cobaltstrike | 4dbd453884d179a0dabd0d3a80877815f38d4fdfe5ea5b80de9946b272b0c2cf

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/11/2024, 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

278987e26ceb750f2d9ff79b607aa930
SHA1

9a067bf08846f09704bb41720e503d5129c12f23
SHA256

4dbd453884d179a0dabd0d3a80877815f38d4fdfe5ea5b80de9946b272b0c2cf
SHA512

d0b82aa016ff1160fe5d91e89fe6d90cf2756ed1c225c50e85d60524471cc25708abb734c7eb3deeccbc21b66e11d9414c24f227739562f8bf7a974f4cc20e0f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU3:T+q56utgpPF8u/73

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000122ea-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d58-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016dd0-21.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016da7-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016de8-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016de4-33.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d36-46.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016eb8-54.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-79.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-90.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016edb-59.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-181.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-113.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-112.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-66.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2344-1-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x00090000000122ea-6.dat	xmrig
behavioral1/memory/2172-8-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d58-9.dat	xmrig
behavioral1/files/0x0007000000016dd0-21.dat	xmrig
behavioral1/memory/3004-27-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2636-25-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/560-20-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x0008000000016da7-18.dat	xmrig
behavioral1/memory/2696-34-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x0007000000016de8-40.dat	xmrig
behavioral1/memory/2700-42-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x0007000000016de4-33.dat	xmrig
behavioral1/memory/2344-43-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d36-46.dat	xmrig
behavioral1/files/0x0008000000016eb8-54.dat	xmrig
behavioral1/memory/2200-58-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f6-79.dat	xmrig
behavioral1/files/0x00060000000190e1-80.dat	xmrig
behavioral1/memory/2632-93-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019240-90.dat	xmrig
behavioral1/memory/560-50-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x0008000000016edb-59.dat	xmrig
behavioral1/files/0x000500000001926c-126.dat	xmrig
behavioral1/files/0x0005000000019319-146.dat	xmrig
behavioral1/files/0x00050000000193c1-176.dat	xmrig
behavioral1/memory/2000-816-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2344-381-0x0000000002250000-0x00000000025A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019450-191.dat	xmrig
behavioral1/files/0x0005000000019446-186.dat	xmrig
behavioral1/files/0x0005000000019433-181.dat	xmrig
behavioral1/files/0x00050000000193b3-171.dat	xmrig
behavioral1/files/0x00050000000193a4-166.dat	xmrig
behavioral1/files/0x0005000000019387-161.dat	xmrig
behavioral1/files/0x0005000000019377-156.dat	xmrig
behavioral1/files/0x0005000000019365-151.dat	xmrig
behavioral1/files/0x000500000001929a-141.dat	xmrig
behavioral1/files/0x0005000000019278-136.dat	xmrig
behavioral1/files/0x0005000000019275-131.dat	xmrig
behavioral1/files/0x0005000000019268-121.dat	xmrig
behavioral1/files/0x0005000000019259-117.dat	xmrig
behavioral1/files/0x0005000000019217-115.dat	xmrig
behavioral1/files/0x00050000000191d2-113.dat	xmrig
behavioral1/files/0x000600000001904c-112.dat	xmrig
behavioral1/memory/2152-109-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2700-108-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2000-103-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/3016-101-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2344-97-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2112-77-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x0006000000018f65-66.dat	xmrig
behavioral1/memory/2696-74-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2344-57-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2636-3478-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/560-3482-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/3004-3496-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2172-3510-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2696-3550-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2700-3862-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2632-4013-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2000-4015-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/3016-4016-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2200-4018-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2112-4020-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2172	vBicbLL.exe
560	hIVfdUZ.exe
2636	DuDTkZq.exe
3004	NnwedLf.exe
2696	XEWBfuy.exe
2700	SmzjXXZ.exe
2200	kdRtgVR.exe
2112	TSDwYcA.exe
2632	lILURcq.exe
3016	bPQLawM.exe
2000	bdSyOEh.exe
2152	wvejQcI.exe
2292	ffBNEht.exe
2560	ROauJJZ.exe
3048	FnCyEsC.exe
744	vvWznev.exe
2528	GWZAJxk.exe
1992	DypJnaa.exe
1036	kZTKSpz.exe
1488	EczpOvs.exe
1336	HnltSdP.exe
1920	ACWPjst.exe
2624	gtXuGwa.exe
1408	WnAAbgB.exe
2596	RqgrrDl.exe
2116	zkbTGxS.exe
2644	BrrxpGS.exe
2416	SPiDROr.exe
664	EMrBBmA.exe
844	FcCwMiT.exe
1352	zsVwnAr.exe
1724	HCGxfbd.exe
1732	ZzpDtVQ.exe
912	fwKRiHb.exe
1968	KhSlMFK.exe
960	HLiWlAq.exe
980	eziDefi.exe
1088	kclxQYs.exe
1768	HLuOyLQ.exe
1196	zUEQsja.exe
2508	TbkJLZa.exe
2056	MUkhEdN.exe
2924	PBsuwZL.exe
604	BLEIwaU.exe
2032	FUwHJJC.exe
1588	qIOrsdq.exe
2072	fqAoNKJ.exe
880	lqVMDuo.exe
1664	InWyTvE.exe
2096	hCiNjDA.exe
3064	UJmQttM.exe
2492	QLMVfJD.exe
3036	FMosqGu.exe
2920	qxmUYdL.exe
2188	YdFutCR.exe
2648	BXKNeBh.exe
2808	YdbHhMc.exe
2860	qLajcZq.exe
2372	VPbpqMT.exe
2848	qszeCkj.exe
2184	LcvNRKk.exe
2660	hiexXxt.exe
2884	ryNYZIM.exe
2324	lkrEjFU.exe

Loads dropped DLL 64 IoCs

pid	Process
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2344-1-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x00090000000122ea-6.dat	upx
behavioral1/memory/2172-8-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x0008000000016d58-9.dat	upx
behavioral1/files/0x0007000000016dd0-21.dat	upx
behavioral1/memory/3004-27-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2636-25-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/560-20-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x0008000000016da7-18.dat	upx
behavioral1/memory/2696-34-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x0007000000016de8-40.dat	upx
behavioral1/memory/2700-42-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x0007000000016de4-33.dat	upx
behavioral1/memory/2344-43-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x0009000000016d36-46.dat	upx
behavioral1/files/0x0008000000016eb8-54.dat	upx
behavioral1/memory/2200-58-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/files/0x00050000000191f6-79.dat	upx
behavioral1/files/0x00060000000190e1-80.dat	upx
behavioral1/memory/2632-93-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x0005000000019240-90.dat	upx
behavioral1/memory/560-50-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x0008000000016edb-59.dat	upx
behavioral1/files/0x000500000001926c-126.dat	upx
behavioral1/files/0x0005000000019319-146.dat	upx
behavioral1/files/0x00050000000193c1-176.dat	upx
behavioral1/memory/2000-816-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x0005000000019450-191.dat	upx
behavioral1/files/0x0005000000019446-186.dat	upx
behavioral1/files/0x0005000000019433-181.dat	upx
behavioral1/files/0x00050000000193b3-171.dat	upx
behavioral1/files/0x00050000000193a4-166.dat	upx
behavioral1/files/0x0005000000019387-161.dat	upx
behavioral1/files/0x0005000000019377-156.dat	upx
behavioral1/files/0x0005000000019365-151.dat	upx
behavioral1/files/0x000500000001929a-141.dat	upx
behavioral1/files/0x0005000000019278-136.dat	upx
behavioral1/files/0x0005000000019275-131.dat	upx
behavioral1/files/0x0005000000019268-121.dat	upx
behavioral1/files/0x0005000000019259-117.dat	upx
behavioral1/files/0x0005000000019217-115.dat	upx
behavioral1/files/0x00050000000191d2-113.dat	upx
behavioral1/files/0x000600000001904c-112.dat	upx
behavioral1/memory/2152-109-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2700-108-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2000-103-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/3016-101-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2112-77-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x0006000000018f65-66.dat	upx
behavioral1/memory/2696-74-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2636-3478-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/560-3482-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/3004-3496-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2172-3510-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2696-3550-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2700-3862-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2632-4013-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2000-4015-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/3016-4016-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2200-4018-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2112-4020-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2152-4029-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nuCBMvd.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnvsUXU.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xtldPCv.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yzKDOCP.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TEmvkCW.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uARgiHd.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FENJEFz.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\amKrMaQ.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNFSoZX.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GYgyhHY.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pkxHrsP.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvwHEjL.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fJNMBBi.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BthgoMA.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TcRoUZO.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AmFXkLD.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pfhwFsG.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkWKkQQ.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TEPWYAy.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gXaDBdC.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aGJAGUr.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YcqtqGR.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AMjFrHF.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zUEQsja.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lyscIAE.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezJpgYj.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnCxMgY.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgaicoU.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSQHuSc.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYEnLDE.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SuiSDda.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TegaiPw.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sGsYeWr.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SUkAshq.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FGWKABT.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzOJDSd.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oJcvWQQ.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcRgjTx.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yElSmBz.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oEMtGfo.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xxLSvzv.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FodaeyP.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UKFyIpZ.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tZZOAIw.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owPIBOG.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AEuipzd.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JifGbWu.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzJOTXb.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ofEiamH.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WDtAcoL.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HZygErw.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QlJGBKc.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHghIKG.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fYfGTKe.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mBfVBQI.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aJNaQkC.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdwCaon.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EcruATJ.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pkGmLbC.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xcxPNAE.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kDCAeVZ.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbkJLZa.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IIqlKEi.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dNsZiUg.exe	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2172	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2344 wrote to memory of 2172	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2344 wrote to memory of 2172	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2344 wrote to memory of 560	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2344 wrote to memory of 560	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2344 wrote to memory of 560	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2344 wrote to memory of 2636	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2344 wrote to memory of 2636	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2344 wrote to memory of 2636	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2344 wrote to memory of 3004	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2344 wrote to memory of 3004	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2344 wrote to memory of 3004	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2344 wrote to memory of 2696	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2344 wrote to memory of 2696	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2344 wrote to memory of 2696	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2344 wrote to memory of 2700	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2344 wrote to memory of 2700	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2344 wrote to memory of 2700	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2344 wrote to memory of 2152	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2344 wrote to memory of 2152	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2344 wrote to memory of 2152	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2344 wrote to memory of 2200	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2344 wrote to memory of 2200	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2344 wrote to memory of 2200	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2344 wrote to memory of 2292	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2344 wrote to memory of 2292	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2344 wrote to memory of 2292	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2344 wrote to memory of 2112	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2344 wrote to memory of 2112	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2344 wrote to memory of 2112	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2344 wrote to memory of 2560	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2344 wrote to memory of 2560	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2344 wrote to memory of 2560	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2344 wrote to memory of 2632	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2344 wrote to memory of 2632	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2344 wrote to memory of 2632	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2344 wrote to memory of 3048	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2344 wrote to memory of 3048	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2344 wrote to memory of 3048	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2344 wrote to memory of 3016	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2344 wrote to memory of 3016	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2344 wrote to memory of 3016	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2344 wrote to memory of 744	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2344 wrote to memory of 744	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2344 wrote to memory of 744	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2344 wrote to memory of 2000	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2344 wrote to memory of 2000	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2344 wrote to memory of 2000	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2344 wrote to memory of 2528	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2344 wrote to memory of 2528	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2344 wrote to memory of 2528	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2344 wrote to memory of 1992	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2344 wrote to memory of 1992	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2344 wrote to memory of 1992	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2344 wrote to memory of 1036	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2344 wrote to memory of 1036	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2344 wrote to memory of 1036	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2344 wrote to memory of 1488	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2344 wrote to memory of 1488	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2344 wrote to memory of 1488	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2344 wrote to memory of 1336	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2344 wrote to memory of 1336	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2344 wrote to memory of 1336	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2344 wrote to memory of 1920	2344	2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-28_278987e26ceb750f2d9ff79b607aa930_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Windows\System\vBicbLL.exe
  C:\Windows\System\vBicbLL.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\hIVfdUZ.exe
  C:\Windows\System\hIVfdUZ.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\DuDTkZq.exe
  C:\Windows\System\DuDTkZq.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\NnwedLf.exe
  C:\Windows\System\NnwedLf.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\XEWBfuy.exe
  C:\Windows\System\XEWBfuy.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\SmzjXXZ.exe
  C:\Windows\System\SmzjXXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\wvejQcI.exe
  C:\Windows\System\wvejQcI.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\kdRtgVR.exe
  C:\Windows\System\kdRtgVR.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\ffBNEht.exe
  C:\Windows\System\ffBNEht.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\TSDwYcA.exe
  C:\Windows\System\TSDwYcA.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\ROauJJZ.exe
  C:\Windows\System\ROauJJZ.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\lILURcq.exe
  C:\Windows\System\lILURcq.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\FnCyEsC.exe
  C:\Windows\System\FnCyEsC.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\bPQLawM.exe
  C:\Windows\System\bPQLawM.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\vvWznev.exe
  C:\Windows\System\vvWznev.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\bdSyOEh.exe
  C:\Windows\System\bdSyOEh.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\GWZAJxk.exe
  C:\Windows\System\GWZAJxk.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\DypJnaa.exe
  C:\Windows\System\DypJnaa.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\kZTKSpz.exe
  C:\Windows\System\kZTKSpz.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\EczpOvs.exe
  C:\Windows\System\EczpOvs.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\HnltSdP.exe
  C:\Windows\System\HnltSdP.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\ACWPjst.exe
  C:\Windows\System\ACWPjst.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\gtXuGwa.exe
  C:\Windows\System\gtXuGwa.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\WnAAbgB.exe
  C:\Windows\System\WnAAbgB.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\RqgrrDl.exe
  C:\Windows\System\RqgrrDl.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\zkbTGxS.exe
  C:\Windows\System\zkbTGxS.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\BrrxpGS.exe
  C:\Windows\System\BrrxpGS.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\SPiDROr.exe
  C:\Windows\System\SPiDROr.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\EMrBBmA.exe
  C:\Windows\System\EMrBBmA.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\FcCwMiT.exe
  C:\Windows\System\FcCwMiT.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\zsVwnAr.exe
  C:\Windows\System\zsVwnAr.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\HCGxfbd.exe
  C:\Windows\System\HCGxfbd.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\ZzpDtVQ.exe
  C:\Windows\System\ZzpDtVQ.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\fwKRiHb.exe
  C:\Windows\System\fwKRiHb.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\KhSlMFK.exe
  C:\Windows\System\KhSlMFK.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\HLiWlAq.exe
  C:\Windows\System\HLiWlAq.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\eziDefi.exe
  C:\Windows\System\eziDefi.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\kclxQYs.exe
  C:\Windows\System\kclxQYs.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\HLuOyLQ.exe
  C:\Windows\System\HLuOyLQ.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\zUEQsja.exe
  C:\Windows\System\zUEQsja.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\TbkJLZa.exe
  C:\Windows\System\TbkJLZa.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\MUkhEdN.exe
  C:\Windows\System\MUkhEdN.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\PBsuwZL.exe
  C:\Windows\System\PBsuwZL.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\BLEIwaU.exe
  C:\Windows\System\BLEIwaU.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\FUwHJJC.exe
  C:\Windows\System\FUwHJJC.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\qIOrsdq.exe
  C:\Windows\System\qIOrsdq.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\fqAoNKJ.exe
  C:\Windows\System\fqAoNKJ.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\lqVMDuo.exe
  C:\Windows\System\lqVMDuo.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\InWyTvE.exe
  C:\Windows\System\InWyTvE.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\hCiNjDA.exe
  C:\Windows\System\hCiNjDA.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\UJmQttM.exe
  C:\Windows\System\UJmQttM.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\QLMVfJD.exe
  C:\Windows\System\QLMVfJD.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\FMosqGu.exe
  C:\Windows\System\FMosqGu.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\qxmUYdL.exe
  C:\Windows\System\qxmUYdL.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\YdFutCR.exe
  C:\Windows\System\YdFutCR.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\BXKNeBh.exe
  C:\Windows\System\BXKNeBh.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\YdbHhMc.exe
  C:\Windows\System\YdbHhMc.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\qLajcZq.exe
  C:\Windows\System\qLajcZq.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\VPbpqMT.exe
  C:\Windows\System\VPbpqMT.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\qszeCkj.exe
  C:\Windows\System\qszeCkj.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\LcvNRKk.exe
  C:\Windows\System\LcvNRKk.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\hiexXxt.exe
  C:\Windows\System\hiexXxt.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\ryNYZIM.exe
  C:\Windows\System\ryNYZIM.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\lkrEjFU.exe
  C:\Windows\System\lkrEjFU.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\tHFtcUg.exe
  C:\Windows\System\tHFtcUg.exe
  2⤵
  PID:1292
- C:\Windows\System\CVKdyZa.exe
  C:\Windows\System\CVKdyZa.exe
  2⤵
  PID:2844
- C:\Windows\System\yusvaPc.exe
  C:\Windows\System\yusvaPc.exe
  2⤵
  PID:2628
- C:\Windows\System\vMdoNHE.exe
  C:\Windows\System\vMdoNHE.exe
  2⤵
  PID:2024
- C:\Windows\System\MfITOlN.exe
  C:\Windows\System\MfITOlN.exe
  2⤵
  PID:1620
- C:\Windows\System\ILAJVKd.exe
  C:\Windows\System\ILAJVKd.exe
  2⤵
  PID:1496
- C:\Windows\System\kLimgfF.exe
  C:\Windows\System\kLimgfF.exe
  2⤵
  PID:1696
- C:\Windows\System\FsoMNlG.exe
  C:\Windows\System\FsoMNlG.exe
  2⤵
  PID:1892
- C:\Windows\System\yBtIpsL.exe
  C:\Windows\System\yBtIpsL.exe
  2⤵
  PID:2768
- C:\Windows\System\WBZFxpc.exe
  C:\Windows\System\WBZFxpc.exe
  2⤵
  PID:1816
- C:\Windows\System\FlMxeRa.exe
  C:\Windows\System\FlMxeRa.exe
  2⤵
  PID:2376
- C:\Windows\System\TegaiPw.exe
  C:\Windows\System\TegaiPw.exe
  2⤵
  PID:2248
- C:\Windows\System\NaorlAz.exe
  C:\Windows\System\NaorlAz.exe
  2⤵
  PID:1344
- C:\Windows\System\NyNCgsQ.exe
  C:\Windows\System\NyNCgsQ.exe
  2⤵
  PID:1192
- C:\Windows\System\GZpmFRM.exe
  C:\Windows\System\GZpmFRM.exe
  2⤵
  PID:1656
- C:\Windows\System\WtofIzu.exe
  C:\Windows\System\WtofIzu.exe
  2⤵
  PID:2904
- C:\Windows\System\Deldool.exe
  C:\Windows\System\Deldool.exe
  2⤵
  PID:1880
- C:\Windows\System\CeLrtRS.exe
  C:\Windows\System\CeLrtRS.exe
  2⤵
  PID:712
- C:\Windows\System\zxSfuFu.exe
  C:\Windows\System\zxSfuFu.exe
  2⤵
  PID:108
- C:\Windows\System\LBLJnjL.exe
  C:\Windows\System\LBLJnjL.exe
  2⤵
  PID:2968
- C:\Windows\System\pEGuriL.exe
  C:\Windows\System\pEGuriL.exe
  2⤵
  PID:2100
- C:\Windows\System\AcFIPWR.exe
  C:\Windows\System\AcFIPWR.exe
  2⤵
  PID:2400
- C:\Windows\System\gUFyxyw.exe
  C:\Windows\System\gUFyxyw.exe
  2⤵
  PID:2440
- C:\Windows\System\wxrWwfY.exe
  C:\Windows\System\wxrWwfY.exe
  2⤵
  PID:1856
- C:\Windows\System\AnusPOt.exe
  C:\Windows\System\AnusPOt.exe
  2⤵
  PID:1748
- C:\Windows\System\QnPBNSu.exe
  C:\Windows\System\QnPBNSu.exe
  2⤵
  PID:2040
- C:\Windows\System\vibpjCj.exe
  C:\Windows\System\vibpjCj.exe
  2⤵
  PID:1552
- C:\Windows\System\FENJEFz.exe
  C:\Windows\System\FENJEFz.exe
  2⤵
  PID:2088
- C:\Windows\System\yElSmBz.exe
  C:\Windows\System\yElSmBz.exe
  2⤵
  PID:2504
- C:\Windows\System\zvZLxGA.exe
  C:\Windows\System\zvZLxGA.exe
  2⤵
  PID:2784
- C:\Windows\System\xExCgFw.exe
  C:\Windows\System\xExCgFw.exe
  2⤵
  PID:2144
- C:\Windows\System\yUTcdMj.exe
  C:\Windows\System\yUTcdMj.exe
  2⤵
  PID:2688
- C:\Windows\System\zUZVHpT.exe
  C:\Windows\System\zUZVHpT.exe
  2⤵
  PID:2556
- C:\Windows\System\aAhseEP.exe
  C:\Windows\System\aAhseEP.exe
  2⤵
  PID:836
- C:\Windows\System\nwZHALc.exe
  C:\Windows\System\nwZHALc.exe
  2⤵
  PID:2820
- C:\Windows\System\xGYBjHZ.exe
  C:\Windows\System\xGYBjHZ.exe
  2⤵
  PID:2080
- C:\Windows\System\qgMhdIO.exe
  C:\Windows\System\qgMhdIO.exe
  2⤵
  PID:1396
- C:\Windows\System\CfkXgah.exe
  C:\Windows\System\CfkXgah.exe
  2⤵
  PID:2240
- C:\Windows\System\lsJMuzR.exe
  C:\Windows\System\lsJMuzR.exe
  2⤵
  PID:2872
- C:\Windows\System\ZLcITTd.exe
  C:\Windows\System\ZLcITTd.exe
  2⤵
  PID:2824
- C:\Windows\System\INPPYOV.exe
  C:\Windows\System\INPPYOV.exe
  2⤵
  PID:1288
- C:\Windows\System\pAbxCEv.exe
  C:\Windows\System\pAbxCEv.exe
  2⤵
  PID:1692
- C:\Windows\System\zSGOBPd.exe
  C:\Windows\System\zSGOBPd.exe
  2⤵
  PID:1516
- C:\Windows\System\OmQNIWO.exe
  C:\Windows\System\OmQNIWO.exe
  2⤵
  PID:1616
- C:\Windows\System\HBoCoim.exe
  C:\Windows\System\HBoCoim.exe
  2⤵
  PID:2964
- C:\Windows\System\HAyFhGO.exe
  C:\Windows\System\HAyFhGO.exe
  2⤵
  PID:1328
- C:\Windows\System\ubQMZIM.exe
  C:\Windows\System\ubQMZIM.exe
  2⤵
  PID:632
- C:\Windows\System\oUqJygS.exe
  C:\Windows\System\oUqJygS.exe
  2⤵
  PID:2748
- C:\Windows\System\xJQojSz.exe
  C:\Windows\System\xJQojSz.exe
  2⤵
  PID:2148
- C:\Windows\System\iJZZPED.exe
  C:\Windows\System\iJZZPED.exe
  2⤵
  PID:320
- C:\Windows\System\hVEjXgm.exe
  C:\Windows\System\hVEjXgm.exe
  2⤵
  PID:2264
- C:\Windows\System\jyWhxEk.exe
  C:\Windows\System\jyWhxEk.exe
  2⤵
  PID:2836
- C:\Windows\System\uzMMNOv.exe
  C:\Windows\System\uzMMNOv.exe
  2⤵
  PID:2704
- C:\Windows\System\HfSFhCQ.exe
  C:\Windows\System\HfSFhCQ.exe
  2⤵
  PID:1896
- C:\Windows\System\SBzoTVL.exe
  C:\Windows\System\SBzoTVL.exe
  2⤵
  PID:1444
- C:\Windows\System\VciZhcf.exe
  C:\Windows\System\VciZhcf.exe
  2⤵
  PID:1320
- C:\Windows\System\iyQCoIs.exe
  C:\Windows\System\iyQCoIs.exe
  2⤵
  PID:1256
- C:\Windows\System\WrCcPoz.exe
  C:\Windows\System\WrCcPoz.exe
  2⤵
  PID:892
- C:\Windows\System\PXyqRyR.exe
  C:\Windows\System\PXyqRyR.exe
  2⤵
  PID:2856
- C:\Windows\System\vSBUhkv.exe
  C:\Windows\System\vSBUhkv.exe
  2⤵
  PID:2020
- C:\Windows\System\bUPkNpC.exe
  C:\Windows\System\bUPkNpC.exe
  2⤵
  PID:2180
- C:\Windows\System\iNgPDae.exe
  C:\Windows\System\iNgPDae.exe
  2⤵
  PID:1860
- C:\Windows\System\WkyDHIn.exe
  C:\Windows\System\WkyDHIn.exe
  2⤵
  PID:1576
- C:\Windows\System\EogrZNT.exe
  C:\Windows\System\EogrZNT.exe
  2⤵
  PID:1448
- C:\Windows\System\LVWETIp.exe
  C:\Windows\System\LVWETIp.exe
  2⤵
  PID:2348
- C:\Windows\System\jcHzJqq.exe
  C:\Windows\System\jcHzJqq.exe
  2⤵
  PID:1988
- C:\Windows\System\BkVupuN.exe
  C:\Windows\System\BkVupuN.exe
  2⤵
  PID:3080
- C:\Windows\System\phwIRpa.exe
  C:\Windows\System\phwIRpa.exe
  2⤵
  PID:3104
- C:\Windows\System\wFaxigr.exe
  C:\Windows\System\wFaxigr.exe
  2⤵
  PID:3128
- C:\Windows\System\vkIwfvg.exe
  C:\Windows\System\vkIwfvg.exe
  2⤵
  PID:3148
- C:\Windows\System\okkDjMK.exe
  C:\Windows\System\okkDjMK.exe
  2⤵
  PID:3168
- C:\Windows\System\tdWurhU.exe
  C:\Windows\System\tdWurhU.exe
  2⤵
  PID:3184
- C:\Windows\System\CLbiZSq.exe
  C:\Windows\System\CLbiZSq.exe
  2⤵
  PID:3204
- C:\Windows\System\PGlFQir.exe
  C:\Windows\System\PGlFQir.exe
  2⤵
  PID:3228
- C:\Windows\System\MnWFgOx.exe
  C:\Windows\System\MnWFgOx.exe
  2⤵
  PID:3248
- C:\Windows\System\jFEaKVb.exe
  C:\Windows\System\jFEaKVb.exe
  2⤵
  PID:3268
- C:\Windows\System\NSuknpW.exe
  C:\Windows\System\NSuknpW.exe
  2⤵
  PID:3288
- C:\Windows\System\IrkDBrF.exe
  C:\Windows\System\IrkDBrF.exe
  2⤵
  PID:3304
- C:\Windows\System\agFznyp.exe
  C:\Windows\System\agFznyp.exe
  2⤵
  PID:3328
- C:\Windows\System\YpNLLDZ.exe
  C:\Windows\System\YpNLLDZ.exe
  2⤵
  PID:3348
- C:\Windows\System\BvUDhrK.exe
  C:\Windows\System\BvUDhrK.exe
  2⤵
  PID:3368
- C:\Windows\System\FgkwYug.exe
  C:\Windows\System\FgkwYug.exe
  2⤵
  PID:3388
- C:\Windows\System\esygScX.exe
  C:\Windows\System\esygScX.exe
  2⤵
  PID:3408
- C:\Windows\System\PqSmmle.exe
  C:\Windows\System\PqSmmle.exe
  2⤵
  PID:3424
- C:\Windows\System\momiWcK.exe
  C:\Windows\System\momiWcK.exe
  2⤵
  PID:3444
- C:\Windows\System\uASXiSA.exe
  C:\Windows\System\uASXiSA.exe
  2⤵
  PID:3464
- C:\Windows\System\pkGmLbC.exe
  C:\Windows\System\pkGmLbC.exe
  2⤵
  PID:3496
- C:\Windows\System\OZVImHM.exe
  C:\Windows\System\OZVImHM.exe
  2⤵
  PID:3512
- C:\Windows\System\tcGmujN.exe
  C:\Windows\System\tcGmujN.exe
  2⤵
  PID:3532
- C:\Windows\System\wETKMgA.exe
  C:\Windows\System\wETKMgA.exe
  2⤵
  PID:3552
- C:\Windows\System\pcWCmOR.exe
  C:\Windows\System\pcWCmOR.exe
  2⤵
  PID:3576
- C:\Windows\System\NWvyTuW.exe
  C:\Windows\System\NWvyTuW.exe
  2⤵
  PID:3596
- C:\Windows\System\vgXvwNg.exe
  C:\Windows\System\vgXvwNg.exe
  2⤵
  PID:3616
- C:\Windows\System\GezJFsp.exe
  C:\Windows\System\GezJFsp.exe
  2⤵
  PID:3632
- C:\Windows\System\FBvvDZd.exe
  C:\Windows\System\FBvvDZd.exe
  2⤵
  PID:3652
- C:\Windows\System\tRcbHTU.exe
  C:\Windows\System\tRcbHTU.exe
  2⤵
  PID:3672
- C:\Windows\System\WUflkRa.exe
  C:\Windows\System\WUflkRa.exe
  2⤵
  PID:3696
- C:\Windows\System\kSYEzCe.exe
  C:\Windows\System\kSYEzCe.exe
  2⤵
  PID:3720
- C:\Windows\System\TaAEdes.exe
  C:\Windows\System\TaAEdes.exe
  2⤵
  PID:3740
- C:\Windows\System\IqEKgQh.exe
  C:\Windows\System\IqEKgQh.exe
  2⤵
  PID:3760
- C:\Windows\System\mkROZSw.exe
  C:\Windows\System\mkROZSw.exe
  2⤵
  PID:3780
- C:\Windows\System\Rjsffej.exe
  C:\Windows\System\Rjsffej.exe
  2⤵
  PID:3800
- C:\Windows\System\VhSvACi.exe
  C:\Windows\System\VhSvACi.exe
  2⤵
  PID:3820
- C:\Windows\System\XUFIbcq.exe
  C:\Windows\System\XUFIbcq.exe
  2⤵
  PID:3840
- C:\Windows\System\DIAUIVI.exe
  C:\Windows\System\DIAUIVI.exe
  2⤵
  PID:3860
- C:\Windows\System\OTKxicO.exe
  C:\Windows\System\OTKxicO.exe
  2⤵
  PID:3880
- C:\Windows\System\NKRtEWx.exe
  C:\Windows\System\NKRtEWx.exe
  2⤵
  PID:3900
- C:\Windows\System\IxHAUVJ.exe
  C:\Windows\System\IxHAUVJ.exe
  2⤵
  PID:3920
- C:\Windows\System\DRIptub.exe
  C:\Windows\System\DRIptub.exe
  2⤵
  PID:3940
- C:\Windows\System\ksUxaSr.exe
  C:\Windows\System\ksUxaSr.exe
  2⤵
  PID:3960
- C:\Windows\System\rApOEQj.exe
  C:\Windows\System\rApOEQj.exe
  2⤵
  PID:3980
- C:\Windows\System\iIMdNuS.exe
  C:\Windows\System\iIMdNuS.exe
  2⤵
  PID:4000
- C:\Windows\System\sQTbKQy.exe
  C:\Windows\System\sQTbKQy.exe
  2⤵
  PID:4020
- C:\Windows\System\quAApMl.exe
  C:\Windows\System\quAApMl.exe
  2⤵
  PID:4040
- C:\Windows\System\VHZyHIP.exe
  C:\Windows\System\VHZyHIP.exe
  2⤵
  PID:4060
- C:\Windows\System\TKxLemJ.exe
  C:\Windows\System\TKxLemJ.exe
  2⤵
  PID:4080
- C:\Windows\System\rgBNAmT.exe
  C:\Windows\System\rgBNAmT.exe
  2⤵
  PID:1252
- C:\Windows\System\WQQdyBW.exe
  C:\Windows\System\WQQdyBW.exe
  2⤵
  PID:1520
- C:\Windows\System\GVvgNLV.exe
  C:\Windows\System\GVvgNLV.exe
  2⤵
  PID:2224
- C:\Windows\System\kcbVeYH.exe
  C:\Windows\System\kcbVeYH.exe
  2⤵
  PID:1688
- C:\Windows\System\VTAXvzU.exe
  C:\Windows\System\VTAXvzU.exe
  2⤵
  PID:2936
- C:\Windows\System\KlyJQUm.exe
  C:\Windows\System\KlyJQUm.exe
  2⤵
  PID:2328
- C:\Windows\System\YjWGMNU.exe
  C:\Windows\System\YjWGMNU.exe
  2⤵
  PID:2228
- C:\Windows\System\BQqTDrC.exe
  C:\Windows\System\BQqTDrC.exe
  2⤵
  PID:3112
- C:\Windows\System\xnfLRpC.exe
  C:\Windows\System\xnfLRpC.exe
  2⤵
  PID:3136
- C:\Windows\System\YYtnCCX.exe
  C:\Windows\System\YYtnCCX.exe
  2⤵
  PID:3140
- C:\Windows\System\KTtkUra.exe
  C:\Windows\System\KTtkUra.exe
  2⤵
  PID:3216
- C:\Windows\System\yyFWASp.exe
  C:\Windows\System\yyFWASp.exe
  2⤵
  PID:3244
- C:\Windows\System\zAJteTa.exe
  C:\Windows\System\zAJteTa.exe
  2⤵
  PID:3284
- C:\Windows\System\riQQpgI.exe
  C:\Windows\System\riQQpgI.exe
  2⤵
  PID:3320
- C:\Windows\System\vVWhUlE.exe
  C:\Windows\System\vVWhUlE.exe
  2⤵
  PID:3336
- C:\Windows\System\ZnVaoVb.exe
  C:\Windows\System\ZnVaoVb.exe
  2⤵
  PID:3376
- C:\Windows\System\DerGWly.exe
  C:\Windows\System\DerGWly.exe
  2⤵
  PID:3400
- C:\Windows\System\SGlZjDs.exe
  C:\Windows\System\SGlZjDs.exe
  2⤵
  PID:3472
- C:\Windows\System\aqoVNkU.exe
  C:\Windows\System\aqoVNkU.exe
  2⤵
  PID:3420
- C:\Windows\System\YGtTliw.exe
  C:\Windows\System\YGtTliw.exe
  2⤵
  PID:3528
- C:\Windows\System\nuCBMvd.exe
  C:\Windows\System\nuCBMvd.exe
  2⤵
  PID:3508
- C:\Windows\System\Hiodwcg.exe
  C:\Windows\System\Hiodwcg.exe
  2⤵
  PID:3572
- C:\Windows\System\mwBIznW.exe
  C:\Windows\System\mwBIznW.exe
  2⤵
  PID:3592
- C:\Windows\System\HhdLtRF.exe
  C:\Windows\System\HhdLtRF.exe
  2⤵
  PID:3624
- C:\Windows\System\XCgZGKn.exe
  C:\Windows\System\XCgZGKn.exe
  2⤵
  PID:3668
- C:\Windows\System\gEFyRAJ.exe
  C:\Windows\System\gEFyRAJ.exe
  2⤵
  PID:3664
- C:\Windows\System\HngdESK.exe
  C:\Windows\System\HngdESK.exe
  2⤵
  PID:3768
- C:\Windows\System\RazSUQl.exe
  C:\Windows\System\RazSUQl.exe
  2⤵
  PID:3756
- C:\Windows\System\YQJfJEf.exe
  C:\Windows\System\YQJfJEf.exe
  2⤵
  PID:3812
- C:\Windows\System\GxldAbt.exe
  C:\Windows\System\GxldAbt.exe
  2⤵
  PID:3852
- C:\Windows\System\TShxNZq.exe
  C:\Windows\System\TShxNZq.exe
  2⤵
  PID:3868
- C:\Windows\System\UczlRrm.exe
  C:\Windows\System\UczlRrm.exe
  2⤵
  PID:3908
- C:\Windows\System\OXDbWzP.exe
  C:\Windows\System\OXDbWzP.exe
  2⤵
  PID:3912
- C:\Windows\System\xcxPNAE.exe
  C:\Windows\System\xcxPNAE.exe
  2⤵
  PID:3972
- C:\Windows\System\mZZxcCw.exe
  C:\Windows\System\mZZxcCw.exe
  2⤵
  PID:4016
- C:\Windows\System\jggJhDP.exe
  C:\Windows\System\jggJhDP.exe
  2⤵
  PID:4028
- C:\Windows\System\KvVlMvZ.exe
  C:\Windows\System\KvVlMvZ.exe
  2⤵
  PID:3692
- C:\Windows\System\vcDvGCd.exe
  C:\Windows\System\vcDvGCd.exe
  2⤵
  PID:4072
- C:\Windows\System\mkCePvK.exe
  C:\Windows\System\mkCePvK.exe
  2⤵
  PID:1168
- C:\Windows\System\SoPrFOy.exe
  C:\Windows\System\SoPrFOy.exe
  2⤵
  PID:2908
- C:\Windows\System\LSBjkGI.exe
  C:\Windows\System\LSBjkGI.exe
  2⤵
  PID:1560
- C:\Windows\System\DKSsAEb.exe
  C:\Windows\System\DKSsAEb.exe
  2⤵
  PID:2712
- C:\Windows\System\RDrlunS.exe
  C:\Windows\System\RDrlunS.exe
  2⤵
  PID:3116
- C:\Windows\System\XscavWe.exe
  C:\Windows\System\XscavWe.exe
  2⤵
  PID:3200
- C:\Windows\System\qaouACp.exe
  C:\Windows\System\qaouACp.exe
  2⤵
  PID:3176
- C:\Windows\System\akAnqof.exe
  C:\Windows\System\akAnqof.exe
  2⤵
  PID:3324
- C:\Windows\System\fmzJLad.exe
  C:\Windows\System\fmzJLad.exe
  2⤵
  PID:3296
- C:\Windows\System\gaXMpIs.exe
  C:\Windows\System\gaXMpIs.exe
  2⤵
  PID:3396
- C:\Windows\System\FCXnatE.exe
  C:\Windows\System\FCXnatE.exe
  2⤵
  PID:3436
- C:\Windows\System\unTtZxI.exe
  C:\Windows\System\unTtZxI.exe
  2⤵
  PID:3456
- C:\Windows\System\BSOgWrf.exe
  C:\Windows\System\BSOgWrf.exe
  2⤵
  PID:3584
- C:\Windows\System\DTyrNJO.exe
  C:\Windows\System\DTyrNJO.exe
  2⤵
  PID:3680
- C:\Windows\System\fPbhSXL.exe
  C:\Windows\System\fPbhSXL.exe
  2⤵
  PID:3644
- C:\Windows\System\ywxFOEU.exe
  C:\Windows\System\ywxFOEU.exe
  2⤵
  PID:3708
- C:\Windows\System\LwLEoVM.exe
  C:\Windows\System\LwLEoVM.exe
  2⤵
  PID:3788
- C:\Windows\System\glzkySA.exe
  C:\Windows\System\glzkySA.exe
  2⤵
  PID:3792
- C:\Windows\System\vggneon.exe
  C:\Windows\System\vggneon.exe
  2⤵
  PID:3856
- C:\Windows\System\zdwCaon.exe
  C:\Windows\System\zdwCaon.exe
  2⤵
  PID:3872
- C:\Windows\System\wFVNTzu.exe
  C:\Windows\System\wFVNTzu.exe
  2⤵
  PID:3976
- C:\Windows\System\yLeQSCM.exe
  C:\Windows\System\yLeQSCM.exe
  2⤵
  PID:3364
- C:\Windows\System\YwJAMcx.exe
  C:\Windows\System\YwJAMcx.exe
  2⤵
  PID:2252
- C:\Windows\System\VygbYio.exe
  C:\Windows\System\VygbYio.exe
  2⤵
  PID:1636
- C:\Windows\System\QUKRHZJ.exe
  C:\Windows\System\QUKRHZJ.exe
  2⤵
  PID:2544
- C:\Windows\System\pqbnjHf.exe
  C:\Windows\System\pqbnjHf.exe
  2⤵
  PID:3076
- C:\Windows\System\mISdcTZ.exe
  C:\Windows\System\mISdcTZ.exe
  2⤵
  PID:3100
- C:\Windows\System\xTEGeLP.exe
  C:\Windows\System\xTEGeLP.exe
  2⤵
  PID:3256
- C:\Windows\System\WKoNFAz.exe
  C:\Windows\System\WKoNFAz.exe
  2⤵
  PID:3476
- C:\Windows\System\mWYgPQN.exe
  C:\Windows\System\mWYgPQN.exe
  2⤵
  PID:680
- C:\Windows\System\VexBJYs.exe
  C:\Windows\System\VexBJYs.exe
  2⤵
  PID:3504
- C:\Windows\System\ZfCydVA.exe
  C:\Windows\System\ZfCydVA.exe
  2⤵
  PID:3548
- C:\Windows\System\ZYJqlVa.exe
  C:\Windows\System\ZYJqlVa.exe
  2⤵
  PID:3732
- C:\Windows\System\pfhwFsG.exe
  C:\Windows\System\pfhwFsG.exe
  2⤵
  PID:3888
- C:\Windows\System\HFzxnWs.exe
  C:\Windows\System\HFzxnWs.exe
  2⤵
  PID:3916
- C:\Windows\System\zNolJAx.exe
  C:\Windows\System\zNolJAx.exe
  2⤵
  PID:4008
- C:\Windows\System\DDKbwxl.exe
  C:\Windows\System\DDKbwxl.exe
  2⤵
  PID:4052
- C:\Windows\System\cjOAUrc.exe
  C:\Windows\System\cjOAUrc.exe
  2⤵
  PID:1580
- C:\Windows\System\AcjHUQI.exe
  C:\Windows\System\AcjHUQI.exe
  2⤵
  PID:3144
- C:\Windows\System\KTGNSiw.exe
  C:\Windows\System\KTGNSiw.exe
  2⤵
  PID:3236
- C:\Windows\System\sRcEdVg.exe
  C:\Windows\System\sRcEdVg.exe
  2⤵
  PID:3540
- C:\Windows\System\qGtZmtx.exe
  C:\Windows\System\qGtZmtx.exe
  2⤵
  PID:3356
- C:\Windows\System\SednMeX.exe
  C:\Windows\System\SednMeX.exe
  2⤵
  PID:3688
- C:\Windows\System\PdForKw.exe
  C:\Windows\System\PdForKw.exe
  2⤵
  PID:3816
- C:\Windows\System\pYSgDax.exe
  C:\Windows\System\pYSgDax.exe
  2⤵
  PID:4104
- C:\Windows\System\uVQcxYH.exe
  C:\Windows\System\uVQcxYH.exe
  2⤵
  PID:4124
- C:\Windows\System\tCYyruo.exe
  C:\Windows\System\tCYyruo.exe
  2⤵
  PID:4144
- C:\Windows\System\DxTJtLb.exe
  C:\Windows\System\DxTJtLb.exe
  2⤵
  PID:4164
- C:\Windows\System\PDoTvwR.exe
  C:\Windows\System\PDoTvwR.exe
  2⤵
  PID:4184
- C:\Windows\System\pxIfnYQ.exe
  C:\Windows\System\pxIfnYQ.exe
  2⤵
  PID:4208
- C:\Windows\System\IIqlKEi.exe
  C:\Windows\System\IIqlKEi.exe
  2⤵
  PID:4228
- C:\Windows\System\pdEOwzl.exe
  C:\Windows\System\pdEOwzl.exe
  2⤵
  PID:4248
- C:\Windows\System\trFywUf.exe
  C:\Windows\System\trFywUf.exe
  2⤵
  PID:4268
- C:\Windows\System\ZjxaJiE.exe
  C:\Windows\System\ZjxaJiE.exe
  2⤵
  PID:4288
- C:\Windows\System\UecJZkR.exe
  C:\Windows\System\UecJZkR.exe
  2⤵
  PID:4308
- C:\Windows\System\zMvCtwv.exe
  C:\Windows\System\zMvCtwv.exe
  2⤵
  PID:4328
- C:\Windows\System\IKcakez.exe
  C:\Windows\System\IKcakez.exe
  2⤵
  PID:4348
- C:\Windows\System\ezCGnft.exe
  C:\Windows\System\ezCGnft.exe
  2⤵
  PID:4368
- C:\Windows\System\FwcaLWW.exe
  C:\Windows\System\FwcaLWW.exe
  2⤵
  PID:4388
- C:\Windows\System\SheCeeo.exe
  C:\Windows\System\SheCeeo.exe
  2⤵
  PID:4408
- C:\Windows\System\mqdNsgS.exe
  C:\Windows\System\mqdNsgS.exe
  2⤵
  PID:4428
- C:\Windows\System\vOfOxQc.exe
  C:\Windows\System\vOfOxQc.exe
  2⤵
  PID:4448
- C:\Windows\System\FxNWZmp.exe
  C:\Windows\System\FxNWZmp.exe
  2⤵
  PID:4468
- C:\Windows\System\GqoDEZL.exe
  C:\Windows\System\GqoDEZL.exe
  2⤵
  PID:4484
- C:\Windows\System\tTxtAhd.exe
  C:\Windows\System\tTxtAhd.exe
  2⤵
  PID:4508
- C:\Windows\System\ETBjOBO.exe
  C:\Windows\System\ETBjOBO.exe
  2⤵
  PID:4528
- C:\Windows\System\qnnjUTF.exe
  C:\Windows\System\qnnjUTF.exe
  2⤵
  PID:4548
- C:\Windows\System\NfMQWUg.exe
  C:\Windows\System\NfMQWUg.exe
  2⤵
  PID:4568
- C:\Windows\System\uhiUcZP.exe
  C:\Windows\System\uhiUcZP.exe
  2⤵
  PID:4588
- C:\Windows\System\ceSAHZC.exe
  C:\Windows\System\ceSAHZC.exe
  2⤵
  PID:4608
- C:\Windows\System\kYyuUTV.exe
  C:\Windows\System\kYyuUTV.exe
  2⤵
  PID:4628
- C:\Windows\System\ykrBhDe.exe
  C:\Windows\System\ykrBhDe.exe
  2⤵
  PID:4648
- C:\Windows\System\JJHZGWZ.exe
  C:\Windows\System\JJHZGWZ.exe
  2⤵
  PID:4668
- C:\Windows\System\mnvsUXU.exe
  C:\Windows\System\mnvsUXU.exe
  2⤵
  PID:4688
- C:\Windows\System\WDtAcoL.exe
  C:\Windows\System\WDtAcoL.exe
  2⤵
  PID:4708
- C:\Windows\System\LwPVSPW.exe
  C:\Windows\System\LwPVSPW.exe
  2⤵
  PID:4728
- C:\Windows\System\utzKbuJ.exe
  C:\Windows\System\utzKbuJ.exe
  2⤵
  PID:4748
- C:\Windows\System\jWiavbv.exe
  C:\Windows\System\jWiavbv.exe
  2⤵
  PID:4772
- C:\Windows\System\XnQNtfW.exe
  C:\Windows\System\XnQNtfW.exe
  2⤵
  PID:4792
- C:\Windows\System\BkZQbtx.exe
  C:\Windows\System\BkZQbtx.exe
  2⤵
  PID:4812
- C:\Windows\System\jcCLthk.exe
  C:\Windows\System\jcCLthk.exe
  2⤵
  PID:4832
- C:\Windows\System\wJGCkjn.exe
  C:\Windows\System\wJGCkjn.exe
  2⤵
  PID:4852
- C:\Windows\System\OOchlad.exe
  C:\Windows\System\OOchlad.exe
  2⤵
  PID:4872
- C:\Windows\System\LXKplVo.exe
  C:\Windows\System\LXKplVo.exe
  2⤵
  PID:4892
- C:\Windows\System\DYPGUNh.exe
  C:\Windows\System\DYPGUNh.exe
  2⤵
  PID:4912
- C:\Windows\System\ulozEJQ.exe
  C:\Windows\System\ulozEJQ.exe
  2⤵
  PID:4932
- C:\Windows\System\gMVDpnZ.exe
  C:\Windows\System\gMVDpnZ.exe
  2⤵
  PID:4952
- C:\Windows\System\QJrywzG.exe
  C:\Windows\System\QJrywzG.exe
  2⤵
  PID:4972
- C:\Windows\System\jUvHFfd.exe
  C:\Windows\System\jUvHFfd.exe
  2⤵
  PID:4992
- C:\Windows\System\knvNKqg.exe
  C:\Windows\System\knvNKqg.exe
  2⤵
  PID:5012
- C:\Windows\System\dHnImMJ.exe
  C:\Windows\System\dHnImMJ.exe
  2⤵
  PID:5032
- C:\Windows\System\SCDtpEV.exe
  C:\Windows\System\SCDtpEV.exe
  2⤵
  PID:5052
- C:\Windows\System\goYcJbG.exe
  C:\Windows\System\goYcJbG.exe
  2⤵
  PID:5072
- C:\Windows\System\gfZfalp.exe
  C:\Windows\System\gfZfalp.exe
  2⤵
  PID:5092
- C:\Windows\System\SpRJJkI.exe
  C:\Windows\System\SpRJJkI.exe
  2⤵
  PID:5112
- C:\Windows\System\LqjKkWz.exe
  C:\Windows\System\LqjKkWz.exe
  2⤵
  PID:3892
- C:\Windows\System\UgBNbtu.exe
  C:\Windows\System\UgBNbtu.exe
  2⤵
  PID:3160
- C:\Windows\System\iieKtka.exe
  C:\Windows\System\iieKtka.exe
  2⤵
  PID:3312
- C:\Windows\System\YZILmHp.exe
  C:\Windows\System\YZILmHp.exe
  2⤵
  PID:3544
- C:\Windows\System\XtkwToK.exe
  C:\Windows\System\XtkwToK.exe
  2⤵
  PID:3460
- C:\Windows\System\dfubwSs.exe
  C:\Windows\System\dfubwSs.exe
  2⤵
  PID:3772
- C:\Windows\System\taruFdW.exe
  C:\Windows\System\taruFdW.exe
  2⤵
  PID:4120
- C:\Windows\System\qwGvtHZ.exe
  C:\Windows\System\qwGvtHZ.exe
  2⤵
  PID:4176
- C:\Windows\System\secpwta.exe
  C:\Windows\System\secpwta.exe
  2⤵
  PID:4224
- C:\Windows\System\YvRmnNz.exe
  C:\Windows\System\YvRmnNz.exe
  2⤵
  PID:4236
- C:\Windows\System\sNChLHe.exe
  C:\Windows\System\sNChLHe.exe
  2⤵
  PID:4260
- C:\Windows\System\HAvPPEX.exe
  C:\Windows\System\HAvPPEX.exe
  2⤵
  PID:4284
- C:\Windows\System\xYbIifD.exe
  C:\Windows\System\xYbIifD.exe
  2⤵
  PID:4324
- C:\Windows\System\RqnCXvP.exe
  C:\Windows\System\RqnCXvP.exe
  2⤵
  PID:4364
- C:\Windows\System\fmGtWyf.exe
  C:\Windows\System\fmGtWyf.exe
  2⤵
  PID:4424
- C:\Windows\System\lyscIAE.exe
  C:\Windows\System\lyscIAE.exe
  2⤵
  PID:2296
- C:\Windows\System\qGLknfM.exe
  C:\Windows\System\qGLknfM.exe
  2⤵
  PID:4456
- C:\Windows\System\blKNIHn.exe
  C:\Windows\System\blKNIHn.exe
  2⤵
  PID:4460
- C:\Windows\System\kduDpKj.exe
  C:\Windows\System\kduDpKj.exe
  2⤵
  PID:4492
- C:\Windows\System\xtldPCv.exe
  C:\Windows\System\xtldPCv.exe
  2⤵
  PID:2364
- C:\Windows\System\ALljDKi.exe
  C:\Windows\System\ALljDKi.exe
  2⤵
  PID:4520
- C:\Windows\System\lzUrPSV.exe
  C:\Windows\System\lzUrPSV.exe
  2⤵
  PID:4556
- C:\Windows\System\JOrpvAu.exe
  C:\Windows\System\JOrpvAu.exe
  2⤵
  PID:4596
- C:\Windows\System\FdJgoGS.exe
  C:\Windows\System\FdJgoGS.exe
  2⤵
  PID:4620
- C:\Windows\System\TSJOzLw.exe
  C:\Windows\System\TSJOzLw.exe
  2⤵
  PID:4640
- C:\Windows\System\gtoiwrf.exe
  C:\Windows\System\gtoiwrf.exe
  2⤵
  PID:4680
- C:\Windows\System\ibrooNp.exe
  C:\Windows\System\ibrooNp.exe
  2⤵
  PID:4724
- C:\Windows\System\DYRupWb.exe
  C:\Windows\System\DYRupWb.exe
  2⤵
  PID:4756
- C:\Windows\System\HqipTxI.exe
  C:\Windows\System\HqipTxI.exe
  2⤵
  PID:4784
- C:\Windows\System\GUIbkFR.exe
  C:\Windows\System\GUIbkFR.exe
  2⤵
  PID:4828
- C:\Windows\System\uWeLeJD.exe
  C:\Windows\System\uWeLeJD.exe
  2⤵
  PID:4848
- C:\Windows\System\lAgtxbR.exe
  C:\Windows\System\lAgtxbR.exe
  2⤵
  PID:4908
- C:\Windows\System\DPUTDpY.exe
  C:\Windows\System\DPUTDpY.exe
  2⤵
  PID:4940
- C:\Windows\System\wZxtjMe.exe
  C:\Windows\System\wZxtjMe.exe
  2⤵
  PID:4960
- C:\Windows\System\znxkSuG.exe
  C:\Windows\System\znxkSuG.exe
  2⤵
  PID:4964
- C:\Windows\System\syJTqYd.exe
  C:\Windows\System\syJTqYd.exe
  2⤵
  PID:5008
- C:\Windows\System\jEUiPqq.exe
  C:\Windows\System\jEUiPqq.exe
  2⤵
  PID:5064
- C:\Windows\System\ZzqBlYY.exe
  C:\Windows\System\ZzqBlYY.exe
  2⤵
  PID:5108
- C:\Windows\System\ZPrOFKV.exe
  C:\Windows\System\ZPrOFKV.exe
  2⤵
  PID:3988
- C:\Windows\System\nKzSiyw.exe
  C:\Windows\System\nKzSiyw.exe
  2⤵
  PID:4768
- C:\Windows\System\KSLUCyc.exe
  C:\Windows\System\KSLUCyc.exe
  2⤵
  PID:3092
- C:\Windows\System\PLOZTbr.exe
  C:\Windows\System\PLOZTbr.exe
  2⤵
  PID:4100
- C:\Windows\System\tNqxDkE.exe
  C:\Windows\System\tNqxDkE.exe
  2⤵
  PID:4112
- C:\Windows\System\LSncYsX.exe
  C:\Windows\System\LSncYsX.exe
  2⤵
  PID:4204
- C:\Windows\System\OlWKKUI.exe
  C:\Windows\System\OlWKKUI.exe
  2⤵
  PID:4256
- C:\Windows\System\JIWHfFm.exe
  C:\Windows\System\JIWHfFm.exe
  2⤵
  PID:4304
- C:\Windows\System\CeHZHin.exe
  C:\Windows\System\CeHZHin.exe
  2⤵
  PID:4344
- C:\Windows\System\KDDKeup.exe
  C:\Windows\System\KDDKeup.exe
  2⤵
  PID:4416
- C:\Windows\System\krofeXj.exe
  C:\Windows\System\krofeXj.exe
  2⤵
  PID:2068
- C:\Windows\System\bPRprCq.exe
  C:\Windows\System\bPRprCq.exe
  2⤵
  PID:1660
- C:\Windows\System\myGGJKS.exe
  C:\Windows\System\myGGJKS.exe
  2⤵
  PID:4524
- C:\Windows\System\JSYXNdV.exe
  C:\Windows\System\JSYXNdV.exe
  2⤵
  PID:4536
- C:\Windows\System\MdityJo.exe
  C:\Windows\System\MdityJo.exe
  2⤵
  PID:4584
- C:\Windows\System\LWfpdGx.exe
  C:\Windows\System\LWfpdGx.exe
  2⤵
  PID:4656
- C:\Windows\System\JifGbWu.exe
  C:\Windows\System\JifGbWu.exe
  2⤵
  PID:4744
- C:\Windows\System\qwHvRhY.exe
  C:\Windows\System\qwHvRhY.exe
  2⤵
  PID:4808
- C:\Windows\System\VOHUlKS.exe
  C:\Windows\System\VOHUlKS.exe
  2⤵
  PID:4840
- C:\Windows\System\AaZxIJU.exe
  C:\Windows\System\AaZxIJU.exe
  2⤵
  PID:4880
- C:\Windows\System\AdhEIcK.exe
  C:\Windows\System\AdhEIcK.exe
  2⤵
  PID:4884
- C:\Windows\System\zgIzJbD.exe
  C:\Windows\System\zgIzJbD.exe
  2⤵
  PID:4968
- C:\Windows\System\cOXujHz.exe
  C:\Windows\System\cOXujHz.exe
  2⤵
  PID:5080
- C:\Windows\System\PGqlsBY.exe
  C:\Windows\System\PGqlsBY.exe
  2⤵
  PID:3992
- C:\Windows\System\trqeyjf.exe
  C:\Windows\System\trqeyjf.exe
  2⤵
  PID:5104
- C:\Windows\System\okSSxLt.exe
  C:\Windows\System\okSSxLt.exe
  2⤵
  PID:1528
- C:\Windows\System\UNTGYkF.exe
  C:\Windows\System\UNTGYkF.exe
  2⤵
  PID:4196
- C:\Windows\System\aDRwniM.exe
  C:\Windows\System\aDRwniM.exe
  2⤵
  PID:4240
- C:\Windows\System\UypalWS.exe
  C:\Windows\System\UypalWS.exe
  2⤵
  PID:1864
- C:\Windows\System\csEQPFI.exe
  C:\Windows\System\csEQPFI.exe
  2⤵
  PID:4356
- C:\Windows\System\lPvRjcg.exe
  C:\Windows\System\lPvRjcg.exe
  2⤵
  PID:1048
- C:\Windows\System\UYflqhv.exe
  C:\Windows\System\UYflqhv.exe
  2⤵
  PID:4480
- C:\Windows\System\EhgszQJ.exe
  C:\Windows\System\EhgszQJ.exe
  2⤵
  PID:4160
- C:\Windows\System\NNkINGX.exe
  C:\Windows\System\NNkINGX.exe
  2⤵
  PID:4700
- C:\Windows\System\VgtJHlD.exe
  C:\Windows\System\VgtJHlD.exe
  2⤵
  PID:4860
- C:\Windows\System\XgDbqWU.exe
  C:\Windows\System\XgDbqWU.exe
  2⤵
  PID:4984
- C:\Windows\System\HZygErw.exe
  C:\Windows\System\HZygErw.exe
  2⤵
  PID:4788
- C:\Windows\System\IJNDvWV.exe
  C:\Windows\System\IJNDvWV.exe
  2⤵
  PID:4396
- C:\Windows\System\lEGeMbX.exe
  C:\Windows\System\lEGeMbX.exe
  2⤵
  PID:3716
- C:\Windows\System\aqBZnPY.exe
  C:\Windows\System\aqBZnPY.exe
  2⤵
  PID:4048
- C:\Windows\System\IiVGJpG.exe
  C:\Windows\System\IiVGJpG.exe
  2⤵
  PID:4420
- C:\Windows\System\tPDMtMf.exe
  C:\Windows\System\tPDMtMf.exe
  2⤵
  PID:4264
- C:\Windows\System\MuOKynA.exe
  C:\Windows\System\MuOKynA.exe
  2⤵
  PID:4560
- C:\Windows\System\mGJXXKb.exe
  C:\Windows\System\mGJXXKb.exe
  2⤵
  PID:4580
- C:\Windows\System\kLKKNiK.exe
  C:\Windows\System\kLKKNiK.exe
  2⤵
  PID:4600
- C:\Windows\System\hsjsaWu.exe
  C:\Windows\System\hsjsaWu.exe
  2⤵
  PID:5024
- C:\Windows\System\AmFXkLD.exe
  C:\Windows\System\AmFXkLD.exe
  2⤵
  PID:4888
- C:\Windows\System\pBtDyhS.exe
  C:\Windows\System\pBtDyhS.exe
  2⤵
  PID:4944
- C:\Windows\System\bAaXzLx.exe
  C:\Windows\System\bAaXzLx.exe
  2⤵
  PID:3488
- C:\Windows\System\oEMtGfo.exe
  C:\Windows\System\oEMtGfo.exe
  2⤵
  PID:4172
- C:\Windows\System\uqvOrWj.exe
  C:\Windows\System\uqvOrWj.exe
  2⤵
  PID:5136
- C:\Windows\System\HbLlBqk.exe
  C:\Windows\System\HbLlBqk.exe
  2⤵
  PID:5156
- C:\Windows\System\azGgITU.exe
  C:\Windows\System\azGgITU.exe
  2⤵
  PID:5176
- C:\Windows\System\kqWRFSS.exe
  C:\Windows\System\kqWRFSS.exe
  2⤵
  PID:5196
- C:\Windows\System\WkneWAc.exe
  C:\Windows\System\WkneWAc.exe
  2⤵
  PID:5216
- C:\Windows\System\fidqekE.exe
  C:\Windows\System\fidqekE.exe
  2⤵
  PID:5236
- C:\Windows\System\MhVbBbQ.exe
  C:\Windows\System\MhVbBbQ.exe
  2⤵
  PID:5256
- C:\Windows\System\pAANpzC.exe
  C:\Windows\System\pAANpzC.exe
  2⤵
  PID:5280
- C:\Windows\System\kbNfnpL.exe
  C:\Windows\System\kbNfnpL.exe
  2⤵
  PID:5300
- C:\Windows\System\yxlUfvZ.exe
  C:\Windows\System\yxlUfvZ.exe
  2⤵
  PID:5320
- C:\Windows\System\fgTjhum.exe
  C:\Windows\System\fgTjhum.exe
  2⤵
  PID:5340
- C:\Windows\System\ycIiZqW.exe
  C:\Windows\System\ycIiZqW.exe
  2⤵
  PID:5360
- C:\Windows\System\nKKqHus.exe
  C:\Windows\System\nKKqHus.exe
  2⤵
  PID:5380
- C:\Windows\System\xzBMhHa.exe
  C:\Windows\System\xzBMhHa.exe
  2⤵
  PID:5400
- C:\Windows\System\wbgYoDO.exe
  C:\Windows\System\wbgYoDO.exe
  2⤵
  PID:5420
- C:\Windows\System\aWJsArU.exe
  C:\Windows\System\aWJsArU.exe
  2⤵
  PID:5440
- C:\Windows\System\RwbiEqX.exe
  C:\Windows\System\RwbiEqX.exe
  2⤵
  PID:5460
- C:\Windows\System\gLeNVwH.exe
  C:\Windows\System\gLeNVwH.exe
  2⤵
  PID:5480
- C:\Windows\System\UPCBlQz.exe
  C:\Windows\System\UPCBlQz.exe
  2⤵
  PID:5500
- C:\Windows\System\AgVwtxG.exe
  C:\Windows\System\AgVwtxG.exe
  2⤵
  PID:5520
- C:\Windows\System\CEnMCne.exe
  C:\Windows\System\CEnMCne.exe
  2⤵
  PID:5540
- C:\Windows\System\wwYwayE.exe
  C:\Windows\System\wwYwayE.exe
  2⤵
  PID:5560
- C:\Windows\System\YKhzsNA.exe
  C:\Windows\System\YKhzsNA.exe
  2⤵
  PID:5580
- C:\Windows\System\JwgViYt.exe
  C:\Windows\System\JwgViYt.exe
  2⤵
  PID:5600
- C:\Windows\System\lAImipT.exe
  C:\Windows\System\lAImipT.exe
  2⤵
  PID:5620
- C:\Windows\System\KdMbKbj.exe
  C:\Windows\System\KdMbKbj.exe
  2⤵
  PID:5640
- C:\Windows\System\YHxbJvZ.exe
  C:\Windows\System\YHxbJvZ.exe
  2⤵
  PID:5660
- C:\Windows\System\usRoiEA.exe
  C:\Windows\System\usRoiEA.exe
  2⤵
  PID:5680
- C:\Windows\System\uMtTQvV.exe
  C:\Windows\System\uMtTQvV.exe
  2⤵
  PID:5700
- C:\Windows\System\IKxtdZI.exe
  C:\Windows\System\IKxtdZI.exe
  2⤵
  PID:5720
- C:\Windows\System\LxhlLbi.exe
  C:\Windows\System\LxhlLbi.exe
  2⤵
  PID:5740
- C:\Windows\System\lSEQVRQ.exe
  C:\Windows\System\lSEQVRQ.exe
  2⤵
  PID:5760
- C:\Windows\System\iezWnZw.exe
  C:\Windows\System\iezWnZw.exe
  2⤵
  PID:5780
- C:\Windows\System\Frbzsft.exe
  C:\Windows\System\Frbzsft.exe
  2⤵
  PID:5800
- C:\Windows\System\ZMuAGxI.exe
  C:\Windows\System\ZMuAGxI.exe
  2⤵
  PID:5820
- C:\Windows\System\YvpSFRv.exe
  C:\Windows\System\YvpSFRv.exe
  2⤵
  PID:5840
- C:\Windows\System\vudEQtN.exe
  C:\Windows\System\vudEQtN.exe
  2⤵
  PID:5860
- C:\Windows\System\TZWPGGz.exe
  C:\Windows\System\TZWPGGz.exe
  2⤵
  PID:5880
- C:\Windows\System\EVPELuL.exe
  C:\Windows\System\EVPELuL.exe
  2⤵
  PID:5900
- C:\Windows\System\oRulgsV.exe
  C:\Windows\System\oRulgsV.exe
  2⤵
  PID:5920
- C:\Windows\System\spAudjZ.exe
  C:\Windows\System\spAudjZ.exe
  2⤵
  PID:5940
- C:\Windows\System\kthLLnk.exe
  C:\Windows\System\kthLLnk.exe
  2⤵
  PID:5960
- C:\Windows\System\qfDngEO.exe
  C:\Windows\System\qfDngEO.exe
  2⤵
  PID:5984
- C:\Windows\System\fBQhIcp.exe
  C:\Windows\System\fBQhIcp.exe
  2⤵
  PID:6008
- C:\Windows\System\XZsArRq.exe
  C:\Windows\System\XZsArRq.exe
  2⤵
  PID:6024
- C:\Windows\System\kSLZMaP.exe
  C:\Windows\System\kSLZMaP.exe
  2⤵
  PID:6040
- C:\Windows\System\rVSNbrP.exe
  C:\Windows\System\rVSNbrP.exe
  2⤵
  PID:6060
- C:\Windows\System\ebYrQOh.exe
  C:\Windows\System\ebYrQOh.exe
  2⤵
  PID:6076
- C:\Windows\System\dNnlcxt.exe
  C:\Windows\System\dNnlcxt.exe
  2⤵
  PID:6108
- C:\Windows\System\JQEBPEs.exe
  C:\Windows\System\JQEBPEs.exe
  2⤵
  PID:6124
- C:\Windows\System\wyEczmS.exe
  C:\Windows\System\wyEczmS.exe
  2⤵
  PID:2312
- C:\Windows\System\PoUzINI.exe
  C:\Windows\System\PoUzINI.exe
  2⤵
  PID:4464
- C:\Windows\System\tkgFpxE.exe
  C:\Windows\System\tkgFpxE.exe
  2⤵
  PID:4564
- C:\Windows\System\YGyxWNG.exe
  C:\Windows\System\YGyxWNG.exe
  2⤵
  PID:2752
- C:\Windows\System\jNFSoZX.exe
  C:\Windows\System\jNFSoZX.exe
  2⤵
  PID:4704
- C:\Windows\System\jEjtVDz.exe
  C:\Windows\System\jEjtVDz.exe
  2⤵
  PID:4736
- C:\Windows\System\ANSRmzF.exe
  C:\Windows\System\ANSRmzF.exe
  2⤵
  PID:860
- C:\Windows\System\RpspXNE.exe
  C:\Windows\System\RpspXNE.exe
  2⤵
  PID:5124
- C:\Windows\System\tsoSFtF.exe
  C:\Windows\System\tsoSFtF.exe
  2⤵
  PID:5184
- C:\Windows\System\YKhjFJT.exe
  C:\Windows\System\YKhjFJT.exe
  2⤵
  PID:5228
- C:\Windows\System\AdSoBOw.exe
  C:\Windows\System\AdSoBOw.exe
  2⤵
  PID:5244
- C:\Windows\System\DmgYbcf.exe
  C:\Windows\System\DmgYbcf.exe
  2⤵
  PID:5248
- C:\Windows\System\pQYWsaW.exe
  C:\Windows\System\pQYWsaW.exe
  2⤵
  PID:5312
- C:\Windows\System\LPyUHbm.exe
  C:\Windows\System\LPyUHbm.exe
  2⤵
  PID:5356
- C:\Windows\System\supqopw.exe
  C:\Windows\System\supqopw.exe
  2⤵
  PID:5392
- C:\Windows\System\JHfNsBc.exe
  C:\Windows\System\JHfNsBc.exe
  2⤵
  PID:5412
- C:\Windows\System\wEEVrDA.exe
  C:\Windows\System\wEEVrDA.exe
  2⤵
  PID:5472
- C:\Windows\System\ljIsxTL.exe
  C:\Windows\System\ljIsxTL.exe
  2⤵
  PID:5508
- C:\Windows\System\dbuNNpY.exe
  C:\Windows\System\dbuNNpY.exe
  2⤵
  PID:5536
- C:\Windows\System\SRRjcqT.exe
  C:\Windows\System\SRRjcqT.exe
  2⤵
  PID:5556
- C:\Windows\System\digfAWE.exe
  C:\Windows\System\digfAWE.exe
  2⤵
  PID:5568
- C:\Windows\System\TJvDAGC.exe
  C:\Windows\System\TJvDAGC.exe
  2⤵
  PID:5608
- C:\Windows\System\QlJGBKc.exe
  C:\Windows\System\QlJGBKc.exe
  2⤵
  PID:5616
- C:\Windows\System\QUhKgXa.exe
  C:\Windows\System\QUhKgXa.exe
  2⤵
  PID:5668
- C:\Windows\System\tNkXAUm.exe
  C:\Windows\System\tNkXAUm.exe
  2⤵
  PID:1400
- C:\Windows\System\HNShVZy.exe
  C:\Windows\System\HNShVZy.exe
  2⤵
  PID:5276
- C:\Windows\System\MNmTzNa.exe
  C:\Windows\System\MNmTzNa.exe
  2⤵
  PID:5728
- C:\Windows\System\ezJpgYj.exe
  C:\Windows\System\ezJpgYj.exe
  2⤵
  PID:2868
- C:\Windows\System\uZSBMYN.exe
  C:\Windows\System\uZSBMYN.exe
  2⤵
  PID:5828
- C:\Windows\System\TpKANXM.exe
  C:\Windows\System\TpKANXM.exe
  2⤵
  PID:5812
- C:\Windows\System\nnfPbLF.exe
  C:\Windows\System\nnfPbLF.exe
  2⤵
  PID:5868
- C:\Windows\System\MGyocye.exe
  C:\Windows\System\MGyocye.exe
  2⤵
  PID:1888
- C:\Windows\System\NiFtyfH.exe
  C:\Windows\System\NiFtyfH.exe
  2⤵
  PID:5852
- C:\Windows\System\nVcgOOT.exe
  C:\Windows\System\nVcgOOT.exe
  2⤵
  PID:5888
- C:\Windows\System\jSadYJA.exe
  C:\Windows\System\jSadYJA.exe
  2⤵
  PID:5896
- C:\Windows\System\VQYgRJC.exe
  C:\Windows\System\VQYgRJC.exe
  2⤵
  PID:5928
- C:\Windows\System\NwuxaBk.exe
  C:\Windows\System\NwuxaBk.exe
  2⤵
  PID:5936
- C:\Windows\System\ZqbRtwg.exe
  C:\Windows\System\ZqbRtwg.exe
  2⤵
  PID:772
- C:\Windows\System\GEUkjQO.exe
  C:\Windows\System\GEUkjQO.exe
  2⤵
  PID:5992
- C:\Windows\System\QevoCRi.exe
  C:\Windows\System\QevoCRi.exe
  2⤵
  PID:5996
- C:\Windows\System\IquqQHg.exe
  C:\Windows\System\IquqQHg.exe
  2⤵
  PID:3968
- C:\Windows\System\yiRVYYY.exe
  C:\Windows\System\yiRVYYY.exe
  2⤵
  PID:2432
- C:\Windows\System\SUdjAcK.exe
  C:\Windows\System\SUdjAcK.exe
  2⤵
  PID:6036
- C:\Windows\System\qGxPcuc.exe
  C:\Windows\System\qGxPcuc.exe
  2⤵
  PID:6068
- C:\Windows\System\pKbLEhx.exe
  C:\Windows\System\pKbLEhx.exe
  2⤵
  PID:6096
- C:\Windows\System\KoyYzYI.exe
  C:\Windows\System\KoyYzYI.exe
  2⤵
  PID:6132
- C:\Windows\System\VdHzKpM.exe
  C:\Windows\System\VdHzKpM.exe
  2⤵
  PID:6136
- C:\Windows\System\MfYgxmT.exe
  C:\Windows\System\MfYgxmT.exe
  2⤵
  PID:4900
- C:\Windows\System\XnQCvEy.exe
  C:\Windows\System\XnQCvEy.exe
  2⤵
  PID:5148
- C:\Windows\System\cmexqZK.exe
  C:\Windows\System\cmexqZK.exe
  2⤵
  PID:5224
- C:\Windows\System\PjGTNRT.exe
  C:\Windows\System\PjGTNRT.exe
  2⤵
  PID:4156
- C:\Windows\System\MkobHtO.exe
  C:\Windows\System\MkobHtO.exe
  2⤵
  PID:5268
- C:\Windows\System\rmIydxS.exe
  C:\Windows\System\rmIydxS.exe
  2⤵
  PID:5308
- C:\Windows\System\kxAaDoK.exe
  C:\Windows\System\kxAaDoK.exe
  2⤵
  PID:5368
- C:\Windows\System\LBBFvyP.exe
  C:\Windows\System\LBBFvyP.exe
  2⤵
  PID:5332
- C:\Windows\System\BZhNRtn.exe
  C:\Windows\System\BZhNRtn.exe
  2⤵
  PID:5416
- C:\Windows\System\eEKDdfO.exe
  C:\Windows\System\eEKDdfO.exe
  2⤵
  PID:5572
- C:\Windows\System\htVWSvj.exe
  C:\Windows\System\htVWSvj.exe
  2⤵
  PID:5492
- C:\Windows\System\XEDUyKE.exe
  C:\Windows\System\XEDUyKE.exe
  2⤵
  PID:5696
- C:\Windows\System\GUAiVPn.exe
  C:\Windows\System\GUAiVPn.exe
  2⤵
  PID:5672
- C:\Windows\System\xxLSvzv.exe
  C:\Windows\System\xxLSvzv.exe
  2⤵
  PID:5748
- C:\Windows\System\zdFMySy.exe
  C:\Windows\System\zdFMySy.exe
  2⤵
  PID:2776
- C:\Windows\System\lYNAZum.exe
  C:\Windows\System\lYNAZum.exe
  2⤵
  PID:5776
- C:\Windows\System\PWOagDZ.exe
  C:\Windows\System\PWOagDZ.exe
  2⤵
  PID:5788
- C:\Windows\System\FfEqaEA.exe
  C:\Windows\System\FfEqaEA.exe
  2⤵
  PID:5752
- C:\Windows\System\OmKfLcu.exe
  C:\Windows\System\OmKfLcu.exe
  2⤵
  PID:3008
- C:\Windows\System\WyFKtyA.exe
  C:\Windows\System\WyFKtyA.exe
  2⤵
  PID:1632
- C:\Windows\System\jadAMKg.exe
  C:\Windows\System\jadAMKg.exe
  2⤵
  PID:5948
- C:\Windows\System\erwxwVC.exe
  C:\Windows\System\erwxwVC.exe
  2⤵
  PID:5908
- C:\Windows\System\GCVcMNe.exe
  C:\Windows\System\GCVcMNe.exe
  2⤵
  PID:1132
- C:\Windows\System\pmSzjxt.exe
  C:\Windows\System\pmSzjxt.exe
  2⤵
  PID:5972
- C:\Windows\System\ajbeXCo.exe
  C:\Windows\System\ajbeXCo.exe
  2⤵
  PID:2656
- C:\Windows\System\YHUzfmk.exe
  C:\Windows\System\YHUzfmk.exe
  2⤵
  PID:6032
- C:\Windows\System\ODkhKGX.exe
  C:\Windows\System\ODkhKGX.exe
  2⤵
  PID:696
- C:\Windows\System\WNSChUh.exe
  C:\Windows\System\WNSChUh.exe
  2⤵
  PID:1548
- C:\Windows\System\ehRejQl.exe
  C:\Windows\System\ehRejQl.exe
  2⤵
  PID:4780
- C:\Windows\System\qjHcNqK.exe
  C:\Windows\System\qjHcNqK.exe
  2⤵
  PID:5252
- C:\Windows\System\IsZkvNk.exe
  C:\Windows\System\IsZkvNk.exe
  2⤵
  PID:5132
- C:\Windows\System\hvzdJFv.exe
  C:\Windows\System\hvzdJFv.exe
  2⤵
  PID:5372
- C:\Windows\System\mCvEwAy.exe
  C:\Windows\System\mCvEwAy.exe
  2⤵
  PID:5476
- C:\Windows\System\DVHcNZc.exe
  C:\Windows\System\DVHcNZc.exe
  2⤵
  PID:5436
- C:\Windows\System\IvtCHhn.exe
  C:\Windows\System\IvtCHhn.exe
  2⤵
  PID:2764
- C:\Windows\System\uWgaflA.exe
  C:\Windows\System\uWgaflA.exe
  2⤵
  PID:5796
- C:\Windows\System\xdSKILJ.exe
  C:\Windows\System\xdSKILJ.exe
  2⤵
  PID:5692
- C:\Windows\System\KqHfNRp.exe
  C:\Windows\System\KqHfNRp.exe
  2⤵
  PID:5952
- C:\Windows\System\emcfVDr.exe
  C:\Windows\System\emcfVDr.exe
  2⤵
  PID:1128
- C:\Windows\System\OyqdYLr.exe
  C:\Windows\System\OyqdYLr.exe
  2⤵
  PID:5816
- C:\Windows\System\olJAivK.exe
  C:\Windows\System\olJAivK.exe
  2⤵
  PID:608
- C:\Windows\System\POCVVBK.exe
  C:\Windows\System\POCVVBK.exe
  2⤵
  PID:2380
- C:\Windows\System\qEBAGFw.exe
  C:\Windows\System\qEBAGFw.exe
  2⤵
  PID:6088
- C:\Windows\System\GYgyhHY.exe
  C:\Windows\System\GYgyhHY.exe
  2⤵
  PID:4140
- C:\Windows\System\QTEHqLF.exe
  C:\Windows\System\QTEHqLF.exe
  2⤵
  PID:5172
- C:\Windows\System\ghHeBua.exe
  C:\Windows\System\ghHeBua.exe
  2⤵
  PID:5712
- C:\Windows\System\dqFqFeI.exe
  C:\Windows\System\dqFqFeI.exe
  2⤵
  PID:5264
- C:\Windows\System\UOXcvYM.exe
  C:\Windows\System\UOXcvYM.exe
  2⤵
  PID:5832
- C:\Windows\System\HsKrzJG.exe
  C:\Windows\System\HsKrzJG.exe
  2⤵
  PID:5192
- C:\Windows\System\jNmgWsH.exe
  C:\Windows\System\jNmgWsH.exe
  2⤵
  PID:5596
- C:\Windows\System\lYGvJou.exe
  C:\Windows\System\lYGvJou.exe
  2⤵
  PID:5768
- C:\Windows\System\pCXaGtP.exe
  C:\Windows\System\pCXaGtP.exe
  2⤵
  PID:6092
- C:\Windows\System\XFZlqjI.exe
  C:\Windows\System\XFZlqjI.exe
  2⤵
  PID:2220
- C:\Windows\System\VBrLJtC.exe
  C:\Windows\System\VBrLJtC.exe
  2⤵
  PID:5100
- C:\Windows\System\SYhHcTA.exe
  C:\Windows\System\SYhHcTA.exe
  2⤵
  PID:5396
- C:\Windows\System\Vnkypku.exe
  C:\Windows\System\Vnkypku.exe
  2⤵
  PID:5532
- C:\Windows\System\NVGFrvf.exe
  C:\Windows\System\NVGFrvf.exe
  2⤵
  PID:6004
- C:\Windows\System\FodaeyP.exe
  C:\Windows\System\FodaeyP.exe
  2⤵
  PID:5976
- C:\Windows\System\mqWVPRb.exe
  C:\Windows\System\mqWVPRb.exe
  2⤵
  PID:5808
- C:\Windows\System\aAElzXT.exe
  C:\Windows\System\aAElzXT.exe
  2⤵
  PID:5980
- C:\Windows\System\VDfKyyv.exe
  C:\Windows\System\VDfKyyv.exe
  2⤵
  PID:6164
- C:\Windows\System\FHekbrV.exe
  C:\Windows\System\FHekbrV.exe
  2⤵
  PID:6184
- C:\Windows\System\LHDdppc.exe
  C:\Windows\System\LHDdppc.exe
  2⤵
  PID:6204
- C:\Windows\System\USHcKCq.exe
  C:\Windows\System\USHcKCq.exe
  2⤵
  PID:6220
- C:\Windows\System\Xtupfiw.exe
  C:\Windows\System\Xtupfiw.exe
  2⤵
  PID:6260
- C:\Windows\System\qupCniA.exe
  C:\Windows\System\qupCniA.exe
  2⤵
  PID:6280
- C:\Windows\System\THIHclS.exe
  C:\Windows\System\THIHclS.exe
  2⤵
  PID:6300
- C:\Windows\System\lRBNgkC.exe
  C:\Windows\System\lRBNgkC.exe
  2⤵
  PID:6320
- C:\Windows\System\mcNQrPt.exe
  C:\Windows\System\mcNQrPt.exe
  2⤵
  PID:6336
- C:\Windows\System\dlhbMIS.exe
  C:\Windows\System\dlhbMIS.exe
  2⤵
  PID:6352
- C:\Windows\System\iTcZMXS.exe
  C:\Windows\System\iTcZMXS.exe
  2⤵
  PID:6368
- C:\Windows\System\yzKDOCP.exe
  C:\Windows\System\yzKDOCP.exe
  2⤵
  PID:6392
- C:\Windows\System\pkxHrsP.exe
  C:\Windows\System\pkxHrsP.exe
  2⤵
  PID:6408
- C:\Windows\System\cGsLfSH.exe
  C:\Windows\System\cGsLfSH.exe
  2⤵
  PID:6424
- C:\Windows\System\CzmaSrU.exe
  C:\Windows\System\CzmaSrU.exe
  2⤵
  PID:6440
- C:\Windows\System\PnwyMtq.exe
  C:\Windows\System\PnwyMtq.exe
  2⤵
  PID:6456
- C:\Windows\System\cHghIKG.exe
  C:\Windows\System\cHghIKG.exe
  2⤵
  PID:6476
- C:\Windows\System\LDxPhrh.exe
  C:\Windows\System\LDxPhrh.exe
  2⤵
  PID:6496
- C:\Windows\System\CkWKkQQ.exe
  C:\Windows\System\CkWKkQQ.exe
  2⤵
  PID:6520
- C:\Windows\System\PmgDgsk.exe
  C:\Windows\System\PmgDgsk.exe
  2⤵
  PID:6540
- C:\Windows\System\nbobyKY.exe
  C:\Windows\System\nbobyKY.exe
  2⤵
  PID:6556
- C:\Windows\System\gpGZHdW.exe
  C:\Windows\System\gpGZHdW.exe
  2⤵
  PID:6572
- C:\Windows\System\UjgeisW.exe
  C:\Windows\System\UjgeisW.exe
  2⤵
  PID:6628
- C:\Windows\System\RzzpoGs.exe
  C:\Windows\System\RzzpoGs.exe
  2⤵
  PID:6644
- C:\Windows\System\ELaPdVS.exe
  C:\Windows\System\ELaPdVS.exe
  2⤵
  PID:6660
- C:\Windows\System\sLjpOuL.exe
  C:\Windows\System\sLjpOuL.exe
  2⤵
  PID:6676
- C:\Windows\System\SluBaBC.exe
  C:\Windows\System\SluBaBC.exe
  2⤵
  PID:6692
- C:\Windows\System\cCaRiDK.exe
  C:\Windows\System\cCaRiDK.exe
  2⤵
  PID:6712
- C:\Windows\System\PzOvxSa.exe
  C:\Windows\System\PzOvxSa.exe
  2⤵
  PID:6728
- C:\Windows\System\byyyNCY.exe
  C:\Windows\System\byyyNCY.exe
  2⤵
  PID:6744
- C:\Windows\System\jGnQQjc.exe
  C:\Windows\System\jGnQQjc.exe
  2⤵
  PID:6760
- C:\Windows\System\NOkuXxG.exe
  C:\Windows\System\NOkuXxG.exe
  2⤵
  PID:6776
- C:\Windows\System\tMsjjwf.exe
  C:\Windows\System\tMsjjwf.exe
  2⤵
  PID:6792
- C:\Windows\System\KZtpUzv.exe
  C:\Windows\System\KZtpUzv.exe
  2⤵
  PID:6816
- C:\Windows\System\OpnCCOi.exe
  C:\Windows\System\OpnCCOi.exe
  2⤵
  PID:6832
- C:\Windows\System\aIxsEyg.exe
  C:\Windows\System\aIxsEyg.exe
  2⤵
  PID:6848
- C:\Windows\System\TEPWYAy.exe
  C:\Windows\System\TEPWYAy.exe
  2⤵
  PID:6864
- C:\Windows\System\ivJdfOB.exe
  C:\Windows\System\ivJdfOB.exe
  2⤵
  PID:6880
- C:\Windows\System\fpncSDM.exe
  C:\Windows\System\fpncSDM.exe
  2⤵
  PID:6896
- C:\Windows\System\UakskbY.exe
  C:\Windows\System\UakskbY.exe
  2⤵
  PID:6920
- C:\Windows\System\ampOMeN.exe
  C:\Windows\System\ampOMeN.exe
  2⤵
  PID:6936
- C:\Windows\System\ehjyjVh.exe
  C:\Windows\System\ehjyjVh.exe
  2⤵
  PID:6952
- C:\Windows\System\nIDMmDU.exe
  C:\Windows\System\nIDMmDU.exe
  2⤵
  PID:6968
- C:\Windows\System\sZDsTdE.exe
  C:\Windows\System\sZDsTdE.exe
  2⤵
  PID:6984
- C:\Windows\System\fFZORgb.exe
  C:\Windows\System\fFZORgb.exe
  2⤵
  PID:7004
- C:\Windows\System\jhjRmVX.exe
  C:\Windows\System\jhjRmVX.exe
  2⤵
  PID:7028
- C:\Windows\System\dmcegJo.exe
  C:\Windows\System\dmcegJo.exe
  2⤵
  PID:7048
- C:\Windows\System\yzkDDsq.exe
  C:\Windows\System\yzkDDsq.exe
  2⤵
  PID:7064
- C:\Windows\System\DEVmINj.exe
  C:\Windows\System\DEVmINj.exe
  2⤵
  PID:7080
- C:\Windows\System\NApCDJR.exe
  C:\Windows\System\NApCDJR.exe
  2⤵
  PID:7096
- C:\Windows\System\QnCxMgY.exe
  C:\Windows\System\QnCxMgY.exe
  2⤵
  PID:7112
- C:\Windows\System\cbztouG.exe
  C:\Windows\System\cbztouG.exe
  2⤵
  PID:7128
- C:\Windows\System\RYyVVUl.exe
  C:\Windows\System\RYyVVUl.exe
  2⤵
  PID:7148
- C:\Windows\System\OiqsNrc.exe
  C:\Windows\System\OiqsNrc.exe
  2⤵
  PID:7164
- C:\Windows\System\fylmxOb.exe
  C:\Windows\System\fylmxOb.exe
  2⤵
  PID:6104
- C:\Windows\System\IKDGTIx.exe
  C:\Windows\System\IKDGTIx.exe
  2⤵
  PID:5588
- C:\Windows\System\meVnjQS.exe
  C:\Windows\System\meVnjQS.exe
  2⤵
  PID:6156
- C:\Windows\System\NoxwdyW.exe
  C:\Windows\System\NoxwdyW.exe
  2⤵
  PID:5336
- C:\Windows\System\ljtvqJI.exe
  C:\Windows\System\ljtvqJI.exe
  2⤵
  PID:6200
- C:\Windows\System\cUgvcAN.exe
  C:\Windows\System\cUgvcAN.exe
  2⤵
  PID:6400
- C:\Windows\System\NHxWGvS.exe
  C:\Windows\System\NHxWGvS.exe
  2⤵
  PID:6504
- C:\Windows\System\HwywgXz.exe
  C:\Windows\System\HwywgXz.exe
  2⤵
  PID:6580
- C:\Windows\System\cYbZUqj.exe
  C:\Windows\System\cYbZUqj.exe
  2⤵
  PID:6384
- C:\Windows\System\QtNcSNU.exe
  C:\Windows\System\QtNcSNU.exe
  2⤵
  PID:6448
- C:\Windows\System\aMALXNH.exe
  C:\Windows\System\aMALXNH.exe
  2⤵
  PID:6492
- C:\Windows\System\ZNFGqCo.exe
  C:\Windows\System\ZNFGqCo.exe
  2⤵
  PID:6564
- C:\Windows\System\JSFbStY.exe
  C:\Windows\System\JSFbStY.exe
  2⤵
  PID:6684
- C:\Windows\System\uGjtUja.exe
  C:\Windows\System\uGjtUja.exe
  2⤵
  PID:6752
- C:\Windows\System\RGsljnr.exe
  C:\Windows\System\RGsljnr.exe
  2⤵
  PID:6656
- C:\Windows\System\XfbYKSm.exe
  C:\Windows\System\XfbYKSm.exe
  2⤵
  PID:6824
- C:\Windows\System\RXVFXtd.exe
  C:\Windows\System\RXVFXtd.exe
  2⤵
  PID:6700
- C:\Windows\System\nHCYfug.exe
  C:\Windows\System\nHCYfug.exe
  2⤵
  PID:6800
- C:\Windows\System\ttDvrPI.exe
  C:\Windows\System\ttDvrPI.exe
  2⤵
  PID:6844
- C:\Windows\System\TrrMdxZ.exe
  C:\Windows\System\TrrMdxZ.exe
  2⤵
  PID:6908
- C:\Windows\System\VpqhUEH.exe
  C:\Windows\System\VpqhUEH.exe
  2⤵
  PID:6980
- C:\Windows\System\fYfGTKe.exe
  C:\Windows\System\fYfGTKe.exe
  2⤵
  PID:6788
- C:\Windows\System\AhttnTO.exe
  C:\Windows\System\AhttnTO.exe
  2⤵
  PID:6888
- C:\Windows\System\itjaTDL.exe
  C:\Windows\System\itjaTDL.exe
  2⤵
  PID:7104
- C:\Windows\System\bljKrLo.exe
  C:\Windows\System\bljKrLo.exe
  2⤵
  PID:7020
- C:\Windows\System\NroReDo.exe
  C:\Windows\System\NroReDo.exe
  2⤵
  PID:7000
- C:\Windows\System\MfWiDjG.exe
  C:\Windows\System\MfWiDjG.exe
  2⤵
  PID:7072
- C:\Windows\System\jffLgQR.exe
  C:\Windows\System\jffLgQR.exe
  2⤵
  PID:7140
- C:\Windows\System\ZzMyMZn.exe
  C:\Windows\System\ZzMyMZn.exe
  2⤵
  PID:6152
- C:\Windows\System\JCqaoyJ.exe
  C:\Windows\System\JCqaoyJ.exe
  2⤵
  PID:816
- C:\Windows\System\HfSDuRC.exe
  C:\Windows\System\HfSDuRC.exe
  2⤵
  PID:6296
- C:\Windows\System\LDeeQIQ.exe
  C:\Windows\System\LDeeQIQ.exe
  2⤵
  PID:7056
- C:\Windows\System\JGHwbpR.exe
  C:\Windows\System\JGHwbpR.exe
  2⤵
  PID:6472
- C:\Windows\System\hWHRiYZ.exe
  C:\Windows\System\hWHRiYZ.exe
  2⤵
  PID:6180
- C:\Windows\System\ltdNxHo.exe
  C:\Windows\System\ltdNxHo.exe
  2⤵
  PID:7160
- C:\Windows\System\VZHAtDW.exe
  C:\Windows\System\VZHAtDW.exe
  2⤵
  PID:7120
- C:\Windows\System\TkJAbEm.exe
  C:\Windows\System\TkJAbEm.exe
  2⤵
  PID:6516
- C:\Windows\System\GkiOmhC.exe
  C:\Windows\System\GkiOmhC.exe
  2⤵
  PID:6488
- C:\Windows\System\jaSLQgq.exe
  C:\Windows\System\jaSLQgq.exe
  2⤵
  PID:6532
- C:\Windows\System\seGjCRT.exe
  C:\Windows\System\seGjCRT.exe
  2⤵
  PID:6600
- C:\Windows\System\bgeSbkY.exe
  C:\Windows\System\bgeSbkY.exe
  2⤵
  PID:6652
- C:\Windows\System\hjIcCgj.exe
  C:\Windows\System\hjIcCgj.exe
  2⤵
  PID:6672
- C:\Windows\System\izyNqKd.exe
  C:\Windows\System\izyNqKd.exe
  2⤵
  PID:6808
- C:\Windows\System\xhwaIkP.exe
  C:\Windows\System\xhwaIkP.exe
  2⤵
  PID:6948
- C:\Windows\System\NaWtkBw.exe
  C:\Windows\System\NaWtkBw.exe
  2⤵
  PID:6876
- C:\Windows\System\djfKgPD.exe
  C:\Windows\System\djfKgPD.exe
  2⤵
  PID:6932
- C:\Windows\System\iojRSFI.exe
  C:\Windows\System\iojRSFI.exe
  2⤵
  PID:6964
- C:\Windows\System\nZRvfqB.exe
  C:\Windows\System\nZRvfqB.exe
  2⤵
  PID:2568
- C:\Windows\System\pqIlles.exe
  C:\Windows\System\pqIlles.exe
  2⤵
  PID:620
- C:\Windows\System\rvOAwYl.exe
  C:\Windows\System\rvOAwYl.exe
  2⤵
  PID:5872
- C:\Windows\System\EqjIrEI.exe
  C:\Windows\System\EqjIrEI.exe
  2⤵
  PID:6464
- C:\Windows\System\cCqhqeD.exe
  C:\Windows\System\cCqhqeD.exe
  2⤵
  PID:6252
- C:\Windows\System\UOlniuB.exe
  C:\Windows\System\UOlniuB.exe
  2⤵
  PID:7060
- C:\Windows\System\SvIWQQX.exe
  C:\Windows\System\SvIWQQX.exe
  2⤵
  PID:6420
- C:\Windows\System\OAqTRSz.exe
  C:\Windows\System\OAqTRSz.exe
  2⤵
  PID:6484
- C:\Windows\System\ocVKRPL.exe
  C:\Windows\System\ocVKRPL.exe
  2⤵
  PID:6756
- C:\Windows\System\bHPAryH.exe
  C:\Windows\System\bHPAryH.exe
  2⤵
  PID:6772
- C:\Windows\System\aYLxsXQ.exe
  C:\Windows\System\aYLxsXQ.exe
  2⤵
  PID:6996
- C:\Windows\System\TqcwcKV.exe
  C:\Windows\System\TqcwcKV.exe
  2⤵
  PID:6840
- C:\Windows\System\dqzOutu.exe
  C:\Windows\System\dqzOutu.exe
  2⤵
  PID:6784
- C:\Windows\System\ctWKuEc.exe
  C:\Windows\System\ctWKuEc.exe
  2⤵
  PID:4504
- C:\Windows\System\vfAJmZe.exe
  C:\Windows\System\vfAJmZe.exe
  2⤵
  PID:6508
- C:\Windows\System\unqzDYN.exe
  C:\Windows\System\unqzDYN.exe
  2⤵
  PID:6316
- C:\Windows\System\zSDWEqw.exe
  C:\Windows\System\zSDWEqw.exe
  2⤵
  PID:6292
- C:\Windows\System\fHzYmRy.exe
  C:\Windows\System\fHzYmRy.exe
  2⤵
  PID:6272
- C:\Windows\System\AXUXvGH.exe
  C:\Windows\System\AXUXvGH.exe
  2⤵
  PID:6592
- C:\Windows\System\uUnIWUo.exe
  C:\Windows\System\uUnIWUo.exe
  2⤵
  PID:6668
- C:\Windows\System\HCqMmkF.exe
  C:\Windows\System\HCqMmkF.exe
  2⤵
  PID:6944
- C:\Windows\System\gzCUqBc.exe
  C:\Windows\System\gzCUqBc.exe
  2⤵
  PID:7044
- C:\Windows\System\SUkAshq.exe
  C:\Windows\System\SUkAshq.exe
  2⤵
  PID:6288
- C:\Windows\System\ZTwOVuj.exe
  C:\Windows\System\ZTwOVuj.exe
  2⤵
  PID:6176
- C:\Windows\System\OAtEUPe.exe
  C:\Windows\System\OAtEUPe.exe
  2⤵
  PID:6620
- C:\Windows\System\OhwZlYi.exe
  C:\Windows\System\OhwZlYi.exe
  2⤵
  PID:6248
- C:\Windows\System\GbAonKW.exe
  C:\Windows\System\GbAonKW.exe
  2⤵
  PID:1032
- C:\Windows\System\bKfabDH.exe
  C:\Windows\System\bKfabDH.exe
  2⤵
  PID:6380
- C:\Windows\System\zvMzbdV.exe
  C:\Windows\System\zvMzbdV.exe
  2⤵
  PID:7184
- C:\Windows\System\hOCbKEs.exe
  C:\Windows\System\hOCbKEs.exe
  2⤵
  PID:7204
- C:\Windows\System\DkghiYY.exe
  C:\Windows\System\DkghiYY.exe
  2⤵
  PID:7224
- C:\Windows\System\qValnEl.exe
  C:\Windows\System\qValnEl.exe
  2⤵
  PID:7252
- C:\Windows\System\wTUnQhN.exe
  C:\Windows\System\wTUnQhN.exe
  2⤵
  PID:7268
- C:\Windows\System\XhjyITy.exe
  C:\Windows\System\XhjyITy.exe
  2⤵
  PID:7284
- C:\Windows\System\DqtIwmH.exe
  C:\Windows\System\DqtIwmH.exe
  2⤵
  PID:7308
- C:\Windows\System\GqUEpnf.exe
  C:\Windows\System\GqUEpnf.exe
  2⤵
  PID:7324
- C:\Windows\System\bgwRWZy.exe
  C:\Windows\System\bgwRWZy.exe
  2⤵
  PID:7344
- C:\Windows\System\JgaicoU.exe
  C:\Windows\System\JgaicoU.exe
  2⤵
  PID:7360
- C:\Windows\System\UTgEkfa.exe
  C:\Windows\System\UTgEkfa.exe
  2⤵
  PID:7388
- C:\Windows\System\uxySoji.exe
  C:\Windows\System\uxySoji.exe
  2⤵
  PID:7404
- C:\Windows\System\xwtGOGA.exe
  C:\Windows\System\xwtGOGA.exe
  2⤵
  PID:7420
- C:\Windows\System\qcIiwIJ.exe
  C:\Windows\System\qcIiwIJ.exe
  2⤵
  PID:7436
- C:\Windows\System\sAliCbW.exe
  C:\Windows\System\sAliCbW.exe
  2⤵
  PID:7452
- C:\Windows\System\trKMmbS.exe
  C:\Windows\System\trKMmbS.exe
  2⤵
  PID:7472
- C:\Windows\System\yaNnIGQ.exe
  C:\Windows\System\yaNnIGQ.exe
  2⤵
  PID:7488
- C:\Windows\System\Obksoop.exe
  C:\Windows\System\Obksoop.exe
  2⤵
  PID:7524
- C:\Windows\System\CNkAJVQ.exe
  C:\Windows\System\CNkAJVQ.exe
  2⤵
  PID:7540
- C:\Windows\System\KJoLztO.exe
  C:\Windows\System\KJoLztO.exe
  2⤵
  PID:7556
- C:\Windows\System\kGggEJf.exe
  C:\Windows\System\kGggEJf.exe
  2⤵
  PID:7604
- C:\Windows\System\xYSHMTV.exe
  C:\Windows\System\xYSHMTV.exe
  2⤵
  PID:7620
- C:\Windows\System\mpqHgNN.exe
  C:\Windows\System\mpqHgNN.exe
  2⤵
  PID:7640
- C:\Windows\System\QcuMUUm.exe
  C:\Windows\System\QcuMUUm.exe
  2⤵
  PID:7656
- C:\Windows\System\FGWKABT.exe
  C:\Windows\System\FGWKABT.exe
  2⤵
  PID:7672
- C:\Windows\System\tIlIHxi.exe
  C:\Windows\System\tIlIHxi.exe
  2⤵
  PID:7688
- C:\Windows\System\IiqjisE.exe
  C:\Windows\System\IiqjisE.exe
  2⤵
  PID:7704
- C:\Windows\System\eAVfQKE.exe
  C:\Windows\System\eAVfQKE.exe
  2⤵
  PID:7720
- C:\Windows\System\SaweGWL.exe
  C:\Windows\System\SaweGWL.exe
  2⤵
  PID:7736
- C:\Windows\System\OshDLWi.exe
  C:\Windows\System\OshDLWi.exe
  2⤵
  PID:7752
- C:\Windows\System\SZOYDSl.exe
  C:\Windows\System\SZOYDSl.exe
  2⤵
  PID:7772
- C:\Windows\System\cAqcUDX.exe
  C:\Windows\System\cAqcUDX.exe
  2⤵
  PID:7792
- C:\Windows\System\bgTXGet.exe
  C:\Windows\System\bgTXGet.exe
  2⤵
  PID:7844
- C:\Windows\System\JsYKiHK.exe
  C:\Windows\System\JsYKiHK.exe
  2⤵
  PID:7860
- C:\Windows\System\cNKFmVd.exe
  C:\Windows\System\cNKFmVd.exe
  2⤵
  PID:7876
- C:\Windows\System\pqzKdbQ.exe
  C:\Windows\System\pqzKdbQ.exe
  2⤵
  PID:7896
- C:\Windows\System\ptOXHIN.exe
  C:\Windows\System\ptOXHIN.exe
  2⤵
  PID:7912
- C:\Windows\System\OKiryum.exe
  C:\Windows\System\OKiryum.exe
  2⤵
  PID:7928
- C:\Windows\System\PEuRXsy.exe
  C:\Windows\System\PEuRXsy.exe
  2⤵
  PID:7944
- C:\Windows\System\TwufpwL.exe
  C:\Windows\System\TwufpwL.exe
  2⤵
  PID:7964
- C:\Windows\System\maicyfC.exe
  C:\Windows\System\maicyfC.exe
  2⤵
  PID:7984
- C:\Windows\System\TBQHdLO.exe
  C:\Windows\System\TBQHdLO.exe
  2⤵
  PID:8000
- C:\Windows\System\OQqESbd.exe
  C:\Windows\System\OQqESbd.exe
  2⤵
  PID:8016
- C:\Windows\System\otCovUR.exe
  C:\Windows\System\otCovUR.exe
  2⤵
  PID:8036
- C:\Windows\System\izKdMEk.exe
  C:\Windows\System\izKdMEk.exe
  2⤵
  PID:8084
- C:\Windows\System\UeKlXDf.exe
  C:\Windows\System\UeKlXDf.exe
  2⤵
  PID:8100
- C:\Windows\System\UtfxkMr.exe
  C:\Windows\System\UtfxkMr.exe
  2⤵
  PID:8116
- C:\Windows\System\wtxzkWH.exe
  C:\Windows\System\wtxzkWH.exe
  2⤵
  PID:8132
- C:\Windows\System\UjByrVt.exe
  C:\Windows\System\UjByrVt.exe
  2⤵
  PID:8148
- C:\Windows\System\CTnknrU.exe
  C:\Windows\System\CTnknrU.exe
  2⤵
  PID:8164
- C:\Windows\System\dNsZiUg.exe
  C:\Windows\System\dNsZiUg.exe
  2⤵
  PID:8184
- C:\Windows\System\GACFapQ.exe
  C:\Windows\System\GACFapQ.exe
  2⤵
  PID:6360
- C:\Windows\System\MkultPc.exe
  C:\Windows\System\MkultPc.exe
  2⤵
  PID:7192
- C:\Windows\System\PuajZlo.exe
  C:\Windows\System\PuajZlo.exe
  2⤵
  PID:7212
- C:\Windows\System\BUkumeK.exe
  C:\Windows\System\BUkumeK.exe
  2⤵
  PID:7236
- C:\Windows\System\bToONmr.exe
  C:\Windows\System\bToONmr.exe
  2⤵
  PID:7276
- C:\Windows\System\dvwxEXx.exe
  C:\Windows\System\dvwxEXx.exe
  2⤵
  PID:7352
- C:\Windows\System\dLqXOEA.exe
  C:\Windows\System\dLqXOEA.exe
  2⤵
  PID:7264
- C:\Windows\System\rGcZBbJ.exe
  C:\Windows\System\rGcZBbJ.exe
  2⤵
  PID:7216
- C:\Windows\System\vCwGCTS.exe
  C:\Windows\System\vCwGCTS.exe
  2⤵
  PID:7332
- C:\Windows\System\ChjZEae.exe
  C:\Windows\System\ChjZEae.exe
  2⤵
  PID:7376
- C:\Windows\System\zNdkcDr.exe
  C:\Windows\System\zNdkcDr.exe
  2⤵
  PID:7552
- C:\Windows\System\GdxSElT.exe
  C:\Windows\System\GdxSElT.exe
  2⤵
  PID:7580
- C:\Windows\System\albLffL.exe
  C:\Windows\System\albLffL.exe
  2⤵
  PID:7480
- C:\Windows\System\hTzXhqj.exe
  C:\Windows\System\hTzXhqj.exe
  2⤵
  PID:7564
- C:\Windows\System\puRNded.exe
  C:\Windows\System\puRNded.exe
  2⤵
  PID:7584
- C:\Windows\System\PNUxenZ.exe
  C:\Windows\System\PNUxenZ.exe
  2⤵
  PID:7648
- C:\Windows\System\ODJRReg.exe
  C:\Windows\System\ODJRReg.exe
  2⤵
  PID:7716
- C:\Windows\System\zhHgZzj.exe
  C:\Windows\System\zhHgZzj.exe
  2⤵
  PID:7784
- C:\Windows\System\fqVjhgd.exe
  C:\Windows\System\fqVjhgd.exe
  2⤵
  PID:7832
- C:\Windows\System\PRmztJl.exe
  C:\Windows\System\PRmztJl.exe
  2⤵
  PID:7728
- C:\Windows\System\TELWXUv.exe
  C:\Windows\System\TELWXUv.exe
  2⤵
  PID:7768
- C:\Windows\System\qzetdrl.exe
  C:\Windows\System\qzetdrl.exe
  2⤵
  PID:7812
- C:\Windows\System\OrxKvbt.exe
  C:\Windows\System\OrxKvbt.exe
  2⤵
  PID:7852
- C:\Windows\System\gaNFfNw.exe
  C:\Windows\System\gaNFfNw.exe
  2⤵
  PID:7892
- C:\Windows\System\vgGHqQJ.exe
  C:\Windows\System\vgGHqQJ.exe
  2⤵
  PID:7960
- C:\Windows\System\qwpwAFs.exe
  C:\Windows\System\qwpwAFs.exe
  2⤵
  PID:7904
- C:\Windows\System\hfdNDyA.exe
  C:\Windows\System\hfdNDyA.exe
  2⤵
  PID:7976
- C:\Windows\System\wFtFRaR.exe
  C:\Windows\System\wFtFRaR.exe
  2⤵
  PID:8048
- C:\Windows\System\WrVQfuO.exe
  C:\Windows\System\WrVQfuO.exe
  2⤵
  PID:8072
- C:\Windows\System\RMzPloE.exe
  C:\Windows\System\RMzPloE.exe
  2⤵
  PID:8096
- C:\Windows\System\YkaznOv.exe
  C:\Windows\System\YkaznOv.exe
  2⤵
  PID:6332
- C:\Windows\System\STLmftF.exe
  C:\Windows\System\STLmftF.exe
  2⤵
  PID:8140
- C:\Windows\System\oFfydSA.exe
  C:\Windows\System\oFfydSA.exe
  2⤵
  PID:7396
- C:\Windows\System\ieJsbWV.exe
  C:\Windows\System\ieJsbWV.exe
  2⤵
  PID:6624
- C:\Windows\System\pBdETVD.exe
  C:\Windows\System\pBdETVD.exe
  2⤵
  PID:7320
- C:\Windows\System\fkWbcFi.exe
  C:\Windows\System\fkWbcFi.exe
  2⤵
  PID:7496
- C:\Windows\System\kjJRKEZ.exe
  C:\Windows\System\kjJRKEZ.exe
  2⤵
  PID:7508
- C:\Windows\System\cGKgFkb.exe
  C:\Windows\System\cGKgFkb.exe
  2⤵
  PID:7572
- C:\Windows\System\lQYpTVu.exe
  C:\Windows\System\lQYpTVu.exe
  2⤵
  PID:7680
- C:\Windows\System\wdOHQcQ.exe
  C:\Windows\System\wdOHQcQ.exe
  2⤵
  PID:7340
- C:\Windows\System\YMZfOhh.exe
  C:\Windows\System\YMZfOhh.exe
  2⤵
  PID:7824
- C:\Windows\System\gnFiRaL.exe
  C:\Windows\System\gnFiRaL.exe
  2⤵
  PID:7804
- C:\Windows\System\JscosRW.exe
  C:\Windows\System\JscosRW.exe
  2⤵
  PID:7868
- C:\Windows\System\JnGdbjG.exe
  C:\Windows\System\JnGdbjG.exe
  2⤵
  PID:7300
- C:\Windows\System\slLZRDB.exe
  C:\Windows\System\slLZRDB.exe
  2⤵
  PID:8060
- C:\Windows\System\Rxyjswl.exe
  C:\Windows\System\Rxyjswl.exe
  2⤵
  PID:8128
- C:\Windows\System\mzUNusY.exe
  C:\Windows\System\mzUNusY.exe
  2⤵
  PID:7808
- C:\Windows\System\apMOAoI.exe
  C:\Windows\System\apMOAoI.exe
  2⤵
  PID:8052
- C:\Windows\System\OwnEtBb.exe
  C:\Windows\System\OwnEtBb.exe
  2⤵
  PID:7232
- C:\Windows\System\ZACdSZK.exe
  C:\Windows\System\ZACdSZK.exe
  2⤵
  PID:8172
- C:\Windows\System\KAgzFSm.exe
  C:\Windows\System\KAgzFSm.exe
  2⤵
  PID:7304
- C:\Windows\System\ICYwWuS.exe
  C:\Windows\System\ICYwWuS.exe
  2⤵
  PID:7548
- C:\Windows\System\jmoEyfy.exe
  C:\Windows\System\jmoEyfy.exe
  2⤵
  PID:7712
- C:\Windows\System\TtGSjhg.exe
  C:\Windows\System\TtGSjhg.exe
  2⤵
  PID:7412
- C:\Windows\System\aRpNADP.exe
  C:\Windows\System\aRpNADP.exe
  2⤵
  PID:7600
- C:\Windows\System\BIHpiPh.exe
  C:\Windows\System\BIHpiPh.exe
  2⤵
  PID:7416
- C:\Windows\System\RdDNhDo.exe
  C:\Windows\System\RdDNhDo.exe
  2⤵
  PID:7956
- C:\Windows\System\hzdaaoR.exe
  C:\Windows\System\hzdaaoR.exe
  2⤵
  PID:8068
- C:\Windows\System\tgRGNJR.exe
  C:\Windows\System\tgRGNJR.exe
  2⤵
  PID:7888
- C:\Windows\System\iqCCztd.exe
  C:\Windows\System\iqCCztd.exe
  2⤵
  PID:8028
- C:\Windows\System\LghfXMR.exe
  C:\Windows\System\LghfXMR.exe
  2⤵
  PID:7428
- C:\Windows\System\SevNVxP.exe
  C:\Windows\System\SevNVxP.exe
  2⤵
  PID:7828
- C:\Windows\System\kGGAfIF.exe
  C:\Windows\System\kGGAfIF.exe
  2⤵
  PID:7924
- C:\Windows\System\rONtuQc.exe
  C:\Windows\System\rONtuQc.exe
  2⤵
  PID:8112
- C:\Windows\System\uAGCSel.exe
  C:\Windows\System\uAGCSel.exe
  2⤵
  PID:7732
- C:\Windows\System\iGwKaGl.exe
  C:\Windows\System\iGwKaGl.exe
  2⤵
  PID:7632
- C:\Windows\System\GcRQQlX.exe
  C:\Windows\System\GcRQQlX.exe
  2⤵
  PID:6724
- C:\Windows\System\UKFyIpZ.exe
  C:\Windows\System\UKFyIpZ.exe
  2⤵
  PID:8180
- C:\Windows\System\CzOJDSd.exe
  C:\Windows\System\CzOJDSd.exe
  2⤵
  PID:7260
- C:\Windows\System\WGeVUKw.exe
  C:\Windows\System\WGeVUKw.exe
  2⤵
  PID:7176
- C:\Windows\System\PUkfZps.exe
  C:\Windows\System\PUkfZps.exe
  2⤵
  PID:7460
- C:\Windows\System\nboZwtW.exe
  C:\Windows\System\nboZwtW.exe
  2⤵
  PID:7448
- C:\Windows\System\ZowSAQg.exe
  C:\Windows\System\ZowSAQg.exe
  2⤵
  PID:7180
- C:\Windows\System\IuqgTLe.exe
  C:\Windows\System\IuqgTLe.exe
  2⤵
  PID:7820
- C:\Windows\System\TEmvkCW.exe
  C:\Windows\System\TEmvkCW.exe
  2⤵
  PID:8208
- C:\Windows\System\HUgmgvR.exe
  C:\Windows\System\HUgmgvR.exe
  2⤵
  PID:8232
- C:\Windows\System\iQCRpCM.exe
  C:\Windows\System\iQCRpCM.exe
  2⤵
  PID:8256
- C:\Windows\System\amKrMaQ.exe
  C:\Windows\System\amKrMaQ.exe
  2⤵
  PID:8272
- C:\Windows\System\DLmZbyZ.exe
  C:\Windows\System\DLmZbyZ.exe
  2⤵
  PID:8308
- C:\Windows\System\TIFATyg.exe
  C:\Windows\System\TIFATyg.exe
  2⤵
  PID:8324
- C:\Windows\System\FkPULAx.exe
  C:\Windows\System\FkPULAx.exe
  2⤵
  PID:8340
- C:\Windows\System\DrYyafq.exe
  C:\Windows\System\DrYyafq.exe
  2⤵
  PID:8356
- C:\Windows\System\bdDIUrS.exe
  C:\Windows\System\bdDIUrS.exe
  2⤵
  PID:8376
- C:\Windows\System\lxNuhfY.exe
  C:\Windows\System\lxNuhfY.exe
  2⤵
  PID:8408
- C:\Windows\System\mzXuvxm.exe
  C:\Windows\System\mzXuvxm.exe
  2⤵
  PID:8424
- C:\Windows\System\FdslBxq.exe
  C:\Windows\System\FdslBxq.exe
  2⤵
  PID:8444
- C:\Windows\System\YXZisIW.exe
  C:\Windows\System\YXZisIW.exe
  2⤵
  PID:8468
- C:\Windows\System\PObvTHB.exe
  C:\Windows\System\PObvTHB.exe
  2⤵
  PID:8488
- C:\Windows\System\UhbjtRG.exe
  C:\Windows\System\UhbjtRG.exe
  2⤵
  PID:8508
- C:\Windows\System\wdXfqpx.exe
  C:\Windows\System\wdXfqpx.exe
  2⤵
  PID:8524
- C:\Windows\System\nQSwLIa.exe
  C:\Windows\System\nQSwLIa.exe
  2⤵
  PID:8552
- C:\Windows\System\pbzpAgT.exe
  C:\Windows\System\pbzpAgT.exe
  2⤵
  PID:8572
- C:\Windows\System\NNlxvbP.exe
  C:\Windows\System\NNlxvbP.exe
  2⤵
  PID:8588
- C:\Windows\System\nJdmXvr.exe
  C:\Windows\System\nJdmXvr.exe
  2⤵
  PID:8608
- C:\Windows\System\bhjYRby.exe
  C:\Windows\System\bhjYRby.exe
  2⤵
  PID:8628
- C:\Windows\System\VvqTKRQ.exe
  C:\Windows\System\VvqTKRQ.exe
  2⤵
  PID:8656
- C:\Windows\System\tZZOAIw.exe
  C:\Windows\System\tZZOAIw.exe
  2⤵
  PID:8672
- C:\Windows\System\VuLWlpE.exe
  C:\Windows\System\VuLWlpE.exe
  2⤵
  PID:8696
- C:\Windows\System\rwMuLbk.exe
  C:\Windows\System\rwMuLbk.exe
  2⤵
  PID:8712
- C:\Windows\System\XNJgQLz.exe
  C:\Windows\System\XNJgQLz.exe
  2⤵
  PID:8732
- C:\Windows\System\JuSvQuf.exe
  C:\Windows\System\JuSvQuf.exe
  2⤵
  PID:8748
- C:\Windows\System\elWKrvc.exe
  C:\Windows\System\elWKrvc.exe
  2⤵
  PID:8776
- C:\Windows\System\NWVNBwe.exe
  C:\Windows\System\NWVNBwe.exe
  2⤵
  PID:8792
- C:\Windows\System\IEHDLtu.exe
  C:\Windows\System\IEHDLtu.exe
  2⤵
  PID:8812
- C:\Windows\System\JjsXsAn.exe
  C:\Windows\System\JjsXsAn.exe
  2⤵
  PID:8828
- C:\Windows\System\Iprgstz.exe
  C:\Windows\System\Iprgstz.exe
  2⤵
  PID:8848
- C:\Windows\System\ahndzVw.exe
  C:\Windows\System\ahndzVw.exe
  2⤵
  PID:8876
- C:\Windows\System\oSQHuSc.exe
  C:\Windows\System\oSQHuSc.exe
  2⤵
  PID:8900
- C:\Windows\System\gmHIdpv.exe
  C:\Windows\System\gmHIdpv.exe
  2⤵
  PID:8920
- C:\Windows\System\hlxvDYT.exe
  C:\Windows\System\hlxvDYT.exe
  2⤵
  PID:8936
- C:\Windows\System\sLiZmHH.exe
  C:\Windows\System\sLiZmHH.exe
  2⤵
  PID:8956
- C:\Windows\System\uwvMPjq.exe
  C:\Windows\System\uwvMPjq.exe
  2⤵
  PID:8972
- C:\Windows\System\nYkNnbn.exe
  C:\Windows\System\nYkNnbn.exe
  2⤵
  PID:8988
- C:\Windows\System\pFksMxS.exe
  C:\Windows\System\pFksMxS.exe
  2⤵
  PID:9008
- C:\Windows\System\FVOcIvs.exe
  C:\Windows\System\FVOcIvs.exe
  2⤵
  PID:9028
- C:\Windows\System\XEQtPfL.exe
  C:\Windows\System\XEQtPfL.exe
  2⤵
  PID:9056
- C:\Windows\System\AJQLala.exe
  C:\Windows\System\AJQLala.exe
  2⤵
  PID:9072
- C:\Windows\System\vupLGnZ.exe
  C:\Windows\System\vupLGnZ.exe
  2⤵
  PID:9096
- C:\Windows\System\LldlBVY.exe
  C:\Windows\System\LldlBVY.exe
  2⤵
  PID:9112
- C:\Windows\System\wuQSucm.exe
  C:\Windows\System\wuQSucm.exe
  2⤵
  PID:9140
- C:\Windows\System\dUjNVim.exe
  C:\Windows\System\dUjNVim.exe
  2⤵
  PID:9160
- C:\Windows\System\ZsOsbSq.exe
  C:\Windows\System\ZsOsbSq.exe
  2⤵
  PID:9176
- C:\Windows\System\AYYPvki.exe
  C:\Windows\System\AYYPvki.exe
  2⤵
  PID:9196
- C:\Windows\System\mBfVBQI.exe
  C:\Windows\System\mBfVBQI.exe
  2⤵
  PID:9212
- C:\Windows\System\iTGFwJf.exe
  C:\Windows\System\iTGFwJf.exe
  2⤵
  PID:7464
- C:\Windows\System\HEJofDr.exe
  C:\Windows\System\HEJofDr.exe
  2⤵
  PID:8228
- C:\Windows\System\IyEKzsh.exe
  C:\Windows\System\IyEKzsh.exe
  2⤵
  PID:8288
- C:\Windows\System\kWSAUwW.exe
  C:\Windows\System\kWSAUwW.exe
  2⤵
  PID:8336
- C:\Windows\System\cvHLEUg.exe
  C:\Windows\System\cvHLEUg.exe
  2⤵
  PID:8384
- C:\Windows\System\ecTBFpa.exe
  C:\Windows\System\ecTBFpa.exe
  2⤵
  PID:8388
- C:\Windows\System\opsutmF.exe
  C:\Windows\System\opsutmF.exe
  2⤵
  PID:8404
- C:\Windows\System\cYJZxPY.exe
  C:\Windows\System\cYJZxPY.exe
  2⤵
  PID:8456
- C:\Windows\System\hnOqQqQ.exe
  C:\Windows\System\hnOqQqQ.exe
  2⤵
  PID:8484
- C:\Windows\System\CcwsAxw.exe
  C:\Windows\System\CcwsAxw.exe
  2⤵
  PID:8520
- C:\Windows\System\GNQajxg.exe
  C:\Windows\System\GNQajxg.exe
  2⤵
  PID:8544
- C:\Windows\System\WjJxPQF.exe
  C:\Windows\System\WjJxPQF.exe
  2⤵
  PID:8580
- C:\Windows\System\psjNbJz.exe
  C:\Windows\System\psjNbJz.exe
  2⤵
  PID:8600
- C:\Windows\System\GgkhFTm.exe
  C:\Windows\System\GgkhFTm.exe
  2⤵
  PID:8640
- C:\Windows\System\SpfKxqb.exe
  C:\Windows\System\SpfKxqb.exe
  2⤵
  PID:8668
- C:\Windows\System\xPVUzgz.exe
  C:\Windows\System\xPVUzgz.exe
  2⤵
  PID:8704
- C:\Windows\System\mgnsPHM.exe
  C:\Windows\System\mgnsPHM.exe
  2⤵
  PID:8744
- C:\Windows\System\yndfIIE.exe
  C:\Windows\System\yndfIIE.exe
  2⤵
  PID:8724
- C:\Windows\System\aJNaQkC.exe
  C:\Windows\System\aJNaQkC.exe
  2⤵
  PID:8772
- C:\Windows\System\NPagxNE.exe
  C:\Windows\System\NPagxNE.exe
  2⤵
  PID:8824
- C:\Windows\System\ofqrbXd.exe
  C:\Windows\System\ofqrbXd.exe
  2⤵
  PID:8884
- C:\Windows\System\cOrGVmo.exe
  C:\Windows\System\cOrGVmo.exe
  2⤵
  PID:8932
- C:\Windows\System\GnhEEat.exe
  C:\Windows\System\GnhEEat.exe
  2⤵
  PID:8944
- C:\Windows\System\YiewMfz.exe
  C:\Windows\System\YiewMfz.exe
  2⤵
  PID:8984
- C:\Windows\System\CemojcW.exe
  C:\Windows\System\CemojcW.exe
  2⤵
  PID:9024
- C:\Windows\System\OBCJSol.exe
  C:\Windows\System\OBCJSol.exe
  2⤵
  PID:9040
- C:\Windows\System\LUIhZPs.exe
  C:\Windows\System\LUIhZPs.exe
  2⤵
  PID:9052
- C:\Windows\System\RaIYMGc.exe
  C:\Windows\System\RaIYMGc.exe
  2⤵
  PID:9128
- C:\Windows\System\LRQrxzV.exe
  C:\Windows\System\LRQrxzV.exe
  2⤵
  PID:9156
- C:\Windows\System\qKLwDdS.exe
  C:\Windows\System\qKLwDdS.exe
  2⤵
  PID:9192
- C:\Windows\System\MMnahbm.exe
  C:\Windows\System\MMnahbm.exe
  2⤵
  PID:7668
- C:\Windows\System\UODfiou.exe
  C:\Windows\System\UODfiou.exe
  2⤵
  PID:9208
- C:\Windows\System\WfMwDzX.exe
  C:\Windows\System\WfMwDzX.exe
  2⤵
  PID:8304
- C:\Windows\System\HknMijv.exe
  C:\Windows\System\HknMijv.exe
  2⤵
  PID:8368
- C:\Windows\System\LbOKaSw.exe
  C:\Windows\System\LbOKaSw.exe
  2⤵
  PID:8420
- C:\Windows\System\XeAoSZl.exe
  C:\Windows\System\XeAoSZl.exe
  2⤵
  PID:8464
- C:\Windows\System\xrgYcai.exe
  C:\Windows\System\xrgYcai.exe
  2⤵
  PID:8596
- C:\Windows\System\VXUCXyG.exe
  C:\Windows\System\VXUCXyG.exe
  2⤵
  PID:8664
- C:\Windows\System\tWLLIub.exe
  C:\Windows\System\tWLLIub.exe
  2⤵
  PID:8620
- C:\Windows\System\jBGXfwg.exe
  C:\Windows\System\jBGXfwg.exe
  2⤵
  PID:8624
- C:\Windows\System\jTmnYeG.exe
  C:\Windows\System\jTmnYeG.exe
  2⤵
  PID:8768
- C:\Windows\System\caWwHDI.exe
  C:\Windows\System\caWwHDI.exe
  2⤵
  PID:8804
- C:\Windows\System\vPZujdT.exe
  C:\Windows\System\vPZujdT.exe
  2⤵
  PID:8840
- C:\Windows\System\DNPLzaX.exe
  C:\Windows\System\DNPLzaX.exe
  2⤵
  PID:8868
- C:\Windows\System\qpYarUM.exe
  C:\Windows\System\qpYarUM.exe
  2⤵
  PID:8892
- C:\Windows\System\dTkvBmn.exe
  C:\Windows\System\dTkvBmn.exe
  2⤵
  PID:8916
- C:\Windows\System\jCWZetI.exe
  C:\Windows\System\jCWZetI.exe
  2⤵
  PID:9064
- C:\Windows\System\tCckNgZ.exe
  C:\Windows\System\tCckNgZ.exe
  2⤵
  PID:9092
- C:\Windows\System\VEBJohq.exe
  C:\Windows\System\VEBJohq.exe
  2⤵
  PID:9136
- C:\Windows\System\tchzoDv.exe
  C:\Windows\System\tchzoDv.exe
  2⤵
  PID:9172
- C:\Windows\System\gXaDBdC.exe
  C:\Windows\System\gXaDBdC.exe
  2⤵
  PID:8248
- C:\Windows\System\WNSdIHK.exe
  C:\Windows\System\WNSdIHK.exe
  2⤵
  PID:8888
- C:\Windows\System\rbFOBre.exe
  C:\Windows\System\rbFOBre.exe
  2⤵
  PID:8364
- C:\Windows\System\emdZZzv.exe
  C:\Windows\System\emdZZzv.exe
  2⤵
  PID:8440
- C:\Windows\System\AEkEQco.exe
  C:\Windows\System\AEkEQco.exe
  2⤵
  PID:8372
- C:\Windows\System\yvHLYug.exe
  C:\Windows\System\yvHLYug.exe
  2⤵
  PID:8652
- C:\Windows\System\ehegSVG.exe
  C:\Windows\System\ehegSVG.exe
  2⤵
  PID:8564
- C:\Windows\System\WSSBJDX.exe
  C:\Windows\System\WSSBJDX.exe
  2⤵
  PID:9108
- C:\Windows\System\tCbytKa.exe
  C:\Windows\System\tCbytKa.exe
  2⤵
  PID:9188
- C:\Windows\System\xGWPPtu.exe
  C:\Windows\System\xGWPPtu.exe
  2⤵
  PID:8452
- C:\Windows\System\gtUNeuL.exe
  C:\Windows\System\gtUNeuL.exe
  2⤵
  PID:9068
- C:\Windows\System\baefUPn.exe
  C:\Windows\System\baefUPn.exe
  2⤵
  PID:9036
- C:\Windows\System\ifTTvLV.exe
  C:\Windows\System\ifTTvLV.exe
  2⤵
  PID:8316
- C:\Windows\System\ffKuGBv.exe
  C:\Windows\System\ffKuGBv.exe
  2⤵
  PID:8820
- C:\Windows\System\TwutyES.exe
  C:\Windows\System\TwutyES.exe
  2⤵
  PID:8908
- C:\Windows\System\DwjfbQI.exe
  C:\Windows\System\DwjfbQI.exe
  2⤵
  PID:8788
- C:\Windows\System\tiMVizi.exe
  C:\Windows\System\tiMVizi.exe
  2⤵
  PID:8480
- C:\Windows\System\DIWLPFK.exe
  C:\Windows\System\DIWLPFK.exe
  2⤵
  PID:8264
- C:\Windows\System\eIIgLGh.exe
  C:\Windows\System\eIIgLGh.exe
  2⤵
  PID:8756
- C:\Windows\System\PMddUmu.exe
  C:\Windows\System\PMddUmu.exe
  2⤵
  PID:8692
- C:\Windows\System\VUHGysF.exe
  C:\Windows\System\VUHGysF.exe
  2⤵
  PID:8504
- C:\Windows\System\wEzQKjX.exe
  C:\Windows\System\wEzQKjX.exe
  2⤵
  PID:8968
- C:\Windows\System\SrlNcDm.exe
  C:\Windows\System\SrlNcDm.exe
  2⤵
  PID:8864
- C:\Windows\System\tcqYGhn.exe
  C:\Windows\System\tcqYGhn.exe
  2⤵
  PID:9000
- C:\Windows\System\iXfVtEh.exe
  C:\Windows\System\iXfVtEh.exe
  2⤵
  PID:9084
- C:\Windows\System\lZNlonD.exe
  C:\Windows\System\lZNlonD.exe
  2⤵
  PID:8844
- C:\Windows\System\lfHwLkh.exe
  C:\Windows\System\lfHwLkh.exe
  2⤵
  PID:8996
- C:\Windows\System\KaYDqtS.exe
  C:\Windows\System\KaYDqtS.exe
  2⤵
  PID:9236
- C:\Windows\System\QohwHWS.exe
  C:\Windows\System\QohwHWS.exe
  2⤵
  PID:9252
- C:\Windows\System\YLxfFnk.exe
  C:\Windows\System\YLxfFnk.exe
  2⤵
  PID:9280
- C:\Windows\System\ocyRsvc.exe
  C:\Windows\System\ocyRsvc.exe
  2⤵
  PID:9296
- C:\Windows\System\xvwHRWJ.exe
  C:\Windows\System\xvwHRWJ.exe
  2⤵
  PID:9312
- C:\Windows\System\CAqAAJy.exe
  C:\Windows\System\CAqAAJy.exe
  2⤵
  PID:9336
- C:\Windows\System\jIXyshn.exe
  C:\Windows\System\jIXyshn.exe
  2⤵
  PID:9352
- C:\Windows\System\NxUhULe.exe
  C:\Windows\System\NxUhULe.exe
  2⤵
  PID:9368
- C:\Windows\System\OlpwsEv.exe
  C:\Windows\System\OlpwsEv.exe
  2⤵
  PID:9384
- C:\Windows\System\owPIBOG.exe
  C:\Windows\System\owPIBOG.exe
  2⤵
  PID:9400
- C:\Windows\System\sTyDzWG.exe
  C:\Windows\System\sTyDzWG.exe
  2⤵
  PID:9416
- C:\Windows\System\OuETilG.exe
  C:\Windows\System\OuETilG.exe
  2⤵
  PID:9444
- C:\Windows\System\vggcAnS.exe
  C:\Windows\System\vggcAnS.exe
  2⤵
  PID:9464
- C:\Windows\System\sVBtBmJ.exe
  C:\Windows\System\sVBtBmJ.exe
  2⤵
  PID:9496
- C:\Windows\System\SIOkGlF.exe
  C:\Windows\System\SIOkGlF.exe
  2⤵
  PID:9512
- C:\Windows\System\aExfiJq.exe
  C:\Windows\System\aExfiJq.exe
  2⤵
  PID:9536
- C:\Windows\System\mziSqHv.exe
  C:\Windows\System\mziSqHv.exe
  2⤵
  PID:9552
- C:\Windows\System\keFsHbv.exe
  C:\Windows\System\keFsHbv.exe
  2⤵
  PID:9576
- C:\Windows\System\PxZLnHt.exe
  C:\Windows\System\PxZLnHt.exe
  2⤵
  PID:9592
- C:\Windows\System\jpEttuv.exe
  C:\Windows\System\jpEttuv.exe
  2⤵
  PID:9608
- C:\Windows\System\bxJzCnu.exe
  C:\Windows\System\bxJzCnu.exe
  2⤵
  PID:9624
- C:\Windows\System\tyevGwD.exe
  C:\Windows\System\tyevGwD.exe
  2⤵
  PID:9644
- C:\Windows\System\cnbJzfB.exe
  C:\Windows\System\cnbJzfB.exe
  2⤵
  PID:9672
- C:\Windows\System\gDObRRq.exe
  C:\Windows\System\gDObRRq.exe
  2⤵
  PID:9688
- C:\Windows\System\jZbvXrJ.exe
  C:\Windows\System\jZbvXrJ.exe
  2⤵
  PID:9708
- C:\Windows\System\lyiwKaf.exe
  C:\Windows\System\lyiwKaf.exe
  2⤵
  PID:9740
- C:\Windows\System\MrJAtHJ.exe
  C:\Windows\System\MrJAtHJ.exe
  2⤵
  PID:9764
- C:\Windows\System\ykAhctV.exe
  C:\Windows\System\ykAhctV.exe
  2⤵
  PID:9780
- C:\Windows\System\giCpjEu.exe
  C:\Windows\System\giCpjEu.exe
  2⤵
  PID:9800
- C:\Windows\System\BySgklv.exe
  C:\Windows\System\BySgklv.exe
  2⤵
  PID:9820
- C:\Windows\System\hIYbxzB.exe
  C:\Windows\System\hIYbxzB.exe
  2⤵
  PID:9840
- C:\Windows\System\FlUUktO.exe
  C:\Windows\System\FlUUktO.exe
  2⤵
  PID:9856
- C:\Windows\System\AePsWKj.exe
  C:\Windows\System\AePsWKj.exe
  2⤵
  PID:9872
- C:\Windows\System\TleNDaW.exe
  C:\Windows\System\TleNDaW.exe
  2⤵
  PID:9900
- C:\Windows\System\XKTSbpL.exe
  C:\Windows\System\XKTSbpL.exe
  2⤵
  PID:9916
- C:\Windows\System\obdXjpw.exe
  C:\Windows\System\obdXjpw.exe
  2⤵
  PID:9932
- C:\Windows\System\jxoCawF.exe
  C:\Windows\System\jxoCawF.exe
  2⤵
  PID:9948
- C:\Windows\System\pMNKvmU.exe
  C:\Windows\System\pMNKvmU.exe
  2⤵
  PID:9964
- C:\Windows\System\ZGZFtQY.exe
  C:\Windows\System\ZGZFtQY.exe
  2⤵
  PID:9980
- C:\Windows\System\uYdWxDf.exe
  C:\Windows\System\uYdWxDf.exe
  2⤵
  PID:9996
- C:\Windows\System\dIDzxcE.exe
  C:\Windows\System\dIDzxcE.exe
  2⤵
  PID:10012
- C:\Windows\System\pGqbKiv.exe
  C:\Windows\System\pGqbKiv.exe
  2⤵
  PID:10028
- C:\Windows\System\jjrvAYJ.exe
  C:\Windows\System\jjrvAYJ.exe
  2⤵
  PID:10064
- C:\Windows\System\KtKOcQh.exe
  C:\Windows\System\KtKOcQh.exe
  2⤵
  PID:10080
- C:\Windows\System\FwKqCaL.exe
  C:\Windows\System\FwKqCaL.exe
  2⤵
  PID:10104
- C:\Windows\System\kQDlRSf.exe
  C:\Windows\System\kQDlRSf.exe
  2⤵
  PID:10124
- C:\Windows\System\SJULSDM.exe
  C:\Windows\System\SJULSDM.exe
  2⤵
  PID:10140
- C:\Windows\System\mBpVnvZ.exe
  C:\Windows\System\mBpVnvZ.exe
  2⤵
  PID:10156
- C:\Windows\System\tIDVPaU.exe
  C:\Windows\System\tIDVPaU.exe
  2⤵
  PID:10184
- C:\Windows\System\odjbQvm.exe
  C:\Windows\System\odjbQvm.exe
  2⤵
  PID:10200
- C:\Windows\System\VHrtLdK.exe
  C:\Windows\System\VHrtLdK.exe
  2⤵
  PID:10216
- C:\Windows\System\dlLvOCo.exe
  C:\Windows\System\dlLvOCo.exe
  2⤵
  PID:10232
- C:\Windows\System\THyxIDc.exe
  C:\Windows\System\THyxIDc.exe
  2⤵
  PID:9224
- C:\Windows\System\HzGibEr.exe
  C:\Windows\System\HzGibEr.exe
  2⤵
  PID:9248
- C:\Windows\System\exXarDd.exe
  C:\Windows\System\exXarDd.exe
  2⤵
  PID:9276
- C:\Windows\System\rgAQjBk.exe
  C:\Windows\System\rgAQjBk.exe
  2⤵
  PID:9320
- C:\Windows\System\xrVfCRj.exe
  C:\Windows\System\xrVfCRj.exe
  2⤵
  PID:9360
- C:\Windows\System\VpzPFST.exe
  C:\Windows\System\VpzPFST.exe
  2⤵
  PID:9304
- C:\Windows\System\yXzeViq.exe
  C:\Windows\System\yXzeViq.exe
  2⤵
  PID:9344
- C:\Windows\System\XYCFYEx.exe
  C:\Windows\System\XYCFYEx.exe
  2⤵
  PID:9484
- C:\Windows\System\DfUTFms.exe
  C:\Windows\System\DfUTFms.exe
  2⤵
  PID:9308
- C:\Windows\System\ESrnFdq.exe
  C:\Windows\System\ESrnFdq.exe
  2⤵
  PID:9456
- C:\Windows\System\amucCbe.exe
  C:\Windows\System\amucCbe.exe
  2⤵
  PID:9508
- C:\Windows\System\YYjSUrl.exe
  C:\Windows\System\YYjSUrl.exe
  2⤵
  PID:9560
- C:\Windows\System\nCKjKOW.exe
  C:\Windows\System\nCKjKOW.exe
  2⤵
  PID:9600
- C:\Windows\System\urqxeLk.exe
  C:\Windows\System\urqxeLk.exe
  2⤵
  PID:9544
- C:\Windows\System\EYvciBe.exe
  C:\Windows\System\EYvciBe.exe
  2⤵
  PID:9660
- C:\Windows\System\QlvocyR.exe
  C:\Windows\System\QlvocyR.exe
  2⤵
  PID:9652
- C:\Windows\System\rOsiPNc.exe
  C:\Windows\System\rOsiPNc.exe
  2⤵
  PID:9696
- C:\Windows\System\fnqNExT.exe
  C:\Windows\System\fnqNExT.exe
  2⤵
  PID:9704
- C:\Windows\System\TroFoOo.exe
  C:\Windows\System\TroFoOo.exe
  2⤵
  PID:9736
- C:\Windows\System\qunXGDa.exe
  C:\Windows\System\qunXGDa.exe
  2⤵
  PID:9752
- C:\Windows\System\FlgXOwK.exe
  C:\Windows\System\FlgXOwK.exe
  2⤵
  PID:9796
- C:\Windows\System\xbCrfOS.exe
  C:\Windows\System\xbCrfOS.exe
  2⤵
  PID:9836
- C:\Windows\System\hpzQITO.exe
  C:\Windows\System\hpzQITO.exe
  2⤵
  PID:9908
- C:\Windows\System\gyTAEZR.exe
  C:\Windows\System\gyTAEZR.exe
  2⤵
  PID:9972
- C:\Windows\System\fqSnbfS.exe
  C:\Windows\System\fqSnbfS.exe
  2⤵
  PID:10044
- C:\Windows\System\ZvwHEjL.exe
  C:\Windows\System\ZvwHEjL.exe
  2⤵
  PID:9808
- C:\Windows\System\SkwwBqM.exe
  C:\Windows\System\SkwwBqM.exe
  2⤵
  PID:10100
- C:\Windows\System\ElSShkK.exe
  C:\Windows\System\ElSShkK.exe
  2⤵
  PID:9880
- C:\Windows\System\vOqftgV.exe
  C:\Windows\System\vOqftgV.exe
  2⤵
  PID:9852
- C:\Windows\System\DrGearj.exe
  C:\Windows\System\DrGearj.exe
  2⤵
  PID:9956
- C:\Windows\System\UlBQLgU.exe
  C:\Windows\System\UlBQLgU.exe
  2⤵
  PID:10168
- C:\Windows\System\txXbbfc.exe
  C:\Windows\System\txXbbfc.exe
  2⤵
  PID:10148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ACWPjst.exe

Filesize
6.0MB

MD5
3383b6c026696614c3febced20a73b6e

SHA1
1da45a2011154e6237addbba6ac561b9736c6aa8

SHA256
e515d32474afe94820cda3f23858174968292e393b7862a378e9595fce55f232

SHA512
8b5b263f277a49c469608bc083b95a5d908117ee641ad6e9a7a375f10daa81599e10f4483aaf2ab9c98f143c6abe5c2e77521750d76786174df88d979ef880ad

Download Submit
C:\Windows\system\BrrxpGS.exe

Filesize
6.0MB

MD5
17e92d40e96a680116ba185756d8229a

SHA1
b05ded5e012cfdc1de583ecd9562ac3f970361e1

SHA256
5c4f333628669c5f815ea810adf7e310277987d82089f80c6fff4ce1085d74f3

SHA512
07337e21203db5315f9af30e62aa11b0107da8ada8b31849a1e9c7ba99f6afbf0e89e1d45180d71b4603bc59f7dca8af1a3f4d8671501ebe7f651c6c7512d631

Download Submit
C:\Windows\system\DuDTkZq.exe

Filesize
6.0MB

MD5
491ba62ca774430d7c36d4fd9aa1bd7d

SHA1
7fe2ea1a575baa438572c5329d3b80424dabded5

SHA256
bdc513bc899ffb742d63fe496407d44eeff6100fcba11e2cefeb25cf9ca7c8f7

SHA512
4a26d8d74f1c7e381e7864897ef0634055676d0a277c4ea7c447f5df2ae81dd766d6f506b89de2b2687a5c175a20cf9a73ed0a09d78009eba2ac6a053cee1a03

Download Submit
C:\Windows\system\DypJnaa.exe

Filesize
6.0MB

MD5
672914a907a5b0e00b41cc80720118a6

SHA1
26cada99c41a350102a02cfac522b1403bc7b9e8

SHA256
41901ddd1dfec12fabe867d2db357bfdc3a0e9026c6f2168db8bdf092485d4e8

SHA512
42f5b324e1ac27b6f6720057f61c112d9664b7c8c2e65d1980f984877389e0bbcb3b67a0e82c9433199ef3de87d53ed4632bf3c480399e302734b35c93ac722c

Download Submit
C:\Windows\system\EMrBBmA.exe

Filesize
6.0MB

MD5
fbc15e53dc1eb9a451a87b2380d39290

SHA1
42a8e1ab0c51bf8032e7f38756ffbdb787b71ecc

SHA256
28929c4485f7aafa53bd76656dee3224c6cb5fa92759579719ec74d57a8fcd0f

SHA512
5263825ccf10cd31d40da1c9e56d52c4196558da62c7924cd90d0d1f86bfb88e7a784bb88db3f37dbabaf545114a69b50437358dd2c1514e32985c1c77a046f4

Download Submit
C:\Windows\system\EczpOvs.exe

Filesize
6.0MB

MD5
24ea9da8551d213d869cc64f5c79e01c

SHA1
8f28f12e4eb7fdc384a26cb43ab27f7985bb9786

SHA256
01f4089379b7e7eb742f313a4acbf6493183aa7a0c044d70777fb3d8cfc6b8af

SHA512
06e23dab49b6a4af9647626d85a7a6670c51a29ef5441af10d62768abdd62e76d581a27ad90998d653b07952fed4b53c6fb6c43baff3e6ba0d727d08c9713b5e

Download Submit
C:\Windows\system\FcCwMiT.exe

Filesize
6.0MB

MD5
2ed74ddaed3f0efc80de35250fdb4dc3

SHA1
b86bcd7a577d126666021646912a21f05869aa5c

SHA256
d46b3136473e9c2db1c4a09b78c019a09ad0c53357ee8113fce5c4bbc564fff0

SHA512
8435d23da4f9c8adf75e0598908ba355713c54d7cee949437223656c8004242f43fc86ce6f9af82e3f7e5a70a0a242266df159ec920b8b58bc65065a09bf2579

Download Submit
C:\Windows\system\FnCyEsC.exe

Filesize
6.0MB

MD5
df9aa7330866916ea4352a793ed77131

SHA1
bd6c8fdefb41d7889b43713f9925bf0f6919d53b

SHA256
01ec77a9f5a4e6a5a298f94fee7659466259b927f45b10e38c51b6ba33905ba9

SHA512
84c891e82674d1963e438d55b38c7ab733d700912d6fb901bff6aa454617b865eec1810d8368a5366629ab35ef41835865d73297713cb956a0bdcbba2b630ac5

Download Submit
C:\Windows\system\GWZAJxk.exe

Filesize
6.0MB

MD5
e5ae9676d67ff5a598b08d024a9e55a2

SHA1
d22ef5aafe71663e1668d497036f46d0a5a976cb

SHA256
fb99ec5abab46ca32aad8dee87fa144ad5def07e5522ef134186cd71f4f903e4

SHA512
bfbe943ddad2747c1af5ded746e242fa0e58c6473d43a5ffe3b2d3061f76b860b458bdc3568d5969eee2feab3151da13ce1abc10ff494aa540c63ea04e67d7f0

Download Submit
C:\Windows\system\HCGxfbd.exe

Filesize
6.0MB

MD5
064c160fbb2fa492f59de7caa49eae68

SHA1
e966868440f596c48fb67f129ad9d0623669b32d

SHA256
4566419d80f70e82ea9afa52d83b550123217bbb1b42fac2cde9d5a320809308

SHA512
60dc3426e57093f537eb76cce12e1bdc381afc8ec296ab14dadfa7b7581a692f74fecc7d4b57dd32e671e22395c842b84ea0cb2d46e2c37fa7668bea1eaa809d

Download Submit
C:\Windows\system\HnltSdP.exe

Filesize
6.0MB

MD5
1c96b4e2d671421820be6969672abf7b

SHA1
e24fed1eb9bc17d98fe3bf90a59e605e54529e29

SHA256
86a6ec313c7204e038bf20c2d4de3aa09c5dc7d19da8dc75dc45a6d4da079bc3

SHA512
12ee330af39e77f13d5989b8bc7243a02c262d6a6c3ffa38afa4edea529b8868ea6da6e08e21afb9e5e9934e7684535b5033947a165a20ec328c077ef2964686

Download Submit
C:\Windows\system\ROauJJZ.exe

Filesize
6.0MB

MD5
bd8e7b920cccac3874b4934f25357ad3

SHA1
26c7699d709d97da02fec4a5e25670c33076b498

SHA256
39dd220b426ba9a50b84ccb9d5b2de22d1e364bf0a4eec612e5f23ce7039d223

SHA512
e5450e29db6c96890c524e36a920d17746dd07cc71ed8d349aef6d6d4723ca1a750a138046285051bc4c58021dc29d653f626018503cd1c442c64ddeb2c8d530

Download Submit
C:\Windows\system\RqgrrDl.exe

Filesize
6.0MB

MD5
677449867673c995d13c0154c3874a84

SHA1
cd63caeabd00725122fe080bc3bf52c661d7568d

SHA256
ddd9716ee14eaa67051d1a16776d00cf3838735491b8d2219fcd4aa32fab04c5

SHA512
e2b15ea6bcb0d5806e0d0b202c297bc0adc241622fb6c1b453d68d46f5edf98d889bd53854cd871e1fe5d9d02dd9311f08d3b593cf881ab76668004a28d3d0b3

Download Submit
C:\Windows\system\SPiDROr.exe

Filesize
6.0MB

MD5
6e9b22a5a875972e02fe2a6bd87a461f

SHA1
23bbd756caa594f37ac3c34fb08361cef3239ee1

SHA256
f0e6ff95716b246204ae10634171348ad8e790928c894abebb8273490f8acf7c

SHA512
6e114f2984c184cd91d4073da665ad46ad4371c5a109b119b731465e083ac06c683a44cae7b23b3819ed305c69fa03c9f9ad4ea987ae8aed25027dc5c1bb9842

Download Submit
C:\Windows\system\SmzjXXZ.exe

Filesize
6.0MB

MD5
c03705c968e7a846d3a4107cedf65dd5

SHA1
f2a1ad47e7a84bf74352db44fccc8c6f68f01262

SHA256
72187ebd200b8af428a77d356a128d3e0aa6be4bd244f60dd0e9172895b865c8

SHA512
1bc7ecff264c7ae8f0f614798d2b966b025f9ab58c40afb32f680c486fcbeb398482ea3878ec223acc3ee06cbb8e75f19b19130fb65f39be7fb9b3ffc24193e0

Download Submit
C:\Windows\system\TSDwYcA.exe

Filesize
6.0MB

MD5
ad571115b5bfa212c74b87f39c758c57

SHA1
d358c7c80518165b57ea52eb41fabf83fb2dee3d

SHA256
7edf7e499ee628b153c354cedb47ba96b0d4738d303872366610173683175747

SHA512
899ed2b4b0115ff7a22e4d0052784e3581955515dd65338275efaa93db2ac1bab2bd114133e31476f79a9db8a43c591d55d755442f61382dfaa9d13835c8a074

Download Submit
C:\Windows\system\WnAAbgB.exe

Filesize
6.0MB

MD5
c0ad7cacc96a403cef5900160ba91054

SHA1
83ebd16119775135794971fb5e0a577945f63e84

SHA256
3ceba45e7a46127ea3c6c2932b40260f3735351461191c9d371b14487ba0503a

SHA512
d0e290f5ddf0d5f807e31cb234cb2449875bb9f7357933b888aa9d49745468d2d952a3a54f71ced4e7227a5586ecee00b87da228399852bb107132d55dd50129

Download Submit
C:\Windows\system\XEWBfuy.exe

Filesize
6.0MB

MD5
0c0353de3fc8d64bc7ccb6b29fc71fa7

SHA1
9d5c32938fc62019d343191ede3b6842690678c7

SHA256
e01bc3635a7e535b3534d7f9fc32c3ae8059c96389e15476d8ff3888c97a2e34

SHA512
d98eba30330d51a645df46195e24c4713883592dcef7d866c18b486f75d6e7e7abeab0d0d909aa104f44d40c77923af61cc3df5926d22debbf8a6095fa47d752

Download Submit
C:\Windows\system\gtXuGwa.exe

Filesize
6.0MB

MD5
d8320fbf716c98dfba3c1026fdfd9ce3

SHA1
7f46784789c87531e7f270c4cf06370bfdd0ed3b

SHA256
4037bf35480fd4fd9648e05070c92f4f2672d4e1f953623628751cb55ec83094

SHA512
f2f0fc0087e2f25d4ece612498cd0c81a44f8146e344972e04d2264fe5a79fbd864a25b6c8479e15ac95839cea133530d5bb8ac075a81403f070a0e4cc804db5

Download Submit
C:\Windows\system\kZTKSpz.exe

Filesize
6.0MB

MD5
88e92f1b17ec8fcb8c2dfac72bcb786b

SHA1
fb11e40c51159a19b49314a66e4a9ed7f57b3b6b

SHA256
892783c771800dfe3ad228b42c06a54f8e05edd59eb9f1c5a0ac39891d71f6fd

SHA512
82448d31be4d24b4b94db568bf2c3aacf1f94cb5b2379bdc455de38fc4f3053afcf023b2d45d16dc255bd9159d7ba21c61d417bbdf80fff9144cc8cf0c01b058

Download Submit
C:\Windows\system\kdRtgVR.exe

Filesize
6.0MB

MD5
cdff8f19836988bce203aae13a4d0f3b

SHA1
57bcb210da8a8b457593b372f1b4cbcea31d3889

SHA256
b52fe1d7aa1da5c01a660a9c7ed478634d7055fe441ba38805961a35a6cbd079

SHA512
e3cc44098da36446b7e0da82dc66ed4525954de9f84c884e3d8b772509dcefbd712f289a5e84f06c6d15c8db09c3b5cb884c9284a2400f6419306f7a7d301d5a

Download Submit
C:\Windows\system\lILURcq.exe

Filesize
6.0MB

MD5
d80bfb6dffb8f8ccb1e8ed305a13e659

SHA1
99aa0dc8ccb1d9839d808ea59f50803316d2f273

SHA256
562880920857a07def2a44c401782c9049677e82a61a0614ecf15e6157d5283f

SHA512
5b8bd494a67ab070d73aee5943627f518593d7e0f413c3a8727f4f789c2905138f805cc21ea613b992716da69bed0b402d453a6a3035725a59f03835cbe221b0

Download Submit
C:\Windows\system\vBicbLL.exe

Filesize
6.0MB

MD5
4e061e470aab75ee389770ad7c074596

SHA1
7e351c166152d469b8527ef83f6c4a41238f9743

SHA256
1c37e2e38ec59ede084219a24d4e6ef77b29e75bdd87ed3cfd536ff425b556d4

SHA512
8470d4390405ecafa44f23854fc88f7fe99f27c79ac1f1bb03c8098c497bb21fd10f273cefb0b3566af9e927d9dd74737cc41831b923680770c60d79e73b1866

Download Submit
C:\Windows\system\vvWznev.exe

Filesize
6.0MB

MD5
3d78768fcefcb30fff3db48a7e83b23f

SHA1
b3b892479d08881d56d79a5d326c6578412cdae5

SHA256
b25826dc3b7f54bff792a1560d16c394fa6c4a14b353a543967271bcd109b525

SHA512
92bed0b957bd12ee5302d4805d7faefdc74c43aadb847a0637b032f9c868543dd763ebd5176719267b534b3c99c797dd8d706e88305bb0c1ca40725f19d9c3b1

Download Submit
C:\Windows\system\zkbTGxS.exe

Filesize
6.0MB

MD5
a49c92ed13ca552ff8d6d285ecda72b1

SHA1
9e7aa40efcb5c4f0b62db499ebb07dd5506cd335

SHA256
945425fcf7f3f1f955783e5c3fa48a5030dfb269acf59b5cbd69b437d550836c

SHA512
88b0fc239f8814e3252faa0357616150e2cf0dd11d607f93f05f75fe6786e48dbeadc8985045f503d72a3e0125dc3f96be7fe4dd72b80690075408fd1930cfc8

Download Submit
C:\Windows\system\zsVwnAr.exe

Filesize
6.0MB

MD5
801841c074356c55d4aace87ea7a00f6

SHA1
f950b123f8e574154f4d7f66e7de63cdce159a23

SHA256
8bca9c86371ccad2bfec6504a4c928180379d895dd4c0389f7a5cc24542f8cfb

SHA512
4a831d9b5aab8dd0ac98e0479cb141ef2941bd5e0cbc5b5241531392af7bf148b5dff6746544d05ba229589214a006dacbd76f9f2251cc09ad1e482fa0007ea6

Download Submit
\Windows\system\NnwedLf.exe

Filesize
6.0MB

MD5
3719d54864ce8343fcb3376db6cd71ef

SHA1
2a9291603a4ebee6229a9cd0a3ea3d26b054a0ce

SHA256
c38453655b1513357fd56b768340173237c5acc8ae96cf9b5666f3a0602cab80

SHA512
b2538185674cb27beaa028ae4245a8bd1dac7b8ce41dff36453f1c67eacacb7b95bba654262032b09a7af5590fd9008614827466719c4cd2fa926372ee3ff8f8

Download Submit
\Windows\system\bPQLawM.exe

Filesize
6.0MB

MD5
8d743230707014d7549f9fee46dbf83b

SHA1
53f01dc4e23955b88153705777add6128f508d48

SHA256
d56b17aa64b5b0e13f308b2c2a278cdea7da159f0d32c9829efb2c4d57670d47

SHA512
1448274298f85108dd1108582057273043fe3efde412f43255f780477349e14c7d63254ccb72ba8a6e96d74107072bd0e54b618db1064104e42c9874236ea538

Download Submit
\Windows\system\bdSyOEh.exe

Filesize
6.0MB

MD5
2861bae9e7e999ea5819f226835cd51c

SHA1
91561fcd02a4d0fd5804b97fd36ce6871a5e58d7

SHA256
75275ab892efab938b1474ae1990795221a6d2f0e93fa407c3ce786440d3588d

SHA512
8c37cea50d96d3a47b2082a88eed3e3d8f7df292f130ed06ea4ed2612922d4712dbe3ba972d8d43ba7b2d721a84464de259afe03da7ecbf7316be79fdb510b71

Download Submit
\Windows\system\ffBNEht.exe

Filesize
6.0MB

MD5
bcb0d6b7414c000d6f6020d0691ff9b8

SHA1
d28a57abef549f0c3abc3ae9273d84b66ad4b0e7

SHA256
5edb0f7bfc2ae086b7f287133f57169909018838a458bc8908c30c6d87f6a713

SHA512
a15bbbcf803df1685505063c479272e7bbee171f490dbd208988489bb6702d1af451c0a4134a461c377c9a8bc3c7cc3b66cba3c1ea20487ae0820327a2aabecf

Download Submit
\Windows\system\hIVfdUZ.exe

Filesize
6.0MB

MD5
7e35638a471614cbbd414de2e26af12f

SHA1
fec92b625b69808924a891525ee9796f686d324d

SHA256
98040386067694ad8b9e02fb3666e35d52e0a82194e34eda457b23a824d078fa

SHA512
d2be095143a7004b3c0a2eb2eaba3a962f97292414b4bd1b61c422c3b62b7ce2d4001c410b75aea9be90e594443016474afbacaa89cc450735b1c79228a1082e

Download Submit
\Windows\system\wvejQcI.exe

Filesize
6.0MB

MD5
0207f8afaf0c4d6842f0de1e01e11f9d

SHA1
2be607402ed8ea3afb7c0ba2a075d3f230a6a7ae

SHA256
2a940df39eb23f5b92a40d45156b20ad40e5dae49777ed3134791532e2dd560d

SHA512
7c1c7d420d848707c93ff925257b565b876a9472f995351737742b9ff98a1411828f45810d451ba108ac54c701f4cbe01fb43765e5fb884e2e1cc75734e4cf01

Download Submit
memory/560-50-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/560-3482-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/560-20-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2000-816-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2000-103-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2000-4015-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2112-77-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2112-4020-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2152-109-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2152-4029-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2172-3510-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2172-8-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2200-58-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-4018-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-43-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2344-87-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2344-548-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-549-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-642-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-815-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-1-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2344-45-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2344-0-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2344-44-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2344-31-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-28-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-104-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2344-38-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2344-102-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-29-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2344-98-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-97-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2344-89-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-381-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-13-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2344-67-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-55-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-57-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-4013-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-93-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-3478-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2636-25-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2696-34-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2696-74-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3550-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2700-42-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2700-3862-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2700-108-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/3004-27-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/3004-3496-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/3016-4016-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/3016-101-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download