cobaltstrike | a90e3c29316a52e0da08afa67e3f92a321af0c0187a40e5f13448e61dee31f79

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/12/2024, 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

6fc3a315e3803703a79f81c62e99f9c0
SHA1

84d33645ad6d2a30f99b0ef35e1b9bba37a77ca8
SHA256

a90e3c29316a52e0da08afa67e3f92a321af0c0187a40e5f13448e61dee31f79
SHA512

d344158b183bb03641e403547aca64507328de9919b669dd68f2139c1b467d02b3fca70fd4de36c984b8f470dd808c807f9636bbbb2277546bf5c7b0d50fa550
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUb:T+q56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 39 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000500000001929a-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-145.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-140.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-138.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-127.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-120.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-106.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c8c-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-93.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-86.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a6-78.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f3-71.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746a-68.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017400-59.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ac1-43.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-126.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-103.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-102.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-92.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-74.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c73-50.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016645-37.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001686c-41.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000164db-30.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015f96-26.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016334-20.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016210-14.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000012117-7.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1224-893-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2284-654-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2236-422-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/3028-186-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001929a-185.dat	xmrig
behavioral1/files/0x0005000000019319-183.dat	xmrig
behavioral1/files/0x0005000000019278-176.dat	xmrig
behavioral1/files/0x000500000001926c-165.dat	xmrig
behavioral1/files/0x0005000000019259-145.dat	xmrig
behavioral1/files/0x00060000000190e1-140.dat	xmrig
behavioral1/files/0x0006000000018f65-138.dat	xmrig
behavioral1/files/0x0006000000018c34-137.dat	xmrig
behavioral1/files/0x0005000000019217-134.dat	xmrig
behavioral1/files/0x00050000000191d2-127.dat	xmrig
behavioral1/files/0x000600000001904c-120.dat	xmrig
behavioral1/files/0x0006000000018c44-112.dat	xmrig
behavioral1/files/0x00050000000187a2-106.dat	xmrig
behavioral1/files/0x0008000000016c8c-95.dat	xmrig
behavioral1/files/0x0005000000018696-93.dat	xmrig
behavioral1/files/0x000600000001757f-86.dat	xmrig
behavioral1/files/0x00060000000174a6-78.dat	xmrig
behavioral1/files/0x00060000000173f3-71.dat	xmrig
behavioral1/files/0x000600000001746a-68.dat	xmrig
behavioral1/files/0x0006000000017400-59.dat	xmrig
behavioral1/files/0x0007000000016ac1-43.dat	xmrig
behavioral1/files/0x0005000000019365-193.dat	xmrig
behavioral1/memory/2404-181-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019275-173.dat	xmrig
behavioral1/memory/2236-171-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2612-170-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2724-164-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x0005000000019268-159.dat	xmrig
behavioral1/files/0x0005000000019240-158.dat	xmrig
behavioral1/files/0x00050000000191f6-156.dat	xmrig
behavioral1/memory/3064-155-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2236-154-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/2096-153-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018697-126.dat	xmrig
behavioral1/memory/2072-105-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x0015000000018676-103.dat	xmrig
behavioral1/files/0x00060000000174c3-102.dat	xmrig
behavioral1/files/0x0006000000017488-92.dat	xmrig
behavioral1/memory/2236-54-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/2236-77-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017403-74.dat	xmrig
behavioral1/memory/2860-67-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016c73-50.dat	xmrig
behavioral1/files/0x0007000000016645-37.dat	xmrig
behavioral1/memory/1712-36-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/files/0x000700000001686c-41.dat	xmrig
behavioral1/files/0x00080000000164db-30.dat	xmrig
behavioral1/files/0x0009000000015f96-26.dat	xmrig
behavioral1/files/0x0008000000016334-20.dat	xmrig
behavioral1/memory/2236-17-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/1224-15-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x0008000000016210-14.dat	xmrig
behavioral1/memory/2284-9-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x0008000000012117-7.dat	xmrig
behavioral1/memory/2236-6-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/2236-0-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/1712-3931-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2860-3932-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2284-3933-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2072-3935-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2284	ccuAUWA.exe
1224	obhBkgM.exe
1712	ZBliTtG.exe
2404	WseSZcd.exe
2860	EIzguqb.exe
3028	kAAQckW.exe
2072	WPIUcRk.exe
2096	SwYEEPm.exe
3064	YBfGImM.exe
2724	IIgCfIj.exe
2612	ZxbDXyB.exe
2748	yRNiXHV.exe
2628	ubRazSy.exe
2660	ixbUchv.exe
2496	DFemZJS.exe
3024	qtENwxV.exe
1720	hdrmyrY.exe
1636	IaxVZMD.exe
2268	ERhqKYU.exe
1656	FFkAloN.exe
1808	vLeVWMa.exe
1824	LZmvJrO.exe
2520	IYKUbVW.exe
1424	dLcmXGO.exe
2572	TMkfwXK.exe
1568	xCUOdie.exe
1792	FrqUuzx.exe
1396	ONrmReK.exe
612	emQJFqW.exe
1772	ygeCiuV.exe
1260	syVHXdg.exe
2872	NnivvoN.exe
2364	FSddLIR.exe
2828	wdGqjnG.exe
1576	VrSbYJX.exe
2556	JZsknFc.exe
824	JCXmjqu.exe
2388	arreqFO.exe
1192	oZwbgTy.exe
1840	sGgDWVD.exe
1100	ESaPvDG.exe
1816	LrijRyV.exe
2768	SlLWreO.exe
2204	mVPBBYa.exe
1356	pveHxAh.exe
444	yURJWEz.exe
2088	RIjAktc.exe
1908	fqjwcgO.exe
924	GQWgwcd.exe
692	UVcKlhQ.exe
844	DFImvZG.exe
3016	ksemSGq.exe
876	MNtoCQu.exe
636	NjYAdtG.exe
1996	dafpMzr.exe
2200	lGFkths.exe
1700	cyOeWgG.exe
3068	GiNowRI.exe
2372	wZtkEqq.exe
1592	vPDHPmb.exe
2228	fdgqxRT.exe
2296	JoAOKlz.exe
1672	thFhJrs.exe
2212	gIUbfcB.exe

Loads dropped DLL 64 IoCs

pid	Process
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1224-893-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2284-654-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2236-422-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/3028-186-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x000500000001929a-185.dat	upx
behavioral1/files/0x0005000000019319-183.dat	upx
behavioral1/files/0x0005000000019278-176.dat	upx
behavioral1/files/0x000500000001926c-165.dat	upx
behavioral1/files/0x0005000000019259-145.dat	upx
behavioral1/files/0x00060000000190e1-140.dat	upx
behavioral1/files/0x0006000000018f65-138.dat	upx
behavioral1/files/0x0006000000018c34-137.dat	upx
behavioral1/files/0x0005000000019217-134.dat	upx
behavioral1/files/0x00050000000191d2-127.dat	upx
behavioral1/files/0x000600000001904c-120.dat	upx
behavioral1/files/0x0006000000018c44-112.dat	upx
behavioral1/files/0x00050000000187a2-106.dat	upx
behavioral1/files/0x0008000000016c8c-95.dat	upx
behavioral1/files/0x0005000000018696-93.dat	upx
behavioral1/files/0x000600000001757f-86.dat	upx
behavioral1/files/0x00060000000174a6-78.dat	upx
behavioral1/files/0x00060000000173f3-71.dat	upx
behavioral1/files/0x000600000001746a-68.dat	upx
behavioral1/files/0x0006000000017400-59.dat	upx
behavioral1/files/0x0007000000016ac1-43.dat	upx
behavioral1/files/0x0005000000019365-193.dat	upx
behavioral1/memory/2404-181-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x0005000000019275-173.dat	upx
behavioral1/memory/2612-170-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2724-164-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x0005000000019268-159.dat	upx
behavioral1/files/0x0005000000019240-158.dat	upx
behavioral1/files/0x00050000000191f6-156.dat	upx
behavioral1/memory/3064-155-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2096-153-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x0005000000018697-126.dat	upx
behavioral1/memory/2072-105-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x0015000000018676-103.dat	upx
behavioral1/files/0x00060000000174c3-102.dat	upx
behavioral1/files/0x0006000000017488-92.dat	upx
behavioral1/files/0x0006000000017403-74.dat	upx
behavioral1/memory/2860-67-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x0009000000016c73-50.dat	upx
behavioral1/files/0x0007000000016645-37.dat	upx
behavioral1/memory/1712-36-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/files/0x000700000001686c-41.dat	upx
behavioral1/files/0x00080000000164db-30.dat	upx
behavioral1/files/0x0009000000015f96-26.dat	upx
behavioral1/files/0x0008000000016334-20.dat	upx
behavioral1/memory/2236-17-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/1224-15-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/files/0x0008000000016210-14.dat	upx
behavioral1/memory/2284-9-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x0008000000012117-7.dat	upx
behavioral1/memory/2236-0-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/1712-3931-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2860-3932-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2284-3933-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2072-3935-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/3064-3936-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2096-3939-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2724-3937-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/1224-3954-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2404-3957-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ecEzQPn.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HIcBHym.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OOqphEe.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtDlfpo.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tWjkIvQ.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cbJhxvv.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CRBsItG.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FBwolJT.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iVlkIKb.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXWoafV.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDYBRFt.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tGLCbql.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGjMFAD.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lHmmiEK.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mzkwSBD.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pkpApXv.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UqsmNBx.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BuBVhjn.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SObBcnU.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBNSOBa.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ygeCiuV.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TsedeBK.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\imTnmin.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecHMqrK.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qxATCge.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KHOUlNB.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YrCHUtC.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMgdlrh.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eNwgFoZ.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TQuloqX.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HTeIdPj.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYtLykd.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTgBoGV.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zUGfrWm.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRqohLT.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEogGUQ.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bAFVMle.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vejgUDE.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQeexvJ.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AUiUHwE.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lSVDzaQ.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNSiKSC.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOlRWtI.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntfLrIQ.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sxxJYPL.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jaEFqNE.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LXUoNPw.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HytUtbp.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oRHatIY.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MaqMaPE.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vPDHPmb.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kXpRuRS.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iZGvZch.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pJplXbt.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dleaNqz.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uryUpJO.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nsCyxbi.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zfUVGxV.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UhCsycv.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMAgOgs.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GNQDVJn.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOrVWbb.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OuqTyXv.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSlukFJ.exe	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2284	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2236 wrote to memory of 2284	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2236 wrote to memory of 2284	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 2236 wrote to memory of 1224	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2236 wrote to memory of 1224	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2236 wrote to memory of 1224	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2236 wrote to memory of 1712	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2236 wrote to memory of 1712	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2236 wrote to memory of 1712	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2236 wrote to memory of 2404	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2236 wrote to memory of 2404	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2236 wrote to memory of 2404	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2236 wrote to memory of 2860	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2236 wrote to memory of 2860	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2236 wrote to memory of 2860	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2236 wrote to memory of 3028	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2236 wrote to memory of 3028	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2236 wrote to memory of 3028	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2236 wrote to memory of 2072	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2236 wrote to memory of 2072	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2236 wrote to memory of 2072	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2236 wrote to memory of 3064	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2236 wrote to memory of 3064	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2236 wrote to memory of 3064	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2236 wrote to memory of 2096	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2236 wrote to memory of 2096	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2236 wrote to memory of 2096	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2236 wrote to memory of 2628	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2236 wrote to memory of 2628	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2236 wrote to memory of 2628	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2236 wrote to memory of 2724	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2236 wrote to memory of 2724	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2236 wrote to memory of 2724	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2236 wrote to memory of 2872	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2236 wrote to memory of 2872	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2236 wrote to memory of 2872	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2236 wrote to memory of 2612	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2236 wrote to memory of 2612	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2236 wrote to memory of 2612	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2236 wrote to memory of 2364	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2236 wrote to memory of 2364	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2236 wrote to memory of 2364	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2236 wrote to memory of 2748	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2236 wrote to memory of 2748	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2236 wrote to memory of 2748	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2236 wrote to memory of 2828	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2236 wrote to memory of 2828	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2236 wrote to memory of 2828	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2236 wrote to memory of 2660	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2236 wrote to memory of 2660	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2236 wrote to memory of 2660	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2236 wrote to memory of 1576	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2236 wrote to memory of 1576	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2236 wrote to memory of 1576	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2236 wrote to memory of 2496	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2236 wrote to memory of 2496	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2236 wrote to memory of 2496	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2236 wrote to memory of 2556	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2236 wrote to memory of 2556	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2236 wrote to memory of 2556	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2236 wrote to memory of 3024	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2236 wrote to memory of 3024	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2236 wrote to memory of 3024	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2236 wrote to memory of 824	2236	2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2906477851\zmstage.exe
C:\Users\Admin\AppData\Local\Temp\2906477851\zmstage.exe
1⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-27_6fc3a315e3803703a79f81c62e99f9c0_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\System\ccuAUWA.exe
  C:\Windows\System\ccuAUWA.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\obhBkgM.exe
  C:\Windows\System\obhBkgM.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\ZBliTtG.exe
  C:\Windows\System\ZBliTtG.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\WseSZcd.exe
  C:\Windows\System\WseSZcd.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\EIzguqb.exe
  C:\Windows\System\EIzguqb.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\kAAQckW.exe
  C:\Windows\System\kAAQckW.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\WPIUcRk.exe
  C:\Windows\System\WPIUcRk.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\YBfGImM.exe
  C:\Windows\System\YBfGImM.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\SwYEEPm.exe
  C:\Windows\System\SwYEEPm.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\ubRazSy.exe
  C:\Windows\System\ubRazSy.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\IIgCfIj.exe
  C:\Windows\System\IIgCfIj.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\NnivvoN.exe
  C:\Windows\System\NnivvoN.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\ZxbDXyB.exe
  C:\Windows\System\ZxbDXyB.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\FSddLIR.exe
  C:\Windows\System\FSddLIR.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\yRNiXHV.exe
  C:\Windows\System\yRNiXHV.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\wdGqjnG.exe
  C:\Windows\System\wdGqjnG.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\ixbUchv.exe
  C:\Windows\System\ixbUchv.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\VrSbYJX.exe
  C:\Windows\System\VrSbYJX.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\DFemZJS.exe
  C:\Windows\System\DFemZJS.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\JZsknFc.exe
  C:\Windows\System\JZsknFc.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\qtENwxV.exe
  C:\Windows\System\qtENwxV.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\JCXmjqu.exe
  C:\Windows\System\JCXmjqu.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\hdrmyrY.exe
  C:\Windows\System\hdrmyrY.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\arreqFO.exe
  C:\Windows\System\arreqFO.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\IaxVZMD.exe
  C:\Windows\System\IaxVZMD.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\oZwbgTy.exe
  C:\Windows\System\oZwbgTy.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\ERhqKYU.exe
  C:\Windows\System\ERhqKYU.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\sGgDWVD.exe
  C:\Windows\System\sGgDWVD.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\FFkAloN.exe
  C:\Windows\System\FFkAloN.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\ESaPvDG.exe
  C:\Windows\System\ESaPvDG.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\vLeVWMa.exe
  C:\Windows\System\vLeVWMa.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\LrijRyV.exe
  C:\Windows\System\LrijRyV.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\LZmvJrO.exe
  C:\Windows\System\LZmvJrO.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\SlLWreO.exe
  C:\Windows\System\SlLWreO.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\IYKUbVW.exe
  C:\Windows\System\IYKUbVW.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\mVPBBYa.exe
  C:\Windows\System\mVPBBYa.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\dLcmXGO.exe
  C:\Windows\System\dLcmXGO.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\pveHxAh.exe
  C:\Windows\System\pveHxAh.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\TMkfwXK.exe
  C:\Windows\System\TMkfwXK.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\yURJWEz.exe
  C:\Windows\System\yURJWEz.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\xCUOdie.exe
  C:\Windows\System\xCUOdie.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\RIjAktc.exe
  C:\Windows\System\RIjAktc.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\FrqUuzx.exe
  C:\Windows\System\FrqUuzx.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\fqjwcgO.exe
  C:\Windows\System\fqjwcgO.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\ONrmReK.exe
  C:\Windows\System\ONrmReK.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\GQWgwcd.exe
  C:\Windows\System\GQWgwcd.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\emQJFqW.exe
  C:\Windows\System\emQJFqW.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\UVcKlhQ.exe
  C:\Windows\System\UVcKlhQ.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\ygeCiuV.exe
  C:\Windows\System\ygeCiuV.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\DFImvZG.exe
  C:\Windows\System\DFImvZG.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\syVHXdg.exe
  C:\Windows\System\syVHXdg.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\ksemSGq.exe
  C:\Windows\System\ksemSGq.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\MNtoCQu.exe
  C:\Windows\System\MNtoCQu.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\NjYAdtG.exe
  C:\Windows\System\NjYAdtG.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\dafpMzr.exe
  C:\Windows\System\dafpMzr.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\lGFkths.exe
  C:\Windows\System\lGFkths.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\cyOeWgG.exe
  C:\Windows\System\cyOeWgG.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\GiNowRI.exe
  C:\Windows\System\GiNowRI.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\wZtkEqq.exe
  C:\Windows\System\wZtkEqq.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\vPDHPmb.exe
  C:\Windows\System\vPDHPmb.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\fdgqxRT.exe
  C:\Windows\System\fdgqxRT.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\JoAOKlz.exe
  C:\Windows\System\JoAOKlz.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\thFhJrs.exe
  C:\Windows\System\thFhJrs.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\gIUbfcB.exe
  C:\Windows\System\gIUbfcB.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\qispZxi.exe
  C:\Windows\System\qispZxi.exe
  2⤵
  PID:2396
- C:\Windows\System\XcqIElY.exe
  C:\Windows\System\XcqIElY.exe
  2⤵
  PID:3032
- C:\Windows\System\rgSgGeW.exe
  C:\Windows\System\rgSgGeW.exe
  2⤵
  PID:3060
- C:\Windows\System\XxgRRdp.exe
  C:\Windows\System\XxgRRdp.exe
  2⤵
  PID:2732
- C:\Windows\System\NhSiKCG.exe
  C:\Windows\System\NhSiKCG.exe
  2⤵
  PID:2488
- C:\Windows\System\LCsspBz.exe
  C:\Windows\System\LCsspBz.exe
  2⤵
  PID:2772
- C:\Windows\System\BsntHlV.exe
  C:\Windows\System\BsntHlV.exe
  2⤵
  PID:2524
- C:\Windows\System\FdmIANt.exe
  C:\Windows\System\FdmIANt.exe
  2⤵
  PID:2976
- C:\Windows\System\GxAPfTE.exe
  C:\Windows\System\GxAPfTE.exe
  2⤵
  PID:1984
- C:\Windows\System\jmZUdHn.exe
  C:\Windows\System\jmZUdHn.exe
  2⤵
  PID:1932
- C:\Windows\System\kjwbPHX.exe
  C:\Windows\System\kjwbPHX.exe
  2⤵
  PID:2988
- C:\Windows\System\SsidEwX.exe
  C:\Windows\System\SsidEwX.exe
  2⤵
  PID:904
- C:\Windows\System\fpcgaaz.exe
  C:\Windows\System\fpcgaaz.exe
  2⤵
  PID:1104
- C:\Windows\System\qDRGhhw.exe
  C:\Windows\System\qDRGhhw.exe
  2⤵
  PID:2128
- C:\Windows\System\ywVrBfc.exe
  C:\Windows\System\ywVrBfc.exe
  2⤵
  PID:2352
- C:\Windows\System\xaaaOSN.exe
  C:\Windows\System\xaaaOSN.exe
  2⤵
  PID:2868
- C:\Windows\System\SsazayA.exe
  C:\Windows\System\SsazayA.exe
  2⤵
  PID:2680
- C:\Windows\System\cFSenco.exe
  C:\Windows\System\cFSenco.exe
  2⤵
  PID:1960
- C:\Windows\System\MtpBaft.exe
  C:\Windows\System\MtpBaft.exe
  2⤵
  PID:764
- C:\Windows\System\vBFHOiV.exe
  C:\Windows\System\vBFHOiV.exe
  2⤵
  PID:1804
- C:\Windows\System\rPRhSyd.exe
  C:\Windows\System\rPRhSyd.exe
  2⤵
  PID:2160
- C:\Windows\System\XarINMy.exe
  C:\Windows\System\XarINMy.exe
  2⤵
  PID:2136
- C:\Windows\System\bxzSelZ.exe
  C:\Windows\System\bxzSelZ.exe
  2⤵
  PID:772
- C:\Windows\System\khtzuvd.exe
  C:\Windows\System\khtzuvd.exe
  2⤵
  PID:304
- C:\Windows\System\MumASDt.exe
  C:\Windows\System\MumASDt.exe
  2⤵
  PID:1780
- C:\Windows\System\OynNWfJ.exe
  C:\Windows\System\OynNWfJ.exe
  2⤵
  PID:2668
- C:\Windows\System\JWZwmeO.exe
  C:\Windows\System\JWZwmeO.exe
  2⤵
  PID:1928
- C:\Windows\System\YlWdCYC.exe
  C:\Windows\System\YlWdCYC.exe
  2⤵
  PID:2184
- C:\Windows\System\AvYMEFV.exe
  C:\Windows\System\AvYMEFV.exe
  2⤵
  PID:2892
- C:\Windows\System\NRgCYjR.exe
  C:\Windows\System\NRgCYjR.exe
  2⤵
  PID:1092
- C:\Windows\System\tPukZhr.exe
  C:\Windows\System\tPukZhr.exe
  2⤵
  PID:2844
- C:\Windows\System\MRDJTWB.exe
  C:\Windows\System\MRDJTWB.exe
  2⤵
  PID:1916
- C:\Windows\System\ykOrtgo.exe
  C:\Windows\System\ykOrtgo.exe
  2⤵
  PID:796
- C:\Windows\System\cvvxIhj.exe
  C:\Windows\System\cvvxIhj.exe
  2⤵
  PID:1588
- C:\Windows\System\WNQmnRX.exe
  C:\Windows\System\WNQmnRX.exe
  2⤵
  PID:2452
- C:\Windows\System\mlYahrK.exe
  C:\Windows\System\mlYahrK.exe
  2⤵
  PID:1016
- C:\Windows\System\sQtOOhV.exe
  C:\Windows\System\sQtOOhV.exe
  2⤵
  PID:2916
- C:\Windows\System\rCBdmPW.exe
  C:\Windows\System\rCBdmPW.exe
  2⤵
  PID:2308
- C:\Windows\System\jclkgzh.exe
  C:\Windows\System\jclkgzh.exe
  2⤵
  PID:2108
- C:\Windows\System\PSHDPeq.exe
  C:\Windows\System\PSHDPeq.exe
  2⤵
  PID:2000
- C:\Windows\System\ampKSmC.exe
  C:\Windows\System\ampKSmC.exe
  2⤵
  PID:2688
- C:\Windows\System\veVoMzw.exe
  C:\Windows\System\veVoMzw.exe
  2⤵
  PID:1692
- C:\Windows\System\fBsLJKM.exe
  C:\Windows\System\fBsLJKM.exe
  2⤵
  PID:2848
- C:\Windows\System\cWszvgm.exe
  C:\Windows\System\cWszvgm.exe
  2⤵
  PID:532
- C:\Windows\System\USTnijd.exe
  C:\Windows\System\USTnijd.exe
  2⤵
  PID:2420
- C:\Windows\System\UrwRccy.exe
  C:\Windows\System\UrwRccy.exe
  2⤵
  PID:2576
- C:\Windows\System\FdTATWJ.exe
  C:\Windows\System\FdTATWJ.exe
  2⤵
  PID:2624
- C:\Windows\System\DZOgnsP.exe
  C:\Windows\System\DZOgnsP.exe
  2⤵
  PID:1520
- C:\Windows\System\dvnAcQj.exe
  C:\Windows\System\dvnAcQj.exe
  2⤵
  PID:1476
- C:\Windows\System\fdTNvfB.exe
  C:\Windows\System\fdTNvfB.exe
  2⤵
  PID:1540
- C:\Windows\System\JGQGQNN.exe
  C:\Windows\System\JGQGQNN.exe
  2⤵
  PID:2816
- C:\Windows\System\ZsynwYn.exe
  C:\Windows\System\ZsynwYn.exe
  2⤵
  PID:1336
- C:\Windows\System\zfUVGxV.exe
  C:\Windows\System\zfUVGxV.exe
  2⤵
  PID:2552
- C:\Windows\System\ZbXsbFa.exe
  C:\Windows\System\ZbXsbFa.exe
  2⤵
  PID:1244
- C:\Windows\System\UhNqRZW.exe
  C:\Windows\System\UhNqRZW.exe
  2⤵
  PID:3056
- C:\Windows\System\jhOJtZr.exe
  C:\Windows\System\jhOJtZr.exe
  2⤵
  PID:2004
- C:\Windows\System\ogxRtPi.exe
  C:\Windows\System\ogxRtPi.exe
  2⤵
  PID:2312
- C:\Windows\System\eqrjhVK.exe
  C:\Windows\System\eqrjhVK.exe
  2⤵
  PID:2020
- C:\Windows\System\XFUrHQw.exe
  C:\Windows\System\XFUrHQw.exe
  2⤵
  PID:2432
- C:\Windows\System\fgZJNIQ.exe
  C:\Windows\System\fgZJNIQ.exe
  2⤵
  PID:2900
- C:\Windows\System\assNcNA.exe
  C:\Windows\System\assNcNA.exe
  2⤵
  PID:2812
- C:\Windows\System\KBLnwNg.exe
  C:\Windows\System\KBLnwNg.exe
  2⤵
  PID:2600
- C:\Windows\System\GqPfsFN.exe
  C:\Windows\System\GqPfsFN.exe
  2⤵
  PID:2536
- C:\Windows\System\jqbvIsk.exe
  C:\Windows\System\jqbvIsk.exe
  2⤵
  PID:2716
- C:\Windows\System\UFgAZHF.exe
  C:\Windows\System\UFgAZHF.exe
  2⤵
  PID:3084
- C:\Windows\System\lQjYSnP.exe
  C:\Windows\System\lQjYSnP.exe
  2⤵
  PID:3112
- C:\Windows\System\lSEyOwo.exe
  C:\Windows\System\lSEyOwo.exe
  2⤵
  PID:3132
- C:\Windows\System\aeUVYlt.exe
  C:\Windows\System\aeUVYlt.exe
  2⤵
  PID:3148
- C:\Windows\System\OSFvnpL.exe
  C:\Windows\System\OSFvnpL.exe
  2⤵
  PID:3164
- C:\Windows\System\MOlRWtI.exe
  C:\Windows\System\MOlRWtI.exe
  2⤵
  PID:3184
- C:\Windows\System\FPRoksa.exe
  C:\Windows\System\FPRoksa.exe
  2⤵
  PID:3200
- C:\Windows\System\qAIeWJN.exe
  C:\Windows\System\qAIeWJN.exe
  2⤵
  PID:3220
- C:\Windows\System\wXagmvG.exe
  C:\Windows\System\wXagmvG.exe
  2⤵
  PID:3236
- C:\Windows\System\gztKzsm.exe
  C:\Windows\System\gztKzsm.exe
  2⤵
  PID:3256
- C:\Windows\System\vkBgUKl.exe
  C:\Windows\System\vkBgUKl.exe
  2⤵
  PID:3272
- C:\Windows\System\DactdDC.exe
  C:\Windows\System\DactdDC.exe
  2⤵
  PID:3292
- C:\Windows\System\QwVfrCU.exe
  C:\Windows\System\QwVfrCU.exe
  2⤵
  PID:3312
- C:\Windows\System\FoorXln.exe
  C:\Windows\System\FoorXln.exe
  2⤵
  PID:3344
- C:\Windows\System\TsedeBK.exe
  C:\Windows\System\TsedeBK.exe
  2⤵
  PID:3364
- C:\Windows\System\BuBlrNG.exe
  C:\Windows\System\BuBlrNG.exe
  2⤵
  PID:3380
- C:\Windows\System\TkqMnaG.exe
  C:\Windows\System\TkqMnaG.exe
  2⤵
  PID:3400
- C:\Windows\System\frNIAgc.exe
  C:\Windows\System\frNIAgc.exe
  2⤵
  PID:3416
- C:\Windows\System\EXbTHVT.exe
  C:\Windows\System\EXbTHVT.exe
  2⤵
  PID:3444
- C:\Windows\System\elYjUWi.exe
  C:\Windows\System\elYjUWi.exe
  2⤵
  PID:3472
- C:\Windows\System\ARGQCzz.exe
  C:\Windows\System\ARGQCzz.exe
  2⤵
  PID:3488
- C:\Windows\System\qrJIeNa.exe
  C:\Windows\System\qrJIeNa.exe
  2⤵
  PID:3512
- C:\Windows\System\TFeoZaC.exe
  C:\Windows\System\TFeoZaC.exe
  2⤵
  PID:3532
- C:\Windows\System\OWSMjZW.exe
  C:\Windows\System\OWSMjZW.exe
  2⤵
  PID:3548
- C:\Windows\System\xWKciaX.exe
  C:\Windows\System\xWKciaX.exe
  2⤵
  PID:3568
- C:\Windows\System\oOTyVvz.exe
  C:\Windows\System\oOTyVvz.exe
  2⤵
  PID:3596
- C:\Windows\System\GiCJTlj.exe
  C:\Windows\System\GiCJTlj.exe
  2⤵
  PID:3624
- C:\Windows\System\YtJUYiw.exe
  C:\Windows\System\YtJUYiw.exe
  2⤵
  PID:3644
- C:\Windows\System\CPkyVnP.exe
  C:\Windows\System\CPkyVnP.exe
  2⤵
  PID:3664
- C:\Windows\System\DZYkbKE.exe
  C:\Windows\System\DZYkbKE.exe
  2⤵
  PID:3680
- C:\Windows\System\AsUgPJB.exe
  C:\Windows\System\AsUgPJB.exe
  2⤵
  PID:3700
- C:\Windows\System\gaMSSzT.exe
  C:\Windows\System\gaMSSzT.exe
  2⤵
  PID:3720
- C:\Windows\System\ELFBRnL.exe
  C:\Windows\System\ELFBRnL.exe
  2⤵
  PID:3740
- C:\Windows\System\BIAAipH.exe
  C:\Windows\System\BIAAipH.exe
  2⤵
  PID:3760
- C:\Windows\System\fJurrdq.exe
  C:\Windows\System\fJurrdq.exe
  2⤵
  PID:3780
- C:\Windows\System\EbYRHUy.exe
  C:\Windows\System\EbYRHUy.exe
  2⤵
  PID:3796
- C:\Windows\System\rgaVZxd.exe
  C:\Windows\System\rgaVZxd.exe
  2⤵
  PID:3812
- C:\Windows\System\uippqEv.exe
  C:\Windows\System\uippqEv.exe
  2⤵
  PID:3836
- C:\Windows\System\ntfLrIQ.exe
  C:\Windows\System\ntfLrIQ.exe
  2⤵
  PID:3852
- C:\Windows\System\PWGdZke.exe
  C:\Windows\System\PWGdZke.exe
  2⤵
  PID:3880
- C:\Windows\System\QWoAqFu.exe
  C:\Windows\System\QWoAqFu.exe
  2⤵
  PID:3904
- C:\Windows\System\RGDHaMm.exe
  C:\Windows\System\RGDHaMm.exe
  2⤵
  PID:3920
- C:\Windows\System\Lumigih.exe
  C:\Windows\System\Lumigih.exe
  2⤵
  PID:3936
- C:\Windows\System\imTnmin.exe
  C:\Windows\System\imTnmin.exe
  2⤵
  PID:3952
- C:\Windows\System\BqgunGr.exe
  C:\Windows\System\BqgunGr.exe
  2⤵
  PID:3968
- C:\Windows\System\PncYvgr.exe
  C:\Windows\System\PncYvgr.exe
  2⤵
  PID:3984
- C:\Windows\System\ARzlgyf.exe
  C:\Windows\System\ARzlgyf.exe
  2⤵
  PID:4000
- C:\Windows\System\hNPuGIz.exe
  C:\Windows\System\hNPuGIz.exe
  2⤵
  PID:4016
- C:\Windows\System\wknIYld.exe
  C:\Windows\System\wknIYld.exe
  2⤵
  PID:4036
- C:\Windows\System\VHDDAtu.exe
  C:\Windows\System\VHDDAtu.exe
  2⤵
  PID:4080
- C:\Windows\System\hyrcmZr.exe
  C:\Windows\System\hyrcmZr.exe
  2⤵
  PID:2392
- C:\Windows\System\iAUbCto.exe
  C:\Windows\System\iAUbCto.exe
  2⤵
  PID:700
- C:\Windows\System\FQsSkmy.exe
  C:\Windows\System\FQsSkmy.exe
  2⤵
  PID:1972
- C:\Windows\System\LAAiAQO.exe
  C:\Windows\System\LAAiAQO.exe
  2⤵
  PID:2492
- C:\Windows\System\kXpRuRS.exe
  C:\Windows\System\kXpRuRS.exe
  2⤵
  PID:828
- C:\Windows\System\MPkRfOq.exe
  C:\Windows\System\MPkRfOq.exe
  2⤵
  PID:3000
- C:\Windows\System\pvxSiIC.exe
  C:\Windows\System\pvxSiIC.exe
  2⤵
  PID:2276
- C:\Windows\System\pepjeGb.exe
  C:\Windows\System\pepjeGb.exe
  2⤵
  PID:2664
- C:\Windows\System\ideiXPn.exe
  C:\Windows\System\ideiXPn.exe
  2⤵
  PID:2944
- C:\Windows\System\QnGBddk.exe
  C:\Windows\System\QnGBddk.exe
  2⤵
  PID:2224
- C:\Windows\System\ElgclNr.exe
  C:\Windows\System\ElgclNr.exe
  2⤵
  PID:3092
- C:\Windows\System\IfIJhzp.exe
  C:\Windows\System\IfIJhzp.exe
  2⤵
  PID:3096
- C:\Windows\System\UbkDyaj.exe
  C:\Windows\System\UbkDyaj.exe
  2⤵
  PID:3144
- C:\Windows\System\hWDuRxZ.exe
  C:\Windows\System\hWDuRxZ.exe
  2⤵
  PID:3208
- C:\Windows\System\YRqohLT.exe
  C:\Windows\System\YRqohLT.exe
  2⤵
  PID:3252
- C:\Windows\System\WOXnUFj.exe
  C:\Windows\System\WOXnUFj.exe
  2⤵
  PID:3304
- C:\Windows\System\NvuzvTc.exe
  C:\Windows\System\NvuzvTc.exe
  2⤵
  PID:3232
- C:\Windows\System\SDvGSrp.exe
  C:\Windows\System\SDvGSrp.exe
  2⤵
  PID:3156
- C:\Windows\System\ONBwhGv.exe
  C:\Windows\System\ONBwhGv.exe
  2⤵
  PID:3336
- C:\Windows\System\GyBPyPd.exe
  C:\Windows\System\GyBPyPd.exe
  2⤵
  PID:3308
- C:\Windows\System\iGIsEZE.exe
  C:\Windows\System\iGIsEZE.exe
  2⤵
  PID:3456
- C:\Windows\System\CGjENiW.exe
  C:\Windows\System\CGjENiW.exe
  2⤵
  PID:3500
- C:\Windows\System\eueejhk.exe
  C:\Windows\System\eueejhk.exe
  2⤵
  PID:3432
- C:\Windows\System\HfBrviv.exe
  C:\Windows\System\HfBrviv.exe
  2⤵
  PID:3396
- C:\Windows\System\CIFFWyZ.exe
  C:\Windows\System\CIFFWyZ.exe
  2⤵
  PID:3508
- C:\Windows\System\phkKRBJ.exe
  C:\Windows\System\phkKRBJ.exe
  2⤵
  PID:3576
- C:\Windows\System\FJanJja.exe
  C:\Windows\System\FJanJja.exe
  2⤵
  PID:3640
- C:\Windows\System\sfILcIK.exe
  C:\Windows\System\sfILcIK.exe
  2⤵
  PID:3616
- C:\Windows\System\dEmxndF.exe
  C:\Windows\System\dEmxndF.exe
  2⤵
  PID:3660
- C:\Windows\System\lhUFZhi.exe
  C:\Windows\System\lhUFZhi.exe
  2⤵
  PID:3656
- C:\Windows\System\thBDPUY.exe
  C:\Windows\System\thBDPUY.exe
  2⤵
  PID:3756
- C:\Windows\System\RrZGltH.exe
  C:\Windows\System\RrZGltH.exe
  2⤵
  PID:3824
- C:\Windows\System\TzetaMi.exe
  C:\Windows\System\TzetaMi.exe
  2⤵
  PID:3776
- C:\Windows\System\mGVFtUj.exe
  C:\Windows\System\mGVFtUj.exe
  2⤵
  PID:3860
- C:\Windows\System\PsMzaYz.exe
  C:\Windows\System\PsMzaYz.exe
  2⤵
  PID:3876
- C:\Windows\System\OINMbpu.exe
  C:\Windows\System\OINMbpu.exe
  2⤵
  PID:3900
- C:\Windows\System\TnXMsyg.exe
  C:\Windows\System\TnXMsyg.exe
  2⤵
  PID:3948
- C:\Windows\System\rVIAdgB.exe
  C:\Windows\System\rVIAdgB.exe
  2⤵
  PID:4048
- C:\Windows\System\Czzdxup.exe
  C:\Windows\System\Czzdxup.exe
  2⤵
  PID:3928
- C:\Windows\System\FBwolJT.exe
  C:\Windows\System\FBwolJT.exe
  2⤵
  PID:4032
- C:\Windows\System\iNGSRQd.exe
  C:\Windows\System\iNGSRQd.exe
  2⤵
  PID:4076
- C:\Windows\System\aWvwCuL.exe
  C:\Windows\System\aWvwCuL.exe
  2⤵
  PID:564
- C:\Windows\System\rmYpqOX.exe
  C:\Windows\System\rmYpqOX.exe
  2⤵
  PID:2460
- C:\Windows\System\iZiHqrs.exe
  C:\Windows\System\iZiHqrs.exe
  2⤵
  PID:1768
- C:\Windows\System\RmsXpbb.exe
  C:\Windows\System\RmsXpbb.exe
  2⤵
  PID:308
- C:\Windows\System\UhCsycv.exe
  C:\Windows\System\UhCsycv.exe
  2⤵
  PID:1624
- C:\Windows\System\GzSQcli.exe
  C:\Windows\System\GzSQcli.exe
  2⤵
  PID:1708
- C:\Windows\System\KsxTtWo.exe
  C:\Windows\System\KsxTtWo.exe
  2⤵
  PID:3176
- C:\Windows\System\zjsoZWn.exe
  C:\Windows\System\zjsoZWn.exe
  2⤵
  PID:2152
- C:\Windows\System\ylyBpcO.exe
  C:\Windows\System\ylyBpcO.exe
  2⤵
  PID:3100
- C:\Windows\System\saYvWis.exe
  C:\Windows\System\saYvWis.exe
  2⤵
  PID:3288
- C:\Windows\System\jWQXNvQ.exe
  C:\Windows\System\jWQXNvQ.exe
  2⤵
  PID:3264
- C:\Windows\System\tmgoFZk.exe
  C:\Windows\System\tmgoFZk.exe
  2⤵
  PID:3496
- C:\Windows\System\vdAyFPh.exe
  C:\Windows\System\vdAyFPh.exe
  2⤵
  PID:3540
- C:\Windows\System\zblrJjC.exe
  C:\Windows\System\zblrJjC.exe
  2⤵
  PID:3584
- C:\Windows\System\uFiWofK.exe
  C:\Windows\System\uFiWofK.exe
  2⤵
  PID:3332
- C:\Windows\System\jBddpnk.exe
  C:\Windows\System\jBddpnk.exe
  2⤵
  PID:3560
- C:\Windows\System\VncFjfz.exe
  C:\Windows\System\VncFjfz.exe
  2⤵
  PID:3632
- C:\Windows\System\lFhSFhC.exe
  C:\Windows\System\lFhSFhC.exe
  2⤵
  PID:3820
- C:\Windows\System\AfZIOCM.exe
  C:\Windows\System\AfZIOCM.exe
  2⤵
  PID:3768
- C:\Windows\System\BGyQsAu.exe
  C:\Windows\System\BGyQsAu.exe
  2⤵
  PID:3728
- C:\Windows\System\SrNHPoa.exe
  C:\Windows\System\SrNHPoa.exe
  2⤵
  PID:3732
- C:\Windows\System\MNgyUhn.exe
  C:\Windows\System\MNgyUhn.exe
  2⤵
  PID:4008
- C:\Windows\System\ewjpbgV.exe
  C:\Windows\System\ewjpbgV.exe
  2⤵
  PID:3944
- C:\Windows\System\ckGqNLE.exe
  C:\Windows\System\ckGqNLE.exe
  2⤵
  PID:1652
- C:\Windows\System\hJUoiVl.exe
  C:\Windows\System\hJUoiVl.exe
  2⤵
  PID:4060
- C:\Windows\System\GXLSHol.exe
  C:\Windows\System\GXLSHol.exe
  2⤵
  PID:1784
- C:\Windows\System\lpfCgtu.exe
  C:\Windows\System\lpfCgtu.exe
  2⤵
  PID:2176
- C:\Windows\System\pHzVCYl.exe
  C:\Windows\System\pHzVCYl.exe
  2⤵
  PID:704
- C:\Windows\System\JgqCSHy.exe
  C:\Windows\System\JgqCSHy.exe
  2⤵
  PID:2644
- C:\Windows\System\QuQRDgi.exe
  C:\Windows\System\QuQRDgi.exe
  2⤵
  PID:3192
- C:\Windows\System\MjXahca.exe
  C:\Windows\System\MjXahca.exe
  2⤵
  PID:3484
- C:\Windows\System\DDRYwPd.exe
  C:\Windows\System\DDRYwPd.exe
  2⤵
  PID:3428
- C:\Windows\System\Wmsaktl.exe
  C:\Windows\System\Wmsaktl.exe
  2⤵
  PID:3460
- C:\Windows\System\cVkCHuA.exe
  C:\Windows\System\cVkCHuA.exe
  2⤵
  PID:4108
- C:\Windows\System\QyDBCMP.exe
  C:\Windows\System\QyDBCMP.exe
  2⤵
  PID:4132
- C:\Windows\System\zJIQLpt.exe
  C:\Windows\System\zJIQLpt.exe
  2⤵
  PID:4152
- C:\Windows\System\ClmZIys.exe
  C:\Windows\System\ClmZIys.exe
  2⤵
  PID:4176
- C:\Windows\System\hFyGbXC.exe
  C:\Windows\System\hFyGbXC.exe
  2⤵
  PID:4196
- C:\Windows\System\yPclUAy.exe
  C:\Windows\System\yPclUAy.exe
  2⤵
  PID:4220
- C:\Windows\System\tTEoZvO.exe
  C:\Windows\System\tTEoZvO.exe
  2⤵
  PID:4240
- C:\Windows\System\DiEugdB.exe
  C:\Windows\System\DiEugdB.exe
  2⤵
  PID:4256
- C:\Windows\System\JPkcQmw.exe
  C:\Windows\System\JPkcQmw.exe
  2⤵
  PID:4280
- C:\Windows\System\dCqrlQC.exe
  C:\Windows\System\dCqrlQC.exe
  2⤵
  PID:4296
- C:\Windows\System\YBGlQoV.exe
  C:\Windows\System\YBGlQoV.exe
  2⤵
  PID:4316
- C:\Windows\System\JWmFVbi.exe
  C:\Windows\System\JWmFVbi.exe
  2⤵
  PID:4336
- C:\Windows\System\qCEOUaO.exe
  C:\Windows\System\qCEOUaO.exe
  2⤵
  PID:4356
- C:\Windows\System\JdNYINu.exe
  C:\Windows\System\JdNYINu.exe
  2⤵
  PID:4384
- C:\Windows\System\TyeKhvL.exe
  C:\Windows\System\TyeKhvL.exe
  2⤵
  PID:4404
- C:\Windows\System\VgnRMNn.exe
  C:\Windows\System\VgnRMNn.exe
  2⤵
  PID:4420
- C:\Windows\System\wJDCUQb.exe
  C:\Windows\System\wJDCUQb.exe
  2⤵
  PID:4440
- C:\Windows\System\ZajEQhC.exe
  C:\Windows\System\ZajEQhC.exe
  2⤵
  PID:4456
- C:\Windows\System\EpzCfQz.exe
  C:\Windows\System\EpzCfQz.exe
  2⤵
  PID:4472
- C:\Windows\System\omIbkCE.exe
  C:\Windows\System\omIbkCE.exe
  2⤵
  PID:4496
- C:\Windows\System\kGtYyNa.exe
  C:\Windows\System\kGtYyNa.exe
  2⤵
  PID:4512
- C:\Windows\System\iVlkIKb.exe
  C:\Windows\System\iVlkIKb.exe
  2⤵
  PID:4540
- C:\Windows\System\yyRTtko.exe
  C:\Windows\System\yyRTtko.exe
  2⤵
  PID:4560
- C:\Windows\System\EnsRBJw.exe
  C:\Windows\System\EnsRBJw.exe
  2⤵
  PID:4576
- C:\Windows\System\GTFRXWt.exe
  C:\Windows\System\GTFRXWt.exe
  2⤵
  PID:4596
- C:\Windows\System\AtTjvcC.exe
  C:\Windows\System\AtTjvcC.exe
  2⤵
  PID:4612
- C:\Windows\System\VwfFNct.exe
  C:\Windows\System\VwfFNct.exe
  2⤵
  PID:4628
- C:\Windows\System\HTeIdPj.exe
  C:\Windows\System\HTeIdPj.exe
  2⤵
  PID:4644
- C:\Windows\System\JVPtoib.exe
  C:\Windows\System\JVPtoib.exe
  2⤵
  PID:4660
- C:\Windows\System\RiAweLE.exe
  C:\Windows\System\RiAweLE.exe
  2⤵
  PID:4680
- C:\Windows\System\FmnWxse.exe
  C:\Windows\System\FmnWxse.exe
  2⤵
  PID:4696
- C:\Windows\System\IrraLpq.exe
  C:\Windows\System\IrraLpq.exe
  2⤵
  PID:4720
- C:\Windows\System\fvUTEuh.exe
  C:\Windows\System\fvUTEuh.exe
  2⤵
  PID:4744
- C:\Windows\System\SGfrYYn.exe
  C:\Windows\System\SGfrYYn.exe
  2⤵
  PID:4764
- C:\Windows\System\ykaDtok.exe
  C:\Windows\System\ykaDtok.exe
  2⤵
  PID:4780
- C:\Windows\System\OPHAjlN.exe
  C:\Windows\System\OPHAjlN.exe
  2⤵
  PID:4820
- C:\Windows\System\NviNCxx.exe
  C:\Windows\System\NviNCxx.exe
  2⤵
  PID:4836
- C:\Windows\System\GCaetfE.exe
  C:\Windows\System\GCaetfE.exe
  2⤵
  PID:4856
- C:\Windows\System\iEepwEy.exe
  C:\Windows\System\iEepwEy.exe
  2⤵
  PID:4872
- C:\Windows\System\KjxbWqK.exe
  C:\Windows\System\KjxbWqK.exe
  2⤵
  PID:4888
- C:\Windows\System\UDNCcHd.exe
  C:\Windows\System\UDNCcHd.exe
  2⤵
  PID:4904
- C:\Windows\System\sjtaANV.exe
  C:\Windows\System\sjtaANV.exe
  2⤵
  PID:4920
- C:\Windows\System\soCzCYv.exe
  C:\Windows\System\soCzCYv.exe
  2⤵
  PID:4940
- C:\Windows\System\yiHfWvG.exe
  C:\Windows\System\yiHfWvG.exe
  2⤵
  PID:4956
- C:\Windows\System\XJgMLbq.exe
  C:\Windows\System\XJgMLbq.exe
  2⤵
  PID:4972
- C:\Windows\System\tLIRoyI.exe
  C:\Windows\System\tLIRoyI.exe
  2⤵
  PID:4988
- C:\Windows\System\CTYXXAp.exe
  C:\Windows\System\CTYXXAp.exe
  2⤵
  PID:5024
- C:\Windows\System\VEIdoDg.exe
  C:\Windows\System\VEIdoDg.exe
  2⤵
  PID:5044
- C:\Windows\System\gmrwhcY.exe
  C:\Windows\System\gmrwhcY.exe
  2⤵
  PID:5068
- C:\Windows\System\FJVmPLq.exe
  C:\Windows\System\FJVmPLq.exe
  2⤵
  PID:5100
- C:\Windows\System\GvywDMV.exe
  C:\Windows\System\GvywDMV.exe
  2⤵
  PID:3452
- C:\Windows\System\SLebQln.exe
  C:\Windows\System\SLebQln.exe
  2⤵
  PID:3792
- C:\Windows\System\KCcxvfJ.exe
  C:\Windows\System\KCcxvfJ.exe
  2⤵
  PID:3652
- C:\Windows\System\XAriGvv.exe
  C:\Windows\System\XAriGvv.exe
  2⤵
  PID:3788
- C:\Windows\System\WUhTFtX.exe
  C:\Windows\System\WUhTFtX.exe
  2⤵
  PID:3676
- C:\Windows\System\pveiunS.exe
  C:\Windows\System\pveiunS.exe
  2⤵
  PID:3672
- C:\Windows\System\zACbLiq.exe
  C:\Windows\System\zACbLiq.exe
  2⤵
  PID:2140
- C:\Windows\System\JjFznxe.exe
  C:\Windows\System\JjFznxe.exe
  2⤵
  PID:3960
- C:\Windows\System\fvHPlGF.exe
  C:\Windows\System\fvHPlGF.exe
  2⤵
  PID:4024
- C:\Windows\System\sHINqhU.exe
  C:\Windows\System\sHINqhU.exe
  2⤵
  PID:4068
- C:\Windows\System\rapNnjy.exe
  C:\Windows\System\rapNnjy.exe
  2⤵
  PID:3180
- C:\Windows\System\uQeAtWq.exe
  C:\Windows\System\uQeAtWq.exe
  2⤵
  PID:4124
- C:\Windows\System\QroierR.exe
  C:\Windows\System\QroierR.exe
  2⤵
  PID:3128
- C:\Windows\System\pxNtyzi.exe
  C:\Windows\System\pxNtyzi.exe
  2⤵
  PID:4204
- C:\Windows\System\gMAgOgs.exe
  C:\Windows\System\gMAgOgs.exe
  2⤵
  PID:4248
- C:\Windows\System\BJNCNjw.exe
  C:\Windows\System\BJNCNjw.exe
  2⤵
  PID:4324
- C:\Windows\System\TnBvLEy.exe
  C:\Windows\System\TnBvLEy.exe
  2⤵
  PID:4372
- C:\Windows\System\CuKQklG.exe
  C:\Windows\System\CuKQklG.exe
  2⤵
  PID:4144
- C:\Windows\System\LiFyxhl.exe
  C:\Windows\System\LiFyxhl.exe
  2⤵
  PID:4236
- C:\Windows\System\xaFMscn.exe
  C:\Windows\System\xaFMscn.exe
  2⤵
  PID:4276
- C:\Windows\System\vhOYRjy.exe
  C:\Windows\System\vhOYRjy.exe
  2⤵
  PID:4308
- C:\Windows\System\ldfzkgV.exe
  C:\Windows\System\ldfzkgV.exe
  2⤵
  PID:4484
- C:\Windows\System\rDnMAQw.exe
  C:\Windows\System\rDnMAQw.exe
  2⤵
  PID:4532
- C:\Windows\System\NcOZjzz.exe
  C:\Windows\System\NcOZjzz.exe
  2⤵
  PID:4636
- C:\Windows\System\gOOArDj.exe
  C:\Windows\System\gOOArDj.exe
  2⤵
  PID:4676
- C:\Windows\System\kRpWWlA.exe
  C:\Windows\System\kRpWWlA.exe
  2⤵
  PID:4352
- C:\Windows\System\PyZIfJc.exe
  C:\Windows\System\PyZIfJc.exe
  2⤵
  PID:4392
- C:\Windows\System\redtWRY.exe
  C:\Windows\System\redtWRY.exe
  2⤵
  PID:4432
- C:\Windows\System\noXqZgz.exe
  C:\Windows\System\noXqZgz.exe
  2⤵
  PID:4760
- C:\Windows\System\NkvFGci.exe
  C:\Windows\System\NkvFGci.exe
  2⤵
  PID:4796
- C:\Windows\System\PLYFEiW.exe
  C:\Windows\System\PLYFEiW.exe
  2⤵
  PID:4812
- C:\Windows\System\bdUvnxV.exe
  C:\Windows\System\bdUvnxV.exe
  2⤵
  PID:4552
- C:\Windows\System\cbTiaOm.exe
  C:\Windows\System\cbTiaOm.exe
  2⤵
  PID:4880
- C:\Windows\System\euAeQjQ.exe
  C:\Windows\System\euAeQjQ.exe
  2⤵
  PID:4740
- C:\Windows\System\UwoiRIY.exe
  C:\Windows\System\UwoiRIY.exe
  2⤵
  PID:4692
- C:\Windows\System\eWxVoLt.exe
  C:\Windows\System\eWxVoLt.exe
  2⤵
  PID:4652
- C:\Windows\System\LEogGUQ.exe
  C:\Windows\System\LEogGUQ.exe
  2⤵
  PID:4916
- C:\Windows\System\iZGvZch.exe
  C:\Windows\System\iZGvZch.exe
  2⤵
  PID:4984
- C:\Windows\System\YcTzyFh.exe
  C:\Windows\System\YcTzyFh.exe
  2⤵
  PID:5040
- C:\Windows\System\eIMbZNO.exe
  C:\Windows\System\eIMbZNO.exe
  2⤵
  PID:5020
- C:\Windows\System\fDwHxJL.exe
  C:\Windows\System\fDwHxJL.exe
  2⤵
  PID:4968
- C:\Windows\System\aIIQNna.exe
  C:\Windows\System\aIIQNna.exe
  2⤵
  PID:4900
- C:\Windows\System\yjhmRMq.exe
  C:\Windows\System\yjhmRMq.exe
  2⤵
  PID:5052
- C:\Windows\System\NZkdxlw.exe
  C:\Windows\System\NZkdxlw.exe
  2⤵
  PID:5096
- C:\Windows\System\HCUCSpp.exe
  C:\Windows\System\HCUCSpp.exe
  2⤵
  PID:5108
- C:\Windows\System\odwGznt.exe
  C:\Windows\System\odwGznt.exe
  2⤵
  PID:3480
- C:\Windows\System\rwNUUex.exe
  C:\Windows\System\rwNUUex.exe
  2⤵
  PID:3692
- C:\Windows\System\vEpdpyb.exe
  C:\Windows\System\vEpdpyb.exe
  2⤵
  PID:3888
- C:\Windows\System\JXfUFYa.exe
  C:\Windows\System\JXfUFYa.exe
  2⤵
  PID:3916
- C:\Windows\System\AwpNmcu.exe
  C:\Windows\System\AwpNmcu.exe
  2⤵
  PID:4088
- C:\Windows\System\yUjYrUY.exe
  C:\Windows\System\yUjYrUY.exe
  2⤵
  PID:3352
- C:\Windows\System\FjvUiVy.exe
  C:\Windows\System\FjvUiVy.exe
  2⤵
  PID:4116
- C:\Windows\System\NDMRMLn.exe
  C:\Windows\System\NDMRMLn.exe
  2⤵
  PID:4172
- C:\Windows\System\iqHzODm.exe
  C:\Windows\System\iqHzODm.exe
  2⤵
  PID:4412
- C:\Windows\System\cHXIaxf.exe
  C:\Windows\System\cHXIaxf.exe
  2⤵
  PID:4492
- C:\Windows\System\ngYWmST.exe
  C:\Windows\System\ngYWmST.exe
  2⤵
  PID:4400
- C:\Windows\System\ISvPyxb.exe
  C:\Windows\System\ISvPyxb.exe
  2⤵
  PID:4844
- C:\Windows\System\LOysbzs.exe
  C:\Windows\System\LOysbzs.exe
  2⤵
  PID:4656
- C:\Windows\System\BcWeciy.exe
  C:\Windows\System\BcWeciy.exe
  2⤵
  PID:4980
- C:\Windows\System\lXSrkyZ.exe
  C:\Windows\System\lXSrkyZ.exe
  2⤵
  PID:4216
- C:\Windows\System\ocztuhF.exe
  C:\Windows\System\ocztuhF.exe
  2⤵
  PID:4364
- C:\Windows\System\GSlukFJ.exe
  C:\Windows\System\GSlukFJ.exe
  2⤵
  PID:3932
- C:\Windows\System\aZUfqcA.exe
  C:\Windows\System\aZUfqcA.exe
  2⤵
  PID:2760
- C:\Windows\System\UTPusqD.exe
  C:\Windows\System\UTPusqD.exe
  2⤵
  PID:4272
- C:\Windows\System\hhdymzE.exe
  C:\Windows\System\hhdymzE.exe
  2⤵
  PID:4668
- C:\Windows\System\Wbwcbri.exe
  C:\Windows\System\Wbwcbri.exe
  2⤵
  PID:4708
- C:\Windows\System\RQeSpob.exe
  C:\Windows\System\RQeSpob.exe
  2⤵
  PID:4688
- C:\Windows\System\bPvHLDi.exe
  C:\Windows\System\bPvHLDi.exe
  2⤵
  PID:4508
- C:\Windows\System\LPgQDvk.exe
  C:\Windows\System\LPgQDvk.exe
  2⤵
  PID:4792
- C:\Windows\System\aZjeNMj.exe
  C:\Windows\System\aZjeNMj.exe
  2⤵
  PID:1952
- C:\Windows\System\udmisde.exe
  C:\Windows\System\udmisde.exe
  2⤵
  PID:2808
- C:\Windows\System\aSsrOXO.exe
  C:\Windows\System\aSsrOXO.exe
  2⤵
  PID:5064
- C:\Windows\System\awpuPmM.exe
  C:\Windows\System\awpuPmM.exe
  2⤵
  PID:5004
- C:\Windows\System\npmhHzI.exe
  C:\Windows\System\npmhHzI.exe
  2⤵
  PID:4584
- C:\Windows\System\MzLniZu.exe
  C:\Windows\System\MzLniZu.exe
  2⤵
  PID:5012
- C:\Windows\System\rnUaeVp.exe
  C:\Windows\System\rnUaeVp.exe
  2⤵
  PID:2604
- C:\Windows\System\AGjMFAD.exe
  C:\Windows\System\AGjMFAD.exe
  2⤵
  PID:5076
- C:\Windows\System\iNgmkgL.exe
  C:\Windows\System\iNgmkgL.exe
  2⤵
  PID:3244
- C:\Windows\System\DCtlKet.exe
  C:\Windows\System\DCtlKet.exe
  2⤵
  PID:3592
- C:\Windows\System\WNklDZi.exe
  C:\Windows\System\WNklDZi.exe
  2⤵
  PID:4104
- C:\Windows\System\oaMrOgs.exe
  C:\Windows\System\oaMrOgs.exe
  2⤵
  PID:4448
- C:\Windows\System\Bedihvt.exe
  C:\Windows\System\Bedihvt.exe
  2⤵
  PID:5144
- C:\Windows\System\CjdnZFg.exe
  C:\Windows\System\CjdnZFg.exe
  2⤵
  PID:5172
- C:\Windows\System\cwXSKgO.exe
  C:\Windows\System\cwXSKgO.exe
  2⤵
  PID:5188
- C:\Windows\System\VGckibx.exe
  C:\Windows\System\VGckibx.exe
  2⤵
  PID:5212
- C:\Windows\System\pgbdoHN.exe
  C:\Windows\System\pgbdoHN.exe
  2⤵
  PID:5228
- C:\Windows\System\sGjQmia.exe
  C:\Windows\System\sGjQmia.exe
  2⤵
  PID:5244
- C:\Windows\System\yBEBotQ.exe
  C:\Windows\System\yBEBotQ.exe
  2⤵
  PID:5260
- C:\Windows\System\YaTBNPg.exe
  C:\Windows\System\YaTBNPg.exe
  2⤵
  PID:5276
- C:\Windows\System\RPIWxUU.exe
  C:\Windows\System\RPIWxUU.exe
  2⤵
  PID:5292
- C:\Windows\System\dSznyTr.exe
  C:\Windows\System\dSznyTr.exe
  2⤵
  PID:5308
- C:\Windows\System\niClRdz.exe
  C:\Windows\System\niClRdz.exe
  2⤵
  PID:5340
- C:\Windows\System\HIcBHym.exe
  C:\Windows\System\HIcBHym.exe
  2⤵
  PID:5360
- C:\Windows\System\fIZLkyZ.exe
  C:\Windows\System\fIZLkyZ.exe
  2⤵
  PID:5380
- C:\Windows\System\dIibyUD.exe
  C:\Windows\System\dIibyUD.exe
  2⤵
  PID:5400
- C:\Windows\System\GRDTmgl.exe
  C:\Windows\System\GRDTmgl.exe
  2⤵
  PID:5424
- C:\Windows\System\OlpjATt.exe
  C:\Windows\System\OlpjATt.exe
  2⤵
  PID:5444
- C:\Windows\System\ftHExty.exe
  C:\Windows\System\ftHExty.exe
  2⤵
  PID:5460
- C:\Windows\System\pHZlCCi.exe
  C:\Windows\System\pHZlCCi.exe
  2⤵
  PID:5476
- C:\Windows\System\ZuhCNOy.exe
  C:\Windows\System\ZuhCNOy.exe
  2⤵
  PID:5500
- C:\Windows\System\ghvBghK.exe
  C:\Windows\System\ghvBghK.exe
  2⤵
  PID:5524
- C:\Windows\System\CopSTuO.exe
  C:\Windows\System\CopSTuO.exe
  2⤵
  PID:5540
- C:\Windows\System\NnglmMY.exe
  C:\Windows\System\NnglmMY.exe
  2⤵
  PID:5560
- C:\Windows\System\NvmBDQz.exe
  C:\Windows\System\NvmBDQz.exe
  2⤵
  PID:5584
- C:\Windows\System\XCnQBVx.exe
  C:\Windows\System\XCnQBVx.exe
  2⤵
  PID:5604
- C:\Windows\System\cHuDrgL.exe
  C:\Windows\System\cHuDrgL.exe
  2⤵
  PID:5624
- C:\Windows\System\rmtlmxw.exe
  C:\Windows\System\rmtlmxw.exe
  2⤵
  PID:5648
- C:\Windows\System\jsNZoUO.exe
  C:\Windows\System\jsNZoUO.exe
  2⤵
  PID:5680
- C:\Windows\System\dNxlfOW.exe
  C:\Windows\System\dNxlfOW.exe
  2⤵
  PID:5696
- C:\Windows\System\prIAqfQ.exe
  C:\Windows\System\prIAqfQ.exe
  2⤵
  PID:5716
- C:\Windows\System\laZiQSY.exe
  C:\Windows\System\laZiQSY.exe
  2⤵
  PID:5736
- C:\Windows\System\eqeZdDm.exe
  C:\Windows\System\eqeZdDm.exe
  2⤵
  PID:5756
- C:\Windows\System\sWlMICU.exe
  C:\Windows\System\sWlMICU.exe
  2⤵
  PID:5776
- C:\Windows\System\JHTdVDE.exe
  C:\Windows\System\JHTdVDE.exe
  2⤵
  PID:5800
- C:\Windows\System\vOSEHmn.exe
  C:\Windows\System\vOSEHmn.exe
  2⤵
  PID:5820
- C:\Windows\System\rakJEoa.exe
  C:\Windows\System\rakJEoa.exe
  2⤵
  PID:5840
- C:\Windows\System\upixFqn.exe
  C:\Windows\System\upixFqn.exe
  2⤵
  PID:5860
- C:\Windows\System\sGTFWDy.exe
  C:\Windows\System\sGTFWDy.exe
  2⤵
  PID:5880
- C:\Windows\System\nVUxqUY.exe
  C:\Windows\System\nVUxqUY.exe
  2⤵
  PID:5900
- C:\Windows\System\jvZFORM.exe
  C:\Windows\System\jvZFORM.exe
  2⤵
  PID:5920
- C:\Windows\System\FqWsyJP.exe
  C:\Windows\System\FqWsyJP.exe
  2⤵
  PID:5940
- C:\Windows\System\Mphgect.exe
  C:\Windows\System\Mphgect.exe
  2⤵
  PID:5960
- C:\Windows\System\XjFKFvS.exe
  C:\Windows\System\XjFKFvS.exe
  2⤵
  PID:5980
- C:\Windows\System\HSBZuCf.exe
  C:\Windows\System\HSBZuCf.exe
  2⤵
  PID:6000
- C:\Windows\System\lHmmiEK.exe
  C:\Windows\System\lHmmiEK.exe
  2⤵
  PID:6020
- C:\Windows\System\khINyyi.exe
  C:\Windows\System\khINyyi.exe
  2⤵
  PID:6040
- C:\Windows\System\bAFVMle.exe
  C:\Windows\System\bAFVMle.exe
  2⤵
  PID:6060
- C:\Windows\System\LhjnUMV.exe
  C:\Windows\System\LhjnUMV.exe
  2⤵
  PID:6080
- C:\Windows\System\ZsaevRv.exe
  C:\Windows\System\ZsaevRv.exe
  2⤵
  PID:6100
- C:\Windows\System\URWTbJz.exe
  C:\Windows\System\URWTbJz.exe
  2⤵
  PID:6120
- C:\Windows\System\ZXWoafV.exe
  C:\Windows\System\ZXWoafV.exe
  2⤵
  PID:6140
- C:\Windows\System\BcgQMUY.exe
  C:\Windows\System\BcgQMUY.exe
  2⤵
  PID:4572
- C:\Windows\System\bJPhhiv.exe
  C:\Windows\System\bJPhhiv.exe
  2⤵
  PID:4464
- C:\Windows\System\scporHB.exe
  C:\Windows\System\scporHB.exe
  2⤵
  PID:4012
- C:\Windows\System\Qsqaidr.exe
  C:\Windows\System\Qsqaidr.exe
  2⤵
  PID:4912
- C:\Windows\System\wxSTzMP.exe
  C:\Windows\System\wxSTzMP.exe
  2⤵
  PID:4528
- C:\Windows\System\TNSzQdQ.exe
  C:\Windows\System\TNSzQdQ.exe
  2⤵
  PID:5088
- C:\Windows\System\EVMElKD.exe
  C:\Windows\System\EVMElKD.exe
  2⤵
  PID:1696
- C:\Windows\System\eQxOIxn.exe
  C:\Windows\System\eQxOIxn.exe
  2⤵
  PID:4996
- C:\Windows\System\iIXUoom.exe
  C:\Windows\System\iIXUoom.exe
  2⤵
  PID:4092
- C:\Windows\System\bsyWVCL.exe
  C:\Windows\System\bsyWVCL.exe
  2⤵
  PID:5184
- C:\Windows\System\DyZElXs.exe
  C:\Windows\System\DyZElXs.exe
  2⤵
  PID:4848
- C:\Windows\System\duliLJF.exe
  C:\Windows\System\duliLJF.exe
  2⤵
  PID:5252
- C:\Windows\System\BOaSVmM.exe
  C:\Windows\System\BOaSVmM.exe
  2⤵
  PID:5320
- C:\Windows\System\OOqphEe.exe
  C:\Windows\System\OOqphEe.exe
  2⤵
  PID:2752
- C:\Windows\System\jYZEnfH.exe
  C:\Windows\System\jYZEnfH.exe
  2⤵
  PID:5376
- C:\Windows\System\eRcahYM.exe
  C:\Windows\System\eRcahYM.exe
  2⤵
  PID:5412
- C:\Windows\System\GNQDVJn.exe
  C:\Windows\System\GNQDVJn.exe
  2⤵
  PID:3160
- C:\Windows\System\KVGPLJh.exe
  C:\Windows\System\KVGPLJh.exe
  2⤵
  PID:5164
- C:\Windows\System\JAHmzox.exe
  C:\Windows\System\JAHmzox.exe
  2⤵
  PID:5200
- C:\Windows\System\EAnHMty.exe
  C:\Windows\System\EAnHMty.exe
  2⤵
  PID:5456
- C:\Windows\System\QUQSMeu.exe
  C:\Windows\System\QUQSMeu.exe
  2⤵
  PID:5496
- C:\Windows\System\ecHMqrK.exe
  C:\Windows\System\ecHMqrK.exe
  2⤵
  PID:5572
- C:\Windows\System\dPzSYbe.exe
  C:\Windows\System\dPzSYbe.exe
  2⤵
  PID:5356
- C:\Windows\System\swMYUUR.exe
  C:\Windows\System\swMYUUR.exe
  2⤵
  PID:5436
- C:\Windows\System\jQfgKRt.exe
  C:\Windows\System\jQfgKRt.exe
  2⤵
  PID:5512
- C:\Windows\System\GmxJiVW.exe
  C:\Windows\System\GmxJiVW.exe
  2⤵
  PID:5616
- C:\Windows\System\yBWXYuE.exe
  C:\Windows\System\yBWXYuE.exe
  2⤵
  PID:5548
- C:\Windows\System\KobdYzO.exe
  C:\Windows\System\KobdYzO.exe
  2⤵
  PID:5660
- C:\Windows\System\nesRHpB.exe
  C:\Windows\System\nesRHpB.exe
  2⤵
  PID:5688
- C:\Windows\System\IYdVVGZ.exe
  C:\Windows\System\IYdVVGZ.exe
  2⤵
  PID:5708
- C:\Windows\System\DqzKrPq.exe
  C:\Windows\System\DqzKrPq.exe
  2⤵
  PID:5732
- C:\Windows\System\Iewjbnk.exe
  C:\Windows\System\Iewjbnk.exe
  2⤵
  PID:5788
- C:\Windows\System\AQeWzpk.exe
  C:\Windows\System\AQeWzpk.exe
  2⤵
  PID:5816
- C:\Windows\System\YILJzfq.exe
  C:\Windows\System\YILJzfq.exe
  2⤵
  PID:5832
- C:\Windows\System\qTvGlnn.exe
  C:\Windows\System\qTvGlnn.exe
  2⤵
  PID:5876
- C:\Windows\System\RhCWakQ.exe
  C:\Windows\System\RhCWakQ.exe
  2⤵
  PID:5892
- C:\Windows\System\GyLxsDD.exe
  C:\Windows\System\GyLxsDD.exe
  2⤵
  PID:5932
- C:\Windows\System\sxxJYPL.exe
  C:\Windows\System\sxxJYPL.exe
  2⤵
  PID:2996
- C:\Windows\System\FVQadJj.exe
  C:\Windows\System\FVQadJj.exe
  2⤵
  PID:5992
- C:\Windows\System\NRLtJcP.exe
  C:\Windows\System\NRLtJcP.exe
  2⤵
  PID:6012
- C:\Windows\System\llZgpYy.exe
  C:\Windows\System\llZgpYy.exe
  2⤵
  PID:6068
- C:\Windows\System\pWaxSYJ.exe
  C:\Windows\System\pWaxSYJ.exe
  2⤵
  PID:6096
- C:\Windows\System\TuTvUSz.exe
  C:\Windows\System\TuTvUSz.exe
  2⤵
  PID:6128
- C:\Windows\System\PMdveIo.exe
  C:\Windows\System\PMdveIo.exe
  2⤵
  PID:4184
- C:\Windows\System\BlwDATm.exe
  C:\Windows\System\BlwDATm.exe
  2⤵
  PID:4504
- C:\Windows\System\VKOAJLL.exe
  C:\Windows\System\VKOAJLL.exe
  2⤵
  PID:4736
- C:\Windows\System\YRNEyml.exe
  C:\Windows\System\YRNEyml.exe
  2⤵
  PID:4732
- C:\Windows\System\WkwpTbe.exe
  C:\Windows\System\WkwpTbe.exe
  2⤵
  PID:4788
- C:\Windows\System\cYeHUXc.exe
  C:\Windows\System\cYeHUXc.exe
  2⤵
  PID:4952
- C:\Windows\System\ryogElU.exe
  C:\Windows\System\ryogElU.exe
  2⤵
  PID:5220
- C:\Windows\System\bvloEFf.exe
  C:\Windows\System\bvloEFf.exe
  2⤵
  PID:5284
- C:\Windows\System\pqSmzPY.exe
  C:\Windows\System\pqSmzPY.exe
  2⤵
  PID:5332
- C:\Windows\System\AFcQGXO.exe
  C:\Windows\System\AFcQGXO.exe
  2⤵
  PID:2832
- C:\Windows\System\vBDQUAj.exe
  C:\Windows\System\vBDQUAj.exe
  2⤵
  PID:5152
- C:\Windows\System\YzRwKFt.exe
  C:\Windows\System\YzRwKFt.exe
  2⤵
  PID:5208
- C:\Windows\System\nKXwInn.exe
  C:\Windows\System\nKXwInn.exe
  2⤵
  PID:5300
- C:\Windows\System\IojzZjY.exe
  C:\Windows\System\IojzZjY.exe
  2⤵
  PID:5536
- C:\Windows\System\xZZgrTe.exe
  C:\Windows\System\xZZgrTe.exe
  2⤵
  PID:5432
- C:\Windows\System\ggmJJJI.exe
  C:\Windows\System\ggmJJJI.exe
  2⤵
  PID:5520
- C:\Windows\System\IhDXLbi.exe
  C:\Windows\System\IhDXLbi.exe
  2⤵
  PID:5632
- C:\Windows\System\IEBCbsf.exe
  C:\Windows\System\IEBCbsf.exe
  2⤵
  PID:5668
- C:\Windows\System\ePFHsuW.exe
  C:\Windows\System\ePFHsuW.exe
  2⤵
  PID:5752
- C:\Windows\System\KhcPfMS.exe
  C:\Windows\System\KhcPfMS.exe
  2⤵
  PID:5784
- C:\Windows\System\mzkwSBD.exe
  C:\Windows\System\mzkwSBD.exe
  2⤵
  PID:5812
- C:\Windows\System\PboIDRj.exe
  C:\Windows\System\PboIDRj.exe
  2⤵
  PID:5888
- C:\Windows\System\ChKNNGY.exe
  C:\Windows\System\ChKNNGY.exe
  2⤵
  PID:5928
- C:\Windows\System\okSUkNK.exe
  C:\Windows\System\okSUkNK.exe
  2⤵
  PID:5972
- C:\Windows\System\aRRRelP.exe
  C:\Windows\System\aRRRelP.exe
  2⤵
  PID:6016
- C:\Windows\System\zBuiMUQ.exe
  C:\Windows\System\zBuiMUQ.exe
  2⤵
  PID:6112
- C:\Windows\System\sfESgvA.exe
  C:\Windows\System\sfESgvA.exe
  2⤵
  PID:4568
- C:\Windows\System\RUKHUWs.exe
  C:\Windows\System\RUKHUWs.exe
  2⤵
  PID:3688
- C:\Windows\System\NqgTBrH.exe
  C:\Windows\System\NqgTBrH.exe
  2⤵
  PID:4452
- C:\Windows\System\WldybIm.exe
  C:\Windows\System\WldybIm.exe
  2⤵
  PID:1732
- C:\Windows\System\NxtvrIt.exe
  C:\Windows\System\NxtvrIt.exe
  2⤵
  PID:5132
- C:\Windows\System\WcAQBqZ.exe
  C:\Windows\System\WcAQBqZ.exe
  2⤵
  PID:5328
- C:\Windows\System\fcKbdBS.exe
  C:\Windows\System\fcKbdBS.exe
  2⤵
  PID:5408
- C:\Windows\System\OnWESda.exe
  C:\Windows\System\OnWESda.exe
  2⤵
  PID:5156
- C:\Windows\System\mGFJSeR.exe
  C:\Windows\System\mGFJSeR.exe
  2⤵
  PID:5568
- C:\Windows\System\NxxpeqD.exe
  C:\Windows\System\NxxpeqD.exe
  2⤵
  PID:5508
- C:\Windows\System\LgoGsaf.exe
  C:\Windows\System\LgoGsaf.exe
  2⤵
  PID:6152
- C:\Windows\System\OAZsZyu.exe
  C:\Windows\System\OAZsZyu.exe
  2⤵
  PID:6176
- C:\Windows\System\LPJDKPY.exe
  C:\Windows\System\LPJDKPY.exe
  2⤵
  PID:6196
- C:\Windows\System\DRADZUi.exe
  C:\Windows\System\DRADZUi.exe
  2⤵
  PID:6216
- C:\Windows\System\kQHqkdg.exe
  C:\Windows\System\kQHqkdg.exe
  2⤵
  PID:6236
- C:\Windows\System\cvHkYpT.exe
  C:\Windows\System\cvHkYpT.exe
  2⤵
  PID:6256
- C:\Windows\System\VuygStE.exe
  C:\Windows\System\VuygStE.exe
  2⤵
  PID:6276
- C:\Windows\System\tlOSBCa.exe
  C:\Windows\System\tlOSBCa.exe
  2⤵
  PID:6296
- C:\Windows\System\UGGmBzM.exe
  C:\Windows\System\UGGmBzM.exe
  2⤵
  PID:6316
- C:\Windows\System\apnQbDE.exe
  C:\Windows\System\apnQbDE.exe
  2⤵
  PID:6336
- C:\Windows\System\bjGXhop.exe
  C:\Windows\System\bjGXhop.exe
  2⤵
  PID:6356
- C:\Windows\System\GCdwcQo.exe
  C:\Windows\System\GCdwcQo.exe
  2⤵
  PID:6376
- C:\Windows\System\Oitvkfn.exe
  C:\Windows\System\Oitvkfn.exe
  2⤵
  PID:6396
- C:\Windows\System\QrHhgtg.exe
  C:\Windows\System\QrHhgtg.exe
  2⤵
  PID:6416
- C:\Windows\System\gwrpBIc.exe
  C:\Windows\System\gwrpBIc.exe
  2⤵
  PID:6436
- C:\Windows\System\GWfjPKY.exe
  C:\Windows\System\GWfjPKY.exe
  2⤵
  PID:6456
- C:\Windows\System\rGNKzWm.exe
  C:\Windows\System\rGNKzWm.exe
  2⤵
  PID:6476
- C:\Windows\System\NdyufwZ.exe
  C:\Windows\System\NdyufwZ.exe
  2⤵
  PID:6496
- C:\Windows\System\zheRvVk.exe
  C:\Windows\System\zheRvVk.exe
  2⤵
  PID:6516
- C:\Windows\System\ULDMaOx.exe
  C:\Windows\System\ULDMaOx.exe
  2⤵
  PID:6536
- C:\Windows\System\QuorkBn.exe
  C:\Windows\System\QuorkBn.exe
  2⤵
  PID:6556
- C:\Windows\System\APSKNkA.exe
  C:\Windows\System\APSKNkA.exe
  2⤵
  PID:6576
- C:\Windows\System\uGUlWEx.exe
  C:\Windows\System\uGUlWEx.exe
  2⤵
  PID:6596
- C:\Windows\System\pxyJJjd.exe
  C:\Windows\System\pxyJJjd.exe
  2⤵
  PID:6616
- C:\Windows\System\NtbbYWZ.exe
  C:\Windows\System\NtbbYWZ.exe
  2⤵
  PID:6636
- C:\Windows\System\NMWsmYk.exe
  C:\Windows\System\NMWsmYk.exe
  2⤵
  PID:6656
- C:\Windows\System\lZXLeSK.exe
  C:\Windows\System\lZXLeSK.exe
  2⤵
  PID:6676
- C:\Windows\System\beHzePa.exe
  C:\Windows\System\beHzePa.exe
  2⤵
  PID:6696
- C:\Windows\System\QXiDpWb.exe
  C:\Windows\System\QXiDpWb.exe
  2⤵
  PID:6716
- C:\Windows\System\qxxWSGS.exe
  C:\Windows\System\qxxWSGS.exe
  2⤵
  PID:6736
- C:\Windows\System\zmoLyyl.exe
  C:\Windows\System\zmoLyyl.exe
  2⤵
  PID:6756
- C:\Windows\System\vejgUDE.exe
  C:\Windows\System\vejgUDE.exe
  2⤵
  PID:6776
- C:\Windows\System\CPAVJCi.exe
  C:\Windows\System\CPAVJCi.exe
  2⤵
  PID:6796
- C:\Windows\System\clrgkKw.exe
  C:\Windows\System\clrgkKw.exe
  2⤵
  PID:6816
- C:\Windows\System\yVTfvRU.exe
  C:\Windows\System\yVTfvRU.exe
  2⤵
  PID:6836
- C:\Windows\System\IEKQKeD.exe
  C:\Windows\System\IEKQKeD.exe
  2⤵
  PID:6856
- C:\Windows\System\qZcHCCl.exe
  C:\Windows\System\qZcHCCl.exe
  2⤵
  PID:6876
- C:\Windows\System\ilpytcH.exe
  C:\Windows\System\ilpytcH.exe
  2⤵
  PID:6896
- C:\Windows\System\iKqRyKL.exe
  C:\Windows\System\iKqRyKL.exe
  2⤵
  PID:6916
- C:\Windows\System\PbsoLfS.exe
  C:\Windows\System\PbsoLfS.exe
  2⤵
  PID:6936
- C:\Windows\System\DyqrDxc.exe
  C:\Windows\System\DyqrDxc.exe
  2⤵
  PID:6956
- C:\Windows\System\YomUdAy.exe
  C:\Windows\System\YomUdAy.exe
  2⤵
  PID:6976
- C:\Windows\System\MlQUlGo.exe
  C:\Windows\System\MlQUlGo.exe
  2⤵
  PID:6996
- C:\Windows\System\ksCXSvZ.exe
  C:\Windows\System\ksCXSvZ.exe
  2⤵
  PID:7016
- C:\Windows\System\UotlDpA.exe
  C:\Windows\System\UotlDpA.exe
  2⤵
  PID:7036
- C:\Windows\System\SciWZgR.exe
  C:\Windows\System\SciWZgR.exe
  2⤵
  PID:7056
- C:\Windows\System\haeCENd.exe
  C:\Windows\System\haeCENd.exe
  2⤵
  PID:7076
- C:\Windows\System\DcOGGrL.exe
  C:\Windows\System\DcOGGrL.exe
  2⤵
  PID:7096
- C:\Windows\System\gLMKhOy.exe
  C:\Windows\System\gLMKhOy.exe
  2⤵
  PID:7116
- C:\Windows\System\QeBgDvt.exe
  C:\Windows\System\QeBgDvt.exe
  2⤵
  PID:7140
- C:\Windows\System\lgitheb.exe
  C:\Windows\System\lgitheb.exe
  2⤵
  PID:7160
- C:\Windows\System\QYJFpyc.exe
  C:\Windows\System\QYJFpyc.exe
  2⤵
  PID:5656
- C:\Windows\System\fVVvWmp.exe
  C:\Windows\System\fVVvWmp.exe
  2⤵
  PID:5712
- C:\Windows\System\cmrRDWU.exe
  C:\Windows\System\cmrRDWU.exe
  2⤵
  PID:2796
- C:\Windows\System\fmtOcjU.exe
  C:\Windows\System\fmtOcjU.exe
  2⤵
  PID:5936
- C:\Windows\System\NyIJNmz.exe
  C:\Windows\System\NyIJNmz.exe
  2⤵
  PID:3004
- C:\Windows\System\ZoVGKkM.exe
  C:\Windows\System\ZoVGKkM.exe
  2⤵
  PID:6108
- C:\Windows\System\gUEXflr.exe
  C:\Windows\System\gUEXflr.exe
  2⤵
  PID:2736
- C:\Windows\System\KQMXByN.exe
  C:\Windows\System\KQMXByN.exe
  2⤵
  PID:2316
- C:\Windows\System\qCGJXWf.exe
  C:\Windows\System\qCGJXWf.exe
  2⤵
  PID:5140
- C:\Windows\System\TlWjFVu.exe
  C:\Windows\System\TlWjFVu.exe
  2⤵
  PID:1756
- C:\Windows\System\bhHMCvs.exe
  C:\Windows\System\bhHMCvs.exe
  2⤵
  PID:5268
- C:\Windows\System\OfDifnv.exe
  C:\Windows\System\OfDifnv.exe
  2⤵
  PID:5392
- C:\Windows\System\NhGiWbY.exe
  C:\Windows\System\NhGiWbY.exe
  2⤵
  PID:5620
- C:\Windows\System\yXzcGme.exe
  C:\Windows\System\yXzcGme.exe
  2⤵
  PID:6192
- C:\Windows\System\SmrlSgP.exe
  C:\Windows\System\SmrlSgP.exe
  2⤵
  PID:6252
- C:\Windows\System\KUbRyVh.exe
  C:\Windows\System\KUbRyVh.exe
  2⤵
  PID:6284
- C:\Windows\System\CKTvGOn.exe
  C:\Windows\System\CKTvGOn.exe
  2⤵
  PID:6304
- C:\Windows\System\SnzRdlp.exe
  C:\Windows\System\SnzRdlp.exe
  2⤵
  PID:6328
- C:\Windows\System\APbVGjd.exe
  C:\Windows\System\APbVGjd.exe
  2⤵
  PID:2416
- C:\Windows\System\NBWKVmi.exe
  C:\Windows\System\NBWKVmi.exe
  2⤵
  PID:6388
- C:\Windows\System\MLuVyfY.exe
  C:\Windows\System\MLuVyfY.exe
  2⤵
  PID:6424
- C:\Windows\System\VcrORFX.exe
  C:\Windows\System\VcrORFX.exe
  2⤵
  PID:6448
- C:\Windows\System\MxcvOwG.exe
  C:\Windows\System\MxcvOwG.exe
  2⤵
  PID:6468
- C:\Windows\System\oPnmWEW.exe
  C:\Windows\System\oPnmWEW.exe
  2⤵
  PID:6532
- C:\Windows\System\PZqTWOn.exe
  C:\Windows\System\PZqTWOn.exe
  2⤵
  PID:6548
- C:\Windows\System\xTWUwwu.exe
  C:\Windows\System\xTWUwwu.exe
  2⤵
  PID:6704
- C:\Windows\System\uVlijAE.exe
  C:\Windows\System\uVlijAE.exe
  2⤵
  PID:6728
- C:\Windows\System\RkjroAn.exe
  C:\Windows\System\RkjroAn.exe
  2⤵
  PID:6772
- C:\Windows\System\koDIbKU.exe
  C:\Windows\System\koDIbKU.exe
  2⤵
  PID:6812
- C:\Windows\System\UClCpUd.exe
  C:\Windows\System\UClCpUd.exe
  2⤵
  PID:6852
- C:\Windows\System\yBLivlI.exe
  C:\Windows\System\yBLivlI.exe
  2⤵
  PID:6872
- C:\Windows\System\NaOxwDB.exe
  C:\Windows\System\NaOxwDB.exe
  2⤵
  PID:6904
- C:\Windows\System\TAoEtov.exe
  C:\Windows\System\TAoEtov.exe
  2⤵
  PID:6928
- C:\Windows\System\uuqfwyY.exe
  C:\Windows\System\uuqfwyY.exe
  2⤵
  PID:6948
- C:\Windows\System\DTTUUTZ.exe
  C:\Windows\System\DTTUUTZ.exe
  2⤵
  PID:6988
- C:\Windows\System\VvuKTTD.exe
  C:\Windows\System\VvuKTTD.exe
  2⤵
  PID:7032
- C:\Windows\System\JINvGCV.exe
  C:\Windows\System\JINvGCV.exe
  2⤵
  PID:7088
- C:\Windows\System\FSVSazg.exe
  C:\Windows\System\FSVSazg.exe
  2⤵
  PID:7124
- C:\Windows\System\RzbXFSN.exe
  C:\Windows\System\RzbXFSN.exe
  2⤵
  PID:7148
- C:\Windows\System\EwEWrhy.exe
  C:\Windows\System\EwEWrhy.exe
  2⤵
  PID:5764
- C:\Windows\System\LutSSTe.exe
  C:\Windows\System\LutSSTe.exe
  2⤵
  PID:5996
- C:\Windows\System\oqDrJAI.exe
  C:\Windows\System\oqDrJAI.exe
  2⤵
  PID:5868
- C:\Windows\System\clcWoDS.exe
  C:\Windows\System\clcWoDS.exe
  2⤵
  PID:2504
- C:\Windows\System\ugdPPsb.exe
  C:\Windows\System\ugdPPsb.exe
  2⤵
  PID:1852
- C:\Windows\System\CBNKWwt.exe
  C:\Windows\System\CBNKWwt.exe
  2⤵
  PID:4804
- C:\Windows\System\fraKTfN.exe
  C:\Windows\System\fraKTfN.exe
  2⤵
  PID:5348
- C:\Windows\System\sINYKbz.exe
  C:\Windows\System\sINYKbz.exe
  2⤵
  PID:6184
- C:\Windows\System\RbxeECG.exe
  C:\Windows\System\RbxeECG.exe
  2⤵
  PID:6204
- C:\Windows\System\lVUXauM.exe
  C:\Windows\System\lVUXauM.exe
  2⤵
  PID:6248
- C:\Windows\System\OQuDRHU.exe
  C:\Windows\System\OQuDRHU.exe
  2⤵
  PID:6372
- C:\Windows\System\pJplXbt.exe
  C:\Windows\System\pJplXbt.exe
  2⤵
  PID:288
- C:\Windows\System\DLMDzWz.exe
  C:\Windows\System\DLMDzWz.exe
  2⤵
  PID:2084
- C:\Windows\System\mFLfOuB.exe
  C:\Windows\System\mFLfOuB.exe
  2⤵
  PID:6464
- C:\Windows\System\lbkkVvZ.exe
  C:\Windows\System\lbkkVvZ.exe
  2⤵
  PID:6552
- C:\Windows\System\svZlmTz.exe
  C:\Windows\System\svZlmTz.exe
  2⤵
  PID:6604
- C:\Windows\System\PQvJtWI.exe
  C:\Windows\System\PQvJtWI.exe
  2⤵
  PID:6752
- C:\Windows\System\qxATCge.exe
  C:\Windows\System\qxATCge.exe
  2⤵
  PID:6844
- C:\Windows\System\anGSgXF.exe
  C:\Windows\System\anGSgXF.exe
  2⤵
  PID:6908
- C:\Windows\System\xowQqtz.exe
  C:\Windows\System\xowQqtz.exe
  2⤵
  PID:6964
- C:\Windows\System\QrCjvWx.exe
  C:\Windows\System\QrCjvWx.exe
  2⤵
  PID:6992
- C:\Windows\System\fGQtlTv.exe
  C:\Windows\System\fGQtlTv.exe
  2⤵
  PID:7064
- C:\Windows\System\DnTJbtI.exe
  C:\Windows\System\DnTJbtI.exe
  2⤵
  PID:5612
- C:\Windows\System\BXhbsFt.exe
  C:\Windows\System\BXhbsFt.exe
  2⤵
  PID:2408
- C:\Windows\System\HWqVrnx.exe
  C:\Windows\System\HWqVrnx.exe
  2⤵
  PID:5808
- C:\Windows\System\OdizAhG.exe
  C:\Windows\System\OdizAhG.exe
  2⤵
  PID:4164
- C:\Windows\System\bQNKQQA.exe
  C:\Windows\System\bQNKQQA.exe
  2⤵
  PID:4148
- C:\Windows\System\BHrzWrl.exe
  C:\Windows\System\BHrzWrl.exe
  2⤵
  PID:6208
- C:\Windows\System\SRocqlg.exe
  C:\Windows\System\SRocqlg.exe
  2⤵
  PID:6268
- C:\Windows\System\sGLTOXv.exe
  C:\Windows\System\sGLTOXv.exe
  2⤵
  PID:6228
- C:\Windows\System\KPcHVUR.exe
  C:\Windows\System\KPcHVUR.exe
  2⤵
  PID:6312
- C:\Windows\System\ldnrkem.exe
  C:\Windows\System\ldnrkem.exe
  2⤵
  PID:6384
- C:\Windows\System\aOUwNWw.exe
  C:\Windows\System\aOUwNWw.exe
  2⤵
  PID:6792
- C:\Windows\System\jsxleGw.exe
  C:\Windows\System\jsxleGw.exe
  2⤵
  PID:6748
- C:\Windows\System\TxPrlmU.exe
  C:\Windows\System\TxPrlmU.exe
  2⤵
  PID:6932
- C:\Windows\System\JYTZBPu.exe
  C:\Windows\System\JYTZBPu.exe
  2⤵
  PID:7184
- C:\Windows\System\UZzRCOe.exe
  C:\Windows\System\UZzRCOe.exe
  2⤵
  PID:7204
- C:\Windows\System\hcqzscU.exe
  C:\Windows\System\hcqzscU.exe
  2⤵
  PID:7224
- C:\Windows\System\ZvEYnlO.exe
  C:\Windows\System\ZvEYnlO.exe
  2⤵
  PID:7244
- C:\Windows\System\tzBqoXH.exe
  C:\Windows\System\tzBqoXH.exe
  2⤵
  PID:7276
- C:\Windows\System\sHygPwI.exe
  C:\Windows\System\sHygPwI.exe
  2⤵
  PID:7296
- C:\Windows\System\NIdYmLv.exe
  C:\Windows\System\NIdYmLv.exe
  2⤵
  PID:7316
- C:\Windows\System\wsPrTdX.exe
  C:\Windows\System\wsPrTdX.exe
  2⤵
  PID:7332
- C:\Windows\System\ujWLsgf.exe
  C:\Windows\System\ujWLsgf.exe
  2⤵
  PID:7364
- C:\Windows\System\KIcpXpl.exe
  C:\Windows\System\KIcpXpl.exe
  2⤵
  PID:7388
- C:\Windows\System\WnhQRsx.exe
  C:\Windows\System\WnhQRsx.exe
  2⤵
  PID:7408
- C:\Windows\System\sPOgZyx.exe
  C:\Windows\System\sPOgZyx.exe
  2⤵
  PID:7428
- C:\Windows\System\djNZdve.exe
  C:\Windows\System\djNZdve.exe
  2⤵
  PID:7448
- C:\Windows\System\QdVoMtp.exe
  C:\Windows\System\QdVoMtp.exe
  2⤵
  PID:7468
- C:\Windows\System\FctcMab.exe
  C:\Windows\System\FctcMab.exe
  2⤵
  PID:7488
- C:\Windows\System\zPsRGdM.exe
  C:\Windows\System\zPsRGdM.exe
  2⤵
  PID:7504
- C:\Windows\System\CksxuxZ.exe
  C:\Windows\System\CksxuxZ.exe
  2⤵
  PID:7524
- C:\Windows\System\XweGvzD.exe
  C:\Windows\System\XweGvzD.exe
  2⤵
  PID:7552
- C:\Windows\System\qBIJdyn.exe
  C:\Windows\System\qBIJdyn.exe
  2⤵
  PID:7572
- C:\Windows\System\WzykDVb.exe
  C:\Windows\System\WzykDVb.exe
  2⤵
  PID:7592
- C:\Windows\System\tDYBRFt.exe
  C:\Windows\System\tDYBRFt.exe
  2⤵
  PID:7608
- C:\Windows\System\GFyxrXD.exe
  C:\Windows\System\GFyxrXD.exe
  2⤵
  PID:7632
- C:\Windows\System\bdcWMBB.exe
  C:\Windows\System\bdcWMBB.exe
  2⤵
  PID:7652
- C:\Windows\System\ccIDEkz.exe
  C:\Windows\System\ccIDEkz.exe
  2⤵
  PID:7672
- C:\Windows\System\ntmJeBW.exe
  C:\Windows\System\ntmJeBW.exe
  2⤵
  PID:7692
- C:\Windows\System\GIGxDdd.exe
  C:\Windows\System\GIGxDdd.exe
  2⤵
  PID:7708
- C:\Windows\System\bOLtYNX.exe
  C:\Windows\System\bOLtYNX.exe
  2⤵
  PID:7728
- C:\Windows\System\jfeXvSr.exe
  C:\Windows\System\jfeXvSr.exe
  2⤵
  PID:7752
- C:\Windows\System\YvkxNPT.exe
  C:\Windows\System\YvkxNPT.exe
  2⤵
  PID:7772
- C:\Windows\System\pRWwmJT.exe
  C:\Windows\System\pRWwmJT.exe
  2⤵
  PID:7788
- C:\Windows\System\ZnKKGqZ.exe
  C:\Windows\System\ZnKKGqZ.exe
  2⤵
  PID:7812
- C:\Windows\System\HHoLuHz.exe
  C:\Windows\System\HHoLuHz.exe
  2⤵
  PID:7832
- C:\Windows\System\rulNczK.exe
  C:\Windows\System\rulNczK.exe
  2⤵
  PID:7852
- C:\Windows\System\eaoVadS.exe
  C:\Windows\System\eaoVadS.exe
  2⤵
  PID:7872
- C:\Windows\System\jaEFqNE.exe
  C:\Windows\System\jaEFqNE.exe
  2⤵
  PID:7892
- C:\Windows\System\prmAIQp.exe
  C:\Windows\System\prmAIQp.exe
  2⤵
  PID:7912
- C:\Windows\System\aivphsf.exe
  C:\Windows\System\aivphsf.exe
  2⤵
  PID:7932
- C:\Windows\System\fsEYhUe.exe
  C:\Windows\System\fsEYhUe.exe
  2⤵
  PID:7952
- C:\Windows\System\rYtLykd.exe
  C:\Windows\System\rYtLykd.exe
  2⤵
  PID:7972
- C:\Windows\System\BQIneki.exe
  C:\Windows\System\BQIneki.exe
  2⤵
  PID:7996
- C:\Windows\System\FZGGcpD.exe
  C:\Windows\System\FZGGcpD.exe
  2⤵
  PID:8012
- C:\Windows\System\VpnTfRH.exe
  C:\Windows\System\VpnTfRH.exe
  2⤵
  PID:8036
- C:\Windows\System\zTHJthP.exe
  C:\Windows\System\zTHJthP.exe
  2⤵
  PID:8056
- C:\Windows\System\cRoTKzZ.exe
  C:\Windows\System\cRoTKzZ.exe
  2⤵
  PID:8076
- C:\Windows\System\fNUNAlC.exe
  C:\Windows\System\fNUNAlC.exe
  2⤵
  PID:8096
- C:\Windows\System\hOzVpve.exe
  C:\Windows\System\hOzVpve.exe
  2⤵
  PID:8116
- C:\Windows\System\xKEgBvs.exe
  C:\Windows\System\xKEgBvs.exe
  2⤵
  PID:8136
- C:\Windows\System\wTYiLPL.exe
  C:\Windows\System\wTYiLPL.exe
  2⤵
  PID:8156
- C:\Windows\System\tpxEDOR.exe
  C:\Windows\System\tpxEDOR.exe
  2⤵
  PID:8176
- C:\Windows\System\xYfNZLp.exe
  C:\Windows\System\xYfNZLp.exe
  2⤵
  PID:7084
- C:\Windows\System\KCyPBIk.exe
  C:\Windows\System\KCyPBIk.exe
  2⤵
  PID:7048
- C:\Windows\System\QNPmBrr.exe
  C:\Windows\System\QNPmBrr.exe
  2⤵
  PID:7152
- C:\Windows\System\QGKbWxH.exe
  C:\Windows\System\QGKbWxH.exe
  2⤵
  PID:6116
- C:\Windows\System\HalECZY.exe
  C:\Windows\System\HalECZY.exe
  2⤵
  PID:1320
- C:\Windows\System\ErJcrXL.exe
  C:\Windows\System\ErJcrXL.exe
  2⤵
  PID:6368
- C:\Windows\System\OSaknSC.exe
  C:\Windows\System\OSaknSC.exe
  2⤵
  PID:6488
- C:\Windows\System\wFKGsyO.exe
  C:\Windows\System\wFKGsyO.exe
  2⤵
  PID:6428
- C:\Windows\System\TtVIkrV.exe
  C:\Windows\System\TtVIkrV.exe
  2⤵
  PID:7172
- C:\Windows\System\uVmJpcP.exe
  C:\Windows\System\uVmJpcP.exe
  2⤵
  PID:7192
- C:\Windows\System\QnCwQnG.exe
  C:\Windows\System\QnCwQnG.exe
  2⤵
  PID:7216
- C:\Windows\System\CNawTgg.exe
  C:\Windows\System\CNawTgg.exe
  2⤵
  PID:7256
- C:\Windows\System\FWXfiGA.exe
  C:\Windows\System\FWXfiGA.exe
  2⤵
  PID:7284
- C:\Windows\System\NcHdDUa.exe
  C:\Windows\System\NcHdDUa.exe
  2⤵
  PID:7344
- C:\Windows\System\ZkwHrEE.exe
  C:\Windows\System\ZkwHrEE.exe
  2⤵
  PID:7372
- C:\Windows\System\FbeALag.exe
  C:\Windows\System\FbeALag.exe
  2⤵
  PID:7380
- C:\Windows\System\irVOhoo.exe
  C:\Windows\System\irVOhoo.exe
  2⤵
  PID:7420
- C:\Windows\System\gJmTqWa.exe
  C:\Windows\System\gJmTqWa.exe
  2⤵
  PID:7456
- C:\Windows\System\STfWgfa.exe
  C:\Windows\System\STfWgfa.exe
  2⤵
  PID:7520
- C:\Windows\System\fqCiYuQ.exe
  C:\Windows\System\fqCiYuQ.exe
  2⤵
  PID:7496
- C:\Windows\System\OtFypMJ.exe
  C:\Windows\System\OtFypMJ.exe
  2⤵
  PID:7604
- C:\Windows\System\ufYbmyM.exe
  C:\Windows\System\ufYbmyM.exe
  2⤵
  PID:7580
- C:\Windows\System\pUnhmvQ.exe
  C:\Windows\System\pUnhmvQ.exe
  2⤵
  PID:7620
- C:\Windows\System\JQeexvJ.exe
  C:\Windows\System\JQeexvJ.exe
  2⤵
  PID:7660
- C:\Windows\System\QYlWFfL.exe
  C:\Windows\System\QYlWFfL.exe
  2⤵
  PID:7724
- C:\Windows\System\itNHBJT.exe
  C:\Windows\System\itNHBJT.exe
  2⤵
  PID:7704
- C:\Windows\System\ffzLXVU.exe
  C:\Windows\System\ffzLXVU.exe
  2⤵
  PID:7796
- C:\Windows\System\VEKcOKk.exe
  C:\Windows\System\VEKcOKk.exe
  2⤵
  PID:7784
- C:\Windows\System\YiSezyG.exe
  C:\Windows\System\YiSezyG.exe
  2⤵
  PID:7848
- C:\Windows\System\YDSutoq.exe
  C:\Windows\System\YDSutoq.exe
  2⤵
  PID:7860
- C:\Windows\System\dleaNqz.exe
  C:\Windows\System\dleaNqz.exe
  2⤵
  PID:7864
- C:\Windows\System\nrymMkF.exe
  C:\Windows\System\nrymMkF.exe
  2⤵
  PID:7904
- C:\Windows\System\GOabxRC.exe
  C:\Windows\System\GOabxRC.exe
  2⤵
  PID:7944
- C:\Windows\System\KJoVIvr.exe
  C:\Windows\System\KJoVIvr.exe
  2⤵
  PID:7992
- C:\Windows\System\RJGsckO.exe
  C:\Windows\System\RJGsckO.exe
  2⤵
  PID:8064
- C:\Windows\System\IosMfzE.exe
  C:\Windows\System\IosMfzE.exe
  2⤵
  PID:8124
- C:\Windows\System\WyhQWTo.exe
  C:\Windows\System\WyhQWTo.exe
  2⤵
  PID:8164
- C:\Windows\System\ZDXNWEC.exe
  C:\Windows\System\ZDXNWEC.exe
  2⤵
  PID:8168
- C:\Windows\System\Rlirhus.exe
  C:\Windows\System\Rlirhus.exe
  2⤵
  PID:7104
- C:\Windows\System\IrPrYaX.exe
  C:\Windows\System\IrPrYaX.exe
  2⤵
  PID:6160
- C:\Windows\System\fyQNCqs.exe
  C:\Windows\System\fyQNCqs.exe
  2⤵
  PID:2756
- C:\Windows\System\xWOyURL.exe
  C:\Windows\System\xWOyURL.exe
  2⤵
  PID:5704
- C:\Windows\System\qFgWIsC.exe
  C:\Windows\System\qFgWIsC.exe
  2⤵
  PID:6544
- C:\Windows\System\GXJrONQ.exe
  C:\Windows\System\GXJrONQ.exe
  2⤵
  PID:6972
- C:\Windows\System\OIUWdZb.exe
  C:\Windows\System\OIUWdZb.exe
  2⤵
  PID:7308
- C:\Windows\System\jpITMHh.exe
  C:\Windows\System\jpITMHh.exe
  2⤵
  PID:6408
- C:\Windows\System\FzhLYXY.exe
  C:\Windows\System\FzhLYXY.exe
  2⤵
  PID:6572
- C:\Windows\System\fTkdAJf.exe
  C:\Windows\System\fTkdAJf.exe
  2⤵
  PID:7404
- C:\Windows\System\IQZsQId.exe
  C:\Windows\System\IQZsQId.exe
  2⤵
  PID:7484
- C:\Windows\System\vHCXQDN.exe
  C:\Windows\System\vHCXQDN.exe
  2⤵
  PID:2188
- C:\Windows\System\kkoYQKV.exe
  C:\Windows\System\kkoYQKV.exe
  2⤵
  PID:7536
- C:\Windows\System\IrAcxRm.exe
  C:\Windows\System\IrAcxRm.exe
  2⤵
  PID:7424
- C:\Windows\System\kfDGAWU.exe
  C:\Windows\System\kfDGAWU.exe
  2⤵
  PID:7760
- C:\Windows\System\LLTMthy.exe
  C:\Windows\System\LLTMthy.exe
  2⤵
  PID:7512
- C:\Windows\System\jcWLzxB.exe
  C:\Windows\System\jcWLzxB.exe
  2⤵
  PID:7824
- C:\Windows\System\KHOUlNB.exe
  C:\Windows\System\KHOUlNB.exe
  2⤵
  PID:7920
- C:\Windows\System\zjdxuGc.exe
  C:\Windows\System\zjdxuGc.exe
  2⤵
  PID:7980
- C:\Windows\System\EPHwaxK.exe
  C:\Windows\System\EPHwaxK.exe
  2⤵
  PID:7568
- C:\Windows\System\EzuLOJD.exe
  C:\Windows\System\EzuLOJD.exe
  2⤵
  PID:7584
- C:\Windows\System\UtDlfpo.exe
  C:\Windows\System\UtDlfpo.exe
  2⤵
  PID:7764
- C:\Windows\System\tGzIbJa.exe
  C:\Windows\System\tGzIbJa.exe
  2⤵
  PID:2548
- C:\Windows\System\YrCHUtC.exe
  C:\Windows\System\YrCHUtC.exe
  2⤵
  PID:7828
- C:\Windows\System\xvKfSPk.exe
  C:\Windows\System\xvKfSPk.exe
  2⤵
  PID:7960
- C:\Windows\System\LvkyqBc.exe
  C:\Windows\System\LvkyqBc.exe
  2⤵
  PID:8044
- C:\Windows\System\OezteVQ.exe
  C:\Windows\System\OezteVQ.exe
  2⤵
  PID:2980
- C:\Windows\System\stZBWJo.exe
  C:\Windows\System\stZBWJo.exe
  2⤵
  PID:1788
- C:\Windows\System\NLaVygm.exe
  C:\Windows\System\NLaVygm.exe
  2⤵
  PID:4712
- C:\Windows\System\uxDFJEP.exe
  C:\Windows\System\uxDFJEP.exe
  2⤵
  PID:5636
- C:\Windows\System\HJZbKfK.exe
  C:\Windows\System\HJZbKfK.exe
  2⤵
  PID:8092
- C:\Windows\System\Utqesbx.exe
  C:\Windows\System\Utqesbx.exe
  2⤵
  PID:8152
- C:\Windows\System\YSuNbBf.exe
  C:\Windows\System\YSuNbBf.exe
  2⤵
  PID:2948
- C:\Windows\System\fbWHRJz.exe
  C:\Windows\System\fbWHRJz.exe
  2⤵
  PID:5908
- C:\Windows\System\JdodNbF.exe
  C:\Windows\System\JdodNbF.exe
  2⤵
  PID:7340
- C:\Windows\System\EvoSpOE.exe
  C:\Windows\System\EvoSpOE.exe
  2⤵
  PID:8052
- C:\Windows\System\YbFoakv.exe
  C:\Windows\System\YbFoakv.exe
  2⤵
  PID:6264
- C:\Windows\System\FslcKrg.exe
  C:\Windows\System\FslcKrg.exe
  2⤵
  PID:7356
- C:\Windows\System\oNbDUir.exe
  C:\Windows\System\oNbDUir.exe
  2⤵
  PID:7688
- C:\Windows\System\AUiUHwE.exe
  C:\Windows\System\AUiUHwE.exe
  2⤵
  PID:2712
- C:\Windows\System\fFJuSeK.exe
  C:\Windows\System\fFJuSeK.exe
  2⤵
  PID:7928
- C:\Windows\System\VLuRMMe.exe
  C:\Windows\System\VLuRMMe.exe
  2⤵
  PID:2040
- C:\Windows\System\iWVkzRb.exe
  C:\Windows\System\iWVkzRb.exe
  2⤵
  PID:8048
- C:\Windows\System\qIvnWwL.exe
  C:\Windows\System\qIvnWwL.exe
  2⤵
  PID:5640
- C:\Windows\System\gAkBbjm.exe
  C:\Windows\System\gAkBbjm.exe
  2⤵
  PID:8184
- C:\Windows\System\IgsVgWc.exe
  C:\Windows\System\IgsVgWc.exe
  2⤵
  PID:5304
- C:\Windows\System\CCgklFI.exe
  C:\Windows\System\CCgklFI.exe
  2⤵
  PID:7664
- C:\Windows\System\oqGLwMF.exe
  C:\Windows\System\oqGLwMF.exe
  2⤵
  PID:2864
- C:\Windows\System\pTDqmla.exe
  C:\Windows\System\pTDqmla.exe
  2⤵
  PID:3044
- C:\Windows\System\hBlzZJT.exe
  C:\Windows\System\hBlzZJT.exe
  2⤵
  PID:7700
- C:\Windows\System\PRrhdMm.exe
  C:\Windows\System\PRrhdMm.exe
  2⤵
  PID:2740
- C:\Windows\System\fbNVuEw.exe
  C:\Windows\System\fbNVuEw.exe
  2⤵
  PID:1776
- C:\Windows\System\QQCMVfg.exe
  C:\Windows\System\QQCMVfg.exe
  2⤵
  PID:2800
- C:\Windows\System\ETfyYes.exe
  C:\Windows\System\ETfyYes.exe
  2⤵
  PID:2928
- C:\Windows\System\GOofkoF.exe
  C:\Windows\System\GOofkoF.exe
  2⤵
  PID:6212
- C:\Windows\System\BThGVqy.exe
  C:\Windows\System\BThGVqy.exe
  2⤵
  PID:7768
- C:\Windows\System\FigyNUV.exe
  C:\Windows\System\FigyNUV.exe
  2⤵
  PID:2076
- C:\Windows\System\ZfGUJLp.exe
  C:\Windows\System\ZfGUJLp.exe
  2⤵
  PID:2636
- C:\Windows\System\eMtSlJG.exe
  C:\Windows\System\eMtSlJG.exe
  2⤵
  PID:2904
- C:\Windows\System\OPVtYpa.exe
  C:\Windows\System\OPVtYpa.exe
  2⤵
  PID:2252
- C:\Windows\System\lzTeJqJ.exe
  C:\Windows\System\lzTeJqJ.exe
  2⤵
  PID:1004
- C:\Windows\System\aUJznJl.exe
  C:\Windows\System\aUJznJl.exe
  2⤵
  PID:7236
- C:\Windows\System\yKpyXLC.exe
  C:\Windows\System\yKpyXLC.exe
  2⤵
  PID:572
- C:\Windows\System\jNvWsac.exe
  C:\Windows\System\jNvWsac.exe
  2⤵
  PID:2512
- C:\Windows\System\kwtykJz.exe
  C:\Windows\System\kwtykJz.exe
  2⤵
  PID:7840
- C:\Windows\System\KuGiVmU.exe
  C:\Windows\System\KuGiVmU.exe
  2⤵
  PID:2036
- C:\Windows\System\SBUPlBi.exe
  C:\Windows\System\SBUPlBi.exe
  2⤵
  PID:5368
- C:\Windows\System\mJRrElp.exe
  C:\Windows\System\mJRrElp.exe
  2⤵
  PID:7252
- C:\Windows\System\CEpGrEN.exe
  C:\Windows\System\CEpGrEN.exe
  2⤵
  PID:404
- C:\Windows\System\vNaBoAP.exe
  C:\Windows\System\vNaBoAP.exe
  2⤵
  PID:8200
- C:\Windows\System\Cnlzeyw.exe
  C:\Windows\System\Cnlzeyw.exe
  2⤵
  PID:8216
- C:\Windows\System\jLFeWLJ.exe
  C:\Windows\System\jLFeWLJ.exe
  2⤵
  PID:8236
- C:\Windows\System\HGamfof.exe
  C:\Windows\System\HGamfof.exe
  2⤵
  PID:8252
- C:\Windows\System\UBWCbef.exe
  C:\Windows\System\UBWCbef.exe
  2⤵
  PID:8276
- C:\Windows\System\GDYRman.exe
  C:\Windows\System\GDYRman.exe
  2⤵
  PID:8296
- C:\Windows\System\fSRxWKo.exe
  C:\Windows\System\fSRxWKo.exe
  2⤵
  PID:8316
- C:\Windows\System\BlISnAZ.exe
  C:\Windows\System\BlISnAZ.exe
  2⤵
  PID:8340
- C:\Windows\System\xiWEyYv.exe
  C:\Windows\System\xiWEyYv.exe
  2⤵
  PID:8360
- C:\Windows\System\gtKrIVI.exe
  C:\Windows\System\gtKrIVI.exe
  2⤵
  PID:8376
- C:\Windows\System\ziQTrAv.exe
  C:\Windows\System\ziQTrAv.exe
  2⤵
  PID:8392
- C:\Windows\System\ZOJOysb.exe
  C:\Windows\System\ZOJOysb.exe
  2⤵
  PID:8408
- C:\Windows\System\BYgwUIf.exe
  C:\Windows\System\BYgwUIf.exe
  2⤵
  PID:8424
- C:\Windows\System\fGQREOU.exe
  C:\Windows\System\fGQREOU.exe
  2⤵
  PID:8440
- C:\Windows\System\nlfKDqA.exe
  C:\Windows\System\nlfKDqA.exe
  2⤵
  PID:8456
- C:\Windows\System\SOPtpiM.exe
  C:\Windows\System\SOPtpiM.exe
  2⤵
  PID:8472
- C:\Windows\System\Jrvdglf.exe
  C:\Windows\System\Jrvdglf.exe
  2⤵
  PID:8488
- C:\Windows\System\JJSfKjc.exe
  C:\Windows\System\JJSfKjc.exe
  2⤵
  PID:8504
- C:\Windows\System\OOucuSc.exe
  C:\Windows\System\OOucuSc.exe
  2⤵
  PID:8520
- C:\Windows\System\hxhbTbb.exe
  C:\Windows\System\hxhbTbb.exe
  2⤵
  PID:8536
- C:\Windows\System\hpARVOy.exe
  C:\Windows\System\hpARVOy.exe
  2⤵
  PID:8552
- C:\Windows\System\NENWeTI.exe
  C:\Windows\System\NENWeTI.exe
  2⤵
  PID:8568
- C:\Windows\System\pTkfxzy.exe
  C:\Windows\System\pTkfxzy.exe
  2⤵
  PID:8584
- C:\Windows\System\cBmpBrt.exe
  C:\Windows\System\cBmpBrt.exe
  2⤵
  PID:8600
- C:\Windows\System\ABwgBNV.exe
  C:\Windows\System\ABwgBNV.exe
  2⤵
  PID:8616
- C:\Windows\System\eepxYaS.exe
  C:\Windows\System\eepxYaS.exe
  2⤵
  PID:8632
- C:\Windows\System\pXFJliA.exe
  C:\Windows\System\pXFJliA.exe
  2⤵
  PID:8648
- C:\Windows\System\pMCCskd.exe
  C:\Windows\System\pMCCskd.exe
  2⤵
  PID:8664
- C:\Windows\System\QGQNKpg.exe
  C:\Windows\System\QGQNKpg.exe
  2⤵
  PID:8680
- C:\Windows\System\hmxYhdu.exe
  C:\Windows\System\hmxYhdu.exe
  2⤵
  PID:8696
- C:\Windows\System\AvHHWVX.exe
  C:\Windows\System\AvHHWVX.exe
  2⤵
  PID:8712
- C:\Windows\System\cwPNHsM.exe
  C:\Windows\System\cwPNHsM.exe
  2⤵
  PID:8728
- C:\Windows\System\clUPTCZ.exe
  C:\Windows\System\clUPTCZ.exe
  2⤵
  PID:8744
- C:\Windows\System\KurWTUI.exe
  C:\Windows\System\KurWTUI.exe
  2⤵
  PID:8764
- C:\Windows\System\MsAYSvB.exe
  C:\Windows\System\MsAYSvB.exe
  2⤵
  PID:8780
- C:\Windows\System\wdnJiwj.exe
  C:\Windows\System\wdnJiwj.exe
  2⤵
  PID:8796
- C:\Windows\System\njkAJgl.exe
  C:\Windows\System\njkAJgl.exe
  2⤵
  PID:8812
- C:\Windows\System\nJHcQUu.exe
  C:\Windows\System\nJHcQUu.exe
  2⤵
  PID:8828
- C:\Windows\System\XrbbrUJ.exe
  C:\Windows\System\XrbbrUJ.exe
  2⤵
  PID:8844
- C:\Windows\System\rivVSCi.exe
  C:\Windows\System\rivVSCi.exe
  2⤵
  PID:8860
- C:\Windows\System\pAKRCnC.exe
  C:\Windows\System\pAKRCnC.exe
  2⤵
  PID:8876
- C:\Windows\System\ahvdNuB.exe
  C:\Windows\System\ahvdNuB.exe
  2⤵
  PID:8896
- C:\Windows\System\EyWFete.exe
  C:\Windows\System\EyWFete.exe
  2⤵
  PID:8912
- C:\Windows\System\sIEfjbX.exe
  C:\Windows\System\sIEfjbX.exe
  2⤵
  PID:8928
- C:\Windows\System\SwKOAda.exe
  C:\Windows\System\SwKOAda.exe
  2⤵
  PID:9060
- C:\Windows\System\HWEpFbs.exe
  C:\Windows\System\HWEpFbs.exe
  2⤵
  PID:9076
- C:\Windows\System\OiAacjf.exe
  C:\Windows\System\OiAacjf.exe
  2⤵
  PID:9092
- C:\Windows\System\mlkvBzv.exe
  C:\Windows\System\mlkvBzv.exe
  2⤵
  PID:9108
- C:\Windows\System\XRtPXiv.exe
  C:\Windows\System\XRtPXiv.exe
  2⤵
  PID:9124
- C:\Windows\System\bMmUtiO.exe
  C:\Windows\System\bMmUtiO.exe
  2⤵
  PID:9140
- C:\Windows\System\CEuHZxe.exe
  C:\Windows\System\CEuHZxe.exe
  2⤵
  PID:9156
- C:\Windows\System\RZfxiTV.exe
  C:\Windows\System\RZfxiTV.exe
  2⤵
  PID:9172
- C:\Windows\System\kQYkZky.exe
  C:\Windows\System\kQYkZky.exe
  2⤵
  PID:9188
- C:\Windows\System\fGOGBQi.exe
  C:\Windows\System\fGOGBQi.exe
  2⤵
  PID:9204
- C:\Windows\System\pkpApXv.exe
  C:\Windows\System\pkpApXv.exe
  2⤵
  PID:2116
- C:\Windows\System\SObBcnU.exe
  C:\Windows\System\SObBcnU.exe
  2⤵
  PID:852
- C:\Windows\System\zyaRYwA.exe
  C:\Windows\System\zyaRYwA.exe
  2⤵
  PID:7820
- C:\Windows\System\ABtYhln.exe
  C:\Windows\System\ABtYhln.exe
  2⤵
  PID:7880
- C:\Windows\System\WotcsWj.exe
  C:\Windows\System\WotcsWj.exe
  2⤵
  PID:2836
- C:\Windows\System\XqXlntw.exe
  C:\Windows\System\XqXlntw.exe
  2⤵
  PID:8244
- C:\Windows\System\dxAIYwR.exe
  C:\Windows\System\dxAIYwR.exe
  2⤵
  PID:8292
- C:\Windows\System\lxvDCLJ.exe
  C:\Windows\System\lxvDCLJ.exe
  2⤵
  PID:8336
- C:\Windows\System\yeAINCN.exe
  C:\Windows\System\yeAINCN.exe
  2⤵
  PID:8404
- C:\Windows\System\LXUoNPw.exe
  C:\Windows\System\LXUoNPw.exe
  2⤵
  PID:8468
- C:\Windows\System\DWcyIQo.exe
  C:\Windows\System\DWcyIQo.exe
  2⤵
  PID:7220
- C:\Windows\System\mMzQrIo.exe
  C:\Windows\System\mMzQrIo.exe
  2⤵
  PID:8576
- C:\Windows\System\kuEnfRB.exe
  C:\Windows\System\kuEnfRB.exe
  2⤵
  PID:8272
- C:\Windows\System\PbvkMZU.exe
  C:\Windows\System\PbvkMZU.exe
  2⤵
  PID:8612
- C:\Windows\System\uQBNRCA.exe
  C:\Windows\System\uQBNRCA.exe
  2⤵
  PID:8348
- C:\Windows\System\KLmsKSi.exe
  C:\Windows\System\KLmsKSi.exe
  2⤵
  PID:7716
- C:\Windows\System\ZzraZFJ.exe
  C:\Windows\System\ZzraZFJ.exe
  2⤵
  PID:8196
- C:\Windows\System\iDySxsd.exe
  C:\Windows\System\iDySxsd.exe
  2⤵
  PID:8264
- C:\Windows\System\FsRDwvG.exe
  C:\Windows\System\FsRDwvG.exe
  2⤵
  PID:8312
- C:\Windows\System\UtNRxEz.exe
  C:\Windows\System\UtNRxEz.exe
  2⤵
  PID:8388
- C:\Windows\System\tWjkIvQ.exe
  C:\Windows\System\tWjkIvQ.exe
  2⤵
  PID:8452
- C:\Windows\System\tOrVWbb.exe
  C:\Windows\System\tOrVWbb.exe
  2⤵
  PID:8708
- C:\Windows\System\pHEqvyu.exe
  C:\Windows\System\pHEqvyu.exe
  2⤵
  PID:8564
- C:\Windows\System\gliCltJ.exe
  C:\Windows\System\gliCltJ.exe
  2⤵
  PID:8660
- C:\Windows\System\uOCzuDo.exe
  C:\Windows\System\uOCzuDo.exe
  2⤵
  PID:8724
- C:\Windows\System\sdxYPSt.exe
  C:\Windows\System\sdxYPSt.exe
  2⤵
  PID:8756
- C:\Windows\System\VpOAlug.exe
  C:\Windows\System\VpOAlug.exe
  2⤵
  PID:8804
- C:\Windows\System\ojSaCdo.exe
  C:\Windows\System\ojSaCdo.exe
  2⤵
  PID:8868
- C:\Windows\System\cBNSOBa.exe
  C:\Windows\System\cBNSOBa.exe
  2⤵
  PID:8824
- C:\Windows\System\JSnyApk.exe
  C:\Windows\System\JSnyApk.exe
  2⤵
  PID:8792
- C:\Windows\System\tgjpCHV.exe
  C:\Windows\System\tgjpCHV.exe
  2⤵
  PID:8892
- C:\Windows\System\FzkluXs.exe
  C:\Windows\System\FzkluXs.exe
  2⤵
  PID:8944
- C:\Windows\System\uryUpJO.exe
  C:\Windows\System\uryUpJO.exe
  2⤵
  PID:8960
- C:\Windows\System\vsRLEds.exe
  C:\Windows\System\vsRLEds.exe
  2⤵
  PID:8976
- C:\Windows\System\lxFWzyC.exe
  C:\Windows\System\lxFWzyC.exe
  2⤵
  PID:8984
- C:\Windows\System\YnZbSen.exe
  C:\Windows\System\YnZbSen.exe
  2⤵
  PID:9008
- C:\Windows\System\PrTyVwG.exe
  C:\Windows\System\PrTyVwG.exe
  2⤵
  PID:9024
- C:\Windows\System\uifbSoR.exe
  C:\Windows\System\uifbSoR.exe
  2⤵
  PID:9040
- C:\Windows\System\mSZdtdu.exe
  C:\Windows\System\mSZdtdu.exe
  2⤵
  PID:9056
- C:\Windows\System\JYAIADn.exe
  C:\Windows\System\JYAIADn.exe
  2⤵
  PID:9104
- C:\Windows\System\EOuLEgU.exe
  C:\Windows\System\EOuLEgU.exe
  2⤵
  PID:9084
- C:\Windows\System\CVTMbeF.exe
  C:\Windows\System\CVTMbeF.exe
  2⤵
  PID:2972
- C:\Windows\System\qNUnNih.exe
  C:\Windows\System\qNUnNih.exe
  2⤵
  PID:9088
- C:\Windows\System\mjvxLeK.exe
  C:\Windows\System\mjvxLeK.exe
  2⤵
  PID:9180
- C:\Windows\System\edkZhpH.exe
  C:\Windows\System\edkZhpH.exe
  2⤵
  PID:8148
- C:\Windows\System\AzQEvEV.exe
  C:\Windows\System\AzQEvEV.exe
  2⤵
  PID:8208
- C:\Windows\System\KAFksDz.exe
  C:\Windows\System\KAFksDz.exe
  2⤵
  PID:8464
- C:\Windows\System\GVgVYCZ.exe
  C:\Windows\System\GVgVYCZ.exe
  2⤵
  PID:8500
- C:\Windows\System\jcAShHh.exe
  C:\Windows\System\jcAShHh.exe
  2⤵
  PID:8644
- C:\Windows\System\DMVAfne.exe
  C:\Windows\System\DMVAfne.exe
  2⤵
  PID:8420
- C:\Windows\System\sUZTdIG.exe
  C:\Windows\System\sUZTdIG.exe
  2⤵
  PID:8560
- C:\Windows\System\dbymnbR.exe
  C:\Windows\System\dbymnbR.exe
  2⤵
  PID:8260
- C:\Windows\System\QzwNulo.exe
  C:\Windows\System\QzwNulo.exe
  2⤵
  PID:8608
- C:\Windows\System\asskqyq.exe
  C:\Windows\System\asskqyq.exe
  2⤵
  PID:8436
- C:\Windows\System\krhnKsE.exe
  C:\Windows\System\krhnKsE.exe
  2⤵
  PID:8532
- C:\Windows\System\Rcrfcpv.exe
  C:\Windows\System\Rcrfcpv.exe
  2⤵
  PID:8776
- C:\Windows\System\ABpwcCM.exe
  C:\Windows\System\ABpwcCM.exe
  2⤵
  PID:8772
- C:\Windows\System\RGTzJaq.exe
  C:\Windows\System\RGTzJaq.exe
  2⤵
  PID:8656
- C:\Windows\System\VmqgDDz.exe
  C:\Windows\System\VmqgDDz.exe
  2⤵
  PID:8956
- C:\Windows\System\cxQNftG.exe
  C:\Windows\System\cxQNftG.exe
  2⤵
  PID:9000
- C:\Windows\System\Bpamjca.exe
  C:\Windows\System\Bpamjca.exe
  2⤵
  PID:9016
- C:\Windows\System\cbJhxvv.exe
  C:\Windows\System\cbJhxvv.exe
  2⤵
  PID:9136
- C:\Windows\System\gNstUDm.exe
  C:\Windows\System\gNstUDm.exe
  2⤵
  PID:9196
- C:\Windows\System\CRBsItG.exe
  C:\Windows\System\CRBsItG.exe
  2⤵
  PID:9148
- C:\Windows\System\zUGfrWm.exe
  C:\Windows\System\zUGfrWm.exe
  2⤵
  PID:8228
- C:\Windows\System\sJxROaH.exe
  C:\Windows\System\sJxROaH.exe
  2⤵
  PID:2608
- C:\Windows\System\wOEzavi.exe
  C:\Windows\System\wOEzavi.exe
  2⤵
  PID:7560
- C:\Windows\System\OLWeHCe.exe
  C:\Windows\System\OLWeHCe.exe
  2⤵
  PID:7868
- C:\Windows\System\vYKoklZ.exe
  C:\Windows\System\vYKoklZ.exe
  2⤵
  PID:8400
- C:\Windows\System\lrqwExY.exe
  C:\Windows\System\lrqwExY.exe
  2⤵
  PID:2120
- C:\Windows\System\WBvzrsv.exe
  C:\Windows\System\WBvzrsv.exe
  2⤵
  PID:8904
- C:\Windows\System\GNjUjYw.exe
  C:\Windows\System\GNjUjYw.exe
  2⤵
  PID:8992
- C:\Windows\System\JObYsAU.exe
  C:\Windows\System\JObYsAU.exe
  2⤵
  PID:8940
- C:\Windows\System\lvZsXlo.exe
  C:\Windows\System\lvZsXlo.exe
  2⤵
  PID:7748
- C:\Windows\System\bRBPwYf.exe
  C:\Windows\System\bRBPwYf.exe
  2⤵
  PID:9100
- C:\Windows\System\InJliOK.exe
  C:\Windows\System\InJliOK.exe
  2⤵
  PID:3012
- C:\Windows\System\OqhCzXR.exe
  C:\Windows\System\OqhCzXR.exe
  2⤵
  PID:8332
- C:\Windows\System\DedjKSs.exe
  C:\Windows\System\DedjKSs.exe
  2⤵
  PID:8304
- C:\Windows\System\VnvWGQQ.exe
  C:\Windows\System\VnvWGQQ.exe
  2⤵
  PID:8356
- C:\Windows\System\bPpEiGx.exe
  C:\Windows\System\bPpEiGx.exe
  2⤵
  PID:9228
- C:\Windows\System\HQevmNl.exe
  C:\Windows\System\HQevmNl.exe
  2⤵
  PID:9244
- C:\Windows\System\tqnbqDl.exe
  C:\Windows\System\tqnbqDl.exe
  2⤵
  PID:9260
- C:\Windows\System\UcHygqb.exe
  C:\Windows\System\UcHygqb.exe
  2⤵
  PID:9276
- C:\Windows\System\mUolPUT.exe
  C:\Windows\System\mUolPUT.exe
  2⤵
  PID:9292
- C:\Windows\System\cfsqAjJ.exe
  C:\Windows\System\cfsqAjJ.exe
  2⤵
  PID:9308
- C:\Windows\System\pSucnKl.exe
  C:\Windows\System\pSucnKl.exe
  2⤵
  PID:9324
- C:\Windows\System\tCGFQuA.exe
  C:\Windows\System\tCGFQuA.exe
  2⤵
  PID:9340
- C:\Windows\System\WmmQqCm.exe
  C:\Windows\System\WmmQqCm.exe
  2⤵
  PID:9356
- C:\Windows\System\oWnouhO.exe
  C:\Windows\System\oWnouhO.exe
  2⤵
  PID:9372
- C:\Windows\System\rdpVgQm.exe
  C:\Windows\System\rdpVgQm.exe
  2⤵
  PID:9388
- C:\Windows\System\xZRTozM.exe
  C:\Windows\System\xZRTozM.exe
  2⤵
  PID:9404
- C:\Windows\System\mPKlbJn.exe
  C:\Windows\System\mPKlbJn.exe
  2⤵
  PID:9420
- C:\Windows\System\bVpqKTI.exe
  C:\Windows\System\bVpqKTI.exe
  2⤵
  PID:9436
- C:\Windows\System\PZlxfKD.exe
  C:\Windows\System\PZlxfKD.exe
  2⤵
  PID:9452
- C:\Windows\System\JfQfzWP.exe
  C:\Windows\System\JfQfzWP.exe
  2⤵
  PID:9468
- C:\Windows\System\quKaYGg.exe
  C:\Windows\System\quKaYGg.exe
  2⤵
  PID:9488
- C:\Windows\System\BqlVppM.exe
  C:\Windows\System\BqlVppM.exe
  2⤵
  PID:9504
- C:\Windows\System\AIuDaZL.exe
  C:\Windows\System\AIuDaZL.exe
  2⤵
  PID:9520
- C:\Windows\System\kzSjmXA.exe
  C:\Windows\System\kzSjmXA.exe
  2⤵
  PID:9536
- C:\Windows\System\KZuJhSP.exe
  C:\Windows\System\KZuJhSP.exe
  2⤵
  PID:9552
- C:\Windows\System\CTGxUtA.exe
  C:\Windows\System\CTGxUtA.exe
  2⤵
  PID:9568
- C:\Windows\System\xWkfxNc.exe
  C:\Windows\System\xWkfxNc.exe
  2⤵
  PID:9584
- C:\Windows\System\RmPHgjz.exe
  C:\Windows\System\RmPHgjz.exe
  2⤵
  PID:9600
- C:\Windows\System\OuqTyXv.exe
  C:\Windows\System\OuqTyXv.exe
  2⤵
  PID:9616
- C:\Windows\System\WEZHDog.exe
  C:\Windows\System\WEZHDog.exe
  2⤵
  PID:9632
- C:\Windows\System\FotEqfX.exe
  C:\Windows\System\FotEqfX.exe
  2⤵
  PID:9648
- C:\Windows\System\XcXJoSP.exe
  C:\Windows\System\XcXJoSP.exe
  2⤵
  PID:9664
- C:\Windows\System\CNvXEcc.exe
  C:\Windows\System\CNvXEcc.exe
  2⤵
  PID:9680
- C:\Windows\System\QvuNDai.exe
  C:\Windows\System\QvuNDai.exe
  2⤵
  PID:9696
- C:\Windows\System\PUFGZYZ.exe
  C:\Windows\System\PUFGZYZ.exe
  2⤵
  PID:9712
- C:\Windows\System\GCvhHly.exe
  C:\Windows\System\GCvhHly.exe
  2⤵
  PID:9728
- C:\Windows\System\lumMIOg.exe
  C:\Windows\System\lumMIOg.exe
  2⤵
  PID:9744
- C:\Windows\System\eLBNcPs.exe
  C:\Windows\System\eLBNcPs.exe
  2⤵
  PID:9760
- C:\Windows\System\MjMjkLe.exe
  C:\Windows\System\MjMjkLe.exe
  2⤵
  PID:9780
- C:\Windows\System\bBTSlSE.exe
  C:\Windows\System\bBTSlSE.exe
  2⤵
  PID:9796
- C:\Windows\System\zjVzCae.exe
  C:\Windows\System\zjVzCae.exe
  2⤵
  PID:9812
- C:\Windows\System\BwUiGbN.exe
  C:\Windows\System\BwUiGbN.exe
  2⤵
  PID:9828
- C:\Windows\System\Tfxwhaz.exe
  C:\Windows\System\Tfxwhaz.exe
  2⤵
  PID:9844
- C:\Windows\System\UKuVvWS.exe
  C:\Windows\System\UKuVvWS.exe
  2⤵
  PID:9860
- C:\Windows\System\gaAyKmW.exe
  C:\Windows\System\gaAyKmW.exe
  2⤵
  PID:9876
- C:\Windows\System\eShFQOr.exe
  C:\Windows\System\eShFQOr.exe
  2⤵
  PID:9892
- C:\Windows\System\VhYhUUS.exe
  C:\Windows\System\VhYhUUS.exe
  2⤵
  PID:9912
- C:\Windows\System\dJQZUVu.exe
  C:\Windows\System\dJQZUVu.exe
  2⤵
  PID:9928
- C:\Windows\System\jECVDhL.exe
  C:\Windows\System\jECVDhL.exe
  2⤵
  PID:9944
- C:\Windows\System\NLXXgtK.exe
  C:\Windows\System\NLXXgtK.exe
  2⤵
  PID:9960
- C:\Windows\System\GMcsgjj.exe
  C:\Windows\System\GMcsgjj.exe
  2⤵
  PID:9976
- C:\Windows\System\pXSkXOH.exe
  C:\Windows\System\pXSkXOH.exe
  2⤵
  PID:9992
- C:\Windows\System\lBSDSJK.exe
  C:\Windows\System\lBSDSJK.exe
  2⤵
  PID:10008
- C:\Windows\System\AerCvRj.exe
  C:\Windows\System\AerCvRj.exe
  2⤵
  PID:10024
- C:\Windows\System\kJpgAHX.exe
  C:\Windows\System\kJpgAHX.exe
  2⤵
  PID:10040
- C:\Windows\System\HytUtbp.exe
  C:\Windows\System\HytUtbp.exe
  2⤵
  PID:10056
- C:\Windows\System\rjicbhr.exe
  C:\Windows\System\rjicbhr.exe
  2⤵
  PID:10072
- C:\Windows\System\VkgGePP.exe
  C:\Windows\System\VkgGePP.exe
  2⤵
  PID:10088
- C:\Windows\System\OaBeuKR.exe
  C:\Windows\System\OaBeuKR.exe
  2⤵
  PID:10108
- C:\Windows\System\ECNHZgE.exe
  C:\Windows\System\ECNHZgE.exe
  2⤵
  PID:10124
- C:\Windows\System\cdBzTHq.exe
  C:\Windows\System\cdBzTHq.exe
  2⤵
  PID:10144
- C:\Windows\System\XxKEUix.exe
  C:\Windows\System\XxKEUix.exe
  2⤵
  PID:10160
- C:\Windows\System\oXURcZT.exe
  C:\Windows\System\oXURcZT.exe
  2⤵
  PID:10176
- C:\Windows\System\tDPAWNs.exe
  C:\Windows\System\tDPAWNs.exe
  2⤵
  PID:10192
- C:\Windows\System\lRPteMy.exe
  C:\Windows\System\lRPteMy.exe
  2⤵
  PID:10208
- C:\Windows\System\ZOAObOt.exe
  C:\Windows\System\ZOAObOt.exe
  2⤵
  PID:10224
- C:\Windows\System\JdiREda.exe
  C:\Windows\System\JdiREda.exe
  2⤵
  PID:8952
- C:\Windows\System\OryFCpx.exe
  C:\Windows\System\OryFCpx.exe
  2⤵
  PID:8692
- C:\Windows\System\cwXmJLx.exe
  C:\Windows\System\cwXmJLx.exe
  2⤵
  PID:668
- C:\Windows\System\AmJUPKX.exe
  C:\Windows\System\AmJUPKX.exe
  2⤵
  PID:9052
- C:\Windows\System\UtpaSMh.exe
  C:\Windows\System\UtpaSMh.exe
  2⤵
  PID:9240
- C:\Windows\System\qHpQICe.exe
  C:\Windows\System\qHpQICe.exe
  2⤵
  PID:9304
- C:\Windows\System\ISIOqxK.exe
  C:\Windows\System\ISIOqxK.exe
  2⤵
  PID:9288
- C:\Windows\System\kdjnkLP.exe
  C:\Windows\System\kdjnkLP.exe
  2⤵
  PID:9352
- C:\Windows\System\UQhuNGZ.exe
  C:\Windows\System\UQhuNGZ.exe
  2⤵
  PID:9444
- C:\Windows\System\faOutpr.exe
  C:\Windows\System\faOutpr.exe
  2⤵
  PID:9400
- C:\Windows\System\JGUdheH.exe
  C:\Windows\System\JGUdheH.exe
  2⤵
  PID:9500
- C:\Windows\System\xdfRDHG.exe
  C:\Windows\System\xdfRDHG.exe
  2⤵
  PID:9484
- C:\Windows\System\keUgJpk.exe
  C:\Windows\System\keUgJpk.exe
  2⤵
  PID:9528
- C:\Windows\System\rTNWcNV.exe
  C:\Windows\System\rTNWcNV.exe
  2⤵
  PID:9596
- C:\Windows\System\LWmHhZA.exe
  C:\Windows\System\LWmHhZA.exe
  2⤵
  PID:9656
- C:\Windows\System\ftAUxra.exe
  C:\Windows\System\ftAUxra.exe
  2⤵
  PID:9640
- C:\Windows\System\lHMwnJI.exe
  C:\Windows\System\lHMwnJI.exe
  2⤵
  PID:9704
- C:\Windows\System\LnYLvvC.exe
  C:\Windows\System\LnYLvvC.exe
  2⤵
  PID:9720
- C:\Windows\System\MaqMaPE.exe
  C:\Windows\System\MaqMaPE.exe
  2⤵
  PID:9772
- C:\Windows\System\oMAODQk.exe
  C:\Windows\System\oMAODQk.exe
  2⤵
  PID:9872
- C:\Windows\System\ydNEjIO.exe
  C:\Windows\System\ydNEjIO.exe
  2⤵
  PID:9808
- C:\Windows\System\bUYZBGZ.exe
  C:\Windows\System\bUYZBGZ.exe
  2⤵
  PID:9788
- C:\Windows\System\abeCqnm.exe
  C:\Windows\System\abeCqnm.exe
  2⤵
  PID:9940
- C:\Windows\System\TDcaiIP.exe
  C:\Windows\System\TDcaiIP.exe
  2⤵
  PID:10120
- C:\Windows\System\IohsyGM.exe
  C:\Windows\System\IohsyGM.exe
  2⤵
  PID:10156
- C:\Windows\System\Vfsuhjl.exe
  C:\Windows\System\Vfsuhjl.exe
  2⤵
  PID:10216
- C:\Windows\System\BhmeQps.exe
  C:\Windows\System\BhmeQps.exe
  2⤵
  PID:8840
- C:\Windows\System\ggdbXJG.exe
  C:\Windows\System\ggdbXJG.exe
  2⤵
  PID:10232
- C:\Windows\System\QCNXsvV.exe
  C:\Windows\System\QCNXsvV.exe
  2⤵
  PID:9236
- C:\Windows\System\bhbAEcX.exe
  C:\Windows\System\bhbAEcX.exe
  2⤵
  PID:8372
- C:\Windows\System\NrzJDHr.exe
  C:\Windows\System\NrzJDHr.exe
  2⤵
  PID:9256
- C:\Windows\System\YWzajNk.exe
  C:\Windows\System\YWzajNk.exe
  2⤵
  PID:9412
- C:\Windows\System\aYjXUwU.exe
  C:\Windows\System\aYjXUwU.exe
  2⤵
  PID:9460
- C:\Windows\System\LcIERZl.exe
  C:\Windows\System\LcIERZl.exe
  2⤵
  PID:9592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DFemZJS.exe

Filesize
6.0MB

MD5
656d1910755ffdaa8415ffc7f5aac8e2

SHA1
37594361229f41ba9f1c77100e68a5d982c91073

SHA256
61226551d49043c250978ca034a89123051b90e29c92e805a5fdc26080784aee

SHA512
b82cbc63d1a20c53f7457c1f52188c88ece4857d7777de9234be9a0017eadfc2d20adf6eef3cdf8babb919a15eb3013ad03387b01710c2986c0af0c434f20bfd

Download Submit
C:\Windows\system\EIzguqb.exe

Filesize
6.0MB

MD5
d5157f20edafa804a2ef0f5e5a361d2b

SHA1
b8e7e6c46c1df1a8561b0349a86efc53684856c3

SHA256
7ef526cbaa710cb0f64eeeccdc84168837fb03dc361cb65ce1251dec18edcef2

SHA512
33afd657d94a6ae8fd2a69168fbc92d9a3e96ba7874db0673f305dd15a53a6945ddb8f72d2bfcfccaaedd46200fb5c37309d7f0e6fbf03b7c02caaa5a596467c

Download Submit
C:\Windows\system\ERhqKYU.exe

Filesize
6.0MB

MD5
6595e65397b9e1a004dfdff147de0e88

SHA1
fec33dbb3aa37a7cd93bacfc295e7450d140ef2a

SHA256
8cd3d8fc2012c4bad168d3e645b77bd16386996112639798e168d0b6adc2259a

SHA512
994fe14607ec035a2af6d7ae53d40c428f55bf47cfb6a156dfe681cea8c58ada1941faedb376c2735933958403c68e4244aec8d3dd2be1d7118811ff72ef20db

Download Submit
C:\Windows\system\FFkAloN.exe

Filesize
6.0MB

MD5
8d7cb24d729008fd321b2967523091c0

SHA1
25c47bd51948319f045d9a0d021d2ae746599dae

SHA256
2011c857a55fcaed734bef2b498997f34d901b7a14347d9524606c7737e24f32

SHA512
dc3ea5639b1f1100656428095676921c64a1329e5e6a5255b14818552b7db97b1adc227d1c5184d454bdefd321a9bc2a56a1a4fa7b32023ce23ef2380c0f7514

Download Submit
C:\Windows\system\IIgCfIj.exe

Filesize
6.0MB

MD5
40a8923c5b0a55179633f1014ec3a559

SHA1
ef15cdbfd3949c773feeb9c0dda411faa619ebbb

SHA256
acfb10a6c66315665feeccbed909725c9b1ec553106c2479cfdb104a9a96542d

SHA512
b3a9d5806dfa1368c429dbaea3163376c3774fbc7fe5ad98b6bd170faf80704d4dbfb272c9ba3b39aeb176537274d1c4303da333557a82cd2b0fdafca66408de

Download Submit
C:\Windows\system\IYKUbVW.exe

Filesize
6.0MB

MD5
510dd889853cf05cd660d186180b7c73

SHA1
e38a639282975f433e59f2a746ffc4536233bef2

SHA256
00564ef7ce3e3eb19848f3c6ba38a00e5544371cb732d869cc6deda8d30a99df

SHA512
9e03f59f0e949bb4efa404a021b64d54392b1dc1f64932edca38283b47a7c659c39a86167223f650981e2c944cbee50719ba1b11f05cc387ba7f87f736238c53

Download Submit
C:\Windows\system\IaxVZMD.exe

Filesize
6.0MB

MD5
4883f94a19084e155224c568f197438c

SHA1
2b0be7329cb552a9a1958b6ed1b476561921039f

SHA256
a0c5d016bdec1d3728d3bfe32e9475165d7c6361bfd05a3df9a1b0c9669f05ba

SHA512
07b38399f2cff9488c309d91ac80667bd24d78407f2e8bf2500a9e6caef5377659017b878e9d64bb52507e837ac37c0ad30bd045c41ecc0f709db8adf0a0fede

Download Submit
C:\Windows\system\LZmvJrO.exe

Filesize
6.0MB

MD5
c88b791bb6d0a7a6ab3ea2ea540d1b42

SHA1
2407d5e78aeb36918eb021c532ea111440a1282c

SHA256
1a2963317e648c91628b58d0b161093675fef2392e1c7c16a59fadf88303cf2a

SHA512
b8b04d21d92ed37b24812579eeed39197e3cca0219b5acaed23fd738ce8afa82632fc586087fb28c0b6c2c43bbf88a3a77c273b4bd81921cfe7ec79bed52277c

Download Submit
C:\Windows\system\SwYEEPm.exe

Filesize
6.0MB

MD5
2c6f1bb5c51de139451f6018558bf84f

SHA1
834ad7be5319f913e14f1817207a9a251d1cccf0

SHA256
2710af35e430f700d2d14907336e6f20c1ac5742637aae95c32fdc50e999e51b

SHA512
622576156f70c99d367613be1da53a3b4b5d9cf9fbaf226cde8e9e746e9e8b9ecaed6c4b8723e53579c782e9c65ad3d1125e241da301cd4a1e38198e85653733

Download Submit
C:\Windows\system\TMkfwXK.exe

Filesize
6.0MB

MD5
35a88df465ee256d5ae15d247612ed96

SHA1
9fc2b96a65cd57fbdd5eb2b9267f11c9cf3a0013

SHA256
42c6bc96aa1753b859b17e6e0e813cd8c8f94e1b8fbb9dcc995ecdc8a48fab97

SHA512
146a32f62aa90f732ffe200a19a76d76b26d002fabec9b793d0aa87e66aa06d1a64f4b41ce8027dec06cea11dd8891c7aee900ed9db1e21b8cfed4ac38b8ad14

Download Submit
C:\Windows\system\WPIUcRk.exe

Filesize
6.0MB

MD5
b3fc3b43a8c5ddb1c0100639dfc106f9

SHA1
a7cc60703d9a885f039c1aed7f843123621cc222

SHA256
8eb2aa3bcca7ef72d9023c0d4b19a09b6a16c72689c0f96a6c40ef713dac44e4

SHA512
3579419750f5c61f198a309c91c052bdf1d64e1e10e6fa3ac842fe6f14b9d8a589bb1b37c7e1288f055210243bc50838047415aa0605022ecdef61135944bdd1

Download Submit
C:\Windows\system\WseSZcd.exe

Filesize
6.0MB

MD5
38381cbf56767a85ff43bf49afd6971d

SHA1
fd009b5b625ba3829d4a8abba575f511f11357a9

SHA256
743ce9cfc9805b6facf4200ccd6f540e18c10ea3c342e745cce310abd3c0dd97

SHA512
2be7f476abd4b4179fa9d8407dd6c19f9000195d2dd24f953ab3821d227f90f9fc4ea4df23ba345664201de1f7b02117171a107a11504406b5c4f7374b25ecc2

Download Submit
C:\Windows\system\ZBliTtG.exe

Filesize
6.0MB

MD5
6e9199b7d3193a6ba69bdaa86a289a58

SHA1
7e32b7ba24cc5c04ad11d1c0499e886d5af11dd6

SHA256
5d2539804cc92d773e48157d9c4241f1ac6d15858c6e7fb963f971e3797b4cf0

SHA512
b7dc713eb49240ceadf0c1537c7407bbaf0748cf6790bbdae66a5fd9b7a62ab1e84f791ea8b96ac050853bac186185ee25c0de3c38dcdd57a525a51a64bdfcb8

Download Submit
C:\Windows\system\ZxbDXyB.exe

Filesize
6.0MB

MD5
1b585f09298d3a31408bbe0d0900bbd5

SHA1
6eb8390deea09e35ebff68bfe69f1c5c3380a541

SHA256
c4a6fe1871e037c0d493e0205458fe5d1dd26de6d799d9cad3999deacb5bd281

SHA512
fc5d98ff9fd4779594bb0e5dba929fcfe33eacf577c38e7f5e9ce5fd985db62a16818cf7ed27377f368e74d81a77de4e21b6f5295bc03f80e237a1d77ba13706

Download Submit
C:\Windows\system\ccuAUWA.exe

Filesize
6.0MB

MD5
2696c902eccf5710f1504215751c886a

SHA1
c54a14a6e280b3f3b46effa98750d8642d4deda5

SHA256
153683988337d97d2ffcffdbdc4285f3360ef866a8ca5f04ccc71a2fdcad3700

SHA512
93af5b4a70fbb8691059f83f50902533c6d67a30ffc4b57a383664f3fb25f512bb876f2a674fef318e7c370a7b857b1b847bd0748bb7941be6d04dc5593e144d

Download Submit
C:\Windows\system\dLcmXGO.exe

Filesize
6.0MB

MD5
0e7e173d30582655b37eac54b8a62cdf

SHA1
b802d5d608bc5b4960f381252ccf92afaa1aa86b

SHA256
cf94e236f8d2738e00c66d516beb63a3819a85e23492f903cdce0e1f1798127a

SHA512
b50624648e15d9419422c45172843a006dfebc8bcdb08706d97c60ef8df28a97727b7dca4801442f6a107d5f4e68390eb2e9ada99f3aafa1c568f04ca0cefac9

Download Submit
C:\Windows\system\hdrmyrY.exe

Filesize
6.0MB

MD5
83866cd18238dddfa3ffaedaa9140136

SHA1
f84965c21303bd45d797165aab9dff2a3fbbcab4

SHA256
97de1b2658f7130a42d08253ed4f32bc86cb7ee9475a113e6e997c1ffdd21a56

SHA512
cdabeab229315a049463d91b98c5caf39389dbfcd6f8569794b43294c7847862213f768faa8772dd07f738f2a4d9db9936ea62277552c41268f03346ff9d18dc

Download Submit
C:\Windows\system\ixbUchv.exe

Filesize
6.0MB

MD5
51bc4d0ecb9d8f99c776c013341de3c9

SHA1
448353a88de35aa4e5b6633b581d2634913fe537

SHA256
ed5e17af1df1a749c369ce19b8e549153691a508fe4a3a0bf4851ed5b2420ed4

SHA512
29ff66cfd1f56aefd7c60e6e43cfc4dc32ead6bb7a004bae12ccc4f107f9ba67614e56e5922710f39239687f7bbde25c349fcd7270b394dbc6ac98df0600bf5e

Download Submit
C:\Windows\system\kAAQckW.exe

Filesize
6.0MB

MD5
4914ab9ae53fbb59939c6e87457b7b29

SHA1
91d43de76cbb50e89881b862f5b6aa96ef7db8ed

SHA256
a77a64862633fc5ec8715b676a7c2772939cd71b0a12b1ea251504dc0efa73d4

SHA512
70f69417693718618766ef18dff305256f35fd257933b44ea7ce08eff4dabe1e8a86563aac21c394bea10a377d2b1320de3e67e231cbdf8de5dbc910166bdd51

Download Submit
C:\Windows\system\obhBkgM.exe

Filesize
6.0MB

MD5
346bc593fdabbc05a6e99221ecc8052d

SHA1
0b47d29d6fd54f52b76586a6bb22ca876c52ebe5

SHA256
6370f585afc55760c338c47cdbc4290a0978014df7f2ccb64644f5676c9ef884

SHA512
0cdba35be295837bddc3069580aaddd3fc14a999cda23be7cc6cc20cbe4e3077853bc2d234512e0d1d7c7cc36f02e40297ef05a0467b8a4172b17062cd8bf345

Download Submit
C:\Windows\system\qtENwxV.exe

Filesize
6.0MB

MD5
a5a735e31cfc2ddb405d19e4ad753694

SHA1
9bbc1fba063bf572f20a4a78739df33b5460b3b4

SHA256
faab448a62f33bd97c172d2a518328b8cbb1e50abc595df2543a7703b55a6ec8

SHA512
d5f541d981bb13539f0b6dc1b9b2194bb9e184cedc0b8e73ba8acaf16bba9708bb96df72e0341e7d9e892db9928b2f609e5fd8e67adbb19e4963b330c25e73d1

Download Submit
C:\Windows\system\ubRazSy.exe

Filesize
6.0MB

MD5
873552a4e1ec2b65da6b09b297659026

SHA1
5cc3623a78b854aac60229d1ff7ed25142cc19d1

SHA256
65bfc6ade431ac375914510a714bb5ae55dac4871780514901c2591cfb81999a

SHA512
c73d9e60c350cf3adee8e1ab365012ad2543ebd0b90d402945f5ab3588aef41dbb5fcf9316c3182f501cc7aef22b9f64930b5d6e173da69f42a3ea838586e729

Download Submit
C:\Windows\system\vLeVWMa.exe

Filesize
6.0MB

MD5
5e68ad30a5b7810c9be3fc0beb6fa351

SHA1
3477be5b72ecaf5a4da85f729b626cd7095b8815

SHA256
2c1f5f05f357a5a1e93509dd86d36ed5eea3782a1a3240cef8d5f44993570399

SHA512
d384e9243b715a6898d70d85cc6e597fe6da304bb840c9a7fcc424e0cb3c51f76eeeeeb0ba4c647e814b32235e64e2acc777eb2a67092d6db50b7e3b141ae1ce

Download Submit
C:\Windows\system\yRNiXHV.exe

Filesize
6.0MB

MD5
9c3ad0343fdebce327f9e352eb342ff4

SHA1
8da4014a918755a7a1ec994f1ba44995c6eec393

SHA256
0ec956c6af98542889d6a3b4dd04d811ee71955c138a875475b0f348bf19d61c

SHA512
7aada756414b9a0bb32f829249a517c523b746e49e45dab51dad978cc1742de23ffcf2a892ae0fab115e92a950a2f3c55d0abd9c70f015aa31aced5f4d408b4b

Download Submit
\Windows\system\ESaPvDG.exe

Filesize
6.0MB

MD5
cbc2ae8ee8584c4e7dcc855be4b6d94b

SHA1
f4b3a3b638ef62796e09bda0322082c76c666079

SHA256
6f1a8512fe772047c06fe52d81207975189339642707c22ab7e898003f1f09c1

SHA512
24f486023caa0d867062269829bf2f98af3b9a2b347431bac9c0edd93cf7b112cae5af277db025af367d8a9645144d1410210722cd99245977cd46d1f7cfd348

Download Submit
\Windows\system\FSddLIR.exe

Filesize
6.0MB

MD5
ce151075baa59cdb3c86b13a8605c63f

SHA1
01ea0c69ae7c7c32d6aa6ecce506fef68aed9288

SHA256
875bdac0dc7a6b80434c6cdf88b517e6abacd14b1fac2bb6bbc613073ac8eb54

SHA512
759671409ac9d5d8654c744ed7338cd32afc14c8d5f107268109313e45c5f32278a57771ba207d888518869b896cdc16e7e789ba3ebd7f602908025e37054d43

Download Submit
\Windows\system\JCXmjqu.exe

Filesize
6.0MB

MD5
adb498cad90b9b274341f9420bd65b90

SHA1
b68a5e7f74916918a5c524d4295fdef64ef325d2

SHA256
75de55c5f5a51dc497bda48d2421c6bd120cd5ef5a378dbd7878c579136f8bd1

SHA512
02eb8e187a54fb87b9283a2d16b107a55322e2d6702d2a71b3f305c56938c3a21c85314844843e7db320fdb19a27c5dc554a6ee39936b85b209ba9c023400a7b

Download Submit
\Windows\system\JZsknFc.exe

Filesize
6.0MB

MD5
745a6a54bfd9ad6c0d2343e53acd805e

SHA1
8b3f9d6eea438f815e73d13d75f2c703f06fcf45

SHA256
fc4313a7eb0569423a9136792f0c3cfd60c2222c98d8a837f8bdd19a96ca4baa

SHA512
18917d5e085ddbee2347136fbb66aa24c39487bf3c0c4fd273b88e643bde73972f0a0f5ad0d9fa733c6d969e322df18a1f335a6f2f1568f8603a49a4cfac76f9

Download Submit
\Windows\system\LrijRyV.exe

Filesize
6.0MB

MD5
219ed66475494aeaca97437e0b02efd9

SHA1
1fb52a494338d4d665be743fdeefed39f3734370

SHA256
1ede996df547d1f6631758e01693e82e86511b4bf6425cadc3cb958d09045a97

SHA512
c4277e207ac52317a685365181a7d612c947482b32306e6d5e902d23a74bad9496db27fb3ea95c1d31dddad757ffe8df16a9502d3b5e1abc455e5db6bd82a70e

Download Submit
\Windows\system\NnivvoN.exe

Filesize
6.0MB

MD5
4f77d5324ce0a916f3172363f7c9fe82

SHA1
e0df450e896c3b7a8a071880b72dbb3df3002a4a

SHA256
dd56b572ad2f85ed89b644b107303974fe5106ce99cbf88955ebbc47fc1ec7a9

SHA512
d0611929336a210cec21e46fcb91f904069daf38b57586f90389ad738612c3b2b7800dd2551ea2edd689e48a39bf72e190405af4b29f1b670a3624e880d20489

Download Submit
\Windows\system\SlLWreO.exe

Filesize
6.0MB

MD5
abe611272119adabb6f37bc67e211833

SHA1
61ccec08175131475239aa8e044d590c6a5e527a

SHA256
0d7affd03755a25edc21122998beb2893f4fda02cd8cc2e5e97ac218d8bff88f

SHA512
2102d9cf106930a0f82724680badfb2a1819dc0f4991608f4b88939944834867ed92ac1de3758bc0561fc815410274c3b454f9cd34aa4a82d113bb0e01070a69

Download Submit
\Windows\system\VrSbYJX.exe

Filesize
6.0MB

MD5
1cb7ff971d6bfcb5cf8b9cf59876246c

SHA1
83b97189009dc37f9a0217f5bab46f28ef246d20

SHA256
38f5366079619f2b0070f7580cb408c9ca7d10b85b49199befee0d972cd217ed

SHA512
030e63cc0c9ab52c9f84a41484d13e7c4cee9b0cab715e2cf633ba96bb19e024218de57313506f470cb9b14c1b843158609af1a9ca2a5dda13956ea93354e36b

Download Submit
\Windows\system\YBfGImM.exe

Filesize
6.0MB

MD5
c645e24e446d4c6cbf5b370b74525a56

SHA1
b10349494860cc9878b58f4e8304b55247e7978b

SHA256
3002bb3302ec6b2d204efbe16d6de11f699cd4dd1efe0f050254c295c56856ca

SHA512
b68e7d0843cdacd89bd70412f1b5628701ed128c78d6d7dd2079b75342c1075b05d6551b51b9e464668d3bf3ce27c643f7e65b745a976646c21a4dff29493cfb

Download Submit
\Windows\system\arreqFO.exe

Filesize
6.0MB

MD5
8e15fd660d1a3ffa925b7ff63c674ab2

SHA1
d9bf6c87fd85b4cdbbf52f774bf54cbe0d6934b0

SHA256
2e33a5307562ee4e8bdeb2cc69b1d52518e56b2b673de82ce55e9bae57d59e60

SHA512
4ab9cb36d1a18060336a0b9f86c8da8e8d3f782980565a9cb21b53c14f2cd8a50ea14c3bf7d633313b84af1482bb7ede93c98ed429a3473ffb84739a60e992b6

Download Submit
\Windows\system\mVPBBYa.exe

Filesize
6.0MB

MD5
723eeb19a6101574c09f75e67f551779

SHA1
4e3e9296267433719ddf83ea93cf8d4c686888f9

SHA256
ed8b5783eec1310a314f5a11276070a95f3c34cc7a650a23f5dbb0f0eedacbad

SHA512
15317ec11424f86e1309832b8a3315d0050c904970863af24fbd58cf42d42b0e3b78aebd3852faccb7f5c3efdd7d440d3bcb5b02c4cbbfc71614e5d998efdb93

Download Submit
\Windows\system\oZwbgTy.exe

Filesize
6.0MB

MD5
6a84c5ddd44e57b51090e4db3e5a5756

SHA1
f41f9d8fca0f762b54c831b289b0283745f1c778

SHA256
557f7230272dc841f6c6ff7fd7df9b299059d0711dc40b5fd63798a3baa69ec3

SHA512
b06915c2cde1cef5e819eef496b086977a8c35b169f3489e359cb363867c778839902890cba415ca0006b9523f71fb5fdb32602c13987eb5a112fdb81637aebc

Download Submit
\Windows\system\pveHxAh.exe

Filesize
6.0MB

MD5
31dcc765cc1288e133fdf8414aab738a

SHA1
c5188360cea8ebb182105a8fdcd26e7eca192e23

SHA256
c1e9c9265e84f6453e82b2727c286af2196405e936f160d60fef972446dda19f

SHA512
cb4bb0ce3eb8de0752b5b03c7655a122551ea8fe52e78a47d9e6b2f72c388cb14ec59275b82589a52f26d70107ec49d587c407d2799930e4c4bd1b413c417137

Download Submit
\Windows\system\sGgDWVD.exe

Filesize
6.0MB

MD5
020def97a917d395f66f5d91d2c4f84e

SHA1
da64449b4f0d2a332f1dc7ec2aeb9f7c60a2e2d6

SHA256
5240132915b005e3937c34b7ee04f84839333dec25653833df4679e65e0783af

SHA512
0b1a15605da7b5432ab0e92ee703de10763681809385644c7be11d9c8d07f07aa2babf9b91d7a7e8735c29fd7f6fdd742df44fdc683d6f9ab8e949b034e186cf

Download Submit
\Windows\system\wdGqjnG.exe

Filesize
6.0MB

MD5
7c0d977248a3f31190cfb1cd1e4686f1

SHA1
ef14f6359b53d502f938a6c9d4efe52ea8f33e93

SHA256
b386300e38ad89a7464e1c64fdbbc9b2c2e97f1a42e780b130fac32f5d8cf721

SHA512
36f1d0a4388abe09811ff1492a66d0227a5f8166cc4b6c00b3308b9a7a12a8d9eaee2189e3347bdf8080b4735ded1be8e874b9b782b653f87f68bf193a79afac

Download Submit
memory/1224-15-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/1224-893-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/1224-3954-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/1712-3931-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1712-36-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2072-3935-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-105-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-3939-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-153-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-187-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2236-17-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2236-143-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2236-218-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-118-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2236-188-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-175-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-167-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2236-161-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2236-54-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2236-85-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2236-77-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-422-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-171-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2236-0-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-162-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2236-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2236-1075-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2236-1192-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2236-1193-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2236-1321-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-154-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2236-6-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2236-1322-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-13-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2236-545-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2284-3933-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2284-654-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2284-9-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2404-181-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-3957-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-3956-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-170-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-164-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3937-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2860-67-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3932-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-186-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-3959-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-155-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-3936-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download