cobaltstrike | 448959e895d576f8f023c153d22d6072f01dcd80f3c0286ae0d4f5bf9fd13613

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-09-2024 12:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

13e533e58fb8eba434991f14614c16ac
SHA1

5287d6ca4d51f362630ba6f8e4793ab525da8c7e
SHA256

448959e895d576f8f023c153d22d6072f01dcd80f3c0286ae0d4f5bf9fd13613
SHA512

6aa5373b3cadd4303288653b59b2c4f0219fd5d9d67312ba8feddd974fe1683422f21aa8dc8751fa8ee3a354cf75b768c86eeba2ba7ae4444537effd67397db8
SSDEEP

98304:IapSdlWdfE0pZPD56utgpPFotBER/mQ32lU6:32Y56utgpPF8u/76

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000700000001211a-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d87-15.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d7e-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d8f-17.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d9a-25.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000015db1-35.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015e18-39.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c84-44.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3e-67.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173da-119.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fc-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018687-160.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017525-152.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018663-150.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a2-142.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017472-134.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f4-129.dat	cobalt_reflective_dll
behavioral1/files/0x000d00000001866e-157.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017487-148.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f1-124.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001706d-114.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eca-109.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ea4-104.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd7-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd1-94.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dbe-89.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9a-84.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d96-79.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d46-74.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d36-64.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d25-59.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cfc-54.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cd1-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015da7-29.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/2704-0-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/files/0x000700000001211a-6.dat	xmrig
behavioral1/files/0x0007000000015d87-15.dat	xmrig
behavioral1/files/0x0008000000015d7e-8.dat	xmrig
behavioral1/files/0x0007000000015d8f-17.dat	xmrig
behavioral1/files/0x0007000000015d9a-25.dat	xmrig
behavioral1/files/0x000a000000015db1-35.dat	xmrig
behavioral1/files/0x0009000000015e18-39.dat	xmrig
behavioral1/files/0x0006000000016c84-44.dat	xmrig
behavioral1/files/0x0006000000016d3e-67.dat	xmrig
behavioral1/files/0x00060000000173da-119.dat	xmrig
behavioral1/files/0x00060000000173fc-137.dat	xmrig
behavioral1/files/0x0005000000018687-160.dat	xmrig
behavioral1/memory/2752-471-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2820-473-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2704-1057-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2128-469-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/1432-467-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/792-465-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/320-463-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/3048-461-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/3036-459-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2620-457-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2552-455-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2668-450-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2580-448-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2592-446-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2688-444-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x0006000000017525-152.dat	xmrig
behavioral1/files/0x0014000000018663-150.dat	xmrig
behavioral1/files/0x00060000000174a2-142.dat	xmrig
behavioral1/files/0x0006000000017472-134.dat	xmrig
behavioral1/files/0x00060000000173f4-129.dat	xmrig
behavioral1/files/0x000d00000001866e-157.dat	xmrig
behavioral1/files/0x0006000000017487-148.dat	xmrig
behavioral1/files/0x00060000000173f1-124.dat	xmrig
behavioral1/files/0x000600000001706d-114.dat	xmrig
behavioral1/files/0x0006000000016eca-109.dat	xmrig
behavioral1/files/0x0006000000016ea4-104.dat	xmrig
behavioral1/files/0x0006000000016dd7-99.dat	xmrig
behavioral1/files/0x0006000000016dd1-94.dat	xmrig
behavioral1/files/0x0006000000016dbe-89.dat	xmrig
behavioral1/files/0x0006000000016d9a-84.dat	xmrig
behavioral1/files/0x0006000000016d96-79.dat	xmrig
behavioral1/files/0x0006000000016d46-74.dat	xmrig
behavioral1/files/0x0006000000016d36-64.dat	xmrig
behavioral1/files/0x0006000000016d25-59.dat	xmrig
behavioral1/files/0x0006000000016cfc-54.dat	xmrig
behavioral1/files/0x0006000000016cd1-49.dat	xmrig
behavioral1/files/0x0007000000015da7-29.dat	xmrig
behavioral1/memory/2580-4013-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/320-4015-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2552-4014-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/1432-4016-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2688-4123-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2128-4108-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/792-4096-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2820-4076-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/3048-4075-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2668-4074-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/memory/2620-4051-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/3036-4049-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2752-4024-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2752	DNODeMk.exe
2688	lygwnOY.exe
2820	feQHddm.exe
2592	ywgfyof.exe
2580	SfIphXu.exe
2668	LCyPsxT.exe
2552	QwSrUwu.exe
2620	ANRMXUF.exe
3036	KRqWzMd.exe
3048	HOGMAPf.exe
320	JJsRJSw.exe
792	hDBmDKi.exe
1432	htsbvkf.exe
2128	oKpRXBT.exe
2652	UgrqqpJ.exe
868	CGWLRSy.exe
2512	tToAYmj.exe
2644	SvYERZT.exe
2544	QhlfqLb.exe
2864	NeaxqVZ.exe
2932	unNNlIH.exe
1864	pJHurbd.exe
1720	HOWbpZD.exe
2916	rGuPeMj.exe
1784	ruXagmv.exe
2908	ksmGwIP.exe
2172	pmQTKyC.exe
2132	upPVhoL.exe
2400	VabHTvL.exe
2052	eSRvhlS.exe
856	LUMUFPi.exe
2412	gOnZKhR.exe
872	EdWJuGk.exe
2248	nJBWEow.exe
2008	YBCYLII.exe
108	iuACEMQ.exe
1192	OetUdHZ.exe
2420	ewOSdZp.exe
1056	UyNxhwj.exe
1380	NihSysr.exe
1376	vQEFRlH.exe
916	MOwHNtl.exe
972	JnuCZcQ.exe
2488	vHoJetP.exe
2508	PbySFcm.exe
2364	CONCZcD.exe
1412	EuyVNCB.exe
1156	AYRWFLg.exe
2304	SorDrzO.exe
2528	oamXQnK.exe
2952	CnuqlwU.exe
2200	spOjUKl.exe
2092	KpfhVwf.exe
1508	dDeoZDo.exe
2772	rRzFeVI.exe
2700	GuuHyal.exe
2956	uskrECM.exe
2560	vjobZxG.exe
2692	OdldjXZ.exe
2600	UlVebEv.exe
376	WKqYwrt.exe
664	DcVNPws.exe
2176	phDufEH.exe
2616	zSaQRTj.exe

Loads dropped DLL 64 IoCs

pid	Process
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2704-0-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/files/0x000700000001211a-6.dat	upx
behavioral1/files/0x0007000000015d87-15.dat	upx
behavioral1/files/0x0008000000015d7e-8.dat	upx
behavioral1/files/0x0007000000015d8f-17.dat	upx
behavioral1/files/0x0007000000015d9a-25.dat	upx
behavioral1/files/0x000a000000015db1-35.dat	upx
behavioral1/files/0x0009000000015e18-39.dat	upx
behavioral1/files/0x0006000000016c84-44.dat	upx
behavioral1/files/0x0006000000016d3e-67.dat	upx
behavioral1/files/0x00060000000173da-119.dat	upx
behavioral1/files/0x00060000000173fc-137.dat	upx
behavioral1/files/0x0005000000018687-160.dat	upx
behavioral1/memory/2752-471-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2820-473-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2704-1057-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2128-469-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/1432-467-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/792-465-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/320-463-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/3048-461-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/3036-459-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2620-457-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2552-455-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2668-450-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2580-448-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2592-446-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2688-444-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x0006000000017525-152.dat	upx
behavioral1/files/0x0014000000018663-150.dat	upx
behavioral1/files/0x00060000000174a2-142.dat	upx
behavioral1/files/0x0006000000017472-134.dat	upx
behavioral1/files/0x00060000000173f4-129.dat	upx
behavioral1/files/0x000d00000001866e-157.dat	upx
behavioral1/files/0x0006000000017487-148.dat	upx
behavioral1/files/0x00060000000173f1-124.dat	upx
behavioral1/files/0x000600000001706d-114.dat	upx
behavioral1/files/0x0006000000016eca-109.dat	upx
behavioral1/files/0x0006000000016ea4-104.dat	upx
behavioral1/files/0x0006000000016dd7-99.dat	upx
behavioral1/files/0x0006000000016dd1-94.dat	upx
behavioral1/files/0x0006000000016dbe-89.dat	upx
behavioral1/files/0x0006000000016d9a-84.dat	upx
behavioral1/files/0x0006000000016d96-79.dat	upx
behavioral1/files/0x0006000000016d46-74.dat	upx
behavioral1/files/0x0006000000016d36-64.dat	upx
behavioral1/files/0x0006000000016d25-59.dat	upx
behavioral1/files/0x0006000000016cfc-54.dat	upx
behavioral1/files/0x0006000000016cd1-49.dat	upx
behavioral1/files/0x0007000000015da7-29.dat	upx
behavioral1/memory/2580-4013-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/320-4015-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2552-4014-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/1432-4016-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2688-4123-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2128-4108-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/792-4096-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2820-4076-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/3048-4075-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2668-4074-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/memory/2620-4051-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/3036-4049-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2752-4024-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\liDguhq.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZxHWbrI.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qJbpzUg.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ypVojnC.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ygZdEFv.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aSqapkZ.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OKunIcv.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yRKmXxA.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQeXzAG.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TkBNVSh.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gcejGQZ.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KKkkuRx.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYbyzJN.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OYieVpU.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HOWbpZD.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjltPVc.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pZlrKwO.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNDPmEr.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\idBKSEy.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLqfZfo.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\shXjvNM.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wpCmWPg.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnkaeBu.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xBcfXNS.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aJzOcsx.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjCAEUA.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SWnReaC.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YqKkyem.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VEepQXq.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GqYILEd.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvYERZT.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uZaoPsA.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\haKPmZl.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bRdAzpg.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VabHTvL.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\euaSKBG.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLyNHbx.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNKbDiC.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYJICNF.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUgmdAP.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LoaYDaL.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tfxcnPX.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ksmGwIP.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cRscJBF.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\McIrcki.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\deOVwLp.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cEfysKR.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ptVkisT.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgolNXF.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xIPsneI.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYhoHzO.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PwQNftY.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXpbmTe.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IsyvVuy.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vQEFRlH.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mxsaGRS.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iMhTllI.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFbxSSh.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FDgrYlM.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ihXrgGT.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWwkZcn.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RKtztvW.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gjPyFhn.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qZOMPYU.exe	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 2752	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2704 wrote to memory of 2752	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2704 wrote to memory of 2752	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2704 wrote to memory of 2688	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2704 wrote to memory of 2688	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2704 wrote to memory of 2688	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2704 wrote to memory of 2820	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2704 wrote to memory of 2820	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2704 wrote to memory of 2820	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2704 wrote to memory of 2592	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2704 wrote to memory of 2592	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2704 wrote to memory of 2592	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2704 wrote to memory of 2580	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2704 wrote to memory of 2580	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2704 wrote to memory of 2580	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2704 wrote to memory of 2668	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2704 wrote to memory of 2668	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2704 wrote to memory of 2668	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2704 wrote to memory of 2552	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2704 wrote to memory of 2552	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2704 wrote to memory of 2552	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2704 wrote to memory of 2620	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2704 wrote to memory of 2620	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2704 wrote to memory of 2620	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2704 wrote to memory of 3036	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2704 wrote to memory of 3036	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2704 wrote to memory of 3036	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2704 wrote to memory of 3048	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2704 wrote to memory of 3048	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2704 wrote to memory of 3048	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2704 wrote to memory of 320	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2704 wrote to memory of 320	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2704 wrote to memory of 320	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2704 wrote to memory of 792	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2704 wrote to memory of 792	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2704 wrote to memory of 792	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2704 wrote to memory of 1432	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2704 wrote to memory of 1432	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2704 wrote to memory of 1432	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2704 wrote to memory of 2128	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2704 wrote to memory of 2128	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2704 wrote to memory of 2128	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2704 wrote to memory of 2652	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2704 wrote to memory of 2652	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2704 wrote to memory of 2652	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2704 wrote to memory of 868	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2704 wrote to memory of 868	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2704 wrote to memory of 868	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2704 wrote to memory of 2512	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2704 wrote to memory of 2512	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2704 wrote to memory of 2512	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2704 wrote to memory of 2644	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2704 wrote to memory of 2644	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2704 wrote to memory of 2644	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2704 wrote to memory of 2544	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2704 wrote to memory of 2544	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2704 wrote to memory of 2544	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2704 wrote to memory of 2864	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2704 wrote to memory of 2864	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2704 wrote to memory of 2864	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2704 wrote to memory of 2932	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2704 wrote to memory of 2932	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2704 wrote to memory of 2932	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2704 wrote to memory of 1864	2704	2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-14_13e533e58fb8eba434991f14614c16ac_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Windows\System\DNODeMk.exe
  C:\Windows\System\DNODeMk.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\lygwnOY.exe
  C:\Windows\System\lygwnOY.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\feQHddm.exe
  C:\Windows\System\feQHddm.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\ywgfyof.exe
  C:\Windows\System\ywgfyof.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\SfIphXu.exe
  C:\Windows\System\SfIphXu.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\LCyPsxT.exe
  C:\Windows\System\LCyPsxT.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\QwSrUwu.exe
  C:\Windows\System\QwSrUwu.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\ANRMXUF.exe
  C:\Windows\System\ANRMXUF.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\KRqWzMd.exe
  C:\Windows\System\KRqWzMd.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\HOGMAPf.exe
  C:\Windows\System\HOGMAPf.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\JJsRJSw.exe
  C:\Windows\System\JJsRJSw.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\hDBmDKi.exe
  C:\Windows\System\hDBmDKi.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\htsbvkf.exe
  C:\Windows\System\htsbvkf.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\oKpRXBT.exe
  C:\Windows\System\oKpRXBT.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\UgrqqpJ.exe
  C:\Windows\System\UgrqqpJ.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\CGWLRSy.exe
  C:\Windows\System\CGWLRSy.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\tToAYmj.exe
  C:\Windows\System\tToAYmj.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\SvYERZT.exe
  C:\Windows\System\SvYERZT.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\QhlfqLb.exe
  C:\Windows\System\QhlfqLb.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\NeaxqVZ.exe
  C:\Windows\System\NeaxqVZ.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\unNNlIH.exe
  C:\Windows\System\unNNlIH.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\pJHurbd.exe
  C:\Windows\System\pJHurbd.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\HOWbpZD.exe
  C:\Windows\System\HOWbpZD.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\rGuPeMj.exe
  C:\Windows\System\rGuPeMj.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\ruXagmv.exe
  C:\Windows\System\ruXagmv.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\ksmGwIP.exe
  C:\Windows\System\ksmGwIP.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\pmQTKyC.exe
  C:\Windows\System\pmQTKyC.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\EdWJuGk.exe
  C:\Windows\System\EdWJuGk.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\upPVhoL.exe
  C:\Windows\System\upPVhoL.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\nJBWEow.exe
  C:\Windows\System\nJBWEow.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\VabHTvL.exe
  C:\Windows\System\VabHTvL.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\YBCYLII.exe
  C:\Windows\System\YBCYLII.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\eSRvhlS.exe
  C:\Windows\System\eSRvhlS.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\iuACEMQ.exe
  C:\Windows\System\iuACEMQ.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\LUMUFPi.exe
  C:\Windows\System\LUMUFPi.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\OetUdHZ.exe
  C:\Windows\System\OetUdHZ.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\gOnZKhR.exe
  C:\Windows\System\gOnZKhR.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\ewOSdZp.exe
  C:\Windows\System\ewOSdZp.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\UyNxhwj.exe
  C:\Windows\System\UyNxhwj.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\NihSysr.exe
  C:\Windows\System\NihSysr.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\vQEFRlH.exe
  C:\Windows\System\vQEFRlH.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\MOwHNtl.exe
  C:\Windows\System\MOwHNtl.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\JnuCZcQ.exe
  C:\Windows\System\JnuCZcQ.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\vHoJetP.exe
  C:\Windows\System\vHoJetP.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\PbySFcm.exe
  C:\Windows\System\PbySFcm.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\CONCZcD.exe
  C:\Windows\System\CONCZcD.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\EuyVNCB.exe
  C:\Windows\System\EuyVNCB.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\AYRWFLg.exe
  C:\Windows\System\AYRWFLg.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\SorDrzO.exe
  C:\Windows\System\SorDrzO.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\oamXQnK.exe
  C:\Windows\System\oamXQnK.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\CnuqlwU.exe
  C:\Windows\System\CnuqlwU.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\spOjUKl.exe
  C:\Windows\System\spOjUKl.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\KpfhVwf.exe
  C:\Windows\System\KpfhVwf.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\dDeoZDo.exe
  C:\Windows\System\dDeoZDo.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\rRzFeVI.exe
  C:\Windows\System\rRzFeVI.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\GuuHyal.exe
  C:\Windows\System\GuuHyal.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\uskrECM.exe
  C:\Windows\System\uskrECM.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\OdldjXZ.exe
  C:\Windows\System\OdldjXZ.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\vjobZxG.exe
  C:\Windows\System\vjobZxG.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\UlVebEv.exe
  C:\Windows\System\UlVebEv.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\WKqYwrt.exe
  C:\Windows\System\WKqYwrt.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\xyuTqAY.exe
  C:\Windows\System\xyuTqAY.exe
  2⤵
  PID:332
- C:\Windows\System\DcVNPws.exe
  C:\Windows\System\DcVNPws.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\xmYgCLX.exe
  C:\Windows\System\xmYgCLX.exe
  2⤵
  PID:300
- C:\Windows\System\phDufEH.exe
  C:\Windows\System\phDufEH.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\DmIbuhc.exe
  C:\Windows\System\DmIbuhc.exe
  2⤵
  PID:2900
- C:\Windows\System\zSaQRTj.exe
  C:\Windows\System\zSaQRTj.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\KVDmEPL.exe
  C:\Windows\System\KVDmEPL.exe
  2⤵
  PID:2044
- C:\Windows\System\poELCIm.exe
  C:\Windows\System\poELCIm.exe
  2⤵
  PID:2356
- C:\Windows\System\MUlsVSK.exe
  C:\Windows\System\MUlsVSK.exe
  2⤵
  PID:2196
- C:\Windows\System\XRKnwvb.exe
  C:\Windows\System\XRKnwvb.exe
  2⤵
  PID:1132
- C:\Windows\System\YoCmbYX.exe
  C:\Windows\System\YoCmbYX.exe
  2⤵
  PID:2880
- C:\Windows\System\NPFQMoy.exe
  C:\Windows\System\NPFQMoy.exe
  2⤵
  PID:2936
- C:\Windows\System\eWFjIaT.exe
  C:\Windows\System\eWFjIaT.exe
  2⤵
  PID:2228
- C:\Windows\System\whHRFnI.exe
  C:\Windows\System\whHRFnI.exe
  2⤵
  PID:2232
- C:\Windows\System\EluPLlX.exe
  C:\Windows\System\EluPLlX.exe
  2⤵
  PID:1712
- C:\Windows\System\lBMHmbJ.exe
  C:\Windows\System\lBMHmbJ.exe
  2⤵
  PID:408
- C:\Windows\System\AwQQItM.exe
  C:\Windows\System\AwQQItM.exe
  2⤵
  PID:1324
- C:\Windows\System\FYuuiKr.exe
  C:\Windows\System\FYuuiKr.exe
  2⤵
  PID:760
- C:\Windows\System\rHZuSHE.exe
  C:\Windows\System\rHZuSHE.exe
  2⤵
  PID:1920
- C:\Windows\System\IaSIxve.exe
  C:\Windows\System\IaSIxve.exe
  2⤵
  PID:1904
- C:\Windows\System\IEsbdZj.exe
  C:\Windows\System\IEsbdZj.exe
  2⤵
  PID:928
- C:\Windows\System\vcVhzPf.exe
  C:\Windows\System\vcVhzPf.exe
  2⤵
  PID:2524
- C:\Windows\System\osbbzgT.exe
  C:\Windows\System\osbbzgT.exe
  2⤵
  PID:316
- C:\Windows\System\AcFhzcv.exe
  C:\Windows\System\AcFhzcv.exe
  2⤵
  PID:2480
- C:\Windows\System\OaqUNxo.exe
  C:\Windows\System\OaqUNxo.exe
  2⤵
  PID:2284
- C:\Windows\System\XHnQDnZ.exe
  C:\Windows\System\XHnQDnZ.exe
  2⤵
  PID:1544
- C:\Windows\System\IOSdvkG.exe
  C:\Windows\System\IOSdvkG.exe
  2⤵
  PID:1628
- C:\Windows\System\EPKGnpC.exe
  C:\Windows\System\EPKGnpC.exe
  2⤵
  PID:2584
- C:\Windows\System\cJSuyse.exe
  C:\Windows\System\cJSuyse.exe
  2⤵
  PID:2556
- C:\Windows\System\OEsDcAv.exe
  C:\Windows\System\OEsDcAv.exe
  2⤵
  PID:2848
- C:\Windows\System\JDsrgrZ.exe
  C:\Windows\System\JDsrgrZ.exe
  2⤵
  PID:780
- C:\Windows\System\LlTIpKd.exe
  C:\Windows\System\LlTIpKd.exe
  2⤵
  PID:560
- C:\Windows\System\tfkzzru.exe
  C:\Windows\System\tfkzzru.exe
  2⤵
  PID:2224
- C:\Windows\System\DhiIIyl.exe
  C:\Windows\System\DhiIIyl.exe
  2⤵
  PID:2780
- C:\Windows\System\hPwBxMG.exe
  C:\Windows\System\hPwBxMG.exe
  2⤵
  PID:2860
- C:\Windows\System\suoGRSa.exe
  C:\Windows\System\suoGRSa.exe
  2⤵
  PID:2292
- C:\Windows\System\weyrwZL.exe
  C:\Windows\System\weyrwZL.exe
  2⤵
  PID:2216
- C:\Windows\System\DhhiDGL.exe
  C:\Windows\System\DhhiDGL.exe
  2⤵
  PID:2836
- C:\Windows\System\yGtDWDM.exe
  C:\Windows\System\yGtDWDM.exe
  2⤵
  PID:576
- C:\Windows\System\lNoKKdS.exe
  C:\Windows\System\lNoKKdS.exe
  2⤵
  PID:2032
- C:\Windows\System\FCfjFjW.exe
  C:\Windows\System\FCfjFjW.exe
  2⤵
  PID:896
- C:\Windows\System\IQRXnil.exe
  C:\Windows\System\IQRXnil.exe
  2⤵
  PID:1644
- C:\Windows\System\xpwVqdF.exe
  C:\Windows\System\xpwVqdF.exe
  2⤵
  PID:3076
- C:\Windows\System\YnFlAUN.exe
  C:\Windows\System\YnFlAUN.exe
  2⤵
  PID:3092
- C:\Windows\System\kkHSAbz.exe
  C:\Windows\System\kkHSAbz.exe
  2⤵
  PID:3112
- C:\Windows\System\iFStkIG.exe
  C:\Windows\System\iFStkIG.exe
  2⤵
  PID:3132
- C:\Windows\System\HThvcDo.exe
  C:\Windows\System\HThvcDo.exe
  2⤵
  PID:3148
- C:\Windows\System\vnJTZEj.exe
  C:\Windows\System\vnJTZEj.exe
  2⤵
  PID:3164
- C:\Windows\System\TSbjQng.exe
  C:\Windows\System\TSbjQng.exe
  2⤵
  PID:3180
- C:\Windows\System\QpLhoge.exe
  C:\Windows\System\QpLhoge.exe
  2⤵
  PID:3208
- C:\Windows\System\vjQUVLo.exe
  C:\Windows\System\vjQUVLo.exe
  2⤵
  PID:3224
- C:\Windows\System\YXlcAFv.exe
  C:\Windows\System\YXlcAFv.exe
  2⤵
  PID:3240
- C:\Windows\System\HTYYBbe.exe
  C:\Windows\System\HTYYBbe.exe
  2⤵
  PID:3260
- C:\Windows\System\pbatayQ.exe
  C:\Windows\System\pbatayQ.exe
  2⤵
  PID:3276
- C:\Windows\System\iPgVkoe.exe
  C:\Windows\System\iPgVkoe.exe
  2⤵
  PID:3292
- C:\Windows\System\LhbkNLv.exe
  C:\Windows\System\LhbkNLv.exe
  2⤵
  PID:3316
- C:\Windows\System\dETjDeF.exe
  C:\Windows\System\dETjDeF.exe
  2⤵
  PID:3336
- C:\Windows\System\QXvkStC.exe
  C:\Windows\System\QXvkStC.exe
  2⤵
  PID:3352
- C:\Windows\System\fPdRoML.exe
  C:\Windows\System\fPdRoML.exe
  2⤵
  PID:3368
- C:\Windows\System\MXuEZry.exe
  C:\Windows\System\MXuEZry.exe
  2⤵
  PID:3384
- C:\Windows\System\VRlopDV.exe
  C:\Windows\System\VRlopDV.exe
  2⤵
  PID:3400
- C:\Windows\System\uvteufR.exe
  C:\Windows\System\uvteufR.exe
  2⤵
  PID:3420
- C:\Windows\System\GciabkF.exe
  C:\Windows\System\GciabkF.exe
  2⤵
  PID:3440
- C:\Windows\System\jjRlpzX.exe
  C:\Windows\System\jjRlpzX.exe
  2⤵
  PID:3456
- C:\Windows\System\nqpSftu.exe
  C:\Windows\System\nqpSftu.exe
  2⤵
  PID:3472
- C:\Windows\System\DvdaAIl.exe
  C:\Windows\System\DvdaAIl.exe
  2⤵
  PID:3488
- C:\Windows\System\wKGYiLH.exe
  C:\Windows\System\wKGYiLH.exe
  2⤵
  PID:3504
- C:\Windows\System\mxsaGRS.exe
  C:\Windows\System\mxsaGRS.exe
  2⤵
  PID:3520
- C:\Windows\System\gSoJmEW.exe
  C:\Windows\System\gSoJmEW.exe
  2⤵
  PID:3540
- C:\Windows\System\DLOrwAH.exe
  C:\Windows\System\DLOrwAH.exe
  2⤵
  PID:3556
- C:\Windows\System\FBdEtfY.exe
  C:\Windows\System\FBdEtfY.exe
  2⤵
  PID:3572
- C:\Windows\System\rlirZUk.exe
  C:\Windows\System\rlirZUk.exe
  2⤵
  PID:3588
- C:\Windows\System\edLaSkm.exe
  C:\Windows\System\edLaSkm.exe
  2⤵
  PID:3608
- C:\Windows\System\vdBiIbF.exe
  C:\Windows\System\vdBiIbF.exe
  2⤵
  PID:3624
- C:\Windows\System\YNXqcfA.exe
  C:\Windows\System\YNXqcfA.exe
  2⤵
  PID:3640
- C:\Windows\System\XHSGBKw.exe
  C:\Windows\System\XHSGBKw.exe
  2⤵
  PID:3656
- C:\Windows\System\YrRkegy.exe
  C:\Windows\System\YrRkegy.exe
  2⤵
  PID:3804
- C:\Windows\System\fObGXTS.exe
  C:\Windows\System\fObGXTS.exe
  2⤵
  PID:3820
- C:\Windows\System\ptZTHBY.exe
  C:\Windows\System\ptZTHBY.exe
  2⤵
  PID:3836
- C:\Windows\System\hFZlDBx.exe
  C:\Windows\System\hFZlDBx.exe
  2⤵
  PID:3852
- C:\Windows\System\iiOXRGx.exe
  C:\Windows\System\iiOXRGx.exe
  2⤵
  PID:3868
- C:\Windows\System\krwFNtV.exe
  C:\Windows\System\krwFNtV.exe
  2⤵
  PID:3884
- C:\Windows\System\fBcbVDx.exe
  C:\Windows\System\fBcbVDx.exe
  2⤵
  PID:3900
- C:\Windows\System\pEWBNdF.exe
  C:\Windows\System\pEWBNdF.exe
  2⤵
  PID:3916
- C:\Windows\System\ypVojnC.exe
  C:\Windows\System\ypVojnC.exe
  2⤵
  PID:3932
- C:\Windows\System\FFPaBdq.exe
  C:\Windows\System\FFPaBdq.exe
  2⤵
  PID:3948
- C:\Windows\System\pJOBbHK.exe
  C:\Windows\System\pJOBbHK.exe
  2⤵
  PID:3964
- C:\Windows\System\CmVLqqh.exe
  C:\Windows\System\CmVLqqh.exe
  2⤵
  PID:3980
- C:\Windows\System\FKQLmwg.exe
  C:\Windows\System\FKQLmwg.exe
  2⤵
  PID:3996
- C:\Windows\System\Febillc.exe
  C:\Windows\System\Febillc.exe
  2⤵
  PID:4012
- C:\Windows\System\RUIceiz.exe
  C:\Windows\System\RUIceiz.exe
  2⤵
  PID:4028
- C:\Windows\System\KkTOOtZ.exe
  C:\Windows\System\KkTOOtZ.exe
  2⤵
  PID:4044
- C:\Windows\System\MsDbmnC.exe
  C:\Windows\System\MsDbmnC.exe
  2⤵
  PID:4060
- C:\Windows\System\ygZdEFv.exe
  C:\Windows\System\ygZdEFv.exe
  2⤵
  PID:4076
- C:\Windows\System\LXMyqCg.exe
  C:\Windows\System\LXMyqCg.exe
  2⤵
  PID:4092
- C:\Windows\System\QjYqngG.exe
  C:\Windows\System\QjYqngG.exe
  2⤵
  PID:2408
- C:\Windows\System\covUKqN.exe
  C:\Windows\System\covUKqN.exe
  2⤵
  PID:1956
- C:\Windows\System\jyPAoan.exe
  C:\Windows\System\jyPAoan.exe
  2⤵
  PID:700
- C:\Windows\System\pJHVDXn.exe
  C:\Windows\System\pJHVDXn.exe
  2⤵
  PID:1448
- C:\Windows\System\jpKuIoE.exe
  C:\Windows\System\jpKuIoE.exe
  2⤵
  PID:3100
- C:\Windows\System\AyVOBxo.exe
  C:\Windows\System\AyVOBxo.exe
  2⤵
  PID:3172
- C:\Windows\System\Luuemhi.exe
  C:\Windows\System\Luuemhi.exe
  2⤵
  PID:3248
- C:\Windows\System\rqAOHUX.exe
  C:\Windows\System\rqAOHUX.exe
  2⤵
  PID:3288
- C:\Windows\System\BVStAVJ.exe
  C:\Windows\System\BVStAVJ.exe
  2⤵
  PID:3360
- C:\Windows\System\urKVmhc.exe
  C:\Windows\System\urKVmhc.exe
  2⤵
  PID:3428
- C:\Windows\System\ZWTsBUD.exe
  C:\Windows\System\ZWTsBUD.exe
  2⤵
  PID:3468
- C:\Windows\System\FKDitud.exe
  C:\Windows\System\FKDitud.exe
  2⤵
  PID:3536
- C:\Windows\System\COCYDpn.exe
  C:\Windows\System\COCYDpn.exe
  2⤵
  PID:2456
- C:\Windows\System\kTrGddv.exe
  C:\Windows\System\kTrGddv.exe
  2⤵
  PID:1900
- C:\Windows\System\ChGlkoJ.exe
  C:\Windows\System\ChGlkoJ.exe
  2⤵
  PID:1424
- C:\Windows\System\JFQudie.exe
  C:\Windows\System\JFQudie.exe
  2⤵
  PID:2468
- C:\Windows\System\vkUiiQe.exe
  C:\Windows\System\vkUiiQe.exe
  2⤵
  PID:3064
- C:\Windows\System\uYkcPTu.exe
  C:\Windows\System\uYkcPTu.exe
  2⤵
  PID:3636
- C:\Windows\System\mkmkLkW.exe
  C:\Windows\System\mkmkLkW.exe
  2⤵
  PID:3704
- C:\Windows\System\NQYIWjP.exe
  C:\Windows\System\NQYIWjP.exe
  2⤵
  PID:1924
- C:\Windows\System\vdzYpQI.exe
  C:\Windows\System\vdzYpQI.exe
  2⤵
  PID:1032
- C:\Windows\System\EWrCTrQ.exe
  C:\Windows\System\EWrCTrQ.exe
  2⤵
  PID:2296
- C:\Windows\System\kwVqpyt.exe
  C:\Windows\System\kwVqpyt.exe
  2⤵
  PID:2500
- C:\Windows\System\pTAfcJf.exe
  C:\Windows\System\pTAfcJf.exe
  2⤵
  PID:2376
- C:\Windows\System\PhcuTiX.exe
  C:\Windows\System\PhcuTiX.exe
  2⤵
  PID:3200
- C:\Windows\System\OnaOgxT.exe
  C:\Windows\System\OnaOgxT.exe
  2⤵
  PID:3416
- C:\Windows\System\OwmoiyJ.exe
  C:\Windows\System\OwmoiyJ.exe
  2⤵
  PID:3648
- C:\Windows\System\LxVOEoH.exe
  C:\Windows\System\LxVOEoH.exe
  2⤵
  PID:3784
- C:\Windows\System\zxzmOue.exe
  C:\Windows\System\zxzmOue.exe
  2⤵
  PID:3484
- C:\Windows\System\DnOwclr.exe
  C:\Windows\System\DnOwclr.exe
  2⤵
  PID:3412
- C:\Windows\System\cRGDcDW.exe
  C:\Windows\System\cRGDcDW.exe
  2⤵
  PID:3348
- C:\Windows\System\xeiDOpT.exe
  C:\Windows\System\xeiDOpT.exe
  2⤵
  PID:3272
- C:\Windows\System\fxVLAvr.exe
  C:\Windows\System\fxVLAvr.exe
  2⤵
  PID:3192
- C:\Windows\System\cQOlwDh.exe
  C:\Windows\System\cQOlwDh.exe
  2⤵
  PID:3124
- C:\Windows\System\aEHLgMm.exe
  C:\Windows\System\aEHLgMm.exe
  2⤵
  PID:2800
- C:\Windows\System\uLFroZx.exe
  C:\Windows\System\uLFroZx.exe
  2⤵
  PID:1892
- C:\Windows\System\sXXaWrZ.exe
  C:\Windows\System\sXXaWrZ.exe
  2⤵
  PID:3044
- C:\Windows\System\VHJJQBX.exe
  C:\Windows\System\VHJJQBX.exe
  2⤵
  PID:604
- C:\Windows\System\OSGvEIJ.exe
  C:\Windows\System\OSGvEIJ.exe
  2⤵
  PID:3832
- C:\Windows\System\ZIhbONV.exe
  C:\Windows\System\ZIhbONV.exe
  2⤵
  PID:3844
- C:\Windows\System\ZkoJKPN.exe
  C:\Windows\System\ZkoJKPN.exe
  2⤵
  PID:3876
- C:\Windows\System\qqvQyDO.exe
  C:\Windows\System\qqvQyDO.exe
  2⤵
  PID:3924
- C:\Windows\System\VkfyYJT.exe
  C:\Windows\System\VkfyYJT.exe
  2⤵
  PID:3956
- C:\Windows\System\oCVIQJn.exe
  C:\Windows\System\oCVIQJn.exe
  2⤵
  PID:3972
- C:\Windows\System\CPJEuRe.exe
  C:\Windows\System\CPJEuRe.exe
  2⤵
  PID:4020
- C:\Windows\System\iMhTllI.exe
  C:\Windows\System\iMhTllI.exe
  2⤵
  PID:4040
- C:\Windows\System\hgvyOyP.exe
  C:\Windows\System\hgvyOyP.exe
  2⤵
  PID:4084
- C:\Windows\System\UVIEKee.exe
  C:\Windows\System\UVIEKee.exe
  2⤵
  PID:1932
- C:\Windows\System\hTixSGL.exe
  C:\Windows\System\hTixSGL.exe
  2⤵
  PID:2416
- C:\Windows\System\GSeylRr.exe
  C:\Windows\System\GSeylRr.exe
  2⤵
  PID:3016
- C:\Windows\System\FpIFYVF.exe
  C:\Windows\System\FpIFYVF.exe
  2⤵
  PID:3256
- C:\Windows\System\sMkmpKh.exe
  C:\Windows\System\sMkmpKh.exe
  2⤵
  PID:3328
- C:\Windows\System\vJoOKZd.exe
  C:\Windows\System\vJoOKZd.exe
  2⤵
  PID:3500
- C:\Windows\System\YsKMmUP.exe
  C:\Windows\System\YsKMmUP.exe
  2⤵
  PID:592
- C:\Windows\System\YyZIAzD.exe
  C:\Windows\System\YyZIAzD.exe
  2⤵
  PID:1196
- C:\Windows\System\jpQjywe.exe
  C:\Windows\System\jpQjywe.exe
  2⤵
  PID:3600
- C:\Windows\System\AFDEzMx.exe
  C:\Windows\System\AFDEzMx.exe
  2⤵
  PID:3620
- C:\Windows\System\hhIarFM.exe
  C:\Windows\System\hhIarFM.exe
  2⤵
  PID:2276
- C:\Windows\System\ERRPXZr.exe
  C:\Windows\System\ERRPXZr.exe
  2⤵
  PID:3584
- C:\Windows\System\humSXAX.exe
  C:\Windows\System\humSXAX.exe
  2⤵
  PID:3312
- C:\Windows\System\TvoSFik.exe
  C:\Windows\System\TvoSFik.exe
  2⤵
  PID:3516
- C:\Windows\System\wIUXUNK.exe
  C:\Windows\System\wIUXUNK.exe
  2⤵
  PID:3448
- C:\Windows\System\KUWxmVS.exe
  C:\Windows\System\KUWxmVS.exe
  2⤵
  PID:3304
- C:\Windows\System\rnbxvRT.exe
  C:\Windows\System\rnbxvRT.exe
  2⤵
  PID:3156
- C:\Windows\System\pOyFDtR.exe
  C:\Windows\System\pOyFDtR.exe
  2⤵
  PID:3232
- C:\Windows\System\xRrVoHA.exe
  C:\Windows\System\xRrVoHA.exe
  2⤵
  PID:3088
- C:\Windows\System\sXLNYjD.exe
  C:\Windows\System\sXLNYjD.exe
  2⤵
  PID:3860
- C:\Windows\System\NkaPoxm.exe
  C:\Windows\System\NkaPoxm.exe
  2⤵
  PID:3864
- C:\Windows\System\EHaVzHC.exe
  C:\Windows\System\EHaVzHC.exe
  2⤵
  PID:4100
- C:\Windows\System\NIBjoMc.exe
  C:\Windows\System\NIBjoMc.exe
  2⤵
  PID:4116
- C:\Windows\System\mFcEfSs.exe
  C:\Windows\System\mFcEfSs.exe
  2⤵
  PID:4132
- C:\Windows\System\mElBUKj.exe
  C:\Windows\System\mElBUKj.exe
  2⤵
  PID:4148
- C:\Windows\System\gOsurTA.exe
  C:\Windows\System\gOsurTA.exe
  2⤵
  PID:4164
- C:\Windows\System\deAjepP.exe
  C:\Windows\System\deAjepP.exe
  2⤵
  PID:4180
- C:\Windows\System\LikOuQF.exe
  C:\Windows\System\LikOuQF.exe
  2⤵
  PID:4196
- C:\Windows\System\ognlFan.exe
  C:\Windows\System\ognlFan.exe
  2⤵
  PID:4212
- C:\Windows\System\mvAkmSu.exe
  C:\Windows\System\mvAkmSu.exe
  2⤵
  PID:4228
- C:\Windows\System\YfPYriW.exe
  C:\Windows\System\YfPYriW.exe
  2⤵
  PID:4244
- C:\Windows\System\eWKECuo.exe
  C:\Windows\System\eWKECuo.exe
  2⤵
  PID:4260
- C:\Windows\System\VKVdXJw.exe
  C:\Windows\System\VKVdXJw.exe
  2⤵
  PID:4276
- C:\Windows\System\TOcjRnI.exe
  C:\Windows\System\TOcjRnI.exe
  2⤵
  PID:4292
- C:\Windows\System\yTLVFsA.exe
  C:\Windows\System\yTLVFsA.exe
  2⤵
  PID:4308
- C:\Windows\System\KNLsqII.exe
  C:\Windows\System\KNLsqII.exe
  2⤵
  PID:4324
- C:\Windows\System\vFxLZmM.exe
  C:\Windows\System\vFxLZmM.exe
  2⤵
  PID:4340
- C:\Windows\System\Aevttoz.exe
  C:\Windows\System\Aevttoz.exe
  2⤵
  PID:4356
- C:\Windows\System\yRLmjGc.exe
  C:\Windows\System\yRLmjGc.exe
  2⤵
  PID:4372
- C:\Windows\System\euaSKBG.exe
  C:\Windows\System\euaSKBG.exe
  2⤵
  PID:4388
- C:\Windows\System\TKTFTOB.exe
  C:\Windows\System\TKTFTOB.exe
  2⤵
  PID:4404
- C:\Windows\System\SLyNHbx.exe
  C:\Windows\System\SLyNHbx.exe
  2⤵
  PID:4420
- C:\Windows\System\JefIlGq.exe
  C:\Windows\System\JefIlGq.exe
  2⤵
  PID:4436
- C:\Windows\System\eZEwpdx.exe
  C:\Windows\System\eZEwpdx.exe
  2⤵
  PID:4452
- C:\Windows\System\PsVIFXW.exe
  C:\Windows\System\PsVIFXW.exe
  2⤵
  PID:4468
- C:\Windows\System\puuUnpO.exe
  C:\Windows\System\puuUnpO.exe
  2⤵
  PID:4484
- C:\Windows\System\gZIzkTw.exe
  C:\Windows\System\gZIzkTw.exe
  2⤵
  PID:4500
- C:\Windows\System\WkLfVym.exe
  C:\Windows\System\WkLfVym.exe
  2⤵
  PID:4516
- C:\Windows\System\yXoAxDO.exe
  C:\Windows\System\yXoAxDO.exe
  2⤵
  PID:4532
- C:\Windows\System\cRscJBF.exe
  C:\Windows\System\cRscJBF.exe
  2⤵
  PID:4548
- C:\Windows\System\ViWYgKt.exe
  C:\Windows\System\ViWYgKt.exe
  2⤵
  PID:4564
- C:\Windows\System\acNcbqb.exe
  C:\Windows\System\acNcbqb.exe
  2⤵
  PID:4580
- C:\Windows\System\kVRATfy.exe
  C:\Windows\System\kVRATfy.exe
  2⤵
  PID:4596
- C:\Windows\System\TJklVme.exe
  C:\Windows\System\TJklVme.exe
  2⤵
  PID:4612
- C:\Windows\System\ZSTrEaC.exe
  C:\Windows\System\ZSTrEaC.exe
  2⤵
  PID:4632
- C:\Windows\System\RNmGine.exe
  C:\Windows\System\RNmGine.exe
  2⤵
  PID:4648
- C:\Windows\System\TKISOvv.exe
  C:\Windows\System\TKISOvv.exe
  2⤵
  PID:4664
- C:\Windows\System\XcfhAap.exe
  C:\Windows\System\XcfhAap.exe
  2⤵
  PID:4680
- C:\Windows\System\PhvuVjj.exe
  C:\Windows\System\PhvuVjj.exe
  2⤵
  PID:4696
- C:\Windows\System\QGnlTna.exe
  C:\Windows\System\QGnlTna.exe
  2⤵
  PID:4712
- C:\Windows\System\vQfYQTd.exe
  C:\Windows\System\vQfYQTd.exe
  2⤵
  PID:4728
- C:\Windows\System\eaDuWsW.exe
  C:\Windows\System\eaDuWsW.exe
  2⤵
  PID:4744
- C:\Windows\System\nbVVqGt.exe
  C:\Windows\System\nbVVqGt.exe
  2⤵
  PID:4760
- C:\Windows\System\jnMMWAT.exe
  C:\Windows\System\jnMMWAT.exe
  2⤵
  PID:4776
- C:\Windows\System\kQhFdAM.exe
  C:\Windows\System\kQhFdAM.exe
  2⤵
  PID:4792
- C:\Windows\System\oecrCzR.exe
  C:\Windows\System\oecrCzR.exe
  2⤵
  PID:4808
- C:\Windows\System\nuxJNJy.exe
  C:\Windows\System\nuxJNJy.exe
  2⤵
  PID:4824
- C:\Windows\System\UeXtyeE.exe
  C:\Windows\System\UeXtyeE.exe
  2⤵
  PID:4840
- C:\Windows\System\XsVrzVv.exe
  C:\Windows\System\XsVrzVv.exe
  2⤵
  PID:4856
- C:\Windows\System\TmaTayB.exe
  C:\Windows\System\TmaTayB.exe
  2⤵
  PID:4872
- C:\Windows\System\NcoBXVj.exe
  C:\Windows\System\NcoBXVj.exe
  2⤵
  PID:4888
- C:\Windows\System\ylsQpsz.exe
  C:\Windows\System\ylsQpsz.exe
  2⤵
  PID:4904
- C:\Windows\System\MUYxmuu.exe
  C:\Windows\System\MUYxmuu.exe
  2⤵
  PID:4920
- C:\Windows\System\CRhzlZB.exe
  C:\Windows\System\CRhzlZB.exe
  2⤵
  PID:4936
- C:\Windows\System\PbfZciV.exe
  C:\Windows\System\PbfZciV.exe
  2⤵
  PID:4952
- C:\Windows\System\VLidgeT.exe
  C:\Windows\System\VLidgeT.exe
  2⤵
  PID:4968
- C:\Windows\System\BKwONhK.exe
  C:\Windows\System\BKwONhK.exe
  2⤵
  PID:4984
- C:\Windows\System\NKuKDIR.exe
  C:\Windows\System\NKuKDIR.exe
  2⤵
  PID:5000
- C:\Windows\System\TauJACI.exe
  C:\Windows\System\TauJACI.exe
  2⤵
  PID:5016
- C:\Windows\System\ClYwBkz.exe
  C:\Windows\System\ClYwBkz.exe
  2⤵
  PID:5032
- C:\Windows\System\lNxgoKC.exe
  C:\Windows\System\lNxgoKC.exe
  2⤵
  PID:5048
- C:\Windows\System\NCEHduD.exe
  C:\Windows\System\NCEHduD.exe
  2⤵
  PID:5064
- C:\Windows\System\gcjWaZw.exe
  C:\Windows\System\gcjWaZw.exe
  2⤵
  PID:5080
- C:\Windows\System\rnNyfFf.exe
  C:\Windows\System\rnNyfFf.exe
  2⤵
  PID:5096
- C:\Windows\System\VxWqKik.exe
  C:\Windows\System\VxWqKik.exe
  2⤵
  PID:5112
- C:\Windows\System\qsFtKXk.exe
  C:\Windows\System\qsFtKXk.exe
  2⤵
  PID:3940
- C:\Windows\System\tsxaQXv.exe
  C:\Windows\System\tsxaQXv.exe
  2⤵
  PID:4036
- C:\Windows\System\ZNzzdng.exe
  C:\Windows\System\ZNzzdng.exe
  2⤵
  PID:4072
- C:\Windows\System\nGFcwBD.exe
  C:\Windows\System\nGFcwBD.exe
  2⤵
  PID:1420
- C:\Windows\System\YZEpsZt.exe
  C:\Windows\System\YZEpsZt.exe
  2⤵
  PID:3464
- C:\Windows\System\VNUVxqm.exe
  C:\Windows\System\VNUVxqm.exe
  2⤵
  PID:2760
- C:\Windows\System\gWcIHtR.exe
  C:\Windows\System\gWcIHtR.exe
  2⤵
  PID:3632
- C:\Windows\System\TnwLyAs.exe
  C:\Windows\System\TnwLyAs.exe
  2⤵
  PID:3696
- C:\Windows\System\rvOpIIZ.exe
  C:\Windows\System\rvOpIIZ.exe
  2⤵
  PID:1676
- C:\Windows\System\zVQZbmQ.exe
  C:\Windows\System\zVQZbmQ.exe
  2⤵
  PID:3128
- C:\Windows\System\uLPVKYp.exe
  C:\Windows\System\uLPVKYp.exe
  2⤵
  PID:3380
- C:\Windows\System\eSmAHCT.exe
  C:\Windows\System\eSmAHCT.exe
  2⤵
  PID:3896
- C:\Windows\System\iZEaKll.exe
  C:\Windows\System\iZEaKll.exe
  2⤵
  PID:3236
- C:\Windows\System\kQZefyr.exe
  C:\Windows\System\kQZefyr.exe
  2⤵
  PID:4144
- C:\Windows\System\bWHscpu.exe
  C:\Windows\System\bWHscpu.exe
  2⤵
  PID:4176
- C:\Windows\System\kgiraEo.exe
  C:\Windows\System\kgiraEo.exe
  2⤵
  PID:4160
- C:\Windows\System\rCZihFF.exe
  C:\Windows\System\rCZihFF.exe
  2⤵
  PID:4192
- C:\Windows\System\rtrtZwE.exe
  C:\Windows\System\rtrtZwE.exe
  2⤵
  PID:4268
- C:\Windows\System\MNvfwAt.exe
  C:\Windows\System\MNvfwAt.exe
  2⤵
  PID:4220
- C:\Windows\System\qVhjmAE.exe
  C:\Windows\System\qVhjmAE.exe
  2⤵
  PID:4364
- C:\Windows\System\yBofokh.exe
  C:\Windows\System\yBofokh.exe
  2⤵
  PID:4256
- C:\Windows\System\uovjtIt.exe
  C:\Windows\System\uovjtIt.exe
  2⤵
  PID:4348
- C:\Windows\System\McIrcki.exe
  C:\Windows\System\McIrcki.exe
  2⤵
  PID:4428
- C:\Windows\System\vwOtUiM.exe
  C:\Windows\System\vwOtUiM.exe
  2⤵
  PID:4416
- C:\Windows\System\DqQXmaK.exe
  C:\Windows\System\DqQXmaK.exe
  2⤵
  PID:4492
- C:\Windows\System\epSkTcz.exe
  C:\Windows\System\epSkTcz.exe
  2⤵
  PID:4444
- C:\Windows\System\HICgfJB.exe
  C:\Windows\System\HICgfJB.exe
  2⤵
  PID:4508
- C:\Windows\System\ozNAwuS.exe
  C:\Windows\System\ozNAwuS.exe
  2⤵
  PID:4588
- C:\Windows\System\kCJaLfm.exe
  C:\Windows\System\kCJaLfm.exe
  2⤵
  PID:4628
- C:\Windows\System\FvZrbDF.exe
  C:\Windows\System\FvZrbDF.exe
  2⤵
  PID:4608
- C:\Windows\System\noIJjhx.exe
  C:\Windows\System\noIJjhx.exe
  2⤵
  PID:4660
- C:\Windows\System\RspaEPx.exe
  C:\Windows\System\RspaEPx.exe
  2⤵
  PID:4672
- C:\Windows\System\FqMpvvK.exe
  C:\Windows\System\FqMpvvK.exe
  2⤵
  PID:4724
- C:\Windows\System\deCnlek.exe
  C:\Windows\System\deCnlek.exe
  2⤵
  PID:4756
- C:\Windows\System\UtLzxFW.exe
  C:\Windows\System\UtLzxFW.exe
  2⤵
  PID:4788
- C:\Windows\System\KcFFejq.exe
  C:\Windows\System\KcFFejq.exe
  2⤵
  PID:4820
- C:\Windows\System\QBiXDrb.exe
  C:\Windows\System\QBiXDrb.exe
  2⤵
  PID:4852
- C:\Windows\System\WEIMtlU.exe
  C:\Windows\System\WEIMtlU.exe
  2⤵
  PID:4864
- C:\Windows\System\RjyxePV.exe
  C:\Windows\System\RjyxePV.exe
  2⤵
  PID:4944
- C:\Windows\System\NAyyHnh.exe
  C:\Windows\System\NAyyHnh.exe
  2⤵
  PID:4868
- C:\Windows\System\QzMAyhZ.exe
  C:\Windows\System\QzMAyhZ.exe
  2⤵
  PID:4964
- C:\Windows\System\Ijvotpk.exe
  C:\Windows\System\Ijvotpk.exe
  2⤵
  PID:5012
- C:\Windows\System\sHNYtKR.exe
  C:\Windows\System\sHNYtKR.exe
  2⤵
  PID:5044
- C:\Windows\System\WqASMoL.exe
  C:\Windows\System\WqASMoL.exe
  2⤵
  PID:5076
- C:\Windows\System\XhXvTiQ.exe
  C:\Windows\System\XhXvTiQ.exe
  2⤵
  PID:4024
- C:\Windows\System\qkWoVRR.exe
  C:\Windows\System\qkWoVRR.exe
  2⤵
  PID:3988
- C:\Windows\System\AucxBEx.exe
  C:\Windows\System\AucxBEx.exe
  2⤵
  PID:4068
- C:\Windows\System\zubOaWo.exe
  C:\Windows\System\zubOaWo.exe
  2⤵
  PID:2996
- C:\Windows\System\FZFcBQW.exe
  C:\Windows\System\FZFcBQW.exe
  2⤵
  PID:3396
- C:\Windows\System\mdLZuQe.exe
  C:\Windows\System\mdLZuQe.exe
  2⤵
  PID:3848
- C:\Windows\System\roTfIIh.exe
  C:\Windows\System\roTfIIh.exe
  2⤵
  PID:2316
- C:\Windows\System\tuDvxpr.exe
  C:\Windows\System\tuDvxpr.exe
  2⤵
  PID:3960
- C:\Windows\System\XDDjBiD.exe
  C:\Windows\System\XDDjBiD.exe
  2⤵
  PID:4240
- C:\Windows\System\esAEwBr.exe
  C:\Windows\System\esAEwBr.exe
  2⤵
  PID:4332
- C:\Windows\System\Dcxrhcg.exe
  C:\Windows\System\Dcxrhcg.exe
  2⤵
  PID:4320
- C:\Windows\System\lfrfRFP.exe
  C:\Windows\System\lfrfRFP.exe
  2⤵
  PID:4288
- C:\Windows\System\QLYmdvW.exe
  C:\Windows\System\QLYmdvW.exe
  2⤵
  PID:4396
- C:\Windows\System\HgolNXF.exe
  C:\Windows\System\HgolNXF.exe
  2⤵
  PID:4460
- C:\Windows\System\pQLIWuH.exe
  C:\Windows\System\pQLIWuH.exe
  2⤵
  PID:4576
- C:\Windows\System\MHJDZvf.exe
  C:\Windows\System\MHJDZvf.exe
  2⤵
  PID:4692
- C:\Windows\System\EnPTEJT.exe
  C:\Windows\System\EnPTEJT.exe
  2⤵
  PID:4752
- C:\Windows\System\MjRrrAk.exe
  C:\Windows\System\MjRrrAk.exe
  2⤵
  PID:4768
- C:\Windows\System\DWCHqkn.exe
  C:\Windows\System\DWCHqkn.exe
  2⤵
  PID:4708
- C:\Windows\System\YWacGmN.exe
  C:\Windows\System\YWacGmN.exe
  2⤵
  PID:4912
- C:\Windows\System\SlbRlEk.exe
  C:\Windows\System\SlbRlEk.exe
  2⤵
  PID:4900
- C:\Windows\System\JcereoE.exe
  C:\Windows\System\JcereoE.exe
  2⤵
  PID:4932
- C:\Windows\System\bCnKqzr.exe
  C:\Windows\System\bCnKqzr.exe
  2⤵
  PID:5136
- C:\Windows\System\pLcjwNg.exe
  C:\Windows\System\pLcjwNg.exe
  2⤵
  PID:5152
- C:\Windows\System\TxPjSGk.exe
  C:\Windows\System\TxPjSGk.exe
  2⤵
  PID:5168
- C:\Windows\System\uwrbkcm.exe
  C:\Windows\System\uwrbkcm.exe
  2⤵
  PID:5184
- C:\Windows\System\BBmSoIE.exe
  C:\Windows\System\BBmSoIE.exe
  2⤵
  PID:5200
- C:\Windows\System\tnZWVis.exe
  C:\Windows\System\tnZWVis.exe
  2⤵
  PID:5216
- C:\Windows\System\uvCdJcl.exe
  C:\Windows\System\uvCdJcl.exe
  2⤵
  PID:5232
- C:\Windows\System\KrBEwdA.exe
  C:\Windows\System\KrBEwdA.exe
  2⤵
  PID:5248
- C:\Windows\System\JSFYDFA.exe
  C:\Windows\System\JSFYDFA.exe
  2⤵
  PID:5264
- C:\Windows\System\sGoTUgu.exe
  C:\Windows\System\sGoTUgu.exe
  2⤵
  PID:5280
- C:\Windows\System\YqtXdec.exe
  C:\Windows\System\YqtXdec.exe
  2⤵
  PID:5296
- C:\Windows\System\YEiHYGr.exe
  C:\Windows\System\YEiHYGr.exe
  2⤵
  PID:5312
- C:\Windows\System\WqmIqgR.exe
  C:\Windows\System\WqmIqgR.exe
  2⤵
  PID:5328
- C:\Windows\System\WgLRAVO.exe
  C:\Windows\System\WgLRAVO.exe
  2⤵
  PID:5344
- C:\Windows\System\IxqjUQp.exe
  C:\Windows\System\IxqjUQp.exe
  2⤵
  PID:5360
- C:\Windows\System\bjECpxu.exe
  C:\Windows\System\bjECpxu.exe
  2⤵
  PID:5376
- C:\Windows\System\BWQLzVr.exe
  C:\Windows\System\BWQLzVr.exe
  2⤵
  PID:5392
- C:\Windows\System\OzattHn.exe
  C:\Windows\System\OzattHn.exe
  2⤵
  PID:5408
- C:\Windows\System\pZvjPHF.exe
  C:\Windows\System\pZvjPHF.exe
  2⤵
  PID:5424
- C:\Windows\System\UMeLpwZ.exe
  C:\Windows\System\UMeLpwZ.exe
  2⤵
  PID:5440
- C:\Windows\System\vXPvDBD.exe
  C:\Windows\System\vXPvDBD.exe
  2⤵
  PID:5456
- C:\Windows\System\nlgYxUN.exe
  C:\Windows\System\nlgYxUN.exe
  2⤵
  PID:5472
- C:\Windows\System\ExFJSYb.exe
  C:\Windows\System\ExFJSYb.exe
  2⤵
  PID:5488
- C:\Windows\System\qOZIyvJ.exe
  C:\Windows\System\qOZIyvJ.exe
  2⤵
  PID:5504
- C:\Windows\System\MxNUuvO.exe
  C:\Windows\System\MxNUuvO.exe
  2⤵
  PID:5520
- C:\Windows\System\cSEGPaf.exe
  C:\Windows\System\cSEGPaf.exe
  2⤵
  PID:5536
- C:\Windows\System\HnajTYe.exe
  C:\Windows\System\HnajTYe.exe
  2⤵
  PID:5552
- C:\Windows\System\yzuDLAR.exe
  C:\Windows\System\yzuDLAR.exe
  2⤵
  PID:5572
- C:\Windows\System\zrrSxgQ.exe
  C:\Windows\System\zrrSxgQ.exe
  2⤵
  PID:5588
- C:\Windows\System\esCTjjn.exe
  C:\Windows\System\esCTjjn.exe
  2⤵
  PID:5604
- C:\Windows\System\HKrVatI.exe
  C:\Windows\System\HKrVatI.exe
  2⤵
  PID:5620
- C:\Windows\System\FOtZstc.exe
  C:\Windows\System\FOtZstc.exe
  2⤵
  PID:5636
- C:\Windows\System\qTFqiLI.exe
  C:\Windows\System\qTFqiLI.exe
  2⤵
  PID:5652
- C:\Windows\System\XMFVFot.exe
  C:\Windows\System\XMFVFot.exe
  2⤵
  PID:5668
- C:\Windows\System\truslXo.exe
  C:\Windows\System\truslXo.exe
  2⤵
  PID:5684
- C:\Windows\System\WdZuIzq.exe
  C:\Windows\System\WdZuIzq.exe
  2⤵
  PID:5700
- C:\Windows\System\UbnJBoq.exe
  C:\Windows\System\UbnJBoq.exe
  2⤵
  PID:5716
- C:\Windows\System\AEaDnSY.exe
  C:\Windows\System\AEaDnSY.exe
  2⤵
  PID:5732
- C:\Windows\System\UcLzmLK.exe
  C:\Windows\System\UcLzmLK.exe
  2⤵
  PID:5748
- C:\Windows\System\RRZqxsN.exe
  C:\Windows\System\RRZqxsN.exe
  2⤵
  PID:5764
- C:\Windows\System\hZnyNWy.exe
  C:\Windows\System\hZnyNWy.exe
  2⤵
  PID:5780
- C:\Windows\System\RvqDWIf.exe
  C:\Windows\System\RvqDWIf.exe
  2⤵
  PID:5796
- C:\Windows\System\iCnmndz.exe
  C:\Windows\System\iCnmndz.exe
  2⤵
  PID:5812
- C:\Windows\System\LeWswXl.exe
  C:\Windows\System\LeWswXl.exe
  2⤵
  PID:5828
- C:\Windows\System\tuQWWPe.exe
  C:\Windows\System\tuQWWPe.exe
  2⤵
  PID:5844
- C:\Windows\System\qMVMfjI.exe
  C:\Windows\System\qMVMfjI.exe
  2⤵
  PID:5860
- C:\Windows\System\cMgNAiI.exe
  C:\Windows\System\cMgNAiI.exe
  2⤵
  PID:5876
- C:\Windows\System\TbeTeLD.exe
  C:\Windows\System\TbeTeLD.exe
  2⤵
  PID:5892
- C:\Windows\System\xZnohji.exe
  C:\Windows\System\xZnohji.exe
  2⤵
  PID:5908
- C:\Windows\System\BjltPVc.exe
  C:\Windows\System\BjltPVc.exe
  2⤵
  PID:5924
- C:\Windows\System\HZmynVz.exe
  C:\Windows\System\HZmynVz.exe
  2⤵
  PID:5940
- C:\Windows\System\fNIfkBF.exe
  C:\Windows\System\fNIfkBF.exe
  2⤵
  PID:5956
- C:\Windows\System\fUwBurF.exe
  C:\Windows\System\fUwBurF.exe
  2⤵
  PID:5972
- C:\Windows\System\MJLzKJm.exe
  C:\Windows\System\MJLzKJm.exe
  2⤵
  PID:5988
- C:\Windows\System\KMYbiXL.exe
  C:\Windows\System\KMYbiXL.exe
  2⤵
  PID:6004
- C:\Windows\System\xIPsneI.exe
  C:\Windows\System\xIPsneI.exe
  2⤵
  PID:6020
- C:\Windows\System\MUWrYby.exe
  C:\Windows\System\MUWrYby.exe
  2⤵
  PID:6036
- C:\Windows\System\JMUGpyL.exe
  C:\Windows\System\JMUGpyL.exe
  2⤵
  PID:6052
- C:\Windows\System\caXFULv.exe
  C:\Windows\System\caXFULv.exe
  2⤵
  PID:6068
- C:\Windows\System\SEixVAx.exe
  C:\Windows\System\SEixVAx.exe
  2⤵
  PID:6084
- C:\Windows\System\JxqxJtE.exe
  C:\Windows\System\JxqxJtE.exe
  2⤵
  PID:6100
- C:\Windows\System\XxLYXqw.exe
  C:\Windows\System\XxLYXqw.exe
  2⤵
  PID:6116
- C:\Windows\System\cInpTuL.exe
  C:\Windows\System\cInpTuL.exe
  2⤵
  PID:6132
- C:\Windows\System\MJfueNQ.exe
  C:\Windows\System\MJfueNQ.exe
  2⤵
  PID:5028
- C:\Windows\System\NUvGEWB.exe
  C:\Windows\System\NUvGEWB.exe
  2⤵
  PID:4004
- C:\Windows\System\dTlCLiy.exe
  C:\Windows\System\dTlCLiy.exe
  2⤵
  PID:2056
- C:\Windows\System\BFUmqGj.exe
  C:\Windows\System\BFUmqGj.exe
  2⤵
  PID:3332
- C:\Windows\System\CFlBjXK.exe
  C:\Windows\System\CFlBjXK.exe
  2⤵
  PID:4140
- C:\Windows\System\tXbEMDd.exe
  C:\Windows\System\tXbEMDd.exe
  2⤵
  PID:4172
- C:\Windows\System\QQPcifq.exe
  C:\Windows\System\QQPcifq.exe
  2⤵
  PID:4128
- C:\Windows\System\PxBNDMu.exe
  C:\Windows\System\PxBNDMu.exe
  2⤵
  PID:4400
- C:\Windows\System\xbYwgjH.exe
  C:\Windows\System\xbYwgjH.exe
  2⤵
  PID:4556
- C:\Windows\System\ouYqGZS.exe
  C:\Windows\System\ouYqGZS.exe
  2⤵
  PID:4540
- C:\Windows\System\htyuEIq.exe
  C:\Windows\System\htyuEIq.exe
  2⤵
  PID:4624
- C:\Windows\System\HLHHBam.exe
  C:\Windows\System\HLHHBam.exe
  2⤵
  PID:5176
- C:\Windows\System\CPxRxqv.exe
  C:\Windows\System\CPxRxqv.exe
  2⤵
  PID:5240
- C:\Windows\System\epzBAQQ.exe
  C:\Windows\System\epzBAQQ.exe
  2⤵
  PID:4896
- C:\Windows\System\qJquTxz.exe
  C:\Windows\System\qJquTxz.exe
  2⤵
  PID:5164
- C:\Windows\System\OrycXbt.exe
  C:\Windows\System\OrycXbt.exe
  2⤵
  PID:4620
- C:\Windows\System\kxmIqiG.exe
  C:\Windows\System\kxmIqiG.exe
  2⤵
  PID:5276
- C:\Windows\System\ePXVpCj.exe
  C:\Windows\System\ePXVpCj.exe
  2⤵
  PID:5340
- C:\Windows\System\tvhYLAL.exe
  C:\Windows\System\tvhYLAL.exe
  2⤵
  PID:5404
- C:\Windows\System\bOqxIGO.exe
  C:\Windows\System\bOqxIGO.exe
  2⤵
  PID:5260
- C:\Windows\System\stbqdUq.exe
  C:\Windows\System\stbqdUq.exe
  2⤵
  PID:5464
- C:\Windows\System\gMkfhCQ.exe
  C:\Windows\System\gMkfhCQ.exe
  2⤵
  PID:5384
- C:\Windows\System\SsCRDkc.exe
  C:\Windows\System\SsCRDkc.exe
  2⤵
  PID:5420
- C:\Windows\System\mskbBOl.exe
  C:\Windows\System\mskbBOl.exe
  2⤵
  PID:5528
- C:\Windows\System\TwUJgqR.exe
  C:\Windows\System\TwUJgqR.exe
  2⤵
  PID:5596
- C:\Windows\System\RIUyHoy.exe
  C:\Windows\System\RIUyHoy.exe
  2⤵
  PID:5660
- C:\Windows\System\SdXrJQQ.exe
  C:\Windows\System\SdXrJQQ.exe
  2⤵
  PID:5584
- C:\Windows\System\uecWQkt.exe
  C:\Windows\System\uecWQkt.exe
  2⤵
  PID:5516
- C:\Windows\System\duCyBnb.exe
  C:\Windows\System\duCyBnb.exe
  2⤵
  PID:5452
- C:\Windows\System\cFwDYhI.exe
  C:\Windows\System\cFwDYhI.exe
  2⤵
  PID:5724
- C:\Windows\System\TRbrbCg.exe
  C:\Windows\System\TRbrbCg.exe
  2⤵
  PID:5788
- C:\Windows\System\EtduwPq.exe
  C:\Windows\System\EtduwPq.exe
  2⤵
  PID:5676
- C:\Windows\System\okNOkTg.exe
  C:\Windows\System\okNOkTg.exe
  2⤵
  PID:5824
- C:\Windows\System\oWYMhHV.exe
  C:\Windows\System\oWYMhHV.exe
  2⤵
  PID:5856
- C:\Windows\System\yMEIJFl.exe
  C:\Windows\System\yMEIJFl.exe
  2⤵
  PID:5920
- C:\Windows\System\JffCALU.exe
  C:\Windows\System\JffCALU.exe
  2⤵
  PID:5984
- C:\Windows\System\VmkQyXx.exe
  C:\Windows\System\VmkQyXx.exe
  2⤵
  PID:5744
- C:\Windows\System\sHgRLiW.exe
  C:\Windows\System\sHgRLiW.exe
  2⤵
  PID:5872
- C:\Windows\System\eauxoxC.exe
  C:\Windows\System\eauxoxC.exe
  2⤵
  PID:5932
- C:\Windows\System\ixtVhyD.exe
  C:\Windows\System\ixtVhyD.exe
  2⤵
  PID:6012
- C:\Windows\System\SvDOfmt.exe
  C:\Windows\System\SvDOfmt.exe
  2⤵
  PID:6076
- C:\Windows\System\uzuLmSB.exe
  C:\Windows\System\uzuLmSB.exe
  2⤵
  PID:6140
- C:\Windows\System\ebnAwSv.exe
  C:\Windows\System\ebnAwSv.exe
  2⤵
  PID:6032
- C:\Windows\System\sdLisfQ.exe
  C:\Windows\System\sdLisfQ.exe
  2⤵
  PID:6096
- C:\Windows\System\BvVPHOx.exe
  C:\Windows\System\BvVPHOx.exe
  2⤵
  PID:4056
- C:\Windows\System\RILOQjb.exe
  C:\Windows\System\RILOQjb.exe
  2⤵
  PID:4336
- C:\Windows\System\MojkFny.exe
  C:\Windows\System\MojkFny.exe
  2⤵
  PID:5092
- C:\Windows\System\VOReDDS.exe
  C:\Windows\System\VOReDDS.exe
  2⤵
  PID:2300
- C:\Windows\System\TKyvINL.exe
  C:\Windows\System\TKyvINL.exe
  2⤵
  PID:4836
- C:\Windows\System\RLjurCZ.exe
  C:\Windows\System\RLjurCZ.exe
  2⤵
  PID:5160
- C:\Windows\System\CkZYRCS.exe
  C:\Windows\System\CkZYRCS.exe
  2⤵
  PID:5244
- C:\Windows\System\UxCHSby.exe
  C:\Windows\System\UxCHSby.exe
  2⤵
  PID:5148
- C:\Windows\System\WYfXEiY.exe
  C:\Windows\System\WYfXEiY.exe
  2⤵
  PID:5224
- C:\Windows\System\trQfWnH.exe
  C:\Windows\System\trQfWnH.exe
  2⤵
  PID:5320
- C:\Windows\System\nEoONvl.exe
  C:\Windows\System\nEoONvl.exe
  2⤵
  PID:5568
- C:\Windows\System\MYSXTJt.exe
  C:\Windows\System\MYSXTJt.exe
  2⤵
  PID:5336
- C:\Windows\System\MYTAMlK.exe
  C:\Windows\System\MYTAMlK.exe
  2⤵
  PID:5352
- C:\Windows\System\TdWcAQf.exe
  C:\Windows\System\TdWcAQf.exe
  2⤵
  PID:5616
- C:\Windows\System\TkBNVSh.exe
  C:\Windows\System\TkBNVSh.exe
  2⤵
  PID:5480
- C:\Windows\System\ntnxPNY.exe
  C:\Windows\System\ntnxPNY.exe
  2⤵
  PID:5760
- C:\Windows\System\aZVmZlv.exe
  C:\Windows\System\aZVmZlv.exe
  2⤵
  PID:5916
- C:\Windows\System\xesGfOi.exe
  C:\Windows\System\xesGfOi.exe
  2⤵
  PID:5808
- C:\Windows\System\Kthiuci.exe
  C:\Windows\System\Kthiuci.exe
  2⤵
  PID:5564
- C:\Windows\System\XHNKkds.exe
  C:\Windows\System\XHNKkds.exe
  2⤵
  PID:5980
- C:\Windows\System\nwdcvsb.exe
  C:\Windows\System\nwdcvsb.exe
  2⤵
  PID:6048
- C:\Windows\System\XfTcDIl.exe
  C:\Windows\System\XfTcDIl.exe
  2⤵
  PID:6028
- C:\Windows\System\emhamhQ.exe
  C:\Windows\System\emhamhQ.exe
  2⤵
  PID:5056
- C:\Windows\System\wfFwYWz.exe
  C:\Windows\System\wfFwYWz.exe
  2⤵
  PID:6148
- C:\Windows\System\rpJPeXj.exe
  C:\Windows\System\rpJPeXj.exe
  2⤵
  PID:6164
- C:\Windows\System\CgOGkfq.exe
  C:\Windows\System\CgOGkfq.exe
  2⤵
  PID:6180
- C:\Windows\System\VeWjVUT.exe
  C:\Windows\System\VeWjVUT.exe
  2⤵
  PID:6196
- C:\Windows\System\JTKWUeL.exe
  C:\Windows\System\JTKWUeL.exe
  2⤵
  PID:6212
- C:\Windows\System\jgnDsQJ.exe
  C:\Windows\System\jgnDsQJ.exe
  2⤵
  PID:6228
- C:\Windows\System\eDXxydX.exe
  C:\Windows\System\eDXxydX.exe
  2⤵
  PID:6244
- C:\Windows\System\yHWVUkm.exe
  C:\Windows\System\yHWVUkm.exe
  2⤵
  PID:6260
- C:\Windows\System\pmJAbmS.exe
  C:\Windows\System\pmJAbmS.exe
  2⤵
  PID:6276
- C:\Windows\System\ZivGewc.exe
  C:\Windows\System\ZivGewc.exe
  2⤵
  PID:6292
- C:\Windows\System\MDHRBRE.exe
  C:\Windows\System\MDHRBRE.exe
  2⤵
  PID:6308
- C:\Windows\System\HXZZpcS.exe
  C:\Windows\System\HXZZpcS.exe
  2⤵
  PID:6324
- C:\Windows\System\lEIyCoZ.exe
  C:\Windows\System\lEIyCoZ.exe
  2⤵
  PID:6340
- C:\Windows\System\Ixshctp.exe
  C:\Windows\System\Ixshctp.exe
  2⤵
  PID:6356
- C:\Windows\System\zmpNzui.exe
  C:\Windows\System\zmpNzui.exe
  2⤵
  PID:6372
- C:\Windows\System\QTKahSL.exe
  C:\Windows\System\QTKahSL.exe
  2⤵
  PID:6388
- C:\Windows\System\xAStioT.exe
  C:\Windows\System\xAStioT.exe
  2⤵
  PID:6404
- C:\Windows\System\VgnZclf.exe
  C:\Windows\System\VgnZclf.exe
  2⤵
  PID:6420
- C:\Windows\System\fRMEPRK.exe
  C:\Windows\System\fRMEPRK.exe
  2⤵
  PID:6436
- C:\Windows\System\ArxUjQd.exe
  C:\Windows\System\ArxUjQd.exe
  2⤵
  PID:6452
- C:\Windows\System\hVWywyA.exe
  C:\Windows\System\hVWywyA.exe
  2⤵
  PID:6468
- C:\Windows\System\HzMgHdZ.exe
  C:\Windows\System\HzMgHdZ.exe
  2⤵
  PID:6484
- C:\Windows\System\RvkSGow.exe
  C:\Windows\System\RvkSGow.exe
  2⤵
  PID:6500
- C:\Windows\System\NODIOKW.exe
  C:\Windows\System\NODIOKW.exe
  2⤵
  PID:6516
- C:\Windows\System\pCDHMrS.exe
  C:\Windows\System\pCDHMrS.exe
  2⤵
  PID:6532
- C:\Windows\System\NIFOUPh.exe
  C:\Windows\System\NIFOUPh.exe
  2⤵
  PID:6548
- C:\Windows\System\GNcZiMo.exe
  C:\Windows\System\GNcZiMo.exe
  2⤵
  PID:6564
- C:\Windows\System\DYtcJYf.exe
  C:\Windows\System\DYtcJYf.exe
  2⤵
  PID:6580
- C:\Windows\System\aLNWRfB.exe
  C:\Windows\System\aLNWRfB.exe
  2⤵
  PID:6596
- C:\Windows\System\vvdEWYt.exe
  C:\Windows\System\vvdEWYt.exe
  2⤵
  PID:6612
- C:\Windows\System\SxTHVTh.exe
  C:\Windows\System\SxTHVTh.exe
  2⤵
  PID:6628
- C:\Windows\System\SfNkXwe.exe
  C:\Windows\System\SfNkXwe.exe
  2⤵
  PID:6644
- C:\Windows\System\hjgjIGe.exe
  C:\Windows\System\hjgjIGe.exe
  2⤵
  PID:6660
- C:\Windows\System\NqWrJzA.exe
  C:\Windows\System\NqWrJzA.exe
  2⤵
  PID:6676
- C:\Windows\System\iVWuFdc.exe
  C:\Windows\System\iVWuFdc.exe
  2⤵
  PID:6692
- C:\Windows\System\fhLmsvW.exe
  C:\Windows\System\fhLmsvW.exe
  2⤵
  PID:6708
- C:\Windows\System\RYaMzHU.exe
  C:\Windows\System\RYaMzHU.exe
  2⤵
  PID:6724
- C:\Windows\System\aymMvOA.exe
  C:\Windows\System\aymMvOA.exe
  2⤵
  PID:6744
- C:\Windows\System\CHNFChs.exe
  C:\Windows\System\CHNFChs.exe
  2⤵
  PID:6760
- C:\Windows\System\tLGdWZI.exe
  C:\Windows\System\tLGdWZI.exe
  2⤵
  PID:6776
- C:\Windows\System\hQPFqIA.exe
  C:\Windows\System\hQPFqIA.exe
  2⤵
  PID:6840
- C:\Windows\System\tvujRua.exe
  C:\Windows\System\tvujRua.exe
  2⤵
  PID:6856
- C:\Windows\System\ySoCtlW.exe
  C:\Windows\System\ySoCtlW.exe
  2⤵
  PID:6872
- C:\Windows\System\fwSZKuT.exe
  C:\Windows\System\fwSZKuT.exe
  2⤵
  PID:6888
- C:\Windows\System\DTtTaYJ.exe
  C:\Windows\System\DTtTaYJ.exe
  2⤵
  PID:6904
- C:\Windows\System\myHZHWx.exe
  C:\Windows\System\myHZHWx.exe
  2⤵
  PID:6920
- C:\Windows\System\emdbyLY.exe
  C:\Windows\System\emdbyLY.exe
  2⤵
  PID:6936
- C:\Windows\System\xjoqLIB.exe
  C:\Windows\System\xjoqLIB.exe
  2⤵
  PID:6952
- C:\Windows\System\shXjvNM.exe
  C:\Windows\System\shXjvNM.exe
  2⤵
  PID:6968
- C:\Windows\System\yfgiPkT.exe
  C:\Windows\System\yfgiPkT.exe
  2⤵
  PID:6984
- C:\Windows\System\NOcxZUy.exe
  C:\Windows\System\NOcxZUy.exe
  2⤵
  PID:7000
- C:\Windows\System\dwBmKwy.exe
  C:\Windows\System\dwBmKwy.exe
  2⤵
  PID:7016
- C:\Windows\System\VrEoUXU.exe
  C:\Windows\System\VrEoUXU.exe
  2⤵
  PID:7032
- C:\Windows\System\VqLfqeC.exe
  C:\Windows\System\VqLfqeC.exe
  2⤵
  PID:7048
- C:\Windows\System\hTrTebL.exe
  C:\Windows\System\hTrTebL.exe
  2⤵
  PID:7064
- C:\Windows\System\bvlIAMb.exe
  C:\Windows\System\bvlIAMb.exe
  2⤵
  PID:7080
- C:\Windows\System\uqsDHeZ.exe
  C:\Windows\System\uqsDHeZ.exe
  2⤵
  PID:7096
- C:\Windows\System\vBzgewB.exe
  C:\Windows\System\vBzgewB.exe
  2⤵
  PID:7112
- C:\Windows\System\afdIVFJ.exe
  C:\Windows\System\afdIVFJ.exe
  2⤵
  PID:7128
- C:\Windows\System\YiszHWv.exe
  C:\Windows\System\YiszHWv.exe
  2⤵
  PID:7144
- C:\Windows\System\shjKqCN.exe
  C:\Windows\System\shjKqCN.exe
  2⤵
  PID:7160
- C:\Windows\System\qPUDeTg.exe
  C:\Windows\System\qPUDeTg.exe
  2⤵
  PID:5196
- C:\Windows\System\QUVdcJI.exe
  C:\Windows\System\QUVdcJI.exe
  2⤵
  PID:6092
- C:\Windows\System\ZBwipov.exe
  C:\Windows\System\ZBwipov.exe
  2⤵
  PID:5560
- C:\Windows\System\xemzkcn.exe
  C:\Windows\System\xemzkcn.exe
  2⤵
  PID:5144
- C:\Windows\System\OZQGMYg.exe
  C:\Windows\System\OZQGMYg.exe
  2⤵
  PID:5548
- C:\Windows\System\ZoEQAps.exe
  C:\Windows\System\ZoEQAps.exe
  2⤵
  PID:5888
- C:\Windows\System\zihBZjb.exe
  C:\Windows\System\zihBZjb.exe
  2⤵
  PID:5968
- C:\Windows\System\VwCqAlp.exe
  C:\Windows\System\VwCqAlp.exe
  2⤵
  PID:5436
- C:\Windows\System\NSmgnVF.exe
  C:\Windows\System\NSmgnVF.exe
  2⤵
  PID:5644
- C:\Windows\System\YCeCYDX.exe
  C:\Windows\System\YCeCYDX.exe
  2⤵
  PID:5820
- C:\Windows\System\KrhkHRw.exe
  C:\Windows\System\KrhkHRw.exe
  2⤵
  PID:6220
- C:\Windows\System\iKQwWEd.exe
  C:\Windows\System\iKQwWEd.exe
  2⤵
  PID:5840
- C:\Windows\System\VjgEemh.exe
  C:\Windows\System\VjgEemh.exe
  2⤵
  PID:6288
- C:\Windows\System\wpCmWPg.exe
  C:\Windows\System\wpCmWPg.exe
  2⤵
  PID:6348
- C:\Windows\System\DrQqkzp.exe
  C:\Windows\System\DrQqkzp.exe
  2⤵
  PID:6172
- C:\Windows\System\HVeLgCz.exe
  C:\Windows\System\HVeLgCz.exe
  2⤵
  PID:6236
- C:\Windows\System\bOvIxIn.exe
  C:\Windows\System\bOvIxIn.exe
  2⤵
  PID:6272
- C:\Windows\System\TlhXUpP.exe
  C:\Windows\System\TlhXUpP.exe
  2⤵
  PID:6412
- C:\Windows\System\qurZLRk.exe
  C:\Windows\System\qurZLRk.exe
  2⤵
  PID:6364
- C:\Windows\System\jcnvKBW.exe
  C:\Windows\System\jcnvKBW.exe
  2⤵
  PID:6476
- C:\Windows\System\oqCFjst.exe
  C:\Windows\System\oqCFjst.exe
  2⤵
  PID:6540
- C:\Windows\System\TNrUBRN.exe
  C:\Windows\System\TNrUBRN.exe
  2⤵
  PID:6604
- C:\Windows\System\SAUmdHC.exe
  C:\Windows\System\SAUmdHC.exe
  2⤵
  PID:6672
- C:\Windows\System\LejwHIf.exe
  C:\Windows\System\LejwHIf.exe
  2⤵
  PID:6740
- C:\Windows\System\zMtGYaH.exe
  C:\Windows\System\zMtGYaH.exe
  2⤵
  PID:6492
- C:\Windows\System\lglkTHJ.exe
  C:\Windows\System\lglkTHJ.exe
  2⤵
  PID:6428
- C:\Windows\System\GTDBbGA.exe
  C:\Windows\System\GTDBbGA.exe
  2⤵
  PID:6560
- C:\Windows\System\gfKDcxt.exe
  C:\Windows\System\gfKDcxt.exe
  2⤵
  PID:6716
- C:\Windows\System\POquSEP.exe
  C:\Windows\System\POquSEP.exe
  2⤵
  PID:6684
- C:\Windows\System\yaCaAzM.exe
  C:\Windows\System\yaCaAzM.exe
  2⤵
  PID:6752
- C:\Windows\System\TAQngxV.exe
  C:\Windows\System\TAQngxV.exe
  2⤵
  PID:6852
- C:\Windows\System\uofKWAg.exe
  C:\Windows\System\uofKWAg.exe
  2⤵
  PID:6912
- C:\Windows\System\dvCVGxK.exe
  C:\Windows\System\dvCVGxK.exe
  2⤵
  PID:6976
- C:\Windows\System\DOWxzuz.exe
  C:\Windows\System\DOWxzuz.exe
  2⤵
  PID:7040
- C:\Windows\System\UwZvCsH.exe
  C:\Windows\System\UwZvCsH.exe
  2⤵
  PID:6896
- C:\Windows\System\VcmheUj.exe
  C:\Windows\System\VcmheUj.exe
  2⤵
  PID:6932
- C:\Windows\System\uRKpPtI.exe
  C:\Windows\System\uRKpPtI.exe
  2⤵
  PID:7024
- C:\Windows\System\mnkaeBu.exe
  C:\Windows\System\mnkaeBu.exe
  2⤵
  PID:7072
- C:\Windows\System\QNhRQAN.exe
  C:\Windows\System\QNhRQAN.exe
  2⤵
  PID:6736
- C:\Windows\System\tuduawT.exe
  C:\Windows\System\tuduawT.exe
  2⤵
  PID:4948
- C:\Windows\System\lnWMEui.exe
  C:\Windows\System\lnWMEui.exe
  2⤵
  PID:7092
- C:\Windows\System\KwJmWbA.exe
  C:\Windows\System\KwJmWbA.exe
  2⤵
  PID:2288
- C:\Windows\System\xBcfXNS.exe
  C:\Windows\System\xBcfXNS.exe
  2⤵
  PID:5132
- C:\Windows\System\HEUGOki.exe
  C:\Windows\System\HEUGOki.exe
  2⤵
  PID:6044
- C:\Windows\System\imCTbAo.exe
  C:\Windows\System\imCTbAo.exe
  2⤵
  PID:6192
- C:\Windows\System\ojYzBHY.exe
  C:\Windows\System\ojYzBHY.exe
  2⤵
  PID:3668
- C:\Windows\System\weqZnMf.exe
  C:\Windows\System\weqZnMf.exe
  2⤵
  PID:6256
- C:\Windows\System\IrPdUeN.exe
  C:\Windows\System\IrPdUeN.exe
  2⤵
  PID:5712
- C:\Windows\System\eMkNkSK.exe
  C:\Windows\System\eMkNkSK.exe
  2⤵
  PID:4772
- C:\Windows\System\OTmicPt.exe
  C:\Windows\System\OTmicPt.exe
  2⤵
  PID:6332
- C:\Windows\System\deOVwLp.exe
  C:\Windows\System\deOVwLp.exe
  2⤵
  PID:6208
- C:\Windows\System\bfoAaCt.exe
  C:\Windows\System\bfoAaCt.exe
  2⤵
  PID:6508
- C:\Windows\System\ARYmGDD.exe
  C:\Windows\System\ARYmGDD.exe
  2⤵
  PID:3680
- C:\Windows\System\ybuQlzl.exe
  C:\Windows\System\ybuQlzl.exe
  2⤵
  PID:6772
- C:\Windows\System\PteEgJN.exe
  C:\Windows\System\PteEgJN.exe
  2⤵
  PID:6524
- C:\Windows\System\PVsogLT.exe
  C:\Windows\System\PVsogLT.exe
  2⤵
  PID:6688
- C:\Windows\System\XRQPBbN.exe
  C:\Windows\System\XRQPBbN.exe
  2⤵
  PID:6652
- C:\Windows\System\vaYctaZ.exe
  C:\Windows\System\vaYctaZ.exe
  2⤵
  PID:3684
- C:\Windows\System\NlsQvOa.exe
  C:\Windows\System\NlsQvOa.exe
  2⤵
  PID:6884
- C:\Windows\System\kPVfQWk.exe
  C:\Windows\System\kPVfQWk.exe
  2⤵
  PID:6788
- C:\Windows\System\iQHuafU.exe
  C:\Windows\System\iQHuafU.exe
  2⤵
  PID:7104
- C:\Windows\System\BCpBSpM.exe
  C:\Windows\System\BCpBSpM.exe
  2⤵
  PID:3708
- C:\Windows\System\CcHJRzS.exe
  C:\Windows\System\CcHJRzS.exe
  2⤵
  PID:7180
- C:\Windows\System\PNTPrzn.exe
  C:\Windows\System\PNTPrzn.exe
  2⤵
  PID:7196
- C:\Windows\System\EUfhnVL.exe
  C:\Windows\System\EUfhnVL.exe
  2⤵
  PID:7212
- C:\Windows\System\ZhnjfBm.exe
  C:\Windows\System\ZhnjfBm.exe
  2⤵
  PID:7228
- C:\Windows\System\OuRlLte.exe
  C:\Windows\System\OuRlLte.exe
  2⤵
  PID:7244
- C:\Windows\System\vqQlJFF.exe
  C:\Windows\System\vqQlJFF.exe
  2⤵
  PID:7260
- C:\Windows\System\CXGgtTn.exe
  C:\Windows\System\CXGgtTn.exe
  2⤵
  PID:7276
- C:\Windows\System\NHJLzoW.exe
  C:\Windows\System\NHJLzoW.exe
  2⤵
  PID:7292
- C:\Windows\System\caFVTVZ.exe
  C:\Windows\System\caFVTVZ.exe
  2⤵
  PID:7308
- C:\Windows\System\SEYHQhY.exe
  C:\Windows\System\SEYHQhY.exe
  2⤵
  PID:7324
- C:\Windows\System\qZOMPYU.exe
  C:\Windows\System\qZOMPYU.exe
  2⤵
  PID:7340
- C:\Windows\System\aJzOcsx.exe
  C:\Windows\System\aJzOcsx.exe
  2⤵
  PID:7356
- C:\Windows\System\jMSQWAe.exe
  C:\Windows\System\jMSQWAe.exe
  2⤵
  PID:7372
- C:\Windows\System\rXYSfSf.exe
  C:\Windows\System\rXYSfSf.exe
  2⤵
  PID:7388
- C:\Windows\System\XcnWCCv.exe
  C:\Windows\System\XcnWCCv.exe
  2⤵
  PID:7404
- C:\Windows\System\mFXezGe.exe
  C:\Windows\System\mFXezGe.exe
  2⤵
  PID:7420
- C:\Windows\System\fHAksop.exe
  C:\Windows\System\fHAksop.exe
  2⤵
  PID:7436
- C:\Windows\System\qkJlilE.exe
  C:\Windows\System\qkJlilE.exe
  2⤵
  PID:7456
- C:\Windows\System\CQyurNj.exe
  C:\Windows\System\CQyurNj.exe
  2⤵
  PID:7472
- C:\Windows\System\rmhPybr.exe
  C:\Windows\System\rmhPybr.exe
  2⤵
  PID:7488
- C:\Windows\System\lZWQsEu.exe
  C:\Windows\System\lZWQsEu.exe
  2⤵
  PID:7504
- C:\Windows\System\wAhMrew.exe
  C:\Windows\System\wAhMrew.exe
  2⤵
  PID:7520
- C:\Windows\System\pTDkKsv.exe
  C:\Windows\System\pTDkKsv.exe
  2⤵
  PID:7536
- C:\Windows\System\JIYgiKF.exe
  C:\Windows\System\JIYgiKF.exe
  2⤵
  PID:7552
- C:\Windows\System\IWsNUeJ.exe
  C:\Windows\System\IWsNUeJ.exe
  2⤵
  PID:7568
- C:\Windows\System\aWafNiS.exe
  C:\Windows\System\aWafNiS.exe
  2⤵
  PID:7584
- C:\Windows\System\apyGWWz.exe
  C:\Windows\System\apyGWWz.exe
  2⤵
  PID:7600
- C:\Windows\System\NRTYRhl.exe
  C:\Windows\System\NRTYRhl.exe
  2⤵
  PID:7616
- C:\Windows\System\ZDZfczn.exe
  C:\Windows\System\ZDZfczn.exe
  2⤵
  PID:7632
- C:\Windows\System\yyxEvPA.exe
  C:\Windows\System\yyxEvPA.exe
  2⤵
  PID:7648
- C:\Windows\System\vySFAmK.exe
  C:\Windows\System\vySFAmK.exe
  2⤵
  PID:7664
- C:\Windows\System\ANDoNbW.exe
  C:\Windows\System\ANDoNbW.exe
  2⤵
  PID:7680
- C:\Windows\System\PYDlRWd.exe
  C:\Windows\System\PYDlRWd.exe
  2⤵
  PID:7696
- C:\Windows\System\fgFPzvE.exe
  C:\Windows\System\fgFPzvE.exe
  2⤵
  PID:7712
- C:\Windows\System\LlvrvgN.exe
  C:\Windows\System\LlvrvgN.exe
  2⤵
  PID:7728
- C:\Windows\System\AUnQHoo.exe
  C:\Windows\System\AUnQHoo.exe
  2⤵
  PID:7744
- C:\Windows\System\nBojMiN.exe
  C:\Windows\System\nBojMiN.exe
  2⤵
  PID:7760
- C:\Windows\System\gHleeBq.exe
  C:\Windows\System\gHleeBq.exe
  2⤵
  PID:7776
- C:\Windows\System\FHRAkoB.exe
  C:\Windows\System\FHRAkoB.exe
  2⤵
  PID:7792
- C:\Windows\System\zAIyXWV.exe
  C:\Windows\System\zAIyXWV.exe
  2⤵
  PID:7808
- C:\Windows\System\NuHafQj.exe
  C:\Windows\System\NuHafQj.exe
  2⤵
  PID:7824
- C:\Windows\System\IUPJwXJ.exe
  C:\Windows\System\IUPJwXJ.exe
  2⤵
  PID:7840
- C:\Windows\System\tdeynCG.exe
  C:\Windows\System\tdeynCG.exe
  2⤵
  PID:7856
- C:\Windows\System\xeiotgk.exe
  C:\Windows\System\xeiotgk.exe
  2⤵
  PID:7872
- C:\Windows\System\XvFgoaM.exe
  C:\Windows\System\XvFgoaM.exe
  2⤵
  PID:7888
- C:\Windows\System\kWehIXf.exe
  C:\Windows\System\kWehIXf.exe
  2⤵
  PID:7904
- C:\Windows\System\BdwzBGK.exe
  C:\Windows\System\BdwzBGK.exe
  2⤵
  PID:7920
- C:\Windows\System\EzLUmLA.exe
  C:\Windows\System\EzLUmLA.exe
  2⤵
  PID:7936
- C:\Windows\System\CtzbXtd.exe
  C:\Windows\System\CtzbXtd.exe
  2⤵
  PID:7956
- C:\Windows\System\RiAyZFZ.exe
  C:\Windows\System\RiAyZFZ.exe
  2⤵
  PID:7972
- C:\Windows\System\dPWLDxe.exe
  C:\Windows\System\dPWLDxe.exe
  2⤵
  PID:7988
- C:\Windows\System\qgZgXvs.exe
  C:\Windows\System\qgZgXvs.exe
  2⤵
  PID:8004
- C:\Windows\System\HrGwBMJ.exe
  C:\Windows\System\HrGwBMJ.exe
  2⤵
  PID:8020
- C:\Windows\System\mmezaNI.exe
  C:\Windows\System\mmezaNI.exe
  2⤵
  PID:8036
- C:\Windows\System\HqHBgrk.exe
  C:\Windows\System\HqHBgrk.exe
  2⤵
  PID:8052
- C:\Windows\System\cEfysKR.exe
  C:\Windows\System\cEfysKR.exe
  2⤵
  PID:8068
- C:\Windows\System\RLZJApQ.exe
  C:\Windows\System\RLZJApQ.exe
  2⤵
  PID:8084
- C:\Windows\System\XrCtUkf.exe
  C:\Windows\System\XrCtUkf.exe
  2⤵
  PID:8100
- C:\Windows\System\gteqDnT.exe
  C:\Windows\System\gteqDnT.exe
  2⤵
  PID:8116
- C:\Windows\System\YOinqYO.exe
  C:\Windows\System\YOinqYO.exe
  2⤵
  PID:8132
- C:\Windows\System\tbxveRJ.exe
  C:\Windows\System\tbxveRJ.exe
  2⤵
  PID:8148
- C:\Windows\System\GWHeHpx.exe
  C:\Windows\System\GWHeHpx.exe
  2⤵
  PID:8164
- C:\Windows\System\yyykVgH.exe
  C:\Windows\System\yyykVgH.exe
  2⤵
  PID:8180
- C:\Windows\System\ihXrgGT.exe
  C:\Windows\System\ihXrgGT.exe
  2⤵
  PID:7088
- C:\Windows\System\XcuyxbU.exe
  C:\Windows\System\XcuyxbU.exe
  2⤵
  PID:7156
- C:\Windows\System\PBdzPSF.exe
  C:\Windows\System\PBdzPSF.exe
  2⤵
  PID:6996
- C:\Windows\System\CKzJxaO.exe
  C:\Windows\System\CKzJxaO.exe
  2⤵
  PID:4992
- C:\Windows\System\uABwzxa.exe
  C:\Windows\System\uABwzxa.exe
  2⤵
  PID:5904
- C:\Windows\System\gDNBFjb.exe
  C:\Windows\System\gDNBFjb.exe
  2⤵
  PID:5696
- C:\Windows\System\QjvtTqe.exe
  C:\Windows\System\QjvtTqe.exe
  2⤵
  PID:5628
- C:\Windows\System\sNKbDiC.exe
  C:\Windows\System\sNKbDiC.exe
  2⤵
  PID:6572
- C:\Windows\System\jlINiQN.exe
  C:\Windows\System\jlINiQN.exe
  2⤵
  PID:6380
- C:\Windows\System\gECTifu.exe
  C:\Windows\System\gECTifu.exe
  2⤵
  PID:6496
- C:\Windows\System\hrecoiv.exe
  C:\Windows\System\hrecoiv.exe
  2⤵
  PID:6576
- C:\Windows\System\oJDxMDl.exe
  C:\Windows\System\oJDxMDl.exe
  2⤵
  PID:6720
- C:\Windows\System\DmjslBF.exe
  C:\Windows\System\DmjslBF.exe
  2⤵
  PID:6964
- C:\Windows\System\iDikdIc.exe
  C:\Windows\System\iDikdIc.exe
  2⤵
  PID:2808
- C:\Windows\System\AlkGtLb.exe
  C:\Windows\System\AlkGtLb.exe
  2⤵
  PID:7208
- C:\Windows\System\LshItve.exe
  C:\Windows\System\LshItve.exe
  2⤵
  PID:3532
- C:\Windows\System\lxDHXan.exe
  C:\Windows\System\lxDHXan.exe
  2⤵
  PID:7224
- C:\Windows\System\KBNuTVd.exe
  C:\Windows\System\KBNuTVd.exe
  2⤵
  PID:7220
- C:\Windows\System\eLfWbhL.exe
  C:\Windows\System\eLfWbhL.exe
  2⤵
  PID:7304
- C:\Windows\System\tXKFaSG.exe
  C:\Windows\System\tXKFaSG.exe
  2⤵
  PID:7336
- C:\Windows\System\aMmNCcK.exe
  C:\Windows\System\aMmNCcK.exe
  2⤵
  PID:7288
- C:\Windows\System\ySTOFyo.exe
  C:\Windows\System\ySTOFyo.exe
  2⤵
  PID:7352
- C:\Windows\System\VxHqeJA.exe
  C:\Windows\System\VxHqeJA.exe
  2⤵
  PID:7400
- C:\Windows\System\zUPQkNO.exe
  C:\Windows\System\zUPQkNO.exe
  2⤵
  PID:7464
- C:\Windows\System\UiYZvAN.exe
  C:\Windows\System\UiYZvAN.exe
  2⤵
  PID:7452
- C:\Windows\System\yVtfsTe.exe
  C:\Windows\System\yVtfsTe.exe
  2⤵
  PID:7532
- C:\Windows\System\yVEWOhX.exe
  C:\Windows\System\yVEWOhX.exe
  2⤵
  PID:7512
- C:\Windows\System\NwMsSaW.exe
  C:\Windows\System\NwMsSaW.exe
  2⤵
  PID:7548
- C:\Windows\System\wUtWFXw.exe
  C:\Windows\System\wUtWFXw.exe
  2⤵
  PID:7576
- C:\Windows\System\NCRJtVT.exe
  C:\Windows\System\NCRJtVT.exe
  2⤵
  PID:7628
- C:\Windows\System\DVyIrXJ.exe
  C:\Windows\System\DVyIrXJ.exe
  2⤵
  PID:7656
- C:\Windows\System\kSRhVpq.exe
  C:\Windows\System\kSRhVpq.exe
  2⤵
  PID:7692
- C:\Windows\System\XfqGehc.exe
  C:\Windows\System\XfqGehc.exe
  2⤵
  PID:7704
- C:\Windows\System\eiHYEdI.exe
  C:\Windows\System\eiHYEdI.exe
  2⤵
  PID:7736
- C:\Windows\System\eARUQKJ.exe
  C:\Windows\System\eARUQKJ.exe
  2⤵
  PID:7756
- C:\Windows\System\ZvyQWLf.exe
  C:\Windows\System\ZvyQWLf.exe
  2⤵
  PID:7772
- C:\Windows\System\kMvOkxz.exe
  C:\Windows\System\kMvOkxz.exe
  2⤵
  PID:7852
- C:\Windows\System\dRVnKoL.exe
  C:\Windows\System\dRVnKoL.exe
  2⤵
  PID:7804
- C:\Windows\System\DnMNQFM.exe
  C:\Windows\System\DnMNQFM.exe
  2⤵
  PID:7896
- C:\Windows\System\KNCvhsO.exe
  C:\Windows\System\KNCvhsO.exe
  2⤵
  PID:3756
- C:\Windows\System\usiDYoU.exe
  C:\Windows\System\usiDYoU.exe
  2⤵
  PID:3764
- C:\Windows\System\VciBbzD.exe
  C:\Windows\System\VciBbzD.exe
  2⤵
  PID:2448
- C:\Windows\System\cNwElep.exe
  C:\Windows\System\cNwElep.exe
  2⤵
  PID:7980
- C:\Windows\System\bLAnPAF.exe
  C:\Windows\System\bLAnPAF.exe
  2⤵
  PID:8012
- C:\Windows\System\MljNZwC.exe
  C:\Windows\System\MljNZwC.exe
  2⤵
  PID:8048
- C:\Windows\System\nvsKUwn.exe
  C:\Windows\System\nvsKUwn.exe
  2⤵
  PID:7928
- C:\Windows\System\QxRmrdT.exe
  C:\Windows\System\QxRmrdT.exe
  2⤵
  PID:8000
- C:\Windows\System\GGljilB.exe
  C:\Windows\System\GGljilB.exe
  2⤵
  PID:8032
- C:\Windows\System\myYxCgE.exe
  C:\Windows\System\myYxCgE.exe
  2⤵
  PID:8172
- C:\Windows\System\vJsrwhW.exe
  C:\Windows\System\vJsrwhW.exe
  2⤵
  PID:1796
- C:\Windows\System\BssMPee.exe
  C:\Windows\System\BssMPee.exe
  2⤵
  PID:8092
- C:\Windows\System\XygHMgU.exe
  C:\Windows\System\XygHMgU.exe
  2⤵
  PID:8156
- C:\Windows\System\peszrSe.exe
  C:\Windows\System\peszrSe.exe
  2⤵
  PID:3688
- C:\Windows\System\GwxjqKJ.exe
  C:\Windows\System\GwxjqKJ.exe
  2⤵
  PID:6204
- C:\Windows\System\FuIxMwZ.exe
  C:\Windows\System\FuIxMwZ.exe
  2⤵
  PID:6464
- C:\Windows\System\ACcxWAt.exe
  C:\Windows\System\ACcxWAt.exe
  2⤵
  PID:7176
- C:\Windows\System\wTipqDh.exe
  C:\Windows\System\wTipqDh.exe
  2⤵
  PID:3676
- C:\Windows\System\ujMbVsI.exe
  C:\Windows\System\ujMbVsI.exe
  2⤵
  PID:6460
- C:\Windows\System\ErzCUig.exe
  C:\Windows\System\ErzCUig.exe
  2⤵
  PID:7188
- C:\Windows\System\liYXpSo.exe
  C:\Windows\System\liYXpSo.exe
  2⤵
  PID:7252
- C:\Windows\System\lrUQMJG.exe
  C:\Windows\System\lrUQMJG.exe
  2⤵
  PID:7348
- C:\Windows\System\mjtPEGh.exe
  C:\Windows\System\mjtPEGh.exe
  2⤵
  PID:7236
- C:\Windows\System\bmaqgPq.exe
  C:\Windows\System\bmaqgPq.exe
  2⤵
  PID:600
- C:\Windows\System\ZboWJOL.exe
  C:\Windows\System\ZboWJOL.exe
  2⤵
  PID:7368
- C:\Windows\System\UbkRoQo.exe
  C:\Windows\System\UbkRoQo.exe
  2⤵
  PID:7412
- C:\Windows\System\EsboSGQ.exe
  C:\Windows\System\EsboSGQ.exe
  2⤵
  PID:7560
- C:\Windows\System\RwXgQKE.exe
  C:\Windows\System\RwXgQKE.exe
  2⤵
  PID:2720
- C:\Windows\System\DlgLgCD.exe
  C:\Windows\System\DlgLgCD.exe
  2⤵
  PID:7688
- C:\Windows\System\iItXhDU.exe
  C:\Windows\System\iItXhDU.exe
  2⤵
  PID:7608
- C:\Windows\System\IuExuaz.exe
  C:\Windows\System\IuExuaz.exe
  2⤵
  PID:7592
- C:\Windows\System\BqznYqN.exe
  C:\Windows\System\BqznYqN.exe
  2⤵
  PID:7800
- C:\Windows\System\Lqdesrt.exe
  C:\Windows\System\Lqdesrt.exe
  2⤵
  PID:2308
- C:\Windows\System\rjOEVpx.exe
  C:\Windows\System\rjOEVpx.exe
  2⤵
  PID:7820
- C:\Windows\System\VDTnnbC.exe
  C:\Windows\System\VDTnnbC.exe
  2⤵
  PID:3780
- C:\Windows\System\yZllbYv.exe
  C:\Windows\System\yZllbYv.exe
  2⤵
  PID:7884
- C:\Windows\System\UrYIfxF.exe
  C:\Windows\System\UrYIfxF.exe
  2⤵
  PID:8080
- C:\Windows\System\ozhkQZF.exe
  C:\Windows\System\ozhkQZF.exe
  2⤵
  PID:3768
- C:\Windows\System\WdFbTcP.exe
  C:\Windows\System\WdFbTcP.exe
  2⤵
  PID:1052
- C:\Windows\System\IIlEuWi.exe
  C:\Windows\System\IIlEuWi.exe
  2⤵
  PID:8124
- C:\Windows\System\BLGOslt.exe
  C:\Windows\System\BLGOslt.exe
  2⤵
  PID:7968
- C:\Windows\System\xTKkmHi.exe
  C:\Windows\System\xTKkmHi.exe
  2⤵
  PID:8060
- C:\Windows\System\ZfrdnVD.exe
  C:\Windows\System\ZfrdnVD.exe
  2⤵
  PID:6320
- C:\Windows\System\NBEgsSm.exe
  C:\Windows\System\NBEgsSm.exe
  2⤵
  PID:6304
- C:\Windows\System\bQDmjqo.exe
  C:\Windows\System\bQDmjqo.exe
  2⤵
  PID:8188
- C:\Windows\System\unrxHNQ.exe
  C:\Windows\System\unrxHNQ.exe
  2⤵
  PID:6868
- C:\Windows\System\cCbBhoL.exe
  C:\Windows\System\cCbBhoL.exe
  2⤵
  PID:2960
- C:\Windows\System\qcJjXUv.exe
  C:\Windows\System\qcJjXUv.exe
  2⤵
  PID:2220
- C:\Windows\System\vUOMqve.exe
  C:\Windows\System\vUOMqve.exe
  2⤵
  PID:7528
- C:\Windows\System\xUbqXrm.exe
  C:\Windows\System\xUbqXrm.exe
  2⤵
  PID:7256
- C:\Windows\System\HtqTPny.exe
  C:\Windows\System\HtqTPny.exe
  2⤵
  PID:7432
- C:\Windows\System\YPMxoiI.exe
  C:\Windows\System\YPMxoiI.exe
  2⤵
  PID:7444
- C:\Windows\System\cjCAEUA.exe
  C:\Windows\System\cjCAEUA.exe
  2⤵
  PID:7660
- C:\Windows\System\bYHGGDh.exe
  C:\Windows\System\bYHGGDh.exe
  2⤵
  PID:7864
- C:\Windows\System\nUgmdAP.exe
  C:\Windows\System\nUgmdAP.exe
  2⤵
  PID:7484
- C:\Windows\System\hCzJcbc.exe
  C:\Windows\System\hCzJcbc.exe
  2⤵
  PID:7848
- C:\Windows\System\vpeeSab.exe
  C:\Windows\System\vpeeSab.exe
  2⤵
  PID:8044
- C:\Windows\System\MYhoHzO.exe
  C:\Windows\System\MYhoHzO.exe
  2⤵
  PID:7932
- C:\Windows\System\tpUGEsK.exe
  C:\Windows\System\tpUGEsK.exe
  2⤵
  PID:6928
- C:\Windows\System\XrbcUyy.exe
  C:\Windows\System\XrbcUyy.exe
  2⤵
  PID:7272
- C:\Windows\System\aHNTjgf.exe
  C:\Windows\System\aHNTjgf.exe
  2⤵
  PID:7380
- C:\Windows\System\gMNGPFZ.exe
  C:\Windows\System\gMNGPFZ.exe
  2⤵
  PID:2184
- C:\Windows\System\LRRjjjq.exe
  C:\Windows\System\LRRjjjq.exe
  2⤵
  PID:8208
- C:\Windows\System\ZIcqTId.exe
  C:\Windows\System\ZIcqTId.exe
  2⤵
  PID:8228
- C:\Windows\System\oljCaej.exe
  C:\Windows\System\oljCaej.exe
  2⤵
  PID:8244
- C:\Windows\System\vvAYEco.exe
  C:\Windows\System\vvAYEco.exe
  2⤵
  PID:8260
- C:\Windows\System\pfhalVK.exe
  C:\Windows\System\pfhalVK.exe
  2⤵
  PID:8276
- C:\Windows\System\ZgHLfHB.exe
  C:\Windows\System\ZgHLfHB.exe
  2⤵
  PID:8292
- C:\Windows\System\ezFRtte.exe
  C:\Windows\System\ezFRtte.exe
  2⤵
  PID:8308
- C:\Windows\System\LhFgLjK.exe
  C:\Windows\System\LhFgLjK.exe
  2⤵
  PID:8324
- C:\Windows\System\EjicsMO.exe
  C:\Windows\System\EjicsMO.exe
  2⤵
  PID:8340
- C:\Windows\System\tIQBkzt.exe
  C:\Windows\System\tIQBkzt.exe
  2⤵
  PID:8356
- C:\Windows\System\cbBjHeN.exe
  C:\Windows\System\cbBjHeN.exe
  2⤵
  PID:8372
- C:\Windows\System\uEsmNRt.exe
  C:\Windows\System\uEsmNRt.exe
  2⤵
  PID:8388
- C:\Windows\System\MryGfgt.exe
  C:\Windows\System\MryGfgt.exe
  2⤵
  PID:8404
- C:\Windows\System\ymymIcv.exe
  C:\Windows\System\ymymIcv.exe
  2⤵
  PID:8420
- C:\Windows\System\yjXyOtV.exe
  C:\Windows\System\yjXyOtV.exe
  2⤵
  PID:8436
- C:\Windows\System\IWwkZcn.exe
  C:\Windows\System\IWwkZcn.exe
  2⤵
  PID:8452
- C:\Windows\System\TQaKWEy.exe
  C:\Windows\System\TQaKWEy.exe
  2⤵
  PID:8468
- C:\Windows\System\sbrUjHO.exe
  C:\Windows\System\sbrUjHO.exe
  2⤵
  PID:8484
- C:\Windows\System\DxshYPn.exe
  C:\Windows\System\DxshYPn.exe
  2⤵
  PID:8500
- C:\Windows\System\KaAzxBW.exe
  C:\Windows\System\KaAzxBW.exe
  2⤵
  PID:8516
- C:\Windows\System\zknAVuo.exe
  C:\Windows\System\zknAVuo.exe
  2⤵
  PID:8532
- C:\Windows\System\bDrTjBF.exe
  C:\Windows\System\bDrTjBF.exe
  2⤵
  PID:8548
- C:\Windows\System\lIXGOQr.exe
  C:\Windows\System\lIXGOQr.exe
  2⤵
  PID:8564
- C:\Windows\System\qWbUpFk.exe
  C:\Windows\System\qWbUpFk.exe
  2⤵
  PID:8580
- C:\Windows\System\wXwTazV.exe
  C:\Windows\System\wXwTazV.exe
  2⤵
  PID:8596
- C:\Windows\System\wzpJroA.exe
  C:\Windows\System\wzpJroA.exe
  2⤵
  PID:8612
- C:\Windows\System\MbhsfJQ.exe
  C:\Windows\System\MbhsfJQ.exe
  2⤵
  PID:8628
- C:\Windows\System\MIkLdvg.exe
  C:\Windows\System\MIkLdvg.exe
  2⤵
  PID:8644
- C:\Windows\System\FKzBagH.exe
  C:\Windows\System\FKzBagH.exe
  2⤵
  PID:8660
- C:\Windows\System\czzVPPE.exe
  C:\Windows\System\czzVPPE.exe
  2⤵
  PID:8676
- C:\Windows\System\ZtVzmZC.exe
  C:\Windows\System\ZtVzmZC.exe
  2⤵
  PID:8692
- C:\Windows\System\uRkslFS.exe
  C:\Windows\System\uRkslFS.exe
  2⤵
  PID:8708
- C:\Windows\System\SpxJgqN.exe
  C:\Windows\System\SpxJgqN.exe
  2⤵
  PID:8724
- C:\Windows\System\RdLrpRX.exe
  C:\Windows\System\RdLrpRX.exe
  2⤵
  PID:8740
- C:\Windows\System\VWbFghF.exe
  C:\Windows\System\VWbFghF.exe
  2⤵
  PID:8756
- C:\Windows\System\sobfnft.exe
  C:\Windows\System\sobfnft.exe
  2⤵
  PID:8772
- C:\Windows\System\YvMGtDQ.exe
  C:\Windows\System\YvMGtDQ.exe
  2⤵
  PID:8788
- C:\Windows\System\lCMiHov.exe
  C:\Windows\System\lCMiHov.exe
  2⤵
  PID:8804
- C:\Windows\System\hZCusxM.exe
  C:\Windows\System\hZCusxM.exe
  2⤵
  PID:8820
- C:\Windows\System\JavSlwn.exe
  C:\Windows\System\JavSlwn.exe
  2⤵
  PID:8836
- C:\Windows\System\kCizxiz.exe
  C:\Windows\System\kCizxiz.exe
  2⤵
  PID:8852
- C:\Windows\System\pVCoUVb.exe
  C:\Windows\System\pVCoUVb.exe
  2⤵
  PID:8868
- C:\Windows\System\QBBsvYV.exe
  C:\Windows\System\QBBsvYV.exe
  2⤵
  PID:8884
- C:\Windows\System\DFbxSSh.exe
  C:\Windows\System\DFbxSSh.exe
  2⤵
  PID:8900
- C:\Windows\System\jDBWAEk.exe
  C:\Windows\System\jDBWAEk.exe
  2⤵
  PID:8916
- C:\Windows\System\MCkGFwq.exe
  C:\Windows\System\MCkGFwq.exe
  2⤵
  PID:8932
- C:\Windows\System\mdsCqds.exe
  C:\Windows\System\mdsCqds.exe
  2⤵
  PID:8956
- C:\Windows\System\gbJweAM.exe
  C:\Windows\System\gbJweAM.exe
  2⤵
  PID:1580
- C:\Windows\System\AymdFTj.exe
  C:\Windows\System\AymdFTj.exe
  2⤵
  PID:8252
- C:\Windows\System\eAAiBpN.exe
  C:\Windows\System\eAAiBpN.exe
  2⤵
  PID:8316
- C:\Windows\System\xSPEYyC.exe
  C:\Windows\System\xSPEYyC.exe
  2⤵
  PID:8352
- C:\Windows\System\wkwKbTv.exe
  C:\Windows\System\wkwKbTv.exe
  2⤵
  PID:8412
- C:\Windows\System\ASIAPDt.exe
  C:\Windows\System\ASIAPDt.exe
  2⤵
  PID:8620
- C:\Windows\System\EkYgJbV.exe
  C:\Windows\System\EkYgJbV.exe
  2⤵
  PID:8656
- C:\Windows\System\eMyOnmo.exe
  C:\Windows\System\eMyOnmo.exe
  2⤵
  PID:8720
- C:\Windows\System\ehrFJPE.exe
  C:\Windows\System\ehrFJPE.exe
  2⤵
  PID:8784
- C:\Windows\System\aRygdMI.exe
  C:\Windows\System\aRygdMI.exe
  2⤵
  PID:8848
- C:\Windows\System\izcpLyy.exe
  C:\Windows\System\izcpLyy.exe
  2⤵
  PID:3068
- C:\Windows\System\IHNKXrY.exe
  C:\Windows\System\IHNKXrY.exe
  2⤵
  PID:9024
- C:\Windows\System\HllaDPG.exe
  C:\Windows\System\HllaDPG.exe
  2⤵
  PID:6824
- C:\Windows\System\bRlOepT.exe
  C:\Windows\System\bRlOepT.exe
  2⤵
  PID:9044
- C:\Windows\System\lswRrsQ.exe
  C:\Windows\System\lswRrsQ.exe
  2⤵
  PID:9056
- C:\Windows\System\DDMkxtq.exe
  C:\Windows\System\DDMkxtq.exe
  2⤵
  PID:9068
- C:\Windows\System\IVTwXEO.exe
  C:\Windows\System\IVTwXEO.exe
  2⤵
  PID:9084
- C:\Windows\System\wPfvgkG.exe
  C:\Windows\System\wPfvgkG.exe
  2⤵
  PID:9096
- C:\Windows\System\YKEePro.exe
  C:\Windows\System\YKEePro.exe
  2⤵
  PID:9112
- C:\Windows\System\QJGRCsq.exe
  C:\Windows\System\QJGRCsq.exe
  2⤵
  PID:9128
- C:\Windows\System\hxsVoJc.exe
  C:\Windows\System\hxsVoJc.exe
  2⤵
  PID:9144
- C:\Windows\System\RwxGgOv.exe
  C:\Windows\System\RwxGgOv.exe
  2⤵
  PID:9160
- C:\Windows\System\ALFOnte.exe
  C:\Windows\System\ALFOnte.exe
  2⤵
  PID:9176
- C:\Windows\System\IRLSdmO.exe
  C:\Windows\System\IRLSdmO.exe
  2⤵
  PID:9192
- C:\Windows\System\SWnReaC.exe
  C:\Windows\System\SWnReaC.exe
  2⤵
  PID:9208
- C:\Windows\System\DqrCEgq.exe
  C:\Windows\System\DqrCEgq.exe
  2⤵
  PID:3760
- C:\Windows\System\MNgWvje.exe
  C:\Windows\System\MNgWvje.exe
  2⤵
  PID:5648
- C:\Windows\System\QykvIYp.exe
  C:\Windows\System\QykvIYp.exe
  2⤵
  PID:8204
- C:\Windows\System\vySLAky.exe
  C:\Windows\System\vySLAky.exe
  2⤵
  PID:8944
- C:\Windows\System\YVMenTb.exe
  C:\Windows\System\YVMenTb.exe
  2⤵
  PID:8300
- C:\Windows\System\IqrosDx.exe
  C:\Windows\System\IqrosDx.exe
  2⤵
  PID:580
- C:\Windows\System\blbSBCp.exe
  C:\Windows\System\blbSBCp.exe
  2⤵
  PID:7140
- C:\Windows\System\LzYYFdK.exe
  C:\Windows\System\LzYYFdK.exe
  2⤵
  PID:7316
- C:\Windows\System\OPKZWgQ.exe
  C:\Windows\System\OPKZWgQ.exe
  2⤵
  PID:1732
- C:\Windows\System\aSqapkZ.exe
  C:\Windows\System\aSqapkZ.exe
  2⤵
  PID:7788
- C:\Windows\System\gnbNtfy.exe
  C:\Windows\System\gnbNtfy.exe
  2⤵
  PID:8368
- C:\Windows\System\GAguqAM.exe
  C:\Windows\System\GAguqAM.exe
  2⤵
  PID:6808
- C:\Windows\System\wRDjRrq.exe
  C:\Windows\System\wRDjRrq.exe
  2⤵
  PID:8216
- C:\Windows\System\oxKdlNv.exe
  C:\Windows\System\oxKdlNv.exe
  2⤵
  PID:8444
- C:\Windows\System\NTqnEZo.exe
  C:\Windows\System\NTqnEZo.exe
  2⤵
  PID:8284
- C:\Windows\System\yynBqYF.exe
  C:\Windows\System\yynBqYF.exe
  2⤵
  PID:8748
- C:\Windows\System\gmtHASL.exe
  C:\Windows\System\gmtHASL.exe
  2⤵
  PID:8448
- C:\Windows\System\RdFCrAu.exe
  C:\Windows\System\RdFCrAu.exe
  2⤵
  PID:8524
- C:\Windows\System\mHczOlK.exe
  C:\Windows\System\mHczOlK.exe
  2⤵
  PID:8480
- C:\Windows\System\eQWtVLG.exe
  C:\Windows\System\eQWtVLG.exe
  2⤵
  PID:8592
- C:\Windows\System\xYJICNF.exe
  C:\Windows\System\xYJICNF.exe
  2⤵
  PID:2384
- C:\Windows\System\ZAFarVo.exe
  C:\Windows\System\ZAFarVo.exe
  2⤵
  PID:8572
- C:\Windows\System\hGipNkd.exe
  C:\Windows\System\hGipNkd.exe
  2⤵
  PID:8816
- C:\Windows\System\GzlDOGG.exe
  C:\Windows\System\GzlDOGG.exe
  2⤵
  PID:8912
- C:\Windows\System\dzRyYnT.exe
  C:\Windows\System\dzRyYnT.exe
  2⤵
  PID:8668
- C:\Windows\System\lOIORbr.exe
  C:\Windows\System\lOIORbr.exe
  2⤵
  PID:8704
- C:\Windows\System\vxXwIsi.exe
  C:\Windows\System\vxXwIsi.exe
  2⤵
  PID:8948
- C:\Windows\System\DvOJNeS.exe
  C:\Windows\System\DvOJNeS.exe
  2⤵
  PID:8864
- C:\Windows\System\YQLaKSY.exe
  C:\Windows\System\YQLaKSY.exe
  2⤵
  PID:8928
- C:\Windows\System\pbNYJMQ.exe
  C:\Windows\System\pbNYJMQ.exe
  2⤵
  PID:8768
- C:\Windows\System\RJBxjqx.exe
  C:\Windows\System\RJBxjqx.exe
  2⤵
  PID:8964
- C:\Windows\System\ViqyLCv.exe
  C:\Windows\System\ViqyLCv.exe
  2⤵
  PID:2632
- C:\Windows\System\sHizuxr.exe
  C:\Windows\System\sHizuxr.exe
  2⤵
  PID:2676
- C:\Windows\System\YOgCnQM.exe
  C:\Windows\System\YOgCnQM.exe
  2⤵
  PID:8976
- C:\Windows\System\pruDaJm.exe
  C:\Windows\System\pruDaJm.exe
  2⤵
  PID:8984
- C:\Windows\System\rqLWlVJ.exe
  C:\Windows\System\rqLWlVJ.exe
  2⤵
  PID:9000
- C:\Windows\System\KMLeXSv.exe
  C:\Windows\System\KMLeXSv.exe
  2⤵
  PID:1220
- C:\Windows\System\OuOshve.exe
  C:\Windows\System\OuOshve.exe
  2⤵
  PID:2892
- C:\Windows\System\bnmczvn.exe
  C:\Windows\System\bnmczvn.exe
  2⤵
  PID:9012
- C:\Windows\System\TsUcXzW.exe
  C:\Windows\System\TsUcXzW.exe
  2⤵
  PID:9020
- C:\Windows\System\WRXQZfT.exe
  C:\Windows\System\WRXQZfT.exe
  2⤵
  PID:9052
- C:\Windows\System\SBQONSB.exe
  C:\Windows\System\SBQONSB.exe
  2⤵
  PID:9108
- C:\Windows\System\QYPopKb.exe
  C:\Windows\System\QYPopKb.exe
  2⤵
  PID:9172
- C:\Windows\System\oAErjhp.exe
  C:\Windows\System\oAErjhp.exe
  2⤵
  PID:9040
- C:\Windows\System\sxesoKu.exe
  C:\Windows\System\sxesoKu.exe
  2⤵
  PID:9124
- C:\Windows\System\WoxsFyf.exe
  C:\Windows\System\WoxsFyf.exe
  2⤵
  PID:9188
- C:\Windows\System\kGJqgHj.exe
  C:\Windows\System\kGJqgHj.exe
  2⤵
  PID:8200
- C:\Windows\System\sTbSVNi.exe
  C:\Windows\System\sTbSVNi.exe
  2⤵
  PID:7944
- C:\Windows\System\PFHKMVt.exe
  C:\Windows\System\PFHKMVt.exe
  2⤵
  PID:8236
- C:\Windows\System\OKunIcv.exe
  C:\Windows\System\OKunIcv.exe
  2⤵
  PID:6828
- C:\Windows\System\ukMaPGu.exe
  C:\Windows\System\ukMaPGu.exe
  2⤵
  PID:6556
- C:\Windows\System\nRxITkl.exe
  C:\Windows\System\nRxITkl.exe
  2⤵
  PID:8604
- C:\Windows\System\Gankeme.exe
  C:\Windows\System\Gankeme.exe
  2⤵
  PID:8588
- C:\Windows\System\htcCWmv.exe
  C:\Windows\System\htcCWmv.exe
  2⤵
  PID:8652
- C:\Windows\System\cxkgphP.exe
  C:\Windows\System\cxkgphP.exe
  2⤵
  PID:2460
- C:\Windows\System\fAWwhLt.exe
  C:\Windows\System\fAWwhLt.exe
  2⤵
  PID:8880
- C:\Windows\System\mNoslyj.exe
  C:\Windows\System\mNoslyj.exe
  2⤵
  PID:7724
- C:\Windows\System\pZlrKwO.exe
  C:\Windows\System\pZlrKwO.exe
  2⤵
  PID:688
- C:\Windows\System\qzLESop.exe
  C:\Windows\System\qzLESop.exe
  2⤵
  PID:8736
- C:\Windows\System\MKiRAua.exe
  C:\Windows\System\MKiRAua.exe
  2⤵
  PID:8636
- C:\Windows\System\omyXZbL.exe
  C:\Windows\System\omyXZbL.exe
  2⤵
  PID:8896
- C:\Windows\System\hBVucMv.exe
  C:\Windows\System\hBVucMv.exe
  2⤵
  PID:1980
- C:\Windows\System\yDaZSdd.exe
  C:\Windows\System\yDaZSdd.exe
  2⤵
  PID:276
- C:\Windows\System\oJTwjjU.exe
  C:\Windows\System\oJTwjjU.exe
  2⤵
  PID:2732
- C:\Windows\System\LoaYDaL.exe
  C:\Windows\System\LoaYDaL.exe
  2⤵
  PID:6820
- C:\Windows\System\MPkNvXJ.exe
  C:\Windows\System\MPkNvXJ.exe
  2⤵
  PID:9008
- C:\Windows\System\WZRcMvi.exe
  C:\Windows\System\WZRcMvi.exe
  2⤵
  PID:9104
- C:\Windows\System\pygMvZU.exe
  C:\Windows\System\pygMvZU.exe
  2⤵
  PID:9184
- C:\Windows\System\ENzRtYs.exe
  C:\Windows\System\ENzRtYs.exe
  2⤵
  PID:9140
- C:\Windows\System\JqSmsSA.exe
  C:\Windows\System\JqSmsSA.exe
  2⤵
  PID:6528
- C:\Windows\System\NUblyGb.exe
  C:\Windows\System\NUblyGb.exe
  2⤵
  PID:8240
- C:\Windows\System\tJNqfNY.exe
  C:\Windows\System\tJNqfNY.exe
  2⤵
  PID:8220
- C:\Windows\System\HCdpWZH.exe
  C:\Windows\System\HCdpWZH.exe
  2⤵
  PID:8560
- C:\Windows\System\vhDafMG.exe
  C:\Windows\System\vhDafMG.exe
  2⤵
  PID:7768
- C:\Windows\System\idMlWLt.exe
  C:\Windows\System\idMlWLt.exe
  2⤵
  PID:2832
- C:\Windows\System\XVzhYwi.exe
  C:\Windows\System\XVzhYwi.exe
  2⤵
  PID:8464
- C:\Windows\System\IosEkvr.exe
  C:\Windows\System\IosEkvr.exe
  2⤵
  PID:852
- C:\Windows\System\ubPaUzi.exe
  C:\Windows\System\ubPaUzi.exe
  2⤵
  PID:2076
- C:\Windows\System\tUmuMqV.exe
  C:\Windows\System\tUmuMqV.exe
  2⤵
  PID:9156
- C:\Windows\System\ueXJiKs.exe
  C:\Windows\System\ueXJiKs.exe
  2⤵
  PID:9092
- C:\Windows\System\aopTNmY.exe
  C:\Windows\System\aopTNmY.exe
  2⤵
  PID:9080
- C:\Windows\System\RFhFAMq.exe
  C:\Windows\System\RFhFAMq.exe
  2⤵
  PID:3728
- C:\Windows\System\dSNZkOU.exe
  C:\Windows\System\dSNZkOU.exe
  2⤵
  PID:8476
- C:\Windows\System\VLKDtFI.exe
  C:\Windows\System\VLKDtFI.exe
  2⤵
  PID:8860
- C:\Windows\System\VMPxRlp.exe
  C:\Windows\System\VMPxRlp.exe
  2⤵
  PID:8688
- C:\Windows\System\gcejGQZ.exe
  C:\Windows\System\gcejGQZ.exe
  2⤵
  PID:2596
- C:\Windows\System\WRRpOBe.exe
  C:\Windows\System\WRRpOBe.exe
  2⤵
  PID:1004
- C:\Windows\System\NOaoJmI.exe
  C:\Windows\System\NOaoJmI.exe
  2⤵
  PID:7984
- C:\Windows\System\Ccjyxht.exe
  C:\Windows\System\Ccjyxht.exe
  2⤵
  PID:9232
- C:\Windows\System\NAVKuQb.exe
  C:\Windows\System\NAVKuQb.exe
  2⤵
  PID:9256
- C:\Windows\System\szGrUIb.exe
  C:\Windows\System\szGrUIb.exe
  2⤵
  PID:9272
- C:\Windows\System\oSEtqCn.exe
  C:\Windows\System\oSEtqCn.exe
  2⤵
  PID:9288
- C:\Windows\System\feCZbgc.exe
  C:\Windows\System\feCZbgc.exe
  2⤵
  PID:9312
- C:\Windows\System\CWNxzOi.exe
  C:\Windows\System\CWNxzOi.exe
  2⤵
  PID:9328
- C:\Windows\System\UeYHLNZ.exe
  C:\Windows\System\UeYHLNZ.exe
  2⤵
  PID:9344
- C:\Windows\System\tfxcnPX.exe
  C:\Windows\System\tfxcnPX.exe
  2⤵
  PID:9364
- C:\Windows\System\JXcrLWE.exe
  C:\Windows\System\JXcrLWE.exe
  2⤵
  PID:9380
- C:\Windows\System\QVXPUZK.exe
  C:\Windows\System\QVXPUZK.exe
  2⤵
  PID:9396
- C:\Windows\System\vnXBEWz.exe
  C:\Windows\System\vnXBEWz.exe
  2⤵
  PID:9412
- C:\Windows\System\tyRQXWR.exe
  C:\Windows\System\tyRQXWR.exe
  2⤵
  PID:9428
- C:\Windows\System\HGbDkLd.exe
  C:\Windows\System\HGbDkLd.exe
  2⤵
  PID:9444
- C:\Windows\System\dRzSlMr.exe
  C:\Windows\System\dRzSlMr.exe
  2⤵
  PID:9464
- C:\Windows\System\gTlDRdN.exe
  C:\Windows\System\gTlDRdN.exe
  2⤵
  PID:9480
- C:\Windows\System\hXLztIk.exe
  C:\Windows\System\hXLztIk.exe
  2⤵
  PID:9496
- C:\Windows\System\FDgrYlM.exe
  C:\Windows\System\FDgrYlM.exe
  2⤵
  PID:9512
- C:\Windows\System\KjpVLiw.exe
  C:\Windows\System\KjpVLiw.exe
  2⤵
  PID:9528
- C:\Windows\System\xRdANTM.exe
  C:\Windows\System\xRdANTM.exe
  2⤵
  PID:9544
- C:\Windows\System\eWzcGEQ.exe
  C:\Windows\System\eWzcGEQ.exe
  2⤵
  PID:9560
- C:\Windows\System\YshKAPu.exe
  C:\Windows\System\YshKAPu.exe
  2⤵
  PID:9576
- C:\Windows\System\ZrqfhSO.exe
  C:\Windows\System\ZrqfhSO.exe
  2⤵
  PID:9592
- C:\Windows\System\pNicrPF.exe
  C:\Windows\System\pNicrPF.exe
  2⤵
  PID:9612
- C:\Windows\System\dbzQYjf.exe
  C:\Windows\System\dbzQYjf.exe
  2⤵
  PID:9632
- C:\Windows\System\uZaoPsA.exe
  C:\Windows\System\uZaoPsA.exe
  2⤵
  PID:9652
- C:\Windows\System\XaZDrNr.exe
  C:\Windows\System\XaZDrNr.exe
  2⤵
  PID:9668
- C:\Windows\System\moZfTFg.exe
  C:\Windows\System\moZfTFg.exe
  2⤵
  PID:9684
- C:\Windows\System\lgLPmqe.exe
  C:\Windows\System\lgLPmqe.exe
  2⤵
  PID:9700
- C:\Windows\System\XJRIbuH.exe
  C:\Windows\System\XJRIbuH.exe
  2⤵
  PID:9716
- C:\Windows\System\SZbUtyC.exe
  C:\Windows\System\SZbUtyC.exe
  2⤵
  PID:9736
- C:\Windows\System\cENliAP.exe
  C:\Windows\System\cENliAP.exe
  2⤵
  PID:9752
- C:\Windows\System\CYdSFwr.exe
  C:\Windows\System\CYdSFwr.exe
  2⤵
  PID:9768
- C:\Windows\System\VJAgRhH.exe
  C:\Windows\System\VJAgRhH.exe
  2⤵
  PID:9788
- C:\Windows\System\btHfChy.exe
  C:\Windows\System\btHfChy.exe
  2⤵
  PID:9804
- C:\Windows\System\VJnzSAt.exe
  C:\Windows\System\VJnzSAt.exe
  2⤵
  PID:9820
- C:\Windows\System\uDbPfFz.exe
  C:\Windows\System\uDbPfFz.exe
  2⤵
  PID:9836
- C:\Windows\System\rcHjcqe.exe
  C:\Windows\System\rcHjcqe.exe
  2⤵
  PID:9852
- C:\Windows\System\ImsVwcp.exe
  C:\Windows\System\ImsVwcp.exe
  2⤵
  PID:9868
- C:\Windows\System\zmOFtwy.exe
  C:\Windows\System\zmOFtwy.exe
  2⤵
  PID:9884
- C:\Windows\System\xkOheYo.exe
  C:\Windows\System\xkOheYo.exe
  2⤵
  PID:9900
- C:\Windows\System\yKgKixw.exe
  C:\Windows\System\yKgKixw.exe
  2⤵
  PID:9916
- C:\Windows\System\LfVrhqn.exe
  C:\Windows\System\LfVrhqn.exe
  2⤵
  PID:9932
- C:\Windows\System\BDYwofY.exe
  C:\Windows\System\BDYwofY.exe
  2⤵
  PID:9948
- C:\Windows\System\yKPJFuf.exe
  C:\Windows\System\yKPJFuf.exe
  2⤵
  PID:9964
- C:\Windows\System\YxndtJj.exe
  C:\Windows\System\YxndtJj.exe
  2⤵
  PID:9980
- C:\Windows\System\fVwgkcz.exe
  C:\Windows\System\fVwgkcz.exe
  2⤵
  PID:9996
- C:\Windows\System\eooSphw.exe
  C:\Windows\System\eooSphw.exe
  2⤵
  PID:10012
- C:\Windows\System\zouBCYV.exe
  C:\Windows\System\zouBCYV.exe
  2⤵
  PID:10028
- C:\Windows\System\NLfwlLG.exe
  C:\Windows\System\NLfwlLG.exe
  2⤵
  PID:10048
- C:\Windows\System\VqjMcfO.exe
  C:\Windows\System\VqjMcfO.exe
  2⤵
  PID:10064
- C:\Windows\System\ZZXiHlF.exe
  C:\Windows\System\ZZXiHlF.exe
  2⤵
  PID:10080
- C:\Windows\System\yCpRBhx.exe
  C:\Windows\System\yCpRBhx.exe
  2⤵
  PID:10096
- C:\Windows\System\oMCPEve.exe
  C:\Windows\System\oMCPEve.exe
  2⤵
  PID:10112
- C:\Windows\System\qUifuZx.exe
  C:\Windows\System\qUifuZx.exe
  2⤵
  PID:10128
- C:\Windows\System\AxTEBdo.exe
  C:\Windows\System\AxTEBdo.exe
  2⤵
  PID:10144
- C:\Windows\System\asYrjoD.exe
  C:\Windows\System\asYrjoD.exe
  2⤵
  PID:10160
- C:\Windows\System\qRLnCvj.exe
  C:\Windows\System\qRLnCvj.exe
  2⤵
  PID:10176
- C:\Windows\System\lhemUul.exe
  C:\Windows\System\lhemUul.exe
  2⤵
  PID:10192
- C:\Windows\System\JTiAOcS.exe
  C:\Windows\System\JTiAOcS.exe
  2⤵
  PID:10208
- C:\Windows\System\xOOyofn.exe
  C:\Windows\System\xOOyofn.exe
  2⤵
  PID:10224
- C:\Windows\System\cxikhhU.exe
  C:\Windows\System\cxikhhU.exe
  2⤵
  PID:2888
- C:\Windows\System\MIqwhYa.exe
  C:\Windows\System\MIqwhYa.exe
  2⤵
  PID:9064
- C:\Windows\System\ukcngGN.exe
  C:\Windows\System\ukcngGN.exe
  2⤵
  PID:9204
- C:\Windows\System\sOoTBpG.exe
  C:\Windows\System\sOoTBpG.exe
  2⤵
  PID:8496
- C:\Windows\System\oMUiJQF.exe
  C:\Windows\System\oMUiJQF.exe
  2⤵
  PID:9284
- C:\Windows\System\ImrZZcE.exe
  C:\Windows\System\ImrZZcE.exe
  2⤵
  PID:9356
- C:\Windows\System\yZHXwFJ.exe
  C:\Windows\System\yZHXwFJ.exe
  2⤵
  PID:9296
- C:\Windows\System\GwAIrox.exe
  C:\Windows\System\GwAIrox.exe
  2⤵
  PID:9372
- C:\Windows\System\epRFzRa.exe
  C:\Windows\System\epRFzRa.exe
  2⤵
  PID:9388
- C:\Windows\System\BhfCFUg.exe
  C:\Windows\System\BhfCFUg.exe
  2⤵
  PID:9472
- C:\Windows\System\bogLBXM.exe
  C:\Windows\System\bogLBXM.exe
  2⤵
  PID:9452
- C:\Windows\System\UZFAYHs.exe
  C:\Windows\System\UZFAYHs.exe
  2⤵
  PID:9520
- C:\Windows\System\kFdYITW.exe
  C:\Windows\System\kFdYITW.exe
  2⤵
  PID:9540
- C:\Windows\System\yRKmXxA.exe
  C:\Windows\System\yRKmXxA.exe
  2⤵
  PID:9556
- C:\Windows\System\TyCAFRV.exe
  C:\Windows\System\TyCAFRV.exe
  2⤵
  PID:9584
- C:\Windows\System\gJulVoG.exe
  C:\Windows\System\gJulVoG.exe
  2⤵
  PID:9628
- C:\Windows\System\dNTrrnS.exe
  C:\Windows\System\dNTrrnS.exe
  2⤵
  PID:9696
- C:\Windows\System\ekGMRph.exe
  C:\Windows\System\ekGMRph.exe
  2⤵
  PID:9644
- C:\Windows\System\pcoNwNl.exe
  C:\Windows\System\pcoNwNl.exe
  2⤵
  PID:9676
- C:\Windows\System\WiHUxhI.exe
  C:\Windows\System\WiHUxhI.exe
  2⤵
  PID:9728
- C:\Windows\System\mEeXjcp.exe
  C:\Windows\System\mEeXjcp.exe
  2⤵
  PID:9828
- C:\Windows\System\haKPmZl.exe
  C:\Windows\System\haKPmZl.exe
  2⤵
  PID:9780
- C:\Windows\System\LJmBCKC.exe
  C:\Windows\System\LJmBCKC.exe
  2⤵
  PID:9880
- C:\Windows\System\iIcOpHH.exe
  C:\Windows\System\iIcOpHH.exe
  2⤵
  PID:9912
- C:\Windows\System\MtpLgIV.exe
  C:\Windows\System\MtpLgIV.exe
  2⤵
  PID:9972
- C:\Windows\System\RKtztvW.exe
  C:\Windows\System\RKtztvW.exe
  2⤵
  PID:9956
- C:\Windows\System\mxfNXyZ.exe
  C:\Windows\System\mxfNXyZ.exe
  2⤵
  PID:9992
- C:\Windows\System\vPdhHgz.exe
  C:\Windows\System\vPdhHgz.exe
  2⤵
  PID:10036
- C:\Windows\System\iDYPKTK.exe
  C:\Windows\System\iDYPKTK.exe
  2⤵
  PID:10024
- C:\Windows\System\KbJZftF.exe
  C:\Windows\System\KbJZftF.exe
  2⤵
  PID:10076
- C:\Windows\System\rfMDren.exe
  C:\Windows\System\rfMDren.exe
  2⤵
  PID:10152
- C:\Windows\System\ZRMZtNn.exe
  C:\Windows\System\ZRMZtNn.exe
  2⤵
  PID:10216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ANRMXUF.exe

Filesize
6.1MB

MD5
2e8d6c4f8525dacfef12e7e3ba818cad

SHA1
a9392f2d7264804db04b02d5bc02294f923c7bb5

SHA256
86991fdc65b0d42bc11cce76315c7acdc70a10338ab15cb54b4463926d19f28a

SHA512
9c4e76593231a3adf9f63529a60d57448f080d460e51417be395e987917146a6860ab09d71650bbd8f90c5fe635e9932a0a8642890774c0d545c492b0f577a0b

Download Submit
C:\Windows\system\CGWLRSy.exe

Filesize
6.1MB

MD5
8a44b4e0432c40b0770d15219d946249

SHA1
c0300b4944bebd0f9d74d5e36c5d0a8a4bcdc048

SHA256
9822d0744f64f754eefa4c2e5eede676e4b169fe86711de5715840ad273f30e7

SHA512
aa1d3130238cf5ddbc6addf0da2e1aacb18b6d58af64b0cd6439a4d4ce9482503f011b1de587565b0a1f8bb5b903b37eb5555efe5a19553cd54409c4f516a64f

Download Submit
C:\Windows\system\DNODeMk.exe

Filesize
6.1MB

MD5
3ef41d6db074526c14503fbd440930f6

SHA1
2492805adc33b9b887359eddde8c3755c392ff8d

SHA256
806109cfcde42b049f3bade765205bbc37520397ea092adec039dcd8a5eb7a44

SHA512
1efcd2340bdbdd542108d6ac71c52e9515732f460e8cab71b319bb46b44e410514bdca0baf1e9c49bdf8c3a60340ea20ba184a49b86ba9b5c876bc333db6d032

Download Submit
C:\Windows\system\HOGMAPf.exe

Filesize
6.1MB

MD5
f0de226f4df8e26d622bc31d8ff6d483

SHA1
622f58a38878027812fd1f99148767f1ffad04fc

SHA256
29ace21935fb2c16b4022edde71aafa5bb36437e0d65e2be3acd64b573139680

SHA512
13258bff9400fcb5ccfb90b969d34d4ec30fe15c387b174e7f1f341571bd7bb2635693426a311bc72155c1acddfde60d7ef7870c83e05a92cae10ad0307e85d9

Download Submit
C:\Windows\system\HOWbpZD.exe

Filesize
6.1MB

MD5
321cbdbf9fa149728cf1ca50f452a378

SHA1
bfd21f8ada65e611f23294c74a24b2d2c1028390

SHA256
d00ad6d35e01c0b12d76d1729e6de023508167e0ed2fe2a36c088a715a163b21

SHA512
d1001fa145cdebe35de4a309ce31a1f18706ebc4d1bf6700ecc4fd387c8fb9f533640e3547d13042a7f4ec167ccbab269320c9127ae5a0949bbf6d7af34ddb9d

Download Submit
C:\Windows\system\JJsRJSw.exe

Filesize
6.1MB

MD5
cfd4e2b17958305cde0add06113e1083

SHA1
f069b42a62d1db380870dcef501a993d47007f0e

SHA256
2fc7eb7fbc9f6f544b9b328b76a311c345788c54b75fb0ba939aa236d4922cb0

SHA512
499f9689ecb4f8fadb795b5bd1aa18a02b15fb4330ae59f7a2839a86a51999e9f2854f849ac9b097700725c84e71031d953b0a82aadd22d38f40fa6ff659a757

Download Submit
C:\Windows\system\KRqWzMd.exe

Filesize
6.1MB

MD5
28ff56d43a73ced1726c8aea98053169

SHA1
045d2ef7417017089c470f4f65107d13d453b629

SHA256
f5fc26bb1e75f9b0286f3e25308bcb7d5eeb0f1f0d39e13dc9b81b9eab8b4e84

SHA512
d922575eed5340b00342491c84ec6845f728460c2b1d4a4e0665f22a298fc3af293bc363c39640331a8328ac4ec6cbe37e9794e2e18856597ccfb5cbec06b774

Download Submit
C:\Windows\system\LCyPsxT.exe

Filesize
6.1MB

MD5
dd1ff113cea7146642bb7f446de186ca

SHA1
d041c5c3d92a1ae7da44d089007af4335122ce57

SHA256
047e11d2e5e63c0830546a40a6de7c9d4152ef795abfd1c1d2b600f714572114

SHA512
c80b59fa4afc29ff112c3be81194c00cd637b7b8d40ca5b839d5df164bfec5e45d34ed15e775faf049c6e9b46b5d70fd9b4f93b7d09dd44ee85c57955609e2f6

Download Submit
C:\Windows\system\NeaxqVZ.exe

Filesize
6.1MB

MD5
59935ee665ade1501aef4d25ec9bab75

SHA1
7388fd3b321c44c411c7df1d59b349b2b0eebf1c

SHA256
d46a9ff1422c37854d40155bd7ae42f81da2004f225c6ee4362a92b8c28b4b48

SHA512
72a237376a1826d269f17f819c93c7d9b00adb94ab0609a06d0d21cefaaba4e517253fa5ec30df4b416e137af804827326caca8d379c93dc08c2ffc321149fc2

Download Submit
C:\Windows\system\QhlfqLb.exe

Filesize
6.1MB

MD5
79ff7b08d0a519fb3238381d8ce9f64d

SHA1
3fee9eb2f905c755c4135eb5ed3710137238de07

SHA256
60e3b8a94fc310e623ef6ffcc6f140acdce68aba1aa0f8ca5f942ac93dd3a987

SHA512
8ea61cf71c1989bc6794b7ef15bfc355d6857ec9b0ac9fe61ff7595d76ca322f4900c775a4dc8ff7813ea36711c4856a7a54e2d9a943f16c3f0b2a879cb65841

Download Submit
C:\Windows\system\QwSrUwu.exe

Filesize
6.1MB

MD5
da254e193eb516a6042a96acdb1f337a

SHA1
06a20b5ae9e53a3f61563f4aabcee9534fc2b5c3

SHA256
74ebaa47616690e7c605f4c1edf0e636a177b5176bb256a5180bf9814aa774f5

SHA512
aa11e7701b5a79416b00910d045f6ef43ce4622173afcd0e66f3aa3f2e4bfa02289fc22ffce7987fe1ae0c12e710efd9583aed19e7aba7b838a4578b24c97564

Download Submit
C:\Windows\system\SfIphXu.exe

Filesize
6.1MB

MD5
3f81faa5f28847b17745007e4e54c024

SHA1
601a23e9a6dba20d1ae07f8f4efa5fc82a1212b0

SHA256
2e1726a6e23c6306fb6332e77e73e62b57ff86faaf2d9439284f3ce309308549

SHA512
91969038c112d9fb6ffa578ef18aa7fb6466b26ef0e3427c1e352d5da56bd6334e8fce8f9cd092e89925bb2a56dc99f05d41c81afad41c49d9200fa3c12f7c04

Download Submit
C:\Windows\system\SvYERZT.exe

Filesize
6.1MB

MD5
c8bb976b8954c852f1c8e7eb71dc1619

SHA1
3a3e4637eabc409f5d4c63f7dcac614cc464b4e5

SHA256
cdcf3da197a607ed745111b2774679430e2be9be9e2149dd728a5ecf1f6b53c1

SHA512
76a124a9a1d578748020615b66d394913e6efcdf97b7a4fa0dcf0c504f906d6b5ccf6edc3c2fb798cf0fe251ba69078076af4f355ef8d479345789a8b05d7ce4

Download Submit
C:\Windows\system\UgrqqpJ.exe

Filesize
6.1MB

MD5
d74950ba63450b57d1d2df7e513c4081

SHA1
4b2d77b210cf305c7500e99438b7da184a9985c2

SHA256
3a604df9792f03002c101483be534280b231670b17c9be1016d1e01d7e5e2995

SHA512
dc90495f064d1a6958aab6fa5e9972ff5232aa086bbca8f9487f102a218d41dbe7a4c70622e471ff968d71f75f9317010d69134621c24f73f0b8823fad3311d1

Download Submit
C:\Windows\system\VabHTvL.exe

Filesize
6.1MB

MD5
0de55864043db626febff05030197109

SHA1
72bab68029f9336c2cdb2404ab88b2bdcd37506f

SHA256
70e9b1b05f9fd1bfa49452fc2877a369ea41a3498ab394af32f0a3ad0127e832

SHA512
00b65e447e03da200390c6fb1b0c558c6df23a078a52ea712ae79975e4d88cbbcf64f4aedcf6e7b3d49c965e7f72916fc0d4ad933934d08b53e81cfb3f949abc

Download Submit
C:\Windows\system\eSRvhlS.exe

Filesize
6.1MB

MD5
736dd179da44c169c6f53e740681ba40

SHA1
c42c91b9e35e58dcac19edc25ed13d4765199c9e

SHA256
e68a949c0482e84ccf6ef691fa61208560e3bcb49849c7dc17bd8a3b0d2a6b13

SHA512
1b144831b3f9d708cdb7f79a1575be80e67abc996a73f875b63ad19802acefaad0e856afc0eb467562a9cffd02d494e41f72448bf84ade4f6e819f9e14958b33

Download Submit
C:\Windows\system\feQHddm.exe

Filesize
6.1MB

MD5
cac5911ad4a4b321aed818fcba8da91b

SHA1
c620183c3cafc6d1d09b48f2bb716c1f45d863a6

SHA256
4876f5aad9673a3d04aa8ff535ecceb95d184ef32f53704b61bfcd5b28ca1aae

SHA512
cc6a35296270700b544e6f6147b3662653562917c824f9cb390810299799a378c65513c781fe5d06ed2cab6515a19244ef1614ac7829492c773c21a045c64ec2

Download Submit
C:\Windows\system\hDBmDKi.exe

Filesize
6.1MB

MD5
f77ac912f9dd280d4ffd3322100d54b0

SHA1
bd1fe393c92e5003f047e8d042f4c89fec1065be

SHA256
43bc3a230599dc604d9b048779dffa2e3e9b02f86c13e7143865c45a05211011

SHA512
7a758e170033bfcaa995cf446010b04a6030adca65cd7d7039212a7c347ed70364e25cac0ada4642bb7f2b9dfe2bec5b04bd229d8a2e61b7ac8f6ad5e08a5911

Download Submit
C:\Windows\system\htsbvkf.exe

Filesize
6.1MB

MD5
eb00ee05fa9bca48a2805c79ec28e310

SHA1
4d3941d7dcf59e953482402069cfa804eb0472d6

SHA256
977d403a054d34d76fc02c256b8fb8dd718d87596ac4f1432cb76aa7815dccf0

SHA512
2c290238d7cd56893d4e818e327f7e14bfdde4f8bf2de77b4766e30bc218a3e94aecdf67476a4d8efe03032e31d2fa2a30e4632e8cd7ec01d7b378d87df5264f

Download Submit
C:\Windows\system\ksmGwIP.exe

Filesize
6.1MB

MD5
88766c96e9e18e267d424ac9c1f19947

SHA1
6fe639f55c1871e58fff9001f89c559b48408ef9

SHA256
520440e9958407f0449153a949fe4ab8c6a0827e040f8ed5fbe1f976e7ca5640

SHA512
295823282acca6b00925a32baad91215ada6395a57cdbdc9e18bd673e0ac601feb38e6bb47e31e55c7d595e8c7ea7c5c0088e1b0381f134e0d9465cc394f857b

Download Submit
C:\Windows\system\lygwnOY.exe

Filesize
6.1MB

MD5
136c242f78e5e5702660b149aa7bce4a

SHA1
b075783d0bc46550332d9e8ca41d7d63f063af4c

SHA256
81e01ccf99d27f6ce8c0ae2d2f8181e849f08415d5aff31619da90464ea34a52

SHA512
f31fcf7a40db1dcbd69d22c565c88e8fe405e2f254292073f97d074a3d67c30158e57ac2785d575f711f704cc4ccac135a961d920be82a0c901eab449741955e

Download Submit
C:\Windows\system\pJHurbd.exe

Filesize
6.1MB

MD5
fe7dd3aeddaa38a6795db500d5ac94ff

SHA1
3016847835cf64369fcff3e4f61bc87b998b4a57

SHA256
c4c870e59dac86baf9ea0e47a294398c4170298ac4471977109e88242acf4854

SHA512
0104353ae476bfcd1e939cd56a1873b5ff591dd2fba000cf0d982e8e2625448593a75ffadce556aef0806816d20bdc1d5cfabecd461e9216b49d1fdd2c8f087d

Download Submit
C:\Windows\system\pmQTKyC.exe

Filesize
6.1MB

MD5
d33302a408c453d151cdf4f8788c8f19

SHA1
7e7edb30e59172b0a8615d9cb094354f6dc68f7f

SHA256
b0c993ebf9e4937889b44fe01fe9db2f37fe7093e6aa3f1b9081d4eaa3b46f62

SHA512
cb83daa5b43a199c664504a78f3d33854237a1dcdf603c484e3bb24037f40c96e45b9cddbe160ec5524d79f147b2a654e20a8446ac7509bab228edb1af78f005

Download Submit
C:\Windows\system\rGuPeMj.exe

Filesize
6.1MB

MD5
b240b26ba427213e08daab4ae6927dde

SHA1
265401b6febe44b889fde0fa2de708323db107e1

SHA256
469b725dbd5291e1f8e5ff178d384c2b746cbaf0e1b8a991a601d92188ec62a5

SHA512
c5d2167fa824452a59ba7df99fbce2c8bf62a81161cd45c3673edc658b2c7b6d0b8576a1eb840269ac296a88be0125db26ace60e60f957bb5ec325dad886df46

Download Submit
C:\Windows\system\ruXagmv.exe

Filesize
6.1MB

MD5
3dd3b4b926c0907acbc143790281940b

SHA1
e6a233ac0732ac5b08d2f1f4a4a98ee7b7eee6a6

SHA256
a8d10edaa438cb9c79c56777274b36091576727ca9c7e6a2369c2fa27cb322c8

SHA512
54cc278efaf5c8b385951c87d9a260784b7823b90582c95aeed719d7129ffe539a30414a83367208f3abe7289e45b15776bea923edf95b6c4eddda24463cfac4

Download Submit
C:\Windows\system\tToAYmj.exe

Filesize
6.1MB

MD5
cfcbbace5c914cb4c3e02b40eddcb9c3

SHA1
d3767d22c0417c7fd293043cb3225cf06210e5cd

SHA256
539a8280d331f99cb61c058e9d924c4b0252954d23122010b50cee8c6a38d0bd

SHA512
25917995296776eaf090237d439772929f2d5edd3461f5817486ef208f1ad327a0e1280a3b1c7f6a6ed460c5ed5f8ef68f9fa3ff3fa763f967830d4e6b99cc60

Download Submit
C:\Windows\system\unNNlIH.exe

Filesize
6.1MB

MD5
a5235b02d54cb679c7f297fcca0beb60

SHA1
70cbe2e7d958aee673af0224a35281808ed53c38

SHA256
35a581d734bc3679c43f8de2764ce042b7684c34036d7916214870dc4f7b8d93

SHA512
77009ea0553f68ec956c71f572cfacfaee73f3d406c7e57b841b00d56fa3e57c0da9f2c7c0c469d983c90850e90286df869bb9e39d22dc53ce6765904acd4022

Download Submit
C:\Windows\system\upPVhoL.exe

Filesize
6.1MB

MD5
be8d9464d34b480c7b7565976e642da3

SHA1
a3c622320855bcfec743a0dce4c83d4648c49b2e

SHA256
f8c6fa33ab77307b29b87af26dc061a0136316e2238455e7d320d396a524c03e

SHA512
d0a297e2e649ed590adc8cb5ffb98ead3a5f6c5f4a842b21398f2751d5f6275c3f7d9f2d581672859710fda8cbd9c6f0af6b2e0671a4273ef8e40a4239c65171

Download Submit
\Windows\system\EdWJuGk.exe

Filesize
6.1MB

MD5
c5453fa029b1b952df0ef7a1fd429c3c

SHA1
6ffd88f63a6402ca4e7900d5fa6225050109bbfc

SHA256
7ff47771616d55661070971435beb0258c2534f02d9e74917a55081b43a16236

SHA512
ffea0529c6dda1c86fe4afa2fc17c22ba396fdb8f4ff1ea5efc4ec16bba1a824e4da3f8d32ae6f050e5c3d84613e913d0f37b59f5119aadf2973aeb478616cbb

Download Submit
\Windows\system\YBCYLII.exe

Filesize
6.1MB

MD5
95bbfb9c227770767c7ccbbf78376aab

SHA1
cb370b2e32e93cd2545f77ce4895ab01f7d53c8c

SHA256
d3c1c624034e7f7deb0bb17d85d0607568daff0fd373ffe0ddbda9e3205b580e

SHA512
12d17fe500f164806f72298e85d1c59921bace35338f76a5926b3c9a6a8780c1c412461c936afa6b0a79a332858821c9fe0f22f00285798c81382e2718526f39

Download Submit
\Windows\system\iuACEMQ.exe

Filesize
6.1MB

MD5
7d35eea7ece650569b9e9bbd3d71b231

SHA1
9ef1d0d744b3cee3b379d4f40cb789780c67c9bd

SHA256
aabba0141deef0b28594eda0294600ac2df2bf532fce4ae1cf78a4114232a458

SHA512
fc3d73517db5b54a3304023da935236cb32f09ea59c74d79049f5d27e720065efe001d3b89c7f4c9d62bc97b559663fa16f988926b9096eea7daec5373a72d79

Download Submit
\Windows\system\nJBWEow.exe

Filesize
6.1MB

MD5
48f31ed3106e112b72cfe5e287eb1192

SHA1
fa8d73dc4ba2c180e66932eafea9566bcb9a11c0

SHA256
829cdaa5a7aad26190d29b92acb59ad054e58242f9e00da6a1fc275d95bd2f5b

SHA512
a4b83d59f89eb55354ac35b24a87ab63b0d07b1f9d5ee0caa940078eb058cee197ef73b0b005d3e0f97e583787b3221ea922550dd9e3a399f44f9d7362cf7157

Download Submit
\Windows\system\oKpRXBT.exe

Filesize
6.1MB

MD5
dfb37a99312485f8e879cc424f9e1b0e

SHA1
3742cb58665ba4105fb4160d1eead41e4b7f6600

SHA256
d346ebc3b63b4d297e0f081f9331b9682d297c705c6029cfb8b3424514790759

SHA512
005da16ef31272c13e5c67c400ac15912191437717c719baa140a4c31cb54a53abc4ecf5946e5f2d1c7b5e5b3f11143e47cab28d2da105a0660dbd22d3cd41bc

Download Submit
\Windows\system\ywgfyof.exe

Filesize
6.1MB

MD5
c7b768e7998c48d18146fad2d6f02971

SHA1
514c7adfab89fee227ab3bfb0e8bb197d3b9d7cf

SHA256
ddae1e65fe77e1f83e4c7b31a6aca3c8da5ae945022b944495779e95ea60753b

SHA512
05b474df334f4e6a57a731344ddd2f8ac498444065c273a0504c3487ab8430ef4e9657c1aa3d072ddf3d1f57356b433e0a82291b221cff0aa6d8b997eddebbde

Download Submit
memory/320-463-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/320-4015-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/792-4096-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/792-465-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/1432-4016-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/1432-467-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2128-469-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2128-4108-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2552-455-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2552-4014-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2580-4013-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-448-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-446-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2620-457-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-4051-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-4074-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-450-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-444-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2688-4123-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1262-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1361-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2704-427-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-447-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-449-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-451-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2704-456-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-458-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2704-460-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1057-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2704-462-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-464-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2704-466-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2704-468-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2704-470-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-472-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1254-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1255-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1257-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1258-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1259-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1260-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1261-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-0-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1263-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1264-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1265-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-445-0x0000000002280000-0x00000000025D4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-1256-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-471-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-4024-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-473-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-4076-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-459-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-4049-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-461-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-4075-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download