYqB.exe
  C:\Windows\System\gYqwYqB.exe
  2⤵
  PID:3960
- C:\Windows\System\PEjkANw.exe
  C:\Windows\System\PEjkANw.exe
  2⤵
  PID:3980
- C:\Windows\System\ImJDAmL.exe
  C:\Windows\System\ImJDAmL.exe
  2⤵
  PID:3996
- C:\Windows\System\uAOXmSo.exe
  C:\Windows\System\uAOXmSo.exe
  2⤵
  PID:4012
- C:\Windows\System\WlhSvMF.exe
  C:\Windows\System\WlhSvMF.exe
  2⤵
  PID:4028
- C:\Windows\System\bTAylZF.exe
  C:\Windows\System\bTAylZF.exe
  2⤵
  PID:4044
- C:\Windows\System\OLaBjtm.exe
  C:\Windows\System\OLaBjtm.exe
  2⤵
  PID:4060
- C:\Windows\System\rfUnbJy.exe
  C:\Windows\System\rfUnbJy.exe
  2⤵
  PID:4076
- C:\Windows\System\tzPjXvK.exe
  C:\Windows\System\tzPjXvK.exe
  2⤵
  PID:4092
- C:\Windows\System\WXDftpd.exe
  C:\Windows\System\WXDftpd.exe
  2⤵
  PID:1596
- C:\Windows\System\oRfFCkt.exe
  C:\Windows\System\oRfFCkt.exe
  2⤵
  PID:2612
- C:\Windows\System\OxCTGNF.exe
  C:\Windows\System\OxCTGNF.exe
  2⤵
  PID:2416
- C:\Windows\System\MgUDDKs.exe
  C:\Windows\System\MgUDDKs.exe
  2⤵
  PID:2240
- C:\Windows\System\oBJjHWL.exe
  C:\Windows\System\oBJjHWL.exe
  2⤵
  PID:2992
- C:\Windows\System\wqkIxpY.exe
  C:\Windows\System\wqkIxpY.exe
  2⤵
  PID:1196
- C:\Windows\System\xqGTPoQ.exe
  C:\Windows\System\xqGTPoQ.exe
  2⤵
  PID:1584
- C:\Windows\System\nVbudna.exe
  C:\Windows\System\nVbudna.exe
  2⤵
  PID:884
- C:\Windows\System\DLZgnOW.exe
  C:\Windows\System\DLZgnOW.exe
  2⤵
  PID:2896
- C:\Windows\System\HAtutiH.exe
  C:\Windows\System\HAtutiH.exe
  2⤵
  PID:2592
- C:\Windows\System\aUBTcoV.exe
  C:\Windows\System\aUBTcoV.exe
  2⤵
  PID:1560
- C:\Windows\System\kuqIuLi.exe
  C:\Windows\System\kuqIuLi.exe
  2⤵
  PID:3080
- C:\Windows\System\NxHzHVo.exe
  C:\Windows\System\NxHzHVo.exe
  2⤵
  PID:3100
- C:\Windows\System\MWfEIVb.exe
  C:\Windows\System\MWfEIVb.exe
  2⤵
  PID:3116
- C:\Windows\System\gQvegCm.exe
  C:\Windows\System\gQvegCm.exe
  2⤵
  PID:3132
- C:\Windows\System\wlQlUEI.exe
  C:\Windows\System\wlQlUEI.exe
  2⤵
  PID:3148
- C:\Windows\System\WKbRDXW.exe
  C:\Windows\System\WKbRDXW.exe
  2⤵
  PID:3164
- C:\Windows\System\DbsxUjG.exe
  C:\Windows\System\DbsxUjG.exe
  2⤵
  PID:3180
- C:\Windows\System\PrHdChm.exe
  C:\Windows\System\PrHdChm.exe
  2⤵
  PID:3316
- C:\Windows\System\PTHETwb.exe
  C:\Windows\System\PTHETwb.exe
  2⤵
  PID:3352
- C:\Windows\System\OYPczvD.exe
  C:\Windows\System\OYPczvD.exe
  2⤵
  PID:3336
- C:\Windows\System\QajvEnj.exe
  C:\Windows\System\QajvEnj.exe
  2⤵
  PID:3412
- C:\Windows\System\dddvuCl.exe
  C:\Windows\System\dddvuCl.exe
  2⤵
  PID:3448
- C:\Windows\System\FiXYWVo.exe
  C:\Windows\System\FiXYWVo.exe
  2⤵
  PID:3480
- C:\Windows\System\crSgclO.exe
  C:\Windows\System\crSgclO.exe
  2⤵
  PID:3496
- C:\Windows\System\EUFCDue.exe
  C:\Windows\System\EUFCDue.exe
  2⤵
  PID:3540
- C:\Windows\System\SjWTZRg.exe
  C:\Windows\System\SjWTZRg.exe
  2⤵
  PID:3572
- C:\Windows\System\gozIxwd.exe
  C:\Windows\System\gozIxwd.exe
  2⤵
  PID:3608
- C:\Windows\System\nyGgESB.exe
  C:\Windows\System\nyGgESB.exe
  2⤵
  PID:3636
- C:\Windows\System\FKfQlsV.exe
  C:\Windows\System\FKfQlsV.exe
  2⤵
  PID:3672
- C:\Windows\System\ONyfICH.exe
  C:\Windows\System\ONyfICH.exe
  2⤵
  PID:3684
- C:\Windows\System\lcmdBHh.exe
  C:\Windows\System\lcmdBHh.exe
  2⤵
  PID:3720
- C:\Windows\System\KypcDqb.exe
  C:\Windows\System\KypcDqb.exe
  2⤵
  PID:3792
- C:\Windows\System\xjmwoKw.exe
  C:\Windows\System\xjmwoKw.exe
  2⤵
  PID:3776
- C:\Windows\System\jVspxqW.exe
  C:\Windows\System\jVspxqW.exe
  2⤵
  PID:3844
- C:\Windows\System\vvugUoU.exe
  C:\Windows\System\vvugUoU.exe
  2⤵
  PID:3860
- C:\Windows\System\qfUYtqi.exe
  C:\Windows\System\qfUYtqi.exe
  2⤵
  PID:3908
- C:\Windows\System\asJtVCX.exe
  C:\Windows\System\asJtVCX.exe
  2⤵
  PID:3968
- C:\Windows\System\KXlQyLb.exe
  C:\Windows\System\KXlQyLb.exe
  2⤵
  PID:3972
- C:\Windows\System\pRdDWTj.exe
  C:\Windows\System\pRdDWTj.exe
  2⤵
  PID:4020
- C:\Windows\System\ViHYyyc.exe
  C:\Windows\System\ViHYyyc.exe
  2⤵
  PID:4052
- C:\Windows\System\fYKxAOD.exe
  C:\Windows\System\fYKxAOD.exe
  2⤵
  PID:4072
- C:\Windows\System\xeRuywl.exe
  C:\Windows\System\xeRuywl.exe
  2⤵
  PID:1904
- C:\Windows\System\ORyLeVt.exe
  C:\Windows\System\ORyLeVt.exe
  2⤵
  PID:1896
- C:\Windows\System\XzBtLBv.exe
  C:\Windows\System\XzBtLBv.exe
  2⤵
  PID:1752
- C:\Windows\System\dcoERGy.exe
  C:\Windows\System\dcoERGy.exe
  2⤵
  PID:1348
- C:\Windows\System\lzSbeUh.exe
  C:\Windows\System\lzSbeUh.exe
  2⤵
  PID:580
- C:\Windows\System\lmEVABU.exe
  C:\Windows\System\lmEVABU.exe
  2⤵
  PID:1828
- C:\Windows\System\oomvKhN.exe
  C:\Windows\System\oomvKhN.exe
  2⤵
  PID:3076
- C:\Windows\System\asaZLkl.exe
  C:\Windows\System\asaZLkl.exe
  2⤵
  PID:3128
- C:\Windows\System\SHQdtmF.exe
  C:\Windows\System\SHQdtmF.exe
  2⤵
  PID:3160
- C:\Windows\System\bCJtXAb.exe
  C:\Windows\System\bCJtXAb.exe
  2⤵
  PID:3300
- C:\Windows\System\LfXhrZq.exe
  C:\Windows\System\LfXhrZq.exe
  2⤵
  PID:3444
- C:\Windows\System\ASUHTcG.exe
  C:\Windows\System\ASUHTcG.exe
  2⤵
  PID:3432
- C:\Windows\System\URZrlwB.exe
  C:\Windows\System\URZrlwB.exe
  2⤵
  PID:3492
- C:\Windows\System\LEZdETx.exe
  C:\Windows\System\LEZdETx.exe
  2⤵
  PID:3592
- C:\Windows\System\SSEbFqQ.exe
  C:\Windows\System\SSEbFqQ.exe
  2⤵
  PID:3668
- C:\Windows\System\NPEmezM.exe
  C:\Windows\System\NPEmezM.exe
  2⤵
  PID:4112
- C:\Windows\System\YUNbowk.exe
  C:\Windows\System\YUNbowk.exe
  2⤵
  PID:4128
- C:\Windows\System\ZnhDumZ.exe
  C:\Windows\System\ZnhDumZ.exe
  2⤵
  PID:4144
- C:\Windows\System\VQVczzx.exe
  C:\Windows\System\VQVczzx.exe
  2⤵
  PID:4160
- C:\Windows\System\omhAyfV.exe
  C:\Windows\System\omhAyfV.exe
  2⤵
  PID:4176
- C:\Windows\System\nrVQBav.exe
  C:\Windows\System\nrVQBav.exe
  2⤵
  PID:4192
- C:\Windows\System\cAFqHcC.exe
  C:\Windows\System\cAFqHcC.exe
  2⤵
  PID:4208
- C:\Windows\System\RUTTQuV.exe
  C:\Windows\System\RUTTQuV.exe
  2⤵
  PID:4224
- C:\Windows\System\kYwiSNl.exe
  C:\Windows\System\kYwiSNl.exe
  2⤵
  PID:4240
- C:\Windows\System\CrLVCDH.exe
  C:\Windows\System\CrLVCDH.exe
  2⤵
  PID:4256
- C:\Windows\System\jVXMfMU.exe
  C:\Windows\System\jVXMfMU.exe
  2⤵
  PID:4272
- C:\Windows\System\gQVWsXS.exe
  C:\Windows\System\gQVWsXS.exe
  2⤵
  PID:4288
- C:\Windows\System\BfnpGPb.exe
  C:\Windows\System\BfnpGPb.exe
  2⤵
  PID:4304
- C:\Windows\System\FwURAYa.exe
  C:\Windows\System\FwURAYa.exe
  2⤵
  PID:4320
- C:\Windows\System\xjmCKGQ.exe
  C:\Windows\System\xjmCKGQ.exe
  2⤵
  PID:4336
- C:\Windows\System\GdtwYqv.exe
  C:\Windows\System\GdtwYqv.exe
  2⤵
  PID:4352
- C:\Windows\System\DPZLrIS.exe
  C:\Windows\System\DPZLrIS.exe
  2⤵
  PID:4368
- C:\Windows\System\mRrxdrM.exe
  C:\Windows\System\mRrxdrM.exe
  2⤵
  PID:4384
- C:\Windows\System\FnpYUDF.exe
  C:\Windows\System\FnpYUDF.exe
  2⤵
  PID:4400
- C:\Windows\System\XCmAhJh.exe
  C:\Windows\System\XCmAhJh.exe
  2⤵
  PID:4416
- C:\Windows\System\vCAKEMw.exe
  C:\Windows\System\vCAKEMw.exe
  2⤵
  PID:4432
- C:\Windows\System\zxscKBn.exe
  C:\Windows\System\zxscKBn.exe
  2⤵
  PID:4448
- C:\Windows\System\OwvKOEU.exe
  C:\Windows\System\OwvKOEU.exe
  2⤵
  PID:4464
- C:\Windows\System\QwMfGDX.exe
  C:\Windows\System\QwMfGDX.exe
  2⤵
  PID:4480
- C:\Windows\System\PxqCQxo.exe
  C:\Windows\System\PxqCQxo.exe
  2⤵
  PID:4496
- C:\Windows\System\dKvcIFD.exe
  C:\Windows\System\dKvcIFD.exe
  2⤵
  PID:4512
- C:\Windows\System\uaoTAvp.exe
  C:\Windows\System\uaoTAvp.exe
  2⤵
  PID:4528
- C:\Windows\System\ecOMCfF.exe
  C:\Windows\System\ecOMCfF.exe
  2⤵
  PID:4544
- C:\Windows\System\KWcPqDF.exe
  C:\Windows\System\KWcPqDF.exe
  2⤵
  PID:4560
- C:\Windows\System\TaecJDz.exe
  C:\Windows\System\TaecJDz.exe
  2⤵
  PID:4576
- C:\Windows\System\QJVScTg.exe
  C:\Windows\System\QJVScTg.exe
  2⤵
  PID:4592
- C:\Windows\System\TjwJppd.exe
  C:\Windows\System\TjwJppd.exe
  2⤵
  PID:4608
- C:\Windows\System\dYeoHIf.exe
  C:\Windows\System\dYeoHIf.exe
  2⤵
  PID:4624
- C:\Windows\System\RMlhPRV.exe
  C:\Windows\System\RMlhPRV.exe
  2⤵
  PID:4640
- C:\Windows\System\huaRzbp.exe
  C:\Windows\System\huaRzbp.exe
  2⤵
  PID:4656
- C:\Windows\System\TBgfpeK.exe
  C:\Windows\System\TBgfpeK.exe
  2⤵
  PID:4672
- C:\Windows\System\mCfaEeC.exe
  C:\Windows\System\mCfaEeC.exe
  2⤵
  PID:4688
- C:\Windows\System\NXVaLdr.exe
  C:\Windows\System\NXVaLdr.exe
  2⤵
  PID:4704
- C:\Windows\System\LWRaMCz.exe
  C:\Windows\System\LWRaMCz.exe
  2⤵
  PID:4720
- C:\Windows\System\WDxlIkk.exe
  C:\Windows\System\WDxlIkk.exe
  2⤵
  PID:4736
- C:\Windows\System\HHvKjYy.exe
  C:\Windows\System\HHvKjYy.exe
  2⤵
  PID:4752
- C:\Windows\System\gqEXKkI.exe
  C:\Windows\System\gqEXKkI.exe
  2⤵
  PID:4768
- C:\Windows\System\wunoJBb.exe
  C:\Windows\System\wunoJBb.exe
  2⤵
  PID:4784
- C:\Windows\System\VdfvMHR.exe
  C:\Windows\System\VdfvMHR.exe
  2⤵
  PID:4800
- C:\Windows\System\sVDaXxO.exe
  C:\Windows\System\sVDaXxO.exe
  2⤵
  PID:4816
- C:\Windows\System\AKPaKkS.exe
  C:\Windows\System\AKPaKkS.exe
  2⤵
  PID:4832
- C:\Windows\System\vuPLYiI.exe
  C:\Windows\System\vuPLYiI.exe
  2⤵
  PID:4848
- C:\Windows\System\uqJhulj.exe
  C:\Windows\System\uqJhulj.exe
  2⤵
  PID:4864
- C:\Windows\System\bmtCbYa.exe
  C:\Windows\System\bmtCbYa.exe
  2⤵
  PID:4880
- C:\Windows\System\vBUpCIe.exe
  C:\Windows\System\vBUpCIe.exe
  2⤵
  PID:4896
- C:\Windows\System\YzBgmtV.exe
  C:\Windows\System\YzBgmtV.exe
  2⤵
  PID:4912
- C:\Windows\System\cqZUdMy.exe
  C:\Windows\System\cqZUdMy.exe
  2⤵
  PID:4928
- C:\Windows\System\WPqcNsK.exe
  C:\Windows\System\WPqcNsK.exe
  2⤵
  PID:4944
- C:\Windows\System\byRzsHt.exe
  C:\Windows\System\byRzsHt.exe
  2⤵
  PID:4960
- C:\Windows\System\tqjYmLW.exe
  C:\Windows\System\tqjYmLW.exe
  2⤵
  PID:4976
- C:\Windows\System\QqbRHiP.exe
  C:\Windows\System\QqbRHiP.exe
  2⤵
  PID:4992
- C:\Windows\System\VvJvPtF.exe
  C:\Windows\System\VvJvPtF.exe
  2⤵
  PID:5008
- C:\Windows\System\ogerTXa.exe
  C:\Windows\System\ogerTXa.exe
  2⤵
  PID:5024
- C:\Windows\System\JTwHJFg.exe
  C:\Windows\System\JTwHJFg.exe
  2⤵
  PID:5040
- C:\Windows\System\TGcUPJg.exe
  C:\Windows\System\TGcUPJg.exe
  2⤵
  PID:5056
- C:\Windows\System\kGRjoNh.exe
  C:\Windows\System\kGRjoNh.exe
  2⤵
  PID:5072
- C:\Windows\System\zaKIjXY.exe
  C:\Windows\System\zaKIjXY.exe
  2⤵
  PID:5092
- C:\Windows\System\yJGWrlN.exe
  C:\Windows\System\yJGWrlN.exe
  2⤵
  PID:5108
- C:\Windows\System\xsIvLxp.exe
  C:\Windows\System\xsIvLxp.exe
  2⤵
  PID:3624
- C:\Windows\System\rucUnEC.exe
  C:\Windows\System\rucUnEC.exe
  2⤵
  PID:3760
- C:\Windows\System\SSiWtbv.exe
  C:\Windows\System\SSiWtbv.exe
  2⤵
  PID:3744
- C:\Windows\System\nxINySe.exe
  C:\Windows\System\nxINySe.exe
  2⤵
  PID:3892
- C:\Windows\System\oMHkMOw.exe
  C:\Windows\System\oMHkMOw.exe
  2⤵
  PID:3956
- C:\Windows\System\AgrJiQF.exe
  C:\Windows\System\AgrJiQF.exe
  2⤵
  PID:4008
- C:\Windows\System\qkJegwx.exe
  C:\Windows\System\qkJegwx.exe
  2⤵
  PID:4068
- C:\Windows\System\pHiMRJS.exe
  C:\Windows\System\pHiMRJS.exe
  2⤵
  PID:2844
- C:\Windows\System\OZbUvMz.exe
  C:\Windows\System\OZbUvMz.exe
  2⤵
  PID:2984
- C:\Windows\System\ZJzmUBZ.exe
  C:\Windows\System\ZJzmUBZ.exe
  2⤵
  PID:880
- C:\Windows\System\UbZPkcp.exe
  C:\Windows\System\UbZPkcp.exe
  2⤵
  PID:3348
- C:\Windows\System\EmGjtkV.exe
  C:\Windows\System\EmGjtkV.exe
  2⤵
  PID:3176
- C:\Windows\System\nKXAAJF.exe
  C:\Windows\System\nKXAAJF.exe
  2⤵
  PID:3396
- C:\Windows\System\IcZGnjb.exe
  C:\Windows\System\IcZGnjb.exe
  2⤵
  PID:4120
- C:\Windows\System\ZfyniPC.exe
  C:\Windows\System\ZfyniPC.exe
  2⤵
  PID:4104
- C:\Windows\System\frEGQdp.exe
  C:\Windows\System\frEGQdp.exe
  2⤵
  PID:4140
- C:\Windows\System\CbxMFfV.exe
  C:\Windows\System\CbxMFfV.exe
  2⤵
  PID:4172
- C:\Windows\System\gdeIfbA.exe
  C:\Windows\System\gdeIfbA.exe
  2⤵
  PID:4216
- C:\Windows\System\WtDSwdT.exe
  C:\Windows\System\WtDSwdT.exe
  2⤵
  PID:4232
- C:\Windows\System\Egrhioi.exe
  C:\Windows\System\Egrhioi.exe
  2⤵
  PID:4264
- C:\Windows\System\GeGRPZm.exe
  C:\Windows\System\GeGRPZm.exe
  2⤵
  PID:4316
- C:\Windows\System\sCwFtBX.exe
  C:\Windows\System\sCwFtBX.exe
  2⤵
  PID:4348
- C:\Windows\System\UGgytaG.exe
  C:\Windows\System\UGgytaG.exe
  2⤵
  PID:4380
- C:\Windows\System\UgijLpf.exe
  C:\Windows\System\UgijLpf.exe
  2⤵
  PID:3304
- C:\Windows\System\ROppZmi.exe
  C:\Windows\System\ROppZmi.exe
  2⤵
  PID:4440
- C:\Windows\System\oemRHMt.exe
  C:\Windows\System\oemRHMt.exe
  2⤵
  PID:4456
- C:\Windows\System\DWXGkiv.exe
  C:\Windows\System\DWXGkiv.exe
  2⤵
  PID:4508
- C:\Windows\System\QNdNDnZ.exe
  C:\Windows\System\QNdNDnZ.exe
  2⤵
  PID:4540
- C:\Windows\System\rCqLTPD.exe
  C:\Windows\System\rCqLTPD.exe
  2⤵
  PID:4524
- C:\Windows\System\falgtVt.exe
  C:\Windows\System\falgtVt.exe
  2⤵
  PID:4584
- C:\Windows\System\MkPqyTf.exe
  C:\Windows\System\MkPqyTf.exe
  2⤵
  PID:4616
- C:\Windows\System\MZFSYpM.exe
  C:\Windows\System\MZFSYpM.exe
  2⤵
  PID:4652
- C:\Windows\System\wTOErLt.exe
  C:\Windows\System\wTOErLt.exe
  2⤵
  PID:4696
- C:\Windows\System\fqmJRdt.exe
  C:\Windows\System\fqmJRdt.exe
  2⤵
  PID:4712
- C:\Windows\System\aTiWnBa.exe
  C:\Windows\System\aTiWnBa.exe
  2⤵
  PID:4760
- C:\Windows\System\IYdEZsI.exe
  C:\Windows\System\IYdEZsI.exe
  2⤵
  PID:4796
- C:\Windows\System\cyHdNnT.exe
  C:\Windows\System\cyHdNnT.exe
  2⤵
  PID:4824
- C:\Windows\System\GrEdUFx.exe
  C:\Windows\System\GrEdUFx.exe
  2⤵
  PID:4856
- C:\Windows\System\LmrLGjR.exe
  C:\Windows\System\LmrLGjR.exe
  2⤵
  PID:4888
- C:\Windows\System\NKXCuYJ.exe
  C:\Windows\System\NKXCuYJ.exe
  2⤵
  PID:4920
- C:\Windows\System\VEtHBwm.exe
  C:\Windows\System\VEtHBwm.exe
  2⤵
  PID:4936
- C:\Windows\System\ShnIBjc.exe
  C:\Windows\System\ShnIBjc.exe
  2⤵
  PID:4984
- C:\Windows\System\CthkNhV.exe
  C:\Windows\System\CthkNhV.exe
  2⤵
  PID:5020
- C:\Windows\System\pNwJOsP.exe
  C:\Windows\System\pNwJOsP.exe
  2⤵
  PID:5048
- C:\Windows\System\pyMdpwo.exe
  C:\Windows\System\pyMdpwo.exe
  2⤵
  PID:5080
- C:\Windows\System\VGVInGj.exe
  C:\Windows\System\VGVInGj.exe
  2⤵
  PID:5100
- C:\Windows\System\MZhtavj.exe
  C:\Windows\System\MZhtavj.exe
  2⤵
  PID:3840
- C:\Windows\System\CRTGURl.exe
  C:\Windows\System\CRTGURl.exe
  2⤵
  PID:3936
- C:\Windows\System\mWrlARw.exe
  C:\Windows\System\mWrlARw.exe
  2⤵
  PID:4088
- C:\Windows\System\IjlOIrM.exe
  C:\Windows\System\IjlOIrM.exe
  2⤵
  PID:2036
- C:\Windows\System\qRwgAhD.exe
  C:\Windows\System\qRwgAhD.exe
  2⤵
  PID:3144
- C:\Windows\System\tQrJCQG.exe
  C:\Windows\System\tQrJCQG.exe
  2⤵
  PID:3112
- C:\Windows\System\ViqKWml.exe
  C:\Windows\System\ViqKWml.exe
  2⤵
  PID:3604
- C:\Windows\System\blMdWIX.exe
  C:\Windows\System\blMdWIX.exe
  2⤵
  PID:4168
- C:\Windows\System\vYvRHDH.exe
  C:\Windows\System\vYvRHDH.exe
  2⤵
  PID:4200
- C:\Windows\System\NLkGmqA.exe
  C:\Windows\System\NLkGmqA.exe
  2⤵
  PID:4280
- C:\Windows\System\GEMkgmb.exe
  C:\Windows\System\GEMkgmb.exe
  2⤵
  PID:4300
- C:\Windows\System\spqwtGF.exe
  C:\Windows\System\spqwtGF.exe
  2⤵
  PID:4392
- C:\Windows\System\zgOxYbK.exe
  C:\Windows\System\zgOxYbK.exe
  2⤵
  PID:4472
- C:\Windows\System\iwTfcFT.exe
  C:\Windows\System\iwTfcFT.exe
  2⤵
  PID:4492
- C:\Windows\System\FjoDqBW.exe
  C:\Windows\System\FjoDqBW.exe
  2⤵
  PID:4632
- C:\Windows\System\WaeFycx.exe
  C:\Windows\System\WaeFycx.exe
  2⤵
  PID:4636
- C:\Windows\System\iMyXGIE.exe
  C:\Windows\System\iMyXGIE.exe
  2⤵
  PID:4700
- C:\Windows\System\edRaFTh.exe
  C:\Windows\System\edRaFTh.exe
  2⤵
  PID:4780
- C:\Windows\System\JGfMyux.exe
  C:\Windows\System\JGfMyux.exe
  2⤵
  PID:4792
- C:\Windows\System\ZTnUOOf.exe
  C:\Windows\System\ZTnUOOf.exe
  2⤵
  PID:4840
- C:\Windows\System\tmMBEJm.exe
  C:\Windows\System\tmMBEJm.exe
  2⤵
  PID:4956
- C:\Windows\System\PgfQCFd.exe
  C:\Windows\System\PgfQCFd.exe
  2⤵
  PID:5132
- C:\Windows\System\ICfkfEr.exe
  C:\Windows\System\ICfkfEr.exe
  2⤵
  PID:5148
- C:\Windows\System\fflPqyz.exe
  C:\Windows\System\fflPqyz.exe
  2⤵
  PID:5164
- C:\Windows\System\XtKWAtC.exe
  C:\Windows\System\XtKWAtC.exe
  2⤵
  PID:5180
- C:\Windows\System\xcQiiZV.exe
  C:\Windows\System\xcQiiZV.exe
  2⤵
  PID:5196
- C:\Windows\System\GaKCbia.exe
  C:\Windows\System\GaKCbia.exe
  2⤵
  PID:5212
- C:\Windows\System\DkvctaU.exe
  C:\Windows\System\DkvctaU.exe
  2⤵
  PID:5228
- C:\Windows\System\WFRTpmO.exe
  C:\Windows\System\WFRTpmO.exe
  2⤵
  PID:5244
- C:\Windows\System\TPxDOeg.exe
  C:\Windows\System\TPxDOeg.exe
  2⤵
  PID:5260
- C:\Windows\System\gpfJGOk.exe
  C:\Windows\System\gpfJGOk.exe
  2⤵
  PID:5276
- C:\Windows\System\ueSJMit.exe
  C:\Windows\System\ueSJMit.exe
  2⤵
  PID:5292
- C:\Windows\System\KyYjxfQ.exe
  C:\Windows\System\KyYjxfQ.exe
  2⤵
  PID:5308
- C:\Windows\System\aNPkGYt.exe
  C:\Windows\System\aNPkGYt.exe
  2⤵
  PID:5324
- C:\Windows\System\ympuGbc.exe
  C:\Windows\System\ympuGbc.exe
  2⤵
  PID:5340
- C:\Windows\System\BYpHORO.exe
  C:\Windows\System\BYpHORO.exe
  2⤵
  PID:5356
- C:\Windows\System\DSomOcS.exe
  C:\Windows\System\DSomOcS.exe
  2⤵
  PID:5372
- C:\Windows\System\eZhEsUt.exe
  C:\Windows\System\eZhEsUt.exe
  2⤵
  PID:5388
- C:\Windows\System\CXMQbGf.exe
  C:\Windows\System\CXMQbGf.exe
  2⤵
  PID:5404
- C:\Windows\System\HfgFKUj.exe
  C:\Windows\System\HfgFKUj.exe
  2⤵
  PID:5420
- C:\Windows\System\gitqUxr.exe
  C:\Windows\System\gitqUxr.exe
  2⤵
  PID:5436
- C:\Windows\System\vLIeDiT.exe
  C:\Windows\System\vLIeDiT.exe
  2⤵
  PID:5452
- C:\Windows\System\gEpMtyL.exe
  C:\Windows\System\gEpMtyL.exe
  2⤵
  PID:5468
- C:\Windows\System\yMkIZrr.exe
  C:\Windows\System\yMkIZrr.exe
  2⤵
  PID:5484
- C:\Windows\System\rFOcmPP.exe
  C:\Windows\System\rFOcmPP.exe
  2⤵
  PID:5500
- C:\Windows\System\IoRTpiq.exe
  C:\Windows\System\IoRTpiq.exe
  2⤵
  PID:5516
- C:\Windows\System\EWYxoDh.exe
  C:\Windows\System\EWYxoDh.exe
  2⤵
  PID:5532
- C:\Windows\System\fiKKlNy.exe
  C:\Windows\System\fiKKlNy.exe
  2⤵
  PID:5548
- C:\Windows\System\MyLSjNk.exe
  C:\Windows\System\MyLSjNk.exe
  2⤵
  PID:5564
- C:\Windows\System\ocmxnvr.exe
  C:\Windows\System\ocmxnvr.exe
  2⤵
  PID:5580
- C:\Windows\System\YgoEqrH.exe
  C:\Windows\System\YgoEqrH.exe
  2⤵
  PID:5596
- C:\Windows\System\VCbNGDG.exe
  C:\Windows\System\VCbNGDG.exe
  2⤵
  PID:5612
- C:\Windows\System\TYxiFGD.exe
  C:\Windows\System\TYxiFGD.exe
  2⤵
  PID:5628
- C:\Windows\System\qvoTPno.exe
  C:\Windows\System\qvoTPno.exe
  2⤵
  PID:5644
- C:\Windows\System\WNEiAjw.exe
  C:\Windows\System\WNEiAjw.exe
  2⤵
  PID:5660
- C:\Windows\System\gzXJBfq.exe
  C:\Windows\System\gzXJBfq.exe
  2⤵
  PID:5676
- C:\Windows\System\rtJpfvg.exe
  C:\Windows\System\rtJpfvg.exe
  2⤵
  PID:5692
- C:\Windows\System\cUNNqDG.exe
  C:\Windows\System\cUNNqDG.exe
  2⤵
  PID:5708
- C:\Windows\System\KdYqXyC.exe
  C:\Windows\System\KdYqXyC.exe
  2⤵
  PID:5724
- C:\Windows\System\uVAUNml.exe
  C:\Windows\System\uVAUNml.exe
  2⤵
  PID:5740
- C:\Windows\System\kWYwjbC.exe
  C:\Windows\System\kWYwjbC.exe
  2⤵
  PID:5756
- C:\Windows\System\rcEEJaJ.exe
  C:\Windows\System\rcEEJaJ.exe
  2⤵
  PID:5772
- C:\Windows\System\OBLKMeC.exe
  C:\Windows\System\OBLKMeC.exe
  2⤵
  PID:5788
- C:\Windows\System\sLSUPaS.exe
  C:\Windows\System\sLSUPaS.exe
  2⤵
  PID:5804
- C:\Windows\System\fEmyLxS.exe
  C:\Windows\System\fEmyLxS.exe
  2⤵
  PID:5820
- C:\Windows\System\RatUrYF.exe
  C:\Windows\System\RatUrYF.exe
  2⤵
  PID:5836
- C:\Windows\System\hWYhloG.exe
  C:\Windows\System\hWYhloG.exe
  2⤵
  PID:5852
- C:\Windows\System\SeaNFpS.exe
  C:\Windows\System\SeaNFpS.exe
  2⤵
  PID:5868
- C:\Windows\System\JQSdehk.exe
  C:\Windows\System\JQSdehk.exe
  2⤵
  PID:5884
- C:\Windows\System\hVAEPFF.exe
  C:\Windows\System\hVAEPFF.exe
  2⤵
  PID:5900
- C:\Windows\System\jlgXRhw.exe
  C:\Windows\System\jlgXRhw.exe
  2⤵
  PID:5916
- C:\Windows\System\iUmscGm.exe
  C:\Windows\System\iUmscGm.exe
  2⤵
  PID:5932
- C:\Windows\System\nvlDjFi.exe
  C:\Windows\System\nvlDjFi.exe
  2⤵
  PID:5948
- C:\Windows\System\ivinpld.exe
  C:\Windows\System\ivinpld.exe
  2⤵
  PID:5964
- C:\Windows\System\vacgznF.exe
  C:\Windows\System\vacgznF.exe
  2⤵
  PID:5980
- C:\Windows\System\ccMECKM.exe
  C:\Windows\System\ccMECKM.exe
  2⤵
  PID:5996
- C:\Windows\System\WeriwUy.exe
  C:\Windows\System\WeriwUy.exe
  2⤵
  PID:6012
- C:\Windows\System\pdZYDnb.exe
  C:\Windows\System\pdZYDnb.exe
  2⤵
  PID:6028
- C:\Windows\System\yuFFwJf.exe
  C:\Windows\System\yuFFwJf.exe
  2⤵
  PID:6048
- C:\Windows\System\zWiTQFL.exe
  C:\Windows\System\zWiTQFL.exe
  2⤵
  PID:6064
- C:\Windows\System\eqKzVuq.exe
  C:\Windows\System\eqKzVuq.exe
  2⤵
  PID:6080
- C:\Windows\System\KXNFuhA.exe
  C:\Windows\System\KXNFuhA.exe
  2⤵
  PID:6096
- C:\Windows\System\hUfjBxm.exe
  C:\Windows\System\hUfjBxm.exe
  2⤵
  PID:6112
- C:\Windows\System\nGbEIPw.exe
  C:\Windows\System\nGbEIPw.exe
  2⤵
  PID:6128
- C:\Windows\System\oYvOWgt.exe
  C:\Windows\System\oYvOWgt.exe
  2⤵
  PID:5016
- C:\Windows\System\vuxkMFG.exe
  C:\Windows\System\vuxkMFG.exe
  2⤵
  PID:5032
- C:\Windows\System\kXtvtny.exe
  C:\Windows\System\kXtvtny.exe
  2⤵
  PID:5116
- C:\Windows\System\VtTpjnH.exe
  C:\Windows\System\VtTpjnH.exe
  2⤵
  PID:3872
- C:\Windows\System\PSGSlcc.exe
  C:\Windows\System\PSGSlcc.exe
  2⤵
  PID:3556
- C:\Windows\System\XXzXKWY.exe
  C:\Windows\System\XXzXKWY.exe
  2⤵
  PID:4296
- C:\Windows\System\wDNpLtj.exe
  C:\Windows\System\wDNpLtj.exe
  2⤵
  PID:3476
- C:\Windows\System\FZlqkTD.exe
  C:\Windows\System\FZlqkTD.exe
  2⤵
  PID:4312
- C:\Windows\System\VBzTkcS.exe
  C:\Windows\System\VBzTkcS.exe
  2⤵
  PID:4520
- C:\Windows\System\lYfQBvl.exe
  C:\Windows\System\lYfQBvl.exe
  2⤵
  PID:4360
- C:\Windows\System\crkeDDK.exe
  C:\Windows\System\crkeDDK.exe
  2⤵
  PID:4808
- C:\Windows\System\fTwhHDd.exe
  C:\Windows\System\fTwhHDd.exe
  2⤵
  PID:5140
- C:\Windows\System\zFFgxNv.exe
  C:\Windows\System\zFFgxNv.exe
  2⤵
  PID:4728
- C:\Windows\System\CFvOCfl.exe
  C:\Windows\System\CFvOCfl.exe
  2⤵
  PID:5156
- C:\Windows\System\QUENtNW.exe
  C:\Windows\System\QUENtNW.exe
  2⤵
  PID:5204
- C:\Windows\System\vGVisYI.exe
  C:\Windows\System\vGVisYI.exe
  2⤵
  PID:5268
- C:\Windows\System\kyfpnid.exe
  C:\Windows\System\kyfpnid.exe
  2⤵
  PID:5332
- C:\Windows\System\PbKncGV.exe
  C:\Windows\System\PbKncGV.exe
  2⤵
  PID:5336
- C:\Windows\System\abTDFfg.exe
  C:\Windows\System\abTDFfg.exe
  2⤵
  PID:5320
- C:\Windows\System\ugnagNB.exe
  C:\Windows\System\ugnagNB.exe
  2⤵
  PID:5368
- C:\Windows\System\HvZTHWZ.exe
  C:\Windows\System\HvZTHWZ.exe
  2⤵
  PID:5288
- C:\Windows\System\LIfcxbK.exe
  C:\Windows\System\LIfcxbK.exe
  2⤵
  PID:5460
- C:\Windows\System\eCJtJBx.exe
  C:\Windows\System\eCJtJBx.exe
  2⤵
  PID:5524
- C:\Windows\System\gdndtNA.exe
  C:\Windows\System\gdndtNA.exe
  2⤵
  PID:5384
- C:\Windows\System\CmSknUv.exe
  C:\Windows\System\CmSknUv.exe
  2⤵
  PID:5448
- C:\Windows\System\nneqRnx.exe
  C:\Windows\System\nneqRnx.exe
  2⤵
  PID:5592
- C:\Windows\System\DwkeuIS.exe
  C:\Windows\System\DwkeuIS.exe
  2⤵
  PID:5656
- C:\Windows\System\yzeJirJ.exe
  C:\Windows\System\yzeJirJ.exe
  2⤵
  PID:5476
- C:\Windows\System\upXygxj.exe
  C:\Windows\System\upXygxj.exe
  2⤵
  PID:5544
- C:\Windows\System\RBxsldL.exe
  C:\Windows\System\RBxsldL.exe
  2⤵
  PID:5608
- C:\Windows\System\zgBlORP.exe
  C:\Windows\System\zgBlORP.exe
  2⤵
  PID:5640
- C:\Windows\System\AQGBdEO.exe
  C:\Windows\System\AQGBdEO.exe
  2⤵
  PID:5752
- C:\Windows\System\FPGFzDD.exe
  C:\Windows\System\FPGFzDD.exe
  2⤵
  PID:5816
- C:\Windows\System\CFKAzVp.exe
  C:\Windows\System\CFKAzVp.exe
  2⤵
  PID:5732
- C:\Windows\System\BrDLtUo.exe
  C:\Windows\System\BrDLtUo.exe
  2⤵
  PID:5796
- C:\Windows\System\BIfPuqE.exe
  C:\Windows\System\BIfPuqE.exe
  2⤵
  PID:5832
- C:\Windows\System\zcfNzpp.exe
  C:\Windows\System\zcfNzpp.exe
  2⤵
  PID:5940
- C:\Windows\System\ohGXZKz.exe
  C:\Windows\System\ohGXZKz.exe
  2⤵
  PID:5864
- C:\Windows\System\lSrhqmY.exe
  C:\Windows\System\lSrhqmY.exe
  2⤵
  PID:6004
- C:\Windows\System\qnCAYxy.exe
  C:\Windows\System\qnCAYxy.exe
  2⤵
  PID:5928
- C:\Windows\System\HWQrghn.exe
  C:\Windows\System\HWQrghn.exe
  2⤵
  PID:6020
- C:\Windows\System\JHEfjtM.exe
  C:\Windows\System\JHEfjtM.exe
  2⤵
  PID:6072
- C:\Windows\System\XVzOXfw.exe
  C:\Windows\System\XVzOXfw.exe
  2⤵
  PID:6136
- C:\Windows\System\eVrcbIe.exe
  C:\Windows\System\eVrcbIe.exe
  2⤵
  PID:6088
- C:\Windows\System\pnTPhcO.exe
  C:\Windows\System\pnTPhcO.exe
  2⤵
  PID:3656
- C:\Windows\System\NuNKMLB.exe
  C:\Windows\System\NuNKMLB.exe
  2⤵
  PID:2200
- C:\Windows\System\aXxmERO.exe
  C:\Windows\System\aXxmERO.exe
  2⤵
  PID:3904
- C:\Windows\System\sWVnIog.exe
  C:\Windows\System\sWVnIog.exe
  2⤵
  PID:4136
- C:\Windows\System\xxKmmmc.exe
  C:\Windows\System\xxKmmmc.exe
  2⤵
  PID:4556
- C:\Windows\System\XShopna.exe
  C:\Windows\System\XShopna.exe
  2⤵
  PID:4648
- C:\Windows\System\GioHXvG.exe
  C:\Windows\System\GioHXvG.exe
  2⤵
  PID:5176
- C:\Windows\System\zHnAHar.exe
  C:\Windows\System\zHnAHar.exe
  2⤵
  PID:5300
- C:\Windows\System\UaXPvJv.exe
  C:\Windows\System\UaXPvJv.exe
  2⤵
  PID:5224
- C:\Windows\System\YdSDHMN.exe
  C:\Windows\System\YdSDHMN.exe
  2⤵
  PID:6044
- C:\Windows\System\ulghdPA.exe
  C:\Windows\System\ulghdPA.exe
  2⤵
  PID:5364
- C:\Windows\System\xqYkpXe.exe
  C:\Windows\System\xqYkpXe.exe
  2⤵
  PID:5416
- C:\Windows\System\biWaPNl.exe
  C:\Windows\System\biWaPNl.exe
  2⤵
  PID:5380
- C:\Windows\System\vGvKzPR.exe
  C:\Windows\System\vGvKzPR.exe
  2⤵
  PID:5508
- C:\Windows\System\xgvRsmE.exe
  C:\Windows\System\xgvRsmE.exe
  2⤵
  PID:5720
- C:\Windows\System\fPWDLMz.exe
  C:\Windows\System\fPWDLMz.exe
  2⤵
  PID:5784
- C:\Windows\System\KtuIpbC.exe
  C:\Windows\System\KtuIpbC.exe
  2⤵
  PID:5768
- C:\Windows\System\YrzDRvb.exe
  C:\Windows\System\YrzDRvb.exe
  2⤵
  PID:5828
- C:\Windows\System\TvOyZuY.exe
  C:\Windows\System\TvOyZuY.exe
  2⤵
  PID:5960
- C:\Windows\System\HwsvsRs.exe
  C:\Windows\System\HwsvsRs.exe
  2⤵
  PID:5896
- C:\Windows\System\EJtTrTP.exe
  C:\Windows\System\EJtTrTP.exe
  2⤵
  PID:6104
- C:\Windows\System\cYbpRvI.exe
  C:\Windows\System\cYbpRvI.exe
  2⤵
  PID:6120
- C:\Windows\System\slNxNeA.exe
  C:\Windows\System\slNxNeA.exe
  2⤵
  PID:6156
- C:\Windows\System\dYwNhdU.exe
  C:\Windows\System\dYwNhdU.exe
  2⤵
  PID:6172
- C:\Windows\System\GnNQyxL.exe
  C:\Windows\System\GnNQyxL.exe
  2⤵
  PID:6188
- C:\Windows\System\lllWQrf.exe
  C:\Windows\System\lllWQrf.exe
  2⤵
  PID:6204
- C:\Windows\System\BFsmQiZ.exe
  C:\Windows\System\BFsmQiZ.exe
  2⤵
  PID:6220
- C:\Windows\System\LscsXsO.exe
  C:\Windows\System\LscsXsO.exe
  2⤵
  PID:6236
- C:\Windows\System\YzmFHOb.exe
  C:\Windows\System\YzmFHOb.exe
  2⤵
  PID:6252
- C:\Windows\System\qZNiIpr.exe
  C:\Windows\System\qZNiIpr.exe
  2⤵
  PID:6268
- C:\Windows\System\WXrpzho.exe
  C:\Windows\System\WXrpzho.exe
  2⤵
  PID:6284
- C:\Windows\System\ypZVhJa.exe
  C:\Windows\System\ypZVhJa.exe
  2⤵
  PID:6300
- C:\Windows\System\KFaaJWo.exe
  C:\Windows\System\KFaaJWo.exe
  2⤵
  PID:6316
- C:\Windows\System\uIRPBSB.exe
  C:\Windows\System\uIRPBSB.exe
  2⤵
  PID:6332
- C:\Windows\System\grbZkId.exe
  C:\Windows\System\grbZkId.exe
  2⤵
  PID:6348
- C:\Windows\System\JGvoEWR.exe
  C:\Windows\System\JGvoEWR.exe
  2⤵
  PID:6364
- C:\Windows\System\bksIaFT.exe
  C:\Windows\System\bksIaFT.exe
  2⤵
  PID:6380
- C:\Windows\System\nMjwfKW.exe
  C:\Windows\System\nMjwfKW.exe
  2⤵
  PID:6396
- C:\Windows\System\vdUYHTM.exe
  C:\Windows\System\vdUYHTM.exe
  2⤵
  PID:6412
- C:\Windows\System\GtelztZ.exe
  C:\Windows\System\GtelztZ.exe
  2⤵
  PID:6428
- C:\Windows\System\cYoZgaN.exe
  C:\Windows\System\cYoZgaN.exe
  2⤵
  PID:6444
- C:\Windows\System\rbPSKkc.exe
  C:\Windows\System\rbPSKkc.exe
  2⤵
  PID:6464
- C:\Windows\System\rdYjfyh.exe
  C:\Windows\System\rdYjfyh.exe
  2⤵
  PID:6480
- C:\Windows\System\fIsiYYY.exe
  C:\Windows\System\fIsiYYY.exe
  2⤵
  PID:6496
- C:\Windows\System\Hpzgbte.exe
  C:\Windows\System\Hpzgbte.exe
  2⤵
  PID:6512
- C:\Windows\System\ICJOdmC.exe
  C:\Windows\System\ICJOdmC.exe
  2⤵
  PID:6528
- C:\Windows\System\tMZygQb.exe
  C:\Windows\System\tMZygQb.exe
  2⤵
  PID:6544
- C:\Windows\System\fzOpzcK.exe
  C:\Windows\System\fzOpzcK.exe
  2⤵
  PID:6560
- C:\Windows\System\zvLDybL.exe
  C:\Windows\System\zvLDybL.exe
  2⤵
  PID:6576
- C:\Windows\System\ucmuhEB.exe
  C:\Windows\System\ucmuhEB.exe
  2⤵
  PID:6592
- C:\Windows\System\ARKXGFA.exe
  C:\Windows\System\ARKXGFA.exe
  2⤵
  PID:6608
- C:\Windows\System\QtuTjKG.exe
  C:\Windows\System\QtuTjKG.exe
  2⤵
  PID:6624
- C:\Windows\System\TBsnfAD.exe
  C:\Windows\System\TBsnfAD.exe
  2⤵
  PID:6640
- C:\Windows\System\lsMqHQI.exe
  C:\Windows\System\lsMqHQI.exe
  2⤵
  PID:6656
- C:\Windows\System\EyDmJFc.exe
  C:\Windows\System\EyDmJFc.exe
  2⤵
  PID:6672
- C:\Windows\System\ddGBMMB.exe
  C:\Windows\System\ddGBMMB.exe
  2⤵
  PID:6688
- C:\Windows\System\kPkFtRz.exe
  C:\Windows\System\kPkFtRz.exe
  2⤵
  PID:6704
- C:\Windows\System\FPsMSlH.exe
  C:\Windows\System\FPsMSlH.exe
  2⤵
  PID:6720
- C:\Windows\System\QjJuRtz.exe
  C:\Windows\System\QjJuRtz.exe
  2⤵
  PID:6736
- C:\Windows\System\PMrKhYu.exe
  C:\Windows\System\PMrKhYu.exe
  2⤵
  PID:6752
- C:\Windows\System\HPauoPT.exe
  C:\Windows\System\HPauoPT.exe
  2⤵
  PID:6768
- C:\Windows\System\pHMkfut.exe
  C:\Windows\System\pHMkfut.exe
  2⤵
  PID:6784
- C:\Windows\System\VoVdAhO.exe
  C:\Windows\System\VoVdAhO.exe
  2⤵
  PID:6800
- C:\Windows\System\zrkVpow.exe
  C:\Windows\System\zrkVpow.exe
  2⤵
  PID:6820
- C:\Windows\System\JKcKDGI.exe
  C:\Windows\System\JKcKDGI.exe
  2⤵
  PID:6840
- C:\Windows\System\uriGkSB.exe
  C:\Windows\System\uriGkSB.exe
  2⤵
  PID:6860
- C:\Windows\System\yTOAzoQ.exe
  C:\Windows\System\yTOAzoQ.exe
  2⤵
  PID:6876
- C:\Windows\System\LRmIRPx.exe
  C:\Windows\System\LRmIRPx.exe
  2⤵
  PID:6896
- C:\Windows\System\RoIqUjI.exe
  C:\Windows\System\RoIqUjI.exe
  2⤵
  PID:6916
- C:\Windows\System\bwehDUh.exe
  C:\Windows\System\bwehDUh.exe
  2⤵
  PID:6936
- C:\Windows\System\xZqHEik.exe
  C:\Windows\System\xZqHEik.exe
  2⤵
  PID:6956
- C:\Windows\System\bFUJmBO.exe
  C:\Windows\System\bFUJmBO.exe
  2⤵
  PID:6976
- C:\Windows\System\VFkHDQy.exe
  C:\Windows\System\VFkHDQy.exe
  2⤵
  PID:6996
- C:\Windows\System\bpDWnHa.exe
  C:\Windows\System\bpDWnHa.exe
  2⤵
  PID:7012
- C:\Windows\System\UzDDZNY.exe
  C:\Windows\System\UzDDZNY.exe
  2⤵
  PID:7032
- C:\Windows\System\GuauwUF.exe
  C:\Windows\System\GuauwUF.exe
  2⤵
  PID:7056
- C:\Windows\System\MEuZQfo.exe
  C:\Windows\System\MEuZQfo.exe
  2⤵
  PID:7072
- C:\Windows\System\IQctgZI.exe
  C:\Windows\System\IQctgZI.exe
  2⤵
  PID:7092
- C:\Windows\System\wHrFCbB.exe
  C:\Windows\System\wHrFCbB.exe
  2⤵
  PID:7112
- C:\Windows\System\lfFTemE.exe
  C:\Windows\System\lfFTemE.exe
  2⤵
  PID:7132
- C:\Windows\System\UPOSZqT.exe
  C:\Windows\System\UPOSZqT.exe
  2⤵
  PID:7152
- C:\Windows\System\VFWwLCt.exe
  C:\Windows\System\VFWwLCt.exe
  2⤵
  PID:3988
- C:\Windows\System\TuczxKo.exe
  C:\Windows\System\TuczxKo.exe
  2⤵
  PID:4428
- C:\Windows\System\znPhEnE.exe
  C:\Windows\System\znPhEnE.exe
  2⤵
  PID:4156
- C:\Windows\System\VjrKyBc.exe
  C:\Windows\System\VjrKyBc.exe
  2⤵
  PID:4904
- C:\Windows\System\hLhnwcI.exe
  C:\Windows\System\hLhnwcI.exe
  2⤵
  PID:5428
- C:\Windows\System\WVemtdK.exe
  C:\Windows\System\WVemtdK.exe
  2⤵
  PID:5496
- C:\Windows\System\ozZnXSz.exe
  C:\Windows\System\ozZnXSz.exe
  2⤵
  PID:5716
- C:\Windows\System\vABfQEY.exe
  C:\Windows\System\vABfQEY.exe
  2⤵
  PID:5912
- C:\Windows\System\fEHtBIp.exe
  C:\Windows\System\fEHtBIp.exe
  2⤵
  PID:5672
- C:\Windows\System\demriaN.exe
  C:\Windows\System\demriaN.exe
  2⤵
  PID:5860
- C:\Windows\System\zCxwjNY.exe
  C:\Windows\System\zCxwjNY.exe
  2⤵
  PID:4924
- C:\Windows\System\UMTLjwb.exe
  C:\Windows\System\UMTLjwb.exe
  2⤵
  PID:6180
- C:\Windows\System\VXSdnyf.exe
  C:\Windows\System\VXSdnyf.exe
  2⤵
  PID:6196
- C:\Windows\System\ktgYhWy.exe
  C:\Windows\System\ktgYhWy.exe
  2⤵
  PID:6244
- C:\Windows\System\wyVrlqd.exe
  C:\Windows\System\wyVrlqd.exe
  2⤵
  PID:6260
- C:\Windows\System\UYmqdsb.exe
  C:\Windows\System\UYmqdsb.exe
  2⤵
  PID:6292
- C:\Windows\System\LMJvyCl.exe
  C:\Windows\System\LMJvyCl.exe
  2⤵
  PID:6324
- C:\Windows\System\QpmibqZ.exe
  C:\Windows\System\QpmibqZ.exe
  2⤵
  PID:6372
- C:\Windows\System\tYWtrJa.exe
  C:\Windows\System\tYWtrJa.exe
  2⤵
  PID:6404
- C:\Windows\System\VoylUcs.exe
  C:\Windows\System\VoylUcs.exe
  2⤵
  PID:6472
- C:\Windows\System\kqzVMsW.exe
  C:\Windows\System\kqzVMsW.exe
  2⤵
  PID:6536
- C:\Windows\System\gNCJGkP.exe
  C:\Windows\System\gNCJGkP.exe
  2⤵
  PID:6600
- C:\Windows\System\itZYaCG.exe
  C:\Windows\System\itZYaCG.exe
  2⤵
  PID:6664
- C:\Windows\System\AVbElsf.exe
  C:\Windows\System\AVbElsf.exe
  2⤵
  PID:6728
- C:\Windows\System\oQWytVW.exe
  C:\Windows\System\oQWytVW.exe
  2⤵
  PID:6792
- C:\Windows\System\qPMOwBK.exe
  C:\Windows\System\qPMOwBK.exe
  2⤵
  PID:6868
- C:\Windows\System\qluypgQ.exe
  C:\Windows\System\qluypgQ.exe
  2⤵
  PID:6944
- C:\Windows\System\AWLyRul.exe
  C:\Windows\System\AWLyRul.exe
  2⤵
  PID:6388
- C:\Windows\System\YKFcSfk.exe
  C:\Windows\System\YKFcSfk.exe
  2⤵
  PID:7068
- C:\Windows\System\lXMGDpz.exe
  C:\Windows\System\lXMGDpz.exe
  2⤵
  PID:7140
- C:\Windows\System\OUBiUKY.exe
  C:\Windows\System\OUBiUKY.exe
  2⤵
  PID:3156
- C:\Windows\System\elOytrN.exe
  C:\Windows\System\elOytrN.exe
  2⤵
  PID:5812
- C:\Windows\System\RhgvYWs.exe
  C:\Windows\System\RhgvYWs.exe
  2⤵
  PID:2512
- C:\Windows\System\wxSSSkz.exe
  C:\Windows\System\wxSSSkz.exe
  2⤵
  PID:6280
- C:\Windows\System\sfsFjoO.exe
  C:\Windows\System\sfsFjoO.exe
  2⤵
  PID:6344
- C:\Windows\System\CITQFYn.exe
  C:\Windows\System\CITQFYn.exe
  2⤵
  PID:6572
- C:\Windows\System\nuedvKh.exe
  C:\Windows\System\nuedvKh.exe
  2⤵
  PID:6832
- C:\Windows\System\rHhVcGw.exe
  C:\Windows\System\rHhVcGw.exe
  2⤵
  PID:6424
- C:\Windows\System\ruUVyMK.exe
  C:\Windows\System\ruUVyMK.exe
  2⤵
  PID:6520
- C:\Windows\System\dGJWHzz.exe
  C:\Windows\System\dGJWHzz.exe
  2⤵
  PID:6988
- C:\Windows\System\OkrxbAb.exe
  C:\Windows\System\OkrxbAb.exe
  2⤵
  PID:6392
- C:\Windows\System\RNbRhpU.exe
  C:\Windows\System\RNbRhpU.exe
  2⤵
  PID:6652
- C:\Windows\System\VCpktDO.exe
  C:\Windows\System\VCpktDO.exe
  2⤵
  PID:6716
- C:\Windows\System\vLqbGtH.exe
  C:\Windows\System\vLqbGtH.exe
  2⤵
  PID:7188
- C:\Windows\System\kmPKbSo.exe
  C:\Windows\System\kmPKbSo.exe
  2⤵
  PID:7204
- C:\Windows\System\rxkTjaP.exe
  C:\Windows\System\rxkTjaP.exe
  2⤵
  PID:7220
- C:\Windows\System\GoUkmKc.exe
  C:\Windows\System\GoUkmKc.exe
  2⤵
  PID:7236
- C:\Windows\System\Yykqapf.exe
  C:\Windows\System\Yykqapf.exe
  2⤵
  PID:7252
- C:\Windows\System\HbASfmk.exe
  C:\Windows\System\HbASfmk.exe
  2⤵
  PID:7268
- C:\Windows\System\lUCwDNA.exe
  C:\Windows\System\lUCwDNA.exe
  2⤵
  PID:7284
- C:\Windows\System\mKgtBSh.exe
  C:\Windows\System\mKgtBSh.exe
  2⤵
  PID:7300
- C:\Windows\System\rlXplEf.exe
  C:\Windows\System\rlXplEf.exe
  2⤵
  PID:7316
- C:\Windows\System\CmTIKEx.exe
  C:\Windows\System\CmTIKEx.exe
  2⤵
  PID:7332
- C:\Windows\System\BWhNrdO.exe
  C:\Windows\System\BWhNrdO.exe
  2⤵
  PID:7348
- C:\Windows\System\GwxDtRa.exe
  C:\Windows\System\GwxDtRa.exe
  2⤵
  PID:7364
- C:\Windows\System\sAtpgRH.exe
  C:\Windows\System\sAtpgRH.exe
  2⤵
  PID:7380
- C:\Windows\System\GHKMiGu.exe
  C:\Windows\System\GHKMiGu.exe
  2⤵
  PID:7396
- C:\Windows\System\VpqHJdP.exe
  C:\Windows\System\VpqHJdP.exe
  2⤵
  PID:7412
- C:\Windows\System\UAtgEGz.exe
  C:\Windows\System\UAtgEGz.exe
  2⤵
  PID:7428
- C:\Windows\System\xYUnUMv.exe
  C:\Windows\System\xYUnUMv.exe
  2⤵
  PID:7444
- C:\Windows\System\MhqphFt.exe
  C:\Windows\System\MhqphFt.exe
  2⤵
  PID:7460
- C:\Windows\System\fltEjPN.exe
  C:\Windows\System\fltEjPN.exe
  2⤵
  PID:7476
- C:\Windows\System\WcVZaRn.exe
  C:\Windows\System\WcVZaRn.exe
  2⤵
  PID:7492
- C:\Windows\System\xZBVWcC.exe
  C:\Windows\System\xZBVWcC.exe
  2⤵
  PID:7512
- C:\Windows\System\QFflPMA.exe
  C:\Windows\System\QFflPMA.exe
  2⤵
  PID:7528
- C:\Windows\System\rEThGzu.exe
  C:\Windows\System\rEThGzu.exe
  2⤵
  PID:7548
- C:\Windows\System\IJkayRI.exe
  C:\Windows\System\IJkayRI.exe
  2⤵
  PID:8328
- C:\Windows\System\WEAtgFS.exe
  C:\Windows\System\WEAtgFS.exe
  2⤵
  PID:8344
- C:\Windows\System\DyijfSi.exe
  C:\Windows\System\DyijfSi.exe
  2⤵
  PID:8360
- C:\Windows\System\wspKqIj.exe
  C:\Windows\System\wspKqIj.exe
  2⤵
  PID:8376
- C:\Windows\System\CmtVCRP.exe
  C:\Windows\System\CmtVCRP.exe
  2⤵
  PID:8392
- C:\Windows\System\HZLvidP.exe
  C:\Windows\System\HZLvidP.exe
  2⤵
  PID:8408
- C:\Windows\System\TWEzIxn.exe
  C:\Windows\System\TWEzIxn.exe
  2⤵
  PID:8424
- C:\Windows\System\fQsKgrv.exe
  C:\Windows\System\fQsKgrv.exe
  2⤵
  PID:8440
- C:\Windows\System\zpwHjeO.exe
  C:\Windows\System\zpwHjeO.exe
  2⤵
  PID:8456
- C:\Windows\System\JLJYDni.exe
  C:\Windows\System\JLJYDni.exe
  2⤵
  PID:8472
- C:\Windows\System\rczekEw.exe
  C:\Windows\System\rczekEw.exe
  2⤵
  PID:8488
- C:\Windows\System\zNumqMj.exe
  C:\Windows\System\zNumqMj.exe
  2⤵
  PID:8504
- C:\Windows\System\tklfVJZ.exe
  C:\Windows\System\tklfVJZ.exe
  2⤵
  PID:8520
- C:\Windows\System\EUyuSRn.exe
  C:\Windows\System\EUyuSRn.exe
  2⤵
  PID:8536
- C:\Windows\System\JzHWuBE.exe
  C:\Windows\System\JzHWuBE.exe
  2⤵
  PID:8552
- C:\Windows\System\qoAgjXb.exe
  C:\Windows\System\qoAgjXb.exe
  2⤵
  PID:8568
- C:\Windows\System\AcAxkcL.exe
  C:\Windows\System\AcAxkcL.exe
  2⤵
  PID:8584
- C:\Windows\System\FaOecvy.exe
  C:\Windows\System\FaOecvy.exe
  2⤵
  PID:8600
- C:\Windows\System\JoEAFIP.exe
  C:\Windows\System\JoEAFIP.exe
  2⤵
  PID:8616
- C:\Windows\System\TDyNFJD.exe
  C:\Windows\System\TDyNFJD.exe
  2⤵
  PID:8632
- C:\Windows\System\UjDMmaF.exe
  C:\Windows\System\UjDMmaF.exe
  2⤵
  PID:8648
- C:\Windows\System\yHmhKnu.exe
  C:\Windows\System\yHmhKnu.exe
  2⤵
  PID:8664
- C:\Windows\System\RfCuLGc.exe
  C:\Windows\System\RfCuLGc.exe
  2⤵
  PID:8680
- C:\Windows\System\EaeaziB.exe
  C:\Windows\System\EaeaziB.exe
  2⤵
  PID:8696
- C:\Windows\System\qQaZljI.exe
  C:\Windows\System\qQaZljI.exe
  2⤵
  PID:8716
- C:\Windows\System\KtkUrkb.exe
  C:\Windows\System\KtkUrkb.exe
  2⤵
  PID:8732
- C:\Windows\System\rtrzDmI.exe
  C:\Windows\System\rtrzDmI.exe
  2⤵
  PID:8748
- C:\Windows\System\ZMdBueX.exe
  C:\Windows\System\ZMdBueX.exe
  2⤵
  PID:8764
- C:\Windows\System\ghwpLzc.exe
  C:\Windows\System\ghwpLzc.exe
  2⤵
  PID:8780
- C:\Windows\System\ggtyYBh.exe
  C:\Windows\System\ggtyYBh.exe
  2⤵
  PID:8796
- C:\Windows\System\TwMeGgN.exe
  C:\Windows\System\TwMeGgN.exe
  2⤵
  PID:8812
- C:\Windows\System\nOunkJc.exe
  C:\Windows\System\nOunkJc.exe
  2⤵
  PID:8828
- C:\Windows\System\NcLeGGK.exe
  C:\Windows\System\NcLeGGK.exe
  2⤵
  PID:8844
- C:\Windows\System\KqxNmGq.exe
  C:\Windows\System\KqxNmGq.exe
  2⤵
  PID:8860
- C:\Windows\System\ftbZBmn.exe
  C:\Windows\System\ftbZBmn.exe
  2⤵
  PID:8876
- C:\Windows\System\cbVXtLr.exe
  C:\Windows\System\cbVXtLr.exe
  2⤵
  PID:8892
- C:\Windows\System\orfStid.exe
  C:\Windows\System\orfStid.exe
  2⤵
  PID:8908
- C:\Windows\System\YpidKTZ.exe
  C:\Windows\System\YpidKTZ.exe
  2⤵
  PID:8924
- C:\Windows\System\DudkJoX.exe
  C:\Windows\System\DudkJoX.exe
  2⤵
  PID:8940
- C:\Windows\System\kOBQWAe.exe
  C:\Windows\System\kOBQWAe.exe
  2⤵
  PID:8956
- C:\Windows\System\rbshAaO.exe
  C:\Windows\System\rbshAaO.exe
  2⤵
  PID:8972
- C:\Windows\System\owTsege.exe
  C:\Windows\System\owTsege.exe
  2⤵
  PID:8988
- C:\Windows\System\hmatHkE.exe
  C:\Windows\System\hmatHkE.exe
  2⤵
  PID:9004
- C:\Windows\System\PUZBmco.exe
  C:\Windows\System\PUZBmco.exe
  2⤵
  PID:9020
- C:\Windows\System\MKowdep.exe
  C:\Windows\System\MKowdep.exe
  2⤵
  PID:9036
- C:\Windows\System\eRcTyXA.exe
  C:\Windows\System\eRcTyXA.exe
  2⤵
  PID:9052
- C:\Windows\System\tAMloxD.exe
  C:\Windows\System\tAMloxD.exe
  2⤵
  PID:9068
- C:\Windows\System\GxCdPEl.exe
  C:\Windows\System\GxCdPEl.exe
  2⤵
  PID:9084
- C:\Windows\System\ymMAEFS.exe
  C:\Windows\System\ymMAEFS.exe
  2⤵
  PID:9100
- C:\Windows\System\gEIQJRj.exe
  C:\Windows\System\gEIQJRj.exe
  2⤵
  PID:9116
- C:\Windows\System\AUPbRtj.exe
  C:\Windows\System\AUPbRtj.exe
  2⤵
  PID:9132
- C:\Windows\System\RRyvpcr.exe
  C:\Windows\System\RRyvpcr.exe
  2⤵
  PID:9148
- C:\Windows\System\QkRWioD.exe
  C:\Windows\System\QkRWioD.exe
  2⤵
  PID:9164
- C:\Windows\System\ykGIKUB.exe
  C:\Windows\System\ykGIKUB.exe
  2⤵
  PID:9180
- C:\Windows\System\mDjdHxd.exe
  C:\Windows\System\mDjdHxd.exe
  2⤵
  PID:9196
- C:\Windows\System\QQNzKHP.exe
  C:\Windows\System\QQNzKHP.exe
  2⤵
  PID:9212
- C:\Windows\System\yEWooDA.exe
  C:\Windows\System\yEWooDA.exe
  2⤵
  PID:7556
- C:\Windows\System\bqgpSVN.exe
  C:\Windows\System\bqgpSVN.exe
  2⤵
  PID:7572
- C:\Windows\System\tbKmOfg.exe
  C:\Windows\System\tbKmOfg.exe
  2⤵
  PID:7588
- C:\Windows\System\sYUrjol.exe
  C:\Windows\System\sYUrjol.exe
  2⤵
  PID:7604
- C:\Windows\System\lNMMvnc.exe
  C:\Windows\System\lNMMvnc.exe
  2⤵
  PID:7620
- C:\Windows\System\oQMRkvC.exe
  C:\Windows\System\oQMRkvC.exe
  2⤵
  PID:7636
- C:\Windows\System\zfCoOLR.exe
  C:\Windows\System\zfCoOLR.exe
  2⤵
  PID:7652
- C:\Windows\System\QfMIbfB.exe
  C:\Windows\System\QfMIbfB.exe
  2⤵
  PID:7668
- C:\Windows\System\BwWDCLX.exe
  C:\Windows\System\BwWDCLX.exe
  2⤵
  PID:2544
- C:\Windows\System\YHSvsoD.exe
  C:\Windows\System\YHSvsoD.exe
  2⤵
  PID:7692
- C:\Windows\System\lxbbqvR.exe
  C:\Windows\System\lxbbqvR.exe
  2⤵
  PID:7708
- C:\Windows\System\eVRqPfY.exe
  C:\Windows\System\eVRqPfY.exe
  2⤵
  PID:7724
- C:\Windows\System\uFlMJix.exe
  C:\Windows\System\uFlMJix.exe
  2⤵
  PID:7740
- C:\Windows\System\xmGANZM.exe
  C:\Windows\System\xmGANZM.exe
  2⤵
  PID:7756
- C:\Windows\System\vSqIajM.exe
  C:\Windows\System\vSqIajM.exe
  2⤵
  PID:7772
- C:\Windows\System\oFeabzK.exe
  C:\Windows\System\oFeabzK.exe
  2⤵
  PID:7788
- C:\Windows\System\PPtelvr.exe
  C:\Windows\System\PPtelvr.exe
  2⤵
  PID:7804
- C:\Windows\System\enRxtBV.exe
  C:\Windows\System\enRxtBV.exe
  2⤵
  PID:7820
- C:\Windows\System\EeMjZlL.exe
  C:\Windows\System\EeMjZlL.exe
  2⤵
  PID:7836
- C:\Windows\System\CLuvKCb.exe
  C:\Windows\System\CLuvKCb.exe
  2⤵
  PID:7852
- C:\Windows\System\kuRnajj.exe
  C:\Windows\System\kuRnajj.exe
  2⤵
  PID:7868
- C:\Windows\System\LzWAIcZ.exe
  C:\Windows\System\LzWAIcZ.exe
  2⤵
  PID:7884
- C:\Windows\System\zEmdZJy.exe
  C:\Windows\System\zEmdZJy.exe
  2⤵
  PID:7900
- C:\Windows\System\yvtPkNH.exe
  C:\Windows\System\yvtPkNH.exe
  2⤵
  PID:7916
- C:\Windows\System\JqeAFLr.exe
  C:\Windows\System\JqeAFLr.exe
  2⤵
  PID:7932
- C:\Windows\System\RLweDiu.exe
  C:\Windows\System\RLweDiu.exe
  2⤵
  PID:7948
- C:\Windows\System\kaYUHCF.exe
  C:\Windows\System\kaYUHCF.exe
  2⤵
  PID:7964
- C:\Windows\System\VbAsSfO.exe
  C:\Windows\System\VbAsSfO.exe
  2⤵
  PID:7980
- C:\Windows\System\hEBefjB.exe
  C:\Windows\System\hEBefjB.exe
  2⤵
  PID:7996
- C:\Windows\System\PQIGNdn.exe
  C:\Windows\System\PQIGNdn.exe
  2⤵
  PID:8012
- C:\Windows\System\PwvFofR.exe
  C:\Windows\System\PwvFofR.exe
  2⤵
  PID:8028
- C:\Windows\System\VMBraFq.exe
  C:\Windows\System\VMBraFq.exe
  2⤵
  PID:8044
- C:\Windows\System\DdIkQeL.exe
  C:\Windows\System\DdIkQeL.exe
  2⤵
  PID:8060
- C:\Windows\System\IuOZihd.exe
  C:\Windows\System\IuOZihd.exe
  2⤵
  PID:8076
- C:\Windows\System\gJODxzh.exe
  C:\Windows\System\gJODxzh.exe
  2⤵
  PID:8092
- C:\Windows\System\FKnCzLL.exe
  C:\Windows\System\FKnCzLL.exe
  2⤵
  PID:8108
- C:\Windows\System\FCXUGZd.exe
  C:\Windows\System\FCXUGZd.exe
  2⤵
  PID:8124
- C:\Windows\System\dWIPQVy.exe
  C:\Windows\System\dWIPQVy.exe
  2⤵
  PID:8140
- C:\Windows\System\zSBKWTP.exe
  C:\Windows\System\zSBKWTP.exe
  2⤵
  PID:8156
- C:\Windows\System\QLSUJfW.exe
  C:\Windows\System\QLSUJfW.exe
  2⤵
  PID:8172
- C:\Windows\System\TSlqwMR.exe
  C:\Windows\System\TSlqwMR.exe
  2⤵
  PID:8188
- C:\Windows\System\qGYJKTZ.exe
  C:\Windows\System\qGYJKTZ.exe
  2⤵
  PID:5252
- C:\Windows\System\OMbCvzb.exe
  C:\Windows\System\OMbCvzb.exe
  2⤵
  PID:6848
- C:\Windows\System\AVaslUC.exe
  C:\Windows\System\AVaslUC.exe
  2⤵
  PID:6924
- C:\Windows\System\jkMIdKO.exe
  C:\Windows\System\jkMIdKO.exe
  2⤵
  PID:6152
- C:\Windows\System\qwiBplw.exe
  C:\Windows\System\qwiBplw.exe
  2⤵
  PID:4408
- C:\Windows\System\tvAjLnW.exe
  C:\Windows\System\tvAjLnW.exe
  2⤵
  PID:6908
- C:\Windows\System\vsOsLZr.exe
  C:\Windows\System\vsOsLZr.exe
  2⤵
  PID:6636
- C:\Windows\System\SiRJhqJ.exe
  C:\Windows\System\SiRJhqJ.exe
  2⤵
  PID:6376
- C:\Windows\System\icaDKSp.exe
  C:\Windows\System\icaDKSp.exe
  2⤵
  PID:6232
- C:\Windows\System\xJFVkkO.exe
  C:\Windows\System\xJFVkkO.exe
  2⤵
  PID:6040
- C:\Windows\System\KKgZayd.exe
  C:\Windows\System\KKgZayd.exe
  2⤵
  PID:5652
- C:\Windows\System\EQAkwsU.exe
  C:\Windows\System\EQAkwsU.exe
  2⤵
  PID:5236
- C:\Windows\System\uhcpGjj.exe
  C:\Windows\System\uhcpGjj.exe
  2⤵
  PID:7124
- C:\Windows\System\DYKaMdZ.exe
  C:\Windows\System\DYKaMdZ.exe
  2⤵
  PID:7048
- C:\Windows\System\iaiTFNP.exe
  C:\Windows\System\iaiTFNP.exe
  2⤵
  PID:6456
- C:\Windows\System\DfGvmoa.exe
  C:\Windows\System\DfGvmoa.exe
  2⤵
  PID:6452
- C:\Windows\System\veSxfjN.exe
  C:\Windows\System\veSxfjN.exe
  2⤵
  PID:6648
- C:\Windows\System\hSOnRkK.exe
  C:\Windows\System\hSOnRkK.exe
  2⤵
  PID:7216
- C:\Windows\System\Cyhvhsg.exe
  C:\Windows\System\Cyhvhsg.exe
  2⤵
  PID:7280
- C:\Windows\System\gndeOwz.exe
  C:\Windows\System\gndeOwz.exe
  2⤵
  PID:7344
- C:\Windows\System\qDisNVo.exe
  C:\Windows\System\qDisNVo.exe
  2⤵
  PID:7408
- C:\Windows\System\GaxaHBw.exe
  C:\Windows\System\GaxaHBw.exe
  2⤵
  PID:7472
- C:\Windows\System\ejvVfoI.exe
  C:\Windows\System\ejvVfoI.exe
  2⤵
  PID:2748
- C:\Windows\System\dHdMaoq.exe
  C:\Windows\System\dHdMaoq.exe
  2⤵
  PID:6328
- C:\Windows\System\mqNhnnz.exe
  C:\Windows\System\mqNhnnz.exe
  2⤵
  PID:6712
- C:\Windows\System\OYDcBfA.exe
  C:\Windows\System\OYDcBfA.exe
  2⤵
  PID:7296
- C:\Windows\System\FqSQyds.exe
  C:\Windows\System\FqSQyds.exe
  2⤵
  PID:7360
- C:\Windows\System\cqOUUba.exe
  C:\Windows\System\cqOUUba.exe
  2⤵
  PID:7424
- C:\Windows\System\SfGCuog.exe
  C:\Windows\System\SfGCuog.exe
  2⤵
  PID:8200
- C:\Windows\System\XYibktn.exe
  C:\Windows\System\XYibktn.exe
  2⤵
  PID:8216
- C:\Windows\System\ZuCQqBC.exe
  C:\Windows\System\ZuCQqBC.exe
  2⤵
  PID:8232
- C:\Windows\System\XSmOJxS.exe
  C:\Windows\System\XSmOJxS.exe
  2⤵
  PID:8248
- C:\Windows\System\DrKIfzM.exe
  C:\Windows\System\DrKIfzM.exe
  2⤵
  PID:8264
- C:\Windows\System\NAMxqeu.exe
  C:\Windows\System\NAMxqeu.exe
  2⤵
  PID:8280
- C:\Windows\System\eoLsmKh.exe
  C:\Windows\System\eoLsmKh.exe
  2⤵
  PID:2828
- C:\Windows\System\tQlRRSZ.exe
  C:\Windows\System\tQlRRSZ.exe
  2⤵
  PID:1892
- C:\Windows\System\KwcLtCG.exe
  C:\Windows\System\KwcLtCG.exe
  2⤵
  PID:1556
- C:\Windows\System\nECJHUl.exe
  C:\Windows\System\nECJHUl.exe
  2⤵
  PID:3200
- C:\Windows\System\wPnTbFr.exe
  C:\Windows\System\wPnTbFr.exe
  2⤵
  PID:848
- C:\Windows\System\MDOvCBQ.exe
  C:\Windows\System\MDOvCBQ.exe
  2⤵
  PID:3216
- C:\Windows\System\sWHQRwo.exe
  C:\Windows\System\sWHQRwo.exe
  2⤵
  PID:3220
- C:\Windows\System\vYwyCMA.exe
  C:\Windows\System\vYwyCMA.exe
  2⤵
  PID:3236
- C:\Windows\System\eoTzQYE.exe
  C:\Windows\System\eoTzQYE.exe
  2⤵
  PID:3256
- C:\Windows\System\CEMgnGn.exe
  C:\Windows\System\CEMgnGn.exe
  2⤵
  PID:8288
- C:\Windows\System\JLZWnBh.exe
  C:\Windows\System\JLZWnBh.exe
  2⤵
  PID:5908
- C:\Windows\System\WrmWSlY.exe
  C:\Windows\System\WrmWSlY.exe
  2⤵
  PID:6836
- C:\Windows\System\BaXTZBN.exe
  C:\Windows\System\BaXTZBN.exe
  2⤵
  PID:1264
- C:\Windows\System\GXDiXGf.exe
  C:\Windows\System\GXDiXGf.exe
  2⤵
  PID:7148
- C:\Windows\System\ixvVNSP.exe
  C:\Windows\System\ixvVNSP.exe
  2⤵
  PID:2560
- C:\Windows\System\KcztFHd.exe
  C:\Windows\System\KcztFHd.exe
  2⤵
  PID:7176
- C:\Windows\System\NiMnaEw.exe
  C:\Windows\System\NiMnaEw.exe
  2⤵
  PID:1936
- C:\Windows\System\ItbNYbf.exe
  C:\Windows\System\ItbNYbf.exe
  2⤵
  PID:5352
- C:\Windows\System\zFKhXRF.exe
  C:\Windows\System\zFKhXRF.exe
  2⤵
  PID:2712
- C:\Windows\System\uMuvrBO.exe
  C:\Windows\System\uMuvrBO.exe
  2⤵
  PID:2492
- C:\Windows\System\MXfZujd.exe
  C:\Windows\System\MXfZujd.exe
  2⤵
  PID:2252
- C:\Windows\System\EBPBVyi.exe
  C:\Windows\System\EBPBVyi.exe
  2⤵
  PID:2736
- C:\Windows\System\ziihRfv.exe
  C:\Windows\System\ziihRfv.exe
  2⤵
  PID:2008
- C:\Windows\System\ohcHkXt.exe
  C:\Windows\System\ohcHkXt.exe
  2⤵
  PID:6856
- C:\Windows\System\OvLvnMm.exe
  C:\Windows\System\OvLvnMm.exe
  2⤵
  PID:7044
- C:\Windows\System\tjRdpqw.exe
  C:\Windows\System\tjRdpqw.exe
  2⤵
  PID:6060
- C:\Windows\System\IpKkNwZ.exe
  C:\Windows\System\IpKkNwZ.exe
  2⤵
  PID:1800
- C:\Windows\System\LRMENig.exe
  C:\Windows\System\LRMENig.exe
  2⤵
  PID:2364
- C:\Windows\System\kUtXsMe.exe
  C:\Windows\System\kUtXsMe.exe
  2⤵
  PID:8308
- C:\Windows\System\BzbphKA.exe
  C:\Windows\System\BzbphKA.exe
  2⤵
  PID:8340
- C:\Windows\System\boQHcgz.exe
  C:\Windows\System\boQHcgz.exe
  2⤵
  PID:8432
- C:\Windows\System\rPkZJbx.exe
  C:\Windows\System\rPkZJbx.exe
  2⤵
  PID:8316
- C:\Windows\System\WRhknFF.exe
  C:\Windows\System\WRhknFF.exe
  2⤵
  PID:8388
- C:\Windows\System\JFKriRF.exe
  C:\Windows\System\JFKriRF.exe
  2⤵
  PID:8452
- C:\Windows\System\KwauleJ.exe
  C:\Windows\System\KwauleJ.exe
  2⤵
  PID:8564
- C:\Windows\System\ciUlnqd.exe
  C:\Windows\System\ciUlnqd.exe
  2⤵
  PID:8628
- C:\Windows\System\QuLSRTo.exe
  C:\Windows\System\QuLSRTo.exe
  2⤵
  PID:8320
- C:\Windows\System\iTscRBI.exe
  C:\Windows\System\iTscRBI.exe
  2⤵
  PID:8352
- C:\Windows\System\seLKkpI.exe
  C:\Windows\System\seLKkpI.exe
  2⤵
  PID:8576
- C:\Windows\System\flDOaaW.exe
  C:\Windows\System\flDOaaW.exe
  2⤵
  PID:8640
- C:\Windows\System\LpgxKER.exe
  C:\Windows\System\LpgxKER.exe
  2⤵
  PID:8676
- C:\Windows\System\fiXScoc.exe
  C:\Windows\System\fiXScoc.exe
  2⤵
  PID:8724
- C:\Windows\System\RFvEjdj.exe
  C:\Windows\System\RFvEjdj.exe
  2⤵
  PID:8788
- C:\Windows\System\DiWPfJv.exe
  C:\Windows\System\DiWPfJv.exe
  2⤵
  PID:8740
- C:\Windows\System\QvVVmpf.exe
  C:\Windows\System\QvVVmpf.exe
  2⤵
  PID:8804
- C:\Windows\System\FONJarF.exe
  C:\Windows\System\FONJarF.exe
  2⤵
  PID:8712
- C:\Windows\System\mFOpYMI.exe
  C:\Windows\System\mFOpYMI.exe
  2⤵
  PID:8900
- C:\Windows\System\UwypGST.exe
  C:\Windows\System\UwypGST.exe
  2⤵
  PID:8884
- C:\Windows\System\EKVbMvM.exe
  C:\Windows\System\EKVbMvM.exe
  2⤵
  PID:8920
- C:\Windows\System\eqULkfg.exe
  C:\Windows\System\eqULkfg.exe
  2⤵
  PID:8984
- C:\Windows\System\JbidwYm.exe
  C:\Windows\System\JbidwYm.exe
  2⤵
  PID:8996
- C:\Windows\System\relFuov.exe
  C:\Windows\System\relFuov.exe
  2⤵
  PID:9060
- C:\Windows\System\LupMJmD.exe
  C:\Windows\System\LupMJmD.exe
  2⤵
  PID:9016
- C:\Windows\System\NjhrWiy.exe
  C:\Windows\System\NjhrWiy.exe
  2⤵
  PID:9108
- C:\Windows\System\VFAdfEV.exe
  C:\Windows\System\VFAdfEV.exe
  2⤵
  PID:9172
- C:\Windows\System\FWTAkOy.exe
  C:\Windows\System\FWTAkOy.exe
  2⤵
  PID:9128
- C:\Windows\System\yOsoTCL.exe
  C:\Windows\System\yOsoTCL.exe
  2⤵
  PID:9188
- C:\Windows\System\kPslmou.exe
  C:\Windows\System\kPslmou.exe
  2⤵
  PID:7568
- C:\Windows\System\GGYBpIg.exe
  C:\Windows\System\GGYBpIg.exe
  2⤵
  PID:7628
- C:\Windows\System\HGoQkoQ.exe
  C:\Windows\System\HGoQkoQ.exe
  2⤵
  PID:7524
- C:\Windows\System\AlvJpNV.exe
  C:\Windows\System\AlvJpNV.exe
  2⤵
  PID:7616
- C:\Windows\System\JqARnfx.exe
  C:\Windows\System\JqARnfx.exe
  2⤵
  PID:1512
- C:\Windows\System\KXTphKg.exe
  C:\Windows\System\KXTphKg.exe
  2⤵
  PID:7752
- C:\Windows\System\oDoorXE.exe
  C:\Windows\System\oDoorXE.exe
  2⤵
  PID:7784
- C:\Windows\System\RJjGEKx.exe
  C:\Windows\System\RJjGEKx.exe
  2⤵
  PID:7848
- C:\Windows\System\ScYGGrS.exe
  C:\Windows\System\ScYGGrS.exe
  2⤵
  PID:7764
- C:\Windows\System\mROiFqt.exe
  C:\Windows\System\mROiFqt.exe
  2⤵
  PID:7828
- C:\Windows\System\wwjEyGu.exe
  C:\Windows\System\wwjEyGu.exe
  2⤵
  PID:7704
- C:\Windows\System\elkhjJq.exe
  C:\Windows\System\elkhjJq.exe
  2⤵
  PID:7876
- C:\Windows\System\uteAZmt.exe
  C:\Windows\System\uteAZmt.exe
  2⤵
  PID:7912
- C:\Windows\System\ubeOhav.exe
  C:\Windows\System\ubeOhav.exe
  2⤵
  PID:7928
- C:\Windows\System\phwWcJO.exe
  C:\Windows\System\phwWcJO.exe
  2⤵
  PID:7992
- C:\Windows\System\XSCyRKU.exe
  C:\Windows\System\XSCyRKU.exe
  2⤵
  PID:8056
- C:\Windows\System\GiDLpjE.exe
  C:\Windows\System\GiDLpjE.exe
  2⤵
  PID:8036
- C:\Windows\System\lzUCuoe.exe
  C:\Windows\System\lzUCuoe.exe
  2⤵
  PID:8100
- C:\Windows\System\RoBvqRC.exe
  C:\Windows\System\RoBvqRC.exe
  2⤵
  PID:8168
- C:\Windows\System\ndcJbAM.exe
  C:\Windows\System\ndcJbAM.exe
  2⤵
  PID:8148
- C:\Windows\System\TxFrBeu.exe
  C:\Windows\System\TxFrBeu.exe
  2⤵
  PID:8184
- C:\Windows\System\jiEbBJn.exe
  C:\Windows\System\jiEbBJn.exe
  2⤵
  PID:6808
- C:\Windows\System\rGiHUZb.exe
  C:\Windows\System\rGiHUZb.exe
  2⤵
  PID:6968
- C:\Windows\System\xqNEgdf.exe
  C:\Windows\System\xqNEgdf.exe
  2⤵
  PID:6504
- C:\Windows\System\GywtGNX.exe
  C:\Windows\System\GywtGNX.exe
  2⤵
  PID:4952
- C:\Windows\System\BzYozPV.exe
  C:\Windows\System\BzYozPV.exe
  2⤵
  PID:7084
- C:\Windows\System\ZtTkVHf.exe
  C:\Windows\System\ZtTkVHf.exe
  2⤵
  PID:7184
- C:\Windows\System\OSVFiyl.exe
  C:\Windows\System\OSVFiyl.exe
  2⤵
  PID:7440
- C:\Windows\System\uSMuhRV.exe
  C:\Windows\System\uSMuhRV.exe
  2⤵
  PID:7200
- C:\Windows\System\zjUEZUh.exe
  C:\Windows\System\zjUEZUh.exe
  2⤵
  PID:7160
- C:\Windows\System\mReGPoF.exe
  C:\Windows\System\mReGPoF.exe
  2⤵
  PID:8212
- C:\Windows\System\sitHttF.exe
  C:\Windows\System\sitHttF.exe
  2⤵
  PID:8240
- C:\Windows\System\TEnOhBZ.exe
  C:\Windows\System\TEnOhBZ.exe
  2⤵
  PID:844
- C:\Windows\System\eAsUyxy.exe
  C:\Windows\System\eAsUyxy.exe
  2⤵
  PID:3084
- C:\Windows\System\nrFpndt.exe
  C:\Windows\System\nrFpndt.exe
  2⤵
  PID:3264
- C:\Windows\System\aFgbjrT.exe
  C:\Windows\System\aFgbjrT.exe
  2⤵
  PID:2296
- C:\Windows\System\wWoHcpS.exe
  C:\Windows\System\wWoHcpS.exe
  2⤵
  PID:2348
- C:\Windows\System\IszdJqV.exe
  C:\Windows\System\IszdJqV.exe
  2⤵
  PID:6556
- C:\Windows\System\vaEEMNg.exe
  C:\Windows\System\vaEEMNg.exe
  2⤵
  PID:7248
- C:\Windows\System\MndbILj.exe
  C:\Windows\System\MndbILj.exe
  2⤵
  PID:7376
- C:\Windows\System\mHLXXpt.exe
  C:\Windows\System\mHLXXpt.exe
  2⤵
  PID:3244
- C:\Windows\System\dQGgmpL.exe
  C:\Windows\System\dQGgmpL.exe
  2⤵
  PID:7356
- C:\Windows\System\wriqFWI.exe
  C:\Windows\System\wriqFWI.exe
  2⤵
  PID:8224
- C:\Windows\System\HQMhEtY.exe
  C:\Windows\System\HQMhEtY.exe
  2⤵
  PID:8284
- C:\Windows\System\KeUbcxD.exe
  C:\Windows\System\KeUbcxD.exe
  2⤵
  PID:3204
- C:\Windows\System\HehEoIW.exe
  C:\Windows\System\HehEoIW.exe
  2⤵
  PID:6992
- C:\Windows\System\lxcltWX.exe
  C:\Windows\System\lxcltWX.exe
  2⤵
  PID:2608
- C:\Windows\System\EPqMwzl.exe
  C:\Windows\System\EPqMwzl.exe
  2⤵
  PID:6812
- C:\Windows\System\VwWNwvq.exe
  C:\Windows\System\VwWNwvq.exe
  2⤵
  PID:7128
- C:\Windows\System\zpphQRZ.exe
  C:\Windows\System\zpphQRZ.exe
  2⤵
  PID:1884
- C:\Windows\System\eWbnokR.exe
  C:\Windows\System\eWbnokR.exe
  2⤵
  PID:6932
- C:\Windows\System\RQYmlaV.exe
  C:\Windows\System\RQYmlaV.exe
  2⤵
  PID:8336
- C:\Windows\System\vwSKIPR.exe
  C:\Windows\System\vwSKIPR.exe
  2⤵
  PID:8304
- C:\Windows\System\pHUdQJG.exe
  C:\Windows\System\pHUdQJG.exe
  2⤵
  PID:8404
- C:\Windows\System\GWBgXFK.exe
  C:\Windows\System\GWBgXFK.exe
  2⤵
  PID:8448
- C:\Windows\System\afXqePA.exe
  C:\Windows\System\afXqePA.exe
  2⤵
  PID:8516
- C:\Windows\System\YubOyIq.exe
  C:\Windows\System\YubOyIq.exe
  2⤵
  PID:8612
- C:\Windows\System\rmtrcFk.exe
  C:\Windows\System\rmtrcFk.exe
  2⤵
  PID:8356
- C:\Windows\System\ddDAvYh.exe
  C:\Windows\System\ddDAvYh.exe
  2⤵
  PID:8820
- C:\Windows\System\epacYjw.exe
  C:\Windows\System\epacYjw.exe
  2⤵
  PID:8760
- C:\Windows\System\VqvdqIz.exe
  C:\Windows\System\VqvdqIz.exe
  2⤵
  PID:8932
- C:\Windows\System\RqFMZyS.exe
  C:\Windows\System\RqFMZyS.exe
  2⤵
  PID:8868
- C:\Windows\System\PgShbDu.exe
  C:\Windows\System\PgShbDu.exe
  2⤵
  PID:9076
- C:\Windows\System\cERofUC.exe
  C:\Windows\System\cERofUC.exe
  2⤵
  PID:8888
- C:\Windows\System\kNawUAg.exe
  C:\Windows\System\kNawUAg.exe
  2⤵
  PID:9092
- C:\Windows\System\mpiFtKy.exe
  C:\Windows\System\mpiFtKy.exe
  2⤵
  PID:9208
- C:\Windows\System\AHgNnTg.exe
  C:\Windows\System\AHgNnTg.exe
  2⤵
  PID:9204
- C:\Windows\System\OVgEAHN.exe
  C:\Windows\System\OVgEAHN.exe
  2⤵
  PID:9096
- C:\Windows\System\wcHOPaX.exe
  C:\Windows\System\wcHOPaX.exe
  2⤵
  PID:7596
- C:\Windows\System\OsekNyo.exe
  C:\Windows\System\OsekNyo.exe
  2⤵
  PID:7748
- C:\Windows\System\NaggBmU.exe
  C:\Windows\System\NaggBmU.exe
  2⤵
  PID:7864
- C:\Windows\System\SIAWslF.exe
  C:\Windows\System\SIAWslF.exe
  2⤵
  PID:7844
- C:\Windows\System\efLZrTh.exe
  C:\Windows\System\efLZrTh.exe
  2⤵
  PID:7972
- C:\Windows\System\UnjGuLT.exe
  C:\Windows\System\UnjGuLT.exe
  2⤵
  PID:8052
- C:\Windows\System\eOSjsMi.exe
  C:\Windows\System\eOSjsMi.exe
  2⤵
  PID:7796
- C:\Windows\System\TLcYwLG.exe
  C:\Windows\System\TLcYwLG.exe
  2⤵
  PID:8084
- C:\Windows\System\xBzgHgR.exe
  C:\Windows\System\xBzgHgR.exe
  2⤵
  PID:7736
- C:\Windows\System\hTbYztp.exe
  C:\Windows\System\hTbYztp.exe
  2⤵
  PID:6568
- C:\Windows\System\mnsjjYi.exe
  C:\Windows\System\mnsjjYi.exe
  2⤵
  PID:8208
- C:\Windows\System\YrnlktD.exe
  C:\Windows\System\YrnlktD.exe
  2⤵
  PID:3232
- C:\Windows\System\FNaWEHj.exe
  C:\Windows\System\FNaWEHj.exe
  2⤵
  PID:7484
- C:\Windows\System\ojTDKdF.exe
  C:\Windows\System\ojTDKdF.exe
  2⤵
  PID:8120
- C:\Windows\System\enNKMgc.exe
  C:\Windows\System\enNKMgc.exe
  2⤵
  PID:6888
- C:\Windows\System\IFgLSog.exe
  C:\Windows\System\IFgLSog.exe
  2⤵
  PID:6616
- C:\Windows\System\OGMgxFZ.exe
  C:\Windows\System\OGMgxFZ.exe
  2⤵
  PID:7004
- C:\Windows\System\RIGcEpv.exe
  C:\Windows\System\RIGcEpv.exe
  2⤵
  PID:7008
- C:\Windows\System\OQFTMOf.exe
  C:\Windows\System\OQFTMOf.exe
  2⤵
  PID:6200
- C:\Windows\System\tBDBFfk.exe
  C:\Windows\System\tBDBFfk.exe
  2⤵
  PID:8296
- C:\Windows\System\zYFqRFE.exe
  C:\Windows\System\zYFqRFE.exe
  2⤵
  PID:8256
- C:\Windows\System\qtRlzIf.exe
  C:\Windows\System\qtRlzIf.exe
  2⤵
  PID:2568
- C:\Windows\System\xRFhegT.exe
  C:\Windows\System\xRFhegT.exe
  2⤵
  PID:3068
- C:\Windows\System\edydHYS.exe
  C:\Windows\System\edydHYS.exe
  2⤵
  PID:8532
- C:\Windows\System\tmPhkxf.exe
  C:\Windows\System\tmPhkxf.exe
  2⤵
  PID:7028
- C:\Windows\System\LvbrZGa.exe
  C:\Windows\System\LvbrZGa.exe
  2⤵
  PID:676
- C:\Windows\System\EBHJToA.exe
  C:\Windows\System\EBHJToA.exe
  2⤵
  PID:8420
- C:\Windows\System\zzsqaiT.exe
  C:\Windows\System\zzsqaiT.exe
  2⤵
  PID:8776
- C:\Windows\System\ghZFSqH.exe
  C:\Windows\System\ghZFSqH.exe
  2⤵
  PID:9012
- C:\Windows\System\WXRAsjQ.exe
  C:\Windows\System\WXRAsjQ.exe
  2⤵
  PID:8980
- C:\Windows\System\pinFzwJ.exe
  C:\Windows\System\pinFzwJ.exe
  2⤵
  PID:8708
- C:\Windows\System\XHiQnAb.exe
  C:\Windows\System\XHiQnAb.exe
  2⤵
  PID:7660
- C:\Windows\System\vjSYJzE.exe
  C:\Windows\System\vjSYJzE.exe
  2⤵
  PID:7732
- C:\Windows\System\KqSOtTz.exe
  C:\Windows\System\KqSOtTz.exe
  2⤵
  PID:7612
- C:\Windows\System\amcpQWZ.exe
  C:\Windows\System\amcpQWZ.exe
  2⤵
  PID:8088
- C:\Windows\System\jvfNUsE.exe
  C:\Windows\System\jvfNUsE.exe
  2⤵
  PID:8024
- C:\Windows\System\RRYgUkT.exe
  C:\Windows\System\RRYgUkT.exe
  2⤵
  PID:6700
- C:\Windows\System\ivxLXhX.exe
  C:\Windows\System\ivxLXhX.exe
  2⤵
  PID:6684
- C:\Windows\System\gLqiSGC.exe
  C:\Windows\System\gLqiSGC.exe
  2⤵
  PID:7504
- C:\Windows\System\lCAojgR.exe
  C:\Windows\System\lCAojgR.exe
  2⤵
  PID:3228
- C:\Windows\System\LHWwhdt.exe
  C:\Windows\System\LHWwhdt.exe
  2⤵
  PID:7420
- C:\Windows\System\KRRREfc.exe
  C:\Windows\System\KRRREfc.exe
  2⤵
  PID:3208
- C:\Windows\System\cRCAkoC.exe
  C:\Windows\System\cRCAkoC.exe
  2⤵
  PID:8608
- C:\Windows\System\JahCRZs.exe
  C:\Windows\System\JahCRZs.exe
  2⤵
  PID:2940
- C:\Windows\System\GvkSRDq.exe
  C:\Windows\System\GvkSRDq.exe
  2⤵
  PID:8512
- C:\Windows\System\XVQSWkl.exe
  C:\Windows\System\XVQSWkl.exe
  2⤵
  PID:8548
- C:\Windows\System\vNinIZX.exe
  C:\Windows\System\vNinIZX.exe
  2⤵
  PID:9044
- C:\Windows\System\ZeyvMGR.exe
  C:\Windows\System\ZeyvMGR.exe
  2⤵
  PID:8008
- C:\Windows\System\VLgKGSQ.exe
  C:\Windows\System\VLgKGSQ.exe
  2⤵
  PID:7024
- C:\Windows\System\CSfEOfP.exe
  C:\Windows\System\CSfEOfP.exe
  2⤵
  PID:7392
- C:\Windows\System\KszstvO.exe
  C:\Windows\System\KszstvO.exe
  2⤵
  PID:8464
- C:\Windows\System\tfWIWyQ.exe
  C:\Windows\System\tfWIWyQ.exe
  2⤵
  PID:8132
- C:\Windows\System\QlWRlXa.exe
  C:\Windows\System\QlWRlXa.exe
  2⤵
  PID:1092
- C:\Windows\System\buAOEAJ.exe
  C:\Windows\System\buAOEAJ.exe
  2⤵
  PID:8400
- C:\Windows\System\HGGyLEs.exe
  C:\Windows\System\HGGyLEs.exe
  2⤵
  PID:8272
- C:\Windows\System\gEsVrBj.exe
  C:\Windows\System\gEsVrBj.exe
  2⤵
  PID:8624
- C:\Windows\System\qqWSYFP.exe
  C:\Windows\System\qqWSYFP.exe
  2⤵
  PID:8164
- C:\Windows\System\eoDxWAb.exe
  C:\Windows\System\eoDxWAb.exe
  2⤵
  PID:8136
- C:\Windows\System\QyGmQxX.exe
  C:\Windows\System\QyGmQxX.exe
  2⤵
  PID:8260
- C:\Windows\System\LYqTxxE.exe
  C:\Windows\System\LYqTxxE.exe
  2⤵
  PID:6620
- C:\Windows\System\aSbTjPf.exe
  C:\Windows\System\aSbTjPf.exe
  2⤵
  PID:9228
- C:\Windows\System\HcrZlyB.exe
  C:\Windows\System\HcrZlyB.exe
  2⤵
  PID:9244
- C:\Windows\System\GpddwCV.exe
  C:\Windows\System\GpddwCV.exe
  2⤵
  PID:9260
- C:\Windows\System\ecwLELr.exe
  C:\Windows\System\ecwLELr.exe
  2⤵
  PID:9276
- C:\Windows\System\IsUnmJx.exe
  C:\Windows\System\IsUnmJx.exe
  2⤵
  PID:9292
- C:\Windows\System\qDbjcKP.exe
  C:\Windows\System\qDbjcKP.exe
  2⤵
  PID:9308
- C:\Windows\System\VVrlLMu.exe
  C:\Windows\System\VVrlLMu.exe
  2⤵
  PID:9324
- C:\Windows\System\zhTGfVZ.exe
  C:\Windows\System\zhTGfVZ.exe
  2⤵
  PID:9340
- C:\Windows\System\pPNphsS.exe
  C:\Windows\System\pPNphsS.exe
  2⤵
  PID:9356
- C:\Windows\System\ldkEcXC.exe
  C:\Windows\System\ldkEcXC.exe
  2⤵
  PID:9372
- C:\Windows\System\QOfUxFa.exe
  C:\Windows\System\QOfUxFa.exe
  2⤵
  PID:9388
- C:\Windows\System\eZUVNvc.exe
  C:\Windows\System\eZUVNvc.exe
  2⤵
  PID:9404
- C:\Windows\System\ITWDbOl.exe
  C:\Windows\System\ITWDbOl.exe
  2⤵
  PID:9424
- C:\Windows\System\VQqQLkH.exe
  C:\Windows\System\VQqQLkH.exe
  2⤵
  PID:9440
- C:\Windows\System\xGHdTZw.exe
  C:\Windows\System\xGHdTZw.exe
  2⤵
  PID:9456
- C:\Windows\System\OZpCSjz.exe
  C:\Windows\System\OZpCSjz.exe
  2⤵
  PID:9472
- C:\Windows\System\nrADvMo.exe
  C:\Windows\System\nrADvMo.exe
  2⤵
  PID:9488
- C:\Windows\System\FXBxiJV.exe
  C:\Windows\System\FXBxiJV.exe
  2⤵
  PID:9504
- C:\Windows\System\WACRKRJ.exe
  C:\Windows\System\WACRKRJ.exe
  2⤵
  PID:9520
- C:\Windows\System\XoBzZzf.exe
  C:\Windows\System\XoBzZzf.exe
  2⤵
  PID:9536
- C:\Windows\System\JxuzzpY.exe
  C:\Windows\System\JxuzzpY.exe
  2⤵
  PID:9552
- C:\Windows\System\DBukSsC.exe
  C:\Windows\System\DBukSsC.exe
  2⤵
  PID:9568
- C:\Windows\System\fKbnUNM.exe
  C:\Windows\System\fKbnUNM.exe
  2⤵
  PID:9584
- C:\Windows\System\fBwkpwe.exe
  C:\Windows\System\fBwkpwe.exe
  2⤵
  PID:9600
- C:\Windows\System\eSNgADb.exe
  C:\Windows\System\eSNgADb.exe
  2⤵
  PID:9616
- C:\Windows\System\RHyTQCS.exe
  C:\Windows\System\RHyTQCS.exe
  2⤵
  PID:9632
- C:\Windows\System\WrVENGv.exe
  C:\Windows\System\WrVENGv.exe
  2⤵
  PID:9648
- C:\Windows\System\akXvRPV.exe
  C:\Windows\System\akXvRPV.exe
  2⤵
  PID:9664
- C:\Windows\System\sPPAJll.exe
  C:\Windows\System\sPPAJll.exe
  2⤵
  PID:9680
- C:\Windows\System\cRgQLMO.exe
  C:\Windows\System\cRgQLMO.exe
  2⤵
  PID:9696
- C:\Windows\System\jxZJciI.exe
  C:\Windows\System\jxZJciI.exe
  2⤵
  PID:9712
- C:\Windows\System\WflRGEl.exe
  C:\Windows\System\WflRGEl.exe
  2⤵
  PID:9728
- C:\Windows\System\XrKxIZv.exe
  C:\Windows\System\XrKxIZv.exe
  2⤵
  PID:9744
- C:\Windows\System\tSuJPQk.exe
  C:\Windows\System\tSuJPQk.exe
  2⤵
  PID:9760
- C:\Windows\System\nonFejW.exe
  C:\Windows\System\nonFejW.exe
  2⤵
  PID:9776
- C:\Windows\System\DgxWTcH.exe
  C:\Windows\System\DgxWTcH.exe
  2⤵
  PID:9792
- C:\Windows\System\DjaQmKZ.exe
  C:\Windows\System\DjaQmKZ.exe
  2⤵
  PID:9808
- C:\Windows\System\tSEWzJY.exe
  C:\Windows\System\tSEWzJY.exe
  2⤵
  PID:9824
- C:\Windows\System\rFvOUoD.exe
  C:\Windows\System\rFvOUoD.exe
  2⤵
  PID:9840
- C:\Windows\System\ipXySmS.exe
  C:\Windows\System\ipXySmS.exe
  2⤵
  PID:9856
- C:\Windows\System\zCUTbcy.exe
  C:\Windows\System\zCUTbcy.exe
  2⤵
  PID:9872
- C:\Windows\System\rTgXZgt.exe
  C:\Windows\System\rTgXZgt.exe
  2⤵
  PID:9888
- C:\Windows\System\UIUpeuH.exe
  C:\Windows\System\UIUpeuH.exe
  2⤵
  PID:9904
- C:\Windows\System\uckJmZH.exe
  C:\Windows\System\uckJmZH.exe
  2⤵
  PID:9920
- C:\Windows\System\AGqgpUP.exe
  C:\Windows\System\AGqgpUP.exe
  2⤵
  PID:9936
- C:\Windows\System\ixOlxyN.exe
  C:\Windows\System\ixOlxyN.exe
  2⤵
  PID:9952
- C:\Windows\System\HRnNvMS.exe
  C:\Windows\System\HRnNvMS.exe
  2⤵
  PID:9968
- C:\Windows\System\MUbTobX.exe
  C:\Windows\System\MUbTobX.exe
  2⤵
  PID:9988
- C:\Windows\System\JtWnPOD.exe
  C:\Windows\System\JtWnPOD.exe
  2⤵
  PID:10004
- C:\Windows\System\axOdNYa.exe
  C:\Windows\System\axOdNYa.exe
  2⤵
  PID:10020
- C:\Windows\System\UpaZOdH.exe
  C:\Windows\System\UpaZOdH.exe
  2⤵
  PID:10036
- C:\Windows\System\EbkFLQm.exe
  C:\Windows\System\EbkFLQm.exe
  2⤵
  PID:10052
- C:\Windows\System\YxoJGym.exe
  C:\Windows\System\YxoJGym.exe
  2⤵
  PID:10068
- C:\Windows\System\qsUaXpQ.exe
  C:\Windows\System\qsUaXpQ.exe
  2⤵
  PID:10084
- C:\Windows\System\VLJBonc.exe
  C:\Windows\System\VLJBonc.exe
  2⤵
  PID:10100
- C:\Windows\System\JZXZlCD.exe
  C:\Windows\System\JZXZlCD.exe
  2⤵
  PID:10116
- C:\Windows\System\SxYGchc.exe
  C:\Windows\System\SxYGchc.exe
  2⤵
  PID:10132
- C:\Windows\System\mWzndaL.exe
  C:\Windows\System\mWzndaL.exe
  2⤵
  PID:10148
- C:\Windows\System\CBDfxAV.exe
  C:\Windows\System\CBDfxAV.exe
  2⤵
  PID:10164
- C:\Windows\System\QXsnvij.exe
  C:\Windows\System\QXsnvij.exe
  2⤵
  PID:10180
- C:\Windows\System\ANPPgnv.exe
  C:\Windows\System\ANPPgnv.exe
  2⤵
  PID:10196
- C:\Windows\System\nhrutKv.exe
  C:\Windows\System\nhrutKv.exe
  2⤵
  PID:10212
- C:\Windows\System\jMABsqq.exe
  C:\Windows\System\jMABsqq.exe
  2⤵
  PID:10228
- C:\Windows\System\qbipCeu.exe
  C:\Windows\System\qbipCeu.exe
  2⤵
  PID:9224
- C:\Windows\System\rLsUvjY.exe
  C:\Windows\System\rLsUvjY.exe
  2⤵
  PID:9288
- C:\Windows\System\kLMrKUl.exe
  C:\Windows\System\kLMrKUl.exe
  2⤵
  PID:9236
- C:\Windows\System\QSwtQGs.exe
  C:\Windows\System\QSwtQGs.exe
  2⤵
  PID:9304
- C:\Windows\System\FzUQZCb.exe
  C:\Windows\System\FzUQZCb.exe
  2⤵
  PID:9316
- C:\Windows\System\dPTfoju.exe
  C:\Windows\System\dPTfoju.exe
  2⤵
  PID:9380
- C:\Windows\System\DgtwSRG.exe
  C:\Windows\System\DgtwSRG.exe
  2⤵
  PID:3052
- C:\Windows\System\QVSkJrV.exe
  C:\Windows\System\QVSkJrV.exe
  2⤵
  PID:9448
- C:\Windows\System\hAHBREk.exe
  C:\Windows\System\hAHBREk.exe
  2⤵
  PID:9396
- C:\Windows\System\ubkasQc.exe
  C:\Windows\System\ubkasQc.exe
  2⤵
  PID:9548
- C:\Windows\System\MzMjaNe.exe
  C:\Windows\System\MzMjaNe.exe
  2⤵
  PID:9644
- C:\Windows\System\McpBUrW.exe
  C:\Windows\System\McpBUrW.exe
  2⤵
  PID:9740
- C:\Windows\System\QDgWDFz.exe
  C:\Windows\System\QDgWDFz.exe
  2⤵
  PID:9768
- C:\Windows\System\cjrlWkV.exe
  C:\Windows\System\cjrlWkV.exe
  2⤵
  PID:9832
- C:\Windows\System\NzywWjg.exe
  C:\Windows\System\NzywWjg.exe
  2⤵
  PID:9688
- C:\Windows\System\nQJcvtH.exe
  C:\Windows\System\nQJcvtH.exe
  2⤵
  PID:9660
- C:\Windows\System\xWhLbyK.exe
  C:\Windows\System\xWhLbyK.exe
  2⤵
  PID:9724
- C:\Windows\System\TqyxXcK.exe
  C:\Windows\System\TqyxXcK.exe
  2⤵
  PID:9500
- C:\Windows\System\JHmcvqr.exe
  C:\Windows\System\JHmcvqr.exe
  2⤵
  PID:9564
- C:\Windows\System\kctLRte.exe
  C:\Windows\System\kctLRte.exe
  2⤵
  PID:9820
- C:\Windows\System\kXpUFMe.exe
  C:\Windows\System\kXpUFMe.exe
  2⤵
  PID:9756
- C:\Windows\System\MNVqRFe.exe
  C:\Windows\System\MNVqRFe.exe
  2⤵
  PID:9852
- C:\Windows\System\zIgcKgh.exe
  C:\Windows\System\zIgcKgh.exe
  2⤵
  PID:9928
- C:\Windows\System\AltRVOq.exe
  C:\Windows\System\AltRVOq.exe
  2⤵
  PID:9996
- C:\Windows\System\EsWHryv.exe
  C:\Windows\System\EsWHryv.exe
  2⤵
  PID:10060
- C:\Windows\System\wXGXXfQ.exe
  C:\Windows\System\wXGXXfQ.exe
  2⤵
  PID:10096
- C:\Windows\System\kJOqxHf.exe
  C:\Windows\System\kJOqxHf.exe
  2⤵
  PID:10156
- C:\Windows\System\jjbfHAm.exe
  C:\Windows\System\jjbfHAm.exe
  2⤵
  PID:9944
- C:\Windows\System\zUIJXhW.exe
  C:\Windows\System\zUIJXhW.exe
  2⤵
  PID:10012
- C:\Windows\System\wfVWJJn.exe
  C:\Windows\System\wfVWJJn.exe
  2⤵
  PID:10076
- C:\Windows\System\mxftIOm.exe
  C:\Windows\System\mxftIOm.exe
  2⤵
  PID:10140
- C:\Windows\System\KdduRSF.exe
  C:\Windows\System\KdduRSF.exe
  2⤵
  PID:10204
- C:\Windows\System\xsbeQpj.exe
  C:\Windows\System\xsbeQpj.exe
  2⤵
  PID:9256
- C:\Windows\System\BoazGTN.exe
  C:\Windows\System\BoazGTN.exe
  2⤵
  PID:9300
- C:\Windows\System\ndPMSHJ.exe
  C:\Windows\System\ndPMSHJ.exe
  2⤵
  PID:9220
- C:\Windows\System\NcZkLaR.exe
  C:\Windows\System\NcZkLaR.exe
  2⤵
  PID:7716
- C:\Windows\System\ZeOxUBu.exe
  C:\Windows\System\ZeOxUBu.exe
  2⤵
  PID:9480
- C:\Windows\System\UcrMFBz.exe
  C:\Windows\System\UcrMFBz.exe
  2⤵
  PID:9516
- C:\Windows\System\olXhkzh.exe
  C:\Windows\System\olXhkzh.exe
  2⤵
  PID:9800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AoNtkqB.exe

Filesize
6.0MB

MD5
1491c7265dd21268f4be54a64668f6dd

SHA1
a5b1c737e389a6b8dfd4170e98ddb5c793abc9ac

SHA256
bb0064a942303367e9d3d4b141e15226b3273a4bc599c2a912b13edfa6d0622c

SHA512
917e710fb93edd52c26c85877711ae334a2f72ae73be80aac28c3c419623354f0e687345ffc3c774c05e3f9fab322b017decc37c824bfef6cf31049996fee50e

Download Submit
C:\Windows\system\BICUHXs.exe

Filesize
6.0MB

MD5
9da1b47492ba3d09d8f5055c9b225baa

SHA1
63f42804e7055e5748c23f093c4221e24d0e14ea

SHA256
335d8b886714afd4b36431e03a029bd728cbc60347967ffd4cd1642f36200f28

SHA512
b23fbfa3030e0c85f95b96fdddb175e650c6ae13bad0c9d68c268e8c5abbaad4d54945fe5d31723796f4c2104b7c99aa901bad963083a4189e554b6b1eeb5306

Download Submit
C:\Windows\system\DvZedYr.exe

Filesize
6.0MB

MD5
4699b600f0be009a16b632311a30f805

SHA1
2056125cb8abc03e67d0b84675e4d4cb5b0cbfb1

SHA256
06b1d17d37b7098c312ee40747c18d51f254055cdda0e8880fe7b551f733e464

SHA512
640c39aeb4e7f58161e5311985460750dbf9bc9ceeb4e0e517010b6cf49ef025628a4d893f0d4ac0d4bdfd53f54a6751654ea9d1381758b35bdd2da5c853f608

Download Submit
C:\Windows\system\GHXGdjy.exe

Filesize
6.0MB

MD5
4748f7b7d578774300e5a943f3bbfd76

SHA1
4fe1d5e31033f50f95970226448852e78a82d211

SHA256
626eee8ccd08c31ed3498d58af92d7cb821266614c4f62b4bfd6be7a6efc01c6

SHA512
def75524ede284057a449122b6b914ad9925f9b6a506a9036e410056a1a76e086238fc437dc355927ae2ac45dd9be845eb08a8cbf9c9e624e75a92c2498c4878

Download Submit
C:\Windows\system\IKVwXjm.exe

Filesize
6.0MB

MD5
d0cb11218b2daf152f6c693eba4a0845

SHA1
a25bf1ab3100f6c3ac1b5e43152ff78e9c8156b7

SHA256
8e4b79abccc359dbb9988e6e6bbe99ff4bcbc018b07b9a7e90f03e980cbdae0d

SHA512
8b755a5a4c2a88db3f672e6bc10715bc958ed47ac004ab6fcc4c89bc19561bfe4857d2a27f5daa05368d62d112882214d585e6e8e0b28d23026267b7ed4db05b

Download Submit
C:\Windows\system\LFglAky.exe

Filesize
6.0MB

MD5
acd050d302f562f66c0ca6fa8c71ead0

SHA1
6b58f310ce82f79dc095cd516ff7c33f80ffdcc5

SHA256
9989f8ebbecbe83473f389c47153c77f1964b71b37a42a59f9f28aff55ab0631

SHA512
955b8a88d5b380070748d155cce8790c72720d736758c026ec35a21f53e94e4f3456c2d75b50715d9f380309d6c06d4cee96778078e44c1340aa9d4ec1ca13b7

Download Submit
C:\Windows\system\MoygZAa.exe

Filesize
6.0MB

MD5
98cc264c824046e754c62fc60b338090

SHA1
df767e8da6209118a4715239fa93a7b033440a2b

SHA256
3994a239ca2a450d782e4c45aa8391567485ac004b2fac5b6d8c3af573944afb

SHA512
ff955f830bcee347221813169795fbd7391b137bdff3f70815b98e46df16c441d3e16416f8b202c6c1a82be56ff5cf467c9c4b1104ed97f548356330ace0c6ff

Download Submit
C:\Windows\system\OkFWReq.exe

Filesize
6.0MB

MD5
efb6ad76ec635adc95fccb893a498f8a

SHA1
c9bb256ba5eeb7f584942677939928bc00f1a823

SHA256
4bb1f60645d3fe4360cf9144b6d4fc4707b5810e2a0662b2f87bc78a9ce835c7

SHA512
c24aa69aba545381d5cc235c612d35fcfebe2da7868e2f6b6ecd49e4fb87843e573bdab6eccf113eb5039a9bda2123c3d0a470ff7acf82826c33ade8f79bacf1

Download Submit
C:\Windows\system\PYTWMHO.exe

Filesize
6.0MB

MD5
41b24e276a754d78cc62ae6c0ca78c09

SHA1
46124b329c98f06eba782309dff6e0d6561c275f

SHA256
be94ffe4e6dc42b764e5ddfa54975ce2fbcd8c5c96137875f466f8243d02c8f3

SHA512
69254a337237f9d749baa3b7043044c85632fb6cfbee5c62103c818505ebd140e9e43e2eda8295f36009f628ba82a2c19aeb9035bcb9b9776b0904fc1f16e8f9

Download Submit
C:\Windows\system\RqCgaeM.exe

Filesize
6.0MB

MD5
d3c0f476ebc6336fdca945c661999a66

SHA1
56d8d0ccae92f7527a0dff122599078f21aa3877

SHA256
2a37c9179548643d4d2e722f8efb8699cf964b4006657deec0497a5450932f50

SHA512
91ddaf8626a816e5d3ebb8348ea068a2c85eba40106c4fd9fee23fafe7e640e040b670a3808d72d38b6d275ac99ecfa0ca6a770b8ee32cf365137375965b9767

Download Submit
C:\Windows\system\SEPiQFa.exe

Filesize
6.0MB

MD5
39811d5410960ccedf8c74e9753669a6

SHA1
eb5ee2dc33e390464e2c234783783a0990612033

SHA256
02d781de46031fc909afce643a9f6abfa1d71a8ce816d7ccd496a98c35d292be

SHA512
bd51c1215509ab9d4073f91bfcec55c3b5862ea88960ad55c5a6d764af53fba56b68e92c466950e88e2cde9b2cef2812e2e04c6e46009cc8ea1464c121499b1e

Download Submit
C:\Windows\system\TrUGRqr.exe

Filesize
6.0MB

MD5
7f58708825f9b1cdc812efab9eb34372

SHA1
80086e951c427479085cd3774de7b6ba541a79db

SHA256
8bd92df55fc260ad1f948ad507496bcd1cef113d20dca985ce0c003fc9ffa696

SHA512
b7abab9800a9819c0c23ddd71e11e7f8bb39da70b3b8d98fb857570c322f63db44a54df6acedf560e16d5d814b6ea40c68ba3f78394ec4cfee4c8853960ab289

Download Submit
C:\Windows\system\UcYfCre.exe

Filesize
6.0MB

MD5
8f993871749e46d72bce7bda8d287be7

SHA1
b07fa1ddc846d3af81d2e3b56c33f5513deaa7b3

SHA256
d519fe3baf49ac0a75feccc831b393d24d04d7914155be599b353b1f92f91c24

SHA512
061bbec78aa75ba0057be45d255bcbe8342b9508bfe472d2caf8a0359333b4b551817536c24c2812421b2b71fe57b63ada641110d26010d61ae07824b5ac5bd0

Download Submit
C:\Windows\system\WXcbthl.exe

Filesize
6.0MB

MD5
0db0d3c19e80a24d00fbfe2ffd0d7fec

SHA1
df5266e90ae68d29be5a4d4e74124306c4243384

SHA256
80a71bb2cebbfbf8e4fd4ee93142a69488fe7d573c0e8fecebd0ff3c4bf872cf

SHA512
416afb8e7bbdc567496e38088631fa7d3942284f400e80db553f81cb3c684d62e7941c3d83df3d7b14c894fd1fe193122cc344c0867c3577acc87fa14cbf821b

Download Submit
C:\Windows\system\ZvvFHdG.exe

Filesize
6.0MB

MD5
7159df3ba60a91432a6c3f47b8fc2c7e

SHA1
19cbbde5f4515096fcf9117305d34935e6504d4f

SHA256
10e0ace9b2b8c91d688a77faee5ecd57e24c24fe7be97dd6717fedcd79592596

SHA512
4bf295a7869adc1983b3fc0971b9a875c953a730902621abaa49635cba77224d85164c8578b302a4c320036946698f2b77fb7d1040299d09fca4c1aed551f727

Download Submit
C:\Windows\system\bGrmbdc.exe

Filesize
6.0MB

MD5
21254f89e68a49bd98e6d029280cc6c2

SHA1
6ce2c22411772aec77ef54246c20c014a40a257f

SHA256
8b715f40d74e27d1acdc67bfa32f25f5a65c658dfaf03601ec8ec9153e126a45

SHA512
b8fe980c91f77d1f9f0526ac66cdf0bb7297ea3065accc821616efaf8135524054740f1e7b89593cd55b9a648e3f86744aace9d3ebb346be2519921b1416b5cb

Download Submit
C:\Windows\system\bPlpAsy.exe

Filesize
6.0MB

MD5
edc984fdc08ef2d8902ddacc02422923

SHA1
013ba0307baabd26c1e3043f1bbccbd66d8bf15e

SHA256
c3d607a974e3970316ff484c9091d4b9ce17ac9a4bac11c36a91828e9afcc3f9

SHA512
5abded14b9eb5df994f0a60c9c60f3607d892cd89295d263c0d4f49ed182699675c84149b1ce5ffa051d619efb5f9493f90c938654ee319af00370969c75f78f

Download Submit
C:\Windows\system\gTIYLga.exe

Filesize
6.0MB

MD5
125156d4e8cbe80a8bec2b36f05adfe7

SHA1
e1c2fc28825c0b5f58ba53a104742b8880f68e26

SHA256
76d1c2fe751641b0b5b3f433fd452d6a432c44bad73bd6d558576c2357f72356

SHA512
d356ade74c4cd6a7dd754ad83a2a7e84341991bae7b2a5f51a2b54caade75d85528ebaad05efa6feea0ec448510ad60db6765cd5a81b02f84457be175a81a32f

Download Submit
C:\Windows\system\grNcuRL.exe

Filesize
6.0MB

MD5
6a959fd16d2d728d7c5aa8d4a00af2a6

SHA1
28a79ba17e2ccc3e8dd6f39f66cbeb8650840564

SHA256
6b973bf1a760332a147b53932a732d1014d37bdf606342aeb6de5dcf516f67dd

SHA512
b9b0e203eccbc1028d611c3c3de08f22b05bd8242e6aea00a7e8cbcb503c84f3dd542b2ba084cdbe23b413548bf82d8a60c2987a62ae6169e22c88ca10f8adae

Download Submit
C:\Windows\system\gsouWPb.exe

Filesize
6.0MB

MD5
fe36ce8833f949b2de3f45b577560125

SHA1
72b66da7c6fa64b3c45039be797792dcb77e09fc

SHA256
10761c317d0d07cae2cb7440544b214f628cc342af42089cf73d755e82fcfaf4

SHA512
768050df63701f1c60ba789a2b797f56d08568f02de081fd616fcf3db075f515f28dd6117d64cd8c72ecca31f5f3879507d29c2f188c119fbf80f017076b55ac

Download Submit
C:\Windows\system\hXpAqJY.exe

Filesize
6.0MB

MD5
8cf7f543f5047e579b211a01eb474d39

SHA1
2fe4338d76e931e227de6190eaf70cd3f11709d0

SHA256
67dc68c38043538cd000272201336db0f28e8813e40b75cd9c0d3638367e8390

SHA512
20db08fa30c3b886a1c1f18a85537c1d7bb2b92e40dd333caf8eab6413b0157c2901fa7e41e7b231f03beba2c0acde931cbe26dff0334132daf1dcf7e32c4b1f

Download Submit
C:\Windows\system\hZKBqkZ.exe

Filesize
6.0MB

MD5
bddd7080f7739c2791807910a4bd6c81

SHA1
f2d3a9e27b926998bd2ea2759c8c5cee922f8c92

SHA256
606a6a2bde84a5c5a6ff55b6724f61ab45fb4dcf76b2c8d47f6bc2e097f9aae4

SHA512
bbaf8964548bd62e0f7f88b237eb4b26ac97d8186361b66a8b5e9958dfd0085102182d8908dde0b824643f62125e38261b8b988720a1793042a7046f6bdd4101

Download Submit
C:\Windows\system\iqmuoXg.exe

Filesize
6.0MB

MD5
945aec3f5d7298b76f5b767974e084b8

SHA1
64cb4480b07eabf01098d679dc3dd8310de53cba

SHA256
b875a24be1376d0cb896230532a69e7b1516cfc16449726074aff57c3e5762e7

SHA512
824c8416d267b4dd7e15a7a6e5137e58fe6b2cd8d8e997b1f23782f6d754694568a9f86e01ebdb19b2f16c259633d3ab8a2046b70292ff9d8c5a35a75fbaac34

Download Submit
C:\Windows\system\oKmNYKf.exe

Filesize
6.0MB

MD5
80c3bba4c5b85d0167d7af227a85f48d

SHA1
f2eb57e1106840447ad2e1ab0aab1fe8407e5c5a

SHA256
372fef32e228d052932f0fd5dc82cc6ad69ee8f60f11f8bed8fdd2aec0ad1b4b

SHA512
5414ff3e6d1494a348fefaa8d0bc7808f5a1baf58d1b4f6bba005a4a5f169eba12f587fa79104861170059762b0597dda4a717c7e1cd6e7ea668047d3c5e0d04

Download Submit
C:\Windows\system\pxWrxTD.exe

Filesize
6.0MB

MD5
23492b35fc51b6bb7e98af1e09a40b15

SHA1
f0213b89cedc1ef900cb669c3a1fd23e21d85ec8

SHA256
7824e479ee143de1b957accc859623f90238f5624693dcf1e3e1a9408d2e7dc4

SHA512
e3513a85fdbdb3e89ad10146d7e3310532decae9114919cf6751f42a3b7473d6c926906d108a1371855a0a79ae88c3db60dd6c4c7b93d1ae044738b5c92c16b9

Download Submit
C:\Windows\system\sHxEXAS.exe

Filesize
6.0MB

MD5
98a8da028fc64aa44320b3eac70d1b85

SHA1
fb15e7d315a57b1d1bb2db7a919c27a03b51eaf5

SHA256
c8106bf0d2105de6e6214cfb77b931b7a6783aecb1964492bf15edbf8ecdd208

SHA512
baade44657a85dffb4ac0473e269be2841b8c56a92ab9d2aaca527d0e1a83dac010816854dd72b9b9938b840f2f2cafe92b5733b5f456080a3a4a073d135aa67

Download Submit
C:\Windows\system\siaMvgU.exe

Filesize
6.0MB

MD5
5fb9a2f130d282710771fb30048a8210

SHA1
331f140626b7d9e1f9946e6e6afcb472b84a6333

SHA256
59b0595f64a367274058483d4cdd20474a781fff11687b220fddad1153c88091

SHA512
3062dbb05444a2b8d5f0e3a51e43dbc0384be85c472aac70cbd9d1664e4c8c3c06cfd00c5c1db1d4d45e425f5a0241753ec542a1bf619eb0cd09aaefadcc9221

Download Submit
C:\Windows\system\wkdknWV.exe

Filesize
6.0MB

MD5
9875022dfa47ce4b04d58f4070008e8d

SHA1
00d14b6f92eb55d79325b26f94dfdf4e67268795

SHA256
c18c56cc9e557c49a05a959ac3ca085565ea4d8ea50ddac884a826634aeceabc

SHA512
1ea6b50807950b4801e12f37b2342cd995783a2becd3d6d0d8d15b5e7fc4a4f793ef9b59c1dc161f50aa306e41c86e32cca719fdfc78443d0ef2fe83c0762416

Download Submit
\Windows\system\FGOhktS.exe

Filesize
6.0MB

MD5
5cb5337b529bb6a178d7e0a23d7d9ca2

SHA1
76a6af5053f8c1de3e1778dc71cff85ec096bdcf

SHA256
69ffdbb52d0cbd23ed0ccabccd6f7bc0b52962182c605d23926fcc20ba64af35

SHA512
a31eb65fb341385da6c164ec77b68cacd8f53804cb0bdf0d0a3ef6e5dfa847f4b888489674a65d03362e416d50a54dab1ad62493ec2175768c9f53b7a917e608

Download Submit
\Windows\system\GCzhGxS.exe

Filesize
6.0MB

MD5
9b2f4efaba45a5edd9f2638aca0ac058

SHA1
170a22295580c52708ff18108b81ae4e2cfc8a3d

SHA256
6bd0877464c3c3e3f79e6f3abfd1779e294474926827a4676a2f9ddee0b601e9

SHA512
4b50e6f280e956de14a7f9d4c2ce286bcb47089ea185f203dd2aa4b2580cca85287b03b5501656c4b2b1eb6d4fb2e0065f7378b90fee263ce34318696e2a504b

Download Submit
\Windows\system\ZMzBbhb.exe

Filesize
6.0MB

MD5
f016a3c989fce30246f91db77eb6e6c1

SHA1
9ad085aaf7806e83d4352aac9f5273d2fd2c86fe

SHA256
edb4bb201bdfe5fc32c1719a0460cd1d0d4beab922aa11bf5f4c6e8267ad3109

SHA512
4922e8dca735cca89265144017fc1a87cab7ad42e7bf0dade2372cac0630e8af14e21554d83d5dad619645c388b8a2b693e6c5c409fe75ff3773d42377093744

Download Submit
\Windows\system\fynObcm.exe

Filesize
6.0MB

MD5
f6970bf748c41e351ed956f063421cb6

SHA1
b4e26e1b049b0de0f43038bb0f4f71ae5619fc48

SHA256
bb39603179e39feed6946161f821cd3d0f2b62a5574f953841684c54517b4ebf

SHA512
730c9b7d68c99bc087fcf6417874f27593a18d5e4653b92b4138549e3b7ae8b5fbe89b687b3daaa24916570ac179cf0826d0116281265ebf2185732a89c1c2a6

Download Submit
memory/316-4213-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/316-1202-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/316-359-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1152-374-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1152-1338-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1152-1219-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1152-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1152-1092-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1152-383-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1152-382-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1152-364-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1152-380-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1152-1053-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1152-378-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1152-1337-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1152-376-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1152-1245-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1152-0-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1152-1239-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1152-372-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1152-1234-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1152-370-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1152-1216-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1152-368-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1152-1210-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1152-366-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1152-1205-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1152-1198-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1152-362-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1152-1253-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1152-360-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1152-1225-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1152-1248-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/1152-313-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/1152-1230-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1768-301-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1768-4144-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1768-1093-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2104-361-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2136-381-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2136-3621-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2208-363-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2208-4210-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2208-1213-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3622-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-332-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-379-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4212-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2624-1251-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2716-375-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4211-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-1242-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3623-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-365-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-4209-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2756-371-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1232-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2804-1222-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-367-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-4208-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-369-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3624-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3620-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-373-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-377-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download