cobaltstrike | 51d6be3164187f95145f95794eb8001ab1d57b5fd0de22e24e7f116a1d57c30a

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
13/12/2024, 17:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

24a8dbac557825bc013f5a4911275f33
SHA1

8c4e921d4dfcd67aa1645edae858407486e8a7ed
SHA256

51d6be3164187f95145f95794eb8001ab1d57b5fd0de22e24e7f116a1d57c30a
SHA512

0c1af532665c57ec66c780644b9934c022cedfc28ed7b0d7f0b4a70ab3023372c79c44c2c7c57ccd1d17b4a7741ffc2a35712855e632c7f26041975f17e37422
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUI:T+q56utgpPF8u/7I

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b0000000122cf-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193e8-10.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001949e-14.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194cd-35.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194c4-41.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019524-51.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c3-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c5-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c1-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a9-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-78.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-61.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-69.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194d2-48.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001933b-25.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1960-0-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x000b0000000122cf-3.dat	xmrig
behavioral1/memory/1440-9-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x00070000000193e8-10.dat	xmrig
behavioral1/files/0x000600000001949e-14.dat	xmrig
behavioral1/files/0x00060000000194cd-35.dat	xmrig
behavioral1/memory/1960-37-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2152-40-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/files/0x00060000000194c4-41.dat	xmrig
behavioral1/memory/2808-42-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2696-28-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019524-51.dat	xmrig
behavioral1/memory/2780-55-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2336-49-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2432-70-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/1876-71-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41e-82.dat	xmrig
behavioral1/memory/1100-87-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/1796-95-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a48d-115.dat	xmrig
behavioral1/memory/1796-742-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/3016-881-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/1100-563-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2328-382-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/1960-307-0x0000000002300000-0x0000000002654000-memory.dmp	xmrig
behavioral1/memory/1876-239-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4c3-187.dat	xmrig
behavioral1/files/0x000500000001a4c5-193.dat	xmrig
behavioral1/files/0x000500000001a4c1-183.dat	xmrig
behavioral1/files/0x000500000001a4bf-178.dat	xmrig
behavioral1/files/0x000500000001a4bb-167.dat	xmrig
behavioral1/files/0x000500000001a4bd-173.dat	xmrig
behavioral1/files/0x000500000001a4b9-163.dat	xmrig
behavioral1/files/0x000500000001a4b7-157.dat	xmrig
behavioral1/files/0x000500000001a4b5-153.dat	xmrig
behavioral1/files/0x000500000001a4b3-147.dat	xmrig
behavioral1/files/0x000500000001a4af-137.dat	xmrig
behavioral1/files/0x000500000001a4b1-143.dat	xmrig
behavioral1/files/0x000500000001a4a9-132.dat	xmrig
behavioral1/files/0x000500000001a49a-127.dat	xmrig
behavioral1/files/0x000500000001a499-123.dat	xmrig
behavioral1/files/0x000500000001a48b-112.dat	xmrig
behavioral1/files/0x000500000001a46f-107.dat	xmrig
behavioral1/memory/3016-102-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2616-101-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x000500000001a42d-100.dat	xmrig
behavioral1/memory/2780-94-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a427-93.dat	xmrig
behavioral1/memory/2336-86-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2328-80-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2808-79-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41d-78.dat	xmrig
behavioral1/memory/2616-63-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2696-62-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a359-61.dat	xmrig
behavioral1/memory/1960-59-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41b-69.dat	xmrig
behavioral1/files/0x00080000000194d2-48.dat	xmrig
behavioral1/files/0x000800000001933b-25.dat	xmrig
behavioral1/memory/2120-36-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/1960-34-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2432-33-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/1440-3204-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2120-3258-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1440	AZkHKAI.exe
2120	jUGWvJo.exe
2696	hArgkLI.exe
2432	VPlcyln.exe
2152	bqewzWr.exe
2808	IrbIuPF.exe
2336	HTzUbyX.exe
2780	tHfrIer.exe
2616	vGqFMLf.exe
1876	xDSYetg.exe
2328	paqOkdO.exe
1100	HzZCTqi.exe
1796	lsHzhNY.exe
3016	BlDdpWP.exe
2900	PGBUXZo.exe
2952	PpBVrdd.exe
2348	XkaovKn.exe
1808	ScoEOxM.exe
1188	bOIjjcV.exe
1872	BRXNepN.exe
1420	CLEAccd.exe
3068	ybQHZGk.exe
3012	fbsjsPW.exe
1292	tIVVCzQ.exe
2084	qmtbOnz.exe
2444	NVBBOUC.exe
1260	MnYSAUS.exe
404	bpEQBRH.exe
2784	wPtkisN.exe
324	rOrodRe.exe
1600	aRdaUFX.exe
1040	odSAmrV.exe
812	KQXFHrL.exe
1680	sXUJbAG.exe
2124	nizcMnM.exe
856	NzXyUPq.exe
1628	UbnRxsV.exe
2572	lyoiMIW.exe
1652	NQkoSoY.exe
2184	nuswKof.exe
1444	qsRWmeX.exe
2540	HlVnppW.exe
1772	AMuwzLM.exe
2136	gbxvGNI.exe
2332	DCnaDHD.exe
1544	KdTpRjx.exe
2580	ctpRBAp.exe
1084	vhKBOao.exe
1756	ALErskH.exe
2468	vavNifa.exe
796	aMbSssT.exe
1724	yJurRwe.exe
1700	ERTHovv.exe
2100	UwqCyfC.exe
2016	PNTpRdg.exe
1888	nSTwYzY.exe
2456	tMYjgXN.exe
3000	Ixihitd.exe
2600	MOJVrDR.exe
2264	AIoBllP.exe
2072	WEvxJsw.exe
1468	anZOcqg.exe
2928	bwwpvvB.exe
2972	CMeaOSa.exe

Loads dropped DLL 64 IoCs

pid	Process
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1960-0-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x000b0000000122cf-3.dat	upx
behavioral1/memory/1440-9-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x00070000000193e8-10.dat	upx
behavioral1/files/0x000600000001949e-14.dat	upx
behavioral1/files/0x00060000000194cd-35.dat	upx
behavioral1/memory/2152-40-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/files/0x00060000000194c4-41.dat	upx
behavioral1/memory/2808-42-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2696-28-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x0006000000019524-51.dat	upx
behavioral1/memory/2780-55-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2336-49-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2432-70-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/1876-71-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x000500000001a41e-82.dat	upx
behavioral1/memory/1100-87-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/1796-95-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x000500000001a48d-115.dat	upx
behavioral1/memory/1796-742-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/3016-881-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/1100-563-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2328-382-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/1876-239-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x000500000001a4c3-187.dat	upx
behavioral1/files/0x000500000001a4c5-193.dat	upx
behavioral1/files/0x000500000001a4c1-183.dat	upx
behavioral1/files/0x000500000001a4bf-178.dat	upx
behavioral1/files/0x000500000001a4bb-167.dat	upx
behavioral1/files/0x000500000001a4bd-173.dat	upx
behavioral1/files/0x000500000001a4b9-163.dat	upx
behavioral1/files/0x000500000001a4b7-157.dat	upx
behavioral1/files/0x000500000001a4b5-153.dat	upx
behavioral1/files/0x000500000001a4b3-147.dat	upx
behavioral1/files/0x000500000001a4af-137.dat	upx
behavioral1/files/0x000500000001a4b1-143.dat	upx
behavioral1/files/0x000500000001a4a9-132.dat	upx
behavioral1/files/0x000500000001a49a-127.dat	upx
behavioral1/files/0x000500000001a499-123.dat	upx
behavioral1/files/0x000500000001a48b-112.dat	upx
behavioral1/files/0x000500000001a46f-107.dat	upx
behavioral1/memory/3016-102-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2616-101-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x000500000001a42d-100.dat	upx
behavioral1/memory/2780-94-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x000500000001a427-93.dat	upx
behavioral1/memory/2336-86-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2328-80-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2808-79-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/files/0x000500000001a41d-78.dat	upx
behavioral1/memory/2616-63-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2696-62-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x000500000001a359-61.dat	upx
behavioral1/memory/1960-59-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/files/0x000500000001a41b-69.dat	upx
behavioral1/files/0x00080000000194d2-48.dat	upx
behavioral1/files/0x000800000001933b-25.dat	upx
behavioral1/memory/2120-36-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2432-33-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/1440-3204-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2120-3258-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2152-3291-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2432-3286-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2696-3299-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZcgSPPu.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lakKtmk.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mENgsnY.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cnNEyfy.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bwwpvvB.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uahKmIH.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WAAOmvm.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\prsEDoY.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AEYvVQt.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFaKBBm.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cohSNNO.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YWDLIvP.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwFzcia.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYJQtYK.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ljjNEtM.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HbLXKGA.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TjEZmrc.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IXFkDPH.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NMLueIe.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\liSatTX.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uBiOJAN.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxMYTfa.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEBkPYB.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYXiVfk.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpZFDyO.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nfbXHEM.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VppmHaL.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbwRCDY.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GmWXUkQ.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RZkhSEL.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YAdvRWo.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNqcPNx.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJEraqi.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHjPPXV.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jHQVxKr.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xnUYICD.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vyBHEGn.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CUFQpbn.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CxKOtIa.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCFjJQp.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OzBigdN.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gNzfoSl.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mYszySP.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISgFYnZ.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctpcyIZ.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ThzBWBA.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BQYAJst.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaKMuIQ.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OMeTAtO.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLOknYZ.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOtrMug.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FSQOcwr.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQpduud.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QKrZgDs.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ttCgOQc.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\feazTVY.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLwpqIL.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dKyehNf.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KwlInOp.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RNzRwPQ.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GygqmCf.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GgMSeDd.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EnlPCQA.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xMBhDvm.exe	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 1440	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1960 wrote to memory of 1440	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1960 wrote to memory of 1440	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1960 wrote to memory of 2120	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1960 wrote to memory of 2120	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1960 wrote to memory of 2120	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1960 wrote to memory of 2696	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1960 wrote to memory of 2696	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1960 wrote to memory of 2696	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1960 wrote to memory of 2432	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1960 wrote to memory of 2432	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1960 wrote to memory of 2432	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1960 wrote to memory of 2808	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1960 wrote to memory of 2808	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1960 wrote to memory of 2808	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1960 wrote to memory of 2152	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1960 wrote to memory of 2152	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1960 wrote to memory of 2152	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1960 wrote to memory of 2336	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1960 wrote to memory of 2336	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1960 wrote to memory of 2336	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1960 wrote to memory of 2780	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1960 wrote to memory of 2780	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1960 wrote to memory of 2780	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1960 wrote to memory of 2616	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1960 wrote to memory of 2616	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1960 wrote to memory of 2616	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1960 wrote to memory of 1876	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1960 wrote to memory of 1876	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1960 wrote to memory of 1876	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1960 wrote to memory of 2328	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1960 wrote to memory of 2328	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1960 wrote to memory of 2328	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1960 wrote to memory of 1100	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1960 wrote to memory of 1100	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1960 wrote to memory of 1100	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1960 wrote to memory of 1796	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1960 wrote to memory of 1796	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1960 wrote to memory of 1796	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1960 wrote to memory of 3016	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1960 wrote to memory of 3016	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1960 wrote to memory of 3016	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1960 wrote to memory of 2900	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1960 wrote to memory of 2900	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1960 wrote to memory of 2900	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1960 wrote to memory of 2952	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1960 wrote to memory of 2952	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1960 wrote to memory of 2952	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1960 wrote to memory of 2348	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1960 wrote to memory of 2348	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1960 wrote to memory of 2348	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1960 wrote to memory of 1808	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1960 wrote to memory of 1808	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1960 wrote to memory of 1808	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1960 wrote to memory of 1188	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1960 wrote to memory of 1188	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1960 wrote to memory of 1188	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1960 wrote to memory of 1872	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1960 wrote to memory of 1872	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1960 wrote to memory of 1872	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1960 wrote to memory of 1420	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1960 wrote to memory of 1420	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1960 wrote to memory of 1420	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1960 wrote to memory of 3068	1960	2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-13_24a8dbac557825bc013f5a4911275f33_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\System\AZkHKAI.exe
  C:\Windows\System\AZkHKAI.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\jUGWvJo.exe
  C:\Windows\System\jUGWvJo.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\hArgkLI.exe
  C:\Windows\System\hArgkLI.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\VPlcyln.exe
  C:\Windows\System\VPlcyln.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\IrbIuPF.exe
  C:\Windows\System\IrbIuPF.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\bqewzWr.exe
  C:\Windows\System\bqewzWr.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\HTzUbyX.exe
  C:\Windows\System\HTzUbyX.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\tHfrIer.exe
  C:\Windows\System\tHfrIer.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\vGqFMLf.exe
  C:\Windows\System\vGqFMLf.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\xDSYetg.exe
  C:\Windows\System\xDSYetg.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\paqOkdO.exe
  C:\Windows\System\paqOkdO.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\HzZCTqi.exe
  C:\Windows\System\HzZCTqi.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\lsHzhNY.exe
  C:\Windows\System\lsHzhNY.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\BlDdpWP.exe
  C:\Windows\System\BlDdpWP.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\PGBUXZo.exe
  C:\Windows\System\PGBUXZo.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\PpBVrdd.exe
  C:\Windows\System\PpBVrdd.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\XkaovKn.exe
  C:\Windows\System\XkaovKn.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\ScoEOxM.exe
  C:\Windows\System\ScoEOxM.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\bOIjjcV.exe
  C:\Windows\System\bOIjjcV.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\BRXNepN.exe
  C:\Windows\System\BRXNepN.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\CLEAccd.exe
  C:\Windows\System\CLEAccd.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\ybQHZGk.exe
  C:\Windows\System\ybQHZGk.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\fbsjsPW.exe
  C:\Windows\System\fbsjsPW.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\tIVVCzQ.exe
  C:\Windows\System\tIVVCzQ.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\qmtbOnz.exe
  C:\Windows\System\qmtbOnz.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\NVBBOUC.exe
  C:\Windows\System\NVBBOUC.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\MnYSAUS.exe
  C:\Windows\System\MnYSAUS.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\bpEQBRH.exe
  C:\Windows\System\bpEQBRH.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\wPtkisN.exe
  C:\Windows\System\wPtkisN.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\rOrodRe.exe
  C:\Windows\System\rOrodRe.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\aRdaUFX.exe
  C:\Windows\System\aRdaUFX.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\odSAmrV.exe
  C:\Windows\System\odSAmrV.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\KQXFHrL.exe
  C:\Windows\System\KQXFHrL.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\sXUJbAG.exe
  C:\Windows\System\sXUJbAG.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\nizcMnM.exe
  C:\Windows\System\nizcMnM.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\NzXyUPq.exe
  C:\Windows\System\NzXyUPq.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\UbnRxsV.exe
  C:\Windows\System\UbnRxsV.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\lyoiMIW.exe
  C:\Windows\System\lyoiMIW.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\NQkoSoY.exe
  C:\Windows\System\NQkoSoY.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\nuswKof.exe
  C:\Windows\System\nuswKof.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\qsRWmeX.exe
  C:\Windows\System\qsRWmeX.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\HlVnppW.exe
  C:\Windows\System\HlVnppW.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\AMuwzLM.exe
  C:\Windows\System\AMuwzLM.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\gbxvGNI.exe
  C:\Windows\System\gbxvGNI.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\DCnaDHD.exe
  C:\Windows\System\DCnaDHD.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\KdTpRjx.exe
  C:\Windows\System\KdTpRjx.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\ctpRBAp.exe
  C:\Windows\System\ctpRBAp.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\vhKBOao.exe
  C:\Windows\System\vhKBOao.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\ALErskH.exe
  C:\Windows\System\ALErskH.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\vavNifa.exe
  C:\Windows\System\vavNifa.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\aMbSssT.exe
  C:\Windows\System\aMbSssT.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\yJurRwe.exe
  C:\Windows\System\yJurRwe.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\ERTHovv.exe
  C:\Windows\System\ERTHovv.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\UwqCyfC.exe
  C:\Windows\System\UwqCyfC.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\PNTpRdg.exe
  C:\Windows\System\PNTpRdg.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\nSTwYzY.exe
  C:\Windows\System\nSTwYzY.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\tMYjgXN.exe
  C:\Windows\System\tMYjgXN.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\Ixihitd.exe
  C:\Windows\System\Ixihitd.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\MOJVrDR.exe
  C:\Windows\System\MOJVrDR.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\AIoBllP.exe
  C:\Windows\System\AIoBllP.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\WEvxJsw.exe
  C:\Windows\System\WEvxJsw.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\anZOcqg.exe
  C:\Windows\System\anZOcqg.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\bwwpvvB.exe
  C:\Windows\System\bwwpvvB.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\CMeaOSa.exe
  C:\Windows\System\CMeaOSa.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\RICeVNu.exe
  C:\Windows\System\RICeVNu.exe
  2⤵
  PID:1896
- C:\Windows\System\ieqGImF.exe
  C:\Windows\System\ieqGImF.exe
  2⤵
  PID:1060
- C:\Windows\System\mLTiJiu.exe
  C:\Windows\System\mLTiJiu.exe
  2⤵
  PID:1080
- C:\Windows\System\SoepzNi.exe
  C:\Windows\System\SoepzNi.exe
  2⤵
  PID:3052
- C:\Windows\System\NhILcaW.exe
  C:\Windows\System\NhILcaW.exe
  2⤵
  PID:2116
- C:\Windows\System\nLaiTWj.exe
  C:\Windows\System\nLaiTWj.exe
  2⤵
  PID:2080
- C:\Windows\System\jCFjJQp.exe
  C:\Windows\System\jCFjJQp.exe
  2⤵
  PID:592
- C:\Windows\System\QXrUMqe.exe
  C:\Windows\System\QXrUMqe.exe
  2⤵
  PID:264
- C:\Windows\System\ntBsiRd.exe
  C:\Windows\System\ntBsiRd.exe
  2⤵
  PID:2492
- C:\Windows\System\IhJdIVK.exe
  C:\Windows\System\IhJdIVK.exe
  2⤵
  PID:2148
- C:\Windows\System\TRokqXH.exe
  C:\Windows\System\TRokqXH.exe
  2⤵
  PID:316
- C:\Windows\System\drMXaqV.exe
  C:\Windows\System\drMXaqV.exe
  2⤵
  PID:2300
- C:\Windows\System\PcHuDrz.exe
  C:\Windows\System\PcHuDrz.exe
  2⤵
  PID:1376
- C:\Windows\System\MfMGztl.exe
  C:\Windows\System\MfMGztl.exe
  2⤵
  PID:2156
- C:\Windows\System\AkecvIo.exe
  C:\Windows\System\AkecvIo.exe
  2⤵
  PID:1144
- C:\Windows\System\JSgoHJi.exe
  C:\Windows\System\JSgoHJi.exe
  2⤵
  PID:2424
- C:\Windows\System\hdRTgoD.exe
  C:\Windows\System\hdRTgoD.exe
  2⤵
  PID:780
- C:\Windows\System\XzRPupP.exe
  C:\Windows\System\XzRPupP.exe
  2⤵
  PID:2512
- C:\Windows\System\QwRmkQD.exe
  C:\Windows\System\QwRmkQD.exe
  2⤵
  PID:348
- C:\Windows\System\iBrFDED.exe
  C:\Windows\System\iBrFDED.exe
  2⤵
  PID:1936
- C:\Windows\System\BhZxkhT.exe
  C:\Windows\System\BhZxkhT.exe
  2⤵
  PID:2428
- C:\Windows\System\AnOazPW.exe
  C:\Windows\System\AnOazPW.exe
  2⤵
  PID:2208
- C:\Windows\System\RZgUVes.exe
  C:\Windows\System\RZgUVes.exe
  2⤵
  PID:2036
- C:\Windows\System\yAmBBmV.exe
  C:\Windows\System\yAmBBmV.exe
  2⤵
  PID:2756
- C:\Windows\System\NRjnLif.exe
  C:\Windows\System\NRjnLif.exe
  2⤵
  PID:2848
- C:\Windows\System\vtzansU.exe
  C:\Windows\System\vtzansU.exe
  2⤵
  PID:2712
- C:\Windows\System\WDAkGKO.exe
  C:\Windows\System\WDAkGKO.exe
  2⤵
  PID:2648
- C:\Windows\System\EpKTvCp.exe
  C:\Windows\System\EpKTvCp.exe
  2⤵
  PID:3024
- C:\Windows\System\oAzWbwb.exe
  C:\Windows\System\oAzWbwb.exe
  2⤵
  PID:2964
- C:\Windows\System\hvaavTf.exe
  C:\Windows\System\hvaavTf.exe
  2⤵
  PID:2672
- C:\Windows\System\JdrkfJN.exe
  C:\Windows\System\JdrkfJN.exe
  2⤵
  PID:2356
- C:\Windows\System\EaqBkur.exe
  C:\Windows\System\EaqBkur.exe
  2⤵
  PID:1952
- C:\Windows\System\UdxDIMu.exe
  C:\Windows\System\UdxDIMu.exe
  2⤵
  PID:2584
- C:\Windows\System\allRchB.exe
  C:\Windows\System\allRchB.exe
  2⤵
  PID:444
- C:\Windows\System\iMRyErA.exe
  C:\Windows\System\iMRyErA.exe
  2⤵
  PID:1760
- C:\Windows\System\gicDsbu.exe
  C:\Windows\System\gicDsbu.exe
  2⤵
  PID:612
- C:\Windows\System\uiDOAyK.exe
  C:\Windows\System\uiDOAyK.exe
  2⤵
  PID:2244
- C:\Windows\System\LOVnzYb.exe
  C:\Windows\System\LOVnzYb.exe
  2⤵
  PID:2476
- C:\Windows\System\QgNIJai.exe
  C:\Windows\System\QgNIJai.exe
  2⤵
  PID:2548
- C:\Windows\System\ctpcyIZ.exe
  C:\Windows\System\ctpcyIZ.exe
  2⤵
  PID:1064
- C:\Windows\System\WhrqBFk.exe
  C:\Windows\System\WhrqBFk.exe
  2⤵
  PID:1752
- C:\Windows\System\bpXKNYV.exe
  C:\Windows\System\bpXKNYV.exe
  2⤵
  PID:2400
- C:\Windows\System\WRrZzDh.exe
  C:\Windows\System\WRrZzDh.exe
  2⤵
  PID:2360
- C:\Windows\System\KUfZyFf.exe
  C:\Windows\System\KUfZyFf.exe
  2⤵
  PID:1728
- C:\Windows\System\LWwwVgQ.exe
  C:\Windows\System\LWwwVgQ.exe
  2⤵
  PID:2936
- C:\Windows\System\NjWPYwq.exe
  C:\Windows\System\NjWPYwq.exe
  2⤵
  PID:1244
- C:\Windows\System\PFWJJjy.exe
  C:\Windows\System\PFWJJjy.exe
  2⤵
  PID:3092
- C:\Windows\System\eAcyoYK.exe
  C:\Windows\System\eAcyoYK.exe
  2⤵
  PID:3112
- C:\Windows\System\RKUlbKs.exe
  C:\Windows\System\RKUlbKs.exe
  2⤵
  PID:3132
- C:\Windows\System\TBWkyLr.exe
  C:\Windows\System\TBWkyLr.exe
  2⤵
  PID:3152
- C:\Windows\System\mdhZVFX.exe
  C:\Windows\System\mdhZVFX.exe
  2⤵
  PID:3172
- C:\Windows\System\ZsWmxFG.exe
  C:\Windows\System\ZsWmxFG.exe
  2⤵
  PID:3192
- C:\Windows\System\jlIiyzZ.exe
  C:\Windows\System\jlIiyzZ.exe
  2⤵
  PID:3212
- C:\Windows\System\QiYHDks.exe
  C:\Windows\System\QiYHDks.exe
  2⤵
  PID:3232
- C:\Windows\System\xviygdF.exe
  C:\Windows\System\xviygdF.exe
  2⤵
  PID:3252
- C:\Windows\System\DmuYbGg.exe
  C:\Windows\System\DmuYbGg.exe
  2⤵
  PID:3272
- C:\Windows\System\IfQFXwp.exe
  C:\Windows\System\IfQFXwp.exe
  2⤵
  PID:3292
- C:\Windows\System\DrAlFEH.exe
  C:\Windows\System\DrAlFEH.exe
  2⤵
  PID:3312
- C:\Windows\System\yVdSfci.exe
  C:\Windows\System\yVdSfci.exe
  2⤵
  PID:3332
- C:\Windows\System\lQAJMQl.exe
  C:\Windows\System\lQAJMQl.exe
  2⤵
  PID:3356
- C:\Windows\System\xBznmdE.exe
  C:\Windows\System\xBznmdE.exe
  2⤵
  PID:3376
- C:\Windows\System\MUOBPdl.exe
  C:\Windows\System\MUOBPdl.exe
  2⤵
  PID:3392
- C:\Windows\System\YXfOMHd.exe
  C:\Windows\System\YXfOMHd.exe
  2⤵
  PID:3416
- C:\Windows\System\GCFNeDg.exe
  C:\Windows\System\GCFNeDg.exe
  2⤵
  PID:3436
- C:\Windows\System\xwYfBKD.exe
  C:\Windows\System\xwYfBKD.exe
  2⤵
  PID:3460
- C:\Windows\System\zjkaBfD.exe
  C:\Windows\System\zjkaBfD.exe
  2⤵
  PID:3480
- C:\Windows\System\UaDQRSo.exe
  C:\Windows\System\UaDQRSo.exe
  2⤵
  PID:3500
- C:\Windows\System\uNrMaUH.exe
  C:\Windows\System\uNrMaUH.exe
  2⤵
  PID:3520
- C:\Windows\System\zKzCVfL.exe
  C:\Windows\System\zKzCVfL.exe
  2⤵
  PID:3540
- C:\Windows\System\wiTKwSp.exe
  C:\Windows\System\wiTKwSp.exe
  2⤵
  PID:3556
- C:\Windows\System\aeLUZkX.exe
  C:\Windows\System\aeLUZkX.exe
  2⤵
  PID:3580
- C:\Windows\System\cZpUAin.exe
  C:\Windows\System\cZpUAin.exe
  2⤵
  PID:3600
- C:\Windows\System\nClgeSV.exe
  C:\Windows\System\nClgeSV.exe
  2⤵
  PID:3620
- C:\Windows\System\dmnDpSG.exe
  C:\Windows\System\dmnDpSG.exe
  2⤵
  PID:3640
- C:\Windows\System\mLpfUSs.exe
  C:\Windows\System\mLpfUSs.exe
  2⤵
  PID:3660
- C:\Windows\System\HhoGWMw.exe
  C:\Windows\System\HhoGWMw.exe
  2⤵
  PID:3676
- C:\Windows\System\RoWRJBm.exe
  C:\Windows\System\RoWRJBm.exe
  2⤵
  PID:3700
- C:\Windows\System\LxehMEi.exe
  C:\Windows\System\LxehMEi.exe
  2⤵
  PID:3720
- C:\Windows\System\kOszJbD.exe
  C:\Windows\System\kOszJbD.exe
  2⤵
  PID:3740
- C:\Windows\System\FOFgrrL.exe
  C:\Windows\System\FOFgrrL.exe
  2⤵
  PID:3760
- C:\Windows\System\HvphSdR.exe
  C:\Windows\System\HvphSdR.exe
  2⤵
  PID:3780
- C:\Windows\System\fQKKNxT.exe
  C:\Windows\System\fQKKNxT.exe
  2⤵
  PID:3800
- C:\Windows\System\ftMBBVa.exe
  C:\Windows\System\ftMBBVa.exe
  2⤵
  PID:3820
- C:\Windows\System\SrsDnJg.exe
  C:\Windows\System\SrsDnJg.exe
  2⤵
  PID:3840
- C:\Windows\System\BaRinMB.exe
  C:\Windows\System\BaRinMB.exe
  2⤵
  PID:3860
- C:\Windows\System\WAAOmvm.exe
  C:\Windows\System\WAAOmvm.exe
  2⤵
  PID:3880
- C:\Windows\System\yMdixRI.exe
  C:\Windows\System\yMdixRI.exe
  2⤵
  PID:3900
- C:\Windows\System\ZUywLZw.exe
  C:\Windows\System\ZUywLZw.exe
  2⤵
  PID:3920
- C:\Windows\System\wiBtjpm.exe
  C:\Windows\System\wiBtjpm.exe
  2⤵
  PID:3940
- C:\Windows\System\HIoAQBf.exe
  C:\Windows\System\HIoAQBf.exe
  2⤵
  PID:3960
- C:\Windows\System\NrobXRX.exe
  C:\Windows\System\NrobXRX.exe
  2⤵
  PID:3984
- C:\Windows\System\ROkfnyS.exe
  C:\Windows\System\ROkfnyS.exe
  2⤵
  PID:4000
- C:\Windows\System\lxswMyA.exe
  C:\Windows\System\lxswMyA.exe
  2⤵
  PID:4024
- C:\Windows\System\rxqnDLy.exe
  C:\Windows\System\rxqnDLy.exe
  2⤵
  PID:4044
- C:\Windows\System\MKifLUW.exe
  C:\Windows\System\MKifLUW.exe
  2⤵
  PID:4064
- C:\Windows\System\puEfdZO.exe
  C:\Windows\System\puEfdZO.exe
  2⤵
  PID:4084
- C:\Windows\System\GIQTHUY.exe
  C:\Windows\System\GIQTHUY.exe
  2⤵
  PID:2948
- C:\Windows\System\NRIBcrZ.exe
  C:\Windows\System\NRIBcrZ.exe
  2⤵
  PID:3060
- C:\Windows\System\LiCMgbl.exe
  C:\Windows\System\LiCMgbl.exe
  2⤵
  PID:560
- C:\Windows\System\KCiWplB.exe
  C:\Windows\System\KCiWplB.exe
  2⤵
  PID:652
- C:\Windows\System\Vxarzxg.exe
  C:\Windows\System\Vxarzxg.exe
  2⤵
  PID:1736
- C:\Windows\System\BjSWDPz.exe
  C:\Windows\System\BjSWDPz.exe
  2⤵
  PID:1900
- C:\Windows\System\bghSWET.exe
  C:\Windows\System\bghSWET.exe
  2⤵
  PID:2404
- C:\Windows\System\gfVxBJs.exe
  C:\Windows\System\gfVxBJs.exe
  2⤵
  PID:1704
- C:\Windows\System\WKtESnT.exe
  C:\Windows\System\WKtESnT.exe
  2⤵
  PID:2788
- C:\Windows\System\totyLrx.exe
  C:\Windows\System\totyLrx.exe
  2⤵
  PID:844
- C:\Windows\System\nYXiqlD.exe
  C:\Windows\System\nYXiqlD.exe
  2⤵
  PID:1268
- C:\Windows\System\AvhBDNI.exe
  C:\Windows\System\AvhBDNI.exe
  2⤵
  PID:3108
- C:\Windows\System\dSRXLny.exe
  C:\Windows\System\dSRXLny.exe
  2⤵
  PID:3168
- C:\Windows\System\AyCvpxj.exe
  C:\Windows\System\AyCvpxj.exe
  2⤵
  PID:3208
- C:\Windows\System\hrRTNJP.exe
  C:\Windows\System\hrRTNJP.exe
  2⤵
  PID:3240
- C:\Windows\System\ylYoFAw.exe
  C:\Windows\System\ylYoFAw.exe
  2⤵
  PID:3224
- C:\Windows\System\JDQKgvo.exe
  C:\Windows\System\JDQKgvo.exe
  2⤵
  PID:3268
- C:\Windows\System\dasMRUV.exe
  C:\Windows\System\dasMRUV.exe
  2⤵
  PID:3308
- C:\Windows\System\fmmxyjI.exe
  C:\Windows\System\fmmxyjI.exe
  2⤵
  PID:3368
- C:\Windows\System\DBHTAzQ.exe
  C:\Windows\System\DBHTAzQ.exe
  2⤵
  PID:3404
- C:\Windows\System\YXTVLAA.exe
  C:\Windows\System\YXTVLAA.exe
  2⤵
  PID:3444
- C:\Windows\System\oSevNUu.exe
  C:\Windows\System\oSevNUu.exe
  2⤵
  PID:3428
- C:\Windows\System\OzBigdN.exe
  C:\Windows\System\OzBigdN.exe
  2⤵
  PID:3496
- C:\Windows\System\kFXblSB.exe
  C:\Windows\System\kFXblSB.exe
  2⤵
  PID:3508
- C:\Windows\System\fAsQTUz.exe
  C:\Windows\System\fAsQTUz.exe
  2⤵
  PID:3548
- C:\Windows\System\oPYYgDy.exe
  C:\Windows\System\oPYYgDy.exe
  2⤵
  PID:3588
- C:\Windows\System\uagTjRP.exe
  C:\Windows\System\uagTjRP.exe
  2⤵
  PID:3628
- C:\Windows\System\CWJyMpt.exe
  C:\Windows\System\CWJyMpt.exe
  2⤵
  PID:3684
- C:\Windows\System\taNFTfU.exe
  C:\Windows\System\taNFTfU.exe
  2⤵
  PID:3692
- C:\Windows\System\iTIrzMY.exe
  C:\Windows\System\iTIrzMY.exe
  2⤵
  PID:3712
- C:\Windows\System\giqscRb.exe
  C:\Windows\System\giqscRb.exe
  2⤵
  PID:3752
- C:\Windows\System\EQaVBRc.exe
  C:\Windows\System\EQaVBRc.exe
  2⤵
  PID:3816
- C:\Windows\System\dNbWmKG.exe
  C:\Windows\System\dNbWmKG.exe
  2⤵
  PID:3796
- C:\Windows\System\BjJySBN.exe
  C:\Windows\System\BjJySBN.exe
  2⤵
  PID:3832
- C:\Windows\System\IHtWNLX.exe
  C:\Windows\System\IHtWNLX.exe
  2⤵
  PID:3892
- C:\Windows\System\TkBeGOj.exe
  C:\Windows\System\TkBeGOj.exe
  2⤵
  PID:3936
- C:\Windows\System\TDkxaIR.exe
  C:\Windows\System\TDkxaIR.exe
  2⤵
  PID:3980
- C:\Windows\System\fehBTpu.exe
  C:\Windows\System\fehBTpu.exe
  2⤵
  PID:4008
- C:\Windows\System\sLfnDnP.exe
  C:\Windows\System\sLfnDnP.exe
  2⤵
  PID:3996
- C:\Windows\System\ujaNXgY.exe
  C:\Windows\System\ujaNXgY.exe
  2⤵
  PID:4040
- C:\Windows\System\OMWTMZI.exe
  C:\Windows\System\OMWTMZI.exe
  2⤵
  PID:4092
- C:\Windows\System\rigoNvm.exe
  C:\Windows\System\rigoNvm.exe
  2⤵
  PID:2192
- C:\Windows\System\zgAmGqb.exe
  C:\Windows\System\zgAmGqb.exe
  2⤵
  PID:2140
- C:\Windows\System\lEhfgyx.exe
  C:\Windows\System\lEhfgyx.exe
  2⤵
  PID:1264
- C:\Windows\System\ujUUzkz.exe
  C:\Windows\System\ujUUzkz.exe
  2⤵
  PID:2248
- C:\Windows\System\WxYqFKB.exe
  C:\Windows\System\WxYqFKB.exe
  2⤵
  PID:1584
- C:\Windows\System\luDctoh.exe
  C:\Windows\System\luDctoh.exe
  2⤵
  PID:768
- C:\Windows\System\etpLSFy.exe
  C:\Windows\System\etpLSFy.exe
  2⤵
  PID:2004
- C:\Windows\System\VepsGeq.exe
  C:\Windows\System\VepsGeq.exe
  2⤵
  PID:3220
- C:\Windows\System\fNsRRff.exe
  C:\Windows\System\fNsRRff.exe
  2⤵
  PID:3244
- C:\Windows\System\PlyYKwF.exe
  C:\Windows\System\PlyYKwF.exe
  2⤵
  PID:2896
- C:\Windows\System\PGhHgeb.exe
  C:\Windows\System\PGhHgeb.exe
  2⤵
  PID:3300
- C:\Windows\System\SKjPeoB.exe
  C:\Windows\System\SKjPeoB.exe
  2⤵
  PID:3352
- C:\Windows\System\QKrZgDs.exe
  C:\Windows\System\QKrZgDs.exe
  2⤵
  PID:3476
- C:\Windows\System\UoaOieP.exe
  C:\Windows\System\UoaOieP.exe
  2⤵
  PID:3512
- C:\Windows\System\tSRoZGP.exe
  C:\Windows\System\tSRoZGP.exe
  2⤵
  PID:3596
- C:\Windows\System\qvzmLrA.exe
  C:\Windows\System\qvzmLrA.exe
  2⤵
  PID:3616
- C:\Windows\System\xOLyVDu.exe
  C:\Windows\System\xOLyVDu.exe
  2⤵
  PID:3668
- C:\Windows\System\NSRStdV.exe
  C:\Windows\System\NSRStdV.exe
  2⤵
  PID:3456
- C:\Windows\System\tcTKcNt.exe
  C:\Windows\System\tcTKcNt.exe
  2⤵
  PID:2188
- C:\Windows\System\EgUKhZH.exe
  C:\Windows\System\EgUKhZH.exe
  2⤵
  PID:3896
- C:\Windows\System\EgKCMzE.exe
  C:\Windows\System\EgKCMzE.exe
  2⤵
  PID:3828
- C:\Windows\System\mAmZBGh.exe
  C:\Windows\System\mAmZBGh.exe
  2⤵
  PID:4020
- C:\Windows\System\YIQsyGp.exe
  C:\Windows\System\YIQsyGp.exe
  2⤵
  PID:3956
- C:\Windows\System\ksTRHHZ.exe
  C:\Windows\System\ksTRHHZ.exe
  2⤵
  PID:4060
- C:\Windows\System\vZLCdeq.exe
  C:\Windows\System\vZLCdeq.exe
  2⤵
  PID:2000
- C:\Windows\System\CXRyLVW.exe
  C:\Windows\System\CXRyLVW.exe
  2⤵
  PID:832
- C:\Windows\System\ofgGVGC.exe
  C:\Windows\System\ofgGVGC.exe
  2⤵
  PID:2324
- C:\Windows\System\iHvNqJW.exe
  C:\Windows\System\iHvNqJW.exe
  2⤵
  PID:3140
- C:\Windows\System\PyYHwax.exe
  C:\Windows\System\PyYHwax.exe
  2⤵
  PID:3148
- C:\Windows\System\taXSlxf.exe
  C:\Windows\System\taXSlxf.exe
  2⤵
  PID:3260
- C:\Windows\System\QwfSErT.exe
  C:\Windows\System\QwfSErT.exe
  2⤵
  PID:3364
- C:\Windows\System\BFEgEZi.exe
  C:\Windows\System\BFEgEZi.exe
  2⤵
  PID:3472
- C:\Windows\System\smIKWTt.exe
  C:\Windows\System\smIKWTt.exe
  2⤵
  PID:2944
- C:\Windows\System\RDNDmUG.exe
  C:\Windows\System\RDNDmUG.exe
  2⤵
  PID:2752
- C:\Windows\System\lSkTKVh.exe
  C:\Windows\System\lSkTKVh.exe
  2⤵
  PID:3748
- C:\Windows\System\IEcipDN.exe
  C:\Windows\System\IEcipDN.exe
  2⤵
  PID:3672
- C:\Windows\System\GybNEIO.exe
  C:\Windows\System\GybNEIO.exe
  2⤵
  PID:3848
- C:\Windows\System\LJvHAWK.exe
  C:\Windows\System\LJvHAWK.exe
  2⤵
  PID:3928
- C:\Windows\System\ZGIFqZW.exe
  C:\Windows\System\ZGIFqZW.exe
  2⤵
  PID:3992
- C:\Windows\System\oxMYTfa.exe
  C:\Windows\System\oxMYTfa.exe
  2⤵
  PID:888
- C:\Windows\System\FnYfguw.exe
  C:\Windows\System\FnYfguw.exe
  2⤵
  PID:2104
- C:\Windows\System\GWxAiql.exe
  C:\Windows\System\GWxAiql.exe
  2⤵
  PID:4108
- C:\Windows\System\ZmJOjDZ.exe
  C:\Windows\System\ZmJOjDZ.exe
  2⤵
  PID:4128
- C:\Windows\System\mZNIYCr.exe
  C:\Windows\System\mZNIYCr.exe
  2⤵
  PID:4148
- C:\Windows\System\bKJtBAa.exe
  C:\Windows\System\bKJtBAa.exe
  2⤵
  PID:4164
- C:\Windows\System\LAZTGgT.exe
  C:\Windows\System\LAZTGgT.exe
  2⤵
  PID:4188
- C:\Windows\System\MrXDfwS.exe
  C:\Windows\System\MrXDfwS.exe
  2⤵
  PID:4208
- C:\Windows\System\leFSpkg.exe
  C:\Windows\System\leFSpkg.exe
  2⤵
  PID:4228
- C:\Windows\System\vzCkCkK.exe
  C:\Windows\System\vzCkCkK.exe
  2⤵
  PID:4248
- C:\Windows\System\XqZAOwd.exe
  C:\Windows\System\XqZAOwd.exe
  2⤵
  PID:4268
- C:\Windows\System\ylGuiSY.exe
  C:\Windows\System\ylGuiSY.exe
  2⤵
  PID:4288
- C:\Windows\System\PZqrDmF.exe
  C:\Windows\System\PZqrDmF.exe
  2⤵
  PID:4308
- C:\Windows\System\DGvHVdh.exe
  C:\Windows\System\DGvHVdh.exe
  2⤵
  PID:4328
- C:\Windows\System\gbiBoPU.exe
  C:\Windows\System\gbiBoPU.exe
  2⤵
  PID:4348
- C:\Windows\System\YsaQIMn.exe
  C:\Windows\System\YsaQIMn.exe
  2⤵
  PID:4368
- C:\Windows\System\MDTXhJs.exe
  C:\Windows\System\MDTXhJs.exe
  2⤵
  PID:4388
- C:\Windows\System\xOhbeRI.exe
  C:\Windows\System\xOhbeRI.exe
  2⤵
  PID:4408
- C:\Windows\System\JEytodH.exe
  C:\Windows\System\JEytodH.exe
  2⤵
  PID:4428
- C:\Windows\System\frrelLa.exe
  C:\Windows\System\frrelLa.exe
  2⤵
  PID:4448
- C:\Windows\System\paJprvA.exe
  C:\Windows\System\paJprvA.exe
  2⤵
  PID:4472
- C:\Windows\System\znjVLzy.exe
  C:\Windows\System\znjVLzy.exe
  2⤵
  PID:4496
- C:\Windows\System\KJmUSGC.exe
  C:\Windows\System\KJmUSGC.exe
  2⤵
  PID:4516
- C:\Windows\System\GzqSeSx.exe
  C:\Windows\System\GzqSeSx.exe
  2⤵
  PID:4536
- C:\Windows\System\NHXNnAN.exe
  C:\Windows\System\NHXNnAN.exe
  2⤵
  PID:4556
- C:\Windows\System\zqrSROO.exe
  C:\Windows\System\zqrSROO.exe
  2⤵
  PID:4576
- C:\Windows\System\OsihPni.exe
  C:\Windows\System\OsihPni.exe
  2⤵
  PID:4596
- C:\Windows\System\GUzCQSU.exe
  C:\Windows\System\GUzCQSU.exe
  2⤵
  PID:4616
- C:\Windows\System\UBdLoNg.exe
  C:\Windows\System\UBdLoNg.exe
  2⤵
  PID:4636
- C:\Windows\System\YKLBFzr.exe
  C:\Windows\System\YKLBFzr.exe
  2⤵
  PID:4656
- C:\Windows\System\gIqzmpW.exe
  C:\Windows\System\gIqzmpW.exe
  2⤵
  PID:4676
- C:\Windows\System\tckDgVd.exe
  C:\Windows\System\tckDgVd.exe
  2⤵
  PID:4696
- C:\Windows\System\mvaiYxR.exe
  C:\Windows\System\mvaiYxR.exe
  2⤵
  PID:4716
- C:\Windows\System\iVmVjis.exe
  C:\Windows\System\iVmVjis.exe
  2⤵
  PID:4732
- C:\Windows\System\gAWQqrN.exe
  C:\Windows\System\gAWQqrN.exe
  2⤵
  PID:4756
- C:\Windows\System\zOSGuWJ.exe
  C:\Windows\System\zOSGuWJ.exe
  2⤵
  PID:4776
- C:\Windows\System\ZJQsYYo.exe
  C:\Windows\System\ZJQsYYo.exe
  2⤵
  PID:4796
- C:\Windows\System\WuWqHyq.exe
  C:\Windows\System\WuWqHyq.exe
  2⤵
  PID:4816
- C:\Windows\System\lmwBZmM.exe
  C:\Windows\System\lmwBZmM.exe
  2⤵
  PID:4836
- C:\Windows\System\vfyQLcD.exe
  C:\Windows\System\vfyQLcD.exe
  2⤵
  PID:4856
- C:\Windows\System\kBTwufI.exe
  C:\Windows\System\kBTwufI.exe
  2⤵
  PID:4876
- C:\Windows\System\FXtQliJ.exe
  C:\Windows\System\FXtQliJ.exe
  2⤵
  PID:4896
- C:\Windows\System\TwelqTL.exe
  C:\Windows\System\TwelqTL.exe
  2⤵
  PID:4916
- C:\Windows\System\dwzDLEM.exe
  C:\Windows\System\dwzDLEM.exe
  2⤵
  PID:4932
- C:\Windows\System\BzWcNgW.exe
  C:\Windows\System\BzWcNgW.exe
  2⤵
  PID:4956
- C:\Windows\System\GofXDeF.exe
  C:\Windows\System\GofXDeF.exe
  2⤵
  PID:4976
- C:\Windows\System\nMaopET.exe
  C:\Windows\System\nMaopET.exe
  2⤵
  PID:4996
- C:\Windows\System\cDYWzsV.exe
  C:\Windows\System\cDYWzsV.exe
  2⤵
  PID:5016
- C:\Windows\System\xwPtxqo.exe
  C:\Windows\System\xwPtxqo.exe
  2⤵
  PID:5036
- C:\Windows\System\FEIWYGf.exe
  C:\Windows\System\FEIWYGf.exe
  2⤵
  PID:5052
- C:\Windows\System\iczVLcw.exe
  C:\Windows\System\iczVLcw.exe
  2⤵
  PID:5076
- C:\Windows\System\yFHZKze.exe
  C:\Windows\System\yFHZKze.exe
  2⤵
  PID:5096
- C:\Windows\System\oEDOBaZ.exe
  C:\Windows\System\oEDOBaZ.exe
  2⤵
  PID:5116
- C:\Windows\System\gJjmUbm.exe
  C:\Windows\System\gJjmUbm.exe
  2⤵
  PID:2344
- C:\Windows\System\vtFURRV.exe
  C:\Windows\System\vtFURRV.exe
  2⤵
  PID:3324
- C:\Windows\System\bQUGfCH.exe
  C:\Windows\System\bQUGfCH.exe
  2⤵
  PID:3160
- C:\Windows\System\UozCYpy.exe
  C:\Windows\System\UozCYpy.exe
  2⤵
  PID:3772
- C:\Windows\System\FjPRoFS.exe
  C:\Windows\System\FjPRoFS.exe
  2⤵
  PID:3424
- C:\Windows\System\gByMNrx.exe
  C:\Windows\System\gByMNrx.exe
  2⤵
  PID:3912
- C:\Windows\System\eDAsqLL.exe
  C:\Windows\System\eDAsqLL.exe
  2⤵
  PID:3656
- C:\Windows\System\tKWJeQg.exe
  C:\Windows\System\tKWJeQg.exe
  2⤵
  PID:3968
- C:\Windows\System\sUICgTr.exe
  C:\Windows\System\sUICgTr.exe
  2⤵
  PID:3044
- C:\Windows\System\RNDNEuw.exe
  C:\Windows\System\RNDNEuw.exe
  2⤵
  PID:4120
- C:\Windows\System\xqOvCnt.exe
  C:\Windows\System\xqOvCnt.exe
  2⤵
  PID:4184
- C:\Windows\System\nsSBISH.exe
  C:\Windows\System\nsSBISH.exe
  2⤵
  PID:4216
- C:\Windows\System\GienXej.exe
  C:\Windows\System\GienXej.exe
  2⤵
  PID:4224
- C:\Windows\System\KRGjemb.exe
  C:\Windows\System\KRGjemb.exe
  2⤵
  PID:4264
- C:\Windows\System\DNHnVWw.exe
  C:\Windows\System\DNHnVWw.exe
  2⤵
  PID:4296
- C:\Windows\System\OhxIMqD.exe
  C:\Windows\System\OhxIMqD.exe
  2⤵
  PID:4276
- C:\Windows\System\TwhNryQ.exe
  C:\Windows\System\TwhNryQ.exe
  2⤵
  PID:4316
- C:\Windows\System\USFLCdk.exe
  C:\Windows\System\USFLCdk.exe
  2⤵
  PID:4380
- C:\Windows\System\gMGjBOQ.exe
  C:\Windows\System\gMGjBOQ.exe
  2⤵
  PID:4404
- C:\Windows\System\HJLNgSn.exe
  C:\Windows\System\HJLNgSn.exe
  2⤵
  PID:4464
- C:\Windows\System\rKHQYiq.exe
  C:\Windows\System\rKHQYiq.exe
  2⤵
  PID:4504
- C:\Windows\System\mGtWNYX.exe
  C:\Windows\System\mGtWNYX.exe
  2⤵
  PID:4508
- C:\Windows\System\SdIIKqR.exe
  C:\Windows\System\SdIIKqR.exe
  2⤵
  PID:4544
- C:\Windows\System\KLVxjrW.exe
  C:\Windows\System\KLVxjrW.exe
  2⤵
  PID:4572
- C:\Windows\System\wXChZFF.exe
  C:\Windows\System\wXChZFF.exe
  2⤵
  PID:4632
- C:\Windows\System\cdHvTon.exe
  C:\Windows\System\cdHvTon.exe
  2⤵
  PID:4664
- C:\Windows\System\twtMGJU.exe
  C:\Windows\System\twtMGJU.exe
  2⤵
  PID:4704
- C:\Windows\System\fbYWmLB.exe
  C:\Windows\System\fbYWmLB.exe
  2⤵
  PID:4688
- C:\Windows\System\rVPPxSL.exe
  C:\Windows\System\rVPPxSL.exe
  2⤵
  PID:4752
- C:\Windows\System\UTJDjNP.exe
  C:\Windows\System\UTJDjNP.exe
  2⤵
  PID:4788
- C:\Windows\System\aQfogbX.exe
  C:\Windows\System\aQfogbX.exe
  2⤵
  PID:4828
- C:\Windows\System\AQcUryz.exe
  C:\Windows\System\AQcUryz.exe
  2⤵
  PID:4844
- C:\Windows\System\SdanBoM.exe
  C:\Windows\System\SdanBoM.exe
  2⤵
  PID:4884
- C:\Windows\System\gQfHbIs.exe
  C:\Windows\System\gQfHbIs.exe
  2⤵
  PID:4892
- C:\Windows\System\HjYnAKz.exe
  C:\Windows\System\HjYnAKz.exe
  2⤵
  PID:4944
- C:\Windows\System\MgxkkzZ.exe
  C:\Windows\System\MgxkkzZ.exe
  2⤵
  PID:4992
- C:\Windows\System\xUhwRGT.exe
  C:\Windows\System\xUhwRGT.exe
  2⤵
  PID:5004
- C:\Windows\System\DYWdIRR.exe
  C:\Windows\System\DYWdIRR.exe
  2⤵
  PID:5008
- C:\Windows\System\HpxTNyy.exe
  C:\Windows\System\HpxTNyy.exe
  2⤵
  PID:5068
- C:\Windows\System\YqMWBSx.exe
  C:\Windows\System\YqMWBSx.exe
  2⤵
  PID:5108
- C:\Windows\System\iYuXaUA.exe
  C:\Windows\System\iYuXaUA.exe
  2⤵
  PID:3180
- C:\Windows\System\gyCwldF.exe
  C:\Windows\System\gyCwldF.exe
  2⤵
  PID:3532
- C:\Windows\System\yVBenZY.exe
  C:\Windows\System\yVBenZY.exe
  2⤵
  PID:3536
- C:\Windows\System\LtftrcL.exe
  C:\Windows\System\LtftrcL.exe
  2⤵
  PID:3788
- C:\Windows\System\GNCtGKx.exe
  C:\Windows\System\GNCtGKx.exe
  2⤵
  PID:3952
- C:\Windows\System\ErVnesJ.exe
  C:\Windows\System\ErVnesJ.exe
  2⤵
  PID:4160
- C:\Windows\System\iLpyClO.exe
  C:\Windows\System\iLpyClO.exe
  2⤵
  PID:4140
- C:\Windows\System\SrUCDal.exe
  C:\Windows\System\SrUCDal.exe
  2⤵
  PID:4256
- C:\Windows\System\bCGlbQa.exe
  C:\Windows\System\bCGlbQa.exe
  2⤵
  PID:4304
- C:\Windows\System\RtTOBih.exe
  C:\Windows\System\RtTOBih.exe
  2⤵
  PID:4240
- C:\Windows\System\bECQlPH.exe
  C:\Windows\System\bECQlPH.exe
  2⤵
  PID:4356
- C:\Windows\System\CpqBaTf.exe
  C:\Windows\System\CpqBaTf.exe
  2⤵
  PID:4416
- C:\Windows\System\OneNNne.exe
  C:\Windows\System\OneNNne.exe
  2⤵
  PID:4484
- C:\Windows\System\rhZxrNx.exe
  C:\Windows\System\rhZxrNx.exe
  2⤵
  PID:4592
- C:\Windows\System\hkDmsdU.exe
  C:\Windows\System\hkDmsdU.exe
  2⤵
  PID:4644
- C:\Windows\System\XNTqtZa.exe
  C:\Windows\System\XNTqtZa.exe
  2⤵
  PID:4624
- C:\Windows\System\qOkWYsN.exe
  C:\Windows\System\qOkWYsN.exe
  2⤵
  PID:4764
- C:\Windows\System\FMbKylI.exe
  C:\Windows\System\FMbKylI.exe
  2⤵
  PID:2880
- C:\Windows\System\LAWQrzq.exe
  C:\Windows\System\LAWQrzq.exe
  2⤵
  PID:4864
- C:\Windows\System\GKAPdDi.exe
  C:\Windows\System\GKAPdDi.exe
  2⤵
  PID:4848
- C:\Windows\System\KuPXInI.exe
  C:\Windows\System\KuPXInI.exe
  2⤵
  PID:4912
- C:\Windows\System\jbwTqUr.exe
  C:\Windows\System\jbwTqUr.exe
  2⤵
  PID:4940
- C:\Windows\System\fQrWETw.exe
  C:\Windows\System\fQrWETw.exe
  2⤵
  PID:5012
- C:\Windows\System\MMlbzAJ.exe
  C:\Windows\System\MMlbzAJ.exe
  2⤵
  PID:4972
- C:\Windows\System\BmSYdQK.exe
  C:\Windows\System\BmSYdQK.exe
  2⤵
  PID:5072
- C:\Windows\System\ZYUoWhy.exe
  C:\Windows\System\ZYUoWhy.exe
  2⤵
  PID:328
- C:\Windows\System\bYnMSif.exe
  C:\Windows\System\bYnMSif.exe
  2⤵
  PID:3320
- C:\Windows\System\SRHWaZe.exe
  C:\Windows\System\SRHWaZe.exe
  2⤵
  PID:3612
- C:\Windows\System\zfgBhbL.exe
  C:\Windows\System\zfgBhbL.exe
  2⤵
  PID:2812
- C:\Windows\System\laqKHwd.exe
  C:\Windows\System\laqKHwd.exe
  2⤵
  PID:4080
- C:\Windows\System\bIEOAwx.exe
  C:\Windows\System\bIEOAwx.exe
  2⤵
  PID:4196
- C:\Windows\System\MyKJTnE.exe
  C:\Windows\System\MyKJTnE.exe
  2⤵
  PID:4420
- C:\Windows\System\eThgmFr.exe
  C:\Windows\System\eThgmFr.exe
  2⤵
  PID:4384
- C:\Windows\System\OybtKNg.exe
  C:\Windows\System\OybtKNg.exe
  2⤵
  PID:4480
- C:\Windows\System\KhmtGep.exe
  C:\Windows\System\KhmtGep.exe
  2⤵
  PID:4612
- C:\Windows\System\OwgwyED.exe
  C:\Windows\System\OwgwyED.exe
  2⤵
  PID:4792
- C:\Windows\System\NxTaRGD.exe
  C:\Windows\System\NxTaRGD.exe
  2⤵
  PID:4824
- C:\Windows\System\cvznWXq.exe
  C:\Windows\System\cvznWXq.exe
  2⤵
  PID:4116
- C:\Windows\System\YgpvABe.exe
  C:\Windows\System\YgpvABe.exe
  2⤵
  PID:4908
- C:\Windows\System\AlYrUmk.exe
  C:\Windows\System\AlYrUmk.exe
  2⤵
  PID:2860
- C:\Windows\System\CjSjyDV.exe
  C:\Windows\System\CjSjyDV.exe
  2⤵
  PID:2800
- C:\Windows\System\lJeZzGL.exe
  C:\Windows\System\lJeZzGL.exe
  2⤵
  PID:5124
- C:\Windows\System\LcvrWSj.exe
  C:\Windows\System\LcvrWSj.exe
  2⤵
  PID:5144
- C:\Windows\System\AZFLlEN.exe
  C:\Windows\System\AZFLlEN.exe
  2⤵
  PID:5164
- C:\Windows\System\VQPkWVa.exe
  C:\Windows\System\VQPkWVa.exe
  2⤵
  PID:5184
- C:\Windows\System\XNvnbJy.exe
  C:\Windows\System\XNvnbJy.exe
  2⤵
  PID:5204
- C:\Windows\System\yCfMcRh.exe
  C:\Windows\System\yCfMcRh.exe
  2⤵
  PID:5228
- C:\Windows\System\PdDXzQM.exe
  C:\Windows\System\PdDXzQM.exe
  2⤵
  PID:5248
- C:\Windows\System\cVeNGlI.exe
  C:\Windows\System\cVeNGlI.exe
  2⤵
  PID:5268
- C:\Windows\System\PQAMHQp.exe
  C:\Windows\System\PQAMHQp.exe
  2⤵
  PID:5288
- C:\Windows\System\wbuUUud.exe
  C:\Windows\System\wbuUUud.exe
  2⤵
  PID:5308
- C:\Windows\System\aTdgtEQ.exe
  C:\Windows\System\aTdgtEQ.exe
  2⤵
  PID:5328
- C:\Windows\System\SKcooYX.exe
  C:\Windows\System\SKcooYX.exe
  2⤵
  PID:5348
- C:\Windows\System\wmLyiRs.exe
  C:\Windows\System\wmLyiRs.exe
  2⤵
  PID:5368
- C:\Windows\System\mefgiuC.exe
  C:\Windows\System\mefgiuC.exe
  2⤵
  PID:5388
- C:\Windows\System\RqWYXnX.exe
  C:\Windows\System\RqWYXnX.exe
  2⤵
  PID:5408
- C:\Windows\System\BkSItAt.exe
  C:\Windows\System\BkSItAt.exe
  2⤵
  PID:5428
- C:\Windows\System\dhkMuMU.exe
  C:\Windows\System\dhkMuMU.exe
  2⤵
  PID:5448
- C:\Windows\System\SWxcbbe.exe
  C:\Windows\System\SWxcbbe.exe
  2⤵
  PID:5468
- C:\Windows\System\DhjdGQw.exe
  C:\Windows\System\DhjdGQw.exe
  2⤵
  PID:5488
- C:\Windows\System\cepmQcN.exe
  C:\Windows\System\cepmQcN.exe
  2⤵
  PID:5508
- C:\Windows\System\RClYsUh.exe
  C:\Windows\System\RClYsUh.exe
  2⤵
  PID:5528
- C:\Windows\System\DUHfwRT.exe
  C:\Windows\System\DUHfwRT.exe
  2⤵
  PID:5548
- C:\Windows\System\JaWZGpk.exe
  C:\Windows\System\JaWZGpk.exe
  2⤵
  PID:5568
- C:\Windows\System\zXiSZDU.exe
  C:\Windows\System\zXiSZDU.exe
  2⤵
  PID:5588
- C:\Windows\System\PlmUGcy.exe
  C:\Windows\System\PlmUGcy.exe
  2⤵
  PID:5608
- C:\Windows\System\QuVqNPI.exe
  C:\Windows\System\QuVqNPI.exe
  2⤵
  PID:5628
- C:\Windows\System\gHuHUSo.exe
  C:\Windows\System\gHuHUSo.exe
  2⤵
  PID:5648
- C:\Windows\System\sHkYoLo.exe
  C:\Windows\System\sHkYoLo.exe
  2⤵
  PID:5668
- C:\Windows\System\lgjzauG.exe
  C:\Windows\System\lgjzauG.exe
  2⤵
  PID:5688
- C:\Windows\System\RtQRUny.exe
  C:\Windows\System\RtQRUny.exe
  2⤵
  PID:5708
- C:\Windows\System\IYObEym.exe
  C:\Windows\System\IYObEym.exe
  2⤵
  PID:5728
- C:\Windows\System\DkPqRNQ.exe
  C:\Windows\System\DkPqRNQ.exe
  2⤵
  PID:5748
- C:\Windows\System\GUyVnIz.exe
  C:\Windows\System\GUyVnIz.exe
  2⤵
  PID:5768
- C:\Windows\System\MQREWzQ.exe
  C:\Windows\System\MQREWzQ.exe
  2⤵
  PID:5788
- C:\Windows\System\bxDQcyA.exe
  C:\Windows\System\bxDQcyA.exe
  2⤵
  PID:5808
- C:\Windows\System\MLdUcwz.exe
  C:\Windows\System\MLdUcwz.exe
  2⤵
  PID:5828
- C:\Windows\System\VVnYLJd.exe
  C:\Windows\System\VVnYLJd.exe
  2⤵
  PID:5848
- C:\Windows\System\kuYHOOs.exe
  C:\Windows\System\kuYHOOs.exe
  2⤵
  PID:5868
- C:\Windows\System\nKylhLC.exe
  C:\Windows\System\nKylhLC.exe
  2⤵
  PID:5888
- C:\Windows\System\fkOjCpT.exe
  C:\Windows\System\fkOjCpT.exe
  2⤵
  PID:5908
- C:\Windows\System\auFqJYP.exe
  C:\Windows\System\auFqJYP.exe
  2⤵
  PID:5928
- C:\Windows\System\icmpDPv.exe
  C:\Windows\System\icmpDPv.exe
  2⤵
  PID:5948
- C:\Windows\System\qpVMawe.exe
  C:\Windows\System\qpVMawe.exe
  2⤵
  PID:5968
- C:\Windows\System\kviwLqb.exe
  C:\Windows\System\kviwLqb.exe
  2⤵
  PID:5988
- C:\Windows\System\jFnmAhu.exe
  C:\Windows\System\jFnmAhu.exe
  2⤵
  PID:6008
- C:\Windows\System\odHplJh.exe
  C:\Windows\System\odHplJh.exe
  2⤵
  PID:6028
- C:\Windows\System\GzOxsEV.exe
  C:\Windows\System\GzOxsEV.exe
  2⤵
  PID:6048
- C:\Windows\System\agGonwo.exe
  C:\Windows\System\agGonwo.exe
  2⤵
  PID:6068
- C:\Windows\System\OBXrKLl.exe
  C:\Windows\System\OBXrKLl.exe
  2⤵
  PID:6088
- C:\Windows\System\hSRlUYg.exe
  C:\Windows\System\hSRlUYg.exe
  2⤵
  PID:6108
- C:\Windows\System\BTMpJYc.exe
  C:\Windows\System\BTMpJYc.exe
  2⤵
  PID:6128
- C:\Windows\System\rGwhTXZ.exe
  C:\Windows\System\rGwhTXZ.exe
  2⤵
  PID:2440
- C:\Windows\System\wKQnxuq.exe
  C:\Windows\System\wKQnxuq.exe
  2⤵
  PID:3776
- C:\Windows\System\DjhjAxZ.exe
  C:\Windows\System\DjhjAxZ.exe
  2⤵
  PID:2484
- C:\Windows\System\saRwjaA.exe
  C:\Windows\System\saRwjaA.exe
  2⤵
  PID:1072
- C:\Windows\System\bSgZWma.exe
  C:\Windows\System\bSgZWma.exe
  2⤵
  PID:4236
- C:\Windows\System\Lskclwb.exe
  C:\Windows\System\Lskclwb.exe
  2⤵
  PID:4460
- C:\Windows\System\tvlfyry.exe
  C:\Windows\System\tvlfyry.exe
  2⤵
  PID:4784
- C:\Windows\System\UmiRpex.exe
  C:\Windows\System\UmiRpex.exe
  2⤵
  PID:4684
- C:\Windows\System\uzzWnQv.exe
  C:\Windows\System\uzzWnQv.exe
  2⤵
  PID:2652
- C:\Windows\System\ogJXGhR.exe
  C:\Windows\System\ogJXGhR.exe
  2⤵
  PID:5064
- C:\Windows\System\hhdAYCT.exe
  C:\Windows\System\hhdAYCT.exe
  2⤵
  PID:5132
- C:\Windows\System\fMmrEUW.exe
  C:\Windows\System\fMmrEUW.exe
  2⤵
  PID:5156
- C:\Windows\System\AnDzDkx.exe
  C:\Windows\System\AnDzDkx.exe
  2⤵
  PID:5200
- C:\Windows\System\ZGrJefJ.exe
  C:\Windows\System\ZGrJefJ.exe
  2⤵
  PID:5236
- C:\Windows\System\XfjHXHW.exe
  C:\Windows\System\XfjHXHW.exe
  2⤵
  PID:5260
- C:\Windows\System\mSkrEwi.exe
  C:\Windows\System\mSkrEwi.exe
  2⤵
  PID:5304
- C:\Windows\System\sNKkjFI.exe
  C:\Windows\System\sNKkjFI.exe
  2⤵
  PID:1792
- C:\Windows\System\pvQEFsO.exe
  C:\Windows\System\pvQEFsO.exe
  2⤵
  PID:5340
- C:\Windows\System\NMiKHYI.exe
  C:\Windows\System\NMiKHYI.exe
  2⤵
  PID:5384
- C:\Windows\System\KVQuenb.exe
  C:\Windows\System\KVQuenb.exe
  2⤵
  PID:5416
- C:\Windows\System\FAunpkJ.exe
  C:\Windows\System\FAunpkJ.exe
  2⤵
  PID:5440
- C:\Windows\System\KxGnJoG.exe
  C:\Windows\System\KxGnJoG.exe
  2⤵
  PID:5460
- C:\Windows\System\lMOsupG.exe
  C:\Windows\System\lMOsupG.exe
  2⤵
  PID:2876
- C:\Windows\System\IhKXNUe.exe
  C:\Windows\System\IhKXNUe.exe
  2⤵
  PID:5536
- C:\Windows\System\fTIJHOQ.exe
  C:\Windows\System\fTIJHOQ.exe
  2⤵
  PID:5560
- C:\Windows\System\fAggQXN.exe
  C:\Windows\System\fAggQXN.exe
  2⤵
  PID:5584
- C:\Windows\System\MFvaZhp.exe
  C:\Windows\System\MFvaZhp.exe
  2⤵
  PID:5620
- C:\Windows\System\InubDlf.exe
  C:\Windows\System\InubDlf.exe
  2⤵
  PID:5664
- C:\Windows\System\jJCfPHY.exe
  C:\Windows\System\jJCfPHY.exe
  2⤵
  PID:5716
- C:\Windows\System\iuSQOMi.exe
  C:\Windows\System\iuSQOMi.exe
  2⤵
  PID:5720
- C:\Windows\System\XIghgZW.exe
  C:\Windows\System\XIghgZW.exe
  2⤵
  PID:5760
- C:\Windows\System\ZfCZSwx.exe
  C:\Windows\System\ZfCZSwx.exe
  2⤵
  PID:5796
- C:\Windows\System\tDcQAyU.exe
  C:\Windows\System\tDcQAyU.exe
  2⤵
  PID:2976
- C:\Windows\System\cMXzItK.exe
  C:\Windows\System\cMXzItK.exe
  2⤵
  PID:5820
- C:\Windows\System\XLrZcbv.exe
  C:\Windows\System\XLrZcbv.exe
  2⤵
  PID:5864
- C:\Windows\System\wyKVOVe.exe
  C:\Windows\System\wyKVOVe.exe
  2⤵
  PID:5924
- C:\Windows\System\wcOAJVW.exe
  C:\Windows\System\wcOAJVW.exe
  2⤵
  PID:5944
- C:\Windows\System\SyHNUiv.exe
  C:\Windows\System\SyHNUiv.exe
  2⤵
  PID:5976
- C:\Windows\System\UpjmOOJ.exe
  C:\Windows\System\UpjmOOJ.exe
  2⤵
  PID:6000
- C:\Windows\System\EfxHivM.exe
  C:\Windows\System\EfxHivM.exe
  2⤵
  PID:6020
- C:\Windows\System\LQxIeNq.exe
  C:\Windows\System\LQxIeNq.exe
  2⤵
  PID:6060
- C:\Windows\System\bNzHFVs.exe
  C:\Windows\System\bNzHFVs.exe
  2⤵
  PID:6100
- C:\Windows\System\sQHlAEM.exe
  C:\Windows\System\sQHlAEM.exe
  2⤵
  PID:2680
- C:\Windows\System\oBntGqH.exe
  C:\Windows\System\oBntGqH.exe
  2⤵
  PID:2676
- C:\Windows\System\kmxZpVJ.exe
  C:\Windows\System\kmxZpVJ.exe
  2⤵
  PID:4280
- C:\Windows\System\OBymXKx.exe
  C:\Windows\System\OBymXKx.exe
  2⤵
  PID:4376
- C:\Windows\System\DmeMHsO.exe
  C:\Windows\System\DmeMHsO.exe
  2⤵
  PID:4648
- C:\Windows\System\UzcBYRk.exe
  C:\Windows\System\UzcBYRk.exe
  2⤵
  PID:4968
- C:\Windows\System\dRKaXnk.exe
  C:\Windows\System\dRKaXnk.exe
  2⤵
  PID:5152
- C:\Windows\System\QFTcLmF.exe
  C:\Windows\System\QFTcLmF.exe
  2⤵
  PID:5212
- C:\Windows\System\nYRquKS.exe
  C:\Windows\System\nYRquKS.exe
  2⤵
  PID:5240
- C:\Windows\System\ImMnEnX.exe
  C:\Windows\System\ImMnEnX.exe
  2⤵
  PID:5280
- C:\Windows\System\bkBWdlM.exe
  C:\Windows\System\bkBWdlM.exe
  2⤵
  PID:676
- C:\Windows\System\OpHUuPt.exe
  C:\Windows\System\OpHUuPt.exe
  2⤵
  PID:5376
- C:\Windows\System\AkFnqwR.exe
  C:\Windows\System\AkFnqwR.exe
  2⤵
  PID:5424
- C:\Windows\System\vBnaNwq.exe
  C:\Windows\System\vBnaNwq.exe
  2⤵
  PID:5516
- C:\Windows\System\oLCBRRy.exe
  C:\Windows\System\oLCBRRy.exe
  2⤵
  PID:5556
- C:\Windows\System\gbxpujW.exe
  C:\Windows\System\gbxpujW.exe
  2⤵
  PID:5604
- C:\Windows\System\FGXaWTx.exe
  C:\Windows\System\FGXaWTx.exe
  2⤵
  PID:5676
- C:\Windows\System\ShFzOoK.exe
  C:\Windows\System\ShFzOoK.exe
  2⤵
  PID:5724
- C:\Windows\System\KzDhPvl.exe
  C:\Windows\System\KzDhPvl.exe
  2⤵
  PID:5776
- C:\Windows\System\SwLnXcb.exe
  C:\Windows\System\SwLnXcb.exe
  2⤵
  PID:5800
- C:\Windows\System\wUuSNGG.exe
  C:\Windows\System\wUuSNGG.exe
  2⤵
  PID:5856
- C:\Windows\System\qStJOac.exe
  C:\Windows\System\qStJOac.exe
  2⤵
  PID:5896
- C:\Windows\System\BAqmXkU.exe
  C:\Windows\System\BAqmXkU.exe
  2⤵
  PID:5960
- C:\Windows\System\RtVdHpj.exe
  C:\Windows\System\RtVdHpj.exe
  2⤵
  PID:6004
- C:\Windows\System\vnzlxYQ.exe
  C:\Windows\System\vnzlxYQ.exe
  2⤵
  PID:6080
- C:\Windows\System\Kpjnvqu.exe
  C:\Windows\System\Kpjnvqu.exe
  2⤵
  PID:3328
- C:\Windows\System\gPHgjOj.exe
  C:\Windows\System\gPHgjOj.exe
  2⤵
  PID:3948
- C:\Windows\System\HvBACtJ.exe
  C:\Windows\System\HvBACtJ.exe
  2⤵
  PID:2916
- C:\Windows\System\uQDZZwb.exe
  C:\Windows\System\uQDZZwb.exe
  2⤵
  PID:4588
- C:\Windows\System\KwlInOp.exe
  C:\Windows\System\KwlInOp.exe
  2⤵
  PID:5160
- C:\Windows\System\gkOyxzg.exe
  C:\Windows\System\gkOyxzg.exe
  2⤵
  PID:1784
- C:\Windows\System\OcPzJVR.exe
  C:\Windows\System\OcPzJVR.exe
  2⤵
  PID:5360
- C:\Windows\System\KLMAnzO.exe
  C:\Windows\System\KLMAnzO.exe
  2⤵
  PID:5404
- C:\Windows\System\wySfvLQ.exe
  C:\Windows\System\wySfvLQ.exe
  2⤵
  PID:5444
- C:\Windows\System\eFZdqkI.exe
  C:\Windows\System\eFZdqkI.exe
  2⤵
  PID:5600
- C:\Windows\System\AnNbOue.exe
  C:\Windows\System\AnNbOue.exe
  2⤵
  PID:5680
- C:\Windows\System\VZhoAUG.exe
  C:\Windows\System\VZhoAUG.exe
  2⤵
  PID:5756
- C:\Windows\System\KBbxQYV.exe
  C:\Windows\System\KBbxQYV.exe
  2⤵
  PID:5824
- C:\Windows\System\JBvYgGV.exe
  C:\Windows\System\JBvYgGV.exe
  2⤵
  PID:5916
- C:\Windows\System\ZcgSPPu.exe
  C:\Windows\System\ZcgSPPu.exe
  2⤵
  PID:6036
- C:\Windows\System\nvemQJq.exe
  C:\Windows\System\nvemQJq.exe
  2⤵
  PID:6056
- C:\Windows\System\ahvwlXK.exe
  C:\Windows\System\ahvwlXK.exe
  2⤵
  PID:6164
- C:\Windows\System\Uwzjqah.exe
  C:\Windows\System\Uwzjqah.exe
  2⤵
  PID:6184
- C:\Windows\System\suwgIyN.exe
  C:\Windows\System\suwgIyN.exe
  2⤵
  PID:6204
- C:\Windows\System\nhEcrAB.exe
  C:\Windows\System\nhEcrAB.exe
  2⤵
  PID:6224
- C:\Windows\System\KXpBSDq.exe
  C:\Windows\System\KXpBSDq.exe
  2⤵
  PID:6244
- C:\Windows\System\yzCWKrZ.exe
  C:\Windows\System\yzCWKrZ.exe
  2⤵
  PID:6264
- C:\Windows\System\CpvfeOk.exe
  C:\Windows\System\CpvfeOk.exe
  2⤵
  PID:6284
- C:\Windows\System\HtgehOW.exe
  C:\Windows\System\HtgehOW.exe
  2⤵
  PID:6304
- C:\Windows\System\kjBPKgd.exe
  C:\Windows\System\kjBPKgd.exe
  2⤵
  PID:6324
- C:\Windows\System\ZOLwCqu.exe
  C:\Windows\System\ZOLwCqu.exe
  2⤵
  PID:6344
- C:\Windows\System\DlwZkno.exe
  C:\Windows\System\DlwZkno.exe
  2⤵
  PID:6364
- C:\Windows\System\dVCruIG.exe
  C:\Windows\System\dVCruIG.exe
  2⤵
  PID:6384
- C:\Windows\System\SDWiUYl.exe
  C:\Windows\System\SDWiUYl.exe
  2⤵
  PID:6404
- C:\Windows\System\IvSKGNb.exe
  C:\Windows\System\IvSKGNb.exe
  2⤵
  PID:6424
- C:\Windows\System\NVzfLTw.exe
  C:\Windows\System\NVzfLTw.exe
  2⤵
  PID:6444
- C:\Windows\System\jESlSwJ.exe
  C:\Windows\System\jESlSwJ.exe
  2⤵
  PID:6464
- C:\Windows\System\tgRQSiG.exe
  C:\Windows\System\tgRQSiG.exe
  2⤵
  PID:6484
- C:\Windows\System\JtgAXvi.exe
  C:\Windows\System\JtgAXvi.exe
  2⤵
  PID:6504
- C:\Windows\System\wzxJszu.exe
  C:\Windows\System\wzxJszu.exe
  2⤵
  PID:6524
- C:\Windows\System\WwdSzKG.exe
  C:\Windows\System\WwdSzKG.exe
  2⤵
  PID:6544
- C:\Windows\System\AoAJGva.exe
  C:\Windows\System\AoAJGva.exe
  2⤵
  PID:6564
- C:\Windows\System\wFdQvxS.exe
  C:\Windows\System\wFdQvxS.exe
  2⤵
  PID:6584
- C:\Windows\System\nhazMxW.exe
  C:\Windows\System\nhazMxW.exe
  2⤵
  PID:6604
- C:\Windows\System\WBIgpkQ.exe
  C:\Windows\System\WBIgpkQ.exe
  2⤵
  PID:6624
- C:\Windows\System\CRHfzbq.exe
  C:\Windows\System\CRHfzbq.exe
  2⤵
  PID:6648
- C:\Windows\System\jyzriMZ.exe
  C:\Windows\System\jyzriMZ.exe
  2⤵
  PID:6668
- C:\Windows\System\JfSNULd.exe
  C:\Windows\System\JfSNULd.exe
  2⤵
  PID:6688
- C:\Windows\System\AwppTLM.exe
  C:\Windows\System\AwppTLM.exe
  2⤵
  PID:6708
- C:\Windows\System\EauQpyz.exe
  C:\Windows\System\EauQpyz.exe
  2⤵
  PID:6728
- C:\Windows\System\LDvMtfj.exe
  C:\Windows\System\LDvMtfj.exe
  2⤵
  PID:6748
- C:\Windows\System\cbeDqYB.exe
  C:\Windows\System\cbeDqYB.exe
  2⤵
  PID:6768
- C:\Windows\System\SIHvflH.exe
  C:\Windows\System\SIHvflH.exe
  2⤵
  PID:6788
- C:\Windows\System\rRtqGfh.exe
  C:\Windows\System\rRtqGfh.exe
  2⤵
  PID:6808
- C:\Windows\System\aZcPLVj.exe
  C:\Windows\System\aZcPLVj.exe
  2⤵
  PID:6828
- C:\Windows\System\KVqowVK.exe
  C:\Windows\System\KVqowVK.exe
  2⤵
  PID:6848
- C:\Windows\System\naHKdag.exe
  C:\Windows\System\naHKdag.exe
  2⤵
  PID:6868
- C:\Windows\System\enKfNfb.exe
  C:\Windows\System\enKfNfb.exe
  2⤵
  PID:6888
- C:\Windows\System\RuSSsyB.exe
  C:\Windows\System\RuSSsyB.exe
  2⤵
  PID:6908
- C:\Windows\System\CDxYIqm.exe
  C:\Windows\System\CDxYIqm.exe
  2⤵
  PID:6928
- C:\Windows\System\VJtyikr.exe
  C:\Windows\System\VJtyikr.exe
  2⤵
  PID:6952
- C:\Windows\System\nXsxzKD.exe
  C:\Windows\System\nXsxzKD.exe
  2⤵
  PID:6972
- C:\Windows\System\hXoRBNI.exe
  C:\Windows\System\hXoRBNI.exe
  2⤵
  PID:6992
- C:\Windows\System\XPUSJFs.exe
  C:\Windows\System\XPUSJFs.exe
  2⤵
  PID:7012
- C:\Windows\System\hkpvayt.exe
  C:\Windows\System\hkpvayt.exe
  2⤵
  PID:7032
- C:\Windows\System\gmjgcTg.exe
  C:\Windows\System\gmjgcTg.exe
  2⤵
  PID:7052
- C:\Windows\System\dqTGwqw.exe
  C:\Windows\System\dqTGwqw.exe
  2⤵
  PID:7072
- C:\Windows\System\fzRaxal.exe
  C:\Windows\System\fzRaxal.exe
  2⤵
  PID:7092
- C:\Windows\System\qwtGcfR.exe
  C:\Windows\System\qwtGcfR.exe
  2⤵
  PID:7112
- C:\Windows\System\RnvTLcr.exe
  C:\Windows\System\RnvTLcr.exe
  2⤵
  PID:7132
- C:\Windows\System\oVidaJP.exe
  C:\Windows\System\oVidaJP.exe
  2⤵
  PID:7152
- C:\Windows\System\LHfnNuh.exe
  C:\Windows\System\LHfnNuh.exe
  2⤵
  PID:6136
- C:\Windows\System\YBkzMXI.exe
  C:\Windows\System\YBkzMXI.exe
  2⤵
  PID:4100
- C:\Windows\System\sMBNOGN.exe
  C:\Windows\System\sMBNOGN.exe
  2⤵
  PID:5112
- C:\Windows\System\koDeuHm.exe
  C:\Windows\System\koDeuHm.exe
  2⤵
  PID:5284
- C:\Windows\System\hwjTTJW.exe
  C:\Windows\System\hwjTTJW.exe
  2⤵
  PID:5324
- C:\Windows\System\iydmWns.exe
  C:\Windows\System\iydmWns.exe
  2⤵
  PID:5540
- C:\Windows\System\yABmaHi.exe
  C:\Windows\System\yABmaHi.exe
  2⤵
  PID:5900
- C:\Windows\System\EvDCSmt.exe
  C:\Windows\System\EvDCSmt.exe
  2⤵
  PID:6160
- C:\Windows\System\wKgrMwl.exe
  C:\Windows\System\wKgrMwl.exe
  2⤵
  PID:6192
- C:\Windows\System\gDeIorb.exe
  C:\Windows\System\gDeIorb.exe
  2⤵
  PID:6176
- C:\Windows\System\XIQCmfz.exe
  C:\Windows\System\XIQCmfz.exe
  2⤵
  PID:2096
- C:\Windows\System\AgbZscs.exe
  C:\Windows\System\AgbZscs.exe
  2⤵
  PID:6260
- C:\Windows\System\qYSwoUb.exe
  C:\Windows\System\qYSwoUb.exe
  2⤵
  PID:2760
- C:\Windows\System\mrKxWmy.exe
  C:\Windows\System\mrKxWmy.exe
  2⤵
  PID:6320
- C:\Windows\System\QktzEXe.exe
  C:\Windows\System\QktzEXe.exe
  2⤵
  PID:6336
- C:\Windows\System\YhxWwKY.exe
  C:\Windows\System\YhxWwKY.exe
  2⤵
  PID:6380
- C:\Windows\System\mEzbtkr.exe
  C:\Windows\System\mEzbtkr.exe
  2⤵
  PID:6376
- C:\Windows\System\fiaUoFj.exe
  C:\Windows\System\fiaUoFj.exe
  2⤵
  PID:6432
- C:\Windows\System\grQYuWh.exe
  C:\Windows\System\grQYuWh.exe
  2⤵
  PID:6472
- C:\Windows\System\CaHjsYr.exe
  C:\Windows\System\CaHjsYr.exe
  2⤵
  PID:6476
- C:\Windows\System\wVhmMCm.exe
  C:\Windows\System\wVhmMCm.exe
  2⤵
  PID:6496
- C:\Windows\System\JSWxEbt.exe
  C:\Windows\System\JSWxEbt.exe
  2⤵
  PID:6532
- C:\Windows\System\iSyjBZO.exe
  C:\Windows\System\iSyjBZO.exe
  2⤵
  PID:6556
- C:\Windows\System\zxtDSTv.exe
  C:\Windows\System\zxtDSTv.exe
  2⤵
  PID:6600
- C:\Windows\System\LhfBzGA.exe
  C:\Windows\System\LhfBzGA.exe
  2⤵
  PID:6636
- C:\Windows\System\IhLkHUG.exe
  C:\Windows\System\IhLkHUG.exe
  2⤵
  PID:6660
- C:\Windows\System\bMqezaM.exe
  C:\Windows\System\bMqezaM.exe
  2⤵
  PID:6700
- C:\Windows\System\ImzdUSz.exe
  C:\Windows\System\ImzdUSz.exe
  2⤵
  PID:6736
- C:\Windows\System\ggGbbWW.exe
  C:\Windows\System\ggGbbWW.exe
  2⤵
  PID:6740
- C:\Windows\System\ulfCiQF.exe
  C:\Windows\System\ulfCiQF.exe
  2⤵
  PID:6804
- C:\Windows\System\zezEhoG.exe
  C:\Windows\System\zezEhoG.exe
  2⤵
  PID:6816
- C:\Windows\System\lwWSzAe.exe
  C:\Windows\System\lwWSzAe.exe
  2⤵
  PID:6820
- C:\Windows\System\CyfORLX.exe
  C:\Windows\System\CyfORLX.exe
  2⤵
  PID:6884
- C:\Windows\System\hOQLIDZ.exe
  C:\Windows\System\hOQLIDZ.exe
  2⤵
  PID:6916
- C:\Windows\System\PKoSUee.exe
  C:\Windows\System\PKoSUee.exe
  2⤵
  PID:6920
- C:\Windows\System\nRIpklC.exe
  C:\Windows\System\nRIpklC.exe
  2⤵
  PID:6968
- C:\Windows\System\xkjPyeZ.exe
  C:\Windows\System\xkjPyeZ.exe
  2⤵
  PID:7068
- C:\Windows\System\UeoFvzz.exe
  C:\Windows\System\UeoFvzz.exe
  2⤵
  PID:7064
- C:\Windows\System\NPxpkGZ.exe
  C:\Windows\System\NPxpkGZ.exe
  2⤵
  PID:7140
- C:\Windows\System\DndOKWj.exe
  C:\Windows\System\DndOKWj.exe
  2⤵
  PID:6124
- C:\Windows\System\MmDKnvH.exe
  C:\Windows\System\MmDKnvH.exe
  2⤵
  PID:4180
- C:\Windows\System\ilEBTOj.exe
  C:\Windows\System\ilEBTOj.exe
  2⤵
  PID:4988
- C:\Windows\System\hqAFXag.exe
  C:\Windows\System\hqAFXag.exe
  2⤵
  PID:5296
- C:\Windows\System\useKsoC.exe
  C:\Windows\System\useKsoC.exe
  2⤵
  PID:5500
- C:\Windows\System\LRvDFfH.exe
  C:\Windows\System\LRvDFfH.exe
  2⤵
  PID:5616
- C:\Windows\System\Epqrfbm.exe
  C:\Windows\System\Epqrfbm.exe
  2⤵
  PID:2852
- C:\Windows\System\EEYwxcX.exe
  C:\Windows\System\EEYwxcX.exe
  2⤵
  PID:2668
- C:\Windows\System\RewzODJ.exe
  C:\Windows\System\RewzODJ.exe
  2⤵
  PID:2912
- C:\Windows\System\WiJKwat.exe
  C:\Windows\System\WiJKwat.exe
  2⤵
  PID:5704
- C:\Windows\System\LAsgEmr.exe
  C:\Windows\System\LAsgEmr.exe
  2⤵
  PID:3020
- C:\Windows\System\qFlRwRg.exe
  C:\Windows\System\qFlRwRg.exe
  2⤵
  PID:2128
- C:\Windows\System\kxcjyAt.exe
  C:\Windows\System\kxcjyAt.exe
  2⤵
  PID:2924
- C:\Windows\System\jnNbdLH.exe
  C:\Windows\System\jnNbdLH.exe
  2⤵
  PID:464
- C:\Windows\System\NlTvjZY.exe
  C:\Windows\System\NlTvjZY.exe
  2⤵
  PID:1332
- C:\Windows\System\RDJzDxp.exe
  C:\Windows\System\RDJzDxp.exe
  2⤵
  PID:3004
- C:\Windows\System\toKnpWK.exe
  C:\Windows\System\toKnpWK.exe
  2⤵
  PID:956
- C:\Windows\System\XnlfyZL.exe
  C:\Windows\System\XnlfyZL.exe
  2⤵
  PID:2624
- C:\Windows\System\fEXBfbk.exe
  C:\Windows\System\fEXBfbk.exe
  2⤵
  PID:6212
- C:\Windows\System\hAudcba.exe
  C:\Windows\System\hAudcba.exe
  2⤵
  PID:6232
- C:\Windows\System\KmvOstI.exe
  C:\Windows\System\KmvOstI.exe
  2⤵
  PID:6280
- C:\Windows\System\qMrsaTf.exe
  C:\Windows\System\qMrsaTf.exe
  2⤵
  PID:1404
- C:\Windows\System\hCMNlNh.exe
  C:\Windows\System\hCMNlNh.exe
  2⤵
  PID:6680
- C:\Windows\System\rEavufW.exe
  C:\Windows\System\rEavufW.exe
  2⤵
  PID:6744
- C:\Windows\System\oUOEmDS.exe
  C:\Windows\System\oUOEmDS.exe
  2⤵
  PID:6900
- C:\Windows\System\zQlIdOY.exe
  C:\Windows\System\zQlIdOY.exe
  2⤵
  PID:7008
- C:\Windows\System\AUDBLjr.exe
  C:\Windows\System\AUDBLjr.exe
  2⤵
  PID:7040
- C:\Windows\System\dsdUKxL.exe
  C:\Windows\System\dsdUKxL.exe
  2⤵
  PID:6456
- C:\Windows\System\NDDLzMQ.exe
  C:\Windows\System\NDDLzMQ.exe
  2⤵
  PID:6676
- C:\Windows\System\FmWfxjT.exe
  C:\Windows\System\FmWfxjT.exe
  2⤵
  PID:7044
- C:\Windows\System\OSGyEql.exe
  C:\Windows\System\OSGyEql.exe
  2⤵
  PID:6252
- C:\Windows\System\SgOGcgB.exe
  C:\Windows\System\SgOGcgB.exe
  2⤵
  PID:7128
- C:\Windows\System\pfCUcYs.exe
  C:\Windows\System\pfCUcYs.exe
  2⤵
  PID:3348
- C:\Windows\System\DFANoOf.exe
  C:\Windows\System\DFANoOf.exe
  2⤵
  PID:2720
- C:\Windows\System\pwKBYMM.exe
  C:\Windows\System\pwKBYMM.exe
  2⤵
  PID:6372
- C:\Windows\System\HtIYBNo.exe
  C:\Windows\System\HtIYBNo.exe
  2⤵
  PID:6640
- C:\Windows\System\BiNpYMj.exe
  C:\Windows\System\BiNpYMj.exe
  2⤵
  PID:6720
- C:\Windows\System\hTvyBds.exe
  C:\Windows\System\hTvyBds.exe
  2⤵
  PID:6844
- C:\Windows\System\gpbROpQ.exe
  C:\Windows\System\gpbROpQ.exe
  2⤵
  PID:1684
- C:\Windows\System\PGCWaxb.exe
  C:\Windows\System\PGCWaxb.exe
  2⤵
  PID:2956
- C:\Windows\System\zwHesvp.exe
  C:\Windows\System\zwHesvp.exe
  2⤵
  PID:2940
- C:\Windows\System\IgnVccU.exe
  C:\Windows\System\IgnVccU.exe
  2⤵
  PID:628
- C:\Windows\System\sRhlknr.exe
  C:\Windows\System\sRhlknr.exe
  2⤵
  PID:7144
- C:\Windows\System\poDmDfP.exe
  C:\Windows\System\poDmDfP.exe
  2⤵
  PID:5520
- C:\Windows\System\UgugZyR.exe
  C:\Windows\System\UgugZyR.exe
  2⤵
  PID:2988
- C:\Windows\System\vVlZBbO.exe
  C:\Windows\System\vVlZBbO.exe
  2⤵
  PID:6148
- C:\Windows\System\LNYVwuc.exe
  C:\Windows\System\LNYVwuc.exe
  2⤵
  PID:6332
- C:\Windows\System\ZIOLrKZ.exe
  C:\Windows\System\ZIOLrKZ.exe
  2⤵
  PID:1156
- C:\Windows\System\sNPQAwm.exe
  C:\Windows\System\sNPQAwm.exe
  2⤵
  PID:6500
- C:\Windows\System\HCezcjq.exe
  C:\Windows\System\HCezcjq.exe
  2⤵
  PID:6220
- C:\Windows\System\KVOuAGs.exe
  C:\Windows\System\KVOuAGs.exe
  2⤵
  PID:6620
- C:\Windows\System\wiLQEcN.exe
  C:\Windows\System\wiLQEcN.exe
  2⤵
  PID:6864
- C:\Windows\System\OMmrOAD.exe
  C:\Windows\System\OMmrOAD.exe
  2⤵
  PID:6988
- C:\Windows\System\JTwzuNI.exe
  C:\Windows\System\JTwzuNI.exe
  2⤵
  PID:7120
- C:\Windows\System\xokeAgx.exe
  C:\Windows\System\xokeAgx.exe
  2⤵
  PID:7100
- C:\Windows\System\vHTcgTj.exe
  C:\Windows\System\vHTcgTj.exe
  2⤵
  PID:6592
- C:\Windows\System\FfweooM.exe
  C:\Windows\System\FfweooM.exe
  2⤵
  PID:7164
- C:\Windows\System\LqyqIbX.exe
  C:\Windows\System\LqyqIbX.exe
  2⤵
  PID:2088
- C:\Windows\System\uPfPkpn.exe
  C:\Windows\System\uPfPkpn.exe
  2⤵
  PID:1976
- C:\Windows\System\GGFEkhS.exe
  C:\Windows\System\GGFEkhS.exe
  2⤵
  PID:6960
- C:\Windows\System\LvZtJHi.exe
  C:\Windows\System\LvZtJHi.exe
  2⤵
  PID:2828
- C:\Windows\System\tyjXIxh.exe
  C:\Windows\System\tyjXIxh.exe
  2⤵
  PID:5656
- C:\Windows\System\mhSgoix.exe
  C:\Windows\System\mhSgoix.exe
  2⤵
  PID:2460
- C:\Windows\System\Shyrktg.exe
  C:\Windows\System\Shyrktg.exe
  2⤵
  PID:2588
- C:\Windows\System\OFJMqMk.exe
  C:\Windows\System\OFJMqMk.exe
  2⤵
  PID:6696
- C:\Windows\System\TvxRjih.exe
  C:\Windows\System\TvxRjih.exe
  2⤵
  PID:6044
- C:\Windows\System\xiJqPve.exe
  C:\Windows\System\xiJqPve.exe
  2⤵
  PID:6856
- C:\Windows\System\EDHdESA.exe
  C:\Windows\System\EDHdESA.exe
  2⤵
  PID:7000
- C:\Windows\System\PMQRxGV.exe
  C:\Windows\System\PMQRxGV.exe
  2⤵
  PID:6984
- C:\Windows\System\WioTofk.exe
  C:\Windows\System\WioTofk.exe
  2⤵
  PID:1092
- C:\Windows\System\OvdkLsI.exe
  C:\Windows\System\OvdkLsI.exe
  2⤵
  PID:7048
- C:\Windows\System\ahajbHe.exe
  C:\Windows\System\ahajbHe.exe
  2⤵
  PID:6356
- C:\Windows\System\othsCFN.exe
  C:\Windows\System\othsCFN.exe
  2⤵
  PID:1184
- C:\Windows\System\GEhWVun.exe
  C:\Windows\System\GEhWVun.exe
  2⤵
  PID:2980
- C:\Windows\System\VNnuOuf.exe
  C:\Windows\System\VNnuOuf.exe
  2⤵
  PID:6536
- C:\Windows\System\VppmHaL.exe
  C:\Windows\System\VppmHaL.exe
  2⤵
  PID:2500
- C:\Windows\System\RmtMHjC.exe
  C:\Windows\System\RmtMHjC.exe
  2⤵
  PID:2384
- C:\Windows\System\cyqqixh.exe
  C:\Windows\System\cyqqixh.exe
  2⤵
  PID:6948
- C:\Windows\System\FmNfSYY.exe
  C:\Windows\System\FmNfSYY.exe
  2⤵
  PID:7180
- C:\Windows\System\NnYVTNs.exe
  C:\Windows\System\NnYVTNs.exe
  2⤵
  PID:7236
- C:\Windows\System\EjIneur.exe
  C:\Windows\System\EjIneur.exe
  2⤵
  PID:7252
- C:\Windows\System\fxfugEp.exe
  C:\Windows\System\fxfugEp.exe
  2⤵
  PID:7268
- C:\Windows\System\kbQHIFz.exe
  C:\Windows\System\kbQHIFz.exe
  2⤵
  PID:7288
- C:\Windows\System\aGlkqOi.exe
  C:\Windows\System\aGlkqOi.exe
  2⤵
  PID:7304
- C:\Windows\System\wOtrMug.exe
  C:\Windows\System\wOtrMug.exe
  2⤵
  PID:7324
- C:\Windows\System\MdkOChe.exe
  C:\Windows\System\MdkOChe.exe
  2⤵
  PID:7340
- C:\Windows\System\waXivSw.exe
  C:\Windows\System\waXivSw.exe
  2⤵
  PID:7356
- C:\Windows\System\RVgDlqN.exe
  C:\Windows\System\RVgDlqN.exe
  2⤵
  PID:7372
- C:\Windows\System\UNjBoBP.exe
  C:\Windows\System\UNjBoBP.exe
  2⤵
  PID:7388
- C:\Windows\System\GbJendF.exe
  C:\Windows\System\GbJendF.exe
  2⤵
  PID:7404
- C:\Windows\System\qPIElzq.exe
  C:\Windows\System\qPIElzq.exe
  2⤵
  PID:7420
- C:\Windows\System\eKCGwbf.exe
  C:\Windows\System\eKCGwbf.exe
  2⤵
  PID:7464
- C:\Windows\System\cBhbvuf.exe
  C:\Windows\System\cBhbvuf.exe
  2⤵
  PID:7480
- C:\Windows\System\kkDfLGh.exe
  C:\Windows\System\kkDfLGh.exe
  2⤵
  PID:7500
- C:\Windows\System\prsEDoY.exe
  C:\Windows\System\prsEDoY.exe
  2⤵
  PID:7516
- C:\Windows\System\IDeLWWh.exe
  C:\Windows\System\IDeLWWh.exe
  2⤵
  PID:7532
- C:\Windows\System\eHeJMhr.exe
  C:\Windows\System\eHeJMhr.exe
  2⤵
  PID:7552
- C:\Windows\System\lakKtmk.exe
  C:\Windows\System\lakKtmk.exe
  2⤵
  PID:7568
- C:\Windows\System\vXAZDpa.exe
  C:\Windows\System\vXAZDpa.exe
  2⤵
  PID:7584
- C:\Windows\System\SSukWaz.exe
  C:\Windows\System\SSukWaz.exe
  2⤵
  PID:7604
- C:\Windows\System\zwuagAP.exe
  C:\Windows\System\zwuagAP.exe
  2⤵
  PID:7620
- C:\Windows\System\GBiYGIH.exe
  C:\Windows\System\GBiYGIH.exe
  2⤵
  PID:7668
- C:\Windows\System\FEBkPYB.exe
  C:\Windows\System\FEBkPYB.exe
  2⤵
  PID:7688
- C:\Windows\System\RTBZgBE.exe
  C:\Windows\System\RTBZgBE.exe
  2⤵
  PID:7704
- C:\Windows\System\qrqJJed.exe
  C:\Windows\System\qrqJJed.exe
  2⤵
  PID:7720
- C:\Windows\System\FJIkEEn.exe
  C:\Windows\System\FJIkEEn.exe
  2⤵
  PID:7736
- C:\Windows\System\jHQVxKr.exe
  C:\Windows\System\jHQVxKr.exe
  2⤵
  PID:7756
- C:\Windows\System\ayzShMj.exe
  C:\Windows\System\ayzShMj.exe
  2⤵
  PID:7776
- C:\Windows\System\HdwCDaU.exe
  C:\Windows\System\HdwCDaU.exe
  2⤵
  PID:7796
- C:\Windows\System\zjcRNdW.exe
  C:\Windows\System\zjcRNdW.exe
  2⤵
  PID:7812
- C:\Windows\System\gkDEdhU.exe
  C:\Windows\System\gkDEdhU.exe
  2⤵
  PID:7828
- C:\Windows\System\aVBrNRE.exe
  C:\Windows\System\aVBrNRE.exe
  2⤵
  PID:7872
- C:\Windows\System\hmujgoA.exe
  C:\Windows\System\hmujgoA.exe
  2⤵
  PID:7892
- C:\Windows\System\yEnTLbE.exe
  C:\Windows\System\yEnTLbE.exe
  2⤵
  PID:7912
- C:\Windows\System\trIrEsS.exe
  C:\Windows\System\trIrEsS.exe
  2⤵
  PID:7928
- C:\Windows\System\lVckLtd.exe
  C:\Windows\System\lVckLtd.exe
  2⤵
  PID:7944
- C:\Windows\System\hZLGILM.exe
  C:\Windows\System\hZLGILM.exe
  2⤵
  PID:7960
- C:\Windows\System\fJsHgbg.exe
  C:\Windows\System\fJsHgbg.exe
  2⤵
  PID:7976
- C:\Windows\System\DkGpfmb.exe
  C:\Windows\System\DkGpfmb.exe
  2⤵
  PID:7992
- C:\Windows\System\lSOULcM.exe
  C:\Windows\System\lSOULcM.exe
  2⤵
  PID:8008
- C:\Windows\System\JAnYLHo.exe
  C:\Windows\System\JAnYLHo.exe
  2⤵
  PID:8028
- C:\Windows\System\AvRUJtq.exe
  C:\Windows\System\AvRUJtq.exe
  2⤵
  PID:8044
- C:\Windows\System\QbYsQxC.exe
  C:\Windows\System\QbYsQxC.exe
  2⤵
  PID:8092
- C:\Windows\System\JuWJFqM.exe
  C:\Windows\System\JuWJFqM.exe
  2⤵
  PID:8108
- C:\Windows\System\phABxGg.exe
  C:\Windows\System\phABxGg.exe
  2⤵
  PID:8124
- C:\Windows\System\CHqXekZ.exe
  C:\Windows\System\CHqXekZ.exe
  2⤵
  PID:8144
- C:\Windows\System\TRMxOEC.exe
  C:\Windows\System\TRMxOEC.exe
  2⤵
  PID:8160
- C:\Windows\System\dyphwSE.exe
  C:\Windows\System\dyphwSE.exe
  2⤵
  PID:8176
- C:\Windows\System\tshEYhs.exe
  C:\Windows\System\tshEYhs.exe
  2⤵
  PID:288
- C:\Windows\System\hQfTJYQ.exe
  C:\Windows\System\hQfTJYQ.exe
  2⤵
  PID:7004
- C:\Windows\System\XVEHeJK.exe
  C:\Windows\System\XVEHeJK.exe
  2⤵
  PID:3400
- C:\Windows\System\MOPGCwi.exe
  C:\Windows\System\MOPGCwi.exe
  2⤵
  PID:7024
- C:\Windows\System\iPsYnJp.exe
  C:\Windows\System\iPsYnJp.exe
  2⤵
  PID:7204
- C:\Windows\System\kRSXeYL.exe
  C:\Windows\System\kRSXeYL.exe
  2⤵
  PID:6104
- C:\Windows\System\HuNgmol.exe
  C:\Windows\System\HuNgmol.exe
  2⤵
  PID:7260
- C:\Windows\System\KyaGYjh.exe
  C:\Windows\System\KyaGYjh.exe
  2⤵
  PID:7296
- C:\Windows\System\XpecVaN.exe
  C:\Windows\System\XpecVaN.exe
  2⤵
  PID:7316
- C:\Windows\System\dbOZUmn.exe
  C:\Windows\System\dbOZUmn.exe
  2⤵
  PID:7364
- C:\Windows\System\VhgVAkn.exe
  C:\Windows\System\VhgVAkn.exe
  2⤵
  PID:7444
- C:\Windows\System\vhSJFKo.exe
  C:\Windows\System\vhSJFKo.exe
  2⤵
  PID:7460
- C:\Windows\System\LLsmQDE.exe
  C:\Windows\System\LLsmQDE.exe
  2⤵
  PID:7384
- C:\Windows\System\UIrtnvL.exe
  C:\Windows\System\UIrtnvL.exe
  2⤵
  PID:7492
- C:\Windows\System\EEBIuqm.exe
  C:\Windows\System\EEBIuqm.exe
  2⤵
  PID:7564
- C:\Windows\System\XSaLfGn.exe
  C:\Windows\System\XSaLfGn.exe
  2⤵
  PID:7636
- C:\Windows\System\rafuwmq.exe
  C:\Windows\System\rafuwmq.exe
  2⤵
  PID:7652
- C:\Windows\System\iMZPTei.exe
  C:\Windows\System\iMZPTei.exe
  2⤵
  PID:7660
- C:\Windows\System\ZhTkwYL.exe
  C:\Windows\System\ZhTkwYL.exe
  2⤵
  PID:7548
- C:\Windows\System\KOBZixR.exe
  C:\Windows\System\KOBZixR.exe
  2⤵
  PID:7684
- C:\Windows\System\cVmsjjO.exe
  C:\Windows\System\cVmsjjO.exe
  2⤵
  PID:7716
- C:\Windows\System\fdjwHJS.exe
  C:\Windows\System\fdjwHJS.exe
  2⤵
  PID:7764
- C:\Windows\System\miMOrSl.exe
  C:\Windows\System\miMOrSl.exe
  2⤵
  PID:7840
- C:\Windows\System\uUgTnbg.exe
  C:\Windows\System\uUgTnbg.exe
  2⤵
  PID:7860
- C:\Windows\System\EWoMIdz.exe
  C:\Windows\System\EWoMIdz.exe
  2⤵
  PID:7824
- C:\Windows\System\RywMezG.exe
  C:\Windows\System\RywMezG.exe
  2⤵
  PID:7884
- C:\Windows\System\thxeDNx.exe
  C:\Windows\System\thxeDNx.exe
  2⤵
  PID:7952
- C:\Windows\System\DZUBwcX.exe
  C:\Windows\System\DZUBwcX.exe
  2⤵
  PID:8020
- C:\Windows\System\NzSvPhr.exe
  C:\Windows\System\NzSvPhr.exe
  2⤵
  PID:8060
- C:\Windows\System\PtLzVqk.exe
  C:\Windows\System\PtLzVqk.exe
  2⤵
  PID:7908
- C:\Windows\System\odqsshS.exe
  C:\Windows\System\odqsshS.exe
  2⤵
  PID:8136
- C:\Windows\System\nSFjYOG.exe
  C:\Windows\System\nSFjYOG.exe
  2⤵
  PID:8068
- C:\Windows\System\PtuApKM.exe
  C:\Windows\System\PtuApKM.exe
  2⤵
  PID:8084
- C:\Windows\System\XcwEcST.exe
  C:\Windows\System\XcwEcST.exe
  2⤵
  PID:8132
- C:\Windows\System\oWhWazc.exe
  C:\Windows\System\oWhWazc.exe
  2⤵
  PID:8036
- C:\Windows\System\NdMrFyJ.exe
  C:\Windows\System\NdMrFyJ.exe
  2⤵
  PID:1076
- C:\Windows\System\GoJXTqf.exe
  C:\Windows\System\GoJXTqf.exe
  2⤵
  PID:7104
- C:\Windows\System\YncKSkl.exe
  C:\Windows\System\YncKSkl.exe
  2⤵
  PID:7232
- C:\Windows\System\XPXVvyl.exe
  C:\Windows\System\XPXVvyl.exe
  2⤵
  PID:7200
- C:\Windows\System\TTXMtJC.exe
  C:\Windows\System\TTXMtJC.exe
  2⤵
  PID:7244
- C:\Windows\System\IgCWYEY.exe
  C:\Windows\System\IgCWYEY.exe
  2⤵
  PID:7428
- C:\Windows\System\enRFWrQ.exe
  C:\Windows\System\enRFWrQ.exe
  2⤵
  PID:7332
- C:\Windows\System\QJNqUzQ.exe
  C:\Windows\System\QJNqUzQ.exe
  2⤵
  PID:7432
- C:\Windows\System\myAUSAq.exe
  C:\Windows\System\myAUSAq.exe
  2⤵
  PID:7476
- C:\Windows\System\cxdbwWU.exe
  C:\Windows\System\cxdbwWU.exe
  2⤵
  PID:7524
- C:\Windows\System\eduYekK.exe
  C:\Windows\System\eduYekK.exe
  2⤵
  PID:7488
- C:\Windows\System\RNzRwPQ.exe
  C:\Windows\System\RNzRwPQ.exe
  2⤵
  PID:7632
- C:\Windows\System\pZbYjYL.exe
  C:\Windows\System\pZbYjYL.exe
  2⤵
  PID:7540
- C:\Windows\System\dMxEqnx.exe
  C:\Windows\System\dMxEqnx.exe
  2⤵
  PID:7644
- C:\Windows\System\NLzdLrb.exe
  C:\Windows\System\NLzdLrb.exe
  2⤵
  PID:7676
- C:\Windows\System\lRhdgME.exe
  C:\Windows\System\lRhdgME.exe
  2⤵
  PID:7752
- C:\Windows\System\VNuyvpr.exe
  C:\Windows\System\VNuyvpr.exe
  2⤵
  PID:7772
- C:\Windows\System\aWfZBDR.exe
  C:\Windows\System\aWfZBDR.exe
  2⤵
  PID:7836
- C:\Windows\System\zXjzOJE.exe
  C:\Windows\System\zXjzOJE.exe
  2⤵
  PID:7984
- C:\Windows\System\lxEtvQz.exe
  C:\Windows\System\lxEtvQz.exe
  2⤵
  PID:7900
- C:\Windows\System\gVrIqFa.exe
  C:\Windows\System\gVrIqFa.exe
  2⤵
  PID:8040
- C:\Windows\System\QizQrFH.exe
  C:\Windows\System\QizQrFH.exe
  2⤵
  PID:7940
- C:\Windows\System\FZGIDLk.exe
  C:\Windows\System\FZGIDLk.exe
  2⤵
  PID:6512
- C:\Windows\System\lPzMkxy.exe
  C:\Windows\System\lPzMkxy.exe
  2⤵
  PID:6576
- C:\Windows\System\LgMnvbA.exe
  C:\Windows\System\LgMnvbA.exe
  2⤵
  PID:5224
- C:\Windows\System\ACvKxFq.exe
  C:\Windows\System\ACvKxFq.exe
  2⤵
  PID:7592
- C:\Windows\System\xkgPnNJ.exe
  C:\Windows\System\xkgPnNJ.exe
  2⤵
  PID:7732
- C:\Windows\System\MGTNlQd.exe
  C:\Windows\System\MGTNlQd.exe
  2⤵
  PID:7600
- C:\Windows\System\FazIXkF.exe
  C:\Windows\System\FazIXkF.exe
  2⤵
  PID:7784
- C:\Windows\System\zZVNoMC.exe
  C:\Windows\System\zZVNoMC.exe
  2⤵
  PID:7416
- C:\Windows\System\jTeqNxj.exe
  C:\Windows\System\jTeqNxj.exe
  2⤵
  PID:8188
- C:\Windows\System\ivSsBwX.exe
  C:\Windows\System\ivSsBwX.exe
  2⤵
  PID:3036
- C:\Windows\System\DdPidKX.exe
  C:\Windows\System\DdPidKX.exe
  2⤵
  PID:8088
- C:\Windows\System\rZrGkdK.exe
  C:\Windows\System\rZrGkdK.exe
  2⤵
  PID:7728
- C:\Windows\System\zJgLMPy.exe
  C:\Windows\System\zJgLMPy.exe
  2⤵
  PID:7212
- C:\Windows\System\wHeWGsA.exe
  C:\Windows\System\wHeWGsA.exe
  2⤵
  PID:7216
- C:\Windows\System\keWJebx.exe
  C:\Windows\System\keWJebx.exe
  2⤵
  PID:7808
- C:\Windows\System\hzEKYda.exe
  C:\Windows\System\hzEKYda.exe
  2⤵
  PID:8052
- C:\Windows\System\YzHmlwO.exe
  C:\Windows\System\YzHmlwO.exe
  2⤵
  PID:7544
- C:\Windows\System\PwpTGHc.exe
  C:\Windows\System\PwpTGHc.exe
  2⤵
  PID:8116
- C:\Windows\System\FDvroaE.exe
  C:\Windows\System\FDvroaE.exe
  2⤵
  PID:7188
- C:\Windows\System\rbuPRAa.exe
  C:\Windows\System\rbuPRAa.exe
  2⤵
  PID:7284
- C:\Windows\System\xhyBTHm.exe
  C:\Windows\System\xhyBTHm.exe
  2⤵
  PID:7844
- C:\Windows\System\nXlAwsr.exe
  C:\Windows\System\nXlAwsr.exe
  2⤵
  PID:7396
- C:\Windows\System\zIPNTgX.exe
  C:\Windows\System\zIPNTgX.exe
  2⤵
  PID:7972
- C:\Windows\System\ZfTCVYA.exe
  C:\Windows\System\ZfTCVYA.exe
  2⤵
  PID:7748
- C:\Windows\System\dzhygrN.exe
  C:\Windows\System\dzhygrN.exe
  2⤵
  PID:8080
- C:\Windows\System\pydeYwc.exe
  C:\Windows\System\pydeYwc.exe
  2⤵
  PID:8016
- C:\Windows\System\GONYDqL.exe
  C:\Windows\System\GONYDqL.exe
  2⤵
  PID:6836
- C:\Windows\System\WTalCCH.exe
  C:\Windows\System\WTalCCH.exe
  2⤵
  PID:7312
- C:\Windows\System\XwOyzqi.exe
  C:\Windows\System\XwOyzqi.exe
  2⤵
  PID:7696
- C:\Windows\System\EEkfcBh.exe
  C:\Windows\System\EEkfcBh.exe
  2⤵
  PID:8204
- C:\Windows\System\MLXTedF.exe
  C:\Windows\System\MLXTedF.exe
  2⤵
  PID:8232
- C:\Windows\System\PUeRVld.exe
  C:\Windows\System\PUeRVld.exe
  2⤵
  PID:8248
- C:\Windows\System\sbpnzkg.exe
  C:\Windows\System\sbpnzkg.exe
  2⤵
  PID:8264
- C:\Windows\System\OVABglK.exe
  C:\Windows\System\OVABglK.exe
  2⤵
  PID:8292
- C:\Windows\System\jZSLKQV.exe
  C:\Windows\System\jZSLKQV.exe
  2⤵
  PID:8308
- C:\Windows\System\PgWsHWX.exe
  C:\Windows\System\PgWsHWX.exe
  2⤵
  PID:8336
- C:\Windows\System\FdyISvr.exe
  C:\Windows\System\FdyISvr.exe
  2⤵
  PID:8352
- C:\Windows\System\ntVbelW.exe
  C:\Windows\System\ntVbelW.exe
  2⤵
  PID:8368
- C:\Windows\System\kEDjxKz.exe
  C:\Windows\System\kEDjxKz.exe
  2⤵
  PID:8388
- C:\Windows\System\vcjJDFX.exe
  C:\Windows\System\vcjJDFX.exe
  2⤵
  PID:8416
- C:\Windows\System\VzexYBp.exe
  C:\Windows\System\VzexYBp.exe
  2⤵
  PID:8436
- C:\Windows\System\GoUTVDj.exe
  C:\Windows\System\GoUTVDj.exe
  2⤵
  PID:8452
- C:\Windows\System\cdWAuNx.exe
  C:\Windows\System\cdWAuNx.exe
  2⤵
  PID:8468
- C:\Windows\System\nYwfmps.exe
  C:\Windows\System\nYwfmps.exe
  2⤵
  PID:8492
- C:\Windows\System\sDhwiNt.exe
  C:\Windows\System\sDhwiNt.exe
  2⤵
  PID:8508
- C:\Windows\System\UgKwPTI.exe
  C:\Windows\System\UgKwPTI.exe
  2⤵
  PID:8532
- C:\Windows\System\Uejfaaw.exe
  C:\Windows\System\Uejfaaw.exe
  2⤵
  PID:8560
- C:\Windows\System\WeextCF.exe
  C:\Windows\System\WeextCF.exe
  2⤵
  PID:8576
- C:\Windows\System\ehSlthF.exe
  C:\Windows\System\ehSlthF.exe
  2⤵
  PID:8592
- C:\Windows\System\yVQCAAx.exe
  C:\Windows\System\yVQCAAx.exe
  2⤵
  PID:8616
- C:\Windows\System\KWZEjLj.exe
  C:\Windows\System\KWZEjLj.exe
  2⤵
  PID:8632
- C:\Windows\System\XZERckB.exe
  C:\Windows\System\XZERckB.exe
  2⤵
  PID:8648
- C:\Windows\System\iCiQqcI.exe
  C:\Windows\System\iCiQqcI.exe
  2⤵
  PID:8664
- C:\Windows\System\RXXwRwK.exe
  C:\Windows\System\RXXwRwK.exe
  2⤵
  PID:8696
- C:\Windows\System\lNfIYBo.exe
  C:\Windows\System\lNfIYBo.exe
  2⤵
  PID:8712
- C:\Windows\System\tLlQJpk.exe
  C:\Windows\System\tLlQJpk.exe
  2⤵
  PID:8740
- C:\Windows\System\IElhpWe.exe
  C:\Windows\System\IElhpWe.exe
  2⤵
  PID:8760
- C:\Windows\System\wecbHhf.exe
  C:\Windows\System\wecbHhf.exe
  2⤵
  PID:8776
- C:\Windows\System\VGZqhQh.exe
  C:\Windows\System\VGZqhQh.exe
  2⤵
  PID:8800
- C:\Windows\System\ttCgOQc.exe
  C:\Windows\System\ttCgOQc.exe
  2⤵
  PID:8820
- C:\Windows\System\QfsPsQU.exe
  C:\Windows\System\QfsPsQU.exe
  2⤵
  PID:8836
- C:\Windows\System\Dbbrhhq.exe
  C:\Windows\System\Dbbrhhq.exe
  2⤵
  PID:8852
- C:\Windows\System\RonULQA.exe
  C:\Windows\System\RonULQA.exe
  2⤵
  PID:8876
- C:\Windows\System\vlvbtiZ.exe
  C:\Windows\System\vlvbtiZ.exe
  2⤵
  PID:8892
- C:\Windows\System\mkObTgc.exe
  C:\Windows\System\mkObTgc.exe
  2⤵
  PID:8920
- C:\Windows\System\axStzTv.exe
  C:\Windows\System\axStzTv.exe
  2⤵
  PID:8936
- C:\Windows\System\tCnQrbv.exe
  C:\Windows\System\tCnQrbv.exe
  2⤵
  PID:8960
- C:\Windows\System\JroeRiA.exe
  C:\Windows\System\JroeRiA.exe
  2⤵
  PID:8976
- C:\Windows\System\xnUYICD.exe
  C:\Windows\System\xnUYICD.exe
  2⤵
  PID:8992
- C:\Windows\System\QsmGjgH.exe
  C:\Windows\System\QsmGjgH.exe
  2⤵
  PID:9012
- C:\Windows\System\GuYGGHH.exe
  C:\Windows\System\GuYGGHH.exe
  2⤵
  PID:9028
- C:\Windows\System\JCuhubP.exe
  C:\Windows\System\JCuhubP.exe
  2⤵
  PID:9048
- C:\Windows\System\dCSYWec.exe
  C:\Windows\System\dCSYWec.exe
  2⤵
  PID:9076
- C:\Windows\System\nBfRbYR.exe
  C:\Windows\System\nBfRbYR.exe
  2⤵
  PID:9096
- C:\Windows\System\qiwYOXr.exe
  C:\Windows\System\qiwYOXr.exe
  2⤵
  PID:9116
- C:\Windows\System\daIhJyf.exe
  C:\Windows\System\daIhJyf.exe
  2⤵
  PID:9136
- C:\Windows\System\gnYouqq.exe
  C:\Windows\System\gnYouqq.exe
  2⤵
  PID:9160
- C:\Windows\System\hsPuLaO.exe
  C:\Windows\System\hsPuLaO.exe
  2⤵
  PID:9180
- C:\Windows\System\jNbwStC.exe
  C:\Windows\System\jNbwStC.exe
  2⤵
  PID:9196
- C:\Windows\System\jRfCqon.exe
  C:\Windows\System\jRfCqon.exe
  2⤵
  PID:9212
- C:\Windows\System\iFBEvmg.exe
  C:\Windows\System\iFBEvmg.exe
  2⤵
  PID:7280
- C:\Windows\System\WivKvXe.exe
  C:\Windows\System\WivKvXe.exe
  2⤵
  PID:8244
- C:\Windows\System\HeseoQj.exe
  C:\Windows\System\HeseoQj.exe
  2⤵
  PID:8284
- C:\Windows\System\dSLNGSU.exe
  C:\Windows\System\dSLNGSU.exe
  2⤵
  PID:8332
- C:\Windows\System\oaTAjAu.exe
  C:\Windows\System\oaTAjAu.exe
  2⤵
  PID:8364
- C:\Windows\System\lTVyYdW.exe
  C:\Windows\System\lTVyYdW.exe
  2⤵
  PID:8400
- C:\Windows\System\MtCMGfU.exe
  C:\Windows\System\MtCMGfU.exe
  2⤵
  PID:8424
- C:\Windows\System\HMDNTql.exe
  C:\Windows\System\HMDNTql.exe
  2⤵
  PID:8464
- C:\Windows\System\vUAPfPD.exe
  C:\Windows\System\vUAPfPD.exe
  2⤵
  PID:8488
- C:\Windows\System\iHqMPGS.exe
  C:\Windows\System\iHqMPGS.exe
  2⤵
  PID:8540
- C:\Windows\System\BAuZNnQ.exe
  C:\Windows\System\BAuZNnQ.exe
  2⤵
  PID:8328
- C:\Windows\System\CoIWxdK.exe
  C:\Windows\System\CoIWxdK.exe
  2⤵
  PID:8584
- C:\Windows\System\hBuRyYn.exe
  C:\Windows\System\hBuRyYn.exe
  2⤵
  PID:8612
- C:\Windows\System\qjaGrrH.exe
  C:\Windows\System\qjaGrrH.exe
  2⤵
  PID:8644
- C:\Windows\System\PUMPHxW.exe
  C:\Windows\System\PUMPHxW.exe
  2⤵
  PID:8688
- C:\Windows\System\JkNhoYX.exe
  C:\Windows\System\JkNhoYX.exe
  2⤵
  PID:8720
- C:\Windows\System\CJWUetu.exe
  C:\Windows\System\CJWUetu.exe
  2⤵
  PID:8748
- C:\Windows\System\pNRchty.exe
  C:\Windows\System\pNRchty.exe
  2⤵
  PID:8808
- C:\Windows\System\bWJrNbx.exe
  C:\Windows\System\bWJrNbx.exe
  2⤵
  PID:8832
- C:\Windows\System\TjEZmrc.exe
  C:\Windows\System\TjEZmrc.exe
  2⤵
  PID:8848
- C:\Windows\System\cgLoPiS.exe
  C:\Windows\System\cgLoPiS.exe
  2⤵
  PID:8888
- C:\Windows\System\JmpTKJu.exe
  C:\Windows\System\JmpTKJu.exe
  2⤵
  PID:8904
- C:\Windows\System\HVDoaYo.exe
  C:\Windows\System\HVDoaYo.exe
  2⤵
  PID:8932
- C:\Windows\System\rEAMAnx.exe
  C:\Windows\System\rEAMAnx.exe
  2⤵
  PID:8984
- C:\Windows\System\zvbgbTB.exe
  C:\Windows\System\zvbgbTB.exe
  2⤵
  PID:9008
- C:\Windows\System\RxbAHrn.exe
  C:\Windows\System\RxbAHrn.exe
  2⤵
  PID:9104
- C:\Windows\System\XyRGIsZ.exe
  C:\Windows\System\XyRGIsZ.exe
  2⤵
  PID:8972
- C:\Windows\System\yXcYIxq.exe
  C:\Windows\System\yXcYIxq.exe
  2⤵
  PID:9148
- C:\Windows\System\SLsStzR.exe
  C:\Windows\System\SLsStzR.exe
  2⤵
  PID:8212
- C:\Windows\System\gKpJiXl.exe
  C:\Windows\System\gKpJiXl.exe
  2⤵
  PID:9092
- C:\Windows\System\OpGavNH.exe
  C:\Windows\System\OpGavNH.exe
  2⤵
  PID:9128
- C:\Windows\System\zdbCvCB.exe
  C:\Windows\System\zdbCvCB.exe
  2⤵
  PID:8240
- C:\Windows\System\qaEzKys.exe
  C:\Windows\System\qaEzKys.exe
  2⤵
  PID:8320
- C:\Windows\System\apmXPrH.exe
  C:\Windows\System\apmXPrH.exe
  2⤵
  PID:8380
- C:\Windows\System\afoDXdg.exe
  C:\Windows\System\afoDXdg.exe
  2⤵
  PID:8428
- C:\Windows\System\DbiPJfS.exe
  C:\Windows\System\DbiPJfS.exe
  2⤵
  PID:8444
- C:\Windows\System\XtpTeOx.exe
  C:\Windows\System\XtpTeOx.exe
  2⤵
  PID:8516
- C:\Windows\System\KFkNghj.exe
  C:\Windows\System\KFkNghj.exe
  2⤵
  PID:8572
- C:\Windows\System\jvJNhXx.exe
  C:\Windows\System\jvJNhXx.exe
  2⤵
  PID:8628
- C:\Windows\System\pHStmqC.exe
  C:\Windows\System\pHStmqC.exe
  2⤵
  PID:8724
- C:\Windows\System\ulrvJDT.exe
  C:\Windows\System\ulrvJDT.exe
  2⤵
  PID:8784
- C:\Windows\System\faWdjbH.exe
  C:\Windows\System\faWdjbH.exe
  2⤵
  PID:8552
- C:\Windows\System\AwAtcOE.exe
  C:\Windows\System\AwAtcOE.exe
  2⤵
  PID:8868
- C:\Windows\System\ZwUjmGa.exe
  C:\Windows\System\ZwUjmGa.exe
  2⤵
  PID:8944
- C:\Windows\System\Lbkjlku.exe
  C:\Windows\System\Lbkjlku.exe
  2⤵
  PID:8900
- C:\Windows\System\BeXgJJg.exe
  C:\Windows\System\BeXgJJg.exe
  2⤵
  PID:9188
- C:\Windows\System\HViQJkM.exe
  C:\Windows\System\HViQJkM.exe
  2⤵
  PID:9168
- C:\Windows\System\BRgIVGO.exe
  C:\Windows\System\BRgIVGO.exe
  2⤵
  PID:9064
- C:\Windows\System\GtEToYu.exe
  C:\Windows\System\GtEToYu.exe
  2⤵
  PID:9132
- C:\Windows\System\WjKyqSU.exe
  C:\Windows\System\WjKyqSU.exe
  2⤵
  PID:8260
- C:\Windows\System\bOarxmh.exe
  C:\Windows\System\bOarxmh.exe
  2⤵
  PID:8396
- C:\Windows\System\MGPvIBz.exe
  C:\Windows\System\MGPvIBz.exe
  2⤵
  PID:8548
- C:\Windows\System\DmSBJxV.exe
  C:\Windows\System\DmSBJxV.exe
  2⤵
  PID:8480
- C:\Windows\System\dbSOBvj.exe
  C:\Windows\System\dbSOBvj.exe
  2⤵
  PID:8568
- C:\Windows\System\qszRxjB.exe
  C:\Windows\System\qszRxjB.exe
  2⤵
  PID:8752
- C:\Windows\System\HpMYVdD.exe
  C:\Windows\System\HpMYVdD.exe
  2⤵
  PID:9000
- C:\Windows\System\WjOQVlc.exe
  C:\Windows\System\WjOQVlc.exe
  2⤵
  PID:8216
- C:\Windows\System\JSzOhhC.exe
  C:\Windows\System\JSzOhhC.exe
  2⤵
  PID:8952
- C:\Windows\System\cLyMtPW.exe
  C:\Windows\System\cLyMtPW.exe
  2⤵
  PID:9060
- C:\Windows\System\MnAgRNB.exe
  C:\Windows\System\MnAgRNB.exe
  2⤵
  PID:8604
- C:\Windows\System\GYzgLDC.exe
  C:\Windows\System\GYzgLDC.exe
  2⤵
  PID:8360
- C:\Windows\System\xzBkzAe.exe
  C:\Windows\System\xzBkzAe.exe
  2⤵
  PID:8600
- C:\Windows\System\YLsALYr.exe
  C:\Windows\System\YLsALYr.exe
  2⤵
  PID:8736
- C:\Windows\System\scOANLK.exe
  C:\Windows\System\scOANLK.exe
  2⤵
  PID:9040
- C:\Windows\System\AoIdTjY.exe
  C:\Windows\System\AoIdTjY.exe
  2⤵
  PID:8676
- C:\Windows\System\rzhxsYs.exe
  C:\Windows\System\rzhxsYs.exe
  2⤵
  PID:8864
- C:\Windows\System\lWTPvOF.exe
  C:\Windows\System\lWTPvOF.exe
  2⤵
  PID:9072
- C:\Windows\System\AgmLSCA.exe
  C:\Windows\System\AgmLSCA.exe
  2⤵
  PID:8956
- C:\Windows\System\IhYoeOC.exe
  C:\Windows\System\IhYoeOC.exe
  2⤵
  PID:8684
- C:\Windows\System\PNGGlxc.exe
  C:\Windows\System\PNGGlxc.exe
  2⤵
  PID:9036
- C:\Windows\System\LFkywAV.exe
  C:\Windows\System\LFkywAV.exe
  2⤵
  PID:8656
- C:\Windows\System\AbwRCDY.exe
  C:\Windows\System\AbwRCDY.exe
  2⤵
  PID:8884
- C:\Windows\System\RmtabeD.exe
  C:\Windows\System\RmtabeD.exe
  2⤵
  PID:9224
- C:\Windows\System\hSFaeAU.exe
  C:\Windows\System\hSFaeAU.exe
  2⤵
  PID:9240
- C:\Windows\System\xHsEJff.exe
  C:\Windows\System\xHsEJff.exe
  2⤵
  PID:9260
- C:\Windows\System\vgBzXqJ.exe
  C:\Windows\System\vgBzXqJ.exe
  2⤵
  PID:9280
- C:\Windows\System\lKmDtPk.exe
  C:\Windows\System\lKmDtPk.exe
  2⤵
  PID:9312
- C:\Windows\System\baMUUFY.exe
  C:\Windows\System\baMUUFY.exe
  2⤵
  PID:9328
- C:\Windows\System\IpkjZJL.exe
  C:\Windows\System\IpkjZJL.exe
  2⤵
  PID:9344
- C:\Windows\System\DlgrQem.exe
  C:\Windows\System\DlgrQem.exe
  2⤵
  PID:9368
- C:\Windows\System\IkInaMu.exe
  C:\Windows\System\IkInaMu.exe
  2⤵
  PID:9384
- C:\Windows\System\NkJHqqQ.exe
  C:\Windows\System\NkJHqqQ.exe
  2⤵
  PID:9400
- C:\Windows\System\mxVNlCk.exe
  C:\Windows\System\mxVNlCk.exe
  2⤵
  PID:9420
- C:\Windows\System\FiVuhem.exe
  C:\Windows\System\FiVuhem.exe
  2⤵
  PID:9440
- C:\Windows\System\ZyPBfZH.exe
  C:\Windows\System\ZyPBfZH.exe
  2⤵
  PID:9464
- C:\Windows\System\THFSosr.exe
  C:\Windows\System\THFSosr.exe
  2⤵
  PID:9480
- C:\Windows\System\bgdYjqz.exe
  C:\Windows\System\bgdYjqz.exe
  2⤵
  PID:9496
- C:\Windows\System\uJWFOpq.exe
  C:\Windows\System\uJWFOpq.exe
  2⤵
  PID:9520
- C:\Windows\System\sdadCwM.exe
  C:\Windows\System\sdadCwM.exe
  2⤵
  PID:9556
- C:\Windows\System\yuvlVdr.exe
  C:\Windows\System\yuvlVdr.exe
  2⤵
  PID:9580
- C:\Windows\System\FcFDLRq.exe
  C:\Windows\System\FcFDLRq.exe
  2⤵
  PID:9604
- C:\Windows\System\vlUibCM.exe
  C:\Windows\System\vlUibCM.exe
  2⤵
  PID:9620
- C:\Windows\System\piqBwmS.exe
  C:\Windows\System\piqBwmS.exe
  2⤵
  PID:9640
- C:\Windows\System\ctNQqOp.exe
  C:\Windows\System\ctNQqOp.exe
  2⤵
  PID:9660
- C:\Windows\System\VywlvAf.exe
  C:\Windows\System\VywlvAf.exe
  2⤵
  PID:9676
- C:\Windows\System\EZAFXir.exe
  C:\Windows\System\EZAFXir.exe
  2⤵
  PID:9692
- C:\Windows\System\qbPvtnW.exe
  C:\Windows\System\qbPvtnW.exe
  2⤵
  PID:9712
- C:\Windows\System\gIPIFma.exe
  C:\Windows\System\gIPIFma.exe
  2⤵
  PID:9736
- C:\Windows\System\Fuabgui.exe
  C:\Windows\System\Fuabgui.exe
  2⤵
  PID:9752
- C:\Windows\System\plHxwjP.exe
  C:\Windows\System\plHxwjP.exe
  2⤵
  PID:9768
- C:\Windows\System\akfPVVQ.exe
  C:\Windows\System\akfPVVQ.exe
  2⤵
  PID:9792
- C:\Windows\System\hRBocAO.exe
  C:\Windows\System\hRBocAO.exe
  2⤵
  PID:9808
- C:\Windows\System\zJnZRqm.exe
  C:\Windows\System\zJnZRqm.exe
  2⤵
  PID:9824
- C:\Windows\System\VFXRELG.exe
  C:\Windows\System\VFXRELG.exe
  2⤵
  PID:9844
- C:\Windows\System\QAmwWkX.exe
  C:\Windows\System\QAmwWkX.exe
  2⤵
  PID:9884
- C:\Windows\System\lFesKqI.exe
  C:\Windows\System\lFesKqI.exe
  2⤵
  PID:9904
- C:\Windows\System\vAwhtsr.exe
  C:\Windows\System\vAwhtsr.exe
  2⤵
  PID:9920
- C:\Windows\System\LioiSty.exe
  C:\Windows\System\LioiSty.exe
  2⤵
  PID:9944
- C:\Windows\System\EVTsmSL.exe
  C:\Windows\System\EVTsmSL.exe
  2⤵
  PID:9960
- C:\Windows\System\aPjDzMw.exe
  C:\Windows\System\aPjDzMw.exe
  2⤵
  PID:9980
- C:\Windows\System\ThzBWBA.exe
  C:\Windows\System\ThzBWBA.exe
  2⤵
  PID:10004
- C:\Windows\System\vPySqOJ.exe
  C:\Windows\System\vPySqOJ.exe
  2⤵
  PID:10020
- C:\Windows\System\ReSBjnU.exe
  C:\Windows\System\ReSBjnU.exe
  2⤵
  PID:10044
- C:\Windows\System\yLiPFOe.exe
  C:\Windows\System\yLiPFOe.exe
  2⤵
  PID:10060
- C:\Windows\System\kvKYdom.exe
  C:\Windows\System\kvKYdom.exe
  2⤵
  PID:10088
- C:\Windows\System\IUpQOgL.exe
  C:\Windows\System\IUpQOgL.exe
  2⤵
  PID:10112
- C:\Windows\System\iMbtxhw.exe
  C:\Windows\System\iMbtxhw.exe
  2⤵
  PID:10128
- C:\Windows\System\IzrPWGu.exe
  C:\Windows\System\IzrPWGu.exe
  2⤵
  PID:10152
- C:\Windows\System\nuFLEVH.exe
  C:\Windows\System\nuFLEVH.exe
  2⤵
  PID:10172
- C:\Windows\System\MMjISuB.exe
  C:\Windows\System\MMjISuB.exe
  2⤵
  PID:10188
- C:\Windows\System\LlLKeoC.exe
  C:\Windows\System\LlLKeoC.exe
  2⤵
  PID:10204
- C:\Windows\System\lNRvTfl.exe
  C:\Windows\System\lNRvTfl.exe
  2⤵
  PID:10224
- C:\Windows\System\GygqmCf.exe
  C:\Windows\System\GygqmCf.exe
  2⤵
  PID:9220
- C:\Windows\System\airANks.exe
  C:\Windows\System\airANks.exe
  2⤵
  PID:9256
- C:\Windows\System\qcYpMVL.exe
  C:\Windows\System\qcYpMVL.exe
  2⤵
  PID:9300
- C:\Windows\System\FezYAxF.exe
  C:\Windows\System\FezYAxF.exe
  2⤵
  PID:9152
- C:\Windows\System\awXHPYx.exe
  C:\Windows\System\awXHPYx.exe
  2⤵
  PID:9308
- C:\Windows\System\JBWESUk.exe
  C:\Windows\System\JBWESUk.exe
  2⤵
  PID:9324
- C:\Windows\System\BTTsheb.exe
  C:\Windows\System\BTTsheb.exe
  2⤵
  PID:9412
- C:\Windows\System\pQdkQOn.exe
  C:\Windows\System\pQdkQOn.exe
  2⤵
  PID:9364
- C:\Windows\System\ezCnjPR.exe
  C:\Windows\System\ezCnjPR.exe
  2⤵
  PID:9432
- C:\Windows\System\EhcdZKU.exe
  C:\Windows\System\EhcdZKU.exe
  2⤵
  PID:9492
- C:\Windows\System\SMDcFFD.exe
  C:\Windows\System\SMDcFFD.exe
  2⤵
  PID:9512
- C:\Windows\System\JPktgzp.exe
  C:\Windows\System\JPktgzp.exe
  2⤵
  PID:9532
- C:\Windows\System\DoVlbJX.exe
  C:\Windows\System\DoVlbJX.exe
  2⤵
  PID:9568
- C:\Windows\System\mTeEjim.exe
  C:\Windows\System\mTeEjim.exe
  2⤵
  PID:9592
- C:\Windows\System\HZCwBxu.exe
  C:\Windows\System\HZCwBxu.exe
  2⤵
  PID:9616
- C:\Windows\System\tpiNxEz.exe
  C:\Windows\System\tpiNxEz.exe
  2⤵
  PID:9672
- C:\Windows\System\TLayrSA.exe
  C:\Windows\System\TLayrSA.exe
  2⤵
  PID:9744
- C:\Windows\System\BQYAJst.exe
  C:\Windows\System\BQYAJst.exe
  2⤵
  PID:9652
- C:\Windows\System\bfEmwPG.exe
  C:\Windows\System\bfEmwPG.exe
  2⤵
  PID:9760
- C:\Windows\System\AjWceps.exe
  C:\Windows\System\AjWceps.exe
  2⤵
  PID:9724
- C:\Windows\System\jhfYaOt.exe
  C:\Windows\System\jhfYaOt.exe
  2⤵
  PID:9804
- C:\Windows\System\xHsqzzl.exe
  C:\Windows\System\xHsqzzl.exe
  2⤵
  PID:9868
- C:\Windows\System\GkalMnc.exe
  C:\Windows\System\GkalMnc.exe
  2⤵
  PID:9840
- C:\Windows\System\LLQqOpO.exe
  C:\Windows\System\LLQqOpO.exe
  2⤵
  PID:9892
- C:\Windows\System\RgJRobC.exe
  C:\Windows\System\RgJRobC.exe
  2⤵
  PID:9916
- C:\Windows\System\sMIHsmQ.exe
  C:\Windows\System\sMIHsmQ.exe
  2⤵
  PID:9928
- C:\Windows\System\TLySTlI.exe
  C:\Windows\System\TLySTlI.exe
  2⤵
  PID:9996
- C:\Windows\System\cayfHdo.exe
  C:\Windows\System\cayfHdo.exe
  2⤵
  PID:10040
- C:\Windows\System\hQyRrSW.exe
  C:\Windows\System\hQyRrSW.exe
  2⤵
  PID:10016
- C:\Windows\System\JLdEhqu.exe
  C:\Windows\System\JLdEhqu.exe
  2⤵
  PID:10084
- C:\Windows\System\MvFEgMS.exe
  C:\Windows\System\MvFEgMS.exe
  2⤵
  PID:10108
- C:\Windows\System\BdvvTwU.exe
  C:\Windows\System\BdvvTwU.exe
  2⤵
  PID:10160
- C:\Windows\System\rguXEeD.exe
  C:\Windows\System\rguXEeD.exe
  2⤵
  PID:10196
- C:\Windows\System\hSuTUsf.exe
  C:\Windows\System\hSuTUsf.exe
  2⤵
  PID:10236
- C:\Windows\System\qwXDbfT.exe
  C:\Windows\System\qwXDbfT.exe
  2⤵
  PID:9296
- C:\Windows\System\EqudkIb.exe
  C:\Windows\System\EqudkIb.exe
  2⤵
  PID:9176
- C:\Windows\System\TnwlzJr.exe
  C:\Windows\System\TnwlzJr.exe
  2⤵
  PID:9340
- C:\Windows\System\ZGWCdFY.exe
  C:\Windows\System\ZGWCdFY.exe
  2⤵
  PID:9408
- C:\Windows\System\OFTdKmO.exe
  C:\Windows\System\OFTdKmO.exe
  2⤵
  PID:9456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BRXNepN.exe

Filesize
6.0MB

MD5
e01d3924706a22006a22d5cfe2323a20

SHA1
6b56408a61ebe2764d6053652b6c97dba40f668f

SHA256
acb6fca940b541b23b4ab37534f9f1f2ec51b1834b2a35b15151cf1780c04b40

SHA512
762c810e7ab2a0ecf51f5ed21144c1198024324142f3bcc040423405efcbfc286d9e8f3fdd7f5ed62fbf23d76e85dfb8bedea8ec65ccea812a40e82d82b94acb

Download Submit
C:\Windows\system\BlDdpWP.exe

Filesize
6.0MB

MD5
4759020887ae3fd91716a6f8918c07ea

SHA1
a3d9131b07d683e08e939ea97d13ba642c1ea136

SHA256
2155ebf65e22d259ea478cb74fadeb7b5d68edbd3438211485f44fcf37394d07

SHA512
c3903cb72d90a568a9d7829c87d45848d091cc84499ae0e7a24c669c931c026f97c606263271426dcd476ed95c7d77ee837ca3c005b26f64358736bc556e3bbf

Download Submit
C:\Windows\system\CLEAccd.exe

Filesize
6.0MB

MD5
decabe0f9478d66f08813bf7580748e4

SHA1
dd3d55aff966e0b1a362e659340f560997b6760d

SHA256
d7a49b9816fc4a02e00e958a139d859a256b4a4b71a7b5920c96d59cd5f3cca0

SHA512
a6b44bd76333f62a45a1640c4c77a4d43a1af3105e8046155184e09f53ee30163e09a22f4cf0f420e73433af50fe7eb4189a9d5f39ff60b4834d2b64fa72d318

Download Submit
C:\Windows\system\HTzUbyX.exe

Filesize
6.0MB

MD5
e495b77ab218fc0f329a4ee77847026a

SHA1
f1ec5a986e4ddf39fa2f2067665e9f2de66088b7

SHA256
c0858e2ec6763aabc53f62988bdc65d22c222737f92163bb676e943b43ee021f

SHA512
376a6ae0db16b8b3149e78ace7d6ce622e953f2e812e380c25d9ea0272fe8a9cae089da6da0b302c86006cdfc3c8a30f8a2aff261cfe25f4aff2553d4a430ef5

Download Submit
C:\Windows\system\IrbIuPF.exe

Filesize
6.0MB

MD5
af0a9212776d06ca906c4fc802893a4d

SHA1
20771be143df00c0103bc383abc63bbb19a8fd5d

SHA256
7bd01a058715d4952284f75b074fd2ea9b7ffdc0c4cf3912db3915de0947dacd

SHA512
48f4d3cfdb992391b0b182f417bd658b5db649fe16f5966156210b9342b6260c5a8cd0aeede4e0875c34d400579a44731cf186310abcb41a343edab17a0901c8

Download Submit
C:\Windows\system\MnYSAUS.exe

Filesize
6.0MB

MD5
904af729501bbe3f478f9dd439e9070c

SHA1
9ca9dad73dc548aabd79faadb6da80c920f314ce

SHA256
e94fc9346c82bcc5cde4c515d3a297f44442b8b069b938db9e06bf6ec21f54cf

SHA512
675a5fa1fd808b0a507b6737d27c5c1e7835942951cdc65e149143e5f9de9b5af82228193585caa4168bedbbf3457aa42229040eba26db5ca146740eea1cc254

Download Submit
C:\Windows\system\NVBBOUC.exe

Filesize
6.0MB

MD5
b012aa25ae7ec1317428a173f733bfca

SHA1
35ed0279443b664d08337b3a5a6d6b63206fa992

SHA256
88bd76004988f6ca427e60952d955600711178f3893da52f263feb11e637b0f5

SHA512
3fc98a1ccde647caabfc730604b9e87041611431b0fda6d696a17c2f98af3bd12b13a4dfc263010d0589e1f1a1f641bc431222477b4613145696d06b102e260d

Download Submit
C:\Windows\system\NVBJMsa.exe

Filesize
8B

MD5
1856d9774bc16d290b970e195549ca49

SHA1
9d89a0b0ab0480f2c7b94bdb5385c4fcc2a59579

SHA256
c5ad5464b7add46134594f7a56282696b20bfd5758404b215282d05050416771

SHA512
be0b7e377bc09efc3c5ea9a0cc9d2aa50a22dbacbad8a58ee23f58319cc94e98ad0b2dd5ed944904a7d3a7bef835e5374b4419e2786e184f561ab5044b0b15d8

Download Submit
C:\Windows\system\PGBUXZo.exe

Filesize
6.0MB

MD5
342649f3dd489e9d0ca9423a43e430a7

SHA1
2f3cabda1c0ab9a1c98a032d7039293bc34a56ca

SHA256
53a0020cc292c8bb6c37835cb2a31554b7b77104d9aa9fb41756ea401ee890dd

SHA512
7ecaca51dacd2ad372ce3f6469e566894036c1bae06952d0c2c8ebdea285e29416866ba8ad4457b0d3fdc6e3d8dcadb893add4a5d177bdd38c4af1d582e25d8e

Download Submit
C:\Windows\system\PpBVrdd.exe

Filesize
6.0MB

MD5
0fd977fa18d7b2544899e00a07dded59

SHA1
8caab3a71124132f7bd7c282e7952951cdbebc6c

SHA256
6685f27867f81395861cff513a931ae30a63463a901e730e9754353c7b550e4e

SHA512
2787de225faa311470d2b21696b18609ce81df2fa73128cba0a7bd03bc03dac91798cb79b54dba6c1bd2466bddbbee51fc81f6b7bb212b327a3da357ce90b9de

Download Submit
C:\Windows\system\ScoEOxM.exe

Filesize
6.0MB

MD5
63da6055a967be043cd40824198433bd

SHA1
68afdccc04da1d50c4681756158ee44918fc6022

SHA256
8bc985e289e87ba742be28244ee4943596a5f71dc4c66ab690c8f2cf7156409d

SHA512
4131b864cff07dea3b40483fbf8663f90e7741eb2f21d5fdfee54bcf2292c547c24d751ec5afb414ecdec2ef2810616b1de9d97d8cdf2003a27146b75c5608d9

Download Submit
C:\Windows\system\VPlcyln.exe

Filesize
6.0MB

MD5
f978ffba2ceeac3982606b1bbba81e78

SHA1
b311d33c898cbd3cb2ab7d8ccdd8524641ec49be

SHA256
5e464aa438ced0ad7688e2e5efbac827b28e807eba895170573459e8d7f43cea

SHA512
c5f3d71fd201374574877e5ca2f5a6757995b2fccb54c42889c8d7946b3607bd0112aa60cf0689e0b535dbb3f5f3d37a5a7bccb52e865e5a901089b85ed70ed7

Download Submit
C:\Windows\system\aRdaUFX.exe

Filesize
6.0MB

MD5
c519b28add3194ae0bf10f6db0f0293b

SHA1
a4afa799ea5dcfc1b59c8812b75c2baadb456558

SHA256
0b0bcf4ff58a4e3a60a6c32a4ff5060612da154e9ddec6eee8a06c025f7181a4

SHA512
6480a09197e96a751015c1a957f8c9648c0af4ae1bdd844c5278bf060e8f753135961378537411a7cc749e18dd5555806dce6a93291f5be4a43a2b8ad8b18a96

Download Submit
C:\Windows\system\bOIjjcV.exe

Filesize
6.0MB

MD5
694fcb6095b494bebe8821eaeecb19c3

SHA1
93ee9d45384bc8e47c005755993a027aeaf2b495

SHA256
9f3d3734deafd6321814a1c36b01fa91114776bf4fb000b6c672f2e8e67c5f72

SHA512
07b528c009688577f05d5ccc43f62a58d593967949855d1f82457ca32a0433c639e6dfaf56def20dfc5d6c57a862f41ca652f547a54b98e7739f8f60330f345a

Download Submit
C:\Windows\system\bpEQBRH.exe

Filesize
6.0MB

MD5
d15257de8ed45bd750df52c9eff204e7

SHA1
974c4ec3d18c88fbeb857d7a68804406b4ce8dcd

SHA256
e4464311a7b4e511d00c61b14b761a9fd1138d1adfd16cb4f707ee534271c57e

SHA512
5c68e52872384cde0ebb7751aae4e1310549699caafb3289e4575255952877abd43233829335417db3d009f095d1a8e890644aad5bb7cca425c44ee177e258ef

Download Submit
C:\Windows\system\bqewzWr.exe

Filesize
6.0MB

MD5
e9841c75ed629e14c15427eb2eef4b2c

SHA1
361d352279613a7939fea696bb135e6f9681b444

SHA256
031d931777ab60985bc4692fa19a95fa9aed567ccd41b36206d18e6b96afb176

SHA512
1c40bfadb74bb6f2d1a22865bd5acb83b278271e7791e18e182ffe78c7e954f5a9163eb023522f28564e09f35c363f71b39b4187893ee8fd2bb02e8ee6675194

Download Submit
C:\Windows\system\fbsjsPW.exe

Filesize
6.0MB

MD5
f7c68dc6ecc8a3a83b601fa338bf91f8

SHA1
dc2b7f107b9194c247c38226182e99c6d29c8b8b

SHA256
de708b3b5d00f2f4da3eb4ba80fbf5966defdb777d31bc1d52615e0754da6c9b

SHA512
934d27f368a374417554a6937157c8776c514e7396cd5d3980acc1ce20123c5122c80be0feb7b382188d28d7dda287d0eaddb34c8d1b3aa28bcfa803ee505060

Download Submit
C:\Windows\system\lsHzhNY.exe

Filesize
6.0MB

MD5
76f0bb38629af2db077f6e032f16cc60

SHA1
fe01076882b5c83c644a929a66d5c8fba0f0dc87

SHA256
55c7340a94f370ec25d8d2ec66da90fe05e5e841848d85f7dbc950653c234ea4

SHA512
52f3ff612686beb94d1d6ffc87042c3834a529d7bae6041150573c0b782837d324a1ef81cb99788d7d11f557d4a0c1f49380b8fcbed4478f2c24e385a90033c8

Download Submit
C:\Windows\system\odSAmrV.exe

Filesize
6.0MB

MD5
6056c4846b07c062fcbf5dc0543641df

SHA1
54c5d324e61fa1e6da47d39c5aeeca6fee079676

SHA256
d24cb2465b7f72ed7be52366e76cbe8d475b42e7b4539cfbc271aae1245f3114

SHA512
824e27060378b2bcd39e5d8407fe449ef0ab24c828d9dd0f4fd918726da0d10a2c74e2395bde5a4fb72d6cc1eb47fc4f1c294734da26bbd3046f76c8bde269ae

Download Submit
C:\Windows\system\paqOkdO.exe

Filesize
6.0MB

MD5
915a7f1898c8e91a32753ea62f5d35fb

SHA1
b9fbe0c89ca27b377346e60e12b5b14a7197b66e

SHA256
ecebe405f9749a3358459477e5b3abb3fe9c0490b3943e4d89152d696d6d645f

SHA512
13dcacba52116e91e6babe4d38e888f3101d1e880a13ac0c1267ff5d8d8d6d25f4a947f865f9c515912b6fe362739c323fa1e37059b1f6093373c77986988a4d

Download Submit
C:\Windows\system\qmtbOnz.exe

Filesize
6.0MB

MD5
d171786205a96103c89aed03e4e59abe

SHA1
997c0b2e4657e9e2cc47b6c8b67da58fded5cacb

SHA256
55d7e91a90fac978cabc917da8624a75dd82a69c6baf7e207e61557e2e42e077

SHA512
4d2b5ba78e170e127095366039d06dd0e5bbd460d06352ec141bfa610aab541959867f4a32a3ade08e15376d384ea5f17a3b9292957658789c9f9308fc70e689

Download Submit
C:\Windows\system\rOrodRe.exe

Filesize
6.0MB

MD5
63358f2b49cdb2efb66a79886d1cd41a

SHA1
94104b85f1fde0d78b4541bb26e2e2359018af0d

SHA256
4c00f780185343185ff69aed4039d12abf7589b1ab89c6077621a4e62771f37e

SHA512
a8755cc4155a25fcfbbcbdd7a00864377a4edc053b886167d5d6403cf0adddf1db7259c92545eaedea02058edcdb50cf38097b4689dff6fe6cf4a90ffc9f991b

Download Submit
C:\Windows\system\tIVVCzQ.exe

Filesize
6.0MB

MD5
697fb983bf7e1d79e8a83d90129b47fe

SHA1
dd04862864d6e340b7439ff7add1bf76d08ec8a3

SHA256
89ddb2ef549b8eebc08e796b49e9ea26fb2ec43be7dcd513c44447f454f1ae95

SHA512
4299cea2803e6255c40af0dee8d0fed0f534b4297bc5f393f73a7ab12ca97b76978901f09dcc7d4038dd47722bc86d481ee0229ffe9f81e0f30b39e82fb22dde

Download Submit
C:\Windows\system\vGqFMLf.exe

Filesize
6.0MB

MD5
ce9115d07ec2877de740e0f0ec5df15a

SHA1
78504bb2260e3459ac6bb287789a5b506afffa07

SHA256
dce0dfc5321ef0f9bf84a8ad91cbeee64e523e06cc00c28cd602e3b83112ccda

SHA512
2854b4d044cbd7f752e1909074727ec868c7104109066424e193a180ec79398d968cdcfee0ec5834e0bf011a02e071516eac14f2fdb84ab42b8b00b23026dc68

Download Submit
C:\Windows\system\wPtkisN.exe

Filesize
6.0MB

MD5
8a92f253a047b4b2093a187d402d8240

SHA1
b1c52896b7c95c9dfcf94f7876dbde6725206b77

SHA256
36cb9e655239b057a6dd672efd5667019d2bd5a7db8167d0a878afbf45da9c37

SHA512
4508d36d18eeee5ee4cf792eeb46053e4303d79e271727c61754d5298b5a546d726e74d45c7fd9dd3a6e432c60b556c42526dfdaab1f2808ee960c3e1ea32743

Download Submit
C:\Windows\system\xDSYetg.exe

Filesize
6.0MB

MD5
e5f11d2bdd2f4510704cb54ac2f6807c

SHA1
a3e576cd8f112e0ab765ee1a42741cfb6b3f1811

SHA256
c04a678b31a5f5aacd94776d6d5d2fe490828a31ed500cd1fbf0039a24422b34

SHA512
f9b9e521948e1a9a1f35cd449165002cebce670b5cf669ba5b314a96400184f631e9fec8be824ad47abdb65530518a3ddefafcd6af69106ee038c16b1cc80b81

Download Submit
C:\Windows\system\ybQHZGk.exe

Filesize
6.0MB

MD5
b02bef969bc721c2335e763225ebfd69

SHA1
891bf8026dece1a8690fa820ab162a71ede84927

SHA256
5d15960f112487b5637743afa8c778403b936e31e60e5515fc1d7e4c6285c9bb

SHA512
0b590692192cb85228dadad2c7132531ef9fdaa642bf5113ed7c15d703f63a793bc9927a2c6bbc4a2571795e6cc315b2e2e2b7cc2386800e90ecb44cc5db3dee

Download Submit
\Windows\system\AZkHKAI.exe

Filesize
6.0MB

MD5
72368e40c3da5e8b8e1ec918811011c6

SHA1
d6863f9aabf442380c6e0e04198fd22accb66158

SHA256
2db6b716999f987fa72edef37fc08dcfa3213fcc7fd82e245481cf529daf75d6

SHA512
1523d6c3bb72492605a3613cee5853b71b105ba49f376e95025014a5f8cbd00ce1dbf7de6abf6d6f59e0cca5500d027dfe29ddd36ebe74f367bbeed004ee9cf3

Download Submit
\Windows\system\HzZCTqi.exe

Filesize
6.0MB

MD5
fb1ff3946748bb66a1095fbd7db620aa

SHA1
850eda9fa4a46ec12b7159faca32ed612ce86fdf

SHA256
a1c21599c67cd0bb887cba4e73dd7d50be643c1cf8df29bdc96151c420b068d3

SHA512
4a6f1ff844159454643b4af52aaa492b9e334cefcd134202609aa628f8cdd881fe40244d9d77b51b850347e47889633dc0569958600f8c60485ebe212232a8c7

Download Submit
\Windows\system\XkaovKn.exe

Filesize
6.0MB

MD5
4f1324d89e6aa8613365f981d45c1059

SHA1
830e320bcb365ad84545b61fcb225d630fb58ee1

SHA256
8ee1d7e4a52be1bcd7734be37ad03565fa53e42c68d4fb13a44c7a4356fdfc60

SHA512
f7acff7e8bacf27a183ba482fe8c741d65d1997b025d57dd8e945d94d65b65137dff347224d42dd7e091cf5a70c048925bac7a5b3312fae7c014f0aea81e4fc9

Download Submit
\Windows\system\hArgkLI.exe

Filesize
6.0MB

MD5
bdb6da6763218b7d3413cd4183c873fe

SHA1
b3a0c26d44256c910ec9f5d37c2e9b826e69775e

SHA256
225b0be3e4f522b0f70c7eab820d5ddd2293a98501501cdc2d418bb50a1e60ec

SHA512
c88636e7c2381b5f5be6639a2331a62abebcf231a19ed0a97dad474a3590789d9de2e60f14601d59594b7752d1b098c773f7854acd316569beda845b0858f0f5

Download Submit
\Windows\system\jUGWvJo.exe

Filesize
6.0MB

MD5
667a0edf07803ee0760ce00f017258f8

SHA1
c876781d3d98476af880b0d92ac640c6df060460

SHA256
5bd0517b451193f70b4345b6671dff36be8eb88fbd099340c5d1287859007025

SHA512
2351d84d182452d9b3af619c52171a485b81e0c037ba98973e95ce53166effced92b6340790caafb50cc5d046ca210ad881a0aa786f18f7142e20961f13fc638

Download Submit
\Windows\system\tHfrIer.exe

Filesize
6.0MB

MD5
59cfe1ca1bfbab86ef6468b533276b13

SHA1
90fc4cab1d64a805a3b28cec91f1d404208673d6

SHA256
d9b086dda38dec37f8735d4f90e7a145d1ce129fef7a6ec030c769b9b1e5b64b

SHA512
604eefb6f56f227bb20873df7d9b426112b1b17b39774f43e40fb3f2b0e048c68db8794a3bdd5a0011e867cce026849aa2f5764b9c140899f3494d76bd3dd9c6

Download Submit
memory/1100-3333-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1100-87-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1100-563-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1440-3204-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1440-9-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-742-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-95-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1796-3334-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-3325-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-71-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-239-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-34-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1960-91-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/1960-655-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-67-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1960-37-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1960-469-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1960-0-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-22-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-59-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-8-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1960-52-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1960-45-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1960-83-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/1960-39-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1960-75-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1960-307-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2120-3258-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-36-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2152-3291-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2152-40-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2328-80-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-382-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-3329-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-86-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-49-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-3321-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-70-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2432-3286-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2432-33-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2616-101-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2616-63-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3324-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3299-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-62-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-28-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3311-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-55-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-94-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-79-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3319-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-42-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/3016-881-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/3016-102-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/3016-3343-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download