cobaltstrike | d27e9996311d2874c7373881e20ca65a599c40ea042ab814c8bc5e6858d0d2bd

Analysis

max time kernel
91s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
15-09-2024 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

7992b739a171c902fb81c98a9bf113c3
SHA1

501084aad6836226bb52a3a535d0474cf4585a04
SHA256

d27e9996311d2874c7373881e20ca65a599c40ea042ab814c8bc5e6858d0d2bd
SHA512

58ffc93377ba78c376024a851c24371eba2f3177a52710826d62c417df8a2e3a630cfadedafb3ee34f30df1b9fb6c95e34fed523dd8a5222be7cc6c276fc364b
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUV:eOl56utgpPF8u/7V

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fe-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016e09-11.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001727e-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017530-19.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000175ae-27.dat	cobalt_reflective_dll
behavioral1/files/0x001a000000016dc9-31.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186ca-37.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186cc-42.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018710-51.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019605-59.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019608-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019606-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019604-57.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186d9-47.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/848-0-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fe-6.dat	xmrig
behavioral1/files/0x0008000000016e09-11.dat	xmrig
behavioral1/files/0x000800000001727e-12.dat	xmrig
behavioral1/files/0x0008000000017530-19.dat	xmrig
behavioral1/files/0x00080000000175ae-27.dat	xmrig
behavioral1/files/0x001a000000016dc9-31.dat	xmrig
behavioral1/files/0x00060000000186ca-37.dat	xmrig
behavioral1/files/0x00060000000186cc-42.dat	xmrig
behavioral1/files/0x0008000000018710-51.dat	xmrig
behavioral1/files/0x0005000000019605-59.dat	xmrig
behavioral1/memory/2452-89-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/848-66-0x00000000022A0000-0x00000000025F4000-memory.dmp	xmrig
behavioral1/memory/848-95-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019608-98.dat	xmrig
behavioral1/files/0x000500000001960c-109.dat	xmrig
behavioral1/files/0x0005000000019c3e-149.dat	xmrig
behavioral1/memory/848-642-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a075-189.dat	xmrig
behavioral1/files/0x0005000000019f8a-179.dat	xmrig
behavioral1/files/0x0005000000019f94-183.dat	xmrig
behavioral1/files/0x0005000000019dbf-173.dat	xmrig
behavioral1/files/0x0005000000019d8e-169.dat	xmrig
behavioral1/files/0x0005000000019cca-164.dat	xmrig
behavioral1/files/0x0005000000019cba-159.dat	xmrig
behavioral1/files/0x0005000000019c57-154.dat	xmrig
behavioral1/files/0x0005000000019c3c-145.dat	xmrig
behavioral1/files/0x0005000000019c34-139.dat	xmrig
behavioral1/files/0x0005000000019926-134.dat	xmrig
behavioral1/files/0x00050000000196a1-129.dat	xmrig
behavioral1/files/0x0005000000019667-124.dat	xmrig
behavioral1/files/0x000500000001961e-119.dat	xmrig
behavioral1/files/0x000500000001961c-115.dat	xmrig
behavioral1/files/0x000500000001960a-103.dat	xmrig
behavioral1/memory/2068-100-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2084-76-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/3000-74-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/3004-72-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2936-70-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/848-69-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2436-68-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2584-67-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2500-93-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2636-88-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/848-87-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2892-86-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/848-85-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2716-84-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2644-82-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019606-81.dat	xmrig
behavioral1/memory/2920-65-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019604-57.dat	xmrig
behavioral1/files/0x00060000000186d9-47.dat	xmrig
behavioral1/memory/2892-3842-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2584-3843-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2920-3854-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2084-3894-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2636-3936-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2436-3935-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2068-4081-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/3004-3875-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2644-3850-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2936-3848-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2716-3847-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2452	csAepkS.exe
2920	nDzDPVV.exe
2584	YeWeKMq.exe
2436	FlWzOVn.exe
2936	DKCVqpW.exe
3004	EmeIYST.exe
3000	sIFzgLC.exe
2084	wpDMtUl.exe
2644	mEYIXZi.exe
2716	ZEtaqPR.exe
2892	ZJtQSvx.exe
2636	TRBqVXF.exe
2500	yrHqBcf.exe
2068	YvMawfC.exe
2280	hRDJgdS.exe
2808	PqeVMzx.exe
1460	sXZxzvI.exe
1188	LASLpWs.exe
468	zMMPido.exe
1336	fBMHkZq.exe
2036	unydZWp.exe
1720	IEAHyNT.exe
2792	PmvzKjm.exe
1016	tYKzvzN.exe
2592	IzcDUcE.exe
2852	JwdrmRw.exe
1788	crRzONB.exe
2944	ynllPPy.exe
2680	IkTdTrv.exe
2128	nIrWKwo.exe
1592	VCjmkmq.exe
2156	YFTyLrL.exe
996	PmDkZDh.exe
2100	QDMdrUT.exe
316	RLoikNo.exe
2404	AuOEpHf.exe
1992	YURxhRq.exe
2196	MCryFko.exe
2684	TuRXqNv.exe
2188	KPcHGvb.exe
1704	ckFetxm.exe
2168	Rkszlsb.exe
1684	KrxrecC.exe
1696	fTCjghT.exe
940	wnXwuPX.exe
1616	FIMLsVJ.exe
1880	mcaiypz.exe
1396	pJlsrrj.exe
1864	QLZaeOz.exe
2476	FfUyEPU.exe
1724	pkTHMyb.exe
1272	rvqabVG.exe
1736	sfkjXzX.exe
2112	BWxffUk.exe
2460	OyKrveU.exe
1604	qevoXfn.exe
1744	xclirOi.exe
1296	ezJFRVz.exe
2480	Fzmjxdp.exe
2952	QODfunN.exe
2692	OEcdbzY.exe
2660	MNbCCGW.exe
2648	DMLZSjQ.exe
2608	UHsbKUE.exe

Loads dropped DLL 64 IoCs

pid	Process
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/848-0-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x00080000000120fe-6.dat	upx
behavioral1/files/0x0008000000016e09-11.dat	upx
behavioral1/files/0x000800000001727e-12.dat	upx
behavioral1/files/0x0008000000017530-19.dat	upx
behavioral1/files/0x00080000000175ae-27.dat	upx
behavioral1/files/0x001a000000016dc9-31.dat	upx
behavioral1/files/0x00060000000186ca-37.dat	upx
behavioral1/files/0x00060000000186cc-42.dat	upx
behavioral1/files/0x0008000000018710-51.dat	upx
behavioral1/files/0x0005000000019605-59.dat	upx
behavioral1/memory/2452-89-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/files/0x0005000000019608-98.dat	upx
behavioral1/files/0x000500000001960c-109.dat	upx
behavioral1/files/0x0005000000019c3e-149.dat	upx
behavioral1/memory/848-642-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x000500000001a075-189.dat	upx
behavioral1/files/0x0005000000019f8a-179.dat	upx
behavioral1/files/0x0005000000019f94-183.dat	upx
behavioral1/files/0x0005000000019dbf-173.dat	upx
behavioral1/files/0x0005000000019d8e-169.dat	upx
behavioral1/files/0x0005000000019cca-164.dat	upx
behavioral1/files/0x0005000000019cba-159.dat	upx
behavioral1/files/0x0005000000019c57-154.dat	upx
behavioral1/files/0x0005000000019c3c-145.dat	upx
behavioral1/files/0x0005000000019c34-139.dat	upx
behavioral1/files/0x0005000000019926-134.dat	upx
behavioral1/files/0x00050000000196a1-129.dat	upx
behavioral1/files/0x0005000000019667-124.dat	upx
behavioral1/files/0x000500000001961e-119.dat	upx
behavioral1/files/0x000500000001961c-115.dat	upx
behavioral1/files/0x000500000001960a-103.dat	upx
behavioral1/memory/2068-100-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2084-76-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/3000-74-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/3004-72-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2936-70-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2436-68-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2584-67-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2500-93-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2636-88-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2892-86-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2716-84-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2644-82-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x0005000000019606-81.dat	upx
behavioral1/memory/2920-65-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0005000000019604-57.dat	upx
behavioral1/files/0x00060000000186d9-47.dat	upx
behavioral1/memory/2892-3842-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2584-3843-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2920-3854-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2084-3894-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2636-3936-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2436-3935-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2068-4081-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/3004-3875-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2644-3850-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2936-3848-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2716-3847-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2500-3846-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2452-3845-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/3000-3844-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zMMPido.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\euYQwFZ.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EfDYFal.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmeIYST.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WcNSIQo.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tCDGHDA.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PkgzKeV.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTeDaDJ.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hbAbjnm.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFaOGnr.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JNjCBUt.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFbNKSw.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LaauAPX.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GicrEhm.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lamSHBi.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQsGsuf.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RtxxXIa.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IrPkTOj.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnafLeD.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wHfTTfE.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YeLmFFn.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZyDFSYP.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HKsmgLK.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEYIXZi.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqEiMBn.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnVSnyA.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdNBQbG.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YtYaRCX.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuRXqNv.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvqabVG.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IkgwIhs.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EEzXGCB.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fYEvKOz.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UozGtPu.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FlWzOVn.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hNsffsH.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmJLnjm.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\grzSQtJ.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYXLIDY.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xXRYoRA.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBCHoIa.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bRqgEvC.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WTAoMzq.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wqIVqKf.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aKoplQu.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QDMdrUT.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gGYaUXE.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ghvByyF.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vMazfYV.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afxtjlL.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pcGhZEQ.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVpoasR.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTQfGkw.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MIDNlGS.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iXlTBUn.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\McIzWSU.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cLQnkeR.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\awxkDOD.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hdPLBgu.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\luKiuhG.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYZcKjx.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCXbBta.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GaSoqoB.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gCoWbFN.exe	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 2452	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 848 wrote to memory of 2452	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 848 wrote to memory of 2452	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 848 wrote to memory of 2920	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 848 wrote to memory of 2920	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 848 wrote to memory of 2920	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 848 wrote to memory of 2584	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 848 wrote to memory of 2584	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 848 wrote to memory of 2584	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 848 wrote to memory of 2436	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 848 wrote to memory of 2436	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 848 wrote to memory of 2436	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 848 wrote to memory of 2936	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 848 wrote to memory of 2936	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 848 wrote to memory of 2936	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 848 wrote to memory of 3004	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 848 wrote to memory of 3004	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 848 wrote to memory of 3004	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 848 wrote to memory of 3000	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 848 wrote to memory of 3000	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 848 wrote to memory of 3000	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 848 wrote to memory of 2084	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 848 wrote to memory of 2084	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 848 wrote to memory of 2084	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 848 wrote to memory of 2644	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 848 wrote to memory of 2644	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 848 wrote to memory of 2644	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 848 wrote to memory of 2716	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 848 wrote to memory of 2716	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 848 wrote to memory of 2716	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 848 wrote to memory of 2892	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 848 wrote to memory of 2892	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 848 wrote to memory of 2892	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 848 wrote to memory of 2636	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 848 wrote to memory of 2636	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 848 wrote to memory of 2636	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 848 wrote to memory of 2500	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 848 wrote to memory of 2500	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 848 wrote to memory of 2500	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 848 wrote to memory of 2068	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 848 wrote to memory of 2068	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 848 wrote to memory of 2068	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 848 wrote to memory of 2280	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 848 wrote to memory of 2280	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 848 wrote to memory of 2280	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 848 wrote to memory of 2808	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 848 wrote to memory of 2808	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 848 wrote to memory of 2808	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 848 wrote to memory of 1460	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 848 wrote to memory of 1460	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 848 wrote to memory of 1460	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 848 wrote to memory of 1188	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 848 wrote to memory of 1188	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 848 wrote to memory of 1188	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 848 wrote to memory of 468	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 848 wrote to memory of 468	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 848 wrote to memory of 468	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 848 wrote to memory of 1336	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 848 wrote to memory of 1336	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 848 wrote to memory of 1336	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 848 wrote to memory of 2036	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 848 wrote to memory of 2036	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 848 wrote to memory of 2036	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 848 wrote to memory of 1720	848	2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-15_7992b739a171c902fb81c98a9bf113c3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:848
- C:\Windows\System\csAepkS.exe
  C:\Windows\System\csAepkS.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\nDzDPVV.exe
  C:\Windows\System\nDzDPVV.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\YeWeKMq.exe
  C:\Windows\System\YeWeKMq.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\FlWzOVn.exe
  C:\Windows\System\FlWzOVn.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\DKCVqpW.exe
  C:\Windows\System\DKCVqpW.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\EmeIYST.exe
  C:\Windows\System\EmeIYST.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\sIFzgLC.exe
  C:\Windows\System\sIFzgLC.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\wpDMtUl.exe
  C:\Windows\System\wpDMtUl.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\mEYIXZi.exe
  C:\Windows\System\mEYIXZi.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\ZEtaqPR.exe
  C:\Windows\System\ZEtaqPR.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\ZJtQSvx.exe
  C:\Windows\System\ZJtQSvx.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\TRBqVXF.exe
  C:\Windows\System\TRBqVXF.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\yrHqBcf.exe
  C:\Windows\System\yrHqBcf.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\YvMawfC.exe
  C:\Windows\System\YvMawfC.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\hRDJgdS.exe
  C:\Windows\System\hRDJgdS.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\PqeVMzx.exe
  C:\Windows\System\PqeVMzx.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\sXZxzvI.exe
  C:\Windows\System\sXZxzvI.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\LASLpWs.exe
  C:\Windows\System\LASLpWs.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\zMMPido.exe
  C:\Windows\System\zMMPido.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\fBMHkZq.exe
  C:\Windows\System\fBMHkZq.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\unydZWp.exe
  C:\Windows\System\unydZWp.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\IEAHyNT.exe
  C:\Windows\System\IEAHyNT.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\PmvzKjm.exe
  C:\Windows\System\PmvzKjm.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\tYKzvzN.exe
  C:\Windows\System\tYKzvzN.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\IzcDUcE.exe
  C:\Windows\System\IzcDUcE.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\JwdrmRw.exe
  C:\Windows\System\JwdrmRw.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\crRzONB.exe
  C:\Windows\System\crRzONB.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\ynllPPy.exe
  C:\Windows\System\ynllPPy.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\IkTdTrv.exe
  C:\Windows\System\IkTdTrv.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\nIrWKwo.exe
  C:\Windows\System\nIrWKwo.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\VCjmkmq.exe
  C:\Windows\System\VCjmkmq.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\YFTyLrL.exe
  C:\Windows\System\YFTyLrL.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\PmDkZDh.exe
  C:\Windows\System\PmDkZDh.exe
  2⤵
  - Executes dropped EXE
  PID:996
- C:\Windows\System\QDMdrUT.exe
  C:\Windows\System\QDMdrUT.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\RLoikNo.exe
  C:\Windows\System\RLoikNo.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\AuOEpHf.exe
  C:\Windows\System\AuOEpHf.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\YURxhRq.exe
  C:\Windows\System\YURxhRq.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\MCryFko.exe
  C:\Windows\System\MCryFko.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\TuRXqNv.exe
  C:\Windows\System\TuRXqNv.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\KPcHGvb.exe
  C:\Windows\System\KPcHGvb.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\ckFetxm.exe
  C:\Windows\System\ckFetxm.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\Rkszlsb.exe
  C:\Windows\System\Rkszlsb.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\KrxrecC.exe
  C:\Windows\System\KrxrecC.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\fTCjghT.exe
  C:\Windows\System\fTCjghT.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\wnXwuPX.exe
  C:\Windows\System\wnXwuPX.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\FIMLsVJ.exe
  C:\Windows\System\FIMLsVJ.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\mcaiypz.exe
  C:\Windows\System\mcaiypz.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\pJlsrrj.exe
  C:\Windows\System\pJlsrrj.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\QLZaeOz.exe
  C:\Windows\System\QLZaeOz.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\sfkjXzX.exe
  C:\Windows\System\sfkjXzX.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\FfUyEPU.exe
  C:\Windows\System\FfUyEPU.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\BWxffUk.exe
  C:\Windows\System\BWxffUk.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\pkTHMyb.exe
  C:\Windows\System\pkTHMyb.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\OyKrveU.exe
  C:\Windows\System\OyKrveU.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\rvqabVG.exe
  C:\Windows\System\rvqabVG.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\qevoXfn.exe
  C:\Windows\System\qevoXfn.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\xclirOi.exe
  C:\Windows\System\xclirOi.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\ezJFRVz.exe
  C:\Windows\System\ezJFRVz.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\Fzmjxdp.exe
  C:\Windows\System\Fzmjxdp.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\QODfunN.exe
  C:\Windows\System\QODfunN.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\OEcdbzY.exe
  C:\Windows\System\OEcdbzY.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\MNbCCGW.exe
  C:\Windows\System\MNbCCGW.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\DMLZSjQ.exe
  C:\Windows\System\DMLZSjQ.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\UHsbKUE.exe
  C:\Windows\System\UHsbKUE.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\CuUxCja.exe
  C:\Windows\System\CuUxCja.exe
  2⤵
  PID:2740
- C:\Windows\System\evAZJLP.exe
  C:\Windows\System\evAZJLP.exe
  2⤵
  PID:1160
- C:\Windows\System\HiBmNsN.exe
  C:\Windows\System\HiBmNsN.exe
  2⤵
  PID:2828
- C:\Windows\System\EBwzFBO.exe
  C:\Windows\System\EBwzFBO.exe
  2⤵
  PID:1324
- C:\Windows\System\mKtFJQU.exe
  C:\Windows\System\mKtFJQU.exe
  2⤵
  PID:840
- C:\Windows\System\ggWCWqP.exe
  C:\Windows\System\ggWCWqP.exe
  2⤵
  PID:1728
- C:\Windows\System\GmBIITa.exe
  C:\Windows\System\GmBIITa.exe
  2⤵
  PID:2564
- C:\Windows\System\aYZcKjx.exe
  C:\Windows\System\aYZcKjx.exe
  2⤵
  PID:580
- C:\Windows\System\QDwLRnf.exe
  C:\Windows\System\QDwLRnf.exe
  2⤵
  PID:2872
- C:\Windows\System\XyShghs.exe
  C:\Windows\System\XyShghs.exe
  2⤵
  PID:332
- C:\Windows\System\jbmuOWO.exe
  C:\Windows\System\jbmuOWO.exe
  2⤵
  PID:2544
- C:\Windows\System\OCsEriS.exe
  C:\Windows\System\OCsEriS.exe
  2⤵
  PID:2144
- C:\Windows\System\TEbHxhe.exe
  C:\Windows\System\TEbHxhe.exe
  2⤵
  PID:760
- C:\Windows\System\zdUfDcw.exe
  C:\Windows\System\zdUfDcw.exe
  2⤵
  PID:844
- C:\Windows\System\xXRYoRA.exe
  C:\Windows\System\xXRYoRA.exe
  2⤵
  PID:2408
- C:\Windows\System\iVPtZbB.exe
  C:\Windows\System\iVPtZbB.exe
  2⤵
  PID:2364
- C:\Windows\System\cckPpMz.exe
  C:\Windows\System\cckPpMz.exe
  2⤵
  PID:2900
- C:\Windows\System\ZWOuVFC.exe
  C:\Windows\System\ZWOuVFC.exe
  2⤵
  PID:1572
- C:\Windows\System\qEFfprB.exe
  C:\Windows\System\qEFfprB.exe
  2⤵
  PID:1804
- C:\Windows\System\GuGkKij.exe
  C:\Windows\System\GuGkKij.exe
  2⤵
  PID:1972
- C:\Windows\System\ebnqSDa.exe
  C:\Windows\System\ebnqSDa.exe
  2⤵
  PID:1988
- C:\Windows\System\jUYgvqJ.exe
  C:\Windows\System\jUYgvqJ.exe
  2⤵
  PID:1996
- C:\Windows\System\wITwqRa.exe
  C:\Windows\System\wITwqRa.exe
  2⤵
  PID:2320
- C:\Windows\System\xlLdzyt.exe
  C:\Windows\System\xlLdzyt.exe
  2⤵
  PID:2312
- C:\Windows\System\pOkmyYm.exe
  C:\Windows\System\pOkmyYm.exe
  2⤵
  PID:1524
- C:\Windows\System\qSeuIkE.exe
  C:\Windows\System\qSeuIkE.exe
  2⤵
  PID:1560
- C:\Windows\System\pQCYTNY.exe
  C:\Windows\System\pQCYTNY.exe
  2⤵
  PID:2052
- C:\Windows\System\IkgwIhs.exe
  C:\Windows\System\IkgwIhs.exe
  2⤵
  PID:1612
- C:\Windows\System\beyUCwW.exe
  C:\Windows\System\beyUCwW.exe
  2⤵
  PID:1280
- C:\Windows\System\FOvndwX.exe
  C:\Windows\System\FOvndwX.exe
  2⤵
  PID:2932
- C:\Windows\System\yTQfGkw.exe
  C:\Windows\System\yTQfGkw.exe
  2⤵
  PID:2992
- C:\Windows\System\MROreSW.exe
  C:\Windows\System\MROreSW.exe
  2⤵
  PID:2888
- C:\Windows\System\WAHEYYS.exe
  C:\Windows\System\WAHEYYS.exe
  2⤵
  PID:484
- C:\Windows\System\KcOwUBf.exe
  C:\Windows\System\KcOwUBf.exe
  2⤵
  PID:2776
- C:\Windows\System\iIwTjTJ.exe
  C:\Windows\System\iIwTjTJ.exe
  2⤵
  PID:2108
- C:\Windows\System\ASnwJtz.exe
  C:\Windows\System\ASnwJtz.exe
  2⤵
  PID:2812
- C:\Windows\System\LfvsCIk.exe
  C:\Windows\System\LfvsCIk.exe
  2⤵
  PID:2040
- C:\Windows\System\SzztqkM.exe
  C:\Windows\System\SzztqkM.exe
  2⤵
  PID:1000
- C:\Windows\System\MuiiTUy.exe
  C:\Windows\System\MuiiTUy.exe
  2⤵
  PID:2276
- C:\Windows\System\RzGoukl.exe
  C:\Windows\System\RzGoukl.exe
  2⤵
  PID:1664
- C:\Windows\System\FazUPaa.exe
  C:\Windows\System\FazUPaa.exe
  2⤵
  PID:768
- C:\Windows\System\zyYOgWC.exe
  C:\Windows\System\zyYOgWC.exe
  2⤵
  PID:916
- C:\Windows\System\ZTRcUzE.exe
  C:\Windows\System\ZTRcUzE.exe
  2⤵
  PID:1092
- C:\Windows\System\KabAOfz.exe
  C:\Windows\System\KabAOfz.exe
  2⤵
  PID:2332
- C:\Windows\System\TJgvxSI.exe
  C:\Windows\System\TJgvxSI.exe
  2⤵
  PID:1764
- C:\Windows\System\bsmewRj.exe
  C:\Windows\System\bsmewRj.exe
  2⤵
  PID:2928
- C:\Windows\System\PmgVhnC.exe
  C:\Windows\System\PmgVhnC.exe
  2⤵
  PID:2192
- C:\Windows\System\tvdPSnf.exe
  C:\Windows\System\tvdPSnf.exe
  2⤵
  PID:2220
- C:\Windows\System\VEMNPMQ.exe
  C:\Windows\System\VEMNPMQ.exe
  2⤵
  PID:2072
- C:\Windows\System\UiForED.exe
  C:\Windows\System\UiForED.exe
  2⤵
  PID:2308
- C:\Windows\System\qLdrKzL.exe
  C:\Windows\System\qLdrKzL.exe
  2⤵
  PID:1632
- C:\Windows\System\tHrJsuq.exe
  C:\Windows\System\tHrJsuq.exe
  2⤵
  PID:2164
- C:\Windows\System\CwLDOoo.exe
  C:\Windows\System\CwLDOoo.exe
  2⤵
  PID:1500
- C:\Windows\System\SrdmOAT.exe
  C:\Windows\System\SrdmOAT.exe
  2⤵
  PID:2492
- C:\Windows\System\fLPRDax.exe
  C:\Windows\System\fLPRDax.exe
  2⤵
  PID:3092
- C:\Windows\System\kjxHuUF.exe
  C:\Windows\System\kjxHuUF.exe
  2⤵
  PID:3108
- C:\Windows\System\kWwwBGe.exe
  C:\Windows\System\kWwwBGe.exe
  2⤵
  PID:3124
- C:\Windows\System\jodPAdP.exe
  C:\Windows\System\jodPAdP.exe
  2⤵
  PID:3148
- C:\Windows\System\buGbHNj.exe
  C:\Windows\System\buGbHNj.exe
  2⤵
  PID:3168
- C:\Windows\System\NtIkzPe.exe
  C:\Windows\System\NtIkzPe.exe
  2⤵
  PID:3196
- C:\Windows\System\UTxCsmR.exe
  C:\Windows\System\UTxCsmR.exe
  2⤵
  PID:3212
- C:\Windows\System\ppAeFBY.exe
  C:\Windows\System\ppAeFBY.exe
  2⤵
  PID:3236
- C:\Windows\System\GAYnrWi.exe
  C:\Windows\System\GAYnrWi.exe
  2⤵
  PID:3256
- C:\Windows\System\oaKzXTT.exe
  C:\Windows\System\oaKzXTT.exe
  2⤵
  PID:3272
- C:\Windows\System\TocivNU.exe
  C:\Windows\System\TocivNU.exe
  2⤵
  PID:3296
- C:\Windows\System\rZuVxGR.exe
  C:\Windows\System\rZuVxGR.exe
  2⤵
  PID:3316
- C:\Windows\System\TcOhmgQ.exe
  C:\Windows\System\TcOhmgQ.exe
  2⤵
  PID:3332
- C:\Windows\System\hNsffsH.exe
  C:\Windows\System\hNsffsH.exe
  2⤵
  PID:3348
- C:\Windows\System\RMmQfrm.exe
  C:\Windows\System\RMmQfrm.exe
  2⤵
  PID:3364
- C:\Windows\System\gFKtGLX.exe
  C:\Windows\System\gFKtGLX.exe
  2⤵
  PID:3380
- C:\Windows\System\uIledhT.exe
  C:\Windows\System\uIledhT.exe
  2⤵
  PID:3396
- C:\Windows\System\EEzXGCB.exe
  C:\Windows\System\EEzXGCB.exe
  2⤵
  PID:3412
- C:\Windows\System\ozAHkHh.exe
  C:\Windows\System\ozAHkHh.exe
  2⤵
  PID:3428
- C:\Windows\System\NbtIgfX.exe
  C:\Windows\System\NbtIgfX.exe
  2⤵
  PID:3444
- C:\Windows\System\CDVflFj.exe
  C:\Windows\System\CDVflFj.exe
  2⤵
  PID:3460
- C:\Windows\System\BjTIxPt.exe
  C:\Windows\System\BjTIxPt.exe
  2⤵
  PID:3476
- C:\Windows\System\xrEHLqF.exe
  C:\Windows\System\xrEHLqF.exe
  2⤵
  PID:3492
- C:\Windows\System\VfbVrPI.exe
  C:\Windows\System\VfbVrPI.exe
  2⤵
  PID:3508
- C:\Windows\System\XEDjFHc.exe
  C:\Windows\System\XEDjFHc.exe
  2⤵
  PID:3524
- C:\Windows\System\dGKIJbZ.exe
  C:\Windows\System\dGKIJbZ.exe
  2⤵
  PID:3540
- C:\Windows\System\KFvzInx.exe
  C:\Windows\System\KFvzInx.exe
  2⤵
  PID:3556
- C:\Windows\System\XCgkYLg.exe
  C:\Windows\System\XCgkYLg.exe
  2⤵
  PID:3572
- C:\Windows\System\ChWGfRu.exe
  C:\Windows\System\ChWGfRu.exe
  2⤵
  PID:3588
- C:\Windows\System\eIkqxkh.exe
  C:\Windows\System\eIkqxkh.exe
  2⤵
  PID:3608
- C:\Windows\System\viSNVhG.exe
  C:\Windows\System\viSNVhG.exe
  2⤵
  PID:3632
- C:\Windows\System\MBnHVhl.exe
  C:\Windows\System\MBnHVhl.exe
  2⤵
  PID:3648
- C:\Windows\System\zKyOWxX.exe
  C:\Windows\System\zKyOWxX.exe
  2⤵
  PID:3664
- C:\Windows\System\ZzRSWtZ.exe
  C:\Windows\System\ZzRSWtZ.exe
  2⤵
  PID:3680
- C:\Windows\System\gGYaUXE.exe
  C:\Windows\System\gGYaUXE.exe
  2⤵
  PID:3696
- C:\Windows\System\TVyoQnM.exe
  C:\Windows\System\TVyoQnM.exe
  2⤵
  PID:3712
- C:\Windows\System\naVUJaS.exe
  C:\Windows\System\naVUJaS.exe
  2⤵
  PID:3728
- C:\Windows\System\ZViYdQX.exe
  C:\Windows\System\ZViYdQX.exe
  2⤵
  PID:3744
- C:\Windows\System\PjLOnxt.exe
  C:\Windows\System\PjLOnxt.exe
  2⤵
  PID:3760
- C:\Windows\System\eBStkif.exe
  C:\Windows\System\eBStkif.exe
  2⤵
  PID:3776
- C:\Windows\System\KsROFIr.exe
  C:\Windows\System\KsROFIr.exe
  2⤵
  PID:3796
- C:\Windows\System\oywzwKF.exe
  C:\Windows\System\oywzwKF.exe
  2⤵
  PID:3828
- C:\Windows\System\dfnhXKV.exe
  C:\Windows\System\dfnhXKV.exe
  2⤵
  PID:3852
- C:\Windows\System\xrVSsZD.exe
  C:\Windows\System\xrVSsZD.exe
  2⤵
  PID:3868
- C:\Windows\System\ozNoPIO.exe
  C:\Windows\System\ozNoPIO.exe
  2⤵
  PID:3884
- C:\Windows\System\iKcNTZV.exe
  C:\Windows\System\iKcNTZV.exe
  2⤵
  PID:3900
- C:\Windows\System\jsKvVHK.exe
  C:\Windows\System\jsKvVHK.exe
  2⤵
  PID:3916
- C:\Windows\System\mFbVjjt.exe
  C:\Windows\System\mFbVjjt.exe
  2⤵
  PID:3932
- C:\Windows\System\EDMPUdV.exe
  C:\Windows\System\EDMPUdV.exe
  2⤵
  PID:3948
- C:\Windows\System\iptZGWH.exe
  C:\Windows\System\iptZGWH.exe
  2⤵
  PID:3964
- C:\Windows\System\hfVSfFj.exe
  C:\Windows\System\hfVSfFj.exe
  2⤵
  PID:3980
- C:\Windows\System\NGpxaBs.exe
  C:\Windows\System\NGpxaBs.exe
  2⤵
  PID:3996
- C:\Windows\System\kDiFomM.exe
  C:\Windows\System\kDiFomM.exe
  2⤵
  PID:4012
- C:\Windows\System\HtjeUnd.exe
  C:\Windows\System\HtjeUnd.exe
  2⤵
  PID:4028
- C:\Windows\System\wpacHZB.exe
  C:\Windows\System\wpacHZB.exe
  2⤵
  PID:4044
- C:\Windows\System\UVHSsHK.exe
  C:\Windows\System\UVHSsHK.exe
  2⤵
  PID:4060
- C:\Windows\System\rPSlUCi.exe
  C:\Windows\System\rPSlUCi.exe
  2⤵
  PID:4076
- C:\Windows\System\UPXOfsz.exe
  C:\Windows\System\UPXOfsz.exe
  2⤵
  PID:1344
- C:\Windows\System\lyXBlse.exe
  C:\Windows\System\lyXBlse.exe
  2⤵
  PID:1596
- C:\Windows\System\VjQbdQL.exe
  C:\Windows\System\VjQbdQL.exe
  2⤵
  PID:396
- C:\Windows\System\wKczozi.exe
  C:\Windows\System\wKczozi.exe
  2⤵
  PID:1956
- C:\Windows\System\LIJktRJ.exe
  C:\Windows\System\LIJktRJ.exe
  2⤵
  PID:2272
- C:\Windows\System\mlVuTSI.exe
  C:\Windows\System\mlVuTSI.exe
  2⤵
  PID:2748
- C:\Windows\System\sUMlaco.exe
  C:\Windows\System\sUMlaco.exe
  2⤵
  PID:1652
- C:\Windows\System\pskKTet.exe
  C:\Windows\System\pskKTet.exe
  2⤵
  PID:900
- C:\Windows\System\zjABAtj.exe
  C:\Windows\System\zjABAtj.exe
  2⤵
  PID:3080
- C:\Windows\System\rvmSvbI.exe
  C:\Windows\System\rvmSvbI.exe
  2⤵
  PID:3564
- C:\Windows\System\omPkVwn.exe
  C:\Windows\System\omPkVwn.exe
  2⤵
  PID:3604
- C:\Windows\System\tgwmLiJ.exe
  C:\Windows\System\tgwmLiJ.exe
  2⤵
  PID:3292
- C:\Windows\System\aMQLlmU.exe
  C:\Windows\System\aMQLlmU.exe
  2⤵
  PID:3676
- C:\Windows\System\eVyNhRO.exe
  C:\Windows\System\eVyNhRO.exe
  2⤵
  PID:3740
- C:\Windows\System\lpVKQqE.exe
  C:\Windows\System\lpVKQqE.exe
  2⤵
  PID:3204
- C:\Windows\System\PRMiorC.exe
  C:\Windows\System\PRMiorC.exe
  2⤵
  PID:3252
- C:\Windows\System\xKOTlbK.exe
  C:\Windows\System\xKOTlbK.exe
  2⤵
  PID:3552
- C:\Windows\System\LjwXMsM.exe
  C:\Windows\System\LjwXMsM.exe
  2⤵
  PID:3616
- C:\Windows\System\YSWwMMj.exe
  C:\Windows\System\YSWwMMj.exe
  2⤵
  PID:3516
- C:\Windows\System\bYkjmEX.exe
  C:\Windows\System\bYkjmEX.exe
  2⤵
  PID:3452
- C:\Windows\System\JlFpDBV.exe
  C:\Windows\System\JlFpDBV.exe
  2⤵
  PID:3388
- C:\Windows\System\FQsGsuf.exe
  C:\Windows\System\FQsGsuf.exe
  2⤵
  PID:3808
- C:\Windows\System\yXeqKPK.exe
  C:\Windows\System\yXeqKPK.exe
  2⤵
  PID:1688
- C:\Windows\System\efMJTda.exe
  C:\Windows\System\efMJTda.exe
  2⤵
  PID:3864
- C:\Windows\System\HHEJlKt.exe
  C:\Windows\System\HHEJlKt.exe
  2⤵
  PID:3956
- C:\Windows\System\jSEAnhx.exe
  C:\Windows\System\jSEAnhx.exe
  2⤵
  PID:4020
- C:\Windows\System\cmBjrKB.exe
  C:\Windows\System\cmBjrKB.exe
  2⤵
  PID:1888
- C:\Windows\System\exZbrxY.exe
  C:\Windows\System\exZbrxY.exe
  2⤵
  PID:3784
- C:\Windows\System\xUhpsWS.exe
  C:\Windows\System\xUhpsWS.exe
  2⤵
  PID:3840
- C:\Windows\System\PQfKsHQ.exe
  C:\Windows\System\PQfKsHQ.exe
  2⤵
  PID:3688
- C:\Windows\System\RBCHoIa.exe
  C:\Windows\System\RBCHoIa.exe
  2⤵
  PID:3876
- C:\Windows\System\ICUTOkR.exe
  C:\Windows\System\ICUTOkR.exe
  2⤵
  PID:3100
- C:\Windows\System\KNCOnAF.exe
  C:\Windows\System\KNCOnAF.exe
  2⤵
  PID:1156
- C:\Windows\System\vaGUcMo.exe
  C:\Windows\System\vaGUcMo.exe
  2⤵
  PID:3880
- C:\Windows\System\aUcKSCi.exe
  C:\Windows\System\aUcKSCi.exe
  2⤵
  PID:3944
- C:\Windows\System\qhWgAXu.exe
  C:\Windows\System\qhWgAXu.exe
  2⤵
  PID:3184
- C:\Windows\System\ehlylhx.exe
  C:\Windows\System\ehlylhx.exe
  2⤵
  PID:4072
- C:\Windows\System\AiTMwPv.exe
  C:\Windows\System\AiTMwPv.exe
  2⤵
  PID:2420
- C:\Windows\System\XyxjDun.exe
  C:\Windows\System\XyxjDun.exe
  2⤵
  PID:908
- C:\Windows\System\RtxxXIa.exe
  C:\Windows\System\RtxxXIa.exe
  2⤵
  PID:3192
- C:\Windows\System\WcNSIQo.exe
  C:\Windows\System\WcNSIQo.exe
  2⤵
  PID:3340
- C:\Windows\System\pJgoKPh.exe
  C:\Windows\System\pJgoKPh.exe
  2⤵
  PID:3404
- C:\Windows\System\pzyIvnv.exe
  C:\Windows\System\pzyIvnv.exe
  2⤵
  PID:3284
- C:\Windows\System\enCvHaD.exe
  C:\Windows\System\enCvHaD.exe
  2⤵
  PID:3504
- C:\Windows\System\YisNPmk.exe
  C:\Windows\System\YisNPmk.exe
  2⤵
  PID:1032
- C:\Windows\System\cqWvauj.exe
  C:\Windows\System\cqWvauj.exe
  2⤵
  PID:4056
- C:\Windows\System\NndBsZW.exe
  C:\Windows\System\NndBsZW.exe
  2⤵
  PID:3752
- C:\Windows\System\NANZUyH.exe
  C:\Windows\System\NANZUyH.exe
  2⤵
  PID:3656
- C:\Windows\System\aCWazVU.exe
  C:\Windows\System\aCWazVU.exe
  2⤵
  PID:876
- C:\Windows\System\ddXAfHt.exe
  C:\Windows\System\ddXAfHt.exe
  2⤵
  PID:4068
- C:\Windows\System\kxinCuS.exe
  C:\Windows\System\kxinCuS.exe
  2⤵
  PID:3228
- C:\Windows\System\TNsPfry.exe
  C:\Windows\System\TNsPfry.exe
  2⤵
  PID:3268
- C:\Windows\System\QLwIsrI.exe
  C:\Windows\System\QLwIsrI.exe
  2⤵
  PID:3436
- C:\Windows\System\IrPkTOj.exe
  C:\Windows\System\IrPkTOj.exe
  2⤵
  PID:572
- C:\Windows\System\pTPehAp.exe
  C:\Windows\System\pTPehAp.exe
  2⤵
  PID:3992
- C:\Windows\System\LDtQmEr.exe
  C:\Windows\System\LDtQmEr.exe
  2⤵
  PID:3692
- C:\Windows\System\fNLxQnk.exe
  C:\Windows\System\fNLxQnk.exe
  2⤵
  PID:3136
- C:\Windows\System\HNHyCDC.exe
  C:\Windows\System\HNHyCDC.exe
  2⤵
  PID:4008
- C:\Windows\System\cMpaDni.exe
  C:\Windows\System\cMpaDni.exe
  2⤵
  PID:1624
- C:\Windows\System\gMRpvhl.exe
  C:\Windows\System\gMRpvhl.exe
  2⤵
  PID:3372
- C:\Windows\System\zAPmANc.exe
  C:\Windows\System\zAPmANc.exe
  2⤵
  PID:3456
- C:\Windows\System\IoGlbMt.exe
  C:\Windows\System\IoGlbMt.exe
  2⤵
  PID:3116
- C:\Windows\System\UpvIqna.exe
  C:\Windows\System\UpvIqna.exe
  2⤵
  PID:3248
- C:\Windows\System\VZbOPMY.exe
  C:\Windows\System\VZbOPMY.exe
  2⤵
  PID:3420
- C:\Windows\System\ZFOAmgH.exe
  C:\Windows\System\ZFOAmgH.exe
  2⤵
  PID:3896
- C:\Windows\System\UbtDXGG.exe
  C:\Windows\System\UbtDXGG.exe
  2⤵
  PID:2236
- C:\Windows\System\HucmOJy.exe
  C:\Windows\System\HucmOJy.exe
  2⤵
  PID:4112
- C:\Windows\System\XGUXYXQ.exe
  C:\Windows\System\XGUXYXQ.exe
  2⤵
  PID:4128
- C:\Windows\System\TqCQfrl.exe
  C:\Windows\System\TqCQfrl.exe
  2⤵
  PID:4144
- C:\Windows\System\AJAgPpZ.exe
  C:\Windows\System\AJAgPpZ.exe
  2⤵
  PID:4160
- C:\Windows\System\ddehmuf.exe
  C:\Windows\System\ddehmuf.exe
  2⤵
  PID:4176
- C:\Windows\System\bsJMgrH.exe
  C:\Windows\System\bsJMgrH.exe
  2⤵
  PID:4192
- C:\Windows\System\OtsvBTI.exe
  C:\Windows\System\OtsvBTI.exe
  2⤵
  PID:4208
- C:\Windows\System\YxfGGTL.exe
  C:\Windows\System\YxfGGTL.exe
  2⤵
  PID:4224
- C:\Windows\System\nHzJpLW.exe
  C:\Windows\System\nHzJpLW.exe
  2⤵
  PID:4240
- C:\Windows\System\MIDNlGS.exe
  C:\Windows\System\MIDNlGS.exe
  2⤵
  PID:4272
- C:\Windows\System\ITsGLnL.exe
  C:\Windows\System\ITsGLnL.exe
  2⤵
  PID:4288
- C:\Windows\System\pVmsgwu.exe
  C:\Windows\System\pVmsgwu.exe
  2⤵
  PID:4304
- C:\Windows\System\QRKksQN.exe
  C:\Windows\System\QRKksQN.exe
  2⤵
  PID:4320
- C:\Windows\System\LiMWiOj.exe
  C:\Windows\System\LiMWiOj.exe
  2⤵
  PID:4340
- C:\Windows\System\DFkGaqE.exe
  C:\Windows\System\DFkGaqE.exe
  2⤵
  PID:4356
- C:\Windows\System\tVLibWh.exe
  C:\Windows\System\tVLibWh.exe
  2⤵
  PID:4372
- C:\Windows\System\ZhYbpfc.exe
  C:\Windows\System\ZhYbpfc.exe
  2⤵
  PID:4388
- C:\Windows\System\YODBBgt.exe
  C:\Windows\System\YODBBgt.exe
  2⤵
  PID:4404
- C:\Windows\System\LStJPEG.exe
  C:\Windows\System\LStJPEG.exe
  2⤵
  PID:4420
- C:\Windows\System\yqgbLVY.exe
  C:\Windows\System\yqgbLVY.exe
  2⤵
  PID:4436
- C:\Windows\System\allQiVS.exe
  C:\Windows\System\allQiVS.exe
  2⤵
  PID:4452
- C:\Windows\System\AtjBBvO.exe
  C:\Windows\System\AtjBBvO.exe
  2⤵
  PID:4468
- C:\Windows\System\aVafypU.exe
  C:\Windows\System\aVafypU.exe
  2⤵
  PID:4484
- C:\Windows\System\tqEiMBn.exe
  C:\Windows\System\tqEiMBn.exe
  2⤵
  PID:4500
- C:\Windows\System\vvDIdUj.exe
  C:\Windows\System\vvDIdUj.exe
  2⤵
  PID:4516
- C:\Windows\System\qGGWgMs.exe
  C:\Windows\System\qGGWgMs.exe
  2⤵
  PID:4532
- C:\Windows\System\RVzDfbI.exe
  C:\Windows\System\RVzDfbI.exe
  2⤵
  PID:4548
- C:\Windows\System\DHQRkJK.exe
  C:\Windows\System\DHQRkJK.exe
  2⤵
  PID:4564
- C:\Windows\System\ILQcpAy.exe
  C:\Windows\System\ILQcpAy.exe
  2⤵
  PID:4580
- C:\Windows\System\oQJNYmg.exe
  C:\Windows\System\oQJNYmg.exe
  2⤵
  PID:4596
- C:\Windows\System\qOwkUdc.exe
  C:\Windows\System\qOwkUdc.exe
  2⤵
  PID:4612
- C:\Windows\System\ngAetnZ.exe
  C:\Windows\System\ngAetnZ.exe
  2⤵
  PID:4628
- C:\Windows\System\KsFOmhH.exe
  C:\Windows\System\KsFOmhH.exe
  2⤵
  PID:4644
- C:\Windows\System\rjjZolO.exe
  C:\Windows\System\rjjZolO.exe
  2⤵
  PID:4660
- C:\Windows\System\gOuOlXu.exe
  C:\Windows\System\gOuOlXu.exe
  2⤵
  PID:4676
- C:\Windows\System\eRlyYCS.exe
  C:\Windows\System\eRlyYCS.exe
  2⤵
  PID:4692
- C:\Windows\System\tDXUVVj.exe
  C:\Windows\System\tDXUVVj.exe
  2⤵
  PID:4708
- C:\Windows\System\GvMKkQf.exe
  C:\Windows\System\GvMKkQf.exe
  2⤵
  PID:4724
- C:\Windows\System\wmSBAIP.exe
  C:\Windows\System\wmSBAIP.exe
  2⤵
  PID:4740
- C:\Windows\System\pxXuyiH.exe
  C:\Windows\System\pxXuyiH.exe
  2⤵
  PID:4760
- C:\Windows\System\UKVtIaC.exe
  C:\Windows\System\UKVtIaC.exe
  2⤵
  PID:4776
- C:\Windows\System\pqgdvOF.exe
  C:\Windows\System\pqgdvOF.exe
  2⤵
  PID:4792
- C:\Windows\System\ekKLCle.exe
  C:\Windows\System\ekKLCle.exe
  2⤵
  PID:4808
- C:\Windows\System\ByuTtgZ.exe
  C:\Windows\System\ByuTtgZ.exe
  2⤵
  PID:4824
- C:\Windows\System\idDRhTe.exe
  C:\Windows\System\idDRhTe.exe
  2⤵
  PID:4840
- C:\Windows\System\KhZydiB.exe
  C:\Windows\System\KhZydiB.exe
  2⤵
  PID:4856
- C:\Windows\System\ADfFONe.exe
  C:\Windows\System\ADfFONe.exe
  2⤵
  PID:4872
- C:\Windows\System\tnafLeD.exe
  C:\Windows\System\tnafLeD.exe
  2⤵
  PID:4888
- C:\Windows\System\IJcQLfJ.exe
  C:\Windows\System\IJcQLfJ.exe
  2⤵
  PID:4904
- C:\Windows\System\aEdGFVq.exe
  C:\Windows\System\aEdGFVq.exe
  2⤵
  PID:4920
- C:\Windows\System\jnoETjV.exe
  C:\Windows\System\jnoETjV.exe
  2⤵
  PID:4936
- C:\Windows\System\JFmhntA.exe
  C:\Windows\System\JFmhntA.exe
  2⤵
  PID:4952
- C:\Windows\System\bRqgEvC.exe
  C:\Windows\System\bRqgEvC.exe
  2⤵
  PID:4968
- C:\Windows\System\QYVLYhe.exe
  C:\Windows\System\QYVLYhe.exe
  2⤵
  PID:4984
- C:\Windows\System\VfxYEMx.exe
  C:\Windows\System\VfxYEMx.exe
  2⤵
  PID:5000
- C:\Windows\System\YyEanev.exe
  C:\Windows\System\YyEanev.exe
  2⤵
  PID:5016
- C:\Windows\System\UkOXWyU.exe
  C:\Windows\System\UkOXWyU.exe
  2⤵
  PID:5076
- C:\Windows\System\snhsRJh.exe
  C:\Windows\System\snhsRJh.exe
  2⤵
  PID:5092
- C:\Windows\System\WjTOjdx.exe
  C:\Windows\System\WjTOjdx.exe
  2⤵
  PID:5108
- C:\Windows\System\GwEtGcJ.exe
  C:\Windows\System\GwEtGcJ.exe
  2⤵
  PID:3064
- C:\Windows\System\uxUCzyh.exe
  C:\Windows\System\uxUCzyh.exe
  2⤵
  PID:3220
- C:\Windows\System\mvIUwXo.exe
  C:\Windows\System\mvIUwXo.exe
  2⤵
  PID:3988
- C:\Windows\System\CJPZgJS.exe
  C:\Windows\System\CJPZgJS.exe
  2⤵
  PID:2288
- C:\Windows\System\lVzNlqw.exe
  C:\Windows\System\lVzNlqw.exe
  2⤵
  PID:3736
- C:\Windows\System\NQeQWqx.exe
  C:\Windows\System\NQeQWqx.exe
  2⤵
  PID:3820
- C:\Windows\System\KJeVHPe.exe
  C:\Windows\System\KJeVHPe.exe
  2⤵
  PID:4136
- C:\Windows\System\fHLJOSg.exe
  C:\Windows\System\fHLJOSg.exe
  2⤵
  PID:4200
- C:\Windows\System\ybFeZHI.exe
  C:\Windows\System\ybFeZHI.exe
  2⤵
  PID:2624
- C:\Windows\System\YakznXr.exe
  C:\Windows\System\YakznXr.exe
  2⤵
  PID:4316
- C:\Windows\System\XReDyfK.exe
  C:\Windows\System\XReDyfK.exe
  2⤵
  PID:4476
- C:\Windows\System\esHckkd.exe
  C:\Windows\System\esHckkd.exe
  2⤵
  PID:4152
- C:\Windows\System\Tjcjtlc.exe
  C:\Windows\System\Tjcjtlc.exe
  2⤵
  PID:4216
- C:\Windows\System\ySIUcXI.exe
  C:\Windows\System\ySIUcXI.exe
  2⤵
  PID:4252
- C:\Windows\System\wRkLDzD.exe
  C:\Windows\System\wRkLDzD.exe
  2⤵
  PID:4052
- C:\Windows\System\WLzXOht.exe
  C:\Windows\System\WLzXOht.exe
  2⤵
  PID:4636
- C:\Windows\System\ZzftpwG.exe
  C:\Windows\System\ZzftpwG.exe
  2⤵
  PID:3772
- C:\Windows\System\ZCaHZFk.exe
  C:\Windows\System\ZCaHZFk.exe
  2⤵
  PID:4864
- C:\Windows\System\WTAoMzq.exe
  C:\Windows\System\WTAoMzq.exe
  2⤵
  PID:4928
- C:\Windows\System\RBLXyee.exe
  C:\Windows\System\RBLXyee.exe
  2⤵
  PID:4996
- C:\Windows\System\xsiCJGo.exe
  C:\Windows\System\xsiCJGo.exe
  2⤵
  PID:5040
- C:\Windows\System\ghvByyF.exe
  C:\Windows\System\ghvByyF.exe
  2⤵
  PID:5060
- C:\Windows\System\xWhhDMe.exe
  C:\Windows\System\xWhhDMe.exe
  2⤵
  PID:5028
- C:\Windows\System\EyZhsuv.exe
  C:\Windows\System\EyZhsuv.exe
  2⤵
  PID:4784
- C:\Windows\System\DPVzVgN.exe
  C:\Windows\System\DPVzVgN.exe
  2⤵
  PID:3132
- C:\Windows\System\loIefRw.exe
  C:\Windows\System\loIefRw.exe
  2⤵
  PID:4172
- C:\Windows\System\EwhqgzE.exe
  C:\Windows\System\EwhqgzE.exe
  2⤵
  PID:4540
- C:\Windows\System\OsCfONX.exe
  C:\Windows\System\OsCfONX.exe
  2⤵
  PID:3472
- C:\Windows\System\hOPKMIG.exe
  C:\Windows\System\hOPKMIG.exe
  2⤵
  PID:4880
- C:\Windows\System\rTHsJzl.exe
  C:\Windows\System\rTHsJzl.exe
  2⤵
  PID:5012
- C:\Windows\System\egiZffk.exe
  C:\Windows\System\egiZffk.exe
  2⤵
  PID:4948
- C:\Windows\System\Xuwuvin.exe
  C:\Windows\System\Xuwuvin.exe
  2⤵
  PID:2524
- C:\Windows\System\uNueayk.exe
  C:\Windows\System\uNueayk.exe
  2⤵
  PID:4380
- C:\Windows\System\SOmtXJH.exe
  C:\Windows\System\SOmtXJH.exe
  2⤵
  PID:3584
- C:\Windows\System\OGWfCfg.exe
  C:\Windows\System\OGWfCfg.exe
  2⤵
  PID:4088
- C:\Windows\System\UKUNzCL.exe
  C:\Windows\System\UKUNzCL.exe
  2⤵
  PID:4188
- C:\Windows\System\dhqRSgX.exe
  C:\Windows\System\dhqRSgX.exe
  2⤵
  PID:3060
- C:\Windows\System\nWPxBAk.exe
  C:\Windows\System\nWPxBAk.exe
  2⤵
  PID:5032
- C:\Windows\System\ETuFaXm.exe
  C:\Windows\System\ETuFaXm.exe
  2⤵
  PID:4800
- C:\Windows\System\AYnEiAp.exe
  C:\Windows\System\AYnEiAp.exe
  2⤵
  PID:4964
- C:\Windows\System\lehPUAq.exe
  C:\Windows\System\lehPUAq.exe
  2⤵
  PID:4700
- C:\Windows\System\qFRuhHw.exe
  C:\Windows\System\qFRuhHw.exe
  2⤵
  PID:4268
- C:\Windows\System\dqWrOjp.exe
  C:\Windows\System\dqWrOjp.exe
  2⤵
  PID:4368
- C:\Windows\System\aHFDSMa.exe
  C:\Windows\System\aHFDSMa.exe
  2⤵
  PID:3040
- C:\Windows\System\UFaOGnr.exe
  C:\Windows\System\UFaOGnr.exe
  2⤵
  PID:4428
- C:\Windows\System\nAdIYSJ.exe
  C:\Windows\System\nAdIYSJ.exe
  2⤵
  PID:5056
- C:\Windows\System\xvQWVzZ.exe
  C:\Windows\System\xvQWVzZ.exe
  2⤵
  PID:3816
- C:\Windows\System\HxfzZLa.exe
  C:\Windows\System\HxfzZLa.exe
  2⤵
  PID:4608
- C:\Windows\System\DtESeZr.exe
  C:\Windows\System\DtESeZr.exe
  2⤵
  PID:2972
- C:\Windows\System\XgFyWHv.exe
  C:\Windows\System\XgFyWHv.exe
  2⤵
  PID:4620
- C:\Windows\System\uClcJcp.exe
  C:\Windows\System\uClcJcp.exe
  2⤵
  PID:4528
- C:\Windows\System\WvZiXho.exe
  C:\Windows\System\WvZiXho.exe
  2⤵
  PID:4464
- C:\Windows\System\HiovVLj.exe
  C:\Windows\System\HiovVLj.exe
  2⤵
  PID:4412
- C:\Windows\System\IyMTCgA.exe
  C:\Windows\System\IyMTCgA.exe
  2⤵
  PID:1256
- C:\Windows\System\VhPwizO.exe
  C:\Windows\System\VhPwizO.exe
  2⤵
  PID:4124
- C:\Windows\System\RsHwudU.exe
  C:\Windows\System\RsHwudU.exe
  2⤵
  PID:3976
- C:\Windows\System\asalOhI.exe
  C:\Windows\System\asalOhI.exe
  2⤵
  PID:3836
- C:\Windows\System\QgEPwkM.exe
  C:\Windows\System\QgEPwkM.exe
  2⤵
  PID:4960
- C:\Windows\System\sBmfHkv.exe
  C:\Windows\System\sBmfHkv.exe
  2⤵
  PID:4300
- C:\Windows\System\PDWOwOd.exe
  C:\Windows\System\PDWOwOd.exe
  2⤵
  PID:2060
- C:\Windows\System\EcFYwHh.exe
  C:\Windows\System\EcFYwHh.exe
  2⤵
  PID:3860
- C:\Windows\System\QTcvHUC.exe
  C:\Windows\System\QTcvHUC.exe
  2⤵
  PID:5084
- C:\Windows\System\JNjCBUt.exe
  C:\Windows\System\JNjCBUt.exe
  2⤵
  PID:4492
- C:\Windows\System\fWWgwLH.exe
  C:\Windows\System\fWWgwLH.exe
  2⤵
  PID:4896
- C:\Windows\System\QyHcwoB.exe
  C:\Windows\System\QyHcwoB.exe
  2⤵
  PID:3312
- C:\Windows\System\PqsOWeB.exe
  C:\Windows\System\PqsOWeB.exe
  2⤵
  PID:4820
- C:\Windows\System\ddMLQBd.exe
  C:\Windows\System\ddMLQBd.exe
  2⤵
  PID:4848
- C:\Windows\System\gkRqJOs.exe
  C:\Windows\System\gkRqJOs.exe
  2⤵
  PID:3792
- C:\Windows\System\gyQdFZv.exe
  C:\Windows\System\gyQdFZv.exe
  2⤵
  PID:4352
- C:\Windows\System\sDppQXM.exe
  C:\Windows\System\sDppQXM.exe
  2⤵
  PID:4736
- C:\Windows\System\ueKrQEf.exe
  C:\Windows\System\ueKrQEf.exe
  2⤵
  PID:5128
- C:\Windows\System\FBTXdcU.exe
  C:\Windows\System\FBTXdcU.exe
  2⤵
  PID:5144
- C:\Windows\System\ZLEOZRf.exe
  C:\Windows\System\ZLEOZRf.exe
  2⤵
  PID:5160
- C:\Windows\System\avyRdFR.exe
  C:\Windows\System\avyRdFR.exe
  2⤵
  PID:5176
- C:\Windows\System\JyePwdQ.exe
  C:\Windows\System\JyePwdQ.exe
  2⤵
  PID:5196
- C:\Windows\System\zibMCuR.exe
  C:\Windows\System\zibMCuR.exe
  2⤵
  PID:5220
- C:\Windows\System\ZIhJOdn.exe
  C:\Windows\System\ZIhJOdn.exe
  2⤵
  PID:5344
- C:\Windows\System\pKzPtnT.exe
  C:\Windows\System\pKzPtnT.exe
  2⤵
  PID:5364
- C:\Windows\System\shfQPbE.exe
  C:\Windows\System\shfQPbE.exe
  2⤵
  PID:5380
- C:\Windows\System\SOiliqQ.exe
  C:\Windows\System\SOiliqQ.exe
  2⤵
  PID:5396
- C:\Windows\System\Zvtiush.exe
  C:\Windows\System\Zvtiush.exe
  2⤵
  PID:5412
- C:\Windows\System\UuinDww.exe
  C:\Windows\System\UuinDww.exe
  2⤵
  PID:5428
- C:\Windows\System\LUfqTya.exe
  C:\Windows\System\LUfqTya.exe
  2⤵
  PID:5444
- C:\Windows\System\kcEsRqs.exe
  C:\Windows\System\kcEsRqs.exe
  2⤵
  PID:5460
- C:\Windows\System\NStnRcB.exe
  C:\Windows\System\NStnRcB.exe
  2⤵
  PID:5476
- C:\Windows\System\iQQqtNO.exe
  C:\Windows\System\iQQqtNO.exe
  2⤵
  PID:5492
- C:\Windows\System\TFkYfNU.exe
  C:\Windows\System\TFkYfNU.exe
  2⤵
  PID:5512
- C:\Windows\System\ETgiRhn.exe
  C:\Windows\System\ETgiRhn.exe
  2⤵
  PID:5536
- C:\Windows\System\xxsiZYZ.exe
  C:\Windows\System\xxsiZYZ.exe
  2⤵
  PID:5552
- C:\Windows\System\HGPuJLn.exe
  C:\Windows\System\HGPuJLn.exe
  2⤵
  PID:5576
- C:\Windows\System\ILndPJz.exe
  C:\Windows\System\ILndPJz.exe
  2⤵
  PID:5596
- C:\Windows\System\TpLDlxB.exe
  C:\Windows\System\TpLDlxB.exe
  2⤵
  PID:5612
- C:\Windows\System\gCyqGgD.exe
  C:\Windows\System\gCyqGgD.exe
  2⤵
  PID:5632
- C:\Windows\System\oYZskma.exe
  C:\Windows\System\oYZskma.exe
  2⤵
  PID:5648
- C:\Windows\System\QtnLgHD.exe
  C:\Windows\System\QtnLgHD.exe
  2⤵
  PID:5668
- C:\Windows\System\gotfwsR.exe
  C:\Windows\System\gotfwsR.exe
  2⤵
  PID:5684
- C:\Windows\System\vMazfYV.exe
  C:\Windows\System\vMazfYV.exe
  2⤵
  PID:5700
- C:\Windows\System\GZcfKRu.exe
  C:\Windows\System\GZcfKRu.exe
  2⤵
  PID:5716
- C:\Windows\System\vUGTKyO.exe
  C:\Windows\System\vUGTKyO.exe
  2⤵
  PID:5740
- C:\Windows\System\iPNEiWe.exe
  C:\Windows\System\iPNEiWe.exe
  2⤵
  PID:5756
- C:\Windows\System\KXrVjwP.exe
  C:\Windows\System\KXrVjwP.exe
  2⤵
  PID:5772
- C:\Windows\System\UmooXzA.exe
  C:\Windows\System\UmooXzA.exe
  2⤵
  PID:5788
- C:\Windows\System\qFaoqxt.exe
  C:\Windows\System\qFaoqxt.exe
  2⤵
  PID:5804
- C:\Windows\System\UqfKTHm.exe
  C:\Windows\System\UqfKTHm.exe
  2⤵
  PID:5820
- C:\Windows\System\kJqPeul.exe
  C:\Windows\System\kJqPeul.exe
  2⤵
  PID:5836
- C:\Windows\System\hSrppaf.exe
  C:\Windows\System\hSrppaf.exe
  2⤵
  PID:5852
- C:\Windows\System\jVIuAkd.exe
  C:\Windows\System\jVIuAkd.exe
  2⤵
  PID:5868
- C:\Windows\System\Fqqprbk.exe
  C:\Windows\System\Fqqprbk.exe
  2⤵
  PID:5884
- C:\Windows\System\yxdqyKw.exe
  C:\Windows\System\yxdqyKw.exe
  2⤵
  PID:5900
- C:\Windows\System\LQvevmX.exe
  C:\Windows\System\LQvevmX.exe
  2⤵
  PID:5916
- C:\Windows\System\lmRjvMe.exe
  C:\Windows\System\lmRjvMe.exe
  2⤵
  PID:5964
- C:\Windows\System\KSkPRnk.exe
  C:\Windows\System\KSkPRnk.exe
  2⤵
  PID:5980
- C:\Windows\System\uKbYpDE.exe
  C:\Windows\System\uKbYpDE.exe
  2⤵
  PID:6000
- C:\Windows\System\yOfVMJq.exe
  C:\Windows\System\yOfVMJq.exe
  2⤵
  PID:6016
- C:\Windows\System\MfsTbpW.exe
  C:\Windows\System\MfsTbpW.exe
  2⤵
  PID:6032
- C:\Windows\System\RFgnXpu.exe
  C:\Windows\System\RFgnXpu.exe
  2⤵
  PID:6048
- C:\Windows\System\jFbNKSw.exe
  C:\Windows\System\jFbNKSw.exe
  2⤵
  PID:6068
- C:\Windows\System\eWiBgxC.exe
  C:\Windows\System\eWiBgxC.exe
  2⤵
  PID:6088
- C:\Windows\System\SBnRhxt.exe
  C:\Windows\System\SBnRhxt.exe
  2⤵
  PID:6104
- C:\Windows\System\iBjCKyc.exe
  C:\Windows\System\iBjCKyc.exe
  2⤵
  PID:6124
- C:\Windows\System\hSoAMkg.exe
  C:\Windows\System\hSoAMkg.exe
  2⤵
  PID:6140
- C:\Windows\System\raTQEDI.exe
  C:\Windows\System\raTQEDI.exe
  2⤵
  PID:4284
- C:\Windows\System\DmRsTCB.exe
  C:\Windows\System\DmRsTCB.exe
  2⤵
  PID:2536
- C:\Windows\System\OmMbKEm.exe
  C:\Windows\System\OmMbKEm.exe
  2⤵
  PID:4668
- C:\Windows\System\maNrFbB.exe
  C:\Windows\System\maNrFbB.exe
  2⤵
  PID:2208
- C:\Windows\System\VTYevHn.exe
  C:\Windows\System\VTYevHn.exe
  2⤵
  PID:4364
- C:\Windows\System\vAHbcUc.exe
  C:\Windows\System\vAHbcUc.exe
  2⤵
  PID:5172
- C:\Windows\System\zeNfNsn.exe
  C:\Windows\System\zeNfNsn.exe
  2⤵
  PID:4576
- C:\Windows\System\aXkukbY.exe
  C:\Windows\System\aXkukbY.exe
  2⤵
  PID:4040
- C:\Windows\System\jCXbBta.exe
  C:\Windows\System\jCXbBta.exe
  2⤵
  PID:4108
- C:\Windows\System\PHYjmJr.exe
  C:\Windows\System\PHYjmJr.exe
  2⤵
  PID:4684
- C:\Windows\System\uoNpdHv.exe
  C:\Windows\System\uoNpdHv.exe
  2⤵
  PID:4432
- C:\Windows\System\aUGeNdU.exe
  C:\Windows\System\aUGeNdU.exe
  2⤵
  PID:2984
- C:\Windows\System\zoSeNQy.exe
  C:\Windows\System\zoSeNQy.exe
  2⤵
  PID:5388
- C:\Windows\System\ulvAcQg.exe
  C:\Windows\System\ulvAcQg.exe
  2⤵
  PID:5452
- C:\Windows\System\djLOpEN.exe
  C:\Windows\System\djLOpEN.exe
  2⤵
  PID:5488
- C:\Windows\System\pJwCdIi.exe
  C:\Windows\System\pJwCdIi.exe
  2⤵
  PID:5228
- C:\Windows\System\LlzFfuY.exe
  C:\Windows\System\LlzFfuY.exe
  2⤵
  PID:5524
- C:\Windows\System\GXeYzpm.exe
  C:\Windows\System\GXeYzpm.exe
  2⤵
  PID:5560
- C:\Windows\System\MekffYF.exe
  C:\Windows\System\MekffYF.exe
  2⤵
  PID:5572
- C:\Windows\System\KyhxGTT.exe
  C:\Windows\System\KyhxGTT.exe
  2⤵
  PID:5236
- C:\Windows\System\hBAJBDV.exe
  C:\Windows\System\hBAJBDV.exe
  2⤵
  PID:5640
- C:\Windows\System\BrHQZcw.exe
  C:\Windows\System\BrHQZcw.exe
  2⤵
  PID:5244
- C:\Windows\System\kalYeNM.exe
  C:\Windows\System\kalYeNM.exe
  2⤵
  PID:5752
- C:\Windows\System\epdOZDB.exe
  C:\Windows\System\epdOZDB.exe
  2⤵
  PID:5816
- C:\Windows\System\zHhcByi.exe
  C:\Windows\System\zHhcByi.exe
  2⤵
  PID:5880
- C:\Windows\System\jBWuHwl.exe
  C:\Windows\System\jBWuHwl.exe
  2⤵
  PID:5972
- C:\Windows\System\HtGNKKJ.exe
  C:\Windows\System\HtGNKKJ.exe
  2⤵
  PID:5976
- C:\Windows\System\WxjxRkz.exe
  C:\Windows\System\WxjxRkz.exe
  2⤵
  PID:2248
- C:\Windows\System\SlHKGAe.exe
  C:\Windows\System\SlHKGAe.exe
  2⤵
  PID:3264
- C:\Windows\System\qhYHFdV.exe
  C:\Windows\System\qhYHFdV.exe
  2⤵
  PID:5156
- C:\Windows\System\yEjlTDw.exe
  C:\Windows\System\yEjlTDw.exe
  2⤵
  PID:5124
- C:\Windows\System\kuFdoTt.exe
  C:\Windows\System\kuFdoTt.exe
  2⤵
  PID:5072
- C:\Windows\System\LkpvAPM.exe
  C:\Windows\System\LkpvAPM.exe
  2⤵
  PID:4312
- C:\Windows\System\RexUHeU.exe
  C:\Windows\System\RexUHeU.exe
  2⤵
  PID:6120
- C:\Windows\System\ZVCOOEP.exe
  C:\Windows\System\ZVCOOEP.exe
  2⤵
  PID:5252
- C:\Windows\System\lKYXojW.exe
  C:\Windows\System\lKYXojW.exe
  2⤵
  PID:5276
- C:\Windows\System\lIvyZBD.exe
  C:\Windows\System\lIvyZBD.exe
  2⤵
  PID:4508
- C:\Windows\System\SrlLELj.exe
  C:\Windows\System\SrlLELj.exe
  2⤵
  PID:5292
- C:\Windows\System\PtOEhrM.exe
  C:\Windows\System\PtOEhrM.exe
  2⤵
  PID:5308
- C:\Windows\System\cmgyreC.exe
  C:\Windows\System\cmgyreC.exe
  2⤵
  PID:5324
- C:\Windows\System\ZbhiVOa.exe
  C:\Windows\System\ZbhiVOa.exe
  2⤵
  PID:4768
- C:\Windows\System\aGaIqnx.exe
  C:\Windows\System\aGaIqnx.exe
  2⤵
  PID:5436
- C:\Windows\System\gHknKYE.exe
  C:\Windows\System\gHknKYE.exe
  2⤵
  PID:5472
- C:\Windows\System\WhofmhJ.exe
  C:\Windows\System\WhofmhJ.exe
  2⤵
  PID:5544
- C:\Windows\System\JVRqLSk.exe
  C:\Windows\System\JVRqLSk.exe
  2⤵
  PID:5592
- C:\Windows\System\lNoaCAU.exe
  C:\Windows\System\lNoaCAU.exe
  2⤵
  PID:5656
- C:\Windows\System\SUniCER.exe
  C:\Windows\System\SUniCER.exe
  2⤵
  PID:5696
- C:\Windows\System\cmdbOdc.exe
  C:\Windows\System\cmdbOdc.exe
  2⤵
  PID:5736
- C:\Windows\System\LjcpJMH.exe
  C:\Windows\System\LjcpJMH.exe
  2⤵
  PID:5212
- C:\Windows\System\boKijLb.exe
  C:\Windows\System\boKijLb.exe
  2⤵
  PID:5948
- C:\Windows\System\IjcVnny.exe
  C:\Windows\System\IjcVnny.exe
  2⤵
  PID:5996
- C:\Windows\System\CdLonvD.exe
  C:\Windows\System\CdLonvD.exe
  2⤵
  PID:4460
- C:\Windows\System\wiODkWM.exe
  C:\Windows\System\wiODkWM.exe
  2⤵
  PID:6132
- C:\Windows\System\SPAyXEW.exe
  C:\Windows\System\SPAyXEW.exe
  2⤵
  PID:6056
- C:\Windows\System\AUJhZFz.exe
  C:\Windows\System\AUJhZFz.exe
  2⤵
  PID:5988
- C:\Windows\System\VRYGMlV.exe
  C:\Windows\System\VRYGMlV.exe
  2⤵
  PID:5892
- C:\Windows\System\rxwlGlz.exe
  C:\Windows\System\rxwlGlz.exe
  2⤵
  PID:5828
- C:\Windows\System\qMPDtfx.exe
  C:\Windows\System\qMPDtfx.exe
  2⤵
  PID:4444
- C:\Windows\System\htmGeJn.exe
  C:\Windows\System\htmGeJn.exe
  2⤵
  PID:3520
- C:\Windows\System\yUZgRvH.exe
  C:\Windows\System\yUZgRvH.exe
  2⤵
  PID:4716
- C:\Windows\System\fwpXJSo.exe
  C:\Windows\System\fwpXJSo.exe
  2⤵
  PID:5360
- C:\Windows\System\LPkZPYg.exe
  C:\Windows\System\LPkZPYg.exe
  2⤵
  PID:5424
- C:\Windows\System\iFJluEC.exe
  C:\Windows\System\iFJluEC.exe
  2⤵
  PID:5528
- C:\Windows\System\opPqEYY.exe
  C:\Windows\System\opPqEYY.exe
  2⤵
  PID:2656
- C:\Windows\System\AdBZRMW.exe
  C:\Windows\System\AdBZRMW.exe
  2⤵
  PID:5608
- C:\Windows\System\MPhSjBB.exe
  C:\Windows\System\MPhSjBB.exe
  2⤵
  PID:1700
- C:\Windows\System\KqQPyCB.exe
  C:\Windows\System\KqQPyCB.exe
  2⤵
  PID:5408
- C:\Windows\System\rYRXYla.exe
  C:\Windows\System\rYRXYla.exe
  2⤵
  PID:5188
- C:\Windows\System\DKSwWeT.exe
  C:\Windows\System\DKSwWeT.exe
  2⤵
  PID:6112
- C:\Windows\System\RWNrFkD.exe
  C:\Windows\System\RWNrFkD.exe
  2⤵
  PID:4900
- C:\Windows\System\iasnCax.exe
  C:\Windows\System\iasnCax.exe
  2⤵
  PID:5284
- C:\Windows\System\umGPvnv.exe
  C:\Windows\System\umGPvnv.exe
  2⤵
  PID:5468
- C:\Windows\System\NLuxglN.exe
  C:\Windows\System\NLuxglN.exe
  2⤵
  PID:5508
- C:\Windows\System\MFUtgjg.exe
  C:\Windows\System\MFUtgjg.exe
  2⤵
  PID:5628
- C:\Windows\System\RPjTnMJ.exe
  C:\Windows\System\RPjTnMJ.exe
  2⤵
  PID:5732
- C:\Windows\System\nujoRoS.exe
  C:\Windows\System\nujoRoS.exe
  2⤵
  PID:4560
- C:\Windows\System\vURNUFM.exe
  C:\Windows\System\vURNUFM.exe
  2⤵
  PID:5624
- C:\Windows\System\nPiQDtR.exe
  C:\Windows\System\nPiQDtR.exe
  2⤵
  PID:5564
- C:\Windows\System\IhTKVec.exe
  C:\Windows\System\IhTKVec.exe
  2⤵
  PID:5800
- C:\Windows\System\JtyFzSB.exe
  C:\Windows\System\JtyFzSB.exe
  2⤵
  PID:4556
- C:\Windows\System\KasaWJO.exe
  C:\Windows\System\KasaWJO.exe
  2⤵
  PID:2552
- C:\Windows\System\ucNrCvz.exe
  C:\Windows\System\ucNrCvz.exe
  2⤵
  PID:2572
- C:\Windows\System\KYbZyOx.exe
  C:\Windows\System\KYbZyOx.exe
  2⤵
  PID:5960
- C:\Windows\System\KlWhoHZ.exe
  C:\Windows\System\KlWhoHZ.exe
  2⤵
  PID:5860
- C:\Windows\System\WWKmnXK.exe
  C:\Windows\System\WWKmnXK.exe
  2⤵
  PID:2676
- C:\Windows\System\CANrnNw.exe
  C:\Windows\System\CANrnNw.exe
  2⤵
  PID:5336
- C:\Windows\System\KNANvCe.exe
  C:\Windows\System\KNANvCe.exe
  2⤵
  PID:5604
- C:\Windows\System\jxXVCHT.exe
  C:\Windows\System\jxXVCHT.exe
  2⤵
  PID:4976
- C:\Windows\System\vcYiEdW.exe
  C:\Windows\System\vcYiEdW.exe
  2⤵
  PID:4092
- C:\Windows\System\NqVnvDY.exe
  C:\Windows\System\NqVnvDY.exe
  2⤵
  PID:3720
- C:\Windows\System\bcDgueS.exe
  C:\Windows\System\bcDgueS.exe
  2⤵
  PID:5692
- C:\Windows\System\ncYgKuH.exe
  C:\Windows\System\ncYgKuH.exe
  2⤵
  PID:5232
- C:\Windows\System\CUfRWDG.exe
  C:\Windows\System\CUfRWDG.exe
  2⤵
  PID:2548
- C:\Windows\System\tAzhfGx.exe
  C:\Windows\System\tAzhfGx.exe
  2⤵
  PID:3044
- C:\Windows\System\rdywuKW.exe
  C:\Windows\System\rdywuKW.exe
  2⤵
  PID:5248
- C:\Windows\System\XQDbGPU.exe
  C:\Windows\System\XQDbGPU.exe
  2⤵
  PID:4624
- C:\Windows\System\KrnhDZK.exe
  C:\Windows\System\KrnhDZK.exe
  2⤵
  PID:2520
- C:\Windows\System\qNSNAgv.exe
  C:\Windows\System\qNSNAgv.exe
  2⤵
  PID:3188
- C:\Windows\System\GaSoqoB.exe
  C:\Windows\System\GaSoqoB.exe
  2⤵
  PID:2200
- C:\Windows\System\RWGSewq.exe
  C:\Windows\System\RWGSewq.exe
  2⤵
  PID:5340
- C:\Windows\System\zdMwGcI.exe
  C:\Windows\System\zdMwGcI.exe
  2⤵
  PID:1152
- C:\Windows\System\wkxrbbN.exe
  C:\Windows\System\wkxrbbN.exe
  2⤵
  PID:5924
- C:\Windows\System\trqSHZM.exe
  C:\Windows\System\trqSHZM.exe
  2⤵
  PID:6024
- C:\Windows\System\hCjVNwH.exe
  C:\Windows\System\hCjVNwH.exe
  2⤵
  PID:2588
- C:\Windows\System\jKyPFec.exe
  C:\Windows\System\jKyPFec.exe
  2⤵
  PID:2640
- C:\Windows\System\AkeamWz.exe
  C:\Windows\System\AkeamWz.exe
  2⤵
  PID:5356
- C:\Windows\System\ssRVCFS.exe
  C:\Windows\System\ssRVCFS.exe
  2⤵
  PID:5912
- C:\Windows\System\kvtZMdg.exe
  C:\Windows\System\kvtZMdg.exe
  2⤵
  PID:5944
- C:\Windows\System\MiZbVlI.exe
  C:\Windows\System\MiZbVlI.exe
  2⤵
  PID:6156
- C:\Windows\System\JrQUQrX.exe
  C:\Windows\System\JrQUQrX.exe
  2⤵
  PID:6180
- C:\Windows\System\OifPUjs.exe
  C:\Windows\System\OifPUjs.exe
  2⤵
  PID:6212
- C:\Windows\System\ItKdKci.exe
  C:\Windows\System\ItKdKci.exe
  2⤵
  PID:6228
- C:\Windows\System\gBVXnkB.exe
  C:\Windows\System\gBVXnkB.exe
  2⤵
  PID:6244
- C:\Windows\System\jbjDzQy.exe
  C:\Windows\System\jbjDzQy.exe
  2⤵
  PID:6260
- C:\Windows\System\UicVaPb.exe
  C:\Windows\System\UicVaPb.exe
  2⤵
  PID:6276
- C:\Windows\System\hNBvdDg.exe
  C:\Windows\System\hNBvdDg.exe
  2⤵
  PID:6292
- C:\Windows\System\tmPEYym.exe
  C:\Windows\System\tmPEYym.exe
  2⤵
  PID:6308
- C:\Windows\System\wmFNppu.exe
  C:\Windows\System\wmFNppu.exe
  2⤵
  PID:6324
- C:\Windows\System\ViFYmZM.exe
  C:\Windows\System\ViFYmZM.exe
  2⤵
  PID:6344
- C:\Windows\System\orvmYjy.exe
  C:\Windows\System\orvmYjy.exe
  2⤵
  PID:6364
- C:\Windows\System\rodVFgp.exe
  C:\Windows\System\rodVFgp.exe
  2⤵
  PID:6380
- C:\Windows\System\RexkHou.exe
  C:\Windows\System\RexkHou.exe
  2⤵
  PID:6400
- C:\Windows\System\afxtjlL.exe
  C:\Windows\System\afxtjlL.exe
  2⤵
  PID:6416
- C:\Windows\System\ovizgCI.exe
  C:\Windows\System\ovizgCI.exe
  2⤵
  PID:6436
- C:\Windows\System\yJOYhfG.exe
  C:\Windows\System\yJOYhfG.exe
  2⤵
  PID:6452
- C:\Windows\System\giLNIjm.exe
  C:\Windows\System\giLNIjm.exe
  2⤵
  PID:6468
- C:\Windows\System\gCoWbFN.exe
  C:\Windows\System\gCoWbFN.exe
  2⤵
  PID:6484
- C:\Windows\System\PHQfDov.exe
  C:\Windows\System\PHQfDov.exe
  2⤵
  PID:6500
- C:\Windows\System\djWIejh.exe
  C:\Windows\System\djWIejh.exe
  2⤵
  PID:6516
- C:\Windows\System\IYQFMnb.exe
  C:\Windows\System\IYQFMnb.exe
  2⤵
  PID:6532
- C:\Windows\System\yFtXVwN.exe
  C:\Windows\System\yFtXVwN.exe
  2⤵
  PID:6548
- C:\Windows\System\mbZYPYh.exe
  C:\Windows\System\mbZYPYh.exe
  2⤵
  PID:6564
- C:\Windows\System\JmNWotM.exe
  C:\Windows\System\JmNWotM.exe
  2⤵
  PID:6580
- C:\Windows\System\gmUvWQO.exe
  C:\Windows\System\gmUvWQO.exe
  2⤵
  PID:6596
- C:\Windows\System\jRuQRTE.exe
  C:\Windows\System\jRuQRTE.exe
  2⤵
  PID:6612
- C:\Windows\System\qSWoVLZ.exe
  C:\Windows\System\qSWoVLZ.exe
  2⤵
  PID:6628
- C:\Windows\System\awRskAy.exe
  C:\Windows\System\awRskAy.exe
  2⤵
  PID:6644
- C:\Windows\System\vobfbTe.exe
  C:\Windows\System\vobfbTe.exe
  2⤵
  PID:6660
- C:\Windows\System\FnKxsRj.exe
  C:\Windows\System\FnKxsRj.exe
  2⤵
  PID:6676
- C:\Windows\System\boHvzFu.exe
  C:\Windows\System\boHvzFu.exe
  2⤵
  PID:6692
- C:\Windows\System\TOtrmil.exe
  C:\Windows\System\TOtrmil.exe
  2⤵
  PID:6708
- C:\Windows\System\tOOjwKp.exe
  C:\Windows\System\tOOjwKp.exe
  2⤵
  PID:6724
- C:\Windows\System\KjqECfx.exe
  C:\Windows\System\KjqECfx.exe
  2⤵
  PID:6740
- C:\Windows\System\ZniXfNH.exe
  C:\Windows\System\ZniXfNH.exe
  2⤵
  PID:6756
- C:\Windows\System\ksBcSCg.exe
  C:\Windows\System\ksBcSCg.exe
  2⤵
  PID:6772
- C:\Windows\System\ddAiOnZ.exe
  C:\Windows\System\ddAiOnZ.exe
  2⤵
  PID:6788
- C:\Windows\System\cJgaQkU.exe
  C:\Windows\System\cJgaQkU.exe
  2⤵
  PID:6804
- C:\Windows\System\wLhGSKk.exe
  C:\Windows\System\wLhGSKk.exe
  2⤵
  PID:6820
- C:\Windows\System\LaauAPX.exe
  C:\Windows\System\LaauAPX.exe
  2⤵
  PID:6836
- C:\Windows\System\wqIVqKf.exe
  C:\Windows\System\wqIVqKf.exe
  2⤵
  PID:6852
- C:\Windows\System\ilOWYCi.exe
  C:\Windows\System\ilOWYCi.exe
  2⤵
  PID:6868
- C:\Windows\System\hjnHyza.exe
  C:\Windows\System\hjnHyza.exe
  2⤵
  PID:6884
- C:\Windows\System\zxzWbqH.exe
  C:\Windows\System\zxzWbqH.exe
  2⤵
  PID:6900
- C:\Windows\System\msfgYdW.exe
  C:\Windows\System\msfgYdW.exe
  2⤵
  PID:6916
- C:\Windows\System\gqYmgjX.exe
  C:\Windows\System\gqYmgjX.exe
  2⤵
  PID:6932
- C:\Windows\System\irCFvyk.exe
  C:\Windows\System\irCFvyk.exe
  2⤵
  PID:6948
- C:\Windows\System\HSsfxPN.exe
  C:\Windows\System\HSsfxPN.exe
  2⤵
  PID:6964
- C:\Windows\System\hJzKiXC.exe
  C:\Windows\System\hJzKiXC.exe
  2⤵
  PID:6980
- C:\Windows\System\aKoplQu.exe
  C:\Windows\System\aKoplQu.exe
  2⤵
  PID:6996
- C:\Windows\System\DBzbmbT.exe
  C:\Windows\System\DBzbmbT.exe
  2⤵
  PID:7012
- C:\Windows\System\Muclqyv.exe
  C:\Windows\System\Muclqyv.exe
  2⤵
  PID:7028
- C:\Windows\System\dkPDhBY.exe
  C:\Windows\System\dkPDhBY.exe
  2⤵
  PID:7044
- C:\Windows\System\xyEBUwO.exe
  C:\Windows\System\xyEBUwO.exe
  2⤵
  PID:7060
- C:\Windows\System\QiXGxXk.exe
  C:\Windows\System\QiXGxXk.exe
  2⤵
  PID:7076
- C:\Windows\System\WVGhoXg.exe
  C:\Windows\System\WVGhoXg.exe
  2⤵
  PID:7092
- C:\Windows\System\PDXeJTM.exe
  C:\Windows\System\PDXeJTM.exe
  2⤵
  PID:7108
- C:\Windows\System\lZuKaVa.exe
  C:\Windows\System\lZuKaVa.exe
  2⤵
  PID:7124
- C:\Windows\System\fYEvKOz.exe
  C:\Windows\System\fYEvKOz.exe
  2⤵
  PID:7140
- C:\Windows\System\LNPBiAA.exe
  C:\Windows\System\LNPBiAA.exe
  2⤵
  PID:7156
- C:\Windows\System\FDVNnrW.exe
  C:\Windows\System\FDVNnrW.exe
  2⤵
  PID:2504
- C:\Windows\System\EsTyEmv.exe
  C:\Windows\System\EsTyEmv.exe
  2⤵
  PID:5260
- C:\Windows\System\NldNkTd.exe
  C:\Windows\System\NldNkTd.exe
  2⤵
  PID:1772
- C:\Windows\System\HsmPzZb.exe
  C:\Windows\System\HsmPzZb.exe
  2⤵
  PID:5796
- C:\Windows\System\VztJwFd.exe
  C:\Windows\System\VztJwFd.exe
  2⤵
  PID:6148
- C:\Windows\System\tcmhcJe.exe
  C:\Windows\System\tcmhcJe.exe
  2⤵
  PID:3012
- C:\Windows\System\RDgHITo.exe
  C:\Windows\System\RDgHITo.exe
  2⤵
  PID:6204
- C:\Windows\System\jzBlQKk.exe
  C:\Windows\System\jzBlQKk.exe
  2⤵
  PID:6240
- C:\Windows\System\IaEJEXT.exe
  C:\Windows\System\IaEJEXT.exe
  2⤵
  PID:1108
- C:\Windows\System\lkScjjE.exe
  C:\Windows\System\lkScjjE.exe
  2⤵
  PID:4688
- C:\Windows\System\uyCHDcG.exe
  C:\Windows\System\uyCHDcG.exe
  2⤵
  PID:6336
- C:\Windows\System\CtCYGuz.exe
  C:\Windows\System\CtCYGuz.exe
  2⤵
  PID:5272
- C:\Windows\System\rAfHmKd.exe
  C:\Windows\System\rAfHmKd.exe
  2⤵
  PID:6408
- C:\Windows\System\UAVwAcT.exe
  C:\Windows\System\UAVwAcT.exe
  2⤵
  PID:5748
- C:\Windows\System\lmHeIti.exe
  C:\Windows\System\lmHeIti.exe
  2⤵
  PID:6412
- C:\Windows\System\WXevxcK.exe
  C:\Windows\System\WXevxcK.exe
  2⤵
  PID:2772
- C:\Windows\System\wHfTTfE.exe
  C:\Windows\System\wHfTTfE.exe
  2⤵
  PID:6176
- C:\Windows\System\fUBfymo.exe
  C:\Windows\System\fUBfymo.exe
  2⤵
  PID:6256
- C:\Windows\System\hqPUkrK.exe
  C:\Windows\System\hqPUkrK.exe
  2⤵
  PID:6320
- C:\Windows\System\tPFzvNL.exe
  C:\Windows\System\tPFzvNL.exe
  2⤵
  PID:6388
- C:\Windows\System\aQETzSU.exe
  C:\Windows\System\aQETzSU.exe
  2⤵
  PID:6444
- C:\Windows\System\ZsKzgUG.exe
  C:\Windows\System\ZsKzgUG.exe
  2⤵
  PID:6464
- C:\Windows\System\bHvTNAi.exe
  C:\Windows\System\bHvTNAi.exe
  2⤵
  PID:6508
- C:\Windows\System\wKkEsVq.exe
  C:\Windows\System\wKkEsVq.exe
  2⤵
  PID:6540
- C:\Windows\System\ydXFOje.exe
  C:\Windows\System\ydXFOje.exe
  2⤵
  PID:6572
- C:\Windows\System\DSElLqo.exe
  C:\Windows\System\DSElLqo.exe
  2⤵
  PID:6592
- C:\Windows\System\YFFXaaa.exe
  C:\Windows\System\YFFXaaa.exe
  2⤵
  PID:6636
- C:\Windows\System\kNieQIU.exe
  C:\Windows\System\kNieQIU.exe
  2⤵
  PID:6668
- C:\Windows\System\voItUcc.exe
  C:\Windows\System\voItUcc.exe
  2⤵
  PID:6700
- C:\Windows\System\vBQaTqx.exe
  C:\Windows\System\vBQaTqx.exe
  2⤵
  PID:6732
- C:\Windows\System\aVELFTc.exe
  C:\Windows\System\aVELFTc.exe
  2⤵
  PID:6764
- C:\Windows\System\xRYIpNJ.exe
  C:\Windows\System\xRYIpNJ.exe
  2⤵
  PID:6784
- C:\Windows\System\RqOfOxO.exe
  C:\Windows\System\RqOfOxO.exe
  2⤵
  PID:6828
- C:\Windows\System\tCDGHDA.exe
  C:\Windows\System\tCDGHDA.exe
  2⤵
  PID:6860
- C:\Windows\System\FiXPMoY.exe
  C:\Windows\System\FiXPMoY.exe
  2⤵
  PID:6892
- C:\Windows\System\RGftroK.exe
  C:\Windows\System\RGftroK.exe
  2⤵
  PID:6908
- C:\Windows\System\PHFdcCl.exe
  C:\Windows\System\PHFdcCl.exe
  2⤵
  PID:6940
- C:\Windows\System\fJFeMFc.exe
  C:\Windows\System\fJFeMFc.exe
  2⤵
  PID:6960
- C:\Windows\System\HQLAigp.exe
  C:\Windows\System\HQLAigp.exe
  2⤵
  PID:6992
- C:\Windows\System\JyVbmhN.exe
  C:\Windows\System\JyVbmhN.exe
  2⤵
  PID:7024
- C:\Windows\System\WCnPflk.exe
  C:\Windows\System\WCnPflk.exe
  2⤵
  PID:7052
- C:\Windows\System\nTuKQOX.exe
  C:\Windows\System\nTuKQOX.exe
  2⤵
  PID:7084
- C:\Windows\System\khwVFum.exe
  C:\Windows\System\khwVFum.exe
  2⤵
  PID:7104
- C:\Windows\System\yfnVcXQ.exe
  C:\Windows\System\yfnVcXQ.exe
  2⤵
  PID:7136
- C:\Windows\System\jzJGJLG.exe
  C:\Windows\System\jzJGJLG.exe
  2⤵
  PID:5940
- C:\Windows\System\UVjEmHH.exe
  C:\Windows\System\UVjEmHH.exe
  2⤵
  PID:6136
- C:\Windows\System\UQksZcI.exe
  C:\Windows\System\UQksZcI.exe
  2⤵
  PID:6188
- C:\Windows\System\dClCfCS.exe
  C:\Windows\System\dClCfCS.exe
  2⤵
  PID:832
- C:\Windows\System\yVpvCdJ.exe
  C:\Windows\System\yVpvCdJ.exe
  2⤵
  PID:6304
- C:\Windows\System\ldIYRjP.exe
  C:\Windows\System\ldIYRjP.exe
  2⤵
  PID:6332
- C:\Windows\System\YeLmFFn.exe
  C:\Windows\System\YeLmFFn.exe
  2⤵
  PID:4328
- C:\Windows\System\sBQgaWQ.exe
  C:\Windows\System\sBQgaWQ.exe
  2⤵
  PID:5304
- C:\Windows\System\lIYOBUh.exe
  C:\Windows\System\lIYOBUh.exe
  2⤵
  PID:3008
- C:\Windows\System\cPKzVIM.exe
  C:\Windows\System\cPKzVIM.exe
  2⤵
  PID:6224
- C:\Windows\System\YwcrFbu.exe
  C:\Windows\System\YwcrFbu.exe
  2⤵
  PID:6288
- C:\Windows\System\EwFtjUU.exe
  C:\Windows\System\EwFtjUU.exe
  2⤵
  PID:6716
- C:\Windows\System\PvvSnky.exe
  C:\Windows\System\PvvSnky.exe
  2⤵
  PID:6780
- C:\Windows\System\EQsxJZf.exe
  C:\Windows\System\EQsxJZf.exe
  2⤵
  PID:6812
- C:\Windows\System\iXlTBUn.exe
  C:\Windows\System\iXlTBUn.exe
  2⤵
  PID:1208
- C:\Windows\System\tPSNmCL.exe
  C:\Windows\System\tPSNmCL.exe
  2⤵
  PID:6896
- C:\Windows\System\LAPUFDS.exe
  C:\Windows\System\LAPUFDS.exe
  2⤵
  PID:788
- C:\Windows\System\lzyXFze.exe
  C:\Windows\System\lzyXFze.exe
  2⤵
  PID:2820
- C:\Windows\System\uQSchMD.exe
  C:\Windows\System\uQSchMD.exe
  2⤵
  PID:6432
- C:\Windows\System\KELzncV.exe
  C:\Windows\System\KELzncV.exe
  2⤵
  PID:1328
- C:\Windows\System\UibNdCe.exe
  C:\Windows\System\UibNdCe.exe
  2⤵
  PID:7164
- C:\Windows\System\IynXZwQ.exe
  C:\Windows\System\IynXZwQ.exe
  2⤵
  PID:5168
- C:\Windows\System\oXtSIjH.exe
  C:\Windows\System\oXtSIjH.exe
  2⤵
  PID:1784
- C:\Windows\System\qBVSbQK.exe
  C:\Windows\System\qBVSbQK.exe
  2⤵
  PID:6236
- C:\Windows\System\Zigsvke.exe
  C:\Windows\System\Zigsvke.exe
  2⤵
  PID:6272
- C:\Windows\System\HuZUswd.exe
  C:\Windows\System\HuZUswd.exe
  2⤵
  PID:2768
- C:\Windows\System\nOwToWe.exe
  C:\Windows\System\nOwToWe.exe
  2⤵
  PID:2484
- C:\Windows\System\BNtNTuS.exe
  C:\Windows\System\BNtNTuS.exe
  2⤵
  PID:5848
- C:\Windows\System\VxUkhpB.exe
  C:\Windows\System\VxUkhpB.exe
  2⤵
  PID:6360
- C:\Windows\System\eLxyvQp.exe
  C:\Windows\System\eLxyvQp.exe
  2⤵
  PID:2732
- C:\Windows\System\eSnwWMu.exe
  C:\Windows\System\eSnwWMu.exe
  2⤵
  PID:2840
- C:\Windows\System\JZOHPKr.exe
  C:\Windows\System\JZOHPKr.exe
  2⤵
  PID:6544
- C:\Windows\System\izHQCYQ.exe
  C:\Windows\System\izHQCYQ.exe
  2⤵
  PID:6608
- C:\Windows\System\OKhRGQj.exe
  C:\Windows\System\OKhRGQj.exe
  2⤵
  PID:2736
- C:\Windows\System\yQhpqTO.exe
  C:\Windows\System\yQhpqTO.exe
  2⤵
  PID:6704
- C:\Windows\System\cSWaZXb.exe
  C:\Windows\System\cSWaZXb.exe
  2⤵
  PID:2844
- C:\Windows\System\RBJCWHE.exe
  C:\Windows\System\RBJCWHE.exe
  2⤵
  PID:7008
- C:\Windows\System\AGnMxyI.exe
  C:\Windows\System\AGnMxyI.exe
  2⤵
  PID:1776
- C:\Windows\System\oRAaAzC.exe
  C:\Windows\System\oRAaAzC.exe
  2⤵
  PID:2160
- C:\Windows\System\VnVSnyA.exe
  C:\Windows\System\VnVSnyA.exe
  2⤵
  PID:2604
- C:\Windows\System\ZUKRBVK.exe
  C:\Windows\System\ZUKRBVK.exe
  2⤵
  PID:2400
- C:\Windows\System\IpYlLZh.exe
  C:\Windows\System\IpYlLZh.exe
  2⤵
  PID:1072
- C:\Windows\System\IlLXZMc.exe
  C:\Windows\System\IlLXZMc.exe
  2⤵
  PID:1968
- C:\Windows\System\hhcBLgV.exe
  C:\Windows\System\hhcBLgV.exe
  2⤵
  PID:6376
- C:\Windows\System\PGFPohr.exe
  C:\Windows\System\PGFPohr.exe
  2⤵
  PID:6620
- C:\Windows\System\RJhrnYH.exe
  C:\Windows\System\RJhrnYH.exe
  2⤵
  PID:1528
- C:\Windows\System\RAouCWc.exe
  C:\Windows\System\RAouCWc.exe
  2⤵
  PID:7072
- C:\Windows\System\MeRSGEz.exe
  C:\Windows\System\MeRSGEz.exe
  2⤵
  PID:6556
- C:\Windows\System\DkPXWQW.exe
  C:\Windows\System\DkPXWQW.exe
  2⤵
  PID:6928
- C:\Windows\System\SdVdrbA.exe
  C:\Windows\System\SdVdrbA.exe
  2⤵
  PID:6684
- C:\Windows\System\PGraosh.exe
  C:\Windows\System\PGraosh.exe
  2⤵
  PID:6196
- C:\Windows\System\YqqGbNt.exe
  C:\Windows\System\YqqGbNt.exe
  2⤵
  PID:1692
- C:\Windows\System\etlIOCT.exe
  C:\Windows\System\etlIOCT.exe
  2⤵
  PID:1136
- C:\Windows\System\GbpVpkp.exe
  C:\Windows\System\GbpVpkp.exe
  2⤵
  PID:7180
- C:\Windows\System\OcLxLxL.exe
  C:\Windows\System\OcLxLxL.exe
  2⤵
  PID:7196
- C:\Windows\System\DEbqqBL.exe
  C:\Windows\System\DEbqqBL.exe
  2⤵
  PID:7212
- C:\Windows\System\yroiijl.exe
  C:\Windows\System\yroiijl.exe
  2⤵
  PID:7232
- C:\Windows\System\eXAybZw.exe
  C:\Windows\System\eXAybZw.exe
  2⤵
  PID:7248
- C:\Windows\System\VatgoXC.exe
  C:\Windows\System\VatgoXC.exe
  2⤵
  PID:7264
- C:\Windows\System\sYJvnSL.exe
  C:\Windows\System\sYJvnSL.exe
  2⤵
  PID:7280
- C:\Windows\System\VEtQlGR.exe
  C:\Windows\System\VEtQlGR.exe
  2⤵
  PID:7296
- C:\Windows\System\zfWmvwG.exe
  C:\Windows\System\zfWmvwG.exe
  2⤵
  PID:7312
- C:\Windows\System\YUPlwlE.exe
  C:\Windows\System\YUPlwlE.exe
  2⤵
  PID:7328
- C:\Windows\System\UXmkrLR.exe
  C:\Windows\System\UXmkrLR.exe
  2⤵
  PID:7344
- C:\Windows\System\OpcnmwV.exe
  C:\Windows\System\OpcnmwV.exe
  2⤵
  PID:7360
- C:\Windows\System\BRxQZuy.exe
  C:\Windows\System\BRxQZuy.exe
  2⤵
  PID:7376
- C:\Windows\System\zqOQvAl.exe
  C:\Windows\System\zqOQvAl.exe
  2⤵
  PID:7392
- C:\Windows\System\OXbgQgq.exe
  C:\Windows\System\OXbgQgq.exe
  2⤵
  PID:7408
- C:\Windows\System\sTmgozC.exe
  C:\Windows\System\sTmgozC.exe
  2⤵
  PID:7424
- C:\Windows\System\bDJUJIf.exe
  C:\Windows\System\bDJUJIf.exe
  2⤵
  PID:7440
- C:\Windows\System\wCbVkiY.exe
  C:\Windows\System\wCbVkiY.exe
  2⤵
  PID:7456
- C:\Windows\System\OmhdqOr.exe
  C:\Windows\System\OmhdqOr.exe
  2⤵
  PID:7476
- C:\Windows\System\WNDBiFZ.exe
  C:\Windows\System\WNDBiFZ.exe
  2⤵
  PID:7492
- C:\Windows\System\dpzqFGI.exe
  C:\Windows\System\dpzqFGI.exe
  2⤵
  PID:7508
- C:\Windows\System\NZoWKnI.exe
  C:\Windows\System\NZoWKnI.exe
  2⤵
  PID:7524
- C:\Windows\System\DPSTElM.exe
  C:\Windows\System\DPSTElM.exe
  2⤵
  PID:7540
- C:\Windows\System\zPcqxNl.exe
  C:\Windows\System\zPcqxNl.exe
  2⤵
  PID:7556
- C:\Windows\System\wMKAJBr.exe
  C:\Windows\System\wMKAJBr.exe
  2⤵
  PID:7576
- C:\Windows\System\yTJtqrN.exe
  C:\Windows\System\yTJtqrN.exe
  2⤵
  PID:7592
- C:\Windows\System\BPPYuFb.exe
  C:\Windows\System\BPPYuFb.exe
  2⤵
  PID:7620
- C:\Windows\System\wvQmcjc.exe
  C:\Windows\System\wvQmcjc.exe
  2⤵
  PID:7784
- C:\Windows\System\qBJFxjL.exe
  C:\Windows\System\qBJFxjL.exe
  2⤵
  PID:7800
- C:\Windows\System\iObwrqO.exe
  C:\Windows\System\iObwrqO.exe
  2⤵
  PID:7816
- C:\Windows\System\zDTbZmQ.exe
  C:\Windows\System\zDTbZmQ.exe
  2⤵
  PID:7832
- C:\Windows\System\OkuXXcM.exe
  C:\Windows\System\OkuXXcM.exe
  2⤵
  PID:7848
- C:\Windows\System\xWgeotd.exe
  C:\Windows\System\xWgeotd.exe
  2⤵
  PID:7864
- C:\Windows\System\yVBwRtD.exe
  C:\Windows\System\yVBwRtD.exe
  2⤵
  PID:7880
- C:\Windows\System\eYdAxwt.exe
  C:\Windows\System\eYdAxwt.exe
  2⤵
  PID:7896
- C:\Windows\System\TfRjFvw.exe
  C:\Windows\System\TfRjFvw.exe
  2⤵
  PID:7912
- C:\Windows\System\boTgIei.exe
  C:\Windows\System\boTgIei.exe
  2⤵
  PID:7928
- C:\Windows\System\pkqrbpT.exe
  C:\Windows\System\pkqrbpT.exe
  2⤵
  PID:7944
- C:\Windows\System\iDUiesE.exe
  C:\Windows\System\iDUiesE.exe
  2⤵
  PID:7960
- C:\Windows\System\shgQqkh.exe
  C:\Windows\System\shgQqkh.exe
  2⤵
  PID:7976
- C:\Windows\System\sByPdMG.exe
  C:\Windows\System\sByPdMG.exe
  2⤵
  PID:7992
- C:\Windows\System\xLADGtE.exe
  C:\Windows\System\xLADGtE.exe
  2⤵
  PID:8008
- C:\Windows\System\MkokfSw.exe
  C:\Windows\System\MkokfSw.exe
  2⤵
  PID:8024
- C:\Windows\System\hFcsItf.exe
  C:\Windows\System\hFcsItf.exe
  2⤵
  PID:8040
- C:\Windows\System\yoYTFzt.exe
  C:\Windows\System\yoYTFzt.exe
  2⤵
  PID:8056
- C:\Windows\System\zXYPbGh.exe
  C:\Windows\System\zXYPbGh.exe
  2⤵
  PID:8072
- C:\Windows\System\khejCwe.exe
  C:\Windows\System\khejCwe.exe
  2⤵
  PID:8088
- C:\Windows\System\QjOfDiW.exe
  C:\Windows\System\QjOfDiW.exe
  2⤵
  PID:8104
- C:\Windows\System\nDbweXP.exe
  C:\Windows\System\nDbweXP.exe
  2⤵
  PID:8120
- C:\Windows\System\hQNCpFU.exe
  C:\Windows\System\hQNCpFU.exe
  2⤵
  PID:8136
- C:\Windows\System\panczgA.exe
  C:\Windows\System\panczgA.exe
  2⤵
  PID:8152
- C:\Windows\System\tbmhBMH.exe
  C:\Windows\System\tbmhBMH.exe
  2⤵
  PID:8168
- C:\Windows\System\SexRdYR.exe
  C:\Windows\System\SexRdYR.exe
  2⤵
  PID:8184
- C:\Windows\System\ORFhoAC.exe
  C:\Windows\System\ORFhoAC.exe
  2⤵
  PID:7192
- C:\Windows\System\JMFjKqV.exe
  C:\Windows\System\JMFjKqV.exe
  2⤵
  PID:7228
- C:\Windows\System\zMLVzdl.exe
  C:\Windows\System\zMLVzdl.exe
  2⤵
  PID:7292
- C:\Windows\System\ruPMDTZ.exe
  C:\Windows\System\ruPMDTZ.exe
  2⤵
  PID:6448
- C:\Windows\System\wSybfZQ.exe
  C:\Windows\System\wSybfZQ.exe
  2⤵
  PID:2956
- C:\Windows\System\kdNBQbG.exe
  C:\Windows\System\kdNBQbG.exe
  2⤵
  PID:7244
- C:\Windows\System\EGmcGUr.exe
  C:\Windows\System\EGmcGUr.exe
  2⤵
  PID:7308
- C:\Windows\System\PlmOnOg.exe
  C:\Windows\System\PlmOnOg.exe
  2⤵
  PID:7176
- C:\Windows\System\dWYLNgv.exe
  C:\Windows\System\dWYLNgv.exe
  2⤵
  PID:7404
- C:\Windows\System\UHnMxGG.exe
  C:\Windows\System\UHnMxGG.exe
  2⤵
  PID:7384
- C:\Windows\System\ZcDKTEG.exe
  C:\Windows\System\ZcDKTEG.exe
  2⤵
  PID:7448
- C:\Windows\System\PWWsueN.exe
  C:\Windows\System\PWWsueN.exe
  2⤵
  PID:7516
- C:\Windows\System\FDeHuMU.exe
  C:\Windows\System\FDeHuMU.exe
  2⤵
  PID:7548
- C:\Windows\System\RYMyEbL.exe
  C:\Windows\System\RYMyEbL.exe
  2⤵
  PID:7468
- C:\Windows\System\ylSnEYA.exe
  C:\Windows\System\ylSnEYA.exe
  2⤵
  PID:7584
- C:\Windows\System\jCqnmgF.exe
  C:\Windows\System\jCqnmgF.exe
  2⤵
  PID:7568
- C:\Windows\System\fbiwpCX.exe
  C:\Windows\System\fbiwpCX.exe
  2⤵
  PID:7612
- C:\Windows\System\eCwxIVf.exe
  C:\Windows\System\eCwxIVf.exe
  2⤵
  PID:7632
- C:\Windows\System\UpHzTMk.exe
  C:\Windows\System\UpHzTMk.exe
  2⤵
  PID:7652
- C:\Windows\System\veoYFLQ.exe
  C:\Windows\System\veoYFLQ.exe
  2⤵
  PID:7668
- C:\Windows\System\eeWmsVx.exe
  C:\Windows\System\eeWmsVx.exe
  2⤵
  PID:7684
- C:\Windows\System\AAHFYMp.exe
  C:\Windows\System\AAHFYMp.exe
  2⤵
  PID:7700
- C:\Windows\System\WCMqiig.exe
  C:\Windows\System\WCMqiig.exe
  2⤵
  PID:7720
- C:\Windows\System\ZVOBwon.exe
  C:\Windows\System\ZVOBwon.exe
  2⤵
  PID:7736
- C:\Windows\System\PDjwvAf.exe
  C:\Windows\System\PDjwvAf.exe
  2⤵
  PID:7748
- C:\Windows\System\BYhrlvY.exe
  C:\Windows\System\BYhrlvY.exe
  2⤵
  PID:7772
- C:\Windows\System\pxoBDXg.exe
  C:\Windows\System\pxoBDXg.exe
  2⤵
  PID:7792
- C:\Windows\System\GmvozQq.exe
  C:\Windows\System\GmvozQq.exe
  2⤵
  PID:7840
- C:\Windows\System\Pxopvga.exe
  C:\Windows\System\Pxopvga.exe
  2⤵
  PID:7824
- C:\Windows\System\ZuvxNJx.exe
  C:\Windows\System\ZuvxNJx.exe
  2⤵
  PID:7940
- C:\Windows\System\McIzWSU.exe
  C:\Windows\System\McIzWSU.exe
  2⤵
  PID:8004
- C:\Windows\System\AqJqeSl.exe
  C:\Windows\System\AqJqeSl.exe
  2⤵
  PID:7828
- C:\Windows\System\HZoMGDe.exe
  C:\Windows\System\HZoMGDe.exe
  2⤵
  PID:8100
- C:\Windows\System\YqKtNEJ.exe
  C:\Windows\System\YqKtNEJ.exe
  2⤵
  PID:8164
- C:\Windows\System\uWrvRca.exe
  C:\Windows\System\uWrvRca.exe
  2⤵
  PID:7924
- C:\Windows\System\dOhyQRH.exe
  C:\Windows\System\dOhyQRH.exe
  2⤵
  PID:7888
- C:\Windows\System\AcCoTQX.exe
  C:\Windows\System\AcCoTQX.exe
  2⤵
  PID:7984
- C:\Windows\System\dRHTZBq.exe
  C:\Windows\System\dRHTZBq.exe
  2⤵
  PID:8020
- C:\Windows\System\tQWyFYN.exe
  C:\Windows\System\tQWyFYN.exe
  2⤵
  PID:8112
- C:\Windows\System\zXoQRlm.exe
  C:\Windows\System\zXoQRlm.exe
  2⤵
  PID:8180
- C:\Windows\System\GicrEhm.exe
  C:\Windows\System\GicrEhm.exe
  2⤵
  PID:6512
- C:\Windows\System\LrKUTbw.exe
  C:\Windows\System\LrKUTbw.exe
  2⤵
  PID:7368
- C:\Windows\System\LfkNyHU.exe
  C:\Windows\System\LfkNyHU.exe
  2⤵
  PID:7204
- C:\Windows\System\LYjNCrF.exe
  C:\Windows\System\LYjNCrF.exe
  2⤵
  PID:7416
- C:\Windows\System\PkgzKeV.exe
  C:\Windows\System\PkgzKeV.exe
  2⤵
  PID:7372
- C:\Windows\System\DqTOfDn.exe
  C:\Windows\System\DqTOfDn.exe
  2⤵
  PID:7600
- C:\Windows\System\wZzdKbN.exe
  C:\Windows\System\wZzdKbN.exe
  2⤵
  PID:7488
- C:\Windows\System\inRuipl.exe
  C:\Windows\System\inRuipl.exe
  2⤵
  PID:7564
- C:\Windows\System\MgFSxsE.exe
  C:\Windows\System\MgFSxsE.exe
  2⤵
  PID:7664
- C:\Windows\System\dtwIetx.exe
  C:\Windows\System\dtwIetx.exe
  2⤵
  PID:7712
- C:\Windows\System\ldwZliT.exe
  C:\Windows\System\ldwZliT.exe
  2⤵
  PID:7780
- C:\Windows\System\vMATmca.exe
  C:\Windows\System\vMATmca.exe
  2⤵
  PID:7972
- C:\Windows\System\SLBamBf.exe
  C:\Windows\System\SLBamBf.exe
  2⤵
  PID:7692
- C:\Windows\System\XkruZHw.exe
  C:\Windows\System\XkruZHw.exe
  2⤵
  PID:7956
- C:\Windows\System\NZzbNah.exe
  C:\Windows\System\NZzbNah.exe
  2⤵
  PID:8036
- C:\Windows\System\lKaKNPI.exe
  C:\Windows\System\lKaKNPI.exe
  2⤵
  PID:7812
- C:\Windows\System\iFKomkZ.exe
  C:\Windows\System\iFKomkZ.exe
  2⤵
  PID:8132
- C:\Windows\System\yZhQATX.exe
  C:\Windows\System\yZhQATX.exe
  2⤵
  PID:8080
- C:\Windows\System\KxThsQB.exe
  C:\Windows\System\KxThsQB.exe
  2⤵
  PID:7224
- C:\Windows\System\yhAgxQn.exe
  C:\Windows\System\yhAgxQn.exe
  2⤵
  PID:7340
- C:\Windows\System\OkVSekn.exe
  C:\Windows\System\OkVSekn.exe
  2⤵
  PID:8144
- C:\Windows\System\ifWasqI.exe
  C:\Windows\System\ifWasqI.exe
  2⤵
  PID:7740
- C:\Windows\System\xnodork.exe
  C:\Windows\System\xnodork.exe
  2⤵
  PID:7732
- C:\Windows\System\nsWahBH.exe
  C:\Windows\System\nsWahBH.exe
  2⤵
  PID:7276
- C:\Windows\System\YXRztME.exe
  C:\Windows\System\YXRztME.exe
  2⤵
  PID:7484
- C:\Windows\System\YPFmmGr.exe
  C:\Windows\System\YPFmmGr.exe
  2⤵
  PID:7640
- C:\Windows\System\RKtJWLd.exe
  C:\Windows\System\RKtJWLd.exe
  2⤵
  PID:8208
- C:\Windows\System\JNrQUNH.exe
  C:\Windows\System\JNrQUNH.exe
  2⤵
  PID:8224
- C:\Windows\System\axEkIxC.exe
  C:\Windows\System\axEkIxC.exe
  2⤵
  PID:8240
- C:\Windows\System\VqDWgDh.exe
  C:\Windows\System\VqDWgDh.exe
  2⤵
  PID:8256
- C:\Windows\System\ayEglZI.exe
  C:\Windows\System\ayEglZI.exe
  2⤵
  PID:8272
- C:\Windows\System\iCbjsvu.exe
  C:\Windows\System\iCbjsvu.exe
  2⤵
  PID:8288
- C:\Windows\System\bvrMhBk.exe
  C:\Windows\System\bvrMhBk.exe
  2⤵
  PID:8304
- C:\Windows\System\YplcLVS.exe
  C:\Windows\System\YplcLVS.exe
  2⤵
  PID:8320
- C:\Windows\System\rTVZIZu.exe
  C:\Windows\System\rTVZIZu.exe
  2⤵
  PID:8336
- C:\Windows\System\FQDjBkN.exe
  C:\Windows\System\FQDjBkN.exe
  2⤵
  PID:8352
- C:\Windows\System\zlpnGie.exe
  C:\Windows\System\zlpnGie.exe
  2⤵
  PID:8368
- C:\Windows\System\YKHtJFf.exe
  C:\Windows\System\YKHtJFf.exe
  2⤵
  PID:8384
- C:\Windows\System\KJRebWL.exe
  C:\Windows\System\KJRebWL.exe
  2⤵
  PID:8400
- C:\Windows\System\woEJRlB.exe
  C:\Windows\System\woEJRlB.exe
  2⤵
  PID:8416
- C:\Windows\System\zaUeEWs.exe
  C:\Windows\System\zaUeEWs.exe
  2⤵
  PID:8432
- C:\Windows\System\OEbjGPI.exe
  C:\Windows\System\OEbjGPI.exe
  2⤵
  PID:8448
- C:\Windows\System\FDYjFJh.exe
  C:\Windows\System\FDYjFJh.exe
  2⤵
  PID:8464
- C:\Windows\System\QbDetlq.exe
  C:\Windows\System\QbDetlq.exe
  2⤵
  PID:8480
- C:\Windows\System\eREkUIn.exe
  C:\Windows\System\eREkUIn.exe
  2⤵
  PID:8496
- C:\Windows\System\TENOnMY.exe
  C:\Windows\System\TENOnMY.exe
  2⤵
  PID:8512
- C:\Windows\System\rhKlUfa.exe
  C:\Windows\System\rhKlUfa.exe
  2⤵
  PID:8528
- C:\Windows\System\HiqHgYB.exe
  C:\Windows\System\HiqHgYB.exe
  2⤵
  PID:8544
- C:\Windows\System\kCRzVBD.exe
  C:\Windows\System\kCRzVBD.exe
  2⤵
  PID:8560
- C:\Windows\System\PiWqrFU.exe
  C:\Windows\System\PiWqrFU.exe
  2⤵
  PID:8576
- C:\Windows\System\cXonupw.exe
  C:\Windows\System\cXonupw.exe
  2⤵
  PID:8592
- C:\Windows\System\pcTLcVN.exe
  C:\Windows\System\pcTLcVN.exe
  2⤵
  PID:8608
- C:\Windows\System\NVENXxG.exe
  C:\Windows\System\NVENXxG.exe
  2⤵
  PID:8624
- C:\Windows\System\MkkbSlf.exe
  C:\Windows\System\MkkbSlf.exe
  2⤵
  PID:8640
- C:\Windows\System\WySoAvn.exe
  C:\Windows\System\WySoAvn.exe
  2⤵
  PID:8656
- C:\Windows\System\GIFroEj.exe
  C:\Windows\System\GIFroEj.exe
  2⤵
  PID:8672
- C:\Windows\System\RKjGhfI.exe
  C:\Windows\System\RKjGhfI.exe
  2⤵
  PID:8688
- C:\Windows\System\QeGFLZQ.exe
  C:\Windows\System\QeGFLZQ.exe
  2⤵
  PID:8704
- C:\Windows\System\AajxQpR.exe
  C:\Windows\System\AajxQpR.exe
  2⤵
  PID:8724
- C:\Windows\System\yjRcAmz.exe
  C:\Windows\System\yjRcAmz.exe
  2⤵
  PID:8740
- C:\Windows\System\BdScgvE.exe
  C:\Windows\System\BdScgvE.exe
  2⤵
  PID:8760
- C:\Windows\System\uFLMGQQ.exe
  C:\Windows\System\uFLMGQQ.exe
  2⤵
  PID:8776
- C:\Windows\System\rkDhtEO.exe
  C:\Windows\System\rkDhtEO.exe
  2⤵
  PID:8792
- C:\Windows\System\GZioeNz.exe
  C:\Windows\System\GZioeNz.exe
  2⤵
  PID:8808
- C:\Windows\System\usUejbM.exe
  C:\Windows\System\usUejbM.exe
  2⤵
  PID:8824
- C:\Windows\System\GCCqCBr.exe
  C:\Windows\System\GCCqCBr.exe
  2⤵
  PID:8840
- C:\Windows\System\OStNONR.exe
  C:\Windows\System\OStNONR.exe
  2⤵
  PID:8856
- C:\Windows\System\NYjCOtd.exe
  C:\Windows\System\NYjCOtd.exe
  2⤵
  PID:8872
- C:\Windows\System\aGqTocQ.exe
  C:\Windows\System\aGqTocQ.exe
  2⤵
  PID:8888
- C:\Windows\System\kxnKCLd.exe
  C:\Windows\System\kxnKCLd.exe
  2⤵
  PID:8904
- C:\Windows\System\zmDaBea.exe
  C:\Windows\System\zmDaBea.exe
  2⤵
  PID:8920
- C:\Windows\System\oWbUonZ.exe
  C:\Windows\System\oWbUonZ.exe
  2⤵
  PID:8936
- C:\Windows\System\nmOAxTY.exe
  C:\Windows\System\nmOAxTY.exe
  2⤵
  PID:8952
- C:\Windows\System\PzeXWvn.exe
  C:\Windows\System\PzeXWvn.exe
  2⤵
  PID:8968
- C:\Windows\System\aEssIhC.exe
  C:\Windows\System\aEssIhC.exe
  2⤵
  PID:8984
- C:\Windows\System\CSQaeRh.exe
  C:\Windows\System\CSQaeRh.exe
  2⤵
  PID:9000
- C:\Windows\System\qsNDjzc.exe
  C:\Windows\System\qsNDjzc.exe
  2⤵
  PID:9016
- C:\Windows\System\ULMKygX.exe
  C:\Windows\System\ULMKygX.exe
  2⤵
  PID:9032
- C:\Windows\System\GGIBpYv.exe
  C:\Windows\System\GGIBpYv.exe
  2⤵
  PID:9048
- C:\Windows\System\DkpbJWJ.exe
  C:\Windows\System\DkpbJWJ.exe
  2⤵
  PID:9064
- C:\Windows\System\lBQQQnD.exe
  C:\Windows\System\lBQQQnD.exe
  2⤵
  PID:9080
- C:\Windows\System\gwoiyzm.exe
  C:\Windows\System\gwoiyzm.exe
  2⤵
  PID:9096
- C:\Windows\System\nvvECfW.exe
  C:\Windows\System\nvvECfW.exe
  2⤵
  PID:9112
- C:\Windows\System\daUyrtZ.exe
  C:\Windows\System\daUyrtZ.exe
  2⤵
  PID:9128
- C:\Windows\System\lzMzNWn.exe
  C:\Windows\System\lzMzNWn.exe
  2⤵
  PID:9144
- C:\Windows\System\DljytYc.exe
  C:\Windows\System\DljytYc.exe
  2⤵
  PID:9160
- C:\Windows\System\JZHcmKV.exe
  C:\Windows\System\JZHcmKV.exe
  2⤵
  PID:9176
- C:\Windows\System\iZuvZga.exe
  C:\Windows\System\iZuvZga.exe
  2⤵
  PID:9192
- C:\Windows\System\WcqkNsm.exe
  C:\Windows\System\WcqkNsm.exe
  2⤵
  PID:9208
- C:\Windows\System\haBKKwT.exe
  C:\Windows\System\haBKKwT.exe
  2⤵
  PID:8232
- C:\Windows\System\CjiGuPr.exe
  C:\Windows\System\CjiGuPr.exe
  2⤵
  PID:7500
- C:\Windows\System\NHYTcgs.exe
  C:\Windows\System\NHYTcgs.exe
  2⤵
  PID:7504
- C:\Windows\System\OYCbuLJ.exe
  C:\Windows\System\OYCbuLJ.exe
  2⤵
  PID:8392
- C:\Windows\System\yyfbySH.exe
  C:\Windows\System\yyfbySH.exe
  2⤵
  PID:8456
- C:\Windows\System\shHbiNJ.exe
  C:\Windows\System\shHbiNJ.exe
  2⤵
  PID:8520
- C:\Windows\System\dGLOZuy.exe
  C:\Windows\System\dGLOZuy.exe
  2⤵
  PID:7240
- C:\Windows\System\iifksRA.exe
  C:\Windows\System\iifksRA.exe
  2⤵
  PID:8312
- C:\Windows\System\eOCIXLn.exe
  C:\Windows\System\eOCIXLn.exe
  2⤵
  PID:7648
- C:\Windows\System\QWSlaIo.exe
  C:\Windows\System\QWSlaIo.exe
  2⤵
  PID:7680
- C:\Windows\System\IvTsLSR.exe
  C:\Windows\System\IvTsLSR.exe
  2⤵
  PID:8248
- C:\Windows\System\oAgfShy.exe
  C:\Windows\System\oAgfShy.exe
  2⤵
  PID:7260
- C:\Windows\System\gSjXQPj.exe
  C:\Windows\System\gSjXQPj.exe
  2⤵
  PID:6640
- C:\Windows\System\zLdtqjd.exe
  C:\Windows\System\zLdtqjd.exe
  2⤵
  PID:7860
- C:\Windows\System\fvuAxQV.exe
  C:\Windows\System\fvuAxQV.exe
  2⤵
  PID:8220
- C:\Windows\System\yzrENVU.exe
  C:\Windows\System\yzrENVU.exe
  2⤵
  PID:8316
- C:\Windows\System\xCWHNSr.exe
  C:\Windows\System\xCWHNSr.exe
  2⤵
  PID:8412
- C:\Windows\System\MpiMUAj.exe
  C:\Windows\System\MpiMUAj.exe
  2⤵
  PID:8508
- C:\Windows\System\ZiYzIcA.exe
  C:\Windows\System\ZiYzIcA.exe
  2⤵
  PID:8588
- C:\Windows\System\ZYmrSBe.exe
  C:\Windows\System\ZYmrSBe.exe
  2⤵
  PID:8652
- C:\Windows\System\AWhBtxc.exe
  C:\Windows\System\AWhBtxc.exe
  2⤵
  PID:8712
- C:\Windows\System\AGOvFRn.exe
  C:\Windows\System\AGOvFRn.exe
  2⤵
  PID:8748
- C:\Windows\System\siOWUqJ.exe
  C:\Windows\System\siOWUqJ.exe
  2⤵
  PID:8788
- C:\Windows\System\xPIcSyY.exe
  C:\Windows\System\xPIcSyY.exe
  2⤵
  PID:8668
- C:\Windows\System\svzDFBt.exe
  C:\Windows\System\svzDFBt.exe
  2⤵
  PID:8848
- C:\Windows\System\LBhnCVO.exe
  C:\Windows\System\LBhnCVO.exe
  2⤵
  PID:8912
- C:\Windows\System\dEtxzKY.exe
  C:\Windows\System\dEtxzKY.exe
  2⤵
  PID:8948
- C:\Windows\System\hcPDXgX.exe
  C:\Windows\System\hcPDXgX.exe
  2⤵
  PID:8864
- C:\Windows\System\IAeZiBg.exe
  C:\Windows\System\IAeZiBg.exe
  2⤵
  PID:8800
- C:\Windows\System\JJmdxYN.exe
  C:\Windows\System\JJmdxYN.exe
  2⤵
  PID:8836
- C:\Windows\System\PhmWvRw.exe
  C:\Windows\System\PhmWvRw.exe
  2⤵
  PID:8932
- C:\Windows\System\QxTiuMR.exe
  C:\Windows\System\QxTiuMR.exe
  2⤵
  PID:9008
- C:\Windows\System\vBtiCkE.exe
  C:\Windows\System\vBtiCkE.exe
  2⤵
  PID:9072
- C:\Windows\System\EmmABYi.exe
  C:\Windows\System\EmmABYi.exe
  2⤵
  PID:9056
- C:\Windows\System\rZggYbe.exe
  C:\Windows\System\rZggYbe.exe
  2⤵
  PID:9120
- C:\Windows\System\lamSHBi.exe
  C:\Windows\System\lamSHBi.exe
  2⤵
  PID:8360
- C:\Windows\System\UgepWsa.exe
  C:\Windows\System\UgepWsa.exe
  2⤵
  PID:9136
- C:\Windows\System\NJxoYVm.exe
  C:\Windows\System\NJxoYVm.exe
  2⤵
  PID:9204
- C:\Windows\System\PQkJELl.exe
  C:\Windows\System\PQkJELl.exe
  2⤵
  PID:9152
- C:\Windows\System\YtxDlij.exe
  C:\Windows\System\YtxDlij.exe
  2⤵
  PID:7676
- C:\Windows\System\zGsSCyu.exe
  C:\Windows\System\zGsSCyu.exe
  2⤵
  PID:8280
- C:\Windows\System\YxDqeZE.exe
  C:\Windows\System\YxDqeZE.exe
  2⤵
  PID:9184
- C:\Windows\System\oTeDaDJ.exe
  C:\Windows\System\oTeDaDJ.exe
  2⤵
  PID:8204
- C:\Windows\System\UhtwjMh.exe
  C:\Windows\System\UhtwjMh.exe
  2⤵
  PID:8428
- C:\Windows\System\SWUehXu.exe
  C:\Windows\System\SWUehXu.exe
  2⤵
  PID:7988
- C:\Windows\System\GxwDyZC.exe
  C:\Windows\System\GxwDyZC.exe
  2⤵
  PID:8216
- C:\Windows\System\MIgoerP.exe
  C:\Windows\System\MIgoerP.exe
  2⤵
  PID:8572
- C:\Windows\System\MmwhIHM.exe
  C:\Windows\System\MmwhIHM.exe
  2⤵
  PID:8680
- C:\Windows\System\HRVLPcL.exe
  C:\Windows\System\HRVLPcL.exe
  2⤵
  PID:8664
- C:\Windows\System\wICgLbL.exe
  C:\Windows\System\wICgLbL.exe
  2⤵
  PID:8736
- C:\Windows\System\WaWNESh.exe
  C:\Windows\System\WaWNESh.exe
  2⤵
  PID:8784
- C:\Windows\System\IZkUYPm.exe
  C:\Windows\System\IZkUYPm.exe
  2⤵
  PID:8772
- C:\Windows\System\MUjxSYC.exe
  C:\Windows\System\MUjxSYC.exe
  2⤵
  PID:9024
- C:\Windows\System\sbCmvVY.exe
  C:\Windows\System\sbCmvVY.exe
  2⤵
  PID:9108
- C:\Windows\System\rXjAyrY.exe
  C:\Windows\System\rXjAyrY.exe
  2⤵
  PID:9168
- C:\Windows\System\wjBHJlm.exe
  C:\Windows\System\wjBHJlm.exe
  2⤵
  PID:9140
- C:\Windows\System\UozGtPu.exe
  C:\Windows\System\UozGtPu.exe
  2⤵
  PID:8584
- C:\Windows\System\zZEAUgU.exe
  C:\Windows\System\zZEAUgU.exe
  2⤵
  PID:8328
- C:\Windows\System\BVwgMqc.exe
  C:\Windows\System\BVwgMqc.exe
  2⤵
  PID:7952
- C:\Windows\System\mrECnae.exe
  C:\Windows\System\mrECnae.exe
  2⤵
  PID:8504
- C:\Windows\System\iCShQiv.exe
  C:\Windows\System\iCShQiv.exe
  2⤵
  PID:8620
- C:\Windows\System\PeYOiql.exe
  C:\Windows\System\PeYOiql.exe
  2⤵
  PID:8820
- C:\Windows\System\czDGaqs.exe
  C:\Windows\System\czDGaqs.exe
  2⤵
  PID:8380
- C:\Windows\System\mmpEYhT.exe
  C:\Windows\System\mmpEYhT.exe
  2⤵
  PID:8756
- C:\Windows\System\hWYkLIA.exe
  C:\Windows\System\hWYkLIA.exe
  2⤵
  PID:8720
- C:\Windows\System\NFLUDRa.exe
  C:\Windows\System\NFLUDRa.exe
  2⤵
  PID:9156
- C:\Windows\System\VyvZPXu.exe
  C:\Windows\System\VyvZPXu.exe
  2⤵
  PID:8636
- C:\Windows\System\OTADVAu.exe
  C:\Windows\System\OTADVAu.exe
  2⤵
  PID:8944
- C:\Windows\System\cLQnkeR.exe
  C:\Windows\System\cLQnkeR.exe
  2⤵
  PID:9236
- C:\Windows\System\ihsReCG.exe
  C:\Windows\System\ihsReCG.exe
  2⤵
  PID:9252
- C:\Windows\System\abTyHgj.exe
  C:\Windows\System\abTyHgj.exe
  2⤵
  PID:9268
- C:\Windows\System\iAFHlGA.exe
  C:\Windows\System\iAFHlGA.exe
  2⤵
  PID:9284
- C:\Windows\System\WUiCXqV.exe
  C:\Windows\System\WUiCXqV.exe
  2⤵
  PID:9300
- C:\Windows\System\bBjeBls.exe
  C:\Windows\System\bBjeBls.exe
  2⤵
  PID:9316
- C:\Windows\System\vgkIjEF.exe
  C:\Windows\System\vgkIjEF.exe
  2⤵
  PID:9332
- C:\Windows\System\vHClbvw.exe
  C:\Windows\System\vHClbvw.exe
  2⤵
  PID:9348
- C:\Windows\System\MpxkulS.exe
  C:\Windows\System\MpxkulS.exe
  2⤵
  PID:9364
- C:\Windows\System\MPzjDtv.exe
  C:\Windows\System\MPzjDtv.exe
  2⤵
  PID:9380
- C:\Windows\System\QGTgyBQ.exe
  C:\Windows\System\QGTgyBQ.exe
  2⤵
  PID:9396
- C:\Windows\System\LipYaAs.exe
  C:\Windows\System\LipYaAs.exe
  2⤵
  PID:9412
- C:\Windows\System\DNQHEsT.exe
  C:\Windows\System\DNQHEsT.exe
  2⤵
  PID:9428
- C:\Windows\System\OnGyQkj.exe
  C:\Windows\System\OnGyQkj.exe
  2⤵
  PID:9444
- C:\Windows\System\AvvbWXl.exe
  C:\Windows\System\AvvbWXl.exe
  2⤵
  PID:9460
- C:\Windows\System\vnnLHcL.exe
  C:\Windows\System\vnnLHcL.exe
  2⤵
  PID:9476
- C:\Windows\System\tOPgqmf.exe
  C:\Windows\System\tOPgqmf.exe
  2⤵
  PID:9492
- C:\Windows\System\aJvcoSB.exe
  C:\Windows\System\aJvcoSB.exe
  2⤵
  PID:9508
- C:\Windows\System\gPCKWSr.exe
  C:\Windows\System\gPCKWSr.exe
  2⤵
  PID:9524
- C:\Windows\System\KSmhOqk.exe
  C:\Windows\System\KSmhOqk.exe
  2⤵
  PID:9540
- C:\Windows\System\rdbCUvk.exe
  C:\Windows\System\rdbCUvk.exe
  2⤵
  PID:9556
- C:\Windows\System\LfpjTEZ.exe
  C:\Windows\System\LfpjTEZ.exe
  2⤵
  PID:9572
- C:\Windows\System\iitqafS.exe
  C:\Windows\System\iitqafS.exe
  2⤵
  PID:9588
- C:\Windows\System\oQCXFNT.exe
  C:\Windows\System\oQCXFNT.exe
  2⤵
  PID:9604
- C:\Windows\System\IGFiENN.exe
  C:\Windows\System\IGFiENN.exe
  2⤵
  PID:9620
- C:\Windows\System\hLgAhOr.exe
  C:\Windows\System\hLgAhOr.exe
  2⤵
  PID:9636
- C:\Windows\System\KnSpiry.exe
  C:\Windows\System\KnSpiry.exe
  2⤵
  PID:9652
- C:\Windows\System\MvMVOom.exe
  C:\Windows\System\MvMVOom.exe
  2⤵
  PID:9668
- C:\Windows\System\gApIeZW.exe
  C:\Windows\System\gApIeZW.exe
  2⤵
  PID:9684
- C:\Windows\System\rCdZWeY.exe
  C:\Windows\System\rCdZWeY.exe
  2⤵
  PID:9700
- C:\Windows\System\GyUguIJ.exe
  C:\Windows\System\GyUguIJ.exe
  2⤵
  PID:9716
- C:\Windows\System\MLJQmEZ.exe
  C:\Windows\System\MLJQmEZ.exe
  2⤵
  PID:9732
- C:\Windows\System\OQGUIEI.exe
  C:\Windows\System\OQGUIEI.exe
  2⤵
  PID:9748
- C:\Windows\System\YtYaRCX.exe
  C:\Windows\System\YtYaRCX.exe
  2⤵
  PID:9764
- C:\Windows\System\cTewuYN.exe
  C:\Windows\System\cTewuYN.exe
  2⤵
  PID:9792
- C:\Windows\System\CvfsGBR.exe
  C:\Windows\System\CvfsGBR.exe
  2⤵
  PID:9808
- C:\Windows\System\DhraiMM.exe
  C:\Windows\System\DhraiMM.exe
  2⤵
  PID:9824
- C:\Windows\System\AQzMnrp.exe
  C:\Windows\System\AQzMnrp.exe
  2⤵
  PID:9852
- C:\Windows\System\kDOvXJY.exe
  C:\Windows\System\kDOvXJY.exe
  2⤵
  PID:9872
- C:\Windows\System\ZMraOfg.exe
  C:\Windows\System\ZMraOfg.exe
  2⤵
  PID:9888
- C:\Windows\System\ZyDFSYP.exe
  C:\Windows\System\ZyDFSYP.exe
  2⤵
  PID:9904
- C:\Windows\System\qWLyXxq.exe
  C:\Windows\System\qWLyXxq.exe
  2⤵
  PID:9924
- C:\Windows\System\LXlVRBy.exe
  C:\Windows\System\LXlVRBy.exe
  2⤵
  PID:9940
- C:\Windows\System\EYIJGCw.exe
  C:\Windows\System\EYIJGCw.exe
  2⤵
  PID:9956
- C:\Windows\System\KsDEdaA.exe
  C:\Windows\System\KsDEdaA.exe
  2⤵
  PID:9972
- C:\Windows\System\KoFsXfe.exe
  C:\Windows\System\KoFsXfe.exe
  2⤵
  PID:9988
- C:\Windows\System\GcCCJDo.exe
  C:\Windows\System\GcCCJDo.exe
  2⤵
  PID:10004
- C:\Windows\System\SGnrzxe.exe
  C:\Windows\System\SGnrzxe.exe
  2⤵
  PID:10020
- C:\Windows\System\WbLPodd.exe
  C:\Windows\System\WbLPodd.exe
  2⤵
  PID:10060
- C:\Windows\System\etmXYbZ.exe
  C:\Windows\System\etmXYbZ.exe
  2⤵
  PID:10076
- C:\Windows\System\aiMDPCU.exe
  C:\Windows\System\aiMDPCU.exe
  2⤵
  PID:10092
- C:\Windows\System\srvCEwr.exe
  C:\Windows\System\srvCEwr.exe
  2⤵
  PID:10108
- C:\Windows\System\asNrsEc.exe
  C:\Windows\System\asNrsEc.exe
  2⤵
  PID:10124
- C:\Windows\System\RLzFjcA.exe
  C:\Windows\System\RLzFjcA.exe
  2⤵
  PID:10140
- C:\Windows\System\SaWMkHi.exe
  C:\Windows\System\SaWMkHi.exe
  2⤵
  PID:10156
- C:\Windows\System\TvflDFm.exe
  C:\Windows\System\TvflDFm.exe
  2⤵
  PID:10172
- C:\Windows\System\slaESEK.exe
  C:\Windows\System\slaESEK.exe
  2⤵
  PID:10188
- C:\Windows\System\dtOHlts.exe
  C:\Windows\System\dtOHlts.exe
  2⤵
  PID:10204
- C:\Windows\System\hNiSrtS.exe
  C:\Windows\System\hNiSrtS.exe
  2⤵
  PID:10220
- C:\Windows\System\qLxDlZz.exe
  C:\Windows\System\qLxDlZz.exe
  2⤵
  PID:10236
- C:\Windows\System\YJnOliy.exe
  C:\Windows\System\YJnOliy.exe
  2⤵
  PID:9244
- C:\Windows\System\EnzfNqf.exe
  C:\Windows\System\EnzfNqf.exe
  2⤵
  PID:7604
- C:\Windows\System\OgIqZBe.exe
  C:\Windows\System\OgIqZBe.exe
  2⤵
  PID:9340
- C:\Windows\System\XKxcobE.exe
  C:\Windows\System\XKxcobE.exe
  2⤵
  PID:9376
- C:\Windows\System\PHXHjCj.exe
  C:\Windows\System\PHXHjCj.exe
  2⤵
  PID:9440
- C:\Windows\System\JASSEXO.exe
  C:\Windows\System\JASSEXO.exe
  2⤵
  PID:9324
- C:\Windows\System\RLSDWTx.exe
  C:\Windows\System\RLSDWTx.exe
  2⤵
  PID:7872
- C:\Windows\System\mUolpTA.exe
  C:\Windows\System\mUolpTA.exe
  2⤵
  PID:9260
- C:\Windows\System\aeiFzoV.exe
  C:\Windows\System\aeiFzoV.exe
  2⤵
  PID:8540
- C:\Windows\System\kIINwcu.exe
  C:\Windows\System\kIINwcu.exe
  2⤵
  PID:8444
- C:\Windows\System\TwzgauI.exe
  C:\Windows\System\TwzgauI.exe
  2⤵
  PID:9224
- C:\Windows\System\tNYQtuL.exe
  C:\Windows\System\tNYQtuL.exe
  2⤵
  PID:9296
- C:\Windows\System\BJNYyzh.exe
  C:\Windows\System\BJNYyzh.exe
  2⤵
  PID:9520
- C:\Windows\System\HJfgmCZ.exe
  C:\Windows\System\HJfgmCZ.exe
  2⤵
  PID:9452
- C:\Windows\System\QRTigcM.exe
  C:\Windows\System\QRTigcM.exe
  2⤵
  PID:9568
- C:\Windows\System\gTYERoI.exe
  C:\Windows\System\gTYERoI.exe
  2⤵
  PID:9584
- C:\Windows\System\HvKhUUF.exe
  C:\Windows\System\HvKhUUF.exe
  2⤵
  PID:9612
- C:\Windows\System\fhTiJkA.exe
  C:\Windows\System\fhTiJkA.exe
  2⤵
  PID:9680
- C:\Windows\System\CaPySCx.exe
  C:\Windows\System\CaPySCx.exe
  2⤵
  PID:9740
- C:\Windows\System\YCMoKRi.exe
  C:\Windows\System\YCMoKRi.exe
  2⤵
  PID:9772
- C:\Windows\System\PIequvh.exe
  C:\Windows\System\PIequvh.exe
  2⤵
  PID:9728
- C:\Windows\System\UyFAXIa.exe
  C:\Windows\System\UyFAXIa.exe
  2⤵
  PID:9804
- C:\Windows\System\ujeDfoi.exe
  C:\Windows\System\ujeDfoi.exe
  2⤵
  PID:9848
- C:\Windows\System\BnUZVLk.exe
  C:\Windows\System\BnUZVLk.exe
  2⤵
  PID:9912
- C:\Windows\System\tHzVAMJ.exe
  C:\Windows\System\tHzVAMJ.exe
  2⤵
  PID:9776
- C:\Windows\System\jFMNYge.exe
  C:\Windows\System\jFMNYge.exe
  2⤵
  PID:9864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DKCVqpW.exe

Filesize
6.1MB

MD5
122e1836f11b29653a18561b1fd2dc2b

SHA1
9c8534470e86d09d06753e493dc9bfba5a90ddcc

SHA256
1f3e48439cc4f0068a6f8443c85bab069a353e61b836698135acfb6e533b2b25

SHA512
32607376bfaaae1c4a2d5bbf46a7113cc6cee454cc276f71e75c1121ba91412444b2c2aa4b8bd42f56221efd13b6e10ff7bb1cc099883a18a86d012f2b6070c6

Download Submit
C:\Windows\system\EmeIYST.exe

Filesize
6.1MB

MD5
5256bb11410506c9a3cdaa45cc81ee48

SHA1
a3375aaa7b6d5aaf538310a72379c633e9ea35a1

SHA256
6d369c8f13633e60ce40e0820f0c7aa055aaf064c16b68eb1c8079d4b61d3883

SHA512
317f19d8aab11dd4f7ec7e42330d233ef85b7e459b9d16f70dd1d1d76c84218dcf5beb3da708d4bd6dc14764d3ae384268bb07450b1274c0db16fe0a94187584

Download Submit
C:\Windows\system\IEAHyNT.exe

Filesize
6.1MB

MD5
c3ed139e1bd6d9e383be2ed8f2938ddd

SHA1
d59567615cf8c4f7729e8a74d85e945f2860c020

SHA256
3003150654e55d2cc4508de0bdf849235a5bc38e51476dd34b1f113d1a0d1912

SHA512
599a2b363fcaeecd6ab7823300553840458652ade706e0e1a33e23ebdb162bc0857c2de1f153cf1fa29ecf3b67d8bdbf4ab1773aed67146a1ce5d100acc1aa59

Download Submit
C:\Windows\system\IkTdTrv.exe

Filesize
6.1MB

MD5
89390f6e9690ffcff940ecbf12fe91ff

SHA1
9a9224e60e31d6215ce5e59916758f604834a6f3

SHA256
1f8b7b62a7ac6440ed6fc3975c167d79945fa25b89e11214d66d204d4d70535c

SHA512
57ac35e9b8f725b8674cc54dfdf951ee9c670506b03094201fba29b10ad3128a1418912a68938a740bade63df8f914054ee9b720bb1c165430f69f6cbf18db91

Download Submit
C:\Windows\system\IzcDUcE.exe

Filesize
6.1MB

MD5
1cb01e2a777c7c0ec713c6485e7ab5df

SHA1
57d8532e34138aa544617613f2bfbdedf65be703

SHA256
b01efad7283f184e8b6b1e7b1faf6f5ec7d76df620cd19ee8ed73580fb11e1d8

SHA512
8df226752219778d042295344d65213517284297914f1d50d5a76dd58a42bdd8d1c27ca6e309277d9c71149859f8f34f2b98a64f8e16783bacdc0cb509e8b481

Download Submit
C:\Windows\system\JwdrmRw.exe

Filesize
6.1MB

MD5
faeb8bd3a1bf4df6b4a3a2a3d96a1301

SHA1
b3bfccedf1c8a015d0f9e099ce0ba156d59b9316

SHA256
0b74051cc16378db9bc4d2f9b3e9958a852e505d7ffcb6ffb8f7f8b963c89241

SHA512
5a116685c8e4ce8ef138161c54f4fe316e5e7b31986fe9e9f26ec45f47f07d86e176cd7c311a89585b05d65e099016f9e6af1ff42bd8203c754c00216d5050f9

Download Submit
C:\Windows\system\LASLpWs.exe

Filesize
6.1MB

MD5
28aee878db19ed5839f9cce721d2252a

SHA1
356880279cb1df87988493456df7aace09f99c2a

SHA256
5a0523a84cdd18d4f0e7b26d45fa9b896ec501f47fb2e6555a824b72d1451b3d

SHA512
accad1dd2527b8d99880dfdba4aa8287ad87a9554a9f4a9a353b9f350ddadc247d0dd1954178324fa30d8b37f72f67e093369b83e5790ce34cf9f7b336969a8b

Download Submit
C:\Windows\system\PmvzKjm.exe

Filesize
6.1MB

MD5
df890fb7552f1a90543d557a540e0f57

SHA1
ae7463cf502bc86309570cc2b7f14ebb9805b4cc

SHA256
92d8e2fa68070c2cc499f32d61e6e4ded5d6425c7654ddb44a6e78825ea1ed31

SHA512
52d42917e8fd53ef227484a8f52c5e09018ba6cfc2c7429b56f9058ba56041b685ae28186d7375f71935ca3b748c17a3a80762133420470081696c50d7c9356b

Download Submit
C:\Windows\system\PqeVMzx.exe

Filesize
6.1MB

MD5
3f6830f0fac415c7b7c2125548863b54

SHA1
7763b5194d297c36ebb8d237effa66d4a054b89b

SHA256
eed1104c072f425e8f15e60dc3ca722314f926e3721e5ae9cd72fceee0b0798e

SHA512
dec7970b8ad7fbf270734cae1993f1e8c74811e428f25f3fcc154ebd51e59e1a9317ecfcc6021bb7c12fe14464c6600300745eac7c2dab52a5fcdb41de5fc926

Download Submit
C:\Windows\system\VCjmkmq.exe

Filesize
6.1MB

MD5
41e217d6442fc99ee5cff99084cf655e

SHA1
2eae4a3c2a08f26f3bfacfae177f62bfe3fef7d2

SHA256
dbd7c2571e64f022d0607622d8e10dfd7a27a7754e8f7eee6d3161365dd258e4

SHA512
0e849a622debd00177ae5a1bd4f7de39f5f7541bc5e8b8e359adef8668a64190ed8865f720027ce2950ef4a7a307ab60c434b50d38a41875f9a2870081b1ec4d

Download Submit
C:\Windows\system\YFTyLrL.exe

Filesize
6.1MB

MD5
22962a965d2069a121dd7dcbf29ee7ad

SHA1
5a99b7be944efd9ff27fb3366a5edd05ebc1c03a

SHA256
93b46b6fc7477e47dbecdb2d3df2adf0ea531f44148acc3dac80011d0ea43016

SHA512
88d0aa5ff544ed9748e353578222963c0b4b9f34011e2e6a0d60d526b5dc5155565e61e54df50a2a594666f4b4ab4ded864088fd736d0c95b2b48c39a71b5464

Download Submit
C:\Windows\system\YvMawfC.exe

Filesize
6.1MB

MD5
db885470f0ae5782397a2c37e4f8695c

SHA1
eb9fecf6a7c2b8b31462ded314c4cbaec42a23bc

SHA256
8817f5f3cccce887535d08df5c9b815647c92cc4412baa1a4072b3d2a1e7d0c6

SHA512
bd38b7b3eff55173542d9cda58685cfbf5678698996966fa5b3789bba5677ac592022bfd295804f1a4bc0d3c73daf102e8934dd642a7cbcc34d0a72c339311e2

Download Submit
C:\Windows\system\ZEtaqPR.exe

Filesize
6.1MB

MD5
cf05b1c632bde98fecfc2341d01bd653

SHA1
daef64d5b837824a9e4e462706577ed83df4a139

SHA256
c2d6b12ecdcf73e963a6f7b70d558f8f5de44e63ff8e37ff9045d709e609347a

SHA512
e1f4712037c1b8b0ed31e988794524855fcb13565b37ecf508afb6089a2e47b50a7238a5d97c8169b3a9bc75ee5d367036c6359643547bef32a463550cc3cb85

Download Submit
C:\Windows\system\ZJtQSvx.exe

Filesize
6.1MB

MD5
e795714b312a12f8fa9812131fd49fb7

SHA1
2deeee64c093ec21650f9df326cf2606dcd42bb8

SHA256
da06341ae3ba12c7f592d5b7d901fe115cf476ec3d51567190a655afe0a1bb99

SHA512
1158ee35bedda2ffbe7e801706d7dc2908fd29ada0cd2afd66d9feac8b35b4147d3e0dc5dd0e521a74bb79e06961d2297cf2e6e591eb80758ca67864e9db85f4

Download Submit
C:\Windows\system\crRzONB.exe

Filesize
6.1MB

MD5
00e3ba3f941a9cd0e72ccc77015c14bb

SHA1
38eabad79aeaabbe3a490f8b05c710b979bf8507

SHA256
f8da60d558bed7f423660a9512b05a23e894ede572d69906e715cad543fcada8

SHA512
5619e5c621b68557a301b629addce40de50e83308bb536566b93a0cd4ab7201fba74e199145c155078dde53cb6940ee2544f55a39cd406709d310beb19465256

Download Submit
C:\Windows\system\csAepkS.exe

Filesize
6.1MB

MD5
c14f9831fb9c0483d008ffbe2eedddc2

SHA1
ece101bd0802d3b5e8a13635b8628953d98131c3

SHA256
36759bb3123c7b954c948becb094d3919e8caa03e854ddaeb8521f1f97ca41f6

SHA512
6e9f8b7677d7a74e5608d76fad956864c02aeaa9b3a078eb708a9d59441ba90be6e5209761f5dc6c9430ca1309503a86ca2d191399a5f90353fb229f0413ac32

Download Submit
C:\Windows\system\fBMHkZq.exe

Filesize
6.1MB

MD5
8c82eb5c13e39263e0f34141ff994237

SHA1
5b77c03c3f3ce2054b343b696a14ce23144f8cd1

SHA256
a6d4ff996fbee2f7acba69124770ed0a7010fdc8719c6e3a12bb521b19743067

SHA512
d57ac10994302551e26029c7598b5c89d6b3f4aabf9351f5e91f5c55c775dca6c25b890a5c0e5ca3e0e5cad4ec60ffb896b40d625cc2d48a9f1950d8ca6b8e6b

Download Submit
C:\Windows\system\hRDJgdS.exe

Filesize
6.1MB

MD5
33c540493cfea6f04cf3b2cc76fd9413

SHA1
5a281aa7a383cb60a8ce14a2f1235a0f94f3bbd8

SHA256
1486961ae90ac7e96f072471437dcd2c1672e3abab2bbd41a96bfdcc516d29fe

SHA512
950b633e7f73c0ae270b7e65fab05f32b324ca333c98d32bd2ac98cd10bca95a07f749d87f94c38dd1580e426b1bf433116ba7867df7224dfc6f58253007a8a1

Download Submit
C:\Windows\system\mEYIXZi.exe

Filesize
6.1MB

MD5
9e0c885953c4e2c58237f6fc2691314e

SHA1
0276c78a435545ad93390501299ff8fe09ead099

SHA256
ecb34430f45ec7cb75003e93f8d19c72ebd1058ab47858fb2175d90df4abf0d9

SHA512
0a50c8da21b67a2a6f1341a0ea34a5041e22ca98ed6767e6bf82fb970af1510ef91f926a29b59335aeb8ade4da4541c3288627e40ea95d22994eadfc5a9903f9

Download Submit
C:\Windows\system\nDzDPVV.exe

Filesize
6.1MB

MD5
0e56e32739e7db752b2d0a8b651096f2

SHA1
553d5e5417c3c458ffa2a6c997176cb5c6527996

SHA256
783e72f9969a99a65a7fba357edc17759167bf1928f9db5a14fd995c949492b0

SHA512
c0d1e0418a9f282b442eca6dd04d037fafaa35e0e8cc66b60e73244402090669a1ff7741e5d75ea0d89e69b489f3f7c1c3ec6be35690955c434bfdebb66a0f71

Download Submit
C:\Windows\system\nIrWKwo.exe

Filesize
6.1MB

MD5
fa35945e5741c0a4ae57e3434e4ffef7

SHA1
93f4a1fe1d49537f3427d51f0352692c40fa1d7f

SHA256
104de6dbeae701b26236129df58e3678c5089aa7982e7b2e7985d8f1ef5c9593

SHA512
b35563649aa6defc80a40ac9dd89f50b3fcc67e0845fe7343a4a648dc92bb0417cacf73cd59ee7a6267c5b0f23585ae308570bbc8a033ae38f52efdb24b9517a

Download Submit
C:\Windows\system\sIFzgLC.exe

Filesize
6.1MB

MD5
bfe23bb11438f45d851d8557a72da843

SHA1
c0fda4c2cf359dd3903198aa67c08d4cead1ae9a

SHA256
ca8a8d003de5c1522f1d5b84beea38d2b954631b3d4b639386f608ecebc15788

SHA512
6f3bff8cc753039b3148f8b58b8aff74fa2817d1dc8767a229cf3fceb52b5d3bf35fb2554c350692940840a2f4e2cd3c40574033556ca51796870bb0a5fe163f

Download Submit
C:\Windows\system\sXZxzvI.exe

Filesize
6.1MB

MD5
ca0738ed5cbfedf8b17ba54f4da74753

SHA1
0fe661eecf3b61739e3e60619becd9353c2de037

SHA256
9968fe33296c19208ae36e0bb2560f996e74dd2db247bb78af3719c417f874f7

SHA512
73e1ea654e89a679eeaf251dc34afb0ee717805e4256b11239b3113f714ee370cf0aa9e1afce8218aed171e9e270079fac963d88efd66253a97eb49f738a9aff

Download Submit
C:\Windows\system\tYKzvzN.exe

Filesize
6.1MB

MD5
3249d2e6981bf930fd22629cc2b0c86d

SHA1
d426b18c71ee3f7f492be32acbdd7a2e9655f686

SHA256
24059d20aab4e1a425764f0a0f4112b57619ce2b391d6bb09a03851b175b0836

SHA512
246f8981d07dcac099015e593af96897bced6e1b800ded5cdedd9adc29132062402993ff5f7ed3647a257b5635b6d47067f1055496eee9ce1b76f05f09b5fee3

Download Submit
C:\Windows\system\unydZWp.exe

Filesize
6.1MB

MD5
d7bd1c9a0f799116d1245fd040452737

SHA1
c46d15432e1e55177b2a47d922b9ddbf031de8b2

SHA256
ea0fffc76e5fcf6b8394fe41fde10981f81c96c3066d39628938da543c2134ac

SHA512
251a940fb2ad114832c96c9a959e27c98d5a130a50f93ee6770f78426afc313dcef9466e25ad354fb67fdd427a32033c42866d46dcce30cb0cbcf2ac2760861a

Download Submit
C:\Windows\system\wpDMtUl.exe

Filesize
6.1MB

MD5
d75f7d0a241aad41385392a420a7c4bb

SHA1
f9b90d4196f74f373591cfd8dd4eeef80579b09a

SHA256
3517d378aae499658261bf0668351fbb80497c1d992124df9cbbe6448d9005d7

SHA512
e8f0185ffb3c723eaef3f7369edc00443fc8fcfec6fef68b25779a75fe6f76bd1370ac64785788765e803a2e60eeeb605be8060409be0274f6ad0c86e773c8b1

Download Submit
C:\Windows\system\ynllPPy.exe

Filesize
6.1MB

MD5
f12db10a67c8e9dc52f68fdd1326cbd7

SHA1
a78086df8abe51fff64c6a5e075ba5f4f873b15d

SHA256
d00050b25c14b7e05219469f7babe000df78ba443f367790dcb1254cc3f6d5c6

SHA512
db532c6a562931b1afe8d891ff3b1d4694d9817e40713321695b87628d5d1f3f1584d566c01a703cf7ed337037a40e77c505b781a4325fd906d7a7cef37ceb2c

Download Submit
C:\Windows\system\yrHqBcf.exe

Filesize
6.1MB

MD5
216e37793a77e4ddfbb64e80159bdc93

SHA1
5e92ea889f9bea5f50caccef951b6444f085413c

SHA256
e2564bca6de9156faa15bf1a9d1f59eda95309e1ac196985e3f8936d4b82289f

SHA512
481932d1d60dece73cb07ef7327dce30b6bdcac5ca12decc862388e69f12c7932ff781fee0c89bdd8750d7237a640618c4d96c3c301917c06e49833cf0f5d850

Download Submit
C:\Windows\system\zMMPido.exe

Filesize
6.1MB

MD5
bd73d0652e39460d628c74c89a24b23d

SHA1
7348b1dd664f42aecdb8d31cc1282090ee65ae43

SHA256
333bb41947593424e2c3e2ce314cf8ea9c372ad5237e9e9371aca00c8b72456b

SHA512
b50efbd33594d5a8878423f00e723178cf2edd6a5a249fb258797a65bae06fff81392ec75cfb499136dff0026d11bfc77da0ab324581c0186f599fe8b4cd7e35

Download Submit
\Windows\system\FlWzOVn.exe

Filesize
6.1MB

MD5
958c96ee1ab4c17424f7cabd0f035238

SHA1
aab433d643062ad8f02bdd1ae10ff512aedaefd8

SHA256
eb6bb62045581ce2c347549b324010988ec465b163f67d25af7a320ce30dda8d

SHA512
e948ddb69dcd3d5dfc73589bb7076c0c18a759cba795e158fc9639e7f403cce5ac1c64c06b92a9214d452d2052a6f99a3a68ee0ef4dc6fd74166bdbf8a2938cb

Download Submit
\Windows\system\TRBqVXF.exe

Filesize
6.1MB

MD5
89103f3622366c22fb5fe314ee2d9d59

SHA1
f2ec61697dc29375a41990cd44805242a83ee26d

SHA256
88e66a1286b8c8e9f42e50bb7b4e9a307199c756e805d6cd1cbab2c0e753bb60

SHA512
a5c3be3a66005c7c69dc0e7c44d9ade88234d5534812703f63d27c7a0046271339425b025e241282115fece3653d697de8a394e2b63e098f9230c4bea0758cb9

Download Submit
\Windows\system\YeWeKMq.exe

Filesize
6.1MB

MD5
3d587bf951a425f0a7301769b6ab4dcb

SHA1
2923e0b8c90a3243d25bcf08b0c3593805f53cde

SHA256
506e7fd0c93ac66d7d8364fb7a61252f35c10c5b99b9bd28ca2b788fdd6c0754

SHA512
f49206468673c06713f5e72b2658f7620867bd3849c90895bacf76ef37e7f0cb19c012cd46415373ff7f608d30d8f2a400de53386409243f2e4d45afad9ecced

Download Submit
memory/848-887-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/848-642-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/848-643-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/848-644-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/848-760-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/848-1349-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/848-1023-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/848-0-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/848-759-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/848-105-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/848-95-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/848-66-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/848-91-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/848-87-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/848-75-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/848-64-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/848-73-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/848-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/848-71-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/848-17-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/848-69-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/848-78-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/848-83-0x00000000022A0000-0x00000000025F4000-memory.dmp

Filesize
3.3MB

Download
memory/848-85-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/848-92-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-4081-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-100-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-76-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2084-3894-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2436-68-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-3935-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-3845-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-89-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2500-93-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2500-3846-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3843-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2584-67-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2636-88-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2636-3936-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3850-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-82-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3847-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2716-84-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2892-86-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3842-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2920-65-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3854-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2936-70-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3848-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-74-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-3844-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-72-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-3875-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download