cobaltstrike | 3c8cba4d17c84c0c94195f829a7ef2cda9f2d35eb843d7043076d206b4b6f9bc

Analysis

max time kernel
148s
max time network
124s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
28/11/2024, 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

3553e57053792d6fe218c5e77d0d0c83
SHA1

11c0c05ee4da12a129c5e3ed37e059f991fca086
SHA256

3c8cba4d17c84c0c94195f829a7ef2cda9f2d35eb843d7043076d206b4b6f9bc
SHA512

0f86392cdba7a82a21ee28adb6ce72e2eea9a6fbc8483222d161ee681454dad374731e4bd7dde4a0ed77af4b912bfe7771534c03e66591bb28b9edce9e90f6f4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUk:T+q56utgpPF8u/7k

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001756b-10.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-9.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186b7-23.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000016fc9-33.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186bb-40.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b05-51.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b28-62.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c3-50.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-71.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-198.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-97.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2816-0-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012262-3.dat	xmrig
behavioral1/files/0x000900000001756b-10.dat	xmrig
behavioral1/memory/3064-16-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2792-15-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-9.dat	xmrig
behavioral1/memory/2932-22-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x00060000000186b7-23.dat	xmrig
behavioral1/memory/2804-28-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2816-29-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x000d000000016fc9-33.dat	xmrig
behavioral1/memory/2680-39-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2816-38-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x00060000000186bb-40.dat	xmrig
behavioral1/memory/2816-43-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/1668-46-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/files/0x0008000000018b05-51.dat	xmrig
behavioral1/memory/2932-58-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2648-60-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2104-59-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/files/0x0008000000018b28-62.dat	xmrig
behavioral1/files/0x00060000000186c3-50.dat	xmrig
behavioral1/memory/1076-67-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2804-64-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c5-71.dat	xmrig
behavioral1/files/0x00050000000195c7-85.dat	xmrig
behavioral1/memory/2412-90-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2300-89-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2212-91-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c6-87.dat	xmrig
behavioral1/memory/2728-105-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001975a-112.dat	xmrig
behavioral1/files/0x0005000000019761-117.dat	xmrig
behavioral1/files/0x00050000000197fd-122.dat	xmrig
behavioral1/files/0x0005000000019bf5-138.dat	xmrig
behavioral1/files/0x0005000000019bf9-147.dat	xmrig
behavioral1/files/0x0005000000019c3c-150.dat	xmrig
behavioral1/files/0x0005000000019d6d-165.dat	xmrig
behavioral1/files/0x0005000000019e92-172.dat	xmrig
behavioral1/files/0x0005000000019fd4-177.dat	xmrig
behavioral1/files/0x000500000001a049-193.dat	xmrig
behavioral1/files/0x000500000001a0b6-198.dat	xmrig
behavioral1/memory/2816-443-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2728-392-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2816-261-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a03c-187.dat	xmrig
behavioral1/files/0x0005000000019fdd-182.dat	xmrig
behavioral1/files/0x0005000000019d62-162.dat	xmrig
behavioral1/files/0x0005000000019d61-158.dat	xmrig
behavioral1/files/0x0005000000019bf6-142.dat	xmrig
behavioral1/files/0x000500000001998d-132.dat	xmrig
behavioral1/files/0x0005000000019820-127.dat	xmrig
behavioral1/memory/2816-110-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/1076-109-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x0005000000019643-104.dat	xmrig
behavioral1/memory/2996-98-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-97.dat	xmrig
behavioral1/memory/1668-81-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2792-1177-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/3064-1170-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2804-1344-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2932-1343-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2680-1345-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/1668-1371-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2792	xwzroVu.exe
3064	JtjWNaV.exe
2932	XYguBCb.exe
2804	JMEVIiQ.exe
2680	wZCrmCu.exe
1668	GsxuUIo.exe
2104	ENnUvDS.exe
2648	hoPjNlQ.exe
1076	fRHGuvf.exe
2300	PKEswyg.exe
2412	noWmXGg.exe
2212	WuNXWZK.exe
2996	CCjIPFf.exe
2728	NNKcLuC.exe
2844	DvndRaZ.exe
2628	aDoJomS.exe
2372	vbTkSxf.exe
1136	cOQTXZN.exe
700	ZDAujuH.exe
1188	EaeKoxj.exe
2144	XFewaae.exe
2388	MOnqpNL.exe
3056	PLMnBxl.exe
2608	iBuRMbK.exe
2532	Qmnggmq.exe
2460	EMWiQra.exe
1292	CEVMAAZ.exe
2320	SCExbPq.exe
2640	kokpjXD.exe
2088	hRBgcJH.exe
1712	rPFZjAS.exe
2612	GXjIQLw.exe
1520	ihTVmyo.exe
1976	jXDvPFd.exe
2536	sgDcXma.exe
1356	MylnSFQ.exe
2448	jtCesrU.exe
2120	AaHOckr.exe
1956	ISANcVy.exe
2312	vRBZZZv.exe
2352	EGmGqHk.exe
544	JYeBdxL.exe
932	eBJjOci.exe
2588	gATcxMW.exe
340	HygxASd.exe
1068	SPfXqbq.exe
560	IYptjyh.exe
1708	YUSCrTX.exe
2332	GjiKVBV.exe
1556	hpTMaNC.exe
1660	BNWFmMc.exe
2812	CqfLWte.exe
2872	YPwhjpy.exe
2364	fxRXAep.exe
2692	MfRdBGo.exe
2732	HaTntgv.exe
2676	BYBzReM.exe
2380	LzNTMbq.exe
2976	zYCpqMF.exe
2112	nyTptyh.exe
2780	TIbiIsD.exe
2720	kNifHKy.exe
1596	FFjMYoI.exe
1880	GeyzjWe.exe

Loads dropped DLL 64 IoCs

pid	Process
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2816-0-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x000b000000012262-3.dat	upx
behavioral1/files/0x000900000001756b-10.dat	upx
behavioral1/memory/3064-16-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2792-15-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x0002000000018334-9.dat	upx
behavioral1/memory/2932-22-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x00060000000186b7-23.dat	upx
behavioral1/memory/2804-28-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2816-29-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x000d000000016fc9-33.dat	upx
behavioral1/memory/2680-39-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x00060000000186bb-40.dat	upx
behavioral1/memory/1668-46-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/files/0x0008000000018b05-51.dat	upx
behavioral1/memory/2932-58-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2648-60-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2104-59-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/files/0x0008000000018b28-62.dat	upx
behavioral1/files/0x00060000000186c3-50.dat	upx
behavioral1/memory/1076-67-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2804-64-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x00050000000195c5-71.dat	upx
behavioral1/files/0x00050000000195c7-85.dat	upx
behavioral1/memory/2412-90-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2300-89-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2212-91-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x00050000000195c6-87.dat	upx
behavioral1/memory/2728-105-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x000500000001975a-112.dat	upx
behavioral1/files/0x0005000000019761-117.dat	upx
behavioral1/files/0x00050000000197fd-122.dat	upx
behavioral1/files/0x0005000000019bf5-138.dat	upx
behavioral1/files/0x0005000000019bf9-147.dat	upx
behavioral1/files/0x0005000000019c3c-150.dat	upx
behavioral1/files/0x0005000000019d6d-165.dat	upx
behavioral1/files/0x0005000000019e92-172.dat	upx
behavioral1/files/0x0005000000019fd4-177.dat	upx
behavioral1/files/0x000500000001a049-193.dat	upx
behavioral1/files/0x000500000001a0b6-198.dat	upx
behavioral1/memory/2728-392-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x000500000001a03c-187.dat	upx
behavioral1/files/0x0005000000019fdd-182.dat	upx
behavioral1/files/0x0005000000019d62-162.dat	upx
behavioral1/files/0x0005000000019d61-158.dat	upx
behavioral1/files/0x0005000000019bf6-142.dat	upx
behavioral1/files/0x000500000001998d-132.dat	upx
behavioral1/files/0x0005000000019820-127.dat	upx
behavioral1/memory/1076-109-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x0005000000019643-104.dat	upx
behavioral1/memory/2996-98-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x000500000001960c-97.dat	upx
behavioral1/memory/1668-81-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2792-1177-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/3064-1170-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2804-1344-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2932-1343-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2680-1345-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/1668-1371-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2648-1385-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2104-1390-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/1076-1604-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2300-1639-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2412-1645-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\oVhVwdK.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zTNpQoL.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hCQEkUx.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHSJiRn.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yGIwpgf.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yJhlXHg.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KvOpMAG.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdWSSqx.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WSruMFl.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Gwrpnij.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FYRDAvI.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mZyqTrf.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxRnvVL.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FayJsRP.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PCbheUI.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\buanrDa.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtWEjXN.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cmhSFKv.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DdIQqoj.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPunMEW.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tGRQQdX.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WEBlmtY.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIwKtxB.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSqyvjT.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GlOyCur.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SxICpBF.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdNRxjn.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNBAVyr.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABPiXxL.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PGEKuGS.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gKaUQGd.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XjICWcr.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rusKkeT.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOFJGCj.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZLjFbO.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NNKcLuC.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HjyAwhK.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ItCRYmD.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnVYGZy.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SGHuMUk.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RvrCBOU.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aLnpLei.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JfaNScu.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTsqWYc.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aDYvUiS.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqLBkog.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EttWefW.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QKYwNnR.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XJcoIXG.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bPSHpUP.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\twkPAWM.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BxDlXpy.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDsIbKw.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FSbZMhb.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dBSwwQC.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wSayBEf.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFmfHqe.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yfApNrW.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ercEaLv.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\teXvgHs.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VRqyBka.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrMqwWU.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvbwNQI.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUOttnO.exe	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 3064	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 3064	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 3064	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2816 wrote to memory of 2792	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 2792	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 2792	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2816 wrote to memory of 2932	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 2932	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 2932	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2816 wrote to memory of 2804	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2804	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2804	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2816 wrote to memory of 2680	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2680	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 2680	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2816 wrote to memory of 1668	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 1668	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 1668	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2816 wrote to memory of 2104	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 2104	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 2104	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2816 wrote to memory of 2648	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 2648	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 2648	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2816 wrote to memory of 1076	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 1076	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 1076	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2816 wrote to memory of 2300	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 2300	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 2300	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2816 wrote to memory of 2212	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 2212	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 2212	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2816 wrote to memory of 2412	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 2412	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 2412	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2816 wrote to memory of 2996	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 2996	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 2996	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2816 wrote to memory of 2728	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 2728	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 2728	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2816 wrote to memory of 2844	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 2844	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 2844	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2816 wrote to memory of 2628	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 2628	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 2628	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2816 wrote to memory of 2372	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 2372	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 2372	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2816 wrote to memory of 1136	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 1136	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 1136	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2816 wrote to memory of 700	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 700	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 700	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2816 wrote to memory of 1188	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 1188	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 1188	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2816 wrote to memory of 2144	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 2144	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 2144	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2816 wrote to memory of 2388	2816	2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-28_3553e57053792d6fe218c5e77d0d0c83_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Windows\System\JtjWNaV.exe
  C:\Windows\System\JtjWNaV.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\xwzroVu.exe
  C:\Windows\System\xwzroVu.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\XYguBCb.exe
  C:\Windows\System\XYguBCb.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\JMEVIiQ.exe
  C:\Windows\System\JMEVIiQ.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\wZCrmCu.exe
  C:\Windows\System\wZCrmCu.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\GsxuUIo.exe
  C:\Windows\System\GsxuUIo.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\ENnUvDS.exe
  C:\Windows\System\ENnUvDS.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\hoPjNlQ.exe
  C:\Windows\System\hoPjNlQ.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\fRHGuvf.exe
  C:\Windows\System\fRHGuvf.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\PKEswyg.exe
  C:\Windows\System\PKEswyg.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\WuNXWZK.exe
  C:\Windows\System\WuNXWZK.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\noWmXGg.exe
  C:\Windows\System\noWmXGg.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\CCjIPFf.exe
  C:\Windows\System\CCjIPFf.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\NNKcLuC.exe
  C:\Windows\System\NNKcLuC.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\DvndRaZ.exe
  C:\Windows\System\DvndRaZ.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\aDoJomS.exe
  C:\Windows\System\aDoJomS.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\vbTkSxf.exe
  C:\Windows\System\vbTkSxf.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\cOQTXZN.exe
  C:\Windows\System\cOQTXZN.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\ZDAujuH.exe
  C:\Windows\System\ZDAujuH.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\EaeKoxj.exe
  C:\Windows\System\EaeKoxj.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\XFewaae.exe
  C:\Windows\System\XFewaae.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\MOnqpNL.exe
  C:\Windows\System\MOnqpNL.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\PLMnBxl.exe
  C:\Windows\System\PLMnBxl.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\iBuRMbK.exe
  C:\Windows\System\iBuRMbK.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\Qmnggmq.exe
  C:\Windows\System\Qmnggmq.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\EMWiQra.exe
  C:\Windows\System\EMWiQra.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\CEVMAAZ.exe
  C:\Windows\System\CEVMAAZ.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\SCExbPq.exe
  C:\Windows\System\SCExbPq.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\kokpjXD.exe
  C:\Windows\System\kokpjXD.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\hRBgcJH.exe
  C:\Windows\System\hRBgcJH.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\rPFZjAS.exe
  C:\Windows\System\rPFZjAS.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\GXjIQLw.exe
  C:\Windows\System\GXjIQLw.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\ihTVmyo.exe
  C:\Windows\System\ihTVmyo.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\jXDvPFd.exe
  C:\Windows\System\jXDvPFd.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\sgDcXma.exe
  C:\Windows\System\sgDcXma.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\MylnSFQ.exe
  C:\Windows\System\MylnSFQ.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\jtCesrU.exe
  C:\Windows\System\jtCesrU.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\AaHOckr.exe
  C:\Windows\System\AaHOckr.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\ISANcVy.exe
  C:\Windows\System\ISANcVy.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\vRBZZZv.exe
  C:\Windows\System\vRBZZZv.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\EGmGqHk.exe
  C:\Windows\System\EGmGqHk.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\JYeBdxL.exe
  C:\Windows\System\JYeBdxL.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\eBJjOci.exe
  C:\Windows\System\eBJjOci.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\gATcxMW.exe
  C:\Windows\System\gATcxMW.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\HygxASd.exe
  C:\Windows\System\HygxASd.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\SPfXqbq.exe
  C:\Windows\System\SPfXqbq.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\IYptjyh.exe
  C:\Windows\System\IYptjyh.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\YUSCrTX.exe
  C:\Windows\System\YUSCrTX.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\GjiKVBV.exe
  C:\Windows\System\GjiKVBV.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\hpTMaNC.exe
  C:\Windows\System\hpTMaNC.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\BNWFmMc.exe
  C:\Windows\System\BNWFmMc.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\CqfLWte.exe
  C:\Windows\System\CqfLWte.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\YPwhjpy.exe
  C:\Windows\System\YPwhjpy.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\fxRXAep.exe
  C:\Windows\System\fxRXAep.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\MfRdBGo.exe
  C:\Windows\System\MfRdBGo.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\HaTntgv.exe
  C:\Windows\System\HaTntgv.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\BYBzReM.exe
  C:\Windows\System\BYBzReM.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\LzNTMbq.exe
  C:\Windows\System\LzNTMbq.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\zYCpqMF.exe
  C:\Windows\System\zYCpqMF.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\nyTptyh.exe
  C:\Windows\System\nyTptyh.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\TIbiIsD.exe
  C:\Windows\System\TIbiIsD.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\kNifHKy.exe
  C:\Windows\System\kNifHKy.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\FFjMYoI.exe
  C:\Windows\System\FFjMYoI.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\GeyzjWe.exe
  C:\Windows\System\GeyzjWe.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\seWBkka.exe
  C:\Windows\System\seWBkka.exe
  2⤵
  PID:2616
- C:\Windows\System\jzHoefV.exe
  C:\Windows\System\jzHoefV.exe
  2⤵
  PID:2960
- C:\Windows\System\bWLzSoq.exe
  C:\Windows\System\bWLzSoq.exe
  2⤵
  PID:1948
- C:\Windows\System\eGqGLJC.exe
  C:\Windows\System\eGqGLJC.exe
  2⤵
  PID:1928
- C:\Windows\System\firRZBO.exe
  C:\Windows\System\firRZBO.exe
  2⤵
  PID:2376
- C:\Windows\System\eWiWODB.exe
  C:\Windows\System\eWiWODB.exe
  2⤵
  PID:264
- C:\Windows\System\xFMaxAg.exe
  C:\Windows\System\xFMaxAg.exe
  2⤵
  PID:1748
- C:\Windows\System\tZYaZKQ.exe
  C:\Windows\System\tZYaZKQ.exe
  2⤵
  PID:2528
- C:\Windows\System\yGnZuaX.exe
  C:\Windows\System\yGnZuaX.exe
  2⤵
  PID:2232
- C:\Windows\System\qqwvJox.exe
  C:\Windows\System\qqwvJox.exe
  2⤵
  PID:1856
- C:\Windows\System\nhjDRZW.exe
  C:\Windows\System\nhjDRZW.exe
  2⤵
  PID:1280
- C:\Windows\System\EjLdgrV.exe
  C:\Windows\System\EjLdgrV.exe
  2⤵
  PID:952
- C:\Windows\System\dUnEaRI.exe
  C:\Windows\System\dUnEaRI.exe
  2⤵
  PID:1472
- C:\Windows\System\UbJjBAm.exe
  C:\Windows\System\UbJjBAm.exe
  2⤵
  PID:1960
- C:\Windows\System\yxqsiFE.exe
  C:\Windows\System\yxqsiFE.exe
  2⤵
  PID:1916
- C:\Windows\System\NgCxgvm.exe
  C:\Windows\System\NgCxgvm.exe
  2⤵
  PID:1228
- C:\Windows\System\jTcVguz.exe
  C:\Windows\System\jTcVguz.exe
  2⤵
  PID:1512
- C:\Windows\System\pwfDwCC.exe
  C:\Windows\System\pwfDwCC.exe
  2⤵
  PID:3032
- C:\Windows\System\yqRUESF.exe
  C:\Windows\System\yqRUESF.exe
  2⤵
  PID:588
- C:\Windows\System\IluvtlW.exe
  C:\Windows\System\IluvtlW.exe
  2⤵
  PID:2556
- C:\Windows\System\kYyfxTD.exe
  C:\Windows\System\kYyfxTD.exe
  2⤵
  PID:2468
- C:\Windows\System\sHQYCXH.exe
  C:\Windows\System\sHQYCXH.exe
  2⤵
  PID:284
- C:\Windows\System\VKfovqG.exe
  C:\Windows\System\VKfovqG.exe
  2⤵
  PID:1768
- C:\Windows\System\llqeqXg.exe
  C:\Windows\System\llqeqXg.exe
  2⤵
  PID:1056
- C:\Windows\System\BXFqAIn.exe
  C:\Windows\System\BXFqAIn.exe
  2⤵
  PID:852
- C:\Windows\System\HjyAwhK.exe
  C:\Windows\System\HjyAwhK.exe
  2⤵
  PID:2592
- C:\Windows\System\vTfzmIg.exe
  C:\Windows\System\vTfzmIg.exe
  2⤵
  PID:2916
- C:\Windows\System\gJuivgY.exe
  C:\Windows\System\gJuivgY.exe
  2⤵
  PID:2848
- C:\Windows\System\qRWHUey.exe
  C:\Windows\System\qRWHUey.exe
  2⤵
  PID:2660
- C:\Windows\System\phmxLfP.exe
  C:\Windows\System\phmxLfP.exe
  2⤵
  PID:2820
- C:\Windows\System\vnVXDqc.exe
  C:\Windows\System\vnVXDqc.exe
  2⤵
  PID:1996
- C:\Windows\System\PdvVFqB.exe
  C:\Windows\System\PdvVFqB.exe
  2⤵
  PID:2884
- C:\Windows\System\YhChQli.exe
  C:\Windows\System\YhChQli.exe
  2⤵
  PID:1888
- C:\Windows\System\lmMHWrh.exe
  C:\Windows\System\lmMHWrh.exe
  2⤵
  PID:916
- C:\Windows\System\FOyoStC.exe
  C:\Windows\System\FOyoStC.exe
  2⤵
  PID:2544
- C:\Windows\System\sfaCSEe.exe
  C:\Windows\System\sfaCSEe.exe
  2⤵
  PID:1196
- C:\Windows\System\csOgZtf.exe
  C:\Windows\System\csOgZtf.exe
  2⤵
  PID:2220
- C:\Windows\System\bDzwibC.exe
  C:\Windows\System\bDzwibC.exe
  2⤵
  PID:524
- C:\Windows\System\ebHLMYW.exe
  C:\Windows\System\ebHLMYW.exe
  2⤵
  PID:432
- C:\Windows\System\UtTevnh.exe
  C:\Windows\System\UtTevnh.exe
  2⤵
  PID:2632
- C:\Windows\System\MJgxsUu.exe
  C:\Windows\System\MJgxsUu.exe
  2⤵
  PID:1500
- C:\Windows\System\eSsgSqI.exe
  C:\Windows\System\eSsgSqI.exe
  2⤵
  PID:1980
- C:\Windows\System\pPWroPO.exe
  C:\Windows\System\pPWroPO.exe
  2⤵
  PID:936
- C:\Windows\System\SUtZDTd.exe
  C:\Windows\System\SUtZDTd.exe
  2⤵
  PID:752
- C:\Windows\System\mQwghfj.exe
  C:\Windows\System\mQwghfj.exe
  2⤵
  PID:1740
- C:\Windows\System\WlEJjQR.exe
  C:\Windows\System\WlEJjQR.exe
  2⤵
  PID:3016
- C:\Windows\System\qpJOolc.exe
  C:\Windows\System\qpJOolc.exe
  2⤵
  PID:1532
- C:\Windows\System\ZSqyvjT.exe
  C:\Windows\System\ZSqyvjT.exe
  2⤵
  PID:2240
- C:\Windows\System\lSaIaLi.exe
  C:\Windows\System\lSaIaLi.exe
  2⤵
  PID:2760
- C:\Windows\System\mkvKjHg.exe
  C:\Windows\System\mkvKjHg.exe
  2⤵
  PID:1560
- C:\Windows\System\PXDpYYE.exe
  C:\Windows\System\PXDpYYE.exe
  2⤵
  PID:2740
- C:\Windows\System\gvSlLgW.exe
  C:\Windows\System\gvSlLgW.exe
  2⤵
  PID:2920
- C:\Windows\System\vAKAJpJ.exe
  C:\Windows\System\vAKAJpJ.exe
  2⤵
  PID:3028
- C:\Windows\System\yEJLlMi.exe
  C:\Windows\System\yEJLlMi.exe
  2⤵
  PID:3048
- C:\Windows\System\DnaBcpU.exe
  C:\Windows\System\DnaBcpU.exe
  2⤵
  PID:2988
- C:\Windows\System\meMOsVb.exe
  C:\Windows\System\meMOsVb.exe
  2⤵
  PID:3024
- C:\Windows\System\vmcQTTf.exe
  C:\Windows\System\vmcQTTf.exe
  2⤵
  PID:2392
- C:\Windows\System\UFQKHRV.exe
  C:\Windows\System\UFQKHRV.exe
  2⤵
  PID:1460
- C:\Windows\System\utrsPXk.exe
  C:\Windows\System\utrsPXk.exe
  2⤵
  PID:520
- C:\Windows\System\KuzJgRV.exe
  C:\Windows\System\KuzJgRV.exe
  2⤵
  PID:324
- C:\Windows\System\hZGrqwb.exe
  C:\Windows\System\hZGrqwb.exe
  2⤵
  PID:1720
- C:\Windows\System\VKNwrGB.exe
  C:\Windows\System\VKNwrGB.exe
  2⤵
  PID:1620
- C:\Windows\System\MUDioOG.exe
  C:\Windows\System\MUDioOG.exe
  2⤵
  PID:2752
- C:\Windows\System\FiZofMT.exe
  C:\Windows\System\FiZofMT.exe
  2⤵
  PID:2668
- C:\Windows\System\JVFLDbw.exe
  C:\Windows\System\JVFLDbw.exe
  2⤵
  PID:2788
- C:\Windows\System\hLILLWy.exe
  C:\Windows\System\hLILLWy.exe
  2⤵
  PID:2924
- C:\Windows\System\woQhasf.exe
  C:\Windows\System\woQhasf.exe
  2⤵
  PID:108
- C:\Windows\System\pKKejUZ.exe
  C:\Windows\System\pKKejUZ.exe
  2⤵
  PID:2504
- C:\Windows\System\PiaAduM.exe
  C:\Windows\System\PiaAduM.exe
  2⤵
  PID:2396
- C:\Windows\System\sGlGBaw.exe
  C:\Windows\System\sGlGBaw.exe
  2⤵
  PID:1800
- C:\Windows\System\kSpLHhi.exe
  C:\Windows\System\kSpLHhi.exe
  2⤵
  PID:2356
- C:\Windows\System\yCSJzdo.exe
  C:\Windows\System\yCSJzdo.exe
  2⤵
  PID:2316
- C:\Windows\System\byiimEx.exe
  C:\Windows\System\byiimEx.exe
  2⤵
  PID:2864
- C:\Windows\System\hCQEkUx.exe
  C:\Windows\System\hCQEkUx.exe
  2⤵
  PID:2808
- C:\Windows\System\ohywPzm.exe
  C:\Windows\System\ohywPzm.exe
  2⤵
  PID:3084
- C:\Windows\System\PZXWAzT.exe
  C:\Windows\System\PZXWAzT.exe
  2⤵
  PID:3104
- C:\Windows\System\gdHNcjz.exe
  C:\Windows\System\gdHNcjz.exe
  2⤵
  PID:3128
- C:\Windows\System\VOUJTCX.exe
  C:\Windows\System\VOUJTCX.exe
  2⤵
  PID:3144
- C:\Windows\System\bAlfrUY.exe
  C:\Windows\System\bAlfrUY.exe
  2⤵
  PID:3168
- C:\Windows\System\oYVuzmK.exe
  C:\Windows\System\oYVuzmK.exe
  2⤵
  PID:3188
- C:\Windows\System\kdrttfN.exe
  C:\Windows\System\kdrttfN.exe
  2⤵
  PID:3208
- C:\Windows\System\yTPEyst.exe
  C:\Windows\System\yTPEyst.exe
  2⤵
  PID:3228
- C:\Windows\System\bgqNvbi.exe
  C:\Windows\System\bgqNvbi.exe
  2⤵
  PID:3248
- C:\Windows\System\OtdeZQP.exe
  C:\Windows\System\OtdeZQP.exe
  2⤵
  PID:3268
- C:\Windows\System\lDejuvm.exe
  C:\Windows\System\lDejuvm.exe
  2⤵
  PID:3288
- C:\Windows\System\iJANUNu.exe
  C:\Windows\System\iJANUNu.exe
  2⤵
  PID:3308
- C:\Windows\System\qLpYxTh.exe
  C:\Windows\System\qLpYxTh.exe
  2⤵
  PID:3332
- C:\Windows\System\VUUriBG.exe
  C:\Windows\System\VUUriBG.exe
  2⤵
  PID:3352
- C:\Windows\System\gqCCMmB.exe
  C:\Windows\System\gqCCMmB.exe
  2⤵
  PID:3372
- C:\Windows\System\iLnYCFZ.exe
  C:\Windows\System\iLnYCFZ.exe
  2⤵
  PID:3392
- C:\Windows\System\YCPEiyy.exe
  C:\Windows\System\YCPEiyy.exe
  2⤵
  PID:3412
- C:\Windows\System\kFEiHsa.exe
  C:\Windows\System\kFEiHsa.exe
  2⤵
  PID:3432
- C:\Windows\System\QlCOTzT.exe
  C:\Windows\System\QlCOTzT.exe
  2⤵
  PID:3452
- C:\Windows\System\PwbadtV.exe
  C:\Windows\System\PwbadtV.exe
  2⤵
  PID:3472
- C:\Windows\System\gREnDoX.exe
  C:\Windows\System\gREnDoX.exe
  2⤵
  PID:3492
- C:\Windows\System\UzIrcHl.exe
  C:\Windows\System\UzIrcHl.exe
  2⤵
  PID:3512
- C:\Windows\System\EbwZLyY.exe
  C:\Windows\System\EbwZLyY.exe
  2⤵
  PID:3536
- C:\Windows\System\TyujczE.exe
  C:\Windows\System\TyujczE.exe
  2⤵
  PID:3556
- C:\Windows\System\BXLDSJh.exe
  C:\Windows\System\BXLDSJh.exe
  2⤵
  PID:3580
- C:\Windows\System\qmyHemi.exe
  C:\Windows\System\qmyHemi.exe
  2⤵
  PID:3596
- C:\Windows\System\iuLbBwt.exe
  C:\Windows\System\iuLbBwt.exe
  2⤵
  PID:3616
- C:\Windows\System\QWaYtOF.exe
  C:\Windows\System\QWaYtOF.exe
  2⤵
  PID:3636
- C:\Windows\System\uZdXUnz.exe
  C:\Windows\System\uZdXUnz.exe
  2⤵
  PID:3660
- C:\Windows\System\QKuvKLe.exe
  C:\Windows\System\QKuvKLe.exe
  2⤵
  PID:3676
- C:\Windows\System\yBcpuUz.exe
  C:\Windows\System\yBcpuUz.exe
  2⤵
  PID:3700
- C:\Windows\System\ocvhMtc.exe
  C:\Windows\System\ocvhMtc.exe
  2⤵
  PID:3716
- C:\Windows\System\sowZZzB.exe
  C:\Windows\System\sowZZzB.exe
  2⤵
  PID:3740
- C:\Windows\System\qOzaqVC.exe
  C:\Windows\System\qOzaqVC.exe
  2⤵
  PID:3756
- C:\Windows\System\FhVbXVE.exe
  C:\Windows\System\FhVbXVE.exe
  2⤵
  PID:3780
- C:\Windows\System\cRgWjAk.exe
  C:\Windows\System\cRgWjAk.exe
  2⤵
  PID:3796
- C:\Windows\System\qnHOebQ.exe
  C:\Windows\System\qnHOebQ.exe
  2⤵
  PID:3820
- C:\Windows\System\GkAbQcK.exe
  C:\Windows\System\GkAbQcK.exe
  2⤵
  PID:3840
- C:\Windows\System\lHmxEHM.exe
  C:\Windows\System\lHmxEHM.exe
  2⤵
  PID:3860
- C:\Windows\System\riowrSN.exe
  C:\Windows\System\riowrSN.exe
  2⤵
  PID:3880
- C:\Windows\System\ItCRYmD.exe
  C:\Windows\System\ItCRYmD.exe
  2⤵
  PID:3900
- C:\Windows\System\ZixucIz.exe
  C:\Windows\System\ZixucIz.exe
  2⤵
  PID:3916
- C:\Windows\System\zYCUFLI.exe
  C:\Windows\System\zYCUFLI.exe
  2⤵
  PID:3944
- C:\Windows\System\YilxuKp.exe
  C:\Windows\System\YilxuKp.exe
  2⤵
  PID:3964
- C:\Windows\System\dBSwwQC.exe
  C:\Windows\System\dBSwwQC.exe
  2⤵
  PID:3984
- C:\Windows\System\ptOxdsx.exe
  C:\Windows\System\ptOxdsx.exe
  2⤵
  PID:4004
- C:\Windows\System\HqGjizH.exe
  C:\Windows\System\HqGjizH.exe
  2⤵
  PID:4024
- C:\Windows\System\OqLBkog.exe
  C:\Windows\System\OqLBkog.exe
  2⤵
  PID:4040
- C:\Windows\System\mCtpvMi.exe
  C:\Windows\System\mCtpvMi.exe
  2⤵
  PID:4060
- C:\Windows\System\jnOgWzu.exe
  C:\Windows\System\jnOgWzu.exe
  2⤵
  PID:4084
- C:\Windows\System\fNCdPmC.exe
  C:\Windows\System\fNCdPmC.exe
  2⤵
  PID:2476
- C:\Windows\System\cibPwKR.exe
  C:\Windows\System\cibPwKR.exe
  2⤵
  PID:1924
- C:\Windows\System\toOYcfy.exe
  C:\Windows\System\toOYcfy.exe
  2⤵
  PID:2228
- C:\Windows\System\YWpGdsj.exe
  C:\Windows\System\YWpGdsj.exe
  2⤵
  PID:3076
- C:\Windows\System\AqzbaEz.exe
  C:\Windows\System\AqzbaEz.exe
  2⤵
  PID:3124
- C:\Windows\System\HSCRmLD.exe
  C:\Windows\System\HSCRmLD.exe
  2⤵
  PID:3152
- C:\Windows\System\ERJzQdQ.exe
  C:\Windows\System\ERJzQdQ.exe
  2⤵
  PID:3196
- C:\Windows\System\vziJHXu.exe
  C:\Windows\System\vziJHXu.exe
  2⤵
  PID:3236
- C:\Windows\System\CPunMEW.exe
  C:\Windows\System\CPunMEW.exe
  2⤵
  PID:3240
- C:\Windows\System\osQTLAA.exe
  C:\Windows\System\osQTLAA.exe
  2⤵
  PID:3260
- C:\Windows\System\aVoTNRu.exe
  C:\Windows\System\aVoTNRu.exe
  2⤵
  PID:3296
- C:\Windows\System\KihpHla.exe
  C:\Windows\System\KihpHla.exe
  2⤵
  PID:3360
- C:\Windows\System\OqgCSCz.exe
  C:\Windows\System\OqgCSCz.exe
  2⤵
  PID:3348
- C:\Windows\System\lFyYBZp.exe
  C:\Windows\System\lFyYBZp.exe
  2⤵
  PID:3404
- C:\Windows\System\JPDpbKx.exe
  C:\Windows\System\JPDpbKx.exe
  2⤵
  PID:3488
- C:\Windows\System\cveBcQK.exe
  C:\Windows\System\cveBcQK.exe
  2⤵
  PID:3468
- C:\Windows\System\LSFzseK.exe
  C:\Windows\System\LSFzseK.exe
  2⤵
  PID:3500
- C:\Windows\System\UCKRyUF.exe
  C:\Windows\System\UCKRyUF.exe
  2⤵
  PID:3552
- C:\Windows\System\ipXUEHp.exe
  C:\Windows\System\ipXUEHp.exe
  2⤵
  PID:3608
- C:\Windows\System\fAtLXOJ.exe
  C:\Windows\System\fAtLXOJ.exe
  2⤵
  PID:3588
- C:\Windows\System\EIabLoz.exe
  C:\Windows\System\EIabLoz.exe
  2⤵
  PID:3656
- C:\Windows\System\bBhhiRs.exe
  C:\Windows\System\bBhhiRs.exe
  2⤵
  PID:3692
- C:\Windows\System\tGRQQdX.exe
  C:\Windows\System\tGRQQdX.exe
  2⤵
  PID:3728
- C:\Windows\System\iCzMyAQ.exe
  C:\Windows\System\iCzMyAQ.exe
  2⤵
  PID:3772
- C:\Windows\System\fpIkFTY.exe
  C:\Windows\System\fpIkFTY.exe
  2⤵
  PID:3768
- C:\Windows\System\LJcQhmp.exe
  C:\Windows\System\LJcQhmp.exe
  2⤵
  PID:3752
- C:\Windows\System\RVbSfHp.exe
  C:\Windows\System\RVbSfHp.exe
  2⤵
  PID:3856
- C:\Windows\System\kbKZwxW.exe
  C:\Windows\System\kbKZwxW.exe
  2⤵
  PID:3836
- C:\Windows\System\saSJEob.exe
  C:\Windows\System\saSJEob.exe
  2⤵
  PID:3892
- C:\Windows\System\aatHBDf.exe
  C:\Windows\System\aatHBDf.exe
  2⤵
  PID:3872
- C:\Windows\System\SdfoBSI.exe
  C:\Windows\System\SdfoBSI.exe
  2⤵
  PID:4012
- C:\Windows\System\zotMYwa.exe
  C:\Windows\System\zotMYwa.exe
  2⤵
  PID:3992
- C:\Windows\System\fVjORKs.exe
  C:\Windows\System\fVjORKs.exe
  2⤵
  PID:4052
- C:\Windows\System\wYaVkDj.exe
  C:\Windows\System\wYaVkDj.exe
  2⤵
  PID:1236
- C:\Windows\System\IcXSbRX.exe
  C:\Windows\System\IcXSbRX.exe
  2⤵
  PID:4068
- C:\Windows\System\FFHVNiV.exe
  C:\Windows\System\FFHVNiV.exe
  2⤵
  PID:2768
- C:\Windows\System\XfeTCUU.exe
  C:\Windows\System\XfeTCUU.exe
  2⤵
  PID:1684
- C:\Windows\System\RIEdclD.exe
  C:\Windows\System\RIEdclD.exe
  2⤵
  PID:2716
- C:\Windows\System\aolYpTr.exe
  C:\Windows\System\aolYpTr.exe
  2⤵
  PID:2712
- C:\Windows\System\fedrxlv.exe
  C:\Windows\System\fedrxlv.exe
  2⤵
  PID:1200
- C:\Windows\System\zslrjpC.exe
  C:\Windows\System\zslrjpC.exe
  2⤵
  PID:3156
- C:\Windows\System\DPpTbQJ.exe
  C:\Windows\System\DPpTbQJ.exe
  2⤵
  PID:3224
- C:\Windows\System\sZqCodd.exe
  C:\Windows\System\sZqCodd.exe
  2⤵
  PID:3180
- C:\Windows\System\JapVLku.exe
  C:\Windows\System\JapVLku.exe
  2⤵
  PID:3256
- C:\Windows\System\mWAhNEw.exe
  C:\Windows\System\mWAhNEw.exe
  2⤵
  PID:1372
- C:\Windows\System\pxoGsFX.exe
  C:\Windows\System\pxoGsFX.exe
  2⤵
  PID:3440
- C:\Windows\System\vQHrcRk.exe
  C:\Windows\System\vQHrcRk.exe
  2⤵
  PID:3532
- C:\Windows\System\EhgFgPQ.exe
  C:\Windows\System\EhgFgPQ.exe
  2⤵
  PID:3612
- C:\Windows\System\gRjbQRl.exe
  C:\Windows\System\gRjbQRl.exe
  2⤵
  PID:2928
- C:\Windows\System\oyYuoPp.exe
  C:\Windows\System\oyYuoPp.exe
  2⤵
  PID:3644
- C:\Windows\System\YOMEvCy.exe
  C:\Windows\System\YOMEvCy.exe
  2⤵
  PID:3736
- C:\Windows\System\HmmUrbp.exe
  C:\Windows\System\HmmUrbp.exe
  2⤵
  PID:2900
- C:\Windows\System\gZowSgf.exe
  C:\Windows\System\gZowSgf.exe
  2⤵
  PID:3808
- C:\Windows\System\QIqksjd.exe
  C:\Windows\System\QIqksjd.exe
  2⤵
  PID:3876
- C:\Windows\System\ufFKrtF.exe
  C:\Windows\System\ufFKrtF.exe
  2⤵
  PID:3828
- C:\Windows\System\EijyIHC.exe
  C:\Windows\System\EijyIHC.exe
  2⤵
  PID:3940
- C:\Windows\System\iAGFDDy.exe
  C:\Windows\System\iAGFDDy.exe
  2⤵
  PID:4020
- C:\Windows\System\jAIOsDt.exe
  C:\Windows\System\jAIOsDt.exe
  2⤵
  PID:4092
- C:\Windows\System\RMtyRGQ.exe
  C:\Windows\System\RMtyRGQ.exe
  2⤵
  PID:1156
- C:\Windows\System\RkhtoBr.exe
  C:\Windows\System\RkhtoBr.exe
  2⤵
  PID:3008
- C:\Windows\System\gzcpEfl.exe
  C:\Windows\System\gzcpEfl.exe
  2⤵
  PID:920
- C:\Windows\System\bDDyjky.exe
  C:\Windows\System\bDDyjky.exe
  2⤵
  PID:1504
- C:\Windows\System\FzkigHM.exe
  C:\Windows\System\FzkigHM.exe
  2⤵
  PID:3220
- C:\Windows\System\PeJWplA.exe
  C:\Windows\System\PeJWplA.exe
  2⤵
  PID:3316
- C:\Windows\System\KNYzBCg.exe
  C:\Windows\System\KNYzBCg.exe
  2⤵
  PID:3408
- C:\Windows\System\qmgetVC.exe
  C:\Windows\System\qmgetVC.exe
  2⤵
  PID:3544
- C:\Windows\System\TCAcVxb.exe
  C:\Windows\System\TCAcVxb.exe
  2⤵
  PID:3564
- C:\Windows\System\rhegtRO.exe
  C:\Windows\System\rhegtRO.exe
  2⤵
  PID:3724
- C:\Windows\System\ppMapaU.exe
  C:\Windows\System\ppMapaU.exe
  2⤵
  PID:3712
- C:\Windows\System\NxRtbir.exe
  C:\Windows\System\NxRtbir.exe
  2⤵
  PID:3816
- C:\Windows\System\NBEmDAs.exe
  C:\Windows\System\NBEmDAs.exe
  2⤵
  PID:3832
- C:\Windows\System\WWdaylf.exe
  C:\Windows\System\WWdaylf.exe
  2⤵
  PID:4056
- C:\Windows\System\yuOvdcK.exe
  C:\Windows\System\yuOvdcK.exe
  2⤵
  PID:3764
- C:\Windows\System\eDVIRyl.exe
  C:\Windows\System\eDVIRyl.exe
  2⤵
  PID:3000
- C:\Windows\System\BxDlXpy.exe
  C:\Windows\System\BxDlXpy.exe
  2⤵
  PID:2940
- C:\Windows\System\nNqRmvs.exe
  C:\Windows\System\nNqRmvs.exe
  2⤵
  PID:3164
- C:\Windows\System\PFZlecb.exe
  C:\Windows\System\PFZlecb.exe
  2⤵
  PID:3400
- C:\Windows\System\MYVydAA.exe
  C:\Windows\System\MYVydAA.exe
  2⤵
  PID:3568
- C:\Windows\System\OCgsxPP.exe
  C:\Windows\System\OCgsxPP.exe
  2⤵
  PID:3648
- C:\Windows\System\LYUcpTH.exe
  C:\Windows\System\LYUcpTH.exe
  2⤵
  PID:3592
- C:\Windows\System\nzwVJrQ.exe
  C:\Windows\System\nzwVJrQ.exe
  2⤵
  PID:3852
- C:\Windows\System\ZVOElhx.exe
  C:\Windows\System\ZVOElhx.exe
  2⤵
  PID:3936
- C:\Windows\System\UXwUepL.exe
  C:\Windows\System\UXwUepL.exe
  2⤵
  PID:4036
- C:\Windows\System\HDvMyMf.exe
  C:\Windows\System\HDvMyMf.exe
  2⤵
  PID:3480
- C:\Windows\System\qhYIJgr.exe
  C:\Windows\System\qhYIJgr.exe
  2⤵
  PID:3096
- C:\Windows\System\VynixKy.exe
  C:\Windows\System\VynixKy.exe
  2⤵
  PID:2000
- C:\Windows\System\PsxjUuC.exe
  C:\Windows\System\PsxjUuC.exe
  2⤵
  PID:3684
- C:\Windows\System\IWVJTuP.exe
  C:\Windows\System\IWVJTuP.exe
  2⤵
  PID:3136
- C:\Windows\System\EvktDGm.exe
  C:\Windows\System\EvktDGm.exe
  2⤵
  PID:3368
- C:\Windows\System\hfSeubN.exe
  C:\Windows\System\hfSeubN.exe
  2⤵
  PID:3140
- C:\Windows\System\aZLjFbO.exe
  C:\Windows\System\aZLjFbO.exe
  2⤵
  PID:4116
- C:\Windows\System\IeGHgjS.exe
  C:\Windows\System\IeGHgjS.exe
  2⤵
  PID:4132
- C:\Windows\System\PYhKBGM.exe
  C:\Windows\System\PYhKBGM.exe
  2⤵
  PID:4160
- C:\Windows\System\JBMMfHt.exe
  C:\Windows\System\JBMMfHt.exe
  2⤵
  PID:4176
- C:\Windows\System\PXpOBXB.exe
  C:\Windows\System\PXpOBXB.exe
  2⤵
  PID:4200
- C:\Windows\System\zXRJdAq.exe
  C:\Windows\System\zXRJdAq.exe
  2⤵
  PID:4224
- C:\Windows\System\dItGQCb.exe
  C:\Windows\System\dItGQCb.exe
  2⤵
  PID:4244
- C:\Windows\System\aptKnwL.exe
  C:\Windows\System\aptKnwL.exe
  2⤵
  PID:4272
- C:\Windows\System\uNlfsKt.exe
  C:\Windows\System\uNlfsKt.exe
  2⤵
  PID:4292
- C:\Windows\System\buqUcmk.exe
  C:\Windows\System\buqUcmk.exe
  2⤵
  PID:4312
- C:\Windows\System\zknDJpN.exe
  C:\Windows\System\zknDJpN.exe
  2⤵
  PID:4332
- C:\Windows\System\fTsqWYc.exe
  C:\Windows\System\fTsqWYc.exe
  2⤵
  PID:4348
- C:\Windows\System\qZQpynN.exe
  C:\Windows\System\qZQpynN.exe
  2⤵
  PID:4372
- C:\Windows\System\NoQZRWl.exe
  C:\Windows\System\NoQZRWl.exe
  2⤵
  PID:4392
- C:\Windows\System\lKBnbUD.exe
  C:\Windows\System\lKBnbUD.exe
  2⤵
  PID:4412
- C:\Windows\System\MJKZmeP.exe
  C:\Windows\System\MJKZmeP.exe
  2⤵
  PID:4428
- C:\Windows\System\oCvHEah.exe
  C:\Windows\System\oCvHEah.exe
  2⤵
  PID:4448
- C:\Windows\System\xBywrbJ.exe
  C:\Windows\System\xBywrbJ.exe
  2⤵
  PID:4504
- C:\Windows\System\xOHPPzm.exe
  C:\Windows\System\xOHPPzm.exe
  2⤵
  PID:4524
- C:\Windows\System\DOJzHDC.exe
  C:\Windows\System\DOJzHDC.exe
  2⤵
  PID:4544
- C:\Windows\System\XcnNdNF.exe
  C:\Windows\System\XcnNdNF.exe
  2⤵
  PID:4568
- C:\Windows\System\UOEufob.exe
  C:\Windows\System\UOEufob.exe
  2⤵
  PID:4588
- C:\Windows\System\jqOQPTs.exe
  C:\Windows\System\jqOQPTs.exe
  2⤵
  PID:4608
- C:\Windows\System\KleAtaD.exe
  C:\Windows\System\KleAtaD.exe
  2⤵
  PID:4624
- C:\Windows\System\YAJRBkx.exe
  C:\Windows\System\YAJRBkx.exe
  2⤵
  PID:4644
- C:\Windows\System\ljyiVIW.exe
  C:\Windows\System\ljyiVIW.exe
  2⤵
  PID:4660
- C:\Windows\System\xcROIIL.exe
  C:\Windows\System\xcROIIL.exe
  2⤵
  PID:4680
- C:\Windows\System\htpUQGl.exe
  C:\Windows\System\htpUQGl.exe
  2⤵
  PID:4700
- C:\Windows\System\ThpbPSK.exe
  C:\Windows\System\ThpbPSK.exe
  2⤵
  PID:4716
- C:\Windows\System\xhsAhqJ.exe
  C:\Windows\System\xhsAhqJ.exe
  2⤵
  PID:4736
- C:\Windows\System\iEEyMMn.exe
  C:\Windows\System\iEEyMMn.exe
  2⤵
  PID:4756
- C:\Windows\System\FtudNom.exe
  C:\Windows\System\FtudNom.exe
  2⤵
  PID:4772
- C:\Windows\System\TNrOhLQ.exe
  C:\Windows\System\TNrOhLQ.exe
  2⤵
  PID:4792
- C:\Windows\System\BGdaVfB.exe
  C:\Windows\System\BGdaVfB.exe
  2⤵
  PID:4808
- C:\Windows\System\cNEqCeH.exe
  C:\Windows\System\cNEqCeH.exe
  2⤵
  PID:4828
- C:\Windows\System\ZsJuISj.exe
  C:\Windows\System\ZsJuISj.exe
  2⤵
  PID:4848
- C:\Windows\System\wvFkEPI.exe
  C:\Windows\System\wvFkEPI.exe
  2⤵
  PID:4872
- C:\Windows\System\oznaDKo.exe
  C:\Windows\System\oznaDKo.exe
  2⤵
  PID:4892
- C:\Windows\System\YcyVZvJ.exe
  C:\Windows\System\YcyVZvJ.exe
  2⤵
  PID:4916
- C:\Windows\System\aJkCxgp.exe
  C:\Windows\System\aJkCxgp.exe
  2⤵
  PID:4940
- C:\Windows\System\IqFvBFx.exe
  C:\Windows\System\IqFvBFx.exe
  2⤵
  PID:4972
- C:\Windows\System\bUgzrMB.exe
  C:\Windows\System\bUgzrMB.exe
  2⤵
  PID:4988
- C:\Windows\System\VllIwjV.exe
  C:\Windows\System\VllIwjV.exe
  2⤵
  PID:5012
- C:\Windows\System\vPqBmeS.exe
  C:\Windows\System\vPqBmeS.exe
  2⤵
  PID:5028
- C:\Windows\System\iefelBj.exe
  C:\Windows\System\iefelBj.exe
  2⤵
  PID:5044
- C:\Windows\System\AizmqWu.exe
  C:\Windows\System\AizmqWu.exe
  2⤵
  PID:5064
- C:\Windows\System\huMzIRm.exe
  C:\Windows\System\huMzIRm.exe
  2⤵
  PID:5080
- C:\Windows\System\mMqDwYL.exe
  C:\Windows\System\mMqDwYL.exe
  2⤵
  PID:5100
- C:\Windows\System\uEpRexE.exe
  C:\Windows\System\uEpRexE.exe
  2⤵
  PID:3428
- C:\Windows\System\wVTybTB.exe
  C:\Windows\System\wVTybTB.exe
  2⤵
  PID:3956
- C:\Windows\System\HFWaLNg.exe
  C:\Windows\System\HFWaLNg.exe
  2⤵
  PID:4140
- C:\Windows\System\oKErfgZ.exe
  C:\Windows\System\oKErfgZ.exe
  2⤵
  PID:4152
- C:\Windows\System\kADDVhM.exe
  C:\Windows\System\kADDVhM.exe
  2⤵
  PID:4128
- C:\Windows\System\QOaVKbc.exe
  C:\Windows\System\QOaVKbc.exe
  2⤵
  PID:4184
- C:\Windows\System\mXEYVah.exe
  C:\Windows\System\mXEYVah.exe
  2⤵
  PID:4236
- C:\Windows\System\MciGwmh.exe
  C:\Windows\System\MciGwmh.exe
  2⤵
  PID:4216
- C:\Windows\System\LMMufqa.exe
  C:\Windows\System\LMMufqa.exe
  2⤵
  PID:4284
- C:\Windows\System\eytrOXg.exe
  C:\Windows\System\eytrOXg.exe
  2⤵
  PID:4256
- C:\Windows\System\aTpzEgE.exe
  C:\Windows\System\aTpzEgE.exe
  2⤵
  PID:4300
- C:\Windows\System\ycTxJuK.exe
  C:\Windows\System\ycTxJuK.exe
  2⤵
  PID:1652
- C:\Windows\System\MVWqRfl.exe
  C:\Windows\System\MVWqRfl.exe
  2⤵
  PID:4404
- C:\Windows\System\cjutkBj.exe
  C:\Windows\System\cjutkBj.exe
  2⤵
  PID:944
- C:\Windows\System\OEUiCKC.exe
  C:\Windows\System\OEUiCKC.exe
  2⤵
  PID:4384
- C:\Windows\System\yuUvgUm.exe
  C:\Windows\System\yuUvgUm.exe
  2⤵
  PID:1488
- C:\Windows\System\xHrycuE.exe
  C:\Windows\System\xHrycuE.exe
  2⤵
  PID:2020
- C:\Windows\System\YEvqWhA.exe
  C:\Windows\System\YEvqWhA.exe
  2⤵
  PID:4460
- C:\Windows\System\cfTGxbB.exe
  C:\Windows\System\cfTGxbB.exe
  2⤵
  PID:2248
- C:\Windows\System\JAsdEcx.exe
  C:\Windows\System\JAsdEcx.exe
  2⤵
  PID:2008
- C:\Windows\System\VRYsUuN.exe
  C:\Windows\System\VRYsUuN.exe
  2⤵
  PID:2748
- C:\Windows\System\qBdURfs.exe
  C:\Windows\System\qBdURfs.exe
  2⤵
  PID:2552
- C:\Windows\System\HbQTlky.exe
  C:\Windows\System\HbQTlky.exe
  2⤵
  PID:4516
- C:\Windows\System\nxLmtVs.exe
  C:\Windows\System\nxLmtVs.exe
  2⤵
  PID:4532
- C:\Windows\System\WIaHgTj.exe
  C:\Windows\System\WIaHgTj.exe
  2⤵
  PID:2192
- C:\Windows\System\AjXbNEZ.exe
  C:\Windows\System\AjXbNEZ.exe
  2⤵
  PID:4560
- C:\Windows\System\aXSGguD.exe
  C:\Windows\System\aXSGguD.exe
  2⤵
  PID:1884
- C:\Windows\System\aRtBSFJ.exe
  C:\Windows\System\aRtBSFJ.exe
  2⤵
  PID:4512
- C:\Windows\System\ftkfpsd.exe
  C:\Windows\System\ftkfpsd.exe
  2⤵
  PID:4600
- C:\Windows\System\qPRrZYA.exe
  C:\Windows\System\qPRrZYA.exe
  2⤵
  PID:4640
- C:\Windows\System\bbFoJEe.exe
  C:\Windows\System\bbFoJEe.exe
  2⤵
  PID:4744
- C:\Windows\System\XZeVggK.exe
  C:\Windows\System\XZeVggK.exe
  2⤵
  PID:4584
- C:\Windows\System\LVOTkgl.exe
  C:\Windows\System\LVOTkgl.exe
  2⤵
  PID:4864
- C:\Windows\System\qYQzlXg.exe
  C:\Windows\System\qYQzlXg.exe
  2⤵
  PID:4912
- C:\Windows\System\tuhgSyy.exe
  C:\Windows\System\tuhgSyy.exe
  2⤵
  PID:4884
- C:\Windows\System\MyXaQuj.exe
  C:\Windows\System\MyXaQuj.exe
  2⤵
  PID:4952
- C:\Windows\System\KQccIOS.exe
  C:\Windows\System\KQccIOS.exe
  2⤵
  PID:4732
- C:\Windows\System\iFzLumH.exe
  C:\Windows\System\iFzLumH.exe
  2⤵
  PID:4888
- C:\Windows\System\zuThgyf.exe
  C:\Windows\System\zuThgyf.exe
  2⤵
  PID:4936
- C:\Windows\System\GqIBGBW.exe
  C:\Windows\System\GqIBGBW.exe
  2⤵
  PID:5008
- C:\Windows\System\DbUFSph.exe
  C:\Windows\System\DbUFSph.exe
  2⤵
  PID:5072
- C:\Windows\System\GwrxRmr.exe
  C:\Windows\System\GwrxRmr.exe
  2⤵
  PID:5060
- C:\Windows\System\kmOPnQc.exe
  C:\Windows\System\kmOPnQc.exe
  2⤵
  PID:5096
- C:\Windows\System\zeJgumD.exe
  C:\Windows\System\zeJgumD.exe
  2⤵
  PID:2652
- C:\Windows\System\pCjhelf.exe
  C:\Windows\System\pCjhelf.exe
  2⤵
  PID:2148
- C:\Windows\System\xERJeYR.exe
  C:\Windows\System\xERJeYR.exe
  2⤵
  PID:4144
- C:\Windows\System\hHncSbX.exe
  C:\Windows\System\hHncSbX.exe
  2⤵
  PID:2992
- C:\Windows\System\xXDPToc.exe
  C:\Windows\System\xXDPToc.exe
  2⤵
  PID:2968
- C:\Windows\System\DvAwZME.exe
  C:\Windows\System\DvAwZME.exe
  2⤵
  PID:4356
- C:\Windows\System\McScUHp.exe
  C:\Windows\System\McScUHp.exe
  2⤵
  PID:4308
- C:\Windows\System\jlcSBdH.exe
  C:\Windows\System\jlcSBdH.exe
  2⤵
  PID:4444
- C:\Windows\System\PwMwTWD.exe
  C:\Windows\System\PwMwTWD.exe
  2⤵
  PID:676
- C:\Windows\System\wSayBEf.exe
  C:\Windows\System\wSayBEf.exe
  2⤵
  PID:4424
- C:\Windows\System\wdwFWrY.exe
  C:\Windows\System\wdwFWrY.exe
  2⤵
  PID:4156
- C:\Windows\System\LbGhceO.exe
  C:\Windows\System\LbGhceO.exe
  2⤵
  PID:2424
- C:\Windows\System\vhseWTI.exe
  C:\Windows\System\vhseWTI.exe
  2⤵
  PID:4456
- C:\Windows\System\brCgGGk.exe
  C:\Windows\System\brCgGGk.exe
  2⤵
  PID:2224
- C:\Windows\System\SDfvPFq.exe
  C:\Windows\System\SDfvPFq.exe
  2⤵
  PID:2064
- C:\Windows\System\GSUFTXw.exe
  C:\Windows\System\GSUFTXw.exe
  2⤵
  PID:4636
- C:\Windows\System\yZvKjLl.exe
  C:\Windows\System\yZvKjLl.exe
  2⤵
  PID:4708
- C:\Windows\System\GmEaCLJ.exe
  C:\Windows\System\GmEaCLJ.exe
  2⤵
  PID:4632
- C:\Windows\System\AVsEenh.exe
  C:\Windows\System\AVsEenh.exe
  2⤵
  PID:4784
- C:\Windows\System\BFEMNRF.exe
  C:\Windows\System\BFEMNRF.exe
  2⤵
  PID:4616
- C:\Windows\System\EiWkvWe.exe
  C:\Windows\System\EiWkvWe.exe
  2⤵
  PID:4900
- C:\Windows\System\mHWBMQj.exe
  C:\Windows\System\mHWBMQj.exe
  2⤵
  PID:4956
- C:\Windows\System\swiYNUR.exe
  C:\Windows\System\swiYNUR.exe
  2⤵
  PID:4800
- C:\Windows\System\cGVeDWe.exe
  C:\Windows\System\cGVeDWe.exe
  2⤵
  PID:4676
- C:\Windows\System\YBJqWHW.exe
  C:\Windows\System\YBJqWHW.exe
  2⤵
  PID:5040
- C:\Windows\System\JVyenFo.exe
  C:\Windows\System\JVyenFo.exe
  2⤵
  PID:4108
- C:\Windows\System\fNDUfWj.exe
  C:\Windows\System\fNDUfWj.exe
  2⤵
  PID:4212
- C:\Windows\System\WXlDsWl.exe
  C:\Windows\System\WXlDsWl.exe
  2⤵
  PID:3320
- C:\Windows\System\VmxSePL.exe
  C:\Windows\System\VmxSePL.exe
  2⤵
  PID:4436
- C:\Windows\System\xpnvFcv.exe
  C:\Windows\System\xpnvFcv.exe
  2⤵
  PID:3528
- C:\Windows\System\CRxttUQ.exe
  C:\Windows\System\CRxttUQ.exe
  2⤵
  PID:1964
- C:\Windows\System\koNdWfJ.exe
  C:\Windows\System\koNdWfJ.exe
  2⤵
  PID:1248
- C:\Windows\System\oZsDkbb.exe
  C:\Windows\System\oZsDkbb.exe
  2⤵
  PID:4724
- C:\Windows\System\iugnBrj.exe
  C:\Windows\System\iugnBrj.exe
  2⤵
  PID:4380
- C:\Windows\System\SlZTJXM.exe
  C:\Windows\System\SlZTJXM.exe
  2⤵
  PID:1320
- C:\Windows\System\YRNFUbm.exe
  C:\Windows\System\YRNFUbm.exe
  2⤵
  PID:2400
- C:\Windows\System\VTVCawV.exe
  C:\Windows\System\VTVCawV.exe
  2⤵
  PID:4596
- C:\Windows\System\qSOkKRI.exe
  C:\Windows\System\qSOkKRI.exe
  2⤵
  PID:4860
- C:\Windows\System\PGEKuGS.exe
  C:\Windows\System\PGEKuGS.exe
  2⤵
  PID:4752
- C:\Windows\System\zQQBeoT.exe
  C:\Windows\System\zQQBeoT.exe
  2⤵
  PID:4928
- C:\Windows\System\puxzump.exe
  C:\Windows\System\puxzump.exe
  2⤵
  PID:5004
- C:\Windows\System\KWYKEaY.exe
  C:\Windows\System\KWYKEaY.exe
  2⤵
  PID:4932
- C:\Windows\System\rMHfSib.exe
  C:\Windows\System\rMHfSib.exe
  2⤵
  PID:4252
- C:\Windows\System\yCUNpEI.exe
  C:\Windows\System\yCUNpEI.exe
  2⤵
  PID:4488
- C:\Windows\System\GdfxsGm.exe
  C:\Windows\System\GdfxsGm.exe
  2⤵
  PID:1612
- C:\Windows\System\MYxJBjr.exe
  C:\Windows\System\MYxJBjr.exe
  2⤵
  PID:4820
- C:\Windows\System\iwBbkUO.exe
  C:\Windows\System\iwBbkUO.exe
  2⤵
  PID:4500
- C:\Windows\System\qfJwoGi.exe
  C:\Windows\System\qfJwoGi.exe
  2⤵
  PID:4652
- C:\Windows\System\wfLEhMl.exe
  C:\Windows\System\wfLEhMl.exe
  2⤵
  PID:2236
- C:\Windows\System\gASdijJ.exe
  C:\Windows\System\gASdijJ.exe
  2⤵
  PID:4768
- C:\Windows\System\JMiGNlt.exe
  C:\Windows\System\JMiGNlt.exe
  2⤵
  PID:3328
- C:\Windows\System\wwXNduN.exe
  C:\Windows\System\wwXNduN.exe
  2⤵
  PID:5112
- C:\Windows\System\FWGcDJy.exe
  C:\Windows\System\FWGcDJy.exe
  2⤵
  PID:4328
- C:\Windows\System\DaVuNJL.exe
  C:\Windows\System\DaVuNJL.exe
  2⤵
  PID:4552
- C:\Windows\System\nrcTllZ.exe
  C:\Windows\System\nrcTllZ.exe
  2⤵
  PID:4804
- C:\Windows\System\YxqnQpG.exe
  C:\Windows\System\YxqnQpG.exe
  2⤵
  PID:4232
- C:\Windows\System\ieXFCTf.exe
  C:\Windows\System\ieXFCTf.exe
  2⤵
  PID:5000
- C:\Windows\System\OLqwdtK.exe
  C:\Windows\System\OLqwdtK.exe
  2⤵
  PID:4696
- C:\Windows\System\rihWFaQ.exe
  C:\Windows\System\rihWFaQ.exe
  2⤵
  PID:1552
- C:\Windows\System\emYHbfY.exe
  C:\Windows\System\emYHbfY.exe
  2⤵
  PID:1784
- C:\Windows\System\xgwEvcz.exe
  C:\Windows\System\xgwEvcz.exe
  2⤵
  PID:5140
- C:\Windows\System\kPbLwqx.exe
  C:\Windows\System\kPbLwqx.exe
  2⤵
  PID:5156
- C:\Windows\System\MIpwLuX.exe
  C:\Windows\System\MIpwLuX.exe
  2⤵
  PID:5172
- C:\Windows\System\xhmepTn.exe
  C:\Windows\System\xhmepTn.exe
  2⤵
  PID:5192
- C:\Windows\System\UbrKdMN.exe
  C:\Windows\System\UbrKdMN.exe
  2⤵
  PID:5224
- C:\Windows\System\raRcSlC.exe
  C:\Windows\System\raRcSlC.exe
  2⤵
  PID:5244
- C:\Windows\System\eiEgMyb.exe
  C:\Windows\System\eiEgMyb.exe
  2⤵
  PID:5260
- C:\Windows\System\hmXzPfn.exe
  C:\Windows\System\hmXzPfn.exe
  2⤵
  PID:5284
- C:\Windows\System\PzkThcD.exe
  C:\Windows\System\PzkThcD.exe
  2⤵
  PID:5304
- C:\Windows\System\RfwyuBi.exe
  C:\Windows\System\RfwyuBi.exe
  2⤵
  PID:5324
- C:\Windows\System\cipCJEc.exe
  C:\Windows\System\cipCJEc.exe
  2⤵
  PID:5340
- C:\Windows\System\HzLHTjM.exe
  C:\Windows\System\HzLHTjM.exe
  2⤵
  PID:5356
- C:\Windows\System\sAPaQky.exe
  C:\Windows\System\sAPaQky.exe
  2⤵
  PID:5388
- C:\Windows\System\YWpNtsy.exe
  C:\Windows\System\YWpNtsy.exe
  2⤵
  PID:5404
- C:\Windows\System\KtYuNMF.exe
  C:\Windows\System\KtYuNMF.exe
  2⤵
  PID:5428
- C:\Windows\System\RRTlZCZ.exe
  C:\Windows\System\RRTlZCZ.exe
  2⤵
  PID:5444
- C:\Windows\System\fzGYTRs.exe
  C:\Windows\System\fzGYTRs.exe
  2⤵
  PID:5472
- C:\Windows\System\QOdMXSk.exe
  C:\Windows\System\QOdMXSk.exe
  2⤵
  PID:5488
- C:\Windows\System\qakkVLK.exe
  C:\Windows\System\qakkVLK.exe
  2⤵
  PID:5508
- C:\Windows\System\KmzEjcP.exe
  C:\Windows\System\KmzEjcP.exe
  2⤵
  PID:5532
- C:\Windows\System\NrKPzne.exe
  C:\Windows\System\NrKPzne.exe
  2⤵
  PID:5548
- C:\Windows\System\ztCmceW.exe
  C:\Windows\System\ztCmceW.exe
  2⤵
  PID:5568
- C:\Windows\System\tkMhfcy.exe
  C:\Windows\System\tkMhfcy.exe
  2⤵
  PID:5592
- C:\Windows\System\dAAGQJf.exe
  C:\Windows\System\dAAGQJf.exe
  2⤵
  PID:5608
- C:\Windows\System\BbpEdvv.exe
  C:\Windows\System\BbpEdvv.exe
  2⤵
  PID:5628
- C:\Windows\System\wpKrvzb.exe
  C:\Windows\System\wpKrvzb.exe
  2⤵
  PID:5648
- C:\Windows\System\NGueezA.exe
  C:\Windows\System\NGueezA.exe
  2⤵
  PID:5668
- C:\Windows\System\EeINQSJ.exe
  C:\Windows\System\EeINQSJ.exe
  2⤵
  PID:5692
- C:\Windows\System\gGDVIfi.exe
  C:\Windows\System\gGDVIfi.exe
  2⤵
  PID:5708
- C:\Windows\System\XPbGPnI.exe
  C:\Windows\System\XPbGPnI.exe
  2⤵
  PID:5728
- C:\Windows\System\FDiuAsX.exe
  C:\Windows\System\FDiuAsX.exe
  2⤵
  PID:5752
- C:\Windows\System\teXvgHs.exe
  C:\Windows\System\teXvgHs.exe
  2⤵
  PID:5772
- C:\Windows\System\ZBgRqvy.exe
  C:\Windows\System\ZBgRqvy.exe
  2⤵
  PID:5788
- C:\Windows\System\kdRerxo.exe
  C:\Windows\System\kdRerxo.exe
  2⤵
  PID:5808
- C:\Windows\System\lnZJCjT.exe
  C:\Windows\System\lnZJCjT.exe
  2⤵
  PID:5828
- C:\Windows\System\IxgmczJ.exe
  C:\Windows\System\IxgmczJ.exe
  2⤵
  PID:5848
- C:\Windows\System\phSrRiS.exe
  C:\Windows\System\phSrRiS.exe
  2⤵
  PID:5864
- C:\Windows\System\gmvQOEU.exe
  C:\Windows\System\gmvQOEU.exe
  2⤵
  PID:5880
- C:\Windows\System\TCAEahO.exe
  C:\Windows\System\TCAEahO.exe
  2⤵
  PID:5912
- C:\Windows\System\eyUTMqR.exe
  C:\Windows\System\eyUTMqR.exe
  2⤵
  PID:5932
- C:\Windows\System\WKFUwYJ.exe
  C:\Windows\System\WKFUwYJ.exe
  2⤵
  PID:5948
- C:\Windows\System\pLUdhoE.exe
  C:\Windows\System\pLUdhoE.exe
  2⤵
  PID:5964
- C:\Windows\System\nsAutQL.exe
  C:\Windows\System\nsAutQL.exe
  2⤵
  PID:5984
- C:\Windows\System\pHhqqcu.exe
  C:\Windows\System\pHhqqcu.exe
  2⤵
  PID:6000
- C:\Windows\System\NXPJGqQ.exe
  C:\Windows\System\NXPJGqQ.exe
  2⤵
  PID:6020
- C:\Windows\System\sERZfwy.exe
  C:\Windows\System\sERZfwy.exe
  2⤵
  PID:6040
- C:\Windows\System\qkJQTZv.exe
  C:\Windows\System\qkJQTZv.exe
  2⤵
  PID:6068
- C:\Windows\System\FlynPxB.exe
  C:\Windows\System\FlynPxB.exe
  2⤵
  PID:6084
- C:\Windows\System\vMYzQaR.exe
  C:\Windows\System\vMYzQaR.exe
  2⤵
  PID:6104
- C:\Windows\System\kuZnWjU.exe
  C:\Windows\System\kuZnWjU.exe
  2⤵
  PID:6128
- C:\Windows\System\TAQwmFG.exe
  C:\Windows\System\TAQwmFG.exe
  2⤵
  PID:2368
- C:\Windows\System\tuzgPrf.exe
  C:\Windows\System\tuzgPrf.exe
  2⤵
  PID:5108
- C:\Windows\System\rEvMRwk.exe
  C:\Windows\System\rEvMRwk.exe
  2⤵
  PID:5152
- C:\Windows\System\VgsFGQA.exe
  C:\Windows\System\VgsFGQA.exe
  2⤵
  PID:5188
- C:\Windows\System\CiFlyqC.exe
  C:\Windows\System\CiFlyqC.exe
  2⤵
  PID:5204
- C:\Windows\System\aFmfHqe.exe
  C:\Windows\System\aFmfHqe.exe
  2⤵
  PID:5236
- C:\Windows\System\EFUKqCy.exe
  C:\Windows\System\EFUKqCy.exe
  2⤵
  PID:5312
- C:\Windows\System\iUiPlJV.exe
  C:\Windows\System\iUiPlJV.exe
  2⤵
  PID:5352
- C:\Windows\System\otUMCla.exe
  C:\Windows\System\otUMCla.exe
  2⤵
  PID:5300
- C:\Windows\System\tdKhDPE.exe
  C:\Windows\System\tdKhDPE.exe
  2⤵
  PID:5336
- C:\Windows\System\EOLcLiH.exe
  C:\Windows\System\EOLcLiH.exe
  2⤵
  PID:5400
- C:\Windows\System\KadAQGh.exe
  C:\Windows\System\KadAQGh.exe
  2⤵
  PID:5416
- C:\Windows\System\ZYKnUnm.exe
  C:\Windows\System\ZYKnUnm.exe
  2⤵
  PID:5440
- C:\Windows\System\eNXJpiN.exe
  C:\Windows\System\eNXJpiN.exe
  2⤵
  PID:5480
- C:\Windows\System\twkPAWM.exe
  C:\Windows\System\twkPAWM.exe
  2⤵
  PID:5524
- C:\Windows\System\KhZgyfo.exe
  C:\Windows\System\KhZgyfo.exe
  2⤵
  PID:5576
- C:\Windows\System\ScdsbUZ.exe
  C:\Windows\System\ScdsbUZ.exe
  2⤵
  PID:5560
- C:\Windows\System\lVxUwaq.exe
  C:\Windows\System\lVxUwaq.exe
  2⤵
  PID:5604
- C:\Windows\System\GrxbjEV.exe
  C:\Windows\System\GrxbjEV.exe
  2⤵
  PID:5640
- C:\Windows\System\xqhLxXd.exe
  C:\Windows\System\xqhLxXd.exe
  2⤵
  PID:5680
- C:\Windows\System\VRqyBka.exe
  C:\Windows\System\VRqyBka.exe
  2⤵
  PID:5716
- C:\Windows\System\dNceSBd.exe
  C:\Windows\System\dNceSBd.exe
  2⤵
  PID:5704
- C:\Windows\System\XkbzDcL.exe
  C:\Windows\System\XkbzDcL.exe
  2⤵
  PID:5780
- C:\Windows\System\RlQOTmJ.exe
  C:\Windows\System\RlQOTmJ.exe
  2⤵
  PID:5844
- C:\Windows\System\IPcgNnX.exe
  C:\Windows\System\IPcgNnX.exe
  2⤵
  PID:5820
- C:\Windows\System\VnVYGZy.exe
  C:\Windows\System\VnVYGZy.exe
  2⤵
  PID:5896
- C:\Windows\System\OUsVsrh.exe
  C:\Windows\System\OUsVsrh.exe
  2⤵
  PID:5924
- C:\Windows\System\AhkYHhI.exe
  C:\Windows\System\AhkYHhI.exe
  2⤵
  PID:6028
- C:\Windows\System\SGHuMUk.exe
  C:\Windows\System\SGHuMUk.exe
  2⤵
  PID:6032
- C:\Windows\System\IsxZIQM.exe
  C:\Windows\System\IsxZIQM.exe
  2⤵
  PID:6064
- C:\Windows\System\JWMxhvW.exe
  C:\Windows\System\JWMxhvW.exe
  2⤵
  PID:6080
- C:\Windows\System\oXgSsiS.exe
  C:\Windows\System\oXgSsiS.exe
  2⤵
  PID:4880
- C:\Windows\System\WIVhuDa.exe
  C:\Windows\System\WIVhuDa.exe
  2⤵
  PID:5148
- C:\Windows\System\oTsRWbM.exe
  C:\Windows\System\oTsRWbM.exe
  2⤵
  PID:5168
- C:\Windows\System\LUeVcgr.exe
  C:\Windows\System\LUeVcgr.exe
  2⤵
  PID:1872
- C:\Windows\System\dYFkEgC.exe
  C:\Windows\System\dYFkEgC.exe
  2⤵
  PID:5272
- C:\Windows\System\luvNndg.exe
  C:\Windows\System\luvNndg.exe
  2⤵
  PID:5348
- C:\Windows\System\lCBRqcB.exe
  C:\Windows\System\lCBRqcB.exe
  2⤵
  PID:5468
- C:\Windows\System\zEXzwrk.exe
  C:\Windows\System\zEXzwrk.exe
  2⤵
  PID:5376
- C:\Windows\System\jUCnNdt.exe
  C:\Windows\System\jUCnNdt.exe
  2⤵
  PID:5584
- C:\Windows\System\yovthDm.exe
  C:\Windows\System\yovthDm.exe
  2⤵
  PID:5656
- C:\Windows\System\KDhmhKu.exe
  C:\Windows\System\KDhmhKu.exe
  2⤵
  PID:5600
- C:\Windows\System\IEjhsYF.exe
  C:\Windows\System\IEjhsYF.exe
  2⤵
  PID:5660
- C:\Windows\System\tTxjxGO.exe
  C:\Windows\System\tTxjxGO.exe
  2⤵
  PID:5744
- C:\Windows\System\UhBHxeo.exe
  C:\Windows\System\UhBHxeo.exe
  2⤵
  PID:5796
- C:\Windows\System\RpikeHz.exe
  C:\Windows\System\RpikeHz.exe
  2⤵
  PID:5824
- C:\Windows\System\GaJaJvi.exe
  C:\Windows\System\GaJaJvi.exe
  2⤵
  PID:5856
- C:\Windows\System\KmXZhRP.exe
  C:\Windows\System\KmXZhRP.exe
  2⤵
  PID:5892
- C:\Windows\System\NxTdNUe.exe
  C:\Windows\System\NxTdNUe.exe
  2⤵
  PID:5944
- C:\Windows\System\PxTpLZJ.exe
  C:\Windows\System\PxTpLZJ.exe
  2⤵
  PID:6056
- C:\Windows\System\rpBbAyU.exe
  C:\Windows\System\rpBbAyU.exe
  2⤵
  PID:6092
- C:\Windows\System\GCvhmfM.exe
  C:\Windows\System\GCvhmfM.exe
  2⤵
  PID:6124
- C:\Windows\System\pPSrQmx.exe
  C:\Windows\System\pPSrQmx.exe
  2⤵
  PID:6140
- C:\Windows\System\oeQPmDb.exe
  C:\Windows\System\oeQPmDb.exe
  2⤵
  PID:5232
- C:\Windows\System\RSIkSIN.exe
  C:\Windows\System\RSIkSIN.exe
  2⤵
  PID:5320
- C:\Windows\System\aFlkvPW.exe
  C:\Windows\System\aFlkvPW.exe
  2⤵
  PID:5092
- C:\Windows\System\MVkDVET.exe
  C:\Windows\System\MVkDVET.exe
  2⤵
  PID:5436
- C:\Windows\System\IbQCLwD.exe
  C:\Windows\System\IbQCLwD.exe
  2⤵
  PID:5520
- C:\Windows\System\xlLkBou.exe
  C:\Windows\System\xlLkBou.exe
  2⤵
  PID:5740
- C:\Windows\System\aQrFAcH.exe
  C:\Windows\System\aQrFAcH.exe
  2⤵
  PID:5920
- C:\Windows\System\rPxzoDw.exe
  C:\Windows\System\rPxzoDw.exe
  2⤵
  PID:6060
- C:\Windows\System\kHguPjV.exe
  C:\Windows\System\kHguPjV.exe
  2⤵
  PID:5764
- C:\Windows\System\iIfPDud.exe
  C:\Windows\System\iIfPDud.exe
  2⤵
  PID:5976
- C:\Windows\System\nRrKfmm.exe
  C:\Windows\System\nRrKfmm.exe
  2⤵
  PID:5956
- C:\Windows\System\NAIZtAd.exe
  C:\Windows\System\NAIZtAd.exe
  2⤵
  PID:5216
- C:\Windows\System\CJNbHSU.exe
  C:\Windows\System\CJNbHSU.exe
  2⤵
  PID:5132
- C:\Windows\System\CtnUcqa.exe
  C:\Windows\System\CtnUcqa.exe
  2⤵
  PID:5504
- C:\Windows\System\qnYkPCC.exe
  C:\Windows\System\qnYkPCC.exe
  2⤵
  PID:5700
- C:\Windows\System\JfMaGOZ.exe
  C:\Windows\System\JfMaGOZ.exe
  2⤵
  PID:5900
- C:\Windows\System\hdWOUXn.exe
  C:\Windows\System\hdWOUXn.exe
  2⤵
  PID:5996
- C:\Windows\System\udSeZPx.exe
  C:\Windows\System\udSeZPx.exe
  2⤵
  PID:5960
- C:\Windows\System\rsPraah.exe
  C:\Windows\System\rsPraah.exe
  2⤵
  PID:6136
- C:\Windows\System\VLFFPWy.exe
  C:\Windows\System\VLFFPWy.exe
  2⤵
  PID:5464
- C:\Windows\System\kHSJiRn.exe
  C:\Windows\System\kHSJiRn.exe
  2⤵
  PID:5588
- C:\Windows\System\GVNQfSq.exe
  C:\Windows\System\GVNQfSq.exe
  2⤵
  PID:6012
- C:\Windows\System\qZmdWYD.exe
  C:\Windows\System\qZmdWYD.exe
  2⤵
  PID:5940
- C:\Windows\System\ezrvDXW.exe
  C:\Windows\System\ezrvDXW.exe
  2⤵
  PID:5664
- C:\Windows\System\CETsYah.exe
  C:\Windows\System\CETsYah.exe
  2⤵
  PID:1576
- C:\Windows\System\MqzfdLS.exe
  C:\Windows\System\MqzfdLS.exe
  2⤵
  PID:5384
- C:\Windows\System\HlyQMID.exe
  C:\Windows\System\HlyQMID.exe
  2⤵
  PID:5368
- C:\Windows\System\skdIVfz.exe
  C:\Windows\System\skdIVfz.exe
  2⤵
  PID:6152
- C:\Windows\System\ufXNixv.exe
  C:\Windows\System\ufXNixv.exe
  2⤵
  PID:6180
- C:\Windows\System\kDJyYxF.exe
  C:\Windows\System\kDJyYxF.exe
  2⤵
  PID:6200
- C:\Windows\System\LSOLyLT.exe
  C:\Windows\System\LSOLyLT.exe
  2⤵
  PID:6224
- C:\Windows\System\jhczCFO.exe
  C:\Windows\System\jhczCFO.exe
  2⤵
  PID:6240
- C:\Windows\System\NjSeLxX.exe
  C:\Windows\System\NjSeLxX.exe
  2⤵
  PID:6260
- C:\Windows\System\FjiAloM.exe
  C:\Windows\System\FjiAloM.exe
  2⤵
  PID:6284
- C:\Windows\System\gozkTCp.exe
  C:\Windows\System\gozkTCp.exe
  2⤵
  PID:6300
- C:\Windows\System\ZElIuUs.exe
  C:\Windows\System\ZElIuUs.exe
  2⤵
  PID:6320
- C:\Windows\System\BcyHRDl.exe
  C:\Windows\System\BcyHRDl.exe
  2⤵
  PID:6344
- C:\Windows\System\NfmMmHa.exe
  C:\Windows\System\NfmMmHa.exe
  2⤵
  PID:6360
- C:\Windows\System\jfBMzHR.exe
  C:\Windows\System\jfBMzHR.exe
  2⤵
  PID:6384
- C:\Windows\System\MxdVPkE.exe
  C:\Windows\System\MxdVPkE.exe
  2⤵
  PID:6400
- C:\Windows\System\PpQaVPh.exe
  C:\Windows\System\PpQaVPh.exe
  2⤵
  PID:6416
- C:\Windows\System\ybAICZl.exe
  C:\Windows\System\ybAICZl.exe
  2⤵
  PID:6432
- C:\Windows\System\hpCjJNI.exe
  C:\Windows\System\hpCjJNI.exe
  2⤵
  PID:6448
- C:\Windows\System\SRwGcVN.exe
  C:\Windows\System\SRwGcVN.exe
  2⤵
  PID:6468
- C:\Windows\System\EttWefW.exe
  C:\Windows\System\EttWefW.exe
  2⤵
  PID:6488
- C:\Windows\System\StbYwyu.exe
  C:\Windows\System\StbYwyu.exe
  2⤵
  PID:6516
- C:\Windows\System\unluzTe.exe
  C:\Windows\System\unluzTe.exe
  2⤵
  PID:6532
- C:\Windows\System\cxRnvVL.exe
  C:\Windows\System\cxRnvVL.exe
  2⤵
  PID:6548
- C:\Windows\System\xQMERAB.exe
  C:\Windows\System\xQMERAB.exe
  2⤵
  PID:6568
- C:\Windows\System\IEdFncz.exe
  C:\Windows\System\IEdFncz.exe
  2⤵
  PID:6608
- C:\Windows\System\RNovMzT.exe
  C:\Windows\System\RNovMzT.exe
  2⤵
  PID:6624
- C:\Windows\System\kqhsKlY.exe
  C:\Windows\System\kqhsKlY.exe
  2⤵
  PID:6644
- C:\Windows\System\GlOyCur.exe
  C:\Windows\System\GlOyCur.exe
  2⤵
  PID:6668
- C:\Windows\System\sZzeKHE.exe
  C:\Windows\System\sZzeKHE.exe
  2⤵
  PID:6684
- C:\Windows\System\fcIgqzA.exe
  C:\Windows\System\fcIgqzA.exe
  2⤵
  PID:6708
- C:\Windows\System\CWXfGse.exe
  C:\Windows\System\CWXfGse.exe
  2⤵
  PID:6724
- C:\Windows\System\lIytPAU.exe
  C:\Windows\System\lIytPAU.exe
  2⤵
  PID:6740
- C:\Windows\System\WouWUfb.exe
  C:\Windows\System\WouWUfb.exe
  2⤵
  PID:6760
- C:\Windows\System\ScTlDWP.exe
  C:\Windows\System\ScTlDWP.exe
  2⤵
  PID:6780
- C:\Windows\System\lWaOaKX.exe
  C:\Windows\System\lWaOaKX.exe
  2⤵
  PID:6808
- C:\Windows\System\LywbusC.exe
  C:\Windows\System\LywbusC.exe
  2⤵
  PID:6824
- C:\Windows\System\RhpgpcJ.exe
  C:\Windows\System\RhpgpcJ.exe
  2⤵
  PID:6840
- C:\Windows\System\lixHsfg.exe
  C:\Windows\System\lixHsfg.exe
  2⤵
  PID:6856
- C:\Windows\System\yfApNrW.exe
  C:\Windows\System\yfApNrW.exe
  2⤵
  PID:6872
- C:\Windows\System\SeorWek.exe
  C:\Windows\System\SeorWek.exe
  2⤵
  PID:6896
- C:\Windows\System\KsuDoHL.exe
  C:\Windows\System\KsuDoHL.exe
  2⤵
  PID:6912
- C:\Windows\System\WdlSagc.exe
  C:\Windows\System\WdlSagc.exe
  2⤵
  PID:6940
- C:\Windows\System\oVhVwdK.exe
  C:\Windows\System\oVhVwdK.exe
  2⤵
  PID:6956
- C:\Windows\System\yhbUEkt.exe
  C:\Windows\System\yhbUEkt.exe
  2⤵
  PID:6976
- C:\Windows\System\NeDEOcL.exe
  C:\Windows\System\NeDEOcL.exe
  2⤵
  PID:7000
- C:\Windows\System\oByuLxE.exe
  C:\Windows\System\oByuLxE.exe
  2⤵
  PID:7024
- C:\Windows\System\avFpuIT.exe
  C:\Windows\System\avFpuIT.exe
  2⤵
  PID:7044
- C:\Windows\System\KoEedQF.exe
  C:\Windows\System\KoEedQF.exe
  2⤵
  PID:7060
- C:\Windows\System\HuBWala.exe
  C:\Windows\System\HuBWala.exe
  2⤵
  PID:7076
- C:\Windows\System\bCYNAdl.exe
  C:\Windows\System\bCYNAdl.exe
  2⤵
  PID:7096
- C:\Windows\System\nvJTHAs.exe
  C:\Windows\System\nvJTHAs.exe
  2⤵
  PID:7112
- C:\Windows\System\FXVdziP.exe
  C:\Windows\System\FXVdziP.exe
  2⤵
  PID:7132
- C:\Windows\System\NWBRopX.exe
  C:\Windows\System\NWBRopX.exe
  2⤵
  PID:7148
- C:\Windows\System\jxFRLaj.exe
  C:\Windows\System\jxFRLaj.exe
  2⤵
  PID:6160
- C:\Windows\System\qNulLSg.exe
  C:\Windows\System\qNulLSg.exe
  2⤵
  PID:6148
- C:\Windows\System\bhLFumH.exe
  C:\Windows\System\bhLFumH.exe
  2⤵
  PID:6208
- C:\Windows\System\CwDlwLA.exe
  C:\Windows\System\CwDlwLA.exe
  2⤵
  PID:6248
- C:\Windows\System\iiXOLia.exe
  C:\Windows\System\iiXOLia.exe
  2⤵
  PID:6276
- C:\Windows\System\SxICpBF.exe
  C:\Windows\System\SxICpBF.exe
  2⤵
  PID:6332
- C:\Windows\System\xeEoZir.exe
  C:\Windows\System\xeEoZir.exe
  2⤵
  PID:6316
- C:\Windows\System\RscBgIs.exe
  C:\Windows\System\RscBgIs.exe
  2⤵
  PID:6380
- C:\Windows\System\eboLBAM.exe
  C:\Windows\System\eboLBAM.exe
  2⤵
  PID:6476
- C:\Windows\System\EVSKqyK.exe
  C:\Windows\System\EVSKqyK.exe
  2⤵
  PID:6524
- C:\Windows\System\mCEoKAE.exe
  C:\Windows\System\mCEoKAE.exe
  2⤵
  PID:6564
- C:\Windows\System\ltRrWJi.exe
  C:\Windows\System\ltRrWJi.exe
  2⤵
  PID:6504
- C:\Windows\System\qjSeeYP.exe
  C:\Windows\System\qjSeeYP.exe
  2⤵
  PID:6508
- C:\Windows\System\uUKKBMA.exe
  C:\Windows\System\uUKKBMA.exe
  2⤵
  PID:6588
- C:\Windows\System\CHwsZXt.exe
  C:\Windows\System\CHwsZXt.exe
  2⤵
  PID:6596
- C:\Windows\System\OnCxiAM.exe
  C:\Windows\System\OnCxiAM.exe
  2⤵
  PID:6632
- C:\Windows\System\mekbZwj.exe
  C:\Windows\System\mekbZwj.exe
  2⤵
  PID:6636
- C:\Windows\System\DUZKQKz.exe
  C:\Windows\System\DUZKQKz.exe
  2⤵
  PID:6692
- C:\Windows\System\iIqmCyk.exe
  C:\Windows\System\iIqmCyk.exe
  2⤵
  PID:6700
- C:\Windows\System\JUPJbbH.exe
  C:\Windows\System\JUPJbbH.exe
  2⤵
  PID:6788
- C:\Windows\System\MlklMim.exe
  C:\Windows\System\MlklMim.exe
  2⤵
  PID:6756
- C:\Windows\System\VpbAWCZ.exe
  C:\Windows\System\VpbAWCZ.exe
  2⤵
  PID:6864
- C:\Windows\System\gzKJANd.exe
  C:\Windows\System\gzKJANd.exe
  2⤵
  PID:6852
- C:\Windows\System\XpKIlKX.exe
  C:\Windows\System\XpKIlKX.exe
  2⤵
  PID:6820
- C:\Windows\System\YdPJtXJ.exe
  C:\Windows\System\YdPJtXJ.exe
  2⤵
  PID:6904
- C:\Windows\System\humTPwx.exe
  C:\Windows\System\humTPwx.exe
  2⤵
  PID:6936
- C:\Windows\System\CPMMwhO.exe
  C:\Windows\System\CPMMwhO.exe
  2⤵
  PID:6952
- C:\Windows\System\gRwCTOR.exe
  C:\Windows\System\gRwCTOR.exe
  2⤵
  PID:7012
- C:\Windows\System\pBSbKsI.exe
  C:\Windows\System\pBSbKsI.exe
  2⤵
  PID:7056
- C:\Windows\System\yGIwpgf.exe
  C:\Windows\System\yGIwpgf.exe
  2⤵
  PID:7128
- C:\Windows\System\quFQeWp.exe
  C:\Windows\System\quFQeWp.exe
  2⤵
  PID:7072
- C:\Windows\System\tBlLyHV.exe
  C:\Windows\System\tBlLyHV.exe
  2⤵
  PID:6112
- C:\Windows\System\LtWEjXN.exe
  C:\Windows\System\LtWEjXN.exe
  2⤵
  PID:6192
- C:\Windows\System\cqPokFU.exe
  C:\Windows\System\cqPokFU.exe
  2⤵
  PID:6236
- C:\Windows\System\FKHHDqV.exe
  C:\Windows\System\FKHHDqV.exe
  2⤵
  PID:6292
- C:\Windows\System\nZlljwT.exe
  C:\Windows\System\nZlljwT.exe
  2⤵
  PID:6440
- C:\Windows\System\lXeMXJn.exe
  C:\Windows\System\lXeMXJn.exe
  2⤵
  PID:6484
- C:\Windows\System\pgEsyBA.exe
  C:\Windows\System\pgEsyBA.exe
  2⤵
  PID:6460
- C:\Windows\System\IFepvJR.exe
  C:\Windows\System\IFepvJR.exe
  2⤵
  PID:6600
- C:\Windows\System\ctlnDgV.exe
  C:\Windows\System\ctlnDgV.exe
  2⤵
  PID:6748
- C:\Windows\System\NMQiNus.exe
  C:\Windows\System\NMQiNus.exe
  2⤵
  PID:6836
- C:\Windows\System\aAoNnKR.exe
  C:\Windows\System\aAoNnKR.exe
  2⤵
  PID:6616
- C:\Windows\System\pKgflqt.exe
  C:\Windows\System\pKgflqt.exe
  2⤵
  PID:6888
- C:\Windows\System\kYlFsGx.exe
  C:\Windows\System\kYlFsGx.exe
  2⤵
  PID:6932
- C:\Windows\System\YpLVdCk.exe
  C:\Windows\System\YpLVdCk.exe
  2⤵
  PID:7032
- C:\Windows\System\VMuDFxQ.exe
  C:\Windows\System\VMuDFxQ.exe
  2⤵
  PID:7140
- C:\Windows\System\KQhsAmg.exe
  C:\Windows\System\KQhsAmg.exe
  2⤵
  PID:5128
- C:\Windows\System\bYXNpUC.exe
  C:\Windows\System\bYXNpUC.exe
  2⤵
  PID:6232
- C:\Windows\System\HZLqJly.exe
  C:\Windows\System\HZLqJly.exe
  2⤵
  PID:7144
- C:\Windows\System\NcUWrcz.exe
  C:\Windows\System\NcUWrcz.exe
  2⤵
  PID:7068
- C:\Windows\System\gKaUQGd.exe
  C:\Windows\System\gKaUQGd.exe
  2⤵
  PID:6372
- C:\Windows\System\pbvxWmm.exe
  C:\Windows\System\pbvxWmm.exe
  2⤵
  PID:6172
- C:\Windows\System\DjAaFOo.exe
  C:\Windows\System\DjAaFOo.exe
  2⤵
  PID:6424
- C:\Windows\System\YqnzhNB.exe
  C:\Windows\System\YqnzhNB.exe
  2⤵
  PID:6464
- C:\Windows\System\NdNRxjn.exe
  C:\Windows\System\NdNRxjn.exe
  2⤵
  PID:6720
- C:\Windows\System\huxUsFf.exe
  C:\Windows\System\huxUsFf.exe
  2⤵
  PID:6560
- C:\Windows\System\mxXLEMv.exe
  C:\Windows\System\mxXLEMv.exe
  2⤵
  PID:6880
- C:\Windows\System\nQwGnOq.exe
  C:\Windows\System\nQwGnOq.exe
  2⤵
  PID:6620
- C:\Windows\System\yBpOVif.exe
  C:\Windows\System\yBpOVif.exe
  2⤵
  PID:6924
- C:\Windows\System\rRKzGst.exe
  C:\Windows\System\rRKzGst.exe
  2⤵
  PID:7020
- C:\Windows\System\CFZqBMh.exe
  C:\Windows\System\CFZqBMh.exe
  2⤵
  PID:6984
- C:\Windows\System\imvyniR.exe
  C:\Windows\System\imvyniR.exe
  2⤵
  PID:7036
- C:\Windows\System\OKohWAq.exe
  C:\Windows\System\OKohWAq.exe
  2⤵
  PID:6336
- C:\Windows\System\gqriTKk.exe
  C:\Windows\System\gqriTKk.exe
  2⤵
  PID:6368
- C:\Windows\System\hrSRELr.exe
  C:\Windows\System\hrSRELr.exe
  2⤵
  PID:6164
- C:\Windows\System\lkXwzZF.exe
  C:\Windows\System\lkXwzZF.exe
  2⤵
  PID:2256
- C:\Windows\System\VwxRjDm.exe
  C:\Windows\System\VwxRjDm.exe
  2⤵
  PID:6948
- C:\Windows\System\gfbaLOo.exe
  C:\Windows\System\gfbaLOo.exe
  2⤵
  PID:2140
- C:\Windows\System\fVGjIZM.exe
  C:\Windows\System\fVGjIZM.exe
  2⤵
  PID:6848
- C:\Windows\System\ACwFRxL.exe
  C:\Windows\System\ACwFRxL.exe
  2⤵
  PID:2336
- C:\Windows\System\EDaWYnE.exe
  C:\Windows\System\EDaWYnE.exe
  2⤵
  PID:6996
- C:\Windows\System\LaIqbjc.exe
  C:\Windows\System\LaIqbjc.exe
  2⤵
  PID:7120
- C:\Windows\System\GhiNDdR.exe
  C:\Windows\System\GhiNDdR.exe
  2⤵
  PID:6804
- C:\Windows\System\FEZDFWY.exe
  C:\Windows\System\FEZDFWY.exe
  2⤵
  PID:6736
- C:\Windows\System\ecSgVPj.exe
  C:\Windows\System\ecSgVPj.exe
  2⤵
  PID:6480
- C:\Windows\System\cuCZUKf.exe
  C:\Windows\System\cuCZUKf.exe
  2⤵
  PID:7124
- C:\Windows\System\bSFOkLN.exe
  C:\Windows\System\bSFOkLN.exe
  2⤵
  PID:7088
- C:\Windows\System\sihzLGV.exe
  C:\Windows\System\sihzLGV.exe
  2⤵
  PID:6268
- C:\Windows\System\vBQaoJM.exe
  C:\Windows\System\vBQaoJM.exe
  2⤵
  PID:5280
- C:\Windows\System\sOERGoy.exe
  C:\Windows\System\sOERGoy.exe
  2⤵
  PID:6652
- C:\Windows\System\AlTcefT.exe
  C:\Windows\System\AlTcefT.exe
  2⤵
  PID:6732
- C:\Windows\System\tjJIeSZ.exe
  C:\Windows\System\tjJIeSZ.exe
  2⤵
  PID:7172
- C:\Windows\System\yiuETtb.exe
  C:\Windows\System\yiuETtb.exe
  2⤵
  PID:7188
- C:\Windows\System\HCgMJZu.exe
  C:\Windows\System\HCgMJZu.exe
  2⤵
  PID:7212
- C:\Windows\System\TfFBRNF.exe
  C:\Windows\System\TfFBRNF.exe
  2⤵
  PID:7228
- C:\Windows\System\theYsmN.exe
  C:\Windows\System\theYsmN.exe
  2⤵
  PID:7252
- C:\Windows\System\NviunKn.exe
  C:\Windows\System\NviunKn.exe
  2⤵
  PID:7272
- C:\Windows\System\RUiYvFz.exe
  C:\Windows\System\RUiYvFz.exe
  2⤵
  PID:7292
- C:\Windows\System\sruXVxg.exe
  C:\Windows\System\sruXVxg.exe
  2⤵
  PID:7308
- C:\Windows\System\LQXbqLr.exe
  C:\Windows\System\LQXbqLr.exe
  2⤵
  PID:7328
- C:\Windows\System\lcCGNrq.exe
  C:\Windows\System\lcCGNrq.exe
  2⤵
  PID:7348
- C:\Windows\System\EFXnxLK.exe
  C:\Windows\System\EFXnxLK.exe
  2⤵
  PID:7368
- C:\Windows\System\ePLyLLw.exe
  C:\Windows\System\ePLyLLw.exe
  2⤵
  PID:7384
- C:\Windows\System\yDELQVY.exe
  C:\Windows\System\yDELQVY.exe
  2⤵
  PID:7400
- C:\Windows\System\CfoKJxm.exe
  C:\Windows\System\CfoKJxm.exe
  2⤵
  PID:7416
- C:\Windows\System\IdUzpYn.exe
  C:\Windows\System\IdUzpYn.exe
  2⤵
  PID:7436
- C:\Windows\System\FnJkGyi.exe
  C:\Windows\System\FnJkGyi.exe
  2⤵
  PID:7468
- C:\Windows\System\OMvExUV.exe
  C:\Windows\System\OMvExUV.exe
  2⤵
  PID:7484
- C:\Windows\System\iTsDHJj.exe
  C:\Windows\System\iTsDHJj.exe
  2⤵
  PID:7512
- C:\Windows\System\kzlciPI.exe
  C:\Windows\System\kzlciPI.exe
  2⤵
  PID:7540
- C:\Windows\System\wHmFmWX.exe
  C:\Windows\System\wHmFmWX.exe
  2⤵
  PID:7556
- C:\Windows\System\zBsJTGk.exe
  C:\Windows\System\zBsJTGk.exe
  2⤵
  PID:7572
- C:\Windows\System\EHxCEEV.exe
  C:\Windows\System\EHxCEEV.exe
  2⤵
  PID:7592
- C:\Windows\System\xefMtiS.exe
  C:\Windows\System\xefMtiS.exe
  2⤵
  PID:7608
- C:\Windows\System\gAyJNGg.exe
  C:\Windows\System\gAyJNGg.exe
  2⤵
  PID:7628
- C:\Windows\System\Acltlvp.exe
  C:\Windows\System\Acltlvp.exe
  2⤵
  PID:7648
- C:\Windows\System\RweeOzF.exe
  C:\Windows\System\RweeOzF.exe
  2⤵
  PID:7664
- C:\Windows\System\oaImHgE.exe
  C:\Windows\System\oaImHgE.exe
  2⤵
  PID:7684
- C:\Windows\System\MbSbfBW.exe
  C:\Windows\System\MbSbfBW.exe
  2⤵
  PID:7704
- C:\Windows\System\Gwrpnij.exe
  C:\Windows\System\Gwrpnij.exe
  2⤵
  PID:7720
- C:\Windows\System\DApPfvg.exe
  C:\Windows\System\DApPfvg.exe
  2⤵
  PID:7736
- C:\Windows\System\FjpPypq.exe
  C:\Windows\System\FjpPypq.exe
  2⤵
  PID:7756
- C:\Windows\System\CMrtvRH.exe
  C:\Windows\System\CMrtvRH.exe
  2⤵
  PID:7772
- C:\Windows\System\SzzZEAS.exe
  C:\Windows\System\SzzZEAS.exe
  2⤵
  PID:7820
- C:\Windows\System\fVhdEfs.exe
  C:\Windows\System\fVhdEfs.exe
  2⤵
  PID:7840
- C:\Windows\System\PwzVMYf.exe
  C:\Windows\System\PwzVMYf.exe
  2⤵
  PID:7856
- C:\Windows\System\TCbOwrV.exe
  C:\Windows\System\TCbOwrV.exe
  2⤵
  PID:7884
- C:\Windows\System\NGvqgJa.exe
  C:\Windows\System\NGvqgJa.exe
  2⤵
  PID:7904
- C:\Windows\System\nKSRyWf.exe
  C:\Windows\System\nKSRyWf.exe
  2⤵
  PID:7920
- C:\Windows\System\WqsJVwK.exe
  C:\Windows\System\WqsJVwK.exe
  2⤵
  PID:7944
- C:\Windows\System\EEAZPVS.exe
  C:\Windows\System\EEAZPVS.exe
  2⤵
  PID:7964
- C:\Windows\System\nLmBcTn.exe
  C:\Windows\System\nLmBcTn.exe
  2⤵
  PID:7980
- C:\Windows\System\NWPqnKk.exe
  C:\Windows\System\NWPqnKk.exe
  2⤵
  PID:8000
- C:\Windows\System\UmDLBfY.exe
  C:\Windows\System\UmDLBfY.exe
  2⤵
  PID:8016
- C:\Windows\System\LFMWfzG.exe
  C:\Windows\System\LFMWfzG.exe
  2⤵
  PID:8052
- C:\Windows\System\UNjBNia.exe
  C:\Windows\System\UNjBNia.exe
  2⤵
  PID:8068
- C:\Windows\System\myTQCzn.exe
  C:\Windows\System\myTQCzn.exe
  2⤵
  PID:8092
- C:\Windows\System\DSLtYhP.exe
  C:\Windows\System\DSLtYhP.exe
  2⤵
  PID:8112
- C:\Windows\System\WxhTkOi.exe
  C:\Windows\System\WxhTkOi.exe
  2⤵
  PID:8140
- C:\Windows\System\rNHNwdL.exe
  C:\Windows\System\rNHNwdL.exe
  2⤵
  PID:8156
- C:\Windows\System\MbsmuxY.exe
  C:\Windows\System\MbsmuxY.exe
  2⤵
  PID:8176
- C:\Windows\System\MVmyrGK.exe
  C:\Windows\System\MVmyrGK.exe
  2⤵
  PID:2600
- C:\Windows\System\adFTlUT.exe
  C:\Windows\System\adFTlUT.exe
  2⤵
  PID:7224
- C:\Windows\System\lDVEIXM.exe
  C:\Windows\System\lDVEIXM.exe
  2⤵
  PID:7200
- C:\Windows\System\hyGHrAe.exe
  C:\Windows\System\hyGHrAe.exe
  2⤵
  PID:7300
- C:\Windows\System\xMtkBIx.exe
  C:\Windows\System\xMtkBIx.exe
  2⤵
  PID:7380
- C:\Windows\System\KXaAXEk.exe
  C:\Windows\System\KXaAXEk.exe
  2⤵
  PID:7444
- C:\Windows\System\AgLfBhn.exe
  C:\Windows\System\AgLfBhn.exe
  2⤵
  PID:7492
- C:\Windows\System\KmlhnAs.exe
  C:\Windows\System\KmlhnAs.exe
  2⤵
  PID:7360
- C:\Windows\System\JIeRuKd.exe
  C:\Windows\System\JIeRuKd.exe
  2⤵
  PID:7324
- C:\Windows\System\TfsmLrP.exe
  C:\Windows\System\TfsmLrP.exe
  2⤵
  PID:7428
- C:\Windows\System\GdxKICw.exe
  C:\Windows\System\GdxKICw.exe
  2⤵
  PID:7500
- C:\Windows\System\vMrrbak.exe
  C:\Windows\System\vMrrbak.exe
  2⤵
  PID:7580
- C:\Windows\System\iBDVtGA.exe
  C:\Windows\System\iBDVtGA.exe
  2⤵
  PID:7656
- C:\Windows\System\DwjiOzy.exe
  C:\Windows\System\DwjiOzy.exe
  2⤵
  PID:7732
- C:\Windows\System\pNABjSo.exe
  C:\Windows\System\pNABjSo.exe
  2⤵
  PID:7564
- C:\Windows\System\PvcFeJO.exe
  C:\Windows\System\PvcFeJO.exe
  2⤵
  PID:7640
- C:\Windows\System\syQmLjz.exe
  C:\Windows\System\syQmLjz.exe
  2⤵
  PID:7828
- C:\Windows\System\kkVwOMc.exe
  C:\Windows\System\kkVwOMc.exe
  2⤵
  PID:7804
- C:\Windows\System\qBOtIXA.exe
  C:\Windows\System\qBOtIXA.exe
  2⤵
  PID:7868
- C:\Windows\System\UBQBfaB.exe
  C:\Windows\System\UBQBfaB.exe
  2⤵
  PID:7848
- C:\Windows\System\UCPaPzl.exe
  C:\Windows\System\UCPaPzl.exe
  2⤵
  PID:7892
- C:\Windows\System\MZOhjUG.exe
  C:\Windows\System\MZOhjUG.exe
  2⤵
  PID:7956
- C:\Windows\System\HAilWGG.exe
  C:\Windows\System\HAilWGG.exe
  2⤵
  PID:7992
- C:\Windows\System\QNIeoYR.exe
  C:\Windows\System\QNIeoYR.exe
  2⤵
  PID:8032
- C:\Windows\System\bfpufLE.exe
  C:\Windows\System\bfpufLE.exe
  2⤵
  PID:7464
- C:\Windows\System\qGmHpdG.exe
  C:\Windows\System\qGmHpdG.exe
  2⤵
  PID:8084
- C:\Windows\System\mcqbRgI.exe
  C:\Windows\System\mcqbRgI.exe
  2⤵
  PID:8064
- C:\Windows\System\QPGyVPX.exe
  C:\Windows\System\QPGyVPX.exe
  2⤵
  PID:8108
- C:\Windows\System\MxIbvgA.exe
  C:\Windows\System\MxIbvgA.exe
  2⤵
  PID:8164
- C:\Windows\System\qNUQjCb.exe
  C:\Windows\System\qNUQjCb.exe
  2⤵
  PID:8148
- C:\Windows\System\jwjmyLw.exe
  C:\Windows\System\jwjmyLw.exe
  2⤵
  PID:7180
- C:\Windows\System\WIWckOR.exe
  C:\Windows\System\WIWckOR.exe
  2⤵
  PID:7240
- C:\Windows\System\HIwdhqe.exe
  C:\Windows\System\HIwdhqe.exe
  2⤵
  PID:7412
- C:\Windows\System\cwCYBDN.exe
  C:\Windows\System\cwCYBDN.exe
  2⤵
  PID:7376
- C:\Windows\System\QBZuHJL.exe
  C:\Windows\System\QBZuHJL.exe
  2⤵
  PID:7288
- C:\Windows\System\vHQJZzu.exe
  C:\Windows\System\vHQJZzu.exe
  2⤵
  PID:7320
- C:\Windows\System\ZqPXOOR.exe
  C:\Windows\System\ZqPXOOR.exe
  2⤵
  PID:7356
- C:\Windows\System\mPsEAEf.exe
  C:\Windows\System\mPsEAEf.exe
  2⤵
  PID:7588
- C:\Windows\System\sVodWjG.exe
  C:\Windows\System\sVodWjG.exe
  2⤵
  PID:7532
- C:\Windows\System\qiGVRRk.exe
  C:\Windows\System\qiGVRRk.exe
  2⤵
  PID:7768
- C:\Windows\System\CBiSXrw.exe
  C:\Windows\System\CBiSXrw.exe
  2⤵
  PID:7728
- C:\Windows\System\naYkWgt.exe
  C:\Windows\System\naYkWgt.exe
  2⤵
  PID:7692
- C:\Windows\System\GRJsWxe.exe
  C:\Windows\System\GRJsWxe.exe
  2⤵
  PID:8124
- C:\Windows\System\ueUVONV.exe
  C:\Windows\System\ueUVONV.exe
  2⤵
  PID:7780
- C:\Windows\System\vWVCagI.exe
  C:\Windows\System\vWVCagI.exe
  2⤵
  PID:7836
- C:\Windows\System\YbolLmU.exe
  C:\Windows\System\YbolLmU.exe
  2⤵
  PID:7916
- C:\Windows\System\ZzGbagK.exe
  C:\Windows\System\ZzGbagK.exe
  2⤵
  PID:7960
- C:\Windows\System\FUVrGnH.exe
  C:\Windows\System\FUVrGnH.exe
  2⤵
  PID:8076
- C:\Windows\System\LnrQDSE.exe
  C:\Windows\System\LnrQDSE.exe
  2⤵
  PID:8024
- C:\Windows\System\pDoPgoL.exe
  C:\Windows\System\pDoPgoL.exe
  2⤵
  PID:8120
- C:\Windows\System\lBsuhYa.exe
  C:\Windows\System\lBsuhYa.exe
  2⤵
  PID:8152
- C:\Windows\System\vlSIMMU.exe
  C:\Windows\System\vlSIMMU.exe
  2⤵
  PID:7220
- C:\Windows\System\SKoCkkN.exe
  C:\Windows\System\SKoCkkN.exe
  2⤵
  PID:7460
- C:\Windows\System\LoznRjY.exe
  C:\Windows\System\LoznRjY.exe
  2⤵
  PID:7480
- C:\Windows\System\UQbLCbY.exe
  C:\Windows\System\UQbLCbY.exe
  2⤵
  PID:7396
- C:\Windows\System\wruggHR.exe
  C:\Windows\System\wruggHR.exe
  2⤵
  PID:7624
- C:\Windows\System\gtGNRZx.exe
  C:\Windows\System\gtGNRZx.exe
  2⤵
  PID:7716
- C:\Windows\System\RHnsIdx.exe
  C:\Windows\System\RHnsIdx.exe
  2⤵
  PID:2184
- C:\Windows\System\OLrJlPB.exe
  C:\Windows\System\OLrJlPB.exe
  2⤵
  PID:2784
- C:\Windows\System\jNZlzZZ.exe
  C:\Windows\System\jNZlzZZ.exe
  2⤵
  PID:8132
- C:\Windows\System\aiUbjxu.exe
  C:\Windows\System\aiUbjxu.exe
  2⤵
  PID:7204
- C:\Windows\System\QXCZufl.exe
  C:\Windows\System\QXCZufl.exe
  2⤵
  PID:7504
- C:\Windows\System\WILAhnO.exe
  C:\Windows\System\WILAhnO.exe
  2⤵
  PID:7284
- C:\Windows\System\uaFHbcS.exe
  C:\Windows\System\uaFHbcS.exe
  2⤵
  PID:7620
- C:\Windows\System\WEBlmtY.exe
  C:\Windows\System\WEBlmtY.exe
  2⤵
  PID:7752
- C:\Windows\System\YYONrvw.exe
  C:\Windows\System\YYONrvw.exe
  2⤵
  PID:8136
- C:\Windows\System\ngavInI.exe
  C:\Windows\System\ngavInI.exe
  2⤵
  PID:7988
- C:\Windows\System\piuivpN.exe
  C:\Windows\System\piuivpN.exe
  2⤵
  PID:8048
- C:\Windows\System\AqczwnM.exe
  C:\Windows\System\AqczwnM.exe
  2⤵
  PID:8060
- C:\Windows\System\bEvodNX.exe
  C:\Windows\System\bEvodNX.exe
  2⤵
  PID:7748
- C:\Windows\System\lKEutPf.exe
  C:\Windows\System\lKEutPf.exe
  2⤵
  PID:8204
- C:\Windows\System\vUiGjLk.exe
  C:\Windows\System\vUiGjLk.exe
  2⤵
  PID:8220
- C:\Windows\System\YImpfWo.exe
  C:\Windows\System\YImpfWo.exe
  2⤵
  PID:8240
- C:\Windows\System\UNBAVyr.exe
  C:\Windows\System\UNBAVyr.exe
  2⤵
  PID:8256
- C:\Windows\System\FvGFKYO.exe
  C:\Windows\System\FvGFKYO.exe
  2⤵
  PID:8272
- C:\Windows\System\RcemyLp.exe
  C:\Windows\System\RcemyLp.exe
  2⤵
  PID:8288
- C:\Windows\System\RvrCBOU.exe
  C:\Windows\System\RvrCBOU.exe
  2⤵
  PID:8312
- C:\Windows\System\CWVMbyl.exe
  C:\Windows\System\CWVMbyl.exe
  2⤵
  PID:8336
- C:\Windows\System\PsKMVCU.exe
  C:\Windows\System\PsKMVCU.exe
  2⤵
  PID:8360
- C:\Windows\System\LfWgcPJ.exe
  C:\Windows\System\LfWgcPJ.exe
  2⤵
  PID:8376
- C:\Windows\System\TnPyWxZ.exe
  C:\Windows\System\TnPyWxZ.exe
  2⤵
  PID:8396
- C:\Windows\System\XVIhkrp.exe
  C:\Windows\System\XVIhkrp.exe
  2⤵
  PID:8432
- C:\Windows\System\jEffSaS.exe
  C:\Windows\System\jEffSaS.exe
  2⤵
  PID:8456
- C:\Windows\System\xFuqijZ.exe
  C:\Windows\System\xFuqijZ.exe
  2⤵
  PID:8476
- C:\Windows\System\qsSDdqb.exe
  C:\Windows\System\qsSDdqb.exe
  2⤵
  PID:8492
- C:\Windows\System\hiXfcKL.exe
  C:\Windows\System\hiXfcKL.exe
  2⤵
  PID:8516
- C:\Windows\System\yqNrNUS.exe
  C:\Windows\System\yqNrNUS.exe
  2⤵
  PID:8536
- C:\Windows\System\sdYRuic.exe
  C:\Windows\System\sdYRuic.exe
  2⤵
  PID:8552
- C:\Windows\System\wvaAMTz.exe
  C:\Windows\System\wvaAMTz.exe
  2⤵
  PID:8568
- C:\Windows\System\gaYOGzp.exe
  C:\Windows\System\gaYOGzp.exe
  2⤵
  PID:8592
- C:\Windows\System\jAevEkP.exe
  C:\Windows\System\jAevEkP.exe
  2⤵
  PID:8608
- C:\Windows\System\FEDlKRe.exe
  C:\Windows\System\FEDlKRe.exe
  2⤵
  PID:8624
- C:\Windows\System\DceIUhY.exe
  C:\Windows\System\DceIUhY.exe
  2⤵
  PID:8648
- C:\Windows\System\kOxkCPT.exe
  C:\Windows\System\kOxkCPT.exe
  2⤵
  PID:8664
- C:\Windows\System\FNmPGWn.exe
  C:\Windows\System\FNmPGWn.exe
  2⤵
  PID:8680
- C:\Windows\System\zAhKgMO.exe
  C:\Windows\System\zAhKgMO.exe
  2⤵
  PID:8696
- C:\Windows\System\YatBdxR.exe
  C:\Windows\System\YatBdxR.exe
  2⤵
  PID:8712
- C:\Windows\System\WIdqNsM.exe
  C:\Windows\System\WIdqNsM.exe
  2⤵
  PID:8732
- C:\Windows\System\CWQoMZl.exe
  C:\Windows\System\CWQoMZl.exe
  2⤵
  PID:8748
- C:\Windows\System\bgBsrRo.exe
  C:\Windows\System\bgBsrRo.exe
  2⤵
  PID:8764
- C:\Windows\System\alIyYEE.exe
  C:\Windows\System\alIyYEE.exe
  2⤵
  PID:8792
- C:\Windows\System\QKYwNnR.exe
  C:\Windows\System\QKYwNnR.exe
  2⤵
  PID:8808
- C:\Windows\System\GcjzoEx.exe
  C:\Windows\System\GcjzoEx.exe
  2⤵
  PID:8828
- C:\Windows\System\aHLdOAS.exe
  C:\Windows\System\aHLdOAS.exe
  2⤵
  PID:8844
- C:\Windows\System\qSXtzlG.exe
  C:\Windows\System\qSXtzlG.exe
  2⤵
  PID:8868
- C:\Windows\System\XTdDETl.exe
  C:\Windows\System\XTdDETl.exe
  2⤵
  PID:8892
- C:\Windows\System\mZNPkCE.exe
  C:\Windows\System\mZNPkCE.exe
  2⤵
  PID:8916
- C:\Windows\System\TaOpOmS.exe
  C:\Windows\System\TaOpOmS.exe
  2⤵
  PID:8936
- C:\Windows\System\OEBJjJW.exe
  C:\Windows\System\OEBJjJW.exe
  2⤵
  PID:8952
- C:\Windows\System\HteeOJQ.exe
  C:\Windows\System\HteeOJQ.exe
  2⤵
  PID:8968
- C:\Windows\System\SZnvAIT.exe
  C:\Windows\System\SZnvAIT.exe
  2⤵
  PID:8988
- C:\Windows\System\AuPerEI.exe
  C:\Windows\System\AuPerEI.exe
  2⤵
  PID:9008
- C:\Windows\System\QLpWVwO.exe
  C:\Windows\System\QLpWVwO.exe
  2⤵
  PID:9024
- C:\Windows\System\BCZUrNW.exe
  C:\Windows\System\BCZUrNW.exe
  2⤵
  PID:9040
- C:\Windows\System\adNGYoG.exe
  C:\Windows\System\adNGYoG.exe
  2⤵
  PID:9064
- C:\Windows\System\dZxZlWr.exe
  C:\Windows\System\dZxZlWr.exe
  2⤵
  PID:9084
- C:\Windows\System\zKRUqea.exe
  C:\Windows\System\zKRUqea.exe
  2⤵
  PID:9100
- C:\Windows\System\dbvOEnl.exe
  C:\Windows\System\dbvOEnl.exe
  2⤵
  PID:9116
- C:\Windows\System\MuQsUUf.exe
  C:\Windows\System\MuQsUUf.exe
  2⤵
  PID:9132
- C:\Windows\System\ATayWWF.exe
  C:\Windows\System\ATayWWF.exe
  2⤵
  PID:9160
- C:\Windows\System\GhhTFjv.exe
  C:\Windows\System\GhhTFjv.exe
  2⤵
  PID:9180
- C:\Windows\System\WTJRWCo.exe
  C:\Windows\System\WTJRWCo.exe
  2⤵
  PID:9200
- C:\Windows\System\ptVhjKE.exe
  C:\Windows\System\ptVhjKE.exe
  2⤵
  PID:7792
- C:\Windows\System\yJhlXHg.exe
  C:\Windows\System\yJhlXHg.exe
  2⤵
  PID:7236
- C:\Windows\System\KtqzUvn.exe
  C:\Windows\System\KtqzUvn.exe
  2⤵
  PID:8232
- C:\Windows\System\GcHQKxC.exe
  C:\Windows\System\GcHQKxC.exe
  2⤵
  PID:8264
- C:\Windows\System\YotqGuG.exe
  C:\Windows\System\YotqGuG.exe
  2⤵
  PID:8304
- C:\Windows\System\RkWFWSy.exe
  C:\Windows\System\RkWFWSy.exe
  2⤵
  PID:8344
- C:\Windows\System\mhOGSbI.exe
  C:\Windows\System\mhOGSbI.exe
  2⤵
  PID:8356
- C:\Windows\System\LMDSgFt.exe
  C:\Windows\System\LMDSgFt.exe
  2⤵
  PID:8392
- C:\Windows\System\JIGMzkY.exe
  C:\Windows\System\JIGMzkY.exe
  2⤵
  PID:8412
- C:\Windows\System\CABfuNu.exe
  C:\Windows\System\CABfuNu.exe
  2⤵
  PID:8440
- C:\Windows\System\HfbSezm.exe
  C:\Windows\System\HfbSezm.exe
  2⤵
  PID:8452
- C:\Windows\System\nJtcNbk.exe
  C:\Windows\System\nJtcNbk.exe
  2⤵
  PID:8484
- C:\Windows\System\haQfcJE.exe
  C:\Windows\System\haQfcJE.exe
  2⤵
  PID:8528
- C:\Windows\System\HFjVJHE.exe
  C:\Windows\System\HFjVJHE.exe
  2⤵
  PID:8544
- C:\Windows\System\ZKcyhKE.exe
  C:\Windows\System\ZKcyhKE.exe
  2⤵
  PID:8576
- C:\Windows\System\YlSckAs.exe
  C:\Windows\System\YlSckAs.exe
  2⤵
  PID:8600
- C:\Windows\System\zJDMLfo.exe
  C:\Windows\System\zJDMLfo.exe
  2⤵
  PID:8620
- C:\Windows\System\VXXnxgw.exe
  C:\Windows\System\VXXnxgw.exe
  2⤵
  PID:8660
- C:\Windows\System\rRooUwX.exe
  C:\Windows\System\rRooUwX.exe
  2⤵
  PID:8708
- C:\Windows\System\swzbrxe.exe
  C:\Windows\System\swzbrxe.exe
  2⤵
  PID:8724
- C:\Windows\System\XxbmHFK.exe
  C:\Windows\System\XxbmHFK.exe
  2⤵
  PID:8800
- C:\Windows\System\kXKDHLm.exe
  C:\Windows\System\kXKDHLm.exe
  2⤵
  PID:8824
- C:\Windows\System\PeJRpbQ.exe
  C:\Windows\System\PeJRpbQ.exe
  2⤵
  PID:8860
- C:\Windows\System\odbQxdf.exe
  C:\Windows\System\odbQxdf.exe
  2⤵
  PID:8840
- C:\Windows\System\TzyGyrj.exe
  C:\Windows\System\TzyGyrj.exe
  2⤵
  PID:8880
- C:\Windows\System\oGerabe.exe
  C:\Windows\System\oGerabe.exe
  2⤵
  PID:8944
- C:\Windows\System\BhWuJbF.exe
  C:\Windows\System\BhWuJbF.exe
  2⤵
  PID:8928
- C:\Windows\System\ROijaYQ.exe
  C:\Windows\System\ROijaYQ.exe
  2⤵
  PID:8984
- C:\Windows\System\zxTylaX.exe
  C:\Windows\System\zxTylaX.exe
  2⤵
  PID:9016
- C:\Windows\System\zxdChmJ.exe
  C:\Windows\System\zxdChmJ.exe
  2⤵
  PID:9048
- C:\Windows\System\KYPtSzX.exe
  C:\Windows\System\KYPtSzX.exe
  2⤵
  PID:9092
- C:\Windows\System\UlRxMEh.exe
  C:\Windows\System\UlRxMEh.exe
  2⤵
  PID:9076
- C:\Windows\System\roOcaVl.exe
  C:\Windows\System\roOcaVl.exe
  2⤵
  PID:9128
- C:\Windows\System\EjTiuHJ.exe
  C:\Windows\System\EjTiuHJ.exe
  2⤵
  PID:9168
- C:\Windows\System\XjICWcr.exe
  C:\Windows\System\XjICWcr.exe
  2⤵
  PID:9152
- C:\Windows\System\aLnpLei.exe
  C:\Windows\System\aLnpLei.exe
  2⤵
  PID:9196
- C:\Windows\System\CswugME.exe
  C:\Windows\System\CswugME.exe
  2⤵
  PID:8212
- C:\Windows\System\YttsnkG.exe
  C:\Windows\System\YttsnkG.exe
  2⤵
  PID:8236
- C:\Windows\System\fNWwNTx.exe
  C:\Windows\System\fNWwNTx.exe
  2⤵
  PID:8284
- C:\Windows\System\roHKwYo.exe
  C:\Windows\System\roHKwYo.exe
  2⤵
  PID:8332
- C:\Windows\System\MysHMQe.exe
  C:\Windows\System\MysHMQe.exe
  2⤵
  PID:8388
- C:\Windows\System\aiuVkff.exe
  C:\Windows\System\aiuVkff.exe
  2⤵
  PID:8448
- C:\Windows\System\LUOttnO.exe
  C:\Windows\System\LUOttnO.exe
  2⤵
  PID:8504
- C:\Windows\System\TtYYoMn.exe
  C:\Windows\System\TtYYoMn.exe
  2⤵
  PID:8532
- C:\Windows\System\axorKcF.exe
  C:\Windows\System\axorKcF.exe
  2⤵
  PID:8560
- C:\Windows\System\DQZVBRT.exe
  C:\Windows\System\DQZVBRT.exe
  2⤵
  PID:8676
- C:\Windows\System\Mwnyrqt.exe
  C:\Windows\System\Mwnyrqt.exe
  2⤵
  PID:8744
- C:\Windows\System\KeNpfhG.exe
  C:\Windows\System\KeNpfhG.exe
  2⤵
  PID:8688
- C:\Windows\System\zENzEAS.exe
  C:\Windows\System\zENzEAS.exe
  2⤵
  PID:8780
- C:\Windows\System\ODXgJqB.exe
  C:\Windows\System\ODXgJqB.exe
  2⤵
  PID:8856
- C:\Windows\System\wKTVnrv.exe
  C:\Windows\System\wKTVnrv.exe
  2⤵
  PID:8816
- C:\Windows\System\mXZjqSv.exe
  C:\Windows\System\mXZjqSv.exe
  2⤵
  PID:8904
- C:\Windows\System\VQwqmnN.exe
  C:\Windows\System\VQwqmnN.exe
  2⤵
  PID:9004
- C:\Windows\System\zkBldCB.exe
  C:\Windows\System\zkBldCB.exe
  2⤵
  PID:9036
- C:\Windows\System\wtLmElu.exe
  C:\Windows\System\wtLmElu.exe
  2⤵
  PID:9108
- C:\Windows\System\PuhLGdm.exe
  C:\Windows\System\PuhLGdm.exe
  2⤵
  PID:9148
- C:\Windows\System\THgqtNZ.exe
  C:\Windows\System\THgqtNZ.exe
  2⤵
  PID:7812
- C:\Windows\System\tXTsTce.exe
  C:\Windows\System\tXTsTce.exe
  2⤵
  PID:7952
- C:\Windows\System\cBHjVFH.exe
  C:\Windows\System\cBHjVFH.exe
  2⤵
  PID:8352
- C:\Windows\System\ohAGSVp.exe
  C:\Windows\System\ohAGSVp.exe
  2⤵
  PID:8500
- C:\Windows\System\KGvTuvr.exe
  C:\Windows\System\KGvTuvr.exe
  2⤵
  PID:8564
- C:\Windows\System\HzHsTuo.exe
  C:\Windows\System\HzHsTuo.exe
  2⤵
  PID:8960
- C:\Windows\System\ejvaRUO.exe
  C:\Windows\System\ejvaRUO.exe
  2⤵
  PID:9144
- C:\Windows\System\VkqRQUB.exe
  C:\Windows\System\VkqRQUB.exe
  2⤵
  PID:8268
- C:\Windows\System\fDQinOm.exe
  C:\Windows\System\fDQinOm.exe
  2⤵
  PID:8404
- C:\Windows\System\kGBUnYE.exe
  C:\Windows\System\kGBUnYE.exe
  2⤵
  PID:8656
- C:\Windows\System\FYRDAvI.exe
  C:\Windows\System\FYRDAvI.exe
  2⤵
  PID:8932
- C:\Windows\System\cNZXEVz.exe
  C:\Windows\System\cNZXEVz.exe
  2⤵
  PID:8760
- C:\Windows\System\wODnroM.exe
  C:\Windows\System\wODnroM.exe
  2⤵
  PID:9000
- C:\Windows\System\sOlLPxu.exe
  C:\Windows\System\sOlLPxu.exe
  2⤵
  PID:8468
- C:\Windows\System\gbfyOFd.exe
  C:\Windows\System\gbfyOFd.exe
  2⤵
  PID:8804
- C:\Windows\System\pBGWxDI.exe
  C:\Windows\System\pBGWxDI.exe
  2⤵
  PID:8300
- C:\Windows\System\vEGdUXG.exe
  C:\Windows\System\vEGdUXG.exe
  2⤵
  PID:8616
- C:\Windows\System\OzHkyMD.exe
  C:\Windows\System\OzHkyMD.exe
  2⤵
  PID:9208
- C:\Windows\System\VEoiWVo.exe
  C:\Windows\System\VEoiWVo.exe
  2⤵
  PID:8324
- C:\Windows\System\wFpRjfB.exe
  C:\Windows\System\wFpRjfB.exe
  2⤵
  PID:9032
- C:\Windows\System\CQPnEvO.exe
  C:\Windows\System\CQPnEvO.exe
  2⤵
  PID:9176
- C:\Windows\System\ENqbNhn.exe
  C:\Windows\System\ENqbNhn.exe
  2⤵
  PID:9224
- C:\Windows\System\IVCPPOp.exe
  C:\Windows\System\IVCPPOp.exe
  2⤵
  PID:9240
- C:\Windows\System\VSSIHKi.exe
  C:\Windows\System\VSSIHKi.exe
  2⤵
  PID:9256
- C:\Windows\System\CrTEeIF.exe
  C:\Windows\System\CrTEeIF.exe
  2⤵
  PID:9292
- C:\Windows\System\HfEYNUH.exe
  C:\Windows\System\HfEYNUH.exe
  2⤵
  PID:9308
- C:\Windows\System\enreJyu.exe
  C:\Windows\System\enreJyu.exe
  2⤵
  PID:9324
- C:\Windows\System\fKzXFTW.exe
  C:\Windows\System\fKzXFTW.exe
  2⤵
  PID:9340
- C:\Windows\System\NDLeJYU.exe
  C:\Windows\System\NDLeJYU.exe
  2⤵
  PID:9360
- C:\Windows\System\RXLqxdK.exe
  C:\Windows\System\RXLqxdK.exe
  2⤵
  PID:9384
- C:\Windows\System\iDTyHMQ.exe
  C:\Windows\System\iDTyHMQ.exe
  2⤵
  PID:9408
- C:\Windows\System\rugDzLV.exe
  C:\Windows\System\rugDzLV.exe
  2⤵
  PID:9424
- C:\Windows\System\ESBtdhP.exe
  C:\Windows\System\ESBtdhP.exe
  2⤵
  PID:9464
- C:\Windows\System\xhqudOv.exe
  C:\Windows\System\xhqudOv.exe
  2⤵
  PID:9488
- C:\Windows\System\kmjFwpB.exe
  C:\Windows\System\kmjFwpB.exe
  2⤵
  PID:9504
- C:\Windows\System\ODpjDgb.exe
  C:\Windows\System\ODpjDgb.exe
  2⤵
  PID:9532
- C:\Windows\System\ySkhxAi.exe
  C:\Windows\System\ySkhxAi.exe
  2⤵
  PID:9552
- C:\Windows\System\nQyuPnq.exe
  C:\Windows\System\nQyuPnq.exe
  2⤵
  PID:9580
- C:\Windows\System\zKOkoyF.exe
  C:\Windows\System\zKOkoyF.exe
  2⤵
  PID:9608
- C:\Windows\System\CNSJOpi.exe
  C:\Windows\System\CNSJOpi.exe
  2⤵
  PID:9688
- C:\Windows\System\QfPNptv.exe
  C:\Windows\System\QfPNptv.exe
  2⤵
  PID:9704
- C:\Windows\System\MXzqGAu.exe
  C:\Windows\System\MXzqGAu.exe
  2⤵
  PID:9720
- C:\Windows\System\GOURmcK.exe
  C:\Windows\System\GOURmcK.exe
  2⤵
  PID:9736
- C:\Windows\System\QsWvirU.exe
  C:\Windows\System\QsWvirU.exe
  2⤵
  PID:9752
- C:\Windows\System\ttVdpOu.exe
  C:\Windows\System\ttVdpOu.exe
  2⤵
  PID:9768
- C:\Windows\System\FwyLfeh.exe
  C:\Windows\System\FwyLfeh.exe
  2⤵
  PID:9784
- C:\Windows\System\tiKJEVn.exe
  C:\Windows\System\tiKJEVn.exe
  2⤵
  PID:9800
- C:\Windows\System\azYFoUl.exe
  C:\Windows\System\azYFoUl.exe
  2⤵
  PID:9816
- C:\Windows\System\itwKqrq.exe
  C:\Windows\System\itwKqrq.exe
  2⤵
  PID:9980
- C:\Windows\System\WfxEqAv.exe
  C:\Windows\System\WfxEqAv.exe
  2⤵
  PID:10016
- C:\Windows\System\zTNpQoL.exe
  C:\Windows\System\zTNpQoL.exe
  2⤵
  PID:10080
- C:\Windows\System\KbqhGbH.exe
  C:\Windows\System\KbqhGbH.exe
  2⤵
  PID:10104
- C:\Windows\System\wXROwLt.exe
  C:\Windows\System\wXROwLt.exe
  2⤵
  PID:10120
- C:\Windows\System\XcgKqkz.exe
  C:\Windows\System\XcgKqkz.exe
  2⤵
  PID:10136
- C:\Windows\System\VYWGjsU.exe
  C:\Windows\System\VYWGjsU.exe
  2⤵
  PID:10168
- C:\Windows\System\CeQdijl.exe
  C:\Windows\System\CeQdijl.exe
  2⤵
  PID:10188
- C:\Windows\System\AATYysy.exe
  C:\Windows\System\AATYysy.exe
  2⤵
  PID:10208
- C:\Windows\System\zSXyEGR.exe
  C:\Windows\System\zSXyEGR.exe
  2⤵
  PID:9232
- C:\Windows\System\rAWGpvA.exe
  C:\Windows\System\rAWGpvA.exe
  2⤵
  PID:9220
- C:\Windows\System\dohppQd.exe
  C:\Windows\System\dohppQd.exe
  2⤵
  PID:9316
- C:\Windows\System\bugkJyM.exe
  C:\Windows\System\bugkJyM.exe
  2⤵
  PID:9336
- C:\Windows\System\WahdWOB.exe
  C:\Windows\System\WahdWOB.exe
  2⤵
  PID:9392
- C:\Windows\System\epUlTOX.exe
  C:\Windows\System\epUlTOX.exe
  2⤵
  PID:9372
- C:\Windows\System\DwIEqkk.exe
  C:\Windows\System\DwIEqkk.exe
  2⤵
  PID:9416
- C:\Windows\System\QuQIRED.exe
  C:\Windows\System\QuQIRED.exe
  2⤵
  PID:9440
- C:\Windows\System\DnAXtRC.exe
  C:\Windows\System\DnAXtRC.exe
  2⤵
  PID:9452
- C:\Windows\System\JsDraXj.exe
  C:\Windows\System\JsDraXj.exe
  2⤵
  PID:9472
- C:\Windows\System\fTWuiQw.exe
  C:\Windows\System\fTWuiQw.exe
  2⤵
  PID:9524
- C:\Windows\System\qUCdMTY.exe
  C:\Windows\System\qUCdMTY.exe
  2⤵
  PID:9544
- C:\Windows\System\DeusOUi.exe
  C:\Windows\System\DeusOUi.exe
  2⤵
  PID:9660
- C:\Windows\System\MWMRVau.exe
  C:\Windows\System\MWMRVau.exe
  2⤵
  PID:9616
- C:\Windows\System\DHunWtz.exe
  C:\Windows\System\DHunWtz.exe
  2⤵
  PID:9636
- C:\Windows\System\CocUCoz.exe
  C:\Windows\System\CocUCoz.exe
  2⤵
  PID:9668
- C:\Windows\System\UtIRkeS.exe
  C:\Windows\System\UtIRkeS.exe
  2⤵
  PID:9676
- C:\Windows\System\NyZMJUs.exe
  C:\Windows\System\NyZMJUs.exe
  2⤵
  PID:9728
- C:\Windows\System\uphMJzL.exe
  C:\Windows\System\uphMJzL.exe
  2⤵
  PID:9744
- C:\Windows\System\eSTjYyy.exe
  C:\Windows\System\eSTjYyy.exe
  2⤵
  PID:9792
- C:\Windows\System\TcNqylk.exe
  C:\Windows\System\TcNqylk.exe
  2⤵
  PID:9824
- C:\Windows\System\xviQZfr.exe
  C:\Windows\System\xviQZfr.exe
  2⤵
  PID:9840
- C:\Windows\System\VlhIftj.exe
  C:\Windows\System\VlhIftj.exe
  2⤵
  PID:9880
- C:\Windows\System\tfDOrQY.exe
  C:\Windows\System\tfDOrQY.exe
  2⤵
  PID:9892
- C:\Windows\System\ckQPtHG.exe
  C:\Windows\System\ckQPtHG.exe
  2⤵
  PID:9908
- C:\Windows\System\khFfsVU.exe
  C:\Windows\System\khFfsVU.exe
  2⤵
  PID:9924
- C:\Windows\System\pZVyYYZ.exe
  C:\Windows\System\pZVyYYZ.exe
  2⤵
  PID:9944
- C:\Windows\System\KvOpMAG.exe
  C:\Windows\System\KvOpMAG.exe
  2⤵
  PID:9960
- C:\Windows\System\JdNHMlc.exe
  C:\Windows\System\JdNHMlc.exe
  2⤵
  PID:9992
- C:\Windows\System\SqvelNT.exe
  C:\Windows\System\SqvelNT.exe
  2⤵
  PID:10000
- C:\Windows\System\tuIytYt.exe
  C:\Windows\System\tuIytYt.exe
  2⤵
  PID:9996
- C:\Windows\System\tUvNjzN.exe
  C:\Windows\System\tUvNjzN.exe
  2⤵
  PID:10040
- C:\Windows\System\gEEzkQk.exe
  C:\Windows\System\gEEzkQk.exe
  2⤵
  PID:10056
- C:\Windows\System\IcGdgrw.exe
  C:\Windows\System\IcGdgrw.exe
  2⤵
  PID:10076
- C:\Windows\System\aDYvUiS.exe
  C:\Windows\System\aDYvUiS.exe
  2⤵
  PID:10116
- C:\Windows\System\yXDRoHU.exe
  C:\Windows\System\yXDRoHU.exe
  2⤵
  PID:10128
- C:\Windows\System\WbpqtEy.exe
  C:\Windows\System\WbpqtEy.exe
  2⤵
  PID:10156
- C:\Windows\System\jBbryJR.exe
  C:\Windows\System\jBbryJR.exe
  2⤵
  PID:10176
- C:\Windows\System\ccNcUAZ.exe
  C:\Windows\System\ccNcUAZ.exe
  2⤵
  PID:10216
- C:\Windows\System\NceMphf.exe
  C:\Windows\System\NceMphf.exe
  2⤵
  PID:10232
- C:\Windows\System\AlxPpNG.exe
  C:\Windows\System\AlxPpNG.exe
  2⤵
  PID:9268
- C:\Windows\System\HGgwAFg.exe
  C:\Windows\System\HGgwAFg.exe
  2⤵
  PID:9284
- C:\Windows\System\bfmHyau.exe
  C:\Windows\System\bfmHyau.exe
  2⤵
  PID:9332
- C:\Windows\System\LIwKtxB.exe
  C:\Windows\System\LIwKtxB.exe
  2⤵
  PID:1396
- C:\Windows\System\bntQnit.exe
  C:\Windows\System\bntQnit.exe
  2⤵
  PID:2080
- C:\Windows\System\yXNqfhM.exe
  C:\Windows\System\yXNqfhM.exe
  2⤵
  PID:9448
- C:\Windows\System\vaiVPWt.exe
  C:\Windows\System\vaiVPWt.exe
  2⤵
  PID:9516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CCjIPFf.exe

Filesize
6.0MB

MD5
2043ed62d3f933666ed998672b811c57

SHA1
63f4ebec882d9c93242252d1f0cdadb9cc255af9

SHA256
146e02fa6c835c0b4454323df398a94f827f46a31e83f7d0a14eec0a92092a7e

SHA512
ffbb42fe7e79ff19db564d6782470139a50c3a72ade6cad9722fe3e9f15a905de6d7054c16e47ae290ae6c8f231382068cc6453e98a73b23bd2edb76560f284c

Download Submit
C:\Windows\system\CEVMAAZ.exe

Filesize
6.0MB

MD5
76865df6d2579562a47c7be2a05f8355

SHA1
641f3c154c9584f4cbf1d85edc1c76f96beadf94

SHA256
07bf391b2af560b0374cb3b10e53f87e4d49d105bd4174faee5b1fff78f37465

SHA512
1f5c209191e37e4795a096fe55573c660cb4ec3999634b3d804523ae2da782fda6e5c03f28096c6c07cffba73a2a2a981c1919f812a9dd4948d49c03b60419ff

Download Submit
C:\Windows\system\DvndRaZ.exe

Filesize
6.0MB

MD5
91b76c056c30a22b6611588599bd7d49

SHA1
828afec9af4e46f2b07bd0afc6e27a5a0cad50c9

SHA256
fcf27c82be91357677eedb64ed2f0a185f1e502c717d0700244290ae883180e0

SHA512
3c71659936002c0836f6e2dbcdca48d8e9c8256363ec6df9f984fcef17f21a0ee8586f194649dc568e8cfc0aed55232bfa1c7e87d235668e204ab97431870b93

Download Submit
C:\Windows\system\ENnUvDS.exe

Filesize
6.0MB

MD5
a22caf197727a80ccac4db0f5f76d825

SHA1
4008e8b342a1801811722a6d3e5d4142ebc630e7

SHA256
eb12a6c800b9fb0671960f5300381a0740934ab31f9227da4c226d2dd8f2578e

SHA512
24c88aaf9766f8912d70bb04a37c1a6ca9670f838bb4cf5ee546ce5268804ebed346a3c90aae88d28c114f4a868045feb15999423d3958405a478cd872b101f8

Download Submit
C:\Windows\system\EaeKoxj.exe

Filesize
6.0MB

MD5
b3697f3665e744fe0f6d985716d9c60c

SHA1
7d5eb79aa2f23ef84d8a9146b7b8df27a17e5da7

SHA256
a59bfbb0e6310d485ea20cbfbde3a392fc97863b35a7a2b51ef6f2f9912880ed

SHA512
45fe38f2660583c37dccf09615284c5245002d3a0a5c4e5398c4993f5cb245906db2f02a3926d49a6116a454034c1b4f7b52ff84f76aad74cec8e6772af59149

Download Submit
C:\Windows\system\GXjIQLw.exe

Filesize
6.0MB

MD5
429b2043de83c89ac994ad604892e722

SHA1
856778b1354c3f238108bf3a5a5ba88aa3884c3d

SHA256
43a3acc0add2c0ce7ad011d762027a5ffa7ac7fd663c2ff8d3112940c71a49cc

SHA512
8b89f67f1d83b5552774828eb208af7e0339a88143d1e14b09652b66c5e18e35b5e7c7076caf3e522fbdcde5b920ea57fae560687b4c1b9c32bddcdaf9ca6573

Download Submit
C:\Windows\system\MOnqpNL.exe

Filesize
6.0MB

MD5
e0a2a97a59bacf0d86fe1b6dcd275449

SHA1
55cb72dcd613b2959fd0e1368607e00c3ef5117b

SHA256
b918fd4c91a9e60e7a503c763b1e19dbb199aba59c9a40efba611fd0e01c8c56

SHA512
42f582d4173f425ae34576ce788cc6263a13ba72a0e520e1de319583aabdba0d0b58be2dbb6d15fe5bea63f15edc31ec3862a68693b8cecba24e86869a3ddad6

Download Submit
C:\Windows\system\NNKcLuC.exe

Filesize
6.0MB

MD5
16ae4ddcd10ad55dfa9066383f154ca1

SHA1
0d3453985764ff024c7755702c7a7299d7076f05

SHA256
6d7a91423e2d1a2057c19c4cc0d2d0fb9205b0e931aef938267e6fd7b8309983

SHA512
6bb4bb0074b56d4a97c61be03bede364e24fb0ac1a4cb30f6d016f77f991899f9031d6d7d9c1a6ef4717b73c8a560712a716ebdf4d573274e68291bafc878e95

Download Submit
C:\Windows\system\Qmnggmq.exe

Filesize
6.0MB

MD5
ec09f6f0a14d3a98deec432ae3045e80

SHA1
c228ec7cb30157157951ceda2d7b817cd20fab00

SHA256
dc6cc4d6d1cb57e28033050cc555ac92f1aadd27163fd40e2e2d77bc99032609

SHA512
1f6381381027451e86a1e7db0f1ff584b6f4785a96bc26cda40f5fe354eed5f7b8f18d9deae8830d8f397aa93e32c7031c8e12f8d417b5b22bee71e9f07f2fb7

Download Submit
C:\Windows\system\SCExbPq.exe

Filesize
6.0MB

MD5
b3dc93bfc43a436c1b945298012e2890

SHA1
3c8c9b55797fc3942aec7974926236de0545488d

SHA256
898896e910016ca8a672558634e0a3bdcb6d10b691540bfa55360831607678e6

SHA512
6d2b16b2ef5048e87ecc0e4150d935832a3875f4a11899f5cb781a349fca39d3a3335d638780a5c906cd7e02f9fdb6808cb0b8775215a898811ebbf691273112

Download Submit
C:\Windows\system\WuNXWZK.exe

Filesize
6.0MB

MD5
9e48a1c725eba0958699bed2a2d937df

SHA1
3ed700a10c0bc51936693b3c4d8c2281525edf5a

SHA256
6407115485fec7012e48bc239851bda34f26126e664ebf272319d5a2017d41b8

SHA512
bc16d1a510ca6956559cc10f16fad90bf36f5fe34fe671866720462772a66a590b64460f2a471a655019f3aca0d50c8636e844b8ddfdf8c11bae9fa7ec0a58b6

Download Submit
C:\Windows\system\XFewaae.exe

Filesize
6.0MB

MD5
812e0ed134b162efacc56a9e037979cb

SHA1
c09ac8ae217d0832c3b29e0e4f2c872a30a4c4f2

SHA256
44eca6aafda52d29e58fa3967fcf2ae88e7e976de022502da2ec31491f6243e8

SHA512
118a56bfe1b2855358855ea3d2b12cd481a081199234bc10ba9a37f047a11bf882046c5e7eca16b2024ae0c957bf25a21076eb4acf44af2395211a78e2265051

Download Submit
C:\Windows\system\XYguBCb.exe

Filesize
6.0MB

MD5
621cac1dd22472c2587fbf7e80c63838

SHA1
2320ca3131db3e1d662d9adf9f515fedd1eafc7e

SHA256
762ab0d37d40fbfeb5f21a9413886c3e159b0e3c78493dd04c90780c7f7a9af9

SHA512
6683b9bf022fe1d83b4e181546e650c1b91d8b59ab5bb6146e84af87435c22710e52446471d47c47060ae3c9f153942510b69d5194703aa33e545a151b966c07

Download Submit
C:\Windows\system\ZDAujuH.exe

Filesize
6.0MB

MD5
1fda6ddd6ca22131b01daea74cf600d1

SHA1
3a1bdcdc9b1dab7db0364ed536a4d7cfe0332ecf

SHA256
53d0d22195e99532dbad6f9149b7cf6fb96909199e3e67e9fe39e65995e22235

SHA512
9f0b18abf51ef027357863d2ff6e2344d1222bfd81bdc8a321f251311418ccc0888fd7f8b06c73387084ecbc98e134313fd6ca423f45251d915f1196edc715e9

Download Submit
C:\Windows\system\aDoJomS.exe

Filesize
6.0MB

MD5
bfe5fc2a062f788ebba51db34b52435b

SHA1
e1df2ebef15c7be1b36ec8c5ded9082b32b999a7

SHA256
cc626d1f054f09923810413ce3c8ea226bf76b5532340230a8002f7be8c0d358

SHA512
d129df62fa9fbcff3bf34243a61959e50782cb5c380c3b20bbcbe5cebf69fca51bbe1fe34abcba73edde9d206c61e340a7803e4de0c373f2842a91cad6531f3f

Download Submit
C:\Windows\system\cOQTXZN.exe

Filesize
6.0MB

MD5
f360272a2dec51986883738a538bf9c6

SHA1
7c734cf5cc2ff343e29cd4cd96e30580aa66bdf7

SHA256
65cb10ee861d2d7f9c959d0fc74a7556b894b76bc2476f03532da87e30b29b18

SHA512
8c0f94eba0b097e1c13a03fe60c4664d119b5589a9420e7fc8ba5d5e2f4abbcb0dbd57e2c09a94481c2450ff38731bf01b922ce0cb1202b89f180de5376942e4

Download Submit
C:\Windows\system\hRBgcJH.exe

Filesize
6.0MB

MD5
1c4c944fc2cc716f9e3bb7b51f2f02ae

SHA1
ced7b15e3c22fc5358bada2d99d0c2c442b15712

SHA256
152bd086559f7fa31ab264fe36631b52a19b641c6b60042937a98665bac90461

SHA512
1f3b65ee6354e2ab14bad2b0d57576143d1442706d5666ad2919a36779cc3fac0199efd337c96a309e098067b3160d226514f997fccd1ec6fdc535883fd4112b

Download Submit
C:\Windows\system\iBuRMbK.exe

Filesize
6.0MB

MD5
f4480a4b9fd14ec93ab6dd9cae9b4544

SHA1
cab6a251359c674c0b485d3a6765f6510fc9a212

SHA256
8f8ca3bac0c1304af95feca7b7a450f29a3ab024f81b70c29d5ae5aec2a2eb49

SHA512
29444961f5a132bed3ade7bb91fdffbea045762590b8416e2baee3a2475f6823464f59c87d0f44a2734ecb6db6bbe8b81d49e495b2c06f1d3442c6d1b7297b8b

Download Submit
C:\Windows\system\kokpjXD.exe

Filesize
6.0MB

MD5
4c35ee3d2b45b1d856c81190e6d0e481

SHA1
a72813af02bd20ad4d7e33fb14a440d93ef86cec

SHA256
74dccfeb34f03c492c7bde14ce7c6e4dba880945deced603ad968e355bed7aa8

SHA512
239399f33394829104d06d2782e0db8e67371892da66b049a2431a3d633646c3cf377a3cfd0690559d440605721d43496dcca7ccd1831047ab1877ca0bab1fd3

Download Submit
C:\Windows\system\noWmXGg.exe

Filesize
6.0MB

MD5
aea29d4857e6b0f5ad4cce532c73bb03

SHA1
59ee68e87d88b925b2d2ec75bc69f8d382587473

SHA256
1f90503e53b48830a153ccce5069b88798611b5f46a06ef117fcc1977137914e

SHA512
1a6a7d7fd7552fecae93f84b1fc8131ad9f2c8c51943049d4c529df18ccf719c8788cd049da172b6a9c6118703e7033334e95b921e3f063a2bf1fca6d713cd2f

Download Submit
C:\Windows\system\rPFZjAS.exe

Filesize
6.0MB

MD5
c8d0668a6a0c379071d773cfccfdce02

SHA1
e9c39a99e300f1451fe11311cbeb1ced149e4d8c

SHA256
fcbea0ed3c2d1035b679e15207218d6b40a3a09f178b8bd36c7e216e28600ed3

SHA512
e02d558d00b732d515d7aa8a03cffe5e683d1e23e98be8ccd103338fe950771b6c77db271f2dc94628b02329cbbdfd0f93a6cc79506e5f71c2a0cc1783ed2a8e

Download Submit
C:\Windows\system\vbTkSxf.exe

Filesize
6.0MB

MD5
3f355053f8f5efc6b86a02d458855ef7

SHA1
d0627878d4fc84c951cec451dee1dfdfbc8beb8d

SHA256
a0ce098a995c46617cdde9b3ff4109b136d4e03b6b93e5b1f2ec4f407e80e3f6

SHA512
d1cfe4123c237e07ed8c928d0c87e1286f2c5f2b12c3cf1ab8382e07e791b604cf53f11cf66e4588a422745a7bcdc61919005965e158eda73c37b0a764f153e8

Download Submit
C:\Windows\system\xwzroVu.exe

Filesize
6.0MB

MD5
9a2316f4c2b8a82b581924d92bd55913

SHA1
c6c8a16bffc131167014c6e8fa8b0f4d44e9fadd

SHA256
a7721fb06c831329db9898b0de8836c68868b192cf5afd6318f4910320ef5299

SHA512
8e846b9059178c4f2992b6f978200076dc64caaf2a1103f6faec5ad639b55149a692d32ef49387f2c5ad7564a3d2f55ce20ec2fe85288ad9a48f301fd84309c4

Download Submit
\Windows\system\EMWiQra.exe

Filesize
6.0MB

MD5
97694944ebacdfea8afc316430f5923b

SHA1
1fd42248937ab02de5b050f4df5d39ee215b6e6b

SHA256
bd1e76f8261f24121fe2e2774613ae4f4ef3b0a84125a7ea6bf61c66da205561

SHA512
57d7db9da7467c5e38414f175c0bacd4c3bc674824563e7b3ff603c937620b2a80950bfb4b6c4230c27f86714cdcb3ce485bc41dc53f72b0b65497ffad092b94

Download Submit
\Windows\system\GsxuUIo.exe

Filesize
6.0MB

MD5
76f98930ad8540a8b3028515ee06e22d

SHA1
64aa2643df6b974f50bfef77253813134379c758

SHA256
f267eb6424dd4813acb3aa3bc66e0bfec5120fe781a5d25fe8c97e1d510d061b

SHA512
35733a6da51aea0e4908b1be3c3bbf23c08fe3505dfc2ef4ce419c012bbb6f61d76f831b405aed5d0f5bf451cea043a939dffb8571219ea0ba597db085373b2e

Download Submit
\Windows\system\JMEVIiQ.exe

Filesize
6.0MB

MD5
d7109752b117c31323013a786f2b4661

SHA1
6cbc4eaf1673272fc8b6f83ced981410b384625c

SHA256
05ddddb53fc0fa9b606f5df3d7818d1f88dc6bce44339c5ebbfc6d52bcb5695c

SHA512
43b334b7906d9f5f0ab153ddae2527be6d4f83c70f0bb5cac00cbce3821bb1a710ccdadd6a2caede3d6b9b9974ac49350f07c2b2ce2ba67d44c18055fb9e45cb

Download Submit
\Windows\system\JtjWNaV.exe

Filesize
6.0MB

MD5
e51faf092e2a2fe379ff94c5c92d5a1e

SHA1
ce0eecc70fda463a721d251a5736e9153282d7f6

SHA256
2c5f2cdf0a6288f693e1a9d80415f19d41310c7589b11bf26b73bc8af0ec4832

SHA512
110c4f4a0daefdf3c9e71d8552ad138ab84a7d38bc162b846b169d881ac8887f909b4cb124f121028264ed2300c75531cf97ff159d26c8cd9e3a1e0a2de7ae53

Download Submit
\Windows\system\PKEswyg.exe

Filesize
6.0MB

MD5
ad315cdbbbeb636bc8c2d48bbdd228ff

SHA1
83d962157164b1f087240f797d8b9f5a0191d01d

SHA256
b247dba8c385d6c42930cce176e0457268307816ec4d1de7815c1e9381b3e03a

SHA512
ad17e8447dac5b73403cdd5de8f7e8ed531c8a42fafe23ff917ef7134e26e66202692e12aab315a832dbf28720e5904ea3e831b3bcbaacb8e7972d9096299a09

Download Submit
\Windows\system\PLMnBxl.exe

Filesize
6.0MB

MD5
72e056fc0a9b92ac10c83d8f2194d89b

SHA1
7e1264778f060a5e6574ff335e0b7f48502473ca

SHA256
ce4fcb75d9ad72f9f0b8af5ceb6a66e94be2882439de7368bda7bdf77bcff15d

SHA512
1167b94ba33f60f7602a6f4fac3390470b611b5c3c7222c8da636c06a72619a1f3f96367a0c70b93b17c795d9ea4a83af9a3f91c54bf7be4aefb5964512fe99a

Download Submit
\Windows\system\fRHGuvf.exe

Filesize
6.0MB

MD5
3dd415b8fbc918001b58c99705dcce1d

SHA1
0a3b5b093e29a527a7c0aa2cb0e892ffbf894676

SHA256
9fa9e6926fab5341754b7c56dc7651ceb6af18ef74d9d76df9f864a2f83219b5

SHA512
169a8c93b1468dbe4fff1faadc938e72e561262abd1508a8f2a56c545da737450ee5edb06e50ba7f395b38241f74e27f998233463a93dc28bc7851e5eacbf741

Download Submit
\Windows\system\hoPjNlQ.exe

Filesize
6.0MB

MD5
40a12be68a91fde5480798f4420a3d04

SHA1
2bde6d09bf8781202ac79c99de0a826424091bab

SHA256
7c8055dd705f1408c501d65480384241795cf1eda917da4030711b4186ce7f70

SHA512
2264e75d09b839587f74a7d5a9f7005d4e6feaaa7fa03c25ed9ced2524ee10c7a5f678558296ab5042359bda39fff610031c3d070cca53a4fb75af74094e9b3b

Download Submit
\Windows\system\wZCrmCu.exe

Filesize
6.0MB

MD5
1ed64c7fd2920ec7cbb6e1bfa7e0c2f3

SHA1
2f5a1a757dc4428a2e6fc31160b34b3f50e49aec

SHA256
8151ef1bf5cfc021e320f2aaa381e5db131a8e8e6dd1a0b3ed1dec8069bd5208

SHA512
c89514a5e55f9338105c69d776b39f93b6730ec6ff06d36459985005da79cc2543e10a578d8cbd120e5dfb49f7c23f239926758b95a29e1b806c83fcae78d613

Download Submit
memory/1076-67-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1076-109-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1076-1604-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/1668-46-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-81-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-1371-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-59-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2104-1390-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2212-91-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1647-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2300-89-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2300-1639-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2412-90-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2412-1645-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2648-60-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2648-1385-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2680-1345-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2680-39-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2728-105-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-392-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1652-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1177-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2792-15-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2804-64-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2804-1344-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2804-28-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2816-30-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2816-63-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2816-342-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-261-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-77-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2816-29-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-38-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2816-24-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2816-20-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2816-92-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2816-8-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2816-110-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2816-11-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2816-188-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2816-93-0x0000000002220000-0x0000000002574000-memory.dmp

Filesize
3.3MB

Download
memory/2816-101-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2816-70-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2816-43-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-75-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-0-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-95-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-56-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2816-102-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-61-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2816-443-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2932-58-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1343-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2932-22-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2996-98-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-2062-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-1170-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/3064-16-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download