cobaltstrike | 66a4aa7b94fb86947c8e02c83ded0b88e2727e58151d2a5752ab7bf179f4c9a2

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-09-2024 12:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

f723656f76b05716401767f09873a554
SHA1

8f119545edc8d28eab060e303076019440d179b0
SHA256

66a4aa7b94fb86947c8e02c83ded0b88e2727e58151d2a5752ab7bf179f4c9a2
SHA512

a21682881fd6ecfd2bc34fd011e5275dc27a76ec5875b1ece4c066b71e8f05c5fd316d3a56ae9150fe8e507d9eef19c97d1c1590fc83206fb89d129e34046907
SSDEEP

98304:IapSdlWdfE0pZPD56utgpPFotBER/mQ32lUd:32Y56utgpPF8u/7d

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012119-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dbe-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd1-12.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173f1-29.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000173fc-41.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936b-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c9-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946e-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019442-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944d-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-163.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ae-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946b-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019458-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019423-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a5-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019397-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019356-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019353-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001928c-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-55.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191ff-50.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017472-46.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173f4-36.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd7-15.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016eca-24.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2080-0-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x0007000000012119-3.dat	xmrig
behavioral1/files/0x0008000000016dbe-11.dat	xmrig
behavioral1/files/0x0008000000016dd1-12.dat	xmrig
behavioral1/files/0x00070000000173f1-29.dat	xmrig
behavioral1/files/0x00090000000173fc-41.dat	xmrig
behavioral1/files/0x0005000000019259-65.dat	xmrig
behavioral1/files/0x000500000001936b-100.dat	xmrig
behavioral1/memory/1004-590-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/1672-530-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2548-578-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/1536-609-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2644-607-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2080-1594-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2080-1800-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2080-1799-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2080-1798-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/1416-605-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2888-603-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2820-601-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2836-599-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2760-597-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/804-595-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/1364-593-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2084-591-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194c9-160.dat	xmrig
behavioral1/files/0x000500000001946e-152.dat	xmrig
behavioral1/files/0x000500000001945c-144.dat	xmrig
behavioral1/files/0x0005000000019442-138.dat	xmrig
behavioral1/files/0x000500000001944d-135.dat	xmrig
behavioral1/files/0x0005000000019438-129.dat	xmrig
behavioral1/memory/1604-173-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x00050000000194df-163.dat	xmrig
behavioral1/files/0x00050000000194ae-158.dat	xmrig
behavioral1/files/0x000500000001946b-149.dat	xmrig
behavioral1/files/0x0005000000019458-141.dat	xmrig
behavioral1/files/0x0005000000019423-120.dat	xmrig
behavioral1/files/0x0005000000019426-125.dat	xmrig
behavioral1/files/0x00050000000193a5-115.dat	xmrig
behavioral1/files/0x0005000000019397-110.dat	xmrig
behavioral1/files/0x000500000001937b-105.dat	xmrig
behavioral1/files/0x0005000000019356-95.dat	xmrig
behavioral1/files/0x0005000000019353-90.dat	xmrig
behavioral1/files/0x000500000001928c-85.dat	xmrig
behavioral1/files/0x0005000000019284-80.dat	xmrig
behavioral1/files/0x0005000000019266-75.dat	xmrig
behavioral1/files/0x0005000000019263-70.dat	xmrig
behavioral1/files/0x0005000000019256-60.dat	xmrig
behavioral1/files/0x0005000000019244-55.dat	xmrig
behavioral1/files/0x00070000000191ff-50.dat	xmrig
behavioral1/files/0x0008000000017472-46.dat	xmrig
behavioral1/files/0x00070000000173f4-36.dat	xmrig
behavioral1/files/0x0008000000016dd7-15.dat	xmrig
behavioral1/files/0x0008000000016eca-24.dat	xmrig
behavioral1/memory/2644-3929-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2888-3928-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2836-3927-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/1604-3946-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2548-3945-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/804-3944-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/1004-3943-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2760-3950-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/1416-3956-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/1364-3954-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1604	adNvuCO.exe
1672	CKfycFC.exe
2548	WgedHYt.exe
1004	LxcNsAH.exe
2084	SrZpzbv.exe
1364	FWPBZAS.exe
804	OiSPqZI.exe
2760	OBubbsN.exe
2836	gqejWDe.exe
2820	vWNCywH.exe
2888	hyzvyee.exe
1416	DsGtOQu.exe
2644	LLTDIXF.exe
1536	lgyToBP.exe
2728	dFqJLQl.exe
2604	EMaLJbd.exe
2688	DMPvNAv.exe
2352	vvvolqA.exe
1020	sOODuCd.exe
112	ZayLKwe.exe
2920	VlXjUyc.exe
1724	IFuZczj.exe
2032	azngZTB.exe
1828	MdEcngA.exe
1576	EOpjiFP.exe
3000	CsucEIo.exe
2188	QGCxDok.exe
2340	pyeoXvo.exe
860	ZVLZmra.exe
692	mUKcrOo.exe
1304	JQmTTpg.exe
1176	cwHoqLQ.exe
840	YhmTKGa.exe
2304	lOvseNR.exe
1492	THzXtyo.exe
3016	QvoNlvq.exe
2504	KwcRkpM.exe
1224	zBHiMls.exe
620	RdEmFVj.exe
2408	VCgckIH.exe
1564	dsTTfYt.exe
2876	RsZmiCv.exe
1880	gUGRhAl.exe
1548	Qvdxvup.exe
760	ZhkcLUQ.exe
2112	GGbYrNO.exe
844	wywbhef.exe
904	qaNyRKe.exe
900	wmQHWxx.exe
1708	cfDRJrl.exe
1468	MTuhgWQ.exe
2464	pBZhBFz.exe
2288	dhcjTux.exe
2060	fEeugEm.exe
784	ElHjQHJ.exe
2192	atdmVGM.exe
884	AAJYrzA.exe
2908	NdXUTXz.exe
2236	qgaGcAn.exe
2096	uMigfFF.exe
1744	XFQCoeu.exe
2244	vtqSRNw.exe
1508	GQylnlX.exe
2176	jrMkqyN.exe

Loads dropped DLL 64 IoCs

pid	Process
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2080-0-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x0007000000012119-3.dat	upx
behavioral1/files/0x0008000000016dbe-11.dat	upx
behavioral1/files/0x0008000000016dd1-12.dat	upx
behavioral1/files/0x00070000000173f1-29.dat	upx
behavioral1/files/0x00090000000173fc-41.dat	upx
behavioral1/files/0x0005000000019259-65.dat	upx
behavioral1/files/0x000500000001936b-100.dat	upx
behavioral1/memory/1004-590-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/1672-530-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2548-578-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/1536-609-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2644-607-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2080-1594-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/1416-605-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2888-603-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2820-601-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2836-599-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2760-597-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/804-595-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/1364-593-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2084-591-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x00050000000194c9-160.dat	upx
behavioral1/files/0x000500000001946e-152.dat	upx
behavioral1/files/0x000500000001945c-144.dat	upx
behavioral1/files/0x0005000000019442-138.dat	upx
behavioral1/files/0x000500000001944d-135.dat	upx
behavioral1/files/0x0005000000019438-129.dat	upx
behavioral1/memory/1604-173-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x00050000000194df-163.dat	upx
behavioral1/files/0x00050000000194ae-158.dat	upx
behavioral1/files/0x000500000001946b-149.dat	upx
behavioral1/files/0x0005000000019458-141.dat	upx
behavioral1/files/0x0005000000019423-120.dat	upx
behavioral1/files/0x0005000000019426-125.dat	upx
behavioral1/files/0x00050000000193a5-115.dat	upx
behavioral1/files/0x0005000000019397-110.dat	upx
behavioral1/files/0x000500000001937b-105.dat	upx
behavioral1/files/0x0005000000019356-95.dat	upx
behavioral1/files/0x0005000000019353-90.dat	upx
behavioral1/files/0x000500000001928c-85.dat	upx
behavioral1/files/0x0005000000019284-80.dat	upx
behavioral1/files/0x0005000000019266-75.dat	upx
behavioral1/files/0x0005000000019263-70.dat	upx
behavioral1/files/0x0005000000019256-60.dat	upx
behavioral1/files/0x0005000000019244-55.dat	upx
behavioral1/files/0x00070000000191ff-50.dat	upx
behavioral1/files/0x0008000000017472-46.dat	upx
behavioral1/files/0x00070000000173f4-36.dat	upx
behavioral1/files/0x0008000000016dd7-15.dat	upx
behavioral1/files/0x0008000000016eca-24.dat	upx
behavioral1/memory/2644-3929-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2888-3928-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2836-3927-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/1604-3946-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2548-3945-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/804-3944-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/1004-3943-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2760-3950-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/1416-3956-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/1364-3954-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2084-3951-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/1672-3963-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2820-3971-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZuZTRCd.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxHSujw.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gvnOmvQ.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ChAQeBZ.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pKQDMgP.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YfGjGVW.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QUfUlvo.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnKrBio.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kSCjvgL.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCKyugI.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JCYkbVb.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QxAAoOb.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kggWPnR.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PWKssdg.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PlzKqwu.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CbYUMsx.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IBIuPPJ.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\euweuIO.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ydqixFW.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Mfvhqol.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EyKUZoS.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GJxoxWv.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EjeknMW.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxleudC.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\slEBDRs.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUZoVre.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AlLUSpz.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lxowmCC.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfXumih.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BHQiyCT.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PSRTDxU.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HjKmDHL.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VwAaelQ.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FydwNnl.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IxScgHA.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVMnwip.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzMyMxd.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DecWGuR.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IXXMFUL.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zrQATjH.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rHBSkEy.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tCQgZkl.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLTDIXF.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTuhgWQ.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igoacld.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPicDYj.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INMMUYI.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHJZcUn.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CoKxBfP.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrMkqyN.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zaSWhxO.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPIvbMJ.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kwiuOyf.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IIAoqke.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQWmEBj.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\enrgljh.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNGJJyj.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DIRUSwx.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zQdRRyY.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rqPrBCq.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VvbygrS.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWSnRon.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yYlRTbH.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oqUWsJG.exe	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 1604	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2080 wrote to memory of 1604	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2080 wrote to memory of 1604	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2080 wrote to memory of 1672	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2080 wrote to memory of 1672	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2080 wrote to memory of 1672	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2080 wrote to memory of 2548	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2080 wrote to memory of 2548	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2080 wrote to memory of 2548	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2080 wrote to memory of 2084	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2080 wrote to memory of 2084	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2080 wrote to memory of 2084	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2080 wrote to memory of 1004	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2080 wrote to memory of 1004	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2080 wrote to memory of 1004	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2080 wrote to memory of 1364	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2080 wrote to memory of 1364	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2080 wrote to memory of 1364	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2080 wrote to memory of 804	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2080 wrote to memory of 804	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2080 wrote to memory of 804	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2080 wrote to memory of 2760	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2080 wrote to memory of 2760	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2080 wrote to memory of 2760	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2080 wrote to memory of 2836	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2080 wrote to memory of 2836	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2080 wrote to memory of 2836	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2080 wrote to memory of 2820	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2080 wrote to memory of 2820	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2080 wrote to memory of 2820	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2080 wrote to memory of 2888	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2080 wrote to memory of 2888	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2080 wrote to memory of 2888	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2080 wrote to memory of 1416	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2080 wrote to memory of 1416	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2080 wrote to memory of 1416	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2080 wrote to memory of 2644	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2080 wrote to memory of 2644	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2080 wrote to memory of 2644	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2080 wrote to memory of 1536	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2080 wrote to memory of 1536	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2080 wrote to memory of 1536	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2080 wrote to memory of 2728	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2080 wrote to memory of 2728	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2080 wrote to memory of 2728	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2080 wrote to memory of 2604	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2080 wrote to memory of 2604	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2080 wrote to memory of 2604	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2080 wrote to memory of 2688	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2080 wrote to memory of 2688	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2080 wrote to memory of 2688	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2080 wrote to memory of 2352	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2080 wrote to memory of 2352	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2080 wrote to memory of 2352	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2080 wrote to memory of 1020	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2080 wrote to memory of 1020	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2080 wrote to memory of 1020	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2080 wrote to memory of 112	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2080 wrote to memory of 112	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2080 wrote to memory of 112	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2080 wrote to memory of 2920	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2080 wrote to memory of 2920	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2080 wrote to memory of 2920	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2080 wrote to memory of 1724	2080	2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-14_f723656f76b05716401767f09873a554_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\System\adNvuCO.exe
  C:\Windows\System\adNvuCO.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\CKfycFC.exe
  C:\Windows\System\CKfycFC.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\WgedHYt.exe
  C:\Windows\System\WgedHYt.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\SrZpzbv.exe
  C:\Windows\System\SrZpzbv.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\LxcNsAH.exe
  C:\Windows\System\LxcNsAH.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\FWPBZAS.exe
  C:\Windows\System\FWPBZAS.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\OiSPqZI.exe
  C:\Windows\System\OiSPqZI.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\OBubbsN.exe
  C:\Windows\System\OBubbsN.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\gqejWDe.exe
  C:\Windows\System\gqejWDe.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\vWNCywH.exe
  C:\Windows\System\vWNCywH.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\hyzvyee.exe
  C:\Windows\System\hyzvyee.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\DsGtOQu.exe
  C:\Windows\System\DsGtOQu.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\LLTDIXF.exe
  C:\Windows\System\LLTDIXF.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\lgyToBP.exe
  C:\Windows\System\lgyToBP.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\dFqJLQl.exe
  C:\Windows\System\dFqJLQl.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\EMaLJbd.exe
  C:\Windows\System\EMaLJbd.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\DMPvNAv.exe
  C:\Windows\System\DMPvNAv.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\vvvolqA.exe
  C:\Windows\System\vvvolqA.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\sOODuCd.exe
  C:\Windows\System\sOODuCd.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\ZayLKwe.exe
  C:\Windows\System\ZayLKwe.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\VlXjUyc.exe
  C:\Windows\System\VlXjUyc.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\IFuZczj.exe
  C:\Windows\System\IFuZczj.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\azngZTB.exe
  C:\Windows\System\azngZTB.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\MdEcngA.exe
  C:\Windows\System\MdEcngA.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\EOpjiFP.exe
  C:\Windows\System\EOpjiFP.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\QvoNlvq.exe
  C:\Windows\System\QvoNlvq.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\CsucEIo.exe
  C:\Windows\System\CsucEIo.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\KwcRkpM.exe
  C:\Windows\System\KwcRkpM.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\QGCxDok.exe
  C:\Windows\System\QGCxDok.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\VCgckIH.exe
  C:\Windows\System\VCgckIH.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\pyeoXvo.exe
  C:\Windows\System\pyeoXvo.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\dsTTfYt.exe
  C:\Windows\System\dsTTfYt.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\ZVLZmra.exe
  C:\Windows\System\ZVLZmra.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\RsZmiCv.exe
  C:\Windows\System\RsZmiCv.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\mUKcrOo.exe
  C:\Windows\System\mUKcrOo.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\gUGRhAl.exe
  C:\Windows\System\gUGRhAl.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\JQmTTpg.exe
  C:\Windows\System\JQmTTpg.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\Qvdxvup.exe
  C:\Windows\System\Qvdxvup.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\cwHoqLQ.exe
  C:\Windows\System\cwHoqLQ.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\ZhkcLUQ.exe
  C:\Windows\System\ZhkcLUQ.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\YhmTKGa.exe
  C:\Windows\System\YhmTKGa.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\GGbYrNO.exe
  C:\Windows\System\GGbYrNO.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\lOvseNR.exe
  C:\Windows\System\lOvseNR.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\wywbhef.exe
  C:\Windows\System\wywbhef.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\THzXtyo.exe
  C:\Windows\System\THzXtyo.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\qaNyRKe.exe
  C:\Windows\System\qaNyRKe.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\zBHiMls.exe
  C:\Windows\System\zBHiMls.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\wmQHWxx.exe
  C:\Windows\System\wmQHWxx.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\RdEmFVj.exe
  C:\Windows\System\RdEmFVj.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\pBZhBFz.exe
  C:\Windows\System\pBZhBFz.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\cfDRJrl.exe
  C:\Windows\System\cfDRJrl.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\MTuhgWQ.exe
  C:\Windows\System\MTuhgWQ.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\dhcjTux.exe
  C:\Windows\System\dhcjTux.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\fEeugEm.exe
  C:\Windows\System\fEeugEm.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\ElHjQHJ.exe
  C:\Windows\System\ElHjQHJ.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\atdmVGM.exe
  C:\Windows\System\atdmVGM.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\uMigfFF.exe
  C:\Windows\System\uMigfFF.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\AAJYrzA.exe
  C:\Windows\System\AAJYrzA.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\XFQCoeu.exe
  C:\Windows\System\XFQCoeu.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\NdXUTXz.exe
  C:\Windows\System\NdXUTXz.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\vtqSRNw.exe
  C:\Windows\System\vtqSRNw.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\qgaGcAn.exe
  C:\Windows\System\qgaGcAn.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\GQylnlX.exe
  C:\Windows\System\GQylnlX.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\jrMkqyN.exe
  C:\Windows\System\jrMkqyN.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\rOHOZly.exe
  C:\Windows\System\rOHOZly.exe
  2⤵
  PID:1632
- C:\Windows\System\ukHwVtb.exe
  C:\Windows\System\ukHwVtb.exe
  2⤵
  PID:2320
- C:\Windows\System\tBPGDiR.exe
  C:\Windows\System\tBPGDiR.exe
  2⤵
  PID:2912
- C:\Windows\System\zvBMiHP.exe
  C:\Windows\System\zvBMiHP.exe
  2⤵
  PID:2260
- C:\Windows\System\gucSpSy.exe
  C:\Windows\System\gucSpSy.exe
  2⤵
  PID:2828
- C:\Windows\System\zUYDTgl.exe
  C:\Windows\System\zUYDTgl.exe
  2⤵
  PID:3068
- C:\Windows\System\JSItnAo.exe
  C:\Windows\System\JSItnAo.exe
  2⤵
  PID:2204
- C:\Windows\System\oglBmbk.exe
  C:\Windows\System\oglBmbk.exe
  2⤵
  PID:2900
- C:\Windows\System\BuNSNHQ.exe
  C:\Windows\System\BuNSNHQ.exe
  2⤵
  PID:2788
- C:\Windows\System\XBHRxAN.exe
  C:\Windows\System\XBHRxAN.exe
  2⤵
  PID:2612
- C:\Windows\System\zaSWhxO.exe
  C:\Windows\System\zaSWhxO.exe
  2⤵
  PID:2660
- C:\Windows\System\YNOKQkY.exe
  C:\Windows\System\YNOKQkY.exe
  2⤵
  PID:2652
- C:\Windows\System\BHQiyCT.exe
  C:\Windows\System\BHQiyCT.exe
  2⤵
  PID:2212
- C:\Windows\System\rdPEEKT.exe
  C:\Windows\System\rdPEEKT.exe
  2⤵
  PID:2944
- C:\Windows\System\KXkmVCW.exe
  C:\Windows\System\KXkmVCW.exe
  2⤵
  PID:2364
- C:\Windows\System\PdIiYWE.exe
  C:\Windows\System\PdIiYWE.exe
  2⤵
  PID:352
- C:\Windows\System\wylNFFp.exe
  C:\Windows\System\wylNFFp.exe
  2⤵
  PID:2368
- C:\Windows\System\zmxuIMK.exe
  C:\Windows\System\zmxuIMK.exe
  2⤵
  PID:2648
- C:\Windows\System\sAeGGIH.exe
  C:\Windows\System\sAeGGIH.exe
  2⤵
  PID:2116
- C:\Windows\System\cKGbSPy.exe
  C:\Windows\System\cKGbSPy.exe
  2⤵
  PID:1108
- C:\Windows\System\QTkSRNG.exe
  C:\Windows\System\QTkSRNG.exe
  2⤵
  PID:1860
- C:\Windows\System\cFiGpFj.exe
  C:\Windows\System\cFiGpFj.exe
  2⤵
  PID:1740
- C:\Windows\System\fmJWPlT.exe
  C:\Windows\System\fmJWPlT.exe
  2⤵
  PID:2228
- C:\Windows\System\CuwKEqu.exe
  C:\Windows\System\CuwKEqu.exe
  2⤵
  PID:2440
- C:\Windows\System\WFkeJpn.exe
  C:\Windows\System\WFkeJpn.exe
  2⤵
  PID:1716
- C:\Windows\System\cFdsYOB.exe
  C:\Windows\System\cFdsYOB.exe
  2⤵
  PID:2676
- C:\Windows\System\gELDdDo.exe
  C:\Windows\System\gELDdDo.exe
  2⤵
  PID:2948
- C:\Windows\System\EIROSMg.exe
  C:\Windows\System\EIROSMg.exe
  2⤵
  PID:660
- C:\Windows\System\uYFLCNK.exe
  C:\Windows\System\uYFLCNK.exe
  2⤵
  PID:2844
- C:\Windows\System\pdaxZka.exe
  C:\Windows\System\pdaxZka.exe
  2⤵
  PID:2988
- C:\Windows\System\zebAtMu.exe
  C:\Windows\System\zebAtMu.exe
  2⤵
  PID:2252
- C:\Windows\System\qCyUokc.exe
  C:\Windows\System\qCyUokc.exe
  2⤵
  PID:824
- C:\Windows\System\tjWIvgP.exe
  C:\Windows\System\tjWIvgP.exe
  2⤵
  PID:1684
- C:\Windows\System\KgKZIVn.exe
  C:\Windows\System\KgKZIVn.exe
  2⤵
  PID:2484
- C:\Windows\System\OcIGlrq.exe
  C:\Windows\System\OcIGlrq.exe
  2⤵
  PID:2452
- C:\Windows\System\xOWMNGW.exe
  C:\Windows\System\xOWMNGW.exe
  2⤵
  PID:1616
- C:\Windows\System\QpWPuAv.exe
  C:\Windows\System\QpWPuAv.exe
  2⤵
  PID:956
- C:\Windows\System\yqSjxMt.exe
  C:\Windows\System\yqSjxMt.exe
  2⤵
  PID:2276
- C:\Windows\System\VwnUWeo.exe
  C:\Windows\System\VwnUWeo.exe
  2⤵
  PID:1096
- C:\Windows\System\wXsToap.exe
  C:\Windows\System\wXsToap.exe
  2⤵
  PID:344
- C:\Windows\System\GUkEYDg.exe
  C:\Windows\System\GUkEYDg.exe
  2⤵
  PID:1220
- C:\Windows\System\EushqFc.exe
  C:\Windows\System\EushqFc.exe
  2⤵
  PID:1924
- C:\Windows\System\CzMyMxd.exe
  C:\Windows\System\CzMyMxd.exe
  2⤵
  PID:2500
- C:\Windows\System\ybitNNk.exe
  C:\Windows\System\ybitNNk.exe
  2⤵
  PID:2544
- C:\Windows\System\ytKrUzw.exe
  C:\Windows\System\ytKrUzw.exe
  2⤵
  PID:2740
- C:\Windows\System\ZCxhngm.exe
  C:\Windows\System\ZCxhngm.exe
  2⤵
  PID:1852
- C:\Windows\System\Icdybiq.exe
  C:\Windows\System\Icdybiq.exe
  2⤵
  PID:2628
- C:\Windows\System\WuKZtpY.exe
  C:\Windows\System\WuKZtpY.exe
  2⤵
  PID:2492
- C:\Windows\System\qVCQlcl.exe
  C:\Windows\System\qVCQlcl.exe
  2⤵
  PID:744
- C:\Windows\System\VHjndqi.exe
  C:\Windows\System\VHjndqi.exe
  2⤵
  PID:3040
- C:\Windows\System\dLUMagG.exe
  C:\Windows\System\dLUMagG.exe
  2⤵
  PID:2056
- C:\Windows\System\bDrZJAd.exe
  C:\Windows\System\bDrZJAd.exe
  2⤵
  PID:1788
- C:\Windows\System\KIYBALg.exe
  C:\Windows\System\KIYBALg.exe
  2⤵
  PID:1292
- C:\Windows\System\yJKTKRb.exe
  C:\Windows\System\yJKTKRb.exe
  2⤵
  PID:2460
- C:\Windows\System\PYvPtdD.exe
  C:\Windows\System\PYvPtdD.exe
  2⤵
  PID:2508
- C:\Windows\System\IxScgHA.exe
  C:\Windows\System\IxScgHA.exe
  2⤵
  PID:2144
- C:\Windows\System\GqQxNJd.exe
  C:\Windows\System\GqQxNJd.exe
  2⤵
  PID:2088
- C:\Windows\System\SmFqkDf.exe
  C:\Windows\System\SmFqkDf.exe
  2⤵
  PID:2256
- C:\Windows\System\QxAAoOb.exe
  C:\Windows\System\QxAAoOb.exe
  2⤵
  PID:836
- C:\Windows\System\YUayoWr.exe
  C:\Windows\System\YUayoWr.exe
  2⤵
  PID:1608
- C:\Windows\System\NeGdxlg.exe
  C:\Windows\System\NeGdxlg.exe
  2⤵
  PID:2456
- C:\Windows\System\zKudHNB.exe
  C:\Windows\System\zKudHNB.exe
  2⤵
  PID:1216
- C:\Windows\System\cpvwdwi.exe
  C:\Windows\System\cpvwdwi.exe
  2⤵
  PID:2960
- C:\Windows\System\DFOEqDU.exe
  C:\Windows\System\DFOEqDU.exe
  2⤵
  PID:3076
- C:\Windows\System\XBWYCQI.exe
  C:\Windows\System\XBWYCQI.exe
  2⤵
  PID:3092
- C:\Windows\System\AmRskml.exe
  C:\Windows\System\AmRskml.exe
  2⤵
  PID:3108
- C:\Windows\System\VPtNrie.exe
  C:\Windows\System\VPtNrie.exe
  2⤵
  PID:3132
- C:\Windows\System\ONAaWvi.exe
  C:\Windows\System\ONAaWvi.exe
  2⤵
  PID:3152
- C:\Windows\System\JEDBUGi.exe
  C:\Windows\System\JEDBUGi.exe
  2⤵
  PID:3172
- C:\Windows\System\lNuJmZC.exe
  C:\Windows\System\lNuJmZC.exe
  2⤵
  PID:3188
- C:\Windows\System\sNnoprz.exe
  C:\Windows\System\sNnoprz.exe
  2⤵
  PID:3212
- C:\Windows\System\nENNJdv.exe
  C:\Windows\System\nENNJdv.exe
  2⤵
  PID:3228
- C:\Windows\System\BFJVCdB.exe
  C:\Windows\System\BFJVCdB.exe
  2⤵
  PID:3244
- C:\Windows\System\jhTdkKD.exe
  C:\Windows\System\jhTdkKD.exe
  2⤵
  PID:3272
- C:\Windows\System\isureTy.exe
  C:\Windows\System\isureTy.exe
  2⤵
  PID:3292
- C:\Windows\System\zIHekbg.exe
  C:\Windows\System\zIHekbg.exe
  2⤵
  PID:3312
- C:\Windows\System\dPgOGHw.exe
  C:\Windows\System\dPgOGHw.exe
  2⤵
  PID:3340
- C:\Windows\System\oYRdSsq.exe
  C:\Windows\System\oYRdSsq.exe
  2⤵
  PID:3360
- C:\Windows\System\HgSKVxo.exe
  C:\Windows\System\HgSKVxo.exe
  2⤵
  PID:3380
- C:\Windows\System\LKlObfw.exe
  C:\Windows\System\LKlObfw.exe
  2⤵
  PID:3400
- C:\Windows\System\BfrLVeY.exe
  C:\Windows\System\BfrLVeY.exe
  2⤵
  PID:3420
- C:\Windows\System\HzotKkk.exe
  C:\Windows\System\HzotKkk.exe
  2⤵
  PID:3440
- C:\Windows\System\aukTFou.exe
  C:\Windows\System\aukTFou.exe
  2⤵
  PID:3460
- C:\Windows\System\zkrSIsv.exe
  C:\Windows\System\zkrSIsv.exe
  2⤵
  PID:3480
- C:\Windows\System\crPgJjl.exe
  C:\Windows\System\crPgJjl.exe
  2⤵
  PID:3500
- C:\Windows\System\yXvzPsK.exe
  C:\Windows\System\yXvzPsK.exe
  2⤵
  PID:3520
- C:\Windows\System\cMocqQY.exe
  C:\Windows\System\cMocqQY.exe
  2⤵
  PID:3540
- C:\Windows\System\UAeCduR.exe
  C:\Windows\System\UAeCduR.exe
  2⤵
  PID:3556
- C:\Windows\System\YvscWtq.exe
  C:\Windows\System\YvscWtq.exe
  2⤵
  PID:3576
- C:\Windows\System\VwwxNsT.exe
  C:\Windows\System\VwwxNsT.exe
  2⤵
  PID:3596
- C:\Windows\System\vUuNFcB.exe
  C:\Windows\System\vUuNFcB.exe
  2⤵
  PID:3612
- C:\Windows\System\xaVtiXP.exe
  C:\Windows\System\xaVtiXP.exe
  2⤵
  PID:3640
- C:\Windows\System\EqeqYhb.exe
  C:\Windows\System\EqeqYhb.exe
  2⤵
  PID:3656
- C:\Windows\System\jHjKqdz.exe
  C:\Windows\System\jHjKqdz.exe
  2⤵
  PID:3680
- C:\Windows\System\tNQrcdf.exe
  C:\Windows\System\tNQrcdf.exe
  2⤵
  PID:3696
- C:\Windows\System\FUKWPTz.exe
  C:\Windows\System\FUKWPTz.exe
  2⤵
  PID:3712
- C:\Windows\System\AMcqoqW.exe
  C:\Windows\System\AMcqoqW.exe
  2⤵
  PID:3728
- C:\Windows\System\cgBRmqr.exe
  C:\Windows\System\cgBRmqr.exe
  2⤵
  PID:3744
- C:\Windows\System\fkreGKp.exe
  C:\Windows\System\fkreGKp.exe
  2⤵
  PID:3768
- C:\Windows\System\oxleudC.exe
  C:\Windows\System\oxleudC.exe
  2⤵
  PID:3784
- C:\Windows\System\ccbNphH.exe
  C:\Windows\System\ccbNphH.exe
  2⤵
  PID:3800
- C:\Windows\System\rcABxDz.exe
  C:\Windows\System\rcABxDz.exe
  2⤵
  PID:3820
- C:\Windows\System\BSEcSFp.exe
  C:\Windows\System\BSEcSFp.exe
  2⤵
  PID:3840
- C:\Windows\System\vRZoEvy.exe
  C:\Windows\System\vRZoEvy.exe
  2⤵
  PID:3856
- C:\Windows\System\IfaJTpb.exe
  C:\Windows\System\IfaJTpb.exe
  2⤵
  PID:3872
- C:\Windows\System\fKAMwxq.exe
  C:\Windows\System\fKAMwxq.exe
  2⤵
  PID:3892
- C:\Windows\System\vJwaFkl.exe
  C:\Windows\System\vJwaFkl.exe
  2⤵
  PID:3908
- C:\Windows\System\PSRTDxU.exe
  C:\Windows\System\PSRTDxU.exe
  2⤵
  PID:3924
- C:\Windows\System\KziHacg.exe
  C:\Windows\System\KziHacg.exe
  2⤵
  PID:3940
- C:\Windows\System\vIAEDyT.exe
  C:\Windows\System\vIAEDyT.exe
  2⤵
  PID:3956
- C:\Windows\System\QLTWfgq.exe
  C:\Windows\System\QLTWfgq.exe
  2⤵
  PID:3972
- C:\Windows\System\AUlgbYd.exe
  C:\Windows\System\AUlgbYd.exe
  2⤵
  PID:3996
- C:\Windows\System\KPPlVQy.exe
  C:\Windows\System\KPPlVQy.exe
  2⤵
  PID:4012
- C:\Windows\System\ShLvtef.exe
  C:\Windows\System\ShLvtef.exe
  2⤵
  PID:4032
- C:\Windows\System\LUjVXYS.exe
  C:\Windows\System\LUjVXYS.exe
  2⤵
  PID:2420
- C:\Windows\System\RLHcjDM.exe
  C:\Windows\System\RLHcjDM.exe
  2⤵
  PID:3164
- C:\Windows\System\MLmmYWu.exe
  C:\Windows\System\MLmmYWu.exe
  2⤵
  PID:1544
- C:\Windows\System\IYnnlOn.exe
  C:\Windows\System\IYnnlOn.exe
  2⤵
  PID:3208
- C:\Windows\System\FtQnqMn.exe
  C:\Windows\System\FtQnqMn.exe
  2⤵
  PID:3240
- C:\Windows\System\bhBVaHt.exe
  C:\Windows\System\bhBVaHt.exe
  2⤵
  PID:3104
- C:\Windows\System\ZXKVomf.exe
  C:\Windows\System\ZXKVomf.exe
  2⤵
  PID:3184
- C:\Windows\System\VFLmhOq.exe
  C:\Windows\System\VFLmhOq.exe
  2⤵
  PID:3332
- C:\Windows\System\KuSAspn.exe
  C:\Windows\System\KuSAspn.exe
  2⤵
  PID:3264
- C:\Windows\System\jeYkzJV.exe
  C:\Windows\System\jeYkzJV.exe
  2⤵
  PID:3372
- C:\Windows\System\MKgtpMQ.exe
  C:\Windows\System\MKgtpMQ.exe
  2⤵
  PID:3412
- C:\Windows\System\LkiHrOR.exe
  C:\Windows\System\LkiHrOR.exe
  2⤵
  PID:3308
- C:\Windows\System\dtIrVIc.exe
  C:\Windows\System\dtIrVIc.exe
  2⤵
  PID:3488
- C:\Windows\System\koyetoL.exe
  C:\Windows\System\koyetoL.exe
  2⤵
  PID:3352
- C:\Windows\System\qzVyJkY.exe
  C:\Windows\System\qzVyJkY.exe
  2⤵
  PID:3604
- C:\Windows\System\yYlRTbH.exe
  C:\Windows\System\yYlRTbH.exe
  2⤵
  PID:3568
- C:\Windows\System\mGWqhMq.exe
  C:\Windows\System\mGWqhMq.exe
  2⤵
  PID:3648
- C:\Windows\System\ZqwIUwe.exe
  C:\Windows\System\ZqwIUwe.exe
  2⤵
  PID:3720
- C:\Windows\System\ETnKnFd.exe
  C:\Windows\System\ETnKnFd.exe
  2⤵
  PID:3428
- C:\Windows\System\mwvKmqt.exe
  C:\Windows\System\mwvKmqt.exe
  2⤵
  PID:3472
- C:\Windows\System\ZfGttbz.exe
  C:\Windows\System\ZfGttbz.exe
  2⤵
  PID:3760
- C:\Windows\System\Qkkbnll.exe
  C:\Windows\System\Qkkbnll.exe
  2⤵
  PID:3828
- C:\Windows\System\EyJTPrb.exe
  C:\Windows\System\EyJTPrb.exe
  2⤵
  PID:3848
- C:\Windows\System\NlGLOil.exe
  C:\Windows\System\NlGLOil.exe
  2⤵
  PID:3508
- C:\Windows\System\iqFCDrR.exe
  C:\Windows\System\iqFCDrR.exe
  2⤵
  PID:3624
- C:\Windows\System\przFoYf.exe
  C:\Windows\System\przFoYf.exe
  2⤵
  PID:3936
- C:\Windows\System\ZoZrSuK.exe
  C:\Windows\System\ZoZrSuK.exe
  2⤵
  PID:3636
- C:\Windows\System\MGDRwGK.exe
  C:\Windows\System\MGDRwGK.exe
  2⤵
  PID:3676
- C:\Windows\System\aMUuCVR.exe
  C:\Windows\System\aMUuCVR.exe
  2⤵
  PID:4040
- C:\Windows\System\VoXctrl.exe
  C:\Windows\System\VoXctrl.exe
  2⤵
  PID:3552
- C:\Windows\System\JCsoeFe.exe
  C:\Windows\System\JCsoeFe.exe
  2⤵
  PID:3736
- C:\Windows\System\FPhCSfm.exe
  C:\Windows\System\FPhCSfm.exe
  2⤵
  PID:3740
- C:\Windows\System\ANEhQkI.exe
  C:\Windows\System\ANEhQkI.exe
  2⤵
  PID:3816
- C:\Windows\System\slEBDRs.exe
  C:\Windows\System\slEBDRs.exe
  2⤵
  PID:3992
- C:\Windows\System\pKQDMgP.exe
  C:\Windows\System\pKQDMgP.exe
  2⤵
  PID:1428
- C:\Windows\System\nQfXmUr.exe
  C:\Windows\System\nQfXmUr.exe
  2⤵
  PID:3168
- C:\Windows\System\rIDlxDn.exe
  C:\Windows\System\rIDlxDn.exe
  2⤵
  PID:3236
- C:\Windows\System\greXAJY.exe
  C:\Windows\System\greXAJY.exe
  2⤵
  PID:3284
- C:\Windows\System\VjNTwms.exe
  C:\Windows\System\VjNTwms.exe
  2⤵
  PID:3408
- C:\Windows\System\nHBzpIO.exe
  C:\Windows\System\nHBzpIO.exe
  2⤵
  PID:3492
- C:\Windows\System\QSMUBQS.exe
  C:\Windows\System\QSMUBQS.exe
  2⤵
  PID:3376
- C:\Windows\System\lzOxTKY.exe
  C:\Windows\System\lzOxTKY.exe
  2⤵
  PID:1904
- C:\Windows\System\kepoRnl.exe
  C:\Windows\System\kepoRnl.exe
  2⤵
  PID:3392
- C:\Windows\System\FUtiFHq.exe
  C:\Windows\System\FUtiFHq.exe
  2⤵
  PID:3864
- C:\Windows\System\FGRaUTl.exe
  C:\Windows\System\FGRaUTl.exe
  2⤵
  PID:3564
- C:\Windows\System\YfGjGVW.exe
  C:\Windows\System\YfGjGVW.exe
  2⤵
  PID:3468
- C:\Windows\System\fPbUzMn.exe
  C:\Windows\System\fPbUzMn.exe
  2⤵
  PID:3968
- C:\Windows\System\ftaQGGD.exe
  C:\Windows\System\ftaQGGD.exe
  2⤵
  PID:3704
- C:\Windows\System\sdFYiUH.exe
  C:\Windows\System\sdFYiUH.exe
  2⤵
  PID:4104
- C:\Windows\System\GMhkYUT.exe
  C:\Windows\System\GMhkYUT.exe
  2⤵
  PID:4120
- C:\Windows\System\hyXJTaG.exe
  C:\Windows\System\hyXJTaG.exe
  2⤵
  PID:4136
- C:\Windows\System\YRZZRPT.exe
  C:\Windows\System\YRZZRPT.exe
  2⤵
  PID:4152
- C:\Windows\System\gANLhaN.exe
  C:\Windows\System\gANLhaN.exe
  2⤵
  PID:4168
- C:\Windows\System\MfJPUri.exe
  C:\Windows\System\MfJPUri.exe
  2⤵
  PID:4184
- C:\Windows\System\QvwdLnl.exe
  C:\Windows\System\QvwdLnl.exe
  2⤵
  PID:4200
- C:\Windows\System\rflRdWU.exe
  C:\Windows\System\rflRdWU.exe
  2⤵
  PID:4216
- C:\Windows\System\mnKrBio.exe
  C:\Windows\System\mnKrBio.exe
  2⤵
  PID:4232
- C:\Windows\System\DjnpCqZ.exe
  C:\Windows\System\DjnpCqZ.exe
  2⤵
  PID:4248
- C:\Windows\System\HPdGDSE.exe
  C:\Windows\System\HPdGDSE.exe
  2⤵
  PID:4264
- C:\Windows\System\puAucUf.exe
  C:\Windows\System\puAucUf.exe
  2⤵
  PID:4280
- C:\Windows\System\bvpCBSw.exe
  C:\Windows\System\bvpCBSw.exe
  2⤵
  PID:4296
- C:\Windows\System\wmDYZxV.exe
  C:\Windows\System\wmDYZxV.exe
  2⤵
  PID:4312
- C:\Windows\System\NUNKXRU.exe
  C:\Windows\System\NUNKXRU.exe
  2⤵
  PID:4328
- C:\Windows\System\ooaxXsv.exe
  C:\Windows\System\ooaxXsv.exe
  2⤵
  PID:4344
- C:\Windows\System\ahMMHTD.exe
  C:\Windows\System\ahMMHTD.exe
  2⤵
  PID:4360
- C:\Windows\System\aNImHad.exe
  C:\Windows\System\aNImHad.exe
  2⤵
  PID:4376
- C:\Windows\System\IwfUPYJ.exe
  C:\Windows\System\IwfUPYJ.exe
  2⤵
  PID:4392
- C:\Windows\System\JvrXREV.exe
  C:\Windows\System\JvrXREV.exe
  2⤵
  PID:4408
- C:\Windows\System\KBlLQcJ.exe
  C:\Windows\System\KBlLQcJ.exe
  2⤵
  PID:4424
- C:\Windows\System\nuCDDJy.exe
  C:\Windows\System\nuCDDJy.exe
  2⤵
  PID:4440
- C:\Windows\System\bWkRZLT.exe
  C:\Windows\System\bWkRZLT.exe
  2⤵
  PID:4456
- C:\Windows\System\exDrFzp.exe
  C:\Windows\System\exDrFzp.exe
  2⤵
  PID:4472
- C:\Windows\System\JjKWnqQ.exe
  C:\Windows\System\JjKWnqQ.exe
  2⤵
  PID:4488
- C:\Windows\System\RWjdqBN.exe
  C:\Windows\System\RWjdqBN.exe
  2⤵
  PID:4504
- C:\Windows\System\QkkTYdk.exe
  C:\Windows\System\QkkTYdk.exe
  2⤵
  PID:4520
- C:\Windows\System\ycmiELj.exe
  C:\Windows\System\ycmiELj.exe
  2⤵
  PID:4536
- C:\Windows\System\VHBGycf.exe
  C:\Windows\System\VHBGycf.exe
  2⤵
  PID:4552
- C:\Windows\System\OrIZXau.exe
  C:\Windows\System\OrIZXau.exe
  2⤵
  PID:4568
- C:\Windows\System\cIogQJi.exe
  C:\Windows\System\cIogQJi.exe
  2⤵
  PID:4584
- C:\Windows\System\xvfcKaW.exe
  C:\Windows\System\xvfcKaW.exe
  2⤵
  PID:4600
- C:\Windows\System\hdFEjJX.exe
  C:\Windows\System\hdFEjJX.exe
  2⤵
  PID:4616
- C:\Windows\System\DecWGuR.exe
  C:\Windows\System\DecWGuR.exe
  2⤵
  PID:4632
- C:\Windows\System\UCKEsnZ.exe
  C:\Windows\System\UCKEsnZ.exe
  2⤵
  PID:4648
- C:\Windows\System\pORzzxu.exe
  C:\Windows\System\pORzzxu.exe
  2⤵
  PID:4664
- C:\Windows\System\KcNOCke.exe
  C:\Windows\System\KcNOCke.exe
  2⤵
  PID:4680
- C:\Windows\System\dZgfgQA.exe
  C:\Windows\System\dZgfgQA.exe
  2⤵
  PID:4696
- C:\Windows\System\GKWJWho.exe
  C:\Windows\System\GKWJWho.exe
  2⤵
  PID:4712
- C:\Windows\System\kCaTSVD.exe
  C:\Windows\System\kCaTSVD.exe
  2⤵
  PID:4728
- C:\Windows\System\cMuujKt.exe
  C:\Windows\System\cMuujKt.exe
  2⤵
  PID:4744
- C:\Windows\System\LwwFBBr.exe
  C:\Windows\System\LwwFBBr.exe
  2⤵
  PID:4760
- C:\Windows\System\XuBnhAc.exe
  C:\Windows\System\XuBnhAc.exe
  2⤵
  PID:4776
- C:\Windows\System\bvAxcRV.exe
  C:\Windows\System\bvAxcRV.exe
  2⤵
  PID:4792
- C:\Windows\System\JaqpAmt.exe
  C:\Windows\System\JaqpAmt.exe
  2⤵
  PID:4808
- C:\Windows\System\jOkcOpd.exe
  C:\Windows\System\jOkcOpd.exe
  2⤵
  PID:4824
- C:\Windows\System\DlqoVMK.exe
  C:\Windows\System\DlqoVMK.exe
  2⤵
  PID:4840
- C:\Windows\System\XwFQepc.exe
  C:\Windows\System\XwFQepc.exe
  2⤵
  PID:4856
- C:\Windows\System\AomkVab.exe
  C:\Windows\System\AomkVab.exe
  2⤵
  PID:4872
- C:\Windows\System\hoZkDzi.exe
  C:\Windows\System\hoZkDzi.exe
  2⤵
  PID:4888
- C:\Windows\System\zDrgnbS.exe
  C:\Windows\System\zDrgnbS.exe
  2⤵
  PID:4904
- C:\Windows\System\AMYuXUG.exe
  C:\Windows\System\AMYuXUG.exe
  2⤵
  PID:4920
- C:\Windows\System\RjOLyXo.exe
  C:\Windows\System\RjOLyXo.exe
  2⤵
  PID:4936
- C:\Windows\System\FaYWLzX.exe
  C:\Windows\System\FaYWLzX.exe
  2⤵
  PID:4956
- C:\Windows\System\ZCJALUX.exe
  C:\Windows\System\ZCJALUX.exe
  2⤵
  PID:4972
- C:\Windows\System\iLIvlnl.exe
  C:\Windows\System\iLIvlnl.exe
  2⤵
  PID:4988
- C:\Windows\System\lvPAsnf.exe
  C:\Windows\System\lvPAsnf.exe
  2⤵
  PID:5004
- C:\Windows\System\tePscus.exe
  C:\Windows\System\tePscus.exe
  2⤵
  PID:5020
- C:\Windows\System\lhWaOIX.exe
  C:\Windows\System\lhWaOIX.exe
  2⤵
  PID:5036
- C:\Windows\System\GPzuRto.exe
  C:\Windows\System\GPzuRto.exe
  2⤵
  PID:5052
- C:\Windows\System\RObsFia.exe
  C:\Windows\System\RObsFia.exe
  2⤵
  PID:5068
- C:\Windows\System\ZGLscFF.exe
  C:\Windows\System\ZGLscFF.exe
  2⤵
  PID:5084
- C:\Windows\System\AFSizjm.exe
  C:\Windows\System\AFSizjm.exe
  2⤵
  PID:5100
- C:\Windows\System\zKxEasH.exe
  C:\Windows\System\zKxEasH.exe
  2⤵
  PID:5116
- C:\Windows\System\fTpXRFq.exe
  C:\Windows\System\fTpXRFq.exe
  2⤵
  PID:3880
- C:\Windows\System\bllVngD.exe
  C:\Windows\System\bllVngD.exe
  2⤵
  PID:3672
- C:\Windows\System\raBmRNC.exe
  C:\Windows\System\raBmRNC.exe
  2⤵
  PID:3888
- C:\Windows\System\zYLOvXW.exe
  C:\Windows\System\zYLOvXW.exe
  2⤵
  PID:3980
- C:\Windows\System\mLqOUrq.exe
  C:\Windows\System\mLqOUrq.exe
  2⤵
  PID:3336
- C:\Windows\System\OiOvGJX.exe
  C:\Windows\System\OiOvGJX.exe
  2⤵
  PID:280
- C:\Windows\System\MDyBQCN.exe
  C:\Windows\System\MDyBQCN.exe
  2⤵
  PID:3144
- C:\Windows\System\QgdYJfe.exe
  C:\Windows\System\QgdYJfe.exe
  2⤵
  PID:3516
- C:\Windows\System\CKRqlSE.exe
  C:\Windows\System\CKRqlSE.exe
  2⤵
  PID:3620
- C:\Windows\System\OMmyKHp.exe
  C:\Windows\System\OMmyKHp.exe
  2⤵
  PID:3752
- C:\Windows\System\FWWabgk.exe
  C:\Windows\System\FWWabgk.exe
  2⤵
  PID:4008
- C:\Windows\System\lFYMWHJ.exe
  C:\Windows\System\lFYMWHJ.exe
  2⤵
  PID:4144
- C:\Windows\System\JLoxvto.exe
  C:\Windows\System\JLoxvto.exe
  2⤵
  PID:4192
- C:\Windows\System\xcjXBEx.exe
  C:\Windows\System\xcjXBEx.exe
  2⤵
  PID:4256
- C:\Windows\System\fQjunqZ.exe
  C:\Windows\System\fQjunqZ.exe
  2⤵
  PID:4320
- C:\Windows\System\DwbQYVv.exe
  C:\Windows\System\DwbQYVv.exe
  2⤵
  PID:4384
- C:\Windows\System\qzjtqkQ.exe
  C:\Windows\System\qzjtqkQ.exe
  2⤵
  PID:4180
- C:\Windows\System\mOFtHvN.exe
  C:\Windows\System\mOFtHvN.exe
  2⤵
  PID:4212
- C:\Windows\System\JcpTFgb.exe
  C:\Windows\System\JcpTFgb.exe
  2⤵
  PID:4304
- C:\Windows\System\lowiRjt.exe
  C:\Windows\System\lowiRjt.exe
  2⤵
  PID:4480
- C:\Windows\System\eXeakMx.exe
  C:\Windows\System\eXeakMx.exe
  2⤵
  PID:4544
- C:\Windows\System\QTmXbKX.exe
  C:\Windows\System\QTmXbKX.exe
  2⤵
  PID:4340
- C:\Windows\System\JMqdqlG.exe
  C:\Windows\System\JMqdqlG.exe
  2⤵
  PID:4404
- C:\Windows\System\oiBiYfE.exe
  C:\Windows\System\oiBiYfE.exe
  2⤵
  PID:4612
- C:\Windows\System\lFdqqeR.exe
  C:\Windows\System\lFdqqeR.exe
  2⤵
  PID:4496
- C:\Windows\System\JNCyONj.exe
  C:\Windows\System\JNCyONj.exe
  2⤵
  PID:4676
- C:\Windows\System\eajmuuY.exe
  C:\Windows\System\eajmuuY.exe
  2⤵
  PID:4528
- C:\Windows\System\IitDzuY.exe
  C:\Windows\System\IitDzuY.exe
  2⤵
  PID:4740
- C:\Windows\System\gInAYth.exe
  C:\Windows\System\gInAYth.exe
  2⤵
  PID:4804
- C:\Windows\System\xqdtwIe.exe
  C:\Windows\System\xqdtwIe.exe
  2⤵
  PID:4868
- C:\Windows\System\VPbhMav.exe
  C:\Windows\System\VPbhMav.exe
  2⤵
  PID:4932
- C:\Windows\System\SvPxrYA.exe
  C:\Windows\System\SvPxrYA.exe
  2⤵
  PID:5000
- C:\Windows\System\MRtowNY.exe
  C:\Windows\System\MRtowNY.exe
  2⤵
  PID:5064
- C:\Windows\System\wVsneou.exe
  C:\Windows\System\wVsneou.exe
  2⤵
  PID:4024
- C:\Windows\System\wmnUZnp.exe
  C:\Windows\System\wmnUZnp.exe
  2⤵
  PID:4564
- C:\Windows\System\IfPLVDm.exe
  C:\Windows\System\IfPLVDm.exe
  2⤵
  PID:4628
- C:\Windows\System\qzwfrVC.exe
  C:\Windows\System\qzwfrVC.exe
  2⤵
  PID:3256
- C:\Windows\System\IjbUUls.exe
  C:\Windows\System\IjbUUls.exe
  2⤵
  PID:4816
- C:\Windows\System\nVGzpBP.exe
  C:\Windows\System\nVGzpBP.exe
  2⤵
  PID:4756
- C:\Windows\System\cEBYaHt.exe
  C:\Windows\System\cEBYaHt.exe
  2⤵
  PID:3288
- C:\Windows\System\ukJImXB.exe
  C:\Windows\System\ukJImXB.exe
  2⤵
  PID:4004
- C:\Windows\System\DXNEkeG.exe
  C:\Windows\System\DXNEkeG.exe
  2⤵
  PID:4292
- C:\Windows\System\iYjbuVu.exe
  C:\Windows\System\iYjbuVu.exe
  2⤵
  PID:4884
- C:\Windows\System\FGOZQQi.exe
  C:\Windows\System\FGOZQQi.exe
  2⤵
  PID:4948
- C:\Windows\System\DuBpfXq.exe
  C:\Windows\System\DuBpfXq.exe
  2⤵
  PID:5016
- C:\Windows\System\zxnxWCR.exe
  C:\Windows\System\zxnxWCR.exe
  2⤵
  PID:4244
- C:\Windows\System\FNgRxTf.exe
  C:\Windows\System\FNgRxTf.exe
  2⤵
  PID:4368
- C:\Windows\System\jOXllZr.exe
  C:\Windows\System\jOXllZr.exe
  2⤵
  PID:5048
- C:\Windows\System\xInOiGy.exe
  C:\Windows\System\xInOiGy.exe
  2⤵
  PID:5112
- C:\Windows\System\xKeWoJO.exe
  C:\Windows\System\xKeWoJO.exe
  2⤵
  PID:3180
- C:\Windows\System\igoacld.exe
  C:\Windows\System\igoacld.exe
  2⤵
  PID:3220
- C:\Windows\System\oqUWsJG.exe
  C:\Windows\System\oqUWsJG.exe
  2⤵
  PID:4116
- C:\Windows\System\bBmXkDv.exe
  C:\Windows\System\bBmXkDv.exe
  2⤵
  PID:4708
- C:\Windows\System\zlQqlTG.exe
  C:\Windows\System\zlQqlTG.exe
  2⤵
  PID:4928
- C:\Windows\System\ovRSTqI.exe
  C:\Windows\System\ovRSTqI.exe
  2⤵
  PID:5128
- C:\Windows\System\uYxdYss.exe
  C:\Windows\System\uYxdYss.exe
  2⤵
  PID:5144
- C:\Windows\System\IaInRwo.exe
  C:\Windows\System\IaInRwo.exe
  2⤵
  PID:5160
- C:\Windows\System\rxwjzLZ.exe
  C:\Windows\System\rxwjzLZ.exe
  2⤵
  PID:5180
- C:\Windows\System\fuaiGfN.exe
  C:\Windows\System\fuaiGfN.exe
  2⤵
  PID:5196
- C:\Windows\System\hJBpiHz.exe
  C:\Windows\System\hJBpiHz.exe
  2⤵
  PID:5212
- C:\Windows\System\rsAGMVc.exe
  C:\Windows\System\rsAGMVc.exe
  2⤵
  PID:5228
- C:\Windows\System\DPawtrF.exe
  C:\Windows\System\DPawtrF.exe
  2⤵
  PID:5244
- C:\Windows\System\xRhPUvg.exe
  C:\Windows\System\xRhPUvg.exe
  2⤵
  PID:5260
- C:\Windows\System\IZOZdNo.exe
  C:\Windows\System\IZOZdNo.exe
  2⤵
  PID:5276
- C:\Windows\System\nRbXAsl.exe
  C:\Windows\System\nRbXAsl.exe
  2⤵
  PID:5292
- C:\Windows\System\kpFybVp.exe
  C:\Windows\System\kpFybVp.exe
  2⤵
  PID:5308
- C:\Windows\System\nuIopWC.exe
  C:\Windows\System\nuIopWC.exe
  2⤵
  PID:5324
- C:\Windows\System\euweuIO.exe
  C:\Windows\System\euweuIO.exe
  2⤵
  PID:5340
- C:\Windows\System\wiMNcoW.exe
  C:\Windows\System\wiMNcoW.exe
  2⤵
  PID:5356
- C:\Windows\System\SWCZkGl.exe
  C:\Windows\System\SWCZkGl.exe
  2⤵
  PID:5372
- C:\Windows\System\TxNMytP.exe
  C:\Windows\System\TxNMytP.exe
  2⤵
  PID:5388
- C:\Windows\System\ryLcNGA.exe
  C:\Windows\System\ryLcNGA.exe
  2⤵
  PID:5404
- C:\Windows\System\zNTjfpc.exe
  C:\Windows\System\zNTjfpc.exe
  2⤵
  PID:5420
- C:\Windows\System\EXZeLtj.exe
  C:\Windows\System\EXZeLtj.exe
  2⤵
  PID:5436
- C:\Windows\System\dPNEPQU.exe
  C:\Windows\System\dPNEPQU.exe
  2⤵
  PID:5452
- C:\Windows\System\RckdGLx.exe
  C:\Windows\System\RckdGLx.exe
  2⤵
  PID:5468
- C:\Windows\System\HtGkfwS.exe
  C:\Windows\System\HtGkfwS.exe
  2⤵
  PID:5484
- C:\Windows\System\PbUCFjN.exe
  C:\Windows\System\PbUCFjN.exe
  2⤵
  PID:5500
- C:\Windows\System\VqpbDAM.exe
  C:\Windows\System\VqpbDAM.exe
  2⤵
  PID:5516
- C:\Windows\System\QgONxdk.exe
  C:\Windows\System\QgONxdk.exe
  2⤵
  PID:5532
- C:\Windows\System\oxxLUYA.exe
  C:\Windows\System\oxxLUYA.exe
  2⤵
  PID:5548
- C:\Windows\System\dajnlnC.exe
  C:\Windows\System\dajnlnC.exe
  2⤵
  PID:5564
- C:\Windows\System\WiNwWgu.exe
  C:\Windows\System\WiNwWgu.exe
  2⤵
  PID:5580
- C:\Windows\System\MbdZkmn.exe
  C:\Windows\System\MbdZkmn.exe
  2⤵
  PID:5596
- C:\Windows\System\lEMIAkf.exe
  C:\Windows\System\lEMIAkf.exe
  2⤵
  PID:5612
- C:\Windows\System\vJTovBA.exe
  C:\Windows\System\vJTovBA.exe
  2⤵
  PID:5628
- C:\Windows\System\ZxZYxgS.exe
  C:\Windows\System\ZxZYxgS.exe
  2⤵
  PID:5644
- C:\Windows\System\GfpijKH.exe
  C:\Windows\System\GfpijKH.exe
  2⤵
  PID:5660
- C:\Windows\System\iglTjQG.exe
  C:\Windows\System\iglTjQG.exe
  2⤵
  PID:5676
- C:\Windows\System\lixjEyE.exe
  C:\Windows\System\lixjEyE.exe
  2⤵
  PID:5692
- C:\Windows\System\RRfjkss.exe
  C:\Windows\System\RRfjkss.exe
  2⤵
  PID:5708
- C:\Windows\System\STGdCxe.exe
  C:\Windows\System\STGdCxe.exe
  2⤵
  PID:5724
- C:\Windows\System\DEcKLPF.exe
  C:\Windows\System\DEcKLPF.exe
  2⤵
  PID:5740
- C:\Windows\System\aLjsZMN.exe
  C:\Windows\System\aLjsZMN.exe
  2⤵
  PID:5756
- C:\Windows\System\VBuaqox.exe
  C:\Windows\System\VBuaqox.exe
  2⤵
  PID:5772
- C:\Windows\System\oHeUjUz.exe
  C:\Windows\System\oHeUjUz.exe
  2⤵
  PID:5788
- C:\Windows\System\VKMtQER.exe
  C:\Windows\System\VKMtQER.exe
  2⤵
  PID:5804
- C:\Windows\System\UuZkvnJ.exe
  C:\Windows\System\UuZkvnJ.exe
  2⤵
  PID:5820
- C:\Windows\System\arieJCF.exe
  C:\Windows\System\arieJCF.exe
  2⤵
  PID:5836
- C:\Windows\System\DmIXVDT.exe
  C:\Windows\System\DmIXVDT.exe
  2⤵
  PID:5852
- C:\Windows\System\AxwgWrF.exe
  C:\Windows\System\AxwgWrF.exe
  2⤵
  PID:5868
- C:\Windows\System\MtMXvBv.exe
  C:\Windows\System\MtMXvBv.exe
  2⤵
  PID:5884
- C:\Windows\System\XmeQiUA.exe
  C:\Windows\System\XmeQiUA.exe
  2⤵
  PID:5900
- C:\Windows\System\FymXRjD.exe
  C:\Windows\System\FymXRjD.exe
  2⤵
  PID:5916
- C:\Windows\System\CjaDQHt.exe
  C:\Windows\System\CjaDQHt.exe
  2⤵
  PID:5932
- C:\Windows\System\bVueEYv.exe
  C:\Windows\System\bVueEYv.exe
  2⤵
  PID:5948
- C:\Windows\System\mXLSINY.exe
  C:\Windows\System\mXLSINY.exe
  2⤵
  PID:5964
- C:\Windows\System\mQsQucV.exe
  C:\Windows\System\mQsQucV.exe
  2⤵
  PID:5980
- C:\Windows\System\wKgjXNd.exe
  C:\Windows\System\wKgjXNd.exe
  2⤵
  PID:5996
- C:\Windows\System\zUggiCK.exe
  C:\Windows\System\zUggiCK.exe
  2⤵
  PID:6012
- C:\Windows\System\StXkxTv.exe
  C:\Windows\System\StXkxTv.exe
  2⤵
  PID:6028
- C:\Windows\System\IdjygMl.exe
  C:\Windows\System\IdjygMl.exe
  2⤵
  PID:6044
- C:\Windows\System\vxJoaBM.exe
  C:\Windows\System\vxJoaBM.exe
  2⤵
  PID:6060
- C:\Windows\System\cXrIuEA.exe
  C:\Windows\System\cXrIuEA.exe
  2⤵
  PID:6076
- C:\Windows\System\eCoedNw.exe
  C:\Windows\System\eCoedNw.exe
  2⤵
  PID:6092
- C:\Windows\System\fzlFvqS.exe
  C:\Windows\System\fzlFvqS.exe
  2⤵
  PID:6108
- C:\Windows\System\kSFEHER.exe
  C:\Windows\System\kSFEHER.exe
  2⤵
  PID:6124
- C:\Windows\System\KWSNpNJ.exe
  C:\Windows\System\KWSNpNJ.exe
  2⤵
  PID:6140
- C:\Windows\System\KLCPghY.exe
  C:\Windows\System\KLCPghY.exe
  2⤵
  PID:4592
- C:\Windows\System\AZhsdcA.exe
  C:\Windows\System\AZhsdcA.exe
  2⤵
  PID:4276
- C:\Windows\System\IpUiyEh.exe
  C:\Windows\System\IpUiyEh.exe
  2⤵
  PID:4736
- C:\Windows\System\FyNCPQw.exe
  C:\Windows\System\FyNCPQw.exe
  2⤵
  PID:4608
- C:\Windows\System\CjLQgVc.exe
  C:\Windows\System\CjLQgVc.exe
  2⤵
  PID:4452
- C:\Windows\System\Udrpkzl.exe
  C:\Windows\System\Udrpkzl.exe
  2⤵
  PID:5412
- C:\Windows\System\tRSkTZB.exe
  C:\Windows\System\tRSkTZB.exe
  2⤵
  PID:4656
- C:\Windows\System\WXEdFBQ.exe
  C:\Windows\System\WXEdFBQ.exe
  2⤵
  PID:5764
- C:\Windows\System\ZREcKPH.exe
  C:\Windows\System\ZREcKPH.exe
  2⤵
  PID:5828
- C:\Windows\System\CTGovlM.exe
  C:\Windows\System\CTGovlM.exe
  2⤵
  PID:5892
- C:\Windows\System\pcnSFac.exe
  C:\Windows\System\pcnSFac.exe
  2⤵
  PID:5208
- C:\Windows\System\AHCbFCB.exe
  C:\Windows\System\AHCbFCB.exe
  2⤵
  PID:5924
- C:\Windows\System\XfXpcii.exe
  C:\Windows\System\XfXpcii.exe
  2⤵
  PID:5988
- C:\Windows\System\zfqOiqp.exe
  C:\Windows\System\zfqOiqp.exe
  2⤵
  PID:6052
- C:\Windows\System\oTpIRqM.exe
  C:\Windows\System\oTpIRqM.exe
  2⤵
  PID:4820
- C:\Windows\System\qLkFERa.exe
  C:\Windows\System\qLkFERa.exe
  2⤵
  PID:6088
- C:\Windows\System\RCPnaqD.exe
  C:\Windows\System\RCPnaqD.exe
  2⤵
  PID:4596
- C:\Windows\System\bUzprsu.exe
  C:\Windows\System\bUzprsu.exe
  2⤵
  PID:4576
- C:\Windows\System\VNLdBSV.exe
  C:\Windows\System\VNLdBSV.exe
  2⤵
  PID:4944
- C:\Windows\System\JYgHaMf.exe
  C:\Windows\System\JYgHaMf.exe
  2⤵
  PID:5368
- C:\Windows\System\ZYevxLE.exe
  C:\Windows\System\ZYevxLE.exe
  2⤵
  PID:5432
- C:\Windows\System\kFAmycP.exe
  C:\Windows\System\kFAmycP.exe
  2⤵
  PID:5496
- C:\Windows\System\bdNXAov.exe
  C:\Windows\System\bdNXAov.exe
  2⤵
  PID:5560
- C:\Windows\System\HLUQcQW.exe
  C:\Windows\System\HLUQcQW.exe
  2⤵
  PID:4416
- C:\Windows\System\pHEOImF.exe
  C:\Windows\System\pHEOImF.exe
  2⤵
  PID:4468
- C:\Windows\System\hhjwFPg.exe
  C:\Windows\System\hhjwFPg.exe
  2⤵
  PID:4112
- C:\Windows\System\qMMPKmJ.exe
  C:\Windows\System\qMMPKmJ.exe
  2⤵
  PID:5800
- C:\Windows\System\cgEwbNx.exe
  C:\Windows\System\cgEwbNx.exe
  2⤵
  PID:5960
- C:\Windows\System\BogLWhB.exe
  C:\Windows\System\BogLWhB.exe
  2⤵
  PID:6120
- C:\Windows\System\jtqsHmT.exe
  C:\Windows\System\jtqsHmT.exe
  2⤵
  PID:5428
- C:\Windows\System\TIBuSGU.exe
  C:\Windows\System\TIBuSGU.exe
  2⤵
  PID:5304
- C:\Windows\System\zUzvpDS.exe
  C:\Windows\System\zUzvpDS.exe
  2⤵
  PID:3796
- C:\Windows\System\VFLjAXB.exe
  C:\Windows\System\VFLjAXB.exe
  2⤵
  PID:4984
- C:\Windows\System\KsswAAu.exe
  C:\Windows\System\KsswAAu.exe
  2⤵
  PID:5080
- C:\Windows\System\NjQRPpY.exe
  C:\Windows\System\NjQRPpY.exe
  2⤵
  PID:4228
- C:\Windows\System\FCQzmUe.exe
  C:\Windows\System\FCQzmUe.exe
  2⤵
  PID:5156
- C:\Windows\System\IMyqYGk.exe
  C:\Windows\System\IMyqYGk.exe
  2⤵
  PID:5220
- C:\Windows\System\uXaezID.exe
  C:\Windows\System\uXaezID.exe
  2⤵
  PID:5284
- C:\Windows\System\sWWfbdb.exe
  C:\Windows\System\sWWfbdb.exe
  2⤵
  PID:5348
- C:\Windows\System\DgEMISx.exe
  C:\Windows\System\DgEMISx.exe
  2⤵
  PID:5384
- C:\Windows\System\ABBDgLq.exe
  C:\Windows\System\ABBDgLq.exe
  2⤵
  PID:5540
- C:\Windows\System\TIaQDnl.exe
  C:\Windows\System\TIaQDnl.exe
  2⤵
  PID:5604
- C:\Windows\System\vTWoXxq.exe
  C:\Windows\System\vTWoXxq.exe
  2⤵
  PID:5668
- C:\Windows\System\DpFoBeS.exe
  C:\Windows\System\DpFoBeS.exe
  2⤵
  PID:5704
- C:\Windows\System\GMPpUvR.exe
  C:\Windows\System\GMPpUvR.exe
  2⤵
  PID:4660
- C:\Windows\System\YAuDhiL.exe
  C:\Windows\System\YAuDhiL.exe
  2⤵
  PID:4352
- C:\Windows\System\ntnwyCa.exe
  C:\Windows\System\ntnwyCa.exe
  2⤵
  PID:5364
- C:\Windows\System\VEDXpEO.exe
  C:\Windows\System\VEDXpEO.exe
  2⤵
  PID:5736
- C:\Windows\System\TmfNwlH.exe
  C:\Windows\System\TmfNwlH.exe
  2⤵
  PID:4672
- C:\Windows\System\LJBXPfl.exe
  C:\Windows\System\LJBXPfl.exe
  2⤵
  PID:6132
- C:\Windows\System\aglMhqy.exe
  C:\Windows\System\aglMhqy.exe
  2⤵
  PID:6068
- C:\Windows\System\yCboxri.exe
  C:\Windows\System\yCboxri.exe
  2⤵
  PID:6004
- C:\Windows\System\XWNaIbv.exe
  C:\Windows\System\XWNaIbv.exe
  2⤵
  PID:5652
- C:\Windows\System\yQnLtFz.exe
  C:\Windows\System\yQnLtFz.exe
  2⤵
  PID:5716
- C:\Windows\System\IUmKZbT.exe
  C:\Windows\System\IUmKZbT.exe
  2⤵
  PID:5780
- C:\Windows\System\hgzcQwy.exe
  C:\Windows\System\hgzcQwy.exe
  2⤵
  PID:5844
- C:\Windows\System\SjlgDwO.exe
  C:\Windows\System\SjlgDwO.exe
  2⤵
  PID:5908
- C:\Windows\System\GAtqJys.exe
  C:\Windows\System\GAtqJys.exe
  2⤵
  PID:5972
- C:\Windows\System\yqeZhbr.exe
  C:\Windows\System\yqeZhbr.exe
  2⤵
  PID:5136
- C:\Windows\System\ePhdNkN.exe
  C:\Windows\System\ePhdNkN.exe
  2⤵
  PID:5168
- C:\Windows\System\rYWzZwH.exe
  C:\Windows\System\rYWzZwH.exe
  2⤵
  PID:4952
- C:\Windows\System\hCOjzYX.exe
  C:\Windows\System\hCOjzYX.exe
  2⤵
  PID:4852
- C:\Windows\System\EdoAgys.exe
  C:\Windows\System\EdoAgys.exe
  2⤵
  PID:5956
- C:\Windows\System\enrgljh.exe
  C:\Windows\System\enrgljh.exe
  2⤵
  PID:3388
- C:\Windows\System\TqaAKxN.exe
  C:\Windows\System\TqaAKxN.exe
  2⤵
  PID:5316
- C:\Windows\System\aPeRqvL.exe
  C:\Windows\System\aPeRqvL.exe
  2⤵
  PID:5636
- C:\Windows\System\hAGoWGG.exe
  C:\Windows\System\hAGoWGG.exe
  2⤵
  PID:4516
- C:\Windows\System\pJOoxiy.exe
  C:\Windows\System\pJOoxiy.exe
  2⤵
  PID:4148
- C:\Windows\System\LEXQKyq.exe
  C:\Windows\System\LEXQKyq.exe
  2⤵
  PID:6100
- C:\Windows\System\LwRvTmB.exe
  C:\Windows\System\LwRvTmB.exe
  2⤵
  PID:4076
- C:\Windows\System\qkYZseA.exe
  C:\Windows\System\qkYZseA.exe
  2⤵
  PID:2664
- C:\Windows\System\CdnQkxU.exe
  C:\Windows\System\CdnQkxU.exe
  2⤵
  PID:5752
- C:\Windows\System\sasIlEF.exe
  C:\Windows\System\sasIlEF.exe
  2⤵
  PID:3044
- C:\Windows\System\tXrpIPB.exe
  C:\Windows\System\tXrpIPB.exe
  2⤵
  PID:3260
- C:\Windows\System\LDtWyyH.exe
  C:\Windows\System\LDtWyyH.exe
  2⤵
  PID:5188
- C:\Windows\System\jgiTvgH.exe
  C:\Windows\System\jgiTvgH.exe
  2⤵
  PID:5464
- C:\Windows\System\FBvTvFm.exe
  C:\Windows\System\FBvTvFm.exe
  2⤵
  PID:5572
- C:\Windows\System\QScWLkB.exe
  C:\Windows\System\QScWLkB.exe
  2⤵
  PID:4512
- C:\Windows\System\gruKIRM.exe
  C:\Windows\System\gruKIRM.exe
  2⤵
  PID:5240
- C:\Windows\System\jkAaUfT.exe
  C:\Windows\System\jkAaUfT.exe
  2⤵
  PID:1040
- C:\Windows\System\GleKeyV.exe
  C:\Windows\System\GleKeyV.exe
  2⤵
  PID:5300
- C:\Windows\System\LfZsJAp.exe
  C:\Windows\System\LfZsJAp.exe
  2⤵
  PID:4864
- C:\Windows\System\siiFSeR.exe
  C:\Windows\System\siiFSeR.exe
  2⤵
  PID:3056
- C:\Windows\System\OUTDlXx.exe
  C:\Windows\System\OUTDlXx.exe
  2⤵
  PID:6024
- C:\Windows\System\bGhsXgk.exe
  C:\Windows\System\bGhsXgk.exe
  2⤵
  PID:5688
- C:\Windows\System\SBQvPpj.exe
  C:\Windows\System\SBQvPpj.exe
  2⤵
  PID:4064
- C:\Windows\System\rZEVSBR.exe
  C:\Windows\System\rZEVSBR.exe
  2⤵
  PID:2448
- C:\Windows\System\bMarOjv.exe
  C:\Windows\System\bMarOjv.exe
  2⤵
  PID:2884
- C:\Windows\System\NyeabRI.exe
  C:\Windows\System\NyeabRI.exe
  2⤵
  PID:5880
- C:\Windows\System\wKSskwN.exe
  C:\Windows\System\wKSskwN.exe
  2⤵
  PID:2784
- C:\Windows\System\KLWAWMb.exe
  C:\Windows\System\KLWAWMb.exe
  2⤵
  PID:316
- C:\Windows\System\toBtnzH.exe
  C:\Windows\System\toBtnzH.exe
  2⤵
  PID:5864
- C:\Windows\System\ZuZTRCd.exe
  C:\Windows\System\ZuZTRCd.exe
  2⤵
  PID:1700
- C:\Windows\System\Eezibax.exe
  C:\Windows\System\Eezibax.exe
  2⤵
  PID:4080
- C:\Windows\System\FHvEVku.exe
  C:\Windows\System\FHvEVku.exe
  2⤵
  PID:5748
- C:\Windows\System\nbcsLUP.exe
  C:\Windows\System\nbcsLUP.exe
  2⤵
  PID:3084
- C:\Windows\System\USyJtjq.exe
  C:\Windows\System\USyJtjq.exe
  2⤵
  PID:6136
- C:\Windows\System\DzpgIwO.exe
  C:\Windows\System\DzpgIwO.exe
  2⤵
  PID:6008
- C:\Windows\System\wXtirVl.exe
  C:\Windows\System\wXtirVl.exe
  2⤵
  PID:2864
- C:\Windows\System\XhbHiKH.exe
  C:\Windows\System\XhbHiKH.exe
  2⤵
  PID:4088
- C:\Windows\System\NsCmcqx.exe
  C:\Windows\System\NsCmcqx.exe
  2⤵
  PID:3832
- C:\Windows\System\ydqixFW.exe
  C:\Windows\System\ydqixFW.exe
  2⤵
  PID:6148
- C:\Windows\System\oDEZQMz.exe
  C:\Windows\System\oDEZQMz.exe
  2⤵
  PID:6164
- C:\Windows\System\WNytHcB.exe
  C:\Windows\System\WNytHcB.exe
  2⤵
  PID:6180
- C:\Windows\System\Lskrcqh.exe
  C:\Windows\System\Lskrcqh.exe
  2⤵
  PID:6196
- C:\Windows\System\jippFcE.exe
  C:\Windows\System\jippFcE.exe
  2⤵
  PID:6212
- C:\Windows\System\KhZRRJr.exe
  C:\Windows\System\KhZRRJr.exe
  2⤵
  PID:6228
- C:\Windows\System\GEBQoaB.exe
  C:\Windows\System\GEBQoaB.exe
  2⤵
  PID:6244
- C:\Windows\System\uNWGqbx.exe
  C:\Windows\System\uNWGqbx.exe
  2⤵
  PID:6260
- C:\Windows\System\kggWPnR.exe
  C:\Windows\System\kggWPnR.exe
  2⤵
  PID:6276
- C:\Windows\System\QgrsTtt.exe
  C:\Windows\System\QgrsTtt.exe
  2⤵
  PID:6292
- C:\Windows\System\DbAlWBu.exe
  C:\Windows\System\DbAlWBu.exe
  2⤵
  PID:6308
- C:\Windows\System\yRINjKA.exe
  C:\Windows\System\yRINjKA.exe
  2⤵
  PID:6324
- C:\Windows\System\XkWFhEA.exe
  C:\Windows\System\XkWFhEA.exe
  2⤵
  PID:6340
- C:\Windows\System\MlGverq.exe
  C:\Windows\System\MlGverq.exe
  2⤵
  PID:6356
- C:\Windows\System\MyEafXT.exe
  C:\Windows\System\MyEafXT.exe
  2⤵
  PID:6372
- C:\Windows\System\FXFoXzx.exe
  C:\Windows\System\FXFoXzx.exe
  2⤵
  PID:6388
- C:\Windows\System\SLlOpfe.exe
  C:\Windows\System\SLlOpfe.exe
  2⤵
  PID:6404
- C:\Windows\System\YcFsLyi.exe
  C:\Windows\System\YcFsLyi.exe
  2⤵
  PID:6420
- C:\Windows\System\IJAadFT.exe
  C:\Windows\System\IJAadFT.exe
  2⤵
  PID:6436
- C:\Windows\System\CgPXmaG.exe
  C:\Windows\System\CgPXmaG.exe
  2⤵
  PID:6452
- C:\Windows\System\mMFrdmr.exe
  C:\Windows\System\mMFrdmr.exe
  2⤵
  PID:6468
- C:\Windows\System\GAxrfoP.exe
  C:\Windows\System\GAxrfoP.exe
  2⤵
  PID:6484
- C:\Windows\System\LFyauwk.exe
  C:\Windows\System\LFyauwk.exe
  2⤵
  PID:6500
- C:\Windows\System\ujZvEKu.exe
  C:\Windows\System\ujZvEKu.exe
  2⤵
  PID:6516
- C:\Windows\System\KprxwLa.exe
  C:\Windows\System\KprxwLa.exe
  2⤵
  PID:6532
- C:\Windows\System\CaEMBcm.exe
  C:\Windows\System\CaEMBcm.exe
  2⤵
  PID:6548
- C:\Windows\System\DUKSxzs.exe
  C:\Windows\System\DUKSxzs.exe
  2⤵
  PID:6564
- C:\Windows\System\LTnQmpl.exe
  C:\Windows\System\LTnQmpl.exe
  2⤵
  PID:6580
- C:\Windows\System\CCaoytn.exe
  C:\Windows\System\CCaoytn.exe
  2⤵
  PID:6596
- C:\Windows\System\nMZHaHg.exe
  C:\Windows\System\nMZHaHg.exe
  2⤵
  PID:6612
- C:\Windows\System\FzDyLBq.exe
  C:\Windows\System\FzDyLBq.exe
  2⤵
  PID:6628
- C:\Windows\System\YONJzJI.exe
  C:\Windows\System\YONJzJI.exe
  2⤵
  PID:6644
- C:\Windows\System\ESsqDzC.exe
  C:\Windows\System\ESsqDzC.exe
  2⤵
  PID:6660
- C:\Windows\System\iPqmmLV.exe
  C:\Windows\System\iPqmmLV.exe
  2⤵
  PID:6676
- C:\Windows\System\PuZguHL.exe
  C:\Windows\System\PuZguHL.exe
  2⤵
  PID:6692
- C:\Windows\System\GjfApeh.exe
  C:\Windows\System\GjfApeh.exe
  2⤵
  PID:6708
- C:\Windows\System\iCXIkwC.exe
  C:\Windows\System\iCXIkwC.exe
  2⤵
  PID:6724
- C:\Windows\System\HjNTWhq.exe
  C:\Windows\System\HjNTWhq.exe
  2⤵
  PID:6740
- C:\Windows\System\NcfXHSH.exe
  C:\Windows\System\NcfXHSH.exe
  2⤵
  PID:6756
- C:\Windows\System\gbRWhGy.exe
  C:\Windows\System\gbRWhGy.exe
  2⤵
  PID:6772
- C:\Windows\System\oAuVlvg.exe
  C:\Windows\System\oAuVlvg.exe
  2⤵
  PID:6788
- C:\Windows\System\ahgvspC.exe
  C:\Windows\System\ahgvspC.exe
  2⤵
  PID:6804
- C:\Windows\System\CGCxfcx.exe
  C:\Windows\System\CGCxfcx.exe
  2⤵
  PID:6820
- C:\Windows\System\CbYUMsx.exe
  C:\Windows\System\CbYUMsx.exe
  2⤵
  PID:6836
- C:\Windows\System\tLRpGzT.exe
  C:\Windows\System\tLRpGzT.exe
  2⤵
  PID:6852
- C:\Windows\System\ZYSHiBJ.exe
  C:\Windows\System\ZYSHiBJ.exe
  2⤵
  PID:6868
- C:\Windows\System\tfmvOrl.exe
  C:\Windows\System\tfmvOrl.exe
  2⤵
  PID:6884
- C:\Windows\System\toGewkl.exe
  C:\Windows\System\toGewkl.exe
  2⤵
  PID:6900
- C:\Windows\System\PDlvWmO.exe
  C:\Windows\System\PDlvWmO.exe
  2⤵
  PID:6916
- C:\Windows\System\GynPBCa.exe
  C:\Windows\System\GynPBCa.exe
  2⤵
  PID:6932
- C:\Windows\System\glXUjmn.exe
  C:\Windows\System\glXUjmn.exe
  2⤵
  PID:6948
- C:\Windows\System\gIZJuVK.exe
  C:\Windows\System\gIZJuVK.exe
  2⤵
  PID:6964
- C:\Windows\System\EMjemYm.exe
  C:\Windows\System\EMjemYm.exe
  2⤵
  PID:6980
- C:\Windows\System\zQiDSjY.exe
  C:\Windows\System\zQiDSjY.exe
  2⤵
  PID:6996
- C:\Windows\System\qYzuwtP.exe
  C:\Windows\System\qYzuwtP.exe
  2⤵
  PID:7012
- C:\Windows\System\eJYJIhE.exe
  C:\Windows\System\eJYJIhE.exe
  2⤵
  PID:7028
- C:\Windows\System\JmEcdLe.exe
  C:\Windows\System\JmEcdLe.exe
  2⤵
  PID:7044
- C:\Windows\System\xTAGBej.exe
  C:\Windows\System\xTAGBej.exe
  2⤵
  PID:7060
- C:\Windows\System\dPwufrV.exe
  C:\Windows\System\dPwufrV.exe
  2⤵
  PID:7076
- C:\Windows\System\anNUTYA.exe
  C:\Windows\System\anNUTYA.exe
  2⤵
  PID:7092
- C:\Windows\System\uebhUmi.exe
  C:\Windows\System\uebhUmi.exe
  2⤵
  PID:7108
- C:\Windows\System\lUfcOnP.exe
  C:\Windows\System\lUfcOnP.exe
  2⤵
  PID:7128
- C:\Windows\System\wXCLLNm.exe
  C:\Windows\System\wXCLLNm.exe
  2⤵
  PID:7144
- C:\Windows\System\DIRUSwx.exe
  C:\Windows\System\DIRUSwx.exe
  2⤵
  PID:7160
- C:\Windows\System\JaKqcun.exe
  C:\Windows\System\JaKqcun.exe
  2⤵
  PID:6036
- C:\Windows\System\oLmdavF.exe
  C:\Windows\System\oLmdavF.exe
  2⤵
  PID:5556
- C:\Windows\System\OUfNBYY.exe
  C:\Windows\System\OUfNBYY.exe
  2⤵
  PID:5140
- C:\Windows\System\saoXdeV.exe
  C:\Windows\System\saoXdeV.exe
  2⤵
  PID:5336
- C:\Windows\System\gAWQLpD.exe
  C:\Windows\System\gAWQLpD.exe
  2⤵
  PID:6208
- C:\Windows\System\GnOgDvE.exe
  C:\Windows\System\GnOgDvE.exe
  2⤵
  PID:6272
- C:\Windows\System\bdqYonu.exe
  C:\Windows\System\bdqYonu.exe
  2⤵
  PID:4092
- C:\Windows\System\boPoXil.exe
  C:\Windows\System\boPoXil.exe
  2⤵
  PID:6364
- C:\Windows\System\Mfvhqol.exe
  C:\Windows\System\Mfvhqol.exe
  2⤵
  PID:2412
- C:\Windows\System\MZWrVFm.exe
  C:\Windows\System\MZWrVFm.exe
  2⤵
  PID:6464
- C:\Windows\System\izflHZF.exe
  C:\Windows\System\izflHZF.exe
  2⤵
  PID:6528
- C:\Windows\System\DSAtcMA.exe
  C:\Windows\System\DSAtcMA.exe
  2⤵
  PID:6592
- C:\Windows\System\TcNFVke.exe
  C:\Windows\System\TcNFVke.exe
  2⤵
  PID:4996
- C:\Windows\System\TDRExfv.exe
  C:\Windows\System\TDRExfv.exe
  2⤵
  PID:6684
- C:\Windows\System\tAyQaTb.exe
  C:\Windows\System\tAyQaTb.exe
  2⤵
  PID:6192
- C:\Windows\System\gTEbZXU.exe
  C:\Windows\System\gTEbZXU.exe
  2⤵
  PID:6256
- C:\Windows\System\AlLUSpz.exe
  C:\Windows\System\AlLUSpz.exe
  2⤵
  PID:6320
- C:\Windows\System\GLQBLRA.exe
  C:\Windows\System\GLQBLRA.exe
  2⤵
  PID:2536
- C:\Windows\System\QjDeaZo.exe
  C:\Windows\System\QjDeaZo.exe
  2⤵
  PID:6416
- C:\Windows\System\QnSaeAg.exe
  C:\Windows\System\QnSaeAg.exe
  2⤵
  PID:6480
- C:\Windows\System\iQvVhhC.exe
  C:\Windows\System\iQvVhhC.exe
  2⤵
  PID:6576
- C:\Windows\System\LnWvkLq.exe
  C:\Windows\System\LnWvkLq.exe
  2⤵
  PID:6640
- C:\Windows\System\ndMPPtM.exe
  C:\Windows\System\ndMPPtM.exe
  2⤵
  PID:6716
- C:\Windows\System\yWHTmHe.exe
  C:\Windows\System\yWHTmHe.exe
  2⤵
  PID:6780
- C:\Windows\System\mJJrWeQ.exe
  C:\Windows\System\mJJrWeQ.exe
  2⤵
  PID:6844
- C:\Windows\System\RiALYPm.exe
  C:\Windows\System\RiALYPm.exe
  2⤵
  PID:2736
- C:\Windows\System\RnjxTNM.exe
  C:\Windows\System\RnjxTNM.exe
  2⤵
  PID:6704
- C:\Windows\System\LjsQyCv.exe
  C:\Windows\System\LjsQyCv.exe
  2⤵
  PID:6736
- C:\Windows\System\XdkMWIW.exe
  C:\Windows\System\XdkMWIW.exe
  2⤵
  PID:6832
- C:\Windows\System\KtXoofx.exe
  C:\Windows\System\KtXoofx.exe
  2⤵
  PID:6896
- C:\Windows\System\scQLeov.exe
  C:\Windows\System\scQLeov.exe
  2⤵
  PID:6960
- C:\Windows\System\HpJMcbr.exe
  C:\Windows\System\HpJMcbr.exe
  2⤵
  PID:7024
- C:\Windows\System\EyKUZoS.exe
  C:\Windows\System\EyKUZoS.exe
  2⤵
  PID:7084
- C:\Windows\System\WgwKVFN.exe
  C:\Windows\System\WgwKVFN.exe
  2⤵
  PID:2680
- C:\Windows\System\JBZyIIP.exe
  C:\Windows\System\JBZyIIP.exe
  2⤵
  PID:7036
- C:\Windows\System\DKTYXEj.exe
  C:\Windows\System\DKTYXEj.exe
  2⤵
  PID:6912
- C:\Windows\System\EXxsnjr.exe
  C:\Windows\System\EXxsnjr.exe
  2⤵
  PID:6976
- C:\Windows\System\zsoaEnR.exe
  C:\Windows\System\zsoaEnR.exe
  2⤵
  PID:7068
- C:\Windows\System\aizbwxF.exe
  C:\Windows\System\aizbwxF.exe
  2⤵
  PID:7136
- C:\Windows\System\IFxcVrf.exe
  C:\Windows\System\IFxcVrf.exe
  2⤵
  PID:1980
- C:\Windows\System\bARXEXV.exe
  C:\Windows\System\bARXEXV.exe
  2⤵
  PID:4068
- C:\Windows\System\AGGUtVO.exe
  C:\Windows\System\AGGUtVO.exe
  2⤵
  PID:596
- C:\Windows\System\eYfVRTW.exe
  C:\Windows\System\eYfVRTW.exe
  2⤵
  PID:4692
- C:\Windows\System\NPzuHCk.exe
  C:\Windows\System\NPzuHCk.exe
  2⤵
  PID:6176
- C:\Windows\System\oPvoSJO.exe
  C:\Windows\System\oPvoSJO.exe
  2⤵
  PID:6400
- C:\Windows\System\mqIGxeO.exe
  C:\Windows\System\mqIGxeO.exe
  2⤵
  PID:6652
- C:\Windows\System\cYyWLjP.exe
  C:\Windows\System\cYyWLjP.exe
  2⤵
  PID:604
- C:\Windows\System\JbymQLC.exe
  C:\Windows\System\JbymQLC.exe
  2⤵
  PID:6560
- C:\Windows\System\bQBXWxm.exe
  C:\Windows\System\bQBXWxm.exe
  2⤵
  PID:6252
- C:\Windows\System\QLqQJsF.exe
  C:\Windows\System\QLqQJsF.exe
  2⤵
  PID:6188
- C:\Windows\System\LDtuTKA.exe
  C:\Windows\System\LDtuTKA.exe
  2⤵
  PID:6672
- C:\Windows\System\uBbTXtp.exe
  C:\Windows\System\uBbTXtp.exe
  2⤵
  PID:6460
- C:\Windows\System\VTaRPeb.exe
  C:\Windows\System\VTaRPeb.exe
  2⤵
  PID:6656
- C:\Windows\System\QVMnwip.exe
  C:\Windows\System\QVMnwip.exe
  2⤵
  PID:6816
- C:\Windows\System\OWgTmsV.exe
  C:\Windows\System\OWgTmsV.exe
  2⤵
  PID:3984
- C:\Windows\System\IlkVxbv.exe
  C:\Windows\System\IlkVxbv.exe
  2⤵
  PID:6880
- C:\Windows\System\ZwtGbNM.exe
  C:\Windows\System\ZwtGbNM.exe
  2⤵
  PID:7088
- C:\Windows\System\VvuTqmO.exe
  C:\Windows\System\VvuTqmO.exe
  2⤵
  PID:7008
- C:\Windows\System\YXqOjFm.exe
  C:\Windows\System\YXqOjFm.exe
  2⤵
  PID:496
- C:\Windows\System\nCUtStJ.exe
  C:\Windows\System\nCUtStJ.exe
  2⤵
  PID:7184
- C:\Windows\System\ZdYAjTJ.exe
  C:\Windows\System\ZdYAjTJ.exe
  2⤵
  PID:7200
- C:\Windows\System\rJcPkQI.exe
  C:\Windows\System\rJcPkQI.exe
  2⤵
  PID:7216
- C:\Windows\System\NfyahJz.exe
  C:\Windows\System\NfyahJz.exe
  2⤵
  PID:7236
- C:\Windows\System\OOyQoGi.exe
  C:\Windows\System\OOyQoGi.exe
  2⤵
  PID:7256
- C:\Windows\System\PiDmknC.exe
  C:\Windows\System\PiDmknC.exe
  2⤵
  PID:7312
- C:\Windows\System\LdUyizV.exe
  C:\Windows\System\LdUyizV.exe
  2⤵
  PID:7452
- C:\Windows\System\KzCximc.exe
  C:\Windows\System\KzCximc.exe
  2⤵
  PID:5700
- C:\Windows\System\FesnbHI.exe
  C:\Windows\System\FesnbHI.exe
  2⤵
  PID:5940
- C:\Windows\System\SHcxIAG.exe
  C:\Windows\System\SHcxIAG.exe
  2⤵
  PID:6496
- C:\Windows\System\fayIbQN.exe
  C:\Windows\System\fayIbQN.exe
  2⤵
  PID:284
- C:\Windows\System\gEfQmQV.exe
  C:\Windows\System\gEfQmQV.exe
  2⤵
  PID:7228
- C:\Windows\System\SjbIkEq.exe
  C:\Windows\System\SjbIkEq.exe
  2⤵
  PID:6512
- C:\Windows\System\GJxoxWv.exe
  C:\Windows\System\GJxoxWv.exe
  2⤵
  PID:872
- C:\Windows\System\vCuupNC.exe
  C:\Windows\System\vCuupNC.exe
  2⤵
  PID:6908
- C:\Windows\System\mgtSGwV.exe
  C:\Windows\System\mgtSGwV.exe
  2⤵
  PID:7176
- C:\Windows\System\sGtRNGN.exe
  C:\Windows\System\sGtRNGN.exe
  2⤵
  PID:7320
- C:\Windows\System\tVzKpbx.exe
  C:\Windows\System\tVzKpbx.exe
  2⤵
  PID:3064
- C:\Windows\System\flPxcCb.exe
  C:\Windows\System\flPxcCb.exe
  2⤵
  PID:7372
- C:\Windows\System\GknZaPg.exe
  C:\Windows\System\GknZaPg.exe
  2⤵
  PID:7388
- C:\Windows\System\kBYArVi.exe
  C:\Windows\System\kBYArVi.exe
  2⤵
  PID:7404
- C:\Windows\System\OtytNjL.exe
  C:\Windows\System\OtytNjL.exe
  2⤵
  PID:7480
- C:\Windows\System\QBjzoKg.exe
  C:\Windows\System\QBjzoKg.exe
  2⤵
  PID:7424
- C:\Windows\System\BVtryLB.exe
  C:\Windows\System\BVtryLB.exe
  2⤵
  PID:7432
- C:\Windows\System\yplooax.exe
  C:\Windows\System\yplooax.exe
  2⤵
  PID:7448
- C:\Windows\System\IBIuPPJ.exe
  C:\Windows\System\IBIuPPJ.exe
  2⤵
  PID:7520
- C:\Windows\System\COhcEcd.exe
  C:\Windows\System\COhcEcd.exe
  2⤵
  PID:7536
- C:\Windows\System\LkFTCnf.exe
  C:\Windows\System\LkFTCnf.exe
  2⤵
  PID:7584
- C:\Windows\System\umjavyd.exe
  C:\Windows\System\umjavyd.exe
  2⤵
  PID:6544
- C:\Windows\System\hByZNSj.exe
  C:\Windows\System\hByZNSj.exe
  2⤵
  PID:7820
- C:\Windows\System\CBwGXWU.exe
  C:\Windows\System\CBwGXWU.exe
  2⤵
  PID:7888
- C:\Windows\System\lplWkbI.exe
  C:\Windows\System\lplWkbI.exe
  2⤵
  PID:7576
- C:\Windows\System\qBZYkkb.exe
  C:\Windows\System\qBZYkkb.exe
  2⤵
  PID:7600
- C:\Windows\System\MlgRcXy.exe
  C:\Windows\System\MlgRcXy.exe
  2⤵
  PID:7616
- C:\Windows\System\DjnOFVP.exe
  C:\Windows\System\DjnOFVP.exe
  2⤵
  PID:7632
- C:\Windows\System\KPicDYj.exe
  C:\Windows\System\KPicDYj.exe
  2⤵
  PID:7648
- C:\Windows\System\qVHMrce.exe
  C:\Windows\System\qVHMrce.exe
  2⤵
  PID:1768
- C:\Windows\System\sdZNviB.exe
  C:\Windows\System\sdZNviB.exe
  2⤵
  PID:7684
- C:\Windows\System\szCrdzC.exe
  C:\Windows\System\szCrdzC.exe
  2⤵
  PID:7716
- C:\Windows\System\psrOkID.exe
  C:\Windows\System\psrOkID.exe
  2⤵
  PID:7740
- C:\Windows\System\fnTXRLL.exe
  C:\Windows\System\fnTXRLL.exe
  2⤵
  PID:7760
- C:\Windows\System\ushBiRw.exe
  C:\Windows\System\ushBiRw.exe
  2⤵
  PID:2916
- C:\Windows\System\ZZkDXLZ.exe
  C:\Windows\System\ZZkDXLZ.exe
  2⤵
  PID:7796
- C:\Windows\System\aLQeONK.exe
  C:\Windows\System\aLQeONK.exe
  2⤵
  PID:7816
- C:\Windows\System\JhEalJH.exe
  C:\Windows\System\JhEalJH.exe
  2⤵
  PID:7856
- C:\Windows\System\VnLKFTg.exe
  C:\Windows\System\VnLKFTg.exe
  2⤵
  PID:7880
- C:\Windows\System\htwtqBp.exe
  C:\Windows\System\htwtqBp.exe
  2⤵
  PID:7268
- C:\Windows\System\LvFwOhg.exe
  C:\Windows\System\LvFwOhg.exe
  2⤵
  PID:7940
- C:\Windows\System\QSafzoo.exe
  C:\Windows\System\QSafzoo.exe
  2⤵
  PID:7988
- C:\Windows\System\goEAxhp.exe
  C:\Windows\System\goEAxhp.exe
  2⤵
  PID:7972
- C:\Windows\System\lkxXLaT.exe
  C:\Windows\System\lkxXLaT.exe
  2⤵
  PID:7956
- C:\Windows\System\aYtxiYU.exe
  C:\Windows\System\aYtxiYU.exe
  2⤵
  PID:8000
- C:\Windows\System\aTTwXoi.exe
  C:\Windows\System\aTTwXoi.exe
  2⤵
  PID:8020
- C:\Windows\System\iwqDLkd.exe
  C:\Windows\System\iwqDLkd.exe
  2⤵
  PID:8044
- C:\Windows\System\VGJtzjl.exe
  C:\Windows\System\VGJtzjl.exe
  2⤵
  PID:8060
- C:\Windows\System\rJSCeqd.exe
  C:\Windows\System\rJSCeqd.exe
  2⤵
  PID:8080
- C:\Windows\System\XYmlZyX.exe
  C:\Windows\System\XYmlZyX.exe
  2⤵
  PID:8100
- C:\Windows\System\vTAjXPM.exe
  C:\Windows\System\vTAjXPM.exe
  2⤵
  PID:8116
- C:\Windows\System\vmMySnv.exe
  C:\Windows\System\vmMySnv.exe
  2⤵
  PID:8132
- C:\Windows\System\RuOLeoB.exe
  C:\Windows\System\RuOLeoB.exe
  2⤵
  PID:8152
- C:\Windows\System\cOUeeXb.exe
  C:\Windows\System\cOUeeXb.exe
  2⤵
  PID:8188
- C:\Windows\System\YEHrDfp.exe
  C:\Windows\System\YEHrDfp.exe
  2⤵
  PID:448
- C:\Windows\System\YpggUhP.exe
  C:\Windows\System\YpggUhP.exe
  2⤵
  PID:6972
- C:\Windows\System\YtuoeGk.exe
  C:\Windows\System\YtuoeGk.exe
  2⤵
  PID:3628
- C:\Windows\System\nIfHTHh.exe
  C:\Windows\System\nIfHTHh.exe
  2⤵
  PID:6892
- C:\Windows\System\FBXYRPt.exe
  C:\Windows\System\FBXYRPt.exe
  2⤵
  PID:7192
- C:\Windows\System\KrAAVAi.exe
  C:\Windows\System\KrAAVAi.exe
  2⤵
  PID:7232
- C:\Windows\System\UtdVslm.exe
  C:\Windows\System\UtdVslm.exe
  2⤵
  PID:7284
- C:\Windows\System\SvpRNyz.exe
  C:\Windows\System\SvpRNyz.exe
  2⤵
  PID:4060
- C:\Windows\System\cgIyhBP.exe
  C:\Windows\System\cgIyhBP.exe
  2⤵
  PID:4072
- C:\Windows\System\xCKyugI.exe
  C:\Windows\System\xCKyugI.exe
  2⤵
  PID:2780
- C:\Windows\System\guLUirg.exe
  C:\Windows\System\guLUirg.exe
  2⤵
  PID:6332
- C:\Windows\System\ZtXeyUO.exe
  C:\Windows\System\ZtXeyUO.exe
  2⤵
  PID:7308
- C:\Windows\System\dXxcoRZ.exe
  C:\Windows\System\dXxcoRZ.exe
  2⤵
  PID:1196
- C:\Windows\System\NSjtfMr.exe
  C:\Windows\System\NSjtfMr.exe
  2⤵
  PID:7172
- C:\Windows\System\ErffgSr.exe
  C:\Windows\System\ErffgSr.exe
  2⤵
  PID:7212
- C:\Windows\System\VWlWTgi.exe
  C:\Windows\System\VWlWTgi.exe
  2⤵
  PID:7252
- C:\Windows\System\wBvuysz.exe
  C:\Windows\System\wBvuysz.exe
  2⤵
  PID:7368
- C:\Windows\System\SNGJJyj.exe
  C:\Windows\System\SNGJJyj.exe
  2⤵
  PID:7440
- C:\Windows\System\HpABVJd.exe
  C:\Windows\System\HpABVJd.exe
  2⤵
  PID:7332
- C:\Windows\System\AFKwQtd.exe
  C:\Windows\System\AFKwQtd.exe
  2⤵
  PID:7460
- C:\Windows\System\gGShXhI.exe
  C:\Windows\System\gGShXhI.exe
  2⤵
  PID:7516
- C:\Windows\System\IgbNqbY.exe
  C:\Windows\System\IgbNqbY.exe
  2⤵
  PID:7572
- C:\Windows\System\RctBExz.exe
  C:\Windows\System\RctBExz.exe
  2⤵
  PID:7996
- C:\Windows\System\GazTnNN.exe
  C:\Windows\System\GazTnNN.exe
  2⤵
  PID:340
- C:\Windows\System\vERjEKx.exe
  C:\Windows\System\vERjEKx.exe
  2⤵
  PID:2480
- C:\Windows\System\ESmDKHy.exe
  C:\Windows\System\ESmDKHy.exe
  2⤵
  PID:7664
- C:\Windows\System\gnwOBkC.exe
  C:\Windows\System\gnwOBkC.exe
  2⤵
  PID:7932
- C:\Windows\System\ulDaWWn.exe
  C:\Windows\System\ulDaWWn.exe
  2⤵
  PID:7612
- C:\Windows\System\ijGYJXE.exe
  C:\Windows\System\ijGYJXE.exe
  2⤵
  PID:7700
- C:\Windows\System\BZqrPxt.exe
  C:\Windows\System\BZqrPxt.exe
  2⤵
  PID:7736
- C:\Windows\System\VibHiVc.exe
  C:\Windows\System\VibHiVc.exe
  2⤵
  PID:7776
- C:\Windows\System\gjNyrrx.exe
  C:\Windows\System\gjNyrrx.exe
  2⤵
  PID:7748
- C:\Windows\System\QrXaBLB.exe
  C:\Windows\System\QrXaBLB.exe
  2⤵
  PID:7788
- C:\Windows\System\qfQpAHM.exe
  C:\Windows\System\qfQpAHM.exe
  2⤵
  PID:7852
- C:\Windows\System\etrMJfj.exe
  C:\Windows\System\etrMJfj.exe
  2⤵
  PID:7900
- C:\Windows\System\HieXbKJ.exe
  C:\Windows\System\HieXbKJ.exe
  2⤵
  PID:7272
- C:\Windows\System\LCSJZQG.exe
  C:\Windows\System\LCSJZQG.exe
  2⤵
  PID:7944
- C:\Windows\System\gdFKWux.exe
  C:\Windows\System\gdFKWux.exe
  2⤵
  PID:8040
- C:\Windows\System\bBwIgwp.exe
  C:\Windows\System\bBwIgwp.exe
  2⤵
  PID:8076
- C:\Windows\System\rtTGpPZ.exe
  C:\Windows\System\rtTGpPZ.exe
  2⤵
  PID:8148
- C:\Windows\System\CPIvbMJ.exe
  C:\Windows\System\CPIvbMJ.exe
  2⤵
  PID:6988
- C:\Windows\System\dZYuKum.exe
  C:\Windows\System\dZYuKum.exe
  2⤵
  PID:2328
- C:\Windows\System\psXvMPj.exe
  C:\Windows\System\psXvMPj.exe
  2⤵
  PID:7960
- C:\Windows\System\TLWqJKl.exe
  C:\Windows\System\TLWqJKl.exe
  2⤵
  PID:6448
- C:\Windows\System\eafVLSZ.exe
  C:\Windows\System\eafVLSZ.exe
  2⤵
  PID:7352
- C:\Windows\System\AvrKIqE.exe
  C:\Windows\System\AvrKIqE.exe
  2⤵
  PID:7496
- C:\Windows\System\JnFBJtA.exe
  C:\Windows\System\JnFBJtA.exe
  2⤵
  PID:7992
- C:\Windows\System\bRhbNvc.exe
  C:\Windows\System\bRhbNvc.exe
  2⤵
  PID:2868
- C:\Windows\System\ClysObu.exe
  C:\Windows\System\ClysObu.exe
  2⤵
  PID:7676
- C:\Windows\System\dnGOavh.exe
  C:\Windows\System\dnGOavh.exe
  2⤵
  PID:7224
- C:\Windows\System\ZbKDDZy.exe
  C:\Windows\System\ZbKDDZy.exe
  2⤵
  PID:7976
- C:\Windows\System\JYldQgv.exe
  C:\Windows\System\JYldQgv.exe
  2⤵
  PID:6928
- C:\Windows\System\iyiCLYA.exe
  C:\Windows\System\iyiCLYA.exe
  2⤵
  PID:6156
- C:\Windows\System\BAglEtc.exe
  C:\Windows\System\BAglEtc.exe
  2⤵
  PID:8088
- C:\Windows\System\zfNPqOn.exe
  C:\Windows\System\zfNPqOn.exe
  2⤵
  PID:6876
- C:\Windows\System\IXXMFUL.exe
  C:\Windows\System\IXXMFUL.exe
  2⤵
  PID:7588
- C:\Windows\System\xGHOZLC.exe
  C:\Windows\System\xGHOZLC.exe
  2⤵
  PID:7868
- C:\Windows\System\VsIuJSc.exe
  C:\Windows\System\VsIuJSc.exe
  2⤵
  PID:8160
- C:\Windows\System\UMwsxoO.exe
  C:\Windows\System\UMwsxoO.exe
  2⤵
  PID:7156
- C:\Windows\System\XWdLIcv.exe
  C:\Windows\System\XWdLIcv.exe
  2⤵
  PID:2724
- C:\Windows\System\aaPJSqF.exe
  C:\Windows\System\aaPJSqF.exe
  2⤵
  PID:5448
- C:\Windows\System\sMmiLus.exe
  C:\Windows\System\sMmiLus.exe
  2⤵
  PID:6316
- C:\Windows\System\nVIfqZz.exe
  C:\Windows\System\nVIfqZz.exe
  2⤵
  PID:7400
- C:\Windows\System\wbhdaOu.exe
  C:\Windows\System\wbhdaOu.exe
  2⤵
  PID:7408
- C:\Windows\System\uUkAESI.exe
  C:\Windows\System\uUkAESI.exe
  2⤵
  PID:7596
- C:\Windows\System\tmaErOe.exe
  C:\Windows\System\tmaErOe.exe
  2⤵
  PID:7704
- C:\Windows\System\JScTcJa.exe
  C:\Windows\System\JScTcJa.exe
  2⤵
  PID:7784
- C:\Windows\System\qJKcoxO.exe
  C:\Windows\System\qJKcoxO.exe
  2⤵
  PID:7892
- C:\Windows\System\nGgXGyJ.exe
  C:\Windows\System\nGgXGyJ.exe
  2⤵
  PID:2984
- C:\Windows\System\iRdzVGc.exe
  C:\Windows\System\iRdzVGc.exe
  2⤵
  PID:7328
- C:\Windows\System\DLpHwGX.exe
  C:\Windows\System\DLpHwGX.exe
  2⤵
  PID:7772
- C:\Windows\System\cGHgZAs.exe
  C:\Windows\System\cGHgZAs.exe
  2⤵
  PID:2860
- C:\Windows\System\QRotDgO.exe
  C:\Windows\System\QRotDgO.exe
  2⤵
  PID:8128
- C:\Windows\System\yBEhUBE.exe
  C:\Windows\System\yBEhUBE.exe
  2⤵
  PID:2872
- C:\Windows\System\sKKwVzF.exe
  C:\Windows\System\sKKwVzF.exe
  2⤵
  PID:7300
- C:\Windows\System\cXvUmel.exe
  C:\Windows\System\cXvUmel.exe
  2⤵
  PID:2624
- C:\Windows\System\SjlsnBM.exe
  C:\Windows\System\SjlsnBM.exe
  2⤵
  PID:7396
- C:\Windows\System\xebQhaw.exe
  C:\Windows\System\xebQhaw.exe
  2⤵
  PID:2072
- C:\Windows\System\mjcZYRn.exe
  C:\Windows\System\mjcZYRn.exe
  2⤵
  PID:7592
- C:\Windows\System\mDYBWaP.exe
  C:\Windows\System\mDYBWaP.exe
  2⤵
  PID:7384
- C:\Windows\System\JwigdYN.exe
  C:\Windows\System\JwigdYN.exe
  2⤵
  PID:8032
- C:\Windows\System\kSCjvgL.exe
  C:\Windows\System\kSCjvgL.exe
  2⤵
  PID:8140
- C:\Windows\System\yfuWDRZ.exe
  C:\Windows\System\yfuWDRZ.exe
  2⤵
  PID:7920
- C:\Windows\System\LuLrPdn.exe
  C:\Windows\System\LuLrPdn.exe
  2⤵
  PID:7504
- C:\Windows\System\LUguRxH.exe
  C:\Windows\System\LUguRxH.exe
  2⤵
  PID:7124
- C:\Windows\System\KTcuPjV.exe
  C:\Windows\System\KTcuPjV.exe
  2⤵
  PID:6476
- C:\Windows\System\fyOamfB.exe
  C:\Windows\System\fyOamfB.exe
  2⤵
  PID:8096
- C:\Windows\System\VxonTgI.exe
  C:\Windows\System\VxonTgI.exe
  2⤵
  PID:7476
- C:\Windows\System\HygwZCw.exe
  C:\Windows\System\HygwZCw.exe
  2⤵
  PID:2672
- C:\Windows\System\chmEdcK.exe
  C:\Windows\System\chmEdcK.exe
  2⤵
  PID:2752
- C:\Windows\System\HjKmDHL.exe
  C:\Windows\System\HjKmDHL.exe
  2⤵
  PID:8180
- C:\Windows\System\WdyYelU.exe
  C:\Windows\System\WdyYelU.exe
  2⤵
  PID:7904
- C:\Windows\System\CtPHylL.exe
  C:\Windows\System\CtPHylL.exe
  2⤵
  PID:7464
- C:\Windows\System\uKRYqwZ.exe
  C:\Windows\System\uKRYqwZ.exe
  2⤵
  PID:7896
- C:\Windows\System\vbJiCAY.exe
  C:\Windows\System\vbJiCAY.exe
  2⤵
  PID:7732
- C:\Windows\System\HBuoaHE.exe
  C:\Windows\System\HBuoaHE.exe
  2⤵
  PID:8072
- C:\Windows\System\eDFKzgp.exe
  C:\Windows\System\eDFKzgp.exe
  2⤵
  PID:8184
- C:\Windows\System\WDQTWnC.exe
  C:\Windows\System\WDQTWnC.exe
  2⤵
  PID:7608
- C:\Windows\System\UleQBNL.exe
  C:\Windows\System\UleQBNL.exe
  2⤵
  PID:7392
- C:\Windows\System\cOjafYe.exe
  C:\Windows\System\cOjafYe.exe
  2⤵
  PID:6800
- C:\Windows\System\cTOmeES.exe
  C:\Windows\System\cTOmeES.exe
  2⤵
  PID:7348
- C:\Windows\System\nISIhRr.exe
  C:\Windows\System\nISIhRr.exe
  2⤵
  PID:7244
- C:\Windows\System\cGNBPhh.exe
  C:\Windows\System\cGNBPhh.exe
  2⤵
  PID:3988
- C:\Windows\System\hWZOPFA.exe
  C:\Windows\System\hWZOPFA.exe
  2⤵
  PID:7708
- C:\Windows\System\MfKocvj.exe
  C:\Windows\System\MfKocvj.exe
  2⤵
  PID:7812
- C:\Windows\System\OWKKoOX.exe
  C:\Windows\System\OWKKoOX.exe
  2⤵
  PID:7336
- C:\Windows\System\PsFeHgY.exe
  C:\Windows\System\PsFeHgY.exe
  2⤵
  PID:8200
- C:\Windows\System\xKSVSWl.exe
  C:\Windows\System\xKSVSWl.exe
  2⤵
  PID:8216
- C:\Windows\System\rADGcSy.exe
  C:\Windows\System\rADGcSy.exe
  2⤵
  PID:8232
- C:\Windows\System\AWwiYYc.exe
  C:\Windows\System\AWwiYYc.exe
  2⤵
  PID:8248
- C:\Windows\System\ApifJWV.exe
  C:\Windows\System\ApifJWV.exe
  2⤵
  PID:8264
- C:\Windows\System\ahDJHuI.exe
  C:\Windows\System\ahDJHuI.exe
  2⤵
  PID:8284
- C:\Windows\System\jpkBRVR.exe
  C:\Windows\System\jpkBRVR.exe
  2⤵
  PID:8300
- C:\Windows\System\VwAaelQ.exe
  C:\Windows\System\VwAaelQ.exe
  2⤵
  PID:8316
- C:\Windows\System\sfJZuxE.exe
  C:\Windows\System\sfJZuxE.exe
  2⤵
  PID:8332
- C:\Windows\System\elVNSUU.exe
  C:\Windows\System\elVNSUU.exe
  2⤵
  PID:8348
- C:\Windows\System\QgHxlNX.exe
  C:\Windows\System\QgHxlNX.exe
  2⤵
  PID:8364
- C:\Windows\System\GLptJOI.exe
  C:\Windows\System\GLptJOI.exe
  2⤵
  PID:8380
- C:\Windows\System\DopVPoL.exe
  C:\Windows\System\DopVPoL.exe
  2⤵
  PID:8404
- C:\Windows\System\nUpJqGs.exe
  C:\Windows\System\nUpJqGs.exe
  2⤵
  PID:8420
- C:\Windows\System\WfsRMkl.exe
  C:\Windows\System\WfsRMkl.exe
  2⤵
  PID:8448
- C:\Windows\System\hsXWlpW.exe
  C:\Windows\System\hsXWlpW.exe
  2⤵
  PID:8464
- C:\Windows\System\GvBfLlY.exe
  C:\Windows\System\GvBfLlY.exe
  2⤵
  PID:8480
- C:\Windows\System\zekVIWk.exe
  C:\Windows\System\zekVIWk.exe
  2⤵
  PID:8496
- C:\Windows\System\yfZWNAy.exe
  C:\Windows\System\yfZWNAy.exe
  2⤵
  PID:8512
- C:\Windows\System\dbWDHty.exe
  C:\Windows\System\dbWDHty.exe
  2⤵
  PID:8536
- C:\Windows\System\QHWCjWD.exe
  C:\Windows\System\QHWCjWD.exe
  2⤵
  PID:8552
- C:\Windows\System\qJQaVUS.exe
  C:\Windows\System\qJQaVUS.exe
  2⤵
  PID:8568
- C:\Windows\System\jeixGSg.exe
  C:\Windows\System\jeixGSg.exe
  2⤵
  PID:8584
- C:\Windows\System\mpMckzb.exe
  C:\Windows\System\mpMckzb.exe
  2⤵
  PID:8600
- C:\Windows\System\glAnmrE.exe
  C:\Windows\System\glAnmrE.exe
  2⤵
  PID:8616
- C:\Windows\System\xoNlqAN.exe
  C:\Windows\System\xoNlqAN.exe
  2⤵
  PID:8632
- C:\Windows\System\mgPaqjZ.exe
  C:\Windows\System\mgPaqjZ.exe
  2⤵
  PID:8648
- C:\Windows\System\vEIAwze.exe
  C:\Windows\System\vEIAwze.exe
  2⤵
  PID:8664
- C:\Windows\System\pyRJqfa.exe
  C:\Windows\System\pyRJqfa.exe
  2⤵
  PID:8680
- C:\Windows\System\GNaoQZd.exe
  C:\Windows\System\GNaoQZd.exe
  2⤵
  PID:8696
- C:\Windows\System\nNJrGLY.exe
  C:\Windows\System\nNJrGLY.exe
  2⤵
  PID:8712
- C:\Windows\System\mHiAfTn.exe
  C:\Windows\System\mHiAfTn.exe
  2⤵
  PID:8728
- C:\Windows\System\ETPWUVB.exe
  C:\Windows\System\ETPWUVB.exe
  2⤵
  PID:8744
- C:\Windows\System\qzXbEce.exe
  C:\Windows\System\qzXbEce.exe
  2⤵
  PID:8760
- C:\Windows\System\zvCutgw.exe
  C:\Windows\System\zvCutgw.exe
  2⤵
  PID:8776
- C:\Windows\System\tjdhXry.exe
  C:\Windows\System\tjdhXry.exe
  2⤵
  PID:8792
- C:\Windows\System\QXaTpQE.exe
  C:\Windows\System\QXaTpQE.exe
  2⤵
  PID:8808
- C:\Windows\System\cYGejbs.exe
  C:\Windows\System\cYGejbs.exe
  2⤵
  PID:8824
- C:\Windows\System\BeFdULW.exe
  C:\Windows\System\BeFdULW.exe
  2⤵
  PID:8840
- C:\Windows\System\kSiFWSs.exe
  C:\Windows\System\kSiFWSs.exe
  2⤵
  PID:8856
- C:\Windows\System\SCWcwAJ.exe
  C:\Windows\System\SCWcwAJ.exe
  2⤵
  PID:8876
- C:\Windows\System\SBVyUxm.exe
  C:\Windows\System\SBVyUxm.exe
  2⤵
  PID:8892
- C:\Windows\System\AXQICUe.exe
  C:\Windows\System\AXQICUe.exe
  2⤵
  PID:8908
- C:\Windows\System\mocVLOe.exe
  C:\Windows\System\mocVLOe.exe
  2⤵
  PID:8924
- C:\Windows\System\JCEaaBt.exe
  C:\Windows\System\JCEaaBt.exe
  2⤵
  PID:8940
- C:\Windows\System\kMbxaSj.exe
  C:\Windows\System\kMbxaSj.exe
  2⤵
  PID:8956
- C:\Windows\System\imzwqjS.exe
  C:\Windows\System\imzwqjS.exe
  2⤵
  PID:8972
- C:\Windows\System\TGpEFeM.exe
  C:\Windows\System\TGpEFeM.exe
  2⤵
  PID:8988
- C:\Windows\System\PWKssdg.exe
  C:\Windows\System\PWKssdg.exe
  2⤵
  PID:9004
- C:\Windows\System\BCNZSmv.exe
  C:\Windows\System\BCNZSmv.exe
  2⤵
  PID:9020
- C:\Windows\System\TwCACPT.exe
  C:\Windows\System\TwCACPT.exe
  2⤵
  PID:9036
- C:\Windows\System\cHuCoJI.exe
  C:\Windows\System\cHuCoJI.exe
  2⤵
  PID:9052
- C:\Windows\System\kSbFoPh.exe
  C:\Windows\System\kSbFoPh.exe
  2⤵
  PID:9068
- C:\Windows\System\nncDBOw.exe
  C:\Windows\System\nncDBOw.exe
  2⤵
  PID:9084
- C:\Windows\System\WzvfhiH.exe
  C:\Windows\System\WzvfhiH.exe
  2⤵
  PID:9100
- C:\Windows\System\MWYdRBq.exe
  C:\Windows\System\MWYdRBq.exe
  2⤵
  PID:9128
- C:\Windows\System\KOHVHyU.exe
  C:\Windows\System\KOHVHyU.exe
  2⤵
  PID:9144
- C:\Windows\System\INMMUYI.exe
  C:\Windows\System\INMMUYI.exe
  2⤵
  PID:9160
- C:\Windows\System\lxowmCC.exe
  C:\Windows\System\lxowmCC.exe
  2⤵
  PID:9176
- C:\Windows\System\aLgTQLJ.exe
  C:\Windows\System\aLgTQLJ.exe
  2⤵
  PID:7724
- C:\Windows\System\npDxfLo.exe
  C:\Windows\System\npDxfLo.exe
  2⤵
  PID:8240
- C:\Windows\System\wXNTEFv.exe
  C:\Windows\System\wXNTEFv.exe
  2⤵
  PID:8312
- C:\Windows\System\dClAuHo.exe
  C:\Windows\System\dClAuHo.exe
  2⤵
  PID:8392
- C:\Windows\System\SVRBUav.exe
  C:\Windows\System\SVRBUav.exe
  2⤵
  PID:8440
- C:\Windows\System\apNPpEU.exe
  C:\Windows\System\apNPpEU.exe
  2⤵
  PID:8416
- C:\Windows\System\bIyjUnk.exe
  C:\Windows\System\bIyjUnk.exe
  2⤵
  PID:8492
- C:\Windows\System\dQdUMoI.exe
  C:\Windows\System\dQdUMoI.exe
  2⤵
  PID:8592
- C:\Windows\System\RJbXjgI.exe
  C:\Windows\System\RJbXjgI.exe
  2⤵
  PID:8660
- C:\Windows\System\tyjRyAs.exe
  C:\Windows\System\tyjRyAs.exe
  2⤵
  PID:8724
- C:\Windows\System\jecFghp.exe
  C:\Windows\System\jecFghp.exe
  2⤵
  PID:8752
- C:\Windows\System\KYPTdbL.exe
  C:\Windows\System\KYPTdbL.exe
  2⤵
  PID:8644
- C:\Windows\System\nMeSnDp.exe
  C:\Windows\System\nMeSnDp.exe
  2⤵
  PID:8708
- C:\Windows\System\kYRcFCW.exe
  C:\Windows\System\kYRcFCW.exe
  2⤵
  PID:8772
- C:\Windows\System\uQcqRcH.exe
  C:\Windows\System\uQcqRcH.exe
  2⤵
  PID:8864
- C:\Windows\System\QLWOpFq.exe
  C:\Windows\System\QLWOpFq.exe
  2⤵
  PID:8848
- C:\Windows\System\MEzDIiO.exe
  C:\Windows\System\MEzDIiO.exe
  2⤵
  PID:9192
- C:\Windows\System\qMxftbO.exe
  C:\Windows\System\qMxftbO.exe
  2⤵
  PID:3632
- C:\Windows\System\YqJfDwd.exe
  C:\Windows\System\YqJfDwd.exe
  2⤵
  PID:8228
- C:\Windows\System\zWhfgIi.exe
  C:\Windows\System\zWhfgIi.exe
  2⤵
  PID:8328
- C:\Windows\System\rzzONWN.exe
  C:\Windows\System\rzzONWN.exe
  2⤵
  PID:8208
- C:\Windows\System\ZAsoboF.exe
  C:\Windows\System\ZAsoboF.exe
  2⤵
  PID:8428
- C:\Windows\System\dhfehVo.exe
  C:\Windows\System\dhfehVo.exe
  2⤵
  PID:8372
- C:\Windows\System\IYpsKxU.exe
  C:\Windows\System\IYpsKxU.exe
  2⤵
  PID:8504
- C:\Windows\System\faJSqOE.exe
  C:\Windows\System\faJSqOE.exe
  2⤵
  PID:8544
- C:\Windows\System\REIhOTN.exe
  C:\Windows\System\REIhOTN.exe
  2⤵
  PID:8596
- C:\Windows\System\EjeknMW.exe
  C:\Windows\System\EjeknMW.exe
  2⤵
  PID:8676
- C:\Windows\System\TiwhlSE.exe
  C:\Windows\System\TiwhlSE.exe
  2⤵
  PID:8656
- C:\Windows\System\fcvYhNC.exe
  C:\Windows\System\fcvYhNC.exe
  2⤵
  PID:8932
- C:\Windows\System\DEqOKPS.exe
  C:\Windows\System\DEqOKPS.exe
  2⤵
  PID:8720
- C:\Windows\System\HFYNCEb.exe
  C:\Windows\System\HFYNCEb.exe
  2⤵
  PID:8768
- C:\Windows\System\FydwNnl.exe
  C:\Windows\System\FydwNnl.exe
  2⤵
  PID:8964
- C:\Windows\System\dgSuWmY.exe
  C:\Windows\System\dgSuWmY.exe
  2⤵
  PID:9016
- C:\Windows\System\qBNLwRL.exe
  C:\Windows\System\qBNLwRL.exe
  2⤵
  PID:8980
- C:\Windows\System\KEfmOtu.exe
  C:\Windows\System\KEfmOtu.exe
  2⤵
  PID:8560
- C:\Windows\System\CXmOHvb.exe
  C:\Windows\System\CXmOHvb.exe
  2⤵
  PID:9048
- C:\Windows\System\RopbvWs.exe
  C:\Windows\System\RopbvWs.exe
  2⤵
  PID:9076
- C:\Windows\System\RwXJhWJ.exe
  C:\Windows\System\RwXJhWJ.exe
  2⤵
  PID:9096
- C:\Windows\System\jZcRSHu.exe
  C:\Windows\System\jZcRSHu.exe
  2⤵
  PID:9124
- C:\Windows\System\KpxFXhj.exe
  C:\Windows\System\KpxFXhj.exe
  2⤵
  PID:9184
- C:\Windows\System\jYZMIfI.exe
  C:\Windows\System\jYZMIfI.exe
  2⤵
  PID:9140
- C:\Windows\System\SpHJPkk.exe
  C:\Windows\System\SpHJPkk.exe
  2⤵
  PID:9204
- C:\Windows\System\LNOJojB.exe
  C:\Windows\System\LNOJojB.exe
  2⤵
  PID:8056
- C:\Windows\System\EezaMMU.exe
  C:\Windows\System\EezaMMU.exe
  2⤵
  PID:7844
- C:\Windows\System\YBbHqdM.exe
  C:\Windows\System\YBbHqdM.exe
  2⤵
  PID:8296
- C:\Windows\System\CpAsgBV.exe
  C:\Windows\System\CpAsgBV.exe
  2⤵
  PID:8172
- C:\Windows\System\XwqEueE.exe
  C:\Windows\System\XwqEueE.exe
  2⤵
  PID:8436
- C:\Windows\System\aiWQGdZ.exe
  C:\Windows\System\aiWQGdZ.exe
  2⤵
  PID:8412
- C:\Windows\System\qEGOuLP.exe
  C:\Windows\System\qEGOuLP.exe
  2⤵
  PID:8628
- C:\Windows\System\aBeRuAP.exe
  C:\Windows\System\aBeRuAP.exe
  2⤵
  PID:8564
- C:\Windows\System\lcEsMzq.exe
  C:\Windows\System\lcEsMzq.exe
  2⤵
  PID:8740
- C:\Windows\System\IlSBRou.exe
  C:\Windows\System\IlSBRou.exe
  2⤵
  PID:8996
- C:\Windows\System\drhsSRs.exe
  C:\Windows\System\drhsSRs.exe
  2⤵
  PID:8948
- C:\Windows\System\JnrcgqK.exe
  C:\Windows\System\JnrcgqK.exe
  2⤵
  PID:9120
- C:\Windows\System\PXtGIvg.exe
  C:\Windows\System\PXtGIvg.exe
  2⤵
  PID:9200
- C:\Windows\System\VAXflnW.exe
  C:\Windows\System\VAXflnW.exe
  2⤵
  PID:8292
- C:\Windows\System\fFiGsVo.exe
  C:\Windows\System\fFiGsVo.exe
  2⤵
  PID:7668
- C:\Windows\System\rcOIgvQ.exe
  C:\Windows\System\rcOIgvQ.exe
  2⤵
  PID:8308
- C:\Windows\System\RNxoLUE.exe
  C:\Windows\System\RNxoLUE.exe
  2⤵
  PID:8224
- C:\Windows\System\qBVrBpX.exe
  C:\Windows\System\qBVrBpX.exe
  2⤵
  PID:8476
- C:\Windows\System\qnMupro.exe
  C:\Windows\System\qnMupro.exe
  2⤵
  PID:9188
- C:\Windows\System\CDiVpWE.exe
  C:\Windows\System\CDiVpWE.exe
  2⤵
  PID:8260
- C:\Windows\System\kKiqusR.exe
  C:\Windows\System\kKiqusR.exe
  2⤵
  PID:8548
- C:\Windows\System\bHJZcUn.exe
  C:\Windows\System\bHJZcUn.exe
  2⤵
  PID:9212
- C:\Windows\System\LDVQqkr.exe
  C:\Windows\System\LDVQqkr.exe
  2⤵
  PID:8888
- C:\Windows\System\mThYUuE.exe
  C:\Windows\System\mThYUuE.exe
  2⤵
  PID:8884
- C:\Windows\System\YVYmrMi.exe
  C:\Windows\System\YVYmrMi.exe
  2⤵
  PID:7416
- C:\Windows\System\pUZoVre.exe
  C:\Windows\System\pUZoVre.exe
  2⤵
  PID:9064
- C:\Windows\System\xfXjwDB.exe
  C:\Windows\System\xfXjwDB.exe
  2⤵
  PID:8804
- C:\Windows\System\KHcZySZ.exe
  C:\Windows\System\KHcZySZ.exe
  2⤵
  PID:8532
- C:\Windows\System\kYnNTYI.exe
  C:\Windows\System\kYnNTYI.exe
  2⤵
  PID:8388
- C:\Windows\System\VHOEPoV.exe
  C:\Windows\System\VHOEPoV.exe
  2⤵
  PID:9116
- C:\Windows\System\TZQTinc.exe
  C:\Windows\System\TZQTinc.exe
  2⤵
  PID:9236
- C:\Windows\System\GdsnFOt.exe
  C:\Windows\System\GdsnFOt.exe
  2⤵
  PID:9252
- C:\Windows\System\IETyAqK.exe
  C:\Windows\System\IETyAqK.exe
  2⤵
  PID:9268
- C:\Windows\System\hRGPORO.exe
  C:\Windows\System\hRGPORO.exe
  2⤵
  PID:9296
- C:\Windows\System\AigNBiY.exe
  C:\Windows\System\AigNBiY.exe
  2⤵
  PID:9320
- C:\Windows\System\JBswuXJ.exe
  C:\Windows\System\JBswuXJ.exe
  2⤵
  PID:9336
- C:\Windows\System\ZNXSaVQ.exe
  C:\Windows\System\ZNXSaVQ.exe
  2⤵
  PID:9352
- C:\Windows\System\IvXZhYx.exe
  C:\Windows\System\IvXZhYx.exe
  2⤵
  PID:9368
- C:\Windows\System\HpxSPYr.exe
  C:\Windows\System\HpxSPYr.exe
  2⤵
  PID:9388
- C:\Windows\System\sSFsRqX.exe
  C:\Windows\System\sSFsRqX.exe
  2⤵
  PID:9408
- C:\Windows\System\BULkCfT.exe
  C:\Windows\System\BULkCfT.exe
  2⤵
  PID:9428
- C:\Windows\System\nIeJdiB.exe
  C:\Windows\System\nIeJdiB.exe
  2⤵
  PID:9448
- C:\Windows\System\NlLSbHC.exe
  C:\Windows\System\NlLSbHC.exe
  2⤵
  PID:9472
- C:\Windows\System\dwRXrSL.exe
  C:\Windows\System\dwRXrSL.exe
  2⤵
  PID:9488
- C:\Windows\System\fvaDHwi.exe
  C:\Windows\System\fvaDHwi.exe
  2⤵
  PID:9516
- C:\Windows\System\OWfjTIp.exe
  C:\Windows\System\OWfjTIp.exe
  2⤵
  PID:9532
- C:\Windows\System\TiWXhVG.exe
  C:\Windows\System\TiWXhVG.exe
  2⤵
  PID:9556
- C:\Windows\System\UHLcSWK.exe
  C:\Windows\System\UHLcSWK.exe
  2⤵
  PID:9572
- C:\Windows\System\oKpMoPO.exe
  C:\Windows\System\oKpMoPO.exe
  2⤵
  PID:9596
- C:\Windows\System\bFaxJDN.exe
  C:\Windows\System\bFaxJDN.exe
  2⤵
  PID:9612
- C:\Windows\System\OMFvIXI.exe
  C:\Windows\System\OMFvIXI.exe
  2⤵
  PID:9632
- C:\Windows\System\MInqpuw.exe
  C:\Windows\System\MInqpuw.exe
  2⤵
  PID:9656
- C:\Windows\System\LaolLgm.exe
  C:\Windows\System\LaolLgm.exe
  2⤵
  PID:9676
- C:\Windows\System\KIYHrJu.exe
  C:\Windows\System\KIYHrJu.exe
  2⤵
  PID:9692
- C:\Windows\System\ogxNwdu.exe
  C:\Windows\System\ogxNwdu.exe
  2⤵
  PID:9716
- C:\Windows\System\aSpIEgj.exe
  C:\Windows\System\aSpIEgj.exe
  2⤵
  PID:9740
- C:\Windows\System\fpPmLHP.exe
  C:\Windows\System\fpPmLHP.exe
  2⤵
  PID:9756
- C:\Windows\System\vYYokwt.exe
  C:\Windows\System\vYYokwt.exe
  2⤵
  PID:9776
- C:\Windows\System\sLkacBr.exe
  C:\Windows\System\sLkacBr.exe
  2⤵
  PID:9796
- C:\Windows\System\cWwqami.exe
  C:\Windows\System\cWwqami.exe
  2⤵
  PID:9820
- C:\Windows\System\UHoKqzL.exe
  C:\Windows\System\UHoKqzL.exe
  2⤵
  PID:9836
- C:\Windows\System\KvXurtr.exe
  C:\Windows\System\KvXurtr.exe
  2⤵
  PID:9856
- C:\Windows\System\aOzUYZS.exe
  C:\Windows\System\aOzUYZS.exe
  2⤵
  PID:9872
- C:\Windows\System\COEvKJq.exe
  C:\Windows\System\COEvKJq.exe
  2⤵
  PID:9888
- C:\Windows\System\rXoRMSi.exe
  C:\Windows\System\rXoRMSi.exe
  2⤵
  PID:9904
- C:\Windows\System\GJCnWAx.exe
  C:\Windows\System\GJCnWAx.exe
  2⤵
  PID:9920
- C:\Windows\System\bKLYXwS.exe
  C:\Windows\System\bKLYXwS.exe
  2⤵
  PID:9936
- C:\Windows\System\gpkFkYB.exe
  C:\Windows\System\gpkFkYB.exe
  2⤵
  PID:9952
- C:\Windows\System\LlYKpPF.exe
  C:\Windows\System\LlYKpPF.exe
  2⤵
  PID:9968
- C:\Windows\System\iWWlxxB.exe
  C:\Windows\System\iWWlxxB.exe
  2⤵
  PID:9984
- C:\Windows\System\EyCIIrs.exe
  C:\Windows\System\EyCIIrs.exe
  2⤵
  PID:10000
- C:\Windows\System\ifMNgEP.exe
  C:\Windows\System\ifMNgEP.exe
  2⤵
  PID:10016
- C:\Windows\System\XFjCVyO.exe
  C:\Windows\System\XFjCVyO.exe
  2⤵
  PID:10032
- C:\Windows\System\yypAJap.exe
  C:\Windows\System\yypAJap.exe
  2⤵
  PID:10048
- C:\Windows\System\OigzQwL.exe
  C:\Windows\System\OigzQwL.exe
  2⤵
  PID:10068
- C:\Windows\System\QkEBAxs.exe
  C:\Windows\System\QkEBAxs.exe
  2⤵
  PID:10084
- C:\Windows\System\EyQHHZX.exe
  C:\Windows\System\EyQHHZX.exe
  2⤵
  PID:10100
- C:\Windows\System\AMasAFG.exe
  C:\Windows\System\AMasAFG.exe
  2⤵
  PID:10120
- C:\Windows\System\vLUssss.exe
  C:\Windows\System\vLUssss.exe
  2⤵
  PID:10136
- C:\Windows\System\DwcvgUi.exe
  C:\Windows\System\DwcvgUi.exe
  2⤵
  PID:10192
- C:\Windows\System\HZfqzIg.exe
  C:\Windows\System\HZfqzIg.exe
  2⤵
  PID:10208
- C:\Windows\System\hFveWwh.exe
  C:\Windows\System\hFveWwh.exe
  2⤵
  PID:10224
- C:\Windows\System\HDxDKKJ.exe
  C:\Windows\System\HDxDKKJ.exe
  2⤵
  PID:8520
- C:\Windows\System\sxIxGsw.exe
  C:\Windows\System\sxIxGsw.exe
  2⤵
  PID:9224
- C:\Windows\System\GdDINgv.exe
  C:\Windows\System\GdDINgv.exe
  2⤵
  PID:9244
- C:\Windows\System\PKvOKLH.exe
  C:\Windows\System\PKvOKLH.exe
  2⤵
  PID:9276
- C:\Windows\System\JIvmDgZ.exe
  C:\Windows\System\JIvmDgZ.exe
  2⤵
  PID:9304
- C:\Windows\System\TrnTKIz.exe
  C:\Windows\System\TrnTKIz.exe
  2⤵
  PID:9360
- C:\Windows\System\RAVjuyV.exe
  C:\Windows\System\RAVjuyV.exe
  2⤵
  PID:9404
- C:\Windows\System\ckQMxIP.exe
  C:\Windows\System\ckQMxIP.exe
  2⤵
  PID:9444
- C:\Windows\System\bQeSOAF.exe
  C:\Windows\System\bQeSOAF.exe
  2⤵
  PID:9312
- C:\Windows\System\nBcFKHN.exe
  C:\Windows\System\nBcFKHN.exe
  2⤵
  PID:9524
- C:\Windows\System\YbLajKz.exe
  C:\Windows\System\YbLajKz.exe
  2⤵
  PID:9416
- C:\Windows\System\BsIOpcH.exe
  C:\Windows\System\BsIOpcH.exe
  2⤵
  PID:9460
- C:\Windows\System\uBfogIg.exe
  C:\Windows\System\uBfogIg.exe
  2⤵
  PID:9500
- C:\Windows\System\CreooFo.exe
  C:\Windows\System\CreooFo.exe
  2⤵
  PID:9544
- C:\Windows\System\DLlJwSP.exe
  C:\Windows\System\DLlJwSP.exe
  2⤵
  PID:9512
- C:\Windows\System\rWZQcNs.exe
  C:\Windows\System\rWZQcNs.exe
  2⤵
  PID:9644
- C:\Windows\System\tWvsByh.exe
  C:\Windows\System\tWvsByh.exe
  2⤵
  PID:9580
- C:\Windows\System\cUmiPyf.exe
  C:\Windows\System\cUmiPyf.exe
  2⤵
  PID:9620
- C:\Windows\System\nujdnTr.exe
  C:\Windows\System\nujdnTr.exe
  2⤵
  PID:9664
- C:\Windows\System\SjuFLpp.exe
  C:\Windows\System\SjuFLpp.exe
  2⤵
  PID:9704
- C:\Windows\System\PDYXtJo.exe
  C:\Windows\System\PDYXtJo.exe
  2⤵
  PID:9728
- C:\Windows\System\GQVWxOu.exe
  C:\Windows\System\GQVWxOu.exe
  2⤵
  PID:9764
- C:\Windows\System\sbbCFeo.exe
  C:\Windows\System\sbbCFeo.exe
  2⤵
  PID:9784
- C:\Windows\System\JNHzAoa.exe
  C:\Windows\System\JNHzAoa.exe
  2⤵
  PID:9792
- C:\Windows\System\OVGFiBq.exe
  C:\Windows\System\OVGFiBq.exe
  2⤵
  PID:9812
- C:\Windows\System\aeMHivQ.exe
  C:\Windows\System\aeMHivQ.exe
  2⤵
  PID:9852
- C:\Windows\System\zzeTTdb.exe
  C:\Windows\System\zzeTTdb.exe
  2⤵
  PID:9916
- C:\Windows\System\GhDwXWr.exe
  C:\Windows\System\GhDwXWr.exe
  2⤵
  PID:9980
- C:\Windows\System\PXoBCnA.exe
  C:\Windows\System\PXoBCnA.exe
  2⤵
  PID:10008
- C:\Windows\System\jUJmyxU.exe
  C:\Windows\System\jUJmyxU.exe
  2⤵
  PID:10076
- C:\Windows\System\hNbZpgO.exe
  C:\Windows\System\hNbZpgO.exe
  2⤵
  PID:9932
- C:\Windows\System\VfYAzoE.exe
  C:\Windows\System\VfYAzoE.exe
  2⤵
  PID:10060
- C:\Windows\System\ogcuseT.exe
  C:\Windows\System\ogcuseT.exe
  2⤵
  PID:10128
- C:\Windows\System\OACXIQf.exe
  C:\Windows\System\OACXIQf.exe
  2⤵
  PID:10112
- C:\Windows\System\DtsIdtU.exe
  C:\Windows\System\DtsIdtU.exe
  2⤵
  PID:10152
- C:\Windows\System\QcuDJyG.exe
  C:\Windows\System\QcuDJyG.exe
  2⤵
  PID:10168
- C:\Windows\System\NJrjwNI.exe
  C:\Windows\System\NJrjwNI.exe
  2⤵
  PID:10188
- C:\Windows\System\FWtpcvs.exe
  C:\Windows\System\FWtpcvs.exe
  2⤵
  PID:8836
- C:\Windows\System\MuhfEMw.exe
  C:\Windows\System\MuhfEMw.exe
  2⤵
  PID:9332
- C:\Windows\System\gTJlTBx.exe
  C:\Windows\System\gTJlTBx.exe
  2⤵
  PID:9468
- C:\Windows\System\xdHEShk.exe
  C:\Windows\System\xdHEShk.exe
  2⤵
  PID:10200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CKfycFC.exe

Filesize
6.1MB

MD5
6ec8daa25baecafdf9099484388c2f62

SHA1
9f0aa243544442c887abe513049003fbe07762b8

SHA256
414428d5935e52ac792044ca01781f6d26c276e587a57bd9e8a72ea82fdd8b14

SHA512
017ce7daa73276f11792732acb41225e5a32d98ae418d5ee2492f25cfac0bc3881b7571bed274ce4aec434196944610547631378ea3983311651307a814be854

Download Submit
C:\Windows\system\CsucEIo.exe

Filesize
6.1MB

MD5
d1c4ae90130470fcc38b3495b05a5f8d

SHA1
8e962e4e0f18c02f4c97dea0ea99f6aa939347f6

SHA256
0aa16e7fc31a1b1d10178859d8161b43d7e8d9498280acb3e48b4da157bf0ffa

SHA512
82e166ea5ad874a9eccffca5cc383a3f4da063ee6d44f7d1416cc6612c7e21722bad367830dd91c9ac01374e5503ef6599900f4442591c51e53fd0a97afacda7

Download Submit
C:\Windows\system\DMPvNAv.exe

Filesize
6.1MB

MD5
1e7368b7dcfacb438c51eaf663eeece3

SHA1
07b0ea430bf73e3d47385e567fa2d4b38ba088bc

SHA256
15277f414b629ba999444ed9a79489e6613a89b7eb1ae192a2c95cffe9be5efc

SHA512
8fa3ad3aa46c3589500ecf48278df78873434ffbc5f58b962b4fb823a0f6572de3f1647b77cc33151aada25babcbc06e712c1bfd062c0965317857368724d995

Download Submit
C:\Windows\system\DsGtOQu.exe

Filesize
6.1MB

MD5
45384195790e3005f4d02846d4b4750e

SHA1
5504851d83b6b0ea233a9930af2c3bfd460d7e14

SHA256
b7c207abd23262894d71befa6108ffff8f9b3f1783625d87b0e22ed5cc9ccc8e

SHA512
fb5ceb17b215bc66237174f73ed33fff3e4e25bcc14bfe696e13af7b1cd1796b13191f36b3330e2790408d3d7e35a8905e4c026b9424fc6b60331ae097c80dab

Download Submit
C:\Windows\system\EMaLJbd.exe

Filesize
6.1MB

MD5
f897b1e1380e5458a4e7d2e1682f1136

SHA1
a0f6567783dc48323a0bbb710efbba898cef979a

SHA256
88adb9cfa5a9de8853d181a633715883ebd845d5eed556630781c4bbfc3ffef7

SHA512
be3488f13fbb8d60fe4e88afff699b3286480b8a424ef0243b75d7bd30058ffe348814ef61ee6f046c8f3e63a79fb919886fe9dad3f4f1a4f9b17ecee2e5ba62

Download Submit
C:\Windows\system\EOpjiFP.exe

Filesize
6.1MB

MD5
8b6c188d75bad272785866466a779097

SHA1
2936780dfab68f909770a0fe4ae82dc751b570d3

SHA256
f7bd979cbb01330714825bc30bf03311876777f0b1d3bfc7ae6d5eaa56d2ec1c

SHA512
c062ac1004529a712184f9440aa369b078fbaab9379a7f50b14047731e3bbae8d55644542c6fb3f9274be43ca385e2240530650ceb742c717024bd6a4202c968

Download Submit
C:\Windows\system\FWPBZAS.exe

Filesize
6.1MB

MD5
80fb0db9d77029c40edfc5e2e2dba593

SHA1
2fe34024e1bef6daa5573c51aa96e58a1b6399b6

SHA256
50512ce16356c40b90d258f526324dda44952e1d461682d2df18856566ad375e

SHA512
3cd1cc46f08ec0366e066c70b84e275936711e9eb237c93f00b5807dd0ed43e18f8eb6f857c064d05669fcc5c6aa6c5b4c55b9717e4086f3b5a31753c6db8c29

Download Submit
C:\Windows\system\IFuZczj.exe

Filesize
6.1MB

MD5
786677f40bc3c4bce0f2b439a6f969ac

SHA1
acd8b6a9e9a0bef999e7c68c014e498201361c03

SHA256
76dfbde4d057215cda3e16423132ea905f67059a427b7fb221168ebf7f894533

SHA512
334a8d93e2814a41d1f44fe8457c838d97b8f3f4f2a61ccd224be88f4daeac6fbba6606a9d79e3eb48d24c6fe84b516a4036e7a4af6e98dc794ab8b1475b3e10

Download Submit
C:\Windows\system\LLTDIXF.exe

Filesize
6.1MB

MD5
c42f012bdc35f92cbd1e19f49ee19d93

SHA1
0b07fd1f2d594d39fafaa2d478ee32a137f60d4e

SHA256
470c58b8306d3f36083ff353cb4e1513352cde22c2bba514849f06dc9f5cd843

SHA512
c65e2a72623408bfa33ae16f9950870258a9e9094effcf72dd88f41a226e4eb53301c9d2cff4a10fac9c1937b5d08dada193015d6a6e0e35e03e51ef5d62b952

Download Submit
C:\Windows\system\LxcNsAH.exe

Filesize
6.1MB

MD5
f2af4f548d5f3524e34a02af1f77279c

SHA1
4347ccbcfa0dd17ee8cb5c9fd46d92bd7f2c275c

SHA256
7c0998888a871b12b203b2a13c0b3311a3c75f9c4a84b30c0becd94edd3fd4af

SHA512
d3a294df03e623bd1a2e4c98192f67f848bec31b8cbcb5227a71d44938205154b9520caf038516e32946aab456c2c692aa14b9e412db63600dbaa556a61bb388

Download Submit
C:\Windows\system\MdEcngA.exe

Filesize
6.1MB

MD5
3fc8f4098e7104e46e8bfbdbbbd25dad

SHA1
8c733a8a1e2f6c7e172d4be093b485d824706967

SHA256
97c056238d1b9621c003e5c4724686449716414d7e10c3230e1d0f05b7f54c09

SHA512
b07b194b99d40c362e203368c7860e51718ff02a660b35c5f83bb34fea3049ac6a0cec51fd14d8d1dc6859243bda25e656629317a8f0e366c6a122f5bbf29f4b

Download Submit
C:\Windows\system\OBubbsN.exe

Filesize
6.1MB

MD5
45e9280df713f6250de2f988c5412eb0

SHA1
247be3fa2cd0c304caed5c8b31c880c2654f36a3

SHA256
d3ec1518e614994f12ea7061294080ae7600430e42e9531c6ac9b1bd834b729a

SHA512
8a6b3195489b7ea1d0f5db06e1286e1f071b656f1ad2cfddf934b6b6f01f792502838b42ec8d45911160e0022422c8e3f2eb10de70117a10566645daaba2552b

Download Submit
C:\Windows\system\OiSPqZI.exe

Filesize
6.1MB

MD5
a7d99be51f49c96bda4d698a4fd16f42

SHA1
c36b045c3fe6e7dba727029016581cad8e483157

SHA256
8f38933c721efd0d480d53028d495689415b170d77476bd6931b97998af3530d

SHA512
1adf2f6465c6d6200aa03a3d904a8846553e751d5fa55ce5174b612ce30a2120120741caaca54a0ff44420034aabf7452bacf76a26904bcdc0a402cdda2e8744

Download Submit
C:\Windows\system\QGCxDok.exe

Filesize
6.1MB

MD5
97b121b63e44c3f261e5a59d56f6d0e6

SHA1
df2b114e74ddd59d95e211ef3498db2f9405eee8

SHA256
07c9ddcee645da44475a7e3915f9ce0f84bf07675b06cdf12e283bd5220d0a77

SHA512
60aab0eaca812469b2e4134379367c0ebc8e42dec4d349b0b2e9c148ffffb43158637720d9286c3fd8307adeac368231db75c4617473c5b07c42b1711c0c1ac3

Download Submit
C:\Windows\system\VlXjUyc.exe

Filesize
6.1MB

MD5
7ddd60d6ab69584b4a692587cc6a233d

SHA1
02e0be91d4271a9845df5a3f1d3a94dd74a7a653

SHA256
0e3cc32abdd80b092e44e41fe846e952ab447ece501fdca182abecc2af97dc51

SHA512
c91dba14f913c882766b1f81efcbe048c22871c615442ced859e6f58f6e3cc2cd734d8231ddcabd28a764c15b0146bc580971c2878eea0a9262264fb5cba19bc

Download Submit
C:\Windows\system\ZVLZmra.exe

Filesize
6.1MB

MD5
95ab203d4e87ce2fd59f92f5ec3c308f

SHA1
e02e19c3191940ca324b7f4d686c97f2fadea244

SHA256
711f7af41e3703b17cd71b1fa1faca33901c181a502245d4d34e0a4ab27f5d06

SHA512
1ca8285b46a2a7212570d42d8bbc58a83d11fb8db738b8ce1d86e4c9cd08bb5e088db5a0c5fe90d1f338a09f6a91f6f3a8a61eb9b46d2abffb5f31a9ef2b2581

Download Submit
C:\Windows\system\ZayLKwe.exe

Filesize
6.1MB

MD5
66854a98469a484da8044466fceaa017

SHA1
1e911c5e5d0a4dd9ba2a05f2bf05444d502080c4

SHA256
043e34775bb347d9243316752fafcb9990a1581037f781f90f0949e0b75861d7

SHA512
53a79062f112274251c386e00fdc853b30e4132c16eca8e7d614640543c09fe9d63bdb6959f38b8378d45218be9b1f8a3728da80709da289821d3bb07dd356bd

Download Submit
C:\Windows\system\azngZTB.exe

Filesize
6.1MB

MD5
f4dca2f380a373b07eb851f028c0c288

SHA1
1820b8e598c680142a32d15e7817988ac471321c

SHA256
e2354e3fa76de38645e24c8e7159fe5fb01de5e7c07d96ef6ba45197d1112054

SHA512
998e77ee08f9cab73f5f8bda2f5dec7870c19d1df4bcdfca5e8cc3e23287f040b726fddb30837c494782fb6c48792488883098d4acafab409507aa11123b8620

Download Submit
C:\Windows\system\dFqJLQl.exe

Filesize
6.1MB

MD5
665e3ae89805f3baf6076ff35ce41941

SHA1
c2eb905dba52bdd909e240ca34a9219a56d67197

SHA256
1d2f35881cfb4e2b8fafeb4d23b3149a09972f77d47e4f2741de98287d13a866

SHA512
583f857205aca7644a8ef42541498f781e9f0e71d101ef2c38165585aa076a1b79051d09b4f8062e091257071e41611b411eafad90a8edf485066075df800875

Download Submit
C:\Windows\system\gqejWDe.exe

Filesize
6.1MB

MD5
889786fe63158ad3b3ff274ccc4ce4fb

SHA1
493b17051b5d798e030d68bef7c7c16799b3c285

SHA256
8b0b13fe38fb2230d7f7bc9daaaa968f41c68f954164c85a2b1bec1e078f5826

SHA512
803d36aa751eb31b430b920f046a87ef73eb7531c7cee4d2d5b50783cb92ed2f034e68671c59e7c7516c92d3bbde9cd344100cd2278b2aeb37179a90d01df879

Download Submit
C:\Windows\system\hyzvyee.exe

Filesize
6.1MB

MD5
4a045e301f169c69dd841b73580b9a9d

SHA1
16f772dbf09701cea26bb386a0d3eecd15efb756

SHA256
168286cb1f690c8ee6a13f204217ab9305ad44f705f6dab2dae6aba3fc7511ce

SHA512
121655a810a3c07a6edfafb74257c2d5ef1a3423ae68a7044b876ef19e2edf2ac57020833d891a212ee8e0b78988521b6bc080db8f68ed864995ff91f7e40e5a

Download Submit
C:\Windows\system\lgyToBP.exe

Filesize
6.1MB

MD5
c1cbfbba9fda12c2d117d3d3d63fe3f7

SHA1
59c9e34d8a7e4ddd9e3ec685c0fd5b720e5442f2

SHA256
96163862d872ddff1eec14c2e09859729e96b68304ba390b9a9b428d15df4317

SHA512
e74b5536e820f13ae5e4c014fa3cc14843adfd3fbca7543868483fa8bbc75dfffe204e2fef672f9c8f2a88e0a059da586c52ba4a58a3674167fe002909c24cb9

Download Submit
C:\Windows\system\pyeoXvo.exe

Filesize
6.1MB

MD5
65601ad8792b24a92f2008a5b09df44b

SHA1
14c547ff3c62bbdbdc6b9e02714d25e3297ee51a

SHA256
8f6be81694f794aa051044ccaa7ea63d08c17571022c5ea8574fb2310cdac886

SHA512
f7a9664100ed2ada1cddfebb40bd2a8a4e5fc0c0730133933e650480bbd0888e01c8b5ce9e75331de802011c1a6c5550586b4d4cd38de9e1d8618a8336eb7275

Download Submit
C:\Windows\system\sOODuCd.exe

Filesize
6.1MB

MD5
8cade8db940122bac889ea714c0f97e0

SHA1
929968391398dc983a5923133057ede44cc81559

SHA256
09d6b744a39deeb7a237e522a0086455a56d221067f2bfdefb6c4a5e6b598543

SHA512
be9443ceacb8dcf8bb62a5dd2a841e7d88b5c506e27ea18598f2d375c58f903c8224be00fce587538600c5c9b1a316ff12d057b6e54cdf455b7eb552168312bc

Download Submit
C:\Windows\system\vWNCywH.exe

Filesize
6.1MB

MD5
0390350daed0469ef81bcc1b1b83c151

SHA1
62a8632c182733a647b076749c2120bb4a94144f

SHA256
37e6a96965c57b33f57597eee637ca88879ef057b730b97634b9ad8eb5f6a330

SHA512
337471a38417b978ea545dff25c3cf4e9be33f8abe05d0eb56ee7aa01010b75494ba9cbf5644f146ae3c374ff412e8a3f8a7447783cb20463260b7a5b58f06ed

Download Submit
C:\Windows\system\vvvolqA.exe

Filesize
6.1MB

MD5
de968a53475ce027a7661366dd68951c

SHA1
3e93418ee1fda7388adf6151749418fe5fc5401a

SHA256
0df6183a7f9f84769bab42987c04a0ba03175a901a2086f804f3396ef39600c1

SHA512
fc9c1c4ca9ebe8fbb98c831388d8bbc14a0581acb30b59c7bbd2cbb0bac4bfdeb9e25391810270208381f58f9928520e97b1ddd50a0db1cc75288fa714ae4bd2

Download Submit
\Windows\system\KwcRkpM.exe

Filesize
6.1MB

MD5
8dad56386004a873367fc925d8c4571f

SHA1
086f23c8f16c3d72a9dac92a0664cb070d981985

SHA256
be738b610c47344de330b62dbc396603bcfafdd2fea57640533f68813a3818ce

SHA512
1c8c3298b2562c1b02e93048d45b9823113bc24241f67417fc671794388b3b4924a16d3ee82d6fe45d45fa1349b6906d3fcef9044befa97302276b1f87b21039

Download Submit
\Windows\system\QvoNlvq.exe

Filesize
6.1MB

MD5
c0e66e659b795e9c59202935b3df92f2

SHA1
81eb05950ff12ab9834c2ad24d88f870c0c4c9b8

SHA256
9e21a7dba5f387fe62a9a65957872802c6596d74f290969a9abee55350c3442e

SHA512
e5af2c0c1addbd0d520a2faa6f69aa5fdf1529d5d18e6078b18a0b02ade943995203585db6a1b49c2f5298702e915749ae937bcfa447a6617fc1e3dedde17248

Download Submit
\Windows\system\RsZmiCv.exe

Filesize
6.1MB

MD5
3b4461c860c4e25b73c9acf3b3ec979e

SHA1
d1f08451ff83a80b1250e3592ec74c1470b46f0d

SHA256
f1095071e89bfbcbbf0f24cc50c82a3a8405102f013ed8dfb682e08a0871a5a0

SHA512
6fd6b3b1913d2234fc7fdeb925b52d9e1b3384de507646ab2efb7c168af8858c91402d100d2819419559dcc2198d209faf7c2f2f4dd3508872c50a01f338f431

Download Submit
\Windows\system\SrZpzbv.exe

Filesize
6.1MB

MD5
7835fabda36cf9ed8a6fe6a54c44a6e2

SHA1
4d1c96cfc4a39ed8e0b0c890c7202cf242ad0a04

SHA256
2673a844f6d891b7cb0fe20d1b250fa86d5feddbeaecfbb48d3a7a287c348540

SHA512
36efe5a61a128902221e43c9217a7860753b62cc4e71e635101fcec7ec142b2b55f310d6e124efcefe84854f0f53b7b3ed86ecac8bed51d19c0d79797c4c9281

Download Submit
\Windows\system\VCgckIH.exe

Filesize
6.1MB

MD5
50e5da4445f4b27631a234132f4b66ca

SHA1
34a6f22d17082938a9e2ffff65bf90195faf512c

SHA256
8cf6f95a06336f1d151e136787de5404d8c3ef343a1a1c2d505281a6b8a085c7

SHA512
d0353039aba4ba29cf4f666db5a796a9241bd9c8872e5dc240b0d8dd3aa64c15aa0ae1539343a86f3d84b8d8b68890c2463d5c468824a131df4acd45d885de7f

Download Submit
\Windows\system\WgedHYt.exe

Filesize
6.1MB

MD5
074aab537ee44c41b230148e8f1a2316

SHA1
fb784cd7163f5220d45765d2a2ce18d61ea0c2f0

SHA256
64d4e4c2623afd9099fd331832871f8d77f66294b8f14a56c1e9fdb47caae993

SHA512
04d72e2d695f064f13a6621fbcce9edf02fe5f0564978b05eb30f8b2ad4059a93656c0e61a2e9c11a35faa5c0dc4733952db5c4dc52cba3b2a24d70149e51c50

Download Submit
\Windows\system\adNvuCO.exe

Filesize
6.1MB

MD5
7f04e30e6be32ccc4b1d6eb7ec4146ef

SHA1
3d88c93685db57e2a19f095c6935b5646d1bb9aa

SHA256
e05d54c184403587daf37135ff1c182d942a786196743b2935668fb026600d5f

SHA512
5ec991f473f2a55158edf5494463e318540a93de2283f88ce3c70193ebac67415f9ad2041ba03970fc2ddf294a24a4f733551f34e4fa55a314265247f628abb7

Download Submit
\Windows\system\dsTTfYt.exe

Filesize
6.1MB

MD5
da313ecda029c5a54c924cf834cc3bca

SHA1
f14958c4cc2caf4fcfd4a488940cfd92aa9acf97

SHA256
eaea81570a18b5b774ee0578174e3fccc002a3e83adb60066e777ebdb533576a

SHA512
b26b8110b36f115c488893f5f32244bc40068242d72b61ef62f050d3b1e37e3a3f072e6224a8235e5d4aebccb2b36b24c02ae13171470476cd876766f323811c

Download Submit
\Windows\system\mUKcrOo.exe

Filesize
6.1MB

MD5
535b04840aa977b4a4af5cb4b0ce48c6

SHA1
9404fecb8ca5910e2bd3eeac4d43515a4df50321

SHA256
b567263455f8e368bda7f72e32c25dc897951c5b568bb45a8beaa5bbbd956ec8

SHA512
746a566125b97d894c189c55af13f881141026558342f87e1ed352ffeec5e73f5dc972e91d8f7111b704a9139f4ca996d7d1d0c9ff1d5781e588e03b388ec088

Download Submit
memory/804-3944-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/804-595-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1004-3943-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1004-590-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1364-593-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1364-3954-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1416-605-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1416-3956-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/1536-4180-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/1536-609-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/1604-173-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/1604-3946-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/1672-3963-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1672-530-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1782-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1848-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2080-559-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2080-592-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2080-594-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2080-596-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-611-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-598-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-579-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-600-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-610-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2080-602-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2080-608-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2080-604-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-128-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-606-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1694-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1775-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1798-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1799-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1800-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-2089-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-531-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1853-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1807-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2080-0-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1788-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1768-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1755-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1733-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1594-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2080-1611-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-591-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-3951-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-578-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-3945-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-607-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3929-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2760-597-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3950-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2820-601-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3971-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-599-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3927-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-603-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3928-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download