cobaltstrike | 908e097fe495ce75cd987b9c695f57d6e51fb469ada70cbdb83bce690282dc91

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-09-2024 08:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

93d2d9a78ea4102679214ef1bee07732
SHA1

2598fd9e97f922e1412cab191c7398aca6211318
SHA256

908e097fe495ce75cd987b9c695f57d6e51fb469ada70cbdb83bce690282dc91
SHA512

9329295d9c1100072e92fd192a875ae28269d774f5247b36f637f350e184992b3d1e4301ea94c65a705ea44e0649b4589cdf973b573e1031cd8d44042afb5180
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUO:T+q56utgpPF8u/7O

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012281-3.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001868b-14.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186f8-10.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018731-24.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001878c-36.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018742-34.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193ac-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019456-66.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000175e7-87.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-199.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-171.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e6-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-161.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952f-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019506-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194fc-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019496-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019467-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942c-57.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019438-56.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3008-0-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x000c000000012281-3.dat	xmrig
behavioral1/files/0x000700000001868b-14.dat	xmrig
behavioral1/files/0x00060000000186f8-10.dat	xmrig
behavioral1/memory/3008-9-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2200-23-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/3008-22-0x0000000002580000-0x00000000028D4000-memory.dmp	xmrig
behavioral1/memory/1152-21-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2948-20-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018731-24.dat	xmrig
behavioral1/memory/2652-29-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x000800000001878c-36.dat	xmrig
behavioral1/memory/2664-35-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x0006000000018742-34.dat	xmrig
behavioral1/files/0x00060000000193ac-45.dat	xmrig
behavioral1/files/0x0005000000019456-66.dat	xmrig
behavioral1/memory/3008-70-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/3008-49-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2588-73-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2664-84-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2104-88-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x00090000000175e7-87.dat	xmrig
behavioral1/memory/3008-85-0x0000000002580000-0x00000000028D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001961f-166.dat	xmrig
behavioral1/files/0x0005000000019629-192.dat	xmrig
behavioral1/memory/2576-462-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2444-987-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2088-814-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2104-611-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2588-255-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019625-186.dat	xmrig
behavioral1/files/0x000500000001962b-199.dat	xmrig
behavioral1/files/0x0005000000019627-189.dat	xmrig
behavioral1/files/0x0005000000019622-176.dat	xmrig
behavioral1/files/0x0005000000019623-180.dat	xmrig
behavioral1/files/0x0005000000019621-171.dat	xmrig
behavioral1/files/0x00050000000195e6-155.dat	xmrig
behavioral1/files/0x000500000001961d-161.dat	xmrig
behavioral1/files/0x00050000000195a7-150.dat	xmrig
behavioral1/files/0x000500000001957e-145.dat	xmrig
behavioral1/files/0x000500000001952f-140.dat	xmrig
behavioral1/files/0x0005000000019506-135.dat	xmrig
behavioral1/files/0x00050000000194fc-130.dat	xmrig
behavioral1/files/0x00050000000194ef-125.dat	xmrig
behavioral1/files/0x00050000000194ad-115.dat	xmrig
behavioral1/memory/3008-113-0x0000000002580000-0x00000000028D4000-memory.dmp	xmrig
behavioral1/memory/3008-112-0x0000000002580000-0x00000000028D4000-memory.dmp	xmrig
behavioral1/memory/3008-111-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194d0-120.dat	xmrig
behavioral1/memory/2444-107-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2696-106-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2232-105-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x0005000000019496-103.dat	xmrig
behavioral1/memory/2088-97-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2684-96-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/files/0x0005000000019467-95.dat	xmrig
behavioral1/memory/2764-92-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2576-81-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001945c-80.dat	xmrig
behavioral1/memory/3008-76-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2652-75-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2232-62-0x000000013FA00000-0x000000013FD54000-memory.dmp	xmrig
behavioral1/files/0x000500000001942c-57.dat	xmrig
behavioral1/files/0x0005000000019438-56.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1152	cJUDGmn.exe
2948	BXjgVDs.exe
2200	KhZvKhI.exe
2652	DjIVkQm.exe
2664	xwLNhhZ.exe
2764	lmGsKDD.exe
2684	vxBDczB.exe
2232	pNQRaPV.exe
2696	arFqNws.exe
2588	xENTuKt.exe
2576	yiQiItA.exe
2104	YIHjduD.exe
2088	apBImSE.exe
2444	gJjbSDr.exe
1976	vBVnpod.exe
2800	YCWzQaA.exe
1072	pIjrSXC.exe
884	mWXlZWA.exe
1676	mCROvsJ.exe
2924	LuOKnxr.exe
2908	qMDLbGD.exe
2268	TzEToAK.exe
3052	dbcMoym.exe
2412	AQixaUB.exe
2936	qrkQDjC.exe
1088	hwbgOSV.exe
2916	UWIkeFN.exe
964	WMVrZnk.exe
1856	ngQVUBc.exe
1972	rJkXhjl.exe
1236	PazNUtA.exe
1704	MFwxLtR.exe
1552	koegplH.exe
1848	HEZXEQi.exe
1668	JmmGqQn.exe
1792	gEgykSi.exe
1556	demoVVX.exe
692	Hjidspp.exe
2644	rbBCwjI.exe
2992	GWrcpRD.exe
1300	kHfDVNG.exe
1648	ODYOnBZ.exe
1696	pRWELDZ.exe
2064	NtYwYff.exe
2004	WYxIKfp.exe
700	LiyuPdj.exe
880	rRDOkyT.exe
2352	BTeFdNb.exe
1776	tngqmgQ.exe
1600	fEsfxac.exe
2192	RClusfr.exe
2276	lYTpmqD.exe
2844	SnzhYMq.exe
2776	uUrRDcC.exe
2848	jBQIooW.exe
2432	QTAoqpn.exe
2108	pNGzZWa.exe
2632	EpdCxNV.exe
1788	OVckTEJ.exe
1580	csBSycr.exe
2792	ZkHAtdV.exe
1272	wvrULjz.exe
2904	mGQtKdA.exe
2260	ajZTiqc.exe

Loads dropped DLL 64 IoCs

pid	Process
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3008-0-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x000c000000012281-3.dat	upx
behavioral1/files/0x000700000001868b-14.dat	upx
behavioral1/files/0x00060000000186f8-10.dat	upx
behavioral1/memory/3008-9-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2200-23-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/1152-21-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2948-20-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x0006000000018731-24.dat	upx
behavioral1/memory/2652-29-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x000800000001878c-36.dat	upx
behavioral1/memory/2664-35-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/files/0x0006000000018742-34.dat	upx
behavioral1/files/0x00060000000193ac-45.dat	upx
behavioral1/files/0x0005000000019456-66.dat	upx
behavioral1/memory/3008-49-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2588-73-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2664-84-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2104-88-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x00090000000175e7-87.dat	upx
behavioral1/files/0x000500000001961f-166.dat	upx
behavioral1/files/0x0005000000019629-192.dat	upx
behavioral1/memory/2576-462-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2444-987-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2088-814-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2104-611-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2588-255-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/files/0x0005000000019625-186.dat	upx
behavioral1/files/0x000500000001962b-199.dat	upx
behavioral1/files/0x0005000000019627-189.dat	upx
behavioral1/files/0x0005000000019622-176.dat	upx
behavioral1/files/0x0005000000019623-180.dat	upx
behavioral1/files/0x0005000000019621-171.dat	upx
behavioral1/files/0x00050000000195e6-155.dat	upx
behavioral1/files/0x000500000001961d-161.dat	upx
behavioral1/files/0x00050000000195a7-150.dat	upx
behavioral1/files/0x000500000001957e-145.dat	upx
behavioral1/files/0x000500000001952f-140.dat	upx
behavioral1/files/0x0005000000019506-135.dat	upx
behavioral1/files/0x00050000000194fc-130.dat	upx
behavioral1/files/0x00050000000194ef-125.dat	upx
behavioral1/files/0x00050000000194ad-115.dat	upx
behavioral1/files/0x00050000000194d0-120.dat	upx
behavioral1/memory/2444-107-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2696-106-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2232-105-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x0005000000019496-103.dat	upx
behavioral1/memory/2088-97-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2684-96-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x0005000000019467-95.dat	upx
behavioral1/memory/2764-92-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2576-81-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x000500000001945c-80.dat	upx
behavioral1/memory/2652-75-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2232-62-0x000000013FA00000-0x000000013FD54000-memory.dmp	upx
behavioral1/files/0x000500000001942c-57.dat	upx
behavioral1/files/0x0005000000019438-56.dat	upx
behavioral1/memory/2948-50-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2696-67-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2684-55-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2764-41-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2948-3794-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/1152-3799-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2200-3805-0x000000013F610000-0x000000013F964000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JqokCKN.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rEgTokB.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUwdBDR.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sZCVmwc.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JCigSFE.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjkAknS.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\voyHxzQ.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RptPden.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLANKNK.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NrjJIxp.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\glZGbba.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLufjYD.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IxHjLna.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ASssEts.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NZJuVZX.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zpbPJMR.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QWtihzx.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tIgzJFT.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qRcBTQR.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WXFHHlz.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KaqNxpF.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LEvHxUu.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OmtPfZk.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftaADMA.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dNuciDL.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KLpbHWZ.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IkiUKiw.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxtYLTn.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUodzTP.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPJUDkw.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MroVSmG.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NVApXRs.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MwCqrqg.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SpmKMPU.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UpylcIC.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mXYOIJZ.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CuTaaOq.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KvXrJcj.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lZDIohl.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OLwAJgK.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwGSTJq.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdaEbye.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdiNpLl.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GGeTCxA.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRWELDZ.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqePwjd.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BZVPphV.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RVWhmos.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNQmNZN.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ygLSxcy.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GeVALOV.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZdPEevh.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gvCznUv.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OQjzzVi.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bmBlzMs.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QrqqJfk.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rfCUTXH.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Hjidspp.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nvZvvrt.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\makqGCr.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BAPgkGo.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bopqjXG.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yiQiItA.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxmrOVp.exe	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 1152	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3008 wrote to memory of 1152	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3008 wrote to memory of 1152	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3008 wrote to memory of 2948	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3008 wrote to memory of 2948	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3008 wrote to memory of 2948	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3008 wrote to memory of 2200	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3008 wrote to memory of 2200	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3008 wrote to memory of 2200	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3008 wrote to memory of 2652	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3008 wrote to memory of 2652	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3008 wrote to memory of 2652	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3008 wrote to memory of 2664	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3008 wrote to memory of 2664	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3008 wrote to memory of 2664	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3008 wrote to memory of 2764	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3008 wrote to memory of 2764	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3008 wrote to memory of 2764	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3008 wrote to memory of 2684	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3008 wrote to memory of 2684	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3008 wrote to memory of 2684	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3008 wrote to memory of 2232	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3008 wrote to memory of 2232	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3008 wrote to memory of 2232	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3008 wrote to memory of 2588	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3008 wrote to memory of 2588	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3008 wrote to memory of 2588	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3008 wrote to memory of 2696	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3008 wrote to memory of 2696	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3008 wrote to memory of 2696	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3008 wrote to memory of 2576	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3008 wrote to memory of 2576	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3008 wrote to memory of 2576	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3008 wrote to memory of 2104	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3008 wrote to memory of 2104	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3008 wrote to memory of 2104	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3008 wrote to memory of 2088	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3008 wrote to memory of 2088	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3008 wrote to memory of 2088	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3008 wrote to memory of 2444	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3008 wrote to memory of 2444	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3008 wrote to memory of 2444	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3008 wrote to memory of 1976	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3008 wrote to memory of 1976	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3008 wrote to memory of 1976	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3008 wrote to memory of 2800	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3008 wrote to memory of 2800	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3008 wrote to memory of 2800	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3008 wrote to memory of 1072	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3008 wrote to memory of 1072	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3008 wrote to memory of 1072	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3008 wrote to memory of 884	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3008 wrote to memory of 884	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3008 wrote to memory of 884	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3008 wrote to memory of 1676	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3008 wrote to memory of 1676	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3008 wrote to memory of 1676	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3008 wrote to memory of 2924	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3008 wrote to memory of 2924	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3008 wrote to memory of 2924	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3008 wrote to memory of 2908	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 3008 wrote to memory of 2908	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 3008 wrote to memory of 2908	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 3008 wrote to memory of 2268	3008	2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-22_93d2d9a78ea4102679214ef1bee07732_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Windows\System\cJUDGmn.exe
  C:\Windows\System\cJUDGmn.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\BXjgVDs.exe
  C:\Windows\System\BXjgVDs.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\KhZvKhI.exe
  C:\Windows\System\KhZvKhI.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\DjIVkQm.exe
  C:\Windows\System\DjIVkQm.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\xwLNhhZ.exe
  C:\Windows\System\xwLNhhZ.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\lmGsKDD.exe
  C:\Windows\System\lmGsKDD.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\vxBDczB.exe
  C:\Windows\System\vxBDczB.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\pNQRaPV.exe
  C:\Windows\System\pNQRaPV.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\xENTuKt.exe
  C:\Windows\System\xENTuKt.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\arFqNws.exe
  C:\Windows\System\arFqNws.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\yiQiItA.exe
  C:\Windows\System\yiQiItA.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\YIHjduD.exe
  C:\Windows\System\YIHjduD.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\apBImSE.exe
  C:\Windows\System\apBImSE.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\gJjbSDr.exe
  C:\Windows\System\gJjbSDr.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\vBVnpod.exe
  C:\Windows\System\vBVnpod.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\YCWzQaA.exe
  C:\Windows\System\YCWzQaA.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\pIjrSXC.exe
  C:\Windows\System\pIjrSXC.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\mWXlZWA.exe
  C:\Windows\System\mWXlZWA.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\mCROvsJ.exe
  C:\Windows\System\mCROvsJ.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\LuOKnxr.exe
  C:\Windows\System\LuOKnxr.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\qMDLbGD.exe
  C:\Windows\System\qMDLbGD.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\TzEToAK.exe
  C:\Windows\System\TzEToAK.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\dbcMoym.exe
  C:\Windows\System\dbcMoym.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\AQixaUB.exe
  C:\Windows\System\AQixaUB.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\qrkQDjC.exe
  C:\Windows\System\qrkQDjC.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\hwbgOSV.exe
  C:\Windows\System\hwbgOSV.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\UWIkeFN.exe
  C:\Windows\System\UWIkeFN.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\WMVrZnk.exe
  C:\Windows\System\WMVrZnk.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\ngQVUBc.exe
  C:\Windows\System\ngQVUBc.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\rJkXhjl.exe
  C:\Windows\System\rJkXhjl.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\PazNUtA.exe
  C:\Windows\System\PazNUtA.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\MFwxLtR.exe
  C:\Windows\System\MFwxLtR.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\koegplH.exe
  C:\Windows\System\koegplH.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\HEZXEQi.exe
  C:\Windows\System\HEZXEQi.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\JmmGqQn.exe
  C:\Windows\System\JmmGqQn.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\gEgykSi.exe
  C:\Windows\System\gEgykSi.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\demoVVX.exe
  C:\Windows\System\demoVVX.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\Hjidspp.exe
  C:\Windows\System\Hjidspp.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\rbBCwjI.exe
  C:\Windows\System\rbBCwjI.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\GWrcpRD.exe
  C:\Windows\System\GWrcpRD.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\kHfDVNG.exe
  C:\Windows\System\kHfDVNG.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\ODYOnBZ.exe
  C:\Windows\System\ODYOnBZ.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\pRWELDZ.exe
  C:\Windows\System\pRWELDZ.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\NtYwYff.exe
  C:\Windows\System\NtYwYff.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\WYxIKfp.exe
  C:\Windows\System\WYxIKfp.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\LiyuPdj.exe
  C:\Windows\System\LiyuPdj.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\rRDOkyT.exe
  C:\Windows\System\rRDOkyT.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\BTeFdNb.exe
  C:\Windows\System\BTeFdNb.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\tngqmgQ.exe
  C:\Windows\System\tngqmgQ.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\fEsfxac.exe
  C:\Windows\System\fEsfxac.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\RClusfr.exe
  C:\Windows\System\RClusfr.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\lYTpmqD.exe
  C:\Windows\System\lYTpmqD.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\SnzhYMq.exe
  C:\Windows\System\SnzhYMq.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\uUrRDcC.exe
  C:\Windows\System\uUrRDcC.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\jBQIooW.exe
  C:\Windows\System\jBQIooW.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\QTAoqpn.exe
  C:\Windows\System\QTAoqpn.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\pNGzZWa.exe
  C:\Windows\System\pNGzZWa.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\EpdCxNV.exe
  C:\Windows\System\EpdCxNV.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\OVckTEJ.exe
  C:\Windows\System\OVckTEJ.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\csBSycr.exe
  C:\Windows\System\csBSycr.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\ZkHAtdV.exe
  C:\Windows\System\ZkHAtdV.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\wvrULjz.exe
  C:\Windows\System\wvrULjz.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\mGQtKdA.exe
  C:\Windows\System\mGQtKdA.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\ajZTiqc.exe
  C:\Windows\System\ajZTiqc.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\pISggVp.exe
  C:\Windows\System\pISggVp.exe
  2⤵
  PID:3048
- C:\Windows\System\DiCmRca.exe
  C:\Windows\System\DiCmRca.exe
  2⤵
  PID:288
- C:\Windows\System\ioxWWOs.exe
  C:\Windows\System\ioxWWOs.exe
  2⤵
  PID:1392
- C:\Windows\System\jiHmlxE.exe
  C:\Windows\System\jiHmlxE.exe
  2⤵
  PID:2044
- C:\Windows\System\KcauZOH.exe
  C:\Windows\System\KcauZOH.exe
  2⤵
  PID:1632
- C:\Windows\System\qRcBTQR.exe
  C:\Windows\System\qRcBTQR.exe
  2⤵
  PID:772
- C:\Windows\System\SpmKMPU.exe
  C:\Windows\System\SpmKMPU.exe
  2⤵
  PID:2984
- C:\Windows\System\rKSONFn.exe
  C:\Windows\System\rKSONFn.exe
  2⤵
  PID:1844
- C:\Windows\System\QyVWfyR.exe
  C:\Windows\System\QyVWfyR.exe
  2⤵
  PID:756
- C:\Windows\System\sFqIQzR.exe
  C:\Windows\System\sFqIQzR.exe
  2⤵
  PID:2952
- C:\Windows\System\EoQWzzP.exe
  C:\Windows\System\EoQWzzP.exe
  2⤵
  PID:872
- C:\Windows\System\bOKmnQZ.exe
  C:\Windows\System\bOKmnQZ.exe
  2⤵
  PID:1312
- C:\Windows\System\fbQZkoV.exe
  C:\Windows\System\fbQZkoV.exe
  2⤵
  PID:2096
- C:\Windows\System\DmLxekS.exe
  C:\Windows\System\DmLxekS.exe
  2⤵
  PID:804
- C:\Windows\System\tGmWjeR.exe
  C:\Windows\System\tGmWjeR.exe
  2⤵
  PID:1504
- C:\Windows\System\FlyaNId.exe
  C:\Windows\System\FlyaNId.exe
  2⤵
  PID:2052
- C:\Windows\System\ryNMGUL.exe
  C:\Windows\System\ryNMGUL.exe
  2⤵
  PID:1428
- C:\Windows\System\ChWQULy.exe
  C:\Windows\System\ChWQULy.exe
  2⤵
  PID:1480
- C:\Windows\System\fkOVUTK.exe
  C:\Windows\System\fkOVUTK.exe
  2⤵
  PID:2716
- C:\Windows\System\yCvlAqP.exe
  C:\Windows\System\yCvlAqP.exe
  2⤵
  PID:2968
- C:\Windows\System\YMKtcSE.exe
  C:\Windows\System\YMKtcSE.exe
  2⤵
  PID:3028
- C:\Windows\System\HxtYLTn.exe
  C:\Windows\System\HxtYLTn.exe
  2⤵
  PID:1752
- C:\Windows\System\TDoMzEF.exe
  C:\Windows\System\TDoMzEF.exe
  2⤵
  PID:1948
- C:\Windows\System\cHwDoev.exe
  C:\Windows\System\cHwDoev.exe
  2⤵
  PID:1640
- C:\Windows\System\nVoXXFW.exe
  C:\Windows\System\nVoXXFW.exe
  2⤵
  PID:600
- C:\Windows\System\SplVMqn.exe
  C:\Windows\System\SplVMqn.exe
  2⤵
  PID:484
- C:\Windows\System\eGImaEt.exe
  C:\Windows\System\eGImaEt.exe
  2⤵
  PID:1968
- C:\Windows\System\MroVSmG.exe
  C:\Windows\System\MroVSmG.exe
  2⤵
  PID:1508
- C:\Windows\System\aEibNWi.exe
  C:\Windows\System\aEibNWi.exe
  2⤵
  PID:892
- C:\Windows\System\AlPZAKV.exe
  C:\Windows\System\AlPZAKV.exe
  2⤵
  PID:1192
- C:\Windows\System\LlXDIRL.exe
  C:\Windows\System\LlXDIRL.exe
  2⤵
  PID:2388
- C:\Windows\System\jszcmNV.exe
  C:\Windows\System\jszcmNV.exe
  2⤵
  PID:2384
- C:\Windows\System\mGwGtVJ.exe
  C:\Windows\System\mGwGtVJ.exe
  2⤵
  PID:2484
- C:\Windows\System\nHJKUzx.exe
  C:\Windows\System\nHJKUzx.exe
  2⤵
  PID:2364
- C:\Windows\System\ZJznlzU.exe
  C:\Windows\System\ZJznlzU.exe
  2⤵
  PID:1576
- C:\Windows\System\qbPcfwN.exe
  C:\Windows\System\qbPcfwN.exe
  2⤵
  PID:860
- C:\Windows\System\atYAeeN.exe
  C:\Windows\System\atYAeeN.exe
  2⤵
  PID:648
- C:\Windows\System\CxAjDfw.exe
  C:\Windows\System\CxAjDfw.exe
  2⤵
  PID:2624
- C:\Windows\System\JgLMVqd.exe
  C:\Windows\System\JgLMVqd.exe
  2⤵
  PID:3084
- C:\Windows\System\bUWWQCr.exe
  C:\Windows\System\bUWWQCr.exe
  2⤵
  PID:3104
- C:\Windows\System\FTixnEg.exe
  C:\Windows\System\FTixnEg.exe
  2⤵
  PID:3124
- C:\Windows\System\ERMYsQB.exe
  C:\Windows\System\ERMYsQB.exe
  2⤵
  PID:3144
- C:\Windows\System\nPBvYWs.exe
  C:\Windows\System\nPBvYWs.exe
  2⤵
  PID:3164
- C:\Windows\System\kNUhKfs.exe
  C:\Windows\System\kNUhKfs.exe
  2⤵
  PID:3180
- C:\Windows\System\pIRaYrw.exe
  C:\Windows\System\pIRaYrw.exe
  2⤵
  PID:3204
- C:\Windows\System\ExfHHlZ.exe
  C:\Windows\System\ExfHHlZ.exe
  2⤵
  PID:3224
- C:\Windows\System\nCUFJRr.exe
  C:\Windows\System\nCUFJRr.exe
  2⤵
  PID:3244
- C:\Windows\System\fNhEzfP.exe
  C:\Windows\System\fNhEzfP.exe
  2⤵
  PID:3264
- C:\Windows\System\sBdHUim.exe
  C:\Windows\System\sBdHUim.exe
  2⤵
  PID:3284
- C:\Windows\System\lJvcods.exe
  C:\Windows\System\lJvcods.exe
  2⤵
  PID:3304
- C:\Windows\System\gQYPPQm.exe
  C:\Windows\System\gQYPPQm.exe
  2⤵
  PID:3324
- C:\Windows\System\KwbhdML.exe
  C:\Windows\System\KwbhdML.exe
  2⤵
  PID:3340
- C:\Windows\System\sWoefNz.exe
  C:\Windows\System\sWoefNz.exe
  2⤵
  PID:3364
- C:\Windows\System\GdvHFQY.exe
  C:\Windows\System\GdvHFQY.exe
  2⤵
  PID:3384
- C:\Windows\System\wHHPUmY.exe
  C:\Windows\System\wHHPUmY.exe
  2⤵
  PID:3404
- C:\Windows\System\abSwTaT.exe
  C:\Windows\System\abSwTaT.exe
  2⤵
  PID:3428
- C:\Windows\System\tZocqzx.exe
  C:\Windows\System\tZocqzx.exe
  2⤵
  PID:3448
- C:\Windows\System\JlSXBBu.exe
  C:\Windows\System\JlSXBBu.exe
  2⤵
  PID:3468
- C:\Windows\System\Dpsurcm.exe
  C:\Windows\System\Dpsurcm.exe
  2⤵
  PID:3488
- C:\Windows\System\lMdcsmx.exe
  C:\Windows\System\lMdcsmx.exe
  2⤵
  PID:3504
- C:\Windows\System\GeusFBk.exe
  C:\Windows\System\GeusFBk.exe
  2⤵
  PID:3528
- C:\Windows\System\kBIoGVl.exe
  C:\Windows\System\kBIoGVl.exe
  2⤵
  PID:3548
- C:\Windows\System\QGobwic.exe
  C:\Windows\System\QGobwic.exe
  2⤵
  PID:3568
- C:\Windows\System\wWWiOPb.exe
  C:\Windows\System\wWWiOPb.exe
  2⤵
  PID:3588
- C:\Windows\System\cbwDLSk.exe
  C:\Windows\System\cbwDLSk.exe
  2⤵
  PID:3608
- C:\Windows\System\RijTxVY.exe
  C:\Windows\System\RijTxVY.exe
  2⤵
  PID:3628
- C:\Windows\System\MIPlVvr.exe
  C:\Windows\System\MIPlVvr.exe
  2⤵
  PID:3648
- C:\Windows\System\FyOhXAg.exe
  C:\Windows\System\FyOhXAg.exe
  2⤵
  PID:3668
- C:\Windows\System\Wecmvwt.exe
  C:\Windows\System\Wecmvwt.exe
  2⤵
  PID:3688
- C:\Windows\System\jTNwgDl.exe
  C:\Windows\System\jTNwgDl.exe
  2⤵
  PID:3708
- C:\Windows\System\UISzBhA.exe
  C:\Windows\System\UISzBhA.exe
  2⤵
  PID:3728
- C:\Windows\System\aZWmKkN.exe
  C:\Windows\System\aZWmKkN.exe
  2⤵
  PID:3748
- C:\Windows\System\kUliCgL.exe
  C:\Windows\System\kUliCgL.exe
  2⤵
  PID:3768
- C:\Windows\System\KKyqWSR.exe
  C:\Windows\System\KKyqWSR.exe
  2⤵
  PID:3788
- C:\Windows\System\nIiBJGT.exe
  C:\Windows\System\nIiBJGT.exe
  2⤵
  PID:3812
- C:\Windows\System\cxAdGHp.exe
  C:\Windows\System\cxAdGHp.exe
  2⤵
  PID:3832
- C:\Windows\System\gUIotye.exe
  C:\Windows\System\gUIotye.exe
  2⤵
  PID:3852
- C:\Windows\System\nHRsCDn.exe
  C:\Windows\System\nHRsCDn.exe
  2⤵
  PID:3872
- C:\Windows\System\SPWWCnV.exe
  C:\Windows\System\SPWWCnV.exe
  2⤵
  PID:3892
- C:\Windows\System\jHMoUOx.exe
  C:\Windows\System\jHMoUOx.exe
  2⤵
  PID:3912
- C:\Windows\System\koFqyyR.exe
  C:\Windows\System\koFqyyR.exe
  2⤵
  PID:3932
- C:\Windows\System\zLufjYD.exe
  C:\Windows\System\zLufjYD.exe
  2⤵
  PID:3952
- C:\Windows\System\VbiIDCk.exe
  C:\Windows\System\VbiIDCk.exe
  2⤵
  PID:3972
- C:\Windows\System\tDKRSow.exe
  C:\Windows\System\tDKRSow.exe
  2⤵
  PID:3992
- C:\Windows\System\GutyALd.exe
  C:\Windows\System\GutyALd.exe
  2⤵
  PID:4012
- C:\Windows\System\lGiCike.exe
  C:\Windows\System\lGiCike.exe
  2⤵
  PID:4032
- C:\Windows\System\DSwdvxu.exe
  C:\Windows\System\DSwdvxu.exe
  2⤵
  PID:4052
- C:\Windows\System\NrjJIxp.exe
  C:\Windows\System\NrjJIxp.exe
  2⤵
  PID:4072
- C:\Windows\System\qXEvhlk.exe
  C:\Windows\System\qXEvhlk.exe
  2⤵
  PID:4092
- C:\Windows\System\zNZxVqY.exe
  C:\Windows\System\zNZxVqY.exe
  2⤵
  PID:2016
- C:\Windows\System\PNiMLjW.exe
  C:\Windows\System\PNiMLjW.exe
  2⤵
  PID:1276
- C:\Windows\System\UpylcIC.exe
  C:\Windows\System\UpylcIC.exe
  2⤵
  PID:912
- C:\Windows\System\KueAdwG.exe
  C:\Windows\System\KueAdwG.exe
  2⤵
  PID:788
- C:\Windows\System\XKWNPIm.exe
  C:\Windows\System\XKWNPIm.exe
  2⤵
  PID:688
- C:\Windows\System\GVeidXz.exe
  C:\Windows\System\GVeidXz.exe
  2⤵
  PID:2500
- C:\Windows\System\yWTjnqc.exe
  C:\Windows\System\yWTjnqc.exe
  2⤵
  PID:2012
- C:\Windows\System\jFyuinB.exe
  C:\Windows\System\jFyuinB.exe
  2⤵
  PID:2768
- C:\Windows\System\Ytbcffh.exe
  C:\Windows\System\Ytbcffh.exe
  2⤵
  PID:1748
- C:\Windows\System\ATZfrPN.exe
  C:\Windows\System\ATZfrPN.exe
  2⤵
  PID:3112
- C:\Windows\System\aHiALsV.exe
  C:\Windows\System\aHiALsV.exe
  2⤵
  PID:3116
- C:\Windows\System\LSVMFsH.exe
  C:\Windows\System\LSVMFsH.exe
  2⤵
  PID:3160
- C:\Windows\System\MYlDDIk.exe
  C:\Windows\System\MYlDDIk.exe
  2⤵
  PID:3192
- C:\Windows\System\qWxryDV.exe
  C:\Windows\System\qWxryDV.exe
  2⤵
  PID:3220
- C:\Windows\System\McOUNDf.exe
  C:\Windows\System\McOUNDf.exe
  2⤵
  PID:3280
- C:\Windows\System\pDkDSdE.exe
  C:\Windows\System\pDkDSdE.exe
  2⤵
  PID:3292
- C:\Windows\System\jJLturx.exe
  C:\Windows\System\jJLturx.exe
  2⤵
  PID:3320
- C:\Windows\System\neRyrEY.exe
  C:\Windows\System\neRyrEY.exe
  2⤵
  PID:3336
- C:\Windows\System\RptPden.exe
  C:\Windows\System\RptPden.exe
  2⤵
  PID:3392
- C:\Windows\System\opaDYzu.exe
  C:\Windows\System\opaDYzu.exe
  2⤵
  PID:3420
- C:\Windows\System\UAfhDrk.exe
  C:\Windows\System\UAfhDrk.exe
  2⤵
  PID:3464
- C:\Windows\System\dXgCSXs.exe
  C:\Windows\System\dXgCSXs.exe
  2⤵
  PID:3516
- C:\Windows\System\RSiCcJT.exe
  C:\Windows\System\RSiCcJT.exe
  2⤵
  PID:3520
- C:\Windows\System\zPGuTdF.exe
  C:\Windows\System\zPGuTdF.exe
  2⤵
  PID:3540
- C:\Windows\System\YrtwFcP.exe
  C:\Windows\System\YrtwFcP.exe
  2⤵
  PID:3584
- C:\Windows\System\gNYTaRd.exe
  C:\Windows\System\gNYTaRd.exe
  2⤵
  PID:3644
- C:\Windows\System\GdiNpLl.exe
  C:\Windows\System\GdiNpLl.exe
  2⤵
  PID:3664
- C:\Windows\System\uDOrUxn.exe
  C:\Windows\System\uDOrUxn.exe
  2⤵
  PID:3716
- C:\Windows\System\FXMJHyY.exe
  C:\Windows\System\FXMJHyY.exe
  2⤵
  PID:3720
- C:\Windows\System\gUEekFY.exe
  C:\Windows\System\gUEekFY.exe
  2⤵
  PID:3764
- C:\Windows\System\ZNWHnja.exe
  C:\Windows\System\ZNWHnja.exe
  2⤵
  PID:3808
- C:\Windows\System\EqePwjd.exe
  C:\Windows\System\EqePwjd.exe
  2⤵
  PID:2392
- C:\Windows\System\WXFHHlz.exe
  C:\Windows\System\WXFHHlz.exe
  2⤵
  PID:3860
- C:\Windows\System\aHJjeLe.exe
  C:\Windows\System\aHJjeLe.exe
  2⤵
  PID:3884
- C:\Windows\System\dJOCGvM.exe
  C:\Windows\System\dJOCGvM.exe
  2⤵
  PID:3928
- C:\Windows\System\IheywFu.exe
  C:\Windows\System\IheywFu.exe
  2⤵
  PID:3968
- C:\Windows\System\nwxWVmV.exe
  C:\Windows\System\nwxWVmV.exe
  2⤵
  PID:3988
- C:\Windows\System\guWrbZF.exe
  C:\Windows\System\guWrbZF.exe
  2⤵
  PID:4040
- C:\Windows\System\kyNwwsS.exe
  C:\Windows\System\kyNwwsS.exe
  2⤵
  PID:4060
- C:\Windows\System\GGeTCxA.exe
  C:\Windows\System\GGeTCxA.exe
  2⤵
  PID:4084
- C:\Windows\System\AMFrXvZ.exe
  C:\Windows\System\AMFrXvZ.exe
  2⤵
  PID:2940
- C:\Windows\System\GymzCde.exe
  C:\Windows\System\GymzCde.exe
  2⤵
  PID:1592
- C:\Windows\System\eZgxpNh.exe
  C:\Windows\System\eZgxpNh.exe
  2⤵
  PID:1544
- C:\Windows\System\gtvRMGS.exe
  C:\Windows\System\gtvRMGS.exe
  2⤵
  PID:2408
- C:\Windows\System\eebkWhm.exe
  C:\Windows\System\eebkWhm.exe
  2⤵
  PID:2808
- C:\Windows\System\IEVkTdS.exe
  C:\Windows\System\IEVkTdS.exe
  2⤵
  PID:268
- C:\Windows\System\lePhnWO.exe
  C:\Windows\System\lePhnWO.exe
  2⤵
  PID:3140
- C:\Windows\System\AOlslcq.exe
  C:\Windows\System\AOlslcq.exe
  2⤵
  PID:3232
- C:\Windows\System\pBHuCFp.exe
  C:\Windows\System\pBHuCFp.exe
  2⤵
  PID:3276
- C:\Windows\System\ivOXesa.exe
  C:\Windows\System\ivOXesa.exe
  2⤵
  PID:3360
- C:\Windows\System\ZLDCNci.exe
  C:\Windows\System\ZLDCNci.exe
  2⤵
  PID:3312
- C:\Windows\System\efuuZIa.exe
  C:\Windows\System\efuuZIa.exe
  2⤵
  PID:3416
- C:\Windows\System\fAsgbwt.exe
  C:\Windows\System\fAsgbwt.exe
  2⤵
  PID:3444
- C:\Windows\System\erePJaA.exe
  C:\Windows\System\erePJaA.exe
  2⤵
  PID:3564
- C:\Windows\System\WOfBOAt.exe
  C:\Windows\System\WOfBOAt.exe
  2⤵
  PID:3616
- C:\Windows\System\YCeJkDR.exe
  C:\Windows\System\YCeJkDR.exe
  2⤵
  PID:3596
- C:\Windows\System\MPYAHqk.exe
  C:\Windows\System\MPYAHqk.exe
  2⤵
  PID:3640
- C:\Windows\System\rhjlUBY.exe
  C:\Windows\System\rhjlUBY.exe
  2⤵
  PID:3700
- C:\Windows\System\FjSWUZb.exe
  C:\Windows\System\FjSWUZb.exe
  2⤵
  PID:3888
- C:\Windows\System\ZebOTQx.exe
  C:\Windows\System\ZebOTQx.exe
  2⤵
  PID:3828
- C:\Windows\System\xsuxqXy.exe
  C:\Windows\System\xsuxqXy.exe
  2⤵
  PID:3948
- C:\Windows\System\GybPMTM.exe
  C:\Windows\System\GybPMTM.exe
  2⤵
  PID:4020
- C:\Windows\System\rSMqLPH.exe
  C:\Windows\System\rSMqLPH.exe
  2⤵
  PID:4000
- C:\Windows\System\AlcZPgw.exe
  C:\Windows\System\AlcZPgw.exe
  2⤵
  PID:4044
- C:\Windows\System\iqeIhzd.exe
  C:\Windows\System\iqeIhzd.exe
  2⤵
  PID:904
- C:\Windows\System\OuqEQTW.exe
  C:\Windows\System\OuqEQTW.exe
  2⤵
  PID:916
- C:\Windows\System\nLQWjcE.exe
  C:\Windows\System\nLQWjcE.exe
  2⤵
  PID:2296
- C:\Windows\System\WCfIzyb.exe
  C:\Windows\System\WCfIzyb.exe
  2⤵
  PID:620
- C:\Windows\System\iPcNfLh.exe
  C:\Windows\System\iPcNfLh.exe
  2⤵
  PID:3136
- C:\Windows\System\vhlizvd.exe
  C:\Windows\System\vhlizvd.exe
  2⤵
  PID:3348
- C:\Windows\System\OiJpGfq.exe
  C:\Windows\System\OiJpGfq.exe
  2⤵
  PID:3352
- C:\Windows\System\eIEmXkm.exe
  C:\Windows\System\eIEmXkm.exe
  2⤵
  PID:3500
- C:\Windows\System\NQOqkGo.exe
  C:\Windows\System\NQOqkGo.exe
  2⤵
  PID:3660
- C:\Windows\System\tmubTeG.exe
  C:\Windows\System\tmubTeG.exe
  2⤵
  PID:3636
- C:\Windows\System\QGcAYnQ.exe
  C:\Windows\System\QGcAYnQ.exe
  2⤵
  PID:3656
- C:\Windows\System\FJbLsSk.exe
  C:\Windows\System\FJbLsSk.exe
  2⤵
  PID:3804
- C:\Windows\System\QTCPHWW.exe
  C:\Windows\System\QTCPHWW.exe
  2⤵
  PID:2424
- C:\Windows\System\FXircWx.exe
  C:\Windows\System\FXircWx.exe
  2⤵
  PID:3868
- C:\Windows\System\CPdQgvv.exe
  C:\Windows\System\CPdQgvv.exe
  2⤵
  PID:2124
- C:\Windows\System\wUFPxMW.exe
  C:\Windows\System\wUFPxMW.exe
  2⤵
  PID:2312
- C:\Windows\System\KfWxorB.exe
  C:\Windows\System\KfWxorB.exe
  2⤵
  PID:2596
- C:\Windows\System\ajQrJza.exe
  C:\Windows\System\ajQrJza.exe
  2⤵
  PID:3100
- C:\Windows\System\cyRqNqf.exe
  C:\Windows\System\cyRqNqf.exe
  2⤵
  PID:3188
- C:\Windows\System\wdtqLfx.exe
  C:\Windows\System\wdtqLfx.exe
  2⤵
  PID:3380
- C:\Windows\System\LrjfgXt.exe
  C:\Windows\System\LrjfgXt.exe
  2⤵
  PID:2780
- C:\Windows\System\yIjgDvc.exe
  C:\Windows\System\yIjgDvc.exe
  2⤵
  PID:4108
- C:\Windows\System\UgICHLy.exe
  C:\Windows\System\UgICHLy.exe
  2⤵
  PID:4128
- C:\Windows\System\jpqhnPu.exe
  C:\Windows\System\jpqhnPu.exe
  2⤵
  PID:4148
- C:\Windows\System\bcbLlsu.exe
  C:\Windows\System\bcbLlsu.exe
  2⤵
  PID:4168
- C:\Windows\System\JoiKrKQ.exe
  C:\Windows\System\JoiKrKQ.exe
  2⤵
  PID:4188
- C:\Windows\System\oGtnKpB.exe
  C:\Windows\System\oGtnKpB.exe
  2⤵
  PID:4208
- C:\Windows\System\FDbiAeb.exe
  C:\Windows\System\FDbiAeb.exe
  2⤵
  PID:4228
- C:\Windows\System\zNMpVqd.exe
  C:\Windows\System\zNMpVqd.exe
  2⤵
  PID:4248
- C:\Windows\System\yuqnZjF.exe
  C:\Windows\System\yuqnZjF.exe
  2⤵
  PID:4268
- C:\Windows\System\JtwlpXi.exe
  C:\Windows\System\JtwlpXi.exe
  2⤵
  PID:4288
- C:\Windows\System\BSXfuIM.exe
  C:\Windows\System\BSXfuIM.exe
  2⤵
  PID:4308
- C:\Windows\System\lodxAqM.exe
  C:\Windows\System\lodxAqM.exe
  2⤵
  PID:4328
- C:\Windows\System\IDPncna.exe
  C:\Windows\System\IDPncna.exe
  2⤵
  PID:4348
- C:\Windows\System\DViapag.exe
  C:\Windows\System\DViapag.exe
  2⤵
  PID:4368
- C:\Windows\System\mqtISRQ.exe
  C:\Windows\System\mqtISRQ.exe
  2⤵
  PID:4388
- C:\Windows\System\YItFKwX.exe
  C:\Windows\System\YItFKwX.exe
  2⤵
  PID:4408
- C:\Windows\System\vehcvGk.exe
  C:\Windows\System\vehcvGk.exe
  2⤵
  PID:4428
- C:\Windows\System\ktCKBZB.exe
  C:\Windows\System\ktCKBZB.exe
  2⤵
  PID:4448
- C:\Windows\System\adnEdrb.exe
  C:\Windows\System\adnEdrb.exe
  2⤵
  PID:4468
- C:\Windows\System\koSyYUa.exe
  C:\Windows\System\koSyYUa.exe
  2⤵
  PID:4488
- C:\Windows\System\dyovyad.exe
  C:\Windows\System\dyovyad.exe
  2⤵
  PID:4508
- C:\Windows\System\ahHuHtY.exe
  C:\Windows\System\ahHuHtY.exe
  2⤵
  PID:4528
- C:\Windows\System\mPEcAwz.exe
  C:\Windows\System\mPEcAwz.exe
  2⤵
  PID:4548
- C:\Windows\System\ftTNJdY.exe
  C:\Windows\System\ftTNJdY.exe
  2⤵
  PID:4568
- C:\Windows\System\PoofJTe.exe
  C:\Windows\System\PoofJTe.exe
  2⤵
  PID:4588
- C:\Windows\System\ViqbxdI.exe
  C:\Windows\System\ViqbxdI.exe
  2⤵
  PID:4608
- C:\Windows\System\SsYmolq.exe
  C:\Windows\System\SsYmolq.exe
  2⤵
  PID:4628
- C:\Windows\System\VGBSIYN.exe
  C:\Windows\System\VGBSIYN.exe
  2⤵
  PID:4648
- C:\Windows\System\CLTElPR.exe
  C:\Windows\System\CLTElPR.exe
  2⤵
  PID:4668
- C:\Windows\System\kxgAxQB.exe
  C:\Windows\System\kxgAxQB.exe
  2⤵
  PID:4688
- C:\Windows\System\QMqsXKu.exe
  C:\Windows\System\QMqsXKu.exe
  2⤵
  PID:4708
- C:\Windows\System\RBaeQfN.exe
  C:\Windows\System\RBaeQfN.exe
  2⤵
  PID:4728
- C:\Windows\System\lQFdRew.exe
  C:\Windows\System\lQFdRew.exe
  2⤵
  PID:4752
- C:\Windows\System\pHEBbKY.exe
  C:\Windows\System\pHEBbKY.exe
  2⤵
  PID:4772
- C:\Windows\System\qQqhROL.exe
  C:\Windows\System\qQqhROL.exe
  2⤵
  PID:4792
- C:\Windows\System\iFbtabt.exe
  C:\Windows\System\iFbtabt.exe
  2⤵
  PID:4812
- C:\Windows\System\WpNWtoJ.exe
  C:\Windows\System\WpNWtoJ.exe
  2⤵
  PID:4832
- C:\Windows\System\NIBELQk.exe
  C:\Windows\System\NIBELQk.exe
  2⤵
  PID:4852
- C:\Windows\System\YletQhZ.exe
  C:\Windows\System\YletQhZ.exe
  2⤵
  PID:4872
- C:\Windows\System\YyKhXoE.exe
  C:\Windows\System\YyKhXoE.exe
  2⤵
  PID:4892
- C:\Windows\System\PqfStwd.exe
  C:\Windows\System\PqfStwd.exe
  2⤵
  PID:4912
- C:\Windows\System\JLLeViM.exe
  C:\Windows\System\JLLeViM.exe
  2⤵
  PID:4932
- C:\Windows\System\VEfnWgl.exe
  C:\Windows\System\VEfnWgl.exe
  2⤵
  PID:4952
- C:\Windows\System\wlxvYLF.exe
  C:\Windows\System\wlxvYLF.exe
  2⤵
  PID:4972
- C:\Windows\System\BdAYjnt.exe
  C:\Windows\System\BdAYjnt.exe
  2⤵
  PID:4992
- C:\Windows\System\BWuEyyw.exe
  C:\Windows\System\BWuEyyw.exe
  2⤵
  PID:5016
- C:\Windows\System\CtyDIUz.exe
  C:\Windows\System\CtyDIUz.exe
  2⤵
  PID:5036
- C:\Windows\System\KNejQRK.exe
  C:\Windows\System\KNejQRK.exe
  2⤵
  PID:5056
- C:\Windows\System\PJzQlht.exe
  C:\Windows\System\PJzQlht.exe
  2⤵
  PID:5076
- C:\Windows\System\HogmgcJ.exe
  C:\Windows\System\HogmgcJ.exe
  2⤵
  PID:5096
- C:\Windows\System\IEJjlCx.exe
  C:\Windows\System\IEJjlCx.exe
  2⤵
  PID:5116
- C:\Windows\System\XJrScSK.exe
  C:\Windows\System\XJrScSK.exe
  2⤵
  PID:3604
- C:\Windows\System\GLANKNK.exe
  C:\Windows\System\GLANKNK.exe
  2⤵
  PID:3780
- C:\Windows\System\ViiFJHg.exe
  C:\Windows\System\ViiFJHg.exe
  2⤵
  PID:4068
- C:\Windows\System\wmCpJkA.exe
  C:\Windows\System\wmCpJkA.exe
  2⤵
  PID:2816
- C:\Windows\System\rSvRETN.exe
  C:\Windows\System\rSvRETN.exe
  2⤵
  PID:3424
- C:\Windows\System\MxHMSAc.exe
  C:\Windows\System\MxHMSAc.exe
  2⤵
  PID:3456
- C:\Windows\System\UrscyAC.exe
  C:\Windows\System\UrscyAC.exe
  2⤵
  PID:3496
- C:\Windows\System\pkiQpdG.exe
  C:\Windows\System\pkiQpdG.exe
  2⤵
  PID:4140
- C:\Windows\System\Kbwkwqs.exe
  C:\Windows\System\Kbwkwqs.exe
  2⤵
  PID:4156
- C:\Windows\System\TLwkKBR.exe
  C:\Windows\System\TLwkKBR.exe
  2⤵
  PID:4224
- C:\Windows\System\vOhjltp.exe
  C:\Windows\System\vOhjltp.exe
  2⤵
  PID:4256
- C:\Windows\System\xfOlEDv.exe
  C:\Windows\System\xfOlEDv.exe
  2⤵
  PID:4260
- C:\Windows\System\BGTrGRs.exe
  C:\Windows\System\BGTrGRs.exe
  2⤵
  PID:4280
- C:\Windows\System\mxLSiJF.exe
  C:\Windows\System\mxLSiJF.exe
  2⤵
  PID:4344
- C:\Windows\System\AVQyNZC.exe
  C:\Windows\System\AVQyNZC.exe
  2⤵
  PID:4384
- C:\Windows\System\fDGenzE.exe
  C:\Windows\System\fDGenzE.exe
  2⤵
  PID:4396
- C:\Windows\System\XTAGcYx.exe
  C:\Windows\System\XTAGcYx.exe
  2⤵
  PID:4420
- C:\Windows\System\aVJgrQK.exe
  C:\Windows\System\aVJgrQK.exe
  2⤵
  PID:4464
- C:\Windows\System\FvYRzVG.exe
  C:\Windows\System\FvYRzVG.exe
  2⤵
  PID:4504
- C:\Windows\System\lQxdybn.exe
  C:\Windows\System\lQxdybn.exe
  2⤵
  PID:4484
- C:\Windows\System\AXjmEMc.exe
  C:\Windows\System\AXjmEMc.exe
  2⤵
  PID:4556
- C:\Windows\System\nMmMjnM.exe
  C:\Windows\System\nMmMjnM.exe
  2⤵
  PID:4580
- C:\Windows\System\SLLPKcl.exe
  C:\Windows\System\SLLPKcl.exe
  2⤵
  PID:4664
- C:\Windows\System\RacJhQY.exe
  C:\Windows\System\RacJhQY.exe
  2⤵
  PID:4644
- C:\Windows\System\AGXbQqg.exe
  C:\Windows\System\AGXbQqg.exe
  2⤵
  PID:4680
- C:\Windows\System\cZwLomJ.exe
  C:\Windows\System\cZwLomJ.exe
  2⤵
  PID:4744
- C:\Windows\System\Eixitnv.exe
  C:\Windows\System\Eixitnv.exe
  2⤵
  PID:4716
- C:\Windows\System\dSIxmtq.exe
  C:\Windows\System\dSIxmtq.exe
  2⤵
  PID:4780
- C:\Windows\System\IfpCntm.exe
  C:\Windows\System\IfpCntm.exe
  2⤵
  PID:4828
- C:\Windows\System\gGrSDRQ.exe
  C:\Windows\System\gGrSDRQ.exe
  2⤵
  PID:4840
- C:\Windows\System\xaYjAur.exe
  C:\Windows\System\xaYjAur.exe
  2⤵
  PID:4900
- C:\Windows\System\yMcKmCi.exe
  C:\Windows\System\yMcKmCi.exe
  2⤵
  PID:4880
- C:\Windows\System\MzPsnCO.exe
  C:\Windows\System\MzPsnCO.exe
  2⤵
  PID:4920
- C:\Windows\System\QxWkQjD.exe
  C:\Windows\System\QxWkQjD.exe
  2⤵
  PID:4960
- C:\Windows\System\VZMQTmJ.exe
  C:\Windows\System\VZMQTmJ.exe
  2⤵
  PID:4984
- C:\Windows\System\BTylGuU.exe
  C:\Windows\System\BTylGuU.exe
  2⤵
  PID:2420
- C:\Windows\System\PcozQeI.exe
  C:\Windows\System\PcozQeI.exe
  2⤵
  PID:5052
- C:\Windows\System\gQzvfMr.exe
  C:\Windows\System\gQzvfMr.exe
  2⤵
  PID:5092
- C:\Windows\System\WjTIHYA.exe
  C:\Windows\System\WjTIHYA.exe
  2⤵
  PID:3796
- C:\Windows\System\DvfxUOZ.exe
  C:\Windows\System\DvfxUOZ.exe
  2⤵
  PID:3840
- C:\Windows\System\hJGwygY.exe
  C:\Windows\System\hJGwygY.exe
  2⤵
  PID:2748
- C:\Windows\System\fOesHir.exe
  C:\Windows\System\fOesHir.exe
  2⤵
  PID:3980
- C:\Windows\System\lEGjudK.exe
  C:\Windows\System\lEGjudK.exe
  2⤵
  PID:1516
- C:\Windows\System\fTrIwQW.exe
  C:\Windows\System\fTrIwQW.exe
  2⤵
  PID:3132
- C:\Windows\System\iWosCYf.exe
  C:\Windows\System\iWosCYf.exe
  2⤵
  PID:4144
- C:\Windows\System\iyQMRta.exe
  C:\Windows\System\iyQMRta.exe
  2⤵
  PID:4184
- C:\Windows\System\FnjtGsL.exe
  C:\Windows\System\FnjtGsL.exe
  2⤵
  PID:4240
- C:\Windows\System\nfCLQzy.exe
  C:\Windows\System\nfCLQzy.exe
  2⤵
  PID:4284
- C:\Windows\System\gtxVYlx.exe
  C:\Windows\System\gtxVYlx.exe
  2⤵
  PID:4324
- C:\Windows\System\lzZOwEZ.exe
  C:\Windows\System\lzZOwEZ.exe
  2⤵
  PID:4360
- C:\Windows\System\HxQvCxy.exe
  C:\Windows\System\HxQvCxy.exe
  2⤵
  PID:4444
- C:\Windows\System\UJjTMqM.exe
  C:\Windows\System\UJjTMqM.exe
  2⤵
  PID:4440
- C:\Windows\System\GstCMvE.exe
  C:\Windows\System\GstCMvE.exe
  2⤵
  PID:2560
- C:\Windows\System\glZGbba.exe
  C:\Windows\System\glZGbba.exe
  2⤵
  PID:4576
- C:\Windows\System\gCLlJdA.exe
  C:\Windows\System\gCLlJdA.exe
  2⤵
  PID:2332
- C:\Windows\System\wWOLZbE.exe
  C:\Windows\System\wWOLZbE.exe
  2⤵
  PID:4620
- C:\Windows\System\fHKAVDh.exe
  C:\Windows\System\fHKAVDh.exe
  2⤵
  PID:4736
- C:\Windows\System\hWTLUeB.exe
  C:\Windows\System\hWTLUeB.exe
  2⤵
  PID:808
- C:\Windows\System\pZoUqip.exe
  C:\Windows\System\pZoUqip.exe
  2⤵
  PID:4720
- C:\Windows\System\YJzmvvy.exe
  C:\Windows\System\YJzmvvy.exe
  2⤵
  PID:4804
- C:\Windows\System\GSsyJxg.exe
  C:\Windows\System\GSsyJxg.exe
  2⤵
  PID:4908
- C:\Windows\System\ullOHGy.exe
  C:\Windows\System\ullOHGy.exe
  2⤵
  PID:2756
- C:\Windows\System\QYlzBdX.exe
  C:\Windows\System\QYlzBdX.exe
  2⤵
  PID:4928
- C:\Windows\System\UzFGsXi.exe
  C:\Windows\System\UzFGsXi.exe
  2⤵
  PID:4964
- C:\Windows\System\CJqyjZt.exe
  C:\Windows\System\CJqyjZt.exe
  2⤵
  PID:5072
- C:\Windows\System\rvPrcRq.exe
  C:\Windows\System\rvPrcRq.exe
  2⤵
  PID:3740
- C:\Windows\System\JqokCKN.exe
  C:\Windows\System\JqokCKN.exe
  2⤵
  PID:5112
- C:\Windows\System\jBvGUuR.exe
  C:\Windows\System\jBvGUuR.exe
  2⤵
  PID:2612
- C:\Windows\System\wZDjluK.exe
  C:\Windows\System\wZDjluK.exe
  2⤵
  PID:1680
- C:\Windows\System\dTAbJjI.exe
  C:\Windows\System\dTAbJjI.exe
  2⤵
  PID:2476
- C:\Windows\System\bGGHTNY.exe
  C:\Windows\System\bGGHTNY.exe
  2⤵
  PID:4120
- C:\Windows\System\tljSNEz.exe
  C:\Windows\System\tljSNEz.exe
  2⤵
  PID:4196
- C:\Windows\System\alfbLGn.exe
  C:\Windows\System\alfbLGn.exe
  2⤵
  PID:4376
- C:\Windows\System\YMFMNEX.exe
  C:\Windows\System\YMFMNEX.exe
  2⤵
  PID:1440
- C:\Windows\System\MvsYOBt.exe
  C:\Windows\System\MvsYOBt.exe
  2⤵
  PID:1500
- C:\Windows\System\XnkQRog.exe
  C:\Windows\System\XnkQRog.exe
  2⤵
  PID:1716
- C:\Windows\System\lZDIohl.exe
  C:\Windows\System\lZDIohl.exe
  2⤵
  PID:4656
- C:\Windows\System\ESGewFH.exe
  C:\Windows\System\ESGewFH.exe
  2⤵
  PID:4684
- C:\Windows\System\ELWdVfU.exe
  C:\Windows\System\ELWdVfU.exe
  2⤵
  PID:2196
- C:\Windows\System\pCBcMdM.exe
  C:\Windows\System\pCBcMdM.exe
  2⤵
  PID:1996
- C:\Windows\System\oBajtTz.exe
  C:\Windows\System\oBajtTz.exe
  2⤵
  PID:4824
- C:\Windows\System\QsaSlhE.exe
  C:\Windows\System\QsaSlhE.exe
  2⤵
  PID:4948
- C:\Windows\System\sUHhVod.exe
  C:\Windows\System\sUHhVod.exe
  2⤵
  PID:5064
- C:\Windows\System\xMIbMIm.exe
  C:\Windows\System\xMIbMIm.exe
  2⤵
  PID:5004
- C:\Windows\System\zleoMZo.exe
  C:\Windows\System\zleoMZo.exe
  2⤵
  PID:1784
- C:\Windows\System\KyjTtdE.exe
  C:\Windows\System\KyjTtdE.exe
  2⤵
  PID:3240
- C:\Windows\System\HfgkVZf.exe
  C:\Windows\System\HfgkVZf.exe
  2⤵
  PID:4160
- C:\Windows\System\kfNbBZd.exe
  C:\Windows\System\kfNbBZd.exe
  2⤵
  PID:4296
- C:\Windows\System\jvSAePk.exe
  C:\Windows\System\jvSAePk.exe
  2⤵
  PID:4316
- C:\Windows\System\gJSJTeo.exe
  C:\Windows\System\gJSJTeo.exe
  2⤵
  PID:4424
- C:\Windows\System\TLhkNav.exe
  C:\Windows\System\TLhkNav.exe
  2⤵
  PID:4520
- C:\Windows\System\dHCxAdQ.exe
  C:\Windows\System\dHCxAdQ.exe
  2⤵
  PID:2572
- C:\Windows\System\LGoDAQL.exe
  C:\Windows\System\LGoDAQL.exe
  2⤵
  PID:2216
- C:\Windows\System\tOtpYHy.exe
  C:\Windows\System\tOtpYHy.exe
  2⤵
  PID:5028
- C:\Windows\System\yOcKKvk.exe
  C:\Windows\System\yOcKKvk.exe
  2⤵
  PID:5068
- C:\Windows\System\bosNDoA.exe
  C:\Windows\System\bosNDoA.exe
  2⤵
  PID:2836
- C:\Windows\System\hAjxxsu.exe
  C:\Windows\System\hAjxxsu.exe
  2⤵
  PID:300
- C:\Windows\System\YWnPVBV.exe
  C:\Windows\System\YWnPVBV.exe
  2⤵
  PID:1772
- C:\Windows\System\uNKHPek.exe
  C:\Windows\System\uNKHPek.exe
  2⤵
  PID:1164
- C:\Windows\System\cpyWvEA.exe
  C:\Windows\System\cpyWvEA.exe
  2⤵
  PID:5140
- C:\Windows\System\mXQOMSm.exe
  C:\Windows\System\mXQOMSm.exe
  2⤵
  PID:5160
- C:\Windows\System\gsOQXSy.exe
  C:\Windows\System\gsOQXSy.exe
  2⤵
  PID:5180
- C:\Windows\System\zjVxjDZ.exe
  C:\Windows\System\zjVxjDZ.exe
  2⤵
  PID:5200
- C:\Windows\System\CpyiRAx.exe
  C:\Windows\System\CpyiRAx.exe
  2⤵
  PID:5220
- C:\Windows\System\GinqWTb.exe
  C:\Windows\System\GinqWTb.exe
  2⤵
  PID:5240
- C:\Windows\System\MTyvUwh.exe
  C:\Windows\System\MTyvUwh.exe
  2⤵
  PID:5260
- C:\Windows\System\CPXnnpI.exe
  C:\Windows\System\CPXnnpI.exe
  2⤵
  PID:5280
- C:\Windows\System\vwasfmd.exe
  C:\Windows\System\vwasfmd.exe
  2⤵
  PID:5300
- C:\Windows\System\tjFUdYO.exe
  C:\Windows\System\tjFUdYO.exe
  2⤵
  PID:5320
- C:\Windows\System\OLzhzmN.exe
  C:\Windows\System\OLzhzmN.exe
  2⤵
  PID:5340
- C:\Windows\System\mFHsYaK.exe
  C:\Windows\System\mFHsYaK.exe
  2⤵
  PID:5360
- C:\Windows\System\WNlBvaL.exe
  C:\Windows\System\WNlBvaL.exe
  2⤵
  PID:5380
- C:\Windows\System\rzvcdfZ.exe
  C:\Windows\System\rzvcdfZ.exe
  2⤵
  PID:5400
- C:\Windows\System\FnrZuAd.exe
  C:\Windows\System\FnrZuAd.exe
  2⤵
  PID:5420
- C:\Windows\System\EOaAWoW.exe
  C:\Windows\System\EOaAWoW.exe
  2⤵
  PID:5440
- C:\Windows\System\pUlkurD.exe
  C:\Windows\System\pUlkurD.exe
  2⤵
  PID:5460
- C:\Windows\System\DqUVSZx.exe
  C:\Windows\System\DqUVSZx.exe
  2⤵
  PID:5480
- C:\Windows\System\GegXxIa.exe
  C:\Windows\System\GegXxIa.exe
  2⤵
  PID:5500
- C:\Windows\System\rEgTokB.exe
  C:\Windows\System\rEgTokB.exe
  2⤵
  PID:5520
- C:\Windows\System\GJZYVrM.exe
  C:\Windows\System\GJZYVrM.exe
  2⤵
  PID:5540
- C:\Windows\System\XLExAUx.exe
  C:\Windows\System\XLExAUx.exe
  2⤵
  PID:5560
- C:\Windows\System\hpkFMWc.exe
  C:\Windows\System\hpkFMWc.exe
  2⤵
  PID:5580
- C:\Windows\System\ULxkKUY.exe
  C:\Windows\System\ULxkKUY.exe
  2⤵
  PID:5600
- C:\Windows\System\OspvpJe.exe
  C:\Windows\System\OspvpJe.exe
  2⤵
  PID:5620
- C:\Windows\System\IfhCXfb.exe
  C:\Windows\System\IfhCXfb.exe
  2⤵
  PID:5640
- C:\Windows\System\UpveHAh.exe
  C:\Windows\System\UpveHAh.exe
  2⤵
  PID:5660
- C:\Windows\System\NqgukPQ.exe
  C:\Windows\System\NqgukPQ.exe
  2⤵
  PID:5680
- C:\Windows\System\nideTVM.exe
  C:\Windows\System\nideTVM.exe
  2⤵
  PID:5700
- C:\Windows\System\BXOhgxH.exe
  C:\Windows\System\BXOhgxH.exe
  2⤵
  PID:5720
- C:\Windows\System\yJZvYEC.exe
  C:\Windows\System\yJZvYEC.exe
  2⤵
  PID:5740
- C:\Windows\System\kWJAUPs.exe
  C:\Windows\System\kWJAUPs.exe
  2⤵
  PID:5760
- C:\Windows\System\KGqeiEZ.exe
  C:\Windows\System\KGqeiEZ.exe
  2⤵
  PID:5780
- C:\Windows\System\lMXLczV.exe
  C:\Windows\System\lMXLczV.exe
  2⤵
  PID:5800
- C:\Windows\System\EdUnNRi.exe
  C:\Windows\System\EdUnNRi.exe
  2⤵
  PID:5820
- C:\Windows\System\zDtxPmG.exe
  C:\Windows\System\zDtxPmG.exe
  2⤵
  PID:5840
- C:\Windows\System\UJcFLxy.exe
  C:\Windows\System\UJcFLxy.exe
  2⤵
  PID:5860
- C:\Windows\System\jtQAYti.exe
  C:\Windows\System\jtQAYti.exe
  2⤵
  PID:5880
- C:\Windows\System\NAdDfrl.exe
  C:\Windows\System\NAdDfrl.exe
  2⤵
  PID:5900
- C:\Windows\System\jMfTAcq.exe
  C:\Windows\System\jMfTAcq.exe
  2⤵
  PID:5920
- C:\Windows\System\NCfJDEl.exe
  C:\Windows\System\NCfJDEl.exe
  2⤵
  PID:5940
- C:\Windows\System\HNGXvwH.exe
  C:\Windows\System\HNGXvwH.exe
  2⤵
  PID:5960
- C:\Windows\System\KgcDwXo.exe
  C:\Windows\System\KgcDwXo.exe
  2⤵
  PID:5980
- C:\Windows\System\ZwNcAZL.exe
  C:\Windows\System\ZwNcAZL.exe
  2⤵
  PID:6000
- C:\Windows\System\iEprBei.exe
  C:\Windows\System\iEprBei.exe
  2⤵
  PID:6020
- C:\Windows\System\uIqkRLZ.exe
  C:\Windows\System\uIqkRLZ.exe
  2⤵
  PID:6040
- C:\Windows\System\qxpWurC.exe
  C:\Windows\System\qxpWurC.exe
  2⤵
  PID:6060
- C:\Windows\System\mFFOXIq.exe
  C:\Windows\System\mFFOXIq.exe
  2⤵
  PID:6076
- C:\Windows\System\GeVALOV.exe
  C:\Windows\System\GeVALOV.exe
  2⤵
  PID:6100
- C:\Windows\System\JfVPcjC.exe
  C:\Windows\System\JfVPcjC.exe
  2⤵
  PID:6120
- C:\Windows\System\gofbkJS.exe
  C:\Windows\System\gofbkJS.exe
  2⤵
  PID:6140
- C:\Windows\System\plXboql.exe
  C:\Windows\System\plXboql.exe
  2⤵
  PID:4516
- C:\Windows\System\RUZutlc.exe
  C:\Windows\System\RUZutlc.exe
  2⤵
  PID:4864
- C:\Windows\System\QSsxDLQ.exe
  C:\Windows\System\QSsxDLQ.exe
  2⤵
  PID:2132
- C:\Windows\System\tzVbwiz.exe
  C:\Windows\System\tzVbwiz.exe
  2⤵
  PID:2760
- C:\Windows\System\eXkLlks.exe
  C:\Windows\System\eXkLlks.exe
  2⤵
  PID:4116
- C:\Windows\System\JztECqt.exe
  C:\Windows\System\JztECqt.exe
  2⤵
  PID:5136
- C:\Windows\System\omTJqlh.exe
  C:\Windows\System\omTJqlh.exe
  2⤵
  PID:5156
- C:\Windows\System\fLuRiDC.exe
  C:\Windows\System\fLuRiDC.exe
  2⤵
  PID:5188
- C:\Windows\System\tTdtzEm.exe
  C:\Windows\System\tTdtzEm.exe
  2⤵
  PID:3800
- C:\Windows\System\gTsZwEf.exe
  C:\Windows\System\gTsZwEf.exe
  2⤵
  PID:5256
- C:\Windows\System\nHUxReS.exe
  C:\Windows\System\nHUxReS.exe
  2⤵
  PID:5288
- C:\Windows\System\ophxlvG.exe
  C:\Windows\System\ophxlvG.exe
  2⤵
  PID:5336
- C:\Windows\System\ONDnbIA.exe
  C:\Windows\System\ONDnbIA.exe
  2⤵
  PID:5332
- C:\Windows\System\Rqwdueg.exe
  C:\Windows\System\Rqwdueg.exe
  2⤵
  PID:5352
- C:\Windows\System\QjoGoMO.exe
  C:\Windows\System\QjoGoMO.exe
  2⤵
  PID:5396
- C:\Windows\System\zwIqbjz.exe
  C:\Windows\System\zwIqbjz.exe
  2⤵
  PID:5428
- C:\Windows\System\BRdIqWp.exe
  C:\Windows\System\BRdIqWp.exe
  2⤵
  PID:2568
- C:\Windows\System\kkoYqcK.exe
  C:\Windows\System\kkoYqcK.exe
  2⤵
  PID:5492
- C:\Windows\System\PKzLMTB.exe
  C:\Windows\System\PKzLMTB.exe
  2⤵
  PID:5528
- C:\Windows\System\SpsybPX.exe
  C:\Windows\System\SpsybPX.exe
  2⤵
  PID:5556
- C:\Windows\System\pSoYVjA.exe
  C:\Windows\System\pSoYVjA.exe
  2⤵
  PID:5616
- C:\Windows\System\wjLzVlw.exe
  C:\Windows\System\wjLzVlw.exe
  2⤵
  PID:5648
- C:\Windows\System\bhiNIlT.exe
  C:\Windows\System\bhiNIlT.exe
  2⤵
  PID:5652
- C:\Windows\System\IwdaMGu.exe
  C:\Windows\System\IwdaMGu.exe
  2⤵
  PID:5676
- C:\Windows\System\HVdBgtQ.exe
  C:\Windows\System\HVdBgtQ.exe
  2⤵
  PID:5728
- C:\Windows\System\YHAxzEe.exe
  C:\Windows\System\YHAxzEe.exe
  2⤵
  PID:5768
- C:\Windows\System\bngWQRV.exe
  C:\Windows\System\bngWQRV.exe
  2⤵
  PID:5772
- C:\Windows\System\qmLjmLw.exe
  C:\Windows\System\qmLjmLw.exe
  2⤵
  PID:5812
- C:\Windows\System\bzQpbSb.exe
  C:\Windows\System\bzQpbSb.exe
  2⤵
  PID:5836
- C:\Windows\System\upxtzUq.exe
  C:\Windows\System\upxtzUq.exe
  2⤵
  PID:5896
- C:\Windows\System\yAnFZgc.exe
  C:\Windows\System\yAnFZgc.exe
  2⤵
  PID:5908
- C:\Windows\System\MyKScbv.exe
  C:\Windows\System\MyKScbv.exe
  2⤵
  PID:5932
- C:\Windows\System\vDQZFXp.exe
  C:\Windows\System\vDQZFXp.exe
  2⤵
  PID:5956
- C:\Windows\System\jwHiNCq.exe
  C:\Windows\System\jwHiNCq.exe
  2⤵
  PID:5988
- C:\Windows\System\YtYQSJU.exe
  C:\Windows\System\YtYQSJU.exe
  2⤵
  PID:6048
- C:\Windows\System\yPGuzyK.exe
  C:\Windows\System\yPGuzyK.exe
  2⤵
  PID:548
- C:\Windows\System\JWNFHVo.exe
  C:\Windows\System\JWNFHVo.exe
  2⤵
  PID:6088
- C:\Windows\System\olRYmEc.exe
  C:\Windows\System\olRYmEc.exe
  2⤵
  PID:6112
- C:\Windows\System\sNezmTl.exe
  C:\Windows\System\sNezmTl.exe
  2⤵
  PID:2208
- C:\Windows\System\MCMbnNZ.exe
  C:\Windows\System\MCMbnNZ.exe
  2⤵
  PID:2688
- C:\Windows\System\UDwxCQd.exe
  C:\Windows\System\UDwxCQd.exe
  2⤵
  PID:2828
- C:\Windows\System\ByZfreQ.exe
  C:\Windows\System\ByZfreQ.exe
  2⤵
  PID:5128
- C:\Windows\System\FvUCwVg.exe
  C:\Windows\System\FvUCwVg.exe
  2⤵
  PID:2772
- C:\Windows\System\wtsnLIt.exe
  C:\Windows\System\wtsnLIt.exe
  2⤵
  PID:5192
- C:\Windows\System\pOWFzVF.exe
  C:\Windows\System\pOWFzVF.exe
  2⤵
  PID:5228
- C:\Windows\System\zlfhTGo.exe
  C:\Windows\System\zlfhTGo.exe
  2⤵
  PID:5328
- C:\Windows\System\fPiwKud.exe
  C:\Windows\System\fPiwKud.exe
  2⤵
  PID:2400
- C:\Windows\System\evozlQt.exe
  C:\Windows\System\evozlQt.exe
  2⤵
  PID:5388
- C:\Windows\System\vNieFbM.exe
  C:\Windows\System\vNieFbM.exe
  2⤵
  PID:5452
- C:\Windows\System\tGIhEUi.exe
  C:\Windows\System\tGIhEUi.exe
  2⤵
  PID:5512
- C:\Windows\System\xciQctw.exe
  C:\Windows\System\xciQctw.exe
  2⤵
  PID:5576
- C:\Windows\System\nithnCK.exe
  C:\Windows\System\nithnCK.exe
  2⤵
  PID:5572
- C:\Windows\System\JxmrOVp.exe
  C:\Windows\System\JxmrOVp.exe
  2⤵
  PID:2956
- C:\Windows\System\DGxllhq.exe
  C:\Windows\System\DGxllhq.exe
  2⤵
  PID:5732
- C:\Windows\System\FExyPMD.exe
  C:\Windows\System\FExyPMD.exe
  2⤵
  PID:5748
- C:\Windows\System\dZyVszN.exe
  C:\Windows\System\dZyVszN.exe
  2⤵
  PID:5796
- C:\Windows\System\vLBJSYx.exe
  C:\Windows\System\vLBJSYx.exe
  2⤵
  PID:5856
- C:\Windows\System\RjPHnwh.exe
  C:\Windows\System\RjPHnwh.exe
  2⤵
  PID:2880
- C:\Windows\System\IxHjLna.exe
  C:\Windows\System\IxHjLna.exe
  2⤵
  PID:5872
- C:\Windows\System\NZJuVZX.exe
  C:\Windows\System\NZJuVZX.exe
  2⤵
  PID:6016
- C:\Windows\System\fqbJWyQ.exe
  C:\Windows\System\fqbJWyQ.exe
  2⤵
  PID:6036
- C:\Windows\System\wGUUinH.exe
  C:\Windows\System\wGUUinH.exe
  2⤵
  PID:6108
- C:\Windows\System\xeAPFkO.exe
  C:\Windows\System\xeAPFkO.exe
  2⤵
  PID:6096
- C:\Windows\System\NqzoPny.exe
  C:\Windows\System\NqzoPny.exe
  2⤵
  PID:4660
- C:\Windows\System\LOXKoEL.exe
  C:\Windows\System\LOXKoEL.exe
  2⤵
  PID:5044
- C:\Windows\System\lAdjqnx.exe
  C:\Windows\System\lAdjqnx.exe
  2⤵
  PID:2272
- C:\Windows\System\MfKMrob.exe
  C:\Windows\System\MfKMrob.exe
  2⤵
  PID:2228
- C:\Windows\System\GnHQVyx.exe
  C:\Windows\System\GnHQVyx.exe
  2⤵
  PID:3044
- C:\Windows\System\DsKLzPj.exe
  C:\Windows\System\DsKLzPj.exe
  2⤵
  PID:1872
- C:\Windows\System\GhqyaXl.exe
  C:\Windows\System\GhqyaXl.exe
  2⤵
  PID:1940
- C:\Windows\System\wtitpwi.exe
  C:\Windows\System\wtitpwi.exe
  2⤵
  PID:5376
- C:\Windows\System\hHXHwkT.exe
  C:\Windows\System\hHXHwkT.exe
  2⤵
  PID:2820
- C:\Windows\System\vmYTOGX.exe
  C:\Windows\System\vmYTOGX.exe
  2⤵
  PID:1992
- C:\Windows\System\bDMPSiw.exe
  C:\Windows\System\bDMPSiw.exe
  2⤵
  PID:5548
- C:\Windows\System\dHHNUIV.exe
  C:\Windows\System\dHHNUIV.exe
  2⤵
  PID:5692
- C:\Windows\System\uJpWDZz.exe
  C:\Windows\System\uJpWDZz.exe
  2⤵
  PID:5708
- C:\Windows\System\QmPNssh.exe
  C:\Windows\System\QmPNssh.exe
  2⤵
  PID:1320
- C:\Windows\System\BwrsIAv.exe
  C:\Windows\System\BwrsIAv.exe
  2⤵
  PID:2680
- C:\Windows\System\oivACgT.exe
  C:\Windows\System\oivACgT.exe
  2⤵
  PID:1528
- C:\Windows\System\BYeCPCd.exe
  C:\Windows\System\BYeCPCd.exe
  2⤵
  PID:5948
- C:\Windows\System\cZXvrZZ.exe
  C:\Windows\System\cZXvrZZ.exe
  2⤵
  PID:6028
- C:\Windows\System\criLEmZ.exe
  C:\Windows\System\criLEmZ.exe
  2⤵
  PID:5996
- C:\Windows\System\pTAvOrD.exe
  C:\Windows\System\pTAvOrD.exe
  2⤵
  PID:2892
- C:\Windows\System\tqInxCU.exe
  C:\Windows\System\tqInxCU.exe
  2⤵
  PID:2328
- C:\Windows\System\uRwunrC.exe
  C:\Windows\System\uRwunrC.exe
  2⤵
  PID:2788
- C:\Windows\System\tNFViIX.exe
  C:\Windows\System\tNFViIX.exe
  2⤵
  PID:4860
- C:\Windows\System\gjeykpO.exe
  C:\Windows\System\gjeykpO.exe
  2⤵
  PID:1956
- C:\Windows\System\BaDxfzF.exe
  C:\Windows\System\BaDxfzF.exe
  2⤵
  PID:1944
- C:\Windows\System\pjBOXPe.exe
  C:\Windows\System\pjBOXPe.exe
  2⤵
  PID:5176
- C:\Windows\System\wCXqPrm.exe
  C:\Windows\System\wCXqPrm.exe
  2⤵
  PID:5268
- C:\Windows\System\naafqXU.exe
  C:\Windows\System\naafqXU.exe
  2⤵
  PID:3036
- C:\Windows\System\vKokpnf.exe
  C:\Windows\System\vKokpnf.exe
  2⤵
  PID:5356
- C:\Windows\System\uRGwgdy.exe
  C:\Windows\System\uRGwgdy.exe
  2⤵
  PID:5476
- C:\Windows\System\sYLpDqw.exe
  C:\Windows\System\sYLpDqw.exe
  2⤵
  PID:2592
- C:\Windows\System\jjxFYek.exe
  C:\Windows\System\jjxFYek.exe
  2⤵
  PID:1328
- C:\Windows\System\caXdgdp.exe
  C:\Windows\System\caXdgdp.exe
  2⤵
  PID:5868
- C:\Windows\System\IZxJRDQ.exe
  C:\Windows\System\IZxJRDQ.exe
  2⤵
  PID:5912
- C:\Windows\System\CuxxWLp.exe
  C:\Windows\System\CuxxWLp.exe
  2⤵
  PID:6128
- C:\Windows\System\VBWbrCX.exe
  C:\Windows\System\VBWbrCX.exe
  2⤵
  PID:496
- C:\Windows\System\cGGHVSk.exe
  C:\Windows\System\cGGHVSk.exe
  2⤵
  PID:352
- C:\Windows\System\dqasNrO.exe
  C:\Windows\System\dqasNrO.exe
  2⤵
  PID:628
- C:\Windows\System\TYrzdyv.exe
  C:\Windows\System\TYrzdyv.exe
  2⤵
  PID:1920
- C:\Windows\System\cvShxBw.exe
  C:\Windows\System\cvShxBw.exe
  2⤵
  PID:5316
- C:\Windows\System\ieltzgz.exe
  C:\Windows\System\ieltzgz.exe
  2⤵
  PID:5808
- C:\Windows\System\vNWKbqa.exe
  C:\Windows\System\vNWKbqa.exe
  2⤵
  PID:2864
- C:\Windows\System\NJtVrBu.exe
  C:\Windows\System\NJtVrBu.exe
  2⤵
  PID:5508
- C:\Windows\System\yJUHaRl.exe
  C:\Windows\System\yJUHaRl.exe
  2⤵
  PID:5936
- C:\Windows\System\UXYKsYM.exe
  C:\Windows\System\UXYKsYM.exe
  2⤵
  PID:4204
- C:\Windows\System\YLfvfaE.exe
  C:\Windows\System\YLfvfaE.exe
  2⤵
  PID:2804
- C:\Windows\System\gndDGBb.exe
  C:\Windows\System\gndDGBb.exe
  2⤵
  PID:5756
- C:\Windows\System\NvCOKbb.exe
  C:\Windows\System\NvCOKbb.exe
  2⤵
  PID:5276
- C:\Windows\System\DuAFimS.exe
  C:\Windows\System\DuAFimS.exe
  2⤵
  PID:4604
- C:\Windows\System\IbouCFi.exe
  C:\Windows\System\IbouCFi.exe
  2⤵
  PID:5656
- C:\Windows\System\tjsDbWw.exe
  C:\Windows\System\tjsDbWw.exe
  2⤵
  PID:6152
- C:\Windows\System\jACsyJS.exe
  C:\Windows\System\jACsyJS.exe
  2⤵
  PID:6172
- C:\Windows\System\qKQaaBo.exe
  C:\Windows\System\qKQaaBo.exe
  2⤵
  PID:6196
- C:\Windows\System\iGgrZUl.exe
  C:\Windows\System\iGgrZUl.exe
  2⤵
  PID:6228
- C:\Windows\System\bcwdgpO.exe
  C:\Windows\System\bcwdgpO.exe
  2⤵
  PID:6248
- C:\Windows\System\VoXaDnk.exe
  C:\Windows\System\VoXaDnk.exe
  2⤵
  PID:6264
- C:\Windows\System\ojcJlVV.exe
  C:\Windows\System\ojcJlVV.exe
  2⤵
  PID:6288
- C:\Windows\System\xYYBWHT.exe
  C:\Windows\System\xYYBWHT.exe
  2⤵
  PID:6308
- C:\Windows\System\zJeIKBe.exe
  C:\Windows\System\zJeIKBe.exe
  2⤵
  PID:6324
- C:\Windows\System\aBqCAcL.exe
  C:\Windows\System\aBqCAcL.exe
  2⤵
  PID:6340
- C:\Windows\System\dCTlEjM.exe
  C:\Windows\System\dCTlEjM.exe
  2⤵
  PID:6360
- C:\Windows\System\XvcYqLQ.exe
  C:\Windows\System\XvcYqLQ.exe
  2⤵
  PID:6376
- C:\Windows\System\WohzXcR.exe
  C:\Windows\System\WohzXcR.exe
  2⤵
  PID:6408
- C:\Windows\System\UoaoHfv.exe
  C:\Windows\System\UoaoHfv.exe
  2⤵
  PID:6428
- C:\Windows\System\FNjyXAI.exe
  C:\Windows\System\FNjyXAI.exe
  2⤵
  PID:6444
- C:\Windows\System\OwJIcJN.exe
  C:\Windows\System\OwJIcJN.exe
  2⤵
  PID:6472
- C:\Windows\System\rFJhPfT.exe
  C:\Windows\System\rFJhPfT.exe
  2⤵
  PID:6488
- C:\Windows\System\mirKNtC.exe
  C:\Windows\System\mirKNtC.exe
  2⤵
  PID:6504
- C:\Windows\System\cimIDqX.exe
  C:\Windows\System\cimIDqX.exe
  2⤵
  PID:6532
- C:\Windows\System\SSEkdhE.exe
  C:\Windows\System\SSEkdhE.exe
  2⤵
  PID:6548
- C:\Windows\System\odsLIbm.exe
  C:\Windows\System\odsLIbm.exe
  2⤵
  PID:6564
- C:\Windows\System\TRsmwBr.exe
  C:\Windows\System\TRsmwBr.exe
  2⤵
  PID:6580
- C:\Windows\System\hsUVrUa.exe
  C:\Windows\System\hsUVrUa.exe
  2⤵
  PID:6604
- C:\Windows\System\jgRBMLj.exe
  C:\Windows\System\jgRBMLj.exe
  2⤵
  PID:6624
- C:\Windows\System\MCntFOi.exe
  C:\Windows\System\MCntFOi.exe
  2⤵
  PID:6640
- C:\Windows\System\QXDXOOM.exe
  C:\Windows\System\QXDXOOM.exe
  2⤵
  PID:6656
- C:\Windows\System\LMGnYuE.exe
  C:\Windows\System\LMGnYuE.exe
  2⤵
  PID:6672
- C:\Windows\System\lyQTayV.exe
  C:\Windows\System\lyQTayV.exe
  2⤵
  PID:6692
- C:\Windows\System\fFImJXO.exe
  C:\Windows\System\fFImJXO.exe
  2⤵
  PID:6712
- C:\Windows\System\SNuajri.exe
  C:\Windows\System\SNuajri.exe
  2⤵
  PID:6728
- C:\Windows\System\pgvmgyF.exe
  C:\Windows\System\pgvmgyF.exe
  2⤵
  PID:6768
- C:\Windows\System\DjehflM.exe
  C:\Windows\System\DjehflM.exe
  2⤵
  PID:6788
- C:\Windows\System\fCYKHnW.exe
  C:\Windows\System\fCYKHnW.exe
  2⤵
  PID:6804
- C:\Windows\System\YDjLlrh.exe
  C:\Windows\System\YDjLlrh.exe
  2⤵
  PID:6820
- C:\Windows\System\khlgdOB.exe
  C:\Windows\System\khlgdOB.exe
  2⤵
  PID:6836
- C:\Windows\System\mscGOhV.exe
  C:\Windows\System\mscGOhV.exe
  2⤵
  PID:6852
- C:\Windows\System\CEhCBqh.exe
  C:\Windows\System\CEhCBqh.exe
  2⤵
  PID:6872
- C:\Windows\System\bUKVRvm.exe
  C:\Windows\System\bUKVRvm.exe
  2⤵
  PID:6892
- C:\Windows\System\JTFheuV.exe
  C:\Windows\System\JTFheuV.exe
  2⤵
  PID:6908
- C:\Windows\System\DzSagSj.exe
  C:\Windows\System\DzSagSj.exe
  2⤵
  PID:6924
- C:\Windows\System\UxhPwdv.exe
  C:\Windows\System\UxhPwdv.exe
  2⤵
  PID:6940
- C:\Windows\System\wyWIWBv.exe
  C:\Windows\System\wyWIWBv.exe
  2⤵
  PID:6960
- C:\Windows\System\ZdPEevh.exe
  C:\Windows\System\ZdPEevh.exe
  2⤵
  PID:6984
- C:\Windows\System\KqTkqzz.exe
  C:\Windows\System\KqTkqzz.exe
  2⤵
  PID:7028
- C:\Windows\System\iBSHtXS.exe
  C:\Windows\System\iBSHtXS.exe
  2⤵
  PID:7044
- C:\Windows\System\oVrncGz.exe
  C:\Windows\System\oVrncGz.exe
  2⤵
  PID:7068
- C:\Windows\System\feZCdcW.exe
  C:\Windows\System\feZCdcW.exe
  2⤵
  PID:7084
- C:\Windows\System\lwQxImM.exe
  C:\Windows\System\lwQxImM.exe
  2⤵
  PID:7100
- C:\Windows\System\cNOJMqv.exe
  C:\Windows\System\cNOJMqv.exe
  2⤵
  PID:7116
- C:\Windows\System\HDRZLva.exe
  C:\Windows\System\HDRZLva.exe
  2⤵
  PID:7136
- C:\Windows\System\OccKxCi.exe
  C:\Windows\System\OccKxCi.exe
  2⤵
  PID:7156
- C:\Windows\System\MFGAfoW.exe
  C:\Windows\System\MFGAfoW.exe
  2⤵
  PID:1396
- C:\Windows\System\rZauPFZ.exe
  C:\Windows\System\rZauPFZ.exe
  2⤵
  PID:1960
- C:\Windows\System\mkXsEFY.exe
  C:\Windows\System\mkXsEFY.exe
  2⤵
  PID:6132
- C:\Windows\System\rrtcQpn.exe
  C:\Windows\System\rrtcQpn.exe
  2⤵
  PID:5992
- C:\Windows\System\yKibyTb.exe
  C:\Windows\System\yKibyTb.exe
  2⤵
  PID:6280
- C:\Windows\System\ABUwkCp.exe
  C:\Windows\System\ABUwkCp.exe
  2⤵
  PID:6240
- C:\Windows\System\PpxEwKe.exe
  C:\Windows\System\PpxEwKe.exe
  2⤵
  PID:6256
- C:\Windows\System\wbaUJkq.exe
  C:\Windows\System\wbaUJkq.exe
  2⤵
  PID:6320
- C:\Windows\System\bjzSnWU.exe
  C:\Windows\System\bjzSnWU.exe
  2⤵
  PID:6384
- C:\Windows\System\ZeQBEPq.exe
  C:\Windows\System\ZeQBEPq.exe
  2⤵
  PID:6400
- C:\Windows\System\ZaARmvj.exe
  C:\Windows\System\ZaARmvj.exe
  2⤵
  PID:6416
- C:\Windows\System\GgTwDOh.exe
  C:\Windows\System\GgTwDOh.exe
  2⤵
  PID:6440
- C:\Windows\System\pGkSVaD.exe
  C:\Windows\System\pGkSVaD.exe
  2⤵
  PID:6460
- C:\Windows\System\scXVeGI.exe
  C:\Windows\System\scXVeGI.exe
  2⤵
  PID:6480
- C:\Windows\System\yvvTPZX.exe
  C:\Windows\System\yvvTPZX.exe
  2⤵
  PID:6524
- C:\Windows\System\OEYewAI.exe
  C:\Windows\System\OEYewAI.exe
  2⤵
  PID:6556
- C:\Windows\System\SfuNEhb.exe
  C:\Windows\System\SfuNEhb.exe
  2⤵
  PID:6600
- C:\Windows\System\ntwXHKi.exe
  C:\Windows\System\ntwXHKi.exe
  2⤵
  PID:6572
- C:\Windows\System\jolIAQz.exe
  C:\Windows\System\jolIAQz.exe
  2⤵
  PID:6740
- C:\Windows\System\AUVBeqS.exe
  C:\Windows\System\AUVBeqS.exe
  2⤵
  PID:6648
- C:\Windows\System\wDENRZc.exe
  C:\Windows\System\wDENRZc.exe
  2⤵
  PID:6688
- C:\Windows\System\voAfdPF.exe
  C:\Windows\System\voAfdPF.exe
  2⤵
  PID:6760
- C:\Windows\System\KWCccEk.exe
  C:\Windows\System\KWCccEk.exe
  2⤵
  PID:6800
- C:\Windows\System\pKbjoFo.exe
  C:\Windows\System\pKbjoFo.exe
  2⤵
  PID:6864
- C:\Windows\System\BVNgiFu.exe
  C:\Windows\System\BVNgiFu.exe
  2⤵
  PID:6932
- C:\Windows\System\FAnBCOz.exe
  C:\Windows\System\FAnBCOz.exe
  2⤵
  PID:6980
- C:\Windows\System\mfgCdrm.exe
  C:\Windows\System\mfgCdrm.exe
  2⤵
  PID:6996
- C:\Windows\System\nXqNkyz.exe
  C:\Windows\System\nXqNkyz.exe
  2⤵
  PID:6844
- C:\Windows\System\iFAiCaW.exe
  C:\Windows\System\iFAiCaW.exe
  2⤵
  PID:6884
- C:\Windows\System\obMHddz.exe
  C:\Windows\System\obMHddz.exe
  2⤵
  PID:6948
- C:\Windows\System\AXdkGeo.exe
  C:\Windows\System\AXdkGeo.exe
  2⤵
  PID:1572
- C:\Windows\System\bXKnlrp.exe
  C:\Windows\System\bXKnlrp.exe
  2⤵
  PID:7008
- C:\Windows\System\gvCznUv.exe
  C:\Windows\System\gvCznUv.exe
  2⤵
  PID:7092
- C:\Windows\System\OLwAJgK.exe
  C:\Windows\System\OLwAJgK.exe
  2⤵
  PID:7132
- C:\Windows\System\ARuINhb.exe
  C:\Windows\System\ARuINhb.exe
  2⤵
  PID:5568
- C:\Windows\System\bhUNTii.exe
  C:\Windows\System\bhUNTii.exe
  2⤵
  PID:6180
- C:\Windows\System\KgcZVZE.exe
  C:\Windows\System\KgcZVZE.exe
  2⤵
  PID:5976
- C:\Windows\System\kCuZhgu.exe
  C:\Windows\System\kCuZhgu.exe
  2⤵
  PID:6244
- C:\Windows\System\jMlVzQP.exe
  C:\Windows\System\jMlVzQP.exe
  2⤵
  PID:6284
- C:\Windows\System\OmtPfZk.exe
  C:\Windows\System\OmtPfZk.exe
  2⤵
  PID:6220
- C:\Windows\System\lmQDBCW.exe
  C:\Windows\System\lmQDBCW.exe
  2⤵
  PID:6392
- C:\Windows\System\RbynoSt.exe
  C:\Windows\System\RbynoSt.exe
  2⤵
  PID:6356
- C:\Windows\System\MlJmqbm.exe
  C:\Windows\System\MlJmqbm.exe
  2⤵
  PID:6496
- C:\Windows\System\fVwIiVO.exe
  C:\Windows\System\fVwIiVO.exe
  2⤵
  PID:6544
- C:\Windows\System\SHjyCAT.exe
  C:\Windows\System\SHjyCAT.exe
  2⤵
  PID:6352
- C:\Windows\System\JVlQGGt.exe
  C:\Windows\System\JVlQGGt.exe
  2⤵
  PID:6588
- C:\Windows\System\XYvZYDi.exe
  C:\Windows\System\XYvZYDi.exe
  2⤵
  PID:6632
- C:\Windows\System\YHYUQJR.exe
  C:\Windows\System\YHYUQJR.exe
  2⤵
  PID:6704
- C:\Windows\System\lHMCaFS.exe
  C:\Windows\System\lHMCaFS.exe
  2⤵
  PID:6748
- C:\Windows\System\gqeOfhD.exe
  C:\Windows\System\gqeOfhD.exe
  2⤵
  PID:7016
- C:\Windows\System\FqKuGSk.exe
  C:\Windows\System\FqKuGSk.exe
  2⤵
  PID:6724
- C:\Windows\System\PdKOZwv.exe
  C:\Windows\System\PdKOZwv.exe
  2⤵
  PID:6972
- C:\Windows\System\CtlNNxF.exe
  C:\Windows\System\CtlNNxF.exe
  2⤵
  PID:6916
- C:\Windows\System\iInqGUP.exe
  C:\Windows\System\iInqGUP.exe
  2⤵
  PID:6992
- C:\Windows\System\iVzLFTR.exe
  C:\Windows\System\iVzLFTR.exe
  2⤵
  PID:6796
- C:\Windows\System\ICngGPw.exe
  C:\Windows\System\ICngGPw.exe
  2⤵
  PID:6680
- C:\Windows\System\aUwdBDR.exe
  C:\Windows\System\aUwdBDR.exe
  2⤵
  PID:6684
- C:\Windows\System\VoHdeJI.exe
  C:\Windows\System\VoHdeJI.exe
  2⤵
  PID:4676
- C:\Windows\System\ncUilkm.exe
  C:\Windows\System\ncUilkm.exe
  2⤵
  PID:5592
- C:\Windows\System\sPCsKKT.exe
  C:\Windows\System\sPCsKKT.exe
  2⤵
  PID:6184
- C:\Windows\System\busvhmy.exe
  C:\Windows\System\busvhmy.exe
  2⤵
  PID:6396
- C:\Windows\System\UVnjrwm.exe
  C:\Windows\System\UVnjrwm.exe
  2⤵
  PID:6612
- C:\Windows\System\pzyqdAc.exe
  C:\Windows\System\pzyqdAc.exe
  2⤵
  PID:7000
- C:\Windows\System\pbjVvrP.exe
  C:\Windows\System\pbjVvrP.exe
  2⤵
  PID:6216
- C:\Windows\System\achZeKb.exe
  C:\Windows\System\achZeKb.exe
  2⤵
  PID:6212
- C:\Windows\System\PITYckf.exe
  C:\Windows\System\PITYckf.exe
  2⤵
  PID:6436
- C:\Windows\System\emKwNsr.exe
  C:\Windows\System\emKwNsr.exe
  2⤵
  PID:6880
- C:\Windows\System\rkNMWIo.exe
  C:\Windows\System\rkNMWIo.exe
  2⤵
  PID:6512
- C:\Windows\System\XhHzwBz.exe
  C:\Windows\System\XhHzwBz.exe
  2⤵
  PID:6776
- C:\Windows\System\FpPUaea.exe
  C:\Windows\System\FpPUaea.exe
  2⤵
  PID:6816
- C:\Windows\System\RfrjvuW.exe
  C:\Windows\System\RfrjvuW.exe
  2⤵
  PID:6148
- C:\Windows\System\ttuGvUU.exe
  C:\Windows\System\ttuGvUU.exe
  2⤵
  PID:5252
- C:\Windows\System\cEXKQnu.exe
  C:\Windows\System\cEXKQnu.exe
  2⤵
  PID:5696
- C:\Windows\System\kAGVpql.exe
  C:\Windows\System\kAGVpql.exe
  2⤵
  PID:6452
- C:\Windows\System\DOnZrkk.exe
  C:\Windows\System\DOnZrkk.exe
  2⤵
  PID:6596
- C:\Windows\System\IbWElwN.exe
  C:\Windows\System\IbWElwN.exe
  2⤵
  PID:7128
- C:\Windows\System\fjKQTEE.exe
  C:\Windows\System\fjKQTEE.exe
  2⤵
  PID:7036
- C:\Windows\System\FBmZZzp.exe
  C:\Windows\System\FBmZZzp.exe
  2⤵
  PID:6424
- C:\Windows\System\CrjRvZk.exe
  C:\Windows\System\CrjRvZk.exe
  2⤵
  PID:2884
- C:\Windows\System\qUWZpUx.exe
  C:\Windows\System\qUWZpUx.exe
  2⤵
  PID:6468
- C:\Windows\System\MsjFMgv.exe
  C:\Windows\System\MsjFMgv.exe
  2⤵
  PID:6904
- C:\Windows\System\XYPtoXq.exe
  C:\Windows\System\XYPtoXq.exe
  2⤵
  PID:7172
- C:\Windows\System\AgbOirc.exe
  C:\Windows\System\AgbOirc.exe
  2⤵
  PID:7188
- C:\Windows\System\AemrIEd.exe
  C:\Windows\System\AemrIEd.exe
  2⤵
  PID:7208
- C:\Windows\System\bMZvrsR.exe
  C:\Windows\System\bMZvrsR.exe
  2⤵
  PID:7228
- C:\Windows\System\bTZyVAh.exe
  C:\Windows\System\bTZyVAh.exe
  2⤵
  PID:7244
- C:\Windows\System\xWcBqcg.exe
  C:\Windows\System\xWcBqcg.exe
  2⤵
  PID:7264
- C:\Windows\System\eIscQXU.exe
  C:\Windows\System\eIscQXU.exe
  2⤵
  PID:7280
- C:\Windows\System\FiOqTaJ.exe
  C:\Windows\System\FiOqTaJ.exe
  2⤵
  PID:7296
- C:\Windows\System\oOLbRcc.exe
  C:\Windows\System\oOLbRcc.exe
  2⤵
  PID:7316
- C:\Windows\System\WhJKYOD.exe
  C:\Windows\System\WhJKYOD.exe
  2⤵
  PID:7332
- C:\Windows\System\TCMyprL.exe
  C:\Windows\System\TCMyprL.exe
  2⤵
  PID:7364
- C:\Windows\System\OIpqGAa.exe
  C:\Windows\System\OIpqGAa.exe
  2⤵
  PID:7396
- C:\Windows\System\YcDjQSJ.exe
  C:\Windows\System\YcDjQSJ.exe
  2⤵
  PID:7416
- C:\Windows\System\rmgZRPO.exe
  C:\Windows\System\rmgZRPO.exe
  2⤵
  PID:7432
- C:\Windows\System\CBgRRLe.exe
  C:\Windows\System\CBgRRLe.exe
  2⤵
  PID:7448
- C:\Windows\System\JYfWDCf.exe
  C:\Windows\System\JYfWDCf.exe
  2⤵
  PID:7468
- C:\Windows\System\wwyDVpV.exe
  C:\Windows\System\wwyDVpV.exe
  2⤵
  PID:7488
- C:\Windows\System\cVTadeI.exe
  C:\Windows\System\cVTadeI.exe
  2⤵
  PID:7504
- C:\Windows\System\UtkSXOE.exe
  C:\Windows\System\UtkSXOE.exe
  2⤵
  PID:7536
- C:\Windows\System\HREMkPv.exe
  C:\Windows\System\HREMkPv.exe
  2⤵
  PID:7552
- C:\Windows\System\ryRmRIU.exe
  C:\Windows\System\ryRmRIU.exe
  2⤵
  PID:7568
- C:\Windows\System\vjEiifN.exe
  C:\Windows\System\vjEiifN.exe
  2⤵
  PID:7600
- C:\Windows\System\JlhpRfo.exe
  C:\Windows\System\JlhpRfo.exe
  2⤵
  PID:7616
- C:\Windows\System\nDnEMwc.exe
  C:\Windows\System\nDnEMwc.exe
  2⤵
  PID:7632
- C:\Windows\System\vASDuQP.exe
  C:\Windows\System\vASDuQP.exe
  2⤵
  PID:7652
- C:\Windows\System\ohvLhNE.exe
  C:\Windows\System\ohvLhNE.exe
  2⤵
  PID:7668
- C:\Windows\System\NmVqhjR.exe
  C:\Windows\System\NmVqhjR.exe
  2⤵
  PID:7684
- C:\Windows\System\ndemvkR.exe
  C:\Windows\System\ndemvkR.exe
  2⤵
  PID:7704
- C:\Windows\System\KgCSizJ.exe
  C:\Windows\System\KgCSizJ.exe
  2⤵
  PID:7724
- C:\Windows\System\vENidjz.exe
  C:\Windows\System\vENidjz.exe
  2⤵
  PID:7744
- C:\Windows\System\wWpHyYW.exe
  C:\Windows\System\wWpHyYW.exe
  2⤵
  PID:7760
- C:\Windows\System\qLjYHfR.exe
  C:\Windows\System\qLjYHfR.exe
  2⤵
  PID:7776
- C:\Windows\System\bmBlzMs.exe
  C:\Windows\System\bmBlzMs.exe
  2⤵
  PID:7792
- C:\Windows\System\NQOrUsv.exe
  C:\Windows\System\NQOrUsv.exe
  2⤵
  PID:7844
- C:\Windows\System\EXjQmDz.exe
  C:\Windows\System\EXjQmDz.exe
  2⤵
  PID:7860
- C:\Windows\System\mVdPQQl.exe
  C:\Windows\System\mVdPQQl.exe
  2⤵
  PID:7876
- C:\Windows\System\eTQusqI.exe
  C:\Windows\System\eTQusqI.exe
  2⤵
  PID:7896
- C:\Windows\System\sCeinKI.exe
  C:\Windows\System\sCeinKI.exe
  2⤵
  PID:7912
- C:\Windows\System\zQRWxzR.exe
  C:\Windows\System\zQRWxzR.exe
  2⤵
  PID:7928
- C:\Windows\System\gdIboIl.exe
  C:\Windows\System\gdIboIl.exe
  2⤵
  PID:7948
- C:\Windows\System\lRReeTB.exe
  C:\Windows\System\lRReeTB.exe
  2⤵
  PID:7968
- C:\Windows\System\kXJCmkU.exe
  C:\Windows\System\kXJCmkU.exe
  2⤵
  PID:7984
- C:\Windows\System\MECznVn.exe
  C:\Windows\System\MECznVn.exe
  2⤵
  PID:8004
- C:\Windows\System\KaqNxpF.exe
  C:\Windows\System\KaqNxpF.exe
  2⤵
  PID:8020
- C:\Windows\System\kIkpqLO.exe
  C:\Windows\System\kIkpqLO.exe
  2⤵
  PID:8036
- C:\Windows\System\UpcDaBi.exe
  C:\Windows\System\UpcDaBi.exe
  2⤵
  PID:8056
- C:\Windows\System\tVwnZLx.exe
  C:\Windows\System\tVwnZLx.exe
  2⤵
  PID:8072
- C:\Windows\System\qXQnlDG.exe
  C:\Windows\System\qXQnlDG.exe
  2⤵
  PID:8088
- C:\Windows\System\ZmlFnzA.exe
  C:\Windows\System\ZmlFnzA.exe
  2⤵
  PID:8112
- C:\Windows\System\BwqqOIy.exe
  C:\Windows\System\BwqqOIy.exe
  2⤵
  PID:8164
- C:\Windows\System\iRNipBb.exe
  C:\Windows\System\iRNipBb.exe
  2⤵
  PID:8180
- C:\Windows\System\UKKWlvm.exe
  C:\Windows\System\UKKWlvm.exe
  2⤵
  PID:7144
- C:\Windows\System\udldhfQ.exe
  C:\Windows\System\udldhfQ.exe
  2⤵
  PID:7200
- C:\Windows\System\XfwtWiO.exe
  C:\Windows\System\XfwtWiO.exe
  2⤵
  PID:7272
- C:\Windows\System\KJfGlsS.exe
  C:\Windows\System\KJfGlsS.exe
  2⤵
  PID:7216
- C:\Windows\System\nkCDNKp.exe
  C:\Windows\System\nkCDNKp.exe
  2⤵
  PID:7348
- C:\Windows\System\jEIpAhD.exe
  C:\Windows\System\jEIpAhD.exe
  2⤵
  PID:7352
- C:\Windows\System\kGdzscj.exe
  C:\Windows\System\kGdzscj.exe
  2⤵
  PID:7328
- C:\Windows\System\hBICQQX.exe
  C:\Windows\System\hBICQQX.exe
  2⤵
  PID:7404
- C:\Windows\System\OSZyjFg.exe
  C:\Windows\System\OSZyjFg.exe
  2⤵
  PID:7476
- C:\Windows\System\kTQKFzI.exe
  C:\Windows\System\kTQKFzI.exe
  2⤵
  PID:7460
- C:\Windows\System\iaPGCZB.exe
  C:\Windows\System\iaPGCZB.exe
  2⤵
  PID:7496
- C:\Windows\System\ybJwAPk.exe
  C:\Windows\System\ybJwAPk.exe
  2⤵
  PID:7524
- C:\Windows\System\YeUBluM.exe
  C:\Windows\System\YeUBluM.exe
  2⤵
  PID:7560
- C:\Windows\System\dNzewIJ.exe
  C:\Windows\System\dNzewIJ.exe
  2⤵
  PID:7596
- C:\Windows\System\AsomYoW.exe
  C:\Windows\System\AsomYoW.exe
  2⤵
  PID:7592
- C:\Windows\System\aMLJLpB.exe
  C:\Windows\System\aMLJLpB.exe
  2⤵
  PID:7648
- C:\Windows\System\bERRnDW.exe
  C:\Windows\System\bERRnDW.exe
  2⤵
  PID:7720
- C:\Windows\System\syLTuPn.exe
  C:\Windows\System\syLTuPn.exe
  2⤵
  PID:7756
- C:\Windows\System\ekctrNg.exe
  C:\Windows\System\ekctrNg.exe
  2⤵
  PID:7800
- C:\Windows\System\jMakGBI.exe
  C:\Windows\System\jMakGBI.exe
  2⤵
  PID:7820
- C:\Windows\System\MceQgBl.exe
  C:\Windows\System\MceQgBl.exe
  2⤵
  PID:7660
- C:\Windows\System\smwbhhp.exe
  C:\Windows\System\smwbhhp.exe
  2⤵
  PID:7836
- C:\Windows\System\tEmXHHJ.exe
  C:\Windows\System\tEmXHHJ.exe
  2⤵
  PID:7884
- C:\Windows\System\OQjzzVi.exe
  C:\Windows\System\OQjzzVi.exe
  2⤵
  PID:7924
- C:\Windows\System\PRIdmeK.exe
  C:\Windows\System\PRIdmeK.exe
  2⤵
  PID:8012
- C:\Windows\System\ftaADMA.exe
  C:\Windows\System\ftaADMA.exe
  2⤵
  PID:8044
- C:\Windows\System\WweQjtk.exe
  C:\Windows\System\WweQjtk.exe
  2⤵
  PID:8000
- C:\Windows\System\iqkaLMj.exe
  C:\Windows\System\iqkaLMj.exe
  2⤵
  PID:8068
- C:\Windows\System\omkCaqQ.exe
  C:\Windows\System\omkCaqQ.exe
  2⤵
  PID:8108
- C:\Windows\System\kyZGoGY.exe
  C:\Windows\System\kyZGoGY.exe
  2⤵
  PID:7868
- C:\Windows\System\WdFjmOm.exe
  C:\Windows\System\WdFjmOm.exe
  2⤵
  PID:7908
- C:\Windows\System\ASssEts.exe
  C:\Windows\System\ASssEts.exe
  2⤵
  PID:8124
- C:\Windows\System\AlNLmVP.exe
  C:\Windows\System\AlNLmVP.exe
  2⤵
  PID:8176
- C:\Windows\System\BazkdOr.exe
  C:\Windows\System\BazkdOr.exe
  2⤵
  PID:7308
- C:\Windows\System\UEmizlX.exe
  C:\Windows\System\UEmizlX.exe
  2⤵
  PID:7236
- C:\Windows\System\NukPCRX.exe
  C:\Windows\System\NukPCRX.exe
  2⤵
  PID:7240
- C:\Windows\System\AcamnlU.exe
  C:\Windows\System\AcamnlU.exe
  2⤵
  PID:8156
- C:\Windows\System\WXsvXrJ.exe
  C:\Windows\System\WXsvXrJ.exe
  2⤵
  PID:6968
- C:\Windows\System\qBFpwKs.exe
  C:\Windows\System\qBFpwKs.exe
  2⤵
  PID:7288
- C:\Windows\System\tuFekGa.exe
  C:\Windows\System\tuFekGa.exe
  2⤵
  PID:7360
- C:\Windows\System\ouutvEM.exe
  C:\Windows\System\ouutvEM.exe
  2⤵
  PID:7392
- C:\Windows\System\lQeBjdy.exe
  C:\Windows\System\lQeBjdy.exe
  2⤵
  PID:7576
- C:\Windows\System\bShDNHL.exe
  C:\Windows\System\bShDNHL.exe
  2⤵
  PID:7644
- C:\Windows\System\dzfJGAN.exe
  C:\Windows\System\dzfJGAN.exe
  2⤵
  PID:7516
- C:\Windows\System\ayyHsIZ.exe
  C:\Windows\System\ayyHsIZ.exe
  2⤵
  PID:7548
- C:\Windows\System\bkawuDh.exe
  C:\Windows\System\bkawuDh.exe
  2⤵
  PID:7752
- C:\Windows\System\cqNZuZA.exe
  C:\Windows\System\cqNZuZA.exe
  2⤵
  PID:7696
- C:\Windows\System\DpLDPBk.exe
  C:\Windows\System\DpLDPBk.exe
  2⤵
  PID:7692
- C:\Windows\System\ykjtpTi.exe
  C:\Windows\System\ykjtpTi.exe
  2⤵
  PID:7832
- C:\Windows\System\FuVoHSW.exe
  C:\Windows\System\FuVoHSW.exe
  2⤵
  PID:7964
- C:\Windows\System\PJbbPtN.exe
  C:\Windows\System\PJbbPtN.exe
  2⤵
  PID:7980
- C:\Windows\System\PtAomUP.exe
  C:\Windows\System\PtAomUP.exe
  2⤵
  PID:7736
- C:\Windows\System\YjceMYa.exe
  C:\Windows\System\YjceMYa.exe
  2⤵
  PID:7856
- C:\Windows\System\VluiwMi.exe
  C:\Windows\System\VluiwMi.exe
  2⤵
  PID:7996
- C:\Windows\System\YmePICP.exe
  C:\Windows\System\YmePICP.exe
  2⤵
  PID:7936
- C:\Windows\System\voyHxzQ.exe
  C:\Windows\System\voyHxzQ.exe
  2⤵
  PID:7344
- C:\Windows\System\lMtaolH.exe
  C:\Windows\System\lMtaolH.exe
  2⤵
  PID:7252
- C:\Windows\System\NPQNNoU.exe
  C:\Windows\System\NPQNNoU.exe
  2⤵
  PID:8132
- C:\Windows\System\oGcWxyj.exe
  C:\Windows\System\oGcWxyj.exe
  2⤵
  PID:7424
- C:\Windows\System\xZnXxgp.exe
  C:\Windows\System\xZnXxgp.exe
  2⤵
  PID:7380
- C:\Windows\System\EvXuSCq.exe
  C:\Windows\System\EvXuSCq.exe
  2⤵
  PID:7716
- C:\Windows\System\OVJyYmp.exe
  C:\Windows\System\OVJyYmp.exe
  2⤵
  PID:7768
- C:\Windows\System\TXpUnfM.exe
  C:\Windows\System\TXpUnfM.exe
  2⤵
  PID:7532
- C:\Windows\System\DGwwgkA.exe
  C:\Windows\System\DGwwgkA.exe
  2⤵
  PID:7940
- C:\Windows\System\NhyQYtG.exe
  C:\Windows\System\NhyQYtG.exe
  2⤵
  PID:7628
- C:\Windows\System\wZTMoCw.exe
  C:\Windows\System\wZTMoCw.exe
  2⤵
  PID:8172
- C:\Windows\System\uOiHLbu.exe
  C:\Windows\System\uOiHLbu.exe
  2⤵
  PID:7428
- C:\Windows\System\MAOytdA.exe
  C:\Windows\System\MAOytdA.exe
  2⤵
  PID:8064
- C:\Windows\System\CpVeLEC.exe
  C:\Windows\System\CpVeLEC.exe
  2⤵
  PID:7544
- C:\Windows\System\yOZouQl.exe
  C:\Windows\System\yOZouQl.exe
  2⤵
  PID:7788
- C:\Windows\System\kGONSBz.exe
  C:\Windows\System\kGONSBz.exe
  2⤵
  PID:8200
- C:\Windows\System\wgGAYnH.exe
  C:\Windows\System\wgGAYnH.exe
  2⤵
  PID:8216
- C:\Windows\System\JQOjPDY.exe
  C:\Windows\System\JQOjPDY.exe
  2⤵
  PID:8232
- C:\Windows\System\DcDsmRQ.exe
  C:\Windows\System\DcDsmRQ.exe
  2⤵
  PID:8248
- C:\Windows\System\fHuqnOt.exe
  C:\Windows\System\fHuqnOt.exe
  2⤵
  PID:8264
- C:\Windows\System\QrqqJfk.exe
  C:\Windows\System\QrqqJfk.exe
  2⤵
  PID:8280
- C:\Windows\System\cEhmCtX.exe
  C:\Windows\System\cEhmCtX.exe
  2⤵
  PID:8296
- C:\Windows\System\SgEWCqU.exe
  C:\Windows\System\SgEWCqU.exe
  2⤵
  PID:8312
- C:\Windows\System\mYprzzq.exe
  C:\Windows\System\mYprzzq.exe
  2⤵
  PID:8328
- C:\Windows\System\neTBOgn.exe
  C:\Windows\System\neTBOgn.exe
  2⤵
  PID:8344
- C:\Windows\System\UhRyiOO.exe
  C:\Windows\System\UhRyiOO.exe
  2⤵
  PID:8360
- C:\Windows\System\xZsRzEK.exe
  C:\Windows\System\xZsRzEK.exe
  2⤵
  PID:8380
- C:\Windows\System\jMWAPFc.exe
  C:\Windows\System\jMWAPFc.exe
  2⤵
  PID:8396
- C:\Windows\System\meXjrfT.exe
  C:\Windows\System\meXjrfT.exe
  2⤵
  PID:8476
- C:\Windows\System\GyWkWio.exe
  C:\Windows\System\GyWkWio.exe
  2⤵
  PID:8496
- C:\Windows\System\pBffRvq.exe
  C:\Windows\System\pBffRvq.exe
  2⤵
  PID:8516
- C:\Windows\System\KfiQrLV.exe
  C:\Windows\System\KfiQrLV.exe
  2⤵
  PID:8548
- C:\Windows\System\QbZmeyC.exe
  C:\Windows\System\QbZmeyC.exe
  2⤵
  PID:8564
- C:\Windows\System\UkdoXsK.exe
  C:\Windows\System\UkdoXsK.exe
  2⤵
  PID:8584
- C:\Windows\System\AbouPgR.exe
  C:\Windows\System\AbouPgR.exe
  2⤵
  PID:8600
- C:\Windows\System\OzYfgel.exe
  C:\Windows\System\OzYfgel.exe
  2⤵
  PID:8624
- C:\Windows\System\WpBPVkb.exe
  C:\Windows\System\WpBPVkb.exe
  2⤵
  PID:8648
- C:\Windows\System\aPJUDkw.exe
  C:\Windows\System\aPJUDkw.exe
  2⤵
  PID:8672
- C:\Windows\System\QLSgVTf.exe
  C:\Windows\System\QLSgVTf.exe
  2⤵
  PID:8700
- C:\Windows\System\vxpMAHX.exe
  C:\Windows\System\vxpMAHX.exe
  2⤵
  PID:8908
- C:\Windows\System\PbnDJpC.exe
  C:\Windows\System\PbnDJpC.exe
  2⤵
  PID:8928
- C:\Windows\System\Kvlluvu.exe
  C:\Windows\System\Kvlluvu.exe
  2⤵
  PID:8948
- C:\Windows\System\VzRzTHg.exe
  C:\Windows\System\VzRzTHg.exe
  2⤵
  PID:8964
- C:\Windows\System\JEIljgE.exe
  C:\Windows\System\JEIljgE.exe
  2⤵
  PID:8988
- C:\Windows\System\ZOHgFbL.exe
  C:\Windows\System\ZOHgFbL.exe
  2⤵
  PID:9004
- C:\Windows\System\UthpMTe.exe
  C:\Windows\System\UthpMTe.exe
  2⤵
  PID:9036
- C:\Windows\System\KYnFyuu.exe
  C:\Windows\System\KYnFyuu.exe
  2⤵
  PID:9056
- C:\Windows\System\HNegphR.exe
  C:\Windows\System\HNegphR.exe
  2⤵
  PID:9072
- C:\Windows\System\nvZvvrt.exe
  C:\Windows\System\nvZvvrt.exe
  2⤵
  PID:9088
- C:\Windows\System\RIbnOQN.exe
  C:\Windows\System\RIbnOQN.exe
  2⤵
  PID:9108
- C:\Windows\System\yrumknW.exe
  C:\Windows\System\yrumknW.exe
  2⤵
  PID:9124
- C:\Windows\System\IuGLXEE.exe
  C:\Windows\System\IuGLXEE.exe
  2⤵
  PID:9144
- C:\Windows\System\jXqSVUp.exe
  C:\Windows\System\jXqSVUp.exe
  2⤵
  PID:9176
- C:\Windows\System\VOdbFSK.exe
  C:\Windows\System\VOdbFSK.exe
  2⤵
  PID:9196
- C:\Windows\System\fsAtUXK.exe
  C:\Windows\System\fsAtUXK.exe
  2⤵
  PID:9212
- C:\Windows\System\uRjNhrf.exe
  C:\Windows\System\uRjNhrf.exe
  2⤵
  PID:8196
- C:\Windows\System\FnbnMBr.exe
  C:\Windows\System\FnbnMBr.exe
  2⤵
  PID:8260
- C:\Windows\System\jYXVZuO.exe
  C:\Windows\System\jYXVZuO.exe
  2⤵
  PID:8320
- C:\Windows\System\rxCiegv.exe
  C:\Windows\System\rxCiegv.exe
  2⤵
  PID:8336
- C:\Windows\System\eqBASTr.exe
  C:\Windows\System\eqBASTr.exe
  2⤵
  PID:7640
- C:\Windows\System\rAyleYk.exe
  C:\Windows\System\rAyleYk.exe
  2⤵
  PID:8212
- C:\Windows\System\bNUnULa.exe
  C:\Windows\System\bNUnULa.exe
  2⤵
  PID:7772
- C:\Windows\System\mSntpKa.exe
  C:\Windows\System\mSntpKa.exe
  2⤵
  PID:8376
- C:\Windows\System\TtGGmub.exe
  C:\Windows\System\TtGGmub.exe
  2⤵
  PID:8420
- C:\Windows\System\wZWEcPL.exe
  C:\Windows\System\wZWEcPL.exe
  2⤵
  PID:8512
- C:\Windows\System\RomyZNp.exe
  C:\Windows\System\RomyZNp.exe
  2⤵
  PID:8560
- C:\Windows\System\ObcteIA.exe
  C:\Windows\System\ObcteIA.exe
  2⤵
  PID:8468
- C:\Windows\System\YACVLQU.exe
  C:\Windows\System\YACVLQU.exe
  2⤵
  PID:8436
- C:\Windows\System\KzvPPBl.exe
  C:\Windows\System\KzvPPBl.exe
  2⤵
  PID:8464
- C:\Windows\System\tTtCmfF.exe
  C:\Windows\System\tTtCmfF.exe
  2⤵
  PID:8528
- C:\Windows\System\JHrppuS.exe
  C:\Windows\System\JHrppuS.exe
  2⤵
  PID:8544
- C:\Windows\System\DhTMOkf.exe
  C:\Windows\System\DhTMOkf.exe
  2⤵
  PID:8632
- C:\Windows\System\fPjATWu.exe
  C:\Windows\System\fPjATWu.exe
  2⤵
  PID:8620
- C:\Windows\System\LyURenc.exe
  C:\Windows\System\LyURenc.exe
  2⤵
  PID:8696
- C:\Windows\System\KihIDYO.exe
  C:\Windows\System\KihIDYO.exe
  2⤵
  PID:8724
- C:\Windows\System\WbVPuQF.exe
  C:\Windows\System\WbVPuQF.exe
  2⤵
  PID:8748
- C:\Windows\System\rhfAzVl.exe
  C:\Windows\System\rhfAzVl.exe
  2⤵
  PID:8764
- C:\Windows\System\CKMuGvY.exe
  C:\Windows\System\CKMuGvY.exe
  2⤵
  PID:8780
- C:\Windows\System\yaLmGDG.exe
  C:\Windows\System\yaLmGDG.exe
  2⤵
  PID:8800
- C:\Windows\System\PywhUdl.exe
  C:\Windows\System\PywhUdl.exe
  2⤵
  PID:8820
- C:\Windows\System\SjsjcDc.exe
  C:\Windows\System\SjsjcDc.exe
  2⤵
  PID:8844
- C:\Windows\System\xUdHBFQ.exe
  C:\Windows\System\xUdHBFQ.exe
  2⤵
  PID:8860
- C:\Windows\System\kSsLkhC.exe
  C:\Windows\System\kSsLkhC.exe
  2⤵
  PID:8876
- C:\Windows\System\YKGdGmt.exe
  C:\Windows\System\YKGdGmt.exe
  2⤵
  PID:8904
- C:\Windows\System\CiIuZvD.exe
  C:\Windows\System\CiIuZvD.exe
  2⤵
  PID:8944
- C:\Windows\System\SlthYzL.exe
  C:\Windows\System\SlthYzL.exe
  2⤵
  PID:9000
- C:\Windows\System\VZTJzjb.exe
  C:\Windows\System\VZTJzjb.exe
  2⤵
  PID:9032
- C:\Windows\System\UYJtSkX.exe
  C:\Windows\System\UYJtSkX.exe
  2⤵
  PID:9104
- C:\Windows\System\ScLOqBn.exe
  C:\Windows\System\ScLOqBn.exe
  2⤵
  PID:9116
- C:\Windows\System\plUyHJS.exe
  C:\Windows\System\plUyHJS.exe
  2⤵
  PID:9152
- C:\Windows\System\YZIgZTX.exe
  C:\Windows\System\YZIgZTX.exe
  2⤵
  PID:9164
- C:\Windows\System\tqFPlKj.exe
  C:\Windows\System\tqFPlKj.exe
  2⤵
  PID:9192
- C:\Windows\System\syRyeyy.exe
  C:\Windows\System\syRyeyy.exe
  2⤵
  PID:9208
- C:\Windows\System\fwmNVlY.exe
  C:\Windows\System\fwmNVlY.exe
  2⤵
  PID:7588
- C:\Windows\System\eqniTiy.exe
  C:\Windows\System\eqniTiy.exe
  2⤵
  PID:8308
- C:\Windows\System\TyTzUIm.exe
  C:\Windows\System\TyTzUIm.exe
  2⤵
  PID:7828
- C:\Windows\System\ZeSmppb.exe
  C:\Windows\System\ZeSmppb.exe
  2⤵
  PID:8372
- C:\Windows\System\aJKKAeS.exe
  C:\Windows\System\aJKKAeS.exe
  2⤵
  PID:8444
- C:\Windows\System\zsRigbI.exe
  C:\Windows\System\zsRigbI.exe
  2⤵
  PID:8536
- C:\Windows\System\zpttfES.exe
  C:\Windows\System\zpttfES.exe
  2⤵
  PID:8352
- C:\Windows\System\DzQCBxb.exe
  C:\Windows\System\DzQCBxb.exe
  2⤵
  PID:8440
- C:\Windows\System\vtlrkEB.exe
  C:\Windows\System\vtlrkEB.exe
  2⤵
  PID:8720
- C:\Windows\System\wplxRZS.exe
  C:\Windows\System\wplxRZS.exe
  2⤵
  PID:8428
- C:\Windows\System\faiabTF.exe
  C:\Windows\System\faiabTF.exe
  2⤵
  PID:8736
- C:\Windows\System\kFqnHHV.exe
  C:\Windows\System\kFqnHHV.exe
  2⤵
  PID:8592
- C:\Windows\System\QURhVON.exe
  C:\Windows\System\QURhVON.exe
  2⤵
  PID:8524
- C:\Windows\System\AvKLByS.exe
  C:\Windows\System\AvKLByS.exe
  2⤵
  PID:8832
- C:\Windows\System\LmRTOLh.exe
  C:\Windows\System\LmRTOLh.exe
  2⤵
  PID:8852
- C:\Windows\System\mAFVDKJ.exe
  C:\Windows\System\mAFVDKJ.exe
  2⤵
  PID:8920
- C:\Windows\System\yagNdcp.exe
  C:\Windows\System\yagNdcp.exe
  2⤵
  PID:9012
- C:\Windows\System\LjEvspz.exe
  C:\Windows\System\LjEvspz.exe
  2⤵
  PID:8980
- C:\Windows\System\nxTQhqM.exe
  C:\Windows\System\nxTQhqM.exe
  2⤵
  PID:9084
- C:\Windows\System\wAAdIHQ.exe
  C:\Windows\System\wAAdIHQ.exe
  2⤵
  PID:9136
- C:\Windows\System\ERXtnkP.exe
  C:\Windows\System\ERXtnkP.exe
  2⤵
  PID:9184
- C:\Windows\System\HrmHGOv.exe
  C:\Windows\System\HrmHGOv.exe
  2⤵
  PID:8392
- C:\Windows\System\KERSUAj.exe
  C:\Windows\System\KERSUAj.exe
  2⤵
  PID:8504
- C:\Windows\System\dZECGUU.exe
  C:\Windows\System\dZECGUU.exe
  2⤵
  PID:8640
- C:\Windows\System\muXwrDO.exe
  C:\Windows\System\muXwrDO.exe
  2⤵
  PID:8356
- C:\Windows\System\IKsyViu.exe
  C:\Windows\System\IKsyViu.exe
  2⤵
  PID:8408
- C:\Windows\System\jbypNnz.exe
  C:\Windows\System\jbypNnz.exe
  2⤵
  PID:8756
- C:\Windows\System\yezpOLP.exe
  C:\Windows\System\yezpOLP.exe
  2⤵
  PID:8612
- C:\Windows\System\RrUBAhd.exe
  C:\Windows\System\RrUBAhd.exe
  2⤵
  PID:8664
- C:\Windows\System\PkCiqAd.exe
  C:\Windows\System\PkCiqAd.exe
  2⤵
  PID:8900
- C:\Windows\System\DdxMMKg.exe
  C:\Windows\System\DdxMMKg.exe
  2⤵
  PID:8940
- C:\Windows\System\piNVBVh.exe
  C:\Windows\System\piNVBVh.exe
  2⤵
  PID:9028
- C:\Windows\System\RPvkJLi.exe
  C:\Windows\System\RPvkJLi.exe
  2⤵
  PID:8580
- C:\Windows\System\YGjckRS.exe
  C:\Windows\System\YGjckRS.exe
  2⤵
  PID:8240
- C:\Windows\System\FMCxtFC.exe
  C:\Windows\System\FMCxtFC.exe
  2⤵
  PID:8228
- C:\Windows\System\sitPEtL.exe
  C:\Windows\System\sitPEtL.exe
  2⤵
  PID:8412
- C:\Windows\System\xGluNBS.exe
  C:\Windows\System\xGluNBS.exe
  2⤵
  PID:8688
- C:\Windows\System\JeknnGF.exe
  C:\Windows\System\JeknnGF.exe
  2⤵
  PID:8816
- C:\Windows\System\JdBqoxR.exe
  C:\Windows\System\JdBqoxR.exe
  2⤵
  PID:8892
- C:\Windows\System\DIdXNup.exe
  C:\Windows\System\DIdXNup.exe
  2⤵
  PID:8868
- C:\Windows\System\dPAjsPY.exe
  C:\Windows\System\dPAjsPY.exe
  2⤵
  PID:8288
- C:\Windows\System\binfIRi.exe
  C:\Windows\System\binfIRi.exe
  2⤵
  PID:8304
- C:\Windows\System\yXVJELo.exe
  C:\Windows\System\yXVJELo.exe
  2⤵
  PID:8424
- C:\Windows\System\BIWYAxK.exe
  C:\Windows\System\BIWYAxK.exe
  2⤵
  PID:8808
- C:\Windows\System\CpkxqGH.exe
  C:\Windows\System\CpkxqGH.exe
  2⤵
  PID:8960
- C:\Windows\System\SeiYzYp.exe
  C:\Windows\System\SeiYzYp.exe
  2⤵
  PID:8976
- C:\Windows\System\WdTPEhU.exe
  C:\Windows\System\WdTPEhU.exe
  2⤵
  PID:8148
- C:\Windows\System\qTtuNqh.exe
  C:\Windows\System\qTtuNqh.exe
  2⤵
  PID:8716
- C:\Windows\System\OzuOBlZ.exe
  C:\Windows\System\OzuOBlZ.exe
  2⤵
  PID:9224
- C:\Windows\System\HwjPhyD.exe
  C:\Windows\System\HwjPhyD.exe
  2⤵
  PID:9252
- C:\Windows\System\oSBmcLh.exe
  C:\Windows\System\oSBmcLh.exe
  2⤵
  PID:9272
- C:\Windows\System\aydoACn.exe
  C:\Windows\System\aydoACn.exe
  2⤵
  PID:9324
- C:\Windows\System\mlpeFDP.exe
  C:\Windows\System\mlpeFDP.exe
  2⤵
  PID:9344
- C:\Windows\System\nvafuQq.exe
  C:\Windows\System\nvafuQq.exe
  2⤵
  PID:9364
- C:\Windows\System\ukEMxHJ.exe
  C:\Windows\System\ukEMxHJ.exe
  2⤵
  PID:9380
- C:\Windows\System\UXtucXK.exe
  C:\Windows\System\UXtucXK.exe
  2⤵
  PID:9400
- C:\Windows\System\GbREzTO.exe
  C:\Windows\System\GbREzTO.exe
  2⤵
  PID:9420
- C:\Windows\System\ogcMHwx.exe
  C:\Windows\System\ogcMHwx.exe
  2⤵
  PID:9436
- C:\Windows\System\jFNEqUT.exe
  C:\Windows\System\jFNEqUT.exe
  2⤵
  PID:9460
- C:\Windows\System\cXygCQk.exe
  C:\Windows\System\cXygCQk.exe
  2⤵
  PID:9480
- C:\Windows\System\rLAhTRJ.exe
  C:\Windows\System\rLAhTRJ.exe
  2⤵
  PID:9500
- C:\Windows\System\SUogfEC.exe
  C:\Windows\System\SUogfEC.exe
  2⤵
  PID:9524
- C:\Windows\System\XvxUiLe.exe
  C:\Windows\System\XvxUiLe.exe
  2⤵
  PID:9540
- C:\Windows\System\sYFTkpo.exe
  C:\Windows\System\sYFTkpo.exe
  2⤵
  PID:9560
- C:\Windows\System\OeRTZnh.exe
  C:\Windows\System\OeRTZnh.exe
  2⤵
  PID:9580
- C:\Windows\System\YEmMIkO.exe
  C:\Windows\System\YEmMIkO.exe
  2⤵
  PID:9600
- C:\Windows\System\ZSKftkt.exe
  C:\Windows\System\ZSKftkt.exe
  2⤵
  PID:9620
- C:\Windows\System\Qhjrhum.exe
  C:\Windows\System\Qhjrhum.exe
  2⤵
  PID:9640
- C:\Windows\System\NkaSXMV.exe
  C:\Windows\System\NkaSXMV.exe
  2⤵
  PID:9660
- C:\Windows\System\KmDmxsU.exe
  C:\Windows\System\KmDmxsU.exe
  2⤵
  PID:9676
- C:\Windows\System\IxDfFNi.exe
  C:\Windows\System\IxDfFNi.exe
  2⤵
  PID:9696
- C:\Windows\System\RqtVfWP.exe
  C:\Windows\System\RqtVfWP.exe
  2⤵
  PID:9712
- C:\Windows\System\qfNfWbL.exe
  C:\Windows\System\qfNfWbL.exe
  2⤵
  PID:9728
- C:\Windows\System\qWJdXCA.exe
  C:\Windows\System\qWJdXCA.exe
  2⤵
  PID:9744
- C:\Windows\System\NqGtuRc.exe
  C:\Windows\System\NqGtuRc.exe
  2⤵
  PID:9760
- C:\Windows\System\rqoIecl.exe
  C:\Windows\System\rqoIecl.exe
  2⤵
  PID:9796
- C:\Windows\System\vOctnUb.exe
  C:\Windows\System\vOctnUb.exe
  2⤵
  PID:9812
- C:\Windows\System\NXrkHnK.exe
  C:\Windows\System\NXrkHnK.exe
  2⤵
  PID:9828
- C:\Windows\System\WOLMQaC.exe
  C:\Windows\System\WOLMQaC.exe
  2⤵
  PID:9844
- C:\Windows\System\jjUwsxc.exe
  C:\Windows\System\jjUwsxc.exe
  2⤵
  PID:9860
- C:\Windows\System\PjmWODG.exe
  C:\Windows\System\PjmWODG.exe
  2⤵
  PID:9876
- C:\Windows\System\kVnjsdY.exe
  C:\Windows\System\kVnjsdY.exe
  2⤵
  PID:9892
- C:\Windows\System\NVApXRs.exe
  C:\Windows\System\NVApXRs.exe
  2⤵
  PID:9908
- C:\Windows\System\cZzgRky.exe
  C:\Windows\System\cZzgRky.exe
  2⤵
  PID:9924
- C:\Windows\System\bYIlTEQ.exe
  C:\Windows\System\bYIlTEQ.exe
  2⤵
  PID:9940
- C:\Windows\System\aTNSMHR.exe
  C:\Windows\System\aTNSMHR.exe
  2⤵
  PID:9984
- C:\Windows\System\RZKgkJX.exe
  C:\Windows\System\RZKgkJX.exe
  2⤵
  PID:10004
- C:\Windows\System\MQXenEi.exe
  C:\Windows\System\MQXenEi.exe
  2⤵
  PID:10028
- C:\Windows\System\makqGCr.exe
  C:\Windows\System\makqGCr.exe
  2⤵
  PID:10048
- C:\Windows\System\peiCgmO.exe
  C:\Windows\System\peiCgmO.exe
  2⤵
  PID:10064
- C:\Windows\System\KCQPNaZ.exe
  C:\Windows\System\KCQPNaZ.exe
  2⤵
  PID:10080
- C:\Windows\System\RYyrRXt.exe
  C:\Windows\System\RYyrRXt.exe
  2⤵
  PID:10104
- C:\Windows\System\fMTzJNt.exe
  C:\Windows\System\fMTzJNt.exe
  2⤵
  PID:10140
- C:\Windows\System\uEaSbbg.exe
  C:\Windows\System\uEaSbbg.exe
  2⤵
  PID:10160
- C:\Windows\System\zbaPkxg.exe
  C:\Windows\System\zbaPkxg.exe
  2⤵
  PID:10184
- C:\Windows\System\OJRcGil.exe
  C:\Windows\System\OJRcGil.exe
  2⤵
  PID:10212
- C:\Windows\System\WtuPbdV.exe
  C:\Windows\System\WtuPbdV.exe
  2⤵
  PID:10228
- C:\Windows\System\eswVmjy.exe
  C:\Windows\System\eswVmjy.exe
  2⤵
  PID:9172
- C:\Windows\System\xveytlm.exe
  C:\Windows\System\xveytlm.exe
  2⤵
  PID:9240
- C:\Windows\System\mXYOIJZ.exe
  C:\Windows\System\mXYOIJZ.exe
  2⤵
  PID:9080
- C:\Windows\System\WHdMLZv.exe
  C:\Windows\System\WHdMLZv.exe
  2⤵
  PID:9260
- C:\Windows\System\muHGwmc.exe
  C:\Windows\System\muHGwmc.exe
  2⤵
  PID:9280
- C:\Windows\System\PoevvrN.exe
  C:\Windows\System\PoevvrN.exe
  2⤵
  PID:9332
- C:\Windows\System\Vigxozl.exe
  C:\Windows\System\Vigxozl.exe
  2⤵
  PID:9372
- C:\Windows\System\YqNGuUC.exe
  C:\Windows\System\YqNGuUC.exe
  2⤵
  PID:9392
- C:\Windows\System\nwDBWVC.exe
  C:\Windows\System\nwDBWVC.exe
  2⤵
  PID:9432
- C:\Windows\System\sKrToIe.exe
  C:\Windows\System\sKrToIe.exe
  2⤵
  PID:9468
- C:\Windows\System\mOwuZPX.exe
  C:\Windows\System\mOwuZPX.exe
  2⤵
  PID:9492
- C:\Windows\System\hGdNZgF.exe
  C:\Windows\System\hGdNZgF.exe
  2⤵
  PID:9532
- C:\Windows\System\xTnyQWu.exe
  C:\Windows\System\xTnyQWu.exe
  2⤵
  PID:9568
- C:\Windows\System\LGmuFOf.exe
  C:\Windows\System\LGmuFOf.exe
  2⤵
  PID:9592
- C:\Windows\System\uQZXpXd.exe
  C:\Windows\System\uQZXpXd.exe
  2⤵
  PID:9636
- C:\Windows\System\YBsEpdq.exe
  C:\Windows\System\YBsEpdq.exe
  2⤵
  PID:9704
- C:\Windows\System\IJwbvpn.exe
  C:\Windows\System\IJwbvpn.exe
  2⤵
  PID:9720
- C:\Windows\System\MuVoTPy.exe
  C:\Windows\System\MuVoTPy.exe
  2⤵
  PID:9772
- C:\Windows\System\lximpOD.exe
  C:\Windows\System\lximpOD.exe
  2⤵
  PID:9792
- C:\Windows\System\ntXcQFO.exe
  C:\Windows\System\ntXcQFO.exe
  2⤵
  PID:9752
- C:\Windows\System\elrIsIj.exe
  C:\Windows\System\elrIsIj.exe
  2⤵
  PID:9824
- C:\Windows\System\JjPtGQU.exe
  C:\Windows\System\JjPtGQU.exe
  2⤵
  PID:9836
- C:\Windows\System\PqfRaPw.exe
  C:\Windows\System\PqfRaPw.exe
  2⤵
  PID:9932
- C:\Windows\System\llNJCFR.exe
  C:\Windows\System\llNJCFR.exe
  2⤵
  PID:9964
- C:\Windows\System\whWJxmb.exe
  C:\Windows\System\whWJxmb.exe
  2⤵
  PID:9992
- C:\Windows\System\axRlTBH.exe
  C:\Windows\System\axRlTBH.exe
  2⤵
  PID:10020
- C:\Windows\System\ZZCDHdP.exe
  C:\Windows\System\ZZCDHdP.exe
  2⤵
  PID:10092
- C:\Windows\System\xXSjuMk.exe
  C:\Windows\System\xXSjuMk.exe
  2⤵
  PID:10116
- C:\Windows\System\KwMpugK.exe
  C:\Windows\System\KwMpugK.exe
  2⤵
  PID:10124
- C:\Windows\System\mtPNasE.exe
  C:\Windows\System\mtPNasE.exe
  2⤵
  PID:10136
- C:\Windows\System\UgyQQfX.exe
  C:\Windows\System\UgyQQfX.exe
  2⤵
  PID:10192
- C:\Windows\System\EwwmluV.exe
  C:\Windows\System\EwwmluV.exe
  2⤵
  PID:10204
- C:\Windows\System\TtppXKB.exe
  C:\Windows\System\TtppXKB.exe
  2⤵
  PID:9268
- C:\Windows\System\DdyFzNy.exe
  C:\Windows\System\DdyFzNy.exe
  2⤵
  PID:10220
- C:\Windows\System\qdchBiz.exe
  C:\Windows\System\qdchBiz.exe
  2⤵
  PID:10176
- C:\Windows\System\IuXmVGI.exe
  C:\Windows\System\IuXmVGI.exe
  2⤵
  PID:10224
- C:\Windows\System\iMQIjnK.exe
  C:\Windows\System\iMQIjnK.exe
  2⤵
  PID:9304
- C:\Windows\System\OTfXObi.exe
  C:\Windows\System\OTfXObi.exe
  2⤵
  PID:9388
- C:\Windows\System\gLDjIDu.exe
  C:\Windows\System\gLDjIDu.exe
  2⤵
  PID:10024
- C:\Windows\System\clwEUvv.exe
  C:\Windows\System\clwEUvv.exe
  2⤵
  PID:9548
- C:\Windows\System\khbcUct.exe
  C:\Windows\System\khbcUct.exe
  2⤵
  PID:9616
- C:\Windows\System\KDZeGpR.exe
  C:\Windows\System\KDZeGpR.exe
  2⤵
  PID:9656
- C:\Windows\System\mQWjBjf.exe
  C:\Windows\System\mQWjBjf.exe
  2⤵
  PID:9668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AQixaUB.exe

Filesize
6.0MB

MD5
52e1cd006a506d06394da140df0c9d57

SHA1
4e3cbd122064e329c650dc0521c20079be919338

SHA256
47c954b84c90f3eb640978a0079e78078b8317fac7053777aa06bb2d006079c7

SHA512
16624ac74d763c4906e5838b164e7cbe9f05dedaa92eac1ad08eceebd70f60189d1af288a224c3b6f7ee61d4caebff16224e24eeedc34eea1629238a2cacc41c

Download Submit
C:\Windows\system\BXjgVDs.exe

Filesize
6.0MB

MD5
12a58c7c5cbfeec8697e4fe74b92e5c8

SHA1
55d76bf980d7898f82354416f8f48942e09f10db

SHA256
288e06df40910df268e0e0bd75408e60c6aa64d9480f01c65cf69f970b6989ee

SHA512
213ed76d762a722a75ade0f8c1f5c0d7fcf93b1b61052c01e8fb987dac9d4c8dfd5d9f27dd71e00caf7c8bcb53e832d13eb16160c7d6883cd0dd435f88c41f0a

Download Submit
C:\Windows\system\KhZvKhI.exe

Filesize
6.0MB

MD5
22c11be5310382994135d7294c6dce21

SHA1
c5cb0b6f03e12e5b529512eb4b61013ba5efc87e

SHA256
222a08838ac5e9037049bd9bde14b79666bbbb87c0968b8b71d1c49811b0ec82

SHA512
1db82f82988a74e8a8d2afbec16bc0e8ad1ea78d63d391c0a59ca74066ab4eb83f494a1337861c9d06fb3820792d517fda5ceaeb2752206eb5804722123c081d

Download Submit
C:\Windows\system\LuOKnxr.exe

Filesize
6.0MB

MD5
b82006b7c14985d477968475ecbcccf4

SHA1
7eacb6cb0e13a5b477796a32c2f558248bda1fb2

SHA256
8a8cfb57f94acdda3e00c69ee4ed18c07791a5e33b25e110cdeb65672ba0dce8

SHA512
c5ad61ffbf1717e14e48e74ddaae224b2aab37cb28fa5b1893c245dff339bcd522b5308fe0e9b62011dc20292b76b61170aed621c073c7ea11a5057ea4801014

Download Submit
C:\Windows\system\MFwxLtR.exe

Filesize
6.0MB

MD5
1a3bc5130b0ac805dab18649a8d1dbdd

SHA1
57163e933120ed3b7a3af5a653702c0018490262

SHA256
9e020095eff1219d1b1c6225ed35e12b27d2b0584f201492fec754bd8a630e22

SHA512
258ae7c7dd412eb77519e4c60762c2ae183e21a0c341f5d0f3b3dfc77d2484041fe9f612fd442312383cd0bccb73e6df8568b7ec58714e9fe70f5b70c062c12c

Download Submit
C:\Windows\system\TzEToAK.exe

Filesize
6.0MB

MD5
926e9afd2260f4114350c482bf2ffd61

SHA1
de3723961e07e59c59c333bbc8b5dd018ea47c64

SHA256
44edc1db2a03b5eb2249751c939b6c922c028175cab28471ddc87b6054abe777

SHA512
97d307780ef6e4398773cd73f718033ed48f9ae79b11a6c67c5c3e16da3d03efcfa72cf146d60f8c5adf2d6c244adaf10dff91a879f7436c95b17e3bb361d662

Download Submit
C:\Windows\system\UWIkeFN.exe

Filesize
6.0MB

MD5
8daeade7d9e823ae53cc20e9db31aae5

SHA1
2ff736344fed9586504e91ca18c77cb6cf558a0e

SHA256
af197e580f25c4a3c1606d9480b28213ba2d1ab88db16bcc344ed7463a484316

SHA512
9e1f390482cb887065a8a4f2c6dc80c0cdb9966501c374d3b60a577582455066b929903fbc7d24f9a8b13b6497b68f7feeba7034a85d505b1cd15858e889fd31

Download Submit
C:\Windows\system\WMVrZnk.exe

Filesize
6.0MB

MD5
62bb0a413ab886f2a8473aadc8c1cea6

SHA1
7d4f07a6a15cfb9a09cbf5bfade56ac4c82d9b76

SHA256
a6ac023a798f874fe20e5740555336795b31d6d148b7830c43e85f7dd1becd50

SHA512
6a3010da253568da2e1f540099913c71ec6a96357ea95c34f90c35e7149e0da5123716e6fa82116f5ec578d7d75d9b6932f6e2f093b80591d869c09048978fe2

Download Submit
C:\Windows\system\YCWzQaA.exe

Filesize
6.0MB

MD5
19fee039c9299a06996e3b3c43984db9

SHA1
ae7cee814bbb969ab7bfa69d2e8f46b560c69861

SHA256
212b003da6da82fadf8c461e79ebb80816223623b5097cd7e23abc67f0327663

SHA512
c7ae971588ed5d37dbc4269a6207ad6fdbb5e9200c329bde1bf4c1fd01102b9abaa2f52672d4f0718b430c55200b5f6474c2505ced28646b88a45c1bfe7cd8ed

Download Submit
C:\Windows\system\YIHjduD.exe

Filesize
6.0MB

MD5
d024ff68a2cafb740801fa51c9ad7a9c

SHA1
da94a515978832aedec4dd6710724b52c9057925

SHA256
fc9102a9700c688d416dc0e950dd662476143780e4fa57576537f5dae89a27d6

SHA512
aa576bc84a2d203f88a30b911242de67d0b7ea9e02eb258dd298d47b9c3d247816cda1b3071729d3903652dcc6cd8b6a1feef5bcce8bdefb9d03bfebe8d27569

Download Submit
C:\Windows\system\apBImSE.exe

Filesize
6.0MB

MD5
57c2a88bfaa3a75dc3a8d8076f3cf146

SHA1
5145d6fdf016ac7907d8f085d8f36fa1b026c9c7

SHA256
785a4dad4327a2225d154f01a39f830cdc98f3fdbdac40c7d943344e5a803d5f

SHA512
435427ea4719e5e5326d34d945bbe70afa3282ac19af117791520cf8bc6f640999e35910f6ecb71f06df3bead206a47e273826b20bca490cde716b0a3ebde9fe

Download Submit
C:\Windows\system\arFqNws.exe

Filesize
6.0MB

MD5
4f99d67719e083c957429e251cfea62a

SHA1
c75816b0a7ecb763ff50759bf9ca93067b444c64

SHA256
4ec53c367167db2efa538f4648a05d3a59e9bbbcc4425cccf43cd817edce90a4

SHA512
f2746f7714c64cd01b5c67946c319361e321487b656b67dbf988bb477e14ceb4009f8f5a395f3e53157bfc53f6b9ebb8bf119a347f687da773956a09c79f2e75

Download Submit
C:\Windows\system\dbcMoym.exe

Filesize
6.0MB

MD5
862c6a70e9bb65c05ba9cc7785c917d3

SHA1
7820ceb3cdd1fd16e2285ca2e763847d6d3ba1d6

SHA256
2fac43397fce850e97cae991c1423de987c6401787b0a6b5e9345ceafddd713e

SHA512
a16a1cc54aa4cc6b185cc8d79926c3e1864e118ed542b38d2e8cc7a30d4f6a2d9003b562d19d9584128cb53461c01831b42baf9e28d02ff07451290f380647f7

Download Submit
C:\Windows\system\gJjbSDr.exe

Filesize
6.0MB

MD5
5ecd1d40a9c23c1e5531e2ec03f4c731

SHA1
a7d2a5b49413f82673545e26e5322fe84e270c24

SHA256
dda145baec8492f2fb247f0b208e9bfa36a23478a44467d7fb621cec98e92e92

SHA512
b3dfeb71b5443d32df804ecef05931bb4e08faaa10dc3e7a70e7f8bd46d33a7f00b5c3a6617ae8dbf3e06a253338d72a659623174bce3b06a9cf3261caf0f645

Download Submit
C:\Windows\system\hwbgOSV.exe

Filesize
6.0MB

MD5
628f1e2a5a0d0c99c4b5446c8fd512e0

SHA1
0658086dda779e13e8e519987f1d76817b234ef6

SHA256
2729325d4ac57d2e1d8df325f6fb01a7cc6a2b725cc632554a7183ae3ea53dc7

SHA512
b678105b510363798286d60669a1b6d32f5e348ba806852524d58644f840e23e00a6f4a432a8844e1ae7c8eeceef354a28ad342ff6b16f114b6cfc6fca023234

Download Submit
C:\Windows\system\mCROvsJ.exe

Filesize
6.0MB

MD5
6a4b928412e5a1dca2d0d90cc83b62f9

SHA1
f30b687c6401e21a52204e1fe2b81b690ca531b9

SHA256
f9ff12e166bc8a46b2fc60935ba0702b973e5df93f340fc5723d48a9f706f551

SHA512
268384ad826edb839a435cbf6b5abf51647af129f551c29eba578294c6e4dcf5db8c4fbecf5ddabdf85426d22a4de3e72b1b965f035f7b13a0a41b6914a4f666

Download Submit
C:\Windows\system\mWXlZWA.exe

Filesize
6.0MB

MD5
3a6a8548a79041f113d43143d00c9f51

SHA1
a6e5eff63d7fd48585177eb6567300f1313b38c4

SHA256
e34b71fb470a33208b9b8e09bc53e95c744cf0a20ba1468df5ded950c003348d

SHA512
424d0f604676bccdd64fa4a754a3a664109457dab7ea07f058f2a5ac2efa41cd7afd4121f9e691a53abba2e3174fe2f3f088c2d932064ef5b8ea916fdf2a4340

Download Submit
C:\Windows\system\ngQVUBc.exe

Filesize
6.0MB

MD5
dfbc82f331ade05a1ac230a2d34628eb

SHA1
46061dd567fa42fb8ac89f3b5cf0a26a28999248

SHA256
26279fad9d1b98894bd64e2a5d2dbbeade404fad33c1d02bc0cf6bbb7cec0e18

SHA512
3b81b6df910d4ee9098c53c9512c91a37e4fb184a5c25053b0f22623d434d08c7ae00bdce6b0bd6b841cce0de50b5875461aece4f7d36a46204f7511e5c28d57

Download Submit
C:\Windows\system\pIjrSXC.exe

Filesize
6.0MB

MD5
1e3bb8397e9589b8a57bc4603f319756

SHA1
cbc36fd3a6198f8c1ff1ea5a3f4159688d6a1624

SHA256
20c25882739959deec7f306bcee81b05f1df6ed7a3dcb6abdec47bee506c9ddd

SHA512
6728e297912e8ae451671bc3bc9e3a3c87f7b9e561a98f7be47bbb07190faff5bb8820a07ea721c2c6b1b32c7d1b4d77053e2597a1305581c2b2a6d2a144a8d0

Download Submit
C:\Windows\system\pNQRaPV.exe

Filesize
6.0MB

MD5
6c24e923f1b70ed341b9c7907c5ad70f

SHA1
45e5815a90108af9f8be2362baee373ff69eb438

SHA256
bc74256ea0f92b4e22657ec0d6deb37e8eb4708f8e7768adfae0ae3e5d99eaef

SHA512
decb2f0908c5a939cf398e48ade3e7fd85b0fb80da0f18c3946113fc8847896d48c489ca3e6bef9c1bc8a642fd6388c49816af4c61a17a7bedc24cd200dd9c32

Download Submit
C:\Windows\system\qMDLbGD.exe

Filesize
6.0MB

MD5
f992ba00ccb9e9f5d87deff72c37bcae

SHA1
3ac79a919adb87b4925186a3210a0df94e63279b

SHA256
8fa8f555c544c3573f4ef5afcb81047f187d01f5dbe7974fb3d9756c5cc43645

SHA512
835be109f76115f8f79e3cfc5f7c0291eb96048f91085f2c89520ca17814a7f7e4d4571426877bcba98d2ab99eeea08c3b2e05737606fe63b11c9241f7026d1e

Download Submit
C:\Windows\system\qrkQDjC.exe

Filesize
6.0MB

MD5
662899a6b9e64b35c764d8f41ace522e

SHA1
c5709b5a6edcaba6ff0640e3fde671c5ec46fb94

SHA256
ef444b7c7a188a05476cb140e9c2a9109d7596d6cc091430f49bebd16abfd58f

SHA512
1be7080b8019214db4b56a654a7fbafd3e7d46822b12ae015eeba6e0190cb16e8b659cab2fd20d8119d45666ef11161413ba0e32a26a01e96cb42e5b4a2c71eb

Download Submit
C:\Windows\system\rJkXhjl.exe

Filesize
6.0MB

MD5
1fd342e1ccbb07038f0ab1c31809b15b

SHA1
e95a28ed5c1d7127d866a935a7255408cdf58dbe

SHA256
87730d708cf0c33a65e22dd89b3a7532c5f0a8e3f8da3f383213982d8712677b

SHA512
a900d25bc5334375b4d5f2d3cc5d5c2b9fffe67b76f4688558d903cd2d161b81315834fe71ac88644f86fbc5d4eafe2b07107281c177b6ab3a70b1e7af63bb3c

Download Submit
C:\Windows\system\vBVnpod.exe

Filesize
6.0MB

MD5
71ab8c3d1b2a0e3c75fee83c5e9426ff

SHA1
c48a1a9e4dc09ac870ac001518610245ce806314

SHA256
feade3f2aebfbe2a5b0a9babc430dea0239982ca082fb537e26a4d8e6fe30ca9

SHA512
f0e312690203fb30e23e95d279fd2d4ba39ebc3e94b3e1a04f342fc9ae0f0b937087f4b91457e06360f41fddf9d68fb5483058eaa07e8e7e49e1006b50f59407

Download Submit
C:\Windows\system\xwLNhhZ.exe

Filesize
6.0MB

MD5
2f930575e86293e76d654041907f792c

SHA1
2594705f72f182b3891c2667725a7563a3d3bec8

SHA256
d06c931269f2a573b2229da1a99931f2ecc8cfea46d1365ec5e91822274bc54a

SHA512
3fb742d68cb9d8145d6cfe38f29cca6b8dad2fd83ffeb92aafce31b7ef364e1bf2be34a354d38d9750b99442fa6d9096c5bca5ac7a6675134d5a1659a33a8399

Download Submit
C:\Windows\system\yiQiItA.exe

Filesize
6.0MB

MD5
88ae12d3e35210d2d5dda97c81c7445d

SHA1
9e56a2674285e3981edf815587c8ba546d5b53f5

SHA256
607339c5828fefe8dcb9f728ccdc0eb998d5cf32e6c8714702422df09186b522

SHA512
b0c8b61ce1c7781e50bcafb4b93d2de4c5577af1fb8e4d9112a8f32e74e439fc779b63d921c6011faf13ce07b0d1340653f5779475d216a92bb3026ced0465f9

Download Submit
\Windows\system\DjIVkQm.exe

Filesize
6.0MB

MD5
275c8cee4e2b115e1af01b874ce71ef4

SHA1
0da3237fda84e50af1c899cf199c89d7967018aa

SHA256
63beafc963d26785af20d526e209a23ab900ad9348497bf1266c5ce98d89cd1b

SHA512
db11b07e415d3a09f30f2faf3d8db0934469d329681b0fd960ad0439a0b56d8a7652b665fd9b08ca0a50186226d2f11f2284d689e02b557686e68ad96c20e393

Download Submit
\Windows\system\PazNUtA.exe

Filesize
6.0MB

MD5
8089dd5f585fc28c847eee15f1782ed5

SHA1
fe58128b39d72061f2cd4fc8b1c807dc9a64c39c

SHA256
93b7d6b411a84f8ea6cac15ef58ce50ad6f75d02b43816aa57e8b4d3faf21b1a

SHA512
0dc3299b7b1604a2916b2dc82d8a6571fa5106647ebf6369199b09916943e8c99f819e36389b3694ab4e56cef1242eeab2515b0a737b47d49c4f4712cafb587d

Download Submit
\Windows\system\cJUDGmn.exe

Filesize
6.0MB

MD5
3342a11c897c51e5c7b9286d2a9ba71d

SHA1
924a5a6844067e8d337a6415d7ef8b9bfe0e1550

SHA256
f804f5f17e99238f0e9aebdfb846e17304ff534ba8cec55ef9ecf7e19828bc7c

SHA512
f53e0c1d4406eaa07db6c1f1ffb176dcf288415b015576fb9009435ede5bd5f88f46e99e3085297a00b561ca566cc6d80ae30b61ec17fe2725d35f332a16c6cd

Download Submit
\Windows\system\lmGsKDD.exe

Filesize
6.0MB

MD5
adc6fa7de9f70ed2783029e8aba63306

SHA1
88b46c1ebc139c2e3741502bb20854777b912f68

SHA256
f60e0b104a75a48158765ba70a00ff83172d78a1cca1f2762e088bd847da5b55

SHA512
fbae3e2d19152d394513e5f73a68be8a53ead4733a5309f308b8193a05c5145b84a145b7411f88753b3d7bec50f34bce594b114c0b0ce449228091d64c7825f2

Download Submit
\Windows\system\vxBDczB.exe

Filesize
6.0MB

MD5
a3e7b642af92af952d22324a6cc45e9f

SHA1
adcb5aaa6555fbeb46811237a4330acfc7d56276

SHA256
9abb267c6a121e43e6e826bc05c3d17bae0cee838e5117c1d50b074ab0e5d837

SHA512
b8f0a53cad9edcaf162023616d5c97c5282dff2888828b0d3eb2aa5687814b5bc53c995492ba4fa065c9500b38fbdcb649c90fcf5a8b791642a9a7e590a9d941

Download Submit
\Windows\system\xENTuKt.exe

Filesize
6.0MB

MD5
dfa160a76278b4256b4b5f9128d95220

SHA1
291ef2858455d696a12348ca522854738731a6cf

SHA256
e458d3fa1e5a38cb40992a1b1a6a14a37f785392d5c58f2e67163eaad6c9e12d

SHA512
bd4e1cb3ef5f6ccccd93c1d17ed1f83b73a1cf14211f56458f775938bfb1c839ed754a48c6333c4c5d82f3ae42f4c567e5f7ed4fd65ea98924af4db8b9076f74

Download Submit
memory/1152-21-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1152-3799-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-814-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-97-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-3879-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-88-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-611-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-3867-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-23-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2200-3805-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2232-3842-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2232-105-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2232-62-0x000000013FA00000-0x000000013FD54000-memory.dmp

Filesize
3.3MB

Download
memory/2444-987-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-107-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3869-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3873-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-81-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-462-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-255-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-73-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-3868-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3816-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2652-75-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2652-29-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2664-84-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3865-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2664-35-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2684-96-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3880-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2684-55-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2696-106-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2696-67-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3839-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2764-41-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2764-92-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3820-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2948-3794-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-20-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2948-50-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-112-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-93-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-15-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-113-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-22-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-46-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-71-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-25-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/3008-101-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-31-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-111-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-37-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/3008-58-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-9-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-70-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-49-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/3008-0-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/3008-85-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-104-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-1068-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-919-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-714-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-521-0x0000000002580000-0x00000000028D4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-356-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-76-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download