cobaltstrike | 4e604959c9c5a3d3aedc49c7900a1bf20ff2906a9bb4516c48d23a4e7f0143d8

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-09-2024 09:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

10d044933ee076ff8eda0768fe39fdf9
SHA1

bccefeb9c28102a15d205507c9abf3c6fbefaf31
SHA256

4e604959c9c5a3d3aedc49c7900a1bf20ff2906a9bb4516c48d23a4e7f0143d8
SHA512

7f99d66808b9d7543ca50c2fa475e98137f585b036bd5ff52b543be64899ac8799424121fd94679974c4cee76a2e6f328ba2a2c3e691d6e856a3c5b1b9cf066d
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUU:eOl56utgpPF8u/7U

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000120f1-6.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000187a5-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019023-12.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001925e-34.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019350-38.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193b4-44.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193c2-54.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001941e-71.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197f8-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc0-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c5b-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc2-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-174.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000198f0-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cb9-187.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000199bf-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c59-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196b1-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019838-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001977d-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196af-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-88.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-78.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000193e1-62.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019282-27.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

resource	yara_rule
behavioral1/memory/1288-0-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/files/0x00090000000120f1-6.dat	xmrig
behavioral1/files/0x00080000000187a5-7.dat	xmrig
behavioral1/files/0x0008000000019023-12.dat	xmrig
behavioral1/files/0x000700000001925e-34.dat	xmrig
behavioral1/memory/2332-35-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x0006000000019350-38.dat	xmrig
behavioral1/files/0x00060000000193b4-44.dat	xmrig
behavioral1/files/0x00060000000193c2-54.dat	xmrig
behavioral1/memory/2944-67-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x000800000001941e-71.dat	xmrig
behavioral1/files/0x0005000000019619-80.dat	xmrig
behavioral1/files/0x00050000000197f8-153.dat	xmrig
behavioral1/memory/1288-526-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2780-552-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2644-554-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019dc0-189.dat	xmrig
behavioral1/files/0x0005000000019c5b-183.dat	xmrig
behavioral1/files/0x0005000000019dc2-192.dat	xmrig
behavioral1/files/0x0005000000019c57-174.dat	xmrig
behavioral1/files/0x00050000000198f0-171.dat	xmrig
behavioral1/files/0x0005000000019cb9-187.dat	xmrig
behavioral1/files/0x00050000000199bf-168.dat	xmrig
behavioral1/files/0x0005000000019c59-178.dat	xmrig
behavioral1/files/0x0005000000019667-142.dat	xmrig
behavioral1/files/0x0005000000019623-140.dat	xmrig
behavioral1/files/0x00050000000196b1-136.dat	xmrig
behavioral1/files/0x0005000000019621-99.dat	xmrig
behavioral1/files/0x000500000001961d-92.dat	xmrig
behavioral1/files/0x0005000000019838-158.dat	xmrig
behavioral1/files/0x000500000001977d-146.dat	xmrig
behavioral1/files/0x00050000000196af-130.dat	xmrig
behavioral1/memory/2720-83-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019625-116.dat	xmrig
behavioral1/memory/2332-75-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2712-74-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/1288-73-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x0005000000019622-107.dat	xmrig
behavioral1/files/0x000500000001961f-106.dat	xmrig
behavioral1/memory/2644-97-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/1288-90-0x00000000024A0000-0x00000000027F4000-memory.dmp	xmrig
behavioral1/memory/2780-89-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001961b-88.dat	xmrig
behavioral1/memory/1288-87-0x00000000024A0000-0x00000000027F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019617-78.dat	xmrig
behavioral1/memory/1288-66-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/1288-58-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2768-57-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/3012-64-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x00090000000193e1-62.dat	xmrig
behavioral1/memory/2824-50-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2720-40-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/3012-19-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/1096-33-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/1288-30-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2892-28-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/files/0x0007000000019282-27.dat	xmrig
behavioral1/memory/2540-26-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2768-3432-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2332-3559-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2712-3653-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2644-3656-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2780-3657-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2892	hOhtJZS.exe
3012	YIKhVAK.exe
2540	yLCbSkW.exe
1096	wnNBxFM.exe
2332	swfeKvY.exe
2720	LaXIRJB.exe
2824	cwqtIhU.exe
2768	pxVHUJc.exe
2944	qkHKSSi.exe
2712	lLakjFI.exe
2780	AbwBtVj.exe
2644	dLfvBAz.exe
3048	sFGuuEm.exe
2004	phRTjCK.exe
1752	OXgNKTX.exe
2612	friUbcA.exe
2584	wSsARUU.exe
3068	zHARLQu.exe
1728	daSwrsY.exe
1296	dJUjgPz.exe
2036	ZsDLZST.exe
1796	pkABLAW.exe
1516	OLHdyvy.exe
1860	nafqHFS.exe
1056	TKVADWH.exe
1632	qxOhcec.exe
548	txrHhLT.exe
1476	FQOUVeT.exe
688	jnKlinD.exe
1240	YTKMQBx.exe
1872	yLtfxfP.exe
1256	BBCJHFx.exe
808	RBIdRad.exe
1260	iTDTQoZ.exe
904	xYfJWTs.exe
940	CIPfLWI.exe
1560	vofsvSn.exe
1808	vFntkSb.exe
2168	JmRpaSs.exe
2292	uEcDUKp.exe
2064	ewePOFH.exe
2124	FZBwOPi.exe
2520	opQwcSo.exe
1492	lWDXEkx.exe
340	tAudvRk.exe
2248	nXeMjGE.exe
1316	rHalPyx.exe
816	dHGGttr.exe
2552	BhgBUUa.exe
1596	qdNIGMj.exe
2108	FYHkVoQ.exe
2276	OLWIVrA.exe
2184	mKHLtlW.exe
2876	BXFcgwS.exe
2080	gBCQTxs.exe
1736	tTmjvdf.exe
1788	yWgBCqB.exe
2272	WOOhcKn.exe
2852	nwTBVTR.exe
2744	OyEBzuz.exe
1380	GxqROEj.exe
2624	fPMlkkg.exe
1760	QJMphUB.exe
1428	nDoTRBt.exe

Loads dropped DLL 64 IoCs

pid	Process
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 57 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1288-0-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/files/0x00090000000120f1-6.dat	upx
behavioral1/files/0x00080000000187a5-7.dat	upx
behavioral1/files/0x0008000000019023-12.dat	upx
behavioral1/files/0x000700000001925e-34.dat	upx
behavioral1/memory/2332-35-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x0006000000019350-38.dat	upx
behavioral1/files/0x00060000000193b4-44.dat	upx
behavioral1/files/0x00060000000193c2-54.dat	upx
behavioral1/memory/2944-67-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x000800000001941e-71.dat	upx
behavioral1/files/0x0005000000019619-80.dat	upx
behavioral1/files/0x00050000000197f8-153.dat	upx
behavioral1/memory/2780-552-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2644-554-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x0005000000019dc0-189.dat	upx
behavioral1/files/0x0005000000019c5b-183.dat	upx
behavioral1/files/0x0005000000019dc2-192.dat	upx
behavioral1/files/0x0005000000019c57-174.dat	upx
behavioral1/files/0x00050000000198f0-171.dat	upx
behavioral1/files/0x0005000000019cb9-187.dat	upx
behavioral1/files/0x00050000000199bf-168.dat	upx
behavioral1/files/0x0005000000019c59-178.dat	upx
behavioral1/files/0x0005000000019667-142.dat	upx
behavioral1/files/0x0005000000019623-140.dat	upx
behavioral1/files/0x00050000000196b1-136.dat	upx
behavioral1/files/0x0005000000019621-99.dat	upx
behavioral1/files/0x000500000001961d-92.dat	upx
behavioral1/files/0x0005000000019838-158.dat	upx
behavioral1/files/0x000500000001977d-146.dat	upx
behavioral1/files/0x00050000000196af-130.dat	upx
behavioral1/memory/2720-83-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x0005000000019625-116.dat	upx
behavioral1/memory/2332-75-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2712-74-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x0005000000019622-107.dat	upx
behavioral1/files/0x000500000001961f-106.dat	upx
behavioral1/memory/2644-97-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2780-89-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/files/0x000500000001961b-88.dat	upx
behavioral1/files/0x0005000000019617-78.dat	upx
behavioral1/memory/1288-58-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2768-57-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/3012-64-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/files/0x00090000000193e1-62.dat	upx
behavioral1/memory/2824-50-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2720-40-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/3012-19-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/1096-33-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2892-28-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x0007000000019282-27.dat	upx
behavioral1/memory/2540-26-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2768-3432-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2332-3559-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2712-3653-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2644-3656-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2780-3657-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\faoDjQU.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWYkbNr.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NHVyJRd.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LfGvkBC.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QqtHDUs.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYkyZjS.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUzbIsH.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tYUVyzy.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlsSXWH.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UbFBbnZ.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fJYHKUi.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WXpbFYo.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xjGpxDo.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sFlrCgF.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zFutklO.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GXnbKDg.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCqClJT.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NdgCfYl.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXXkRIA.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TYpPjcw.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GqlPKQf.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LrnrdDf.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kmrpowQ.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbwBtVj.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rAmDdRB.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uilycxt.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpFbTlk.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TeYgGsn.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ApeOiXu.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tEEzzJU.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CJXrRqN.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yUVJRac.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tuJFeju.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UHlNnPb.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzSRItX.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LyUoFLy.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXOjHbd.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnmHPLa.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FNJwchU.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\okEyPIA.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OgxRPVW.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XUZWlTl.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HQiGPMi.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xCHNHax.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\plJWhkJ.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLMyYxC.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EKfFLkJ.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GGiEivi.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\THDuUUp.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VqDGuPI.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zjAAcIk.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GKEVzAV.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vFntkSb.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yEGkzZJ.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NCsLTSB.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kFeSDRW.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHlRMXy.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\exmQBvm.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KcgTXSO.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gSYqqHK.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMOiXTr.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TiHEqlw.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PEviljb.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnKTHFd.exe	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1288 wrote to memory of 2892	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1288 wrote to memory of 2892	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1288 wrote to memory of 2892	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1288 wrote to memory of 3012	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1288 wrote to memory of 3012	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1288 wrote to memory of 3012	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1288 wrote to memory of 2540	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1288 wrote to memory of 2540	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1288 wrote to memory of 2540	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1288 wrote to memory of 2332	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1288 wrote to memory of 2332	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1288 wrote to memory of 2332	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1288 wrote to memory of 1096	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1288 wrote to memory of 1096	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1288 wrote to memory of 1096	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1288 wrote to memory of 2720	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1288 wrote to memory of 2720	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1288 wrote to memory of 2720	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1288 wrote to memory of 2824	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1288 wrote to memory of 2824	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1288 wrote to memory of 2824	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1288 wrote to memory of 2768	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1288 wrote to memory of 2768	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1288 wrote to memory of 2768	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1288 wrote to memory of 2944	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1288 wrote to memory of 2944	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1288 wrote to memory of 2944	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1288 wrote to memory of 2712	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1288 wrote to memory of 2712	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1288 wrote to memory of 2712	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1288 wrote to memory of 2780	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1288 wrote to memory of 2780	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1288 wrote to memory of 2780	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1288 wrote to memory of 2612	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1288 wrote to memory of 2612	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1288 wrote to memory of 2612	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1288 wrote to memory of 2644	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1288 wrote to memory of 2644	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1288 wrote to memory of 2644	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1288 wrote to memory of 3068	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1288 wrote to memory of 3068	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1288 wrote to memory of 3068	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1288 wrote to memory of 3048	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1288 wrote to memory of 3048	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1288 wrote to memory of 3048	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1288 wrote to memory of 1728	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1288 wrote to memory of 1728	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1288 wrote to memory of 1728	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1288 wrote to memory of 2004	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1288 wrote to memory of 2004	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1288 wrote to memory of 2004	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1288 wrote to memory of 1296	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1288 wrote to memory of 1296	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1288 wrote to memory of 1296	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1288 wrote to memory of 1752	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1288 wrote to memory of 1752	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1288 wrote to memory of 1752	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1288 wrote to memory of 2036	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1288 wrote to memory of 2036	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1288 wrote to memory of 2036	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1288 wrote to memory of 2584	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1288 wrote to memory of 2584	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1288 wrote to memory of 2584	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1288 wrote to memory of 1516	1288	2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-15_10d044933ee076ff8eda0768fe39fdf9_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1288
- C:\Windows\System\hOhtJZS.exe
  C:\Windows\System\hOhtJZS.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\YIKhVAK.exe
  C:\Windows\System\YIKhVAK.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\yLCbSkW.exe
  C:\Windows\System\yLCbSkW.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\swfeKvY.exe
  C:\Windows\System\swfeKvY.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\wnNBxFM.exe
  C:\Windows\System\wnNBxFM.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\LaXIRJB.exe
  C:\Windows\System\LaXIRJB.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\cwqtIhU.exe
  C:\Windows\System\cwqtIhU.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\pxVHUJc.exe
  C:\Windows\System\pxVHUJc.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\qkHKSSi.exe
  C:\Windows\System\qkHKSSi.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\lLakjFI.exe
  C:\Windows\System\lLakjFI.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\AbwBtVj.exe
  C:\Windows\System\AbwBtVj.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\friUbcA.exe
  C:\Windows\System\friUbcA.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\dLfvBAz.exe
  C:\Windows\System\dLfvBAz.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\zHARLQu.exe
  C:\Windows\System\zHARLQu.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\sFGuuEm.exe
  C:\Windows\System\sFGuuEm.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\daSwrsY.exe
  C:\Windows\System\daSwrsY.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\phRTjCK.exe
  C:\Windows\System\phRTjCK.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\dJUjgPz.exe
  C:\Windows\System\dJUjgPz.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\OXgNKTX.exe
  C:\Windows\System\OXgNKTX.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\ZsDLZST.exe
  C:\Windows\System\ZsDLZST.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\wSsARUU.exe
  C:\Windows\System\wSsARUU.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\OLHdyvy.exe
  C:\Windows\System\OLHdyvy.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\pkABLAW.exe
  C:\Windows\System\pkABLAW.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\nafqHFS.exe
  C:\Windows\System\nafqHFS.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\TKVADWH.exe
  C:\Windows\System\TKVADWH.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\txrHhLT.exe
  C:\Windows\System\txrHhLT.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\qxOhcec.exe
  C:\Windows\System\qxOhcec.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\FQOUVeT.exe
  C:\Windows\System\FQOUVeT.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\jnKlinD.exe
  C:\Windows\System\jnKlinD.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\YTKMQBx.exe
  C:\Windows\System\YTKMQBx.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\yLtfxfP.exe
  C:\Windows\System\yLtfxfP.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\RBIdRad.exe
  C:\Windows\System\RBIdRad.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\BBCJHFx.exe
  C:\Windows\System\BBCJHFx.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\iTDTQoZ.exe
  C:\Windows\System\iTDTQoZ.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\xYfJWTs.exe
  C:\Windows\System\xYfJWTs.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\CIPfLWI.exe
  C:\Windows\System\CIPfLWI.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\vofsvSn.exe
  C:\Windows\System\vofsvSn.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\vFntkSb.exe
  C:\Windows\System\vFntkSb.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\JmRpaSs.exe
  C:\Windows\System\JmRpaSs.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\uEcDUKp.exe
  C:\Windows\System\uEcDUKp.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\ewePOFH.exe
  C:\Windows\System\ewePOFH.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\opQwcSo.exe
  C:\Windows\System\opQwcSo.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\FZBwOPi.exe
  C:\Windows\System\FZBwOPi.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\tAudvRk.exe
  C:\Windows\System\tAudvRk.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\lWDXEkx.exe
  C:\Windows\System\lWDXEkx.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\nXeMjGE.exe
  C:\Windows\System\nXeMjGE.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\rHalPyx.exe
  C:\Windows\System\rHalPyx.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\dHGGttr.exe
  C:\Windows\System\dHGGttr.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\BhgBUUa.exe
  C:\Windows\System\BhgBUUa.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\qdNIGMj.exe
  C:\Windows\System\qdNIGMj.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\FYHkVoQ.exe
  C:\Windows\System\FYHkVoQ.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\gBCQTxs.exe
  C:\Windows\System\gBCQTxs.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\OLWIVrA.exe
  C:\Windows\System\OLWIVrA.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\WOOhcKn.exe
  C:\Windows\System\WOOhcKn.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\mKHLtlW.exe
  C:\Windows\System\mKHLtlW.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\nwTBVTR.exe
  C:\Windows\System\nwTBVTR.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\BXFcgwS.exe
  C:\Windows\System\BXFcgwS.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\OyEBzuz.exe
  C:\Windows\System\OyEBzuz.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\tTmjvdf.exe
  C:\Windows\System\tTmjvdf.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\yWgBCqB.exe
  C:\Windows\System\yWgBCqB.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\GxqROEj.exe
  C:\Windows\System\GxqROEj.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\fPMlkkg.exe
  C:\Windows\System\fPMlkkg.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\QJMphUB.exe
  C:\Windows\System\QJMphUB.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\nDoTRBt.exe
  C:\Windows\System\nDoTRBt.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\BiVTlae.exe
  C:\Windows\System\BiVTlae.exe
  2⤵
  PID:2428
- C:\Windows\System\XvWEGXP.exe
  C:\Windows\System\XvWEGXP.exe
  2⤵
  PID:1624
- C:\Windows\System\bzvXnVn.exe
  C:\Windows\System\bzvXnVn.exe
  2⤵
  PID:2572
- C:\Windows\System\MlJXBUo.exe
  C:\Windows\System\MlJXBUo.exe
  2⤵
  PID:1004
- C:\Windows\System\VbCCOkh.exe
  C:\Windows\System\VbCCOkh.exe
  2⤵
  PID:1580
- C:\Windows\System\otqRLoa.exe
  C:\Windows\System\otqRLoa.exe
  2⤵
  PID:2984
- C:\Windows\System\NuHrevP.exe
  C:\Windows\System\NuHrevP.exe
  2⤵
  PID:2524
- C:\Windows\System\IYvwXYF.exe
  C:\Windows\System\IYvwXYF.exe
  2⤵
  PID:1756
- C:\Windows\System\AyxHKAR.exe
  C:\Windows\System\AyxHKAR.exe
  2⤵
  PID:2548
- C:\Windows\System\PSsTrDZ.exe
  C:\Windows\System\PSsTrDZ.exe
  2⤵
  PID:2304
- C:\Windows\System\QMDFsyU.exe
  C:\Windows\System\QMDFsyU.exe
  2⤵
  PID:1388
- C:\Windows\System\TDBUFrf.exe
  C:\Windows\System\TDBUFrf.exe
  2⤵
  PID:2500
- C:\Windows\System\BzlvoPz.exe
  C:\Windows\System\BzlvoPz.exe
  2⤵
  PID:1508
- C:\Windows\System\QvkTEvw.exe
  C:\Windows\System\QvkTEvw.exe
  2⤵
  PID:592
- C:\Windows\System\owjdRQO.exe
  C:\Windows\System\owjdRQO.exe
  2⤵
  PID:2316
- C:\Windows\System\BQJcTeW.exe
  C:\Windows\System\BQJcTeW.exe
  2⤵
  PID:1032
- C:\Windows\System\TQRwPSN.exe
  C:\Windows\System\TQRwPSN.exe
  2⤵
  PID:2224
- C:\Windows\System\QmSDgql.exe
  C:\Windows\System\QmSDgql.exe
  2⤵
  PID:1600
- C:\Windows\System\pwNoTan.exe
  C:\Windows\System\pwNoTan.exe
  2⤵
  PID:2180
- C:\Windows\System\ipDJLsY.exe
  C:\Windows\System\ipDJLsY.exe
  2⤵
  PID:1712
- C:\Windows\System\kEqYIuJ.exe
  C:\Windows\System\kEqYIuJ.exe
  2⤵
  PID:2668
- C:\Windows\System\QhiOoZJ.exe
  C:\Windows\System\QhiOoZJ.exe
  2⤵
  PID:1924
- C:\Windows\System\dCepaqZ.exe
  C:\Windows\System\dCepaqZ.exe
  2⤵
  PID:540
- C:\Windows\System\mIYQVcL.exe
  C:\Windows\System\mIYQVcL.exe
  2⤵
  PID:2160
- C:\Windows\System\LokBAQl.exe
  C:\Windows\System\LokBAQl.exe
  2⤵
  PID:1976
- C:\Windows\System\tVBTdOb.exe
  C:\Windows\System\tVBTdOb.exe
  2⤵
  PID:1364
- C:\Windows\System\vHsvLIn.exe
  C:\Windows\System\vHsvLIn.exe
  2⤵
  PID:3088
- C:\Windows\System\kMmxMyN.exe
  C:\Windows\System\kMmxMyN.exe
  2⤵
  PID:3128
- C:\Windows\System\XPiiDJB.exe
  C:\Windows\System\XPiiDJB.exe
  2⤵
  PID:3148
- C:\Windows\System\PbznmcH.exe
  C:\Windows\System\PbznmcH.exe
  2⤵
  PID:3168
- C:\Windows\System\ckeesaB.exe
  C:\Windows\System\ckeesaB.exe
  2⤵
  PID:3188
- C:\Windows\System\YWQEiSo.exe
  C:\Windows\System\YWQEiSo.exe
  2⤵
  PID:3208
- C:\Windows\System\LhMkmCI.exe
  C:\Windows\System\LhMkmCI.exe
  2⤵
  PID:3224
- C:\Windows\System\fWOlZJa.exe
  C:\Windows\System\fWOlZJa.exe
  2⤵
  PID:3248
- C:\Windows\System\soXUaNJ.exe
  C:\Windows\System\soXUaNJ.exe
  2⤵
  PID:3268
- C:\Windows\System\QvrlVnb.exe
  C:\Windows\System\QvrlVnb.exe
  2⤵
  PID:3292
- C:\Windows\System\VfJGOkX.exe
  C:\Windows\System\VfJGOkX.exe
  2⤵
  PID:3312
- C:\Windows\System\SLNIlGK.exe
  C:\Windows\System\SLNIlGK.exe
  2⤵
  PID:3332
- C:\Windows\System\KOHzkCw.exe
  C:\Windows\System\KOHzkCw.exe
  2⤵
  PID:3352
- C:\Windows\System\PAWzLXe.exe
  C:\Windows\System\PAWzLXe.exe
  2⤵
  PID:3368
- C:\Windows\System\XLQiPCj.exe
  C:\Windows\System\XLQiPCj.exe
  2⤵
  PID:3388
- C:\Windows\System\XyDfJjE.exe
  C:\Windows\System\XyDfJjE.exe
  2⤵
  PID:3404
- C:\Windows\System\KBeZLXR.exe
  C:\Windows\System\KBeZLXR.exe
  2⤵
  PID:3420
- C:\Windows\System\FCVVyDD.exe
  C:\Windows\System\FCVVyDD.exe
  2⤵
  PID:3436
- C:\Windows\System\zLwPOky.exe
  C:\Windows\System\zLwPOky.exe
  2⤵
  PID:3452
- C:\Windows\System\zUGGAnj.exe
  C:\Windows\System\zUGGAnj.exe
  2⤵
  PID:3472
- C:\Windows\System\YRxSFCU.exe
  C:\Windows\System\YRxSFCU.exe
  2⤵
  PID:3500
- C:\Windows\System\lhLfLmz.exe
  C:\Windows\System\lhLfLmz.exe
  2⤵
  PID:3520
- C:\Windows\System\NLzgDNP.exe
  C:\Windows\System\NLzgDNP.exe
  2⤵
  PID:3536
- C:\Windows\System\rAmDdRB.exe
  C:\Windows\System\rAmDdRB.exe
  2⤵
  PID:3560
- C:\Windows\System\bZDFdkM.exe
  C:\Windows\System\bZDFdkM.exe
  2⤵
  PID:3584
- C:\Windows\System\GpYULvQ.exe
  C:\Windows\System\GpYULvQ.exe
  2⤵
  PID:3604
- C:\Windows\System\GYBZBIo.exe
  C:\Windows\System\GYBZBIo.exe
  2⤵
  PID:3628
- C:\Windows\System\CbvfVJm.exe
  C:\Windows\System\CbvfVJm.exe
  2⤵
  PID:3648
- C:\Windows\System\GpCqYKK.exe
  C:\Windows\System\GpCqYKK.exe
  2⤵
  PID:3664
- C:\Windows\System\oKHCikm.exe
  C:\Windows\System\oKHCikm.exe
  2⤵
  PID:3692
- C:\Windows\System\ViVdqEx.exe
  C:\Windows\System\ViVdqEx.exe
  2⤵
  PID:3708
- C:\Windows\System\OoXeIQR.exe
  C:\Windows\System\OoXeIQR.exe
  2⤵
  PID:3732
- C:\Windows\System\vjieLmY.exe
  C:\Windows\System\vjieLmY.exe
  2⤵
  PID:3752
- C:\Windows\System\xTEiCgY.exe
  C:\Windows\System\xTEiCgY.exe
  2⤵
  PID:3768
- C:\Windows\System\AVKhfrd.exe
  C:\Windows\System\AVKhfrd.exe
  2⤵
  PID:3788
- C:\Windows\System\akEwmhX.exe
  C:\Windows\System\akEwmhX.exe
  2⤵
  PID:3808
- C:\Windows\System\odYJbvf.exe
  C:\Windows\System\odYJbvf.exe
  2⤵
  PID:3832
- C:\Windows\System\rXqbdFe.exe
  C:\Windows\System\rXqbdFe.exe
  2⤵
  PID:3852
- C:\Windows\System\BBGkngM.exe
  C:\Windows\System\BBGkngM.exe
  2⤵
  PID:3868
- C:\Windows\System\SLPOhdQ.exe
  C:\Windows\System\SLPOhdQ.exe
  2⤵
  PID:3884
- C:\Windows\System\ZotpqRo.exe
  C:\Windows\System\ZotpqRo.exe
  2⤵
  PID:3904
- C:\Windows\System\skfTMRj.exe
  C:\Windows\System\skfTMRj.exe
  2⤵
  PID:3920
- C:\Windows\System\HMEZeur.exe
  C:\Windows\System\HMEZeur.exe
  2⤵
  PID:3940
- C:\Windows\System\giSFKVY.exe
  C:\Windows\System\giSFKVY.exe
  2⤵
  PID:3964
- C:\Windows\System\ubdBklF.exe
  C:\Windows\System\ubdBklF.exe
  2⤵
  PID:3984
- C:\Windows\System\rHwXGmm.exe
  C:\Windows\System\rHwXGmm.exe
  2⤵
  PID:4004
- C:\Windows\System\MfXGnei.exe
  C:\Windows\System\MfXGnei.exe
  2⤵
  PID:4028
- C:\Windows\System\fFxvqXn.exe
  C:\Windows\System\fFxvqXn.exe
  2⤵
  PID:4048
- C:\Windows\System\qnFjnSh.exe
  C:\Windows\System\qnFjnSh.exe
  2⤵
  PID:4064
- C:\Windows\System\jmEsJrQ.exe
  C:\Windows\System\jmEsJrQ.exe
  2⤵
  PID:4088
- C:\Windows\System\pFZNaQg.exe
  C:\Windows\System\pFZNaQg.exe
  2⤵
  PID:2532
- C:\Windows\System\QdIFqTR.exe
  C:\Windows\System\QdIFqTR.exe
  2⤵
  PID:1000
- C:\Windows\System\LdcACxB.exe
  C:\Windows\System\LdcACxB.exe
  2⤵
  PID:1640
- C:\Windows\System\CYXKSip.exe
  C:\Windows\System\CYXKSip.exe
  2⤵
  PID:2244
- C:\Windows\System\hlatREx.exe
  C:\Windows\System\hlatREx.exe
  2⤵
  PID:964
- C:\Windows\System\QRykmIA.exe
  C:\Windows\System\QRykmIA.exe
  2⤵
  PID:672
- C:\Windows\System\Wihcnrb.exe
  C:\Windows\System\Wihcnrb.exe
  2⤵
  PID:2484
- C:\Windows\System\dJnfBvj.exe
  C:\Windows\System\dJnfBvj.exe
  2⤵
  PID:2988
- C:\Windows\System\BDOiGPn.exe
  C:\Windows\System\BDOiGPn.exe
  2⤵
  PID:1276
- C:\Windows\System\GhmOfty.exe
  C:\Windows\System\GhmOfty.exe
  2⤵
  PID:1732
- C:\Windows\System\MHdHqoC.exe
  C:\Windows\System\MHdHqoC.exe
  2⤵
  PID:3076
- C:\Windows\System\pDXzqqV.exe
  C:\Windows\System\pDXzqqV.exe
  2⤵
  PID:3108
- C:\Windows\System\ilfuvWS.exe
  C:\Windows\System\ilfuvWS.exe
  2⤵
  PID:3144
- C:\Windows\System\NoVoEzq.exe
  C:\Windows\System\NoVoEzq.exe
  2⤵
  PID:3216
- C:\Windows\System\CORChQa.exe
  C:\Windows\System\CORChQa.exe
  2⤵
  PID:3260
- C:\Windows\System\XGqmhhK.exe
  C:\Windows\System\XGqmhhK.exe
  2⤵
  PID:3340
- C:\Windows\System\fPBxQim.exe
  C:\Windows\System\fPBxQim.exe
  2⤵
  PID:3196
- C:\Windows\System\NJEuRIr.exe
  C:\Windows\System\NJEuRIr.exe
  2⤵
  PID:3240
- C:\Windows\System\lwEstaa.exe
  C:\Windows\System\lwEstaa.exe
  2⤵
  PID:3276
- C:\Windows\System\UgzdrZL.exe
  C:\Windows\System\UgzdrZL.exe
  2⤵
  PID:3320
- C:\Windows\System\sDvrCtB.exe
  C:\Windows\System\sDvrCtB.exe
  2⤵
  PID:3376
- C:\Windows\System\xxmtAwz.exe
  C:\Windows\System\xxmtAwz.exe
  2⤵
  PID:3412
- C:\Windows\System\FNRhpGn.exe
  C:\Windows\System\FNRhpGn.exe
  2⤵
  PID:3480
- C:\Windows\System\RujHDiw.exe
  C:\Windows\System\RujHDiw.exe
  2⤵
  PID:3496
- C:\Windows\System\byUaPyq.exe
  C:\Windows\System\byUaPyq.exe
  2⤵
  PID:3572
- C:\Windows\System\rLuCKKM.exe
  C:\Windows\System\rLuCKKM.exe
  2⤵
  PID:3400
- C:\Windows\System\OwAFPiq.exe
  C:\Windows\System\OwAFPiq.exe
  2⤵
  PID:3464
- C:\Windows\System\tjSFpqX.exe
  C:\Windows\System\tjSFpqX.exe
  2⤵
  PID:3616
- C:\Windows\System\DNuSsOF.exe
  C:\Windows\System\DNuSsOF.exe
  2⤵
  PID:3556
- C:\Windows\System\HUhceXD.exe
  C:\Windows\System\HUhceXD.exe
  2⤵
  PID:3600
- C:\Windows\System\UeMYneI.exe
  C:\Windows\System\UeMYneI.exe
  2⤵
  PID:3740
- C:\Windows\System\UuptKsN.exe
  C:\Windows\System\UuptKsN.exe
  2⤵
  PID:3680
- C:\Windows\System\qlTcTLC.exe
  C:\Windows\System\qlTcTLC.exe
  2⤵
  PID:3796
- C:\Windows\System\yEGkzZJ.exe
  C:\Windows\System\yEGkzZJ.exe
  2⤵
  PID:3896
- C:\Windows\System\FdkGcnV.exe
  C:\Windows\System\FdkGcnV.exe
  2⤵
  PID:3928
- C:\Windows\System\SmpFLqU.exe
  C:\Windows\System\SmpFLqU.exe
  2⤵
  PID:3976
- C:\Windows\System\YrazoPn.exe
  C:\Windows\System\YrazoPn.exe
  2⤵
  PID:4020
- C:\Windows\System\NuFzncw.exe
  C:\Windows\System\NuFzncw.exe
  2⤵
  PID:3956
- C:\Windows\System\GLmcBbF.exe
  C:\Windows\System\GLmcBbF.exe
  2⤵
  PID:4000
- C:\Windows\System\vQCXALi.exe
  C:\Windows\System\vQCXALi.exe
  2⤵
  PID:4040
- C:\Windows\System\wlyENBX.exe
  C:\Windows\System\wlyENBX.exe
  2⤵
  PID:1540
- C:\Windows\System\NeRNXpC.exe
  C:\Windows\System\NeRNXpC.exe
  2⤵
  PID:1672
- C:\Windows\System\crEdFCA.exe
  C:\Windows\System\crEdFCA.exe
  2⤵
  PID:348
- C:\Windows\System\mZFEXHY.exe
  C:\Windows\System\mZFEXHY.exe
  2⤵
  PID:1548
- C:\Windows\System\YUcNhdT.exe
  C:\Windows\System\YUcNhdT.exe
  2⤵
  PID:1544
- C:\Windows\System\XOMVQJf.exe
  C:\Windows\System\XOMVQJf.exe
  2⤵
  PID:2828
- C:\Windows\System\qAAOOWh.exe
  C:\Windows\System\qAAOOWh.exe
  2⤵
  PID:344
- C:\Windows\System\XPcnXyu.exe
  C:\Windows\System\XPcnXyu.exe
  2⤵
  PID:2448
- C:\Windows\System\IufenOG.exe
  C:\Windows\System\IufenOG.exe
  2⤵
  PID:2896
- C:\Windows\System\ojlKmfg.exe
  C:\Windows\System\ojlKmfg.exe
  2⤵
  PID:2152
- C:\Windows\System\SkrqTfL.exe
  C:\Windows\System\SkrqTfL.exe
  2⤵
  PID:2544
- C:\Windows\System\XKJZPXm.exe
  C:\Windows\System\XKJZPXm.exe
  2⤵
  PID:2872
- C:\Windows\System\wirYBTQ.exe
  C:\Windows\System\wirYBTQ.exe
  2⤵
  PID:2336
- C:\Windows\System\yWDAsOC.exe
  C:\Windows\System\yWDAsOC.exe
  2⤵
  PID:2404
- C:\Windows\System\MlzoNDx.exe
  C:\Windows\System\MlzoNDx.exe
  2⤵
  PID:2992
- C:\Windows\System\KSNCZgv.exe
  C:\Windows\System\KSNCZgv.exe
  2⤵
  PID:3060
- C:\Windows\System\OlxplrZ.exe
  C:\Windows\System\OlxplrZ.exe
  2⤵
  PID:1628
- C:\Windows\System\vyFRaKV.exe
  C:\Windows\System\vyFRaKV.exe
  2⤵
  PID:2188
- C:\Windows\System\CXaSwwE.exe
  C:\Windows\System\CXaSwwE.exe
  2⤵
  PID:2076
- C:\Windows\System\DsvIvLL.exe
  C:\Windows\System\DsvIvLL.exe
  2⤵
  PID:3096
- C:\Windows\System\wyZGOeK.exe
  C:\Windows\System\wyZGOeK.exe
  2⤵
  PID:2388
- C:\Windows\System\nKzNAWF.exe
  C:\Windows\System\nKzNAWF.exe
  2⤵
  PID:2444
- C:\Windows\System\MKArEgC.exe
  C:\Windows\System\MKArEgC.exe
  2⤵
  PID:2536
- C:\Windows\System\GjfUlXb.exe
  C:\Windows\System\GjfUlXb.exe
  2⤵
  PID:1592
- C:\Windows\System\qXvFLsp.exe
  C:\Windows\System\qXvFLsp.exe
  2⤵
  PID:1820
- C:\Windows\System\SWoOdHT.exe
  C:\Windows\System\SWoOdHT.exe
  2⤵
  PID:2564
- C:\Windows\System\qdJmrSN.exe
  C:\Windows\System\qdJmrSN.exe
  2⤵
  PID:2996
- C:\Windows\System\ngyloVY.exe
  C:\Windows\System\ngyloVY.exe
  2⤵
  PID:3184
- C:\Windows\System\eRueMOE.exe
  C:\Windows\System\eRueMOE.exe
  2⤵
  PID:3180
- C:\Windows\System\QwwDMkO.exe
  C:\Windows\System\QwwDMkO.exe
  2⤵
  PID:3284
- C:\Windows\System\PYrebvQ.exe
  C:\Windows\System\PYrebvQ.exe
  2⤵
  PID:3236
- C:\Windows\System\zPzRIqg.exe
  C:\Windows\System\zPzRIqg.exe
  2⤵
  PID:3492
- C:\Windows\System\rioqjOF.exe
  C:\Windows\System\rioqjOF.exe
  2⤵
  PID:1636
- C:\Windows\System\DExdQhB.exe
  C:\Windows\System\DExdQhB.exe
  2⤵
  PID:3156
- C:\Windows\System\bGsyDcV.exe
  C:\Windows\System\bGsyDcV.exe
  2⤵
  PID:3348
- C:\Windows\System\ueJAmvD.exe
  C:\Windows\System\ueJAmvD.exe
  2⤵
  PID:3448
- C:\Windows\System\xELqmCB.exe
  C:\Windows\System\xELqmCB.exe
  2⤵
  PID:3612
- C:\Windows\System\jBPnFzC.exe
  C:\Windows\System\jBPnFzC.exe
  2⤵
  PID:3596
- C:\Windows\System\CNVLSfJ.exe
  C:\Windows\System\CNVLSfJ.exe
  2⤵
  PID:3512
- C:\Windows\System\orqzyqk.exe
  C:\Windows\System\orqzyqk.exe
  2⤵
  PID:3676
- C:\Windows\System\dFxlvCI.exe
  C:\Windows\System\dFxlvCI.exe
  2⤵
  PID:1616
- C:\Windows\System\zuBgBEB.exe
  C:\Windows\System\zuBgBEB.exe
  2⤵
  PID:3720
- C:\Windows\System\ZmJezPN.exe
  C:\Windows\System\ZmJezPN.exe
  2⤵
  PID:3776
- C:\Windows\System\BGoojXh.exe
  C:\Windows\System\BGoojXh.exe
  2⤵
  PID:3760
- C:\Windows\System\BrdZIMo.exe
  C:\Windows\System\BrdZIMo.exe
  2⤵
  PID:3764
- C:\Windows\System\cKBDeCp.exe
  C:\Windows\System\cKBDeCp.exe
  2⤵
  PID:3840
- C:\Windows\System\inVLjCM.exe
  C:\Windows\System\inVLjCM.exe
  2⤵
  PID:3980
- C:\Windows\System\lvzIHgU.exe
  C:\Windows\System\lvzIHgU.exe
  2⤵
  PID:3952
- C:\Windows\System\vRKvMqK.exe
  C:\Windows\System\vRKvMqK.exe
  2⤵
  PID:3912
- C:\Windows\System\EjvDtfo.exe
  C:\Windows\System\EjvDtfo.exe
  2⤵
  PID:4076
- C:\Windows\System\ZdqyLUv.exe
  C:\Windows\System\ZdqyLUv.exe
  2⤵
  PID:616
- C:\Windows\System\oMkgOZA.exe
  C:\Windows\System\oMkgOZA.exe
  2⤵
  PID:2652
- C:\Windows\System\qCNhQUx.exe
  C:\Windows\System\qCNhQUx.exe
  2⤵
  PID:2496
- C:\Windows\System\UrYytiT.exe
  C:\Windows\System\UrYytiT.exe
  2⤵
  PID:1812
- C:\Windows\System\nDVlCYD.exe
  C:\Windows\System\nDVlCYD.exe
  2⤵
  PID:1188
- C:\Windows\System\jBQdzXh.exe
  C:\Windows\System\jBQdzXh.exe
  2⤵
  PID:2024
- C:\Windows\System\abBGcoX.exe
  C:\Windows\System\abBGcoX.exe
  2⤵
  PID:2816
- C:\Windows\System\EDahjEp.exe
  C:\Windows\System\EDahjEp.exe
  2⤵
  PID:2640
- C:\Windows\System\lUkOQBd.exe
  C:\Windows\System\lUkOQBd.exe
  2⤵
  PID:1352
- C:\Windows\System\FRmhzwt.exe
  C:\Windows\System\FRmhzwt.exe
  2⤵
  PID:2776
- C:\Windows\System\XDUNFBR.exe
  C:\Windows\System\XDUNFBR.exe
  2⤵
  PID:2888
- C:\Windows\System\ZWahEJC.exe
  C:\Windows\System\ZWahEJC.exe
  2⤵
  PID:1944
- C:\Windows\System\aCjFgVZ.exe
  C:\Windows\System\aCjFgVZ.exe
  2⤵
  PID:2812
- C:\Windows\System\iqEHOOS.exe
  C:\Windows\System\iqEHOOS.exe
  2⤵
  PID:2144
- C:\Windows\System\DfhZfQz.exe
  C:\Windows\System\DfhZfQz.exe
  2⤵
  PID:1940
- C:\Windows\System\kpmvqZM.exe
  C:\Windows\System\kpmvqZM.exe
  2⤵
  PID:3104
- C:\Windows\System\icfbmMo.exe
  C:\Windows\System\icfbmMo.exe
  2⤵
  PID:3008
- C:\Windows\System\VdqUnRq.exe
  C:\Windows\System\VdqUnRq.exe
  2⤵
  PID:1988
- C:\Windows\System\OkjdKPD.exe
  C:\Windows\System\OkjdKPD.exe
  2⤵
  PID:1792
- C:\Windows\System\NBrhQMc.exe
  C:\Windows\System\NBrhQMc.exe
  2⤵
  PID:2736
- C:\Windows\System\GZUUVsS.exe
  C:\Windows\System\GZUUVsS.exe
  2⤵
  PID:2376
- C:\Windows\System\QKkveEB.exe
  C:\Windows\System\QKkveEB.exe
  2⤵
  PID:1740
- C:\Windows\System\ITzlvzQ.exe
  C:\Windows\System\ITzlvzQ.exe
  2⤵
  PID:3384
- C:\Windows\System\ZBuAjGD.exe
  C:\Windows\System\ZBuAjGD.exe
  2⤵
  PID:3344
- C:\Windows\System\gmyinMx.exe
  C:\Windows\System\gmyinMx.exe
  2⤵
  PID:2116
- C:\Windows\System\RLEAwID.exe
  C:\Windows\System\RLEAwID.exe
  2⤵
  PID:3516
- C:\Windows\System\PKrNJPe.exe
  C:\Windows\System\PKrNJPe.exe
  2⤵
  PID:3624
- C:\Windows\System\gPcFWhL.exe
  C:\Windows\System\gPcFWhL.exe
  2⤵
  PID:316
- C:\Windows\System\UbKhXwS.exe
  C:\Windows\System\UbKhXwS.exe
  2⤵
  PID:3636
- C:\Windows\System\ACfdMTu.exe
  C:\Windows\System\ACfdMTu.exe
  2⤵
  PID:3916
- C:\Windows\System\enMLgvX.exe
  C:\Windows\System\enMLgvX.exe
  2⤵
  PID:1828
- C:\Windows\System\lxwMkzA.exe
  C:\Windows\System\lxwMkzA.exe
  2⤵
  PID:3936
- C:\Windows\System\glsgxIe.exe
  C:\Windows\System\glsgxIe.exe
  2⤵
  PID:1604
- C:\Windows\System\FYQKYDI.exe
  C:\Windows\System\FYQKYDI.exe
  2⤵
  PID:4084
- C:\Windows\System\XocVhdn.exe
  C:\Windows\System\XocVhdn.exe
  2⤵
  PID:3804
- C:\Windows\System\QHEEBka.exe
  C:\Windows\System\QHEEBka.exe
  2⤵
  PID:2176
- C:\Windows\System\sNeIEmj.exe
  C:\Windows\System\sNeIEmj.exe
  2⤵
  PID:2220
- C:\Windows\System\zrnjLEM.exe
  C:\Windows\System\zrnjLEM.exe
  2⤵
  PID:1748
- C:\Windows\System\NCsLTSB.exe
  C:\Windows\System\NCsLTSB.exe
  2⤵
  PID:608
- C:\Windows\System\AekTRoM.exe
  C:\Windows\System\AekTRoM.exe
  2⤵
  PID:1876
- C:\Windows\System\nnrAekU.exe
  C:\Windows\System\nnrAekU.exe
  2⤵
  PID:1972
- C:\Windows\System\OMwmVaL.exe
  C:\Windows\System\OMwmVaL.exe
  2⤵
  PID:3304
- C:\Windows\System\CYDaAAx.exe
  C:\Windows\System\CYDaAAx.exe
  2⤵
  PID:1524
- C:\Windows\System\KcswRDh.exe
  C:\Windows\System\KcswRDh.exe
  2⤵
  PID:2320
- C:\Windows\System\yfahCyE.exe
  C:\Windows\System\yfahCyE.exe
  2⤵
  PID:3264
- C:\Windows\System\NRzycTP.exe
  C:\Windows\System\NRzycTP.exe
  2⤵
  PID:3232
- C:\Windows\System\ritgnof.exe
  C:\Windows\System\ritgnof.exe
  2⤵
  PID:3688
- C:\Windows\System\HdgJlaP.exe
  C:\Windows\System\HdgJlaP.exe
  2⤵
  PID:2948
- C:\Windows\System\IYeoBXW.exe
  C:\Windows\System\IYeoBXW.exe
  2⤵
  PID:2704
- C:\Windows\System\cCwzauS.exe
  C:\Windows\System\cCwzauS.exe
  2⤵
  PID:2680
- C:\Windows\System\iVCmjpS.exe
  C:\Windows\System\iVCmjpS.exe
  2⤵
  PID:3820
- C:\Windows\System\yOrEWmy.exe
  C:\Windows\System\yOrEWmy.exe
  2⤵
  PID:3992
- C:\Windows\System\jtWSHVQ.exe
  C:\Windows\System\jtWSHVQ.exe
  2⤵
  PID:2932
- C:\Windows\System\VjHzJnl.exe
  C:\Windows\System\VjHzJnl.exe
  2⤵
  PID:2884
- C:\Windows\System\QmgvuMu.exe
  C:\Windows\System\QmgvuMu.exe
  2⤵
  PID:1948
- C:\Windows\System\kFeSDRW.exe
  C:\Windows\System\kFeSDRW.exe
  2⤵
  PID:2760
- C:\Windows\System\QDfYyIu.exe
  C:\Windows\System\QDfYyIu.exe
  2⤵
  PID:3704
- C:\Windows\System\TNroWXA.exe
  C:\Windows\System\TNroWXA.exe
  2⤵
  PID:2880
- C:\Windows\System\JbszSku.exe
  C:\Windows\System\JbszSku.exe
  2⤵
  PID:1320
- C:\Windows\System\Ijyewbu.exe
  C:\Windows\System\Ijyewbu.exe
  2⤵
  PID:4108
- C:\Windows\System\FFkKEdh.exe
  C:\Windows\System\FFkKEdh.exe
  2⤵
  PID:4124
- C:\Windows\System\wXLZEYF.exe
  C:\Windows\System\wXLZEYF.exe
  2⤵
  PID:4140
- C:\Windows\System\wVaeMJK.exe
  C:\Windows\System\wVaeMJK.exe
  2⤵
  PID:4156
- C:\Windows\System\oBMYNFC.exe
  C:\Windows\System\oBMYNFC.exe
  2⤵
  PID:4172
- C:\Windows\System\XxEXFOh.exe
  C:\Windows\System\XxEXFOh.exe
  2⤵
  PID:4188
- C:\Windows\System\wtAOWRl.exe
  C:\Windows\System\wtAOWRl.exe
  2⤵
  PID:4204
- C:\Windows\System\NNbcYCj.exe
  C:\Windows\System\NNbcYCj.exe
  2⤵
  PID:4220
- C:\Windows\System\eeKDYHH.exe
  C:\Windows\System\eeKDYHH.exe
  2⤵
  PID:4236
- C:\Windows\System\nNnHoJW.exe
  C:\Windows\System\nNnHoJW.exe
  2⤵
  PID:4252
- C:\Windows\System\EKjkVmz.exe
  C:\Windows\System\EKjkVmz.exe
  2⤵
  PID:4268
- C:\Windows\System\faoDjQU.exe
  C:\Windows\System\faoDjQU.exe
  2⤵
  PID:4284
- C:\Windows\System\aMOiXTr.exe
  C:\Windows\System\aMOiXTr.exe
  2⤵
  PID:4300
- C:\Windows\System\weLKtbC.exe
  C:\Windows\System\weLKtbC.exe
  2⤵
  PID:4316
- C:\Windows\System\gnszGhq.exe
  C:\Windows\System\gnszGhq.exe
  2⤵
  PID:4332
- C:\Windows\System\otzbwct.exe
  C:\Windows\System\otzbwct.exe
  2⤵
  PID:4348
- C:\Windows\System\FOlRRyt.exe
  C:\Windows\System\FOlRRyt.exe
  2⤵
  PID:4364
- C:\Windows\System\zZdTfhx.exe
  C:\Windows\System\zZdTfhx.exe
  2⤵
  PID:4380
- C:\Windows\System\xjGpxDo.exe
  C:\Windows\System\xjGpxDo.exe
  2⤵
  PID:4396
- C:\Windows\System\TJfTVhk.exe
  C:\Windows\System\TJfTVhk.exe
  2⤵
  PID:4412
- C:\Windows\System\VBDMqCF.exe
  C:\Windows\System\VBDMqCF.exe
  2⤵
  PID:4428
- C:\Windows\System\nDOBVey.exe
  C:\Windows\System\nDOBVey.exe
  2⤵
  PID:4444
- C:\Windows\System\mlgxSFp.exe
  C:\Windows\System\mlgxSFp.exe
  2⤵
  PID:4460
- C:\Windows\System\fPLpjBN.exe
  C:\Windows\System\fPLpjBN.exe
  2⤵
  PID:4476
- C:\Windows\System\xUwCSam.exe
  C:\Windows\System\xUwCSam.exe
  2⤵
  PID:4492
- C:\Windows\System\YjWYHmn.exe
  C:\Windows\System\YjWYHmn.exe
  2⤵
  PID:4508
- C:\Windows\System\UTRPdkj.exe
  C:\Windows\System\UTRPdkj.exe
  2⤵
  PID:4524
- C:\Windows\System\lqFmZie.exe
  C:\Windows\System\lqFmZie.exe
  2⤵
  PID:4540
- C:\Windows\System\CecqBFF.exe
  C:\Windows\System\CecqBFF.exe
  2⤵
  PID:4556
- C:\Windows\System\pKulJqV.exe
  C:\Windows\System\pKulJqV.exe
  2⤵
  PID:4572
- C:\Windows\System\gkERxPM.exe
  C:\Windows\System\gkERxPM.exe
  2⤵
  PID:4588
- C:\Windows\System\odwVGrv.exe
  C:\Windows\System\odwVGrv.exe
  2⤵
  PID:4604
- C:\Windows\System\jsoLofN.exe
  C:\Windows\System\jsoLofN.exe
  2⤵
  PID:4620
- C:\Windows\System\yJHrAEM.exe
  C:\Windows\System\yJHrAEM.exe
  2⤵
  PID:4636
- C:\Windows\System\hZdULCC.exe
  C:\Windows\System\hZdULCC.exe
  2⤵
  PID:4652
- C:\Windows\System\DpBHFJx.exe
  C:\Windows\System\DpBHFJx.exe
  2⤵
  PID:4668
- C:\Windows\System\rKkTepZ.exe
  C:\Windows\System\rKkTepZ.exe
  2⤵
  PID:4684
- C:\Windows\System\myaMvwZ.exe
  C:\Windows\System\myaMvwZ.exe
  2⤵
  PID:4700
- C:\Windows\System\cifaANJ.exe
  C:\Windows\System\cifaANJ.exe
  2⤵
  PID:4716
- C:\Windows\System\JRyrGaO.exe
  C:\Windows\System\JRyrGaO.exe
  2⤵
  PID:4732
- C:\Windows\System\DYTBuxM.exe
  C:\Windows\System\DYTBuxM.exe
  2⤵
  PID:4748
- C:\Windows\System\YiWvodE.exe
  C:\Windows\System\YiWvodE.exe
  2⤵
  PID:4764
- C:\Windows\System\gGeGhVL.exe
  C:\Windows\System\gGeGhVL.exe
  2⤵
  PID:4780
- C:\Windows\System\BNyKSUG.exe
  C:\Windows\System\BNyKSUG.exe
  2⤵
  PID:4796
- C:\Windows\System\NIxsmVr.exe
  C:\Windows\System\NIxsmVr.exe
  2⤵
  PID:4812
- C:\Windows\System\EclBeDI.exe
  C:\Windows\System\EclBeDI.exe
  2⤵
  PID:4828
- C:\Windows\System\eirsqLi.exe
  C:\Windows\System\eirsqLi.exe
  2⤵
  PID:4844
- C:\Windows\System\NhEaFHQ.exe
  C:\Windows\System\NhEaFHQ.exe
  2⤵
  PID:4860
- C:\Windows\System\RsKHRRX.exe
  C:\Windows\System\RsKHRRX.exe
  2⤵
  PID:4876
- C:\Windows\System\RPAeTMR.exe
  C:\Windows\System\RPAeTMR.exe
  2⤵
  PID:4892
- C:\Windows\System\FsXOWvQ.exe
  C:\Windows\System\FsXOWvQ.exe
  2⤵
  PID:4908
- C:\Windows\System\fTnDKpp.exe
  C:\Windows\System\fTnDKpp.exe
  2⤵
  PID:4924
- C:\Windows\System\KZsogDa.exe
  C:\Windows\System\KZsogDa.exe
  2⤵
  PID:4940
- C:\Windows\System\plJWhkJ.exe
  C:\Windows\System\plJWhkJ.exe
  2⤵
  PID:4956
- C:\Windows\System\rXKrATM.exe
  C:\Windows\System\rXKrATM.exe
  2⤵
  PID:4972
- C:\Windows\System\nWuSduB.exe
  C:\Windows\System\nWuSduB.exe
  2⤵
  PID:4988
- C:\Windows\System\CQOzDTO.exe
  C:\Windows\System\CQOzDTO.exe
  2⤵
  PID:5004
- C:\Windows\System\dldeOGD.exe
  C:\Windows\System\dldeOGD.exe
  2⤵
  PID:5020
- C:\Windows\System\RNnHpMw.exe
  C:\Windows\System\RNnHpMw.exe
  2⤵
  PID:5036
- C:\Windows\System\ERdzotc.exe
  C:\Windows\System\ERdzotc.exe
  2⤵
  PID:5052
- C:\Windows\System\LDvYGzM.exe
  C:\Windows\System\LDvYGzM.exe
  2⤵
  PID:5068
- C:\Windows\System\ivoKXKt.exe
  C:\Windows\System\ivoKXKt.exe
  2⤵
  PID:5084
- C:\Windows\System\uAZixqn.exe
  C:\Windows\System\uAZixqn.exe
  2⤵
  PID:5100
- C:\Windows\System\EkzZdAF.exe
  C:\Windows\System\EkzZdAF.exe
  2⤵
  PID:5116
- C:\Windows\System\FYAjZSw.exe
  C:\Windows\System\FYAjZSw.exe
  2⤵
  PID:1528
- C:\Windows\System\JHEYRuf.exe
  C:\Windows\System\JHEYRuf.exe
  2⤵
  PID:2392
- C:\Windows\System\edLiKfx.exe
  C:\Windows\System\edLiKfx.exe
  2⤵
  PID:4164
- C:\Windows\System\uGEvryH.exe
  C:\Windows\System\uGEvryH.exe
  2⤵
  PID:4132
- C:\Windows\System\LSSpSUG.exe
  C:\Windows\System\LSSpSUG.exe
  2⤵
  PID:3552
- C:\Windows\System\tDmoYQC.exe
  C:\Windows\System\tDmoYQC.exe
  2⤵
  PID:4148
- C:\Windows\System\JXiANBL.exe
  C:\Windows\System\JXiANBL.exe
  2⤵
  PID:4232
- C:\Windows\System\ObimJkk.exe
  C:\Windows\System\ObimJkk.exe
  2⤵
  PID:4296
- C:\Windows\System\RymBqXf.exe
  C:\Windows\System\RymBqXf.exe
  2⤵
  PID:4324
- C:\Windows\System\EvYWJYx.exe
  C:\Windows\System\EvYWJYx.exe
  2⤵
  PID:4388
- C:\Windows\System\wiDTcac.exe
  C:\Windows\System\wiDTcac.exe
  2⤵
  PID:4452
- C:\Windows\System\WeOBqOp.exe
  C:\Windows\System\WeOBqOp.exe
  2⤵
  PID:4484
- C:\Windows\System\vsHGBPP.exe
  C:\Windows\System\vsHGBPP.exe
  2⤵
  PID:4548
- C:\Windows\System\aajxMWS.exe
  C:\Windows\System\aajxMWS.exe
  2⤵
  PID:4408
- C:\Windows\System\FzlCMkL.exe
  C:\Windows\System\FzlCMkL.exe
  2⤵
  PID:4648
- C:\Windows\System\NdSVLHL.exe
  C:\Windows\System\NdSVLHL.exe
  2⤵
  PID:4500
- C:\Windows\System\XPTWQdk.exe
  C:\Windows\System\XPTWQdk.exe
  2⤵
  PID:4248
- C:\Windows\System\FhCOkbu.exe
  C:\Windows\System\FhCOkbu.exe
  2⤵
  PID:4312
- C:\Windows\System\IuZkxow.exe
  C:\Windows\System\IuZkxow.exe
  2⤵
  PID:4376
- C:\Windows\System\MkCLSts.exe
  C:\Windows\System\MkCLSts.exe
  2⤵
  PID:4472
- C:\Windows\System\qZJwDgn.exe
  C:\Windows\System\qZJwDgn.exe
  2⤵
  PID:4776
- C:\Windows\System\ERJqVtW.exe
  C:\Windows\System\ERJqVtW.exe
  2⤵
  PID:4568
- C:\Windows\System\zSppYkb.exe
  C:\Windows\System\zSppYkb.exe
  2⤵
  PID:4632
- C:\Windows\System\vBHYuAp.exe
  C:\Windows\System\vBHYuAp.exe
  2⤵
  PID:4696
- C:\Windows\System\VgciwOM.exe
  C:\Windows\System\VgciwOM.exe
  2⤵
  PID:4836
- C:\Windows\System\GGTpUxt.exe
  C:\Windows\System\GGTpUxt.exe
  2⤵
  PID:4872
- C:\Windows\System\bmxregP.exe
  C:\Windows\System\bmxregP.exe
  2⤵
  PID:4824
- C:\Windows\System\YoVoScU.exe
  C:\Windows\System\YoVoScU.exe
  2⤵
  PID:4856
- C:\Windows\System\FNJwchU.exe
  C:\Windows\System\FNJwchU.exe
  2⤵
  PID:4788
- C:\Windows\System\AFONAoX.exe
  C:\Windows\System\AFONAoX.exe
  2⤵
  PID:4888
- C:\Windows\System\LOCIlux.exe
  C:\Windows\System\LOCIlux.exe
  2⤵
  PID:4948
- C:\Windows\System\wOxEAHd.exe
  C:\Windows\System\wOxEAHd.exe
  2⤵
  PID:5032
- C:\Windows\System\DSSrsor.exe
  C:\Windows\System\DSSrsor.exe
  2⤵
  PID:5096
- C:\Windows\System\gUfvgqO.exe
  C:\Windows\System\gUfvgqO.exe
  2⤵
  PID:4136
- C:\Windows\System\hjQaXnp.exe
  C:\Windows\System\hjQaXnp.exe
  2⤵
  PID:5012
- C:\Windows\System\acoMSiL.exe
  C:\Windows\System\acoMSiL.exe
  2⤵
  PID:4196
- C:\Windows\System\fWHqSAY.exe
  C:\Windows\System\fWHqSAY.exe
  2⤵
  PID:4184
- C:\Windows\System\DNMBOtf.exe
  C:\Windows\System\DNMBOtf.exe
  2⤵
  PID:4420
- C:\Windows\System\fUxgHBW.exe
  C:\Windows\System\fUxgHBW.exe
  2⤵
  PID:4616
- C:\Windows\System\KENJgng.exe
  C:\Windows\System\KENJgng.exe
  2⤵
  PID:4292
- C:\Windows\System\PWkgNAC.exe
  C:\Windows\System\PWkgNAC.exe
  2⤵
  PID:4200
- C:\Windows\System\iuMwPop.exe
  C:\Windows\System\iuMwPop.exe
  2⤵
  PID:4456
- C:\Windows\System\YDiZtXZ.exe
  C:\Windows\System\YDiZtXZ.exe
  2⤵
  PID:4372
- C:\Windows\System\aBjPYrH.exe
  C:\Windows\System\aBjPYrH.exe
  2⤵
  PID:4628
- C:\Windows\System\VFlIlPo.exe
  C:\Windows\System\VFlIlPo.exe
  2⤵
  PID:4680
- C:\Windows\System\XXyCfOv.exe
  C:\Windows\System\XXyCfOv.exe
  2⤵
  PID:4440
- C:\Windows\System\YEVYVxV.exe
  C:\Windows\System\YEVYVxV.exe
  2⤵
  PID:4664
- C:\Windows\System\LNJFLrt.exe
  C:\Windows\System\LNJFLrt.exe
  2⤵
  PID:4760
- C:\Windows\System\pVDXEFm.exe
  C:\Windows\System\pVDXEFm.exe
  2⤵
  PID:4968
- C:\Windows\System\mvossnh.exe
  C:\Windows\System\mvossnh.exe
  2⤵
  PID:4952
- C:\Windows\System\lzIiNdE.exe
  C:\Windows\System\lzIiNdE.exe
  2⤵
  PID:5028
- C:\Windows\System\lYkYotn.exe
  C:\Windows\System\lYkYotn.exe
  2⤵
  PID:3784
- C:\Windows\System\tQbSolM.exe
  C:\Windows\System\tQbSolM.exe
  2⤵
  PID:4516
- C:\Windows\System\oIcPtZy.exe
  C:\Windows\System\oIcPtZy.exe
  2⤵
  PID:4584
- C:\Windows\System\zAOxOkm.exe
  C:\Windows\System\zAOxOkm.exe
  2⤵
  PID:4424
- C:\Windows\System\rNWJUva.exe
  C:\Windows\System\rNWJUva.exe
  2⤵
  PID:4216
- C:\Windows\System\ryafCDS.exe
  C:\Windows\System\ryafCDS.exe
  2⤵
  PID:4820
- C:\Windows\System\cWHkRxD.exe
  C:\Windows\System\cWHkRxD.exe
  2⤵
  PID:5064
- C:\Windows\System\vaojOSo.exe
  C:\Windows\System\vaojOSo.exe
  2⤵
  PID:4520
- C:\Windows\System\tsQgVoW.exe
  C:\Windows\System\tsQgVoW.exe
  2⤵
  PID:4808
- C:\Windows\System\GwdZJtp.exe
  C:\Windows\System\GwdZJtp.exe
  2⤵
  PID:5092
- C:\Windows\System\wVCPwsX.exe
  C:\Windows\System\wVCPwsX.exe
  2⤵
  PID:5136
- C:\Windows\System\XgkdijT.exe
  C:\Windows\System\XgkdijT.exe
  2⤵
  PID:5152
- C:\Windows\System\KlOmGZn.exe
  C:\Windows\System\KlOmGZn.exe
  2⤵
  PID:5168
- C:\Windows\System\EihCVEq.exe
  C:\Windows\System\EihCVEq.exe
  2⤵
  PID:5184
- C:\Windows\System\mnjnwps.exe
  C:\Windows\System\mnjnwps.exe
  2⤵
  PID:5200
- C:\Windows\System\sCQyFIb.exe
  C:\Windows\System\sCQyFIb.exe
  2⤵
  PID:5216
- C:\Windows\System\BEkJluX.exe
  C:\Windows\System\BEkJluX.exe
  2⤵
  PID:5232
- C:\Windows\System\JxYGwDI.exe
  C:\Windows\System\JxYGwDI.exe
  2⤵
  PID:5248
- C:\Windows\System\NMogzfh.exe
  C:\Windows\System\NMogzfh.exe
  2⤵
  PID:5264
- C:\Windows\System\XxnRcLw.exe
  C:\Windows\System\XxnRcLw.exe
  2⤵
  PID:5280
- C:\Windows\System\HYJkfsH.exe
  C:\Windows\System\HYJkfsH.exe
  2⤵
  PID:5296
- C:\Windows\System\RWYkbNr.exe
  C:\Windows\System\RWYkbNr.exe
  2⤵
  PID:5312
- C:\Windows\System\zTrolxZ.exe
  C:\Windows\System\zTrolxZ.exe
  2⤵
  PID:5328
- C:\Windows\System\MNrJJqW.exe
  C:\Windows\System\MNrJJqW.exe
  2⤵
  PID:5344
- C:\Windows\System\JKFocLW.exe
  C:\Windows\System\JKFocLW.exe
  2⤵
  PID:5360
- C:\Windows\System\KSrGcTV.exe
  C:\Windows\System\KSrGcTV.exe
  2⤵
  PID:5376
- C:\Windows\System\jZPooWg.exe
  C:\Windows\System\jZPooWg.exe
  2⤵
  PID:5392
- C:\Windows\System\LzALZOI.exe
  C:\Windows\System\LzALZOI.exe
  2⤵
  PID:5408
- C:\Windows\System\JghKQjD.exe
  C:\Windows\System\JghKQjD.exe
  2⤵
  PID:5424
- C:\Windows\System\lkiNnyf.exe
  C:\Windows\System\lkiNnyf.exe
  2⤵
  PID:5440
- C:\Windows\System\wddAooH.exe
  C:\Windows\System\wddAooH.exe
  2⤵
  PID:5456
- C:\Windows\System\RnLGmGv.exe
  C:\Windows\System\RnLGmGv.exe
  2⤵
  PID:5472
- C:\Windows\System\SQEReMo.exe
  C:\Windows\System\SQEReMo.exe
  2⤵
  PID:5488
- C:\Windows\System\WuftiGo.exe
  C:\Windows\System\WuftiGo.exe
  2⤵
  PID:5504
- C:\Windows\System\rJMLiYV.exe
  C:\Windows\System\rJMLiYV.exe
  2⤵
  PID:5520
- C:\Windows\System\GkcZuKV.exe
  C:\Windows\System\GkcZuKV.exe
  2⤵
  PID:5536
- C:\Windows\System\zRTrdDv.exe
  C:\Windows\System\zRTrdDv.exe
  2⤵
  PID:5552
- C:\Windows\System\HFNuRVK.exe
  C:\Windows\System\HFNuRVK.exe
  2⤵
  PID:5568
- C:\Windows\System\aZBoQoW.exe
  C:\Windows\System\aZBoQoW.exe
  2⤵
  PID:5584
- C:\Windows\System\OcCeHQh.exe
  C:\Windows\System\OcCeHQh.exe
  2⤵
  PID:5600
- C:\Windows\System\oAjIrxC.exe
  C:\Windows\System\oAjIrxC.exe
  2⤵
  PID:5616
- C:\Windows\System\sPLphKK.exe
  C:\Windows\System\sPLphKK.exe
  2⤵
  PID:5632
- C:\Windows\System\XaeDYzI.exe
  C:\Windows\System\XaeDYzI.exe
  2⤵
  PID:5648
- C:\Windows\System\RwOQMOX.exe
  C:\Windows\System\RwOQMOX.exe
  2⤵
  PID:5664
- C:\Windows\System\QCiXXRG.exe
  C:\Windows\System\QCiXXRG.exe
  2⤵
  PID:5680
- C:\Windows\System\UBCYrDx.exe
  C:\Windows\System\UBCYrDx.exe
  2⤵
  PID:5696
- C:\Windows\System\skwBrzP.exe
  C:\Windows\System\skwBrzP.exe
  2⤵
  PID:5712
- C:\Windows\System\EnmIdTW.exe
  C:\Windows\System\EnmIdTW.exe
  2⤵
  PID:5728
- C:\Windows\System\VMVrRBq.exe
  C:\Windows\System\VMVrRBq.exe
  2⤵
  PID:5744
- C:\Windows\System\DNfwuQh.exe
  C:\Windows\System\DNfwuQh.exe
  2⤵
  PID:5760
- C:\Windows\System\ffmFHLD.exe
  C:\Windows\System\ffmFHLD.exe
  2⤵
  PID:5776
- C:\Windows\System\oDgnhtc.exe
  C:\Windows\System\oDgnhtc.exe
  2⤵
  PID:5792
- C:\Windows\System\WGYvfIM.exe
  C:\Windows\System\WGYvfIM.exe
  2⤵
  PID:5808
- C:\Windows\System\kFrQoGZ.exe
  C:\Windows\System\kFrQoGZ.exe
  2⤵
  PID:5824
- C:\Windows\System\JcUWcxX.exe
  C:\Windows\System\JcUWcxX.exe
  2⤵
  PID:5840
- C:\Windows\System\MLmnCqg.exe
  C:\Windows\System\MLmnCqg.exe
  2⤵
  PID:5856
- C:\Windows\System\gSpBFSs.exe
  C:\Windows\System\gSpBFSs.exe
  2⤵
  PID:5872
- C:\Windows\System\FNhYgOE.exe
  C:\Windows\System\FNhYgOE.exe
  2⤵
  PID:5888
- C:\Windows\System\aeIzdOA.exe
  C:\Windows\System\aeIzdOA.exe
  2⤵
  PID:5904
- C:\Windows\System\uOByoXo.exe
  C:\Windows\System\uOByoXo.exe
  2⤵
  PID:5920
- C:\Windows\System\tzqwKUc.exe
  C:\Windows\System\tzqwKUc.exe
  2⤵
  PID:5936
- C:\Windows\System\XDFdiIZ.exe
  C:\Windows\System\XDFdiIZ.exe
  2⤵
  PID:5952
- C:\Windows\System\sUetIiG.exe
  C:\Windows\System\sUetIiG.exe
  2⤵
  PID:5968
- C:\Windows\System\MUoSFXJ.exe
  C:\Windows\System\MUoSFXJ.exe
  2⤵
  PID:5984
- C:\Windows\System\QmumaDu.exe
  C:\Windows\System\QmumaDu.exe
  2⤵
  PID:6004
- C:\Windows\System\KdjIVYz.exe
  C:\Windows\System\KdjIVYz.exe
  2⤵
  PID:6020
- C:\Windows\System\jJsYfzy.exe
  C:\Windows\System\jJsYfzy.exe
  2⤵
  PID:6036
- C:\Windows\System\oSIJLDV.exe
  C:\Windows\System\oSIJLDV.exe
  2⤵
  PID:6052
- C:\Windows\System\SaqztpR.exe
  C:\Windows\System\SaqztpR.exe
  2⤵
  PID:6068
- C:\Windows\System\BlVJQZa.exe
  C:\Windows\System\BlVJQZa.exe
  2⤵
  PID:6084
- C:\Windows\System\sQuMKqm.exe
  C:\Windows\System\sQuMKqm.exe
  2⤵
  PID:6100
- C:\Windows\System\lqtulxr.exe
  C:\Windows\System\lqtulxr.exe
  2⤵
  PID:6116
- C:\Windows\System\XsOTlKs.exe
  C:\Windows\System\XsOTlKs.exe
  2⤵
  PID:6132
- C:\Windows\System\AfWaugo.exe
  C:\Windows\System\AfWaugo.exe
  2⤵
  PID:4728
- C:\Windows\System\YWwXHvq.exe
  C:\Windows\System\YWwXHvq.exe
  2⤵
  PID:4308
- C:\Windows\System\IBZSOrO.exe
  C:\Windows\System\IBZSOrO.exe
  2⤵
  PID:4644
- C:\Windows\System\rYxjPSe.exe
  C:\Windows\System\rYxjPSe.exe
  2⤵
  PID:4564
- C:\Windows\System\rZEmMMo.exe
  C:\Windows\System\rZEmMMo.exe
  2⤵
  PID:5128
- C:\Windows\System\YzrfHTi.exe
  C:\Windows\System\YzrfHTi.exe
  2⤵
  PID:5196
- C:\Windows\System\AmsWhhj.exe
  C:\Windows\System\AmsWhhj.exe
  2⤵
  PID:5148
- C:\Windows\System\JyicqRH.exe
  C:\Windows\System\JyicqRH.exe
  2⤵
  PID:5212
- C:\Windows\System\WnxSYjk.exe
  C:\Windows\System\WnxSYjk.exe
  2⤵
  PID:5272
- C:\Windows\System\FHmMkrC.exe
  C:\Windows\System\FHmMkrC.exe
  2⤵
  PID:5336
- C:\Windows\System\fARHhXm.exe
  C:\Windows\System\fARHhXm.exe
  2⤵
  PID:5400
- C:\Windows\System\vHkeHcL.exe
  C:\Windows\System\vHkeHcL.exe
  2⤵
  PID:2528
- C:\Windows\System\zrwtryj.exe
  C:\Windows\System\zrwtryj.exe
  2⤵
  PID:5500
- C:\Windows\System\CKFzFOg.exe
  C:\Windows\System\CKFzFOg.exe
  2⤵
  PID:5564
- C:\Windows\System\ParbSTC.exe
  C:\Windows\System\ParbSTC.exe
  2⤵
  PID:5288
- C:\Windows\System\tTfxlTL.exe
  C:\Windows\System\tTfxlTL.exe
  2⤵
  PID:5324
- C:\Windows\System\BzkCgwx.exe
  C:\Windows\System\BzkCgwx.exe
  2⤵
  PID:3256
- C:\Windows\System\zuLPUio.exe
  C:\Windows\System\zuLPUio.exe
  2⤵
  PID:5452
- C:\Windows\System\iYFJpvJ.exe
  C:\Windows\System\iYFJpvJ.exe
  2⤵
  PID:5516
- C:\Windows\System\rWYzeEF.exe
  C:\Windows\System\rWYzeEF.exe
  2⤵
  PID:5580
- C:\Windows\System\tSgeVWG.exe
  C:\Windows\System\tSgeVWG.exe
  2⤵
  PID:5624
- C:\Windows\System\haLHMcH.exe
  C:\Windows\System\haLHMcH.exe
  2⤵
  PID:5688
- C:\Windows\System\toiwUML.exe
  C:\Windows\System\toiwUML.exe
  2⤵
  PID:5672
- C:\Windows\System\acooBZh.exe
  C:\Windows\System\acooBZh.exe
  2⤵
  PID:5724
- C:\Windows\System\VHNVxpD.exe
  C:\Windows\System\VHNVxpD.exe
  2⤵
  PID:5788
- C:\Windows\System\CMzUEIZ.exe
  C:\Windows\System\CMzUEIZ.exe
  2⤵
  PID:5852
- C:\Windows\System\ympsqWg.exe
  C:\Windows\System\ympsqWg.exe
  2⤵
  PID:5740
- C:\Windows\System\NAvSaDH.exe
  C:\Windows\System\NAvSaDH.exe
  2⤵
  PID:5912
- C:\Windows\System\ZmlRhvp.exe
  C:\Windows\System\ZmlRhvp.exe
  2⤵
  PID:5976
- C:\Windows\System\btGMfVU.exe
  C:\Windows\System\btGMfVU.exe
  2⤵
  PID:5836
- C:\Windows\System\zJrVWVd.exe
  C:\Windows\System\zJrVWVd.exe
  2⤵
  PID:5900
- C:\Windows\System\okEyPIA.exe
  C:\Windows\System\okEyPIA.exe
  2⤵
  PID:5964
- C:\Windows\System\tYUVyzy.exe
  C:\Windows\System\tYUVyzy.exe
  2⤵
  PID:6044
- C:\Windows\System\uXWWVmO.exe
  C:\Windows\System\uXWWVmO.exe
  2⤵
  PID:6108
- C:\Windows\System\rDZGWmE.exe
  C:\Windows\System\rDZGWmE.exe
  2⤵
  PID:2700
- C:\Windows\System\zsgefWt.exe
  C:\Windows\System\zsgefWt.exe
  2⤵
  PID:6032
- C:\Windows\System\CYMPipL.exe
  C:\Windows\System\CYMPipL.exe
  2⤵
  PID:6096
- C:\Windows\System\wgkNVeF.exe
  C:\Windows\System\wgkNVeF.exe
  2⤵
  PID:2216
- C:\Windows\System\uilycxt.exe
  C:\Windows\System\uilycxt.exe
  2⤵
  PID:5192
- C:\Windows\System\WRMcETY.exe
  C:\Windows\System\WRMcETY.exe
  2⤵
  PID:5228
- C:\Windows\System\SKnaIEV.exe
  C:\Windows\System\SKnaIEV.exe
  2⤵
  PID:5368
- C:\Windows\System\jwUpcFx.exe
  C:\Windows\System\jwUpcFx.exe
  2⤵
  PID:5496
- C:\Windows\System\GGiEivi.exe
  C:\Windows\System\GGiEivi.exe
  2⤵
  PID:5308
- C:\Windows\System\xjnBruy.exe
  C:\Windows\System\xjnBruy.exe
  2⤵
  PID:5560
- C:\Windows\System\KdkKlyb.exe
  C:\Windows\System\KdkKlyb.exe
  2⤵
  PID:5384
- C:\Windows\System\SqCyBkY.exe
  C:\Windows\System\SqCyBkY.exe
  2⤵
  PID:5640
- C:\Windows\System\CBRRcxS.exe
  C:\Windows\System\CBRRcxS.exe
  2⤵
  PID:5784
- C:\Windows\System\vvWdGfC.exe
  C:\Windows\System\vvWdGfC.exe
  2⤵
  PID:5420
- C:\Windows\System\jLewRWx.exe
  C:\Windows\System\jLewRWx.exe
  2⤵
  PID:5704
- C:\Windows\System\AWigtej.exe
  C:\Windows\System\AWigtej.exe
  2⤵
  PID:5772
- C:\Windows\System\BtLJCLD.exe
  C:\Windows\System\BtLJCLD.exe
  2⤵
  PID:5948
- C:\Windows\System\lQcPDle.exe
  C:\Windows\System\lQcPDle.exe
  2⤵
  PID:6012
- C:\Windows\System\xtCwbpY.exe
  C:\Windows\System\xtCwbpY.exe
  2⤵
  PID:5932
- C:\Windows\System\XhiuTbf.exe
  C:\Windows\System\XhiuTbf.exe
  2⤵
  PID:5996
- C:\Windows\System\ifxqWdt.exe
  C:\Windows\System\ifxqWdt.exe
  2⤵
  PID:6140
- C:\Windows\System\ohzyjbM.exe
  C:\Windows\System\ohzyjbM.exe
  2⤵
  PID:4244
- C:\Windows\System\PFzCDjF.exe
  C:\Windows\System\PFzCDjF.exe
  2⤵
  PID:5596
- C:\Windows\System\RynZGxT.exe
  C:\Windows\System\RynZGxT.exe
  2⤵
  PID:5644
- C:\Windows\System\PYsSjMD.exe
  C:\Windows\System\PYsSjMD.exe
  2⤵
  PID:5800
- C:\Windows\System\YyWyaXa.exe
  C:\Windows\System\YyWyaXa.exe
  2⤵
  PID:5656
- C:\Windows\System\INyceqC.exe
  C:\Windows\System\INyceqC.exe
  2⤵
  PID:5436
- C:\Windows\System\yqEpbza.exe
  C:\Windows\System\yqEpbza.exe
  2⤵
  PID:5416
- C:\Windows\System\XIFYslF.exe
  C:\Windows\System\XIFYslF.exe
  2⤵
  PID:6152
- C:\Windows\System\TExTcnq.exe
  C:\Windows\System\TExTcnq.exe
  2⤵
  PID:6168
- C:\Windows\System\aNAfAEV.exe
  C:\Windows\System\aNAfAEV.exe
  2⤵
  PID:6184
- C:\Windows\System\QNKgmTA.exe
  C:\Windows\System\QNKgmTA.exe
  2⤵
  PID:6200
- C:\Windows\System\fulheKp.exe
  C:\Windows\System\fulheKp.exe
  2⤵
  PID:6216
- C:\Windows\System\HSBAWtQ.exe
  C:\Windows\System\HSBAWtQ.exe
  2⤵
  PID:6232
- C:\Windows\System\AleYuTS.exe
  C:\Windows\System\AleYuTS.exe
  2⤵
  PID:6248
- C:\Windows\System\IbWpNUk.exe
  C:\Windows\System\IbWpNUk.exe
  2⤵
  PID:6264
- C:\Windows\System\oYJNGvl.exe
  C:\Windows\System\oYJNGvl.exe
  2⤵
  PID:6280
- C:\Windows\System\eAnyHuU.exe
  C:\Windows\System\eAnyHuU.exe
  2⤵
  PID:6296
- C:\Windows\System\afrlQbb.exe
  C:\Windows\System\afrlQbb.exe
  2⤵
  PID:6312
- C:\Windows\System\sFlrCgF.exe
  C:\Windows\System\sFlrCgF.exe
  2⤵
  PID:6328
- C:\Windows\System\nMSaCLD.exe
  C:\Windows\System\nMSaCLD.exe
  2⤵
  PID:6344
- C:\Windows\System\KFDvYsy.exe
  C:\Windows\System\KFDvYsy.exe
  2⤵
  PID:6360
- C:\Windows\System\BJWUiyQ.exe
  C:\Windows\System\BJWUiyQ.exe
  2⤵
  PID:6376
- C:\Windows\System\zXIwbtA.exe
  C:\Windows\System\zXIwbtA.exe
  2⤵
  PID:6392
- C:\Windows\System\pCOpdRF.exe
  C:\Windows\System\pCOpdRF.exe
  2⤵
  PID:6408
- C:\Windows\System\PRvohKo.exe
  C:\Windows\System\PRvohKo.exe
  2⤵
  PID:6424
- C:\Windows\System\vnMqCSg.exe
  C:\Windows\System\vnMqCSg.exe
  2⤵
  PID:6440
- C:\Windows\System\feXdqDe.exe
  C:\Windows\System\feXdqDe.exe
  2⤵
  PID:6456
- C:\Windows\System\qKMFdaT.exe
  C:\Windows\System\qKMFdaT.exe
  2⤵
  PID:6472
- C:\Windows\System\VCkjtNV.exe
  C:\Windows\System\VCkjtNV.exe
  2⤵
  PID:6488
- C:\Windows\System\KZwcOhp.exe
  C:\Windows\System\KZwcOhp.exe
  2⤵
  PID:6504
- C:\Windows\System\KESjybk.exe
  C:\Windows\System\KESjybk.exe
  2⤵
  PID:6520
- C:\Windows\System\dHlRMXy.exe
  C:\Windows\System\dHlRMXy.exe
  2⤵
  PID:6536
- C:\Windows\System\apCozhN.exe
  C:\Windows\System\apCozhN.exe
  2⤵
  PID:6552
- C:\Windows\System\TiHEqlw.exe
  C:\Windows\System\TiHEqlw.exe
  2⤵
  PID:6568
- C:\Windows\System\bCrpbJc.exe
  C:\Windows\System\bCrpbJc.exe
  2⤵
  PID:6584
- C:\Windows\System\XZgMGxT.exe
  C:\Windows\System\XZgMGxT.exe
  2⤵
  PID:6600
- C:\Windows\System\vxTsAgW.exe
  C:\Windows\System\vxTsAgW.exe
  2⤵
  PID:6620
- C:\Windows\System\lgHlgfv.exe
  C:\Windows\System\lgHlgfv.exe
  2⤵
  PID:6636
- C:\Windows\System\ZixXZQF.exe
  C:\Windows\System\ZixXZQF.exe
  2⤵
  PID:6652
- C:\Windows\System\MpYsqHr.exe
  C:\Windows\System\MpYsqHr.exe
  2⤵
  PID:6668
- C:\Windows\System\eZuVuPy.exe
  C:\Windows\System\eZuVuPy.exe
  2⤵
  PID:6684
- C:\Windows\System\qzWyNBc.exe
  C:\Windows\System\qzWyNBc.exe
  2⤵
  PID:6700
- C:\Windows\System\ThCkHWr.exe
  C:\Windows\System\ThCkHWr.exe
  2⤵
  PID:6716
- C:\Windows\System\WXSJfUF.exe
  C:\Windows\System\WXSJfUF.exe
  2⤵
  PID:6732
- C:\Windows\System\QZNMoJC.exe
  C:\Windows\System\QZNMoJC.exe
  2⤵
  PID:6748
- C:\Windows\System\NgZkoVV.exe
  C:\Windows\System\NgZkoVV.exe
  2⤵
  PID:6764
- C:\Windows\System\eVueLBH.exe
  C:\Windows\System\eVueLBH.exe
  2⤵
  PID:6780
- C:\Windows\System\XYsvLHG.exe
  C:\Windows\System\XYsvLHG.exe
  2⤵
  PID:6796
- C:\Windows\System\oqmGqsP.exe
  C:\Windows\System\oqmGqsP.exe
  2⤵
  PID:6812
- C:\Windows\System\wWjYTcS.exe
  C:\Windows\System\wWjYTcS.exe
  2⤵
  PID:6828
- C:\Windows\System\BDjMToZ.exe
  C:\Windows\System\BDjMToZ.exe
  2⤵
  PID:6844
- C:\Windows\System\SelCGLX.exe
  C:\Windows\System\SelCGLX.exe
  2⤵
  PID:6860
- C:\Windows\System\UWueodG.exe
  C:\Windows\System\UWueodG.exe
  2⤵
  PID:6876
- C:\Windows\System\FdLeqZZ.exe
  C:\Windows\System\FdLeqZZ.exe
  2⤵
  PID:6892
- C:\Windows\System\rpiglLi.exe
  C:\Windows\System\rpiglLi.exe
  2⤵
  PID:6908
- C:\Windows\System\vrpGTVp.exe
  C:\Windows\System\vrpGTVp.exe
  2⤵
  PID:6924
- C:\Windows\System\ThxLdjP.exe
  C:\Windows\System\ThxLdjP.exe
  2⤵
  PID:6940
- C:\Windows\System\dcDbjWB.exe
  C:\Windows\System\dcDbjWB.exe
  2⤵
  PID:6956
- C:\Windows\System\BaYshzE.exe
  C:\Windows\System\BaYshzE.exe
  2⤵
  PID:6972
- C:\Windows\System\mFveXlP.exe
  C:\Windows\System\mFveXlP.exe
  2⤵
  PID:6988
- C:\Windows\System\BcJNBuV.exe
  C:\Windows\System\BcJNBuV.exe
  2⤵
  PID:7004
- C:\Windows\System\NEBxkaP.exe
  C:\Windows\System\NEBxkaP.exe
  2⤵
  PID:7020
- C:\Windows\System\PXlKpPg.exe
  C:\Windows\System\PXlKpPg.exe
  2⤵
  PID:7036
- C:\Windows\System\zFutklO.exe
  C:\Windows\System\zFutklO.exe
  2⤵
  PID:7052
- C:\Windows\System\xsKjiPX.exe
  C:\Windows\System\xsKjiPX.exe
  2⤵
  PID:7068
- C:\Windows\System\yHLECTt.exe
  C:\Windows\System\yHLECTt.exe
  2⤵
  PID:7084
- C:\Windows\System\LNCVJMj.exe
  C:\Windows\System\LNCVJMj.exe
  2⤵
  PID:7100
- C:\Windows\System\ynKFGdG.exe
  C:\Windows\System\ynKFGdG.exe
  2⤵
  PID:7116
- C:\Windows\System\pBWYtmW.exe
  C:\Windows\System\pBWYtmW.exe
  2⤵
  PID:7132
- C:\Windows\System\tlYhieD.exe
  C:\Windows\System\tlYhieD.exe
  2⤵
  PID:7148
- C:\Windows\System\kxMoruu.exe
  C:\Windows\System\kxMoruu.exe
  2⤵
  PID:7164
- C:\Windows\System\PVnrIxw.exe
  C:\Windows\System\PVnrIxw.exe
  2⤵
  PID:5180
- C:\Windows\System\TBPxjXh.exe
  C:\Windows\System\TBPxjXh.exe
  2⤵
  PID:5320
- C:\Windows\System\qaqjXcQ.exe
  C:\Windows\System\qaqjXcQ.exe
  2⤵
  PID:5512
- C:\Windows\System\fHIPbHs.exe
  C:\Windows\System\fHIPbHs.exe
  2⤵
  PID:6228
- C:\Windows\System\nwDJZnp.exe
  C:\Windows\System\nwDJZnp.exe
  2⤵
  PID:6288
- C:\Windows\System\XKUESAc.exe
  C:\Windows\System\XKUESAc.exe
  2⤵
  PID:1572
- C:\Windows\System\GpFbTlk.exe
  C:\Windows\System\GpFbTlk.exe
  2⤵
  PID:5256
- C:\Windows\System\Mhflygq.exe
  C:\Windows\System\Mhflygq.exe
  2⤵
  PID:5468
- C:\Windows\System\PdKUUFB.exe
  C:\Windows\System\PdKUUFB.exe
  2⤵
  PID:6180
- C:\Windows\System\okxROet.exe
  C:\Windows\System\okxROet.exe
  2⤵
  PID:6356
- C:\Windows\System\GOFlJsL.exe
  C:\Windows\System\GOFlJsL.exe
  2⤵
  PID:6308
- C:\Windows\System\WSHaxRi.exe
  C:\Windows\System\WSHaxRi.exe
  2⤵
  PID:5244
- C:\Windows\System\hQdzOZp.exe
  C:\Windows\System\hQdzOZp.exe
  2⤵
  PID:6244
- C:\Windows\System\oROYxhz.exe
  C:\Windows\System\oROYxhz.exe
  2⤵
  PID:6340
- C:\Windows\System\ZXXkRIA.exe
  C:\Windows\System\ZXXkRIA.exe
  2⤵
  PID:6452
- C:\Windows\System\RUlGhmk.exe
  C:\Windows\System\RUlGhmk.exe
  2⤵
  PID:6436
- C:\Windows\System\WgvOUra.exe
  C:\Windows\System\WgvOUra.exe
  2⤵
  PID:6516
- C:\Windows\System\WjZhsbW.exe
  C:\Windows\System\WjZhsbW.exe
  2⤵
  PID:6500
- C:\Windows\System\UttRIww.exe
  C:\Windows\System\UttRIww.exe
  2⤵
  PID:6580
- C:\Windows\System\ihnDBwK.exe
  C:\Windows\System\ihnDBwK.exe
  2⤵
  PID:6560
- C:\Windows\System\TYpPjcw.exe
  C:\Windows\System\TYpPjcw.exe
  2⤵
  PID:6632
- C:\Windows\System\DZvglns.exe
  C:\Windows\System\DZvglns.exe
  2⤵
  PID:6676
- C:\Windows\System\MICwKjw.exe
  C:\Windows\System\MICwKjw.exe
  2⤵
  PID:6696
- C:\Windows\System\VCrGsUl.exe
  C:\Windows\System\VCrGsUl.exe
  2⤵
  PID:6744
- C:\Windows\System\PEviljb.exe
  C:\Windows\System\PEviljb.exe
  2⤵
  PID:6788
- C:\Windows\System\kCaTEoi.exe
  C:\Windows\System\kCaTEoi.exe
  2⤵
  PID:6808
- C:\Windows\System\wsxAcFD.exe
  C:\Windows\System\wsxAcFD.exe
  2⤵
  PID:6868
- C:\Windows\System\EKaFsio.exe
  C:\Windows\System\EKaFsio.exe
  2⤵
  PID:6884
- C:\Windows\System\NsiRQjK.exe
  C:\Windows\System\NsiRQjK.exe
  2⤵
  PID:6916
- C:\Windows\System\ElXWbZO.exe
  C:\Windows\System\ElXWbZO.exe
  2⤵
  PID:6820
- C:\Windows\System\GTDzeKS.exe
  C:\Windows\System\GTDzeKS.exe
  2⤵
  PID:6964
- C:\Windows\System\wveKHeX.exe
  C:\Windows\System\wveKHeX.exe
  2⤵
  PID:6984
- C:\Windows\System\EjJqrmz.exe
  C:\Windows\System\EjJqrmz.exe
  2⤵
  PID:7032
- C:\Windows\System\RKXKzDN.exe
  C:\Windows\System\RKXKzDN.exe
  2⤵
  PID:7048
- C:\Windows\System\SBAGwEs.exe
  C:\Windows\System\SBAGwEs.exe
  2⤵
  PID:7108
- C:\Windows\System\PziqOSC.exe
  C:\Windows\System\PziqOSC.exe
  2⤵
  PID:7124
- C:\Windows\System\mLlvLgX.exe
  C:\Windows\System\mLlvLgX.exe
  2⤵
  PID:7144
- C:\Windows\System\FlyOrcZ.exe
  C:\Windows\System\FlyOrcZ.exe
  2⤵
  PID:6092
- C:\Windows\System\ZMfSQMn.exe
  C:\Windows\System\ZMfSQMn.exe
  2⤵
  PID:6164
- C:\Windows\System\dWqwvNh.exe
  C:\Windows\System\dWqwvNh.exe
  2⤵
  PID:6256
- C:\Windows\System\MkjUgmy.exe
  C:\Windows\System\MkjUgmy.exe
  2⤵
  PID:6148
- C:\Windows\System\vfByjPC.exe
  C:\Windows\System\vfByjPC.exe
  2⤵
  PID:6352
- C:\Windows\System\lQjVbya.exe
  C:\Windows\System\lQjVbya.exe
  2⤵
  PID:6404
- C:\Windows\System\mhdXWvb.exe
  C:\Windows\System\mhdXWvb.exe
  2⤵
  PID:6372
- C:\Windows\System\iGjOmeN.exe
  C:\Windows\System\iGjOmeN.exe
  2⤵
  PID:6512
- C:\Windows\System\hUtDnxo.exe
  C:\Windows\System\hUtDnxo.exe
  2⤵
  PID:6548
- C:\Windows\System\FBdbqDs.exe
  C:\Windows\System\FBdbqDs.exe
  2⤵
  PID:6660
- C:\Windows\System\VsBfBwc.exe
  C:\Windows\System\VsBfBwc.exe
  2⤵
  PID:6612
- C:\Windows\System\MiaHgeb.exe
  C:\Windows\System\MiaHgeb.exe
  2⤵
  PID:6740
- C:\Windows\System\cjOeQJp.exe
  C:\Windows\System\cjOeQJp.exe
  2⤵
  PID:6772
- C:\Windows\System\dkcyGCe.exe
  C:\Windows\System\dkcyGCe.exe
  2⤵
  PID:6900
- C:\Windows\System\FInHnlw.exe
  C:\Windows\System\FInHnlw.exe
  2⤵
  PID:6080
- C:\Windows\System\QBigrzf.exe
  C:\Windows\System\QBigrzf.exe
  2⤵
  PID:6952
- C:\Windows\System\TuyDnhX.exe
  C:\Windows\System\TuyDnhX.exe
  2⤵
  PID:7092
- C:\Windows\System\ZEqwLUb.exe
  C:\Windows\System\ZEqwLUb.exe
  2⤵
  PID:6996
- C:\Windows\System\oedvPOp.exe
  C:\Windows\System\oedvPOp.exe
  2⤵
  PID:6000
- C:\Windows\System\DSCoLxa.exe
  C:\Windows\System\DSCoLxa.exe
  2⤵
  PID:4280
- C:\Windows\System\LgrnFEe.exe
  C:\Windows\System\LgrnFEe.exe
  2⤵
  PID:6416
- C:\Windows\System\xcjZSHT.exe
  C:\Windows\System\xcjZSHT.exe
  2⤵
  PID:6708
- C:\Windows\System\vLKtuXt.exe
  C:\Windows\System\vLKtuXt.exe
  2⤵
  PID:5208
- C:\Windows\System\fzvJEbp.exe
  C:\Windows\System\fzvJEbp.exe
  2⤵
  PID:6304
- C:\Windows\System\SSudIqv.exe
  C:\Windows\System\SSudIqv.exe
  2⤵
  PID:6728
- C:\Windows\System\GqlPKQf.exe
  C:\Windows\System\GqlPKQf.exe
  2⤵
  PID:6856
- C:\Windows\System\okKhCXu.exe
  C:\Windows\System\okKhCXu.exe
  2⤵
  PID:7140
- C:\Windows\System\KIcFGNR.exe
  C:\Windows\System\KIcFGNR.exe
  2⤵
  PID:6596
- C:\Windows\System\BTaBYZz.exe
  C:\Windows\System\BTaBYZz.exe
  2⤵
  PID:7044
- C:\Windows\System\BtwavdJ.exe
  C:\Windows\System\BtwavdJ.exe
  2⤵
  PID:6592
- C:\Windows\System\xEbXFgV.exe
  C:\Windows\System\xEbXFgV.exe
  2⤵
  PID:6320
- C:\Windows\System\sDDbXfc.exe
  C:\Windows\System\sDDbXfc.exe
  2⤵
  PID:6852
- C:\Windows\System\dtokDvq.exe
  C:\Windows\System\dtokDvq.exe
  2⤵
  PID:7156
- C:\Windows\System\dhrobiG.exe
  C:\Windows\System\dhrobiG.exe
  2⤵
  PID:7028
- C:\Windows\System\yaybaaY.exe
  C:\Windows\System\yaybaaY.exe
  2⤵
  PID:6692
- C:\Windows\System\NhDjIsE.exe
  C:\Windows\System\NhDjIsE.exe
  2⤵
  PID:6384
- C:\Windows\System\kIeJZpV.exe
  C:\Windows\System\kIeJZpV.exe
  2⤵
  PID:7184
- C:\Windows\System\UYkMwiS.exe
  C:\Windows\System\UYkMwiS.exe
  2⤵
  PID:7200
- C:\Windows\System\DBOBaXR.exe
  C:\Windows\System\DBOBaXR.exe
  2⤵
  PID:7216
- C:\Windows\System\cJtWRpn.exe
  C:\Windows\System\cJtWRpn.exe
  2⤵
  PID:7232
- C:\Windows\System\NstdsLG.exe
  C:\Windows\System\NstdsLG.exe
  2⤵
  PID:7248
- C:\Windows\System\mKlSaxd.exe
  C:\Windows\System\mKlSaxd.exe
  2⤵
  PID:7264
- C:\Windows\System\ctxONST.exe
  C:\Windows\System\ctxONST.exe
  2⤵
  PID:7280
- C:\Windows\System\CJXrRqN.exe
  C:\Windows\System\CJXrRqN.exe
  2⤵
  PID:7296
- C:\Windows\System\uOJbiWf.exe
  C:\Windows\System\uOJbiWf.exe
  2⤵
  PID:7312
- C:\Windows\System\gCeTcfr.exe
  C:\Windows\System\gCeTcfr.exe
  2⤵
  PID:7328
- C:\Windows\System\vuvcSCt.exe
  C:\Windows\System\vuvcSCt.exe
  2⤵
  PID:7344
- C:\Windows\System\NydqNdq.exe
  C:\Windows\System\NydqNdq.exe
  2⤵
  PID:7360
- C:\Windows\System\nvbzbGJ.exe
  C:\Windows\System\nvbzbGJ.exe
  2⤵
  PID:7376
- C:\Windows\System\wYuVpnr.exe
  C:\Windows\System\wYuVpnr.exe
  2⤵
  PID:7392
- C:\Windows\System\tJzFdce.exe
  C:\Windows\System\tJzFdce.exe
  2⤵
  PID:7408
- C:\Windows\System\tYKCGrZ.exe
  C:\Windows\System\tYKCGrZ.exe
  2⤵
  PID:7424
- C:\Windows\System\fYoLJFb.exe
  C:\Windows\System\fYoLJFb.exe
  2⤵
  PID:7440
- C:\Windows\System\RQnTeGU.exe
  C:\Windows\System\RQnTeGU.exe
  2⤵
  PID:7456
- C:\Windows\System\YxuQJsH.exe
  C:\Windows\System\YxuQJsH.exe
  2⤵
  PID:7472
- C:\Windows\System\kQhBynZ.exe
  C:\Windows\System\kQhBynZ.exe
  2⤵
  PID:7488
- C:\Windows\System\wIfjbvt.exe
  C:\Windows\System\wIfjbvt.exe
  2⤵
  PID:7504
- C:\Windows\System\cmhOvwg.exe
  C:\Windows\System\cmhOvwg.exe
  2⤵
  PID:7520
- C:\Windows\System\odhAbrN.exe
  C:\Windows\System\odhAbrN.exe
  2⤵
  PID:7536
- C:\Windows\System\eQiYtRa.exe
  C:\Windows\System\eQiYtRa.exe
  2⤵
  PID:7552
- C:\Windows\System\yUVJRac.exe
  C:\Windows\System\yUVJRac.exe
  2⤵
  PID:7568
- C:\Windows\System\lqedxPq.exe
  C:\Windows\System\lqedxPq.exe
  2⤵
  PID:7584
- C:\Windows\System\bfOznYr.exe
  C:\Windows\System\bfOznYr.exe
  2⤵
  PID:7600
- C:\Windows\System\QoFRzsJ.exe
  C:\Windows\System\QoFRzsJ.exe
  2⤵
  PID:7616
- C:\Windows\System\dnwMesW.exe
  C:\Windows\System\dnwMesW.exe
  2⤵
  PID:7632
- C:\Windows\System\XpMScOq.exe
  C:\Windows\System\XpMScOq.exe
  2⤵
  PID:7648
- C:\Windows\System\RZclPlP.exe
  C:\Windows\System\RZclPlP.exe
  2⤵
  PID:7664
- C:\Windows\System\zLaIWBD.exe
  C:\Windows\System\zLaIWBD.exe
  2⤵
  PID:7680
- C:\Windows\System\nhHfnpY.exe
  C:\Windows\System\nhHfnpY.exe
  2⤵
  PID:7696
- C:\Windows\System\NmnOoUM.exe
  C:\Windows\System\NmnOoUM.exe
  2⤵
  PID:7712
- C:\Windows\System\TKgNDfo.exe
  C:\Windows\System\TKgNDfo.exe
  2⤵
  PID:7728
- C:\Windows\System\fUDAMIX.exe
  C:\Windows\System\fUDAMIX.exe
  2⤵
  PID:7744
- C:\Windows\System\uARPKVU.exe
  C:\Windows\System\uARPKVU.exe
  2⤵
  PID:7760
- C:\Windows\System\fnUmJfj.exe
  C:\Windows\System\fnUmJfj.exe
  2⤵
  PID:7776
- C:\Windows\System\dgRTLjq.exe
  C:\Windows\System\dgRTLjq.exe
  2⤵
  PID:7792
- C:\Windows\System\chWwxXb.exe
  C:\Windows\System\chWwxXb.exe
  2⤵
  PID:7808
- C:\Windows\System\XCZvyyG.exe
  C:\Windows\System\XCZvyyG.exe
  2⤵
  PID:7824
- C:\Windows\System\tuJFeju.exe
  C:\Windows\System\tuJFeju.exe
  2⤵
  PID:7840
- C:\Windows\System\EtdzxLN.exe
  C:\Windows\System\EtdzxLN.exe
  2⤵
  PID:7856
- C:\Windows\System\jyCcGLy.exe
  C:\Windows\System\jyCcGLy.exe
  2⤵
  PID:7872
- C:\Windows\System\Bnwdjvi.exe
  C:\Windows\System\Bnwdjvi.exe
  2⤵
  PID:7888
- C:\Windows\System\boJouii.exe
  C:\Windows\System\boJouii.exe
  2⤵
  PID:7904
- C:\Windows\System\PZcxDLO.exe
  C:\Windows\System\PZcxDLO.exe
  2⤵
  PID:7920
- C:\Windows\System\eOLGHRM.exe
  C:\Windows\System\eOLGHRM.exe
  2⤵
  PID:7940
- C:\Windows\System\HMrXnVN.exe
  C:\Windows\System\HMrXnVN.exe
  2⤵
  PID:7956
- C:\Windows\System\zEvRwIc.exe
  C:\Windows\System\zEvRwIc.exe
  2⤵
  PID:7972
- C:\Windows\System\afCEpQZ.exe
  C:\Windows\System\afCEpQZ.exe
  2⤵
  PID:7988
- C:\Windows\System\YPZrCxg.exe
  C:\Windows\System\YPZrCxg.exe
  2⤵
  PID:8004
- C:\Windows\System\pqiPhiv.exe
  C:\Windows\System\pqiPhiv.exe
  2⤵
  PID:8020
- C:\Windows\System\hvoAJlM.exe
  C:\Windows\System\hvoAJlM.exe
  2⤵
  PID:8036
- C:\Windows\System\ZMOPEHa.exe
  C:\Windows\System\ZMOPEHa.exe
  2⤵
  PID:8052
- C:\Windows\System\VStetnF.exe
  C:\Windows\System\VStetnF.exe
  2⤵
  PID:8068
- C:\Windows\System\QtcqNpu.exe
  C:\Windows\System\QtcqNpu.exe
  2⤵
  PID:8084
- C:\Windows\System\YHquVOU.exe
  C:\Windows\System\YHquVOU.exe
  2⤵
  PID:8100
- C:\Windows\System\OHRycdB.exe
  C:\Windows\System\OHRycdB.exe
  2⤵
  PID:8116
- C:\Windows\System\mGNuUag.exe
  C:\Windows\System\mGNuUag.exe
  2⤵
  PID:8132
- C:\Windows\System\LrnrdDf.exe
  C:\Windows\System\LrnrdDf.exe
  2⤵
  PID:8148
- C:\Windows\System\hnKTHFd.exe
  C:\Windows\System\hnKTHFd.exe
  2⤵
  PID:8164
- C:\Windows\System\kxXWZbO.exe
  C:\Windows\System\kxXWZbO.exe
  2⤵
  PID:8180
- C:\Windows\System\SnchMEo.exe
  C:\Windows\System\SnchMEo.exe
  2⤵
  PID:6804
- C:\Windows\System\sghcbWe.exe
  C:\Windows\System\sghcbWe.exe
  2⤵
  PID:7224
- C:\Windows\System\qhCmAIH.exe
  C:\Windows\System\qhCmAIH.exe
  2⤵
  PID:6932
- C:\Windows\System\XvgITJX.exe
  C:\Windows\System\XvgITJX.exe
  2⤵
  PID:7208
- C:\Windows\System\cWgXPoZ.exe
  C:\Windows\System\cWgXPoZ.exe
  2⤵
  PID:7288
- C:\Windows\System\NetlUmI.exe
  C:\Windows\System\NetlUmI.exe
  2⤵
  PID:7352
- C:\Windows\System\kyaaHFR.exe
  C:\Windows\System\kyaaHFR.exe
  2⤵
  PID:7416
- C:\Windows\System\wwyfxdv.exe
  C:\Windows\System\wwyfxdv.exe
  2⤵
  PID:7480
- C:\Windows\System\tNXzbRi.exe
  C:\Windows\System\tNXzbRi.exe
  2⤵
  PID:7276
- C:\Windows\System\LhrmAcp.exe
  C:\Windows\System\LhrmAcp.exe
  2⤵
  PID:7548
- C:\Windows\System\wJTmITA.exe
  C:\Windows\System\wJTmITA.exe
  2⤵
  PID:7580
- C:\Windows\System\YygKrxR.exe
  C:\Windows\System\YygKrxR.exe
  2⤵
  PID:7644
- C:\Windows\System\Iienuoo.exe
  C:\Windows\System\Iienuoo.exe
  2⤵
  PID:7708
- C:\Windows\System\KnGvhZv.exe
  C:\Windows\System\KnGvhZv.exe
  2⤵
  PID:7496
- C:\Windows\System\kQUYjxX.exe
  C:\Windows\System\kQUYjxX.exe
  2⤵
  PID:7736
- C:\Windows\System\WpxrtaQ.exe
  C:\Windows\System\WpxrtaQ.exe
  2⤵
  PID:7688
- C:\Windows\System\uXOfZoP.exe
  C:\Windows\System\uXOfZoP.exe
  2⤵
  PID:7404
- C:\Windows\System\TzgEsRU.exe
  C:\Windows\System\TzgEsRU.exe
  2⤵
  PID:7528
- C:\Windows\System\UHlNnPb.exe
  C:\Windows\System\UHlNnPb.exe
  2⤵
  PID:7724
- C:\Windows\System\DXZYQeY.exe
  C:\Windows\System\DXZYQeY.exe
  2⤵
  PID:7768
- C:\Windows\System\IdDlHuQ.exe
  C:\Windows\System\IdDlHuQ.exe
  2⤵
  PID:7832
- C:\Windows\System\XdEgBOu.exe
  C:\Windows\System\XdEgBOu.exe
  2⤵
  PID:7896
- C:\Windows\System\wSBzTYX.exe
  C:\Windows\System\wSBzTYX.exe
  2⤵
  PID:7936
- C:\Windows\System\iTyqnTP.exe
  C:\Windows\System\iTyqnTP.exe
  2⤵
  PID:7912
- C:\Windows\System\BvsJQom.exe
  C:\Windows\System\BvsJQom.exe
  2⤵
  PID:7884
- C:\Windows\System\HiqppAa.exe
  C:\Windows\System\HiqppAa.exe
  2⤵
  PID:7952
- C:\Windows\System\LBYILyX.exe
  C:\Windows\System\LBYILyX.exe
  2⤵
  PID:7980
- C:\Windows\System\JSDswlC.exe
  C:\Windows\System\JSDswlC.exe
  2⤵
  PID:8012
- C:\Windows\System\XBpiZRv.exe
  C:\Windows\System\XBpiZRv.exe
  2⤵
  PID:8064
- C:\Windows\System\RQKdnkV.exe
  C:\Windows\System\RQKdnkV.exe
  2⤵
  PID:8048
- C:\Windows\System\Seybvac.exe
  C:\Windows\System\Seybvac.exe
  2⤵
  PID:8128
- C:\Windows\System\Xnsyafy.exe
  C:\Windows\System\Xnsyafy.exe
  2⤵
  PID:8188
- C:\Windows\System\aAtNadL.exe
  C:\Windows\System\aAtNadL.exe
  2⤵
  PID:7244
- C:\Windows\System\YwTSnxL.exe
  C:\Windows\System\YwTSnxL.exe
  2⤵
  PID:8172
- C:\Windows\System\wlsSXWH.exe
  C:\Windows\System\wlsSXWH.exe
  2⤵
  PID:7512
- C:\Windows\System\nJfURUy.exe
  C:\Windows\System\nJfURUy.exe
  2⤵
  PID:7368
- C:\Windows\System\yRdfCRB.exe
  C:\Windows\System\yRdfCRB.exe
  2⤵
  PID:7320
- C:\Windows\System\mLwrzau.exe
  C:\Windows\System\mLwrzau.exe
  2⤵
  PID:7272
- C:\Windows\System\lBSyXuZ.exe
  C:\Windows\System\lBSyXuZ.exe
  2⤵
  PID:7372
- C:\Windows\System\FBIigZg.exe
  C:\Windows\System\FBIigZg.exe
  2⤵
  PID:7448
- C:\Windows\System\ieqcQRB.exe
  C:\Windows\System\ieqcQRB.exe
  2⤵
  PID:7544
- C:\Windows\System\ySTVLOQ.exe
  C:\Windows\System\ySTVLOQ.exe
  2⤵
  PID:7628
- C:\Windows\System\EXifPhs.exe
  C:\Windows\System\EXifPhs.exe
  2⤵
  PID:7740
- C:\Windows\System\XkMpBel.exe
  C:\Windows\System\XkMpBel.exe
  2⤵
  PID:7784
- C:\Windows\System\OoJmAZy.exe
  C:\Windows\System\OoJmAZy.exe
  2⤵
  PID:7996
- C:\Windows\System\WjqmsvQ.exe
  C:\Windows\System\WjqmsvQ.exe
  2⤵
  PID:8096
- C:\Windows\System\OEaikOu.exe
  C:\Windows\System\OEaikOu.exe
  2⤵
  PID:7864
- C:\Windows\System\WhlCnOX.exe
  C:\Windows\System\WhlCnOX.exe
  2⤵
  PID:7704
- C:\Windows\System\FElohuk.exe
  C:\Windows\System\FElohuk.exe
  2⤵
  PID:8076
- C:\Windows\System\XdQWEME.exe
  C:\Windows\System\XdQWEME.exe
  2⤵
  PID:8044
- C:\Windows\System\kWImymS.exe
  C:\Windows\System\kWImymS.exe
  2⤵
  PID:8144
- C:\Windows\System\dqZjswP.exe
  C:\Windows\System\dqZjswP.exe
  2⤵
  PID:7612
- C:\Windows\System\DMifCFb.exe
  C:\Windows\System\DMifCFb.exe
  2⤵
  PID:7968
- C:\Windows\System\YtjgLLN.exe
  C:\Windows\System\YtjgLLN.exe
  2⤵
  PID:7256
- C:\Windows\System\BtSVXBF.exe
  C:\Windows\System\BtSVXBF.exe
  2⤵
  PID:8028
- C:\Windows\System\HxwDRWq.exe
  C:\Windows\System\HxwDRWq.exe
  2⤵
  PID:6776
- C:\Windows\System\qDmLBpC.exe
  C:\Windows\System\qDmLBpC.exe
  2⤵
  PID:7948
- C:\Windows\System\oIIlkcl.exe
  C:\Windows\System\oIIlkcl.exe
  2⤵
  PID:7500
- C:\Windows\System\qTQVDom.exe
  C:\Windows\System\qTQVDom.exe
  2⤵
  PID:7928
- C:\Windows\System\GRwpcMb.exe
  C:\Windows\System\GRwpcMb.exe
  2⤵
  PID:8208
- C:\Windows\System\JqBnYfA.exe
  C:\Windows\System\JqBnYfA.exe
  2⤵
  PID:8224
- C:\Windows\System\THDuUUp.exe
  C:\Windows\System\THDuUUp.exe
  2⤵
  PID:8240
- C:\Windows\System\KNQbiGE.exe
  C:\Windows\System\KNQbiGE.exe
  2⤵
  PID:8256
- C:\Windows\System\gAOWgyh.exe
  C:\Windows\System\gAOWgyh.exe
  2⤵
  PID:8272
- C:\Windows\System\GPZDKAP.exe
  C:\Windows\System\GPZDKAP.exe
  2⤵
  PID:8288
- C:\Windows\System\emyUYaD.exe
  C:\Windows\System\emyUYaD.exe
  2⤵
  PID:8304
- C:\Windows\System\HIQltvm.exe
  C:\Windows\System\HIQltvm.exe
  2⤵
  PID:8320
- C:\Windows\System\eATqWsi.exe
  C:\Windows\System\eATqWsi.exe
  2⤵
  PID:8336
- C:\Windows\System\hFWZQer.exe
  C:\Windows\System\hFWZQer.exe
  2⤵
  PID:8352
- C:\Windows\System\pOQBhFP.exe
  C:\Windows\System\pOQBhFP.exe
  2⤵
  PID:8368
- C:\Windows\System\TeZjjbm.exe
  C:\Windows\System\TeZjjbm.exe
  2⤵
  PID:8384
- C:\Windows\System\dLmaITg.exe
  C:\Windows\System\dLmaITg.exe
  2⤵
  PID:8400
- C:\Windows\System\frMvOxV.exe
  C:\Windows\System\frMvOxV.exe
  2⤵
  PID:8416
- C:\Windows\System\tVYwstr.exe
  C:\Windows\System\tVYwstr.exe
  2⤵
  PID:8432
- C:\Windows\System\CjYsaPX.exe
  C:\Windows\System\CjYsaPX.exe
  2⤵
  PID:8448
- C:\Windows\System\AdNONcw.exe
  C:\Windows\System\AdNONcw.exe
  2⤵
  PID:8464
- C:\Windows\System\VyipiSW.exe
  C:\Windows\System\VyipiSW.exe
  2⤵
  PID:8480
- C:\Windows\System\NyqiBZc.exe
  C:\Windows\System\NyqiBZc.exe
  2⤵
  PID:8496
- C:\Windows\System\NpMhVLG.exe
  C:\Windows\System\NpMhVLG.exe
  2⤵
  PID:8512
- C:\Windows\System\IREiEbJ.exe
  C:\Windows\System\IREiEbJ.exe
  2⤵
  PID:8528
- C:\Windows\System\yYNDxJu.exe
  C:\Windows\System\yYNDxJu.exe
  2⤵
  PID:8544
- C:\Windows\System\MKKojPp.exe
  C:\Windows\System\MKKojPp.exe
  2⤵
  PID:8560
- C:\Windows\System\rRcfkZJ.exe
  C:\Windows\System\rRcfkZJ.exe
  2⤵
  PID:8576
- C:\Windows\System\NvFnYyP.exe
  C:\Windows\System\NvFnYyP.exe
  2⤵
  PID:8592
- C:\Windows\System\FySULrn.exe
  C:\Windows\System\FySULrn.exe
  2⤵
  PID:8608
- C:\Windows\System\RVIhzlZ.exe
  C:\Windows\System\RVIhzlZ.exe
  2⤵
  PID:8624
- C:\Windows\System\IirqXDy.exe
  C:\Windows\System\IirqXDy.exe
  2⤵
  PID:8640
- C:\Windows\System\MONrOpR.exe
  C:\Windows\System\MONrOpR.exe
  2⤵
  PID:8656
- C:\Windows\System\ytdKNAt.exe
  C:\Windows\System\ytdKNAt.exe
  2⤵
  PID:8672
- C:\Windows\System\ZCZqMZt.exe
  C:\Windows\System\ZCZqMZt.exe
  2⤵
  PID:8688
- C:\Windows\System\AnKXOzp.exe
  C:\Windows\System\AnKXOzp.exe
  2⤵
  PID:8704
- C:\Windows\System\vTgZbET.exe
  C:\Windows\System\vTgZbET.exe
  2⤵
  PID:8720
- C:\Windows\System\SHyrHqV.exe
  C:\Windows\System\SHyrHqV.exe
  2⤵
  PID:8736
- C:\Windows\System\zTomRZL.exe
  C:\Windows\System\zTomRZL.exe
  2⤵
  PID:8752
- C:\Windows\System\pFnamFP.exe
  C:\Windows\System\pFnamFP.exe
  2⤵
  PID:8768
- C:\Windows\System\xDeqMQw.exe
  C:\Windows\System\xDeqMQw.exe
  2⤵
  PID:8784
- C:\Windows\System\EAgQumY.exe
  C:\Windows\System\EAgQumY.exe
  2⤵
  PID:8800
- C:\Windows\System\rkNTdQf.exe
  C:\Windows\System\rkNTdQf.exe
  2⤵
  PID:8816
- C:\Windows\System\CAcyeZl.exe
  C:\Windows\System\CAcyeZl.exe
  2⤵
  PID:8832
- C:\Windows\System\CzSRItX.exe
  C:\Windows\System\CzSRItX.exe
  2⤵
  PID:8848
- C:\Windows\System\yAVEfsU.exe
  C:\Windows\System\yAVEfsU.exe
  2⤵
  PID:8864
- C:\Windows\System\RxsOMTH.exe
  C:\Windows\System\RxsOMTH.exe
  2⤵
  PID:8880
- C:\Windows\System\hPCEtsk.exe
  C:\Windows\System\hPCEtsk.exe
  2⤵
  PID:8896
- C:\Windows\System\zqRORSG.exe
  C:\Windows\System\zqRORSG.exe
  2⤵
  PID:8912
- C:\Windows\System\cSTQDrt.exe
  C:\Windows\System\cSTQDrt.exe
  2⤵
  PID:8928
- C:\Windows\System\HSqObkS.exe
  C:\Windows\System\HSqObkS.exe
  2⤵
  PID:8948
- C:\Windows\System\OOfkpYY.exe
  C:\Windows\System\OOfkpYY.exe
  2⤵
  PID:8964
- C:\Windows\System\gaCgSyy.exe
  C:\Windows\System\gaCgSyy.exe
  2⤵
  PID:8980
- C:\Windows\System\wSiBWiO.exe
  C:\Windows\System\wSiBWiO.exe
  2⤵
  PID:8996
- C:\Windows\System\apILaTE.exe
  C:\Windows\System\apILaTE.exe
  2⤵
  PID:9012
- C:\Windows\System\CahZtEZ.exe
  C:\Windows\System\CahZtEZ.exe
  2⤵
  PID:9028
- C:\Windows\System\vSkwKhl.exe
  C:\Windows\System\vSkwKhl.exe
  2⤵
  PID:9044
- C:\Windows\System\qpWOrgH.exe
  C:\Windows\System\qpWOrgH.exe
  2⤵
  PID:9060
- C:\Windows\System\lzvmliL.exe
  C:\Windows\System\lzvmliL.exe
  2⤵
  PID:9076
- C:\Windows\System\QDkWuUT.exe
  C:\Windows\System\QDkWuUT.exe
  2⤵
  PID:9092
- C:\Windows\System\uXBGEuH.exe
  C:\Windows\System\uXBGEuH.exe
  2⤵
  PID:9108
- C:\Windows\System\TeYgGsn.exe
  C:\Windows\System\TeYgGsn.exe
  2⤵
  PID:9124
- C:\Windows\System\mWYIOkV.exe
  C:\Windows\System\mWYIOkV.exe
  2⤵
  PID:9140
- C:\Windows\System\eoFdoXS.exe
  C:\Windows\System\eoFdoXS.exe
  2⤵
  PID:9156
- C:\Windows\System\GzdcRfm.exe
  C:\Windows\System\GzdcRfm.exe
  2⤵
  PID:9172
- C:\Windows\System\LyUoFLy.exe
  C:\Windows\System\LyUoFLy.exe
  2⤵
  PID:9188
- C:\Windows\System\MoytbyI.exe
  C:\Windows\System\MoytbyI.exe
  2⤵
  PID:9204
- C:\Windows\System\GLiTjvJ.exe
  C:\Windows\System\GLiTjvJ.exe
  2⤵
  PID:8216
- C:\Windows\System\JOybFuI.exe
  C:\Windows\System\JOybFuI.exe
  2⤵
  PID:8248
- C:\Windows\System\CKPGXXE.exe
  C:\Windows\System\CKPGXXE.exe
  2⤵
  PID:7564
- C:\Windows\System\XuzpFFu.exe
  C:\Windows\System\XuzpFFu.exe
  2⤵
  PID:7240
- C:\Windows\System\ofMVnTC.exe
  C:\Windows\System\ofMVnTC.exe
  2⤵
  PID:7196
- C:\Windows\System\dQQZVAf.exe
  C:\Windows\System\dQQZVAf.exe
  2⤵
  PID:8268
- C:\Windows\System\yHSFNZU.exe
  C:\Windows\System\yHSFNZU.exe
  2⤵
  PID:8312
- C:\Windows\System\FfdhgkN.exe
  C:\Windows\System\FfdhgkN.exe
  2⤵
  PID:8376
- C:\Windows\System\nRXOvyP.exe
  C:\Windows\System\nRXOvyP.exe
  2⤵
  PID:8380
- C:\Windows\System\xDaXFLg.exe
  C:\Windows\System\xDaXFLg.exe
  2⤵
  PID:8444
- C:\Windows\System\vDVYBmS.exe
  C:\Windows\System\vDVYBmS.exe
  2⤵
  PID:8508
- C:\Windows\System\PREokkB.exe
  C:\Windows\System\PREokkB.exe
  2⤵
  PID:8572
- C:\Windows\System\Xzhexsn.exe
  C:\Windows\System\Xzhexsn.exe
  2⤵
  PID:8332
- C:\Windows\System\bOIvCXE.exe
  C:\Windows\System\bOIvCXE.exe
  2⤵
  PID:8588
- C:\Windows\System\RwYDXay.exe
  C:\Windows\System\RwYDXay.exe
  2⤵
  PID:8696
- C:\Windows\System\wmWPYpl.exe
  C:\Windows\System\wmWPYpl.exe
  2⤵
  PID:8520
- C:\Windows\System\UIKJRog.exe
  C:\Windows\System\UIKJRog.exe
  2⤵
  PID:8584
- C:\Windows\System\DGNPJEs.exe
  C:\Windows\System\DGNPJEs.exe
  2⤵
  PID:8428
- C:\Windows\System\bmUydOc.exe
  C:\Windows\System\bmUydOc.exe
  2⤵
  PID:8764
- C:\Windows\System\PwmotCX.exe
  C:\Windows\System\PwmotCX.exe
  2⤵
  PID:8616
- C:\Windows\System\kTOLJOO.exe
  C:\Windows\System\kTOLJOO.exe
  2⤵
  PID:8556
- C:\Windows\System\rySnnjT.exe
  C:\Windows\System\rySnnjT.exe
  2⤵
  PID:8860
- C:\Windows\System\FZkWSbj.exe
  C:\Windows\System\FZkWSbj.exe
  2⤵
  PID:8924
- C:\Windows\System\SGzRxgy.exe
  C:\Windows\System\SGzRxgy.exe
  2⤵
  PID:8872
- C:\Windows\System\MFOBqgc.exe
  C:\Windows\System\MFOBqgc.exe
  2⤵
  PID:8748
- C:\Windows\System\SCtJlRV.exe
  C:\Windows\System\SCtJlRV.exe
  2⤵
  PID:8808
- C:\Windows\System\gIsEyLu.exe
  C:\Windows\System\gIsEyLu.exe
  2⤵
  PID:8876
- C:\Windows\System\OgxRPVW.exe
  C:\Windows\System\OgxRPVW.exe
  2⤵
  PID:8972
- C:\Windows\System\prQaapx.exe
  C:\Windows\System\prQaapx.exe
  2⤵
  PID:8992
- C:\Windows\System\gujlEGg.exe
  C:\Windows\System\gujlEGg.exe
  2⤵
  PID:9024
- C:\Windows\System\KKHjexG.exe
  C:\Windows\System\KKHjexG.exe
  2⤵
  PID:9088
- C:\Windows\System\dJqSOwA.exe
  C:\Windows\System\dJqSOwA.exe
  2⤵
  PID:9100
- C:\Windows\System\JjUiyYi.exe
  C:\Windows\System\JjUiyYi.exe
  2⤵
  PID:9040
- C:\Windows\System\gnkRjDe.exe
  C:\Windows\System\gnkRjDe.exe
  2⤵
  PID:9136
- C:\Windows\System\TyBTEZP.exe
  C:\Windows\System\TyBTEZP.exe
  2⤵
  PID:9184
- C:\Windows\System\IOWHUfS.exe
  C:\Windows\System\IOWHUfS.exe
  2⤵
  PID:8252
- C:\Windows\System\iYWjLfq.exe
  C:\Windows\System\iYWjLfq.exe
  2⤵
  PID:8200
- C:\Windows\System\QzPjNvr.exe
  C:\Windows\System\QzPjNvr.exe
  2⤵
  PID:8476
- C:\Windows\System\JzHIPTg.exe
  C:\Windows\System\JzHIPTg.exe
  2⤵
  PID:9200
- C:\Windows\System\ashlXOC.exe
  C:\Windows\System\ashlXOC.exe
  2⤵
  PID:8348
- C:\Windows\System\wZBWfdS.exe
  C:\Windows\System\wZBWfdS.exe
  2⤵
  PID:8264
- C:\Windows\System\AYlzEXu.exe
  C:\Windows\System\AYlzEXu.exe
  2⤵
  PID:8668
- C:\Windows\System\KrAWPCu.exe
  C:\Windows\System\KrAWPCu.exe
  2⤵
  PID:8540
- C:\Windows\System\zBoarRt.exe
  C:\Windows\System\zBoarRt.exe
  2⤵
  PID:8524
- C:\Windows\System\WuscBwn.exe
  C:\Windows\System\WuscBwn.exe
  2⤵
  PID:8488
- C:\Windows\System\iYQXVxV.exe
  C:\Windows\System\iYQXVxV.exe
  2⤵
  PID:8716
- C:\Windows\System\dczoACA.exe
  C:\Windows\System\dczoACA.exe
  2⤵
  PID:8796
- C:\Windows\System\dnIfyVU.exe
  C:\Windows\System\dnIfyVU.exe
  2⤵
  PID:8712
- C:\Windows\System\jUQyxze.exe
  C:\Windows\System\jUQyxze.exe
  2⤵
  PID:8960
- C:\Windows\System\tSFuoGO.exe
  C:\Windows\System\tSFuoGO.exe
  2⤵
  PID:9132
- C:\Windows\System\WREOWOe.exe
  C:\Windows\System\WREOWOe.exe
  2⤵
  PID:7800
- C:\Windows\System\mmeXdUm.exe
  C:\Windows\System\mmeXdUm.exe
  2⤵
  PID:9004
- C:\Windows\System\rEXrRpV.exe
  C:\Windows\System\rEXrRpV.exe
  2⤵
  PID:9020
- C:\Windows\System\FnQHfef.exe
  C:\Windows\System\FnQHfef.exe
  2⤵
  PID:9072
- C:\Windows\System\XMvLPyP.exe
  C:\Windows\System\XMvLPyP.exe
  2⤵
  PID:8296
- C:\Windows\System\cpZogOG.exe
  C:\Windows\System\cpZogOG.exe
  2⤵
  PID:8284
- C:\Windows\System\UbFBbnZ.exe
  C:\Windows\System\UbFBbnZ.exe
  2⤵
  PID:8620
- C:\Windows\System\bDZsGQt.exe
  C:\Windows\System\bDZsGQt.exe
  2⤵
  PID:8840
- C:\Windows\System\soRDgFm.exe
  C:\Windows\System\soRDgFm.exe
  2⤵
  PID:8412
- C:\Windows\System\WeYkObD.exe
  C:\Windows\System\WeYkObD.exe
  2⤵
  PID:8636
- C:\Windows\System\szTygEv.exe
  C:\Windows\System\szTygEv.exe
  2⤵
  PID:9164
- C:\Windows\System\SVLvlra.exe
  C:\Windows\System\SVLvlra.exe
  2⤵
  PID:9168
- C:\Windows\System\LMyNgLM.exe
  C:\Windows\System\LMyNgLM.exe
  2⤵
  PID:9180
- C:\Windows\System\jEeYNHf.exe
  C:\Windows\System\jEeYNHf.exe
  2⤵
  PID:8700
- C:\Windows\System\ucJOIuz.exe
  C:\Windows\System\ucJOIuz.exe
  2⤵
  PID:8760
- C:\Windows\System\fZtpLqa.exe
  C:\Windows\System\fZtpLqa.exe
  2⤵
  PID:8440
- C:\Windows\System\fPXCJpc.exe
  C:\Windows\System\fPXCJpc.exe
  2⤵
  PID:8920
- C:\Windows\System\GXnbKDg.exe
  C:\Windows\System\GXnbKDg.exe
  2⤵
  PID:9232
- C:\Windows\System\kqqpkdZ.exe
  C:\Windows\System\kqqpkdZ.exe
  2⤵
  PID:9248
- C:\Windows\System\fojVKZS.exe
  C:\Windows\System\fojVKZS.exe
  2⤵
  PID:9264
- C:\Windows\System\EVcWxju.exe
  C:\Windows\System\EVcWxju.exe
  2⤵
  PID:9284
- C:\Windows\System\tqyEnxS.exe
  C:\Windows\System\tqyEnxS.exe
  2⤵
  PID:9300
- C:\Windows\System\SGCwaeu.exe
  C:\Windows\System\SGCwaeu.exe
  2⤵
  PID:9316
- C:\Windows\System\WhxcCYE.exe
  C:\Windows\System\WhxcCYE.exe
  2⤵
  PID:9332
- C:\Windows\System\LHuOMJE.exe
  C:\Windows\System\LHuOMJE.exe
  2⤵
  PID:9348
- C:\Windows\System\pnojzxc.exe
  C:\Windows\System\pnojzxc.exe
  2⤵
  PID:9364
- C:\Windows\System\sdAXDbk.exe
  C:\Windows\System\sdAXDbk.exe
  2⤵
  PID:9384
- C:\Windows\System\rqwCAiU.exe
  C:\Windows\System\rqwCAiU.exe
  2⤵
  PID:9400
- C:\Windows\System\GIJTIIO.exe
  C:\Windows\System\GIJTIIO.exe
  2⤵
  PID:9416
- C:\Windows\System\tHXvKvf.exe
  C:\Windows\System\tHXvKvf.exe
  2⤵
  PID:9432
- C:\Windows\System\QrbulVz.exe
  C:\Windows\System\QrbulVz.exe
  2⤵
  PID:9448
- C:\Windows\System\xCqClJT.exe
  C:\Windows\System\xCqClJT.exe
  2⤵
  PID:9464
- C:\Windows\System\pvcbjie.exe
  C:\Windows\System\pvcbjie.exe
  2⤵
  PID:9480
- C:\Windows\System\rQqTzTh.exe
  C:\Windows\System\rQqTzTh.exe
  2⤵
  PID:9496
- C:\Windows\System\YprXJpC.exe
  C:\Windows\System\YprXJpC.exe
  2⤵
  PID:9512
- C:\Windows\System\XAWBwtM.exe
  C:\Windows\System\XAWBwtM.exe
  2⤵
  PID:9528
- C:\Windows\System\EjgFVWS.exe
  C:\Windows\System\EjgFVWS.exe
  2⤵
  PID:9544
- C:\Windows\System\ZryXugX.exe
  C:\Windows\System\ZryXugX.exe
  2⤵
  PID:9560
- C:\Windows\System\xIdONjG.exe
  C:\Windows\System\xIdONjG.exe
  2⤵
  PID:9576
- C:\Windows\System\anRjDiE.exe
  C:\Windows\System\anRjDiE.exe
  2⤵
  PID:9592
- C:\Windows\System\kqcKoea.exe
  C:\Windows\System\kqcKoea.exe
  2⤵
  PID:9608
- C:\Windows\System\qlWlvFt.exe
  C:\Windows\System\qlWlvFt.exe
  2⤵
  PID:9624
- C:\Windows\System\MBqoflA.exe
  C:\Windows\System\MBqoflA.exe
  2⤵
  PID:9640
- C:\Windows\System\USqRdhq.exe
  C:\Windows\System\USqRdhq.exe
  2⤵
  PID:9656
- C:\Windows\System\RlFPNrI.exe
  C:\Windows\System\RlFPNrI.exe
  2⤵
  PID:9676
- C:\Windows\System\qehvIKP.exe
  C:\Windows\System\qehvIKP.exe
  2⤵
  PID:9692
- C:\Windows\System\YOjAXxQ.exe
  C:\Windows\System\YOjAXxQ.exe
  2⤵
  PID:9708
- C:\Windows\System\kpJtkfH.exe
  C:\Windows\System\kpJtkfH.exe
  2⤵
  PID:9724
- C:\Windows\System\VNmYsjt.exe
  C:\Windows\System\VNmYsjt.exe
  2⤵
  PID:9740
- C:\Windows\System\JuAbglY.exe
  C:\Windows\System\JuAbglY.exe
  2⤵
  PID:9756
- C:\Windows\System\YjjZPbB.exe
  C:\Windows\System\YjjZPbB.exe
  2⤵
  PID:9772
- C:\Windows\System\NHVyJRd.exe
  C:\Windows\System\NHVyJRd.exe
  2⤵
  PID:9788
- C:\Windows\System\pYHvqpe.exe
  C:\Windows\System\pYHvqpe.exe
  2⤵
  PID:9804
- C:\Windows\System\PVDRHWl.exe
  C:\Windows\System\PVDRHWl.exe
  2⤵
  PID:9820
- C:\Windows\System\RcKtslo.exe
  C:\Windows\System\RcKtslo.exe
  2⤵
  PID:9840
- C:\Windows\System\dzQMyeT.exe
  C:\Windows\System\dzQMyeT.exe
  2⤵
  PID:9860
- C:\Windows\System\oPMfyWw.exe
  C:\Windows\System\oPMfyWw.exe
  2⤵
  PID:9876
- C:\Windows\System\cQcJXHy.exe
  C:\Windows\System\cQcJXHy.exe
  2⤵
  PID:9892
- C:\Windows\System\jyAVZeH.exe
  C:\Windows\System\jyAVZeH.exe
  2⤵
  PID:9908
- C:\Windows\System\GWdDsrr.exe
  C:\Windows\System\GWdDsrr.exe
  2⤵
  PID:9924
- C:\Windows\System\qxMzKao.exe
  C:\Windows\System\qxMzKao.exe
  2⤵
  PID:9940
- C:\Windows\System\whrvBoG.exe
  C:\Windows\System\whrvBoG.exe
  2⤵
  PID:9956
- C:\Windows\System\PdSfJfq.exe
  C:\Windows\System\PdSfJfq.exe
  2⤵
  PID:9972
- C:\Windows\System\VyIQIDE.exe
  C:\Windows\System\VyIQIDE.exe
  2⤵
  PID:9988
- C:\Windows\System\dNFViVz.exe
  C:\Windows\System\dNFViVz.exe
  2⤵
  PID:10004
- C:\Windows\System\MNYPqZG.exe
  C:\Windows\System\MNYPqZG.exe
  2⤵
  PID:10020
- C:\Windows\System\mHbdMFt.exe
  C:\Windows\System\mHbdMFt.exe
  2⤵
  PID:10036
- C:\Windows\System\gBYIopU.exe
  C:\Windows\System\gBYIopU.exe
  2⤵
  PID:10052
- C:\Windows\System\nuxgktl.exe
  C:\Windows\System\nuxgktl.exe
  2⤵
  PID:10068
- C:\Windows\System\HQZLexG.exe
  C:\Windows\System\HQZLexG.exe
  2⤵
  PID:10084
- C:\Windows\System\exmQBvm.exe
  C:\Windows\System\exmQBvm.exe
  2⤵
  PID:10100
- C:\Windows\System\LqOSAHG.exe
  C:\Windows\System\LqOSAHG.exe
  2⤵
  PID:10116
- C:\Windows\System\uLQkGJm.exe
  C:\Windows\System\uLQkGJm.exe
  2⤵
  PID:10132
- C:\Windows\System\ylVgzhT.exe
  C:\Windows\System\ylVgzhT.exe
  2⤵
  PID:10148
- C:\Windows\System\nfmhUrk.exe
  C:\Windows\System\nfmhUrk.exe
  2⤵
  PID:10164
- C:\Windows\System\rvwgQOP.exe
  C:\Windows\System\rvwgQOP.exe
  2⤵
  PID:10180
- C:\Windows\System\WJDJvKI.exe
  C:\Windows\System\WJDJvKI.exe
  2⤵
  PID:10196
- C:\Windows\System\KcgTXSO.exe
  C:\Windows\System\KcgTXSO.exe
  2⤵
  PID:10212
- C:\Windows\System\pdHEKOv.exe
  C:\Windows\System\pdHEKOv.exe
  2⤵
  PID:10228
- C:\Windows\System\BfwDjyO.exe
  C:\Windows\System\BfwDjyO.exe
  2⤵
  PID:9240
- C:\Windows\System\mFOQzqh.exe
  C:\Windows\System\mFOQzqh.exe
  2⤵
  PID:8908
- C:\Windows\System\YzbpxOt.exe
  C:\Windows\System\YzbpxOt.exe
  2⤵
  PID:9056
- C:\Windows\System\Mmuigbk.exe
  C:\Windows\System\Mmuigbk.exe
  2⤵
  PID:8936
- C:\Windows\System\KddiOkt.exe
  C:\Windows\System\KddiOkt.exe
  2⤵
  PID:9276
- C:\Windows\System\emhqalX.exe
  C:\Windows\System\emhqalX.exe
  2⤵
  PID:9328
- C:\Windows\System\qxlFBVP.exe
  C:\Windows\System\qxlFBVP.exe
  2⤵
  PID:9312
- C:\Windows\System\ooMZSTz.exe
  C:\Windows\System\ooMZSTz.exe
  2⤵
  PID:9380
- C:\Windows\System\HJgNQBe.exe
  C:\Windows\System\HJgNQBe.exe
  2⤵
  PID:9396
- C:\Windows\System\rPCNXDX.exe
  C:\Windows\System\rPCNXDX.exe
  2⤵
  PID:9476
- C:\Windows\System\NLMyYxC.exe
  C:\Windows\System\NLMyYxC.exe
  2⤵
  PID:9540
- C:\Windows\System\nTqxRJS.exe
  C:\Windows\System\nTqxRJS.exe
  2⤵
  PID:9604
- C:\Windows\System\zLuiwLp.exe
  C:\Windows\System\zLuiwLp.exe
  2⤵
  PID:9672
- C:\Windows\System\JeeuHif.exe
  C:\Windows\System\JeeuHif.exe
  2⤵
  PID:9520
- C:\Windows\System\edupAUt.exe
  C:\Windows\System\edupAUt.exe
  2⤵
  PID:9652
- C:\Windows\System\kJlPKvE.exe
  C:\Windows\System\kJlPKvE.exe
  2⤵
  PID:9424
- C:\Windows\System\XZzWvmY.exe
  C:\Windows\System\XZzWvmY.exe
  2⤵
  PID:9704
- C:\Windows\System\ZNOHkDk.exe
  C:\Windows\System\ZNOHkDk.exe
  2⤵
  PID:9688
- C:\Windows\System\HzvsOAY.exe
  C:\Windows\System\HzvsOAY.exe
  2⤵
  PID:9736
- C:\Windows\System\VMSJcSm.exe
  C:\Windows\System\VMSJcSm.exe
  2⤵
  PID:9768
- C:\Windows\System\NGgRxSm.exe
  C:\Windows\System\NGgRxSm.exe
  2⤵
  PID:9800
- C:\Windows\System\dwLsExA.exe
  C:\Windows\System\dwLsExA.exe
  2⤵
  PID:9832
- C:\Windows\System\SMGHqGB.exe
  C:\Windows\System\SMGHqGB.exe
  2⤵
  PID:9852
- C:\Windows\System\ZGwrSHm.exe
  C:\Windows\System\ZGwrSHm.exe
  2⤵
  PID:9900
- C:\Windows\System\iwOxiPu.exe
  C:\Windows\System\iwOxiPu.exe
  2⤵
  PID:9932
- C:\Windows\System\MamtqHJ.exe
  C:\Windows\System\MamtqHJ.exe
  2⤵
  PID:9964
- C:\Windows\System\aNbRNmm.exe
  C:\Windows\System\aNbRNmm.exe
  2⤵
  PID:9952
- C:\Windows\System\EbLMEnj.exe
  C:\Windows\System\EbLMEnj.exe
  2⤵
  PID:10096
- C:\Windows\System\OPoKRLp.exe
  C:\Windows\System\OPoKRLp.exe
  2⤵
  PID:10172
- C:\Windows\System\sTePBZG.exe
  C:\Windows\System\sTePBZG.exe
  2⤵
  PID:10224
- C:\Windows\System\PrCZZuz.exe
  C:\Windows\System\PrCZZuz.exe
  2⤵
  PID:9256
- C:\Windows\System\fENdaYB.exe
  C:\Windows\System\fENdaYB.exe
  2⤵
  PID:8364
- C:\Windows\System\jGycinP.exe
  C:\Windows\System\jGycinP.exe
  2⤵
  PID:9324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AbwBtVj.exe

Filesize
6.1MB

MD5
4b92de34f29ebe9b86e63a50b4c57e94

SHA1
535c0e0589646acbf9fe116c87224b3eecf8950c

SHA256
21917a2eef433f8331915547cba39cad496a52b629f9e7c7a2a1d05b82fb3db6

SHA512
dd17d84b09cad46071f92e708d76fe7cb4b8c9f960db0df89ced6d7568718982fd97a1fa1b68b785c8cfa15765bbb9ad221db29b0aa97cd3311e33ae1d2a00e3

Download Submit
C:\Windows\system\FQOUVeT.exe

Filesize
6.1MB

MD5
691a41c417b46e167450aca077bbc296

SHA1
1243d549ce11981b51e58bd82ec4400ebece79d9

SHA256
c1e4c328d4b055e08b74462645d8c532a747d68ac54c1c3a9d907f0e3136579f

SHA512
e02e7b7159868d0c74283b59f9170132d0b669643335a5683ea4fdf599b0ab6f361bd98e3c2f367c82aa4dff09d66405b985b1c5515fca9b9360ab91c43f6f75

Download Submit
C:\Windows\system\LaXIRJB.exe

Filesize
6.1MB

MD5
3c019164cb649dfe84e7fc5bb1445fb1

SHA1
b22947c96634e02e60a913ac8beff3ab056c7aa9

SHA256
5d6fd07c81a46af3687aaa4a25e0fa781df2bcfd96feb8eac98a9dab2ed19f22

SHA512
538ef95231d93958cc5e95c9b2ff10d3f125b5a1ed32d2283da40f05ca74d2cb58d5b35d89a783aa72a416c8f8b53ef9a0304f2a0cf5c8b4a9697dfda597435a

Download Submit
C:\Windows\system\OXgNKTX.exe

Filesize
6.1MB

MD5
b4ce7d25943f6334713b53b515535d67

SHA1
94f0ddb636d55f821d364eb68d6792fba5089869

SHA256
2a602e46e1fe70f7d39864dba856f32df17f70d2a179224b32d1fd56acddacbc

SHA512
90fc465e32ee933bad2c680dc6808ef7525eaf2a14a3c6bf0bc715345f315579d42ba14f4befb4bf4c88c1babb38e364708c6420e46b2dc0b2682a3686935a8f

Download Submit
C:\Windows\system\TKVADWH.exe

Filesize
6.1MB

MD5
85915f5ad460c5bc611b1a2327545985

SHA1
c53c853fdc3dc3ba33c85202422b4ab4312176e2

SHA256
3fc831e721d397b59e6794b09fb4adc5ca18ad887921f793bdf92c4fc94f861d

SHA512
c6c4e1b83adb80c05e2789d5e4b5223d5e066a6452babbd0f3a9fc96ad740ee407bf183790b0ecab6fb29798375f3096af9c455bf3c04e603682e5e6166f0c56

Download Submit
C:\Windows\system\YTKMQBx.exe

Filesize
6.1MB

MD5
5611dc94c26c899a0cec152230de690f

SHA1
05f5a8cfbb40957578ad7c78d42cb111d1111aac

SHA256
da6df0aa8d71353796c58bee2fbef61c3fded5c34fa39ebc2cdf304f83304ef1

SHA512
082c70922b714ee36e5641332e6c68278b580e00427789646673982c419f090afe621b1f981a92f5291fc37142224a6a4002817da99305b3b81f7b09e3d02a18

Download Submit
C:\Windows\system\ZsDLZST.exe

Filesize
6.1MB

MD5
8d92da78f00793811c1288cd4c20b4c1

SHA1
776fccd13a1c676e53312257ba9ea067713ba9cb

SHA256
cf6d2266232772c11743ecf3d2dc45421de5d1da10b1a458e495934f4de2e4e2

SHA512
b131bfc869c09fdea5cd1ae35db15436a53452c5b860018777eeaaeaa45c81980d8c2d598bb6c63947809fa0ac302732467c7baf7ae5050eb255fbe699d3ad15

Download Submit
C:\Windows\system\dJUjgPz.exe

Filesize
6.1MB

MD5
9b0e41116fb4d9e6535feb0e68afbe4a

SHA1
50e32edbe4d94063ec18dff00cb6117d380b2f1c

SHA256
d9945ca51d952d05dbf67d23b0f3a71656366475b95da842bd4501adbb8e8d8c

SHA512
cda8be1a092024f3303593cbc144f0392285f66be017e8296d81cd4cb4f3fd06bc99d4c42e88855cbd46a0186289ccb1aa480644064acf5514d2be5505619716

Download Submit
C:\Windows\system\dLfvBAz.exe

Filesize
6.1MB

MD5
0ef3a8a2097fe4b1aae88b2a79d486eb

SHA1
4c5d429a994cd3885754d8b135acd20a6eddb874

SHA256
0b5cf2e8c53c479e398d39202abe2ab8c707426cc2c03e8922f839f53db2a0a6

SHA512
8e08a30e26f7532b66aac71af6835ee73567cbf1d20cede9df02bb20b99d7e64330bcb2f790f195c05fa1af144e03c52d32dfd2e914860555b3c44577a4a0853

Download Submit
C:\Windows\system\hOhtJZS.exe

Filesize
6.1MB

MD5
5ca9a8d02435a8cc8053112fbcc51f0f

SHA1
3acec8acccc2985c579fe95469f7bc53928e0de4

SHA256
186ada7a6d49664af196bf9b0322b9b79402f07eb303eaa1b16599e940702488

SHA512
531b766c1a7d130e1f55b2d932e8e70dd06fd83b5b4fd552ab029df623f439197c7e0590c86d93a65972e32eb4b690b89ac99be309c9ddc19c69ca23c2f9ee05

Download Submit
C:\Windows\system\jnKlinD.exe

Filesize
6.1MB

MD5
6243ab683d1efa792e82462b1b2ae432

SHA1
0b6ab5b34dee3218ff04de77950a40d3db039c78

SHA256
5de799ae9457e52acb9c44c6c444f68005725abfd59d14f181dc762335abedaa

SHA512
e5e55b3e9d81584af616bd5ed50334af708c02aaf41b0edaed72940ce2c61b8761fc19920ed70678e887232dff0764d72c1042bfe9a1847b027e88310300144a

Download Submit
C:\Windows\system\lLakjFI.exe

Filesize
6.1MB

MD5
72ab6f6f71a9951cadff79de77ae2aca

SHA1
6c88953bbd4b5726ed2cae128dc1a1ebec7c1b13

SHA256
166d31714a6365149490e20b762f83b57d6d96bdd6299ed3779466c4bf8932af

SHA512
78b3b29e94b1195a985c9531e70601ba8bd66373b0b668855182e6468d285aa9c5d2798c2c559ddebd911bec02c2205c449d74932964c345a2a2006d8b1d5940

Download Submit
C:\Windows\system\nafqHFS.exe

Filesize
6.1MB

MD5
e2eef9c0266f8176d22f8b3204b737b0

SHA1
b519061cbbe15e0cb0aa07010d2b27880c1a31b8

SHA256
cc1be73308e57f43f15dad7a3886839dd1ccd9c2a21001d48fa734d0cd75fb2c

SHA512
65cf8f3aec70733104e90c1b699340cdfed74fa9907254292b6722a224b640d9986e9c61d20c3b53cc77dcd6929376002e9ea5b9748ee5cd174031754e4549ec

Download Submit
C:\Windows\system\phRTjCK.exe

Filesize
6.1MB

MD5
176b1108ee1294e4e1f9e5ce62ef9a3b

SHA1
9e0d038cc200c91ccbbc3b4b092909681a1cd578

SHA256
69ef9a86a7e4f31192db560647444c6a14bda51803f8dc693a8ec190850cafee

SHA512
2965f0f875fcf5152f7bd9fa1669964948d64e26cbbf2baa71e621578bcde63233b36a6ce49ec2180cae8020b42d4db8dc9ce54cb21f80227995c59ca89602dd

Download Submit
C:\Windows\system\pkABLAW.exe

Filesize
6.1MB

MD5
9cb99fa4a5eb79cd7d0860f9fe6f1934

SHA1
2bdea44aeed5e5494ea503b6ecefaff230127db4

SHA256
b5a827ddff067e077f5511bfe93392e7e972a0693118f652933437786b213057

SHA512
0b502d2ec54ab1e4017306873f6dad3ff19c774a8e81477751a9139c55dc79e53c3544391b42884c97ab4716501b473793b81f71796f84f52a2d53ee539ac506

Download Submit
C:\Windows\system\pxVHUJc.exe

Filesize
6.1MB

MD5
65d1e728c940a0b7f962e84b94909412

SHA1
8db2c355a4f0cd0d2699206e95e49e0904705717

SHA256
232966f457c4954d3c30d42bd03d561cf7127bb0be9dda8185632533e00c20bf

SHA512
2eb7de0729266e0846c869185d813e260da8bd31fe7bd0fd7fe241de57eef9a45a3ab29d64020d5df4e4456aa2646d5ca9b9b87f36e364b1af9d8a8356d59044

Download Submit
C:\Windows\system\qkHKSSi.exe

Filesize
6.1MB

MD5
d83a9cb2880278727588de294bee6317

SHA1
bb1f342685b7c17cad309c072b683e0d5dc5a05a

SHA256
4a12e727745b437f4f984a46714b2173cf6c972f1ae3978568f1a42ca4e13be3

SHA512
ff792d2443a01be2e395ac42414f57e99c5e8adf352feaabc29f5cb0958be62cf0cf810823189c8e7cdd2dc044608a07916c0b56358c703c16fc0c62f38b0036

Download Submit
C:\Windows\system\qxOhcec.exe

Filesize
6.1MB

MD5
2c387bd36ccd3347340c4004a571fd71

SHA1
4f8a362968f751b30064e4edfacba369f93a632c

SHA256
ab5efa7be0ec4793c51ccdb18f049f66f431edaf6adecd9bf125af01d0b038f9

SHA512
d6ccde2655f6236e4e28afcaae9e5f71b297570b00c6451e06113caed48595a2795c8e9fe2a3648271f2e32f03655fd450e2aeda860850cd2f0dad1fb3f32449

Download Submit
C:\Windows\system\sFGuuEm.exe

Filesize
6.1MB

MD5
e24c115c9eef38a2227c27ddf1171192

SHA1
09e0c3ed642bf468fc89841f35cc32dc38323a21

SHA256
0d14a0e9c2d1e02ccbc8634dd638ccbe564e2bb86b5d7378d8669164abe46e72

SHA512
40d667191fd3fa87f052e7cb5a6e394e668923b5987c2b69ccbe0eb1667d28a4f2697a59f02c1fb4563359dd1e94678bcff05982a6d7b89c87feedf6c69fbc7b

Download Submit
C:\Windows\system\swfeKvY.exe

Filesize
6.1MB

MD5
2832c00bf079a69449bca513170d2bb9

SHA1
5c2fb54d0244e4de80b3728792a39027b6fc9407

SHA256
d2af08d4e19d1c0c63d8bc7201a91d7be5e061801d330ece4ccc6b2f03784cd7

SHA512
0b5c55a7ac645ee7614ccba8fa17c8f20859c46af129159b497c2840d896e14b24397332c624399ace8fae0e4d7a309fe0cb874695a4fcf6b5b88138be60c63f

Download Submit
C:\Windows\system\txrHhLT.exe

Filesize
6.1MB

MD5
79cae8fdeed7bb3dbfe01f0612f84ada

SHA1
3ea4109f87597435527b022562574b5365085580

SHA256
06e79c2b31b42d337f0b5d47e1a10c180191ffe75eb6ac9ec31d89e4ab594f38

SHA512
3c9cd1e7da104cff30d91a4fab088c716942ec649db07557c1df1bcd6d64b3cd190b0ca942613dba6a5fdae11b9a672351ac4895f4d0a1f2087c509d79f27c58

Download Submit
C:\Windows\system\wSsARUU.exe

Filesize
6.1MB

MD5
5ecd98a1b411fa80e017549bd193c25c

SHA1
491d22eb00b3a812fe902583fb93154f7144af58

SHA256
700e7b34ae70ab886b66967f72fa089bcbf7f3144c333efc8a946b70265325d6

SHA512
7b3a104776cfe525f2ae3ad9d1e0608c83f3c1335aff8f6de666c428dd44f383a76de747445c814c54f51a7365864028f61f634a9ca8027160a944f122f01405

Download Submit
C:\Windows\system\wnNBxFM.exe

Filesize
6.1MB

MD5
12555dda68d9274725811c9eaaf78669

SHA1
53ac5bc6b60a6714465ea6add12cdd5aaa770cf7

SHA256
cc4e8454c508111256bde56cd2f656f3453c86a048d0cc6e45c382e12ee29e0b

SHA512
3bbd39b16f219ef4debe80db05e53546b215357496858ea2ec1258b483f31bc86c4b91d6bebd63a164b671bddfd2f69cf3be6dea56c65877040062e27bdd8174

Download Submit
C:\Windows\system\yLtfxfP.exe

Filesize
6.1MB

MD5
cd194c4e41ae793a842afc88e14d324b

SHA1
78be8dc09c4895c989ad1c07f9fec45ca157c24f

SHA256
6a5a36cb6c6fb213e77899eb9112b4262e12ca4c008bf31a8c5e9c53eecbcfc3

SHA512
3d765726c3e22ff0693c50c4673551dbe74fe590abb63aaaf40108a3eebc89f8fb04d982fff1be4c6b5fe17da23568bfcc5ca0b3916e2b439eab9d1d9232cd83

Download Submit
\Windows\system\BBCJHFx.exe

Filesize
6.1MB

MD5
5c68e5e552e74d339e2515f552bbd06f

SHA1
5ccb2fdd77c120b0037a67413f94fd048ab9edd3

SHA256
f5275c524332cc03f8dd9dae5bbea9241b6bb78bf82e6043393be24c2de0c899

SHA512
5cf3c35fa0680abe4712707c3b33cd5e239918e65f704495dacbf015b6fb19fac40918fb2140eed37cc0d274a09a2c79d2f71c18041bd8dc9b1cfd6c0a188a8f

Download Submit
\Windows\system\OLHdyvy.exe

Filesize
6.1MB

MD5
13314d8a2c012c6a7cfafbcc5181d9bc

SHA1
880ab793e8a792fe87b5d13bbe7f65950d8ec33b

SHA256
ebbb347718f3a1168e68c2e804b58b5e3314ca906bec91ef0e922d40f8bfc45f

SHA512
3c2fddcc7ad0516fb020da0fb91925a5ac7391871294eb71bc85b9d3b81c7f763415a709c62ceefa82bebd5898f94e97cdccc9b76c1eb196de5fe371d7b13f08

Download Submit
\Windows\system\RBIdRad.exe

Filesize
6.1MB

MD5
2c7e0f47de387cc5191762782d6a1160

SHA1
01323e9c948f6036ea57f7db2f82275e19423b44

SHA256
163e1e7ca97088567d3bf16cd577e8b30080ff8119627c4b899fc04a42ad940c

SHA512
69d682fcc6e2bd2dc6a409a48a95367e94ee0e77d4b843f0cb56b5328d19d7d8cdcaefbd3ecd6d2ff3e9f624b3453859405974a8df62722a8fbed561e2fdd9c3

Download Submit
\Windows\system\YIKhVAK.exe

Filesize
6.1MB

MD5
fc0c5bc475ee87fdc8ba467342e4a914

SHA1
e0788615f9b2c483f32cc05fadc19948f9d45b25

SHA256
e551df26b464a2183f51ac8adeb29caacdc005cfd8576075d3bf53fdc742e9fd

SHA512
46ab25f724e43a3e4f95d1edb41ee7c05fdf65963c0b653b47ff987351ef691fdf650d116af60f8fd62825f457e2741b92c204e0d5228b9cdad8f3c836fac417

Download Submit
\Windows\system\cwqtIhU.exe

Filesize
6.1MB

MD5
51d3295368bfe25a2b7c799016ab7dc4

SHA1
be380028f19b1f6d69f14c9d13b7d7ff23318b58

SHA256
74b30ab37f4a70fd3939dc815a3d392fb144613aa3401359f66db8d8aa78ac1b

SHA512
db066209ae1e727a69d4aeacd8ef91eeb3a019a2c06cdb8c69cb1fdecc62d44b5676076578fbd7d754d5c8a03bd3191ca23660dcf49aaaa0a8b47478518ba468

Download Submit
\Windows\system\daSwrsY.exe

Filesize
6.1MB

MD5
52032e0fbf0af359ba5eca809d2385b5

SHA1
5ca63df380de121f39c589b8094c154fc85c5e19

SHA256
0e3de5da43b5c425d64f52e224162b5866eb27a85bb163fe2c51c954ac6338c4

SHA512
5e918d15d47d760ed2d3ebdfa54e1bab69d435055c7106d6bac0cf2d2f7c9b5c43188ad2488f4610fd09c588c31dbf841966a70eccd7c1d664704eec63020f45

Download Submit
\Windows\system\friUbcA.exe

Filesize
6.1MB

MD5
a0dd58548160739f78bb36fadad007d7

SHA1
19ce0eb9ab4eb307e9197bb2a9b79f8e80d55559

SHA256
1f5e1843bbf643673ce4e8ce884d3799260f95d2814e55de31d295f2ce666ddc

SHA512
f857038d0b455c1ab17db45690673c00143b837ccd9a5e578f6876bb77bfbf2cb52b33fc112fd6162d67312b9d7bc799a69f68de057be81effe7bdb4e4629a53

Download Submit
\Windows\system\yLCbSkW.exe

Filesize
6.1MB

MD5
fd6796741b67caf6f531b17d3b2a2817

SHA1
58e601fa94c79ab0efc3eaf2f0ce27475f983699

SHA256
3de94c7e25e13e1469978632207b751767184d709f680f70131b9fc724ca4981

SHA512
88e61680c4d53c4cc9ef3d4b9555ff13fa13d1291d70df21948b1c56d0374116cb02aee11bd73f99ccb355010b58697877d04278b764124f5288be1cfbaff1df

Download Submit
\Windows\system\zHARLQu.exe

Filesize
6.1MB

MD5
482011d4d841989add1bac8a6b62f139

SHA1
1e1813754e88bc3f9f820673c99feb3bfc1199ec

SHA256
6608975ffef531aad9530ef8269fda84c445bd317986cd8f7e121b719182d838

SHA512
2c00a4a6703a26ea28c430df3bdbff0cd97d9bebcbc0e93628dba9a22674b2462964ccc95404438766cbd744303af6c0f5e666b4b260a87c8091d0d275f5bccb

Download Submit
memory/1096-33-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/1288-555-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/1288-66-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1288-113-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1288-556-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/1288-557-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/1288-0-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/1288-553-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/1288-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/1288-30-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/1288-32-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/1288-31-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1288-73-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/1288-109-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/1288-108-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/1288-22-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/1288-551-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/1288-39-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1288-91-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/1288-90-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/1288-49-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/1288-526-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1288-87-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/1288-56-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1288-102-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1288-65-0x00000000024A0000-0x00000000027F4000-memory.dmp

Filesize
3.3MB

Download
memory/1288-58-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2332-3559-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2332-35-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2332-75-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2540-26-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-97-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3656-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-554-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-74-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3653-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2720-83-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2720-40-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2768-57-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3432-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2780-89-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-552-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3657-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-50-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2892-28-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2944-67-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/3012-64-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/3012-19-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download