cobaltstrike | 0f202c60eb5348f67f6404a52630e1d97f04eb5ea7bc05d0216bb61caa598a32

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-09-2024 12:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

aaf7540e27f2371447aa1d1881b4fc76
SHA1

d4f64af71a0eb6ae8731b32e7494260f1f5a5c10
SHA256

0f202c60eb5348f67f6404a52630e1d97f04eb5ea7bc05d0216bb61caa598a32
SHA512

c4a2de30bca008727871979092bf01aa492c55dab423ef8508f6b6f2f29a62dd0df37b6b000eed68692c6a5d3e6e0fcf5c2313fececc88eeaa3b8bb4cc5363d7
SSDEEP

98304:IapSdlWdfE0pZPD56utgpPFotBER/mQ32lU4:32Y56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120f6-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d90-14.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d88-13.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015df1-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015e4f-30.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015da1-25.dat	cobalt_reflective_dll
behavioral1/files/0x0036000000015d48-53.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f38-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d22-66.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d68-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f02-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-175.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-170.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-165.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-160.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017570-155.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f8-149.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174b4-144.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707f-139.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edc-129.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df8-124.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df5-119.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de9-114.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd5-105.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd9-108.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-89.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d73-94.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4c-74.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015f4e-60.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1228-0-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120f6-3.dat	xmrig
behavioral1/memory/2824-9-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d90-14.dat	xmrig
behavioral1/files/0x0008000000015d88-13.dat	xmrig
behavioral1/memory/2720-21-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2740-20-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015df1-26.dat	xmrig
behavioral1/files/0x0007000000015e4f-30.dat	xmrig
behavioral1/memory/2780-41-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2840-40-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2748-37-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015da1-25.dat	xmrig
behavioral1/files/0x0036000000015d48-53.dat	xmrig
behavioral1/memory/2428-54-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/1556-47-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f38-46.dat	xmrig
behavioral1/files/0x0007000000016d22-66.dat	xmrig
behavioral1/memory/2104-68-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2688-61-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d68-81.dat	xmrig
behavioral1/memory/2432-75-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2496-96-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2648-91-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x0006000000016f02-134.dat	xmrig
behavioral1/files/0x000500000001871c-190.dat	xmrig
behavioral1/memory/480-471-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2648-676-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2496-830-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2432-307-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/files/0x000500000001870c-185.dat	xmrig
behavioral1/files/0x0005000000018706-180.dat	xmrig
behavioral1/files/0x0005000000018697-175.dat	xmrig
behavioral1/files/0x000d000000018683-170.dat	xmrig
behavioral1/files/0x00060000000175f7-165.dat	xmrig
behavioral1/files/0x00060000000175f1-160.dat	xmrig
behavioral1/files/0x0006000000017570-155.dat	xmrig
behavioral1/memory/2104-152-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/files/0x00060000000174f8-149.dat	xmrig
behavioral1/files/0x00060000000174b4-144.dat	xmrig
behavioral1/files/0x000600000001707f-139.dat	xmrig
behavioral1/files/0x0006000000016edc-129.dat	xmrig
behavioral1/files/0x0006000000016df8-124.dat	xmrig
behavioral1/files/0x0006000000016df5-119.dat	xmrig
behavioral1/files/0x0006000000016de9-114.dat	xmrig
behavioral1/files/0x0006000000016dd5-105.dat	xmrig
behavioral1/memory/1228-101-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/1228-100-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/files/0x0006000000016dd9-108.dat	xmrig
behavioral1/memory/2428-90-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d6f-89.dat	xmrig
behavioral1/memory/2688-95-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d73-94.dat	xmrig
behavioral1/files/0x0006000000016d4c-74.dat	xmrig
behavioral1/memory/480-83-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/1556-82-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/files/0x0009000000015f4e-60.dat	xmrig
behavioral1/memory/2824-57-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2748-67-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/1228-64-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/1228-50-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2740-3470-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2824-3479-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2748-3506-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2824	qbhQyKY.exe
2740	rLTtotG.exe
2720	TltmMIp.exe
2748	uxtCoFc.exe
2780	cnCleuY.exe
2840	MVViBnS.exe
1556	pGKDKpc.exe
2428	MGDasIs.exe
2688	RscmlMi.exe
2104	TqjvKWm.exe
2432	dIwUjBb.exe
480	btEmOiN.exe
2648	cIdUzOC.exe
2496	HXEfzJf.exe
2832	mFzQKrc.exe
1712	VDHoFYE.exe
1268	kyNiEVx.exe
712	rizneDc.exe
2904	YYsDcQV.exe
1092	QkbWmoe.exe
820	MRBloDD.exe
1300	zxHUCuP.exe
2980	PVgHPjk.exe
1644	cFUhnrA.exe
2492	ncChmIe.exe
2268	myifbhl.exe
2140	nEGEiMC.exe
2216	djWfKOK.exe
2992	NsnRFwp.exe
1480	HzoxEIz.exe
1532	FqOqeDO.exe
444	GqTKfXY.exe
2444	etNOMyu.exe
2172	JWoDZBm.exe
980	VovlKLn.exe
1900	HyJEtAZ.exe
1540	TBfpLpN.exe
1396	wrpYtdn.exe
1040	wplhmPK.exe
1944	LoTpMSW.exe
1456	gmlAEzE.exe
844	CAMFjuO.exe
692	ZopDyug.exe
2532	cXEAqVU.exe
2356	mzPksbx.exe
1336	NFViTzY.exe
2084	CFlUkmA.exe
3012	ianUKZD.exe
336	fOKdHGF.exe
2112	qOGSPOv.exe
2324	QeRITLf.exe
1252	MwJiGhq.exe
2996	MFHvdSk.exe
2092	CkQaEJf.exe
2816	lZdkIUh.exe
2860	cHipPkS.exe
2240	rBCIEkp.exe
2784	kxMPaUP.exe
2652	mFzgvkd.exe
1948	XDeWdSb.exe
2628	lTHWWYk.exe
1432	MiWwiJf.exe
2340	rFFXKSU.exe
2328	wvRwsIG.exe

Loads dropped DLL 64 IoCs

pid	Process
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1228-0-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x00080000000120f6-3.dat	upx
behavioral1/memory/2824-9-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x0008000000015d90-14.dat	upx
behavioral1/files/0x0008000000015d88-13.dat	upx
behavioral1/memory/2720-21-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2740-20-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x0007000000015df1-26.dat	upx
behavioral1/files/0x0007000000015e4f-30.dat	upx
behavioral1/memory/2780-41-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2840-40-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2748-37-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x0008000000015da1-25.dat	upx
behavioral1/files/0x0036000000015d48-53.dat	upx
behavioral1/memory/2428-54-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/1556-47-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x0007000000015f38-46.dat	upx
behavioral1/files/0x0007000000016d22-66.dat	upx
behavioral1/memory/2104-68-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2688-61-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x0006000000016d68-81.dat	upx
behavioral1/memory/2432-75-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2496-96-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2648-91-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x0006000000016f02-134.dat	upx
behavioral1/files/0x000500000001871c-190.dat	upx
behavioral1/memory/480-471-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2648-676-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2496-830-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2432-307-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/files/0x000500000001870c-185.dat	upx
behavioral1/files/0x0005000000018706-180.dat	upx
behavioral1/files/0x0005000000018697-175.dat	upx
behavioral1/files/0x000d000000018683-170.dat	upx
behavioral1/files/0x00060000000175f7-165.dat	upx
behavioral1/files/0x00060000000175f1-160.dat	upx
behavioral1/files/0x0006000000017570-155.dat	upx
behavioral1/memory/2104-152-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/files/0x00060000000174f8-149.dat	upx
behavioral1/files/0x00060000000174b4-144.dat	upx
behavioral1/files/0x000600000001707f-139.dat	upx
behavioral1/files/0x0006000000016edc-129.dat	upx
behavioral1/files/0x0006000000016df8-124.dat	upx
behavioral1/files/0x0006000000016df5-119.dat	upx
behavioral1/files/0x0006000000016de9-114.dat	upx
behavioral1/files/0x0006000000016dd5-105.dat	upx
behavioral1/files/0x0006000000016dd9-108.dat	upx
behavioral1/memory/2428-90-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x0006000000016d6f-89.dat	upx
behavioral1/memory/2688-95-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x0006000000016d73-94.dat	upx
behavioral1/files/0x0006000000016d4c-74.dat	upx
behavioral1/memory/480-83-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/1556-82-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x0009000000015f4e-60.dat	upx
behavioral1/memory/2824-57-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2748-67-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/1228-50-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2740-3470-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2824-3479-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2748-3506-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2840-3514-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2428-3530-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2780-3527-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dkZuXvd.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BvZhXAE.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eLWeGgC.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yYQJULN.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gmiIBls.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UkMcvLD.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZkvQFPO.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nefJNqS.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\krfWVTK.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tngAsZO.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DIWCJSv.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYZpRIW.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BdzMpLc.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TKncXBs.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wcEHRUp.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OveWVpK.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhBGrEE.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GbnGAXb.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dZvHtRG.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxBCoBc.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZCsHgV.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vSyRVmo.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHipPkS.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qEOXMyp.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TcTAFQf.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NEjghQL.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zKyyQVn.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrPDOXN.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dAmkVgA.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zwxjSKo.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vvOVBUA.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EpwssMJ.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MljMYCl.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QflsuqL.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFleWTT.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wiAkvwp.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YERKmjh.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZWWfRsE.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qWGuPNB.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LULcluX.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CnheDKL.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLmtjMu.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KnWOLXV.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ywrSCXz.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RMuvJHz.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VutFswp.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZlJArg.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DdWNfkQ.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWxBlGP.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SMlQyAF.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHjvDHt.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BauMQwL.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bjVDBik.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aSLpPUm.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqOqeDO.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VYvvYWf.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RAHlauL.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AMjexzy.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iaPUCuz.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QYWrkkh.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vmfJgqH.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sTYWsvj.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XAtwkDi.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XNrNvaZ.exe	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 2824	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1228 wrote to memory of 2824	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1228 wrote to memory of 2824	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1228 wrote to memory of 2740	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1228 wrote to memory of 2740	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1228 wrote to memory of 2740	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1228 wrote to memory of 2720	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1228 wrote to memory of 2720	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1228 wrote to memory of 2720	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1228 wrote to memory of 2748	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1228 wrote to memory of 2748	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1228 wrote to memory of 2748	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1228 wrote to memory of 2780	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1228 wrote to memory of 2780	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1228 wrote to memory of 2780	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1228 wrote to memory of 2840	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1228 wrote to memory of 2840	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1228 wrote to memory of 2840	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1228 wrote to memory of 1556	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1228 wrote to memory of 1556	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1228 wrote to memory of 1556	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1228 wrote to memory of 2428	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1228 wrote to memory of 2428	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1228 wrote to memory of 2428	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1228 wrote to memory of 2688	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1228 wrote to memory of 2688	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1228 wrote to memory of 2688	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1228 wrote to memory of 2104	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1228 wrote to memory of 2104	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1228 wrote to memory of 2104	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1228 wrote to memory of 2432	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1228 wrote to memory of 2432	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1228 wrote to memory of 2432	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1228 wrote to memory of 480	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1228 wrote to memory of 480	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1228 wrote to memory of 480	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1228 wrote to memory of 2648	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1228 wrote to memory of 2648	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1228 wrote to memory of 2648	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1228 wrote to memory of 2496	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1228 wrote to memory of 2496	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1228 wrote to memory of 2496	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1228 wrote to memory of 2832	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1228 wrote to memory of 2832	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1228 wrote to memory of 2832	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1228 wrote to memory of 1712	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1228 wrote to memory of 1712	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1228 wrote to memory of 1712	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1228 wrote to memory of 1268	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1228 wrote to memory of 1268	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1228 wrote to memory of 1268	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1228 wrote to memory of 712	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1228 wrote to memory of 712	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1228 wrote to memory of 712	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1228 wrote to memory of 2904	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1228 wrote to memory of 2904	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1228 wrote to memory of 2904	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1228 wrote to memory of 1092	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1228 wrote to memory of 1092	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1228 wrote to memory of 1092	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1228 wrote to memory of 820	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1228 wrote to memory of 820	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1228 wrote to memory of 820	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1228 wrote to memory of 1300	1228	2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-14_aaf7540e27f2371447aa1d1881b4fc76_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Windows\System\qbhQyKY.exe
  C:\Windows\System\qbhQyKY.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\rLTtotG.exe
  C:\Windows\System\rLTtotG.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\TltmMIp.exe
  C:\Windows\System\TltmMIp.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\uxtCoFc.exe
  C:\Windows\System\uxtCoFc.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\cnCleuY.exe
  C:\Windows\System\cnCleuY.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\MVViBnS.exe
  C:\Windows\System\MVViBnS.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\pGKDKpc.exe
  C:\Windows\System\pGKDKpc.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\MGDasIs.exe
  C:\Windows\System\MGDasIs.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\RscmlMi.exe
  C:\Windows\System\RscmlMi.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\TqjvKWm.exe
  C:\Windows\System\TqjvKWm.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\dIwUjBb.exe
  C:\Windows\System\dIwUjBb.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\btEmOiN.exe
  C:\Windows\System\btEmOiN.exe
  2⤵
  - Executes dropped EXE
  PID:480
- C:\Windows\System\cIdUzOC.exe
  C:\Windows\System\cIdUzOC.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\HXEfzJf.exe
  C:\Windows\System\HXEfzJf.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\mFzQKrc.exe
  C:\Windows\System\mFzQKrc.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\VDHoFYE.exe
  C:\Windows\System\VDHoFYE.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\kyNiEVx.exe
  C:\Windows\System\kyNiEVx.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\rizneDc.exe
  C:\Windows\System\rizneDc.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\YYsDcQV.exe
  C:\Windows\System\YYsDcQV.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\QkbWmoe.exe
  C:\Windows\System\QkbWmoe.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\MRBloDD.exe
  C:\Windows\System\MRBloDD.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\zxHUCuP.exe
  C:\Windows\System\zxHUCuP.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\PVgHPjk.exe
  C:\Windows\System\PVgHPjk.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\cFUhnrA.exe
  C:\Windows\System\cFUhnrA.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\ncChmIe.exe
  C:\Windows\System\ncChmIe.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\myifbhl.exe
  C:\Windows\System\myifbhl.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\nEGEiMC.exe
  C:\Windows\System\nEGEiMC.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\djWfKOK.exe
  C:\Windows\System\djWfKOK.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\NsnRFwp.exe
  C:\Windows\System\NsnRFwp.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\HzoxEIz.exe
  C:\Windows\System\HzoxEIz.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\FqOqeDO.exe
  C:\Windows\System\FqOqeDO.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\GqTKfXY.exe
  C:\Windows\System\GqTKfXY.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\etNOMyu.exe
  C:\Windows\System\etNOMyu.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\JWoDZBm.exe
  C:\Windows\System\JWoDZBm.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\VovlKLn.exe
  C:\Windows\System\VovlKLn.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\HyJEtAZ.exe
  C:\Windows\System\HyJEtAZ.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\TBfpLpN.exe
  C:\Windows\System\TBfpLpN.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\wrpYtdn.exe
  C:\Windows\System\wrpYtdn.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\wplhmPK.exe
  C:\Windows\System\wplhmPK.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\LoTpMSW.exe
  C:\Windows\System\LoTpMSW.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\gmlAEzE.exe
  C:\Windows\System\gmlAEzE.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\CAMFjuO.exe
  C:\Windows\System\CAMFjuO.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\ZopDyug.exe
  C:\Windows\System\ZopDyug.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\cXEAqVU.exe
  C:\Windows\System\cXEAqVU.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\mzPksbx.exe
  C:\Windows\System\mzPksbx.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\NFViTzY.exe
  C:\Windows\System\NFViTzY.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\CFlUkmA.exe
  C:\Windows\System\CFlUkmA.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\ianUKZD.exe
  C:\Windows\System\ianUKZD.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\fOKdHGF.exe
  C:\Windows\System\fOKdHGF.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\qOGSPOv.exe
  C:\Windows\System\qOGSPOv.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\QeRITLf.exe
  C:\Windows\System\QeRITLf.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\MwJiGhq.exe
  C:\Windows\System\MwJiGhq.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\MFHvdSk.exe
  C:\Windows\System\MFHvdSk.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\CkQaEJf.exe
  C:\Windows\System\CkQaEJf.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\lZdkIUh.exe
  C:\Windows\System\lZdkIUh.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\cHipPkS.exe
  C:\Windows\System\cHipPkS.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\rBCIEkp.exe
  C:\Windows\System\rBCIEkp.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\kxMPaUP.exe
  C:\Windows\System\kxMPaUP.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\mFzgvkd.exe
  C:\Windows\System\mFzgvkd.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\XDeWdSb.exe
  C:\Windows\System\XDeWdSb.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\lTHWWYk.exe
  C:\Windows\System\lTHWWYk.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\MiWwiJf.exe
  C:\Windows\System\MiWwiJf.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\rFFXKSU.exe
  C:\Windows\System\rFFXKSU.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\wvRwsIG.exe
  C:\Windows\System\wvRwsIG.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\PBIvqAt.exe
  C:\Windows\System\PBIvqAt.exe
  2⤵
  PID:756
- C:\Windows\System\fsuwnwp.exe
  C:\Windows\System\fsuwnwp.exe
  2⤵
  PID:936
- C:\Windows\System\yqSDidJ.exe
  C:\Windows\System\yqSDidJ.exe
  2⤵
  PID:2156
- C:\Windows\System\OswJDZD.exe
  C:\Windows\System\OswJDZD.exe
  2⤵
  PID:620
- C:\Windows\System\sUoblax.exe
  C:\Windows\System\sUoblax.exe
  2⤵
  PID:2568
- C:\Windows\System\CWToEhj.exe
  C:\Windows\System\CWToEhj.exe
  2⤵
  PID:1992
- C:\Windows\System\AxaZIWJ.exe
  C:\Windows\System\AxaZIWJ.exe
  2⤵
  PID:1660
- C:\Windows\System\MiTFzxe.exe
  C:\Windows\System\MiTFzxe.exe
  2⤵
  PID:664
- C:\Windows\System\VmClLpQ.exe
  C:\Windows\System\VmClLpQ.exe
  2⤵
  PID:1508
- C:\Windows\System\pKPPquy.exe
  C:\Windows\System\pKPPquy.exe
  2⤵
  PID:900
- C:\Windows\System\KZJDxFA.exe
  C:\Windows\System\KZJDxFA.exe
  2⤵
  PID:2044
- C:\Windows\System\FmujfKQ.exe
  C:\Windows\System\FmujfKQ.exe
  2⤵
  PID:1144
- C:\Windows\System\sHmrCjU.exe
  C:\Windows\System\sHmrCjU.exe
  2⤵
  PID:1516
- C:\Windows\System\KyZpkcs.exe
  C:\Windows\System\KyZpkcs.exe
  2⤵
  PID:1784
- C:\Windows\System\lqMdwxs.exe
  C:\Windows\System\lqMdwxs.exe
  2⤵
  PID:1156
- C:\Windows\System\lxBYaWb.exe
  C:\Windows\System\lxBYaWb.exe
  2⤵
  PID:2376
- C:\Windows\System\AmgUwjQ.exe
  C:\Windows\System\AmgUwjQ.exe
  2⤵
  PID:2016
- C:\Windows\System\PKBqwBI.exe
  C:\Windows\System\PKBqwBI.exe
  2⤵
  PID:2060
- C:\Windows\System\pLpHmbv.exe
  C:\Windows\System\pLpHmbv.exe
  2⤵
  PID:2132
- C:\Windows\System\vwdXPZe.exe
  C:\Windows\System\vwdXPZe.exe
  2⤵
  PID:2252
- C:\Windows\System\UcsmNFJ.exe
  C:\Windows\System\UcsmNFJ.exe
  2⤵
  PID:2500
- C:\Windows\System\vsZWKkC.exe
  C:\Windows\System\vsZWKkC.exe
  2⤵
  PID:1696
- C:\Windows\System\BIxOaBQ.exe
  C:\Windows\System\BIxOaBQ.exe
  2⤵
  PID:2956
- C:\Windows\System\ogKcUEg.exe
  C:\Windows\System\ogKcUEg.exe
  2⤵
  PID:1588
- C:\Windows\System\ayRClhc.exe
  C:\Windows\System\ayRClhc.exe
  2⤵
  PID:2960
- C:\Windows\System\lJGgrRA.exe
  C:\Windows\System\lJGgrRA.exe
  2⤵
  PID:2636
- C:\Windows\System\VhjhcYV.exe
  C:\Windows\System\VhjhcYV.exe
  2⤵
  PID:2632
- C:\Windows\System\qPqZYut.exe
  C:\Windows\System\qPqZYut.exe
  2⤵
  PID:3064
- C:\Windows\System\GHrkXkd.exe
  C:\Windows\System\GHrkXkd.exe
  2⤵
  PID:1872
- C:\Windows\System\BCqkWgT.exe
  C:\Windows\System\BCqkWgT.exe
  2⤵
  PID:2032
- C:\Windows\System\KKALUkI.exe
  C:\Windows\System\KKALUkI.exe
  2⤵
  PID:2812
- C:\Windows\System\hCnJOrL.exe
  C:\Windows\System\hCnJOrL.exe
  2⤵
  PID:1288
- C:\Windows\System\VmyjvVy.exe
  C:\Windows\System\VmyjvVy.exe
  2⤵
  PID:2416
- C:\Windows\System\gwnUkBQ.exe
  C:\Windows\System\gwnUkBQ.exe
  2⤵
  PID:2552
- C:\Windows\System\zmSxDqn.exe
  C:\Windows\System\zmSxDqn.exe
  2⤵
  PID:1704
- C:\Windows\System\xcPVLsP.exe
  C:\Windows\System\xcPVLsP.exe
  2⤵
  PID:680
- C:\Windows\System\QYWrkkh.exe
  C:\Windows\System\QYWrkkh.exe
  2⤵
  PID:1756
- C:\Windows\System\gKhgbsn.exe
  C:\Windows\System\gKhgbsn.exe
  2⤵
  PID:2236
- C:\Windows\System\ixZjgnQ.exe
  C:\Windows\System\ixZjgnQ.exe
  2⤵
  PID:552
- C:\Windows\System\eAWTedJ.exe
  C:\Windows\System\eAWTedJ.exe
  2⤵
  PID:2672
- C:\Windows\System\AxDHGOr.exe
  C:\Windows\System\AxDHGOr.exe
  2⤵
  PID:1340
- C:\Windows\System\geupBhA.exe
  C:\Windows\System\geupBhA.exe
  2⤵
  PID:2460
- C:\Windows\System\aDPHmVz.exe
  C:\Windows\System\aDPHmVz.exe
  2⤵
  PID:2120
- C:\Windows\System\ZRjUnMh.exe
  C:\Windows\System\ZRjUnMh.exe
  2⤵
  PID:1580
- C:\Windows\System\yTTxXtE.exe
  C:\Windows\System\yTTxXtE.exe
  2⤵
  PID:264
- C:\Windows\System\YmKkdRy.exe
  C:\Windows\System\YmKkdRy.exe
  2⤵
  PID:2944
- C:\Windows\System\TiVHZMT.exe
  C:\Windows\System\TiVHZMT.exe
  2⤵
  PID:2912
- C:\Windows\System\DjOANGr.exe
  C:\Windows\System\DjOANGr.exe
  2⤵
  PID:2000
- C:\Windows\System\YaOxygA.exe
  C:\Windows\System\YaOxygA.exe
  2⤵
  PID:1360
- C:\Windows\System\FTLoRmy.exe
  C:\Windows\System\FTLoRmy.exe
  2⤵
  PID:288
- C:\Windows\System\AMtrVAC.exe
  C:\Windows\System\AMtrVAC.exe
  2⤵
  PID:1820
- C:\Windows\System\tjpFSid.exe
  C:\Windows\System\tjpFSid.exe
  2⤵
  PID:1628
- C:\Windows\System\ISzxkIL.exe
  C:\Windows\System\ISzxkIL.exe
  2⤵
  PID:604
- C:\Windows\System\PronGqN.exe
  C:\Windows\System\PronGqN.exe
  2⤵
  PID:2372
- C:\Windows\System\qZefUES.exe
  C:\Windows\System\qZefUES.exe
  2⤵
  PID:3092
- C:\Windows\System\gfUjcry.exe
  C:\Windows\System\gfUjcry.exe
  2⤵
  PID:3108
- C:\Windows\System\NgKpcPL.exe
  C:\Windows\System\NgKpcPL.exe
  2⤵
  PID:3132
- C:\Windows\System\czxlAYM.exe
  C:\Windows\System\czxlAYM.exe
  2⤵
  PID:3148
- C:\Windows\System\sYVyXQC.exe
  C:\Windows\System\sYVyXQC.exe
  2⤵
  PID:3172
- C:\Windows\System\nBqwzlf.exe
  C:\Windows\System\nBqwzlf.exe
  2⤵
  PID:3188
- C:\Windows\System\BHyUgNQ.exe
  C:\Windows\System\BHyUgNQ.exe
  2⤵
  PID:3216
- C:\Windows\System\mOUHdjM.exe
  C:\Windows\System\mOUHdjM.exe
  2⤵
  PID:3232
- C:\Windows\System\SwpaGfW.exe
  C:\Windows\System\SwpaGfW.exe
  2⤵
  PID:3252
- C:\Windows\System\kqVIdwa.exe
  C:\Windows\System\kqVIdwa.exe
  2⤵
  PID:3272
- C:\Windows\System\sZjKHLt.exe
  C:\Windows\System\sZjKHLt.exe
  2⤵
  PID:3296
- C:\Windows\System\ImokSpL.exe
  C:\Windows\System\ImokSpL.exe
  2⤵
  PID:3312
- C:\Windows\System\LQIiKBZ.exe
  C:\Windows\System\LQIiKBZ.exe
  2⤵
  PID:3336
- C:\Windows\System\kRQYHRs.exe
  C:\Windows\System\kRQYHRs.exe
  2⤵
  PID:3352
- C:\Windows\System\GyQaIkP.exe
  C:\Windows\System\GyQaIkP.exe
  2⤵
  PID:3376
- C:\Windows\System\WVqrlUl.exe
  C:\Windows\System\WVqrlUl.exe
  2⤵
  PID:3396
- C:\Windows\System\VOqfSQw.exe
  C:\Windows\System\VOqfSQw.exe
  2⤵
  PID:3416
- C:\Windows\System\uyhykKN.exe
  C:\Windows\System\uyhykKN.exe
  2⤵
  PID:3436
- C:\Windows\System\gbVNyuZ.exe
  C:\Windows\System\gbVNyuZ.exe
  2⤵
  PID:3456
- C:\Windows\System\cmOYeMj.exe
  C:\Windows\System\cmOYeMj.exe
  2⤵
  PID:3472
- C:\Windows\System\TftsXzq.exe
  C:\Windows\System\TftsXzq.exe
  2⤵
  PID:3492
- C:\Windows\System\eoNYtTy.exe
  C:\Windows\System\eoNYtTy.exe
  2⤵
  PID:3512
- C:\Windows\System\eQVkVqb.exe
  C:\Windows\System\eQVkVqb.exe
  2⤵
  PID:3536
- C:\Windows\System\YIObOYX.exe
  C:\Windows\System\YIObOYX.exe
  2⤵
  PID:3556
- C:\Windows\System\wluqzDm.exe
  C:\Windows\System\wluqzDm.exe
  2⤵
  PID:3576
- C:\Windows\System\qrpRPKN.exe
  C:\Windows\System\qrpRPKN.exe
  2⤵
  PID:3596
- C:\Windows\System\GmqXOJm.exe
  C:\Windows\System\GmqXOJm.exe
  2⤵
  PID:3616
- C:\Windows\System\QQhXCvX.exe
  C:\Windows\System\QQhXCvX.exe
  2⤵
  PID:3632
- C:\Windows\System\fyMEjFu.exe
  C:\Windows\System\fyMEjFu.exe
  2⤵
  PID:3652
- C:\Windows\System\KlSHyzw.exe
  C:\Windows\System\KlSHyzw.exe
  2⤵
  PID:3676
- C:\Windows\System\tfFgKCv.exe
  C:\Windows\System\tfFgKCv.exe
  2⤵
  PID:3696
- C:\Windows\System\xhUQrqD.exe
  C:\Windows\System\xhUQrqD.exe
  2⤵
  PID:3716
- C:\Windows\System\NlmZODf.exe
  C:\Windows\System\NlmZODf.exe
  2⤵
  PID:3736
- C:\Windows\System\WDWRlQI.exe
  C:\Windows\System\WDWRlQI.exe
  2⤵
  PID:3752
- C:\Windows\System\MSJWNqD.exe
  C:\Windows\System\MSJWNqD.exe
  2⤵
  PID:3772
- C:\Windows\System\puVDLUv.exe
  C:\Windows\System\puVDLUv.exe
  2⤵
  PID:3792
- C:\Windows\System\kzqTRLh.exe
  C:\Windows\System\kzqTRLh.exe
  2⤵
  PID:3812
- C:\Windows\System\etCejnD.exe
  C:\Windows\System\etCejnD.exe
  2⤵
  PID:3832
- C:\Windows\System\JzwJUzZ.exe
  C:\Windows\System\JzwJUzZ.exe
  2⤵
  PID:3852
- C:\Windows\System\yoYfVIC.exe
  C:\Windows\System\yoYfVIC.exe
  2⤵
  PID:3872
- C:\Windows\System\ioKDDBV.exe
  C:\Windows\System\ioKDDBV.exe
  2⤵
  PID:3892
- C:\Windows\System\xzMtMOZ.exe
  C:\Windows\System\xzMtMOZ.exe
  2⤵
  PID:3916
- C:\Windows\System\nOmHSId.exe
  C:\Windows\System\nOmHSId.exe
  2⤵
  PID:3936
- C:\Windows\System\veLXiAv.exe
  C:\Windows\System\veLXiAv.exe
  2⤵
  PID:3952
- C:\Windows\System\iwcqzwj.exe
  C:\Windows\System\iwcqzwj.exe
  2⤵
  PID:3976
- C:\Windows\System\tlwtOhP.exe
  C:\Windows\System\tlwtOhP.exe
  2⤵
  PID:3996
- C:\Windows\System\qEOXMyp.exe
  C:\Windows\System\qEOXMyp.exe
  2⤵
  PID:4016
- C:\Windows\System\uppETDh.exe
  C:\Windows\System\uppETDh.exe
  2⤵
  PID:4032
- C:\Windows\System\gklYfHc.exe
  C:\Windows\System\gklYfHc.exe
  2⤵
  PID:4056
- C:\Windows\System\qxvKrzX.exe
  C:\Windows\System\qxvKrzX.exe
  2⤵
  PID:4072
- C:\Windows\System\uzCKyWo.exe
  C:\Windows\System\uzCKyWo.exe
  2⤵
  PID:4092
- C:\Windows\System\MtlsqTf.exe
  C:\Windows\System\MtlsqTf.exe
  2⤵
  PID:1736
- C:\Windows\System\gHrNtbH.exe
  C:\Windows\System\gHrNtbH.exe
  2⤵
  PID:2712
- C:\Windows\System\atSxFbc.exe
  C:\Windows\System\atSxFbc.exe
  2⤵
  PID:1932
- C:\Windows\System\qzxBNWr.exe
  C:\Windows\System\qzxBNWr.exe
  2⤵
  PID:2988
- C:\Windows\System\qdzCLHW.exe
  C:\Windows\System\qdzCLHW.exe
  2⤵
  PID:1764
- C:\Windows\System\XkZtmSU.exe
  C:\Windows\System\XkZtmSU.exe
  2⤵
  PID:892
- C:\Windows\System\wLPybqg.exe
  C:\Windows\System\wLPybqg.exe
  2⤵
  PID:1924
- C:\Windows\System\wdfxafg.exe
  C:\Windows\System\wdfxafg.exe
  2⤵
  PID:2484
- C:\Windows\System\tgrPScO.exe
  C:\Windows\System\tgrPScO.exe
  2⤵
  PID:2292
- C:\Windows\System\ZMbmibB.exe
  C:\Windows\System\ZMbmibB.exe
  2⤵
  PID:3100
- C:\Windows\System\FkxjDoC.exe
  C:\Windows\System\FkxjDoC.exe
  2⤵
  PID:3168
- C:\Windows\System\tIOEygb.exe
  C:\Windows\System\tIOEygb.exe
  2⤵
  PID:3180
- C:\Windows\System\vstnClV.exe
  C:\Windows\System\vstnClV.exe
  2⤵
  PID:3244
- C:\Windows\System\uzPisAC.exe
  C:\Windows\System\uzPisAC.exe
  2⤵
  PID:3288
- C:\Windows\System\wnjrAce.exe
  C:\Windows\System\wnjrAce.exe
  2⤵
  PID:3260
- C:\Windows\System\fddENLo.exe
  C:\Windows\System\fddENLo.exe
  2⤵
  PID:3304
- C:\Windows\System\NSJEhuJ.exe
  C:\Windows\System\NSJEhuJ.exe
  2⤵
  PID:3368
- C:\Windows\System\vpBNKGU.exe
  C:\Windows\System\vpBNKGU.exe
  2⤵
  PID:3408
- C:\Windows\System\ykSljIh.exe
  C:\Windows\System\ykSljIh.exe
  2⤵
  PID:3452
- C:\Windows\System\SjDcdKE.exe
  C:\Windows\System\SjDcdKE.exe
  2⤵
  PID:3480
- C:\Windows\System\jJiVcmU.exe
  C:\Windows\System\jJiVcmU.exe
  2⤵
  PID:3528
- C:\Windows\System\sKBckBF.exe
  C:\Windows\System\sKBckBF.exe
  2⤵
  PID:3508
- C:\Windows\System\FFQVIGr.exe
  C:\Windows\System\FFQVIGr.exe
  2⤵
  PID:3552
- C:\Windows\System\kcpgVji.exe
  C:\Windows\System\kcpgVji.exe
  2⤵
  PID:3648
- C:\Windows\System\StYaoBW.exe
  C:\Windows\System\StYaoBW.exe
  2⤵
  PID:3588
- C:\Windows\System\MvxyKsU.exe
  C:\Windows\System\MvxyKsU.exe
  2⤵
  PID:3624
- C:\Windows\System\ilYWkvP.exe
  C:\Windows\System\ilYWkvP.exe
  2⤵
  PID:3672
- C:\Windows\System\hUCjuth.exe
  C:\Windows\System\hUCjuth.exe
  2⤵
  PID:3800
- C:\Windows\System\SywcPkP.exe
  C:\Windows\System\SywcPkP.exe
  2⤵
  PID:1700
- C:\Windows\System\aqWwCTF.exe
  C:\Windows\System\aqWwCTF.exe
  2⤵
  PID:3784
- C:\Windows\System\hssQdlI.exe
  C:\Windows\System\hssQdlI.exe
  2⤵
  PID:2788
- C:\Windows\System\eujjWAf.exe
  C:\Windows\System\eujjWAf.exe
  2⤵
  PID:2644
- C:\Windows\System\AXDbppw.exe
  C:\Windows\System\AXDbppw.exe
  2⤵
  PID:3868
- C:\Windows\System\OJWPXQv.exe
  C:\Windows\System\OJWPXQv.exe
  2⤵
  PID:3932
- C:\Windows\System\KCkUPoS.exe
  C:\Windows\System\KCkUPoS.exe
  2⤵
  PID:3968
- C:\Windows\System\GhDSCQy.exe
  C:\Windows\System\GhDSCQy.exe
  2⤵
  PID:4012
- C:\Windows\System\SdkZkpA.exe
  C:\Windows\System\SdkZkpA.exe
  2⤵
  PID:4052
- C:\Windows\System\FzNiXSC.exe
  C:\Windows\System\FzNiXSC.exe
  2⤵
  PID:4084
- C:\Windows\System\UuszyJM.exe
  C:\Windows\System\UuszyJM.exe
  2⤵
  PID:804
- C:\Windows\System\QTltoAa.exe
  C:\Windows\System\QTltoAa.exe
  2⤵
  PID:2064
- C:\Windows\System\LxwpauP.exe
  C:\Windows\System\LxwpauP.exe
  2⤵
  PID:3988
- C:\Windows\System\rGJWIdp.exe
  C:\Windows\System\rGJWIdp.exe
  2⤵
  PID:4064
- C:\Windows\System\rqAndOH.exe
  C:\Windows\System\rqAndOH.exe
  2⤵
  PID:1652
- C:\Windows\System\vQZBShV.exe
  C:\Windows\System\vQZBShV.exe
  2⤵
  PID:1504
- C:\Windows\System\HWWOyUb.exe
  C:\Windows\System\HWWOyUb.exe
  2⤵
  PID:1600
- C:\Windows\System\tdQjfBr.exe
  C:\Windows\System\tdQjfBr.exe
  2⤵
  PID:3084
- C:\Windows\System\VQdExHY.exe
  C:\Windows\System\VQdExHY.exe
  2⤵
  PID:2828
- C:\Windows\System\VVsRvMF.exe
  C:\Windows\System\VVsRvMF.exe
  2⤵
  PID:3248
- C:\Windows\System\HzdLFeG.exe
  C:\Windows\System\HzdLFeG.exe
  2⤵
  PID:3344
- C:\Windows\System\gmiIBls.exe
  C:\Windows\System\gmiIBls.exe
  2⤵
  PID:3348
- C:\Windows\System\YyujrUK.exe
  C:\Windows\System\YyujrUK.exe
  2⤵
  PID:3428
- C:\Windows\System\wnEIpBh.exe
  C:\Windows\System\wnEIpBh.exe
  2⤵
  PID:3532
- C:\Windows\System\vEutyNm.exe
  C:\Windows\System\vEutyNm.exe
  2⤵
  PID:3612
- C:\Windows\System\KJUzYjT.exe
  C:\Windows\System\KJUzYjT.exe
  2⤵
  PID:3724
- C:\Windows\System\zYQrhUM.exe
  C:\Windows\System\zYQrhUM.exe
  2⤵
  PID:3728
- C:\Windows\System\pgjLXwx.exe
  C:\Windows\System\pgjLXwx.exe
  2⤵
  PID:3708
- C:\Windows\System\IFGMfGe.exe
  C:\Windows\System\IFGMfGe.exe
  2⤵
  PID:3732
- C:\Windows\System\BDwBzoy.exe
  C:\Windows\System\BDwBzoy.exe
  2⤵
  PID:3712
- C:\Windows\System\IAeheLF.exe
  C:\Windows\System\IAeheLF.exe
  2⤵
  PID:3788
- C:\Windows\System\aVVpUaZ.exe
  C:\Windows\System\aVVpUaZ.exe
  2⤵
  PID:3924
- C:\Windows\System\nKGgvPl.exe
  C:\Windows\System\nKGgvPl.exe
  2⤵
  PID:4044
- C:\Windows\System\chdaIky.exe
  C:\Windows\System\chdaIky.exe
  2⤵
  PID:4040
- C:\Windows\System\MDBzrDu.exe
  C:\Windows\System\MDBzrDu.exe
  2⤵
  PID:2616
- C:\Windows\System\EcppzOk.exe
  C:\Windows\System\EcppzOk.exe
  2⤵
  PID:4024
- C:\Windows\System\pwPnfbm.exe
  C:\Windows\System\pwPnfbm.exe
  2⤵
  PID:3992
- C:\Windows\System\roFUHHf.exe
  C:\Windows\System\roFUHHf.exe
  2⤵
  PID:3124
- C:\Windows\System\pUJZkeM.exe
  C:\Windows\System\pUJZkeM.exe
  2⤵
  PID:1916
- C:\Windows\System\MVWamFe.exe
  C:\Windows\System\MVWamFe.exe
  2⤵
  PID:3160
- C:\Windows\System\PbAXmWU.exe
  C:\Windows\System\PbAXmWU.exe
  2⤵
  PID:3284
- C:\Windows\System\GClXkpX.exe
  C:\Windows\System\GClXkpX.exe
  2⤵
  PID:3324
- C:\Windows\System\nxjJEQF.exe
  C:\Windows\System\nxjJEQF.exe
  2⤵
  PID:3388
- C:\Windows\System\PGotXOr.exe
  C:\Windows\System\PGotXOr.exe
  2⤵
  PID:3468
- C:\Windows\System\uCQMGtu.exe
  C:\Windows\System\uCQMGtu.exe
  2⤵
  PID:3644
- C:\Windows\System\PoHAuNo.exe
  C:\Windows\System\PoHAuNo.exe
  2⤵
  PID:3544
- C:\Windows\System\cUBNNnZ.exe
  C:\Windows\System\cUBNNnZ.exe
  2⤵
  PID:3744
- C:\Windows\System\wvaFMbk.exe
  C:\Windows\System\wvaFMbk.exe
  2⤵
  PID:3908
- C:\Windows\System\qHVKHEo.exe
  C:\Windows\System\qHVKHEo.exe
  2⤵
  PID:3864
- C:\Windows\System\pAtcytv.exe
  C:\Windows\System\pAtcytv.exe
  2⤵
  PID:4028
- C:\Windows\System\yXYMLEC.exe
  C:\Windows\System\yXYMLEC.exe
  2⤵
  PID:2716
- C:\Windows\System\AFBYbvr.exe
  C:\Windows\System\AFBYbvr.exe
  2⤵
  PID:768
- C:\Windows\System\DlilSPy.exe
  C:\Windows\System\DlilSPy.exe
  2⤵
  PID:1152
- C:\Windows\System\gWTyDTu.exe
  C:\Windows\System\gWTyDTu.exe
  2⤵
  PID:2792
- C:\Windows\System\cHyybEt.exe
  C:\Windows\System\cHyybEt.exe
  2⤵
  PID:3500
- C:\Windows\System\oDaJlhM.exe
  C:\Windows\System\oDaJlhM.exe
  2⤵
  PID:3292
- C:\Windows\System\PbZfNVN.exe
  C:\Windows\System\PbZfNVN.exe
  2⤵
  PID:4112
- C:\Windows\System\UyOCLXL.exe
  C:\Windows\System\UyOCLXL.exe
  2⤵
  PID:4132
- C:\Windows\System\TURMLfY.exe
  C:\Windows\System\TURMLfY.exe
  2⤵
  PID:4156
- C:\Windows\System\CqgJJDW.exe
  C:\Windows\System\CqgJJDW.exe
  2⤵
  PID:4176
- C:\Windows\System\uguFMsd.exe
  C:\Windows\System\uguFMsd.exe
  2⤵
  PID:4196
- C:\Windows\System\OOYMpKR.exe
  C:\Windows\System\OOYMpKR.exe
  2⤵
  PID:4216
- C:\Windows\System\PMYjHJl.exe
  C:\Windows\System\PMYjHJl.exe
  2⤵
  PID:4236
- C:\Windows\System\hjKKPok.exe
  C:\Windows\System\hjKKPok.exe
  2⤵
  PID:4256
- C:\Windows\System\dDvuiIS.exe
  C:\Windows\System\dDvuiIS.exe
  2⤵
  PID:4276
- C:\Windows\System\mNfJoqc.exe
  C:\Windows\System\mNfJoqc.exe
  2⤵
  PID:4296
- C:\Windows\System\sOiMBen.exe
  C:\Windows\System\sOiMBen.exe
  2⤵
  PID:4316
- C:\Windows\System\MseSvvv.exe
  C:\Windows\System\MseSvvv.exe
  2⤵
  PID:4336
- C:\Windows\System\qsOYXtV.exe
  C:\Windows\System\qsOYXtV.exe
  2⤵
  PID:4356
- C:\Windows\System\OgVDzHl.exe
  C:\Windows\System\OgVDzHl.exe
  2⤵
  PID:4376
- C:\Windows\System\JGIIraw.exe
  C:\Windows\System\JGIIraw.exe
  2⤵
  PID:4396
- C:\Windows\System\eLiavMF.exe
  C:\Windows\System\eLiavMF.exe
  2⤵
  PID:4416
- C:\Windows\System\joRiYHb.exe
  C:\Windows\System\joRiYHb.exe
  2⤵
  PID:4436
- C:\Windows\System\CMbqQls.exe
  C:\Windows\System\CMbqQls.exe
  2⤵
  PID:4456
- C:\Windows\System\biIcJju.exe
  C:\Windows\System\biIcJju.exe
  2⤵
  PID:4476
- C:\Windows\System\YEcmkAk.exe
  C:\Windows\System\YEcmkAk.exe
  2⤵
  PID:4496
- C:\Windows\System\LYUVqVz.exe
  C:\Windows\System\LYUVqVz.exe
  2⤵
  PID:4516
- C:\Windows\System\wuFzolM.exe
  C:\Windows\System\wuFzolM.exe
  2⤵
  PID:4536
- C:\Windows\System\EBCDqFt.exe
  C:\Windows\System\EBCDqFt.exe
  2⤵
  PID:4560
- C:\Windows\System\aZyiwnL.exe
  C:\Windows\System\aZyiwnL.exe
  2⤵
  PID:4580
- C:\Windows\System\IBNbtTh.exe
  C:\Windows\System\IBNbtTh.exe
  2⤵
  PID:4600
- C:\Windows\System\AvZtONW.exe
  C:\Windows\System\AvZtONW.exe
  2⤵
  PID:4620
- C:\Windows\System\FdlADUk.exe
  C:\Windows\System\FdlADUk.exe
  2⤵
  PID:4640
- C:\Windows\System\KTQVtvF.exe
  C:\Windows\System\KTQVtvF.exe
  2⤵
  PID:4660
- C:\Windows\System\ZUoVDax.exe
  C:\Windows\System\ZUoVDax.exe
  2⤵
  PID:4680
- C:\Windows\System\RZltZJc.exe
  C:\Windows\System\RZltZJc.exe
  2⤵
  PID:4700
- C:\Windows\System\OmiowWr.exe
  C:\Windows\System\OmiowWr.exe
  2⤵
  PID:4720
- C:\Windows\System\lwWgExF.exe
  C:\Windows\System\lwWgExF.exe
  2⤵
  PID:4740
- C:\Windows\System\ablPnPB.exe
  C:\Windows\System\ablPnPB.exe
  2⤵
  PID:4760
- C:\Windows\System\EEyvleU.exe
  C:\Windows\System\EEyvleU.exe
  2⤵
  PID:4780
- C:\Windows\System\NCynGcu.exe
  C:\Windows\System\NCynGcu.exe
  2⤵
  PID:4800
- C:\Windows\System\RaITJBA.exe
  C:\Windows\System\RaITJBA.exe
  2⤵
  PID:4820
- C:\Windows\System\SRTuIac.exe
  C:\Windows\System\SRTuIac.exe
  2⤵
  PID:4840
- C:\Windows\System\OrmilXn.exe
  C:\Windows\System\OrmilXn.exe
  2⤵
  PID:4860
- C:\Windows\System\DmoNLde.exe
  C:\Windows\System\DmoNLde.exe
  2⤵
  PID:4880
- C:\Windows\System\CaCYnxh.exe
  C:\Windows\System\CaCYnxh.exe
  2⤵
  PID:4900
- C:\Windows\System\MNjHJjU.exe
  C:\Windows\System\MNjHJjU.exe
  2⤵
  PID:4920
- C:\Windows\System\ERGbuNu.exe
  C:\Windows\System\ERGbuNu.exe
  2⤵
  PID:4940
- C:\Windows\System\GluaDqh.exe
  C:\Windows\System\GluaDqh.exe
  2⤵
  PID:4960
- C:\Windows\System\BnrLMzO.exe
  C:\Windows\System\BnrLMzO.exe
  2⤵
  PID:4980
- C:\Windows\System\DUftqGy.exe
  C:\Windows\System\DUftqGy.exe
  2⤵
  PID:5000
- C:\Windows\System\LVCtQua.exe
  C:\Windows\System\LVCtQua.exe
  2⤵
  PID:5020
- C:\Windows\System\YRYVVOz.exe
  C:\Windows\System\YRYVVOz.exe
  2⤵
  PID:5040
- C:\Windows\System\njcJGTl.exe
  C:\Windows\System\njcJGTl.exe
  2⤵
  PID:5060
- C:\Windows\System\oYWkjOR.exe
  C:\Windows\System\oYWkjOR.exe
  2⤵
  PID:5080
- C:\Windows\System\cepBclR.exe
  C:\Windows\System\cepBclR.exe
  2⤵
  PID:5100
- C:\Windows\System\nzwKwxp.exe
  C:\Windows\System\nzwKwxp.exe
  2⤵
  PID:3592
- C:\Windows\System\NSBxKRU.exe
  C:\Windows\System\NSBxKRU.exe
  2⤵
  PID:3044
- C:\Windows\System\Bxcnita.exe
  C:\Windows\System\Bxcnita.exe
  2⤵
  PID:2184
- C:\Windows\System\ipinxBX.exe
  C:\Windows\System\ipinxBX.exe
  2⤵
  PID:4004
- C:\Windows\System\biZSYvm.exe
  C:\Windows\System\biZSYvm.exe
  2⤵
  PID:404
- C:\Windows\System\wSlwwEQ.exe
  C:\Windows\System\wSlwwEQ.exe
  2⤵
  PID:2696
- C:\Windows\System\EBCttTF.exe
  C:\Windows\System\EBCttTF.exe
  2⤵
  PID:3948
- C:\Windows\System\sgqilXj.exe
  C:\Windows\System\sgqilXj.exe
  2⤵
  PID:3120
- C:\Windows\System\ghQciTK.exe
  C:\Windows\System\ghQciTK.exe
  2⤵
  PID:3268
- C:\Windows\System\QMtTaoA.exe
  C:\Windows\System\QMtTaoA.exe
  2⤵
  PID:4128
- C:\Windows\System\mxKslOL.exe
  C:\Windows\System\mxKslOL.exe
  2⤵
  PID:4100
- C:\Windows\System\qDzRcHA.exe
  C:\Windows\System\qDzRcHA.exe
  2⤵
  PID:4152
- C:\Windows\System\OImahUQ.exe
  C:\Windows\System\OImahUQ.exe
  2⤵
  PID:4204
- C:\Windows\System\zYbkkiU.exe
  C:\Windows\System\zYbkkiU.exe
  2⤵
  PID:4228
- C:\Windows\System\OTndXVR.exe
  C:\Windows\System\OTndXVR.exe
  2⤵
  PID:4272
- C:\Windows\System\EVaXrKv.exe
  C:\Windows\System\EVaXrKv.exe
  2⤵
  PID:4324
- C:\Windows\System\SAYZlLo.exe
  C:\Windows\System\SAYZlLo.exe
  2⤵
  PID:4328
- C:\Windows\System\cjXPlAv.exe
  C:\Windows\System\cjXPlAv.exe
  2⤵
  PID:4348
- C:\Windows\System\KsebgKE.exe
  C:\Windows\System\KsebgKE.exe
  2⤵
  PID:4392
- C:\Windows\System\WyFnLuN.exe
  C:\Windows\System\WyFnLuN.exe
  2⤵
  PID:4452
- C:\Windows\System\DFsligQ.exe
  C:\Windows\System\DFsligQ.exe
  2⤵
  PID:4484
- C:\Windows\System\OisqLWO.exe
  C:\Windows\System\OisqLWO.exe
  2⤵
  PID:4488
- C:\Windows\System\IquXjRP.exe
  C:\Windows\System\IquXjRP.exe
  2⤵
  PID:4508
- C:\Windows\System\ByTeaxB.exe
  C:\Windows\System\ByTeaxB.exe
  2⤵
  PID:4568
- C:\Windows\System\lICNseS.exe
  C:\Windows\System\lICNseS.exe
  2⤵
  PID:4608
- C:\Windows\System\tttMmGe.exe
  C:\Windows\System\tttMmGe.exe
  2⤵
  PID:4628
- C:\Windows\System\MrrSEHP.exe
  C:\Windows\System\MrrSEHP.exe
  2⤵
  PID:4632
- C:\Windows\System\PgbNqij.exe
  C:\Windows\System\PgbNqij.exe
  2⤵
  PID:4672
- C:\Windows\System\XhPjMEc.exe
  C:\Windows\System\XhPjMEc.exe
  2⤵
  PID:4736
- C:\Windows\System\DxMHjkQ.exe
  C:\Windows\System\DxMHjkQ.exe
  2⤵
  PID:4768
- C:\Windows\System\fCjnatl.exe
  C:\Windows\System\fCjnatl.exe
  2⤵
  PID:4788
- C:\Windows\System\VfJdWlp.exe
  C:\Windows\System\VfJdWlp.exe
  2⤵
  PID:4812
- C:\Windows\System\nuzhHbd.exe
  C:\Windows\System\nuzhHbd.exe
  2⤵
  PID:4856
- C:\Windows\System\cnHElAg.exe
  C:\Windows\System\cnHElAg.exe
  2⤵
  PID:4896
- C:\Windows\System\grLPZKH.exe
  C:\Windows\System\grLPZKH.exe
  2⤵
  PID:4912
- C:\Windows\System\OTuwvmf.exe
  C:\Windows\System\OTuwvmf.exe
  2⤵
  PID:4948
- C:\Windows\System\szMCkFZ.exe
  C:\Windows\System\szMCkFZ.exe
  2⤵
  PID:4972
- C:\Windows\System\OyyqGEC.exe
  C:\Windows\System\OyyqGEC.exe
  2⤵
  PID:5012
- C:\Windows\System\oSEIaXB.exe
  C:\Windows\System\oSEIaXB.exe
  2⤵
  PID:5036
- C:\Windows\System\FMjrJoP.exe
  C:\Windows\System\FMjrJoP.exe
  2⤵
  PID:5092
- C:\Windows\System\rXEytoU.exe
  C:\Windows\System\rXEytoU.exe
  2⤵
  PID:5112
- C:\Windows\System\VTcMlPc.exe
  C:\Windows\System\VTcMlPc.exe
  2⤵
  PID:2072
- C:\Windows\System\RfsZYhs.exe
  C:\Windows\System\RfsZYhs.exe
  2⤵
  PID:3964
- C:\Windows\System\DdWNfkQ.exe
  C:\Windows\System\DdWNfkQ.exe
  2⤵
  PID:3972
- C:\Windows\System\XYyVytX.exe
  C:\Windows\System\XYyVytX.exe
  2⤵
  PID:2800
- C:\Windows\System\mhrebYZ.exe
  C:\Windows\System\mhrebYZ.exe
  2⤵
  PID:4120
- C:\Windows\System\JljRhVe.exe
  C:\Windows\System\JljRhVe.exe
  2⤵
  PID:4104
- C:\Windows\System\pyNqnBf.exe
  C:\Windows\System\pyNqnBf.exe
  2⤵
  PID:4224
- C:\Windows\System\FIKgBXh.exe
  C:\Windows\System\FIKgBXh.exe
  2⤵
  PID:4292
- C:\Windows\System\NZNucmk.exe
  C:\Windows\System\NZNucmk.exe
  2⤵
  PID:4268
- C:\Windows\System\lhjyPZr.exe
  C:\Windows\System\lhjyPZr.exe
  2⤵
  PID:4312
- C:\Windows\System\xfSMPkv.exe
  C:\Windows\System\xfSMPkv.exe
  2⤵
  PID:4384
- C:\Windows\System\pSywdQY.exe
  C:\Windows\System\pSywdQY.exe
  2⤵
  PID:4432
- C:\Windows\System\MUONsym.exe
  C:\Windows\System\MUONsym.exe
  2⤵
  PID:4428
- C:\Windows\System\oQwyYIA.exe
  C:\Windows\System\oQwyYIA.exe
  2⤵
  PID:4544
- C:\Windows\System\OMzbsft.exe
  C:\Windows\System\OMzbsft.exe
  2⤵
  PID:4588
- C:\Windows\System\aAeSSHt.exe
  C:\Windows\System\aAeSSHt.exe
  2⤵
  PID:4676
- C:\Windows\System\CdCJPlN.exe
  C:\Windows\System\CdCJPlN.exe
  2⤵
  PID:4712
- C:\Windows\System\mAibhzl.exe
  C:\Windows\System\mAibhzl.exe
  2⤵
  PID:4796
- C:\Windows\System\NTEEwLS.exe
  C:\Windows\System\NTEEwLS.exe
  2⤵
  PID:4816
- C:\Windows\System\WpQYSTw.exe
  C:\Windows\System\WpQYSTw.exe
  2⤵
  PID:4868
- C:\Windows\System\zFNNlXY.exe
  C:\Windows\System\zFNNlXY.exe
  2⤵
  PID:4928
- C:\Windows\System\rPEVJib.exe
  C:\Windows\System\rPEVJib.exe
  2⤵
  PID:4952
- C:\Windows\System\ZxWeVZg.exe
  C:\Windows\System\ZxWeVZg.exe
  2⤵
  PID:5048
- C:\Windows\System\MBYlsNq.exe
  C:\Windows\System\MBYlsNq.exe
  2⤵
  PID:5096
- C:\Windows\System\qkyUxys.exe
  C:\Windows\System\qkyUxys.exe
  2⤵
  PID:5108
- C:\Windows\System\gsisAkq.exe
  C:\Windows\System\gsisAkq.exe
  2⤵
  PID:2200
- C:\Windows\System\maGnEkS.exe
  C:\Windows\System\maGnEkS.exe
  2⤵
  PID:4080
- C:\Windows\System\sLxvdPd.exe
  C:\Windows\System\sLxvdPd.exe
  2⤵
  PID:4148
- C:\Windows\System\piGMDsI.exe
  C:\Windows\System\piGMDsI.exe
  2⤵
  PID:4184
- C:\Windows\System\OCLAIkA.exe
  C:\Windows\System\OCLAIkA.exe
  2⤵
  PID:4248
- C:\Windows\System\FCELxFR.exe
  C:\Windows\System\FCELxFR.exe
  2⤵
  PID:4408
- C:\Windows\System\ofxYbMm.exe
  C:\Windows\System\ofxYbMm.exe
  2⤵
  PID:1864
- C:\Windows\System\jGZiSSb.exe
  C:\Windows\System\jGZiSSb.exe
  2⤵
  PID:4576
- C:\Windows\System\eWHQgBd.exe
  C:\Windows\System\eWHQgBd.exe
  2⤵
  PID:4688
- C:\Windows\System\MxlZBRy.exe
  C:\Windows\System\MxlZBRy.exe
  2⤵
  PID:4716
- C:\Windows\System\nUPXgFk.exe
  C:\Windows\System\nUPXgFk.exe
  2⤵
  PID:5136
- C:\Windows\System\vemJauQ.exe
  C:\Windows\System\vemJauQ.exe
  2⤵
  PID:5156
- C:\Windows\System\omaruif.exe
  C:\Windows\System\omaruif.exe
  2⤵
  PID:5176
- C:\Windows\System\nWiUgyB.exe
  C:\Windows\System\nWiUgyB.exe
  2⤵
  PID:5196
- C:\Windows\System\GBdfelJ.exe
  C:\Windows\System\GBdfelJ.exe
  2⤵
  PID:5216
- C:\Windows\System\GqTkXOH.exe
  C:\Windows\System\GqTkXOH.exe
  2⤵
  PID:5236
- C:\Windows\System\ooMZEWL.exe
  C:\Windows\System\ooMZEWL.exe
  2⤵
  PID:5260
- C:\Windows\System\jaUoVFp.exe
  C:\Windows\System\jaUoVFp.exe
  2⤵
  PID:5280
- C:\Windows\System\rJsKbbG.exe
  C:\Windows\System\rJsKbbG.exe
  2⤵
  PID:5300
- C:\Windows\System\gOEfeTw.exe
  C:\Windows\System\gOEfeTw.exe
  2⤵
  PID:5320
- C:\Windows\System\NHpUMqu.exe
  C:\Windows\System\NHpUMqu.exe
  2⤵
  PID:5340
- C:\Windows\System\vqwSVCJ.exe
  C:\Windows\System\vqwSVCJ.exe
  2⤵
  PID:5360
- C:\Windows\System\YfIcLVN.exe
  C:\Windows\System\YfIcLVN.exe
  2⤵
  PID:5380
- C:\Windows\System\osEltCr.exe
  C:\Windows\System\osEltCr.exe
  2⤵
  PID:5400
- C:\Windows\System\clWmIfk.exe
  C:\Windows\System\clWmIfk.exe
  2⤵
  PID:5420
- C:\Windows\System\hUntsmN.exe
  C:\Windows\System\hUntsmN.exe
  2⤵
  PID:5440
- C:\Windows\System\FieeOLq.exe
  C:\Windows\System\FieeOLq.exe
  2⤵
  PID:5460
- C:\Windows\System\mkgvyxj.exe
  C:\Windows\System\mkgvyxj.exe
  2⤵
  PID:5480
- C:\Windows\System\CboXsXA.exe
  C:\Windows\System\CboXsXA.exe
  2⤵
  PID:5500
- C:\Windows\System\wWcgNWr.exe
  C:\Windows\System\wWcgNWr.exe
  2⤵
  PID:5520
- C:\Windows\System\tfjJHGc.exe
  C:\Windows\System\tfjJHGc.exe
  2⤵
  PID:5540
- C:\Windows\System\PVWkuQb.exe
  C:\Windows\System\PVWkuQb.exe
  2⤵
  PID:5560
- C:\Windows\System\umcSfiz.exe
  C:\Windows\System\umcSfiz.exe
  2⤵
  PID:5580
- C:\Windows\System\FRiohPz.exe
  C:\Windows\System\FRiohPz.exe
  2⤵
  PID:5600
- C:\Windows\System\bfzNnhX.exe
  C:\Windows\System\bfzNnhX.exe
  2⤵
  PID:5620
- C:\Windows\System\ENsPzMc.exe
  C:\Windows\System\ENsPzMc.exe
  2⤵
  PID:5640
- C:\Windows\System\XGPNfMG.exe
  C:\Windows\System\XGPNfMG.exe
  2⤵
  PID:5660
- C:\Windows\System\OXRcmRe.exe
  C:\Windows\System\OXRcmRe.exe
  2⤵
  PID:5680
- C:\Windows\System\NFgyKuU.exe
  C:\Windows\System\NFgyKuU.exe
  2⤵
  PID:5700
- C:\Windows\System\ECQSCrU.exe
  C:\Windows\System\ECQSCrU.exe
  2⤵
  PID:5720
- C:\Windows\System\iCPuwWE.exe
  C:\Windows\System\iCPuwWE.exe
  2⤵
  PID:5740
- C:\Windows\System\GNSddJc.exe
  C:\Windows\System\GNSddJc.exe
  2⤵
  PID:5760
- C:\Windows\System\XpjBSEM.exe
  C:\Windows\System\XpjBSEM.exe
  2⤵
  PID:5780
- C:\Windows\System\hPNqkxV.exe
  C:\Windows\System\hPNqkxV.exe
  2⤵
  PID:5800
- C:\Windows\System\btSuxkl.exe
  C:\Windows\System\btSuxkl.exe
  2⤵
  PID:5820
- C:\Windows\System\GTTRTZE.exe
  C:\Windows\System\GTTRTZE.exe
  2⤵
  PID:5840
- C:\Windows\System\uzsLIUo.exe
  C:\Windows\System\uzsLIUo.exe
  2⤵
  PID:5860
- C:\Windows\System\TcTAFQf.exe
  C:\Windows\System\TcTAFQf.exe
  2⤵
  PID:5880
- C:\Windows\System\iNAgOmP.exe
  C:\Windows\System\iNAgOmP.exe
  2⤵
  PID:5900
- C:\Windows\System\wwgMIQP.exe
  C:\Windows\System\wwgMIQP.exe
  2⤵
  PID:5920
- C:\Windows\System\VxNikEJ.exe
  C:\Windows\System\VxNikEJ.exe
  2⤵
  PID:5940
- C:\Windows\System\WCzMlia.exe
  C:\Windows\System\WCzMlia.exe
  2⤵
  PID:5960
- C:\Windows\System\XktcceC.exe
  C:\Windows\System\XktcceC.exe
  2⤵
  PID:5980
- C:\Windows\System\AtzjgON.exe
  C:\Windows\System\AtzjgON.exe
  2⤵
  PID:6000
- C:\Windows\System\rLzwrHA.exe
  C:\Windows\System\rLzwrHA.exe
  2⤵
  PID:6020
- C:\Windows\System\tmZewjv.exe
  C:\Windows\System\tmZewjv.exe
  2⤵
  PID:6040
- C:\Windows\System\mxSMXrQ.exe
  C:\Windows\System\mxSMXrQ.exe
  2⤵
  PID:6060
- C:\Windows\System\vyxYUfn.exe
  C:\Windows\System\vyxYUfn.exe
  2⤵
  PID:6080
- C:\Windows\System\nIjrxxA.exe
  C:\Windows\System\nIjrxxA.exe
  2⤵
  PID:6100
- C:\Windows\System\QUYfQeD.exe
  C:\Windows\System\QUYfQeD.exe
  2⤵
  PID:6124
- C:\Windows\System\yVJJjbU.exe
  C:\Windows\System\yVJJjbU.exe
  2⤵
  PID:4772
- C:\Windows\System\muCrnGe.exe
  C:\Windows\System\muCrnGe.exe
  2⤵
  PID:4828
- C:\Windows\System\GtZdazb.exe
  C:\Windows\System\GtZdazb.exe
  2⤵
  PID:4908
- C:\Windows\System\jVsSxnh.exe
  C:\Windows\System\jVsSxnh.exe
  2⤵
  PID:4932
- C:\Windows\System\hENiFJO.exe
  C:\Windows\System\hENiFJO.exe
  2⤵
  PID:5068
- C:\Windows\System\EkxuSyN.exe
  C:\Windows\System\EkxuSyN.exe
  2⤵
  PID:3848
- C:\Windows\System\tTtoDYy.exe
  C:\Windows\System\tTtoDYy.exe
  2⤵
  PID:3384
- C:\Windows\System\rTMeqPV.exe
  C:\Windows\System\rTMeqPV.exe
  2⤵
  PID:4108
- C:\Windows\System\buoTUAJ.exe
  C:\Windows\System\buoTUAJ.exe
  2⤵
  PID:4304
- C:\Windows\System\STyQXAh.exe
  C:\Windows\System\STyQXAh.exe
  2⤵
  PID:3036
- C:\Windows\System\JBZWAUK.exe
  C:\Windows\System\JBZWAUK.exe
  2⤵
  PID:4708
- C:\Windows\System\pSBALhd.exe
  C:\Windows\System\pSBALhd.exe
  2⤵
  PID:5144
- C:\Windows\System\srLKNxK.exe
  C:\Windows\System\srLKNxK.exe
  2⤵
  PID:5164
- C:\Windows\System\MItTsCI.exe
  C:\Windows\System\MItTsCI.exe
  2⤵
  PID:5188
- C:\Windows\System\GCjLMLv.exe
  C:\Windows\System\GCjLMLv.exe
  2⤵
  PID:5208
- C:\Windows\System\FgvgDtg.exe
  C:\Windows\System\FgvgDtg.exe
  2⤵
  PID:5248
- C:\Windows\System\pcVwWTP.exe
  C:\Windows\System\pcVwWTP.exe
  2⤵
  PID:5288
- C:\Windows\System\VmbtiCZ.exe
  C:\Windows\System\VmbtiCZ.exe
  2⤵
  PID:5328
- C:\Windows\System\LLQCzWu.exe
  C:\Windows\System\LLQCzWu.exe
  2⤵
  PID:5336
- C:\Windows\System\aEScSgd.exe
  C:\Windows\System\aEScSgd.exe
  2⤵
  PID:5388
- C:\Windows\System\HhBmKBK.exe
  C:\Windows\System\HhBmKBK.exe
  2⤵
  PID:5428
- C:\Windows\System\cPZrJSl.exe
  C:\Windows\System\cPZrJSl.exe
  2⤵
  PID:5448
- C:\Windows\System\lXkuZHC.exe
  C:\Windows\System\lXkuZHC.exe
  2⤵
  PID:5472
- C:\Windows\System\TriHFSD.exe
  C:\Windows\System\TriHFSD.exe
  2⤵
  PID:5496
- C:\Windows\System\VvMYrkQ.exe
  C:\Windows\System\VvMYrkQ.exe
  2⤵
  PID:5548
- C:\Windows\System\FdxuGDi.exe
  C:\Windows\System\FdxuGDi.exe
  2⤵
  PID:5588
- C:\Windows\System\vPdNIeI.exe
  C:\Windows\System\vPdNIeI.exe
  2⤵
  PID:5608
- C:\Windows\System\fujPSra.exe
  C:\Windows\System\fujPSra.exe
  2⤵
  PID:5612
- C:\Windows\System\oFgbsHe.exe
  C:\Windows\System\oFgbsHe.exe
  2⤵
  PID:5652
- C:\Windows\System\sJkShWb.exe
  C:\Windows\System\sJkShWb.exe
  2⤵
  PID:5688
- C:\Windows\System\BCedWLG.exe
  C:\Windows\System\BCedWLG.exe
  2⤵
  PID:5728
- C:\Windows\System\KHabAmP.exe
  C:\Windows\System\KHabAmP.exe
  2⤵
  PID:5768
- C:\Windows\System\gGmHLHC.exe
  C:\Windows\System\gGmHLHC.exe
  2⤵
  PID:5792
- C:\Windows\System\eKqjlLU.exe
  C:\Windows\System\eKqjlLU.exe
  2⤵
  PID:5832
- C:\Windows\System\MpiOXEz.exe
  C:\Windows\System\MpiOXEz.exe
  2⤵
  PID:5856
- C:\Windows\System\ZBGdKev.exe
  C:\Windows\System\ZBGdKev.exe
  2⤵
  PID:5908
- C:\Windows\System\NKHfYUn.exe
  C:\Windows\System\NKHfYUn.exe
  2⤵
  PID:5936
- C:\Windows\System\lbEdeGi.exe
  C:\Windows\System\lbEdeGi.exe
  2⤵
  PID:5968
- C:\Windows\System\tqlXLOk.exe
  C:\Windows\System\tqlXLOk.exe
  2⤵
  PID:5992
- C:\Windows\System\awIyUaH.exe
  C:\Windows\System\awIyUaH.exe
  2⤵
  PID:6012
- C:\Windows\System\VpKVuND.exe
  C:\Windows\System\VpKVuND.exe
  2⤵
  PID:6056
- C:\Windows\System\vmfJgqH.exe
  C:\Windows\System\vmfJgqH.exe
  2⤵
  PID:6096
- C:\Windows\System\VoDXbDw.exe
  C:\Windows\System\VoDXbDw.exe
  2⤵
  PID:6136
- C:\Windows\System\lzQkMvG.exe
  C:\Windows\System\lzQkMvG.exe
  2⤵
  PID:4832
- C:\Windows\System\cJItHur.exe
  C:\Windows\System\cJItHur.exe
  2⤵
  PID:5008
- C:\Windows\System\bmrcSVg.exe
  C:\Windows\System\bmrcSVg.exe
  2⤵
  PID:3484
- C:\Windows\System\XFTEuAc.exe
  C:\Windows\System\XFTEuAc.exe
  2⤵
  PID:4168
- C:\Windows\System\BiVLllh.exe
  C:\Windows\System\BiVLllh.exe
  2⤵
  PID:3212
- C:\Windows\System\AQFHWHe.exe
  C:\Windows\System\AQFHWHe.exe
  2⤵
  PID:4596
- C:\Windows\System\eOOgEFn.exe
  C:\Windows\System\eOOgEFn.exe
  2⤵
  PID:5128
- C:\Windows\System\ovZQmcX.exe
  C:\Windows\System\ovZQmcX.exe
  2⤵
  PID:5172
- C:\Windows\System\NdojSqk.exe
  C:\Windows\System\NdojSqk.exe
  2⤵
  PID:5224
- C:\Windows\System\zfbDAOq.exe
  C:\Windows\System\zfbDAOq.exe
  2⤵
  PID:5308
- C:\Windows\System\UBsBALo.exe
  C:\Windows\System\UBsBALo.exe
  2⤵
  PID:5356
- C:\Windows\System\lnvJdMI.exe
  C:\Windows\System\lnvJdMI.exe
  2⤵
  PID:5432
- C:\Windows\System\qVqMdhH.exe
  C:\Windows\System\qVqMdhH.exe
  2⤵
  PID:5468
- C:\Windows\System\RoeSZkD.exe
  C:\Windows\System\RoeSZkD.exe
  2⤵
  PID:5512
- C:\Windows\System\xNUPttU.exe
  C:\Windows\System\xNUPttU.exe
  2⤵
  PID:5536
- C:\Windows\System\YDKXMaf.exe
  C:\Windows\System\YDKXMaf.exe
  2⤵
  PID:5572
- C:\Windows\System\ThQnBir.exe
  C:\Windows\System\ThQnBir.exe
  2⤵
  PID:5668
- C:\Windows\System\rrQesas.exe
  C:\Windows\System\rrQesas.exe
  2⤵
  PID:5748
- C:\Windows\System\fJkqOav.exe
  C:\Windows\System\fJkqOav.exe
  2⤵
  PID:5816
- C:\Windows\System\DFbBlLJ.exe
  C:\Windows\System\DFbBlLJ.exe
  2⤵
  PID:5828
- C:\Windows\System\CopDmwO.exe
  C:\Windows\System\CopDmwO.exe
  2⤵
  PID:5868
- C:\Windows\System\jWLRjVy.exe
  C:\Windows\System\jWLRjVy.exe
  2⤵
  PID:5912
- C:\Windows\System\pezYisd.exe
  C:\Windows\System\pezYisd.exe
  2⤵
  PID:6016
- C:\Windows\System\NoNbkgA.exe
  C:\Windows\System\NoNbkgA.exe
  2⤵
  PID:6048
- C:\Windows\System\SVhVPZJ.exe
  C:\Windows\System\SVhVPZJ.exe
  2⤵
  PID:6108
- C:\Windows\System\mBzlqJL.exe
  C:\Windows\System\mBzlqJL.exe
  2⤵
  PID:4876
- C:\Windows\System\Dyimmqx.exe
  C:\Windows\System\Dyimmqx.exe
  2⤵
  PID:2952
- C:\Windows\System\FFmoJNN.exe
  C:\Windows\System\FFmoJNN.exe
  2⤵
  PID:3692
- C:\Windows\System\OcJWsEi.exe
  C:\Windows\System\OcJWsEi.exe
  2⤵
  PID:4444
- C:\Windows\System\yohlFeA.exe
  C:\Windows\System\yohlFeA.exe
  2⤵
  PID:5124
- C:\Windows\System\VjHBFjv.exe
  C:\Windows\System\VjHBFjv.exe
  2⤵
  PID:5168
- C:\Windows\System\bsjyPez.exe
  C:\Windows\System\bsjyPez.exe
  2⤵
  PID:5292
- C:\Windows\System\SBlmyoQ.exe
  C:\Windows\System\SBlmyoQ.exe
  2⤵
  PID:5372
- C:\Windows\System\mNdKGMk.exe
  C:\Windows\System\mNdKGMk.exe
  2⤵
  PID:5392
- C:\Windows\System\RDLqCty.exe
  C:\Windows\System\RDLqCty.exe
  2⤵
  PID:5552
- C:\Windows\System\lDwipJM.exe
  C:\Windows\System\lDwipJM.exe
  2⤵
  PID:2756
- C:\Windows\System\HDzAnyw.exe
  C:\Windows\System\HDzAnyw.exe
  2⤵
  PID:5716
- C:\Windows\System\eYwNvJZ.exe
  C:\Windows\System\eYwNvJZ.exe
  2⤵
  PID:5836
- C:\Windows\System\bMEChjf.exe
  C:\Windows\System\bMEChjf.exe
  2⤵
  PID:5876
- C:\Windows\System\WlWMaBs.exe
  C:\Windows\System\WlWMaBs.exe
  2⤵
  PID:5952
- C:\Windows\System\BEJMhvl.exe
  C:\Windows\System\BEJMhvl.exe
  2⤵
  PID:6036
- C:\Windows\System\LrTsfKe.exe
  C:\Windows\System\LrTsfKe.exe
  2⤵
  PID:4808
- C:\Windows\System\HNlPFKG.exe
  C:\Windows\System\HNlPFKG.exe
  2⤵
  PID:2036
- C:\Windows\System\WURWYzD.exe
  C:\Windows\System\WURWYzD.exe
  2⤵
  PID:4528
- C:\Windows\System\XQTwKcC.exe
  C:\Windows\System\XQTwKcC.exe
  2⤵
  PID:6156
- C:\Windows\System\duDsGHE.exe
  C:\Windows\System\duDsGHE.exe
  2⤵
  PID:6176
- C:\Windows\System\dmSqjMm.exe
  C:\Windows\System\dmSqjMm.exe
  2⤵
  PID:6200
- C:\Windows\System\HvLXNmM.exe
  C:\Windows\System\HvLXNmM.exe
  2⤵
  PID:6220
- C:\Windows\System\BauMQwL.exe
  C:\Windows\System\BauMQwL.exe
  2⤵
  PID:6240
- C:\Windows\System\yJbyqNz.exe
  C:\Windows\System\yJbyqNz.exe
  2⤵
  PID:6260
- C:\Windows\System\tusVlIl.exe
  C:\Windows\System\tusVlIl.exe
  2⤵
  PID:6280
- C:\Windows\System\lRWkWkg.exe
  C:\Windows\System\lRWkWkg.exe
  2⤵
  PID:6300
- C:\Windows\System\OveWVpK.exe
  C:\Windows\System\OveWVpK.exe
  2⤵
  PID:6320
- C:\Windows\System\tAkLQLt.exe
  C:\Windows\System\tAkLQLt.exe
  2⤵
  PID:6340
- C:\Windows\System\HlxVvVC.exe
  C:\Windows\System\HlxVvVC.exe
  2⤵
  PID:6360
- C:\Windows\System\HDrBvEu.exe
  C:\Windows\System\HDrBvEu.exe
  2⤵
  PID:6380
- C:\Windows\System\OEhxqsm.exe
  C:\Windows\System\OEhxqsm.exe
  2⤵
  PID:6400
- C:\Windows\System\RvEhoRY.exe
  C:\Windows\System\RvEhoRY.exe
  2⤵
  PID:6420
- C:\Windows\System\yuAYWrq.exe
  C:\Windows\System\yuAYWrq.exe
  2⤵
  PID:6440
- C:\Windows\System\rgrFhAK.exe
  C:\Windows\System\rgrFhAK.exe
  2⤵
  PID:6460
- C:\Windows\System\yLyWTOt.exe
  C:\Windows\System\yLyWTOt.exe
  2⤵
  PID:6480
- C:\Windows\System\TfRdSzt.exe
  C:\Windows\System\TfRdSzt.exe
  2⤵
  PID:6500
- C:\Windows\System\azcdzwu.exe
  C:\Windows\System\azcdzwu.exe
  2⤵
  PID:6520
- C:\Windows\System\RLURSbl.exe
  C:\Windows\System\RLURSbl.exe
  2⤵
  PID:6540
- C:\Windows\System\KPAmnFX.exe
  C:\Windows\System\KPAmnFX.exe
  2⤵
  PID:6560
- C:\Windows\System\fRjtZJr.exe
  C:\Windows\System\fRjtZJr.exe
  2⤵
  PID:6580
- C:\Windows\System\oAeYtIl.exe
  C:\Windows\System\oAeYtIl.exe
  2⤵
  PID:6600
- C:\Windows\System\tngAsZO.exe
  C:\Windows\System\tngAsZO.exe
  2⤵
  PID:6620
- C:\Windows\System\KtcCVgK.exe
  C:\Windows\System\KtcCVgK.exe
  2⤵
  PID:6640
- C:\Windows\System\cVcczrd.exe
  C:\Windows\System\cVcczrd.exe
  2⤵
  PID:6660
- C:\Windows\System\VwsidaZ.exe
  C:\Windows\System\VwsidaZ.exe
  2⤵
  PID:6680
- C:\Windows\System\rjvyvzj.exe
  C:\Windows\System\rjvyvzj.exe
  2⤵
  PID:6700
- C:\Windows\System\WVmtsyD.exe
  C:\Windows\System\WVmtsyD.exe
  2⤵
  PID:6720
- C:\Windows\System\WdBARpt.exe
  C:\Windows\System\WdBARpt.exe
  2⤵
  PID:6740
- C:\Windows\System\uzTFvsg.exe
  C:\Windows\System\uzTFvsg.exe
  2⤵
  PID:6760
- C:\Windows\System\YXdrmJh.exe
  C:\Windows\System\YXdrmJh.exe
  2⤵
  PID:6780
- C:\Windows\System\fpkGcuw.exe
  C:\Windows\System\fpkGcuw.exe
  2⤵
  PID:6800
- C:\Windows\System\yejcrLe.exe
  C:\Windows\System\yejcrLe.exe
  2⤵
  PID:6820
- C:\Windows\System\VgFDwhN.exe
  C:\Windows\System\VgFDwhN.exe
  2⤵
  PID:6840
- C:\Windows\System\nobFcnr.exe
  C:\Windows\System\nobFcnr.exe
  2⤵
  PID:6860
- C:\Windows\System\lGAUjhF.exe
  C:\Windows\System\lGAUjhF.exe
  2⤵
  PID:6880
- C:\Windows\System\ChFuIjk.exe
  C:\Windows\System\ChFuIjk.exe
  2⤵
  PID:6900
- C:\Windows\System\oRpWQnT.exe
  C:\Windows\System\oRpWQnT.exe
  2⤵
  PID:6920
- C:\Windows\System\yhTkKJM.exe
  C:\Windows\System\yhTkKJM.exe
  2⤵
  PID:6940
- C:\Windows\System\WlkMCIK.exe
  C:\Windows\System\WlkMCIK.exe
  2⤵
  PID:6960
- C:\Windows\System\MdJRUDP.exe
  C:\Windows\System\MdJRUDP.exe
  2⤵
  PID:6980
- C:\Windows\System\MpgsiKn.exe
  C:\Windows\System\MpgsiKn.exe
  2⤵
  PID:7000
- C:\Windows\System\eRrTYrC.exe
  C:\Windows\System\eRrTYrC.exe
  2⤵
  PID:7020
- C:\Windows\System\NbXeejW.exe
  C:\Windows\System\NbXeejW.exe
  2⤵
  PID:7044
- C:\Windows\System\pSLuqTj.exe
  C:\Windows\System\pSLuqTj.exe
  2⤵
  PID:7064
- C:\Windows\System\GGtjiRN.exe
  C:\Windows\System\GGtjiRN.exe
  2⤵
  PID:7084
- C:\Windows\System\bSKcRrH.exe
  C:\Windows\System\bSKcRrH.exe
  2⤵
  PID:7104
- C:\Windows\System\iJQTRYK.exe
  C:\Windows\System\iJQTRYK.exe
  2⤵
  PID:7124
- C:\Windows\System\VdOyYwh.exe
  C:\Windows\System\VdOyYwh.exe
  2⤵
  PID:7144
- C:\Windows\System\AVWWAHs.exe
  C:\Windows\System\AVWWAHs.exe
  2⤵
  PID:7164
- C:\Windows\System\PkzMGzf.exe
  C:\Windows\System\PkzMGzf.exe
  2⤵
  PID:3056
- C:\Windows\System\uKVIWba.exe
  C:\Windows\System\uKVIWba.exe
  2⤵
  PID:5412
- C:\Windows\System\WvRDamt.exe
  C:\Windows\System\WvRDamt.exe
  2⤵
  PID:5636
- C:\Windows\System\gfsfoXs.exe
  C:\Windows\System\gfsfoXs.exe
  2⤵
  PID:5648
- C:\Windows\System\bWxtnwb.exe
  C:\Windows\System\bWxtnwb.exe
  2⤵
  PID:5896
- C:\Windows\System\PfwpDqN.exe
  C:\Windows\System\PfwpDqN.exe
  2⤵
  PID:6068
- C:\Windows\System\trjBSPt.exe
  C:\Windows\System\trjBSPt.exe
  2⤵
  PID:2984
- C:\Windows\System\rScKdsv.exe
  C:\Windows\System\rScKdsv.exe
  2⤵
  PID:5212
- C:\Windows\System\OLdLsPF.exe
  C:\Windows\System\OLdLsPF.exe
  2⤵
  PID:4372
- C:\Windows\System\QflsuqL.exe
  C:\Windows\System\QflsuqL.exe
  2⤵
  PID:6188
- C:\Windows\System\INEDIGZ.exe
  C:\Windows\System\INEDIGZ.exe
  2⤵
  PID:6228
- C:\Windows\System\fniVDRa.exe
  C:\Windows\System\fniVDRa.exe
  2⤵
  PID:2088
- C:\Windows\System\jwxSMZr.exe
  C:\Windows\System\jwxSMZr.exe
  2⤵
  PID:6272
- C:\Windows\System\ViqOXpw.exe
  C:\Windows\System\ViqOXpw.exe
  2⤵
  PID:6316
- C:\Windows\System\IXibjSF.exe
  C:\Windows\System\IXibjSF.exe
  2⤵
  PID:6332
- C:\Windows\System\xyXJaHk.exe
  C:\Windows\System\xyXJaHk.exe
  2⤵
  PID:6376
- C:\Windows\System\lEkvMBP.exe
  C:\Windows\System\lEkvMBP.exe
  2⤵
  PID:6416
- C:\Windows\System\adJozyq.exe
  C:\Windows\System\adJozyq.exe
  2⤵
  PID:6448
- C:\Windows\System\FJxbcRR.exe
  C:\Windows\System\FJxbcRR.exe
  2⤵
  PID:6472
- C:\Windows\System\GZeZcpc.exe
  C:\Windows\System\GZeZcpc.exe
  2⤵
  PID:6516
- C:\Windows\System\nyKmXNl.exe
  C:\Windows\System\nyKmXNl.exe
  2⤵
  PID:6536
- C:\Windows\System\gIMqNmC.exe
  C:\Windows\System\gIMqNmC.exe
  2⤵
  PID:6588
- C:\Windows\System\hwKutfn.exe
  C:\Windows\System\hwKutfn.exe
  2⤵
  PID:6616
- C:\Windows\System\UvETScz.exe
  C:\Windows\System\UvETScz.exe
  2⤵
  PID:6648
- C:\Windows\System\AuGBdyO.exe
  C:\Windows\System\AuGBdyO.exe
  2⤵
  PID:6672
- C:\Windows\System\PaVVbqi.exe
  C:\Windows\System\PaVVbqi.exe
  2⤵
  PID:6716
- C:\Windows\System\eFvJnpw.exe
  C:\Windows\System\eFvJnpw.exe
  2⤵
  PID:6748
- C:\Windows\System\wlCMWwt.exe
  C:\Windows\System\wlCMWwt.exe
  2⤵
  PID:1032
- C:\Windows\System\rcKXDGL.exe
  C:\Windows\System\rcKXDGL.exe
  2⤵
  PID:6808
- C:\Windows\System\vTSIRpQ.exe
  C:\Windows\System\vTSIRpQ.exe
  2⤵
  PID:6832
- C:\Windows\System\zHFAzZt.exe
  C:\Windows\System\zHFAzZt.exe
  2⤵
  PID:6852
- C:\Windows\System\UuHeXGA.exe
  C:\Windows\System\UuHeXGA.exe
  2⤵
  PID:6892
- C:\Windows\System\DfrmIhh.exe
  C:\Windows\System\DfrmIhh.exe
  2⤵
  PID:6936
- C:\Windows\System\uaoIjDi.exe
  C:\Windows\System\uaoIjDi.exe
  2⤵
  PID:3548
- C:\Windows\System\raUrvOL.exe
  C:\Windows\System\raUrvOL.exe
  2⤵
  PID:6992
- C:\Windows\System\TCMOhup.exe
  C:\Windows\System\TCMOhup.exe
  2⤵
  PID:7012
- C:\Windows\System\XglanaO.exe
  C:\Windows\System\XglanaO.exe
  2⤵
  PID:7056
- C:\Windows\System\oRRqAti.exe
  C:\Windows\System\oRRqAti.exe
  2⤵
  PID:7112
- C:\Windows\System\TtTMKQe.exe
  C:\Windows\System\TtTMKQe.exe
  2⤵
  PID:7116
- C:\Windows\System\nRzYIEo.exe
  C:\Windows\System\nRzYIEo.exe
  2⤵
  PID:7140
- C:\Windows\System\LgMKvhO.exe
  C:\Windows\System\LgMKvhO.exe
  2⤵
  PID:2724
- C:\Windows\System\GvbXstU.exe
  C:\Windows\System\GvbXstU.exe
  2⤵
  PID:5488
- C:\Windows\System\JTcSxqJ.exe
  C:\Windows\System\JTcSxqJ.exe
  2⤵
  PID:5892
- C:\Windows\System\gCTRhcp.exe
  C:\Windows\System\gCTRhcp.exe
  2⤵
  PID:5988
- C:\Windows\System\XCUgJCg.exe
  C:\Windows\System\XCUgJCg.exe
  2⤵
  PID:2176
- C:\Windows\System\xRERWiI.exe
  C:\Windows\System\xRERWiI.exe
  2⤵
  PID:6152
- C:\Windows\System\iPIyOPv.exe
  C:\Windows\System\iPIyOPv.exe
  2⤵
  PID:6216
- C:\Windows\System\AxyyLBo.exe
  C:\Windows\System\AxyyLBo.exe
  2⤵
  PID:6292
- C:\Windows\System\vpnHsbK.exe
  C:\Windows\System\vpnHsbK.exe
  2⤵
  PID:6368
- C:\Windows\System\uTLkTZt.exe
  C:\Windows\System\uTLkTZt.exe
  2⤵
  PID:6396
- C:\Windows\System\VkcvnXT.exe
  C:\Windows\System\VkcvnXT.exe
  2⤵
  PID:6436
- C:\Windows\System\mFULBbA.exe
  C:\Windows\System\mFULBbA.exe
  2⤵
  PID:6468
- C:\Windows\System\ETrNgle.exe
  C:\Windows\System\ETrNgle.exe
  2⤵
  PID:6528
- C:\Windows\System\WCZvibW.exe
  C:\Windows\System\WCZvibW.exe
  2⤵
  PID:6592
- C:\Windows\System\oPPIbuC.exe
  C:\Windows\System\oPPIbuC.exe
  2⤵
  PID:6632
- C:\Windows\System\SKtsXNz.exe
  C:\Windows\System\SKtsXNz.exe
  2⤵
  PID:6668
- C:\Windows\System\fezQYlj.exe
  C:\Windows\System\fezQYlj.exe
  2⤵
  PID:6676
- C:\Windows\System\nowUCeq.exe
  C:\Windows\System\nowUCeq.exe
  2⤵
  PID:6732
- C:\Windows\System\VYqdkIM.exe
  C:\Windows\System\VYqdkIM.exe
  2⤵
  PID:6836
- C:\Windows\System\rdmCBLk.exe
  C:\Windows\System\rdmCBLk.exe
  2⤵
  PID:6792
- C:\Windows\System\dSDbmau.exe
  C:\Windows\System\dSDbmau.exe
  2⤵
  PID:6888
- C:\Windows\System\DIWCJSv.exe
  C:\Windows\System\DIWCJSv.exe
  2⤵
  PID:1860
- C:\Windows\System\DscQvrV.exe
  C:\Windows\System\DscQvrV.exe
  2⤵
  PID:6928
- C:\Windows\System\WqcxJQa.exe
  C:\Windows\System\WqcxJQa.exe
  2⤵
  PID:2248
- C:\Windows\System\zVJbUWA.exe
  C:\Windows\System\zVJbUWA.exe
  2⤵
  PID:7072
- C:\Windows\System\quKhGzK.exe
  C:\Windows\System\quKhGzK.exe
  2⤵
  PID:7132
- C:\Windows\System\XuoSZfL.exe
  C:\Windows\System\XuoSZfL.exe
  2⤵
  PID:5228
- C:\Windows\System\TUOOwMP.exe
  C:\Windows\System\TUOOwMP.exe
  2⤵
  PID:5592
- C:\Windows\System\kJmgWbo.exe
  C:\Windows\System\kJmgWbo.exe
  2⤵
  PID:1996
- C:\Windows\System\zfkxZFK.exe
  C:\Windows\System\zfkxZFK.exe
  2⤵
  PID:2844
- C:\Windows\System\UYKZRCI.exe
  C:\Windows\System\UYKZRCI.exe
  2⤵
  PID:3764
- C:\Windows\System\fadtniy.exe
  C:\Windows\System\fadtniy.exe
  2⤵
  PID:1136
- C:\Windows\System\uTzHiAO.exe
  C:\Windows\System\uTzHiAO.exe
  2⤵
  PID:1384
- C:\Windows\System\ZdVUJaP.exe
  C:\Windows\System\ZdVUJaP.exe
  2⤵
  PID:2656
- C:\Windows\System\ysTtvld.exe
  C:\Windows\System\ysTtvld.exe
  2⤵
  PID:2420
- C:\Windows\System\pmmFFyn.exe
  C:\Windows\System\pmmFFyn.exe
  2⤵
  PID:2488
- C:\Windows\System\POutdCm.exe
  C:\Windows\System\POutdCm.exe
  2⤵
  PID:1928
- C:\Windows\System\kRWrPAz.exe
  C:\Windows\System\kRWrPAz.exe
  2⤵
  PID:824
- C:\Windows\System\dDqbRCd.exe
  C:\Windows\System\dDqbRCd.exe
  2⤵
  PID:6428
- C:\Windows\System\zoMgOZs.exe
  C:\Windows\System\zoMgOZs.exe
  2⤵
  PID:6548
- C:\Windows\System\LGiRbqn.exe
  C:\Windows\System\LGiRbqn.exe
  2⤵
  PID:6576
- C:\Windows\System\njRkbQn.exe
  C:\Windows\System\njRkbQn.exe
  2⤵
  PID:2244
- C:\Windows\System\puhdhEf.exe
  C:\Windows\System\puhdhEf.exe
  2⤵
  PID:6916
- C:\Windows\System\JzWzGYO.exe
  C:\Windows\System\JzWzGYO.exe
  2⤵
  PID:6408
- C:\Windows\System\pmCbqeU.exe
  C:\Windows\System\pmCbqeU.exe
  2⤵
  PID:6972
- C:\Windows\System\fekIdXd.exe
  C:\Windows\System\fekIdXd.exe
  2⤵
  PID:7040
- C:\Windows\System\pXRNMIz.exe
  C:\Windows\System\pXRNMIz.exe
  2⤵
  PID:7076
- C:\Windows\System\bwnhBfe.exe
  C:\Windows\System\bwnhBfe.exe
  2⤵
  PID:7120
- C:\Windows\System\iFnzyEh.exe
  C:\Windows\System\iFnzyEh.exe
  2⤵
  PID:1936
- C:\Windows\System\qalQxCB.exe
  C:\Windows\System\qalQxCB.exe
  2⤵
  PID:6192
- C:\Windows\System\dPQjubF.exe
  C:\Windows\System\dPQjubF.exe
  2⤵
  PID:6776
- C:\Windows\System\EhquAjx.exe
  C:\Windows\System\EhquAjx.exe
  2⤵
  PID:6968
- C:\Windows\System\iDJkuVN.exe
  C:\Windows\System\iDJkuVN.exe
  2⤵
  PID:5368
- C:\Windows\System\UkMcvLD.exe
  C:\Windows\System\UkMcvLD.exe
  2⤵
  PID:6248
- C:\Windows\System\nRwclwY.exe
  C:\Windows\System\nRwclwY.exe
  2⤵
  PID:2008
- C:\Windows\System\mwRBgxX.exe
  C:\Windows\System\mwRBgxX.exe
  2⤵
  PID:1256
- C:\Windows\System\SgEQCOG.exe
  C:\Windows\System\SgEQCOG.exe
  2⤵
  PID:6348
- C:\Windows\System\JnFJQFy.exe
  C:\Windows\System\JnFJQFy.exe
  2⤵
  PID:6772
- C:\Windows\System\hsXnDCP.exe
  C:\Windows\System\hsXnDCP.exe
  2⤵
  PID:6692
- C:\Windows\System\fdMNfKq.exe
  C:\Windows\System\fdMNfKq.exe
  2⤵
  PID:6696
- C:\Windows\System\PsCFaUQ.exe
  C:\Windows\System\PsCFaUQ.exe
  2⤵
  PID:6392
- C:\Windows\System\gGHsCNL.exe
  C:\Windows\System\gGHsCNL.exe
  2⤵
  PID:7160
- C:\Windows\System\RwyUmRi.exe
  C:\Windows\System\RwyUmRi.exe
  2⤵
  PID:6492
- C:\Windows\System\EMKmQGN.exe
  C:\Windows\System\EMKmQGN.exe
  2⤵
  PID:4492
- C:\Windows\System\UOGjeZy.exe
  C:\Windows\System\UOGjeZy.exe
  2⤵
  PID:1048
- C:\Windows\System\dUNQduY.exe
  C:\Windows\System\dUNQduY.exe
  2⤵
  PID:1884
- C:\Windows\System\Wjayomx.exe
  C:\Windows\System\Wjayomx.exe
  2⤵
  PID:4556
- C:\Windows\System\opGEufK.exe
  C:\Windows\System\opGEufK.exe
  2⤵
  PID:6568
- C:\Windows\System\MsHmJIR.exe
  C:\Windows\System\MsHmJIR.exe
  2⤵
  PID:6976
- C:\Windows\System\oyOiMcd.exe
  C:\Windows\System\oyOiMcd.exe
  2⤵
  PID:1084
- C:\Windows\System\WiefHfC.exe
  C:\Windows\System\WiefHfC.exe
  2⤵
  PID:3660
- C:\Windows\System\GBkcrHt.exe
  C:\Windows\System\GBkcrHt.exe
  2⤵
  PID:1720
- C:\Windows\System\xrRMGGe.exe
  C:\Windows\System\xrRMGGe.exe
  2⤵
  PID:6168
- C:\Windows\System\miWIjSE.exe
  C:\Windows\System\miWIjSE.exe
  2⤵
  PID:6120
- C:\Windows\System\ukYKlZL.exe
  C:\Windows\System\ukYKlZL.exe
  2⤵
  PID:7180
- C:\Windows\System\dKVmJyE.exe
  C:\Windows\System\dKVmJyE.exe
  2⤵
  PID:7196
- C:\Windows\System\uFXPLVy.exe
  C:\Windows\System\uFXPLVy.exe
  2⤵
  PID:7220
- C:\Windows\System\AAhAJZd.exe
  C:\Windows\System\AAhAJZd.exe
  2⤵
  PID:7236
- C:\Windows\System\XbKymKP.exe
  C:\Windows\System\XbKymKP.exe
  2⤵
  PID:7252
- C:\Windows\System\PeuLBVZ.exe
  C:\Windows\System\PeuLBVZ.exe
  2⤵
  PID:7268
- C:\Windows\System\yIqvnWd.exe
  C:\Windows\System\yIqvnWd.exe
  2⤵
  PID:7284
- C:\Windows\System\EoKhzZA.exe
  C:\Windows\System\EoKhzZA.exe
  2⤵
  PID:7304
- C:\Windows\System\uueeqDU.exe
  C:\Windows\System\uueeqDU.exe
  2⤵
  PID:7324
- C:\Windows\System\liRTHjg.exe
  C:\Windows\System\liRTHjg.exe
  2⤵
  PID:7344
- C:\Windows\System\CYkWQZo.exe
  C:\Windows\System\CYkWQZo.exe
  2⤵
  PID:7360
- C:\Windows\System\CTdGkYw.exe
  C:\Windows\System\CTdGkYw.exe
  2⤵
  PID:7376
- C:\Windows\System\RShQMqa.exe
  C:\Windows\System\RShQMqa.exe
  2⤵
  PID:7448
- C:\Windows\System\PtCVXBT.exe
  C:\Windows\System\PtCVXBT.exe
  2⤵
  PID:7464
- C:\Windows\System\gCdgpdU.exe
  C:\Windows\System\gCdgpdU.exe
  2⤵
  PID:7484
- C:\Windows\System\YxWygcw.exe
  C:\Windows\System\YxWygcw.exe
  2⤵
  PID:7508
- C:\Windows\System\lGgSzaJ.exe
  C:\Windows\System\lGgSzaJ.exe
  2⤵
  PID:7524
- C:\Windows\System\XRTWIjB.exe
  C:\Windows\System\XRTWIjB.exe
  2⤵
  PID:7552
- C:\Windows\System\wdnmzrL.exe
  C:\Windows\System\wdnmzrL.exe
  2⤵
  PID:7568
- C:\Windows\System\JcyqDKX.exe
  C:\Windows\System\JcyqDKX.exe
  2⤵
  PID:7584
- C:\Windows\System\ydVVGSE.exe
  C:\Windows\System\ydVVGSE.exe
  2⤵
  PID:7600
- C:\Windows\System\ZwOFppu.exe
  C:\Windows\System\ZwOFppu.exe
  2⤵
  PID:7628
- C:\Windows\System\sXuKPjI.exe
  C:\Windows\System\sXuKPjI.exe
  2⤵
  PID:7648
- C:\Windows\System\mZgjknO.exe
  C:\Windows\System\mZgjknO.exe
  2⤵
  PID:7672
- C:\Windows\System\VTDISGc.exe
  C:\Windows\System\VTDISGc.exe
  2⤵
  PID:7688
- C:\Windows\System\fqQmCSY.exe
  C:\Windows\System\fqQmCSY.exe
  2⤵
  PID:7704
- C:\Windows\System\aHThoBS.exe
  C:\Windows\System\aHThoBS.exe
  2⤵
  PID:7720
- C:\Windows\System\jQdQqSG.exe
  C:\Windows\System\jQdQqSG.exe
  2⤵
  PID:7736
- C:\Windows\System\KORikGH.exe
  C:\Windows\System\KORikGH.exe
  2⤵
  PID:7756
- C:\Windows\System\xRpDPtG.exe
  C:\Windows\System\xRpDPtG.exe
  2⤵
  PID:7772
- C:\Windows\System\LULcluX.exe
  C:\Windows\System\LULcluX.exe
  2⤵
  PID:7788
- C:\Windows\System\WHQQALX.exe
  C:\Windows\System\WHQQALX.exe
  2⤵
  PID:7804
- C:\Windows\System\icjFRWN.exe
  C:\Windows\System\icjFRWN.exe
  2⤵
  PID:7820
- C:\Windows\System\UvVDsCN.exe
  C:\Windows\System\UvVDsCN.exe
  2⤵
  PID:7836
- C:\Windows\System\yUmQiMc.exe
  C:\Windows\System\yUmQiMc.exe
  2⤵
  PID:7852
- C:\Windows\System\rwSPLpV.exe
  C:\Windows\System\rwSPLpV.exe
  2⤵
  PID:7896
- C:\Windows\System\vJLMgiF.exe
  C:\Windows\System\vJLMgiF.exe
  2⤵
  PID:7928
- C:\Windows\System\VHuuWjn.exe
  C:\Windows\System\VHuuWjn.exe
  2⤵
  PID:7944
- C:\Windows\System\JZKXnst.exe
  C:\Windows\System\JZKXnst.exe
  2⤵
  PID:7968
- C:\Windows\System\spoztxa.exe
  C:\Windows\System\spoztxa.exe
  2⤵
  PID:7988
- C:\Windows\System\slnaHsm.exe
  C:\Windows\System\slnaHsm.exe
  2⤵
  PID:8008
- C:\Windows\System\ciUKKUd.exe
  C:\Windows\System\ciUKKUd.exe
  2⤵
  PID:8028
- C:\Windows\System\pFQJnFG.exe
  C:\Windows\System\pFQJnFG.exe
  2⤵
  PID:8048
- C:\Windows\System\ftdxfMa.exe
  C:\Windows\System\ftdxfMa.exe
  2⤵
  PID:8068
- C:\Windows\System\FTkWQUk.exe
  C:\Windows\System\FTkWQUk.exe
  2⤵
  PID:8088
- C:\Windows\System\mxjZmdR.exe
  C:\Windows\System\mxjZmdR.exe
  2⤵
  PID:8104
- C:\Windows\System\uuUDOWv.exe
  C:\Windows\System\uuUDOWv.exe
  2⤵
  PID:8120
- C:\Windows\System\PDtNHsd.exe
  C:\Windows\System\PDtNHsd.exe
  2⤵
  PID:8152
- C:\Windows\System\fCBcjIH.exe
  C:\Windows\System\fCBcjIH.exe
  2⤵
  PID:8168
- C:\Windows\System\kVhLsMq.exe
  C:\Windows\System\kVhLsMq.exe
  2⤵
  PID:8184
- C:\Windows\System\HSXPbKF.exe
  C:\Windows\System\HSXPbKF.exe
  2⤵
  PID:2300
- C:\Windows\System\IbwgQgk.exe
  C:\Windows\System\IbwgQgk.exe
  2⤵
  PID:6956
- C:\Windows\System\OGGroHP.exe
  C:\Windows\System\OGGroHP.exe
  2⤵
  PID:7188
- C:\Windows\System\IiNXyJV.exe
  C:\Windows\System\IiNXyJV.exe
  2⤵
  PID:7340
- C:\Windows\System\LcjCsDV.exe
  C:\Windows\System\LcjCsDV.exe
  2⤵
  PID:7332
- C:\Windows\System\sffZCnx.exe
  C:\Windows\System\sffZCnx.exe
  2⤵
  PID:5148
- C:\Windows\System\ASeQixY.exe
  C:\Windows\System\ASeQixY.exe
  2⤵
  PID:7212
- C:\Windows\System\BJHwvQT.exe
  C:\Windows\System\BJHwvQT.exe
  2⤵
  PID:7312
- C:\Windows\System\swKKSzg.exe
  C:\Windows\System\swKKSzg.exe
  2⤵
  PID:7392
- C:\Windows\System\pXlBMdP.exe
  C:\Windows\System\pXlBMdP.exe
  2⤵
  PID:7400
- C:\Windows\System\QUTXsIb.exe
  C:\Windows\System\QUTXsIb.exe
  2⤵
  PID:7416
- C:\Windows\System\sjtTBoM.exe
  C:\Windows\System\sjtTBoM.exe
  2⤵
  PID:7432
- C:\Windows\System\nOdOHDC.exe
  C:\Windows\System\nOdOHDC.exe
  2⤵
  PID:7388
- C:\Windows\System\xDKgxHc.exe
  C:\Windows\System\xDKgxHc.exe
  2⤵
  PID:7492
- C:\Windows\System\QobbLnT.exe
  C:\Windows\System\QobbLnT.exe
  2⤵
  PID:7504
- C:\Windows\System\SQhmYXV.exe
  C:\Windows\System\SQhmYXV.exe
  2⤵
  PID:7516
- C:\Windows\System\TAbkvJg.exe
  C:\Windows\System\TAbkvJg.exe
  2⤵
  PID:7592
- C:\Windows\System\qCOSrlV.exe
  C:\Windows\System\qCOSrlV.exe
  2⤵
  PID:7640
- C:\Windows\System\BWshSKS.exe
  C:\Windows\System\BWshSKS.exe
  2⤵
  PID:7664
- C:\Windows\System\PITaBFd.exe
  C:\Windows\System\PITaBFd.exe
  2⤵
  PID:7716
- C:\Windows\System\BWmHRFO.exe
  C:\Windows\System\BWmHRFO.exe
  2⤵
  PID:7780
- C:\Windows\System\IyYWJeE.exe
  C:\Windows\System\IyYWJeE.exe
  2⤵
  PID:7844
- C:\Windows\System\wdskkaZ.exe
  C:\Windows\System\wdskkaZ.exe
  2⤵
  PID:7728
- C:\Windows\System\MjDiUqY.exe
  C:\Windows\System\MjDiUqY.exe
  2⤵
  PID:7796
- C:\Windows\System\DlVJzto.exe
  C:\Windows\System\DlVJzto.exe
  2⤵
  PID:7860
- C:\Windows\System\BXbIaXF.exe
  C:\Windows\System\BXbIaXF.exe
  2⤵
  PID:7876
- C:\Windows\System\BTDJiaW.exe
  C:\Windows\System\BTDJiaW.exe
  2⤵
  PID:7892
- C:\Windows\System\jjIUODN.exe
  C:\Windows\System\jjIUODN.exe
  2⤵
  PID:7920
- C:\Windows\System\fMYmpyl.exe
  C:\Windows\System\fMYmpyl.exe
  2⤵
  PID:7940
- C:\Windows\System\GyDWPCQ.exe
  C:\Windows\System\GyDWPCQ.exe
  2⤵
  PID:7952
- C:\Windows\System\AaugIIz.exe
  C:\Windows\System\AaugIIz.exe
  2⤵
  PID:8064
- C:\Windows\System\FDGYXFQ.exe
  C:\Windows\System\FDGYXFQ.exe
  2⤵
  PID:8136
- C:\Windows\System\EVcYUcR.exe
  C:\Windows\System\EVcYUcR.exe
  2⤵
  PID:8112
- C:\Windows\System\IWSwIuP.exe
  C:\Windows\System\IWSwIuP.exe
  2⤵
  PID:8160
- C:\Windows\System\vHoAwCz.exe
  C:\Windows\System\vHoAwCz.exe
  2⤵
  PID:7228
- C:\Windows\System\LFMMxAl.exe
  C:\Windows\System\LFMMxAl.exe
  2⤵
  PID:7372
- C:\Windows\System\zHcqvdR.exe
  C:\Windows\System\zHcqvdR.exe
  2⤵
  PID:7060
- C:\Windows\System\KcsZkQu.exe
  C:\Windows\System\KcsZkQu.exe
  2⤵
  PID:7260
- C:\Windows\System\GYCMYqc.exe
  C:\Windows\System\GYCMYqc.exe
  2⤵
  PID:7208
- C:\Windows\System\auMhikx.exe
  C:\Windows\System\auMhikx.exe
  2⤵
  PID:7244
- C:\Windows\System\cSUHPQE.exe
  C:\Windows\System\cSUHPQE.exe
  2⤵
  PID:7352
- C:\Windows\System\ksaIAqO.exe
  C:\Windows\System\ksaIAqO.exe
  2⤵
  PID:7540
- C:\Windows\System\KDhocHo.exe
  C:\Windows\System\KDhocHo.exe
  2⤵
  PID:7500
- C:\Windows\System\atXhBtO.exe
  C:\Windows\System\atXhBtO.exe
  2⤵
  PID:7576
- C:\Windows\System\IrmluVX.exe
  C:\Windows\System\IrmluVX.exe
  2⤵
  PID:7616
- C:\Windows\System\NSEIyzI.exe
  C:\Windows\System\NSEIyzI.exe
  2⤵
  PID:7696
- C:\Windows\System\NnDKkfX.exe
  C:\Windows\System\NnDKkfX.exe
  2⤵
  PID:7816
- C:\Windows\System\xrpoZKM.exe
  C:\Windows\System\xrpoZKM.exe
  2⤵
  PID:7872
- C:\Windows\System\ehOljLv.exe
  C:\Windows\System\ehOljLv.exe
  2⤵
  PID:7984
- C:\Windows\System\ViHYNXt.exe
  C:\Windows\System\ViHYNXt.exe
  2⤵
  PID:7660
- C:\Windows\System\pitmdxR.exe
  C:\Windows\System\pitmdxR.exe
  2⤵
  PID:8004
- C:\Windows\System\vxpnAnb.exe
  C:\Windows\System\vxpnAnb.exe
  2⤵
  PID:7848
- C:\Windows\System\eqEseaR.exe
  C:\Windows\System\eqEseaR.exe
  2⤵
  PID:8060
- C:\Windows\System\eDoGmuN.exe
  C:\Windows\System\eDoGmuN.exe
  2⤵
  PID:8084
- C:\Windows\System\xhdzgoD.exe
  C:\Windows\System\xhdzgoD.exe
  2⤵
  PID:6876
- C:\Windows\System\OURTTwN.exe
  C:\Windows\System\OURTTwN.exe
  2⤵
  PID:2516
- C:\Windows\System\LVbeddR.exe
  C:\Windows\System\LVbeddR.exe
  2⤵
  PID:7424
- C:\Windows\System\gzvUnDG.exe
  C:\Windows\System\gzvUnDG.exe
  2⤵
  PID:8180
- C:\Windows\System\PGflJsD.exe
  C:\Windows\System\PGflJsD.exe
  2⤵
  PID:7404
- C:\Windows\System\KMyYhJM.exe
  C:\Windows\System\KMyYhJM.exe
  2⤵
  PID:7300
- C:\Windows\System\XkFJisE.exe
  C:\Windows\System\XkFJisE.exe
  2⤵
  PID:1856
- C:\Windows\System\ZKOOmUS.exe
  C:\Windows\System\ZKOOmUS.exe
  2⤵
  PID:7620
- C:\Windows\System\nwAvSRr.exe
  C:\Windows\System\nwAvSRr.exe
  2⤵
  PID:7612
- C:\Windows\System\eplxIRD.exe
  C:\Windows\System\eplxIRD.exe
  2⤵
  PID:7744
- C:\Windows\System\qvIJWlL.exe
  C:\Windows\System\qvIJWlL.exe
  2⤵
  PID:7916
- C:\Windows\System\qxDtQRx.exe
  C:\Windows\System\qxDtQRx.exe
  2⤵
  PID:8056
- C:\Windows\System\zCxWuSf.exe
  C:\Windows\System\zCxWuSf.exe
  2⤵
  PID:8040
- C:\Windows\System\DuJrQNX.exe
  C:\Windows\System\DuJrQNX.exe
  2⤵
  PID:8080
- C:\Windows\System\OfynWIJ.exe
  C:\Windows\System\OfynWIJ.exe
  2⤵
  PID:6476
- C:\Windows\System\JiRpNsZ.exe
  C:\Windows\System\JiRpNsZ.exe
  2⤵
  PID:7768
- C:\Windows\System\zvMwgiM.exe
  C:\Windows\System\zvMwgiM.exe
  2⤵
  PID:7624
- C:\Windows\System\npmtekI.exe
  C:\Windows\System\npmtekI.exe
  2⤵
  PID:7868
- C:\Windows\System\ELBbAvG.exe
  C:\Windows\System\ELBbAvG.exe
  2⤵
  PID:7748
- C:\Windows\System\uZYFQNI.exe
  C:\Windows\System\uZYFQNI.exe
  2⤵
  PID:8076
- C:\Windows\System\GMlEjJq.exe
  C:\Windows\System\GMlEjJq.exe
  2⤵
  PID:7472
- C:\Windows\System\AUjFgDV.exe
  C:\Windows\System\AUjFgDV.exe
  2⤵
  PID:7368
- C:\Windows\System\KlfFgzO.exe
  C:\Windows\System\KlfFgzO.exe
  2⤵
  PID:8036
- C:\Windows\System\LkiPgxD.exe
  C:\Windows\System\LkiPgxD.exe
  2⤵
  PID:7684
- C:\Windows\System\KhYFnOo.exe
  C:\Windows\System\KhYFnOo.exe
  2⤵
  PID:7264
- C:\Windows\System\Lquomrm.exe
  C:\Windows\System\Lquomrm.exe
  2⤵
  PID:7412
- C:\Windows\System\qjPxhOs.exe
  C:\Windows\System\qjPxhOs.exe
  2⤵
  PID:7812
- C:\Windows\System\iZWhEYx.exe
  C:\Windows\System\iZWhEYx.exe
  2⤵
  PID:1688
- C:\Windows\System\XorzIDD.exe
  C:\Windows\System\XorzIDD.exe
  2⤵
  PID:7496
- C:\Windows\System\ONMhJBL.exe
  C:\Windows\System\ONMhJBL.exe
  2⤵
  PID:8024
- C:\Windows\System\yxUSGrI.exe
  C:\Windows\System\yxUSGrI.exe
  2⤵
  PID:8196
- C:\Windows\System\DnaKwue.exe
  C:\Windows\System\DnaKwue.exe
  2⤵
  PID:8220
- C:\Windows\System\PddgMTq.exe
  C:\Windows\System\PddgMTq.exe
  2⤵
  PID:8236
- C:\Windows\System\NgOqJjY.exe
  C:\Windows\System\NgOqJjY.exe
  2⤵
  PID:8256
- C:\Windows\System\qNOMUZy.exe
  C:\Windows\System\qNOMUZy.exe
  2⤵
  PID:8284
- C:\Windows\System\evmQXqz.exe
  C:\Windows\System\evmQXqz.exe
  2⤵
  PID:8300
- C:\Windows\System\IWxBlGP.exe
  C:\Windows\System\IWxBlGP.exe
  2⤵
  PID:8320
- C:\Windows\System\GwTTeyG.exe
  C:\Windows\System\GwTTeyG.exe
  2⤵
  PID:8336
- C:\Windows\System\nyAWpZm.exe
  C:\Windows\System\nyAWpZm.exe
  2⤵
  PID:8364
- C:\Windows\System\jmQfTgm.exe
  C:\Windows\System\jmQfTgm.exe
  2⤵
  PID:8380
- C:\Windows\System\sbHAMwl.exe
  C:\Windows\System\sbHAMwl.exe
  2⤵
  PID:8396
- C:\Windows\System\fuXTBhr.exe
  C:\Windows\System\fuXTBhr.exe
  2⤵
  PID:8420
- C:\Windows\System\iLtmbFc.exe
  C:\Windows\System\iLtmbFc.exe
  2⤵
  PID:8440
- C:\Windows\System\cYcIYIZ.exe
  C:\Windows\System\cYcIYIZ.exe
  2⤵
  PID:8460
- C:\Windows\System\rdAnOLU.exe
  C:\Windows\System\rdAnOLU.exe
  2⤵
  PID:8476
- C:\Windows\System\MhJymsi.exe
  C:\Windows\System\MhJymsi.exe
  2⤵
  PID:8492
- C:\Windows\System\bMsvmGH.exe
  C:\Windows\System\bMsvmGH.exe
  2⤵
  PID:8508
- C:\Windows\System\ldQYiuJ.exe
  C:\Windows\System\ldQYiuJ.exe
  2⤵
  PID:8536
- C:\Windows\System\nsgmZgM.exe
  C:\Windows\System\nsgmZgM.exe
  2⤵
  PID:8552
- C:\Windows\System\TXqJVpO.exe
  C:\Windows\System\TXqJVpO.exe
  2⤵
  PID:8572
- C:\Windows\System\xVtFQPF.exe
  C:\Windows\System\xVtFQPF.exe
  2⤵
  PID:8588
- C:\Windows\System\qkNJFJt.exe
  C:\Windows\System\qkNJFJt.exe
  2⤵
  PID:8612
- C:\Windows\System\mbpWxtu.exe
  C:\Windows\System\mbpWxtu.exe
  2⤵
  PID:8632
- C:\Windows\System\ibIrMeR.exe
  C:\Windows\System\ibIrMeR.exe
  2⤵
  PID:8664
- C:\Windows\System\GvXfKCP.exe
  C:\Windows\System\GvXfKCP.exe
  2⤵
  PID:8680
- C:\Windows\System\ukQziXI.exe
  C:\Windows\System\ukQziXI.exe
  2⤵
  PID:8696
- C:\Windows\System\oGplCad.exe
  C:\Windows\System\oGplCad.exe
  2⤵
  PID:8712
- C:\Windows\System\zLEHQaX.exe
  C:\Windows\System\zLEHQaX.exe
  2⤵
  PID:8728
- C:\Windows\System\iByCBzU.exe
  C:\Windows\System\iByCBzU.exe
  2⤵
  PID:8744
- C:\Windows\System\PSOOWTV.exe
  C:\Windows\System\PSOOWTV.exe
  2⤵
  PID:8760
- C:\Windows\System\qBEUnQA.exe
  C:\Windows\System\qBEUnQA.exe
  2⤵
  PID:8776
- C:\Windows\System\gdAXrgk.exe
  C:\Windows\System\gdAXrgk.exe
  2⤵
  PID:8792
- C:\Windows\System\PorbpAc.exe
  C:\Windows\System\PorbpAc.exe
  2⤵
  PID:8812
- C:\Windows\System\jDYMjva.exe
  C:\Windows\System\jDYMjva.exe
  2⤵
  PID:8848
- C:\Windows\System\bxhSwmw.exe
  C:\Windows\System\bxhSwmw.exe
  2⤵
  PID:8876
- C:\Windows\System\JaPKzXZ.exe
  C:\Windows\System\JaPKzXZ.exe
  2⤵
  PID:8900
- C:\Windows\System\ccayEaK.exe
  C:\Windows\System\ccayEaK.exe
  2⤵
  PID:8948
- C:\Windows\System\FawBWsh.exe
  C:\Windows\System\FawBWsh.exe
  2⤵
  PID:8968
- C:\Windows\System\cRXbypM.exe
  C:\Windows\System\cRXbypM.exe
  2⤵
  PID:8984
- C:\Windows\System\xmYCKqm.exe
  C:\Windows\System\xmYCKqm.exe
  2⤵
  PID:9000
- C:\Windows\System\NuRcJJV.exe
  C:\Windows\System\NuRcJJV.exe
  2⤵
  PID:9024
- C:\Windows\System\RLLWzxS.exe
  C:\Windows\System\RLLWzxS.exe
  2⤵
  PID:9040
- C:\Windows\System\oEaQUxD.exe
  C:\Windows\System\oEaQUxD.exe
  2⤵
  PID:9060
- C:\Windows\System\VWfOURc.exe
  C:\Windows\System\VWfOURc.exe
  2⤵
  PID:9076
- C:\Windows\System\cuCCVhw.exe
  C:\Windows\System\cuCCVhw.exe
  2⤵
  PID:9096
- C:\Windows\System\IfJccJG.exe
  C:\Windows\System\IfJccJG.exe
  2⤵
  PID:9128
- C:\Windows\System\KUdlBBd.exe
  C:\Windows\System\KUdlBBd.exe
  2⤵
  PID:9160
- C:\Windows\System\KhYgDVf.exe
  C:\Windows\System\KhYgDVf.exe
  2⤵
  PID:9176
- C:\Windows\System\zPvRmwR.exe
  C:\Windows\System\zPvRmwR.exe
  2⤵
  PID:9192
- C:\Windows\System\KuPZxXG.exe
  C:\Windows\System\KuPZxXG.exe
  2⤵
  PID:9212
- C:\Windows\System\zwgFMyk.exe
  C:\Windows\System\zwgFMyk.exe
  2⤵
  PID:2804
- C:\Windows\System\WGLdhet.exe
  C:\Windows\System\WGLdhet.exe
  2⤵
  PID:8244
- C:\Windows\System\nUIrPPh.exe
  C:\Windows\System\nUIrPPh.exe
  2⤵
  PID:8272
- C:\Windows\System\RggfeTV.exe
  C:\Windows\System\RggfeTV.exe
  2⤵
  PID:8296
- C:\Windows\System\igPzjbD.exe
  C:\Windows\System\igPzjbD.exe
  2⤵
  PID:8332
- C:\Windows\System\wkoigiB.exe
  C:\Windows\System\wkoigiB.exe
  2⤵
  PID:8360
- C:\Windows\System\DBXHQRS.exe
  C:\Windows\System\DBXHQRS.exe
  2⤵
  PID:8416
- C:\Windows\System\oLCqsIP.exe
  C:\Windows\System\oLCqsIP.exe
  2⤵
  PID:8448
- C:\Windows\System\KakdfJo.exe
  C:\Windows\System\KakdfJo.exe
  2⤵
  PID:8484
- C:\Windows\System\VVuQnif.exe
  C:\Windows\System\VVuQnif.exe
  2⤵
  PID:8560
- C:\Windows\System\NEntPMe.exe
  C:\Windows\System\NEntPMe.exe
  2⤵
  PID:8600
- C:\Windows\System\DdvLBZh.exe
  C:\Windows\System\DdvLBZh.exe
  2⤵
  PID:8548
- C:\Windows\System\LMtcDcb.exe
  C:\Windows\System\LMtcDcb.exe
  2⤵
  PID:8648
- C:\Windows\System\wVybvDs.exe
  C:\Windows\System\wVybvDs.exe
  2⤵
  PID:8620
- C:\Windows\System\IBNVHEi.exe
  C:\Windows\System\IBNVHEi.exe
  2⤵
  PID:8692
- C:\Windows\System\eicycMG.exe
  C:\Windows\System\eicycMG.exe
  2⤵
  PID:8784
- C:\Windows\System\gFoxnuX.exe
  C:\Windows\System\gFoxnuX.exe
  2⤵
  PID:8740
- C:\Windows\System\ObQrgDd.exe
  C:\Windows\System\ObQrgDd.exe
  2⤵
  PID:8808
- C:\Windows\System\krfWVTK.exe
  C:\Windows\System\krfWVTK.exe
  2⤵
  PID:8840
- C:\Windows\System\AIACIrc.exe
  C:\Windows\System\AIACIrc.exe
  2⤵
  PID:8768
- C:\Windows\System\jkbBNkb.exe
  C:\Windows\System\jkbBNkb.exe
  2⤵
  PID:8860
- C:\Windows\System\BLqSPRt.exe
  C:\Windows\System\BLqSPRt.exe
  2⤵
  PID:8920
- C:\Windows\System\AhLUTvE.exe
  C:\Windows\System\AhLUTvE.exe
  2⤵
  PID:8956
- C:\Windows\System\DZpSNvi.exe
  C:\Windows\System\DZpSNvi.exe
  2⤵
  PID:9032
- C:\Windows\System\RxylQTc.exe
  C:\Windows\System\RxylQTc.exe
  2⤵
  PID:9012
- C:\Windows\System\rNycaBe.exe
  C:\Windows\System\rNycaBe.exe
  2⤵
  PID:9104
- C:\Windows\System\MMjbDHC.exe
  C:\Windows\System\MMjbDHC.exe
  2⤵
  PID:9052
- C:\Windows\System\KfcGDVi.exe
  C:\Windows\System\KfcGDVi.exe
  2⤵
  PID:9140
- C:\Windows\System\qkQViVL.exe
  C:\Windows\System\qkQViVL.exe
  2⤵
  PID:8804
- C:\Windows\System\QrWkkwJ.exe
  C:\Windows\System\QrWkkwJ.exe
  2⤵
  PID:9184
- C:\Windows\System\RauuoRt.exe
  C:\Windows\System\RauuoRt.exe
  2⤵
  PID:8248
- C:\Windows\System\zhIGgtB.exe
  C:\Windows\System\zhIGgtB.exe
  2⤵
  PID:8292
- C:\Windows\System\mmbiJug.exe
  C:\Windows\System\mmbiJug.exe
  2⤵
  PID:8376
- C:\Windows\System\VwiLzlI.exe
  C:\Windows\System\VwiLzlI.exe
  2⤵
  PID:8328
- C:\Windows\System\hBarFkX.exe
  C:\Windows\System\hBarFkX.exe
  2⤵
  PID:8428
- C:\Windows\System\BdzMpLc.exe
  C:\Windows\System\BdzMpLc.exe
  2⤵
  PID:8516
- C:\Windows\System\cqhIQba.exe
  C:\Windows\System\cqhIQba.exe
  2⤵
  PID:8604
- C:\Windows\System\lwKwJXp.exe
  C:\Windows\System\lwKwJXp.exe
  2⤵
  PID:8472
- C:\Windows\System\NHOHlmD.exe
  C:\Windows\System\NHOHlmD.exe
  2⤵
  PID:8720
- C:\Windows\System\fkYVGcO.exe
  C:\Windows\System\fkYVGcO.exe
  2⤵
  PID:8800
- C:\Windows\System\tOBeLLA.exe
  C:\Windows\System\tOBeLLA.exe
  2⤵
  PID:8832
- C:\Windows\System\eVYonXm.exe
  C:\Windows\System\eVYonXm.exe
  2⤵
  PID:8868
- C:\Windows\System\IrjSUXT.exe
  C:\Windows\System\IrjSUXT.exe
  2⤵
  PID:8892
- C:\Windows\System\fCSfyiK.exe
  C:\Windows\System\fCSfyiK.exe
  2⤵
  PID:8960
- C:\Windows\System\iafxTHw.exe
  C:\Windows\System\iafxTHw.exe
  2⤵
  PID:9008
- C:\Windows\System\zUovgyD.exe
  C:\Windows\System\zUovgyD.exe
  2⤵
  PID:9056
- C:\Windows\System\JdFUffg.exe
  C:\Windows\System\JdFUffg.exe
  2⤵
  PID:9020
- C:\Windows\System\zFlqCVF.exe
  C:\Windows\System\zFlqCVF.exe
  2⤵
  PID:9148
- C:\Windows\System\idiOSXJ.exe
  C:\Windows\System\idiOSXJ.exe
  2⤵
  PID:8208
- C:\Windows\System\NAgmSgW.exe
  C:\Windows\System\NAgmSgW.exe
  2⤵
  PID:8280
- C:\Windows\System\YZdyEbN.exe
  C:\Windows\System\YZdyEbN.exe
  2⤵
  PID:8488
- C:\Windows\System\rNKnohc.exe
  C:\Windows\System\rNKnohc.exe
  2⤵
  PID:8544
- C:\Windows\System\smDsBDH.exe
  C:\Windows\System\smDsBDH.exe
  2⤵
  PID:8352
- C:\Windows\System\zDnpsbS.exe
  C:\Windows\System\zDnpsbS.exe
  2⤵
  PID:8656
- C:\Windows\System\pOqMfES.exe
  C:\Windows\System\pOqMfES.exe
  2⤵
  PID:8688
- C:\Windows\System\NbchJaH.exe
  C:\Windows\System\NbchJaH.exe
  2⤵
  PID:8820
- C:\Windows\System\NHCeJLk.exe
  C:\Windows\System\NHCeJLk.exe
  2⤵
  PID:8932
- C:\Windows\System\mTAcDcV.exe
  C:\Windows\System\mTAcDcV.exe
  2⤵
  PID:8992
- C:\Windows\System\BIbnpFi.exe
  C:\Windows\System\BIbnpFi.exe
  2⤵
  PID:9048
- C:\Windows\System\IqIhKPX.exe
  C:\Windows\System\IqIhKPX.exe
  2⤵
  PID:8212
- C:\Windows\System\tRIbWZt.exe
  C:\Windows\System\tRIbWZt.exe
  2⤵
  PID:8268
- C:\Windows\System\bLEsMat.exe
  C:\Windows\System\bLEsMat.exe
  2⤵
  PID:8408
- C:\Windows\System\hjWtiDV.exe
  C:\Windows\System\hjWtiDV.exe
  2⤵
  PID:8772
- C:\Windows\System\ZKplviS.exe
  C:\Windows\System\ZKplviS.exe
  2⤵
  PID:9168
- C:\Windows\System\seHDIoM.exe
  C:\Windows\System\seHDIoM.exe
  2⤵
  PID:8528
- C:\Windows\System\egaanry.exe
  C:\Windows\System\egaanry.exe
  2⤵
  PID:8404
- C:\Windows\System\sQvLLrT.exe
  C:\Windows\System\sQvLLrT.exe
  2⤵
  PID:8924
- C:\Windows\System\sYCzgwD.exe
  C:\Windows\System\sYCzgwD.exe
  2⤵
  PID:8264
- C:\Windows\System\iylfsGj.exe
  C:\Windows\System\iylfsGj.exe
  2⤵
  PID:8856
- C:\Windows\System\DCGfQJS.exe
  C:\Windows\System\DCGfQJS.exe
  2⤵
  PID:8908
- C:\Windows\System\dlFiWjS.exe
  C:\Windows\System\dlFiWjS.exe
  2⤵
  PID:9144
- C:\Windows\System\IgCAhnW.exe
  C:\Windows\System\IgCAhnW.exe
  2⤵
  PID:8704
- C:\Windows\System\wMdrCKg.exe
  C:\Windows\System\wMdrCKg.exe
  2⤵
  PID:9172
- C:\Windows\System\JBnWcPs.exe
  C:\Windows\System\JBnWcPs.exe
  2⤵
  PID:8532
- C:\Windows\System\bjANTLG.exe
  C:\Windows\System\bjANTLG.exe
  2⤵
  PID:8756
- C:\Windows\System\ZtfyoZi.exe
  C:\Windows\System\ZtfyoZi.exe
  2⤵
  PID:9236
- C:\Windows\System\CXAuXiA.exe
  C:\Windows\System\CXAuXiA.exe
  2⤵
  PID:9252
- C:\Windows\System\OPLxmdu.exe
  C:\Windows\System\OPLxmdu.exe
  2⤵
  PID:9268
- C:\Windows\System\XZgPyrw.exe
  C:\Windows\System\XZgPyrw.exe
  2⤵
  PID:9284
- C:\Windows\System\XcuyCWM.exe
  C:\Windows\System\XcuyCWM.exe
  2⤵
  PID:9300
- C:\Windows\System\VqJEyAQ.exe
  C:\Windows\System\VqJEyAQ.exe
  2⤵
  PID:9328
- C:\Windows\System\xSYTXml.exe
  C:\Windows\System\xSYTXml.exe
  2⤵
  PID:9348
- C:\Windows\System\aUIrcwE.exe
  C:\Windows\System\aUIrcwE.exe
  2⤵
  PID:9364
- C:\Windows\System\LhYEHuu.exe
  C:\Windows\System\LhYEHuu.exe
  2⤵
  PID:9384
- C:\Windows\System\ZUVAeeB.exe
  C:\Windows\System\ZUVAeeB.exe
  2⤵
  PID:9400
- C:\Windows\System\qNUgFdS.exe
  C:\Windows\System\qNUgFdS.exe
  2⤵
  PID:9420
- C:\Windows\System\RkDLRsZ.exe
  C:\Windows\System\RkDLRsZ.exe
  2⤵
  PID:9444
- C:\Windows\System\KuWKjqI.exe
  C:\Windows\System\KuWKjqI.exe
  2⤵
  PID:9460
- C:\Windows\System\MDroalW.exe
  C:\Windows\System\MDroalW.exe
  2⤵
  PID:9476
- C:\Windows\System\QQLrCal.exe
  C:\Windows\System\QQLrCal.exe
  2⤵
  PID:9492
- C:\Windows\System\JXMMkCV.exe
  C:\Windows\System\JXMMkCV.exe
  2⤵
  PID:9508
- C:\Windows\System\kiDVhVT.exe
  C:\Windows\System\kiDVhVT.exe
  2⤵
  PID:9528
- C:\Windows\System\EPzYLDo.exe
  C:\Windows\System\EPzYLDo.exe
  2⤵
  PID:9560
- C:\Windows\System\TQUiXie.exe
  C:\Windows\System\TQUiXie.exe
  2⤵
  PID:9580
- C:\Windows\System\zQPPFXj.exe
  C:\Windows\System\zQPPFXj.exe
  2⤵
  PID:9596
- C:\Windows\System\scBjEcI.exe
  C:\Windows\System\scBjEcI.exe
  2⤵
  PID:9612
- C:\Windows\System\akAgcNB.exe
  C:\Windows\System\akAgcNB.exe
  2⤵
  PID:9636
- C:\Windows\System\DikrZEF.exe
  C:\Windows\System\DikrZEF.exe
  2⤵
  PID:9656
- C:\Windows\System\cJDRURA.exe
  C:\Windows\System\cJDRURA.exe
  2⤵
  PID:9680
- C:\Windows\System\Ozaosfw.exe
  C:\Windows\System\Ozaosfw.exe
  2⤵
  PID:9696
- C:\Windows\System\dTBRnWN.exe
  C:\Windows\System\dTBRnWN.exe
  2⤵
  PID:9748
- C:\Windows\System\YEIFqVQ.exe
  C:\Windows\System\YEIFqVQ.exe
  2⤵
  PID:9780
- C:\Windows\System\ZfzlQwr.exe
  C:\Windows\System\ZfzlQwr.exe
  2⤵
  PID:9816
- C:\Windows\System\frwkYJl.exe
  C:\Windows\System\frwkYJl.exe
  2⤵
  PID:9836
- C:\Windows\System\DirIHUO.exe
  C:\Windows\System\DirIHUO.exe
  2⤵
  PID:9856
- C:\Windows\System\SbTidQh.exe
  C:\Windows\System\SbTidQh.exe
  2⤵
  PID:9880
- C:\Windows\System\ycjuQkR.exe
  C:\Windows\System\ycjuQkR.exe
  2⤵
  PID:9896
- C:\Windows\System\HKJEhDC.exe
  C:\Windows\System\HKJEhDC.exe
  2⤵
  PID:9912
- C:\Windows\System\BGFuHwT.exe
  C:\Windows\System\BGFuHwT.exe
  2⤵
  PID:9928
- C:\Windows\System\eubntUF.exe
  C:\Windows\System\eubntUF.exe
  2⤵
  PID:9952
- C:\Windows\System\VAlqACw.exe
  C:\Windows\System\VAlqACw.exe
  2⤵
  PID:9972
- C:\Windows\System\KfFjGvz.exe
  C:\Windows\System\KfFjGvz.exe
  2⤵
  PID:9992
- C:\Windows\System\iOCsAuW.exe
  C:\Windows\System\iOCsAuW.exe
  2⤵
  PID:10008
- C:\Windows\System\mnDYkRy.exe
  C:\Windows\System\mnDYkRy.exe
  2⤵
  PID:10024
- C:\Windows\System\zVMFlxS.exe
  C:\Windows\System\zVMFlxS.exe
  2⤵
  PID:10068
- C:\Windows\System\TZnLlgY.exe
  C:\Windows\System\TZnLlgY.exe
  2⤵
  PID:10084
- C:\Windows\System\EuzdpNU.exe
  C:\Windows\System\EuzdpNU.exe
  2⤵
  PID:10100
- C:\Windows\System\YqmXKuk.exe
  C:\Windows\System\YqmXKuk.exe
  2⤵
  PID:10116
- C:\Windows\System\FNaaYqc.exe
  C:\Windows\System\FNaaYqc.exe
  2⤵
  PID:10136
- C:\Windows\System\bptgQoe.exe
  C:\Windows\System\bptgQoe.exe
  2⤵
  PID:10156
- C:\Windows\System\cMQlxkI.exe
  C:\Windows\System\cMQlxkI.exe
  2⤵
  PID:10176
- C:\Windows\System\ftqLgRy.exe
  C:\Windows\System\ftqLgRy.exe
  2⤵
  PID:10212
- C:\Windows\System\SthUTyb.exe
  C:\Windows\System\SthUTyb.exe
  2⤵
  PID:10232
- C:\Windows\System\xWprYEp.exe
  C:\Windows\System\xWprYEp.exe
  2⤵
  PID:9228
- C:\Windows\System\rVoNnZv.exe
  C:\Windows\System\rVoNnZv.exe
  2⤵
  PID:9296
- C:\Windows\System\MrPDOXN.exe
  C:\Windows\System\MrPDOXN.exe
  2⤵
  PID:9376
- C:\Windows\System\XDAjBgZ.exe
  C:\Windows\System\XDAjBgZ.exe
  2⤵
  PID:8752
- C:\Windows\System\AkTYlhM.exe
  C:\Windows\System\AkTYlhM.exe
  2⤵
  PID:9520
- C:\Windows\System\jQjzDtV.exe
  C:\Windows\System\jQjzDtV.exe
  2⤵
  PID:8228
- C:\Windows\System\wfbAUHc.exe
  C:\Windows\System\wfbAUHc.exe
  2⤵
  PID:9356
- C:\Windows\System\dXCehsH.exe
  C:\Windows\System\dXCehsH.exe
  2⤵
  PID:9436
- C:\Windows\System\dAmkVgA.exe
  C:\Windows\System\dAmkVgA.exe
  2⤵
  PID:9276
- C:\Windows\System\VaPOCpk.exe
  C:\Windows\System\VaPOCpk.exe
  2⤵
  PID:9280
- C:\Windows\System\QbAkrKa.exe
  C:\Windows\System\QbAkrKa.exe
  2⤵
  PID:9608
- C:\Windows\System\XOVOYKL.exe
  C:\Windows\System\XOVOYKL.exe
  2⤵
  PID:9692
- C:\Windows\System\YUCXznH.exe
  C:\Windows\System\YUCXznH.exe
  2⤵
  PID:9588
- C:\Windows\System\WDMKwxZ.exe
  C:\Windows\System\WDMKwxZ.exe
  2⤵
  PID:9720
- C:\Windows\System\itXUnHZ.exe
  C:\Windows\System\itXUnHZ.exe
  2⤵
  PID:9668
- C:\Windows\System\YytsgSE.exe
  C:\Windows\System\YytsgSE.exe
  2⤵
  PID:9756
- C:\Windows\System\ReBazAq.exe
  C:\Windows\System\ReBazAq.exe
  2⤵
  PID:9740
- C:\Windows\System\NEnaABk.exe
  C:\Windows\System\NEnaABk.exe
  2⤵
  PID:9800
- C:\Windows\System\mIxaqbb.exe
  C:\Windows\System\mIxaqbb.exe
  2⤵
  PID:9852
- C:\Windows\System\vmZiJRG.exe
  C:\Windows\System\vmZiJRG.exe
  2⤵
  PID:9908
- C:\Windows\System\IlhxkJF.exe
  C:\Windows\System\IlhxkJF.exe
  2⤵
  PID:9944
- C:\Windows\System\oXPJDZO.exe
  C:\Windows\System\oXPJDZO.exe
  2⤵
  PID:10016
- C:\Windows\System\MpZEtgx.exe
  C:\Windows\System\MpZEtgx.exe
  2⤵
  PID:9924
- C:\Windows\System\HXpwDrY.exe
  C:\Windows\System\HXpwDrY.exe
  2⤵
  PID:10036
- C:\Windows\System\bMWlmFb.exe
  C:\Windows\System\bMWlmFb.exe
  2⤵
  PID:10056
- C:\Windows\System\hLfjhYy.exe
  C:\Windows\System\hLfjhYy.exe
  2⤵
  PID:10112
- C:\Windows\System\rhDRAhp.exe
  C:\Windows\System\rhDRAhp.exe
  2⤵
  PID:10092
- C:\Windows\System\FROMpHO.exe
  C:\Windows\System\FROMpHO.exe
  2⤵
  PID:10124
- C:\Windows\System\kqbZeeN.exe
  C:\Windows\System\kqbZeeN.exe
  2⤵
  PID:10228
- C:\Windows\System\LSFpcBB.exe
  C:\Windows\System\LSFpcBB.exe
  2⤵
  PID:9224
- C:\Windows\System\aNvzCbQ.exe
  C:\Windows\System\aNvzCbQ.exe
  2⤵
  PID:9344
- C:\Windows\System\cRigyBT.exe
  C:\Windows\System\cRigyBT.exe
  2⤵
  PID:9416
- C:\Windows\System\oSnPjYI.exe
  C:\Windows\System\oSnPjYI.exe
  2⤵
  PID:9488
- C:\Windows\System\aEvRKdn.exe
  C:\Windows\System\aEvRKdn.exe
  2⤵
  PID:9316
- C:\Windows\System\qwGEPrx.exe
  C:\Windows\System\qwGEPrx.exe
  2⤵
  PID:10052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\FqOqeDO.exe

Filesize
6.1MB

MD5
4a6b4f8e7326e746f92055071e338c12

SHA1
617de52bc8bc9200b790534339e189910c1ec05f

SHA256
1a773f5251d9aaba11439169f5c0dcdaa9acc9f7a465f11add68b4d0923fc1a0

SHA512
e145b8310a5ea9d7e32fb995282a9d22575760d533afefa7e71c5e1cd5ac51cb994155a6dea8357ca24366639a0f9c92f8a92e7fbd19ee9fe2e7899a47680db1

Download Submit
C:\Windows\system\GqTKfXY.exe

Filesize
6.1MB

MD5
ff5b3e6d7253929d2c7dce7871345007

SHA1
7eb90dae8dca0f7cef7474a44200644d1fddb1d5

SHA256
62b94f6106d9c40fd4023e88299c6b562a6132d357b8af43756822e76bb8f799

SHA512
22f814e068a6e6c25b114a5a454671f3f75904e723a27997c15e329b2379a425769efa58834ada9c234eef534b9e8be3f6e735a537ea9e9629e54b1d77f11494

Download Submit
C:\Windows\system\HXEfzJf.exe

Filesize
6.1MB

MD5
ea5439b0a8aa47bed6cdef48a4d472a5

SHA1
b71492204bc4b21d50deec495fcb883fca02fccf

SHA256
6b6e02a658d1bdc2e23f93cfed17892b7cacafb5dac35a29fc4867ff7d8e9c50

SHA512
1b704440048a725a0cf859db126ed407b4317f021cfbfb6fbaa7005220d96bd43e982746b6443f3632b731ee3dd4358533c4593aacc625969c42450bc599ccbd

Download Submit
C:\Windows\system\HzoxEIz.exe

Filesize
6.1MB

MD5
3e1af461e7d7c27ded98c4ef0d15a657

SHA1
e7b3f8559986ffa4fe4160110382762621eef832

SHA256
d1f8178b5f69440cb11fcfb65fe3ecbbe59b057211980fd833e760bd3ed1e386

SHA512
507a16bb0c4f0852f11758fd34f97e7bfa405cb9b95dbbc1efb6bc12e37b472daf8281b4ec8421e231eca67aae42651af9f3a21f34b1b5f5dca86ce493559a79

Download Submit
C:\Windows\system\MGDasIs.exe

Filesize
6.1MB

MD5
a781c088fbb005d126740868fb4d19e2

SHA1
7b39d5d00a13ef9217b44e3f4ab4de4cbf91a9fd

SHA256
a9f4916b1d22b68698a8798424c742c34c5cbdd8215732aae2ccd19468bb8b2a

SHA512
44129ae95e311e44348a9ab0382f0143ae1b4fe77f48d078e66fc9df35f2ba526d9e0f43268434c23ba85ee956c54ca967d590298fd75be8015eddd89351bb98

Download Submit
C:\Windows\system\MRBloDD.exe

Filesize
6.1MB

MD5
fd171026020a83cce1afccd6de9f9a41

SHA1
175994f3925849f6de2039c65e0dbaf9ab21daf9

SHA256
168d7b20917339991323bfcd4d5743ccea8aeb8e704007cde64d87edc2409281

SHA512
1243d87fcaf202affc75b52ae45a3494c0bf8f1f619575ec2f37cd488f05234d878a853241619743df3074a0b7b21615c9ee5cfabe87d8ab61c5d17aa7c73cb2

Download Submit
C:\Windows\system\NsnRFwp.exe

Filesize
6.1MB

MD5
e10128960dd58c2cf284fbf33aa43f21

SHA1
67ce9489b43e700718f0c9271d5e466aa00edb46

SHA256
6d108e7b563129c571fd9caf5553a9ad65a9e07c0740794eddb394da4fac9b70

SHA512
1c54751536dfb31069daceb027761597cad964c70e7bff117c3505b0c66477c1903f0ec71d7f00963d926d8e203b1049d42f5e5975da14dd5b03b4613f56a5f1

Download Submit
C:\Windows\system\PVgHPjk.exe

Filesize
6.1MB

MD5
a71684924f2294be03045bd46c9dc2a2

SHA1
10045863aa251e923e0d6a746fcd0b4ca6bc0d3a

SHA256
26a9fd35abedfff49e171beccfc44f0e036a71436dc15016991e7c99db806d11

SHA512
ac9f270f59b4d28e4ad2c46fb4db2c8ecae4ddcc327275da35fedb62fe0a6c8e28e1010d9a6296abd36fde0d696054f331150bb0689bab0396f2b143deff5870

Download Submit
C:\Windows\system\QkbWmoe.exe

Filesize
6.1MB

MD5
6c5bd2d178da7e68ddfc9d7b3e4f1b5a

SHA1
36cb81862a267c58d27d4bc6ab885f6f72d1c809

SHA256
c98f53212842884cf5b9e61d8a5966ff69fe6e26338df509b517970dce358253

SHA512
38b27ee00fd2eac24cd50155d17a90180c9bdfc309bb34bbdd08fa0f76947164b054935562ae4a0aa50a19ef865c8aec7fbf48a1b1b389528542be8b7dfa4391

Download Submit
C:\Windows\system\RscmlMi.exe

Filesize
6.1MB

MD5
8dea0de3365933d011fea72da1c34fd8

SHA1
2b37cd17c38e0136985952ad2aeda8083b923814

SHA256
746241753f38432d37e803099b9c67087e56b33a5294f6f99483b65a786eb32e

SHA512
3ea5d42d1f61aed0a187efa1182f513e410d8d6066f072ca0d7e40ccba657d61ffd6b1880f5cfe2905178bc86685dcc33651760865768e92d6b0f5429f5a82a7

Download Submit
C:\Windows\system\TqjvKWm.exe

Filesize
6.1MB

MD5
b4d2e7d97ec7219639450230b3b04d24

SHA1
0c145ad15d4b738fb936d35ce481e30472a88084

SHA256
0a9500ffaa3101490e56491af8d27f86070a23008980b81e3f6e79d625abbb22

SHA512
9fef51cb178b750e7fa101d9e3bb2d21222177f4beea8aac7f107ea17275e6aaac20ab861e2a87343b962d3ac00329ed129e15872eed18d0bd288b47949b3e5b

Download Submit
C:\Windows\system\VDHoFYE.exe

Filesize
6.1MB

MD5
00893e12f8703284d1bcf1ef0aa3dd22

SHA1
d94e2dc60d10f3be1a0d88e9f584efccac285bee

SHA256
32c0d2d9d75dec073ef80e6314c722bc8200c603f02c750e1a962c95b142d6bb

SHA512
41ddf587ea01548762f2d0ad2e948d1607deb1d69d2e1a257008dd85c72b66b26d61e03b784a5f2d13bf2238f5007ce90236f98d815999d1349101429e6126eb

Download Submit
C:\Windows\system\YYsDcQV.exe

Filesize
6.1MB

MD5
9347b7c9b6487949af0d35f859852793

SHA1
0cce72b45b1ee2a53e7ddc3985dc90d6d8c5aefc

SHA256
1a1c7776d0a385ace71c916fd28f76b93414096dbd7662b0bbe3d8402a866dec

SHA512
181cdb6cb917c99a6496b8caa9e19691a666ac8063a3805ea836b3eabf8f1e2f582d84dfce8c3156ba5b35b206c6f405b9b1a5ca5a01f9878b06d9156e4414df

Download Submit
C:\Windows\system\btEmOiN.exe

Filesize
6.1MB

MD5
871e0e37977daf4914638aa72fd25e4a

SHA1
48d8765a4b4fbebb43c2dca649c7156497fb2767

SHA256
f255c831d8fb3df74b0f2ee67f20ff3a10133b2f8387c17fed41f389937f467e

SHA512
e864eafb634b73c05faabbf0716d079d31a1cee5c74df7e3cfda032999884d5f05a1cb81ad2a7863af7faacbb913fe78388dd6c7f506a67141cec7a5d5d14917

Download Submit
C:\Windows\system\cFUhnrA.exe

Filesize
6.1MB

MD5
061d7c0b3a55ebdd5dec0c5e9cbf6f66

SHA1
51077bddd553cd3ec27afc10e1f998c38c41dc81

SHA256
cf6bb04e297134c91e87fb8d4c4b4b1e555363b1e94813d68f9149346a991ae4

SHA512
83f0385e57367ce4de79c2fc8cdfc0eb9ab2fb39a08ce068fe56fb9dd48c1f2f56e67c2a129e5db5e867eb74790c8137a6147ecf3e3c17e4aa14c2a1a058341c

Download Submit
C:\Windows\system\cIdUzOC.exe

Filesize
6.1MB

MD5
2f2db870c3ad570f349d8a0d0e493707

SHA1
09cb59ad9a8868b72a003a7dfe37677720e0a358

SHA256
d718e6cb2fccfe001c23187679bab817eb56d5c09f2fc495d218a95e6d8bcf36

SHA512
a0652c9773654645da5c09ff97e48eec98e344f57d92b314713577356413e85e24fd8e64d8f01817152a80a4e1e0ca770af664cd58ece167f87afa3188b66071

Download Submit
C:\Windows\system\dIwUjBb.exe

Filesize
6.1MB

MD5
7bcc5017821622227a821fa6208eef03

SHA1
7bfb0a91aec16412741361dde5db8c7141e553cf

SHA256
74581bc98366ad354fe830627cee844bfd7185221648cb00f2bb727b235381a8

SHA512
4120db7761aeace2c12ca0ac661ddde3a2c7d5cf53bdb5d7a7fe5e20de5ae4fac94f9ac91c1549a921ad7f2c08f232aaac5eabd1394d378f9b14922a548052ed

Download Submit
C:\Windows\system\djWfKOK.exe

Filesize
6.1MB

MD5
8659d7f899a6f02d3236c6275e7ed623

SHA1
eee18dad18ad41498af51bba9a77ab913777c9f3

SHA256
18953e25fa600ff3bb53b05a8580bbda84809b380da1a2d86cd10eae95012b4b

SHA512
af3fda3e7faaace47bb7b42682d2cbcbf28549c080bf02a8ebd7acece98d544b0162aff970051acbe992f94e14a807d43d32248163203c308471faadfaa9e36a

Download Submit
C:\Windows\system\kyNiEVx.exe

Filesize
6.1MB

MD5
056f674a0a8d7da845275fab1fd3f3d6

SHA1
5060efb2f1863844e356413f85d36a2727439c27

SHA256
b8c89a9cd102af7ec7ff6683e55ccbb0899483eadf84ebc8534d66bbd2367e3e

SHA512
37cb766dca04fc22e84eab7e5c35e30ff365d788996a07474bb4e2cffe7ff1272f3fb1ceb30c6b08023785d780b7afcb9eacc608a2e4b290763cd5fae0f5754b

Download Submit
C:\Windows\system\mFzQKrc.exe

Filesize
6.1MB

MD5
ab3ea7ef6bcf810b8dfb8ba598c1bd40

SHA1
e9ca086dd7e55ca699464d1c4ec91368dbafd5ab

SHA256
b52da8b173e0e94e2d6279643caf7df339155f11eb0538f66a9347271a0af542

SHA512
3341611102a40c1c871ab238f7d9714ca7ebffbc8d0e202504f2fdd45ff86ab8a6ba3790c490c58922ef49fcf7378b5761d3ee3605d0733ed7a00b34d4dbb2d4

Download Submit
C:\Windows\system\myifbhl.exe

Filesize
6.1MB

MD5
f4d19428084fefb9f8687ae3c20ebceb

SHA1
7622ce01544a9bc255db2ca53950b7b5f2876170

SHA256
1806194bd663bf06f0b84a19558b2a06e7680a3f38e6ac69d170665f445a657b

SHA512
6ebe2f06db21d3c31c488c7f44acee28f38d4540ca86b26d42fbda52c558e035980155ba00096be02a78430a89787f5d886a85a72b0b7f10711d115b5087e7bd

Download Submit
C:\Windows\system\nEGEiMC.exe

Filesize
6.1MB

MD5
f9318b05e28cb93b39f76614f31048b8

SHA1
a3bdfcf2113b280a2072fbed3398e95cf0be4019

SHA256
640d6e05c3c3f4b21cf7b6459fa1bb9fb95453a4452189eb03aae8e86bb5aa80

SHA512
56cd0d52df3c91730adc0c7fe3aeaa74180ae691655c6c68928cda7318aaaf75a93fe728e6c0cbdfc504e6c291fea0d09f387289b64919fdb40ebd0a4dc60520

Download Submit
C:\Windows\system\ncChmIe.exe

Filesize
6.1MB

MD5
a1f1676304d825a3957bc051b4ec9326

SHA1
0b41e8400f9d891fc72233cd1ff0846d60fbcfe8

SHA256
38d3596c535b154361c618a2a45a21694fbdd14967e612c32ba7fe1d346fd545

SHA512
6a321264a7b33b107da2fb4e9d59480ce653ee7661259ac33f23c35aa80cdc64bfec874629f1d29c1ada8d44feb825f0b3d0a56e7b45d00f5dff9ebf5faf49b0

Download Submit
C:\Windows\system\pGKDKpc.exe

Filesize
6.1MB

MD5
79e1d6901a56a170583ea1933562a13e

SHA1
47e5a3da8ee422e5c220e37fc6b505049112c0e9

SHA256
ceeaa7b37b0bc917473f0c9298d0248917144300c66e84e38b089147a0ee0bd9

SHA512
e4a1bc38da5b63e0fad2e577144202d4766ccb01432b5a73655a9499f3956e5cf71ed24ea704c0e0cb5381d65a1faba596213347f8ddd8ab6913cb76f25cfc77

Download Submit
C:\Windows\system\rLTtotG.exe

Filesize
6.1MB

MD5
f3f8c87d795a587e9081164ab11c4f42

SHA1
d9d650cdbe99bdecdca65958d8fa675967606091

SHA256
b80d757a73b4c0576a0dbd0e2331263f8f01d1188efff2c5112d325ec4b693c0

SHA512
fb21ae6cca36910cdba0879a001d3c1f081f9c76be9fc9f18f4d4e6610d9e9c61c95c32a3ab25993f4444d06f6cb90d6724c00a73168ada114b8da30203c0e58

Download Submit
C:\Windows\system\rizneDc.exe

Filesize
6.1MB

MD5
5c26e18f224ee0eff2e1386180436930

SHA1
7b89a29277c4bc19cc427dabbd6f7abf89ca51e4

SHA256
985414c05b48158d80fc4ea78a386b76f9c7669dcc9a611a69f752d285cfca92

SHA512
8f7303f6d4795baf82da4316896b99f04c40d5d6468729eba8c34b0fd6510bf05661ba24f7582da3588cb1f7e015273c870b9a74ce0b8add45bbb95e0b0ccdff

Download Submit
C:\Windows\system\tjxGRrp.exe

Filesize
8B

MD5
d306e61f2a998ae8db1c2bccfdfb8913

SHA1
88bfd3904ed9e197f6d6ac97f2b090985c7b5109

SHA256
fec06f3089e2740d157baaecc6a38ed72c06d648bb09daf35783a76f497b3dc1

SHA512
9eac134b099f50362b3caa7263de50981202a77340ceb001eb2063508ddc6ef0ae84aafcb71daa81874452e986a348723d006fd3bba3e7998c0d8b584d55b77d

Download Submit
C:\Windows\system\uxtCoFc.exe

Filesize
6.1MB

MD5
477b0e56b8c5936269a901b1f4df14c0

SHA1
173178fd1accacb48177f3c5269414d416112a15

SHA256
1515fca4af2d4dc22fc8788d1d1855a1ad80f94b60f659c9b4842496fae19812

SHA512
3bb3c0d2c0568996fec4a1b03e3df4387520c5c42505a5db1fabfa614d8067408ce8103be644da590040cc5b9db18e269844c0631874a56db8493c7a8a18c5a6

Download Submit
C:\Windows\system\zxHUCuP.exe

Filesize
6.1MB

MD5
0f4b03ae68c603095fe0fbd176e0dfd7

SHA1
47ecdd7ea2308b164502eae9f13eab6c8d3090bc

SHA256
559b13d74bee56658eef1b238eb3a4a76d6158a6cafbc509474f7b24bb781f5d

SHA512
95b0ab0855cff35384f85a6210931d46b6e710ff5020c592d3ebfbb482525e5adb035f7e62680fe0c446d3d5e19c08f9507cc6cc4ff1cb514abaa7bf13d6917c

Download Submit
\Windows\system\MVViBnS.exe

Filesize
6.1MB

MD5
fabf708a1d13f00ea6b551b932648cb6

SHA1
df86d01195d67ec36efbc4af5b5f8a0e34be2c38

SHA256
347a9128970b1c0e7889e5744ea6b2786ebf7802eb845f58ffb57c113d70c4bc

SHA512
4f4f369f2033765091db3f2439c936f25e9da505109ab7c7fad180d9f211a7b8214ddafc5b78a4c6e76c159f251cb62cecea3ccb2cf74ca8d3107b0bdaad25c7

Download Submit
\Windows\system\TltmMIp.exe

Filesize
6.1MB

MD5
21ef43bb15791956ed66fead075cd0fc

SHA1
0abdb3ceec6cc06ea0a43107f0e5ddbb3e6637c4

SHA256
74b08b316d49831722be29496d27ca181805efbc7c3a0bc0609a7a3b1178f668

SHA512
d3bb30f48da697b3a176a59a6f641e19f45edcb7883ab1392f318b6e9c965319abe6b03e4167c5b0f5b760133ac285b7fed62f3cfdafc181d24557bd3a32cf30

Download Submit
\Windows\system\cnCleuY.exe

Filesize
6.1MB

MD5
df8c4ee818ceca93d2a2d48f7799594e

SHA1
e6f594900c4f3ccd96fca518fbac26428dee28ae

SHA256
04cb7185bdc9c442ff9ef96d311a916a31b7d708db0d2623693649a48e5dd180

SHA512
8be510d7f801f1deeb5536111b090142cddb9184ed813f8090a4b27821400351511c878e0b69dfbd41c5e09c8f7e37dedd215cdd40d1387bc6dbd6039a5d4f50

Download Submit
\Windows\system\qbhQyKY.exe

Filesize
6.1MB

MD5
f92f1a18f75e9a84797798dd0cb896e7

SHA1
b8f1a903c5818f219fcf788feb2e1db7150e84c6

SHA256
e67d0d4a9a87e0d97eee0c06c1db086d4677531e2316ee4a0ddc27f653317020

SHA512
7a5d348b00aa63a634dc940ed80ee54ac7782843a7b148392345db9c8e7d6234670b88a2beef9f02f4c5e019421d7679dfd47f11d57e8ee44b50a80ee8f914d6

Download Submit
memory/480-3584-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/480-83-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/480-471-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1228-43-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1228-100-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1228-79-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1228-72-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1228-6-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1228-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1228-38-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/1228-64-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1228-0-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1228-101-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1228-39-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1228-388-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1228-247-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1228-928-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1228-50-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1228-767-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/1556-82-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1556-3610-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1556-47-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2104-3568-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2104-152-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2104-68-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2428-3530-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-90-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-54-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-3587-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2432-75-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2432-307-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2496-830-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3614-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2496-96-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2648-91-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2648-3597-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2648-676-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2688-61-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3608-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-95-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3542-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-21-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-3470-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-20-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-67-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3506-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-37-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3527-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2780-41-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2824-9-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2824-57-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3479-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3514-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2840-40-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download