cobaltstrike | 8251e924d024352a1fea593e909f43c56ff520283311a5291e60f1f9ec08f6b7

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/09/2024, 09:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1154559433ca662da1d47faf990a308e
SHA1

0fd11276487f7d6d42302325a0b6867d7c5fb63d
SHA256

8251e924d024352a1fea593e909f43c56ff520283311a5291e60f1f9ec08f6b7
SHA512

380f0112ced229e13bb0186fe35ddc68cdf42d6290320b238152fc5d2551bbc7e04cb589b1beb7536e1094eb5b6760fd4eaedd23ca0790c9431027f79556717b
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUE:eOl56utgpPF8u/7E

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015baa-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015c67-15.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015c6d-27.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015c80-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015c9f-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cb1-45.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c3a-97.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d0e-134.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d29-147.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4a-172.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6d-192.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d64-182.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d68-186.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d5e-177.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3a-162.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d42-166.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d31-157.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d21-148.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d18-142.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d06-129.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cc8-123.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c9d-119.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cec-127.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c51-112.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c4a-106.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016a66-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016814-82.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000165c2-76.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015cd0-68.dat	cobalt_reflective_dll
behavioral1/files/0x003500000001543d-56.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015cb9-61.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2724-0-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000015baa-11.dat	xmrig
behavioral1/files/0x0008000000015c67-15.dat	xmrig
behavioral1/files/0x0008000000015c6d-27.dat	xmrig
behavioral1/files/0x0008000000015c80-24.dat	xmrig
behavioral1/memory/2652-34-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x0007000000015c9f-41.dat	xmrig
behavioral1/files/0x0007000000015cb1-45.dat	xmrig
behavioral1/memory/2604-44-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/1396-40-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2724-36-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/1260-33-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2852-31-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2644-23-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/1740-51-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2616-69-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2180-79-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2604-87-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/1740-94-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c3a-97.dat	xmrig
behavioral1/files/0x0006000000016d0e-134.dat	xmrig
behavioral1/files/0x0006000000016d29-147.dat	xmrig
behavioral1/files/0x0006000000016d4a-172.dat	xmrig
behavioral1/files/0x0006000000016d6d-192.dat	xmrig
behavioral1/memory/2004-836-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2516-573-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2724-572-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2180-452-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2724-361-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2968-255-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d64-182.dat	xmrig
behavioral1/files/0x0006000000016d68-186.dat	xmrig
behavioral1/files/0x0006000000016d5e-177.dat	xmrig
behavioral1/files/0x0006000000016d3a-162.dat	xmrig
behavioral1/files/0x0006000000016d42-166.dat	xmrig
behavioral1/files/0x0006000000016d31-157.dat	xmrig
behavioral1/files/0x0006000000016d21-148.dat	xmrig
behavioral1/files/0x0006000000016d18-142.dat	xmrig
behavioral1/files/0x0006000000016d06-129.dat	xmrig
behavioral1/files/0x0006000000016cc8-123.dat	xmrig
behavioral1/files/0x0006000000016c9d-119.dat	xmrig
behavioral1/files/0x0006000000016cec-127.dat	xmrig
behavioral1/files/0x0006000000016c51-112.dat	xmrig
behavioral1/files/0x0006000000016c4a-106.dat	xmrig
behavioral1/memory/588-103-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/1564-102-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2004-93-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016a66-90.dat	xmrig
behavioral1/memory/2516-85-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016814-82.dat	xmrig
behavioral1/memory/2724-78-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x00070000000165c2-76.dat	xmrig
behavioral1/memory/2724-74-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2724-70-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2968-72-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015cd0-68.dat	xmrig
behavioral1/memory/588-57-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/files/0x003500000001543d-56.dat	xmrig
behavioral1/files/0x0007000000015cb9-61.dat	xmrig
behavioral1/memory/1260-3700-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/1396-3714-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2852-3713-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2652-3710-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2652	wIYScBa.exe
2644	unpSCEj.exe
2852	HIBRYex.exe
1260	ElvsUJg.exe
1396	QakCPXh.exe
2604	KPJXElx.exe
1740	KZwTwVu.exe
588	gHEaoCn.exe
2616	qtbNKke.exe
2968	pwbytnk.exe
2180	ODlFvhF.exe
2516	TqjGSRQ.exe
2004	oqxqXMc.exe
1564	sKWIKSm.exe
2764	XVCjFoT.exe
1724	afumMpb.exe
2416	YpqXSBH.exe
2756	Ajvvrpw.exe
1924	LelFkVa.exe
1908	dFfIbFL.exe
1948	FlOiMHR.exe
348	KkHMnAT.exe
2924	ThuBMbN.exe
1360	bdpFWUL.exe
2056	yCqyABp.exe
2940	SJCbyHE.exe
868	ChgNKhf.exe
1404	uIyDFDD.exe
324	XGGZUgS.exe
2356	gtHXBMg.exe
1848	mrJlmCH.exe
2364	AtuiAYQ.exe
736	PiatBJB.exe
1676	SXmcnFW.exe
2368	GHIeaej.exe
1696	vqWmhcB.exe
744	gUqJnPy.exe
1576	QfWOSWU.exe
1636	UvSotny.exe
1968	JXTJaGT.exe
932	EvoIAEI.exe
2344	SjjvpDM.exe
2476	BvrVigb.exe
3044	nsMrkVk.exe
3008	XezhGDV.exe
1664	lyTyrlS.exe
1992	qNJwRjo.exe
316	fepOrBl.exe
1884	LaihZuS.exe
3056	vXUQVvL.exe
1920	KOIJEEs.exe
2104	mYgfCaP.exe
1488	bwOWNwr.exe
2712	krPusJl.exe
3060	UzyRCif.exe
2872	upjvQib.exe
2528	ZpiTBUS.exe
2824	nHyBQvs.exe
2888	QUViqcy.exe
3004	LHTtTqj.exe
2036	givGVYn.exe
2420	ENWgYUK.exe
1872	aCLuBqf.exe
2788	dbJYutH.exe

Loads dropped DLL 64 IoCs

pid	Process
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2724-0-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000015baa-11.dat	upx
behavioral1/files/0x0008000000015c67-15.dat	upx
behavioral1/files/0x0008000000015c6d-27.dat	upx
behavioral1/files/0x0008000000015c80-24.dat	upx
behavioral1/memory/2652-34-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x0007000000015c9f-41.dat	upx
behavioral1/files/0x0007000000015cb1-45.dat	upx
behavioral1/memory/2604-44-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/1396-40-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/1260-33-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2852-31-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2644-23-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/1740-51-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2616-69-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2180-79-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2604-87-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/1740-94-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x0006000000016c3a-97.dat	upx
behavioral1/files/0x0006000000016d0e-134.dat	upx
behavioral1/files/0x0006000000016d29-147.dat	upx
behavioral1/files/0x0006000000016d4a-172.dat	upx
behavioral1/files/0x0006000000016d6d-192.dat	upx
behavioral1/memory/2004-836-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2516-573-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2180-452-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2968-255-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/files/0x0006000000016d64-182.dat	upx
behavioral1/files/0x0006000000016d68-186.dat	upx
behavioral1/files/0x0006000000016d5e-177.dat	upx
behavioral1/files/0x0006000000016d3a-162.dat	upx
behavioral1/files/0x0006000000016d42-166.dat	upx
behavioral1/files/0x0006000000016d31-157.dat	upx
behavioral1/files/0x0006000000016d21-148.dat	upx
behavioral1/files/0x0006000000016d18-142.dat	upx
behavioral1/files/0x0006000000016d06-129.dat	upx
behavioral1/files/0x0006000000016cc8-123.dat	upx
behavioral1/files/0x0006000000016c9d-119.dat	upx
behavioral1/files/0x0006000000016cec-127.dat	upx
behavioral1/files/0x0006000000016c51-112.dat	upx
behavioral1/files/0x0006000000016c4a-106.dat	upx
behavioral1/memory/588-103-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/1564-102-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2004-93-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x0006000000016a66-90.dat	upx
behavioral1/memory/2516-85-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x0006000000016814-82.dat	upx
behavioral1/files/0x00070000000165c2-76.dat	upx
behavioral1/memory/2724-74-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2968-72-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/files/0x0008000000015cd0-68.dat	upx
behavioral1/memory/588-57-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x003500000001543d-56.dat	upx
behavioral1/files/0x0007000000015cb9-61.dat	upx
behavioral1/memory/1260-3700-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/1396-3714-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2852-3713-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2652-3710-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2644-3709-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2604-3707-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2968-3804-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/1740-3780-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2004-3848-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kMQfhqg.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SnSJeur.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hbOHUmq.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZdxfGid.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lOGUKEI.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qUNvtFu.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lRYLvFR.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cFYYnRg.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KkHMnAT.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eZnFodV.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YurxetO.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jHyaQaY.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lcBrsjn.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LibQiUH.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uApCBds.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UmdvRvz.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kiPjtMj.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BdDusZo.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HyMYcnC.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PLLbgpE.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\weRTqGf.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fGHaSzw.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKLTqIU.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IjrptSk.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ajksiYo.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qDLsIrY.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EirrbNq.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DxExXsH.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krPusJl.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CWukbCq.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CgfDVLO.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XkDcWKG.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rGWgvNp.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OpGRsbw.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBFzqSE.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sIwGjdv.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DEhlPDA.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MFNZLsB.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bwxRHeI.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dWUXTBF.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lQIljsh.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xKAaCDE.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mtqXrdV.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zFUtATI.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJrFYmx.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ThrCZsa.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vgMNZTl.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kbfnTCc.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjWgaev.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NhTMrIN.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rrhshRf.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XkPXouF.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\irpDhsw.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwdpaVL.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KAqBWZN.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\quBkqph.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jjpEBUx.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHHWjew.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RzSKXLZ.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QLhllpd.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ilFPOJL.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XIOPPcX.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EWyEiEd.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WlrrPoL.exe	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2652	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2724 wrote to memory of 2652	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2724 wrote to memory of 2652	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2724 wrote to memory of 2644	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2724 wrote to memory of 2644	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2724 wrote to memory of 2644	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2724 wrote to memory of 2852	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2724 wrote to memory of 2852	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2724 wrote to memory of 2852	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2724 wrote to memory of 1260	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2724 wrote to memory of 1260	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2724 wrote to memory of 1260	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2724 wrote to memory of 1396	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2724 wrote to memory of 1396	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2724 wrote to memory of 1396	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2724 wrote to memory of 2604	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2724 wrote to memory of 2604	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2724 wrote to memory of 2604	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2724 wrote to memory of 1740	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2724 wrote to memory of 1740	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2724 wrote to memory of 1740	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2724 wrote to memory of 588	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2724 wrote to memory of 588	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2724 wrote to memory of 588	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2724 wrote to memory of 2616	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2724 wrote to memory of 2616	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2724 wrote to memory of 2616	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2724 wrote to memory of 2968	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2724 wrote to memory of 2968	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2724 wrote to memory of 2968	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2724 wrote to memory of 2180	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2724 wrote to memory of 2180	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2724 wrote to memory of 2180	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2724 wrote to memory of 2516	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2724 wrote to memory of 2516	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2724 wrote to memory of 2516	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2724 wrote to memory of 2004	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2724 wrote to memory of 2004	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2724 wrote to memory of 2004	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2724 wrote to memory of 1564	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2724 wrote to memory of 1564	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2724 wrote to memory of 1564	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2724 wrote to memory of 2764	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2724 wrote to memory of 2764	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2724 wrote to memory of 2764	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2724 wrote to memory of 1724	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2724 wrote to memory of 1724	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2724 wrote to memory of 1724	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2724 wrote to memory of 2416	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2724 wrote to memory of 2416	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2724 wrote to memory of 2416	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2724 wrote to memory of 2756	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2724 wrote to memory of 2756	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2724 wrote to memory of 2756	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2724 wrote to memory of 1924	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2724 wrote to memory of 1924	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2724 wrote to memory of 1924	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2724 wrote to memory of 1948	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2724 wrote to memory of 1948	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2724 wrote to memory of 1948	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2724 wrote to memory of 1908	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2724 wrote to memory of 1908	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2724 wrote to memory of 1908	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2724 wrote to memory of 348	2724	2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-04_1154559433ca662da1d47faf990a308e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\System\wIYScBa.exe
  C:\Windows\System\wIYScBa.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\unpSCEj.exe
  C:\Windows\System\unpSCEj.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\HIBRYex.exe
  C:\Windows\System\HIBRYex.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\ElvsUJg.exe
  C:\Windows\System\ElvsUJg.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\QakCPXh.exe
  C:\Windows\System\QakCPXh.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\KPJXElx.exe
  C:\Windows\System\KPJXElx.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\KZwTwVu.exe
  C:\Windows\System\KZwTwVu.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\gHEaoCn.exe
  C:\Windows\System\gHEaoCn.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\qtbNKke.exe
  C:\Windows\System\qtbNKke.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\pwbytnk.exe
  C:\Windows\System\pwbytnk.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\ODlFvhF.exe
  C:\Windows\System\ODlFvhF.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\TqjGSRQ.exe
  C:\Windows\System\TqjGSRQ.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\oqxqXMc.exe
  C:\Windows\System\oqxqXMc.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\sKWIKSm.exe
  C:\Windows\System\sKWIKSm.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\XVCjFoT.exe
  C:\Windows\System\XVCjFoT.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\afumMpb.exe
  C:\Windows\System\afumMpb.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\YpqXSBH.exe
  C:\Windows\System\YpqXSBH.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\Ajvvrpw.exe
  C:\Windows\System\Ajvvrpw.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\LelFkVa.exe
  C:\Windows\System\LelFkVa.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\FlOiMHR.exe
  C:\Windows\System\FlOiMHR.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\dFfIbFL.exe
  C:\Windows\System\dFfIbFL.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\KkHMnAT.exe
  C:\Windows\System\KkHMnAT.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\ThuBMbN.exe
  C:\Windows\System\ThuBMbN.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\bdpFWUL.exe
  C:\Windows\System\bdpFWUL.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\yCqyABp.exe
  C:\Windows\System\yCqyABp.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\SJCbyHE.exe
  C:\Windows\System\SJCbyHE.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\ChgNKhf.exe
  C:\Windows\System\ChgNKhf.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\uIyDFDD.exe
  C:\Windows\System\uIyDFDD.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\XGGZUgS.exe
  C:\Windows\System\XGGZUgS.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\gtHXBMg.exe
  C:\Windows\System\gtHXBMg.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\mrJlmCH.exe
  C:\Windows\System\mrJlmCH.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\AtuiAYQ.exe
  C:\Windows\System\AtuiAYQ.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\PiatBJB.exe
  C:\Windows\System\PiatBJB.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\SXmcnFW.exe
  C:\Windows\System\SXmcnFW.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\GHIeaej.exe
  C:\Windows\System\GHIeaej.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\gUqJnPy.exe
  C:\Windows\System\gUqJnPy.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\vqWmhcB.exe
  C:\Windows\System\vqWmhcB.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\QfWOSWU.exe
  C:\Windows\System\QfWOSWU.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\UvSotny.exe
  C:\Windows\System\UvSotny.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\JXTJaGT.exe
  C:\Windows\System\JXTJaGT.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\EvoIAEI.exe
  C:\Windows\System\EvoIAEI.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\SjjvpDM.exe
  C:\Windows\System\SjjvpDM.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\BvrVigb.exe
  C:\Windows\System\BvrVigb.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\nsMrkVk.exe
  C:\Windows\System\nsMrkVk.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\XezhGDV.exe
  C:\Windows\System\XezhGDV.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\lyTyrlS.exe
  C:\Windows\System\lyTyrlS.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\qNJwRjo.exe
  C:\Windows\System\qNJwRjo.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\fepOrBl.exe
  C:\Windows\System\fepOrBl.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\LaihZuS.exe
  C:\Windows\System\LaihZuS.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\vXUQVvL.exe
  C:\Windows\System\vXUQVvL.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\KOIJEEs.exe
  C:\Windows\System\KOIJEEs.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\mYgfCaP.exe
  C:\Windows\System\mYgfCaP.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\bwOWNwr.exe
  C:\Windows\System\bwOWNwr.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\krPusJl.exe
  C:\Windows\System\krPusJl.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\UzyRCif.exe
  C:\Windows\System\UzyRCif.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\upjvQib.exe
  C:\Windows\System\upjvQib.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\ZpiTBUS.exe
  C:\Windows\System\ZpiTBUS.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\nHyBQvs.exe
  C:\Windows\System\nHyBQvs.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\QUViqcy.exe
  C:\Windows\System\QUViqcy.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\LHTtTqj.exe
  C:\Windows\System\LHTtTqj.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\givGVYn.exe
  C:\Windows\System\givGVYn.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\ENWgYUK.exe
  C:\Windows\System\ENWgYUK.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\aCLuBqf.exe
  C:\Windows\System\aCLuBqf.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\dbJYutH.exe
  C:\Windows\System\dbJYutH.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\QKWUXgb.exe
  C:\Windows\System\QKWUXgb.exe
  2⤵
  PID:2768
- C:\Windows\System\YMLbPVZ.exe
  C:\Windows\System\YMLbPVZ.exe
  2⤵
  PID:2876
- C:\Windows\System\Tjvtcvs.exe
  C:\Windows\System\Tjvtcvs.exe
  2⤵
  PID:2128
- C:\Windows\System\xVHhLGW.exe
  C:\Windows\System\xVHhLGW.exe
  2⤵
  PID:2184
- C:\Windows\System\KGrbGNP.exe
  C:\Windows\System\KGrbGNP.exe
  2⤵
  PID:2224
- C:\Windows\System\DiqobAv.exe
  C:\Windows\System\DiqobAv.exe
  2⤵
  PID:1400
- C:\Windows\System\DGWqOiZ.exe
  C:\Windows\System\DGWqOiZ.exe
  2⤵
  PID:1080
- C:\Windows\System\erHJwFB.exe
  C:\Windows\System\erHJwFB.exe
  2⤵
  PID:2860
- C:\Windows\System\IZAzxyC.exe
  C:\Windows\System\IZAzxyC.exe
  2⤵
  PID:2284
- C:\Windows\System\jMnzRkx.exe
  C:\Windows\System\jMnzRkx.exe
  2⤵
  PID:1180
- C:\Windows\System\MsfvnqV.exe
  C:\Windows\System\MsfvnqV.exe
  2⤵
  PID:1540
- C:\Windows\System\rwjKLRr.exe
  C:\Windows\System\rwjKLRr.exe
  2⤵
  PID:1656
- C:\Windows\System\PbZlxJa.exe
  C:\Windows\System\PbZlxJa.exe
  2⤵
  PID:2976
- C:\Windows\System\JVRUouT.exe
  C:\Windows\System\JVRUouT.exe
  2⤵
  PID:904
- C:\Windows\System\weRTqGf.exe
  C:\Windows\System\weRTqGf.exe
  2⤵
  PID:2348
- C:\Windows\System\nnIxOKk.exe
  C:\Windows\System\nnIxOKk.exe
  2⤵
  PID:1912
- C:\Windows\System\KLgZlrJ.exe
  C:\Windows\System\KLgZlrJ.exe
  2⤵
  PID:3032
- C:\Windows\System\RymcTfH.exe
  C:\Windows\System\RymcTfH.exe
  2⤵
  PID:1856
- C:\Windows\System\ttBlGGU.exe
  C:\Windows\System\ttBlGGU.exe
  2⤵
  PID:2796
- C:\Windows\System\ecLBMEG.exe
  C:\Windows\System\ecLBMEG.exe
  2⤵
  PID:2332
- C:\Windows\System\gCeTFYJ.exe
  C:\Windows\System\gCeTFYJ.exe
  2⤵
  PID:896
- C:\Windows\System\FnEBGxx.exe
  C:\Windows\System\FnEBGxx.exe
  2⤵
  PID:1788
- C:\Windows\System\vsNZWAF.exe
  C:\Windows\System\vsNZWAF.exe
  2⤵
  PID:1524
- C:\Windows\System\XXdTFhe.exe
  C:\Windows\System\XXdTFhe.exe
  2⤵
  PID:2684
- C:\Windows\System\sKUaTTO.exe
  C:\Windows\System\sKUaTTO.exe
  2⤵
  PID:2700
- C:\Windows\System\NpBEPyH.exe
  C:\Windows\System\NpBEPyH.exe
  2⤵
  PID:992
- C:\Windows\System\gyrrKwN.exe
  C:\Windows\System\gyrrKwN.exe
  2⤵
  PID:2320
- C:\Windows\System\qzHsnGj.exe
  C:\Windows\System\qzHsnGj.exe
  2⤵
  PID:1104
- C:\Windows\System\ZdxfGid.exe
  C:\Windows\System\ZdxfGid.exe
  2⤵
  PID:2024
- C:\Windows\System\VujAkYK.exe
  C:\Windows\System\VujAkYK.exe
  2⤵
  PID:2376
- C:\Windows\System\mpoCqTr.exe
  C:\Windows\System\mpoCqTr.exe
  2⤵
  PID:2484
- C:\Windows\System\nWbTpVB.exe
  C:\Windows\System\nWbTpVB.exe
  2⤵
  PID:760
- C:\Windows\System\ileGIEF.exe
  C:\Windows\System\ileGIEF.exe
  2⤵
  PID:2144
- C:\Windows\System\IjrptSk.exe
  C:\Windows\System\IjrptSk.exe
  2⤵
  PID:2360
- C:\Windows\System\fpFtoIC.exe
  C:\Windows\System\fpFtoIC.exe
  2⤵
  PID:1216
- C:\Windows\System\ACLoirX.exe
  C:\Windows\System\ACLoirX.exe
  2⤵
  PID:1444
- C:\Windows\System\HaPhYpt.exe
  C:\Windows\System\HaPhYpt.exe
  2⤵
  PID:1776
- C:\Windows\System\jURZOvF.exe
  C:\Windows\System\jURZOvF.exe
  2⤵
  PID:1436
- C:\Windows\System\iQIbRCm.exe
  C:\Windows\System\iQIbRCm.exe
  2⤵
  PID:880
- C:\Windows\System\HmoYHGi.exe
  C:\Windows\System\HmoYHGi.exe
  2⤵
  PID:1460
- C:\Windows\System\bqwnKrh.exe
  C:\Windows\System\bqwnKrh.exe
  2⤵
  PID:3088
- C:\Windows\System\jgtNkGw.exe
  C:\Windows\System\jgtNkGw.exe
  2⤵
  PID:3116
- C:\Windows\System\leSZifR.exe
  C:\Windows\System\leSZifR.exe
  2⤵
  PID:3132
- C:\Windows\System\tSIPHdI.exe
  C:\Windows\System\tSIPHdI.exe
  2⤵
  PID:3156
- C:\Windows\System\Jmhfewr.exe
  C:\Windows\System\Jmhfewr.exe
  2⤵
  PID:3172
- C:\Windows\System\URGWsKA.exe
  C:\Windows\System\URGWsKA.exe
  2⤵
  PID:3192
- C:\Windows\System\ewFgGBH.exe
  C:\Windows\System\ewFgGBH.exe
  2⤵
  PID:3212
- C:\Windows\System\qXnLJAw.exe
  C:\Windows\System\qXnLJAw.exe
  2⤵
  PID:3228
- C:\Windows\System\NBefMbm.exe
  C:\Windows\System\NBefMbm.exe
  2⤵
  PID:3244
- C:\Windows\System\cqlPKRm.exe
  C:\Windows\System\cqlPKRm.exe
  2⤵
  PID:3260
- C:\Windows\System\YArRXlq.exe
  C:\Windows\System\YArRXlq.exe
  2⤵
  PID:3284
- C:\Windows\System\vxLFHSS.exe
  C:\Windows\System\vxLFHSS.exe
  2⤵
  PID:3308
- C:\Windows\System\haaDKtD.exe
  C:\Windows\System\haaDKtD.exe
  2⤵
  PID:3332
- C:\Windows\System\mIOmLJD.exe
  C:\Windows\System\mIOmLJD.exe
  2⤵
  PID:3360
- C:\Windows\System\GVpJmcw.exe
  C:\Windows\System\GVpJmcw.exe
  2⤵
  PID:3380
- C:\Windows\System\zmdFdjK.exe
  C:\Windows\System\zmdFdjK.exe
  2⤵
  PID:3400
- C:\Windows\System\klHPvbF.exe
  C:\Windows\System\klHPvbF.exe
  2⤵
  PID:3416
- C:\Windows\System\gnxrLYh.exe
  C:\Windows\System\gnxrLYh.exe
  2⤵
  PID:3436
- C:\Windows\System\kuiSyFi.exe
  C:\Windows\System\kuiSyFi.exe
  2⤵
  PID:3456
- C:\Windows\System\AyXrCCg.exe
  C:\Windows\System\AyXrCCg.exe
  2⤵
  PID:3476
- C:\Windows\System\eplTkad.exe
  C:\Windows\System\eplTkad.exe
  2⤵
  PID:3496
- C:\Windows\System\atWBhpw.exe
  C:\Windows\System\atWBhpw.exe
  2⤵
  PID:3512
- C:\Windows\System\pWkVpFW.exe
  C:\Windows\System\pWkVpFW.exe
  2⤵
  PID:3528
- C:\Windows\System\LWbvWgW.exe
  C:\Windows\System\LWbvWgW.exe
  2⤵
  PID:3544
- C:\Windows\System\aQgMTJS.exe
  C:\Windows\System\aQgMTJS.exe
  2⤵
  PID:3560
- C:\Windows\System\fjWgaev.exe
  C:\Windows\System\fjWgaev.exe
  2⤵
  PID:3576
- C:\Windows\System\dsaTSgH.exe
  C:\Windows\System\dsaTSgH.exe
  2⤵
  PID:3592
- C:\Windows\System\gSmvcyG.exe
  C:\Windows\System\gSmvcyG.exe
  2⤵
  PID:3616
- C:\Windows\System\gDNHkQJ.exe
  C:\Windows\System\gDNHkQJ.exe
  2⤵
  PID:3632
- C:\Windows\System\tNHWOED.exe
  C:\Windows\System\tNHWOED.exe
  2⤵
  PID:3648
- C:\Windows\System\KgfuheF.exe
  C:\Windows\System\KgfuheF.exe
  2⤵
  PID:3676
- C:\Windows\System\sNLbjFc.exe
  C:\Windows\System\sNLbjFc.exe
  2⤵
  PID:3692
- C:\Windows\System\kMQfhqg.exe
  C:\Windows\System\kMQfhqg.exe
  2⤵
  PID:3708
- C:\Windows\System\KvSentH.exe
  C:\Windows\System\KvSentH.exe
  2⤵
  PID:3724
- C:\Windows\System\fQrgObM.exe
  C:\Windows\System\fQrgObM.exe
  2⤵
  PID:3780
- C:\Windows\System\vCHjNLL.exe
  C:\Windows\System\vCHjNLL.exe
  2⤵
  PID:3796
- C:\Windows\System\SjhPmjw.exe
  C:\Windows\System\SjhPmjw.exe
  2⤵
  PID:3812
- C:\Windows\System\hdvQnwt.exe
  C:\Windows\System\hdvQnwt.exe
  2⤵
  PID:3828
- C:\Windows\System\MzjJjjg.exe
  C:\Windows\System\MzjJjjg.exe
  2⤵
  PID:3852
- C:\Windows\System\NhTMrIN.exe
  C:\Windows\System\NhTMrIN.exe
  2⤵
  PID:3872
- C:\Windows\System\vxZRoKM.exe
  C:\Windows\System\vxZRoKM.exe
  2⤵
  PID:3892
- C:\Windows\System\vESHelW.exe
  C:\Windows\System\vESHelW.exe
  2⤵
  PID:3924
- C:\Windows\System\XPHweGi.exe
  C:\Windows\System\XPHweGi.exe
  2⤵
  PID:3940
- C:\Windows\System\LXZxOYg.exe
  C:\Windows\System\LXZxOYg.exe
  2⤵
  PID:3956
- C:\Windows\System\JZzRiXP.exe
  C:\Windows\System\JZzRiXP.exe
  2⤵
  PID:3980
- C:\Windows\System\CqFMgsa.exe
  C:\Windows\System\CqFMgsa.exe
  2⤵
  PID:3996
- C:\Windows\System\HfoGOHz.exe
  C:\Windows\System\HfoGOHz.exe
  2⤵
  PID:4016
- C:\Windows\System\ELtgUVS.exe
  C:\Windows\System\ELtgUVS.exe
  2⤵
  PID:4036
- C:\Windows\System\cTpasHy.exe
  C:\Windows\System\cTpasHy.exe
  2⤵
  PID:4060
- C:\Windows\System\cHtrFCm.exe
  C:\Windows\System\cHtrFCm.exe
  2⤵
  PID:4076
- C:\Windows\System\QJUISHD.exe
  C:\Windows\System\QJUISHD.exe
  2⤵
  PID:1572
- C:\Windows\System\dOoWlod.exe
  C:\Windows\System\dOoWlod.exe
  2⤵
  PID:2896
- C:\Windows\System\DrLQXBQ.exe
  C:\Windows\System\DrLQXBQ.exe
  2⤵
  PID:1428
- C:\Windows\System\EjCajaF.exe
  C:\Windows\System\EjCajaF.exe
  2⤵
  PID:2760
- C:\Windows\System\Fmqcrmo.exe
  C:\Windows\System\Fmqcrmo.exe
  2⤵
  PID:1712
- C:\Windows\System\POZEoDK.exe
  C:\Windows\System\POZEoDK.exe
  2⤵
  PID:836
- C:\Windows\System\YNxMskf.exe
  C:\Windows\System\YNxMskf.exe
  2⤵
  PID:1420
- C:\Windows\System\vRdRery.exe
  C:\Windows\System\vRdRery.exe
  2⤵
  PID:2216
- C:\Windows\System\EJHjfNg.exe
  C:\Windows\System\EJHjfNg.exe
  2⤵
  PID:1964
- C:\Windows\System\flIdDBd.exe
  C:\Windows\System\flIdDBd.exe
  2⤵
  PID:1648
- C:\Windows\System\DNxztaB.exe
  C:\Windows\System\DNxztaB.exe
  2⤵
  PID:2716
- C:\Windows\System\ZJYSqjk.exe
  C:\Windows\System\ZJYSqjk.exe
  2⤵
  PID:2612
- C:\Windows\System\bSZPbOr.exe
  C:\Windows\System\bSZPbOr.exe
  2⤵
  PID:2296
- C:\Windows\System\JjkiPOk.exe
  C:\Windows\System\JjkiPOk.exe
  2⤵
  PID:3020
- C:\Windows\System\ZeYnQgA.exe
  C:\Windows\System\ZeYnQgA.exe
  2⤵
  PID:3124
- C:\Windows\System\tsUGBuP.exe
  C:\Windows\System\tsUGBuP.exe
  2⤵
  PID:3148
- C:\Windows\System\HGbgrST.exe
  C:\Windows\System\HGbgrST.exe
  2⤵
  PID:3188
- C:\Windows\System\RQTREQZ.exe
  C:\Windows\System\RQTREQZ.exe
  2⤵
  PID:3252
- C:\Windows\System\dtVgEmZ.exe
  C:\Windows\System\dtVgEmZ.exe
  2⤵
  PID:3204
- C:\Windows\System\txcrtSq.exe
  C:\Windows\System\txcrtSq.exe
  2⤵
  PID:3236
- C:\Windows\System\dnRsoAz.exe
  C:\Windows\System\dnRsoAz.exe
  2⤵
  PID:3324
- C:\Windows\System\eKHstIT.exe
  C:\Windows\System\eKHstIT.exe
  2⤵
  PID:3352
- C:\Windows\System\RVthbuM.exe
  C:\Windows\System\RVthbuM.exe
  2⤵
  PID:3432
- C:\Windows\System\qCMCnnI.exe
  C:\Windows\System\qCMCnnI.exe
  2⤵
  PID:3468
- C:\Windows\System\KJQQpdE.exe
  C:\Windows\System\KJQQpdE.exe
  2⤵
  PID:3540
- C:\Windows\System\mxCfFtw.exe
  C:\Windows\System\mxCfFtw.exe
  2⤵
  PID:3604
- C:\Windows\System\ICkSGSv.exe
  C:\Windows\System\ICkSGSv.exe
  2⤵
  PID:3444
- C:\Windows\System\nRsDezK.exe
  C:\Windows\System\nRsDezK.exe
  2⤵
  PID:3720
- C:\Windows\System\CMfXYAC.exe
  C:\Windows\System\CMfXYAC.exe
  2⤵
  PID:3820
- C:\Windows\System\stRCBoB.exe
  C:\Windows\System\stRCBoB.exe
  2⤵
  PID:3900
- C:\Windows\System\JWEkKjV.exe
  C:\Windows\System\JWEkKjV.exe
  2⤵
  PID:3736
- C:\Windows\System\yuiEJma.exe
  C:\Windows\System\yuiEJma.exe
  2⤵
  PID:3488
- C:\Windows\System\iyjVVix.exe
  C:\Windows\System\iyjVVix.exe
  2⤵
  PID:3588
- C:\Windows\System\shImjcH.exe
  C:\Windows\System\shImjcH.exe
  2⤵
  PID:3908
- C:\Windows\System\YpFIClo.exe
  C:\Windows\System\YpFIClo.exe
  2⤵
  PID:3744
- C:\Windows\System\XKEwmox.exe
  C:\Windows\System\XKEwmox.exe
  2⤵
  PID:3752
- C:\Windows\System\uNsieHi.exe
  C:\Windows\System\uNsieHi.exe
  2⤵
  PID:3768
- C:\Windows\System\FrCOYkB.exe
  C:\Windows\System\FrCOYkB.exe
  2⤵
  PID:3880
- C:\Windows\System\bNlATor.exe
  C:\Windows\System\bNlATor.exe
  2⤵
  PID:4024
- C:\Windows\System\CtcIQoh.exe
  C:\Windows\System\CtcIQoh.exe
  2⤵
  PID:3932
- C:\Windows\System\yrntjOm.exe
  C:\Windows\System\yrntjOm.exe
  2⤵
  PID:1236
- C:\Windows\System\bLlKQns.exe
  C:\Windows\System\bLlKQns.exe
  2⤵
  PID:1100
- C:\Windows\System\bbEHUbf.exe
  C:\Windows\System\bbEHUbf.exe
  2⤵
  PID:3976
- C:\Windows\System\fcLtjjB.exe
  C:\Windows\System\fcLtjjB.exe
  2⤵
  PID:3096
- C:\Windows\System\UmdvRvz.exe
  C:\Windows\System\UmdvRvz.exe
  2⤵
  PID:3128
- C:\Windows\System\uQNdsNV.exe
  C:\Windows\System\uQNdsNV.exe
  2⤵
  PID:3936
- C:\Windows\System\LTgjqdI.exe
  C:\Windows\System\LTgjqdI.exe
  2⤵
  PID:3272
- C:\Windows\System\WbWlLbn.exe
  C:\Windows\System\WbWlLbn.exe
  2⤵
  PID:4088
- C:\Windows\System\jtMNHQo.exe
  C:\Windows\System\jtMNHQo.exe
  2⤵
  PID:3276
- C:\Windows\System\QseRAid.exe
  C:\Windows\System\QseRAid.exe
  2⤵
  PID:3328
- C:\Windows\System\OYAgNhR.exe
  C:\Windows\System\OYAgNhR.exe
  2⤵
  PID:3472
- C:\Windows\System\MxZKrJk.exe
  C:\Windows\System\MxZKrJk.exe
  2⤵
  PID:2288
- C:\Windows\System\CxhUdlf.exe
  C:\Windows\System\CxhUdlf.exe
  2⤵
  PID:2272
- C:\Windows\System\bmHKadd.exe
  C:\Windows\System\bmHKadd.exe
  2⤵
  PID:1988
- C:\Windows\System\fWDqzER.exe
  C:\Windows\System\fWDqzER.exe
  2⤵
  PID:3868
- C:\Windows\System\OMPqEIZ.exe
  C:\Windows\System\OMPqEIZ.exe
  2⤵
  PID:3556
- C:\Windows\System\ybaLMuz.exe
  C:\Windows\System\ybaLMuz.exe
  2⤵
  PID:3748
- C:\Windows\System\VtRHEac.exe
  C:\Windows\System\VtRHEac.exe
  2⤵
  PID:3844
- C:\Windows\System\OitexOA.exe
  C:\Windows\System\OitexOA.exe
  2⤵
  PID:3296
- C:\Windows\System\eBlTgpY.exe
  C:\Windows\System\eBlTgpY.exe
  2⤵
  PID:3888
- C:\Windows\System\JdWsxAO.exe
  C:\Windows\System\JdWsxAO.exe
  2⤵
  PID:3144
- C:\Windows\System\GFcddqs.exe
  C:\Windows\System\GFcddqs.exe
  2⤵
  PID:3368
- C:\Windows\System\TzyIhtj.exe
  C:\Windows\System\TzyIhtj.exe
  2⤵
  PID:3412
- C:\Windows\System\MfimXRB.exe
  C:\Windows\System\MfimXRB.exe
  2⤵
  PID:3664
- C:\Windows\System\PGLcfGg.exe
  C:\Windows\System\PGLcfGg.exe
  2⤵
  PID:3732
- C:\Windows\System\uhDqoXp.exe
  C:\Windows\System\uhDqoXp.exe
  2⤵
  PID:876
- C:\Windows\System\uXdjWQi.exe
  C:\Windows\System\uXdjWQi.exe
  2⤵
  PID:3224
- C:\Windows\System\fARdXDy.exe
  C:\Windows\System\fARdXDy.exe
  2⤵
  PID:3764
- C:\Windows\System\mIEPEHs.exe
  C:\Windows\System\mIEPEHs.exe
  2⤵
  PID:1640
- C:\Windows\System\Aolceoj.exe
  C:\Windows\System\Aolceoj.exe
  2⤵
  PID:1092
- C:\Windows\System\oRUkJqm.exe
  C:\Windows\System\oRUkJqm.exe
  2⤵
  PID:2060
- C:\Windows\System\jKVcNgL.exe
  C:\Windows\System\jKVcNgL.exe
  2⤵
  PID:3836
- C:\Windows\System\SnSJeur.exe
  C:\Windows\System\SnSJeur.exe
  2⤵
  PID:3104
- C:\Windows\System\AslmUaK.exe
  C:\Windows\System\AslmUaK.exe
  2⤵
  PID:2248
- C:\Windows\System\satTprk.exe
  C:\Windows\System\satTprk.exe
  2⤵
  PID:3964
- C:\Windows\System\ifBXaNV.exe
  C:\Windows\System\ifBXaNV.exe
  2⤵
  PID:4056
- C:\Windows\System\mwiJtJC.exe
  C:\Windows\System\mwiJtJC.exe
  2⤵
  PID:2840
- C:\Windows\System\QyMjyap.exe
  C:\Windows\System\QyMjyap.exe
  2⤵
  PID:3180
- C:\Windows\System\JpskXks.exe
  C:\Windows\System\JpskXks.exe
  2⤵
  PID:3388
- C:\Windows\System\DJJvRJV.exe
  C:\Windows\System\DJJvRJV.exe
  2⤵
  PID:3920
- C:\Windows\System\pdpGYNg.exe
  C:\Windows\System\pdpGYNg.exe
  2⤵
  PID:2680
- C:\Windows\System\UqioNpM.exe
  C:\Windows\System\UqioNpM.exe
  2⤵
  PID:3452
- C:\Windows\System\dxKdVMC.exe
  C:\Windows\System\dxKdVMC.exe
  2⤵
  PID:3624
- C:\Windows\System\VxlqTvr.exe
  C:\Windows\System\VxlqTvr.exe
  2⤵
  PID:1944
- C:\Windows\System\fPtFaas.exe
  C:\Windows\System\fPtFaas.exe
  2⤵
  PID:3808
- C:\Windows\System\DYUkTEF.exe
  C:\Windows\System\DYUkTEF.exe
  2⤵
  PID:3840
- C:\Windows\System\klgZjqU.exe
  C:\Windows\System\klgZjqU.exe
  2⤵
  PID:4112
- C:\Windows\System\xCAJeeL.exe
  C:\Windows\System\xCAJeeL.exe
  2⤵
  PID:4128
- C:\Windows\System\OwWeBtZ.exe
  C:\Windows\System\OwWeBtZ.exe
  2⤵
  PID:4144
- C:\Windows\System\omtjzyi.exe
  C:\Windows\System\omtjzyi.exe
  2⤵
  PID:4160
- C:\Windows\System\XhndgTC.exe
  C:\Windows\System\XhndgTC.exe
  2⤵
  PID:4176
- C:\Windows\System\mPOVqLj.exe
  C:\Windows\System\mPOVqLj.exe
  2⤵
  PID:4192
- C:\Windows\System\KbhGmWC.exe
  C:\Windows\System\KbhGmWC.exe
  2⤵
  PID:4208
- C:\Windows\System\ebatnlk.exe
  C:\Windows\System\ebatnlk.exe
  2⤵
  PID:4224
- C:\Windows\System\lupLBmn.exe
  C:\Windows\System\lupLBmn.exe
  2⤵
  PID:4244
- C:\Windows\System\IfpJCIz.exe
  C:\Windows\System\IfpJCIz.exe
  2⤵
  PID:4260
- C:\Windows\System\YdXGqvs.exe
  C:\Windows\System\YdXGqvs.exe
  2⤵
  PID:4280
- C:\Windows\System\bZbiEEf.exe
  C:\Windows\System\bZbiEEf.exe
  2⤵
  PID:4388
- C:\Windows\System\bAzrPMl.exe
  C:\Windows\System\bAzrPMl.exe
  2⤵
  PID:4412
- C:\Windows\System\LzXIAZi.exe
  C:\Windows\System\LzXIAZi.exe
  2⤵
  PID:4428
- C:\Windows\System\fxPUwYU.exe
  C:\Windows\System\fxPUwYU.exe
  2⤵
  PID:4444
- C:\Windows\System\kiPjtMj.exe
  C:\Windows\System\kiPjtMj.exe
  2⤵
  PID:4464
- C:\Windows\System\KfOKcKJ.exe
  C:\Windows\System\KfOKcKJ.exe
  2⤵
  PID:4480
- C:\Windows\System\CIybBVW.exe
  C:\Windows\System\CIybBVW.exe
  2⤵
  PID:4496
- C:\Windows\System\VVxSfvQ.exe
  C:\Windows\System\VVxSfvQ.exe
  2⤵
  PID:4520
- C:\Windows\System\XwnWiqf.exe
  C:\Windows\System\XwnWiqf.exe
  2⤵
  PID:4536
- C:\Windows\System\bVxpHGY.exe
  C:\Windows\System\bVxpHGY.exe
  2⤵
  PID:4568
- C:\Windows\System\XEzRgIE.exe
  C:\Windows\System\XEzRgIE.exe
  2⤵
  PID:4584
- C:\Windows\System\ZohtdHn.exe
  C:\Windows\System\ZohtdHn.exe
  2⤵
  PID:4608
- C:\Windows\System\FGBZMhP.exe
  C:\Windows\System\FGBZMhP.exe
  2⤵
  PID:4624
- C:\Windows\System\FDwloBB.exe
  C:\Windows\System\FDwloBB.exe
  2⤵
  PID:4648
- C:\Windows\System\WmMjXhI.exe
  C:\Windows\System\WmMjXhI.exe
  2⤵
  PID:4664
- C:\Windows\System\vhvgnda.exe
  C:\Windows\System\vhvgnda.exe
  2⤵
  PID:4684
- C:\Windows\System\ZzAFHQR.exe
  C:\Windows\System\ZzAFHQR.exe
  2⤵
  PID:4708
- C:\Windows\System\ePkkMru.exe
  C:\Windows\System\ePkkMru.exe
  2⤵
  PID:4724
- C:\Windows\System\dtSmvIe.exe
  C:\Windows\System\dtSmvIe.exe
  2⤵
  PID:4752
- C:\Windows\System\zuSIMWr.exe
  C:\Windows\System\zuSIMWr.exe
  2⤵
  PID:4768
- C:\Windows\System\yQdwgHO.exe
  C:\Windows\System\yQdwgHO.exe
  2⤵
  PID:4792
- C:\Windows\System\NEXYHsk.exe
  C:\Windows\System\NEXYHsk.exe
  2⤵
  PID:4808
- C:\Windows\System\xeCHIaf.exe
  C:\Windows\System\xeCHIaf.exe
  2⤵
  PID:4824
- C:\Windows\System\VBjlyfA.exe
  C:\Windows\System\VBjlyfA.exe
  2⤵
  PID:4840
- C:\Windows\System\HMCNKqy.exe
  C:\Windows\System\HMCNKqy.exe
  2⤵
  PID:4864
- C:\Windows\System\DSKmPtV.exe
  C:\Windows\System\DSKmPtV.exe
  2⤵
  PID:4880
- C:\Windows\System\VxYjIls.exe
  C:\Windows\System\VxYjIls.exe
  2⤵
  PID:4904
- C:\Windows\System\FEkwSfD.exe
  C:\Windows\System\FEkwSfD.exe
  2⤵
  PID:4920
- C:\Windows\System\hCgogHf.exe
  C:\Windows\System\hCgogHf.exe
  2⤵
  PID:4940
- C:\Windows\System\UICrqlp.exe
  C:\Windows\System\UICrqlp.exe
  2⤵
  PID:4960
- C:\Windows\System\RZVgyhP.exe
  C:\Windows\System\RZVgyhP.exe
  2⤵
  PID:4992
- C:\Windows\System\IyjLIBR.exe
  C:\Windows\System\IyjLIBR.exe
  2⤵
  PID:5008
- C:\Windows\System\XEzbjUK.exe
  C:\Windows\System\XEzbjUK.exe
  2⤵
  PID:5028
- C:\Windows\System\dhSesTz.exe
  C:\Windows\System\dhSesTz.exe
  2⤵
  PID:5048
- C:\Windows\System\nJfxzZd.exe
  C:\Windows\System\nJfxzZd.exe
  2⤵
  PID:5064
- C:\Windows\System\tBdLCqZ.exe
  C:\Windows\System\tBdLCqZ.exe
  2⤵
  PID:5080
- C:\Windows\System\FUDzPqf.exe
  C:\Windows\System\FUDzPqf.exe
  2⤵
  PID:5096
- C:\Windows\System\jxngSPX.exe
  C:\Windows\System\jxngSPX.exe
  2⤵
  PID:2628
- C:\Windows\System\LwTLXec.exe
  C:\Windows\System\LwTLXec.exe
  2⤵
  PID:2880
- C:\Windows\System\lQIljsh.exe
  C:\Windows\System\lQIljsh.exe
  2⤵
  PID:3952
- C:\Windows\System\ITRVegA.exe
  C:\Windows\System\ITRVegA.exe
  2⤵
  PID:2324
- C:\Windows\System\WlrrPoL.exe
  C:\Windows\System\WlrrPoL.exe
  2⤵
  PID:4120
- C:\Windows\System\BMjSjcP.exe
  C:\Windows\System\BMjSjcP.exe
  2⤵
  PID:3408
- C:\Windows\System\VerbDZq.exe
  C:\Windows\System\VerbDZq.exe
  2⤵
  PID:3208
- C:\Windows\System\nnPnrCn.exe
  C:\Windows\System\nnPnrCn.exe
  2⤵
  PID:3240
- C:\Windows\System\AJPOjtK.exe
  C:\Windows\System\AJPOjtK.exe
  2⤵
  PID:4256
- C:\Windows\System\NhgjABH.exe
  C:\Windows\System\NhgjABH.exe
  2⤵
  PID:4300
- C:\Windows\System\vKVfDAc.exe
  C:\Windows\System\vKVfDAc.exe
  2⤵
  PID:4204
- C:\Windows\System\GBBQeEY.exe
  C:\Windows\System\GBBQeEY.exe
  2⤵
  PID:4268
- C:\Windows\System\dfFdBKi.exe
  C:\Windows\System\dfFdBKi.exe
  2⤵
  PID:4200
- C:\Windows\System\HRnFmnB.exe
  C:\Windows\System\HRnFmnB.exe
  2⤵
  PID:4316
- C:\Windows\System\DHUAJZk.exe
  C:\Windows\System\DHUAJZk.exe
  2⤵
  PID:1192
- C:\Windows\System\UTvasnb.exe
  C:\Windows\System\UTvasnb.exe
  2⤵
  PID:3424
- C:\Windows\System\eZnFodV.exe
  C:\Windows\System\eZnFodV.exe
  2⤵
  PID:4336
- C:\Windows\System\hXuGwgp.exe
  C:\Windows\System\hXuGwgp.exe
  2⤵
  PID:4368
- C:\Windows\System\hVpzvaG.exe
  C:\Windows\System\hVpzvaG.exe
  2⤵
  PID:4396
- C:\Windows\System\BIzsaZL.exe
  C:\Windows\System\BIzsaZL.exe
  2⤵
  PID:4456
- C:\Windows\System\vRwTlEp.exe
  C:\Windows\System\vRwTlEp.exe
  2⤵
  PID:4532
- C:\Windows\System\IAwgCRW.exe
  C:\Windows\System\IAwgCRW.exe
  2⤵
  PID:4508
- C:\Windows\System\rWqqBvI.exe
  C:\Windows\System\rWqqBvI.exe
  2⤵
  PID:4620
- C:\Windows\System\FKdsMyi.exe
  C:\Windows\System\FKdsMyi.exe
  2⤵
  PID:4660
- C:\Windows\System\jnNGlPy.exe
  C:\Windows\System\jnNGlPy.exe
  2⤵
  PID:4556
- C:\Windows\System\rrhshRf.exe
  C:\Windows\System\rrhshRf.exe
  2⤵
  PID:4600
- C:\Windows\System\PBwzZRO.exe
  C:\Windows\System\PBwzZRO.exe
  2⤵
  PID:4732
- C:\Windows\System\xkLoFTF.exe
  C:\Windows\System\xkLoFTF.exe
  2⤵
  PID:4776
- C:\Windows\System\LlWliLX.exe
  C:\Windows\System\LlWliLX.exe
  2⤵
  PID:4640
- C:\Windows\System\JwpNXNu.exe
  C:\Windows\System\JwpNXNu.exe
  2⤵
  PID:4636
- C:\Windows\System\tFSrWGs.exe
  C:\Windows\System\tFSrWGs.exe
  2⤵
  PID:4820
- C:\Windows\System\jjpEBUx.exe
  C:\Windows\System\jjpEBUx.exe
  2⤵
  PID:4860
- C:\Windows\System\JxfxWJd.exe
  C:\Windows\System\JxfxWJd.exe
  2⤵
  PID:4720
- C:\Windows\System\DGrBMWj.exe
  C:\Windows\System\DGrBMWj.exe
  2⤵
  PID:4968
- C:\Windows\System\AYBuldZ.exe
  C:\Windows\System\AYBuldZ.exe
  2⤵
  PID:4988
- C:\Windows\System\XJyjIEQ.exe
  C:\Windows\System\XJyjIEQ.exe
  2⤵
  PID:5020
- C:\Windows\System\XlvbVKt.exe
  C:\Windows\System\XlvbVKt.exe
  2⤵
  PID:4832
- C:\Windows\System\uvaChzx.exe
  C:\Windows\System\uvaChzx.exe
  2⤵
  PID:4872
- C:\Windows\System\lOGUKEI.exe
  C:\Windows\System\lOGUKEI.exe
  2⤵
  PID:3348
- C:\Windows\System\teuJOZo.exe
  C:\Windows\System\teuJOZo.exe
  2⤵
  PID:4152
- C:\Windows\System\BDXYFcA.exe
  C:\Windows\System\BDXYFcA.exe
  2⤵
  PID:5004
- C:\Windows\System\zKLBZSU.exe
  C:\Windows\System\zKLBZSU.exe
  2⤵
  PID:3372
- C:\Windows\System\YzMLZOR.exe
  C:\Windows\System\YzMLZOR.exe
  2⤵
  PID:4236
- C:\Windows\System\ohXdrUu.exe
  C:\Windows\System\ohXdrUu.exe
  2⤵
  PID:5112
- C:\Windows\System\LdCnsde.exe
  C:\Windows\System\LdCnsde.exe
  2⤵
  PID:3644
- C:\Windows\System\BdDusZo.exe
  C:\Windows\System\BdDusZo.exe
  2⤵
  PID:5076
- C:\Windows\System\fwbdDBJ.exe
  C:\Windows\System\fwbdDBJ.exe
  2⤵
  PID:4048
- C:\Windows\System\Ktlcthh.exe
  C:\Windows\System\Ktlcthh.exe
  2⤵
  PID:3300
- C:\Windows\System\aCEAQiM.exe
  C:\Windows\System\aCEAQiM.exe
  2⤵
  PID:4104
- C:\Windows\System\BHzIXtt.exe
  C:\Windows\System\BHzIXtt.exe
  2⤵
  PID:2148
- C:\Windows\System\aFhqOPx.exe
  C:\Windows\System\aFhqOPx.exe
  2⤵
  PID:4184
- C:\Windows\System\PIicJYZ.exe
  C:\Windows\System\PIicJYZ.exe
  2⤵
  PID:4344
- C:\Windows\System\OXXSjIe.exe
  C:\Windows\System\OXXSjIe.exe
  2⤵
  PID:4332
- C:\Windows\System\DYgZVWx.exe
  C:\Windows\System\DYgZVWx.exe
  2⤵
  PID:2588
- C:\Windows\System\EHdIDpd.exe
  C:\Windows\System\EHdIDpd.exe
  2⤵
  PID:1700
- C:\Windows\System\ooaOqJt.exe
  C:\Windows\System\ooaOqJt.exe
  2⤵
  PID:4408
- C:\Windows\System\kROvEnp.exe
  C:\Windows\System\kROvEnp.exe
  2⤵
  PID:4436
- C:\Windows\System\ixutllx.exe
  C:\Windows\System\ixutllx.exe
  2⤵
  PID:4380
- C:\Windows\System\pHNqbZh.exe
  C:\Windows\System\pHNqbZh.exe
  2⤵
  PID:4748
- C:\Windows\System\VwaFjwY.exe
  C:\Windows\System\VwaFjwY.exe
  2⤵
  PID:4492
- C:\Windows\System\lZkYlah.exe
  C:\Windows\System\lZkYlah.exe
  2⤵
  PID:4716
- C:\Windows\System\TKxnYxJ.exe
  C:\Windows\System\TKxnYxJ.exe
  2⤵
  PID:4616
- C:\Windows\System\jfmdsjL.exe
  C:\Windows\System\jfmdsjL.exe
  2⤵
  PID:4552
- C:\Windows\System\DCClOUv.exe
  C:\Windows\System\DCClOUv.exe
  2⤵
  PID:5016
- C:\Windows\System\IBVtUlm.exe
  C:\Windows\System\IBVtUlm.exe
  2⤵
  PID:3700
- C:\Windows\System\IVCpcbx.exe
  C:\Windows\System\IVCpcbx.exe
  2⤵
  PID:5104
- C:\Windows\System\YurxetO.exe
  C:\Windows\System\YurxetO.exe
  2⤵
  PID:4704
- C:\Windows\System\XmVgkBn.exe
  C:\Windows\System\XmVgkBn.exe
  2⤵
  PID:4676
- C:\Windows\System\NCmHESl.exe
  C:\Windows\System\NCmHESl.exe
  2⤵
  PID:4836
- C:\Windows\System\bhQOdue.exe
  C:\Windows\System\bhQOdue.exe
  2⤵
  PID:3316
- C:\Windows\System\xAzTmIE.exe
  C:\Windows\System\xAzTmIE.exe
  2⤵
  PID:4252
- C:\Windows\System\XmfSzyf.exe
  C:\Windows\System\XmfSzyf.exe
  2⤵
  PID:2804
- C:\Windows\System\pBmuzNe.exe
  C:\Windows\System\pBmuzNe.exe
  2⤵
  PID:4896
- C:\Windows\System\IjYdFlp.exe
  C:\Windows\System\IjYdFlp.exe
  2⤵
  PID:2120
- C:\Windows\System\WZaQtws.exe
  C:\Windows\System\WZaQtws.exe
  2⤵
  PID:4516
- C:\Windows\System\ajHZgBa.exe
  C:\Windows\System\ajHZgBa.exe
  2⤵
  PID:4328
- C:\Windows\System\DsiPDMy.exe
  C:\Windows\System\DsiPDMy.exe
  2⤵
  PID:2372
- C:\Windows\System\slcGNNN.exe
  C:\Windows\System\slcGNNN.exe
  2⤵
  PID:5116
- C:\Windows\System\iXnPBnN.exe
  C:\Windows\System\iXnPBnN.exe
  2⤵
  PID:5040
- C:\Windows\System\iFvAULR.exe
  C:\Windows\System\iFvAULR.exe
  2⤵
  PID:4816
- C:\Windows\System\qZVnRrw.exe
  C:\Windows\System\qZVnRrw.exe
  2⤵
  PID:5060
- C:\Windows\System\pCiGInW.exe
  C:\Windows\System\pCiGInW.exe
  2⤵
  PID:4596
- C:\Windows\System\CcPYxPi.exe
  C:\Windows\System\CcPYxPi.exe
  2⤵
  PID:4892
- C:\Windows\System\xFpaJut.exe
  C:\Windows\System\xFpaJut.exe
  2⤵
  PID:1520
- C:\Windows\System\koDspBH.exe
  C:\Windows\System\koDspBH.exe
  2⤵
  PID:4324
- C:\Windows\System\dZJsHKa.exe
  C:\Windows\System\dZJsHKa.exe
  2⤵
  PID:5124
- C:\Windows\System\kpbXclX.exe
  C:\Windows\System\kpbXclX.exe
  2⤵
  PID:5140
- C:\Windows\System\MwyyXzk.exe
  C:\Windows\System\MwyyXzk.exe
  2⤵
  PID:5156
- C:\Windows\System\JcVvJDX.exe
  C:\Windows\System\JcVvJDX.exe
  2⤵
  PID:5176
- C:\Windows\System\CUWPbLf.exe
  C:\Windows\System\CUWPbLf.exe
  2⤵
  PID:5192
- C:\Windows\System\GoLLkqF.exe
  C:\Windows\System\GoLLkqF.exe
  2⤵
  PID:5212
- C:\Windows\System\ZXuyMAo.exe
  C:\Windows\System\ZXuyMAo.exe
  2⤵
  PID:5240
- C:\Windows\System\swHnwag.exe
  C:\Windows\System\swHnwag.exe
  2⤵
  PID:5292
- C:\Windows\System\imjzHqf.exe
  C:\Windows\System\imjzHqf.exe
  2⤵
  PID:5312
- C:\Windows\System\LdtqBWp.exe
  C:\Windows\System\LdtqBWp.exe
  2⤵
  PID:5332
- C:\Windows\System\PSlzkIr.exe
  C:\Windows\System\PSlzkIr.exe
  2⤵
  PID:5352
- C:\Windows\System\RbzNQDy.exe
  C:\Windows\System\RbzNQDy.exe
  2⤵
  PID:5368
- C:\Windows\System\AmNiGoj.exe
  C:\Windows\System\AmNiGoj.exe
  2⤵
  PID:5392
- C:\Windows\System\vWrpiCj.exe
  C:\Windows\System\vWrpiCj.exe
  2⤵
  PID:5412
- C:\Windows\System\FWflaMu.exe
  C:\Windows\System\FWflaMu.exe
  2⤵
  PID:5436
- C:\Windows\System\kvDPBRR.exe
  C:\Windows\System\kvDPBRR.exe
  2⤵
  PID:5452
- C:\Windows\System\rbVBjYn.exe
  C:\Windows\System\rbVBjYn.exe
  2⤵
  PID:5468
- C:\Windows\System\PYmkYAb.exe
  C:\Windows\System\PYmkYAb.exe
  2⤵
  PID:5484
- C:\Windows\System\KRlMbVV.exe
  C:\Windows\System\KRlMbVV.exe
  2⤵
  PID:5500
- C:\Windows\System\ILiEgQM.exe
  C:\Windows\System\ILiEgQM.exe
  2⤵
  PID:5516
- C:\Windows\System\tRIhdgw.exe
  C:\Windows\System\tRIhdgw.exe
  2⤵
  PID:5532
- C:\Windows\System\KnGhWoX.exe
  C:\Windows\System\KnGhWoX.exe
  2⤵
  PID:5552
- C:\Windows\System\BQxLrbh.exe
  C:\Windows\System\BQxLrbh.exe
  2⤵
  PID:5568
- C:\Windows\System\RBhZoXS.exe
  C:\Windows\System\RBhZoXS.exe
  2⤵
  PID:5584
- C:\Windows\System\ThwPVQt.exe
  C:\Windows\System\ThwPVQt.exe
  2⤵
  PID:5616
- C:\Windows\System\RykbbOh.exe
  C:\Windows\System\RykbbOh.exe
  2⤵
  PID:5636
- C:\Windows\System\CLOPIXh.exe
  C:\Windows\System\CLOPIXh.exe
  2⤵
  PID:5656
- C:\Windows\System\dNAwSLO.exe
  C:\Windows\System\dNAwSLO.exe
  2⤵
  PID:5680
- C:\Windows\System\lZWoxPW.exe
  C:\Windows\System\lZWoxPW.exe
  2⤵
  PID:5700
- C:\Windows\System\urSWsMx.exe
  C:\Windows\System\urSWsMx.exe
  2⤵
  PID:5720
- C:\Windows\System\ujJdtYq.exe
  C:\Windows\System\ujJdtYq.exe
  2⤵
  PID:5736
- C:\Windows\System\NfjcuEK.exe
  C:\Windows\System\NfjcuEK.exe
  2⤵
  PID:5760
- C:\Windows\System\DgbEGJY.exe
  C:\Windows\System\DgbEGJY.exe
  2⤵
  PID:5776
- C:\Windows\System\CHumFYm.exe
  C:\Windows\System\CHumFYm.exe
  2⤵
  PID:5792
- C:\Windows\System\bFJMXCe.exe
  C:\Windows\System\bFJMXCe.exe
  2⤵
  PID:5824
- C:\Windows\System\GNupPHb.exe
  C:\Windows\System\GNupPHb.exe
  2⤵
  PID:5852
- C:\Windows\System\DnFVuhX.exe
  C:\Windows\System\DnFVuhX.exe
  2⤵
  PID:5868
- C:\Windows\System\OXRgUUp.exe
  C:\Windows\System\OXRgUUp.exe
  2⤵
  PID:5884
- C:\Windows\System\DrRMgqd.exe
  C:\Windows\System\DrRMgqd.exe
  2⤵
  PID:5904
- C:\Windows\System\mLctMNW.exe
  C:\Windows\System\mLctMNW.exe
  2⤵
  PID:5920
- C:\Windows\System\FjHhWgz.exe
  C:\Windows\System\FjHhWgz.exe
  2⤵
  PID:5936
- C:\Windows\System\MRfHzfT.exe
  C:\Windows\System\MRfHzfT.exe
  2⤵
  PID:5964
- C:\Windows\System\lKPOkOa.exe
  C:\Windows\System\lKPOkOa.exe
  2⤵
  PID:5984
- C:\Windows\System\MNzoPaW.exe
  C:\Windows\System\MNzoPaW.exe
  2⤵
  PID:6000
- C:\Windows\System\WgjhfFJ.exe
  C:\Windows\System\WgjhfFJ.exe
  2⤵
  PID:6016
- C:\Windows\System\gTfItTf.exe
  C:\Windows\System\gTfItTf.exe
  2⤵
  PID:6040
- C:\Windows\System\VeRBXwh.exe
  C:\Windows\System\VeRBXwh.exe
  2⤵
  PID:6056
- C:\Windows\System\gpORsDr.exe
  C:\Windows\System\gpORsDr.exe
  2⤵
  PID:6076
- C:\Windows\System\UDlTIyw.exe
  C:\Windows\System\UDlTIyw.exe
  2⤵
  PID:6092
- C:\Windows\System\ZaPkOdA.exe
  C:\Windows\System\ZaPkOdA.exe
  2⤵
  PID:6108
- C:\Windows\System\UnFdtCo.exe
  C:\Windows\System\UnFdtCo.exe
  2⤵
  PID:6124
- C:\Windows\System\udRuMLn.exe
  C:\Windows\System\udRuMLn.exe
  2⤵
  PID:6140
- C:\Windows\System\YKOHdRT.exe
  C:\Windows\System\YKOHdRT.exe
  2⤵
  PID:1496
- C:\Windows\System\miJXFXs.exe
  C:\Windows\System\miJXFXs.exe
  2⤵
  PID:1544
- C:\Windows\System\dSZjvNK.exe
  C:\Windows\System\dSZjvNK.exe
  2⤵
  PID:4576
- C:\Windows\System\JjsxQSm.exe
  C:\Windows\System\JjsxQSm.exe
  2⤵
  PID:3396
- C:\Windows\System\kmAUtRa.exe
  C:\Windows\System\kmAUtRa.exe
  2⤵
  PID:4804
- C:\Windows\System\YfSktnf.exe
  C:\Windows\System\YfSktnf.exe
  2⤵
  PID:4504
- C:\Windows\System\hxVZnfq.exe
  C:\Windows\System\hxVZnfq.exe
  2⤵
  PID:4740
- C:\Windows\System\lFHyvKh.exe
  C:\Windows\System\lFHyvKh.exe
  2⤵
  PID:3612
- C:\Windows\System\ZHHWjew.exe
  C:\Windows\System\ZHHWjew.exe
  2⤵
  PID:5168
- C:\Windows\System\zdKXlzm.exe
  C:\Windows\System\zdKXlzm.exe
  2⤵
  PID:5208
- C:\Windows\System\PyLBJuI.exe
  C:\Windows\System\PyLBJuI.exe
  2⤵
  PID:5248
- C:\Windows\System\hdHsfLK.exe
  C:\Windows\System\hdHsfLK.exe
  2⤵
  PID:5264
- C:\Windows\System\MLFlNdk.exe
  C:\Windows\System\MLFlNdk.exe
  2⤵
  PID:2828
- C:\Windows\System\vUUVQdA.exe
  C:\Windows\System\vUUVQdA.exe
  2⤵
  PID:5300
- C:\Windows\System\cUEPRFl.exe
  C:\Windows\System\cUEPRFl.exe
  2⤵
  PID:5340
- C:\Windows\System\QtJBiYq.exe
  C:\Windows\System\QtJBiYq.exe
  2⤵
  PID:5344
- C:\Windows\System\OHisTRi.exe
  C:\Windows\System\OHisTRi.exe
  2⤵
  PID:5424
- C:\Windows\System\GMrfdQm.exe
  C:\Windows\System\GMrfdQm.exe
  2⤵
  PID:5464
- C:\Windows\System\jbodbaJ.exe
  C:\Windows\System\jbodbaJ.exe
  2⤵
  PID:5528
- C:\Windows\System\RiGEMFB.exe
  C:\Windows\System\RiGEMFB.exe
  2⤵
  PID:5324
- C:\Windows\System\lzEqeGW.exe
  C:\Windows\System\lzEqeGW.exe
  2⤵
  PID:2308
- C:\Windows\System\PdIvsFI.exe
  C:\Windows\System\PdIvsFI.exe
  2⤵
  PID:5592
- C:\Windows\System\APaSdkQ.exe
  C:\Windows\System\APaSdkQ.exe
  2⤵
  PID:5612
- C:\Windows\System\xaaqLnp.exe
  C:\Windows\System\xaaqLnp.exe
  2⤵
  PID:5652
- C:\Windows\System\KYBqrWr.exe
  C:\Windows\System\KYBqrWr.exe
  2⤵
  PID:5728
- C:\Windows\System\YFHwuQg.exe
  C:\Windows\System\YFHwuQg.exe
  2⤵
  PID:5512
- C:\Windows\System\KMVRVBu.exe
  C:\Windows\System\KMVRVBu.exe
  2⤵
  PID:5476
- C:\Windows\System\lAEDoZl.exe
  C:\Windows\System\lAEDoZl.exe
  2⤵
  PID:5772
- C:\Windows\System\neIEyrc.exe
  C:\Windows\System\neIEyrc.exe
  2⤵
  PID:5812
- C:\Windows\System\sSeCCKX.exe
  C:\Windows\System\sSeCCKX.exe
  2⤵
  PID:5864
- C:\Windows\System\LFaSDat.exe
  C:\Windows\System\LFaSDat.exe
  2⤵
  PID:5932
- C:\Windows\System\iXUtbjO.exe
  C:\Windows\System\iXUtbjO.exe
  2⤵
  PID:6052
- C:\Windows\System\rODsgCT.exe
  C:\Windows\System\rODsgCT.exe
  2⤵
  PID:6116
- C:\Windows\System\MFqWypd.exe
  C:\Windows\System\MFqWypd.exe
  2⤵
  PID:5672
- C:\Windows\System\euGKwfl.exe
  C:\Windows\System\euGKwfl.exe
  2⤵
  PID:5716
- C:\Windows\System\vvejapG.exe
  C:\Windows\System\vvejapG.exe
  2⤵
  PID:4852
- C:\Windows\System\cOQeztj.exe
  C:\Windows\System\cOQeztj.exe
  2⤵
  PID:5748
- C:\Windows\System\WQVnHRu.exe
  C:\Windows\System\WQVnHRu.exe
  2⤵
  PID:4420
- C:\Windows\System\vcVmyJo.exe
  C:\Windows\System\vcVmyJo.exe
  2⤵
  PID:5148
- C:\Windows\System\bjLZwRK.exe
  C:\Windows\System\bjLZwRK.exe
  2⤵
  PID:5844
- C:\Windows\System\GdWvpaT.exe
  C:\Windows\System\GdWvpaT.exe
  2⤵
  PID:6104
- C:\Windows\System\IfDlNxN.exe
  C:\Windows\System\IfDlNxN.exe
  2⤵
  PID:4952
- C:\Windows\System\XyRblfY.exe
  C:\Windows\System\XyRblfY.exe
  2⤵
  PID:5092
- C:\Windows\System\QVIecLO.exe
  C:\Windows\System\QVIecLO.exe
  2⤵
  PID:5880
- C:\Windows\System\RTFEIvN.exe
  C:\Windows\System\RTFEIvN.exe
  2⤵
  PID:5996
- C:\Windows\System\aqiEnyX.exe
  C:\Windows\System\aqiEnyX.exe
  2⤵
  PID:4696
- C:\Windows\System\zgiBSLs.exe
  C:\Windows\System\zgiBSLs.exe
  2⤵
  PID:5164
- C:\Windows\System\jzurChj.exe
  C:\Windows\System\jzurChj.exe
  2⤵
  PID:5204
- C:\Windows\System\yIJcSFA.exe
  C:\Windows\System\yIJcSFA.exe
  2⤵
  PID:1772
- C:\Windows\System\dVushAh.exe
  C:\Windows\System\dVushAh.exe
  2⤵
  PID:644
- C:\Windows\System\aPMARKn.exe
  C:\Windows\System\aPMARKn.exe
  2⤵
  PID:5256
- C:\Windows\System\koFeRoO.exe
  C:\Windows\System\koFeRoO.exe
  2⤵
  PID:1140
- C:\Windows\System\eVwZAkP.exe
  C:\Windows\System\eVwZAkP.exe
  2⤵
  PID:1256
- C:\Windows\System\kbrPHwR.exe
  C:\Windows\System\kbrPHwR.exe
  2⤵
  PID:5604
- C:\Windows\System\ARFbUUx.exe
  C:\Windows\System\ARFbUUx.exe
  2⤵
  PID:5260
- C:\Windows\System\DVhsiFI.exe
  C:\Windows\System\DVhsiFI.exe
  2⤵
  PID:5480
- C:\Windows\System\IJmtlvx.exe
  C:\Windows\System\IJmtlvx.exe
  2⤵
  PID:5508
- C:\Windows\System\JdxuBRU.exe
  C:\Windows\System\JdxuBRU.exe
  2⤵
  PID:5808
- C:\Windows\System\JBMLiRQ.exe
  C:\Windows\System\JBMLiRQ.exe
  2⤵
  PID:5928
- C:\Windows\System\XzJSCpp.exe
  C:\Windows\System\XzJSCpp.exe
  2⤵
  PID:5768
- C:\Windows\System\bpSxjsD.exe
  C:\Windows\System\bpSxjsD.exe
  2⤵
  PID:2536
- C:\Windows\System\rcGOrUJ.exe
  C:\Windows\System\rcGOrUJ.exe
  2⤵
  PID:2316
- C:\Windows\System\xKAaCDE.exe
  C:\Windows\System\xKAaCDE.exe
  2⤵
  PID:5960
- C:\Windows\System\AxnMCqC.exe
  C:\Windows\System\AxnMCqC.exe
  2⤵
  PID:6068
- C:\Windows\System\BQJgfpA.exe
  C:\Windows\System\BQJgfpA.exe
  2⤵
  PID:2548
- C:\Windows\System\OpGRsbw.exe
  C:\Windows\System\OpGRsbw.exe
  2⤵
  PID:5400
- C:\Windows\System\nhqPmWn.exe
  C:\Windows\System\nhqPmWn.exe
  2⤵
  PID:1704
- C:\Windows\System\zEsejIK.exe
  C:\Windows\System\zEsejIK.exe
  2⤵
  PID:1308
- C:\Windows\System\PKgvlzB.exe
  C:\Windows\System\PKgvlzB.exe
  2⤵
  PID:2784
- C:\Windows\System\IjkeSRT.exe
  C:\Windows\System\IjkeSRT.exe
  2⤵
  PID:2980
- C:\Windows\System\QWdRwoP.exe
  C:\Windows\System\QWdRwoP.exe
  2⤵
  PID:5632
- C:\Windows\System\eptyxbn.exe
  C:\Windows\System\eptyxbn.exe
  2⤵
  PID:4364
- C:\Windows\System\zXyJMBY.exe
  C:\Windows\System\zXyJMBY.exe
  2⤵
  PID:2884
- C:\Windows\System\JsCyjEC.exe
  C:\Windows\System\JsCyjEC.exe
  2⤵
  PID:6136
- C:\Windows\System\zkkSOfC.exe
  C:\Windows\System\zkkSOfC.exe
  2⤵
  PID:5948
- C:\Windows\System\rQpjIIH.exe
  C:\Windows\System\rQpjIIH.exe
  2⤵
  PID:2384
- C:\Windows\System\Wpyzftn.exe
  C:\Windows\System\Wpyzftn.exe
  2⤵
  PID:2556
- C:\Windows\System\dsRMVcX.exe
  C:\Windows\System\dsRMVcX.exe
  2⤵
  PID:2836
- C:\Windows\System\xqzcaeG.exe
  C:\Windows\System\xqzcaeG.exe
  2⤵
  PID:5132
- C:\Windows\System\HyMYcnC.exe
  C:\Windows\System\HyMYcnC.exe
  2⤵
  PID:5044
- C:\Windows\System\HNDZWTd.exe
  C:\Windows\System\HNDZWTd.exe
  2⤵
  PID:5376
- C:\Windows\System\GvWNIRw.exe
  C:\Windows\System\GvWNIRw.exe
  2⤵
  PID:5496
- C:\Windows\System\cnbeCDM.exe
  C:\Windows\System\cnbeCDM.exe
  2⤵
  PID:5404
- C:\Windows\System\mtqXrdV.exe
  C:\Windows\System\mtqXrdV.exe
  2⤵
  PID:5644
- C:\Windows\System\LsWynsC.exe
  C:\Windows\System\LsWynsC.exe
  2⤵
  PID:5696
- C:\Windows\System\eBuusJV.exe
  C:\Windows\System\eBuusJV.exe
  2⤵
  PID:5804
- C:\Windows\System\ZzycRcJ.exe
  C:\Windows\System\ZzycRcJ.exe
  2⤵
  PID:5820
- C:\Windows\System\jwGZvpS.exe
  C:\Windows\System\jwGZvpS.exe
  2⤵
  PID:5744
- C:\Windows\System\MoyySwH.exe
  C:\Windows\System\MoyySwH.exe
  2⤵
  PID:1764
- C:\Windows\System\ZbYhkGE.exe
  C:\Windows\System\ZbYhkGE.exe
  2⤵
  PID:1560
- C:\Windows\System\xleFBBk.exe
  C:\Windows\System\xleFBBk.exe
  2⤵
  PID:5460
- C:\Windows\System\byIiWwQ.exe
  C:\Windows\System\byIiWwQ.exe
  2⤵
  PID:2380
- C:\Windows\System\OSaJOkp.exe
  C:\Windows\System\OSaJOkp.exe
  2⤵
  PID:1836
- C:\Windows\System\vxVElrF.exe
  C:\Windows\System\vxVElrF.exe
  2⤵
  PID:6012
- C:\Windows\System\ATkHRSt.exe
  C:\Windows\System\ATkHRSt.exe
  2⤵
  PID:5236
- C:\Windows\System\mzCzjcC.exe
  C:\Windows\System\mzCzjcC.exe
  2⤵
  PID:4140
- C:\Windows\System\aRjTWRm.exe
  C:\Windows\System\aRjTWRm.exe
  2⤵
  PID:1660
- C:\Windows\System\WqgakPW.exe
  C:\Windows\System\WqgakPW.exe
  2⤵
  PID:2276
- C:\Windows\System\RlzqSpP.exe
  C:\Windows\System\RlzqSpP.exe
  2⤵
  PID:2988
- C:\Windows\System\ezdkfoV.exe
  C:\Windows\System\ezdkfoV.exe
  2⤵
  PID:2832
- C:\Windows\System\AyENuEn.exe
  C:\Windows\System\AyENuEn.exe
  2⤵
  PID:5900
- C:\Windows\System\BStLoWZ.exe
  C:\Windows\System\BStLoWZ.exe
  2⤵
  PID:6064
- C:\Windows\System\UbWoqnf.exe
  C:\Windows\System\UbWoqnf.exe
  2⤵
  PID:5956
- C:\Windows\System\UFPEiFD.exe
  C:\Windows\System\UFPEiFD.exe
  2⤵
  PID:2504
- C:\Windows\System\AwAeApM.exe
  C:\Windows\System\AwAeApM.exe
  2⤵
  PID:5752
- C:\Windows\System\iNPDlet.exe
  C:\Windows\System\iNPDlet.exe
  2⤵
  PID:5876
- C:\Windows\System\fGHaSzw.exe
  C:\Windows\System\fGHaSzw.exe
  2⤵
  PID:4072
- C:\Windows\System\IZSXIDF.exe
  C:\Windows\System\IZSXIDF.exe
  2⤵
  PID:2532
- C:\Windows\System\ebXtHfH.exe
  C:\Windows\System\ebXtHfH.exe
  2⤵
  PID:2008
- C:\Windows\System\NJfIWNb.exe
  C:\Windows\System\NJfIWNb.exe
  2⤵
  PID:6156
- C:\Windows\System\gpcxMlh.exe
  C:\Windows\System\gpcxMlh.exe
  2⤵
  PID:6172
- C:\Windows\System\jMFryys.exe
  C:\Windows\System\jMFryys.exe
  2⤵
  PID:6188
- C:\Windows\System\JaHbIFh.exe
  C:\Windows\System\JaHbIFh.exe
  2⤵
  PID:6208
- C:\Windows\System\TcJYYIU.exe
  C:\Windows\System\TcJYYIU.exe
  2⤵
  PID:6248
- C:\Windows\System\xLahPcm.exe
  C:\Windows\System\xLahPcm.exe
  2⤵
  PID:6268
- C:\Windows\System\KmoZuXO.exe
  C:\Windows\System\KmoZuXO.exe
  2⤵
  PID:6284
- C:\Windows\System\BuhePrE.exe
  C:\Windows\System\BuhePrE.exe
  2⤵
  PID:6300
- C:\Windows\System\qVnYXoo.exe
  C:\Windows\System\qVnYXoo.exe
  2⤵
  PID:6316
- C:\Windows\System\stdaHjo.exe
  C:\Windows\System\stdaHjo.exe
  2⤵
  PID:6336
- C:\Windows\System\sCepWmM.exe
  C:\Windows\System\sCepWmM.exe
  2⤵
  PID:6360
- C:\Windows\System\rsewpBt.exe
  C:\Windows\System\rsewpBt.exe
  2⤵
  PID:6376
- C:\Windows\System\OihvBfZ.exe
  C:\Windows\System\OihvBfZ.exe
  2⤵
  PID:6392
- C:\Windows\System\DdzyqIk.exe
  C:\Windows\System\DdzyqIk.exe
  2⤵
  PID:6408
- C:\Windows\System\selHHDz.exe
  C:\Windows\System\selHHDz.exe
  2⤵
  PID:6432
- C:\Windows\System\JyiorJv.exe
  C:\Windows\System\JyiorJv.exe
  2⤵
  PID:6484
- C:\Windows\System\EThtopg.exe
  C:\Windows\System\EThtopg.exe
  2⤵
  PID:6500
- C:\Windows\System\LgJPmfs.exe
  C:\Windows\System\LgJPmfs.exe
  2⤵
  PID:6516
- C:\Windows\System\yNFPQIy.exe
  C:\Windows\System\yNFPQIy.exe
  2⤵
  PID:6536
- C:\Windows\System\CleQspF.exe
  C:\Windows\System\CleQspF.exe
  2⤵
  PID:6556
- C:\Windows\System\HnUbtTL.exe
  C:\Windows\System\HnUbtTL.exe
  2⤵
  PID:6572
- C:\Windows\System\rLLTeJS.exe
  C:\Windows\System\rLLTeJS.exe
  2⤵
  PID:6596
- C:\Windows\System\enNSBbB.exe
  C:\Windows\System\enNSBbB.exe
  2⤵
  PID:6612
- C:\Windows\System\ADAHWgh.exe
  C:\Windows\System\ADAHWgh.exe
  2⤵
  PID:6632
- C:\Windows\System\LjuVPWJ.exe
  C:\Windows\System\LjuVPWJ.exe
  2⤵
  PID:6652
- C:\Windows\System\EfzlYEj.exe
  C:\Windows\System\EfzlYEj.exe
  2⤵
  PID:6668
- C:\Windows\System\aquzgHD.exe
  C:\Windows\System\aquzgHD.exe
  2⤵
  PID:6692
- C:\Windows\System\lALCxQV.exe
  C:\Windows\System\lALCxQV.exe
  2⤵
  PID:6708
- C:\Windows\System\jWtUIFl.exe
  C:\Windows\System\jWtUIFl.exe
  2⤵
  PID:6724
- C:\Windows\System\vhgjLPp.exe
  C:\Windows\System\vhgjLPp.exe
  2⤵
  PID:6740
- C:\Windows\System\BZgJIWV.exe
  C:\Windows\System\BZgJIWV.exe
  2⤵
  PID:6756
- C:\Windows\System\HuSLKAY.exe
  C:\Windows\System\HuSLKAY.exe
  2⤵
  PID:6776
- C:\Windows\System\FrpxiFb.exe
  C:\Windows\System\FrpxiFb.exe
  2⤵
  PID:6792
- C:\Windows\System\WCdPNYn.exe
  C:\Windows\System\WCdPNYn.exe
  2⤵
  PID:6816
- C:\Windows\System\MHzMyNk.exe
  C:\Windows\System\MHzMyNk.exe
  2⤵
  PID:6844
- C:\Windows\System\EghREac.exe
  C:\Windows\System\EghREac.exe
  2⤵
  PID:6860
- C:\Windows\System\sMhmLnx.exe
  C:\Windows\System\sMhmLnx.exe
  2⤵
  PID:6884
- C:\Windows\System\snxYaCd.exe
  C:\Windows\System\snxYaCd.exe
  2⤵
  PID:6908
- C:\Windows\System\pHsmhkB.exe
  C:\Windows\System\pHsmhkB.exe
  2⤵
  PID:6956
- C:\Windows\System\wmasIbo.exe
  C:\Windows\System\wmasIbo.exe
  2⤵
  PID:6972
- C:\Windows\System\PpoJAQP.exe
  C:\Windows\System\PpoJAQP.exe
  2⤵
  PID:6988
- C:\Windows\System\HcHBnUR.exe
  C:\Windows\System\HcHBnUR.exe
  2⤵
  PID:7004
- C:\Windows\System\cqxEnNg.exe
  C:\Windows\System\cqxEnNg.exe
  2⤵
  PID:7020
- C:\Windows\System\XClMkui.exe
  C:\Windows\System\XClMkui.exe
  2⤵
  PID:7036
- C:\Windows\System\qPGWdkd.exe
  C:\Windows\System\qPGWdkd.exe
  2⤵
  PID:7052
- C:\Windows\System\DHejibD.exe
  C:\Windows\System\DHejibD.exe
  2⤵
  PID:7072
- C:\Windows\System\ajksiYo.exe
  C:\Windows\System\ajksiYo.exe
  2⤵
  PID:7092
- C:\Windows\System\LWgnibF.exe
  C:\Windows\System\LWgnibF.exe
  2⤵
  PID:7132
- C:\Windows\System\pPcQAxh.exe
  C:\Windows\System\pPcQAxh.exe
  2⤵
  PID:7148
- C:\Windows\System\DYUzSPJ.exe
  C:\Windows\System\DYUzSPJ.exe
  2⤵
  PID:4304
- C:\Windows\System\IfUWEnj.exe
  C:\Windows\System\IfUWEnj.exe
  2⤵
  PID:5832
- C:\Windows\System\BOdVuzp.exe
  C:\Windows\System\BOdVuzp.exe
  2⤵
  PID:6180
- C:\Windows\System\SYnJtFn.exe
  C:\Windows\System\SYnJtFn.exe
  2⤵
  PID:6224
- C:\Windows\System\uUoTwKX.exe
  C:\Windows\System\uUoTwKX.exe
  2⤵
  PID:6240
- C:\Windows\System\NBFzqSE.exe
  C:\Windows\System\NBFzqSE.exe
  2⤵
  PID:6308
- C:\Windows\System\ibYeiFg.exe
  C:\Windows\System\ibYeiFg.exe
  2⤵
  PID:5712
- C:\Windows\System\LJYNihG.exe
  C:\Windows\System\LJYNihG.exe
  2⤵
  PID:6348
- C:\Windows\System\qAMwxiN.exe
  C:\Windows\System\qAMwxiN.exe
  2⤵
  PID:6416
- C:\Windows\System\zUOgCcJ.exe
  C:\Windows\System\zUOgCcJ.exe
  2⤵
  PID:6204
- C:\Windows\System\GFvreQE.exe
  C:\Windows\System\GFvreQE.exe
  2⤵
  PID:6164
- C:\Windows\System\piAkYfU.exe
  C:\Windows\System\piAkYfU.exe
  2⤵
  PID:6332
- C:\Windows\System\qGyOIyK.exe
  C:\Windows\System\qGyOIyK.exe
  2⤵
  PID:6404
- C:\Windows\System\RzSKXLZ.exe
  C:\Windows\System\RzSKXLZ.exe
  2⤵
  PID:6492
- C:\Windows\System\WbRjWpT.exe
  C:\Windows\System\WbRjWpT.exe
  2⤵
  PID:6564
- C:\Windows\System\rpKBdHc.exe
  C:\Windows\System\rpKBdHc.exe
  2⤵
  PID:6452
- C:\Windows\System\OEFMVih.exe
  C:\Windows\System\OEFMVih.exe
  2⤵
  PID:6468
- C:\Windows\System\ulXzHAu.exe
  C:\Windows\System\ulXzHAu.exe
  2⤵
  PID:6648
- C:\Windows\System\oryUdpO.exe
  C:\Windows\System\oryUdpO.exe
  2⤵
  PID:2400
- C:\Windows\System\buCvFkn.exe
  C:\Windows\System\buCvFkn.exe
  2⤵
  PID:6720
- C:\Windows\System\qDjTNsX.exe
  C:\Windows\System\qDjTNsX.exe
  2⤵
  PID:6784
- C:\Windows\System\gDtwlzi.exe
  C:\Windows\System\gDtwlzi.exe
  2⤵
  PID:6832
- C:\Windows\System\vktkfAT.exe
  C:\Windows\System\vktkfAT.exe
  2⤵
  PID:6872
- C:\Windows\System\PwfWQyN.exe
  C:\Windows\System\PwfWQyN.exe
  2⤵
  PID:6924
- C:\Windows\System\wsLFldO.exe
  C:\Windows\System\wsLFldO.exe
  2⤵
  PID:6940
- C:\Windows\System\kOnXqdZ.exe
  C:\Windows\System\kOnXqdZ.exe
  2⤵
  PID:6512
- C:\Windows\System\uRwKxHQ.exe
  C:\Windows\System\uRwKxHQ.exe
  2⤵
  PID:6580
- C:\Windows\System\YdjjThZ.exe
  C:\Windows\System\YdjjThZ.exe
  2⤵
  PID:6628
- C:\Windows\System\AAxfbdO.exe
  C:\Windows\System\AAxfbdO.exe
  2⤵
  PID:6704
- C:\Windows\System\hQiyjwM.exe
  C:\Windows\System\hQiyjwM.exe
  2⤵
  PID:6768
- C:\Windows\System\akxxLXq.exe
  C:\Windows\System\akxxLXq.exe
  2⤵
  PID:6920
- C:\Windows\System\flEtqFY.exe
  C:\Windows\System\flEtqFY.exe
  2⤵
  PID:7084
- C:\Windows\System\KMYXcAb.exe
  C:\Windows\System\KMYXcAb.exe
  2⤵
  PID:6964
- C:\Windows\System\GJbrzlY.exe
  C:\Windows\System\GJbrzlY.exe
  2⤵
  PID:7000
- C:\Windows\System\wTREwap.exe
  C:\Windows\System\wTREwap.exe
  2⤵
  PID:5232
- C:\Windows\System\pqUEyay.exe
  C:\Windows\System\pqUEyay.exe
  2⤵
  PID:7108
- C:\Windows\System\KOEBLnP.exe
  C:\Windows\System\KOEBLnP.exe
  2⤵
  PID:6216
- C:\Windows\System\qcQCedM.exe
  C:\Windows\System\qcQCedM.exe
  2⤵
  PID:7160
- C:\Windows\System\nDgtsOo.exe
  C:\Windows\System\nDgtsOo.exe
  2⤵
  PID:2220
- C:\Windows\System\IXPhBwQ.exe
  C:\Windows\System\IXPhBwQ.exe
  2⤵
  PID:5288
- C:\Windows\System\kFmjGcT.exe
  C:\Windows\System\kFmjGcT.exe
  2⤵
  PID:6356
- C:\Windows\System\lHnGHNd.exe
  C:\Windows\System\lHnGHNd.exe
  2⤵
  PID:6424
- C:\Windows\System\fAZPbHp.exe
  C:\Windows\System\fAZPbHp.exe
  2⤵
  PID:5668
- C:\Windows\System\ClIBIXQ.exe
  C:\Windows\System\ClIBIXQ.exe
  2⤵
  PID:6260
- C:\Windows\System\lzNxNEF.exe
  C:\Windows\System\lzNxNEF.exe
  2⤵
  PID:2136
- C:\Windows\System\wEBbSMx.exe
  C:\Windows\System\wEBbSMx.exe
  2⤵
  PID:6264
- C:\Windows\System\WYBwGJH.exe
  C:\Windows\System\WYBwGJH.exe
  2⤵
  PID:6644
- C:\Windows\System\IXkGkwl.exe
  C:\Windows\System\IXkGkwl.exe
  2⤵
  PID:6748
- C:\Windows\System\sIwGjdv.exe
  C:\Windows\System\sIwGjdv.exe
  2⤵
  PID:6932
- C:\Windows\System\kRJJFtb.exe
  C:\Windows\System\kRJJFtb.exe
  2⤵
  PID:6688
- C:\Windows\System\WKREUYC.exe
  C:\Windows\System\WKREUYC.exe
  2⤵
  PID:6716
- C:\Windows\System\pvjHnlB.exe
  C:\Windows\System\pvjHnlB.exe
  2⤵
  PID:6812
- C:\Windows\System\DTWvfYj.exe
  C:\Windows\System\DTWvfYj.exe
  2⤵
  PID:6624
- C:\Windows\System\QWfUpoV.exe
  C:\Windows\System\QWfUpoV.exe
  2⤵
  PID:6736
- C:\Windows\System\rcXWGxI.exe
  C:\Windows\System\rcXWGxI.exe
  2⤵
  PID:6808
- C:\Windows\System\fdpByJz.exe
  C:\Windows\System\fdpByJz.exe
  2⤵
  PID:1960
- C:\Windows\System\mQtBkFJ.exe
  C:\Windows\System\mQtBkFJ.exe
  2⤵
  PID:6904
- C:\Windows\System\zFUtATI.exe
  C:\Windows\System\zFUtATI.exe
  2⤵
  PID:7012
- C:\Windows\System\zqqKUwO.exe
  C:\Windows\System\zqqKUwO.exe
  2⤵
  PID:7044
- C:\Windows\System\AJrFYmx.exe
  C:\Windows\System\AJrFYmx.exe
  2⤵
  PID:656
- C:\Windows\System\UZXKTMs.exe
  C:\Windows\System\UZXKTMs.exe
  2⤵
  PID:6968
- C:\Windows\System\dxbRlEG.exe
  C:\Windows\System\dxbRlEG.exe
  2⤵
  PID:7060
- C:\Windows\System\biyaOdy.exe
  C:\Windows\System\biyaOdy.exe
  2⤵
  PID:7124
- C:\Windows\System\eCutMRK.exe
  C:\Windows\System\eCutMRK.exe
  2⤵
  PID:7156
- C:\Windows\System\KjhCCEU.exe
  C:\Windows\System\KjhCCEU.exe
  2⤵
  PID:6236
- C:\Windows\System\qUNvtFu.exe
  C:\Windows\System\qUNvtFu.exe
  2⤵
  PID:6344
- C:\Windows\System\taJOhJD.exe
  C:\Windows\System\taJOhJD.exe
  2⤵
  PID:6296
- C:\Windows\System\ihbXwfr.exe
  C:\Windows\System\ihbXwfr.exe
  2⤵
  PID:1484
- C:\Windows\System\yvFljRh.exe
  C:\Windows\System\yvFljRh.exe
  2⤵
  PID:764
- C:\Windows\System\RZjOsdP.exe
  C:\Windows\System\RZjOsdP.exe
  2⤵
  PID:4360
- C:\Windows\System\bEHkGhT.exe
  C:\Windows\System\bEHkGhT.exe
  2⤵
  PID:6476
- C:\Windows\System\knHXoyI.exe
  C:\Windows\System\knHXoyI.exe
  2⤵
  PID:6840
- C:\Windows\System\VkwsrgL.exe
  C:\Windows\System\VkwsrgL.exe
  2⤵
  PID:6944
- C:\Windows\System\xqgJGNG.exe
  C:\Windows\System\xqgJGNG.exe
  2⤵
  PID:1720
- C:\Windows\System\NLInCzY.exe
  C:\Windows\System\NLInCzY.exe
  2⤵
  PID:6028
- C:\Windows\System\ocahVYj.exe
  C:\Windows\System\ocahVYj.exe
  2⤵
  PID:7032
- C:\Windows\System\XVQnSKa.exe
  C:\Windows\System\XVQnSKa.exe
  2⤵
  PID:7128
- C:\Windows\System\HDklVif.exe
  C:\Windows\System\HDklVif.exe
  2⤵
  PID:5836
- C:\Windows\System\xLaSaNo.exe
  C:\Windows\System\xLaSaNo.exe
  2⤵
  PID:6496
- C:\Windows\System\jUCTOTz.exe
  C:\Windows\System\jUCTOTz.exe
  2⤵
  PID:7068
- C:\Windows\System\IZSeAgR.exe
  C:\Windows\System\IZSeAgR.exe
  2⤵
  PID:7188
- C:\Windows\System\jCNFEBj.exe
  C:\Windows\System\jCNFEBj.exe
  2⤵
  PID:7204
- C:\Windows\System\BOvZpOm.exe
  C:\Windows\System\BOvZpOm.exe
  2⤵
  PID:7220
- C:\Windows\System\PnUdxMR.exe
  C:\Windows\System\PnUdxMR.exe
  2⤵
  PID:7240
- C:\Windows\System\aftzYWS.exe
  C:\Windows\System\aftzYWS.exe
  2⤵
  PID:7260
- C:\Windows\System\bKTxOnO.exe
  C:\Windows\System\bKTxOnO.exe
  2⤵
  PID:7276
- C:\Windows\System\IyGfTnr.exe
  C:\Windows\System\IyGfTnr.exe
  2⤵
  PID:7292
- C:\Windows\System\uuKdtKI.exe
  C:\Windows\System\uuKdtKI.exe
  2⤵
  PID:7308
- C:\Windows\System\ZdmuxcE.exe
  C:\Windows\System\ZdmuxcE.exe
  2⤵
  PID:7416
- C:\Windows\System\zjXCjSj.exe
  C:\Windows\System\zjXCjSj.exe
  2⤵
  PID:7436
- C:\Windows\System\CtHEeFX.exe
  C:\Windows\System\CtHEeFX.exe
  2⤵
  PID:7452
- C:\Windows\System\WLqeAUY.exe
  C:\Windows\System\WLqeAUY.exe
  2⤵
  PID:7468
- C:\Windows\System\EkfcBQe.exe
  C:\Windows\System\EkfcBQe.exe
  2⤵
  PID:7484
- C:\Windows\System\KkqpNGs.exe
  C:\Windows\System\KkqpNGs.exe
  2⤵
  PID:7500
- C:\Windows\System\tWVqcMJ.exe
  C:\Windows\System\tWVqcMJ.exe
  2⤵
  PID:7516
- C:\Windows\System\Royzsam.exe
  C:\Windows\System\Royzsam.exe
  2⤵
  PID:7532
- C:\Windows\System\dNQCJlK.exe
  C:\Windows\System\dNQCJlK.exe
  2⤵
  PID:7552
- C:\Windows\System\RasgujA.exe
  C:\Windows\System\RasgujA.exe
  2⤵
  PID:7568
- C:\Windows\System\ufZyemB.exe
  C:\Windows\System\ufZyemB.exe
  2⤵
  PID:7584
- C:\Windows\System\rQlYsPk.exe
  C:\Windows\System\rQlYsPk.exe
  2⤵
  PID:7600
- C:\Windows\System\LBkIAXh.exe
  C:\Windows\System\LBkIAXh.exe
  2⤵
  PID:7616
- C:\Windows\System\TjVYNIO.exe
  C:\Windows\System\TjVYNIO.exe
  2⤵
  PID:7632
- C:\Windows\System\hwnHWzP.exe
  C:\Windows\System\hwnHWzP.exe
  2⤵
  PID:7648
- C:\Windows\System\YoAvwUO.exe
  C:\Windows\System\YoAvwUO.exe
  2⤵
  PID:7664
- C:\Windows\System\RZuNDNv.exe
  C:\Windows\System\RZuNDNv.exe
  2⤵
  PID:7680
- C:\Windows\System\urjFYQY.exe
  C:\Windows\System\urjFYQY.exe
  2⤵
  PID:7696
- C:\Windows\System\OeBLhKp.exe
  C:\Windows\System\OeBLhKp.exe
  2⤵
  PID:7712
- C:\Windows\System\CDaBiEr.exe
  C:\Windows\System\CDaBiEr.exe
  2⤵
  PID:7728
- C:\Windows\System\lFBpMED.exe
  C:\Windows\System\lFBpMED.exe
  2⤵
  PID:7744
- C:\Windows\System\wVUvDqy.exe
  C:\Windows\System\wVUvDqy.exe
  2⤵
  PID:7760
- C:\Windows\System\QGxFCsL.exe
  C:\Windows\System\QGxFCsL.exe
  2⤵
  PID:7776
- C:\Windows\System\eWEVKNh.exe
  C:\Windows\System\eWEVKNh.exe
  2⤵
  PID:7792
- C:\Windows\System\qMkfknD.exe
  C:\Windows\System\qMkfknD.exe
  2⤵
  PID:7808
- C:\Windows\System\mqrPdek.exe
  C:\Windows\System\mqrPdek.exe
  2⤵
  PID:7824
- C:\Windows\System\QSbqXvY.exe
  C:\Windows\System\QSbqXvY.exe
  2⤵
  PID:7840
- C:\Windows\System\cIlfvHS.exe
  C:\Windows\System\cIlfvHS.exe
  2⤵
  PID:7856
- C:\Windows\System\cnnDELi.exe
  C:\Windows\System\cnnDELi.exe
  2⤵
  PID:7872
- C:\Windows\System\nsRykIc.exe
  C:\Windows\System\nsRykIc.exe
  2⤵
  PID:7888
- C:\Windows\System\NmfuBGR.exe
  C:\Windows\System\NmfuBGR.exe
  2⤵
  PID:7904
- C:\Windows\System\eyKjLQE.exe
  C:\Windows\System\eyKjLQE.exe
  2⤵
  PID:7920
- C:\Windows\System\xGBkAmV.exe
  C:\Windows\System\xGBkAmV.exe
  2⤵
  PID:7936
- C:\Windows\System\ZQSKhne.exe
  C:\Windows\System\ZQSKhne.exe
  2⤵
  PID:7952
- C:\Windows\System\khkXPGk.exe
  C:\Windows\System\khkXPGk.exe
  2⤵
  PID:7968
- C:\Windows\System\vdcMOVE.exe
  C:\Windows\System\vdcMOVE.exe
  2⤵
  PID:7984
- C:\Windows\System\TjCGdyn.exe
  C:\Windows\System\TjCGdyn.exe
  2⤵
  PID:8000
- C:\Windows\System\lSjWLMp.exe
  C:\Windows\System\lSjWLMp.exe
  2⤵
  PID:8016
- C:\Windows\System\VOTqMsh.exe
  C:\Windows\System\VOTqMsh.exe
  2⤵
  PID:8032
- C:\Windows\System\VtZrxIZ.exe
  C:\Windows\System\VtZrxIZ.exe
  2⤵
  PID:8048
- C:\Windows\System\pHIdIcf.exe
  C:\Windows\System\pHIdIcf.exe
  2⤵
  PID:8064
- C:\Windows\System\agCVGce.exe
  C:\Windows\System\agCVGce.exe
  2⤵
  PID:8080
- C:\Windows\System\CLKxHkJ.exe
  C:\Windows\System\CLKxHkJ.exe
  2⤵
  PID:8096
- C:\Windows\System\mseNaNM.exe
  C:\Windows\System\mseNaNM.exe
  2⤵
  PID:8168
- C:\Windows\System\NmxcKGA.exe
  C:\Windows\System\NmxcKGA.exe
  2⤵
  PID:8184
- C:\Windows\System\KzuMNMZ.exe
  C:\Windows\System\KzuMNMZ.exe
  2⤵
  PID:6800
- C:\Windows\System\KZunaXU.exe
  C:\Windows\System\KZunaXU.exe
  2⤵
  PID:7272
- C:\Windows\System\bGGvvGk.exe
  C:\Windows\System\bGGvvGk.exe
  2⤵
  PID:7268
- C:\Windows\System\NxBvXrE.exe
  C:\Windows\System\NxBvXrE.exe
  2⤵
  PID:6280
- C:\Windows\System\KFmbWDw.exe
  C:\Windows\System\KFmbWDw.exe
  2⤵
  PID:7172
- C:\Windows\System\kgDTEvb.exe
  C:\Windows\System\kgDTEvb.exe
  2⤵
  PID:7212
- C:\Windows\System\cdLspeZ.exe
  C:\Windows\System\cdLspeZ.exe
  2⤵
  PID:7288
- C:\Windows\System\ntWtpBv.exe
  C:\Windows\System\ntWtpBv.exe
  2⤵
  PID:7016
- C:\Windows\System\luwYZum.exe
  C:\Windows\System\luwYZum.exe
  2⤵
  PID:6480
- C:\Windows\System\ubYaePP.exe
  C:\Windows\System\ubYaePP.exe
  2⤵
  PID:6828
- C:\Windows\System\mQRTapH.exe
  C:\Windows\System\mQRTapH.exe
  2⤵
  PID:7256
- C:\Windows\System\CJCLemZ.exe
  C:\Windows\System\CJCLemZ.exe
  2⤵
  PID:7320
- C:\Windows\System\OgToqYo.exe
  C:\Windows\System\OgToqYo.exe
  2⤵
  PID:6448
- C:\Windows\System\VXVYnOx.exe
  C:\Windows\System\VXVYnOx.exe
  2⤵
  PID:6196
- C:\Windows\System\YJgTEUr.exe
  C:\Windows\System\YJgTEUr.exe
  2⤵
  PID:7116
- C:\Windows\System\EraTYiX.exe
  C:\Windows\System\EraTYiX.exe
  2⤵
  PID:7336
- C:\Windows\System\DeDWLzN.exe
  C:\Windows\System\DeDWLzN.exe
  2⤵
  PID:7352
- C:\Windows\System\vAJzYsB.exe
  C:\Windows\System\vAJzYsB.exe
  2⤵
  PID:7368
- C:\Windows\System\IBxlMUk.exe
  C:\Windows\System\IBxlMUk.exe
  2⤵
  PID:7384
- C:\Windows\System\XkPXouF.exe
  C:\Windows\System\XkPXouF.exe
  2⤵
  PID:7392
- C:\Windows\System\AMDqlOY.exe
  C:\Windows\System\AMDqlOY.exe
  2⤵
  PID:7412
- C:\Windows\System\fuoATMp.exe
  C:\Windows\System\fuoATMp.exe
  2⤵
  PID:7480
- C:\Windows\System\myesrKE.exe
  C:\Windows\System\myesrKE.exe
  2⤵
  PID:7460
- C:\Windows\System\zIpiThr.exe
  C:\Windows\System\zIpiThr.exe
  2⤵
  PID:7524
- C:\Windows\System\YdjnaUR.exe
  C:\Windows\System\YdjnaUR.exe
  2⤵
  PID:7540
- C:\Windows\System\zZIVWqT.exe
  C:\Windows\System\zZIVWqT.exe
  2⤵
  PID:7580
- C:\Windows\System\hTcRviO.exe
  C:\Windows\System\hTcRviO.exe
  2⤵
  PID:7660
- C:\Windows\System\VxiQAuF.exe
  C:\Windows\System\VxiQAuF.exe
  2⤵
  PID:7612
- C:\Windows\System\mCROCLx.exe
  C:\Windows\System\mCROCLx.exe
  2⤵
  PID:7720
- C:\Windows\System\JSDQPnx.exe
  C:\Windows\System\JSDQPnx.exe
  2⤵
  PID:7752
- C:\Windows\System\WApjCra.exe
  C:\Windows\System\WApjCra.exe
  2⤵
  PID:7708
- C:\Windows\System\EhgbaRB.exe
  C:\Windows\System\EhgbaRB.exe
  2⤵
  PID:7788
- C:\Windows\System\AlLOvzg.exe
  C:\Windows\System\AlLOvzg.exe
  2⤵
  PID:7816
- C:\Windows\System\yJVbldh.exe
  C:\Windows\System\yJVbldh.exe
  2⤵
  PID:7832
- C:\Windows\System\DEhlPDA.exe
  C:\Windows\System\DEhlPDA.exe
  2⤵
  PID:7864
- C:\Windows\System\bPhBzuO.exe
  C:\Windows\System\bPhBzuO.exe
  2⤵
  PID:7928
- C:\Windows\System\KwrudGl.exe
  C:\Windows\System\KwrudGl.exe
  2⤵
  PID:7996
- C:\Windows\System\uSiilFI.exe
  C:\Windows\System\uSiilFI.exe
  2⤵
  PID:7944
- C:\Windows\System\CrFojRR.exe
  C:\Windows\System\CrFojRR.exe
  2⤵
  PID:8008
- C:\Windows\System\crYyHGH.exe
  C:\Windows\System\crYyHGH.exe
  2⤵
  PID:8024
- C:\Windows\System\gYsjqUS.exe
  C:\Windows\System\gYsjqUS.exe
  2⤵
  PID:1708
- C:\Windows\System\MlTUftt.exe
  C:\Windows\System\MlTUftt.exe
  2⤵
  PID:8092
- C:\Windows\System\OaSJqkW.exe
  C:\Windows\System\OaSJqkW.exe
  2⤵
  PID:8076
- C:\Windows\System\pTjAHlH.exe
  C:\Windows\System\pTjAHlH.exe
  2⤵
  PID:8108
- C:\Windows\System\LMZzdSf.exe
  C:\Windows\System\LMZzdSf.exe
  2⤵
  PID:8116
- C:\Windows\System\wEyjJJq.exe
  C:\Windows\System\wEyjJJq.exe
  2⤵
  PID:8132
- C:\Windows\System\PIGhtpy.exe
  C:\Windows\System\PIGhtpy.exe
  2⤵
  PID:8140
- C:\Windows\System\sHwgOQH.exe
  C:\Windows\System\sHwgOQH.exe
  2⤵
  PID:8148
- C:\Windows\System\nwzueLv.exe
  C:\Windows\System\nwzueLv.exe
  2⤵
  PID:8180
- C:\Windows\System\lcCrsUU.exe
  C:\Windows\System\lcCrsUU.exe
  2⤵
  PID:6464
- C:\Windows\System\LWTOWBY.exe
  C:\Windows\System\LWTOWBY.exe
  2⤵
  PID:7144
- C:\Windows\System\RynHWqI.exe
  C:\Windows\System\RynHWqI.exe
  2⤵
  PID:6880
- C:\Windows\System\dLIZjat.exe
  C:\Windows\System\dLIZjat.exe
  2⤵
  PID:6948
- C:\Windows\System\lxoPpBa.exe
  C:\Windows\System\lxoPpBa.exe
  2⤵
  PID:7252
- C:\Windows\System\mIcezrn.exe
  C:\Windows\System\mIcezrn.exe
  2⤵
  PID:7080
- C:\Windows\System\hdaXfyL.exe
  C:\Windows\System\hdaXfyL.exe
  2⤵
  PID:7360
- C:\Windows\System\ZNlZHof.exe
  C:\Windows\System\ZNlZHof.exe
  2⤵
  PID:7364
- C:\Windows\System\iKzraWZ.exe
  C:\Windows\System\iKzraWZ.exe
  2⤵
  PID:7512
- C:\Windows\System\DzmWOgR.exe
  C:\Windows\System\DzmWOgR.exe
  2⤵
  PID:7628
- C:\Windows\System\huxalJZ.exe
  C:\Windows\System\huxalJZ.exe
  2⤵
  PID:7656
- C:\Windows\System\cNrPpNU.exe
  C:\Windows\System\cNrPpNU.exe
  2⤵
  PID:7328
- C:\Windows\System\rnZdjzS.exe
  C:\Windows\System\rnZdjzS.exe
  2⤵
  PID:1928
- C:\Windows\System\rMuRLjD.exe
  C:\Windows\System\rMuRLjD.exe
  2⤵
  PID:7804
- C:\Windows\System\Ddstzwg.exe
  C:\Windows\System\Ddstzwg.exe
  2⤵
  PID:7476
- C:\Windows\System\PscVwun.exe
  C:\Windows\System\PscVwun.exe
  2⤵
  PID:7576
- C:\Windows\System\lSMjjqe.exe
  C:\Windows\System\lSMjjqe.exe
  2⤵
  PID:7740
- C:\Windows\System\NIBIfAG.exe
  C:\Windows\System\NIBIfAG.exe
  2⤵
  PID:7912
- C:\Windows\System\RIcOCmW.exe
  C:\Windows\System\RIcOCmW.exe
  2⤵
  PID:8056
- C:\Windows\System\pUAerQL.exe
  C:\Windows\System\pUAerQL.exe
  2⤵
  PID:8040
- C:\Windows\System\wLXKOmz.exe
  C:\Windows\System\wLXKOmz.exe
  2⤵
  PID:824
- C:\Windows\System\AElHLPD.exe
  C:\Windows\System\AElHLPD.exe
  2⤵
  PID:8156
- C:\Windows\System\dxnExyV.exe
  C:\Windows\System\dxnExyV.exe
  2⤵
  PID:2800
- C:\Windows\System\PWZFgvs.exe
  C:\Windows\System\PWZFgvs.exe
  2⤵
  PID:7284
- C:\Windows\System\CDgQzfY.exe
  C:\Windows\System\CDgQzfY.exe
  2⤵
  PID:7196
- C:\Windows\System\gEQzUZR.exe
  C:\Windows\System\gEQzUZR.exe
  2⤵
  PID:7380
- C:\Windows\System\yOXbmUA.exe
  C:\Windows\System\yOXbmUA.exe
  2⤵
  PID:7564
- C:\Windows\System\tetgRdk.exe
  C:\Windows\System\tetgRdk.exe
  2⤵
  PID:7100
- C:\Windows\System\XeyXMTJ.exe
  C:\Windows\System\XeyXMTJ.exe
  2⤵
  PID:7544
- C:\Windows\System\BxZnOcl.exe
  C:\Windows\System\BxZnOcl.exe
  2⤵
  PID:7624
- C:\Windows\System\ObWJEBh.exe
  C:\Windows\System\ObWJEBh.exe
  2⤵
  PID:7408
- C:\Windows\System\UdBOtmT.exe
  C:\Windows\System\UdBOtmT.exe
  2⤵
  PID:7672
- C:\Windows\System\FudVhQp.exe
  C:\Windows\System\FudVhQp.exe
  2⤵
  PID:7704
- C:\Windows\System\MTDeKsq.exe
  C:\Windows\System\MTDeKsq.exe
  2⤵
  PID:7448
- C:\Windows\System\pVRbGFW.exe
  C:\Windows\System\pVRbGFW.exe
  2⤵
  PID:1732
- C:\Windows\System\gBjIrva.exe
  C:\Windows\System\gBjIrva.exe
  2⤵
  PID:6548
- C:\Windows\System\MenrmyL.exe
  C:\Windows\System\MenrmyL.exe
  2⤵
  PID:6804
- C:\Windows\System\lzpqhQb.exe
  C:\Windows\System\lzpqhQb.exe
  2⤵
  PID:7900
- C:\Windows\System\UUCWtZS.exe
  C:\Windows\System\UUCWtZS.exe
  2⤵
  PID:7396
- C:\Windows\System\fJpQpzc.exe
  C:\Windows\System\fJpQpzc.exe
  2⤵
  PID:8164
- C:\Windows\System\vvulELa.exe
  C:\Windows\System\vvulELa.exe
  2⤵
  PID:7316
- C:\Windows\System\tGKVXsn.exe
  C:\Windows\System\tGKVXsn.exe
  2⤵
  PID:6620
- C:\Windows\System\CvdtijD.exe
  C:\Windows\System\CvdtijD.exe
  2⤵
  PID:6984
- C:\Windows\System\qHFdXOc.exe
  C:\Windows\System\qHFdXOc.exe
  2⤵
  PID:8044
- C:\Windows\System\dSTUDHI.exe
  C:\Windows\System\dSTUDHI.exe
  2⤵
  PID:2428
- C:\Windows\System\CWlhGDw.exe
  C:\Windows\System\CWlhGDw.exe
  2⤵
  PID:7992
- C:\Windows\System\CAvwtVW.exe
  C:\Windows\System\CAvwtVW.exe
  2⤵
  PID:8204
- C:\Windows\System\tAvqLmq.exe
  C:\Windows\System\tAvqLmq.exe
  2⤵
  PID:8220
- C:\Windows\System\qOozJGs.exe
  C:\Windows\System\qOozJGs.exe
  2⤵
  PID:8236
- C:\Windows\System\MFNZLsB.exe
  C:\Windows\System\MFNZLsB.exe
  2⤵
  PID:8252
- C:\Windows\System\JYhtZLx.exe
  C:\Windows\System\JYhtZLx.exe
  2⤵
  PID:8268
- C:\Windows\System\otCvGyH.exe
  C:\Windows\System\otCvGyH.exe
  2⤵
  PID:8284
- C:\Windows\System\LURlThv.exe
  C:\Windows\System\LURlThv.exe
  2⤵
  PID:8300
- C:\Windows\System\bNaCDrr.exe
  C:\Windows\System\bNaCDrr.exe
  2⤵
  PID:8316
- C:\Windows\System\OVrwPiB.exe
  C:\Windows\System\OVrwPiB.exe
  2⤵
  PID:8332
- C:\Windows\System\JGmmkuK.exe
  C:\Windows\System\JGmmkuK.exe
  2⤵
  PID:8348
- C:\Windows\System\vHiUgpM.exe
  C:\Windows\System\vHiUgpM.exe
  2⤵
  PID:8364
- C:\Windows\System\hCdqdFU.exe
  C:\Windows\System\hCdqdFU.exe
  2⤵
  PID:8380
- C:\Windows\System\hXLQlHa.exe
  C:\Windows\System\hXLQlHa.exe
  2⤵
  PID:8396
- C:\Windows\System\PNmvicX.exe
  C:\Windows\System\PNmvicX.exe
  2⤵
  PID:8412
- C:\Windows\System\DcDcRAP.exe
  C:\Windows\System\DcDcRAP.exe
  2⤵
  PID:8428
- C:\Windows\System\PBgbOEl.exe
  C:\Windows\System\PBgbOEl.exe
  2⤵
  PID:8448
- C:\Windows\System\yzYGdUG.exe
  C:\Windows\System\yzYGdUG.exe
  2⤵
  PID:8464
- C:\Windows\System\cCwNevy.exe
  C:\Windows\System\cCwNevy.exe
  2⤵
  PID:8480
- C:\Windows\System\kStRzcI.exe
  C:\Windows\System\kStRzcI.exe
  2⤵
  PID:8496
- C:\Windows\System\PLbxpQU.exe
  C:\Windows\System\PLbxpQU.exe
  2⤵
  PID:8512
- C:\Windows\System\icyQPPv.exe
  C:\Windows\System\icyQPPv.exe
  2⤵
  PID:8528
- C:\Windows\System\YKRpCCe.exe
  C:\Windows\System\YKRpCCe.exe
  2⤵
  PID:8544
- C:\Windows\System\mUtyVPY.exe
  C:\Windows\System\mUtyVPY.exe
  2⤵
  PID:8560
- C:\Windows\System\CohzOGa.exe
  C:\Windows\System\CohzOGa.exe
  2⤵
  PID:8580
- C:\Windows\System\dnRJiNd.exe
  C:\Windows\System\dnRJiNd.exe
  2⤵
  PID:8596
- C:\Windows\System\iKokBsV.exe
  C:\Windows\System\iKokBsV.exe
  2⤵
  PID:8612
- C:\Windows\System\aHcBsOf.exe
  C:\Windows\System\aHcBsOf.exe
  2⤵
  PID:8628
- C:\Windows\System\TSkSIbg.exe
  C:\Windows\System\TSkSIbg.exe
  2⤵
  PID:8644
- C:\Windows\System\mnHrpzn.exe
  C:\Windows\System\mnHrpzn.exe
  2⤵
  PID:8660
- C:\Windows\System\eVfPcps.exe
  C:\Windows\System\eVfPcps.exe
  2⤵
  PID:8676
- C:\Windows\System\pwdbeln.exe
  C:\Windows\System\pwdbeln.exe
  2⤵
  PID:8692
- C:\Windows\System\JHLNSqf.exe
  C:\Windows\System\JHLNSqf.exe
  2⤵
  PID:8708
- C:\Windows\System\bloCbOX.exe
  C:\Windows\System\bloCbOX.exe
  2⤵
  PID:8724
- C:\Windows\System\hCGRmOQ.exe
  C:\Windows\System\hCGRmOQ.exe
  2⤵
  PID:8740
- C:\Windows\System\RPrUNgC.exe
  C:\Windows\System\RPrUNgC.exe
  2⤵
  PID:8756
- C:\Windows\System\STfuXvJ.exe
  C:\Windows\System\STfuXvJ.exe
  2⤵
  PID:8772
- C:\Windows\System\RehzDQW.exe
  C:\Windows\System\RehzDQW.exe
  2⤵
  PID:8788
- C:\Windows\System\XnuiZck.exe
  C:\Windows\System\XnuiZck.exe
  2⤵
  PID:8804
- C:\Windows\System\VVRzqSp.exe
  C:\Windows\System\VVRzqSp.exe
  2⤵
  PID:8820
- C:\Windows\System\FZExght.exe
  C:\Windows\System\FZExght.exe
  2⤵
  PID:8836
- C:\Windows\System\SJIlFtV.exe
  C:\Windows\System\SJIlFtV.exe
  2⤵
  PID:8852
- C:\Windows\System\rVbFlTN.exe
  C:\Windows\System\rVbFlTN.exe
  2⤵
  PID:8868
- C:\Windows\System\cAZGRyu.exe
  C:\Windows\System\cAZGRyu.exe
  2⤵
  PID:8884
- C:\Windows\System\ooKQWMk.exe
  C:\Windows\System\ooKQWMk.exe
  2⤵
  PID:8904
- C:\Windows\System\GSuXiGn.exe
  C:\Windows\System\GSuXiGn.exe
  2⤵
  PID:8920
- C:\Windows\System\dHSNUYp.exe
  C:\Windows\System\dHSNUYp.exe
  2⤵
  PID:8936
- C:\Windows\System\RnstAkA.exe
  C:\Windows\System\RnstAkA.exe
  2⤵
  PID:8952
- C:\Windows\System\HwUeWES.exe
  C:\Windows\System\HwUeWES.exe
  2⤵
  PID:8968
- C:\Windows\System\REfIhVk.exe
  C:\Windows\System\REfIhVk.exe
  2⤵
  PID:8984
- C:\Windows\System\lPoBTPG.exe
  C:\Windows\System\lPoBTPG.exe
  2⤵
  PID:9000
- C:\Windows\System\NMwPPpK.exe
  C:\Windows\System\NMwPPpK.exe
  2⤵
  PID:9016
- C:\Windows\System\cqxomGe.exe
  C:\Windows\System\cqxomGe.exe
  2⤵
  PID:9032
- C:\Windows\System\wEpKqIv.exe
  C:\Windows\System\wEpKqIv.exe
  2⤵
  PID:9048
- C:\Windows\System\DuWySrt.exe
  C:\Windows\System\DuWySrt.exe
  2⤵
  PID:9064
- C:\Windows\System\qjfizdZ.exe
  C:\Windows\System\qjfizdZ.exe
  2⤵
  PID:9080
- C:\Windows\System\qHpWKLh.exe
  C:\Windows\System\qHpWKLh.exe
  2⤵
  PID:9096
- C:\Windows\System\oorbVKP.exe
  C:\Windows\System\oorbVKP.exe
  2⤵
  PID:9112
- C:\Windows\System\PwZQTpE.exe
  C:\Windows\System\PwZQTpE.exe
  2⤵
  PID:9128
- C:\Windows\System\SZgZjqX.exe
  C:\Windows\System\SZgZjqX.exe
  2⤵
  PID:9144
- C:\Windows\System\KhjyzPu.exe
  C:\Windows\System\KhjyzPu.exe
  2⤵
  PID:9160
- C:\Windows\System\HTmFHMF.exe
  C:\Windows\System\HTmFHMF.exe
  2⤵
  PID:9176
- C:\Windows\System\QQRpIiV.exe
  C:\Windows\System\QQRpIiV.exe
  2⤵
  PID:9192
- C:\Windows\System\xJMQRgb.exe
  C:\Windows\System\xJMQRgb.exe
  2⤵
  PID:9208
- C:\Windows\System\qywGxDd.exe
  C:\Windows\System\qywGxDd.exe
  2⤵
  PID:8196
- C:\Windows\System\ozajMfV.exe
  C:\Windows\System\ozajMfV.exe
  2⤵
  PID:7236
- C:\Windows\System\kiFmyxD.exe
  C:\Windows\System\kiFmyxD.exe
  2⤵
  PID:8244
- C:\Windows\System\QLhllpd.exe
  C:\Windows\System\QLhllpd.exe
  2⤵
  PID:8308
- C:\Windows\System\oCRRknq.exe
  C:\Windows\System\oCRRknq.exe
  2⤵
  PID:6916
- C:\Windows\System\YbiUKnk.exe
  C:\Windows\System\YbiUKnk.exe
  2⤵
  PID:8372
- C:\Windows\System\laeyoYf.exe
  C:\Windows\System\laeyoYf.exe
  2⤵
  PID:8264
- C:\Windows\System\ENCGxlS.exe
  C:\Windows\System\ENCGxlS.exe
  2⤵
  PID:8356
- C:\Windows\System\cBYrJpw.exe
  C:\Windows\System\cBYrJpw.exe
  2⤵
  PID:8392
- C:\Windows\System\HTuHfcE.exe
  C:\Windows\System\HTuHfcE.exe
  2⤵
  PID:8440
- C:\Windows\System\rKhoJFd.exe
  C:\Windows\System\rKhoJFd.exe
  2⤵
  PID:8460
- C:\Windows\System\pSUaOCR.exe
  C:\Windows\System\pSUaOCR.exe
  2⤵
  PID:8520
- C:\Windows\System\GazIqAd.exe
  C:\Windows\System\GazIqAd.exe
  2⤵
  PID:8556
- C:\Windows\System\NOAnRNl.exe
  C:\Windows\System\NOAnRNl.exe
  2⤵
  PID:8472
- C:\Windows\System\FbDRTMN.exe
  C:\Windows\System\FbDRTMN.exe
  2⤵
  PID:8576
- C:\Windows\System\gTGfcTg.exe
  C:\Windows\System\gTGfcTg.exe
  2⤵
  PID:8608
- C:\Windows\System\nlEkBiU.exe
  C:\Windows\System\nlEkBiU.exe
  2⤵
  PID:8672
- C:\Windows\System\DMBOQyb.exe
  C:\Windows\System\DMBOQyb.exe
  2⤵
  PID:8736
- C:\Windows\System\KGmMVIE.exe
  C:\Windows\System\KGmMVIE.exe
  2⤵
  PID:8800
- C:\Windows\System\OQsYALC.exe
  C:\Windows\System\OQsYALC.exe
  2⤵
  PID:8624
- C:\Windows\System\acvKZmf.exe
  C:\Windows\System\acvKZmf.exe
  2⤵
  PID:8716
- C:\Windows\System\vcntOcW.exe
  C:\Windows\System\vcntOcW.exe
  2⤵
  PID:8620
- C:\Windows\System\KdqKZRg.exe
  C:\Windows\System\KdqKZRg.exe
  2⤵
  PID:8816
- C:\Windows\System\YBEkMOa.exe
  C:\Windows\System\YBEkMOa.exe
  2⤵
  PID:8900
- C:\Windows\System\nvgHsIE.exe
  C:\Windows\System\nvgHsIE.exe
  2⤵
  PID:8864
- C:\Windows\System\UpUQCeY.exe
  C:\Windows\System\UpUQCeY.exe
  2⤵
  PID:8960
- C:\Windows\System\kNtOLJG.exe
  C:\Windows\System\kNtOLJG.exe
  2⤵
  PID:9024
- C:\Windows\System\EnAtrIm.exe
  C:\Windows\System\EnAtrIm.exe
  2⤵
  PID:9076
- C:\Windows\System\yiRgfAb.exe
  C:\Windows\System\yiRgfAb.exe
  2⤵
  PID:8948
- C:\Windows\System\QXrLPot.exe
  C:\Windows\System\QXrLPot.exe
  2⤵
  PID:9012
- C:\Windows\System\iunYLXK.exe
  C:\Windows\System\iunYLXK.exe
  2⤵
  PID:9124
- C:\Windows\System\EkHIAIo.exe
  C:\Windows\System\EkHIAIo.exe
  2⤵
  PID:9200
- C:\Windows\System\Agzcwsa.exe
  C:\Windows\System\Agzcwsa.exe
  2⤵
  PID:9184
- C:\Windows\System\BUbpNRW.exe
  C:\Windows\System\BUbpNRW.exe
  2⤵
  PID:8340
- C:\Windows\System\gvTFatt.exe
  C:\Windows\System\gvTFatt.exe
  2⤵
  PID:8328
- C:\Windows\System\ZAkWEob.exe
  C:\Windows\System\ZAkWEob.exe
  2⤵
  PID:8388
- C:\Windows\System\JWhNAdy.exe
  C:\Windows\System\JWhNAdy.exe
  2⤵
  PID:8488
- C:\Windows\System\KOvTbgP.exe
  C:\Windows\System\KOvTbgP.exe
  2⤵
  PID:8540
- C:\Windows\System\HSDbzBX.exe
  C:\Windows\System\HSDbzBX.exe
  2⤵
  PID:8604
- C:\Windows\System\zcMMEBM.exe
  C:\Windows\System\zcMMEBM.exe
  2⤵
  PID:8732
- C:\Windows\System\PEROPmy.exe
  C:\Windows\System\PEROPmy.exe
  2⤵
  PID:8640
- C:\Windows\System\OWBKaGr.exe
  C:\Windows\System\OWBKaGr.exe
  2⤵
  PID:8796
- C:\Windows\System\HhQlhPX.exe
  C:\Windows\System\HhQlhPX.exe
  2⤵
  PID:8688
- C:\Windows\System\ZEIKvqq.exe
  C:\Windows\System\ZEIKvqq.exe
  2⤵
  PID:8932
- C:\Windows\System\bcoHdAO.exe
  C:\Windows\System\bcoHdAO.exe
  2⤵
  PID:8876
- C:\Windows\System\WTGJzRO.exe
  C:\Windows\System\WTGJzRO.exe
  2⤵
  PID:9060
- C:\Windows\System\BRjjDNI.exe
  C:\Windows\System\BRjjDNI.exe
  2⤵
  PID:8980
- C:\Windows\System\kzjWaFi.exe
  C:\Windows\System\kzjWaFi.exe
  2⤵
  PID:9168
- C:\Windows\System\yoZpIJn.exe
  C:\Windows\System\yoZpIJn.exe
  2⤵
  PID:7304
- C:\Windows\System\wMeYnAS.exe
  C:\Windows\System\wMeYnAS.exe
  2⤵
  PID:8228
- C:\Windows\System\jmBHzTI.exe
  C:\Windows\System\jmBHzTI.exe
  2⤵
  PID:8200
- C:\Windows\System\YSGHuFp.exe
  C:\Windows\System\YSGHuFp.exe
  2⤵
  PID:8232
- C:\Windows\System\CRbEKfD.exe
  C:\Windows\System\CRbEKfD.exe
  2⤵
  PID:8508
- C:\Windows\System\Xdvpxvb.exe
  C:\Windows\System\Xdvpxvb.exe
  2⤵
  PID:8928
- C:\Windows\System\wnBSqhL.exe
  C:\Windows\System\wnBSqhL.exe
  2⤵
  PID:9072
- C:\Windows\System\tfhEYTm.exe
  C:\Windows\System\tfhEYTm.exe
  2⤵
  PID:8376
- C:\Windows\System\vIeaxub.exe
  C:\Windows\System\vIeaxub.exe
  2⤵
  PID:8124
- C:\Windows\System\mBPpliV.exe
  C:\Windows\System\mBPpliV.exe
  2⤵
  PID:8832
- C:\Windows\System\PsDEcXX.exe
  C:\Windows\System\PsDEcXX.exe
  2⤵
  PID:8912
- C:\Windows\System\wcCjOTR.exe
  C:\Windows\System\wcCjOTR.exe
  2⤵
  PID:8276
- C:\Windows\System\rQMMsFv.exe
  C:\Windows\System\rQMMsFv.exe
  2⤵
  PID:8892
- C:\Windows\System\hiBArxj.exe
  C:\Windows\System\hiBArxj.exe
  2⤵
  PID:8112
- C:\Windows\System\ilFPOJL.exe
  C:\Windows\System\ilFPOJL.exe
  2⤵
  PID:9260
- C:\Windows\System\GyHbGBS.exe
  C:\Windows\System\GyHbGBS.exe
  2⤵
  PID:9276
- C:\Windows\System\fgMHGUy.exe
  C:\Windows\System\fgMHGUy.exe
  2⤵
  PID:9292
- C:\Windows\System\QTpSTfe.exe
  C:\Windows\System\QTpSTfe.exe
  2⤵
  PID:9308
- C:\Windows\System\aecFIsU.exe
  C:\Windows\System\aecFIsU.exe
  2⤵
  PID:9344
- C:\Windows\System\EdvIqOj.exe
  C:\Windows\System\EdvIqOj.exe
  2⤵
  PID:9364
- C:\Windows\System\qThnZsW.exe
  C:\Windows\System\qThnZsW.exe
  2⤵
  PID:9384
- C:\Windows\System\MTZyhJe.exe
  C:\Windows\System\MTZyhJe.exe
  2⤵
  PID:9408
- C:\Windows\System\xHBSzRl.exe
  C:\Windows\System\xHBSzRl.exe
  2⤵
  PID:9436
- C:\Windows\System\hXUnVAY.exe
  C:\Windows\System\hXUnVAY.exe
  2⤵
  PID:9456
- C:\Windows\System\WfckuWa.exe
  C:\Windows\System\WfckuWa.exe
  2⤵
  PID:9488
- C:\Windows\System\OhRvIMo.exe
  C:\Windows\System\OhRvIMo.exe
  2⤵
  PID:9512
- C:\Windows\System\ZTjlwvh.exe
  C:\Windows\System\ZTjlwvh.exe
  2⤵
  PID:9536
- C:\Windows\System\NAWMFqI.exe
  C:\Windows\System\NAWMFqI.exe
  2⤵
  PID:9664
- C:\Windows\System\yTJrnmf.exe
  C:\Windows\System\yTJrnmf.exe
  2⤵
  PID:9692
- C:\Windows\System\GfvJsgv.exe
  C:\Windows\System\GfvJsgv.exe
  2⤵
  PID:9720
- C:\Windows\System\mlAoBTt.exe
  C:\Windows\System\mlAoBTt.exe
  2⤵
  PID:9740
- C:\Windows\System\NPKKWmc.exe
  C:\Windows\System\NPKKWmc.exe
  2⤵
  PID:10028
- C:\Windows\System\gGesntj.exe
  C:\Windows\System\gGesntj.exe
  2⤵
  PID:10048
- C:\Windows\System\nsIOMhx.exe
  C:\Windows\System\nsIOMhx.exe
  2⤵
  PID:10164
- C:\Windows\System\INRmGsi.exe
  C:\Windows\System\INRmGsi.exe
  2⤵
  PID:10232
- C:\Windows\System\fGvMFfy.exe
  C:\Windows\System\fGvMFfy.exe
  2⤵
  PID:9352
- C:\Windows\System\XlewdtD.exe
  C:\Windows\System\XlewdtD.exe
  2⤵
  PID:9380
- C:\Windows\System\oaShQJw.exe
  C:\Windows\System\oaShQJw.exe
  2⤵
  PID:9404
- C:\Windows\System\DULgVKA.exe
  C:\Windows\System\DULgVKA.exe
  2⤵
  PID:9452
- C:\Windows\System\XwdpaVL.exe
  C:\Windows\System\XwdpaVL.exe
  2⤵
  PID:9532
- C:\Windows\System\MPYjNrW.exe
  C:\Windows\System\MPYjNrW.exe
  2⤵
  PID:9592
- C:\Windows\System\GHyUiYe.exe
  C:\Windows\System\GHyUiYe.exe
  2⤵
  PID:9608
- C:\Windows\System\HbDKHdT.exe
  C:\Windows\System\HbDKHdT.exe
  2⤵
  PID:9640
- C:\Windows\System\Rkwtvcz.exe
  C:\Windows\System\Rkwtvcz.exe
  2⤵
  PID:9660
- C:\Windows\System\cNiianh.exe
  C:\Windows\System\cNiianh.exe
  2⤵
  PID:9700
- C:\Windows\System\OowODVX.exe
  C:\Windows\System\OowODVX.exe
  2⤵
  PID:9764
- C:\Windows\System\QLbaIWB.exe
  C:\Windows\System\QLbaIWB.exe
  2⤵
  PID:9752
- C:\Windows\System\DGPVwfE.exe
  C:\Windows\System\DGPVwfE.exe
  2⤵
  PID:9800
- C:\Windows\System\DYviNjB.exe
  C:\Windows\System\DYviNjB.exe
  2⤵
  PID:9860
- C:\Windows\System\bwxRHeI.exe
  C:\Windows\System\bwxRHeI.exe
  2⤵
  PID:9932
- C:\Windows\System\jWNTtom.exe
  C:\Windows\System\jWNTtom.exe
  2⤵
  PID:9824
- C:\Windows\System\fViafur.exe
  C:\Windows\System\fViafur.exe
  2⤵
  PID:9864
- C:\Windows\System\LdWCWJE.exe
  C:\Windows\System\LdWCWJE.exe
  2⤵
  PID:9888
- C:\Windows\System\MInvynP.exe
  C:\Windows\System\MInvynP.exe
  2⤵
  PID:9912
- C:\Windows\System\DNnSHkM.exe
  C:\Windows\System\DNnSHkM.exe
  2⤵
  PID:9940
- C:\Windows\System\xhKRCdG.exe
  C:\Windows\System\xhKRCdG.exe
  2⤵
  PID:9972
- C:\Windows\System\SBUKuUj.exe
  C:\Windows\System\SBUKuUj.exe
  2⤵
  PID:9992
- C:\Windows\System\dKhtbWz.exe
  C:\Windows\System\dKhtbWz.exe
  2⤵
  PID:10016
- C:\Windows\System\vkuLEMf.exe
  C:\Windows\System\vkuLEMf.exe
  2⤵
  PID:10056
- C:\Windows\System\VVsLSBA.exe
  C:\Windows\System\VVsLSBA.exe
  2⤵
  PID:10064
- C:\Windows\System\gNyPALs.exe
  C:\Windows\System\gNyPALs.exe
  2⤵
  PID:10096
- C:\Windows\System\EvcLkLA.exe
  C:\Windows\System\EvcLkLA.exe
  2⤵
  PID:10128
- C:\Windows\System\PLLbgpE.exe
  C:\Windows\System\PLLbgpE.exe
  2⤵
  PID:10148
- C:\Windows\System\HMsLbSZ.exe
  C:\Windows\System\HMsLbSZ.exe
  2⤵
  PID:10184
- C:\Windows\System\RzHrGqQ.exe
  C:\Windows\System\RzHrGqQ.exe
  2⤵
  PID:10192
- C:\Windows\System\hNOdRlF.exe
  C:\Windows\System\hNOdRlF.exe
  2⤵
  PID:10220
- C:\Windows\System\NvDQenB.exe
  C:\Windows\System\NvDQenB.exe
  2⤵
  PID:1004
- C:\Windows\System\qgtjZah.exe
  C:\Windows\System\qgtjZah.exe
  2⤵
  PID:9240
- C:\Windows\System\qskcKNe.exe
  C:\Windows\System\qskcKNe.exe
  2⤵
  PID:9288
- C:\Windows\System\zEKaeSn.exe
  C:\Windows\System\zEKaeSn.exe
  2⤵
  PID:9228
- C:\Windows\System\DAkCWcZ.exe
  C:\Windows\System\DAkCWcZ.exe
  2⤵
  PID:8280
- C:\Windows\System\wtVNHyX.exe
  C:\Windows\System\wtVNHyX.exe
  2⤵
  PID:9008
- C:\Windows\System\EsmpLFt.exe
  C:\Windows\System\EsmpLFt.exe
  2⤵
  PID:9320
- C:\Windows\System\TBsolUp.exe
  C:\Windows\System\TBsolUp.exe
  2⤵
  PID:9304
- C:\Windows\System\ECeWPei.exe
  C:\Windows\System\ECeWPei.exe
  2⤵
  PID:9396
- C:\Windows\System\IOcjCul.exe
  C:\Windows\System\IOcjCul.exe
  2⤵
  PID:9400
- C:\Windows\System\icZnVNJ.exe
  C:\Windows\System\icZnVNJ.exe
  2⤵
  PID:9556
- C:\Windows\System\PSdzZzk.exe
  C:\Windows\System\PSdzZzk.exe
  2⤵
  PID:9424
- C:\Windows\System\ZeICASL.exe
  C:\Windows\System\ZeICASL.exe
  2⤵
  PID:9476
- C:\Windows\System\bdQRNSI.exe
  C:\Windows\System\bdQRNSI.exe
  2⤵
  PID:9564
- C:\Windows\System\UAlmatO.exe
  C:\Windows\System\UAlmatO.exe
  2⤵
  PID:9464
- C:\Windows\System\SbHGkCM.exe
  C:\Windows\System\SbHGkCM.exe
  2⤵
  PID:9568
- C:\Windows\System\irpDhsw.exe
  C:\Windows\System\irpDhsw.exe
  2⤵
  PID:9632
- C:\Windows\System\IuMkvxz.exe
  C:\Windows\System\IuMkvxz.exe
  2⤵
  PID:9672
- C:\Windows\System\roQKfLT.exe
  C:\Windows\System\roQKfLT.exe
  2⤵
  PID:9652
- C:\Windows\System\UyKnDaA.exe
  C:\Windows\System\UyKnDaA.exe
  2⤵
  PID:9732
- C:\Windows\System\IRDTOHw.exe
  C:\Windows\System\IRDTOHw.exe
  2⤵
  PID:9788
- C:\Windows\System\wHwyvMO.exe
  C:\Windows\System\wHwyvMO.exe
  2⤵
  PID:9808
- C:\Windows\System\xPuUOoq.exe
  C:\Windows\System\xPuUOoq.exe
  2⤵
  PID:9816
- C:\Windows\System\TgTEizz.exe
  C:\Windows\System\TgTEizz.exe
  2⤵
  PID:9844
- C:\Windows\System\QvRNCqT.exe
  C:\Windows\System\QvRNCqT.exe
  2⤵
  PID:9856
- C:\Windows\System\gbnPEPN.exe
  C:\Windows\System\gbnPEPN.exe
  2⤵
  PID:9968
- C:\Windows\System\hbOHUmq.exe
  C:\Windows\System\hbOHUmq.exe
  2⤵
  PID:9836
- C:\Windows\System\DucSOOd.exe
  C:\Windows\System\DucSOOd.exe
  2⤵
  PID:10020
- C:\Windows\System\NzQIEbS.exe
  C:\Windows\System\NzQIEbS.exe
  2⤵
  PID:9548
- C:\Windows\System\SmYIOlo.exe
  C:\Windows\System\SmYIOlo.exe
  2⤵
  PID:9964
- C:\Windows\System\hqREozC.exe
  C:\Windows\System\hqREozC.exe
  2⤵
  PID:10116
- C:\Windows\System\VhHUpbl.exe
  C:\Windows\System\VhHUpbl.exe
  2⤵
  PID:10160
- C:\Windows\System\yRGuCob.exe
  C:\Windows\System\yRGuCob.exe
  2⤵
  PID:8992
- C:\Windows\System\WJhhaqH.exe
  C:\Windows\System\WJhhaqH.exe
  2⤵
  PID:9356
- C:\Windows\System\TWRsKvQ.exe
  C:\Windows\System\TWRsKvQ.exe
  2⤵
  PID:9588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\Ajvvrpw.exe

Filesize
6.0MB

MD5
51e9e7ee22ef5c3ce2f328c3305da1d6

SHA1
223e88ed74c3ee4068700c27faab5e52452036ae

SHA256
56d3109e6a9453923c19229a02ed54928e76fa41a2ca81ffcf2df3a66ee35f54

SHA512
5a44c2d6692c41043fcb3d83ed82deba888e53a90d258a7fcbf7640d635b39117a550d3afbef3f81a41c3b651f1f9274caef9988c2f786768812c1fbc07e0dd2

Download Submit
C:\Windows\system\AtuiAYQ.exe

Filesize
6.0MB

MD5
59bb1db879917516c07d52726c4c4719

SHA1
664fb568aa59e0e62cdbed29789f069e9c29250f

SHA256
dd5047dd7623bc184b74cbc42490440be004909abebb68c2169713906c095d77

SHA512
e553c8cb90a98d254c07b5339d2e61550ba94e55e21c6bfc1b87764b9102252ed16160d8116ab8f1116d13be9d069f802496d688281c1b48f4719e40c1fe4689

Download Submit
C:\Windows\system\ChgNKhf.exe

Filesize
6.0MB

MD5
8d13f4504b74a509ace3858f21886581

SHA1
98afc75e9390fa8194ccb4b260f4d09b642867c5

SHA256
07107e880bbddd44f6bca583432cd25bae8d9e1abcf1df4213028c4732fdaec2

SHA512
7993bf30013bdf7fe34b8a1b21b76aef296d0c57e933052dccf982ee69e741a13eb582864d59c2c89c2ae5a9e47e3a571a96ff917cc24dd937cf3181fe5cfa27

Download Submit
C:\Windows\system\ElvsUJg.exe

Filesize
6.0MB

MD5
f9c5ecfa510003d6b0b2e0b203e221df

SHA1
70656155c2aabd66471ac8fb0aacbf34dd2f363e

SHA256
2f8c85fcab0a62200388db9af03f45f19362462955d4fdb78c5f639cfe1532ae

SHA512
d76a0b9ab5ca670c6da2e95a65cf61c8503dd1b11f40fe56dded3989c514fc2f929fdffafd9655e1f22133aae8ebbcfd9fcce7c05c7df826536383ec673b21ed

Download Submit
C:\Windows\system\HIBRYex.exe

Filesize
6.0MB

MD5
4d09221a4d5a6c942aeb579c0e2c0899

SHA1
b3f7eeb29392b08edcfa9c6ab06eda24cc9fc7c3

SHA256
5cab10e87d5b4b47171afed76d44d3615222baebb0ed2aa664dd65eb88961546

SHA512
baeac6a8d157b36c553ba5b658342aeb1ecd772ad266bca93bd4c02a9bcd00b99bf4d3b1f56ff573c0f2dbfd4325c6a883d021c47e4bdf618c349bbcf147e6df

Download Submit
C:\Windows\system\KPJXElx.exe

Filesize
6.0MB

MD5
5ad6b0db293144669317c97eaf9a2769

SHA1
364ae2d06652883a14e0ea8daa3cacdc41c121bc

SHA256
6e59fede14200fc91e42bead051f9419fa1bb9513436d776e8793a057106e43a

SHA512
2e15c1b188a1ece39b690c74a1ae87dab5151c0c387cd3f27643ad1723c10f372c112efebbd9bc4249c7b056aa3402fceb57663e5d4794c5c8bc4d9a03911cdb

Download Submit
C:\Windows\system\KkHMnAT.exe

Filesize
6.0MB

MD5
81ae27d28fffa688664898baabcc76e1

SHA1
ba0123cc76d484fe9e1d4363c0a24c6b64445d61

SHA256
d71d22b092326d4702a3620c39d0f27fef3298ce1fec13d3a12bc87524e718e7

SHA512
813b56f9cc0e9e9da51c781b2aa61c5d36836331ecf4762b5ad896a6fcc6ba5640acb42e5c351b586a78d978b1666bd0ac654b0a3660b2462bb29f3d44b8a61e

Download Submit
C:\Windows\system\LelFkVa.exe

Filesize
6.0MB

MD5
0a7e99a527300b693b7f406f19f5f62c

SHA1
0c4d5b7758497e7babb60a50e2aaa65bdb8bf0d4

SHA256
6e884aa977aceedf100500fbb3b962b65c4b38fc342aa4c7c62008e1181d60c6

SHA512
d3c34dbc8431863cb50b78eefe44a3d2f23bba75ba127a5d606127d9f67b67049b72a339f4e620ceaa4530a01d1f0686a544b21e4026bc6e34b30ca8de81822c

Download Submit
C:\Windows\system\ODlFvhF.exe

Filesize
6.0MB

MD5
dae9a59da4f511b97d5217a0a473ad38

SHA1
1ab91c0590bebd18f2db5a90a2bf292995ec52c8

SHA256
da5b029c406f9e6315652c15621ce4b484da3cc2b7d74dbc188a74eb66c06d35

SHA512
3cfbd82f1de0344029a223ed7c6bef647e6163394b712bf06dc660d57fcbc18e23031aa0e5175007cde7bd757ccb1d7bf4e3bb71bd93269d2863cf884087e8b1

Download Submit
C:\Windows\system\SJCbyHE.exe

Filesize
6.0MB

MD5
2c44ac9d9fe1b567430900c7e1f4071b

SHA1
498ec9cfc1769285f3fcdc22c133c3dacb19e47e

SHA256
305a8b296a4e3269a01736e40d6e1bb0258ad7e6efa0faef1d4b1639fb08f39a

SHA512
f1d933aa432c248344b9b25830c2712f8ecb9f09e66620fd78fea6c4e84d4d7840557025518f74da53126cd649e7530735eb660b90881d26fbcf835ef1aa1883

Download Submit
C:\Windows\system\ThuBMbN.exe

Filesize
6.0MB

MD5
035ad8a81d0845b2de498df03e5d335a

SHA1
8c62b8f3672493e6295c05b18f67adaffb1936e0

SHA256
6e852fcfb3b33cf576222c8f57b1c00f2596d8e9a90ce164ef538c6b894e268c

SHA512
232798f73f376a5e55b1b6af97a021917b9201968547808e48186eeb46af8f6b5fc3d78ab78a396e73b7cc348d7b3e3b3cf4b3bbafa7afd82a8fd3dc72bcbc07

Download Submit
C:\Windows\system\TqjGSRQ.exe

Filesize
6.0MB

MD5
fe670cc7089a7a058e69a248e2d95959

SHA1
0675b6f403ceb48cdfa352c2e59033bd61f3993b

SHA256
c7c1a4ded8e0f9f161f8670f0c4d2cff69c5a13949e1082aecca6aef9de967b2

SHA512
97890e26d613a6fc9bd2a48c7f9b1947c681aff66e83ae344c9fc0bf009f9ca4a6649c0262395454cc6d159f3ec54d675e2441d38d3357c628fca642f1932110

Download Submit
C:\Windows\system\XGGZUgS.exe

Filesize
6.0MB

MD5
2c5e5f9f0ecdf7957d8fd68dfaffbe4c

SHA1
23cf5bca63e9d327390ac5f3977e5c12f729fd75

SHA256
2f9fc225ca349e4785154fe5a162dd1e9630ff0ba307b2679a8ef6af60908053

SHA512
f454df8ff931343d12ec2a424e7761b69b17eb81963e10edb6f19d0460edd8db756e86ea29c251ae834adf319bbbae5a635ab9daa9419031225401793c392b77

Download Submit
C:\Windows\system\XVCjFoT.exe

Filesize
6.0MB

MD5
f7b8a394bdb1c1191741c64fc0cd8471

SHA1
84deaffd98fefa533e9238252dee2724934876d6

SHA256
e47e79d81d007eccb9e48170d67895385b8547a73b7d619d081bb2f839b1eccc

SHA512
78b894019db653c4db476224bc27c05909697cdd2f2631cce6e630c06c25dabd352d73a35afe0a6f61a9fda59a7a8fcc0aa75791deb5ab705e6d237631ceb378

Download Submit
C:\Windows\system\YpqXSBH.exe

Filesize
6.0MB

MD5
a8ce39b5f3fb2d35df0055ad66c0a1b6

SHA1
5f16dc4d6e5544d44bef5d960d58ca5deca2dd62

SHA256
27798a00d940f879da26a554e7e5570a8ad251c5db493baed78a55b0663e8509

SHA512
b1beb0d455ae568fbe05bf23ab8f608cb396edd0123b1ffa19fb307d25e5e04d548e9aab1ef730f60b29b748c0b72b3a036ff2e6ae5ff992566bb01b64c87d99

Download Submit
C:\Windows\system\afumMpb.exe

Filesize
6.0MB

MD5
1e765690ab7bb3e5b5def713bfd800cf

SHA1
8c4dff11e1cef9af2a387decdb9acf548bd7c879

SHA256
06444054a638de3936dc9558f5b5d247c41c74974c15ab63c53d4ef1ff00aca2

SHA512
0e95754ed39d6ebb293bdb27b65932ad703b15a8d5118ef76a64d437ad230aa0d38ae440678e029b49da9df10af24c31e910edf64140cda147c3cc9e9d73db76

Download Submit
C:\Windows\system\dFfIbFL.exe

Filesize
6.0MB

MD5
84f5607f4f30d1d94db14beea8fbb990

SHA1
84bb0605d94938ce5172afe3bf8d26d22bd28c63

SHA256
1800c4f9cec56080f74b200a8568302340e6f9820138bdd3fddbfb4a015c6e84

SHA512
57487f2d526471bb03a74bca2e44a1dd8676b8dcce827deb7ed585a105c002195429e3abcaf08d736ea612494bdfbc1d8c35fe346d4aa251500e2465e1d8ef22

Download Submit
C:\Windows\system\gHEaoCn.exe

Filesize
6.0MB

MD5
8c5c43aeabb72d9123b7beedde54688d

SHA1
9bbbb6b5f3f730c86231073d6550ea07bf6806fd

SHA256
f4949a4c6aa457f5355eba2875e7eb7e2a28c50a3639062115729962d88d672c

SHA512
b61981ef797887de16c7e3ec5bd3ad262faf542d7cdcf95028bf0a98650159c13375d764b6dc5be9ec326ce079da555fab4bddf1edfd2566cef399abaf8c0532

Download Submit
C:\Windows\system\gtHXBMg.exe

Filesize
6.0MB

MD5
cc66a51c9ce7d24686fb9de962caa8db

SHA1
d7460d614304a2a158602a1d4aa53ff0b9694129

SHA256
73ad17f635545118abfa471074a9d6114cec39342418814f6b48ff84b3acf6d7

SHA512
d05d7a2b5bdfb75498ab383d52177e84a2e28fd51f7bb88924001a9a688def41e8147b366acf21d6dc013665d96ef493dea31773c1bb73abfaeed1f63b1c6f16

Download Submit
C:\Windows\system\mrJlmCH.exe

Filesize
6.0MB

MD5
b8177108f918625303f5f20b2d40093c

SHA1
719d7bb3defe1403418c88c9855c1a65bc4fcbe0

SHA256
cb034db3f848f384facd1051d928f63e384b0fed542b13e3d65c60150b090c46

SHA512
6a9a9ea10ca7c1a7d56ca078f57a7afe293aba5a32e2b092d19aedcbed0759750c6b55cfb2b2be36781ac3d8fc35847861d3cb2e553bacd3fac35b8be202cb3c

Download Submit
C:\Windows\system\oqxqXMc.exe

Filesize
6.0MB

MD5
eb36e14cae055fb612d9c3367b8e46bb

SHA1
7e29f62ff047bd266c7d6f73ee47928a054ece09

SHA256
f06a9cbfbf01d0f31ace6f80716481d527b469f7bb114507fa7c8c40c061efa7

SHA512
02d7576065ff8652571267f773d6723ab35aa4df087d83006fe50765f82b1c4497d3b942275b4998c6b6de719cd9c443ccfa209948a2fa3ea6230d96e55e2e04

Download Submit
C:\Windows\system\pwbytnk.exe

Filesize
6.0MB

MD5
b0a21df6d96e49ca66416a5693066c15

SHA1
7147912d395c7d12f428e3deba1bf6fd8e5194df

SHA256
9fd8155c9bb5f6bd3bfdeb22c7fd6b8c10aeebcde8ef939d515b44f94a1cda11

SHA512
cac711069243f46cb63298183b36f6624905a6d44f4e97a0f9ff5daf25c3bdb8176d9afbeeed02d3dcac59cb99ddedc0cfce778f7dae9ec2649812ee9bebfd78

Download Submit
C:\Windows\system\qtbNKke.exe

Filesize
6.0MB

MD5
ed43c4b0c1b515534273101ed798a93b

SHA1
27036ae58fe36164c16761ada374953469f65393

SHA256
4fb0010e2914ef0e3a9c9742c8744cb5bbdee0532b44b6668a9907946ba5ee27

SHA512
6641e936c313c95ae1f8fefb3056a508a87db7aa3eb6578d2b78f11dc4b7717c51956611112e73aa431341d7d87eeab7096c32de76d0a30db4327f1fb60707c9

Download Submit
C:\Windows\system\sKWIKSm.exe

Filesize
6.0MB

MD5
5cabb2b60febf4410529614ff4c5d23b

SHA1
dbb32dbe20e40ecbde14bf6a0f4f56669098a8fe

SHA256
d515f39a49784c9213e7d4b9a6df28f66b941ba1607c4acf3a0717716e2fe87e

SHA512
13e22189d68ba4f74e1973b20d0ae62348159f7d1e0e5885d8afb8c02721b1d9b470373d220a13b55eb4582a4c71624dc9b3be5df4440aa389ac6d0480ee45ed

Download Submit
C:\Windows\system\uIyDFDD.exe

Filesize
6.0MB

MD5
d04e07542937b969fcfe97e6e2a008ff

SHA1
cab96690cf84569ac1244b4cfa296b4dd39913c4

SHA256
d85f877f618006d108ce247c07958c6e204a144f5681fb31bdff5347486928b1

SHA512
cc78a17714c39f97a07e3221a187aea5ddab06272e5a7f4758f3590aa20ac07d44a4e65cb241a96933d083a31523ecf46526c88f91e901c27cd82c315f69eae1

Download Submit
C:\Windows\system\unpSCEj.exe

Filesize
6.0MB

MD5
0e93f9b49bcf28a69401476e58ef2f58

SHA1
348338219ae700c93e5a8096ae89a0afda6a7404

SHA256
f15bd5f3b10823b67a032b4312568b74ef5835cebcf2bf382a7c67823dfb4693

SHA512
8ce00f21d9379c926e7b6f286177b4211d200d1c1838bab8155f8fa3134d871b96bbd5c2df8153c7ba66cf7f657c142e0b0a7960f262b05be7ae43b6b95a5e53

Download Submit
C:\Windows\system\wIYScBa.exe

Filesize
6.0MB

MD5
d16801371771978e959050da7130d10f

SHA1
7e6c26e2a2e20237936463eb4404ffe8f44d4bb4

SHA256
d9c8227150d81e0205a0e5bd6bb6f9547daf424352d4344ea54590436e0c49f6

SHA512
65b400020370ed42f72613aa710b8492b8c732e78ac0ee77c8821ff498b4e59408ab2457be2f1c3e38bcff0fc8b41c326e5022be6c4d1fbc20da22fff579b828

Download Submit
C:\Windows\system\yCqyABp.exe

Filesize
6.0MB

MD5
9afc7b44443fc56454a038cd00bd000d

SHA1
0846d943ea435479be87209453cc68978fbfa713

SHA256
3e14e52e408366fb4ee0efeee2327edbced157fe43ab5e750134ab99030d8c2c

SHA512
b034593eb46ec84a5b6344c27fb6232c897163fe8797a1f7125ff31ced007298319fc151c4495ece42e6bde66d38ee3740d6c953b82ca6de128a7547cb486fb2

Download Submit
\Windows\system\FlOiMHR.exe

Filesize
6.0MB

MD5
51342cf94fb9074ddc6ee66ae891e7ce

SHA1
1cbb174cfe35f2ce7d260134dffdb02afa065560

SHA256
0f809ef38be4ceeeb44c43477bf83fc10c88e487359793099b379218d55dc836

SHA512
3dd54657a939efb5c4f15cd311d3cf5b10661b68d4c0736aad1e65df526bbf209ec662cba4b9d251dafa3e58c1f587fa518712617e116159eb3ab819774d5a03

Download Submit
\Windows\system\KZwTwVu.exe

Filesize
6.0MB

MD5
27fe6f324dbfd28c4b472937b68ec003

SHA1
d576d19f438b8666c8a8b513d78348f6e8479a54

SHA256
07b7d2d0a97fdc6ca2ec81b35c691cebb7cd58d9574ac1c9c53244ca84c68675

SHA512
79f02c32503dfecd0b92d23efcc1068847e20db519b496257ba4b1217310a487459d300acdb166dd7653b8dfeef0755827e62f06d409ad9a23d809ab1705785b

Download Submit
\Windows\system\QakCPXh.exe

Filesize
6.0MB

MD5
eebb62a2cea97e596260f0808de37f48

SHA1
7527c82fcdeea78df8012b18fe7ecf2e8129c443

SHA256
d1deb760529d4e6129f36dc9973bdc4680220ab356d36f5c5712dd8a721fd517

SHA512
7e41137066f317ec735b732da27a0d7fc8f5f27f3d107ff49601254cb5a3b8389e3d296fe74d095274871bee3a623807265be5cf60d305c458ed4bcdd8b587d0

Download Submit
\Windows\system\bdpFWUL.exe

Filesize
6.0MB

MD5
5f2008c1dc1aa59173e104dedea0aa9d

SHA1
872daba91ca45354eacd872868f662df809c583a

SHA256
68f1c50580c55d49dafbe6dd09f5a3c094ff6e088d314d08babc37ba2ef14d02

SHA512
50ce13fba1c5bbed54abd7f25bea58fe51c157bb9987c70cec2cfaa571d4a32e02ce593517f24f65bc0680c97f7c596a695e6f1082ea2e372d5aeff919e12d4e

Download Submit
memory/588-103-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/588-3829-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/588-57-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1260-3700-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1260-33-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1396-3714-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1396-40-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1564-3833-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1564-102-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1740-94-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1740-3780-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1740-51-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2004-836-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-93-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-3848-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-452-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2180-79-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2180-3808-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2516-573-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-85-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-4316-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-44-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2604-87-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3707-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2616-69-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3830-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-23-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3709-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2652-34-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3710-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2724-78-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2724-572-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-835-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-109-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1245-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-74-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-70-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2724-1020-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-65-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-0-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-28-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-55-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2724-84-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-36-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-37-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2724-19-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2724-361-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2724-92-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-42-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2724-16-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-46-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2724-101-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-31-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3713-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-255-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-3804-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-72-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download