cobaltstrike | b7418b0b2470f254305f672ec116ec4a14e899a513ac3e5c1e6fa160b1e9459d

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-09-2024 10:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

f23d09b4dbde03580f51bf6cdbd5625f
SHA1

e186ff83a02f6af0afeb60ec35b44adc5559e2c7
SHA256

b7418b0b2470f254305f672ec116ec4a14e899a513ac3e5c1e6fa160b1e9459d
SHA512

7c64afefb7de7343604751aa3e7eefa85848bc45be4947e141a5e97d388ff4f53c9616f4defc9cc06e8e263739cea3ec97ecde69b2636e08769d1da87f00aa35
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUC:eOl56utgpPF8u/7C

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016edb-8.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173f3-34.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017403-28.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001707c-20.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-67.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-139.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d7-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019485-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019479-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947d-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-127.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174a6-126.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001746a-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-111.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-59.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174c3-58.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017488-57.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 58 IoCs

miner

resource	yara_rule
behavioral1/memory/1620-0-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-6.dat	xmrig
behavioral1/files/0x0008000000016edb-8.dat	xmrig
behavioral1/memory/2548-36-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x00080000000173f3-34.dat	xmrig
behavioral1/memory/1620-32-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2124-31-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x0007000000017403-28.dat	xmrig
behavioral1/memory/2308-26-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2844-25-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/files/0x000800000001707c-20.dat	xmrig
behavioral1/files/0x000500000001929a-67.dat	xmrig
behavioral1/files/0x0005000000019465-139.dat	xmrig
behavioral1/memory/1620-1759-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/960-1622-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/1620-952-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194df-165.dat	xmrig
behavioral1/files/0x00050000000194d7-161.dat	xmrig
behavioral1/files/0x0005000000019485-157.dat	xmrig
behavioral1/files/0x0005000000019479-149.dat	xmrig
behavioral1/files/0x000500000001947d-153.dat	xmrig
behavioral1/files/0x000500000001946a-144.dat	xmrig
behavioral1/files/0x0005000000019450-134.dat	xmrig
behavioral1/files/0x0005000000019433-133.dat	xmrig
behavioral1/files/0x00050000000193b3-132.dat	xmrig
behavioral1/files/0x0005000000019387-131.dat	xmrig
behavioral1/files/0x0005000000019365-130.dat	xmrig
behavioral1/files/0x0005000000019275-128.dat	xmrig
behavioral1/files/0x0005000000019268-127.dat	xmrig
behavioral1/files/0x00080000000174a6-126.dat	xmrig
behavioral1/files/0x000700000001746a-124.dat	xmrig
behavioral1/files/0x00050000000193c1-111.dat	xmrig
behavioral1/memory/960-102-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a4-100.dat	xmrig
behavioral1/files/0x000500000001945b-137.dat	xmrig
behavioral1/memory/2748-89-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019319-81.dat	xmrig
behavioral1/files/0x0005000000019278-79.dat	xmrig
behavioral1/memory/2516-40-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019446-118.dat	xmrig
behavioral1/memory/1620-107-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2600-105-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2860-95-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019377-93.dat	xmrig
behavioral1/memory/2864-86-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x000500000001926c-59.dat	xmrig
behavioral1/files/0x00080000000174c3-58.dat	xmrig
behavioral1/files/0x0007000000017488-57.dat	xmrig
behavioral1/memory/2844-4002-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2548-4004-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2124-4003-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2516-4005-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2864-4008-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2308-4007-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/memory/2860-4006-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2600-4009-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2748-4010-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/960-4011-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2844	pqilgcW.exe
2308	AfulqCn.exe
2124	RySVcCU.exe
2548	YmdOgka.exe
2516	dXwSAQY.exe
2864	xGjFqHn.exe
2748	lYArvNn.exe
2860	PBtAUGY.exe
960	tHDlkGm.exe
2600	ZhsbGqq.exe
2328	OggmwAX.exe
1996	GTiqSgc.exe
992	ZQkFqxi.exe
2040	HASdsbn.exe
2752	WKZMIHg.exe
2800	HEwrVKk.exe
1572	OKLdnpJ.exe
2792	WWeeNxD.exe
2656	hsbDbGX.exe
2676	xicJVyF.exe
2496	qHXgZZk.exe
1908	aELBXVZ.exe
964	umTIAGl.exe
1708	isqZsla.exe
1332	izEdYiq.exe
2924	gAtpzMB.exe
2936	tzilpSl.exe
2276	oTWbUED.exe
580	ARJHEGk.exe
2192	IvFHvvX.exe
2304	dzKiYCd.exe
1176	lwtPxWk.exe
2944	nKDqkHP.exe
688	saXAXvA.exe
956	xaunCcS.exe
1980	FBWeBLk.exe
288	awLsLQB.exe
1648	lWfUPvF.exe
612	zGvJsUu.exe
2180	KXgxwCg.exe
1840	omxcWZg.exe
2092	uLkusSP.exe
1592	BSCeEmU.exe
1584	QLfTtum.exe
940	dIdMezv.exe
1896	UIwGdDH.exe
880	adggovM.exe
2500	cTkttMa.exe
1848	QsXvUbO.exe
2332	soKzsLw.exe
2196	MnTBJXP.exe
1488	jPduimt.exe
1608	YfkbnnP.exe
1860	pGqLxlV.exe
2848	FiqLQSm.exe
2780	bkOWlFo.exe
2608	TkPKffY.exe
2616	BchEHYE.exe
2652	CxHQJyj.exe
1448	mqiZbyh.exe
2828	ZJhGXzu.exe
2916	wBbDTEW.exe
2312	JCzflnG.exe
1940	pIONyoV.exe

Loads dropped DLL 64 IoCs

pid	Process
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1620-0-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x0007000000012118-6.dat	upx
behavioral1/files/0x0008000000016edb-8.dat	upx
behavioral1/memory/2548-36-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x00080000000173f3-34.dat	upx
behavioral1/memory/2124-31-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x0007000000017403-28.dat	upx
behavioral1/memory/2308-26-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2844-25-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/files/0x000800000001707c-20.dat	upx
behavioral1/files/0x000500000001929a-67.dat	upx
behavioral1/files/0x0005000000019465-139.dat	upx
behavioral1/memory/960-1622-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/1620-952-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x00050000000194df-165.dat	upx
behavioral1/files/0x00050000000194d7-161.dat	upx
behavioral1/files/0x0005000000019485-157.dat	upx
behavioral1/files/0x0005000000019479-149.dat	upx
behavioral1/files/0x000500000001947d-153.dat	upx
behavioral1/files/0x000500000001946a-144.dat	upx
behavioral1/files/0x0005000000019450-134.dat	upx
behavioral1/files/0x0005000000019433-133.dat	upx
behavioral1/files/0x00050000000193b3-132.dat	upx
behavioral1/files/0x0005000000019387-131.dat	upx
behavioral1/files/0x0005000000019365-130.dat	upx
behavioral1/files/0x0005000000019275-128.dat	upx
behavioral1/files/0x0005000000019268-127.dat	upx
behavioral1/files/0x00080000000174a6-126.dat	upx
behavioral1/files/0x000700000001746a-124.dat	upx
behavioral1/files/0x00050000000193c1-111.dat	upx
behavioral1/memory/960-102-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x00050000000193a4-100.dat	upx
behavioral1/files/0x000500000001945b-137.dat	upx
behavioral1/memory/2748-89-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x0005000000019319-81.dat	upx
behavioral1/files/0x0005000000019278-79.dat	upx
behavioral1/memory/2516-40-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x0005000000019446-118.dat	upx
behavioral1/memory/2600-105-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2860-95-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0005000000019377-93.dat	upx
behavioral1/memory/2864-86-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x000500000001926c-59.dat	upx
behavioral1/files/0x00080000000174c3-58.dat	upx
behavioral1/files/0x0007000000017488-57.dat	upx
behavioral1/memory/2844-4002-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2548-4004-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2124-4003-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2516-4005-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2864-4008-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2308-4007-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2860-4006-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2600-4009-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2748-4010-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/960-4011-0x000000013F620000-0x000000013F974000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gkUdLHw.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mtEFvKa.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwjinaJ.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSaLtKm.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\URAjVYX.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjJqYsL.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WxjHqyT.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hxiBDqw.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gTJaOyF.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OxxGeDx.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjLjeBn.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KgpnGBM.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qmFfiBQ.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\REbloiz.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MHTbzyt.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DlqcxNo.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cuImasz.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YymjBim.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kZPsHSu.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ptrboTZ.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RSsfHny.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GliTVBE.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LFlfmey.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zqIwypO.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqSvApu.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dDQCVtI.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EEcASdu.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cRCEmIM.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MhlXxSY.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UZnzBql.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LYoOMyC.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jmbjpNU.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hAYJKuf.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HwOWbng.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxLxKzY.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uLsryll.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RnOCMgs.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WeqgkgT.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHNhvsi.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kMrUmDM.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WWVDEvg.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MozBfyH.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VWHhcBx.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KaHFlbE.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JymhWLR.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fFzGQJa.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HNKDihW.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ClwkWaH.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjNFHxe.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uRetEOV.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHQuyVd.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RDuYBnA.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XNcPxEc.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqFpFTW.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHmHjtN.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FtvcZnY.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYfWGmz.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jdMsNow.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWkddxK.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qMdRTQV.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNzfwKC.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JXXxCif.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\edJdZEY.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WWhCSwC.exe	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 2844	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1620 wrote to memory of 2844	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1620 wrote to memory of 2844	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1620 wrote to memory of 2308	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1620 wrote to memory of 2308	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1620 wrote to memory of 2308	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1620 wrote to memory of 2124	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1620 wrote to memory of 2124	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1620 wrote to memory of 2124	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1620 wrote to memory of 2516	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1620 wrote to memory of 2516	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1620 wrote to memory of 2516	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1620 wrote to memory of 2548	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1620 wrote to memory of 2548	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1620 wrote to memory of 2548	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1620 wrote to memory of 2752	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1620 wrote to memory of 2752	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1620 wrote to memory of 2752	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1620 wrote to memory of 2864	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1620 wrote to memory of 2864	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1620 wrote to memory of 2864	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1620 wrote to memory of 2800	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1620 wrote to memory of 2800	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1620 wrote to memory of 2800	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1620 wrote to memory of 2748	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1620 wrote to memory of 2748	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1620 wrote to memory of 2748	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1620 wrote to memory of 1572	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1620 wrote to memory of 1572	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1620 wrote to memory of 1572	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1620 wrote to memory of 2860	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1620 wrote to memory of 2860	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1620 wrote to memory of 2860	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1620 wrote to memory of 2792	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1620 wrote to memory of 2792	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1620 wrote to memory of 2792	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1620 wrote to memory of 960	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1620 wrote to memory of 960	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1620 wrote to memory of 960	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1620 wrote to memory of 2656	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1620 wrote to memory of 2656	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1620 wrote to memory of 2656	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1620 wrote to memory of 2600	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1620 wrote to memory of 2600	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1620 wrote to memory of 2600	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1620 wrote to memory of 2676	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1620 wrote to memory of 2676	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1620 wrote to memory of 2676	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1620 wrote to memory of 2328	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1620 wrote to memory of 2328	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1620 wrote to memory of 2328	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1620 wrote to memory of 2496	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1620 wrote to memory of 2496	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1620 wrote to memory of 2496	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1620 wrote to memory of 1996	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1620 wrote to memory of 1996	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1620 wrote to memory of 1996	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1620 wrote to memory of 1908	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1620 wrote to memory of 1908	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1620 wrote to memory of 1908	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1620 wrote to memory of 992	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1620 wrote to memory of 992	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1620 wrote to memory of 992	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1620 wrote to memory of 964	1620	2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-15_f23d09b4dbde03580f51bf6cdbd5625f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Windows\System\pqilgcW.exe
  C:\Windows\System\pqilgcW.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\AfulqCn.exe
  C:\Windows\System\AfulqCn.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\RySVcCU.exe
  C:\Windows\System\RySVcCU.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\dXwSAQY.exe
  C:\Windows\System\dXwSAQY.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\YmdOgka.exe
  C:\Windows\System\YmdOgka.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\WKZMIHg.exe
  C:\Windows\System\WKZMIHg.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\xGjFqHn.exe
  C:\Windows\System\xGjFqHn.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\HEwrVKk.exe
  C:\Windows\System\HEwrVKk.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\lYArvNn.exe
  C:\Windows\System\lYArvNn.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\OKLdnpJ.exe
  C:\Windows\System\OKLdnpJ.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\PBtAUGY.exe
  C:\Windows\System\PBtAUGY.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\WWeeNxD.exe
  C:\Windows\System\WWeeNxD.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\tHDlkGm.exe
  C:\Windows\System\tHDlkGm.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\hsbDbGX.exe
  C:\Windows\System\hsbDbGX.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\ZhsbGqq.exe
  C:\Windows\System\ZhsbGqq.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\xicJVyF.exe
  C:\Windows\System\xicJVyF.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\OggmwAX.exe
  C:\Windows\System\OggmwAX.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\qHXgZZk.exe
  C:\Windows\System\qHXgZZk.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\GTiqSgc.exe
  C:\Windows\System\GTiqSgc.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\aELBXVZ.exe
  C:\Windows\System\aELBXVZ.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\ZQkFqxi.exe
  C:\Windows\System\ZQkFqxi.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\umTIAGl.exe
  C:\Windows\System\umTIAGl.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\HASdsbn.exe
  C:\Windows\System\HASdsbn.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\isqZsla.exe
  C:\Windows\System\isqZsla.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\izEdYiq.exe
  C:\Windows\System\izEdYiq.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\tzilpSl.exe
  C:\Windows\System\tzilpSl.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\gAtpzMB.exe
  C:\Windows\System\gAtpzMB.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\oTWbUED.exe
  C:\Windows\System\oTWbUED.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\ARJHEGk.exe
  C:\Windows\System\ARJHEGk.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\IvFHvvX.exe
  C:\Windows\System\IvFHvvX.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\dzKiYCd.exe
  C:\Windows\System\dzKiYCd.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\lwtPxWk.exe
  C:\Windows\System\lwtPxWk.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\nKDqkHP.exe
  C:\Windows\System\nKDqkHP.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\saXAXvA.exe
  C:\Windows\System\saXAXvA.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\xaunCcS.exe
  C:\Windows\System\xaunCcS.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\FBWeBLk.exe
  C:\Windows\System\FBWeBLk.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\awLsLQB.exe
  C:\Windows\System\awLsLQB.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\lWfUPvF.exe
  C:\Windows\System\lWfUPvF.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\zGvJsUu.exe
  C:\Windows\System\zGvJsUu.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\KXgxwCg.exe
  C:\Windows\System\KXgxwCg.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\omxcWZg.exe
  C:\Windows\System\omxcWZg.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\uLkusSP.exe
  C:\Windows\System\uLkusSP.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\BSCeEmU.exe
  C:\Windows\System\BSCeEmU.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\adggovM.exe
  C:\Windows\System\adggovM.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\QLfTtum.exe
  C:\Windows\System\QLfTtum.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\cTkttMa.exe
  C:\Windows\System\cTkttMa.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\dIdMezv.exe
  C:\Windows\System\dIdMezv.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\soKzsLw.exe
  C:\Windows\System\soKzsLw.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\UIwGdDH.exe
  C:\Windows\System\UIwGdDH.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\MnTBJXP.exe
  C:\Windows\System\MnTBJXP.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\QsXvUbO.exe
  C:\Windows\System\QsXvUbO.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\jPduimt.exe
  C:\Windows\System\jPduimt.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\YfkbnnP.exe
  C:\Windows\System\YfkbnnP.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\pGqLxlV.exe
  C:\Windows\System\pGqLxlV.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\FiqLQSm.exe
  C:\Windows\System\FiqLQSm.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\bkOWlFo.exe
  C:\Windows\System\bkOWlFo.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\TkPKffY.exe
  C:\Windows\System\TkPKffY.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\BchEHYE.exe
  C:\Windows\System\BchEHYE.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\CxHQJyj.exe
  C:\Windows\System\CxHQJyj.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\mqiZbyh.exe
  C:\Windows\System\mqiZbyh.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\ZJhGXzu.exe
  C:\Windows\System\ZJhGXzu.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\wBbDTEW.exe
  C:\Windows\System\wBbDTEW.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\JCzflnG.exe
  C:\Windows\System\JCzflnG.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\pIONyoV.exe
  C:\Windows\System\pIONyoV.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\OjVfjes.exe
  C:\Windows\System\OjVfjes.exe
  2⤵
  PID:2132
- C:\Windows\System\wXQUynb.exe
  C:\Windows\System\wXQUynb.exe
  2⤵
  PID:2700
- C:\Windows\System\ZndyyTD.exe
  C:\Windows\System\ZndyyTD.exe
  2⤵
  PID:236
- C:\Windows\System\KgpnGBM.exe
  C:\Windows\System\KgpnGBM.exe
  2⤵
  PID:1136
- C:\Windows\System\zjnunqV.exe
  C:\Windows\System\zjnunqV.exe
  2⤵
  PID:1712
- C:\Windows\System\JymhWLR.exe
  C:\Windows\System\JymhWLR.exe
  2⤵
  PID:2580
- C:\Windows\System\UNKrIlM.exe
  C:\Windows\System\UNKrIlM.exe
  2⤵
  PID:1180
- C:\Windows\System\ozPiuur.exe
  C:\Windows\System\ozPiuur.exe
  2⤵
  PID:1548
- C:\Windows\System\cxcWuIV.exe
  C:\Windows\System\cxcWuIV.exe
  2⤵
  PID:784
- C:\Windows\System\rBFAgWx.exe
  C:\Windows\System\rBFAgWx.exe
  2⤵
  PID:792
- C:\Windows\System\mvsGWch.exe
  C:\Windows\System\mvsGWch.exe
  2⤵
  PID:1892
- C:\Windows\System\NAfemcH.exe
  C:\Windows\System\NAfemcH.exe
  2⤵
  PID:1212
- C:\Windows\System\bsbeXsf.exe
  C:\Windows\System\bsbeXsf.exe
  2⤵
  PID:2056
- C:\Windows\System\lkgEQYK.exe
  C:\Windows\System\lkgEQYK.exe
  2⤵
  PID:3020
- C:\Windows\System\kOSgnLi.exe
  C:\Windows\System\kOSgnLi.exe
  2⤵
  PID:2340
- C:\Windows\System\QkFgBGi.exe
  C:\Windows\System\QkFgBGi.exe
  2⤵
  PID:640
- C:\Windows\System\dGxxPdl.exe
  C:\Windows\System\dGxxPdl.exe
  2⤵
  PID:1200
- C:\Windows\System\rFhdYFX.exe
  C:\Windows\System\rFhdYFX.exe
  2⤵
  PID:2020
- C:\Windows\System\IwwOtGY.exe
  C:\Windows\System\IwwOtGY.exe
  2⤵
  PID:2464
- C:\Windows\System\jpXBLqX.exe
  C:\Windows\System\jpXBLqX.exe
  2⤵
  PID:2680
- C:\Windows\System\MqlPjYr.exe
  C:\Windows\System\MqlPjYr.exe
  2⤵
  PID:2404
- C:\Windows\System\bUrlnYH.exe
  C:\Windows\System\bUrlnYH.exe
  2⤵
  PID:2836
- C:\Windows\System\ZeAdEoK.exe
  C:\Windows\System\ZeAdEoK.exe
  2⤵
  PID:2872
- C:\Windows\System\beOjscA.exe
  C:\Windows\System\beOjscA.exe
  2⤵
  PID:3092
- C:\Windows\System\weXKUAF.exe
  C:\Windows\System\weXKUAF.exe
  2⤵
  PID:3112
- C:\Windows\System\YBmHznt.exe
  C:\Windows\System\YBmHznt.exe
  2⤵
  PID:3132
- C:\Windows\System\cNSJlaX.exe
  C:\Windows\System\cNSJlaX.exe
  2⤵
  PID:3152
- C:\Windows\System\fgWQzKs.exe
  C:\Windows\System\fgWQzKs.exe
  2⤵
  PID:3172
- C:\Windows\System\iZSJybo.exe
  C:\Windows\System\iZSJybo.exe
  2⤵
  PID:3192
- C:\Windows\System\ceqGSBx.exe
  C:\Windows\System\ceqGSBx.exe
  2⤵
  PID:3212
- C:\Windows\System\qKeYyZR.exe
  C:\Windows\System\qKeYyZR.exe
  2⤵
  PID:3232
- C:\Windows\System\XMtTDHD.exe
  C:\Windows\System\XMtTDHD.exe
  2⤵
  PID:3252
- C:\Windows\System\mdwwREA.exe
  C:\Windows\System\mdwwREA.exe
  2⤵
  PID:3272
- C:\Windows\System\UMFBPUQ.exe
  C:\Windows\System\UMFBPUQ.exe
  2⤵
  PID:3292
- C:\Windows\System\IhwZNMW.exe
  C:\Windows\System\IhwZNMW.exe
  2⤵
  PID:3312
- C:\Windows\System\hUJPCwP.exe
  C:\Windows\System\hUJPCwP.exe
  2⤵
  PID:3332
- C:\Windows\System\WeqgkgT.exe
  C:\Windows\System\WeqgkgT.exe
  2⤵
  PID:3352
- C:\Windows\System\qUPdklV.exe
  C:\Windows\System\qUPdklV.exe
  2⤵
  PID:3372
- C:\Windows\System\tZqZIXl.exe
  C:\Windows\System\tZqZIXl.exe
  2⤵
  PID:3392
- C:\Windows\System\uFrCIOk.exe
  C:\Windows\System\uFrCIOk.exe
  2⤵
  PID:3412
- C:\Windows\System\nqNVulf.exe
  C:\Windows\System\nqNVulf.exe
  2⤵
  PID:3432
- C:\Windows\System\UjPAjpt.exe
  C:\Windows\System\UjPAjpt.exe
  2⤵
  PID:3452
- C:\Windows\System\tdKPtzE.exe
  C:\Windows\System\tdKPtzE.exe
  2⤵
  PID:3472
- C:\Windows\System\lHOiOaM.exe
  C:\Windows\System\lHOiOaM.exe
  2⤵
  PID:3492
- C:\Windows\System\xnvpjEz.exe
  C:\Windows\System\xnvpjEz.exe
  2⤵
  PID:3512
- C:\Windows\System\ZmqgXjP.exe
  C:\Windows\System\ZmqgXjP.exe
  2⤵
  PID:3532
- C:\Windows\System\qXViqWu.exe
  C:\Windows\System\qXViqWu.exe
  2⤵
  PID:3552
- C:\Windows\System\AvZiZQb.exe
  C:\Windows\System\AvZiZQb.exe
  2⤵
  PID:3572
- C:\Windows\System\hkoCPyh.exe
  C:\Windows\System\hkoCPyh.exe
  2⤵
  PID:3592
- C:\Windows\System\UfpYgXP.exe
  C:\Windows\System\UfpYgXP.exe
  2⤵
  PID:3612
- C:\Windows\System\dTclbUP.exe
  C:\Windows\System\dTclbUP.exe
  2⤵
  PID:3632
- C:\Windows\System\DigGViv.exe
  C:\Windows\System\DigGViv.exe
  2⤵
  PID:3652
- C:\Windows\System\oDvciFz.exe
  C:\Windows\System\oDvciFz.exe
  2⤵
  PID:3672
- C:\Windows\System\wWQNSum.exe
  C:\Windows\System\wWQNSum.exe
  2⤵
  PID:3692
- C:\Windows\System\eAhtBhG.exe
  C:\Windows\System\eAhtBhG.exe
  2⤵
  PID:3712
- C:\Windows\System\TAdYBAP.exe
  C:\Windows\System\TAdYBAP.exe
  2⤵
  PID:3732
- C:\Windows\System\hrLucFV.exe
  C:\Windows\System\hrLucFV.exe
  2⤵
  PID:3752
- C:\Windows\System\dHKSLvj.exe
  C:\Windows\System\dHKSLvj.exe
  2⤵
  PID:3772
- C:\Windows\System\LvhQpiX.exe
  C:\Windows\System\LvhQpiX.exe
  2⤵
  PID:3792
- C:\Windows\System\tvXdvtc.exe
  C:\Windows\System\tvXdvtc.exe
  2⤵
  PID:3812
- C:\Windows\System\CMKyxwT.exe
  C:\Windows\System\CMKyxwT.exe
  2⤵
  PID:3832
- C:\Windows\System\jXBIjvm.exe
  C:\Windows\System\jXBIjvm.exe
  2⤵
  PID:3852
- C:\Windows\System\YfSuVdR.exe
  C:\Windows\System\YfSuVdR.exe
  2⤵
  PID:3872
- C:\Windows\System\gUUsFgy.exe
  C:\Windows\System\gUUsFgy.exe
  2⤵
  PID:3892
- C:\Windows\System\TLRVYaM.exe
  C:\Windows\System\TLRVYaM.exe
  2⤵
  PID:3912
- C:\Windows\System\nLpbWvk.exe
  C:\Windows\System\nLpbWvk.exe
  2⤵
  PID:3932
- C:\Windows\System\etXdxDT.exe
  C:\Windows\System\etXdxDT.exe
  2⤵
  PID:3952
- C:\Windows\System\spCkNAm.exe
  C:\Windows\System\spCkNAm.exe
  2⤵
  PID:3972
- C:\Windows\System\cBAimre.exe
  C:\Windows\System\cBAimre.exe
  2⤵
  PID:3992
- C:\Windows\System\sTFyCEE.exe
  C:\Windows\System\sTFyCEE.exe
  2⤵
  PID:4012
- C:\Windows\System\qEyuplw.exe
  C:\Windows\System\qEyuplw.exe
  2⤵
  PID:4032
- C:\Windows\System\bXlJeqs.exe
  C:\Windows\System\bXlJeqs.exe
  2⤵
  PID:4052
- C:\Windows\System\ANJafYy.exe
  C:\Windows\System\ANJafYy.exe
  2⤵
  PID:4072
- C:\Windows\System\iyyWqrh.exe
  C:\Windows\System\iyyWqrh.exe
  2⤵
  PID:4092
- C:\Windows\System\XTCblGE.exe
  C:\Windows\System\XTCblGE.exe
  2⤵
  PID:2664
- C:\Windows\System\JOxSRkx.exe
  C:\Windows\System\JOxSRkx.exe
  2⤵
  PID:2804
- C:\Windows\System\fbzhqyR.exe
  C:\Windows\System\fbzhqyR.exe
  2⤵
  PID:2772
- C:\Windows\System\ujfNvZB.exe
  C:\Windows\System\ujfNvZB.exe
  2⤵
  PID:2480
- C:\Windows\System\PGFeaBY.exe
  C:\Windows\System\PGFeaBY.exe
  2⤵
  PID:2948
- C:\Windows\System\scRtsRX.exe
  C:\Windows\System\scRtsRX.exe
  2⤵
  PID:3052
- C:\Windows\System\YZjpQfb.exe
  C:\Windows\System\YZjpQfb.exe
  2⤵
  PID:2972
- C:\Windows\System\esLtoBw.exe
  C:\Windows\System\esLtoBw.exe
  2⤵
  PID:1776
- C:\Windows\System\AmyVlXy.exe
  C:\Windows\System\AmyVlXy.exe
  2⤵
  PID:772
- C:\Windows\System\pyRixCd.exe
  C:\Windows\System\pyRixCd.exe
  2⤵
  PID:832
- C:\Windows\System\VyKqEgm.exe
  C:\Windows\System\VyKqEgm.exe
  2⤵
  PID:1288
- C:\Windows\System\gyUoncP.exe
  C:\Windows\System\gyUoncP.exe
  2⤵
  PID:2316
- C:\Windows\System\KgkueoU.exe
  C:\Windows\System\KgkueoU.exe
  2⤵
  PID:332
- C:\Windows\System\zYdrnWo.exe
  C:\Windows\System\zYdrnWo.exe
  2⤵
  PID:2540
- C:\Windows\System\rFDcCHw.exe
  C:\Windows\System\rFDcCHw.exe
  2⤵
  PID:1664
- C:\Windows\System\QOpYowy.exe
  C:\Windows\System\QOpYowy.exe
  2⤵
  PID:1516
- C:\Windows\System\XgVJkkX.exe
  C:\Windows\System\XgVJkkX.exe
  2⤵
  PID:804
- C:\Windows\System\FFHjfuI.exe
  C:\Windows\System\FFHjfuI.exe
  2⤵
  PID:3080
- C:\Windows\System\DSvKUgK.exe
  C:\Windows\System\DSvKUgK.exe
  2⤵
  PID:3100
- C:\Windows\System\bHQuyVd.exe
  C:\Windows\System\bHQuyVd.exe
  2⤵
  PID:3148
- C:\Windows\System\UZnzBql.exe
  C:\Windows\System\UZnzBql.exe
  2⤵
  PID:3188
- C:\Windows\System\bNZRQZK.exe
  C:\Windows\System\bNZRQZK.exe
  2⤵
  PID:3220
- C:\Windows\System\RzTnJeo.exe
  C:\Windows\System\RzTnJeo.exe
  2⤵
  PID:3244
- C:\Windows\System\ykVNoNe.exe
  C:\Windows\System\ykVNoNe.exe
  2⤵
  PID:3288
- C:\Windows\System\cmqqDAT.exe
  C:\Windows\System\cmqqDAT.exe
  2⤵
  PID:3308
- C:\Windows\System\QTtJAdB.exe
  C:\Windows\System\QTtJAdB.exe
  2⤵
  PID:3348
- C:\Windows\System\htBntbG.exe
  C:\Windows\System\htBntbG.exe
  2⤵
  PID:3388
- C:\Windows\System\jKYDcRM.exe
  C:\Windows\System\jKYDcRM.exe
  2⤵
  PID:3420
- C:\Windows\System\AbbiFkq.exe
  C:\Windows\System\AbbiFkq.exe
  2⤵
  PID:3444
- C:\Windows\System\ZYFupJY.exe
  C:\Windows\System\ZYFupJY.exe
  2⤵
  PID:3488
- C:\Windows\System\LxvrEVB.exe
  C:\Windows\System\LxvrEVB.exe
  2⤵
  PID:3504
- C:\Windows\System\YcGmXId.exe
  C:\Windows\System\YcGmXId.exe
  2⤵
  PID:3560
- C:\Windows\System\LFlfmey.exe
  C:\Windows\System\LFlfmey.exe
  2⤵
  PID:3588
- C:\Windows\System\NRoxezA.exe
  C:\Windows\System\NRoxezA.exe
  2⤵
  PID:3620
- C:\Windows\System\gFLhSeO.exe
  C:\Windows\System\gFLhSeO.exe
  2⤵
  PID:3644
- C:\Windows\System\uRaTHEA.exe
  C:\Windows\System\uRaTHEA.exe
  2⤵
  PID:3688
- C:\Windows\System\DBzIEPI.exe
  C:\Windows\System\DBzIEPI.exe
  2⤵
  PID:3724
- C:\Windows\System\RcuGuxC.exe
  C:\Windows\System\RcuGuxC.exe
  2⤵
  PID:3760
- C:\Windows\System\mItWHfa.exe
  C:\Windows\System\mItWHfa.exe
  2⤵
  PID:3788
- C:\Windows\System\OZTtDKV.exe
  C:\Windows\System\OZTtDKV.exe
  2⤵
  PID:3820
- C:\Windows\System\Itplupt.exe
  C:\Windows\System\Itplupt.exe
  2⤵
  PID:3844
- C:\Windows\System\GgNbmgw.exe
  C:\Windows\System\GgNbmgw.exe
  2⤵
  PID:3888
- C:\Windows\System\WHaLdCA.exe
  C:\Windows\System\WHaLdCA.exe
  2⤵
  PID:3908
- C:\Windows\System\zqIwypO.exe
  C:\Windows\System\zqIwypO.exe
  2⤵
  PID:3944
- C:\Windows\System\MWVYoFi.exe
  C:\Windows\System\MWVYoFi.exe
  2⤵
  PID:3988
- C:\Windows\System\COASYWH.exe
  C:\Windows\System\COASYWH.exe
  2⤵
  PID:4020
- C:\Windows\System\sqUOHBp.exe
  C:\Windows\System\sqUOHBp.exe
  2⤵
  PID:4044
- C:\Windows\System\mIbqmiG.exe
  C:\Windows\System\mIbqmiG.exe
  2⤵
  PID:4088
- C:\Windows\System\rrOvORp.exe
  C:\Windows\System\rrOvORp.exe
  2⤵
  PID:2632
- C:\Windows\System\UIdexuh.exe
  C:\Windows\System\UIdexuh.exe
  2⤵
  PID:1112
- C:\Windows\System\dQWofpd.exe
  C:\Windows\System\dQWofpd.exe
  2⤵
  PID:2136
- C:\Windows\System\zwDasHM.exe
  C:\Windows\System\zwDasHM.exe
  2⤵
  PID:1312
- C:\Windows\System\Yfqlwws.exe
  C:\Windows\System\Yfqlwws.exe
  2⤵
  PID:904
- C:\Windows\System\ByxVUHg.exe
  C:\Windows\System\ByxVUHg.exe
  2⤵
  PID:632
- C:\Windows\System\TXKAnAA.exe
  C:\Windows\System\TXKAnAA.exe
  2⤵
  PID:752
- C:\Windows\System\wSpIDor.exe
  C:\Windows\System\wSpIDor.exe
  2⤵
  PID:556
- C:\Windows\System\WUlbHLE.exe
  C:\Windows\System\WUlbHLE.exe
  2⤵
  PID:1236
- C:\Windows\System\ydYePkY.exe
  C:\Windows\System\ydYePkY.exe
  2⤵
  PID:2736
- C:\Windows\System\URAjVYX.exe
  C:\Windows\System\URAjVYX.exe
  2⤵
  PID:2644
- C:\Windows\System\jqRspPr.exe
  C:\Windows\System\jqRspPr.exe
  2⤵
  PID:3128
- C:\Windows\System\ZyDBwff.exe
  C:\Windows\System\ZyDBwff.exe
  2⤵
  PID:3164
- C:\Windows\System\YZfqLxR.exe
  C:\Windows\System\YZfqLxR.exe
  2⤵
  PID:3240
- C:\Windows\System\govmOpF.exe
  C:\Windows\System\govmOpF.exe
  2⤵
  PID:3360
- C:\Windows\System\jFrvHYL.exe
  C:\Windows\System\jFrvHYL.exe
  2⤵
  PID:3408
- C:\Windows\System\eILCILY.exe
  C:\Windows\System\eILCILY.exe
  2⤵
  PID:3468
- C:\Windows\System\FTIfeeL.exe
  C:\Windows\System\FTIfeeL.exe
  2⤵
  PID:3464
- C:\Windows\System\hYOfNIx.exe
  C:\Windows\System\hYOfNIx.exe
  2⤵
  PID:3548
- C:\Windows\System\vdXHseL.exe
  C:\Windows\System\vdXHseL.exe
  2⤵
  PID:3604
- C:\Windows\System\zHNhvsi.exe
  C:\Windows\System\zHNhvsi.exe
  2⤵
  PID:3640
- C:\Windows\System\XNUdUwN.exe
  C:\Windows\System\XNUdUwN.exe
  2⤵
  PID:3648
- C:\Windows\System\jOOhsXr.exe
  C:\Windows\System\jOOhsXr.exe
  2⤵
  PID:3720
- C:\Windows\System\IxUEDIy.exe
  C:\Windows\System\IxUEDIy.exe
  2⤵
  PID:3764
- C:\Windows\System\qOCXYHM.exe
  C:\Windows\System\qOCXYHM.exe
  2⤵
  PID:3848
- C:\Windows\System\fCELZDN.exe
  C:\Windows\System\fCELZDN.exe
  2⤵
  PID:3940
- C:\Windows\System\kvyFSvy.exe
  C:\Windows\System\kvyFSvy.exe
  2⤵
  PID:3968
- C:\Windows\System\NcPSuZP.exe
  C:\Windows\System\NcPSuZP.exe
  2⤵
  PID:4080
- C:\Windows\System\sFcLfNV.exe
  C:\Windows\System\sFcLfNV.exe
  2⤵
  PID:4028
- C:\Windows\System\UlnBbop.exe
  C:\Windows\System\UlnBbop.exe
  2⤵
  PID:2908
- C:\Windows\System\VLkTHIG.exe
  C:\Windows\System\VLkTHIG.exe
  2⤵
  PID:2648
- C:\Windows\System\fbrTyQQ.exe
  C:\Windows\System\fbrTyQQ.exe
  2⤵
  PID:844
- C:\Windows\System\cwsmXSD.exe
  C:\Windows\System\cwsmXSD.exe
  2⤵
  PID:1472
- C:\Windows\System\FVBKOrP.exe
  C:\Windows\System\FVBKOrP.exe
  2⤵
  PID:1076
- C:\Windows\System\txipapY.exe
  C:\Windows\System\txipapY.exe
  2⤵
  PID:3124
- C:\Windows\System\LZruhWN.exe
  C:\Windows\System\LZruhWN.exe
  2⤵
  PID:3224
- C:\Windows\System\xvZnuon.exe
  C:\Windows\System\xvZnuon.exe
  2⤵
  PID:2524
- C:\Windows\System\hAYJKuf.exe
  C:\Windows\System\hAYJKuf.exe
  2⤵
  PID:3440
- C:\Windows\System\HwOWbng.exe
  C:\Windows\System\HwOWbng.exe
  2⤵
  PID:3540
- C:\Windows\System\KZVzIhp.exe
  C:\Windows\System\KZVzIhp.exe
  2⤵
  PID:3264
- C:\Windows\System\bcbiNck.exe
  C:\Windows\System\bcbiNck.exe
  2⤵
  PID:3664
- C:\Windows\System\EBGnRZP.exe
  C:\Windows\System\EBGnRZP.exe
  2⤵
  PID:3524
- C:\Windows\System\ZaXoaqS.exe
  C:\Windows\System\ZaXoaqS.exe
  2⤵
  PID:3564
- C:\Windows\System\IIntFTu.exe
  C:\Windows\System\IIntFTu.exe
  2⤵
  PID:3984
- C:\Windows\System\yGYTlWj.exe
  C:\Windows\System\yGYTlWj.exe
  2⤵
  PID:2168
- C:\Windows\System\NNOMKoP.exe
  C:\Windows\System\NNOMKoP.exe
  2⤵
  PID:4120
- C:\Windows\System\SNxeUQz.exe
  C:\Windows\System\SNxeUQz.exe
  2⤵
  PID:4136
- C:\Windows\System\yrMNfWp.exe
  C:\Windows\System\yrMNfWp.exe
  2⤵
  PID:4160
- C:\Windows\System\nTIRviM.exe
  C:\Windows\System\nTIRviM.exe
  2⤵
  PID:4188
- C:\Windows\System\dGoUcOw.exe
  C:\Windows\System\dGoUcOw.exe
  2⤵
  PID:4212
- C:\Windows\System\hQZNhUO.exe
  C:\Windows\System\hQZNhUO.exe
  2⤵
  PID:4232
- C:\Windows\System\vjykGvT.exe
  C:\Windows\System\vjykGvT.exe
  2⤵
  PID:4248
- C:\Windows\System\xLdboVR.exe
  C:\Windows\System\xLdboVR.exe
  2⤵
  PID:4272
- C:\Windows\System\NmzOYan.exe
  C:\Windows\System\NmzOYan.exe
  2⤵
  PID:4292
- C:\Windows\System\zDTGqii.exe
  C:\Windows\System\zDTGqii.exe
  2⤵
  PID:4316
- C:\Windows\System\zZPdzNv.exe
  C:\Windows\System\zZPdzNv.exe
  2⤵
  PID:4332
- C:\Windows\System\tgBoamc.exe
  C:\Windows\System\tgBoamc.exe
  2⤵
  PID:4352
- C:\Windows\System\mzyVCkY.exe
  C:\Windows\System\mzyVCkY.exe
  2⤵
  PID:4372
- C:\Windows\System\OasZViX.exe
  C:\Windows\System\OasZViX.exe
  2⤵
  PID:4396
- C:\Windows\System\iBVTolt.exe
  C:\Windows\System\iBVTolt.exe
  2⤵
  PID:4412
- C:\Windows\System\GHSQerl.exe
  C:\Windows\System\GHSQerl.exe
  2⤵
  PID:4436
- C:\Windows\System\ztGuQMt.exe
  C:\Windows\System\ztGuQMt.exe
  2⤵
  PID:4464
- C:\Windows\System\zAxbNLJ.exe
  C:\Windows\System\zAxbNLJ.exe
  2⤵
  PID:4484
- C:\Windows\System\aLaQaIv.exe
  C:\Windows\System\aLaQaIv.exe
  2⤵
  PID:4500
- C:\Windows\System\JsXMXFQ.exe
  C:\Windows\System\JsXMXFQ.exe
  2⤵
  PID:4524
- C:\Windows\System\zcDTwwy.exe
  C:\Windows\System\zcDTwwy.exe
  2⤵
  PID:4540
- C:\Windows\System\DZhxdxE.exe
  C:\Windows\System\DZhxdxE.exe
  2⤵
  PID:4564
- C:\Windows\System\gNHtMtl.exe
  C:\Windows\System\gNHtMtl.exe
  2⤵
  PID:4584
- C:\Windows\System\HPGZAlO.exe
  C:\Windows\System\HPGZAlO.exe
  2⤵
  PID:4604
- C:\Windows\System\ImWhMBz.exe
  C:\Windows\System\ImWhMBz.exe
  2⤵
  PID:4620
- C:\Windows\System\FOocEHD.exe
  C:\Windows\System\FOocEHD.exe
  2⤵
  PID:4644
- C:\Windows\System\viczTMC.exe
  C:\Windows\System\viczTMC.exe
  2⤵
  PID:4664
- C:\Windows\System\UilkVSj.exe
  C:\Windows\System\UilkVSj.exe
  2⤵
  PID:4684
- C:\Windows\System\EZsNjyd.exe
  C:\Windows\System\EZsNjyd.exe
  2⤵
  PID:4700
- C:\Windows\System\JfoMwBm.exe
  C:\Windows\System\JfoMwBm.exe
  2⤵
  PID:4724
- C:\Windows\System\yiSaxcp.exe
  C:\Windows\System\yiSaxcp.exe
  2⤵
  PID:4744
- C:\Windows\System\kdmNBaC.exe
  C:\Windows\System\kdmNBaC.exe
  2⤵
  PID:4764
- C:\Windows\System\jBwpkYs.exe
  C:\Windows\System\jBwpkYs.exe
  2⤵
  PID:4784
- C:\Windows\System\zHeHngw.exe
  C:\Windows\System\zHeHngw.exe
  2⤵
  PID:4804
- C:\Windows\System\ylSyxUq.exe
  C:\Windows\System\ylSyxUq.exe
  2⤵
  PID:4820
- C:\Windows\System\LWUEHZe.exe
  C:\Windows\System\LWUEHZe.exe
  2⤵
  PID:4836
- C:\Windows\System\ZdYQZWf.exe
  C:\Windows\System\ZdYQZWf.exe
  2⤵
  PID:4860
- C:\Windows\System\BiQjcth.exe
  C:\Windows\System\BiQjcth.exe
  2⤵
  PID:4884
- C:\Windows\System\QkwukWM.exe
  C:\Windows\System\QkwukWM.exe
  2⤵
  PID:4904
- C:\Windows\System\OWOESam.exe
  C:\Windows\System\OWOESam.exe
  2⤵
  PID:4924
- C:\Windows\System\YdyUvrZ.exe
  C:\Windows\System\YdyUvrZ.exe
  2⤵
  PID:4944
- C:\Windows\System\ycvupRz.exe
  C:\Windows\System\ycvupRz.exe
  2⤵
  PID:4964
- C:\Windows\System\gkUdLHw.exe
  C:\Windows\System\gkUdLHw.exe
  2⤵
  PID:4988
- C:\Windows\System\qMBQLsI.exe
  C:\Windows\System\qMBQLsI.exe
  2⤵
  PID:5008
- C:\Windows\System\keolwFl.exe
  C:\Windows\System\keolwFl.exe
  2⤵
  PID:5024
- C:\Windows\System\NWZmPpn.exe
  C:\Windows\System\NWZmPpn.exe
  2⤵
  PID:5048
- C:\Windows\System\vuCerUR.exe
  C:\Windows\System\vuCerUR.exe
  2⤵
  PID:5064
- C:\Windows\System\uuCBFYh.exe
  C:\Windows\System\uuCBFYh.exe
  2⤵
  PID:5088
- C:\Windows\System\kDlvnOz.exe
  C:\Windows\System\kDlvnOz.exe
  2⤵
  PID:5108
- C:\Windows\System\UtfueuC.exe
  C:\Windows\System\UtfueuC.exe
  2⤵
  PID:3828
- C:\Windows\System\fvcdQJX.exe
  C:\Windows\System\fvcdQJX.exe
  2⤵
  PID:4008
- C:\Windows\System\ijSLbLQ.exe
  C:\Windows\System\ijSLbLQ.exe
  2⤵
  PID:4024
- C:\Windows\System\wNUhDeG.exe
  C:\Windows\System\wNUhDeG.exe
  2⤵
  PID:3248
- C:\Windows\System\utNzYtg.exe
  C:\Windows\System\utNzYtg.exe
  2⤵
  PID:3364
- C:\Windows\System\YyDnGlM.exe
  C:\Windows\System\YyDnGlM.exe
  2⤵
  PID:2436
- C:\Windows\System\XMlbCXh.exe
  C:\Windows\System\XMlbCXh.exe
  2⤵
  PID:3500
- C:\Windows\System\qhSJHWh.exe
  C:\Windows\System\qhSJHWh.exe
  2⤵
  PID:3580
- C:\Windows\System\fFzGQJa.exe
  C:\Windows\System\fFzGQJa.exe
  2⤵
  PID:3680
- C:\Windows\System\cgYslhu.exe
  C:\Windows\System\cgYslhu.exe
  2⤵
  PID:3704
- C:\Windows\System\IwrEDzj.exe
  C:\Windows\System\IwrEDzj.exe
  2⤵
  PID:4180
- C:\Windows\System\wqkKACX.exe
  C:\Windows\System\wqkKACX.exe
  2⤵
  PID:4108
- C:\Windows\System\EYvfbsD.exe
  C:\Windows\System\EYvfbsD.exe
  2⤵
  PID:4220
- C:\Windows\System\adSfUOk.exe
  C:\Windows\System\adSfUOk.exe
  2⤵
  PID:4196
- C:\Windows\System\FLPxEzL.exe
  C:\Windows\System\FLPxEzL.exe
  2⤵
  PID:4268
- C:\Windows\System\DzrVubC.exe
  C:\Windows\System\DzrVubC.exe
  2⤵
  PID:4312
- C:\Windows\System\CsJKOIj.exe
  C:\Windows\System\CsJKOIj.exe
  2⤵
  PID:4348
- C:\Windows\System\SkpkWUf.exe
  C:\Windows\System\SkpkWUf.exe
  2⤵
  PID:4324
- C:\Windows\System\SyOuhAc.exe
  C:\Windows\System\SyOuhAc.exe
  2⤵
  PID:4424
- C:\Windows\System\ZnMEZKq.exe
  C:\Windows\System\ZnMEZKq.exe
  2⤵
  PID:4472
- C:\Windows\System\IxfesxX.exe
  C:\Windows\System\IxfesxX.exe
  2⤵
  PID:4444
- C:\Windows\System\MZMRafK.exe
  C:\Windows\System\MZMRafK.exe
  2⤵
  PID:4512
- C:\Windows\System\OZFfihJ.exe
  C:\Windows\System\OZFfihJ.exe
  2⤵
  PID:4552
- C:\Windows\System\PKjvWHZ.exe
  C:\Windows\System\PKjvWHZ.exe
  2⤵
  PID:4532
- C:\Windows\System\YnGsXLR.exe
  C:\Windows\System\YnGsXLR.exe
  2⤵
  PID:4576
- C:\Windows\System\ueDkecO.exe
  C:\Windows\System\ueDkecO.exe
  2⤵
  PID:4672
- C:\Windows\System\ocguhWw.exe
  C:\Windows\System\ocguhWw.exe
  2⤵
  PID:4716
- C:\Windows\System\KAsLnNg.exe
  C:\Windows\System\KAsLnNg.exe
  2⤵
  PID:4660
- C:\Windows\System\AdgpETi.exe
  C:\Windows\System\AdgpETi.exe
  2⤵
  PID:4752
- C:\Windows\System\utmTsPH.exe
  C:\Windows\System\utmTsPH.exe
  2⤵
  PID:4736
- C:\Windows\System\koAYJXq.exe
  C:\Windows\System\koAYJXq.exe
  2⤵
  PID:4780
- C:\Windows\System\JyLIAOX.exe
  C:\Windows\System\JyLIAOX.exe
  2⤵
  PID:4872
- C:\Windows\System\WKwpNGb.exe
  C:\Windows\System\WKwpNGb.exe
  2⤵
  PID:4848
- C:\Windows\System\kTJVeuF.exe
  C:\Windows\System\kTJVeuF.exe
  2⤵
  PID:4920
- C:\Windows\System\RDuYBnA.exe
  C:\Windows\System\RDuYBnA.exe
  2⤵
  PID:4852
- C:\Windows\System\eEbNGkq.exe
  C:\Windows\System\eEbNGkq.exe
  2⤵
  PID:5032
- C:\Windows\System\jhnMrtp.exe
  C:\Windows\System\jhnMrtp.exe
  2⤵
  PID:4940
- C:\Windows\System\UWIYilu.exe
  C:\Windows\System\UWIYilu.exe
  2⤵
  PID:5072
- C:\Windows\System\TXAljXj.exe
  C:\Windows\System\TXAljXj.exe
  2⤵
  PID:5016
- C:\Windows\System\lzlQAQo.exe
  C:\Windows\System\lzlQAQo.exe
  2⤵
  PID:1636
- C:\Windows\System\aRcRLMZ.exe
  C:\Windows\System\aRcRLMZ.exe
  2⤵
  PID:5060
- C:\Windows\System\pkzGsTT.exe
  C:\Windows\System\pkzGsTT.exe
  2⤵
  PID:3340
- C:\Windows\System\ztNEUdq.exe
  C:\Windows\System\ztNEUdq.exe
  2⤵
  PID:3048
- C:\Windows\System\apxsFuJ.exe
  C:\Windows\System\apxsFuJ.exe
  2⤵
  PID:3320
- C:\Windows\System\tqSvApu.exe
  C:\Windows\System\tqSvApu.exe
  2⤵
  PID:3200
- C:\Windows\System\mtEFvKa.exe
  C:\Windows\System\mtEFvKa.exe
  2⤵
  PID:536
- C:\Windows\System\HmxBwDQ.exe
  C:\Windows\System\HmxBwDQ.exe
  2⤵
  PID:4144
- C:\Windows\System\VqvLViA.exe
  C:\Windows\System\VqvLViA.exe
  2⤵
  PID:4260
- C:\Windows\System\TKSRiZb.exe
  C:\Windows\System\TKSRiZb.exe
  2⤵
  PID:4228
- C:\Windows\System\bmZcjoO.exe
  C:\Windows\System\bmZcjoO.exe
  2⤵
  PID:4288
- C:\Windows\System\zzDQvpk.exe
  C:\Windows\System\zzDQvpk.exe
  2⤵
  PID:4392
- C:\Windows\System\OBNiHPb.exe
  C:\Windows\System\OBNiHPb.exe
  2⤵
  PID:4360
- C:\Windows\System\bKNSHmP.exe
  C:\Windows\System\bKNSHmP.exe
  2⤵
  PID:4548
- C:\Windows\System\SZqldHR.exe
  C:\Windows\System\SZqldHR.exe
  2⤵
  PID:4600
- C:\Windows\System\SiMHzlC.exe
  C:\Windows\System\SiMHzlC.exe
  2⤵
  PID:4560
- C:\Windows\System\HNMtvFl.exe
  C:\Windows\System\HNMtvFl.exe
  2⤵
  PID:4712
- C:\Windows\System\thNsJsi.exe
  C:\Windows\System\thNsJsi.exe
  2⤵
  PID:4612
- C:\Windows\System\hQLVatg.exe
  C:\Windows\System\hQLVatg.exe
  2⤵
  PID:4756
- C:\Windows\System\MnknjMd.exe
  C:\Windows\System\MnknjMd.exe
  2⤵
  PID:4832
- C:\Windows\System\mRhDwZE.exe
  C:\Windows\System\mRhDwZE.exe
  2⤵
  PID:4960
- C:\Windows\System\YHAmoDF.exe
  C:\Windows\System\YHAmoDF.exe
  2⤵
  PID:4996
- C:\Windows\System\EnaCSxP.exe
  C:\Windows\System\EnaCSxP.exe
  2⤵
  PID:5004
- C:\Windows\System\gjEAOsp.exe
  C:\Windows\System\gjEAOsp.exe
  2⤵
  PID:5084
- C:\Windows\System\qmByLwe.exe
  C:\Windows\System\qmByLwe.exe
  2⤵
  PID:2764
- C:\Windows\System\vbSaWve.exe
  C:\Windows\System\vbSaWve.exe
  2⤵
  PID:3208
- C:\Windows\System\OoVuCEg.exe
  C:\Windows\System\OoVuCEg.exe
  2⤵
  PID:1716
- C:\Windows\System\zaXOSjD.exe
  C:\Windows\System\zaXOSjD.exe
  2⤵
  PID:3324
- C:\Windows\System\fJdtafv.exe
  C:\Windows\System\fJdtafv.exe
  2⤵
  PID:3728
- C:\Windows\System\ZwLQGRt.exe
  C:\Windows\System\ZwLQGRt.exe
  2⤵
  PID:5136
- C:\Windows\System\MrAQBJK.exe
  C:\Windows\System\MrAQBJK.exe
  2⤵
  PID:5160
- C:\Windows\System\YeNUABJ.exe
  C:\Windows\System\YeNUABJ.exe
  2⤵
  PID:5180
- C:\Windows\System\IfnvRKI.exe
  C:\Windows\System\IfnvRKI.exe
  2⤵
  PID:5196
- C:\Windows\System\qmFfiBQ.exe
  C:\Windows\System\qmFfiBQ.exe
  2⤵
  PID:5220
- C:\Windows\System\VFuspwf.exe
  C:\Windows\System\VFuspwf.exe
  2⤵
  PID:5236
- C:\Windows\System\XKTkCef.exe
  C:\Windows\System\XKTkCef.exe
  2⤵
  PID:5252
- C:\Windows\System\QgDiFYP.exe
  C:\Windows\System\QgDiFYP.exe
  2⤵
  PID:5276
- C:\Windows\System\xcwCtSB.exe
  C:\Windows\System\xcwCtSB.exe
  2⤵
  PID:5296
- C:\Windows\System\PejHijd.exe
  C:\Windows\System\PejHijd.exe
  2⤵
  PID:5316
- C:\Windows\System\YNnIoor.exe
  C:\Windows\System\YNnIoor.exe
  2⤵
  PID:5340
- C:\Windows\System\EAWxjuW.exe
  C:\Windows\System\EAWxjuW.exe
  2⤵
  PID:5356
- C:\Windows\System\ueimyVD.exe
  C:\Windows\System\ueimyVD.exe
  2⤵
  PID:5380
- C:\Windows\System\lzRVeOR.exe
  C:\Windows\System\lzRVeOR.exe
  2⤵
  PID:5400
- C:\Windows\System\GILqmPl.exe
  C:\Windows\System\GILqmPl.exe
  2⤵
  PID:5420
- C:\Windows\System\SsSkDhD.exe
  C:\Windows\System\SsSkDhD.exe
  2⤵
  PID:5440
- C:\Windows\System\SIjvXKB.exe
  C:\Windows\System\SIjvXKB.exe
  2⤵
  PID:5460
- C:\Windows\System\hjWHVRc.exe
  C:\Windows\System\hjWHVRc.exe
  2⤵
  PID:5480
- C:\Windows\System\YOaruTF.exe
  C:\Windows\System\YOaruTF.exe
  2⤵
  PID:5500
- C:\Windows\System\rTqAPPJ.exe
  C:\Windows\System\rTqAPPJ.exe
  2⤵
  PID:5520
- C:\Windows\System\JhOuVVI.exe
  C:\Windows\System\JhOuVVI.exe
  2⤵
  PID:5540
- C:\Windows\System\rFaleWf.exe
  C:\Windows\System\rFaleWf.exe
  2⤵
  PID:5560
- C:\Windows\System\GKamFlh.exe
  C:\Windows\System\GKamFlh.exe
  2⤵
  PID:5580
- C:\Windows\System\CVslGhW.exe
  C:\Windows\System\CVslGhW.exe
  2⤵
  PID:5600
- C:\Windows\System\RXgkUrf.exe
  C:\Windows\System\RXgkUrf.exe
  2⤵
  PID:5620
- C:\Windows\System\FLZnqyt.exe
  C:\Windows\System\FLZnqyt.exe
  2⤵
  PID:5640
- C:\Windows\System\iwbZLcs.exe
  C:\Windows\System\iwbZLcs.exe
  2⤵
  PID:5660
- C:\Windows\System\SkbZAjH.exe
  C:\Windows\System\SkbZAjH.exe
  2⤵
  PID:5680
- C:\Windows\System\tLArzLw.exe
  C:\Windows\System\tLArzLw.exe
  2⤵
  PID:5700
- C:\Windows\System\HxLxKzY.exe
  C:\Windows\System\HxLxKzY.exe
  2⤵
  PID:5720
- C:\Windows\System\jYhOWON.exe
  C:\Windows\System\jYhOWON.exe
  2⤵
  PID:5740
- C:\Windows\System\uLsryll.exe
  C:\Windows\System\uLsryll.exe
  2⤵
  PID:5756
- C:\Windows\System\kexqFtO.exe
  C:\Windows\System\kexqFtO.exe
  2⤵
  PID:5780
- C:\Windows\System\UDRgKeN.exe
  C:\Windows\System\UDRgKeN.exe
  2⤵
  PID:5800
- C:\Windows\System\TirbgrX.exe
  C:\Windows\System\TirbgrX.exe
  2⤵
  PID:5820
- C:\Windows\System\laklnWd.exe
  C:\Windows\System\laklnWd.exe
  2⤵
  PID:5840
- C:\Windows\System\LYoOMyC.exe
  C:\Windows\System\LYoOMyC.exe
  2⤵
  PID:5860
- C:\Windows\System\wzcnpjJ.exe
  C:\Windows\System\wzcnpjJ.exe
  2⤵
  PID:5880
- C:\Windows\System\NBYRiUn.exe
  C:\Windows\System\NBYRiUn.exe
  2⤵
  PID:5900
- C:\Windows\System\QELkBcR.exe
  C:\Windows\System\QELkBcR.exe
  2⤵
  PID:5920
- C:\Windows\System\jDoAXlz.exe
  C:\Windows\System\jDoAXlz.exe
  2⤵
  PID:5940
- C:\Windows\System\REbloiz.exe
  C:\Windows\System\REbloiz.exe
  2⤵
  PID:5960
- C:\Windows\System\CAlCKOF.exe
  C:\Windows\System\CAlCKOF.exe
  2⤵
  PID:5980
- C:\Windows\System\MVOcWpl.exe
  C:\Windows\System\MVOcWpl.exe
  2⤵
  PID:6000
- C:\Windows\System\vgvorQg.exe
  C:\Windows\System\vgvorQg.exe
  2⤵
  PID:6020
- C:\Windows\System\DBisdjj.exe
  C:\Windows\System\DBisdjj.exe
  2⤵
  PID:6040
- C:\Windows\System\cZSHeij.exe
  C:\Windows\System\cZSHeij.exe
  2⤵
  PID:6060
- C:\Windows\System\WqfdaKa.exe
  C:\Windows\System\WqfdaKa.exe
  2⤵
  PID:6080
- C:\Windows\System\MrWYKzi.exe
  C:\Windows\System\MrWYKzi.exe
  2⤵
  PID:6100
- C:\Windows\System\nPhhpKk.exe
  C:\Windows\System\nPhhpKk.exe
  2⤵
  PID:6120
- C:\Windows\System\SpTsrxl.exe
  C:\Windows\System\SpTsrxl.exe
  2⤵
  PID:6140
- C:\Windows\System\scERbXD.exe
  C:\Windows\System\scERbXD.exe
  2⤵
  PID:4340
- C:\Windows\System\sJXqPBk.exe
  C:\Windows\System\sJXqPBk.exe
  2⤵
  PID:4428
- C:\Windows\System\FxWsmLB.exe
  C:\Windows\System\FxWsmLB.exe
  2⤵
  PID:4300
- C:\Windows\System\REpkaPK.exe
  C:\Windows\System\REpkaPK.exe
  2⤵
  PID:4404
- C:\Windows\System\lonaPjS.exe
  C:\Windows\System\lonaPjS.exe
  2⤵
  PID:4652
- C:\Windows\System\CVhoKRE.exe
  C:\Windows\System\CVhoKRE.exe
  2⤵
  PID:4636
- C:\Windows\System\KfszvbA.exe
  C:\Windows\System\KfszvbA.exe
  2⤵
  PID:4800
- C:\Windows\System\WzwHtKH.exe
  C:\Windows\System\WzwHtKH.exe
  2⤵
  PID:4868
- C:\Windows\System\qAdZTZa.exe
  C:\Windows\System\qAdZTZa.exe
  2⤵
  PID:4972
- C:\Windows\System\qAnvREF.exe
  C:\Windows\System\qAnvREF.exe
  2⤵
  PID:5000
- C:\Windows\System\TDsdsIx.exe
  C:\Windows\System\TDsdsIx.exe
  2⤵
  PID:1912
- C:\Windows\System\ywowVMT.exe
  C:\Windows\System\ywowVMT.exe
  2⤵
  PID:5128
- C:\Windows\System\KgKObBU.exe
  C:\Windows\System\KgKObBU.exe
  2⤵
  PID:5168
- C:\Windows\System\WHIMRpL.exe
  C:\Windows\System\WHIMRpL.exe
  2⤵
  PID:5204
- C:\Windows\System\APzjCYz.exe
  C:\Windows\System\APzjCYz.exe
  2⤵
  PID:5192
- C:\Windows\System\eTrqIMR.exe
  C:\Windows\System\eTrqIMR.exe
  2⤵
  PID:5284
- C:\Windows\System\xioLnKU.exe
  C:\Windows\System\xioLnKU.exe
  2⤵
  PID:5264
- C:\Windows\System\JXogaiA.exe
  C:\Windows\System\JXogaiA.exe
  2⤵
  PID:5336
- C:\Windows\System\PfjGOHp.exe
  C:\Windows\System\PfjGOHp.exe
  2⤵
  PID:5372
- C:\Windows\System\ktpHRYQ.exe
  C:\Windows\System\ktpHRYQ.exe
  2⤵
  PID:5388
- C:\Windows\System\EZACQwC.exe
  C:\Windows\System\EZACQwC.exe
  2⤵
  PID:5392
- C:\Windows\System\rSrXyYN.exe
  C:\Windows\System\rSrXyYN.exe
  2⤵
  PID:5436
- C:\Windows\System\dSVfJmc.exe
  C:\Windows\System\dSVfJmc.exe
  2⤵
  PID:5476
- C:\Windows\System\HCMPqkR.exe
  C:\Windows\System\HCMPqkR.exe
  2⤵
  PID:5532
- C:\Windows\System\qlEDhMU.exe
  C:\Windows\System\qlEDhMU.exe
  2⤵
  PID:5556
- C:\Windows\System\mcsihoC.exe
  C:\Windows\System\mcsihoC.exe
  2⤵
  PID:5588
- C:\Windows\System\xrEJfrh.exe
  C:\Windows\System\xrEJfrh.exe
  2⤵
  PID:5612
- C:\Windows\System\lujQbBP.exe
  C:\Windows\System\lujQbBP.exe
  2⤵
  PID:5636
- C:\Windows\System\aMVpgQw.exe
  C:\Windows\System\aMVpgQw.exe
  2⤵
  PID:5676
- C:\Windows\System\lwjinaJ.exe
  C:\Windows\System\lwjinaJ.exe
  2⤵
  PID:5736
- C:\Windows\System\PguNVNN.exe
  C:\Windows\System\PguNVNN.exe
  2⤵
  PID:5764
- C:\Windows\System\qfYDtzf.exe
  C:\Windows\System\qfYDtzf.exe
  2⤵
  PID:5808
- C:\Windows\System\pWsjteZ.exe
  C:\Windows\System\pWsjteZ.exe
  2⤵
  PID:5812
- C:\Windows\System\ukkseMJ.exe
  C:\Windows\System\ukkseMJ.exe
  2⤵
  PID:5856
- C:\Windows\System\itIhiUo.exe
  C:\Windows\System\itIhiUo.exe
  2⤵
  PID:5896
- C:\Windows\System\tSTBoVM.exe
  C:\Windows\System\tSTBoVM.exe
  2⤵
  PID:5936
- C:\Windows\System\eOtZIJs.exe
  C:\Windows\System\eOtZIJs.exe
  2⤵
  PID:6008
- C:\Windows\System\vqTdnag.exe
  C:\Windows\System\vqTdnag.exe
  2⤵
  PID:5956
- C:\Windows\System\ZOyZSvd.exe
  C:\Windows\System\ZOyZSvd.exe
  2⤵
  PID:6012
- C:\Windows\System\MELObvU.exe
  C:\Windows\System\MELObvU.exe
  2⤵
  PID:6056
- C:\Windows\System\asuBEMn.exe
  C:\Windows\System\asuBEMn.exe
  2⤵
  PID:6072
- C:\Windows\System\UgumTux.exe
  C:\Windows\System\UgumTux.exe
  2⤵
  PID:6116
- C:\Windows\System\JAMAKpA.exe
  C:\Windows\System\JAMAKpA.exe
  2⤵
  PID:4280
- C:\Windows\System\vyvTYgk.exe
  C:\Windows\System\vyvTYgk.exe
  2⤵
  PID:4172
- C:\Windows\System\RnOCMgs.exe
  C:\Windows\System\RnOCMgs.exe
  2⤵
  PID:4492
- C:\Windows\System\koFvEkF.exe
  C:\Windows\System\koFvEkF.exe
  2⤵
  PID:4448
- C:\Windows\System\czNkQFY.exe
  C:\Windows\System\czNkQFY.exe
  2⤵
  PID:4916
- C:\Windows\System\PtwdXFW.exe
  C:\Windows\System\PtwdXFW.exe
  2⤵
  PID:5040
- C:\Windows\System\jTGdnPw.exe
  C:\Windows\System\jTGdnPw.exe
  2⤵
  PID:5124
- C:\Windows\System\oCqnoXi.exe
  C:\Windows\System\oCqnoXi.exe
  2⤵
  PID:4128
- C:\Windows\System\uQpqWBw.exe
  C:\Windows\System\uQpqWBw.exe
  2⤵
  PID:5148
- C:\Windows\System\ineKhOw.exe
  C:\Windows\System\ineKhOw.exe
  2⤵
  PID:5228
- C:\Windows\System\avyAjfz.exe
  C:\Windows\System\avyAjfz.exe
  2⤵
  PID:5260
- C:\Windows\System\jGwxjQZ.exe
  C:\Windows\System\jGwxjQZ.exe
  2⤵
  PID:5348
- C:\Windows\System\NqkJTHi.exe
  C:\Windows\System\NqkJTHi.exe
  2⤵
  PID:5412
- C:\Windows\System\lpjoNGE.exe
  C:\Windows\System\lpjoNGE.exe
  2⤵
  PID:5468
- C:\Windows\System\GZwQTnX.exe
  C:\Windows\System\GZwQTnX.exe
  2⤵
  PID:5488
- C:\Windows\System\jCirnkY.exe
  C:\Windows\System\jCirnkY.exe
  2⤵
  PID:5512
- C:\Windows\System\QSPbryS.exe
  C:\Windows\System\QSPbryS.exe
  2⤵
  PID:5596
- C:\Windows\System\oUTZiiQ.exe
  C:\Windows\System\oUTZiiQ.exe
  2⤵
  PID:5696
- C:\Windows\System\WufoMro.exe
  C:\Windows\System\WufoMro.exe
  2⤵
  PID:5712
- C:\Windows\System\KGhUurO.exe
  C:\Windows\System\KGhUurO.exe
  2⤵
  PID:5816
- C:\Windows\System\cwpeWOS.exe
  C:\Windows\System\cwpeWOS.exe
  2⤵
  PID:5868
- C:\Windows\System\aAUNwbr.exe
  C:\Windows\System\aAUNwbr.exe
  2⤵
  PID:5968
- C:\Windows\System\jQsvflq.exe
  C:\Windows\System\jQsvflq.exe
  2⤵
  PID:5976
- C:\Windows\System\ARvlzTp.exe
  C:\Windows\System\ARvlzTp.exe
  2⤵
  PID:5992
- C:\Windows\System\PlTpqNs.exe
  C:\Windows\System\PlTpqNs.exe
  2⤵
  PID:6076
- C:\Windows\System\ULuYKed.exe
  C:\Windows\System\ULuYKed.exe
  2⤵
  PID:4420
- C:\Windows\System\TneOTnL.exe
  C:\Windows\System\TneOTnL.exe
  2⤵
  PID:6112
- C:\Windows\System\hxaRUGs.exe
  C:\Windows\System\hxaRUGs.exe
  2⤵
  PID:4368
- C:\Windows\System\kMrUmDM.exe
  C:\Windows\System\kMrUmDM.exe
  2⤵
  PID:5044
- C:\Windows\System\ETFjiyB.exe
  C:\Windows\System\ETFjiyB.exe
  2⤵
  PID:5080
- C:\Windows\System\QrYubmz.exe
  C:\Windows\System\QrYubmz.exe
  2⤵
  PID:5232
- C:\Windows\System\GVdkigs.exe
  C:\Windows\System\GVdkigs.exe
  2⤵
  PID:5332
- C:\Windows\System\mzPGWbY.exe
  C:\Windows\System\mzPGWbY.exe
  2⤵
  PID:5452
- C:\Windows\System\jHfkhnM.exe
  C:\Windows\System\jHfkhnM.exe
  2⤵
  PID:5548
- C:\Windows\System\CnhQaNM.exe
  C:\Windows\System\CnhQaNM.exe
  2⤵
  PID:5528
- C:\Windows\System\hNAuXIe.exe
  C:\Windows\System\hNAuXIe.exe
  2⤵
  PID:5652
- C:\Windows\System\dXCJNzL.exe
  C:\Windows\System\dXCJNzL.exe
  2⤵
  PID:6160
- C:\Windows\System\ILmsyUk.exe
  C:\Windows\System\ILmsyUk.exe
  2⤵
  PID:6180
- C:\Windows\System\HMralGJ.exe
  C:\Windows\System\HMralGJ.exe
  2⤵
  PID:6200
- C:\Windows\System\dDQCVtI.exe
  C:\Windows\System\dDQCVtI.exe
  2⤵
  PID:6220
- C:\Windows\System\MHTbzyt.exe
  C:\Windows\System\MHTbzyt.exe
  2⤵
  PID:6240
- C:\Windows\System\LWLRDWC.exe
  C:\Windows\System\LWLRDWC.exe
  2⤵
  PID:6260
- C:\Windows\System\lBRPlOY.exe
  C:\Windows\System\lBRPlOY.exe
  2⤵
  PID:6280
- C:\Windows\System\sOxKYZB.exe
  C:\Windows\System\sOxKYZB.exe
  2⤵
  PID:6300
- C:\Windows\System\jvIbHeT.exe
  C:\Windows\System\jvIbHeT.exe
  2⤵
  PID:6320
- C:\Windows\System\HrWPfln.exe
  C:\Windows\System\HrWPfln.exe
  2⤵
  PID:6340
- C:\Windows\System\HNKDihW.exe
  C:\Windows\System\HNKDihW.exe
  2⤵
  PID:6360
- C:\Windows\System\nKTABRc.exe
  C:\Windows\System\nKTABRc.exe
  2⤵
  PID:6380
- C:\Windows\System\wQTnrIq.exe
  C:\Windows\System\wQTnrIq.exe
  2⤵
  PID:6400
- C:\Windows\System\JPWhJjC.exe
  C:\Windows\System\JPWhJjC.exe
  2⤵
  PID:6420
- C:\Windows\System\PYFqTWX.exe
  C:\Windows\System\PYFqTWX.exe
  2⤵
  PID:6440
- C:\Windows\System\XCmjmON.exe
  C:\Windows\System\XCmjmON.exe
  2⤵
  PID:6460
- C:\Windows\System\IVjEcSJ.exe
  C:\Windows\System\IVjEcSJ.exe
  2⤵
  PID:6480
- C:\Windows\System\gfrRhrt.exe
  C:\Windows\System\gfrRhrt.exe
  2⤵
  PID:6500
- C:\Windows\System\VPRhLOD.exe
  C:\Windows\System\VPRhLOD.exe
  2⤵
  PID:6520
- C:\Windows\System\YymjBim.exe
  C:\Windows\System\YymjBim.exe
  2⤵
  PID:6540
- C:\Windows\System\PMhHyiz.exe
  C:\Windows\System\PMhHyiz.exe
  2⤵
  PID:6560
- C:\Windows\System\DbLGMAf.exe
  C:\Windows\System\DbLGMAf.exe
  2⤵
  PID:6580
- C:\Windows\System\DvjBoHg.exe
  C:\Windows\System\DvjBoHg.exe
  2⤵
  PID:6600
- C:\Windows\System\ALZuruv.exe
  C:\Windows\System\ALZuruv.exe
  2⤵
  PID:6624
- C:\Windows\System\pgvmAGp.exe
  C:\Windows\System\pgvmAGp.exe
  2⤵
  PID:6644
- C:\Windows\System\ukBVBzn.exe
  C:\Windows\System\ukBVBzn.exe
  2⤵
  PID:6664
- C:\Windows\System\HKdjNBN.exe
  C:\Windows\System\HKdjNBN.exe
  2⤵
  PID:6684
- C:\Windows\System\bRwlpCx.exe
  C:\Windows\System\bRwlpCx.exe
  2⤵
  PID:6704
- C:\Windows\System\eOcxuxN.exe
  C:\Windows\System\eOcxuxN.exe
  2⤵
  PID:6724
- C:\Windows\System\JOofRGX.exe
  C:\Windows\System\JOofRGX.exe
  2⤵
  PID:6756
- C:\Windows\System\ZBWGFll.exe
  C:\Windows\System\ZBWGFll.exe
  2⤵
  PID:6776
- C:\Windows\System\SBhPenM.exe
  C:\Windows\System\SBhPenM.exe
  2⤵
  PID:6796
- C:\Windows\System\dTtdlei.exe
  C:\Windows\System\dTtdlei.exe
  2⤵
  PID:6820
- C:\Windows\System\HbdXYpZ.exe
  C:\Windows\System\HbdXYpZ.exe
  2⤵
  PID:6840
- C:\Windows\System\GpjnnRI.exe
  C:\Windows\System\GpjnnRI.exe
  2⤵
  PID:6860
- C:\Windows\System\yUoKBEa.exe
  C:\Windows\System\yUoKBEa.exe
  2⤵
  PID:6880
- C:\Windows\System\xbxMrgo.exe
  C:\Windows\System\xbxMrgo.exe
  2⤵
  PID:6900
- C:\Windows\System\wvjtkgD.exe
  C:\Windows\System\wvjtkgD.exe
  2⤵
  PID:6920
- C:\Windows\System\AxSlTnA.exe
  C:\Windows\System\AxSlTnA.exe
  2⤵
  PID:6940
- C:\Windows\System\haUYTrQ.exe
  C:\Windows\System\haUYTrQ.exe
  2⤵
  PID:6960
- C:\Windows\System\pElWjeQ.exe
  C:\Windows\System\pElWjeQ.exe
  2⤵
  PID:6980
- C:\Windows\System\QleeHgn.exe
  C:\Windows\System\QleeHgn.exe
  2⤵
  PID:7000
- C:\Windows\System\iDVeRcG.exe
  C:\Windows\System\iDVeRcG.exe
  2⤵
  PID:7020
- C:\Windows\System\koOCwJc.exe
  C:\Windows\System\koOCwJc.exe
  2⤵
  PID:7040
- C:\Windows\System\oVnRJFF.exe
  C:\Windows\System\oVnRJFF.exe
  2⤵
  PID:7060
- C:\Windows\System\hWkddxK.exe
  C:\Windows\System\hWkddxK.exe
  2⤵
  PID:7080
- C:\Windows\System\PJrAQNN.exe
  C:\Windows\System\PJrAQNN.exe
  2⤵
  PID:7100
- C:\Windows\System\nDDvZHv.exe
  C:\Windows\System\nDDvZHv.exe
  2⤵
  PID:7120
- C:\Windows\System\qlnLOcY.exe
  C:\Windows\System\qlnLOcY.exe
  2⤵
  PID:7140
- C:\Windows\System\WWVDEvg.exe
  C:\Windows\System\WWVDEvg.exe
  2⤵
  PID:7160
- C:\Windows\System\kZPsHSu.exe
  C:\Windows\System\kZPsHSu.exe
  2⤵
  PID:5748
- C:\Windows\System\nhgoVjp.exe
  C:\Windows\System\nhgoVjp.exe
  2⤵
  PID:5876
- C:\Windows\System\IOEJWaj.exe
  C:\Windows\System\IOEJWaj.exe
  2⤵
  PID:5952
- C:\Windows\System\kDKjKFR.exe
  C:\Windows\System\kDKjKFR.exe
  2⤵
  PID:6068
- C:\Windows\System\dSLSqYj.exe
  C:\Windows\System\dSLSqYj.exe
  2⤵
  PID:6092
- C:\Windows\System\LfdAlPt.exe
  C:\Windows\System\LfdAlPt.exe
  2⤵
  PID:4408
- C:\Windows\System\NfSaEog.exe
  C:\Windows\System\NfSaEog.exe
  2⤵
  PID:4812
- C:\Windows\System\uLfnRfa.exe
  C:\Windows\System\uLfnRfa.exe
  2⤵
  PID:5188
- C:\Windows\System\pTWSAmK.exe
  C:\Windows\System\pTWSAmK.exe
  2⤵
  PID:5308
- C:\Windows\System\BRESNJt.exe
  C:\Windows\System\BRESNJt.exe
  2⤵
  PID:5352
- C:\Windows\System\DJobUxD.exe
  C:\Windows\System\DJobUxD.exe
  2⤵
  PID:5496
- C:\Windows\System\TXKXMXq.exe
  C:\Windows\System\TXKXMXq.exe
  2⤵
  PID:6176
- C:\Windows\System\tqdOoLH.exe
  C:\Windows\System\tqdOoLH.exe
  2⤵
  PID:6216
- C:\Windows\System\mMMySyj.exe
  C:\Windows\System\mMMySyj.exe
  2⤵
  PID:6248
- C:\Windows\System\NLHZXVb.exe
  C:\Windows\System\NLHZXVb.exe
  2⤵
  PID:6276
- C:\Windows\System\anmjOiq.exe
  C:\Windows\System\anmjOiq.exe
  2⤵
  PID:6328
- C:\Windows\System\ArucnlH.exe
  C:\Windows\System\ArucnlH.exe
  2⤵
  PID:6372
- C:\Windows\System\szuVxpP.exe
  C:\Windows\System\szuVxpP.exe
  2⤵
  PID:6312
- C:\Windows\System\KoeCkkd.exe
  C:\Windows\System\KoeCkkd.exe
  2⤵
  PID:6396
- C:\Windows\System\MhLOKYW.exe
  C:\Windows\System\MhLOKYW.exe
  2⤵
  PID:6432
- C:\Windows\System\VOkoseJ.exe
  C:\Windows\System\VOkoseJ.exe
  2⤵
  PID:6488
- C:\Windows\System\grSxiSD.exe
  C:\Windows\System\grSxiSD.exe
  2⤵
  PID:6516
- C:\Windows\System\MmEFvMl.exe
  C:\Windows\System\MmEFvMl.exe
  2⤵
  PID:6532
- C:\Windows\System\OHiktjb.exe
  C:\Windows\System\OHiktjb.exe
  2⤵
  PID:6620
- C:\Windows\System\mxvbTPC.exe
  C:\Windows\System\mxvbTPC.exe
  2⤵
  PID:6596
- C:\Windows\System\fcjiIUB.exe
  C:\Windows\System\fcjiIUB.exe
  2⤵
  PID:6652
- C:\Windows\System\hosoPdM.exe
  C:\Windows\System\hosoPdM.exe
  2⤵
  PID:6676
- C:\Windows\System\oRolvYq.exe
  C:\Windows\System\oRolvYq.exe
  2⤵
  PID:6720
- C:\Windows\System\fHOVfoC.exe
  C:\Windows\System\fHOVfoC.exe
  2⤵
  PID:1968
- C:\Windows\System\ClwkWaH.exe
  C:\Windows\System\ClwkWaH.exe
  2⤵
  PID:6764
- C:\Windows\System\uqBvRZo.exe
  C:\Windows\System\uqBvRZo.exe
  2⤵
  PID:6836
- C:\Windows\System\yzvzMSS.exe
  C:\Windows\System\yzvzMSS.exe
  2⤵
  PID:6852
- C:\Windows\System\gRNFGlV.exe
  C:\Windows\System\gRNFGlV.exe
  2⤵
  PID:6892
- C:\Windows\System\RfyDfEd.exe
  C:\Windows\System\RfyDfEd.exe
  2⤵
  PID:2692
- C:\Windows\System\SbxMOTn.exe
  C:\Windows\System\SbxMOTn.exe
  2⤵
  PID:6952
- C:\Windows\System\PubnQOM.exe
  C:\Windows\System\PubnQOM.exe
  2⤵
  PID:6976
- C:\Windows\System\fHuZyrc.exe
  C:\Windows\System\fHuZyrc.exe
  2⤵
  PID:7036
- C:\Windows\System\iFSZDkr.exe
  C:\Windows\System\iFSZDkr.exe
  2⤵
  PID:7048
- C:\Windows\System\pWdJVmU.exe
  C:\Windows\System\pWdJVmU.exe
  2⤵
  PID:7052
- C:\Windows\System\hLzXZxR.exe
  C:\Windows\System\hLzXZxR.exe
  2⤵
  PID:7096
- C:\Windows\System\qOCUxdY.exe
  C:\Windows\System\qOCUxdY.exe
  2⤵
  PID:7156
- C:\Windows\System\vZkpJAk.exe
  C:\Windows\System\vZkpJAk.exe
  2⤵
  PID:5776
- C:\Windows\System\MozBfyH.exe
  C:\Windows\System\MozBfyH.exe
  2⤵
  PID:5948
- C:\Windows\System\pzMRXfn.exe
  C:\Windows\System\pzMRXfn.exe
  2⤵
  PID:6048
- C:\Windows\System\gQSuXLl.exe
  C:\Windows\System\gQSuXLl.exe
  2⤵
  PID:4640
- C:\Windows\System\jTYUteN.exe
  C:\Windows\System\jTYUteN.exe
  2⤵
  PID:5576
- C:\Windows\System\yCaPngD.exe
  C:\Windows\System\yCaPngD.exe
  2⤵
  PID:6148
- C:\Windows\System\HprmLyK.exe
  C:\Windows\System\HprmLyK.exe
  2⤵
  PID:6236
- C:\Windows\System\YxzocmJ.exe
  C:\Windows\System\YxzocmJ.exe
  2⤵
  PID:3868
- C:\Windows\System\kiklloY.exe
  C:\Windows\System\kiklloY.exe
  2⤵
  PID:6288
- C:\Windows\System\XDIxsKx.exe
  C:\Windows\System\XDIxsKx.exe
  2⤵
  PID:6296
- C:\Windows\System\QEvvrmj.exe
  C:\Windows\System\QEvvrmj.exe
  2⤵
  PID:6252
- C:\Windows\System\jbjjJap.exe
  C:\Windows\System\jbjjJap.exe
  2⤵
  PID:6492
- C:\Windows\System\RwDtXeQ.exe
  C:\Windows\System\RwDtXeQ.exe
  2⤵
  PID:6616
- C:\Windows\System\RukziDu.exe
  C:\Windows\System\RukziDu.exe
  2⤵
  PID:6348
- C:\Windows\System\wpqZSPm.exe
  C:\Windows\System\wpqZSPm.exe
  2⤵
  PID:6608
- C:\Windows\System\QnKqmBu.exe
  C:\Windows\System\QnKqmBu.exe
  2⤵
  PID:6632
- C:\Windows\System\kJGGcBW.exe
  C:\Windows\System\kJGGcBW.exe
  2⤵
  PID:6712
- C:\Windows\System\qpaBwDC.exe
  C:\Windows\System\qpaBwDC.exe
  2⤵
  PID:6680
- C:\Windows\System\ptcYdIA.exe
  C:\Windows\System\ptcYdIA.exe
  2⤵
  PID:6788
- C:\Windows\System\QJFxCZR.exe
  C:\Windows\System\QJFxCZR.exe
  2⤵
  PID:6856
- C:\Windows\System\ppVllTx.exe
  C:\Windows\System\ppVllTx.exe
  2⤵
  PID:6916
- C:\Windows\System\YJhJYsR.exe
  C:\Windows\System\YJhJYsR.exe
  2⤵
  PID:6968
- C:\Windows\System\OootFwh.exe
  C:\Windows\System\OootFwh.exe
  2⤵
  PID:6936
- C:\Windows\System\cYFErzH.exe
  C:\Windows\System\cYFErzH.exe
  2⤵
  PID:6972
- C:\Windows\System\DlqcxNo.exe
  C:\Windows\System\DlqcxNo.exe
  2⤵
  PID:7116
- C:\Windows\System\ecbnyns.exe
  C:\Windows\System\ecbnyns.exe
  2⤵
  PID:7132
- C:\Windows\System\vhRZeof.exe
  C:\Windows\System\vhRZeof.exe
  2⤵
  PID:5752
- C:\Windows\System\YsEDryP.exe
  C:\Windows\System\YsEDryP.exe
  2⤵
  PID:1412
- C:\Windows\System\OyYDXsA.exe
  C:\Windows\System\OyYDXsA.exe
  2⤵
  PID:6132
- C:\Windows\System\XDjBLXa.exe
  C:\Windows\System\XDjBLXa.exe
  2⤵
  PID:6168
- C:\Windows\System\demRWGq.exe
  C:\Windows\System\demRWGq.exe
  2⤵
  PID:5592
- C:\Windows\System\rNXwwSZ.exe
  C:\Windows\System\rNXwwSZ.exe
  2⤵
  PID:6256
- C:\Windows\System\cRggTkd.exe
  C:\Windows\System\cRggTkd.exe
  2⤵
  PID:6576
- C:\Windows\System\jkZGTPU.exe
  C:\Windows\System\jkZGTPU.exe
  2⤵
  PID:6388
- C:\Windows\System\UifMEaB.exe
  C:\Windows\System\UifMEaB.exe
  2⤵
  PID:2244
- C:\Windows\System\VcqEjmh.exe
  C:\Windows\System\VcqEjmh.exe
  2⤵
  PID:6368
- C:\Windows\System\JNuFMFM.exe
  C:\Windows\System\JNuFMFM.exe
  2⤵
  PID:6740
- C:\Windows\System\KappOkF.exe
  C:\Windows\System\KappOkF.exe
  2⤵
  PID:6872
- C:\Windows\System\ZHfCgKT.exe
  C:\Windows\System\ZHfCgKT.exe
  2⤵
  PID:6692
- C:\Windows\System\vfDQlXH.exe
  C:\Windows\System\vfDQlXH.exe
  2⤵
  PID:7088
- C:\Windows\System\oyQssrx.exe
  C:\Windows\System\oyQssrx.exe
  2⤵
  PID:5144
- C:\Windows\System\PjZNRmn.exe
  C:\Windows\System\PjZNRmn.exe
  2⤵
  PID:6988
- C:\Windows\System\spjVhJG.exe
  C:\Windows\System\spjVhJG.exe
  2⤵
  PID:2492
- C:\Windows\System\aeoaCHp.exe
  C:\Windows\System\aeoaCHp.exe
  2⤵
  PID:7180
- C:\Windows\System\BBLRAPi.exe
  C:\Windows\System\BBLRAPi.exe
  2⤵
  PID:7196
- C:\Windows\System\XuVaxbK.exe
  C:\Windows\System\XuVaxbK.exe
  2⤵
  PID:7220
- C:\Windows\System\JvCNaYf.exe
  C:\Windows\System\JvCNaYf.exe
  2⤵
  PID:7304
- C:\Windows\System\rMGpdPf.exe
  C:\Windows\System\rMGpdPf.exe
  2⤵
  PID:7328
- C:\Windows\System\XhwkhwF.exe
  C:\Windows\System\XhwkhwF.exe
  2⤵
  PID:7344
- C:\Windows\System\DFpAIpj.exe
  C:\Windows\System\DFpAIpj.exe
  2⤵
  PID:7364
- C:\Windows\System\ZhmXodI.exe
  C:\Windows\System\ZhmXodI.exe
  2⤵
  PID:7384
- C:\Windows\System\YeoYyRY.exe
  C:\Windows\System\YeoYyRY.exe
  2⤵
  PID:7400
- C:\Windows\System\wCizypd.exe
  C:\Windows\System\wCizypd.exe
  2⤵
  PID:7428
- C:\Windows\System\MeYjUZi.exe
  C:\Windows\System\MeYjUZi.exe
  2⤵
  PID:7444
- C:\Windows\System\xvIJgOi.exe
  C:\Windows\System\xvIJgOi.exe
  2⤵
  PID:7464
- C:\Windows\System\IxJVQvl.exe
  C:\Windows\System\IxJVQvl.exe
  2⤵
  PID:7484
- C:\Windows\System\TBCbuls.exe
  C:\Windows\System\TBCbuls.exe
  2⤵
  PID:7508
- C:\Windows\System\LpggagA.exe
  C:\Windows\System\LpggagA.exe
  2⤵
  PID:7524
- C:\Windows\System\hzlpIZy.exe
  C:\Windows\System\hzlpIZy.exe
  2⤵
  PID:7548
- C:\Windows\System\IDGSaVv.exe
  C:\Windows\System\IDGSaVv.exe
  2⤵
  PID:7568
- C:\Windows\System\XxHWPTc.exe
  C:\Windows\System\XxHWPTc.exe
  2⤵
  PID:7588
- C:\Windows\System\ZrZIbgG.exe
  C:\Windows\System\ZrZIbgG.exe
  2⤵
  PID:7604
- C:\Windows\System\barjwxT.exe
  C:\Windows\System\barjwxT.exe
  2⤵
  PID:7624
- C:\Windows\System\EvHsCVc.exe
  C:\Windows\System\EvHsCVc.exe
  2⤵
  PID:7644
- C:\Windows\System\KhUGfYe.exe
  C:\Windows\System\KhUGfYe.exe
  2⤵
  PID:7668
- C:\Windows\System\kFKHTuj.exe
  C:\Windows\System\kFKHTuj.exe
  2⤵
  PID:7684
- C:\Windows\System\kbrqhMl.exe
  C:\Windows\System\kbrqhMl.exe
  2⤵
  PID:7704
- C:\Windows\System\suTbrDd.exe
  C:\Windows\System\suTbrDd.exe
  2⤵
  PID:7724
- C:\Windows\System\tSyZYAz.exe
  C:\Windows\System\tSyZYAz.exe
  2⤵
  PID:7740
- C:\Windows\System\TlEdEMv.exe
  C:\Windows\System\TlEdEMv.exe
  2⤵
  PID:7764
- C:\Windows\System\vHjWwkj.exe
  C:\Windows\System\vHjWwkj.exe
  2⤵
  PID:7784
- C:\Windows\System\wiXYsqP.exe
  C:\Windows\System\wiXYsqP.exe
  2⤵
  PID:7800
- C:\Windows\System\NTVYDlu.exe
  C:\Windows\System\NTVYDlu.exe
  2⤵
  PID:7824
- C:\Windows\System\XJOVZgT.exe
  C:\Windows\System\XJOVZgT.exe
  2⤵
  PID:7840
- C:\Windows\System\DkrkKjM.exe
  C:\Windows\System\DkrkKjM.exe
  2⤵
  PID:7856
- C:\Windows\System\NpqtyOJ.exe
  C:\Windows\System\NpqtyOJ.exe
  2⤵
  PID:7884
- C:\Windows\System\LrBtfAd.exe
  C:\Windows\System\LrBtfAd.exe
  2⤵
  PID:7904
- C:\Windows\System\ZXcSnZD.exe
  C:\Windows\System\ZXcSnZD.exe
  2⤵
  PID:7924
- C:\Windows\System\HRvtcID.exe
  C:\Windows\System\HRvtcID.exe
  2⤵
  PID:7944
- C:\Windows\System\UYpCUaM.exe
  C:\Windows\System\UYpCUaM.exe
  2⤵
  PID:7960
- C:\Windows\System\VSQbipg.exe
  C:\Windows\System\VSQbipg.exe
  2⤵
  PID:7984
- C:\Windows\System\qnEEaJw.exe
  C:\Windows\System\qnEEaJw.exe
  2⤵
  PID:8000
- C:\Windows\System\HpDyBrA.exe
  C:\Windows\System\HpDyBrA.exe
  2⤵
  PID:8016
- C:\Windows\System\BUHuyah.exe
  C:\Windows\System\BUHuyah.exe
  2⤵
  PID:8044
- C:\Windows\System\qxiRVic.exe
  C:\Windows\System\qxiRVic.exe
  2⤵
  PID:8060
- C:\Windows\System\iJVHMtJ.exe
  C:\Windows\System\iJVHMtJ.exe
  2⤵
  PID:8080
- C:\Windows\System\WlUUNvs.exe
  C:\Windows\System\WlUUNvs.exe
  2⤵
  PID:8096
- C:\Windows\System\FFunUbi.exe
  C:\Windows\System\FFunUbi.exe
  2⤵
  PID:8124
- C:\Windows\System\vAutoYO.exe
  C:\Windows\System\vAutoYO.exe
  2⤵
  PID:8144
- C:\Windows\System\yFqAuUt.exe
  C:\Windows\System\yFqAuUt.exe
  2⤵
  PID:8160
- C:\Windows\System\MUPRuWp.exe
  C:\Windows\System\MUPRuWp.exe
  2⤵
  PID:8184
- C:\Windows\System\eFjsWzd.exe
  C:\Windows\System\eFjsWzd.exe
  2⤵
  PID:6308
- C:\Windows\System\grKThUc.exe
  C:\Windows\System\grKThUc.exe
  2⤵
  PID:6588
- C:\Windows\System\luxktIY.exe
  C:\Windows\System\luxktIY.exe
  2⤵
  PID:1396
- C:\Windows\System\rkWCOqZ.exe
  C:\Windows\System\rkWCOqZ.exe
  2⤵
  PID:5272
- C:\Windows\System\oVnVRWm.exe
  C:\Windows\System\oVnVRWm.exe
  2⤵
  PID:2688
- C:\Windows\System\oFZTigd.exe
  C:\Windows\System\oFZTigd.exe
  2⤵
  PID:6536
- C:\Windows\System\QmFsdZO.exe
  C:\Windows\System\QmFsdZO.exe
  2⤵
  PID:6468
- C:\Windows\System\MushAZZ.exe
  C:\Windows\System\MushAZZ.exe
  2⤵
  PID:484
- C:\Windows\System\FOgIdrq.exe
  C:\Windows\System\FOgIdrq.exe
  2⤵
  PID:7192
- C:\Windows\System\mvknTTr.exe
  C:\Windows\System\mvknTTr.exe
  2⤵
  PID:4200
- C:\Windows\System\rxIVIQb.exe
  C:\Windows\System\rxIVIQb.exe
  2⤵
  PID:7172
- C:\Windows\System\fjJqYsL.exe
  C:\Windows\System\fjJqYsL.exe
  2⤵
  PID:7212
- C:\Windows\System\wuATIeX.exe
  C:\Windows\System\wuATIeX.exe
  2⤵
  PID:1740
- C:\Windows\System\MtYAVDK.exe
  C:\Windows\System\MtYAVDK.exe
  2⤵
  PID:7376
- C:\Windows\System\OgWpHTy.exe
  C:\Windows\System\OgWpHTy.exe
  2⤵
  PID:7416
- C:\Windows\System\BjyDxGk.exe
  C:\Windows\System\BjyDxGk.exe
  2⤵
  PID:7352
- C:\Windows\System\KVlZxyw.exe
  C:\Windows\System\KVlZxyw.exe
  2⤵
  PID:7396
- C:\Windows\System\USPpSzC.exe
  C:\Windows\System\USPpSzC.exe
  2⤵
  PID:7492
- C:\Windows\System\xdchdQP.exe
  C:\Windows\System\xdchdQP.exe
  2⤵
  PID:7540
- C:\Windows\System\ZTcbJWS.exe
  C:\Windows\System\ZTcbJWS.exe
  2⤵
  PID:7436
- C:\Windows\System\qMdRTQV.exe
  C:\Windows\System\qMdRTQV.exe
  2⤵
  PID:7584
- C:\Windows\System\cFfTQCM.exe
  C:\Windows\System\cFfTQCM.exe
  2⤵
  PID:7564
- C:\Windows\System\QzomQIf.exe
  C:\Windows\System\QzomQIf.exe
  2⤵
  PID:7652
- C:\Windows\System\IuCgiKG.exe
  C:\Windows\System\IuCgiKG.exe
  2⤵
  PID:7696
- C:\Windows\System\ptrboTZ.exe
  C:\Windows\System\ptrboTZ.exe
  2⤵
  PID:7636
- C:\Windows\System\gtqAmoV.exe
  C:\Windows\System\gtqAmoV.exe
  2⤵
  PID:7780
- C:\Windows\System\maAktDw.exe
  C:\Windows\System\maAktDw.exe
  2⤵
  PID:7812
- C:\Windows\System\TmjsfsB.exe
  C:\Windows\System\TmjsfsB.exe
  2⤵
  PID:7720
- C:\Windows\System\jPESOCS.exe
  C:\Windows\System\jPESOCS.exe
  2⤵
  PID:7896
- C:\Windows\System\VOEEffC.exe
  C:\Windows\System\VOEEffC.exe
  2⤵
  PID:7936
- C:\Windows\System\XUOjDMC.exe
  C:\Windows\System\XUOjDMC.exe
  2⤵
  PID:7752
- C:\Windows\System\BpTjUCs.exe
  C:\Windows\System\BpTjUCs.exe
  2⤵
  PID:7972
- C:\Windows\System\UOrMwoZ.exe
  C:\Windows\System\UOrMwoZ.exe
  2⤵
  PID:7868
- C:\Windows\System\GjCizdq.exe
  C:\Windows\System\GjCizdq.exe
  2⤵
  PID:7920
- C:\Windows\System\FAhroPX.exe
  C:\Windows\System\FAhroPX.exe
  2⤵
  PID:8052
- C:\Windows\System\atULUGr.exe
  C:\Windows\System\atULUGr.exe
  2⤵
  PID:8092
- C:\Windows\System\HFTeSAS.exe
  C:\Windows\System\HFTeSAS.exe
  2⤵
  PID:7996
- C:\Windows\System\etGPkRD.exe
  C:\Windows\System\etGPkRD.exe
  2⤵
  PID:1596
- C:\Windows\System\rrnMYtj.exe
  C:\Windows\System\rrnMYtj.exe
  2⤵
  PID:8024
- C:\Windows\System\EXadLdY.exe
  C:\Windows\System\EXadLdY.exe
  2⤵
  PID:6552
- C:\Windows\System\QvORudQ.exe
  C:\Windows\System\QvORudQ.exe
  2⤵
  PID:6700
- C:\Windows\System\RzfoXia.exe
  C:\Windows\System\RzfoXia.exe
  2⤵
  PID:8104
- C:\Windows\System\EEcASdu.exe
  C:\Windows\System\EEcASdu.exe
  2⤵
  PID:8152
- C:\Windows\System\IcwCogz.exe
  C:\Windows\System\IcwCogz.exe
  2⤵
  PID:7336
- C:\Windows\System\ntRuIuW.exe
  C:\Windows\System\ntRuIuW.exe
  2⤵
  PID:7372
- C:\Windows\System\DIfUnjf.exe
  C:\Windows\System\DIfUnjf.exe
  2⤵
  PID:2672
- C:\Windows\System\JYbDSRD.exe
  C:\Windows\System\JYbDSRD.exe
  2⤵
  PID:7460
- C:\Windows\System\HIRzlYm.exe
  C:\Windows\System\HIRzlYm.exe
  2⤵
  PID:2588
- C:\Windows\System\IylohPM.exe
  C:\Windows\System\IylohPM.exe
  2⤵
  PID:7556
- C:\Windows\System\wUvMfeY.exe
  C:\Windows\System\wUvMfeY.exe
  2⤵
  PID:7300
- C:\Windows\System\dYxAbRb.exe
  C:\Windows\System\dYxAbRb.exe
  2⤵
  PID:7664
- C:\Windows\System\zJtVIXH.exe
  C:\Windows\System\zJtVIXH.exe
  2⤵
  PID:7712
- C:\Windows\System\SPcIVuy.exe
  C:\Windows\System\SPcIVuy.exe
  2⤵
  PID:7976
- C:\Windows\System\dXvteMV.exe
  C:\Windows\System\dXvteMV.exe
  2⤵
  PID:7452
- C:\Windows\System\oeCqlje.exe
  C:\Windows\System\oeCqlje.exe
  2⤵
  PID:7576
- C:\Windows\System\LLFqxeh.exe
  C:\Windows\System\LLFqxeh.exe
  2⤵
  PID:8176
- C:\Windows\System\eSXHUNv.exe
  C:\Windows\System\eSXHUNv.exe
  2⤵
  PID:7500
- C:\Windows\System\pWukVME.exe
  C:\Windows\System\pWukVME.exe
  2⤵
  PID:6436
- C:\Windows\System\gUGWSAE.exe
  C:\Windows\System\gUGWSAE.exe
  2⤵
  PID:7600
- C:\Windows\System\jyZvPcf.exe
  C:\Windows\System\jyZvPcf.exe
  2⤵
  PID:7108
- C:\Windows\System\BUKEQjp.exe
  C:\Windows\System\BUKEQjp.exe
  2⤵
  PID:7816
- C:\Windows\System\vuuKwVU.exe
  C:\Windows\System\vuuKwVU.exe
  2⤵
  PID:7892
- C:\Windows\System\RSUUrcA.exe
  C:\Windows\System\RSUUrcA.exe
  2⤵
  PID:7952
- C:\Windows\System\DKIMbro.exe
  C:\Windows\System\DKIMbro.exe
  2⤵
  PID:8076
- C:\Windows\System\NaHqrFn.exe
  C:\Windows\System\NaHqrFn.exe
  2⤵
  PID:8156
- C:\Windows\System\YGDfccI.exe
  C:\Windows\System\YGDfccI.exe
  2⤵
  PID:272
- C:\Windows\System\MhtMEKQ.exe
  C:\Windows\System\MhtMEKQ.exe
  2⤵
  PID:6212
- C:\Windows\System\KTgdrkb.exe
  C:\Windows\System\KTgdrkb.exe
  2⤵
  PID:2624
- C:\Windows\System\uKKpKNs.exe
  C:\Windows\System\uKKpKNs.exe
  2⤵
  PID:7692
- C:\Windows\System\UxjrEaf.exe
  C:\Windows\System\UxjrEaf.exe
  2⤵
  PID:7876
- C:\Windows\System\oIkQMDO.exe
  C:\Windows\System\oIkQMDO.exe
  2⤵
  PID:7504
- C:\Windows\System\tvojgHC.exe
  C:\Windows\System\tvojgHC.exe
  2⤵
  PID:7640
- C:\Windows\System\hbrIAxK.exe
  C:\Windows\System\hbrIAxK.exe
  2⤵
  PID:2832
- C:\Windows\System\OfUQGke.exe
  C:\Windows\System\OfUQGke.exe
  2⤵
  PID:6472
- C:\Windows\System\IzMXkHY.exe
  C:\Windows\System\IzMXkHY.exe
  2⤵
  PID:8196
- C:\Windows\System\RSsfHny.exe
  C:\Windows\System\RSsfHny.exe
  2⤵
  PID:8212
- C:\Windows\System\XVkZmoZ.exe
  C:\Windows\System\XVkZmoZ.exe
  2⤵
  PID:8232
- C:\Windows\System\YEApkpX.exe
  C:\Windows\System\YEApkpX.exe
  2⤵
  PID:8252
- C:\Windows\System\rGTFgVG.exe
  C:\Windows\System\rGTFgVG.exe
  2⤵
  PID:8280
- C:\Windows\System\ZPcDwnn.exe
  C:\Windows\System\ZPcDwnn.exe
  2⤵
  PID:8304
- C:\Windows\System\LwLYfWf.exe
  C:\Windows\System\LwLYfWf.exe
  2⤵
  PID:8348
- C:\Windows\System\STVvAHb.exe
  C:\Windows\System\STVvAHb.exe
  2⤵
  PID:8368
- C:\Windows\System\LYrMIPC.exe
  C:\Windows\System\LYrMIPC.exe
  2⤵
  PID:8384
- C:\Windows\System\dOSqiFI.exe
  C:\Windows\System\dOSqiFI.exe
  2⤵
  PID:8412
- C:\Windows\System\vWABUEc.exe
  C:\Windows\System\vWABUEc.exe
  2⤵
  PID:8432
- C:\Windows\System\lGarRRf.exe
  C:\Windows\System\lGarRRf.exe
  2⤵
  PID:8448
- C:\Windows\System\XMbPlQd.exe
  C:\Windows\System\XMbPlQd.exe
  2⤵
  PID:8476
- C:\Windows\System\ddSzUKm.exe
  C:\Windows\System\ddSzUKm.exe
  2⤵
  PID:8496
- C:\Windows\System\OLAHXnt.exe
  C:\Windows\System\OLAHXnt.exe
  2⤵
  PID:8512
- C:\Windows\System\ShxsWaO.exe
  C:\Windows\System\ShxsWaO.exe
  2⤵
  PID:8528
- C:\Windows\System\oJNWIfM.exe
  C:\Windows\System\oJNWIfM.exe
  2⤵
  PID:8556
- C:\Windows\System\hBqAgkH.exe
  C:\Windows\System\hBqAgkH.exe
  2⤵
  PID:8576
- C:\Windows\System\wilDhrY.exe
  C:\Windows\System\wilDhrY.exe
  2⤵
  PID:8596
- C:\Windows\System\HaXiLTH.exe
  C:\Windows\System\HaXiLTH.exe
  2⤵
  PID:8616
- C:\Windows\System\IBUwfIW.exe
  C:\Windows\System\IBUwfIW.exe
  2⤵
  PID:8632
- C:\Windows\System\XNcPxEc.exe
  C:\Windows\System\XNcPxEc.exe
  2⤵
  PID:8648
- C:\Windows\System\xpJScVX.exe
  C:\Windows\System\xpJScVX.exe
  2⤵
  PID:8668
- C:\Windows\System\fiFBzPa.exe
  C:\Windows\System\fiFBzPa.exe
  2⤵
  PID:8688
- C:\Windows\System\VpLQvof.exe
  C:\Windows\System\VpLQvof.exe
  2⤵
  PID:8704
- C:\Windows\System\drqPrRv.exe
  C:\Windows\System\drqPrRv.exe
  2⤵
  PID:8724
- C:\Windows\System\xhJTDjA.exe
  C:\Windows\System\xhJTDjA.exe
  2⤵
  PID:8740
- C:\Windows\System\NQxFiLL.exe
  C:\Windows\System\NQxFiLL.exe
  2⤵
  PID:8760
- C:\Windows\System\nKUDdBx.exe
  C:\Windows\System\nKUDdBx.exe
  2⤵
  PID:8776
- C:\Windows\System\jmbjpNU.exe
  C:\Windows\System\jmbjpNU.exe
  2⤵
  PID:8792
- C:\Windows\System\oJKLHUK.exe
  C:\Windows\System\oJKLHUK.exe
  2⤵
  PID:8808
- C:\Windows\System\QOPOuHj.exe
  C:\Windows\System\QOPOuHj.exe
  2⤵
  PID:8824
- C:\Windows\System\ZqMQPgI.exe
  C:\Windows\System\ZqMQPgI.exe
  2⤵
  PID:8840
- C:\Windows\System\cJefdyi.exe
  C:\Windows\System\cJefdyi.exe
  2⤵
  PID:8860
- C:\Windows\System\rSejxWO.exe
  C:\Windows\System\rSejxWO.exe
  2⤵
  PID:8876
- C:\Windows\System\hAzddLC.exe
  C:\Windows\System\hAzddLC.exe
  2⤵
  PID:8896
- C:\Windows\System\BtbbMCT.exe
  C:\Windows\System\BtbbMCT.exe
  2⤵
  PID:8912
- C:\Windows\System\ufvAJAV.exe
  C:\Windows\System\ufvAJAV.exe
  2⤵
  PID:8932
- C:\Windows\System\rzGAtqa.exe
  C:\Windows\System\rzGAtqa.exe
  2⤵
  PID:8948
- C:\Windows\System\mrnVTkv.exe
  C:\Windows\System\mrnVTkv.exe
  2⤵
  PID:8972
- C:\Windows\System\GIfQQam.exe
  C:\Windows\System\GIfQQam.exe
  2⤵
  PID:8988
- C:\Windows\System\rIIuWjr.exe
  C:\Windows\System\rIIuWjr.exe
  2⤵
  PID:9004
- C:\Windows\System\CwRwHOe.exe
  C:\Windows\System\CwRwHOe.exe
  2⤵
  PID:9020
- C:\Windows\System\OHPLwkF.exe
  C:\Windows\System\OHPLwkF.exe
  2⤵
  PID:9108
- C:\Windows\System\ATqawAG.exe
  C:\Windows\System\ATqawAG.exe
  2⤵
  PID:9124
- C:\Windows\System\OLmZZgw.exe
  C:\Windows\System\OLmZZgw.exe
  2⤵
  PID:9140
- C:\Windows\System\TcIycRp.exe
  C:\Windows\System\TcIycRp.exe
  2⤵
  PID:9156
- C:\Windows\System\SqFpFTW.exe
  C:\Windows\System\SqFpFTW.exe
  2⤵
  PID:9172
- C:\Windows\System\WMgOPwu.exe
  C:\Windows\System\WMgOPwu.exe
  2⤵
  PID:9188
- C:\Windows\System\PDPzbag.exe
  C:\Windows\System\PDPzbag.exe
  2⤵
  PID:9208
- C:\Windows\System\nERHBHK.exe
  C:\Windows\System\nERHBHK.exe
  2⤵
  PID:7152
- C:\Windows\System\DZLQHMR.exe
  C:\Windows\System\DZLQHMR.exe
  2⤵
  PID:6528
- C:\Windows\System\qmFaToM.exe
  C:\Windows\System\qmFaToM.exe
  2⤵
  PID:8204
- C:\Windows\System\NItBvdp.exe
  C:\Windows\System\NItBvdp.exe
  2⤵
  PID:7520
- C:\Windows\System\kjDRCgE.exe
  C:\Windows\System\kjDRCgE.exe
  2⤵
  PID:7660
- C:\Windows\System\eafNCsC.exe
  C:\Windows\System\eafNCsC.exe
  2⤵
  PID:8244
- C:\Windows\System\KXBNaac.exe
  C:\Windows\System\KXBNaac.exe
  2⤵
  PID:7612
- C:\Windows\System\ZZqcrgc.exe
  C:\Windows\System\ZZqcrgc.exe
  2⤵
  PID:7680
- C:\Windows\System\DKsfvoj.exe
  C:\Windows\System\DKsfvoj.exe
  2⤵
  PID:8112
- C:\Windows\System\zICfHdh.exe
  C:\Windows\System\zICfHdh.exe
  2⤵
  PID:8172
- C:\Windows\System\dtmXTIi.exe
  C:\Windows\System\dtmXTIi.exe
  2⤵
  PID:8228
- C:\Windows\System\VWHhcBx.exe
  C:\Windows\System\VWHhcBx.exe
  2⤵
  PID:8268
- C:\Windows\System\ZwTEStm.exe
  C:\Windows\System\ZwTEStm.exe
  2⤵
  PID:8220
- C:\Windows\System\McAzVmv.exe
  C:\Windows\System\McAzVmv.exe
  2⤵
  PID:7756
- C:\Windows\System\FNxstGM.exe
  C:\Windows\System\FNxstGM.exe
  2⤵
  PID:8296
- C:\Windows\System\kJEwjPV.exe
  C:\Windows\System\kJEwjPV.exe
  2⤵
  PID:4844
- C:\Windows\System\FXXxltk.exe
  C:\Windows\System\FXXxltk.exe
  2⤵
  PID:8356
- C:\Windows\System\wqaWBcW.exe
  C:\Windows\System\wqaWBcW.exe
  2⤵
  PID:8400
- C:\Windows\System\SGfbqxT.exe
  C:\Windows\System\SGfbqxT.exe
  2⤵
  PID:8340
- C:\Windows\System\zElevPO.exe
  C:\Windows\System\zElevPO.exe
  2⤵
  PID:8568
- C:\Windows\System\gjyULkU.exe
  C:\Windows\System\gjyULkU.exe
  2⤵
  PID:8644
- C:\Windows\System\uLLsbSt.exe
  C:\Windows\System\uLLsbSt.exe
  2⤵
  PID:8428
- C:\Windows\System\tioIYzB.exe
  C:\Windows\System\tioIYzB.exe
  2⤵
  PID:8460
- C:\Windows\System\pdKRFuB.exe
  C:\Windows\System\pdKRFuB.exe
  2⤵
  PID:2088
- C:\Windows\System\KlxCqIs.exe
  C:\Windows\System\KlxCqIs.exe
  2⤵
  PID:2152
- C:\Windows\System\umbEMyQ.exe
  C:\Windows\System\umbEMyQ.exe
  2⤵
  PID:8548
- C:\Windows\System\lZVrunP.exe
  C:\Windows\System\lZVrunP.exe
  2⤵
  PID:8592
- C:\Windows\System\RJRuXKr.exe
  C:\Windows\System\RJRuXKr.exe
  2⤵
  PID:8624
- C:\Windows\System\TphgkcM.exe
  C:\Windows\System\TphgkcM.exe
  2⤵
  PID:8664
- C:\Windows\System\abMnmlc.exe
  C:\Windows\System\abMnmlc.exe
  2⤵
  PID:8800
- C:\Windows\System\iokkSYI.exe
  C:\Windows\System\iokkSYI.exe
  2⤵
  PID:8868
- C:\Windows\System\AQPNblc.exe
  C:\Windows\System\AQPNblc.exe
  2⤵
  PID:8920
- C:\Windows\System\CjGOjNr.exe
  C:\Windows\System\CjGOjNr.exe
  2⤵
  PID:8924
- C:\Windows\System\VWnkFAQ.exe
  C:\Windows\System\VWnkFAQ.exe
  2⤵
  PID:8960
- C:\Windows\System\sfQfYwK.exe
  C:\Windows\System\sfQfYwK.exe
  2⤵
  PID:8996
- C:\Windows\System\oLUWBVu.exe
  C:\Windows\System\oLUWBVu.exe
  2⤵
  PID:9016
- C:\Windows\System\qkRWufv.exe
  C:\Windows\System\qkRWufv.exe
  2⤵
  PID:9040
- C:\Windows\System\ifCuQIa.exe
  C:\Windows\System\ifCuQIa.exe
  2⤵
  PID:9056
- C:\Windows\System\etGMTHO.exe
  C:\Windows\System\etGMTHO.exe
  2⤵
  PID:9076
- C:\Windows\System\vdBxLdK.exe
  C:\Windows\System\vdBxLdK.exe
  2⤵
  PID:9092
- C:\Windows\System\tHrDkiv.exe
  C:\Windows\System\tHrDkiv.exe
  2⤵
  PID:3000
- C:\Windows\System\VjpwTsi.exe
  C:\Windows\System\VjpwTsi.exe
  2⤵
  PID:2816
- C:\Windows\System\GkAWiQo.exe
  C:\Windows\System\GkAWiQo.exe
  2⤵
  PID:2880
- C:\Windows\System\IqgwPtl.exe
  C:\Windows\System\IqgwPtl.exe
  2⤵
  PID:9120
- C:\Windows\System\MdfWuRX.exe
  C:\Windows\System\MdfWuRX.exe
  2⤵
  PID:1496
- C:\Windows\System\JybrtUE.exe
  C:\Windows\System\JybrtUE.exe
  2⤵
  PID:9180
- C:\Windows\System\SASwSNC.exe
  C:\Windows\System\SASwSNC.exe
  2⤵
  PID:6752
- C:\Windows\System\dlhBVKs.exe
  C:\Windows\System\dlhBVKs.exe
  2⤵
  PID:8028
- C:\Windows\System\FQbbixf.exe
  C:\Windows\System\FQbbixf.exe
  2⤵
  PID:7516
- C:\Windows\System\DgDbtBN.exe
  C:\Windows\System\DgDbtBN.exe
  2⤵
  PID:7320
- C:\Windows\System\PUyzSvd.exe
  C:\Windows\System\PUyzSvd.exe
  2⤵
  PID:7616
- C:\Windows\System\vODdEsS.exe
  C:\Windows\System\vODdEsS.exe
  2⤵
  PID:7912
- C:\Windows\System\ascgIrD.exe
  C:\Windows\System\ascgIrD.exe
  2⤵
  PID:8288
- C:\Windows\System\zTnFzlA.exe
  C:\Windows\System\zTnFzlA.exe
  2⤵
  PID:8260
- C:\Windows\System\uwGQXJQ.exe
  C:\Windows\System\uwGQXJQ.exe
  2⤵
  PID:1484
- C:\Windows\System\fHkHOFO.exe
  C:\Windows\System\fHkHOFO.exe
  2⤵
  PID:7008
- C:\Windows\System\oSaLtKm.exe
  C:\Windows\System\oSaLtKm.exe
  2⤵
  PID:8408
- C:\Windows\System\zixqkqc.exe
  C:\Windows\System\zixqkqc.exe
  2⤵
  PID:3044
- C:\Windows\System\GONRjFg.exe
  C:\Windows\System\GONRjFg.exe
  2⤵
  PID:8320
- C:\Windows\System\momexWL.exe
  C:\Windows\System\momexWL.exe
  2⤵
  PID:8488
- C:\Windows\System\EinVPYu.exe
  C:\Windows\System\EinVPYu.exe
  2⤵
  PID:8444
- C:\Windows\System\SWDCBtZ.exe
  C:\Windows\System\SWDCBtZ.exe
  2⤵
  PID:8608
- C:\Windows\System\EunqduX.exe
  C:\Windows\System\EunqduX.exe
  2⤵
  PID:8508
- C:\Windows\System\cMOgBiB.exe
  C:\Windows\System\cMOgBiB.exe
  2⤵
  PID:8720
- C:\Windows\System\fFsFlKL.exe
  C:\Windows\System\fFsFlKL.exe
  2⤵
  PID:8544
- C:\Windows\System\jLqHQok.exe
  C:\Windows\System\jLqHQok.exe
  2⤵
  PID:8588
- C:\Windows\System\AbRTMwV.exe
  C:\Windows\System\AbRTMwV.exe
  2⤵
  PID:8700
- C:\Windows\System\ElMdbKX.exe
  C:\Windows\System\ElMdbKX.exe
  2⤵
  PID:8768
- C:\Windows\System\fQKEcVw.exe
  C:\Windows\System\fQKEcVw.exe
  2⤵
  PID:112
- C:\Windows\System\XrGOgjN.exe
  C:\Windows\System\XrGOgjN.exe
  2⤵
  PID:2140
- C:\Windows\System\VBaqyLn.exe
  C:\Windows\System\VBaqyLn.exe
  2⤵
  PID:2008
- C:\Windows\System\YyCPkNJ.exe
  C:\Windows\System\YyCPkNJ.exe
  2⤵
  PID:1616
- C:\Windows\System\eqWYYCj.exe
  C:\Windows\System\eqWYYCj.exe
  2⤵
  PID:1536
- C:\Windows\System\HynsZPG.exe
  C:\Windows\System\HynsZPG.exe
  2⤵
  PID:2212
- C:\Windows\System\NnEsOYf.exe
  C:\Windows\System\NnEsOYf.exe
  2⤵
  PID:2584
- C:\Windows\System\nvVNRnw.exe
  C:\Windows\System\nvVNRnw.exe
  2⤵
  PID:8928
- C:\Windows\System\eFpNCrQ.exe
  C:\Windows\System\eFpNCrQ.exe
  2⤵
  PID:8956
- C:\Windows\System\ngrxAyF.exe
  C:\Windows\System\ngrxAyF.exe
  2⤵
  PID:9064
- C:\Windows\System\WvUfFAn.exe
  C:\Windows\System\WvUfFAn.exe
  2⤵
  PID:2636
- C:\Windows\System\DrCGCam.exe
  C:\Windows\System\DrCGCam.exe
  2⤵
  PID:1132
- C:\Windows\System\wKyQQKA.exe
  C:\Windows\System\wKyQQKA.exe
  2⤵
  PID:7356
- C:\Windows\System\AoRfRUN.exe
  C:\Windows\System\AoRfRUN.exe
  2⤵
  PID:9132
- C:\Windows\System\YjaHPqF.exe
  C:\Windows\System\YjaHPqF.exe
  2⤵
  PID:8984
- C:\Windows\System\HXdIbDj.exe
  C:\Windows\System\HXdIbDj.exe
  2⤵
  PID:9000
- C:\Windows\System\xNigpMJ.exe
  C:\Windows\System\xNigpMJ.exe
  2⤵
  PID:9088
- C:\Windows\System\XcUrBFE.exe
  C:\Windows\System\XcUrBFE.exe
  2⤵
  PID:8008
- C:\Windows\System\QchAqhC.exe
  C:\Windows\System\QchAqhC.exe
  2⤵
  PID:8264
- C:\Windows\System\RAnNSBV.exe
  C:\Windows\System\RAnNSBV.exe
  2⤵
  PID:7792
- C:\Windows\System\YKBLgLV.exe
  C:\Windows\System\YKBLgLV.exe
  2⤵
  PID:8856
- C:\Windows\System\nthtRsV.exe
  C:\Windows\System\nthtRsV.exe
  2⤵
  PID:2984
- C:\Windows\System\ExCZbFf.exe
  C:\Windows\System\ExCZbFf.exe
  2⤵
  PID:6672
- C:\Windows\System\qwTCdKA.exe
  C:\Windows\System\qwTCdKA.exe
  2⤵
  PID:8120
- C:\Windows\System\hHsVATC.exe
  C:\Windows\System\hHsVATC.exe
  2⤵
  PID:8344
- C:\Windows\System\lnCduCj.exe
  C:\Windows\System\lnCduCj.exe
  2⤵
  PID:8424
- C:\Windows\System\MnkydvP.exe
  C:\Windows\System\MnkydvP.exe
  2⤵
  PID:1704
- C:\Windows\System\XyNGNLs.exe
  C:\Windows\System\XyNGNLs.exe
  2⤵
  PID:8484
- C:\Windows\System\TemjeqP.exe
  C:\Windows\System\TemjeqP.exe
  2⤵
  PID:8752
- C:\Windows\System\XyUnMwL.exe
  C:\Windows\System\XyUnMwL.exe
  2⤵
  PID:2668
- C:\Windows\System\yjIywzs.exe
  C:\Windows\System\yjIywzs.exe
  2⤵
  PID:1844
- C:\Windows\System\emDHaGw.exe
  C:\Windows\System\emDHaGw.exe
  2⤵
  PID:2272
- C:\Windows\System\zmNFPPu.exe
  C:\Windows\System\zmNFPPu.exe
  2⤵
  PID:9072
- C:\Windows\System\wifCYpM.exe
  C:\Windows\System\wifCYpM.exe
  2⤵
  PID:7596
- C:\Windows\System\qxOuPDJ.exe
  C:\Windows\System\qxOuPDJ.exe
  2⤵
  PID:2064
- C:\Windows\System\aexvyMg.exe
  C:\Windows\System\aexvyMg.exe
  2⤵
  PID:2784
- C:\Windows\System\jHgRpso.exe
  C:\Windows\System\jHgRpso.exe
  2⤵
  PID:6772
- C:\Windows\System\xKWfmWd.exe
  C:\Windows\System\xKWfmWd.exe
  2⤵
  PID:1372
- C:\Windows\System\jaamDSs.exe
  C:\Windows\System\jaamDSs.exe
  2⤵
  PID:9036
- C:\Windows\System\zPrTNwf.exe
  C:\Windows\System\zPrTNwf.exe
  2⤵
  PID:1720
- C:\Windows\System\ZyZaTzb.exe
  C:\Windows\System\ZyZaTzb.exe
  2⤵
  PID:6744
- C:\Windows\System\cIBaIFW.exe
  C:\Windows\System\cIBaIFW.exe
  2⤵
  PID:7440
- C:\Windows\System\HCBxrHe.exe
  C:\Windows\System\HCBxrHe.exe
  2⤵
  PID:8832
- C:\Windows\System\SJJHnnB.exe
  C:\Windows\System\SJJHnnB.exe
  2⤵
  PID:8140
- C:\Windows\System\SgvpHcG.exe
  C:\Windows\System\SgvpHcG.exe
  2⤵
  PID:8524
- C:\Windows\System\CoMpQto.exe
  C:\Windows\System\CoMpQto.exe
  2⤵
  PID:8540
- C:\Windows\System\AENUDPg.exe
  C:\Windows\System\AENUDPg.exe
  2⤵
  PID:8772
- C:\Windows\System\OADMIET.exe
  C:\Windows\System\OADMIET.exe
  2⤵
  PID:8332
- C:\Windows\System\ZEaRBJr.exe
  C:\Windows\System\ZEaRBJr.exe
  2⤵
  PID:2564
- C:\Windows\System\ilxcwqK.exe
  C:\Windows\System\ilxcwqK.exe
  2⤵
  PID:8944
- C:\Windows\System\TAqIFqB.exe
  C:\Windows\System\TAqIFqB.exe
  2⤵
  PID:9052
- C:\Windows\System\PpOpJxD.exe
  C:\Windows\System\PpOpJxD.exe
  2⤵
  PID:9200
- C:\Windows\System\NuiNfZY.exe
  C:\Windows\System\NuiNfZY.exe
  2⤵
  PID:1692
- C:\Windows\System\ESfhbdC.exe
  C:\Windows\System\ESfhbdC.exe
  2⤵
  PID:3068
- C:\Windows\System\KCoHGxm.exe
  C:\Windows\System\KCoHGxm.exe
  2⤵
  PID:8680
- C:\Windows\System\pTiWmnr.exe
  C:\Windows\System\pTiWmnr.exe
  2⤵
  PID:8804
- C:\Windows\System\pLCZjki.exe
  C:\Windows\System\pLCZjki.exe
  2⤵
  PID:8888
- C:\Windows\System\vhggdWM.exe
  C:\Windows\System\vhggdWM.exe
  2⤵
  PID:8908
- C:\Windows\System\WxjHqyT.exe
  C:\Windows\System\WxjHqyT.exe
  2⤵
  PID:9168
- C:\Windows\System\pkPlucJ.exe
  C:\Windows\System\pkPlucJ.exe
  2⤵
  PID:8756
- C:\Windows\System\tdVaaJK.exe
  C:\Windows\System\tdVaaJK.exe
  2⤵
  PID:8380
- C:\Windows\System\HgOCHyn.exe
  C:\Windows\System\HgOCHyn.exe
  2⤵
  PID:2760
- C:\Windows\System\lydPpDn.exe
  C:\Windows\System\lydPpDn.exe
  2⤵
  PID:9196
- C:\Windows\System\JHzkIqd.exe
  C:\Windows\System\JHzkIqd.exe
  2⤵
  PID:9048
- C:\Windows\System\KEpEHMD.exe
  C:\Windows\System\KEpEHMD.exe
  2⤵
  PID:2476
- C:\Windows\System\xXlVTCy.exe
  C:\Windows\System\xXlVTCy.exe
  2⤵
  PID:9104
- C:\Windows\System\HnVccrJ.exe
  C:\Windows\System\HnVccrJ.exe
  2⤵
  PID:2724
- C:\Windows\System\vIPDoIY.exe
  C:\Windows\System\vIPDoIY.exe
  2⤵
  PID:9148
- C:\Windows\System\zMTbFgk.exe
  C:\Windows\System\zMTbFgk.exe
  2⤵
  PID:8520
- C:\Windows\System\PBJZRZa.exe
  C:\Windows\System\PBJZRZa.exe
  2⤵
  PID:9228
- C:\Windows\System\PLosVta.exe
  C:\Windows\System\PLosVta.exe
  2⤵
  PID:9248
- C:\Windows\System\fmWYBkt.exe
  C:\Windows\System\fmWYBkt.exe
  2⤵
  PID:9264
- C:\Windows\System\SNzfwKC.exe
  C:\Windows\System\SNzfwKC.exe
  2⤵
  PID:9280
- C:\Windows\System\dwNJsrw.exe
  C:\Windows\System\dwNJsrw.exe
  2⤵
  PID:9304
- C:\Windows\System\sMfSQfh.exe
  C:\Windows\System\sMfSQfh.exe
  2⤵
  PID:9324
- C:\Windows\System\SJFcbWb.exe
  C:\Windows\System\SJFcbWb.exe
  2⤵
  PID:9340
- C:\Windows\System\erbafTV.exe
  C:\Windows\System\erbafTV.exe
  2⤵
  PID:9356
- C:\Windows\System\kptaWiq.exe
  C:\Windows\System\kptaWiq.exe
  2⤵
  PID:9372
- C:\Windows\System\XeIKlid.exe
  C:\Windows\System\XeIKlid.exe
  2⤵
  PID:9392
- C:\Windows\System\JHJgbyu.exe
  C:\Windows\System\JHJgbyu.exe
  2⤵
  PID:9416
- C:\Windows\System\yHklNxx.exe
  C:\Windows\System\yHklNxx.exe
  2⤵
  PID:9432
- C:\Windows\System\DDFxwgp.exe
  C:\Windows\System\DDFxwgp.exe
  2⤵
  PID:9448
- C:\Windows\System\fBURfZH.exe
  C:\Windows\System\fBURfZH.exe
  2⤵
  PID:9468
- C:\Windows\System\JuhhCdE.exe
  C:\Windows\System\JuhhCdE.exe
  2⤵
  PID:9484
- C:\Windows\System\oVZSqOw.exe
  C:\Windows\System\oVZSqOw.exe
  2⤵
  PID:9504
- C:\Windows\System\MkcydFt.exe
  C:\Windows\System\MkcydFt.exe
  2⤵
  PID:9528
- C:\Windows\System\tGfOwEs.exe
  C:\Windows\System\tGfOwEs.exe
  2⤵
  PID:9568
- C:\Windows\System\WzoSzRD.exe
  C:\Windows\System\WzoSzRD.exe
  2⤵
  PID:9584
- C:\Windows\System\aQkPlMY.exe
  C:\Windows\System\aQkPlMY.exe
  2⤵
  PID:9600
- C:\Windows\System\JUiFGAw.exe
  C:\Windows\System\JUiFGAw.exe
  2⤵
  PID:9620
- C:\Windows\System\CFgyTHx.exe
  C:\Windows\System\CFgyTHx.exe
  2⤵
  PID:9640
- C:\Windows\System\awQTckk.exe
  C:\Windows\System\awQTckk.exe
  2⤵
  PID:9656
- C:\Windows\System\TmVrZDw.exe
  C:\Windows\System\TmVrZDw.exe
  2⤵
  PID:9680
- C:\Windows\System\qlrTCsd.exe
  C:\Windows\System\qlrTCsd.exe
  2⤵
  PID:9700
- C:\Windows\System\CALCpuK.exe
  C:\Windows\System\CALCpuK.exe
  2⤵
  PID:9716
- C:\Windows\System\TDJnTCf.exe
  C:\Windows\System\TDJnTCf.exe
  2⤵
  PID:9736
- C:\Windows\System\AEztidd.exe
  C:\Windows\System\AEztidd.exe
  2⤵
  PID:9764
- C:\Windows\System\rObhBOP.exe
  C:\Windows\System\rObhBOP.exe
  2⤵
  PID:9780
- C:\Windows\System\DcDgAhm.exe
  C:\Windows\System\DcDgAhm.exe
  2⤵
  PID:9804
- C:\Windows\System\aPyBrHd.exe
  C:\Windows\System\aPyBrHd.exe
  2⤵
  PID:9828
- C:\Windows\System\zAZymOy.exe
  C:\Windows\System\zAZymOy.exe
  2⤵
  PID:9868
- C:\Windows\System\lQYznOa.exe
  C:\Windows\System\lQYznOa.exe
  2⤵
  PID:9884
- C:\Windows\System\ybQSssd.exe
  C:\Windows\System\ybQSssd.exe
  2⤵
  PID:9900
- C:\Windows\System\wSahMLe.exe
  C:\Windows\System\wSahMLe.exe
  2⤵
  PID:9916
- C:\Windows\System\lmAeevi.exe
  C:\Windows\System\lmAeevi.exe
  2⤵
  PID:9932
- C:\Windows\System\ZErfTxC.exe
  C:\Windows\System\ZErfTxC.exe
  2⤵
  PID:9948
- C:\Windows\System\Vzlqyze.exe
  C:\Windows\System\Vzlqyze.exe
  2⤵
  PID:9988
- C:\Windows\System\PFGmXGh.exe
  C:\Windows\System\PFGmXGh.exe
  2⤵
  PID:10004
- C:\Windows\System\QWeOkLx.exe
  C:\Windows\System\QWeOkLx.exe
  2⤵
  PID:10020
- C:\Windows\System\InnzwWd.exe
  C:\Windows\System\InnzwWd.exe
  2⤵
  PID:10036
- C:\Windows\System\KaHFlbE.exe
  C:\Windows\System\KaHFlbE.exe
  2⤵
  PID:10056
- C:\Windows\System\TfSxrnC.exe
  C:\Windows\System\TfSxrnC.exe
  2⤵
  PID:10076
- C:\Windows\System\sgeGopv.exe
  C:\Windows\System\sgeGopv.exe
  2⤵
  PID:10092
- C:\Windows\System\vlvBxrd.exe
  C:\Windows\System\vlvBxrd.exe
  2⤵
  PID:10112
- C:\Windows\System\LAwiJlV.exe
  C:\Windows\System\LAwiJlV.exe
  2⤵
  PID:10132
- C:\Windows\System\PbkMhGA.exe
  C:\Windows\System\PbkMhGA.exe
  2⤵
  PID:10168
- C:\Windows\System\IYhyKgz.exe
  C:\Windows\System\IYhyKgz.exe
  2⤵
  PID:10184
- C:\Windows\System\VtKlnaQ.exe
  C:\Windows\System\VtKlnaQ.exe
  2⤵
  PID:10200
- C:\Windows\System\ZUOvVZJ.exe
  C:\Windows\System\ZUOvVZJ.exe
  2⤵
  PID:10216
- C:\Windows\System\ZctRuwN.exe
  C:\Windows\System\ZctRuwN.exe
  2⤵
  PID:10232
- C:\Windows\System\TtStexN.exe
  C:\Windows\System\TtStexN.exe
  2⤵
  PID:9236
- C:\Windows\System\mtEeizJ.exe
  C:\Windows\System\mtEeizJ.exe
  2⤵
  PID:9312
- C:\Windows\System\FHQNhTP.exe
  C:\Windows\System\FHQNhTP.exe
  2⤵
  PID:9384
- C:\Windows\System\ujMfMLw.exe
  C:\Windows\System\ujMfMLw.exe
  2⤵
  PID:9456
- C:\Windows\System\lGWefPS.exe
  C:\Windows\System\lGWefPS.exe
  2⤵
  PID:9032
- C:\Windows\System\wpjCwOx.exe
  C:\Windows\System\wpjCwOx.exe
  2⤵
  PID:9536
- C:\Windows\System\gmvxKum.exe
  C:\Windows\System\gmvxKum.exe
  2⤵
  PID:9560
- C:\Windows\System\ZSlxJud.exe
  C:\Windows\System\ZSlxJud.exe
  2⤵
  PID:9628
- C:\Windows\System\BYVFZVN.exe
  C:\Windows\System\BYVFZVN.exe
  2⤵
  PID:9676
- C:\Windows\System\OwiLmcD.exe
  C:\Windows\System\OwiLmcD.exe
  2⤵
  PID:9748
- C:\Windows\System\qQNSBXK.exe
  C:\Windows\System\qQNSBXK.exe
  2⤵
  PID:9336
- C:\Windows\System\aYQIWBz.exe
  C:\Windows\System\aYQIWBz.exe
  2⤵
  PID:9444
- C:\Windows\System\PULZSKm.exe
  C:\Windows\System\PULZSKm.exe
  2⤵
  PID:9752
- C:\Windows\System\knHwzWx.exe
  C:\Windows\System\knHwzWx.exe
  2⤵
  PID:9728
- C:\Windows\System\zkYvklF.exe
  C:\Windows\System\zkYvklF.exe
  2⤵
  PID:9608
- C:\Windows\System\pSztylH.exe
  C:\Windows\System\pSztylH.exe
  2⤵
  PID:9776
- C:\Windows\System\fpDKYHb.exe
  C:\Windows\System\fpDKYHb.exe
  2⤵
  PID:9580
- C:\Windows\System\hPmYbfM.exe
  C:\Windows\System\hPmYbfM.exe
  2⤵
  PID:9688
- C:\Windows\System\tVomYQe.exe
  C:\Windows\System\tVomYQe.exe
  2⤵
  PID:9724
- C:\Windows\System\VmIUafn.exe
  C:\Windows\System\VmIUafn.exe
  2⤵
  PID:9864
- C:\Windows\System\iZLyiYr.exe
  C:\Windows\System\iZLyiYr.exe
  2⤵
  PID:9816
- C:\Windows\System\NqSVySX.exe
  C:\Windows\System\NqSVySX.exe
  2⤵
  PID:9896
- C:\Windows\System\VntYHFt.exe
  C:\Windows\System\VntYHFt.exe
  2⤵
  PID:9964
- C:\Windows\System\pNTTeKB.exe
  C:\Windows\System\pNTTeKB.exe
  2⤵
  PID:9880
- C:\Windows\System\LdGrXwk.exe
  C:\Windows\System\LdGrXwk.exe
  2⤵
  PID:9980
- C:\Windows\System\dDsCnOi.exe
  C:\Windows\System\dDsCnOi.exe
  2⤵
  PID:10044
- C:\Windows\System\BLEOCuD.exe
  C:\Windows\System\BLEOCuD.exe
  2⤵
  PID:10012
- C:\Windows\System\VAQSnXz.exe
  C:\Windows\System\VAQSnXz.exe
  2⤵
  PID:10128
- C:\Windows\System\dRfsVpr.exe
  C:\Windows\System\dRfsVpr.exe
  2⤵
  PID:10032
- C:\Windows\System\dXgxubc.exe
  C:\Windows\System\dXgxubc.exe
  2⤵
  PID:10140
- C:\Windows\System\dROtlaW.exe
  C:\Windows\System\dROtlaW.exe
  2⤵
  PID:9348
- C:\Windows\System\fNsUGYU.exe
  C:\Windows\System\fNsUGYU.exe
  2⤵
  PID:9320
- C:\Windows\System\EhxiJCo.exe
  C:\Windows\System\EhxiJCo.exe
  2⤵
  PID:9556
- C:\Windows\System\cHmHjtN.exe
  C:\Windows\System\cHmHjtN.exe
  2⤵
  PID:9492
- C:\Windows\System\lHaxrGK.exe
  C:\Windows\System\lHaxrGK.exe
  2⤵
  PID:10196
- C:\Windows\System\VOMGGmr.exe
  C:\Windows\System\VOMGGmr.exe
  2⤵
  PID:9276
- C:\Windows\System\kIXKEHr.exe
  C:\Windows\System\kIXKEHr.exe
  2⤵
  PID:9500
- C:\Windows\System\cMqbKqT.exe
  C:\Windows\System\cMqbKqT.exe
  2⤵
  PID:9744
- C:\Windows\System\QrBiWpS.exe
  C:\Windows\System\QrBiWpS.exe
  2⤵
  PID:9788
- C:\Windows\System\hxiBDqw.exe
  C:\Windows\System\hxiBDqw.exe
  2⤵
  PID:9796
- C:\Windows\System\CqKSGEX.exe
  C:\Windows\System\CqKSGEX.exe
  2⤵
  PID:9256
- C:\Windows\System\BESKqWC.exe
  C:\Windows\System\BESKqWC.exe
  2⤵
  PID:8224
- C:\Windows\System\gDRLbFX.exe
  C:\Windows\System\gDRLbFX.exe
  2⤵
  PID:9696
- C:\Windows\System\NMxgGde.exe
  C:\Windows\System\NMxgGde.exe
  2⤵
  PID:9956
- C:\Windows\System\luMFwwJ.exe
  C:\Windows\System\luMFwwJ.exe
  2⤵
  PID:10052
- C:\Windows\System\idTbKjr.exe
  C:\Windows\System\idTbKjr.exe
  2⤵
  PID:10152
- C:\Windows\System\bpykxOv.exe
  C:\Windows\System\bpykxOv.exe
  2⤵
  PID:9824
- C:\Windows\System\DXYiSeD.exe
  C:\Windows\System\DXYiSeD.exe
  2⤵
  PID:10072
- C:\Windows\System\easrfJQ.exe
  C:\Windows\System\easrfJQ.exe
  2⤵
  PID:9860
- C:\Windows\System\olbIPNH.exe
  C:\Windows\System\olbIPNH.exe
  2⤵
  PID:9968
- C:\Windows\System\KwaQsBB.exe
  C:\Windows\System\KwaQsBB.exe
  2⤵
  PID:2572
- C:\Windows\System\QtARlmF.exe
  C:\Windows\System\QtARlmF.exe
  2⤵
  PID:9300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ARJHEGk.exe

Filesize
6.1MB

MD5
3d7ae97539cd94b2ac29284d41746a55

SHA1
f8f93e638869cdb401116237be4b5af994c167b0

SHA256
ac1c5cf32595b8587c73d4d95a38caad27265f830a8aeacda0e9a641758ad3d1

SHA512
0949e16d81dc0c247a7675966e8b8d40a60478f6bf6247923ec075e23b66aa1e6e9f6d37f1c9225a7e49ebde0e23b6002db9972f35f004028ce5db1ab652e108

Download Submit
C:\Windows\system\GTiqSgc.exe

Filesize
6.1MB

MD5
b7d804030b5363c42228f0b212aec887

SHA1
be0f9b47a6affeb7ad037adda2c36738c3f6ce55

SHA256
6b7f0d4a17a04003791bc4cc00ccc8c9997629d5b72dcda376b865531dc63f3e

SHA512
027f4bfd0f003a055d9c6273fe911845bdd0458d0f321896e73e443948449b8adfbf68baa1fa0d715f81bb5a59c7cd621d9d90e68ec009e125a9fb66c8c753ca

Download Submit
C:\Windows\system\HASdsbn.exe

Filesize
6.1MB

MD5
315004b938a68db43c71e44350fcb3d4

SHA1
0aa2b08d2ace1640bce1e6e5b569faad7bec6d41

SHA256
293cc8767def92b3a8d86fa812915b865e141a6443defd0f72d05da14ed382cb

SHA512
5048ca471a1b9c559581724ac94a8041ad62df3dbb626a4b758bb30b1c85de21617c889c95a96bac47f3646bffe099bb5b08c3c2d3111cf43c28dda2162a0af6

Download Submit
C:\Windows\system\HEwrVKk.exe

Filesize
6.1MB

MD5
6e67b58233de03665c8702a611ef3d6a

SHA1
5c2611370122d75435560aad6e826b50b60370ed

SHA256
3d85a9ed40696b038f2fbca8c466194aaeb7da39f9a076f944100e643e14af59

SHA512
6a88c9455e10eb1cf817838a7040db8ed43f93bc38feccada2d27b1d1642ce11d1e33eaf1047bfc77c90047c77f106ac7e73f6263115754e44a048f2819d9439

Download Submit
C:\Windows\system\IvFHvvX.exe

Filesize
6.1MB

MD5
25d3c153d21b8fa74e5de55fc7169cd0

SHA1
2f0a7cf411bc15a5af0c52e9d8412251459fb65c

SHA256
c67d3098baaa0fad5623d3f61df985cd3c984c1c8089726e270450ec06b91bbd

SHA512
664f43595147ee52861c738ce62a9217f94fba08e87bb67c460b3e3f2aa792ae448c20012b2db760d3765b4ed5502efd5ffbc7b789494f7ec2f0a88a29f7b8a5

Download Submit
C:\Windows\system\OKLdnpJ.exe

Filesize
6.1MB

MD5
0a5892af793c1f4b8f073c44afb79d78

SHA1
03c0faed56b57830d2830119f7c5de67c0d4d8a2

SHA256
49e34826a72e2150273361021b985c58a78781e84b19a73716c1930b30068469

SHA512
74601d4c38fabc5681bbb8c9b841fab853d34c04156738a29442099cfd3d9ca0592b1cdf859a63bfae9af5b01e60bbeaa7d80d2ad29378a6fc29d0c51b125788

Download Submit
C:\Windows\system\OggmwAX.exe

Filesize
6.1MB

MD5
56c96c924225b8c0b2cfa3c90b563970

SHA1
eb8dc29e4ac96979704f54d6ce9eeeb0c15db4a2

SHA256
11d5832a4fcbf2de09caeb0c7e17a26d9f52c72aef87d90c680f37900d7be7cf

SHA512
71f2205d8f16e2c1ab19a29fc77ce670aae6900f771e2d794e23e07c873f7883495753b831b3095a78829a0f1307e144f7098a4e660a24a84a6fa20fc2048936

Download Submit
C:\Windows\system\PBtAUGY.exe

Filesize
6.1MB

MD5
68bafbad87c9bb97ee659030456f5200

SHA1
28ccdfc752b61c1efdc526b37926445c356c6f85

SHA256
174b47c54fe90a6a6e0285e6a526529824ad2aad517782bf032e1e091a45d851

SHA512
ea1ce439fbeba13063222d37cca949d0e81a5fb6a13c8ad97cf17e459edaeba9cbfcab02d84cc97e0e7176ea7e80251004798edf744ca1216b88e70c5f080065

Download Submit
C:\Windows\system\RySVcCU.exe

Filesize
6.1MB

MD5
8db9c6ec550d6286d863a39e90a48cb1

SHA1
fb42f97bae3e89a9238e6bf90c5fc0d74bebfd15

SHA256
7baf7e57ba0e33e04a89001e8ebdb76587a211d143ccf8357d7ebbcf5aa18e63

SHA512
b465fbb078640b741c81bebd2e6a66f853eca5091383f2444bf4baed93ec58b2106ba1e874dca55622181f932f7a59233d40539fb57e225e69cb7f8e559b9664

Download Submit
C:\Windows\system\WKZMIHg.exe

Filesize
6.1MB

MD5
9cf6133a17d580931ac796aec0c37a12

SHA1
6b8e562b41edc2891ac9e0a0312f9a3913da4434

SHA256
75765189d9d648b2c4ede41b5e6dbdef37d8d94b5fc3a577ebfb755e66d0075f

SHA512
9aa97e9cb28b28509d5e416eb1680e0e0c02e9b8f4a54345dfac912ff68d5098d736f718586e15ac805d7f476f137e857ff20a5cb6b7825e5a7cdef88c7de6ed

Download Submit
C:\Windows\system\WWeeNxD.exe

Filesize
6.1MB

MD5
dcf61c9f34bc7086683c6c49d517712b

SHA1
8a5409981a621d35f06025b451c9860bfa395e45

SHA256
7fef42ce3cbbd24d33e51f8d3cb6fb6f0c846222629a894ab5871fa792b217ab

SHA512
5f312cf7bbf6b9ee832e1e946ec46fa17fc30058955a4d05049144780101f50420f3aa81b9034cdd0fe27cde6bd376e76928ca29d06326541002a00764c3294f

Download Submit
C:\Windows\system\YmdOgka.exe

Filesize
6.1MB

MD5
f58745b047907a947a6a3fd0cbd6c64e

SHA1
19a8caed6012e5873552b6425579423641a21517

SHA256
2945b2db8bb457473562311ce54138c92d114880a06aa3ca7d72a4d60eef3964

SHA512
38f3875e66593dae7f48957af03c3a0ab1d081ef7d4d367dfcd22c8e9f6c6de04913d0c4b7bf54c0290bea03275197dde05c5b8bbc0b20b0f196604ccf0f0fbf

Download Submit
C:\Windows\system\ZQkFqxi.exe

Filesize
6.1MB

MD5
a23e4e0dc605e53edfecee69ab320037

SHA1
deb94ac0da71789bfef854207366bf53d694a3fe

SHA256
0552589a6b80cd4bef1b636ebf028d2967505a56f02b97f84d9554961c82b5bf

SHA512
a6cd11cefeb5acb678120726164bf93e53827682ef51464ea996e7e2cd6418afa316f00895c3eb7de7a31ecb12ef685ee9083559dbd9d70723e56d388e7af686

Download Submit
C:\Windows\system\ZhsbGqq.exe

Filesize
6.1MB

MD5
f1a1d5969f1a42ef50298c0d5ae4f0db

SHA1
7aea00fd53ff779177d3ab3a36aa3da5c0874b80

SHA256
760652f29b424148b58242287a44b3b2f387fac5d568891055a4c7e663836402

SHA512
49de414591b4e49943436c7c36869012d538f41e914049ed3bf5f439e082c4e96f67d808a4405360e59d5ac639b78908e8c3c949b6e5c6d1a5f95e4a89367347

Download Submit
C:\Windows\system\aELBXVZ.exe

Filesize
6.1MB

MD5
2ff6bca29ca7f212f2300d70c01fb03c

SHA1
1f9dd3b526649481363fb4e585bec2dd06d78682

SHA256
6e26964fe4f59233e24f81c504df407dcb1b8ffe6bc64fd1afc57484f47de33d

SHA512
136b63fce2ba44a854fafe9955ff4f08d8dc41f25e8b3669ac6a6eaa123f0620b62751dfa749e5722c3e447d1bb2ca872cc36655550d1aaad0e47c29fc8f35bc

Download Submit
C:\Windows\system\dXwSAQY.exe

Filesize
6.1MB

MD5
2c6ef22b94f481db93bbcf0d860f2445

SHA1
1cc29cdd9ca060c94b5d2b9655042dca7dc6b8bd

SHA256
e43318cc2093e8348c7f5839b8f4cbd8f9d5e4c5b71db4b3597806885abab1e3

SHA512
6579b92135b2c3ba1f7cebd6a20ae19fd1827ff136ecdc0fa44452c6ffe20841b32f9011cce4ec8962a1899c3c43e0f092238670bb093f56b1bd4fb8ddc0e93c

Download Submit
C:\Windows\system\dzKiYCd.exe

Filesize
6.1MB

MD5
5615241884ae7422e5b14f9c9d511cb5

SHA1
e5f9846ec2a9e5a7c38a48680006a41389d80e34

SHA256
1e00fd530d8b9634d32b67ac5f92c251fcebf3be909ce5be530ffe67c6349d8c

SHA512
d80c7d6715062fca806f0c8e09b863c5ce83c9492bdc830e7221110286ad3ef6bcd49f9338bf6ee60c8d43a25d0cde2c9d1138eae09f40b79ebc9bdad07acfd7

Download Submit
C:\Windows\system\gAtpzMB.exe

Filesize
6.1MB

MD5
1034a3238b14fa3aa04439d6f6e63021

SHA1
0962cdec76081b55e28402c271c150995634fe99

SHA256
e958235a64d6ccac4f7786e2ca7024fd0b37aa7723d4a4da11d2fa8e271a9334

SHA512
249e3cad3b21ab8c8878cb7932db09217c29db9cad09e29fc9b6b5862e09c1f0639886d376efae7e8f5e6b6830eab6e8c2ead92bb742e8384966625310c0fa6f

Download Submit
C:\Windows\system\isqZsla.exe

Filesize
6.1MB

MD5
ccd582d2f80878f652a2ab856a53d146

SHA1
a9933032e26fe48b2a5d9af730c633d4ab1a7582

SHA256
c798c4cd61292bb7be3aaeaf8e2120015b15911306a040244b5f0ce5c587b1ea

SHA512
10ff39d112324c1bf80503aa2d79b52d538997fc340b78030eeb59786d22fe8c4452d5eb88cbd69681629e50e39520a934382bf2838e56218ef194baa371ef11

Download Submit
C:\Windows\system\izEdYiq.exe

Filesize
6.1MB

MD5
b86d505d98e967af25519d89ec10a5ec

SHA1
9db3a86bfb86ce4ba7b2a2a0d3f0de022ab2027f

SHA256
21f8da9ca8eb3c1cd03032eb218da1ae5a296ac4fa68ea1a67b5045fe6bbbcda

SHA512
45b66dae3dc053f221e2c6116c64d37a063b9bbfc67cd6bb02ce406d301b3c5e5453b36d0b65aad320af3c2c87241764c28c4be5a1d2a1da506b8c146224ea51

Download Submit
C:\Windows\system\lYArvNn.exe

Filesize
6.1MB

MD5
3ef7c26d069259e4864af686147ddcd3

SHA1
8a6eabe8cdd5803513401d0e464a15afb6d14733

SHA256
42d5a026a053737db03e566ed37ccaaff076a3b650b0695f8638a5e6360f64b4

SHA512
9531f3f60c84389de40acf2195411e318c5b818d661662c57199b64cde944f28bea1f3a2b888a948ac0785d37d47c993d61b96e79993c38f154ef417a2cc5672

Download Submit
C:\Windows\system\lwtPxWk.exe

Filesize
6.1MB

MD5
4ed7623d4e49567943498a7184c1c8bb

SHA1
f386173dee3c9aea735e30580fce38a97b1c2231

SHA256
b1e79a0ab42056bbe834bc8191b6c5f2c78bdf536245b31c108f8d46e8db0090

SHA512
85a5673272ef866f650791e6e5c411fb648eca0d5d27008a46e1f79fca9fbd99e0da91fe553e6f8b9b8e638f83ad3bed10be6cde2496c99defa0f0ceacdf7064

Download Submit
C:\Windows\system\oTWbUED.exe

Filesize
6.1MB

MD5
693da1fa2fe64b4982473da024e0df0a

SHA1
7db4e6178b85436a8634d64f337cdb2857b85e9c

SHA256
5f0305d9029df46aecc82e642722575c5dcf935b44844062fccfdf325634de16

SHA512
f6ff03cd094e069e58d7b2bdd9e9093a332250d6afaba530d4d91043713fd7d25fd7a6fcb26c0c646f87c3e4ffc9cdb454ff3ba747b18696126990ff878d2ca4

Download Submit
C:\Windows\system\pqilgcW.exe

Filesize
6.1MB

MD5
57d0e13e875af77403588d0bef0dbb0a

SHA1
76d285006237e93b31c1cf1fe9159c1d3f3a6659

SHA256
a163daf767e6dc47681889a4a76188231c31159ad870aa2e3422662944fa9107

SHA512
0cb00989607f9d00b30027bfbd44364320cef6d420a7a1582c18dd04626fff2a5841b9b74c30d665a957c54a7f7555913ac38aa9ad8ddbd847243d2887ab941e

Download Submit
C:\Windows\system\qHXgZZk.exe

Filesize
6.1MB

MD5
ce5453cbf5586ae0ad84439a22fee642

SHA1
c41bb3badfda104074332e8189faad4fe0ebe648

SHA256
0adcf7d86def8e34b65556b241869766d7cf50d00b80f631b63e50052cd3fb2b

SHA512
823a3f265594d25616537ef53f9ac9f2469206ec6a33c368a3feb4d4240cf1729b49686f09408d24ec1ccaaa171f2027344f269e63968a23656072384746f90e

Download Submit
C:\Windows\system\tHDlkGm.exe

Filesize
6.1MB

MD5
7115fecd72cc4f455cee2e4ae19d9022

SHA1
66e8fd0a77869124f42fe9d366c4234da7bff773

SHA256
89e1ca876ef47e24cae60594f268a90ffd4f50896973a9c72e96c9086efef6f9

SHA512
f9a2c21a7430347a416165d3d774f061558db44d0c6d73920f4b2c7ac981f53c389b2e06dc8fc0cb7c15037a876cc7080cecccd70f6b94e015d6a5a5757615f2

Download Submit
C:\Windows\system\umTIAGl.exe

Filesize
6.1MB

MD5
f71846c1e3eb1ed17d817c88d2cae009

SHA1
9ff50852b28a9999c375a2e80c88ad1d8c8ed532

SHA256
da9685699fd520409ddb4227d5bfed745bc19ddff16725705fb9d088275e4c97

SHA512
5d1b5710f2db152c98dd9fd1ad161ad569010adef09f98dc9594506f202571e6e2c0a0e3aa8220fc829ef5e9a09abffddac74602becae5aa80524bb31482d13e

Download Submit
C:\Windows\system\xGjFqHn.exe

Filesize
6.1MB

MD5
1e7168af6607e2c1c00a3f44a9591459

SHA1
fea5b9983176b29b7317ea4a3a3e1bffeec78f98

SHA256
4afd8a948c2b71b018ef8a313e6c0fd632cc0ba2a55352b1a33a7164f77c3559

SHA512
dcf2988bd585c17dbcd5b96c3e5242381d59d1a3fc31f81a49b45c4cfd9e80cf06fc9ffd3e011285335acd48e56d054393f1ec275962d09d4f80cd694b4a064f

Download Submit
C:\Windows\system\xicJVyF.exe

Filesize
6.1MB

MD5
dbeae61b3d3890d283b0d088cd106448

SHA1
4aeb2d4377edc64b9d4694a6ab780d6d18b5e520

SHA256
e7ecc8fd2833e02fee5556e6f0f27020cd1fa15bf48138f2450a58ae0da3d8ca

SHA512
2b0df569f588f9c5f7e9b7f193eb6fcc668447be06d62f37821856cb7993328fa70cd6b327d02d8edd8abc76f1d227c9644b4c52438f0212c3c6365492a9e188

Download Submit
\Windows\system\AfulqCn.exe

Filesize
6.1MB

MD5
38b8d06f8c76a20f3c2895930ea3e24e

SHA1
304b585a301e06e07839dc1170a8dfa2da16cb3f

SHA256
f378f2b5cbbb19db1d3dacc8ce7ac8e7d6465c97f2a20e5b1c8bd38c3841a2aa

SHA512
fe866f12c279754b5175df1441063f88550c59dac5305632d59dd9dc7660d60f8111bffda8d6a7be68e951f09717613c753854d3bf81b239deb58f93da5ee831

Download Submit
\Windows\system\hsbDbGX.exe

Filesize
6.1MB

MD5
5f88efa14647ee39bcb8f6cad3356938

SHA1
920a7c15e34ce8a6c8b7c97b41c84094171bb6d3

SHA256
95fafb614f8f9b59ef1ee1ecb429e3fb38c4cb1d5f8104a55dc1ce43e802d286

SHA512
9f8a860ddca343c11dc143a470bd46471628a7b3517fe626eb604213dcad4526261964f455fe2c0d0a8df12161f877b6305db580be41be560ccb697dc17b50dd

Download Submit
\Windows\system\tzilpSl.exe

Filesize
6.1MB

MD5
ae4ba8f42b3090e4e73ef1b61930b9f6

SHA1
926019758ced97a416814860f88d74884a56f9de

SHA256
8b60a7af2ac95013e187cd436a304aca55cb696ece01b10fe06aa8511e77f4d8

SHA512
571132aa64b2e5658cdb0912d7ac65514c4807a8a7cb6c199967c87cb5d2b365458ef246a305e97663f6e58dc4338b699909d410946c3eb235531cf1ab494c50

Download Submit
memory/960-1622-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/960-102-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/960-4011-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1620-1760-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1620-116-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1620-953-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1620-1324-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1620-1325-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-1481-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1620-1617-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-1618-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1620-1619-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1620-1759-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1620-0-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-117-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1620-12-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1620-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/1620-50-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/1620-33-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-27-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/1620-63-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-32-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1620-121-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/1620-120-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-119-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/1620-30-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-952-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-114-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-107-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/1620-76-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1620-97-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1620-96-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2124-31-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2124-4003-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2308-4007-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2308-26-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2516-40-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-4005-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-36-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-4004-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-105-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2600-4009-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2748-4010-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-89-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-4002-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2844-25-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2860-4006-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2860-95-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2864-4008-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2864-86-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download