cobaltstrike | 0423685eba3f6398534a7afe296cc5abcf607e986706308f4a0b65513ae22716

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

3b8b9c09ca5d6978d5ebcc6964479b4f
SHA1

b97cb2cb31a7fed752948dfa3c8689e1fa581553
SHA256

0423685eba3f6398534a7afe296cc5abcf607e986706308f4a0b65513ae22716
SHA512

f0c71b74e47595a6d654457478f2cc899e2dc26a84498602a8a3d728efb39bc4542cfa2f4a858d8929469a89b2148b51b6275299f2dd930c3ca2314159625d81
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUG:eOl56utgpPF8u/7G

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b0000000122cf-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018780-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b68-17.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018bf3-26.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019223-32.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019240-46.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000019230-39.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001932d-52.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018710-59.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-83.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2384-0-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x000b0000000122cf-3.dat	xmrig
behavioral1/memory/2384-6-0x00000000022E0000-0x0000000002634000-memory.dmp	xmrig
behavioral1/files/0x0007000000018780-11.dat	xmrig
behavioral1/memory/1260-16-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/1644-15-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b68-17.dat	xmrig
behavioral1/memory/568-22-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x0007000000018bf3-26.dat	xmrig
behavioral1/memory/2384-25-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x0006000000019223-32.dat	xmrig
behavioral1/memory/2384-38-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2860-40-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2740-42-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2884-47-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/files/0x0008000000019240-46.dat	xmrig
behavioral1/memory/1644-44-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/files/0x0009000000019230-39.dat	xmrig
behavioral1/memory/568-49-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x000600000001932d-52.dat	xmrig
behavioral1/memory/2744-56-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2664-58-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000018710-59.dat	xmrig
behavioral1/memory/2640-64-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-65.dat	xmrig
behavioral1/memory/2384-69-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/3000-72-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2740-67-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2884-74-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/1640-80-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001961c-79.dat	xmrig
behavioral1/memory/2384-78-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019926-92.dat	xmrig
behavioral1/memory/2384-90-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2384-112-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2648-113-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/844-104-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x0005000000019667-102.dat	xmrig
behavioral1/files/0x0005000000019c57-124.dat	xmrig
behavioral1/files/0x0005000000019cba-128.dat	xmrig
behavioral1/files/0x0005000000019dbf-140.dat	xmrig
behavioral1/files/0x0005000000019f8a-144.dat	xmrig
behavioral1/files/0x000500000001a07e-154.dat	xmrig
behavioral1/memory/2384-763-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/844-627-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/1640-522-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/3000-386-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2384-311-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2640-250-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41e-176.dat	xmrig
behavioral1/files/0x000500000001a41d-173.dat	xmrig
behavioral1/files/0x000500000001a41b-168.dat	xmrig
behavioral1/files/0x000500000001a359-164.dat	xmrig
behavioral1/files/0x000500000001a09e-160.dat	xmrig
behavioral1/files/0x000500000001a075-152.dat	xmrig
behavioral1/files/0x0005000000019f94-148.dat	xmrig
behavioral1/files/0x0005000000019d8e-136.dat	xmrig
behavioral1/files/0x0005000000019cca-132.dat	xmrig
behavioral1/files/0x0005000000019c3e-121.dat	xmrig
behavioral1/files/0x0005000000019c3c-117.dat	xmrig
behavioral1/files/0x0005000000019c34-100.dat	xmrig
behavioral1/files/0x00050000000196a1-99.dat	xmrig
behavioral1/files/0x000500000001961e-83.dat	xmrig
behavioral1/memory/1644-3641-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1644	rgkJbCX.exe
1260	jCSpAAE.exe
568	VQESWCf.exe
2744	zHQJEXR.exe
2860	fBYFEoo.exe
2740	fiVNinw.exe
2884	Kkjevpi.exe
2664	adiYfBj.exe
2640	LReNjTQ.exe
3000	KNOKOXj.exe
1640	IWCoXIF.exe
844	mgYxFDp.exe
2648	YyuiOQs.exe
276	bipNYUv.exe
396	RuJyURn.exe
1056	eeVZzkY.exe
1324	rCBRvuG.exe
280	vCdzuCh.exe
1396	gunCDUA.exe
1280	pnEoQRX.exe
1040	ckQgaxz.exe
2184	KTvhUfO.exe
2436	zCdiZwm.exe
764	oTakhbk.exe
2948	LuVKMkq.exe
2200	dDeHTTR.exe
2940	dDYbtHY.exe
2164	RSyPWZn.exe
2228	PQHMkQn.exe
2340	JzDbhOe.exe
1276	Zqwinso.exe
1248	WjJECWN.exe
1816	AhuseNm.exe
792	gCpSEFV.exe
2804	mQAijsq.exe
684	YxoFfJP.exe
1932	hKMNXrO.exe
1904	gChHCYy.exe
1908	uSMYDll.exe
1776	lIdJNhO.exe
1716	PZDMjrP.exe
2492	MHbCUpX.exe
2144	WrEiSDP.exe
2456	awwJFmK.exe
1612	BiUrRTp.exe
3056	aosYFpr.exe
3032	znBCaCp.exe
1320	kHLGBxe.exe
680	HGPPpmI.exe
2344	UgiBTAG.exe
2236	tjsEyya.exe
1960	fvnNkNe.exe
828	gRqlHvR.exe
2996	aIzScxn.exe
1964	NxxNLMC.exe
2552	KilKoJx.exe
3028	nyIHlnN.exe
2976	oknAOzo.exe
1552	PHCkcPw.exe
2536	RmftTKX.exe
2544	rdZOFZn.exe
2316	cuhFaMH.exe
2756	DMZnyOJ.exe
2944	YggJNGL.exe

Loads dropped DLL 64 IoCs

pid	Process
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2384-0-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x000b0000000122cf-3.dat	upx
behavioral1/memory/2384-6-0x00000000022E0000-0x0000000002634000-memory.dmp	upx
behavioral1/files/0x0007000000018780-11.dat	upx
behavioral1/memory/1260-16-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/1644-15-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/files/0x0007000000018b68-17.dat	upx
behavioral1/memory/568-22-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x0007000000018bf3-26.dat	upx
behavioral1/memory/2384-25-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x0006000000019223-32.dat	upx
behavioral1/memory/2384-38-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2860-40-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2740-42-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2884-47-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x0008000000019240-46.dat	upx
behavioral1/memory/1644-44-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/files/0x0009000000019230-39.dat	upx
behavioral1/memory/568-49-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x000600000001932d-52.dat	upx
behavioral1/memory/2744-56-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2664-58-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x0008000000018710-59.dat	upx
behavioral1/memory/2640-64-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x000500000001960c-65.dat	upx
behavioral1/memory/3000-72-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2740-67-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2884-74-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/1640-80-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x000500000001961c-79.dat	upx
behavioral1/files/0x0005000000019926-92.dat	upx
behavioral1/memory/2648-113-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/844-104-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x0005000000019667-102.dat	upx
behavioral1/files/0x0005000000019c57-124.dat	upx
behavioral1/files/0x0005000000019cba-128.dat	upx
behavioral1/files/0x0005000000019dbf-140.dat	upx
behavioral1/files/0x0005000000019f8a-144.dat	upx
behavioral1/files/0x000500000001a07e-154.dat	upx
behavioral1/memory/844-627-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/1640-522-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/3000-386-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2640-250-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x000500000001a41e-176.dat	upx
behavioral1/files/0x000500000001a41d-173.dat	upx
behavioral1/files/0x000500000001a41b-168.dat	upx
behavioral1/files/0x000500000001a359-164.dat	upx
behavioral1/files/0x000500000001a09e-160.dat	upx
behavioral1/files/0x000500000001a075-152.dat	upx
behavioral1/files/0x0005000000019f94-148.dat	upx
behavioral1/files/0x0005000000019d8e-136.dat	upx
behavioral1/files/0x0005000000019cca-132.dat	upx
behavioral1/files/0x0005000000019c3e-121.dat	upx
behavioral1/files/0x0005000000019c3c-117.dat	upx
behavioral1/files/0x0005000000019c34-100.dat	upx
behavioral1/files/0x00050000000196a1-99.dat	upx
behavioral1/files/0x000500000001961e-83.dat	upx
behavioral1/memory/1644-3641-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2744-3647-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/1260-3652-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2860-3668-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2884-3656-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/568-3654-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2640-3854-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\YxoFfJP.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fPiEvEn.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lKhSccA.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BBpkRXx.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\erkSblc.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DaRlxWo.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTakhbk.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yLipPWu.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NZMsNEu.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ougvraH.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AdfNnWD.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ScBUPXG.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\avyAHkK.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OwliNTb.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NJQLDJL.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkqzFqw.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uEMWzKF.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbzYhsY.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQZRoNV.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mmmWsTm.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\exNtSQp.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XtbrjhM.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GaSfhtp.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xmJSozM.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WhZSQZF.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gwehHgy.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KTvhUfO.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLdicIZ.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VIDqskW.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDkbUpg.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQztqds.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNVEkFi.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rIIJhYS.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mXbqtJW.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ddOhTBD.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XkBdMVo.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DiDwAdG.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAjNGLo.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kETGuXD.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nKNuELs.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNUxFmH.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LorHZSJ.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RldOUnV.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kXUzGsN.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TKrwYcR.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tiLBKJX.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhuwauO.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YldxaGh.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uxDuwKB.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtZXDhM.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjGjWux.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMvzIIX.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zRwcfEb.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sHAfUez.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZlZledQ.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rzLCxVN.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iTGrsvF.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jmqUwoS.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vbiWCdL.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMSCdaG.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\InCbRLJ.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tcdCOYA.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkkyNtg.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VNuEbxG.exe	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 1260	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2384 wrote to memory of 1260	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2384 wrote to memory of 1260	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2384 wrote to memory of 1644	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2384 wrote to memory of 1644	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2384 wrote to memory of 1644	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2384 wrote to memory of 568	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2384 wrote to memory of 568	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2384 wrote to memory of 568	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2384 wrote to memory of 2744	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2384 wrote to memory of 2744	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2384 wrote to memory of 2744	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2384 wrote to memory of 2860	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2384 wrote to memory of 2860	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2384 wrote to memory of 2860	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2384 wrote to memory of 2740	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2384 wrote to memory of 2740	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2384 wrote to memory of 2740	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2384 wrote to memory of 2884	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2384 wrote to memory of 2884	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2384 wrote to memory of 2884	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2384 wrote to memory of 2664	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2384 wrote to memory of 2664	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2384 wrote to memory of 2664	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2384 wrote to memory of 2640	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2384 wrote to memory of 2640	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2384 wrote to memory of 2640	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2384 wrote to memory of 3000	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2384 wrote to memory of 3000	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2384 wrote to memory of 3000	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2384 wrote to memory of 1640	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2384 wrote to memory of 1640	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2384 wrote to memory of 1640	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2384 wrote to memory of 844	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2384 wrote to memory of 844	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2384 wrote to memory of 844	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2384 wrote to memory of 396	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2384 wrote to memory of 396	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2384 wrote to memory of 396	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2384 wrote to memory of 2648	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2384 wrote to memory of 2648	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2384 wrote to memory of 2648	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2384 wrote to memory of 1056	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2384 wrote to memory of 1056	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2384 wrote to memory of 1056	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2384 wrote to memory of 276	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2384 wrote to memory of 276	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2384 wrote to memory of 276	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2384 wrote to memory of 1324	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2384 wrote to memory of 1324	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2384 wrote to memory of 1324	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2384 wrote to memory of 280	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2384 wrote to memory of 280	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2384 wrote to memory of 280	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2384 wrote to memory of 1396	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2384 wrote to memory of 1396	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2384 wrote to memory of 1396	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2384 wrote to memory of 1280	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2384 wrote to memory of 1280	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2384 wrote to memory of 1280	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2384 wrote to memory of 1040	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2384 wrote to memory of 1040	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2384 wrote to memory of 1040	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2384 wrote to memory of 2184	2384	2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-22_3b8b9c09ca5d6978d5ebcc6964479b4f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\System\jCSpAAE.exe
  C:\Windows\System\jCSpAAE.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\rgkJbCX.exe
  C:\Windows\System\rgkJbCX.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\VQESWCf.exe
  C:\Windows\System\VQESWCf.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\zHQJEXR.exe
  C:\Windows\System\zHQJEXR.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\fBYFEoo.exe
  C:\Windows\System\fBYFEoo.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\fiVNinw.exe
  C:\Windows\System\fiVNinw.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\Kkjevpi.exe
  C:\Windows\System\Kkjevpi.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\adiYfBj.exe
  C:\Windows\System\adiYfBj.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\LReNjTQ.exe
  C:\Windows\System\LReNjTQ.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\KNOKOXj.exe
  C:\Windows\System\KNOKOXj.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\IWCoXIF.exe
  C:\Windows\System\IWCoXIF.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\mgYxFDp.exe
  C:\Windows\System\mgYxFDp.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\RuJyURn.exe
  C:\Windows\System\RuJyURn.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\YyuiOQs.exe
  C:\Windows\System\YyuiOQs.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\eeVZzkY.exe
  C:\Windows\System\eeVZzkY.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\bipNYUv.exe
  C:\Windows\System\bipNYUv.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\rCBRvuG.exe
  C:\Windows\System\rCBRvuG.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\vCdzuCh.exe
  C:\Windows\System\vCdzuCh.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\gunCDUA.exe
  C:\Windows\System\gunCDUA.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\pnEoQRX.exe
  C:\Windows\System\pnEoQRX.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\ckQgaxz.exe
  C:\Windows\System\ckQgaxz.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\KTvhUfO.exe
  C:\Windows\System\KTvhUfO.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\zCdiZwm.exe
  C:\Windows\System\zCdiZwm.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\oTakhbk.exe
  C:\Windows\System\oTakhbk.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\LuVKMkq.exe
  C:\Windows\System\LuVKMkq.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\dDeHTTR.exe
  C:\Windows\System\dDeHTTR.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\dDYbtHY.exe
  C:\Windows\System\dDYbtHY.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\RSyPWZn.exe
  C:\Windows\System\RSyPWZn.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\PQHMkQn.exe
  C:\Windows\System\PQHMkQn.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\JzDbhOe.exe
  C:\Windows\System\JzDbhOe.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\Zqwinso.exe
  C:\Windows\System\Zqwinso.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\WjJECWN.exe
  C:\Windows\System\WjJECWN.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\AhuseNm.exe
  C:\Windows\System\AhuseNm.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\gCpSEFV.exe
  C:\Windows\System\gCpSEFV.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\mQAijsq.exe
  C:\Windows\System\mQAijsq.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\YxoFfJP.exe
  C:\Windows\System\YxoFfJP.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\hKMNXrO.exe
  C:\Windows\System\hKMNXrO.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\gChHCYy.exe
  C:\Windows\System\gChHCYy.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\uSMYDll.exe
  C:\Windows\System\uSMYDll.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\lIdJNhO.exe
  C:\Windows\System\lIdJNhO.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\PZDMjrP.exe
  C:\Windows\System\PZDMjrP.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\MHbCUpX.exe
  C:\Windows\System\MHbCUpX.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\WrEiSDP.exe
  C:\Windows\System\WrEiSDP.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\awwJFmK.exe
  C:\Windows\System\awwJFmK.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\BiUrRTp.exe
  C:\Windows\System\BiUrRTp.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\aosYFpr.exe
  C:\Windows\System\aosYFpr.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\znBCaCp.exe
  C:\Windows\System\znBCaCp.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\kHLGBxe.exe
  C:\Windows\System\kHLGBxe.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\HGPPpmI.exe
  C:\Windows\System\HGPPpmI.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\UgiBTAG.exe
  C:\Windows\System\UgiBTAG.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\tjsEyya.exe
  C:\Windows\System\tjsEyya.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\fvnNkNe.exe
  C:\Windows\System\fvnNkNe.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\gRqlHvR.exe
  C:\Windows\System\gRqlHvR.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\aIzScxn.exe
  C:\Windows\System\aIzScxn.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\NxxNLMC.exe
  C:\Windows\System\NxxNLMC.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\KilKoJx.exe
  C:\Windows\System\KilKoJx.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\nyIHlnN.exe
  C:\Windows\System\nyIHlnN.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\oknAOzo.exe
  C:\Windows\System\oknAOzo.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\PHCkcPw.exe
  C:\Windows\System\PHCkcPw.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\RmftTKX.exe
  C:\Windows\System\RmftTKX.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\rdZOFZn.exe
  C:\Windows\System\rdZOFZn.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\cuhFaMH.exe
  C:\Windows\System\cuhFaMH.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\DMZnyOJ.exe
  C:\Windows\System\DMZnyOJ.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\YggJNGL.exe
  C:\Windows\System\YggJNGL.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\dSCnGyZ.exe
  C:\Windows\System\dSCnGyZ.exe
  2⤵
  PID:2616
- C:\Windows\System\OdCzWTR.exe
  C:\Windows\System\OdCzWTR.exe
  2⤵
  PID:2752
- C:\Windows\System\UKsAGKu.exe
  C:\Windows\System\UKsAGKu.exe
  2⤵
  PID:2424
- C:\Windows\System\tZQaMMm.exe
  C:\Windows\System\tZQaMMm.exe
  2⤵
  PID:2848
- C:\Windows\System\AbYVTck.exe
  C:\Windows\System\AbYVTck.exe
  2⤵
  PID:2928
- C:\Windows\System\pccVfYr.exe
  C:\Windows\System\pccVfYr.exe
  2⤵
  PID:2704
- C:\Windows\System\upTnmhS.exe
  C:\Windows\System\upTnmhS.exe
  2⤵
  PID:2720
- C:\Windows\System\nXOYEGX.exe
  C:\Windows\System\nXOYEGX.exe
  2⤵
  PID:2760
- C:\Windows\System\kiVZNBP.exe
  C:\Windows\System\kiVZNBP.exe
  2⤵
  PID:2784
- C:\Windows\System\ZvBktUZ.exe
  C:\Windows\System\ZvBktUZ.exe
  2⤵
  PID:2624
- C:\Windows\System\QJlqRYh.exe
  C:\Windows\System\QJlqRYh.exe
  2⤵
  PID:1664
- C:\Windows\System\pfaUFBp.exe
  C:\Windows\System\pfaUFBp.exe
  2⤵
  PID:2368
- C:\Windows\System\WTPojVA.exe
  C:\Windows\System\WTPojVA.exe
  2⤵
  PID:752
- C:\Windows\System\QpOwGhA.exe
  C:\Windows\System\QpOwGhA.exe
  2⤵
  PID:2348
- C:\Windows\System\DSKrwPb.exe
  C:\Windows\System\DSKrwPb.exe
  2⤵
  PID:664
- C:\Windows\System\DHeXkWK.exe
  C:\Windows\System\DHeXkWK.exe
  2⤵
  PID:2656
- C:\Windows\System\GCCELul.exe
  C:\Windows\System\GCCELul.exe
  2⤵
  PID:2576
- C:\Windows\System\whkBELZ.exe
  C:\Windows\System\whkBELZ.exe
  2⤵
  PID:1228
- C:\Windows\System\GYjnkCn.exe
  C:\Windows\System\GYjnkCn.exe
  2⤵
  PID:2668
- C:\Windows\System\PjfdfXn.exe
  C:\Windows\System\PjfdfXn.exe
  2⤵
  PID:1692
- C:\Windows\System\OzkrCiI.exe
  C:\Windows\System\OzkrCiI.exe
  2⤵
  PID:2080
- C:\Windows\System\haGjrGO.exe
  C:\Windows\System\haGjrGO.exe
  2⤵
  PID:1224
- C:\Windows\System\lYeyfng.exe
  C:\Windows\System\lYeyfng.exe
  2⤵
  PID:1940
- C:\Windows\System\qvTwMkC.exe
  C:\Windows\System\qvTwMkC.exe
  2⤵
  PID:2320
- C:\Windows\System\qItFhKD.exe
  C:\Windows\System\qItFhKD.exe
  2⤵
  PID:2952
- C:\Windows\System\HtLHOuV.exe
  C:\Windows\System\HtLHOuV.exe
  2⤵
  PID:2532
- C:\Windows\System\PBamqgG.exe
  C:\Windows\System\PBamqgG.exe
  2⤵
  PID:452
- C:\Windows\System\bCBtGmZ.exe
  C:\Windows\System\bCBtGmZ.exe
  2⤵
  PID:1288
- C:\Windows\System\JQijqQV.exe
  C:\Windows\System\JQijqQV.exe
  2⤵
  PID:1984
- C:\Windows\System\fKFYvWv.exe
  C:\Windows\System\fKFYvWv.exe
  2⤵
  PID:1072
- C:\Windows\System\MuRiShd.exe
  C:\Windows\System\MuRiShd.exe
  2⤵
  PID:1588
- C:\Windows\System\vVuFcch.exe
  C:\Windows\System\vVuFcch.exe
  2⤵
  PID:1304
- C:\Windows\System\mWBnqRo.exe
  C:\Windows\System\mWBnqRo.exe
  2⤵
  PID:1488
- C:\Windows\System\pSrLaFF.exe
  C:\Windows\System\pSrLaFF.exe
  2⤵
  PID:268
- C:\Windows\System\CxJzWPW.exe
  C:\Windows\System\CxJzWPW.exe
  2⤵
  PID:2060
- C:\Windows\System\GEkwpRp.exe
  C:\Windows\System\GEkwpRp.exe
  2⤵
  PID:3040
- C:\Windows\System\GIfSzxu.exe
  C:\Windows\System\GIfSzxu.exe
  2⤵
  PID:1912
- C:\Windows\System\KqSpUYp.exe
  C:\Windows\System\KqSpUYp.exe
  2⤵
  PID:996
- C:\Windows\System\FiFtWhH.exe
  C:\Windows\System\FiFtWhH.exe
  2⤵
  PID:2964
- C:\Windows\System\rFlAlVn.exe
  C:\Windows\System\rFlAlVn.exe
  2⤵
  PID:1968
- C:\Windows\System\bynQVyZ.exe
  C:\Windows\System\bynQVyZ.exe
  2⤵
  PID:2992
- C:\Windows\System\ndcBsYw.exe
  C:\Windows\System\ndcBsYw.exe
  2⤵
  PID:1656
- C:\Windows\System\FieMwUa.exe
  C:\Windows\System\FieMwUa.exe
  2⤵
  PID:2392
- C:\Windows\System\MXPARBE.exe
  C:\Windows\System\MXPARBE.exe
  2⤵
  PID:2724
- C:\Windows\System\oqGhLyj.exe
  C:\Windows\System\oqGhLyj.exe
  2⤵
  PID:2252
- C:\Windows\System\FnOGsjp.exe
  C:\Windows\System\FnOGsjp.exe
  2⤵
  PID:2028
- C:\Windows\System\ZClmQvw.exe
  C:\Windows\System\ZClmQvw.exe
  2⤵
  PID:2124
- C:\Windows\System\fcqpmcE.exe
  C:\Windows\System\fcqpmcE.exe
  2⤵
  PID:2852
- C:\Windows\System\fPiEvEn.exe
  C:\Windows\System\fPiEvEn.exe
  2⤵
  PID:2872
- C:\Windows\System\HGxfwdH.exe
  C:\Windows\System\HGxfwdH.exe
  2⤵
  PID:2676
- C:\Windows\System\pwQHFcS.exe
  C:\Windows\System\pwQHFcS.exe
  2⤵
  PID:3012
- C:\Windows\System\BHNLZxr.exe
  C:\Windows\System\BHNLZxr.exe
  2⤵
  PID:2672
- C:\Windows\System\tQMyEtN.exe
  C:\Windows\System\tQMyEtN.exe
  2⤵
  PID:340
- C:\Windows\System\isOOobL.exe
  C:\Windows\System\isOOobL.exe
  2⤵
  PID:2016
- C:\Windows\System\iuIJVIO.exe
  C:\Windows\System\iuIJVIO.exe
  2⤵
  PID:2792
- C:\Windows\System\TZuKiqz.exe
  C:\Windows\System\TZuKiqz.exe
  2⤵
  PID:2168
- C:\Windows\System\tEaHOxY.exe
  C:\Windows\System\tEaHOxY.exe
  2⤵
  PID:2212
- C:\Windows\System\uuXICgj.exe
  C:\Windows\System\uuXICgj.exe
  2⤵
  PID:1144
- C:\Windows\System\RhuwauO.exe
  C:\Windows\System\RhuwauO.exe
  2⤵
  PID:1112
- C:\Windows\System\xhQLSAH.exe
  C:\Windows\System\xhQLSAH.exe
  2⤵
  PID:1936
- C:\Windows\System\TrtoepW.exe
  C:\Windows\System\TrtoepW.exe
  2⤵
  PID:1860
- C:\Windows\System\qdgyZxy.exe
  C:\Windows\System\qdgyZxy.exe
  2⤵
  PID:3036
- C:\Windows\System\WipJKxp.exe
  C:\Windows\System\WipJKxp.exe
  2⤵
  PID:2356
- C:\Windows\System\dSnfXJe.exe
  C:\Windows\System\dSnfXJe.exe
  2⤵
  PID:1468
- C:\Windows\System\UlQgQhM.exe
  C:\Windows\System\UlQgQhM.exe
  2⤵
  PID:1540
- C:\Windows\System\ZLQHjvB.exe
  C:\Windows\System\ZLQHjvB.exe
  2⤵
  PID:2520
- C:\Windows\System\ddOhTBD.exe
  C:\Windows\System\ddOhTBD.exe
  2⤵
  PID:2880
- C:\Windows\System\IhEzDzv.exe
  C:\Windows\System\IhEzDzv.exe
  2⤵
  PID:2472
- C:\Windows\System\sOxjbkv.exe
  C:\Windows\System\sOxjbkv.exe
  2⤵
  PID:876
- C:\Windows\System\omZGzWa.exe
  C:\Windows\System\omZGzWa.exe
  2⤵
  PID:3008
- C:\Windows\System\zhKIRFm.exe
  C:\Windows\System\zhKIRFm.exe
  2⤵
  PID:1576
- C:\Windows\System\rKOqaim.exe
  C:\Windows\System\rKOqaim.exe
  2⤵
  PID:2516
- C:\Windows\System\XymhvVn.exe
  C:\Windows\System\XymhvVn.exe
  2⤵
  PID:2000
- C:\Windows\System\omVoSVV.exe
  C:\Windows\System\omVoSVV.exe
  2⤵
  PID:1924
- C:\Windows\System\jkZKMHX.exe
  C:\Windows\System\jkZKMHX.exe
  2⤵
  PID:916
- C:\Windows\System\CEmjNAN.exe
  C:\Windows\System\CEmjNAN.exe
  2⤵
  PID:1660
- C:\Windows\System\LWeBAzb.exe
  C:\Windows\System\LWeBAzb.exe
  2⤵
  PID:1680
- C:\Windows\System\OwliNTb.exe
  C:\Windows\System\OwliNTb.exe
  2⤵
  PID:2868
- C:\Windows\System\mWeBIyv.exe
  C:\Windows\System\mWeBIyv.exe
  2⤵
  PID:2628
- C:\Windows\System\OEXnHbE.exe
  C:\Windows\System\OEXnHbE.exe
  2⤵
  PID:1948
- C:\Windows\System\fsVsDDQ.exe
  C:\Windows\System\fsVsDDQ.exe
  2⤵
  PID:3084
- C:\Windows\System\dqoifBb.exe
  C:\Windows\System\dqoifBb.exe
  2⤵
  PID:3100
- C:\Windows\System\UTXKiMc.exe
  C:\Windows\System\UTXKiMc.exe
  2⤵
  PID:3116
- C:\Windows\System\Ghxtuaw.exe
  C:\Windows\System\Ghxtuaw.exe
  2⤵
  PID:3132
- C:\Windows\System\XkBdMVo.exe
  C:\Windows\System\XkBdMVo.exe
  2⤵
  PID:3148
- C:\Windows\System\CLfFVLz.exe
  C:\Windows\System\CLfFVLz.exe
  2⤵
  PID:3164
- C:\Windows\System\psyXtrO.exe
  C:\Windows\System\psyXtrO.exe
  2⤵
  PID:3180
- C:\Windows\System\UMZHJoq.exe
  C:\Windows\System\UMZHJoq.exe
  2⤵
  PID:3196
- C:\Windows\System\TBkIKhI.exe
  C:\Windows\System\TBkIKhI.exe
  2⤵
  PID:3212
- C:\Windows\System\EvFMXAk.exe
  C:\Windows\System\EvFMXAk.exe
  2⤵
  PID:3228
- C:\Windows\System\xvMnJhD.exe
  C:\Windows\System\xvMnJhD.exe
  2⤵
  PID:3244
- C:\Windows\System\agDzhsz.exe
  C:\Windows\System\agDzhsz.exe
  2⤵
  PID:3260
- C:\Windows\System\cViIhbK.exe
  C:\Windows\System\cViIhbK.exe
  2⤵
  PID:3276
- C:\Windows\System\vdCtaTJ.exe
  C:\Windows\System\vdCtaTJ.exe
  2⤵
  PID:3292
- C:\Windows\System\RldOUnV.exe
  C:\Windows\System\RldOUnV.exe
  2⤵
  PID:3308
- C:\Windows\System\LwfoDpf.exe
  C:\Windows\System\LwfoDpf.exe
  2⤵
  PID:3324
- C:\Windows\System\SSzDGOb.exe
  C:\Windows\System\SSzDGOb.exe
  2⤵
  PID:3340
- C:\Windows\System\COKCSVz.exe
  C:\Windows\System\COKCSVz.exe
  2⤵
  PID:3356
- C:\Windows\System\ySLSuWV.exe
  C:\Windows\System\ySLSuWV.exe
  2⤵
  PID:3372
- C:\Windows\System\zKjfhSK.exe
  C:\Windows\System\zKjfhSK.exe
  2⤵
  PID:3388
- C:\Windows\System\KISOMOI.exe
  C:\Windows\System\KISOMOI.exe
  2⤵
  PID:3404
- C:\Windows\System\ztrXDlU.exe
  C:\Windows\System\ztrXDlU.exe
  2⤵
  PID:3420
- C:\Windows\System\xShzgWp.exe
  C:\Windows\System\xShzgWp.exe
  2⤵
  PID:3436
- C:\Windows\System\duiqHIT.exe
  C:\Windows\System\duiqHIT.exe
  2⤵
  PID:3452
- C:\Windows\System\dSmgmib.exe
  C:\Windows\System\dSmgmib.exe
  2⤵
  PID:3472
- C:\Windows\System\SJyTGCo.exe
  C:\Windows\System\SJyTGCo.exe
  2⤵
  PID:3488
- C:\Windows\System\YmYxBYs.exe
  C:\Windows\System\YmYxBYs.exe
  2⤵
  PID:3504
- C:\Windows\System\zYUfhwe.exe
  C:\Windows\System\zYUfhwe.exe
  2⤵
  PID:3520
- C:\Windows\System\DLNgWUT.exe
  C:\Windows\System\DLNgWUT.exe
  2⤵
  PID:3540
- C:\Windows\System\JsWEXNz.exe
  C:\Windows\System\JsWEXNz.exe
  2⤵
  PID:3556
- C:\Windows\System\ZvcWWtQ.exe
  C:\Windows\System\ZvcWWtQ.exe
  2⤵
  PID:3572
- C:\Windows\System\XSypdTV.exe
  C:\Windows\System\XSypdTV.exe
  2⤵
  PID:3588
- C:\Windows\System\pTJmFwH.exe
  C:\Windows\System\pTJmFwH.exe
  2⤵
  PID:3604
- C:\Windows\System\ydZviGW.exe
  C:\Windows\System\ydZviGW.exe
  2⤵
  PID:3620
- C:\Windows\System\JmFByeQ.exe
  C:\Windows\System\JmFByeQ.exe
  2⤵
  PID:3636
- C:\Windows\System\VTrKiCs.exe
  C:\Windows\System\VTrKiCs.exe
  2⤵
  PID:3652
- C:\Windows\System\qWDUGGc.exe
  C:\Windows\System\qWDUGGc.exe
  2⤵
  PID:3668
- C:\Windows\System\YXfbhSs.exe
  C:\Windows\System\YXfbhSs.exe
  2⤵
  PID:3684
- C:\Windows\System\VbNeCYf.exe
  C:\Windows\System\VbNeCYf.exe
  2⤵
  PID:3700
- C:\Windows\System\uhEwSKt.exe
  C:\Windows\System\uhEwSKt.exe
  2⤵
  PID:3716
- C:\Windows\System\RlSCaBA.exe
  C:\Windows\System\RlSCaBA.exe
  2⤵
  PID:3732
- C:\Windows\System\fBLzDLl.exe
  C:\Windows\System\fBLzDLl.exe
  2⤵
  PID:3748
- C:\Windows\System\nwjjOwW.exe
  C:\Windows\System\nwjjOwW.exe
  2⤵
  PID:3764
- C:\Windows\System\DfvKZjk.exe
  C:\Windows\System\DfvKZjk.exe
  2⤵
  PID:3780
- C:\Windows\System\suJdUEA.exe
  C:\Windows\System\suJdUEA.exe
  2⤵
  PID:3796
- C:\Windows\System\JXSrajq.exe
  C:\Windows\System\JXSrajq.exe
  2⤵
  PID:3812
- C:\Windows\System\HXhryim.exe
  C:\Windows\System\HXhryim.exe
  2⤵
  PID:3828
- C:\Windows\System\plugkos.exe
  C:\Windows\System\plugkos.exe
  2⤵
  PID:3844
- C:\Windows\System\RDlapBn.exe
  C:\Windows\System\RDlapBn.exe
  2⤵
  PID:3860
- C:\Windows\System\kHIdeDB.exe
  C:\Windows\System\kHIdeDB.exe
  2⤵
  PID:3876
- C:\Windows\System\vlwTTXv.exe
  C:\Windows\System\vlwTTXv.exe
  2⤵
  PID:3892
- C:\Windows\System\OVyIpbS.exe
  C:\Windows\System\OVyIpbS.exe
  2⤵
  PID:3908
- C:\Windows\System\InCbRLJ.exe
  C:\Windows\System\InCbRLJ.exe
  2⤵
  PID:3924
- C:\Windows\System\FzUaTRa.exe
  C:\Windows\System\FzUaTRa.exe
  2⤵
  PID:3940
- C:\Windows\System\PIvprLz.exe
  C:\Windows\System\PIvprLz.exe
  2⤵
  PID:3956
- C:\Windows\System\nSTzOwn.exe
  C:\Windows\System\nSTzOwn.exe
  2⤵
  PID:3972
- C:\Windows\System\nqGaoeH.exe
  C:\Windows\System\nqGaoeH.exe
  2⤵
  PID:3988
- C:\Windows\System\yDVOBko.exe
  C:\Windows\System\yDVOBko.exe
  2⤵
  PID:4004
- C:\Windows\System\dlKPRlQ.exe
  C:\Windows\System\dlKPRlQ.exe
  2⤵
  PID:4024
- C:\Windows\System\gtBPFIy.exe
  C:\Windows\System\gtBPFIy.exe
  2⤵
  PID:4040
- C:\Windows\System\PiZzOBE.exe
  C:\Windows\System\PiZzOBE.exe
  2⤵
  PID:4056
- C:\Windows\System\mxDMMmY.exe
  C:\Windows\System\mxDMMmY.exe
  2⤵
  PID:4072
- C:\Windows\System\PVArwrn.exe
  C:\Windows\System\PVArwrn.exe
  2⤵
  PID:4088
- C:\Windows\System\lTtxucw.exe
  C:\Windows\System\lTtxucw.exe
  2⤵
  PID:2352
- C:\Windows\System\FeiTyxM.exe
  C:\Windows\System\FeiTyxM.exe
  2⤵
  PID:2088
- C:\Windows\System\yEAVoBM.exe
  C:\Windows\System\yEAVoBM.exe
  2⤵
  PID:2084
- C:\Windows\System\JcFnaZT.exe
  C:\Windows\System\JcFnaZT.exe
  2⤵
  PID:1648
- C:\Windows\System\OLWCFiu.exe
  C:\Windows\System\OLWCFiu.exe
  2⤵
  PID:3080
- C:\Windows\System\kKfAPcO.exe
  C:\Windows\System\kKfAPcO.exe
  2⤵
  PID:3128
- C:\Windows\System\QbQEPsE.exe
  C:\Windows\System\QbQEPsE.exe
  2⤵
  PID:3144
- C:\Windows\System\qcVjCUR.exe
  C:\Windows\System\qcVjCUR.exe
  2⤵
  PID:3176
- C:\Windows\System\eDLYswR.exe
  C:\Windows\System\eDLYswR.exe
  2⤵
  PID:3224
- C:\Windows\System\yWOcqJr.exe
  C:\Windows\System\yWOcqJr.exe
  2⤵
  PID:3240
- C:\Windows\System\mbYMppG.exe
  C:\Windows\System\mbYMppG.exe
  2⤵
  PID:3272
- C:\Windows\System\uXfvtlT.exe
  C:\Windows\System\uXfvtlT.exe
  2⤵
  PID:3304
- C:\Windows\System\mGnKbUy.exe
  C:\Windows\System\mGnKbUy.exe
  2⤵
  PID:3332
- C:\Windows\System\OjGjWux.exe
  C:\Windows\System\OjGjWux.exe
  2⤵
  PID:3380
- C:\Windows\System\lTxGHGf.exe
  C:\Windows\System\lTxGHGf.exe
  2⤵
  PID:3416
- C:\Windows\System\bkAGCuj.exe
  C:\Windows\System\bkAGCuj.exe
  2⤵
  PID:3448
- C:\Windows\System\bIhSUto.exe
  C:\Windows\System\bIhSUto.exe
  2⤵
  PID:3480
- C:\Windows\System\IWzOugm.exe
  C:\Windows\System\IWzOugm.exe
  2⤵
  PID:3496
- C:\Windows\System\jghvfEn.exe
  C:\Windows\System\jghvfEn.exe
  2⤵
  PID:3548
- C:\Windows\System\BxlnFsK.exe
  C:\Windows\System\BxlnFsK.exe
  2⤵
  PID:3580
- C:\Windows\System\dzhGKEB.exe
  C:\Windows\System\dzhGKEB.exe
  2⤵
  PID:3612
- C:\Windows\System\ypmXGTt.exe
  C:\Windows\System\ypmXGTt.exe
  2⤵
  PID:3644
- C:\Windows\System\ALamVWd.exe
  C:\Windows\System\ALamVWd.exe
  2⤵
  PID:3676
- C:\Windows\System\jYzguZA.exe
  C:\Windows\System\jYzguZA.exe
  2⤵
  PID:3680
- C:\Windows\System\jRvZqbq.exe
  C:\Windows\System\jRvZqbq.exe
  2⤵
  PID:3712
- C:\Windows\System\QlrRjvV.exe
  C:\Windows\System\QlrRjvV.exe
  2⤵
  PID:3740
- C:\Windows\System\IytyGby.exe
  C:\Windows\System\IytyGby.exe
  2⤵
  PID:1436
- C:\Windows\System\DHwcCwE.exe
  C:\Windows\System\DHwcCwE.exe
  2⤵
  PID:3788
- C:\Windows\System\EZMipJO.exe
  C:\Windows\System\EZMipJO.exe
  2⤵
  PID:3820
- C:\Windows\System\RJFKjRW.exe
  C:\Windows\System\RJFKjRW.exe
  2⤵
  PID:376
- C:\Windows\System\bldXiBK.exe
  C:\Windows\System\bldXiBK.exe
  2⤵
  PID:3856
- C:\Windows\System\fLdicIZ.exe
  C:\Windows\System\fLdicIZ.exe
  2⤵
  PID:3904
- C:\Windows\System\pduwGRo.exe
  C:\Windows\System\pduwGRo.exe
  2⤵
  PID:3536
- C:\Windows\System\MmCQyRf.exe
  C:\Windows\System\MmCQyRf.exe
  2⤵
  PID:3968
- C:\Windows\System\ZORxepV.exe
  C:\Windows\System\ZORxepV.exe
  2⤵
  PID:4000
- C:\Windows\System\cNbdZyB.exe
  C:\Windows\System\cNbdZyB.exe
  2⤵
  PID:4036
- C:\Windows\System\WTXFuBl.exe
  C:\Windows\System\WTXFuBl.exe
  2⤵
  PID:4068
- C:\Windows\System\HIbpjqC.exe
  C:\Windows\System\HIbpjqC.exe
  2⤵
  PID:2244
- C:\Windows\System\fdKrEWe.exe
  C:\Windows\System\fdKrEWe.exe
  2⤵
  PID:2396
- C:\Windows\System\heheziE.exe
  C:\Windows\System\heheziE.exe
  2⤵
  PID:3092
- C:\Windows\System\CuKgPFZ.exe
  C:\Windows\System\CuKgPFZ.exe
  2⤵
  PID:3160
- C:\Windows\System\zgVGmBF.exe
  C:\Windows\System\zgVGmBF.exe
  2⤵
  PID:3192
- C:\Windows\System\QNwoeSq.exe
  C:\Windows\System\QNwoeSq.exe
  2⤵
  PID:3284
- C:\Windows\System\AlpfDuZ.exe
  C:\Windows\System\AlpfDuZ.exe
  2⤵
  PID:3352
- C:\Windows\System\vZwkHbu.exe
  C:\Windows\System\vZwkHbu.exe
  2⤵
  PID:3412
- C:\Windows\System\YvGrzew.exe
  C:\Windows\System\YvGrzew.exe
  2⤵
  PID:2896
- C:\Windows\System\NtXpIxL.exe
  C:\Windows\System\NtXpIxL.exe
  2⤵
  PID:3528
- C:\Windows\System\CELGObI.exe
  C:\Windows\System\CELGObI.exe
  2⤵
  PID:3600
- C:\Windows\System\lqHemFo.exe
  C:\Windows\System\lqHemFo.exe
  2⤵
  PID:3664
- C:\Windows\System\DANUPae.exe
  C:\Windows\System\DANUPae.exe
  2⤵
  PID:3724
- C:\Windows\System\aTfNCFX.exe
  C:\Windows\System\aTfNCFX.exe
  2⤵
  PID:3112
- C:\Windows\System\kaPbYgh.exe
  C:\Windows\System\kaPbYgh.exe
  2⤵
  PID:3808
- C:\Windows\System\cUzZLko.exe
  C:\Windows\System\cUzZLko.exe
  2⤵
  PID:3872
- C:\Windows\System\EQwNkhx.exe
  C:\Windows\System\EQwNkhx.exe
  2⤵
  PID:3936
- C:\Windows\System\YSvHHBz.exe
  C:\Windows\System\YSvHHBz.exe
  2⤵
  PID:3996
- C:\Windows\System\jDmvpet.exe
  C:\Windows\System\jDmvpet.exe
  2⤵
  PID:4064
- C:\Windows\System\OLxxwSH.exe
  C:\Windows\System\OLxxwSH.exe
  2⤵
  PID:1600
- C:\Windows\System\JUtGVgk.exe
  C:\Windows\System\JUtGVgk.exe
  2⤵
  PID:3156
- C:\Windows\System\QoujxDt.exe
  C:\Windows\System\QoujxDt.exe
  2⤵
  PID:3208
- C:\Windows\System\EywjUOk.exe
  C:\Windows\System\EywjUOk.exe
  2⤵
  PID:3316
- C:\Windows\System\QliOFGc.exe
  C:\Windows\System\QliOFGc.exe
  2⤵
  PID:3444
- C:\Windows\System\XGtkeit.exe
  C:\Windows\System\XGtkeit.exe
  2⤵
  PID:3660
- C:\Windows\System\fpcnmOJ.exe
  C:\Windows\System\fpcnmOJ.exe
  2⤵
  PID:3708
- C:\Windows\System\lvlVvVo.exe
  C:\Windows\System\lvlVvVo.exe
  2⤵
  PID:3792
- C:\Windows\System\omjRgfj.exe
  C:\Windows\System\omjRgfj.exe
  2⤵
  PID:3964
- C:\Windows\System\trHTJgN.exe
  C:\Windows\System\trHTJgN.exe
  2⤵
  PID:2476
- C:\Windows\System\KDFePEw.exe
  C:\Windows\System\KDFePEw.exe
  2⤵
  PID:3916
- C:\Windows\System\SlvWbVd.exe
  C:\Windows\System\SlvWbVd.exe
  2⤵
  PID:3300
- C:\Windows\System\RDWIzLs.exe
  C:\Windows\System\RDWIzLs.exe
  2⤵
  PID:3596
- C:\Windows\System\kgFygeb.exe
  C:\Windows\System\kgFygeb.exe
  2⤵
  PID:4104
- C:\Windows\System\EPnqJru.exe
  C:\Windows\System\EPnqJru.exe
  2⤵
  PID:4120
- C:\Windows\System\FvqELiR.exe
  C:\Windows\System\FvqELiR.exe
  2⤵
  PID:4136
- C:\Windows\System\PiCvEDy.exe
  C:\Windows\System\PiCvEDy.exe
  2⤵
  PID:4152
- C:\Windows\System\KpebayK.exe
  C:\Windows\System\KpebayK.exe
  2⤵
  PID:4168
- C:\Windows\System\bUviQeO.exe
  C:\Windows\System\bUviQeO.exe
  2⤵
  PID:4188
- C:\Windows\System\XsfwffF.exe
  C:\Windows\System\XsfwffF.exe
  2⤵
  PID:4204
- C:\Windows\System\cjywmce.exe
  C:\Windows\System\cjywmce.exe
  2⤵
  PID:4220
- C:\Windows\System\oSzkUDf.exe
  C:\Windows\System\oSzkUDf.exe
  2⤵
  PID:4236
- C:\Windows\System\ZwPvJdK.exe
  C:\Windows\System\ZwPvJdK.exe
  2⤵
  PID:4252
- C:\Windows\System\OGSCPSJ.exe
  C:\Windows\System\OGSCPSJ.exe
  2⤵
  PID:4268
- C:\Windows\System\uQsdfNg.exe
  C:\Windows\System\uQsdfNg.exe
  2⤵
  PID:4288
- C:\Windows\System\bIqmtEi.exe
  C:\Windows\System\bIqmtEi.exe
  2⤵
  PID:4304
- C:\Windows\System\HwxzfOT.exe
  C:\Windows\System\HwxzfOT.exe
  2⤵
  PID:4320
- C:\Windows\System\ABQrZla.exe
  C:\Windows\System\ABQrZla.exe
  2⤵
  PID:4336
- C:\Windows\System\QAZNqMg.exe
  C:\Windows\System\QAZNqMg.exe
  2⤵
  PID:4352
- C:\Windows\System\yLKCfrs.exe
  C:\Windows\System\yLKCfrs.exe
  2⤵
  PID:4368
- C:\Windows\System\gIfNiNy.exe
  C:\Windows\System\gIfNiNy.exe
  2⤵
  PID:4384
- C:\Windows\System\nmwusII.exe
  C:\Windows\System\nmwusII.exe
  2⤵
  PID:4400
- C:\Windows\System\gFlXiYX.exe
  C:\Windows\System\gFlXiYX.exe
  2⤵
  PID:4416
- C:\Windows\System\wfjSgeQ.exe
  C:\Windows\System\wfjSgeQ.exe
  2⤵
  PID:4432
- C:\Windows\System\ysscTPz.exe
  C:\Windows\System\ysscTPz.exe
  2⤵
  PID:4448
- C:\Windows\System\RabhWmb.exe
  C:\Windows\System\RabhWmb.exe
  2⤵
  PID:4464
- C:\Windows\System\jUPqMzW.exe
  C:\Windows\System\jUPqMzW.exe
  2⤵
  PID:4480
- C:\Windows\System\qJJemyo.exe
  C:\Windows\System\qJJemyo.exe
  2⤵
  PID:4496
- C:\Windows\System\TdfxgmN.exe
  C:\Windows\System\TdfxgmN.exe
  2⤵
  PID:4512
- C:\Windows\System\WHRTtpS.exe
  C:\Windows\System\WHRTtpS.exe
  2⤵
  PID:4528
- C:\Windows\System\wmCSAOr.exe
  C:\Windows\System\wmCSAOr.exe
  2⤵
  PID:4544
- C:\Windows\System\cwZyviM.exe
  C:\Windows\System\cwZyviM.exe
  2⤵
  PID:4560
- C:\Windows\System\DvvJYIO.exe
  C:\Windows\System\DvvJYIO.exe
  2⤵
  PID:4576
- C:\Windows\System\DdVfpKk.exe
  C:\Windows\System\DdVfpKk.exe
  2⤵
  PID:4592
- C:\Windows\System\RtGReBA.exe
  C:\Windows\System\RtGReBA.exe
  2⤵
  PID:4608
- C:\Windows\System\oHoEUmO.exe
  C:\Windows\System\oHoEUmO.exe
  2⤵
  PID:4624
- C:\Windows\System\omFEAbc.exe
  C:\Windows\System\omFEAbc.exe
  2⤵
  PID:4640
- C:\Windows\System\jRQXoRX.exe
  C:\Windows\System\jRQXoRX.exe
  2⤵
  PID:4656
- C:\Windows\System\tcdCOYA.exe
  C:\Windows\System\tcdCOYA.exe
  2⤵
  PID:4672
- C:\Windows\System\ufjRifi.exe
  C:\Windows\System\ufjRifi.exe
  2⤵
  PID:4688
- C:\Windows\System\RydzDUe.exe
  C:\Windows\System\RydzDUe.exe
  2⤵
  PID:4704
- C:\Windows\System\FmfmBOT.exe
  C:\Windows\System\FmfmBOT.exe
  2⤵
  PID:4720
- C:\Windows\System\EVdWiAE.exe
  C:\Windows\System\EVdWiAE.exe
  2⤵
  PID:4736
- C:\Windows\System\npfrIfo.exe
  C:\Windows\System\npfrIfo.exe
  2⤵
  PID:4752
- C:\Windows\System\TmeChhZ.exe
  C:\Windows\System\TmeChhZ.exe
  2⤵
  PID:4768
- C:\Windows\System\jvQYxuy.exe
  C:\Windows\System\jvQYxuy.exe
  2⤵
  PID:4784
- C:\Windows\System\YPoHxSD.exe
  C:\Windows\System\YPoHxSD.exe
  2⤵
  PID:4800
- C:\Windows\System\zALCXoy.exe
  C:\Windows\System\zALCXoy.exe
  2⤵
  PID:4820
- C:\Windows\System\sdQwMDv.exe
  C:\Windows\System\sdQwMDv.exe
  2⤵
  PID:4840
- C:\Windows\System\lJyWrlD.exe
  C:\Windows\System\lJyWrlD.exe
  2⤵
  PID:4856
- C:\Windows\System\JKOKRCY.exe
  C:\Windows\System\JKOKRCY.exe
  2⤵
  PID:4872
- C:\Windows\System\LPrKtzn.exe
  C:\Windows\System\LPrKtzn.exe
  2⤵
  PID:4888
- C:\Windows\System\cFsvaiI.exe
  C:\Windows\System\cFsvaiI.exe
  2⤵
  PID:4904
- C:\Windows\System\qAZVKqv.exe
  C:\Windows\System\qAZVKqv.exe
  2⤵
  PID:4920
- C:\Windows\System\RmfmQft.exe
  C:\Windows\System\RmfmQft.exe
  2⤵
  PID:4936
- C:\Windows\System\hyeHBPq.exe
  C:\Windows\System\hyeHBPq.exe
  2⤵
  PID:4952
- C:\Windows\System\WHsdHJe.exe
  C:\Windows\System\WHsdHJe.exe
  2⤵
  PID:4968
- C:\Windows\System\KpKiceK.exe
  C:\Windows\System\KpKiceK.exe
  2⤵
  PID:4984
- C:\Windows\System\lpWiEsa.exe
  C:\Windows\System\lpWiEsa.exe
  2⤵
  PID:5000
- C:\Windows\System\vQNfvaL.exe
  C:\Windows\System\vQNfvaL.exe
  2⤵
  PID:5016
- C:\Windows\System\plzRAHq.exe
  C:\Windows\System\plzRAHq.exe
  2⤵
  PID:5032
- C:\Windows\System\VYsYSki.exe
  C:\Windows\System\VYsYSki.exe
  2⤵
  PID:5048
- C:\Windows\System\unHTCGg.exe
  C:\Windows\System\unHTCGg.exe
  2⤵
  PID:5064
- C:\Windows\System\CvNPAAW.exe
  C:\Windows\System\CvNPAAW.exe
  2⤵
  PID:5080
- C:\Windows\System\yLipPWu.exe
  C:\Windows\System\yLipPWu.exe
  2⤵
  PID:5096
- C:\Windows\System\bMdTOJa.exe
  C:\Windows\System\bMdTOJa.exe
  2⤵
  PID:5112
- C:\Windows\System\BDsRUKi.exe
  C:\Windows\System\BDsRUKi.exe
  2⤵
  PID:1116
- C:\Windows\System\logCDzG.exe
  C:\Windows\System\logCDzG.exe
  2⤵
  PID:1944
- C:\Windows\System\iFEFmmo.exe
  C:\Windows\System\iFEFmmo.exe
  2⤵
  PID:3268
- C:\Windows\System\iSuszqd.exe
  C:\Windows\System\iSuszqd.exe
  2⤵
  PID:4100
- C:\Windows\System\EfxYecS.exe
  C:\Windows\System\EfxYecS.exe
  2⤵
  PID:4144
- C:\Windows\System\gEZzRcu.exe
  C:\Windows\System\gEZzRcu.exe
  2⤵
  PID:4176
- C:\Windows\System\HlTKqBx.exe
  C:\Windows\System\HlTKqBx.exe
  2⤵
  PID:4196
- C:\Windows\System\curEqxS.exe
  C:\Windows\System\curEqxS.exe
  2⤵
  PID:4228
- C:\Windows\System\sHAfUez.exe
  C:\Windows\System\sHAfUez.exe
  2⤵
  PID:4260
- C:\Windows\System\JKJMcUf.exe
  C:\Windows\System\JKJMcUf.exe
  2⤵
  PID:4296
- C:\Windows\System\SZQVCim.exe
  C:\Windows\System\SZQVCim.exe
  2⤵
  PID:4328
- C:\Windows\System\THifkXE.exe
  C:\Windows\System\THifkXE.exe
  2⤵
  PID:4360
- C:\Windows\System\VnHTTna.exe
  C:\Windows\System\VnHTTna.exe
  2⤵
  PID:4392
- C:\Windows\System\UyPqLtH.exe
  C:\Windows\System\UyPqLtH.exe
  2⤵
  PID:1448
- C:\Windows\System\GMmEzbY.exe
  C:\Windows\System\GMmEzbY.exe
  2⤵
  PID:2512
- C:\Windows\System\yeQReNA.exe
  C:\Windows\System\yeQReNA.exe
  2⤵
  PID:4460
- C:\Windows\System\eDgsNYw.exe
  C:\Windows\System\eDgsNYw.exe
  2⤵
  PID:1764
- C:\Windows\System\lunUBZi.exe
  C:\Windows\System\lunUBZi.exe
  2⤵
  PID:2040
- C:\Windows\System\NJQLDJL.exe
  C:\Windows\System\NJQLDJL.exe
  2⤵
  PID:4540
- C:\Windows\System\wHQwNZN.exe
  C:\Windows\System\wHQwNZN.exe
  2⤵
  PID:4572
- C:\Windows\System\piDXhBm.exe
  C:\Windows\System\piDXhBm.exe
  2⤵
  PID:4588
- C:\Windows\System\HpmSQhk.exe
  C:\Windows\System\HpmSQhk.exe
  2⤵
  PID:4636
- C:\Windows\System\nPknJzq.exe
  C:\Windows\System\nPknJzq.exe
  2⤵
  PID:4668
- C:\Windows\System\axYgfsw.exe
  C:\Windows\System\axYgfsw.exe
  2⤵
  PID:4712
- C:\Windows\System\rLIVTWS.exe
  C:\Windows\System\rLIVTWS.exe
  2⤵
  PID:2596
- C:\Windows\System\wBmkapk.exe
  C:\Windows\System\wBmkapk.exe
  2⤵
  PID:1164
- C:\Windows\System\RwfIiXh.exe
  C:\Windows\System\RwfIiXh.exe
  2⤵
  PID:4764
- C:\Windows\System\WxYbymY.exe
  C:\Windows\System\WxYbymY.exe
  2⤵
  PID:4780
- C:\Windows\System\ubgpIjT.exe
  C:\Windows\System\ubgpIjT.exe
  2⤵
  PID:4832
- C:\Windows\System\DiDwAdG.exe
  C:\Windows\System\DiDwAdG.exe
  2⤵
  PID:4852
- C:\Windows\System\IWMLzON.exe
  C:\Windows\System\IWMLzON.exe
  2⤵
  PID:4900
- C:\Windows\System\hefoTxq.exe
  C:\Windows\System\hefoTxq.exe
  2⤵
  PID:4932
- C:\Windows\System\eKfYSur.exe
  C:\Windows\System\eKfYSur.exe
  2⤵
  PID:5108
- C:\Windows\System\IohtYdA.exe
  C:\Windows\System\IohtYdA.exe
  2⤵
  PID:3900
- C:\Windows\System\KqKpvtS.exe
  C:\Windows\System\KqKpvtS.exe
  2⤵
  PID:4116
- C:\Windows\System\beREMdl.exe
  C:\Windows\System\beREMdl.exe
  2⤵
  PID:1204
- C:\Windows\System\cDtWrlh.exe
  C:\Windows\System\cDtWrlh.exe
  2⤵
  PID:4200
- C:\Windows\System\TGPpZys.exe
  C:\Windows\System\TGPpZys.exe
  2⤵
  PID:4264
- C:\Windows\System\dhjkdZY.exe
  C:\Windows\System\dhjkdZY.exe
  2⤵
  PID:4364
- C:\Windows\System\iRZbGJP.exe
  C:\Windows\System\iRZbGJP.exe
  2⤵
  PID:4412
- C:\Windows\System\eMUBPGj.exe
  C:\Windows\System\eMUBPGj.exe
  2⤵
  PID:4472
- C:\Windows\System\ucpabDe.exe
  C:\Windows\System\ucpabDe.exe
  2⤵
  PID:2024
- C:\Windows\System\zxcgKvz.exe
  C:\Windows\System\zxcgKvz.exe
  2⤵
  PID:4664
- C:\Windows\System\dZzDsSB.exe
  C:\Windows\System\dZzDsSB.exe
  2⤵
  PID:1440
- C:\Windows\System\bOZKCWE.exe
  C:\Windows\System\bOZKCWE.exe
  2⤵
  PID:540
- C:\Windows\System\djUQMLn.exe
  C:\Windows\System\djUQMLn.exe
  2⤵
  PID:4796
- C:\Windows\System\uckAEQW.exe
  C:\Windows\System\uckAEQW.exe
  2⤵
  PID:1160
- C:\Windows\System\xQGXLQC.exe
  C:\Windows\System\xQGXLQC.exe
  2⤵
  PID:1744
- C:\Windows\System\PXQXzFg.exe
  C:\Windows\System\PXQXzFg.exe
  2⤵
  PID:4884
- C:\Windows\System\auCQcPB.exe
  C:\Windows\System\auCQcPB.exe
  2⤵
  PID:4916
- C:\Windows\System\mLjQVtC.exe
  C:\Windows\System\mLjQVtC.exe
  2⤵
  PID:4948
- C:\Windows\System\eQJWYIu.exe
  C:\Windows\System\eQJWYIu.exe
  2⤵
  PID:4992
- C:\Windows\System\QBSRJgK.exe
  C:\Windows\System\QBSRJgK.exe
  2⤵
  PID:5008
- C:\Windows\System\eXKoFLI.exe
  C:\Windows\System\eXKoFLI.exe
  2⤵
  PID:5092
- C:\Windows\System\TqiuieI.exe
  C:\Windows\System\TqiuieI.exe
  2⤵
  PID:5060
- C:\Windows\System\TlFSGRH.exe
  C:\Windows\System\TlFSGRH.exe
  2⤵
  PID:5104
- C:\Windows\System\sjFROcd.exe
  C:\Windows\System\sjFROcd.exe
  2⤵
  PID:1136
- C:\Windows\System\SIHUHVF.exe
  C:\Windows\System\SIHUHVF.exe
  2⤵
  PID:3628
- C:\Windows\System\GrQUOaY.exe
  C:\Windows\System\GrQUOaY.exe
  2⤵
  PID:4300
- C:\Windows\System\mgimZAw.exe
  C:\Windows\System\mgimZAw.exe
  2⤵
  PID:4332
- C:\Windows\System\UtiLfMQ.exe
  C:\Windows\System\UtiLfMQ.exe
  2⤵
  PID:1568
- C:\Windows\System\yOjryuQ.exe
  C:\Windows\System\yOjryuQ.exe
  2⤵
  PID:4600
- C:\Windows\System\RUFqlkP.exe
  C:\Windows\System\RUFqlkP.exe
  2⤵
  PID:1864
- C:\Windows\System\TAEKnzR.exe
  C:\Windows\System\TAEKnzR.exe
  2⤵
  PID:2180
- C:\Windows\System\aOkSulZ.exe
  C:\Windows\System\aOkSulZ.exe
  2⤵
  PID:2260
- C:\Windows\System\JhvADrA.exe
  C:\Windows\System\JhvADrA.exe
  2⤵
  PID:1808
- C:\Windows\System\hDtUjrL.exe
  C:\Windows\System\hDtUjrL.exe
  2⤵
  PID:4492
- C:\Windows\System\hjphrqe.exe
  C:\Windows\System\hjphrqe.exe
  2⤵
  PID:4620
- C:\Windows\System\FthIOZp.exe
  C:\Windows\System\FthIOZp.exe
  2⤵
  PID:1004
- C:\Windows\System\YlnDUwa.exe
  C:\Windows\System\YlnDUwa.exe
  2⤵
  PID:2776
- C:\Windows\System\LsPAgkW.exe
  C:\Windows\System\LsPAgkW.exe
  2⤵
  PID:5024
- C:\Windows\System\ZFQmwOl.exe
  C:\Windows\System\ZFQmwOl.exe
  2⤵
  PID:4504
- C:\Windows\System\mSQtRdM.exe
  C:\Windows\System\mSQtRdM.exe
  2⤵
  PID:4396
- C:\Windows\System\aQjyuca.exe
  C:\Windows\System\aQjyuca.exe
  2⤵
  PID:4524
- C:\Windows\System\oErnuwC.exe
  C:\Windows\System\oErnuwC.exe
  2⤵
  PID:4828
- C:\Windows\System\ybgbNOn.exe
  C:\Windows\System\ybgbNOn.exe
  2⤵
  PID:4520
- C:\Windows\System\wizbdVb.exe
  C:\Windows\System\wizbdVb.exe
  2⤵
  PID:1916
- C:\Windows\System\vDQihTA.exe
  C:\Windows\System\vDQihTA.exe
  2⤵
  PID:1520
- C:\Windows\System\GJfIGEl.exe
  C:\Windows\System\GJfIGEl.exe
  2⤵
  PID:2428
- C:\Windows\System\MsAQBUl.exe
  C:\Windows\System\MsAQBUl.exe
  2⤵
  PID:4248
- C:\Windows\System\tOtUBCo.exe
  C:\Windows\System\tOtUBCo.exe
  2⤵
  PID:5056
- C:\Windows\System\bThgcbD.exe
  C:\Windows\System\bThgcbD.exe
  2⤵
  PID:4180
- C:\Windows\System\LIaucWt.exe
  C:\Windows\System\LIaucWt.exe
  2⤵
  PID:4604
- C:\Windows\System\rPCtmvS.exe
  C:\Windows\System\rPCtmvS.exe
  2⤵
  PID:5076
- C:\Windows\System\dcrMdst.exe
  C:\Windows\System\dcrMdst.exe
  2⤵
  PID:5136
- C:\Windows\System\rZTHoip.exe
  C:\Windows\System\rZTHoip.exe
  2⤵
  PID:5160
- C:\Windows\System\QAJpydQ.exe
  C:\Windows\System\QAJpydQ.exe
  2⤵
  PID:5196
- C:\Windows\System\EVBCZtJ.exe
  C:\Windows\System\EVBCZtJ.exe
  2⤵
  PID:5224
- C:\Windows\System\BNUxFmH.exe
  C:\Windows\System\BNUxFmH.exe
  2⤵
  PID:5256
- C:\Windows\System\hLvQMkf.exe
  C:\Windows\System\hLvQMkf.exe
  2⤵
  PID:5272
- C:\Windows\System\QqmeLml.exe
  C:\Windows\System\QqmeLml.exe
  2⤵
  PID:5288
- C:\Windows\System\MnZInRW.exe
  C:\Windows\System\MnZInRW.exe
  2⤵
  PID:5304
- C:\Windows\System\cCayNSr.exe
  C:\Windows\System\cCayNSr.exe
  2⤵
  PID:5320
- C:\Windows\System\PGEmsyE.exe
  C:\Windows\System\PGEmsyE.exe
  2⤵
  PID:5336
- C:\Windows\System\tFHXfXP.exe
  C:\Windows\System\tFHXfXP.exe
  2⤵
  PID:5352
- C:\Windows\System\XQzqvPP.exe
  C:\Windows\System\XQzqvPP.exe
  2⤵
  PID:5368
- C:\Windows\System\AzbfRgC.exe
  C:\Windows\System\AzbfRgC.exe
  2⤵
  PID:5384
- C:\Windows\System\rRLgICG.exe
  C:\Windows\System\rRLgICG.exe
  2⤵
  PID:5400
- C:\Windows\System\WhBCacC.exe
  C:\Windows\System\WhBCacC.exe
  2⤵
  PID:5416
- C:\Windows\System\QLthwmo.exe
  C:\Windows\System\QLthwmo.exe
  2⤵
  PID:5432
- C:\Windows\System\mICVZiZ.exe
  C:\Windows\System\mICVZiZ.exe
  2⤵
  PID:5448
- C:\Windows\System\VfCJcWL.exe
  C:\Windows\System\VfCJcWL.exe
  2⤵
  PID:5464
- C:\Windows\System\BkqzFqw.exe
  C:\Windows\System\BkqzFqw.exe
  2⤵
  PID:5480
- C:\Windows\System\uAUVIEm.exe
  C:\Windows\System\uAUVIEm.exe
  2⤵
  PID:5496
- C:\Windows\System\zbtIBCy.exe
  C:\Windows\System\zbtIBCy.exe
  2⤵
  PID:5512
- C:\Windows\System\Rocnnii.exe
  C:\Windows\System\Rocnnii.exe
  2⤵
  PID:5528
- C:\Windows\System\FMlRuJt.exe
  C:\Windows\System\FMlRuJt.exe
  2⤵
  PID:5544
- C:\Windows\System\wjddjzF.exe
  C:\Windows\System\wjddjzF.exe
  2⤵
  PID:5560
- C:\Windows\System\ZybTBuR.exe
  C:\Windows\System\ZybTBuR.exe
  2⤵
  PID:5576
- C:\Windows\System\ZBziovM.exe
  C:\Windows\System\ZBziovM.exe
  2⤵
  PID:5592
- C:\Windows\System\bMOPVQA.exe
  C:\Windows\System\bMOPVQA.exe
  2⤵
  PID:5608
- C:\Windows\System\thCiZLx.exe
  C:\Windows\System\thCiZLx.exe
  2⤵
  PID:5624
- C:\Windows\System\rQZRoNV.exe
  C:\Windows\System\rQZRoNV.exe
  2⤵
  PID:5640
- C:\Windows\System\RrChkGt.exe
  C:\Windows\System\RrChkGt.exe
  2⤵
  PID:5656
- C:\Windows\System\xsxlMBl.exe
  C:\Windows\System\xsxlMBl.exe
  2⤵
  PID:5672
- C:\Windows\System\zgBMUGR.exe
  C:\Windows\System\zgBMUGR.exe
  2⤵
  PID:5688
- C:\Windows\System\mmmWsTm.exe
  C:\Windows\System\mmmWsTm.exe
  2⤵
  PID:5704
- C:\Windows\System\dnxlJQv.exe
  C:\Windows\System\dnxlJQv.exe
  2⤵
  PID:5720
- C:\Windows\System\gjBJMuS.exe
  C:\Windows\System\gjBJMuS.exe
  2⤵
  PID:5736
- C:\Windows\System\oiskFvi.exe
  C:\Windows\System\oiskFvi.exe
  2⤵
  PID:5752
- C:\Windows\System\pUaJhQl.exe
  C:\Windows\System\pUaJhQl.exe
  2⤵
  PID:5768
- C:\Windows\System\wooEzzx.exe
  C:\Windows\System\wooEzzx.exe
  2⤵
  PID:5784
- C:\Windows\System\AtFHfxr.exe
  C:\Windows\System\AtFHfxr.exe
  2⤵
  PID:5800
- C:\Windows\System\NbidcFH.exe
  C:\Windows\System\NbidcFH.exe
  2⤵
  PID:5816
- C:\Windows\System\RYXCFtr.exe
  C:\Windows\System\RYXCFtr.exe
  2⤵
  PID:5832
- C:\Windows\System\aMvzIIX.exe
  C:\Windows\System\aMvzIIX.exe
  2⤵
  PID:5848
- C:\Windows\System\sSHRttG.exe
  C:\Windows\System\sSHRttG.exe
  2⤵
  PID:5864
- C:\Windows\System\LNArJoP.exe
  C:\Windows\System\LNArJoP.exe
  2⤵
  PID:5880
- C:\Windows\System\REsEvap.exe
  C:\Windows\System\REsEvap.exe
  2⤵
  PID:5896
- C:\Windows\System\MrTBFGl.exe
  C:\Windows\System\MrTBFGl.exe
  2⤵
  PID:5912
- C:\Windows\System\CMDnTxP.exe
  C:\Windows\System\CMDnTxP.exe
  2⤵
  PID:5928
- C:\Windows\System\BDSGTQU.exe
  C:\Windows\System\BDSGTQU.exe
  2⤵
  PID:5944
- C:\Windows\System\ZkWRfxq.exe
  C:\Windows\System\ZkWRfxq.exe
  2⤵
  PID:5960
- C:\Windows\System\JCHPjYf.exe
  C:\Windows\System\JCHPjYf.exe
  2⤵
  PID:5976
- C:\Windows\System\zZQVVmK.exe
  C:\Windows\System\zZQVVmK.exe
  2⤵
  PID:5992
- C:\Windows\System\tKKCKqA.exe
  C:\Windows\System\tKKCKqA.exe
  2⤵
  PID:6008
- C:\Windows\System\JAHQSVN.exe
  C:\Windows\System\JAHQSVN.exe
  2⤵
  PID:6024
- C:\Windows\System\TymBJjc.exe
  C:\Windows\System\TymBJjc.exe
  2⤵
  PID:6040
- C:\Windows\System\pnpImCf.exe
  C:\Windows\System\pnpImCf.exe
  2⤵
  PID:6056
- C:\Windows\System\jalsRBT.exe
  C:\Windows\System\jalsRBT.exe
  2⤵
  PID:6072
- C:\Windows\System\HKLZRly.exe
  C:\Windows\System\HKLZRly.exe
  2⤵
  PID:6088
- C:\Windows\System\XzOCvpt.exe
  C:\Windows\System\XzOCvpt.exe
  2⤵
  PID:6104
- C:\Windows\System\hglqCvQ.exe
  C:\Windows\System\hglqCvQ.exe
  2⤵
  PID:6120
- C:\Windows\System\CXdamOt.exe
  C:\Windows\System\CXdamOt.exe
  2⤵
  PID:6136
- C:\Windows\System\NAVTQRR.exe
  C:\Windows\System\NAVTQRR.exe
  2⤵
  PID:5124
- C:\Windows\System\CMfVRQK.exe
  C:\Windows\System\CMfVRQK.exe
  2⤵
  PID:5172
- C:\Windows\System\ArMlRwE.exe
  C:\Windows\System\ArMlRwE.exe
  2⤵
  PID:5188
- C:\Windows\System\vrjjXBQ.exe
  C:\Windows\System\vrjjXBQ.exe
  2⤵
  PID:5236
- C:\Windows\System\yvLgOrK.exe
  C:\Windows\System\yvLgOrK.exe
  2⤵
  PID:5220
- C:\Windows\System\hRrEkIi.exe
  C:\Windows\System\hRrEkIi.exe
  2⤵
  PID:1876
- C:\Windows\System\JJeVAPZ.exe
  C:\Windows\System\JJeVAPZ.exe
  2⤵
  PID:4348
- C:\Windows\System\xjvBFpj.exe
  C:\Windows\System\xjvBFpj.exe
  2⤵
  PID:1244
- C:\Windows\System\MybhMjB.exe
  C:\Windows\System\MybhMjB.exe
  2⤵
  PID:5156
- C:\Windows\System\pGVbgtU.exe
  C:\Windows\System\pGVbgtU.exe
  2⤵
  PID:5216
- C:\Windows\System\hccttfy.exe
  C:\Windows\System\hccttfy.exe
  2⤵
  PID:5248
- C:\Windows\System\AYlBfpZ.exe
  C:\Windows\System\AYlBfpZ.exe
  2⤵
  PID:5300
- C:\Windows\System\lxhKIgp.exe
  C:\Windows\System\lxhKIgp.exe
  2⤵
  PID:5280
- C:\Windows\System\IWcQAXr.exe
  C:\Windows\System\IWcQAXr.exe
  2⤵
  PID:5360
- C:\Windows\System\aiiNCMY.exe
  C:\Windows\System\aiiNCMY.exe
  2⤵
  PID:5332
- C:\Windows\System\VIDqskW.exe
  C:\Windows\System\VIDqskW.exe
  2⤵
  PID:5444
- C:\Windows\System\sCOLoDm.exe
  C:\Windows\System\sCOLoDm.exe
  2⤵
  PID:5424
- C:\Windows\System\TwNqffW.exe
  C:\Windows\System\TwNqffW.exe
  2⤵
  PID:5488
- C:\Windows\System\UsLjAlm.exe
  C:\Windows\System\UsLjAlm.exe
  2⤵
  PID:5476
- C:\Windows\System\vjbiDkw.exe
  C:\Windows\System\vjbiDkw.exe
  2⤵
  PID:5540
- C:\Windows\System\MNrlNdk.exe
  C:\Windows\System\MNrlNdk.exe
  2⤵
  PID:5604
- C:\Windows\System\NTHVifi.exe
  C:\Windows\System\NTHVifi.exe
  2⤵
  PID:5668
- C:\Windows\System\ZlZledQ.exe
  C:\Windows\System\ZlZledQ.exe
  2⤵
  PID:5700
- C:\Windows\System\GtMiniP.exe
  C:\Windows\System\GtMiniP.exe
  2⤵
  PID:5764
- C:\Windows\System\JFWXmOy.exe
  C:\Windows\System\JFWXmOy.exe
  2⤵
  PID:5588
- C:\Windows\System\kRvKdRB.exe
  C:\Windows\System\kRvKdRB.exe
  2⤵
  PID:5652
- C:\Windows\System\kXUzGsN.exe
  C:\Windows\System\kXUzGsN.exe
  2⤵
  PID:5716
- C:\Windows\System\CDGYhZt.exe
  C:\Windows\System\CDGYhZt.exe
  2⤵
  PID:5780
- C:\Windows\System\oHayZgD.exe
  C:\Windows\System\oHayZgD.exe
  2⤵
  PID:5812
- C:\Windows\System\ObdYoFv.exe
  C:\Windows\System\ObdYoFv.exe
  2⤵
  PID:5844
- C:\Windows\System\gVIskLh.exe
  C:\Windows\System\gVIskLh.exe
  2⤵
  PID:5908
- C:\Windows\System\IjvDcFa.exe
  C:\Windows\System\IjvDcFa.exe
  2⤵
  PID:5972
- C:\Windows\System\cvsrImy.exe
  C:\Windows\System\cvsrImy.exe
  2⤵
  PID:5920
- C:\Windows\System\LBvIqdY.exe
  C:\Windows\System\LBvIqdY.exe
  2⤵
  PID:5984
- C:\Windows\System\ugySWJk.exe
  C:\Windows\System\ugySWJk.exe
  2⤵
  PID:6032
- C:\Windows\System\rzLCxVN.exe
  C:\Windows\System\rzLCxVN.exe
  2⤵
  PID:6048
- C:\Windows\System\osadkRg.exe
  C:\Windows\System\osadkRg.exe
  2⤵
  PID:6112
- C:\Windows\System\hiaSoCi.exe
  C:\Windows\System\hiaSoCi.exe
  2⤵
  PID:5176
- C:\Windows\System\ERJFOFy.exe
  C:\Windows\System\ERJFOFy.exe
  2⤵
  PID:5240
- C:\Windows\System\VEMFaxo.exe
  C:\Windows\System\VEMFaxo.exe
  2⤵
  PID:6128
- C:\Windows\System\XFuxymV.exe
  C:\Windows\System\XFuxymV.exe
  2⤵
  PID:4684
- C:\Windows\System\rxPJOYI.exe
  C:\Windows\System\rxPJOYI.exe
  2⤵
  PID:5072
- C:\Windows\System\LWvlEuz.exe
  C:\Windows\System\LWvlEuz.exe
  2⤵
  PID:5212
- C:\Windows\System\CRGgWwS.exe
  C:\Windows\System\CRGgWwS.exe
  2⤵
  PID:5376
- C:\Windows\System\qkkyNtg.exe
  C:\Windows\System\qkkyNtg.exe
  2⤵
  PID:5460
- C:\Windows\System\ZxSIKIO.exe
  C:\Windows\System\ZxSIKIO.exe
  2⤵
  PID:5252
- C:\Windows\System\zdfnSRE.exe
  C:\Windows\System\zdfnSRE.exe
  2⤵
  PID:5380
- C:\Windows\System\OrAjdlw.exe
  C:\Windows\System\OrAjdlw.exe
  2⤵
  PID:5524
- C:\Windows\System\etuFnLS.exe
  C:\Windows\System\etuFnLS.exe
  2⤵
  PID:5696
- C:\Windows\System\rDkbUpg.exe
  C:\Windows\System\rDkbUpg.exe
  2⤵
  PID:5636
- C:\Windows\System\IQxOLwz.exe
  C:\Windows\System\IQxOLwz.exe
  2⤵
  PID:5684
- C:\Windows\System\azWbubC.exe
  C:\Windows\System\azWbubC.exe
  2⤵
  PID:5748
- C:\Windows\System\BovBFdS.exe
  C:\Windows\System\BovBFdS.exe
  2⤵
  PID:5860
- C:\Windows\System\wKCblek.exe
  C:\Windows\System\wKCblek.exe
  2⤵
  PID:5892
- C:\Windows\System\uGmfTXV.exe
  C:\Windows\System\uGmfTXV.exe
  2⤵
  PID:5952
- C:\Windows\System\cnIAvCw.exe
  C:\Windows\System\cnIAvCw.exe
  2⤵
  PID:6084
- C:\Windows\System\mhlPDCg.exe
  C:\Windows\System\mhlPDCg.exe
  2⤵
  PID:6064
- C:\Windows\System\rGOzSBR.exe
  C:\Windows\System\rGOzSBR.exe
  2⤵
  PID:6132
- C:\Windows\System\TQKWeKF.exe
  C:\Windows\System\TQKWeKF.exe
  2⤵
  PID:5152
- C:\Windows\System\RYpNZOz.exe
  C:\Windows\System\RYpNZOz.exe
  2⤵
  PID:4716
- C:\Windows\System\ZIwtWVU.exe
  C:\Windows\System\ZIwtWVU.exe
  2⤵
  PID:5600
- C:\Windows\System\VikHhNc.exe
  C:\Windows\System\VikHhNc.exe
  2⤵
  PID:5348
- C:\Windows\System\joUWvCC.exe
  C:\Windows\System\joUWvCC.exe
  2⤵
  PID:5584
- C:\Windows\System\MTyuQQz.exe
  C:\Windows\System\MTyuQQz.exe
  2⤵
  PID:5536
- C:\Windows\System\nZkHKVv.exe
  C:\Windows\System\nZkHKVv.exe
  2⤵
  PID:5904
- C:\Windows\System\sfqhssg.exe
  C:\Windows\System\sfqhssg.exe
  2⤵
  PID:6020
- C:\Windows\System\WdwEBUM.exe
  C:\Windows\System\WdwEBUM.exe
  2⤵
  PID:5132
- C:\Windows\System\JxiGHyu.exe
  C:\Windows\System\JxiGHyu.exe
  2⤵
  PID:5828
- C:\Windows\System\FHbLxRR.exe
  C:\Windows\System\FHbLxRR.exe
  2⤵
  PID:5760
- C:\Windows\System\ELNZjjH.exe
  C:\Windows\System\ELNZjjH.exe
  2⤵
  PID:4488
- C:\Windows\System\ygMbTMk.exe
  C:\Windows\System\ygMbTMk.exe
  2⤵
  PID:5940
- C:\Windows\System\NuNnbAR.exe
  C:\Windows\System\NuNnbAR.exe
  2⤵
  PID:5284
- C:\Windows\System\tuMRxBc.exe
  C:\Windows\System\tuMRxBc.exe
  2⤵
  PID:5396
- C:\Windows\System\RKYvhKk.exe
  C:\Windows\System\RKYvhKk.exe
  2⤵
  PID:5648
- C:\Windows\System\vccAtIg.exe
  C:\Windows\System\vccAtIg.exe
  2⤵
  PID:6148
- C:\Windows\System\uEMWzKF.exe
  C:\Windows\System\uEMWzKF.exe
  2⤵
  PID:6164
- C:\Windows\System\KCAPBuO.exe
  C:\Windows\System\KCAPBuO.exe
  2⤵
  PID:6180
- C:\Windows\System\AhiSjZH.exe
  C:\Windows\System\AhiSjZH.exe
  2⤵
  PID:6196
- C:\Windows\System\jQWiWrT.exe
  C:\Windows\System\jQWiWrT.exe
  2⤵
  PID:6212
- C:\Windows\System\uJTRvQk.exe
  C:\Windows\System\uJTRvQk.exe
  2⤵
  PID:6228
- C:\Windows\System\mBbLenr.exe
  C:\Windows\System\mBbLenr.exe
  2⤵
  PID:6244
- C:\Windows\System\lcgdrjk.exe
  C:\Windows\System\lcgdrjk.exe
  2⤵
  PID:6260
- C:\Windows\System\PJQUibG.exe
  C:\Windows\System\PJQUibG.exe
  2⤵
  PID:6276
- C:\Windows\System\zmIvKft.exe
  C:\Windows\System\zmIvKft.exe
  2⤵
  PID:6292
- C:\Windows\System\qwwsXwp.exe
  C:\Windows\System\qwwsXwp.exe
  2⤵
  PID:6308
- C:\Windows\System\bnztMxi.exe
  C:\Windows\System\bnztMxi.exe
  2⤵
  PID:6324
- C:\Windows\System\oPFsBMe.exe
  C:\Windows\System\oPFsBMe.exe
  2⤵
  PID:6340
- C:\Windows\System\tTFppHf.exe
  C:\Windows\System\tTFppHf.exe
  2⤵
  PID:6356
- C:\Windows\System\AakpeAf.exe
  C:\Windows\System\AakpeAf.exe
  2⤵
  PID:6372
- C:\Windows\System\KbTnFXn.exe
  C:\Windows\System\KbTnFXn.exe
  2⤵
  PID:6388
- C:\Windows\System\pkiBSBF.exe
  C:\Windows\System\pkiBSBF.exe
  2⤵
  PID:6404
- C:\Windows\System\EzRTXca.exe
  C:\Windows\System\EzRTXca.exe
  2⤵
  PID:6420
- C:\Windows\System\lJynEBd.exe
  C:\Windows\System\lJynEBd.exe
  2⤵
  PID:6436
- C:\Windows\System\cryLHrx.exe
  C:\Windows\System\cryLHrx.exe
  2⤵
  PID:6452
- C:\Windows\System\ovrToVs.exe
  C:\Windows\System\ovrToVs.exe
  2⤵
  PID:6468
- C:\Windows\System\QCdiySt.exe
  C:\Windows\System\QCdiySt.exe
  2⤵
  PID:6484
- C:\Windows\System\XlGcdhE.exe
  C:\Windows\System\XlGcdhE.exe
  2⤵
  PID:6500
- C:\Windows\System\hYcNqzt.exe
  C:\Windows\System\hYcNqzt.exe
  2⤵
  PID:6516
- C:\Windows\System\BQqcwLo.exe
  C:\Windows\System\BQqcwLo.exe
  2⤵
  PID:6532
- C:\Windows\System\vhYtpaC.exe
  C:\Windows\System\vhYtpaC.exe
  2⤵
  PID:6548
- C:\Windows\System\CziWODV.exe
  C:\Windows\System\CziWODV.exe
  2⤵
  PID:6564
- C:\Windows\System\YouLDeS.exe
  C:\Windows\System\YouLDeS.exe
  2⤵
  PID:6580
- C:\Windows\System\hEhsbvk.exe
  C:\Windows\System\hEhsbvk.exe
  2⤵
  PID:6596
- C:\Windows\System\OkJnBNp.exe
  C:\Windows\System\OkJnBNp.exe
  2⤵
  PID:6612
- C:\Windows\System\bhslsxW.exe
  C:\Windows\System\bhslsxW.exe
  2⤵
  PID:6628
- C:\Windows\System\pcmcuYx.exe
  C:\Windows\System\pcmcuYx.exe
  2⤵
  PID:6644
- C:\Windows\System\oWJARUX.exe
  C:\Windows\System\oWJARUX.exe
  2⤵
  PID:6660
- C:\Windows\System\IHMHvzO.exe
  C:\Windows\System\IHMHvzO.exe
  2⤵
  PID:6676
- C:\Windows\System\biJdjAF.exe
  C:\Windows\System\biJdjAF.exe
  2⤵
  PID:6692
- C:\Windows\System\tNHQvhO.exe
  C:\Windows\System\tNHQvhO.exe
  2⤵
  PID:6708
- C:\Windows\System\FuDSBzB.exe
  C:\Windows\System\FuDSBzB.exe
  2⤵
  PID:6724
- C:\Windows\System\lWRcTRn.exe
  C:\Windows\System\lWRcTRn.exe
  2⤵
  PID:6740
- C:\Windows\System\UeerkWb.exe
  C:\Windows\System\UeerkWb.exe
  2⤵
  PID:6756
- C:\Windows\System\KfBsJqC.exe
  C:\Windows\System\KfBsJqC.exe
  2⤵
  PID:6772
- C:\Windows\System\sXJNPMw.exe
  C:\Windows\System\sXJNPMw.exe
  2⤵
  PID:6788
- C:\Windows\System\piUYdbd.exe
  C:\Windows\System\piUYdbd.exe
  2⤵
  PID:6804
- C:\Windows\System\gRJWCTd.exe
  C:\Windows\System\gRJWCTd.exe
  2⤵
  PID:6820
- C:\Windows\System\xRHHXxi.exe
  C:\Windows\System\xRHHXxi.exe
  2⤵
  PID:6836
- C:\Windows\System\tMskznC.exe
  C:\Windows\System\tMskznC.exe
  2⤵
  PID:6852
- C:\Windows\System\YqLUJoc.exe
  C:\Windows\System\YqLUJoc.exe
  2⤵
  PID:6868
- C:\Windows\System\AiluIwP.exe
  C:\Windows\System\AiluIwP.exe
  2⤵
  PID:6884
- C:\Windows\System\HvWTYWc.exe
  C:\Windows\System\HvWTYWc.exe
  2⤵
  PID:6900
- C:\Windows\System\SNRUGzj.exe
  C:\Windows\System\SNRUGzj.exe
  2⤵
  PID:6916
- C:\Windows\System\NVsixQZ.exe
  C:\Windows\System\NVsixQZ.exe
  2⤵
  PID:6932
- C:\Windows\System\mSmrpsR.exe
  C:\Windows\System\mSmrpsR.exe
  2⤵
  PID:6948
- C:\Windows\System\oIojCrD.exe
  C:\Windows\System\oIojCrD.exe
  2⤵
  PID:6964
- C:\Windows\System\iMnsrUa.exe
  C:\Windows\System\iMnsrUa.exe
  2⤵
  PID:6980
- C:\Windows\System\ttEZUUY.exe
  C:\Windows\System\ttEZUUY.exe
  2⤵
  PID:6996
- C:\Windows\System\DhpDAiV.exe
  C:\Windows\System\DhpDAiV.exe
  2⤵
  PID:7012
- C:\Windows\System\ZuhzQUV.exe
  C:\Windows\System\ZuhzQUV.exe
  2⤵
  PID:7028
- C:\Windows\System\ZqfMMoY.exe
  C:\Windows\System\ZqfMMoY.exe
  2⤵
  PID:7044
- C:\Windows\System\xSMAaDh.exe
  C:\Windows\System\xSMAaDh.exe
  2⤵
  PID:7060
- C:\Windows\System\pFoXaKg.exe
  C:\Windows\System\pFoXaKg.exe
  2⤵
  PID:7076
- C:\Windows\System\VZjmKXW.exe
  C:\Windows\System\VZjmKXW.exe
  2⤵
  PID:7092
- C:\Windows\System\trWTwLq.exe
  C:\Windows\System\trWTwLq.exe
  2⤵
  PID:7108
- C:\Windows\System\iWoGXyN.exe
  C:\Windows\System\iWoGXyN.exe
  2⤵
  PID:7124
- C:\Windows\System\cRQNrVj.exe
  C:\Windows\System\cRQNrVj.exe
  2⤵
  PID:7140
- C:\Windows\System\BbjpoOv.exe
  C:\Windows\System\BbjpoOv.exe
  2⤵
  PID:7156
- C:\Windows\System\PwzbyCj.exe
  C:\Windows\System\PwzbyCj.exe
  2⤵
  PID:5456
- C:\Windows\System\lHRLzMB.exe
  C:\Windows\System\lHRLzMB.exe
  2⤵
  PID:6156
- C:\Windows\System\WksPfPx.exe
  C:\Windows\System\WksPfPx.exe
  2⤵
  PID:6220
- C:\Windows\System\YrSBScX.exe
  C:\Windows\System\YrSBScX.exe
  2⤵
  PID:6176
- C:\Windows\System\jTCosmx.exe
  C:\Windows\System\jTCosmx.exe
  2⤵
  PID:6240
- C:\Windows\System\rSRKvDV.exe
  C:\Windows\System\rSRKvDV.exe
  2⤵
  PID:6300
- C:\Windows\System\pXPfoMl.exe
  C:\Windows\System\pXPfoMl.exe
  2⤵
  PID:1256
- C:\Windows\System\ENULVaG.exe
  C:\Windows\System\ENULVaG.exe
  2⤵
  PID:6396
- C:\Windows\System\EunNjNc.exe
  C:\Windows\System\EunNjNc.exe
  2⤵
  PID:6352
- C:\Windows\System\NZMsNEu.exe
  C:\Windows\System\NZMsNEu.exe
  2⤵
  PID:6412
- C:\Windows\System\jQWNyet.exe
  C:\Windows\System\jQWNyet.exe
  2⤵
  PID:6476
- C:\Windows\System\CVWJWhW.exe
  C:\Windows\System\CVWJWhW.exe
  2⤵
  PID:6464
- C:\Windows\System\TCeCupC.exe
  C:\Windows\System\TCeCupC.exe
  2⤵
  PID:6528
- C:\Windows\System\sCebjzG.exe
  C:\Windows\System\sCebjzG.exe
  2⤵
  PID:6588
- C:\Windows\System\JqWdzno.exe
  C:\Windows\System\JqWdzno.exe
  2⤵
  PID:6540
- C:\Windows\System\buveqnX.exe
  C:\Windows\System\buveqnX.exe
  2⤵
  PID:6608
- C:\Windows\System\LorHZSJ.exe
  C:\Windows\System\LorHZSJ.exe
  2⤵
  PID:6656
- C:\Windows\System\BiPaQRj.exe
  C:\Windows\System\BiPaQRj.exe
  2⤵
  PID:6672
- C:\Windows\System\TMOmHWd.exe
  C:\Windows\System\TMOmHWd.exe
  2⤵
  PID:6688
- C:\Windows\System\QPRFSvh.exe
  C:\Windows\System\QPRFSvh.exe
  2⤵
  PID:6752
- C:\Windows\System\kHHUiqZ.exe
  C:\Windows\System\kHHUiqZ.exe
  2⤵
  PID:6736
- C:\Windows\System\imAvAOT.exe
  C:\Windows\System\imAvAOT.exe
  2⤵
  PID:6844
- C:\Windows\System\wPfSBAj.exe
  C:\Windows\System\wPfSBAj.exe
  2⤵
  PID:6796
- C:\Windows\System\ehywnsl.exe
  C:\Windows\System\ehywnsl.exe
  2⤵
  PID:6860
- C:\Windows\System\mOgFROY.exe
  C:\Windows\System\mOgFROY.exe
  2⤵
  PID:6892
- C:\Windows\System\eOjTkAr.exe
  C:\Windows\System\eOjTkAr.exe
  2⤵
  PID:6940
- C:\Windows\System\HTEFOzt.exe
  C:\Windows\System\HTEFOzt.exe
  2⤵
  PID:6976
- C:\Windows\System\jesEKKD.exe
  C:\Windows\System\jesEKKD.exe
  2⤵
  PID:7040
- C:\Windows\System\AZZCVxp.exe
  C:\Windows\System\AZZCVxp.exe
  2⤵
  PID:7100
- C:\Windows\System\KkOkpNM.exe
  C:\Windows\System\KkOkpNM.exe
  2⤵
  PID:7052
- C:\Windows\System\dztVtJz.exe
  C:\Windows\System\dztVtJz.exe
  2⤵
  PID:7020
- C:\Windows\System\KrNWrwh.exe
  C:\Windows\System\KrNWrwh.exe
  2⤵
  PID:7132
- C:\Windows\System\XxREVfc.exe
  C:\Windows\System\XxREVfc.exe
  2⤵
  PID:7164
- C:\Windows\System\cAoOxIL.exe
  C:\Windows\System\cAoOxIL.exe
  2⤵
  PID:6188
- C:\Windows\System\XYvqGGn.exe
  C:\Windows\System\XYvqGGn.exe
  2⤵
  PID:6252
- C:\Windows\System\DJXNUva.exe
  C:\Windows\System\DJXNUva.exe
  2⤵
  PID:6364
- C:\Windows\System\jUHYamY.exe
  C:\Windows\System\jUHYamY.exe
  2⤵
  PID:6428
- C:\Windows\System\oqTYecl.exe
  C:\Windows\System\oqTYecl.exe
  2⤵
  PID:6592
- C:\Windows\System\gFKlnqt.exe
  C:\Windows\System\gFKlnqt.exe
  2⤵
  PID:6332
- C:\Windows\System\kBryIrH.exe
  C:\Windows\System\kBryIrH.exe
  2⤵
  PID:6444
- C:\Windows\System\GxsVraN.exe
  C:\Windows\System\GxsVraN.exe
  2⤵
  PID:6572
- C:\Windows\System\eHNybIc.exe
  C:\Windows\System\eHNybIc.exe
  2⤵
  PID:6704
- C:\Windows\System\znQykkO.exe
  C:\Windows\System\znQykkO.exe
  2⤵
  PID:6848
- C:\Windows\System\jXHrBRF.exe
  C:\Windows\System\jXHrBRF.exe
  2⤵
  PID:6748
- C:\Windows\System\MkrSIeO.exe
  C:\Windows\System\MkrSIeO.exe
  2⤵
  PID:6832
- C:\Windows\System\jluOoGd.exe
  C:\Windows\System\jluOoGd.exe
  2⤵
  PID:6924
- C:\Windows\System\gVYZkzm.exe
  C:\Windows\System\gVYZkzm.exe
  2⤵
  PID:7072
- C:\Windows\System\zNndcGV.exe
  C:\Windows\System\zNndcGV.exe
  2⤵
  PID:6960
- C:\Windows\System\PZvmJSu.exe
  C:\Windows\System\PZvmJSu.exe
  2⤵
  PID:7136
- C:\Windows\System\OaNDEXW.exe
  C:\Windows\System\OaNDEXW.exe
  2⤵
  PID:6384
- C:\Windows\System\AmZbieo.exe
  C:\Windows\System\AmZbieo.exe
  2⤵
  PID:7104
- C:\Windows\System\VNuEbxG.exe
  C:\Windows\System\VNuEbxG.exe
  2⤵
  PID:6524
- C:\Windows\System\TKrwYcR.exe
  C:\Windows\System\TKrwYcR.exe
  2⤵
  PID:6624
- C:\Windows\System\hAnZGAT.exe
  C:\Windows\System\hAnZGAT.exe
  2⤵
  PID:6764
- C:\Windows\System\VcxHekE.exe
  C:\Windows\System\VcxHekE.exe
  2⤵
  PID:6828
- C:\Windows\System\bDtzymc.exe
  C:\Windows\System\bDtzymc.exe
  2⤵
  PID:6652
- C:\Windows\System\CmknoWc.exe
  C:\Windows\System\CmknoWc.exe
  2⤵
  PID:7036
- C:\Windows\System\SflmCRR.exe
  C:\Windows\System\SflmCRR.exe
  2⤵
  PID:7084
- C:\Windows\System\wrKRlKc.exe
  C:\Windows\System\wrKRlKc.exe
  2⤵
  PID:5440
- C:\Windows\System\DmqAgkx.exe
  C:\Windows\System\DmqAgkx.exe
  2⤵
  PID:6348
- C:\Windows\System\FcSxXGL.exe
  C:\Windows\System\FcSxXGL.exe
  2⤵
  PID:6908
- C:\Windows\System\FDzEYHz.exe
  C:\Windows\System\FDzEYHz.exe
  2⤵
  PID:6236
- C:\Windows\System\VjCFAdn.exe
  C:\Windows\System\VjCFAdn.exe
  2⤵
  PID:6268
- C:\Windows\System\FNfqoxM.exe
  C:\Windows\System\FNfqoxM.exe
  2⤵
  PID:7184
- C:\Windows\System\NSMuqKC.exe
  C:\Windows\System\NSMuqKC.exe
  2⤵
  PID:7200
- C:\Windows\System\aNxQSne.exe
  C:\Windows\System\aNxQSne.exe
  2⤵
  PID:7216
- C:\Windows\System\zbEVbnP.exe
  C:\Windows\System\zbEVbnP.exe
  2⤵
  PID:7232
- C:\Windows\System\joSHBFA.exe
  C:\Windows\System\joSHBFA.exe
  2⤵
  PID:7248
- C:\Windows\System\rrrNXXa.exe
  C:\Windows\System\rrrNXXa.exe
  2⤵
  PID:7264
- C:\Windows\System\gNHsNek.exe
  C:\Windows\System\gNHsNek.exe
  2⤵
  PID:7280
- C:\Windows\System\OYuGCvL.exe
  C:\Windows\System\OYuGCvL.exe
  2⤵
  PID:7296
- C:\Windows\System\afYeQMa.exe
  C:\Windows\System\afYeQMa.exe
  2⤵
  PID:7312
- C:\Windows\System\TihfRBJ.exe
  C:\Windows\System\TihfRBJ.exe
  2⤵
  PID:7328
- C:\Windows\System\FWPBXtE.exe
  C:\Windows\System\FWPBXtE.exe
  2⤵
  PID:7344
- C:\Windows\System\coFDDzM.exe
  C:\Windows\System\coFDDzM.exe
  2⤵
  PID:7360
- C:\Windows\System\Tjfmbpj.exe
  C:\Windows\System\Tjfmbpj.exe
  2⤵
  PID:7376
- C:\Windows\System\pSHukiN.exe
  C:\Windows\System\pSHukiN.exe
  2⤵
  PID:7392
- C:\Windows\System\PPHGkKr.exe
  C:\Windows\System\PPHGkKr.exe
  2⤵
  PID:7408
- C:\Windows\System\oVuwinC.exe
  C:\Windows\System\oVuwinC.exe
  2⤵
  PID:7424
- C:\Windows\System\VfQPZbG.exe
  C:\Windows\System\VfQPZbG.exe
  2⤵
  PID:7440
- C:\Windows\System\jgqdIJC.exe
  C:\Windows\System\jgqdIJC.exe
  2⤵
  PID:7456
- C:\Windows\System\ngjxJeN.exe
  C:\Windows\System\ngjxJeN.exe
  2⤵
  PID:7472
- C:\Windows\System\AUKDMRL.exe
  C:\Windows\System\AUKDMRL.exe
  2⤵
  PID:7488
- C:\Windows\System\yWfAwMg.exe
  C:\Windows\System\yWfAwMg.exe
  2⤵
  PID:7504
- C:\Windows\System\krDMuWy.exe
  C:\Windows\System\krDMuWy.exe
  2⤵
  PID:7520
- C:\Windows\System\NPfuNBI.exe
  C:\Windows\System\NPfuNBI.exe
  2⤵
  PID:7536
- C:\Windows\System\WoekAhy.exe
  C:\Windows\System\WoekAhy.exe
  2⤵
  PID:7552
- C:\Windows\System\PCkdKcr.exe
  C:\Windows\System\PCkdKcr.exe
  2⤵
  PID:7568
- C:\Windows\System\YUQOHrN.exe
  C:\Windows\System\YUQOHrN.exe
  2⤵
  PID:7584
- C:\Windows\System\qKdhvrV.exe
  C:\Windows\System\qKdhvrV.exe
  2⤵
  PID:7600
- C:\Windows\System\XgSHzTH.exe
  C:\Windows\System\XgSHzTH.exe
  2⤵
  PID:7616
- C:\Windows\System\dilhUwg.exe
  C:\Windows\System\dilhUwg.exe
  2⤵
  PID:7632
- C:\Windows\System\EmjdAZx.exe
  C:\Windows\System\EmjdAZx.exe
  2⤵
  PID:7648
- C:\Windows\System\dNITnAy.exe
  C:\Windows\System\dNITnAy.exe
  2⤵
  PID:7664
- C:\Windows\System\YldxaGh.exe
  C:\Windows\System\YldxaGh.exe
  2⤵
  PID:7680
- C:\Windows\System\QkOKzGE.exe
  C:\Windows\System\QkOKzGE.exe
  2⤵
  PID:7696
- C:\Windows\System\wrQLhbx.exe
  C:\Windows\System\wrQLhbx.exe
  2⤵
  PID:7712
- C:\Windows\System\yQztqds.exe
  C:\Windows\System\yQztqds.exe
  2⤵
  PID:7728
- C:\Windows\System\DwWNqUo.exe
  C:\Windows\System\DwWNqUo.exe
  2⤵
  PID:7744
- C:\Windows\System\icKFUyD.exe
  C:\Windows\System\icKFUyD.exe
  2⤵
  PID:7760
- C:\Windows\System\hqAsQLy.exe
  C:\Windows\System\hqAsQLy.exe
  2⤵
  PID:7776
- C:\Windows\System\yQJujqC.exe
  C:\Windows\System\yQJujqC.exe
  2⤵
  PID:7792
- C:\Windows\System\SMLHHfT.exe
  C:\Windows\System\SMLHHfT.exe
  2⤵
  PID:7808
- C:\Windows\System\aXCnoLG.exe
  C:\Windows\System\aXCnoLG.exe
  2⤵
  PID:7824
- C:\Windows\System\ZfJYmwY.exe
  C:\Windows\System\ZfJYmwY.exe
  2⤵
  PID:7840
- C:\Windows\System\FQpTpms.exe
  C:\Windows\System\FQpTpms.exe
  2⤵
  PID:7856
- C:\Windows\System\ijfsMRW.exe
  C:\Windows\System\ijfsMRW.exe
  2⤵
  PID:7872
- C:\Windows\System\XcqcOGZ.exe
  C:\Windows\System\XcqcOGZ.exe
  2⤵
  PID:7888
- C:\Windows\System\esbXEEx.exe
  C:\Windows\System\esbXEEx.exe
  2⤵
  PID:7904
- C:\Windows\System\xWmvequ.exe
  C:\Windows\System\xWmvequ.exe
  2⤵
  PID:7920
- C:\Windows\System\ysNkPMO.exe
  C:\Windows\System\ysNkPMO.exe
  2⤵
  PID:7936
- C:\Windows\System\icsGeil.exe
  C:\Windows\System\icsGeil.exe
  2⤵
  PID:7952
- C:\Windows\System\KETNYZW.exe
  C:\Windows\System\KETNYZW.exe
  2⤵
  PID:7968
- C:\Windows\System\xRRYrPl.exe
  C:\Windows\System\xRRYrPl.exe
  2⤵
  PID:7984
- C:\Windows\System\obkOITm.exe
  C:\Windows\System\obkOITm.exe
  2⤵
  PID:8000
- C:\Windows\System\UdEFbkX.exe
  C:\Windows\System\UdEFbkX.exe
  2⤵
  PID:8016
- C:\Windows\System\ptPHeMz.exe
  C:\Windows\System\ptPHeMz.exe
  2⤵
  PID:8032
- C:\Windows\System\BXibFjq.exe
  C:\Windows\System\BXibFjq.exe
  2⤵
  PID:8048
- C:\Windows\System\EirPjQQ.exe
  C:\Windows\System\EirPjQQ.exe
  2⤵
  PID:8064
- C:\Windows\System\nxiKSku.exe
  C:\Windows\System\nxiKSku.exe
  2⤵
  PID:8080
- C:\Windows\System\pdQbmFi.exe
  C:\Windows\System\pdQbmFi.exe
  2⤵
  PID:8096
- C:\Windows\System\FXQpVoJ.exe
  C:\Windows\System\FXQpVoJ.exe
  2⤵
  PID:8112
- C:\Windows\System\CDMaNKo.exe
  C:\Windows\System\CDMaNKo.exe
  2⤵
  PID:8128
- C:\Windows\System\DWpJCaQ.exe
  C:\Windows\System\DWpJCaQ.exe
  2⤵
  PID:8144
- C:\Windows\System\sKpxody.exe
  C:\Windows\System\sKpxody.exe
  2⤵
  PID:8160
- C:\Windows\System\NxQQGgU.exe
  C:\Windows\System\NxQQGgU.exe
  2⤵
  PID:8176
- C:\Windows\System\zxrhgrr.exe
  C:\Windows\System\zxrhgrr.exe
  2⤵
  PID:6816
- C:\Windows\System\UAoxvjI.exe
  C:\Windows\System\UAoxvjI.exe
  2⤵
  PID:6720
- C:\Windows\System\gUMdpOl.exe
  C:\Windows\System\gUMdpOl.exe
  2⤵
  PID:7208
- C:\Windows\System\EDnZMLc.exe
  C:\Windows\System\EDnZMLc.exe
  2⤵
  PID:7272
- C:\Windows\System\CfmhYWn.exe
  C:\Windows\System\CfmhYWn.exe
  2⤵
  PID:7224
- C:\Windows\System\DMXeDHR.exe
  C:\Windows\System\DMXeDHR.exe
  2⤵
  PID:7288
- C:\Windows\System\qpMQQch.exe
  C:\Windows\System\qpMQQch.exe
  2⤵
  PID:7324
- C:\Windows\System\UxlxpHe.exe
  C:\Windows\System\UxlxpHe.exe
  2⤵
  PID:7388
- C:\Windows\System\wgDjHGZ.exe
  C:\Windows\System\wgDjHGZ.exe
  2⤵
  PID:7336
- C:\Windows\System\wStctqg.exe
  C:\Windows\System\wStctqg.exe
  2⤵
  PID:7400
- C:\Windows\System\DRywCKw.exe
  C:\Windows\System\DRywCKw.exe
  2⤵
  PID:7484
- C:\Windows\System\ufgTVMm.exe
  C:\Windows\System\ufgTVMm.exe
  2⤵
  PID:7468
- C:\Windows\System\MuhYxbd.exe
  C:\Windows\System\MuhYxbd.exe
  2⤵
  PID:7516
- C:\Windows\System\GMPiwfV.exe
  C:\Windows\System\GMPiwfV.exe
  2⤵
  PID:7576
- C:\Windows\System\LPlfweL.exe
  C:\Windows\System\LPlfweL.exe
  2⤵
  PID:7564
- C:\Windows\System\lUWEGID.exe
  C:\Windows\System\lUWEGID.exe
  2⤵
  PID:7624
- C:\Windows\System\oTBnqsU.exe
  C:\Windows\System\oTBnqsU.exe
  2⤵
  PID:7628
- C:\Windows\System\GsiCaus.exe
  C:\Windows\System\GsiCaus.exe
  2⤵
  PID:7592
- C:\Windows\System\VmPozpY.exe
  C:\Windows\System\VmPozpY.exe
  2⤵
  PID:7692
- C:\Windows\System\vVqIOFg.exe
  C:\Windows\System\vVqIOFg.exe
  2⤵
  PID:7720
- C:\Windows\System\FqgvLoE.exe
  C:\Windows\System\FqgvLoE.exe
  2⤵
  PID:7784
- C:\Windows\System\GwUOWOF.exe
  C:\Windows\System\GwUOWOF.exe
  2⤵
  PID:7768
- C:\Windows\System\HBXpfqg.exe
  C:\Windows\System\HBXpfqg.exe
  2⤵
  PID:7832
- C:\Windows\System\HZKkrAM.exe
  C:\Windows\System\HZKkrAM.exe
  2⤵
  PID:7896
- C:\Windows\System\WcAqLPy.exe
  C:\Windows\System\WcAqLPy.exe
  2⤵
  PID:7912
- C:\Windows\System\kAjNGLo.exe
  C:\Windows\System\kAjNGLo.exe
  2⤵
  PID:7932
- C:\Windows\System\zRwcfEb.exe
  C:\Windows\System\zRwcfEb.exe
  2⤵
  PID:7996
- C:\Windows\System\QlesKTo.exe
  C:\Windows\System\QlesKTo.exe
  2⤵
  PID:8012
- C:\Windows\System\UqxeCKo.exe
  C:\Windows\System\UqxeCKo.exe
  2⤵
  PID:7948
- C:\Windows\System\kKJLWDC.exe
  C:\Windows\System\kKJLWDC.exe
  2⤵
  PID:8076
- C:\Windows\System\PAFiaFE.exe
  C:\Windows\System\PAFiaFE.exe
  2⤵
  PID:8168
- C:\Windows\System\UcOUCSb.exe
  C:\Windows\System\UcOUCSb.exe
  2⤵
  PID:8136
- C:\Windows\System\FaghyAU.exe
  C:\Windows\System\FaghyAU.exe
  2⤵
  PID:7368
- C:\Windows\System\FOyMgsR.exe
  C:\Windows\System\FOyMgsR.exe
  2⤵
  PID:7548
- C:\Windows\System\SpVeYwr.exe
  C:\Windows\System\SpVeYwr.exe
  2⤵
  PID:8060
- C:\Windows\System\RCRIOkK.exe
  C:\Windows\System\RCRIOkK.exe
  2⤵
  PID:8124
- C:\Windows\System\HcaOJQQ.exe
  C:\Windows\System\HcaOJQQ.exe
  2⤵
  PID:8156
- C:\Windows\System\ztXKoHx.exe
  C:\Windows\System\ztXKoHx.exe
  2⤵
  PID:7676
- C:\Windows\System\GuGunLv.exe
  C:\Windows\System\GuGunLv.exe
  2⤵
  PID:7196
- C:\Windows\System\ceIeKjZ.exe
  C:\Windows\System\ceIeKjZ.exe
  2⤵
  PID:7308
- C:\Windows\System\llkFatS.exe
  C:\Windows\System\llkFatS.exe
  2⤵
  PID:7532
- C:\Windows\System\grdKKdo.exe
  C:\Windows\System\grdKKdo.exe
  2⤵
  PID:7736
- C:\Windows\System\qfFEwEu.exe
  C:\Windows\System\qfFEwEu.exe
  2⤵
  PID:7756
- C:\Windows\System\tIrJDVx.exe
  C:\Windows\System\tIrJDVx.exe
  2⤵
  PID:7848
- C:\Windows\System\onfQNNY.exe
  C:\Windows\System\onfQNNY.exe
  2⤵
  PID:7916
- C:\Windows\System\YJvoHEJ.exe
  C:\Windows\System\YJvoHEJ.exe
  2⤵
  PID:8140
- C:\Windows\System\gavWQSW.exe
  C:\Windows\System\gavWQSW.exe
  2⤵
  PID:7868
- C:\Windows\System\LMPNJup.exe
  C:\Windows\System\LMPNJup.exe
  2⤵
  PID:8008
- C:\Windows\System\xSJErVH.exe
  C:\Windows\System\xSJErVH.exe
  2⤵
  PID:6432
- C:\Windows\System\ZUSwtwQ.exe
  C:\Windows\System\ZUSwtwQ.exe
  2⤵
  PID:7384
- C:\Windows\System\HmyvCFi.exe
  C:\Windows\System\HmyvCFi.exe
  2⤵
  PID:8056
- C:\Windows\System\NAjaFMw.exe
  C:\Windows\System\NAjaFMw.exe
  2⤵
  PID:7660
- C:\Windows\System\xZzvzwf.exe
  C:\Windows\System\xZzvzwf.exe
  2⤵
  PID:7180
- C:\Windows\System\QtQFfVY.exe
  C:\Windows\System\QtQFfVY.exe
  2⤵
  PID:7320
- C:\Windows\System\eBALurv.exe
  C:\Windows\System\eBALurv.exe
  2⤵
  PID:7704
- C:\Windows\System\lwKIKQi.exe
  C:\Windows\System\lwKIKQi.exe
  2⤵
  PID:7964
- C:\Windows\System\owQTEUU.exe
  C:\Windows\System\owQTEUU.exe
  2⤵
  PID:7864
- C:\Windows\System\AgbivoT.exe
  C:\Windows\System\AgbivoT.exe
  2⤵
  PID:7928
- C:\Windows\System\VLDehkM.exe
  C:\Windows\System\VLDehkM.exe
  2⤵
  PID:7480
- C:\Windows\System\CKuXYJS.exe
  C:\Windows\System\CKuXYJS.exe
  2⤵
  PID:7420
- C:\Windows\System\scvgqgu.exe
  C:\Windows\System\scvgqgu.exe
  2⤵
  PID:8120
- C:\Windows\System\hdiHoiE.exe
  C:\Windows\System\hdiHoiE.exe
  2⤵
  PID:7752
- C:\Windows\System\zpiQaqg.exe
  C:\Windows\System\zpiQaqg.exe
  2⤵
  PID:7820
- C:\Windows\System\QgUivXk.exe
  C:\Windows\System\QgUivXk.exe
  2⤵
  PID:8152
- C:\Windows\System\uRDWgak.exe
  C:\Windows\System\uRDWgak.exe
  2⤵
  PID:7992
- C:\Windows\System\uxZiala.exe
  C:\Windows\System\uxZiala.exe
  2⤵
  PID:7672
- C:\Windows\System\VJTxZsK.exe
  C:\Windows\System\VJTxZsK.exe
  2⤵
  PID:8208
- C:\Windows\System\AfcWXde.exe
  C:\Windows\System\AfcWXde.exe
  2⤵
  PID:8224
- C:\Windows\System\yMXLzwn.exe
  C:\Windows\System\yMXLzwn.exe
  2⤵
  PID:8240
- C:\Windows\System\RbsdxiX.exe
  C:\Windows\System\RbsdxiX.exe
  2⤵
  PID:8256
- C:\Windows\System\NzXByYT.exe
  C:\Windows\System\NzXByYT.exe
  2⤵
  PID:8272
- C:\Windows\System\kuQUWsm.exe
  C:\Windows\System\kuQUWsm.exe
  2⤵
  PID:8288
- C:\Windows\System\xnDbcHB.exe
  C:\Windows\System\xnDbcHB.exe
  2⤵
  PID:8304
- C:\Windows\System\tKrEsCx.exe
  C:\Windows\System\tKrEsCx.exe
  2⤵
  PID:8320
- C:\Windows\System\hLxSuQz.exe
  C:\Windows\System\hLxSuQz.exe
  2⤵
  PID:8336
- C:\Windows\System\ByPhLIp.exe
  C:\Windows\System\ByPhLIp.exe
  2⤵
  PID:8352
- C:\Windows\System\VCloqiF.exe
  C:\Windows\System\VCloqiF.exe
  2⤵
  PID:8368
- C:\Windows\System\WgGDxtf.exe
  C:\Windows\System\WgGDxtf.exe
  2⤵
  PID:8384
- C:\Windows\System\BaEnxlg.exe
  C:\Windows\System\BaEnxlg.exe
  2⤵
  PID:8400
- C:\Windows\System\LTlXCRp.exe
  C:\Windows\System\LTlXCRp.exe
  2⤵
  PID:8416
- C:\Windows\System\KgmjNqz.exe
  C:\Windows\System\KgmjNqz.exe
  2⤵
  PID:8432
- C:\Windows\System\ejYscEU.exe
  C:\Windows\System\ejYscEU.exe
  2⤵
  PID:8448
- C:\Windows\System\MkEmFOj.exe
  C:\Windows\System\MkEmFOj.exe
  2⤵
  PID:8464
- C:\Windows\System\EZMcKUg.exe
  C:\Windows\System\EZMcKUg.exe
  2⤵
  PID:8480
- C:\Windows\System\BMuFcyE.exe
  C:\Windows\System\BMuFcyE.exe
  2⤵
  PID:8496
- C:\Windows\System\LRTRsZa.exe
  C:\Windows\System\LRTRsZa.exe
  2⤵
  PID:8512
- C:\Windows\System\Kvtkmtu.exe
  C:\Windows\System\Kvtkmtu.exe
  2⤵
  PID:8528
- C:\Windows\System\ZQLzrpW.exe
  C:\Windows\System\ZQLzrpW.exe
  2⤵
  PID:8544
- C:\Windows\System\zfEQumq.exe
  C:\Windows\System\zfEQumq.exe
  2⤵
  PID:8560
- C:\Windows\System\goLilFI.exe
  C:\Windows\System\goLilFI.exe
  2⤵
  PID:8576
- C:\Windows\System\otmuMyF.exe
  C:\Windows\System\otmuMyF.exe
  2⤵
  PID:8592
- C:\Windows\System\noNHJYT.exe
  C:\Windows\System\noNHJYT.exe
  2⤵
  PID:8608
- C:\Windows\System\MFUUSkr.exe
  C:\Windows\System\MFUUSkr.exe
  2⤵
  PID:8624
- C:\Windows\System\EQPBIPo.exe
  C:\Windows\System\EQPBIPo.exe
  2⤵
  PID:8640
- C:\Windows\System\BAcCxsd.exe
  C:\Windows\System\BAcCxsd.exe
  2⤵
  PID:8656
- C:\Windows\System\fgxjPrW.exe
  C:\Windows\System\fgxjPrW.exe
  2⤵
  PID:8672
- C:\Windows\System\HmNWaEb.exe
  C:\Windows\System\HmNWaEb.exe
  2⤵
  PID:8688
- C:\Windows\System\lpMYaFt.exe
  C:\Windows\System\lpMYaFt.exe
  2⤵
  PID:8704
- C:\Windows\System\dVNybWN.exe
  C:\Windows\System\dVNybWN.exe
  2⤵
  PID:8720
- C:\Windows\System\ycloaYo.exe
  C:\Windows\System\ycloaYo.exe
  2⤵
  PID:8736
- C:\Windows\System\eGOVJMP.exe
  C:\Windows\System\eGOVJMP.exe
  2⤵
  PID:8752
- C:\Windows\System\NefTwMz.exe
  C:\Windows\System\NefTwMz.exe
  2⤵
  PID:8768
- C:\Windows\System\DrhOFCa.exe
  C:\Windows\System\DrhOFCa.exe
  2⤵
  PID:8784
- C:\Windows\System\umnwODO.exe
  C:\Windows\System\umnwODO.exe
  2⤵
  PID:8800
- C:\Windows\System\uCvbhsd.exe
  C:\Windows\System\uCvbhsd.exe
  2⤵
  PID:8816
- C:\Windows\System\xQVrhIE.exe
  C:\Windows\System\xQVrhIE.exe
  2⤵
  PID:8832
- C:\Windows\System\ZTsvvgK.exe
  C:\Windows\System\ZTsvvgK.exe
  2⤵
  PID:8848
- C:\Windows\System\rQArJNL.exe
  C:\Windows\System\rQArJNL.exe
  2⤵
  PID:8864
- C:\Windows\System\OBTyIDN.exe
  C:\Windows\System\OBTyIDN.exe
  2⤵
  PID:8880
- C:\Windows\System\jATBnPd.exe
  C:\Windows\System\jATBnPd.exe
  2⤵
  PID:8896
- C:\Windows\System\WhkLvXm.exe
  C:\Windows\System\WhkLvXm.exe
  2⤵
  PID:8912
- C:\Windows\System\xbgKFdz.exe
  C:\Windows\System\xbgKFdz.exe
  2⤵
  PID:8928
- C:\Windows\System\CbQXacl.exe
  C:\Windows\System\CbQXacl.exe
  2⤵
  PID:8944
- C:\Windows\System\TZpFKKe.exe
  C:\Windows\System\TZpFKKe.exe
  2⤵
  PID:8964
- C:\Windows\System\hPkVYLP.exe
  C:\Windows\System\hPkVYLP.exe
  2⤵
  PID:8980
- C:\Windows\System\ougvraH.exe
  C:\Windows\System\ougvraH.exe
  2⤵
  PID:8996
- C:\Windows\System\ZcLNxri.exe
  C:\Windows\System\ZcLNxri.exe
  2⤵
  PID:9012
- C:\Windows\System\mgKWPjh.exe
  C:\Windows\System\mgKWPjh.exe
  2⤵
  PID:9028
- C:\Windows\System\TriekqG.exe
  C:\Windows\System\TriekqG.exe
  2⤵
  PID:9044
- C:\Windows\System\BanTtWm.exe
  C:\Windows\System\BanTtWm.exe
  2⤵
  PID:9060
- C:\Windows\System\ngIPRWQ.exe
  C:\Windows\System\ngIPRWQ.exe
  2⤵
  PID:9076
- C:\Windows\System\kYlpGgW.exe
  C:\Windows\System\kYlpGgW.exe
  2⤵
  PID:9092
- C:\Windows\System\Qdsmfxq.exe
  C:\Windows\System\Qdsmfxq.exe
  2⤵
  PID:9108
- C:\Windows\System\kETGuXD.exe
  C:\Windows\System\kETGuXD.exe
  2⤵
  PID:9124
- C:\Windows\System\SinBeuH.exe
  C:\Windows\System\SinBeuH.exe
  2⤵
  PID:9140
- C:\Windows\System\NQVhhCh.exe
  C:\Windows\System\NQVhhCh.exe
  2⤵
  PID:9156
- C:\Windows\System\ltnYuew.exe
  C:\Windows\System\ltnYuew.exe
  2⤵
  PID:9172
- C:\Windows\System\vASGtin.exe
  C:\Windows\System\vASGtin.exe
  2⤵
  PID:9188
- C:\Windows\System\fVdCwet.exe
  C:\Windows\System\fVdCwet.exe
  2⤵
  PID:9204
- C:\Windows\System\FSLxgZc.exe
  C:\Windows\System\FSLxgZc.exe
  2⤵
  PID:7356
- C:\Windows\System\XZoEEDO.exe
  C:\Windows\System\XZoEEDO.exe
  2⤵
  PID:8204
- C:\Windows\System\qXAcFbR.exe
  C:\Windows\System\qXAcFbR.exe
  2⤵
  PID:8220
- C:\Windows\System\tSKTUNR.exe
  C:\Windows\System\tSKTUNR.exe
  2⤵
  PID:8268
- C:\Windows\System\sOXEiaS.exe
  C:\Windows\System\sOXEiaS.exe
  2⤵
  PID:8332
- C:\Windows\System\UPVcTDI.exe
  C:\Windows\System\UPVcTDI.exe
  2⤵
  PID:8280
- C:\Windows\System\ThcuBYR.exe
  C:\Windows\System\ThcuBYR.exe
  2⤵
  PID:8344
- C:\Windows\System\iOVTpds.exe
  C:\Windows\System\iOVTpds.exe
  2⤵
  PID:8284
- C:\Windows\System\CQNeImR.exe
  C:\Windows\System\CQNeImR.exe
  2⤵
  PID:8428
- C:\Windows\System\UMPYakD.exe
  C:\Windows\System\UMPYakD.exe
  2⤵
  PID:8520
- C:\Windows\System\WhZSQZF.exe
  C:\Windows\System\WhZSQZF.exe
  2⤵
  PID:8444
- C:\Windows\System\YmiZnZH.exe
  C:\Windows\System\YmiZnZH.exe
  2⤵
  PID:8476
- C:\Windows\System\kbnEBRS.exe
  C:\Windows\System\kbnEBRS.exe
  2⤵
  PID:8536
- C:\Windows\System\LRzawfz.exe
  C:\Windows\System\LRzawfz.exe
  2⤵
  PID:8588
- C:\Windows\System\JWIhfCm.exe
  C:\Windows\System\JWIhfCm.exe
  2⤵
  PID:8616
- C:\Windows\System\qFeigJP.exe
  C:\Windows\System\qFeigJP.exe
  2⤵
  PID:8636
- C:\Windows\System\XrXzYxn.exe
  C:\Windows\System\XrXzYxn.exe
  2⤵
  PID:8716
- C:\Windows\System\FprVzcy.exe
  C:\Windows\System\FprVzcy.exe
  2⤵
  PID:8728
- C:\Windows\System\nRUXCJA.exe
  C:\Windows\System\nRUXCJA.exe
  2⤵
  PID:8748
- C:\Windows\System\tUoQiXb.exe
  C:\Windows\System\tUoQiXb.exe
  2⤵
  PID:8808
- C:\Windows\System\iJNMSZo.exe
  C:\Windows\System\iJNMSZo.exe
  2⤵
  PID:8796
- C:\Windows\System\xnraPCq.exe
  C:\Windows\System\xnraPCq.exe
  2⤵
  PID:8872
- C:\Windows\System\uhApMeW.exe
  C:\Windows\System\uhApMeW.exe
  2⤵
  PID:8876
- C:\Windows\System\KBbPRGz.exe
  C:\Windows\System\KBbPRGz.exe
  2⤵
  PID:8904
- C:\Windows\System\ohjekKP.exe
  C:\Windows\System\ohjekKP.exe
  2⤵
  PID:8940
- C:\Windows\System\HnmcsKM.exe
  C:\Windows\System\HnmcsKM.exe
  2⤵
  PID:8976
- C:\Windows\System\AdfNnWD.exe
  C:\Windows\System\AdfNnWD.exe
  2⤵
  PID:9036
- C:\Windows\System\AeoQYlZ.exe
  C:\Windows\System\AeoQYlZ.exe
  2⤵
  PID:9100
- C:\Windows\System\quUaNQP.exe
  C:\Windows\System\quUaNQP.exe
  2⤵
  PID:9020
- C:\Windows\System\oFvjJtR.exe
  C:\Windows\System\oFvjJtR.exe
  2⤵
  PID:8988
- C:\Windows\System\CFJwSbE.exe
  C:\Windows\System\CFJwSbE.exe
  2⤵
  PID:9084
- C:\Windows\System\bioPOcj.exe
  C:\Windows\System\bioPOcj.exe
  2⤵
  PID:9180
- C:\Windows\System\xVKqeZj.exe
  C:\Windows\System\xVKqeZj.exe
  2⤵
  PID:9200
- C:\Windows\System\fRAVimN.exe
  C:\Windows\System\fRAVimN.exe
  2⤵
  PID:8236
- C:\Windows\System\YWYjqVX.exe
  C:\Windows\System\YWYjqVX.exe
  2⤵
  PID:8264
- C:\Windows\System\NBfmGLg.exe
  C:\Windows\System\NBfmGLg.exe
  2⤵
  PID:8300
- C:\Windows\System\lKZoXGq.exe
  C:\Windows\System\lKZoXGq.exe
  2⤵
  PID:8456
- C:\Windows\System\IdccgVk.exe
  C:\Windows\System\IdccgVk.exe
  2⤵
  PID:8568
- C:\Windows\System\XDLhHmn.exe
  C:\Windows\System\XDLhHmn.exe
  2⤵
  PID:8492
- C:\Windows\System\xqZezZG.exe
  C:\Windows\System\xqZezZG.exe
  2⤵
  PID:8408
- C:\Windows\System\eiGaKFf.exe
  C:\Windows\System\eiGaKFf.exe
  2⤵
  PID:8604
- C:\Windows\System\lClDUuW.exe
  C:\Windows\System\lClDUuW.exe
  2⤵
  PID:8696
- C:\Windows\System\KSskiTw.exe
  C:\Windows\System\KSskiTw.exe
  2⤵
  PID:8668
- C:\Windows\System\gAUDIht.exe
  C:\Windows\System\gAUDIht.exe
  2⤵
  PID:8888
- C:\Windows\System\EfuyPMb.exe
  C:\Windows\System\EfuyPMb.exe
  2⤵
  PID:8828
- C:\Windows\System\DpdmOSM.exe
  C:\Windows\System\DpdmOSM.exe
  2⤵
  PID:8936
- C:\Windows\System\vLGgzfY.exe
  C:\Windows\System\vLGgzfY.exe
  2⤵
  PID:9136
- C:\Windows\System\EPZLEgj.exe
  C:\Windows\System\EPZLEgj.exe
  2⤵
  PID:9072
- C:\Windows\System\dAMjFLO.exe
  C:\Windows\System\dAMjFLO.exe
  2⤵
  PID:8200
- C:\Windows\System\wMgsxWw.exe
  C:\Windows\System\wMgsxWw.exe
  2⤵
  PID:8552
- C:\Windows\System\brYNhWA.exe
  C:\Windows\System\brYNhWA.exe
  2⤵
  PID:8380
- C:\Windows\System\RQwCwCD.exe
  C:\Windows\System\RQwCwCD.exe
  2⤵
  PID:9152
- C:\Windows\System\CFjzuhT.exe
  C:\Windows\System\CFjzuhT.exe
  2⤵
  PID:9288
- C:\Windows\System\jpgeTHn.exe
  C:\Windows\System\jpgeTHn.exe
  2⤵
  PID:9304
- C:\Windows\System\IBcHRqo.exe
  C:\Windows\System\IBcHRqo.exe
  2⤵
  PID:9324
- C:\Windows\System\fcyXhsC.exe
  C:\Windows\System\fcyXhsC.exe
  2⤵
  PID:9340
- C:\Windows\System\MFMZfnD.exe
  C:\Windows\System\MFMZfnD.exe
  2⤵
  PID:9356
- C:\Windows\System\jdkqhbJ.exe
  C:\Windows\System\jdkqhbJ.exe
  2⤵
  PID:9372
- C:\Windows\System\wZWlMpZ.exe
  C:\Windows\System\wZWlMpZ.exe
  2⤵
  PID:9388
- C:\Windows\System\QBLEOeu.exe
  C:\Windows\System\QBLEOeu.exe
  2⤵
  PID:9404
- C:\Windows\System\ChLSmQz.exe
  C:\Windows\System\ChLSmQz.exe
  2⤵
  PID:9420
- C:\Windows\System\QLYzbGz.exe
  C:\Windows\System\QLYzbGz.exe
  2⤵
  PID:9436
- C:\Windows\System\FWMhQEY.exe
  C:\Windows\System\FWMhQEY.exe
  2⤵
  PID:9452
- C:\Windows\System\aUifMTc.exe
  C:\Windows\System\aUifMTc.exe
  2⤵
  PID:9468
- C:\Windows\System\vFtaTFr.exe
  C:\Windows\System\vFtaTFr.exe
  2⤵
  PID:9484
- C:\Windows\System\PEIAqbQ.exe
  C:\Windows\System\PEIAqbQ.exe
  2⤵
  PID:9500
- C:\Windows\System\tVWGSzY.exe
  C:\Windows\System\tVWGSzY.exe
  2⤵
  PID:9516
- C:\Windows\System\TyxSrdh.exe
  C:\Windows\System\TyxSrdh.exe
  2⤵
  PID:9532
- C:\Windows\System\xvBDnrx.exe
  C:\Windows\System\xvBDnrx.exe
  2⤵
  PID:9548
- C:\Windows\System\SDRlsdz.exe
  C:\Windows\System\SDRlsdz.exe
  2⤵
  PID:9564
- C:\Windows\System\iMYxBPn.exe
  C:\Windows\System\iMYxBPn.exe
  2⤵
  PID:9580
- C:\Windows\System\KbyTxoV.exe
  C:\Windows\System\KbyTxoV.exe
  2⤵
  PID:9596
- C:\Windows\System\vKPmacr.exe
  C:\Windows\System\vKPmacr.exe
  2⤵
  PID:9612
- C:\Windows\System\pIoGSYn.exe
  C:\Windows\System\pIoGSYn.exe
  2⤵
  PID:9632
- C:\Windows\System\ILOgRjN.exe
  C:\Windows\System\ILOgRjN.exe
  2⤵
  PID:9648
- C:\Windows\System\sffgXGc.exe
  C:\Windows\System\sffgXGc.exe
  2⤵
  PID:9664
- C:\Windows\System\zZvIViW.exe
  C:\Windows\System\zZvIViW.exe
  2⤵
  PID:9680
- C:\Windows\System\jKDypsd.exe
  C:\Windows\System\jKDypsd.exe
  2⤵
  PID:9696
- C:\Windows\System\CLFJWRu.exe
  C:\Windows\System\CLFJWRu.exe
  2⤵
  PID:9712
- C:\Windows\System\LdFCalL.exe
  C:\Windows\System\LdFCalL.exe
  2⤵
  PID:9736
- C:\Windows\System\aQDBlWg.exe
  C:\Windows\System\aQDBlWg.exe
  2⤵
  PID:9752
- C:\Windows\System\TZsjgYl.exe
  C:\Windows\System\TZsjgYl.exe
  2⤵
  PID:9772
- C:\Windows\System\UzLTNXo.exe
  C:\Windows\System\UzLTNXo.exe
  2⤵
  PID:9788
- C:\Windows\System\hAPOyPE.exe
  C:\Windows\System\hAPOyPE.exe
  2⤵
  PID:9804
- C:\Windows\System\ScBUPXG.exe
  C:\Windows\System\ScBUPXG.exe
  2⤵
  PID:9832
- C:\Windows\System\LUluBnZ.exe
  C:\Windows\System\LUluBnZ.exe
  2⤵
  PID:9852
- C:\Windows\System\DLhdrdq.exe
  C:\Windows\System\DLhdrdq.exe
  2⤵
  PID:9868
- C:\Windows\System\TSRdbMN.exe
  C:\Windows\System\TSRdbMN.exe
  2⤵
  PID:9884
- C:\Windows\System\gTYvKHM.exe
  C:\Windows\System\gTYvKHM.exe
  2⤵
  PID:9900
- C:\Windows\System\kGxNfCv.exe
  C:\Windows\System\kGxNfCv.exe
  2⤵
  PID:9916
- C:\Windows\System\HqIsFVH.exe
  C:\Windows\System\HqIsFVH.exe
  2⤵
  PID:9932
- C:\Windows\System\fwkVEBe.exe
  C:\Windows\System\fwkVEBe.exe
  2⤵
  PID:9948
- C:\Windows\System\qDfYKqH.exe
  C:\Windows\System\qDfYKqH.exe
  2⤵
  PID:9964
- C:\Windows\System\NfTDzvH.exe
  C:\Windows\System\NfTDzvH.exe
  2⤵
  PID:9980
- C:\Windows\System\QHOkjXU.exe
  C:\Windows\System\QHOkjXU.exe
  2⤵
  PID:9996
- C:\Windows\System\VgirpKD.exe
  C:\Windows\System\VgirpKD.exe
  2⤵
  PID:10012
- C:\Windows\System\lKhSccA.exe
  C:\Windows\System\lKhSccA.exe
  2⤵
  PID:10032
- C:\Windows\System\hgFZQSs.exe
  C:\Windows\System\hgFZQSs.exe
  2⤵
  PID:9132
- C:\Windows\System\IuSrSEH.exe
  C:\Windows\System\IuSrSEH.exe
  2⤵
  PID:7192
- C:\Windows\System\klMapFI.exe
  C:\Windows\System\klMapFI.exe
  2⤵
  PID:9228
- C:\Windows\System\TxWxaqC.exe
  C:\Windows\System\TxWxaqC.exe
  2⤵
  PID:9244
- C:\Windows\System\IpcYELk.exe
  C:\Windows\System\IpcYELk.exe
  2⤵
  PID:9260
- C:\Windows\System\wVsTzNi.exe
  C:\Windows\System\wVsTzNi.exe
  2⤵
  PID:9276
- C:\Windows\System\RJhkFab.exe
  C:\Windows\System\RJhkFab.exe
  2⤵
  PID:9368
- C:\Windows\System\mlfPdZx.exe
  C:\Windows\System\mlfPdZx.exe
  2⤵
  PID:9348
- C:\Windows\System\DgxHuhn.exe
  C:\Windows\System\DgxHuhn.exe
  2⤵
  PID:9412
- C:\Windows\System\vbiWCdL.exe
  C:\Windows\System\vbiWCdL.exe
  2⤵
  PID:9432
- C:\Windows\System\ZcKBGGn.exe
  C:\Windows\System\ZcKBGGn.exe
  2⤵
  PID:9492
- C:\Windows\System\aJHfbhJ.exe
  C:\Windows\System\aJHfbhJ.exe
  2⤵
  PID:9556
- C:\Windows\System\IuDcsxB.exe
  C:\Windows\System\IuDcsxB.exe
  2⤵
  PID:9620
- C:\Windows\System\MpcJDIv.exe
  C:\Windows\System\MpcJDIv.exe
  2⤵
  PID:9508
- C:\Windows\System\AOVTWhR.exe
  C:\Windows\System\AOVTWhR.exe
  2⤵
  PID:9480
- C:\Windows\System\fPsYpvd.exe
  C:\Windows\System\fPsYpvd.exe
  2⤵
  PID:9628
- C:\Windows\System\GHvLfKW.exe
  C:\Windows\System\GHvLfKW.exe
  2⤵
  PID:9688
- C:\Windows\System\NjKmGyV.exe
  C:\Windows\System\NjKmGyV.exe
  2⤵
  PID:9708
- C:\Windows\System\MdCpAHE.exe
  C:\Windows\System\MdCpAHE.exe
  2⤵
  PID:9724
- C:\Windows\System\raPxNhu.exe
  C:\Windows\System\raPxNhu.exe
  2⤵
  PID:9768
- C:\Windows\System\zlPFMLj.exe
  C:\Windows\System\zlPFMLj.exe
  2⤵
  PID:9744
- C:\Windows\System\XZyOKlM.exe
  C:\Windows\System\XZyOKlM.exe
  2⤵
  PID:9816
- C:\Windows\System\AbzYhsY.exe
  C:\Windows\System\AbzYhsY.exe
  2⤵
  PID:9828
- C:\Windows\System\rMvklJE.exe
  C:\Windows\System\rMvklJE.exe
  2⤵
  PID:9864
- C:\Windows\System\wViKmvd.exe
  C:\Windows\System\wViKmvd.exe
  2⤵
  PID:9908
- C:\Windows\System\pNcEBxM.exe
  C:\Windows\System\pNcEBxM.exe
  2⤵
  PID:9944
- C:\Windows\System\ZtgxdiQ.exe
  C:\Windows\System\ZtgxdiQ.exe
  2⤵
  PID:9960
- C:\Windows\System\cWMwbDV.exe
  C:\Windows\System\cWMwbDV.exe
  2⤵
  PID:10004
- C:\Windows\System\hxaMSUd.exe
  C:\Windows\System\hxaMSUd.exe
  2⤵
  PID:10024
- C:\Windows\System\DcPFJRM.exe
  C:\Windows\System\DcPFJRM.exe
  2⤵
  PID:10048
- C:\Windows\System\bSicDdi.exe
  C:\Windows\System\bSicDdi.exe
  2⤵
  PID:10072
- C:\Windows\System\UhURjbG.exe
  C:\Windows\System\UhURjbG.exe
  2⤵
  PID:10088
- C:\Windows\System\pTLUgAi.exe
  C:\Windows\System\pTLUgAi.exe
  2⤵
  PID:10104
- C:\Windows\System\WjLXUgA.exe
  C:\Windows\System\WjLXUgA.exe
  2⤵
  PID:10120
- C:\Windows\System\erkSblc.exe
  C:\Windows\System\erkSblc.exe
  2⤵
  PID:10136
- C:\Windows\System\oQNKAtB.exe
  C:\Windows\System\oQNKAtB.exe
  2⤵
  PID:10152
- C:\Windows\System\cFlJECl.exe
  C:\Windows\System\cFlJECl.exe
  2⤵
  PID:10200
- C:\Windows\System\FIVmHdb.exe
  C:\Windows\System\FIVmHdb.exe
  2⤵
  PID:8652
- C:\Windows\System\jouwQMu.exe
  C:\Windows\System\jouwQMu.exe
  2⤵
  PID:10196
- C:\Windows\System\Dmbxeqw.exe
  C:\Windows\System\Dmbxeqw.exe
  2⤵
  PID:10220
- C:\Windows\System\AsDUleo.exe
  C:\Windows\System\AsDUleo.exe
  2⤵
  PID:10236
- C:\Windows\System\QMSCdaG.exe
  C:\Windows\System\QMSCdaG.exe
  2⤵
  PID:9332
- C:\Windows\System\nKNuELs.exe
  C:\Windows\System\nKNuELs.exe
  2⤵
  PID:8712
- C:\Windows\System\QWWZAUS.exe
  C:\Windows\System\QWWZAUS.exe
  2⤵
  PID:8956
- C:\Windows\System\QjXobxl.exe
  C:\Windows\System\QjXobxl.exe
  2⤵
  PID:8508
- C:\Windows\System\DlJTTIp.exe
  C:\Windows\System\DlJTTIp.exe
  2⤵
  PID:9220
- C:\Windows\System\GXuSYbY.exe
  C:\Windows\System\GXuSYbY.exe
  2⤵
  PID:9224
- C:\Windows\System\KeXxEJY.exe
  C:\Windows\System\KeXxEJY.exe
  2⤵
  PID:9236
- C:\Windows\System\AkcWBsy.exe
  C:\Windows\System\AkcWBsy.exe
  2⤵
  PID:9400
- C:\Windows\System\GdBzRiF.exe
  C:\Windows\System\GdBzRiF.exe
  2⤵
  PID:9460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\IWCoXIF.exe

Filesize
6.0MB

MD5
4925ae5d687916bc8df506c57f4740f4

SHA1
662c35859653ad7ac7c5d73696d8f31f0e3370be

SHA256
02f64e7d2fd967bae0374a8815d74c7d51eb3501f90920247bf5a208e887f695

SHA512
78eefdd7510a0a2f7477a2c130ccfef750a4e646e51b1bcc4c026a617ae62d8ddf14242c801be0df86694cca7f9d3014065980f874ff9e72c484937ba81c1f9e

Download Submit
C:\Windows\system\JzDbhOe.exe

Filesize
6.0MB

MD5
d25a85810233b7246c817eaffb34981b

SHA1
fe65a06aa7c3ac7a51595497bce3e464a1421a7d

SHA256
eb507e93393ca6079794e76e163cb90db99dab570b360f363e2cfb5c0183a63e

SHA512
e7e2aa50863b9e0bde81e44b5426680361f8d14e15ea3827ffb0be3bdbdd5159a2554909cf0b7a82ea667a125db4b6b5787bf2e3d9d24ed5cdfee1d4c2201e47

Download Submit
C:\Windows\system\KTvhUfO.exe

Filesize
6.0MB

MD5
021c9546780b9b5c7ed0642c940af820

SHA1
cd1303e407b3f33613785f127833e57d61e7091d

SHA256
8dbed608d3dc1dcf4ed1880905fc7b42190225503d2609db6999fbcf37b80ff8

SHA512
3797e1dbc19cf73f388d6785768d68c1b8cf8155c524930561a207bdacb71f31e6e03ecd0b901f9e6de33a11ac466983f8c08deb156ad83a7bbf0668485cef20

Download Submit
C:\Windows\system\Kkjevpi.exe

Filesize
6.0MB

MD5
5b561cc07b74f4cdd95363613b2cef45

SHA1
703f700cf7ea99595248e044b38124415b49e2df

SHA256
2d6fe3d9d9dcb68370901cbeacee64028430eb99830ed9e5189b501e7a635e2f

SHA512
f390bbac2ec27d71498ff9f7109e4b16ea4513be7ada9679cb493fe7856e591a089e0215fe104d01fbf5473ea6b92495c12eaad0d96960d894537ecb53a5c0c4

Download Submit
C:\Windows\system\LuVKMkq.exe

Filesize
6.0MB

MD5
c0c987edea7ba1cee1a7d74dead9f9fb

SHA1
82bbd8ed8aa841d10d9b4fa2441cc94abd8c4d29

SHA256
69fb95214ca4a89311e58a7471a810aa4397eeba42ebd4cc9ca2dbd88eb5ff60

SHA512
8b31f34b9e48f1f6c40de363df2fe298505e25496271cf820386958cc7c2cb9511562a778b5bad9dd1b91034a77564278c6358e7ffaeffdc4bf2687f1f230a09

Download Submit
C:\Windows\system\PQHMkQn.exe

Filesize
6.0MB

MD5
f4624acf76084c9b014bf64c1e332a88

SHA1
b648921fe0dd881ff228d9ee1bf21e517af43fc5

SHA256
e1961f715d63c8e99e8ba651125a1fa9a8979224d54dc615abc52afe10fa8c0c

SHA512
bbe542728a061872ed7c95f5eed638b7456ecf71baf29eab0f572f18c5d0b9752fd4f848b83ccc130077633c77ed66eb8a510e6ac5501feaafd6d862a5bd0ef2

Download Submit
C:\Windows\system\RSyPWZn.exe

Filesize
6.0MB

MD5
365566c550b642cb4f1f240eeaf45cfc

SHA1
a961ec1f9f5d568e313c2589b6040bfeacb8e4ef

SHA256
fed5940048e13e2d2c93b2bbad489ac92d806bda85aa96475a53bb27d0120a6b

SHA512
49eed66912a022c15e2e4c981dae5361a7a11ecb898ddc92c6f8e8cf2d4d743b57922156cd9ae0abf37699a542a5279ef974ab2454c3586ff6911456010e3086

Download Submit
C:\Windows\system\RuJyURn.exe

Filesize
6.0MB

MD5
24c26354468c1471dcc8545b38f61edb

SHA1
12ec221563192a41d2716d6f70c2f671f288245d

SHA256
749ca84a6b32db80144dc346a4404252c612a7130d920f90751968f68de94e16

SHA512
c36d9446c90db5055f2ac10c4db2d0f740cafd2aa3e3417de491556b91574d64788034d1d284522b7ec23e326f023644ab8b6a558e269aa6fff63b932119747b

Download Submit
C:\Windows\system\WjJECWN.exe

Filesize
6.0MB

MD5
20808ae384c03af8c4863e1699f2eda9

SHA1
649813109094cabbb17bfd591470386f1db8c3f8

SHA256
a79f5faae6937251d09b5bb873877e5db6e2f54c82c1de169819767d4b509109

SHA512
fffdda0eefa6b8e38c11dfb25579d8f942aa9251d3f70fe32c1edab7c93b40f22baf4e863727b0dd4eeda20187bd6b0ea4355ee86d53aa88a858ed358606764f

Download Submit
C:\Windows\system\YyuiOQs.exe

Filesize
6.0MB

MD5
d759503efb7f1a7b9792f3f077a85958

SHA1
6d02fdf8c6435ccc039091f66b0e000569a20bb8

SHA256
0b2a13e7496de3849190c205522188ea1019bd299e56a021e8b7dcb66a192431

SHA512
c485a5fd16a6f35c3b7fdccb279f0930917b4e93d78deb8fd256bd3afca4bdbed64bf0e5e331f406d78ece70a39e30e6fd9f5e4e9e4845783defffdf9b96e664

Download Submit
C:\Windows\system\Zqwinso.exe

Filesize
6.0MB

MD5
ef6f68d2d72fbba055bb84130e687bd1

SHA1
a36a97b572ed8db530ceafc73fc73e117208da62

SHA256
5b60b310cf84edee862d4d782d0b5d0b879c0799e9d5162bac7dfa075e9482a6

SHA512
7c98f0b8f979e42209595c928de12410b65bffbfef6de9402b20598e9c8e8ae95e5602b132aa9aed26910ff03b9c8037d69e149ae9f3b7287f204328e679edf1

Download Submit
C:\Windows\system\bipNYUv.exe

Filesize
6.0MB

MD5
66510a9c7dfd4e0954eb1c12abe391a1

SHA1
4d185296c6c8548fe7a2f6f64752a274d6ceed4e

SHA256
0796d64cb79abf086baea6ac2298bfa24ee15d8ced4fde046a2835e7bb65c42f

SHA512
91c1545a3dd74039befbbf0d47be7405bd9e88f23ec52d47d3fb0a39966762c1a8848019f53fe981732ffc0442d280a818c3c11a528dcc2b32b7516f2d43f954

Download Submit
C:\Windows\system\ckQgaxz.exe

Filesize
6.0MB

MD5
993ce74cb31b8385759ee21af2d148b0

SHA1
f744e3710f6b0ce46dafa2d20933d1354cd0cb30

SHA256
f2b0a600814b225c0397b2668376c697ac317599812dcf385008b09da1541405

SHA512
a3b264bb72c81b6852e7814dbd8954519617b1fc9a8ce07e559cbe74332093309bd7785398c87a418f39a1787a205f1d44ab5eb409b4b824b8d1d78d002e13d3

Download Submit
C:\Windows\system\dDeHTTR.exe

Filesize
6.0MB

MD5
2c46a55adf2322323d96fb12dc6b10d9

SHA1
2571cb3e818d3e78ba712f6c8e48f221cbb121f3

SHA256
c415d87afe9d28d4627c6271fa5273d038d66f8447ffe4141a0f687e594f87bb

SHA512
9c188090b84a4105ea71cd95fb20fb8ea568e19ee57180b2d573dc5dd338c00cf15ceffb048abd5ba67f67f6e2e9a6fafe74d12bfd9c2cb1a7897edd6e0a3178

Download Submit
C:\Windows\system\fBYFEoo.exe

Filesize
6.0MB

MD5
7c6b8319adbb19cc5ee88f4fa91c3445

SHA1
dc54f55fd993efc0098ad0817023b6046241f7f0

SHA256
023073cb8d18bf2fb39c3c67bb335f07c33fbcfc276faa2f6f8bd1c03bfc97ed

SHA512
2bf2e949ecefefbf109b79fe988fd22b1039b93b01cd05666f87f3816b30ead1109cfc06920458760fddf24f33f897cb11e2383d852757db5344296fb441fa22

Download Submit
C:\Windows\system\fiVNinw.exe

Filesize
6.0MB

MD5
dfd87f6b828aae149654c5c948bd8c07

SHA1
d419229218b7304dfe796400d164c565d70c6fd7

SHA256
b9ddc6ef8a59fc91c1b4b2d2c9fecde80387a25ec344d1479afe6ca927f5d670

SHA512
72558b84001a7dbf1f5106ee7d7535b301c35c5d87162582c80bed62b5ec64b27df3ec1e6cb9e8e468f51fa5b3e7c7e2c05f4874c7214b48b86dfd3872463792

Download Submit
C:\Windows\system\gunCDUA.exe

Filesize
6.0MB

MD5
1f626c0778a0cbc27e0805b602e96047

SHA1
2efabbdfb580041eb77714955075b9a92c61ff5e

SHA256
61da1a8605f65ed0f2fcca49398ebcae6b8360cf1aafeb8ed7bdb61625c4f43d

SHA512
40e5963f8427a29f7e430e352722039dded5fdcd6e54d91b1fb58df53835b550df4c29fcfb8a8c3802ea73271efca7e3c1b979265418024c92baa2ab8d1a826d

Download Submit
C:\Windows\system\mgYxFDp.exe

Filesize
6.0MB

MD5
3e6c08b2a75f939725655576b7cc0fac

SHA1
2fc6adc4d2c4f421fa2603019c8318d8ffd90e59

SHA256
744f302e967e1ddf31bbe5716e2000a701c7fb83efd411b8c701c3554b888d49

SHA512
1c7af85c588ce10c9cb813ce8eac0ba62c508da82bde77f9036139da71004a14de498387f6eed81f57e68c7be2dc0258db8ee2ac8bcda45077029dcbd0308346

Download Submit
C:\Windows\system\oTakhbk.exe

Filesize
6.0MB

MD5
ddc1d80c50c646e83a47c1993b4d904e

SHA1
e2fe8eb81c4d6e6cbf80cf9b9596b8481750bf4d

SHA256
adfdca247e4be5e1de2094a60a6b97b1d4413b52ee9ae6c0e903aedadcfb0046

SHA512
449be0f560305c55d6ac0830f8161dee0f80ae6e4afbb0ffeb562d3bf3dc269d2d6ea22b0933e834f9be9ef174096afeba1535958b8600b79235c18e50d5f93e

Download Submit
C:\Windows\system\pnEoQRX.exe

Filesize
6.0MB

MD5
6e99a4107c714a1cc54447b9c97bbbcc

SHA1
348a049e236e6d161c2a74dc8a581390768d730b

SHA256
62b4abe46bc3fb504ba748c3971df8ae5cee533487f5f1cfad70a8dec9102776

SHA512
3dc0c20d5c92e596a660834a35fa98db56c8bd38b9ab69baa06a896f449cb251578fd8ff11ae6c5c3c020feca49c6c5ffaf7c6242d310c37eb7c4c7f91befb56

Download Submit
C:\Windows\system\rCBRvuG.exe

Filesize
6.0MB

MD5
e6d4667f4d86ded8cc8aeb6220034145

SHA1
24584e6c62f42b59e10b2370005f17e68f77cf8c

SHA256
89f454518991a902196e0480d1d89bf8bacd1ffc665cd5601a18d6748d9232df

SHA512
da17dd6a51079772d456f32c57e89769e9c716225457a60eaefe37c29037b16f4a24345c58e78ab079e05cb096887a4c2dc30f1d60c0bfe0e6bc646f01e92e7d

Download Submit
C:\Windows\system\rgkJbCX.exe

Filesize
6.0MB

MD5
3f6b1b04e46ffe7764b0e34325a357e2

SHA1
d1275fe8d25e6c2eb23202cb72014ea9536665d4

SHA256
fc66b3f3be1dc8bdab2a236e33d22c17a8acc62e8de370e65de64cf03e7789dd

SHA512
92d4f709bd0bd79021645bb807c194e8b6eaf36b7816180ff814c15b192646f72f7003f40f835a6df4531a44548b18f6583499bb60b87e8f4b990b79bd4059ab

Download Submit
C:\Windows\system\vCdzuCh.exe

Filesize
6.0MB

MD5
8c558ca72e7c5c3b2da175a2e6cbe4c8

SHA1
77a59ad3a0ef7e9287065804871bace7aa50d1f6

SHA256
dfb0b1ddd8cde053760136ab563bbb5b9b31390836faf28d67cd3ac2f94790c4

SHA512
2b4e203525de2ac308eb274b8bed0e84c10fcdcc9795f0a422540e25df61224211d647ec23491428cc5389d854bdaa571992d6a46ec8c56038c176d1fa9960cd

Download Submit
C:\Windows\system\zCdiZwm.exe

Filesize
6.0MB

MD5
472cb18989fd62757d3e258cfa24d35d

SHA1
d74106f13b2f7c9f14cecd668a7c4e4ac2905766

SHA256
329b81a8b1c1f71d43ca1f1d0d92c7ccac0b636c23370aec51e81419c5d5299f

SHA512
099723a0c53377e7b1758c22189cfed50aaf864dccc64f4ae05df1fe1444622903d2fb102b9f2f066537c0f35dc9c4732093dade3a77b0b329140333d1c9ef51

Download Submit
C:\Windows\system\zHQJEXR.exe

Filesize
6.0MB

MD5
f9b41649ea01cf7e8f49806dd1992657

SHA1
83badad2d872a8cf63b896f0a681501490915502

SHA256
e624a4a2c796a18f543c0ed23d0db11fb35d7fbf19484666aa8f8bf0a8bb257f

SHA512
dbfb94aeea9342eb75e376ebba74af436ed20e1014c0b34161a170e3ab34af8096551ec0745691297924a350d97836fd9481e3c813ce1ee1c46ce7c591428abf

Download Submit
\Windows\system\KNOKOXj.exe

Filesize
6.0MB

MD5
ca7fcc990b893fc41e31cb867024f0da

SHA1
b3f37fa5625b45b8f922ef276fcb994b7551aa38

SHA256
59412a4b1a10078c2ba1db31b82b5de0aee963f1d92660415d411464665e7832

SHA512
0eb84fa9475d977ab27a59a8bcd1b7a661b3657815a659c2a95890347cf611058a15e424c7887b1f7d3ef441176e699869a92fee895b27e2421330bae1fa6d98

Download Submit
\Windows\system\LReNjTQ.exe

Filesize
6.0MB

MD5
4af477d29699793e3ff16ac06a3b05a6

SHA1
85f821bfe861ec1111371f6246fab85d06f680f1

SHA256
a6fd686bc663a5712bc689da1045fa730932c78882546b496b4036e455ee4bc4

SHA512
cae68963e42b19d95bf17793ae324538e7cc7df938a3c8d01e477aaf9e3d503b4affd618f501a5bf9c78ce7f562bf9db8bfee690b2426726a11d327e6347ac8c

Download Submit
\Windows\system\VQESWCf.exe

Filesize
6.0MB

MD5
378e01c092d1dc09f5a2a8b01634bbdf

SHA1
ef41a29a4c5c85e4871b1c54db1479db89605dea

SHA256
ad401068e00080f8e63dd3b3be74dad843786ff8cf71bc14e90ae122aa1b66a6

SHA512
df59798ce0eee61b5e972b2e2519863e6103a92b31606671dba99e13a8815bf9a7b9f866b5151dd04676ac243012bc60c1d533161f3c4823be2226ed25919948

Download Submit
\Windows\system\adiYfBj.exe

Filesize
6.0MB

MD5
e4a3e9e6fd32e6035721a58a9f56c426

SHA1
778a69a838c448da4a8b8220fdb695cc197dede2

SHA256
a400437cee1f41f509535a0db1beb9487fb4b045e96f404805db99fd78582ebb

SHA512
7957d644d39ecf908d9da4b0e5826c990d54233ba658a090883fc236808950f3b1b177af14c9bcdca4b827252cc21f06ee29327a6c210bcd8aaa6d632b340c04

Download Submit
\Windows\system\dDYbtHY.exe

Filesize
6.0MB

MD5
bd8df86d327497a8f83f246767c4fbd7

SHA1
69601a0923b462e97e9d5d0f525b6bf225210c33

SHA256
6a8cb190409b6c98607d3ebcd41e269b27690d131774dae62a38d3d621fc0e3a

SHA512
a85c6233a370afe459327b3ec587f3332413cc61ff961ebbf5ec659772977f38c889342b6f290054ffcac03c291c45d1a881c5b9efad4af8234b3da6aeb6c940

Download Submit
\Windows\system\eeVZzkY.exe

Filesize
6.0MB

MD5
b1a149cdca0a519aa61788d50408c09a

SHA1
d9b99e9bbc2ae639ccd214408e4f71f80c05928d

SHA256
eb3b136e24107d12b49dece298962d0bd3f21af1280bdd37addec7d71dcc7019

SHA512
12589ef39725efa305748ef4ca413aeab569ace5ff0ff149e87e2c0ce4b023c561788db15960e28b59c65840f641a4950ba3db540edba788e70efb7e901cb69e

Download Submit
\Windows\system\jCSpAAE.exe

Filesize
6.0MB

MD5
6bc864e17dd141aaf86ec071c5022f65

SHA1
f02862f73cf3e0569f9fce912ee28f7f219a3a71

SHA256
5c01a1d0a4f4f8c41628ddd5299c028561fa91ef6810220850d29c9348be8681

SHA512
ee69ad90d42666b694ed932f551e2e64c067d8641b0892023ab74155c7e1d7489e013f6a82d211ab5be1a478a6f4a310ebc9da6744ef4d4b4c1f980f15f7117f

Download Submit
memory/568-49-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/568-3654-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/568-22-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/844-4110-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/844-627-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/844-104-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1260-3652-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1260-16-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1640-4112-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1640-80-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1640-522-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-3641-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1644-15-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/1644-44-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2384-6-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2384-311-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2384-90-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-10-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/2384-0-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2384-763-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2384-694-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2384-69-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2384-71-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2384-453-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-78-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-112-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2384-111-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2384-36-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2384-107-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2384-109-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2384-41-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2384-25-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2384-38-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3854-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2640-250-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2640-64-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4111-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2648-113-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3868-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-58-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-42-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-3867-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-67-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3647-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2744-56-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3668-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-40-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-3656-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2884-74-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2884-47-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/3000-3859-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/3000-386-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/3000-72-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download