cobaltstrike | 4199f359cd92afaf4ba14269493bf2d9acd292c827512d74d3ecb0062b7f60db

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-09-2024 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d179a375b10399e9fa18d54809539d01
SHA1

1a94d10a620fc848bbfb92cd2d4954365313ec3d
SHA256

4199f359cd92afaf4ba14269493bf2d9acd292c827512d74d3ecb0062b7f60db
SHA512

0593aeb8e779c006ff06c8b936d21b06d7f7b06978ca96e78a04bbd2ae772d4bac5f8cd47341beac5500ff0219518065834fd26d5e632063e941a05ae30972ad
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUD:T+q56utgpPF8u/7D

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d00000001277d-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f4e-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015fa6-15.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160da-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016141-26.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000162e4-30.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000164de-36.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd9-40.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f02-65.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174b4-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017570-85.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-139.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-185.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-175.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-149.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-171.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-144.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-134.dat	cobalt_reflective_dll
behavioral1/files/0x000c000000015dac-129.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-125.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f8-80.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707f-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edc-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df8-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df5-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de9-45.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2396-0-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x000d00000001277d-6.dat	xmrig
behavioral1/files/0x0008000000015f4e-11.dat	xmrig
behavioral1/files/0x0007000000015fa6-15.dat	xmrig
behavioral1/files/0x00070000000160da-21.dat	xmrig
behavioral1/files/0x0007000000016141-26.dat	xmrig
behavioral1/files/0x00070000000162e4-30.dat	xmrig
behavioral1/files/0x00080000000164de-36.dat	xmrig
behavioral1/files/0x0008000000016dd9-40.dat	xmrig
behavioral1/files/0x0006000000016f02-65.dat	xmrig
behavioral1/files/0x00060000000174b4-75.dat	xmrig
behavioral1/files/0x0006000000017570-85.dat	xmrig
behavioral1/memory/1696-108-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2396-107-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/files/0x00060000000175f1-120.dat	xmrig
behavioral1/files/0x0005000000018697-139.dat	xmrig
behavioral1/files/0x0006000000019056-181.dat	xmrig
behavioral1/memory/2396-1214-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2732-4006-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/1788-4012-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/1696-4011-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2920-4014-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/1716-4013-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2600-4016-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/1500-4015-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2684-4010-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2004-4009-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2768-4008-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2740-4007-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2596-4005-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2792-4004-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2764-4003-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019203-185.dat	xmrig
behavioral1/files/0x0006000000018fdf-175.dat	xmrig
behavioral1/files/0x0006000000018d7b-166.dat	xmrig
behavioral1/files/0x0005000000019237-190.dat	xmrig
behavioral1/files/0x0005000000018745-159.dat	xmrig
behavioral1/files/0x000500000001870c-149.dat	xmrig
behavioral1/files/0x0006000000018d83-171.dat	xmrig
behavioral1/files/0x0006000000018be7-164.dat	xmrig
behavioral1/files/0x000500000001871c-153.dat	xmrig
behavioral1/files/0x0005000000018706-144.dat	xmrig
behavioral1/files/0x000d000000018683-134.dat	xmrig
behavioral1/files/0x000c000000015dac-129.dat	xmrig
behavioral1/files/0x00060000000175f7-125.dat	xmrig
behavioral1/memory/2764-117-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/1500-115-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/1788-113-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2396-112-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2920-111-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/1716-106-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2004-104-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2600-102-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2740-100-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2396-99-0x0000000002400000-0x0000000002754000-memory.dmp	xmrig
behavioral1/memory/2732-98-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2596-96-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2684-94-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2396-93-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2792-92-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2768-90-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x00060000000174f8-80.dat	xmrig
behavioral1/files/0x000600000001707f-70.dat	xmrig
behavioral1/files/0x0006000000016edc-60.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2764	GNzimqR.exe
2768	JmuMpav.exe
2792	GGHBbih.exe
2684	BDVyVwy.exe
2596	CMgbYWf.exe
2732	HrAQLdw.exe
2740	CAaIBzM.exe
2600	oIxAPec.exe
2004	ZIYbqRl.exe
1716	gqdlsFA.exe
1696	oEqPMGI.exe
2920	lHGArHp.exe
1788	HuUHscx.exe
1500	uAHWviY.exe
2112	pumCeCy.exe
2528	rHJzFam.exe
2756	MvTIdQr.exe
1988	jlurzoW.exe
476	SHxxDoJ.exe
2308	AhWqdpq.exe
1156	LNNxKWs.exe
2360	vbcQKmr.exe
2416	uBKQoja.exe
1508	NzaWiOL.exe
2184	SvRNfum.exe
2088	wbnohLR.exe
2376	ijvjMBZ.exe
680	xRiiBWa.exe
2380	UoHBlCI.exe
1848	wPgSFym.exe
632	lcTqQRf.exe
1728	uyxmohj.exe
1088	uFzttBN.exe
904	uEFoZIm.exe
2156	afPZFHK.exe
2312	ezipRCJ.exe
352	BshkYZq.exe
2532	tTrflQi.exe
1548	OaUQRvE.exe
1436	CyfexFu.exe
3068	oACRrKj.exe
580	IgexrNp.exe
1372	TEyQrPx.exe
612	DUiOyrI.exe
300	yyUMOcl.exe
1484	VHfWArj.exe
2504	VNtGvFM.exe
2096	iMpZzRK.exe
2496	fovtkay.exe
2500	UcomqcH.exe
1804	NiLAZPW.exe
972	bfIUlri.exe
1604	nweFcFU.exe
2812	XrQvfnd.exe
2072	BYfhPgx.exe
2608	uGkXaUN.exe
2844	DdwSkSo.exe
2208	bRkQizP.exe
1840	zrMfJGL.exe
1832	kEAQJwp.exe
1776	WJjjtLc.exe
2008	awhkyIb.exe
1972	LIutIWL.exe
2388	Rkkytnz.exe

Loads dropped DLL 64 IoCs

pid	Process
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2396-0-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x000d00000001277d-6.dat	upx
behavioral1/files/0x0008000000015f4e-11.dat	upx
behavioral1/files/0x0007000000015fa6-15.dat	upx
behavioral1/files/0x00070000000160da-21.dat	upx
behavioral1/files/0x0007000000016141-26.dat	upx
behavioral1/files/0x00070000000162e4-30.dat	upx
behavioral1/files/0x00080000000164de-36.dat	upx
behavioral1/files/0x0008000000016dd9-40.dat	upx
behavioral1/files/0x0006000000016f02-65.dat	upx
behavioral1/files/0x00060000000174b4-75.dat	upx
behavioral1/files/0x0006000000017570-85.dat	upx
behavioral1/memory/1696-108-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/files/0x00060000000175f1-120.dat	upx
behavioral1/files/0x0005000000018697-139.dat	upx
behavioral1/files/0x0006000000019056-181.dat	upx
behavioral1/memory/2396-1214-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2732-4006-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/1788-4012-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/1696-4011-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2920-4014-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/1716-4013-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2600-4016-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/1500-4015-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2684-4010-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2004-4009-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2768-4008-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2740-4007-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2596-4005-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2792-4004-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2764-4003-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x0005000000019203-185.dat	upx
behavioral1/files/0x0006000000018fdf-175.dat	upx
behavioral1/files/0x0006000000018d7b-166.dat	upx
behavioral1/files/0x0005000000019237-190.dat	upx
behavioral1/files/0x0005000000018745-159.dat	upx
behavioral1/files/0x000500000001870c-149.dat	upx
behavioral1/files/0x0006000000018d83-171.dat	upx
behavioral1/files/0x0006000000018be7-164.dat	upx
behavioral1/files/0x000500000001871c-153.dat	upx
behavioral1/files/0x0005000000018706-144.dat	upx
behavioral1/files/0x000d000000018683-134.dat	upx
behavioral1/files/0x000c000000015dac-129.dat	upx
behavioral1/files/0x00060000000175f7-125.dat	upx
behavioral1/memory/2764-117-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/1500-115-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/1788-113-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2920-111-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/1716-106-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2004-104-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2600-102-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2740-100-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2732-98-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2596-96-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2684-94-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2792-92-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2768-90-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x00060000000174f8-80.dat	upx
behavioral1/files/0x000600000001707f-70.dat	upx
behavioral1/files/0x0006000000016edc-60.dat	upx
behavioral1/files/0x0006000000016df8-55.dat	upx
behavioral1/files/0x0006000000016df5-50.dat	upx
behavioral1/files/0x0006000000016de9-45.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IVCgTai.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mdfsfVO.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ULDLcUQ.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdfrlNp.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hbfJZRb.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FcWEfkE.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BsjRIFc.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrdKLny.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eoLIkvh.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KMkvDWe.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xdllUVp.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzrJLwW.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FJEcMXO.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JXcjGUG.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxftEYA.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CfyFifn.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\glEpBMr.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PCkIkBP.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXouncZ.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UodJiQY.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TZGwkPA.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FrbdEoC.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXUOorU.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JnvBfnq.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VbPiegE.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zkrQhYC.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JlqcaCn.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rABYSfg.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JyEzLcS.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gfytDZr.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jSdQeiz.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKtwEGJ.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BsifMTw.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqaPvVU.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDVyVwy.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NeNFBWG.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HEyqhrS.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vaINtqh.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFuTCYW.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uAHWviY.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hZrBJxG.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iMgjlvh.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKErlpe.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vOykQdE.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXpstCq.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xBQwJZH.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vJRzvRG.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ncIlcdl.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EzjKggz.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LefeYCS.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GGabagY.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BCVqQAf.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZBdrQQI.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\blsbsWo.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rjgkLba.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iMWsDVa.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nRZfFir.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZPfCrnS.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kLLcNvY.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YPINEKI.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tfrjwCv.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yflvbyo.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KOqAvfa.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lLigneg.exe	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2764	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2396 wrote to memory of 2764	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2396 wrote to memory of 2764	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2396 wrote to memory of 2768	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2396 wrote to memory of 2768	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2396 wrote to memory of 2768	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2396 wrote to memory of 2792	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2396 wrote to memory of 2792	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2396 wrote to memory of 2792	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2396 wrote to memory of 2684	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2396 wrote to memory of 2684	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2396 wrote to memory of 2684	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2396 wrote to memory of 2596	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2396 wrote to memory of 2596	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2396 wrote to memory of 2596	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2396 wrote to memory of 2732	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2396 wrote to memory of 2732	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2396 wrote to memory of 2732	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2396 wrote to memory of 2740	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2396 wrote to memory of 2740	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2396 wrote to memory of 2740	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2396 wrote to memory of 2600	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2396 wrote to memory of 2600	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2396 wrote to memory of 2600	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2396 wrote to memory of 2004	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2396 wrote to memory of 2004	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2396 wrote to memory of 2004	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2396 wrote to memory of 1716	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2396 wrote to memory of 1716	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2396 wrote to memory of 1716	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2396 wrote to memory of 1696	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2396 wrote to memory of 1696	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2396 wrote to memory of 1696	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2396 wrote to memory of 2920	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2396 wrote to memory of 2920	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2396 wrote to memory of 2920	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2396 wrote to memory of 1788	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2396 wrote to memory of 1788	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2396 wrote to memory of 1788	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2396 wrote to memory of 1500	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2396 wrote to memory of 1500	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2396 wrote to memory of 1500	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2396 wrote to memory of 2112	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2396 wrote to memory of 2112	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2396 wrote to memory of 2112	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2396 wrote to memory of 2528	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2396 wrote to memory of 2528	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2396 wrote to memory of 2528	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2396 wrote to memory of 2756	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2396 wrote to memory of 2756	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2396 wrote to memory of 2756	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2396 wrote to memory of 1988	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2396 wrote to memory of 1988	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2396 wrote to memory of 1988	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2396 wrote to memory of 476	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2396 wrote to memory of 476	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2396 wrote to memory of 476	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2396 wrote to memory of 2308	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2396 wrote to memory of 2308	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2396 wrote to memory of 2308	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2396 wrote to memory of 1156	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2396 wrote to memory of 1156	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2396 wrote to memory of 1156	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2396 wrote to memory of 2360	2396	2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-22_d179a375b10399e9fa18d54809539d01_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\System\GNzimqR.exe
  C:\Windows\System\GNzimqR.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\JmuMpav.exe
  C:\Windows\System\JmuMpav.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\GGHBbih.exe
  C:\Windows\System\GGHBbih.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\BDVyVwy.exe
  C:\Windows\System\BDVyVwy.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\CMgbYWf.exe
  C:\Windows\System\CMgbYWf.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\HrAQLdw.exe
  C:\Windows\System\HrAQLdw.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\CAaIBzM.exe
  C:\Windows\System\CAaIBzM.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\oIxAPec.exe
  C:\Windows\System\oIxAPec.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\ZIYbqRl.exe
  C:\Windows\System\ZIYbqRl.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\gqdlsFA.exe
  C:\Windows\System\gqdlsFA.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\oEqPMGI.exe
  C:\Windows\System\oEqPMGI.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\lHGArHp.exe
  C:\Windows\System\lHGArHp.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\HuUHscx.exe
  C:\Windows\System\HuUHscx.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\uAHWviY.exe
  C:\Windows\System\uAHWviY.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\pumCeCy.exe
  C:\Windows\System\pumCeCy.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\rHJzFam.exe
  C:\Windows\System\rHJzFam.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\MvTIdQr.exe
  C:\Windows\System\MvTIdQr.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\jlurzoW.exe
  C:\Windows\System\jlurzoW.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\SHxxDoJ.exe
  C:\Windows\System\SHxxDoJ.exe
  2⤵
  - Executes dropped EXE
  PID:476
- C:\Windows\System\AhWqdpq.exe
  C:\Windows\System\AhWqdpq.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\LNNxKWs.exe
  C:\Windows\System\LNNxKWs.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\vbcQKmr.exe
  C:\Windows\System\vbcQKmr.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\uBKQoja.exe
  C:\Windows\System\uBKQoja.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\NzaWiOL.exe
  C:\Windows\System\NzaWiOL.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\SvRNfum.exe
  C:\Windows\System\SvRNfum.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\wbnohLR.exe
  C:\Windows\System\wbnohLR.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\ijvjMBZ.exe
  C:\Windows\System\ijvjMBZ.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\UoHBlCI.exe
  C:\Windows\System\UoHBlCI.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\xRiiBWa.exe
  C:\Windows\System\xRiiBWa.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\lcTqQRf.exe
  C:\Windows\System\lcTqQRf.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\wPgSFym.exe
  C:\Windows\System\wPgSFym.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\uEFoZIm.exe
  C:\Windows\System\uEFoZIm.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\uyxmohj.exe
  C:\Windows\System\uyxmohj.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\afPZFHK.exe
  C:\Windows\System\afPZFHK.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\uFzttBN.exe
  C:\Windows\System\uFzttBN.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\BshkYZq.exe
  C:\Windows\System\BshkYZq.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\ezipRCJ.exe
  C:\Windows\System\ezipRCJ.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\tTrflQi.exe
  C:\Windows\System\tTrflQi.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\OaUQRvE.exe
  C:\Windows\System\OaUQRvE.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\CyfexFu.exe
  C:\Windows\System\CyfexFu.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\oACRrKj.exe
  C:\Windows\System\oACRrKj.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\TEyQrPx.exe
  C:\Windows\System\TEyQrPx.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\IgexrNp.exe
  C:\Windows\System\IgexrNp.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\yyUMOcl.exe
  C:\Windows\System\yyUMOcl.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\DUiOyrI.exe
  C:\Windows\System\DUiOyrI.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\VHfWArj.exe
  C:\Windows\System\VHfWArj.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\VNtGvFM.exe
  C:\Windows\System\VNtGvFM.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\NiLAZPW.exe
  C:\Windows\System\NiLAZPW.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\iMpZzRK.exe
  C:\Windows\System\iMpZzRK.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\bfIUlri.exe
  C:\Windows\System\bfIUlri.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\fovtkay.exe
  C:\Windows\System\fovtkay.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\nweFcFU.exe
  C:\Windows\System\nweFcFU.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\UcomqcH.exe
  C:\Windows\System\UcomqcH.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\XrQvfnd.exe
  C:\Windows\System\XrQvfnd.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\BYfhPgx.exe
  C:\Windows\System\BYfhPgx.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\uGkXaUN.exe
  C:\Windows\System\uGkXaUN.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\DdwSkSo.exe
  C:\Windows\System\DdwSkSo.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\bRkQizP.exe
  C:\Windows\System\bRkQizP.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\zrMfJGL.exe
  C:\Windows\System\zrMfJGL.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\TZGwkPA.exe
  C:\Windows\System\TZGwkPA.exe
  2⤵
  PID:1108
- C:\Windows\System\kEAQJwp.exe
  C:\Windows\System\kEAQJwp.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\cLSMnrA.exe
  C:\Windows\System\cLSMnrA.exe
  2⤵
  PID:2108
- C:\Windows\System\WJjjtLc.exe
  C:\Windows\System\WJjjtLc.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\xTNBlPg.exe
  C:\Windows\System\xTNBlPg.exe
  2⤵
  PID:544
- C:\Windows\System\awhkyIb.exe
  C:\Windows\System\awhkyIb.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\Hrqxhxv.exe
  C:\Windows\System\Hrqxhxv.exe
  2⤵
  PID:1760
- C:\Windows\System\LIutIWL.exe
  C:\Windows\System\LIutIWL.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\VDdHrBc.exe
  C:\Windows\System\VDdHrBc.exe
  2⤵
  PID:2056
- C:\Windows\System\Rkkytnz.exe
  C:\Windows\System\Rkkytnz.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\LFgkKTN.exe
  C:\Windows\System\LFgkKTN.exe
  2⤵
  PID:2408
- C:\Windows\System\UcaNxpx.exe
  C:\Windows\System\UcaNxpx.exe
  2⤵
  PID:1304
- C:\Windows\System\NpFCOsz.exe
  C:\Windows\System\NpFCOsz.exe
  2⤵
  PID:1476
- C:\Windows\System\UyWaYAH.exe
  C:\Windows\System\UyWaYAH.exe
  2⤵
  PID:900
- C:\Windows\System\TPlfchU.exe
  C:\Windows\System\TPlfchU.exe
  2⤵
  PID:2268
- C:\Windows\System\rqvaFub.exe
  C:\Windows\System\rqvaFub.exe
  2⤵
  PID:1540
- C:\Windows\System\tNCJQro.exe
  C:\Windows\System\tNCJQro.exe
  2⤵
  PID:1724
- C:\Windows\System\MgBBBol.exe
  C:\Windows\System\MgBBBol.exe
  2⤵
  PID:1356
- C:\Windows\System\BUtVKAM.exe
  C:\Windows\System\BUtVKAM.exe
  2⤵
  PID:2892
- C:\Windows\System\XuQONBV.exe
  C:\Windows\System\XuQONBV.exe
  2⤵
  PID:1864
- C:\Windows\System\tRYjfDs.exe
  C:\Windows\System\tRYjfDs.exe
  2⤵
  PID:2116
- C:\Windows\System\aobNuEU.exe
  C:\Windows\System\aobNuEU.exe
  2⤵
  PID:1756
- C:\Windows\System\ijlCdmZ.exe
  C:\Windows\System\ijlCdmZ.exe
  2⤵
  PID:2216
- C:\Windows\System\SMVrrIz.exe
  C:\Windows\System\SMVrrIz.exe
  2⤵
  PID:2780
- C:\Windows\System\jNCnWhY.exe
  C:\Windows\System\jNCnWhY.exe
  2⤵
  PID:2996
- C:\Windows\System\KcXcYFJ.exe
  C:\Windows\System\KcXcYFJ.exe
  2⤵
  PID:2064
- C:\Windows\System\MLSWytu.exe
  C:\Windows\System\MLSWytu.exe
  2⤵
  PID:1956
- C:\Windows\System\JgBwKKD.exe
  C:\Windows\System\JgBwKKD.exe
  2⤵
  PID:1740
- C:\Windows\System\TAEFLEI.exe
  C:\Windows\System\TAEFLEI.exe
  2⤵
  PID:560
- C:\Windows\System\PLmbfOj.exe
  C:\Windows\System\PLmbfOj.exe
  2⤵
  PID:2804
- C:\Windows\System\KOqAvfa.exe
  C:\Windows\System\KOqAvfa.exe
  2⤵
  PID:2488
- C:\Windows\System\IXfUwdI.exe
  C:\Windows\System\IXfUwdI.exe
  2⤵
  PID:1828
- C:\Windows\System\KBTWQgX.exe
  C:\Windows\System\KBTWQgX.exe
  2⤵
  PID:1168
- C:\Windows\System\TcSMoux.exe
  C:\Windows\System\TcSMoux.exe
  2⤵
  PID:992
- C:\Windows\System\ZLRVOEC.exe
  C:\Windows\System\ZLRVOEC.exe
  2⤵
  PID:3080
- C:\Windows\System\kRzANvb.exe
  C:\Windows\System\kRzANvb.exe
  2⤵
  PID:3100
- C:\Windows\System\YmxEwTT.exe
  C:\Windows\System\YmxEwTT.exe
  2⤵
  PID:3120
- C:\Windows\System\KjtPZTU.exe
  C:\Windows\System\KjtPZTU.exe
  2⤵
  PID:3136
- C:\Windows\System\ccDCaCK.exe
  C:\Windows\System\ccDCaCK.exe
  2⤵
  PID:3156
- C:\Windows\System\LvZMDgK.exe
  C:\Windows\System\LvZMDgK.exe
  2⤵
  PID:3172
- C:\Windows\System\leiUXdP.exe
  C:\Windows\System\leiUXdP.exe
  2⤵
  PID:3188
- C:\Windows\System\UvPCpZi.exe
  C:\Windows\System\UvPCpZi.exe
  2⤵
  PID:3212
- C:\Windows\System\ZzNRwyB.exe
  C:\Windows\System\ZzNRwyB.exe
  2⤵
  PID:3236
- C:\Windows\System\pikifia.exe
  C:\Windows\System\pikifia.exe
  2⤵
  PID:3252
- C:\Windows\System\nFJYFgE.exe
  C:\Windows\System\nFJYFgE.exe
  2⤵
  PID:3276
- C:\Windows\System\FyHVvGK.exe
  C:\Windows\System\FyHVvGK.exe
  2⤵
  PID:3292
- C:\Windows\System\lTXPSyr.exe
  C:\Windows\System\lTXPSyr.exe
  2⤵
  PID:3308
- C:\Windows\System\ivYugfR.exe
  C:\Windows\System\ivYugfR.exe
  2⤵
  PID:3324
- C:\Windows\System\MkUWBaM.exe
  C:\Windows\System\MkUWBaM.exe
  2⤵
  PID:3340
- C:\Windows\System\NZSUZgw.exe
  C:\Windows\System\NZSUZgw.exe
  2⤵
  PID:3360
- C:\Windows\System\JHZiOqU.exe
  C:\Windows\System\JHZiOqU.exe
  2⤵
  PID:3384
- C:\Windows\System\rzhliAC.exe
  C:\Windows\System\rzhliAC.exe
  2⤵
  PID:3408
- C:\Windows\System\RNjuPOO.exe
  C:\Windows\System\RNjuPOO.exe
  2⤵
  PID:3432
- C:\Windows\System\rzPMZsR.exe
  C:\Windows\System\rzPMZsR.exe
  2⤵
  PID:3448
- C:\Windows\System\DlOWYVB.exe
  C:\Windows\System\DlOWYVB.exe
  2⤵
  PID:3464
- C:\Windows\System\DURjFyk.exe
  C:\Windows\System\DURjFyk.exe
  2⤵
  PID:3484
- C:\Windows\System\ZxoZuvw.exe
  C:\Windows\System\ZxoZuvw.exe
  2⤵
  PID:3504
- C:\Windows\System\OcLjjJW.exe
  C:\Windows\System\OcLjjJW.exe
  2⤵
  PID:3524
- C:\Windows\System\PVIgXNf.exe
  C:\Windows\System\PVIgXNf.exe
  2⤵
  PID:3544
- C:\Windows\System\aWNOvpq.exe
  C:\Windows\System\aWNOvpq.exe
  2⤵
  PID:3564
- C:\Windows\System\IqdiIOO.exe
  C:\Windows\System\IqdiIOO.exe
  2⤵
  PID:3588
- C:\Windows\System\ypgoScq.exe
  C:\Windows\System\ypgoScq.exe
  2⤵
  PID:3608
- C:\Windows\System\fmRGgpO.exe
  C:\Windows\System\fmRGgpO.exe
  2⤵
  PID:3628
- C:\Windows\System\HHxRFYo.exe
  C:\Windows\System\HHxRFYo.exe
  2⤵
  PID:3652
- C:\Windows\System\CaJuCCP.exe
  C:\Windows\System\CaJuCCP.exe
  2⤵
  PID:3676
- C:\Windows\System\PRaqtIM.exe
  C:\Windows\System\PRaqtIM.exe
  2⤵
  PID:3696
- C:\Windows\System\lqczPAw.exe
  C:\Windows\System\lqczPAw.exe
  2⤵
  PID:3712
- C:\Windows\System\lCgbWSg.exe
  C:\Windows\System\lCgbWSg.exe
  2⤵
  PID:3728
- C:\Windows\System\FahODgu.exe
  C:\Windows\System\FahODgu.exe
  2⤵
  PID:3744
- C:\Windows\System\qPjXIpq.exe
  C:\Windows\System\qPjXIpq.exe
  2⤵
  PID:3760
- C:\Windows\System\lXtuEwP.exe
  C:\Windows\System\lXtuEwP.exe
  2⤵
  PID:3788
- C:\Windows\System\ktmHDtH.exe
  C:\Windows\System\ktmHDtH.exe
  2⤵
  PID:3808
- C:\Windows\System\wmgKCgL.exe
  C:\Windows\System\wmgKCgL.exe
  2⤵
  PID:3832
- C:\Windows\System\Nlnktkq.exe
  C:\Windows\System\Nlnktkq.exe
  2⤵
  PID:3848
- C:\Windows\System\rrDQGIz.exe
  C:\Windows\System\rrDQGIz.exe
  2⤵
  PID:3872
- C:\Windows\System\wwdDRVX.exe
  C:\Windows\System\wwdDRVX.exe
  2⤵
  PID:3888
- C:\Windows\System\vsFvoPJ.exe
  C:\Windows\System\vsFvoPJ.exe
  2⤵
  PID:3904
- C:\Windows\System\vzjCDtv.exe
  C:\Windows\System\vzjCDtv.exe
  2⤵
  PID:3920
- C:\Windows\System\bTvUyBZ.exe
  C:\Windows\System\bTvUyBZ.exe
  2⤵
  PID:3936
- C:\Windows\System\oSFIuql.exe
  C:\Windows\System\oSFIuql.exe
  2⤵
  PID:3952
- C:\Windows\System\JzfQuCB.exe
  C:\Windows\System\JzfQuCB.exe
  2⤵
  PID:3968
- C:\Windows\System\CsAuptl.exe
  C:\Windows\System\CsAuptl.exe
  2⤵
  PID:3984
- C:\Windows\System\usEGqAy.exe
  C:\Windows\System\usEGqAy.exe
  2⤵
  PID:4000
- C:\Windows\System\tXZXdDu.exe
  C:\Windows\System\tXZXdDu.exe
  2⤵
  PID:4016
- C:\Windows\System\DmUiYUe.exe
  C:\Windows\System\DmUiYUe.exe
  2⤵
  PID:4032
- C:\Windows\System\lxXqRxK.exe
  C:\Windows\System\lxXqRxK.exe
  2⤵
  PID:4048
- C:\Windows\System\eEmQNIA.exe
  C:\Windows\System\eEmQNIA.exe
  2⤵
  PID:4064
- C:\Windows\System\zvqcKEF.exe
  C:\Windows\System\zvqcKEF.exe
  2⤵
  PID:4080
- C:\Windows\System\UURiAPU.exe
  C:\Windows\System\UURiAPU.exe
  2⤵
  PID:2372
- C:\Windows\System\SxmSMcO.exe
  C:\Windows\System\SxmSMcO.exe
  2⤵
  PID:1948
- C:\Windows\System\YbcJLuj.exe
  C:\Windows\System\YbcJLuj.exe
  2⤵
  PID:2236
- C:\Windows\System\LnkuJAt.exe
  C:\Windows\System\LnkuJAt.exe
  2⤵
  PID:1664
- C:\Windows\System\GsPvaRV.exe
  C:\Windows\System\GsPvaRV.exe
  2⤵
  PID:1692
- C:\Windows\System\DoyOIcG.exe
  C:\Windows\System\DoyOIcG.exe
  2⤵
  PID:1428
- C:\Windows\System\kgYKEYi.exe
  C:\Windows\System\kgYKEYi.exe
  2⤵
  PID:468
- C:\Windows\System\mkZzHVq.exe
  C:\Windows\System\mkZzHVq.exe
  2⤵
  PID:1596
- C:\Windows\System\PpeMMxT.exe
  C:\Windows\System\PpeMMxT.exe
  2⤵
  PID:1028
- C:\Windows\System\Zwqixiv.exe
  C:\Windows\System\Zwqixiv.exe
  2⤵
  PID:1224
- C:\Windows\System\MCCFwWT.exe
  C:\Windows\System\MCCFwWT.exe
  2⤵
  PID:2700
- C:\Windows\System\qbCoCBT.exe
  C:\Windows\System\qbCoCBT.exe
  2⤵
  PID:3116
- C:\Windows\System\SOebGra.exe
  C:\Windows\System\SOebGra.exe
  2⤵
  PID:3152
- C:\Windows\System\NoJZqjS.exe
  C:\Windows\System\NoJZqjS.exe
  2⤵
  PID:3224
- C:\Windows\System\vGQqSBW.exe
  C:\Windows\System\vGQqSBW.exe
  2⤵
  PID:2588
- C:\Windows\System\BCVqQAf.exe
  C:\Windows\System\BCVqQAf.exe
  2⤵
  PID:3268
- C:\Windows\System\jPzhubN.exe
  C:\Windows\System\jPzhubN.exe
  2⤵
  PID:3304
- C:\Windows\System\eOquZAr.exe
  C:\Windows\System\eOquZAr.exe
  2⤵
  PID:3376
- C:\Windows\System\wjWIQGr.exe
  C:\Windows\System\wjWIQGr.exe
  2⤵
  PID:3132
- C:\Windows\System\ipDoarh.exe
  C:\Windows\System\ipDoarh.exe
  2⤵
  PID:3208
- C:\Windows\System\xrFdsqa.exe
  C:\Windows\System\xrFdsqa.exe
  2⤵
  PID:3492
- C:\Windows\System\NjdFooC.exe
  C:\Windows\System\NjdFooC.exe
  2⤵
  PID:3540
- C:\Windows\System\TEKeAMR.exe
  C:\Windows\System\TEKeAMR.exe
  2⤵
  PID:3284
- C:\Windows\System\ckemrFS.exe
  C:\Windows\System\ckemrFS.exe
  2⤵
  PID:3316
- C:\Windows\System\sWZOdqW.exe
  C:\Windows\System\sWZOdqW.exe
  2⤵
  PID:3396
- C:\Windows\System\fQvEiNz.exe
  C:\Windows\System\fQvEiNz.exe
  2⤵
  PID:3624
- C:\Windows\System\YTgDMTK.exe
  C:\Windows\System\YTgDMTK.exe
  2⤵
  PID:3704
- C:\Windows\System\YNUomFZ.exe
  C:\Windows\System\YNUomFZ.exe
  2⤵
  PID:3772
- C:\Windows\System\qXQunhZ.exe
  C:\Windows\System\qXQunhZ.exe
  2⤵
  PID:3816
- C:\Windows\System\KGVAroO.exe
  C:\Windows\System\KGVAroO.exe
  2⤵
  PID:3896
- C:\Windows\System\zodzdbM.exe
  C:\Windows\System\zodzdbM.exe
  2⤵
  PID:3688
- C:\Windows\System\YXpstCq.exe
  C:\Windows\System\YXpstCq.exe
  2⤵
  PID:3964
- C:\Windows\System\ZvsCUQT.exe
  C:\Windows\System\ZvsCUQT.exe
  2⤵
  PID:4088
- C:\Windows\System\AanaDih.exe
  C:\Windows\System\AanaDih.exe
  2⤵
  PID:624
- C:\Windows\System\ubvpYaf.exe
  C:\Windows\System\ubvpYaf.exe
  2⤵
  PID:3472
- C:\Windows\System\BFsUzTt.exe
  C:\Windows\System\BFsUzTt.exe
  2⤵
  PID:3516
- C:\Windows\System\fxGrtTj.exe
  C:\Windows\System\fxGrtTj.exe
  2⤵
  PID:3604
- C:\Windows\System\PytkhEm.exe
  C:\Windows\System\PytkhEm.exe
  2⤵
  PID:3596
- C:\Windows\System\vgbakPk.exe
  C:\Windows\System\vgbakPk.exe
  2⤵
  PID:3724
- C:\Windows\System\PevzDuY.exe
  C:\Windows\System\PevzDuY.exe
  2⤵
  PID:3752
- C:\Windows\System\RfUAYIQ.exe
  C:\Windows\System\RfUAYIQ.exe
  2⤵
  PID:3884
- C:\Windows\System\WJGTsEO.exe
  C:\Windows\System\WJGTsEO.exe
  2⤵
  PID:3976
- C:\Windows\System\xNZTruW.exe
  C:\Windows\System\xNZTruW.exe
  2⤵
  PID:1720
- C:\Windows\System\aapJvQe.exe
  C:\Windows\System\aapJvQe.exe
  2⤵
  PID:2124
- C:\Windows\System\KPQuUen.exe
  C:\Windows\System\KPQuUen.exe
  2⤵
  PID:2868
- C:\Windows\System\zmQvpAP.exe
  C:\Windows\System\zmQvpAP.exe
  2⤵
  PID:2604
- C:\Windows\System\QVhWBTz.exe
  C:\Windows\System\QVhWBTz.exe
  2⤵
  PID:1648
- C:\Windows\System\mXdRRss.exe
  C:\Windows\System\mXdRRss.exe
  2⤵
  PID:1064
- C:\Windows\System\ZSDJlKM.exe
  C:\Windows\System\ZSDJlKM.exe
  2⤵
  PID:2148
- C:\Windows\System\JxqqshY.exe
  C:\Windows\System\JxqqshY.exe
  2⤵
  PID:2668
- C:\Windows\System\cpSKyDc.exe
  C:\Windows\System\cpSKyDc.exe
  2⤵
  PID:1752
- C:\Windows\System\zbFWWTA.exe
  C:\Windows\System\zbFWWTA.exe
  2⤵
  PID:1928
- C:\Windows\System\FJoYMuX.exe
  C:\Windows\System\FJoYMuX.exe
  2⤵
  PID:2652
- C:\Windows\System\YJIjyUQ.exe
  C:\Windows\System\YJIjyUQ.exe
  2⤵
  PID:3076
- C:\Windows\System\UZnoniF.exe
  C:\Windows\System\UZnoniF.exe
  2⤵
  PID:3128
- C:\Windows\System\gZpSUOX.exe
  C:\Windows\System\gZpSUOX.exe
  2⤵
  PID:3420
- C:\Windows\System\OtaUUnz.exe
  C:\Windows\System\OtaUUnz.exe
  2⤵
  PID:3220
- C:\Windows\System\gasOkyo.exe
  C:\Windows\System\gasOkyo.exe
  2⤵
  PID:3200
- C:\Windows\System\ybVTjmF.exe
  C:\Windows\System\ybVTjmF.exe
  2⤵
  PID:3352
- C:\Windows\System\tziBRfE.exe
  C:\Windows\System\tziBRfE.exe
  2⤵
  PID:3668
- C:\Windows\System\OoasnNA.exe
  C:\Windows\System\OoasnNA.exe
  2⤵
  PID:3576
- C:\Windows\System\wiOAYZZ.exe
  C:\Windows\System\wiOAYZZ.exe
  2⤵
  PID:3780
- C:\Windows\System\OKsksyD.exe
  C:\Windows\System\OKsksyD.exe
  2⤵
  PID:3928
- C:\Windows\System\owMtzRy.exe
  C:\Windows\System\owMtzRy.exe
  2⤵
  PID:4060
- C:\Windows\System\QoLJeDR.exe
  C:\Windows\System\QoLJeDR.exe
  2⤵
  PID:3552
- C:\Windows\System\PAzXfXq.exe
  C:\Windows\System\PAzXfXq.exe
  2⤵
  PID:3720
- C:\Windows\System\afVJESO.exe
  C:\Windows\System\afVJESO.exe
  2⤵
  PID:4008
- C:\Windows\System\Ueigzng.exe
  C:\Windows\System\Ueigzng.exe
  2⤵
  PID:4076
- C:\Windows\System\FJEcMXO.exe
  C:\Windows\System\FJEcMXO.exe
  2⤵
  PID:3008
- C:\Windows\System\ZtHHdFu.exe
  C:\Windows\System\ZtHHdFu.exe
  2⤵
  PID:2788
- C:\Windows\System\iDvwcgi.exe
  C:\Windows\System\iDvwcgi.exe
  2⤵
  PID:1220
- C:\Windows\System\tQAmhNo.exe
  C:\Windows\System\tQAmhNo.exe
  2⤵
  PID:3368
- C:\Windows\System\PKlTUXd.exe
  C:\Windows\System\PKlTUXd.exe
  2⤵
  PID:3648
- C:\Windows\System\pHpPlOh.exe
  C:\Windows\System\pHpPlOh.exe
  2⤵
  PID:3168
- C:\Windows\System\OQviGOu.exe
  C:\Windows\System\OQviGOu.exe
  2⤵
  PID:3532
- C:\Windows\System\uKJkvKP.exe
  C:\Windows\System\uKJkvKP.exe
  2⤵
  PID:1876
- C:\Windows\System\dISISWy.exe
  C:\Windows\System\dISISWy.exe
  2⤵
  PID:2036
- C:\Windows\System\OxkfRVK.exe
  C:\Windows\System\OxkfRVK.exe
  2⤵
  PID:3784
- C:\Windows\System\yvTaRcW.exe
  C:\Windows\System\yvTaRcW.exe
  2⤵
  PID:2932
- C:\Windows\System\foqnPjf.exe
  C:\Windows\System\foqnPjf.exe
  2⤵
  PID:1552
- C:\Windows\System\DtXbFMB.exe
  C:\Windows\System\DtXbFMB.exe
  2⤵
  PID:3740
- C:\Windows\System\cyfRmLX.exe
  C:\Windows\System\cyfRmLX.exe
  2⤵
  PID:4024
- C:\Windows\System\FrbdEoC.exe
  C:\Windows\System\FrbdEoC.exe
  2⤵
  PID:3868
- C:\Windows\System\mRyYlmv.exe
  C:\Windows\System\mRyYlmv.exe
  2⤵
  PID:3844
- C:\Windows\System\jvaBeVv.exe
  C:\Windows\System\jvaBeVv.exe
  2⤵
  PID:2760
- C:\Windows\System\bhunlMI.exe
  C:\Windows\System\bhunlMI.exe
  2⤵
  PID:4108
- C:\Windows\System\uvXPcjz.exe
  C:\Windows\System\uvXPcjz.exe
  2⤵
  PID:4124
- C:\Windows\System\zkrQhYC.exe
  C:\Windows\System\zkrQhYC.exe
  2⤵
  PID:4140
- C:\Windows\System\jcwqOwp.exe
  C:\Windows\System\jcwqOwp.exe
  2⤵
  PID:4156
- C:\Windows\System\JlqcaCn.exe
  C:\Windows\System\JlqcaCn.exe
  2⤵
  PID:4172
- C:\Windows\System\dillHSG.exe
  C:\Windows\System\dillHSG.exe
  2⤵
  PID:4188
- C:\Windows\System\XIuVaUv.exe
  C:\Windows\System\XIuVaUv.exe
  2⤵
  PID:4204
- C:\Windows\System\HCyKKdF.exe
  C:\Windows\System\HCyKKdF.exe
  2⤵
  PID:4220
- C:\Windows\System\IRChGDU.exe
  C:\Windows\System\IRChGDU.exe
  2⤵
  PID:4236
- C:\Windows\System\IOqruaa.exe
  C:\Windows\System\IOqruaa.exe
  2⤵
  PID:4252
- C:\Windows\System\SHvkYTv.exe
  C:\Windows\System\SHvkYTv.exe
  2⤵
  PID:4268
- C:\Windows\System\BoNwrIb.exe
  C:\Windows\System\BoNwrIb.exe
  2⤵
  PID:4284
- C:\Windows\System\HqxldfD.exe
  C:\Windows\System\HqxldfD.exe
  2⤵
  PID:4300
- C:\Windows\System\oVCECsk.exe
  C:\Windows\System\oVCECsk.exe
  2⤵
  PID:4324
- C:\Windows\System\jIVTZsS.exe
  C:\Windows\System\jIVTZsS.exe
  2⤵
  PID:4340
- C:\Windows\System\jFekgxn.exe
  C:\Windows\System\jFekgxn.exe
  2⤵
  PID:4356
- C:\Windows\System\nvUhpxP.exe
  C:\Windows\System\nvUhpxP.exe
  2⤵
  PID:4372
- C:\Windows\System\opHiHyV.exe
  C:\Windows\System\opHiHyV.exe
  2⤵
  PID:4420
- C:\Windows\System\ULDLcUQ.exe
  C:\Windows\System\ULDLcUQ.exe
  2⤵
  PID:4452
- C:\Windows\System\WcbQGkH.exe
  C:\Windows\System\WcbQGkH.exe
  2⤵
  PID:4468
- C:\Windows\System\xnHcuEQ.exe
  C:\Windows\System\xnHcuEQ.exe
  2⤵
  PID:4484
- C:\Windows\System\wcRdUjy.exe
  C:\Windows\System\wcRdUjy.exe
  2⤵
  PID:4500
- C:\Windows\System\uTBkAzm.exe
  C:\Windows\System\uTBkAzm.exe
  2⤵
  PID:4516
- C:\Windows\System\sKsabrl.exe
  C:\Windows\System\sKsabrl.exe
  2⤵
  PID:4532
- C:\Windows\System\slRVYCW.exe
  C:\Windows\System\slRVYCW.exe
  2⤵
  PID:4548
- C:\Windows\System\YtqhNjO.exe
  C:\Windows\System\YtqhNjO.exe
  2⤵
  PID:4564
- C:\Windows\System\RoVFFIo.exe
  C:\Windows\System\RoVFFIo.exe
  2⤵
  PID:4580
- C:\Windows\System\hlRSJqm.exe
  C:\Windows\System\hlRSJqm.exe
  2⤵
  PID:4596
- C:\Windows\System\OXYqtOT.exe
  C:\Windows\System\OXYqtOT.exe
  2⤵
  PID:4612
- C:\Windows\System\hjRxahq.exe
  C:\Windows\System\hjRxahq.exe
  2⤵
  PID:4628
- C:\Windows\System\ZPfCrnS.exe
  C:\Windows\System\ZPfCrnS.exe
  2⤵
  PID:4644
- C:\Windows\System\wYIPHQM.exe
  C:\Windows\System\wYIPHQM.exe
  2⤵
  PID:4660
- C:\Windows\System\bjBpmxD.exe
  C:\Windows\System\bjBpmxD.exe
  2⤵
  PID:4680
- C:\Windows\System\VVwzrbA.exe
  C:\Windows\System\VVwzrbA.exe
  2⤵
  PID:4720
- C:\Windows\System\CVWyyqx.exe
  C:\Windows\System\CVWyyqx.exe
  2⤵
  PID:4828
- C:\Windows\System\vriUnnj.exe
  C:\Windows\System\vriUnnj.exe
  2⤵
  PID:4844
- C:\Windows\System\WLWpJDf.exe
  C:\Windows\System\WLWpJDf.exe
  2⤵
  PID:4864
- C:\Windows\System\wjLCYHK.exe
  C:\Windows\System\wjLCYHK.exe
  2⤵
  PID:4884
- C:\Windows\System\TEeMiuw.exe
  C:\Windows\System\TEeMiuw.exe
  2⤵
  PID:4904
- C:\Windows\System\mRpVpfJ.exe
  C:\Windows\System\mRpVpfJ.exe
  2⤵
  PID:4924
- C:\Windows\System\lDVMryL.exe
  C:\Windows\System\lDVMryL.exe
  2⤵
  PID:4944
- C:\Windows\System\XjEUeVB.exe
  C:\Windows\System\XjEUeVB.exe
  2⤵
  PID:4964
- C:\Windows\System\OrdEfBb.exe
  C:\Windows\System\OrdEfBb.exe
  2⤵
  PID:4980
- C:\Windows\System\vQlSyhs.exe
  C:\Windows\System\vQlSyhs.exe
  2⤵
  PID:5004
- C:\Windows\System\YxKrdTL.exe
  C:\Windows\System\YxKrdTL.exe
  2⤵
  PID:5020
- C:\Windows\System\kfGaaYm.exe
  C:\Windows\System\kfGaaYm.exe
  2⤵
  PID:5036
- C:\Windows\System\zIvUfVe.exe
  C:\Windows\System\zIvUfVe.exe
  2⤵
  PID:5056
- C:\Windows\System\pdSQRhm.exe
  C:\Windows\System\pdSQRhm.exe
  2⤵
  PID:5072
- C:\Windows\System\vWqUfwB.exe
  C:\Windows\System\vWqUfwB.exe
  2⤵
  PID:5096
- C:\Windows\System\iZoFadm.exe
  C:\Windows\System\iZoFadm.exe
  2⤵
  PID:5112
- C:\Windows\System\NeNFBWG.exe
  C:\Windows\System\NeNFBWG.exe
  2⤵
  PID:3944
- C:\Windows\System\BDTnhcc.exe
  C:\Windows\System\BDTnhcc.exe
  2⤵
  PID:2872
- C:\Windows\System\oMFPYWb.exe
  C:\Windows\System\oMFPYWb.exe
  2⤵
  PID:3616
- C:\Windows\System\unrIKTK.exe
  C:\Windows\System\unrIKTK.exe
  2⤵
  PID:4148
- C:\Windows\System\advihAu.exe
  C:\Windows\System\advihAu.exe
  2⤵
  PID:4212
- C:\Windows\System\BsjRIFc.exe
  C:\Windows\System\BsjRIFc.exe
  2⤵
  PID:4276
- C:\Windows\System\yWrbruE.exe
  C:\Windows\System\yWrbruE.exe
  2⤵
  PID:4316
- C:\Windows\System\GaHtWop.exe
  C:\Windows\System\GaHtWop.exe
  2⤵
  PID:4380
- C:\Windows\System\iUBYMCj.exe
  C:\Windows\System\iUBYMCj.exe
  2⤵
  PID:4400
- C:\Windows\System\jXrOVHu.exe
  C:\Windows\System\jXrOVHu.exe
  2⤵
  PID:4464
- C:\Windows\System\TpJvLPz.exe
  C:\Windows\System\TpJvLPz.exe
  2⤵
  PID:4044
- C:\Windows\System\dMEqVQr.exe
  C:\Windows\System\dMEqVQr.exe
  2⤵
  PID:3560
- C:\Windows\System\ZdcpIDl.exe
  C:\Windows\System\ZdcpIDl.exe
  2⤵
  PID:3644
- C:\Windows\System\eydwCMx.exe
  C:\Windows\System\eydwCMx.exe
  2⤵
  PID:3756
- C:\Windows\System\sTqGrSA.exe
  C:\Windows\System\sTqGrSA.exe
  2⤵
  PID:3336
- C:\Windows\System\RsBQfGw.exe
  C:\Windows\System\RsBQfGw.exe
  2⤵
  PID:4656
- C:\Windows\System\zZFCual.exe
  C:\Windows\System\zZFCual.exe
  2⤵
  PID:4692
- C:\Windows\System\VCgrbwq.exe
  C:\Windows\System\VCgrbwq.exe
  2⤵
  PID:4704
- C:\Windows\System\sEXaUjR.exe
  C:\Windows\System\sEXaUjR.exe
  2⤵
  PID:4440
- C:\Windows\System\VivtOQI.exe
  C:\Windows\System\VivtOQI.exe
  2⤵
  PID:4672
- C:\Windows\System\BzUzHNV.exe
  C:\Windows\System\BzUzHNV.exe
  2⤵
  PID:4604
- C:\Windows\System\hEHRvcs.exe
  C:\Windows\System\hEHRvcs.exe
  2⤵
  PID:4540
- C:\Windows\System\cETbesA.exe
  C:\Windows\System\cETbesA.exe
  2⤵
  PID:4476
- C:\Windows\System\NVFzNgI.exe
  C:\Windows\System\NVFzNgI.exe
  2⤵
  PID:4292
- C:\Windows\System\EtuLJbc.exe
  C:\Windows\System\EtuLJbc.exe
  2⤵
  PID:4200
- C:\Windows\System\uytcGZx.exe
  C:\Windows\System\uytcGZx.exe
  2⤵
  PID:4104
- C:\Windows\System\WdNjKRp.exe
  C:\Windows\System\WdNjKRp.exe
  2⤵
  PID:3440
- C:\Windows\System\dklsoxv.exe
  C:\Windows\System\dklsoxv.exe
  2⤵
  PID:3664
- C:\Windows\System\rLTjfXw.exe
  C:\Windows\System\rLTjfXw.exe
  2⤵
  PID:4872
- C:\Windows\System\vwDQOLb.exe
  C:\Windows\System\vwDQOLb.exe
  2⤵
  PID:4736
- C:\Windows\System\xwczhZq.exe
  C:\Windows\System\xwczhZq.exe
  2⤵
  PID:4756
- C:\Windows\System\aHFEJFf.exe
  C:\Windows\System\aHFEJFf.exe
  2⤵
  PID:4768
- C:\Windows\System\aepHzmX.exe
  C:\Windows\System\aepHzmX.exe
  2⤵
  PID:4788
- C:\Windows\System\tVVJxRT.exe
  C:\Windows\System\tVVJxRT.exe
  2⤵
  PID:4808
- C:\Windows\System\WeGvOkm.exe
  C:\Windows\System\WeGvOkm.exe
  2⤵
  PID:4816
- C:\Windows\System\iDhjCOr.exe
  C:\Windows\System\iDhjCOr.exe
  2⤵
  PID:4952
- C:\Windows\System\BoWMLZL.exe
  C:\Windows\System\BoWMLZL.exe
  2⤵
  PID:4996
- C:\Windows\System\CcCgJVB.exe
  C:\Windows\System\CcCgJVB.exe
  2⤵
  PID:4824
- C:\Windows\System\Ppenztv.exe
  C:\Windows\System\Ppenztv.exe
  2⤵
  PID:4892
- C:\Windows\System\FXJIsap.exe
  C:\Windows\System\FXJIsap.exe
  2⤵
  PID:5032
- C:\Windows\System\gzatkbP.exe
  C:\Windows\System\gzatkbP.exe
  2⤵
  PID:5108
- C:\Windows\System\EhHDKnf.exe
  C:\Windows\System\EhHDKnf.exe
  2⤵
  PID:4936
- C:\Windows\System\UyLawkp.exe
  C:\Windows\System\UyLawkp.exe
  2⤵
  PID:4976
- C:\Windows\System\UJkBQwt.exe
  C:\Windows\System\UJkBQwt.exe
  2⤵
  PID:2808
- C:\Windows\System\VTKMZJN.exe
  C:\Windows\System\VTKMZJN.exe
  2⤵
  PID:4120
- C:\Windows\System\LFpykPx.exe
  C:\Windows\System\LFpykPx.exe
  2⤵
  PID:5084
- C:\Windows\System\JFhFCAL.exe
  C:\Windows\System\JFhFCAL.exe
  2⤵
  PID:3300
- C:\Windows\System\DLLSpfv.exe
  C:\Windows\System\DLLSpfv.exe
  2⤵
  PID:576
- C:\Windows\System\Ecdlmfe.exe
  C:\Windows\System\Ecdlmfe.exe
  2⤵
  PID:4348
- C:\Windows\System\SVtnOUR.exe
  C:\Windows\System\SVtnOUR.exe
  2⤵
  PID:4460
- C:\Windows\System\KdBbVBS.exe
  C:\Windows\System\KdBbVBS.exe
  2⤵
  PID:3684
- C:\Windows\System\OMImxBM.exe
  C:\Windows\System\OMImxBM.exe
  2⤵
  PID:2832
- C:\Windows\System\phSgLyq.exe
  C:\Windows\System\phSgLyq.exe
  2⤵
  PID:3480
- C:\Windows\System\KEmpORN.exe
  C:\Windows\System\KEmpORN.exe
  2⤵
  PID:4708
- C:\Windows\System\RUvBsqZ.exe
  C:\Windows\System\RUvBsqZ.exe
  2⤵
  PID:2928
- C:\Windows\System\xtJLuXb.exe
  C:\Windows\System\xtJLuXb.exe
  2⤵
  PID:4336
- C:\Windows\System\ARrXWmg.exe
  C:\Windows\System\ARrXWmg.exe
  2⤵
  PID:4136
- C:\Windows\System\oULcRuJ.exe
  C:\Windows\System\oULcRuJ.exe
  2⤵
  PID:3144
- C:\Windows\System\VJaPpSu.exe
  C:\Windows\System\VJaPpSu.exe
  2⤵
  PID:4740
- C:\Windows\System\fnGMJcs.exe
  C:\Windows\System\fnGMJcs.exe
  2⤵
  PID:4772
- C:\Windows\System\FIENHFF.exe
  C:\Windows\System\FIENHFF.exe
  2⤵
  PID:4180
- C:\Windows\System\VbyQErW.exe
  C:\Windows\System\VbyQErW.exe
  2⤵
  PID:4396
- C:\Windows\System\uftbKNM.exe
  C:\Windows\System\uftbKNM.exe
  2⤵
  PID:4040
- C:\Windows\System\uAGCLud.exe
  C:\Windows\System\uAGCLud.exe
  2⤵
  PID:3004
- C:\Windows\System\dGTmXqr.exe
  C:\Windows\System\dGTmXqr.exe
  2⤵
  PID:4556
- C:\Windows\System\uINAjjd.exe
  C:\Windows\System\uINAjjd.exe
  2⤵
  PID:4916
- C:\Windows\System\lTLmGLN.exe
  C:\Windows\System\lTLmGLN.exe
  2⤵
  PID:4920
- C:\Windows\System\EPXPZXY.exe
  C:\Windows\System\EPXPZXY.exe
  2⤵
  PID:4624
- C:\Windows\System\wkhgMFJ.exe
  C:\Windows\System\wkhgMFJ.exe
  2⤵
  PID:2520
- C:\Windows\System\Zqhpxhj.exe
  C:\Windows\System\Zqhpxhj.exe
  2⤵
  PID:4608
- C:\Windows\System\YoScTwr.exe
  C:\Windows\System\YoScTwr.exe
  2⤵
  PID:5052
- C:\Windows\System\PUxeKng.exe
  C:\Windows\System\PUxeKng.exe
  2⤵
  PID:5016
- C:\Windows\System\SCFHcWi.exe
  C:\Windows\System\SCFHcWi.exe
  2⤵
  PID:2848
- C:\Windows\System\MVXymwV.exe
  C:\Windows\System\MVXymwV.exe
  2⤵
  PID:4436
- C:\Windows\System\jSdQeiz.exe
  C:\Windows\System\jSdQeiz.exe
  2⤵
  PID:2800
- C:\Windows\System\vswRbTB.exe
  C:\Windows\System\vswRbTB.exe
  2⤵
  PID:3960
- C:\Windows\System\zhHPVCK.exe
  C:\Windows\System\zhHPVCK.exe
  2⤵
  PID:4260
- C:\Windows\System\aWBOdzh.exe
  C:\Windows\System\aWBOdzh.exe
  2⤵
  PID:1968
- C:\Windows\System\fJeKmnV.exe
  C:\Windows\System\fJeKmnV.exe
  2⤵
  PID:4752
- C:\Windows\System\NLRkpAF.exe
  C:\Windows\System\NLRkpAF.exe
  2⤵
  PID:4876
- C:\Windows\System\vlNbdco.exe
  C:\Windows\System\vlNbdco.exe
  2⤵
  PID:4588
- C:\Windows\System\isfyZig.exe
  C:\Windows\System\isfyZig.exe
  2⤵
  PID:5164
- C:\Windows\System\QNtsFQM.exe
  C:\Windows\System\QNtsFQM.exe
  2⤵
  PID:5180
- C:\Windows\System\jHoBerz.exe
  C:\Windows\System\jHoBerz.exe
  2⤵
  PID:5196
- C:\Windows\System\KWSulIC.exe
  C:\Windows\System\KWSulIC.exe
  2⤵
  PID:5212
- C:\Windows\System\UUNOPQS.exe
  C:\Windows\System\UUNOPQS.exe
  2⤵
  PID:5228
- C:\Windows\System\bvnKLXG.exe
  C:\Windows\System\bvnKLXG.exe
  2⤵
  PID:5244
- C:\Windows\System\rHlGSPy.exe
  C:\Windows\System\rHlGSPy.exe
  2⤵
  PID:5260
- C:\Windows\System\SqLhRoI.exe
  C:\Windows\System\SqLhRoI.exe
  2⤵
  PID:5276
- C:\Windows\System\zIkUqsU.exe
  C:\Windows\System\zIkUqsU.exe
  2⤵
  PID:5296
- C:\Windows\System\aFOkuHL.exe
  C:\Windows\System\aFOkuHL.exe
  2⤵
  PID:5312
- C:\Windows\System\YCTZDwE.exe
  C:\Windows\System\YCTZDwE.exe
  2⤵
  PID:5328
- C:\Windows\System\OmwxxMc.exe
  C:\Windows\System\OmwxxMc.exe
  2⤵
  PID:5344
- C:\Windows\System\slaDnFL.exe
  C:\Windows\System\slaDnFL.exe
  2⤵
  PID:5360
- C:\Windows\System\qljHaDz.exe
  C:\Windows\System\qljHaDz.exe
  2⤵
  PID:5376
- C:\Windows\System\MUEKtgY.exe
  C:\Windows\System\MUEKtgY.exe
  2⤵
  PID:5480
- C:\Windows\System\VTsatle.exe
  C:\Windows\System\VTsatle.exe
  2⤵
  PID:5500
- C:\Windows\System\bSnfBll.exe
  C:\Windows\System\bSnfBll.exe
  2⤵
  PID:5520
- C:\Windows\System\mEPCcRj.exe
  C:\Windows\System\mEPCcRj.exe
  2⤵
  PID:5540
- C:\Windows\System\KWVbYXR.exe
  C:\Windows\System\KWVbYXR.exe
  2⤵
  PID:5556
- C:\Windows\System\SVRqlRK.exe
  C:\Windows\System\SVRqlRK.exe
  2⤵
  PID:5576
- C:\Windows\System\AnFeyqq.exe
  C:\Windows\System\AnFeyqq.exe
  2⤵
  PID:5596
- C:\Windows\System\NwWrzWF.exe
  C:\Windows\System\NwWrzWF.exe
  2⤵
  PID:5612
- C:\Windows\System\OoqZFuM.exe
  C:\Windows\System\OoqZFuM.exe
  2⤵
  PID:5636
- C:\Windows\System\YchEmTP.exe
  C:\Windows\System\YchEmTP.exe
  2⤵
  PID:5652
- C:\Windows\System\xhUOrjA.exe
  C:\Windows\System\xhUOrjA.exe
  2⤵
  PID:5676
- C:\Windows\System\WIbNnOu.exe
  C:\Windows\System\WIbNnOu.exe
  2⤵
  PID:5696
- C:\Windows\System\mEGqyVS.exe
  C:\Windows\System\mEGqyVS.exe
  2⤵
  PID:5712
- C:\Windows\System\bXEfcKS.exe
  C:\Windows\System\bXEfcKS.exe
  2⤵
  PID:5728
- C:\Windows\System\jhkolKi.exe
  C:\Windows\System\jhkolKi.exe
  2⤵
  PID:5748
- C:\Windows\System\GHxRTiV.exe
  C:\Windows\System\GHxRTiV.exe
  2⤵
  PID:5764
- C:\Windows\System\JXcjGUG.exe
  C:\Windows\System\JXcjGUG.exe
  2⤵
  PID:5780
- C:\Windows\System\KsKQFDH.exe
  C:\Windows\System\KsKQFDH.exe
  2⤵
  PID:5796
- C:\Windows\System\wnYWaPk.exe
  C:\Windows\System\wnYWaPk.exe
  2⤵
  PID:5812
- C:\Windows\System\GCGpnyg.exe
  C:\Windows\System\GCGpnyg.exe
  2⤵
  PID:5828
- C:\Windows\System\BsFDUxw.exe
  C:\Windows\System\BsFDUxw.exe
  2⤵
  PID:5852
- C:\Windows\System\sWemRQh.exe
  C:\Windows\System\sWemRQh.exe
  2⤵
  PID:5872
- C:\Windows\System\rJFtVCq.exe
  C:\Windows\System\rJFtVCq.exe
  2⤵
  PID:5888
- C:\Windows\System\zSqnQAC.exe
  C:\Windows\System\zSqnQAC.exe
  2⤵
  PID:5904
- C:\Windows\System\HulWVOM.exe
  C:\Windows\System\HulWVOM.exe
  2⤵
  PID:5920
- C:\Windows\System\TVOJTLQ.exe
  C:\Windows\System\TVOJTLQ.exe
  2⤵
  PID:5936
- C:\Windows\System\QIhHWQf.exe
  C:\Windows\System\QIhHWQf.exe
  2⤵
  PID:5952
- C:\Windows\System\EeAZEiC.exe
  C:\Windows\System\EeAZEiC.exe
  2⤵
  PID:5968
- C:\Windows\System\OcWcIGc.exe
  C:\Windows\System\OcWcIGc.exe
  2⤵
  PID:5984
- C:\Windows\System\tTBDMTV.exe
  C:\Windows\System\tTBDMTV.exe
  2⤵
  PID:6000
- C:\Windows\System\vXwqCVV.exe
  C:\Windows\System\vXwqCVV.exe
  2⤵
  PID:6016
- C:\Windows\System\lYcjdou.exe
  C:\Windows\System\lYcjdou.exe
  2⤵
  PID:6032
- C:\Windows\System\WWzdXrn.exe
  C:\Windows\System\WWzdXrn.exe
  2⤵
  PID:6048
- C:\Windows\System\iAPudTc.exe
  C:\Windows\System\iAPudTc.exe
  2⤵
  PID:6068
- C:\Windows\System\RKXnpgM.exe
  C:\Windows\System\RKXnpgM.exe
  2⤵
  PID:6116
- C:\Windows\System\SQngyHG.exe
  C:\Windows\System\SQngyHG.exe
  2⤵
  PID:6132
- C:\Windows\System\SabvStz.exe
  C:\Windows\System\SabvStz.exe
  2⤵
  PID:1192
- C:\Windows\System\cnXoXsz.exe
  C:\Windows\System\cnXoXsz.exe
  2⤵
  PID:4972
- C:\Windows\System\qDpVBZh.exe
  C:\Windows\System\qDpVBZh.exe
  2⤵
  PID:5092
- C:\Windows\System\FlELbtw.exe
  C:\Windows\System\FlELbtw.exe
  2⤵
  PID:3824
- C:\Windows\System\dnMjZvK.exe
  C:\Windows\System\dnMjZvK.exe
  2⤵
  PID:2900
- C:\Windows\System\SanhXOJ.exe
  C:\Windows\System\SanhXOJ.exe
  2⤵
  PID:4296
- C:\Windows\System\BfHTIvJ.exe
  C:\Windows\System\BfHTIvJ.exe
  2⤵
  PID:3000
- C:\Windows\System\IVCgTai.exe
  C:\Windows\System\IVCgTai.exe
  2⤵
  PID:3372
- C:\Windows\System\sNYBVvR.exe
  C:\Windows\System\sNYBVvR.exe
  2⤵
  PID:4432
- C:\Windows\System\jysamAY.exe
  C:\Windows\System\jysamAY.exe
  2⤵
  PID:3060
- C:\Windows\System\aZzjTuC.exe
  C:\Windows\System\aZzjTuC.exe
  2⤵
  PID:5136
- C:\Windows\System\RzyPNNo.exe
  C:\Windows\System\RzyPNNo.exe
  2⤵
  PID:5152
- C:\Windows\System\egmDdHa.exe
  C:\Windows\System\egmDdHa.exe
  2⤵
  PID:5324
- C:\Windows\System\oWvwbDD.exe
  C:\Windows\System\oWvwbDD.exe
  2⤵
  PID:5352
- C:\Windows\System\BqRifLZ.exe
  C:\Windows\System\BqRifLZ.exe
  2⤵
  PID:5208
- C:\Windows\System\IZxBZau.exe
  C:\Windows\System\IZxBZau.exe
  2⤵
  PID:5304
- C:\Windows\System\QnMTLEI.exe
  C:\Windows\System\QnMTLEI.exe
  2⤵
  PID:5392
- C:\Windows\System\JlkGTGw.exe
  C:\Windows\System\JlkGTGw.exe
  2⤵
  PID:4416
- C:\Windows\System\XiUPxkA.exe
  C:\Windows\System\XiUPxkA.exe
  2⤵
  PID:5308
- C:\Windows\System\VXPDAsx.exe
  C:\Windows\System\VXPDAsx.exe
  2⤵
  PID:5372
- C:\Windows\System\NPfjndv.exe
  C:\Windows\System\NPfjndv.exe
  2⤵
  PID:5444
- C:\Windows\System\OFxeMpA.exe
  C:\Windows\System\OFxeMpA.exe
  2⤵
  PID:5460
- C:\Windows\System\mOYunCJ.exe
  C:\Windows\System\mOYunCJ.exe
  2⤵
  PID:5204
- C:\Windows\System\fUhskAs.exe
  C:\Windows\System\fUhskAs.exe
  2⤵
  PID:4748
- C:\Windows\System\pJdzvRm.exe
  C:\Windows\System\pJdzvRm.exe
  2⤵
  PID:5508
- C:\Windows\System\UNBnYjN.exe
  C:\Windows\System\UNBnYjN.exe
  2⤵
  PID:5548
- C:\Windows\System\yoHlSjm.exe
  C:\Windows\System\yoHlSjm.exe
  2⤵
  PID:5584
- C:\Windows\System\emuHjPt.exe
  C:\Windows\System\emuHjPt.exe
  2⤵
  PID:5620
- C:\Windows\System\HDdzIvI.exe
  C:\Windows\System\HDdzIvI.exe
  2⤵
  PID:5660
- C:\Windows\System\UuRISUl.exe
  C:\Windows\System\UuRISUl.exe
  2⤵
  PID:2592
- C:\Windows\System\sfIymjV.exe
  C:\Windows\System\sfIymjV.exe
  2⤵
  PID:5528
- C:\Windows\System\MopUiJY.exe
  C:\Windows\System\MopUiJY.exe
  2⤵
  PID:5604
- C:\Windows\System\dyRIPKa.exe
  C:\Windows\System\dyRIPKa.exe
  2⤵
  PID:5740
- C:\Windows\System\uCBItDS.exe
  C:\Windows\System\uCBItDS.exe
  2⤵
  PID:5648
- C:\Windows\System\MtWuBgW.exe
  C:\Windows\System\MtWuBgW.exe
  2⤵
  PID:5772
- C:\Windows\System\lLigneg.exe
  C:\Windows\System\lLigneg.exe
  2⤵
  PID:5836
- C:\Windows\System\ESACpOa.exe
  C:\Windows\System\ESACpOa.exe
  2⤵
  PID:5880
- C:\Windows\System\MUumCLy.exe
  C:\Windows\System\MUumCLy.exe
  2⤵
  PID:5944
- C:\Windows\System\dZWmJlg.exe
  C:\Windows\System\dZWmJlg.exe
  2⤵
  PID:5692
- C:\Windows\System\RQlTLDX.exe
  C:\Windows\System\RQlTLDX.exe
  2⤵
  PID:5724
- C:\Windows\System\iaAktpJ.exe
  C:\Windows\System\iaAktpJ.exe
  2⤵
  PID:5820
- C:\Windows\System\VgJCvAN.exe
  C:\Windows\System\VgJCvAN.exe
  2⤵
  PID:5976
- C:\Windows\System\EGtNPlK.exe
  C:\Windows\System\EGtNPlK.exe
  2⤵
  PID:6040
- C:\Windows\System\teVDRlh.exe
  C:\Windows\System\teVDRlh.exe
  2⤵
  PID:6084
- C:\Windows\System\EGiMOhJ.exe
  C:\Windows\System\EGiMOhJ.exe
  2⤵
  PID:6100
- C:\Windows\System\SjcKKQI.exe
  C:\Windows\System\SjcKKQI.exe
  2⤵
  PID:6064
- C:\Windows\System\cNCizdx.exe
  C:\Windows\System\cNCizdx.exe
  2⤵
  PID:4592
- C:\Windows\System\qEhhsIS.exe
  C:\Windows\System\qEhhsIS.exe
  2⤵
  PID:4528
- C:\Windows\System\kUWdbsq.exe
  C:\Windows\System\kUWdbsq.exe
  2⤵
  PID:6024
- C:\Windows\System\zztBchK.exe
  C:\Windows\System\zztBchK.exe
  2⤵
  PID:5868
- C:\Windows\System\skxDjMl.exe
  C:\Windows\System\skxDjMl.exe
  2⤵
  PID:6060
- C:\Windows\System\UrnamoY.exe
  C:\Windows\System\UrnamoY.exe
  2⤵
  PID:2508
- C:\Windows\System\WtNPnRa.exe
  C:\Windows\System\WtNPnRa.exe
  2⤵
  PID:3600
- C:\Windows\System\OirervI.exe
  C:\Windows\System\OirervI.exe
  2⤵
  PID:5128
- C:\Windows\System\KQOjTxP.exe
  C:\Windows\System\KQOjTxP.exe
  2⤵
  PID:4168
- C:\Windows\System\nGgvuKt.exe
  C:\Windows\System\nGgvuKt.exe
  2⤵
  PID:4248
- C:\Windows\System\PMCMAWd.exe
  C:\Windows\System\PMCMAWd.exe
  2⤵
  PID:5144
- C:\Windows\System\EKuGWXH.exe
  C:\Windows\System\EKuGWXH.exe
  2⤵
  PID:5224
- C:\Windows\System\kdLoWzF.exe
  C:\Windows\System\kdLoWzF.exe
  2⤵
  PID:5292
- C:\Windows\System\WdfrlNp.exe
  C:\Windows\System\WdfrlNp.exe
  2⤵
  PID:2572
- C:\Windows\System\TqkPFgC.exe
  C:\Windows\System\TqkPFgC.exe
  2⤵
  PID:4900
- C:\Windows\System\vglSRXN.exe
  C:\Windows\System\vglSRXN.exe
  2⤵
  PID:2664
- C:\Windows\System\bXUOorU.exe
  C:\Windows\System\bXUOorU.exe
  2⤵
  PID:820
- C:\Windows\System\MLoVcQf.exe
  C:\Windows\System\MLoVcQf.exe
  2⤵
  PID:1784
- C:\Windows\System\uFrRrVh.exe
  C:\Windows\System\uFrRrVh.exe
  2⤵
  PID:2852
- C:\Windows\System\LWURzZK.exe
  C:\Windows\System\LWURzZK.exe
  2⤵
  PID:1036
- C:\Windows\System\MtjvMVD.exe
  C:\Windows\System\MtjvMVD.exe
  2⤵
  PID:2364
- C:\Windows\System\xrdKLny.exe
  C:\Windows\System\xrdKLny.exe
  2⤵
  PID:5368
- C:\Windows\System\rABYSfg.exe
  C:\Windows\System\rABYSfg.exe
  2⤵
  PID:2044
- C:\Windows\System\Kkvztag.exe
  C:\Windows\System\Kkvztag.exe
  2⤵
  PID:2444
- C:\Windows\System\AFimSQk.exe
  C:\Windows\System\AFimSQk.exe
  2⤵
  PID:5432
- C:\Windows\System\BGVcDiR.exe
  C:\Windows\System\BGVcDiR.exe
  2⤵
  PID:4480
- C:\Windows\System\kRUtkie.exe
  C:\Windows\System\kRUtkie.exe
  2⤵
  PID:5628
- C:\Windows\System\iyWDzEP.exe
  C:\Windows\System\iyWDzEP.exe
  2⤵
  PID:752
- C:\Windows\System\LVrQbhq.exe
  C:\Windows\System\LVrQbhq.exe
  2⤵
  PID:2660
- C:\Windows\System\CGiVFKU.exe
  C:\Windows\System\CGiVFKU.exe
  2⤵
  PID:1032
- C:\Windows\System\TQROMWu.exe
  C:\Windows\System\TQROMWu.exe
  2⤵
  PID:5568
- C:\Windows\System\ySenYOh.exe
  C:\Windows\System\ySenYOh.exe
  2⤵
  PID:5572
- C:\Windows\System\eljTaFG.exe
  C:\Windows\System\eljTaFG.exe
  2⤵
  PID:5756
- C:\Windows\System\tHGlLEj.exe
  C:\Windows\System\tHGlLEj.exe
  2⤵
  PID:5912
- C:\Windows\System\sfhCooS.exe
  C:\Windows\System\sfhCooS.exe
  2⤵
  PID:1388
- C:\Windows\System\jIlHCif.exe
  C:\Windows\System\jIlHCif.exe
  2⤵
  PID:6080
- C:\Windows\System\jWpMTEa.exe
  C:\Windows\System\jWpMTEa.exe
  2⤵
  PID:6028
- C:\Windows\System\VfPsWDy.exe
  C:\Windows\System\VfPsWDy.exe
  2⤵
  PID:5124
- C:\Windows\System\wtnQyYo.exe
  C:\Windows\System\wtnQyYo.exe
  2⤵
  PID:4496
- C:\Windows\System\lSFvlWU.exe
  C:\Windows\System\lSFvlWU.exe
  2⤵
  PID:2584
- C:\Windows\System\oADcwVk.exe
  C:\Windows\System\oADcwVk.exe
  2⤵
  PID:6008
- C:\Windows\System\EIBPRql.exe
  C:\Windows\System\EIBPRql.exe
  2⤵
  PID:2288
- C:\Windows\System\ibeqbgu.exe
  C:\Windows\System\ibeqbgu.exe
  2⤵
  PID:6124
- C:\Windows\System\ZBdrQQI.exe
  C:\Windows\System\ZBdrQQI.exe
  2⤵
  PID:3880
- C:\Windows\System\EVRiolh.exe
  C:\Windows\System\EVRiolh.exe
  2⤵
  PID:2120
- C:\Windows\System\gEYwVNp.exe
  C:\Windows\System\gEYwVNp.exe
  2⤵
  PID:5028
- C:\Windows\System\LgEPhiw.exe
  C:\Windows\System\LgEPhiw.exe
  2⤵
  PID:1348
- C:\Windows\System\EnbJleL.exe
  C:\Windows\System\EnbJleL.exe
  2⤵
  PID:2908
- C:\Windows\System\XByqvTK.exe
  C:\Windows\System\XByqvTK.exe
  2⤵
  PID:5404
- C:\Windows\System\GnZAuKl.exe
  C:\Windows\System\GnZAuKl.exe
  2⤵
  PID:952
- C:\Windows\System\aJoOKnQ.exe
  C:\Windows\System\aJoOKnQ.exe
  2⤵
  PID:5704
- C:\Windows\System\wPULdXc.exe
  C:\Windows\System\wPULdXc.exe
  2⤵
  PID:1976
- C:\Windows\System\sAIWvKd.exe
  C:\Windows\System\sAIWvKd.exe
  2⤵
  PID:5488
- C:\Windows\System\UrWhsES.exe
  C:\Windows\System\UrWhsES.exe
  2⤵
  PID:5848
- C:\Windows\System\OWIFEes.exe
  C:\Windows\System\OWIFEes.exe
  2⤵
  PID:4988
- C:\Windows\System\pdlEhLA.exe
  C:\Windows\System\pdlEhLA.exe
  2⤵
  PID:5808
- C:\Windows\System\rdvLTRF.exe
  C:\Windows\System\rdvLTRF.exe
  2⤵
  PID:5720
- C:\Windows\System\gvtErBs.exe
  C:\Windows\System\gvtErBs.exe
  2⤵
  PID:4812
- C:\Windows\System\xttkQHp.exe
  C:\Windows\System\xttkQHp.exe
  2⤵
  PID:6096
- C:\Windows\System\hQWPfFW.exe
  C:\Windows\System\hQWPfFW.exe
  2⤵
  PID:4308
- C:\Windows\System\tiENREu.exe
  C:\Windows\System\tiENREu.exe
  2⤵
  PID:2452
- C:\Windows\System\vgkurXy.exe
  C:\Windows\System\vgkurXy.exe
  2⤵
  PID:4116
- C:\Windows\System\gaSgMvL.exe
  C:\Windows\System\gaSgMvL.exe
  2⤵
  PID:980
- C:\Windows\System\hoYrWFw.exe
  C:\Windows\System\hoYrWFw.exe
  2⤵
  PID:4700
- C:\Windows\System\fMsrUYQ.exe
  C:\Windows\System\fMsrUYQ.exe
  2⤵
  PID:5736
- C:\Windows\System\ItFxzdv.exe
  C:\Windows\System\ItFxzdv.exe
  2⤵
  PID:5804
- C:\Windows\System\BZigOdV.exe
  C:\Windows\System\BZigOdV.exe
  2⤵
  PID:324
- C:\Windows\System\QckwHsU.exe
  C:\Windows\System\QckwHsU.exe
  2⤵
  PID:1768
- C:\Windows\System\ahzpoKZ.exe
  C:\Windows\System\ahzpoKZ.exe
  2⤵
  PID:4856
- C:\Windows\System\cVlasrU.exe
  C:\Windows\System\cVlasrU.exe
  2⤵
  PID:4784
- C:\Windows\System\JyEzLcS.exe
  C:\Windows\System\JyEzLcS.exe
  2⤵
  PID:5492
- C:\Windows\System\zCuKdMv.exe
  C:\Windows\System\zCuKdMv.exe
  2⤵
  PID:2692
- C:\Windows\System\HcbVITQ.exe
  C:\Windows\System\HcbVITQ.exe
  2⤵
  PID:6156
- C:\Windows\System\OkBEuKP.exe
  C:\Windows\System\OkBEuKP.exe
  2⤵
  PID:6172
- C:\Windows\System\KFhqAEM.exe
  C:\Windows\System\KFhqAEM.exe
  2⤵
  PID:6188
- C:\Windows\System\eeKmghb.exe
  C:\Windows\System\eeKmghb.exe
  2⤵
  PID:6204
- C:\Windows\System\LpwBWRH.exe
  C:\Windows\System\LpwBWRH.exe
  2⤵
  PID:6220
- C:\Windows\System\CrtJZUC.exe
  C:\Windows\System\CrtJZUC.exe
  2⤵
  PID:6236
- C:\Windows\System\hUkJyVA.exe
  C:\Windows\System\hUkJyVA.exe
  2⤵
  PID:6252
- C:\Windows\System\tjUEvwN.exe
  C:\Windows\System\tjUEvwN.exe
  2⤵
  PID:6268
- C:\Windows\System\cRNLboW.exe
  C:\Windows\System\cRNLboW.exe
  2⤵
  PID:6284
- C:\Windows\System\mMqGyon.exe
  C:\Windows\System\mMqGyon.exe
  2⤵
  PID:6300
- C:\Windows\System\BRaHxwT.exe
  C:\Windows\System\BRaHxwT.exe
  2⤵
  PID:6316
- C:\Windows\System\RpdDPZf.exe
  C:\Windows\System\RpdDPZf.exe
  2⤵
  PID:6332
- C:\Windows\System\ayeApVk.exe
  C:\Windows\System\ayeApVk.exe
  2⤵
  PID:6348
- C:\Windows\System\DMnKlob.exe
  C:\Windows\System\DMnKlob.exe
  2⤵
  PID:6364
- C:\Windows\System\lsojaHu.exe
  C:\Windows\System\lsojaHu.exe
  2⤵
  PID:6380
- C:\Windows\System\gRMwlKO.exe
  C:\Windows\System\gRMwlKO.exe
  2⤵
  PID:6396
- C:\Windows\System\uvoRJHQ.exe
  C:\Windows\System\uvoRJHQ.exe
  2⤵
  PID:6412
- C:\Windows\System\vyuqiOA.exe
  C:\Windows\System\vyuqiOA.exe
  2⤵
  PID:6428
- C:\Windows\System\qGnvUDC.exe
  C:\Windows\System\qGnvUDC.exe
  2⤵
  PID:6444
- C:\Windows\System\vqrECJB.exe
  C:\Windows\System\vqrECJB.exe
  2⤵
  PID:6460
- C:\Windows\System\pMUPRAN.exe
  C:\Windows\System\pMUPRAN.exe
  2⤵
  PID:6476
- C:\Windows\System\JARcepO.exe
  C:\Windows\System\JARcepO.exe
  2⤵
  PID:6492
- C:\Windows\System\NpSbxOG.exe
  C:\Windows\System\NpSbxOG.exe
  2⤵
  PID:6508
- C:\Windows\System\kImhncD.exe
  C:\Windows\System\kImhncD.exe
  2⤵
  PID:6524
- C:\Windows\System\nLBcVGt.exe
  C:\Windows\System\nLBcVGt.exe
  2⤵
  PID:6540
- C:\Windows\System\rHdMENJ.exe
  C:\Windows\System\rHdMENJ.exe
  2⤵
  PID:6556
- C:\Windows\System\uQUGGSq.exe
  C:\Windows\System\uQUGGSq.exe
  2⤵
  PID:6572
- C:\Windows\System\XnKtGTE.exe
  C:\Windows\System\XnKtGTE.exe
  2⤵
  PID:6588
- C:\Windows\System\vwQzCkj.exe
  C:\Windows\System\vwQzCkj.exe
  2⤵
  PID:6604
- C:\Windows\System\oiGzcoR.exe
  C:\Windows\System\oiGzcoR.exe
  2⤵
  PID:6684
- C:\Windows\System\MRwEDrV.exe
  C:\Windows\System\MRwEDrV.exe
  2⤵
  PID:6700
- C:\Windows\System\yoPOhzL.exe
  C:\Windows\System\yoPOhzL.exe
  2⤵
  PID:6720
- C:\Windows\System\YzZIyPA.exe
  C:\Windows\System\YzZIyPA.exe
  2⤵
  PID:6740
- C:\Windows\System\OTHhIkV.exe
  C:\Windows\System\OTHhIkV.exe
  2⤵
  PID:6756
- C:\Windows\System\sOHWnFg.exe
  C:\Windows\System\sOHWnFg.exe
  2⤵
  PID:6776
- C:\Windows\System\gIZTkDt.exe
  C:\Windows\System\gIZTkDt.exe
  2⤵
  PID:6792
- C:\Windows\System\eQwLMrD.exe
  C:\Windows\System\eQwLMrD.exe
  2⤵
  PID:6812
- C:\Windows\System\FlGfoyf.exe
  C:\Windows\System\FlGfoyf.exe
  2⤵
  PID:6832
- C:\Windows\System\zboKNlY.exe
  C:\Windows\System\zboKNlY.exe
  2⤵
  PID:6856
- C:\Windows\System\wvrZrJx.exe
  C:\Windows\System\wvrZrJx.exe
  2⤵
  PID:6872
- C:\Windows\System\dSqDtaw.exe
  C:\Windows\System\dSqDtaw.exe
  2⤵
  PID:6888
- C:\Windows\System\pLXEoXh.exe
  C:\Windows\System\pLXEoXh.exe
  2⤵
  PID:6904
- C:\Windows\System\utHdamf.exe
  C:\Windows\System\utHdamf.exe
  2⤵
  PID:6920
- C:\Windows\System\BkKUGhf.exe
  C:\Windows\System\BkKUGhf.exe
  2⤵
  PID:6940
- C:\Windows\System\ECYVbEV.exe
  C:\Windows\System\ECYVbEV.exe
  2⤵
  PID:6964
- C:\Windows\System\BbNQZIh.exe
  C:\Windows\System\BbNQZIh.exe
  2⤵
  PID:6988
- C:\Windows\System\RROsdCl.exe
  C:\Windows\System\RROsdCl.exe
  2⤵
  PID:7012
- C:\Windows\System\jEtASjS.exe
  C:\Windows\System\jEtASjS.exe
  2⤵
  PID:7036
- C:\Windows\System\ICLJOMs.exe
  C:\Windows\System\ICLJOMs.exe
  2⤵
  PID:7056
- C:\Windows\System\kLLcNvY.exe
  C:\Windows\System\kLLcNvY.exe
  2⤵
  PID:7072
- C:\Windows\System\WUqEcCr.exe
  C:\Windows\System\WUqEcCr.exe
  2⤵
  PID:7088
- C:\Windows\System\oxftEYA.exe
  C:\Windows\System\oxftEYA.exe
  2⤵
  PID:7104
- C:\Windows\System\nYMsVMJ.exe
  C:\Windows\System\nYMsVMJ.exe
  2⤵
  PID:7120
- C:\Windows\System\cnfCWbJ.exe
  C:\Windows\System\cnfCWbJ.exe
  2⤵
  PID:7136
- C:\Windows\System\YFgjQkQ.exe
  C:\Windows\System\YFgjQkQ.exe
  2⤵
  PID:7152
- C:\Windows\System\WDtXYVc.exe
  C:\Windows\System\WDtXYVc.exe
  2⤵
  PID:5792
- C:\Windows\System\pWyKSGs.exe
  C:\Windows\System\pWyKSGs.exe
  2⤵
  PID:5320
- C:\Windows\System\SMDomPs.exe
  C:\Windows\System\SMDomPs.exe
  2⤵
  PID:5452
- C:\Windows\System\IVRNHwq.exe
  C:\Windows\System\IVRNHwq.exe
  2⤵
  PID:3244
- C:\Windows\System\ElSVLUk.exe
  C:\Windows\System\ElSVLUk.exe
  2⤵
  PID:6152
- C:\Windows\System\hELCLUY.exe
  C:\Windows\System\hELCLUY.exe
  2⤵
  PID:2640
- C:\Windows\System\KrGjXvZ.exe
  C:\Windows\System\KrGjXvZ.exe
  2⤵
  PID:6196
- C:\Windows\System\RhYfyXz.exe
  C:\Windows\System\RhYfyXz.exe
  2⤵
  PID:492
- C:\Windows\System\LgnFbey.exe
  C:\Windows\System\LgnFbey.exe
  2⤵
  PID:6260
- C:\Windows\System\fMXDuoP.exe
  C:\Windows\System\fMXDuoP.exe
  2⤵
  PID:6264
- C:\Windows\System\mvwYJOC.exe
  C:\Windows\System\mvwYJOC.exe
  2⤵
  PID:6360
- C:\Windows\System\QuEZtoQ.exe
  C:\Windows\System\QuEZtoQ.exe
  2⤵
  PID:6276
- C:\Windows\System\qZyjuZJ.exe
  C:\Windows\System\qZyjuZJ.exe
  2⤵
  PID:2168
- C:\Windows\System\iLyQHDm.exe
  C:\Windows\System\iLyQHDm.exe
  2⤵
  PID:6312
- C:\Windows\System\kYvdiiE.exe
  C:\Windows\System\kYvdiiE.exe
  2⤵
  PID:6340
- C:\Windows\System\sAAmZKd.exe
  C:\Windows\System\sAAmZKd.exe
  2⤵
  PID:6484
- C:\Windows\System\oXtSQxN.exe
  C:\Windows\System\oXtSQxN.exe
  2⤵
  PID:6548
- C:\Windows\System\fOGVfgx.exe
  C:\Windows\System\fOGVfgx.exe
  2⤵
  PID:6440
- C:\Windows\System\hbfJZRb.exe
  C:\Windows\System\hbfJZRb.exe
  2⤵
  PID:6584
- C:\Windows\System\ygAffww.exe
  C:\Windows\System\ygAffww.exe
  2⤵
  PID:6536
- C:\Windows\System\NQdiwap.exe
  C:\Windows\System\NQdiwap.exe
  2⤵
  PID:6600
- C:\Windows\System\hZrBJxG.exe
  C:\Windows\System\hZrBJxG.exe
  2⤵
  PID:1944
- C:\Windows\System\Aiggqzg.exe
  C:\Windows\System\Aiggqzg.exe
  2⤵
  PID:2624
- C:\Windows\System\teAVsjf.exe
  C:\Windows\System\teAVsjf.exe
  2⤵
  PID:5684
- C:\Windows\System\qvLwEuU.exe
  C:\Windows\System\qvLwEuU.exe
  2⤵
  PID:6644
- C:\Windows\System\GiLqEoF.exe
  C:\Windows\System\GiLqEoF.exe
  2⤵
  PID:6656
- C:\Windows\System\ZvsAsue.exe
  C:\Windows\System\ZvsAsue.exe
  2⤵
  PID:6664
- C:\Windows\System\DfqeomS.exe
  C:\Windows\System\DfqeomS.exe
  2⤵
  PID:6708
- C:\Windows\System\LvgzFxn.exe
  C:\Windows\System\LvgzFxn.exe
  2⤵
  PID:6752
- C:\Windows\System\XxjKLbJ.exe
  C:\Windows\System\XxjKLbJ.exe
  2⤵
  PID:6824
- C:\Windows\System\LrXdzay.exe
  C:\Windows\System\LrXdzay.exe
  2⤵
  PID:6696
- C:\Windows\System\IhcflhZ.exe
  C:\Windows\System\IhcflhZ.exe
  2⤵
  PID:6764
- C:\Windows\System\TAZvpXN.exe
  C:\Windows\System\TAZvpXN.exe
  2⤵
  PID:6804
- C:\Windows\System\iajMmhy.exe
  C:\Windows\System\iajMmhy.exe
  2⤵
  PID:6852
- C:\Windows\System\NsSzMfu.exe
  C:\Windows\System\NsSzMfu.exe
  2⤵
  PID:6896
- C:\Windows\System\blsbsWo.exe
  C:\Windows\System\blsbsWo.exe
  2⤵
  PID:6936
- C:\Windows\System\CfyFifn.exe
  C:\Windows\System\CfyFifn.exe
  2⤵
  PID:7020
- C:\Windows\System\olwxhoI.exe
  C:\Windows\System\olwxhoI.exe
  2⤵
  PID:7064
- C:\Windows\System\JWBLXIV.exe
  C:\Windows\System\JWBLXIV.exe
  2⤵
  PID:7128
- C:\Windows\System\xPzTPOF.exe
  C:\Windows\System\xPzTPOF.exe
  2⤵
  PID:6884
- C:\Windows\System\viiJzMS.exe
  C:\Windows\System\viiJzMS.exe
  2⤵
  PID:6952
- C:\Windows\System\LdnFpDW.exe
  C:\Windows\System\LdnFpDW.exe
  2⤵
  PID:6996
- C:\Windows\System\sgrvHSd.exe
  C:\Windows\System\sgrvHSd.exe
  2⤵
  PID:7044
- C:\Windows\System\apgvVZf.exe
  C:\Windows\System\apgvVZf.exe
  2⤵
  PID:7084
- C:\Windows\System\FkMtSkP.exe
  C:\Windows\System\FkMtSkP.exe
  2⤵
  PID:7148
- C:\Windows\System\GqWWDiK.exe
  C:\Windows\System\GqWWDiK.exe
  2⤵
  PID:5512
- C:\Windows\System\RnwffQi.exe
  C:\Windows\System\RnwffQi.exe
  2⤵
  PID:5496
- C:\Windows\System\QcmQIkb.exe
  C:\Windows\System\QcmQIkb.exe
  2⤵
  PID:6212
- C:\Windows\System\xcpEcYr.exe
  C:\Windows\System\xcpEcYr.exe
  2⤵
  PID:6420
- C:\Windows\System\OQbFLuB.exe
  C:\Windows\System\OQbFLuB.exe
  2⤵
  PID:2480
- C:\Windows\System\MFOjdsh.exe
  C:\Windows\System\MFOjdsh.exe
  2⤵
  PID:6424
- C:\Windows\System\RIhJfgM.exe
  C:\Windows\System\RIhJfgM.exe
  2⤵
  PID:6516
- C:\Windows\System\ZRdKzux.exe
  C:\Windows\System\ZRdKzux.exe
  2⤵
  PID:6292
- C:\Windows\System\liGjCDT.exe
  C:\Windows\System\liGjCDT.exe
  2⤵
  PID:5384
- C:\Windows\System\yrwAkeN.exe
  C:\Windows\System\yrwAkeN.exe
  2⤵
  PID:6636
- C:\Windows\System\ASxSxCS.exe
  C:\Windows\System\ASxSxCS.exe
  2⤵
  PID:2420
- C:\Windows\System\xiibCbc.exe
  C:\Windows\System\xiibCbc.exe
  2⤵
  PID:1676
- C:\Windows\System\EOjcikg.exe
  C:\Windows\System\EOjcikg.exe
  2⤵
  PID:6648
- C:\Windows\System\JOejWSI.exe
  C:\Windows\System\JOejWSI.exe
  2⤵
  PID:6828
- C:\Windows\System\XDDaUcX.exe
  C:\Windows\System\XDDaUcX.exe
  2⤵
  PID:6680
- C:\Windows\System\xBQwJZH.exe
  C:\Windows\System\xBQwJZH.exe
  2⤵
  PID:6844
- C:\Windows\System\hPmCITs.exe
  C:\Windows\System\hPmCITs.exe
  2⤵
  PID:7028
- C:\Windows\System\jBmzpVF.exe
  C:\Windows\System\jBmzpVF.exe
  2⤵
  PID:6864
- C:\Windows\System\ROjxcta.exe
  C:\Windows\System\ROjxcta.exe
  2⤵
  PID:7100
- C:\Windows\System\zEQyNyX.exe
  C:\Windows\System\zEQyNyX.exe
  2⤵
  PID:6880
- C:\Windows\System\xBbyRal.exe
  C:\Windows\System\xBbyRal.exe
  2⤵
  PID:6984
- C:\Windows\System\QZjaztR.exe
  C:\Windows\System\QZjaztR.exe
  2⤵
  PID:5992
- C:\Windows\System\vudeztd.exe
  C:\Windows\System\vudeztd.exe
  2⤵
  PID:7144
- C:\Windows\System\OTJjDPu.exe
  C:\Windows\System\OTJjDPu.exe
  2⤵
  PID:6452
- C:\Windows\System\EOgRZrL.exe
  C:\Windows\System\EOgRZrL.exe
  2⤵
  PID:6568
- C:\Windows\System\zZbySuc.exe
  C:\Windows\System\zZbySuc.exe
  2⤵
  PID:6628
- C:\Windows\System\GrZmPWP.exe
  C:\Windows\System\GrZmPWP.exe
  2⤵
  PID:6392
- C:\Windows\System\xwZnOnh.exe
  C:\Windows\System\xwZnOnh.exe
  2⤵
  PID:6228
- C:\Windows\System\JxbDZnM.exe
  C:\Windows\System\JxbDZnM.exe
  2⤵
  PID:6504
- C:\Windows\System\fVpzCuM.exe
  C:\Windows\System\fVpzCuM.exe
  2⤵
  PID:6732
- C:\Windows\System\JnvBfnq.exe
  C:\Windows\System\JnvBfnq.exe
  2⤵
  PID:6948
- C:\Windows\System\ZJlRmUc.exe
  C:\Windows\System\ZJlRmUc.exe
  2⤵
  PID:6092
- C:\Windows\System\KouMUqQ.exe
  C:\Windows\System\KouMUqQ.exe
  2⤵
  PID:6976
- C:\Windows\System\tGQZAVo.exe
  C:\Windows\System\tGQZAVo.exe
  2⤵
  PID:6168
- C:\Windows\System\fjLCPoK.exe
  C:\Windows\System\fjLCPoK.exe
  2⤵
  PID:6668
- C:\Windows\System\rWYvMGM.exe
  C:\Windows\System\rWYvMGM.exe
  2⤵
  PID:6716
- C:\Windows\System\VMeQkpy.exe
  C:\Windows\System\VMeQkpy.exe
  2⤵
  PID:7008
- C:\Windows\System\xFNAsuu.exe
  C:\Windows\System\xFNAsuu.exe
  2⤵
  PID:6820
- C:\Windows\System\uIiwaCG.exe
  C:\Windows\System\uIiwaCG.exe
  2⤵
  PID:7180
- C:\Windows\System\McRyuhN.exe
  C:\Windows\System\McRyuhN.exe
  2⤵
  PID:7196
- C:\Windows\System\JqaZbJi.exe
  C:\Windows\System\JqaZbJi.exe
  2⤵
  PID:7212
- C:\Windows\System\nwsqVEY.exe
  C:\Windows\System\nwsqVEY.exe
  2⤵
  PID:7228
- C:\Windows\System\siCDizY.exe
  C:\Windows\System\siCDizY.exe
  2⤵
  PID:7244
- C:\Windows\System\IoLzNuG.exe
  C:\Windows\System\IoLzNuG.exe
  2⤵
  PID:7260
- C:\Windows\System\pAAgkoc.exe
  C:\Windows\System\pAAgkoc.exe
  2⤵
  PID:7276
- C:\Windows\System\YPINEKI.exe
  C:\Windows\System\YPINEKI.exe
  2⤵
  PID:7292
- C:\Windows\System\iMgjlvh.exe
  C:\Windows\System\iMgjlvh.exe
  2⤵
  PID:7308
- C:\Windows\System\NIYiQTk.exe
  C:\Windows\System\NIYiQTk.exe
  2⤵
  PID:7324
- C:\Windows\System\yUggTro.exe
  C:\Windows\System\yUggTro.exe
  2⤵
  PID:7340
- C:\Windows\System\kuSylVv.exe
  C:\Windows\System\kuSylVv.exe
  2⤵
  PID:7360
- C:\Windows\System\jXATccV.exe
  C:\Windows\System\jXATccV.exe
  2⤵
  PID:7376
- C:\Windows\System\KqFMyXm.exe
  C:\Windows\System\KqFMyXm.exe
  2⤵
  PID:7392
- C:\Windows\System\HFwcPGh.exe
  C:\Windows\System\HFwcPGh.exe
  2⤵
  PID:7408
- C:\Windows\System\YwkoKRW.exe
  C:\Windows\System\YwkoKRW.exe
  2⤵
  PID:7424
- C:\Windows\System\TBPxUcg.exe
  C:\Windows\System\TBPxUcg.exe
  2⤵
  PID:7440
- C:\Windows\System\oeahvdI.exe
  C:\Windows\System\oeahvdI.exe
  2⤵
  PID:7456
- C:\Windows\System\mzGDmMV.exe
  C:\Windows\System\mzGDmMV.exe
  2⤵
  PID:7472
- C:\Windows\System\aCXYzFz.exe
  C:\Windows\System\aCXYzFz.exe
  2⤵
  PID:7488
- C:\Windows\System\GrLKmdV.exe
  C:\Windows\System\GrLKmdV.exe
  2⤵
  PID:7504
- C:\Windows\System\BpjnQGc.exe
  C:\Windows\System\BpjnQGc.exe
  2⤵
  PID:7520
- C:\Windows\System\tEpzola.exe
  C:\Windows\System\tEpzola.exe
  2⤵
  PID:7536
- C:\Windows\System\LTkbLJd.exe
  C:\Windows\System\LTkbLJd.exe
  2⤵
  PID:7552
- C:\Windows\System\GIsqPaw.exe
  C:\Windows\System\GIsqPaw.exe
  2⤵
  PID:7568
- C:\Windows\System\tsYYron.exe
  C:\Windows\System\tsYYron.exe
  2⤵
  PID:7584
- C:\Windows\System\yVVZNgn.exe
  C:\Windows\System\yVVZNgn.exe
  2⤵
  PID:7600
- C:\Windows\System\vJRzvRG.exe
  C:\Windows\System\vJRzvRG.exe
  2⤵
  PID:7616
- C:\Windows\System\tMVaFUq.exe
  C:\Windows\System\tMVaFUq.exe
  2⤵
  PID:7632
- C:\Windows\System\OkhTrbk.exe
  C:\Windows\System\OkhTrbk.exe
  2⤵
  PID:7648
- C:\Windows\System\labtmwL.exe
  C:\Windows\System\labtmwL.exe
  2⤵
  PID:7664
- C:\Windows\System\QSjadBc.exe
  C:\Windows\System\QSjadBc.exe
  2⤵
  PID:7680
- C:\Windows\System\CwbvoXf.exe
  C:\Windows\System\CwbvoXf.exe
  2⤵
  PID:7696
- C:\Windows\System\bjnxJUw.exe
  C:\Windows\System\bjnxJUw.exe
  2⤵
  PID:7712
- C:\Windows\System\DUSBQhO.exe
  C:\Windows\System\DUSBQhO.exe
  2⤵
  PID:7728
- C:\Windows\System\kTmOeeM.exe
  C:\Windows\System\kTmOeeM.exe
  2⤵
  PID:7744
- C:\Windows\System\hFKTbuD.exe
  C:\Windows\System\hFKTbuD.exe
  2⤵
  PID:7760
- C:\Windows\System\smuCNAC.exe
  C:\Windows\System\smuCNAC.exe
  2⤵
  PID:7780
- C:\Windows\System\WzPRGHO.exe
  C:\Windows\System\WzPRGHO.exe
  2⤵
  PID:7796
- C:\Windows\System\uCqJFEM.exe
  C:\Windows\System\uCqJFEM.exe
  2⤵
  PID:7812
- C:\Windows\System\pmbtxdw.exe
  C:\Windows\System\pmbtxdw.exe
  2⤵
  PID:7828
- C:\Windows\System\VusEDgB.exe
  C:\Windows\System\VusEDgB.exe
  2⤵
  PID:7844
- C:\Windows\System\BxVgFXP.exe
  C:\Windows\System\BxVgFXP.exe
  2⤵
  PID:7860
- C:\Windows\System\tgwZNxY.exe
  C:\Windows\System\tgwZNxY.exe
  2⤵
  PID:7876
- C:\Windows\System\nFwCmDi.exe
  C:\Windows\System\nFwCmDi.exe
  2⤵
  PID:7892
- C:\Windows\System\ZbVsRMO.exe
  C:\Windows\System\ZbVsRMO.exe
  2⤵
  PID:7908
- C:\Windows\System\kYcuUMZ.exe
  C:\Windows\System\kYcuUMZ.exe
  2⤵
  PID:7924
- C:\Windows\System\vYcDmTx.exe
  C:\Windows\System\vYcDmTx.exe
  2⤵
  PID:7940
- C:\Windows\System\njUddkV.exe
  C:\Windows\System\njUddkV.exe
  2⤵
  PID:7956
- C:\Windows\System\rsOeggF.exe
  C:\Windows\System\rsOeggF.exe
  2⤵
  PID:7972
- C:\Windows\System\oVHVdhl.exe
  C:\Windows\System\oVHVdhl.exe
  2⤵
  PID:7988
- C:\Windows\System\ObzFGKJ.exe
  C:\Windows\System\ObzFGKJ.exe
  2⤵
  PID:8004
- C:\Windows\System\PCITvhO.exe
  C:\Windows\System\PCITvhO.exe
  2⤵
  PID:8020
- C:\Windows\System\vHNAhEP.exe
  C:\Windows\System\vHNAhEP.exe
  2⤵
  PID:8036
- C:\Windows\System\OlOzZci.exe
  C:\Windows\System\OlOzZci.exe
  2⤵
  PID:8052
- C:\Windows\System\liDpayB.exe
  C:\Windows\System\liDpayB.exe
  2⤵
  PID:8068
- C:\Windows\System\hEZWVfC.exe
  C:\Windows\System\hEZWVfC.exe
  2⤵
  PID:8084
- C:\Windows\System\vtkNKpV.exe
  C:\Windows\System\vtkNKpV.exe
  2⤵
  PID:8100
- C:\Windows\System\qCUSvtp.exe
  C:\Windows\System\qCUSvtp.exe
  2⤵
  PID:8116
- C:\Windows\System\YAVaerR.exe
  C:\Windows\System\YAVaerR.exe
  2⤵
  PID:8132
- C:\Windows\System\SzfAcBz.exe
  C:\Windows\System\SzfAcBz.exe
  2⤵
  PID:8148
- C:\Windows\System\rTcnTTv.exe
  C:\Windows\System\rTcnTTv.exe
  2⤵
  PID:8164
- C:\Windows\System\qKiYptJ.exe
  C:\Windows\System\qKiYptJ.exe
  2⤵
  PID:8180
- C:\Windows\System\tZUtNDu.exe
  C:\Windows\System\tZUtNDu.exe
  2⤵
  PID:1280
- C:\Windows\System\UAQyOnZ.exe
  C:\Windows\System\UAQyOnZ.exe
  2⤵
  PID:6772
- C:\Windows\System\ijRYcjX.exe
  C:\Windows\System\ijRYcjX.exe
  2⤵
  PID:6404
- C:\Windows\System\tpicMqb.exe
  C:\Windows\System\tpicMqb.exe
  2⤵
  PID:7176
- C:\Windows\System\ZyVuwHJ.exe
  C:\Windows\System\ZyVuwHJ.exe
  2⤵
  PID:6356
- C:\Windows\System\tHynpXM.exe
  C:\Windows\System\tHynpXM.exe
  2⤵
  PID:7204
- C:\Windows\System\oblBBTD.exe
  C:\Windows\System\oblBBTD.exe
  2⤵
  PID:7252
- C:\Windows\System\rPqDFJJ.exe
  C:\Windows\System\rPqDFJJ.exe
  2⤵
  PID:7256
- C:\Windows\System\QoFFjnN.exe
  C:\Windows\System\QoFFjnN.exe
  2⤵
  PID:7320
- C:\Windows\System\QxGcKqF.exe
  C:\Windows\System\QxGcKqF.exe
  2⤵
  PID:7268
- C:\Windows\System\rlgHgzi.exe
  C:\Windows\System\rlgHgzi.exe
  2⤵
  PID:7356
- C:\Windows\System\RFqZFzO.exe
  C:\Windows\System\RFqZFzO.exe
  2⤵
  PID:7368
- C:\Windows\System\rAMZjSO.exe
  C:\Windows\System\rAMZjSO.exe
  2⤵
  PID:7420
- C:\Windows\System\HbCaNoX.exe
  C:\Windows\System\HbCaNoX.exe
  2⤵
  PID:7404
- C:\Windows\System\yTaLZyr.exe
  C:\Windows\System\yTaLZyr.exe
  2⤵
  PID:7480
- C:\Windows\System\zPAJcpB.exe
  C:\Windows\System\zPAJcpB.exe
  2⤵
  PID:7544
- C:\Windows\System\HHYBDjW.exe
  C:\Windows\System\HHYBDjW.exe
  2⤵
  PID:7580
- C:\Windows\System\RCewHgF.exe
  C:\Windows\System\RCewHgF.exe
  2⤵
  PID:7468
- C:\Windows\System\IWqLIZa.exe
  C:\Windows\System\IWqLIZa.exe
  2⤵
  PID:7560
- C:\Windows\System\QcqjCZp.exe
  C:\Windows\System\QcqjCZp.exe
  2⤵
  PID:7596
- C:\Windows\System\QGyKzpC.exe
  C:\Windows\System\QGyKzpC.exe
  2⤵
  PID:7656
- C:\Windows\System\jqRTPFY.exe
  C:\Windows\System\jqRTPFY.exe
  2⤵
  PID:7708
- C:\Windows\System\DSlkAPi.exe
  C:\Windows\System\DSlkAPi.exe
  2⤵
  PID:7660
- C:\Windows\System\lmvnYJf.exe
  C:\Windows\System\lmvnYJf.exe
  2⤵
  PID:7688
- C:\Windows\System\bwbvzro.exe
  C:\Windows\System\bwbvzro.exe
  2⤵
  PID:7788
- C:\Windows\System\ZLwxtar.exe
  C:\Windows\System\ZLwxtar.exe
  2⤵
  PID:7792
- C:\Windows\System\Yoewtal.exe
  C:\Windows\System\Yoewtal.exe
  2⤵
  PID:7820
- C:\Windows\System\SjpGtDl.exe
  C:\Windows\System\SjpGtDl.exe
  2⤵
  PID:7852
- C:\Windows\System\EXKxIXR.exe
  C:\Windows\System\EXKxIXR.exe
  2⤵
  PID:7916
- C:\Windows\System\vNOqFkp.exe
  C:\Windows\System\vNOqFkp.exe
  2⤵
  PID:7964
- C:\Windows\System\FKtwEGJ.exe
  C:\Windows\System\FKtwEGJ.exe
  2⤵
  PID:8000
- C:\Windows\System\DQaNyRi.exe
  C:\Windows\System\DQaNyRi.exe
  2⤵
  PID:7980
- C:\Windows\System\FlJXgej.exe
  C:\Windows\System\FlJXgej.exe
  2⤵
  PID:8012
- C:\Windows\System\awlZiRU.exe
  C:\Windows\System\awlZiRU.exe
  2⤵
  PID:8044
- C:\Windows\System\IdUwAJw.exe
  C:\Windows\System\IdUwAJw.exe
  2⤵
  PID:8096
- C:\Windows\System\SETFMPY.exe
  C:\Windows\System\SETFMPY.exe
  2⤵
  PID:8128
- C:\Windows\System\irMsqID.exe
  C:\Windows\System\irMsqID.exe
  2⤵
  PID:8160
- C:\Windows\System\RioDIeY.exe
  C:\Windows\System\RioDIeY.exe
  2⤵
  PID:6620
- C:\Windows\System\nMDYSQT.exe
  C:\Windows\System\nMDYSQT.exe
  2⤵
  PID:6328
- C:\Windows\System\jUGqDzR.exe
  C:\Windows\System\jUGqDzR.exe
  2⤵
  PID:536
- C:\Windows\System\cVVHzeP.exe
  C:\Windows\System\cVVHzeP.exe
  2⤵
  PID:7332
- C:\Windows\System\TZzlDzX.exe
  C:\Windows\System\TZzlDzX.exe
  2⤵
  PID:6932
- C:\Windows\System\HLrGNBQ.exe
  C:\Windows\System\HLrGNBQ.exe
  2⤵
  PID:7576
- C:\Windows\System\cuOwRDJ.exe
  C:\Windows\System\cuOwRDJ.exe
  2⤵
  PID:2348
- C:\Windows\System\iXOAGPb.exe
  C:\Windows\System\iXOAGPb.exe
  2⤵
  PID:7384
- C:\Windows\System\FWOymsT.exe
  C:\Windows\System\FWOymsT.exe
  2⤵
  PID:7512
- C:\Windows\System\flrZopJ.exe
  C:\Windows\System\flrZopJ.exe
  2⤵
  PID:7496
- C:\Windows\System\pnhEDIC.exe
  C:\Windows\System\pnhEDIC.exe
  2⤵
  PID:7628
- C:\Windows\System\jdXjAtJ.exe
  C:\Windows\System\jdXjAtJ.exe
  2⤵
  PID:7772
- C:\Windows\System\bMuFvxP.exe
  C:\Windows\System\bMuFvxP.exe
  2⤵
  PID:7888
- C:\Windows\System\XiczWsi.exe
  C:\Windows\System\XiczWsi.exe
  2⤵
  PID:7676
- C:\Windows\System\tPbHAbH.exe
  C:\Windows\System\tPbHAbH.exe
  2⤵
  PID:7996
- C:\Windows\System\YJHWLFL.exe
  C:\Windows\System\YJHWLFL.exe
  2⤵
  PID:7824
- C:\Windows\System\hrVEyde.exe
  C:\Windows\System\hrVEyde.exe
  2⤵
  PID:7808
- C:\Windows\System\WbyxuKp.exe
  C:\Windows\System\WbyxuKp.exe
  2⤵
  PID:7952
- C:\Windows\System\yGyZlvC.exe
  C:\Windows\System\yGyZlvC.exe
  2⤵
  PID:7240
- C:\Windows\System\HEyqhrS.exe
  C:\Windows\System\HEyqhrS.exe
  2⤵
  PID:7400
- C:\Windows\System\vFScQaz.exe
  C:\Windows\System\vFScQaz.exe
  2⤵
  PID:7172
- C:\Windows\System\PVfeOTv.exe
  C:\Windows\System\PVfeOTv.exe
  2⤵
  PID:7756
- C:\Windows\System\XjovkbW.exe
  C:\Windows\System\XjovkbW.exe
  2⤵
  PID:7704
- C:\Windows\System\vWeRNPd.exe
  C:\Windows\System\vWeRNPd.exe
  2⤵
  PID:8064
- C:\Windows\System\nulLjLo.exe
  C:\Windows\System\nulLjLo.exe
  2⤵
  PID:8112
- C:\Windows\System\ziWWMxq.exe
  C:\Windows\System\ziWWMxq.exe
  2⤵
  PID:8140
- C:\Windows\System\NEtBrOC.exe
  C:\Windows\System\NEtBrOC.exe
  2⤵
  PID:8176
- C:\Windows\System\SiFuJRh.exe
  C:\Windows\System\SiFuJRh.exe
  2⤵
  PID:7436
- C:\Windows\System\RwytOGG.exe
  C:\Windows\System\RwytOGG.exe
  2⤵
  PID:7224
- C:\Windows\System\yTAevPS.exe
  C:\Windows\System\yTAevPS.exe
  2⤵
  PID:7640
- C:\Windows\System\miIFoGG.exe
  C:\Windows\System\miIFoGG.exe
  2⤵
  PID:408
- C:\Windows\System\GFVDQUj.exe
  C:\Windows\System\GFVDQUj.exe
  2⤵
  PID:8048
- C:\Windows\System\SIDTMYJ.exe
  C:\Windows\System\SIDTMYJ.exe
  2⤵
  PID:7300
- C:\Windows\System\jMhikvU.exe
  C:\Windows\System\jMhikvU.exe
  2⤵
  PID:7768
- C:\Windows\System\nufXqND.exe
  C:\Windows\System\nufXqND.exe
  2⤵
  PID:7856
- C:\Windows\System\IMRcQvW.exe
  C:\Windows\System\IMRcQvW.exe
  2⤵
  PID:7872
- C:\Windows\System\xyEfgfr.exe
  C:\Windows\System\xyEfgfr.exe
  2⤵
  PID:7432
- C:\Windows\System\OGfVVNa.exe
  C:\Windows\System\OGfVVNa.exe
  2⤵
  PID:8204
- C:\Windows\System\FoipHek.exe
  C:\Windows\System\FoipHek.exe
  2⤵
  PID:8224
- C:\Windows\System\ZLRRuNf.exe
  C:\Windows\System\ZLRRuNf.exe
  2⤵
  PID:8248
- C:\Windows\System\AFtYdEW.exe
  C:\Windows\System\AFtYdEW.exe
  2⤵
  PID:8264
- C:\Windows\System\fBdaWpw.exe
  C:\Windows\System\fBdaWpw.exe
  2⤵
  PID:8280
- C:\Windows\System\ODlIyij.exe
  C:\Windows\System\ODlIyij.exe
  2⤵
  PID:8296
- C:\Windows\System\bTaUGWi.exe
  C:\Windows\System\bTaUGWi.exe
  2⤵
  PID:8316
- C:\Windows\System\OnkEMGH.exe
  C:\Windows\System\OnkEMGH.exe
  2⤵
  PID:8332
- C:\Windows\System\bhlyqcB.exe
  C:\Windows\System\bhlyqcB.exe
  2⤵
  PID:8348
- C:\Windows\System\fXLrQxl.exe
  C:\Windows\System\fXLrQxl.exe
  2⤵
  PID:8364
- C:\Windows\System\OLvJorH.exe
  C:\Windows\System\OLvJorH.exe
  2⤵
  PID:8380
- C:\Windows\System\OnZzvUT.exe
  C:\Windows\System\OnZzvUT.exe
  2⤵
  PID:8396
- C:\Windows\System\aqOgeZI.exe
  C:\Windows\System\aqOgeZI.exe
  2⤵
  PID:8424
- C:\Windows\System\UdwzAXt.exe
  C:\Windows\System\UdwzAXt.exe
  2⤵
  PID:8440
- C:\Windows\System\EocqReD.exe
  C:\Windows\System\EocqReD.exe
  2⤵
  PID:8460
- C:\Windows\System\yjcSdQD.exe
  C:\Windows\System\yjcSdQD.exe
  2⤵
  PID:8476
- C:\Windows\System\yoppEhg.exe
  C:\Windows\System\yoppEhg.exe
  2⤵
  PID:8492
- C:\Windows\System\MXHTkGe.exe
  C:\Windows\System\MXHTkGe.exe
  2⤵
  PID:8508
- C:\Windows\System\MNeFxUJ.exe
  C:\Windows\System\MNeFxUJ.exe
  2⤵
  PID:8524
- C:\Windows\System\qZRCYXr.exe
  C:\Windows\System\qZRCYXr.exe
  2⤵
  PID:8540
- C:\Windows\System\vaINtqh.exe
  C:\Windows\System\vaINtqh.exe
  2⤵
  PID:8564
- C:\Windows\System\fCWDeIn.exe
  C:\Windows\System\fCWDeIn.exe
  2⤵
  PID:8580
- C:\Windows\System\CiFwxzi.exe
  C:\Windows\System\CiFwxzi.exe
  2⤵
  PID:8596
- C:\Windows\System\wgGhlVq.exe
  C:\Windows\System\wgGhlVq.exe
  2⤵
  PID:8612
- C:\Windows\System\QKpOPoC.exe
  C:\Windows\System\QKpOPoC.exe
  2⤵
  PID:8628
- C:\Windows\System\ZqBVHGa.exe
  C:\Windows\System\ZqBVHGa.exe
  2⤵
  PID:8644
- C:\Windows\System\aTaAWcl.exe
  C:\Windows\System\aTaAWcl.exe
  2⤵
  PID:8660
- C:\Windows\System\ntwakDs.exe
  C:\Windows\System\ntwakDs.exe
  2⤵
  PID:8676
- C:\Windows\System\QExxuhb.exe
  C:\Windows\System\QExxuhb.exe
  2⤵
  PID:8692
- C:\Windows\System\nIxJRue.exe
  C:\Windows\System\nIxJRue.exe
  2⤵
  PID:8708
- C:\Windows\System\nKFnIBW.exe
  C:\Windows\System\nKFnIBW.exe
  2⤵
  PID:8724
- C:\Windows\System\jZSuJrk.exe
  C:\Windows\System\jZSuJrk.exe
  2⤵
  PID:8740
- C:\Windows\System\EkPUows.exe
  C:\Windows\System\EkPUows.exe
  2⤵
  PID:8756
- C:\Windows\System\hspwPyb.exe
  C:\Windows\System\hspwPyb.exe
  2⤵
  PID:8772
- C:\Windows\System\JSLAYsx.exe
  C:\Windows\System\JSLAYsx.exe
  2⤵
  PID:8788
- C:\Windows\System\ndGOySb.exe
  C:\Windows\System\ndGOySb.exe
  2⤵
  PID:8804
- C:\Windows\System\SMfyZuo.exe
  C:\Windows\System\SMfyZuo.exe
  2⤵
  PID:8820
- C:\Windows\System\KKdzMfs.exe
  C:\Windows\System\KKdzMfs.exe
  2⤵
  PID:8836
- C:\Windows\System\TgXidQV.exe
  C:\Windows\System\TgXidQV.exe
  2⤵
  PID:8852
- C:\Windows\System\VFkuWkW.exe
  C:\Windows\System\VFkuWkW.exe
  2⤵
  PID:8868
- C:\Windows\System\tEpgNNk.exe
  C:\Windows\System\tEpgNNk.exe
  2⤵
  PID:8884
- C:\Windows\System\KHacOaV.exe
  C:\Windows\System\KHacOaV.exe
  2⤵
  PID:8900
- C:\Windows\System\tfrjwCv.exe
  C:\Windows\System\tfrjwCv.exe
  2⤵
  PID:8920
- C:\Windows\System\oTwYzEc.exe
  C:\Windows\System\oTwYzEc.exe
  2⤵
  PID:8936
- C:\Windows\System\FmZIRHL.exe
  C:\Windows\System\FmZIRHL.exe
  2⤵
  PID:8952
- C:\Windows\System\MXtQSxs.exe
  C:\Windows\System\MXtQSxs.exe
  2⤵
  PID:8968
- C:\Windows\System\qcovCfP.exe
  C:\Windows\System\qcovCfP.exe
  2⤵
  PID:8984
- C:\Windows\System\rjgkLba.exe
  C:\Windows\System\rjgkLba.exe
  2⤵
  PID:9000
- C:\Windows\System\ypRXEkb.exe
  C:\Windows\System\ypRXEkb.exe
  2⤵
  PID:9020
- C:\Windows\System\sOhDsqn.exe
  C:\Windows\System\sOhDsqn.exe
  2⤵
  PID:9036
- C:\Windows\System\bImJsgF.exe
  C:\Windows\System\bImJsgF.exe
  2⤵
  PID:9052
- C:\Windows\System\oWkIdJg.exe
  C:\Windows\System\oWkIdJg.exe
  2⤵
  PID:9068
- C:\Windows\System\xztAciQ.exe
  C:\Windows\System\xztAciQ.exe
  2⤵
  PID:9088
- C:\Windows\System\amAbOGs.exe
  C:\Windows\System\amAbOGs.exe
  2⤵
  PID:9104
- C:\Windows\System\UCgKPGL.exe
  C:\Windows\System\UCgKPGL.exe
  2⤵
  PID:9120
- C:\Windows\System\ZEfNzTl.exe
  C:\Windows\System\ZEfNzTl.exe
  2⤵
  PID:9172
- C:\Windows\System\dPjWnBP.exe
  C:\Windows\System\dPjWnBP.exe
  2⤵
  PID:9188
- C:\Windows\System\fxzTObO.exe
  C:\Windows\System\fxzTObO.exe
  2⤵
  PID:9204
- C:\Windows\System\mfsFggg.exe
  C:\Windows\System\mfsFggg.exe
  2⤵
  PID:8200
- C:\Windows\System\IaOqVsk.exe
  C:\Windows\System\IaOqVsk.exe
  2⤵
  PID:8240
- C:\Windows\System\srGfloc.exe
  C:\Windows\System\srGfloc.exe
  2⤵
  PID:7516
- C:\Windows\System\mMogkvr.exe
  C:\Windows\System\mMogkvr.exe
  2⤵
  PID:8244
- C:\Windows\System\VatqgwH.exe
  C:\Windows\System\VatqgwH.exe
  2⤵
  PID:8308
- C:\Windows\System\MkNyHze.exe
  C:\Windows\System\MkNyHze.exe
  2⤵
  PID:8372
- C:\Windows\System\xXaomSD.exe
  C:\Windows\System\xXaomSD.exe
  2⤵
  PID:8388
- C:\Windows\System\KpzorOS.exe
  C:\Windows\System\KpzorOS.exe
  2⤵
  PID:8288
- C:\Windows\System\yDaCajh.exe
  C:\Windows\System\yDaCajh.exe
  2⤵
  PID:8356
- C:\Windows\System\VNCdAAg.exe
  C:\Windows\System\VNCdAAg.exe
  2⤵
  PID:8420
- C:\Windows\System\AiKoXII.exe
  C:\Windows\System\AiKoXII.exe
  2⤵
  PID:8488
- C:\Windows\System\MKBHhyi.exe
  C:\Windows\System\MKBHhyi.exe
  2⤵
  PID:8504
- C:\Windows\System\oxNbEYZ.exe
  C:\Windows\System\oxNbEYZ.exe
  2⤵
  PID:8436
- C:\Windows\System\VcSChnU.exe
  C:\Windows\System\VcSChnU.exe
  2⤵
  PID:8556
- C:\Windows\System\glEpBMr.exe
  C:\Windows\System\glEpBMr.exe
  2⤵
  PID:8620
- C:\Windows\System\vYuCRWI.exe
  C:\Windows\System\vYuCRWI.exe
  2⤵
  PID:8684
- C:\Windows\System\mvpdWLK.exe
  C:\Windows\System\mvpdWLK.exe
  2⤵
  PID:8748
- C:\Windows\System\RFuTCYW.exe
  C:\Windows\System\RFuTCYW.exe
  2⤵
  PID:8812
- C:\Windows\System\iTjzHqN.exe
  C:\Windows\System\iTjzHqN.exe
  2⤵
  PID:8848
- C:\Windows\System\GgwIlIK.exe
  C:\Windows\System\GgwIlIK.exe
  2⤵
  PID:8916
- C:\Windows\System\FtOAdgC.exe
  C:\Windows\System\FtOAdgC.exe
  2⤵
  PID:8800
- C:\Windows\System\ueXookk.exe
  C:\Windows\System\ueXookk.exe
  2⤵
  PID:8576
- C:\Windows\System\eoLIkvh.exe
  C:\Windows\System\eoLIkvh.exe
  2⤵
  PID:8672
- C:\Windows\System\lEzjlxD.exe
  C:\Windows\System\lEzjlxD.exe
  2⤵
  PID:8736
- C:\Windows\System\SLOlrfe.exe
  C:\Windows\System\SLOlrfe.exe
  2⤵
  PID:8912
- C:\Windows\System\piRBJTV.exe
  C:\Windows\System\piRBJTV.exe
  2⤵
  PID:8892
- C:\Windows\System\ncIlcdl.exe
  C:\Windows\System\ncIlcdl.exe
  2⤵
  PID:9048
- C:\Windows\System\ewsufFW.exe
  C:\Windows\System\ewsufFW.exe
  2⤵
  PID:8928
- C:\Windows\System\AwnjAdU.exe
  C:\Windows\System\AwnjAdU.exe
  2⤵
  PID:8992
- C:\Windows\System\RsbmULF.exe
  C:\Windows\System\RsbmULF.exe
  2⤵
  PID:9064
- C:\Windows\System\iMWsDVa.exe
  C:\Windows\System\iMWsDVa.exe
  2⤵
  PID:9140
- C:\Windows\System\wziXBtL.exe
  C:\Windows\System\wziXBtL.exe
  2⤵
  PID:9156
- C:\Windows\System\tMzYbfI.exe
  C:\Windows\System\tMzYbfI.exe
  2⤵
  PID:8196
- C:\Windows\System\VGOpaMj.exe
  C:\Windows\System\VGOpaMj.exe
  2⤵
  PID:8272
- C:\Windows\System\UqxJFNv.exe
  C:\Windows\System\UqxJFNv.exe
  2⤵
  PID:8276
- C:\Windows\System\VxodfHJ.exe
  C:\Windows\System\VxodfHJ.exe
  2⤵
  PID:8340
- C:\Windows\System\axOjbkB.exe
  C:\Windows\System\axOjbkB.exe
  2⤵
  PID:8324
- C:\Windows\System\msFMtRq.exe
  C:\Windows\System\msFMtRq.exe
  2⤵
  PID:8484
- C:\Windows\System\whiYsWb.exe
  C:\Windows\System\whiYsWb.exe
  2⤵
  PID:8260
- C:\Windows\System\eIBisqh.exe
  C:\Windows\System\eIBisqh.exe
  2⤵
  PID:8548
- C:\Windows\System\fxwaamw.exe
  C:\Windows\System\fxwaamw.exe
  2⤵
  PID:8592
- C:\Windows\System\ryokEET.exe
  C:\Windows\System\ryokEET.exe
  2⤵
  PID:8844
- C:\Windows\System\OmNtUwe.exe
  C:\Windows\System\OmNtUwe.exe
  2⤵
  PID:8908
- C:\Windows\System\kJBbBTR.exe
  C:\Windows\System\kJBbBTR.exe
  2⤵
  PID:9028
- C:\Windows\System\ICVMsWQ.exe
  C:\Windows\System\ICVMsWQ.exe
  2⤵
  PID:8408
- C:\Windows\System\miuQtez.exe
  C:\Windows\System\miuQtez.exe
  2⤵
  PID:8456
- C:\Windows\System\aStGowM.exe
  C:\Windows\System\aStGowM.exe
  2⤵
  PID:7936
- C:\Windows\System\sNlwaxO.exe
  C:\Windows\System\sNlwaxO.exe
  2⤵
  PID:8948
- C:\Windows\System\geGKKFk.exe
  C:\Windows\System\geGKKFk.exe
  2⤵
  PID:8720
- C:\Windows\System\PFYkbIH.exe
  C:\Windows\System\PFYkbIH.exe
  2⤵
  PID:9016
- C:\Windows\System\FyVjQRU.exe
  C:\Windows\System\FyVjQRU.exe
  2⤵
  PID:9012
- C:\Windows\System\NUzoHwP.exe
  C:\Windows\System\NUzoHwP.exe
  2⤵
  PID:8520
- C:\Windows\System\VbPiegE.exe
  C:\Windows\System\VbPiegE.exe
  2⤵
  PID:9168
- C:\Windows\System\TgJosem.exe
  C:\Windows\System\TgJosem.exe
  2⤵
  PID:9212
- C:\Windows\System\jhHiNDF.exe
  C:\Windows\System\jhHiNDF.exe
  2⤵
  PID:9196
- C:\Windows\System\frvLHto.exe
  C:\Windows\System\frvLHto.exe
  2⤵
  PID:8552
- C:\Windows\System\jSKFBok.exe
  C:\Windows\System\jSKFBok.exe
  2⤵
  PID:8980
- C:\Windows\System\lZhYRvo.exe
  C:\Windows\System\lZhYRvo.exe
  2⤵
  PID:8432
- C:\Windows\System\OSCSSUy.exe
  C:\Windows\System\OSCSSUy.exe
  2⤵
  PID:8964
- C:\Windows\System\jgDbpsH.exe
  C:\Windows\System\jgDbpsH.exe
  2⤵
  PID:9112
- C:\Windows\System\iAZmAnd.exe
  C:\Windows\System\iAZmAnd.exe
  2⤵
  PID:9060
- C:\Windows\System\MsfDoqS.exe
  C:\Windows\System\MsfDoqS.exe
  2⤵
  PID:8404
- C:\Windows\System\nzabvRG.exe
  C:\Windows\System\nzabvRG.exe
  2⤵
  PID:8256
- C:\Windows\System\FfQDXkB.exe
  C:\Windows\System\FfQDXkB.exe
  2⤵
  PID:1808
- C:\Windows\System\kZbwVBq.exe
  C:\Windows\System\kZbwVBq.exe
  2⤵
  PID:8704
- C:\Windows\System\WKPkExw.exe
  C:\Windows\System\WKPkExw.exe
  2⤵
  PID:8344
- C:\Windows\System\tYxaFZU.exe
  C:\Windows\System\tYxaFZU.exe
  2⤵
  PID:8452
- C:\Windows\System\nHommLR.exe
  C:\Windows\System\nHommLR.exe
  2⤵
  PID:9044
- C:\Windows\System\qqsfCAr.exe
  C:\Windows\System\qqsfCAr.exe
  2⤵
  PID:9224
- C:\Windows\System\adGraAH.exe
  C:\Windows\System\adGraAH.exe
  2⤵
  PID:9240
- C:\Windows\System\CkVQswm.exe
  C:\Windows\System\CkVQswm.exe
  2⤵
  PID:9256
- C:\Windows\System\wVaHRaT.exe
  C:\Windows\System\wVaHRaT.exe
  2⤵
  PID:9272
- C:\Windows\System\Bankiad.exe
  C:\Windows\System\Bankiad.exe
  2⤵
  PID:9288
- C:\Windows\System\asoJxwx.exe
  C:\Windows\System\asoJxwx.exe
  2⤵
  PID:9304
- C:\Windows\System\iUxpWwY.exe
  C:\Windows\System\iUxpWwY.exe
  2⤵
  PID:9320
- C:\Windows\System\UxYcwTP.exe
  C:\Windows\System\UxYcwTP.exe
  2⤵
  PID:9336
- C:\Windows\System\JSiVBmw.exe
  C:\Windows\System\JSiVBmw.exe
  2⤵
  PID:9352
- C:\Windows\System\HKMcedt.exe
  C:\Windows\System\HKMcedt.exe
  2⤵
  PID:9368
- C:\Windows\System\pFebkqy.exe
  C:\Windows\System\pFebkqy.exe
  2⤵
  PID:9384
- C:\Windows\System\LLzQgbP.exe
  C:\Windows\System\LLzQgbP.exe
  2⤵
  PID:9400
- C:\Windows\System\NfWrkNS.exe
  C:\Windows\System\NfWrkNS.exe
  2⤵
  PID:9416
- C:\Windows\System\gidaPoU.exe
  C:\Windows\System\gidaPoU.exe
  2⤵
  PID:9432
- C:\Windows\System\qzrJLwW.exe
  C:\Windows\System\qzrJLwW.exe
  2⤵
  PID:9448
- C:\Windows\System\yflvbyo.exe
  C:\Windows\System\yflvbyo.exe
  2⤵
  PID:9464
- C:\Windows\System\uVuFFLI.exe
  C:\Windows\System\uVuFFLI.exe
  2⤵
  PID:9480
- C:\Windows\System\ZGuzpGc.exe
  C:\Windows\System\ZGuzpGc.exe
  2⤵
  PID:9500
- C:\Windows\System\FktPsjf.exe
  C:\Windows\System\FktPsjf.exe
  2⤵
  PID:9516
- C:\Windows\System\UkpuCcX.exe
  C:\Windows\System\UkpuCcX.exe
  2⤵
  PID:9896
- C:\Windows\System\PdGiBQe.exe
  C:\Windows\System\PdGiBQe.exe
  2⤵
  PID:9916
- C:\Windows\System\pObOFnX.exe
  C:\Windows\System\pObOFnX.exe
  2⤵
  PID:9940
- C:\Windows\System\HcuMZlh.exe
  C:\Windows\System\HcuMZlh.exe
  2⤵
  PID:9960
- C:\Windows\System\EzjKggz.exe
  C:\Windows\System\EzjKggz.exe
  2⤵
  PID:9980
- C:\Windows\System\CuKizWG.exe
  C:\Windows\System\CuKizWG.exe
  2⤵
  PID:9996
- C:\Windows\System\pdUEUrT.exe
  C:\Windows\System\pdUEUrT.exe
  2⤵
  PID:10012
- C:\Windows\System\HSObbMv.exe
  C:\Windows\System\HSObbMv.exe
  2⤵
  PID:9600
- C:\Windows\System\FpsdpkM.exe
  C:\Windows\System\FpsdpkM.exe
  2⤵
  PID:9628
- C:\Windows\System\CcMCELN.exe
  C:\Windows\System\CcMCELN.exe
  2⤵
  PID:9656
- C:\Windows\System\gCBuPga.exe
  C:\Windows\System\gCBuPga.exe
  2⤵
  PID:9376
- C:\Windows\System\qWbwCqT.exe
  C:\Windows\System\qWbwCqT.exe
  2⤵
  PID:5256
- C:\Windows\System\SPyaSSa.exe
  C:\Windows\System\SPyaSSa.exe
  2⤵
  PID:9424
- C:\Windows\System\aCSOpev.exe
  C:\Windows\System\aCSOpev.exe
  2⤵
  PID:9428
- C:\Windows\System\XcAjkOS.exe
  C:\Windows\System\XcAjkOS.exe
  2⤵
  PID:8604
- C:\Windows\System\fDgZYRa.exe
  C:\Windows\System\fDgZYRa.exe
  2⤵
  PID:9512
- C:\Windows\System\brDgMuW.exe
  C:\Windows\System\brDgMuW.exe
  2⤵
  PID:9536
- C:\Windows\System\HoZgoDV.exe
  C:\Windows\System\HoZgoDV.exe
  2⤵
  PID:9556
- C:\Windows\System\LefeYCS.exe
  C:\Windows\System\LefeYCS.exe
  2⤵
  PID:9576
- C:\Windows\System\CtYgzlL.exe
  C:\Windows\System\CtYgzlL.exe
  2⤵
  PID:9584
- C:\Windows\System\CJEBvSz.exe
  C:\Windows\System\CJEBvSz.exe
  2⤵
  PID:9624
- C:\Windows\System\eSJemJf.exe
  C:\Windows\System\eSJemJf.exe
  2⤵
  PID:9640
- C:\Windows\System\lLoHRNu.exe
  C:\Windows\System\lLoHRNu.exe
  2⤵
  PID:9652
- C:\Windows\System\xcSePaG.exe
  C:\Windows\System\xcSePaG.exe
  2⤵
  PID:9712
- C:\Windows\System\HlTsVcf.exe
  C:\Windows\System\HlTsVcf.exe
  2⤵
  PID:9736
- C:\Windows\System\aEhykOX.exe
  C:\Windows\System\aEhykOX.exe
  2⤵
  PID:9744
- C:\Windows\System\bpWOOYN.exe
  C:\Windows\System\bpWOOYN.exe
  2⤵
  PID:9768
- C:\Windows\System\mhYloXF.exe
  C:\Windows\System\mhYloXF.exe
  2⤵
  PID:9788
- C:\Windows\System\gxdZByY.exe
  C:\Windows\System\gxdZByY.exe
  2⤵
  PID:9800
- C:\Windows\System\ZjjpplA.exe
  C:\Windows\System\ZjjpplA.exe
  2⤵
  PID:9820
- C:\Windows\System\tCOuwjx.exe
  C:\Windows\System\tCOuwjx.exe
  2⤵
  PID:9832
- C:\Windows\System\PVEWYoo.exe
  C:\Windows\System\PVEWYoo.exe
  2⤵
  PID:9868
- C:\Windows\System\JyAKdcw.exe
  C:\Windows\System\JyAKdcw.exe
  2⤵
  PID:9908
- C:\Windows\System\hgabJXo.exe
  C:\Windows\System\hgabJXo.exe
  2⤵
  PID:9912
- C:\Windows\System\PCkIkBP.exe
  C:\Windows\System\PCkIkBP.exe
  2⤵
  PID:9976
- C:\Windows\System\pLdOvdj.exe
  C:\Windows\System\pLdOvdj.exe
  2⤵
  PID:9992
- C:\Windows\System\OPlbhUB.exe
  C:\Windows\System\OPlbhUB.exe
  2⤵
  PID:10020
- C:\Windows\System\FwzQwVb.exe
  C:\Windows\System\FwzQwVb.exe
  2⤵
  PID:10040
- C:\Windows\System\BBsRbro.exe
  C:\Windows\System\BBsRbro.exe
  2⤵
  PID:10060
- C:\Windows\System\fvgVIbq.exe
  C:\Windows\System\fvgVIbq.exe
  2⤵
  PID:10080
- C:\Windows\System\syDuvIE.exe
  C:\Windows\System\syDuvIE.exe
  2⤵
  PID:10096
- C:\Windows\System\kMuJbph.exe
  C:\Windows\System\kMuJbph.exe
  2⤵
  PID:10116
- C:\Windows\System\JlBteSz.exe
  C:\Windows\System\JlBteSz.exe
  2⤵
  PID:10144
- C:\Windows\System\bzGdAmE.exe
  C:\Windows\System\bzGdAmE.exe
  2⤵
  PID:10172
- C:\Windows\System\nvwauZg.exe
  C:\Windows\System\nvwauZg.exe
  2⤵
  PID:10188
- C:\Windows\System\ssEsQxf.exe
  C:\Windows\System\ssEsQxf.exe
  2⤵
  PID:10212
- C:\Windows\System\PXHFmQO.exe
  C:\Windows\System\PXHFmQO.exe
  2⤵
  PID:10224
- C:\Windows\System\utMxLZL.exe
  C:\Windows\System\utMxLZL.exe
  2⤵
  PID:9220
- C:\Windows\System\aGHgqfQ.exe
  C:\Windows\System\aGHgqfQ.exe
  2⤵
  PID:9268
- C:\Windows\System\WpkLXIv.exe
  C:\Windows\System\WpkLXIv.exe
  2⤵
  PID:9296
- C:\Windows\System\JAgUhIG.exe
  C:\Windows\System\JAgUhIG.exe
  2⤵
  PID:2176
- C:\Windows\System\JdVSHEz.exe
  C:\Windows\System\JdVSHEz.exe
  2⤵
  PID:9128
- C:\Windows\System\KkAucje.exe
  C:\Windows\System\KkAucje.exe
  2⤵
  PID:9364
- C:\Windows\System\jthKUlz.exe
  C:\Windows\System\jthKUlz.exe
  2⤵
  PID:9552
- C:\Windows\System\MrBQhCh.exe
  C:\Windows\System\MrBQhCh.exe
  2⤵
  PID:9532
- C:\Windows\System\XJoZkXC.exe
  C:\Windows\System\XJoZkXC.exe
  2⤵
  PID:9564
- C:\Windows\System\YYhVfku.exe
  C:\Windows\System\YYhVfku.exe
  2⤵
  PID:9616
- C:\Windows\System\aQKFWZY.exe
  C:\Windows\System\aQKFWZY.exe
  2⤵
  PID:9684
- C:\Windows\System\IJeYzwG.exe
  C:\Windows\System\IJeYzwG.exe
  2⤵
  PID:9696
- C:\Windows\System\HZwXVmv.exe
  C:\Windows\System\HZwXVmv.exe
  2⤵
  PID:9692
- C:\Windows\System\pWxLZTL.exe
  C:\Windows\System\pWxLZTL.exe
  2⤵
  PID:9776
- C:\Windows\System\xCblOOa.exe
  C:\Windows\System\xCblOOa.exe
  2⤵
  PID:9760
- C:\Windows\System\uNgTWeB.exe
  C:\Windows\System\uNgTWeB.exe
  2⤵
  PID:9852
- C:\Windows\System\edmMplr.exe
  C:\Windows\System\edmMplr.exe
  2⤵
  PID:9924
- C:\Windows\System\HTsJkXL.exe
  C:\Windows\System\HTsJkXL.exe
  2⤵
  PID:9988
- C:\Windows\System\yXRNkjj.exe
  C:\Windows\System\yXRNkjj.exe
  2⤵
  PID:10008
- C:\Windows\System\BsifMTw.exe
  C:\Windows\System\BsifMTw.exe
  2⤵
  PID:9880
- C:\Windows\System\YDuGilM.exe
  C:\Windows\System\YDuGilM.exe
  2⤵
  PID:10072
- C:\Windows\System\wFxXONp.exe
  C:\Windows\System\wFxXONp.exe
  2⤵
  PID:10052
- C:\Windows\System\xZjgows.exe
  C:\Windows\System\xZjgows.exe
  2⤵
  PID:10112
- C:\Windows\System\HZYHYVa.exe
  C:\Windows\System\HZYHYVa.exe
  2⤵
  PID:10140
- C:\Windows\System\GNaAANS.exe
  C:\Windows\System\GNaAANS.exe
  2⤵
  PID:10168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AhWqdpq.exe

Filesize
6.0MB

MD5
c657911643a55794a49c525bbe86d608

SHA1
1c287b52ffc09e7887cb954f2d7e603ff1816aa5

SHA256
75a97b856c90425d8c196670417545815562870c35f2ff97948046db47146e8b

SHA512
602b338b58a04b1bf774cb5543d40e38bb8ff81e6cbfc98b22c9ba3b18697b4e5294ccec3876dad973498d066cfe068315d6e2c24d67d30dbe23625c0fdb6cda

Download Submit
C:\Windows\system\BDVyVwy.exe

Filesize
6.0MB

MD5
aab4cee9d1b2b0042a4ea289141cd716

SHA1
bfbe43f17e8b5c42da1bc965dbf47d73ee4f75aa

SHA256
7206e5d8151e20e01be0a8a2e18c658e741e8a93a3c54fa77c1715f2bcce6701

SHA512
fd82f80fb1511ccd290f2b14bacf7a9598347d83ab92d809ef41d9be03bbfed4e64111071dde3a13f8552c3f26bc32885ce5d7c866ff2b16ce2d6c159ed1173b

Download Submit
C:\Windows\system\CAaIBzM.exe

Filesize
6.0MB

MD5
631dc0d3537eae4b7e9c8afcb7ed88f5

SHA1
95a294c5aeda1e9b005d6e5f085e4ee6f1713a81

SHA256
2fd8df181a9563268c12c6d5aab0b0ac0beb70598f84d7283460b7b050282d09

SHA512
97cd1b7f0c94f41eef3ae6f2f34b1430dbc0e70527bd46f169f40cc05059efe0836db4318fae9ce7631459930aa2eb6b6faf5ed2c5927a207c513decc44fb8f7

Download Submit
C:\Windows\system\CMgbYWf.exe

Filesize
6.0MB

MD5
a732fedbf02532d97c2cf39a109a0cfa

SHA1
dd5114495ea93d402c2b9bfa321028a8469b9bf9

SHA256
76ea7e3a536d2f73b18064c30e051f5abaca3f56b4130264757833ae7ea6df71

SHA512
8e53033c37fc0bc6e31678a26ee74ed7e103d2bf892e9c2415ba5b114082d1c98e55e75f0b9fd423bba27155bd0317360cb680fdcb91de218435c5572fe7f0a0

Download Submit
C:\Windows\system\GGHBbih.exe

Filesize
6.0MB

MD5
d921e9ea090795627255435929a9d3ef

SHA1
ff1f21c8e2744c95a3fccf6fcf4eb239721794e5

SHA256
c936d9d554a89a3fe9295e0a505ce3fd8739296ec7dc466659c49d2ae439277e

SHA512
d6b3540a16baefc587cc3441b9f5b3eea5b056461a0e1a882c0356a016f7901d7a7e81f3c98db69f364e16a1d75aafd89559d5ed19b500ddf9dbf473e3b8536b

Download Submit
C:\Windows\system\GNzimqR.exe

Filesize
6.0MB

MD5
1b3afce939128b91a3b22989048bdda3

SHA1
ddbae0a877bb829043f315dbf3d3a7f9aaecadf5

SHA256
fc3450144c9c9dbc52f039f8d3c1e4bad1ea2f3cbbe44b9a83d87ce360f635fc

SHA512
f55fdc033d4633d1a4d0b97ee5c7c3b0d565accf0da0361691c47cf7b0473dccfad112761285d12b5df2725aad1d9ea63ee9eafb873936d1ac20d8b0543c95d1

Download Submit
C:\Windows\system\HrAQLdw.exe

Filesize
6.0MB

MD5
0d7bcd2ade8c280dc88d09796937f8e9

SHA1
d12fe521e4afb75e8427c2158149ae3292e49462

SHA256
ad4553dda737fd40570d158c5952ad5cdb8baa5c957fb72ff22b446ee74feefd

SHA512
583c3510f32bb0ad6f8ec060f2107c19ac2aab358e661ee5d02efd82746f4601ab74ca1350596f2ee0e56e0b42b4f1ef325f7106e95a1c12f89b305b60edb63c

Download Submit
C:\Windows\system\HuUHscx.exe

Filesize
6.0MB

MD5
a5aed67179afb5a1f7a48d0f5f6aa432

SHA1
c88553fbbabf48b301e502346cd1b1886437894e

SHA256
1e55e2805d7652ee84af66da46fcfbfc2d2e1edf72d995d8c2addaa185f60443

SHA512
537dd626d245fd28a369a25ff5d0bdf8969c9db2958910033a656418bdba6de3efe0164f05b00d3f99e40a16367eb0f4b1f2081dfe62abb43711f35219f70660

Download Submit
C:\Windows\system\JmuMpav.exe

Filesize
6.0MB

MD5
78f630aaf937393c7508bb60b5db2b63

SHA1
6fb2d31ee28afc8103dab75b3e87308d8f1e1211

SHA256
afedd4567d697b19daecf7ce7d45b906d026b9ecc6108f533a72374db90af53e

SHA512
ec0c64d5ada5ccc88cdce7ab86c18847dbd9f29e49d0017e2ed727a4c66088d76d0eb9ff4e2fc0ef04eebbc8a91fb8aa036fa6eec299adc9ccbeeb07383e9b2c

Download Submit
C:\Windows\system\LNNxKWs.exe

Filesize
6.0MB

MD5
5c2afef3930dff677398e2493ffa8ea2

SHA1
f32276e61976ffd5983b7b58d0d747784be507ec

SHA256
8361266a611aa73cd2310a7f6dfab109184625a4b94774a610b73a8bdda069f9

SHA512
4ca2a5a8cf0dc1f3c6bb842810621d16295e5bc205b2329c183e3b8b706cd7118dcb5d0f62838bd2388a87468d0dde056a0683a8ec15e938d9ead3a057bfa992

Download Submit
C:\Windows\system\MvTIdQr.exe

Filesize
6.0MB

MD5
28fb256c5e49441755cfd76cd8efa35a

SHA1
0a5fadf91fbb2abaf2fee118cd7306e81dc97798

SHA256
a459f65bc369bf4f2ee1a6e0fba600ff188df5e77b91e9ef18cff7ad7d4b547a

SHA512
b57d3d4d28d52fde42694adf877650c20cfe04dee10fe3f074ed6c6d64d182345e4a47a433de9f9033135fb238a7b234ec8e81fb93132b31b7ab7be7b266bdf7

Download Submit
C:\Windows\system\NzaWiOL.exe

Filesize
6.0MB

MD5
ac1791f5494ea5962251285c2dc27fa9

SHA1
1d8eb6c8961f670747a9a98b73b1fc8b9fd229b3

SHA256
0a3b9b3e28f47b831961fc3816e02741dff570117c7c052794e34ad6784284fa

SHA512
5eb60ca7980442ee3353e629b82cfcf7afb2f0e1eb58a9def19305dafd2f061f69f21f998f40d49027de91149bf6334687d1cb11650ca322141aec6c90c5dc60

Download Submit
C:\Windows\system\SHxxDoJ.exe

Filesize
6.0MB

MD5
1d4363bff7ca9f7a14119e322d5ca1a4

SHA1
edf6160051dbbc9952671744dec1758e5eb1f54a

SHA256
6566721771f4bc4a80d6b0bea8ff3a70f09ad9d32368bb6afd972e3b98c29827

SHA512
da822c80aa4bb0ca8351ed71f82342308f0d64a41cd45a3dd603fa72a4b8d8f44907361aa3fd874b4634686eb4ca70dff222b992ca12c156dd3e7946c7310f1b

Download Submit
C:\Windows\system\SvRNfum.exe

Filesize
6.0MB

MD5
3fb0a5748a172cbde11defbe0e484a56

SHA1
46257366084a229a96d7a4bf899b1111793a839c

SHA256
c0ba89d3ce3125992f5531f46de80f57d5e59a4f877392150e9b8eee29f47c82

SHA512
db30c8cbe0f7b1367456f092d435e53b32b6946253d32185d221dda5d1c44bd565f64c727707e0695147dc476289a5bb0a61f6948e54146a95d99e87e59cc0c9

Download Submit
C:\Windows\system\ZIYbqRl.exe

Filesize
6.0MB

MD5
31a62ae8718074fc90642dac411b5f3b

SHA1
b88d009d2378552afb2e499463a9e93f2fd91f06

SHA256
4659e6587b6cdb25345abfccd260de4898517e60e76bb67e5817e1aab79434b5

SHA512
7d5fa9c02a33f19b7f0b97e3fdaec3cf3054c3f7e58fa4992c83f9a922808b939843296f6eb183a59238067050b20d86f08c8b217736d8ad989fe7cf1dd8f292

Download Submit
C:\Windows\system\gqdlsFA.exe

Filesize
6.0MB

MD5
1caa3457bd7eec052fae3c9362354afc

SHA1
cfa2c9f0b7f105fb7f6e49d6adacea05028c3389

SHA256
ec37bf321c83c319e2f717ddf35231c2dce008d9fc448af4b5484267e855580c

SHA512
b8a4706906bf06b33bea719e6d2da28e8d624b48e615259855d1e2d6ec43fc2fca0521d297974a78f9ad8b458779c85b1be2904b47bbb37941dc77427f41be39

Download Submit
C:\Windows\system\ijvjMBZ.exe

Filesize
6.0MB

MD5
784bd82fb570d9017c2839c3a337566b

SHA1
7ff8dbecdb8f4e09910d6690d9d06429dfeae6ac

SHA256
3c2950c2f10b645e340065c43ddad78d9a9c07a3c2e864cf423a87b7972be5b0

SHA512
7ed218325fae35bf4c282e88e5dc8eb8a35adeaf6ce7f4c1df265a8901d83e07d72174928712ca9ae29c6d815228af9f099ab56984af86145e9aeca4de09b59e

Download Submit
C:\Windows\system\jlurzoW.exe

Filesize
6.0MB

MD5
d55f5a8560adfb0dfed73ffa15c6481b

SHA1
06ce6dbbe8105a96835e921985508cf5c312d063

SHA256
3baedbc10c53393e2d3020b87ffddcdea7d58f6c86eb060e598e270c2fe90977

SHA512
ba54ed0f6f849da8b192d81af8b0fb1a44e4ce92f4a1507ee951f716d2f929a40f364ec418c3a7371d20638e71cb786080f23dc34904b4b69e16e6ffc5173849

Download Submit
C:\Windows\system\lHGArHp.exe

Filesize
6.0MB

MD5
311b4e688082bf306473e772dedbf12a

SHA1
2a434d549cf330f0faf2d17f2cf43abb981db94e

SHA256
d88c4aaf3f46b6d1506a906c4027060bc3eff80ffe11864629d16c2702c3622e

SHA512
7d931aee72f6067fc2dad9b17b06d6fe01e191a71709f4deaf6301028ffe0e456a78a0144a6d1857e0c0a2b1ebb7bd11bc7771408981d2e9ee30478c17a5c6fb

Download Submit
C:\Windows\system\oEqPMGI.exe

Filesize
6.0MB

MD5
4bb0759aea356530848ad669212ad600

SHA1
c31cfab6480fe0e570f28ff1dad5e81ddec48cf7

SHA256
8867fe9c449899c801caf42c5fa2fa097df18eac2225cc658cbdfff5c115374c

SHA512
7b99d2acd34a3bfb35d02052fbf1d641d12adb42386200fb405da545d30006e549307eeb596e303b74b76f58b86f5b9077d4cda41b0da174bfb29272102644fd

Download Submit
C:\Windows\system\oIxAPec.exe

Filesize
6.0MB

MD5
6eb57ad67440443947ff122b1ccedea2

SHA1
7f9ddecdfb18affbd35eaffa5bb36cf61e589f59

SHA256
9b0dc0e6ab4ba63b6fb58de1f52b278a74b3b80ac876b53ee4a8b942c40e33cb

SHA512
5e36b7b27e6b597d3d096195cf9fbf4274f2e9ac53ff240ed29e6041a1d6aab01ee4fb4050f4c8135688131318f73fb9cdfb1a52f2302a2f05ccc65709c09923

Download Submit
C:\Windows\system\pumCeCy.exe

Filesize
6.0MB

MD5
92645d6de5c5dc9309ef17fae0648a8d

SHA1
ca4708aa77725f6ce536020df5963356a623f5ba

SHA256
b19f54890a57acf6c891d41cc6d9a62035ab9c851ecbff868f31981e27229293

SHA512
f77e277a551d6f263f75fcd34c88b9aaa20dcce61f6d6926e0043fcb662684e3edb61894b74317d6673d270fc3ac0de21af3a4000db77ab8ca9465bd2b10852e

Download Submit
C:\Windows\system\rHJzFam.exe

Filesize
6.0MB

MD5
f747b1d2be1a07c1bb0f53198eba2df1

SHA1
5de50573dbf431c40d51c1c8bc7ae2dc75f7c70a

SHA256
9d1f61c55f070db01bd103175ad7d4d88feeb5f2c5468f15e84a851a514dd001

SHA512
a3e3cace36b4d7ee877fab1ada039a1d9e14697560639a8b42d237eb14187cc00952d3be35bd121a349ce000d823b17d0d9b26e98a37d8571b74f70056e3ec42

Download Submit
C:\Windows\system\uAHWviY.exe

Filesize
6.0MB

MD5
cdd0abec7a00dbd41598dc7def6b8a42

SHA1
cf0b9c919b21be0c07f530d0b3dc4558abe1858a

SHA256
ca5cb6c25348839788180c42d2569321b3ca8dcb144f2622da601f3f1ec94918

SHA512
123481eb60c61d0e38d5ff42ce754aa9ebba4d84b103c14c72e8336977bb491cd451d9751bec83eef1eb9662e7c3e593e425fb5964add474f6385a4ebb498416

Download Submit
C:\Windows\system\uBKQoja.exe

Filesize
6.0MB

MD5
43eea3821c51216e174a2e19d6746e7b

SHA1
4e46fca582c917363dc951912447e712e6bbf79b

SHA256
3e6fa9c189ab103f0e4c713df2f7923c14e0ebb787318a13ed1533873994a1df

SHA512
c0f921c02beb3c494e642182ece9756d218272ac51d6954798fc0c5cc78202f02c04d54566728e656265fd986956f2d9a3bc91ce8589572549cff3790681d5bd

Download Submit
C:\Windows\system\vbcQKmr.exe

Filesize
6.0MB

MD5
4aabcd6721cd2050492d19b4ff5a79fc

SHA1
c269ce05523ed674b3f619e930e16479f77b7e66

SHA256
93c25cea0ed7b7aaf23c20e164c37cc65b40bf32290a3eb941a64eb590e33c30

SHA512
71b62d2dab94ce201653c64b5af0911875ec99b6a6cc20faf28bebc55f67c839a45232d0c6a9cf568b9d86c746468a3a67ce8437bc59edb8d7cf0acdf5373481

Download Submit
C:\Windows\system\wPgSFym.exe

Filesize
6.0MB

MD5
a67a2d17ada2e4c85500e2427280bdf7

SHA1
35f6875a0048ad22d76c768f9e407e0c91005dfd

SHA256
f1974cfbc28cbb4e21efff9fa34b1f808077c1a3a2a6f3b47f9d9b158e424e6e

SHA512
57430435bd8307c428fc09e7cdd658e70db023f0c5bf952a095a3f4c95f1354f34d03c144ea9e6f4a1d4b47fdfd0ed1aedc25f711ba4ffd8664fbf4d8213087b

Download Submit
C:\Windows\system\wbnohLR.exe

Filesize
6.0MB

MD5
8b7f28d8273fd1c18ef590b5d428d50c

SHA1
f472fb3c4864b6d6d8d648b5b56296cb693b9a09

SHA256
98dc145e10265fcf9ce4d6f9caf49279af087365f62a7c6ee52606acbea19628

SHA512
c2fe410539912ffdd35c13e556424351e10200e54e5dca1c70013dfcf5e588ea12dfbe1b66bb5b151b78bbef2591d4e68dfd7bd3b12e7d5b1c3771f03415a375

Download Submit
C:\Windows\system\xRiiBWa.exe

Filesize
6.0MB

MD5
6ba67415765ded05171d7d6751cd58e6

SHA1
18fa04a089d7f7547ac2a8f610bbb982d9a50ccb

SHA256
80fd22c672993a7cdf495f1857ac6ea15fcb6ebaa7a2f4d954254b06f93fcf75

SHA512
208aa12d3df45c6b912d329e606158dc4c873cc4003a631be3d7177204c21644d6a6e740552908d0314a71c56e56e1639f17c435b500e1325bfaa4d74d71fe39

Download Submit
\Windows\system\UoHBlCI.exe

Filesize
6.0MB

MD5
6ad39338876835c40d0416e9cea03738

SHA1
89104200d15a597773e611998813c30ed1463e75

SHA256
c2b8094aff38113538025119a8c905f69e415ece81fd96e55fd09a95b45f689c

SHA512
daa2ac07b5fa7b98e3824a8eefe11aaae9889a9a76af1b7198f3c27bf5c3b75706b9407f33f865b5cde47f3db1bfde196798cad2392cac1afe7ab74f9f8573f0

Download Submit
\Windows\system\lcTqQRf.exe

Filesize
6.0MB

MD5
f75d76d6819c7e0b30150cf77b27003f

SHA1
59d0c03a3082a63463e56d9d91550e3cba4c0807

SHA256
b797fca1ace0a2c7557a3becfa34a1fcc06e7a47d86e41520cd97a1b36bcc089

SHA512
066e256b9471a3a4283d04360e21ee754fd3f914599033f07372ea669a18ec705c9b4fbe0ac2691a84ab3d7027a7591189eeb84154977ddb20d4cd120f671964

Download Submit
\Windows\system\uEFoZIm.exe

Filesize
6.0MB

MD5
db83c1a1e35040fb82b29832b523afae

SHA1
811c8030f7ba7dfe6f5d4cfa3ff7cd6dc6b01a82

SHA256
b476d5cace8eba58a20c751f19e82783b7992a4d1d346997261ced1c78adf4e3

SHA512
f3b84c8c7a1272449a0ec98a93e4fedff0c4b9c7abb42338fe4e35ea9b76408cba585a4e519c8b90974d7235d42588b5f7ff6ab7f26bd9fed94a7e5389c103b9

Download Submit
\Windows\system\uyxmohj.exe

Filesize
6.0MB

MD5
9da4cfa95ffea33fbb8fe2b6743ce69e

SHA1
f3a3a3d6c5666089304d89eb03928cf810d5cb4d

SHA256
e43d4b507b7dcfa0e0b1c8cdbacc87f442bc31ad369ba680ec31175336fb7300

SHA512
53f519ab0344f7b22ae4a70c4cb89a9d9ff0c676f0f19529baf9e5990ae3fcf3fd5edb4b76259bebfd81e14357ab5ddec1750a071b5cd743e45f3ea195d637bb

Download Submit
memory/1500-4015-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/1500-115-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/1696-4011-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/1696-108-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/1716-106-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-4013-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1788-113-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/1788-4012-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2004-4009-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2004-104-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1368-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-91-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2396-107-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1214-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1369-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2396-116-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2396-0-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2396-114-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2396-88-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-112-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2396-89-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-110-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-93-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-105-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-95-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-103-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2396-97-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2396-101-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2396-99-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2596-96-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-4005-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-102-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2600-4016-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2684-4010-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-94-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-98-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2732-4006-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4007-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2740-100-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4003-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-117-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-90-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-4008-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-92-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2792-4004-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2920-111-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-4014-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download