cobaltstrike | a54132e21e1d2fc2182fd6e70344699da24dc46f21a4cc736c26ea17099ef18b

Analysis

max time kernel
150s
max time network
23s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19-12-2024 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c4cbc80c05521c88f290058a404b6284
SHA1

c1f5070127e2d3d34e6f8b3fc56bf6d7c9f853b2
SHA256

a54132e21e1d2fc2182fd6e70344699da24dc46f21a4cc736c26ea17099ef18b
SHA512

94f8d673a90d0b80b9adb8905ac46fbeceadd5b932abdac4bb202174349c30850f22f06e5b207c24e067afd50f28d1c4c309f642ebed102776b386c27d6b9278
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU5:eOl56utgpPF8u/75

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0005000000019bf5-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-195.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-79.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019489-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-76.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b64-63.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018b59-55.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b50-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b54-47.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b28-32.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186c3-27.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000186b7-11.dat	cobalt_reflective_dll
behavioral1/files/0x0028000000016fe5-14.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000012263-6.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2220-98-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf5-114.dat	xmrig
behavioral1/files/0x0005000000019bf9-121.dat	xmrig
behavioral1/memory/2696-126-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2928-725-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2128-498-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3f6-191.dat	xmrig
behavioral1/files/0x000500000001a3f8-195.dat	xmrig
behavioral1/files/0x000500000001a3ab-188.dat	xmrig
behavioral1/files/0x000500000001a309-184.dat	xmrig
behavioral1/files/0x000500000001a0b6-179.dat	xmrig
behavioral1/files/0x000500000001a049-174.dat	xmrig
behavioral1/files/0x000500000001a03c-169.dat	xmrig
behavioral1/files/0x0005000000019fdd-164.dat	xmrig
behavioral1/files/0x0005000000019fd4-159.dat	xmrig
behavioral1/files/0x0005000000019e92-154.dat	xmrig
behavioral1/files/0x0005000000019d6d-149.dat	xmrig
behavioral1/files/0x0005000000019d62-145.dat	xmrig
behavioral1/files/0x0005000000019d61-132.dat	xmrig
behavioral1/files/0x0005000000019c3c-128.dat	xmrig
behavioral1/files/0x0005000000019bf6-117.dat	xmrig
behavioral1/files/0x000500000001998d-109.dat	xmrig
behavioral1/files/0x0005000000019820-105.dat	xmrig
behavioral1/memory/2928-102-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2224-101-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x00050000000197fd-99.dat	xmrig
behavioral1/memory/2128-97-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001975a-79.dat	xmrig
behavioral1/memory/2676-73-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/1348-91-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x0006000000019489-70.dat	xmrig
behavioral1/memory/1044-88-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2892-85-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/files/0x0005000000019761-82.dat	xmrig
behavioral1/files/0x0005000000019643-76.dat	xmrig
behavioral1/memory/1664-67-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2696-66-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2224-59-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x0008000000018b64-63.dat	xmrig
behavioral1/memory/1276-56-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x0009000000018b59-55.dat	xmrig
behavioral1/memory/2792-51-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2892-41-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2220-40-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b50-39.dat	xmrig
behavioral1/memory/2716-49-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b54-47.dat	xmrig
behavioral1/memory/2860-36-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b28-32.dat	xmrig
behavioral1/memory/1664-28-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x00070000000186c3-27.dat	xmrig
behavioral1/files/0x00080000000186b7-11.dat	xmrig
behavioral1/memory/1276-23-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2716-15-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x0028000000016fe5-14.dat	xmrig
behavioral1/memory/932-12-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012263-6.dat	xmrig
behavioral1/memory/2220-0-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2860-1580-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/1664-1578-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/932-1577-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2892-1581-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2716-1576-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/1276-1583-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
932	cYdobhY.exe
2716	GXmbGHT.exe
1276	xSypchL.exe
1664	ngqZYvJ.exe
2860	WFthdfc.exe
2892	zNtfDxA.exe
2792	vKxdZUT.exe
2224	JbFZRMQ.exe
2696	dMYJOSU.exe
2676	ecXNHpW.exe
1044	AJMGiyx.exe
1348	YtcYFFB.exe
2128	TDdRaCu.exe
2928	nxZxOcw.exe
2972	vUQJqJv.exe
1800	oRTrsKG.exe
2252	YhKtqiU.exe
2036	MJhRqhI.exe
1728	ZVKEMtg.exe
308	XLcvMbx.exe
1644	ysDpyAG.exe
1776	mmlgMsd.exe
1460	BNDNfRk.exe
1944	tgffjfB.exe
1964	EMDkGdX.exe
2192	EAVyREX.exe
2344	fAjLoXJ.exe
2156	aYCOcBM.exe
2352	mcmLzkQ.exe
2152	iopzQkq.exe
2144	DmAxrrC.exe
832	NiRdBXt.exe
1736	uZmHRVq.exe
2516	eeyrfwA.exe
2068	EQEZXgo.exe
1860	KlvTXdJ.exe
2364	ReGStJP.exe
1548	BUVNjQs.exe
2120	VzZZzpf.exe
2168	wpthiLC.exe
1340	fOoSjxv.exe
2348	dWUSCAk.exe
936	aYoXjBs.exe
2584	NkreXDX.exe
1960	aiZcisw.exe
784	yUvjdHI.exe
580	VpPaGce.exe
468	IcPZBCY.exe
2276	CBLOleU.exe
1576	eKLqSBU.exe
3016	ITlLiCA.exe
2468	bjFVRcK.exe
2760	ZHvRJXb.exe
2796	bogbNhA.exe
2336	jugzxCy.exe
2956	CVFaJCJ.exe
1280	OjeSMgN.exe
2536	MiZuGrr.exe
2684	JmQNUtX.exe
2324	ArLcHWj.exe
2376	QoiUzEd.exe
2096	ZbvZlQa.exe
2896	axiSztH.exe
940	oYRFPkG.exe

Loads dropped DLL 64 IoCs

pid	Process
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0005000000019bf5-114.dat	upx
behavioral1/files/0x0005000000019bf9-121.dat	upx
behavioral1/memory/2696-126-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2928-725-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2128-498-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x000500000001a3f6-191.dat	upx
behavioral1/files/0x000500000001a3f8-195.dat	upx
behavioral1/files/0x000500000001a3ab-188.dat	upx
behavioral1/files/0x000500000001a309-184.dat	upx
behavioral1/files/0x000500000001a0b6-179.dat	upx
behavioral1/files/0x000500000001a049-174.dat	upx
behavioral1/files/0x000500000001a03c-169.dat	upx
behavioral1/files/0x0005000000019fdd-164.dat	upx
behavioral1/files/0x0005000000019fd4-159.dat	upx
behavioral1/files/0x0005000000019e92-154.dat	upx
behavioral1/files/0x0005000000019d6d-149.dat	upx
behavioral1/files/0x0005000000019d62-145.dat	upx
behavioral1/files/0x0005000000019d61-132.dat	upx
behavioral1/files/0x0005000000019c3c-128.dat	upx
behavioral1/files/0x0005000000019bf6-117.dat	upx
behavioral1/files/0x000500000001998d-109.dat	upx
behavioral1/files/0x0005000000019820-105.dat	upx
behavioral1/memory/2928-102-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2224-101-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x00050000000197fd-99.dat	upx
behavioral1/memory/2128-97-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x000500000001975a-79.dat	upx
behavioral1/memory/2676-73-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/1348-91-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x0006000000019489-70.dat	upx
behavioral1/memory/1044-88-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2892-85-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x0005000000019761-82.dat	upx
behavioral1/files/0x0005000000019643-76.dat	upx
behavioral1/memory/1664-67-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2696-66-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2224-59-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x0008000000018b64-63.dat	upx
behavioral1/memory/1276-56-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x0009000000018b59-55.dat	upx
behavioral1/memory/2792-51-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2892-41-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2220-40-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x0007000000018b50-39.dat	upx
behavioral1/memory/2716-49-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x0007000000018b54-47.dat	upx
behavioral1/memory/2860-36-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x0007000000018b28-32.dat	upx
behavioral1/memory/1664-28-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x00070000000186c3-27.dat	upx
behavioral1/files/0x00080000000186b7-11.dat	upx
behavioral1/memory/1276-23-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2716-15-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x0028000000016fe5-14.dat	upx
behavioral1/memory/932-12-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x000b000000012263-6.dat	upx
behavioral1/memory/2220-0-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2860-1580-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/1664-1578-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/932-1577-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2892-1581-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2716-1576-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/1276-1583-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2792-1589-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FIZjrMr.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgeBZwN.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OcsObMV.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSqjdjI.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPebFgE.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ksBmNjn.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VGGBXLT.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYxAceT.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WUHULYz.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nXnnICe.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vyROFCP.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYJKHtY.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXbRmrq.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CbCFtbj.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cUVVCnd.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CgfhyEa.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WIvDbYc.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mXOFRRr.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KaGyhDL.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYtxHZk.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pOdXWlF.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VuQYYmu.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VzZZzpf.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ThdkzuC.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdZroef.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMWaojG.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yqEfpNp.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nlzvWcc.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rWTtINk.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\doHIITF.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FDIKcUu.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wRMPBws.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOJVaJl.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWjjNKR.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UIGEghC.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qiNgpUu.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SCPaUTA.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\coYZcHZ.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\otgoLaV.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTereLB.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EtDmkfV.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXpbeRq.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iTToImV.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DvoLDyy.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\abBZLwS.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PnMMyPs.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PIoCIaJ.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\idWxKuO.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BLHuEFd.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRLRWZo.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\suclqHU.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XselCsh.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBiTETx.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nXzsmXE.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dYeZQml.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EhWQdMQ.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tsJEPqj.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLOrMVH.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pbBMVbG.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MbtvhIe.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VaxFtMa.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xkLwGBN.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vijThAf.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uUEAkQB.exe	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 932	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2220 wrote to memory of 932	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2220 wrote to memory of 932	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2220 wrote to memory of 2716	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2220 wrote to memory of 2716	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2220 wrote to memory of 2716	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2220 wrote to memory of 1276	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2220 wrote to memory of 1276	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2220 wrote to memory of 1276	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2220 wrote to memory of 1664	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2220 wrote to memory of 1664	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2220 wrote to memory of 1664	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2220 wrote to memory of 2860	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2220 wrote to memory of 2860	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2220 wrote to memory of 2860	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2220 wrote to memory of 2892	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2220 wrote to memory of 2892	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2220 wrote to memory of 2892	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2220 wrote to memory of 2792	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2220 wrote to memory of 2792	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2220 wrote to memory of 2792	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2220 wrote to memory of 2224	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2220 wrote to memory of 2224	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2220 wrote to memory of 2224	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2220 wrote to memory of 2696	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2220 wrote to memory of 2696	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2220 wrote to memory of 2696	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2220 wrote to memory of 2676	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2220 wrote to memory of 2676	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2220 wrote to memory of 2676	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2220 wrote to memory of 1044	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2220 wrote to memory of 1044	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2220 wrote to memory of 1044	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2220 wrote to memory of 2128	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2220 wrote to memory of 2128	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2220 wrote to memory of 2128	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2220 wrote to memory of 1348	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2220 wrote to memory of 1348	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2220 wrote to memory of 1348	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2220 wrote to memory of 2928	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2220 wrote to memory of 2928	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2220 wrote to memory of 2928	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2220 wrote to memory of 2972	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2220 wrote to memory of 2972	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2220 wrote to memory of 2972	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2220 wrote to memory of 1800	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2220 wrote to memory of 1800	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2220 wrote to memory of 1800	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2220 wrote to memory of 2252	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2220 wrote to memory of 2252	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2220 wrote to memory of 2252	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2220 wrote to memory of 2036	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2220 wrote to memory of 2036	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2220 wrote to memory of 2036	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2220 wrote to memory of 1728	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2220 wrote to memory of 1728	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2220 wrote to memory of 1728	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2220 wrote to memory of 308	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2220 wrote to memory of 308	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2220 wrote to memory of 308	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2220 wrote to memory of 1644	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2220 wrote to memory of 1644	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2220 wrote to memory of 1644	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2220 wrote to memory of 1776	2220	2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\3463460381\zmstage.exe
C:\Users\Admin\AppData\Local\Temp\3463460381\zmstage.exe
1⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_c4cbc80c05521c88f290058a404b6284_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\System\cYdobhY.exe
  C:\Windows\System\cYdobhY.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\GXmbGHT.exe
  C:\Windows\System\GXmbGHT.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\xSypchL.exe
  C:\Windows\System\xSypchL.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\ngqZYvJ.exe
  C:\Windows\System\ngqZYvJ.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\WFthdfc.exe
  C:\Windows\System\WFthdfc.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\zNtfDxA.exe
  C:\Windows\System\zNtfDxA.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\vKxdZUT.exe
  C:\Windows\System\vKxdZUT.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\JbFZRMQ.exe
  C:\Windows\System\JbFZRMQ.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\dMYJOSU.exe
  C:\Windows\System\dMYJOSU.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\ecXNHpW.exe
  C:\Windows\System\ecXNHpW.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\AJMGiyx.exe
  C:\Windows\System\AJMGiyx.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\TDdRaCu.exe
  C:\Windows\System\TDdRaCu.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\YtcYFFB.exe
  C:\Windows\System\YtcYFFB.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\nxZxOcw.exe
  C:\Windows\System\nxZxOcw.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\vUQJqJv.exe
  C:\Windows\System\vUQJqJv.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\oRTrsKG.exe
  C:\Windows\System\oRTrsKG.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\YhKtqiU.exe
  C:\Windows\System\YhKtqiU.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\MJhRqhI.exe
  C:\Windows\System\MJhRqhI.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\ZVKEMtg.exe
  C:\Windows\System\ZVKEMtg.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\XLcvMbx.exe
  C:\Windows\System\XLcvMbx.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\ysDpyAG.exe
  C:\Windows\System\ysDpyAG.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\mmlgMsd.exe
  C:\Windows\System\mmlgMsd.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\BNDNfRk.exe
  C:\Windows\System\BNDNfRk.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\tgffjfB.exe
  C:\Windows\System\tgffjfB.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\EMDkGdX.exe
  C:\Windows\System\EMDkGdX.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\EAVyREX.exe
  C:\Windows\System\EAVyREX.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\fAjLoXJ.exe
  C:\Windows\System\fAjLoXJ.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\aYCOcBM.exe
  C:\Windows\System\aYCOcBM.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\mcmLzkQ.exe
  C:\Windows\System\mcmLzkQ.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\iopzQkq.exe
  C:\Windows\System\iopzQkq.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\DmAxrrC.exe
  C:\Windows\System\DmAxrrC.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\uZmHRVq.exe
  C:\Windows\System\uZmHRVq.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\NiRdBXt.exe
  C:\Windows\System\NiRdBXt.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\eeyrfwA.exe
  C:\Windows\System\eeyrfwA.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\EQEZXgo.exe
  C:\Windows\System\EQEZXgo.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\KlvTXdJ.exe
  C:\Windows\System\KlvTXdJ.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\ReGStJP.exe
  C:\Windows\System\ReGStJP.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\VzZZzpf.exe
  C:\Windows\System\VzZZzpf.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\BUVNjQs.exe
  C:\Windows\System\BUVNjQs.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\wpthiLC.exe
  C:\Windows\System\wpthiLC.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\fOoSjxv.exe
  C:\Windows\System\fOoSjxv.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\aYoXjBs.exe
  C:\Windows\System\aYoXjBs.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\dWUSCAk.exe
  C:\Windows\System\dWUSCAk.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\aiZcisw.exe
  C:\Windows\System\aiZcisw.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\NkreXDX.exe
  C:\Windows\System\NkreXDX.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\hKebAsq.exe
  C:\Windows\System\hKebAsq.exe
  2⤵
  PID:2056
- C:\Windows\System\yUvjdHI.exe
  C:\Windows\System\yUvjdHI.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\FIZjrMr.exe
  C:\Windows\System\FIZjrMr.exe
  2⤵
  PID:1704
- C:\Windows\System\VpPaGce.exe
  C:\Windows\System\VpPaGce.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\XAaNAyy.exe
  C:\Windows\System\XAaNAyy.exe
  2⤵
  PID:1472
- C:\Windows\System\IcPZBCY.exe
  C:\Windows\System\IcPZBCY.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\zjHGyOn.exe
  C:\Windows\System\zjHGyOn.exe
  2⤵
  PID:888
- C:\Windows\System\CBLOleU.exe
  C:\Windows\System\CBLOleU.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\puKTLrx.exe
  C:\Windows\System\puKTLrx.exe
  2⤵
  PID:2280
- C:\Windows\System\eKLqSBU.exe
  C:\Windows\System\eKLqSBU.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\GVUilSW.exe
  C:\Windows\System\GVUilSW.exe
  2⤵
  PID:2028
- C:\Windows\System\ITlLiCA.exe
  C:\Windows\System\ITlLiCA.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\wiMrPjg.exe
  C:\Windows\System\wiMrPjg.exe
  2⤵
  PID:2544
- C:\Windows\System\bjFVRcK.exe
  C:\Windows\System\bjFVRcK.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\LdEckBH.exe
  C:\Windows\System\LdEckBH.exe
  2⤵
  PID:2900
- C:\Windows\System\ZHvRJXb.exe
  C:\Windows\System\ZHvRJXb.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\zECxHbt.exe
  C:\Windows\System\zECxHbt.exe
  2⤵
  PID:2840
- C:\Windows\System\bogbNhA.exe
  C:\Windows\System\bogbNhA.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\krkZSjS.exe
  C:\Windows\System\krkZSjS.exe
  2⤵
  PID:2628
- C:\Windows\System\jugzxCy.exe
  C:\Windows\System\jugzxCy.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\JtwIEqx.exe
  C:\Windows\System\JtwIEqx.exe
  2⤵
  PID:2752
- C:\Windows\System\CVFaJCJ.exe
  C:\Windows\System\CVFaJCJ.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\jvnzUUR.exe
  C:\Windows\System\jvnzUUR.exe
  2⤵
  PID:1152
- C:\Windows\System\OjeSMgN.exe
  C:\Windows\System\OjeSMgN.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\mGdhWcR.exe
  C:\Windows\System\mGdhWcR.exe
  2⤵
  PID:924
- C:\Windows\System\MiZuGrr.exe
  C:\Windows\System\MiZuGrr.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\fKvLYKH.exe
  C:\Windows\System\fKvLYKH.exe
  2⤵
  PID:1020
- C:\Windows\System\JmQNUtX.exe
  C:\Windows\System\JmQNUtX.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\RFKWTsU.exe
  C:\Windows\System\RFKWTsU.exe
  2⤵
  PID:1444
- C:\Windows\System\ArLcHWj.exe
  C:\Windows\System\ArLcHWj.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\zjMMrZM.exe
  C:\Windows\System\zjMMrZM.exe
  2⤵
  PID:1780
- C:\Windows\System\QoiUzEd.exe
  C:\Windows\System\QoiUzEd.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\mmkUhUa.exe
  C:\Windows\System\mmkUhUa.exe
  2⤵
  PID:2172
- C:\Windows\System\ZbvZlQa.exe
  C:\Windows\System\ZbvZlQa.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\eAtnWJq.exe
  C:\Windows\System\eAtnWJq.exe
  2⤵
  PID:900
- C:\Windows\System\axiSztH.exe
  C:\Windows\System\axiSztH.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\mUQQEAS.exe
  C:\Windows\System\mUQQEAS.exe
  2⤵
  PID:1292
- C:\Windows\System\oYRFPkG.exe
  C:\Windows\System\oYRFPkG.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\AeDCBXn.exe
  C:\Windows\System\AeDCBXn.exe
  2⤵
  PID:2040
- C:\Windows\System\pmAjvYg.exe
  C:\Windows\System\pmAjvYg.exe
  2⤵
  PID:2164
- C:\Windows\System\kqhpijf.exe
  C:\Windows\System\kqhpijf.exe
  2⤵
  PID:392
- C:\Windows\System\baweNuZ.exe
  C:\Windows\System\baweNuZ.exe
  2⤵
  PID:1480
- C:\Windows\System\WrRyKYi.exe
  C:\Windows\System\WrRyKYi.exe
  2⤵
  PID:1508
- C:\Windows\System\FiJsYHw.exe
  C:\Windows\System\FiJsYHw.exe
  2⤵
  PID:1600
- C:\Windows\System\ZHierbY.exe
  C:\Windows\System\ZHierbY.exe
  2⤵
  PID:2876
- C:\Windows\System\HUrHqMw.exe
  C:\Windows\System\HUrHqMw.exe
  2⤵
  PID:2744
- C:\Windows\System\rXDwHaT.exe
  C:\Windows\System\rXDwHaT.exe
  2⤵
  PID:3004
- C:\Windows\System\ScGMxHB.exe
  C:\Windows\System\ScGMxHB.exe
  2⤵
  PID:1992
- C:\Windows\System\KRVNHKK.exe
  C:\Windows\System\KRVNHKK.exe
  2⤵
  PID:1936
- C:\Windows\System\QEgfeei.exe
  C:\Windows\System\QEgfeei.exe
  2⤵
  PID:2456
- C:\Windows\System\jIYLuXT.exe
  C:\Windows\System\jIYLuXT.exe
  2⤵
  PID:860
- C:\Windows\System\vGjkjRX.exe
  C:\Windows\System\vGjkjRX.exe
  2⤵
  PID:3084
- C:\Windows\System\aZzJnjm.exe
  C:\Windows\System\aZzJnjm.exe
  2⤵
  PID:3100
- C:\Windows\System\PbTMLnX.exe
  C:\Windows\System\PbTMLnX.exe
  2⤵
  PID:3116
- C:\Windows\System\TbGRrac.exe
  C:\Windows\System\TbGRrac.exe
  2⤵
  PID:3132
- C:\Windows\System\MWlychL.exe
  C:\Windows\System\MWlychL.exe
  2⤵
  PID:3148
- C:\Windows\System\YLHTXvA.exe
  C:\Windows\System\YLHTXvA.exe
  2⤵
  PID:3172
- C:\Windows\System\xuOvjIm.exe
  C:\Windows\System\xuOvjIm.exe
  2⤵
  PID:3200
- C:\Windows\System\rszQreb.exe
  C:\Windows\System\rszQreb.exe
  2⤵
  PID:3216
- C:\Windows\System\nVVDALh.exe
  C:\Windows\System\nVVDALh.exe
  2⤵
  PID:3240
- C:\Windows\System\QntLgaC.exe
  C:\Windows\System\QntLgaC.exe
  2⤵
  PID:3296
- C:\Windows\System\oakCvTc.exe
  C:\Windows\System\oakCvTc.exe
  2⤵
  PID:3484
- C:\Windows\System\QrRYHxf.exe
  C:\Windows\System\QrRYHxf.exe
  2⤵
  PID:3504
- C:\Windows\System\rnqXbcr.exe
  C:\Windows\System\rnqXbcr.exe
  2⤵
  PID:3524
- C:\Windows\System\TgGrSGa.exe
  C:\Windows\System\TgGrSGa.exe
  2⤵
  PID:3540
- C:\Windows\System\kzhGaSn.exe
  C:\Windows\System\kzhGaSn.exe
  2⤵
  PID:3556
- C:\Windows\System\ScSBlyT.exe
  C:\Windows\System\ScSBlyT.exe
  2⤵
  PID:3572
- C:\Windows\System\fsWHwve.exe
  C:\Windows\System\fsWHwve.exe
  2⤵
  PID:3596
- C:\Windows\System\TvpgsKh.exe
  C:\Windows\System\TvpgsKh.exe
  2⤵
  PID:3616
- C:\Windows\System\xDJXKuq.exe
  C:\Windows\System\xDJXKuq.exe
  2⤵
  PID:3636
- C:\Windows\System\pJZFpmx.exe
  C:\Windows\System\pJZFpmx.exe
  2⤵
  PID:3652
- C:\Windows\System\Tluueah.exe
  C:\Windows\System\Tluueah.exe
  2⤵
  PID:3672
- C:\Windows\System\jVlXKen.exe
  C:\Windows\System\jVlXKen.exe
  2⤵
  PID:3688
- C:\Windows\System\SwCATjU.exe
  C:\Windows\System\SwCATjU.exe
  2⤵
  PID:3704
- C:\Windows\System\RBPaKxD.exe
  C:\Windows\System\RBPaKxD.exe
  2⤵
  PID:3724
- C:\Windows\System\EpLRESn.exe
  C:\Windows\System\EpLRESn.exe
  2⤵
  PID:3748
- C:\Windows\System\fzztBpA.exe
  C:\Windows\System\fzztBpA.exe
  2⤵
  PID:3784
- C:\Windows\System\TVfnMoI.exe
  C:\Windows\System\TVfnMoI.exe
  2⤵
  PID:3800
- C:\Windows\System\BJdMFAR.exe
  C:\Windows\System\BJdMFAR.exe
  2⤵
  PID:3816
- C:\Windows\System\LTmTZjF.exe
  C:\Windows\System\LTmTZjF.exe
  2⤵
  PID:3836
- C:\Windows\System\SObpxvW.exe
  C:\Windows\System\SObpxvW.exe
  2⤵
  PID:3868
- C:\Windows\System\YheJFoI.exe
  C:\Windows\System\YheJFoI.exe
  2⤵
  PID:3884
- C:\Windows\System\fbAkzcy.exe
  C:\Windows\System\fbAkzcy.exe
  2⤵
  PID:3904
- C:\Windows\System\CpFuIcI.exe
  C:\Windows\System\CpFuIcI.exe
  2⤵
  PID:3924
- C:\Windows\System\uAmWGbs.exe
  C:\Windows\System\uAmWGbs.exe
  2⤵
  PID:3940
- C:\Windows\System\vZxJXmh.exe
  C:\Windows\System\vZxJXmh.exe
  2⤵
  PID:3956
- C:\Windows\System\gEZIOhT.exe
  C:\Windows\System\gEZIOhT.exe
  2⤵
  PID:3972
- C:\Windows\System\csjJXoE.exe
  C:\Windows\System\csjJXoE.exe
  2⤵
  PID:3988
- C:\Windows\System\shpSkDS.exe
  C:\Windows\System\shpSkDS.exe
  2⤵
  PID:4004
- C:\Windows\System\iJiKJxP.exe
  C:\Windows\System\iJiKJxP.exe
  2⤵
  PID:4060
- C:\Windows\System\PcInonM.exe
  C:\Windows\System\PcInonM.exe
  2⤵
  PID:4084
- C:\Windows\System\DjStwVH.exe
  C:\Windows\System\DjStwVH.exe
  2⤵
  PID:2592
- C:\Windows\System\jmhRggh.exe
  C:\Windows\System\jmhRggh.exe
  2⤵
  PID:2700
- C:\Windows\System\Skcfhpt.exe
  C:\Windows\System\Skcfhpt.exe
  2⤵
  PID:2140
- C:\Windows\System\DoRFcHF.exe
  C:\Windows\System\DoRFcHF.exe
  2⤵
  PID:3128
- C:\Windows\System\oKhWZeO.exe
  C:\Windows\System\oKhWZeO.exe
  2⤵
  PID:3160
- C:\Windows\System\zZBJKwv.exe
  C:\Windows\System\zZBJKwv.exe
  2⤵
  PID:3056
- C:\Windows\System\ntYgjaJ.exe
  C:\Windows\System\ntYgjaJ.exe
  2⤵
  PID:384
- C:\Windows\System\KubRsWY.exe
  C:\Windows\System\KubRsWY.exe
  2⤵
  PID:3268
- C:\Windows\System\YuHEuXK.exe
  C:\Windows\System\YuHEuXK.exe
  2⤵
  PID:3276
- C:\Windows\System\swrXuwj.exe
  C:\Windows\System\swrXuwj.exe
  2⤵
  PID:2528
- C:\Windows\System\OvfzLBd.exe
  C:\Windows\System\OvfzLBd.exe
  2⤵
  PID:2496
- C:\Windows\System\KwQohnd.exe
  C:\Windows\System\KwQohnd.exe
  2⤵
  PID:2472
- C:\Windows\System\SItCVfr.exe
  C:\Windows\System\SItCVfr.exe
  2⤵
  PID:1612
- C:\Windows\System\qDKpvTF.exe
  C:\Windows\System\qDKpvTF.exe
  2⤵
  PID:3064
- C:\Windows\System\VIfNtCz.exe
  C:\Windows\System\VIfNtCz.exe
  2⤵
  PID:1148
- C:\Windows\System\afUXeop.exe
  C:\Windows\System\afUXeop.exe
  2⤵
  PID:3020
- C:\Windows\System\beMjBgl.exe
  C:\Windows\System\beMjBgl.exe
  2⤵
  PID:1684
- C:\Windows\System\vijThAf.exe
  C:\Windows\System\vijThAf.exe
  2⤵
  PID:2828
- C:\Windows\System\CLHglnN.exe
  C:\Windows\System\CLHglnN.exe
  2⤵
  PID:2216
- C:\Windows\System\vVxmAPn.exe
  C:\Windows\System\vVxmAPn.exe
  2⤵
  PID:2000
- C:\Windows\System\ZQdHngD.exe
  C:\Windows\System\ZQdHngD.exe
  2⤵
  PID:336
- C:\Windows\System\SvXKZsl.exe
  C:\Windows\System\SvXKZsl.exe
  2⤵
  PID:2016
- C:\Windows\System\VkIRnmS.exe
  C:\Windows\System\VkIRnmS.exe
  2⤵
  PID:2820
- C:\Windows\System\KOOwXnZ.exe
  C:\Windows\System\KOOwXnZ.exe
  2⤵
  PID:432
- C:\Windows\System\ftDNMiV.exe
  C:\Windows\System\ftDNMiV.exe
  2⤵
  PID:3108
- C:\Windows\System\FzJQgNe.exe
  C:\Windows\System\FzJQgNe.exe
  2⤵
  PID:3180
- C:\Windows\System\lXuTbrg.exe
  C:\Windows\System\lXuTbrg.exe
  2⤵
  PID:3196
- C:\Windows\System\IHXinLe.exe
  C:\Windows\System\IHXinLe.exe
  2⤵
  PID:3312
- C:\Windows\System\RqYfHMJ.exe
  C:\Windows\System\RqYfHMJ.exe
  2⤵
  PID:3324
- C:\Windows\System\HpnHaaF.exe
  C:\Windows\System\HpnHaaF.exe
  2⤵
  PID:3340
- C:\Windows\System\pOBdNND.exe
  C:\Windows\System\pOBdNND.exe
  2⤵
  PID:3356
- C:\Windows\System\YLIkJnB.exe
  C:\Windows\System\YLIkJnB.exe
  2⤵
  PID:3372
- C:\Windows\System\mTTgotS.exe
  C:\Windows\System\mTTgotS.exe
  2⤵
  PID:3392
- C:\Windows\System\GiykBlN.exe
  C:\Windows\System\GiykBlN.exe
  2⤵
  PID:3404
- C:\Windows\System\WxAnydK.exe
  C:\Windows\System\WxAnydK.exe
  2⤵
  PID:3420
- C:\Windows\System\XOLwyhm.exe
  C:\Windows\System\XOLwyhm.exe
  2⤵
  PID:3440
- C:\Windows\System\fCYVbnl.exe
  C:\Windows\System\fCYVbnl.exe
  2⤵
  PID:3452
- C:\Windows\System\NokSqUZ.exe
  C:\Windows\System\NokSqUZ.exe
  2⤵
  PID:3468
- C:\Windows\System\usgZhFx.exe
  C:\Windows\System\usgZhFx.exe
  2⤵
  PID:3384
- C:\Windows\System\itqJfeM.exe
  C:\Windows\System\itqJfeM.exe
  2⤵
  PID:3500
- C:\Windows\System\pdygldA.exe
  C:\Windows\System\pdygldA.exe
  2⤵
  PID:3564
- C:\Windows\System\JrnNVDP.exe
  C:\Windows\System\JrnNVDP.exe
  2⤵
  PID:3612
- C:\Windows\System\QdTdksi.exe
  C:\Windows\System\QdTdksi.exe
  2⤵
  PID:3548
- C:\Windows\System\bKImqqu.exe
  C:\Windows\System\bKImqqu.exe
  2⤵
  PID:3632
- C:\Windows\System\LFgzFjf.exe
  C:\Windows\System\LFgzFjf.exe
  2⤵
  PID:3760
- C:\Windows\System\RBkLJaN.exe
  C:\Windows\System\RBkLJaN.exe
  2⤵
  PID:3736
- C:\Windows\System\uTZFqqv.exe
  C:\Windows\System\uTZFqqv.exe
  2⤵
  PID:3668
- C:\Windows\System\iVRjNGL.exe
  C:\Windows\System\iVRjNGL.exe
  2⤵
  PID:3624
- C:\Windows\System\zyzKcWC.exe
  C:\Windows\System\zyzKcWC.exe
  2⤵
  PID:3776
- C:\Windows\System\ZoOFnpq.exe
  C:\Windows\System\ZoOFnpq.exe
  2⤵
  PID:2992
- C:\Windows\System\FvYTLCc.exe
  C:\Windows\System\FvYTLCc.exe
  2⤵
  PID:3892
- C:\Windows\System\pbcLCXy.exe
  C:\Windows\System\pbcLCXy.exe
  2⤵
  PID:3936
- C:\Windows\System\fbWmids.exe
  C:\Windows\System\fbWmids.exe
  2⤵
  PID:3828
- C:\Windows\System\wlOIynb.exe
  C:\Windows\System\wlOIynb.exe
  2⤵
  PID:3968
- C:\Windows\System\NxyOscP.exe
  C:\Windows\System\NxyOscP.exe
  2⤵
  PID:4072
- C:\Windows\System\iwUMhfX.exe
  C:\Windows\System\iwUMhfX.exe
  2⤵
  PID:2720
- C:\Windows\System\KOHLLhm.exe
  C:\Windows\System\KOHLLhm.exe
  2⤵
  PID:3248
- C:\Windows\System\jbPydmc.exe
  C:\Windows\System\jbPydmc.exe
  2⤵
  PID:2260
- C:\Windows\System\xpXJdQC.exe
  C:\Windows\System\xpXJdQC.exe
  2⤵
  PID:1032
- C:\Windows\System\GjVFDKa.exe
  C:\Windows\System\GjVFDKa.exe
  2⤵
  PID:1496
- C:\Windows\System\ZrPhuCl.exe
  C:\Windows\System\ZrPhuCl.exe
  2⤵
  PID:3948
- C:\Windows\System\cOwfgKz.exe
  C:\Windows\System\cOwfgKz.exe
  2⤵
  PID:1968
- C:\Windows\System\puBcXzG.exe
  C:\Windows\System\puBcXzG.exe
  2⤵
  PID:588
- C:\Windows\System\yvBrExv.exe
  C:\Windows\System\yvBrExv.exe
  2⤵
  PID:2288
- C:\Windows\System\hJRjjZm.exe
  C:\Windows\System\hJRjjZm.exe
  2⤵
  PID:4012
- C:\Windows\System\EjEJCrn.exe
  C:\Windows\System\EjEJCrn.exe
  2⤵
  PID:3144
- C:\Windows\System\PSODgaS.exe
  C:\Windows\System\PSODgaS.exe
  2⤵
  PID:2648
- C:\Windows\System\FwXKfiq.exe
  C:\Windows\System\FwXKfiq.exe
  2⤵
  PID:3400
- C:\Windows\System\GdzkQuh.exe
  C:\Windows\System\GdzkQuh.exe
  2⤵
  PID:3460
- C:\Windows\System\HGHSScA.exe
  C:\Windows\System\HGHSScA.exe
  2⤵
  PID:3492
- C:\Windows\System\CWmKAVH.exe
  C:\Windows\System\CWmKAVH.exe
  2⤵
  PID:3588
- C:\Windows\System\VppTnOo.exe
  C:\Windows\System\VppTnOo.exe
  2⤵
  PID:2064
- C:\Windows\System\fqOsEmV.exe
  C:\Windows\System\fqOsEmV.exe
  2⤵
  PID:1212
- C:\Windows\System\ooJINfh.exe
  C:\Windows\System\ooJINfh.exe
  2⤵
  PID:2540
- C:\Windows\System\TupWLMW.exe
  C:\Windows\System\TupWLMW.exe
  2⤵
  PID:3716
- C:\Windows\System\sESJHLO.exe
  C:\Windows\System\sESJHLO.exe
  2⤵
  PID:3516
- C:\Windows\System\FqpyoLI.exe
  C:\Windows\System\FqpyoLI.exe
  2⤵
  PID:3860
- C:\Windows\System\ELdpXTT.exe
  C:\Windows\System\ELdpXTT.exe
  2⤵
  PID:3824
- C:\Windows\System\DdYUwXU.exe
  C:\Windows\System\DdYUwXU.exe
  2⤵
  PID:3212
- C:\Windows\System\tLmsrSx.exe
  C:\Windows\System\tLmsrSx.exe
  2⤵
  PID:2388
- C:\Windows\System\tocZgOu.exe
  C:\Windows\System\tocZgOu.exe
  2⤵
  PID:1756
- C:\Windows\System\ZNvawLY.exe
  C:\Windows\System\ZNvawLY.exe
  2⤵
  PID:3332
- C:\Windows\System\UzWrhgo.exe
  C:\Windows\System\UzWrhgo.exe
  2⤵
  PID:1768
- C:\Windows\System\pMcSHAi.exe
  C:\Windows\System\pMcSHAi.exe
  2⤵
  PID:3980
- C:\Windows\System\uMcHebX.exe
  C:\Windows\System\uMcHebX.exe
  2⤵
  PID:844
- C:\Windows\System\vILWBew.exe
  C:\Windows\System\vILWBew.exe
  2⤵
  PID:3364
- C:\Windows\System\TbzVkSl.exe
  C:\Windows\System\TbzVkSl.exe
  2⤵
  PID:4048
- C:\Windows\System\DZgrdAF.exe
  C:\Windows\System\DZgrdAF.exe
  2⤵
  PID:2688
- C:\Windows\System\HRgiUAL.exe
  C:\Windows\System\HRgiUAL.exe
  2⤵
  PID:3700
- C:\Windows\System\bSOYZFb.exe
  C:\Windows\System\bSOYZFb.exe
  2⤵
  PID:3680
- C:\Windows\System\ljFUfii.exe
  C:\Windows\System\ljFUfii.exe
  2⤵
  PID:288
- C:\Windows\System\dZyhRcd.exe
  C:\Windows\System\dZyhRcd.exe
  2⤵
  PID:3416
- C:\Windows\System\dimxLxB.exe
  C:\Windows\System\dimxLxB.exe
  2⤵
  PID:3352
- C:\Windows\System\bRUfUJh.exe
  C:\Windows\System\bRUfUJh.exe
  2⤵
  PID:1604
- C:\Windows\System\aYtxHZk.exe
  C:\Windows\System\aYtxHZk.exe
  2⤵
  PID:1740
- C:\Windows\System\hRlFwvU.exe
  C:\Windows\System\hRlFwvU.exe
  2⤵
  PID:3464
- C:\Windows\System\zCTtmiP.exe
  C:\Windows\System\zCTtmiP.exe
  2⤵
  PID:2656
- C:\Windows\System\utnHjXW.exe
  C:\Windows\System\utnHjXW.exe
  2⤵
  PID:1484
- C:\Windows\System\WhTWUUV.exe
  C:\Windows\System\WhTWUUV.exe
  2⤵
  PID:2852
- C:\Windows\System\vXCWJGZ.exe
  C:\Windows\System\vXCWJGZ.exe
  2⤵
  PID:3512
- C:\Windows\System\KFCQIUF.exe
  C:\Windows\System\KFCQIUF.exe
  2⤵
  PID:3852
- C:\Windows\System\YuPcRCg.exe
  C:\Windows\System\YuPcRCg.exe
  2⤵
  PID:2888
- C:\Windows\System\xbxOvgH.exe
  C:\Windows\System\xbxOvgH.exe
  2⤵
  PID:1056
- C:\Windows\System\YaFemFW.exe
  C:\Windows\System\YaFemFW.exe
  2⤵
  PID:2320
- C:\Windows\System\cYbbUQb.exe
  C:\Windows\System\cYbbUQb.exe
  2⤵
  PID:1368
- C:\Windows\System\TzJGSnx.exe
  C:\Windows\System\TzJGSnx.exe
  2⤵
  PID:4068
- C:\Windows\System\ewUlLRk.exe
  C:\Windows\System\ewUlLRk.exe
  2⤵
  PID:3764
- C:\Windows\System\ipFLCuX.exe
  C:\Windows\System\ipFLCuX.exe
  2⤵
  PID:3712
- C:\Windows\System\CxyOALz.exe
  C:\Windows\System\CxyOALz.exe
  2⤵
  PID:3080
- C:\Windows\System\QYOemOX.exe
  C:\Windows\System\QYOemOX.exe
  2⤵
  PID:604
- C:\Windows\System\ThzRccN.exe
  C:\Windows\System\ThzRccN.exe
  2⤵
  PID:3284
- C:\Windows\System\qNrVUxY.exe
  C:\Windows\System\qNrVUxY.exe
  2⤵
  PID:4020
- C:\Windows\System\kdcynKZ.exe
  C:\Windows\System\kdcynKZ.exe
  2⤵
  PID:4116
- C:\Windows\System\uZwGmPx.exe
  C:\Windows\System\uZwGmPx.exe
  2⤵
  PID:4132
- C:\Windows\System\GIicrSi.exe
  C:\Windows\System\GIicrSi.exe
  2⤵
  PID:4148
- C:\Windows\System\crxZUCX.exe
  C:\Windows\System\crxZUCX.exe
  2⤵
  PID:4164
- C:\Windows\System\SjAmrGt.exe
  C:\Windows\System\SjAmrGt.exe
  2⤵
  PID:4184
- C:\Windows\System\rjfyGAo.exe
  C:\Windows\System\rjfyGAo.exe
  2⤵
  PID:4208
- C:\Windows\System\wXHaWwu.exe
  C:\Windows\System\wXHaWwu.exe
  2⤵
  PID:4224
- C:\Windows\System\zVvFXMi.exe
  C:\Windows\System\zVvFXMi.exe
  2⤵
  PID:4240
- C:\Windows\System\OSvYzrD.exe
  C:\Windows\System\OSvYzrD.exe
  2⤵
  PID:4260
- C:\Windows\System\lmIXsTG.exe
  C:\Windows\System\lmIXsTG.exe
  2⤵
  PID:4276
- C:\Windows\System\LtCfITK.exe
  C:\Windows\System\LtCfITK.exe
  2⤵
  PID:4304
- C:\Windows\System\IBekqnc.exe
  C:\Windows\System\IBekqnc.exe
  2⤵
  PID:4324
- C:\Windows\System\sVnZuWg.exe
  C:\Windows\System\sVnZuWg.exe
  2⤵
  PID:4340
- C:\Windows\System\EJgavBr.exe
  C:\Windows\System\EJgavBr.exe
  2⤵
  PID:4356
- C:\Windows\System\ISSWsGE.exe
  C:\Windows\System\ISSWsGE.exe
  2⤵
  PID:4384
- C:\Windows\System\smOIJtE.exe
  C:\Windows\System\smOIJtE.exe
  2⤵
  PID:4400
- C:\Windows\System\simNBNI.exe
  C:\Windows\System\simNBNI.exe
  2⤵
  PID:4416
- C:\Windows\System\cgeWYPf.exe
  C:\Windows\System\cgeWYPf.exe
  2⤵
  PID:4432
- C:\Windows\System\GojkjhI.exe
  C:\Windows\System\GojkjhI.exe
  2⤵
  PID:4452
- C:\Windows\System\OSrCQVb.exe
  C:\Windows\System\OSrCQVb.exe
  2⤵
  PID:4468
- C:\Windows\System\uUEAkQB.exe
  C:\Windows\System\uUEAkQB.exe
  2⤵
  PID:4484
- C:\Windows\System\JRLZkZl.exe
  C:\Windows\System\JRLZkZl.exe
  2⤵
  PID:4504
- C:\Windows\System\xMuzTUh.exe
  C:\Windows\System\xMuzTUh.exe
  2⤵
  PID:4520
- C:\Windows\System\HsqiGLJ.exe
  C:\Windows\System\HsqiGLJ.exe
  2⤵
  PID:4540
- C:\Windows\System\eESnFYj.exe
  C:\Windows\System\eESnFYj.exe
  2⤵
  PID:4556
- C:\Windows\System\uMfSBPk.exe
  C:\Windows\System\uMfSBPk.exe
  2⤵
  PID:4572
- C:\Windows\System\yJuDsmE.exe
  C:\Windows\System\yJuDsmE.exe
  2⤵
  PID:4588
- C:\Windows\System\oRiBErj.exe
  C:\Windows\System\oRiBErj.exe
  2⤵
  PID:4604
- C:\Windows\System\LkNvTWX.exe
  C:\Windows\System\LkNvTWX.exe
  2⤵
  PID:4620
- C:\Windows\System\gwlfajU.exe
  C:\Windows\System\gwlfajU.exe
  2⤵
  PID:4636
- C:\Windows\System\jEKapfg.exe
  C:\Windows\System\jEKapfg.exe
  2⤵
  PID:4652
- C:\Windows\System\aLjPQar.exe
  C:\Windows\System\aLjPQar.exe
  2⤵
  PID:4696
- C:\Windows\System\QcHzjsD.exe
  C:\Windows\System\QcHzjsD.exe
  2⤵
  PID:4712
- C:\Windows\System\RMfVbge.exe
  C:\Windows\System\RMfVbge.exe
  2⤵
  PID:4728
- C:\Windows\System\UjZuCnV.exe
  C:\Windows\System\UjZuCnV.exe
  2⤵
  PID:4744
- C:\Windows\System\fRdShJA.exe
  C:\Windows\System\fRdShJA.exe
  2⤵
  PID:4760
- C:\Windows\System\vEmcGFZ.exe
  C:\Windows\System\vEmcGFZ.exe
  2⤵
  PID:4776
- C:\Windows\System\FDIKcUu.exe
  C:\Windows\System\FDIKcUu.exe
  2⤵
  PID:4792
- C:\Windows\System\WYjxWCc.exe
  C:\Windows\System\WYjxWCc.exe
  2⤵
  PID:4812
- C:\Windows\System\AMhbrgb.exe
  C:\Windows\System\AMhbrgb.exe
  2⤵
  PID:4828
- C:\Windows\System\bEDWiOs.exe
  C:\Windows\System\bEDWiOs.exe
  2⤵
  PID:4844
- C:\Windows\System\LpPxzXK.exe
  C:\Windows\System\LpPxzXK.exe
  2⤵
  PID:4860
- C:\Windows\System\ErjiUXS.exe
  C:\Windows\System\ErjiUXS.exe
  2⤵
  PID:4876
- C:\Windows\System\gWmsCxe.exe
  C:\Windows\System\gWmsCxe.exe
  2⤵
  PID:4892
- C:\Windows\System\UeEFYoS.exe
  C:\Windows\System\UeEFYoS.exe
  2⤵
  PID:4908
- C:\Windows\System\nTrHMgG.exe
  C:\Windows\System\nTrHMgG.exe
  2⤵
  PID:4924
- C:\Windows\System\nwmBvmw.exe
  C:\Windows\System\nwmBvmw.exe
  2⤵
  PID:4940
- C:\Windows\System\HklfrIR.exe
  C:\Windows\System\HklfrIR.exe
  2⤵
  PID:4956
- C:\Windows\System\oIBAXYb.exe
  C:\Windows\System\oIBAXYb.exe
  2⤵
  PID:4972
- C:\Windows\System\pwijiLB.exe
  C:\Windows\System\pwijiLB.exe
  2⤵
  PID:4988
- C:\Windows\System\FVqJouK.exe
  C:\Windows\System\FVqJouK.exe
  2⤵
  PID:5004
- C:\Windows\System\zOGEBzU.exe
  C:\Windows\System\zOGEBzU.exe
  2⤵
  PID:5020
- C:\Windows\System\EYjYSTW.exe
  C:\Windows\System\EYjYSTW.exe
  2⤵
  PID:5036
- C:\Windows\System\wCYBfUa.exe
  C:\Windows\System\wCYBfUa.exe
  2⤵
  PID:5052
- C:\Windows\System\ZwIbHCV.exe
  C:\Windows\System\ZwIbHCV.exe
  2⤵
  PID:5068
- C:\Windows\System\FywIuRO.exe
  C:\Windows\System\FywIuRO.exe
  2⤵
  PID:1120
- C:\Windows\System\cRrCWbR.exe
  C:\Windows\System\cRrCWbR.exe
  2⤵
  PID:4396
- C:\Windows\System\CnXpkAa.exe
  C:\Windows\System\CnXpkAa.exe
  2⤵
  PID:2644
- C:\Windows\System\erWeOzj.exe
  C:\Windows\System\erWeOzj.exe
  2⤵
  PID:4496
- C:\Windows\System\qyIKMWs.exe
  C:\Windows\System\qyIKMWs.exe
  2⤵
  PID:3012
- C:\Windows\System\kBgJXgp.exe
  C:\Windows\System\kBgJXgp.exe
  2⤵
  PID:3532
- C:\Windows\System\voBwCSg.exe
  C:\Windows\System\voBwCSg.exe
  2⤵
  PID:4036
- C:\Windows\System\FtudRzI.exe
  C:\Windows\System\FtudRzI.exe
  2⤵
  PID:972
- C:\Windows\System\MlMJbaC.exe
  C:\Windows\System\MlMJbaC.exe
  2⤵
  PID:4536
- C:\Windows\System\FCMhkij.exe
  C:\Windows\System\FCMhkij.exe
  2⤵
  PID:4600
- C:\Windows\System\eGCYmzO.exe
  C:\Windows\System\eGCYmzO.exe
  2⤵
  PID:4684
- C:\Windows\System\SyWaQsR.exe
  C:\Windows\System\SyWaQsR.exe
  2⤵
  PID:4692
- C:\Windows\System\lGveGJH.exe
  C:\Windows\System\lGveGJH.exe
  2⤵
  PID:2680
- C:\Windows\System\UfvUxpU.exe
  C:\Windows\System\UfvUxpU.exe
  2⤵
  PID:2800
- C:\Windows\System\DXZPcII.exe
  C:\Windows\System\DXZPcII.exe
  2⤵
  PID:2476
- C:\Windows\System\ePaCCIl.exe
  C:\Windows\System\ePaCCIl.exe
  2⤵
  PID:2032
- C:\Windows\System\GSWDGjX.exe
  C:\Windows\System\GSWDGjX.exe
  2⤵
  PID:4092
- C:\Windows\System\XvZnHtg.exe
  C:\Windows\System\XvZnHtg.exe
  2⤵
  PID:4040
- C:\Windows\System\HFpUQiu.exe
  C:\Windows\System\HFpUQiu.exe
  2⤵
  PID:4100
- C:\Windows\System\jlMtYpa.exe
  C:\Windows\System\jlMtYpa.exe
  2⤵
  PID:4140
- C:\Windows\System\CIZmUUV.exe
  C:\Windows\System\CIZmUUV.exe
  2⤵
  PID:4788
- C:\Windows\System\qHPjfoU.exe
  C:\Windows\System\qHPjfoU.exe
  2⤵
  PID:4248
- C:\Windows\System\BvlVsAT.exe
  C:\Windows\System\BvlVsAT.exe
  2⤵
  PID:4288
- C:\Windows\System\wvlUbBP.exe
  C:\Windows\System\wvlUbBP.exe
  2⤵
  PID:4332
- C:\Windows\System\URGLjYq.exe
  C:\Windows\System\URGLjYq.exe
  2⤵
  PID:4372
- C:\Windows\System\DUhGZxD.exe
  C:\Windows\System\DUhGZxD.exe
  2⤵
  PID:4516
- C:\Windows\System\KdIUnqY.exe
  C:\Windows\System\KdIUnqY.exe
  2⤵
  PID:4584
- C:\Windows\System\hyIKzNw.exe
  C:\Windows\System\hyIKzNw.exe
  2⤵
  PID:4648
- C:\Windows\System\BWklAcn.exe
  C:\Windows\System\BWklAcn.exe
  2⤵
  PID:4736
- C:\Windows\System\tDWRUsr.exe
  C:\Windows\System\tDWRUsr.exe
  2⤵
  PID:4800
- C:\Windows\System\XyoURlV.exe
  C:\Windows\System\XyoURlV.exe
  2⤵
  PID:4380
- C:\Windows\System\ZELLxTf.exe
  C:\Windows\System\ZELLxTf.exe
  2⤵
  PID:4444
- C:\Windows\System\vqjXSXI.exe
  C:\Windows\System\vqjXSXI.exe
  2⤵
  PID:4836
- C:\Windows\System\OswJwrR.exe
  C:\Windows\System\OswJwrR.exe
  2⤵
  PID:4856
- C:\Windows\System\PwEBBOO.exe
  C:\Windows\System\PwEBBOO.exe
  2⤵
  PID:4888
- C:\Windows\System\AALIiRl.exe
  C:\Windows\System\AALIiRl.exe
  2⤵
  PID:4916
- C:\Windows\System\kNDwILf.exe
  C:\Windows\System\kNDwILf.exe
  2⤵
  PID:4932
- C:\Windows\System\MbQZPes.exe
  C:\Windows\System\MbQZPes.exe
  2⤵
  PID:4964
- C:\Windows\System\vkTITjR.exe
  C:\Windows\System\vkTITjR.exe
  2⤵
  PID:4996
- C:\Windows\System\PYuXpQw.exe
  C:\Windows\System\PYuXpQw.exe
  2⤵
  PID:4808
- C:\Windows\System\yfIXiwC.exe
  C:\Windows\System\yfIXiwC.exe
  2⤵
  PID:5060
- C:\Windows\System\ziTXnmL.exe
  C:\Windows\System\ziTXnmL.exe
  2⤵
  PID:2432
- C:\Windows\System\MDLZPrF.exe
  C:\Windows\System\MDLZPrF.exe
  2⤵
  PID:5096
- C:\Windows\System\PbkvDVz.exe
  C:\Windows\System\PbkvDVz.exe
  2⤵
  PID:5112
- C:\Windows\System\pJgdeOv.exe
  C:\Windows\System\pJgdeOv.exe
  2⤵
  PID:4032
- C:\Windows\System\ZgdOylp.exe
  C:\Windows\System\ZgdOylp.exe
  2⤵
  PID:5080
- C:\Windows\System\DjPAWHB.exe
  C:\Windows\System\DjPAWHB.exe
  2⤵
  PID:2936
- C:\Windows\System\dDFQAiO.exe
  C:\Windows\System\dDFQAiO.exe
  2⤵
  PID:4160
- C:\Windows\System\KyeLnim.exe
  C:\Windows\System\KyeLnim.exe
  2⤵
  PID:2488
- C:\Windows\System\dUHqTAd.exe
  C:\Windows\System\dUHqTAd.exe
  2⤵
  PID:3368
- C:\Windows\System\CIrEFsz.exe
  C:\Windows\System\CIrEFsz.exe
  2⤵
  PID:3076
- C:\Windows\System\tPhciWD.exe
  C:\Windows\System\tPhciWD.exe
  2⤵
  PID:3036
- C:\Windows\System\fMgGpjk.exe
  C:\Windows\System\fMgGpjk.exe
  2⤵
  PID:2640
- C:\Windows\System\iLptZNp.exe
  C:\Windows\System\iLptZNp.exe
  2⤵
  PID:4156
- C:\Windows\System\wAzdzvN.exe
  C:\Windows\System\wAzdzvN.exe
  2⤵
  PID:4460
- C:\Windows\System\hKWfFTY.exe
  C:\Windows\System\hKWfFTY.exe
  2⤵
  PID:4528
- C:\Windows\System\FQVSvMY.exe
  C:\Windows\System\FQVSvMY.exe
  2⤵
  PID:4236
- C:\Windows\System\VXoeunT.exe
  C:\Windows\System\VXoeunT.exe
  2⤵
  PID:4312
- C:\Windows\System\iIOHdVx.exe
  C:\Windows\System\iIOHdVx.exe
  2⤵
  PID:1912
- C:\Windows\System\StFmISR.exe
  C:\Windows\System\StFmISR.exe
  2⤵
  PID:4660
- C:\Windows\System\IDBEhwi.exe
  C:\Windows\System\IDBEhwi.exe
  2⤵
  PID:3232
- C:\Windows\System\hDcyNwZ.exe
  C:\Windows\System\hDcyNwZ.exe
  2⤵
  PID:1628
- C:\Windows\System\pFCCTfA.exe
  C:\Windows\System\pFCCTfA.exe
  2⤵
  PID:1948
- C:\Windows\System\VMYrPGi.exe
  C:\Windows\System\VMYrPGi.exe
  2⤵
  PID:4596
- C:\Windows\System\EjPDCAs.exe
  C:\Windows\System\EjPDCAs.exe
  2⤵
  PID:4672
- C:\Windows\System\pALgSSz.exe
  C:\Windows\System\pALgSSz.exe
  2⤵
  PID:4784
- C:\Windows\System\NzAArEk.exe
  C:\Windows\System\NzAArEk.exe
  2⤵
  PID:2932
- C:\Windows\System\JnSNysg.exe
  C:\Windows\System\JnSNysg.exe
  2⤵
  PID:2328
- C:\Windows\System\CZkdRKs.exe
  C:\Windows\System\CZkdRKs.exe
  2⤵
  PID:4104
- C:\Windows\System\ExtOIIg.exe
  C:\Windows\System\ExtOIIg.exe
  2⤵
  PID:4284
- C:\Windows\System\UPCFcfo.exe
  C:\Windows\System\UPCFcfo.exe
  2⤵
  PID:4220
- C:\Windows\System\nXnnICe.exe
  C:\Windows\System\nXnnICe.exe
  2⤵
  PID:2188
- C:\Windows\System\FJhJPdD.exe
  C:\Windows\System\FJhJPdD.exe
  2⤵
  PID:3044
- C:\Windows\System\DaYDket.exe
  C:\Windows\System\DaYDket.exe
  2⤵
  PID:4616
- C:\Windows\System\AnzTaVc.exe
  C:\Windows\System\AnzTaVc.exe
  2⤵
  PID:4768
- C:\Windows\System\sMvZtBu.exe
  C:\Windows\System\sMvZtBu.exe
  2⤵
  PID:4408
- C:\Windows\System\yGqDWUT.exe
  C:\Windows\System\yGqDWUT.exe
  2⤵
  PID:4852
- C:\Windows\System\YDwywdU.exe
  C:\Windows\System\YDwywdU.exe
  2⤵
  PID:4872
- C:\Windows\System\wRMPBws.exe
  C:\Windows\System\wRMPBws.exe
  2⤵
  PID:4920
- C:\Windows\System\GQzQhcD.exe
  C:\Windows\System\GQzQhcD.exe
  2⤵
  PID:4952
- C:\Windows\System\kGNzVYV.exe
  C:\Windows\System\kGNzVYV.exe
  2⤵
  PID:5000
- C:\Windows\System\hzQeJDN.exe
  C:\Windows\System\hzQeJDN.exe
  2⤵
  PID:5064
- C:\Windows\System\HsxHpYg.exe
  C:\Windows\System\HsxHpYg.exe
  2⤵
  PID:112
- C:\Windows\System\SyykMph.exe
  C:\Windows\System\SyykMph.exe
  2⤵
  PID:1924
- C:\Windows\System\OWysxFe.exe
  C:\Windows\System\OWysxFe.exe
  2⤵
  PID:4200
- C:\Windows\System\ndyikgp.exe
  C:\Windows\System\ndyikgp.exe
  2⤵
  PID:3444
- C:\Windows\System\yuETAHL.exe
  C:\Windows\System\yuETAHL.exe
  2⤵
  PID:4124
- C:\Windows\System\YmtEdoZ.exe
  C:\Windows\System\YmtEdoZ.exe
  2⤵
  PID:1996
- C:\Windows\System\nsyTFgh.exe
  C:\Windows\System\nsyTFgh.exe
  2⤵
  PID:4532
- C:\Windows\System\jRNZDVc.exe
  C:\Windows\System\jRNZDVc.exe
  2⤵
  PID:2440
- C:\Windows\System\mzdYnHD.exe
  C:\Windows\System\mzdYnHD.exe
  2⤵
  PID:2340
- C:\Windows\System\OcsObMV.exe
  C:\Windows\System\OcsObMV.exe
  2⤵
  PID:3380
- C:\Windows\System\IwLAvHz.exe
  C:\Windows\System\IwLAvHz.exe
  2⤵
  PID:2312
- C:\Windows\System\TiGPNrD.exe
  C:\Windows\System\TiGPNrD.exe
  2⤵
  PID:560
- C:\Windows\System\OiUeVyB.exe
  C:\Windows\System\OiUeVyB.exe
  2⤵
  PID:3192
- C:\Windows\System\OjCWNyw.exe
  C:\Windows\System\OjCWNyw.exe
  2⤵
  PID:4256
- C:\Windows\System\GtQQDQh.exe
  C:\Windows\System\GtQQDQh.exe
  2⤵
  PID:2212
- C:\Windows\System\zLwbCOL.exe
  C:\Windows\System\zLwbCOL.exe
  2⤵
  PID:5200
- C:\Windows\System\DEVdiXR.exe
  C:\Windows\System\DEVdiXR.exe
  2⤵
  PID:5216
- C:\Windows\System\cvYXsbi.exe
  C:\Windows\System\cvYXsbi.exe
  2⤵
  PID:5232
- C:\Windows\System\sQaiSwP.exe
  C:\Windows\System\sQaiSwP.exe
  2⤵
  PID:5248
- C:\Windows\System\nZbskpy.exe
  C:\Windows\System\nZbskpy.exe
  2⤵
  PID:5268
- C:\Windows\System\gqDNHAK.exe
  C:\Windows\System\gqDNHAK.exe
  2⤵
  PID:5284
- C:\Windows\System\fLMjHRg.exe
  C:\Windows\System\fLMjHRg.exe
  2⤵
  PID:5300
- C:\Windows\System\AvNwsYv.exe
  C:\Windows\System\AvNwsYv.exe
  2⤵
  PID:5316
- C:\Windows\System\ryAfLxn.exe
  C:\Windows\System\ryAfLxn.exe
  2⤵
  PID:5332
- C:\Windows\System\RyaLwZP.exe
  C:\Windows\System\RyaLwZP.exe
  2⤵
  PID:5356
- C:\Windows\System\tPagAcf.exe
  C:\Windows\System\tPagAcf.exe
  2⤵
  PID:5372
- C:\Windows\System\JztbibA.exe
  C:\Windows\System\JztbibA.exe
  2⤵
  PID:5388
- C:\Windows\System\fgGJnzO.exe
  C:\Windows\System\fgGJnzO.exe
  2⤵
  PID:5404
- C:\Windows\System\KiomqlC.exe
  C:\Windows\System\KiomqlC.exe
  2⤵
  PID:5420
- C:\Windows\System\lstCYGE.exe
  C:\Windows\System\lstCYGE.exe
  2⤵
  PID:5436
- C:\Windows\System\QtbpibL.exe
  C:\Windows\System\QtbpibL.exe
  2⤵
  PID:5452
- C:\Windows\System\zTBsyap.exe
  C:\Windows\System\zTBsyap.exe
  2⤵
  PID:5468
- C:\Windows\System\znXnsGR.exe
  C:\Windows\System\znXnsGR.exe
  2⤵
  PID:5484
- C:\Windows\System\BoKUJnP.exe
  C:\Windows\System\BoKUJnP.exe
  2⤵
  PID:5500
- C:\Windows\System\WpHIrQp.exe
  C:\Windows\System\WpHIrQp.exe
  2⤵
  PID:5516
- C:\Windows\System\OHKfWFl.exe
  C:\Windows\System\OHKfWFl.exe
  2⤵
  PID:5532
- C:\Windows\System\miRmYjF.exe
  C:\Windows\System\miRmYjF.exe
  2⤵
  PID:5548
- C:\Windows\System\kjrNKII.exe
  C:\Windows\System\kjrNKII.exe
  2⤵
  PID:5564
- C:\Windows\System\VXpycpN.exe
  C:\Windows\System\VXpycpN.exe
  2⤵
  PID:5580
- C:\Windows\System\rRBsEtb.exe
  C:\Windows\System\rRBsEtb.exe
  2⤵
  PID:5600
- C:\Windows\System\aHlhRIC.exe
  C:\Windows\System\aHlhRIC.exe
  2⤵
  PID:5672
- C:\Windows\System\KhvAhsJ.exe
  C:\Windows\System\KhvAhsJ.exe
  2⤵
  PID:5732
- C:\Windows\System\ZmoMvWg.exe
  C:\Windows\System\ZmoMvWg.exe
  2⤵
  PID:5756
- C:\Windows\System\oGFwkAJ.exe
  C:\Windows\System\oGFwkAJ.exe
  2⤵
  PID:5772
- C:\Windows\System\idWxKuO.exe
  C:\Windows\System\idWxKuO.exe
  2⤵
  PID:5792
- C:\Windows\System\KNyqslj.exe
  C:\Windows\System\KNyqslj.exe
  2⤵
  PID:5808
- C:\Windows\System\bsavnwv.exe
  C:\Windows\System\bsavnwv.exe
  2⤵
  PID:5824
- C:\Windows\System\uhSNmJo.exe
  C:\Windows\System\uhSNmJo.exe
  2⤵
  PID:5840
- C:\Windows\System\qzFxeKE.exe
  C:\Windows\System\qzFxeKE.exe
  2⤵
  PID:5860
- C:\Windows\System\TODcbir.exe
  C:\Windows\System\TODcbir.exe
  2⤵
  PID:5876
- C:\Windows\System\mSqjdjI.exe
  C:\Windows\System\mSqjdjI.exe
  2⤵
  PID:5892
- C:\Windows\System\iKCsAex.exe
  C:\Windows\System\iKCsAex.exe
  2⤵
  PID:5912
- C:\Windows\System\dApNpjZ.exe
  C:\Windows\System\dApNpjZ.exe
  2⤵
  PID:5928
- C:\Windows\System\afZValM.exe
  C:\Windows\System\afZValM.exe
  2⤵
  PID:5944
- C:\Windows\System\FZOXEuo.exe
  C:\Windows\System\FZOXEuo.exe
  2⤵
  PID:5960
- C:\Windows\System\VTbwbiX.exe
  C:\Windows\System\VTbwbiX.exe
  2⤵
  PID:5976
- C:\Windows\System\QRUPkuY.exe
  C:\Windows\System\QRUPkuY.exe
  2⤵
  PID:5992
- C:\Windows\System\VSnpPol.exe
  C:\Windows\System\VSnpPol.exe
  2⤵
  PID:6008
- C:\Windows\System\PdgWRXr.exe
  C:\Windows\System\PdgWRXr.exe
  2⤵
  PID:6024
- C:\Windows\System\GrWmnYC.exe
  C:\Windows\System\GrWmnYC.exe
  2⤵
  PID:6040
- C:\Windows\System\NVmidps.exe
  C:\Windows\System\NVmidps.exe
  2⤵
  PID:6056
- C:\Windows\System\iRxOOEV.exe
  C:\Windows\System\iRxOOEV.exe
  2⤵
  PID:6072
- C:\Windows\System\ZrbPhTB.exe
  C:\Windows\System\ZrbPhTB.exe
  2⤵
  PID:6088
- C:\Windows\System\vtlwqJZ.exe
  C:\Windows\System\vtlwqJZ.exe
  2⤵
  PID:6104
- C:\Windows\System\SDprefP.exe
  C:\Windows\System\SDprefP.exe
  2⤵
  PID:6120
- C:\Windows\System\nKnJxjV.exe
  C:\Windows\System\nKnJxjV.exe
  2⤵
  PID:6136
- C:\Windows\System\teMhgjD.exe
  C:\Windows\System\teMhgjD.exe
  2⤵
  PID:3348
- C:\Windows\System\eUZSjbV.exe
  C:\Windows\System\eUZSjbV.exe
  2⤵
  PID:5240
- C:\Windows\System\IYNgjbi.exe
  C:\Windows\System\IYNgjbi.exe
  2⤵
  PID:5280
- C:\Windows\System\pkPbqrO.exe
  C:\Windows\System\pkPbqrO.exe
  2⤵
  PID:1744
- C:\Windows\System\IQyEcHe.exe
  C:\Windows\System\IQyEcHe.exe
  2⤵
  PID:3912
- C:\Windows\System\HQfgNmu.exe
  C:\Windows\System\HQfgNmu.exe
  2⤵
  PID:5340
- C:\Windows\System\uYiMzSj.exe
  C:\Windows\System\uYiMzSj.exe
  2⤵
  PID:5076
- C:\Windows\System\ZeAKZOw.exe
  C:\Windows\System\ZeAKZOw.exe
  2⤵
  PID:1040
- C:\Windows\System\sMEFMLT.exe
  C:\Windows\System\sMEFMLT.exe
  2⤵
  PID:5192
- C:\Windows\System\DOHOivs.exe
  C:\Windows\System\DOHOivs.exe
  2⤵
  PID:1864
- C:\Windows\System\BbcXrOg.exe
  C:\Windows\System\BbcXrOg.exe
  2⤵
  PID:3388
- C:\Windows\System\rbDpAld.exe
  C:\Windows\System\rbDpAld.exe
  2⤵
  PID:4688
- C:\Windows\System\TIcbkkH.exe
  C:\Windows\System\TIcbkkH.exe
  2⤵
  PID:4268
- C:\Windows\System\grpkShc.exe
  C:\Windows\System\grpkShc.exe
  2⤵
  PID:4580
- C:\Windows\System\pwODPqx.exe
  C:\Windows\System\pwODPqx.exe
  2⤵
  PID:4644
- C:\Windows\System\vfojTuq.exe
  C:\Windows\System\vfojTuq.exe
  2⤵
  PID:4772
- C:\Windows\System\pUXsPUT.exe
  C:\Windows\System\pUXsPUT.exe
  2⤵
  PID:1376
- C:\Windows\System\NYOpVGm.exe
  C:\Windows\System\NYOpVGm.exe
  2⤵
  PID:5132
- C:\Windows\System\VigNpoa.exe
  C:\Windows\System\VigNpoa.exe
  2⤵
  PID:5148
- C:\Windows\System\sBziAKo.exe
  C:\Windows\System\sBziAKo.exe
  2⤵
  PID:5164
- C:\Windows\System\hjKWXqi.exe
  C:\Windows\System\hjKWXqi.exe
  2⤵
  PID:5180
- C:\Windows\System\wwMyFrG.exe
  C:\Windows\System\wwMyFrG.exe
  2⤵
  PID:5228
- C:\Windows\System\xCZuxEG.exe
  C:\Windows\System\xCZuxEG.exe
  2⤵
  PID:2100
- C:\Windows\System\BzYDeCw.exe
  C:\Windows\System\BzYDeCw.exe
  2⤵
  PID:5380
- C:\Windows\System\NuzQcMK.exe
  C:\Windows\System\NuzQcMK.exe
  2⤵
  PID:5448
- C:\Windows\System\rUwCIyY.exe
  C:\Windows\System\rUwCIyY.exe
  2⤵
  PID:1320
- C:\Windows\System\JPebFgE.exe
  C:\Windows\System\JPebFgE.exe
  2⤵
  PID:5480
- C:\Windows\System\lXaQjKe.exe
  C:\Windows\System\lXaQjKe.exe
  2⤵
  PID:5492
- C:\Windows\System\IFHYrxC.exe
  C:\Windows\System\IFHYrxC.exe
  2⤵
  PID:5544
- C:\Windows\System\JYlpMYl.exe
  C:\Windows\System\JYlpMYl.exe
  2⤵
  PID:5496
- C:\Windows\System\DvfEMfh.exe
  C:\Windows\System\DvfEMfh.exe
  2⤵
  PID:5524
- C:\Windows\System\swbuceE.exe
  C:\Windows\System\swbuceE.exe
  2⤵
  PID:3000
- C:\Windows\System\bMMIkqZ.exe
  C:\Windows\System\bMMIkqZ.exe
  2⤵
  PID:5608
- C:\Windows\System\AsCxlik.exe
  C:\Windows\System\AsCxlik.exe
  2⤵
  PID:5624
- C:\Windows\System\ETRHQuM.exe
  C:\Windows\System\ETRHQuM.exe
  2⤵
  PID:5640
- C:\Windows\System\LiNOWNb.exe
  C:\Windows\System\LiNOWNb.exe
  2⤵
  PID:5656
- C:\Windows\System\oylQhtL.exe
  C:\Windows\System\oylQhtL.exe
  2⤵
  PID:6064
- C:\Windows\System\WxsAhPC.exe
  C:\Windows\System\WxsAhPC.exe
  2⤵
  PID:6100
- C:\Windows\System\tiUgFGG.exe
  C:\Windows\System\tiUgFGG.exe
  2⤵
  PID:6016
- C:\Windows\System\VxlPGRL.exe
  C:\Windows\System\VxlPGRL.exe
  2⤵
  PID:6132
- C:\Windows\System\TPuXUzF.exe
  C:\Windows\System\TPuXUzF.exe
  2⤵
  PID:5088
- C:\Windows\System\xldYfRD.exe
  C:\Windows\System\xldYfRD.exe
  2⤵
  PID:4128
- C:\Windows\System\bUrocIz.exe
  C:\Windows\System\bUrocIz.exe
  2⤵
  PID:5084
- C:\Windows\System\gxVsZgM.exe
  C:\Windows\System\gxVsZgM.exe
  2⤵
  PID:4204
- C:\Windows\System\TVQkpLQ.exe
  C:\Windows\System\TVQkpLQ.exe
  2⤵
  PID:5124
- C:\Windows\System\vpCyTsd.exe
  C:\Windows\System\vpCyTsd.exe
  2⤵
  PID:2132
- C:\Windows\System\mLJHuSV.exe
  C:\Windows\System\mLJHuSV.exe
  2⤵
  PID:4868
- C:\Windows\System\bafYADr.exe
  C:\Windows\System\bafYADr.exe
  2⤵
  PID:5144
- C:\Windows\System\otZEnQQ.exe
  C:\Windows\System\otZEnQQ.exe
  2⤵
  PID:5324
- C:\Windows\System\gLTHSOH.exe
  C:\Windows\System\gLTHSOH.exe
  2⤵
  PID:5508
- C:\Windows\System\iAlkNLd.exe
  C:\Windows\System\iAlkNLd.exe
  2⤵
  PID:5444
- C:\Windows\System\dRJNvUh.exe
  C:\Windows\System\dRJNvUh.exe
  2⤵
  PID:5576
- C:\Windows\System\kuyuVxM.exe
  C:\Windows\System\kuyuVxM.exe
  2⤵
  PID:5652
- C:\Windows\System\QezEcbc.exe
  C:\Windows\System\QezEcbc.exe
  2⤵
  PID:5632
- C:\Windows\System\cihwlsS.exe
  C:\Windows\System\cihwlsS.exe
  2⤵
  PID:5668
- C:\Windows\System\wBDyqQx.exe
  C:\Windows\System\wBDyqQx.exe
  2⤵
  PID:1064
- C:\Windows\System\JCXxiKe.exe
  C:\Windows\System\JCXxiKe.exe
  2⤵
  PID:5692
- C:\Windows\System\YEzzrBp.exe
  C:\Windows\System\YEzzrBp.exe
  2⤵
  PID:5704
- C:\Windows\System\bXpBXmj.exe
  C:\Windows\System\bXpBXmj.exe
  2⤵
  PID:1940
- C:\Windows\System\XnBHOAn.exe
  C:\Windows\System\XnBHOAn.exe
  2⤵
  PID:2084
- C:\Windows\System\llRdaYi.exe
  C:\Windows\System\llRdaYi.exe
  2⤵
  PID:5764
- C:\Windows\System\idgpBvp.exe
  C:\Windows\System\idgpBvp.exe
  2⤵
  PID:5784
- C:\Windows\System\jeEAUdT.exe
  C:\Windows\System\jeEAUdT.exe
  2⤵
  PID:5804
- C:\Windows\System\fqMvKwX.exe
  C:\Windows\System\fqMvKwX.exe
  2⤵
  PID:5904
- C:\Windows\System\OYYdaZo.exe
  C:\Windows\System\OYYdaZo.exe
  2⤵
  PID:5264
- C:\Windows\System\Qrroxzu.exe
  C:\Windows\System\Qrroxzu.exe
  2⤵
  PID:1572
- C:\Windows\System\nHokoed.exe
  C:\Windows\System\nHokoed.exe
  2⤵
  PID:5596
- C:\Windows\System\rseKBCQ.exe
  C:\Windows\System\rseKBCQ.exe
  2⤵
  PID:6084
- C:\Windows\System\MbFWfIx.exe
  C:\Windows\System\MbFWfIx.exe
  2⤵
  PID:6112
- C:\Windows\System\YNinhWr.exe
  C:\Windows\System\YNinhWr.exe
  2⤵
  PID:2968
- C:\Windows\System\gOvKAHV.exe
  C:\Windows\System\gOvKAHV.exe
  2⤵
  PID:5416
- C:\Windows\System\PIgAapN.exe
  C:\Windows\System\PIgAapN.exe
  2⤵
  PID:5428
- C:\Windows\System\kbaakie.exe
  C:\Windows\System\kbaakie.exe
  2⤵
  PID:4824
- C:\Windows\System\CxbCcyH.exe
  C:\Windows\System\CxbCcyH.exe
  2⤵
  PID:5176
- C:\Windows\System\tHbPgzj.exe
  C:\Windows\System\tHbPgzj.exe
  2⤵
  PID:5364
- C:\Windows\System\pOdXWlF.exe
  C:\Windows\System\pOdXWlF.exe
  2⤵
  PID:5592
- C:\Windows\System\jcELaiL.exe
  C:\Windows\System\jcELaiL.exe
  2⤵
  PID:5696
- C:\Windows\System\yqEfpNp.exe
  C:\Windows\System\yqEfpNp.exe
  2⤵
  PID:5728
- C:\Windows\System\XQOZaDP.exe
  C:\Windows\System\XQOZaDP.exe
  2⤵
  PID:2588
- C:\Windows\System\JacQPUD.exe
  C:\Windows\System\JacQPUD.exe
  2⤵
  PID:5940
- C:\Windows\System\jaBYvBG.exe
  C:\Windows\System\jaBYvBG.exe
  2⤵
  PID:5900
- C:\Windows\System\GTAqLZT.exe
  C:\Windows\System\GTAqLZT.exe
  2⤵
  PID:5920
- C:\Windows\System\XAPrGVG.exe
  C:\Windows\System\XAPrGVG.exe
  2⤵
  PID:5984
- C:\Windows\System\OYMYQPj.exe
  C:\Windows\System\OYMYQPj.exe
  2⤵
  PID:2060
- C:\Windows\System\lQGFLba.exe
  C:\Windows\System\lQGFLba.exe
  2⤵
  PID:5160
- C:\Windows\System\hFcUhGh.exe
  C:\Windows\System\hFcUhGh.exe
  2⤵
  PID:4552
- C:\Windows\System\MGMCvSi.exe
  C:\Windows\System\MGMCvSi.exe
  2⤵
  PID:5588
- C:\Windows\System\LHeXpSf.exe
  C:\Windows\System\LHeXpSf.exe
  2⤵
  PID:5464
- C:\Windows\System\dAnYsaD.exe
  C:\Windows\System\dAnYsaD.exe
  2⤵
  PID:5688
- C:\Windows\System\tVlbPRx.exe
  C:\Windows\System\tVlbPRx.exe
  2⤵
  PID:1804
- C:\Windows\System\xjOPXTd.exe
  C:\Windows\System\xjOPXTd.exe
  2⤵
  PID:5616
- C:\Windows\System\CsAcEvn.exe
  C:\Windows\System\CsAcEvn.exe
  2⤵
  PID:5868
- C:\Windows\System\PYfEcBe.exe
  C:\Windows\System\PYfEcBe.exe
  2⤵
  PID:5820
- C:\Windows\System\kXyOlel.exe
  C:\Windows\System\kXyOlel.exe
  2⤵
  PID:5224
- C:\Windows\System\iaatElu.exe
  C:\Windows\System\iaatElu.exe
  2⤵
  PID:6080
- C:\Windows\System\NVkUDke.exe
  C:\Windows\System\NVkUDke.exe
  2⤵
  PID:5368
- C:\Windows\System\ExDbbQi.exe
  C:\Windows\System\ExDbbQi.exe
  2⤵
  PID:2360
- C:\Windows\System\dZnNcib.exe
  C:\Windows\System\dZnNcib.exe
  2⤵
  PID:1808
- C:\Windows\System\TBmiDyb.exe
  C:\Windows\System\TBmiDyb.exe
  2⤵
  PID:5212
- C:\Windows\System\vyROFCP.exe
  C:\Windows\System\vyROFCP.exe
  2⤵
  PID:2560
- C:\Windows\System\tmgqTbW.exe
  C:\Windows\System\tmgqTbW.exe
  2⤵
  PID:5724
- C:\Windows\System\erUAYON.exe
  C:\Windows\System\erUAYON.exe
  2⤵
  PID:6036
- C:\Windows\System\WOzwifr.exe
  C:\Windows\System\WOzwifr.exe
  2⤵
  PID:2824
- C:\Windows\System\jKCXcXy.exe
  C:\Windows\System\jKCXcXy.exe
  2⤵
  PID:6152
- C:\Windows\System\abBZLwS.exe
  C:\Windows\System\abBZLwS.exe
  2⤵
  PID:6184
- C:\Windows\System\upJNYlH.exe
  C:\Windows\System\upJNYlH.exe
  2⤵
  PID:6204
- C:\Windows\System\ttragHA.exe
  C:\Windows\System\ttragHA.exe
  2⤵
  PID:6220
- C:\Windows\System\aXuBULE.exe
  C:\Windows\System\aXuBULE.exe
  2⤵
  PID:6240
- C:\Windows\System\jfxvXcv.exe
  C:\Windows\System\jfxvXcv.exe
  2⤵
  PID:6268
- C:\Windows\System\qesdoXW.exe
  C:\Windows\System\qesdoXW.exe
  2⤵
  PID:6284
- C:\Windows\System\UwuaWso.exe
  C:\Windows\System\UwuaWso.exe
  2⤵
  PID:6300
- C:\Windows\System\axKySWx.exe
  C:\Windows\System\axKySWx.exe
  2⤵
  PID:6320
- C:\Windows\System\OnWAwMD.exe
  C:\Windows\System\OnWAwMD.exe
  2⤵
  PID:6336
- C:\Windows\System\rHvXAkg.exe
  C:\Windows\System\rHvXAkg.exe
  2⤵
  PID:6364
- C:\Windows\System\UlOrPUk.exe
  C:\Windows\System\UlOrPUk.exe
  2⤵
  PID:6380
- C:\Windows\System\NZvliHK.exe
  C:\Windows\System\NZvliHK.exe
  2⤵
  PID:6396
- C:\Windows\System\ZeeRfTt.exe
  C:\Windows\System\ZeeRfTt.exe
  2⤵
  PID:6416
- C:\Windows\System\kIQoALB.exe
  C:\Windows\System\kIQoALB.exe
  2⤵
  PID:6432
- C:\Windows\System\yQtiDFe.exe
  C:\Windows\System\yQtiDFe.exe
  2⤵
  PID:6452
- C:\Windows\System\CbCFtbj.exe
  C:\Windows\System\CbCFtbj.exe
  2⤵
  PID:6468
- C:\Windows\System\kxzbKGN.exe
  C:\Windows\System\kxzbKGN.exe
  2⤵
  PID:6484
- C:\Windows\System\MMchnMm.exe
  C:\Windows\System\MMchnMm.exe
  2⤵
  PID:6500
- C:\Windows\System\hnWGcXS.exe
  C:\Windows\System\hnWGcXS.exe
  2⤵
  PID:6552
- C:\Windows\System\gPPftFU.exe
  C:\Windows\System\gPPftFU.exe
  2⤵
  PID:6568
- C:\Windows\System\fanvLcl.exe
  C:\Windows\System\fanvLcl.exe
  2⤵
  PID:6584
- C:\Windows\System\tLEJQJR.exe
  C:\Windows\System\tLEJQJR.exe
  2⤵
  PID:6604
- C:\Windows\System\nWsHvMm.exe
  C:\Windows\System\nWsHvMm.exe
  2⤵
  PID:6620
- C:\Windows\System\WDgdYOW.exe
  C:\Windows\System\WDgdYOW.exe
  2⤵
  PID:6652
- C:\Windows\System\PsxgbzY.exe
  C:\Windows\System\PsxgbzY.exe
  2⤵
  PID:6668
- C:\Windows\System\xyZiwOU.exe
  C:\Windows\System\xyZiwOU.exe
  2⤵
  PID:6684
- C:\Windows\System\ilkfYiU.exe
  C:\Windows\System\ilkfYiU.exe
  2⤵
  PID:6700
- C:\Windows\System\VyLjehA.exe
  C:\Windows\System\VyLjehA.exe
  2⤵
  PID:6716
- C:\Windows\System\HbQdAfS.exe
  C:\Windows\System\HbQdAfS.exe
  2⤵
  PID:6740
- C:\Windows\System\esDoYPc.exe
  C:\Windows\System\esDoYPc.exe
  2⤵
  PID:6776
- C:\Windows\System\AwzcBaV.exe
  C:\Windows\System\AwzcBaV.exe
  2⤵
  PID:6792
- C:\Windows\System\sWXahmL.exe
  C:\Windows\System\sWXahmL.exe
  2⤵
  PID:6808
- C:\Windows\System\ZHqxXCN.exe
  C:\Windows\System\ZHqxXCN.exe
  2⤵
  PID:6824
- C:\Windows\System\YRHbnij.exe
  C:\Windows\System\YRHbnij.exe
  2⤵
  PID:6840
- C:\Windows\System\ldbXUEO.exe
  C:\Windows\System\ldbXUEO.exe
  2⤵
  PID:6856
- C:\Windows\System\MvxHKcB.exe
  C:\Windows\System\MvxHKcB.exe
  2⤵
  PID:6888
- C:\Windows\System\WHUYcuB.exe
  C:\Windows\System\WHUYcuB.exe
  2⤵
  PID:6904
- C:\Windows\System\dalKDgp.exe
  C:\Windows\System\dalKDgp.exe
  2⤵
  PID:6924
- C:\Windows\System\WVyVYqz.exe
  C:\Windows\System\WVyVYqz.exe
  2⤵
  PID:6940
- C:\Windows\System\ROnCTcy.exe
  C:\Windows\System\ROnCTcy.exe
  2⤵
  PID:6972
- C:\Windows\System\pvJIVyZ.exe
  C:\Windows\System\pvJIVyZ.exe
  2⤵
  PID:6988
- C:\Windows\System\NdCltau.exe
  C:\Windows\System\NdCltau.exe
  2⤵
  PID:7004
- C:\Windows\System\NRXRxhV.exe
  C:\Windows\System\NRXRxhV.exe
  2⤵
  PID:7020
- C:\Windows\System\gRuhnwi.exe
  C:\Windows\System\gRuhnwi.exe
  2⤵
  PID:7036
- C:\Windows\System\rsKKXxY.exe
  C:\Windows\System\rsKKXxY.exe
  2⤵
  PID:7056
- C:\Windows\System\Hwfxtkk.exe
  C:\Windows\System\Hwfxtkk.exe
  2⤵
  PID:7076
- C:\Windows\System\JRGfCOY.exe
  C:\Windows\System\JRGfCOY.exe
  2⤵
  PID:7096
- C:\Windows\System\VMDkRcA.exe
  C:\Windows\System\VMDkRcA.exe
  2⤵
  PID:7120
- C:\Windows\System\OIYoEzo.exe
  C:\Windows\System\OIYoEzo.exe
  2⤵
  PID:7140
- C:\Windows\System\HFdOVxz.exe
  C:\Windows\System\HFdOVxz.exe
  2⤵
  PID:7160
- C:\Windows\System\SsjqXSd.exe
  C:\Windows\System\SsjqXSd.exe
  2⤵
  PID:5460
- C:\Windows\System\UgFcUXY.exe
  C:\Windows\System\UgFcUXY.exe
  2⤵
  PID:5328
- C:\Windows\System\IHKOZcU.exe
  C:\Windows\System\IHKOZcU.exe
  2⤵
  PID:1676
- C:\Windows\System\sQNapUU.exe
  C:\Windows\System\sQNapUU.exe
  2⤵
  PID:6164
- C:\Windows\System\fxRkxeK.exe
  C:\Windows\System\fxRkxeK.exe
  2⤵
  PID:5936
- C:\Windows\System\dpMTMru.exe
  C:\Windows\System\dpMTMru.exe
  2⤵
  PID:6296
- C:\Windows\System\NEHiZda.exe
  C:\Windows\System\NEHiZda.exe
  2⤵
  PID:6192
- C:\Windows\System\ZKjunrd.exe
  C:\Windows\System\ZKjunrd.exe
  2⤵
  PID:6004
- C:\Windows\System\LOVVIKx.exe
  C:\Windows\System\LOVVIKx.exe
  2⤵
  PID:6424
- C:\Windows\System\oBTZGfZ.exe
  C:\Windows\System\oBTZGfZ.exe
  2⤵
  PID:6276
- C:\Windows\System\JVWSFPE.exe
  C:\Windows\System\JVWSFPE.exe
  2⤵
  PID:6316
- C:\Windows\System\GranqgA.exe
  C:\Windows\System\GranqgA.exe
  2⤵
  PID:6392
- C:\Windows\System\WilyINh.exe
  C:\Windows\System\WilyINh.exe
  2⤵
  PID:6460
- C:\Windows\System\PaDdbDX.exe
  C:\Windows\System\PaDdbDX.exe
  2⤵
  PID:5740
- C:\Windows\System\JoOqNKr.exe
  C:\Windows\System\JoOqNKr.exe
  2⤵
  PID:6444
- C:\Windows\System\hxoKNmU.exe
  C:\Windows\System\hxoKNmU.exe
  2⤵
  PID:6516
- C:\Windows\System\wbQvfit.exe
  C:\Windows\System\wbQvfit.exe
  2⤵
  PID:6540
- C:\Windows\System\pvtpBvc.exe
  C:\Windows\System\pvtpBvc.exe
  2⤵
  PID:6692
- C:\Windows\System\JsruOHr.exe
  C:\Windows\System\JsruOHr.exe
  2⤵
  PID:6724
- C:\Windows\System\NGTwjrO.exe
  C:\Windows\System\NGTwjrO.exe
  2⤵
  PID:6648
- C:\Windows\System\hYJKHtY.exe
  C:\Windows\System\hYJKHtY.exe
  2⤵
  PID:6708
- C:\Windows\System\URqZRHN.exe
  C:\Windows\System\URqZRHN.exe
  2⤵
  PID:6752
- C:\Windows\System\kOVkbpO.exe
  C:\Windows\System\kOVkbpO.exe
  2⤵
  PID:6932
- C:\Windows\System\OITUDoR.exe
  C:\Windows\System\OITUDoR.exe
  2⤵
  PID:6820
- C:\Windows\System\TIaUwlQ.exe
  C:\Windows\System\TIaUwlQ.exe
  2⤵
  PID:6900
- C:\Windows\System\aIWIPyW.exe
  C:\Windows\System\aIWIPyW.exe
  2⤵
  PID:6832
- C:\Windows\System\sHVeaWo.exe
  C:\Windows\System\sHVeaWo.exe
  2⤵
  PID:6968
- C:\Windows\System\YkwSDUG.exe
  C:\Windows\System\YkwSDUG.exe
  2⤵
  PID:7000
- C:\Windows\System\WuRquAf.exe
  C:\Windows\System\WuRquAf.exe
  2⤵
  PID:6916
- C:\Windows\System\DJhodEe.exe
  C:\Windows\System\DJhodEe.exe
  2⤵
  PID:6960
- C:\Windows\System\omJclOj.exe
  C:\Windows\System\omJclOj.exe
  2⤵
  PID:7148
- C:\Windows\System\WhRstaF.exe
  C:\Windows\System\WhRstaF.exe
  2⤵
  PID:7104
- C:\Windows\System\MdsLAUU.exe
  C:\Windows\System\MdsLAUU.exe
  2⤵
  PID:5852
- C:\Windows\System\GCCiuBA.exe
  C:\Windows\System\GCCiuBA.exe
  2⤵
  PID:6980
- C:\Windows\System\XHYnxRC.exe
  C:\Windows\System\XHYnxRC.exe
  2⤵
  PID:7044
- C:\Windows\System\lDxYUMY.exe
  C:\Windows\System\lDxYUMY.exe
  2⤵
  PID:7092
- C:\Windows\System\KBaaiuq.exe
  C:\Windows\System\KBaaiuq.exe
  2⤵
  PID:5908
- C:\Windows\System\XEMdvrj.exe
  C:\Windows\System\XEMdvrj.exe
  2⤵
  PID:6116
- C:\Windows\System\xGoGakr.exe
  C:\Windows\System\xGoGakr.exe
  2⤵
  PID:6252
- C:\Windows\System\EtDmkfV.exe
  C:\Windows\System\EtDmkfV.exe
  2⤵
  PID:6256
- C:\Windows\System\uhepjyq.exe
  C:\Windows\System\uhepjyq.exe
  2⤵
  PID:6176
- C:\Windows\System\IeSUHwt.exe
  C:\Windows\System\IeSUHwt.exe
  2⤵
  PID:5780
- C:\Windows\System\UiSNEYA.exe
  C:\Windows\System\UiSNEYA.exe
  2⤵
  PID:6376
- C:\Windows\System\dVWQFrU.exe
  C:\Windows\System\dVWQFrU.exe
  2⤵
  PID:6480
- C:\Windows\System\gFDcHvf.exe
  C:\Windows\System\gFDcHvf.exe
  2⤵
  PID:6544
- C:\Windows\System\PFSCMCP.exe
  C:\Windows\System\PFSCMCP.exe
  2⤵
  PID:6580
- C:\Windows\System\nyAwwFj.exe
  C:\Windows\System\nyAwwFj.exe
  2⤵
  PID:6664
- C:\Windows\System\YBiCyVC.exe
  C:\Windows\System\YBiCyVC.exe
  2⤵
  PID:6528
- C:\Windows\System\fxZhqZc.exe
  C:\Windows\System\fxZhqZc.exe
  2⤵
  PID:6388
- C:\Windows\System\XGvzFEp.exe
  C:\Windows\System\XGvzFEp.exe
  2⤵
  PID:6428
- C:\Windows\System\LiLyIIA.exe
  C:\Windows\System\LiLyIIA.exe
  2⤵
  PID:6448
- C:\Windows\System\MVXEznx.exe
  C:\Windows\System\MVXEznx.exe
  2⤵
  PID:6632
- C:\Windows\System\UpaBAss.exe
  C:\Windows\System\UpaBAss.exe
  2⤵
  PID:6772
- C:\Windows\System\AiSxkKW.exe
  C:\Windows\System\AiSxkKW.exe
  2⤵
  PID:6748
- C:\Windows\System\oxrvaPk.exe
  C:\Windows\System\oxrvaPk.exe
  2⤵
  PID:6764
- C:\Windows\System\PAQdoxG.exe
  C:\Windows\System\PAQdoxG.exe
  2⤵
  PID:6816
- C:\Windows\System\kzJvoqw.exe
  C:\Windows\System\kzJvoqw.exe
  2⤵
  PID:2940
- C:\Windows\System\PJeeMGI.exe
  C:\Windows\System\PJeeMGI.exe
  2⤵
  PID:6912
- C:\Windows\System\QlBHkac.exe
  C:\Windows\System\QlBHkac.exe
  2⤵
  PID:6884
- C:\Windows\System\WgjJfXC.exe
  C:\Windows\System\WgjJfXC.exe
  2⤵
  PID:6964
- C:\Windows\System\RBwlVQY.exe
  C:\Windows\System\RBwlVQY.exe
  2⤵
  PID:7088
- C:\Windows\System\lAoylcW.exe
  C:\Windows\System\lAoylcW.exe
  2⤵
  PID:6212
- C:\Windows\System\cHzWNhA.exe
  C:\Windows\System\cHzWNhA.exe
  2⤵
  PID:5716
- C:\Windows\System\LaCZdzu.exe
  C:\Windows\System\LaCZdzu.exe
  2⤵
  PID:6248
- C:\Windows\System\ArTgWtG.exe
  C:\Windows\System\ArTgWtG.exe
  2⤵
  PID:6352
- C:\Windows\System\KRfSDgt.exe
  C:\Windows\System\KRfSDgt.exe
  2⤵
  PID:6232
- C:\Windows\System\EbtswEf.exe
  C:\Windows\System\EbtswEf.exe
  2⤵
  PID:6348
- C:\Windows\System\okVhfnD.exe
  C:\Windows\System\okVhfnD.exe
  2⤵
  PID:6312
- C:\Windows\System\HpPQTda.exe
  C:\Windows\System\HpPQTda.exe
  2⤵
  PID:5752
- C:\Windows\System\EKEkJdk.exe
  C:\Windows\System\EKEkJdk.exe
  2⤵
  PID:6148
- C:\Windows\System\TddXZfh.exe
  C:\Windows\System\TddXZfh.exe
  2⤵
  PID:6728
- C:\Windows\System\MzysUfc.exe
  C:\Windows\System\MzysUfc.exe
  2⤵
  PID:7064
- C:\Windows\System\rNqvAub.exe
  C:\Windows\System\rNqvAub.exe
  2⤵
  PID:5344
- C:\Windows\System\JGarREb.exe
  C:\Windows\System\JGarREb.exe
  2⤵
  PID:6264
- C:\Windows\System\IlUDxdH.exe
  C:\Windows\System\IlUDxdH.exe
  2⤵
  PID:7048
- C:\Windows\System\rKOBbfa.exe
  C:\Windows\System\rKOBbfa.exe
  2⤵
  PID:6736
- C:\Windows\System\NiOImRy.exe
  C:\Windows\System\NiOImRy.exe
  2⤵
  PID:6804
- C:\Windows\System\FvIvaiu.exe
  C:\Windows\System\FvIvaiu.exe
  2⤵
  PID:7136
- C:\Windows\System\dkMueEb.exe
  C:\Windows\System\dkMueEb.exe
  2⤵
  PID:6644
- C:\Windows\System\ioctmuf.exe
  C:\Windows\System\ioctmuf.exe
  2⤵
  PID:6408
- C:\Windows\System\YYaDkZF.exe
  C:\Windows\System\YYaDkZF.exe
  2⤵
  PID:6956
- C:\Windows\System\BNFBSPv.exe
  C:\Windows\System\BNFBSPv.exe
  2⤵
  PID:6760
- C:\Windows\System\aGwHJwB.exe
  C:\Windows\System\aGwHJwB.exe
  2⤵
  PID:7128
- C:\Windows\System\cMolAWi.exe
  C:\Windows\System\cMolAWi.exe
  2⤵
  PID:7180
- C:\Windows\System\lNJDNnn.exe
  C:\Windows\System\lNJDNnn.exe
  2⤵
  PID:7196
- C:\Windows\System\cFpkcSu.exe
  C:\Windows\System\cFpkcSu.exe
  2⤵
  PID:7212
- C:\Windows\System\QctCSag.exe
  C:\Windows\System\QctCSag.exe
  2⤵
  PID:7228
- C:\Windows\System\vFuHyyh.exe
  C:\Windows\System\vFuHyyh.exe
  2⤵
  PID:7244
- C:\Windows\System\OerVMym.exe
  C:\Windows\System\OerVMym.exe
  2⤵
  PID:7260
- C:\Windows\System\zoTekef.exe
  C:\Windows\System\zoTekef.exe
  2⤵
  PID:7280
- C:\Windows\System\mQkARQQ.exe
  C:\Windows\System\mQkARQQ.exe
  2⤵
  PID:7296
- C:\Windows\System\JKlMsFG.exe
  C:\Windows\System\JKlMsFG.exe
  2⤵
  PID:7312
- C:\Windows\System\hsJjaNJ.exe
  C:\Windows\System\hsJjaNJ.exe
  2⤵
  PID:7328
- C:\Windows\System\ewwlBnn.exe
  C:\Windows\System\ewwlBnn.exe
  2⤵
  PID:7344
- C:\Windows\System\MhZoONN.exe
  C:\Windows\System\MhZoONN.exe
  2⤵
  PID:7360
- C:\Windows\System\IOJVaJl.exe
  C:\Windows\System\IOJVaJl.exe
  2⤵
  PID:7376
- C:\Windows\System\EqorKJC.exe
  C:\Windows\System\EqorKJC.exe
  2⤵
  PID:7392
- C:\Windows\System\heLgOih.exe
  C:\Windows\System\heLgOih.exe
  2⤵
  PID:7408
- C:\Windows\System\zFZwkRw.exe
  C:\Windows\System\zFZwkRw.exe
  2⤵
  PID:7424
- C:\Windows\System\iepbjiH.exe
  C:\Windows\System\iepbjiH.exe
  2⤵
  PID:7440
- C:\Windows\System\HRZjSur.exe
  C:\Windows\System\HRZjSur.exe
  2⤵
  PID:7456
- C:\Windows\System\DBQSiVd.exe
  C:\Windows\System\DBQSiVd.exe
  2⤵
  PID:7472
- C:\Windows\System\rCdLAyX.exe
  C:\Windows\System\rCdLAyX.exe
  2⤵
  PID:7488
- C:\Windows\System\Kgwedtq.exe
  C:\Windows\System\Kgwedtq.exe
  2⤵
  PID:7504
- C:\Windows\System\KPJvENs.exe
  C:\Windows\System\KPJvENs.exe
  2⤵
  PID:7520
- C:\Windows\System\nUOsCEl.exe
  C:\Windows\System\nUOsCEl.exe
  2⤵
  PID:7536
- C:\Windows\System\giwSSDI.exe
  C:\Windows\System\giwSSDI.exe
  2⤵
  PID:7552
- C:\Windows\System\EhWQdMQ.exe
  C:\Windows\System\EhWQdMQ.exe
  2⤵
  PID:7568
- C:\Windows\System\pXbRmrq.exe
  C:\Windows\System\pXbRmrq.exe
  2⤵
  PID:7584
- C:\Windows\System\JopDzMI.exe
  C:\Windows\System\JopDzMI.exe
  2⤵
  PID:7600
- C:\Windows\System\BLHuEFd.exe
  C:\Windows\System\BLHuEFd.exe
  2⤵
  PID:7616
- C:\Windows\System\roVhqmB.exe
  C:\Windows\System\roVhqmB.exe
  2⤵
  PID:7632
- C:\Windows\System\EHgHTyO.exe
  C:\Windows\System\EHgHTyO.exe
  2⤵
  PID:7648
- C:\Windows\System\bbGirck.exe
  C:\Windows\System\bbGirck.exe
  2⤵
  PID:7664
- C:\Windows\System\LiRxrsM.exe
  C:\Windows\System\LiRxrsM.exe
  2⤵
  PID:7680
- C:\Windows\System\QKruuDt.exe
  C:\Windows\System\QKruuDt.exe
  2⤵
  PID:7696
- C:\Windows\System\hWVjQLL.exe
  C:\Windows\System\hWVjQLL.exe
  2⤵
  PID:7712
- C:\Windows\System\RSJSVSs.exe
  C:\Windows\System\RSJSVSs.exe
  2⤵
  PID:7728
- C:\Windows\System\kmqdKsm.exe
  C:\Windows\System\kmqdKsm.exe
  2⤵
  PID:7744
- C:\Windows\System\XgByQXl.exe
  C:\Windows\System\XgByQXl.exe
  2⤵
  PID:7764
- C:\Windows\System\sMlXNfn.exe
  C:\Windows\System\sMlXNfn.exe
  2⤵
  PID:7780
- C:\Windows\System\XKEtHDS.exe
  C:\Windows\System\XKEtHDS.exe
  2⤵
  PID:7796
- C:\Windows\System\zikmmFR.exe
  C:\Windows\System\zikmmFR.exe
  2⤵
  PID:7812
- C:\Windows\System\FLZIPqA.exe
  C:\Windows\System\FLZIPqA.exe
  2⤵
  PID:7828
- C:\Windows\System\jNJMNMC.exe
  C:\Windows\System\jNJMNMC.exe
  2⤵
  PID:7844
- C:\Windows\System\nVYhiCW.exe
  C:\Windows\System\nVYhiCW.exe
  2⤵
  PID:7860
- C:\Windows\System\PnMMyPs.exe
  C:\Windows\System\PnMMyPs.exe
  2⤵
  PID:7876
- C:\Windows\System\xfGSpDn.exe
  C:\Windows\System\xfGSpDn.exe
  2⤵
  PID:7892
- C:\Windows\System\NJjWjox.exe
  C:\Windows\System\NJjWjox.exe
  2⤵
  PID:7908
- C:\Windows\System\dZmsYcZ.exe
  C:\Windows\System\dZmsYcZ.exe
  2⤵
  PID:7924
- C:\Windows\System\fWcIHHl.exe
  C:\Windows\System\fWcIHHl.exe
  2⤵
  PID:7940
- C:\Windows\System\NNcfXOG.exe
  C:\Windows\System\NNcfXOG.exe
  2⤵
  PID:7956
- C:\Windows\System\qBOttKZ.exe
  C:\Windows\System\qBOttKZ.exe
  2⤵
  PID:7972
- C:\Windows\System\pHglCcn.exe
  C:\Windows\System\pHglCcn.exe
  2⤵
  PID:7988
- C:\Windows\System\CMhsZuM.exe
  C:\Windows\System\CMhsZuM.exe
  2⤵
  PID:8004
- C:\Windows\System\xkxEIBU.exe
  C:\Windows\System\xkxEIBU.exe
  2⤵
  PID:8020
- C:\Windows\System\cKoImVw.exe
  C:\Windows\System\cKoImVw.exe
  2⤵
  PID:8036
- C:\Windows\System\zOvZkCZ.exe
  C:\Windows\System\zOvZkCZ.exe
  2⤵
  PID:8052
- C:\Windows\System\BJCAAOb.exe
  C:\Windows\System\BJCAAOb.exe
  2⤵
  PID:8068
- C:\Windows\System\AWHeemM.exe
  C:\Windows\System\AWHeemM.exe
  2⤵
  PID:8084
- C:\Windows\System\GuQjNkv.exe
  C:\Windows\System\GuQjNkv.exe
  2⤵
  PID:8100
- C:\Windows\System\yQIjGjy.exe
  C:\Windows\System\yQIjGjy.exe
  2⤵
  PID:8116
- C:\Windows\System\uqoCxKj.exe
  C:\Windows\System\uqoCxKj.exe
  2⤵
  PID:8132
- C:\Windows\System\roudsYc.exe
  C:\Windows\System\roudsYc.exe
  2⤵
  PID:8148
- C:\Windows\System\MsCCopw.exe
  C:\Windows\System\MsCCopw.exe
  2⤵
  PID:8164
- C:\Windows\System\hFvXhKj.exe
  C:\Windows\System\hFvXhKj.exe
  2⤵
  PID:8180
- C:\Windows\System\ZzclhsN.exe
  C:\Windows\System\ZzclhsN.exe
  2⤵
  PID:6640
- C:\Windows\System\sAnSZyN.exe
  C:\Windows\System\sAnSZyN.exe
  2⤵
  PID:7208
- C:\Windows\System\rmECLoW.exe
  C:\Windows\System\rmECLoW.exe
  2⤵
  PID:7268
- C:\Windows\System\LVHloTw.exe
  C:\Windows\System\LVHloTw.exe
  2⤵
  PID:7032
- C:\Windows\System\AkTQezu.exe
  C:\Windows\System\AkTQezu.exe
  2⤵
  PID:6536
- C:\Windows\System\rzxGevy.exe
  C:\Windows\System\rzxGevy.exe
  2⤵
  PID:7252
- C:\Windows\System\elxlCfF.exe
  C:\Windows\System\elxlCfF.exe
  2⤵
  PID:7292
- C:\Windows\System\ZLRXvte.exe
  C:\Windows\System\ZLRXvte.exe
  2⤵
  PID:7340
- C:\Windows\System\nBTUBIS.exe
  C:\Windows\System\nBTUBIS.exe
  2⤵
  PID:7352
- C:\Windows\System\aGHRASB.exe
  C:\Windows\System\aGHRASB.exe
  2⤵
  PID:7388
- C:\Windows\System\POAQech.exe
  C:\Windows\System\POAQech.exe
  2⤵
  PID:7432
- C:\Windows\System\gHSHmBm.exe
  C:\Windows\System\gHSHmBm.exe
  2⤵
  PID:7452
- C:\Windows\System\wjfHutX.exe
  C:\Windows\System\wjfHutX.exe
  2⤵
  PID:7500
- C:\Windows\System\HHMqpqf.exe
  C:\Windows\System\HHMqpqf.exe
  2⤵
  PID:7564
- C:\Windows\System\IpVyOCs.exe
  C:\Windows\System\IpVyOCs.exe
  2⤵
  PID:7624
- C:\Windows\System\EppFlXx.exe
  C:\Windows\System\EppFlXx.exe
  2⤵
  PID:7544
- C:\Windows\System\lHGajPI.exe
  C:\Windows\System\lHGajPI.exe
  2⤵
  PID:7612
- C:\Windows\System\vaakddZ.exe
  C:\Windows\System\vaakddZ.exe
  2⤵
  PID:7660
- C:\Windows\System\DdSUSMz.exe
  C:\Windows\System\DdSUSMz.exe
  2⤵
  PID:7724
- C:\Windows\System\RikFmmF.exe
  C:\Windows\System\RikFmmF.exe
  2⤵
  PID:7704
- C:\Windows\System\ukffgdC.exe
  C:\Windows\System\ukffgdC.exe
  2⤵
  PID:7792
- C:\Windows\System\GHRYKKm.exe
  C:\Windows\System\GHRYKKm.exe
  2⤵
  PID:7852
- C:\Windows\System\XvmHIet.exe
  C:\Windows\System\XvmHIet.exe
  2⤵
  PID:7836
- C:\Windows\System\jkAnfXl.exe
  C:\Windows\System\jkAnfXl.exe
  2⤵
  PID:7740
- C:\Windows\System\GCWhoVh.exe
  C:\Windows\System\GCWhoVh.exe
  2⤵
  PID:7872
- C:\Windows\System\zaILHBg.exe
  C:\Windows\System\zaILHBg.exe
  2⤵
  PID:7920
- C:\Windows\System\aGSfdhi.exe
  C:\Windows\System\aGSfdhi.exe
  2⤵
  PID:7980
- C:\Windows\System\aKXxQHH.exe
  C:\Windows\System\aKXxQHH.exe
  2⤵
  PID:7984
- C:\Windows\System\QNkzrhz.exe
  C:\Windows\System\QNkzrhz.exe
  2⤵
  PID:8028
- C:\Windows\System\JEQKutj.exe
  C:\Windows\System\JEQKutj.exe
  2⤵
  PID:8000
- C:\Windows\System\DDlYOMQ.exe
  C:\Windows\System\DDlYOMQ.exe
  2⤵
  PID:8076
- C:\Windows\System\PWrcjTv.exe
  C:\Windows\System\PWrcjTv.exe
  2⤵
  PID:8172
- C:\Windows\System\Gigiknj.exe
  C:\Windows\System\Gigiknj.exe
  2⤵
  PID:8096
- C:\Windows\System\NBMucLk.exe
  C:\Windows\System\NBMucLk.exe
  2⤵
  PID:7176
- C:\Windows\System\RbUuIRo.exe
  C:\Windows\System\RbUuIRo.exe
  2⤵
  PID:8188
- C:\Windows\System\JCHTPhb.exe
  C:\Windows\System\JCHTPhb.exe
  2⤵
  PID:6524
- C:\Windows\System\MZaOolI.exe
  C:\Windows\System\MZaOolI.exe
  2⤵
  PID:7192
- C:\Windows\System\GPuswyV.exe
  C:\Windows\System\GPuswyV.exe
  2⤵
  PID:7372
- C:\Windows\System\kCrScgN.exe
  C:\Windows\System\kCrScgN.exe
  2⤵
  PID:7324
- C:\Windows\System\XurkydE.exe
  C:\Windows\System\XurkydE.exe
  2⤵
  PID:7384
- C:\Windows\System\ynWyAyg.exe
  C:\Windows\System\ynWyAyg.exe
  2⤵
  PID:7560
- C:\Windows\System\VwEzuRx.exe
  C:\Windows\System\VwEzuRx.exe
  2⤵
  PID:7436
- C:\Windows\System\oFuwZWp.exe
  C:\Windows\System\oFuwZWp.exe
  2⤵
  PID:7400
- C:\Windows\System\UqIiLLs.exe
  C:\Windows\System\UqIiLLs.exe
  2⤵
  PID:7756
- C:\Windows\System\mJipBVP.exe
  C:\Windows\System\mJipBVP.exe
  2⤵
  PID:7720
- C:\Windows\System\uUFMtKq.exe
  C:\Windows\System\uUFMtKq.exe
  2⤵
  PID:7884
- C:\Windows\System\opuSDXN.exe
  C:\Windows\System\opuSDXN.exe
  2⤵
  PID:7824
- C:\Windows\System\pOnlYZB.exe
  C:\Windows\System\pOnlYZB.exe
  2⤵
  PID:7276
- C:\Windows\System\IWCkGIX.exe
  C:\Windows\System\IWCkGIX.exe
  2⤵
  PID:8012
- C:\Windows\System\rRDkGwQ.exe
  C:\Windows\System\rRDkGwQ.exe
  2⤵
  PID:8016
- C:\Windows\System\rNzEjxx.exe
  C:\Windows\System\rNzEjxx.exe
  2⤵
  PID:8080
- C:\Windows\System\BgPMlGo.exe
  C:\Windows\System\BgPMlGo.exe
  2⤵
  PID:5884
- C:\Windows\System\ZCKwGET.exe
  C:\Windows\System\ZCKwGET.exe
  2⤵
  PID:8156
- C:\Windows\System\BJMkWlj.exe
  C:\Windows\System\BJMkWlj.exe
  2⤵
  PID:7204
- C:\Windows\System\VuQYYmu.exe
  C:\Windows\System\VuQYYmu.exe
  2⤵
  PID:7416
- C:\Windows\System\xHeNtcX.exe
  C:\Windows\System\xHeNtcX.exe
  2⤵
  PID:7656
- C:\Windows\System\ltUcBgB.exe
  C:\Windows\System\ltUcBgB.exe
  2⤵
  PID:7788
- C:\Windows\System\uhqmYxB.exe
  C:\Windows\System\uhqmYxB.exe
  2⤵
  PID:7776
- C:\Windows\System\GOZotpv.exe
  C:\Windows\System\GOZotpv.exe
  2⤵
  PID:7952
- C:\Windows\System\WYInbSw.exe
  C:\Windows\System\WYInbSw.exe
  2⤵
  PID:7532
- C:\Windows\System\TGOUDcu.exe
  C:\Windows\System\TGOUDcu.exe
  2⤵
  PID:7692
- C:\Windows\System\JchzXom.exe
  C:\Windows\System\JchzXom.exe
  2⤵
  PID:7308
- C:\Windows\System\lhssfEg.exe
  C:\Windows\System\lhssfEg.exe
  2⤵
  PID:7484
- C:\Windows\System\CHfRiuh.exe
  C:\Windows\System\CHfRiuh.exe
  2⤵
  PID:8112
- C:\Windows\System\LpIwKFC.exe
  C:\Windows\System\LpIwKFC.exe
  2⤵
  PID:7676
- C:\Windows\System\xqvKwul.exe
  C:\Windows\System\xqvKwul.exe
  2⤵
  PID:1476
- C:\Windows\System\ULqdOWg.exe
  C:\Windows\System\ULqdOWg.exe
  2⤵
  PID:7528
- C:\Windows\System\RZNHQzx.exe
  C:\Windows\System\RZNHQzx.exe
  2⤵
  PID:8208
- C:\Windows\System\gyHwyRU.exe
  C:\Windows\System\gyHwyRU.exe
  2⤵
  PID:8224
- C:\Windows\System\FQQDHeV.exe
  C:\Windows\System\FQQDHeV.exe
  2⤵
  PID:8240
- C:\Windows\System\TftnPAf.exe
  C:\Windows\System\TftnPAf.exe
  2⤵
  PID:8256
- C:\Windows\System\kUhMwJS.exe
  C:\Windows\System\kUhMwJS.exe
  2⤵
  PID:8272
- C:\Windows\System\PSqwOye.exe
  C:\Windows\System\PSqwOye.exe
  2⤵
  PID:8288
- C:\Windows\System\hsfteDF.exe
  C:\Windows\System\hsfteDF.exe
  2⤵
  PID:8304
- C:\Windows\System\EkjbPhf.exe
  C:\Windows\System\EkjbPhf.exe
  2⤵
  PID:8320
- C:\Windows\System\hKAaIMG.exe
  C:\Windows\System\hKAaIMG.exe
  2⤵
  PID:8336
- C:\Windows\System\KmeFEVd.exe
  C:\Windows\System\KmeFEVd.exe
  2⤵
  PID:8352
- C:\Windows\System\WEAssaD.exe
  C:\Windows\System\WEAssaD.exe
  2⤵
  PID:8368
- C:\Windows\System\VtIwKwt.exe
  C:\Windows\System\VtIwKwt.exe
  2⤵
  PID:8384
- C:\Windows\System\AudiycY.exe
  C:\Windows\System\AudiycY.exe
  2⤵
  PID:8400
- C:\Windows\System\hUGSLLi.exe
  C:\Windows\System\hUGSLLi.exe
  2⤵
  PID:8416
- C:\Windows\System\lBMVCMD.exe
  C:\Windows\System\lBMVCMD.exe
  2⤵
  PID:8432
- C:\Windows\System\yFMzgFX.exe
  C:\Windows\System\yFMzgFX.exe
  2⤵
  PID:8448
- C:\Windows\System\LDXAGNT.exe
  C:\Windows\System\LDXAGNT.exe
  2⤵
  PID:8464
- C:\Windows\System\aNzHznQ.exe
  C:\Windows\System\aNzHznQ.exe
  2⤵
  PID:8480
- C:\Windows\System\puWzcKz.exe
  C:\Windows\System\puWzcKz.exe
  2⤵
  PID:8496
- C:\Windows\System\phtDmWe.exe
  C:\Windows\System\phtDmWe.exe
  2⤵
  PID:8512
- C:\Windows\System\IqTlobA.exe
  C:\Windows\System\IqTlobA.exe
  2⤵
  PID:8528
- C:\Windows\System\XmPYvYg.exe
  C:\Windows\System\XmPYvYg.exe
  2⤵
  PID:8544
- C:\Windows\System\gWUYIKj.exe
  C:\Windows\System\gWUYIKj.exe
  2⤵
  PID:8624
- C:\Windows\System\pYYOlct.exe
  C:\Windows\System\pYYOlct.exe
  2⤵
  PID:8640
- C:\Windows\System\ppYoMFg.exe
  C:\Windows\System\ppYoMFg.exe
  2⤵
  PID:8656
- C:\Windows\System\TKybIhw.exe
  C:\Windows\System\TKybIhw.exe
  2⤵
  PID:8672
- C:\Windows\System\ZEGgXCe.exe
  C:\Windows\System\ZEGgXCe.exe
  2⤵
  PID:8696
- C:\Windows\System\yJLXAZN.exe
  C:\Windows\System\yJLXAZN.exe
  2⤵
  PID:8712
- C:\Windows\System\cUVVCnd.exe
  C:\Windows\System\cUVVCnd.exe
  2⤵
  PID:8728
- C:\Windows\System\bKejJnz.exe
  C:\Windows\System\bKejJnz.exe
  2⤵
  PID:8752
- C:\Windows\System\GyzdAXb.exe
  C:\Windows\System\GyzdAXb.exe
  2⤵
  PID:8784
- C:\Windows\System\nwjuKQi.exe
  C:\Windows\System\nwjuKQi.exe
  2⤵
  PID:8800
- C:\Windows\System\smhGiFt.exe
  C:\Windows\System\smhGiFt.exe
  2⤵
  PID:8816
- C:\Windows\System\NilXIWm.exe
  C:\Windows\System\NilXIWm.exe
  2⤵
  PID:8832
- C:\Windows\System\oieLhIO.exe
  C:\Windows\System\oieLhIO.exe
  2⤵
  PID:8848
- C:\Windows\System\BXOJuZL.exe
  C:\Windows\System\BXOJuZL.exe
  2⤵
  PID:8864
- C:\Windows\System\QMIGDfZ.exe
  C:\Windows\System\QMIGDfZ.exe
  2⤵
  PID:8880
- C:\Windows\System\SgFXTto.exe
  C:\Windows\System\SgFXTto.exe
  2⤵
  PID:8896
- C:\Windows\System\VYhkgYH.exe
  C:\Windows\System\VYhkgYH.exe
  2⤵
  PID:8920
- C:\Windows\System\IOfWuOh.exe
  C:\Windows\System\IOfWuOh.exe
  2⤵
  PID:8940
- C:\Windows\System\oLAPhBn.exe
  C:\Windows\System\oLAPhBn.exe
  2⤵
  PID:8964
- C:\Windows\System\VGGBXLT.exe
  C:\Windows\System\VGGBXLT.exe
  2⤵
  PID:8984
- C:\Windows\System\ilYHbrm.exe
  C:\Windows\System\ilYHbrm.exe
  2⤵
  PID:9000
- C:\Windows\System\PzKuubI.exe
  C:\Windows\System\PzKuubI.exe
  2⤵
  PID:9016
- C:\Windows\System\hqKNWSI.exe
  C:\Windows\System\hqKNWSI.exe
  2⤵
  PID:9032
- C:\Windows\System\UeEiyPE.exe
  C:\Windows\System\UeEiyPE.exe
  2⤵
  PID:9048
- C:\Windows\System\deJEkDG.exe
  C:\Windows\System\deJEkDG.exe
  2⤵
  PID:9064
- C:\Windows\System\zxRrDGK.exe
  C:\Windows\System\zxRrDGK.exe
  2⤵
  PID:9080
- C:\Windows\System\XaaMzeD.exe
  C:\Windows\System\XaaMzeD.exe
  2⤵
  PID:9096
- C:\Windows\System\NZBHHiG.exe
  C:\Windows\System\NZBHHiG.exe
  2⤵
  PID:9112
- C:\Windows\System\TGuJIXC.exe
  C:\Windows\System\TGuJIXC.exe
  2⤵
  PID:9128
- C:\Windows\System\XHFfHim.exe
  C:\Windows\System\XHFfHim.exe
  2⤵
  PID:9144
- C:\Windows\System\ECKhQBI.exe
  C:\Windows\System\ECKhQBI.exe
  2⤵
  PID:9160
- C:\Windows\System\jRlkCNB.exe
  C:\Windows\System\jRlkCNB.exe
  2⤵
  PID:9176
- C:\Windows\System\ACaFogW.exe
  C:\Windows\System\ACaFogW.exe
  2⤵
  PID:9192
- C:\Windows\System\ImxKNLo.exe
  C:\Windows\System\ImxKNLo.exe
  2⤵
  PID:9208
- C:\Windows\System\BFsFADI.exe
  C:\Windows\System\BFsFADI.exe
  2⤵
  PID:7904
- C:\Windows\System\NkJOPmZ.exe
  C:\Windows\System\NkJOPmZ.exe
  2⤵
  PID:8144
- C:\Windows\System\bFHFfqu.exe
  C:\Windows\System\bFHFfqu.exe
  2⤵
  PID:8264
- C:\Windows\System\iwbRkXb.exe
  C:\Windows\System\iwbRkXb.exe
  2⤵
  PID:8280
- C:\Windows\System\TwYuOGA.exe
  C:\Windows\System\TwYuOGA.exe
  2⤵
  PID:8300
- C:\Windows\System\PzscLJN.exe
  C:\Windows\System\PzscLJN.exe
  2⤵
  PID:8316
- C:\Windows\System\CelhRWz.exe
  C:\Windows\System\CelhRWz.exe
  2⤵
  PID:8396
- C:\Windows\System\PoZSmvr.exe
  C:\Windows\System\PoZSmvr.exe
  2⤵
  PID:8428
- C:\Windows\System\hlzyRMr.exe
  C:\Windows\System\hlzyRMr.exe
  2⤵
  PID:8376
- C:\Windows\System\JugAQqZ.exe
  C:\Windows\System\JugAQqZ.exe
  2⤵
  PID:8444
- C:\Windows\System\mxuUEeZ.exe
  C:\Windows\System\mxuUEeZ.exe
  2⤵
  PID:8520
- C:\Windows\System\MfXZaVB.exe
  C:\Windows\System\MfXZaVB.exe
  2⤵
  PID:8504
- C:\Windows\System\DLnPVZx.exe
  C:\Windows\System\DLnPVZx.exe
  2⤵
  PID:8560
- C:\Windows\System\lnQhXen.exe
  C:\Windows\System\lnQhXen.exe
  2⤵
  PID:8604
- C:\Windows\System\PkRYIEE.exe
  C:\Windows\System\PkRYIEE.exe
  2⤵
  PID:8596
- C:\Windows\System\DiyXIBv.exe
  C:\Windows\System\DiyXIBv.exe
  2⤵
  PID:8556
- C:\Windows\System\QNtyOiQ.exe
  C:\Windows\System\QNtyOiQ.exe
  2⤵
  PID:8620
- C:\Windows\System\wsuHhaa.exe
  C:\Windows\System\wsuHhaa.exe
  2⤵
  PID:8684
- C:\Windows\System\bpLwTIs.exe
  C:\Windows\System\bpLwTIs.exe
  2⤵
  PID:8760
- C:\Windows\System\LIFZENK.exe
  C:\Windows\System\LIFZENK.exe
  2⤵
  PID:8780
- C:\Windows\System\tRLRWZo.exe
  C:\Windows\System\tRLRWZo.exe
  2⤵
  PID:8808
- C:\Windows\System\EaduYVh.exe
  C:\Windows\System\EaduYVh.exe
  2⤵
  PID:8708
- C:\Windows\System\omlldfh.exe
  C:\Windows\System\omlldfh.exe
  2⤵
  PID:8748
- C:\Windows\System\zxVHZTO.exe
  C:\Windows\System\zxVHZTO.exe
  2⤵
  PID:8872
- C:\Windows\System\WYxAceT.exe
  C:\Windows\System\WYxAceT.exe
  2⤵
  PID:8912
- C:\Windows\System\uvpZBJH.exe
  C:\Windows\System\uvpZBJH.exe
  2⤵
  PID:8916
- C:\Windows\System\raSDCnO.exe
  C:\Windows\System\raSDCnO.exe
  2⤵
  PID:8952
- C:\Windows\System\vaZSzmb.exe
  C:\Windows\System\vaZSzmb.exe
  2⤵
  PID:8888
- C:\Windows\System\RzEKbfH.exe
  C:\Windows\System\RzEKbfH.exe
  2⤵
  PID:8932
- C:\Windows\System\jOAZSGt.exe
  C:\Windows\System\jOAZSGt.exe
  2⤵
  PID:8980
- C:\Windows\System\UUhdAre.exe
  C:\Windows\System\UUhdAre.exe
  2⤵
  PID:9088
- C:\Windows\System\XmDHaet.exe
  C:\Windows\System\XmDHaet.exe
  2⤵
  PID:9124
- C:\Windows\System\XwOlClf.exe
  C:\Windows\System\XwOlClf.exe
  2⤵
  PID:9188
- C:\Windows\System\jWvSoVV.exe
  C:\Windows\System\jWvSoVV.exe
  2⤵
  PID:9012
- C:\Windows\System\IFcXlJi.exe
  C:\Windows\System\IFcXlJi.exe
  2⤵
  PID:8252
- C:\Windows\System\CSoWhjy.exe
  C:\Windows\System\CSoWhjy.exe
  2⤵
  PID:9040
- C:\Windows\System\GPpWDEU.exe
  C:\Windows\System\GPpWDEU.exe
  2⤵
  PID:8140
- C:\Windows\System\vRbmqSQ.exe
  C:\Windows\System\vRbmqSQ.exe
  2⤵
  PID:9108
- C:\Windows\System\zBUMbHW.exe
  C:\Windows\System\zBUMbHW.exe
  2⤵
  PID:9204
- C:\Windows\System\gZFIzSG.exe
  C:\Windows\System\gZFIzSG.exe
  2⤵
  PID:8348
- C:\Windows\System\CuPBpkz.exe
  C:\Windows\System\CuPBpkz.exe
  2⤵
  PID:8412
- C:\Windows\System\upduQYv.exe
  C:\Windows\System\upduQYv.exe
  2⤵
  PID:8440
- C:\Windows\System\wSuHjIJ.exe
  C:\Windows\System\wSuHjIJ.exe
  2⤵
  PID:8632
- C:\Windows\System\LaymXvk.exe
  C:\Windows\System\LaymXvk.exe
  2⤵
  PID:8680
- C:\Windows\System\qISLeUG.exe
  C:\Windows\System\qISLeUG.exe
  2⤵
  PID:8668
- C:\Windows\System\KBiBema.exe
  C:\Windows\System\KBiBema.exe
  2⤵
  PID:8840
- C:\Windows\System\ylspJPj.exe
  C:\Windows\System\ylspJPj.exe
  2⤵
  PID:8956
- C:\Windows\System\veHUEpM.exe
  C:\Windows\System\veHUEpM.exe
  2⤵
  PID:8828
- C:\Windows\System\vorOQWz.exe
  C:\Windows\System\vorOQWz.exe
  2⤵
  PID:8928
- C:\Windows\System\BkbEzRx.exe
  C:\Windows\System\BkbEzRx.exe
  2⤵
  PID:8976
- C:\Windows\System\dyfrViN.exe
  C:\Windows\System\dyfrViN.exe
  2⤵
  PID:9184
- C:\Windows\System\XPbxbyb.exe
  C:\Windows\System\XPbxbyb.exe
  2⤵
  PID:7320
- C:\Windows\System\WUHULYz.exe
  C:\Windows\System\WUHULYz.exe
  2⤵
  PID:8456
- C:\Windows\System\jWyNfsO.exe
  C:\Windows\System\jWyNfsO.exe
  2⤵
  PID:8488
- C:\Windows\System\oCwDtSw.exe
  C:\Windows\System\oCwDtSw.exe
  2⤵
  PID:796
- C:\Windows\System\ZZmQvay.exe
  C:\Windows\System\ZZmQvay.exe
  2⤵
  PID:8568
- C:\Windows\System\EjVxnsH.exe
  C:\Windows\System\EjVxnsH.exe
  2⤵
  PID:8460
- C:\Windows\System\uLtNqlQ.exe
  C:\Windows\System\uLtNqlQ.exe
  2⤵
  PID:2412
- C:\Windows\System\swYMXsk.exe
  C:\Windows\System\swYMXsk.exe
  2⤵
  PID:8312
- C:\Windows\System\easaeCn.exe
  C:\Windows\System\easaeCn.exe
  2⤵
  PID:8772
- C:\Windows\System\AQokXLV.exe
  C:\Windows\System\AQokXLV.exe
  2⤵
  PID:1140
- C:\Windows\System\YRiBbDT.exe
  C:\Windows\System\YRiBbDT.exe
  2⤵
  PID:8908
- C:\Windows\System\EUAsDMv.exe
  C:\Windows\System\EUAsDMv.exe
  2⤵
  PID:9120
- C:\Windows\System\BzVxGEX.exe
  C:\Windows\System\BzVxGEX.exe
  2⤵
  PID:8824
- C:\Windows\System\OezUeiV.exe
  C:\Windows\System\OezUeiV.exe
  2⤵
  PID:8704
- C:\Windows\System\zsiTGIc.exe
  C:\Windows\System\zsiTGIc.exe
  2⤵
  PID:8236
- C:\Windows\System\rlFBTfH.exe
  C:\Windows\System\rlFBTfH.exe
  2⤵
  PID:9104
- C:\Windows\System\oCcOsDN.exe
  C:\Windows\System\oCcOsDN.exe
  2⤵
  PID:9172
- C:\Windows\System\tubyxve.exe
  C:\Windows\System\tubyxve.exe
  2⤵
  PID:2268
- C:\Windows\System\WdAdlit.exe
  C:\Windows\System\WdAdlit.exe
  2⤵
  PID:8612
- C:\Windows\System\dccfhmi.exe
  C:\Windows\System\dccfhmi.exe
  2⤵
  PID:8576
- C:\Windows\System\ZRboSqs.exe
  C:\Windows\System\ZRboSqs.exe
  2⤵
  PID:2564
- C:\Windows\System\LacPHcz.exe
  C:\Windows\System\LacPHcz.exe
  2⤵
  PID:8960
- C:\Windows\System\HMbjEMW.exe
  C:\Windows\System\HMbjEMW.exe
  2⤵
  PID:2124
- C:\Windows\System\GXkjehn.exe
  C:\Windows\System\GXkjehn.exe
  2⤵
  PID:8268
- C:\Windows\System\qZDrYPW.exe
  C:\Windows\System\qZDrYPW.exe
  2⤵
  PID:2148
- C:\Windows\System\rUquHdr.exe
  C:\Windows\System\rUquHdr.exe
  2⤵
  PID:2304
- C:\Windows\System\asBwhki.exe
  C:\Windows\System\asBwhki.exe
  2⤵
  PID:8860
- C:\Windows\System\PCpKLtq.exe
  C:\Windows\System\PCpKLtq.exe
  2⤵
  PID:9060
- C:\Windows\System\ghUYCuA.exe
  C:\Windows\System\ghUYCuA.exe
  2⤵
  PID:8904
- C:\Windows\System\iYCnNdg.exe
  C:\Windows\System\iYCnNdg.exe
  2⤵
  PID:2756
- C:\Windows\System\ugVzJGa.exe
  C:\Windows\System\ugVzJGa.exe
  2⤵
  PID:8572
- C:\Windows\System\DyFRPsb.exe
  C:\Windows\System\DyFRPsb.exe
  2⤵
  PID:7996
- C:\Windows\System\ZFAdUnu.exe
  C:\Windows\System\ZFAdUnu.exe
  2⤵
  PID:9228
- C:\Windows\System\uOKIUSv.exe
  C:\Windows\System\uOKIUSv.exe
  2⤵
  PID:9244
- C:\Windows\System\GgBzhty.exe
  C:\Windows\System\GgBzhty.exe
  2⤵
  PID:9260
- C:\Windows\System\TQjAfiq.exe
  C:\Windows\System\TQjAfiq.exe
  2⤵
  PID:9276
- C:\Windows\System\qlagwzC.exe
  C:\Windows\System\qlagwzC.exe
  2⤵
  PID:9292
- C:\Windows\System\xuQGhpk.exe
  C:\Windows\System\xuQGhpk.exe
  2⤵
  PID:9312
- C:\Windows\System\bcsLNkE.exe
  C:\Windows\System\bcsLNkE.exe
  2⤵
  PID:9328
- C:\Windows\System\DdtAtCK.exe
  C:\Windows\System\DdtAtCK.exe
  2⤵
  PID:9344
- C:\Windows\System\GcDYHav.exe
  C:\Windows\System\GcDYHav.exe
  2⤵
  PID:9360
- C:\Windows\System\XxzOovx.exe
  C:\Windows\System\XxzOovx.exe
  2⤵
  PID:9376
- C:\Windows\System\yXRnGBH.exe
  C:\Windows\System\yXRnGBH.exe
  2⤵
  PID:9392
- C:\Windows\System\mIYhmhw.exe
  C:\Windows\System\mIYhmhw.exe
  2⤵
  PID:9408
- C:\Windows\System\ThdkzuC.exe
  C:\Windows\System\ThdkzuC.exe
  2⤵
  PID:9424
- C:\Windows\System\jorWgEH.exe
  C:\Windows\System\jorWgEH.exe
  2⤵
  PID:9440
- C:\Windows\System\gTURGui.exe
  C:\Windows\System\gTURGui.exe
  2⤵
  PID:9456
- C:\Windows\System\ZxNPzTR.exe
  C:\Windows\System\ZxNPzTR.exe
  2⤵
  PID:9472
- C:\Windows\System\uoxIAgO.exe
  C:\Windows\System\uoxIAgO.exe
  2⤵
  PID:9488
- C:\Windows\System\QhLhzwR.exe
  C:\Windows\System\QhLhzwR.exe
  2⤵
  PID:9504
- C:\Windows\System\hSFqAHr.exe
  C:\Windows\System\hSFqAHr.exe
  2⤵
  PID:9520
- C:\Windows\System\uPSmwDU.exe
  C:\Windows\System\uPSmwDU.exe
  2⤵
  PID:9536
- C:\Windows\System\DrOaKKQ.exe
  C:\Windows\System\DrOaKKQ.exe
  2⤵
  PID:9552
- C:\Windows\System\OnQOlUk.exe
  C:\Windows\System\OnQOlUk.exe
  2⤵
  PID:9568
- C:\Windows\System\onXICZU.exe
  C:\Windows\System\onXICZU.exe
  2⤵
  PID:9584
- C:\Windows\System\HZORpiq.exe
  C:\Windows\System\HZORpiq.exe
  2⤵
  PID:9600
- C:\Windows\System\BjMTOoS.exe
  C:\Windows\System\BjMTOoS.exe
  2⤵
  PID:9616
- C:\Windows\System\oeezoCi.exe
  C:\Windows\System\oeezoCi.exe
  2⤵
  PID:9632
- C:\Windows\System\cPoIOJi.exe
  C:\Windows\System\cPoIOJi.exe
  2⤵
  PID:9648
- C:\Windows\System\UMEJMqI.exe
  C:\Windows\System\UMEJMqI.exe
  2⤵
  PID:9664
- C:\Windows\System\UTXEiNI.exe
  C:\Windows\System\UTXEiNI.exe
  2⤵
  PID:9680
- C:\Windows\System\opqRrYS.exe
  C:\Windows\System\opqRrYS.exe
  2⤵
  PID:9696
- C:\Windows\System\CJqWejc.exe
  C:\Windows\System\CJqWejc.exe
  2⤵
  PID:9712
- C:\Windows\System\qAdBriE.exe
  C:\Windows\System\qAdBriE.exe
  2⤵
  PID:9728
- C:\Windows\System\sxymPCR.exe
  C:\Windows\System\sxymPCR.exe
  2⤵
  PID:9744
- C:\Windows\System\gkRufRC.exe
  C:\Windows\System\gkRufRC.exe
  2⤵
  PID:9760
- C:\Windows\System\wufJskl.exe
  C:\Windows\System\wufJskl.exe
  2⤵
  PID:9776
- C:\Windows\System\YoxaYFx.exe
  C:\Windows\System\YoxaYFx.exe
  2⤵
  PID:9792
- C:\Windows\System\yNWRQXL.exe
  C:\Windows\System\yNWRQXL.exe
  2⤵
  PID:9808
- C:\Windows\System\YELXTJB.exe
  C:\Windows\System\YELXTJB.exe
  2⤵
  PID:9824
- C:\Windows\System\jXXfnbp.exe
  C:\Windows\System\jXXfnbp.exe
  2⤵
  PID:9840
- C:\Windows\System\IxqQeiT.exe
  C:\Windows\System\IxqQeiT.exe
  2⤵
  PID:9856
- C:\Windows\System\REFjXbX.exe
  C:\Windows\System\REFjXbX.exe
  2⤵
  PID:9876
- C:\Windows\System\EXcabJx.exe
  C:\Windows\System\EXcabJx.exe
  2⤵
  PID:9892
- C:\Windows\System\sGWfJcC.exe
  C:\Windows\System\sGWfJcC.exe
  2⤵
  PID:9908
- C:\Windows\System\cxAxdPX.exe
  C:\Windows\System\cxAxdPX.exe
  2⤵
  PID:9924
- C:\Windows\System\Zrdlsnn.exe
  C:\Windows\System\Zrdlsnn.exe
  2⤵
  PID:9940
- C:\Windows\System\OUyAMPw.exe
  C:\Windows\System\OUyAMPw.exe
  2⤵
  PID:9956
- C:\Windows\System\mKFbsOy.exe
  C:\Windows\System\mKFbsOy.exe
  2⤵
  PID:9972
- C:\Windows\System\KNStXxq.exe
  C:\Windows\System\KNStXxq.exe
  2⤵
  PID:9988
- C:\Windows\System\HFLOfvo.exe
  C:\Windows\System\HFLOfvo.exe
  2⤵
  PID:10004
- C:\Windows\System\bLodLfv.exe
  C:\Windows\System\bLodLfv.exe
  2⤵
  PID:10020
- C:\Windows\System\QzPnAKj.exe
  C:\Windows\System\QzPnAKj.exe
  2⤵
  PID:10036
- C:\Windows\System\XJhQgCg.exe
  C:\Windows\System\XJhQgCg.exe
  2⤵
  PID:10052
- C:\Windows\System\umAGPvC.exe
  C:\Windows\System\umAGPvC.exe
  2⤵
  PID:10068
- C:\Windows\System\VOSsttA.exe
  C:\Windows\System\VOSsttA.exe
  2⤵
  PID:10084
- C:\Windows\System\VtwdodT.exe
  C:\Windows\System\VtwdodT.exe
  2⤵
  PID:10100
- C:\Windows\System\QtNnAui.exe
  C:\Windows\System\QtNnAui.exe
  2⤵
  PID:10116
- C:\Windows\System\UdMPNAX.exe
  C:\Windows\System\UdMPNAX.exe
  2⤵
  PID:10132
- C:\Windows\System\XPrrZBq.exe
  C:\Windows\System\XPrrZBq.exe
  2⤵
  PID:10148
- C:\Windows\System\RFWYjsa.exe
  C:\Windows\System\RFWYjsa.exe
  2⤵
  PID:10164
- C:\Windows\System\rfiMGPs.exe
  C:\Windows\System\rfiMGPs.exe
  2⤵
  PID:10180
- C:\Windows\System\JvGbRqf.exe
  C:\Windows\System\JvGbRqf.exe
  2⤵
  PID:10196
- C:\Windows\System\avvhxzN.exe
  C:\Windows\System\avvhxzN.exe
  2⤵
  PID:10212
- C:\Windows\System\qdZroef.exe
  C:\Windows\System\qdZroef.exe
  2⤵
  PID:10228
- C:\Windows\System\ZsTXESY.exe
  C:\Windows\System\ZsTXESY.exe
  2⤵
  PID:2136
- C:\Windows\System\YNotsZf.exe
  C:\Windows\System\YNotsZf.exe
  2⤵
  PID:9268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AJMGiyx.exe

Filesize
6.0MB

MD5
c9212d449a380ec43a16057df56559c6

SHA1
952e0e0f23203f1ab8f17ab4c7346eca178aeb65

SHA256
ddd51a8ce01e7ffc768a5729a4646063cecdaca3b01d8977270cdd05f77cfd4a

SHA512
0c29f70428760e3423ad30d9d1010b3ac0ac16bab6877105cdfaa806e34c94cb6cde01871df19651df30c47ecfff578425a9074f43d63e8b712587ec088e20f7

Download Submit
C:\Windows\system\BNDNfRk.exe

Filesize
6.0MB

MD5
aa180e00b34f418d9eb38e43dd41b3e0

SHA1
446bbd3bf80b9f8a1dd22ec94c4fff67f388cd97

SHA256
570e6edc86a0fd924087e5736c530585adea8447eecf3694b8bdfa8c22d40185

SHA512
1b3bdae3678884eb2e69365cd6b9378174354eda2e284bac8b1206ef1b7a7e34f17c1f9e01d01a6378394040d82fa23d3610a8be41728900fd1cda20c70ea884

Download Submit
C:\Windows\system\DmAxrrC.exe

Filesize
6.0MB

MD5
b1c52909acc2d191e0e76a271297c98a

SHA1
e6cf446a10fef45c2a6eb6d448f117a0ab63dfdb

SHA256
63106419a381600b753345db1a4cfc3313fe928fc749aa3fdaa0445a6a2ea0b1

SHA512
b4b772358af1875b30718fc2898ad4d35a4736617dca178a232fef45a39c6df3241dba999332ef8653fce2c6162605ec9d5992fe850905e7019cd8b3a5f1899e

Download Submit
C:\Windows\system\EAVyREX.exe

Filesize
6.0MB

MD5
ba42f5241080abe449e7b4df07272027

SHA1
b9521e585f31cc5afc22e1877e910a0c862b21e7

SHA256
d95caeeef4abb0e4b271fe9ae8cc0c10521ff89076e6a14fd7823dcd1e1b8273

SHA512
b7fb14dd3d6c9b04fe5159fcc52ab773050d29050350ecb772284f5796c3148f77d19dc3c65c7861d58d8bb0c399953f8af222ff02d100299706e82d6f63de21

Download Submit
C:\Windows\system\EMDkGdX.exe

Filesize
6.0MB

MD5
d2796c549e3fddf0679647c28edd606b

SHA1
e68581ddd3a8e0fff811425118f10cc19c28f86b

SHA256
1b52334e3546b5427957b1a47c7115569de49bf3b8f0d24cdde1badc4df1c1dd

SHA512
f6e621afb05c0402aafd290a137e5cbd4f51eb831a1e0066913458feee74e5669332c63aca529a650b7249332d8fabe97500d4f57ec65c1e59da3f923f7009d4

Download Submit
C:\Windows\system\GXmbGHT.exe

Filesize
6.0MB

MD5
3265e7020e885c82a3ca0591dba710bd

SHA1
ec57f41f8a262ca0604bd5d580297bd8af8638b4

SHA256
c63413ca2ff2acb045dee52daa3e13356da431efb014cf6f28e4ecb83a64d72d

SHA512
9761402ac09c4ecc25c1b265517fa3582bea38c87153c039f895a244fade728d03d1ac03d2e2fbb5c24672f1bd3767f35e3ac2564c6c99009fc4db42a96f9156

Download Submit
C:\Windows\system\JbFZRMQ.exe

Filesize
6.0MB

MD5
3e26b5006265ae4bca5ede9344963525

SHA1
34009a470cc784ca9dfd7c9ccf3934c3ff411516

SHA256
e84eb41ae69140e2c57f5899fe8dce5c7804ec1b9f9658b2afcf0ed0bd652286

SHA512
27b72effa7d1251b14bac08b9bb08337a409f7d10ccbcb60536d05837ea58874f1a71dace1b0f30cb05f120e76b4545fab7990366c91b5b5906908f54483ad72

Download Submit
C:\Windows\system\MJhRqhI.exe

Filesize
6.0MB

MD5
8e33c0a91120164c8a5c69946cb9a9ed

SHA1
39c92ed4118a8a2c82e062ad3e42f4daf9d4990f

SHA256
89d47bf38335926eb06909e8ba11893b2fd214d2cfca2f37b049e13494ddaef8

SHA512
622153c4e94415aa1cd266487696d952a306e9352b3da70a1884fbbbd80727c493f3c576cc6834cbdabf041f9480e92e3216f6511d6576bd799e82c9616193de

Download Submit
C:\Windows\system\WFthdfc.exe

Filesize
6.0MB

MD5
60da7339e9f11db1ef3b4db63295913e

SHA1
01213ab60098be549225a38ce9ab152fcd85b75b

SHA256
016063b58a3b10ca4c14ade2172663c08d703017bde81407937ecbad41b0cc41

SHA512
a0b495fc2afa41a9263091937c82c6ac8ded4950f46f5b82566989ee31720e75011d7b5a41e96146d922d5308255f9b0f98d4dc5ceccb3e27816fdaf7cfb31c5

Download Submit
C:\Windows\system\XLcvMbx.exe

Filesize
6.0MB

MD5
415f29c8acd09b847adb4d5162c3cf89

SHA1
50ef494de5f3fc5f27bc2094d8d1380a4cf320d3

SHA256
5b67505e32bdaea260e7050f30360f9c44da5ab09a692874c0f3e949c5378903

SHA512
fec6cdc1a594cf7be58ebe00df55c62dcf11d76ecf0256a6ce0e94a04a7e5dfffee9003fe5ce90f65841e7fff3d4043162d1a9054d5bfb64e06ff07dda9649b0

Download Submit
C:\Windows\system\YhKtqiU.exe

Filesize
6.0MB

MD5
7c2298ef89ba51a5aad82dc6ee9aae2b

SHA1
6c41c2c71204ef70f3f93e403c6f1530c795b8fe

SHA256
82c42e92fff9e241ee91b0eb9b6ccef4cb9376885c50230d1ee1952d6785602b

SHA512
3822d69e256f34c4cee359cb892d22a23e64d9c3dccc4b7ea9074694dd1f771209a036e3e11ab4b5f2e3d0dbfadcbf91be2416434eb8ecf388cbacd7646f1040

Download Submit
C:\Windows\system\ZVKEMtg.exe

Filesize
6.0MB

MD5
91fcf220dec3d86bb1a5f954d04a5faf

SHA1
5457cfa830c0c421c9cae199e049b3cfe3c14a2c

SHA256
14510a0def1784e4969a86edadd63be959ffd24d614190c0a1ba3e4b25744094

SHA512
b666e5e4436d9ef8eacfbf633edcaab6a0cf97f06678f893336acdcfb8a02bf9ae04d0049740f44bdfea3071a1e0ead2ea27e05cc01e2ea7ef664c98ba0ee232

Download Submit
C:\Windows\system\aYCOcBM.exe

Filesize
6.0MB

MD5
b336e45ada90f9974d209575713baa28

SHA1
20c69c5a607d3bc7f36a0333c5a01dc2a38e26b5

SHA256
d4a514b503edb945bbdd8b37147951f6df6daee27eb00b08b7b83449e18448cf

SHA512
c7b17dc276c2574e31b18ee17f4216be434e6012641c0e8ae5fd34e46885bb3028846e02666e039fab7a042f121caeb93f934035bbfccca6dbe22d53b1da2a56

Download Submit
C:\Windows\system\cYdobhY.exe

Filesize
6.0MB

MD5
aab634a463f39ac9a2ee53e7f6e0a7f2

SHA1
ee9443996acf3d2e2415de8d210bc37c6f73c4e6

SHA256
fe771654571318fe71b896c40bbd100c6ac133d4fcbd9add6daf8eee56fe6728

SHA512
bea933713ce7b2a9277b99456c1b22d08d15c6aebac90f1985b66bd698f0b1cf28a484cd222752de45fa0d5def415c855b92a54a039659f6949679057badda9b

Download Submit
C:\Windows\system\dMYJOSU.exe

Filesize
6.0MB

MD5
5ae4680f21b270f8fdbfb1e1dfbe5f95

SHA1
8c853fbf09933f6ef7cbc9dfe99f03ecae6f589d

SHA256
a224dc4c78dffaefd873e957f59553a4d91da255787e6472669be979e2aa7eea

SHA512
a596901c933a18715813fb81a565fbb77308427bdeb9a9bcc696d9092c194b72ae44e49c0ee7092ab687fc441ab385e02b052f644f666bf70b2805d3980379e6

Download Submit
C:\Windows\system\ecXNHpW.exe

Filesize
6.0MB

MD5
357c5e641a9edd8cc619160fbb841d09

SHA1
4777218892a24df5e3166f38699f600d7d2bec6d

SHA256
1aa60647f337308afa0239a1feb2479157b87c27c3e111de79c7b3399c0680a4

SHA512
0ae4c27b46e8cbb4635ec3689cfb112ffefaa721b3c8a086fbb9bf4ce527988059ea8d945f0ec4062c3001db04e8dfa50b516920d89eda523eb478c57e41452d

Download Submit
C:\Windows\system\fAjLoXJ.exe

Filesize
6.0MB

MD5
3dd24797bb34c02a5dfa5861e08e8dc2

SHA1
66fabd6248fa1b8cf242cc10efac029980418aca

SHA256
793ad2e98c42936837f4e06a6dd4738cd9cef888467b066eaf5c75d7208e0ed3

SHA512
49712d1abe603c87784d9d3d1d446febf505d9e6990022717313ea5d69fd3727b055fd082a8edd44920d083cdc1979f1bcdd8a8806f9379188b6dcc21f767574

Download Submit
C:\Windows\system\iopzQkq.exe

Filesize
6.0MB

MD5
2fefbfdedb05b697bd0c0c7bc9385298

SHA1
4d171075d33d324811232a781491a2f28c766834

SHA256
1cf22b70eff499804ae6ffdf0238934825792e847a18207efe1152528c395502

SHA512
a499bc80213161ec55178850764a46df8cb5d81ee7c95ea4434428fcc045dedd3fd3264e8447a6775bbc9116587bf8fcb8b7f22cc56f4ec34b3a064497e043b3

Download Submit
C:\Windows\system\mcmLzkQ.exe

Filesize
6.0MB

MD5
b31c2b89b427376331b328b20ecdaf08

SHA1
7459e13982d3e894cc4a4dbe4a3fb227b116400d

SHA256
d19476b1dfcdbd5e6f77d3d9e9e781698a4eed92b94553d4c91ce9d362bd2282

SHA512
fa9641c8c351f68b4f8a4e94b8a37cceff6482e5eb71cabfb37e1a8deb0dfeeea47873f95791a1e00e5439ee2c42e4e74e9e86c0d7b652cfd959f7cc1c0bff53

Download Submit
C:\Windows\system\mmlgMsd.exe

Filesize
6.0MB

MD5
04d68f01a9deed2f597ce39d7e7a2390

SHA1
69391e90637c2b476ce1f55152a95f7bb4a834ce

SHA256
02fd79739225254f826adefdbc0557b60fa8c58a77dbef04fe04aed186d20ea0

SHA512
6131bf409b733112917d65b9baddbbfb45dec026d8bea77c7e38a0e7b47019df84836c7709d77eabdbd86015041a0488d3ebe2de55c085d7d01801c876d90677

Download Submit
C:\Windows\system\ngqZYvJ.exe

Filesize
6.0MB

MD5
0f4f36b50a9067b249950f7afadb8e6a

SHA1
bcec0e34866ded9b81f22214843daeaf2c0110cf

SHA256
5b9bb6bffb9a80b5a8ee56ec4fc9b25f42b613853fc34cccbae17f907b4aab28

SHA512
6e90c54996f8ffe0f76560d5d372c35f7b2e0924b1724c3d6ae3427177a152fe2665f6d832367d73b48514ec4421a4cd13f45f01ae3fa19b3f834741a44248a8

Download Submit
C:\Windows\system\nxZxOcw.exe

Filesize
6.0MB

MD5
9bbe5bdcd55c9890393f829d216ee432

SHA1
585ee74ad633f28da078b8347b99fe8081769055

SHA256
d9b75858ede620970f07aacf3a9fb5304148f20bd2abbadf3225f61032bbca32

SHA512
cd37238ca83c59777d5a31f90ef99961233555e124e827f5cc512345154d5f153b3ab046ccac03f9520d0fb2339073f6a18ef3c40c967ffe437a3ed510a6230d

Download Submit
C:\Windows\system\oRTrsKG.exe

Filesize
6.0MB

MD5
bb3bb7cc4450f7dd9e7f60150c1de3f5

SHA1
413a422b7d2778601a3d7311b19dc777b2a9ddce

SHA256
41bf60a0a2142a32da1c244e40b19365557219c8a5dd0d96acb367bc70231e0d

SHA512
415dd3e84784103945e1ae83e0c6cc8080f9829c5e39dab4cc7a13062c0b27d214909e4c5305495ad12eb868fc2e2ea1fedb229aed23ea7ac54b979167c2b9a9

Download Submit
C:\Windows\system\tgffjfB.exe

Filesize
6.0MB

MD5
7274714caf3ca6cb726c2b2ff50c0134

SHA1
d0d99019547462563a4efed5f16af04e4fc06ce6

SHA256
6589bb6eca77e28f5bf8e2d205c79d7e0c9c40cb98948ec9cf7ec3b58382f355

SHA512
7abad1cb57bcf253ac41827f39ed497de0d9400f288caa43f1aacc54d30819a58848ee68139414f1b81ac816ff8179280112110c735ba6eb4878463c56dad9f0

Download Submit
C:\Windows\system\vKxdZUT.exe

Filesize
6.0MB

MD5
ee1097c3b18b4e3bbb8678631882f156

SHA1
f0b4e3bf17dc5d1d230adb2445e69440e94e28b0

SHA256
7acbad754087a19e0e152c68b1b97db8ffd021f119fca9e7769c74446a1c499e

SHA512
ee991e1de029e3e684dca1b46b01406c1b56b21af8ed6d6bee062efa98d1379e72cafe57924e2d70631e2b37f6a65417e1e858fe71ad3a3630f2a7d0874d50cb

Download Submit
C:\Windows\system\vUQJqJv.exe

Filesize
6.0MB

MD5
d3397572e0537b37da5ec1b2d6bed103

SHA1
02a18a7edb686f538838d16401d453dba59e2eda

SHA256
0c7ffecd0af1391376e2a3c56a51582a9d689b8c360785be568b79a1b86146f1

SHA512
419caea626a4112a16a48c750853d9921578b57d9664e03cd46e453b0a20f9fa1e78df1cc7506d9b63cd428318d2632b27a3ca4b4bdb99488f978f8940102d34

Download Submit
C:\Windows\system\xSypchL.exe

Filesize
6.0MB

MD5
925174dba6b81aaf2cb0c934c016a0e3

SHA1
7b79b76a1142c41f738829b5224f8f1a3a9f6c12

SHA256
f993b0ef454e35235bf700a183e746632b66413d0e16bbb01d84ec784e9b3bcb

SHA512
478ba8702b21cd05b3ac6c08e65c768256bc2627e93b16fdb3f6e7fe68861f721b14fd9b298b8c98c6ef79bddeabf9cf07da6bb3a109e77866f4ebb79bef80eb

Download Submit
C:\Windows\system\ysDpyAG.exe

Filesize
6.0MB

MD5
bbc51ac78f009dbae0f40690fe976df9

SHA1
bb76b92f9d04cda195c072b68e739e3ddea4e483

SHA256
430d7d141a3d1c2939c0503073bfea7a9df05dd607248e54f234c0b84e7db14a

SHA512
97b2dc382f4203913523ff0730f1476ce0a84776d89e5f50f5e0325ae83a804cff98fe54a23d9b19581dcd828b6f1ad495349dff1aa2ab0d0fcb42ce73e4b4b4

Download Submit
C:\Windows\system\zNtfDxA.exe

Filesize
6.0MB

MD5
5fa0b9cf3a23e421773ec2203955d929

SHA1
ccdd352f233db1b4235f7e1815f21ce6ad3411be

SHA256
2db5d5ead8f3b3b57fb7f5f4f43a0d41a87b6a9582057f6502414b86e32e39c2

SHA512
c35ada1538e67b38d47ffd03ab5715060a5f3b7f39530b225a32125460b798d80338d733f4020b32af30bebea1d5cb70b0984c97af221adcffccd61cef1cde5b

Download Submit
\Windows\system\NiRdBXt.exe

Filesize
6.0MB

MD5
9ad8d3cc782a8c1fb1ad2dc9d07d593c

SHA1
c7d6550ccebd58853ab7a592f08df7cf39d50dfc

SHA256
b254efee2cd6333e0a8ae0bb145b6f5e04f7969477e3a2dda4ed04698fe63580

SHA512
d9ede8d58df521f89e4fe94ba6ec69a213ca19fad130ef52f9645f6661fc042b1dcd701a665b2d74b40b7de6aadb8af128d32e0263ec8152df1f783905f173d3

Download Submit
\Windows\system\TDdRaCu.exe

Filesize
6.0MB

MD5
8dfed88801865e12942a51788d87bccc

SHA1
7c77e06c4a35f4f4c0461a4604c4b2e5846ee9b8

SHA256
55682e9ea19ad4e1e86c0685de17448466147239ce67f368a6f4065adf18485b

SHA512
cbd81556318ed38887043189e3c423fd82dc24187604609971ebc28d4763c99268c44d64408e8f57510c1ac2741adf6d7bf6a5e0ebddac30b431daa0630538d3

Download Submit
\Windows\system\YtcYFFB.exe

Filesize
6.0MB

MD5
bba65e668c908dee4bf3f345809d21c4

SHA1
8803f72f3b7c4b8b2726ebb9eec883171040ea3d

SHA256
da5a38fe78c3e87f9c614de2df2bffea5942dea541de2c36a7db57096cc47a11

SHA512
19d63ecd6f044680b3707b8ead62dc50142bd1af91ec737b46ed32a185b4ab837405a354699c5711d15fc54875a5aed2e394438e759572ec7d06744395484393

Download Submit
\Windows\system\uZmHRVq.exe

Filesize
6.0MB

MD5
54dbf02219f8ec85d8b7ddf9e69e9674

SHA1
7c6cbaddd87b8328be4c355bd9c464f77181cf19

SHA256
fdb52ef4cce33cb17597fd1c2d139740965457a7a34472018c56d2b0e574a8e4

SHA512
c5a851a52221eca00716ed506d0f328c2cfaa17591777acfab153f7efdcd4544e0dc6c3b0c365260e76e4fa42f4846eeef335eebf4f88cd7b5683960382ec8e9

Download Submit
memory/932-12-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/932-1577-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1044-88-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1044-1641-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1276-1583-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1276-23-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1276-56-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1348-91-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1348-1657-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1664-28-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1664-67-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1664-1578-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2128-498-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-97-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-1777-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-64-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-123-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-229-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-726-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-57-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-40-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-98-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2220-50-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-0-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2220-8-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-35-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2220-100-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-89-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-90-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-72-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-13-0x00000000024E0000-0x0000000002834000-memory.dmp

Filesize
3.3MB

Download
memory/2220-20-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2220-93-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-101-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-59-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-1638-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-73-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-2367-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-126-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1634-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-66-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-49-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-15-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-1576-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-51-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1589-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-1580-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2860-36-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2892-1581-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2892-41-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2892-85-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2928-725-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2928-102-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2928-1781-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download