cobaltstrike | d165f2e1b0fa0e8a87c0cf9993a33a530ec4933edef35769d9dbc8b4f86e33d1

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 04:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ae669f8bbaf12e259549134e7a29f230
SHA1

f04a57aa697aeb062d0f6a623baf289c578b2147
SHA256

d165f2e1b0fa0e8a87c0cf9993a33a530ec4933edef35769d9dbc8b4f86e33d1
SHA512

d815b9821dd5feb40252aa13ae291c35cf6d33ede451a24faf1a7960dc9762fb2a829753a1161e69f5c2547b62921499e9b140867acd05ccb2eb5a801e869b8d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUk:T+q56utgpPF8u/7k

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120f9-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d71-13.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016e1d-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017342-27.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f71-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a05a-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a033-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a020-180.dat	cobalt_reflective_dll
behavioral1/files/0x0032000000016d04-170.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d69-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-139.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-89.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-81.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-78.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-64.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f57-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5c-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cd5-128.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-95.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191d1-52.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173a3-47.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001739f-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017355-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1900-0-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x00080000000120f9-6.dat	xmrig
behavioral1/memory/2656-12-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2760-16-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d71-13.dat	xmrig
behavioral1/files/0x0008000000016e1d-11.dat	xmrig
behavioral1/memory/2676-23-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x0008000000017342-27.dat	xmrig
behavioral1/memory/2432-29-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/1900-36-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2840-37-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2664-48-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2616-72-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f71-175.dat	xmrig
behavioral1/files/0x000500000001a05a-190.dat	xmrig
behavioral1/memory/2664-766-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2972-903-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2536-3913-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2072-3914-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2656-3915-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2724-3916-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2972-3917-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/1592-3918-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2760-3921-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2432-3920-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2616-3919-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2664-3912-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2536-969-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2616-901-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2724-528-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2432-202-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a033-185.dat	xmrig
behavioral1/files/0x000500000001a020-180.dat	xmrig
behavioral1/files/0x0032000000016d04-170.dat	xmrig
behavioral1/files/0x0005000000019bf0-155.dat	xmrig
behavioral1/files/0x0005000000019931-153.dat	xmrig
behavioral1/files/0x0005000000019d69-149.dat	xmrig
behavioral1/files/0x00050000000195ce-139.dat	xmrig
behavioral1/files/0x00050000000195ca-137.dat	xmrig
behavioral1/files/0x0005000000019cfc-131.dat	xmrig
behavioral1/memory/1900-123-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2072-122-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf2-120.dat	xmrig
behavioral1/files/0x0005000000019c0b-116.dat	xmrig
behavioral1/files/0x0005000000019bec-110.dat	xmrig
behavioral1/files/0x0005000000019665-89.dat	xmrig
behavioral1/files/0x00050000000195d0-81.dat	xmrig
behavioral1/files/0x00050000000195cc-80.dat	xmrig
behavioral1/files/0x00050000000195e0-78.dat	xmrig
behavioral1/files/0x00050000000195c8-64.dat	xmrig
behavioral1/files/0x0005000000019f57-159.dat	xmrig
behavioral1/files/0x0005000000019d5c-143.dat	xmrig
behavioral1/files/0x0005000000019cd5-128.dat	xmrig
behavioral1/memory/2536-106-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/1900-98-0x0000000002420000-0x0000000002774000-memory.dmp	xmrig
behavioral1/memory/1592-97-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x00050000000196a0-96.dat	xmrig
behavioral1/files/0x0005000000019624-95.dat	xmrig
behavioral1/memory/2972-88-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x00070000000191d1-52.dat	xmrig
behavioral1/memory/1900-77-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2676-59-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x00070000000173a3-47.dat	xmrig
behavioral1/memory/2724-43-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2656	FVnDKnk.exe
2760	cxqQJfP.exe
2676	ADMfYVh.exe
2432	VJCpUMN.exe
2840	VszyjxB.exe
2724	lxUbhMD.exe
2664	YseVkxL.exe
2616	hJnUJSf.exe
2072	oxxuIZm.exe
2972	PBmzbsZ.exe
1592	CjZLdoO.exe
2536	zpLoRzO.exe
1088	apRIwyQ.exe
2496	pNWdkJy.exe
2936	NtErLyP.exe
1208	BcJctco.exe
2344	xgyNzlp.exe
2952	xZAfCVd.exe
2148	PDEzhFl.exe
1308	LqcmtLo.exe
3020	MbqzJmM.exe
1488	mNNmMKl.exe
2868	RuCLOLz.exe
2296	UqGUHme.exe
2460	JJhGjPa.exe
2008	IHLytzf.exe
2120	KpoiKJJ.exe
1748	DFNervV.exe
1628	OehhGME.exe
2428	lWydRAf.exe
2448	gmDUfiD.exe
1552	Hlgxxdh.exe
2292	FGLSrGz.exe
2000	iNLShVH.exe
1468	BTWMFzg.exe
780	OHoRQpP.exe
1940	ZHaAJwj.exe
1984	YsYJtNK.exe
2256	mPzMotx.exe
288	WRcTheP.exe
1676	hddSLxK.exe
1316	OZJzJQF.exe
2088	OhTNsHe.exe
2080	jSyFymN.exe
1072	FHJWdQJ.exe
1496	LqvHDSk.exe
1500	otCSZGH.exe
1008	HkCRKgj.exe
1780	zCJcfxa.exe
888	Isubxsv.exe
2060	iVVdXcx.exe
1352	hoAolHp.exe
1720	HEmthqH.exe
2752	IoqWMhS.exe
2700	yHlNuKA.exe
2988	ASDEtWa.exe
2928	Aqarhoa.exe
2596	BJALPoO.exe
2788	gSNJHgo.exe
1932	sdwjSoZ.exe
2376	TtRlCcb.exe
1324	lVdEdPv.exe
2112	UehxqRz.exe
2056	hyurRXV.exe

Loads dropped DLL 64 IoCs

pid	Process
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1900-0-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x00080000000120f9-6.dat	upx
behavioral1/memory/2656-12-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2760-16-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x0008000000016d71-13.dat	upx
behavioral1/files/0x0008000000016e1d-11.dat	upx
behavioral1/memory/2676-23-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/files/0x0008000000017342-27.dat	upx
behavioral1/memory/2432-29-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/1900-36-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2840-37-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2664-48-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2616-72-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x0005000000019f71-175.dat	upx
behavioral1/files/0x000500000001a05a-190.dat	upx
behavioral1/memory/2664-766-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2972-903-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2536-3913-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2072-3914-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2656-3915-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2724-3916-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2972-3917-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/1592-3918-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2760-3921-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2432-3920-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2616-3919-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2664-3912-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2536-969-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2616-901-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2724-528-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2432-202-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x000500000001a033-185.dat	upx
behavioral1/files/0x000500000001a020-180.dat	upx
behavioral1/files/0x0032000000016d04-170.dat	upx
behavioral1/files/0x0005000000019bf0-155.dat	upx
behavioral1/files/0x0005000000019931-153.dat	upx
behavioral1/files/0x0005000000019d69-149.dat	upx
behavioral1/files/0x00050000000195ce-139.dat	upx
behavioral1/files/0x00050000000195ca-137.dat	upx
behavioral1/files/0x0005000000019cfc-131.dat	upx
behavioral1/memory/2072-122-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x0005000000019bf2-120.dat	upx
behavioral1/files/0x0005000000019c0b-116.dat	upx
behavioral1/files/0x0005000000019bec-110.dat	upx
behavioral1/files/0x0005000000019665-89.dat	upx
behavioral1/files/0x00050000000195d0-81.dat	upx
behavioral1/files/0x00050000000195cc-80.dat	upx
behavioral1/files/0x00050000000195e0-78.dat	upx
behavioral1/files/0x00050000000195c8-64.dat	upx
behavioral1/files/0x0005000000019f57-159.dat	upx
behavioral1/files/0x0005000000019d5c-143.dat	upx
behavioral1/files/0x0005000000019cd5-128.dat	upx
behavioral1/memory/2536-106-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/1592-97-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x00050000000196a0-96.dat	upx
behavioral1/files/0x0005000000019624-95.dat	upx
behavioral1/memory/2972-88-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x00070000000191d1-52.dat	upx
behavioral1/memory/2676-59-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/files/0x00070000000173a3-47.dat	upx
behavioral1/memory/2724-43-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x000700000001739f-40.dat	upx
behavioral1/files/0x0007000000017355-33.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\eHyXYBG.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OehhGME.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Isubxsv.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aTVaSEp.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FiwPIaO.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MmtcZGn.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztxXCvs.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ruqiaIn.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yyXrXBG.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\maWxcHn.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAoVutU.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XpUTGhf.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tAGgVYS.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aaFpPLc.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hVXKUaq.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uuGyoVl.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZutWMXf.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MCVdJli.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\auYPUlp.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phTKqGC.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkMxbMD.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SBLHwlv.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tYyWjnH.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SFVqitx.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FBISrXB.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DnAkURY.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JjboWpg.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AIeuHTc.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vneitHA.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\izbinSN.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxqQJfP.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CbdXrAd.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gxqffsB.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvbCYXq.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HhbBzGg.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oRBbahL.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybZQbZA.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tuVGYjO.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pqPjouk.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTNnnlP.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SdOMKWa.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jhApBWA.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADMfYVh.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PiZJiGy.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vKyeDKA.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQhDuox.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WsPdfdD.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OnAOtzg.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hoAolHp.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rjVZLpd.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gmEHYAc.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZwaXjfx.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfnGlsL.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHaAJwj.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bfnwllf.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SOPCUBC.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfOxKjl.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oGoPXMK.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuNeoCN.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHmHvBD.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DHZbujB.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\skvAlZK.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PMQVAOg.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PScJyoV.exe	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2656	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1900 wrote to memory of 2656	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1900 wrote to memory of 2656	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1900 wrote to memory of 2760	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1900 wrote to memory of 2760	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1900 wrote to memory of 2760	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1900 wrote to memory of 2676	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1900 wrote to memory of 2676	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1900 wrote to memory of 2676	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1900 wrote to memory of 2432	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1900 wrote to memory of 2432	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1900 wrote to memory of 2432	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1900 wrote to memory of 2840	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1900 wrote to memory of 2840	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1900 wrote to memory of 2840	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1900 wrote to memory of 2724	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1900 wrote to memory of 2724	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1900 wrote to memory of 2724	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1900 wrote to memory of 2664	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1900 wrote to memory of 2664	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1900 wrote to memory of 2664	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1900 wrote to memory of 2616	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1900 wrote to memory of 2616	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1900 wrote to memory of 2616	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1900 wrote to memory of 2072	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1900 wrote to memory of 2072	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1900 wrote to memory of 2072	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1900 wrote to memory of 2344	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1900 wrote to memory of 2344	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1900 wrote to memory of 2344	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1900 wrote to memory of 2972	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1900 wrote to memory of 2972	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1900 wrote to memory of 2972	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1900 wrote to memory of 2952	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1900 wrote to memory of 2952	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1900 wrote to memory of 2952	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1900 wrote to memory of 1592	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1900 wrote to memory of 1592	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1900 wrote to memory of 1592	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1900 wrote to memory of 1308	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1900 wrote to memory of 1308	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1900 wrote to memory of 1308	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1900 wrote to memory of 2536	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1900 wrote to memory of 2536	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1900 wrote to memory of 2536	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1900 wrote to memory of 3020	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1900 wrote to memory of 3020	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1900 wrote to memory of 3020	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1900 wrote to memory of 1088	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1900 wrote to memory of 1088	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1900 wrote to memory of 1088	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1900 wrote to memory of 1488	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1900 wrote to memory of 1488	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1900 wrote to memory of 1488	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1900 wrote to memory of 2496	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1900 wrote to memory of 2496	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1900 wrote to memory of 2496	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1900 wrote to memory of 2868	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1900 wrote to memory of 2868	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1900 wrote to memory of 2868	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1900 wrote to memory of 2936	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1900 wrote to memory of 2936	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1900 wrote to memory of 2936	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1900 wrote to memory of 2460	1900	2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_ae669f8bbaf12e259549134e7a29f230_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Windows\System\FVnDKnk.exe
  C:\Windows\System\FVnDKnk.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\cxqQJfP.exe
  C:\Windows\System\cxqQJfP.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\ADMfYVh.exe
  C:\Windows\System\ADMfYVh.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\VJCpUMN.exe
  C:\Windows\System\VJCpUMN.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\VszyjxB.exe
  C:\Windows\System\VszyjxB.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\lxUbhMD.exe
  C:\Windows\System\lxUbhMD.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\YseVkxL.exe
  C:\Windows\System\YseVkxL.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\hJnUJSf.exe
  C:\Windows\System\hJnUJSf.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\oxxuIZm.exe
  C:\Windows\System\oxxuIZm.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\xgyNzlp.exe
  C:\Windows\System\xgyNzlp.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\PBmzbsZ.exe
  C:\Windows\System\PBmzbsZ.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\xZAfCVd.exe
  C:\Windows\System\xZAfCVd.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\CjZLdoO.exe
  C:\Windows\System\CjZLdoO.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\LqcmtLo.exe
  C:\Windows\System\LqcmtLo.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\zpLoRzO.exe
  C:\Windows\System\zpLoRzO.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\MbqzJmM.exe
  C:\Windows\System\MbqzJmM.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\apRIwyQ.exe
  C:\Windows\System\apRIwyQ.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\mNNmMKl.exe
  C:\Windows\System\mNNmMKl.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\pNWdkJy.exe
  C:\Windows\System\pNWdkJy.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\RuCLOLz.exe
  C:\Windows\System\RuCLOLz.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\NtErLyP.exe
  C:\Windows\System\NtErLyP.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\JJhGjPa.exe
  C:\Windows\System\JJhGjPa.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\BcJctco.exe
  C:\Windows\System\BcJctco.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\IHLytzf.exe
  C:\Windows\System\IHLytzf.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\PDEzhFl.exe
  C:\Windows\System\PDEzhFl.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\KpoiKJJ.exe
  C:\Windows\System\KpoiKJJ.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\UqGUHme.exe
  C:\Windows\System\UqGUHme.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\DFNervV.exe
  C:\Windows\System\DFNervV.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\OehhGME.exe
  C:\Windows\System\OehhGME.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\lWydRAf.exe
  C:\Windows\System\lWydRAf.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\gmDUfiD.exe
  C:\Windows\System\gmDUfiD.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\Hlgxxdh.exe
  C:\Windows\System\Hlgxxdh.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\FGLSrGz.exe
  C:\Windows\System\FGLSrGz.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\iNLShVH.exe
  C:\Windows\System\iNLShVH.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\BTWMFzg.exe
  C:\Windows\System\BTWMFzg.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\OHoRQpP.exe
  C:\Windows\System\OHoRQpP.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\ZHaAJwj.exe
  C:\Windows\System\ZHaAJwj.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\YsYJtNK.exe
  C:\Windows\System\YsYJtNK.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\mPzMotx.exe
  C:\Windows\System\mPzMotx.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\WRcTheP.exe
  C:\Windows\System\WRcTheP.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\hddSLxK.exe
  C:\Windows\System\hddSLxK.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\OZJzJQF.exe
  C:\Windows\System\OZJzJQF.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\OhTNsHe.exe
  C:\Windows\System\OhTNsHe.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\jSyFymN.exe
  C:\Windows\System\jSyFymN.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\FHJWdQJ.exe
  C:\Windows\System\FHJWdQJ.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\LqvHDSk.exe
  C:\Windows\System\LqvHDSk.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\otCSZGH.exe
  C:\Windows\System\otCSZGH.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\HkCRKgj.exe
  C:\Windows\System\HkCRKgj.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\zCJcfxa.exe
  C:\Windows\System\zCJcfxa.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\Isubxsv.exe
  C:\Windows\System\Isubxsv.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\iVVdXcx.exe
  C:\Windows\System\iVVdXcx.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\hoAolHp.exe
  C:\Windows\System\hoAolHp.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\HEmthqH.exe
  C:\Windows\System\HEmthqH.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\yHlNuKA.exe
  C:\Windows\System\yHlNuKA.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\IoqWMhS.exe
  C:\Windows\System\IoqWMhS.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\ASDEtWa.exe
  C:\Windows\System\ASDEtWa.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\Aqarhoa.exe
  C:\Windows\System\Aqarhoa.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\BJALPoO.exe
  C:\Windows\System\BJALPoO.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\gSNJHgo.exe
  C:\Windows\System\gSNJHgo.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\lVdEdPv.exe
  C:\Windows\System\lVdEdPv.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\sdwjSoZ.exe
  C:\Windows\System\sdwjSoZ.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\UehxqRz.exe
  C:\Windows\System\UehxqRz.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\TtRlCcb.exe
  C:\Windows\System\TtRlCcb.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\hyurRXV.exe
  C:\Windows\System\hyurRXV.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\hCAXyEV.exe
  C:\Windows\System\hCAXyEV.exe
  2⤵
  PID:2944
- C:\Windows\System\AkQCkWg.exe
  C:\Windows\System\AkQCkWg.exe
  2⤵
  PID:2412
- C:\Windows\System\hGInlNZ.exe
  C:\Windows\System\hGInlNZ.exe
  2⤵
  PID:2896
- C:\Windows\System\pDTGykI.exe
  C:\Windows\System\pDTGykI.exe
  2⤵
  PID:2916
- C:\Windows\System\mHAqnGO.exe
  C:\Windows\System\mHAqnGO.exe
  2⤵
  PID:2356
- C:\Windows\System\cOVqMst.exe
  C:\Windows\System\cOVqMst.exe
  2⤵
  PID:2100
- C:\Windows\System\PHnUejd.exe
  C:\Windows\System\PHnUejd.exe
  2⤵
  PID:1348
- C:\Windows\System\YStKUjq.exe
  C:\Windows\System\YStKUjq.exe
  2⤵
  PID:1716
- C:\Windows\System\BlfISpy.exe
  C:\Windows\System\BlfISpy.exe
  2⤵
  PID:2020
- C:\Windows\System\XCQMxIV.exe
  C:\Windows\System\XCQMxIV.exe
  2⤵
  PID:1304
- C:\Windows\System\WnXdysc.exe
  C:\Windows\System\WnXdysc.exe
  2⤵
  PID:1564
- C:\Windows\System\FkxHVBE.exe
  C:\Windows\System\FkxHVBE.exe
  2⤵
  PID:1996
- C:\Windows\System\vyMQrkh.exe
  C:\Windows\System\vyMQrkh.exe
  2⤵
  PID:2028
- C:\Windows\System\RFsiNZl.exe
  C:\Windows\System\RFsiNZl.exe
  2⤵
  PID:1888
- C:\Windows\System\XBTfyGt.exe
  C:\Windows\System\XBTfyGt.exe
  2⤵
  PID:836
- C:\Windows\System\uGuWZmM.exe
  C:\Windows\System\uGuWZmM.exe
  2⤵
  PID:3000
- C:\Windows\System\zukbMsE.exe
  C:\Windows\System\zukbMsE.exe
  2⤵
  PID:1728
- C:\Windows\System\rUrciys.exe
  C:\Windows\System\rUrciys.exe
  2⤵
  PID:1000
- C:\Windows\System\wOZiuoY.exe
  C:\Windows\System\wOZiuoY.exe
  2⤵
  PID:1064
- C:\Windows\System\squcmNo.exe
  C:\Windows\System\squcmNo.exe
  2⤵
  PID:2168
- C:\Windows\System\NQZxdqi.exe
  C:\Windows\System\NQZxdqi.exe
  2⤵
  PID:2128
- C:\Windows\System\ahwYuLU.exe
  C:\Windows\System\ahwYuLU.exe
  2⤵
  PID:1188
- C:\Windows\System\OwFaTnD.exe
  C:\Windows\System\OwFaTnD.exe
  2⤵
  PID:2844
- C:\Windows\System\LoORWJe.exe
  C:\Windows\System\LoORWJe.exe
  2⤵
  PID:1632
- C:\Windows\System\enEYsCO.exe
  C:\Windows\System\enEYsCO.exe
  2⤵
  PID:2832
- C:\Windows\System\yrnVEFQ.exe
  C:\Windows\System\yrnVEFQ.exe
  2⤵
  PID:2604
- C:\Windows\System\QWkmqrx.exe
  C:\Windows\System\QWkmqrx.exe
  2⤵
  PID:2884
- C:\Windows\System\JIcWjYE.exe
  C:\Windows\System\JIcWjYE.exe
  2⤵
  PID:1708
- C:\Windows\System\kpBtmFq.exe
  C:\Windows\System\kpBtmFq.exe
  2⤵
  PID:2200
- C:\Windows\System\uIhhSHR.exe
  C:\Windows\System\uIhhSHR.exe
  2⤵
  PID:3068
- C:\Windows\System\GeZtsdW.exe
  C:\Windows\System\GeZtsdW.exe
  2⤵
  PID:2808
- C:\Windows\System\gKeOaUS.exe
  C:\Windows\System\gKeOaUS.exe
  2⤵
  PID:2236
- C:\Windows\System\ychaxlC.exe
  C:\Windows\System\ychaxlC.exe
  2⤵
  PID:3032
- C:\Windows\System\tysJQPH.exe
  C:\Windows\System\tysJQPH.exe
  2⤵
  PID:1968
- C:\Windows\System\NbCkZOc.exe
  C:\Windows\System\NbCkZOc.exe
  2⤵
  PID:764
- C:\Windows\System\feaQnfk.exe
  C:\Windows\System\feaQnfk.exe
  2⤵
  PID:1636
- C:\Windows\System\eyAaKaZ.exe
  C:\Windows\System\eyAaKaZ.exe
  2⤵
  PID:2492
- C:\Windows\System\oKnEiTX.exe
  C:\Windows\System\oKnEiTX.exe
  2⤵
  PID:3024
- C:\Windows\System\vNAYBDb.exe
  C:\Windows\System\vNAYBDb.exe
  2⤵
  PID:1736
- C:\Windows\System\PbQSKKh.exe
  C:\Windows\System\PbQSKKh.exe
  2⤵
  PID:2660
- C:\Windows\System\VUOJOxD.exe
  C:\Windows\System\VUOJOxD.exe
  2⤵
  PID:2756
- C:\Windows\System\dbLoUof.exe
  C:\Windows\System\dbLoUof.exe
  2⤵
  PID:1616
- C:\Windows\System\QwIFdgz.exe
  C:\Windows\System\QwIFdgz.exe
  2⤵
  PID:2164
- C:\Windows\System\ivmydOc.exe
  C:\Windows\System\ivmydOc.exe
  2⤵
  PID:2592
- C:\Windows\System\oATQfMb.exe
  C:\Windows\System\oATQfMb.exe
  2⤵
  PID:2096
- C:\Windows\System\NXjwLce.exe
  C:\Windows\System\NXjwLce.exe
  2⤵
  PID:2092
- C:\Windows\System\WCHTwXd.exe
  C:\Windows\System\WCHTwXd.exe
  2⤵
  PID:844
- C:\Windows\System\NPGKmhI.exe
  C:\Windows\System\NPGKmhI.exe
  2⤵
  PID:1464
- C:\Windows\System\aTVaSEp.exe
  C:\Windows\System\aTVaSEp.exe
  2⤵
  PID:1816
- C:\Windows\System\vdDFeXu.exe
  C:\Windows\System\vdDFeXu.exe
  2⤵
  PID:3080
- C:\Windows\System\nvyynRi.exe
  C:\Windows\System\nvyynRi.exe
  2⤵
  PID:3100
- C:\Windows\System\RNmYjTA.exe
  C:\Windows\System\RNmYjTA.exe
  2⤵
  PID:3124
- C:\Windows\System\HvjFgbz.exe
  C:\Windows\System\HvjFgbz.exe
  2⤵
  PID:3148
- C:\Windows\System\wIpGPZN.exe
  C:\Windows\System\wIpGPZN.exe
  2⤵
  PID:3172
- C:\Windows\System\AHmZGoV.exe
  C:\Windows\System\AHmZGoV.exe
  2⤵
  PID:3188
- C:\Windows\System\FkYjRPr.exe
  C:\Windows\System\FkYjRPr.exe
  2⤵
  PID:3204
- C:\Windows\System\HdWigFh.exe
  C:\Windows\System\HdWigFh.exe
  2⤵
  PID:3224
- C:\Windows\System\FQYwKRL.exe
  C:\Windows\System\FQYwKRL.exe
  2⤵
  PID:3240
- C:\Windows\System\LyDNPbQ.exe
  C:\Windows\System\LyDNPbQ.exe
  2⤵
  PID:3264
- C:\Windows\System\vSwqZRL.exe
  C:\Windows\System\vSwqZRL.exe
  2⤵
  PID:3284
- C:\Windows\System\MmmYmQa.exe
  C:\Windows\System\MmmYmQa.exe
  2⤵
  PID:3312
- C:\Windows\System\oQoOrkx.exe
  C:\Windows\System\oQoOrkx.exe
  2⤵
  PID:3332
- C:\Windows\System\ylJylFJ.exe
  C:\Windows\System\ylJylFJ.exe
  2⤵
  PID:3348
- C:\Windows\System\qYFufMc.exe
  C:\Windows\System\qYFufMc.exe
  2⤵
  PID:3364
- C:\Windows\System\cFoCTlK.exe
  C:\Windows\System\cFoCTlK.exe
  2⤵
  PID:3384
- C:\Windows\System\VrbmtHM.exe
  C:\Windows\System\VrbmtHM.exe
  2⤵
  PID:3404
- C:\Windows\System\noWPEGp.exe
  C:\Windows\System\noWPEGp.exe
  2⤵
  PID:3428
- C:\Windows\System\GfqtMcE.exe
  C:\Windows\System\GfqtMcE.exe
  2⤵
  PID:3452
- C:\Windows\System\XvKzOBW.exe
  C:\Windows\System\XvKzOBW.exe
  2⤵
  PID:3468
- C:\Windows\System\pYhDzcc.exe
  C:\Windows\System\pYhDzcc.exe
  2⤵
  PID:3484
- C:\Windows\System\DdoVTFb.exe
  C:\Windows\System\DdoVTFb.exe
  2⤵
  PID:3500
- C:\Windows\System\TuNeoCN.exe
  C:\Windows\System\TuNeoCN.exe
  2⤵
  PID:3516
- C:\Windows\System\YqMRNZk.exe
  C:\Windows\System\YqMRNZk.exe
  2⤵
  PID:3544
- C:\Windows\System\SgPUigv.exe
  C:\Windows\System\SgPUigv.exe
  2⤵
  PID:3564
- C:\Windows\System\FiwPIaO.exe
  C:\Windows\System\FiwPIaO.exe
  2⤵
  PID:3584
- C:\Windows\System\PYIKQdj.exe
  C:\Windows\System\PYIKQdj.exe
  2⤵
  PID:3608
- C:\Windows\System\sJNNnWv.exe
  C:\Windows\System\sJNNnWv.exe
  2⤵
  PID:3628
- C:\Windows\System\GowtVff.exe
  C:\Windows\System\GowtVff.exe
  2⤵
  PID:3648
- C:\Windows\System\OfiwoRq.exe
  C:\Windows\System\OfiwoRq.exe
  2⤵
  PID:3668
- C:\Windows\System\ZQOtCEn.exe
  C:\Windows\System\ZQOtCEn.exe
  2⤵
  PID:3688
- C:\Windows\System\YUZIllK.exe
  C:\Windows\System\YUZIllK.exe
  2⤵
  PID:3708
- C:\Windows\System\oGXuWgv.exe
  C:\Windows\System\oGXuWgv.exe
  2⤵
  PID:3732
- C:\Windows\System\PqlbZEo.exe
  C:\Windows\System\PqlbZEo.exe
  2⤵
  PID:3748
- C:\Windows\System\xQVklLe.exe
  C:\Windows\System\xQVklLe.exe
  2⤵
  PID:3772
- C:\Windows\System\lGSkVdU.exe
  C:\Windows\System\lGSkVdU.exe
  2⤵
  PID:3792
- C:\Windows\System\AblohnD.exe
  C:\Windows\System\AblohnD.exe
  2⤵
  PID:3812
- C:\Windows\System\pysvOuf.exe
  C:\Windows\System\pysvOuf.exe
  2⤵
  PID:3832
- C:\Windows\System\aIJPqkn.exe
  C:\Windows\System\aIJPqkn.exe
  2⤵
  PID:3848
- C:\Windows\System\IVgdbOd.exe
  C:\Windows\System\IVgdbOd.exe
  2⤵
  PID:3868
- C:\Windows\System\xuEZAbz.exe
  C:\Windows\System\xuEZAbz.exe
  2⤵
  PID:3884
- C:\Windows\System\vJLMbPz.exe
  C:\Windows\System\vJLMbPz.exe
  2⤵
  PID:3908
- C:\Windows\System\uMKoABV.exe
  C:\Windows\System\uMKoABV.exe
  2⤵
  PID:3928
- C:\Windows\System\tolGxwG.exe
  C:\Windows\System\tolGxwG.exe
  2⤵
  PID:3956
- C:\Windows\System\hNLniSI.exe
  C:\Windows\System\hNLniSI.exe
  2⤵
  PID:3976
- C:\Windows\System\HfWQdTr.exe
  C:\Windows\System\HfWQdTr.exe
  2⤵
  PID:3992
- C:\Windows\System\WzGDVhj.exe
  C:\Windows\System\WzGDVhj.exe
  2⤵
  PID:4012
- C:\Windows\System\SgfAUMm.exe
  C:\Windows\System\SgfAUMm.exe
  2⤵
  PID:4028
- C:\Windows\System\geGlwPP.exe
  C:\Windows\System\geGlwPP.exe
  2⤵
  PID:4048
- C:\Windows\System\YvudfKX.exe
  C:\Windows\System\YvudfKX.exe
  2⤵
  PID:4068
- C:\Windows\System\uvnnTIj.exe
  C:\Windows\System\uvnnTIj.exe
  2⤵
  PID:4088
- C:\Windows\System\PaCxmif.exe
  C:\Windows\System\PaCxmif.exe
  2⤵
  PID:2556
- C:\Windows\System\CJIMPVN.exe
  C:\Windows\System\CJIMPVN.exe
  2⤵
  PID:2400
- C:\Windows\System\qGACLhW.exe
  C:\Windows\System\qGACLhW.exe
  2⤵
  PID:276
- C:\Windows\System\YduSaQb.exe
  C:\Windows\System\YduSaQb.exe
  2⤵
  PID:2964
- C:\Windows\System\TMiXAVV.exe
  C:\Windows\System\TMiXAVV.exe
  2⤵
  PID:2388
- C:\Windows\System\jADSWxv.exe
  C:\Windows\System\jADSWxv.exe
  2⤵
  PID:2984
- C:\Windows\System\rKqaTzm.exe
  C:\Windows\System\rKqaTzm.exe
  2⤵
  PID:3112
- C:\Windows\System\rSaCkuo.exe
  C:\Windows\System\rSaCkuo.exe
  2⤵
  PID:884
- C:\Windows\System\IAmVCBc.exe
  C:\Windows\System\IAmVCBc.exe
  2⤵
  PID:3096
- C:\Windows\System\YyyszmI.exe
  C:\Windows\System\YyyszmI.exe
  2⤵
  PID:3164
- C:\Windows\System\JkIscMk.exe
  C:\Windows\System\JkIscMk.exe
  2⤵
  PID:3236
- C:\Windows\System\wdfEYrx.exe
  C:\Windows\System\wdfEYrx.exe
  2⤵
  PID:3140
- C:\Windows\System\XmcvEfB.exe
  C:\Windows\System\XmcvEfB.exe
  2⤵
  PID:3180
- C:\Windows\System\CtVcFTc.exe
  C:\Windows\System\CtVcFTc.exe
  2⤵
  PID:3248
- C:\Windows\System\tFZYqQe.exe
  C:\Windows\System\tFZYqQe.exe
  2⤵
  PID:3296
- C:\Windows\System\cHbXRLV.exe
  C:\Windows\System\cHbXRLV.exe
  2⤵
  PID:3308
- C:\Windows\System\rZZuhyL.exe
  C:\Windows\System\rZZuhyL.exe
  2⤵
  PID:3444
- C:\Windows\System\HXcJIuf.exe
  C:\Windows\System\HXcJIuf.exe
  2⤵
  PID:3376
- C:\Windows\System\qQobBje.exe
  C:\Windows\System\qQobBje.exe
  2⤵
  PID:3420
- C:\Windows\System\mOuikZg.exe
  C:\Windows\System\mOuikZg.exe
  2⤵
  PID:3552
- C:\Windows\System\suFMYOQ.exe
  C:\Windows\System\suFMYOQ.exe
  2⤵
  PID:3464
- C:\Windows\System\AiCuTXw.exe
  C:\Windows\System\AiCuTXw.exe
  2⤵
  PID:3536
- C:\Windows\System\vxqudjc.exe
  C:\Windows\System\vxqudjc.exe
  2⤵
  PID:3596
- C:\Windows\System\GuetGFs.exe
  C:\Windows\System\GuetGFs.exe
  2⤵
  PID:3636
- C:\Windows\System\fulwIxW.exe
  C:\Windows\System\fulwIxW.exe
  2⤵
  PID:3620
- C:\Windows\System\CbKNYGh.exe
  C:\Windows\System\CbKNYGh.exe
  2⤵
  PID:3660
- C:\Windows\System\sjvJURB.exe
  C:\Windows\System\sjvJURB.exe
  2⤵
  PID:3728
- C:\Windows\System\MRymDFr.exe
  C:\Windows\System\MRymDFr.exe
  2⤵
  PID:3700
- C:\Windows\System\RlLPnyJ.exe
  C:\Windows\System\RlLPnyJ.exe
  2⤵
  PID:3740
- C:\Windows\System\WdUupCf.exe
  C:\Windows\System\WdUupCf.exe
  2⤵
  PID:3840
- C:\Windows\System\AmNEVib.exe
  C:\Windows\System\AmNEVib.exe
  2⤵
  PID:3916
- C:\Windows\System\KxxreYx.exe
  C:\Windows\System\KxxreYx.exe
  2⤵
  PID:3828
- C:\Windows\System\kGVIOVR.exe
  C:\Windows\System\kGVIOVR.exe
  2⤵
  PID:3896
- C:\Windows\System\UcMTqAQ.exe
  C:\Windows\System\UcMTqAQ.exe
  2⤵
  PID:4000
- C:\Windows\System\dwMwlzT.exe
  C:\Windows\System\dwMwlzT.exe
  2⤵
  PID:4040
- C:\Windows\System\yCpKHvu.exe
  C:\Windows\System\yCpKHvu.exe
  2⤵
  PID:3952
- C:\Windows\System\NBDYTgO.exe
  C:\Windows\System\NBDYTgO.exe
  2⤵
  PID:4076
- C:\Windows\System\JVDMASO.exe
  C:\Windows\System\JVDMASO.exe
  2⤵
  PID:4056
- C:\Windows\System\PUXKDKb.exe
  C:\Windows\System\PUXKDKb.exe
  2⤵
  PID:1700
- C:\Windows\System\LtXLbRj.exe
  C:\Windows\System\LtXLbRj.exe
  2⤵
  PID:1520
- C:\Windows\System\ubWsCGv.exe
  C:\Windows\System\ubWsCGv.exe
  2⤵
  PID:1892
- C:\Windows\System\xCqidhG.exe
  C:\Windows\System\xCqidhG.exe
  2⤵
  PID:3076
- C:\Windows\System\DKJjJHf.exe
  C:\Windows\System\DKJjJHf.exe
  2⤵
  PID:1560
- C:\Windows\System\bKQVlfi.exe
  C:\Windows\System\bKQVlfi.exe
  2⤵
  PID:3220
- C:\Windows\System\asmEFZF.exe
  C:\Windows\System\asmEFZF.exe
  2⤵
  PID:3108
- C:\Windows\System\RBshcHU.exe
  C:\Windows\System\RBshcHU.exe
  2⤵
  PID:3200
- C:\Windows\System\PGrmvxU.exe
  C:\Windows\System\PGrmvxU.exe
  2⤵
  PID:3344
- C:\Windows\System\RjLyOoZ.exe
  C:\Windows\System\RjLyOoZ.exe
  2⤵
  PID:3256
- C:\Windows\System\NkgYIkR.exe
  C:\Windows\System\NkgYIkR.exe
  2⤵
  PID:3292
- C:\Windows\System\pvmuUvc.exe
  C:\Windows\System\pvmuUvc.exe
  2⤵
  PID:3260
- C:\Windows\System\GBHWYwk.exe
  C:\Windows\System\GBHWYwk.exe
  2⤵
  PID:3580
- C:\Windows\System\eHmHvBD.exe
  C:\Windows\System\eHmHvBD.exe
  2⤵
  PID:3340
- C:\Windows\System\jcmgeDl.exe
  C:\Windows\System\jcmgeDl.exe
  2⤵
  PID:3696
- C:\Windows\System\VURpGGF.exe
  C:\Windows\System\VURpGGF.exe
  2⤵
  PID:3576
- C:\Windows\System\vIKHSEM.exe
  C:\Windows\System\vIKHSEM.exe
  2⤵
  PID:3720
- C:\Windows\System\MaEJMKX.exe
  C:\Windows\System\MaEJMKX.exe
  2⤵
  PID:3824
- C:\Windows\System\OqzTucm.exe
  C:\Windows\System\OqzTucm.exe
  2⤵
  PID:3968
- C:\Windows\System\ybZQbZA.exe
  C:\Windows\System\ybZQbZA.exe
  2⤵
  PID:4080
- C:\Windows\System\lOmvDqN.exe
  C:\Windows\System\lOmvDqN.exe
  2⤵
  PID:3892
- C:\Windows\System\YMYOOEn.exe
  C:\Windows\System\YMYOOEn.exe
  2⤵
  PID:3900
- C:\Windows\System\Eljwafz.exe
  C:\Windows\System\Eljwafz.exe
  2⤵
  PID:548
- C:\Windows\System\rjVZLpd.exe
  C:\Windows\System\rjVZLpd.exe
  2⤵
  PID:3984
- C:\Windows\System\YjIqvoC.exe
  C:\Windows\System\YjIqvoC.exe
  2⤵
  PID:3088
- C:\Windows\System\PhPoXai.exe
  C:\Windows\System\PhPoXai.exe
  2⤵
  PID:3396
- C:\Windows\System\koGpcHk.exe
  C:\Windows\System\koGpcHk.exe
  2⤵
  PID:2204
- C:\Windows\System\mWxMRur.exe
  C:\Windows\System\mWxMRur.exe
  2⤵
  PID:3116
- C:\Windows\System\kznHRWW.exe
  C:\Windows\System\kznHRWW.exe
  2⤵
  PID:3320
- C:\Windows\System\BrlfMQF.exe
  C:\Windows\System\BrlfMQF.exe
  2⤵
  PID:3416
- C:\Windows\System\khOkaEM.exe
  C:\Windows\System\khOkaEM.exe
  2⤵
  PID:3496
- C:\Windows\System\ClUJlvv.exe
  C:\Windows\System\ClUJlvv.exe
  2⤵
  PID:3572
- C:\Windows\System\WklLUDR.exe
  C:\Windows\System\WklLUDR.exe
  2⤵
  PID:2764
- C:\Windows\System\aiApsBZ.exe
  C:\Windows\System\aiApsBZ.exe
  2⤵
  PID:3556
- C:\Windows\System\DkCEbXV.exe
  C:\Windows\System\DkCEbXV.exe
  2⤵
  PID:3272
- C:\Windows\System\mqZfrvE.exe
  C:\Windows\System\mqZfrvE.exe
  2⤵
  PID:1912
- C:\Windows\System\kZEPTkE.exe
  C:\Windows\System\kZEPTkE.exe
  2⤵
  PID:1224
- C:\Windows\System\ePOqdjd.exe
  C:\Windows\System\ePOqdjd.exe
  2⤵
  PID:4104
- C:\Windows\System\bvLWvJi.exe
  C:\Windows\System\bvLWvJi.exe
  2⤵
  PID:4124
- C:\Windows\System\dVgriRN.exe
  C:\Windows\System\dVgriRN.exe
  2⤵
  PID:4140
- C:\Windows\System\CbdXrAd.exe
  C:\Windows\System\CbdXrAd.exe
  2⤵
  PID:4156
- C:\Windows\System\gXLhfyv.exe
  C:\Windows\System\gXLhfyv.exe
  2⤵
  PID:4172
- C:\Windows\System\vzcUdbZ.exe
  C:\Windows\System\vzcUdbZ.exe
  2⤵
  PID:4188
- C:\Windows\System\NrXfKgK.exe
  C:\Windows\System\NrXfKgK.exe
  2⤵
  PID:4216
- C:\Windows\System\miOYExj.exe
  C:\Windows\System\miOYExj.exe
  2⤵
  PID:4236
- C:\Windows\System\QnZpoVs.exe
  C:\Windows\System\QnZpoVs.exe
  2⤵
  PID:4256
- C:\Windows\System\ywPwHao.exe
  C:\Windows\System\ywPwHao.exe
  2⤵
  PID:4280
- C:\Windows\System\IcARSPT.exe
  C:\Windows\System\IcARSPT.exe
  2⤵
  PID:4316
- C:\Windows\System\bfnwllf.exe
  C:\Windows\System\bfnwllf.exe
  2⤵
  PID:4336
- C:\Windows\System\EWTIWWO.exe
  C:\Windows\System\EWTIWWO.exe
  2⤵
  PID:4356
- C:\Windows\System\eLaaLEx.exe
  C:\Windows\System\eLaaLEx.exe
  2⤵
  PID:4372
- C:\Windows\System\yYrHhdC.exe
  C:\Windows\System\yYrHhdC.exe
  2⤵
  PID:4388
- C:\Windows\System\ffNikFB.exe
  C:\Windows\System\ffNikFB.exe
  2⤵
  PID:4408
- C:\Windows\System\NdsKJtE.exe
  C:\Windows\System\NdsKJtE.exe
  2⤵
  PID:4424
- C:\Windows\System\LzBrQqw.exe
  C:\Windows\System\LzBrQqw.exe
  2⤵
  PID:4440
- C:\Windows\System\LnKmOfV.exe
  C:\Windows\System\LnKmOfV.exe
  2⤵
  PID:4456
- C:\Windows\System\WPWWsjp.exe
  C:\Windows\System\WPWWsjp.exe
  2⤵
  PID:4472
- C:\Windows\System\UQOLYbL.exe
  C:\Windows\System\UQOLYbL.exe
  2⤵
  PID:4488
- C:\Windows\System\RFtWdEv.exe
  C:\Windows\System\RFtWdEv.exe
  2⤵
  PID:4504
- C:\Windows\System\ZCGWegu.exe
  C:\Windows\System\ZCGWegu.exe
  2⤵
  PID:4520
- C:\Windows\System\qouTHMw.exe
  C:\Windows\System\qouTHMw.exe
  2⤵
  PID:4536
- C:\Windows\System\SBLHwlv.exe
  C:\Windows\System\SBLHwlv.exe
  2⤵
  PID:4552
- C:\Windows\System\cZiWabq.exe
  C:\Windows\System\cZiWabq.exe
  2⤵
  PID:4568
- C:\Windows\System\wBJRVBT.exe
  C:\Windows\System\wBJRVBT.exe
  2⤵
  PID:4584
- C:\Windows\System\qVuGRbE.exe
  C:\Windows\System\qVuGRbE.exe
  2⤵
  PID:4600
- C:\Windows\System\ZcFjSQd.exe
  C:\Windows\System\ZcFjSQd.exe
  2⤵
  PID:4616
- C:\Windows\System\zRxCqMH.exe
  C:\Windows\System\zRxCqMH.exe
  2⤵
  PID:4632
- C:\Windows\System\NBEOtum.exe
  C:\Windows\System\NBEOtum.exe
  2⤵
  PID:4648
- C:\Windows\System\ybyKexO.exe
  C:\Windows\System\ybyKexO.exe
  2⤵
  PID:4664
- C:\Windows\System\eXDqjET.exe
  C:\Windows\System\eXDqjET.exe
  2⤵
  PID:4680
- C:\Windows\System\CCOLWxp.exe
  C:\Windows\System\CCOLWxp.exe
  2⤵
  PID:4700
- C:\Windows\System\ezCpQYN.exe
  C:\Windows\System\ezCpQYN.exe
  2⤵
  PID:4716
- C:\Windows\System\DhphiRq.exe
  C:\Windows\System\DhphiRq.exe
  2⤵
  PID:4732
- C:\Windows\System\uDxUOlm.exe
  C:\Windows\System\uDxUOlm.exe
  2⤵
  PID:4764
- C:\Windows\System\xGAAIyd.exe
  C:\Windows\System\xGAAIyd.exe
  2⤵
  PID:4876
- C:\Windows\System\QcaQYqh.exe
  C:\Windows\System\QcaQYqh.exe
  2⤵
  PID:4900
- C:\Windows\System\JKckrWP.exe
  C:\Windows\System\JKckrWP.exe
  2⤵
  PID:4916
- C:\Windows\System\ZfEXvoH.exe
  C:\Windows\System\ZfEXvoH.exe
  2⤵
  PID:4936
- C:\Windows\System\JNUBCzu.exe
  C:\Windows\System\JNUBCzu.exe
  2⤵
  PID:4952
- C:\Windows\System\tBMavLO.exe
  C:\Windows\System\tBMavLO.exe
  2⤵
  PID:4976
- C:\Windows\System\XvDvPPQ.exe
  C:\Windows\System\XvDvPPQ.exe
  2⤵
  PID:4992
- C:\Windows\System\lKIFgWO.exe
  C:\Windows\System\lKIFgWO.exe
  2⤵
  PID:5016
- C:\Windows\System\kcyBVmp.exe
  C:\Windows\System\kcyBVmp.exe
  2⤵
  PID:5040
- C:\Windows\System\OSinBDy.exe
  C:\Windows\System\OSinBDy.exe
  2⤵
  PID:5056
- C:\Windows\System\aStUcrQ.exe
  C:\Windows\System\aStUcrQ.exe
  2⤵
  PID:5076
- C:\Windows\System\tAGgVYS.exe
  C:\Windows\System\tAGgVYS.exe
  2⤵
  PID:5096
- C:\Windows\System\QErYNVN.exe
  C:\Windows\System\QErYNVN.exe
  2⤵
  PID:5112
- C:\Windows\System\fahmIET.exe
  C:\Windows\System\fahmIET.exe
  2⤵
  PID:3460
- C:\Windows\System\QeDQOwv.exe
  C:\Windows\System\QeDQOwv.exe
  2⤵
  PID:3864
- C:\Windows\System\mKmkQvf.exe
  C:\Windows\System\mKmkQvf.exe
  2⤵
  PID:3528
- C:\Windows\System\lTelrKw.exe
  C:\Windows\System\lTelrKw.exe
  2⤵
  PID:796
- C:\Windows\System\kBNSiMD.exe
  C:\Windows\System\kBNSiMD.exe
  2⤵
  PID:4136
- C:\Windows\System\YHRTnzQ.exe
  C:\Windows\System\YHRTnzQ.exe
  2⤵
  PID:3680
- C:\Windows\System\nsdQolV.exe
  C:\Windows\System\nsdQolV.exe
  2⤵
  PID:4204
- C:\Windows\System\OVInhrs.exe
  C:\Windows\System\OVInhrs.exe
  2⤵
  PID:4248
- C:\Windows\System\xKWkfAy.exe
  C:\Windows\System\xKWkfAy.exe
  2⤵
  PID:4296
- C:\Windows\System\VNCBXiP.exe
  C:\Windows\System\VNCBXiP.exe
  2⤵
  PID:4312
- C:\Windows\System\PEdyjFn.exe
  C:\Windows\System\PEdyjFn.exe
  2⤵
  PID:3964
- C:\Windows\System\bUbPGkQ.exe
  C:\Windows\System\bUbPGkQ.exe
  2⤵
  PID:4348
- C:\Windows\System\WkuovQI.exe
  C:\Windows\System\WkuovQI.exe
  2⤵
  PID:3324
- C:\Windows\System\oybYPTu.exe
  C:\Windows\System\oybYPTu.exe
  2⤵
  PID:4180
- C:\Windows\System\dERpchQ.exe
  C:\Windows\System\dERpchQ.exe
  2⤵
  PID:4228
- C:\Windows\System\IRQoWLl.exe
  C:\Windows\System\IRQoWLl.exe
  2⤵
  PID:4484
- C:\Windows\System\hxBrlxh.exe
  C:\Windows\System\hxBrlxh.exe
  2⤵
  PID:4276
- C:\Windows\System\MwqWqmr.exe
  C:\Windows\System\MwqWqmr.exe
  2⤵
  PID:4332
- C:\Windows\System\nsSmdBm.exe
  C:\Windows\System\nsSmdBm.exe
  2⤵
  PID:4464
- C:\Windows\System\MJkOWBH.exe
  C:\Windows\System\MJkOWBH.exe
  2⤵
  PID:4672
- C:\Windows\System\lBUgrRS.exe
  C:\Windows\System\lBUgrRS.exe
  2⤵
  PID:4364
- C:\Windows\System\ROkfWLW.exe
  C:\Windows\System\ROkfWLW.exe
  2⤵
  PID:4436
- C:\Windows\System\tYyWjnH.exe
  C:\Windows\System\tYyWjnH.exe
  2⤵
  PID:4532
- C:\Windows\System\HboHDxp.exe
  C:\Windows\System\HboHDxp.exe
  2⤵
  PID:4756
- C:\Windows\System\Edvpbpi.exe
  C:\Windows\System\Edvpbpi.exe
  2⤵
  PID:4564
- C:\Windows\System\TuoubBJ.exe
  C:\Windows\System\TuoubBJ.exe
  2⤵
  PID:4772
- C:\Windows\System\TJXNDOR.exe
  C:\Windows\System\TJXNDOR.exe
  2⤵
  PID:4792
- C:\Windows\System\amncBVA.exe
  C:\Windows\System\amncBVA.exe
  2⤵
  PID:4812
- C:\Windows\System\lyMgyWo.exe
  C:\Windows\System\lyMgyWo.exe
  2⤵
  PID:4836
- C:\Windows\System\dkOrgVH.exe
  C:\Windows\System\dkOrgVH.exe
  2⤵
  PID:4852
- C:\Windows\System\zuucxCZ.exe
  C:\Windows\System\zuucxCZ.exe
  2⤵
  PID:2704
- C:\Windows\System\oruepKN.exe
  C:\Windows\System\oruepKN.exe
  2⤵
  PID:4924
- C:\Windows\System\FRIAShe.exe
  C:\Windows\System\FRIAShe.exe
  2⤵
  PID:4872
- C:\Windows\System\skvAlZK.exe
  C:\Windows\System\skvAlZK.exe
  2⤵
  PID:4972
- C:\Windows\System\JpbeyZa.exe
  C:\Windows\System\JpbeyZa.exe
  2⤵
  PID:5024
- C:\Windows\System\DfOxKjl.exe
  C:\Windows\System\DfOxKjl.exe
  2⤵
  PID:5052
- C:\Windows\System\QxEPFvE.exe
  C:\Windows\System\QxEPFvE.exe
  2⤵
  PID:4988
- C:\Windows\System\RrAIsRS.exe
  C:\Windows\System\RrAIsRS.exe
  2⤵
  PID:5032
- C:\Windows\System\NAxIQFH.exe
  C:\Windows\System\NAxIQFH.exe
  2⤵
  PID:3876
- C:\Windows\System\KwUbkmC.exe
  C:\Windows\System\KwUbkmC.exe
  2⤵
  PID:3616
- C:\Windows\System\vGMCkGT.exe
  C:\Windows\System\vGMCkGT.exe
  2⤵
  PID:5064
- C:\Windows\System\drPmBeT.exe
  C:\Windows\System\drPmBeT.exe
  2⤵
  PID:3532
- C:\Windows\System\RZWievI.exe
  C:\Windows\System\RZWievI.exe
  2⤵
  PID:3800
- C:\Windows\System\tuVGYjO.exe
  C:\Windows\System\tuVGYjO.exe
  2⤵
  PID:3092
- C:\Windows\System\MmtcZGn.exe
  C:\Windows\System\MmtcZGn.exe
  2⤵
  PID:3380
- C:\Windows\System\cGvjwrG.exe
  C:\Windows\System\cGvjwrG.exe
  2⤵
  PID:2560
- C:\Windows\System\tVbTfGv.exe
  C:\Windows\System\tVbTfGv.exe
  2⤵
  PID:4116
- C:\Windows\System\xFpgHxW.exe
  C:\Windows\System\xFpgHxW.exe
  2⤵
  PID:2576
- C:\Windows\System\wUVCafx.exe
  C:\Windows\System\wUVCafx.exe
  2⤵
  PID:4304
- C:\Windows\System\nAVgMms.exe
  C:\Windows\System\nAVgMms.exe
  2⤵
  PID:4740
- C:\Windows\System\KWtjeiD.exe
  C:\Windows\System\KWtjeiD.exe
  2⤵
  PID:4324
- C:\Windows\System\eTEgyBM.exe
  C:\Windows\System\eTEgyBM.exe
  2⤵
  PID:4500
- C:\Windows\System\NvRkvBA.exe
  C:\Windows\System\NvRkvBA.exe
  2⤵
  PID:4784
- C:\Windows\System\WdBMuwm.exe
  C:\Windows\System\WdBMuwm.exe
  2⤵
  PID:4396
- C:\Windows\System\pxrvUkt.exe
  C:\Windows\System\pxrvUkt.exe
  2⤵
  PID:4660
- C:\Windows\System\JzIaKCw.exe
  C:\Windows\System\JzIaKCw.exe
  2⤵
  PID:4824
- C:\Windows\System\JqsMNSi.exe
  C:\Windows\System\JqsMNSi.exe
  2⤵
  PID:4560
- C:\Windows\System\ztxXCvs.exe
  C:\Windows\System\ztxXCvs.exe
  2⤵
  PID:4868
- C:\Windows\System\MDQPJOO.exe
  C:\Windows\System\MDQPJOO.exe
  2⤵
  PID:5000
- C:\Windows\System\FluAueb.exe
  C:\Windows\System\FluAueb.exe
  2⤵
  PID:4896
- C:\Windows\System\fgWJyYB.exe
  C:\Windows\System\fgWJyYB.exe
  2⤵
  PID:5092
- C:\Windows\System\JQnfiBx.exe
  C:\Windows\System\JQnfiBx.exe
  2⤵
  PID:5036
- C:\Windows\System\HEBsqSg.exe
  C:\Windows\System\HEBsqSg.exe
  2⤵
  PID:4912
- C:\Windows\System\GRidkSY.exe
  C:\Windows\System\GRidkSY.exe
  2⤵
  PID:2608
- C:\Windows\System\WSzsCFP.exe
  C:\Windows\System\WSzsCFP.exe
  2⤵
  PID:1252
- C:\Windows\System\TZTvexb.exe
  C:\Windows\System\TZTvexb.exe
  2⤵
  PID:2424
- C:\Windows\System\vrVWgHh.exe
  C:\Windows\System\vrVWgHh.exe
  2⤵
  PID:2248
- C:\Windows\System\rNEiVbT.exe
  C:\Windows\System\rNEiVbT.exe
  2⤵
  PID:4448
- C:\Windows\System\tNMyYpw.exe
  C:\Windows\System\tNMyYpw.exe
  2⤵
  PID:4724
- C:\Windows\System\GMHdMsf.exe
  C:\Windows\System\GMHdMsf.exe
  2⤵
  PID:4640
- C:\Windows\System\FxfZbbI.exe
  C:\Windows\System\FxfZbbI.exe
  2⤵
  PID:4800
- C:\Windows\System\PqeNYBx.exe
  C:\Windows\System\PqeNYBx.exe
  2⤵
  PID:5004
- C:\Windows\System\AmxMHNz.exe
  C:\Windows\System\AmxMHNz.exe
  2⤵
  PID:2384
- C:\Windows\System\IafkrNk.exe
  C:\Windows\System\IafkrNk.exe
  2⤵
  PID:4288
- C:\Windows\System\SwaqbHa.exe
  C:\Windows\System\SwaqbHa.exe
  2⤵
  PID:4208
- C:\Windows\System\KkhzIWz.exe
  C:\Windows\System\KkhzIWz.exe
  2⤵
  PID:4264
- C:\Windows\System\IwbnvZq.exe
  C:\Windows\System\IwbnvZq.exe
  2⤵
  PID:2804
- C:\Windows\System\aaFpPLc.exe
  C:\Windows\System\aaFpPLc.exe
  2⤵
  PID:4036
- C:\Windows\System\QJepMoy.exe
  C:\Windows\System\QJepMoy.exe
  2⤵
  PID:4400
- C:\Windows\System\wBRMlIR.exe
  C:\Windows\System\wBRMlIR.exe
  2⤵
  PID:4528
- C:\Windows\System\IguUDGt.exe
  C:\Windows\System\IguUDGt.exe
  2⤵
  PID:4152
- C:\Windows\System\ylYSCWA.exe
  C:\Windows\System\ylYSCWA.exe
  2⤵
  PID:4964
- C:\Windows\System\AHIdsni.exe
  C:\Windows\System\AHIdsni.exe
  2⤵
  PID:2568
- C:\Windows\System\YqBJppk.exe
  C:\Windows\System\YqBJppk.exe
  2⤵
  PID:3304
- C:\Windows\System\ndxLFub.exe
  C:\Windows\System\ndxLFub.exe
  2⤵
  PID:4120
- C:\Windows\System\pvMttNe.exe
  C:\Windows\System\pvMttNe.exe
  2⤵
  PID:3328
- C:\Windows\System\rBzvwyB.exe
  C:\Windows\System\rBzvwyB.exe
  2⤵
  PID:3492
- C:\Windows\System\CxQBLRY.exe
  C:\Windows\System\CxQBLRY.exe
  2⤵
  PID:4132
- C:\Windows\System\EeUhLob.exe
  C:\Windows\System\EeUhLob.exe
  2⤵
  PID:4676
- C:\Windows\System\DonoMuB.exe
  C:\Windows\System\DonoMuB.exe
  2⤵
  PID:4820
- C:\Windows\System\lZSoblC.exe
  C:\Windows\System\lZSoblC.exe
  2⤵
  PID:4788
- C:\Windows\System\qWGbBMF.exe
  C:\Windows\System\qWGbBMF.exe
  2⤵
  PID:4656
- C:\Windows\System\xWDXYwn.exe
  C:\Windows\System\xWDXYwn.exe
  2⤵
  PID:5072
- C:\Windows\System\FjOyroO.exe
  C:\Windows\System\FjOyroO.exe
  2⤵
  PID:3704
- C:\Windows\System\FdSZrsV.exe
  C:\Windows\System\FdSZrsV.exe
  2⤵
  PID:3276
- C:\Windows\System\fcTvCef.exe
  C:\Windows\System\fcTvCef.exe
  2⤵
  PID:5132
- C:\Windows\System\qqcWoZe.exe
  C:\Windows\System\qqcWoZe.exe
  2⤵
  PID:5148
- C:\Windows\System\KVOTFZe.exe
  C:\Windows\System\KVOTFZe.exe
  2⤵
  PID:5164
- C:\Windows\System\nUvEFEH.exe
  C:\Windows\System\nUvEFEH.exe
  2⤵
  PID:5180
- C:\Windows\System\UldkxxZ.exe
  C:\Windows\System\UldkxxZ.exe
  2⤵
  PID:5196
- C:\Windows\System\qaobRpE.exe
  C:\Windows\System\qaobRpE.exe
  2⤵
  PID:5212
- C:\Windows\System\umFLblF.exe
  C:\Windows\System\umFLblF.exe
  2⤵
  PID:5228
- C:\Windows\System\ByNGtXW.exe
  C:\Windows\System\ByNGtXW.exe
  2⤵
  PID:5244
- C:\Windows\System\RDJKnQM.exe
  C:\Windows\System\RDJKnQM.exe
  2⤵
  PID:5260
- C:\Windows\System\uqjpBJj.exe
  C:\Windows\System\uqjpBJj.exe
  2⤵
  PID:5280
- C:\Windows\System\ZDBfTTO.exe
  C:\Windows\System\ZDBfTTO.exe
  2⤵
  PID:5296
- C:\Windows\System\voebCmg.exe
  C:\Windows\System\voebCmg.exe
  2⤵
  PID:5312
- C:\Windows\System\jspOtcZ.exe
  C:\Windows\System\jspOtcZ.exe
  2⤵
  PID:5328
- C:\Windows\System\FBalZTO.exe
  C:\Windows\System\FBalZTO.exe
  2⤵
  PID:5344
- C:\Windows\System\ruqiaIn.exe
  C:\Windows\System\ruqiaIn.exe
  2⤵
  PID:5360
- C:\Windows\System\ntYRtqf.exe
  C:\Windows\System\ntYRtqf.exe
  2⤵
  PID:5376
- C:\Windows\System\FeckEtI.exe
  C:\Windows\System\FeckEtI.exe
  2⤵
  PID:5392
- C:\Windows\System\ZttvLPI.exe
  C:\Windows\System\ZttvLPI.exe
  2⤵
  PID:5408
- C:\Windows\System\PSigowp.exe
  C:\Windows\System\PSigowp.exe
  2⤵
  PID:5424
- C:\Windows\System\kShGOGW.exe
  C:\Windows\System\kShGOGW.exe
  2⤵
  PID:5440
- C:\Windows\System\egGuriG.exe
  C:\Windows\System\egGuriG.exe
  2⤵
  PID:5456
- C:\Windows\System\sfkSjkc.exe
  C:\Windows\System\sfkSjkc.exe
  2⤵
  PID:5472
- C:\Windows\System\VBhclFW.exe
  C:\Windows\System\VBhclFW.exe
  2⤵
  PID:5488
- C:\Windows\System\MITwcSP.exe
  C:\Windows\System\MITwcSP.exe
  2⤵
  PID:5504
- C:\Windows\System\bYsBtpj.exe
  C:\Windows\System\bYsBtpj.exe
  2⤵
  PID:5524
- C:\Windows\System\irFGdiR.exe
  C:\Windows\System\irFGdiR.exe
  2⤵
  PID:5552
- C:\Windows\System\XflEMtC.exe
  C:\Windows\System\XflEMtC.exe
  2⤵
  PID:5568
- C:\Windows\System\gODUypL.exe
  C:\Windows\System\gODUypL.exe
  2⤵
  PID:5584
- C:\Windows\System\rDXHJHo.exe
  C:\Windows\System\rDXHJHo.exe
  2⤵
  PID:5600
- C:\Windows\System\HTgCTFs.exe
  C:\Windows\System\HTgCTFs.exe
  2⤵
  PID:5616
- C:\Windows\System\GIJKsCS.exe
  C:\Windows\System\GIJKsCS.exe
  2⤵
  PID:5632
- C:\Windows\System\VImYpVC.exe
  C:\Windows\System\VImYpVC.exe
  2⤵
  PID:5648
- C:\Windows\System\iHYCPcp.exe
  C:\Windows\System\iHYCPcp.exe
  2⤵
  PID:5684
- C:\Windows\System\hRNmTzb.exe
  C:\Windows\System\hRNmTzb.exe
  2⤵
  PID:5700
- C:\Windows\System\brEOFQX.exe
  C:\Windows\System\brEOFQX.exe
  2⤵
  PID:5716
- C:\Windows\System\fnWDAzE.exe
  C:\Windows\System\fnWDAzE.exe
  2⤵
  PID:5732
- C:\Windows\System\ofTDmxB.exe
  C:\Windows\System\ofTDmxB.exe
  2⤵
  PID:5748
- C:\Windows\System\znSGNhC.exe
  C:\Windows\System\znSGNhC.exe
  2⤵
  PID:5780
- C:\Windows\System\aqzaHkq.exe
  C:\Windows\System\aqzaHkq.exe
  2⤵
  PID:5796
- C:\Windows\System\iNVkbcH.exe
  C:\Windows\System\iNVkbcH.exe
  2⤵
  PID:5812
- C:\Windows\System\JcmqiXU.exe
  C:\Windows\System\JcmqiXU.exe
  2⤵
  PID:5828
- C:\Windows\System\sBiMldA.exe
  C:\Windows\System\sBiMldA.exe
  2⤵
  PID:5844
- C:\Windows\System\DHZbujB.exe
  C:\Windows\System\DHZbujB.exe
  2⤵
  PID:5860
- C:\Windows\System\IZpBear.exe
  C:\Windows\System\IZpBear.exe
  2⤵
  PID:5876
- C:\Windows\System\GThfTFJ.exe
  C:\Windows\System\GThfTFJ.exe
  2⤵
  PID:5892
- C:\Windows\System\MBaKopR.exe
  C:\Windows\System\MBaKopR.exe
  2⤵
  PID:5908
- C:\Windows\System\bTKbOWA.exe
  C:\Windows\System\bTKbOWA.exe
  2⤵
  PID:5924
- C:\Windows\System\rOvNTJj.exe
  C:\Windows\System\rOvNTJj.exe
  2⤵
  PID:5940
- C:\Windows\System\pDdnYSR.exe
  C:\Windows\System\pDdnYSR.exe
  2⤵
  PID:5956
- C:\Windows\System\wLhtKRI.exe
  C:\Windows\System\wLhtKRI.exe
  2⤵
  PID:5972
- C:\Windows\System\EJgnRMF.exe
  C:\Windows\System\EJgnRMF.exe
  2⤵
  PID:5988
- C:\Windows\System\TYtOaZX.exe
  C:\Windows\System\TYtOaZX.exe
  2⤵
  PID:6004
- C:\Windows\System\JWjlfHY.exe
  C:\Windows\System\JWjlfHY.exe
  2⤵
  PID:6020
- C:\Windows\System\PiZJiGy.exe
  C:\Windows\System\PiZJiGy.exe
  2⤵
  PID:6036
- C:\Windows\System\PqzFJCn.exe
  C:\Windows\System\PqzFJCn.exe
  2⤵
  PID:6052
- C:\Windows\System\xZyQfKy.exe
  C:\Windows\System\xZyQfKy.exe
  2⤵
  PID:6068
- C:\Windows\System\QYUlikc.exe
  C:\Windows\System\QYUlikc.exe
  2⤵
  PID:6084
- C:\Windows\System\ZDtxkts.exe
  C:\Windows\System\ZDtxkts.exe
  2⤵
  PID:6100
- C:\Windows\System\sJbkSth.exe
  C:\Windows\System\sJbkSth.exe
  2⤵
  PID:6116
- C:\Windows\System\VHhHQlc.exe
  C:\Windows\System\VHhHQlc.exe
  2⤵
  PID:6132
- C:\Windows\System\Swhykke.exe
  C:\Windows\System\Swhykke.exe
  2⤵
  PID:2900
- C:\Windows\System\QEaRBhE.exe
  C:\Windows\System\QEaRBhE.exe
  2⤵
  PID:4496
- C:\Windows\System\PXVzHfy.exe
  C:\Windows\System\PXVzHfy.exe
  2⤵
  PID:2860
- C:\Windows\System\TNDokYA.exe
  C:\Windows\System\TNDokYA.exe
  2⤵
  PID:4832
- C:\Windows\System\MbqrrFO.exe
  C:\Windows\System\MbqrrFO.exe
  2⤵
  PID:5208
- C:\Windows\System\grZMIiG.exe
  C:\Windows\System\grZMIiG.exe
  2⤵
  PID:4480
- C:\Windows\System\MJNLCrh.exe
  C:\Windows\System\MJNLCrh.exe
  2⤵
  PID:2012
- C:\Windows\System\PwaAnaM.exe
  C:\Windows\System\PwaAnaM.exe
  2⤵
  PID:5156
- C:\Windows\System\KjUgOzh.exe
  C:\Windows\System\KjUgOzh.exe
  2⤵
  PID:5276
- C:\Windows\System\FFweVkg.exe
  C:\Windows\System\FFweVkg.exe
  2⤵
  PID:5252
- C:\Windows\System\pYZtpBG.exe
  C:\Windows\System\pYZtpBG.exe
  2⤵
  PID:5256
- C:\Windows\System\NdWNYWQ.exe
  C:\Windows\System\NdWNYWQ.exe
  2⤵
  PID:5368
- C:\Windows\System\LVNcemr.exe
  C:\Windows\System\LVNcemr.exe
  2⤵
  PID:5356
- C:\Windows\System\ptMfApB.exe
  C:\Windows\System\ptMfApB.exe
  2⤵
  PID:5420
- C:\Windows\System\cwAMDps.exe
  C:\Windows\System\cwAMDps.exe
  2⤵
  PID:5384
- C:\Windows\System\gAlHRog.exe
  C:\Windows\System\gAlHRog.exe
  2⤵
  PID:5468
- C:\Windows\System\hVXKUaq.exe
  C:\Windows\System\hVXKUaq.exe
  2⤵
  PID:5512
- C:\Windows\System\oldRSDh.exe
  C:\Windows\System\oldRSDh.exe
  2⤵
  PID:5540
- C:\Windows\System\BUJEAlN.exe
  C:\Windows\System\BUJEAlN.exe
  2⤵
  PID:5548
- C:\Windows\System\KGfgIkq.exe
  C:\Windows\System\KGfgIkq.exe
  2⤵
  PID:5680
- C:\Windows\System\UEJWVQk.exe
  C:\Windows\System\UEJWVQk.exe
  2⤵
  PID:5768
- C:\Windows\System\PSWExFH.exe
  C:\Windows\System\PSWExFH.exe
  2⤵
  PID:5564
- C:\Windows\System\XhbBSQh.exe
  C:\Windows\System\XhbBSQh.exe
  2⤵
  PID:5660
- C:\Windows\System\orEDfKm.exe
  C:\Windows\System\orEDfKm.exe
  2⤵
  PID:5840
- C:\Windows\System\fRlkaYg.exe
  C:\Windows\System\fRlkaYg.exe
  2⤵
  PID:5740
- C:\Windows\System\dpRkvCR.exe
  C:\Windows\System\dpRkvCR.exe
  2⤵
  PID:5792
- C:\Windows\System\LbvhICc.exe
  C:\Windows\System\LbvhICc.exe
  2⤵
  PID:5712
- C:\Windows\System\EOQGKOI.exe
  C:\Windows\System\EOQGKOI.exe
  2⤵
  PID:5916
- C:\Windows\System\HmnSNsz.exe
  C:\Windows\System\HmnSNsz.exe
  2⤵
  PID:5952
- C:\Windows\System\uUjRMDw.exe
  C:\Windows\System\uUjRMDw.exe
  2⤵
  PID:5968
- C:\Windows\System\wUlWXdA.exe
  C:\Windows\System\wUlWXdA.exe
  2⤵
  PID:5996
- C:\Windows\System\HLFEqYt.exe
  C:\Windows\System\HLFEqYt.exe
  2⤵
  PID:6060
- C:\Windows\System\JDtGiGo.exe
  C:\Windows\System\JDtGiGo.exe
  2⤵
  PID:6124
- C:\Windows\System\MrfFlCN.exe
  C:\Windows\System\MrfFlCN.exe
  2⤵
  PID:5140
- C:\Windows\System\xRpSaPN.exe
  C:\Windows\System\xRpSaPN.exe
  2⤵
  PID:2856
- C:\Windows\System\jDbFLqW.exe
  C:\Windows\System\jDbFLqW.exe
  2⤵
  PID:6080
- C:\Windows\System\kndhylj.exe
  C:\Windows\System\kndhylj.exe
  2⤵
  PID:2908
- C:\Windows\System\FbFYTce.exe
  C:\Windows\System\FbFYTce.exe
  2⤵
  PID:2264
- C:\Windows\System\oRuytlm.exe
  C:\Windows\System\oRuytlm.exe
  2⤵
  PID:5236
- C:\Windows\System\YAHHlXM.exe
  C:\Windows\System\YAHHlXM.exe
  2⤵
  PID:5292
- C:\Windows\System\uBnxUxq.exe
  C:\Windows\System\uBnxUxq.exe
  2⤵
  PID:5068
- C:\Windows\System\oirAHBC.exe
  C:\Windows\System\oirAHBC.exe
  2⤵
  PID:5404
- C:\Windows\System\MzDNxgH.exe
  C:\Windows\System\MzDNxgH.exe
  2⤵
  PID:5484
- C:\Windows\System\EdtztKA.exe
  C:\Windows\System\EdtztKA.exe
  2⤵
  PID:5352
- C:\Windows\System\qleZtFz.exe
  C:\Windows\System\qleZtFz.exe
  2⤵
  PID:5872
- C:\Windows\System\zxveByd.exe
  C:\Windows\System\zxveByd.exe
  2⤵
  PID:5788
- C:\Windows\System\HXZzUGE.exe
  C:\Windows\System\HXZzUGE.exe
  2⤵
  PID:6032
- C:\Windows\System\TsgWmsQ.exe
  C:\Windows\System\TsgWmsQ.exe
  2⤵
  PID:5696
- C:\Windows\System\axRINid.exe
  C:\Windows\System\axRINid.exe
  2⤵
  PID:6092
- C:\Windows\System\msNzgJK.exe
  C:\Windows\System\msNzgJK.exe
  2⤵
  PID:5176
- C:\Windows\System\peTxWog.exe
  C:\Windows\System\peTxWog.exe
  2⤵
  PID:5936
- C:\Windows\System\GKqOAzL.exe
  C:\Windows\System\GKqOAzL.exe
  2⤵
  PID:5576
- C:\Windows\System\RCYFvHf.exe
  C:\Windows\System\RCYFvHf.exe
  2⤵
  PID:6140
- C:\Windows\System\feJrcid.exe
  C:\Windows\System\feJrcid.exe
  2⤵
  PID:5416
- C:\Windows\System\ClkMnDQ.exe
  C:\Windows\System\ClkMnDQ.exe
  2⤵
  PID:5324
- C:\Windows\System\Ybmjdvu.exe
  C:\Windows\System\Ybmjdvu.exe
  2⤵
  PID:5516
- C:\Windows\System\lnPVnOT.exe
  C:\Windows\System\lnPVnOT.exe
  2⤵
  PID:5760
- C:\Windows\System\ZtYKIOt.exe
  C:\Windows\System\ZtYKIOt.exe
  2⤵
  PID:5724
- C:\Windows\System\kXGwILB.exe
  C:\Windows\System\kXGwILB.exe
  2⤵
  PID:1868
- C:\Windows\System\GxWGolL.exe
  C:\Windows\System\GxWGolL.exe
  2⤵
  PID:5820
- C:\Windows\System\HFWIGio.exe
  C:\Windows\System\HFWIGio.exe
  2⤵
  PID:6028
- C:\Windows\System\JbErwgI.exe
  C:\Windows\System\JbErwgI.exe
  2⤵
  PID:6076
- C:\Windows\System\wjjInpV.exe
  C:\Windows\System\wjjInpV.exe
  2⤵
  PID:5272
- C:\Windows\System\rWyrpMS.exe
  C:\Windows\System\rWyrpMS.exe
  2⤵
  PID:6112
- C:\Windows\System\eHyXYBG.exe
  C:\Windows\System\eHyXYBG.exe
  2⤵
  PID:5672
- C:\Windows\System\MzzWfWN.exe
  C:\Windows\System\MzzWfWN.exe
  2⤵
  PID:1212
- C:\Windows\System\PNPnbVL.exe
  C:\Windows\System\PNPnbVL.exe
  2⤵
  PID:6152
- C:\Windows\System\tAGvaCS.exe
  C:\Windows\System\tAGvaCS.exe
  2⤵
  PID:6168
- C:\Windows\System\AkhJske.exe
  C:\Windows\System\AkhJske.exe
  2⤵
  PID:6184
- C:\Windows\System\tnrTmhc.exe
  C:\Windows\System\tnrTmhc.exe
  2⤵
  PID:6200
- C:\Windows\System\aJuLWmk.exe
  C:\Windows\System\aJuLWmk.exe
  2⤵
  PID:6216
- C:\Windows\System\mScHqbH.exe
  C:\Windows\System\mScHqbH.exe
  2⤵
  PID:6232
- C:\Windows\System\cgxQiQY.exe
  C:\Windows\System\cgxQiQY.exe
  2⤵
  PID:6248
- C:\Windows\System\vNrPsZq.exe
  C:\Windows\System\vNrPsZq.exe
  2⤵
  PID:6264
- C:\Windows\System\mbJmDFf.exe
  C:\Windows\System\mbJmDFf.exe
  2⤵
  PID:6280
- C:\Windows\System\VicIGvZ.exe
  C:\Windows\System\VicIGvZ.exe
  2⤵
  PID:6296
- C:\Windows\System\HYVpRrf.exe
  C:\Windows\System\HYVpRrf.exe
  2⤵
  PID:6312
- C:\Windows\System\JsifdDf.exe
  C:\Windows\System\JsifdDf.exe
  2⤵
  PID:6328
- C:\Windows\System\nccuFtd.exe
  C:\Windows\System\nccuFtd.exe
  2⤵
  PID:6344
- C:\Windows\System\GSrqBeL.exe
  C:\Windows\System\GSrqBeL.exe
  2⤵
  PID:6360
- C:\Windows\System\fFCvUmf.exe
  C:\Windows\System\fFCvUmf.exe
  2⤵
  PID:6376
- C:\Windows\System\OSXzLKe.exe
  C:\Windows\System\OSXzLKe.exe
  2⤵
  PID:6392
- C:\Windows\System\gkvpiVB.exe
  C:\Windows\System\gkvpiVB.exe
  2⤵
  PID:6408
- C:\Windows\System\GCibnvr.exe
  C:\Windows\System\GCibnvr.exe
  2⤵
  PID:6424
- C:\Windows\System\NEpzaes.exe
  C:\Windows\System\NEpzaes.exe
  2⤵
  PID:6440
- C:\Windows\System\xOpyOgQ.exe
  C:\Windows\System\xOpyOgQ.exe
  2⤵
  PID:6456
- C:\Windows\System\vKyeDKA.exe
  C:\Windows\System\vKyeDKA.exe
  2⤵
  PID:6472
- C:\Windows\System\mGSSQRH.exe
  C:\Windows\System\mGSSQRH.exe
  2⤵
  PID:6488
- C:\Windows\System\wVxiTcg.exe
  C:\Windows\System\wVxiTcg.exe
  2⤵
  PID:6504
- C:\Windows\System\UFqsHfL.exe
  C:\Windows\System\UFqsHfL.exe
  2⤵
  PID:6524
- C:\Windows\System\PiCmMHL.exe
  C:\Windows\System\PiCmMHL.exe
  2⤵
  PID:6540
- C:\Windows\System\osChinY.exe
  C:\Windows\System\osChinY.exe
  2⤵
  PID:6556
- C:\Windows\System\ClRWtSU.exe
  C:\Windows\System\ClRWtSU.exe
  2⤵
  PID:6572
- C:\Windows\System\GEzBdvl.exe
  C:\Windows\System\GEzBdvl.exe
  2⤵
  PID:6588
- C:\Windows\System\MBWgxeI.exe
  C:\Windows\System\MBWgxeI.exe
  2⤵
  PID:6604
- C:\Windows\System\JpqCbzA.exe
  C:\Windows\System\JpqCbzA.exe
  2⤵
  PID:6620
- C:\Windows\System\rodndqD.exe
  C:\Windows\System\rodndqD.exe
  2⤵
  PID:6636
- C:\Windows\System\INEbnTj.exe
  C:\Windows\System\INEbnTj.exe
  2⤵
  PID:6652
- C:\Windows\System\akZuUPY.exe
  C:\Windows\System\akZuUPY.exe
  2⤵
  PID:6668
- C:\Windows\System\xyqmCJy.exe
  C:\Windows\System\xyqmCJy.exe
  2⤵
  PID:6684
- C:\Windows\System\MoVnClN.exe
  C:\Windows\System\MoVnClN.exe
  2⤵
  PID:6700
- C:\Windows\System\tiNAUNE.exe
  C:\Windows\System\tiNAUNE.exe
  2⤵
  PID:6716
- C:\Windows\System\kPlDwns.exe
  C:\Windows\System\kPlDwns.exe
  2⤵
  PID:6732
- C:\Windows\System\sKahCnF.exe
  C:\Windows\System\sKahCnF.exe
  2⤵
  PID:6748
- C:\Windows\System\gmJMsOn.exe
  C:\Windows\System\gmJMsOn.exe
  2⤵
  PID:6764
- C:\Windows\System\fXvIVlO.exe
  C:\Windows\System\fXvIVlO.exe
  2⤵
  PID:6780
- C:\Windows\System\gxqffsB.exe
  C:\Windows\System\gxqffsB.exe
  2⤵
  PID:6796
- C:\Windows\System\SFVqitx.exe
  C:\Windows\System\SFVqitx.exe
  2⤵
  PID:6812
- C:\Windows\System\pWBrgiQ.exe
  C:\Windows\System\pWBrgiQ.exe
  2⤵
  PID:6828
- C:\Windows\System\rASLLtU.exe
  C:\Windows\System\rASLLtU.exe
  2⤵
  PID:6844
- C:\Windows\System\KHOLrmH.exe
  C:\Windows\System\KHOLrmH.exe
  2⤵
  PID:6860
- C:\Windows\System\RpiaKVv.exe
  C:\Windows\System\RpiaKVv.exe
  2⤵
  PID:6876
- C:\Windows\System\uAjtxJh.exe
  C:\Windows\System\uAjtxJh.exe
  2⤵
  PID:6892
- C:\Windows\System\fwrOJsX.exe
  C:\Windows\System\fwrOJsX.exe
  2⤵
  PID:6908
- C:\Windows\System\mOeBmKy.exe
  C:\Windows\System\mOeBmKy.exe
  2⤵
  PID:6924
- C:\Windows\System\JOCvjvP.exe
  C:\Windows\System\JOCvjvP.exe
  2⤵
  PID:6940
- C:\Windows\System\LrSpfHi.exe
  C:\Windows\System\LrSpfHi.exe
  2⤵
  PID:6956
- C:\Windows\System\vAqaUwO.exe
  C:\Windows\System\vAqaUwO.exe
  2⤵
  PID:6972
- C:\Windows\System\RJWlSXn.exe
  C:\Windows\System\RJWlSXn.exe
  2⤵
  PID:6988
- C:\Windows\System\HTpivFV.exe
  C:\Windows\System\HTpivFV.exe
  2⤵
  PID:7004
- C:\Windows\System\anbKZWV.exe
  C:\Windows\System\anbKZWV.exe
  2⤵
  PID:7020
- C:\Windows\System\KVCtCuW.exe
  C:\Windows\System\KVCtCuW.exe
  2⤵
  PID:7036
- C:\Windows\System\DVXuDnM.exe
  C:\Windows\System\DVXuDnM.exe
  2⤵
  PID:7052
- C:\Windows\System\QdelLVu.exe
  C:\Windows\System\QdelLVu.exe
  2⤵
  PID:7068
- C:\Windows\System\svwNiwS.exe
  C:\Windows\System\svwNiwS.exe
  2⤵
  PID:7084
- C:\Windows\System\WPwIyQD.exe
  C:\Windows\System\WPwIyQD.exe
  2⤵
  PID:7100
- C:\Windows\System\JrdMCfb.exe
  C:\Windows\System\JrdMCfb.exe
  2⤵
  PID:7116
- C:\Windows\System\rnfnyiS.exe
  C:\Windows\System\rnfnyiS.exe
  2⤵
  PID:7132
- C:\Windows\System\CRATaQc.exe
  C:\Windows\System\CRATaQc.exe
  2⤵
  PID:7148
- C:\Windows\System\PMQVAOg.exe
  C:\Windows\System\PMQVAOg.exe
  2⤵
  PID:7164
- C:\Windows\System\FBISrXB.exe
  C:\Windows\System\FBISrXB.exe
  2⤵
  PID:5904
- C:\Windows\System\TLBiraP.exe
  C:\Windows\System\TLBiraP.exe
  2⤵
  PID:6196
- C:\Windows\System\NSnmWGk.exe
  C:\Windows\System\NSnmWGk.exe
  2⤵
  PID:6260
- C:\Windows\System\fDbfTJK.exe
  C:\Windows\System\fDbfTJK.exe
  2⤵
  PID:4100
- C:\Windows\System\lIsQEDB.exe
  C:\Windows\System\lIsQEDB.exe
  2⤵
  PID:5220
- C:\Windows\System\LpyVBBr.exe
  C:\Windows\System\LpyVBBr.exe
  2⤵
  PID:5188
- C:\Windows\System\ylvpbGK.exe
  C:\Windows\System\ylvpbGK.exe
  2⤵
  PID:6324
- C:\Windows\System\HvxbEzt.exe
  C:\Windows\System\HvxbEzt.exe
  2⤵
  PID:2912
- C:\Windows\System\RAvpxUO.exe
  C:\Windows\System\RAvpxUO.exe
  2⤵
  PID:6148
- C:\Windows\System\hkfAyRt.exe
  C:\Windows\System\hkfAyRt.exe
  2⤵
  PID:6400
- C:\Windows\System\lhTYwkt.exe
  C:\Windows\System\lhTYwkt.exe
  2⤵
  PID:5836
- C:\Windows\System\sbVjwzM.exe
  C:\Windows\System\sbVjwzM.exe
  2⤵
  PID:5448
- C:\Windows\System\PcRhxKN.exe
  C:\Windows\System\PcRhxKN.exe
  2⤵
  PID:6464
- C:\Windows\System\jRprVve.exe
  C:\Windows\System\jRprVve.exe
  2⤵
  PID:6372
- C:\Windows\System\hxDBzMm.exe
  C:\Windows\System\hxDBzMm.exe
  2⤵
  PID:6532
- C:\Windows\System\xaVcXyE.exe
  C:\Windows\System\xaVcXyE.exe
  2⤵
  PID:6388
- C:\Windows\System\mdwxgBB.exe
  C:\Windows\System\mdwxgBB.exe
  2⤵
  PID:6548
- C:\Windows\System\VJvXzgo.exe
  C:\Windows\System\VJvXzgo.exe
  2⤵
  PID:6484
- C:\Windows\System\EGZzcFC.exe
  C:\Windows\System\EGZzcFC.exe
  2⤵
  PID:6580
- C:\Windows\System\aeshhFc.exe
  C:\Windows\System\aeshhFc.exe
  2⤵
  PID:6644
- C:\Windows\System\bkPEVii.exe
  C:\Windows\System\bkPEVii.exe
  2⤵
  PID:6708
- C:\Windows\System\arXJodd.exe
  C:\Windows\System\arXJodd.exe
  2⤵
  PID:6660
- C:\Windows\System\lVGJuVU.exe
  C:\Windows\System\lVGJuVU.exe
  2⤵
  PID:6740
- C:\Windows\System\mKhmHpK.exe
  C:\Windows\System\mKhmHpK.exe
  2⤵
  PID:6628
- C:\Windows\System\YDzBbXb.exe
  C:\Windows\System\YDzBbXb.exe
  2⤵
  PID:6760
- C:\Windows\System\MBechGj.exe
  C:\Windows\System\MBechGj.exe
  2⤵
  PID:6804
- C:\Windows\System\iyvRmsH.exe
  C:\Windows\System\iyvRmsH.exe
  2⤵
  PID:6868
- C:\Windows\System\XnnljoG.exe
  C:\Windows\System\XnnljoG.exe
  2⤵
  PID:6792
- C:\Windows\System\NylrNZE.exe
  C:\Windows\System\NylrNZE.exe
  2⤵
  PID:6884
- C:\Windows\System\QYOPgVN.exe
  C:\Windows\System\QYOPgVN.exe
  2⤵
  PID:6948
- C:\Windows\System\pwFgzcV.exe
  C:\Windows\System\pwFgzcV.exe
  2⤵
  PID:6904
- C:\Windows\System\CVAokHa.exe
  C:\Windows\System\CVAokHa.exe
  2⤵
  PID:7012
- C:\Windows\System\JVkkyrp.exe
  C:\Windows\System\JVkkyrp.exe
  2⤵
  PID:7016
- C:\Windows\System\wRuokFR.exe
  C:\Windows\System\wRuokFR.exe
  2⤵
  PID:2996
- C:\Windows\System\DLBDNqd.exe
  C:\Windows\System\DLBDNqd.exe
  2⤵
  PID:6968
- C:\Windows\System\BgXwHxa.exe
  C:\Windows\System\BgXwHxa.exe
  2⤵
  PID:7144
- C:\Windows\System\MxWMdrZ.exe
  C:\Windows\System\MxWMdrZ.exe
  2⤵
  PID:6228
- C:\Windows\System\GiduCak.exe
  C:\Windows\System\GiduCak.exe
  2⤵
  PID:6320
- C:\Windows\System\yyXrXBG.exe
  C:\Windows\System\yyXrXBG.exe
  2⤵
  PID:6292
- C:\Windows\System\wyXjvYX.exe
  C:\Windows\System\wyXjvYX.exe
  2⤵
  PID:5920
- C:\Windows\System\SoQYWXM.exe
  C:\Windows\System\SoQYWXM.exe
  2⤵
  PID:7064
- C:\Windows\System\gUfnhGh.exe
  C:\Windows\System\gUfnhGh.exe
  2⤵
  PID:2716
- C:\Windows\System\SmbjMnW.exe
  C:\Windows\System\SmbjMnW.exe
  2⤵
  PID:6420
- C:\Windows\System\amFCoBG.exe
  C:\Windows\System\amFCoBG.exe
  2⤵
  PID:6676
- C:\Windows\System\KLLcgpo.exe
  C:\Windows\System\KLLcgpo.exe
  2⤵
  PID:7124
- C:\Windows\System\VXvsirv.exe
  C:\Windows\System\VXvsirv.exe
  2⤵
  PID:7160
- C:\Windows\System\ihiLfSx.exe
  C:\Windows\System\ihiLfSx.exe
  2⤵
  PID:6696
- C:\Windows\System\FioRSnB.exe
  C:\Windows\System\FioRSnB.exe
  2⤵
  PID:6192
- C:\Windows\System\xIJAzQt.exe
  C:\Windows\System\xIJAzQt.exe
  2⤵
  PID:6352
- C:\Windows\System\lFghZlR.exe
  C:\Windows\System\lFghZlR.exe
  2⤵
  PID:6244
- C:\Windows\System\ThDcybL.exe
  C:\Windows\System\ThDcybL.exe
  2⤵
  PID:6496
- C:\Windows\System\rSwNmwi.exe
  C:\Windows\System\rSwNmwi.exe
  2⤵
  PID:1584
- C:\Windows\System\rolIPJN.exe
  C:\Windows\System\rolIPJN.exe
  2⤵
  PID:6712
- C:\Windows\System\kYkfepa.exe
  C:\Windows\System\kYkfepa.exe
  2⤵
  PID:6612
- C:\Windows\System\fKtkNZi.exe
  C:\Windows\System\fKtkNZi.exe
  2⤵
  PID:7048
- C:\Windows\System\ADPncJg.exe
  C:\Windows\System\ADPncJg.exe
  2⤵
  PID:6744
- C:\Windows\System\ARgejjF.exe
  C:\Windows\System\ARgejjF.exe
  2⤵
  PID:2392
- C:\Windows\System\zAcRsON.exe
  C:\Windows\System\zAcRsON.exe
  2⤵
  PID:6520
- C:\Windows\System\cjllTmB.exe
  C:\Windows\System\cjllTmB.exe
  2⤵
  PID:1908
- C:\Windows\System\mWtvaal.exe
  C:\Windows\System\mWtvaal.exe
  2⤵
  PID:6368
- C:\Windows\System\tUtRjXY.exe
  C:\Windows\System\tUtRjXY.exe
  2⤵
  PID:6336
- C:\Windows\System\qJfRvwn.exe
  C:\Windows\System\qJfRvwn.exe
  2⤵
  PID:6480
- C:\Windows\System\mHnhHVW.exe
  C:\Windows\System\mHnhHVW.exe
  2⤵
  PID:3056
- C:\Windows\System\kvAHqSH.exe
  C:\Windows\System\kvAHqSH.exe
  2⤵
  PID:5852
- C:\Windows\System\SaUQkpI.exe
  C:\Windows\System\SaUQkpI.exe
  2⤵
  PID:6176
- C:\Windows\System\ytdCafn.exe
  C:\Windows\System\ytdCafn.exe
  2⤵
  PID:7080
- C:\Windows\System\BKUGvUe.exe
  C:\Windows\System\BKUGvUe.exe
  2⤵
  PID:1880
- C:\Windows\System\Frzjtgv.exe
  C:\Windows\System\Frzjtgv.exe
  2⤵
  PID:7000
- C:\Windows\System\jsLCYmC.exe
  C:\Windows\System\jsLCYmC.exe
  2⤵
  PID:1384
- C:\Windows\System\BOiZfSA.exe
  C:\Windows\System\BOiZfSA.exe
  2⤵
  PID:5708
- C:\Windows\System\MOOzLaz.exe
  C:\Windows\System\MOOzLaz.exe
  2⤵
  PID:6452
- C:\Windows\System\FzKpVwh.exe
  C:\Windows\System\FzKpVwh.exe
  2⤵
  PID:6180
- C:\Windows\System\TiErQvF.exe
  C:\Windows\System\TiErQvF.exe
  2⤵
  PID:6416
- C:\Windows\System\xZcJUZZ.exe
  C:\Windows\System\xZcJUZZ.exe
  2⤵
  PID:7184
- C:\Windows\System\FDxuDxD.exe
  C:\Windows\System\FDxuDxD.exe
  2⤵
  PID:7200
- C:\Windows\System\sFKgiwk.exe
  C:\Windows\System\sFKgiwk.exe
  2⤵
  PID:7220
- C:\Windows\System\DnAkURY.exe
  C:\Windows\System\DnAkURY.exe
  2⤵
  PID:7236
- C:\Windows\System\iOxHtwe.exe
  C:\Windows\System\iOxHtwe.exe
  2⤵
  PID:7252
- C:\Windows\System\HpUAUDx.exe
  C:\Windows\System\HpUAUDx.exe
  2⤵
  PID:7280
- C:\Windows\System\ubNQcsf.exe
  C:\Windows\System\ubNQcsf.exe
  2⤵
  PID:7296
- C:\Windows\System\qwELmJP.exe
  C:\Windows\System\qwELmJP.exe
  2⤵
  PID:7312
- C:\Windows\System\sdpXxWg.exe
  C:\Windows\System\sdpXxWg.exe
  2⤵
  PID:7344
- C:\Windows\System\RVYZdfx.exe
  C:\Windows\System\RVYZdfx.exe
  2⤵
  PID:7360
- C:\Windows\System\UGhRisE.exe
  C:\Windows\System\UGhRisE.exe
  2⤵
  PID:7380
- C:\Windows\System\QZYPdrH.exe
  C:\Windows\System\QZYPdrH.exe
  2⤵
  PID:7396
- C:\Windows\System\FODFJvA.exe
  C:\Windows\System\FODFJvA.exe
  2⤵
  PID:7416
- C:\Windows\System\GkshrNT.exe
  C:\Windows\System\GkshrNT.exe
  2⤵
  PID:7460
- C:\Windows\System\JVsTLiW.exe
  C:\Windows\System\JVsTLiW.exe
  2⤵
  PID:7476
- C:\Windows\System\sCrKinU.exe
  C:\Windows\System\sCrKinU.exe
  2⤵
  PID:7496
- C:\Windows\System\wqGnxGJ.exe
  C:\Windows\System\wqGnxGJ.exe
  2⤵
  PID:7512
- C:\Windows\System\ltPuuOu.exe
  C:\Windows\System\ltPuuOu.exe
  2⤵
  PID:7528
- C:\Windows\System\ALBWUim.exe
  C:\Windows\System\ALBWUim.exe
  2⤵
  PID:7544
- C:\Windows\System\WqEDTdH.exe
  C:\Windows\System\WqEDTdH.exe
  2⤵
  PID:7564
- C:\Windows\System\NaBWuLC.exe
  C:\Windows\System\NaBWuLC.exe
  2⤵
  PID:7580
- C:\Windows\System\ozLxOET.exe
  C:\Windows\System\ozLxOET.exe
  2⤵
  PID:7596
- C:\Windows\System\mSDjyHP.exe
  C:\Windows\System\mSDjyHP.exe
  2⤵
  PID:7612
- C:\Windows\System\vzmFgWj.exe
  C:\Windows\System\vzmFgWj.exe
  2⤵
  PID:7628
- C:\Windows\System\OTjOAHS.exe
  C:\Windows\System\OTjOAHS.exe
  2⤵
  PID:7644
- C:\Windows\System\TQLmRtm.exe
  C:\Windows\System\TQLmRtm.exe
  2⤵
  PID:7660
- C:\Windows\System\pxetFGS.exe
  C:\Windows\System\pxetFGS.exe
  2⤵
  PID:7676
- C:\Windows\System\hezWMMt.exe
  C:\Windows\System\hezWMMt.exe
  2⤵
  PID:7692
- C:\Windows\System\Wgransj.exe
  C:\Windows\System\Wgransj.exe
  2⤵
  PID:7708
- C:\Windows\System\UXLPPmp.exe
  C:\Windows\System\UXLPPmp.exe
  2⤵
  PID:7724
- C:\Windows\System\DKdxdDO.exe
  C:\Windows\System\DKdxdDO.exe
  2⤵
  PID:7740
- C:\Windows\System\jNhzwSB.exe
  C:\Windows\System\jNhzwSB.exe
  2⤵
  PID:7756
- C:\Windows\System\KPWHOhw.exe
  C:\Windows\System\KPWHOhw.exe
  2⤵
  PID:7772
- C:\Windows\System\xbsSDjJ.exe
  C:\Windows\System\xbsSDjJ.exe
  2⤵
  PID:7788
- C:\Windows\System\SVWtWrI.exe
  C:\Windows\System\SVWtWrI.exe
  2⤵
  PID:7804
- C:\Windows\System\uuGyoVl.exe
  C:\Windows\System\uuGyoVl.exe
  2⤵
  PID:7820
- C:\Windows\System\nLvlDfw.exe
  C:\Windows\System\nLvlDfw.exe
  2⤵
  PID:7836
- C:\Windows\System\vTmSLkX.exe
  C:\Windows\System\vTmSLkX.exe
  2⤵
  PID:7852
- C:\Windows\System\qeUxnax.exe
  C:\Windows\System\qeUxnax.exe
  2⤵
  PID:7868
- C:\Windows\System\eUuVDmy.exe
  C:\Windows\System\eUuVDmy.exe
  2⤵
  PID:7884
- C:\Windows\System\UEWsYAv.exe
  C:\Windows\System\UEWsYAv.exe
  2⤵
  PID:7904
- C:\Windows\System\hVfiuzY.exe
  C:\Windows\System\hVfiuzY.exe
  2⤵
  PID:7920
- C:\Windows\System\PfnBiRp.exe
  C:\Windows\System\PfnBiRp.exe
  2⤵
  PID:7936
- C:\Windows\System\OLAzfpa.exe
  C:\Windows\System\OLAzfpa.exe
  2⤵
  PID:7952
- C:\Windows\System\sTSTRuI.exe
  C:\Windows\System\sTSTRuI.exe
  2⤵
  PID:7968
- C:\Windows\System\EmkWrNr.exe
  C:\Windows\System\EmkWrNr.exe
  2⤵
  PID:7984
- C:\Windows\System\lvQHuMv.exe
  C:\Windows\System\lvQHuMv.exe
  2⤵
  PID:8000
- C:\Windows\System\TjcNyzu.exe
  C:\Windows\System\TjcNyzu.exe
  2⤵
  PID:8016
- C:\Windows\System\lDUVPKz.exe
  C:\Windows\System\lDUVPKz.exe
  2⤵
  PID:8032
- C:\Windows\System\RMFEHcq.exe
  C:\Windows\System\RMFEHcq.exe
  2⤵
  PID:8048
- C:\Windows\System\HFfqURb.exe
  C:\Windows\System\HFfqURb.exe
  2⤵
  PID:8064
- C:\Windows\System\SQhDuox.exe
  C:\Windows\System\SQhDuox.exe
  2⤵
  PID:8080
- C:\Windows\System\WuSCoKF.exe
  C:\Windows\System\WuSCoKF.exe
  2⤵
  PID:8096
- C:\Windows\System\CoHeCAX.exe
  C:\Windows\System\CoHeCAX.exe
  2⤵
  PID:8112
- C:\Windows\System\nffAYJo.exe
  C:\Windows\System\nffAYJo.exe
  2⤵
  PID:8128
- C:\Windows\System\gpkEsad.exe
  C:\Windows\System\gpkEsad.exe
  2⤵
  PID:8144
- C:\Windows\System\orPnDJH.exe
  C:\Windows\System\orPnDJH.exe
  2⤵
  PID:8160
- C:\Windows\System\SIYsZuG.exe
  C:\Windows\System\SIYsZuG.exe
  2⤵
  PID:8176
- C:\Windows\System\zCNwWsT.exe
  C:\Windows\System\zCNwWsT.exe
  2⤵
  PID:6724
- C:\Windows\System\SizISWa.exe
  C:\Windows\System\SizISWa.exe
  2⤵
  PID:7192
- C:\Windows\System\SdOMKWa.exe
  C:\Windows\System\SdOMKWa.exe
  2⤵
  PID:7176
- C:\Windows\System\maWxcHn.exe
  C:\Windows\System\maWxcHn.exe
  2⤵
  PID:2564
- C:\Windows\System\RkqyZFW.exe
  C:\Windows\System\RkqyZFW.exe
  2⤵
  PID:7096
- C:\Windows\System\KWxEiKe.exe
  C:\Windows\System\KWxEiKe.exe
  2⤵
  PID:6772
- C:\Windows\System\ZutWMXf.exe
  C:\Windows\System\ZutWMXf.exe
  2⤵
  PID:6340
- C:\Windows\System\nnVSjVi.exe
  C:\Windows\System\nnVSjVi.exe
  2⤵
  PID:6516
- C:\Windows\System\wvLttfP.exe
  C:\Windows\System\wvLttfP.exe
  2⤵
  PID:7244
- C:\Windows\System\PiHAoub.exe
  C:\Windows\System\PiHAoub.exe
  2⤵
  PID:7260
- C:\Windows\System\rpRFeBP.exe
  C:\Windows\System\rpRFeBP.exe
  2⤵
  PID:7276
- C:\Windows\System\JkTTcAz.exe
  C:\Windows\System\JkTTcAz.exe
  2⤵
  PID:7292
- C:\Windows\System\OhRaxvD.exe
  C:\Windows\System\OhRaxvD.exe
  2⤵
  PID:7340
- C:\Windows\System\cUvnNIe.exe
  C:\Windows\System\cUvnNIe.exe
  2⤵
  PID:7392
- C:\Windows\System\wHjsWWQ.exe
  C:\Windows\System\wHjsWWQ.exe
  2⤵
  PID:6852
- C:\Windows\System\MySmfUo.exe
  C:\Windows\System\MySmfUo.exe
  2⤵
  PID:7452
- C:\Windows\System\OhHFFwj.exe
  C:\Windows\System\OhHFFwj.exe
  2⤵
  PID:7488
- C:\Windows\System\suOishs.exe
  C:\Windows\System\suOishs.exe
  2⤵
  PID:7376
- C:\Windows\System\ViDFeKo.exe
  C:\Windows\System\ViDFeKo.exe
  2⤵
  PID:7524
- C:\Windows\System\PXISyuh.exe
  C:\Windows\System\PXISyuh.exe
  2⤵
  PID:7560
- C:\Windows\System\fVmjDXs.exe
  C:\Windows\System\fVmjDXs.exe
  2⤵
  PID:7504
- C:\Windows\System\CvaDKGK.exe
  C:\Windows\System\CvaDKGK.exe
  2⤵
  PID:7576
- C:\Windows\System\YHcYrIe.exe
  C:\Windows\System\YHcYrIe.exe
  2⤵
  PID:7684
- C:\Windows\System\iJyySnf.exe
  C:\Windows\System\iJyySnf.exe
  2⤵
  PID:7720
- C:\Windows\System\pqPjouk.exe
  C:\Windows\System\pqPjouk.exe
  2⤵
  PID:7668
- C:\Windows\System\bWBXPwZ.exe
  C:\Windows\System\bWBXPwZ.exe
  2⤵
  PID:7704
- C:\Windows\System\BxsULdd.exe
  C:\Windows\System\BxsULdd.exe
  2⤵
  PID:8092
- C:\Windows\System\WbtAMhM.exe
  C:\Windows\System\WbtAMhM.exe
  2⤵
  PID:8248
- C:\Windows\System\IlqlAys.exe
  C:\Windows\System\IlqlAys.exe
  2⤵
  PID:8280
- C:\Windows\System\iHjsnla.exe
  C:\Windows\System\iHjsnla.exe
  2⤵
  PID:8312
- C:\Windows\System\dRBFSqX.exe
  C:\Windows\System\dRBFSqX.exe
  2⤵
  PID:8332
- C:\Windows\System\qyBEshQ.exe
  C:\Windows\System\qyBEshQ.exe
  2⤵
  PID:8348
- C:\Windows\System\BGOWcxe.exe
  C:\Windows\System\BGOWcxe.exe
  2⤵
  PID:8364
- C:\Windows\System\lqSktEY.exe
  C:\Windows\System\lqSktEY.exe
  2⤵
  PID:8380
- C:\Windows\System\AsAcwTw.exe
  C:\Windows\System\AsAcwTw.exe
  2⤵
  PID:8396
- C:\Windows\System\WfzIWEu.exe
  C:\Windows\System\WfzIWEu.exe
  2⤵
  PID:8412
- C:\Windows\System\EIfdAGS.exe
  C:\Windows\System\EIfdAGS.exe
  2⤵
  PID:8580
- C:\Windows\System\lIpVbYC.exe
  C:\Windows\System\lIpVbYC.exe
  2⤵
  PID:8600
- C:\Windows\System\pNWBZCK.exe
  C:\Windows\System\pNWBZCK.exe
  2⤵
  PID:8620
- C:\Windows\System\aWYgyPJ.exe
  C:\Windows\System\aWYgyPJ.exe
  2⤵
  PID:8640
- C:\Windows\System\OaUEfnc.exe
  C:\Windows\System\OaUEfnc.exe
  2⤵
  PID:8656
- C:\Windows\System\iBqImSh.exe
  C:\Windows\System\iBqImSh.exe
  2⤵
  PID:8676
- C:\Windows\System\XAKZfIy.exe
  C:\Windows\System\XAKZfIy.exe
  2⤵
  PID:8700
- C:\Windows\System\rwfiqrc.exe
  C:\Windows\System\rwfiqrc.exe
  2⤵
  PID:8716
- C:\Windows\System\ggAhEst.exe
  C:\Windows\System\ggAhEst.exe
  2⤵
  PID:8736
- C:\Windows\System\tJrJbnr.exe
  C:\Windows\System\tJrJbnr.exe
  2⤵
  PID:8756
- C:\Windows\System\oXBneRP.exe
  C:\Windows\System\oXBneRP.exe
  2⤵
  PID:8772
- C:\Windows\System\pHrmZOy.exe
  C:\Windows\System\pHrmZOy.exe
  2⤵
  PID:8788
- C:\Windows\System\vIXtUwA.exe
  C:\Windows\System\vIXtUwA.exe
  2⤵
  PID:8808
- C:\Windows\System\ANRitfG.exe
  C:\Windows\System\ANRitfG.exe
  2⤵
  PID:8824
- C:\Windows\System\lQKGUWr.exe
  C:\Windows\System\lQKGUWr.exe
  2⤵
  PID:8844
- C:\Windows\System\BdYprLS.exe
  C:\Windows\System\BdYprLS.exe
  2⤵
  PID:8876
- C:\Windows\System\jsfONOT.exe
  C:\Windows\System\jsfONOT.exe
  2⤵
  PID:8924
- C:\Windows\System\UWXvKaV.exe
  C:\Windows\System\UWXvKaV.exe
  2⤵
  PID:8960
- C:\Windows\System\jhApBWA.exe
  C:\Windows\System\jhApBWA.exe
  2⤵
  PID:8980
- C:\Windows\System\JHEpMZH.exe
  C:\Windows\System\JHEpMZH.exe
  2⤵
  PID:9008
- C:\Windows\System\EUSCEeb.exe
  C:\Windows\System\EUSCEeb.exe
  2⤵
  PID:9024
- C:\Windows\System\rAKiDXB.exe
  C:\Windows\System\rAKiDXB.exe
  2⤵
  PID:9044
- C:\Windows\System\hboFKHh.exe
  C:\Windows\System\hboFKHh.exe
  2⤵
  PID:9064
- C:\Windows\System\rSJJScU.exe
  C:\Windows\System\rSJJScU.exe
  2⤵
  PID:9084
- C:\Windows\System\BxFrOZe.exe
  C:\Windows\System\BxFrOZe.exe
  2⤵
  PID:9108
- C:\Windows\System\pCSKlTW.exe
  C:\Windows\System\pCSKlTW.exe
  2⤵
  PID:9124
- C:\Windows\System\nBZVmiJ.exe
  C:\Windows\System\nBZVmiJ.exe
  2⤵
  PID:9152
- C:\Windows\System\yjfRLLy.exe
  C:\Windows\System\yjfRLLy.exe
  2⤵
  PID:9168
- C:\Windows\System\BpLyMVu.exe
  C:\Windows\System\BpLyMVu.exe
  2⤵
  PID:9188
- C:\Windows\System\IRIvygs.exe
  C:\Windows\System\IRIvygs.exe
  2⤵
  PID:9204
- C:\Windows\System\RVUhKGt.exe
  C:\Windows\System\RVUhKGt.exe
  2⤵
  PID:2504
- C:\Windows\System\EpLMkCT.exe
  C:\Windows\System\EpLMkCT.exe
  2⤵
  PID:908
- C:\Windows\System\LjhOVpd.exe
  C:\Windows\System\LjhOVpd.exe
  2⤵
  PID:7272
- C:\Windows\System\EvZPpUQ.exe
  C:\Windows\System\EvZPpUQ.exe
  2⤵
  PID:2476
- C:\Windows\System\picwCeF.exe
  C:\Windows\System\picwCeF.exe
  2⤵
  PID:7572
- C:\Windows\System\joNhOZT.exe
  C:\Windows\System\joNhOZT.exe
  2⤵
  PID:7408
- C:\Windows\System\AJqLDfl.exe
  C:\Windows\System\AJqLDfl.exe
  2⤵
  PID:8256
- C:\Windows\System\TZgRTxc.exe
  C:\Windows\System\TZgRTxc.exe
  2⤵
  PID:7816
- C:\Windows\System\mFAOeVG.exe
  C:\Windows\System\mFAOeVG.exe
  2⤵
  PID:7912
- C:\Windows\System\sXuTJmU.exe
  C:\Windows\System\sXuTJmU.exe
  2⤵
  PID:7900
- C:\Windows\System\oFUXmhc.exe
  C:\Windows\System\oFUXmhc.exe
  2⤵
  PID:7928
- C:\Windows\System\AeCrfXh.exe
  C:\Windows\System\AeCrfXh.exe
  2⤵
  PID:8040
- C:\Windows\System\EuXagAa.exe
  C:\Windows\System\EuXagAa.exe
  2⤵
  PID:8044
- C:\Windows\System\poDWVBp.exe
  C:\Windows\System\poDWVBp.exe
  2⤵
  PID:8140
- C:\Windows\System\RAGuaSJ.exe
  C:\Windows\System\RAGuaSJ.exe
  2⤵
  PID:8268
- C:\Windows\System\FOiiByL.exe
  C:\Windows\System\FOiiByL.exe
  2⤵
  PID:8216
- C:\Windows\System\QDpbHEC.exe
  C:\Windows\System\QDpbHEC.exe
  2⤵
  PID:8240
- C:\Windows\System\oGoPXMK.exe
  C:\Windows\System\oGoPXMK.exe
  2⤵
  PID:8296
- C:\Windows\System\jDTBnLb.exe
  C:\Windows\System\jDTBnLb.exe
  2⤵
  PID:6996
- C:\Windows\System\LwNOKRp.exe
  C:\Windows\System\LwNOKRp.exe
  2⤵
  PID:8172
- C:\Windows\System\tvnBQor.exe
  C:\Windows\System\tvnBQor.exe
  2⤵
  PID:2308
- C:\Windows\System\svRJnIh.exe
  C:\Windows\System\svRJnIh.exe
  2⤵
  PID:2152
- C:\Windows\System\GsTuZAu.exe
  C:\Windows\System\GsTuZAu.exe
  2⤵
  PID:7212
- C:\Windows\System\YdrcxjP.exe
  C:\Windows\System\YdrcxjP.exe
  2⤵
  PID:7372
- C:\Windows\System\GViNMaF.exe
  C:\Windows\System\GViNMaF.exe
  2⤵
  PID:7716
- C:\Windows\System\BBRLYob.exe
  C:\Windows\System\BBRLYob.exe
  2⤵
  PID:7412
- C:\Windows\System\xGsNSNa.exe
  C:\Windows\System\xGsNSNa.exe
  2⤵
  PID:7656
- C:\Windows\System\scDGRgi.exe
  C:\Windows\System\scDGRgi.exe
  2⤵
  PID:7324
- C:\Windows\System\PuAxyHg.exe
  C:\Windows\System\PuAxyHg.exe
  2⤵
  PID:1336
- C:\Windows\System\fCGAkwI.exe
  C:\Windows\System\fCGAkwI.exe
  2⤵
  PID:7860
- C:\Windows\System\JjboWpg.exe
  C:\Windows\System\JjboWpg.exe
  2⤵
  PID:8244
- C:\Windows\System\ayirsYG.exe
  C:\Windows\System\ayirsYG.exe
  2⤵
  PID:8404
- C:\Windows\System\cZxdOhh.exe
  C:\Windows\System\cZxdOhh.exe
  2⤵
  PID:8340
- C:\Windows\System\EeFJrcz.exe
  C:\Windows\System\EeFJrcz.exe
  2⤵
  PID:8632
- C:\Windows\System\vcYwCwH.exe
  C:\Windows\System\vcYwCwH.exe
  2⤵
  PID:8320
- C:\Windows\System\SUYOSOJ.exe
  C:\Windows\System\SUYOSOJ.exe
  2⤵
  PID:8360
- C:\Windows\System\LfPjWwP.exe
  C:\Windows\System\LfPjWwP.exe
  2⤵
  PID:8432
- C:\Windows\System\SWcESLy.exe
  C:\Windows\System\SWcESLy.exe
  2⤵
  PID:8452
- C:\Windows\System\KkzVqkg.exe
  C:\Windows\System\KkzVqkg.exe
  2⤵
  PID:8468
- C:\Windows\System\KjszNZA.exe
  C:\Windows\System\KjszNZA.exe
  2⤵
  PID:8560
- C:\Windows\System\ZrBzDEZ.exe
  C:\Windows\System\ZrBzDEZ.exe
  2⤵
  PID:8576
- C:\Windows\System\MVdmCVN.exe
  C:\Windows\System\MVdmCVN.exe
  2⤵
  PID:8668
- C:\Windows\System\lrSLVWX.exe
  C:\Windows\System\lrSLVWX.exe
  2⤵
  PID:8780
- C:\Windows\System\CMbkgkd.exe
  C:\Windows\System\CMbkgkd.exe
  2⤵
  PID:8860
- C:\Windows\System\DtCbdvn.exe
  C:\Windows\System\DtCbdvn.exe
  2⤵
  PID:8868
- C:\Windows\System\MCVdJli.exe
  C:\Windows\System\MCVdJli.exe
  2⤵
  PID:8932
- C:\Windows\System\LJlWApx.exe
  C:\Windows\System\LJlWApx.exe
  2⤵
  PID:8940
- C:\Windows\System\bYvjsyd.exe
  C:\Windows\System\bYvjsyd.exe
  2⤵
  PID:9000
- C:\Windows\System\VnvQUSb.exe
  C:\Windows\System\VnvQUSb.exe
  2⤵
  PID:9040
- C:\Windows\System\vbNMWWx.exe
  C:\Windows\System\vbNMWWx.exe
  2⤵
  PID:8688
- C:\Windows\System\ITSQXEU.exe
  C:\Windows\System\ITSQXEU.exe
  2⤵
  PID:8728
- C:\Windows\System\bvBvWhl.exe
  C:\Windows\System\bvBvWhl.exe
  2⤵
  PID:9072
- C:\Windows\System\arBmhxs.exe
  C:\Windows\System\arBmhxs.exe
  2⤵
  PID:9116
- C:\Windows\System\XsKRohl.exe
  C:\Windows\System\XsKRohl.exe
  2⤵
  PID:8840
- C:\Windows\System\ByfaCVv.exe
  C:\Windows\System\ByfaCVv.exe
  2⤵
  PID:8968
- C:\Windows\System\cfNVCoX.exe
  C:\Windows\System\cfNVCoX.exe
  2⤵
  PID:9160
- C:\Windows\System\pTZvjdd.exe
  C:\Windows\System\pTZvjdd.exe
  2⤵
  PID:8920
- C:\Windows\System\XyHEhyL.exe
  C:\Windows\System\XyHEhyL.exe
  2⤵
  PID:7468
- C:\Windows\System\AkqUpgF.exe
  C:\Windows\System\AkqUpgF.exe
  2⤵
  PID:9020
- C:\Windows\System\EIAARIZ.exe
  C:\Windows\System\EIAARIZ.exe
  2⤵
  PID:2124
- C:\Windows\System\uuNXvgH.exe
  C:\Windows\System\uuNXvgH.exe
  2⤵
  PID:9184
- C:\Windows\System\oXltMkA.exe
  C:\Windows\System\oXltMkA.exe
  2⤵
  PID:9092
- C:\Windows\System\EwjExMY.exe
  C:\Windows\System\EwjExMY.exe
  2⤵
  PID:7608
- C:\Windows\System\brbCcAa.exe
  C:\Windows\System\brbCcAa.exe
  2⤵
  PID:9176
- C:\Windows\System\TbahdOp.exe
  C:\Windows\System\TbahdOp.exe
  2⤵
  PID:7356
- C:\Windows\System\Kddbard.exe
  C:\Windows\System\Kddbard.exe
  2⤵
  PID:7484
- C:\Windows\System\wTjEGZE.exe
  C:\Windows\System\wTjEGZE.exe
  2⤵
  PID:7336
- C:\Windows\System\gDsVkmj.exe
  C:\Windows\System\gDsVkmj.exe
  2⤵
  PID:7944
- C:\Windows\System\uOvKCDG.exe
  C:\Windows\System\uOvKCDG.exe
  2⤵
  PID:2520
- C:\Windows\System\unwzCpZ.exe
  C:\Windows\System\unwzCpZ.exe
  2⤵
  PID:8108
- C:\Windows\System\YuFxrxS.exe
  C:\Windows\System\YuFxrxS.exe
  2⤵
  PID:8236
- C:\Windows\System\PzKWQwx.exe
  C:\Windows\System\PzKWQwx.exe
  2⤵
  PID:1660
- C:\Windows\System\jHiqfNG.exe
  C:\Windows\System\jHiqfNG.exe
  2⤵
  PID:7552
- C:\Windows\System\uWzPMzg.exe
  C:\Windows\System\uWzPMzg.exe
  2⤵
  PID:8188
- C:\Windows\System\QrKCAPe.exe
  C:\Windows\System\QrKCAPe.exe
  2⤵
  PID:2732
- C:\Windows\System\yyvVyJm.exe
  C:\Windows\System\yyvVyJm.exe
  2⤵
  PID:7652
- C:\Windows\System\ncIIBzr.exe
  C:\Windows\System\ncIIBzr.exe
  2⤵
  PID:1096
- C:\Windows\System\xoLsbWE.exe
  C:\Windows\System\xoLsbWE.exe
  2⤵
  PID:8408
- C:\Windows\System\zaKPWJG.exe
  C:\Windows\System\zaKPWJG.exe
  2⤵
  PID:8356
- C:\Windows\System\eSOXIcO.exe
  C:\Windows\System\eSOXIcO.exe
  2⤵
  PID:8496
- C:\Windows\System\FTzwpNp.exe
  C:\Windows\System\FTzwpNp.exe
  2⤵
  PID:8520
- C:\Windows\System\dYOUvUG.exe
  C:\Windows\System\dYOUvUG.exe
  2⤵
  PID:8436
- C:\Windows\System\AvbCYXq.exe
  C:\Windows\System\AvbCYXq.exe
  2⤵
  PID:8424
- C:\Windows\System\VITPOkp.exe
  C:\Windows\System\VITPOkp.exe
  2⤵
  PID:8540
- C:\Windows\System\djfaPpS.exe
  C:\Windows\System\djfaPpS.exe
  2⤵
  PID:1276
- C:\Windows\System\RfTywNg.exe
  C:\Windows\System\RfTywNg.exe
  2⤵
  PID:8556
- C:\Windows\System\TuUkUYw.exe
  C:\Windows\System\TuUkUYw.exe
  2⤵
  PID:8572
- C:\Windows\System\xZmBGhf.exe
  C:\Windows\System\xZmBGhf.exe
  2⤵
  PID:8712
- C:\Windows\System\WYSkurq.exe
  C:\Windows\System\WYSkurq.exe
  2⤵
  PID:8784
- C:\Windows\System\vUuGCYO.exe
  C:\Windows\System\vUuGCYO.exe
  2⤵
  PID:8864
- C:\Windows\System\vAQgVYC.exe
  C:\Windows\System\vAQgVYC.exe
  2⤵
  PID:8888
- C:\Windows\System\UXWbcvH.exe
  C:\Windows\System\UXWbcvH.exe
  2⤵
  PID:8696
- C:\Windows\System\mTJuMWX.exe
  C:\Windows\System\mTJuMWX.exe
  2⤵
  PID:8884
- C:\Windows\System\CLCnsTo.exe
  C:\Windows\System\CLCnsTo.exe
  2⤵
  PID:8904
- C:\Windows\System\dfWSOjK.exe
  C:\Windows\System\dfWSOjK.exe
  2⤵
  PID:9060
- C:\Windows\System\HSvnuLM.exe
  C:\Windows\System\HSvnuLM.exe
  2⤵
  PID:8916
- C:\Windows\System\yDcEbyk.exe
  C:\Windows\System\yDcEbyk.exe
  2⤵
  PID:7308
- C:\Windows\System\DZMLSdv.exe
  C:\Windows\System\DZMLSdv.exe
  2⤵
  PID:9212
- C:\Windows\System\tlcSxqt.exe
  C:\Windows\System\tlcSxqt.exe
  2⤵
  PID:7996
- C:\Windows\System\pGXZVUk.exe
  C:\Windows\System\pGXZVUk.exe
  2⤵
  PID:264
- C:\Windows\System\KdNKdMs.exe
  C:\Windows\System\KdNKdMs.exe
  2⤵
  PID:7764
- C:\Windows\System\LoaXuDI.exe
  C:\Windows\System\LoaXuDI.exe
  2⤵
  PID:7268
- C:\Windows\System\iZwtvHT.exe
  C:\Windows\System\iZwtvHT.exe
  2⤵
  PID:7844
- C:\Windows\System\qVyGXOq.exe
  C:\Windows\System\qVyGXOq.exe
  2⤵
  PID:7896
- C:\Windows\System\ZcmUkUR.exe
  C:\Windows\System\ZcmUkUR.exe
  2⤵
  PID:8264
- C:\Windows\System\sZAmoQR.exe
  C:\Windows\System\sZAmoQR.exe
  2⤵
  PID:8208
- C:\Windows\System\wXkASbW.exe
  C:\Windows\System\wXkASbW.exe
  2⤵
  PID:4748
- C:\Windows\System\xoilNkt.exe
  C:\Windows\System\xoilNkt.exe
  2⤵
  PID:6824
- C:\Windows\System\jrjILEO.exe
  C:\Windows\System\jrjILEO.exe
  2⤵
  PID:7060
- C:\Windows\System\ULDTpAf.exe
  C:\Windows\System\ULDTpAf.exe
  2⤵
  PID:7436
- C:\Windows\System\gVogzbm.exe
  C:\Windows\System\gVogzbm.exe
  2⤵
  PID:7472
- C:\Windows\System\GVDPGnT.exe
  C:\Windows\System\GVDPGnT.exe
  2⤵
  PID:8232
- C:\Windows\System\Dbusjaw.exe
  C:\Windows\System\Dbusjaw.exe
  2⤵
  PID:7960
- C:\Windows\System\gZvgCzv.exe
  C:\Windows\System\gZvgCzv.exe
  2⤵
  PID:8372
- C:\Windows\System\fEsAWOS.exe
  C:\Windows\System\fEsAWOS.exe
  2⤵
  PID:8536
- C:\Windows\System\EFOGiDC.exe
  C:\Windows\System\EFOGiDC.exe
  2⤵
  PID:8708
- C:\Windows\System\sJUkGxP.exe
  C:\Windows\System\sJUkGxP.exe
  2⤵
  PID:8900
- C:\Windows\System\LjPgtyd.exe
  C:\Windows\System\LjPgtyd.exe
  2⤵
  PID:2316
- C:\Windows\System\SgQDbdB.exe
  C:\Windows\System\SgQDbdB.exe
  2⤵
  PID:1920
- C:\Windows\System\BuAMIGF.exe
  C:\Windows\System\BuAMIGF.exe
  2⤵
  PID:552
- C:\Windows\System\kcdYJtr.exe
  C:\Windows\System\kcdYJtr.exe
  2⤵
  PID:8768
- C:\Windows\System\sbnImRV.exe
  C:\Windows\System\sbnImRV.exe
  2⤵
  PID:2924
- C:\Windows\System\BJbdnOB.exe
  C:\Windows\System\BJbdnOB.exe
  2⤵
  PID:9148
- C:\Windows\System\pIdkaoB.exe
  C:\Windows\System\pIdkaoB.exe
  2⤵
  PID:8212
- C:\Windows\System\hHCeiLY.exe
  C:\Windows\System\hHCeiLY.exe
  2⤵
  PID:1896
- C:\Windows\System\QmHXKsX.exe
  C:\Windows\System\QmHXKsX.exe
  2⤵
  PID:8060
- C:\Windows\System\auYPUlp.exe
  C:\Windows\System\auYPUlp.exe
  2⤵
  PID:8820
- C:\Windows\System\GViKFtT.exe
  C:\Windows\System\GViKFtT.exe
  2⤵
  PID:8328
- C:\Windows\System\uOvIUZb.exe
  C:\Windows\System\uOvIUZb.exe
  2⤵
  PID:2552
- C:\Windows\System\lMBgqFv.exe
  C:\Windows\System\lMBgqFv.exe
  2⤵
  PID:8504
- C:\Windows\System\WdVZGZN.exe
  C:\Windows\System\WdVZGZN.exe
  2⤵
  PID:8344
- C:\Windows\System\RsilvDv.exe
  C:\Windows\System\RsilvDv.exe
  2⤵
  PID:8548
- C:\Windows\System\PNIJgtJ.exe
  C:\Windows\System\PNIJgtJ.exe
  2⤵
  PID:8752
- C:\Windows\System\CkWDiQs.exe
  C:\Windows\System\CkWDiQs.exe
  2⤵
  PID:2076
- C:\Windows\System\kHCVdpL.exe
  C:\Windows\System\kHCVdpL.exe
  2⤵
  PID:672
- C:\Windows\System\LxZonqQ.exe
  C:\Windows\System\LxZonqQ.exe
  2⤵
  PID:9080
- C:\Windows\System\vSDAbFL.exe
  C:\Windows\System\vSDAbFL.exe
  2⤵
  PID:616
- C:\Windows\System\NYFAKIL.exe
  C:\Windows\System\NYFAKIL.exe
  2⤵
  PID:9200
- C:\Windows\System\KfzQtcS.exe
  C:\Windows\System\KfzQtcS.exe
  2⤵
  PID:8028
- C:\Windows\System\zzgNVjs.exe
  C:\Windows\System\zzgNVjs.exe
  2⤵
  PID:8832
- C:\Windows\System\zijnMcA.exe
  C:\Windows\System\zijnMcA.exe
  2⤵
  PID:7848
- C:\Windows\System\amORlDj.exe
  C:\Windows\System\amORlDj.exe
  2⤵
  PID:7980
- C:\Windows\System\BlLFzqG.exe
  C:\Windows\System\BlLFzqG.exe
  2⤵
  PID:8492
- C:\Windows\System\rCUYhnU.exe
  C:\Windows\System\rCUYhnU.exe
  2⤵
  PID:8936
- C:\Windows\System\XMbfCDk.exe
  C:\Windows\System\XMbfCDk.exe
  2⤵
  PID:8724
- C:\Windows\System\DmMfYeG.exe
  C:\Windows\System\DmMfYeG.exe
  2⤵
  PID:9144
- C:\Windows\System\pZDOJKv.exe
  C:\Windows\System\pZDOJKv.exe
  2⤵
  PID:8196
- C:\Windows\System\NVbbOqT.exe
  C:\Windows\System\NVbbOqT.exe
  2⤵
  PID:8420
- C:\Windows\System\eyUFIkp.exe
  C:\Windows\System\eyUFIkp.exe
  2⤵
  PID:9056
- C:\Windows\System\QkguIZY.exe
  C:\Windows\System\QkguIZY.exe
  2⤵
  PID:2136
- C:\Windows\System\YoKEiZU.exe
  C:\Windows\System\YoKEiZU.exe
  2⤵
  PID:8168
- C:\Windows\System\iniXYoC.exe
  C:\Windows\System\iniXYoC.exe
  2⤵
  PID:8996
- C:\Windows\System\AIeuHTc.exe
  C:\Windows\System\AIeuHTc.exe
  2⤵
  PID:7976
- C:\Windows\System\aCYGGvc.exe
  C:\Windows\System\aCYGGvc.exe
  2⤵
  PID:8444
- C:\Windows\System\QkQufCT.exe
  C:\Windows\System\QkQufCT.exe
  2⤵
  PID:8204
- C:\Windows\System\eMFmHBG.exe
  C:\Windows\System\eMFmHBG.exe
  2⤵
  PID:8392
- C:\Windows\System\FwyDFfh.exe
  C:\Windows\System\FwyDFfh.exe
  2⤵
  PID:2116
- C:\Windows\System\DHRssxm.exe
  C:\Windows\System\DHRssxm.exe
  2⤵
  PID:2276
- C:\Windows\System\WHlCYaL.exe
  C:\Windows\System\WHlCYaL.exe
  2⤵
  PID:8292
- C:\Windows\System\kyJDxHN.exe
  C:\Windows\System\kyJDxHN.exe
  2⤵
  PID:8512
- C:\Windows\System\ykbWEnI.exe
  C:\Windows\System\ykbWEnI.exe
  2⤵
  PID:9232
- C:\Windows\System\BkMxbMD.exe
  C:\Windows\System\BkMxbMD.exe
  2⤵
  PID:9256
- C:\Windows\System\AMTuPDw.exe
  C:\Windows\System\AMTuPDw.exe
  2⤵
  PID:9276
- C:\Windows\System\ayIfoVN.exe
  C:\Windows\System\ayIfoVN.exe
  2⤵
  PID:9296
- C:\Windows\System\EiBJDRz.exe
  C:\Windows\System\EiBJDRz.exe
  2⤵
  PID:9316
- C:\Windows\System\rwMVSaj.exe
  C:\Windows\System\rwMVSaj.exe
  2⤵
  PID:9336
- C:\Windows\System\aKxDSjt.exe
  C:\Windows\System\aKxDSjt.exe
  2⤵
  PID:9352
- C:\Windows\System\irRzrUn.exe
  C:\Windows\System\irRzrUn.exe
  2⤵
  PID:9372
- C:\Windows\System\QufQhXi.exe
  C:\Windows\System\QufQhXi.exe
  2⤵
  PID:9392
- C:\Windows\System\hJFENEX.exe
  C:\Windows\System\hJFENEX.exe
  2⤵
  PID:9416
- C:\Windows\System\RxVboZm.exe
  C:\Windows\System\RxVboZm.exe
  2⤵
  PID:9436
- C:\Windows\System\PScJyoV.exe
  C:\Windows\System\PScJyoV.exe
  2⤵
  PID:9456
- C:\Windows\System\rpWlzxo.exe
  C:\Windows\System\rpWlzxo.exe
  2⤵
  PID:9472
- C:\Windows\System\TiAzdCs.exe
  C:\Windows\System\TiAzdCs.exe
  2⤵
  PID:9496
- C:\Windows\System\UtDuHLp.exe
  C:\Windows\System\UtDuHLp.exe
  2⤵
  PID:9512
- C:\Windows\System\lLDVCJZ.exe
  C:\Windows\System\lLDVCJZ.exe
  2⤵
  PID:9536
- C:\Windows\System\fBQGWVC.exe
  C:\Windows\System\fBQGWVC.exe
  2⤵
  PID:9552
- C:\Windows\System\qnaRddY.exe
  C:\Windows\System\qnaRddY.exe
  2⤵
  PID:9568
- C:\Windows\System\Aekbpod.exe
  C:\Windows\System\Aekbpod.exe
  2⤵
  PID:9584
- C:\Windows\System\IlaPWKU.exe
  C:\Windows\System\IlaPWKU.exe
  2⤵
  PID:9600
- C:\Windows\System\LyLbqjd.exe
  C:\Windows\System\LyLbqjd.exe
  2⤵
  PID:9616
- C:\Windows\System\lHwJaWa.exe
  C:\Windows\System\lHwJaWa.exe
  2⤵
  PID:9648
- C:\Windows\System\YmfRBnP.exe
  C:\Windows\System\YmfRBnP.exe
  2⤵
  PID:9680
- C:\Windows\System\XlxZrqC.exe
  C:\Windows\System\XlxZrqC.exe
  2⤵
  PID:9700
- C:\Windows\System\lDRfupR.exe
  C:\Windows\System\lDRfupR.exe
  2⤵
  PID:9716
- C:\Windows\System\dmPBtCb.exe
  C:\Windows\System\dmPBtCb.exe
  2⤵
  PID:9732
- C:\Windows\System\FcewZUr.exe
  C:\Windows\System\FcewZUr.exe
  2⤵
  PID:9748
- C:\Windows\System\ESNGfUa.exe
  C:\Windows\System\ESNGfUa.exe
  2⤵
  PID:9764
- C:\Windows\System\AHoVEsL.exe
  C:\Windows\System\AHoVEsL.exe
  2⤵
  PID:9780
- C:\Windows\System\CGXHxQz.exe
  C:\Windows\System\CGXHxQz.exe
  2⤵
  PID:9796
- C:\Windows\System\hUymNHa.exe
  C:\Windows\System\hUymNHa.exe
  2⤵
  PID:9812
- C:\Windows\System\hSPzDQw.exe
  C:\Windows\System\hSPzDQw.exe
  2⤵
  PID:9828
- C:\Windows\System\zAnNcEF.exe
  C:\Windows\System\zAnNcEF.exe
  2⤵
  PID:9844
- C:\Windows\System\LzhYANr.exe
  C:\Windows\System\LzhYANr.exe
  2⤵
  PID:9880
- C:\Windows\System\zdmtzge.exe
  C:\Windows\System\zdmtzge.exe
  2⤵
  PID:9916
- C:\Windows\System\pCzZSYB.exe
  C:\Windows\System\pCzZSYB.exe
  2⤵
  PID:9932
- C:\Windows\System\btqRtiJ.exe
  C:\Windows\System\btqRtiJ.exe
  2⤵
  PID:9948
- C:\Windows\System\JroeFXA.exe
  C:\Windows\System\JroeFXA.exe
  2⤵
  PID:9964
- C:\Windows\System\IYUkhiW.exe
  C:\Windows\System\IYUkhiW.exe
  2⤵
  PID:9980
- C:\Windows\System\vaZqgdH.exe
  C:\Windows\System\vaZqgdH.exe
  2⤵
  PID:10000
- C:\Windows\System\kHfpEII.exe
  C:\Windows\System\kHfpEII.exe
  2⤵
  PID:10016
- C:\Windows\System\MeEdSgB.exe
  C:\Windows\System\MeEdSgB.exe
  2⤵
  PID:10060
- C:\Windows\System\OQwBvZz.exe
  C:\Windows\System\OQwBvZz.exe
  2⤵
  PID:10076
- C:\Windows\System\licUkpk.exe
  C:\Windows\System\licUkpk.exe
  2⤵
  PID:10096
- C:\Windows\System\vneitHA.exe
  C:\Windows\System\vneitHA.exe
  2⤵
  PID:10112
- C:\Windows\System\OSkoTfb.exe
  C:\Windows\System\OSkoTfb.exe
  2⤵
  PID:10128
- C:\Windows\System\suxojJR.exe
  C:\Windows\System\suxojJR.exe
  2⤵
  PID:10152
- C:\Windows\System\sRneQEB.exe
  C:\Windows\System\sRneQEB.exe
  2⤵
  PID:10168
- C:\Windows\System\smztsvZ.exe
  C:\Windows\System\smztsvZ.exe
  2⤵
  PID:10184
- C:\Windows\System\xYomAZw.exe
  C:\Windows\System\xYomAZw.exe
  2⤵
  PID:10220
- C:\Windows\System\jIpApqp.exe
  C:\Windows\System\jIpApqp.exe
  2⤵
  PID:10236
- C:\Windows\System\EcrOOAl.exe
  C:\Windows\System\EcrOOAl.exe
  2⤵
  PID:9240
- C:\Windows\System\vViXzNP.exe
  C:\Windows\System\vViXzNP.exe
  2⤵
  PID:9228
- C:\Windows\System\irgJJkF.exe
  C:\Windows\System\irgJJkF.exe
  2⤵
  PID:9264
- C:\Windows\System\FeVUtEj.exe
  C:\Windows\System\FeVUtEj.exe
  2⤵
  PID:8260
- C:\Windows\System\DiwKdch.exe
  C:\Windows\System\DiwKdch.exe
  2⤵
  PID:9324
- C:\Windows\System\kxpzFjH.exe
  C:\Windows\System\kxpzFjH.exe
  2⤵
  PID:9360
- C:\Windows\System\togjYGR.exe
  C:\Windows\System\togjYGR.exe
  2⤵
  PID:9388
- C:\Windows\System\eZTKyst.exe
  C:\Windows\System\eZTKyst.exe
  2⤵
  PID:9424
- C:\Windows\System\yGaECWR.exe
  C:\Windows\System\yGaECWR.exe
  2⤵
  PID:9448
- C:\Windows\System\QoFAXdH.exe
  C:\Windows\System\QoFAXdH.exe
  2⤵
  PID:9488
- C:\Windows\System\iDLIkbM.exe
  C:\Windows\System\iDLIkbM.exe
  2⤵
  PID:9532
- C:\Windows\System\rXWxQPX.exe
  C:\Windows\System\rXWxQPX.exe
  2⤵
  PID:9548
- C:\Windows\System\VNwMbsY.exe
  C:\Windows\System\VNwMbsY.exe
  2⤵
  PID:9624
- C:\Windows\System\RSoLWMF.exe
  C:\Windows\System\RSoLWMF.exe
  2⤵
  PID:9612
- C:\Windows\System\MfRBupx.exe
  C:\Windows\System\MfRBupx.exe
  2⤵
  PID:9656
- C:\Windows\System\mYxdycQ.exe
  C:\Windows\System\mYxdycQ.exe
  2⤵
  PID:9668
- C:\Windows\System\ZLBDLSL.exe
  C:\Windows\System\ZLBDLSL.exe
  2⤵
  PID:9744
- C:\Windows\System\XPJZCUu.exe
  C:\Windows\System\XPJZCUu.exe
  2⤵
  PID:9740
- C:\Windows\System\EBtxNYI.exe
  C:\Windows\System\EBtxNYI.exe
  2⤵
  PID:9840
- C:\Windows\System\LKTlnKW.exe
  C:\Windows\System\LKTlnKW.exe
  2⤵
  PID:9820
- C:\Windows\System\iYSvFRY.exe
  C:\Windows\System\iYSvFRY.exe
  2⤵
  PID:9876
- C:\Windows\System\UKTqFuB.exe
  C:\Windows\System\UKTqFuB.exe
  2⤵
  PID:9864
- C:\Windows\System\upmpAXd.exe
  C:\Windows\System\upmpAXd.exe
  2⤵
  PID:9960
- C:\Windows\System\MNgFBVD.exe
  C:\Windows\System\MNgFBVD.exe
  2⤵
  PID:10036
- C:\Windows\System\GuikXDb.exe
  C:\Windows\System\GuikXDb.exe
  2⤵
  PID:10012
- C:\Windows\System\XiSjRRG.exe
  C:\Windows\System\XiSjRRG.exe
  2⤵
  PID:9972
- C:\Windows\System\gugWRYD.exe
  C:\Windows\System\gugWRYD.exe
  2⤵
  PID:10072
- C:\Windows\System\BJQlOts.exe
  C:\Windows\System\BJQlOts.exe
  2⤵
  PID:10120
- C:\Windows\System\cQBPxFR.exe
  C:\Windows\System\cQBPxFR.exe
  2⤵
  PID:10164
- C:\Windows\System\lkJcmrN.exe
  C:\Windows\System\lkJcmrN.exe
  2⤵
  PID:10208
- C:\Windows\System\fEvyWtg.exe
  C:\Windows\System\fEvyWtg.exe
  2⤵
  PID:10148
- C:\Windows\System\YuAZLBa.exe
  C:\Windows\System\YuAZLBa.exe
  2⤵
  PID:10136
- C:\Windows\System\pfaPiLv.exe
  C:\Windows\System\pfaPiLv.exe
  2⤵
  PID:9248
- C:\Windows\System\GLQmkWH.exe
  C:\Windows\System\GLQmkWH.exe
  2⤵
  PID:9312
- C:\Windows\System\WsPdfdD.exe
  C:\Windows\System\WsPdfdD.exe
  2⤵
  PID:9576
- C:\Windows\System\JDKzGXk.exe
  C:\Windows\System\JDKzGXk.exe
  2⤵
  PID:9644
- C:\Windows\System\EzDWBvL.exe
  C:\Windows\System\EzDWBvL.exe
  2⤵
  PID:9220
- C:\Windows\System\AHTFIVl.exe
  C:\Windows\System\AHTFIVl.exe
  2⤵
  PID:9728
- C:\Windows\System\aOJyfEs.exe
  C:\Windows\System\aOJyfEs.exe
  2⤵
  PID:9404
- C:\Windows\System\XEFlcKx.exe
  C:\Windows\System\XEFlcKx.exe
  2⤵
  PID:9696
- C:\Windows\System\JtoTIYc.exe
  C:\Windows\System\JtoTIYc.exe
  2⤵
  PID:9492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ADMfYVh.exe

Filesize
6.0MB

MD5
b4c3347072b37a4711fd57220c0044ee

SHA1
a2733a735ee7fd97338d13177f27b464b1ab9eb7

SHA256
edcaa1c8ae43d76daa0bb72209b0e5ffe8b13187ad36b7bb9cc04da5e1da07f3

SHA512
732b79a01a441a695ae250ccfd212a843887cc3fec2287899b5f618a96350d0781540d058edf12e6ad3128bb1b2d342bd39fbe798a6327a1657ae5328cb508ea

Download Submit
C:\Windows\system\BcJctco.exe

Filesize
6.0MB

MD5
c56e0edd3f05ba8aaaac5b30290201e2

SHA1
7e8a6d492dcfd18b9b0b96f1e95e741d284c9a36

SHA256
985ea0ba7dfcdf1ee4bee249cf70396a624f791d85f8fc77a8566c8b93998312

SHA512
1b15f19f0c446f4730c4ec962db63c04a836fdf7616f441947868fc5014b8898cdd77d9237e9875da7b164ae3766e5fd50c5557991fc96bd13c2bb0b24405289

Download Submit
C:\Windows\system\CjZLdoO.exe

Filesize
6.0MB

MD5
9426438c3e3de98904e49342618e8bf4

SHA1
3e9ea287f6ac554c61ed11106676fb03ff07eb71

SHA256
909db27961b8745b364e93e44e426a1950f3ce47ca055cb0afd3483ae14b7462

SHA512
645b83401610f29f13be185e0935eef33c8efa51a9da772ccafed62b47652c37d0790c212c37f28617c3571b8f2a25aaf1495e7841569b3faad13302be66cdb1

Download Submit
C:\Windows\system\DFNervV.exe

Filesize
6.0MB

MD5
78871fa84fbc9ff07b2a521a591b9491

SHA1
181eb14e4aa57a50797200a682a6030ecf078443

SHA256
9ddc3104c426f8c3a969e5470c45eae70174045c08ea17c5aaad9fbe177f4237

SHA512
ff62ad577ea9a67f70d98ba1666f7b0d0879bb51582448cbbbde3484a81b1eedbd2aef749ebc9dbf6e706183f1cfad04bc6b4e7410ecb2438cb4c2bf712c3fe3

Download Submit
C:\Windows\system\FVnDKnk.exe

Filesize
6.0MB

MD5
4e89ca693d595b3529c3572fed9a6189

SHA1
e40e595fbb21ae1ea52b7cb75d46391686951040

SHA256
cfe9c2e4da82fa5a11421831529ab80ec411d5ed55640b1a3f833b626a52c248

SHA512
186a18a5e00db4ae5ca39a80428457acf1f4319ad9582ada14f1879f530e6f38ce282c498d50195019c41140d0593e1df2383c2c4a25df3b5adaac2e156410ce

Download Submit
C:\Windows\system\Hlgxxdh.exe

Filesize
6.0MB

MD5
49b87ebf9f5a2872c6fd780b1043849a

SHA1
fcd2c7dcb080cb80e53df1e14e1a0886b87dd4e2

SHA256
48c5584a6a6ed01186b896d58aba2ab029930e1135d6ef63501a7495354cdbf9

SHA512
6820c3291f9ef2f84d61a11a164683ec6b76f1eba62789800335674e1b1079fbe22c38d4febd444c47fc0b31933536a618913243cad8a6276ba86bb2a3917333

Download Submit
C:\Windows\system\NtErLyP.exe

Filesize
6.0MB

MD5
d1a7aec5783b7fd6df8c5f5024875ea2

SHA1
2ecbb58643ace6b02b628ef9b425b575c95d717a

SHA256
8d6c9ec734c8b1bc82e899aa6e683d08850c5d506cadafc11d25487948ae5ba2

SHA512
3309bada648bca93d5f840f666ab750b25fea95c0e9d7659d75191d0fe53d511afdc7a01dc178d4d1ea16d019b4a60dbf8e12586875e902f36845e216c997472

Download Submit
C:\Windows\system\OehhGME.exe

Filesize
6.0MB

MD5
1acf940ea630c31163d5a97bda5c8846

SHA1
f6cb7353abe8406dc7acb95b14a616e77ba73664

SHA256
06d3878cf607a2fb85280837087ab66c10d1a133ea5831b0ea9b827b10dfa25a

SHA512
bee90edf77eae6635abf09445acd524d5854ccb6faf31045171fd24eb11a37a4bf6d26e0df84e6ed5a4084ae371f3b069d59de2f2f7e95a645fa7210c9361eaa

Download Submit
C:\Windows\system\PBmzbsZ.exe

Filesize
6.0MB

MD5
278a96519183791a9b15ad4892f3e6bc

SHA1
2dc628c0529f49edb248ebe38082c21e38e0f311

SHA256
b5385c55d86a6cd7d40f9da9e770516f944f1899813eee30e7de03452c3ccbef

SHA512
489d64c15c872321c3873298d9995c4f260eefcceff9b1ecc563f4467c7dabc8c467ffd1c628f2e92252d99d798c9bb2448129113e40258ae121508920c714b8

Download Submit
C:\Windows\system\PDEzhFl.exe

Filesize
6.0MB

MD5
f1691221a673caee1cd410fabc4ee9cf

SHA1
2e1f78c3de001c5ba10234a167f63f748dc3f9b8

SHA256
0d575f069e1e229522628788a3c798d1c08ee880be6869104dc061c124190a59

SHA512
495525ab2120b8f8e9699eb39d721b1e6017d9afdef3f0751b468fda1a19461b81c9d96423302d39c383950415f2e39fc2688f74a17a6307258e2f46616d0ec8

Download Submit
C:\Windows\system\RuCLOLz.exe

Filesize
6.0MB

MD5
9f350c21a27a9787943a87f4708404e5

SHA1
1a4a658ecd4ce38d17df3a9efc4f4a8b60f14b93

SHA256
f4462d26c2248993ae5db0c0f2ef930ad8fd335db1b25aade61ac17deecbc4d0

SHA512
e140b9c0e0ed509d9328836ab5975e268275123ae90a30ee37ace99d35f82e9ce0695c1d0968f71d367da23cb8d38aa1f24a72fcfaea1906723d667410b78960

Download Submit
C:\Windows\system\UqGUHme.exe

Filesize
6.0MB

MD5
086f0292b4f8f3f944f8c3927b941409

SHA1
2bd9f3563c8c56f7a3da69606c348ce8a7db6abf

SHA256
d225fcb1058d540118b97f5e14dbc28f55e2504d4b64c776e0c1a800bb274db7

SHA512
e15a0187ccbcc166af127d5d22748e16fa721fdd14908c9cf2437105006f09352b5a491794d0b8e9db2833d10a8d43f7c96d9400f97b99e79a1cecb4c2087041

Download Submit
C:\Windows\system\VJCpUMN.exe

Filesize
6.0MB

MD5
d3dfa6250090f2a9c732be1f3b2900b1

SHA1
0ccf67dd80d8ac35dd7ac1665d9c0a539f32f3b1

SHA256
3959400f7e2074806850689494311237c52f19ec2955446c808949805ffdf457

SHA512
58681ad8090463f0f205b1fb3668a62e5f1ff3555981241a4ae166e91e3092d4a48fcf5d51440403b4428441826b939a3774d19b627b53a2e9088f33c680cba1

Download Submit
C:\Windows\system\VszyjxB.exe

Filesize
6.0MB

MD5
1b800a1941ca10093aa89e7c0ee5c8bb

SHA1
35d8a5b3c7b89d9810062a5fe3f9323c31ee11b7

SHA256
b8e4b78ae818a9e2d5f6a24356cf7762d18d875c2ba4ca35c299491a66f2c461

SHA512
99911b0ac280926e4cd29cdf42e2bf874f39a92312b8e51188e82221a309846fc21be25ba8d65431c3ad2cb78b859346739b5d0f058632a1f28849d0c550b05f

Download Submit
C:\Windows\system\YseVkxL.exe

Filesize
6.0MB

MD5
1d1f45cdfb8e1fe5868b0aabfcee087c

SHA1
93a8d325f03c2afb361d5ee7db2d759c2352f620

SHA256
eebead73e077d4c3803ea2357a7811c10f16727480478d87a85662897e087974

SHA512
afa14052debe2b069d18c539a27af55e224d0a17bdab6c73231196dd0ca379594a442d1505d783983fc833620f710add99b2fea42f6e47ff4f4334e9aa0f6adb

Download Submit
C:\Windows\system\apRIwyQ.exe

Filesize
6.0MB

MD5
506ba28ff43b58ac82b7ae818cf93aa5

SHA1
abe588e031cd797dee54c0ed1c8932a9922cec82

SHA256
1ef703b01d004a6b782717cc6afb950f6b73cba6eaf5518d1cd6a50549e7d974

SHA512
5a06564b8205fa20fddf140584c73900269a051c59d2b86263ecac31bba0ba1761de3b6f08c1508a0aa1f501b04986a42e9a291b0f4ee20f50168cba47960a9b

Download Submit
C:\Windows\system\cxqQJfP.exe

Filesize
6.0MB

MD5
4299bf4f166f954f4f02a8541de4f7f4

SHA1
52f3316af9d2396a7e602b6eb74949e808c88d17

SHA256
a1bad3d81351cf36639d66c8e194e94172f446c67b099a6bdf67ae6eea0eb580

SHA512
6320b0897d927dcbcb2fa9da48b8a0b45159ca863527fd227d5b9f199dc6fb2676240324b9e43d4b543f55d3dbea8a4d7825f67f36edea847f5448d4f9961642

Download Submit
C:\Windows\system\gmDUfiD.exe

Filesize
6.0MB

MD5
344fcc7f55e36c4fbc015602bea85ae5

SHA1
4704c201ba396c1d04f0e9483d31af56822f7b62

SHA256
d7b7f9a9419ccf8819d9c729c21c50ba51494631529ae77e1ccf36d34d1817a4

SHA512
4ac12586a4c8c6edd5ea6c05d44814f5ff85fee19a600f7a7c014b9eb481108a7cd08c41e6bfc49d32db97959f1988d382f664267b644a257b41cb0e02343b55

Download Submit
C:\Windows\system\lWydRAf.exe

Filesize
6.0MB

MD5
6bfef00334f53892dba4616a925db8a3

SHA1
d42576db225f73df8c5055d187ef6649a39c6e45

SHA256
4d53575d600991256784ca7211390d47f25038237d7d74a122dd4f8609de5326

SHA512
4eaf93e681c565b62da7826f72b105aa89ef1edae901c2fc60b0dd8f130b18ac4879d5920c0650badeea8df870889a90feb31ad28ea41f61ee7a4a91342a038b

Download Submit
C:\Windows\system\lxUbhMD.exe

Filesize
6.0MB

MD5
10a972a0347e4d13f504d16f8cbe4735

SHA1
868d81772b6d5e5169f9b76a2a5a7a08f6e109f6

SHA256
7208abe2cf9a2d354a2aa99b0bff280ade54d9ee730e7d0a660735620cb70cb2

SHA512
24ec7152dd0a1fb35e7158a9de3d613b51b4b899c03dcecc8aedd8d7a6b3c6d1376b94b8e7f136937b489d23101cc748f4524adcfee9f6385d017f2169a4f12e

Download Submit
C:\Windows\system\mNNmMKl.exe

Filesize
6.0MB

MD5
f166270b45fd93c4ed739cb1621c13c4

SHA1
ce7113798ec11f6f4762796733b72b3ef0a14395

SHA256
20731f61aaafe19d37e5d0ad1bf45117f8fb08c58e7b6e30f334b98f0aee5533

SHA512
03431ffd5d1c259ed7e8db4da2b3897227bb2b506aad3bc83c9b6597a1d1ea3825d709df98e2a549500bc95c8ecac942b70fbb61a73625191369fa59864b5b0e

Download Submit
C:\Windows\system\oxxuIZm.exe

Filesize
6.0MB

MD5
8bd3a35bd7a2ac661f363bebcc9b3c69

SHA1
94c9a4643553418f3d5730c33c01cd5988fac7d1

SHA256
902e172ae2d3bf2b1d6f46d27f680fb5870dc67c3cca501bf4f8b27580ed4214

SHA512
9864c2178c11a313bd254c2a7dc5e225971377d3b66493d4d98411cf9b75f60cb3debf5f8b3402ed01c6ff251c222979c38dccb14d7b61261bfb2c8c2bb53c06

Download Submit
C:\Windows\system\pNWdkJy.exe

Filesize
6.0MB

MD5
1e4b0094efaca7df919d61cdc2f5866b

SHA1
be7530c1b627fc19b0fc806291dc766a3a8ae790

SHA256
58ea905f5de38c2aa977a0e50452a9ffb8c86823d09b6ddc07f731e35b6e11ae

SHA512
69d9b67e8577c60cb9eab58ff47cafe18ba4b88dd8e838a6005707f183c121811bb26301a2f2c54b121f8ba311500c8a216a54ea930c48738b22128dd2e38922

Download Submit
C:\Windows\system\xZAfCVd.exe

Filesize
6.0MB

MD5
69b3a26f2f6e95d5f370357f3fdc9417

SHA1
24c779a1dd368b64c72a81c774e19cff85cf2a63

SHA256
ebcb0d35aa762bc096ee00961ecbde13039dfb9c3ed1f756446e6a2665e7a61a

SHA512
fbf867d2adcb48823d3eb07a2fed3f0d66ae5c7d9eee53ad9b996fa0d82d9b0b9c1d92094f0d09537e28a55371ee782ae188dc0432f0bd48594c4ba8ee5a8bd7

Download Submit
C:\Windows\system\xgyNzlp.exe

Filesize
6.0MB

MD5
5dbd20b4a90d220c2d5f0b12519ff6ba

SHA1
04e761cebc476d07c66bf77c03012e4d50703b7e

SHA256
1790ba9258adf294e3d3aabad7bfbf22cec85208e83a1468afb64b38d71f3b2e

SHA512
49c037aa706ed94eddb5c75c82bbe407dab5af6984528211bf1ccc04e24012d377c27f188c487ca219a736d6948be9a53ec8549044b1088405fb6a4d0f5177a1

Download Submit
C:\Windows\system\zpLoRzO.exe

Filesize
6.0MB

MD5
615069489ac7f4e3cf078e90f2515360

SHA1
c8bc1412da473a1998aa4bb74d46964731bee5c7

SHA256
773f6df9c167bf48347d15fe71f05ad472cae590a3c63490dcb5b3f488f0c0ed

SHA512
65bee6fdf74f7a4ed59f8c88b01115095f4d6d6f797d7d4a91514acca650990a1b7c38844547dd162a2e631f57dab2af37e1216932d85fefd495aeb0423e064d

Download Submit
\Windows\system\IHLytzf.exe

Filesize
6.0MB

MD5
482e791c5983bf68b3b574f66a8b434f

SHA1
15fba24b5922181a23770e11ba385081befa8749

SHA256
58a2e01386add94e9ba42ec55ef3774f054ac32c7231325a850cb81625969b9d

SHA512
ec1f0e1dd8b98a18a5708b645287ce944cbac2c8fe9b5a7c8a9fa75f9feaadc07f8fb678f1b02f74006f6b62c2e676a1f053f6d3229ea7a7c0ea81a4c23bab74

Download Submit
\Windows\system\JJhGjPa.exe

Filesize
6.0MB

MD5
d35b3964a5dd087319cb673cfa734695

SHA1
e6b927d37437b818013bc3f325de3d94997d1986

SHA256
c64ceb8fa36e73dcb240cbcce2f8c82596ec6be89f57989d8e83e3f1f890c27a

SHA512
193b5ad6f5caaa1fed5de029e4132ebb9e51be13303f1ef8a76e3b9916e962d44a37ed05aadcddc7c3602a24a2aa079150e6ad9b905b07659c5c4cd9bfa97fc4

Download Submit
\Windows\system\KpoiKJJ.exe

Filesize
6.0MB

MD5
e15a27315a8009badf763032b569a422

SHA1
ab98a3cd051f5c6ec8c220149cb4bede8ccfa9e5

SHA256
508ca3446a26d9c11110ca36cbfc82b13c2fd5b9afd7640c2edc21aa4e155af9

SHA512
39aea69fc49b8fb10abca522ab25fc3b769a0e580c61330f67638d8bf5d5735bf594a407c43257caccae2b5d799d34ad8d50b9457f14d8ffb8d21698d98ccb45

Download Submit
\Windows\system\LqcmtLo.exe

Filesize
6.0MB

MD5
d48ff6f78d87b04bf347af90566afaed

SHA1
d80fe8a50b16472ea6554cc790244ed3ed4ffcc0

SHA256
cef00de7a01e9f9efe3018032a49fd3a5f83db83b7df7cc373b9391e3f1bd70a

SHA512
0ec401d582274083261ba61607381b6d460d438d20eead03a0aa7b4345dfab7d832cf56bc77403a4ac59bb20b044ccd5bc4d387b39ce5fb326bbac320b7aaa03

Download Submit
\Windows\system\MbqzJmM.exe

Filesize
6.0MB

MD5
2124d384a46ed5d3b60c48dee24d6707

SHA1
125b5129736b812fd8d86cc162807a01bdb61eca

SHA256
40eb2cc6d9b66b30912f58ac3cd16863feeaacf5d6841f4fcde90a5d30e1240d

SHA512
4cd0ab441197f1c97d5945bd664cb0ff7ac5e6b4a5dc2953ba3091ac45b47783e47bb577a8ed0c0af122ef805a1d218ddc947d6e80b070a6a6f1bfe778989992

Download Submit
\Windows\system\hJnUJSf.exe

Filesize
6.0MB

MD5
c4154e650a7783cc8888b098d93e0c58

SHA1
bb27fb085ff2d11d7869d8e271bfb567035806a8

SHA256
12cf2913e2fb67e2bfd1395e987ef05627ffffda45b361c0837652031e6449cb

SHA512
83fe6433dfa1954eb755cb568191dde1e1f836b8660b5ae7af30f0f175ff441d54b33a19f7aa85f0f7b0f2f85c26aa2cce6b25e149f9dfc403e7d20d32981934

Download Submit
memory/1592-97-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1592-3918-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1900-123-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1900-42-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/1900-968-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1900-895-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1900-98-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1900-765-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1900-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1900-129-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/1900-130-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1900-21-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/1900-50-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1900-15-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1900-8-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-1087-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1900-63-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1900-0-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1900-28-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1900-124-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-77-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-84-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-36-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1900-902-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-112-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/1900-111-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2072-122-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2072-3914-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2432-3920-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-29-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-202-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-3913-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2536-106-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2536-969-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3919-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-72-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-901-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3915-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-12-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3912-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-48-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-766-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-23-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2676-59-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3916-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2724-528-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2724-43-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2760-16-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3921-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-37-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2972-3917-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-903-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2972-88-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download